Re: [PATCH v1 00/13] KVM: arm64: Fixed features for protected VMs
From: Fuad Tabba <hidden>
Date: 2021-06-09 16:34:08
Also in:
kvm, kvmarm
Hi Drew,
I see this series takes the approach we currently have in KVM of masking features we don't want to expose to the guest. This approach adds yet another "reject list" to be maintained as hardware evolves. I'd rather see that we first change KVM to using an accept list, i.e. mask everything and then only set what we want to enable. Mimicking that new accept list in pKVM, where much less would be enabled, would reduce the amount of maintenance needed.
Good point. I agree that having an allow list is preferable to having a block list. The way this patch series handles system register accesses is actually an allow list. However, as it is now, features being exposed to protected guests via the feature registers take the block list approach. I will fix that to ensure that instead it exposes a list of allowed features, rather than hiding restricted ones. As you suggest, this would reduce the amount of maintenance as hardware evolves and is better for security as well. As for changing KVM first, I think that that's orthogonal to what this series is trying to accomplish. Features in pKVM are not controlled or negotiable by userspace, as it is a fixed virtual platform. When KVM changes to use allow lists instead, it shouldn't conflict with how this series works, especially if I fix it to use an allow list instead. Thanks for your feedback. Cheers, /fuad
Thanks, drewquoted
This series is based on kvmarm/next and Will's patches for an Initial pKVM user ABI [1]. You can find the applied series here [2]. Cheers, /fuad [1] https://lore.kernel.org/kvmarm/20210603183347.1695-1-will@kernel.org/ (local) For more details about pKVM, please refer to Will's talk at KVM Forum 2020: https://www.youtube.com/watch?v=edqJSzsDRxk [2] https://android-kvm.googlesource.com/linux/+/refs/heads/tabba/el2_fixed_feature_v1 To: kvmarm@lists.cs.columbia.edu Cc: Marc Zyngier <maz@kernel.org> Cc: Will Deacon <will@kernel.org> Cc: James Morse <james.morse@arm.com> Cc: Alexandru Elisei <redacted> Cc: Suzuki K Poulose <suzuki.poulose@arm.com> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Christoffer Dall <redacted> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Quentin Perret <redacted> Cc: kvm@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: kernel-team@android.com Fuad Tabba (13): KVM: arm64: Remove trailing whitespace in comments KVM: arm64: MDCR_EL2 is a 64-bit register KVM: arm64: Fix name of HCR_TACR to match the spec KVM: arm64: Refactor sys_regs.h,c for nVHE reuse KVM: arm64: Restore mdcr_el2 from vcpu KVM: arm64: Add feature register flag definitions KVM: arm64: Add config register bit definitions KVM: arm64: Guest exit handlers for nVHE hyp KVM: arm64: Add trap handlers for protected VMs KVM: arm64: Move sanitized copies of CPU features KVM: arm64: Trap access to pVM restricted features KVM: arm64: Handle protected guests at 32 bits KVM: arm64: Check vcpu features at pVM creation arch/arm64/include/asm/kvm_arm.h | 34 +- arch/arm64/include/asm/kvm_asm.h | 2 +- arch/arm64/include/asm/kvm_host.h | 2 +- arch/arm64/include/asm/kvm_hyp.h | 4 + arch/arm64/include/asm/sysreg.h | 6 + arch/arm64/kvm/arm.c | 4 + arch/arm64/kvm/debug.c | 5 +- arch/arm64/kvm/hyp/include/hyp/switch.h | 42 ++ arch/arm64/kvm/hyp/nvhe/Makefile | 2 +- arch/arm64/kvm/hyp/nvhe/debug-sr.c | 2 +- arch/arm64/kvm/hyp/nvhe/mem_protect.c | 6 - arch/arm64/kvm/hyp/nvhe/switch.c | 114 +++++- arch/arm64/kvm/hyp/nvhe/sys_regs.c | 501 ++++++++++++++++++++++++ arch/arm64/kvm/hyp/vhe/debug-sr.c | 2 +- arch/arm64/kvm/pkvm.c | 31 ++ arch/arm64/kvm/sys_regs.c | 62 +-- arch/arm64/kvm/sys_regs.h | 35 ++ 17 files changed, 782 insertions(+), 72 deletions(-) create mode 100644 arch/arm64/kvm/hyp/nvhe/sys_regs.c base-commit: 35b256a5eebe3ac715b4ea6234aa4236a10d1a88 -- 2.32.0.rc1.229.g3e70b5a671-goog _______________________________________________ kvmarm mailing list kvmarm@lists.cs.columbia.edu https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
_______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel