Received: by 2002:a05:6602:2086:0:0:0:0 with SMTP id a6csp3377929ioa; Tue, 26 Apr 2022 02:20:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy2q6K0+ICcvItAClAnJG7idyOHdxKKNvfnfNfyLYsumHIn42lh+LKuHGVl4A7KVL3fMXDT X-Received: by 2002:a17:906:fc03:b0:6e8:9192:f6ce with SMTP id ov3-20020a170906fc0300b006e89192f6cemr20650899ejb.36.1650964837890; Tue, 26 Apr 2022 02:20:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650964837; cv=none; d=google.com; s=arc-20160816; b=RJtjn518qpSq1Kur+2DPa/P7HhMjXJIxghi3K9te/qDRhi0DF5FI+rVcbObGugrXxN rdhI5suNRM9IoErWAOFhDnB4Cmj2TZHpEtQsjHiYG+VwR2eKnk+NA+m8O0+Tk5anNph5 DZp1EJABwI3NImm8p9ycmKCO1HfVVD2BTaXFO3xGQB93Jb9gEnSugPxex/RpQaIU/17m unrxNF5loWiUQUyvE8EfJ5APQ7g1T++DRTaWWsS3D5EY0oJxoCMG2cDmpuofA1Xq6umM YYS13dVOB2i9E2xDfvrhinLn8HjPfEGlFhnTE5v1uyQ+SNYfeTcDrvib8qAjuFfp49xr weMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:references:mime-version :message-id:in-reply-to:date:dkim-signature; bh=IxHNHx5wJBVm+rn+jgN7nIqGaCqRxbvwWyLEAglKnWI=; b=xCLCXUWf6isah7vOiJfFKTsQyzoA2tPVqurFeoYCvIAS8ucKnczxNXQWA/eTMfviM1 eW2KkSy0jEBTubAXJdDbB8wKd/SX9LD+R7qvcieRVAjB28lTt9fWakK756CnS7Bq663b AHl2XMvAnM1WsCxrFdhLrTmHs2INxka9Dl5uzwgHrkXKv6wJ2yDK9u+sx8PvuW5XbA1H B1epXEJZobKSlv8RbLEobcSIGoFDM3spsbAKHwYytlGp63Kdb784rQ0xI3EfQz3zbRQR F54QE7aZwzTzTO8gOKpEfLC6A6Z/W4KsupCl6tV0McqsRuND6e1y2bc5ey/C/kEkHdTI GPZw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=BO1aKVrS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id gz4-20020a170906f2c400b006efb71530d8si5479082ejb.859.2022.04.26.02.20.14; Tue, 26 Apr 2022 02:20:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=BO1aKVrS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238678AbiDYX5K (ORCPT + 99 others); Mon, 25 Apr 2022 19:57:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34492 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238633AbiDYX5G (ORCPT ); Mon, 25 Apr 2022 19:57:06 -0400 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D0C2F814A0 for ; Mon, 25 Apr 2022 16:53:53 -0700 (PDT) Received: by mail-pg1-x549.google.com with SMTP id h9-20020a631209000000b0039cc31b22aeso10000879pgl.9 for ; Mon, 25 Apr 2022 16:53:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=IxHNHx5wJBVm+rn+jgN7nIqGaCqRxbvwWyLEAglKnWI=; b=BO1aKVrSqDD9Ar0XuW9GCnstLd6dqzKgozWJIYb2AWXq+i9HInlKJW+JM8QQ7DwNfq BzCri9AGFee+/Cg03nTnxQknM85IOpD1VLlaks2DOYHxTnDc0GDUtxrn8jFmyoc7Iwya LrB+PzlU7uNFxxEbFBLUDx5GqzUBM7Du2WHaUmp1uEqjJpahl6fY2OEUueuS+fJmFePz a6GUInOaDxJD1otn6Q5byCPbTRs090t5DzYKPvMKlUexwbyBZUActCjMi/Rb70jJQGGo AnZYlz5v/iyJreScwHMG3OgX0zXV7QcvUfaDMbRUc+hIMqqSyjWDHX4b1AwE+Ci//r06 uqfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=IxHNHx5wJBVm+rn+jgN7nIqGaCqRxbvwWyLEAglKnWI=; b=GCp9Ptmy1193MfYusiScOI5ud+eFuJoZUe3EyhVwezk1VLoFhEyYEZnolX5FphWL15 sthghjo3FDxqogqbaE8eqMbingnhNamntFdXaq0WqiscbxxSvQxAFwncV7RgcVXZbfX4 wL202dZq8YXWlMpyDNTT+XnaYMpFMTjzo5FoxPPiPx6DL4fSQE4o+SNSE16TtgioR4fz RtcKnVoVEwUFqdlHBQcGUAYnaMkrZWb9xGqeu5Fu2bsQg9B/Xm3a/ypL8k6L8ee1Dzi6 iHfxtsxtlamnHUAFCSEzUF3NBn0WsKlpO+RJrk/dXLFJg/ZkUkVzcz+5mcF94uhneH+g 977g== X-Gm-Message-State: AOAM530GnXHeSukf75edqTwmvNeLFk6+7j0IFJZh9aDj/UTs9kwg0Mp5 0oOjNc3G47cBvAnOZI+/hfqf04QzFNs= X-Received: from oupton3.c.googlers.com ([fda3:e722:ac3:cc00:24:72f4:c0a8:21eb]) (user=oupton job=sendgmr) by 2002:a17:90a:9105:b0:1d2:9e98:7e1e with SMTP id k5-20020a17090a910500b001d29e987e1emr1694934pjo.0.1650930832927; Mon, 25 Apr 2022 16:53:52 -0700 (PDT) Date: Mon, 25 Apr 2022 23:53:42 +0000 In-Reply-To: <20220425235342.3210912-1-oupton@google.com> Message-Id: <20220425235342.3210912-6-oupton@google.com> Mime-Version: 1.0 References: <20220425235342.3210912-1-oupton@google.com> X-Mailer: git-send-email 2.36.0.rc2.479.g8af0fa9b8e-goog Subject: [PATCH v3 5/5] KVM: arm64: Start trapping ID registers for 32 bit guests From: Oliver Upton To: kvmarm@lists.cs.columbia.edu Cc: kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, maz@kernel.org, james.morse@arm.com, alexandru.elisei@arm.com, suzuki.poulose@arm.com, reijiw@google.com, ricarkol@google.com, Oliver Upton Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org To date KVM has not trapped ID register accesses from AArch32, meaning that guests get an unconstrained view of what hardware supports. This can be a serious problem because we try to base the guest's feature registers on values that are safe system-wide. Furthermore, KVM does not implement the latest ISA in the PMU and Debug architecture, so we constrain these fields to supported values. Since KVM now correctly handles CP15 and CP10 register traps, we no longer need to clear HCR_EL2.TID3 for 32 bit guests and will instead emulate reads with their safe values. Signed-off-by: Oliver Upton Reviewed-by: Reiji Watanabe --- arch/arm64/include/asm/kvm_arm.h | 3 ++- arch/arm64/include/asm/kvm_emulate.h | 7 ------- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h index 1767ded83888..b5de102928d8 100644 --- a/arch/arm64/include/asm/kvm_arm.h +++ b/arch/arm64/include/asm/kvm_arm.h @@ -80,11 +80,12 @@ * FMO: Override CPSR.F and enable signaling with VF * SWIO: Turn set/way invalidates into set/way clean+invalidate * PTW: Take a stage2 fault if a stage1 walk steps in device memory + * TID3: Trap EL1 reads of group 3 ID registers */ #define HCR_GUEST_FLAGS (HCR_TSC | HCR_TSW | HCR_TWE | HCR_TWI | HCR_VM | \ HCR_BSU_IS | HCR_FB | HCR_TACR | \ HCR_AMO | HCR_SWIO | HCR_TIDCP | HCR_RW | HCR_TLOR | \ - HCR_FMO | HCR_IMO | HCR_PTW ) + HCR_FMO | HCR_IMO | HCR_PTW | HCR_TID3 ) #define HCR_VIRT_EXCP_MASK (HCR_VSE | HCR_VI | HCR_VF) #define HCR_HOST_NVHE_FLAGS (HCR_RW | HCR_API | HCR_APK | HCR_ATA) #define HCR_HOST_NVHE_PROTECTED_FLAGS (HCR_HOST_NVHE_FLAGS | HCR_TSC) diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h index 7496deab025a..ab5c66b77bb0 100644 --- a/arch/arm64/include/asm/kvm_emulate.h +++ b/arch/arm64/include/asm/kvm_emulate.h @@ -86,13 +86,6 @@ static inline void vcpu_reset_hcr(struct kvm_vcpu *vcpu) if (vcpu_el1_is_32bit(vcpu)) vcpu->arch.hcr_el2 &= ~HCR_RW; - else - /* - * TID3: trap feature register accesses that we virtualise. - * For now this is conditional, since no AArch32 feature regs - * are currently virtualised. - */ - vcpu->arch.hcr_el2 |= HCR_TID3; if (cpus_have_const_cap(ARM64_MISMATCHED_CACHE_TYPE) || vcpu_el1_is_32bit(vcpu)) -- 2.36.0.rc2.479.g8af0fa9b8e-goog