On Tue, Jun 25, 2024 at 02:00:38PM +0100, Marc Zyngier wrote:
> HCRX_GUEST_FLAGS gives random KVM hackers the impression that
> they can stuff bits in this macro and unconditionally enable
> features in the guest.
>
> In general, this is wrong (we have been there with FEAT_MOPS,
> and again with FEAT_TCRX).
>
> Document that HCRX_EL2.SMPME is an exception rather than the rule,
> and get rid of HCRX_GUEST_FLAGS.
>
> Signed-off-by: Marc Zyngier <maz@xxxxxxxxxx>
> ---
> arch/arm64/include/asm/kvm_arm.h | 1 -
> arch/arm64/kvm/sys_regs.c | 8 +++++++-
> 2 files changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h
> index e6682a3ace5af..d81cc746e0ebd 100644
> --- a/arch/arm64/include/asm/kvm_arm.h
> +++ b/arch/arm64/include/asm/kvm_arm.h
> @@ -102,7 +102,6 @@
> #define HCR_HOST_NVHE_PROTECTED_FLAGS (HCR_HOST_NVHE_FLAGS | HCR_TSC)
> #define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H)
>
> -#define HCRX_GUEST_FLAGS (HCRX_EL2_SMPME)
> #define HCRX_HOST_FLAGS (HCRX_EL2_MSCEn | HCRX_EL2_TCR2En | HCRX_EL2_EnFPM)
>
> /* TCR_EL2 Registers bits */
> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
> index 71996d36f3751..8e22232c4b0f4 100644
> --- a/arch/arm64/kvm/sys_regs.c
> +++ b/arch/arm64/kvm/sys_regs.c
> @@ -4062,7 +4062,13 @@ void kvm_init_sysreg(struct kvm_vcpu *vcpu)
> vcpu->arch.hcr_el2 |= HCR_TTLBOS;
>
> if (cpus_have_final_cap(ARM64_HAS_HCX)) {
> - vcpu->arch.hcrx_el2 = HCRX_GUEST_FLAGS;
> + /*
> + * In general, all HCRX_EL2 bits are gated by a feature.
> + * The only reason we can set SMPME without checking any
> + * feature is that its effects are not directly observable
> + * from the guest.
> + */
> + vcpu->arch.hcrx_el2 = HCRX_EL2_SMPME;
>
> if (kvm_has_feat(kvm, ID_AA64ISAR2_EL1, MOPS, IMP))
> vcpu->arch.hcrx_el2 |= (HCRX_EL2_MSCEn | HCRX_EL2_MCE2);
Reviewed-by: Joey Gouly <joey.gouly@xxxxxxx>
