From: Nicholas Piggin <npiggin@gmail.com>
To: kvm-ppc@vger.kernel.org
Cc: linuxppc-dev@lists.ozlabs.org,
Nicholas Piggin <npiggin@gmail.com>,
Fabiano Rosas <farosas@linux.ibm.com>
Subject: [PATCH v6 02/48] KVM: PPC: Book3S HV: Add a function to filter guest LPCR bits
Date: Mon, 5 Apr 2021 11:19:02 +1000 [thread overview]
Message-ID: <20210405011948.675354-3-npiggin@gmail.com> (raw)
In-Reply-To: <20210405011948.675354-1-npiggin@gmail.com>
Guest LPCR depends on hardware type, and future changes will add
restrictions based on errata and guest MMU mode. Move this logic
to a common function and use it for the cases where the guest
wants to update its LPCR (or the LPCR of a nested guest).
This also adds a warning in other places that set or update LPCR
if we try to set something that would have been disallowed by
the filter, as a sanity check.
Reviewed-by: Fabiano Rosas <farosas@linux.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
arch/powerpc/include/asm/kvm_book3s.h | 2 +
arch/powerpc/kvm/book3s_hv.c | 68 ++++++++++++++++++++-------
arch/powerpc/kvm/book3s_hv_nested.c | 8 +++-
3 files changed, 59 insertions(+), 19 deletions(-)
diff --git a/arch/powerpc/include/asm/kvm_book3s.h b/arch/powerpc/include/asm/kvm_book3s.h
index 2f5f919f6cd3..c58121508157 100644
--- a/arch/powerpc/include/asm/kvm_book3s.h
+++ b/arch/powerpc/include/asm/kvm_book3s.h
@@ -258,6 +258,8 @@ extern long kvmppc_hv_get_dirty_log_hpt(struct kvm *kvm,
extern void kvmppc_harvest_vpa_dirty(struct kvmppc_vpa *vpa,
struct kvm_memory_slot *memslot,
unsigned long *map);
+extern unsigned long kvmppc_filter_lpcr_hv(struct kvm *kvm,
+ unsigned long lpcr);
extern void kvmppc_update_lpcr(struct kvm *kvm, unsigned long lpcr,
unsigned long mask);
extern void kvmppc_set_fscr(struct kvm_vcpu *vcpu, u64 fscr);
diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
index 13bad6bf4c95..d2c7626cb960 100644
--- a/arch/powerpc/kvm/book3s_hv.c
+++ b/arch/powerpc/kvm/book3s_hv.c
@@ -1635,6 +1635,35 @@ static int kvm_arch_vcpu_ioctl_set_sregs_hv(struct kvm_vcpu *vcpu,
return 0;
}
+/*
+ * Enforce limits on guest LPCR values based on hardware availability,
+ * guest configuration, and possibly hypervisor support and security
+ * concerns.
+ */
+unsigned long kvmppc_filter_lpcr_hv(struct kvm *kvm, unsigned long lpcr)
+{
+ /* On POWER8 and above, userspace can modify AIL */
+ if (!cpu_has_feature(CPU_FTR_ARCH_207S))
+ lpcr &= ~LPCR_AIL;
+
+ /*
+ * On POWER9, allow userspace to enable large decrementer for the
+ * guest, whether or not the host has it enabled.
+ */
+ if (!cpu_has_feature(CPU_FTR_ARCH_300))
+ lpcr &= ~LPCR_LD;
+
+ return lpcr;
+}
+
+static void verify_lpcr(struct kvm *kvm, unsigned long lpcr)
+{
+ if (lpcr != kvmppc_filter_lpcr_hv(kvm, lpcr)) {
+ WARN_ONCE(1, "lpcr 0x%lx differs from filtered 0x%lx\n",
+ lpcr, kvmppc_filter_lpcr_hv(kvm, lpcr));
+ }
+}
+
static void kvmppc_set_lpcr(struct kvm_vcpu *vcpu, u64 new_lpcr,
bool preserve_top32)
{
@@ -1643,6 +1672,23 @@ static void kvmppc_set_lpcr(struct kvm_vcpu *vcpu, u64 new_lpcr,
u64 mask;
spin_lock(&vc->lock);
+
+ /*
+ * Userspace can only modify
+ * DPFD (default prefetch depth), ILE (interrupt little-endian),
+ * TC (translation control), AIL (alternate interrupt location),
+ * LD (large decrementer).
+ * These are subject to restrictions from kvmppc_filter_lcpr_hv().
+ */
+ mask = LPCR_DPFD | LPCR_ILE | LPCR_TC | LPCR_AIL | LPCR_LD;
+
+ /* Broken 32-bit version of LPCR must not clear top bits */
+ if (preserve_top32)
+ mask &= 0xFFFFFFFF;
+
+ new_lpcr = kvmppc_filter_lpcr_hv(kvm,
+ (vc->lpcr & ~mask) | (new_lpcr & mask));
+
/*
* If ILE (interrupt little-endian) has changed, update the
* MSR_LE bit in the intr_msr for each vcpu in this vcore.
@@ -1661,25 +1707,8 @@ static void kvmppc_set_lpcr(struct kvm_vcpu *vcpu, u64 new_lpcr,
}
}
- /*
- * Userspace can only modify DPFD (default prefetch depth),
- * ILE (interrupt little-endian) and TC (translation control).
- * On POWER8 and POWER9 userspace can also modify AIL (alt. interrupt loc.).
- */
- mask = LPCR_DPFD | LPCR_ILE | LPCR_TC;
- if (cpu_has_feature(CPU_FTR_ARCH_207S))
- mask |= LPCR_AIL;
- /*
- * On POWER9, allow userspace to enable large decrementer for the
- * guest, whether or not the host has it enabled.
- */
- if (cpu_has_feature(CPU_FTR_ARCH_300))
- mask |= LPCR_LD;
+ vc->lpcr = new_lpcr;
- /* Broken 32-bit version of LPCR must not clear top bits */
- if (preserve_top32)
- mask &= 0xFFFFFFFF;
- vc->lpcr = (vc->lpcr & ~mask) | (new_lpcr & mask);
spin_unlock(&vc->lock);
}
@@ -4641,8 +4670,10 @@ void kvmppc_update_lpcr(struct kvm *kvm, unsigned long lpcr, unsigned long mask)
struct kvmppc_vcore *vc = kvm->arch.vcores[i];
if (!vc)
continue;
+
spin_lock(&vc->lock);
vc->lpcr = (vc->lpcr & ~mask) | lpcr;
+ verify_lpcr(kvm, vc->lpcr);
spin_unlock(&vc->lock);
if (++cores_done >= kvm->arch.online_vcores)
break;
@@ -4970,6 +5001,7 @@ static int kvmppc_core_init_vm_hv(struct kvm *kvm)
kvmppc_setup_partition_table(kvm);
}
+ verify_lpcr(kvm, lpcr);
kvm->arch.lpcr = lpcr;
/* Initialization for future HPT resizes */
diff --git a/arch/powerpc/kvm/book3s_hv_nested.c b/arch/powerpc/kvm/book3s_hv_nested.c
index 3060e5deffc8..d14fe32f167b 100644
--- a/arch/powerpc/kvm/book3s_hv_nested.c
+++ b/arch/powerpc/kvm/book3s_hv_nested.c
@@ -151,7 +151,13 @@ static void sanitise_hv_regs(struct kvm_vcpu *vcpu, struct hv_guest_state *hr)
*/
mask = LPCR_DPFD | LPCR_ILE | LPCR_TC | LPCR_AIL | LPCR_LD |
LPCR_LPES | LPCR_MER;
- hr->lpcr = (vc->lpcr & ~mask) | (hr->lpcr & mask);
+
+ /*
+ * Additional filtering is required depending on hardware
+ * and configuration.
+ */
+ hr->lpcr = kvmppc_filter_lpcr_hv(vcpu->kvm,
+ (vc->lpcr & ~mask) | (hr->lpcr & mask));
/*
* Don't let L1 enable features for L2 which we've disabled for L1,
--
2.23.0
next prev parent reply other threads:[~2021-04-05 1:20 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-05 1:19 [PATCH v6 00/48] KVM: PPC: Book3S: C-ify the P9 entry/exit code Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 01/48] KVM: PPC: Book3S HV: Nested move LPCR sanitising to sanitise_hv_regs Nicholas Piggin
2021-04-05 1:19 ` Nicholas Piggin [this message]
2021-04-05 1:19 ` [PATCH v6 03/48] KVM: PPC: Book3S HV: Disallow LPCR[AIL] to be set to 1 or 2 Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 04/48] KVM: PPC: Book3S HV: Prevent radix guests setting LPCR[TC] Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 05/48] KVM: PPC: Book3S HV: Remove redundant mtspr PSPB Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 06/48] KVM: PPC: Book3S HV: remove unused kvmppc_h_protect argument Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 07/48] KVM: PPC: Book3S HV: Fix CONFIG_SPAPR_TCE_IOMMU=n default hcalls Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 08/48] powerpc/64s: Remove KVM handler support from CBE_RAS interrupts Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 09/48] powerpc/64s: remove KVM SKIP test from instruction breakpoint handler Nicholas Piggin
2021-04-06 2:44 ` Nicholas Piggin
2021-04-06 4:17 ` Paul Mackerras
2021-04-05 1:19 ` [PATCH v6 10/48] KVM: PPC: Book3S HV: Ensure MSR[ME] is always set in guest MSR Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 11/48] KVM: PPC: Book3S HV: Ensure MSR[HV] is always clear " Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 12/48] KVM: PPC: Book3S 64: move KVM interrupt entry to a common entry point Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 13/48] KVM: PPC: Book3S 64: Move GUEST_MODE_SKIP test into KVM Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 14/48] KVM: PPC: Book3S 64: add hcall interrupt handler Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 15/48] KVM: PPC: Book3S 64: Move hcall early register setup to KVM Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 16/48] KVM: PPC: Book3S 64: Move interrupt " Nicholas Piggin
2021-04-06 4:37 ` Paul Mackerras
2021-04-06 7:04 ` Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 17/48] KVM: PPC: Book3S 64: move bad_host_intr check to HV handler Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 18/48] KVM: PPC: Book3S 64: Minimise hcall handler calling convention differences Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 19/48] KVM: PPC: Book3S HV P9: Move radix MMU switching instructions together Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 20/48] KVM: PPC: Book3S HV P9: implement kvmppc_xive_pull_vcpu in C Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 21/48] KVM: PPC: Book3S HV P9: Move xive vcpu context management into kvmhv_p9_guest_entry Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 22/48] KVM: PPC: Book3S HV P9: Stop handling hcalls in real-mode in the P9 path Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 23/48] KVM: PPC: Book3S HV P9: Move setting HDEC after switching to guest LPCR Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 24/48] KVM: PPC: Book3S HV P9: Use large decrementer for HDEC Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 25/48] KVM: PPC: Book3S HV P9: Use host timer accounting to avoid decrementer read Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 26/48] KVM: PPC: Book3S HV P9: Reduce mftb per guest entry/exit Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 27/48] KVM: PPC: Book3S HV P9: Reduce irq_work vs guest decrementer races Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 28/48] KMV: PPC: Book3S HV: Use set_dec to set decrementer to host Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 29/48] powerpc/time: add API for KVM to re-arm the host timer/decrementer Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 30/48] KVM: PPC: Book3S HV P9: Implement the rest of the P9 path in C Nicholas Piggin
2021-04-06 7:27 ` Paul Mackerras
2021-04-06 9:12 ` Nicholas Piggin
2021-04-06 13:02 ` Nicholas Piggin
2021-04-09 3:57 ` Alexey Kardashevskiy
2021-04-10 0:37 ` Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 31/48] KVM: PPC: Book3S HV P9: inline kvmhv_load_hv_regs_and_go into __kvmhv_vcpu_entry_p9 Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 32/48] KVM: PPC: Book3S HV P9: Read machine check registers while MSR[RI] is 0 Nicholas Piggin
2021-04-09 8:55 ` Alexey Kardashevskiy
2021-04-10 0:39 ` Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 33/48] KVM: PPC: Book3S HV P9: Improve exit timing accounting coverage Nicholas Piggin
2021-04-09 9:40 ` Alexey Kardashevskiy
2021-04-05 1:19 ` [PATCH v6 34/48] KVM: PPC: Book3S HV P9: Move SPR loading after expiry time check Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 35/48] KVM: PPC: Book3S HV P9: Add helpers for OS SPR handling Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 36/48] KVM: PPC: Book3S HV P9: Switch to guest MMU context as late as possible Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 37/48] KVM: PPC: Book3S HV: Implement radix prefetch workaround by disabling MMU Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 38/48] KVM: PPC: Book3S HV: Remove support for dependent threads mode on P9 Nicholas Piggin
2021-04-07 6:51 ` Paul Mackerras
2021-04-07 7:44 ` Nicholas Piggin
2021-04-07 9:35 ` Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 39/48] KVM: PPC: Book3S HV: Remove radix guest support from P7/8 path Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 40/48] KVM: PPC: Book3S HV: Remove virt mode checks from real mode handlers Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 41/48] KVM: PPC: Book3S HV: Remove unused nested HV tests in XICS emulation Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 42/48] KVM: PPC: Book3S HV P9: Allow all P9 processors to enable nested HV Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 43/48] KVM: PPC: Book3S HV: small pseries_do_hcall cleanup Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 44/48] KVM: PPC: Book3S HV: add virtual mode handlers for HPT hcalls and page faults Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 45/48] KVM: PPC: Book3S HV P9: Reflect userspace hcalls to hash guests to support PR KVM Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 46/48] KVM: PPC: Book3S HV P9: implement hash guest support Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 47/48] KVM: PPC: Book3S HV P9: implement hash host / " Nicholas Piggin
2021-04-05 1:19 ` [PATCH v6 48/48] KVM: PPC: Book3S HV: remove ISA v3.0 and v3.1 support from P7/8 path Nicholas Piggin
2021-04-08 7:33 ` [PATCH v6 00/48] KVM: PPC: Book3S: C-ify the P9 entry/exit code Nicholas Piggin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210405011948.675354-3-npiggin@gmail.com \
--to=npiggin@gmail.com \
--cc=farosas@linux.ibm.com \
--cc=kvm-ppc@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).