KVM: arm64: Group setting traps for protected VMs by control register

unsigned int kvm_host_sve_max_vl;

/*

 * Set trap register values based on features in ID_AA64PFR0.

 */

static void pvm_init_traps_aa64pfr0(struct kvm_vcpu *vcpu)

static void pkvm_vcpu_reset_hcr(struct kvm_vcpu *vcpu)

{

	const u64 feature_ids = pvm_read_id_reg(vcpu, SYS_ID_AA64PFR0_EL1);

	u64 hcr_set = HCR_RW;

	u64 hcr_clear = 0;

	u64 cptr_set = 0;

	u64 cptr_clear = 0;

	/* Protected KVM does not support AArch32 guests. */

	BUILD_BUG_ON(FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_EL0),

		PVM_ID_AA64PFR0_ALLOW) != ID_AA64PFR0_EL1_EL0_IMP);

	BUILD_BUG_ON(FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_EL1),

		PVM_ID_AA64PFR0_ALLOW) != ID_AA64PFR0_EL1_EL1_IMP);

	/*

	 * Linux guests assume support for floating-point and Advanced SIMD. Do

	 * not change the trapping behavior for these from the KVM default.

	 */

	BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_FP),

				PVM_ID_AA64PFR0_ALLOW));

	BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_AdvSIMD),

				PVM_ID_AA64PFR0_ALLOW));

	vcpu->arch.hcr_el2 = HCR_GUEST_FLAGS;

	if (has_hvhe())

		hcr_set |= HCR_E2H;

		vcpu->arch.hcr_el2 |= HCR_E2H;

	/* Trap RAS unless all current versions are supported */

	if (FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_RAS), feature_ids) <

	    ID_AA64PFR0_EL1_RAS_V1P1) {

		hcr_set |= HCR_TERR | HCR_TEA;

		hcr_clear |= HCR_FIEN;

	if (cpus_have_final_cap(ARM64_HAS_RAS_EXTN)) {

		/* route synchronous external abort exceptions to EL2 */

		vcpu->arch.hcr_el2 |= HCR_TEA;

		/* trap error record accesses */

		vcpu->arch.hcr_el2 |= HCR_TERR;

	}

	/* Trap AMU */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_AMU), feature_ids)) {

		hcr_clear |= HCR_AMVOFFEN;

		cptr_set |= CPTR_EL2_TAM;

	}

	if (cpus_have_final_cap(ARM64_HAS_STAGE2_FWB))

		vcpu->arch.hcr_el2 |= HCR_FWB;

	/* Trap SVE */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_SVE), feature_ids)) {

		if (has_hvhe())

			cptr_clear |= CPACR_ELx_ZEN;

	if (cpus_have_final_cap(ARM64_HAS_EVT) &&

	    !cpus_have_final_cap(ARM64_MISMATCHED_CACHE_TYPE))

		vcpu->arch.hcr_el2 |= HCR_TID4;

	else

			cptr_set |= CPTR_EL2_TZ;

	}

		vcpu->arch.hcr_el2 |= HCR_TID2;

	vcpu->arch.hcr_el2 |= hcr_set;

	vcpu->arch.hcr_el2 &= ~hcr_clear;

	vcpu->arch.cptr_el2 |= cptr_set;

	vcpu->arch.cptr_el2 &= ~cptr_clear;

	if (vcpu_has_ptrauth(vcpu))

		vcpu->arch.hcr_el2 |= (HCR_API | HCR_APK);

}

/*

 * Set trap register values based on features in ID_AA64PFR1.

 */

static void pvm_init_traps_aa64pfr1(struct kvm_vcpu *vcpu)

static void pvm_init_traps_hcr(struct kvm_vcpu *vcpu)

{

	const u64 feature_ids = pvm_read_id_reg(vcpu, SYS_ID_AA64PFR1_EL1);

	u64 hcr_set = 0;

	u64 hcr_clear = 0;

	const u64 id_aa64pfr0 = pvm_read_id_reg(vcpu, SYS_ID_AA64PFR0_EL1);

	const u64 id_aa64pfr1 = pvm_read_id_reg(vcpu, SYS_ID_AA64PFR1_EL1);

	const u64 id_aa64mmfr1 = pvm_read_id_reg(vcpu, SYS_ID_AA64MMFR1_EL1);

	u64 val = vcpu->arch.hcr_el2;

	/* Memory Tagging: Trap and Treat as Untagged if not supported. */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_MTE), feature_ids)) {

		hcr_set |= HCR_TID5;

		hcr_clear |= HCR_DCT | HCR_ATA;

	}

	/* No support for AArch32. */

	val |= HCR_RW;

	vcpu->arch.hcr_el2 |= hcr_set;

	vcpu->arch.hcr_el2 &= ~hcr_clear;

}

	if (has_hvhe())

		val |= HCR_E2H;

	/*

 * Set trap register values based on features in ID_AA64DFR0.

	 * Always trap:

	 * - Feature id registers: to control features exposed to guests

	 * - Implementation-defined features

	 */

static void pvm_init_traps_aa64dfr0(struct kvm_vcpu *vcpu)

{

	const u64 feature_ids = pvm_read_id_reg(vcpu, SYS_ID_AA64DFR0_EL1);

	u64 mdcr_set = 0;

	u64 mdcr_clear = 0;

	u64 cptr_set = 0;

	val |= HCR_TACR | HCR_TIDCP | HCR_TID3 | HCR_TID1;

	/* Trap/constrain PMU */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_PMUVer), feature_ids)) {

		mdcr_set |= MDCR_EL2_TPM | MDCR_EL2_TPMCR;

		mdcr_clear |= MDCR_EL2_HPME | MDCR_EL2_MTPME |

			      MDCR_EL2_HPMN_MASK;

	/* Trap RAS unless all current versions are supported */

	if (FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_RAS), id_aa64pfr0) <

	    ID_AA64PFR0_EL1_RAS_V1P1) {

		val |= HCR_TERR | HCR_TEA;

		val &= ~(HCR_FIEN);

	}

	/* Trap Debug */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_DebugVer), feature_ids))

		mdcr_set |= MDCR_EL2_TDRA | MDCR_EL2_TDA | MDCR_EL2_TDE;

	/* Trap OS Double Lock */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_DoubleLock), feature_ids))

		mdcr_set |= MDCR_EL2_TDOSA;

	/* Trap AMU */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_AMU), id_aa64pfr0))

		val &= ~(HCR_AMVOFFEN);

	/* Trap SPE */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_PMSVer), feature_ids)) {

		mdcr_set |= MDCR_EL2_TPMS;

		mdcr_clear |= MDCR_EL2_E2PB_MASK;

	/* Memory Tagging: Trap and Treat as Untagged if not supported. */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_MTE), id_aa64pfr1)) {

		val |= HCR_TID5;

		val &= ~(HCR_DCT | HCR_ATA);

	}

	/* Trap Trace Filter */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_TraceFilt), feature_ids))

		mdcr_set |= MDCR_EL2_TTRF;

	/* Trap LOR */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_LO), id_aa64mmfr1))

		val |= HCR_TLOR;

	/* Trap Trace */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_TraceVer), feature_ids)) {

		if (has_hvhe())

			cptr_set |= CPACR_EL1_TTA;

		else

			cptr_set |= CPTR_EL2_TTA;

	vcpu->arch.hcr_el2 = val;

}

	/* Trap External Trace */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_ExtTrcBuff), feature_ids))

		mdcr_clear |= MDCR_EL2_E2TB_MASK;

static void pvm_init_traps_cptr(struct kvm_vcpu *vcpu)

{

	const u64 id_aa64pfr0 = pvm_read_id_reg(vcpu, SYS_ID_AA64PFR0_EL1);

	const u64 id_aa64pfr1 = pvm_read_id_reg(vcpu, SYS_ID_AA64PFR1_EL1);

	const u64 id_aa64dfr0 = pvm_read_id_reg(vcpu, SYS_ID_AA64DFR0_EL1);

	u64 val = vcpu->arch.cptr_el2;

	vcpu->arch.mdcr_el2 |= mdcr_set;

	vcpu->arch.mdcr_el2 &= ~mdcr_clear;

	vcpu->arch.cptr_el2 |= cptr_set;

	if (!has_hvhe()) {

		val |= CPTR_NVHE_EL2_RES1;

		val &= ~(CPTR_NVHE_EL2_RES0);

	}

/*

 * Set trap register values based on features in ID_AA64MMFR0.

 */

static void pvm_init_traps_aa64mmfr0(struct kvm_vcpu *vcpu)

{

	const u64 feature_ids = pvm_read_id_reg(vcpu, SYS_ID_AA64MMFR0_EL1);

	u64 mdcr_set = 0;

	/* Trap Debug Communications Channel registers */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_FGT), feature_ids))

		mdcr_set |= MDCR_EL2_TDCC;

	/* Trap AMU */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_AMU), id_aa64pfr0))

		val |= CPTR_EL2_TAM;

	vcpu->arch.mdcr_el2 |= mdcr_set;

	/* Trap SVE */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_SVE), id_aa64pfr0)) {

		if (has_hvhe())

			val &= ~(CPACR_ELx_ZEN);

		else

			val |= CPTR_EL2_TZ;

	}

/*

 * Set trap register values based on features in ID_AA64MMFR1.

 */

static void pvm_init_traps_aa64mmfr1(struct kvm_vcpu *vcpu)

{

	const u64 feature_ids = pvm_read_id_reg(vcpu, SYS_ID_AA64MMFR1_EL1);

	u64 hcr_set = 0;

	/* No SME support in KVM. */

	BUG_ON(FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_SME), id_aa64pfr1));

	if (has_hvhe())

		val &= ~(CPACR_ELx_SMEN);

	else

		val |= CPTR_EL2_TSM;

	/* Trap LOR */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_LO), feature_ids))

		hcr_set |= HCR_TLOR;

	/* Trap Trace */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_TraceVer), id_aa64dfr0)) {

		if (has_hvhe())

			val |= CPACR_EL1_TTA;

		else

			val |= CPTR_EL2_TTA;

	}

	vcpu->arch.hcr_el2 |= hcr_set;

	vcpu->arch.cptr_el2 = val;

}

/*

 * Set baseline trap register values.

 */

static void pvm_init_trap_regs(struct kvm_vcpu *vcpu)

static void pvm_init_traps_mdcr(struct kvm_vcpu *vcpu)

{

	const u64 hcr_trap_feat_regs = HCR_TID3;

	const u64 hcr_trap_impdef = HCR_TACR | HCR_TIDCP | HCR_TID1;

	/*

	 * Always trap:

	 * - Feature id registers: to control features exposed to guests

	 * - Implementation-defined features

	 */

	vcpu->arch.hcr_el2 |= hcr_trap_feat_regs | hcr_trap_impdef;

	const u64 id_aa64dfr0 = pvm_read_id_reg(vcpu, SYS_ID_AA64DFR0_EL1);

	const u64 id_aa64mmfr0 = pvm_read_id_reg(vcpu, SYS_ID_AA64MMFR0_EL1);

	u64 val = vcpu->arch.mdcr_el2;

	/* Clear res0 and set res1 bits to trap potential new features. */

	vcpu->arch.hcr_el2 &= ~(HCR_RES0);

	vcpu->arch.mdcr_el2 &= ~(MDCR_EL2_RES0);

	if (!has_hvhe()) {

		vcpu->arch.cptr_el2 |= CPTR_NVHE_EL2_RES1;

		vcpu->arch.cptr_el2 &= ~(CPTR_NVHE_EL2_RES0);

	}

	/* Trap/constrain PMU */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_PMUVer), id_aa64dfr0)) {

		val |= MDCR_EL2_TPM | MDCR_EL2_TPMCR;

		val &= ~(MDCR_EL2_HPME | MDCR_EL2_MTPME | MDCR_EL2_HPMN_MASK);

	}

static void pkvm_vcpu_reset_hcr(struct kvm_vcpu *vcpu)

{

	vcpu->arch.hcr_el2 = HCR_GUEST_FLAGS;

	/* Trap Debug */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_DebugVer), id_aa64dfr0))

		val |= MDCR_EL2_TDRA | MDCR_EL2_TDA;

	if (has_hvhe())

		vcpu->arch.hcr_el2 |= HCR_E2H;

	/* Trap OS Double Lock */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_DoubleLock), id_aa64dfr0))

		val |= MDCR_EL2_TDOSA;

	if (cpus_have_final_cap(ARM64_HAS_RAS_EXTN)) {

		/* route synchronous external abort exceptions to EL2 */

		vcpu->arch.hcr_el2 |= HCR_TEA;

		/* trap error record accesses */

		vcpu->arch.hcr_el2 |= HCR_TERR;

	/* Trap SPE */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_PMSVer), id_aa64dfr0)) {

		val |= MDCR_EL2_TPMS;

		val &= ~MDCR_EL2_E2PB_MASK;

	}

	if (cpus_have_final_cap(ARM64_HAS_STAGE2_FWB))

		vcpu->arch.hcr_el2 |= HCR_FWB;

	/* Trap Trace Filter */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_TraceFilt), id_aa64dfr0))

		val |= MDCR_EL2_TTRF;

	if (cpus_have_final_cap(ARM64_HAS_EVT) &&

	    !cpus_have_final_cap(ARM64_MISMATCHED_CACHE_TYPE))

		vcpu->arch.hcr_el2 |= HCR_TID4;

	else

		vcpu->arch.hcr_el2 |= HCR_TID2;

	/* Trap External Trace */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_ExtTrcBuff), id_aa64dfr0))

		val |= MDCR_EL2_E2TB_MASK;

	if (vcpu_has_ptrauth(vcpu))

		vcpu->arch.hcr_el2 |= (HCR_API | HCR_APK);

	/* Trap Debug Communications Channel registers */

	if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_FGT), id_aa64mmfr0))

		val |= MDCR_EL2_TDCC;

	vcpu->arch.mdcr_el2 = val;

}

/*

 * Initialize trap register values in protected mode.

 */

static void pkvm_vcpu_init_traps(struct kvm_vcpu *vcpu)

static void pkvm_vcpu_init_traps(struct pkvm_hyp_vcpu *hyp_vcpu)

{

	struct kvm_vcpu *vcpu = &hyp_vcpu->vcpu;

	vcpu->arch.cptr_el2 = kvm_get_reset_cptr_el2(vcpu);

	vcpu->arch.mdcr_el2 = 0;

	pkvm_vcpu_reset_hcr(vcpu);

	if ((!vcpu_is_protected(vcpu)))

	if ((!pkvm_hyp_vcpu_is_protected(hyp_vcpu)))

		return;

	pvm_init_trap_regs(vcpu);

	pvm_init_traps_aa64pfr0(vcpu);

	pvm_init_traps_aa64pfr1(vcpu);

	pvm_init_traps_aa64dfr0(vcpu);

	pvm_init_traps_aa64mmfr0(vcpu);

	pvm_init_traps_aa64mmfr1(vcpu);

	/*

	 * PAuth is allowed if supported by the system and the vcpu.

	 * Properly checking for PAuth requires checking various fields in

	 * ID_AA64ISAR1_EL1 and ID_AA64ISAR2_EL1. The way that fixed config

	 * is controlled now in pKVM does not easily allow that. This will

	 * change later to follow the changes upstream wrt fixed configuration

	 * and nested virt.

	 */

	BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_GPI),

				PVM_ID_AA64ISAR1_ALLOW));

	/* Protected KVM does not support AArch32 guests. */

	BUILD_BUG_ON(FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_EL0),

		PVM_ID_AA64PFR0_ALLOW) != ID_AA64PFR0_EL1_EL0_IMP);

	BUILD_BUG_ON(FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_EL1),

		PVM_ID_AA64PFR0_ALLOW) != ID_AA64PFR0_EL1_EL1_IMP);

	/*

	 * Linux guests assume support for floating-point and Advanced SIMD. Do

	 * not change the trapping behavior for these from the KVM default.

	 */

	BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_FP),

				PVM_ID_AA64PFR0_ALLOW));

	BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_AdvSIMD),

				PVM_ID_AA64PFR0_ALLOW));

	pvm_init_traps_hcr(vcpu);

	pvm_init_traps_cptr(vcpu);

	pvm_init_traps_mdcr(vcpu);

}

/*

	pkvm_vcpu_init_sve(hyp_vcpu, host_vcpu);

	pkvm_vcpu_init_ptrauth(hyp_vcpu);

	pkvm_vcpu_init_traps(&hyp_vcpu->vcpu);

	pkvm_vcpu_init_traps(hyp_vcpu);

done:

	if (ret)

		unpin_host_vcpu(host_vcpu);