xref: /linux/arch/arm64/kvm/nested.c (revision a674fefd17324fc467f043568e738b80ca22f2b4)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Copyright (C) 2017 - Columbia University and Linaro Ltd.
4  * Author: Jintack Lim <jintack.lim@linaro.org>
5  */
6 
7 #include <linux/kvm.h>
8 #include <linux/kvm_host.h>
9 
10 #include <asm/kvm_emulate.h>
11 #include <asm/kvm_nested.h>
12 #include <asm/sysreg.h>
13 
14 #include "sys_regs.h"
15 
16 /* Protection against the sysreg repainting madness... */
17 #define NV_FTR(r, f)		ID_AA64##r##_EL1_##f
18 
19 /*
20  * Our emulated CPU doesn't support all the possible features. For the
21  * sake of simplicity (and probably mental sanity), wipe out a number
22  * of feature bits we don't intend to support for the time being.
23  * This list should get updated as new features get added to the NV
24  * support, and new extension to the architecture.
25  */
26 static u64 limit_nv_id_reg(u32 id, u64 val)
27 {
28 	u64 tmp;
29 
30 	switch (id) {
31 	case SYS_ID_AA64ISAR0_EL1:
32 		/* Support everything but TME, O.S. and Range TLBIs */
33 		val &= ~(NV_FTR(ISAR0, TLB)		|
34 			 NV_FTR(ISAR0, TME));
35 		break;
36 
37 	case SYS_ID_AA64ISAR1_EL1:
38 		/* Support everything but Spec Invalidation */
39 		val &= ~(GENMASK_ULL(63, 56)	|
40 			 NV_FTR(ISAR1, SPECRES));
41 		break;
42 
43 	case SYS_ID_AA64PFR0_EL1:
44 		/* No AMU, MPAM, S-EL2, RAS or SVE */
45 		val &= ~(GENMASK_ULL(55, 52)	|
46 			 NV_FTR(PFR0, AMU)	|
47 			 NV_FTR(PFR0, MPAM)	|
48 			 NV_FTR(PFR0, SEL2)	|
49 			 NV_FTR(PFR0, RAS)	|
50 			 NV_FTR(PFR0, SVE)	|
51 			 NV_FTR(PFR0, EL3)	|
52 			 NV_FTR(PFR0, EL2)	|
53 			 NV_FTR(PFR0, EL1));
54 		/* 64bit EL1/EL2/EL3 only */
55 		val |= FIELD_PREP(NV_FTR(PFR0, EL1), 0b0001);
56 		val |= FIELD_PREP(NV_FTR(PFR0, EL2), 0b0001);
57 		val |= FIELD_PREP(NV_FTR(PFR0, EL3), 0b0001);
58 		break;
59 
60 	case SYS_ID_AA64PFR1_EL1:
61 		/* Only support BTI, SSBS, CSV2_frac */
62 		val &= (NV_FTR(PFR1, BT)	|
63 			NV_FTR(PFR1, SSBS)	|
64 			NV_FTR(PFR1, CSV2_frac));
65 		break;
66 
67 	case SYS_ID_AA64MMFR0_EL1:
68 		/* Hide ECV, ExS, Secure Memory */
69 		val &= ~(NV_FTR(MMFR0, ECV)		|
70 			 NV_FTR(MMFR0, EXS)		|
71 			 NV_FTR(MMFR0, TGRAN4_2)	|
72 			 NV_FTR(MMFR0, TGRAN16_2)	|
73 			 NV_FTR(MMFR0, TGRAN64_2)	|
74 			 NV_FTR(MMFR0, SNSMEM));
75 
76 		/* Disallow unsupported S2 page sizes */
77 		switch (PAGE_SIZE) {
78 		case SZ_64K:
79 			val |= FIELD_PREP(NV_FTR(MMFR0, TGRAN16_2), 0b0001);
80 			fallthrough;
81 		case SZ_16K:
82 			val |= FIELD_PREP(NV_FTR(MMFR0, TGRAN4_2), 0b0001);
83 			fallthrough;
84 		case SZ_4K:
85 			/* Support everything */
86 			break;
87 		}
88 		/*
89 		 * Since we can't support a guest S2 page size smaller than
90 		 * the host's own page size (due to KVM only populating its
91 		 * own S2 using the kernel's page size), advertise the
92 		 * limitation using FEAT_GTG.
93 		 */
94 		switch (PAGE_SIZE) {
95 		case SZ_4K:
96 			val |= FIELD_PREP(NV_FTR(MMFR0, TGRAN4_2), 0b0010);
97 			fallthrough;
98 		case SZ_16K:
99 			val |= FIELD_PREP(NV_FTR(MMFR0, TGRAN16_2), 0b0010);
100 			fallthrough;
101 		case SZ_64K:
102 			val |= FIELD_PREP(NV_FTR(MMFR0, TGRAN64_2), 0b0010);
103 			break;
104 		}
105 		/* Cap PARange to 48bits */
106 		tmp = FIELD_GET(NV_FTR(MMFR0, PARANGE), val);
107 		if (tmp > 0b0101) {
108 			val &= ~NV_FTR(MMFR0, PARANGE);
109 			val |= FIELD_PREP(NV_FTR(MMFR0, PARANGE), 0b0101);
110 		}
111 		break;
112 
113 	case SYS_ID_AA64MMFR1_EL1:
114 		val &= (NV_FTR(MMFR1, HCX)	|
115 			NV_FTR(MMFR1, PAN)	|
116 			NV_FTR(MMFR1, LO)	|
117 			NV_FTR(MMFR1, HPDS)	|
118 			NV_FTR(MMFR1, VH)	|
119 			NV_FTR(MMFR1, VMIDBits));
120 		break;
121 
122 	case SYS_ID_AA64MMFR2_EL1:
123 		val &= ~(NV_FTR(MMFR2, BBM)	|
124 			 NV_FTR(MMFR2, TTL)	|
125 			 GENMASK_ULL(47, 44)	|
126 			 NV_FTR(MMFR2, ST)	|
127 			 NV_FTR(MMFR2, CCIDX)	|
128 			 NV_FTR(MMFR2, VARange));
129 
130 		/* Force TTL support */
131 		val |= FIELD_PREP(NV_FTR(MMFR2, TTL), 0b0001);
132 		break;
133 
134 	case SYS_ID_AA64MMFR4_EL1:
135 		val = 0;
136 		if (!cpus_have_final_cap(ARM64_HAS_HCR_NV1))
137 			val |= FIELD_PREP(NV_FTR(MMFR4, E2H0),
138 					  ID_AA64MMFR4_EL1_E2H0_NI_NV1);
139 		break;
140 
141 	case SYS_ID_AA64DFR0_EL1:
142 		/* Only limited support for PMU, Debug, BPs and WPs */
143 		val &= (NV_FTR(DFR0, PMUVer)	|
144 			NV_FTR(DFR0, WRPs)	|
145 			NV_FTR(DFR0, BRPs)	|
146 			NV_FTR(DFR0, DebugVer));
147 
148 		/* Cap Debug to ARMv8.1 */
149 		tmp = FIELD_GET(NV_FTR(DFR0, DebugVer), val);
150 		if (tmp > 0b0111) {
151 			val &= ~NV_FTR(DFR0, DebugVer);
152 			val |= FIELD_PREP(NV_FTR(DFR0, DebugVer), 0b0111);
153 		}
154 		break;
155 
156 	default:
157 		/* Unknown register, just wipe it clean */
158 		val = 0;
159 		break;
160 	}
161 
162 	return val;
163 }
164 
165 u64 kvm_vcpu_sanitise_vncr_reg(const struct kvm_vcpu *vcpu, enum vcpu_sysreg sr)
166 {
167 	u64 v = ctxt_sys_reg(&vcpu->arch.ctxt, sr);
168 	struct kvm_sysreg_masks *masks;
169 
170 	masks = vcpu->kvm->arch.sysreg_masks;
171 
172 	if (masks) {
173 		sr -= __VNCR_START__;
174 
175 		v &= ~masks->mask[sr].res0;
176 		v |= masks->mask[sr].res1;
177 	}
178 
179 	return v;
180 }
181 
182 static void set_sysreg_masks(struct kvm *kvm, int sr, u64 res0, u64 res1)
183 {
184 	int i = sr - __VNCR_START__;
185 
186 	kvm->arch.sysreg_masks->mask[i].res0 = res0;
187 	kvm->arch.sysreg_masks->mask[i].res1 = res1;
188 }
189 
190 int kvm_init_nv_sysregs(struct kvm *kvm)
191 {
192 	u64 res0, res1;
193 	int ret = 0;
194 
195 	mutex_lock(&kvm->arch.config_lock);
196 
197 	if (kvm->arch.sysreg_masks)
198 		goto out;
199 
200 	kvm->arch.sysreg_masks = kzalloc(sizeof(*(kvm->arch.sysreg_masks)),
201 					 GFP_KERNEL);
202 	if (!kvm->arch.sysreg_masks) {
203 		ret = -ENOMEM;
204 		goto out;
205 	}
206 
207 	for (int i = 0; i < KVM_ARM_ID_REG_NUM; i++)
208 		kvm->arch.id_regs[i] = limit_nv_id_reg(IDX_IDREG(i),
209 						       kvm->arch.id_regs[i]);
210 
211 	/* VTTBR_EL2 */
212 	res0 = res1 = 0;
213 	if (!kvm_has_feat_enum(kvm, ID_AA64MMFR1_EL1, VMIDBits, 16))
214 		res0 |= GENMASK(63, 56);
215 	if (!kvm_has_feat(kvm, ID_AA64MMFR2_EL1, CnP, IMP))
216 		res0 |= VTTBR_CNP_BIT;
217 	set_sysreg_masks(kvm, VTTBR_EL2, res0, res1);
218 
219 	/* VTCR_EL2 */
220 	res0 = GENMASK(63, 32) | GENMASK(30, 20);
221 	res1 = BIT(31);
222 	set_sysreg_masks(kvm, VTCR_EL2, res0, res1);
223 
224 	/* VMPIDR_EL2 */
225 	res0 = GENMASK(63, 40) | GENMASK(30, 24);
226 	res1 = BIT(31);
227 	set_sysreg_masks(kvm, VMPIDR_EL2, res0, res1);
228 
229 	/* HCR_EL2 */
230 	res0 = BIT(48);
231 	res1 = HCR_RW;
232 	if (!kvm_has_feat(kvm, ID_AA64MMFR1_EL1, TWED, IMP))
233 		res0 |= GENMASK(63, 59);
234 	if (!kvm_has_feat(kvm, ID_AA64PFR1_EL1, MTE, MTE2))
235 		res0 |= (HCR_TID5 | HCR_DCT | HCR_ATA);
236 	if (!kvm_has_feat(kvm, ID_AA64MMFR2_EL1, EVT, TTLBxS))
237 		res0 |= (HCR_TTLBIS | HCR_TTLBOS);
238 	if (!kvm_has_feat(kvm, ID_AA64PFR0_EL1, CSV2, CSV2_2) &&
239 	    !kvm_has_feat(kvm, ID_AA64PFR1_EL1, CSV2_frac, CSV2_1p2))
240 		res0 |= HCR_ENSCXT;
241 	if (!kvm_has_feat(kvm, ID_AA64MMFR2_EL1, EVT, IMP))
242 		res0 |= (HCR_TOCU | HCR_TICAB | HCR_TID4);
243 	if (!kvm_has_feat(kvm, ID_AA64PFR0_EL1, AMU, V1P1))
244 		res0 |= HCR_AMVOFFEN;
245 	if (!kvm_has_feat(kvm, ID_AA64PFR0_EL1, RAS, V1P1))
246 		res0 |= HCR_FIEN;
247 	if (!kvm_has_feat(kvm, ID_AA64MMFR2_EL1, FWB, IMP))
248 		res0 |= HCR_FWB;
249 	if (!kvm_has_feat(kvm, ID_AA64MMFR2_EL1, NV, NV2))
250 		res0 |= HCR_NV2;
251 	if (!kvm_has_feat(kvm, ID_AA64MMFR2_EL1, NV, IMP))
252 		res0 |= (HCR_AT | HCR_NV1 | HCR_NV);
253 	if (!(__vcpu_has_feature(&kvm->arch, KVM_ARM_VCPU_PTRAUTH_ADDRESS) &&
254 	      __vcpu_has_feature(&kvm->arch, KVM_ARM_VCPU_PTRAUTH_GENERIC)))
255 		res0 |= (HCR_API | HCR_APK);
256 	if (!kvm_has_feat(kvm, ID_AA64ISAR0_EL1, TME, IMP))
257 		res0 |= BIT(39);
258 	if (!kvm_has_feat(kvm, ID_AA64PFR0_EL1, RAS, IMP))
259 		res0 |= (HCR_TEA | HCR_TERR);
260 	if (!kvm_has_feat(kvm, ID_AA64MMFR1_EL1, LO, IMP))
261 		res0 |= HCR_TLOR;
262 	if (!kvm_has_feat(kvm, ID_AA64MMFR4_EL1, E2H0, IMP))
263 		res1 |= HCR_E2H;
264 	set_sysreg_masks(kvm, HCR_EL2, res0, res1);
265 
266 	/* HCRX_EL2 */
267 	res0 = HCRX_EL2_RES0;
268 	res1 = HCRX_EL2_RES1;
269 	if (!kvm_has_feat(kvm, ID_AA64ISAR3_EL1, PACM, TRIVIAL_IMP))
270 		res0 |= HCRX_EL2_PACMEn;
271 	if (!kvm_has_feat(kvm, ID_AA64PFR2_EL1, FPMR, IMP))
272 		res0 |= HCRX_EL2_EnFPM;
273 	if (!kvm_has_feat(kvm, ID_AA64PFR1_EL1, GCS, IMP))
274 		res0 |= HCRX_EL2_GCSEn;
275 	if (!kvm_has_feat(kvm, ID_AA64ISAR2_EL1, SYSREG_128, IMP))
276 		res0 |= HCRX_EL2_EnIDCP128;
277 	if (!kvm_has_feat(kvm, ID_AA64MMFR3_EL1, ADERR, DEV_ASYNC))
278 		res0 |= (HCRX_EL2_EnSDERR | HCRX_EL2_EnSNERR);
279 	if (!kvm_has_feat(kvm, ID_AA64PFR1_EL1, DF2, IMP))
280 		res0 |= HCRX_EL2_TMEA;
281 	if (!kvm_has_feat(kvm, ID_AA64MMFR3_EL1, D128, IMP))
282 		res0 |= HCRX_EL2_D128En;
283 	if (!kvm_has_feat(kvm, ID_AA64PFR1_EL1, THE, IMP))
284 		res0 |= HCRX_EL2_PTTWI;
285 	if (!kvm_has_feat(kvm, ID_AA64MMFR3_EL1, SCTLRX, IMP))
286 		res0 |= HCRX_EL2_SCTLR2En;
287 	if (!kvm_has_feat(kvm, ID_AA64MMFR3_EL1, TCRX, IMP))
288 		res0 |= HCRX_EL2_TCR2En;
289 	if (!kvm_has_feat(kvm, ID_AA64ISAR2_EL1, MOPS, IMP))
290 		res0 |= (HCRX_EL2_MSCEn | HCRX_EL2_MCE2);
291 	if (!kvm_has_feat(kvm, ID_AA64MMFR1_EL1, CMOW, IMP))
292 		res0 |= HCRX_EL2_CMOW;
293 	if (!kvm_has_feat(kvm, ID_AA64PFR1_EL1, NMI, IMP))
294 		res0 |= (HCRX_EL2_VFNMI | HCRX_EL2_VINMI | HCRX_EL2_TALLINT);
295 	if (!kvm_has_feat(kvm, ID_AA64PFR1_EL1, SME, IMP) ||
296 	    !(read_sysreg_s(SYS_SMIDR_EL1) & SMIDR_EL1_SMPS))
297 		res0 |= HCRX_EL2_SMPME;
298 	if (!kvm_has_feat(kvm, ID_AA64ISAR1_EL1, XS, IMP))
299 		res0 |= (HCRX_EL2_FGTnXS | HCRX_EL2_FnXS);
300 	if (!kvm_has_feat(kvm, ID_AA64ISAR1_EL1, LS64, LS64_V))
301 		res0 |= HCRX_EL2_EnASR;
302 	if (!kvm_has_feat(kvm, ID_AA64ISAR1_EL1, LS64, LS64))
303 		res0 |= HCRX_EL2_EnALS;
304 	if (!kvm_has_feat(kvm, ID_AA64ISAR1_EL1, LS64, LS64_ACCDATA))
305 		res0 |= HCRX_EL2_EnAS0;
306 	set_sysreg_masks(kvm, HCRX_EL2, res0, res1);
307 
308 	/* HFG[RW]TR_EL2 */
309 	res0 = res1 = 0;
310 	if (!(__vcpu_has_feature(&kvm->arch, KVM_ARM_VCPU_PTRAUTH_ADDRESS) &&
311 	      __vcpu_has_feature(&kvm->arch, KVM_ARM_VCPU_PTRAUTH_GENERIC)))
312 		res0 |= (HFGxTR_EL2_APDAKey | HFGxTR_EL2_APDBKey |
313 			 HFGxTR_EL2_APGAKey | HFGxTR_EL2_APIAKey |
314 			 HFGxTR_EL2_APIBKey);
315 	if (!kvm_has_feat(kvm, ID_AA64MMFR1_EL1, LO, IMP))
316 		res0 |= (HFGxTR_EL2_LORC_EL1 | HFGxTR_EL2_LOREA_EL1 |
317 			 HFGxTR_EL2_LORID_EL1 | HFGxTR_EL2_LORN_EL1 |
318 			 HFGxTR_EL2_LORSA_EL1);
319 	if (!kvm_has_feat(kvm, ID_AA64PFR0_EL1, CSV2, CSV2_2) &&
320 	    !kvm_has_feat(kvm, ID_AA64PFR1_EL1, CSV2_frac, CSV2_1p2))
321 		res0 |= (HFGxTR_EL2_SCXTNUM_EL1 | HFGxTR_EL2_SCXTNUM_EL0);
322 	if (!kvm_has_feat(kvm, ID_AA64PFR0_EL1, GIC, IMP))
323 		res0 |= HFGxTR_EL2_ICC_IGRPENn_EL1;
324 	if (!kvm_has_feat(kvm, ID_AA64PFR0_EL1, RAS, IMP))
325 		res0 |= (HFGxTR_EL2_ERRIDR_EL1 | HFGxTR_EL2_ERRSELR_EL1 |
326 			 HFGxTR_EL2_ERXFR_EL1 | HFGxTR_EL2_ERXCTLR_EL1 |
327 			 HFGxTR_EL2_ERXSTATUS_EL1 | HFGxTR_EL2_ERXMISCn_EL1 |
328 			 HFGxTR_EL2_ERXPFGF_EL1 | HFGxTR_EL2_ERXPFGCTL_EL1 |
329 			 HFGxTR_EL2_ERXPFGCDN_EL1 | HFGxTR_EL2_ERXADDR_EL1);
330 	if (!kvm_has_feat(kvm, ID_AA64ISAR1_EL1, LS64, LS64_ACCDATA))
331 		res0 |= HFGxTR_EL2_nACCDATA_EL1;
332 	if (!kvm_has_feat(kvm, ID_AA64PFR1_EL1, GCS, IMP))
333 		res0 |= (HFGxTR_EL2_nGCS_EL0 | HFGxTR_EL2_nGCS_EL1);
334 	if (!kvm_has_feat(kvm, ID_AA64PFR1_EL1, SME, IMP))
335 		res0 |= (HFGxTR_EL2_nSMPRI_EL1 | HFGxTR_EL2_nTPIDR2_EL0);
336 	if (!kvm_has_feat(kvm, ID_AA64PFR1_EL1, THE, IMP))
337 		res0 |= HFGxTR_EL2_nRCWMASK_EL1;
338 	if (!kvm_has_feat(kvm, ID_AA64MMFR3_EL1, S1PIE, IMP))
339 		res0 |= (HFGxTR_EL2_nPIRE0_EL1 | HFGxTR_EL2_nPIR_EL1);
340 	if (!kvm_has_feat(kvm, ID_AA64MMFR3_EL1, S1POE, IMP))
341 		res0 |= (HFGxTR_EL2_nPOR_EL0 | HFGxTR_EL2_nPOR_EL1);
342 	if (!kvm_has_feat(kvm, ID_AA64MMFR3_EL1, S2POE, IMP))
343 		res0 |= HFGxTR_EL2_nS2POR_EL1;
344 	if (!kvm_has_feat(kvm, ID_AA64MMFR3_EL1, AIE, IMP))
345 		res0 |= (HFGxTR_EL2_nMAIR2_EL1 | HFGxTR_EL2_nAMAIR2_EL1);
346 	set_sysreg_masks(kvm, HFGRTR_EL2, res0 | __HFGRTR_EL2_RES0, res1);
347 	set_sysreg_masks(kvm, HFGWTR_EL2, res0 | __HFGWTR_EL2_RES0, res1);
348 
349 	/* HDFG[RW]TR_EL2 */
350 	res0 = res1 = 0;
351 	if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, DoubleLock, IMP))
352 		res0 |= HDFGRTR_EL2_OSDLR_EL1;
353 	if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, PMUVer, IMP))
354 		res0 |= (HDFGRTR_EL2_PMEVCNTRn_EL0 | HDFGRTR_EL2_PMEVTYPERn_EL0 |
355 			 HDFGRTR_EL2_PMCCFILTR_EL0 | HDFGRTR_EL2_PMCCNTR_EL0 |
356 			 HDFGRTR_EL2_PMCNTEN | HDFGRTR_EL2_PMINTEN |
357 			 HDFGRTR_EL2_PMOVS | HDFGRTR_EL2_PMSELR_EL0 |
358 			 HDFGRTR_EL2_PMMIR_EL1 | HDFGRTR_EL2_PMUSERENR_EL0 |
359 			 HDFGRTR_EL2_PMCEIDn_EL0);
360 	if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, PMSVer, IMP))
361 		res0 |= (HDFGRTR_EL2_PMBLIMITR_EL1 | HDFGRTR_EL2_PMBPTR_EL1 |
362 			 HDFGRTR_EL2_PMBSR_EL1 | HDFGRTR_EL2_PMSCR_EL1 |
363 			 HDFGRTR_EL2_PMSEVFR_EL1 | HDFGRTR_EL2_PMSFCR_EL1 |
364 			 HDFGRTR_EL2_PMSICR_EL1 | HDFGRTR_EL2_PMSIDR_EL1 |
365 			 HDFGRTR_EL2_PMSIRR_EL1 | HDFGRTR_EL2_PMSLATFR_EL1 |
366 			 HDFGRTR_EL2_PMBIDR_EL1);
367 	if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, TraceVer, IMP))
368 		res0 |= (HDFGRTR_EL2_TRC | HDFGRTR_EL2_TRCAUTHSTATUS |
369 			 HDFGRTR_EL2_TRCAUXCTLR | HDFGRTR_EL2_TRCCLAIM |
370 			 HDFGRTR_EL2_TRCCNTVRn | HDFGRTR_EL2_TRCID |
371 			 HDFGRTR_EL2_TRCIMSPECn | HDFGRTR_EL2_TRCOSLSR |
372 			 HDFGRTR_EL2_TRCPRGCTLR | HDFGRTR_EL2_TRCSEQSTR |
373 			 HDFGRTR_EL2_TRCSSCSRn | HDFGRTR_EL2_TRCSTATR |
374 			 HDFGRTR_EL2_TRCVICTLR);
375 	if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, TraceBuffer, IMP))
376 		res0 |= (HDFGRTR_EL2_TRBBASER_EL1 | HDFGRTR_EL2_TRBIDR_EL1 |
377 			 HDFGRTR_EL2_TRBLIMITR_EL1 | HDFGRTR_EL2_TRBMAR_EL1 |
378 			 HDFGRTR_EL2_TRBPTR_EL1 | HDFGRTR_EL2_TRBSR_EL1 |
379 			 HDFGRTR_EL2_TRBTRG_EL1);
380 	if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, BRBE, IMP))
381 		res0 |= (HDFGRTR_EL2_nBRBIDR | HDFGRTR_EL2_nBRBCTL |
382 			 HDFGRTR_EL2_nBRBDATA);
383 	if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, PMSVer, V1P2))
384 		res0 |= HDFGRTR_EL2_nPMSNEVFR_EL1;
385 	set_sysreg_masks(kvm, HDFGRTR_EL2, res0 | HDFGRTR_EL2_RES0, res1);
386 
387 	/* Reuse the bits from the read-side and add the write-specific stuff */
388 	if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, PMUVer, IMP))
389 		res0 |= (HDFGWTR_EL2_PMCR_EL0 | HDFGWTR_EL2_PMSWINC_EL0);
390 	if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, TraceVer, IMP))
391 		res0 |= HDFGWTR_EL2_TRCOSLAR;
392 	if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, TraceFilt, IMP))
393 		res0 |= HDFGWTR_EL2_TRFCR_EL1;
394 	set_sysreg_masks(kvm, HFGWTR_EL2, res0 | HDFGWTR_EL2_RES0, res1);
395 
396 	/* HFGITR_EL2 */
397 	res0 = HFGITR_EL2_RES0;
398 	res1 = HFGITR_EL2_RES1;
399 	if (!kvm_has_feat(kvm, ID_AA64ISAR1_EL1, DPB, DPB2))
400 		res0 |= HFGITR_EL2_DCCVADP;
401 	if (!kvm_has_feat(kvm, ID_AA64MMFR1_EL1, PAN, PAN2))
402 		res0 |= (HFGITR_EL2_ATS1E1RP | HFGITR_EL2_ATS1E1WP);
403 	if (!kvm_has_feat(kvm, ID_AA64ISAR0_EL1, TLB, OS))
404 		res0 |= (HFGITR_EL2_TLBIRVAALE1OS | HFGITR_EL2_TLBIRVALE1OS |
405 			 HFGITR_EL2_TLBIRVAAE1OS | HFGITR_EL2_TLBIRVAE1OS |
406 			 HFGITR_EL2_TLBIVAALE1OS | HFGITR_EL2_TLBIVALE1OS |
407 			 HFGITR_EL2_TLBIVAAE1OS | HFGITR_EL2_TLBIASIDE1OS |
408 			 HFGITR_EL2_TLBIVAE1OS | HFGITR_EL2_TLBIVMALLE1OS);
409 	if (!kvm_has_feat(kvm, ID_AA64ISAR0_EL1, TLB, RANGE))
410 		res0 |= (HFGITR_EL2_TLBIRVAALE1 | HFGITR_EL2_TLBIRVALE1 |
411 			 HFGITR_EL2_TLBIRVAAE1 | HFGITR_EL2_TLBIRVAE1 |
412 			 HFGITR_EL2_TLBIRVAALE1IS | HFGITR_EL2_TLBIRVALE1IS |
413 			 HFGITR_EL2_TLBIRVAAE1IS | HFGITR_EL2_TLBIRVAE1IS |
414 			 HFGITR_EL2_TLBIRVAALE1OS | HFGITR_EL2_TLBIRVALE1OS |
415 			 HFGITR_EL2_TLBIRVAAE1OS | HFGITR_EL2_TLBIRVAE1OS);
416 	if (!kvm_has_feat(kvm, ID_AA64ISAR1_EL1, SPECRES, IMP))
417 		res0 |= (HFGITR_EL2_CFPRCTX | HFGITR_EL2_DVPRCTX |
418 			 HFGITR_EL2_CPPRCTX);
419 	if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, BRBE, IMP))
420 		res0 |= (HFGITR_EL2_nBRBINJ | HFGITR_EL2_nBRBIALL);
421 	if (!kvm_has_feat(kvm, ID_AA64PFR1_EL1, GCS, IMP))
422 		res0 |= (HFGITR_EL2_nGCSPUSHM_EL1 | HFGITR_EL2_nGCSSTR_EL1 |
423 			 HFGITR_EL2_nGCSEPP);
424 	if (!kvm_has_feat(kvm, ID_AA64ISAR1_EL1, SPECRES, COSP_RCTX))
425 		res0 |= HFGITR_EL2_COSPRCTX;
426 	if (!kvm_has_feat(kvm, ID_AA64ISAR2_EL1, ATS1A, IMP))
427 		res0 |= HFGITR_EL2_ATS1E1A;
428 	set_sysreg_masks(kvm, HFGITR_EL2, res0, res1);
429 
430 	/* HAFGRTR_EL2 - not a lot to see here */
431 	res0 = HAFGRTR_EL2_RES0;
432 	res1 = HAFGRTR_EL2_RES1;
433 	if (!kvm_has_feat(kvm, ID_AA64PFR0_EL1, AMU, V1P1))
434 		res0 |= ~(res0 | res1);
435 	set_sysreg_masks(kvm, HAFGRTR_EL2, res0, res1);
436 out:
437 	mutex_unlock(&kvm->arch.config_lock);
438 
439 	return ret;
440 }
441