[PATCH 0/3] KVM: arm64: Limit feature register reads from AArch32

[Oliver Upton]

On Mon, Mar 28, 2022 at 6:13 PM Oliver Upton <oupton at google.com> wrote:
>
> KVM/arm64 does not restrict the guest's view of the AArch32 feature
> registers when read from AArch32. HCR_EL2.TID3 is cleared for AArch32
> guests, meaning that register reads come straight from hardware. This is
> problematic as KVM relies on read_sanitised_ftr_reg() to expose a set of
> features consistent for a particular system.
>
> Appropriate handlers must first be put in place for CP10 and CP15 ID
> register accesses before setting TID3. Rather than exhaustively
> enumerating each of the encodings for CP10 and CP15 registers, take the
> lazy route and aim the register accesses at the AArch64 system register
> table.
>
> Patch 1 reroutes the CP15 registers into the AArch64 table, taking care
> to immediately RAZ undefined ranges of registers. This is done to avoid
> possibly conflicting with encodings for future AArch64 registers.
>
> Patch 2 installs an exit handler for the CP10 ID registers and also
> relies on the general AArch64 register handler to implement reads.
>
> Finally, patch 3 actually sets TID3 for AArch32 guests, providing
> known-safe values for feature register accesses.
>
> I'll leave it as an exercise for the reader to decide whether or not I'm
> being _too_ lazy here ;-)
>
> Series applies cleanly to kvmarm/fixes at commit:
>
>   8872d9b3e35a ("KVM: arm64: Drop unneeded minor version check from PSCI v1.x handler")
>
> Tested with AArch32 kvm-unit-tests and booting an AArch32 debian image
> on a Raspberry Pi 4. Nothing seems to have gone up in smoke yet...

That is to say, I booted an AArch32 debian image as a guest. The host
kernel was of course arm64.