Commit 032d8169 authored by Mark Brown's avatar Mark Brown Committed by Jie Liu
Browse files

KVM: arm64: Hide FEAT_NMI from guests 

kunpeng inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I90N2C
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/broonie/misc.git/commit/?h=arm64-nmi&id=8539e30db95729959a256d6b34d2e4eb9ef38aaa



----------------------------------------------------------------------

FEAT_NMI is not yet useful to guests pending implementation of vGIC
support. Mask out the feature from the ID register and prevent guests
creating state in ALLINT.ALLINT by activating the trap on write provided
in HCRX_EL2.TALLINT when they are running. There is no trap available
for reads from ALLINT.

We do not need to check for FEAT_HCRX since it is mandatory since v8.7
and FEAT_NMI is a v8.8 feature.

Signed-off-by: default avatarMark Brown <broonie@kernel.org>
Signed-off-by: default avatarJie Liu <liujie375@h-partners.com>
parent f72387e1

arch/arm64/kvm/hyp/include/hyp/switch.h

+6 −0
Original line number Diff line number Diff line
@@ -224,6 +224,9 @@ static inline void __activate_traps_common(struct kvm_vcpu *vcpu) 
		vcpu_set_flag(vcpu, PMUSERENR_ON_CPU);

	}



	if (cpus_have_final_cap(ARM64_HAS_NMI))

		sysreg_clear_set_s(SYS_HCRX_EL2, 0, HCRX_EL2_TALLINT);



	vcpu->arch.mdcr_el2_host = read_sysreg(mdcr_el2);

	write_sysreg(vcpu->arch.mdcr_el2, mdcr_el2);
@@ -249,6 +252,9 @@ static inline void __deactivate_traps_common(struct kvm_vcpu *vcpu) 
{

	write_sysreg(vcpu->arch.mdcr_el2_host, mdcr_el2);



	if (cpus_have_final_cap(ARM64_HAS_NMI))

		sysreg_clear_set_s(SYS_HCRX_EL2, HCRX_EL2_TALLINT, 0);



	write_sysreg(0, hstr_el2);

	if (kvm_arm_support_pmu_v3()) {

		struct kvm_cpu_context *hctxt;

arch/arm64/kvm/sys_regs.c

+1 −0
Original line number Diff line number Diff line
@@ -1379,6 +1379,7 @@ static u64 __kvm_read_sanitised_id_reg(const struct kvm_vcpu *vcpu, 
			val &= ~ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_MTE);



		val &= ~ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_SME);

		val &= ~ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_NMI);

		break;

	case SYS_ID_AA64ISAR1_EL1:

		if (!vcpu_has_ptrauth(vcpu))