[PATCH v2 13/13] KVM: arm64: Check vcpu features at pVM creation

[PATCH v2 00/13] KVM: arm64: Fixed features for protected VMs · Fuad Tabba <hidden> · 2021-06-15
[PATCH v2 01/13] KVM: arm64: Remove trailing whitespace in comments · Fuad Tabba <hidden> · 2021-06-15
Re: [PATCH v2 01/13] KVM: arm64: Remove trailing whitespace in comments · Will Deacon <will@kernel.org> · 2021-07-01
Re: [PATCH v2 01/13] KVM: arm64: Remove trailing whitespace in comments · Fuad Tabba <hidden> · 2021-07-01
[PATCH v2 02/13] KVM: arm64: MDCR_EL2 is a 64-bit register · Fuad Tabba <hidden> · 2021-06-15
Re: [PATCH v2 02/13] KVM: arm64: MDCR_EL2 is a 64-bit register · Will Deacon <will@kernel.org> · 2021-07-01
Re: [PATCH v2 02/13] KVM: arm64: MDCR_EL2 is a 64-bit register · Fuad Tabba <hidden> · 2021-07-01
[PATCH v2 03/13] KVM: arm64: Fix names of config register fields · Fuad Tabba <hidden> · 2021-06-15
Re: [PATCH v2 03/13] KVM: arm64: Fix names of config register fields · Will Deacon <will@kernel.org> · 2021-07-01
Re: [PATCH v2 03/13] KVM: arm64: Fix names of config register fields · Fuad Tabba <hidden> · 2021-07-01
[PATCH v2 04/13] KVM: arm64: Refactor sys_regs.h,c for nVHE reuse · Fuad Tabba <hidden> · 2021-06-15
Re: [PATCH v2 04/13] KVM: arm64: Refactor sys_regs.h, c for nVHE reuse · Will Deacon <will@kernel.org> · 2021-07-01
Re: [PATCH v2 04/13] KVM: arm64: Refactor sys_regs.h, c for nVHE reuse · Fuad Tabba <hidden> · 2021-07-01
[PATCH v2 05/13] KVM: arm64: Restore mdcr_el2 from vcpu · Fuad Tabba <hidden> · 2021-06-15
Re: [PATCH v2 05/13] KVM: arm64: Restore mdcr_el2 from vcpu · Will Deacon <will@kernel.org> · 2021-07-01
Re: [PATCH v2 05/13] KVM: arm64: Restore mdcr_el2 from vcpu · Fuad Tabba <hidden> · 2021-07-01
[PATCH v2 07/13] KVM: arm64: Add config register bit definitions · Fuad Tabba <hidden> · 2021-06-15
Re: [PATCH v2 07/13] KVM: arm64: Add config register bit definitions · Will Deacon <will@kernel.org> · 2021-07-01
Re: [PATCH v2 07/13] KVM: arm64: Add config register bit definitions · Fuad Tabba <hidden> · 2021-07-01
[PATCH v2 06/13] KVM: arm64: Add feature register flag definitions · Fuad Tabba <hidden> · 2021-06-15
Re: [PATCH v2 06/13] KVM: arm64: Add feature register flag definitions · Will Deacon <will@kernel.org> · 2021-07-01
Re: [PATCH v2 06/13] KVM: arm64: Add feature register flag definitions · Fuad Tabba <hidden> · 2021-07-01
[PATCH v2 08/13] KVM: arm64: Guest exit handlers for nVHE hyp · Fuad Tabba <hidden> · 2021-06-15
Re: [PATCH v2 08/13] KVM: arm64: Guest exit handlers for nVHE hyp · Will Deacon <will@kernel.org> · 2021-07-01
Re: [PATCH v2 08/13] KVM: arm64: Guest exit handlers for nVHE hyp · Fuad Tabba <hidden> · 2021-07-01
[PATCH v2 09/13] KVM: arm64: Add trap handlers for protected VMs · Fuad Tabba <hidden> · 2021-06-15
Re: [PATCH v2 09/13] KVM: arm64: Add trap handlers for protected VMs · Will Deacon <will@kernel.org> · 2021-07-01
Re: [PATCH v2 09/13] KVM: arm64: Add trap handlers for protected VMs · Andrew Jones <hidden> · 2021-07-14
[PATCH v2 11/13] KVM: arm64: Trap access to pVM restricted features · Fuad Tabba <hidden> · 2021-06-15
[PATCH v2 10/13] KVM: arm64: Move sanitized copies of CPU features · Fuad Tabba <hidden> · 2021-06-15
[PATCH v2 12/13] KVM: arm64: Handle protected guests at 32 bits · Fuad Tabba <hidden> · 2021-06-15
[PATCH v2 13/13] KVM: arm64: Check vcpu features at pVM creation · Fuad Tabba <hidden> · 2021-06-15

STALE1789d

Revisions (4)

2021-06-08 v1 [diff vs current]
2021-06-15 v2 current
2021-07-19 v3 [diff vs current]
2021-08-17 v4 [diff vs current]

From: Fuad Tabba <hidden>
Date: 2021-06-15 14:32:58
Also in: kvm, kvmarm
Subsystem: arm64 port (aarch64 architecture), kernel virtual machine for arm64 (kvm/arm64), the rest · Maintainers: Catalin Marinas, Will Deacon, Marc Zyngier, Oliver Upton, Linus Torvalds

Check that a protected VM enabled only supported features when
created.

Signed-off-by: Fuad Tabba <redacted>
---
 arch/arm64/kvm/pkvm.c | 43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)

diff --git a/arch/arm64/kvm/pkvm.c b/arch/arm64/kvm/pkvm.c
index cf624350fb27..15a92f3fdd44 100644
--- a/arch/arm64/kvm/pkvm.c
+++ b/arch/arm64/kvm/pkvm.c

@@ -88,10 +88,53 @@ static void pkvm_teardown_firmware_slot(struct kvm *kvm)
 	kvm->arch.pkvm.firmware_slot = NULL;
 }
 
+/*
+ * Check that only supported features are enabled for the protected VM's vcpus.
+ *
+ * Return 0 if all features enabled for all vcpus are supported, or -EINVAL if
+ * one or more vcpus has one or more unsupported features.
+ */
+static int pkvm_check_features(struct kvm *kvm)
+{
+	int i;
+	const struct kvm_vcpu *vcpu;
+	DECLARE_BITMAP(allowed_features, KVM_VCPU_MAX_FEATURES);
+
+	bitmap_zero(allowed_features, KVM_VCPU_MAX_FEATURES);
+
+	/*
+	 * Support for:
+	 * - CPU starting in poweroff state
+	 * - PSCI v0.2
+	 * - Pointer authentication: address or generic
+	 *
+	 * No support for remaining features, i.e.,:
+	 * - AArch32 state
+	 * - Performance Monitoring
+	 * - Scalable Vectors
+	 */
+	set_bit(KVM_ARM_VCPU_POWER_OFF, allowed_features);
+	set_bit(KVM_ARM_VCPU_PSCI_0_2, allowed_features);
+	set_bit(KVM_ARM_VCPU_PTRAUTH_ADDRESS, allowed_features);
+	set_bit(KVM_ARM_VCPU_PTRAUTH_GENERIC, allowed_features);
+
+	kvm_for_each_vcpu(i, vcpu, kvm) {
+		if (!bitmap_subset(vcpu->arch.features, allowed_features,
+				   KVM_VCPU_MAX_FEATURES))
+			return -EINVAL;
+	}
+
+	return 0;
+}
+
 static int pkvm_enable(struct kvm *kvm, u64 slotid)
 {
 	int ret;
 
+	ret = pkvm_check_features(kvm);
+	if (ret)
+		return ret;
+
 	ret = pkvm_init_firmware_slot(kvm, slotid);
 	if (ret)
 		return ret;

-- 
2.32.0.272.g935e593368-goog


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help