13061725dSMarc Zyngier /* SPDX-License-Identifier: GPL-2.0-only */ 23061725dSMarc Zyngier /* 33061725dSMarc Zyngier * Copyright (C) 2021 Google LLC 43061725dSMarc Zyngier * Author: Fuad Tabba <tabba@google.com> 53061725dSMarc Zyngier */ 63061725dSMarc Zyngier 73061725dSMarc Zyngier #ifndef __ARM64_KVM_FIXED_CONFIG_H__ 83061725dSMarc Zyngier #define __ARM64_KVM_FIXED_CONFIG_H__ 93061725dSMarc Zyngier 103061725dSMarc Zyngier #include <asm/sysreg.h> 113061725dSMarc Zyngier 123061725dSMarc Zyngier /* 133061725dSMarc Zyngier * This file contains definitions for features to be allowed or restricted for 143061725dSMarc Zyngier * guest virtual machines, depending on the mode KVM is running in and on the 153061725dSMarc Zyngier * type of guest that is running. 163061725dSMarc Zyngier * 173061725dSMarc Zyngier * The ALLOW masks represent a bitmask of feature fields that are allowed 183061725dSMarc Zyngier * without any restrictions as long as they are supported by the system. 193061725dSMarc Zyngier * 203061725dSMarc Zyngier * The RESTRICT_UNSIGNED masks, if present, represent unsigned fields for 213061725dSMarc Zyngier * features that are restricted to support at most the specified feature. 223061725dSMarc Zyngier * 233061725dSMarc Zyngier * If a feature field is not present in either, than it is not supported. 243061725dSMarc Zyngier * 253061725dSMarc Zyngier * The approach taken for protected VMs is to allow features that are: 263061725dSMarc Zyngier * - Needed by common Linux distributions (e.g., floating point) 273061725dSMarc Zyngier * - Trivial to support, e.g., supporting the feature does not introduce or 283061725dSMarc Zyngier * require tracking of additional state in KVM 293061725dSMarc Zyngier * - Cannot be trapped or prevent the guest from using anyway 303061725dSMarc Zyngier */ 313061725dSMarc Zyngier 323061725dSMarc Zyngier /* 333061725dSMarc Zyngier * Allow for protected VMs: 343061725dSMarc Zyngier * - Floating-point and Advanced SIMD 353061725dSMarc Zyngier * - Data Independent Timing 36*e8162521SFuad Tabba * - Spectre/Meltdown Mitigation 373061725dSMarc Zyngier */ 383061725dSMarc Zyngier #define PVM_ID_AA64PFR0_ALLOW (\ 3955adc08dSMark Brown ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_FP) | \ 405620b4b0SMark Brown ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_AdvSIMD) | \ 41*e8162521SFuad Tabba ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_DIT) | \ 42*e8162521SFuad Tabba ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_CSV2) | \ 43*e8162521SFuad Tabba ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_CSV3) \ 443061725dSMarc Zyngier ) 453061725dSMarc Zyngier 463061725dSMarc Zyngier /* 473061725dSMarc Zyngier * Restrict to the following *unsigned* features for protected VMs: 483061725dSMarc Zyngier * - AArch64 guests only (no support for AArch32 guests): 493061725dSMarc Zyngier * AArch32 adds complexity in trap handling, emulation, condition codes, 503061725dSMarc Zyngier * etc... 513061725dSMarc Zyngier * - RAS (v1) 523061725dSMarc Zyngier * Supported by KVM 533061725dSMarc Zyngier */ 543061725dSMarc Zyngier #define PVM_ID_AA64PFR0_RESTRICT_UNSIGNED (\ 5555adc08dSMark Brown FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_EL0), ID_AA64PFR0_EL1_ELx_64BIT_ONLY) | \ 5655adc08dSMark Brown FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_EL1), ID_AA64PFR0_EL1_ELx_64BIT_ONLY) | \ 5755adc08dSMark Brown FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_EL2), ID_AA64PFR0_EL1_ELx_64BIT_ONLY) | \ 5855adc08dSMark Brown FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_EL3), ID_AA64PFR0_EL1_ELx_64BIT_ONLY) | \ 594f8456c3SMark Brown FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_RAS), ID_AA64PFR0_EL1_RAS_IMP) \ 603061725dSMarc Zyngier ) 613061725dSMarc Zyngier 623061725dSMarc Zyngier /* 633061725dSMarc Zyngier * Allow for protected VMs: 643061725dSMarc Zyngier * - Branch Target Identification 653061725dSMarc Zyngier * - Speculative Store Bypassing 663061725dSMarc Zyngier */ 673061725dSMarc Zyngier #define PVM_ID_AA64PFR1_ALLOW (\ 686ca2b9caSMark Brown ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_BT) | \ 696ca2b9caSMark Brown ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_SSBS) \ 703061725dSMarc Zyngier ) 713061725dSMarc Zyngier 723061725dSMarc Zyngier /* 733061725dSMarc Zyngier * Allow for protected VMs: 743061725dSMarc Zyngier * - Mixed-endian 753061725dSMarc Zyngier * - Distinction between Secure and Non-secure Memory 763061725dSMarc Zyngier * - Mixed-endian at EL0 only 773061725dSMarc Zyngier * - Non-context synchronizing exception entry and exit 783061725dSMarc Zyngier */ 793061725dSMarc Zyngier #define PVM_ID_AA64MMFR0_ALLOW (\ 80ed7c138dSMark Brown ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_BIGEND) | \ 812d987e64SMark Brown ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_SNSMEM) | \ 822d987e64SMark Brown ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_BIGENDEL0) | \ 832d987e64SMark Brown ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_EXS) \ 843061725dSMarc Zyngier ) 853061725dSMarc Zyngier 863061725dSMarc Zyngier /* 873061725dSMarc Zyngier * Restrict to the following *unsigned* features for protected VMs: 883061725dSMarc Zyngier * - 40-bit IPA 893061725dSMarc Zyngier * - 16-bit ASID 903061725dSMarc Zyngier */ 913061725dSMarc Zyngier #define PVM_ID_AA64MMFR0_RESTRICT_UNSIGNED (\ 922d987e64SMark Brown FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_PARANGE), ID_AA64MMFR0_EL1_PARANGE_40) | \ 9307d7d848SMark Brown FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_ASIDBITS), ID_AA64MMFR0_EL1_ASIDBITS_16) \ 943061725dSMarc Zyngier ) 953061725dSMarc Zyngier 963061725dSMarc Zyngier /* 973061725dSMarc Zyngier * Allow for protected VMs: 983061725dSMarc Zyngier * - Hardware translation table updates to Access flag and Dirty state 993061725dSMarc Zyngier * - Number of VMID bits from CPU 1003061725dSMarc Zyngier * - Hierarchical Permission Disables 1013061725dSMarc Zyngier * - Privileged Access Never 1023061725dSMarc Zyngier * - SError interrupt exceptions from speculative reads 1033061725dSMarc Zyngier * - Enhanced Translation Synchronization 1043061725dSMarc Zyngier */ 1053061725dSMarc Zyngier #define PVM_ID_AA64MMFR1_ALLOW (\ 1066fcd0193SKristina Martsenko ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_HAFDBS) | \ 1076fcd0193SKristina Martsenko ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_VMIDBits) | \ 1086fcd0193SKristina Martsenko ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_HPDS) | \ 1096fcd0193SKristina Martsenko ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_PAN) | \ 1106fcd0193SKristina Martsenko ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_SpecSEI) | \ 1116fcd0193SKristina Martsenko ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_ETS) \ 1123061725dSMarc Zyngier ) 1133061725dSMarc Zyngier 1143061725dSMarc Zyngier /* 1153061725dSMarc Zyngier * Allow for protected VMs: 1163061725dSMarc Zyngier * - Common not Private translations 1173061725dSMarc Zyngier * - User Access Override 1183061725dSMarc Zyngier * - IESB bit in the SCTLR_ELx registers 1193061725dSMarc Zyngier * - Unaligned single-copy atomicity and atomic functions 1203061725dSMarc Zyngier * - ESR_ELx.EC value on an exception by read access to feature ID space 1213061725dSMarc Zyngier * - TTL field in address operations. 1223061725dSMarc Zyngier * - Break-before-make sequences when changing translation block size 1233061725dSMarc Zyngier * - E0PDx mechanism 1243061725dSMarc Zyngier */ 1253061725dSMarc Zyngier #define PVM_ID_AA64MMFR2_ALLOW (\ 126ca951862SMark Brown ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_CnP) | \ 127a957c6beSMark Brown ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_UAO) | \ 128a957c6beSMark Brown ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_IESB) | \ 129a957c6beSMark Brown ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_AT) | \ 130a957c6beSMark Brown ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_IDS) | \ 131a957c6beSMark Brown ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_TTL) | \ 132a957c6beSMark Brown ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_BBM) | \ 133a957c6beSMark Brown ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_E0PD) \ 1343061725dSMarc Zyngier ) 1353061725dSMarc Zyngier 1363061725dSMarc Zyngier /* 1373061725dSMarc Zyngier * No support for Scalable Vectors for protected VMs: 1383061725dSMarc Zyngier * Requires additional support from KVM, e.g., context-switching and 1393061725dSMarc Zyngier * trapping at EL2 1403061725dSMarc Zyngier */ 1413061725dSMarc Zyngier #define PVM_ID_AA64ZFR0_ALLOW (0ULL) 1423061725dSMarc Zyngier 1433061725dSMarc Zyngier /* 1443061725dSMarc Zyngier * No support for debug, including breakpoints, and watchpoints for protected 1453061725dSMarc Zyngier * VMs: 1463061725dSMarc Zyngier * The Arm architecture mandates support for at least the Armv8 debug 1473061725dSMarc Zyngier * architecture, which would include at least 2 hardware breakpoints and 1483061725dSMarc Zyngier * watchpoints. Providing that support to protected guests adds 1493061725dSMarc Zyngier * considerable state and complexity. Therefore, the reserved value of 0 is 1503061725dSMarc Zyngier * used for debug-related fields. 1513061725dSMarc Zyngier */ 1523061725dSMarc Zyngier #define PVM_ID_AA64DFR0_ALLOW (0ULL) 1533061725dSMarc Zyngier #define PVM_ID_AA64DFR1_ALLOW (0ULL) 1543061725dSMarc Zyngier 1553061725dSMarc Zyngier /* 1563061725dSMarc Zyngier * No support for implementation defined features. 1573061725dSMarc Zyngier */ 1583061725dSMarc Zyngier #define PVM_ID_AA64AFR0_ALLOW (0ULL) 1593061725dSMarc Zyngier #define PVM_ID_AA64AFR1_ALLOW (0ULL) 1603061725dSMarc Zyngier 1613061725dSMarc Zyngier /* 1623061725dSMarc Zyngier * No restrictions on instructions implemented in AArch64. 1633061725dSMarc Zyngier */ 1643061725dSMarc Zyngier #define PVM_ID_AA64ISAR0_ALLOW (\ 1650eda2ec4SMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_AES) | \ 1660eda2ec4SMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_SHA1) | \ 1670eda2ec4SMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_SHA2) | \ 1680eda2ec4SMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_CRC32) | \ 1690eda2ec4SMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_ATOMIC) | \ 1700eda2ec4SMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_RDM) | \ 1710eda2ec4SMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_SHA3) | \ 1720eda2ec4SMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_SM3) | \ 1730eda2ec4SMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_SM4) | \ 1740eda2ec4SMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_DP) | \ 1750eda2ec4SMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_FHM) | \ 1760eda2ec4SMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_TS) | \ 1770eda2ec4SMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_TLB) | \ 1780eda2ec4SMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_RNDR) \ 1793061725dSMarc Zyngier ) 1803061725dSMarc Zyngier 1813061725dSMarc Zyngier #define PVM_ID_AA64ISAR1_ALLOW (\ 182aa50479bSMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_DPB) | \ 183aa50479bSMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_APA) | \ 184aa50479bSMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_API) | \ 185aa50479bSMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_JSCVT) | \ 186aa50479bSMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_FCMA) | \ 187aa50479bSMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_LRCPC) | \ 188aa50479bSMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_GPA) | \ 189aa50479bSMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_GPI) | \ 190aa50479bSMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_FRINTTS) | \ 191aa50479bSMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_SB) | \ 192aa50479bSMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_SPECRES) | \ 193aa50479bSMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_BF16) | \ 194aa50479bSMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_DGH) | \ 195aa50479bSMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_I8MM) \ 1963061725dSMarc Zyngier ) 1973061725dSMarc Zyngier 198def8c222SVladimir Murzin #define PVM_ID_AA64ISAR2_ALLOW (\ 199b2d71f27SMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR2_EL1_GPA3) | \ 200b2d71f27SMark Brown ARM64_FEATURE_MASK(ID_AA64ISAR2_EL1_APA3) \ 201def8c222SVladimir Murzin ) 202def8c222SVladimir Murzin 2033061725dSMarc Zyngier u64 pvm_read_id_reg(const struct kvm_vcpu *vcpu, u32 id); 2043061725dSMarc Zyngier bool kvm_handle_pvm_sysreg(struct kvm_vcpu *vcpu, u64 *exit_code); 205746bdeadSMarc Zyngier bool kvm_handle_pvm_restricted(struct kvm_vcpu *vcpu, u64 *exit_code); 2063061725dSMarc Zyngier int kvm_check_pvm_sysreg_table(void); 2073061725dSMarc Zyngier 2083061725dSMarc Zyngier #endif /* __ARM64_KVM_FIXED_CONFIG_H__ */ 209