| Message ID | 20211215161232.1480836-1-qperret@google.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | KVM: arm64: Introduce kvm_{un}share_hyp() | expand |
On Wed, 15 Dec 2021 16:12:17 +0000, Quentin Perret wrote: > This is v4 of the series previously posted here: > > https://lore.kernel.org/kvmarm/20211201170411.1561936-1-qperret@google.com/ > > This series implements an unshare hypercall at EL2 in nVHE protected > mode, and makes use of it to unmmap guest-specific data-structures from > EL2 stage-1 during guest tear-down. Crucially, the implementation of the > share and unshare routines use page refcounts in the host kernel to > avoid accidentally unmapping data-structures that overlap a common page. > > [...] Applied to next, thanks! [01/14] KVM: arm64: Provide {get,put}_page() stubs for early hyp allocator commit: 1fac3cfb9cc60d71b66ee5127b2bc5b5f9f79df8 [02/14] KVM: arm64: Refcount hyp stage-1 pgtable pages commit: 2ea2ff91e82293909d4879b0b4c6c94b02d52b7e [03/14] KVM: arm64: Fixup hyp stage-1 refcount commit: d6b4bd3f4897f3b60ac9e8c9e2f0300e739b3392 [04/14] KVM: arm64: Hook up ->page_count() for hypervisor stage-1 page-table commit: 34ec7cbf1ee0c45e66a0c24311bcd5b83b7109f5 [05/14] KVM: arm64: Implement kvm_pgtable_hyp_unmap() at EL2 commit: 82bb02445de57bb3072052705f6f5dea9465592e [06/14] KVM: arm64: Introduce kvm_share_hyp() commit: 3f868e142c0bb052a1c15fd3ceca1391604e2e69 [07/14] KVM: arm64: pkvm: Refcount the pages shared with EL2 commit: a83e2191b7f1894dd0b4b3816ceb9caf4e0cd7e5 [08/14] KVM: arm64: Extend pkvm_page_state enumeration to handle absent pages commit: 3d467f7b8c0a179a10aa4e9f17cd2d3c3b7e5403 [09/14] KVM: arm64: Introduce wrappers for host and hyp spin lock accessors commit: 61d99e33e757a21b47b8b130e49dcbdfaa5d2b1c [10/14] KVM: arm64: Implement do_share() helper for sharing memory commit: e82edcc75c4e2389a3d7223c4ef1737bd9a07e5d [11/14] KVM: arm64: Implement __pkvm_host_share_hyp() using do_share() commit: 1ee32109fd78720259f7431740897d37ebcd84f6 [12/14] KVM: arm64: Implement do_unshare() helper for unsharing memory commit: 376a240f037959c2b9a2486e53bcd8d388cbec17 [13/14] KVM: arm64: Expose unshare hypercall to the host commit: b8cc6eb5bded7078f796b2ebf548f79850281eb6 [14/14] KVM: arm64: pkvm: Unshare guest structs during teardown commit: 52b28657ebd7cd20e931ce71190f235d0fa018a6 Cheers, M.
Hi all, This is v4 of the series previously posted here: https://lore.kernel.org/kvmarm/20211201170411.1561936-1-qperret@google.com/ This series implements an unshare hypercall at EL2 in nVHE protected mode, and makes use of it to unmmap guest-specific data-structures from EL2 stage-1 during guest tear-down. Crucially, the implementation of the share and unshare routines use page refcounts in the host kernel to avoid accidentally unmapping data-structures that overlap a common page. This series has two main benefits. Firstly it allows EL2 to track the state of shared pages cleanly, as they can now transition from SHARED back to OWNED. This will simplify permission checks once e.g. pkvm implements a donation hcall to provide memory to protected guests, as there should then be no reason for the host to donate a page that is currently marked shared. And secondly, it avoids having dangling mappings in the hypervisor's stage-1, which should be a good idea from a security perspective as the hypervisor is obviously running with elevated privileges. And perhaps worth noting is that this also refactors the EL2 page-tracking checks in a more scalable way, which should allow to implement other memory transitions (host donating memory to a guest, a guest sharing back with the host, ...) much more easily in the future. Changes since v3: - fixed refcount of hyp stage-1 page-table pages when only changing SW bits (Will) - misc minor cleanups (Will, Andrew) - rebased on kvmarm/next Quentin Perret (6): KVM: arm64: Provide {get,put}_page() stubs for early hyp allocator KVM: arm64: Refcount hyp stage-1 pgtable pages KVM: arm64: Fixup hyp stage-1 refcount KVM: arm64: Introduce kvm_share_hyp() KVM: arm64: pkvm: Refcount the pages shared with EL2 KVM: arm64: pkvm: Unshare guest structs during teardown Will Deacon (8): KVM: arm64: Hook up ->page_count() for hypervisor stage-1 page-table KVM: arm64: Implement kvm_pgtable_hyp_unmap() at EL2 KVM: arm64: Extend pkvm_page_state enumeration to handle absent pages KVM: arm64: Introduce wrappers for host and hyp spin lock accessors KVM: arm64: Implement do_share() helper for sharing memory KVM: arm64: Implement __pkvm_host_share_hyp() using do_share() KVM: arm64: Implement do_unshare() helper for unsharing memory KVM: arm64: Expose unshare hypercall to the host arch/arm64/include/asm/kvm_asm.h | 1 + arch/arm64/include/asm/kvm_host.h | 2 + arch/arm64/include/asm/kvm_mmu.h | 2 + arch/arm64/include/asm/kvm_pgtable.h | 21 + arch/arm64/kvm/arm.c | 6 +- arch/arm64/kvm/fpsimd.c | 36 +- arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 6 + arch/arm64/kvm/hyp/nvhe/early_alloc.c | 5 + arch/arm64/kvm/hyp/nvhe/hyp-main.c | 8 + arch/arm64/kvm/hyp/nvhe/mem_protect.c | 500 +++++++++++++++--- arch/arm64/kvm/hyp/nvhe/setup.c | 22 +- arch/arm64/kvm/hyp/pgtable.c | 102 +++- arch/arm64/kvm/mmu.c | 137 ++++- arch/arm64/kvm/reset.c | 10 +- 14 files changed, 739 insertions(+), 119 deletions(-)