From nobody Sun Feb 8 14:11:20 2026 Received: from mail-ej1-f73.google.com (mail-ej1-f73.google.com [209.85.218.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 833F78172A for ; Tue, 25 Feb 2025 01:53:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740448415; cv=none; b=BYjYZrDc/0VUOD6dnhJxGQkC5vxB6Qmx+vwr+a5rQratt+9E5scnk+kiuEhnCPksNsJ5IE8SxF7NXKBZt3nt9WVSV9HEXj4ucEB4jt735LueQtQ0pjKbzzMo7KhvkofW9jod0PvKBZrf0t1ypq0HsowSz9mOjc63zGszOwfK5zg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740448415; c=relaxed/simple; bh=jtDmuo3JMeqvUeKpLmarSq/9wWlf5/kdtMpl5UqbU9Q=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=srxHfBOsOq2KjL9S+Vi1ua5Uk2dMsM/NDECGEj8dPJgFcDcwpniKod//XIOVOD1asZgEGEQu8NAk9by8PbhIY9AvxJ66TWNm33R8lEd/AHWihad6BnDlRBd9NgYGnUeWfuam4/SannqI9WMsEpYTnicd982v/g8L32AJtscu81s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--qperret.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=fS6tAMeJ; arc=none smtp.client-ip=209.85.218.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--qperret.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="fS6tAMeJ" Received: by mail-ej1-f73.google.com with SMTP id a640c23a62f3a-abba896add9so394043266b.1 for ; Mon, 24 Feb 2025 17:53:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1740448412; x=1741053212; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=NrlFCJQM+s/SC4GA9X2sl0022JOgPYCcRoZjBzdMN/w=; b=fS6tAMeJYLI8vej3qJnAPOOzpYpcPHxORjBErrAQUHCwJhdbCEPkla438b2WY+EMVi aksTwe1upzlrOCTngG/DE+2jzH+61OQLj2ALVAgNu0LzAWjPhcariEJ9bI7hpjrSV0MC n4av7AuPGF3ggNLjLLrhaaFaBHGW3gMLeVtuxflqpTuu3J934TJct4chp8b7kWlXzFsv oHZnihRX7PWTd/hwTu1S9H+g55qHNTHHutR56m5w0Uu7asK4FuVot22Mh6eGyE9dp/+I Ildwiwc+cntRufvOPAb+WUChOCptT3HvieNARAhprWOabyItrJ166kqsiHfSDQb4YtC+ C3rA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740448412; x=1741053212; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=NrlFCJQM+s/SC4GA9X2sl0022JOgPYCcRoZjBzdMN/w=; b=Nb1fAWwKQPV7rFPeD/aNc1heB0EFOF0JYcN81QZptXSY01OIFtJOBh0UegNeQULrhr N+/f5AtX7nCm+rHYNvqQxbS4lRTwUEwxiALlxYMpgCOqWOjRHOTjt20nA8XcGqc2sgh1 qS61WAiMDXS/dm2CblorO0313Vj1EiCpskZ8KzTmjPvA4ISHc1kghdaQP3RJKvlH6fLi bJKRhiHTA/XeSomQGiTyfMg9Oa+pvGP/lPTMJMXztDHbz2gOHmxU43PC//ObwAOZ6egr P+eNCcy15D1JJezog5G3+NCZPdiASruP+T0FOXs8zzhxjncUNes0GBvvpLj5LA0Amfd0 OPXQ== X-Forwarded-Encrypted: i=1; AJvYcCU7UV/7a2LpH2JuHwRoUYUuyzMGCTY4qvGrjsOQ+AYiDlSrFJP3IVZjpZEzZEa3X304rlRMqavqcoJZ3u0=@vger.kernel.org X-Gm-Message-State: AOJu0YydH5bdttm8rpg0FuFdX3iAwQiSSJYQqMXb0MLngWw9/4vbWXnA vMbGIVc8uhF6FowIM3QIlMvUHYm3OOHNig7+hAWXICSRW74scI0lu1WixNhsuNQYOY+djqfnRi6 lwSZx4g== X-Google-Smtp-Source: AGHT+IFg0MEAMnG3Wrp4miJYl1OKfv7vBcy37QYN3xqF0m8kAhUHahTRAESm+yjq5eaH5DT3if2TwSacRsJb X-Received: from ejcvw12.prod.google.com ([2002:a17:907:a70c:b0:abc:7db:4a27]) (user=qperret job=prod-delivery.src-stubby-dispatcher) by 2002:a17:906:6a15:b0:abe:c849:7aa7 with SMTP id a640c23a62f3a-abec84989c0mr309298366b.41.1740448411867; Mon, 24 Feb 2025 17:53:31 -0800 (PST) Date: Tue, 25 Feb 2025 01:53:24 +0000 In-Reply-To: <20250225015327.3708420-1-qperret@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250225015327.3708420-1-qperret@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog Message-ID: <20250225015327.3708420-2-qperret@google.com> Subject: [PATCH v2 1/4] KVM: arm64: Add .hyp.data section From: Quentin Perret To: Marc Zyngier , Oliver Upton , Joey Gouly , Suzuki K Poulose , Zenghui Yu , Catalin Marinas , Will Deacon Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org, qperret@google.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: David Brazdil The hypervisor has not needed its own .data section because all globals were either .rodata or .bss. To avoid having to initialize future data-structures at run-time, let's introduce add a .data section to the hypervisor. Signed-off-by: David Brazdil Signed-off-by: Quentin Perret --- arch/arm64/include/asm/sections.h | 1 + arch/arm64/kernel/image-vars.h | 2 ++ arch/arm64/kernel/vmlinux.lds.S | 18 +++++++++++++++--- arch/arm64/kvm/arm.c | 7 +++++++ arch/arm64/kvm/hyp/nvhe/hyp.lds.S | 2 ++ arch/arm64/kvm/hyp/nvhe/setup.c | 4 ++++ arch/arm64/kvm/pkvm.c | 1 + 7 files changed, 32 insertions(+), 3 deletions(-) diff --git a/arch/arm64/include/asm/sections.h b/arch/arm64/include/asm/sec= tions.h index 40971ac1303f..51b0d594239e 100644 --- a/arch/arm64/include/asm/sections.h +++ b/arch/arm64/include/asm/sections.h @@ -11,6 +11,7 @@ extern char __alt_instructions[], __alt_instructions_end[= ]; extern char __hibernate_exit_text_start[], __hibernate_exit_text_end[]; extern char __hyp_idmap_text_start[], __hyp_idmap_text_end[]; extern char __hyp_text_start[], __hyp_text_end[]; +extern char __hyp_data_start[], __hyp_data_end[]; extern char __hyp_rodata_start[], __hyp_rodata_end[]; extern char __hyp_reloc_begin[], __hyp_reloc_end[]; extern char __hyp_bss_start[], __hyp_bss_end[]; diff --git a/arch/arm64/kernel/image-vars.h b/arch/arm64/kernel/image-vars.h index ef3a69cc398e..7c675e61ae58 100644 --- a/arch/arm64/kernel/image-vars.h +++ b/arch/arm64/kernel/image-vars.h @@ -135,6 +135,8 @@ KVM_NVHE_ALIAS(__hyp_text_start); KVM_NVHE_ALIAS(__hyp_text_end); KVM_NVHE_ALIAS(__hyp_bss_start); KVM_NVHE_ALIAS(__hyp_bss_end); +KVM_NVHE_ALIAS(__hyp_data_start); +KVM_NVHE_ALIAS(__hyp_data_end); KVM_NVHE_ALIAS(__hyp_rodata_start); KVM_NVHE_ALIAS(__hyp_rodata_end); =20 diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.ld= s.S index e73326bd3ff7..7c770053f072 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -13,7 +13,7 @@ *(__kvm_ex_table) \ __stop___kvm_ex_table =3D .; =20 -#define HYPERVISOR_DATA_SECTIONS \ +#define HYPERVISOR_RODATA_SECTIONS \ HYP_SECTION_NAME(.rodata) : { \ . =3D ALIGN(PAGE_SIZE); \ __hyp_rodata_start =3D .; \ @@ -23,6 +23,15 @@ __hyp_rodata_end =3D .; \ } =20 +#define HYPERVISOR_DATA_SECTION \ + HYP_SECTION_NAME(.data) : { \ + . =3D ALIGN(PAGE_SIZE); \ + __hyp_data_start =3D .; \ + *(HYP_SECTION_NAME(.data)) \ + . =3D ALIGN(PAGE_SIZE); \ + __hyp_data_end =3D .; \ + } + #define HYPERVISOR_PERCPU_SECTION \ . =3D ALIGN(PAGE_SIZE); \ HYP_SECTION_NAME(.data..percpu) : { \ @@ -51,7 +60,8 @@ #define SBSS_ALIGN PAGE_SIZE #else /* CONFIG_KVM */ #define HYPERVISOR_EXTABLE -#define HYPERVISOR_DATA_SECTIONS +#define HYPERVISOR_RODATA_SECTIONS +#define HYPERVISOR_DATA_SECTION #define HYPERVISOR_PERCPU_SECTION #define HYPERVISOR_RELOC_SECTION #define SBSS_ALIGN 0 @@ -190,7 +200,7 @@ SECTIONS /* everything from this point to __init_begin will be marked RO NX */ RO_DATA(PAGE_SIZE) =20 - HYPERVISOR_DATA_SECTIONS + HYPERVISOR_RODATA_SECTIONS =20 .got : { *(.got) } /* @@ -295,6 +305,8 @@ SECTIONS _sdata =3D .; RW_DATA(L1_CACHE_BYTES, PAGE_SIZE, THREAD_ALIGN) =20 + HYPERVISOR_DATA_SECTION + /* * Data written with the MMU off but read with the MMU on requires * cache lines to be invalidated, discarding up to a Cache Writeback diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index b8e55a441282..94d23b901b66 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -2568,6 +2568,13 @@ static int __init init_hyp_mode(void) goto out_err; } =20 + err =3D create_hyp_mappings(kvm_ksym_ref(__hyp_data_start), + kvm_ksym_ref(__hyp_data_end), PAGE_HYP); + if (err) { + kvm_err("Cannot map .hyp.data section\n"); + goto out_err; + } + err =3D create_hyp_mappings(kvm_ksym_ref(__hyp_rodata_start), kvm_ksym_ref(__hyp_rodata_end), PAGE_HYP_RO); if (err) { diff --git a/arch/arm64/kvm/hyp/nvhe/hyp.lds.S b/arch/arm64/kvm/hyp/nvhe/hy= p.lds.S index f4562f417d3f..d724f6d69302 100644 --- a/arch/arm64/kvm/hyp/nvhe/hyp.lds.S +++ b/arch/arm64/kvm/hyp/nvhe/hyp.lds.S @@ -25,5 +25,7 @@ SECTIONS { BEGIN_HYP_SECTION(.data..percpu) PERCPU_INPUT(L1_CACHE_BYTES) END_HYP_SECTION + HYP_SECTION(.bss) + HYP_SECTION(.data) } diff --git a/arch/arm64/kvm/hyp/nvhe/setup.c b/arch/arm64/kvm/hyp/nvhe/setu= p.c index d62bcb5634a2..46d9bd04348f 100644 --- a/arch/arm64/kvm/hyp/nvhe/setup.c +++ b/arch/arm64/kvm/hyp/nvhe/setup.c @@ -119,6 +119,10 @@ static int recreate_hyp_mappings(phys_addr_t phys, uns= igned long size, if (ret) return ret; =20 + ret =3D pkvm_create_mappings(__hyp_data_start, __hyp_data_end, PAGE_HYP); + if (ret) + return ret; + ret =3D pkvm_create_mappings(__hyp_rodata_start, __hyp_rodata_end, PAGE_H= YP_RO); if (ret) return ret; diff --git a/arch/arm64/kvm/pkvm.c b/arch/arm64/kvm/pkvm.c index 930b677eb9b0..5a75f9554e57 100644 --- a/arch/arm64/kvm/pkvm.c +++ b/arch/arm64/kvm/pkvm.c @@ -259,6 +259,7 @@ static int __init finalize_pkvm(void) * at, which would end badly once inaccessible. */ kmemleak_free_part(__hyp_bss_start, __hyp_bss_end - __hyp_bss_start); + kmemleak_free_part(__hyp_data_start, __hyp_data_end - __hyp_data_start); kmemleak_free_part(__hyp_rodata_start, __hyp_rodata_end - __hyp_rodata_st= art); kmemleak_free_part_phys(hyp_mem_base, hyp_mem_size); =20 --=20 2.48.1.658.g4767266eb4-goog From nobody Sun Feb 8 14:11:20 2026 Received: from mail-ej1-f74.google.com (mail-ej1-f74.google.com [209.85.218.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AF9C113AD11 for ; Tue, 25 Feb 2025 01:53:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740448417; cv=none; b=VtD16cAEZ34j8uSWhq5XzTfcyz5AJ7861pzD93qCYXwiEE8EYjiz2A0M7wS0Zv1GPb3FPnLDQsuLRlQPuERJl9NQkuGSaROQePFbakv68SpnAehGbiHLW4dlJOsKZvNS2eDjubSzlqiDNf3WdVgq+LhKsyRjjTgumyyqOfdGgSg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740448417; c=relaxed/simple; bh=e7B/eoAwu89jaT4gQ5rsNPl33ADnwHw9PC0+ErFwCr4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=j9ELGZoNf2WV6ncGhjE53uWEif/H/QKffLY0ux1n+/Rmks4ioW6/PxV5cInXI4a9hzppHfFgFe8kS1RaK/FMqNTwPX7y4N5ZtjZTFc2JW4mIUk4/UV+VsbKbRaTXbS8Wj2Bz8bl/71VShMzh1pMbAzjEt5xewKZxN+zO4kN6V+o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--qperret.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=qMwvvjRx; arc=none smtp.client-ip=209.85.218.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--qperret.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="qMwvvjRx" Received: by mail-ej1-f74.google.com with SMTP id a640c23a62f3a-abbba16956bso639663666b.2 for ; Mon, 24 Feb 2025 17:53:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1740448414; x=1741053214; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=wgX4G/wyCIy27tIesuPjLRJPT0WJaWFAbFWUEeP8CW8=; b=qMwvvjRx/LTsiQilrU/DMynw0ScH3q9fJJ9TtEO1F6msEMxtyRovFVCs2pJOcKTO6w KsIV6hDT0ySkJzeuZl+0LH90c3sLHb35Qb77OtEtDLJHt+y7Y+U0R+h6gJNfFW4K1dZt e51prfoNPT4yN8ioWq9VjLjrqSE6h7n32fm+44dwNzQrD686QzOaAZnOP4CzjQiNyMnS PlsUm8tsqPKth+Pbri35X0FLQuNLcrnMFLgafBEMZh1nr10kYUdaxhPSec05xy1b0HH2 BOlrXM6lnJTog1gDusDLjZsaeRqEFe4FJtfwux2/Ln8q5QaTMzh50uoR73hOr7py4Uii d5zg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740448414; x=1741053214; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=wgX4G/wyCIy27tIesuPjLRJPT0WJaWFAbFWUEeP8CW8=; b=taft9Z9R1IzBAZvk5O+zTB/bKD3+8y+3K/kV7WkDY4jRDOcR8DTf0mUX9K4/0iloIe U173YIEfCDr17baTGakCeBswV3rb1jhJIlhGs6km2fMz6e7+JDjH8bsw2CJseMoHqiCS ofGo7lxwPWZD5TsRHvrqfsgd11ubfgUpAJ0ZTUhfEwN2IbvGyZSDB1ZbbLuAjuKwvMZv mwYcti5zJzzyEw4m66fX/fNwKUM6vdzhMavEcI7X8HeJOzdnWiqIMhXfffYSecLrjZ4P MLwizcUJKZjWoTxep0aCWpBQm5Ev0ZW8T8SrfXOdTr0wDvl5KulDYIwF65txlrTrtg4j yGuA== X-Forwarded-Encrypted: i=1; AJvYcCUkcgw0EO/nKsw3AAtUMx+QpADxdKp3qw0h2aqpL5Fr/VW8UBetoh0uwUZI4Nq9Yf8JOmdCYQEZGz3sEaM=@vger.kernel.org X-Gm-Message-State: AOJu0YzzFBPam6l1zZghyh+3+18qHA2ZKAFozcstOLyUs3rQc5NU0za2 nm7SVPZdNWhNF5aKxxfvpY/L063yYPDWGfbj45iRXcGLhEs47DTwqeGvLjCnQmfNpKXE4k+Y2nb syCZQjA== X-Google-Smtp-Source: AGHT+IHaEufhivqbAqPz8dmOr7ipMkvz7Mo3kJou3GygxqUP3Pfy+Ob1mNc3FS5PEksGnbTAMER6tHUCQA2u X-Received: from ejcux14.prod.google.com ([2002:a17:907:cf8e:b0:abb:b80e:12f4]) (user=qperret job=prod-delivery.src-stubby-dispatcher) by 2002:a17:906:3181:b0:ab7:e8d6:3b21 with SMTP id a640c23a62f3a-abed0d764demr127674066b.28.1740448414099; Mon, 24 Feb 2025 17:53:34 -0800 (PST) Date: Tue, 25 Feb 2025 01:53:25 +0000 In-Reply-To: <20250225015327.3708420-1-qperret@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250225015327.3708420-1-qperret@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog Message-ID: <20250225015327.3708420-3-qperret@google.com> Subject: [PATCH v2 2/4] KVM: arm64: Don't WARN from __pkvm_host_share_guest() From: Quentin Perret To: Marc Zyngier , Oliver Upton , Joey Gouly , Suzuki K Poulose , Zenghui Yu , Catalin Marinas , Will Deacon Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org, qperret@google.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" We currently WARN() if the host attempts to share a page that is not in an acceptable state with a guest. This isn't strictly necessary and makes testing much harder, so drop the WARN and fix the error code. Signed-off-by: Quentin Perret --- arch/arm64/kvm/hyp/nvhe/mem_protect.c | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvh= e/mem_protect.c index 19c3c631708c..ae39abc7e604 100644 --- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c +++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c @@ -912,7 +912,6 @@ int __pkvm_host_share_guest(u64 pfn, u64 gfn, struct pk= vm_hyp_vcpu *vcpu, if (page->host_share_guest_count) break; /* Only host to np-guest multi-sharing is tolerated */ - WARN_ON(1); fallthrough; default: ret =3D -EPERM; --=20 2.48.1.658.g4767266eb4-goog From nobody Sun Feb 8 14:11:20 2026 Received: from mail-ej1-f73.google.com (mail-ej1-f73.google.com [209.85.218.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F2E5A1422A8 for ; Tue, 25 Feb 2025 01:53:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740448421; cv=none; b=GnW2tKpMWojYrtgBqolE0WHCWGwONA+4PyEA7yXkOS2aWR65dldhopdDBFtGKetj4iEXa2ahzuvQ5pkS9dqiG9S2lEnF4HonHIYcj65J+uWLeskqEKJ6Hqp8CtTTVBL6AzOo94FMuY2PxbZo433Gg69YpiPcCnrPYSd2OgUr6IE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740448421; c=relaxed/simple; bh=uk9F9tBYFF/EkJD9htt1GD0op2QMyfK9bfcyZ5umxhU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Rk5gtblz5ql07g9tXKoH4Y2cmGhdIkxENBmkaw/7p5UCpHN9hp9zNnWPCSSUIU49hceNp2sGt1IJH+g+5GIaiUZWrp0wFrm7jvvRzgFYxYmaPnPkuXa2QrSjAdAMrJDGjW9JSI0SM0VaVO6JNnnQ6WhpJGg1lu5ZvAWPeQ1GFeQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--qperret.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=zc/IEcwh; arc=none smtp.client-ip=209.85.218.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--qperret.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="zc/IEcwh" Received: by mail-ej1-f73.google.com with SMTP id a640c23a62f3a-abbc0572fc9so427112566b.0 for ; Mon, 24 Feb 2025 17:53:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1740448416; x=1741053216; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=mVBQg35LScynYQPBsFgs3dGrm+AD9n8KyZeHIALpKpg=; b=zc/IEcwhDsFcdEsi8OaI9irOI5TFvAgd1GfpP+RVhiGJq3eJouRaYwC1fZPDr5wdMj s/NB86vVJQJ9AiPEwCW0jusJjqp7y4XJvRia76wychrlaAt+smf4z53zs0kHsmNJAuxI YtyszDKKvKgMkhtQc/jnyEDKVu1m2n9ku5vSwlRlodVIZpWu7nUYAL9hoKYfroc8zBuE D/NleV7nHetEPsFfdIgjAGI9fn0pZa9kwbATYUTYNruatFlnoy3PKqx7P38o5Ie4MQhv JnXZJlX3DoAFuvjVwMptAzUGdEYEI+qoG8FjZ+RRw+5v6z2ls5zifDPmBYiFzJh+/1HE ilrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740448416; x=1741053216; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=mVBQg35LScynYQPBsFgs3dGrm+AD9n8KyZeHIALpKpg=; b=RpOQtu43QVZIfhEa37PoCKVOBy+hn2wyhSRXi5ucIieqYAX23NTQGyQQGhh6gUw6c6 FTJV7TAkB8hy1q60yKp/IDRSMuTu5SsaiD1MnWGjiKwoRXGGkjtvy3BI6ZrMsEsIRVHy utgoSYuLAGfLM+seoPKy7foXmPc+80HFMPnEik+xE9bCKywicMnbcKutYrZh5v/PM9Gc Xr8KhPRei5brNG9Yd3gnJFL29sd9ulAwOGSObmhCE8QWp2/duGyjPk/ZpprlENbkXSJz lCii7s7I7R2o1dpShA1LOatssaU+XYJkesOa8+tmpPzSS+sLV5y8pFz2efCeqq3B0DTe S4/g== X-Forwarded-Encrypted: i=1; AJvYcCXYevVUDzLuTzVeKaphIiyv7gLLK76z5WA45K5q9/0wNDh6MdcBLnLfgv0b0tYH7BDfPTAXv8Q3f0/+RlU=@vger.kernel.org X-Gm-Message-State: AOJu0YzuvDSAEGaBKGCHdxlMksLhAIbYIYkqse1m1pAaJhFFDxjwd9Uv 7kEnnA9OzrcnNL+0q3FkVQH/CUa65ayRB+O6Z06308RwdsUXTBiaCFh3pS9dfJqOfjnoNAuVvnh YvnYKqQ== X-Google-Smtp-Source: AGHT+IEOA9rIjA6uekoY3WihM+tF/K0vVRrG2dIyIogwJ20oRerMsyDc12AtygClhb6MD/mhH+yOzfP2W+Kp X-Received: from ejcvg17.prod.google.com ([2002:a17:907:d311:b0:abb:78a9:ce4a]) (user=qperret job=prod-delivery.src-stubby-dispatcher) by 2002:a17:907:7801:b0:aa6:7737:199c with SMTP id a640c23a62f3a-abc09a079d1mr1474527866b.15.1740448416319; Mon, 24 Feb 2025 17:53:36 -0800 (PST) Date: Tue, 25 Feb 2025 01:53:26 +0000 In-Reply-To: <20250225015327.3708420-1-qperret@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250225015327.3708420-1-qperret@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog Message-ID: <20250225015327.3708420-4-qperret@google.com> Subject: [PATCH v2 3/4] KVM: arm64: Selftest for pKVM transitions From: Quentin Perret To: Marc Zyngier , Oliver Upton , Joey Gouly , Suzuki K Poulose , Zenghui Yu , Catalin Marinas , Will Deacon Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org, qperret@google.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" We have recently found a bug [1] in the pKVM memory ownership transitions by code inspection, but it could have been caught with a test. Introduce a boot-time selftest exercising all the known pKVM memory transitions and importantly checks the rejection of illegal transitions. The new test is hidden behind a new Kconfig option separate from CONFIG_EL2_NVHE_DEBUG on purpose as that has side effects on the transition checks ([1] doesn't reproduce with EL2 debug enabled). [1] https://lore.kernel.org/kvmarm/20241128154406.602875-1-qperret@google.c= om/ Suggested-by: Will Deacon Signed-off-by: Quentin Perret --- arch/arm64/kvm/Kconfig | 10 ++ arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 6 + arch/arm64/kvm/hyp/nvhe/mem_protect.c | 111 ++++++++++++++++++ arch/arm64/kvm/hyp/nvhe/setup.c | 2 + 4 files changed, 129 insertions(+) diff --git a/arch/arm64/kvm/Kconfig b/arch/arm64/kvm/Kconfig index ead632ad01b4..038d7f52232c 100644 --- a/arch/arm64/kvm/Kconfig +++ b/arch/arm64/kvm/Kconfig @@ -46,6 +46,7 @@ menuconfig KVM config NVHE_EL2_DEBUG bool "Debug mode for non-VHE EL2 object" depends on KVM + select PKVM_SELFTESTS help Say Y here to enable the debug mode for the non-VHE KVM EL2 object. Failure reports will BUG() in the hypervisor. This is intended for @@ -53,6 +54,15 @@ config NVHE_EL2_DEBUG =20 If unsure, say N. =20 +config PKVM_SELFTESTS + bool "Protected KVM hypervisor selftests" + help + Say Y here to enable Protected KVM (pKVM) hypervisor selftests + during boot. Failure reports will panic the hypervisor. This is + intended for EL2 hypervisor development. + + If unsure, say N. + config PROTECTED_NVHE_STACKTRACE bool "Protected KVM hypervisor stacktraces" depends on NVHE_EL2_DEBUG diff --git a/arch/arm64/kvm/hyp/include/nvhe/mem_protect.h b/arch/arm64/kvm= /hyp/include/nvhe/mem_protect.h index 978f38c386ee..31a3f2cdf242 100644 --- a/arch/arm64/kvm/hyp/include/nvhe/mem_protect.h +++ b/arch/arm64/kvm/hyp/include/nvhe/mem_protect.h @@ -67,4 +67,10 @@ static __always_inline void __load_host_stage2(void) else write_sysreg(0, vttbr_el2); } + +#ifdef CONFIG_PKVM_SELFTESTS +void pkvm_ownership_selftest(void); +#else +static inline void pkvm_ownership_selftest(void) { } +#endif #endif /* __KVM_NVHE_MEM_PROTECT__ */ diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvh= e/mem_protect.c index ae39abc7e604..46f3f4aeecc5 100644 --- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c +++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c @@ -1083,3 +1083,114 @@ int __pkvm_host_mkyoung_guest(u64 gfn, struct pkvm_= hyp_vcpu *vcpu) =20 return 0; } + +#ifdef CONFIG_PKVM_SELFTESTS +struct pkvm_expected_state { + enum pkvm_page_state host; + enum pkvm_page_state hyp; +}; + +static struct pkvm_expected_state selftest_state; +static struct hyp_page *selftest_page; + +static void assert_page_state(void) +{ + void *virt =3D hyp_page_to_virt(selftest_page); + u64 size =3D PAGE_SIZE << selftest_page->order; + u64 phys =3D hyp_virt_to_phys(virt); + + host_lock_component(); + WARN_ON(__host_check_page_state_range(phys, size, selftest_state.host)); + host_unlock_component(); + + hyp_lock_component(); + WARN_ON(__hyp_check_page_state_range((u64)virt, size, selftest_state.hyp)= ); + hyp_unlock_component(); +} + +#define assert_transition_res(res, fn, ...) \ + do { \ + WARN_ON(fn(__VA_ARGS__) !=3D res); \ + assert_page_state(); \ + } while (0) + +void pkvm_ownership_selftest(void) +{ + void *virt =3D hyp_alloc_pages(&host_s2_pool, 0); + u64 phys, size, pfn; + + WARN_ON(!virt); + selftest_page =3D hyp_virt_to_page(virt); + selftest_page->refcount =3D 0; + + size =3D PAGE_SIZE << selftest_page->order; + phys =3D hyp_virt_to_phys(virt); + pfn =3D hyp_phys_to_pfn(phys); + + selftest_state.host =3D PKVM_NOPAGE; + selftest_state.hyp =3D PKVM_PAGE_OWNED; + assert_page_state(); + assert_transition_res(-EPERM, __pkvm_host_donate_hyp, pfn, 1); + assert_transition_res(-EPERM, __pkvm_host_share_hyp, pfn); + assert_transition_res(-EPERM, __pkvm_host_unshare_hyp, pfn); + assert_transition_res(-EPERM, __pkvm_host_share_ffa, pfn, 1); + assert_transition_res(-EPERM, __pkvm_host_unshare_ffa, pfn, 1); + assert_transition_res(-EPERM, hyp_pin_shared_mem, virt, virt + size); + + selftest_state.host =3D PKVM_PAGE_OWNED; + selftest_state.hyp =3D PKVM_NOPAGE; + assert_transition_res(0, __pkvm_hyp_donate_host, pfn, 1); + assert_transition_res(-EPERM, __pkvm_hyp_donate_host, pfn, 1); + assert_transition_res(-EPERM, __pkvm_host_unshare_hyp, pfn); + assert_transition_res(-EPERM, __pkvm_host_unshare_ffa, pfn, 1); + assert_transition_res(-EPERM, hyp_pin_shared_mem, virt, virt + size); + + selftest_state.host =3D PKVM_PAGE_SHARED_OWNED; + selftest_state.hyp =3D PKVM_PAGE_SHARED_BORROWED; + assert_transition_res(0, __pkvm_host_share_hyp, pfn); + assert_transition_res(-EPERM, __pkvm_host_share_hyp, pfn); + assert_transition_res(-EPERM, __pkvm_host_donate_hyp, pfn, 1); + assert_transition_res(-EPERM, __pkvm_host_share_ffa, pfn, 1); + assert_transition_res(-EPERM, __pkvm_hyp_donate_host, pfn, 1); + + assert_transition_res(0, hyp_pin_shared_mem, virt, virt + size); + assert_transition_res(0, hyp_pin_shared_mem, virt, virt + size); + hyp_unpin_shared_mem(virt, virt + size); + WARN_ON(hyp_page_count(virt) !=3D 1); + assert_transition_res(-EBUSY, __pkvm_host_unshare_hyp, pfn); + assert_transition_res(-EPERM, __pkvm_host_share_hyp, pfn); + assert_transition_res(-EPERM, __pkvm_host_donate_hyp, pfn, 1); + assert_transition_res(-EPERM, __pkvm_host_share_ffa, pfn, 1); + assert_transition_res(-EPERM, __pkvm_hyp_donate_host, pfn, 1); + + hyp_unpin_shared_mem(virt, virt + size); + assert_page_state(); + WARN_ON(hyp_page_count(virt)); + + selftest_state.host =3D PKVM_PAGE_OWNED; + selftest_state.hyp =3D PKVM_NOPAGE; + assert_transition_res(0, __pkvm_host_unshare_hyp, pfn); + + selftest_state.host =3D PKVM_PAGE_SHARED_OWNED; + selftest_state.hyp =3D PKVM_NOPAGE; + assert_transition_res(0, __pkvm_host_share_ffa, pfn, 1); + assert_transition_res(-EPERM, __pkvm_host_share_ffa, pfn, 1); + assert_transition_res(-EPERM, __pkvm_host_donate_hyp, pfn, 1); + assert_transition_res(-EPERM, __pkvm_host_share_hyp, pfn); + assert_transition_res(-EPERM, __pkvm_host_unshare_hyp, pfn); + assert_transition_res(-EPERM, __pkvm_hyp_donate_host, pfn, 1); + assert_transition_res(-EPERM, hyp_pin_shared_mem, virt, virt + size); + + selftest_state.host =3D PKVM_PAGE_OWNED; + selftest_state.hyp =3D PKVM_NOPAGE; + assert_transition_res(0, __pkvm_host_unshare_ffa, pfn, 1); + assert_transition_res(-EPERM, __pkvm_host_unshare_ffa, pfn, 1); + + selftest_state.host =3D PKVM_NOPAGE; + selftest_state.hyp =3D PKVM_PAGE_OWNED; + assert_transition_res(0, __pkvm_host_donate_hyp, pfn, 1); + + selftest_page->refcount =3D 1; + hyp_put_page(&host_s2_pool, virt); +} +#endif diff --git a/arch/arm64/kvm/hyp/nvhe/setup.c b/arch/arm64/kvm/hyp/nvhe/setu= p.c index 46d9bd04348f..54006f959e1b 100644 --- a/arch/arm64/kvm/hyp/nvhe/setup.c +++ b/arch/arm64/kvm/hyp/nvhe/setup.c @@ -308,6 +308,8 @@ void __noreturn __pkvm_init_finalise(void) goto out; =20 pkvm_hyp_vm_table_init(vm_table_base); + + pkvm_ownership_selftest(); out: /* * We tail-called to here from handle___pkvm_init() and will not return, --=20 2.48.1.658.g4767266eb4-goog From nobody Sun Feb 8 14:11:20 2026 Received: from mail-ed1-f74.google.com (mail-ed1-f74.google.com [209.85.208.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2282D133987 for ; Tue, 25 Feb 2025 01:53:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740448422; cv=none; b=XYwFXCVbP4t3gcUpYSk6Fe05JCPHxHGYDSPgM8C/mUQUJ7GA6pvKa9a7IhPMShhHvvhqot8B0EnjxxwWRNnggr/lJdc4HnyNRswtr0MgmIZZJnZ0/nk9HtPFkK9iZS8+VLTeQvzbXLbtDELgVOgy2uQXVl92SNg+Cvjw8qrNJDU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740448422; c=relaxed/simple; bh=G4kbwapJ8xN308f+p/Fax6Gc5PoYYSkhHYuE1MyjKho=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=uFVtKwwOYhJUyrp0SIINkSrU4iwg0b9Fw36+4qXNGYP0/hpyMv9xGjMAXZGN/hjRYU45jdBz+fVLhqvFeLaRJkMV47GvmfXnCT4WpJCc6eNoMK34s3T8vEY56N3ldRnhjGjAiG5ZdJZiinbPjZQvIl5T1tUPFmXUEvlbPj2wWog= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--qperret.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=j51rNMMs; arc=none smtp.client-ip=209.85.208.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--qperret.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="j51rNMMs" Received: by mail-ed1-f74.google.com with SMTP id 4fb4d7f45d1cf-5e067bbd3baso4523518a12.3 for ; Mon, 24 Feb 2025 17:53:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1740448418; x=1741053218; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=m7dZmTdaF5BfvE12HLbTKAM/qU/qgzQacpIdfJS89lM=; b=j51rNMMsNMAtNbOBSD+BpEUjTo4gMFQ4lZYYK/Mb0zVC7av5B0GXT/+a71XIu8A0d1 bBXthYSJFqpGuzjONa6UowjVlCsgQeNzKZjaVkkaIJmYStliLP24V86R6MmIoE09USiI +NxvF17xLfbumnImEzVAXSRYceyAKIZn1Va/h4kdEfsLA80bHgAcoFBPkUaAr4BsnMCy 7cSv6PL7Rt8uPKk46qAswllaqz3RXgaUKQ58REnudPodpbMMQQiA5Emm/nSav3K4d4zk 1UR4lVqpXBncTFOyTJBlrztHBJ7CNjUufcNnhh7x3XnTLDv70blAOmg5DfZjCU9xr23J wvSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740448418; x=1741053218; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=m7dZmTdaF5BfvE12HLbTKAM/qU/qgzQacpIdfJS89lM=; b=PCSeOeEpnqDn9nMj6OG/JUJgGKppGbE8Slzp+4UTBVHb5mm2rhLINDO/5PGFzrAIgT M/jVi2rICorgY8hojmwZAi5BiuGsWrQPOUMC88rXbMZgyEMVxpiXwc0tY3xNqophMVbn A3xnxSMGzMRsSHBiH6nwrkDr33AWOqg2EHUBPyJzbLZgcm6n+9CUXaNsA83VgGdlrF56 EP2quDU7SjzBy/4XMVxu67RNsx4Xsxy2l3LeR24eIvr+EuNdnBUTxp2IMq4Y3Eps/Qud +XFAz9DqKTKXFaNtaOlkn96xin3Vj67OSyeTSTKgAArBNjiN01SwEQRZZpcjm7xx9yC0 Qb/Q== X-Forwarded-Encrypted: i=1; AJvYcCVBhu6L4fY8mPrYK2h18zoMzt7j+uJ8l6nLFC6rQWU3zoLf1r0WJ+C0G8I22EUEpqMoKygwaMXZJRRf77E=@vger.kernel.org X-Gm-Message-State: AOJu0YwWQO9y1BMQUcUf4M7roke7x/RDN+XRuWuNZodr0p2/Yz1iPz2G DemTOAZeTHE9FWup5cGTsZiuRvrx9tC2z0rPQeELuhNYg/pgcJat85De2IBw/YJqPnLyONcwgXq RYVTMYg== X-Google-Smtp-Source: AGHT+IGwggas76Qq6nVnBY8hQptDHcF9hAdQuXod8zicSSA+dENSbfVyJVzhiJxQLNjNL2CSji69tgz9i4oD X-Received: from edbig12.prod.google.com ([2002:a05:6402:458c:b0:5de:6e72:c13b]) (user=qperret job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6402:42c5:b0:5e0:87fb:72fb with SMTP id 4fb4d7f45d1cf-5e0b70b707dmr17770196a12.6.1740448418641; Mon, 24 Feb 2025 17:53:38 -0800 (PST) Date: Tue, 25 Feb 2025 01:53:27 +0000 In-Reply-To: <20250225015327.3708420-1-qperret@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250225015327.3708420-1-qperret@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog Message-ID: <20250225015327.3708420-5-qperret@google.com> Subject: [PATCH v2 4/4] KVM: arm64: Extend pKVM selftest for np-guests From: Quentin Perret To: Marc Zyngier , Oliver Upton , Joey Gouly , Suzuki K Poulose , Zenghui Yu , Catalin Marinas , Will Deacon Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org, qperret@google.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The pKVM selftest intends to test as many memory 'transitions' as possible, so extend it to cover sharing pages with non-protected guests, including in the case of multi-sharing. Signed-off-by: Quentin Perret --- arch/arm64/include/asm/kvm_pkvm.h | 6 ++ arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 4 +- arch/arm64/kvm/hyp/nvhe/mem_protect.c | 90 ++++++++++++++++++- arch/arm64/kvm/hyp/nvhe/setup.c | 8 +- arch/arm64/kvm/pkvm.c | 1 + 5 files changed, 104 insertions(+), 5 deletions(-) diff --git a/arch/arm64/include/asm/kvm_pkvm.h b/arch/arm64/include/asm/kvm= _pkvm.h index eb65f12e81d9..104b6b5ab6f5 100644 --- a/arch/arm64/include/asm/kvm_pkvm.h +++ b/arch/arm64/include/asm/kvm_pkvm.h @@ -134,6 +134,12 @@ static inline unsigned long host_s2_pgtable_pages(void) return res; } =20 +#ifdef CONFIG_PKVM_SELFTESTS +static inline unsigned long pkvm_selftest_pages(void) { return 32; } +#else +static inline unsigned long pkvm_selftest_pages(void) { return 0; } +#endif + #define KVM_FFA_MBOX_NR_PAGES 1 =20 static inline unsigned long hyp_ffa_proxy_pages(void) diff --git a/arch/arm64/kvm/hyp/include/nvhe/mem_protect.h b/arch/arm64/kvm= /hyp/include/nvhe/mem_protect.h index 31a3f2cdf242..dd53af947a58 100644 --- a/arch/arm64/kvm/hyp/include/nvhe/mem_protect.h +++ b/arch/arm64/kvm/hyp/include/nvhe/mem_protect.h @@ -69,8 +69,8 @@ static __always_inline void __load_host_stage2(void) } =20 #ifdef CONFIG_PKVM_SELFTESTS -void pkvm_ownership_selftest(void); +void pkvm_ownership_selftest(void *base); #else -static inline void pkvm_ownership_selftest(void) { } +static inline void pkvm_ownership_selftest(void *base) { } #endif #endif /* __KVM_NVHE_MEM_PROTECT__ */ diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvh= e/mem_protect.c index 46f3f4aeecc5..a03a2665e234 100644 --- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c +++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c @@ -1088,16 +1088,60 @@ int __pkvm_host_mkyoung_guest(u64 gfn, struct pkvm_= hyp_vcpu *vcpu) struct pkvm_expected_state { enum pkvm_page_state host; enum pkvm_page_state hyp; + enum pkvm_page_state guest[2]; /* [ gfn, gfn + 1 ] */ }; =20 static struct pkvm_expected_state selftest_state; static struct hyp_page *selftest_page; =20 +static struct pkvm_hyp_vm selftest_vm =3D { + .kvm =3D { + .arch =3D { + .mmu =3D { + .arch =3D &selftest_vm.kvm.arch, + .pgt =3D &selftest_vm.pgt, + }, + }, + }, +}; + +static struct pkvm_hyp_vcpu selftest_vcpu =3D { + .vcpu =3D { + .arch =3D { + .hw_mmu =3D &selftest_vm.kvm.arch.mmu, + }, + .kvm =3D &selftest_vm.kvm, + }, +}; + +static void init_selftest_vm(void *virt) +{ + struct hyp_page *p =3D hyp_virt_to_page(virt); + int i; + + selftest_vm.kvm.arch.mmu.vtcr =3D host_mmu.arch.mmu.vtcr; + WARN_ON(kvm_guest_prepare_stage2(&selftest_vm, virt)); + + for (i =3D 0; i < pkvm_selftest_pages(); i++) { + if (p[i].refcount) + continue; + p[i].refcount =3D 1; + hyp_put_page(&selftest_vm.pool, hyp_page_to_virt(&p[i])); + } +} + +static u64 selftest_ipa(void) +{ + return BIT(selftest_vm.pgt.ia_bits - 1); +} + static void assert_page_state(void) { void *virt =3D hyp_page_to_virt(selftest_page); u64 size =3D PAGE_SIZE << selftest_page->order; + struct pkvm_hyp_vcpu *vcpu =3D &selftest_vcpu; u64 phys =3D hyp_virt_to_phys(virt); + u64 ipa[2] =3D { selftest_ipa(), selftest_ipa() + PAGE_SIZE }; =20 host_lock_component(); WARN_ON(__host_check_page_state_range(phys, size, selftest_state.host)); @@ -1106,6 +1150,11 @@ static void assert_page_state(void) hyp_lock_component(); WARN_ON(__hyp_check_page_state_range((u64)virt, size, selftest_state.hyp)= ); hyp_unlock_component(); + + guest_lock_component(&selftest_vm); + WARN_ON(__guest_check_page_state_range(vcpu, ipa[0], size, selftest_state= .guest[0])); + WARN_ON(__guest_check_page_state_range(vcpu, ipa[1], size, selftest_state= .guest[1])); + guest_unlock_component(&selftest_vm); } =20 #define assert_transition_res(res, fn, ...) \ @@ -1114,21 +1163,27 @@ static void assert_page_state(void) assert_page_state(); \ } while (0) =20 -void pkvm_ownership_selftest(void) +void pkvm_ownership_selftest(void *base) { + enum kvm_pgtable_prot prot =3D KVM_PGTABLE_PROT_RWX; void *virt =3D hyp_alloc_pages(&host_s2_pool, 0); - u64 phys, size, pfn; + struct pkvm_hyp_vcpu *vcpu =3D &selftest_vcpu; + struct pkvm_hyp_vm *vm =3D &selftest_vm; + u64 phys, size, pfn, gfn; =20 WARN_ON(!virt); selftest_page =3D hyp_virt_to_page(virt); selftest_page->refcount =3D 0; + init_selftest_vm(base); =20 size =3D PAGE_SIZE << selftest_page->order; phys =3D hyp_virt_to_phys(virt); pfn =3D hyp_phys_to_pfn(phys); + gfn =3D hyp_phys_to_pfn(selftest_ipa()); =20 selftest_state.host =3D PKVM_NOPAGE; selftest_state.hyp =3D PKVM_PAGE_OWNED; + selftest_state.guest[0] =3D selftest_state.guest[1] =3D PKVM_NOPAGE; assert_page_state(); assert_transition_res(-EPERM, __pkvm_host_donate_hyp, pfn, 1); assert_transition_res(-EPERM, __pkvm_host_share_hyp, pfn); @@ -1136,6 +1191,8 @@ void pkvm_ownership_selftest(void) assert_transition_res(-EPERM, __pkvm_host_share_ffa, pfn, 1); assert_transition_res(-EPERM, __pkvm_host_unshare_ffa, pfn, 1); assert_transition_res(-EPERM, hyp_pin_shared_mem, virt, virt + size); + assert_transition_res(-EPERM, __pkvm_host_share_guest, pfn, gfn, vcpu, pr= ot); + assert_transition_res(-ENOENT, __pkvm_host_unshare_guest, gfn, vm); =20 selftest_state.host =3D PKVM_PAGE_OWNED; selftest_state.hyp =3D PKVM_NOPAGE; @@ -1143,6 +1200,7 @@ void pkvm_ownership_selftest(void) assert_transition_res(-EPERM, __pkvm_hyp_donate_host, pfn, 1); assert_transition_res(-EPERM, __pkvm_host_unshare_hyp, pfn); assert_transition_res(-EPERM, __pkvm_host_unshare_ffa, pfn, 1); + assert_transition_res(-ENOENT, __pkvm_host_unshare_guest, gfn, vm); assert_transition_res(-EPERM, hyp_pin_shared_mem, virt, virt + size); =20 selftest_state.host =3D PKVM_PAGE_SHARED_OWNED; @@ -1152,6 +1210,8 @@ void pkvm_ownership_selftest(void) assert_transition_res(-EPERM, __pkvm_host_donate_hyp, pfn, 1); assert_transition_res(-EPERM, __pkvm_host_share_ffa, pfn, 1); assert_transition_res(-EPERM, __pkvm_hyp_donate_host, pfn, 1); + assert_transition_res(-EPERM, __pkvm_host_share_guest, pfn, gfn, vcpu, pr= ot); + assert_transition_res(-ENOENT, __pkvm_host_unshare_guest, gfn, vm); =20 assert_transition_res(0, hyp_pin_shared_mem, virt, virt + size); assert_transition_res(0, hyp_pin_shared_mem, virt, virt + size); @@ -1162,6 +1222,8 @@ void pkvm_ownership_selftest(void) assert_transition_res(-EPERM, __pkvm_host_donate_hyp, pfn, 1); assert_transition_res(-EPERM, __pkvm_host_share_ffa, pfn, 1); assert_transition_res(-EPERM, __pkvm_hyp_donate_host, pfn, 1); + assert_transition_res(-EPERM, __pkvm_host_share_guest, pfn, gfn, vcpu, pr= ot); + assert_transition_res(-ENOENT, __pkvm_host_unshare_guest, gfn, vm); =20 hyp_unpin_shared_mem(virt, virt + size); assert_page_state(); @@ -1179,6 +1241,8 @@ void pkvm_ownership_selftest(void) assert_transition_res(-EPERM, __pkvm_host_share_hyp, pfn); assert_transition_res(-EPERM, __pkvm_host_unshare_hyp, pfn); assert_transition_res(-EPERM, __pkvm_hyp_donate_host, pfn, 1); + assert_transition_res(-EPERM, __pkvm_host_share_guest, pfn, gfn, vcpu, pr= ot); + assert_transition_res(-ENOENT, __pkvm_host_unshare_guest, gfn, vm); assert_transition_res(-EPERM, hyp_pin_shared_mem, virt, virt + size); =20 selftest_state.host =3D PKVM_PAGE_OWNED; @@ -1186,6 +1250,28 @@ void pkvm_ownership_selftest(void) assert_transition_res(0, __pkvm_host_unshare_ffa, pfn, 1); assert_transition_res(-EPERM, __pkvm_host_unshare_ffa, pfn, 1); =20 + selftest_state.host =3D PKVM_PAGE_SHARED_OWNED; + selftest_state.guest[0] =3D PKVM_PAGE_SHARED_BORROWED; + assert_transition_res(0, __pkvm_host_share_guest, pfn, gfn, vcpu, prot); + assert_transition_res(-EPERM, __pkvm_host_share_guest, pfn, gfn, vcpu, pr= ot); + assert_transition_res(-EPERM, __pkvm_host_share_ffa, pfn, 1); + assert_transition_res(-EPERM, __pkvm_host_donate_hyp, pfn, 1); + assert_transition_res(-EPERM, __pkvm_host_share_hyp, pfn); + assert_transition_res(-EPERM, __pkvm_host_unshare_hyp, pfn); + assert_transition_res(-EPERM, __pkvm_hyp_donate_host, pfn, 1); + assert_transition_res(-EPERM, hyp_pin_shared_mem, virt, virt + size); + + selftest_state.guest[1] =3D PKVM_PAGE_SHARED_BORROWED; + assert_transition_res(0, __pkvm_host_share_guest, pfn, gfn + 1, vcpu, pro= t); + WARN_ON(hyp_virt_to_page(virt)->host_share_guest_count !=3D 2); + + selftest_state.guest[0] =3D PKVM_NOPAGE; + assert_transition_res(0, __pkvm_host_unshare_guest, gfn, vm); + + selftest_state.guest[1] =3D PKVM_NOPAGE; + selftest_state.host =3D PKVM_PAGE_OWNED; + assert_transition_res(0, __pkvm_host_unshare_guest, gfn + 1, vm); + selftest_state.host =3D PKVM_NOPAGE; selftest_state.hyp =3D PKVM_PAGE_OWNED; assert_transition_res(0, __pkvm_host_donate_hyp, pfn, 1); diff --git a/arch/arm64/kvm/hyp/nvhe/setup.c b/arch/arm64/kvm/hyp/nvhe/setu= p.c index 54006f959e1b..814548134a83 100644 --- a/arch/arm64/kvm/hyp/nvhe/setup.c +++ b/arch/arm64/kvm/hyp/nvhe/setup.c @@ -28,6 +28,7 @@ static void *vmemmap_base; static void *vm_table_base; static void *hyp_pgt_base; static void *host_s2_pgt_base; +static void *selftest_base; static void *ffa_proxy_pages; static struct kvm_pgtable_mm_ops pkvm_pgtable_mm_ops; static struct hyp_pool hpool; @@ -38,6 +39,11 @@ static int divide_memory_pool(void *virt, unsigned long = size) =20 hyp_early_alloc_init(virt, size); =20 + nr_pages =3D pkvm_selftest_pages(); + selftest_base =3D hyp_early_alloc_contig(nr_pages); + if (nr_pages && !selftest_base) + return -ENOMEM; + nr_pages =3D hyp_vmemmap_pages(sizeof(struct hyp_page)); vmemmap_base =3D hyp_early_alloc_contig(nr_pages); if (!vmemmap_base) @@ -309,7 +315,7 @@ void __noreturn __pkvm_init_finalise(void) =20 pkvm_hyp_vm_table_init(vm_table_base); =20 - pkvm_ownership_selftest(); + pkvm_ownership_selftest(selftest_base); out: /* * We tail-called to here from handle___pkvm_init() and will not return, diff --git a/arch/arm64/kvm/pkvm.c b/arch/arm64/kvm/pkvm.c index 5a75f9554e57..728ae5f44da3 100644 --- a/arch/arm64/kvm/pkvm.c +++ b/arch/arm64/kvm/pkvm.c @@ -79,6 +79,7 @@ void __init kvm_hyp_reserve(void) hyp_mem_pages +=3D host_s2_pgtable_pages(); hyp_mem_pages +=3D hyp_vm_table_pages(); hyp_mem_pages +=3D hyp_vmemmap_pages(STRUCT_HYP_PAGE_SIZE); + hyp_mem_pages +=3D pkvm_selftest_pages(); hyp_mem_pages +=3D hyp_ffa_proxy_pages(); =20 /* --=20 2.48.1.658.g4767266eb4-goog