On Tue, Feb 25, 2025 at 09:25:42AM -0800, Nicolin Chen wrote:
> There is a DoS concern on the shared hardware event queue among devices
> passed through to VMs, that too many translation failures that belong to
> VMs could overflow the shared hardware event queue if those VMs or their
> VMMs don't
On Tue, Feb 25, 2025 at 09:25:40AM -0800, Nicolin Chen wrote:
> Use it to store all vSMMU-related data. The vsid (Virtual Stream ID) will
> be the first use case. Since the vsid reader will be the eventq handler
> that already holds a streams_mutex, reuse that to fenche the vmaster too.
"fenche"?
On Tue, Feb 25, 2025 at 09:25:41AM -0800, Nicolin Chen wrote:
> Aside from the IOPF framework, iommufd provides an additional pathway to
> report hardware events, via the vEVENTQ of vIOMMU infrastructure.
>
> Define an iommu_vevent_arm_smmuv3 uAPI structure, and report stage-1 events
> in the thre
zicfiss / zicfilp introduces a new exception to priv isa `software check
exception` with cause code = 18. This patch implements software check
exception.
Additionally it implements a cfi violation handler which checks for code
in xtval. If xtval=2, it means that sw check exception happened because
From: Jim Shu
user mode tasks compiled with zicfilp may call indirectly into vdso (like
hwprobe indirect calls). Add landing pad compile support in vdso. vdso
with landing pad in it will be nop for tasks which have not enabled
landing pad.
This patch allows to run user mode tasks with cfi eanbled
Introduce git-resolve.sh, a tool that resolves short git commit IDs to their
full SHA-1 hash. This is particularly useful for navigating references in commit
messages and verifying Fixes tags.
When faced with ambiguous commit IDs or imprecise references in messages,
this tool can help by resolving
On 3/6/2025 11:29 PM, Andrew Lunn wrote:
Thanks for the suggestion. Just to clarify, we preferred
u32p_replace_bits() over FIELD_PREP() because the former does
a clear-and-set operation against a given mask, where as with
FIELD_PREP(), we need to clear the bits first before we use the
macro an
Implement architecture agnostic prctls() interface for setting and getting
shadow stack status.
prctls implemented are PR_GET_SHADOW_STACK_STATUS,
PR_SET_SHADOW_STACK_STATUS and PR_LOCK_SHADOW_STACK_STATUS.
As part of PR_SET_SHADOW_STACK_STATUS/PR_GET_SHADOW_STACK_STATUS, only
PR_SHADOW_STACK_ENA
The FWFT SBI extension will need to dynamically allocate memory and do
init time specific initialization. Add an init/deinit callbacks that
allows to do so.
Signed-off-by: Clément Léger
---
arch/riscv/include/asm/kvm_vcpu_sbi.h | 9 +
arch/riscv/kvm/vcpu.c | 2 ++
arch/
misaligned_access_speed is defined under CONFIG_RISCV_SCALAR_MISALIGNED
but was used under CONFIG_RISCV_PROBE_UNALIGNED_ACCESS. Fix that by
using the correct config option.
Signed-off-by: Clément Léger
---
arch/riscv/kernel/traps_misaligned.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Kernel will have to perform shadow stack operations on user shadow stack.
Like during signal delivery and sigreturn, shadow stack token must be
created and validated respectively. Thus shadow stack access for kernel
must be enabled.
In future when kernel shadow stacks are enabled for linux kernel,
Updating __show_regs to print captured shadow stack pointer as well.
On tasks where shadow stack is disabled, it'll simply print 0.
Signed-off-by: Deepak Gupta
Reviewed-by: Alexandre Ghiti
---
arch/riscv/kernel/process.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ar
From: Andy Chiu
The function save_v_state() served two purposes. First, it saved
extension context into the signal stack. Then, it constructed the
extension header if there was no fault. The second part is independent
of the extension itself. As a result, we can pull that part out, so
future exte
On Thu, Mar 6, 2025 at 9:25 AM Tamir Duberstein wrote:
>
> On Thu, Mar 6, 2025 at 7:25 AM Petr Mladek wrote:
> >
> > On Fri 2025-02-21 15:34:30, Tamir Duberstein wrote:
> > > Convert the printf() self-test to a KUnit test.
> > >
> > > [...]
> > >
>
> > 2. What was the motivation to remove the tra
The Firmware Features extension (FWFT) was added as part of the SBI 3.0
specification. Add SBI definitions to use this extension.
Signed-off-by: Clément Léger
Reviewed-by: Samuel Holland
Tested-by: Samuel Holland
Reviewed-by: Deepak Gupta
---
arch/riscv/include/asm/sbi.h | 33
Userspace specifies CLONE_VM to share address space and spawn new thread.
`clone` allow userspace to specify a new stack for new thread. However
there is no way to specify new shadow stack base address without changing
API. This patch allocates a new shadow stack whenever CLONE_VM is given.
In cas
SBI_FWFT_MISALIGNED_DELEG needs hedeleg to be modified to delegate
misaligned load/store exceptions. Save and restore it during CPU
load/put.
Signed-off-by: Clément Léger
Reviewed-by: Deepak Gupta
---
arch/riscv/kvm/vcpu.c | 3 +++
arch/riscv/kvm/vcpu_sbi_fwft.c | 39 +
On Tue, Mar 11, 2025 at 03:56:38PM +, Will Deacon wrote:
> On Tue, Feb 25, 2025 at 09:25:41AM -0800, Nicolin Chen wrote:
> > @@ -1866,7 +1869,14 @@ static int arm_smmu_handle_event(struct
> > arm_smmu_device *smmu,
> > goto out_unlock;
> > }
> >
> > - ret = iommu_report_dev
Adding enumeration of zicfilp and zicfiss extensions in hwprobe syscall.
Signed-off-by: Deepak Gupta
---
arch/riscv/include/uapi/asm/hwprobe.h | 2 ++
arch/riscv/kernel/sys_hwprobe.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/arch/riscv/include/uapi/asm/hwprobe.h
b/arch/riscv/
This patch adds support for detecting zicfiss and zicfilp. zicfiss and
zicfilp stands for unprivleged integer spec extension for shadow stack
and branch tracking on indirect branches, respectively.
This patch looks for zicfiss and zicfilp in device tree and accordinlgy
lights up bit in cpu feature
Currently, oonly the STA extension needed a reset function but that's
going to be the case for FWFT as well. Add a reset callback that can be
implemented by SBI extensions.
Signed-off-by: Clément Léger
---
arch/riscv/include/asm/kvm_host.h | 1 -
arch/riscv/include/asm/kvm_vcpu_sbi.h | 2 +
This SBI extensions enables supervisor mode to control feature that are
under M-mode control (For instance, Svadu menvcfg ADUE bit, Ssdbltrp
DTE, etc).
Signed-off-by: Clément Léger
---
arch/riscv/include/asm/sbi.h | 5 ++
arch/riscv/kernel/sbi.c | 97
2
riscv supports the "unaligned-trap" sysctl variable, add it to the list
of supported architectures.
Signed-off-by: Clément Léger
---
Documentation/admin-guide/sysctl/kernel.rst | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Documentation/admin-guide/sysctl/kernel.rst
b/
Expose a new register type NT_RISCV_USER_CFI for risc-v cfi status and
state. Intentionally both landing pad and shadow stack status and state
are rolled into cfi state. Creating two different NT_RISCV_USER_XXX would
not be useful and wastage of a note type. Enabling or disabling of feature
is not
Now that the kernel can emulate misaligned access and control its
behavior, add a selftest for that. This selftest tests all the currently
emulated instruction (except for the RV32 compressed ones which are left
as a future exercise for a RV32 user). For the FPU instructions, all the
FPU registers
`arch_calc_vm_prot_bits` is implemented on risc-v to return VM_READ |
VM_WRITE if PROT_WRITE is specified. Similarly `riscv_sys_mmap` is
updated to convert all incoming PROT_WRITE to (PROT_WRITE | PROT_READ).
This is to make sure that any existing apps using PROT_WRITE still work.
Earlier `protect
Add basic infrastructure to support the FWFT extension in KVM.
Signed-off-by: Clément Léger
---
arch/riscv/include/asm/kvm_host.h | 4 +
arch/riscv/include/asm/kvm_vcpu_sbi.h | 1 +
arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h | 31 +++
arch/riscv/include/uapi/asm/kvm.h
Now that the kernel can handle misaligned accesses in S-mode, request
misaligned access exception delegation from SBI. This uses the FWFT SBI
extension defined in SBI version 3.0.
Signed-off-by: Clément Léger
---
arch/riscv/include/asm/cpufeature.h| 3 +-
arch/riscv/kernel/traps_misalig
On Tue, Mar 11, 2025 at 03:57:16PM +, Will Deacon wrote:
> On Tue, Feb 25, 2025 at 09:25:40AM -0800, Nicolin Chen wrote:
> > Use it to store all vSMMU-related data. The vsid (Virtual Stream ID) will
> > be the first use case. Since the vsid reader will be the eventq handler
> > that already hol
Adding documentation on landing pad aka indirect branch tracking on riscv
and kernel interfaces exposed so that user tasks can enable it.
Signed-off-by: Deepak Gupta
---
Documentation/arch/riscv/index.rst | 1 +
Documentation/arch/riscv/zicfilp.rst | 115 +++
Three architectures (x86, aarch64, riscv) have support for indirect branch
tracking feature in a very similar fashion. On a very high level, indirect
branch tracking is a CPU feature where CPU tracks branches which uses
memory operand to perform control transfer in program. As part of this
tracking
Make an entry for cfi extensions in extensions.yaml.
Signed-off-by: Deepak Gupta
Acked-by: Rob Herring (Arm)
---
Documentation/devicetree/bindings/riscv/extensions.yaml | 14 ++
1 file changed, 14 insertions(+)
diff --git a/Documentation/devicetree/bindings/riscv/extensions.yaml
b
We can safely reenable IRQs if they were enabled in the previous
context. This allows to access user memory that could potentially
trigger a page fault.
Signed-off-by: Clément Léger
---
arch/riscv/kernel/traps.c | 8
1 file changed, 8 insertions(+)
diff --git a/arch/riscv/kernel/traps.
Updates the document to clearly describe the scope and role the TAB plays
in making decisions on unresolved violations. If and when the CoC has to
make a call on instituting a ban, it doesn't act without the TAB's approval
and only when the TAB approves it with 2/3 vote in favor of the measure.
Th
On Tue, Mar 11, 2025 at 2:11 PM Akihiko Odaki wrote:
>
> On 2025/03/11 9:38, Jason Wang wrote:
> > On Mon, Mar 10, 2025 at 3:45 PM Akihiko Odaki
> > wrote:
> >>
> >> On 2025/03/10 12:55, Jason Wang wrote:
> >>> On Fri, Mar 7, 2025 at 7:01 PM Akihiko Odaki
> >>> wrote:
>
> Hash report
Add FWFT extension calls. This will be ratified in SBI V3.0 hence, it is
provided as a separate commit that can be left out if needed.
Signed-off-by: Clément Léger
---
arch/riscv/kernel/sbi.c | 30 --
1 file changed, 28 insertions(+), 2 deletions(-)
diff --git a/arch
On Tue, Mar 11, 2025 at 2:17 PM Akihiko Odaki wrote:
>
> On 2025/03/11 9:38, Jason Wang wrote:
> > On Mon, Mar 10, 2025 at 3:45 PM Akihiko Odaki
> > wrote:
> >>
> >> On 2025/03/10 12:55, Jason Wang wrote:
> >>> On Fri, Mar 7, 2025 at 7:01 PM Akihiko Odaki
> >>> wrote:
>
> Hash report
On 2025/03/12 12:36, Jason Wang wrote:
On Tue, Mar 11, 2025 at 2:24 PM Akihiko Odaki wrote:
On 2025/03/11 9:42, Jason Wang wrote:
On Mon, Mar 10, 2025 at 3:04 PM Akihiko Odaki wrote:
On 2025/03/10 13:43, Jason Wang wrote:
On Fri, Mar 7, 2025 at 7:02 PM Akihiko Odaki wrote:
VIRTIO_NET_F
QE tested this series with virtio-net regression tests, everything works fine.
Tested-by: Lei Yang
On Sun, Mar 9, 2025 at 5:41 AM Mina Almasry wrote:
>
> v7:
> https://lore.kernel.org/netdev/20250227041209.2031104-1-almasrym...@google.com/
> ===
>
> Changelog:
> - Check the dmabuf net_iov bind
On 2025/03/12 11:35, Jason Wang wrote:
On Tue, Mar 11, 2025 at 2:11 PM Akihiko Odaki wrote:
On 2025/03/11 9:38, Jason Wang wrote:
On Mon, Mar 10, 2025 at 3:45 PM Akihiko Odaki wrote:
On 2025/03/10 12:55, Jason Wang wrote:
On Fri, Mar 7, 2025 at 7:01 PM Akihiko Odaki wrote:
Hash reporti
There is a DoS concern on the shared hardware event queue among devices
passed through to VMs, that too many translation failures that belong to
VMs could overflow the shared hardware event queue if those VMs or their
VMMs don't handle/recover the devices properly.
The MEV bit in the STE allows to
Aside from the IOPF framework, iommufd provides an additional pathway to
report hardware events, via the vEVENTQ of vIOMMU infrastructure.
Define an iommu_vevent_arm_smmuv3 uAPI structure, and report stage-1 events
in the threaded IRQ handler. Also, add another four event record types that
can be
Use it to store all vSMMU-related data. The vsid (Virtual Stream ID) will
be the first use case. Since the vsid reader will be the eventq handler
that already holds a streams_mutex, reuse that to fence the vmaster too.
Also add a pair of arm_smmu_attach_prepare/commit_vmaster helpers to set
or uns
Introduce a new IOMMUFD_OBJ_VEVENTQ object for vIOMMU Event Queue that
provides user space (VMM) another FD to read the vIOMMU Events.
Allow a vIOMMU object to allocate vEVENTQs, with a condition that each
vIOMMU can only have one single vEVENTQ per type.
Add iommufd_veventq_alloc() with iommufd_
As the vIOMMU infrastructure series part-3, this introduces a new vEVENTQ
object. The existing FAULT object provides a nice notification pathway to
the user space with a queue already, so let vEVENTQ reuse that.
Mimicing the HWPT structure, add a common EVENTQ structure to support its
derivatives:
Rename the file, aligning with the new eventq object.
Reviewed-by: Kevin Tian
Reviewed-by: Lu Baolu
Reviewed-by: Jason Gunthorpe
Signed-off-by: Nicolin Chen
---
drivers/iommu/iommufd/Makefile | 2 +-
drivers/iommu/iommufd/{fault.c => eventq.c} | 0
2 files changed, 1 insertion(+)
The fault object was designed exclusively for hwpt's IO page faults (PRI).
But its queue implementation can be reused for other purposes too, such as
hardware IRQ and event injections to user space.
Meanwhile, a fault object holds a list of faults. So it's more accurate to
call it a "fault queue".
The infrastructure of a fault object will be shared with a new vEVENTQ
object in a following change. Add an iommufd_fault_init helper and an
INIT_EVENTQ_FOPS marco for a vEVENTQ allocator to use too.
Reorder the iommufd_ctx_get and refcount_inc, to keep them symmetrical
with the iommufd_fault_fops
This is a reverse search v.s. iommufd_viommu_find_dev, as drivers may want
to convert a struct device pointer (physical) to its virtual device ID for
an event injection to the user space VM.
Again, this avoids exposing more core structures to the drivers, than the
iommufd_viommu alone.
Reviewed-b
There is no need to keep them in the header. The vEVENTQ version of these
two functions will turn out to be a different implementation and will not
share with this fault version. Thus, move them out of the header.
Reviewed-by: Jason Gunthorpe
Reviewed-by: Kevin Tian
Signed-off-by: Nicolin Chen
When attaching a device to a vIOMMU-based nested domain, vdev_id must be
present. Add a piece of code hard-requesting it, preparing for a vEVENTQ
support in the following patch. Then, update the TEST_F.
A HWPT-based nested domain will return a NULL new_viommu, thus no such a
vDEVICE requirement.
Similar to iommu_report_device_fault, this allows IOMMU drivers to report
vIOMMU events from threaded IRQ handlers to user space hypervisors.
Reviewed-by: Lu Baolu
Reviewed-by: Kevin Tian
Reviewed-by: Jason Gunthorpe
Signed-off-by: Nicolin Chen
---
include/linux/iommufd.h| 11
The handler will get vDEVICE object from the given mdev and convert it to
its per-vIOMMU virtual ID to mimic a real IOMMU driver.
Reviewed-by: Kevin Tian
Signed-off-by: Nicolin Chen
---
drivers/iommu/iommufd/iommufd_test.h | 10 ++
drivers/iommu/iommufd/selftest.c | 30 +
With the introduction of the new objects, update the doc to reflect that.
Reviewed-by: Lu Baolu
Reviewed-by: Kevin Tian
Reviewed-by: Bagas Sanjaya
Reviewed-by: Jason Gunthorpe
Signed-off-by: Nicolin Chen
---
Documentation/userspace-api/iommufd.rst | 17 +
1 file changed, 17 i
Trigger vEVENTs by feeding an idev ID and validating the returned output
virt_ids whether they equal to the value that was set to the vDEVICE.
Reviewed-by: Kevin Tian
Signed-off-by: Nicolin Chen
---
tools/testing/selftests/iommu/iommufd_utils.h | 115 ++
tools/testing/selftests/
On Tue, Mar 11, 2025 at 12:53:36PM -0400, Sasha Levin wrote:
> Introduce git-resolve.sh, a tool that resolves short git commit IDs to their
> full SHA-1 hash. This is particularly useful for navigating references in
> commit
> messages and verifying Fixes tags.
>
> When faced with ambiguous commi
On Tue, Mar 11, 2025 at 2:24 PM Akihiko Odaki wrote:
>
> On 2025/03/11 9:42, Jason Wang wrote:
> > On Mon, Mar 10, 2025 at 3:04 PM Akihiko Odaki
> > wrote:
> >>
> >> On 2025/03/10 13:43, Jason Wang wrote:
> >>> On Fri, Mar 7, 2025 at 7:02 PM Akihiko Odaki
> >>> wrote:
>
> VIRTIO_NET_
On 2025/03/12 11:59, Jason Wang wrote:
On Tue, Mar 11, 2025 at 2:17 PM Akihiko Odaki wrote:
On 2025/03/11 9:38, Jason Wang wrote:
On Mon, Mar 10, 2025 at 3:45 PM Akihiko Odaki wrote:
On 2025/03/10 12:55, Jason Wang wrote:
On Fri, Mar 7, 2025 at 7:01 PM Akihiko Odaki wrote:
Hash reporti
Save shadow stack pointer in sigcontext structure while delivering signal.
Restore shadow stack pointer from sigcontext on sigreturn.
As part of save operation, kernel uses `ssamoswap` to save snapshot of
current shadow stack on shadow stack itself (can be called as a save
token). During restore o
pte_mkwrite creates PTEs with WRITE encodings for underlying arch.
Underlying arch can have two types of writeable mappings. One that can be
written using regular store instructions. Another one that can only be
written using specialized store instructions (like shadow stack stores).
pte_mkwrite ca
60 matches
Mail list logo
