On Wed, Mar 08 2017 at 6:08:31 am GMT, linucher...@gmail.com wrote:
> From: Linu Cherian
>
> v3 -> v4:
> - Add missing commit messages in patches 1 and 3
>
> v2 -> v3:
> - Added documentation for KVM_CAP_NR_MEMSLOTS
> - Removed KVM_PRIVATE_MEM_SLOTS which is unused
> - KVM_USER_MEM_SLOTS changed
In preparation of refactoring the kernel mapping logic so that text regions
are never mapped writable, which would require adding explicit TLB
maintenance to new call sites of create_mapping_late() (which is currently
invoked twice from the same function), move the TLB maintenance from the
call sit
One important rule of thumb when desiging a secure software system is
that memory should never be writable and executable at the same time.
We mostly adhere to this rule in the kernel, except at boot time, when
regions may be mapped RWX until after we are done applying alternatives
or making other
The kvm_vgic_global_state struct contains a static key which is
written to by jump_label_init() at boot time. So in preparation of
making .text regions truly (well, almost truly) read-only, mark
kvm_vgic_global_state __ro_after_init so it moves to the .rodata
section instead.
Acked-by: Marc Zyngie
The debug_pagealloc facility manipulates kernel mappings in the linear
region at page granularity to detect out of bounds or use-after-free
accesses. Since the kernel segments are not allocated dynamically,
there is no point in taking the debug_pagealloc_enabled flag into
account for them, and we c
To avoid having mappings that are writable and executable at the same
time, split the init region into a .init.text region that is mapped
read-only, and a .init.data region that is mapped non-executable.
This is possible now that the alternative patching occurs via the linear
mapping, and the line
Having memory that is writable and executable at the same time is a
security hazard, and so we tend to avoid those when we can. However,
at boot time, we keep .text mapped writable during the entire init
phase, and the init region itself is mapped rwx as well.
Let's improve the situation by:
- mak
Now that alternatives patching code no longer relies on the primary
mapping of .text being writable, we can remove the code that removes
the writable permissions post-init time, and map it read-only from
the outset.
To preserve the existing behavior under rodata=off, which is relied
upon by extern
Align the function prototype of alloc_init_pte() with its pmd and pud
counterparts by replacing the pfn parameter with the equivalent physical
address.
Signed-off-by: Ard Biesheuvel
---
arch/arm64/mm/mmu.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/mm/
A mapping with the contiguous bit cannot be safely manipulated while
live, regardless of whether the bit changes between the old and new
mapping. So take this into account when deciding whether the change
is safe.
Signed-off-by: Ard Biesheuvel
---
arch/arm64/mm/mmu.c | 10 +-
1 file chan
In preparation of extending the policy for manipulating kernel mappings
with whether or not contiguous hints may be used in the page tables,
replace the bool 'page_mappings_only' with a flags field and a flag
NO_BLOCK_MAPPINGS.
Signed-off-by: Ard Biesheuvel
---
arch/arm64/mm/mmu.c | 45 +
This is the third attempt at enabling the use of contiguous hints for
kernel mappings. The most recent attempt 0bfc445dec9d was reverted after
it turned out that updating permission attributes on live contiguous ranges
may result in TLB conflicts. So this time, the contiguous hint is not set
for .r
On Thu, Mar 09, 2017 at 08:01:56AM +, Marc Zyngier wrote:
> On Wed, Mar 08 2017 at 6:08:31 am GMT, linucher...@gmail.com wrote:
> > From: Linu Cherian
> >
> > v3 -> v4:
> > - Add missing commit messages in patches 1 and 3
> >
> > v2 -> v3:
> > - Added documentation for KVM_CAP_NR_MEMSLOTS
> >
Hi Shanker,
On Sun, Mar 05, 2017 at 08:33:18PM -0600, Shanker Donthineni wrote:
> Now all the cpu_hwcaps features have their own static keys. We don't
> need a separate function hyp_alternate_select() to patch the vhe/nvhe
> code. We can achieve the same functionality by using has_vhe(). It
> impr
Hi Tyler Baicar,
On 2017/3/7 4:45, Tyler Baicar wrote:
> Currently there are trace events for the various RAS
> errors with the exception of ARM processor type errors.
> Add a new trace event for such errors so that the user
> will know when they occur. These trace events are
> consistent with the
Paolo, Radim,
Here's the KVM/ARM updates for 4.11-rc2. The usual bag of vgic
updates, making the memslot array large enough to handle guests with
tons of devices assigned to them, a tidying up of exception handling,
and a rather annoying TLB handling issue on VHE systems.
Please pull,
Thanks,
When invalidating guest TLBs, special care must be taken to
actually shoot the guest TLBs and not the host ones if we're
running on a VHE system. This is controlled by the HCR_EL2.TGE
bit, which we forget to clear before invalidating TLBs.
Address the issue by introducing two wrappers (__tlb_swit
Our GICv3 emulation always presents ICC_SRE_EL1 with DIB/DFB set to
zero, which implies that there is a way to bypass the GIC and
inject raw IRQ/FIQ by driving the CPU pins.
Of course, we don't allow that when the GIC is configured, but
we fail to indicate that to the guest. The obvious fix is to
From: Mark Rutland
Currently we BUG() if we see a HSR.EC value we don't recognise. As
configurable disables/enables are added to the architecture (controlled
by RES1/RES0 bits respectively), with associated synchronous exceptions,
it may be possible for a guest to trigger exceptions with classes
From: Jintack Lim
Currently, if a vcpu thread tries to change the active state of an
interrupt which is already on the same vcpu's AP list, it will loop
forever. Since the VGIC mmio handler is called after a vcpu has
already synced back the LR state to the struct vgic_irq, we can just
let it proc
From: Mark Rutland
Currently we BUG() if we see an ESR_EL2.EC value we don't recognise. As
configurable disables/enables are added to the architecture (controlled
by RES1/RES0 bits respectively), with associated synchronous exceptions,
it may be possible for a guest to trigger exceptions with cla
From: Andre Przywara
The ITS spec says that ITS commands are only processed when the ITS
is enabled (section 8.19.4, Enabled, bit[0]). Our emulation was not taking
this into account.
Fix this by checking the enabled state before handling CWRITER writes.
On the other hand that means that CWRITER
From: Linu Cherian
arm/arm64 architecture doesnt use private memslots, hence removing
KVM_PRIVATE_MEM_SLOTS macro definition.
Reviewed-by: Christoffer Dall
Signed-off-by: Linu Cherian
Signed-off-by: Marc Zyngier
---
arch/arm/include/asm/kvm_host.h | 1 -
arch/arm64/include/asm/kvm_host.h |
From: Linu Cherian
Add documentation for KVM_CAP_NR_MEMSLOTS capability.
Reviewed-by: Christoffer Dall
Signed-off-by: Linu Cherian
Signed-off-by: Marc Zyngier
---
Documentation/virtual/kvm/api.txt | 4
1 file changed, 4 insertions(+)
diff --git a/Documentation/virtual/kvm/api.txt
b/Do
From: Linu Cherian
Return KVM_USER_MEM_SLOTS for userspace capability query on
NR_MEMSLOTS.
Reviewed-by: Christoffer Dall
Signed-off-by: Linu Cherian
Signed-off-by: Marc Zyngier
---
arch/arm/kvm/arm.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/ar
From: Linu Cherian
Having only 32 memslots is a real constraint for the maximum
number of PCI devices that can be assigned to a single guest.
Assuming each PCI device/virtual function having two memory BAR
regions, we could assign only 15 devices/virtual functions to a
guest.
Hence increase KVM_
On Mon, Jan 16, 2017 at 05:33:29PM +0800, Shannon Zhao wrote:
> From: Shannon Zhao
>
> Move invariant_sys_regs before emulate_sys_reg so that it can be used
> later.
>
> Signed-off-by: Shannon Zhao
> ---
> arch/arm64/kvm/sys_regs.c | 193
> --
> 1 f
On Mon, Jan 16, 2017 at 05:33:31PM +0800, Shannon Zhao wrote:
> From: Shannon Zhao
Please provide a commit message.
Thanks,
-Christoffer
___
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
On Sat, Jan 28, 2017 at 03:47:54PM +0100, Andrew Jones wrote:
> On Mon, Jan 16, 2017 at 05:33:32PM +0800, Shannon Zhao wrote:
> > From: Shannon Zhao
> >
> > Add a capability to tell userspace that KVM supports cross type vCPU.
> > Add a cpu feature for userspace to set when it doesn't use host ty
On Mon, Jan 16, 2017 at 05:33:34PM +0800, Shannon Zhao wrote:
> From: Shannon Zhao
>
> Check if the configuration is fine.
This commit message really needs some love and attention.
>
> Signed-off-by: Shannon Zhao
> ---
> arch/arm64/kvm/sys_regs.c | 32 +++-
> 1 fi
On Thu, Mar 09, 2017 at 04:52:18AM -0800, Christoffer Dall wrote:
> On Mon, Jan 16, 2017 at 05:33:34PM +0800, Shannon Zhao wrote:
> > From: Shannon Zhao
> >
> > Check if the configuration is fine.
>
> This commit message really needs some love and attention.
>
> >
> > Signed-off-by: Shannon Zh
2017-03-09 09:55+, Marc Zyngier:
> Paolo, Radim,
>
> Here's the KVM/ARM updates for 4.11-rc2. The usual bag of vgic
> updates, making the memslot array large enough to handle guests with
> tons of devices assigned to them, a tidying up of exception handling,
> and a rather annoying TLB handlin
On 28/01/17 14:55, Andrew Jones wrote:
On Mon, Jan 16, 2017 at 05:33:33PM +0800, Shannon Zhao wrote:
From: Shannon Zhao
When initializing KVM, check whether physical hardware is a
heterogeneous system through the MIDR values. If so, force userspace to
set the KVM_ARM_VCPU_CROSS feature bit. Ot
On Thu, Mar 09 2017 at 3:16:52 pm GMT, Radim Krčmář wrote:
> 2017-03-09 09:55+, Marc Zyngier:
>> Paolo, Radim,
>>
>> Here's the KVM/ARM updates for 4.11-rc2. The usual bag of vgic
>> updates, making the memslot array large enough to handle guests with
>> tons of devices assigned to them, a t
On Thu, Mar 09, 2017 at 09:25:08AM +0100, Ard Biesheuvel wrote:
> Align the function prototype of alloc_init_pte() with its pmd and pud
> counterparts by replacing the pfn parameter with the equivalent physical
> address.
>
> Signed-off-by: Ard Biesheuvel
> ---
> arch/arm64/mm/mmu.c | 8
Currently we duplicate effort in maintaining system register encodings across
arm64's , KVM's sysreg tables, and other places. This redundancy
is unfortunate, and as encodings are encoded in-place without any mnemonic,
this ends up more painful to read than necessary.
This series ameliorates this
This patch adds sysreg definitions for system registers used to control
the architected physical timer. Subsequent patches will make use of
these definitions.
The encodings were taken from ARM DDI 0487A.k_iss10775, Table C5-6.
Signed-off-by: Mark Rutland
Cc: Catalin Marinas
Cc: Marc Zyngier
Cc
Unlike most sysreg defintiions, the GICv3 definitions don't have a SYS_
prefix, and they don't live in . Additionally, some
definitions are duplicated elsewhere (e.g. in the KVM save/restore
code).
For consistency, and to make it possible to share a common definition
for these sysregs, this patch
Out sysreg definitions are largely (but not entirely) in ascending order
of op0:op1:CRn:CRm:op2.
It would be preferable to enforce this sort, as this makes it easier to
verify the set of encodings against documentation, and provides an
obvious location for each addition in future, minimising confl
Cache maintenance ops fall in the SYS instruction class, and KVM needs
to handle them. So as to keep all SYS encodings in one place, this
patch adds them to sysreg.h.
The encodings were taken from ARM DDI 0487A.k_iss10775, Table C5-2.
To make it clear that these are instructions rather than regis
Now that we have common definitions for the GICv3 register encodings,
make the KVM code use these, simplifying the sys_reg_descs table.
Signed-off-by: Mark Rutland
Cc: Christoffer Dall
Cc: Marc Zyngier
Cc: kvmarm@lists.cs.columbia.edu
---
arch/arm64/kvm/sys_regs.c | 8 ++--
1 file changed,
This patch adds a macro enabling us to initialise sys_reg_desc
structures based on common sysreg encoding definitions in
. Subsequent patches will use this to simplify the KVM
code.
Signed-off-by: Mark Rutland
Cc: Christoffer Dall
Cc: Marc Zyngier
Cc: kvmarm@lists.cs.columbia.edu
---
arch/arm6
Now that we have common definitions for the remaining register encodings
required by KVM, make the KVM code use these, simplifying the
sys_reg_descs table and the genericv8_sys_regs table.
Signed-off-by: Mark Rutland
Cc: Christoffer Dall
Cc: Marc Zyngier
Cc: kvmarm@lists.cs.columbia.edu
---
ar
Now that we have common definitions for the register encodings used by
KVM, make the KVM code uses thse for invariant sysreg definitions. This
makes said definitions a reasonable amount shorter, especially as many
comments are rendered redundant and can be removed.
Signed-off-by: Mark Rutland
Cc:
Now that we have common definitions for the debug register encodings,
make the KVM code use these, simplifying the sys_reg_descs table.
The table previously erroneously referred to MDCCSR_EL0 as MDCCSR_EL1.
This is corrected (as is necessary in order to use the common sysreg
definition).
Signed-o
Now that we have common definitions for the encoding of Set/Way cache
maintenance operations, make the KVM code use these, simplifying the
sys_reg_descs table.
Signed-off-by: Mark Rutland
Cc: Christoffer Dall
Cc: Marc Zyngier
Cc: kvmarm@lists.cs.columbia.edu
---
arch/arm64/kvm/sys_regs.c | 12
This patch adds sysreg definitions for registers which KVM needs the
encodings for, which are not currently describe in .
Subsequent patches will make use of these definitions.
The encodings were taken from ARM DDI 0487A.k_iss10775, Table C5-6, but
this is not an exhaustive addition. Additions are
Now that we have common definitions for the physical timer control
registers, make the KVM code use these, simplifying the sys_reg_descs
table.
Signed-off-by: Mark Rutland
Cc: Christoffer Dall
Cc: Marc Zyngier
Cc: kvmarm@lists.cs.columbia.edu
---
arch/arm64/kvm/sys_regs.c | 12 +++-
1
This patch adds sysreg definitions for system registers which are part
of the performance monitors extension. Subsequent patches will make use
of these definitions.
The set of registers is described in ARM DDI 0487A.k_iss10775, Table
D5-9. The encodings were taken from Table C5-6 in the same docum
This patch adds sysreg definitions for system registers in the debug and
trace system register encoding space. Subsequent patches will make use
of these definitions.
The encodings were taken from ARM DDI 0487A.k_iss10775, Table C5-5.
Signed-off-by: Mark Rutland
Cc: Catalin Marinas
Cc: Marc Zyng
Now that we have common definitions for the performance monitor register
encodings, make the KVM code use these, simplifying the sys_reg_descs
table.
The comments for PMUSERENR_EL0 and PMCCFILTR_EL0 are kept, as these
describe non-obvious details regarding the registers. However, a slight
fixup is
On Thu, Mar 09, 2017 at 09:25:09AM +0100, Ard Biesheuvel wrote:
> The debug_pagealloc facility manipulates kernel mappings in the linear
> region at page granularity to detect out of bounds or use-after-free
> accesses. Since the kernel segments are not allocated dynamically,
> there is no point in
On Thu, Mar 09, 2017 at 09:25:10AM +0100, Ard Biesheuvel wrote:
> A mapping with the contiguous bit cannot be safely manipulated while
> live, regardless of whether the bit changes between the old and new
> mapping. So take this into account when deciding whether the change
> is safe.
>
> Signed-o
On Thu, Mar 09, 2017 at 09:25:11AM +0100, Ard Biesheuvel wrote:
> In preparation of extending the policy for manipulating kernel mappings
> with whether or not contiguous hints may be used in the page tables,
> replace the bool 'page_mappings_only' with a flags field and a flag
> NO_BLOCK_MAPPINGS.
On Thu, Mar 09, 2017 at 09:25:12AM +0100, Ard Biesheuvel wrote:
> +static inline u64 pte_cont_addr_end(u64 addr, u64 end)
> +{
> + return min((addr + CONT_PTE_SIZE) & CONT_PTE_MASK, end);
> +}
> +
> +static inline u64 pmd_cont_addr_end(u64 addr, u64 end)
> +{
> + return min((addr + CONT_PMD
On 9 March 2017 at 20:33, Mark Rutland wrote:
> On Thu, Mar 09, 2017 at 09:25:12AM +0100, Ard Biesheuvel wrote:
>> +static inline u64 pte_cont_addr_end(u64 addr, u64 end)
>> +{
>> + return min((addr + CONT_PTE_SIZE) & CONT_PTE_MASK, end);
>> +}
>> +
>> +static inline u64 pmd_cont_addr_end(u64
56 matches
Mail list logo