lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <fe5626ef-3930-4ad1-b41e-3734ac16b562@arm.com>
Date: Mon, 2 Sep 2024 11:17:14 +0100
From: Steven Price <steven.price@....com>
To: "Aneesh Kumar K.V" <aneesh.kumar@...nel.org>, kvm@...r.kernel.org,
 kvmarm@...ts.linux.dev
Cc: Catalin Marinas <catalin.marinas@....com>, Marc Zyngier <maz@...nel.org>,
 Will Deacon <will@...nel.org>, James Morse <james.morse@....com>,
 Oliver Upton <oliver.upton@...ux.dev>,
 Suzuki K Poulose <suzuki.poulose@....com>, Zenghui Yu
 <yuzenghui@...wei.com>, linux-arm-kernel@...ts.infradead.org,
 linux-kernel@...r.kernel.org, Joey Gouly <joey.gouly@....com>,
 Alexandru Elisei <alexandru.elisei@....com>,
 Christoffer Dall <christoffer.dall@....com>, Fuad Tabba <tabba@...gle.com>,
 linux-coco@...ts.linux.dev,
 Ganapatrao Kulkarni <gankulkarni@...amperecomputing.com>,
 Gavin Shan <gshan@...hat.com>, Shanker Donthineni <sdonthineni@...dia.com>,
 Alper Gun <alpergun@...gle.com>
Subject: Re: [PATCH v4 43/43] KVM: arm64: Allow activating realms

On 02/09/2024 06:13, Aneesh Kumar K.V wrote:
> Steven Price <steven.price@....com> writes:
> 
>> Add the ioctl to activate a realm and set the static branch to enable
>> access to the realm functionality if the RMM is detected.
>>
>> Signed-off-by: Steven Price <steven.price@....com>
>> ---
>>  arch/arm64/kvm/rme.c | 19 ++++++++++++++++++-
>>  1 file changed, 18 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/arm64/kvm/rme.c b/arch/arm64/kvm/rme.c
>> index 9f415411d3b5..1eeef9e15d1c 100644
>> --- a/arch/arm64/kvm/rme.c
>> +++ b/arch/arm64/kvm/rme.c
>> @@ -1194,6 +1194,20 @@ static int kvm_init_ipa_range_realm(struct kvm *kvm,
>>  	return realm_init_ipa_state(realm, addr, end);
>>  }
>>  
>> +static int kvm_activate_realm(struct kvm *kvm)
>> +{
>> +	struct realm *realm = &kvm->arch.realm;
>> +
>> +	if (kvm_realm_state(kvm) != REALM_STATE_NEW)
>> +		return -EINVAL;
>> +
>> +	if (rmi_realm_activate(virt_to_phys(realm->rd)))
>> +		return -ENXIO;
>> +
>> +	WRITE_ONCE(realm->state, REALM_STATE_ACTIVE);
>> +	return 0;
>> +}
>> +
>>  /* Protects access to rme_vmid_bitmap */
>>  static DEFINE_SPINLOCK(rme_vmid_lock);
>>  static unsigned long *rme_vmid_bitmap;
>> @@ -1343,6 +1357,9 @@ int kvm_realm_enable_cap(struct kvm *kvm, struct kvm_enable_cap *cap)
>>  		r = kvm_populate_realm(kvm, &args);
>>  		break;
>>  	}
>> +	case KVM_CAP_ARM_RME_ACTIVATE_REALM:
>> +		r = kvm_activate_realm(kvm);
>> +		break;
>>  	default:
>>  		r = -EINVAL;
>>  		break;
>> @@ -1599,5 +1616,5 @@ void kvm_init_rme(void)
>>  	if (rme_vmid_init())
>>  		return;
>>  
>> -	/* Future patch will enable static branch kvm_rme_is_available */
>> +	static_branch_enable(&kvm_rme_is_available);
>>
> 
> like rsi_present, we might want to use this outside kvm, ex: for TIO.

I'm struggling to think why rme_is_available would be needed outside KVM
- what is "TIO"?

> Can we move this outside module init so that we can have a helper
> like is_rme_supported()

It's obviously possible, but I'm not sure where in the code it would go
- if there is an actual use case outside of KVM then presumably it would
need to move completely outside of the KVM code.

Can you elaborate on why you think it might be useful?

Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ