From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 55F67224EF; Mon, 4 Dec 2023 11:03:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="r7zJ1vDr" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C2FDCC433C7; Mon, 4 Dec 2023 11:03:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1701687808; bh=td2FHNFbaEBhn6/pKvODA/OD7GSweig2jmUFrnTj5ag=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=r7zJ1vDrsKNETcUBXXgqaZq6Wk03L1ZzHpvEGkz45riz5nQZDIo72NUTT4HuGntNq qX2pr4CDP/8s4bgsQoMq4tozF/fmyCc9PcQFTWg8qOQaFuYlSFogTROx3mSkFluwUr 5iF/pvd1gsO1yM25oy1txVw6llgnbmNecrEAVQYV9k5FsGTdZBpwC/cM55E5/WgI6y ghEBkvTEPbGSddIoNGtHhp9fsLL/gepQTyGFXEaZxrA4+mbXYZhsTTT/cRARv1pFYR Pre5QK1QcG8Osh9+gpDvHtwA12ZK69rJh15eFjEcEhChLi10Ua+NQ+BKcmoteS7s54 kN08CJrkDgEWQ== Received: from sofa.misterjones.org ([185.219.108.64] helo=goblin-girl.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rA6jV-001CFD-VG; Mon, 04 Dec 2023 11:03:26 +0000 Date: Mon, 04 Dec 2023 11:03:24 +0000 Message-ID: <86jzpub56r.wl-maz@kernel.org> From: Marc Zyngier To: Joey Gouly Cc: linux-arm-kernel@lists.infradead.org, akpm@linux-foundation.org, aneesh.kumar@linux.ibm.com, broonie@kernel.org, catalin.marinas@arm.com, dave.hansen@linux.intel.com, oliver.upton@linux.dev, shuah@kernel.org, will@kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, James Morse , Suzuki K Poulose , Zenghui Yu Subject: Re: [PATCH v3 00/25] Permission Overlay Extension In-Reply-To: <20231124163510.1835740-1-joey.gouly@arm.com> References: <20231124163510.1835740-1-joey.gouly@arm.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/29.1 (aarch64-unknown-linux-gnu) MULE/6.0 (HANACHIRUSATO) Precedence: bulk X-Mailing-List: linux-kselftest@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: joey.gouly@arm.com, linux-arm-kernel@lists.infradead.org, akpm@linux-foundation.org, aneesh.kumar@linux.ibm.com, broonie@kernel.org, catalin.marinas@arm.com, dave.hansen@linux.intel.com, oliver.upton@linux.dev, shuah@kernel.org, will@kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, james.morse@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Hi Joey, On Fri, 24 Nov 2023 16:34:45 +0000, Joey Gouly wrote: > > Hello everyone, > > This series implements the Permission Overlay Extension introduced in 2022 > VMSA enhancements [1]. It is based on v6.7-rc2. > > Changes since v2[2]: > # Added ptrace support and selftest > # Add missing POR_EL0 initialisation in fork/clone > # Rebase onto v6.7-rc2 > # Add r-bs > > The Permission Overlay Extension allows to constrain permissions on memory > regions. This can be used from userspace (EL0) without a system call or TLB > invalidation. I have given this series a few more thoughts, and came to the conclusion that is it still incomplete on the KVM front: * FEAT_S1POE often comes together with FEAT_S2POE. For obvious reasons, we cannot afford to let the guest play with S2POR_EL1, nor do we want to advertise FEAT_S2POE to the guest. You will need to add some additional FGT for this, and mask out FEAT_S2POE from the guest's view of the ID registers. * letting the guest play with POE comes with some interesting strings attached: a guest that has started on a POE-enabled host cannot be migrated to one that doesn't have POE. which means that the POE registers should only be visible to the host userspace if enabled in the guest's ID registers, and thus only context-switched in these conditions. They should otherwise UNDEF. Thanks, M. -- Without deviation from the norm, progress is not possible.