Message ID | 20210108121524.656872-1-qperret@google.com |
---|---|
Headers | show |
Series | KVM/arm64: A stage 2 for the host | expand |
Hi Quentin, On 2021-01-08 13:14, Quentin Perret wrote: > Hi all, > > This is the v2 of the series previously posted here: > > https://lore.kernel.org/kvmarm/20201117181607.1761516-1-qperret@google.com/ > > This basically allows us to wrap the host with a stage 2 when running in > nVHE, hence paving the way for protecting guest memory from the host in > the future (among other use-cases). For more details about the > motivation and the design angle taken here, I would recommend to have a > look at the cover letter of v1, and/or to watch these presentations at > LPC [1] and KVM forum 2020 [2]. We tested the pKVM changes pulled from here: > https://android-kvm.googlesource.com/linux qperret/host-stage2-v2 We were using a target with Arm architecture with FEAT_S2FWB, and found that there is a bug in the patch. It turned out that the Kernel checks for the extension, and sets up the stage 2 translation so that it forces the host memory type to write-through. However it seems that the code doesn't turn on the feature in the HCR_EL2 register. We were able to fix the issue by applying the following patch: diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvhe/mem_protect.c index 0cd3eb178f3b..e8521a072ea6 100644 --- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c +++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c @@ -105,6 +105,8 @@ int kvm_host_prepare_stage2(void *mem_pgt_pool, void *dev_pgt_pool) params->vttbr = kvm_get_vttbr(mmu); params->vtcr = host_kvm.arch.vtcr; params->hcr_el2 |= HCR_VM; + if (cpus_have_const_cap(ARM64_HAS_STAGE2_FWB)) + params->hcr_el2 |= HCR_FWB; __flush_dcache_area(params, sizeof(*params)); } Best regards, Mate Toth-Pal
Hi Mate, On Wednesday 17 Feb 2021 at 17:27:07 (+0100), Mate Toth-Pal wrote: > We tested the pKVM changes pulled from here: > > > > https://android-kvm.googlesource.com/linux qperret/host-stage2-v2 > > > We were using a target with Arm architecture with FEAT_S2FWB, and found that > there is a bug in the patch. > > > It turned out that the Kernel checks for the extension, and sets up the > stage 2 translation so that it forces the host memory type to write-through. > However it seems that the code doesn't turn on the feature in the HCR_EL2 > register. > > > We were able to fix the issue by applying the following patch: > > > diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c > b/arch/arm64/kvm/hyp/nvhe/mem_protect.c > index 0cd3eb178f3b..e8521a072ea6 100644 > --- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c > +++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c > @@ -105,6 +105,8 @@ int kvm_host_prepare_stage2(void *mem_pgt_pool, void > *dev_pgt_pool) > params->vttbr = kvm_get_vttbr(mmu); > params->vtcr = host_kvm.arch.vtcr; > params->hcr_el2 |= HCR_VM; > + if (cpus_have_const_cap(ARM64_HAS_STAGE2_FWB)) > + params->hcr_el2 |= HCR_FWB; > __flush_dcache_area(params, sizeof(*params)); > } Aha, indeed, this looks right. I'll double check HCR_EL2 to see if I'm missing any other, and I'll add this to v3. Thanks for testing, and the for the report. Quentin
On Fri, Jan 08, 2021, Quentin Perret wrote:
> [2] https://kvmforum2020.sched.com/event/eE24/virtualization-for-the-masses-exposing-kvm-on-android-will-deacon-google
I couldn't find any slides on the official KVM forum site linked above. I was
able to track down a mirror[1] and the recorded presentation[2].
[1] https://mirrors.edge.kernel.org/pub/linux/kernel/people/will/slides/kvmforum-2020-edited.pdf
[2] https://youtu.be/wY-u6n75iXc
On Friday 19 Feb 2021 at 09:54:38 (-0800), Sean Christopherson wrote: > On Fri, Jan 08, 2021, Quentin Perret wrote: > > [2] https://kvmforum2020.sched.com/event/eE24/virtualization-for-the-masses-exposing-kvm-on-android-will-deacon-google > > I couldn't find any slides on the official KVM forum site linked above. I was > able to track down a mirror[1] and the recorded presentation[2]. > > [1] https://mirrors.edge.kernel.org/pub/linux/kernel/people/will/slides/kvmforum-2020-edited.pdf > [2] https://youtu.be/wY-u6n75iXc Much nicer, I'll make sure to link those in the next cover letter. Thanks Sean! Quentin