On Tue, 2021-06-08 at 09:18 +0100, Marc Zyngier wrote:
> CAUTION: This email originated from outside of the organization. Do
> not click links or open attachments unless you can confirm the sender
> and know the content is safe.
>
>
>
> On Mon, 07 Jun 2021 19:34:08 +0100,
> "Jain, Jinank"
Fix the places in KVM that treat MDCR_EL2 as a 32-bit register.
More recent features (e.g., FEAT_SPEv1p2) use bits above 31.
No functional change intended.
Signed-off-by: Fuad Tabba
---
arch/arm64/include/asm/kvm_arm.h | 20 ++--
arch/arm64/include/asm/kvm_asm.h | 2 +-
Hi,
This patch series adds support for restricting CPU features for protected VMs
in KVM [1].
Various feature configurations are allowed in KVM/arm64. Supporting all
these features in pKVM is difficult, as it either involves moving much of
the handling code to EL2, which adds bloat and results
Trap accesses to restricted features for VMs running in protected
mode.
Access to feature registers are emulated, and only supported
features are exposed to protected VMs.
Accesses to restricted registers as well as restricted
instructions are trapped, and an undefined exception is injected
into
Add feature register flag definitions to clarify which features
might be toggled.
No functional change intended.
Signed-off-by: Fuad Tabba
---
arch/arm64/include/asm/sysreg.h | 6 ++
1 file changed, 6 insertions(+)
diff --git a/arch/arm64/include/asm/sysreg.h
Add hardware configuration register bit definitions for HCR_EL2
and MDCR_EL2. Future patches toggle these hyp configuration
register bits to trap on certain accesses.
No functional change intended.
Signed-off-by: Fuad Tabba
---
arch/arm64/include/asm/kvm_arm.h | 8
1 file changed, 8
Protected KVM does not support protected AArch32 guests. However,
it is possible for the guest to force run AArch32, potentially
causing problems. Add an extra check so that if the hypervisor
catches the guest doing that, it can prevent the guest from
running again by resetting vcpu->arch.target
Check that a protected VM is not setting any of the unsupported
features when it's created.
Signed-off-by: Fuad Tabba
---
arch/arm64/kvm/pkvm.c | 31 +++
1 file changed, 31 insertions(+)
diff --git a/arch/arm64/kvm/pkvm.c b/arch/arm64/kvm/pkvm.c
index
Editing this file later, and my editor always cleans up trailing
whitespace. Removing it earler for clearer future patches.
No functional change intended.
Signed-off-by: Fuad Tabba
---
arch/arm64/kvm/sys_regs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git
Makes it easier to grep and to cross-check with the Arm Architecture
Reference Manual.
No functional change intended.
Signed-off-by: Fuad Tabba
---
arch/arm64/include/asm/kvm_arm.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/include/asm/kvm_arm.h
Refactor sys_regs.h and sys_regs.c to make it easier to reuse
common code. It will be used in nVHE in a later patch.
No functional change intended.
Signed-off-by: Fuad Tabba
---
arch/arm64/kvm/sys_regs.c | 58 ++-
arch/arm64/kvm/sys_regs.h | 35
On deactivating traps, restore the value of mdcr_el2 from the
vcpu context, rather than directly reading the hardware register.
Currently, the two values are the same, i.e., the hardware
register and the vcpu one. A future patch will be changing the
value of mdcr_el2 on activating traps, and this
Move the sanitized copies of the CPU feature registers to the
recently created sys_regs.c. This consolidates all copies in a
more relevant file.
No functional change intended.
Signed-off-by: Fuad Tabba
---
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 6 --
arch/arm64/kvm/hyp/nvhe/sys_regs.c
Add an array of pointers to handlers for various trap reasons in
nVHE code.
The current code selects how to fixup a guest on exit based on a
series of if/else statements. Future patches will also require
different handling for guest exists. Create an array of handlers
to consolidate them.
No
Add trap handlers for protected VMs. These are mainly for Sys64
and debug traps.
No functional change intended as these are not hooked in yet.
Signed-off-by: Fuad Tabba
---
arch/arm64/include/asm/kvm_hyp.h | 4 +
arch/arm64/kvm/arm.c | 4 +
arch/arm64/kvm/hyp/nvhe/Makefile
On Fri, Jun 04, 2021 at 09:26:54PM +, Sean Christopherson wrote:
> On Fri, Jun 04, 2021, Ricardo Koller wrote:
> > Kernel test robot reports this:
> >
> > > /usr/bin/ld: tools/testing/selftests/kvm/x86_64/evmcs_test.c:157:
> > > undefined reference to `vm_handle_exception'
> > > /usr/bin/ld:
On 6/3/21 2:14 PM, Jing Zhang wrote:
Put all generic statistics in a separate structure to ease
statistics handling for the incoming new statistics API.
No functional change intended.
Reviewed-by: David Matlack
Reviewed-by: Ricardo Koller
Signed-off-by: Jing Zhang
---
On 6/3/21 2:14 PM, Jing Zhang wrote:
Update KVM API documentation for binary statistics.
Reviewed-by: David Matlack
Reviewed-by: Ricardo Koller
Signed-off-by: Jing Zhang
---
Documentation/virt/kvm/api.rst | 180 +
1 file changed, 180 insertions(+)
diff
On 6/3/21 2:14 PM, Jing Zhang wrote:
Add selftest to check KVM stats descriptors validity.
Reviewed-by: David Matlack
Reviewed-by: Ricardo Koller
Signed-off-by: Jing Zhang
---
tools/testing/selftests/kvm/.gitignore| 1 +
tools/testing/selftests/kvm/Makefile | 3 +
On 6/3/21 2:14 PM, Jing Zhang wrote:
Provides a file descriptor per VM to read VM stats info/data.
Provides a file descriptor per vCPU to read vCPU stats info/data.
Reviewed-by: David Matlack
Reviewed-by: Ricardo Koller
Signed-off-by: Jing Zhang
---
arch/arm64/kvm/guest.c| 26 +++
On Mon, 07 Jun 2021 19:34:08 +0100,
"Jain, Jinank" wrote:
>
> Hi Marc.
>
> On Mon, 2021-06-07 at 17:35 +0100, Marc Zyngier wrote:
> > CAUTION: This email originated from outside of the organization. Do
> > not click links or open attachments unless you can confirm the sender
> > and know the
Hi Mark,
On Fri, Jun 04, 2021 at 03:21:41PM +0100, Mark Rutland wrote:
> On Thu, Jun 03, 2021 at 07:33:46PM +0100, Will Deacon wrote:
> > Add support for a "linux,pkvm-guest-firmware-memory" reserved memory
> > region, which can be used to identify a firmware image for protected
> > VMs.
>
> The
Currently if a guest is live-migrated while it is actively using perf
counters, then after live-migrate it will notice that all counters would
suddenly start reporting 0s. This is due to the fact we are not
re-creating the relevant perf events inside the kernel.
Usually on live-migration guest
On Fri, Jun 04, 2021 at 03:41:10PM +0100, Mark Rutland wrote:
> On Thu, Jun 03, 2021 at 07:33:47PM +0100, Will Deacon wrote:
> > +7.26.1 KVM_CAP_ARM_PROTECTED_VM_FLAGS_ENABLE
> > +
> > +
> > +:Capability: 'flag' parameter to KVM_CAP_ARM_PROTECTED_VM
> >
Hi Sean,
Thanks for having a look.
On Thu, Jun 03, 2021 at 08:15:55PM +, Sean Christopherson wrote:
> On Thu, Jun 03, 2021, Will Deacon wrote:
> > +Enabling this capability causes all memory slots of the specified VM to be
> > +unmapped from the host system and put into a state where they
Hi Marc.
On Mon, 2021-06-07 at 17:35 +0100, Marc Zyngier wrote:
> CAUTION: This email originated from outside of the organization. Do
> not click links or open attachments unless you can confirm the sender
> and know the content is safe.
>
>
>
> On Mon, 07 Jun 2021 17:05:01 +0100,
> "Jain,
On Tue, Jun 08, 2021 at 03:11:28PM +0100, Fuad Tabba wrote:
> Hi,
>
> This patch series adds support for restricting CPU features for protected VMs
> in KVM [1].
>
> Various feature configurations are allowed in KVM/arm64. Supporting all
> these features in pKVM is difficult, as it either
Hi all,
This is a v3 of the patch series previously posted here:
https://lore.kernel.org/r/20210602094347.3730846-1-qper...@google.com
Please refer to the cover letter of v1 for the context and motivation
behind the series.
Changes since v2:
- Rebased on kvmarm/next
Thanks,
Quentin
The hyp buddy allocator currently checks the struct hyp_page list node
to see if a page is available for allocation or not when trying to
coalesce memory. Now that decrementing the refcount and attaching to
the buddy tree is done in the same critical section, we can rely on the
refcount of the
The hyp_page refcount is currently encoded on 4 bytes even though we
never need to count that many objects in a page. Make it 2 bytes to save
some space in the vmemmap.
As overflows are more likely to happen as well, make sure to catch those
with a BUG in the increment function.
Signed-off-by:
We currently maintain two separate memory pools for the host stage-2,
one for pages used in the page-table when mapping memory regions, and
the other to map MMIO regions. The former is large enough to map all of
memory with page granularity and the latter can cover an arbitrary
portion of IPA
The list_head member of struct hyp_page is only needed when the page is
attached to a free-list, which by definition implies the page is free.
As such, nothing prevents us from using the page itself to store the
list_head, hence reducing the size of the vmemmap.
Signed-off-by: Quentin Perret
---
The hyp_page order is currently encoded on 4 bytes even though it is
guaranteed to be smaller than this. Make it 2 bytes to reduce the hyp
vmemmap overhead.
Signed-off-by: Quentin Perret
---
arch/arm64/kvm/hyp/include/nvhe/gfp.h| 6 +++---
arch/arm64/kvm/hyp/include/nvhe/memory.h | 2 +-
The hyp_page refcount helpers currently rely on the hyp_pool lock for
serialization. However, this means the refcounts can't be changed from
the buddy allocator core as it already holds the lock, which means pages
have to go through odd transient states.
For example, when a page is freed, its
Each struct hyp_page currently contains a pointer to a hyp_pool struct
where the page should be freed if its refcount reaches 0. However, this
information can always be inferred from the context in the EL2 code, so
drop the pointer to save a few bytes in the vmemmap.
Signed-off-by: Quentin Perret
Prepare for WFI requests from userspace, by adding a suspend request and
moving the WFI execution into check_vcpu_requests(), next to the
power-off logic.
vcpu->arch.mp_state, previously only RUNNABLE or STOPPED, supports an
additional state HALTED and two new state transitions:
RUNNABLE ->
In order to add a new "suspend" power state, replace power_off with
mp_state in struct kvm_vcpu_arch. Factor the vcpu_off() function while
we're here.
No functional change intended.
Signed-off-by: Jean-Philippe Brucker
---
arch/arm64/include/asm/kvm_host.h | 6 --
arch/arm64/kvm/arm.c
To help userspace implement PSCI CPU_SUSPEND, allow setting the "HALTED"
MP state to request a WFI before returning to the guest.
Userspace won't obtain a HALTED mp_state from a KVM_GET_MP_STATE call
unless they set it themselves. When set by KVM, to handle wfi or
CPU_SUSPEND, it is consumed
Allow userspace to request handling PSCI calls from guests. Our goal is
to enable a vCPU hot-add solution for Arm where the VMM presents
possible resources to the guest at boot, and controls which vCPUs can be
brought up by allowing or denying PSCI CPU_ON calls. Passing HVC and
PSCI to userspace
Let userspace request to handle all hypercalls that aren't handled by
KVM, by setting the KVM_CAP_ARM_HVC_TO_USER capability.
With the help of another capability, this will allow userspace to handle
PSCI calls.
Suggested-by: James Morse
Signed-off-by: Jean-Philippe Brucker
---
Notes on this
Let userspace request to handle PSCI calls, by setting the new
KVM_CAP_ARM_PSCI_TO_USER capability.
SMCCC probe requires PSCI v1.x. If userspace only implements PSCI v0.2,
the guest won't query SMCCC support through PSCI and won't use the
spectre workarounds. We could hijack PSCI_VERSION and
41 matches
Mail list logo
