lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <2700e50c6ca07b58c4a4a0c219815cf3e1319f35.camel@infradead.org>
Date: Fri, 01 Aug 2025 13:25:43 +0100
From: David Woodhouse <dwmw2@...radead.org>
To: Karim Manaouil <karim.manaouil@...aro.org>,
 linux-kernel@...r.kernel.org,  kvm@...r.kernel.org,
 linux-arm-msm@...r.kernel.org,  linux-arm-kernel@...ts.infradead.org,
 kvmarm@...ts.linux.dev, Steven Price <steven.price@....com>, Gavin Shan
 <gshan@...hat.com>, Suzuki Poulose's avatarSuzuki K Poulose
 <suzuki.poulose@....com>, "Usug, Ugur" <ugurus@...zon.co.uk>
Cc: Alexander Graf <graf@...zon.com>, Alex Elder <elder@...nel.org>, Catalin
 Marinas <catalin.marinas@....com>, Fuad Tabba <tabba@...gle.com>, Joey
 Gouly <joey.gouly@....com>,  Jonathan Corbet <corbet@....net>, Marc Zyngier
 <maz@...nel.org>, Mark Brown <broonie@...nel.org>,  Mark Rutland
 <mark.rutland@....com>, Oliver Upton <oliver.upton@...ux.dev>, Paolo
 Bonzini <pbonzini@...hat.com>, Prakruthi Deepak Heragu
 <quic_pheragu@...cinc.com>,  Quentin Perret <qperret@...gle.com>, Rob
 Herring <robh@...nel.org>, Srinivas Kandagatla <srini@...nel.org>, 
 Srivatsa Vaddagiri <quic_svaddagi@...cinc.com>, Will Deacon
 <will@...nel.org>, Haripranesh S <haripran@....qualcomm.com>,  Carl van
 Schaik <cvanscha@....qualcomm.com>, Murali Nalajala <mnalajal@...cinc.com>,
 Sreenivasulu Chalamcharla <sreeniva@....qualcomm.com>, Trilok Soni
 <tsoni@...cinc.com>, Stefan Schmidt <stefan.schmidt@...aro.org>
Subject: Re: [RFC PATCH 06/34] KVM: gunyah: Add initial Gunyah backend
 support

On Thu, 2025-04-24 at 15:13 +0100, Karim Manaouil wrote:
> 
> - Introduces a new Kconfig split: `CONFIG_KVM_ARM` for native support,
>   and a variant for Gunyah-backed virtualization.
> - Adds `gunyah.c`, a new arch backend file that implements the minimal
>   KVM architecture callbacks and stub interfaces required by the KVM
>   core to build and boot.
> - Refactors Makefile and build rules to support mutually exclusive
>   builds of `CONFIG_KVM_ARM` and `CONFIG_GUNYAH`.
> - Introduces a dummy implementation of required KVM stubs such as:
>   `kvm_arch_init_vm()`, `kvm_arch_vcpu_create()`, `kvm_age_gfn()`, etc.

I quite like this, conceptually. I do think it's important for the
kernel to provide a generic virtualization API regardless of the
underlying hardware/firmware — that is, after all, what an OS kernel is
*for*. So the answer "not in KVM" is just fundamentally not realistic.

I'd like to see fewer #ifdefs though. The model we have on x86 with
static_calls for the AMD vs. Intel back ends seems to work out OK.

We ought to be able to come up with a model inspired by x86 where we
allow certain methods to be provided by one of many sets of 'lowvisor'
ops or whatever we want to call them:

 • Native KVM (at EL2)
 • pKVM
 • Gunyah
 • CCA
 • ... and potentially one or two others.

Currently we have completely separate work on some of those; can we
combine at least the basic hooks/operations and come up with something
which is minimally intrusive where each one just plugs in its own
implementation but the KVM userspace API is as unified as possible?

Download attachment "smime.p7s" of type "application/pkcs7-signature" (5069 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ