From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F2D44C433F5 for ; Fri, 27 May 2022 07:56:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348430AbiE0H4d (ORCPT ); Fri, 27 May 2022 03:56:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47950 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348410AbiE0H4Y (ORCPT ); Fri, 27 May 2022 03:56:24 -0400 Received: from mail-oi1-x230.google.com (mail-oi1-x230.google.com [IPv6:2607:f8b0:4864:20::230]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D673125E88 for ; Fri, 27 May 2022 00:56:19 -0700 (PDT) Received: by mail-oi1-x230.google.com with SMTP id e189so4840563oia.8 for ; Fri, 27 May 2022 00:56:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=AKxjalUcljvKnzN5lBKCl4Vp/gLsPH6RAr8Yk+aW0r4=; b=ETR+NaVaVl4FmjEFVhzm6fOzYXY7BWGuylgp6IlAxdm/zvWnX/Yne5X3enLi8kt8dV ICtcKvY+kvySit5lehcMDaDqVU2cC7qvv5AXqJicDL/X/4mWbryQ60Pz/951MjJs4c20 0uhtngIbFrBMJIVc6r4xq6lGT/SIS72gjK1huBqB5tDUNG+Me5+lp2XvvkLsnhdSsWtt ENco9sM3c6AoatcgFC9Tu6OiecE1n35Y9pGWZvv2B7dDZldRGcWU9plUT1Wq77JfdSt4 tLinQG9r7DR1kHuOiwX71hSAOMO18i7KwE2pzfP2XETBUtmLvqUQlerNWuGQ6+Mb9Zmg PTCg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=AKxjalUcljvKnzN5lBKCl4Vp/gLsPH6RAr8Yk+aW0r4=; b=mKo192VDtlMaHKew7uufb0TqqaI/iVV/HWFyAzKTsCYxakYa64ePikPihtWqpHZoih FDvvwzAhj+YP9d5QdY/GM6xD1uWa/fPdFhFMPlVnBDQxuYa3qblUlbCUWq1oNxDj35d0 rgyG6R/4vMLgPcejgZSWZzdZtPl5sTsJaMTVmVTfU5fUcGd1eeexRtRK6l0n31uMQe3/ u4HJXDeUHAOYIm6qsuhfsZ4cStgm9jiWpfMG6TQeGQUmuayMk3V/flZ+gGdRJGkFAW91 pBFUl8Mt76mXfuTRfWzkjVsZJfJof4M4Ey64jTMLrnkKiDOF3K0j75ivF5hYqR8M5cxf 4tEQ== X-Gm-Message-State: AOAM531VAHNQXAmsi92QYawMSqIwNQftxEs8Rc5swyeKAyIAzoJHBjkt g3VNDwMkU9h+Q+ylNQTjEywmOyeIBEXCWKBtbF43qQ== X-Google-Smtp-Source: ABdhPJxaU/ES1nDnDkYzxdzdnAGBT0PhiqjnwkFprfzv9nwJvg+PhTb6hoy2zVozvUV/SSLEyWDtS1I+obPS5iAC5Yk= X-Received: by 2002:a05:6808:19a7:b0:32b:3cef:631 with SMTP id bj39-20020a05680819a700b0032b3cef0631mr3338903oib.294.1653638178580; Fri, 27 May 2022 00:56:18 -0700 (PDT) MIME-Version: 1.0 References: <20220519134204.5379-1-will@kernel.org> <20220519134204.5379-60-will@kernel.org> In-Reply-To: From: Fuad Tabba Date: Fri, 27 May 2022 08:55:42 +0100 Message-ID: Subject: Re: [PATCH 59/89] KVM: arm64: Do not support MTE for protected VMs To: Peter Collingbourne Cc: Will Deacon , kvmarm@lists.cs.columbia.edu, Ard Biesheuvel , Sean Christopherson , Alexandru Elisei , Andy Lutomirski , Catalin Marinas , James Morse , Chao Peng , Quentin Perret , Suzuki K Poulose , Michael Roth , Mark Rutland , Oliver Upton , Marc Zyngier , kernel-team@android.com, kvm@vger.kernel.org, Linux ARM Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Hi Peter, On Thu, May 26, 2022 at 9:08 PM Peter Collingbourne wrote: > > On Thu, May 19, 2022 at 7:40 AM Will Deacon wrote: > > > > From: Fuad Tabba > > > > Return an error (-EINVAL) if trying to enable MTE on a protected > > vm. > > I think this commit message needs more explanation as to why MTE is > not currently supported in protected VMs. Yes, we need to explain this more. Basically this is an extension of restricting features for protected VMs done earlier [*]. Various VM feature configurations are allowed in KVM/arm64, each requiring specific handling logic to deal with traps, context-switching and potentially emulation. Achieving feature parity in pKVM therefore requires either elevating this logic to EL2 (and substantially increasing the TCB) or continuing to trust the host handlers at EL1. Since neither of these options are especially appealing, pKVM instead limits the CPU features exposed to a guest to a fixed configuration based on the underlying hardware and which can mostly be provided straightforwardly by EL2. This of course can change in the future and we can support more features for protected VMs as needed. We'll expand on this commit message when we respin. Also note that this only applies to protected VMs. Non-protected VMs in protected mode support MTE. Cheers, /fuad [*] https://lore.kernel.org/kvmarm/20210827101609.2808181-1-tabba@google.com/ > > Peter From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mm01.cs.columbia.edu (mm01.cs.columbia.edu [128.59.11.253]) by smtp.lore.kernel.org (Postfix) with ESMTP id 01F8EC433EF for ; Fri, 27 May 2022 07:56:23 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 3D6894B354; Fri, 27 May 2022 03:56:23 -0400 (EDT) X-Virus-Scanned: at lists.cs.columbia.edu Authentication-Results: mm01.cs.columbia.edu (amavisd-new); dkim=softfail (fail, message has been altered) header.i=@google.com Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IlEgVSsMe9wm; Fri, 27 May 2022 03:56:22 -0400 (EDT) Received: from mm01.cs.columbia.edu (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 08DC849EDF; Fri, 27 May 2022 03:56:22 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id BF88C49EDF for ; Fri, 27 May 2022 03:56:20 -0400 (EDT) X-Virus-Scanned: at lists.cs.columbia.edu Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2vbhjUag+glY for ; Fri, 27 May 2022 03:56:19 -0400 (EDT) Received: from mail-oi1-f173.google.com (mail-oi1-f173.google.com [209.85.167.173]) by mm01.cs.columbia.edu (Postfix) with ESMTPS id 85E6A49E0E for ; Fri, 27 May 2022 03:56:19 -0400 (EDT) Received: by mail-oi1-f173.google.com with SMTP id k187so674807oif.1 for ; Fri, 27 May 2022 00:56:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=AKxjalUcljvKnzN5lBKCl4Vp/gLsPH6RAr8Yk+aW0r4=; b=ETR+NaVaVl4FmjEFVhzm6fOzYXY7BWGuylgp6IlAxdm/zvWnX/Yne5X3enLi8kt8dV ICtcKvY+kvySit5lehcMDaDqVU2cC7qvv5AXqJicDL/X/4mWbryQ60Pz/951MjJs4c20 0uhtngIbFrBMJIVc6r4xq6lGT/SIS72gjK1huBqB5tDUNG+Me5+lp2XvvkLsnhdSsWtt ENco9sM3c6AoatcgFC9Tu6OiecE1n35Y9pGWZvv2B7dDZldRGcWU9plUT1Wq77JfdSt4 tLinQG9r7DR1kHuOiwX71hSAOMO18i7KwE2pzfP2XETBUtmLvqUQlerNWuGQ6+Mb9Zmg PTCg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=AKxjalUcljvKnzN5lBKCl4Vp/gLsPH6RAr8Yk+aW0r4=; b=jUO92XSl926TEz0YFYI48VFxtk+1pPuiBmC7EbHZjdC3VX+sknh7EwXbI9zWc7oJYr e1S0X9uCI6NPRQrfQJY+Ck71RvcK/+xufmjrsOzQoUIMMPG89f6FXJyonl6QigWB7yED HLI0GsqdHKYzq7eXSbU/Pkdec+Ck8hkUcmvPSm876NZ0AsCjyl+B2rsXDkVIt8iFrGtA QJGxc5uA1XJLLfaXJX4VQ3vNBszgBm0FfqtUF3KGOzF8WuacKJIxhv4a0iCWAZj81QAv HsWvcCe63tJ7mEdy4pp+BNUPlaQyNe0KQJCEMhEQ9Hs0OxvoKAZOCScwJA0TNQBQlPtM 0vdw== X-Gm-Message-State: AOAM533Ng4evZkjsIVk8W/1sp6mgVFWB1VfgMyp0mv+rnTgmRVsjIMhr ONizu8cln9ldO/Qe0jh/nOMl9qpBDaL/ielKZ6GaFw== X-Google-Smtp-Source: ABdhPJxaU/ES1nDnDkYzxdzdnAGBT0PhiqjnwkFprfzv9nwJvg+PhTb6hoy2zVozvUV/SSLEyWDtS1I+obPS5iAC5Yk= X-Received: by 2002:a05:6808:19a7:b0:32b:3cef:631 with SMTP id bj39-20020a05680819a700b0032b3cef0631mr3338903oib.294.1653638178580; Fri, 27 May 2022 00:56:18 -0700 (PDT) MIME-Version: 1.0 References: <20220519134204.5379-1-will@kernel.org> <20220519134204.5379-60-will@kernel.org> In-Reply-To: From: Fuad Tabba Date: Fri, 27 May 2022 08:55:42 +0100 Message-ID: Subject: Re: [PATCH 59/89] KVM: arm64: Do not support MTE for protected VMs To: Peter Collingbourne Cc: Marc Zyngier , kernel-team@android.com, kvm@vger.kernel.org, Andy Lutomirski , Michael Roth , Catalin Marinas , Chao Peng , Will Deacon , kvmarm@lists.cs.columbia.edu, Linux ARM X-BeenThere: kvmarm@lists.cs.columbia.edu X-Mailman-Version: 2.1.14 Precedence: list List-Id: Where KVM/ARM decisions are made List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: kvmarm-bounces@lists.cs.columbia.edu Sender: kvmarm-bounces@lists.cs.columbia.edu Hi Peter, On Thu, May 26, 2022 at 9:08 PM Peter Collingbourne wrote: > > On Thu, May 19, 2022 at 7:40 AM Will Deacon wrote: > > > > From: Fuad Tabba > > > > Return an error (-EINVAL) if trying to enable MTE on a protected > > vm. > > I think this commit message needs more explanation as to why MTE is > not currently supported in protected VMs. Yes, we need to explain this more. Basically this is an extension of restricting features for protected VMs done earlier [*]. Various VM feature configurations are allowed in KVM/arm64, each requiring specific handling logic to deal with traps, context-switching and potentially emulation. Achieving feature parity in pKVM therefore requires either elevating this logic to EL2 (and substantially increasing the TCB) or continuing to trust the host handlers at EL1. Since neither of these options are especially appealing, pKVM instead limits the CPU features exposed to a guest to a fixed configuration based on the underlying hardware and which can mostly be provided straightforwardly by EL2. This of course can change in the future and we can support more features for protected VMs as needed. We'll expand on this commit message when we respin. Also note that this only applies to protected VMs. Non-protected VMs in protected mode support MTE. Cheers, /fuad [*] https://lore.kernel.org/kvmarm/20210827101609.2808181-1-tabba@google.com/ > > Peter _______________________________________________ kvmarm mailing list kvmarm@lists.cs.columbia.edu https://lists.cs.columbia.edu/mailman/listinfo/kvmarm From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 9D407C433EF for ; Fri, 27 May 2022 07:58:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:Subject:Message-ID:Date:From: In-Reply-To:References:MIME-Version:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=mAihuBBOo2QvYR1WCpD9gO+9DwZ+xIzSXJjnyz4O3OI=; b=W1bqJRAygPbv8m WXqfTtXBl5svOtxv2DpOBDqNmNjJXJbsnpN8MOhYPXwrgAkZ0QIF7mMGKjtzrasRqgc2eFi2fqrsZ hfENuZI7toch3mkhvFp3tX0dij8xL8EIleJZTFCyEylxWn0du3h/tohn2D4aigXCPzzxctfYvRWYm JyyeoaxwN1LsceW5gONUPq6bWbF1Ve/RBsjUCBzkv9+YXQSLiP+PM+M7wj8D2aiMUWkm5eB7WGTPM mgK+P1MpMc0XVmoZWXocIOqmakG58E2HRsdAQS7XjvTT0ONeekFvrFNlJq5QgWhZT8mvQQZ+RUSl1 8rErD/qYzXJLRbYEO2yw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nuUpz-00GuUZ-Gx; Fri, 27 May 2022 07:56:47 +0000 Received: from mail-oi1-x231.google.com ([2607:f8b0:4864:20::231]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nuUpa-00GuNl-UV for linux-arm-kernel@lists.infradead.org; Fri, 27 May 2022 07:56:24 +0000 Received: by mail-oi1-x231.google.com with SMTP id m125so4851466oia.6 for ; Fri, 27 May 2022 00:56:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=AKxjalUcljvKnzN5lBKCl4Vp/gLsPH6RAr8Yk+aW0r4=; b=ETR+NaVaVl4FmjEFVhzm6fOzYXY7BWGuylgp6IlAxdm/zvWnX/Yne5X3enLi8kt8dV ICtcKvY+kvySit5lehcMDaDqVU2cC7qvv5AXqJicDL/X/4mWbryQ60Pz/951MjJs4c20 0uhtngIbFrBMJIVc6r4xq6lGT/SIS72gjK1huBqB5tDUNG+Me5+lp2XvvkLsnhdSsWtt ENco9sM3c6AoatcgFC9Tu6OiecE1n35Y9pGWZvv2B7dDZldRGcWU9plUT1Wq77JfdSt4 tLinQG9r7DR1kHuOiwX71hSAOMO18i7KwE2pzfP2XETBUtmLvqUQlerNWuGQ6+Mb9Zmg PTCg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=AKxjalUcljvKnzN5lBKCl4Vp/gLsPH6RAr8Yk+aW0r4=; b=cU8GX6kT75ShmMI7TSwHH5+kFKcIWRyz0EfBBnBmaULpw+RA7aVBOuWyM7qbFTzYzx v+Q4UBlrQgGXf/ODd2/NuwRwz/L7FTVLbOvNo0ylWjz9c2wzOIXfpDQd43BwD3vLMJBw rjyN51nr7bXIGyHsoofqvmbeC2HtOm1C26WT6TmSci/yM0LSawCkLD+mCRVkyeNOWBkN bXzpsUwh6/ajZTL8OHO469tFsi7fbgZ1FTMUSjLB0Y4jXA5Bw9nIuobmVpV/DmWM/v/r 6vpDSTAWBL6Lc+LrTEf3EUf4OH6LzVeoDR65UlMYcHwNoUCzLL7HviTZELa3VZh/tqwa UeCA== X-Gm-Message-State: AOAM53195eJ6xVg4FT9TtTyofs1/XfMwXoR4a1tK8KUFRSAa9c91d9fq V7t456E/618CzMA7jK1sMi1eolwF24v2rD/nubZp1g== X-Google-Smtp-Source: ABdhPJxaU/ES1nDnDkYzxdzdnAGBT0PhiqjnwkFprfzv9nwJvg+PhTb6hoy2zVozvUV/SSLEyWDtS1I+obPS5iAC5Yk= X-Received: by 2002:a05:6808:19a7:b0:32b:3cef:631 with SMTP id bj39-20020a05680819a700b0032b3cef0631mr3338903oib.294.1653638178580; Fri, 27 May 2022 00:56:18 -0700 (PDT) MIME-Version: 1.0 References: <20220519134204.5379-1-will@kernel.org> <20220519134204.5379-60-will@kernel.org> In-Reply-To: From: Fuad Tabba Date: Fri, 27 May 2022 08:55:42 +0100 Message-ID: Subject: Re: [PATCH 59/89] KVM: arm64: Do not support MTE for protected VMs To: Peter Collingbourne Cc: Will Deacon , kvmarm@lists.cs.columbia.edu, Ard Biesheuvel , Sean Christopherson , Alexandru Elisei , Andy Lutomirski , Catalin Marinas , James Morse , Chao Peng , Quentin Perret , Suzuki K Poulose , Michael Roth , Mark Rutland , Oliver Upton , Marc Zyngier , kernel-team@android.com, kvm@vger.kernel.org, Linux ARM X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220527_005623_041032_9ADF3FFB X-CRM114-Status: GOOD ( 15.09 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Hi Peter, On Thu, May 26, 2022 at 9:08 PM Peter Collingbourne wrote: > > On Thu, May 19, 2022 at 7:40 AM Will Deacon wrote: > > > > From: Fuad Tabba > > > > Return an error (-EINVAL) if trying to enable MTE on a protected > > vm. > > I think this commit message needs more explanation as to why MTE is > not currently supported in protected VMs. Yes, we need to explain this more. Basically this is an extension of restricting features for protected VMs done earlier [*]. Various VM feature configurations are allowed in KVM/arm64, each requiring specific handling logic to deal with traps, context-switching and potentially emulation. Achieving feature parity in pKVM therefore requires either elevating this logic to EL2 (and substantially increasing the TCB) or continuing to trust the host handlers at EL1. Since neither of these options are especially appealing, pKVM instead limits the CPU features exposed to a guest to a fixed configuration based on the underlying hardware and which can mostly be provided straightforwardly by EL2. This of course can change in the future and we can support more features for protected VMs as needed. We'll expand on this commit message when we respin. Also note that this only applies to protected VMs. Non-protected VMs in protected mode support MTE. Cheers, /fuad [*] https://lore.kernel.org/kvmarm/20210827101609.2808181-1-tabba@google.com/ > > Peter _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel