From: Marc Zyngier <maz@kernel.org>
To: Oliver Upton <oliver.upton@linux.dev>
Cc: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org,
kvm@vger.kernel.org, Joey Gouly <joey.gouly@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Zenghui Yu <yuzenghui@huawei.com>
Subject: Re: [PATCH 01/13] KVM: arm64: Hide CNTHV_*_EL2 from userspace for nVHE guests
Date: Tue, 30 Sep 2025 08:44:24 +0100 [thread overview]
Message-ID: <86zfacz8o7.wl-maz@kernel.org> (raw)
In-Reply-To: <aNslu47Dl13iNcaL@linux.dev>
On Tue, 30 Sep 2025 01:35:07 +0100,
Oliver Upton <oliver.upton@linux.dev> wrote:
>
> Hey,
>
> On Mon, Sep 29, 2025 at 05:04:45PM +0100, Marc Zyngier wrote:
> > Although we correctly UNDEF any CNTHV_*_EL2 access from the guest
> > when E2H==0, we still expose these registers to userspace, which
> > is a bad idea.
> >
> > Drop the ad-hoc UNDEF injection and switch to a .visibility()
> > callback which will also hide the register from userspace.
> >
> > Fixes: 0e45981028550 ("KVM: arm64: timer: Don't adjust the EL2 virtual timer offset")
> > Signed-off-by: Marc Zyngier <maz@kernel.org>
> > ---
> > arch/arm64/kvm/sys_regs.c | 26 +++++++++++++-------------
> > 1 file changed, 13 insertions(+), 13 deletions(-)
> >
> > diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
> > index ee8a7033c85bf..9f2f4e0b042e8 100644
> > --- a/arch/arm64/kvm/sys_regs.c
> > +++ b/arch/arm64/kvm/sys_regs.c
> > @@ -1594,16 +1594,6 @@ static bool access_arch_timer(struct kvm_vcpu *vcpu,
> > return true;
> > }
> >
> > -static bool access_hv_timer(struct kvm_vcpu *vcpu,
> > - struct sys_reg_params *p,
> > - const struct sys_reg_desc *r)
> > -{
> > - if (!vcpu_el2_e2h_is_set(vcpu))
> > - return undef_access(vcpu, p, r);
> > -
> > - return access_arch_timer(vcpu, p, r);
> > -}
> > -
> > static s64 kvm_arm64_ftr_safe_value(u32 id, const struct arm64_ftr_bits *ftrp,
> > s64 new, s64 cur)
> > {
> > @@ -2831,6 +2821,16 @@ static unsigned int s1pie_el2_visibility(const struct kvm_vcpu *vcpu,
> > return __el2_visibility(vcpu, rd, s1pie_visibility);
> > }
> >
> > +static unsigned int cnthv_visibility(const struct kvm_vcpu *vcpu,
> > + const struct sys_reg_desc *rd)
> > +{
> > + if (vcpu_has_nv(vcpu) &&
> > + !vcpu_has_feature(vcpu, KVM_ARM_VCPU_HAS_EL2_E2H0))
> > + return 0;
> > +
> > + return REG_HIDDEN;
> > +}
>
> Hmm. We've already exposed these to userspace at this point, we just
> conveniently last the get-reg-list test to assert the accessibility of
> these (broken) exposures.
>
> Given the amount of UAPI mishaps we've had with registers in the past I
> don't have much appetite for taking away something we already
> advertised.
>
> What about making these RAZ/WI from userspace?
Honestly, I don't think we should bother.
The only VMM supporting NV is QEMU, and it explicitly isn't able to
select E2H0. I'm happy to Cc stable on this, but worrying about nVHE
save/restore at this stage seems like an overreaction -- I'm pretty
sure NV save/restore is generally broken in many more ways.
Thanks,
M.
--
Without deviation from the norm, progress is not possible.
next prev parent reply other threads:[~2025-09-30 7:44 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-29 16:04 [PATCH 00/13] KVM: arm64: De-specialise the timer UAPI Marc Zyngier
2025-09-29 16:04 ` [PATCH 01/13] KVM: arm64: Hide CNTHV_*_EL2 from userspace for nVHE guests Marc Zyngier
2025-09-30 0:35 ` Oliver Upton
2025-09-30 7:44 ` Marc Zyngier [this message]
2025-09-29 16:04 ` [PATCH 02/13] KVM: arm64: Introduce timer_context_to_vcpu() helper Marc Zyngier
2025-09-29 16:04 ` [PATCH 03/13] KVM: arm64: Replace timer context vcpu pointer with timer_id Marc Zyngier
2025-09-30 10:13 ` Joey Gouly
2025-09-29 16:04 ` [PATCH 04/13] KVM: arm64: Make timer_set_offset() generally accessible Marc Zyngier
2025-09-29 16:04 ` [PATCH 05/13] KVM: arm64: Add timer UAPI workaround to sysreg infrastructure Marc Zyngier
2025-09-30 0:41 ` Oliver Upton
2025-09-30 7:48 ` Marc Zyngier
2025-09-29 16:04 ` [PATCH 06/13] KVM: arm64: Move CNT*_CTL_EL0 userspace accessors to generic infrastructure Marc Zyngier
2025-09-29 16:04 ` [PATCH 07/13] KVM: arm64: Move CNT*_CVAL_EL0 " Marc Zyngier
2025-09-29 16:04 ` [PATCH 08/13] KVM: arm64: Move CNT*CT_EL0 " Marc Zyngier
2025-09-30 10:45 ` Joey Gouly
2025-09-30 12:05 ` Marc Zyngier
2025-09-30 12:41 ` Joey Gouly
2025-09-29 16:04 ` [PATCH 09/13] KVM: arm64: Fix WFxT handling of nested virt Marc Zyngier
2025-09-29 16:04 ` [PATCH 10/13] KVM: arm64: Kill leftovers of ad-hoc timer userspace access Marc Zyngier
2025-09-29 16:04 ` [PATCH 11/13] KVM: arm64: selftests: Make dependencies on VHE-specific registers explicit Marc Zyngier
2025-09-29 16:04 ` [PATCH 12/13] KVM: arm64: selftests: Add an E2H=0-specific configuration to get_reg_list Marc Zyngier
2025-09-29 16:04 ` [PATCH 13/13] KVM: arm64: selftest: Fix misleading comment about virtual timer encoding Marc Zyngier
2025-10-13 16:55 ` [PATCH 00/13] KVM: arm64: De-specialise the timer UAPI Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86zfacz8o7.wl-maz@kernel.org \
--to=maz@kernel.org \
--cc=joey.gouly@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=oliver.upton@linux.dev \
--cc=suzuki.poulose@arm.com \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).