KVM ARM Archive on lore.kernel.org
 help / color / Atom feed
From: Will Deacon <will@kernel.org>
To: James Morse <james.morse@arm.com>
Cc: qwandor@google.com, Marc Zyngier <maz@kernel.org>,
	tabba@google.com, Steven Price <steven.price@arm.com>,
	wedsonaf@google.com, dbrazdil@google.com,
	kernel-team@android.com, kvmarm@lists.cs.columbia.edu,
Date: Fri, 27 Mar 2020 16:59:36 +0000
Message-ID: <20200327165935.GA8048@willie-the-truck> (raw)
In-Reply-To: <a8cc7a17-cb84-3e52-15f4-87b27a01876b@arm.com>

Hi James,

On Fri, Mar 27, 2020 at 04:11:56PM +0000, James Morse wrote:
> On 3/27/20 2:39 PM, Andrew Scull wrote:
> > Errata 1165522, 1319367 and 1530923 each allow TLB entries to be
> > allocated as a result of a speculative AT instruction. In order to
> > avoid mandating VHE on certain affected CPUs, apply the workaround to
> > both the nVHE and the VHE case for all affected CPUs.
> You're booting a VHE capable system without VHE, and need KVM?
> Do tell!

I'll stick my neck out for this part...

Basically, we're looking at enabling virtualisation on Android through
KVM and we're going to be upstreaming more of this as it gets going.
One of the goals of this work is to provide an environment where virtual
machines can run in isolation from the KVM host; in such a design, the
guest memory must not be accessible to the host, so this doesn't lend
itself at all to VHE. Our current work is focussing on extending the nVHE
__hyp_text so that things like stage-2 page table and vCPU state is all
handled there, with a stage-2 put over the host kernel to prevent access
to guest memory. The host is still responsible for scheduling vCPUs, so
a compromised host can cause a DoS but it's the data integrity that we
really care about. We're looking at implementing this on top of the SPCI
spec from Arm, where the VMs are a lot less dynamic than a traditional
KVM invocation but implement message passing and shared memory interfaces
so that we can still use things like virtio. We're also aiming to support
SPCI partitions alongside traditional VMs, although the stage-2 must still
be handled at EL2 for both types of guest.

It's a bit like a Type-1.5 hypervisor ;)

Anyway, there's plenty to do, but one of the exercises is removing some of
the artificial Kconfig dependencies we have on VHE. This erratum workaround
is one of them, but there are others such as SVE and Pointer Auth.

> Would enabling the nVHE workaround on a VHE capable part solve your problem?

Could do, but it seems a bit weird to enable the workarounds independently
once both VHE and nVHE are supported. We probably need to use has_vhe() to
distinguish the two paths, rather than rely on the presence of the
workaround as a proxy for that.

kvmarm mailing list

      reply index

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-27 14:39 Andrew Scull
2020-03-27 14:59 ` Steven Price
2020-03-27 17:48   ` Andrew Scull
2020-03-27 17:52     ` Marc Zyngier
2020-03-27 18:09       ` Will Deacon
2020-03-28 11:23         ` Marc Zyngier
2020-03-30 10:06           ` Will Deacon
2020-04-03 12:57   ` Andrew Scull
2020-04-17 16:41     ` Will Deacon
2020-04-20 13:46       ` Steven Price
2020-03-27 16:11 ` James Morse
2020-03-27 16:59   ` Will Deacon [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200327165935.GA8048@willie-the-truck \
    --to=will@kernel.org \
    --cc=dbrazdil@google.com \
    --cc=james.morse@arm.com \
    --cc=kernel-team@android.com \
    --cc=kvmarm@lists.cs.columbia.edu \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=maz@kernel.org \
    --cc=qwandor@google.com \
    --cc=steven.price@arm.com \
    --cc=tabba@google.com \
    --cc=wedsonaf@google.com \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

KVM ARM Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/kvmarm/0 kvmarm/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 kvmarm kvmarm/ https://lore.kernel.org/kvmarm \
	public-inbox-index kvmarm

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git