lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5d204cf7-c6a0-455c-8706-753e1fce3777@arm.com>
Date: Thu, 15 May 2025 11:30:33 +0100
From: Ben Horgan <ben.horgan@....com>
To: Raghavendra Rao Ananta <rananta@...gle.com>,
 Oliver Upton <oliver.upton@...ux.dev>, Marc Zyngier <maz@...nel.org>
Cc: Mingwei Zhang <mizhang@...gle.com>, linux-arm-kernel@...ts.infradead.org,
 kvmarm@...ts.linux.dev, linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Subject: Re: [PATCH 0/3] KVM: arm64: Allow vGICv4 configuration per VM

Hi,

On 5/14/25 20:21, Raghavendra Rao Ananta wrote:
> Hello,
> 
> When kvm-arm.vgic_v4_enable=1, KVM adds support for direct interrupt
> injection by default to all the VMs in the system, aka GICv4. A
> shortcoming of the GIC architecture is that there's an absolute limit on
> the number of vPEs that can be tracked by the ITS. It is possible that
> an operator is running a mix of VMs on a system, only wanting to provide
> a specific class of VMs with hardware interrupt injection support.
> 
> To support this, introduce a GIC attribute, KVM_DEV_ARM_VGIC_CONFIG_GICV4,
> for the userspace to enable or disable vGICv4 for a given VM.
> 
> The attribute allows the configuration only when vGICv4 is enabled in KVM,
> else it acts a read-only attribute returning
> KVM_DEV_ARM_VGIC_CONFIG_GICV4_UNAVAILABLE as the value.
What's the reason for the cmdline enable continuing to be absolute in 
the disable case? I wonder if this is unnecessarily restrictive.

Couldn't KVM_DEV_ARM_VGIC_CONFIG_GICV4_UNAVAILABLE be reserved for 
hardware that doesn't support vgic_v4 and if kvm-arm.vgic_v4_enable=0, 
or omitted, on supporting hardware then default to 
KVM_DEV_ARM_VGIC_CONFIG_GICV4_DISABLE but allow it to be overridden? I 
don't think this changes the behaviour when your new attribute is not used.
> 
> On the other hand, if KVM has the vGICv4 enabled via the cmdline, the
> VM absorbs this configuration by default to maintain the backward
> compatibility. Userspace can get the attribute's value to check if the VM
> has vGICv4 support if it sees KVM_DEV_ARM_VGIC_CONFIG_GICV4_ENABLE as the
> value. As required, it can disable vGICv4 by setting
> KVM_DEV_ARM_VGIC_CONFIG_GICV4_DISABLE as the value.
> 
...
> 
> 

Thanks,

Ben

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ