Commit 04ab519b authored by Marc Zyngier's avatar Marc Zyngier
Browse files

KVM: arm64: nv: Configure HCR_EL2 for FEAT_NV2 



Add the HCR_EL2 configuration for FEAT_NV2, adding the required
bits for running a guest hypervisor, and overall merging the
allowed bits provided by the guest.

This heavily replies on unavaliable features being sanitised
when the HCR_EL2 shadow register is accessed, and only a couple
of bits must be explicitly disabled.

Non-NV guests are completely unaffected by any of this.

Reviewed-by: default avatarJoey Gouly <joey.gouly@arm.com>
Reviewed-by: default avatarOliver Upton <oliver.upton@linux.dev>
Link: https://lore.kernel.org/r/20240419102935.1935571-6-maz@kernel.org


Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
parent 6f57c6be

arch/arm64/kvm/hyp/include/hyp/switch.h

+1 −3
Original line number Diff line number Diff line
@@ -271,10 +271,8 @@ static inline void __deactivate_traps_common(struct kvm_vcpu *vcpu) 
	__deactivate_traps_hfgxtr(vcpu);

}



static inline void ___activate_traps(struct kvm_vcpu *vcpu)

static inline void ___activate_traps(struct kvm_vcpu *vcpu, u64 hcr)

{

	u64 hcr = vcpu->arch.hcr_el2;



	if (cpus_have_final_cap(ARM64_WORKAROUND_CAVIUM_TX2_219_TVM))

		hcr |= HCR_TVM;

arch/arm64/kvm/hyp/nvhe/switch.c

+1 −1
Original line number Diff line number Diff line
@@ -40,7 +40,7 @@ static void __activate_traps(struct kvm_vcpu *vcpu) 
{

	u64 val;



	___activate_traps(vcpu);

	___activate_traps(vcpu, vcpu->arch.hcr_el2);

	__activate_traps_common(vcpu);



	val = vcpu->arch.cptr_el2;

arch/arm64/kvm/hyp/vhe/switch.c

+34 −1
Original line number Diff line number Diff line
@@ -33,11 +33,44 @@ DEFINE_PER_CPU(struct kvm_host_data, kvm_host_data); 
DEFINE_PER_CPU(struct kvm_cpu_context, kvm_hyp_ctxt);

DEFINE_PER_CPU(unsigned long, kvm_hyp_vector);



/*

 * HCR_EL2 bits that the NV guest can freely change (no RES0/RES1

 * semantics, irrespective of the configuration), but that cannot be

 * applied to the actual HW as things would otherwise break badly.

 *

 * - TGE: we want the guest to use EL1, which is incompatible with

 *   this bit being set

 *

 * - API/APK: for hysterical raisins, we enable PAuth lazily, which

 *   means that the guest's bits cannot be directly applied (we really

 *   want to see the traps). Revisit this at some point.

 */

#define NV_HCR_GUEST_EXCLUDE	(HCR_TGE | HCR_API | HCR_APK)



static u64 __compute_hcr(struct kvm_vcpu *vcpu)

{

	u64 hcr = vcpu->arch.hcr_el2;



	if (!vcpu_has_nv(vcpu))

		return hcr;



	if (is_hyp_ctxt(vcpu)) {

		hcr |= HCR_NV | HCR_NV2 | HCR_AT | HCR_TTLB;



		if (!vcpu_el2_e2h_is_set(vcpu))

			hcr |= HCR_NV1;



		write_sysreg_s(vcpu->arch.ctxt.vncr_array, SYS_VNCR_EL2);

	}



	return hcr | (__vcpu_sys_reg(vcpu, HCR_EL2) & ~NV_HCR_GUEST_EXCLUDE);

}



static void __activate_traps(struct kvm_vcpu *vcpu)

{

	u64 val;



	___activate_traps(vcpu);

	___activate_traps(vcpu, __compute_hcr(vcpu));



	if (has_cntpoff()) {

		struct timer_map map;