On Wednesday 16 Nov 2022 at 17:03:35 (+), Quentin Perret wrote:
> FF-A memory descriptors may need to be sent in fragments when they don't
> fit in the mailboxes. Doing so involves using the FRAG_TX and FRAG_RX
> primitives defined in the FF-A protocol.
>
> Add support
and by buffering large
descriptors on the reclaim path.
Co-developed-by: Andrew Walbran
Signed-off-by: Andrew Walbran
Signed-off-by: Will Deacon
Signed-off-by: Quentin Perret
---
arch/arm64/include/asm/kvm_pkvm.h | 17 ++-
arch/arm64/kvm/hyp/nvhe/ffa.c | 170 +-
2
Signed-off-by: Will Deacon
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 3 +
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 68 +++
2 files changed, 71 insertions(+)
diff --git a/arch/arm64/kvm/hyp/include/nvhe/mem_protect.h
b/arch/arm64/kvm/hyp
-off-by: Will Deacon
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/nvhe/ffa.c | 173 ++
include/linux/arm_ffa.h | 8 ++
2 files changed, 181 insertions(+)
diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c
index 7cb9095e00ff
From: Will Deacon
Handle FFA_MEM_LEND calls from the host by treating them identically to
FFA_MEM_SHARE calls for the purposes of the host stage-2 page-table, but
forwarding on the original request to EL3.
Signed-off-by: Will Deacon
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/nvhe
-by: Will Deacon
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/nvhe/ffa.c | 153 ++
1 file changed, 153 insertions(+)
diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c
index 8388cc901c97..e6d85849c617 100644
--- a/arch/arm64/kvm/hyp
From: Will Deacon
Intecept FFA_MEM_RECLAIM calls from the host and transition the host
stage-2 page-table entries from the SHARED_OWNED state back to the OWNED
state once EL3 has confirmed that the secure mapping has been reclaimed.
Signed-off-by: Will Deacon
Signed-off-by: Quentin Perret
Signed-off-by: Andrew Walbran
Signed-off-by: Will Deacon
Signed-off-by: Quentin Perret
---
arch/arm64/include/asm/kvm_pkvm.h | 8
arch/arm64/kvm/hyp/include/nvhe/ffa.h | 2 +-
arch/arm64/kvm/hyp/nvhe/ffa.c | 24 +++-
arch/arm64/kvm/hyp/nvhe/setup.c
From: Will Deacon
Probe FF-A during pKVM initialisation so that we can detect any
inconsistencies in the version or partition ID early on.
Signed-off-by: Will Deacon
Signed-off-by: Quentin Perret
---
arch/arm64/include/asm/kvm_host.h | 1 +
arch/arm64/kvm/arm.c | 1
From: Fuad Tabba
Filter out advertising unsupported features, and only advertise
features and properties that are supported by the hypervisor proxy.
Signed-off-by: Fuad Tabba
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/nvhe/ffa.c | 44 +++
1 file
-related FF-A SMC calls
from the host to EL3. This puts the framework in place for handling them
properly.
Co-developed-by: Andrew Walbran
Signed-off-by: Andrew Walbran
Signed-off-by: Will Deacon
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/include/nvhe/ffa.h | 16
arch/arm64/kvm/hyp
From: Will Deacon
This is consistent with the other comments in the struct.
Co-developed-by: Andrew Walbran
Signed-off-by: Andrew Walbran
Signed-off-by: Will Deacon
Signed-off-by: Quentin Perret
---
include/linux/arm_ffa.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
call from the host
Quentin Perret (1):
ANDROID: KVM: arm64: pkvm: Add support for fragmented FF-A descriptors
Will Deacon (10):
firmware: arm_ffa: Move constants to header file
firmware: arm_ffa: Move comment before the field it is documenting
KVM: arm64: Block unsafe FF-A calls from the
by: Andrew Walbran
Signed-off-by: Andrew Walbran
Signed-off-by: Will Deacon
Signed-off-by: Quentin Perret
---
drivers/firmware/arm_ffa/driver.c | 101 +++---
include/linux/arm_ffa.h | 83
2 files changed, 93 insertions(+), 91 deletion
Hey Oliver,
On Friday 28 Oct 2022 at 08:34:48 (+), Oliver Upton wrote:
> Perhaps it is just me, but the 'initiator' and 'completer' terms are
> slightly confusing descriptors for the addresses involved in a memory
> transition. Apply a rename to instead describe memory transitions in
> terms
and stage-2 PTEs, and this all ends
up working correctly by accident. But clearly, we should do better.
Fix hyp_get_page_state() to use the correct helper.
Fixes: e82edcc75c4e ("KVM: arm64: Implement do_share() helper for sharing
memory")
Signed-off-by: Quentin Perret
---
arch/arm64/kv
.
Signed-off-by: Will Deacon
Signed-off-by: Quentin Perret
---
arch/arm64/include/asm/kvm_asm.h | 1 +
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 1 +
arch/arm64/kvm/hyp/nvhe/hyp-main.c| 8 +
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 33
), but is thankfully
no longer relied upon by the host.
Signed-off-by: Will Deacon
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 121 +++---
1 file changed, 33 insertions(+), 88 deletions(-)
diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c
b/arch/arm64/kvm/hyp
From: Will Deacon
kvm_pgtable_hyp_unmap() relies on the ->page_count() function callback
being provided by the memory-management operations for the page-table.
Wire up this callback for the hypervisor stage-1 page-table.
Signed-off-by: Will Deacon
Signed-off-by: Quentin Perret
---
a
In nVHE-protected mode, the hyp stage-1 page-table refcount is broken
due to the lack of refcount support in the early allocator. Fix-up the
refcount in the finalize walker, once the 'hyp_vmemmap' is up and running.
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/nvhe/setup.c | 31
Make use of the newly introduced unshare hypercall during guest teardown
to unmap guest-related data structures from the hyp stage-1.
Signed-off-by: Quentin Perret
---
arch/arm64/include/asm/kvm_host.h | 2 ++
arch/arm64/include/asm/kvm_mmu.h | 1 +
arch/arm64/kvm/arm.c | 2
To prepare the ground for allowing hyp stage-1 mappings to be removed at
run-time, update the KVM page-table code to maintain a correct refcount
using the ->{get,put}_page() function callbacks.
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/pgtable.c | 17 ++---
1 file chan
be expected, as we will soon need a
matching unshare hypercall in all those places.
Signed-off-by: Quentin Perret
---
arch/arm64/include/asm/kvm_mmu.h | 1 +
arch/arm64/kvm/arm.c | 4 ++--
arch/arm64/kvm/fpsimd.c | 4 ++--
arch/arm64/kvm/mmu.c | 19
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 5 +
1 file changed, 5 insertions(+)
diff --git a/arch/arm64/kvm/hyp/include/nvhe/mem_protect.h
b/arch/arm64/kvm/hyp/include/nvhe/mem_protect.h
index b58c910babaf..56445586c755 100644
--- a/arch/arm64/kvm/hyp
removed, which implies refcounting of page-table
pages is unnecessary.
In preparation for allowing hypervisor stage-1 mappings to be removed,
provide stub implementations for {get,put}_page() in the early allocator.
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/nvhe/early_alloc.c | 5 +
1
;
This has been lightly tested on Qemu, by spawning and powering off a
guest 50 times. You can find a branch with everything applied here:
https://android-kvm.googlesource.com/linux qperret/hyp-unshare-v2
Thanks!
Quentin
Quentin Perret (7):
KVM: arm64: Check if running in VHE from
From: Will Deacon
Implement kvm_pgtable_hyp_unmap() which can be used to remove hypervisor
stage-1 mappings at EL2.
Signed-off-by: Will Deacon
Signed-off-by: Quentin Perret
---
arch/arm64/include/asm/kvm_pgtable.h | 21 ++
arch/arm64/kvm/hyp/pgtable.c | 63
and the
permission checks for each component are reusable.
Signed-off-by: Will Deacon
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 237 ++
1 file changed, 237 insertions(+)
diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c
b/arch/arm64/kvm/hyp/nvhe
-off-by: Quentin Perret
---
arch/arm64/kvm/mmu.c | 78 ++--
1 file changed, 68 insertions(+), 10 deletions(-)
diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c
index 0cc4b295e525..f0c16ed95974 100644
--- a/arch/arm64/kvm/mmu.c
+++ b/arch/arm64/kvm
r the host-to-hyp case.
Signed-off-by: Will Deacon
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 115 ++
1 file changed, 115 insertions(+)
diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c
b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
index ab
).
Signed-off-by: Will Deacon
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 32 ++-
1 file changed, 26 insertions(+), 6 deletions(-)
diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c
b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
index 1f0fb0780622
sure to catch this case as well, hence making the function
return sensible values in any context (VHE or not).
Suggested-by: Marc Zyngier
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/mmu.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c
index
Hi Andrew,
On Friday 15 Oct 2021 at 16:11:49 (+0100), Andrew Walbran wrote:
> On Wed, 13 Oct 2021 at 16:58, 'Quentin Perret' via kernel-team
> > +struct pkvm_mem_transition {
> > + u64 nr_pages;
> > +
> > + struct
On Monday 18 Oct 2021 at 18:12:22 (+0100), Marc Zyngier wrote:
> On 2021-10-18 15:03, Quentin Perret wrote:
> > On Monday 18 Oct 2021 at 11:32:13 (+0100), Quentin Perret wrote:
> > > Another option is to take a refcount on 'current' from
> > > kvm_arch_vcpu_run_map
On Monday 18 Oct 2021 at 11:32:13 (+0100), Quentin Perret wrote:
> Another option is to take a refcount on 'current' from
> kvm_arch_vcpu_run_map_fp() before sharing thread-specific structs with
> the hyp and release the refcount of the previous task after unsharing.
> But that mean
On Sunday 17 Oct 2021 at 11:41:21 (+0100), Marc Zyngier wrote:
> Not directly related to this code, but it looks to me that
> kvm_host_owns_hyp_mappings() really ought to check for
> is_kernel_in_hyp_mode() on its own. VHE really deals with its own
> mappings, and create_hyp_mappings() already has
On Saturday 16 Oct 2021 at 12:04:15 (+0100), Marc Zyngier wrote:
> I actually ended-up implementing a similar patch as part of my 'first
> run' series[1], though I moved the mapping to the point where we
> finalise the vcpu as that's where the allocation takes place.
>
> Do you see any potential
On Saturday 16 Oct 2021 at 13:25:45 (+0100), Marc Zyngier wrote:
> At this stage, the old thread may have been destroyed and the memory
> recycled. What happens if, in the interval, that memory gets shared
> again in another context? My guts feeling is that either the sharing
> fails, or the
.
This will simplify a lot memory tracking as the hypervisor will have a
place to store metadata (e.g. refcounts) that wouldn't otherwise fit in
the 4 SW bits we have in the host stage-2 page-table.
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/include/nvhe/mm.h | 29 ++
arch
-by: Quentin Perret
---
arch/arm64/include/asm/kvm_asm.h | 1 +
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 1 +
arch/arm64/kvm/hyp/nvhe/hyp-main.c| 9 +
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 159 ++
4 files changed, 170 insertions(+)
diff --git
Make use of the newly introduced unshare hypercall during guest teardown
to unmap guest-related data structures from the hyp stage-1.
Signed-off-by: Quentin Perret
---
arch/arm64/include/asm/kvm_host.h | 2 ++
arch/arm64/include/asm/kvm_mmu.h | 1 +
arch/arm64/kvm/arm.c | 2
To prepare the ground for allowing hyp stage-1 mappings to be removed at
run-time, update the KVM page-table code to maintain a correct refcount
using the ->{get,put}_page() function callbacks.
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/pgtable.c | 17 ++---
1 file chan
From: Will Deacon
kvm_pgtable_hyp_unmap() relies on the ->page_count() function callback
being provided by the memory-management operations for the page-table.
Wire up this callback for the hypervisor stage-1 page-table.
Signed-off-by: Will Deacon
Signed-off-by: Quentin Perret
---
a
In nVHE-protected mode, the hyp stage-1 page-table refcount is broken
due to the lack of refcount support in the early allocator. Fix-up the
refcount in the finalize walker, once the 'hyp_vmemmap' is up and running.
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/nvhe/setup.c | 31
removed, which implies refcounting of page-table
pages is unnecessary.
In preparation for allowing hypervisor stage-1 mappings to be removed,
provide stub implementations for {get,put}_page() in the early allocator.
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/nvhe/early_alloc.c | 5 +
1
We will soon need to touch the hyp_page refcount from outside
page_alloc.c in nVHE protected mode, so move the relevant helpers into a
header file.
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/include/nvhe/memory.h | 18 ++
arch/arm64/kvm/hyp/nvhe/page_alloc.c | 18
shared with the
hypervisor by the host, move the handling into a hyp-specific function
to check incoming shares, therefore preventing double-sharing outside
of this particular transition.
Signed-off-by: Will Deacon
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 57
We currently allow double sharing of pages from the hypervisor to the
host, but don't track how many times each page is shared. In order to
prepare the introduction of an unshare operation in the hypervisor,
refcount the physical pages which the host shares more than once.
Signed-off-by: Quentin
;
- patches 15-16 add the unshare hypercall, and make use of it when
tearing down guests.
This has been lightly tested on Qemu, by spawning and powering off a
guest 50 times.
Feedback welcome :) !
Thanks,
Quentin
Quentin Perret (11):
KVM: arm64: Avoid remapping the SVE state in the hyp stage-1
-by: Quentin Perret
---
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 2 +-
arch/arm64/kvm/hyp/nvhe/hyp-main.c| 3 ++-
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 4 +--
arch/arm64/kvm/mmu.c | 25 +++
4 files changed, 14 insertions
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 5 +
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 315 ++
2 files changed, 320 insertions(+)
diff --git a/arch/arm64/kvm/hyp/include/nvhe/mem_protect.h
b/arch/arm64/kvm/hyp/include/nvhe
From: Will Deacon
Implement kvm_pgtable_hyp_unmap() which can be used to remove hypervisor
stage-1 mappings at EL2.
Signed-off-by: Will Deacon
Signed-off-by: Quentin Perret
---
arch/arm64/include/asm/kvm_pgtable.h | 21 ++
arch/arm64/kvm/hyp/pgtable.c | 63
().
Suggested-by: Marc Zyngier
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/arm.c| 12
arch/arm64/kvm/fpsimd.c | 11 ---
2 files changed, 12 insertions(+), 11 deletions(-)
diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
index fe102cd2e518..c33d8c073820 100644
. However,
this makes no functional difference as long as no other transitions are
supported and the host can only share pages by pfn.
Signed-off-by: Will Deacon
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 121 +++---
1 file changed, 33 insertions
be expected, as we will soon need a
matching unshare hypercall in all those places.
Signed-off-by: Quentin Perret
---
arch/arm64/include/asm/kvm_mmu.h | 1 +
arch/arm64/kvm/arm.c | 7 +++
arch/arm64/kvm/fpsimd.c | 4 ++--
arch/arm64/kvm/mmu.c | 19
M: arm64: Introduce MTE VM feature")
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/mmu.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c
index 1a94a7ca48f2..69bd1732a299 100644
--- a/arch/arm64/kvm/mmu.c
+++ b/arch/ar
-by: Quentin Perret
---
arch/arm64/kvm/hyp/nvhe/page_alloc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/kvm/hyp/nvhe/page_alloc.c
b/arch/arm64/kvm/hyp/nvhe/page_alloc.c
index a6e874e61a40..0bd7701ad1df 100644
--- a/arch/arm64/kvm/hyp/nvhe/page_alloc.c
+++ b/arch/arm64/kvm/hyp/nvhe
ot;)
Acked-by: Will Deacon
Suggested-by: Will Deacon
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/include/nvhe/gfp.h | 1 +
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 13 -
arch/arm64/kvm/hyp/nvhe/page_alloc.c | 14 ++
3 files changed, 27 insertions(+), 1 deletion(-)
02 fixes a small inconsistency which made it harder to
find refcount-related bugs at EL2.
Changes since v1:
- applied Acked-by from Will;
- better comment + commit message for patch 01 (Marc).
Thanks!
Quentin
Quentin Perret (2):
KVM: arm64: Fix host stage-2 PGD refcount
KVM: arm64: Report
,
Quentin
Quentin Perret (2):
KVM: arm64: Fix host stage-2 PGD refcount
KVM: arm64: Report corrupted refcount at EL2
arch/arm64/kvm/hyp/include/nvhe/gfp.h | 1 +
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 6 +-
arch/arm64/kvm/hyp/nvhe/page_alloc.c | 15 +++
3 files changed, 21
Some of the refcount manipulation helpers used at EL2 are instrumented
to catch a corrupt state, but not all of them are treated equally. Let's
make things more consistent by instrumenting hyp_page_ref_dec_and_test()
as well.
Suggested-by: Will Deacon
Signed-off-by: Quentin Perret
---
arch
the page-table.
Fix this by introducing a new hyp_split_page() helper in the EL2 page
allocator (matching EL1's split_page() function), and make use of it
from host_s2_zalloc_page().
Fixes: 1025c8c0c6ac ("KVM: arm64: Wrap the host with a stage 2")
Suggested-by: Will Deacon
Signed-off-by: Quen
Hey Marc,
On Monday 04 Oct 2021 at 10:55:13 (+0100), Marc Zyngier wrote:
> Hi Quentin,
>
> On Mon, 04 Oct 2021 10:03:13 +0100,
> Quentin Perret wrote:
> >
> > The KVM page-table library refcounts the pages of concatenated stage-2
> > PGDs individually. H
Some of the refcount manipulation helpers used at EL2 are instrumented
to catch a corrupt state, but not all of them are treated equally. Let's
make things more consistent by instrumenting hyp_page_ref_dec_and_test()
as well.
Suggested-by: Will Deacon
Signed-off-by: Quentin Perret
---
arch
,
Quentin
Quentin Perret (2):
KVM: arm64: Fix host stage-2 PGD refcount
KVM: arm64: Report corrupted refcount at EL2
arch/arm64/kvm/hyp/include/nvhe/gfp.h | 1 +
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 6 +-
arch/arm64/kvm/hyp/nvhe/page_alloc.c | 15 +++
3 files changed, 21
the page-table.
Fix this by introducing a new hyp_split_page() helper in the EL2 page
allocator (matching EL1's split_page() function), and make use of it
from host_s2_zalloc_page().
Fixes: 1025c8c0c6ac ("KVM: arm64: Wrap the host with a stage 2")
Suggested-by: Will Deacon
Signed-off-by: Quen
little sense,
> but in such a case just return early with -EPERM rather than go through
> the whole page-table dance again.
>
> Cc: Marc Zyngier
> Cc: Quentin Perret
> Signed-off-by: Will Deacon
> ---
> arch/arm64/kvm/hyp/nvhe/mem_protect.c | 3 +++
> 1 file changed, 3 inserti
isation remains functional, split cpu_hyp_reinit()
> into two helper functions to separate usage of the stub from usage of
> pkvm hypercalls either side of __pkvm_init on the boot CPU.
>
> Cc: Marc Zyngier
> Cc: Quentin Perret
> Signed-off-by: Will Deacon
Reviewed-by:
nalise the pKVM protections on a host CPU can be reported back to
> KVM.
>
> Cc: Marc Zyngier
> Cc: Quentin Perret
> Signed-off-by: Will Deacon
> ---
> arch/arm64/kvm/arm.c | 30 +++---
> 1 file changed, 19 insertions(+), 11 deletions(-)
>
> d
On Friday 24 Sep 2021 at 13:53:41 (+0100), Fuad Tabba wrote:
> Many functions don't need access to the vcpu structure, but only
> the hyp_state. Reduce their scope.
>
> This applies the semantic patches with the following commands:
> FILES="$(find arch/arm64/kvm/hyp -name "*.[ch]" ! -name
On Friday 24 Sep 2021 at 13:53:40 (+0100), Fuad Tabba wrote:
> Create a struct for the hypervisor state from the related fields
> in vcpu_arch. This is needed in future patches to reduce the
> scope of functions from the vcpu as a whole to only the relevant
> state, via this newly created struct.
On Friday 24 Sep 2021 at 13:53:39 (+0100), Fuad Tabba wrote:
> Some of the members of vcpu_arch represent state that belongs to
> the hypervisor. Future patches will factor these out into their
> own structure. To simplify the refactoring and make it easier to
> read, add accessors for the members
On Friday 24 Sep 2021 at 13:53:34 (+0100), Fuad Tabba wrote:
> +static void __vcpu_write_spsr(struct kvm_vcpu *vcpu, u64 val)
> +{
> + __ctxt_write_spsr(_ctxt(vcpu), val);
> +}
> +
> +static void __vcpu_write_spsr_abt(struct kvm_vcpu *vcpu, u64 val)
> +{
> +
Hey Fuad,
On Friday 24 Sep 2021 at 13:53:30 (+0100), Fuad Tabba wrote:
> Add a function to check whether a VM is protected (under pKVM).
> Since the creation of protected VMs isn't enabled yet, this is a
> placeholder that always returns false. The intention is for this
> to become a check for
Fix the error code returned by __pkvm_host_share_hyp() when the
host attempts to share with EL2 a page that has already been shared with
another entity.
Reported-by: Will Deacon
Signed-off-by: Quentin Perret
---
This patch fixes a bug introduced in the stage-2 ownership series which
is already
or donate them to another entity for example. To
prevent this, let's transfer the ownership of those ranges to the
hypervisor itself, and share the pages back with the host.
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/nvhe/setup.c | 82 +
1 file changed, 74
a
physical memory page with the hypervisor, and remove the
__pkvm_create_mappings() variant. The new hypercall implements
ownership and permission checks before allowing the sharing operation,
and it annotates the shared page in the hypervisor stage-1 and host
stage-2 page-tables.
Signed-off-by: Quentin
Now that we mark memory owned by the hypervisor in the host stage-2
during __pkvm_init(), we no longer need to rely on the host to
explicitly mark the hyp sections later on.
Remove the __pkvm_mark_hyp() hypercall altogether.
Signed-off-by: Quentin Perret
---
arch/arm64/include/asm/kvm_asm.h
We will need to manipulate the host stage-2 page-table from outside
mem_protect.c soon. Introduce two functions allowing this, and make
them usable to users of mem_protect.h.
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 2 ++
arch/arm64/kvm/hyp/nvhe
The __pkvm_create_mappings() function is no longer used outside of
nvhe/mm.c, make it static.
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/include/nvhe/mm.h | 2 --
arch/arm64/kvm/hyp/nvhe/mm.c | 4 ++--
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/arch/arm64
Refactor the hypervisor stage-1 locking in nVHE protected mode to expose
a new pkvm_create_mappings_locked() function. This will be used in later
patches to allow walking and changing the hypervisor stage-1 without
releasing the lock.
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/include
The current hypervisor stage-1 mapping code doesn't allow changing an
existing valid mapping. Relax this condition by allowing changes that
only target software bits, as that will soon be needed to annotate shared
pages.
Reviewed-by: Fuad Tabba
Signed-off-by: Quentin Perret
---
arch/arm64/kvm
during all map operations to determine whether the mappings
can use blocks, or should be forced to page granularity. This is used by
the hypervisor when creating the host stage-2 to force page-level
mappings when using non-default protection attributes.
Signed-off-by: Quentin Perret
---
arch
Introduce a helper usable in nVHE protected mode to check whether a
physical address is in a RAM region or not.
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 1 +
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 7 +++
2 files changed, 8 insertions
plenty of bits left to use in invalid
mappings, move the ownership bits further down the PTE to avoid the
conflict.
Reviewed-by: Fuad Tabba
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/pgtable.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/kvm/hyp
From: Marc Zyngier
It is becoming a common need to fetch the PTE for a given address
together with its level. Add such a helper.
Signed-off-by: Marc Zyngier
Signed-off-by: Quentin Perret
---
arch/arm64/include/asm/kvm_pgtable.h | 19 ++
arch/arm64/kvm/hyp/pgtable.c | 39
-by: Quentin Perret
---
arch/arm64/include/asm/kvm_pgtable.h | 40
arch/arm64/kvm/hyp/pgtable.c | 39 ---
2 files changed, 40 insertions(+), 39 deletions(-)
diff --git a/arch/arm64/include/asm/kvm_pgtable.h
b/arch/arm64/include/asm
Introduce helper functions in the KVM stage-2 and stage-1 page-table
manipulation library allowing to retrieve the enum kvm_pgtable_prot of a
PTE. This will be useful to implement custom walkers outside of
pgtable.c.
Signed-off-by: Quentin Perret
---
arch/arm64/include/asm/kvm_pgtable.h | 20
From: Will Deacon
Introduce hyp_spin_is_locked() so that functions can easily assert that
a given lock is held (albeit possibly by another CPU!) without having to
drag full lockdep support up to EL2.
Signed-off-by: Will Deacon
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/include/nvhe
Allow references to the hypervisor's owner id from outside
mem_protect.c.
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 2 ++
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kvm
currently only called early on and are guaranteed to
succeed, but making them robust to the -ENOMEM case doesn't hurt and
will avoid painful debugging sessions later on.
Reviewed-by: Fuad Tabba
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 40 +++
1
:
https://lore.kernel.org/kvmarm/20210510165920.1913477-56-...@kernel.org/
Suggested-by: Marc Zyngier
Signed-off-by: Quentin Perret
---
arch/arm64/include/asm/kvm_pgtable.h | 12 +++-
arch/arm64/kvm/hyp/pgtable.c | 5 +
2 files changed, 16 insertions(+), 1 deletion(-)
diff
-by: Fuad Tabba
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 26 +++
1 file changed, 26 insertions(+)
diff --git a/arch/arm64/kvm/hyp/include/nvhe/mem_protect.h
b/arch/arm64/kvm/hyp/include/nvhe/mem_protect.h
index 9c227d87c36d..87b1690c439f 100644
to report locking issues, hence BUG() is the
only option and it is not clear whether we want this widely enabled.
This is most likely going to be useful for local testing until the EL2
WARN() situation has improved.
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/Kconfig | 9
s since v3
- Fixed typos in comments / commit messages;
- Various small cleanups and refactoring;
- Rebased on 5.14-rc5.
Marc Zyngier (1):
KVM: arm64: Introduce helper to retrieve a PTE and its level
Quentin Perret (19):
KVM: arm64: Introduce hyp_assert_lock_held()
KVM: arm64: Provide the host_
-by: Quentin Perret
---
arch/arm64/kvm/hyp/pgtable.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/kvm/hyp/pgtable.c b/arch/arm64/kvm/hyp/pgtable.c
index 4dff2ad39ee4..59a394d82de3 100644
--- a/arch/arm64/kvm/hyp/pgtable.c
+++ b/arch/arm64/kvm/hyp/pgtable.c
@@ -36,6
-by: Fuad Tabba
Signed-off-by: Quentin Perret
---
arch/arm64/include/asm/kvm_pgtable.h | 30 ---
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 45 +++-
arch/arm64/kvm/hyp/pgtable.c | 74 ---
3 files changed, 44 insertions(+), 105 deletions(-)
diff
109,8 +109,8 @@ int kvm_host_prepare_stage2(void *pgt_pool_base)
> mmu->pgd_phys = __hyp_pa(host_kvm.pgt.pgd);
> mmu->arch = _kvm.arch;
> mmu->pgt = _kvm.pgt;
> - mmu->vmid.vmid_gen = 0;
> - mmu->vmid.vmid = 0;
> + WRITE_ONCE(mmu->vmid.vmid_gen, 0)
On Friday 06 Aug 2021 at 12:31:07 (+0100), Will Deacon wrote:
> From: Marc Zyngier
>
> The protected mode relies on a separate helper to load the
> S2 context. Move over to the __load_guest_stage2() helper
> instead.
>
> Cc: Catalin Marinas
> Cc: Jade Alglave
> Cc: Shameer Kolothum
>
On Tuesday 03 Aug 2021 at 10:22:03 (+0200), Fuad Tabba wrote:
> Hi Quentin,
>
> > diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c
> > b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
> > index 0ccea58df7e0..1b67f562b6fc 100644
> > --- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c
> > +++
1 - 100 of 520 matches
Mail list logo
