Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp1493589pxb; Thu, 7 Oct 2021 08:50:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyIwocgXI2twc6utFjpobjCEMEJkYe2O4LtigYyYLNOHhzyuwWAQGSJc1ciRUa6gV2qcdhy X-Received: by 2002:a17:906:942:: with SMTP id j2mr6694836ejd.303.1633621832224; Thu, 07 Oct 2021 08:50:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633621832; cv=none; d=google.com; s=arc-20160816; b=mREIX54Y4GR0f1ry0GWbYcwqT0YuLL4LVpsqYoCoGuANMTmM64mIpqxr64gS9F01EM JuUAVh95gcMlUyf7BpX6zDvzO3Y/WmP6wNirurkDlUoQwPRRUEIX66OmjRlacT+IePvL 6dE7Vj3iS7NuIJmYVYdgW/5E74BUGxclG5bY6PSTBa2cIHKoAD6JKmLfGk9Mwgy7qRn5 DFUapdmAtEh8s/3kmiTwotBCkpGjw3fnqG/4FWuCn1/7crjqom6awn+alzrtME4jS6JN hxpxAO8EfSLcaVwPTo0fdAJlM86g6/HlqFr5SP1dO95GO1u7i6ekGHCS+qCzky98zYeF wJew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=NwNhkSSQVfpndEjPuTcMmPnedcfNAU7hCSOfVfmZyQw=; b=oiNSifVgYD7z0uhhSsctOlL0i9r2hVm+K759pCNUtVkyuE3lhcbYo/9NpRQ44m3kWU 4Sk9ZAEZXj+wKfnY7NYfmhrIPjAeImyydb8TDVPrlPsAxq9oMltAAGYYENrhA5YzopAF LBwNagakCGTUB8p9ATCShfF/q6mOsJ4g5+L7lHu3lKvlHLcb44AJYuoUjgCOwcYmWc3+ V57YQNjB1U07tiZPnKPJE//SGLaHTYwmT1uVgRiRJPSJL4Qtd6Hl0tD40Z+kcm7b5a0l ETabudJ6YcgBBj/YUlEmuGxmAtCdaUkGOkhyuUdB7o127Hj0nQkbTF6MPYoxuGsJR7FT g0GQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=esYsEikk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k27si15753055ejk.737.2021.10.07.08.50.02; Thu, 07 Oct 2021 08:50:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=esYsEikk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242058AbhJGOYl (ORCPT + 99 others); Thu, 7 Oct 2021 10:24:41 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:39899 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241688AbhJGOYj (ORCPT ); Thu, 7 Oct 2021 10:24:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1633616565; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=NwNhkSSQVfpndEjPuTcMmPnedcfNAU7hCSOfVfmZyQw=; b=esYsEikkXKzqjy0BB8SxKHpLnOSFF7AIF8iGUXolNeGCfpg7lVD/mNnpv5ZczsphVaEcAI prlHTFqSIam5cHbX0JC7sY9LUFqmWuxANx/h5DpIzhdZhDW8FFB0/ZY/imK4fIs3GTq4l1 2NRIBqju94rh33upEmDCcVFJgHlsVTY= Received: from mail-qv1-f71.google.com (mail-qv1-f71.google.com [209.85.219.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-549-PGh8JcakPKWRvPf7OWsTgA-1; Thu, 07 Oct 2021 10:22:44 -0400 X-MC-Unique: PGh8JcakPKWRvPf7OWsTgA-1 Received: by mail-qv1-f71.google.com with SMTP id a16-20020a0ccdd0000000b003830ff134ccso5827442qvn.6 for ; Thu, 07 Oct 2021 07:22:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=NwNhkSSQVfpndEjPuTcMmPnedcfNAU7hCSOfVfmZyQw=; b=Vswr/LuRclUzQACaS98A0CrGY0ja3kTlgdI2flRahz1izIINl/Lg2Dpan2T53pURqP dK8evaMosgxdgC7+Ixn4CrOqrkS9T9MX73YpN374nnTJhOArqJ4IPlLscsylbBBUHX9I bGAXLhLoj3TQNj9UXtDtnBombpIdJJFvwQoXGHLs0xxFFD604R2IfOs4kAjtGX5Vv0Q7 epMMnXv2e7BL+zbx1r8QsPkBg5qfeJT6jd5lSRJr9fXr5ZXv8JAcRxJDQl3bm2fhQppX Dah/N9mWzQRAVMsIBMLarUjjXbUyyVTOKNuqggXjxVRBW9FNJwJj4+9cSOTT7ndsjIRO Igeg== X-Gm-Message-State: AOAM532GZTqFntmRMOSKlfz9QlAjeXbDXNlZfuTqy8KpM+uRqpmTrbWG 6+hmZ6S1rgfAUGux/b807dMqdPofsjNo1es+za8XhYYxcrQ10+f3eQxqi7iWgq4BOkVZl9bWGg/ 1XeyOdCU7z7tS/EQYj2DYoV4N X-Received: by 2002:ac8:42da:: with SMTP id g26mr5084724qtm.368.1633616564372; Thu, 07 Oct 2021 07:22:44 -0700 (PDT) X-Received: by 2002:ac8:42da:: with SMTP id g26mr5084691qtm.368.1633616564116; Thu, 07 Oct 2021 07:22:44 -0700 (PDT) Received: from gator (nat-pool-brq-u.redhat.com. [213.175.37.12]) by smtp.gmail.com with ESMTPSA id b20sm521782qtx.89.2021.10.07.07.22.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Oct 2021 07:22:43 -0700 (PDT) Date: Thu, 7 Oct 2021 16:22:39 +0200 From: Andrew Jones To: Marc Zyngier Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, will@kernel.org, qperret@google.com, dbrazdil@google.com, Steven Price , Fuad Tabba , Srivatsa Vaddagiri , Shanker R Donthineni , James Morse , Suzuki K Poulose , Alexandru Elisei , kernel-team@android.com Subject: Re: [PATCH v2 09/16] KVM: arm64: Advertise a capability for MMIO guard Message-ID: <20211007142239.4ryz4thzgpilphya@gator> References: <20211004174849.2831548-1-maz@kernel.org> <20211004174849.2831548-10-maz@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20211004174849.2831548-10-maz@kernel.org> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 04, 2021 at 06:48:42PM +0100, Marc Zyngier wrote: > In order for userspace to find out whether the MMIO guard is > exposed to a guest, expose a capability that says so. > > We take this opportunity to make it incompatible with the NISV > option, as that would be rather counter-productive! > > Signed-off-by: Marc Zyngier > --- > arch/arm64/kvm/arm.c | 29 ++++++++++++++++++----------- > arch/arm64/kvm/hypercalls.c | 14 ++++++++++++-- > include/uapi/linux/kvm.h | 1 + > 3 files changed, 31 insertions(+), 13 deletions(-) > > diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c > index ed9c89ec0b4f..1c9a7abe2728 100644 > --- a/arch/arm64/kvm/arm.c > +++ b/arch/arm64/kvm/arm.c > @@ -81,32 +81,33 @@ int kvm_arch_check_processor_compat(void *opaque) > int kvm_vm_ioctl_enable_cap(struct kvm *kvm, > struct kvm_enable_cap *cap) > { > - int r; > + int r = -EINVAL; > > if (cap->flags) > return -EINVAL; > > + mutex_lock(&kvm->lock); > + > switch (cap->cap) { > case KVM_CAP_ARM_NISV_TO_USER: > - r = 0; > - set_bit(KVM_ARCH_FLAG_RETURN_NISV_IO_ABORT_TO_USER, > - &kvm->arch.flags); > + /* This is incompatible with MMIO guard */ > + if (!test_bit(KVM_ARCH_FLAG_MMIO_GUARD, &kvm->arch.flags)) { But KVM_ARCH_FLAG_MMIO_GUARD will never be set at VM creation time, which is the traditional time to probe and enable capabilities, because the guest hasn't run yet, so it hasn't had a chance to issue the hypercall to enable the mmio guard yet. > + r = 0; > + set_bit(KVM_ARCH_FLAG_RETURN_NISV_IO_ABORT_TO_USER, > + &kvm->arch.flags); > + } > break; > case KVM_CAP_ARM_MTE: > - mutex_lock(&kvm->lock); > - if (!system_supports_mte() || kvm->created_vcpus) { > - r = -EINVAL; > - } else { > + if (system_supports_mte() && !kvm->created_vcpus) { > r = 0; > set_bit(KVM_ARCH_FLAG_MTE_ENABLED, &kvm->arch.flags); > } > - mutex_unlock(&kvm->lock); > break; > default: > - r = -EINVAL; > break; > } > > + mutex_unlock(&kvm->lock); > return r; > } > > @@ -211,13 +212,19 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) > case KVM_CAP_IMMEDIATE_EXIT: > case KVM_CAP_VCPU_EVENTS: > case KVM_CAP_ARM_IRQ_LINE_LAYOUT_2: > - case KVM_CAP_ARM_NISV_TO_USER: > case KVM_CAP_ARM_INJECT_EXT_DABT: > case KVM_CAP_SET_GUEST_DEBUG: > case KVM_CAP_VCPU_ATTRIBUTES: > case KVM_CAP_PTP_KVM: > r = 1; > break; > + case KVM_CAP_ARM_NISV_TO_USER: > + r = !test_bit(KVM_ARCH_FLAG_MMIO_GUARD, &kvm->arch.flags); > + break; > + case KVM_CAP_ARM_MMIO_GUARD: > + r = !test_bit(KVM_ARCH_FLAG_RETURN_NISV_IO_ABORT_TO_USER, > + &kvm->arch.flags); > + break; > case KVM_CAP_SET_GUEST_DEBUG2: > return KVM_GUESTDBG_VALID_MASK; > case KVM_CAP_ARM_SET_DEVICE_ADDR: > diff --git a/arch/arm64/kvm/hypercalls.c b/arch/arm64/kvm/hypercalls.c > index c39aab55ecae..e4fade6a96f6 100644 > --- a/arch/arm64/kvm/hypercalls.c > +++ b/arch/arm64/kvm/hypercalls.c > @@ -59,6 +59,14 @@ static void kvm_ptp_get_time(struct kvm_vcpu *vcpu, u64 *val) > val[3] = lower_32_bits(cycles); > } > > +static bool mmio_guard_allowed(struct kvm_vcpu *vcpu) > +{ > + return (!test_bit(KVM_ARCH_FLAG_RETURN_NISV_IO_ABORT_TO_USER, > + &vcpu->kvm->arch.flags) && > + !vcpu_mode_is_32bit(vcpu)); > + > +} > + > int kvm_hvc_call_handler(struct kvm_vcpu *vcpu) > { > u32 func_id = smccc_get_function(vcpu); > @@ -131,7 +139,7 @@ int kvm_hvc_call_handler(struct kvm_vcpu *vcpu) > val[0] = BIT(ARM_SMCCC_KVM_FUNC_FEATURES); > val[0] |= BIT(ARM_SMCCC_KVM_FUNC_PTP); > /* Only advertise MMIO guard to 64bit guests */ > - if (!vcpu_mode_is_32bit(vcpu)) { > + if (mmio_guard_allowed(vcpu)) { > val[0] |= BIT(ARM_SMCCC_KVM_FUNC_MMIO_GUARD_INFO); > val[0] |= BIT(ARM_SMCCC_KVM_FUNC_MMIO_GUARD_ENROLL); > val[0] |= BIT(ARM_SMCCC_KVM_FUNC_MMIO_GUARD_MAP); > @@ -146,10 +154,12 @@ int kvm_hvc_call_handler(struct kvm_vcpu *vcpu) > val[0] = PAGE_SIZE; > break; > case ARM_SMCCC_VENDOR_HYP_KVM_MMIO_GUARD_ENROLL_FUNC_ID: > - if (!vcpu_mode_is_32bit(vcpu)) { > + mutex_lock(&vcpu->kvm->lock); > + if (mmio_guard_allowed(vcpu)) { > set_bit(KVM_ARCH_FLAG_MMIO_GUARD, &vcpu->kvm->arch.flags); > val[0] = SMCCC_RET_SUCCESS; > } > + mutex_unlock(&vcpu->kvm->lock); > break; > case ARM_SMCCC_VENDOR_HYP_KVM_MMIO_GUARD_MAP_FUNC_ID: > if (!vcpu_mode_is_32bit(vcpu) && > diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h > index a067410ebea5..ef171186e7be 100644 > --- a/include/uapi/linux/kvm.h > +++ b/include/uapi/linux/kvm.h > @@ -1112,6 +1112,7 @@ struct kvm_ppc_resize_hpt { > #define KVM_CAP_BINARY_STATS_FD 203 > #define KVM_CAP_EXIT_ON_EMULATION_FAILURE 204 > #define KVM_CAP_ARM_MTE 205 > +#define KVM_CAP_ARM_MMIO_GUARD 206 > > #ifdef KVM_CAP_IRQ_ROUTING > > -- > 2.30.2 > Thanks, drew