[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <868qv6717r.wl-maz@kernel.org>
Date: Wed, 02 Oct 2024 20:29:28 +0100
From: Marc Zyngier <maz@...nel.org>
To: Mark Brown <broonie@...nel.org>
Cc: Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will@...nel.org>,
Jonathan Corbet <corbet@....net>,
Andrew Morton <akpm@...ux-foundation.org>,
Oliver Upton <oliver.upton@...ux.dev>,
James Morse <james.morse@....com>,
Suzuki K Poulose <suzuki.poulose@....com>,
Arnd Bergmann <arnd@...db.de>,
Oleg Nesterov <oleg@...hat.com>,
Eric Biederman <ebiederm@...ssion.com>,
Shuah Khan <shuah@...nel.org>,
"Rick P. Edgecombe" <rick.p.edgecombe@...el.com>,
Deepak Gupta <debug@...osinc.com>,
Ard Biesheuvel <ardb@...nel.org>,
Szabolcs Nagy <Szabolcs.Nagy@....com>,
Kees Cook <kees@...nel.org>,
"H.J. Lu" <hjl.tools@...il.com>,
Paul Walmsley <paul.walmsley@...ive.com>,
Palmer Dabbelt <palmer@...belt.com>,
Albert Ou <aou@...s.berkeley.edu>,
Florian Weimer <fweimer@...hat.com>,
Christian Brauner <brauner@...nel.org>,
Thiago Jung Bauermann <thiago.bauermann@...aro.org>,
Ross Burton <ross.burton@....com>,
David Spickett <david.spickett@....com>,
Yury Khrustalev <yury.khrustalev@....com>,
Wilco Dijkstra <wilco.dijkstra@....com>,
linux-arm-kernel@...ts.infradead.org,
linux-doc@...r.kernel.org,
kvmarm@...ts.linux.dev,
linux-fsdevel@...r.kernel.org,
linux-arch@...r.kernel.org,
linux-mm@...ck.org,
linux-kselftest@...r.kernel.org,
linux-kernel@...r.kernel.org,
linux-riscv@...ts.infradead.org
Subject: Re: [PATCH v13 16/40] KVM: arm64: Manage GCS access and registers for guests
On Wed, 02 Oct 2024 19:24:12 +0100,
Mark Brown <broonie@...nel.org> wrote:
>
> [1 <text/plain; us-ascii (7bit)>]
> On Wed, Oct 02, 2024 at 04:55:25PM +0100, Marc Zyngier wrote:
> > Marc Zyngier <maz@...nel.org> wrote:
>
> > > > + if (!kvm_has_gcs(kvm))
> > > > + kvm->arch.fgu[HFGxTR_GROUP] |= (HFGxTR_EL2_nGCS_EL0 |
> > > > + HFGxTR_EL2_nGCS_EL1);
>
> > > Why are you still allowing the GCS instructions when GCS isn't
> > > enabled?
>
> > Scratch that, they are NOPs when GCS isn't enabled, so there shouldn't
> > be any need for extra traps.
>
> They are, though really they should UNDEF if GCS isn't there (which I
> had thought was what you were referencing here). Equally we only have
> traps for a subset of GCS instructions and it's not like there aren't a
> whole bunch of untrappable extensions anyway so it's not clear it's
> worth the effort just for that.
If the encodings UNDEF when GCS is not implemented (i.e. they are not
in the NOP space), then all trapable instructions should absolutely
UNDEF (and yes, it is worth the effort, even if it is only to
demonstrate that the architecture is sub-par).
So I expect the next version to handle traps for GCSPUSHX, GCSPOPX,
GCSPUSHM, GCSSTR and GCSSTTR when GCS isn't enabled.
I'm also pretty sure this is missing some form of sanitisation for
PSTATE.EXLOCK, and looking at the pseudocode, you seem to be missing
the handling of that bit on exception injection.
M.
--
Without deviation from the norm, progress is not possible.
Powered by blists - more mailing lists