From: Ram Pai <linuxram@us.ibm.com>
To: David Gibson <david@gibson.dropbear.id.au>
Cc: aik@ozlabs.ru, andmike@linux.ibm.com,
"Greg Kurz" <groug@kaod.org>,
kvm-ppc@vger.kernel.org, "Cédric Le Goater" <clg@fr.ibm.com>,
sukadev@linux.vnet.ibm.com, linuxppc-dev@lists.ozlabs.org,
bauerman@linux.ibm.com
Subject: RE: [RFC PATCH v1] powerpc/prom_init: disable XIVE in Secure VM.
Date: Thu, 5 Mar 2020 07:15:30 -0800 [thread overview]
Message-ID: <20200305151530.GJ5416@oc0525413822.ibm.com> (raw)
In-Reply-To: <20200304235545.GE593957@umbus.fritz.box>
On Thu, Mar 05, 2020 at 10:55:45AM +1100, David Gibson wrote:
> On Wed, Mar 04, 2020 at 04:56:09PM +0100, Cédric Le Goater wrote:
> > [ ... ]
> >
> > > (1) applied the patch which shares the EQ-page with the hypervisor.
> > > (2) set "kernel_irqchip=off"
> > > (3) set "ic-mode=xive"
> >
> > you don't have to set the interrupt mode. xive should be negotiated
> > by default.
> >
> > > (4) set "svm=on" on the kernel command line.
> > > (5) no changes to the hypervisor and ultravisor.
> > >
> > > And Boom it works!. So you were right.
> >
> > Excellent.
> >
> > > I am sending out the patch for (1) above ASAP.
> >
> > Next step, could you please try to do the same with the TIMA and ESB pfn ?
> > and use KVM.
>
> I'm a bit confused by this. Aren't the TIMA and ESB pages essentially
> IO pages, rather than memory pages from the guest's point of view? I
> assume only memory pages are protected with PEF - I can't even really
> see what protecting an IO page would even mean.
It means, that the hypervisor and qemu cannot access the addresses used
to access the I/O pages. It can only be accessed by Ultravisor and the
SVM.
As it stands today, those pages are accessible from the hypervisor
and not from the SVM or the ultravisor.
To make it work, we need to enable acccess to those pages from the SVM
and from the ultravisor. One thing I am not clear is should we block
access to those pages from the hypervisor. If yes, than there is no
good way to do that, without hardware help. If no, than those GPA pages
can be shared, so that hypervisor/ultravisor/qemu/SVM can all access
those pages.
RP
WARNING: multiple messages have this Message-ID (diff)
From: Ram Pai <linuxram@us.ibm.com>
To: David Gibson <david@gibson.dropbear.id.au>
Cc: aik@ozlabs.ru, andmike@linux.ibm.com,
"Greg Kurz" <groug@kaod.org>,
kvm-ppc@vger.kernel.org, "Cédric Le Goater" <clg@fr.ibm.com>,
sukadev@linux.vnet.ibm.com, linuxppc-dev@lists.ozlabs.org,
bauerman@linux.ibm.com
Subject: RE: [RFC PATCH v1] powerpc/prom_init: disable XIVE in Secure VM.
Date: Thu, 05 Mar 2020 15:15:30 +0000 [thread overview]
Message-ID: <20200305151530.GJ5416@oc0525413822.ibm.com> (raw)
In-Reply-To: <20200304235545.GE593957@umbus.fritz.box>
On Thu, Mar 05, 2020 at 10:55:45AM +1100, David Gibson wrote:
> On Wed, Mar 04, 2020 at 04:56:09PM +0100, Cédric Le Goater wrote:
> > [ ... ]
> >
> > > (1) applied the patch which shares the EQ-page with the hypervisor.
> > > (2) set "kernel_irqchip=off"
> > > (3) set "ic-mode=xive"
> >
> > you don't have to set the interrupt mode. xive should be negotiated
> > by default.
> >
> > > (4) set "svm=on" on the kernel command line.
> > > (5) no changes to the hypervisor and ultravisor.
> > >
> > > And Boom it works!. So you were right.
> >
> > Excellent.
> >
> > > I am sending out the patch for (1) above ASAP.
> >
> > Next step, could you please try to do the same with the TIMA and ESB pfn ?
> > and use KVM.
>
> I'm a bit confused by this. Aren't the TIMA and ESB pages essentially
> IO pages, rather than memory pages from the guest's point of view? I
> assume only memory pages are protected with PEF - I can't even really
> see what protecting an IO page would even mean.
It means, that the hypervisor and qemu cannot access the addresses used
to access the I/O pages. It can only be accessed by Ultravisor and the
SVM.
As it stands today, those pages are accessible from the hypervisor
and not from the SVM or the ultravisor.
To make it work, we need to enable acccess to those pages from the SVM
and from the ultravisor. One thing I am not clear is should we block
access to those pages from the hypervisor. If yes, than there is no
good way to do that, without hardware help. If no, than those GPA pages
can be shared, so that hypervisor/ultravisor/qemu/SVM can all access
those pages.
RP
next prev parent reply other threads:[~2020-03-05 15:18 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-29 7:54 [RFC PATCH v1] powerpc/prom_init: disable XIVE in Secure VM Ram Pai
2020-02-29 7:54 ` Ram Pai
2020-02-29 8:27 ` Cédric Le Goater
2020-02-29 8:27 ` Cédric Le Goater
2020-02-29 22:51 ` Ram Pai
2020-02-29 22:51 ` Ram Pai
2020-03-02 7:34 ` Cédric Le Goater
2020-03-02 7:34 ` Cédric Le Goater
2020-03-02 20:54 ` Greg Kurz
2020-03-02 20:54 ` Greg Kurz
2020-03-02 23:32 ` David Gibson
2020-03-02 23:32 ` David Gibson
2020-03-03 6:50 ` Cédric Le Goater
2020-03-03 6:50 ` Cédric Le Goater
2020-03-03 17:02 ` Ram Pai
2020-03-03 17:02 ` Ram Pai
2020-03-03 17:45 ` Greg Kurz
2020-03-03 17:45 ` Greg Kurz
2020-03-03 18:56 ` Ram Pai
2020-03-03 18:56 ` Ram Pai
2020-03-04 10:59 ` Greg Kurz
2020-03-04 10:59 ` Greg Kurz
2020-03-04 15:13 ` Ram Pai
2020-03-04 15:13 ` Ram Pai
2020-03-04 15:37 ` Ram Pai
2020-03-04 15:37 ` Ram Pai
2020-03-04 15:56 ` Cédric Le Goater
2020-03-04 15:56 ` Cédric Le Goater
2020-03-04 23:55 ` David Gibson
2020-03-04 23:55 ` David Gibson
2020-03-05 7:15 ` Cédric Le Goater
2020-03-05 7:15 ` Cédric Le Goater
2020-03-05 15:15 ` Ram Pai [this message]
2020-03-05 15:15 ` Ram Pai
2020-03-05 15:36 ` Cédric Le Goater
2020-03-05 15:36 ` Cédric Le Goater
2020-03-03 19:18 ` [EXTERNAL] " Cédric Le Goater
2020-03-03 19:18 ` Cédric Le Goater
2020-03-04 8:34 ` Greg Kurz
2020-03-04 8:34 ` Greg Kurz
2020-03-03 19:08 ` Cédric Le Goater
2020-03-03 19:08 ` Cédric Le Goater
2020-03-03 20:29 ` Ram Pai
2020-03-03 20:29 ` Ram Pai
2020-03-05 11:41 ` Cédric Le Goater
2020-03-05 11:41 ` Cédric Le Goater
-- strict thread matches above, loose matches on Subject: below --
2020-02-29 7:27 Ram Pai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200305151530.GJ5416@oc0525413822.ibm.com \
--to=linuxram@us.ibm.com \
--cc=aik@ozlabs.ru \
--cc=andmike@linux.ibm.com \
--cc=bauerman@linux.ibm.com \
--cc=clg@fr.ibm.com \
--cc=david@gibson.dropbear.id.au \
--cc=groug@kaod.org \
--cc=kvm-ppc@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=sukadev@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.