lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <86jz6if8um.wl-maz@kernel.org>
Date: Thu, 15 May 2025 11:48:17 +0100
From: Marc Zyngier <maz@...nel.org>
To: Ben Horgan <ben.horgan@....com>
Cc: Raghavendra Rao Ananta <rananta@...gle.com>,
	Oliver Upton <oliver.upton@...ux.dev>,
	Mingwei Zhang <mizhang@...gle.com>,
	linux-arm-kernel@...ts.infradead.org,
	kvmarm@...ts.linux.dev,
	linux-kernel@...r.kernel.org,
	kvm@...r.kernel.org
Subject: Re: [PATCH 0/3] KVM: arm64: Allow vGICv4 configuration per VM

On Thu, 15 May 2025 11:30:33 +0100,
Ben Horgan <ben.horgan@....com> wrote:
> 
> Hi,
> 
> On 5/14/25 20:21, Raghavendra Rao Ananta wrote:
> > Hello,
> > 
> > When kvm-arm.vgic_v4_enable=1, KVM adds support for direct interrupt
> > injection by default to all the VMs in the system, aka GICv4. A
> > shortcoming of the GIC architecture is that there's an absolute limit on
> > the number of vPEs that can be tracked by the ITS. It is possible that
> > an operator is running a mix of VMs on a system, only wanting to provide
> > a specific class of VMs with hardware interrupt injection support.
> > 
> > To support this, introduce a GIC attribute, KVM_DEV_ARM_VGIC_CONFIG_GICV4,
> > for the userspace to enable or disable vGICv4 for a given VM.
> > 
> > The attribute allows the configuration only when vGICv4 is enabled in KVM,
> > else it acts a read-only attribute returning
> > KVM_DEV_ARM_VGIC_CONFIG_GICV4_UNAVAILABLE as the value.
> What's the reason for the cmdline enable continuing to be absolute in
> the disable case? I wonder if this is unnecessarily restrictive.

Because there are a number of GICv4 implementations that are
absolutely terrible out there, and that will happily lock-up under
some undisclosed circumstances.

So unless you find a good way to retire that HW, GICv4 will continue
to be a buy-in.

	M.

-- 
Without deviation from the norm, progress is not possible.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ