Re: Re: Re: Re: [PATCH v17 19/35] arch/mm: Export direct {un,}map functions
From: Quentin Perret
Date: Wed Mar 06 2024 - 07:06:01 EST
On Tuesday 05 Mar 2024 at 12:26:59 (-0800), Elliot Berman wrote:
> I still disagree that this is a Gunyah-specific problem. As far as we
> can tell, Arm doesn't specify how EL2 can tell EL1 its S2 page tables
> couldn't give a validation translation of the IPA from stage 1. IMO,
> downstream/Android pKVM is violating spec for ESR_EL1 by using the
> S1PTW bit (which is res0 for everyone except EL2 [1]) and this means
> that guests need to be pKVM-enlightened.
Not really, in pKVM we have a very clear distinction between host Linux
and guests, and only the host needs to be enlightened. But luckily,
since pKVM is part of Linux, this is pretty much an internal kernel
thing, so we're very flexible and if the S1PTW trick ever conflicts
with something else (e.g. NV) we can fairly easily switch to another
approach. We can tolerate non-architectural tricks like that between
pKVM and host Linux because that is not ABI, but we certainly can't do
that for guests.
> If we are adding pKVM
> enlightment in the exception handlers, can we add Gunyah enlightment to
> handle the same?
If you mean extending the Linux SEA handler so it does what Gunyah
wants, then I'm personally not supportive of that idea since the
'contract' between Linux and Gunyah _is_ the architecture.
The only ways I could see Gunyah delegate stage-2 fault handling to
Linux cleanly is:
- either talk to Arm to introduce a new ESR specifically for this,
which doesn't sound entirely crazy to me;
- or have Gunyah and Linux negotiate in software the location of the
handlers. That probably means SDEI or equivalent which is a can of
worm in itself I presume, and I'm not sure how feasible it would be
for this handler to live in the Gunyah driver (that too probably
requires exporting kernel symbols we don't want to export).
Thanks,
Quentin