From nobody Sun Feb 8 02:41:23 2026 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 60A5A1C7284; Fri, 4 Oct 2024 15:31:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728055888; cv=none; b=m7BAVMT7hx3VsUmeVTe79ZLuFsykkTE2PCubhFhUQKOensDd14MAjjRIN4wrFL00j5P2F3lu5GXOXQFc+CbtJHKsWZdUKqhGBs62fC7be8Y1hnUv1+AOadPVtnSloiOE6BPw2NIYVArOwDed75nvKEeISm3SBT6csT/IuJxyeSk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728055888; c=relaxed/simple; bh=nL2rOZfjdtzhDaJnOe0yeGfldoeeU0yB98NYJAzW6BQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=baBJpw2COQ5GwD8z7x6imX4XorGouetyf8FAsZg23sssPSp6TzMfLvRnTAX5HxLSb6fBWl01281RqXEbjjv+mCpsTMoixNoVjweGHZdHc4QtA1y6DEZ21qXgxTwCU3YXioeuMZ1kmJKgbyz253jVAgZitMugYnn9rtH1i0RWbL0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8846F150C; Fri, 4 Oct 2024 08:31:56 -0700 (PDT) Received: from e122027.cambridge.arm.com (unknown [10.1.25.25]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id A253F3F640; Fri, 4 Oct 2024 08:31:22 -0700 (PDT) From: Steven Price To: kvm@vger.kernel.org, kvmarm@lists.linux.dev Cc: Jean-Philippe Brucker , Catalin Marinas , Marc Zyngier , Will Deacon , James Morse , Oliver Upton , Suzuki K Poulose , Zenghui Yu , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Joey Gouly , Alexandru Elisei , Christoffer Dall , Fuad Tabba , linux-coco@lists.linux.dev, Ganapatrao Kulkarni , Gavin Shan , Shanker Donthineni , Alper Gun , "Aneesh Kumar K . V" , Steven Price Subject: [PATCH v5 41/43] arm64: RME: Provide accurate register list Date: Fri, 4 Oct 2024 16:28:02 +0100 Message-Id: <20241004152804.72508-42-steven.price@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241004152804.72508-1-steven.price@arm.com> References: <20241004152804.72508-1-steven.price@arm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jean-Philippe Brucker Userspace can set a few registers with KVM_SET_ONE_REG (9 GP registers at runtime, and 3 system registers during initialization). Update the register list returned by KVM_GET_REG_LIST. Signed-off-by: Jean-Philippe Brucker Signed-off-by: Steven Price --- arch/arm64/kvm/guest.c | 40 ++++++++++++++++++------- arch/arm64/kvm/hypercalls.c | 4 +-- arch/arm64/kvm/sys_regs.c | 58 ++++++++++++++++++++++++++++--------- 3 files changed, 75 insertions(+), 27 deletions(-) diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c index 4647240b7eaa..2ab788d3a4db 100644 --- a/arch/arm64/kvm/guest.c +++ b/arch/arm64/kvm/guest.c @@ -73,6 +73,17 @@ static u64 core_reg_offset_from_id(u64 id) return id & ~(KVM_REG_ARCH_MASK | KVM_REG_SIZE_MASK | KVM_REG_ARM_CORE); } =20 +static bool kvm_realm_validate_core_reg(u64 off) +{ + switch (off) { + case KVM_REG_ARM_CORE_REG(regs.regs[0]) ... + KVM_REG_ARM_CORE_REG(regs.regs[7]): + case KVM_REG_ARM_CORE_REG(regs.pc): + return true; + } + return false; +} + static int core_reg_size_from_offset(const struct kvm_vcpu *vcpu, u64 off) { int size; @@ -115,6 +126,9 @@ static int core_reg_size_from_offset(const struct kvm_v= cpu *vcpu, u64 off) if (vcpu_has_sve(vcpu) && core_reg_offset_is_vreg(off)) return -EINVAL; =20 + if (kvm_is_realm(vcpu->kvm) && !kvm_realm_validate_core_reg(off)) + return -EPERM; + return size; } =20 @@ -600,8 +614,6 @@ static const u64 timer_reg_list[] =3D { KVM_REG_ARM_PTIMER_CVAL, }; =20 -#define NUM_TIMER_REGS ARRAY_SIZE(timer_reg_list) - static bool is_timer_reg(u64 index) { switch (index) { @@ -616,9 +628,14 @@ static bool is_timer_reg(u64 index) return false; } =20 +static unsigned long num_timer_regs(struct kvm_vcpu *vcpu) +{ + return kvm_is_realm(vcpu->kvm) ? 0 : ARRAY_SIZE(timer_reg_list); +} + static int copy_timer_indices(struct kvm_vcpu *vcpu, u64 __user *uindices) { - for (int i =3D 0; i < NUM_TIMER_REGS; i++) { + for (int i =3D 0; i < num_timer_regs(vcpu); i++) { if (put_user(timer_reg_list[i], uindices)) return -EFAULT; uindices++; @@ -656,6 +673,9 @@ static unsigned long num_sve_regs(const struct kvm_vcpu= *vcpu) if (!vcpu_has_sve(vcpu) || !kvm_arm_vcpu_sve_finalized(vcpu)) return 0; =20 + if (kvm_is_realm(vcpu->kvm)) + return 1; /* KVM_REG_ARM64_SVE_VLS */ + return slices * (SVE_NUM_PREGS + SVE_NUM_ZREGS + 1 /* FFR */) + 1; /* KVM_REG_ARM64_SVE_VLS */ } @@ -683,6 +703,9 @@ static int copy_sve_reg_indices(const struct kvm_vcpu *= vcpu, return -EFAULT; ++num_regs; =20 + if (kvm_is_realm(vcpu->kvm)) + return num_regs; + for (i =3D 0; i < slices; i++) { for (n =3D 0; n < SVE_NUM_ZREGS; n++) { reg =3D KVM_REG_ARM64_SVE_ZREG(n, i); @@ -721,7 +744,7 @@ unsigned long kvm_arm_num_regs(struct kvm_vcpu *vcpu) res +=3D num_sve_regs(vcpu); res +=3D kvm_arm_num_sys_reg_descs(vcpu); res +=3D kvm_arm_get_fw_num_regs(vcpu); - res +=3D NUM_TIMER_REGS; + res +=3D num_timer_regs(vcpu); =20 return res; } @@ -755,7 +778,7 @@ int kvm_arm_copy_reg_indices(struct kvm_vcpu *vcpu, u64= __user *uindices) ret =3D copy_timer_indices(vcpu, uindices); if (ret < 0) return ret; - uindices +=3D NUM_TIMER_REGS; + uindices +=3D num_timer_regs(vcpu); =20 return kvm_arm_copy_sys_reg_indices(vcpu, uindices); } @@ -795,12 +818,7 @@ static bool validate_realm_set_reg(struct kvm_vcpu *vc= pu, if ((reg->id & KVM_REG_ARM_COPROC_MASK) =3D=3D KVM_REG_ARM_CORE) { u64 off =3D core_reg_offset_from_id(reg->id); =20 - switch (off) { - case KVM_REG_ARM_CORE_REG(regs.regs[0]) ... - KVM_REG_ARM_CORE_REG(regs.regs[7]): - case KVM_REG_ARM_CORE_REG(regs.pc): - return true; - } + return kvm_realm_validate_core_reg(off); } else { switch (reg->id) { case KVM_REG_ARM_PMCR_EL0: diff --git a/arch/arm64/kvm/hypercalls.c b/arch/arm64/kvm/hypercalls.c index 5763d979d8ca..28b4166cf234 100644 --- a/arch/arm64/kvm/hypercalls.c +++ b/arch/arm64/kvm/hypercalls.c @@ -407,14 +407,14 @@ void kvm_arm_teardown_hypercalls(struct kvm *kvm) =20 int kvm_arm_get_fw_num_regs(struct kvm_vcpu *vcpu) { - return ARRAY_SIZE(kvm_arm_fw_reg_ids); + return kvm_is_realm(vcpu->kvm) ? 0 : ARRAY_SIZE(kvm_arm_fw_reg_ids); } =20 int kvm_arm_copy_fw_reg_indices(struct kvm_vcpu *vcpu, u64 __user *uindice= s) { int i; =20 - for (i =3D 0; i < ARRAY_SIZE(kvm_arm_fw_reg_ids); i++) { + for (i =3D 0; i < kvm_arm_get_fw_num_regs(vcpu); i++) { if (put_user(kvm_arm_fw_reg_ids[i], uindices++)) return -EFAULT; } diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index 5ebc71d90356..2ca3163185ec 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -4454,18 +4454,18 @@ int kvm_arm_sys_reg_set_reg(struct kvm_vcpu *vcpu, = const struct kvm_one_reg *reg sys_reg_descs, ARRAY_SIZE(sys_reg_descs)); } =20 -static unsigned int num_demux_regs(void) +static unsigned int num_demux_regs(struct kvm_vcpu *vcpu) { - return CSSELR_MAX; + return kvm_is_realm(vcpu->kvm) ? 0 : CSSELR_MAX; } =20 -static int write_demux_regids(u64 __user *uindices) +static int write_demux_regids(struct kvm_vcpu *vcpu, u64 __user *uindices) { u64 val =3D KVM_REG_ARM64 | KVM_REG_SIZE_U32 | KVM_REG_ARM_DEMUX; unsigned int i; =20 val |=3D KVM_REG_ARM_DEMUX_ID_CCSIDR; - for (i =3D 0; i < CSSELR_MAX; i++) { + for (i =3D 0; i < num_demux_regs(vcpu); i++) { if (put_user(val | i, uindices)) return -EFAULT; uindices++; @@ -4473,6 +4473,23 @@ static int write_demux_regids(u64 __user *uindices) return 0; } =20 +static unsigned int num_invariant_regs(struct kvm_vcpu *vcpu) +{ + return kvm_is_realm(vcpu->kvm) ? 0 : ARRAY_SIZE(invariant_sys_regs); +} + +static int write_invariant_regids(struct kvm_vcpu *vcpu, u64 __user *uindi= ces) +{ + unsigned int i; + + for (i =3D 0; i < num_invariant_regs(vcpu); i++) { + if (put_user(sys_reg_to_index(&invariant_sys_regs[i]), uindices)) + return -EFAULT; + uindices++; + } + return 0; +} + static u64 sys_reg_to_index(const struct sys_reg_desc *reg) { return (KVM_REG_ARM64 | KVM_REG_SIZE_U64 | @@ -4496,11 +4513,27 @@ static bool copy_reg_to_user(const struct sys_reg_d= esc *reg, u64 __user **uind) return true; } =20 +static bool kvm_realm_sys_reg_hidden_user(const struct kvm_vcpu *vcpu, u64= reg) +{ + if (!kvm_is_realm(vcpu->kvm)) + return false; + + switch (reg) { + case SYS_ID_AA64DFR0_EL1: + case SYS_PMCR_EL0: + return false; + } + return true; +} + static int walk_one_sys_reg(const struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd, u64 __user **uind, unsigned int *total) { + if (kvm_realm_sys_reg_hidden_user(vcpu, reg_to_encoding(rd))) + return 0; + /* * Ignore registers we trap but don't save, * and for which no custom user accessor is provided. @@ -4538,29 +4571,26 @@ static int walk_sys_regs(struct kvm_vcpu *vcpu, u64= __user *uind) =20 unsigned long kvm_arm_num_sys_reg_descs(struct kvm_vcpu *vcpu) { - return ARRAY_SIZE(invariant_sys_regs) - + num_demux_regs() + return num_invariant_regs(vcpu) + + num_demux_regs(vcpu) + walk_sys_regs(vcpu, (u64 __user *)NULL); } =20 int kvm_arm_copy_sys_reg_indices(struct kvm_vcpu *vcpu, u64 __user *uindic= es) { - unsigned int i; int err; =20 - /* Then give them all the invariant registers' indices. */ - for (i =3D 0; i < ARRAY_SIZE(invariant_sys_regs); i++) { - if (put_user(sys_reg_to_index(&invariant_sys_regs[i]), uindices)) - return -EFAULT; - uindices++; - } + err =3D write_invariant_regids(vcpu, uindices); + if (err) + return err; + uindices +=3D num_invariant_regs(vcpu); =20 err =3D walk_sys_regs(vcpu, uindices); if (err < 0) return err; uindices +=3D err; =20 - return write_demux_regids(uindices); + return write_demux_regids(vcpu, uindices); } =20 #define KVM_ARM_FEATURE_ID_RANGE_INDEX(r) \ --=20 2.34.1