[v8,0/6] KVM: arm64: Hypervisor stack enhancements

Message ID	20220420214317.3303360-1-kaleshsingh@google.com (mailing list archive)
Headers	show Return-Path: <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org> Date: Wed, 20 Apr 2022 14:42:51 -0700 Message-Id: <20220420214317.3303360-1-kaleshsingh@google.com> Mime-Version: 1.0 Subject: [PATCH v8 0/6] KVM: arm64: Hypervisor stack enhancements From: Kalesh Singh <kaleshsingh@google.com> Cc: will@kernel.org, maz@kernel.org, qperret@google.com, tabba@google.com, surenb@google.com, kernel-team@android.com, Kalesh Singh <kaleshsingh@google.com>, James Morse <james.morse@arm.com>, Alexandru Elisei <alexandru.elisei@arm.com>, Suzuki K Poulose <suzuki.poulose@arm.com>, Catalin Marinas <catalin.marinas@arm.com>, Mark Rutland <mark.rutland@arm.com>, Ard Biesheuvel <ardb@kernel.org>, Zenghui Yu <yuzenghui@huawei.com>, Nathan Chancellor <nathan@kernel.org>, Masahiro Yamada <masahiroy@kernel.org>, Changbin Du <changbin.du@intel.com>, linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
Series	KVM: arm64: Hypervisor stack enhancements \| expand [v8,0/6] KVM: arm64: Hypervisor stack enhancements [v8,1/6] KVM: arm64: Introduce hyp_alloc_private_va_range() [v8,2/6] KVM: arm64: Introduce pkvm_alloc_private_va_range() [v8,3/6] KVM: arm64: Add guard pages for KVM nVHE hypervisor stack [v8,4/6] KVM: arm64: Add guard pages for pKVM (protected nVHE) hypervisor stack [v8,5/6] KVM: arm64: Detect and handle hypervisor stack overflows [v8,6/6] KVM: arm64: Symbolize the nVHE HYP addresses

Message ID

20220420214317.3303360-1-kaleshsingh@google.com (mailing list archive)

Headers

Date: Wed, 20 Apr 2022 14:42:51 -0700
Message-Id: <20220420214317.3303360-1-kaleshsingh@google.com>
Mime-Version: 1.0
Subject: [PATCH v8 0/6] KVM: arm64: Hypervisor stack enhancements
From: Kalesh Singh <kaleshsingh@google.com>
Cc: will@kernel.org, maz@kernel.org, qperret@google.com, tabba@google.com,
 surenb@google.com, kernel-team@android.com,
 Kalesh Singh <kaleshsingh@google.com>, James Morse <james.morse@arm.com>,
 Alexandru Elisei <alexandru.elisei@arm.com>,
 Suzuki K Poulose <suzuki.poulose@arm.com>,
 Catalin Marinas <catalin.marinas@arm.com>,
 Mark Rutland <mark.rutland@arm.com>,
 Ard Biesheuvel <ardb@kernel.org>, Zenghui Yu <yuzenghui@huawei.com>,
 Nathan Chancellor <nathan@kernel.org>,
 Masahiro Yamada <masahiroy@kernel.org>,
 Changbin Du <changbin.du@intel.com>, linux-arm-kernel@lists.infradead.org,
 kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

Series

KVM: arm64: Hypervisor stack enhancements | expand

Message

Kalesh Singh April 20, 2022, 9:42 p.m. UTC

Hi all,

This is v8 of the nVHE hypervisor stack enhancements. This version is based
on 5.18-rc3.

Previous versions can be found at: 
v7: https://lore.kernel.org/r/20220408200349.1529080-1-kaleshsingh@google.com/
v6: https://lore.kernel.org/r/20220314200148.2695206-1-kaleshsingh@google.com/
v5: https://lore.kernel.org/r/20220307184935.1704614-1-kaleshsingh@google.com/
v4: https://lore.kernel.org/r/20220225033548.1912117-1-kaleshsingh@google.com/
v3: https://lore.kernel.org/r/20220224051439.640768-1-kaleshsingh@google.com/
v2: https://lore.kernel.org/r/20220222165212.2005066-1-kaleshsingh@google.com/
v1: https://lore.kernel.org/r/20220210224220.4076151-1-kaleshsingh@google.com/

Thanks,
Kalesh

-----

This series is based on 5.18-rc3 and adds stack guard pages to nVHE and pKVM
hypervisor; and symbolization of hypervisor addresses.

The guard page stack overflow detection is based on the technique used by
arm64 VMAP_STACK. i.e. the stack is aligned such that the 'stack shift' bit 
of any valid SP is 1. The 'stack shift' bit can be tested in the exception
entry to detect overflow without corrupting GPRs.


Kalesh Singh (6):
  KVM: arm64: Introduce hyp_alloc_private_va_range()
  KVM: arm64: Introduce pkvm_alloc_private_va_range()
  KVM: arm64: Add guard pages for KVM nVHE hypervisor stack
  KVM: arm64: Add guard pages for pKVM (protected nVHE) hypervisor stack
  KVM: arm64: Detect and handle hypervisor stack overflows
  KVM: arm64: Symbolize the nVHE HYP addresses

 arch/arm64/include/asm/kvm_asm.h     |  1 +
 arch/arm64/include/asm/kvm_mmu.h     |  3 ++
 arch/arm64/kvm/arm.c                 | 37 +++++++++++--
 arch/arm64/kvm/handle_exit.c         | 13 ++---
 arch/arm64/kvm/hyp/include/nvhe/mm.h |  6 ++-
 arch/arm64/kvm/hyp/nvhe/host.S       | 24 +++++++++
 arch/arm64/kvm/hyp/nvhe/hyp-main.c   | 18 ++++++-
 arch/arm64/kvm/hyp/nvhe/mm.c         | 78 ++++++++++++++++++----------
 arch/arm64/kvm/hyp/nvhe/setup.c      | 31 +++++++++--
 arch/arm64/kvm/hyp/nvhe/switch.c     |  7 ++-
 arch/arm64/kvm/mmu.c                 | 68 ++++++++++++++++--------
 scripts/kallsyms.c                   |  3 +-
 12 files changed, 220 insertions(+), 69 deletions(-)


base-commit: b2d229d4ddb17db541098b83524d901257e93845

Comments

Marc Zyngier April 28, 2022, 7:55 p.m. UTC | #1

On Wed, 20 Apr 2022 14:42:51 -0700, Kalesh Singh wrote:
> This is v8 of the nVHE hypervisor stack enhancements. This version is based
> on 5.18-rc3.
> 
> Previous versions can be found at:
> v7: https://lore.kernel.org/r/20220408200349.1529080-1-kaleshsingh@google.com/
> v6: https://lore.kernel.org/r/20220314200148.2695206-1-kaleshsingh@google.com/
> v5: https://lore.kernel.org/r/20220307184935.1704614-1-kaleshsingh@google.com/
> v4: https://lore.kernel.org/r/20220225033548.1912117-1-kaleshsingh@google.com/
> v3: https://lore.kernel.org/r/20220224051439.640768-1-kaleshsingh@google.com/
> v2: https://lore.kernel.org/r/20220222165212.2005066-1-kaleshsingh@google.com/
> v1: https://lore.kernel.org/r/20220210224220.4076151-1-kaleshsingh@google.com/
> 
> [...]

Applied to next, thanks!

[1/6] KVM: arm64: Introduce hyp_alloc_private_va_range()
      commit: 92abe0f81e1385afd8f1dc66206b5be9a514899b
[2/6] KVM: arm64: Introduce pkvm_alloc_private_va_range()
      commit: f922c13e778d6d5343d4576be785a8204c595113
[3/6] KVM: arm64: Add guard pages for KVM nVHE hypervisor stack
      commit: ce3354318a57875dc59f4bb841662e95bfba03db
[4/6] KVM: arm64: Add guard pages for pKVM (protected nVHE) hypervisor stack
      commit: 1a919b17ef012ca0572bae759c27e5ea02bfb47f
[5/6] KVM: arm64: Detect and handle hypervisor stack overflows
      commit: 66de19fad9ef47c5376a99bb2b00661f1c788a94
[6/6] KVM: arm64: Symbolize the nVHE HYP addresses
      commit: 6ccf9cb557bd32073b0d68baed97f1bd8a40ff1d

Cheers,

	M.

Kalesh Singh May 2, 2022, 4:54 p.m. UTC | #2

On Thu, Apr 28, 2022 at 12:55 PM Marc Zyngier <maz@kernel.org> wrote:
>
> On Wed, 20 Apr 2022 14:42:51 -0700, Kalesh Singh wrote:
> > This is v8 of the nVHE hypervisor stack enhancements. This version is based
> > on 5.18-rc3.
> >
> > Previous versions can be found at:
> > v7: https://lore.kernel.org/r/20220408200349.1529080-1-kaleshsingh@google.com/
> > v6: https://lore.kernel.org/r/20220314200148.2695206-1-kaleshsingh@google.com/
> > v5: https://lore.kernel.org/r/20220307184935.1704614-1-kaleshsingh@google.com/
> > v4: https://lore.kernel.org/r/20220225033548.1912117-1-kaleshsingh@google.com/
> > v3: https://lore.kernel.org/r/20220224051439.640768-1-kaleshsingh@google.com/
> > v2: https://lore.kernel.org/r/20220222165212.2005066-1-kaleshsingh@google.com/
> > v1: https://lore.kernel.org/r/20220210224220.4076151-1-kaleshsingh@google.com/
> >
> > [...]
>
> Applied to next, thanks!
>
> [1/6] KVM: arm64: Introduce hyp_alloc_private_va_range()
>       commit: 92abe0f81e1385afd8f1dc66206b5be9a514899b
> [2/6] KVM: arm64: Introduce pkvm_alloc_private_va_range()
>       commit: f922c13e778d6d5343d4576be785a8204c595113
> [3/6] KVM: arm64: Add guard pages for KVM nVHE hypervisor stack
>       commit: ce3354318a57875dc59f4bb841662e95bfba03db
> [4/6] KVM: arm64: Add guard pages for pKVM (protected nVHE) hypervisor stack
>       commit: 1a919b17ef012ca0572bae759c27e5ea02bfb47f
> [5/6] KVM: arm64: Detect and handle hypervisor stack overflows
>       commit: 66de19fad9ef47c5376a99bb2b00661f1c788a94
> [6/6] KVM: arm64: Symbolize the nVHE HYP addresses
>       commit: 6ccf9cb557bd32073b0d68baed97f1bd8a40ff1d

Thanks for applying these Marc.

I was wondering if instead of taking these through kvm-arm64/next,
could Catalin consolidated these in arm64 for-next/core with Mark
Ruthland's and Madhavan's stacktrace patches[1]? This avoids conflict
and would allow for the hypervisor unwinding changes[2] to apply
cleanly.

[1] https://lore.kernel.org/r/20220413145910.3060139-1-mark.rutland@arm.com/
[2]  https://lore.kernel.org/r/20220427184716.1949239-1-kaleshsingh@google.com/

Thanks,
Kalesh
>
> Cheers,
>
>         M.
> --
> Without deviation from the norm, progress is not possible.
>
>

Marc Zyngier May 3, 2022, 7:41 p.m. UTC | #3

On Mon, 02 May 2022 17:54:45 +0100,
Kalesh Singh <kaleshsingh@google.com> wrote:
> 
> On Thu, Apr 28, 2022 at 12:55 PM Marc Zyngier <maz@kernel.org> wrote:
> >
> > On Wed, 20 Apr 2022 14:42:51 -0700, Kalesh Singh wrote:
> > > This is v8 of the nVHE hypervisor stack enhancements. This version is based
> > > on 5.18-rc3.
> > >
> > > Previous versions can be found at:
> > > v7: https://lore.kernel.org/r/20220408200349.1529080-1-kaleshsingh@google.com/
> > > v6: https://lore.kernel.org/r/20220314200148.2695206-1-kaleshsingh@google.com/
> > > v5: https://lore.kernel.org/r/20220307184935.1704614-1-kaleshsingh@google.com/
> > > v4: https://lore.kernel.org/r/20220225033548.1912117-1-kaleshsingh@google.com/
> > > v3: https://lore.kernel.org/r/20220224051439.640768-1-kaleshsingh@google.com/
> > > v2: https://lore.kernel.org/r/20220222165212.2005066-1-kaleshsingh@google.com/
> > > v1: https://lore.kernel.org/r/20220210224220.4076151-1-kaleshsingh@google.com/
> > >
> > > [...]
> >
> > Applied to next, thanks!
> >
> > [1/6] KVM: arm64: Introduce hyp_alloc_private_va_range()
> >       commit: 92abe0f81e1385afd8f1dc66206b5be9a514899b
> > [2/6] KVM: arm64: Introduce pkvm_alloc_private_va_range()
> >       commit: f922c13e778d6d5343d4576be785a8204c595113
> > [3/6] KVM: arm64: Add guard pages for KVM nVHE hypervisor stack
> >       commit: ce3354318a57875dc59f4bb841662e95bfba03db
> > [4/6] KVM: arm64: Add guard pages for pKVM (protected nVHE) hypervisor stack
> >       commit: 1a919b17ef012ca0572bae759c27e5ea02bfb47f
> > [5/6] KVM: arm64: Detect and handle hypervisor stack overflows
> >       commit: 66de19fad9ef47c5376a99bb2b00661f1c788a94
> > [6/6] KVM: arm64: Symbolize the nVHE HYP addresses
> >       commit: 6ccf9cb557bd32073b0d68baed97f1bd8a40ff1d
> 
> Thanks for applying these Marc.
> 
> I was wondering if instead of taking these through kvm-arm64/next,
> could Catalin consolidated these in arm64 for-next/core with Mark
> Ruthland's and Madhavan's stacktrace patches[1]? This avoids conflict
> and would allow for the hypervisor unwinding changes[2] to apply
> cleanly.

So far, there hasn't been any reported conflict. If Catalin needs to
merge the branch or part of it, it is stable anyway and can be pulled
from anywhere.

As for the rest of the stacktrace stuff, I haven't had a look yet.

Thanks,

	M.