[0/7] KVM: arm64: Don't clobber CLIDR and MPIDR across vCPU reset

Message ID	20240502233529.1958459-1-oliver.upton@linux.dev (mailing list archive)
Headers	show Received: from out-181.mta1.migadu.com (out-181.mta1.migadu.com [95.215.58.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 439A71CAA1 for <kvm@vger.kernel.org>; Thu, 2 May 2024 23:35:40 +0000 (UTC) From: Oliver Upton <oliver.upton@linux.dev> To: kvmarm@lists.linux.dev Cc: Marc Zyngier <maz@kernel.org>, James Morse <james.morse@arm.com>, Suzuki K Poulose <suzuki.poulose@arm.com>, Zenghui Yu <yuzenghui@huawei.com>, kvm@vger.kernel.org, Oliver Upton <oliver.upton@linux.dev> Subject: [PATCH 0/7] KVM: arm64: Don't clobber CLIDR and MPIDR across vCPU reset Date: Thu, 2 May 2024 23:35:22 +0000 Message-ID: <20240502233529.1958459-1-oliver.upton@linux.dev> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	KVM: arm64: Don't clobber CLIDR and MPIDR across vCPU reset \| expand [0/7] KVM: arm64: Don't clobber CLIDR and MPIDR across vCPU reset [1/7] KVM: arm64: Rename is_id_reg() to imply VM scope [2/7] KVM: arm64: Reset VM feature ID regs from kvm_reset_sys_regs() [3/7] KVM: arm64: Only reset vCPU-scoped feature ID regs once [4/7] KVM: selftests: Rename helper in set_id_regs to imply VM scope [5/7] KVM: selftests: Store expected register value in set_id_regs [6/7] KVM: arm64: Test that feature ID regs survive a reset [7/7] KVM: selftests: Test vCPU-scoped feature ID registers

Message ID

20240502233529.1958459-1-oliver.upton@linux.dev (mailing list archive)

Headers

From: Oliver Upton <oliver.upton@linux.dev>
To: kvmarm@lists.linux.dev
Cc: Marc Zyngier <maz@kernel.org>,
	James Morse <james.morse@arm.com>,
	Suzuki K Poulose <suzuki.poulose@arm.com>,
	Zenghui Yu <yuzenghui@huawei.com>,
	kvm@vger.kernel.org,
	Oliver Upton <oliver.upton@linux.dev>
Subject: [PATCH 0/7] KVM: arm64: Don't clobber CLIDR and MPIDR across vCPU
 reset
Date: Thu,  2 May 2024 23:35:22 +0000
Message-ID: <20240502233529.1958459-1-oliver.upton@linux.dev>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

KVM: arm64: Don't clobber CLIDR and MPIDR across vCPU reset | expand

Message

Oliver Upton May 2, 2024, 11:35 p.m. UTC

When I was reviewing Sebastian's CTR_EL0 series it occurred to me that
our handling of feature ID registers local to a vCPU is quite poor.

For VM-wide feature ID registers we ensure they get initialized once for
the lifetime of a VM. On the other hand, vCPU-local feature ID registers
get re-initialized on every vCPU reset, potentially clobbering the
values userspace set up.

MPIDR_EL1 and CLIDR_EL1 are the only registers in this space that we
allow userspace to modify for now. Clobbering the value of MPIDR_EL1 has
some disastrous side effects as the compressed index used by the
MPIDR-to-vCPU lookup table assumes MPIDR_EL1 is immutable after KVM_RUN.

Series + reproducer test case to address the problem of KVM wiping out
userspace changes to these registers. Note that there are still some
differences between VM and vCPU scoped feature ID registers from the
perspective of userspace. We do not allow the value of VM-scope
registers to change after KVM_RUN, but vCPU registers remain mutable.

Fixing this is no problem, but given the recent theme of UAPI breakage
in this area I focused only on the internal issue fo now.

Applies to 6.9-rc3

Oliver Upton (7):
  KVM: arm64: Rename is_id_reg() to imply VM scope
  KVM: arm64: Reset VM feature ID regs from kvm_reset_sys_regs()
  KVM: arm64: Only reset vCPU-scoped feature ID regs once
  KVM: selftests: Rename helper in set_id_regs to imply VM scope
  KVM: selftests: Store expected register value in set_id_regs
  KVM: arm64: Test that feature ID regs survive a reset
  KVM: selftests: Test vCPU-scoped feature ID registers

 arch/arm64/include/asm/kvm_host.h             |   2 +
 arch/arm64/kvm/arm.c                          |   5 -
 arch/arm64/kvm/sys_regs.c                     |  62 +++++----
 .../selftests/kvm/aarch64/set_id_regs.c       | 123 +++++++++++++++---
 4 files changed, 142 insertions(+), 50 deletions(-)


base-commit: fec50db7033ea478773b159e0e2efb135270e3b7

Comments

Marc Zyngier May 9, 2024, 5:45 p.m. UTC | #1

On Thu, 02 May 2024 23:35:22 +0000, Oliver Upton wrote:
> When I was reviewing Sebastian's CTR_EL0 series it occurred to me that
> our handling of feature ID registers local to a vCPU is quite poor.
> 
> For VM-wide feature ID registers we ensure they get initialized once for
> the lifetime of a VM. On the other hand, vCPU-local feature ID registers
> get re-initialized on every vCPU reset, potentially clobbering the
> values userspace set up.
> 
> [...]

Applied to next, thanks!

[1/7] KVM: arm64: Rename is_id_reg() to imply VM scope
      commit: 592efc606b549692c7ba6c8f232c4e6028d0382c
[2/7] KVM: arm64: Reset VM feature ID regs from kvm_reset_sys_regs()
      commit: 44cbe80b7616702b0a7443853feff2459a599b33
[3/7] KVM: arm64: Only reset vCPU-scoped feature ID regs once
      commit: e016333745c70c960e02b4a9b123c807669d2b22
[4/7] KVM: selftests: Rename helper in set_id_regs to imply VM scope
      commit: 41ee9b33e94a2457e936f0cc7423005902f36b67
[5/7] KVM: selftests: Store expected register value in set_id_regs
      commit: 46247a317f403e52d51928f0e1b675cffbd1046c
[6/7] KVM: arm64: Test that feature ID regs survive a reset
      commit: 07eabd8a528f511f6bbef3b5cbe5d9f90c5bb4ea
[7/7] KVM: selftests: Test vCPU-scoped feature ID registers
      commit: 606af8293cd8b962ad7cc51326bfd974c2fa1f91

Cheers,

	M.