From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 030ECD374B3 for ; Thu, 17 Oct 2024 16:09:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=ThcQZ+3MkB/qEGEryCJ5ch1E9+cfwJrVZEp4ttPHAbk=; b=lTdgF7g/lKhBDY8mTQP7RWOObv TzSb2cal7qvNG/WxcQHeDOf0UVbXVCga/lGrVV6L+5xaYZeZ4n7Ta6ZzNueZAZwlaaqAKbdMqczCO vJw3zriuT7p5MPxRyza9JBg/QfDaUGRJs0QFCjUBEgqFO9igIb6ZTvx6+jWHlY8b8XnFrTKmb67Xe R3kValcrlrqRbNeF1eBpFCbGlh1NZHRHf6tRToviF1PFihue20K5eZ0BxQ3yk8JXTVWGqcfiRw1Yh 0qMDua3Z5WdutBA3KOb82JF37RNDqGeNuuHTbBhHnZT23Q+RpetzZq3j1eTM7RmRweVtjpgAqc0vo 3kFCjRUA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1t1T3g-0000000FQ9G-3aYH; Thu, 17 Oct 2024 16:09:04 +0000 Received: from out-174.mta1.migadu.com ([95.215.58.174]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1t1T2A-0000000FPxa-3gCR for linux-arm-kernel@lists.infradead.org; Thu, 17 Oct 2024 16:07:35 +0000 Date: Thu, 17 Oct 2024 09:07:17 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1729181247; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ThcQZ+3MkB/qEGEryCJ5ch1E9+cfwJrVZEp4ttPHAbk=; b=OVbSznl9WOtfSERnBHqz3YTNw5ip6JQrrtPtfWPJom7vJEcbDnxdssKOFNBorWQev7dweX cwwXpyxNq9+rN/cZENy9KLxxOT7tVn38vOYYVTJlK/Dc5nG4/hXVMmohFCeh4UipvgiMg6 KDGf7Bb+5VE3+3GqiQlqtqo9Gu2cKGs= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Oliver Upton To: Joey Gouly Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, anshuman.khandual@arm.com, james.morse@arm.com, Marc Zyngier , Suzuki K Poulose , Zenghui Yu , Jing Zhang , Shameerali Kolothum Thodi , Catalin Marinas , Will Deacon Subject: Re: [PATCH v5 4/7] KVM: arm64: Fix missing traps of guest accesses to the MPAM registers Message-ID: References: <20241015133923.3910916-1-joey.gouly@arm.com> <20241015133923.3910916-5-joey.gouly@arm.com> <20241017105849.GA122054@e124191.cambridge.arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20241017105849.GA122054@e124191.cambridge.arm.com> X-Migadu-Flow: FLOW_OUT X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241017_090731_435764_1544B8F6 X-CRM114-Status: GOOD ( 22.03 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Thu, Oct 17, 2024 at 11:58:49AM +0100, Joey Gouly wrote: > On Wed, Oct 16, 2024 at 05:10:17PM -0700, Oliver Upton wrote: > > Hi Joey, > > > > On Tue, Oct 15, 2024 at 02:39:20PM +0100, Joey Gouly wrote: > > > +static inline void __activate_traps_mpam(struct kvm_vcpu *vcpu) > > > +{ > > > + u64 r = MPAM2_EL2_TRAPMPAM0EL1 | MPAM2_EL2_TRAPMPAM1EL1; > > > + > > > + if (!cpus_support_mpam()) > > > + return; > > > + > > > + /* trap guest access to MPAMIDR_EL1 */ > > > + if (mpam_cpus_have_mpam_hcr()) { > > > + write_sysreg_s(MPAMHCR_EL2_TRAP_MPAMIDR_EL1, SYS_MPAMHCR_EL2); > > > + } else { > > > + /* From v1.1 TIDR can trap MPAMIDR, set it unconditionally */ > > > + r |= MPAM2_EL2_TIDR; > > > + } > > > + > > > + write_sysreg_s(r, SYS_MPAM2_EL2); > > > +} > > > + > > > +static inline void __deactivate_traps_mpam(void) > > > +{ > > > + if (!cpus_support_mpam()) > > > + return; > > > + > > > + write_sysreg_s(0, SYS_MPAM2_EL2); > > > + > > > + if (mpam_cpus_have_mpam_hcr()) > > > + write_sysreg_s(MPAMHCR_HOST_FLAGS, SYS_MPAMHCR_EL2); > > > +} > > > > TBH, I think our trap configuration should *not* be conditioned on > > CONFIG_ARM64_MPAM. Otherwise we're silently allowing the guest to change > > things under the nose of KVM/host kernel, assuming an unkind firmware > > that left the EL2 trap configuration in a permissive state. > > > > WDYT about detecting the feature && enforcing traps regardless of the Kconfig? > > I had actually thought about the same thing. I spoke with James and he agrees, > so I will look into removing that. > > I will probably end up removing the Kconfig entirely, it can be added back in > later, when actual support for MPAM is added. Sounds good, thanks Joey! If we go down this route, I'm guessing we can also skip the boot time EL2 setup portion of it (for now). That'd constrain the fossilized EL3 issue to *just* failures to run KVM VMs as opposed to kernels not booting at all. -- Thanks, Oliver