{"id":831239,"url":"http://patchwork.ozlabs.org/api/1.2/patches/831239/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-imx/patch/1509101470-7881-23-git-send-email-Dave.Martin@arm.com/","project":{"id":19,"url":"http://patchwork.ozlabs.org/api/1.2/projects/19/?format=json","name":"Linux IMX development","link_name":"linux-imx","list_id":"linux-imx-kernel.lists.patchwork.ozlabs.org","list_email":"linux-imx-kernel@lists.patchwork.ozlabs.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<1509101470-7881-23-git-send-email-Dave.Martin@arm.com>","list_archive_url":null,"date":"2017-10-27T10:51:04","name":"[v4,22/28] arm64/sve: KVM: Prevent guests from using SVE","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"3bf3a42fe72b647ffa86c26b7687968e35d94687","submitter":{"id":26612,"url":"http://patchwork.ozlabs.org/api/1.2/people/26612/?format=json","name":"Dave Martin","email":"Dave.Martin@arm.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/linux-imx/patch/1509101470-7881-23-git-send-email-Dave.Martin@arm.com/mbox/","series":[{"id":10556,"url":"http://patchwork.ozlabs.org/api/1.2/series/10556/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-imx/list/?series=10556","date":"2017-10-27T10:50:43","name":"ARM Scalable Vector Extension (SVE)","version":4,"mbox":"http://patchwork.ozlabs.org/series/10556/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/831239/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/831239/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":"incoming-imx@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming-imx@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=lists.infradead.org\n\t(client-ip=65.50.211.133; helo=bombadil.infradead.org;\n\tenvelope-from=linux-arm-kernel-bounces+incoming-imx=patchwork.ozlabs.org@lists.infradead.org;\n\treceiver=)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=lists.infradead.org\n\theader.i=@lists.infradead.org\n\theader.b=\"cxW6Dt7y\"; dkim-atps=neutral"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n\t[65.50.211.133])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3yNgmy6B6jz9rxj\n\tfor ;\n\tFri, 27 Oct 2017 21:57:06 +1100 (AEDT)","from localhost ([127.0.0.1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))\n\tid 1e82Jw-0000Jm-Lb; Fri, 27 Oct 2017 10:57:00 +0000","from foss.arm.com ([217.140.101.70])\n\tby bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))\n\tid 1e82FJ-0003vJ-MG for linux-arm-kernel@lists.infradead.org;\n\tFri, 27 Oct 2017 10:52:40 +0000","from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])\n\tby usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 889F21A25;\n\tFri, 27 Oct 2017 03:52:02 -0700 (PDT)","from e103592.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com\n\t[10.72.51.249])\n\tby usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id\n\tCDFCB3F24A; Fri, 27 Oct 2017 03:52:00 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20170209; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:\n\tMessage-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=2Vgnj49WN0MHDjMsUrkp4Vcz8rEoMLe2TWTmiBCn6S4=;\n\tb=cxW6Dt7yoDbRnA\n\tmrLKm6+BYQLo3xCxh9dqJKTpkJbD5NhV9TqV1uzCM1eRMQKdLylee5q6ul0l4BD43jSCY1gRh9NB6\n\tUG/OOguHAeEWBEdK0I6MrfdtI8jtmh3gh4+n6Ejx53RS52OABozBrhc8VFUTKQwznZv7HNPWifKQD\n\tJPGAYI7BHhZvTDNmC1G1d+Dx/HH8LnulaCKBvXsZoXaBI/QnADO0QOnAD7nDdgqdMBofX6UO84fj+\n\tnEckm1WemEMn3NqEF+fbAA7TidmwW46sufBr+fX/nm8eFEQp8OFhqNHpFqPhCkIuuSjGLXLL5dL6Y\n\tIJZqUba5ZXl5wRkm+Azw==;","From":"Dave Martin ","To":"linux-arm-kernel@lists.infradead.org","Subject":"[PATCH v4 22/28] arm64/sve: KVM: Prevent guests from using SVE","Date":"Fri, 27 Oct 2017 11:51:04 +0100","Message-Id":"<1509101470-7881-23-git-send-email-Dave.Martin@arm.com>","X-Mailer":"git-send-email 2.1.4","In-Reply-To":"<1509101470-7881-1-git-send-email-Dave.Martin@arm.com>","References":"<1509101470-7881-1-git-send-email-Dave.Martin@arm.com>","MIME-Version":"1.0","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20171027_035214_129460_3069139B ","X-CRM114-Status":"GOOD ( 17.55 )","X-Spam-Score":"-6.9 (------)","X-Spam-Report":"SpamAssassin version 3.4.1 on bombadil.infradead.org summary:\n\tContent analysis details: (-6.9 points)\n\tpts rule name description\n\t---- ----------------------\n\t--------------------------------------------------\n\t-5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/,\n\thigh trust [217.140.101.70 listed in list.dnswl.org]\n\t-0.0 SPF_PASS SPF: sender matches SPF record\n\t-0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay\n\tdomain\n\t-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n\t[score: 0.0000]","X-BeenThere":"linux-arm-kernel@lists.infradead.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Cc":"linux-arch@vger.kernel.org, Okamoto Takayuki ,\n\tlibc-alpha@sourceware.org, Ard Biesheuvel , \n\tSzabolcs Nagy , \n\tCatalin Marinas ,\n\tWill Deacon , =?utf-8?q?Alex_Benn=C3=A9e?=\n\t, kvmarm@lists.cs.columbia.edu","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"base64","Sender":"\"linux-arm-kernel\" ","Errors-To":"linux-arm-kernel-bounces+incoming-imx=patchwork.ozlabs.org@lists.infradead.org","List-Id":"linux-imx-kernel.lists.patchwork.ozlabs.org"},"content":"Until KVM has full SVE support, guests must not be allowed to\nexecute SVE instructions.\n\nThis patch enables the necessary traps, and also ensures that the\ntraps are disabled again on exit from the guest so that the host\ncan still use SVE if it wants to.\n\nOn guest exit, high bits of the SVE Zn registers may have been\nclobbered as a side-effect the execution of FPSIMD instructions in\nthe guest. The existing KVM host FPSIMD restore code is not\nsufficient to restore these bits, so this patch explicitly marks\nthe CPU as not containing cached vector state for any task, thus\nforcing a reload on the next return to userspace. This is an\ninterim measure, in advance of adding full SVE awareness to KVM.\n\nThis marking of cached vector state in the CPU as invalid is done\nusing __this_cpu_write(fpsimd_last_state, NULL) in fpsimd.c. Due\nto the repeated use of this rather obscure operation, it makes\nsense to factor it out as a separate helper with a clearer name.\nThis patch factors it out as fpsimd_flush_cpu_state(), and ports\nall callers to use it.\n\nAs a side effect of this refactoring, a this_cpu_write() in\nfpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This\nshould be fine, since cpu_pm_enter() is supposed to be called only\nwith interrupts disabled.\n\nSigned-off-by: Dave Martin \nReviewed-by: Alex Bennée \nReviewed-by: Christoffer Dall \nAcked-by: Catalin Marinas \nAcked-by: Marc Zyngier \nCc: Ard Biesheuvel \n---\n arch/arm/include/asm/kvm_host.h | 3 +++\n arch/arm64/include/asm/fpsimd.h | 1 +\n arch/arm64/include/asm/kvm_arm.h | 4 +++-\n arch/arm64/include/asm/kvm_host.h | 11 +++++++++++\n arch/arm64/kernel/fpsimd.c | 31 +++++++++++++++++++++++++++++--\n arch/arm64/kvm/hyp/switch.c | 6 +++---\n virt/kvm/arm/arm.c | 3 +++\n 7 files changed, 53 insertions(+), 6 deletions(-)","diff":"diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h\nindex 4a879f6..242151e 100644\n--- a/arch/arm/include/asm/kvm_host.h\n+++ b/arch/arm/include/asm/kvm_host.h\n@@ -293,4 +293,7 @@ int kvm_arm_vcpu_arch_get_attr(struct kvm_vcpu *vcpu,\n int kvm_arm_vcpu_arch_has_attr(struct kvm_vcpu *vcpu,\n \t\t\t struct kvm_device_attr *attr);\n \n+/* All host FP/SIMD state is restored on guest exit, so nothing to save: */\n+static inline void kvm_fpsimd_flush_cpu_state(void) {}\n+\n #endif /* __ARM_KVM_HOST_H__ */\ndiff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h\nindex b868412..74f3439 100644\n--- a/arch/arm64/include/asm/fpsimd.h\n+++ b/arch/arm64/include/asm/fpsimd.h\n@@ -74,6 +74,7 @@ extern void fpsimd_restore_current_state(void);\n extern void fpsimd_update_current_state(struct fpsimd_state *state);\n \n extern void fpsimd_flush_task_state(struct task_struct *target);\n+extern void sve_flush_cpu_state(void);\n \n /* Maximum VL that SVE VL-agnostic software can transparently support */\n #define SVE_VL_ARCH_MAX 0x100\ndiff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h\nindex dbf0537..7f069ff 100644\n--- a/arch/arm64/include/asm/kvm_arm.h\n+++ b/arch/arm64/include/asm/kvm_arm.h\n@@ -186,7 +186,8 @@\n #define CPTR_EL2_TTA\t(1 << 20)\n #define CPTR_EL2_TFP\t(1 << CPTR_EL2_TFP_SHIFT)\n #define CPTR_EL2_TZ\t(1 << 8)\n-#define CPTR_EL2_DEFAULT\t0x000033ff\n+#define CPTR_EL2_RES1\t0x000032ff /* known RES1 bits in CPTR_EL2 */\n+#define CPTR_EL2_DEFAULT\tCPTR_EL2_RES1\n \n /* Hyp Debug Configuration Register bits */\n #define MDCR_EL2_TPMS\t\t(1 << 14)\n@@ -237,5 +238,6 @@\n \n #define CPACR_EL1_FPEN\t\t(3 << 20)\n #define CPACR_EL1_TTA\t\t(1 << 28)\n+#define CPACR_EL1_DEFAULT\t(CPACR_EL1_FPEN | CPACR_EL1_ZEN_EL1EN)\n \n #endif /* __ARM64_KVM_ARM_H__ */\ndiff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h\nindex e923b58..674912d 100644\n--- a/arch/arm64/include/asm/kvm_host.h\n+++ b/arch/arm64/include/asm/kvm_host.h\n@@ -25,6 +25,7 @@\n #include \n #include \n #include \n+#include \n #include \n #include \n #include \n@@ -384,4 +385,14 @@ static inline void __cpu_init_stage2(void)\n \t\t \"PARange is %d bits, unsupported configuration!\", parange);\n }\n \n+/*\n+ * All host FP/SIMD state is restored on guest exit, so nothing needs\n+ * doing here except in the SVE case:\n+*/\n+static inline void kvm_fpsimd_flush_cpu_state(void)\n+{\n+\tif (system_supports_sve())\n+\t\tsve_flush_cpu_state();\n+}\n+\n #endif /* __ARM64_KVM_HOST_H__ */\ndiff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c\nindex f9d3287..8f15462 100644\n--- a/arch/arm64/kernel/fpsimd.c\n+++ b/arch/arm64/kernel/fpsimd.c\n@@ -1048,6 +1048,33 @@ void fpsimd_flush_task_state(struct task_struct *t)\n \tt->thread.fpsimd_state.cpu = NR_CPUS;\n }\n \n+static inline void fpsimd_flush_cpu_state(void)\n+{\n+\t__this_cpu_write(fpsimd_last_state, NULL);\n+}\n+\n+/*\n+ * Invalidate any task SVE state currently held in this CPU's regs.\n+ *\n+ * This is used to prevent the kernel from trying to reuse SVE register data\n+ * that is detroyed by KVM guest enter/exit. This function should go away when\n+ * KVM SVE support is implemented. Don't use it for anything else.\n+ */\n+#ifdef CONFIG_ARM64_SVE\n+void sve_flush_cpu_state(void)\n+{\n+\tstruct fpsimd_state *const fpstate = __this_cpu_read(fpsimd_last_state);\n+\tstruct task_struct *tsk;\n+\n+\tif (!fpstate)\n+\t\treturn;\n+\n+\ttsk = container_of(fpstate, struct task_struct, thread.fpsimd_state);\n+\tif (test_tsk_thread_flag(tsk, TIF_SVE))\n+\t\tfpsimd_flush_cpu_state();\n+}\n+#endif /* CONFIG_ARM64_SVE */\n+\n #ifdef CONFIG_KERNEL_MODE_NEON\n \n DEFINE_PER_CPU(bool, kernel_neon_busy);\n@@ -1088,7 +1115,7 @@ void kernel_neon_begin(void)\n \t}\n \n \t/* Invalidate any task state remaining in the fpsimd regs: */\n-\t__this_cpu_write(fpsimd_last_state, NULL);\n+\tfpsimd_flush_cpu_state();\n \n \tpreempt_disable();\n \n@@ -1209,7 +1236,7 @@ static int fpsimd_cpu_pm_notifier(struct notifier_block *self,\n \tcase CPU_PM_ENTER:\n \t\tif (current->mm)\n \t\t\ttask_fpsimd_save();\n-\t\tthis_cpu_write(fpsimd_last_state, NULL);\n+\t\tfpsimd_flush_cpu_state();\n \t\tbreak;\n \tcase CPU_PM_EXIT:\n \t\tif (current->mm)\ndiff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c\nindex 35a90b8..951f3eb 100644\n--- a/arch/arm64/kvm/hyp/switch.c\n+++ b/arch/arm64/kvm/hyp/switch.c\n@@ -48,7 +48,7 @@ static void __hyp_text __activate_traps_vhe(void)\n \n \tval = read_sysreg(cpacr_el1);\n \tval |= CPACR_EL1_TTA;\n-\tval &= ~CPACR_EL1_FPEN;\n+\tval &= ~(CPACR_EL1_FPEN | CPACR_EL1_ZEN);\n \twrite_sysreg(val, cpacr_el1);\n \n \twrite_sysreg(__kvm_hyp_vector, vbar_el1);\n@@ -59,7 +59,7 @@ static void __hyp_text __activate_traps_nvhe(void)\n \tu64 val;\n \n \tval = CPTR_EL2_DEFAULT;\n-\tval |= CPTR_EL2_TTA | CPTR_EL2_TFP;\n+\tval |= CPTR_EL2_TTA | CPTR_EL2_TFP | CPTR_EL2_TZ;\n \twrite_sysreg(val, cptr_el2);\n }\n \n@@ -117,7 +117,7 @@ static void __hyp_text __deactivate_traps_vhe(void)\n \n \twrite_sysreg(mdcr_el2, mdcr_el2);\n \twrite_sysreg(HCR_HOST_VHE_FLAGS, hcr_el2);\n-\twrite_sysreg(CPACR_EL1_FPEN, cpacr_el1);\n+\twrite_sysreg(CPACR_EL1_DEFAULT, cpacr_el1);\n \twrite_sysreg(vectors, vbar_el1);\n }\n \ndiff --git a/virt/kvm/arm/arm.c b/virt/kvm/arm/arm.c\nindex b9f68e4..4d3cf9c 100644\n--- a/virt/kvm/arm/arm.c\n+++ b/virt/kvm/arm/arm.c\n@@ -652,6 +652,9 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run)\n \t\t */\n \t\tpreempt_disable();\n \n+\t\t/* Flush FP/SIMD state that can't survive guest entry/exit */\n+\t\tkvm_fpsimd_flush_cpu_state();\n+\n \t\tkvm_pmu_flush_hwstate(vcpu);\n \n \t\tkvm_timer_flush_hwstate(vcpu);\n","prefixes":["v4","22/28"]}