Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp20646pxv; Wed, 21 Jul 2021 14:19:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyTZoAYwt/ZjOLfQdWJEXnE1Q1p5dP7+ep7284nha3vE+9GyaRAt18ZihlNZ7HjW3Ey6PDg X-Received: by 2002:a92:508:: with SMTP id q8mr26219342ile.89.1626902346914; Wed, 21 Jul 2021 14:19:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626902346; cv=none; d=google.com; s=arc-20160816; b=Wxic7eJsGKC7Js+xyVoKGfbMAmiAQYDgTr/PwBEeP3PytU3YLyMUGk+2DgrW02tklg 5HPJFRkdug9xau3HJfSZjeaflsV5//dWFcKPeceii3nQvIGxzOz+tMIBrR3NneBBqBV1 w8qy1653puLgATR8wA+LVqH/XkhGzj8xjsyEB/ZfgVAryTc5yT2Ral6a44wJd++wzh43 2fxcqEOuVhJauSQ/Yfq0Oi35HPAIwZ/92XNozlb+oi9g4ppg8IhSa7wRoziH7TgAYUn/ IjhNHGVXjP+HBZZ8Xhqa9QUL+cZi2UEwjEnFdEWqzkaQnbadEimSoL40Qi3y325a4qTd P7WA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=xS7zB88wP1Ct8tl3wZJBYvmGfA8uHUm0YRA5Jgo14nI=; b=vpni7bPttwp0IPmRNtWFnFFRTGH2LPdix7wBXx5a4cXsbZnt7dpJS5qKLkcee3vaov cjwI+9OSXsn5zE4mL3iEmPJP3Kh38RdMOMoj7QWz0LMB+moHfjb9xuwOWCzpNNnte1H7 RRyuTCi4W+8s1JNMbrcwOTHUpWCsdwNZXt3GNlrPRZcqzQ8c8RrAYEQOWC0miTPx9D6P pgIKDiU/e2Xs0uLT02xPInMeO6e3yzZnoiIzQsQpOD1y73s918hTS5/gycIOv97FXhbG IhDMiRWhX+7z0RgvsODfiCDf1i71hV7uYf0fibMkPvyDiAgigZBEp7nQM243cVTcru3n nbKQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ClAqKbgy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f11si29664926ils.120.2021.07.21.14.18.55; Wed, 21 Jul 2021 14:19:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ClAqKbgy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230081AbhGUUhN (ORCPT + 99 others); Wed, 21 Jul 2021 16:37:13 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:36572 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230026AbhGUUhN (ORCPT ); Wed, 21 Jul 2021 16:37:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626902268; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=xS7zB88wP1Ct8tl3wZJBYvmGfA8uHUm0YRA5Jgo14nI=; b=ClAqKbgyO5HD9JCMouZvHML1KjxMxp2XLFa/bDP04Ue+UFTDPznZpzM3YqxaVjmSXERr6K 8HOlCwinhsPe/gaZsZdSZyKPJDS0d1Pz7w+Uh1rQyAD+xB5U5t3GDTaZz7nJ0MDDIXqLXe bg44uv0v5+KN67NyDXmFanq7hgbob4c= Received: from mail-il1-f198.google.com (mail-il1-f198.google.com [209.85.166.198]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-328-2C8LrbiNPRW-kPvo__XYCg-1; Wed, 21 Jul 2021 17:17:47 -0400 X-MC-Unique: 2C8LrbiNPRW-kPvo__XYCg-1 Received: by mail-il1-f198.google.com with SMTP id f13-20020a056e0204cdb02902087dbca2b6so2269857ils.16 for ; Wed, 21 Jul 2021 14:17:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=xS7zB88wP1Ct8tl3wZJBYvmGfA8uHUm0YRA5Jgo14nI=; b=KbqK++JhgNOqRHHbm0K6nPerzahbbarDgl/0zunDkIliM0ZKM8MPpvl5m5NqmA9BxV pgbgl46yUXn6ujf3eQ771FYDeZQ0hZbxUmYn1Zr4ZVDzREEASWSHyxh/vHYEyaf60z90 3sKee/0OB781zqz5G62qFkjUL2DyEE3o2pz+auHwwQ6m1eMP8VelYT7Z/GXsbH7MrUUK Q+oyf+QzstePjsKd6XDeFuM3ZvhdeFPKR5gpEZa5Xcgf7hBh25SRT7TmdZOKk7/JsHxE ESMLTAA1z/TRFYswylFb0vZfrA4J714RzFgf9rstllzZii3hFIYzslRm9gMXIWVf5srS WFOg== X-Gm-Message-State: AOAM530AXPg9t/NWplee8dg5/2Mv2757rK59J1k7HaJo4EQgPXgequ5i ZcVpK078qA1QSV+7BzS5USdDo5/CYWRuSHrpPC5acXC0s2ISWdel/ax3+W7O+mbtg22wWP2kllq d9dtf5YpriLrvlEieCPjqOTGI X-Received: by 2002:a05:6638:240c:: with SMTP id z12mr32205855jat.41.1626902266820; Wed, 21 Jul 2021 14:17:46 -0700 (PDT) X-Received: by 2002:a05:6638:240c:: with SMTP id z12mr32205837jat.41.1626902266587; Wed, 21 Jul 2021 14:17:46 -0700 (PDT) Received: from gator ([140.82.166.162]) by smtp.gmail.com with ESMTPSA id w21sm14507636iol.52.2021.07.21.14.17.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Jul 2021 14:17:45 -0700 (PDT) Date: Wed, 21 Jul 2021 23:17:43 +0200 From: Andrew Jones To: Marc Zyngier Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-team@android.com, Srivatsa Vaddagiri , Shanker R Donthineni , will@kernel.org Subject: Re: [PATCH 10/16] KVM: arm64: Add some documentation for the MMIO guard feature Message-ID: <20210721211743.hb2cxghhwl2y22yh@gator> References: <20210715163159.1480168-1-maz@kernel.org> <20210715163159.1480168-11-maz@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210715163159.1480168-11-maz@kernel.org> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jul 15, 2021 at 05:31:53PM +0100, Marc Zyngier wrote: > Document the hypercalls user for the MMIO guard infrastructure. > > Signed-off-by: Marc Zyngier > --- > Documentation/virt/kvm/arm/index.rst | 1 + > Documentation/virt/kvm/arm/mmio-guard.rst | 73 +++++++++++++++++++++++ > 2 files changed, 74 insertions(+) > create mode 100644 Documentation/virt/kvm/arm/mmio-guard.rst > > diff --git a/Documentation/virt/kvm/arm/index.rst b/Documentation/virt/kvm/arm/index.rst > index 78a9b670aafe..e77a0ee2e2d4 100644 > --- a/Documentation/virt/kvm/arm/index.rst > +++ b/Documentation/virt/kvm/arm/index.rst > @@ -11,3 +11,4 @@ ARM > psci > pvtime > ptp_kvm > + mmio-guard > diff --git a/Documentation/virt/kvm/arm/mmio-guard.rst b/Documentation/virt/kvm/arm/mmio-guard.rst > new file mode 100644 > index 000000000000..a5563a3e12cc > --- /dev/null > +++ b/Documentation/virt/kvm/arm/mmio-guard.rst > @@ -0,0 +1,73 @@ > +.. SPDX-License-Identifier: GPL-2.0 > + > +============== > +KVM MMIO guard > +============== > + > +KVM implements device emulation by handling translation faults to any > +IPA range that is not contained a memory slot. Such translation fault ^ in ^ a > +is in most cases passed on to userspace (or in rare cases to the host > +kernel) with the address, size and possibly data of the access for > +emulation. > + > +Should the guest exit with an address that is not one that corresponds > +to an emulatable device, userspace may take measures that are not the > +most graceful as far as the guest is concerned (such as terminating it > +or delivering a fatal exception). > + > +There is also an element of trust: by forwarding the request to > +userspace, the kernel asumes that the guest trusts userspace to do the assumes > +right thing. > + > +The KVM MMIO guard offers a way to mitigate this last point: a guest > +can request that only certainly regions of the IPA space are valid as certain > +MMIO. Only these regions will be handled as an MMIO, and any other > +will result in an exception being delivered to the guest. > + > +This relies on a set of hypercalls defined in the KVM-specific range, > +using the HVC64 calling convention. > + > +* ARM_SMCCC_KVM_FUNC_MMIO_GUARD_INFO > + > + ============== ======== ================================ > + Function ID: (uint32) 0xC6000002 > + Arguments: none > + Return Values: (int64) NOT_SUPPORTED(-1) on error, or > + (uint64) Protection Granule (PG) size in > + bytes (r0) > + ============== ======== ================================ > + > +* ARM_SMCCC_KVM_FUNC_MMIO_GUARD_ENROLL > + > + ============== ======== ============================== > + Function ID: (uint32) 0xC6000003 > + Arguments: none > + Return Values: (int64) NOT_SUPPORTED(-1) on error, or > + RET_SUCCESS(0) (r0) > + ============== ======== ============================== > + > +* ARM_SMCCC_KVM_FUNC_MMIO_GUARD_MAP > + > + ============== ======== ====================================== > + Function ID: (uint32) 0xC6000004 > + Arguments: (uint64) The base of the PG-sized IPA range > + that is allowed to be accessed as > + MMIO. Must aligned to the PG size (r1) align > + (uint64) Index in the MAIR_EL1 register > + providing the memory attribute that > + is used by the guest (r2) > + Return Values: (int64) NOT_SUPPORTED(-1) on error, or > + RET_SUCCESS(0) (r0) > + ============== ======== ====================================== > + > +* ARM_SMCCC_KVM_FUNC_MMIO_GUARD_UNMAP > + > + ============== ======== ====================================== > + Function ID: (uint32) 0xC6000004 copy+paste error, should be 0xC6000005 > + Arguments: (uint64) The base of the PG-sized IPA range > + that is forbidden to be accessed as is now forbidden or was allowed or just drop that part of the sentence because its covered by the "and have been previously mapped" part. Something like PG-sized IPA range aligned to the PG size which has been previously mapped (r1) > + MMIO. Must aligned to the PG size align > + and have been previously mapped (r1) > + Return Values: (int64) NOT_SUPPORTED(-1) on error, or > + RET_SUCCESS(0) (r0) > + ============== ======== ====================================== > -- > 2.30.2 > > _______________________________________________ > kvmarm mailing list > kvmarm@lists.cs.columbia.edu > https://lists.cs.columbia.edu/mailman/listinfo/kvmarm > Thanks, drew