| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Apr 2024 09:43:05 +0100
From: Steven Price <steven.price@....com>
To: kvm@...r.kernel.org,
kvmarm@...ts.linux.dev
Cc: Jean-Philippe Brucker <jean-philippe@...aro.org>,
Catalin Marinas <catalin.marinas@....com>,
Marc Zyngier <maz@...nel.org>,
Will Deacon <will@...nel.org>,
James Morse <james.morse@....com>,
Oliver Upton <oliver.upton@...ux.dev>,
Suzuki K Poulose <suzuki.poulose@....com>,
Zenghui Yu <yuzenghui@...wei.com>,
linux-arm-kernel@...ts.infradead.org,
linux-kernel@...r.kernel.org,
Joey Gouly <joey.gouly@....com>,
Alexandru Elisei <alexandru.elisei@....com>,
Christoffer Dall <christoffer.dall@....com>,
Fuad Tabba <tabba@...gle.com>,
linux-coco@...ts.linux.dev,
Ganapatrao Kulkarni <gankulkarni@...amperecomputing.com>,
Steven Price <steven.price@....com>
Subject: [PATCH v2 39/43] arm64: RME: Configure max SVE vector length for a Realm
From: Jean-Philippe Brucker <jean-philippe@...aro.org>
Obtain the max vector length configured by userspace on the vCPUs, and
write it into the Realm parameters. By default the vCPU is configured
with the max vector length reported by RMM, and userspace can reduce it
with a write to KVM_REG_ARM64_SVE_VLS.
Signed-off-by: Jean-Philippe Brucker <jean-philippe@...aro.org>
Signed-off-by: Steven Price <steven.price@....com>
---
arch/arm64/kvm/guest.c | 3 ++-
arch/arm64/kvm/rme.c | 42 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 44 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c
index c62fda66cdc5..d72e59e79185 100644
--- a/arch/arm64/kvm/guest.c
+++ b/arch/arm64/kvm/guest.c
@@ -341,7 +341,7 @@ static int set_sve_vls(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg)
if (!vcpu_has_sve(vcpu))
return -ENOENT;
- if (kvm_arm_vcpu_sve_finalized(vcpu))
+ if (kvm_arm_vcpu_sve_finalized(vcpu) || kvm_realm_is_created(vcpu->kvm))
return -EPERM; /* too late! */
if (WARN_ON(vcpu->arch.sve_state))
@@ -807,6 +807,7 @@ static bool validate_realm_set_reg(struct kvm_vcpu *vcpu,
switch (reg->id) {
case KVM_REG_ARM_PMCR_EL0:
case KVM_REG_ARM_ID_AA64DFR0_EL1:
+ case KVM_REG_ARM64_SVE_VLS:
return true;
}
}
diff --git a/arch/arm64/kvm/rme.c b/arch/arm64/kvm/rme.c
index cd5b74aac092..93aab6caddf5 100644
--- a/arch/arm64/kvm/rme.c
+++ b/arch/arm64/kvm/rme.c
@@ -309,6 +309,44 @@ static int get_start_level(struct realm *realm)
return 4 - stage2_pgtable_levels(realm->ia_bits);
}
+static int realm_init_sve_param(struct kvm *kvm, struct realm_params *params)
+{
+ int ret = 0;
+ unsigned long i;
+ struct kvm_vcpu *vcpu;
+ int max_vl, realm_max_vl = -1;
+
+ /*
+ * Get the preferred SVE configuration, set by userspace with the
+ * KVM_ARM_VCPU_SVE feature and KVM_REG_ARM64_SVE_VLS pseudo-register.
+ */
+ kvm_for_each_vcpu(i, vcpu, kvm) {
+ mutex_lock(&vcpu->mutex);
+ if (vcpu_has_sve(vcpu)) {
+ if (!kvm_arm_vcpu_sve_finalized(vcpu))
+ ret = -EINVAL;
+ max_vl = vcpu->arch.sve_max_vl;
+ } else {
+ max_vl = 0;
+ }
+ mutex_unlock(&vcpu->mutex);
+ if (ret)
+ return ret;
+
+ /* We need all vCPUs to have the same SVE config */
+ if (realm_max_vl >= 0 && realm_max_vl != max_vl)
+ return -EINVAL;
+
+ realm_max_vl = max_vl;
+ }
+
+ if (realm_max_vl > 0) {
+ params->sve_vl = sve_vq_from_vl(realm_max_vl) - 1;
+ params->flags |= RMI_REALM_PARAM_FLAG_SVE;
+ }
+ return 0;
+}
+
static int realm_create_rd(struct kvm *kvm)
{
struct realm *realm = &kvm->arch.realm;
@@ -355,6 +393,10 @@ static int realm_create_rd(struct kvm *kvm)
params->flags |= RMI_REALM_PARAM_FLAG_PMU;
}
+ r = realm_init_sve_param(kvm, params);
+ if (r)
+ goto out_undelegate_tables;
+
params_phys = virt_to_phys(params);
if (rmi_realm_create(rd_phys, params_phys)) {
--
2.34.1
Powered by blists - more mailing lists