<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/arch/arm/kvm, branch v4.13</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>Merge branch 'kvmarm-master/master' into HEAD</title>
<updated>2017-06-15T08:35:15+00:00</updated>
<author>
<name>Marc Zyngier</name>
<email>marc.zyngier@arm.com</email>
</author>
<published>2017-06-15T08:35:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=6f2f10cabe73944488a62df16695c86e20d4c3f9'/>
<id>6f2f10cabe73944488a62df16695c86e20d4c3f9</id>
<content type='text'>
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
</pre>
</div>
</content>
</entry>
<entry>
<title>KVM: arm/arm64: Allow setting the timer IRQ numbers from userspace</title>
<updated>2017-06-08T14:59:57+00:00</updated>
<author>
<name>Christoffer Dall</name>
<email>cdall@linaro.org</email>
</author>
<published>2017-05-02T18:19:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=99a1db7a2c9b2ecb9a801cee3f6a7a71945a2fca'/>
<id>99a1db7a2c9b2ecb9a801cee3f6a7a71945a2fca</id>
<content type='text'>
First we define an ABI using the vcpu devices that lets userspace set
the interrupt numbers for the various timers on both the 32-bit and
64-bit KVM/ARM implementations.

Second, we add the definitions for the groups and attributes introduced
by the above ABI.  (We add the PMU define on the 32-bit side as well for
symmetry and it may get used some day.)

Third, we set up the arch-specific vcpu device operation handlers to
call into the timer code for anything related to the
KVM_ARM_VCPU_TIMER_CTRL group.

Fourth, we implement support for getting and setting the timer interrupt
numbers using the above defined ABI in the arch timer code.

Fifth, we introduce error checking upon enabling the arch timer (which
is called when first running a VCPU) to check that all VCPUs are
configured to use the same PPI for the timer (as mandated by the
architecture) and that the virtual and physical timers are not
configured to use the same IRQ number.

Signed-off-by: Christoffer Dall &lt;cdall@linaro.org&gt;
Reviewed-by: Marc Zyngier &lt;marc.zyngier@arm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
First we define an ABI using the vcpu devices that lets userspace set
the interrupt numbers for the various timers on both the 32-bit and
64-bit KVM/ARM implementations.

Second, we add the definitions for the groups and attributes introduced
by the above ABI.  (We add the PMU define on the 32-bit side as well for
symmetry and it may get used some day.)

Third, we set up the arch-specific vcpu device operation handlers to
call into the timer code for anything related to the
KVM_ARM_VCPU_TIMER_CTRL group.

Fourth, we implement support for getting and setting the timer interrupt
numbers using the above defined ABI in the arch timer code.

Fifth, we introduce error checking upon enabling the arch timer (which
is called when first running a VCPU) to check that all VCPUs are
configured to use the same PPI for the timer (as mandated by the
architecture) and that the virtual and physical timers are not
configured to use the same IRQ number.

Signed-off-by: Christoffer Dall &lt;cdall@linaro.org&gt;
Reviewed-by: Marc Zyngier &lt;marc.zyngier@arm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>KVM: arm/arm64: Move timer IRQ default init to arch_timer.c</title>
<updated>2017-06-08T14:59:56+00:00</updated>
<author>
<name>Christoffer Dall</name>
<email>cdall@linaro.org</email>
</author>
<published>2017-05-02T18:14:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=85e69ad7f2cc6dd829987a70cf32785b1d8c8b27'/>
<id>85e69ad7f2cc6dd829987a70cf32785b1d8c8b27</id>
<content type='text'>
We currently initialize the arch timer IRQ numbers from the reset code,
presumably because we once intended to model multiple CPU or SoC types
from within the kernel and have hard-coded reset values in the reset
code.

As we are moving towards userspace being in charge of more fine-grained
CPU emulation and stitching together the pieces needed to emulate a
particular type of CPU, we should no longer have a tight coupling
between resetting a VCPU and setting IRQ numbers.

Therefore, move the logic to define and use the default IRQ numbers to
the timer code and set the IRQ number immediately when creating the
VCPU.

Signed-off-by: Christoffer Dall &lt;cdall@linaro.org&gt;
Reviewed-by: Marc Zyngier &lt;marc.zyngier@arm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
We currently initialize the arch timer IRQ numbers from the reset code,
presumably because we once intended to model multiple CPU or SoC types
from within the kernel and have hard-coded reset values in the reset
code.

As we are moving towards userspace being in charge of more fine-grained
CPU emulation and stitching together the pieces needed to emulate a
particular type of CPU, we should no longer have a tight coupling
between resetting a VCPU and setting IRQ numbers.

Therefore, move the logic to define and use the default IRQ numbers to
the timer code and set the IRQ number immediately when creating the
VCPU.

Signed-off-by: Christoffer Dall &lt;cdall@linaro.org&gt;
Reviewed-by: Marc Zyngier &lt;marc.zyngier@arm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>KVM: arm: Handle VCPU device attributes in guest.c</title>
<updated>2017-06-08T14:59:55+00:00</updated>
<author>
<name>Christoffer Dall</name>
<email>cdall@linaro.org</email>
</author>
<published>2017-05-02T13:17:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=2227e43930278a53054046f9746cba69a1379639'/>
<id>2227e43930278a53054046f9746cba69a1379639</id>
<content type='text'>
As we are about to support VCPU attributes to set the timer IRQ numbers
in guest.c, move the static inlines for the VCPU attributes handlers
from the header file to guest.c.

Signed-off-by: Christoffer Dall &lt;cdall@linaro.org&gt;
Acked-by: Marc Zyngier &lt;marc.zyngier@arm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
As we are about to support VCPU attributes to set the timer IRQ numbers
in guest.c, move the static inlines for the VCPU attributes handlers
from the header file to guest.c.

Signed-off-by: Christoffer Dall &lt;cdall@linaro.org&gt;
Acked-by: Marc Zyngier &lt;marc.zyngier@arm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>arm: KVM: Allow unaligned accesses at HYP</title>
<updated>2017-06-06T20:20:02+00:00</updated>
<author>
<name>Marc Zyngier</name>
<email>marc.zyngier@arm.com</email>
</author>
<published>2017-06-06T18:08:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=33b5c38852b29736f3b472dd095c9a18ec22746f'/>
<id>33b5c38852b29736f3b472dd095c9a18ec22746f</id>
<content type='text'>
We currently have the HSCTLR.A bit set, trapping unaligned accesses
at HYP, but we're not really prepared to deal with it.

Since the rest of the kernel is pretty happy about that, let's follow
its example and set HSCTLR.A to zero. Modern CPUs don't really care.

Cc: stable@vger.kernel.org
Signed-off-by: Marc Zyngier &lt;marc.zyngier@arm.com&gt;
Signed-off-by: Christoffer Dall &lt;cdall@linaro.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
We currently have the HSCTLR.A bit set, trapping unaligned accesses
at HYP, but we're not really prepared to deal with it.

Since the rest of the kernel is pretty happy about that, let's follow
its example and set HSCTLR.A to zero. Modern CPUs don't really care.

Cc: stable@vger.kernel.org
Signed-off-by: Marc Zyngier &lt;marc.zyngier@arm.com&gt;
Signed-off-by: Christoffer Dall &lt;cdall@linaro.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>KVM: arm/arm64: properly use vcpu requests</title>
<updated>2017-06-04T14:53:47+00:00</updated>
<author>
<name>Andrew Jones</name>
<email>drjones@redhat.com</email>
</author>
<published>2017-06-04T12:43:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=6a6d73be12fbe492d0678cd84d3b35e2bc9698e4'/>
<id>6a6d73be12fbe492d0678cd84d3b35e2bc9698e4</id>
<content type='text'>
arm/arm64 already has one VCPU request used when setting pause,
but it doesn't properly check requests in VCPU RUN. Check it
and also make sure we set vcpu-&gt;mode at the appropriate time
(before the check) and with the appropriate barriers. See
Documentation/virtual/kvm/vcpu-requests.rst. Also make sure we
don't leave any vcpu requests we don't intend to handle later
set in the request bitmap. If we don't clear them, then
kvm_request_pending() may return true when it shouldn't.

Using VCPU requests properly fixes a small race where pause
could get set just as a VCPU was entering guest mode.

Signed-off-by: Andrew Jones &lt;drjones@redhat.com&gt;
Reviewed-by: Christoffer Dall &lt;cdall@linaro.org&gt;
Signed-off-by: Christoffer Dall &lt;cdall@linaro.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
arm/arm64 already has one VCPU request used when setting pause,
but it doesn't properly check requests in VCPU RUN. Check it
and also make sure we set vcpu-&gt;mode at the appropriate time
(before the check) and with the appropriate barriers. See
Documentation/virtual/kvm/vcpu-requests.rst. Also make sure we
don't leave any vcpu requests we don't intend to handle later
set in the request bitmap. If we don't clear them, then
kvm_request_pending() may return true when it shouldn't.

Using VCPU requests properly fixes a small race where pause
could get set just as a VCPU was entering guest mode.

Signed-off-by: Andrew Jones &lt;drjones@redhat.com&gt;
Reviewed-by: Christoffer Dall &lt;cdall@linaro.org&gt;
Signed-off-by: Christoffer Dall &lt;cdall@linaro.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>KVM: arm: Restore banked registers and physical timer access on hyp_panic()</title>
<updated>2017-05-16T07:54:24+00:00</updated>
<author>
<name>James Morse</name>
<email>james.morse@arm.com</email>
</author>
<published>2017-04-25T17:02:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=d2e19368848ce6065daa785efca26faed54732b6'/>
<id>d2e19368848ce6065daa785efca26faed54732b6</id>
<content type='text'>
When KVM panics, it hurridly restores the host context and parachutes
into the host's panic() code. This looks like it was copied from arm64,
the 32bit KVM panic code needs to restore the host's banked registers
too.

At some point panic() touches the physical timer/counter, this will
trap back to HYP. If we're lucky, we panic again.

Add a __timer_save_state() call to KVMs hyp_panic() path, this saves the
guest registers and disables the traps for the host.

Fixes: c36b6db5f3e4 ("ARM: KVM: Add panic handling code")
Signed-off-by: James Morse &lt;james.morse@arm.com&gt;
Reviewed-by: Marc Zyngier &lt;marc.zyngier@arm.com&gt;
Reviewed-by: Christoffer Dall &lt;cdall@linaro.org&gt;
Signed-off-by: Christoffer Dall &lt;cdall@linaro.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When KVM panics, it hurridly restores the host context and parachutes
into the host's panic() code. This looks like it was copied from arm64,
the 32bit KVM panic code needs to restore the host's banked registers
too.

At some point panic() touches the physical timer/counter, this will
trap back to HYP. If we're lucky, we panic again.

Add a __timer_save_state() call to KVMs hyp_panic() path, this saves the
guest registers and disables the traps for the host.

Fixes: c36b6db5f3e4 ("ARM: KVM: Add panic handling code")
Signed-off-by: James Morse &lt;james.morse@arm.com&gt;
Reviewed-by: Marc Zyngier &lt;marc.zyngier@arm.com&gt;
Reviewed-by: Christoffer Dall &lt;cdall@linaro.org&gt;
Signed-off-by: Christoffer Dall &lt;cdall@linaro.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>KVM: arm: rename pm_fake handler to trap_raz_wi</title>
<updated>2017-05-15T12:29:27+00:00</updated>
<author>
<name>Zhichao Huang</name>
<email>zhichao.huang@linaro.org</email>
</author>
<published>2017-05-11T12:46:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=9b619a8f08da9f61f166edbbe30ad05c359ec19e'/>
<id>9b619a8f08da9f61f166edbbe30ad05c359ec19e</id>
<content type='text'>
pm_fake doesn't quite describe what the handler does (ignoring writes
and returning 0 for reads).

As we're about to use it (a lot) in a different context, rename it
with a (admitedly cryptic) name that make sense for all users.

Signed-off-by: Zhichao Huang &lt;zhichao.huang@linaro.org&gt;
Reviewed-by: Alex Bennee &lt;alex.bennee@linaro.org&gt;
Acked-by: Christoffer Dall &lt;christoffer.dall@linaro.org&gt;
Acked-by: Marc Zyngier &lt;marc.zyngier@arm.com&gt;
Signed-off-by: Alex Bennée &lt;alex.bennee@linaro.org&gt;
Signed-off-by: Christoffer Dall &lt;cdall@linaro.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
pm_fake doesn't quite describe what the handler does (ignoring writes
and returning 0 for reads).

As we're about to use it (a lot) in a different context, rename it
with a (admitedly cryptic) name that make sense for all users.

Signed-off-by: Zhichao Huang &lt;zhichao.huang@linaro.org&gt;
Reviewed-by: Alex Bennee &lt;alex.bennee@linaro.org&gt;
Acked-by: Christoffer Dall &lt;christoffer.dall@linaro.org&gt;
Acked-by: Marc Zyngier &lt;marc.zyngier@arm.com&gt;
Signed-off-by: Alex Bennée &lt;alex.bennee@linaro.org&gt;
Signed-off-by: Christoffer Dall &lt;cdall@linaro.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>KVM: arm: plug potential guest hardware debug leakage</title>
<updated>2017-05-15T12:29:19+00:00</updated>
<author>
<name>Zhichao Huang</name>
<email>zhichao.huang@linaro.org</email>
</author>
<published>2017-05-11T12:46:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=661e6b02b5aa82db31897f36e96324b77450fd7a'/>
<id>661e6b02b5aa82db31897f36e96324b77450fd7a</id>
<content type='text'>
Hardware debugging in guests is not intercepted currently, it means
that a malicious guest can bring down the entire machine by writing
to the debug registers.

This patch enable trapping of all debug registers, preventing the
guests to access the debug registers. This includes access to the
debug mode(DBGDSCR) in the guest world all the time which could
otherwise mess with the host state. Reads return 0 and writes are
ignored (RAZ_WI).

The result is the guest cannot detect any working hardware based debug
support. As debug exceptions are still routed to the guest normal
debug using software based breakpoints still works.

To support debugging using hardware registers we need to implement a
debug register aware world switch as well as special trapping for
registers that may affect the host state.

Cc: stable@vger.kernel.org
Signed-off-by: Zhichao Huang &lt;zhichao.huang@linaro.org&gt;
Signed-off-by: Alex Bennée &lt;alex.bennee@linaro.org&gt;
Reviewed-by: Christoffer Dall &lt;cdall@linaro.org&gt;
Signed-off-by: Christoffer Dall &lt;cdall@linaro.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Hardware debugging in guests is not intercepted currently, it means
that a malicious guest can bring down the entire machine by writing
to the debug registers.

This patch enable trapping of all debug registers, preventing the
guests to access the debug registers. This includes access to the
debug mode(DBGDSCR) in the guest world all the time which could
otherwise mess with the host state. Reads return 0 and writes are
ignored (RAZ_WI).

The result is the guest cannot detect any working hardware based debug
support. As debug exceptions are still routed to the guest normal
debug using software based breakpoints still works.

To support debugging using hardware registers we need to implement a
debug register aware world switch as well as special trapping for
registers that may affect the host state.

Cc: stable@vger.kernel.org
Signed-off-by: Zhichao Huang &lt;zhichao.huang@linaro.org&gt;
Signed-off-by: Alex Bennée &lt;alex.bennee@linaro.org&gt;
Reviewed-by: Christoffer Dall &lt;cdall@linaro.org&gt;
Signed-off-by: Christoffer Dall &lt;cdall@linaro.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>arm: KVM: Do not use stack-protector to compile HYP code</title>
<updated>2017-05-15T09:31:38+00:00</updated>
<author>
<name>Marc Zyngier</name>
<email>marc.zyngier@arm.com</email>
</author>
<published>2017-05-02T13:30:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=501ad27c67ed0b90df465f23d33e9aed64058a47'/>
<id>501ad27c67ed0b90df465f23d33e9aed64058a47</id>
<content type='text'>
We like living dangerously. Nothing explicitely forbids stack-protector
to be used in the HYP code, while distributions routinely compile their
kernel with it. We're just lucky that no code actually triggers the
instrumentation.

Let's not try our luck for much longer, and disable stack-protector
for code living at HYP.

Cc: stable@vger.kernel.org
Signed-off-by: Marc Zyngier &lt;marc.zyngier@arm.com&gt;
Acked-by: Christoffer Dall &lt;cdall@linaro.org&gt;
Signed-off-by: Christoffer Dall &lt;cdall@linaro.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
We like living dangerously. Nothing explicitely forbids stack-protector
to be used in the HYP code, while distributions routinely compile their
kernel with it. We're just lucky that no code actually triggers the
instrumentation.

Let's not try our luck for much longer, and disable stack-protector
for code living at HYP.

Cc: stable@vger.kernel.org
Signed-off-by: Marc Zyngier &lt;marc.zyngier@arm.com&gt;
Acked-by: Christoffer Dall &lt;cdall@linaro.org&gt;
Signed-off-by: Christoffer Dall &lt;cdall@linaro.org&gt;
</pre>
</div>
</content>
</entry>
</feed>
