[PATCH v4 2/3] KVM: arm64: Allow userspace to change ID_AA64PFR1_EL1

Shaoqin Huang shahuang at redhat.com
Thu Jul 18 01:21:42 PDT 2024 

Hi Oliver,

On 7/18/24 14:35, Oliver Upton wrote:
> On Wed, Jul 17, 2024 at 11:50:15PM -0400, Shaoqin Huang wrote:
>> Allow userspace to change the guest-visible value of the register with
>> different way of handling:
>>
>>    - Since the RAS and MPAM is not writable in the ID_AA64PFR0_EL1
>>      register, RAS_frac and MPAM_frac are also not writable in the
>>      ID_AA64PFR1_EL1 register.
>>
>>    - The MTE is controlled by an internal flag (KVM_ARCH_FLAG_MTE_ENABLED),
>>      so it's not writable.
> 
> The flag isn't the relevant part, what's important about MTE is that it
> already has a separate UAPI for controlling it (KVM_CAP_ARM_MTE).

I'm not quite understand why KVM_ARCH_FLAG_MTE_ENABLED isn't the 
relevant part. I see this capability, when enable the KVM_CAP_ARM_MTE, 
it set the KVM_ARCH_FLAG_MTE_ENABLED in the kvm->arch.flags.

And do you mean we should update it like "The MTE is controlled by a 
UAPI (KVM_CAP_ARM_MTE)"?

> 
>>    - For those fields which KVM doesn't know how to handle, they have
>>      are not exposed to the guest (being disabled in the register read
>>      accessor), those fields value will always be 0. Allow those fields
>>      writable is fine, since the userspace can only write 0 into those
>>      fields. Maybe in the future KVM know how to handle some of the
>>      fields, then they can be written into other value.
>>      So let them writable.
>>      Those fields include SME, RNDR_trap, NMI, GCS, THE, DF2, PFAR,
>>      MTE_frac, MTEX.
> 
> This doesn't seem right. We're committing to a UAPI behavior the moment
> these fields are advertised to userspace, which is rather difficult to
> do for features that we don't even implement.
> 
> Please only advertise the fields known to KVM and leave the others
> unadvertised.

Thanks a lot for pointing this out. Now I get the point, for those not 
implemented feature, they should not writable, so they're not advertised 
to userspace.

> 
>>    - The BT, SSBS, CSV2_frac don't introduce any new registers which KVM
>>      doesn't know how to handle, they can be written without ill effect.
>>      So let them writable.
> 
> I think the handling of ARM_SMCCC_ARCH_WORKAROUND_2 needs to be updated
> to consider the presence of FEAT_SSBS in the guest's ID registers.
> Otherwise we'll wind up returning NOT_SUPPORTED and the guest will
> conclude it is in a vulnerable state.

I see that line of code, in the case ARM_SMCCC_ARCH_WORKAROUND_2:

if (cpus_have_final_cap(ARM64_SSBS))
	break;

I guess we should update it with something like

if (SYS_FIELD_GET(ID_AA64PFR1_EL1, SSBS, IDREG(kvm,
     SYS_ID_AA64PFR1_EL1)) != 0)

Oliver, Is there any proper function or macro implement the checking 
like above? I don't find the similar checking in the code.

Thanks,
Shaoqin

> 

-- 
Shaoqin

More information about the linux-arm-kernel mailing list