From: Marc Zyngier <maz@kernel.org>
To: Fuad Tabba <tabba@google.com>
Cc: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org,
will@kernel.org, qperret@google.com, seanjc@google.com,
alexandru.elisei@arm.com, catalin.marinas@arm.com,
philmd@linaro.org, james.morse@arm.com, suzuki.poulose@arm.com,
oliver.upton@linux.dev, mark.rutland@arm.com, broonie@kernel.org,
joey.gouly@arm.com, rananta@google.com, yuzenghui@huawei.com
Subject: Re: [PATCH v2 5/7] KVM: arm64: Allocate memory at hyp for host sve state in pKVM
Date: Tue, 28 May 2024 09:16:24 +0100 [thread overview]
Message-ID: <86h6eimjvr.wl-maz@kernel.org> (raw)
In-Reply-To: <CA+EHjTwVe0VXPuJ2OnHR40GMtCBAkRyTei=MpOocLWPmgtCaeQ@mail.gmail.com>
On Wed, 22 May 2024 15:37:53 +0100,
Fuad Tabba <tabba@google.com> wrote:
>
> Hi Marc,
>
> On Tue, May 21, 2024 at 10:44 PM Marc Zyngier <maz@kernel.org> wrote:
> >
> > On Tue, 21 May 2024 17:37:18 +0100,
> > Fuad Tabba <tabba@google.com> wrote:
> > >
> > > Protected mode needs to maintain (save/restore) the host's sve
> > > state, rather than relying on the host kernel to do that. This is
> > > to avoid leaking information to the host about guests and the
> > > type of operations they are performing.
> > >
> > > As a first step towards that, allocate memory at hyp, per cpu, to
> > > hold the host sve data. The following patch will use this memory
> > > to save/restore the host state.
> >
> > What I read in the code contradicts this statement. The memory is
> > definitely allocated on the *host*.
>
> You're right. I should say memory mapped at hyp.
>
> > >
> > > Signed-off-by: Fuad Tabba <tabba@google.com>
> > > ---
> > > Note that the last patch in this series will consolidate the
> > > setup of the host's fpsimd and sve states, which currently take
> > > place in two different locations. Moreover, that last patch will
> > > also place the host fpsimd and sve_state pointers in a union.
> > > ---
> > > arch/arm64/include/asm/kvm_host.h | 2 +
> > > arch/arm64/include/asm/kvm_pkvm.h | 9 ++++
> > > arch/arm64/include/uapi/asm/ptrace.h | 14 ++++++
> > > arch/arm64/kvm/arm.c | 68 ++++++++++++++++++++++++++++
> > > arch/arm64/kvm/hyp/nvhe/setup.c | 24 ++++++++++
> > > 5 files changed, 117 insertions(+)
> > >
> > > diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> > > index 0a5fceb20f3a..7b3745ef1d73 100644
> > > --- a/arch/arm64/include/asm/kvm_host.h
> > > +++ b/arch/arm64/include/asm/kvm_host.h
> > > @@ -535,7 +535,9 @@ struct kvm_cpu_context {
> > > */
> > > struct kvm_host_data {
> > > struct kvm_cpu_context host_ctxt;
> > > +
> > > struct user_fpsimd_state *fpsimd_state; /* hyp VA */
> > > + struct user_sve_state *sve_state; /* hyp VA */
> > >
> > > /* Ownership of the FP regs */
> > > enum {
> > > diff --git a/arch/arm64/include/asm/kvm_pkvm.h b/arch/arm64/include/asm/kvm_pkvm.h
> > > index ad9cfb5c1ff4..b9d12e123efb 100644
> > > --- a/arch/arm64/include/asm/kvm_pkvm.h
> > > +++ b/arch/arm64/include/asm/kvm_pkvm.h
> > > @@ -128,4 +128,13 @@ static inline unsigned long hyp_ffa_proxy_pages(void)
> > > return (2 * KVM_FFA_MBOX_NR_PAGES) + DIV_ROUND_UP(desc_max, PAGE_SIZE);
> > > }
> > >
> > > +static inline size_t pkvm_host_sve_state_size(void)
> > > +{
> > > + if (!system_supports_sve())
> > > + return 0;
> > > +
> > > + return size_add(sizeof(struct user_sve_state),
> > > + SVE_SIG_REGS_SIZE(sve_vq_from_vl(kvm_host_sve_max_vl)));
> > > +}
> > > +
> > > #endif /* __ARM64_KVM_PKVM_H__ */
> > > diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h
> > > index 7fa2f7036aa7..77aabf964071 100644
> > > --- a/arch/arm64/include/uapi/asm/ptrace.h
> > > +++ b/arch/arm64/include/uapi/asm/ptrace.h
> > > @@ -120,6 +120,20 @@ struct user_sve_header {
> > > __u16 __reserved;
> > > };
> > >
> > > +struct user_sve_state {
> > > + __u64 zcr_el1;
> > > +
> > > + /*
> > > + * Ordering is important since __sve_save_state/__sve_restore_state
> > > + * relies on it.
> > > + */
> > > + __u32 fpsr;
> > > + __u32 fpcr;
> > > +
> > > + /* Must be SVE_VQ_BYTES (128 bit) aligned. */
> > > + __u8 sve_regs[];
> > > +};
> > > +
> >
> > Huh, why is this in uapi? Why should userspace even care about this at
> > all? From what I can tell, this is purely internal to the kernel, and
> > in any case, KVM isn't tied to that format if it doesn't dump stuff in
> > the userspace thread context. Given the number of bugs this format has
> > generated, I really wouldn't mind moving away from it.
>
> I put it here since the sve_header is here, as well as other similar structures.
>
> Should I move it to asm/kvm_pkvm.h?
kvm_host.h or kvm_types.h seem like the best option (replacing the
"user" prefix with something else), as this is directly consumed by
kvm_host.h.
Thanks,
M.
--
Without deviation from the norm, progress is not possible.
WARNING: multiple messages have this Message-ID (diff)
From: Marc Zyngier <maz@kernel.org>
To: Fuad Tabba <tabba@google.com>
Cc: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org,
will@kernel.org, qperret@google.com, seanjc@google.com,
alexandru.elisei@arm.com, catalin.marinas@arm.com,
philmd@linaro.org, james.morse@arm.com, suzuki.poulose@arm.com,
oliver.upton@linux.dev, mark.rutland@arm.com, broonie@kernel.org,
joey.gouly@arm.com, rananta@google.com, yuzenghui@huawei.com
Subject: Re: [PATCH v2 5/7] KVM: arm64: Allocate memory at hyp for host sve state in pKVM
Date: Tue, 28 May 2024 09:16:24 +0100 [thread overview]
Message-ID: <86h6eimjvr.wl-maz@kernel.org> (raw)
In-Reply-To: <CA+EHjTwVe0VXPuJ2OnHR40GMtCBAkRyTei=MpOocLWPmgtCaeQ@mail.gmail.com>
On Wed, 22 May 2024 15:37:53 +0100,
Fuad Tabba <tabba@google.com> wrote:
>
> Hi Marc,
>
> On Tue, May 21, 2024 at 10:44 PM Marc Zyngier <maz@kernel.org> wrote:
> >
> > On Tue, 21 May 2024 17:37:18 +0100,
> > Fuad Tabba <tabba@google.com> wrote:
> > >
> > > Protected mode needs to maintain (save/restore) the host's sve
> > > state, rather than relying on the host kernel to do that. This is
> > > to avoid leaking information to the host about guests and the
> > > type of operations they are performing.
> > >
> > > As a first step towards that, allocate memory at hyp, per cpu, to
> > > hold the host sve data. The following patch will use this memory
> > > to save/restore the host state.
> >
> > What I read in the code contradicts this statement. The memory is
> > definitely allocated on the *host*.
>
> You're right. I should say memory mapped at hyp.
>
> > >
> > > Signed-off-by: Fuad Tabba <tabba@google.com>
> > > ---
> > > Note that the last patch in this series will consolidate the
> > > setup of the host's fpsimd and sve states, which currently take
> > > place in two different locations. Moreover, that last patch will
> > > also place the host fpsimd and sve_state pointers in a union.
> > > ---
> > > arch/arm64/include/asm/kvm_host.h | 2 +
> > > arch/arm64/include/asm/kvm_pkvm.h | 9 ++++
> > > arch/arm64/include/uapi/asm/ptrace.h | 14 ++++++
> > > arch/arm64/kvm/arm.c | 68 ++++++++++++++++++++++++++++
> > > arch/arm64/kvm/hyp/nvhe/setup.c | 24 ++++++++++
> > > 5 files changed, 117 insertions(+)
> > >
> > > diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> > > index 0a5fceb20f3a..7b3745ef1d73 100644
> > > --- a/arch/arm64/include/asm/kvm_host.h
> > > +++ b/arch/arm64/include/asm/kvm_host.h
> > > @@ -535,7 +535,9 @@ struct kvm_cpu_context {
> > > */
> > > struct kvm_host_data {
> > > struct kvm_cpu_context host_ctxt;
> > > +
> > > struct user_fpsimd_state *fpsimd_state; /* hyp VA */
> > > + struct user_sve_state *sve_state; /* hyp VA */
> > >
> > > /* Ownership of the FP regs */
> > > enum {
> > > diff --git a/arch/arm64/include/asm/kvm_pkvm.h b/arch/arm64/include/asm/kvm_pkvm.h
> > > index ad9cfb5c1ff4..b9d12e123efb 100644
> > > --- a/arch/arm64/include/asm/kvm_pkvm.h
> > > +++ b/arch/arm64/include/asm/kvm_pkvm.h
> > > @@ -128,4 +128,13 @@ static inline unsigned long hyp_ffa_proxy_pages(void)
> > > return (2 * KVM_FFA_MBOX_NR_PAGES) + DIV_ROUND_UP(desc_max, PAGE_SIZE);
> > > }
> > >
> > > +static inline size_t pkvm_host_sve_state_size(void)
> > > +{
> > > + if (!system_supports_sve())
> > > + return 0;
> > > +
> > > + return size_add(sizeof(struct user_sve_state),
> > > + SVE_SIG_REGS_SIZE(sve_vq_from_vl(kvm_host_sve_max_vl)));
> > > +}
> > > +
> > > #endif /* __ARM64_KVM_PKVM_H__ */
> > > diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h
> > > index 7fa2f7036aa7..77aabf964071 100644
> > > --- a/arch/arm64/include/uapi/asm/ptrace.h
> > > +++ b/arch/arm64/include/uapi/asm/ptrace.h
> > > @@ -120,6 +120,20 @@ struct user_sve_header {
> > > __u16 __reserved;
> > > };
> > >
> > > +struct user_sve_state {
> > > + __u64 zcr_el1;
> > > +
> > > + /*
> > > + * Ordering is important since __sve_save_state/__sve_restore_state
> > > + * relies on it.
> > > + */
> > > + __u32 fpsr;
> > > + __u32 fpcr;
> > > +
> > > + /* Must be SVE_VQ_BYTES (128 bit) aligned. */
> > > + __u8 sve_regs[];
> > > +};
> > > +
> >
> > Huh, why is this in uapi? Why should userspace even care about this at
> > all? From what I can tell, this is purely internal to the kernel, and
> > in any case, KVM isn't tied to that format if it doesn't dump stuff in
> > the userspace thread context. Given the number of bugs this format has
> > generated, I really wouldn't mind moving away from it.
>
> I put it here since the sve_header is here, as well as other similar structures.
>
> Should I move it to asm/kvm_pkvm.h?
kvm_host.h or kvm_types.h seem like the best option (replacing the
"user" prefix with something else), as this is directly consumed by
kvm_host.h.
Thanks,
M.
--
Without deviation from the norm, progress is not possible.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2024-05-28 8:16 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-21 16:37 [PATCH v2 0/7] KVM: arm64: Fix handling of host fpsimd/sve state in protected mode Fuad Tabba
2024-05-21 16:37 ` Fuad Tabba
2024-05-21 16:37 ` [PATCH v2 1/7] KVM: arm64: Reintroduce __sve_save_state Fuad Tabba
2024-05-21 16:37 ` Fuad Tabba
2024-05-21 16:37 ` [PATCH v2 2/7] KVM: arm64: Abstract set/clear of CPTR_EL2 bits behind helper Fuad Tabba
2024-05-21 16:37 ` Fuad Tabba
2024-05-21 21:08 ` Marc Zyngier
2024-05-21 21:08 ` Marc Zyngier
2024-05-22 13:48 ` Fuad Tabba
2024-05-22 13:48 ` Fuad Tabba
2024-05-28 7:58 ` Marc Zyngier
2024-05-28 7:58 ` Marc Zyngier
2024-05-21 16:37 ` [PATCH v2 3/7] KVM: arm64: Specialize handling of host fpsimd state on trap Fuad Tabba
2024-05-21 16:37 ` Fuad Tabba
2024-05-21 16:37 ` [PATCH v2 4/7] KVM: arm64: Store the maximum sve vector length at hyp Fuad Tabba
2024-05-21 16:37 ` Fuad Tabba
2024-05-21 21:21 ` Marc Zyngier
2024-05-21 21:21 ` Marc Zyngier
2024-05-22 14:36 ` Fuad Tabba
2024-05-22 14:36 ` Fuad Tabba
2024-05-21 16:37 ` [PATCH v2 5/7] KVM: arm64: Allocate memory at hyp for host sve state in pKVM Fuad Tabba
2024-05-21 16:37 ` Fuad Tabba
2024-05-21 21:44 ` Marc Zyngier
2024-05-21 21:44 ` Marc Zyngier
2024-05-22 14:37 ` Fuad Tabba
2024-05-22 14:37 ` Fuad Tabba
2024-05-28 8:16 ` Marc Zyngier [this message]
2024-05-28 8:16 ` Marc Zyngier
2024-05-21 16:37 ` [PATCH v2 6/7] KVM: arm64: Eagerly restore host fpsimd/sve " Fuad Tabba
2024-05-21 16:37 ` Fuad Tabba
2024-05-21 22:52 ` Marc Zyngier
2024-05-21 22:52 ` Marc Zyngier
2024-05-22 14:48 ` Fuad Tabba
2024-05-22 14:48 ` Fuad Tabba
2024-05-28 8:21 ` Marc Zyngier
2024-05-28 8:21 ` Marc Zyngier
2024-05-21 16:37 ` [PATCH v2 7/7] KVM: arm64: Consolidate initializing the host data's fpsimd_state/sve " Fuad Tabba
2024-05-21 16:37 ` Fuad Tabba
2024-05-21 22:55 ` Marc Zyngier
2024-05-21 22:55 ` Marc Zyngier
2024-05-22 14:49 ` Fuad Tabba
2024-05-22 14:49 ` Fuad Tabba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86h6eimjvr.wl-maz@kernel.org \
--to=maz@kernel.org \
--cc=alexandru.elisei@arm.com \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=james.morse@arm.com \
--cc=joey.gouly@arm.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=mark.rutland@arm.com \
--cc=oliver.upton@linux.dev \
--cc=philmd@linaro.org \
--cc=qperret@google.com \
--cc=rananta@google.com \
--cc=seanjc@google.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=will@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.