KVM: arm64: Follow specification when implementing WXN

The R_QXXPC and R_NPBXC rules have some interesting (and pretty
sharp) corners when defining the behaviour of of WXN at S1:

- when S1 overlay is enabled, WXN applies to the overlay and
  will remove W

- when S1 overlay is disabled, WXN applies to the base permissions
  and will remove X.

Today, we lumb the two together in a way that doesn't really match
the rules, making things awkward to follow what is happening, in
particular when overlays are enabled.

Split these two rules over two distinct paths, which makes things
a lot easier to read and validate against the architecture rules.

Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20250701151648.754785-3-maz@kernel.org
Signed-off-by: Oliver Upton <oliver.upton@linux.dev>

diff --git a/arch/arm64/kvm/at.c b/arch/arm64/kvm/at.c
index a26e377a3617130e338d9fee90c32ca314c43252..0e5610533949383cd2cda0e1dae6d07fda02dbe7 100644 (file)
--- a/arch/arm64/kvm/at.c
+++ b/arch/arm64/kvm/at.c
@@ -1063,6 +1063,10 @@ static void compute_s1_overlay_permissions(struct kvm_vcpu *vcpu,
                if (pov_perms & ~POE_RWX)
                        pov_perms = POE_NONE;
 
+               /* R_QXXPC, S1PrivOverflow enabled */
+               if (wr->pwxn && (pov_perms & POE_X))
+                       pov_perms &= ~POE_W;
+
                wr->pr &= pov_perms & POE_R;
                wr->pw &= pov_perms & POE_W;
                wr->px &= pov_perms & POE_X;
@@ -1084,6 +1088,10 @@ static void compute_s1_overlay_permissions(struct kvm_vcpu *vcpu,
                if (uov_perms & ~POE_RWX)
                        uov_perms = POE_NONE;
 
+               /* R_NPBXC, S1UnprivOverlay enabled */
+               if (wr->uwxn && (uov_perms & POE_X))
+                       uov_perms &= ~POE_W;
+
                wr->ur &= uov_perms & POE_R;
                wr->uw &= uov_perms & POE_W;
                wr->ux &= uov_perms & POE_X;
@@ -1106,21 +1114,13 @@ static void compute_s1_permissions(struct kvm_vcpu *vcpu,
 
        compute_s1_overlay_permissions(vcpu, wi, wr);
 
-       /* R_QXXPC */
-       if (wr->pwxn) {
-               if (!wr->pov && wr->pw)
-                       wr->px = false;
-               if (wr->pov && wr->px)
-                       wr->pw = false;
-       }
+       /* R_QXXPC, S1PrivOverlay disabled */
+       if (!wr->pov)
+               wr->px &= !(wr->pwxn && wr->pw);
 
-       /* R_NPBXC */
-       if (wr->uwxn) {
-               if (!wr->uov && wr->uw)
-                       wr->ux = false;
-               if (wr->uov && wr->ux)
-                       wr->uw = false;
-       }
+       /* R_NPBXC, S1UnprivOverlay disabled */
+       if (!wr->uov)
+               wr->ux &= !(wr->uwxn && wr->uw);
 
        pan = wi->pan && (wr->ur || wr->uw ||
                          (pan3_enabled(vcpu, wi->regime) && wr->ux));