KVM: arm64: Disable MPAM visibility by default and ignore VMM writes

jira LE-4649
Rebuild_History Non-Buildable kernel-5.14.0-570.60.1.el9_6
commit-author James Morse <james.morse@arm.com>
commit 6685f5d
Empty-Commit: Cherry-Pick Conflicts during history rebuild.
Will be included in final tarball splat. Ref for failed cherry-pick at:
ciq/ciq_backports/kernel-5.14.0-570.60.1.el9_6/6685f5d5.failed

commit 011e5f5 ("arm64/cpufeature: Add remaining feature bits in
ID_AA64PFR0 register") exposed the MPAM field of AA64PFR0_EL1 to guests,
but didn't add trap handling. A previous patch supplied the missing trap
handling.

Existing VMs that have the MPAM field of ID_AA64PFR0_EL1 set need to
be migratable, but there is little point enabling the MPAM CPU
interface on new VMs until there is something a guest can do with it.

Clear the MPAM field from the guest's ID_AA64PFR0_EL1 and on hardware
that supports MPAM, politely ignore the VMMs attempts to set this bit.

Guests exposed to this bug have the sanitised value of the MPAM field,
so only the correct value needs to be ignored. This means the field
can continue to be used to block migration to incompatible hardware
(between MPAM=1 and MPAM=5), and the VMM can't rely on the field
being ignored.

	Signed-off-by: James Morse <james.morse@arm.com>
Co-developed-by: Joey Gouly <joey.gouly@arm.com>
	Signed-off-by: Joey Gouly <joey.gouly@arm.com>
	Reviewed-by: Gavin Shan <gshan@redhat.com>
	Tested-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com>
	Reviewed-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20241030160317.2528209-7-joey.gouly@arm.com
	Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
(cherry picked from commit 6685f5d)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>

# Conflicts:
#	arch/arm64/kvm/sys_regs.c

Author: PlaidCat

ciq/ciq_backports/kernel-5.14.0-570.60.1.el9_6/6685f5d5.failed

@@ -0,0 +1,137 @@
+KVM: arm64: Disable MPAM visibility by default and ignore VMM writes
+
+jira LE-4649
+Rebuild_History Non-Buildable kernel-5.14.0-570.60.1.el9_6
+commit-author James Morse <james.morse@arm.com>
+commit 6685f5d572c22e1003e7c0d089afe1c64340ab1f
+Empty-Commit: Cherry-Pick Conflicts during history rebuild.
+Will be included in final tarball splat. Ref for failed cherry-pick at:
+ciq/ciq_backports/kernel-5.14.0-570.60.1.el9_6/6685f5d5.failed
+
+commit 011e5f5bf529f ("arm64/cpufeature: Add remaining feature bits in
+ID_AA64PFR0 register") exposed the MPAM field of AA64PFR0_EL1 to guests,
+but didn't add trap handling. A previous patch supplied the missing trap
+handling.
+
+Existing VMs that have the MPAM field of ID_AA64PFR0_EL1 set need to
+be migratable, but there is little point enabling the MPAM CPU
+interface on new VMs until there is something a guest can do with it.
+
+Clear the MPAM field from the guest's ID_AA64PFR0_EL1 and on hardware
+that supports MPAM, politely ignore the VMMs attempts to set this bit.
+
+Guests exposed to this bug have the sanitised value of the MPAM field,
+so only the correct value needs to be ignored. This means the field
+can continue to be used to block migration to incompatible hardware
+(between MPAM=1 and MPAM=5), and the VMM can't rely on the field
+being ignored.
+
+	Signed-off-by: James Morse <james.morse@arm.com>
+Co-developed-by: Joey Gouly <joey.gouly@arm.com>
+	Signed-off-by: Joey Gouly <joey.gouly@arm.com>
+	Reviewed-by: Gavin Shan <gshan@redhat.com>
+	Tested-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com>
+	Reviewed-by: Marc Zyngier <maz@kernel.org>
+Link: https://lore.kernel.org/r/20241030160317.2528209-7-joey.gouly@arm.com
+	Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
+(cherry picked from commit 6685f5d572c22e1003e7c0d089afe1c64340ab1f)
+	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
+
+# Conflicts:
+#	arch/arm64/kvm/sys_regs.c
+diff --cc arch/arm64/kvm/sys_regs.c
+index d97ad622075f,7dc4a5ce5292..000000000000
+--- a/arch/arm64/kvm/sys_regs.c
++++ b/arch/arm64/kvm/sys_regs.c
+@@@ -1553,7 -1544,12 +1553,8 @@@ static u64 __kvm_read_sanitised_id_reg(
+  		val &= ~ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_MTEX);
+  		val &= ~ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_DF2);
+  		val &= ~ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_PFAR);
++ 		val &= ~ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_MPAM_frac);
+  		break;
+ -	case SYS_ID_AA64PFR2_EL1:
+ -		/* We only expose FPMR */
+ -		val &= ID_AA64PFR2_EL1_FPMR;
+ -		break;
+  	case SYS_ID_AA64ISAR1_EL1:
+  		if (!vcpu_has_ptrauth(vcpu))
+  			val &= ~(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_APA) |
+@@@ -1826,6 -1845,42 +1834,45 @@@ static int set_id_dfr0_el1(struct kvm_v
+  	return set_id_reg(vcpu, rd, val);
+  }
+  
+++<<<<<<< HEAD
+++=======
++ static int set_id_aa64pfr0_el1(struct kvm_vcpu *vcpu,
++ 			       const struct sys_reg_desc *rd, u64 user_val)
++ {
++ 	u64 hw_val = read_sanitised_ftr_reg(SYS_ID_AA64PFR0_EL1);
++ 	u64 mpam_mask = ID_AA64PFR0_EL1_MPAM_MASK;
++ 
++ 	/*
++ 	 * Commit 011e5f5bf529f ("arm64/cpufeature: Add remaining feature bits
++ 	 * in ID_AA64PFR0 register") exposed the MPAM field of AA64PFR0_EL1 to
++ 	 * guests, but didn't add trap handling. KVM doesn't support MPAM and
++ 	 * always returns an UNDEF for these registers. The guest must see 0
++ 	 * for this field.
++ 	 *
++ 	 * But KVM must also accept values from user-space that were provided
++ 	 * by KVM. On CPUs that support MPAM, permit user-space to write
++ 	 * the sanitizied value to ID_AA64PFR0_EL1.MPAM, but ignore this field.
++ 	 */
++ 	if ((hw_val & mpam_mask) == (user_val & mpam_mask))
++ 		user_val &= ~ID_AA64PFR0_EL1_MPAM_MASK;
++ 
++ 	return set_id_reg(vcpu, rd, user_val);
++ }
++ 
++ static int set_id_aa64pfr1_el1(struct kvm_vcpu *vcpu,
++ 			       const struct sys_reg_desc *rd, u64 user_val)
++ {
++ 	u64 hw_val = read_sanitised_ftr_reg(SYS_ID_AA64PFR1_EL1);
++ 	u64 mpam_mask = ID_AA64PFR1_EL1_MPAM_frac_MASK;
++ 
++ 	/* See set_id_aa64pfr0_el1 for comment about MPAM */
++ 	if ((hw_val & mpam_mask) == (user_val & mpam_mask))
++ 		user_val &= ~ID_AA64PFR1_EL1_MPAM_frac_MASK;
++ 
++ 	return set_id_reg(vcpu, rd, user_val);
++ }
++ 
+++>>>>>>> 6685f5d572c2 (KVM: arm64: Disable MPAM visibility by default and ignore VMM writes)
+  /*
+   * cpufeature ID register user accessors
+   *
+@@@ -2365,19 -2430,15 +2412,31 @@@ static const struct sys_reg_desc sys_re
+  
+  	/* AArch64 ID registers */
+  	/* CRm=4 */
+++<<<<<<< HEAD
+ +	{ SYS_DESC(SYS_ID_AA64PFR0_EL1),
+ +	  .access = access_id_reg,
+ +	  .get_user = get_id_reg,
+ +	  .set_user = set_id_reg,
+ +	  .reset = read_sanitised_id_aa64pfr0_el1,
+ +	  .val = ~(ID_AA64PFR0_EL1_AMU |
+ +		   ID_AA64PFR0_EL1_MPAM |
+ +		   ID_AA64PFR0_EL1_SVE |
+ +		   ID_AA64PFR0_EL1_RAS |
+ +		   ID_AA64PFR0_EL1_GIC |
+ +		   ID_AA64PFR0_EL1_AdvSIMD |
+ +		   ID_AA64PFR0_EL1_FP), },
+ +	ID_WRITABLE(ID_AA64PFR1_EL1, ~(ID_AA64PFR1_EL1_PFAR |
+++=======
++ 	ID_FILTERED(ID_AA64PFR0_EL1, id_aa64pfr0_el1,
++ 		    ~(ID_AA64PFR0_EL1_AMU |
++ 		      ID_AA64PFR0_EL1_MPAM |
++ 		      ID_AA64PFR0_EL1_SVE |
++ 		      ID_AA64PFR0_EL1_RAS |
++ 		      ID_AA64PFR0_EL1_AdvSIMD |
++ 		      ID_AA64PFR0_EL1_FP)),
++ 	ID_FILTERED(ID_AA64PFR1_EL1, id_aa64pfr1_el1,
++ 				     ~(ID_AA64PFR1_EL1_PFAR |
+++>>>>>>> 6685f5d572c2 (KVM: arm64: Disable MPAM visibility by default and ignore VMM writes)
+  				       ID_AA64PFR1_EL1_DF2 |
+  				       ID_AA64PFR1_EL1_MTEX |
+  				       ID_AA64PFR1_EL1_THE |
+* Unmerged path arch/arm64/kvm/sys_regs.c