On Wed, 16 Nov 2022 17:03:23 +, Quentin Perret wrote:
> pKVM's primary goal is to protect guest pages from a compromised host by
> enforcing access control restrictions using stage-2 page-tables. Sadly,
> this cannot prevent TrustZone from accessing non-secure memory, and a
> compromised host
On Thu, Dec 01, 2022 at 11:53:08AM +, Sudeep Holla wrote:
> On Wed, Nov 16, 2022 at 05:03:25PM +, Quentin Perret wrote:
> > From: Will Deacon
> >
> > This is consistent with the other comments in the struct.
> >
> Not sure how that happened :). Anyways,
; v4:
> - Return an error instead of WARN() in hyp for shared walks (Will)
For the series:
Acked-by: Will Deacon
Thanks!
Will
___
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
On Thu, Nov 17, 2022 at 08:43:17AM -0600, Rob Herring wrote:
> On Fri, Nov 4, 2022 at 10:55 AM Rob Herring wrote:
> >
> > This series adds support for Arm SPEv1.2 which is part of the
> > Armv8.7/Armv9.2 architecture. There's 2 new features that affect the
> > kernel: a new event filter bit,
On Fri, Nov 04, 2022 at 10:55:07AM -0500, Rob Herring wrote:
> Arm SPEv1.2 adds another 64-bits of event filtering control. As the
> existing perf_event_attr::configN fields are all used up for SPE PMU, an
> additional field is needed. Add a new 'config3' field.
>
> Tested-by: James Clark
>
Hey Oliver,
On Thu, Nov 10, 2022 at 01:53:26AM +, Oliver Upton wrote:
> As the SMCCC (and related specifications) march towards an
> 'everything and the kitchen sink' interface for interacting with a
> system, it is less likely that KVM will implement every supported
> feature.
>
> Add a
On Thu, Nov 17, 2022 at 06:23:23PM +, Oliver Upton wrote:
> On Thu, Nov 17, 2022 at 05:49:52PM +, Will Deacon wrote:
> > On Wed, Nov 16, 2022 at 04:56:55PM +, Oliver Upton wrote:
>
> [...]
>
> > > -static inline void kvm_pgtable_walk_begin(void) {
On Wed, Nov 16, 2022 at 04:56:55PM +, Oliver Upton wrote:
> Marek reported a BUG resulting from the recent parallel faults changes,
> as the hyp stage-1 map walker attempted to allocate table memory while
> holding the RCU read lock:
>
> BUG: sleeping function called from invalid context at
On Mon, Nov 14, 2022 at 08:11:27PM +, Oliver Upton wrote:
> A subsequent change to the page table walkers adds RCU protection for
> walking stage-2 page tables. KVM uses a global lock to serialize hyp
> stage-1 walks, meaning RCU protection is quite meaningless for
> protecting hyp stage-1
On Fri, Oct 28, 2022 at 10:23:36AM +, Oliver Upton wrote:
> On Fri, Oct 28, 2022 at 09:57:04AM +, Quentin Perret wrote:
> > On Friday 28 Oct 2022 at 08:34:48 (+), Oliver Upton wrote:
> > > Perhaps it is just me, but the 'initiator' and 'completer' terms are
> > > slightly confusing
Hi Oliver,
On Fri, Oct 28, 2022 at 08:34:47AM +, Oliver Upton wrote:
> The layout of struct pkvm_mem_transition is a bit weird; the destination
> address for the transition is actually stashed in the initiator address
> context. Even weirder so, that address is thrown inside a union and
>
On Fri, 4 Nov 2022 06:16:59 +, Usama Arif wrote:
> arm_smccc_1_1_invoke() which is called later on in the function
> will return failure if there's no conduit (or pre-SMCCC 1.1),
> hence the check is unnecessary.
>
>
Applied to arm64 (for-next/trivial), thanks!
[1/1] arm64: paravirt:
is
initialised in protected mode.
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/include/nvhe/pkvm.h | 4 ++
arch/arm64/kvm/hyp/nvhe/hyp-main.c | 79 +-
arch/arm64/kvm/hyp/nvhe/pkvm.c | 28 +
3 files changed, 109 insertions(+), 2 deletions(-)
diff --git
-off-by: Will Deacon
---
arch/arm64/kernel/image-vars.h | 6 --
arch/arm64/kvm/hyp/nvhe/setup.c | 14 +++---
2 files changed, 3 insertions(+), 17 deletions(-)
diff --git a/arch/arm64/kernel/image-vars.h b/arch/arm64/kernel/image-vars.h
index d20dc9d555af..b585bbd36d81 100644
--- a/arch
on mapping all of the host '.rodata'
section.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/nvhe/setup.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/arch/arm64/kvm/hyp/nvhe/setup.c b/arch/arm64/kvm/hyp/nvhe/setup.c
index 0f69c1393416..5a371ab236db
of 'kvm_arm_vmid_bits' in the pKVM hypervisor and initialise it
from the host value while it is still trusted.
Signed-off-by: Will Deacon
---
arch/arm64/include/asm/kvm_hyp.h | 2 ++
arch/arm64/kernel/image-vars.h | 3 ---
arch/arm64/kvm/arm.c | 1 +
arch/arm64/kvm/hyp/nvhe/pkvm.c
this this into the nVHE code where it
cannot be modified by the untrusted host at EL1.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch/arm64/include/asm/kvm_asm.h | 4 ++--
arch/arm64/kernel/image-vars.h| 3 ---
arch/arm64/kvm/arm.c | 9 -
arch/arm64/kvm/hyp
by
the pKVM hypervisor at EL2.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch/arm64/include/asm/kvm_host.h | 7 +
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 2 +-
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 17 ++
arch/arm64/kvm/hyp/nvhe/pkvm.c
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/include/nvhe/pkvm.h | 6 ++
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 125 -
arch/arm64/kvm/mmu.c | 4 +-
3 files changed, 132 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/kvm/hyp/include/nvhe
this code path by merging both functions into one, taking care
to map the 'struct kvm' into the hypervisor stage-1 early on in order to
simplify the failure path.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch/arm64/include/asm/kvm_arm.h | 2 +-
arch/arm64/include/asm
Perret
Signed-off-by: Will Deacon
---
arch/arm64/include/asm/kvm_host.h | 57 +++
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 2 +
arch/arm64/kvm/hyp/nvhe/mm.c | 33 +++
arch/arm64/kvm/mmu.c | 26 +
4 files
into the guest stage-2 page-table is visible to the
instruction fetcher.
Signed-off-by: Will Deacon
---
arch/arm64/include/asm/kvm_hyp.h | 1 +
arch/arm64/kernel/image-vars.h | 3 ---
arch/arm64/kvm/arm.c | 1 +
arch/arm64/kvm/hyp/nvhe/cache.S | 11 +++
arch/arm64/kvm/hyp
is directly associated with an untrusted host KVM instance,
and is referenced by the host using an opaque handle. Future patches
will provide hypercalls to allow the host to initialize/set/get pKVM
VM/vCPU state using the opaque handle.
Signed-off-by: Fuad Tabba
Signed-off-by: Will Deacon
---
arch
symbols from the host copies regardless of
pKVM, ensuring that any reference to this data at EL2 with normal nVHE
will return a sensibly initialised value.
Signed-off-by: Will Deacon
---
arch/arm64/kvm/arm.c | 15 +--
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/arch/arm64
.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch/arm64/include/asm/kvm_pgtable.h | 12 +++
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 2 +
arch/arm64/kvm/hyp/include/nvhe/mm.h | 4 +
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 1 -
arch/arm64/kvm/hyp
structures are allocated separately so as to avoid the need for
a large physically-contiguous allocation in the host at run-time.
Signed-off-by: Fuad Tabba
Signed-off-by: Will Deacon
---
arch/arm64/include/asm/kvm_host.h | 15 +++-
arch/arm64/include/asm/kvm_pkvm.h | 4 +
arch/arm64/kvm/arm.c
.
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 6 +--
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 46 +--
2 files changed, 26 insertions(+), 26 deletions(-)
diff --git a/arch/arm64/kvm/hyp/include/nvhe/mem_protect.h
b/arch/arm64/kvm/hyp/include
From: Fuad Tabba
Introduce a static initializer macro for 'hyp_spinlock_t' so that it is
straightforward to instantiate global locks at EL2. This will be later
utilised for locking the VM table in the hypervisor.
Signed-off-by: Fuad Tabba
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp
nvhe/mem_protect.h refers to __load_stage2() in the definition of
__load_host_stage2() but doesn't include the relevant header.
Include asm/kvm_mmu.h in nvhe/mem_protect.h so that users of the latter
don't have to do this themselves.
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/include
-structures (e.g. 'struct kvm') with the guarantee that these pages
will remain in a stable state until the hypervisor decides to release
them, for example during guest teardown.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 3 ++
arch
eck for the presence of the
MEMBLOCK_NOMAP flag on a region containing pages being donated from the
host.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 22 --
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git
performed by the hypervisor to ensure that the component initiating the
transition really is the owner of the page and also that the completer
does not currently have a page mapped at the target address.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/include/nvhe/mem
of
the memory protection code, for example when initialising the owner for
hypervisor-owned pages.
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 6 +-
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 8
arch/arm64/kvm/hyp/nvhe/setup.c
.
This is achieved by traversing the entire hypervisor stage-1 page-table
during initialisation of EL2 and updating the corresponding
'struct hyp_page' for each valid mapping.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/nvhe/setup.c | 62
in the host stage-2 page-table entries. This
will be used in subsequent patches when pinning host memory pages for
use by the hypervisor at EL2.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch/arm64/include/asm/kvm_pkvm.h| 26 +++
arch/arm64/kvm/hyp/include
the host to the hypervisor when allocating guest stage-2
page-table pages at EL2.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/nvhe/page_alloc.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/arch/arm64/kvm/hyp/nvhe/page_alloc.c
b/arch/arm64/kvm/hyp/nvhe
From: Quentin Perret
We will soon need to manipulate 'struct hyp_page' refcounts from outside
page_alloc.c, so move the helpers to a common header file to allow them
to be reused easily.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/include/nvhe/memory.h
considerably closer to
isolating guests from the host.
Cheers,
Will, Quentin, Fuad and Marc
Cc: Sean Christopherson
Cc: Will Deacon
Cc: Vincent Donnefort
Cc: Alexandru Elisei
Cc: Catalin Marinas
Cc: James Morse
Cc: Chao Peng
Cc: Quentin Perret
Cc: Suzuki K Poulose
Cc: Mark Rutland
Cc: Fuad
On Sat, Sep 10, 2022 at 10:09:31AM +0100, Marc Zyngier wrote:
> On Fri, 09 Sep 2022 18:55:18 +0100,
> Elliot Berman wrote:
> >
> >
> >
> > On 9/9/2022 10:28 AM, Catalin Marinas wrote:
> > > On Fri, Sep 09, 2022 at 07:45:52AM -0700, Elliot Berman wrote:
> > >> Do not switch kvm_mode to
On Fri, 22 Jul 2022 15:14:47 +0100, Alexandru Elisei wrote:
> This is based on the series that added the libfdt source files to the
> kvmtool tree [1]. I've reconsidered the feedback I got from Andre and Will,
> and so I came up with a different approach: the user can opt to compile
> libdt
Hi Alex,
On Mon, Jul 25, 2022 at 11:06:24AM +0100, Alexandru Elisei wrote:
> On Tue, Apr 19, 2022 at 03:10:13PM +0100, Will Deacon wrote:
> > On Tue, Apr 19, 2022 at 02:51:05PM +0100, Alexandru Elisei wrote:
> > > The approach I've taken so far in adding support for SPE
Hi Sean,
On Tue, Jul 19, 2022 at 04:11:32PM +, Sean Christopherson wrote:
> Apologies for the slow reply.
No problem; you've provided a tonne of insightful feedback here, so it was
worth the wait. Thanks!
> On Fri, Jul 08, 2022, Will Deacon wrote:
> > but I wanted to inherit th
On Tue, Jul 19, 2022 at 02:32:18PM +0100, Vincent Donnefort wrote:
> [...]
>
> > }
> >
> > void reclaim_guest_pages(struct kvm_shadow_vm *vm)
> > {
> > - unsigned long nr_pages;
> > + unsigned long nr_pages, pfn;
> >
> > nr_pages = kvm_pgtable_stage2_pgd_size(vm->kvm.arch.vtcr) >>
Hi Vincent,
Thanks for going through this.
On Mon, Jul 18, 2022 at 07:40:05PM +0100, Vincent Donnefort wrote:
> [...]
>
> > diff --git a/arch/arm64/include/asm/kvm_pgtable.h
> > b/arch/arm64/include/asm/kvm_pgtable.h
> > index 9f339dffbc1a..2d6b5058f7d3 100644
> > ---
Hi Oliver,
Thanks for having a look.
On Wed, Jul 20, 2022 at 03:11:04PM +, Oliver Upton wrote:
> On Thu, Jun 30, 2022 at 02:57:29PM +0100, Will Deacon wrote:
> > The 'pkvm_component_id' enum type provides constants to refer to the
> > host and the hypervisor, yet t
On Tue, Jul 19, 2022 at 08:35:46PM +0100, Mark Brown wrote:
> On Tue, Jul 19, 2022 at 06:35:37PM +0100, Catalin Marinas wrote:
> > On Mon, Jun 20, 2022 at 01:41:58PM +0100, Mark Brown wrote:
>
> > > The documented syscall ABI specifies that the SVE state not shared with
> > > FPSIMD is undefined
Hi Sean,
Thanks for having a look.
On Wed, Jul 06, 2022 at 07:17:29PM +, Sean Christopherson wrote:
> On Thu, Jun 30, 2022, Will Deacon wrote:
> > This series has been extracted from the pKVM base support series (aka
> > "pKVM mega-patch") previously post
On Thu, 16 Jun 2022 15:55:26 +0100, Andre Przywara wrote:
> The GICv2 DT binding describes the third cell in each interrupt
> descriptor as holding the trigger type, but also the CPU mask that this
> IRQ applies to, in bits [15:8]. However this is not the case for GICv3,
> where we don't use a CPU
On Thu, 16 Jun 2022 14:48:16 +0100, Alexandru Elisei wrote:
> The series can be found at [1]. It is loosely based on the patches that
> allow the user to define the VM memory layout (RAM + MMIO) [2]. I've
> cherry-picked a handful of patches from that series, the rest I wrote from
> scratch since
On Wed, 29 Jun 2022 11:39:05 +0100, Alexandru Elisei wrote:
> pvtime uses ARM_PVTIME_BASE instead of ARM_PVTIME_SIZE for the size of the
> memory region given to the guest, which causes to the following error when
> creating a flash device (via the -F/--flash command line argument):
>
> Error:
is initialised
in protected mode.
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/include/nvhe/pkvm.h | 4 ++
arch/arm64/kvm/hyp/nvhe/hyp-main.c | 84 +-
arch/arm64/kvm/hyp/nvhe/pkvm.c | 28 +
3 files changed, 114 insertions(+), 2 deletions(-)
diff --git
From: Quentin Perret
We no longer need to map the host's .rodata and .bss sections in the
pkvm hypervisor, so let's remove those mappings. This will avoid
creating dependencies at EL2 on host-controlled data-structures.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch/arm64
From: Quentin Perret
The pkvm hypervisor may need to read the kvm_vgic_global_state variable
at EL2. Make sure to explicitly map it in its stage-1 page-table rather
than relying on mapping all of the host .rodata section.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch
of 'kvm_arm_vmid_bits' and initialise it from the host value
while it is still trusted.
Signed-off-by: Will Deacon
---
arch/arm64/include/asm/kvm_hyp.h | 2 ++
arch/arm64/kernel/image-vars.h | 3 ---
arch/arm64/kvm/arm.c | 1 +
arch/arm64/kvm/hyp/nvhe/pkvm.c | 3 +++
4 files
From: Quentin Perret
In pKVM mode, we can't trust the host not to mess with the hypervisor
per-cpu offsets, so let's move the array containing them to the nVHE
code.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch/arm64/include/asm/kvm_asm.h | 4 ++--
arch/arm64/kernel
Perret
Signed-off-by: Will Deacon
---
arch/arm64/include/asm/kvm_host.h | 6 +-
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 2 +-
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 17 +++--
arch/arm64/kvm/hyp/nvhe/pkvm.c| 8 +++-
arch/arm64/kvm
as there is no way for the host
to map anything into it. Yet.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/include/nvhe/pkvm.h | 6 ++
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 127 -
2 files changed, 130 insertions(+), 3 deletions(-)
diff --git a/arch
hyp_memcache
which is essentially a linked list of available pages, indexed by
physical addresses.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch/arm64/include/asm/kvm_host.h | 57 +++
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 2 +
arch/arm64/kvm/hyp
In preparation for handling cache maintenance of guest pages at EL2,
introduce an EL2 copy of icache_inval_pou() which will later be plumbed
into the stage-2 page-table cache maintenance callbacks.
Signed-off-by: Will Deacon
---
arch/arm64/include/asm/kvm_hyp.h | 1 +
arch/arm64/kernel/image
symbols from the host copies regardless of
pKVM, ensuring that any reference to this data at EL2 with normal nVHE
will return an sensibly initialised value.
Signed-off-by: Will Deacon
---
arch/arm64/kvm/arm.c | 15 +--
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/arch
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 2 +
arch/arm64/kvm/hyp/include/nvhe/mm.h | 4 ++
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 1 -
arch/arm64/kvm/hyp/nvhe/mm.c | 72 +++
arch/arm64/kvm/hyp/nvhe/setup.c
From: Fuad Tabba
Now that EL2 provides calls to create and destroy shadow VM structures,
plumb these into the KVM code at EL1 so that a shadow VM is created on
first vCPU run and destroyed later along with the 'struct kvm' at
teardown time.
Signed-off-by: Fuad Tabba
Signed-off-by: Will Deacon
From: Fuad Tabba
Introduce a table of shadow VM structures at EL2 and provide hypercalls
to the host for creating and destroying shadow VMs.
Signed-off-by: Fuad Tabba
Signed-off-by: Will Deacon
---
arch/arm64/include/asm/kvm_asm.h | 2 +
arch/arm64/include/asm/kvm_host.h
From: Fuad Tabba
Having a static initializer for hyp_spinlock_t simplifies its
use when there isn't an initializing function.
No functional change intended.
Signed-off-by: Fuad Tabba
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/include/nvhe/spinlock.h | 10 +-
1 file changed, 9
nvhe/mem_protect.h refers to __load_stage2() in the definition of
__load_host_stage2() but doesn't include the relevant header.
Include asm/kvm_mmu.h in nvhe/mem_protect.h so that users of the latter
don't have to do this themselves.
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/include
-structures
(struct kvm and such) and be guaranteed these pages will remain in a
stable state until it decides to release them, e.g. during guest
teardown.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 3 ++
arch/arm64/kvm/hyp/include/nvhe
region at EL2 easily.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 22 --
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c
b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
as do_{un,}share,
and provide this functionality for the host-{to,from}-hyp cases as this
will later be used to donate/reclaim memory pages to store VM metadata
at EL2.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 2 +
arch/arm
of
the memory protection code.
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 6 +-
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 8
arch/arm64/kvm/hyp/nvhe/setup.c | 2 +-
3 files changed, 6 insertions(+), 10 deletions(-)
diff --git
-by: Will Deacon
---
arch/arm64/kvm/hyp/nvhe/setup.c | 62 +++--
1 file changed, 43 insertions(+), 19 deletions(-)
diff --git a/arch/arm64/kvm/hyp/nvhe/setup.c b/arch/arm64/kvm/hyp/nvhe/setup.c
index 579eb4f73476..8f2726d7e201 100644
--- a/arch/arm64/kvm/hyp/nvhe/setup.c
+++ b/arch
of memory.
This will simplify a lot memory tracking as the hypervisor will have a
place to store metadata (e.g. refcounts) that wouldn't otherwise fit in
the 4 SW bits we have in the host stage-2 page-table for instance.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch/arm64
From: Quentin Perret
Add a 'flags' field to struct hyp_page, and reduce the size of the order
field to u8 to avoid growing the struct size.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/include/nvhe/gfp.h| 6 +++---
arch/arm64/kvm/hyp/include/nvhe
to the hypervisor when allocating guest
stage-2 page-table pages at EL2.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/nvhe/page_alloc.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/arch/arm64/kvm/hyp/nvhe/page_alloc.c
b/arch/arm64/kvm/hyp/nvhe
ntin, Fuad and Marc
Cc: Ard Biesheuvel
Cc: Sean Christopherson
Cc: Will Deacon
Cc: Alexandru Elisei
Cc: Andy Lutomirski
Cc: Catalin Marinas
Cc: James Morse
Cc: Chao Peng
Cc: Quentin Perret
Cc: Suzuki K Poulose
Cc: Michael Roth
Cc: Mark Rutland
Cc: Fuad Tabba
Cc: Oliver Upton
Cc: Ma
From: Quentin Perret
We will soon need to manipulate struct hyp_page refcounts from outside
page_alloc.c, so move the helpers to a header file.
Signed-off-by: Quentin Perret
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/include/nvhe/memory.h | 18 ++
arch/arm64/kvm/hyp
From: Marc Zyngier
The layout of 'struct kvm_vcpu_arch' has evolved significantly since
the initial port of KVM/arm64, so remove the stale comment suggesting
that a prefix of the structure is used exclusively from assembly code.
Signed-off-by: Marc Zyngier
---
to be dropped from the nVHE object.
Expand the comment in has_vhe() to make this clearer, hopefully
discouraging anybody from simplifying the code.
Cc: David Brazdil
Acked-by: Mark Rutland
Signed-off-by: Will Deacon
---
arch/arm64/include/asm/virt.h | 3 +++
1 file changed, 3 insertions
host_stage2_try() asserts that the KVM host lock is held, so there's no
need to duplicate the assertion in its wrappers.
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 4
1 file changed, 4 deletions(-)
diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c
b/arch
Ignore 'kvm-arm.mode=protected' when using VHE so that kvm_get_mode()
only returns KVM_MODE_PROTECTED on systems where the feature is available.
Cc: David Brazdil
Acked-by: Mark Rutland
Signed-off-by: Will Deacon
---
Documentation/admin-guide/kernel-parameters.txt | 1 -
arch/arm64/kernel
ones),
and have them to return 0.
Reported-by: Will Deacon
Signed-off-by: Marc Zyngier
---
arch/arm64/kvm/hyp/nvhe/sys_regs.c | 42 --
1 file changed, 34 insertions(+), 8 deletions(-)
diff --git a/arch/arm64/kvm/hyp/nvhe/sys_regs.c
b/arch/arm64/kvm/hyp/nvhe
If we fail to allocate the 'supported_cpus' cpumask in kvm_arch_init_vm()
then be sure to return -ENOMEM instead of success (0) on the failure
path.
Reviewed-by: Alexandru Elisei
Signed-off-by: Will Deacon
---
arch/arm64/kvm/arm.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff
sters trapped for a protected VM
KVM: arm64: Drop stale comment
Will Deacon (4):
KVM: arm64: Return error from kvm_arch_init_vm() on allocation failure
KVM: arm64: Ignore 'kvm-arm.mode=protected' when using VHE
KVM: arm64: Extend comment in has_vhe()
KVM: arm64: Remove redundant hyp_ass
On Tue, May 31, 2022 at 05:57:11PM +0100, Will Deacon wrote:
> On Thu, May 26, 2022 at 04:39:56PM -0400, Qian Cai wrote:
> > Running some SR-IOV workloads could trigger some leak reports from
> > kmemleak.
> >
> > unreferenced object 0x080243cef500 (size 128):
On Thu, May 26, 2022 at 04:39:56PM -0400, Qian Cai wrote:
> Running some SR-IOV workloads could trigger some leak reports from
> kmemleak.
>
> unreferenced object 0x080243cef500 (size 128):
> comm "qemu-system-aar", pid 179935, jiffies 4298359506 (age 1629.732s)
> hex dump (first 32
On Fri, May 20, 2022 at 05:03:29PM +0100, Alexandru Elisei wrote:
> On Thu, May 19, 2022 at 02:41:08PM +0100, Will Deacon wrote:
> > Now that EL2 is able to manage guest stage-2 page-tables, avoid
> > allocating a separate MMU structure in the host and instead introduce a
> &
On Fri, May 20, 2022 at 04:55:51PM +0100, Alexandru Elisei wrote:
> Hi,
>
> On Thu, May 19, 2022 at 02:40:38PM +0100, Will Deacon wrote:
> > If we fail to allocate the 'supported_cpus' cpumask in kvm_arch_init_vm()
> > then be sure to return -ENOMEM instead of success (0) on
On Wed, 25 May 2022 17:57:02 +0100, Alexandru Elisei wrote:
> The first fix is for arm64, where the VCPUs weren't pinned correctly with
> --vcpu-affinity when creating an aarch32 guest. Hopefully the patch is
> straightforward.
>
> The last patch is a fix for MIPS not compiling for a year now,
On Tue, 24 May 2022 16:06:07 +0100, Andre Przywara wrote:
> Since we implement some virtio devices in kvmtool, we were including
> older copies of some virtio UAPI header files in our tree, but were
> relying on some other headers to be provided by the distribution.
> This leads to problems when
On Fri, 20 May 2022 13:38:44 +0100, Vladimir Murzin wrote:
> KVM doesn't support combination of MTE and AArch32 guest, so do not
> even try.
>
>
Applied to kvmtool (master), thanks!
[1/1] aarch64: Give up with MTE for AArch32 guest
https://git.kernel.org/will/kvmtool/c/324cc0969b7c
Add some initial documentation for the Protected KVM (pKVM) feature on
arm64, describing the user ABI for creating protected VMs as well as
their limitations.
Signed-off-by: Will Deacon
---
.../admin-guide/kernel-parameters.txt | 4 +-
Documentation/virt/kvm/arm/index.rst | 1
Introduce a new virtual machine type, KVM_VM_TYPE_ARM_PROTECTED, which
specifies that the guest memory pages are to be unmapped from the host
stage-2 by the hypervisor.
Signed-off-by: Will Deacon
---
arch/arm64/include/asm/kvm_pkvm.h | 2 +-
arch/arm64/kvm/arm.c | 5 -
arch
MEM_SHARE:Share a page RWX with the host, faulting the page in if
necessary.
MEM_UNSHARE: Unshare a page with the host. Subsequent host accesses
to the page will result in a fault being injected by the
hypervisor.
Signed-off-by: W
KVM/arm64 makes use of the SMCCC "Vendor Specific Hypervisor Service
Call Range" to expose KVM-specific hypercalls to guests in a
discoverable and extensible fashion.
Document the existence of this interface and the discovery hypercall.
Signed-off-by: Will Deacon
---
Documentation/vi
The PTP hypercall documentation doesn't produce the best-looking table
when formatting in HTML as all of the return value definitions end up
on the same line.
Reformat the PTP hypercall documentation to follow the formatting used
by hypercalls.rst.
Signed-off-by: Will Deacon
---
Documentation
but will later be exposed to the guest via
hypercalls.
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 2 +
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 232 ++
2 files changed, 234 insertions(+)
diff --git a/arch/arm64/kvm/hyp/include/nvhe
tware bits of a PTE,
avoid the sequence in this case and just update the PTE directly.
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/pgtable.c | 11 ++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kvm/hyp/pgtable.c b/arch/arm64/kvm/hyp/pgtable.c
index 20
supports being invoked
from guest context and acts as a no-op if the target context matches the
running context.
Signed-off-by: Will Deacon
---
arch/arm64/kvm/hyp/nvhe/tlb.c | 96 ---
1 file changed, 78 insertions(+), 18 deletions(-)
diff --git a/arch/arm64/kvm/hyp
From: Quentin Perret
The pKVM hypervisor will currently panic if the host tries to access
memory that it doesn't own (e.g. protected guest memory). Sadly, as
guest memory can still be mapped into the VMM's address space, userspace
can trivially crash the kernel/hypervisor by poking into guest
From: Quentin Perret
In order to simplify the injection of exceptions in the host in pkvm
context, let's factor out of enter_exception64() the code calculating
the exception offset from VBAR_EL1 and the cpsr.
Signed-off-by: Quentin Perret
---
arch/arm64/include/asm/kvm_emulate.h | 5 ++
From: Quentin Perret
Add a helper allowing to check when the pkvm static key is enabled to
ease the introduction of pkvm hooks in other parts of the code.
Signed-off-by: Quentin Perret
---
arch/arm64/include/asm/virt.h | 12
1 file changed, 8 insertions(+), 4 deletions(-)
diff
1 - 100 of 1066 matches
Mail list logo
