tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

KVM: arm64: Add sanitisation to SCTLR_EL2

Sanitise SCTLR_EL2 the usual way. The most important aspect of
this is that we benefit from SCTLR_EL2.SPAN being RES1 when
HCR_EL2.E2H==0.

Reviewed-by: Fuad Tabba <tabba@google.com>
Tested-by: Fuad Tabba <tabba@google.com>
Link: https://patch.msgid.link/20260202184329.2724080-20-maz@kernel.org
Signed-off-by: Marc Zyngier <maz@kernel.org>

Marc Zyngier e8ef2790 fb40cb15

+87 -1
+1 -1
arch/arm64/include/asm/kvm_host.h
··· 495 495 DBGVCR32_EL2, /* Debug Vector Catch Register */ 496 496 497 497 /* EL2 registers */ 498 - SCTLR_EL2, /* System Control Register (EL2) */ 499 498 ACTLR_EL2, /* Auxiliary Control Register (EL2) */ 500 499 CPTR_EL2, /* Architectural Feature Trap Register (EL2) */ 501 500 HACR_EL2, /* Hypervisor Auxiliary Control Register */ ··· 525 526 526 527 /* Anything from this can be RES0/RES1 sanitised */ 527 528 MARKER(__SANITISED_REG_START__), 529 + SCTLR_EL2, /* System Control Register (EL2) */ 528 530 TCR2_EL2, /* Extended Translation Control Register (EL2) */ 529 531 SCTLR2_EL2, /* System Control Register 2 (EL2) */ 530 532 MDCR_EL2, /* Monitor Debug Configuration Register (EL2) */
+82
arch/arm64/kvm/config.c
··· 1123 1123 static const DECLARE_FEAT_MAP(sctlr_el1_desc, SCTLR_EL1, 1124 1124 sctlr_el1_feat_map, FEAT_AA64EL1); 1125 1125 1126 + static const struct reg_bits_to_feat_map sctlr_el2_feat_map[] = { 1127 + NEEDS_FEAT_FLAG(SCTLR_EL2_CP15BEN, 1128 + RES1_WHEN_E2H0 | REQUIRES_E2H1, 1129 + FEAT_AA32EL0), 1130 + NEEDS_FEAT_FLAG(SCTLR_EL2_ITD | 1131 + SCTLR_EL2_SED, 1132 + RES1_WHEN_E2H1 | REQUIRES_E2H1, 1133 + FEAT_AA32EL0), 1134 + NEEDS_FEAT_FLAG(SCTLR_EL2_BT0, REQUIRES_E2H1, FEAT_BTI), 1135 + NEEDS_FEAT(SCTLR_EL2_BT, FEAT_BTI), 1136 + NEEDS_FEAT_FLAG(SCTLR_EL2_CMOW, REQUIRES_E2H1, FEAT_CMOW), 1137 + NEEDS_FEAT_FLAG(SCTLR_EL2_TSCXT, 1138 + RES1_WHEN_E2H1 | REQUIRES_E2H1, 1139 + feat_csv2_2_csv2_1p2), 1140 + NEEDS_FEAT_FLAG(SCTLR_EL2_EIS | 1141 + SCTLR_EL2_EOS, 1142 + AS_RES1, FEAT_ExS), 1143 + NEEDS_FEAT(SCTLR_EL2_EnFPM, FEAT_FPMR), 1144 + NEEDS_FEAT(SCTLR_EL2_IESB, FEAT_IESB), 1145 + NEEDS_FEAT_FLAG(SCTLR_EL2_EnALS, REQUIRES_E2H1, FEAT_LS64), 1146 + NEEDS_FEAT_FLAG(SCTLR_EL2_EnAS0, REQUIRES_E2H1, FEAT_LS64_ACCDATA), 1147 + NEEDS_FEAT_FLAG(SCTLR_EL2_EnASR, REQUIRES_E2H1, FEAT_LS64_V), 1148 + NEEDS_FEAT(SCTLR_EL2_nAA, FEAT_LSE2), 1149 + NEEDS_FEAT_FLAG(SCTLR_EL2_LSMAOE | 1150 + SCTLR_EL2_nTLSMD, 1151 + AS_RES1 | REQUIRES_E2H1, FEAT_LSMAOC), 1152 + NEEDS_FEAT(SCTLR_EL2_EE, FEAT_MixedEnd), 1153 + NEEDS_FEAT_FLAG(SCTLR_EL2_E0E, REQUIRES_E2H1, feat_mixedendel0), 1154 + NEEDS_FEAT_FLAG(SCTLR_EL2_MSCEn, REQUIRES_E2H1, FEAT_MOPS), 1155 + NEEDS_FEAT_FLAG(SCTLR_EL2_ATA0 | 1156 + SCTLR_EL2_TCF0, 1157 + REQUIRES_E2H1, FEAT_MTE2), 1158 + NEEDS_FEAT(SCTLR_EL2_ATA | 1159 + SCTLR_EL2_TCF, 1160 + FEAT_MTE2), 1161 + NEEDS_FEAT(SCTLR_EL2_ITFSB, feat_mte_async), 1162 + NEEDS_FEAT_FLAG(SCTLR_EL2_TCSO0, REQUIRES_E2H1, FEAT_MTE_STORE_ONLY), 1163 + NEEDS_FEAT(SCTLR_EL2_TCSO, 1164 + FEAT_MTE_STORE_ONLY), 1165 + NEEDS_FEAT(SCTLR_EL2_NMI | 1166 + SCTLR_EL2_SPINTMASK, 1167 + FEAT_NMI), 1168 + NEEDS_FEAT_FLAG(SCTLR_EL2_SPAN, AS_RES1 | REQUIRES_E2H1, FEAT_PAN), 1169 + NEEDS_FEAT_FLAG(SCTLR_EL2_EPAN, REQUIRES_E2H1, FEAT_PAN3), 1170 + NEEDS_FEAT(SCTLR_EL2_EnDA | 1171 + SCTLR_EL2_EnDB | 1172 + SCTLR_EL2_EnIA | 1173 + SCTLR_EL2_EnIB, 1174 + feat_pauth), 1175 + NEEDS_FEAT_FLAG(SCTLR_EL2_EnTP2, REQUIRES_E2H1, FEAT_SME), 1176 + NEEDS_FEAT(SCTLR_EL2_EnRCTX, FEAT_SPECRES), 1177 + NEEDS_FEAT(SCTLR_EL2_DSSBS, FEAT_SSBS), 1178 + NEEDS_FEAT_FLAG(SCTLR_EL2_TIDCP, REQUIRES_E2H1, FEAT_TIDCP1), 1179 + NEEDS_FEAT_FLAG(SCTLR_EL2_TWEDEL | 1180 + SCTLR_EL2_TWEDEn, 1181 + REQUIRES_E2H1, FEAT_TWED), 1182 + NEEDS_FEAT_FLAG(SCTLR_EL2_nTWE | 1183 + SCTLR_EL2_nTWI, 1184 + AS_RES1 | REQUIRES_E2H1, FEAT_AA64EL2), 1185 + NEEDS_FEAT_FLAG(SCTLR_EL2_UCI | 1186 + SCTLR_EL2_UCT | 1187 + SCTLR_EL2_DZE | 1188 + SCTLR_EL2_SA0, 1189 + REQUIRES_E2H1, FEAT_AA64EL2), 1190 + NEEDS_FEAT(SCTLR_EL2_WXN | 1191 + SCTLR_EL2_I | 1192 + SCTLR_EL2_SA | 1193 + SCTLR_EL2_C | 1194 + SCTLR_EL2_A | 1195 + SCTLR_EL2_M, 1196 + FEAT_AA64EL2), 1197 + FORCE_RES0(SCTLR_EL2_RES0), 1198 + FORCE_RES1(SCTLR_EL2_RES1), 1199 + }; 1200 + 1201 + static const DECLARE_FEAT_MAP(sctlr_el2_desc, SCTLR_EL2, 1202 + sctlr_el2_feat_map, FEAT_AA64EL2); 1203 + 1126 1204 static const struct reg_bits_to_feat_map mdcr_el2_feat_map[] = { 1127 1205 NEEDS_FEAT(MDCR_EL2_EBWE, FEAT_Debugv8p9), 1128 1206 NEEDS_FEAT(MDCR_EL2_TDOSA, FEAT_DoubleLock), ··· 1325 1247 check_reg_desc(&sctlr2_desc); 1326 1248 check_reg_desc(&tcr2_el2_desc); 1327 1249 check_reg_desc(&sctlr_el1_desc); 1250 + check_reg_desc(&sctlr_el2_desc); 1328 1251 check_reg_desc(&mdcr_el2_desc); 1329 1252 check_reg_desc(&vtcr_el2_desc); 1330 1253 } ··· 1521 1442 break; 1522 1443 case SCTLR_EL1: 1523 1444 resx = compute_reg_resx_bits(kvm, &sctlr_el1_desc, 0, 0); 1445 + break; 1446 + case SCTLR_EL2: 1447 + resx = compute_reg_resx_bits(kvm, &sctlr_el2_desc, 0, 0); 1524 1448 break; 1525 1449 case MDCR_EL2: 1526 1450 resx = compute_reg_resx_bits(kvm, &mdcr_el2_desc, 0, 0);
+4
arch/arm64/kvm/nested.c
··· 1766 1766 resx = get_reg_fixed_bits(kvm, SCTLR_EL1); 1767 1767 set_sysreg_masks(kvm, SCTLR_EL1, resx); 1768 1768 1769 + /* SCTLR_EL2 */ 1770 + resx = get_reg_fixed_bits(kvm, SCTLR_EL2); 1771 + set_sysreg_masks(kvm, SCTLR_EL2, resx); 1772 + 1769 1773 /* SCTLR2_ELx */ 1770 1774 resx = get_reg_fixed_bits(kvm, SCTLR2_EL1); 1771 1775 set_sysreg_masks(kvm, SCTLR2_EL1, resx);