[PATCH] arm64: Document requirements for fine grained traps at boot

Catalin Marinas catalin.marinas at arm.com
Fri Mar 26 11:55:41 GMT 2021 

On Fri, Mar 12, 2021 at 03:49:17PM +0000, Mark Brown wrote:
> The arm64 FEAT_FGT extension introduces a set of traps to EL2 for accesses
> to small sets of registers and instructions from EL1 and EL0.  Currently
> Linux makes no use of this feature, explicitly document that it should
> be disabled when entering the kernel at EL2 (as is the architectural
> default) to help avoid surprises.
> 
> Signed-off-by: Mark Brown <broonie at kernel.org>
> ---
>  Documentation/arm64/booting.rst | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/Documentation/arm64/booting.rst b/Documentation/arm64/booting.rst
> index 7552dbc1cc54..1efc2d3023bb 100644
> --- a/Documentation/arm64/booting.rst
> +++ b/Documentation/arm64/booting.rst
> @@ -270,6 +270,13 @@ Before jumping into the kernel, the following conditions must be met:
>        having 0b1 set for the corresponding bit for each of the auxiliary
>        counters present.
>  
> +  For CPUs with Fine Grained Traps (FEAT_FGT) extension present:
> +
> +  - If the kernel is entered at EL2:
> +
> +    - HAFGRTR_EL2, HDFGWTR_EL2, HDFGRTR_EL2, HFGWTR_EL2, HFGRTR_EL2 and
> +      HFGITR_EL2 must be initialised to 0.

While this requirement is correct, documenting such individual registers
doesn't scales well. You may run a 5 year old kernel on a newer CPU and
we can't predict which control registers have been added and what
side-effect they have. The architecture, at least for the above
registers, states that if warm reset to EL2, their value is 0. I think
the EL3 firmware (which is normally up to date with the CPU it is
running on) should follow the ARM ARM reset values. There are probably
EL1 registers with similar requirements (I haven't checked).

Can we instead have a broad statement regarding any EL1/EL2 registers
that they should be either rest to 0 or to the architectural (warm)
reset value as per the ARM ARM? Or something like any feature must be
disabled by default at the EL1/EL2 control registers level and this
would imply the fine-grained traps.

We currently have this statement:

  All writable architected system registers at the exception level where
  the kernel image will be entered must be initialised by software at a
  higher exception level to prevent execution in an UNKNOWN state.

The "prevent execution in an UNKNOWN state" needs to be clearer. The
above should also include exception levels _below_ the one where the
kernel is entered. It doesn't help if KVM is old and has no clue of new
EL1-specific registers.

Adding Mark R, I think he looked at some of these in the past.

-- 
Catalin

More information about the linux-arm-kernel mailing list