From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DDF98EB64DD for ; Fri, 23 Jun 2023 15:55:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Content-Type: Content-Transfer-Encoding:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:Message-ID:References:In-Reply-To:Subject:Cc:To:From :Date:MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=aLf9wU8qnBeI4O1zg0P4BUXCe74W3bhI+m/MUKdJ8GY=; b=G7w85uM+6JwCOSGNOhekFRzuod isqgoLs73NNQRB9C2xnvIW6PRvNqur78k+cwT6oZ1VOvIopKNiz/Cj/gS2pk2TXj+gWfcwXFv7klz 2+9qgyW6JxP32h8eGqDifB+hJO5ub65733HtZskQIn3chy6woHiNBzz7RAHCkI2DrZ4Fo4m7HwbHt grIAmc4ZznYDHGnZNVeMNonE+cH2cueNW6nxvdIai6ELk0T0RnrNedZlRm93aFezXBHJhdaeD96Ij c6HyazgmwPiQuUAh6a4vSHdlTfoQRzg4I9On1IZBLghUSZCldZcR9FeweYzKA+gyitXIJRH0HXVc/ 7W7dfpVg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qCj7Y-00405m-2d; Fri, 23 Jun 2023 15:54:48 +0000 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qCj7W-004058-2B for linux-arm-kernel@lists.infradead.org; Fri, 23 Jun 2023 15:54:48 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3032661A6D; Fri, 23 Jun 2023 15:54:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6D63AC433C0; Fri, 23 Jun 2023 15:54:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1687535685; bh=IguwuxJ0dsb09c8e2nfsOZK+aHh+L8Vs8LIB77VmCck=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=r0p6EgVbWCveREGvt9V3AtJ1nuw3j9mI09Kb/L6jGVgYXf5/4H5LTw9oV/nOBlOy9 t+2zaIRayVOJZkbUThmaQ9A03qSuzgHrRX6wxhUuwxzqyL2ik4QqrnHMAh4t4+Qykf mbBMehlFOFPqrMB88XtCJ5TUpYzrmoS0A15s+9X5CrtVooiv3f0Pd/uG5qWd8g6tQ7 +DBLGcSn9H2HpGumHP+cD/GvUl1Y/kMdPyx0IHr9Myg6ikTXPe4kwFbbU+c05l+aWF jpllcGDVVhNfnQtLTDkGozQJgZAUuaav1RnWONXpFmcnObYVCSaC2Y5Xm7X4gSCYA6 iGe4GMGHPJ1vA== Received: from disco-boy.misterjones.org ([217.182.43.188] helo=www.loen.fr) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1qCj7T-007nae-05; Fri, 23 Jun 2023 16:54:43 +0100 MIME-Version: 1.0 Date: Fri, 23 Jun 2023 16:54:42 +0100 From: Marc Zyngier To: "Russell King (Oracle)" Cc: Ard Biesheuvel , Quentin Perret , Mark Rutland , Catalin Marinas , Jonathan Corbet , Will Deacon , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org Subject: Re: [PATCH RFC 00/17] arm64 kernel text replication In-Reply-To: References: User-Agent: Roundcube Webmail/1.4.13 Message-ID: X-Sender: maz@kernel.org X-SA-Exim-Connect-IP: 217.182.43.188 X-SA-Exim-Rcpt-To: linux@armlinux.org.uk, ardb@kernel.org, qperret@google.com, mark.rutland@arm.com, catalin.marinas@arm.com, corbet@lwn.net, will@kernel.org, linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230623_085446_800617_5B1688FE X-CRM114-Status: GOOD ( 23.22 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On 2023-06-23 16:34, Russell King (Oracle) wrote: > On Fri, Jun 23, 2023 at 05:24:20PM +0200, Ard Biesheuvel wrote: >> (cc Marc and Quentin) >> >> On Mon, 5 Jun 2023 at 11:05, Russell King (Oracle) >> wrote: >> > >> > Hi, >> > >> > Are there any comments on this? >> > >> >> Hi Russell, >> >> I think the proposed approach is sound, but it is rather intrusive, as >> you've pointed out already (wrt KASLR and KASAN etc). And once my LPA2 >> work gets merged (which uses root level -1 when booted on LPA2 capable >> hardware, and level 0 otherwise), we'll have yet another combination >> that is either fully incompatible, or cumbersome to support at the >> very least. >> >> I wonder if it would be worthwhile to explore an alternative approach, >> using pKVM and the host stage2: >> >> - all stage1 kernel mappings remain as they are, and the kernel code >> running at EL1 has no awareness of the replication beyond being >> involved in allocating the memory; >> - host is booted in protected KVM mode, which means that the host >> kernel executes under a stage 2 mapping; >> - each NUMA node has its own set of stage 2 page tables, and maps the >> kernel's code/rodata IPA range to a NUMA local PA range >> - the kernel's code and rodata are mapped read-only in the primary >> stage-2 mapping so updates trap to EL2, permitting the hypervisor to >> replicate those update to all clones. >> >> Note that pKVM retains the capabilities of ordinary KVM, so as long as >> you boot at EL2, the only downside compared to your approach would be >> the increased TLB footprint due to the stage 2 mappings for the host >> kernel. >> >> Marc, Quentin, Will: any thoughts? > > Thanks for taking a look. > > That sounds great, but my initial question would be whether, with such > a > setup, one could then run VMs under such a kernel without hardware that > supports nested virtualisation? I suspect the answer would be no. The answer is yes. All you need to do is to switch between the host and guest stage-2s in the hypervisor, which is what KVM running in protected mode does. M. -- Jazz is not dead. It just smells funny... _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel