On 2020/7/22 下午6:08, Zhu Lingshan wrote:
+/*
+ * Request irq for a vq, setup irq offloading if its a vhost_vdpa vq.
+ * This function should be only called through setting virtio DRIVER_OK.
+ * If you want to request irq during probe, you should use raw APIs
+ * like request_irq() or devm_reques
On Wed, Jul 22, 2020 at 09:54:40AM -0700, Erdem Aktas wrote:
> I am using a custom, optimized and stripped down version, OVMF build.
> Do you think it is because of the OVMF or grub?
Not sure, I havn't looked into how grub decides which entry point to
use.
> In my case, there are 2 places where t
This patch series is based on the VM introspection patches
(https://lore.kernel.org/kvm/20200721210922.7646-1-ala...@bitdefender.com/),
extending the introspection API with EPT Views and Virtualization
Exceptions (#VE) support.
The purpose of this series is to get an initial feedback and to see if
From: Marian Rotariu
Only the hardware support check function and the #VE info page management
are introduced.
Signed-off-by: Marian Rotariu
Co-developed-by: Ștefan Șicleru
Signed-off-by: Ștefan Șicleru
Signed-off-by: Adalbert Lazăr
---
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/inclu
From: Ștefan Șicleru
The introspection tool uses this command to set distinct access rights
on different EPT views.
Signed-off-by: Ștefan Șicleru
Signed-off-by: Adalbert Lazăr
---
Documentation/virt/kvm/kvmi.rst | 8 +---
include/uapi/linux/kvmi.h | 4 ++--
virt/kvm/introspection/
From: Ștefan Șicleru
Add one more field to struct kvmi_features in order to publish #VE
capabilities on the host as indicated by kvm_ve_supported flag.
Signed-off-by: Ștefan Șicleru
Signed-off-by: Adalbert Lazăr
---
Documentation/virt/kvm/kvmi.rst| 5 +++--
arch/x86/include/ua
From: Ștefan Șicleru
When a guest is unhooked, the VM is brought to default state and uses
default EPT view. Delete all shadow pages that belong to non-default EPT
views in order to free unused shadow pages. They are not used because
the guest cannot VMFUNC to any EPT view.
Signed-off-by: Ștefan
From: Ștefan Șicleru
The introspection tool can use #VE to reduce the number of VM-exits
caused by SPT violations for some guests.
Signed-off-by: Ștefan Șicleru
Signed-off-by: Adalbert Lazăr
---
Documentation/virt/kvm/kvmi.rst | 63 +++
arch/x86/include/uapi/asm/
From: Ștefan Șicleru
This will be used to create root_hpa for all the EPT views.
Signed-off-by: Ștefan Șicleru
Signed-off-by: Adalbert Lazăr
---
arch/x86/include/asm/kvm_host.h | 7 +-
arch/x86/kvm/mmu/mmu.c | 43 -
arch/x86/kvm/mmu/paging_tmpl.h
From: Ștefan Șicleru
This command is used by the introspection tool to set/clear
the suppress-VE bit for specific guest memory pages.
Signed-off-by: Ștefan Șicleru
Signed-off-by: Adalbert Lazăr
---
Documentation/virt/kvm/kvmi.rst | 42 +
arch/x86/include/uapi/asm/kvmi.h
From: Ștefan Șicleru
This function is needed for the KVMI_VCPU_SET_VE_INFO command.
Signed-off-by: Ștefan Șicleru
Signed-off-by: Adalbert Lazăr
---
arch/x86/include/asm/kvm_host.h | 2 ++
arch/x86/include/asm/vmx.h | 1 +
arch/x86/kvm/vmx/vmx.c | 40 +++
From: Marian Rotariu
The introspection tool uses this function to check the hardware support
for EPT switching, which can be used either to singlestep vCPUs
on a unprotected EPT view or to use #VE in order to avoid filter out
VM-exits caused by EPT violations.
Signed-off-by: Marian Rotariu
Co-d
From: Sean Christopherson
Unfortunately (for software), EPT violation #VEs are opt-out on a per
page basis, e.g. a not-present EPT violation on a zeroed EPT entry will
be morphed to a #VE due to the "suppress #VE" bit not being set.
When EPT violation #VEs are enabled, use a variation of clear_p
From: Ștefan Șicleru
This will be used by the introspection tool to control the EPT views to
which the guest is allowed to switch.
Signed-off-by: Ștefan Șicleru
Signed-off-by: Adalbert Lazăr
---
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/kvm/vmx/vmx.c | 18 +-
a
From: Ștefan Șicleru
The introspection tool uses this function to check the hardware support
for EPT switching, which can be used either to singlestep vCPUs
on a unprotected EPT view or to use #VE in order to avoid filter out
VM-exits caused by EPT violations.
Signed-off-by: Ștefan Șicleru
Sign
From: Marian Rotariu
The introspection tool uses this function to check the hardware support
for VMFUNC, which can be used either to singlestep vCPUs
on a unprotected EPT view or to use #VE in order to filter out
VM-exits caused by EPT violations.
Signed-off-by: Marian Rotariu
Co-developed-by:
From: Marian Rotariu
The introspection tool uses this function to check the hardware support
for EPT switching, which can be used either to singlestep vCPUs
on a unprotected EPT view.
Signed-off-by: Marian Rotariu
Co-developed-by: Ștefan Șicleru
Signed-off-by: Ștefan Șicleru
Signed-off-by: Ad
This is needed because the KVMI_VM_SET_PAGE_SVE command we will use
the same database to keep the suppress #VE bit requested by the
introspection tool.
Signed-off-by: Adalbert Lazăr
---
virt/kvm/introspection/kvmi.c | 36 ---
1 file changed, 25 insertions(+), 11 d
From: Ștefan Șicleru
The introspection tool uses this function to check the hardware support
for EPT switching, which can be used to singlestep vCPUs
on a unprotected EPT view.
Signed-off-by: Ștefan Șicleru
Signed-off-by: Adalbert Lazăr
---
Documentation/virt/kvm/kvmi.rst | 36 +
From: Sean Christopherson
VMX provides a capability that allows EPT violations to be reflected
into the guest as Virtualization Exceptions (#VE). The primary use case
of EPT violation #VEs is to improve the performance of virtualization-
based security solutions, e.g. eliminate a VM-Exit -> VM-E
From: Ștefan Șicleru
The introspection tool will use these new fields to check
the hardware support before using the related introspection commands.
Signed-off-by: Ștefan Șicleru
Signed-off-by: Adalbert Lazăr
---
Documentation/virt/kvm/kvmi.rst| 6 --
arch/x86/include/uapi
From: Ștefan Șicleru
Report the view a vCPU operates on when sending events to the
introspection tool.
Signed-off-by: Ștefan Șicleru
Signed-off-by: Adalbert Lazăr
---
arch/x86/include/uapi/asm/kvmi.h | 4 +++-
arch/x86/kvm/kvmi.c | 1 +
2 files changed, 4 insertions(+), 1 deletio
From: Ștefan Șicleru
Setting SPTEs from rmaps is not enough because rmaps contain only
present SPTEs. If there is no mapping created for the GFN, SPTEs must
be configured when they are created. Use the page tracking mechanism in
order to configure the SVE bit when a PF occurs. This is similar to
From: Ștefan Șicleru
This will be used by the introspection tool to control the EPT views to
which the guest is allowed to switch.
Signed-off-by: Ștefan Șicleru
Signed-off-by: Adalbert Lazăr
---
Documentation/virt/kvm/kvmi.rst | 37 ++
arch/x86/include/uapi/asm/kvmi.h
From: Ștefan Șicleru
We use/allocate more root_hpa's every time mmu_alloc_roots()
is called.
Signed-off-by: Ștefan Șicleru
Signed-off-by: Adalbert Lazăr
---
arch/x86/kvm/mmu/mmu.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/m
From: Ștefan Șicleru
Signed-off-by: Ștefan Șicleru
Signed-off-by: Adalbert Lazăr
---
arch/x86/kvm/svm/svm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 5c2d4a0c3d31..1c78b913eb5d 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kv
From: Ștefan Șicleru
This function is needed for the KVMI_VCPU_DISABLE_VE command.
Signed-off-by: Ștefan Șicleru
Signed-off-by: Adalbert Lazăr
---
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/kvm/vmx/vmx.c | 10 ++
2 files changed, 11 insertions(+)
diff --git a/arch/x86/
From: Ștefan Șicleru
If the guest has EPTP switching capabilities with VMFUNC, read the
current view from VMCS instead of walking through the EPTP list when #VE
support is active.
Signed-off-by: Ștefan Șicleru
Signed-off-by: Adalbert Lazăr
---
arch/x86/kvm/vmx/vmx.c | 22 ++---
From: Ștefan Șicleru
This function returns the EPT view of the current vCPU
or 0 if the hardware support is missing.
Signed-off-by: Ștefan Șicleru
Signed-off-by: Adalbert Lazăr
---
arch/x86/include/asm/kvm_host.h | 3 +++
arch/x86/kvm/vmx/vmx.c | 8
arch/x86/kvm/vmx/vmx.h
From: Ștefan Șicleru
All sptes, including mmio sptes must have SVE bit set by default, in
order to trigger vm-exits instead of #VEs (in case of an EPT violation).
MMIO sptes were overlooked in commit 28b8bc704111 ("KVM: VMX: Suppress EPT
violation #VE by default (when enabled)")
which provided a
From: Ștefan Șicleru
Signed-off-by: Ștefan Șicleru
Signed-off-by: Adalbert Lazăr
---
arch/x86/kvm/vmx/vmx.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 035f6c43a2a4..736b6cc6ca8f 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch
From: Marian Rotariu
The introspection tool uses this function to check the hardware support
for EPT switching, which can be used either to singlestep vCPUs
on a unprotected EPT view or to use #VE in order to avoid filter out
VM-exits caused by EPT violations.
Signed-off-by: Marian Rotariu
Co-d
From: Ștefan Șicleru
On EPT violations, when we check if the introspection tool has shown
interest in the current guest page, we will take into consideration
the EPT view of the current vCPU too.
Signed-off-by: Ștefan Șicleru
Signed-off-by: Adalbert Lazăr
---
arch/x86/include/asm/kvmi_host.h
From: Ștefan Șicleru
The introspection tool uses this to set distinct access rights on
different EPT views.
Signed-off-by: Ștefan Șicleru
Signed-off-by: Adalbert Lazăr
---
arch/x86/include/asm/kvm_host.h | 2 +-
arch/x86/include/asm/kvm_page_track.h | 4 +-
arch/x86/kvm/kvmi.c
From: Ștefan Șicleru
shadow_present_mask is not 0ull if #VE support is enabled.
If #VE support is enabled, shadow_present_mask is updated in
vmx_enable_tdp() with VMX_EPT_SUPPRESS_VE_BIT.
Signed-off-by: Ștefan Șicleru
Signed-off-by: Adalbert Lazăr
---
arch/x86/kvm/mmu/mmu.c | 8 +++-
1 fi
Signed-off-by: Adalbert Lazăr
---
arch/x86/kvm/mmu/mmu.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
index 97766f34910d..f3ba4d0452c9 100644
--- a/arch/x86/kvm/mmu/mmu.c
+++ b/arch/x86/kvm/mmu/mmu.c
@@ -2573,6 +2573,7 @@ s
From: Ștefan Șicleru
Add a view mask for kvm_mmu_zap_all() in order to allow zapping
shadow pages for specific EPT views. This is required when an
introspected VM is unhooked. In that case, shadow pages that
belong to non-default views will be zapped.
Signed-off-by: Ștefan Șicleru
Signed-off-by
Linux supports running the RPMsg protocol over the VirtIO transport
protocol, but currently there is only support for VirtIO clients and
no support for a VirtIO server. This patch adds a vhost-based RPMsg
server implementation.
Signed-off-by: Guennadi Liakhovetski
---
drivers/vhost/Kconfig
VHOST_VSOCK_SET_RUNNING is used by the vhost vsock driver to perform
crucial VirtQueue initialisation, like assigning .private fields and
calling vhost_vq_init_access(), and clean up. However, this ioctl is
actually extremely useful for any vhost driver, that doesn't have a
side channel to inform i
virtio_rpmsg_bus.c keeps RPMsg protocol structure declarations and
common defines like the ones, needed for name-space announcements,
internal. Move them to common headers instead.
Signed-off-by: Guennadi Liakhovetski
---
drivers/rpmsg/virtio_rpmsg_bus.c | 78 +-
incl
Hi,
Now that virtio-rpmsg endianness fixes have been merged we can
proceed with the next step.
v4:
- add endianness conversions to comply with the VirtIO standard
v3:
- address several checkpatch warnings
- address comments from Mathieu Poirier
v2:
- update patch #5 with a correct vhost_dev_in
rpmsg_create_ept() takes struct rpmsg_channel_info chinfo as its last
argument, not a u32 value. The first two arguments are also updated.
Signed-off-by: Guennadi Liakhovetski
Reviewed-by: Mathieu Poirier
---
Documentation/rpmsg.txt | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
d
On 2020-07-15 13:51, Michael S. Tsirkin wrote:
On Wed, Jul 15, 2020 at 06:16:59PM +0800, Jason Wang wrote:
On 2020/7/15 下午5:50, Michael S. Tsirkin wrote:
On Wed, Jul 15, 2020 at 10:31:09AM +0200, Pierre Morel wrote:
If protected virtualization is active on s390, the virtio queues are
not ac
On Wed, Jul 01, 2020 at 05:10:40PM -0500, Bjorn Helgaas wrote:
> From: Bjorn Helgaas
>
> The "virtio_mmio.device=" command line argument allows a user to specify
> the size, address, and IRQ of a virtio device. Previously the only
> requirement for the IRQ was that it be an unsigned integer.
>
Please ignore this patchset incorrect metadata, will resend soon. Thanks!
On 7/22/2020 5:49 PM, Zhu Lingshan wrote:
From: Zhu Lingshan
This commit introduces struct vhost_vring_call which replaced
raw struct eventfd_ctx *call_ctx in struct vhost_virtqueue.
Besides eventfd_ctx, it contains a sp
On Tue, 2020-07-21 at 22:55 -0400, Martin K. Petersen wrote:
> Christoph,
>
> > Hmm, I wonder if we should simply add the check and warning to
> > blk_queue_logical_block_size and add an error in that case. Then
> > drivers only have to check the error return, which might add a lot
> > less boile
Hi Erdem,
On Tue, Jul 21, 2020 at 09:48:51AM -0700, Erdem Aktas wrote:
> Yes, I am using OVMF with SEV-ES (sev-es-v12 patches applied). I am
> running Ubuntu 18.04 distro. My grub target is x86_64-efi. I also
> tried installing the grub-efi-amd64 package. In all cases, the grub is
> running in 64b
On Tue, 2020-07-21 at 17:13 +0200, Christoph Hellwig wrote:
> > +/**
> > + * blk_check_logical_block_size - check if logical block size is
> > supported
> > + * by the kernel
> > + * @size: the logical block size, in bytes
> > + *
> > + * Description:
> > + * This function checks if the block la
Hi "Adalbert,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on 3d9fdc252b52023260de1d12399cb3157ed28c07]
url:
https://github.com/0day-ci/linux/commits/Adalbert-Laz-r/VM-introspection/20200722-052036
base:3d9fdc252b52023260de1d12399cb3157ed28c07
config: x
Hmm, I have a theory ...
On Tue, Jul 21, 2020 at 09:01:44PM +, Mike Stunes wrote:
> If I remove the call to probe_roms from setup_arch, or remove the calls to
> romchecksum from probe_roms, this kernel boots normally.
>
> Please let me know of other tests I should run or data that I can coll
Hi Mike,
On Tue, Jul 21, 2020 at 09:01:44PM +, Mike Stunes wrote:
> I’m running into an MMIO-related bug when I try testing this on our
> hypervisor.
>
> During boot, probe_roms (arch/x86/kernel/probe_roms.c) uses
> romchecksum over the video ROM and extension ROM regions. In my test
> VM, t
51 matches
Mail list logo