From: Marc Zyngier <maz@kernel.org>
To: Will Deacon <will@kernel.org>
Cc: linux-arm-kernel@lists.infradead.org,
kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org, qperret@google.com,
dbrazdil@google.com, Srivatsa Vaddagiri <vatsa@codeaurora.org>,
Shanker R Donthineni <sdonthineni@nvidia.com>,
James Morse <james.morse@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
kernel-team@android.com
Subject: Re: [PATCH 12/16] mm/ioremap: Add arch-specific callbacks on ioremap/iounmap calls
Date: Wed, 28 Jul 2021 12:01:53 +0100 [thread overview]
Message-ID: <87tuked7mm.wl-maz@kernel.org> (raw)
In-Reply-To: <20210727181203.GG19173@willie-the-truck>
On Tue, 27 Jul 2021 19:12:04 +0100,
Will Deacon <will@kernel.org> wrote:
>
> On Thu, Jul 15, 2021 at 05:31:55PM +0100, Marc Zyngier wrote:
> > Add a pair of hooks (ioremap_page_range_hook/iounmap_page_range_hook)
> > that can be implemented by an architecture.
> >
> > Signed-off-by: Marc Zyngier <maz@kernel.org>
> > ---
> > include/linux/io.h | 3 +++
> > mm/ioremap.c | 13 ++++++++++++-
> > mm/vmalloc.c | 8 ++++++++
> > 3 files changed, 23 insertions(+), 1 deletion(-)
> >
> > diff --git a/include/linux/io.h b/include/linux/io.h
> > index 9595151d800d..0ffc265f114c 100644
> > --- a/include/linux/io.h
> > +++ b/include/linux/io.h
> > @@ -21,6 +21,9 @@ void __ioread32_copy(void *to, const void __iomem *from, size_t count);
> > void __iowrite64_copy(void __iomem *to, const void *from, size_t count);
> >
> > #ifdef CONFIG_MMU
> > +void ioremap_page_range_hook(unsigned long addr, unsigned long end,
> > + phys_addr_t phys_addr, pgprot_t prot);
> > +void iounmap_page_range_hook(phys_addr_t phys_addr, size_t size);
> > int ioremap_page_range(unsigned long addr, unsigned long end,
> > phys_addr_t phys_addr, pgprot_t prot);
> > #else
>
> Can we avoid these hooks by instead not registering the regions proactively
> in the guest and moving that logic to a fault handler which runs off the
> back of the injected data abort? From there, we could check if the faulting
> IPA is a memory address and register it as MMIO if not.
>
> Dunno, you've spent more time than me thinking about this, but just
> wondering if you'd had a crack at doing it that way, as it _seems_ simpler
> to my naive brain.
I thought about it, but couldn't work out whether it was always
possible for the guest to handle these faults (first access in an
interrupt context, for example?).
Also, this changes the semantics of the protection this is supposed to
offer: any access out of the RAM space will generate an abort, and the
fault handler will grant MMIO forwarding for this page. Stray accesses
that would normally be properly handled as fatal would now succeed and
be forwarded to userspace, even if there was no emulated devices
there.
For this to work, we'd need to work out whether there is any existing
device mapping that actually points to this page. And whether it
actually is supposed to be forwarded to userspace. Do we have a rmap
for device mappings?
M.
--
Without deviation from the norm, progress is not possible.
next prev parent reply other threads:[~2021-07-28 11:02 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-15 16:31 [PATCH 00/16] KVM: arm64: MMIO guard PV services Marc Zyngier
2021-07-15 16:31 ` [PATCH 01/16] KVM: arm64: Generalise VM features into a set of flags Marc Zyngier
2021-07-27 18:10 ` Will Deacon
2021-07-28 9:41 ` Marc Zyngier
2021-07-28 14:51 ` Steven Price
2021-07-15 16:31 ` [PATCH 02/16] KVM: arm64: Don't issue CMOs when the physical address is invalid Marc Zyngier
2021-07-19 17:18 ` Quentin Perret
2021-07-20 8:04 ` Marc Zyngier
2021-07-27 18:10 ` Will Deacon
2021-07-28 9:45 ` Marc Zyngier
2021-07-15 16:31 ` [PATCH 03/16] KVM: arm64: Turn kvm_pgtable_stage2_set_owner into kvm_pgtable_stage2_annotate Marc Zyngier
2021-07-20 10:09 ` Quentin Perret
2021-07-20 10:21 ` Marc Zyngier
2021-07-20 10:38 ` Quentin Perret
2021-07-20 11:20 ` Marc Zyngier
2021-07-20 11:36 ` Quentin Perret
2021-07-20 13:13 ` Marc Zyngier
2021-07-15 16:31 ` [PATCH 04/16] KVM: arm64: Add MMIO checking infrastructure Marc Zyngier
2021-07-20 11:13 ` Quentin Perret
2021-07-20 13:15 ` Marc Zyngier
2021-07-20 15:49 ` Quentin Perret
2021-07-22 18:04 ` Marc Zyngier
2021-07-23 10:16 ` Quentin Perret
2021-07-27 18:11 ` Will Deacon
2021-07-28 9:57 ` Marc Zyngier
2021-07-30 12:26 ` Will Deacon
2021-07-30 13:04 ` Marc Zyngier
2021-07-30 12:58 ` Quentin Perret
2021-07-15 16:31 ` [PATCH 05/16] KVM: arm64: Plumb MMIO checking into the fault handling Marc Zyngier
2021-07-27 18:11 ` Will Deacon
2021-07-28 10:21 ` Marc Zyngier
2021-07-30 12:38 ` Will Deacon
2021-07-15 16:31 ` [PATCH 06/16] KVM: arm64: Force a full unmap on vpcu reinit Marc Zyngier
2021-07-27 18:11 ` Will Deacon
2021-07-28 10:38 ` Marc Zyngier
2021-07-30 12:50 ` Will Deacon
2021-07-15 16:31 ` [PATCH 07/16] KVM: arm64: Wire MMIO guard hypercalls Marc Zyngier
2021-07-27 18:11 ` Will Deacon
2021-07-28 10:47 ` Marc Zyngier
2021-07-30 13:11 ` Will Deacon
2021-08-01 11:20 ` Marc Zyngier
2021-07-15 16:31 ` [PATCH 08/16] KVM: arm64: Add tracepoint for failed MMIO guard check Marc Zyngier
2021-07-15 16:31 ` [PATCH 09/16] KVM: arm64: Advertise a capability for MMIO guard Marc Zyngier
2021-07-15 16:31 ` [PATCH 10/16] KVM: arm64: Add some documentation for the MMIO guard feature Marc Zyngier
2021-07-21 21:17 ` Andrew Jones
2021-07-23 13:30 ` Marc Zyngier
2021-07-23 13:38 ` Andrew Jones
2021-07-23 13:52 ` Marc Zyngier
2021-07-15 16:31 ` [PATCH 11/16] firmware/smccc: Call arch-specific hook on discovering KVM services Marc Zyngier
2021-07-15 16:31 ` [PATCH 12/16] mm/ioremap: Add arch-specific callbacks on ioremap/iounmap calls Marc Zyngier
2021-07-27 18:12 ` Will Deacon
2021-07-28 11:01 ` Marc Zyngier [this message]
2021-07-30 14:07 ` Will Deacon
2021-07-15 16:31 ` [PATCH 13/16] arm64: Implement ioremap/iounmap hooks calling into KVM's MMIO guard Marc Zyngier
2021-07-15 16:31 ` [PATCH 14/16] arm64: Enroll into KVM's MMIO guard if required Marc Zyngier
2021-07-15 16:31 ` [PATCH 15/16] arm64: Add a helper to retrieve the PTE of a fixmap Marc Zyngier
2021-07-20 11:16 ` Quentin Perret
2021-07-15 16:31 ` [PATCH 16/16] arm64: Register earlycon fixmap with the MMIO guard Marc Zyngier
2021-07-21 21:42 ` [PATCH 00/16] KVM: arm64: MMIO guard PV services Andrew Jones
2021-07-22 10:00 ` Marc Zyngier
2021-07-22 13:25 ` Andrew Jones
2021-07-22 15:30 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87tuked7mm.wl-maz@kernel.org \
--to=maz@kernel.org \
--cc=alexandru.elisei@arm.com \
--cc=dbrazdil@google.com \
--cc=james.morse@arm.com \
--cc=kernel-team@android.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=qperret@google.com \
--cc=sdonthineni@nvidia.com \
--cc=suzuki.poulose@arm.com \
--cc=vatsa@codeaurora.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).