From patchwork Sat Feb 15 17:38:03 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13976184 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D7FFA2B9B4; Sat, 15 Feb 2025 17:38:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641102; cv=none; b=hcV1cJF/Rxzx5Vpwqwj9H57yVfnbkRVYPSuEi+cLMmj/AlGfWzoJZgwMmiglKtyIQJ8j1PKdacIyLOY6etM/vhzBK2JlpeEapZReQsQB7llmXDQ0iFclg0cOqMiumzEEzKsOFehH1zji8xsKp+AMp9mX6+pko5oQHsu3PUjNtjo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641102; c=relaxed/simple; bh=XymYMKvSscNoNyr9c1xKeKhz7KoZPOt8xd5DrF64n9g=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=BGcjO4lyU2yJdgzoB4HFxUInd+jckhBaxwSuhC85gaV4MCZWWWoEmHakYJIugpcVdTsPTh3jSBjwPFHXwjpAXdBsd9TQqMUvzuly+IHGopr/xwFsagp0rXxqoYzUk+Rs9itVGeaCFlxEaicUpkLj9e7xRgIR4YMud/jwipgM4NI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=IlgoqgP8; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="IlgoqgP8" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 62494C4CEE2; Sat, 15 Feb 2025 17:38:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1739641102; bh=XymYMKvSscNoNyr9c1xKeKhz7KoZPOt8xd5DrF64n9g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=IlgoqgP8oGA2xyi/FZ9j07Armi+ZphS1EixA0//5+jEH1TlM8fNIXu5CfG4GzL7fm 3rkTxzRYzSfU06RYn6dGnVdjmdAU4LzlxSf8yJvKPEhLr6RUev/88VUsLN4Z5fHp0j S9iZmQO65I5fzjgi5VBWmCTcHWZKnPtGpKoZeL6sDt4qMv9gpgUesM9ajoThcuVOtZ pX5LpB5jK89OgSNfgAcRahlsjWSKMsSi1xvQZsjNA1nZNDPV+YN8NWBjg1nKgqKLLn czp7yLZD0jsB5VmYOwh7bg3huPyUjATAEVRodZ43/hgDx2XmbTyQOJhBC/JfGCwVEN gf6Dg+bC0qBmQ== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tjM7Q-004Pqp-GC; Sat, 15 Feb 2025 17:38:20 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger Subject: [PATCH 01/14] arm64: cpufeature: Handle NV_frac as a synonym of NV2 Date: Sat, 15 Feb 2025 17:38:03 +0000 Message-Id: <20250215173816.3767330-2-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250215173816.3767330-1-maz@kernel.org> References: <20250215173816.3767330-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false With ARMv9.5, an implementation supporting Nested Virtualization is allowed to only support NV2, and to avoid supporting the old (and useless) ARMv8.3 variant. This is indicated by ID_AA64MMFR2_EL1.NV being 0 (as if NV wasn't implemented) and ID_AA64MMDR4_EL1.NV_frac being 1 (indicating that NV2 is actually supported). Given that KVM only deals with NV2 and refuses to use the old NV, detecting NV2 or NV_frac is what we need to enable it. Signed-off-by: Marc Zyngier --- arch/arm64/kernel/cpufeature.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 4eb7c6698ae43..94605e91f0e5f 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -497,6 +497,7 @@ static const struct arm64_ftr_bits ftr_id_aa64mmfr3[] = { static const struct arm64_ftr_bits ftr_id_aa64mmfr4[] = { S_ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR4_EL1_E2H0_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR4_EL1_NV_frac_SHIFT, 4, 0), ARM64_FTR_END, }; @@ -2162,7 +2163,7 @@ static bool has_nested_virt_support(const struct arm64_cpu_capabilities *cap, if (kvm_get_mode() != KVM_MODE_NV) return false; - if (!has_cpuid_feature(cap, scope)) { + if (!cpucap_multi_entry_cap_matches(cap, scope)) { pr_warn("unavailable: %s\n", cap->desc); return false; } @@ -2519,7 +2520,17 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .capability = ARM64_HAS_NESTED_VIRT, .type = ARM64_CPUCAP_SYSTEM_FEATURE, .matches = has_nested_virt_support, - ARM64_CPUID_FIELDS(ID_AA64MMFR2_EL1, NV, NV2) + .match_list = (const struct arm64_cpu_capabilities []){ + { + .matches = has_cpuid_feature, + ARM64_CPUID_FIELDS(ID_AA64MMFR2_EL1, NV, NV2) + }, + { + .matches = has_cpuid_feature, + ARM64_CPUID_FIELDS(ID_AA64MMFR4_EL1, NV_frac, NV2_ONLY) + }, + { /* Sentinel */ } + }, }, { .capability = ARM64_HAS_32BIT_EL0_DO_NOT_USE, From patchwork Sat Feb 15 17:38:04 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13976183 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E089913959D; Sat, 15 Feb 2025 17:38:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641103; cv=none; b=X3WoZhlwppuMVqyYL1UvbCcErYDllH0HL5c2wDHEL7mYSWRtpNL5qW0x5kbO+dR/upSeGUG9wkDe+u2dQBYM8MUEw55EnvAL64SFBMqRnMQq9nBOAsMQCxrmCrEzrQoLjZhtMKz0zmS0FLcavBH2U8JQ5MigTHCUDiwEYVm+VB0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641103; c=relaxed/simple; bh=rjDmx4d677pB7gUG89fk/kXGjM99BsbpDijy6LWcIC0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=ove9l6FAPkfkH+We4f2/KjxOUKTBF7tFaGI0poa7OIOs1KONL2KB1qZEchifAWfSzGlAxq3iuxCkJmYZJLtlSScVqyiEWoKM/b4Ys/TNbiyl8oPY+eWzbcPy0JL7DjLbAEIG/cIOlCrf2rgTSP8FFXMACwILmuK7lcAACqrKmc0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=MB1ock6H; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="MB1ock6H" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 79089C4CEE4; Sat, 15 Feb 2025 17:38:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1739641102; bh=rjDmx4d677pB7gUG89fk/kXGjM99BsbpDijy6LWcIC0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MB1ock6H2jEKead6FUX2Mb1dzKdGqK7bAfbdZJ+WFrUGzY+8OoBzgJj3vA6g75CVS k6OizBAa2gioNtaV2qRR9flv665jd7w1VHU6nhRQZAz4DMcRajotydJK4ITlakyLzX 8ek4W+HtNTiJkYXju+Kmfc0vuAad/7pKxEgUe2TMFqsZLEDSzbLSiNAB4NG0Cc+ZD5 h0PV6SmVj8/ZZ/DGROqtRjhEf2tTEbv12uReVulQpKBbun0MyVDz50X0IOX+vejWqM cQi1cGsHGxlFlSUsxXUn23CZvHkMvLTGyvSFsYtYOmuF86Lso0Cu3Ez+XUh/IYdetK aBXez24A/HCQw== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tjM7Q-004Pqp-Md; Sat, 15 Feb 2025 17:38:20 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger Subject: [PATCH 02/14] KVM: arm64: Hide ID_AA64MMFR2_EL1.NV from guest and userspace Date: Sat, 15 Feb 2025 17:38:04 +0000 Message-Id: <20250215173816.3767330-3-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250215173816.3767330-1-maz@kernel.org> References: <20250215173816.3767330-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Since our take on FEAT_NV is to only support FEAT_NV2, we should never expose ID_AA64MMFR2_EL1.NV to a guest nor userspace. Make sure we mask this field for good. Signed-off-by: Marc Zyngier --- arch/arm64/kvm/sys_regs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index 82430c1e1dd02..9f10dbd26e348 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -1627,6 +1627,7 @@ static u64 __kvm_read_sanitised_id_reg(const struct kvm_vcpu *vcpu, break; case SYS_ID_AA64MMFR2_EL1: val &= ~ID_AA64MMFR2_EL1_CCIDX_MASK; + val &= ~ID_AA64MMFR2_EL1_NV; break; case SYS_ID_AA64MMFR3_EL1: val &= ID_AA64MMFR3_EL1_TCRX | ID_AA64MMFR3_EL1_S1POE | From patchwork Sat Feb 15 17:38:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13976186 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 343041E5B94; Sat, 15 Feb 2025 17:38:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641103; cv=none; b=Hdxje1lLw35TcTrHKBwAyO4UnwxJQ1FINHK2dj+jQ+LIV/XOOkkW0cEggGrzeO29ulRQL9ihGY5Y2dR4nS9cPusaz69HCdtbv3qFYAohHGXqR9hf3jGrc8uIVr3yj3CGRvdZdmoan3inOOS+Rgp8SRzIT9pgDnyPfD9dl28Y190= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641103; c=relaxed/simple; bh=RvUSEhI6cySQmIz8ZQ/36MwcnMPJHyHB8RpivDDZCT0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=TH8bn+wPY1cAciaj8bs05y+MsVg0lFZ7bJ0jqgzdR7SG52zehS1w9bxvlx7FwVBtUCkiDsOhjWfIM4FSqGzHPRxQhyPAaLiotNosO9ZqRKjry7tV78XjD08qn7MG1/gVIW+cw9hKYW7n6Wg583LjrulW4qcspb9X5rkR2/tWzBU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ZvE8lp76; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ZvE8lp76" Received: by smtp.kernel.org (Postfix) with ESMTPSA id A79FDC4CEE9; Sat, 15 Feb 2025 17:38:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1739641102; bh=RvUSEhI6cySQmIz8ZQ/36MwcnMPJHyHB8RpivDDZCT0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZvE8lp76JHWDIZ+YoLeqobRmcKQlBxX+5GAAEV0eA3N+VacgrFup8o4/C4a9Wq+dn T1VwXkeSPx2m3zIl/q+eoKCvCcFx8kPE7zWXnEzDp++uHS4oAgZiyin3glu7MFhyS5 76t2Yhzi2uYpfo8Th87d5PfVKv7rzGbQgHV7KUTtrUlBzYgwnrZ2o28i+DVoUx62+H I5JxNMWeiCF6bMKayAjVDiSRnNW4cybBYoMoKpvfsKz42LYlde189rsTK8ezCvk3R7 fY4vdq0X21OWE9Clx4zkY7LXosg6TziYJ+82CD3jnrj9JRo5AgGLyeUSZvzdPHJq/a jRpt5606qc6tA== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tjM7Q-004Pqp-Sc; Sat, 15 Feb 2025 17:38:20 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger Subject: [PATCH 03/14] KVM: arm64: Mark HCR.EL2.E2H RES0 when ID_AA64MMFR1_EL1.VH is zero Date: Sat, 15 Feb 2025 17:38:05 +0000 Message-Id: <20250215173816.3767330-4-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250215173816.3767330-1-maz@kernel.org> References: <20250215173816.3767330-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Enforce HCR_EL2.E2H being RES0 when VHE is disabled, so that we can actually rely on that bit never being flipped behind our back. Signed-off-by: Marc Zyngier --- arch/arm64/kvm/nested.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/kvm/nested.c b/arch/arm64/kvm/nested.c index 0c9387d2f5070..ed3add7d32f66 100644 --- a/arch/arm64/kvm/nested.c +++ b/arch/arm64/kvm/nested.c @@ -1034,6 +1034,8 @@ int kvm_init_nv_sysregs(struct kvm_vcpu *vcpu) res0 |= (HCR_TEA | HCR_TERR); if (!kvm_has_feat(kvm, ID_AA64MMFR1_EL1, LO, IMP)) res0 |= HCR_TLOR; + if (!kvm_has_feat(kvm, ID_AA64MMFR1_EL1, VH, IMP)) + res0 |= HCR_E2H; if (!kvm_has_feat(kvm, ID_AA64MMFR4_EL1, E2H0, IMP)) res1 |= HCR_E2H; set_sysreg_masks(kvm, HCR_EL2, res0, res1); From patchwork Sat Feb 15 17:38:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13976185 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2C56C1DF982; Sat, 15 Feb 2025 17:38:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641103; cv=none; b=fqCT1P1TBGbUewGDMNMcIh7RLWrWJa/zSg60vQA9pZbSO90T6Q5NB7Dnm73o9mUXXpOV0x9lDK+thwPRIP0p5XQAecESH8yRKvZxlvpL/daE8e3iV4QhbK6AMeHuCH2PACSoYdZyta6hKScS9whDu69iXxVudueCX0wKCyXclZw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641103; c=relaxed/simple; bh=3rQ7sS5vZjM6vbenQtanAQbuJs7l4zbUMP/xYyxer3w=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=asqo0T2GWd0Wj+FdaQLPSYImI9ZYqoBUyhuUeoPIRM1vzh+1zK3z+aCu/4chlp4ugkUCQMYtcc+Itw5L5qCAjkvCc0HU9NewGtqONXZnCuY+YBFiRvDIs0NmOae7g5akhu6hy0WMrqsLb2vF9UBBhPIEtH9LqLG1Q8ieXb9Ajjs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ZqNdv9ij; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ZqNdv9ij" Received: by smtp.kernel.org (Postfix) with ESMTPSA id F321CC4CEE6; Sat, 15 Feb 2025 17:38:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1739641103; bh=3rQ7sS5vZjM6vbenQtanAQbuJs7l4zbUMP/xYyxer3w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZqNdv9ijD2WnHJbw/M4ayw7EwnhIIy8oV6Fh84I+iq/RQLXdwMoc9i5FOXPcix+w0 h3KehIgFEtI/eeg1w/7yrPkqamDb4dBv7i+r7v++Qh8F/igG8+Q1/U5gsSp0g5ezdR kxCe2qmpj7WVxDGBBtXrBT85gJ/MdjlpxdhtLiW27F8JDmrYUGMO4b2v3J1/blzJXo FQWL+XUbtQfoKQHuxJ1CKhwk12Gty2DE2IY4X3q6Wdv5Zo7WLoiHpUQsIO9bJ1zrSQ FtQQEqMiDscJbt9t85ZdMXxiuTBQBdi7n173lS4rnBNHVakFG6ZK4Xs+w1CVjZQTHS kuPs1TMyRbkIw== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tjM7R-004Pqp-2F; Sat, 15 Feb 2025 17:38:21 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger Subject: [PATCH 04/14] KVM: arm64: Mark HCR.EL2.{NV*,AT} RES0 when ID_AA64MMFR4_EL1.NV_frac is 0 Date: Sat, 15 Feb 2025 17:38:06 +0000 Message-Id: <20250215173816.3767330-5-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250215173816.3767330-1-maz@kernel.org> References: <20250215173816.3767330-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Enforce HCR_EL2.{NV*,AT} being RES0 when NV2 is disabled, so that we can actually rely on these bits never being flipped behind our back. This of course relies on our earlier ID reg sanitising. Signed-off-by: Marc Zyngier --- arch/arm64/kvm/nested.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/arch/arm64/kvm/nested.c b/arch/arm64/kvm/nested.c index ed3add7d32f66..9f140560a6f5d 100644 --- a/arch/arm64/kvm/nested.c +++ b/arch/arm64/kvm/nested.c @@ -1021,10 +1021,11 @@ int kvm_init_nv_sysregs(struct kvm_vcpu *vcpu) res0 |= HCR_FIEN; if (!kvm_has_feat(kvm, ID_AA64MMFR2_EL1, FWB, IMP)) res0 |= HCR_FWB; - if (!kvm_has_feat(kvm, ID_AA64MMFR2_EL1, NV, NV2)) - res0 |= HCR_NV2; - if (!kvm_has_feat(kvm, ID_AA64MMFR2_EL1, NV, IMP)) - res0 |= (HCR_AT | HCR_NV1 | HCR_NV); + /* Implementation choice: NV2 is the only supported config */ + if (!kvm_has_feat(kvm, ID_AA64MMFR4_EL1, NV_frac, NV2_ONLY)) + res0 |= (HCR_NV2 | HCR_NV | HCR_AT); + if (!kvm_has_feat(kvm, ID_AA64MMFR4_EL1, E2H0, NI)) + res0 |= HCR_NV1; if (!(kvm_vcpu_has_feature(kvm, KVM_ARM_VCPU_PTRAUTH_ADDRESS) && kvm_vcpu_has_feature(kvm, KVM_ARM_VCPU_PTRAUTH_GENERIC))) res0 |= (HCR_API | HCR_APK); From patchwork Sat Feb 15 17:38:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13976187 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 723571EA7E6; Sat, 15 Feb 2025 17:38:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641103; cv=none; b=FI7Hz7tGOswS/lKJMuNyYdLM00OqJMw4qU+onAU0aaIlRbJCXKIcKQ55apwkcKoM9PKlXQVU02xQ8fa2L1sgEDIhfPyLDHliNNxxfLJyb10b9FB5WOHwEFxjK699YxG2qJKNA0tHz3W10QC6+p3JITw/2xroQHg+Z/98mENi6yQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641103; c=relaxed/simple; bh=mjigrhJTQih8m7VA5C/kcuPrCUbXNvrUzYxrPtFBC4A=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=ozGn5DnFRLAYzkt2XQcejf3NmsJ1cBWScld1ItlCroA6NbfRa7kU8SFE2Qz/nhOo+EH9nP/tTvmAorRBZtpaGLH0vROYXfXAW6/qLdHuPKverGt4kODHQHdwnn0sRgvNcFzipuWE7KQMzQnAOMP8CYu+T2yUkbN+9fiNJwOeC8E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=e/6E8OUN; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="e/6E8OUN" Received: by smtp.kernel.org (Postfix) with ESMTPSA id F3240C4CEEA; Sat, 15 Feb 2025 17:38:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1739641103; bh=mjigrhJTQih8m7VA5C/kcuPrCUbXNvrUzYxrPtFBC4A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=e/6E8OUNIPEtJkg80JA8nnXIIHGr6d6atrpEjjOTef4WaC+QHyx2aKjRojhapG74s ppfVO6J2t8H8QBRH+80lrLvZZn3+JGKpet6dEqlB7WO3fpezLhkrk+wwg5FiGoDf4x aXgLB0NnA7mmcFXg7fbCp8U5/W1Nt4gJJ/gk/M2su0qhDJtweErUIUdwLw15KEgAwP b8GA5Wh529IpK/1KDq1BiVq32PsTGgFJuljQlniF1c/w89SFt6lpbYciCsTzc4nk2R i6Pd8LVzCEC5UE4IqG2nrN17oS/YFBw6/mhCQT8Eb6hXRi64ADQkfJ6VN0ZYzV73Cl /JKvt3eChuaqA== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tjM7R-004Pqp-8D; Sat, 15 Feb 2025 17:38:21 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger Subject: [PATCH 05/14] KVM: arm64: Advertise NV2 in the boot messages Date: Sat, 15 Feb 2025 17:38:07 +0000 Message-Id: <20250215173816.3767330-6-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250215173816.3767330-1-maz@kernel.org> References: <20250215173816.3767330-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Make it a bit easier to understand what people are running by adding a +NV2 string to the successful KVM initialisation. Signed-off-by: Marc Zyngier --- arch/arm64/kvm/arm.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index 071a7d75be689..4746c6cace2a8 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -2814,11 +2814,12 @@ static __init int kvm_arm_init(void) if (err) goto out_hyp; - kvm_info("%s%sVHE mode initialized successfully\n", + kvm_info("%s%sVHE%s mode initialized successfully\n", in_hyp_mode ? "" : (is_protected_kvm_enabled() ? "Protected " : "Hyp "), in_hyp_mode ? "" : (cpus_have_final_cap(ARM64_KVM_HVHE) ? - "h" : "n")); + "h" : "n"), + cpus_have_final_cap(ARM64_HAS_NESTED_VIRT) ? "+NV2": ""); /* * FIXME: Do something reasonable if kvm_init() fails after pKVM From patchwork Sat Feb 15 17:38:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13976188 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6C65B1EA7E2; Sat, 15 Feb 2025 17:38:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641103; cv=none; b=clXWh8PJJ4pgw0AAFUbjdyKR7E8EKqXE0us9gG4SegBlhqQy48bAjkDd0i/AJje1dHK8tDxdlE3WZ1Qb0qcXfSWBaxy+blPt7V470O4qwuASeWfYmufSw9qPFxSqPf4quLxWsd0BFYkcS6ZuUDm1gWIo19D1r3TDZzzZNHUCrh8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641103; c=relaxed/simple; bh=QU3/C06IpfcUbhRM6dRoR9sRaAPsFdhqwZsnX766PyE=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=bEsmUrLtqXdV6qRM1mNE6pIXail7SAaOj+jTQXLHbk+XUsRYAEinMLA/0kEQYU7b451M7ZgdR4fX/bzWX5c4Xi3+lt4HlM5tv2USaV49pi1SMEzrlL0hqJYfRIjIsZSBO+44IFzJFgdeFBYdqEwy3OZ4GcwGOMYQwF7n+GXiqMc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=BNux1FGS; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="BNux1FGS" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4B011C4CEDF; Sat, 15 Feb 2025 17:38:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1739641103; bh=QU3/C06IpfcUbhRM6dRoR9sRaAPsFdhqwZsnX766PyE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=BNux1FGStfkiy1bGuwKYEIlDbu+fzRlDSlEUIX6EUwY8XpFxxwV9ftNFmJzEygCUN 2G+x17ykJ0Vd0215ZpYsrOos5UVKBpg/BUd7ayQJyWGvGdiWr8QrS99c1z6Ky92iWl kNDZK0DstoeS1DSO51dvhnRE1F983xiB+qtcnru+nde+2bUaSzqO14PL8myijGrCnv oJz4cXzcgTLVmP578gYJPcqhc/ZZquca26R0AyRIIMYXsuqQAJQ7nQp8sPPtY8Zc4x MWEKUycBndDWwZDCHKFP44oB84GvfqZaTtbt0OmZkgnw1GBdQjdcWNej/UGUEMiRHk FzszHTWI0WA7A== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tjM7R-004Pqp-EP; Sat, 15 Feb 2025 17:38:21 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger Subject: [PATCH 06/14] KVM: arm64: Consolidate idreg reset method Date: Sat, 15 Feb 2025 17:38:08 +0000 Message-Id: <20250215173816.3767330-7-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250215173816.3767330-1-maz@kernel.org> References: <20250215173816.3767330-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Since all the ID_DESC() users are using kvm_read_sanitised_id_reg() as the .reset method, consolidate all the uses into that particular macro. Signed-off-by: Marc Zyngier --- arch/arm64/kvm/sys_regs.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index 9f10dbd26e348..b1bd1a47e7caa 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -2270,14 +2270,14 @@ static bool bad_redir_trap(struct kvm_vcpu *vcpu, #define ID_DESC(name) \ SYS_DESC(SYS_##name), \ .access = access_id_reg, \ - .get_user = get_id_reg \ + .get_user = get_id_reg, \ + .reset = kvm_read_sanitised_id_reg /* sys_reg_desc initialiser for known cpufeature ID registers */ #define ID_SANITISED(name) { \ ID_DESC(name), \ .set_user = set_id_reg, \ .visibility = id_visibility, \ - .reset = kvm_read_sanitised_id_reg, \ .val = 0, \ } @@ -2286,7 +2286,6 @@ static bool bad_redir_trap(struct kvm_vcpu *vcpu, ID_DESC(name), \ .set_user = set_id_reg, \ .visibility = aa32_id_visibility, \ - .reset = kvm_read_sanitised_id_reg, \ .val = 0, \ } @@ -2295,7 +2294,6 @@ static bool bad_redir_trap(struct kvm_vcpu *vcpu, ID_DESC(name), \ .set_user = set_id_reg, \ .visibility = id_visibility, \ - .reset = kvm_read_sanitised_id_reg, \ .val = mask, \ } @@ -2304,7 +2302,6 @@ static bool bad_redir_trap(struct kvm_vcpu *vcpu, ID_DESC(sysreg), \ .set_user = set_##name, \ .visibility = id_visibility, \ - .reset = kvm_read_sanitised_id_reg, \ .val = (mask), \ } @@ -2319,7 +2316,6 @@ static bool bad_redir_trap(struct kvm_vcpu *vcpu, .get_user = get_id_reg, \ .set_user = set_id_reg, \ .visibility = raz_visibility, \ - .reset = kvm_read_sanitised_id_reg, \ .val = 0, \ } @@ -2332,7 +2328,6 @@ static bool bad_redir_trap(struct kvm_vcpu *vcpu, ID_DESC(name), \ .set_user = set_id_reg, \ .visibility = raz_visibility, \ - .reset = kvm_read_sanitised_id_reg, \ .val = 0, \ } From patchwork Sat Feb 15 17:38:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13976189 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C96951EDA1D; Sat, 15 Feb 2025 17:38:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641103; cv=none; b=e+geNqXfKZWsT4xTcyyE9vY1/L3DnWyG2nfT1WqZC+5JcPY4cruC9t2tDlmKXrp3xxh+WQ4CZZ50an3Mo5hOGk/GdaF6TNYCiMgVSmyEQjS2SYcbwiOHD9dcdd/X+2PYu5LI30YrLFYP5fZnQdeuvJ1TWHUM8AIlo/hvQ2Rzp+w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641103; c=relaxed/simple; bh=LEtVaxB4lu5XK8RmKO0qA5NQ+6d1p7e+by5R5CODK9s=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=ac574jgycpVFQ61RRY4VUh31YtqXmAx96gGcvjN5ajR35+R8u9dfekn8EYK0yySEYWn06rPg1GaqCUsJcolvyR4lDif3nM7gyzuUseCtjOVcEZkh0iJ+EGysIdtEJrrQtimEPIYuKqecHgTHRsbWvGktewS1wGElbRg/rjSd8rw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=XVSI0zHL; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="XVSI0zHL" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 64CC4C4CEE2; Sat, 15 Feb 2025 17:38:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1739641103; bh=LEtVaxB4lu5XK8RmKO0qA5NQ+6d1p7e+by5R5CODK9s=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=XVSI0zHLC6pVpMWWixZWs/IeXYmpkEGpueetvHUOEBajEl6mIhJBCQYOoXdYM8HJZ 54SXNktOK6WmF5moD+rkMCIAesUCq4pFOuJMAfIn00Gt0zMGebzSPVdXm6oxRzCt8S qmArK2Uc+hhDOMrvhtAJZyh7MF8zWm7XtatrJu/NZdELFfpWVErC/iX97ia6EHJf8O JW5dGRdrsheYAcwUn5Ux7nyZOIToqI6VDaJTRSRoPz/I7fLVDHHMRu14jyqiaPC5O6 cd/tXI4Vm1B+tHYmoxTxNWkUTAdqvIESZUorTvfn6Hx6SrnVJngUalnq//4Mfrnrbt 7S53d6vr16K/g== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tjM7R-004Pqp-Kd; Sat, 15 Feb 2025 17:38:21 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger Subject: [PATCH 07/14] KVM: arm64: Make ID_REG_LIMIT_FIELD_ENUM() more widely available Date: Sat, 15 Feb 2025 17:38:09 +0000 Message-Id: <20250215173816.3767330-8-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250215173816.3767330-1-maz@kernel.org> References: <20250215173816.3767330-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false ID_REG_LIMIT_FIELD_ENUM() is a useful macro to limit the idreg features exposed to guest and userspace, and the NV code can make use of it. Signed-off-by: Marc Zyngier --- arch/arm64/kvm/sys_regs.c | 10 ---------- arch/arm64/kvm/sys_regs.h | 10 ++++++++++ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index b1bd1a47e7caa..885cdef77d01e 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -1803,16 +1803,6 @@ static u64 sanitise_id_aa64pfr0_el1(const struct kvm_vcpu *vcpu, u64 val) return val; } -#define ID_REG_LIMIT_FIELD_ENUM(val, reg, field, limit) \ -({ \ - u64 __f_val = FIELD_GET(reg##_##field##_MASK, val); \ - (val) &= ~reg##_##field##_MASK; \ - (val) |= FIELD_PREP(reg##_##field##_MASK, \ - min(__f_val, \ - (u64)SYS_FIELD_VALUE(reg, field, limit))); \ - (val); \ -}) - static u64 sanitise_id_aa64dfr0_el1(const struct kvm_vcpu *vcpu, u64 val) { val = ID_REG_LIMIT_FIELD_ENUM(val, ID_AA64DFR0_EL1, DebugVer, V8P8); diff --git a/arch/arm64/kvm/sys_regs.h b/arch/arm64/kvm/sys_regs.h index 1d94ed6efad2c..cc6338d387663 100644 --- a/arch/arm64/kvm/sys_regs.h +++ b/arch/arm64/kvm/sys_regs.h @@ -247,4 +247,14 @@ int kvm_finalize_sys_regs(struct kvm_vcpu *vcpu); CRn(sys_reg_CRn(reg)), CRm(sys_reg_CRm(reg)), \ Op2(sys_reg_Op2(reg)) +#define ID_REG_LIMIT_FIELD_ENUM(val, reg, field, limit) \ +({ \ + u64 __f_val = FIELD_GET(reg##_##field##_MASK, val); \ + (val) &= ~reg##_##field##_MASK; \ + (val) |= FIELD_PREP(reg##_##field##_MASK, \ + min(__f_val, \ + (u64)SYS_FIELD_VALUE(reg, field, limit))); \ + (val); \ +}) + #endif /* __ARM64_KVM_SYS_REGS_LOCAL_H__ */ From patchwork Sat Feb 15 17:38:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13976191 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D97C81EDA2D; Sat, 15 Feb 2025 17:38:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641103; cv=none; b=gx1FyFbzRtt14lZmeGVV4O1jiYdLLOoz/PK8VHdgAwbyvwmO+IKyeptoVWDPt8zSIVqFkcDEyaGtjXOagEyvcMPcqE6FchaKAp7OacdH49DZ8B14i8SmUCeCDD1SI/eCCoOhHlR6pfOcshChxGJKR8/MQapAhT5uzilHPI3xWXo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641103; c=relaxed/simple; bh=56SIWRxmkIc0NGhh9uSDjlX1Hg9JEfvHAZmk7x9h1hQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=ubFSkyOuirwJxCELAjcyfvdVz7277Epvyx9na3r0fDaYl+p5XjEVo6yShnc3dTz8f5ZxoC5uxUWzvokq3SPsjbxHnSJYIVmLm6xlhV/SkVuiV4eDcZX2kEjOMCHbpXBtqSgBdRZbS8heV7Ta/ubFAJdgZIK5Rh7bjs2j1eSICP4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=SgOC32MD; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="SgOC32MD" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9B1CAC4CEEB; Sat, 15 Feb 2025 17:38:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1739641103; bh=56SIWRxmkIc0NGhh9uSDjlX1Hg9JEfvHAZmk7x9h1hQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=SgOC32MDprkHirQZPXfpwG99NfqRINDVIOf8Hds315WXcyQGXUdi2jDttgP6HDon2 qaUjC1Q6AHhABq3r5vdioRDAo8OQBbZ0j+R/f7HRK71iksv/NR0cJClVw+Y3CZS2nA Cf9ZdkWAHTSs46vIDVMmQU3uP27l3LzvR0Bv3hMaXsm0U4jT/8zwzN+BzfNH6ISbzW k392NgCTIpQTdajVhQPkCe7przEHJbX18/jrBEXx27hpegEaY3dPC53KOweRzR3RKO adCqb25x8/03AEMzXZNXAT9xTjb/w54gdre+6/Kq/SSTG8DY+j7BdmO0Z1rBC08NS9 dtjXnpdA1WCjA== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tjM7R-004Pqp-Qt; Sat, 15 Feb 2025 17:38:21 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger Subject: [PATCH 08/14] KVM: arm64: Enforce NV limits on a per-idregs basis Date: Sat, 15 Feb 2025 17:38:10 +0000 Message-Id: <20250215173816.3767330-9-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250215173816.3767330-1-maz@kernel.org> References: <20250215173816.3767330-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false As we are about to change the way the idreg reset values are computed, move all the NV limits into a function that initialises one register at a time. This will be most useful in the upcoming patches. We take this opportunity to remove the NV_FTR() macro and rely on the generated names instead. Signed-off-by: Marc Zyngier --- arch/arm64/kvm/nested.c | 239 +++++++++++++++++++++++----------------- 1 file changed, 136 insertions(+), 103 deletions(-) diff --git a/arch/arm64/kvm/nested.c b/arch/arm64/kvm/nested.c index 9f140560a6f5d..2cc82e69ab523 100644 --- a/arch/arm64/kvm/nested.c +++ b/arch/arm64/kvm/nested.c @@ -16,9 +16,6 @@ #include "sys_regs.h" -/* Protection against the sysreg repainting madness... */ -#define NV_FTR(r, f) ID_AA64##r##_EL1_##f - /* * Ratio of live shadow S2 MMU per vcpu. This is a trade-off between * memory usage and potential number of different sets of S2 PTs in @@ -807,133 +804,169 @@ void kvm_arch_flush_shadow_all(struct kvm *kvm) * This list should get updated as new features get added to the NV * support, and new extension to the architecture. */ +static u64 limit_nv_id_reg(struct kvm *kvm, u32 reg, u64 val) +{ + switch (reg) { + case SYS_ID_AA64ISAR0_EL1: + /* Support everything but TME */ + val &= ~ID_AA64ISAR0_EL1_TME; + break; + + case SYS_ID_AA64ISAR1_EL1: + /* Support everything but LS64 and Spec Invalidation */ + val &= ~(ID_AA64ISAR1_EL1_LS64 | + ID_AA64ISAR1_EL1_SPECRES); + break; + + case SYS_ID_AA64PFR0_EL1: + /* No RME, AMU, MPAM, S-EL2, or RAS */ + val &= ~(ID_AA64PFR0_EL1_RME | + ID_AA64PFR0_EL1_AMU | + ID_AA64PFR0_EL1_MPAM | + ID_AA64PFR0_EL1_SEL2 | + ID_AA64PFR0_EL1_RAS | + ID_AA64PFR0_EL1_EL3 | + ID_AA64PFR0_EL1_EL2 | + ID_AA64PFR0_EL1_EL1 | + ID_AA64PFR0_EL1_EL0); + /* 64bit only at any EL */ + val |= SYS_FIELD_PREP_ENUM(ID_AA64PFR0_EL1, EL0, IMP); + val |= SYS_FIELD_PREP_ENUM(ID_AA64PFR0_EL1, EL1, IMP); + val |= SYS_FIELD_PREP_ENUM(ID_AA64PFR0_EL1, EL2, IMP); + val |= SYS_FIELD_PREP_ENUM(ID_AA64PFR0_EL1, EL3, IMP); + break; + + case SYS_ID_AA64PFR1_EL1: + /* Only support BTI, SSBS, CSV2_frac */ + val &= (ID_AA64PFR1_EL1_BT | + ID_AA64PFR1_EL1_SSBS | + ID_AA64PFR1_EL1_CSV2_frac); + break; + + case SYS_ID_AA64MMFR0_EL1: + /* Hide ECV, ExS, Secure Memory */ + val &= ~(ID_AA64MMFR0_EL1_EVC | + ID_AA64MMFR0_EL1_EXS | + ID_AA64MMFR0_EL1_TGRAN4_2 | + ID_AA64MMFR0_EL1_TGRAN16_2 | + ID_AA64MMFR0_EL1_TGRAN64_2 | + ID_AA64MMFR0_EL1_SNSMEM); + + /* Disallow unsupported S2 page sizes */ + switch (PAGE_SIZE) { + case SZ_64K: + val |= SYS_FIELD_PREP_ENUM(ID_AA64MMFR0_EL1, TGRAN16_2, NI); + fallthrough; + case SZ_16K: + val |= SYS_FIELD_PREP_ENUM(ID_AA64MMFR0_EL1, TGRAN4_2, NI); + fallthrough; + case SZ_4K: + /* Support everything */ + break; + } + + /* + * Since we can't support a guest S2 page size smaller + * than the host's own page size (due to KVM only + * populating its own S2 using the kernel's page + * size), advertise the limitation using FEAT_GTG. + */ + switch (PAGE_SIZE) { + case SZ_4K: + val |= SYS_FIELD_PREP_ENUM(ID_AA64MMFR0_EL1, TGRAN4_2, IMP); + fallthrough; + case SZ_16K: + val |= SYS_FIELD_PREP_ENUM(ID_AA64MMFR0_EL1, TGRAN16_2, IMP); + fallthrough; + case SZ_64K: + val |= SYS_FIELD_PREP_ENUM(ID_AA64MMFR0_EL1, TGRAN64_2, IMP); + break; + } + + /* Cap PARange to 48bits */ + val = ID_REG_LIMIT_FIELD_ENUM(val, ID_AA64MMFR0_EL1, PARANGE, 48); + break; + + case SYS_ID_AA64MMFR1_EL1: + val &= (ID_AA64MMFR1_EL1_HCX | + ID_AA64MMFR1_EL1_PAN | + ID_AA64MMFR1_EL1_LO | + ID_AA64MMFR1_EL1_HPDS | + ID_AA64MMFR1_EL1_VH | + ID_AA64MMFR1_EL1_VMIDBits); + break; + + case SYS_ID_AA64MMFR2_EL1: + val &= ~(ID_AA64MMFR2_EL1_BBM | + ID_AA64MMFR2_EL1_TTL | + GENMASK_ULL(47, 44) | + ID_AA64MMFR2_EL1_ST | + ID_AA64MMFR2_EL1_CCIDX | + ID_AA64MMFR2_EL1_VARange); + + /* Force TTL support */ + val |= SYS_FIELD_PREP_ENUM(ID_AA64MMFR2_EL1, TTL, IMP); + break; + + case SYS_ID_AA64MMFR4_EL1: + val = SYS_FIELD_PREP_ENUM(ID_AA64MMFR4_EL1, NV_frac, NV2_ONLY); + val |= SYS_FIELD_PREP_ENUM(ID_AA64MMFR4_EL1, E2H0, NI_NV1); + break; + + case SYS_ID_AA64DFR0_EL1: + /* Only limited support for PMU, Debug, BPs, WPs, and HPMN0 */ + val &= (ID_AA64DFR0_EL1_PMUVer | + ID_AA64DFR0_EL1_WRPs | + ID_AA64DFR0_EL1_BRPs | + ID_AA64DFR0_EL1_DebugVer| + ID_AA64DFR0_EL1_HPMN0); + + /* Cap Debug to ARMv8.1 */ + val = ID_REG_LIMIT_FIELD_ENUM(val, ID_AA64DFR0_EL1, DebugVer, VHE); + break; + } + + return val; +} + static void limit_nv_id_regs(struct kvm *kvm) { - u64 val, tmp; + u64 val; - /* Support everything but TME */ val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64ISAR0_EL1); - val &= ~NV_FTR(ISAR0, TME); + val = limit_nv_id_reg(kvm, SYS_ID_AA64ISAR0_EL1, val); kvm_set_vm_id_reg(kvm, SYS_ID_AA64ISAR0_EL1, val); - /* Support everything but Spec Invalidation and LS64 */ val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64ISAR1_EL1); - val &= ~(NV_FTR(ISAR1, LS64) | - NV_FTR(ISAR1, SPECRES)); + val = limit_nv_id_reg(kvm, SYS_ID_AA64ISAR1_EL1, val); kvm_set_vm_id_reg(kvm, SYS_ID_AA64ISAR1_EL1, val); - /* No AMU, MPAM, S-EL2, or RAS */ val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64PFR0_EL1); - val &= ~(GENMASK_ULL(55, 52) | - NV_FTR(PFR0, AMU) | - NV_FTR(PFR0, MPAM) | - NV_FTR(PFR0, SEL2) | - NV_FTR(PFR0, RAS) | - NV_FTR(PFR0, EL3) | - NV_FTR(PFR0, EL2) | - NV_FTR(PFR0, EL1) | - NV_FTR(PFR0, EL0)); - /* 64bit only at any EL */ - val |= FIELD_PREP(NV_FTR(PFR0, EL0), 0b0001); - val |= FIELD_PREP(NV_FTR(PFR0, EL1), 0b0001); - val |= FIELD_PREP(NV_FTR(PFR0, EL2), 0b0001); - val |= FIELD_PREP(NV_FTR(PFR0, EL3), 0b0001); + val = limit_nv_id_reg(kvm, SYS_ID_AA64PFR0_EL1, val); kvm_set_vm_id_reg(kvm, SYS_ID_AA64PFR0_EL1, val); - /* Only support BTI, SSBS, CSV2_frac */ val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64PFR1_EL1); - val &= (NV_FTR(PFR1, BT) | - NV_FTR(PFR1, SSBS) | - NV_FTR(PFR1, CSV2_frac)); + val = limit_nv_id_reg(kvm, SYS_ID_AA64PFR1_EL1, val); kvm_set_vm_id_reg(kvm, SYS_ID_AA64PFR1_EL1, val); - /* Hide ECV, ExS, Secure Memory */ val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64MMFR0_EL1); - val &= ~(NV_FTR(MMFR0, ECV) | - NV_FTR(MMFR0, EXS) | - NV_FTR(MMFR0, TGRAN4_2) | - NV_FTR(MMFR0, TGRAN16_2) | - NV_FTR(MMFR0, TGRAN64_2) | - NV_FTR(MMFR0, SNSMEM)); - - /* Disallow unsupported S2 page sizes */ - switch (PAGE_SIZE) { - case SZ_64K: - val |= FIELD_PREP(NV_FTR(MMFR0, TGRAN16_2), 0b0001); - fallthrough; - case SZ_16K: - val |= FIELD_PREP(NV_FTR(MMFR0, TGRAN4_2), 0b0001); - fallthrough; - case SZ_4K: - /* Support everything */ - break; - } - /* - * Since we can't support a guest S2 page size smaller than - * the host's own page size (due to KVM only populating its - * own S2 using the kernel's page size), advertise the - * limitation using FEAT_GTG. - */ - switch (PAGE_SIZE) { - case SZ_4K: - val |= FIELD_PREP(NV_FTR(MMFR0, TGRAN4_2), 0b0010); - fallthrough; - case SZ_16K: - val |= FIELD_PREP(NV_FTR(MMFR0, TGRAN16_2), 0b0010); - fallthrough; - case SZ_64K: - val |= FIELD_PREP(NV_FTR(MMFR0, TGRAN64_2), 0b0010); - break; - } - /* Cap PARange to 48bits */ - tmp = FIELD_GET(NV_FTR(MMFR0, PARANGE), val); - if (tmp > 0b0101) { - val &= ~NV_FTR(MMFR0, PARANGE); - val |= FIELD_PREP(NV_FTR(MMFR0, PARANGE), 0b0101); - } + val = limit_nv_id_reg(kvm, SYS_ID_AA64MMFR0_EL1, val); kvm_set_vm_id_reg(kvm, SYS_ID_AA64MMFR0_EL1, val); val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64MMFR1_EL1); - val &= (NV_FTR(MMFR1, HCX) | - NV_FTR(MMFR1, PAN) | - NV_FTR(MMFR1, LO) | - NV_FTR(MMFR1, HPDS) | - NV_FTR(MMFR1, VH) | - NV_FTR(MMFR1, VMIDBits)); + val = limit_nv_id_reg(kvm, SYS_ID_AA64MMFR1_EL1, val); kvm_set_vm_id_reg(kvm, SYS_ID_AA64MMFR1_EL1, val); val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64MMFR2_EL1); - val &= ~(NV_FTR(MMFR2, BBM) | - NV_FTR(MMFR2, TTL) | - GENMASK_ULL(47, 44) | - NV_FTR(MMFR2, ST) | - NV_FTR(MMFR2, CCIDX) | - NV_FTR(MMFR2, VARange)); - - /* Force TTL support */ - val |= FIELD_PREP(NV_FTR(MMFR2, TTL), 0b0001); + val = limit_nv_id_reg(kvm, SYS_ID_AA64MMFR2_EL1, val); kvm_set_vm_id_reg(kvm, SYS_ID_AA64MMFR2_EL1, val); - val = 0; - if (!cpus_have_final_cap(ARM64_HAS_HCR_NV1)) - val |= FIELD_PREP(NV_FTR(MMFR4, E2H0), - ID_AA64MMFR4_EL1_E2H0_NI_NV1); + val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64MMFR4_EL1); + val = limit_nv_id_reg(kvm, SYS_ID_AA64MMFR4_EL1, val); kvm_set_vm_id_reg(kvm, SYS_ID_AA64MMFR4_EL1, val); - /* Only limited support for PMU, Debug, BPs, WPs, and HPMN0 */ val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64DFR0_EL1); - val &= (NV_FTR(DFR0, PMUVer) | - NV_FTR(DFR0, WRPs) | - NV_FTR(DFR0, BRPs) | - NV_FTR(DFR0, DebugVer) | - NV_FTR(DFR0, HPMN0)); - - /* Cap Debug to ARMv8.1 */ - tmp = FIELD_GET(NV_FTR(DFR0, DebugVer), val); - if (tmp > 0b0111) { - val &= ~NV_FTR(DFR0, DebugVer); - val |= FIELD_PREP(NV_FTR(DFR0, DebugVer), 0b0111); - } + val = limit_nv_id_reg(kvm, SYS_ID_AA64DFR0_EL1, val); kvm_set_vm_id_reg(kvm, SYS_ID_AA64DFR0_EL1, val); } From patchwork Sat Feb 15 17:38:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13976190 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D975D1EDA29; Sat, 15 Feb 2025 17:38:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641103; cv=none; b=hwl5DhlZS9roFIa8NZyQP6NHAOCLSIJ4lN+bS9gUX3qgIXL+x0UmATCt0HOn97rJXy6KLb0OBEe1enOoXl9ODnSa+gfr1Sd2g3GGre4ewZPuoLOrsKs1P0NkjHS/hQ2OAGtS1CCBDHZdjGMMuZ2STcH3LjvY4fxxLyTj5LEFs5c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641103; c=relaxed/simple; bh=OTC3kI/gv5GNa/GA2wVNNH8uH80umABVkvMIqwE3ERk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=el8tRl1JBz5Ol6aS0w6fRjiunueBWnJHpYztDgefAGYSLtFaWbv5Z7MS7MpcUdPX+O9jtOmfVy0rvOr/Bb4SFKm9ZUrKu29pD+nXM14kq/SCHJDhh0wkILP9VWRp1f+y947t8B8jxT0exAhjGALWM0zGuxn64dOIwUrJSMXnEyM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ErJpkAUk; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ErJpkAUk" Received: by smtp.kernel.org (Postfix) with ESMTPSA id BDF51C4CEE6; Sat, 15 Feb 2025 17:38:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1739641103; bh=OTC3kI/gv5GNa/GA2wVNNH8uH80umABVkvMIqwE3ERk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ErJpkAUkPXyA328KYs8dMbwIzhTMQk/eSK09W9t6Yboo4jSpIQ2sGjqPhV488KsIV eZivam84rAnXKiv9n4LWl/6faW72sp7HA7tLEix/21DRpM0ygJamFe94rasS0vbOTX zlWXpXVKev93Vz8G/Km590w1SkRIVF8JAG/SOEKrT5Y65HOykyYi9oek+BQB1+BTID iNMtOh2XDTfSxbMymRTVzCYo2/NLwWpcq10n2Lqo/rUinz3reY3anOl/eYF1Diaf9Q L7dx8XPL8Mj/iN8TSPhZTcDbPGJpgejBBBnHfULEQQ8wJ3RFeejAP5FQkkHOsT+EW1 KdUoTsM7smQBg== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tjM7S-004Pqp-1L; Sat, 15 Feb 2025 17:38:22 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger Subject: [PATCH 09/14] KVM: arm64: Move NV-specific capping to idreg sanitisation Date: Sat, 15 Feb 2025 17:38:11 +0000 Message-Id: <20250215173816.3767330-10-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250215173816.3767330-1-maz@kernel.org> References: <20250215173816.3767330-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Instead of applying the NV idreg limits at run time, switch to doing it at the same time as the reset of the VM initialisation. This will make things much simpler once we introduce vcpu-driven variants of NV. Signed-off-by: Marc Zyngier --- arch/arm64/include/asm/kvm_nested.h | 1 + arch/arm64/kvm/nested.c | 45 +---------------------------- arch/arm64/kvm/sys_regs.c | 3 ++ 3 files changed, 5 insertions(+), 44 deletions(-) diff --git a/arch/arm64/include/asm/kvm_nested.h b/arch/arm64/include/asm/kvm_nested.h index 56c4bcd35e2e5..692f403c1896e 100644 --- a/arch/arm64/include/asm/kvm_nested.h +++ b/arch/arm64/include/asm/kvm_nested.h @@ -188,6 +188,7 @@ static inline bool kvm_supported_tlbi_s1e2_op(struct kvm_vcpu *vpcu, u32 instr) } int kvm_init_nv_sysregs(struct kvm_vcpu *vcpu); +u64 limit_nv_id_reg(struct kvm *kvm, u32 reg, u64 val); #ifdef CONFIG_ARM64_PTR_AUTH bool kvm_auth_eretax(struct kvm_vcpu *vcpu, u64 *elr); diff --git a/arch/arm64/kvm/nested.c b/arch/arm64/kvm/nested.c index 2cc82e69ab523..96d1d300e79f9 100644 --- a/arch/arm64/kvm/nested.c +++ b/arch/arm64/kvm/nested.c @@ -804,7 +804,7 @@ void kvm_arch_flush_shadow_all(struct kvm *kvm) * This list should get updated as new features get added to the NV * support, and new extension to the architecture. */ -static u64 limit_nv_id_reg(struct kvm *kvm, u32 reg, u64 val) +u64 limit_nv_id_reg(struct kvm *kvm, u32 reg, u64 val) { switch (reg) { case SYS_ID_AA64ISAR0_EL1: @@ -929,47 +929,6 @@ static u64 limit_nv_id_reg(struct kvm *kvm, u32 reg, u64 val) return val; } -static void limit_nv_id_regs(struct kvm *kvm) -{ - u64 val; - - val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64ISAR0_EL1); - val = limit_nv_id_reg(kvm, SYS_ID_AA64ISAR0_EL1, val); - kvm_set_vm_id_reg(kvm, SYS_ID_AA64ISAR0_EL1, val); - - val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64ISAR1_EL1); - val = limit_nv_id_reg(kvm, SYS_ID_AA64ISAR1_EL1, val); - kvm_set_vm_id_reg(kvm, SYS_ID_AA64ISAR1_EL1, val); - - val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64PFR0_EL1); - val = limit_nv_id_reg(kvm, SYS_ID_AA64PFR0_EL1, val); - kvm_set_vm_id_reg(kvm, SYS_ID_AA64PFR0_EL1, val); - - val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64PFR1_EL1); - val = limit_nv_id_reg(kvm, SYS_ID_AA64PFR1_EL1, val); - kvm_set_vm_id_reg(kvm, SYS_ID_AA64PFR1_EL1, val); - - val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64MMFR0_EL1); - val = limit_nv_id_reg(kvm, SYS_ID_AA64MMFR0_EL1, val); - kvm_set_vm_id_reg(kvm, SYS_ID_AA64MMFR0_EL1, val); - - val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64MMFR1_EL1); - val = limit_nv_id_reg(kvm, SYS_ID_AA64MMFR1_EL1, val); - kvm_set_vm_id_reg(kvm, SYS_ID_AA64MMFR1_EL1, val); - - val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64MMFR2_EL1); - val = limit_nv_id_reg(kvm, SYS_ID_AA64MMFR2_EL1, val); - kvm_set_vm_id_reg(kvm, SYS_ID_AA64MMFR2_EL1, val); - - val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64MMFR4_EL1); - val = limit_nv_id_reg(kvm, SYS_ID_AA64MMFR4_EL1, val); - kvm_set_vm_id_reg(kvm, SYS_ID_AA64MMFR4_EL1, val); - - val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64DFR0_EL1); - val = limit_nv_id_reg(kvm, SYS_ID_AA64DFR0_EL1, val); - kvm_set_vm_id_reg(kvm, SYS_ID_AA64DFR0_EL1, val); -} - u64 kvm_vcpu_apply_reg_masks(const struct kvm_vcpu *vcpu, enum vcpu_sysreg sr, u64 v) { @@ -1014,8 +973,6 @@ int kvm_init_nv_sysregs(struct kvm_vcpu *vcpu) if (!kvm->arch.sysreg_masks) return -ENOMEM; - limit_nv_id_regs(kvm); - /* VTTBR_EL2 */ res0 = res1 = 0; if (!kvm_has_feat_enum(kvm, ID_AA64MMFR1_EL1, VMIDBits, 16)) diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index 885cdef77d01e..c1e050a58fb2e 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -1638,6 +1638,9 @@ static u64 __kvm_read_sanitised_id_reg(const struct kvm_vcpu *vcpu, break; } + if (vcpu_has_nv(vcpu)) + val = limit_nv_id_reg(vcpu->kvm, id, val); + return val; } From patchwork Sat Feb 15 17:38:12 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13976192 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 85C5B1F4192; Sat, 15 Feb 2025 17:38:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641104; cv=none; b=daHAhd7Wc3sMxCZxjDO/tCOwTNXtCE2xZy0RxkyU4BfKy+Kq3NPV9rwg5jVWuvkqhj860PlMgTyBxRiKm/mCI4TUCfCDCvfXHQuPUB9b+mZ3LJl5gBHHzxhAOWbVeOqTt3jgHmMMNHv4zuhelAZ/3DMltd1TgGMyrUJ0rVuh7jM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641104; c=relaxed/simple; bh=Cptvvdg58Mif3ou0/tPyf1Nbz5VIb9W2RdSQkk+mm0A=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=ndFgOfS407yZSNDeYBWiOAzSlqnckZw2jikgmOQRdvhVmo+uxPK1K3UoySe+dLKfSKvMl80c8nfPTK0yZzHUZB6ayA3i2Ni64+ZF8deXd1Ba5vWGKgBGav73jDzM0Tn0ypfiZhlaRAKFCWbO0rEanqmbjv7WJlRscbsr/PGSmFw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=LpSCmhSr; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="LpSCmhSr" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 01E8DC4CEE2; Sat, 15 Feb 2025 17:38:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1739641104; bh=Cptvvdg58Mif3ou0/tPyf1Nbz5VIb9W2RdSQkk+mm0A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=LpSCmhSrjcKzDokvmluRQxX01ZBowLxhPSNmQmVHx36lqUkFLLT2b5cYwrvfP6Jqr iBEA11ASqUh+MauSC+bom+iVlXFc8rVVrQ1rz6spd05vnB2k+iO6sm/TsTaJK7TRdw Yz5MYMTrv829LGqieVE4Xs6HUc/t28IJ5bUFVDIA5Fns0upKP5Kci8Gkl6leMezCa0 qZMvxV9mfOzaJzLJeU2P51bNPWyiER6Prik5Myo8VGjNRF2MRg3lyyGAGUhMidkHi0 AUUhUOiQ+noP0cL8F4J3w1p7613IlE0i2hg2VPrDM77Kqatmjv4kOZhmoASwHZAy0K lyn805L4CzuSg== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tjM7S-004Pqp-81; Sat, 15 Feb 2025 17:38:22 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger Subject: [PATCH 10/14] KVM: arm64: Allow userspace to limit NV support to nVHE Date: Sat, 15 Feb 2025 17:38:12 +0000 Message-Id: <20250215173816.3767330-11-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250215173816.3767330-1-maz@kernel.org> References: <20250215173816.3767330-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false NV is hard. No kidding. In order to make things simpler, we have established that NV would support two mutually exclusive configurations: - VHE-only, and supporting recursive virtualisation - mVHE-only, and not supporting recursive virtualisation For that purpose, introduce a new vcpu feature flag that denotes the second configuration. We use this flag to limit the idregs further. Signed-off-by: Marc Zyngier --- arch/arm64/include/uapi/asm/kvm.h | 1 + arch/arm64/kvm/nested.c | 28 ++++++++++++++++++++++++++-- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/uapi/asm/kvm.h b/arch/arm64/include/uapi/asm/kvm.h index 568bf858f3198..3bcab2a106c98 100644 --- a/arch/arm64/include/uapi/asm/kvm.h +++ b/arch/arm64/include/uapi/asm/kvm.h @@ -105,6 +105,7 @@ struct kvm_regs { #define KVM_ARM_VCPU_PTRAUTH_ADDRESS 5 /* VCPU uses address authentication */ #define KVM_ARM_VCPU_PTRAUTH_GENERIC 6 /* VCPU uses generic authentication */ #define KVM_ARM_VCPU_HAS_EL2 7 /* Support nested virtualization */ +#define KVM_ARM_VCPU_HAS_EL2_E2H0 8 /* Limit NV support to E2H RES0 */ struct kvm_vcpu_init { __u32 target; diff --git a/arch/arm64/kvm/nested.c b/arch/arm64/kvm/nested.c index 96d1d300e79f9..5ec5acb6310e9 100644 --- a/arch/arm64/kvm/nested.c +++ b/arch/arm64/kvm/nested.c @@ -51,6 +51,10 @@ int kvm_vcpu_init_nested(struct kvm_vcpu *vcpu) struct kvm_s2_mmu *tmp; int num_mmus, ret = 0; + if (test_bit(KVM_ARM_VCPU_HAS_EL2_E2H0, kvm->arch.vcpu_features) && + !cpus_have_final_cap(ARM64_HAS_HCR_NV1)) + return -EINVAL; + /* * Let's treat memory allocation failures as benign: If we fail to * allocate anything, return an error and keep the allocated array @@ -894,6 +898,9 @@ u64 limit_nv_id_reg(struct kvm *kvm, u32 reg, u64 val) ID_AA64MMFR1_EL1_HPDS | ID_AA64MMFR1_EL1_VH | ID_AA64MMFR1_EL1_VMIDBits); + /* FEAT_E2H0 implies no VHE */ + if (test_bit(KVM_ARM_VCPU_HAS_EL2_E2H0, kvm->arch.vcpu_features)) + val &= ~ID_AA64MMFR1_EL1_VH; break; case SYS_ID_AA64MMFR2_EL1: @@ -909,8 +916,25 @@ u64 limit_nv_id_reg(struct kvm *kvm, u32 reg, u64 val) break; case SYS_ID_AA64MMFR4_EL1: - val = SYS_FIELD_PREP_ENUM(ID_AA64MMFR4_EL1, NV_frac, NV2_ONLY); - val |= SYS_FIELD_PREP_ENUM(ID_AA64MMFR4_EL1, E2H0, NI_NV1); + /* + * You get EITHER + * + * - FEAT_VHE without FEAT_E2H0 + * - FEAT_NV limited to FEAT_NV2 + * - HCR_EL2.NV1 being RES0 + * + * OR + * + * - FEAT_E2H0 without FEAT_VHE nor FEAT_NV + * + * Life is too short for anything else. + */ + if (test_bit(KVM_ARM_VCPU_HAS_EL2_E2H0, kvm->arch.vcpu_features)) { + val = 0; + } else { + val = SYS_FIELD_PREP_ENUM(ID_AA64MMFR4_EL1, NV_frac, NV2_ONLY); + val |= SYS_FIELD_PREP_ENUM(ID_AA64MMFR4_EL1, E2H0, NI_NV1); + } break; case SYS_ID_AA64DFR0_EL1: From patchwork Sat Feb 15 17:38:13 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13976193 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9F3431F9A85; Sat, 15 Feb 2025 17:38:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641104; cv=none; b=d3nO0V/LbkugDTuaDYumRlDsksIX/JMPLb02qqaSsIf2QSlkJzvO/oRrySfb58HAQ+1gZC7cXaqhQn4w71rRP4G09ydEUtpNHT+360JQ8hLRYgrNTwmb+y4XO2wHAv8Y2cgbW/jk41a6wBx3xK8fb9orCXYdiZRctW92pHFXBqQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641104; c=relaxed/simple; bh=XuMX9D51rOvDLqugXxKyuaKFZB0IP1O1SmRry/eT/uc=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=jPAUzBQTf4mmEJQ/5x0j0aOd3Pp42VvgAKklrlhI9DeRQzYRdzcv/5cBeQIeKjBovsv9MNRSso/UpIF9pmtX999I+oPc3dRXDL1p04Bz6nR40dWEhycBgthzKTHlkN89S7QdKf7SIV2q7n5HLGE0hJrsZvN9VfXXjJR0dfG8HJE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=WvHKozje; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="WvHKozje" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 20B04C4CEE4; Sat, 15 Feb 2025 17:38:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1739641104; bh=XuMX9D51rOvDLqugXxKyuaKFZB0IP1O1SmRry/eT/uc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WvHKozjea013rJ5CdYymCIVcomvPnzedyhCWg+IFXMlR5hleGEXLFFZS8W211fmbQ nF7vJdiPsEysLCxJoUsb+mE0gzElLPRDbvAMg51XuHVcKRQ2IYdTwxb2Fmw4WdS+6d ys97uUvr/G+cTQ+1Nbbdf/+GpuGPTkn4TT5ZKtFsTAzJWwgW3TLSU4y3TLaBvsc8nt VTZ1srnGkkGHyFaTEVEHdAJfCJszhVKns9Rg1Kt+npGULYFuKW9Lva2Il2Iv62uvCK fKwOxCaWsMqY0Bc1goy2H7UkPNUXvt3Vjb0SRav2VywPsD2+QCWeQ1oLvxyolAQEzA 8WvCNQPC96oyw== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tjM7S-004Pqp-E4; Sat, 15 Feb 2025 17:38:22 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger Subject: [PATCH 11/14] KVM: arm64: Make ID_AA64MMFR4_EL1.NV_frac writable Date: Sat, 15 Feb 2025 17:38:13 +0000 Message-Id: <20250215173816.3767330-12-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250215173816.3767330-1-maz@kernel.org> References: <20250215173816.3767330-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false We want to make sure that it is possible for userspace to configure whether recursive NV is possible. Make NV_frac writable for that purpose. Signed-off-by: Marc Zyngier --- arch/arm64/kvm/sys_regs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index c1e050a58fb2e..db7c4e791b99c 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -2669,7 +2669,7 @@ static const struct sys_reg_desc sys_reg_descs[] = { ID_WRITABLE(ID_AA64MMFR3_EL1, (ID_AA64MMFR3_EL1_TCRX | ID_AA64MMFR3_EL1_S1PIE | ID_AA64MMFR3_EL1_S1POE)), - ID_SANITISED(ID_AA64MMFR4_EL1), + ID_WRITABLE(ID_AA64MMFR4_EL1, ID_AA64MMFR4_EL1_NV_frac), ID_UNALLOCATED(7,5), ID_UNALLOCATED(7,6), ID_UNALLOCATED(7,7), From patchwork Sat Feb 15 17:38:14 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13976194 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BA1AD1E5B94; Sat, 15 Feb 2025 17:38:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641104; cv=none; b=PhWMMqA85sY2gHYUTL3BxJvplzat2O1ifnqV6Ugi/6wvKHapq/e5zms2UCS5r30RhEVyZG94AReVDcHKasFnc4M/VKmkZZ1eLZ11ZwF7pXf4/4bBSQ8AokjVMhPJ2bavplyA8i8hFP8WSrW7misvBioVoLsy4ZrCmRHSlclZAsQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641104; c=relaxed/simple; bh=l6/K3TgHqFMCERF5V5TBAO9LtyJHG0zZIRxuUinA74M=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=tJcMzNnLVGrdf5WDcDeCYtEbXskXzW5Q6Mg9RjSDvhjfTdr/v9oFuIn7gsn55FmFSjJq+pjePDHRjvAV+40tqKMvY4HGwpHmvHhwIkxCtHeFkTL4+IS1xOrn6WvJ2EYr0hQGDkOVttFmloUXqYg5QOwSBwBI5d7E44DXzo9lQOg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ccLo+p3D; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ccLo+p3D" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 56BF8C4CEF2; Sat, 15 Feb 2025 17:38:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1739641104; bh=l6/K3TgHqFMCERF5V5TBAO9LtyJHG0zZIRxuUinA74M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ccLo+p3DqEQCuREatieqYtX4+1e3lMiYepqpQomKJ1107yhfwX+gbA9NWI4sLXFq9 wt2KhTmzojLKVGfMmeluUAkOHEfU9HYVD15zr0N71LKcQCcv+7SPgDjj17bbpldnvW Bxtz6ts8f4apxuZh4lIEJil5wbuc9o/VG2Owb7pvKlrcS0DRjBP7iRpmmFsdnEeIF8 /7ynVofi2rsezg5USRPl/eBtQRbrt6UQxRnY6DtjrXg15UoKoK9sTplt6swTRhQ1rt zUsPZJjwBy5p+PsJDai9aJy2Y3T7DWW1YwcPSz3Ur9TUwRXHFF7vj2LSIp+pp1owLT syJa1Z0iskJSw== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tjM7S-004Pqp-Jx; Sat, 15 Feb 2025 17:38:22 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger Subject: [PATCH 12/14] KVM: arm64: Advertise FEAT_ECV when possible Date: Sat, 15 Feb 2025 17:38:14 +0000 Message-Id: <20250215173816.3767330-13-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250215173816.3767330-1-maz@kernel.org> References: <20250215173816.3767330-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false We can advertise support for FEAT_ECV if supported on the HW as long as we limit it to the basic trap bits, and not advertise CNTPOFF_EL2 support, even if the host has it (the short story being that CNTPOFF_EL2 is not virtualisable). Signed-off-by: Marc Zyngier --- arch/arm64/kvm/nested.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/arch/arm64/kvm/nested.c b/arch/arm64/kvm/nested.c index 5ec5acb6310e9..d55c296fcb27a 100644 --- a/arch/arm64/kvm/nested.c +++ b/arch/arm64/kvm/nested.c @@ -848,14 +848,16 @@ u64 limit_nv_id_reg(struct kvm *kvm, u32 reg, u64 val) break; case SYS_ID_AA64MMFR0_EL1: - /* Hide ECV, ExS, Secure Memory */ - val &= ~(ID_AA64MMFR0_EL1_EVC | - ID_AA64MMFR0_EL1_EXS | + /* Hide ExS, Secure Memory */ + val &= ~(ID_AA64MMFR0_EL1_EXS | ID_AA64MMFR0_EL1_TGRAN4_2 | ID_AA64MMFR0_EL1_TGRAN16_2 | ID_AA64MMFR0_EL1_TGRAN64_2 | ID_AA64MMFR0_EL1_SNSMEM); + /* Hide CNTPOFF if present */ + val = ID_REG_LIMIT_FIELD_ENUM(val, ID_AA64MMFR0_EL1, ECV, IMP); + /* Disallow unsupported S2 page sizes */ switch (PAGE_SIZE) { case SZ_64K: From patchwork Sat Feb 15 17:38:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13976196 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CF7081FC109; Sat, 15 Feb 2025 17:38:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641104; cv=none; b=ke8d75J9P39PS1N92uHW4MysZHp6Hz7qUjgnWM8pVLcsBHIuqlLg9dNEUHdmQAJKJijR6/vx0dI15cfBCo3g3tYomeItpQP6tP7c4P1rIxgdnQuZ4+6vD34baarNw08dVA1x3i5mwLoECXuAjd14/kvi0ByS3oMvPa1tlLF4jRQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641104; c=relaxed/simple; bh=CL/9quSdT/4WkdKxdC8OB8oLAC8r+jS/LhcwV8O3nUI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=daEwodrTSaWRyUq90O5PALsUy/IRlGMgz4xcGjEoXQVBRE8t89jf1l5UJ+5/2FguFS9+134V1V2FnaSkwrhuTg+YIAtun4zWuW3WWdidbqCqYmjwQgTt8vGXXZq5x071zac9wPcofsJ0X/wOk0PPNX6najs9tQHL4iAyqjatPI4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=qlJ8LWvq; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="qlJ8LWvq" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 892FFC4CEEA; Sat, 15 Feb 2025 17:38:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1739641104; bh=CL/9quSdT/4WkdKxdC8OB8oLAC8r+jS/LhcwV8O3nUI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qlJ8LWvqArerfAe90+kHAHuKR6bt2MdYr7xQ/Gdc/JZ3fT5Ij2ed5s0lc3GiTqIWV 0PGwBCEvfzr2ciN4y1097VWGswxGwvnyO5jKNZRHL7KOf7WleH0DbgGRZIBknBQBmm CLMqvzsTaOcyc+Owkde7sXUmFLqTsBjCTuZOtjjRm71OmMHyl/jtPk8VMtCZB+rqy7 lg0FQMeV0cOon680vQ3YRCtcTO8V9zfYwF09MlBrgXISBSfHoYEvX/C7lpVQPneByt Cthq96XVcagSESNDsXhgk5KcRoluw/vJvvm9FyNbOmWwxSy/OT9w3j0z1wjnK5QxMJ d9UfoW759E2lg== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tjM7S-004Pqp-QH; Sat, 15 Feb 2025 17:38:22 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger Subject: [PATCH 13/14] KVM: arm64: Allow userspace to request KVM_ARM_VCPU_EL2* Date: Sat, 15 Feb 2025 17:38:15 +0000 Message-Id: <20250215173816.3767330-14-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250215173816.3767330-1-maz@kernel.org> References: <20250215173816.3767330-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Since we're (almost) feature complete, let's allow userspace to request KVM_ARM_VCPU_EL2* by bumping KVM_VCPU_MAX_FEATURES up. We also now advertise the features to userspace with a new capabilities. It's going to be great... Signed-off-by: Marc Zyngier Reviewed-by: Oliver Upton --- arch/arm64/include/asm/kvm_host.h | 2 +- arch/arm64/kvm/arm.c | 6 ++++++ include/uapi/linux/kvm.h | 2 ++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index 7cfa024de4e34..2a9ab9abf0f81 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -39,7 +39,7 @@ #define KVM_MAX_VCPUS VGIC_V3_MAX_CPUS -#define KVM_VCPU_MAX_FEATURES 7 +#define KVM_VCPU_MAX_FEATURES 9 #define KVM_VCPU_VALID_FEATURES (BIT(KVM_VCPU_MAX_FEATURES) - 1) #define KVM_REQ_SLEEP \ diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index 4746c6cace2a8..6554379cdcada 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -359,6 +359,12 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) case KVM_CAP_ARM_EL1_32BIT: r = cpus_have_final_cap(ARM64_HAS_32BIT_EL1); break; + case KVM_CAP_ARM_EL2: + r = cpus_have_final_cap(ARM64_HAS_NESTED_VIRT); + break; + case KVM_CAP_ARM_EL2_E2H0: + r = cpus_have_final_cap(ARM64_HAS_HCR_NV1); + break; case KVM_CAP_GUEST_DEBUG_HW_BPS: r = get_num_brps(); break; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 45e6d8fca9b99..9a6674f51b8be 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -929,6 +929,8 @@ struct kvm_enable_cap { #define KVM_CAP_PRE_FAULT_MEMORY 236 #define KVM_CAP_X86_APIC_BUS_CYCLES_NS 237 #define KVM_CAP_X86_GUEST_MODE 238 +#define KVM_CAP_ARM_EL2 239 +#define KVM_CAP_ARM_EL2_E2H0 240 struct kvm_irq_routing_irqchip { __u32 irqchip; From patchwork Sat Feb 15 17:38:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13976195 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BEE4E1FC0E7; Sat, 15 Feb 2025 17:38:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641104; cv=none; b=XyIaS7OtkER+tWbSFp2sxQrP2l//P+zeYVzEJwXzeoKdHIcezfc3dGwTTHUQmunS1p8whSqRYVOKoIRShu7NiIkexgUkbPvcBdUpxDba7g7rGbfVdBynnFyEkIRgRR02bYWcrCin6Eu+yPJOC9zBWx2iK342J8L4V/kT5XlXonQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739641104; c=relaxed/simple; bh=XrR6EufsQEHc3su339NPCgvj8egd8HG9nLlDbIZ7ZzI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=lNI0fIzdXf2hKWQJnA4odAPHazsvgGMWYNiysm2U/SsyPe2vun/fyxVZDwdrouMlnfEkguG1b20rCr0gNTw/j8sUoy/Nvxt81iBHbH4MRLCCaqLusSI6j+whn17QKC0rvqJKANrVeP6HmQmNtKbNxGZR6qVxpp27jKCgwF87Ib0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=CYYw7Lp/; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="CYYw7Lp/" Received: by smtp.kernel.org (Postfix) with ESMTPSA id A029AC4CEE9; Sat, 15 Feb 2025 17:38:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1739641104; bh=XrR6EufsQEHc3su339NPCgvj8egd8HG9nLlDbIZ7ZzI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=CYYw7Lp/tf67yV7SEf83U0rIspum+TG0z1f4OhgFLMZ6wUcvVW1hBu38dL++/0LE9 HRLyNZam6lqIL1bBNq39v8tDuScFrdzOl/bz3/3onca9CPEYyDvDKkxvEYNBQa7jf6 hd8DJ+WOF7clwPxF3oitOITZhL3TvdtnkvEMPXmoyDZtQPbGicP0rA/L5HuyRz9Qpv WskQ/FHaOH2baw65NqwycoaueeHxttg9gtk3GKMM2cu1kPhL3trQm71P6dMeV1gBFr 6hXhMD4Se0mBA2CNSwC0By36J2jr9OfDvU+2oUxMlmsNZyfU1K9nmE4zT2W4p533Mt Tx0ER+w01i6Uw== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tjM7T-004Pqp-0P; Sat, 15 Feb 2025 17:38:23 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger Subject: [PATCH 14/14] KVM: arm64: Document NV caps and vcpu flags Date: Sat, 15 Feb 2025 17:38:16 +0000 Message-Id: <20250215173816.3767330-15-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250215173816.3767330-1-maz@kernel.org> References: <20250215173816.3767330-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Describe the two new vcpu flags that control NV, together with the capabilities that advertise them. Signed-off-by: Marc Zyngier Reviewed-by: Oliver Upton --- Documentation/virt/kvm/api.rst | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 2b52eb77e29cb..2d7b516ae408d 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -3456,7 +3456,8 @@ The initial values are defined as: - FPSIMD/NEON registers: set to 0 - SVE registers: set to 0 - System registers: Reset to their architecturally defined - values as for a warm reset to EL1 (resp. SVC) + values as for a warm reset to EL1 (resp. SVC) or EL2 (in the + case of EL2 being enabled). Note that because some registers reflect machine topology, all vcpus should be created before this ioctl is invoked. @@ -3523,6 +3524,17 @@ Possible features: - the KVM_REG_ARM64_SVE_VLS pseudo-register is immutable, and can no longer be written using KVM_SET_ONE_REG. + - KVM_ARM_VCPU_HAS_EL2: Enable Nested Virtualisation support, + booting the guest from EL2 instead of EL1. + Depends on KVM_CAP_ARM_EL2. + The VM is running with HCR_EL2.E2H being RES1 (VHE) unless + KVM_ARM_VCPU_HAS_EL2_E2H0 is also set. + + - KVM_ARM_VCPU_HAS_EL2_E2H0: Restrict Nested Virtualisation + support to HCR_EL2.E2H being RES0 (non-VHE). + Depends on KVM_CAP_ARM_EL2_E2H0. + KVM_ARM_VCPU_HAS_EL2 must also be set. + 4.83 KVM_ARM_PREFERRED_TARGET -----------------------------