[PATCH 0/4] KVM: arm64: nv: HAF fixes

[Alexandru Elisei]

Based on kvmarm's next branch.

HAF support for the software translation table walker was merged while I
was in the process of reading the patches, so instead of comments I have
these few fixes.

One thing I didn't touch is this sequence in hyp_set_prot_attr():

	if (prot & KVM_PGTABLE_PROT_X) {
		/* don't set the XN bit */
	} else {
		attr |= KVM_PTE_LEAF_ATTR_HI_S1_XN;
	}

If the caller is executing in nVHE mode, the translation regime is EL2,
which has only PrivExecute permission. Since KVM_PGTABLE_PROT_X is now the
union of PrivExecute and UnprivExecute, if the caller requests only the
UnprivExecute permission, but no PrivExecute permission, the function does
not return an error code and sets the PrivExecute permission.

Something similar happens in kvm_pgtable_hyp_pte_prot() - it will return
KVM_PGTABLE_PROT_X, which includes KVM_PGTABLE_PROT_UX (UnprivExecute) even
if the permission does not apply to the EL2 translation regime.

I have a feeling I am being too pedantic here, that's why I didn't propose
a fix. Though I thought it might be worth confirming that this isn't an
issue.

Alexandru Elisei (4):
  KVM: arm64: Document KVM_PGTABLE_PROT_{UX,PX}
  KVM: arm64: at: Use correct HA bit in TCR_EL2 when regime is EL2
  KVM: arm64: nv: Don't mask VTCR_EL2.HA if FEAT_HAFDBS is present
  KVM: arm64: at: Update AF on software walk only if VM has FEAT_HAFDBS

 arch/arm64/include/asm/kvm_arm.h     | 1 +
 arch/arm64/include/asm/kvm_pgtable.h | 4 +++-
 arch/arm64/kvm/at.c                  | 5 ++++-
 arch/arm64/kvm/nested.c              | 4 +++-
 4 files changed, 11 insertions(+), 3 deletions(-)


base-commit: 81410a2ac378414e9c60c34dac4e2c4d00969b46
-- 
2.43.0