From nobody Thu Apr  9 23:26:48 2026
Received: from mail-wr1-f50.google.com (mail-wr1-f50.google.com
 [209.85.221.50])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3878A3CE488
	for <linux-kernel@vger.kernel.org>; Thu,  5 Mar 2026 16:28:49 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.221.50
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1772728131; cv=none;
 b=pdtRzzGCi1e0JZn98ldnPAR4UtGCmHtp7vz5UmI+iqXez+EtE/Pq1KPnMNYagNancVdIE9Jf0fWXDFpmgR943t1mHcJAvGeG7Lp2GvQ3LJCAV4wwqWmdmsuTL8zP6819FjyBynbKGM50k/VDJJKiM+gJg406ywj0UGpJTun7dLs=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1772728131; c=relaxed/simple;
	bh=eGMJHqDbmqpHeKVNhq5RasWcU0PN40UYs50dG3pEfSY=;
	h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References:
	 In-Reply-To:To:Cc;
 b=iSpH45kG+bbb8qkphnQRbjp26F0Y9YtYIB84t1tVSBPTQy3zNxHTzh0rheA4jKxepGo4O777WySGPDcj40IPV0BErY/x0HPNNBgJTzBV2PouJUXRIT6vm70ep7Bv6szu2XIomXSddvU58rV5HNXtDtk/KNSe5IOqpCuP4y8UA8A=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linaro.org;
 spf=pass smtp.mailfrom=linaro.org;
 dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org
 header.b=Ep/wRTYi; arc=none smtp.client-ip=209.85.221.50
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=linaro.org
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org
 header.b="Ep/wRTYi"
Received: by mail-wr1-f50.google.com with SMTP id
 ffacd0b85a97d-439c56e822eso2525710f8f.2
        for <linux-kernel@vger.kernel.org>;
 Thu, 05 Mar 2026 08:28:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google; t=1772728128; x=1773332928;
 darn=vger.kernel.org;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=956LHPVlfL1rOP3wzpXMeMW0aPaZLWqWprb6Mq5DKY0=;
        b=Ep/wRTYi9/JLzt+R2PCtBD7YR/3Fa6bEn1htRCZg/fIm15CyBtIcQHx9aMSi3rL3+T
         svlzFFHZEe4sr1I+Wgn9fhcClp8FctS1aYRG5RD9NbYnQ9mfH3SwDtpn+ypyxD/kRr26
         zKifTTmEPovCmsVW4z9L2e2mlsUU+3/EcmGRFUIvQg+olu4w83RFEj3/Y/WMbe+syOs0
         51Zw05qAjISqQpkmUa9QiMZOCFqgppKYribMiXzcYKGssUOdwtlM75tn5DhB3qXBhQKq
         yIZbGyyRpaty69C+Q298ja7oZ3lyhQgOALXRKlU9UCqb6f6WfLcQX9wuPAGei2sHiTC8
         d5sA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1772728128; x=1773332928;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=956LHPVlfL1rOP3wzpXMeMW0aPaZLWqWprb6Mq5DKY0=;
        b=Xd7cMTetZgqK4tiD46/4GBvFA3Oo/4ZEJ7x7BRiyDBqde+1JqjJ6ilyv4xFTNWPbbt
         lx+xWwC67FdxDE547k3NBDAQxV5hvRlYmZvyBJQ0VsFREDPBbwXXD2g4r+tt167RntBm
         9Qwv52cT3/iWnEjFKBjpu2XRqFYOAyvomDI1AHIgbJDf5HvQP4xXx+WCekXVMDwtBTLf
         x2DbW/TWO5EGYQP6H6WMby33SudugWFP+d/19RqzJ+NVxld4cS56SmUn0CktDqY3LHc4
         8yT6ZBeNSoSnxRT5BvMkmlQbR9z/CZ3PfkLZvH9xF10itx6/vPazHDN4jLy+hAH/c7zv
         hmMg==
X-Forwarded-Encrypted: i=1;
 AJvYcCU62q+gYnv5Q5pTp7l+hr4XZFiP9lmBnUKKO5nwgf8N1z7Dun59YtdgG3z/jMXVIVx21gah4OMyUj+LwKs=@vger.kernel.org
X-Gm-Message-State: AOJu0Yw19BQ1e7pXB5szLXELd/ErPCcpYk7LQs5Ysb3ZwpLGNDpYpQdZ
	rWqsZLRneof2k8ilnSuH902/xqY5RltOa0W5gwnQzkD2xl6fyPYlfE2ZrwDvhd1J/S0=
X-Gm-Gg: ATEYQzwzmdFCexmY3qT3tuklNqbTsxh35+a82S4trxO57GU1BZPYHZ/tWxXlTPpHtPq
	IAj1qFeKi6+rUqgZ+O56FFM1dbx0slhkzQ4DdWDMWe+/HBTvA/r1/eYbP7CTxG0NRQ8pGwc2lH0
	91beMyGg40B+/MHzNsdCrYfXtt5CEnoPL7eSDrkGkrd736e4WY2MjWln/DwjFoEmYnpabjHrrSa
	1lP/v+IbM3MTQ7jDhNpKKcgHJEuEnph30+NMYe8A0ujVjdPxkFNuda0gkohHIJLVCPfL/NhfB9/
	la5amqh7XQXYZZvDh80jDdFPDfkHHOY3iiF86KYq4zsl2vsOZsltgtE1GKCgacMKQ5fiBfDPqfR
	ZWqlCFh0wFmxbqXG7bmClLHEJPH3xYfMKa42vpQrOT+4p9kUEJftFGf7XUYL0scrbxn5RusDKoH
	lV2NSidB06SHG10y2ZUVVEToaf8tE/CIa/
X-Received: by 2002:a05:6000:2881:b0:439:b9bd:51f with SMTP id
 ffacd0b85a97d-439d721cfc2mr748137f8f.25.1772728128375;
        Thu, 05 Mar 2026 08:28:48 -0800 (PST)
Received: from ho-tower-lan.lan ([185.48.77.170])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-439c2f8c0e7sm19596034f8f.29.2026.03.05.08.28.47
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 05 Mar 2026 08:28:48 -0800 (PST)
From: James Clark <james.clark@linaro.org>
Date: Thu, 05 Mar 2026 16:28:18 +0000
Subject: [PATCH v2 2/3] arm64: cpufeature: Make PMUVer and PerfMon unsigned
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20260305-james-kvm-pmuver-sign-v2-2-ee80a125af9b@linaro.org>
References: <20260305-james-kvm-pmuver-sign-v2-0-ee80a125af9b@linaro.org>
In-Reply-To: <20260305-james-kvm-pmuver-sign-v2-0-ee80a125af9b@linaro.org>
To: Marc Zyngier <maz@kernel.org>, Oliver Upton <oupton@kernel.org>,
 Joey Gouly <joey.gouly@arm.com>, Suzuki K Poulose <suzuki.poulose@arm.com>,
 Zenghui Yu <yuzenghui@huawei.com>,
 Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>,
 Colton Lewis <coltonlewis@google.com>,
 Alexandru Elisei <alexandru.elisei@arm.com>
Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev,
 linux-kernel@vger.kernel.org, James Clark <james.clark@linaro.org>
X-Mailer: b4 0.14.0

On the host, this change doesn't make a difference because the fields
are defined as FTR_EXACT. However, KVM allows userspace to set these
fields for a guest and overrides the type to be FTR_LOWER_SAFE. And
while KVM used to do an unsigned comparison to validate that the new
value is lower than what the hardware provides, since the linked commit
it uses the generic sanitization framework which does a signed
comparison.

Fix it by defining these fields as unsigned. In theory, without this
fix, userspace could set a higher PMU version than the hardware supports
by providing any value with the top bit set.

Fixes: c118cead07a7 ("KVM: arm64: Use generic sanitisation for ID_(AA64)DFR=
0_EL1")
Signed-off-by: James Clark <james.clark@linaro.org>
---
 arch/arm64/kernel/cpufeature.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index c31f8e17732a..07abdfd40756 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -565,7 +565,7 @@ static const struct arm64_ftr_bits ftr_id_aa64dfr0[] =
=3D {
 	 * We can instantiate multiple PMU instances with different levels
 	 * of support.
 	 */
-	S_ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_EXACT, ID_AA64DFR0_EL1_PM=
UVer_SHIFT, 4, 0),
+	ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_EXACT, ID_AA64DFR0_EL1_PMUV=
er_SHIFT, 4, 0),
 	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_EXACT, ID_AA64DFR0_EL1_DebugVe=
r_SHIFT, 4, 0x6),
 	ARM64_FTR_END,
 };
@@ -709,7 +709,7 @@ static const struct arm64_ftr_bits ftr_id_pfr2[] =3D {
=20
 static const struct arm64_ftr_bits ftr_id_dfr0[] =3D {
 	/* [31:28] TraceFilt */
-	S_ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_EXACT, ID_DFR0_EL1_PerfMo=
n_SHIFT, 4, 0),
+	ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_EXACT, ID_DFR0_EL1_PerfMon_=
SHIFT, 4, 0),
 	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_DFR0_EL1_MProfD=
bg_SHIFT, 4, 0),
 	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_DFR0_EL1_MMapTr=
c_SHIFT, 4, 0),
 	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_DFR0_EL1_CopTrc=
_SHIFT, 4, 0),

--=20
2.34.1