Re: [PATCH v3 00/25] Permission Overlay Extension

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Joey,

On Fri, 24 Nov 2023 16:34:45 +0000,
Joey Gouly <joey.gouly@xxxxxxx> wrote:
> 
> Hello everyone,
> 
> This series implements the Permission Overlay Extension introduced in 2022
> VMSA enhancements [1]. It is based on v6.7-rc2.
> 
> Changes since v2[2]:
> 	# Added ptrace support and selftest
> 	# Add missing POR_EL0 initialisation in fork/clone
> 	# Rebase onto v6.7-rc2
> 	# Add r-bs
> 
> The Permission Overlay Extension allows to constrain permissions on memory
> regions. This can be used from userspace (EL0) without a system call or TLB
> invalidation.

I have given this series a few more thoughts, and came to the
conclusion that is it still incomplete on the KVM front:

* FEAT_S1POE often comes together with FEAT_S2POE. For obvious
  reasons, we cannot afford to let the guest play with S2POR_EL1, nor
  do we want to advertise FEAT_S2POE to the guest.

  You will need to add some additional FGT for this, and mask out
  FEAT_S2POE from the guest's view of the ID registers.

* letting the guest play with POE comes with some interesting strings
  attached: a guest that has started on a POE-enabled host cannot be
  migrated to one that doesn't have POE. which means that the POE
  registers should only be visible to the host userspace if enabled in
  the guest's ID registers, and thus only context-switched in these
  conditions. They should otherwise UNDEF.

Thanks,

	M.

-- 
Without deviation from the norm, progress is not possible.




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux