KVM: arm64: nv: Sanitise ICH_HCR_EL2 accesses

As ICH_HCR_EL2 is a VNCR accessor when runnintg NV, add some sanitising to what gets written. Crucially, mark TDIR as RES0 if the HW doesn't support it (unlikely, but hey...), as well as anything GICv4 related, since we only expose a GICv3 to the uest. Signed-off-by: Marc Zyngier <maz@kernel.org> Link: https://lore.kernel.org/r/20250225172930.1850838-8-maz@kernel.org Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
author: Marc Zyngier <maz@kernel.org> 2025-02-25 17:29:21 +0000
committer: Oliver Upton <oliver.upton@linux.dev> 2025-03-03 14:55:10 -0800
commit: 21d29cd814d794f8ed9dc466d7481b8629ca5e73 (patch)
tree: e5a940e6b3c7c161a28bba15d07ee8cc06a69dc0
parent: 96c2f03311de1a9363a7b4cee28776ac9cec8109 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/arch/arm64/kvm/nested.c b/arch/arm64/kvm/nested.c
index 0c9387d2f507..7c8f39070a50 100644
--- a/arch/arm64/kvm/nested.c
+++ b/arch/arm64/kvm/nested.c
@@ -1290,6 +1290,15 @@ int kvm_init_nv_sysregs(struct kvm_vcpu *vcpu)
 		res0 |= GENMASK(11, 8);
 	set_sysreg_masks(kvm, CNTHCTL_EL2, res0, res1);
 
+	/* ICH_HCR_EL2 */
+	res0 = ICH_HCR_EL2_RES0;
+	res1 = ICH_HCR_EL2_RES1;
+	if (!(kvm_vgic_global_state.ich_vtr_el2 & ICH_VTR_EL2_TDS))
+		res0 |= ICH_HCR_EL2_TDIR;
+	/* No GICv4 is presented to the guest */
+	res0 |= ICH_HCR_EL2_DVIM | ICH_HCR_EL2_vSGIEOICount;
+	set_sysreg_masks(kvm, ICH_HCR_EL2, res0, res1);
+
 out:
 	for (enum vcpu_sysreg sr = __SANITISED_REG_START__; sr < NR_SYS_REGS; sr++)
 		(void)__vcpu_sys_reg(vcpu, sr);
author	Marc Zyngier <maz@kernel.org>	2025-02-25 17:29:21 +0000
committer	Oliver Upton <oliver.upton@linux.dev>	2025-03-03 14:55:10 -0800
commit	21d29cd814d794f8ed9dc466d7481b8629ca5e73 (patch)
tree	e5a940e6b3c7c161a28bba15d07ee8cc06a69dc0
parent	96c2f03311de1a9363a7b4cee28776ac9cec8109 (diff)