A userspace process holding a file descriptor to a virtio_blk device can
still invoke block_device_operations after hot unplug. For example, a
program that has /dev/vdb open can call ioctl(HDIO_GETGEO) after hot
unplug to invoke virtblk_getgeo().
Introduce a reference count in struct virtio_blk
On Tue, Apr 28, 2020 at 11:25:07AM -0400, Michael S. Tsirkin wrote:
> On Tue, Apr 28, 2020 at 03:30:09PM +0100, Stefan Hajnoczi wrote:
> > A userspace process holding a file descriptor to a virtio_blk device can
> > still invoke block_device_operations after hot unplug. For example, a
> > program
On Fri, Apr 24, 2020 at 05:09:11PM +0200, Sam Ravnborg wrote:
> Hi Daniel
>
> On Wed, Apr 15, 2020 at 09:40:01AM +0200, Daniel Vetter wrote:
> > Also need to remove the drm_dev_put from the remove hook.
> >
> > Acked-by: Gerd Hoffmann
> > Signed-off-by: Daniel Vetter
> > Cc: Dave Airlie
> >
From: Joerg Roedel
Install an exception handler for #VC exception that uses a GHCB. Also
add the infrastructure for handling different exit-codes by decoding
the instruction that caused the exception and error handling.
Signed-off-by: Joerg Roedel
---
arch/x86/Kconfig
From: Joerg Roedel
The code inserted by the stack protector does not work in the early
boot environment because it uses the GS segment, at least with memory
encryption enabled. Make sure the early code is compiled without this
feature enabled.
Signed-off-by: Joerg Roedel
---
From: Joerg Roedel
The xgetbv() function is needed in pre-decompression boot code, but
asm/fpu/internal.h can't be included there directly. Doing so opens
the door to include-hell due to various include-magic in
boot/compressed/misc.h.
Avoid that by moving xgetbv()/xsetbv() to a separate header
From: Joerg Roedel
Load the IDT right after switching to virtual addresses in head_64.S
so that the kernel can handle #VC exceptions.
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/head64.c | 15 +++
arch/x86/kernel/head_64.S | 17 +
2 files changed, 32
From: Joerg Roedel
Install a page-fault handler to add an identity mapping to addresses
not yet mapped. Also do some checking whether the error code is sane.
This makes non SEV-ES machines use the exception handling
infrastructure in the pre-decompressions boot code too, making it less
likely
From: Joerg Roedel
The functions are needed to map the GHCB for SEV-ES guests. The GHCB is
used for communication with the hypervisor, so its content must not be
encrypted. After the GHCB is not needed anymore it must be mapped
encrypted again so that the running kernel image can safely re-use
From: Joerg Roedel
With SEV-ES, exception handling is needed very early, even before the
kernel has cleared the bss segment. In order to prevent clearing the
currently used IDT, move the IDT to the data segment.
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/idt.c | 8 ++--
1 file
From: Joerg Roedel
Setup an early handler for #VC exceptions. There is no GHCB mapped
yet, so just re-use the vc_no_ghcb_handler. It can only handle CPUID
exit-codes, but that should be enough to get the kernel through
verify_cpu() and __startup_64() until it runs on virtual addresses.
From: Joerg Roedel
Call set_sev_encryption_mask() while still on the stage 1 #VC-handler,
because the stage 2 handler needs our own page-tables to be set up, to
which calling set_sev_encryption_mask() is a prerequisite.
Signed-off-by: Joerg Roedel
---
arch/x86/boot/compressed/head_64.S |
From: Joerg Roedel
Handling exceptions during boot requires a working GDT. The kernel GDT
is not yet ready for use, so install a temporary boot GDT.
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/head_64.S | 36
1 file changed, 36 insertions(+)
diff
From: Joerg Roedel
Add the sev_es_active function for checking whether SEV-ES is enabled.
Also cache the value of MSR_AMD64_SEV at boot to speed up the feature
checking in the running code.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/mem_encrypt.h | 3 +++
From: Joerg Roedel
Changing the function to take start and end as parameters instead of
start and size simplifies the callers, which don't need to calculate
the size if they already have start and end.
Signed-off-by: Joerg Roedel
---
arch/x86/boot/compressed/ident_map_64.c | 15
From: Tom Lendacky
The runtime handler needs a GHCB per CPU. Set them up and map them
unencrypted.
Signed-off-by: Tom Lendacky
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/mem_encrypt.h | 2 ++
arch/x86/kernel/sev-es.c | 56 +-
From: Joerg Roedel
Add a function to the instruction decoder which returns the pt_regs
offset of the register specified in the reg field of the modrm byte.
Signed-off-by: Joerg Roedel
Acked-by: Masami Hiramatsu
---
arch/x86/include/asm/insn-eval.h | 1 +
arch/x86/lib/insn-eval.c |
From: Joerg Roedel
Move the assembly coded dispatch between page-faults and all other
exceptions to C code to make it easier to maintain and extend.
Also change the return-type of early_make_pgtable() to bool and make it
static.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/pgtable.h
From: Joerg Roedel
Setup sev-es.c and include the code from the
pre-decompression stage to also build it into the image of the running
kernel. Temporarily add __maybe_unused annotations to avoid build
warnings until the functions get used.
Signed-off-by: Joerg Roedel
---
From: Joerg Roedel
Make sure there is a stack once the kernel runs from virual addresses.
At this stage any secondary CPU which boots will have lost its stack
because the kernel switched to a new page-table which does not map the
real-mode stack anymore.
This is needed for handling early #VC
From: Joerg Roedel
When the pre-decompression code loads its first GDT in startup_64, it is
still running on the CS value of the previous GDT. In the case of SEV-ES
this is the EFI GDT.
To make exception handling work (especially IRET) the CPU needs to
switch to a CS value in the current GDT,
From: Joerg Roedel
Refactor the message printed to the kernel log which indicates whether
SEV or SME is active to print a list of enabled encryption features.
This will scale better in the future when more memory encryption
features might be added. Also add SEV-ES to the list of features.
From: Joerg Roedel
Force a page-fault on any further accesses to the GHCB page when they
shouldn't happen anymore. This will catch the bugs where a #VC exception
is raised when no one is expected anymore.
Signed-off-by: Joerg Roedel
---
arch/x86/boot/compressed/ident_map_64.c | 23
From: Joerg Roedel
Make sure segments are properly set up before setting up an IDT and
doing anything that might cause a #VC exception. This is later needed
for early exception handling.
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/head_64.S | 52 +++
1
From: Joerg Roedel
Add the infrastructure to handle #VC exceptions when the kernel runs
on virtual addresses and has a GHCB mapped. This handler will be used
until the runtime #VC handler takes over.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/segment.h | 2 +-
From: Joerg Roedel
When booted through startup_64 the kernel keeps running on the EFI
page-table until the KASLR code sets up its own page-table. Without
KASLR the pre-decompression boot code never switches off the EFI
page-table. Change that by unconditionally switching to a kernel
controlled
From: Tom Lendacky
Handle #VC exceptions caused by CPUID instructions. These happen in
early boot code when the KASLR code checks for RDTSC.
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: Adapt to #VC handling framework ]
Co-developed-by: Joerg Roedel
Signed-off-by: Joerg Roedel
---
From: Joerg Roedel
The code to setup idt_data is needed for early exception handling, but
set_intr_gate() can't be used that early because it has pv-ops in its
code path, which don't work that early.
Split out the idt_data initialization part from set_intr_gate() so
that it can be used
From: Joerg Roedel
Add two new paravirt callbacks to provide hypervisor specific processor
state in the GHCB and to copy state from the hypervisor back to the
processor.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/x86_init.h | 16 +++-
arch/x86/kernel/sev-es.c| 12
From: Tom Lendacky
Add handler for VC exceptions caused by MMIO intercepts. These
intercepts come along as nested page faults on pages with reserved
bits set.
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: Adapt to VC handling framework ]
Co-developed-by: Joerg Roedel
Signed-off-by: Joerg
From: Joerg Roedel
When running under SEV-ES the kernel has to tell the hypervisor when to
open the NMI window again after an NMI was injected. This is done with
an NMI-complete message to the hypervisor.
Add code to the kernels NMI handler to send this message right at the
beginning of
From: Joerg Roedel
Implement a handler for #VC exceptions caused by #AC exceptions. The #AC
exception is just forwarded to do_alignment_check() and not pushed down
to the hypervisor, as requested by the SEV-ES GHCB Standardization
Specification.
Signed-off-by: Joerg Roedel
---
From: Tom Lendacky
Setup the AP jump table to point to the SEV-ES trampoline code so that
the APs can boot.
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: - Adapted to different code base
- Moved AP table setup from SIPI sending path to
real-mode setup
From: Joerg Roedel
Handle #VC exceptions caused by #DB exceptions in the guest. Do not
forward them to the hypervisor and handle them with do_debug() instead.
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/sev-es.c | 19 +++
1 file changed, 19 insertions(+)
diff --git
From: Mike Stunes
To avoid a future VMEXIT for a subsequent CPUID function, cache the
results returned by CPUID into an xarray.
[tl: coding standard changes, register zero extension]
Signed-off-by: Mike Stunes
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: - Wrapped cache handling into
From: Tom Lendacky
Implement a handler for #VC exceptions caused by RDMSR/WRMSR
instructions.
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: Adapt to #VC handling infrastructure ]
Co-developed-by: Joerg Roedel
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/sev-es.c | 28
From: Joerg Roedel
For SEV-ES this entry point will be used for restarting APs after they
have been offlined. Remove the '0' from the name to reflect that.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/cpu.h | 2 +-
arch/x86/kernel/head_32.S | 4 ++--
arch/x86/kernel/head_64.S | 6
From: Tom Lendacky
Implement a handler for #VC exceptions caused by RDPMC instructions.
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: Adapt to #VC handling infrastructure ]
Co-developed-by: Joerg Roedel
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/sev-es.c | 22 ++
1
From: Joerg Roedel
The APs are not ready to handle exceptions when verify_cpu() is called
in secondary_startup_64.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/realmode.h | 1 +
arch/x86/kernel/head_64.S | 1 +
arch/x86/realmode/init.c| 6 ++
3 files changed, 8
From: Tom Lendacky
Implement the callbacks to copy the processor state required by KVM to
the GHCB.
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: - Split out of a larger patch
- Adapt to different callback functions ]
Co-developed-by: Joerg Roedel
Signed-off-by: Joerg
From: Tom Lendacky
Implement a handler for #VC exceptions caused by WBINVD instructions.
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: Adapt to #VC handling framework ]
Co-developed-by: Joerg Roedel
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/sev-es.c | 9 +
1 file changed, 9
From: Joerg Roedel
Allocate and map enough stacks for the #VC handler to support sufficient
levels of nesting and the NMI-in-#VC scenario.
Also setup the IST entrys for the #VC handler on all CPUs because #VC
needs to work before cpu_init() has set up the per-cpu TSS.
Signed-off-by: Joerg
From: Joerg Roedel
Add code needed to setup an IDT in the early pre-decompression
boot-code. The IDT is loaded first in startup_64, which is after
EfiExitBootServices() has been called, and later reloaded when the
kernel image has been relocated to the end of the decompression area.
This allows
From: Joerg Roedel
With the page-fault handler in place the identity mapping can be built
on-demand. So remove the code which manually creates the mappings and
unexport/remove the functions used for it.
Signed-off-by: Joerg Roedel
---
arch/x86/boot/compressed/ident_map_64.c | 16
From: Joerg Roedel
When an NMI hits in the #VC handler entry code before it shifted its IST
entry, then any subsequent #VC exception in the NMI code-path will
overwrite the interrupted #VC handlers stack.
Make sure this doesn't happen by explicitly shifting the #VC IST entry
in the NMI handler
From: Joerg Roedel
Send SIGBUS to the user-space process that caused the #VC exception
instead of killing the machine. Also ratelimit the error messages so
that user-space can't flood the kernel log and add a prefix the the
messages printed for SEV-ES.
Signed-off-by: Joerg Roedel
---
From: Tom Lendacky
Implement a handler for #VC exceptions caused by VMMCALL instructions.
This patch is only a starting point, VMMCALL emulation under SEV-ES
needs further hypervisor-specific changes to provide additional state.
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: Adapt to #VC
From: Joerg Roedel
The #VC exception will trigger very early in head_64.S, when the first
CPUID instruction is executed. When secondary CPUs boot, they already
load the real system IDT, which has the #VC handler configured to be
using an IST stack. IST stacks require a TSS to be loaded, to set
From: Tom Lendacky
Implement a handler for #VC exceptions caused by MONITOR and MONITORX
instructions.
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: Adapt to #VC handling infrastructure ]
Co-developed-by: Joerg Roedel
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/sev-es.c | 19
From: Joerg Roedel
Re-use the handlers for CPUID and IOIO caused #VC exceptions in the
early boot handler.
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/sev-es-shared.c | 7 +++
arch/x86/kernel/sev-es.c| 6 ++
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git
From: Tom Lendacky
Calling down to EFI runtime services can result in the firmware performing
VMGEXIT calls. The firmware is likely to use the GHCB of the OS (e.g., for
setting EFI variables), so each GHCB in the system needs to be identity
mapped in the EFI page tables, as unencrypted, to avoid
From: Tom Lendacky
Implement a handler for #VC exceptions caused by RDTSC and RDTSCP
instructions. Also make it available in the pre-decompression stage
because the KASLR code used RDTSC/RDTSCP to gather entropy and some
hypervisors intercept these instructions.
Signed-off-by: Tom Lendacky
[
From: Doug Covelli
This change adds VMware specific handling for #VC faults caused by
VMMCALL instructions.
Signed-off-by: Doug Covelli
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: - Adapt to different paravirt interface ]
Co-developed-by: Joerg Roedel
Signed-off-by: Joerg Roedel
---
From: Joerg Roedel
The x86-64 ABI defines a red-zone on the stack:
The 128-byte area beyond the location pointed to by %rsp is considered
to be reserved and shall not be modified by signal or interrupt
handlers. Therefore, functions may use this area for temporary data
that is not
From: Joerg Roedel
Add a play_dead handler when running under SEV-ES. This is needed
because the hypervisor can't deliver an SIPI request to restart the AP.
Instead the kernel has to issue a VMGEXIT to halt the VCPU. When the
hypervisor would deliver and SIPI is wakes up the VCPU instead.
From: Tom Lendacky
Implement a handler for #VC exceptions caused by INVD instructions.
Since Linux should never use INVD, just mark it as unsupported.
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: Adapt to #VC handling infrastructure ]
Co-developed-by: Joerg Roedel
Signed-off-by: Joerg
From: Tom Lendacky
Add code to handle #VC exceptions on DR7 register reads and writes.
This is needed early because show_regs() reads DR7 to print it out.
Under SEV-ES there is currently no support for saving/restoring the
DRx registers, but software expects to be able to write to the DR7
From: Joerg Roedel
Make the stack unwinder aware of the IST stacks for the #VC exception
handler.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/cpu_entry_area.h | 1 +
arch/x86/include/asm/sev-es.h | 13
arch/x86/include/asm/stacktrace.h | 4 +++
From: Joerg Roedel
Add handling for emulation the MOVS instruction on MMIO regions, as done
by the memcpy_toio() and memcpy_fromio() functions.
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/sev-es.c | 78
1 file changed, 78 insertions(+)
diff --git
From: Joerg Roedel
When a #VC exception is triggered by user-space the instruction decoder
needs to read the instruction bytes from user addresses. Enhance
vc_decode_insn() to safely fetch kernel and user instructions.
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/sev-es.c | 31
From: Tom Lendacky
Add the handler for #VC exceptions invoked at runtime.
Signed-off-by: Tom Lendacky
Signed-off-by: Joerg Roedel
---
arch/x86/entry/entry_64.S| 4 +
arch/x86/include/asm/traps.h | 7 ++
arch/x86/kernel/idt.c| 4 +-
arch/x86/kernel/sev-es.c | 167
From: Tom Lendacky
Implement a handler for #VC exceptions caused by MWAIT and MWAITX
instructions.
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: Adapt to #VC handling infrastructure ]
Co-developed-by: Joerg Roedel
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/sev-es.c | 12
From: Joerg Roedel
The code at the trampoline entry point is executed in real-mode. In
real-mode #VC exceptions can't be handled, so anything that might cause
such an exception must be avoided.
In the standard trampoline entry code this is the WBINVD instruction and
the call to verify_cpu(),
From: Joerg Roedel
Reload the GDT after switching to virtual addresses to make sure it will
not go away when the lower mappings are removed. This will also reload
the GDT for booting APs, which will need a working GDT too to handle #VC
exceptions.
Signed-off-by: Joerg Roedel
---
On Tue, Apr 28, 2020 at 03:30:09PM +0100, Stefan Hajnoczi wrote:
> A userspace process holding a file descriptor to a virtio_blk device can
> still invoke block_device_operations after hot unplug. For example, a
> program that has /dev/vdb open can call ioctl(HDIO_GETGEO) after hot
> unplug to
From: Tom Lendacky
Extend the vmcb_safe_area with SEV-ES fields and add a new
'struct ghcb' which will be used for guest-hypervisor communication.
Signed-off-by: Tom Lendacky
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/svm.h | 42 ++
1 file
From: Joerg Roedel
Move the definition of x86 trap vector numbers and the page-fault
error code bits to the new header file asm/trap_defs.h. This makes it
easier to include them into pre-decompression boot code. No functional
changes.
Signed-off-by: Joerg Roedel
---
From: Tom Lendacky
Add support for decoding and handling #VC exceptions for IOIO events.
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: Adapted code to #VC handling framework ]
Co-developed-by: Joerg Roedel
Signed-off-by: Joerg Roedel
---
arch/x86/boot/compressed/sev-es.c | 32 +
From: Borislav Petkov
I guess we can do that ontop.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/svm.h | 16
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
index e4e9f6bacfaa..9adbf69f003c 100644
From: Tom Lendacky
Add CPU feature detection for Secure Encrypted Virtualization with
Encrypted State. This feature enhances SEV by also encrypting the
guest register state, making it in-accessible to the hypervisor.
Signed-off-by: Tom Lendacky
Signed-off-by: Joerg Roedel
---
From: Joerg Roedel
Factor out the code used to decode an instruction with the correct
address and operand sizes to a helper function.
No functional changes.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/insn-eval.h | 2 ++
arch/x86/kernel/umip.c | 23 +---
Hi,
here is the next version of changes to enable Linux to run as an SEV-ES
guest. The code was rebased to v5.7-rc3 and got a fair number of changes
since the last version.
What is SEV-ES
==
SEV-ES is an acronym for 'Secure Encrypted Virtualization - Encrypted
State' and means a
From: Joerg Roedel
Move these two functions from kernel/idt.c to include/asm/desc.h:
* init_idt_data()
* idt_init_desc()
These functions are needed to setup IDT entries very early and need to
be called from head64.c. To be usable this early these functions need to
be compiled
From: Joerg Roedel
Building a correct GHCB for the hypervisor requires setting valid bits
in the GHCB. Simplify that process by providing accessor functions to
set values and to update the valid bitmap.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/svm.h | 61
From: Joerg Roedel
The function can fail to create an identity mapping, check for that
and bail out if it happens.
Signed-off-by: Joerg Roedel
---
arch/x86/boot/compressed/ident_map_64.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git
From: Joerg Roedel
Add the first handler for #VC exceptions. At stage 1 there is no GHCB
yet becaue we might still be on the EFI page table and thus can't map
memory unencrypted.
The stage 1 handler is limited to the MSR based protocol to talk to
the hypervisor and can only support CPUID
From: Joerg Roedel
The inat-tables.c file has some arrays in it that contain pointers to
other arrays. These pointers need to be relocated when the kernel
image is moved to a different location.
The pre-decompression boot-code has no support for applying ELF
relocations, so initialize these
From: Joerg Roedel
Add a function to check whether an instruction has a REP prefix.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/insn-eval.h | 1 +
arch/x86/lib/insn-eval.c | 24
2 files changed, 25 insertions(+)
diff --git
From: Joerg Roedel
The file contains only code related to identity mapped page-tables.
Rename the file and compile it always in.
Signed-off-by: Joerg Roedel
---
arch/x86/boot/compressed/Makefile| 2 +-
.../boot/compressed/{kaslr_64.c => ident_map_64.c} | 12
From: Joerg Roedel
Factor out the code to fetch the instruction from user-space to a helper
function.
No functional changes.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/insn-eval.h | 2 ++
arch/x86/kernel/umip.c | 26 +-
arch/x86/lib/insn-eval.c
On Tue, Apr 28, 2020 at 07:00:26PM +0200, Sam Ravnborg wrote:
> On Tue, Apr 28, 2020 at 04:00:11PM +0200, Daniel Vetter wrote:
> > On Fri, Apr 24, 2020 at 05:09:11PM +0200, Sam Ravnborg wrote:
> > > Hi Daniel
> > >
> > > On Wed, Apr 15, 2020 at 09:40:01AM +0200, Daniel Vetter wrote:
> > > > Also
On 28/04/2020 08:55, Joerg Roedel wrote:
> On Mon, Apr 27, 2020 at 10:37:41AM -0700, Andy Lutomirski wrote:
>> I have a somewhat serious question: should we use IST for #VC at all?
>> As I understand it, Rome and Naples make it mandatory for hypervisors
>> to intercept #DB, which means that, due
On Tue, Apr 28, 2020 at 04:57:15PM +0100, Stefan Hajnoczi wrote:
> On Tue, Apr 28, 2020 at 11:25:07AM -0400, Michael S. Tsirkin wrote:
> > On Tue, Apr 28, 2020 at 03:30:09PM +0100, Stefan Hajnoczi wrote:
> > > A userspace process holding a file descriptor to a virtio_blk device can
> > > still
On Tue, Apr 28, 2020 at 05:09:18PM +0530, Srivatsa Vaddagiri wrote:
> For better security, its desirable that a guest VM's memory is
> not accessible to any entity that executes outside the context of
> guest VM. In case of virtio, backend drivers execute outside the
> context of guest VM and in
On Tue, Apr 28, 2020 at 04:13:22PM +0800, Jason Wang wrote:
>
> On 2020/4/27 下午10:25, Stefano Garzarella wrote:
> > Hi David, Michael, Stefan,
> > I'm restarting to work on this topic since Kata guys are interested to
> > have that, especially on the guest side.
> >
> > While working on the v2 I
On Tue, Apr 28, 2020 at 04:00:11PM +0200, Daniel Vetter wrote:
> On Fri, Apr 24, 2020 at 05:09:11PM +0200, Sam Ravnborg wrote:
> > Hi Daniel
> >
> > On Wed, Apr 15, 2020 at 09:40:01AM +0200, Daniel Vetter wrote:
> > > Also need to remove the drm_dev_put from the remove hook.
> > >
> > >
On Tue, Apr 28, 2020 at 11:19:52PM +0530, Srivatsa Vaddagiri wrote:
> * Michael S. Tsirkin [2020-04-28 12:17:57]:
>
> > Okay, but how is all this virtio specific? For example, why not allow
> > separate swiotlbs for any type of device?
> > For example, this might make sense if a given device is
This is for testing purpose to create virtio devices from user space.
uvirtio-vga.c shows how to create a virtio-vga device. Currently we
don't have a use case which requires user/kernel communication so
read/write api hasn't been implemented.
Signed-off-by: Lepton Wu
---
drivers/virtio/Kconfig
This is a way to create virtio based devices from user space. This is the
background for this patch:
We have some images works fine under qemu, we'd like to also run the same image
on Google Cloud. Currently Google Cloud doesn't support virtio-vga. I had a
patch to create a virtio-vga from
Hi Srivatsa,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on vhost/linux-next]
[also build test WARNING on xen-tip/linux-next linus/master v5.7-rc3
next-20200428]
[cannot apply to swiotlb/linux-next]
[if your patch is applied to the wrong git tree, please drop
On Tue, 28 Apr 2020, Srivatsa Vaddagiri wrote:
> For better security, its desirable that a guest VM's memory is
> not accessible to any entity that executes outside the context of
> guest VM. In case of virtio, backend drivers execute outside the
> context of guest VM and in general will need
Hi Srivatsa,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on vhost/linux-next]
[also build test ERROR on xen-tip/linux-next linus/master v5.7-rc3
next-20200428]
[cannot apply to swiotlb/linux-next]
[if your patch is applied to the wrong git tree, please drop us
On Wed, Apr 29, 2020 at 10:22:32AM +0800, Lu Baolu wrote:
> On 2020/4/29 4:41, Michael S. Tsirkin wrote:
> > On Tue, Apr 28, 2020 at 11:19:52PM +0530, Srivatsa Vaddagiri wrote:
> > > * Michael S. Tsirkin [2020-04-28 12:17:57]:
> > >
> > > > Okay, but how is all this virtio specific? For
On Tue, 28 Apr 2020, Michael S. Tsirkin wrote:
> On Tue, Apr 28, 2020 at 11:19:52PM +0530, Srivatsa Vaddagiri wrote:
> > * Michael S. Tsirkin [2020-04-28 12:17:57]:
> >
> > > Okay, but how is all this virtio specific? For example, why not allow
> > > separate swiotlbs for any type of device?
>
Hi Srivatsa,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on vhost/linux-next]
[also build test ERROR on xen-tip/linux-next linus/master v5.7-rc3
next-20200428]
[cannot apply to swiotlb/linux-next]
[if your patch is applied to the wrong git tree, please drop us
On Mon, Apr 27, 2020 at 10:37:41AM -0700, Andy Lutomirski wrote:
> I have a somewhat serious question: should we use IST for #VC at all?
> As I understand it, Rome and Naples make it mandatory for hypervisors
> to intercept #DB, which means that, due to the MOV SS mess, it's sort
> of mandatory to
On Mon, Apr 27, 2020 at 10:55:27AM +0300, Vasily Averin wrote:
> Signed-off-by: Vasily Averin
> ---
> drivers/gpu/drm/qxl/qxl_image.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/gpu/drm/qxl/qxl_image.c b/drivers/gpu/drm/qxl/qxl_image.c
> index 43688ecdd8a0..7270da62fc29
On Wed, Apr 15, 2020 at 12:24:12AM +, Rudolf Streif wrote:
> Resubmit. Thank you.
Better re-send with "git send-email" as new message.
As reply in an existing thread it gets lost easily.
>
> From: Virtualization on
> behalf of Rudolf Streif
> Sent:
On Mon, Apr 27, 2020 at 08:32:51AM +0300, Vasily Averin wrote:
> Cc: sta...@vger.kernel.org
> Fixes: 8002db6336dd ("qxl: convert qxl driver to proper use for reservations")
> Signed-off-by: Vasily Averin
Both patches pushed to drm-misc-fixes.
thanks,
Gerd
On 2020/4/27 下午10:25, Stefano Garzarella wrote:
Hi David, Michael, Stefan,
I'm restarting to work on this topic since Kata guys are interested to
have that, especially on the guest side.
While working on the v2 I had few doubts, and I'd like to have your
suggestions:
1. netns assigned to
100 matches
Mail list logo