~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/arch/arm64/kvm/hyp/include/nvhe/fixed_config.h

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /* SPDX-License-Identifier: GPL-2.0-only */
  2 /*
  3  * Copyright (C) 2021 Google LLC
  4  * Author: Fuad Tabba <tabba@google.com>
  5  */
  6 
  7 #ifndef __ARM64_KVM_FIXED_CONFIG_H__
  8 #define __ARM64_KVM_FIXED_CONFIG_H__
  9 
 10 #include <asm/sysreg.h>
 11 
 12 /*
 13  * This file contains definitions for features to be allowed or restricted for
 14  * guest virtual machines, depending on the mode KVM is running in and on the
 15  * type of guest that is running.
 16  *
 17  * The ALLOW masks represent a bitmask of feature fields that are allowed
 18  * without any restrictions as long as they are supported by the system.
 19  *
 20  * The RESTRICT_UNSIGNED masks, if present, represent unsigned fields for
 21  * features that are restricted to support at most the specified feature.
 22  *
 23  * If a feature field is not present in either, than it is not supported.
 24  *
 25  * The approach taken for protected VMs is to allow features that are:
 26  * - Needed by common Linux distributions (e.g., floating point)
 27  * - Trivial to support, e.g., supporting the feature does not introduce or
 28  * require tracking of additional state in KVM
 29  * - Cannot be trapped or prevent the guest from using anyway
 30  */
 31 
 32 /*
 33  * Allow for protected VMs:
 34  * - Floating-point and Advanced SIMD
 35  * - Data Independent Timing
 36  * - Spectre/Meltdown Mitigation
 37  */
 38 #define PVM_ID_AA64PFR0_ALLOW (\
 39         ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_FP) | \
 40         ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_AdvSIMD) | \
 41         ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_DIT) | \
 42         ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_CSV2) | \
 43         ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_CSV3) \
 44         )
 45 
 46 /*
 47  * Restrict to the following *unsigned* features for protected VMs:
 48  * - AArch64 guests only (no support for AArch32 guests):
 49  *      AArch32 adds complexity in trap handling, emulation, condition codes,
 50  *      etc...
 51  * - RAS (v1)
 52  *      Supported by KVM
 53  */
 54 #define PVM_ID_AA64PFR0_RESTRICT_UNSIGNED (\
 55         SYS_FIELD_PREP_ENUM(ID_AA64PFR0_EL1, EL0, IMP) | \
 56         SYS_FIELD_PREP_ENUM(ID_AA64PFR0_EL1, EL1, IMP) | \
 57         SYS_FIELD_PREP_ENUM(ID_AA64PFR0_EL1, EL2, IMP) | \
 58         SYS_FIELD_PREP_ENUM(ID_AA64PFR0_EL1, EL3, IMP) | \
 59         SYS_FIELD_PREP_ENUM(ID_AA64PFR0_EL1, RAS, IMP) \
 60         )
 61 
 62 /*
 63  * Allow for protected VMs:
 64  * - Branch Target Identification
 65  * - Speculative Store Bypassing
 66  */
 67 #define PVM_ID_AA64PFR1_ALLOW (\
 68         ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_BT) | \
 69         ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_SSBS) \
 70         )
 71 
 72 #define PVM_ID_AA64PFR2_ALLOW 0ULL
 73 
 74 /*
 75  * Allow for protected VMs:
 76  * - Mixed-endian
 77  * - Distinction between Secure and Non-secure Memory
 78  * - Mixed-endian at EL0 only
 79  * - Non-context synchronizing exception entry and exit
 80  */
 81 #define PVM_ID_AA64MMFR0_ALLOW (\
 82         ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_BIGEND) | \
 83         ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_SNSMEM) | \
 84         ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_BIGENDEL0) | \
 85         ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_EXS) \
 86         )
 87 
 88 /*
 89  * Restrict to the following *unsigned* features for protected VMs:
 90  * - 40-bit IPA
 91  * - 16-bit ASID
 92  */
 93 #define PVM_ID_AA64MMFR0_RESTRICT_UNSIGNED (\
 94         FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_PARANGE), ID_AA64MMFR0_EL1_PARANGE_40) | \
 95         FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_ASIDBITS), ID_AA64MMFR0_EL1_ASIDBITS_16) \
 96         )
 97 
 98 /*
 99  * Allow for protected VMs:
100  * - Hardware translation table updates to Access flag and Dirty state
101  * - Number of VMID bits from CPU
102  * - Hierarchical Permission Disables
103  * - Privileged Access Never
104  * - SError interrupt exceptions from speculative reads
105  * - Enhanced Translation Synchronization
106  * - Control for cache maintenance permission
107  */
108 #define PVM_ID_AA64MMFR1_ALLOW (\
109         ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_HAFDBS) | \
110         ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_VMIDBits) | \
111         ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_HPDS) | \
112         ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_PAN) | \
113         ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_SpecSEI) | \
114         ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_ETS) | \
115         ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_CMOW) \
116         )
117 
118 /*
119  * Allow for protected VMs:
120  * - Common not Private translations
121  * - User Access Override
122  * - IESB bit in the SCTLR_ELx registers
123  * - Unaligned single-copy atomicity and atomic functions
124  * - ESR_ELx.EC value on an exception by read access to feature ID space
125  * - TTL field in address operations.
126  * - Break-before-make sequences when changing translation block size
127  * - E0PDx mechanism
128  */
129 #define PVM_ID_AA64MMFR2_ALLOW (\
130         ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_CnP) | \
131         ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_UAO) | \
132         ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_IESB) | \
133         ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_AT) | \
134         ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_IDS) | \
135         ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_TTL) | \
136         ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_BBM) | \
137         ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_E0PD) \
138         )
139 
140 #define PVM_ID_AA64MMFR3_ALLOW (0ULL)
141 
142 /*
143  * No support for Scalable Vectors for protected VMs:
144  *      Requires additional support from KVM, e.g., context-switching and
145  *      trapping at EL2
146  */
147 #define PVM_ID_AA64ZFR0_ALLOW (0ULL)
148 
149 /*
150  * No support for debug, including breakpoints, and watchpoints for protected
151  * VMs:
152  *      The Arm architecture mandates support for at least the Armv8 debug
153  *      architecture, which would include at least 2 hardware breakpoints and
154  *      watchpoints. Providing that support to protected guests adds
155  *      considerable state and complexity. Therefore, the reserved value of 0 is
156  *      used for debug-related fields.
157  */
158 #define PVM_ID_AA64DFR0_ALLOW (0ULL)
159 #define PVM_ID_AA64DFR1_ALLOW (0ULL)
160 
161 /*
162  * No support for implementation defined features.
163  */
164 #define PVM_ID_AA64AFR0_ALLOW (0ULL)
165 #define PVM_ID_AA64AFR1_ALLOW (0ULL)
166 
167 /*
168  * No restrictions on instructions implemented in AArch64.
169  */
170 #define PVM_ID_AA64ISAR0_ALLOW (\
171         ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_AES) | \
172         ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_SHA1) | \
173         ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_SHA2) | \
174         ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_CRC32) | \
175         ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_ATOMIC) | \
176         ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_RDM) | \
177         ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_SHA3) | \
178         ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_SM3) | \
179         ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_SM4) | \
180         ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_DP) | \
181         ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_FHM) | \
182         ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_TS) | \
183         ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_TLB) | \
184         ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_RNDR) \
185         )
186 
187 /* Restrict pointer authentication to the basic version. */
188 #define PVM_ID_AA64ISAR1_RESTRICT_UNSIGNED (\
189         FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_APA), ID_AA64ISAR1_EL1_APA_PAuth) | \
190         FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_API), ID_AA64ISAR1_EL1_API_PAuth) \
191         )
192 
193 #define PVM_ID_AA64ISAR2_RESTRICT_UNSIGNED (\
194         FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64ISAR2_EL1_APA3), ID_AA64ISAR2_EL1_APA3_PAuth) \
195         )
196 
197 #define PVM_ID_AA64ISAR1_ALLOW (\
198         ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_DPB) | \
199         ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_JSCVT) | \
200         ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_FCMA) | \
201         ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_LRCPC) | \
202         ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_GPA) | \
203         ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_GPI) | \
204         ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_FRINTTS) | \
205         ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_SB) | \
206         ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_SPECRES) | \
207         ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_BF16) | \
208         ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_DGH) | \
209         ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_I8MM) \
210         )
211 
212 #define PVM_ID_AA64ISAR2_ALLOW (\
213         ARM64_FEATURE_MASK(ID_AA64ISAR2_EL1_ATS1A)| \
214         ARM64_FEATURE_MASK(ID_AA64ISAR2_EL1_GPA3) | \
215         ARM64_FEATURE_MASK(ID_AA64ISAR2_EL1_MOPS) \
216         )
217 
218 u64 pvm_read_id_reg(const struct kvm_vcpu *vcpu, u32 id);
219 bool kvm_handle_pvm_sysreg(struct kvm_vcpu *vcpu, u64 *exit_code);
220 bool kvm_handle_pvm_restricted(struct kvm_vcpu *vcpu, u64 *exit_code);
221 int kvm_check_pvm_sysreg_table(void);
222 
223 #endif /* __ARM64_KVM_FIXED_CONFIG_H__ */
224 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php