Merge tag 'kvmarm-fixes-7.0-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

KVM/arm64 fixes for 7.0, take #1

- Make sure we don't leak any S1POE state from guest to guest when
the feature is supported on the HW, but not enabled on the host

- Propagate the ID registers from the host into non-protected VMs
managed by pKVM, ensuring that the guest sees the intended feature set

- Drop double kern_hyp_va() from unpin_host_sve_state(), which could
bite us if we were to change kern_hyp_va() to not being idempotent

- Don't leak stage-2 mappings in protected mode

- Correctly align the faulting address when dealing with single page
stage-2 mappings for PAGE_SIZE > 4kB

- Fix detection of virtualisation-capable GICv5 IRS, due to the
maintainer being obviously fat fingered...

- Remove duplication of code retrieving the ASID for the purpose of
S1 PT handling

- Fix slightly abusive const-ification in vgic_set_kvm_info()

Paolo Bonzini 3 weeks ago 55365ab8 70295a47

+80 -69

8 changed files

expand all

arch

arm64

include

asm

kvm_host.h

kvm_nested.h

kvm

at.c

hyp

nvhe

pkvm.c

mmu.c

nested.c

sys_regs.c

drivers

irqchip

irq-gic-v5-irs.c

+2 -1

arch/arm64/include/asm/kvm_host.h

··· 1616 1616 (kvm_has_feat((k), ID_AA64MMFR3_EL1, S1PIE, IMP)) 1617 1617 1618 1618 #define kvm_has_s1poe(k) \ 1619 - (kvm_has_feat((k), ID_AA64MMFR3_EL1, S1POE, IMP)) 1619 + (system_supports_poe() && \ 1620 + kvm_has_feat((k), ID_AA64MMFR3_EL1, S1POE, IMP)) 1620 1621 1621 1622 #define kvm_has_ras(k) \ 1622 1623 (kvm_has_feat((k), ID_AA64PFR0_EL1, RAS, IMP))

arch/arm64/include/asm/kvm_nested.h

··· 397 397 int kvm_handle_vncr_abort(struct kvm_vcpu *vcpu); 398 398 void kvm_handle_s1e2_tlbi(struct kvm_vcpu *vcpu, u32 inst, u64 val); 399 399 400 + u16 get_asid_by_regime(struct kvm_vcpu *vcpu, enum trans_regime regime); 401 + 400 402 #define vncr_fixmap(c) \ 401 403 ({ \ 402 404 u32 __c = (c); \

+2 -25

arch/arm64/kvm/at.c

··· 540 540 wr->pa |= va & GENMASK_ULL(va_bottom - 1, 0); 541 541 542 542 wr->nG = (wi->regime != TR_EL2) && (desc & PTE_NG); 543 - if (wr->nG) { 544 - u64 asid_ttbr, tcr; 545 - 546 - switch (wi->regime) { 547 - case TR_EL10: 548 - tcr = vcpu_read_sys_reg(vcpu, TCR_EL1); 549 - asid_ttbr = ((tcr & TCR_A1) ? 550 - vcpu_read_sys_reg(vcpu, TTBR1_EL1) : 551 - vcpu_read_sys_reg(vcpu, TTBR0_EL1)); 552 - break; 553 - case TR_EL20: 554 - tcr = vcpu_read_sys_reg(vcpu, TCR_EL2); 555 - asid_ttbr = ((tcr & TCR_A1) ? 556 - vcpu_read_sys_reg(vcpu, TTBR1_EL2) : 557 - vcpu_read_sys_reg(vcpu, TTBR0_EL2)); 558 - break; 559 - default: 560 - BUG(); 561 - } 562 - 563 - wr->asid = FIELD_GET(TTBR_ASID_MASK, asid_ttbr); 564 - if (!kvm_has_feat_enum(vcpu->kvm, ID_AA64MMFR0_EL1, ASIDBITS, 16) || 565 - !(tcr & TCR_ASID16)) 566 - wr->asid &= GENMASK(7, 0); 567 - } 543 + if (wr->nG) 544 + wr->asid = get_asid_by_regime(vcpu, wi->regime); 568 545 569 546 return 0; 570 547

+34 -3

arch/arm64/kvm/hyp/nvhe/pkvm.c

··· 342 342 /* No restrictions for non-protected VMs. */ 343 343 if (!kvm_vm_is_protected(kvm)) { 344 344 hyp_vm->kvm.arch.flags = host_arch_flags; 345 + hyp_vm->kvm.arch.flags &= ~BIT_ULL(KVM_ARCH_FLAG_ID_REGS_INITIALIZED); 345 346 346 347 bitmap_copy(kvm->arch.vcpu_features, 347 348 host_kvm->arch.vcpu_features, ··· 392 391 if (!vcpu_has_feature(&hyp_vcpu->vcpu, KVM_ARM_VCPU_SVE)) 393 392 return; 394 393 395 - sve_state = kern_hyp_va(hyp_vcpu->vcpu.arch.sve_state); 394 + sve_state = hyp_vcpu->vcpu.arch.sve_state; 396 395 hyp_unpin_shared_mem(sve_state, 397 396 sve_state + vcpu_sve_state_size(&hyp_vcpu->vcpu)); 398 397 } ··· 472 471 return ret; 473 472 } 474 473 474 + static int vm_copy_id_regs(struct pkvm_hyp_vcpu *hyp_vcpu) 475 + { 476 + struct pkvm_hyp_vm *hyp_vm = pkvm_hyp_vcpu_to_hyp_vm(hyp_vcpu); 477 + const struct kvm *host_kvm = hyp_vm->host_kvm; 478 + struct kvm *kvm = &hyp_vm->kvm; 479 + 480 + if (!test_bit(KVM_ARCH_FLAG_ID_REGS_INITIALIZED, &host_kvm->arch.flags)) 481 + return -EINVAL; 482 + 483 + if (test_and_set_bit(KVM_ARCH_FLAG_ID_REGS_INITIALIZED, &kvm->arch.flags)) 484 + return 0; 485 + 486 + memcpy(kvm->arch.id_regs, host_kvm->arch.id_regs, sizeof(kvm->arch.id_regs)); 487 + 488 + return 0; 489 + } 490 + 491 + static int pkvm_vcpu_init_sysregs(struct pkvm_hyp_vcpu *hyp_vcpu) 492 + { 493 + int ret = 0; 494 + 495 + if (pkvm_hyp_vcpu_is_protected(hyp_vcpu)) 496 + kvm_init_pvm_id_regs(&hyp_vcpu->vcpu); 497 + else 498 + ret = vm_copy_id_regs(hyp_vcpu); 499 + 500 + return ret; 501 + } 502 + 475 503 static int init_pkvm_hyp_vcpu(struct pkvm_hyp_vcpu *hyp_vcpu, 476 504 struct pkvm_hyp_vm *hyp_vm, 477 505 struct kvm_vcpu *host_vcpu) ··· 520 490 hyp_vcpu->vcpu.arch.cflags = READ_ONCE(host_vcpu->arch.cflags); 521 491 hyp_vcpu->vcpu.arch.mp_state.mp_state = KVM_MP_STATE_STOPPED; 522 492 523 - if (pkvm_hyp_vcpu_is_protected(hyp_vcpu)) 524 - kvm_init_pvm_id_regs(&hyp_vcpu->vcpu); 493 + ret = pkvm_vcpu_init_sysregs(hyp_vcpu); 494 + if (ret) 495 + goto done; 525 496 526 497 ret = pkvm_vcpu_init_traps(hyp_vcpu); 527 498 if (ret)

+5 -7

arch/arm64/kvm/mmu.c

··· 1754 1754 } 1755 1755 1756 1756 /* 1757 - * Both the canonical IPA and fault IPA must be hugepage-aligned to 1758 - * ensure we find the right PFN and lay down the mapping in the right 1759 - * place. 1757 + * Both the canonical IPA and fault IPA must be aligned to the 1758 + * mapping size to ensure we find the right PFN and lay down the 1759 + * mapping in the right place. 1760 1760 */ 1761 - if (vma_pagesize == PMD_SIZE || vma_pagesize == PUD_SIZE) { 1762 - fault_ipa &= ~(vma_pagesize - 1); 1763 - ipa &= ~(vma_pagesize - 1); 1764 - } 1761 + fault_ipa = ALIGN_DOWN(fault_ipa, vma_pagesize); 1762 + ipa = ALIGN_DOWN(ipa, vma_pagesize); 1765 1763 1766 1764 gfn = ipa >> PAGE_SHIFT; 1767 1765 mte_allowed = kvm_vma_mte_allowed(vma);

+31 -32

arch/arm64/kvm/nested.c

··· 854 854 return kvm_inject_nested_sync(vcpu, esr_el2); 855 855 } 856 856 857 + u16 get_asid_by_regime(struct kvm_vcpu *vcpu, enum trans_regime regime) 858 + { 859 + enum vcpu_sysreg ttbr_elx; 860 + u64 tcr; 861 + u16 asid; 862 + 863 + switch (regime) { 864 + case TR_EL10: 865 + tcr = vcpu_read_sys_reg(vcpu, TCR_EL1); 866 + ttbr_elx = (tcr & TCR_A1) ? TTBR1_EL1 : TTBR0_EL1; 867 + break; 868 + case TR_EL20: 869 + tcr = vcpu_read_sys_reg(vcpu, TCR_EL2); 870 + ttbr_elx = (tcr & TCR_A1) ? TTBR1_EL2 : TTBR0_EL2; 871 + break; 872 + default: 873 + BUG(); 874 + } 875 + 876 + asid = FIELD_GET(TTBRx_EL1_ASID, vcpu_read_sys_reg(vcpu, ttbr_elx)); 877 + if (!kvm_has_feat_enum(vcpu->kvm, ID_AA64MMFR0_EL1, ASIDBITS, 16) || 878 + !(tcr & TCR_ASID16)) 879 + asid &= GENMASK(7, 0); 880 + 881 + return asid; 882 + } 883 + 857 884 static void invalidate_vncr(struct vncr_tlb *vt) 858 885 { 859 886 vt->valid = false; ··· 1181 1154 { 1182 1155 int i; 1183 1156 1184 - if (!kvm->arch.nested_mmus_size) 1185 - return; 1186 - 1187 1157 for (i = 0; i < kvm->arch.nested_mmus_size; i++) { 1188 1158 struct kvm_s2_mmu *mmu = &kvm->arch.nested_mmus[i]; 1189 1159 ··· 1360 1336 if (read_vncr_el2(vcpu) != vt->gva) 1361 1337 return false; 1362 1338 1363 - if (vt->wr.nG) { 1364 - u64 tcr = vcpu_read_sys_reg(vcpu, TCR_EL2); 1365 - u64 ttbr = ((tcr & TCR_A1) ? 1366 - vcpu_read_sys_reg(vcpu, TTBR1_EL2) : 1367 - vcpu_read_sys_reg(vcpu, TTBR0_EL2)); 1368 - u16 asid; 1369 - 1370 - asid = FIELD_GET(TTBR_ASID_MASK, ttbr); 1371 - if (!kvm_has_feat_enum(vcpu->kvm, ID_AA64MMFR0_EL1, ASIDBITS, 16) || 1372 - !(tcr & TCR_ASID16)) 1373 - asid &= GENMASK(7, 0); 1374 - 1375 - return asid == vt->wr.asid; 1376 - } 1339 + if (vt->wr.nG) 1340 + return get_asid_by_regime(vcpu, TR_EL20) == vt->wr.asid; 1377 1341 1378 1342 return true; 1379 1343 } ··· 1464 1452 if (read_vncr_el2(vcpu) != vt->gva) 1465 1453 return; 1466 1454 1467 - if (vt->wr.nG) { 1468 - u64 tcr = vcpu_read_sys_reg(vcpu, TCR_EL2); 1469 - u64 ttbr = ((tcr & TCR_A1) ? 1470 - vcpu_read_sys_reg(vcpu, TTBR1_EL2) : 1471 - vcpu_read_sys_reg(vcpu, TTBR0_EL2)); 1472 - u16 asid; 1473 - 1474 - asid = FIELD_GET(TTBR_ASID_MASK, ttbr); 1475 - if (!kvm_has_feat_enum(vcpu->kvm, ID_AA64MMFR0_EL1, ASIDBITS, 16) || 1476 - !(tcr & TCR_ASID16)) 1477 - asid &= GENMASK(7, 0); 1478 - 1479 - if (asid != vt->wr.asid) 1480 - return; 1481 - } 1455 + if (vt->wr.nG && get_asid_by_regime(vcpu, TR_EL20) != vt->wr.asid) 1456 + return; 1482 1457 1483 1458 vt->cpu = smp_processor_id(); 1484 1459

arch/arm64/kvm/sys_regs.c

··· 1816 1816 ID_AA64MMFR3_EL1_SCTLRX | 1817 1817 ID_AA64MMFR3_EL1_S1POE | 1818 1818 ID_AA64MMFR3_EL1_S1PIE; 1819 + 1820 + if (!system_supports_poe()) 1821 + val &= ~ID_AA64MMFR3_EL1_S1POE; 1819 1822 break; 1820 1823 case SYS_ID_MMFR4_EL1: 1821 1824 val &= ~ID_MMFR4_EL1_CCIDX;

+1 -1

drivers/irqchip/irq-gic-v5-irs.c

··· 699 699 */ 700 700 if (list_empty(&irs_nodes)) { 701 701 idr = irs_readl_relaxed(irs_data, GICV5_IRS_IDR0); 702 - gicv5_global_data.virt_capable = !FIELD_GET(GICV5_IRS_IDR0_VIRT, idr); 702 + gicv5_global_data.virt_capable = !!FIELD_GET(GICV5_IRS_IDR0_VIRT, idr); 703 703 704 704 idr = irs_readl_relaxed(irs_data, GICV5_IRS_IDR1); 705 705 irs_setup_pri_bits(idr);