[v6,00/38] KVM: arm64: Stage-2 for the host

Message ID	20210319100146.1149909-1-qperret@google.com (mailing list archive)
Headers	show Return-Path: <SRS0=5UrE=IR=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4F2D960235 Date: Fri, 19 Mar 2021 10:01:08 +0000 Message-Id: <20210319100146.1149909-1-qperret@google.com> Mime-Version: 1.0 Subject: [PATCH v6 00/38] KVM: arm64: Stage-2 for the host From: Quentin Perret <qperret@google.com> To: catalin.marinas@arm.com, will@kernel.org, maz@kernel.org, james.morse@arm.com, julien.thierry.kdev@gmail.com, suzuki.poulose@arm.com Cc: android-kvm@google.com, seanjc@google.com, mate.toth-pal@arm.com, linux-kernel@vger.kernel.org, robh+dt@kernel.org, linux-arm-kernel@lists.infradead.org, kernel-team@android.com, kvmarm@lists.cs.columbia.edu, tabba@google.com, ardb@kernel.org, mark.rutland@arm.com, dbrazdil@google.com, qperret@google.com Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
Series	KVM: arm64: Stage-2 for the host \| expand [v6,00/38] KVM: arm64: Stage-2 for the host [v6,01/38] arm64: lib: Annotate {clear, copy}_page() as position-independent [v6,02/38] KVM: arm64: Link position-independent string routines into .hyp.text [v6,03/38] arm64: kvm: Add standalone ticket spinlock implementation for use at hyp [v6,04/38] KVM: arm64: Initialize kvm_nvhe_init_params early [v6,05/38] KVM: arm64: Avoid free_page() in page-table allocator [v6,06/38] KVM: arm64: Factor memory allocation out of pgtable.c [v6,07/38] KVM: arm64: Introduce a BSS section for use at Hyp [v6,08/38] KVM: arm64: Make kvm_call_hyp() a function call at Hyp [v6,09/38] KVM: arm64: Allow using kvm_nvhe_sym() in hyp code [v6,10/38] KVM: arm64: Introduce an early Hyp page allocator [v6,11/38] KVM: arm64: Stub CONFIG_DEBUG_LIST at Hyp [v6,12/38] KVM: arm64: Introduce a Hyp buddy page allocator [v6,13/38] KVM: arm64: Enable access to sanitized CPU features at EL2 [v6,14/38] KVM: arm64: Provide __flush_dcache_area at EL2 [v6,15/38] KVM: arm64: Factor out vector address calculation [v6,16/38] arm64: asm: Provide set_sctlr_el2 macro [v6,17/38] KVM: arm64: Prepare the creation of s1 mappings at EL2 [v6,18/38] KVM: arm64: Elevate hypervisor mappings creation at EL2 [v6,19/38] KVM: arm64: Use kvm_arch for stage 2 pgtable [v6,20/38] KVM: arm64: Use kvm_arch in kvm_s2_mmu [v6,21/38] KVM: arm64: Set host stage 2 using kvm_nvhe_init_params [v6,22/38] KVM: arm64: Refactor kvm_arm_setup_stage2() [v6,23/38] KVM: arm64: Refactor __load_guest_stage2() [v6,24/38] KVM: arm64: Refactor __populate_fault_info() [v6,25/38] KVM: arm64: Make memcache anonymous in pgtable allocator [v6,26/38] KVM: arm64: Reserve memory for host stage 2 [v6,27/38] KVM: arm64: Sort the hypervisor memblocks [v6,28/38] KVM: arm64: Always zero invalid PTEs [v6,29/38] KVM: arm64: Use page-table to track page ownership [v6,30/38] KVM: arm64: Refactor the _map_set_prot_attr() helpers [v6,31/38] KVM: arm64: Add kvm_pgtable_stage2_find_range() [v6,32/38] KVM: arm64: Introduce KVM_PGTABLE_S2_NOFWB stage 2 flag [v6,33/38] KVM: arm64: Introduce KVM_PGTABLE_S2_IDMAP stage 2 flag [v6,34/38] KVM: arm64: Provide sanitized mmfr registers at EL2 [v6,35/38] KVM: arm64: Wrap the host with a stage 2 [v6,36/38] KVM: arm64: Page-align the .hyp sections [v6,37/38] KVM: arm64: Disable PMU support in protected mode [v6,38/38] KVM: arm64: Protect the .hyp sections from the host

Message ID

20210319100146.1149909-1-qperret@google.com (mailing list archive)

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4F2D960235
Date: Fri, 19 Mar 2021 10:01:08 +0000
Message-Id: <20210319100146.1149909-1-qperret@google.com>
Mime-Version: 1.0
Subject: [PATCH v6 00/38] KVM: arm64: Stage-2 for the host
From: Quentin Perret <qperret@google.com>
To: catalin.marinas@arm.com, will@kernel.org, maz@kernel.org,
 james.morse@arm.com, julien.thierry.kdev@gmail.com, suzuki.poulose@arm.com
Cc: android-kvm@google.com, seanjc@google.com, mate.toth-pal@arm.com,
 linux-kernel@vger.kernel.org, robh+dt@kernel.org,
 linux-arm-kernel@lists.infradead.org, kernel-team@android.com,
 kvmarm@lists.cs.columbia.edu, tabba@google.com, ardb@kernel.org,
 mark.rutland@arm.com, dbrazdil@google.com, qperret@google.com
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

Series

KVM: arm64: Stage-2 for the host | expand

Message

Quentin Perret March 19, 2021, 10:01 a.m. UTC

Hi all,

This is the v6 of the series previously posted here:

  https://lore.kernel.org/r/20210315143536.214621-1-qperret@google.com/

This basically allows us to wrap the host with a stage 2 when running in
nVHE, hence paving the way for protecting guest memory from the host in
the future (among other use-cases). For more details about the
motivation and the design angle taken here, I would recommend to have a
look at the cover letter of v1, and/or to watch these presentations at
LPC [1] and KVM forum 2020 [2].

Changes since v5:

 - disabled FWB for the host even when the CPUs support it using stage-2
   config flags;

 - added a stage-2 config flag to enfore identity mappings for the host;

 - refactored/simplified the cpu feature register copy;

 - removed unecessary ISB() from the set_ownership() path, and improved
   kerneldoc;

 - rebased on kvmarm/next to fix (trivial) conflicts with Marc's SVE
   series [3].

And as usual, there is a branch available here:

  https://android-kvm.googlesource.com/linux qperret/host-stage2-v6

Thanks,
Quentin

[1] https://youtu.be/54q6RzS9BpQ?t=10859
[2] https://youtu.be/wY-u6n75iXc
[3] https://lore.kernel.org/r/20210318122532.505263-1-maz@kernel.org/

Quentin Perret (35):
  KVM: arm64: Initialize kvm_nvhe_init_params early
  KVM: arm64: Avoid free_page() in page-table allocator
  KVM: arm64: Factor memory allocation out of pgtable.c
  KVM: arm64: Introduce a BSS section for use at Hyp
  KVM: arm64: Make kvm_call_hyp() a function call at Hyp
  KVM: arm64: Allow using kvm_nvhe_sym() in hyp code
  KVM: arm64: Introduce an early Hyp page allocator
  KVM: arm64: Stub CONFIG_DEBUG_LIST at Hyp
  KVM: arm64: Introduce a Hyp buddy page allocator
  KVM: arm64: Enable access to sanitized CPU features at EL2
  KVM: arm64: Provide __flush_dcache_area at EL2
  KVM: arm64: Factor out vector address calculation
  arm64: asm: Provide set_sctlr_el2 macro
  KVM: arm64: Prepare the creation of s1 mappings at EL2
  KVM: arm64: Elevate hypervisor mappings creation at EL2
  KVM: arm64: Use kvm_arch for stage 2 pgtable
  KVM: arm64: Use kvm_arch in kvm_s2_mmu
  KVM: arm64: Set host stage 2 using kvm_nvhe_init_params
  KVM: arm64: Refactor kvm_arm_setup_stage2()
  KVM: arm64: Refactor __load_guest_stage2()
  KVM: arm64: Refactor __populate_fault_info()
  KVM: arm64: Make memcache anonymous in pgtable allocator
  KVM: arm64: Reserve memory for host stage 2
  KVM: arm64: Sort the hypervisor memblocks
  KVM: arm64: Always zero invalid PTEs
  KVM: arm64: Use page-table to track page ownership
  KVM: arm64: Refactor the *_map_set_prot_attr() helpers
  KVM: arm64: Add kvm_pgtable_stage2_find_range()
  KVM: arm64: Introduce KVM_PGTABLE_S2_NOFWB stage 2 flag
  KVM: arm64: Introduce KVM_PGTABLE_S2_IDMAP stage 2 flag
  KVM: arm64: Provide sanitized mmfr* registers at EL2
  KVM: arm64: Wrap the host with a stage 2
  KVM: arm64: Page-align the .hyp sections
  KVM: arm64: Disable PMU support in protected mode
  KVM: arm64: Protect the .hyp sections from the host

Will Deacon (3):
  arm64: lib: Annotate {clear,copy}_page() as position-independent
  KVM: arm64: Link position-independent string routines into .hyp.text
  arm64: kvm: Add standalone ticket spinlock implementation for use at
    hyp

 arch/arm64/include/asm/assembler.h            |  14 +-
 arch/arm64/include/asm/cpufeature.h           |   1 +
 arch/arm64/include/asm/hyp_image.h            |   7 +
 arch/arm64/include/asm/kvm_asm.h              |   9 +
 arch/arm64/include/asm/kvm_cpufeature.h       |  26 ++
 arch/arm64/include/asm/kvm_host.h             |  19 +-
 arch/arm64/include/asm/kvm_hyp.h              |   8 +
 arch/arm64/include/asm/kvm_mmu.h              |  23 +-
 arch/arm64/include/asm/kvm_pgtable.h          | 164 ++++++-
 arch/arm64/include/asm/pgtable-prot.h         |   4 +-
 arch/arm64/include/asm/sections.h             |   1 +
 arch/arm64/kernel/asm-offsets.c               |   3 +
 arch/arm64/kernel/cpufeature.c                |  13 +
 arch/arm64/kernel/image-vars.h                |  30 ++
 arch/arm64/kernel/vmlinux.lds.S               |  74 ++--
 arch/arm64/kvm/arm.c                          | 199 +++++++--
 arch/arm64/kvm/hyp/Makefile                   |   2 +-
 arch/arm64/kvm/hyp/include/hyp/switch.h       |  28 +-
 arch/arm64/kvm/hyp/include/nvhe/early_alloc.h |  14 +
 arch/arm64/kvm/hyp/include/nvhe/gfp.h         |  68 +++
 arch/arm64/kvm/hyp/include/nvhe/mem_protect.h |  36 ++
 arch/arm64/kvm/hyp/include/nvhe/memory.h      |  52 +++
 arch/arm64/kvm/hyp/include/nvhe/mm.h          |  96 ++++
 arch/arm64/kvm/hyp/include/nvhe/spinlock.h    |  92 ++++
 arch/arm64/kvm/hyp/nvhe/Makefile              |   9 +-
 arch/arm64/kvm/hyp/nvhe/cache.S               |  13 +
 arch/arm64/kvm/hyp/nvhe/early_alloc.c         |  54 +++
 arch/arm64/kvm/hyp/nvhe/hyp-init.S            |  42 +-
 arch/arm64/kvm/hyp/nvhe/hyp-main.c            |  68 +++
 arch/arm64/kvm/hyp/nvhe/hyp-smp.c             |   8 +
 arch/arm64/kvm/hyp/nvhe/hyp.lds.S             |   1 +
 arch/arm64/kvm/hyp/nvhe/mem_protect.c         | 279 ++++++++++++
 arch/arm64/kvm/hyp/nvhe/mm.c                  | 173 ++++++++
 arch/arm64/kvm/hyp/nvhe/page_alloc.c          | 195 +++++++++
 arch/arm64/kvm/hyp/nvhe/psci-relay.c          |   4 +-
 arch/arm64/kvm/hyp/nvhe/setup.c               | 214 +++++++++
 arch/arm64/kvm/hyp/nvhe/stub.c                |  22 +
 arch/arm64/kvm/hyp/nvhe/switch.c              |  12 +-
 arch/arm64/kvm/hyp/nvhe/tlb.c                 |   4 +-
 arch/arm64/kvm/hyp/pgtable.c                  | 410 ++++++++++++++----
 arch/arm64/kvm/hyp/reserved_mem.c             | 113 +++++
 arch/arm64/kvm/mmu.c                          | 115 ++++-
 arch/arm64/kvm/perf.c                         |   3 +-
 arch/arm64/kvm/pmu.c                          |   8 +-
 arch/arm64/kvm/reset.c                        |  42 +-
 arch/arm64/kvm/sys_regs.c                     |  22 +
 arch/arm64/lib/clear_page.S                   |   4 +-
 arch/arm64/lib/copy_page.S                    |   4 +-
 arch/arm64/mm/init.c                          |   3 +
 49 files changed, 2542 insertions(+), 263 deletions(-)
 create mode 100644 arch/arm64/include/asm/kvm_cpufeature.h
 create mode 100644 arch/arm64/kvm/hyp/include/nvhe/early_alloc.h
 create mode 100644 arch/arm64/kvm/hyp/include/nvhe/gfp.h
 create mode 100644 arch/arm64/kvm/hyp/include/nvhe/mem_protect.h
 create mode 100644 arch/arm64/kvm/hyp/include/nvhe/memory.h
 create mode 100644 arch/arm64/kvm/hyp/include/nvhe/mm.h
 create mode 100644 arch/arm64/kvm/hyp/include/nvhe/spinlock.h
 create mode 100644 arch/arm64/kvm/hyp/nvhe/cache.S
 create mode 100644 arch/arm64/kvm/hyp/nvhe/early_alloc.c
 create mode 100644 arch/arm64/kvm/hyp/nvhe/mem_protect.c
 create mode 100644 arch/arm64/kvm/hyp/nvhe/mm.c
 create mode 100644 arch/arm64/kvm/hyp/nvhe/page_alloc.c
 create mode 100644 arch/arm64/kvm/hyp/nvhe/setup.c
 create mode 100644 arch/arm64/kvm/hyp/nvhe/stub.c
 create mode 100644 arch/arm64/kvm/hyp/reserved_mem.c

Comments

Marc Zyngier March 25, 2021, 11:13 a.m. UTC | #1

On Fri, 19 Mar 2021 10:01:08 +0000, Quentin Perret wrote:
> This is the v6 of the series previously posted here:
> 
>   https://lore.kernel.org/r/20210315143536.214621-1-qperret@google.com/
> 
> This basically allows us to wrap the host with a stage 2 when running in
> nVHE, hence paving the way for protecting guest memory from the host in
> the future (among other use-cases). For more details about the
> motivation and the design angle taken here, I would recommend to have a
> look at the cover letter of v1, and/or to watch these presentations at
> LPC [1] and KVM forum 2020 [2].
> 
> [...]

Applied to next, thanks!

[01/38] arm64: lib: Annotate {clear, copy}_page() as position-independent
        commit: 8d9902055c57548bb342dc3ca78caa21e9643024
[02/38] KVM: arm64: Link position-independent string routines into .hyp.text
        commit: 7b4a7b5e6fefd15f708f959dd43e188444e252ec
[03/38] arm64: kvm: Add standalone ticket spinlock implementation for use at hyp
        commit: 67c2d326332ee28079348e43cf4f17bbfe63b260
[04/38] KVM: arm64: Initialize kvm_nvhe_init_params early
        commit: 9cc7758145fd24b17cff0734b7cfd80de30be052
[05/38] KVM: arm64: Avoid free_page() in page-table allocator
        commit: cc706a63894fdcc25d226378898921e1ab7dd64e
[06/38] KVM: arm64: Factor memory allocation out of pgtable.c
        commit: 7aef0cbcdcd0995efde9957b3eda9f31a219613d
[07/38] KVM: arm64: Introduce a BSS section for use at Hyp
        commit: 380e18ade4a51334e8806160e6f0fdfaca0b4428
[08/38] KVM: arm64: Make kvm_call_hyp() a function call at Hyp
        commit: 40a50853d37af3fd2e98b769e1a79839ad16b107
[09/38] KVM: arm64: Allow using kvm_nvhe_sym() in hyp code
        commit: fa21472a316af8ad7af3114049db89678444c7ed
[10/38] KVM: arm64: Introduce an early Hyp page allocator
        commit: e759604087231c672f91564cc805336e70d333a0
[11/38] KVM: arm64: Stub CONFIG_DEBUG_LIST at Hyp
        commit: 40d9e41e525c13d07bc72d49968926f4502e5b33
[12/38] KVM: arm64: Introduce a Hyp buddy page allocator
        commit: 8e17c66249e9ea08b44879c7af0315e70a83316c
[13/38] KVM: arm64: Enable access to sanitized CPU features at EL2
        commit: 7a440cc78392c3caf805ef0afc7ead031e4d0830
[14/38] KVM: arm64: Provide __flush_dcache_area at EL2
        commit: d460df12926825a3926da91f054f9f11f88bb33e
[15/38] KVM: arm64: Factor out vector address calculation
        commit: bc1d2892e9aa6dcf6cd83adbd3616051cbd4c429
[16/38] arm64: asm: Provide set_sctlr_el2 macro
        commit: 8f4de66e247b805e1b3d1c15367ee0ef4cbb6003
[17/38] KVM: arm64: Prepare the creation of s1 mappings at EL2
        commit: f320bc742bc23c1d43567712fe2814bf04b19ebc
[18/38] KVM: arm64: Elevate hypervisor mappings creation at EL2
        commit: bfa79a805454f768b8d76ab683659d9e219a037a
[19/38] KVM: arm64: Use kvm_arch for stage 2 pgtable
        commit: 834cd93deb75f3a43420e479f133dd02fba95aa6
[20/38] KVM: arm64: Use kvm_arch in kvm_s2_mmu
        commit: cfb1a98de7a9aa51931ff5b336fc5c3c201d01cc
[21/38] KVM: arm64: Set host stage 2 using kvm_nvhe_init_params
        commit: 734864c177bca5148adfe7a96744993d61513430
[22/38] KVM: arm64: Refactor kvm_arm_setup_stage2()
        commit: bcb25a2b86b4b96385ffbcc54d51c400793b7393
[23/38] KVM: arm64: Refactor __load_guest_stage2()
        commit: 6ec7e56d3265f6e7673d0788bfa3a76820c9bdfe
[24/38] KVM: arm64: Refactor __populate_fault_info()
        commit: 159b859beed76836a2c7cfa6303c312a40bb9dc7
[25/38] KVM: arm64: Make memcache anonymous in pgtable allocator
        commit: e37f37a0e780f23210b2a5cb314dab39fea7086a
[26/38] KVM: arm64: Reserve memory for host stage 2
        commit: 04e5de03093f669ccc233e56b7838bfa7a7af6e1
[27/38] KVM: arm64: Sort the hypervisor memblocks
        commit: a14307f5310c737744641ff8da7a8d491c3c85cd
[28/38] KVM: arm64: Always zero invalid PTEs
        commit: f60ca2f9321a71ee3d2a7bd620c1827b82ce05f2
[29/38] KVM: arm64: Use page-table to track page ownership
        commit: 807923e04a0f5c6c34dc2eb52ae544cb0e4e4e66
[30/38] KVM: arm64: Refactor the *_map_set_prot_attr() helpers
        commit: 3fab82347ffb36c8b7b38dabc8e79276eeb1a81c
[31/38] KVM: arm64: Add kvm_pgtable_stage2_find_range()
        commit: 2fcb3a59401d2d12b5337b62c799eeb22cf40a2c
[32/38] KVM: arm64: Introduce KVM_PGTABLE_S2_NOFWB stage 2 flag
        commit: bc224df155c466178128a2950af16cba37b6f218
[33/38] KVM: arm64: Introduce KVM_PGTABLE_S2_IDMAP stage 2 flag
        commit: 8942a237c771b65f8bc1232536e4b4b829c7701f
[34/38] KVM: arm64: Provide sanitized mmfr* registers at EL2
        commit: def1aaf9e0bc6987bb4b417aac37226e994a1a74
[35/38] KVM: arm64: Wrap the host with a stage 2
        commit: 1025c8c0c6accfcbdc8f52ca1940160f65cd87d6
[36/38] KVM: arm64: Page-align the .hyp sections
        commit: b83042f0f143a5e9e899924987b542b2ac766e53
[37/38] KVM: arm64: Disable PMU support in protected mode
        commit: 9589a38cdfeba0889590e6ef4627b439034d456c
[38/38] KVM: arm64: Protect the .hyp sections from the host
        commit: 90134ac9cabb69972d0a509bf08e108a73442184

Cheers,

	M.