1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* 3 * Copyright (C) 2021 Google LLC 4 * Author: Fuad Tabba <tabba@google.com> 5 */ 6 7 #ifndef __ARM64_KVM_FIXED_CONFIG_H__ 8 #define __ARM64_KVM_FIXED_CONFIG_H__ 9 10 #include <asm/sysreg.h> 11 12 /* 13 * This file contains definitions for features to be allowed or restricted for 14 * guest virtual machines, depending on the mode KVM is running in and on the 15 * type of guest that is running. 16 * 17 * The ALLOW masks represent a bitmask of feature fields that are allowed 18 * without any restrictions as long as they are supported by the system. 19 * 20 * The RESTRICT_UNSIGNED masks, if present, represent unsigned fields for 21 * features that are restricted to support at most the specified feature. 22 * 23 * If a feature field is not present in either, than it is not supported. 24 * 25 * The approach taken for protected VMs is to allow features that are: 26 * - Needed by common Linux distributions (e.g., floating point) 27 * - Trivial to support, e.g., supporting the feature does not introduce or 28 * require tracking of additional state in KVM 29 * - Cannot be trapped or prevent the guest from using anyway 30 */ 31 32 /* 33 * Allow for protected VMs: 34 * - Floating-point and Advanced SIMD 35 * - Data Independent Timing 36 * - Spectre/Meltdown Mitigation 37 */ 38 #define PVM_ID_AA64PFR0_ALLOW (\ 39 ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_FP) | \ 40 ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_AdvSIMD) | \ 41 ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_DIT) | \ 42 ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_CSV2) | \ 43 ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_CSV3) \ 44 ) 45 46 /* 47 * Restrict to the following *unsigned* features for protected VMs: 48 * - AArch64 guests only (no support for AArch32 guests): 49 * AArch32 adds complexity in trap handling, emulation, condition codes, 50 * etc... 51 * - RAS (v1) 52 * Supported by KVM 53 */ 54 #define PVM_ID_AA64PFR0_RESTRICT_UNSIGNED (\ 55 FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_EL0), ID_AA64PFR0_EL1_ELx_64BIT_ONLY) | \ 56 FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_EL1), ID_AA64PFR0_EL1_ELx_64BIT_ONLY) | \ 57 FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_EL2), ID_AA64PFR0_EL1_ELx_64BIT_ONLY) | \ 58 FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_EL3), ID_AA64PFR0_EL1_ELx_64BIT_ONLY) | \ 59 FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_RAS), ID_AA64PFR0_EL1_RAS_IMP) \ 60 ) 61 62 /* 63 * Allow for protected VMs: 64 * - Branch Target Identification 65 * - Speculative Store Bypassing 66 */ 67 #define PVM_ID_AA64PFR1_ALLOW (\ 68 ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_BT) | \ 69 ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_SSBS) \ 70 ) 71 72 /* 73 * Allow for protected VMs: 74 * - Mixed-endian 75 * - Distinction between Secure and Non-secure Memory 76 * - Mixed-endian at EL0 only 77 * - Non-context synchronizing exception entry and exit 78 */ 79 #define PVM_ID_AA64MMFR0_ALLOW (\ 80 ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_BIGEND) | \ 81 ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_SNSMEM) | \ 82 ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_BIGENDEL0) | \ 83 ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_EXS) \ 84 ) 85 86 /* 87 * Restrict to the following *unsigned* features for protected VMs: 88 * - 40-bit IPA 89 * - 16-bit ASID 90 */ 91 #define PVM_ID_AA64MMFR0_RESTRICT_UNSIGNED (\ 92 FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_PARANGE), ID_AA64MMFR0_EL1_PARANGE_40) | \ 93 FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_ASIDBITS), ID_AA64MMFR0_EL1_ASIDBITS_16) \ 94 ) 95 96 /* 97 * Allow for protected VMs: 98 * - Hardware translation table updates to Access flag and Dirty state 99 * - Number of VMID bits from CPU 100 * - Hierarchical Permission Disables 101 * - Privileged Access Never 102 * - SError interrupt exceptions from speculative reads 103 * - Enhanced Translation Synchronization 104 */ 105 #define PVM_ID_AA64MMFR1_ALLOW (\ 106 ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_HAFDBS) | \ 107 ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_VMIDBits) | \ 108 ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_HPDS) | \ 109 ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_PAN) | \ 110 ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_SpecSEI) | \ 111 ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_ETS) \ 112 ) 113 114 /* 115 * Allow for protected VMs: 116 * - Common not Private translations 117 * - User Access Override 118 * - IESB bit in the SCTLR_ELx registers 119 * - Unaligned single-copy atomicity and atomic functions 120 * - ESR_ELx.EC value on an exception by read access to feature ID space 121 * - TTL field in address operations. 122 * - Break-before-make sequences when changing translation block size 123 * - E0PDx mechanism 124 */ 125 #define PVM_ID_AA64MMFR2_ALLOW (\ 126 ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_CnP) | \ 127 ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_UAO) | \ 128 ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_IESB) | \ 129 ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_AT) | \ 130 ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_IDS) | \ 131 ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_TTL) | \ 132 ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_BBM) | \ 133 ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_E0PD) \ 134 ) 135 136 /* 137 * No support for Scalable Vectors for protected VMs: 138 * Requires additional support from KVM, e.g., context-switching and 139 * trapping at EL2 140 */ 141 #define PVM_ID_AA64ZFR0_ALLOW (0ULL) 142 143 /* 144 * No support for debug, including breakpoints, and watchpoints for protected 145 * VMs: 146 * The Arm architecture mandates support for at least the Armv8 debug 147 * architecture, which would include at least 2 hardware breakpoints and 148 * watchpoints. Providing that support to protected guests adds 149 * considerable state and complexity. Therefore, the reserved value of 0 is 150 * used for debug-related fields. 151 */ 152 #define PVM_ID_AA64DFR0_ALLOW (0ULL) 153 #define PVM_ID_AA64DFR1_ALLOW (0ULL) 154 155 /* 156 * No support for implementation defined features. 157 */ 158 #define PVM_ID_AA64AFR0_ALLOW (0ULL) 159 #define PVM_ID_AA64AFR1_ALLOW (0ULL) 160 161 /* 162 * No restrictions on instructions implemented in AArch64. 163 */ 164 #define PVM_ID_AA64ISAR0_ALLOW (\ 165 ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_AES) | \ 166 ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_SHA1) | \ 167 ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_SHA2) | \ 168 ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_CRC32) | \ 169 ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_ATOMIC) | \ 170 ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_RDM) | \ 171 ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_SHA3) | \ 172 ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_SM3) | \ 173 ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_SM4) | \ 174 ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_DP) | \ 175 ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_FHM) | \ 176 ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_TS) | \ 177 ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_TLB) | \ 178 ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_RNDR) \ 179 ) 180 181 #define PVM_ID_AA64ISAR1_ALLOW (\ 182 ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_DPB) | \ 183 ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_APA) | \ 184 ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_API) | \ 185 ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_JSCVT) | \ 186 ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_FCMA) | \ 187 ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_LRCPC) | \ 188 ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_GPA) | \ 189 ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_GPI) | \ 190 ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_FRINTTS) | \ 191 ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_SB) | \ 192 ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_SPECRES) | \ 193 ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_BF16) | \ 194 ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_DGH) | \ 195 ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_I8MM) \ 196 ) 197 198 #define PVM_ID_AA64ISAR2_ALLOW (\ 199 ARM64_FEATURE_MASK(ID_AA64ISAR2_EL1_GPA3) | \ 200 ARM64_FEATURE_MASK(ID_AA64ISAR2_EL1_APA3) \ 201 ) 202 203 u64 pvm_read_id_reg(const struct kvm_vcpu *vcpu, u32 id); 204 bool kvm_handle_pvm_sysreg(struct kvm_vcpu *vcpu, u64 *exit_code); 205 bool kvm_handle_pvm_restricted(struct kvm_vcpu *vcpu, u64 *exit_code); 206 int kvm_check_pvm_sysreg_table(void); 207 208 #endif /* __ARM64_KVM_FIXED_CONFIG_H__ */ 209