Re: [PATCH v5 10/10] arm64: mm: set the contiguous bit for kernel mappings where appropriate

On 9 March 2017 at 20:33, Mark Rutland wrote: > On Thu, Mar 09, 2017 at 09:25:12AM +0100, Ard Biesheuvel wrote: >> +static inline u64 pte_cont_addr_end(u64 addr, u64 end) >> +{ >> + return min((addr + CONT_PTE_SIZE) & CONT_PTE_MASK, end); >> +} >> + >> +static inline u64

Re: [PATCH v5 10/10] arm64: mm: set the contiguous bit for kernel mappings where appropriate

On Thu, Mar 09, 2017 at 09:25:12AM +0100, Ard Biesheuvel wrote: > +static inline u64 pte_cont_addr_end(u64 addr, u64 end) > +{ > + return min((addr + CONT_PTE_SIZE) & CONT_PTE_MASK, end); > +} > + > +static inline u64 pmd_cont_addr_end(u64 addr, u64 end) > +{ > + return min((addr +

Re: [PATCH v5 09/10] arm64/mmu: replace 'page_mappings_only' parameter with flags argument

On Thu, Mar 09, 2017 at 09:25:11AM +0100, Ard Biesheuvel wrote: > In preparation of extending the policy for manipulating kernel mappings > with whether or not contiguous hints may be used in the page tables, > replace the bool 'page_mappings_only' with a flags field and a flag >

Re: [PATCH v5 08/10] arm64/mmu: add contiguous bit to sanity bug check

On Thu, Mar 09, 2017 at 09:25:10AM +0100, Ard Biesheuvel wrote: > A mapping with the contiguous bit cannot be safely manipulated while > live, regardless of whether the bit changes between the old and new > mapping. So take this into account when deciding whether the change > is safe. > >

Re: [PATCH v5 07/10] arm64/mmu: ignore debug_pagealloc for kernel segments

On Thu, Mar 09, 2017 at 09:25:09AM +0100, Ard Biesheuvel wrote: > The debug_pagealloc facility manipulates kernel mappings in the linear > region at page granularity to detect out of bounds or use-after-free > accesses. Since the kernel segments are not allocated dynamically, > there is no point

[PATCH 02/15] arm64: sysreg: add debug system registers

This patch adds sysreg definitions for system registers in the debug and trace system register encoding space. Subsequent patches will make use of these definitions. The encodings were taken from ARM DDI 0487A.k_iss10775, Table C5-5. Signed-off-by: Mark Rutland Cc: Catalin

[PATCH 10/15] KVM: arm64: Use common performance monitor sysreg definitions

Now that we have common definitions for the performance monitor register encodings, make the KVM code use these, simplifying the sys_reg_descs table. The comments for PMUSERENR_EL0 and PMCCFILTR_EL0 are kept, as these describe non-obvious details regarding the registers. However, a slight fixup

[PATCH 06/15] arm64: sysreg: add register encodings used by KVM

This patch adds sysreg definitions for registers which KVM needs the encodings for, which are not currently describe in . Subsequent patches will make use of these definitions. The encodings were taken from ARM DDI 0487A.k_iss10775, Table C5-6, but this is not an exhaustive addition. Additions

[PATCH 15/15] KVM: arm64: Use common Set/Way sys definitions

Now that we have common definitions for the encoding of Set/Way cache maintenance operations, make the KVM code use these, simplifying the sys_reg_descs table. Signed-off-by: Mark Rutland Cc: Christoffer Dall Cc: Marc Zyngier

[PATCH 03/15] arm64: sysreg: add performance monitor registers

This patch adds sysreg definitions for system registers which are part of the performance monitors extension. Subsequent patches will make use of these definitions. The set of registers is described in ARM DDI 0487A.k_iss10775, Table D5-9. The encodings were taken from Table C5-6 in the same

[PATCH 12/15] KVM: arm64: Use common physical timer sysreg definitions

Now that we have common definitions for the physical timer control registers, make the KVM code use these, simplifying the sys_reg_descs table. Signed-off-by: Mark Rutland Cc: Christoffer Dall Cc: Marc Zyngier Cc:

[PATCH 14/15] KVM: arm64: Use common sysreg definitions

Now that we have common definitions for the remaining register encodings required by KVM, make the KVM code use these, simplifying the sys_reg_descs table and the genericv8_sys_regs table. Signed-off-by: Mark Rutland Cc: Christoffer Dall Cc:

[PATCH 08/15] KVM: arm64: add SYS_DESC()

This patch adds a macro enabling us to initialise sys_reg_desc structures based on common sysreg encoding definitions in . Subsequent patches will use this to simplify the KVM code. Signed-off-by: Mark Rutland Cc: Christoffer Dall Cc: Marc

[PATCH 13/15] KVM: arm64: use common invariant sysreg definitions

Now that we have common definitions for the register encodings used by KVM, make the KVM code uses thse for invariant sysreg definitions. This makes said definitions a reasonable amount shorter, especially as many comments are rendered redundant and can be removed. Signed-off-by: Mark Rutland

[PATCH 09/15] KVM: arm64: Use common debug sysreg definitions

Now that we have common definitions for the debug register encodings, make the KVM code use these, simplifying the sys_reg_descs table. The table previously erroneously referred to MDCCSR_EL0 as MDCCSR_EL1. This is corrected (as is necessary in order to use the common sysreg definition).

[PATCH 07/15] arm64: sysreg: add Set/Way sys encodings

Cache maintenance ops fall in the SYS instruction class, and KVM needs to handle them. So as to keep all SYS encodings in one place, this patch adds them to sysreg.h. The encodings were taken from ARM DDI 0487A.k_iss10775, Table C5-2. To make it clear that these are instructions rather than

[PATCH 11/15] KVM: arm64: Use common GICv3 sysreg definitions

Now that we have common definitions for the GICv3 register encodings, make the KVM code use these, simplifying the sys_reg_descs table. Signed-off-by: Mark Rutland Cc: Christoffer Dall Cc: Marc Zyngier Cc:

[PATCH 01/15] arm64: sysreg: sort by encoding

Out sysreg definitions are largely (but not entirely) in ascending order of op0:op1:CRn:CRm:op2. It would be preferable to enforce this sort, as this makes it easier to verify the set of encodings against documentation, and provides an obvious location for each addition in future, minimising

[PATCH 05/15] arm64: sysreg: add physical timer registers

This patch adds sysreg definitions for system registers used to control the architected physical timer. Subsequent patches will make use of these definitions. The encodings were taken from ARM DDI 0487A.k_iss10775, Table C5-6. Signed-off-by: Mark Rutland Cc: Catalin

[PATCH 04/15] arm64: sysreg: subsume GICv3 sysreg definitions

Unlike most sysreg defintiions, the GICv3 definitions don't have a SYS_ prefix, and they don't live in . Additionally, some definitions are duplicated elsewhere (e.g. in the KVM save/restore code). For consistency, and to make it possible to share a common definition for these sysregs, this patch

[PATCH 00/15] arm64/kvm: use common sysreg definitions

Currently we duplicate effort in maintaining system register encodings across arm64's , KVM's sysreg tables, and other places. This redundancy is unfortunate, and as encodings are encoded in-place without any mnemonic, this ends up more painful to read than necessary. This series ameliorates this

Re: [PATCH v5 06/10] arm64/mmu: align alloc_init_pte prototype with pmd/pud versions

On Thu, Mar 09, 2017 at 09:25:08AM +0100, Ard Biesheuvel wrote: > Align the function prototype of alloc_init_pte() with its pmd and pud > counterparts by replacing the pfn parameter with the equivalent physical > address. > > Signed-off-by: Ard Biesheuvel > --- >

Re: [PATCH 00/10] KVM/ARM fixes for 4.11-rc2

On Thu, Mar 09 2017 at 3:16:52 pm GMT, Radim Krčmář wrote: > 2017-03-09 09:55+, Marc Zyngier: >> Paolo, Radim, >> >> Here's the KVM/ARM updates for 4.11-rc2. The usual bag of vgic >> updates, making the memslot array large enough to handle guests with >> tons of devices

Re: [PATCH RFC 6/7] ARM64: KVM: Support heterogeneous system

On 28/01/17 14:55, Andrew Jones wrote: On Mon, Jan 16, 2017 at 05:33:33PM +0800, Shannon Zhao wrote: From: Shannon Zhao When initializing KVM, check whether physical hardware is a heterogeneous system through the MIDR values. If so, force userspace to set the

Re: [PATCH 00/10] KVM/ARM fixes for 4.11-rc2

2017-03-09 09:55+, Marc Zyngier: > Paolo, Radim, > > Here's the KVM/ARM updates for 4.11-rc2. The usual bag of vgic > updates, making the memslot array large enough to handle guests with > tons of devices assigned to them, a tidying up of exception handling, > and a rather annoying TLB

Re: [PATCH RFC 7/7] ARM64: KVM: Add user set handler for id_aa64mmfr0_el1

On Thu, Mar 09, 2017 at 04:52:18AM -0800, Christoffer Dall wrote: > On Mon, Jan 16, 2017 at 05:33:34PM +0800, Shannon Zhao wrote: > > From: Shannon Zhao > > > > Check if the configuration is fine. > > This commit message really needs some love and attention. > > > > >

Re: [PATCH RFC 7/7] ARM64: KVM: Add user set handler for id_aa64mmfr0_el1

On Mon, Jan 16, 2017 at 05:33:34PM +0800, Shannon Zhao wrote: > From: Shannon Zhao > > Check if the configuration is fine. This commit message really needs some love and attention. > > Signed-off-by: Shannon Zhao > --- >

Re: [PATCH RFC 5/7] ARM64: KVM: Support cross type vCPU

On Sat, Jan 28, 2017 at 03:47:54PM +0100, Andrew Jones wrote: > On Mon, Jan 16, 2017 at 05:33:32PM +0800, Shannon Zhao wrote: > > From: Shannon Zhao > > > > Add a capability to tell userspace that KVM supports cross type vCPU. > > Add a cpu feature for userspace to set

Re: [PATCH RFC 4/7] ARM64: KVM: emulate accessing ID registers

On Mon, Jan 16, 2017 at 05:33:31PM +0800, Shannon Zhao wrote: > From: Shannon Zhao Please provide a commit message. Thanks, -Christoffer ___ kvmarm mailing list kvmarm@lists.cs.columbia.edu

Re: [PATCH RFC 2/7] ARM64: KVM: Add reset handlers for all ID registers

On Mon, Jan 16, 2017 at 05:33:29PM +0800, Shannon Zhao wrote: > From: Shannon Zhao > > Move invariant_sys_regs before emulate_sys_reg so that it can be used > later. > > Signed-off-by: Shannon Zhao > --- > arch/arm64/kvm/sys_regs.c | 193 >

[PATCH 10/10] KVM: arm64: Increase number of user memslots to 512

From: Linu Cherian Having only 32 memslots is a real constraint for the maximum number of PCI devices that can be assigned to a single guest. Assuming each PCI device/virtual function having two memory BAR regions, we could assign only 15 devices/virtual functions to a

[PATCH 07/10] KVM: Add documentation for KVM_CAP_NR_MEMSLOTS

From: Linu Cherian Add documentation for KVM_CAP_NR_MEMSLOTS capability. Reviewed-by: Christoffer Dall Signed-off-by: Linu Cherian Signed-off-by: Marc Zyngier --- Documentation/virtual/kvm/api.txt | 4

[PATCH 08/10] KVM: arm/arm64: Enable KVM_CAP_NR_MEMSLOTS on arm/arm64

From: Linu Cherian Return KVM_USER_MEM_SLOTS for userspace capability query on NR_MEMSLOTS. Reviewed-by: Christoffer Dall Signed-off-by: Linu Cherian Signed-off-by: Marc Zyngier --- arch/arm/kvm/arm.c

[PATCH 09/10] KVM: arm/arm64: Remove KVM_PRIVATE_MEM_SLOTS definition that are unused

From: Linu Cherian arm/arm64 architecture doesnt use private memslots, hence removing KVM_PRIVATE_MEM_SLOTS macro definition. Reviewed-by: Christoffer Dall Signed-off-by: Linu Cherian Signed-off-by: Marc Zyngier

[PATCH 06/10] KVM: arm/arm64: VGIC: Fix command handling while ITS being disabled

From: Andre Przywara The ITS spec says that ITS commands are only processed when the ITS is enabled (section 8.19.4, Enabled, bit[0]). Our emulation was not taking this into account. Fix this by checking the enabled state before handling CWRITER writes. On the other hand

[PATCH 03/10] KVM: arm/arm64: Let vcpu thread modify its own active state

From: Jintack Lim Currently, if a vcpu thread tries to change the active state of an interrupt which is already on the same vcpu's AP list, it will loop forever. Since the VGIC mmio handler is called after a vcpu has already synced back the LR state to the struct

[PATCH 05/10] arm64: KVM: Survive unknown traps from guests

From: Mark Rutland Currently we BUG() if we see an ESR_EL2.EC value we don't recognise. As configurable disables/enables are added to the architecture (controlled by RES1/RES0 bits respectively), with associated synchronous exceptions, it may be possible for a guest to

[PATCH 04/10] arm: KVM: Survive unknown traps from guests

From: Mark Rutland Currently we BUG() if we see a HSR.EC value we don't recognise. As configurable disables/enables are added to the architecture (controlled by RES1/RES0 bits respectively), with associated synchronous exceptions, it may be possible for a guest to trigger

[PATCH 02/10] KVM: arm/arm64: vgic-v3: Don't pretend to support IRQ/FIQ bypass

Our GICv3 emulation always presents ICC_SRE_EL1 with DIB/DFB set to zero, which implies that there is a way to bypass the GIC and inject raw IRQ/FIQ by driving the CPU pins. Of course, we don't allow that when the GIC is configured, but we fail to indicate that to the guest. The obvious fix is to

[PATCH 00/10] KVM/ARM fixes for 4.11-rc2

Paolo, Radim, Here's the KVM/ARM updates for 4.11-rc2. The usual bag of vgic updates, making the memslot array large enough to handle guests with tons of devices assigned to them, a tidying up of exception handling, and a rather annoying TLB handling issue on VHE systems. Please pull, Thanks,

[PATCH 01/10] arm64: KVM: VHE: Clear HCR_TGE when invalidating guest TLBs

When invalidating guest TLBs, special care must be taken to actually shoot the guest TLBs and not the host ones if we're running on a VHE system. This is controlled by the HCR_EL2.TGE bit, which we forget to clear before invalidating TLBs. Address the issue by introducing two wrappers

Re: [PATCH V12 09/10] trace, ras: add ARM processor error trace event

Hi Tyler Baicar, On 2017/3/7 4:45, Tyler Baicar wrote: > Currently there are trace events for the various RAS > errors with the exception of ARM processor type errors. > Add a new trace event for such errors so that the user > will know when they occur. These trace events are > consistent with

Re: [PATCH v2] arm64: kvm: Use has_vhe() instead of hyp_alternate_select()

Hi Shanker, On Sun, Mar 05, 2017 at 08:33:18PM -0600, Shanker Donthineni wrote: > Now all the cpu_hwcaps features have their own static keys. We don't > need a separate function hyp_alternate_select() to patch the vhe/nvhe > code. We can achieve the same functionality by using has_vhe(). It >

Re: [PATCH v4 0/4] KVM: arm64: Increase number of user memslots

On Thu, Mar 09, 2017 at 08:01:56AM +, Marc Zyngier wrote: > On Wed, Mar 08 2017 at 6:08:31 am GMT, linucher...@gmail.com wrote: > > From: Linu Cherian > > > > v3 -> v4: > > - Add missing commit messages in patches 1 and 3 > > > > v2 -> v3: > > - Added documentation

[PATCH v5 09/10] arm64/mmu: replace 'page_mappings_only' parameter with flags argument

In preparation of extending the policy for manipulating kernel mappings with whether or not contiguous hints may be used in the page tables, replace the bool 'page_mappings_only' with a flags field and a flag NO_BLOCK_MAPPINGS. Signed-off-by: Ard Biesheuvel ---

[PATCH v5 10/10] arm64: mm: set the contiguous bit for kernel mappings where appropriate

This is the third attempt at enabling the use of contiguous hints for kernel mappings. The most recent attempt 0bfc445dec9d was reverted after it turned out that updating permission attributes on live contiguous ranges may result in TLB conflicts. So this time, the contiguous hint is not set for

[PATCH v5 08/10] arm64/mmu: add contiguous bit to sanity bug check

A mapping with the contiguous bit cannot be safely manipulated while live, regardless of whether the bit changes between the old and new mapping. So take this into account when deciding whether the change is safe. Signed-off-by: Ard Biesheuvel --- arch/arm64/mm/mmu.c

[PATCH v5 04/10] arm64: mmu: map .text as read-only from the outset

Now that alternatives patching code no longer relies on the primary mapping of .text being writable, we can remove the code that removes the writable permissions post-init time, and map it read-only from the outset. To preserve the existing behavior under rodata=off, which is relied upon by

[PATCH v5 07/10] arm64/mmu: ignore debug_pagealloc for kernel segments

The debug_pagealloc facility manipulates kernel mappings in the linear region at page granularity to detect out of bounds or use-after-free accesses. Since the kernel segments are not allocated dynamically, there is no point in taking the debug_pagealloc_enabled flag into account for them, and we

[PATCH v5 05/10] arm64: mmu: apply strict permissions to .init.text and .init.data

To avoid having mappings that are writable and executable at the same time, split the init region into a .init.text region that is mapped read-only, and a .init.data region that is mapped non-executable. This is possible now that the alternative patching occurs via the linear mapping, and the

[PATCH v5 06/10] arm64/mmu: align alloc_init_pte prototype with pmd/pud versions

Align the function prototype of alloc_init_pte() with its pmd and pud counterparts by replacing the pfn parameter with the equivalent physical address. Signed-off-by: Ard Biesheuvel --- arch/arm64/mm/mmu.c | 8 1 file changed, 4 insertions(+), 4 deletions(-)

[PATCH v5 02/10] arm64: mmu: move TLB maintenance from callers to create_mapping_late()

In preparation of refactoring the kernel mapping logic so that text regions are never mapped writable, which would require adding explicit TLB maintenance to new call sites of create_mapping_late() (which is currently invoked twice from the same function), move the TLB maintenance from the call

[PATCH v5 03/10] arm64: alternatives: apply boot time fixups via the linear mapping

One important rule of thumb when desiging a secure software system is that memory should never be writable and executable at the same time. We mostly adhere to this rule in the kernel, except at boot time, when regions may be mapped RWX until after we are done applying alternatives or making other

[PATCH v5 01/10] arm: kvm: move kvm_vgic_global_state out of .text section

The kvm_vgic_global_state struct contains a static key which is written to by jump_label_init() at boot time. So in preparation of making .text regions truly (well, almost truly) read-only, mark kvm_vgic_global_state __ro_after_init so it moves to the .rodata section instead. Acked-by: Marc

[PATCH v5 00/10] arm64: mmu: avoid W+X mappings and re-enable PTE_CONT for kernel

Having memory that is writable and executable at the same time is a security hazard, and so we tend to avoid those when we can. However, at boot time, we keep .text mapped writable during the entire init phase, and the init region itself is mapped rwx as well. Let's improve the situation by: -

Re: [PATCH v4 0/4] KVM: arm64: Increase number of user memslots

On Wed, Mar 08 2017 at 6:08:31 am GMT, linucher...@gmail.com wrote: > From: Linu Cherian > > v3 -> v4: > - Add missing commit messages in patches 1 and 3 > > v2 -> v3: > - Added documentation for KVM_CAP_NR_MEMSLOTS > - Removed KVM_PRIVATE_MEM_SLOTS which is unused > -