Commit eaa43934 authored Aug 07, 2025 by Fuad Tabba Committed by Oliver Upton Aug 08, 2025

KVM: arm64: Handle AIDR_EL1 and REVIDR_EL1 in host for protected VMs

Since commit 17efc1ac ("arm64: Expose AIDR_EL1 via sysfs"), AIDR_EL1
is read early during boot. Therefore, a guest running as a protected VM
will fail to boot because when it attempts to access AIDR_EL1, access to
that register is restricted in pKVM for protected guests.

Similar to how MIDR_EL1 is handled by the host for protected VMs, let
the host handle accesses to AIDR_EL1 as well as REVIDR_EL1. However note
that, unlike MIDR_EL1, AIDR_EL1 and REVIDR_EL1 are trapped by
HCR_EL2.TID1. Therefore, explicitly mark them as handled by the host for
protected VMs. TID1 is always set in pKVM, because it needs to restrict
access to SMIDR_EL1, which is also trapped by that bit.

Reported-by: Will Deacon <will@kernel.org>
Signed-off-by: Fuad Tabba <tabba@google.com>
Link: https://lore.kernel.org/r/20250807120133.871892-2-tabba@google.com

Signed-off-by: Oliver Upton <oliver.upton@linux.dev>

parent 700d6868

arch/arm64/kvm/hyp/nvhe/sys_regs.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -372,6 +372,9 @@ static const struct sys_reg_desc pvm_sys_reg_descs[] = {

		/* Debug and Trace Registers are restricted. */

		/* Group 1 ID registers */
		HOST_HANDLED(SYS_REVIDR_EL1),

		/* AArch64 mappings of the AArch32 ID registers */
		/* CRm=1 */
		AARCH32(SYS_ID_PFR0_EL1),
		@@ -460,6 +463,7 @@ static const struct sys_reg_desc pvm_sys_reg_descs[] = {

		HOST_HANDLED(SYS_CCSIDR_EL1),
		HOST_HANDLED(SYS_CLIDR_EL1),
		HOST_HANDLED(SYS_AIDR_EL1),
		HOST_HANDLED(SYS_CSSELR_EL1),
		HOST_HANDLED(SYS_CTR_EL0),