This is the second version of this series initially posted at [1] that aims at letting a guest express what it considers as MMIO, and only let this through to userspace. Together with the guest memory made (mostly) inaccessible to the host kernel and userspace, this allows an implementation of a hardened IO subsystem. A lot has been fixed/revamped/improved since the initial posting, although I am still not pleased with the ioremap plugging on the guest side. I'll take any idea to get rid of it! The series is based on 5.15-rc3. [1] https://lore.kernel.org/kvmarm/20210715163159.1480168-1-maz@xxxxxxxxxx Marc Zyngier (16): KVM: arm64: Generalise VM features into a set of flags KVM: arm64: Check for PTE valitity when checking for executable/cacheable KVM: arm64: Turn kvm_pgtable_stage2_set_owner into kvm_pgtable_stage2_annotate KVM: arm64: Add MMIO checking infrastructure KVM: arm64: Plumb MMIO checking into the fault handling KVM: arm64: Force a full unmap on vpcu reinit KVM: arm64: Wire MMIO guard hypercalls KVM: arm64: Add tracepoint for failed MMIO guard check KVM: arm64: Advertise a capability for MMIO guard KVM: arm64: Add some documentation for the MMIO guard feature firmware/smccc: Call arch-specific hook on discovering KVM services mm/vmalloc: Add arch-specific callbacks to track io{remap,unmap} physical pages arm64: Implement ioremap/iounmap hooks calling into KVM's MMIO guard arm64: Enroll into KVM's MMIO guard if required arm64: Add a helper to retrieve the PTE of a fixmap arm64: Register earlycon fixmap with the MMIO guard .../admin-guide/kernel-parameters.txt | 3 + Documentation/virt/kvm/arm/index.rst | 1 + Documentation/virt/kvm/arm/mmio-guard.rst | 74 ++++++++ arch/arm/include/asm/hypervisor.h | 1 + arch/arm64/Kconfig | 1 + arch/arm64/include/asm/fixmap.h | 2 + arch/arm64/include/asm/hypervisor.h | 2 + arch/arm64/include/asm/kvm_host.h | 14 +- arch/arm64/include/asm/kvm_mmu.h | 5 + arch/arm64/include/asm/kvm_pgtable.h | 12 +- arch/arm64/kernel/setup.c | 6 + arch/arm64/kvm/arm.c | 30 ++-- arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 2 +- arch/arm64/kvm/hyp/nvhe/mem_protect.c | 11 +- arch/arm64/kvm/hyp/nvhe/setup.c | 10 +- arch/arm64/kvm/hyp/pgtable.c | 29 ++-- arch/arm64/kvm/hypercalls.c | 38 ++++ arch/arm64/kvm/mmio.c | 20 ++- arch/arm64/kvm/mmu.c | 111 ++++++++++++ arch/arm64/kvm/psci.c | 8 + arch/arm64/kvm/trace_arm.h | 17 ++ arch/arm64/mm/ioremap.c | 162 ++++++++++++++++++ arch/arm64/mm/mmu.c | 15 ++ drivers/firmware/smccc/kvm_guest.c | 4 + include/linux/arm-smccc.h | 28 +++ include/linux/io.h | 2 + include/uapi/linux/kvm.h | 1 + mm/Kconfig | 5 + mm/vmalloc.c | 12 +- 29 files changed, 575 insertions(+), 51 deletions(-) create mode 100644 Documentation/virt/kvm/arm/mmio-guard.rst -- 2.30.2
