| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20240610134202.54893-40-steven.price@arm.com>
Date: Mon, 10 Jun 2024 14:41:58 +0100
From: Steven Price <steven.price@....com>
To: kvm@...r.kernel.org,
kvmarm@...ts.linux.dev
Cc: Jean-Philippe Brucker <jean-philippe@...aro.org>,
Catalin Marinas <catalin.marinas@....com>,
Marc Zyngier <maz@...nel.org>,
Will Deacon <will@...nel.org>,
James Morse <james.morse@....com>,
Oliver Upton <oliver.upton@...ux.dev>,
Suzuki K Poulose <suzuki.poulose@....com>,
Zenghui Yu <yuzenghui@...wei.com>,
linux-arm-kernel@...ts.infradead.org,
linux-kernel@...r.kernel.org,
Joey Gouly <joey.gouly@....com>,
Alexandru Elisei <alexandru.elisei@....com>,
Christoffer Dall <christoffer.dall@....com>,
Fuad Tabba <tabba@...gle.com>,
linux-coco@...ts.linux.dev,
Ganapatrao Kulkarni <gankulkarni@...amperecomputing.com>,
Steven Price <steven.price@....com>
Subject: [PATCH v3 39/43] arm64: RME: Configure max SVE vector length for a Realm
From: Jean-Philippe Brucker <jean-philippe@...aro.org>
Obtain the max vector length configured by userspace on the vCPUs, and
write it into the Realm parameters. By default the vCPU is configured
with the max vector length reported by RMM, and userspace can reduce it
with a write to KVM_REG_ARM64_SVE_VLS.
Signed-off-by: Jean-Philippe Brucker <jean-philippe@...aro.org>
Signed-off-by: Steven Price <steven.price@....com>
---
arch/arm64/kvm/guest.c | 3 ++-
arch/arm64/kvm/rme.c | 42 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 44 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c
index c06098bc5392..e3366c9bdd9d 100644
--- a/arch/arm64/kvm/guest.c
+++ b/arch/arm64/kvm/guest.c
@@ -341,7 +341,7 @@ static int set_sve_vls(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg)
if (!vcpu_has_sve(vcpu))
return -ENOENT;
- if (kvm_arm_vcpu_sve_finalized(vcpu))
+ if (kvm_arm_vcpu_sve_finalized(vcpu) || kvm_realm_is_created(vcpu->kvm))
return -EPERM; /* too late! */
if (WARN_ON(vcpu->arch.sve_state))
@@ -807,6 +807,7 @@ static bool validate_realm_set_reg(struct kvm_vcpu *vcpu,
switch (reg->id) {
case KVM_REG_ARM_PMCR_EL0:
case KVM_REG_ARM_ID_AA64DFR0_EL1:
+ case KVM_REG_ARM64_SVE_VLS:
return true;
}
}
diff --git a/arch/arm64/kvm/rme.c b/arch/arm64/kvm/rme.c
index 81964d87daa6..3f2e2aa4ceac 100644
--- a/arch/arm64/kvm/rme.c
+++ b/arch/arm64/kvm/rme.c
@@ -319,6 +319,44 @@ u64 kvm_realm_reset_id_aa64dfr0_el1(struct kvm_vcpu *vcpu, u64 val)
return val;
}
+static int realm_init_sve_param(struct kvm *kvm, struct realm_params *params)
+{
+ int ret = 0;
+ unsigned long i;
+ struct kvm_vcpu *vcpu;
+ int max_vl, realm_max_vl = -1;
+
+ /*
+ * Get the preferred SVE configuration, set by userspace with the
+ * KVM_ARM_VCPU_SVE feature and KVM_REG_ARM64_SVE_VLS pseudo-register.
+ */
+ kvm_for_each_vcpu(i, vcpu, kvm) {
+ mutex_lock(&vcpu->mutex);
+ if (vcpu_has_sve(vcpu)) {
+ if (!kvm_arm_vcpu_sve_finalized(vcpu))
+ ret = -EINVAL;
+ max_vl = vcpu->arch.sve_max_vl;
+ } else {
+ max_vl = 0;
+ }
+ mutex_unlock(&vcpu->mutex);
+ if (ret)
+ return ret;
+
+ /* We need all vCPUs to have the same SVE config */
+ if (realm_max_vl >= 0 && realm_max_vl != max_vl)
+ return -EINVAL;
+
+ realm_max_vl = max_vl;
+ }
+
+ if (realm_max_vl > 0) {
+ params->sve_vl = sve_vq_from_vl(realm_max_vl) - 1;
+ params->flags |= RMI_REALM_PARAM_FLAG_SVE;
+ }
+ return 0;
+}
+
static int realm_create_rd(struct kvm *kvm)
{
struct realm *realm = &kvm->arch.realm;
@@ -366,6 +404,10 @@ static int realm_create_rd(struct kvm *kvm)
params->flags |= RMI_REALM_PARAM_FLAG_PMU;
}
+ r = realm_init_sve_param(kvm, params);
+ if (r)
+ goto out_undelegate_tables;
+
params_phys = virt_to_phys(params);
if (rmi_realm_create(rd_phys, params_phys)) {
--
2.34.1
Powered by blists - more mailing lists