From patchwork Wed Dec 1 17:03:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quentin Perret X-Patchwork-Id: 12694347 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 47539C433F5 for ; Wed, 1 Dec 2021 17:05:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Mime-Version: Message-Id:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=wxsbUIFeNoWPAvJ7Iq7sxgCuyXbat2qs7AFlAkupPac=; b=hVF Wgb0YFkStNTaqNyjH2Rn0S9y5Pr6jpfUesrImwpibPAoKAY3BpnFXEJiiE4L/3cgsJCYJNHnYz31b PI1ZtUbW0W5VhF95yfZTeDjDubKAIJCslHf+Cqh8hrMh3tEAxeNMTB+LBX7xtmHlMsMPSKt2kIYD7 /MtPnm1Ey1H6pLVLcAoiyYd7cATRPG8HbUwUNkAS8lsAgaWmFXaQd0uIW+xYHe+YEVu0S0cHm5evk o7UrBD+4ItoQlJ2Yu+0wVlGEfD73x9sQW7yoE/TRVmkC00oEAH5TulqoXzRp8purd96f5Lj1SukUT b1q5mVHDdmNK34rtrnXgMrl1+3NSyEg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1msT1o-009RoT-Vv; Wed, 01 Dec 2021 17:04:21 +0000 Received: from mail-wm1-x34a.google.com ([2a00:1450:4864:20::34a]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1msT1k-009Rnr-7P for linux-arm-kernel@lists.infradead.org; Wed, 01 Dec 2021 17:04:17 +0000 Received: by mail-wm1-x34a.google.com with SMTP id ay34-20020a05600c1e2200b00337fd217772so1200002wmb.4 for ; Wed, 01 Dec 2021 09:04:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:message-id:mime-version:subject:from:to:cc; bh=P0eoA0nXrvSw+mWn0Ku1VtemJtowvKfJvB6oV4i5/hM=; b=Xl37A5npQxuw9iiyYsc4FHymns/CW0PmG++NQLPuDeVsi4MmWz/bMPvvp4mEsPVUj0 T0jk2qTSFZhs5wn6WsNHgExPEDxnS3PFMt0xMVVfjX6xVZ6zNvFLL/D9ezCdbQEeLeQ4 iphGPGU87rab27S/flnkUEKsapS1ZvK6BWoUZB8yB+OU+yrxbo+XLBFZc9dT3q/kaigZ tsiewXdcXd+CvHl/gELBfFBSdy8pF/zUDCyH2fW+3ss38xN1TLPrqeP4TpgNNGn4ii4E sLtTwube/pL8RqZ17DEUDza6tDL3ZxyExPjvLMo5O8P+nB4spC7CGhTvv8sUGWFSHB9g a3mA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=P0eoA0nXrvSw+mWn0Ku1VtemJtowvKfJvB6oV4i5/hM=; b=20C1bnUYK+SeKplNdcMYaJzDztOnriOuA8coo1JSDBC+R5gn77o8KhO0KCp/hETRxc QwCN2B4cfkRNAGjyqSPcaGviMT47cilxBELFg442RdR8/dgw1aGt1cNckXTYfnmS8emn UgUjuw5nUsre5526WVqR5IyCt9Nd0TB8dSIvgUXt/EOkfnkuyqxRhV6fg27b6NjjlXqu syDbgAwQUn8VVqrlTYiFCepM0rFGV3oQJp9GP38W487IAsjMLU0a8weC02RHfRhmLRs6 /hAt3ayUh6ZmPHJQUDSzZKN1XQQwLEQ60ZYHNEuPbfajiNGA5wqmcREM1ScAlQG7xDja m/6Q== X-Gm-Message-State: AOAM531IXLty4MFmDX0AoJO3B+4BxrKl/FPhDIljaV3p+xqHViDWzuVD M3PYdOmUaUYlxIkBLEY8MCWzwYM/0qwV X-Google-Smtp-Source: ABdhPJztEwjdKWN8+cpw0aKB6OPpL4Crx4EBMVVRzlRSso7hTLSF84evAIJ4EJbP5/t3h2pgTg90YOQYsg6U X-Received: from luke.lon.corp.google.com ([2a00:79e0:d:210:1cab:1a20:2ef1:ddde]) (user=qperret job=sendgmr) by 2002:a05:600c:154f:: with SMTP id f15mr8485753wmg.86.1638378253327; Wed, 01 Dec 2021 09:04:13 -0800 (PST) Date: Wed, 1 Dec 2021 17:03:54 +0000 Message-Id: <20211201170411.1561936-1-qperret@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.34.0.rc2.393.gf8c9666880-goog Subject: [PATCH v3 00/15] KVM: arm64: Introduce kvm_share_hyp() From: Quentin Perret To: Marc Zyngier , James Morse , Alexandru Elisei , Suzuki K Poulose , Catalin Marinas , Will Deacon Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org, kernel-team@android.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211201_090416_289351_CEC66DCF X-CRM114-Status: GOOD ( 12.74 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Hi all, This is v3 of the series previously posted here: https://lore.kernel.org/kvmarm/20211019121304.2732332-1-qperret@google.com/ This series implements an unshare hypercall at EL2 in nVHE protected mode, and makes use of it to unmmap guest-specific data-structures from EL2 stage-1 during guest tear-down. Crucially, the implementation of the share and unshare routines use page refcounts in the host kernel to avoid accidentally unmapping data-structures that overlap a common page. This series has two main benefits. Firstly it allows EL2 to track the state of shared pages cleanly, as they can now transition from SHARED back to OWNED. This will simplify permission checks once e.g. pkvm implements a donation hcall to provide memory to protected guests, as there should then be no reason for the host to donate a page that is currently marked shared. And secondly, it avoids having dangling mappings in the hypervisor's stage-1, which should be a good idea from a security perspective as the hypervisor is obviously running with elevated privileges. And perhaps worth noting is that this also refactors the EL2 page-tracking checks in a more scalable way, which should allow to implement other memory transitions (host donating memory to a guest, a guest sharing back with the host, ...) much more easily in the future. Changes since v2: - Added a check in kvm_share_hyp() to prevent sharing vmalloc pages; - Rebased on kvmarm/next, which contains Marc's rework of FPSIMD/SVE tracking [1]. Thanks! Quentin [1] https://lore.kernel.org/kvmarm/20211201120436.389756-1-maz@kernel.org/ Quentin Perret (7): KVM: arm64: Check if running in VHE from kvm_host_owns_hyp_mappings() KVM: arm64: Provide {get,put}_page() stubs for early hyp allocator KVM: arm64: Refcount hyp stage-1 pgtable pages KVM: arm64: Fixup hyp stage-1 refcount KVM: arm64: Introduce kvm_share_hyp() KVM: arm64: pkvm: Refcount the pages shared with EL2 KVM: arm64: pkvm: Unshare guest structs during teardown Will Deacon (8): KVM: arm64: Hook up ->page_count() for hypervisor stage-1 page-table KVM: arm64: Implement kvm_pgtable_hyp_unmap() at EL2 KVM: arm64: Extend pkvm_page_state enumeration to handle absent pages KVM: arm64: Introduce wrappers for host and hyp spin lock accessors KVM: arm64: Implement do_share() helper for sharing memory KVM: arm64: Implement __pkvm_host_share_hyp() using do_share() KVM: arm64: Implement do_unshare() helper for unsharing memory KVM: arm64: Expose unshare hypercall to the host arch/arm64/include/asm/kvm_asm.h | 1 + arch/arm64/include/asm/kvm_host.h | 2 + arch/arm64/include/asm/kvm_mmu.h | 2 + arch/arm64/include/asm/kvm_pgtable.h | 21 + arch/arm64/kvm/arm.c | 6 +- arch/arm64/kvm/fpsimd.c | 36 +- arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 6 + arch/arm64/kvm/hyp/nvhe/early_alloc.c | 5 + arch/arm64/kvm/hyp/nvhe/hyp-main.c | 8 + arch/arm64/kvm/hyp/nvhe/mem_protect.c | 500 +++++++++++++++--- arch/arm64/kvm/hyp/nvhe/setup.c | 22 +- arch/arm64/kvm/hyp/pgtable.c | 80 ++- arch/arm64/kvm/mmu.c | 140 ++++- arch/arm64/kvm/reset.c | 10 +- 14 files changed, 737 insertions(+), 102 deletions(-)