Currently read_sanitised_id_aa64dfr0_el1() caps the ID_AA64DFR0.DebugVer to
ID_AA64DFR0_DebugVer_V8P8, resulting in FEAT_Debugv8p9 not being exposed to
the guest. MDSELR_EL1 register access in the guest, is currently trapped by
the existing configuration of the fine-grained traps.
As the register is not described in sys_reg_descs[] table emulate_sys_reg()
will warn that this is unknown access before injecting an UNDEFINED
exception into the guest. Any well-behaved guests shouldn't try to use this
register, but any badly-behaved guests could, thus resulting in unnecessary
warnings. To avoid such warnings, access to MDSELR_EL1 should be explicitly
handled as UNDEFINED via updating sys_reg_desc[] as required.
Cc: Marc Zyngier <maz@kernel.org>
Cc: Oliver Upton <oliver.upton@linux.dev>
Cc: James Morse <james.morse@arm.com>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Cc: linux-arm-kernel@lists.infradead.org
Cc: kvmarm@lists.linux.dev
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Anshuman Khandual <anshuman.khandual@arm.com>
---
arch/arm64/kvm/sys_regs.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
index c9f4f387155f..2956bdcd358e 100644
--- a/arch/arm64/kvm/sys_regs.c
+++ b/arch/arm64/kvm/sys_regs.c
@@ -2203,6 +2203,7 @@ static const struct sys_reg_desc sys_reg_descs[] = {
{ SYS_DESC(SYS_MDSCR_EL1), trap_debug_regs, reset_val, MDSCR_EL1, 0 },
DBG_BCR_BVR_WCR_WVR_EL1(2),
DBG_BCR_BVR_WCR_WVR_EL1(3),
+ { SYS_DESC(SYS_MDSELR_EL1), undef_access },
DBG_BCR_BVR_WCR_WVR_EL1(4),
DBG_BCR_BVR_WCR_WVR_EL1(5),
DBG_BCR_BVR_WCR_WVR_EL1(6),
--
2.25.1On Fri, 05 Apr 2024 09:00:05 +0100, Anshuman Khandual <anshuman.khandual@arm.com> wrote: > > Currently read_sanitised_id_aa64dfr0_el1() caps the ID_AA64DFR0.DebugVer to > ID_AA64DFR0_DebugVer_V8P8, resulting in FEAT_Debugv8p9 not being exposed to > the guest. MDSELR_EL1 register access in the guest, is currently trapped by > the existing configuration of the fine-grained traps. Please add support for the HDFGxTR2_EL2 registers in the trap routing arrays, add support for the corresponding FGUs in the corresponding structure, and condition the UNDEF on the lack of *guest* support for the feature. In short, implement the architecture as described in the pseudocode, and not a cheap shortcut. Thanks, M. -- Without deviation from the norm, progress is not possible.
On 4/5/24 15:45, Marc Zyngier wrote:
> On Fri, 05 Apr 2024 09:00:05 +0100,
> Anshuman Khandual <anshuman.khandual@arm.com> wrote:
>>
>> Currently read_sanitised_id_aa64dfr0_el1() caps the ID_AA64DFR0.DebugVer to
>> ID_AA64DFR0_DebugVer_V8P8, resulting in FEAT_Debugv8p9 not being exposed to
>> the guest. MDSELR_EL1 register access in the guest, is currently trapped by
>> the existing configuration of the fine-grained traps.
>
> Please add support for the HDFGxTR2_EL2 registers in the trap routing
> arrays, add support for the corresponding FGUs in the corresponding
Afraid that I might not have enough background here to sufficiently understand
your suggestion above, but nonetheless here is an attempt in this regard.
- Add HDFGRTR2_EL2/HDFGWTR2_EL2 to enum vcpu_sysreg
enum vcpu_sysreg {
..........
VNCR(HDFGRTR2_EL2),
VNCR(HDFGWTR2_EL2),
..........
}
- Add their VNCR mappings addresses
#define VNCR_HDFGRTR2_EL2 0x1A0
#define VNCR_HDFGWTR2_EL2 0x1B0
- Add HDFGRTR2_EL2/HDFGWTR2_EL2 to sys_reg_descs[]
static const struct sys_reg_desc sys_reg_descs[] = {
..........
EL2_REG_VNCR(HDFGRTR2_EL2, reset_val, 0),
EL2_REG_VNCR(HDFGWTR2_EL2, reset_val, 0),
..........
}
- Add HDFGRTR2_GROUP to enum fgt_group_id
- Add HDFGRTR2_GROUP to reg_to_fgt_group_id()
- Update triage_sysreg_trap() for HDFGRTR2_GROUP
- Update __activate_traps_hfgxtr() both for HDFGRTR2_EL2 and HDFGWTR2_EL2
- Updated __deactivate_traps_hfgxtr() both for HDFGRTR2_EL2 and HDFGWTR2_EL2
> structure, and condition the UNDEF on the lack of *guest* support for
> the feature.
Does something like the following looks OK for preventing guest access into
MDSELR_EL1 instead ?
--- a/arch/arm64/kvm/sys_regs.c
+++ b/arch/arm64/kvm/sys_regs.c
@@ -1711,6 +1711,19 @@ static u64 read_sanitised_id_aa64dfr0_el1(struct kvm_vcpu *vcpu,
return val;
}
+static bool trap_mdselr_el1(struct kvm_vcpu *vcpu,
+ struct sys_reg_params *p,
+ const struct sys_reg_desc *r)
+{
+ u64 dfr0 = read_sanitised_id_aa64dfr0_el1(vcpu, r);
+ int dver = cpuid_feature_extract_unsigned_field(dfr0, ID_AA64DFR0_EL1_DebugVer_SHIFT);
+
+ if (dver != ID_AA64DFR0_EL1_DebugVer_V8P9)
+ return undef_access(vcpu, p, r);
+
+ return true;
+}
+
static int set_id_aa64dfr0_el1(struct kvm_vcpu *vcpu,
const struct sys_reg_desc *rd,
u64 val)
@@ -2203,7 +2216,7 @@ static const struct sys_reg_desc sys_reg_descs[] = {
{ SYS_DESC(SYS_MDSCR_EL1), trap_debug_regs, reset_val, MDSCR_EL1, 0 },
DBG_BCR_BVR_WCR_WVR_EL1(2),
DBG_BCR_BVR_WCR_WVR_EL1(3),
- { SYS_DESC(SYS_MDSELR_EL1), undef_access },
+ { SYS_DESC(SYS_MDSELR_EL1), trap_mdselr_el1 },
DBG_BCR_BVR_WCR_WVR_EL1(4),
DBG_BCR_BVR_WCR_WVR_EL1(5),
DBG_BCR_BVR_WCR_WVR_EL1(6),
I am sure this is rather incomplete, but will really appreciate if you could
provide some details and pointers.
>
> In short, implement the architecture as described in the pseudocode,
> and not a cheap shortcut.
>
> Thanks,
>
> M.
>
On Fri, 12 Apr 2024 03:41:23 +0100,
Anshuman Khandual <anshuman.khandual@arm.com> wrote:
>
>
>
> On 4/5/24 15:45, Marc Zyngier wrote:
> > On Fri, 05 Apr 2024 09:00:05 +0100,
> > Anshuman Khandual <anshuman.khandual@arm.com> wrote:
> >>
> >> Currently read_sanitised_id_aa64dfr0_el1() caps the ID_AA64DFR0.DebugVer to
> >> ID_AA64DFR0_DebugVer_V8P8, resulting in FEAT_Debugv8p9 not being exposed to
> >> the guest. MDSELR_EL1 register access in the guest, is currently trapped by
> >> the existing configuration of the fine-grained traps.
> >
> > Please add support for the HDFGxTR2_EL2 registers in the trap routing
> > arrays, add support for the corresponding FGUs in the corresponding
>
> Afraid that I might not have enough background here to sufficiently understand
> your suggestion above, but nonetheless here is an attempt in this regard.
Thanks for at least giving it a try, this is *MUCH* appreciated.
>
> - Add HDFGRTR2_EL2/HDFGWTR2_EL2 to enum vcpu_sysreg
> enum vcpu_sysreg {
> ..........
> VNCR(HDFGRTR2_EL2),
> VNCR(HDFGWTR2_EL2),
> ..........
> }
Yes.
>
> - Add their VNCR mappings addresses
>
> #define VNCR_HDFGRTR2_EL2 0x1A0
> #define VNCR_HDFGWTR2_EL2 0x1B0
Yes.
>
> - Add HDFGRTR2_EL2/HDFGWTR2_EL2 to sys_reg_descs[]
>
> static const struct sys_reg_desc sys_reg_descs[] = {
> ..........
> EL2_REG_VNCR(HDFGRTR2_EL2, reset_val, 0),
> EL2_REG_VNCR(HDFGWTR2_EL2, reset_val, 0),
> ..........
> }
Yes
>
> - Add HDFGRTR2_GROUP to enum fgt_group_id
> - Add HDFGRTR2_GROUP to reg_to_fgt_group_id()
> - Update triage_sysreg_trap() for HDFGRTR2_GROUP
> - Update __activate_traps_hfgxtr() both for HDFGRTR2_EL2 and HDFGWTR2_EL2
> - Updated __deactivate_traps_hfgxtr() both for HDFGRTR2_EL2 and HDFGWTR2_EL2
Yes. Don't miss check_fgt_bit() though. You also need to update
kvm_init_nv_sysregs() to ensure that these new registers have the
correct RES0/RES1 behaviour depending on the supported feature set for
the guest.
>
> > structure, and condition the UNDEF on the lack of *guest* support for
> > the feature.
>
> Does something like the following looks OK for preventing guest access into
> MDSELR_EL1 instead ?
>
> --- a/arch/arm64/kvm/sys_regs.c
> +++ b/arch/arm64/kvm/sys_regs.c
> @@ -1711,6 +1711,19 @@ static u64 read_sanitised_id_aa64dfr0_el1(struct kvm_vcpu *vcpu,
> return val;
> }
>
> +static bool trap_mdselr_el1(struct kvm_vcpu *vcpu,
> + struct sys_reg_params *p,
> + const struct sys_reg_desc *r)
> +{
> + u64 dfr0 = read_sanitised_id_aa64dfr0_el1(vcpu, r);
> + int dver = cpuid_feature_extract_unsigned_field(dfr0, ID_AA64DFR0_EL1_DebugVer_SHIFT);
> +
> + if (dver != ID_AA64DFR0_EL1_DebugVer_V8P9)
> + return undef_access(vcpu, p, r);
This is very cumbersome, and we now have a much better infrastructure
for the stuff that is handled with FGTs, see below.
> +
> + return true;
> +}
> +
> static int set_id_aa64dfr0_el1(struct kvm_vcpu *vcpu,
> const struct sys_reg_desc *rd,
> u64 val)
> @@ -2203,7 +2216,7 @@ static const struct sys_reg_desc sys_reg_descs[] = {
> { SYS_DESC(SYS_MDSCR_EL1), trap_debug_regs, reset_val, MDSCR_EL1, 0 },
> DBG_BCR_BVR_WCR_WVR_EL1(2),
> DBG_BCR_BVR_WCR_WVR_EL1(3),
> - { SYS_DESC(SYS_MDSELR_EL1), undef_access },
> + { SYS_DESC(SYS_MDSELR_EL1), trap_mdselr_el1 },
> DBG_BCR_BVR_WCR_WVR_EL1(4),
> DBG_BCR_BVR_WCR_WVR_EL1(5),
> DBG_BCR_BVR_WCR_WVR_EL1(6),
>
> I am sure this is rather incomplete, but will really appreciate if you could
> provide some details and pointers.
What is missing is the Fine-Grained-Undef part. You need to update
kvm_init_sysreg() so that kvm->arch.fgu[HDFGRTR2_GROUP] has all the
correct bits set for anything that needs to UNDEF depending on the
guest configuration.
For example, in your case, I'd expect to see something like:
if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, DebugVer, V8P9))
kvm->arch.fgu[HDFGRTR2_GROUP] |= ~(HDFGRTR2_EL2_nMDSELR_EL1 | [...]);
Then allowing the feature becomes conditioned on the bit being clear,
and the trap handler only needs to deal with the actual emulation, and
not the feature checking.
I appreciate that this is a lot to swallow, but I'd be very happy to
review patches implementing this and provide guidance. It is all
pretty simple, just that there is a lot of parts all over the place.
In the end, this is only about following the architecture.
Thanks again,
M.
--
Without deviation from the norm, progress is not possible.
On 4/12/24 16:35, Marc Zyngier wrote:
> On Fri, 12 Apr 2024 03:41:23 +0100,
> Anshuman Khandual <anshuman.khandual@arm.com> wrote:
>>
>>
>>
>> On 4/5/24 15:45, Marc Zyngier wrote:
>>> On Fri, 05 Apr 2024 09:00:05 +0100,
>>> Anshuman Khandual <anshuman.khandual@arm.com> wrote:
>>>>
>>>> Currently read_sanitised_id_aa64dfr0_el1() caps the ID_AA64DFR0.DebugVer to
>>>> ID_AA64DFR0_DebugVer_V8P8, resulting in FEAT_Debugv8p9 not being exposed to
>>>> the guest. MDSELR_EL1 register access in the guest, is currently trapped by
>>>> the existing configuration of the fine-grained traps.
>>>
>>> Please add support for the HDFGxTR2_EL2 registers in the trap routing
>>> arrays, add support for the corresponding FGUs in the corresponding
>>
>> Afraid that I might not have enough background here to sufficiently understand
>> your suggestion above, but nonetheless here is an attempt in this regard.
>
> Thanks for at least giving it a try, this is *MUCH* appreciated.
>
>>
>> - Add HDFGRTR2_EL2/HDFGWTR2_EL2 to enum vcpu_sysreg
>> enum vcpu_sysreg {
>> ..........
>> VNCR(HDFGRTR2_EL2),
>> VNCR(HDFGWTR2_EL2),
>> ..........
>> }
>
> Yes.
>
>>
>> - Add their VNCR mappings addresses
>>
>> #define VNCR_HDFGRTR2_EL2 0x1A0
>> #define VNCR_HDFGWTR2_EL2 0x1B0
>
> Yes.
>
>>
>> - Add HDFGRTR2_EL2/HDFGWTR2_EL2 to sys_reg_descs[]
>>
>> static const struct sys_reg_desc sys_reg_descs[] = {
>> ..........
>> EL2_REG_VNCR(HDFGRTR2_EL2, reset_val, 0),
>> EL2_REG_VNCR(HDFGWTR2_EL2, reset_val, 0),
>> ..........
>> }
>
> Yes
>
>>
>> - Add HDFGRTR2_GROUP to enum fgt_group_id
>> - Add HDFGRTR2_GROUP to reg_to_fgt_group_id()
>> - Update triage_sysreg_trap() for HDFGRTR2_GROUP
>> - Update __activate_traps_hfgxtr() both for HDFGRTR2_EL2 and HDFGWTR2_EL2
>> - Updated __deactivate_traps_hfgxtr() both for HDFGRTR2_EL2 and HDFGWTR2_EL2
>
> Yes. Don't miss check_fgt_bit() though. You also need to update
Right, added the following in there.
case HDFGRTR2_GROUP:
sr = is_read ? HDFGRTR2_EL2 : HDFGWTR2_EL2;
break;
> kvm_init_nv_sysregs() to ensure that these new registers have the
> correct RES0/RES1 behaviour depending on the supported feature set for
> the guest.
Following might be sufficient for MDSELR_EL1, but wondering if these fine
grained control registers (HDFG[RW]TR2_EL2) need to be completely defined
for the entire guest feature set, probably required.
/* HDFG[RW]TR2_EL2 */
res0 = res1 = 0;
if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, DebugVer, V8P9))
res0 |= HDFGRTR2_EL2_nMDSELR_EL1;
set_sysreg_masks(kvm, HDFGRTR2_EL2, res0 | HDFGRTR2_EL2_RES0, res1);
set_sysreg_masks(kvm, HDFGWTR2_EL2, res0 | HDFGWTR2_EL2_RES0, res1);
>
>>
>>> structure, and condition the UNDEF on the lack of *guest* support for
>>> the feature.
>>
>> Does something like the following looks OK for preventing guest access into
>> MDSELR_EL1 instead ?
>>
>> --- a/arch/arm64/kvm/sys_regs.c
>> +++ b/arch/arm64/kvm/sys_regs.c
>> @@ -1711,6 +1711,19 @@ static u64 read_sanitised_id_aa64dfr0_el1(struct kvm_vcpu *vcpu,
>> return val;
>> }
>>
>> +static bool trap_mdselr_el1(struct kvm_vcpu *vcpu,
>> + struct sys_reg_params *p,
>> + const struct sys_reg_desc *r)
>> +{
>> + u64 dfr0 = read_sanitised_id_aa64dfr0_el1(vcpu, r);
>> + int dver = cpuid_feature_extract_unsigned_field(dfr0, ID_AA64DFR0_EL1_DebugVer_SHIFT);
>> +
>> + if (dver != ID_AA64DFR0_EL1_DebugVer_V8P9)
>> + return undef_access(vcpu, p, r);
>
> This is very cumbersome, and we now have a much better infrastructure
> for the stuff that is handled with FGTs, see below.
Okay
>
>> +
>> + return true;
>> +}
>> +
>> static int set_id_aa64dfr0_el1(struct kvm_vcpu *vcpu,
>> const struct sys_reg_desc *rd,
>> u64 val)
>> @@ -2203,7 +2216,7 @@ static const struct sys_reg_desc sys_reg_descs[] = {
>> { SYS_DESC(SYS_MDSCR_EL1), trap_debug_regs, reset_val, MDSCR_EL1, 0 },
>> DBG_BCR_BVR_WCR_WVR_EL1(2),
>> DBG_BCR_BVR_WCR_WVR_EL1(3),
>> - { SYS_DESC(SYS_MDSELR_EL1), undef_access },
>> + { SYS_DESC(SYS_MDSELR_EL1), trap_mdselr_el1 },
>> DBG_BCR_BVR_WCR_WVR_EL1(4),
>> DBG_BCR_BVR_WCR_WVR_EL1(5),
>> DBG_BCR_BVR_WCR_WVR_EL1(6),
>>
>> I am sure this is rather incomplete, but will really appreciate if you could
>> provide some details and pointers.
>
> What is missing is the Fine-Grained-Undef part. You need to update
> kvm_init_sysreg() so that kvm->arch.fgu[HDFGRTR2_GROUP] has all the
> correct bits set for anything that needs to UNDEF depending on the
> guest configuration.
>
> For example, in your case, I'd expect to see something like:
>
> if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, DebugVer, V8P9))
> kvm->arch.fgu[HDFGRTR2_GROUP] |= ~(HDFGRTR2_EL2_nMDSELR_EL1 | [...]);
Understood.
>
> Then allowing the feature becomes conditioned on the bit being clear,
> and the trap handler only needs to deal with the actual emulation, and
> not the feature checking.
Got it.
>
> I appreciate that this is a lot to swallow, but I'd be very happy to
> review patches implementing this and provide guidance. It is all
> pretty simple, just that there is a lot of parts all over the place.
> In the end, this is only about following the architecture.
Sure, will read through all these pointers you have mentioned here,
and be back with an implementation.
>
> Thanks again,
Thanks for the detailed explanation.
>
> M.
>
On Tue, 16 Apr 2024 06:46:13 +0100, Anshuman Khandual <anshuman.khandual@arm.com> wrote: > > On 4/12/24 16:35, Marc Zyngier wrote: > > kvm_init_nv_sysregs() to ensure that these new registers have the > > correct RES0/RES1 behaviour depending on the supported feature set for > > the guest. > > Following might be sufficient for MDSELR_EL1, but wondering if these fine > grained control registers (HDFG[RW]TR2_EL2) need to be completely defined > for the entire guest feature set, probably required. Yes, you should check for all features defining a valid bit in these registers, and apply the correct mask if the feature isn't advertised to the guest, even if KVM doesn't currently support the feature at all. This is a bit cumbersome at first, but we don't have to revisit it when the feature gets enabled, which is a massive maintainability improvement. It also means that we just have to read the documentation and match it against the code, which should be pretty trivial. > > /* HDFG[RW]TR2_EL2 */ > res0 = res1 = 0; > if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, DebugVer, V8P9)) > res0 |= HDFGRTR2_EL2_nMDSELR_EL1; > set_sysreg_masks(kvm, HDFGRTR2_EL2, res0 | HDFGRTR2_EL2_RES0, res1); > set_sysreg_masks(kvm, HDFGWTR2_EL2, res0 | HDFGWTR2_EL2_RES0, res1); Yup, this looks sensible for that particular bit. A few more to go... ;-) Thanks, M. -- Without deviation from the norm, progress is not possible.
© 2016 - 2026 Red Hat, Inc.