Received: by 2002:ab2:6d45:0:b0:1fb:d597:ff75 with SMTP id d5csp475247lqr; Wed, 5 Jun 2024 11:13:56 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCV47wiWRUFkX87Oz5vp0wEz4eWEyjnFiP1xB8iDNnafKAx9Gfbca/vGSvvDwhkp1HcvXbXooX1h5vRfFsM6hQwwfWkp86rJYkF0tvSGzw== X-Google-Smtp-Source: AGHT+IFOdPVA/GXsGHZGfmoXozvHT8Ux5NReECm9a6igXjzdEaULn3kZLW9xLmU6amlEDX8MN2Mo X-Received: by 2002:a05:620a:192a:b0:792:9232:c93f with SMTP id af79cd13be357-79523fd9b72mr444093285a.77.1717611236441; Wed, 05 Jun 2024 11:13:56 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717611236; cv=pass; d=google.com; s=arc-20160816; b=puiu1kbjDp+0N8qsHhbLsXt+9FnRoOC1cO5Psyu99+9KzdbwFBB+/XEH0e89EjPANv rG/3xyk1ofkLg1LK5alNpZGLcQFeZ44jB6fOn81iKV1+9RLY1qqx/efRjMerzTq5naF4 SbIIj4pqrj7OUWtoAHGsmxAO3WfUQUCivGtkFw7I0wJd5wgAMQeR8K1bhgzcjKAiPmrD ne6mUAsetYhfShzq3m0zOSqDh+BXhbZ9w4i7kRRtQGJnKEbKM43yuIS3kkaOOyK+HVM5 xxbjznZKGwNhHKeJEt/LmQbSleyaM25NdDO5BUGDZDjvT+SVt7PD+Gvd3qJxQ/rtPWkS dkHw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:message-id:content-transfer-encoding:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:subject:date :from:dkim-signature; bh=8/gDtTEaJubJRSRdFBuDQloKD6qEp2qnHJ9HQnLc0IE=; fh=8LH0LR5Bs9c80why4wrq0XbJyuQZcdURBeFx6lqGLOg=; b=YYLFEi/tdtMWm6SWCCBqTN2MyNPjEp22/W1c+IxEOi3drAroRUtvGhqCoA/jPLxVRq fX5g4sgiJ7GRjO+RCPDHJD/kCPLOeABcd1psvWD6kFHqW8kmAk4Fyrav1gwYFjjvKXpk rO2qqUYdBdFw/npdLpF+tAiT6oXn0k5ntJRIO0gh1wgc6ms5eJgD+vB82Deaj7o7Lf5K tO+B2qFXbnysKi9s0OkPjaLTULZzVNXve/FqTUFLpaLWUdXJQF9Dwy/JcODbyTyonxUf OiS7t+jE9EHk5fIb0XLJcxscvR/scmBtVuc8VSKELbhDj/FscrZ28e3TJJzdxWeUWldS iAww==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="EI/h+pc/"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-203044-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-203044-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id af79cd13be357-794f2f050aesi112015485a.130.2024.06.05.11.13.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Jun 2024 11:13:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-203044-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="EI/h+pc/"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-203044-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-203044-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 2AA9D1C24EEC for ; Wed, 5 Jun 2024 18:13:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 5C28C2E634; Wed, 5 Jun 2024 18:11:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="EI/h+pc/" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 80E49F9CD; Wed, 5 Jun 2024 18:11:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717611103; cv=none; b=Flw6KJlXCvfSnZdX/pPnhEP1Xq+trLfzB6d3OVpke+yfUoZK/Qu6Pg7s3lBWMFAcPSSWdTuL8gyy5CNs3/DXGgqq/r7G6u3221XAZv42VgI2plVZuvhm4visGIeGQij7cAmhS1PrC8EdCTqrhgEvkS225hWE8vG5N1PRaOyH4Aw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717611103; c=relaxed/simple; bh=f3jHF3DQLeniMwdJnPArbXhm6vAFBvlZF/ASACcvDG0=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:To:Cc; b=oQS9MXJUNgtHypJYPMWXwXLmOH9ckgKzGtuzn39JJHttsV+3Z8edchS6MhBaenu+uoWzi5HnEyKJ4A5SumYuYtsbJKoI2ESACf2FX5rSfm3Dk7IntMhA8Kvh1tjh273x7eddv/foyrNH6iZpTt3nwJa7gPYc/80mBWub9XfkUYo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=EI/h+pc/; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id E5909C2BD11; Wed, 5 Jun 2024 18:11:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1717611103; bh=f3jHF3DQLeniMwdJnPArbXhm6vAFBvlZF/ASACcvDG0=; h=From:Date:Subject:To:Cc:From; b=EI/h+pc/Rg+KltPi3ot0C9varPE+iPv6iQZ69G28l0NCIk0brWw1+DIaW/trDWkul 8/QL1nBwGhmKDoUz9d5kvlLmNO5/tkdUfrBgqrAux2x6nyam3RRzj+5L10VscqbHf9 YphVm66TICtmys6XX5hTet+trQOQmPiuHO5n+1xtJJxp0oI8Yckln0LZ6GDbl1lfa7 ScgoIEUtCM3cnsOzdY2+7oT2ORx/8C9o1AxayJZNEZlE3VtCwUePdWDyBA9FxZGfyU GLK07x7ujHGC7+ghIJYj07p9G/596GF5hxxEV4nJjVJPiX8Qdt04ippVtPUFMcWpFx I337GdXWH7bZg== From: Mark Brown Date: Wed, 05 Jun 2024 19:11:11 +0100 Subject: [PATCH v2] KVM: arm64: Fix confusion in documentation for pKVM SME assert Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20240605-kvm-arm64-sme-assert-v2-1-54391b0032f4@kernel.org> X-B4-Tracking: v=1; b=H4sIAD6qYGYC/4WNQQ7CIBBFr9LM2jEUAdGV9zBdEJm2pLaYoSGah ruLvYDL95P3/gaJOFCCa7MBUw4pxKWCPDTwGN0yEAZfGaSQShihcMozOp6NwjQTulT9FbXzZ62 9IusMVPXF1If3nr13lceQ1sif/SW3v/VPMLfYovYXe1LWC9Hb20S80PMYeYCulPIFvQoHiLkAA AA= To: Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Catalin Marinas , Will Deacon , Fuad Tabba Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=2300; i=broonie@kernel.org; h=from:subject:message-id; bh=f3jHF3DQLeniMwdJnPArbXhm6vAFBvlZF/ASACcvDG0=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmYKpb0eDhF689/ZULNIMjIg3Jlmh0IS4Dk4yvWVWF Sya7rKOJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZmCqWwAKCRAk1otyXVSH0FGTB/ 40EvVWN5zHhCC9uLx/WVX+6lq5NuBFkNPwNYx74uaUnVph5pxMAS3ZQ3/1iYTu8yQ6gAyKP1vasUUC uYDf9VvvrBBaNOUBxtwtpYPL+p2ug0E6Xgb5ihWPYL9rEHeICLDiyD1c9kuDBoLfV1opkJ37khTevq I5kszGj2C09Is8FqtEK4iHzwBXPM+5Fr8XCvH0N2nmBtFTZSSquHLFmJm7Z9jyvs5bMVaDMMyIaWZB KiGJGES70vn19yJl5NzEZ0RGg6U+srohuNBiI5qHtL2vdrPZYrkhT9jz4Z4w3lZ9Wr2FCzmcT5BXW0 PJW5lfa9yUWANqSI+m3skccILb5EaJ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB As raised in the review comments for the original patch the assert and comment added in afb91f5f8ad7 ("KVM: arm64: Ensure that SME controls are disabled in protected mode") are bogus. The comments says that we check that we do not have SME enabled for a pKVM guest but the assert actually checks to see if the host has anything set in SVCR which is unrelated to the guest features or state, regardless of if those guests are protected or not. This check is also made in the hypervisor, it will refuse to run a guest if the check fails, so it appears that the assert here is intended to improve diagnostics. Update the comment to reflect the check in the code, and to clarify that we do actually enforce this in the hypervisor. While we're here also update to use a WARN_ON_ONCE() to avoid log spam if this triggers. Fixes: afb91f5f8ad7 ("KVM: arm64: Ensure that SME controls are disabled in protected mode") Signed-off-by: Mark Brown --- Changes in v2: - Commit message tweaks. - Change the assert to WARN_ON_ONCE(). - Link to v1: https://lore.kernel.org/r/20240604-kvm-arm64-sme-assert-v1-1-5d98348d00f8@kernel.org --- arch/arm64/kvm/fpsimd.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/arch/arm64/kvm/fpsimd.c b/arch/arm64/kvm/fpsimd.c index 521b32868d0d..820769567080 100644 --- a/arch/arm64/kvm/fpsimd.c +++ b/arch/arm64/kvm/fpsimd.c @@ -92,11 +92,14 @@ void kvm_arch_vcpu_load_fp(struct kvm_vcpu *vcpu) } /* - * If normal guests gain SME support, maintain this behavior for pKVM - * guests, which don't support SME. + * The pKVM hypervisor does not yet understand how to save or + * restore SME state for the host so double check that if we + * are running with pKVM we have disabled SME. The hypervisor + * enforces this when the guest is run, this check is for + * clearer diagnostics. */ - WARN_ON(is_protected_kvm_enabled() && system_supports_sme() && - read_sysreg_s(SYS_SVCR)); + WARN_ON_ONCE(is_protected_kvm_enabled() && system_supports_sme() && + read_sysreg_s(SYS_SVCR)); } /* --- base-commit: afb91f5f8ad7af172d993a34fde1947892408f53 change-id: 20240604-kvm-arm64-sme-assert-5ad755d4e8a6 Best regards, -- Mark Brown