| Message ID | 20210416154309.22129-6-steven.price@arm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | MTE support for KVM guest | expand |
On Fri, Apr 16, 2021 at 04:43:08PM +0100, Steven Price wrote: > diff --git a/arch/arm64/include/uapi/asm/kvm.h b/arch/arm64/include/uapi/asm/kvm.h > index 24223adae150..2b85a047c37d 100644 > --- a/arch/arm64/include/uapi/asm/kvm.h > +++ b/arch/arm64/include/uapi/asm/kvm.h > @@ -184,6 +184,20 @@ struct kvm_vcpu_events { > __u32 reserved[12]; > }; > > +struct kvm_arm_copy_mte_tags { > + __u64 guest_ipa; > + __u64 length; > + union { > + void __user *addr; > + __u64 padding; > + }; > + __u64 flags; > + __u64 reserved[2]; > +}; I know Marc asked for some reserved space in here but I'm not sure it's the right place. And what's with the union of a 64-bit pointer and 64-bit padding, it doesn't change any layout? Maybe add the two reserved values to the union in case we want to store something else in the future. Or maybe I'm missing something, I haven't checked how other KVM ioctls work.
On 27/04/2021 18:58, Catalin Marinas wrote: > On Fri, Apr 16, 2021 at 04:43:08PM +0100, Steven Price wrote: >> diff --git a/arch/arm64/include/uapi/asm/kvm.h b/arch/arm64/include/uapi/asm/kvm.h >> index 24223adae150..2b85a047c37d 100644 >> --- a/arch/arm64/include/uapi/asm/kvm.h >> +++ b/arch/arm64/include/uapi/asm/kvm.h >> @@ -184,6 +184,20 @@ struct kvm_vcpu_events { >> __u32 reserved[12]; >> }; >> >> +struct kvm_arm_copy_mte_tags { >> + __u64 guest_ipa; >> + __u64 length; >> + union { >> + void __user *addr; >> + __u64 padding; >> + }; >> + __u64 flags; >> + __u64 reserved[2]; >> +}; > > I know Marc asked for some reserved space in here but I'm not sure it's > the right place. And what's with the union of a 64-bit pointer and > 64-bit padding, it doesn't change any layout? Yes it's unnecessary here - habits die hard. This would ensure that the layout is the same for 32 bit and 64 bit. But it's irrelevant here as (a) we don't support 32 bit, and (b) flags has 64 bit alignment anyway. I'll drop the union (and 'padding'). > Maybe add the two reserved > values to the union in case we want to store something else in the > future. I'm not sure what you mean here. What would the reserved fields be unioned with? And surely they are no longer reserved in that case? > Or maybe I'm missing something, I haven't checked how other KVM ioctls > work. KVM ioctls seem to (sometimes) have some reserved space at the end of the structure for expansion without the ioctl number changing (since the structure size is encoded into the ioctl). Steve
On Thu, Apr 29, 2021 at 05:06:07PM +0100, Steven Price wrote: > On 27/04/2021 18:58, Catalin Marinas wrote: > > On Fri, Apr 16, 2021 at 04:43:08PM +0100, Steven Price wrote: > > > diff --git a/arch/arm64/include/uapi/asm/kvm.h b/arch/arm64/include/uapi/asm/kvm.h > > > index 24223adae150..2b85a047c37d 100644 > > > --- a/arch/arm64/include/uapi/asm/kvm.h > > > +++ b/arch/arm64/include/uapi/asm/kvm.h > > > @@ -184,6 +184,20 @@ struct kvm_vcpu_events { > > > __u32 reserved[12]; > > > }; > > > +struct kvm_arm_copy_mte_tags { > > > + __u64 guest_ipa; > > > + __u64 length; > > > + union { > > > + void __user *addr; > > > + __u64 padding; > > > + }; > > > + __u64 flags; > > > + __u64 reserved[2]; > > > +}; [...] > > Maybe add the two reserved > > values to the union in case we want to store something else in the > > future. > > I'm not sure what you mean here. What would the reserved fields be unioned > with? And surely they are no longer reserved in that case? In case you want to keep the structure size the same for future expansion and the expansion only happens via the union, you'd add some padding in there just in case. We do this for struct siginfo with an _si_pad[] array in the union.
On 04/05/2021 18:44, Catalin Marinas wrote: > On Thu, Apr 29, 2021 at 05:06:07PM +0100, Steven Price wrote: >> On 27/04/2021 18:58, Catalin Marinas wrote: >>> On Fri, Apr 16, 2021 at 04:43:08PM +0100, Steven Price wrote: >>>> diff --git a/arch/arm64/include/uapi/asm/kvm.h b/arch/arm64/include/uapi/asm/kvm.h >>>> index 24223adae150..2b85a047c37d 100644 >>>> --- a/arch/arm64/include/uapi/asm/kvm.h >>>> +++ b/arch/arm64/include/uapi/asm/kvm.h >>>> @@ -184,6 +184,20 @@ struct kvm_vcpu_events { >>>> __u32 reserved[12]; >>>> }; >>>> +struct kvm_arm_copy_mte_tags { >>>> + __u64 guest_ipa; >>>> + __u64 length; >>>> + union { >>>> + void __user *addr; >>>> + __u64 padding; >>>> + }; >>>> + __u64 flags; >>>> + __u64 reserved[2]; >>>> +}; > [...] >>> Maybe add the two reserved >>> values to the union in case we want to store something else in the >>> future. >> >> I'm not sure what you mean here. What would the reserved fields be unioned >> with? And surely they are no longer reserved in that case? > > In case you want to keep the structure size the same for future > expansion and the expansion only happens via the union, you'd add some > padding in there just in case. We do this for struct siginfo with an > _si_pad[] array in the union. > Ah I see what you mean. In this case "padding" is just a sizer to ensure that flags is always the same alignment - it's not intended to be used. As I noted previously though it's completely pointless as this only on arm64 and even 32 bit Arm would naturally align the following __u64. reserved[] is for expansion and I guess we could have a union over the whole struct (like siginfo) but I think it's generally clearer to just spell out the reserved fields at the end of the struct. TLDR; the union will be gone along with "padding" in the next version. "reserved" remains at the end of the struct for future use. Thanks, Steve
From: Steven Price <steven.price@arm.com> > Sent: 07 May 2021 10:45 > > On 04/05/2021 18:44, Catalin Marinas wrote: > > On Thu, Apr 29, 2021 at 05:06:07PM +0100, Steven Price wrote: > >> On 27/04/2021 18:58, Catalin Marinas wrote: > >>> On Fri, Apr 16, 2021 at 04:43:08PM +0100, Steven Price wrote: > >>>> diff --git a/arch/arm64/include/uapi/asm/kvm.h b/arch/arm64/include/uapi/asm/kvm.h > >>>> index 24223adae150..2b85a047c37d 100644 > >>>> --- a/arch/arm64/include/uapi/asm/kvm.h > >>>> +++ b/arch/arm64/include/uapi/asm/kvm.h > >>>> @@ -184,6 +184,20 @@ struct kvm_vcpu_events { > >>>> __u32 reserved[12]; > >>>> }; > >>>> +struct kvm_arm_copy_mte_tags { > >>>> + __u64 guest_ipa; > >>>> + __u64 length; > >>>> + union { > >>>> + void __user *addr; > >>>> + __u64 padding; > >>>> + }; > >>>> + __u64 flags; > >>>> + __u64 reserved[2]; > >>>> +}; > > [...] > >>> Maybe add the two reserved > >>> values to the union in case we want to store something else in the > >>> future. > >> > >> I'm not sure what you mean here. What would the reserved fields be unioned > >> with? And surely they are no longer reserved in that case? > > > > In case you want to keep the structure size the same for future > > expansion and the expansion only happens via the union, you'd add some > > padding in there just in case. We do this for struct siginfo with an > > _si_pad[] array in the union. > > > > Ah I see what you mean. In this case "padding" is just a sizer to ensure > that flags is always the same alignment - it's not intended to be used. > As I noted previously though it's completely pointless as this only on > arm64 and even 32 bit Arm would naturally align the following __u64. It is nice to be explicit though. You also have the problem that a 32bit (LE) application would leave the high bits of the user address undefined. All moot and pointless if 64bit only though. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
diff --git a/arch/arm64/include/uapi/asm/kvm.h b/arch/arm64/include/uapi/asm/kvm.h index 24223adae150..2b85a047c37d 100644 --- a/arch/arm64/include/uapi/asm/kvm.h +++ b/arch/arm64/include/uapi/asm/kvm.h @@ -184,6 +184,20 @@ struct kvm_vcpu_events { __u32 reserved[12]; }; +struct kvm_arm_copy_mte_tags { + __u64 guest_ipa; + __u64 length; + union { + void __user *addr; + __u64 padding; + }; + __u64 flags; + __u64 reserved[2]; +}; + +#define KVM_ARM_TAGS_TO_GUEST 0 +#define KVM_ARM_TAGS_FROM_GUEST 1 + /* If you need to interpret the index values, here is the key: */ #define KVM_REG_ARM_COPROC_MASK 0x000000000FFF0000 #define KVM_REG_ARM_COPROC_SHIFT 16 diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index 46bf319f6cb7..9a6b26d37236 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -1297,6 +1297,65 @@ static int kvm_vm_ioctl_set_device_addr(struct kvm *kvm, } } +static int kvm_vm_ioctl_mte_copy_tags(struct kvm *kvm, + struct kvm_arm_copy_mte_tags *copy_tags) +{ + gpa_t guest_ipa = copy_tags->guest_ipa; + size_t length = copy_tags->length; + void __user *tags = copy_tags->addr; + gpa_t gfn; + bool write = !(copy_tags->flags & KVM_ARM_TAGS_FROM_GUEST); + int ret = 0; + + if (copy_tags->reserved[0] || copy_tags->reserved[1]) + return -EINVAL; + + if (copy_tags->flags & ~KVM_ARM_TAGS_FROM_GUEST) + return -EINVAL; + + if (length & ~PAGE_MASK || guest_ipa & ~PAGE_MASK) + return -EINVAL; + + gfn = gpa_to_gfn(guest_ipa); + + mutex_lock(&kvm->slots_lock); + + while (length > 0) { + kvm_pfn_t pfn = gfn_to_pfn_prot(kvm, gfn, write, NULL); + void *maddr; + unsigned long num_tags = PAGE_SIZE / MTE_GRANULE_SIZE; + + if (is_error_noslot_pfn(pfn)) { + ret = -EFAULT; + goto out; + } + + maddr = page_address(pfn_to_page(pfn)); + + if (!write) { + num_tags = mte_copy_tags_to_user(tags, maddr, num_tags); + kvm_release_pfn_clean(pfn); + } else { + num_tags = mte_copy_tags_from_user(maddr, tags, + num_tags); + kvm_release_pfn_dirty(pfn); + } + + if (num_tags != PAGE_SIZE / MTE_GRANULE_SIZE) { + ret = -EFAULT; + goto out; + } + + gfn++; + tags += num_tags; + length -= PAGE_SIZE; + } + +out: + mutex_unlock(&kvm->slots_lock); + return ret; +} + long kvm_arch_vm_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg) { @@ -1333,6 +1392,16 @@ long kvm_arch_vm_ioctl(struct file *filp, return 0; } + case KVM_ARM_MTE_COPY_TAGS: { + struct kvm_arm_copy_mte_tags copy_tags; + + if (!kvm_has_mte(kvm)) + return -EINVAL; + + if (copy_from_user(©_tags, argp, sizeof(copy_tags))) + return -EFAULT; + return kvm_vm_ioctl_mte_copy_tags(kvm, ©_tags); + } default: return -EINVAL; } diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 6dc16c09a2d1..470c122f4c2d 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1424,6 +1424,7 @@ struct kvm_s390_ucas_mapping { /* Available with KVM_CAP_PMU_EVENT_FILTER */ #define KVM_SET_PMU_EVENT_FILTER _IOW(KVMIO, 0xb2, struct kvm_pmu_event_filter) #define KVM_PPC_SVM_OFF _IO(KVMIO, 0xb3) +#define KVM_ARM_MTE_COPY_TAGS _IOR(KVMIO, 0xb4, struct kvm_arm_copy_mte_tags) /* ioctl for vm fd */ #define KVM_CREATE_DEVICE _IOWR(KVMIO, 0xe0, struct kvm_create_device)
The VMM may not wish to have it's own mapping of guest memory mapped with PROT_MTE because this causes problems if the VMM has tag checking enabled (the guest controls the tags in physical RAM and it's unlikely the tags are correct for the VMM). Instead add a new ioctl which allows the VMM to easily read/write the tags from guest memory, allowing the VMM's mapping to be non-PROT_MTE while the VMM can still read/write the tags for the purpose of migration. Signed-off-by: Steven Price <steven.price@arm.com> --- arch/arm64/include/uapi/asm/kvm.h | 14 +++++++ arch/arm64/kvm/arm.c | 69 +++++++++++++++++++++++++++++++ include/uapi/linux/kvm.h | 1 + 3 files changed, 84 insertions(+)