Re: [PATCH v1 00/24] Opt-in always-on nVHE hypervisor

2021-01-19 Thread Janne Karhunen 
On Tue, Nov 10, 2020 at 1:19 PM Marc Zyngier  wrote:

> > Why?  I thought we were trying to kill nVHE off now that newer CPUs
> > provide the saner virtualization extensions?
>
> We can't kill nVHE at all, because that is the only game in town.
> You can't even buy a decent machine with VHE, no matter how much money
> you put on the table.

As I mentioned it earlier, we did this type of nVHE hypervisor and the
proof of concept is here:
https://github.com/jkrh/kvms

See the README. It runs successfully on multiple pieces of arm64
hardware and provides a tiny QEMU based development environment via
the makefiles for the QEMU 'max' CPU. The code is rough, the amount of
man hours put to it is not sky high, but it does run. I'll update a
new kernel patch to patches/ dir for one of the later kernels
hopefully next week, up to now we have only supported kernels between
4.9  5.6 as this is what our development hardware(s) run with. It
requires a handful of hooks in the kvm code, but the actual kvm calls
are just rerouted back to the kernel symbols. This way the hypervisor
itself can be kept very tiny.

The s2 page tables are fully owned by the hyp and the guests are
unmapped from the host memory when configured with the option (we call
it host blinding). Multiple VMs can be run without pinning them into
the memory.  It also provides a tiny out of tree driver prototype stub
to protect the critical sections of the kernel memory beyond the
kernel's own reach. There are still holes in the implementation such
as the virtio-mapback handling via whitelisting and paging integrity
checks, and many things are not quite all the way there yet. One step
at a time.


--
Janne
___
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm

Re: [PATCH v2 2/2] KVM: arm64: Workaround firmware wrongly advertising GICv2-on-v3 compatibility

2021-01-19 Thread Marc Zyngier 

On 2021-01-19 10:09, Shameerali Kolothum Thodi wrote:

-Original Message-
From: Marc Zyngier [mailto:m...@kernel.org]
Sent: 15 January 2021 14:15
To: Ard Biesheuvel 
Cc: Linux ARM ; kvmarm
; Shameerali Kolothum Thodi
; James Morse
; Julien Thierry ;
Suzuki K Poulose ; Android Kernel Team

Subject: Re: [PATCH v2 2/2] KVM: arm64: Workaround firmware wrongly
advertising GICv2-on-v3 compatibility

On 2021-01-15 14:08, Ard Biesheuvel wrote:
> On Fri, 15 Jan 2021 at 15:03, Marc Zyngier  wrote:

[...]

>> diff --git a/arch/arm64/kvm/vgic/vgic-v3.c
>> b/arch/arm64/kvm/vgic/vgic-v3.c index 8e7bf3151057..67b27b47312b
>> 100644
>> --- a/arch/arm64/kvm/vgic/vgic-v3.c
>> +++ b/arch/arm64/kvm/vgic/vgic-v3.c
>> @@ -584,8 +584,10 @@ early_param("kvm-arm.vgic_v4_enable",
>> early_gicv4_enable);
>>  int vgic_v3_probe(const struct gic_kvm_info *info)  {
>> u64 ich_vtr_el2 = kvm_call_hyp_ret(__vgic_v3_get_gic_config);
>> +   bool has_v2;
>> int ret;
>>
>> +   has_v2 = ich_vtr_el2 >> 63;
>> ich_vtr_el2 = (u32)ich_vtr_el2;
>>
>> /*
>> @@ -605,13 +607,15 @@ int vgic_v3_probe(const struct gic_kvm_info
>> *info)
>>  gicv4_enable ? "en" : "dis");
>> }
>>
>> +   kvm_vgic_global_state.vcpu_base = 0;
>> +
>> if (!info->vcpu.start) {
>> kvm_info("GICv3: no GICV resource entry\n");
>> -   kvm_vgic_global_state.vcpu_base = 0;
>> +   } else if (!has_v2) {
>> +   pr_warn("CPU interface incapable of MMIO access\n");
>
> Could we include FW_BUG here to stress that this is a firmware problem?

Absolutely! That's what it now looks like:

[2.648452] kvm [1]: IPA Size Limit: 40 bits
[2.649259] [Firmware Bug]: CPU interface incapable of MMIO access
[2.649620] kvm [1]: disabling GICv2 emulation
[2.650227] kvm [1]: GIC system register CPU interface enabled
[2.652004] kvm [1]: vgic interrupt IRQ9
[2.655623] kvm [1]: VHE mode initialized successfully

Updated version pushed out.


Is there a v3 for this series? I couldn't find one.


Nope, I didn't think it was useful to send another series for such
a minor change.



Anyways, tested this series on a D06 with faulty firmware and it is
working as expected.
FWIW,

   Tested-by: Shameer Kolothum 



Thanks,

M.
--
Jazz is not dead. It just smells funny...
___
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm

RE: [PATCH v2 2/2] KVM: arm64: Workaround firmware wrongly advertising GICv2-on-v3 compatibility

2021-01-19 Thread Shameerali Kolothum Thodi 



> -Original Message-
> From: Marc Zyngier [mailto:m...@kernel.org]
> Sent: 15 January 2021 14:15
> To: Ard Biesheuvel 
> Cc: Linux ARM ; kvmarm
> ; Shameerali Kolothum Thodi
> ; James Morse
> ; Julien Thierry ;
> Suzuki K Poulose ; Android Kernel Team
> 
> Subject: Re: [PATCH v2 2/2] KVM: arm64: Workaround firmware wrongly
> advertising GICv2-on-v3 compatibility
> 
> On 2021-01-15 14:08, Ard Biesheuvel wrote:
> > On Fri, 15 Jan 2021 at 15:03, Marc Zyngier  wrote:
> 
> [...]
> 
> >> diff --git a/arch/arm64/kvm/vgic/vgic-v3.c
> >> b/arch/arm64/kvm/vgic/vgic-v3.c index 8e7bf3151057..67b27b47312b
> >> 100644
> >> --- a/arch/arm64/kvm/vgic/vgic-v3.c
> >> +++ b/arch/arm64/kvm/vgic/vgic-v3.c
> >> @@ -584,8 +584,10 @@ early_param("kvm-arm.vgic_v4_enable",
> >> early_gicv4_enable);
> >>  int vgic_v3_probe(const struct gic_kvm_info *info)  {
> >> u64 ich_vtr_el2 = kvm_call_hyp_ret(__vgic_v3_get_gic_config);
> >> +   bool has_v2;
> >> int ret;
> >>
> >> +   has_v2 = ich_vtr_el2 >> 63;
> >> ich_vtr_el2 = (u32)ich_vtr_el2;
> >>
> >> /*
> >> @@ -605,13 +607,15 @@ int vgic_v3_probe(const struct gic_kvm_info
> >> *info)
> >>  gicv4_enable ? "en" : "dis");
> >> }
> >>
> >> +   kvm_vgic_global_state.vcpu_base = 0;
> >> +
> >> if (!info->vcpu.start) {
> >> kvm_info("GICv3: no GICV resource entry\n");
> >> -   kvm_vgic_global_state.vcpu_base = 0;
> >> +   } else if (!has_v2) {
> >> +   pr_warn("CPU interface incapable of MMIO access\n");
> >
> > Could we include FW_BUG here to stress that this is a firmware problem?
> 
> Absolutely! That's what it now looks like:
> 
> [2.648452] kvm [1]: IPA Size Limit: 40 bits
> [2.649259] [Firmware Bug]: CPU interface incapable of MMIO access
> [2.649620] kvm [1]: disabling GICv2 emulation
> [2.650227] kvm [1]: GIC system register CPU interface enabled
> [2.652004] kvm [1]: vgic interrupt IRQ9
> [2.655623] kvm [1]: VHE mode initialized successfully
> 
> Updated version pushed out.

Is there a v3 for this series? I couldn't find one.

Anyways, tested this series on a D06 with faulty firmware and it is working as 
expected.
FWIW,

   Tested-by: Shameer Kolothum 

Thanks,
Shameer

> Thanks,
> 
>  M.
> --
> Jazz is not dead. It just smells funny...
___
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm