From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F5D0C433FE for ; Thu, 7 Oct 2021 15:55:00 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4EF3761139 for ; Thu, 7 Oct 2021 15:55:00 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 4EF3761139 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=12flwbE6Ox2uGFso3sYTHNPi33NfqWTXnafFqLTbP9I=; b=ljHBBdlmlrTHzP 24+RSgS6NwgsTaiKknGp/b0GUZl7FDrpg/8ISTw6jNOnAUmsfdJplVpiu2sWYsLELjLNLigxBwYxh CsYESi1pMmsoRH45usfjqaqP0DCql5s6r0kMmNIZIwL0mPfWAAPOZSWiUNP+t2ftJTd2r21W8nkuY 5mrjQopkwIt9vV62aM0sJfF7dA80sSMk/1Yu/mqCssj72wa5aeJrmQoQXAbSTQmMqoaH1kjqV52zV zYSIlwPOTrVejuo988bI37OZkXORQ86V0cZf1+n+sZSETYpWSqAZMGFF3K4gtEYwW+AACBqRVnfs5 caOrF50Dxyve3OIrImzw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mYVhb-000BwK-V3; Thu, 07 Oct 2021 15:53:00 +0000 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mYVhY-000Bu1-3x for linux-arm-kernel@lists.infradead.org; Thu, 07 Oct 2021 15:52:57 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1633621975; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=mki5wTjxXGr+IGNPFHM4xHf+VH4JglD76WJd/mMOISs=; b=QpmUt7JiEp5BpAc0T2Va1cLoT6LqTQhpf6O/h+iZgfChVYd/7uYSTsthJr4qE3lEqg4Nbg UlH82708XKq9w+He1RVbzF0EGcZWU6BUkBuq/cMq5R9hctcBFOJTfcTIng5NP9FfSqLU7v jCN31XJ23Y5RzXRoK70djNPrGHw2Dd8= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-441-F4VFmWdjNvGYhefnRulIqQ-1; Thu, 07 Oct 2021 11:52:52 -0400 X-MC-Unique: F4VFmWdjNvGYhefnRulIqQ-1 Received: by mail-wr1-f72.google.com with SMTP id a10-20020a5d508a000000b00160723ce588so5055527wrt.23 for ; Thu, 07 Oct 2021 08:52:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=mki5wTjxXGr+IGNPFHM4xHf+VH4JglD76WJd/mMOISs=; b=NYwPdydJOgY++1v9TlbZa5AL6XpnNLj73vFnchYLR4gVGg+w2Z1GetDu0xQwz7frQv QrZtlizPfgFL0AR2FMwizFzX/jPJqbLRgiW4AUcqsYCe960T9Lh5094iGefK+3nWApFW G37c5fDs/bP0S+A+KZ/xIchLU/1pNHRBPxnrtpzcTwj2eCEpR84xEb7GvtKnRFx1Dy7Y WcAQowFtq4ymRcT2bTd/AWk11+ZR5HwC6q9pQVdyURBaG0qbPDJRjzGKHo2QF8jaQE5g sw2lTwpbhim4SXGKHAOJJCGzRtSwqq5DmclbGjv1ihTaL1Fft35hvXz1zl3kCN1MpqrX g8Ug== X-Gm-Message-State: AOAM5304RKVg6IdaQ2kJxqVF6km1aEPwnImg68wwt6LNjg3r+ugaWWod 3lH9f3zNBnEfn/bw3eHCLr7tLNziZQbVJLor3pFEPD1Pv3P40lQnsPjO0fGpFuCTfqaCmLyEJfp QuvI3iMtfEo5II7UvUFapNFK889WzjfJBiYA= X-Received: by 2002:adf:9b97:: with SMTP id d23mr6386632wrc.53.1633621970966; Thu, 07 Oct 2021 08:52:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxxS9zzcdO8gEa8I10rZOiZ3zEoCv1L5U3v+lF61OvcEjd+iZrkvzPdw2F8ibmZvXvAL8shTg== X-Received: by 2002:adf:9b97:: with SMTP id d23mr6386598wrc.53.1633621970756; Thu, 07 Oct 2021 08:52:50 -0700 (PDT) Received: from gator (nat-pool-brq-u.redhat.com. [213.175.37.12]) by smtp.gmail.com with ESMTPSA id i92sm13012wri.28.2021.10.07.08.52.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Oct 2021 08:52:50 -0700 (PDT) Date: Thu, 7 Oct 2021 17:52:48 +0200 From: Andrew Jones To: Marc Zyngier Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, will@kernel.org, qperret@google.com, dbrazdil@google.com, Steven Price , Fuad Tabba , Srivatsa Vaddagiri , Shanker R Donthineni , James Morse , Suzuki K Poulose , Alexandru Elisei , kernel-team@android.com Subject: Re: [PATCH v2 00/16] KVM: arm64: MMIO guard PV services Message-ID: <20211007155248.ejwclkwnnsaunmc6@gator> References: <20211004174849.2831548-1-maz@kernel.org> MIME-Version: 1.0 In-Reply-To: <20211004174849.2831548-1-maz@kernel.org> Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=drjones@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Disposition: inline X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211007_085256_263335_D3BB4B97 X-CRM114-Status: GOOD ( 19.30 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Mon, Oct 04, 2021 at 06:48:33PM +0100, Marc Zyngier wrote: > This is the second version of this series initially posted at [1] that > aims at letting a guest express what it considers as MMIO, and only > let this through to userspace. Together with the guest memory made > (mostly) inaccessible to the host kernel and userspace, this allows an > implementation of a hardened IO subsystem. > > A lot has been fixed/revamped/improved since the initial posting, > although I am still not pleased with the ioremap plugging on the guest > side. I'll take any idea to get rid of it! > Pros/cons of the hooks Pros: 1) VM only needs to have a kernel that supports the feature (and a kernel command line that enables it) 2) All the ioremapped MMIO ranges are permitted immediately, rather than deferring until some other event (which would probably be too late in many cases) Cons: 1) Having to have hooks, which is never pretty 2) Adding the hypcalls to each ioremap, which adds some overhead 3) Having to reference count all the mappings, which adds even more overhead 4) Not giving the owner of the VM control over what MMIO is permitted (Well, maybe the VM owner just needs to blacklist drivers for anything that it doesn't want.) I don't think any of the Con's are too bad and probably Pro-2 more or less makes the hooks a necessity. Thanks, drew _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel