search for: gpas

...OPs on > > SVM. > > Not sure if it is disarmed on VMRUN, but the MONITOR/MWAIT instructions > are part of the GHCB spec, so they are implemented here. Even if MONITOR/MWAIT somehow works across VMRUN I'm not sure it's something the guest should enable by default as it leaks GPAs to the untrusted host, with no benefit to the guest except in specific configurations. Yeah, the VMM can muck with page tables to trace guest to the some extent, but the guest shouldn't be unnecessarily volunteering information to the host. If MONITOR/MWAIT is effectively a NOP then removing...

...OPs on > > SVM. > > Not sure if it is disarmed on VMRUN, but the MONITOR/MWAIT instructions > are part of the GHCB spec, so they are implemented here. Even if MONITOR/MWAIT somehow works across VMRUN I'm not sure it's something the guest should enable by default as it leaks GPAs to the untrusted host, with no benefit to the guest except in specific configurations. Yeah, the VMM can muck with page tables to trace guest to the some extent, but the guest shouldn't be unnecessarily volunteering information to the host. If MONITOR/MWAIT is effectively a NOP then removing...

...> >> Not sure if it is disarmed on VMRUN, but the MONITOR/MWAIT instructions >> are part of the GHCB spec, so they are implemented here. > > Even if MONITOR/MWAIT somehow works across VMRUN I'm not sure it's something > the guest should enable by default as it leaks GPAs to the untrusted host, > with no benefit to the guest except in specific configurations. Yeah, the > VMM can muck with page tables to trace guest to the some extent, but the > guest shouldn't be unnecessarily volunteering information to the host. > > If MONITOR/MWAIT is effecti...

...ork backend w/o multiqueue for now; > - Some minor fixes and improvements; > - Rebase on top of virtio-mdev series v4; > > RFC v4 -> v1: > - Implement vhost-mdev as a mdev device driver directly and > connect it to VFIO container/group. (Jason); > - Pass ring addresses as GPAs/IOVAs in vhost-mdev to avoid > meaningless HVA->GPA translations (Jason); > > RFC v3 -> RFC v4: > - Build vhost-mdev on top of the same abstraction used by > virtio-mdev (Jason); > - Introduce vhost fd and pass VFIO fd via SET_BACKEND ioctl (MST); > > RFC v2 -&gt...

On Tue, Apr 28, 2020 at 05:17:09PM +0200, Joerg Roedel wrote: > From: Tom Lendacky <thomas.lendacky at amd.com> > > Implement a handler for #VC exceptions caused by MONITOR and MONITORX > instructions. > > Signed-off-by: Tom Lendacky <thomas.lendacky at amd.com> > [ jroedel at suse.de: Adapt to #VC handling infrastructure ] > Co-developed-by: Joerg Roedel

On Tue, Apr 28, 2020 at 05:17:09PM +0200, Joerg Roedel wrote: > From: Tom Lendacky <thomas.lendacky at amd.com> > > Implement a handler for #VC exceptions caused by MONITOR and MONITORX > instructions. > > Signed-off-by: Tom Lendacky <thomas.lendacky at amd.com> > [ jroedel at suse.de: Adapt to #VC handling infrastructure ] > Co-developed-by: Joerg Roedel

...LE (Jason); - Only support the network backend w/o multiqueue for now; - Some minor fixes and improvements; - Rebase on top of virtio-mdev series v4; RFC v4 -> v1: - Implement vhost-mdev as a mdev device driver directly and connect it to VFIO container/group. (Jason); - Pass ring addresses as GPAs/IOVAs in vhost-mdev to avoid meaningless HVA->GPA translations (Jason); RFC v3 -> RFC v4: - Build vhost-mdev on top of the same abstraction used by virtio-mdev (Jason); - Introduce vhost fd and pass VFIO fd via SET_BACKEND ioctl (MST); RFC v2 -> RFC v3: - Reuse vhost's ioctls ins...

...LE (Jason); - Only support the network backend w/o multiqueue for now; - Some minor fixes and improvements; - Rebase on top of virtio-mdev series v4; RFC v4 -> v1: - Implement vhost-mdev as a mdev device driver directly and connect it to VFIO container/group. (Jason); - Pass ring addresses as GPAs/IOVAs in vhost-mdev to avoid meaningless HVA->GPA translations (Jason); RFC v3 -> RFC v4: - Build vhost-mdev on top of the same abstraction used by virtio-mdev (Jason); - Introduce vhost fd and pass VFIO fd via SET_BACKEND ioctl (MST); RFC v2 -> RFC v3: - Reuse vhost's ioctls ins...

...#39;s because of swap. I can be totally confused on > > that part though. > > > What I understand from an IRC conversation with Alex just now is that > increasing RLIMIT_MEMLOCK isn't done just to prevent any of the pages > being swapped out. It's done because "all GPAs (Guest Physical > Addresses) that could potentially be DMA targets need to have fixed > mappings through the iommu, therefore all need to be allocated and > mappings fixed [...] setting rlimit allows us to perform all the > necessary pins within the user's locked memory limit"....

...u32 exit_reason = vmx->exit_reason; u32 vectoring_info = vmx->idt_vectoring_info; + if (vmx->eptp_list_pg) { + unsigned int view = update_ept_view(vmx); + struct kvm_mmu *mmu = vcpu->arch.mmu; + + mmu->root_hpa = mmu->root_hpa_altviews[view]; + } + /* * Flush logged GPAs PML buffer, this will make dirty_bitmap more * updated. Another good is, in kvm_vm_ioctl_get_dirty_log, before @@ -6951,12 +7034,21 @@ static fastpath_t vmx_vcpu_run(struct kvm_vcpu *vcpu) return exit_fastpath; } +static void vmx_destroy_eptp_list_page(struct vcpu_vmx *vmx) +{ + if (vmx-&gt...

On Thu, Aug 22, 2019 at 12:01 PM Laine Stump <laine@redhat.com> wrote: > > On 8/22/19 10:56 AM, Ihar Hrachyshka wrote: > > On Thu, Aug 22, 2019 at 2:24 AM Daniel P. Berrangé <berrange@redhat.com> wrote: > >> > >> On Wed, Aug 21, 2019 at 01:37:21PM -0700, Ihar Hrachyshka wrote: > >>> Hi all, > >>> > >>> KubeVirt uses

...t; limit, but I assume it's because of swap. I can be totally confused on > that part though. What I understand from an IRC conversation with Alex just now is that increasing RLIMIT_MEMLOCK isn't done just to prevent any of the pages being swapped out. It's done because "all GPAs (Guest Physical Addresses) that could potentially be DMA targets need to have fixed mappings through the iommu, therefore all need to be allocated and mappings fixed [...] setting rlimit allows us to perform all the necessary pins within the user's locked memory limit". So even if swa...

...tup the backend. Signed-off-by: Tiwei Bie <tiwei.bie at intel.com> --- This patch depends on below series: https://lkml.org/lkml/2019/9/24/357 RFC v4 -> v1: - Implement vhost-mdev as a mdev device driver directly and connect it to VFIO container/group. (Jason); - Pass ring addresses as GPAs/IOVAs in vhost-mdev to avoid meaningless HVA->GPA translations (Jason); RFC v3 -> RFC v4: - Build vhost-mdev on top of the same abstraction used by virtio-mdev (Jason); - Introduce vhost fd and pass VFIO fd via SET_BACKEND ioctl (MST); RFC v2 -> RFC v3: - Reuse vhost's ioctls ins...

...tup the backend. Signed-off-by: Tiwei Bie <tiwei.bie at intel.com> --- This patch depends on below series: https://lkml.org/lkml/2019/9/24/357 RFC v4 -> v1: - Implement vhost-mdev as a mdev device driver directly and connect it to VFIO container/group. (Jason); - Pass ring addresses as GPAs/IOVAs in vhost-mdev to avoid meaningless HVA->GPA translations (Jason); RFC v3 -> RFC v4: - Build vhost-mdev on top of the same abstraction used by virtio-mdev (Jason); - Introduce vhost fd and pass VFIO fd via SET_BACKEND ioctl (MST); RFC v2 -> RFC v3: - Reuse vhost's ioctls ins...

...ie <tiwei.bie at intel.com> > --- > This patch depends on below series: > https://lkml.org/lkml/2019/9/24/357 > > RFC v4 -> v1: > - Implement vhost-mdev as a mdev device driver directly and > connect it to VFIO container/group. (Jason); > - Pass ring addresses as GPAs/IOVAs in vhost-mdev to avoid > meaningless HVA->GPA translations (Jason); > > RFC v3 -> RFC v4: > - Build vhost-mdev on top of the same abstraction used by > virtio-mdev (Jason); > - Introduce vhost fd and pass VFIO fd via SET_BACKEND ioctl (MST); > > RFC v2 -&gt...

...LE (Jason); - Only support the network backend w/o multiqueue for now; - Some minor fixes and improvements; - Rebase on top of virtio-mdev series v4; RFC v4 -> v1: - Implement vhost-mdev as a mdev device driver directly and connect it to VFIO container/group. (Jason); - Pass ring addresses as GPAs/IOVAs in vhost-mdev to avoid meaningless HVA->GPA translations (Jason); RFC v3 -> RFC v4: - Build vhost-mdev on top of the same abstraction used by virtio-mdev (Jason); - Introduce vhost fd and pass VFIO fd via SET_BACKEND ioctl (MST); RFC v2 -> RFC v3: - Reuse vhost's ioctls ins...

...LE (Jason); - Only support the network backend w/o multiqueue for now; - Some minor fixes and improvements; - Rebase on top of virtio-mdev series v4; RFC v4 -> v1: - Implement vhost-mdev as a mdev device driver directly and connect it to VFIO container/group. (Jason); - Pass ring addresses as GPAs/IOVAs in vhost-mdev to avoid meaningless HVA->GPA translations (Jason); RFC v3 -> RFC v4: - Build vhost-mdev on top of the same abstraction used by virtio-mdev (Jason); - Introduce vhost fd and pass VFIO fd via SET_BACKEND ioctl (MST); RFC v2 -> RFC v3: - Reuse vhost's ioctls ins...

...-- > This patch depends on below series: > https://lkml.org/lkml/2019/9/24/357 Looks pretty nice, comments inline. > > RFC v4 -> v1: > - Implement vhost-mdev as a mdev device driver directly and > connect it to VFIO container/group. (Jason); > - Pass ring addresses as GPAs/IOVAs in vhost-mdev to avoid > meaningless HVA->GPA translations (Jason); > > RFC v3 -> RFC v4: > - Build vhost-mdev on top of the same abstraction used by > virtio-mdev (Jason); > - Introduce vhost fd and pass VFIO fd via SET_BACKEND ioctl (MST); > > RFC v2 -&gt...

From: Mihai Don?u <mdontu at bitdefender.com> This command sets the spte access bits (rwx) for an array of guest physical addresses (through the page tracking subsystem). These GPAs, with the requested access bits, are also kept in a radix tree in order to filter out the #PF events which are of no interest to the introspection tool. The access restrictions for pages that are not visible to the guest are silently ignored by default (the tool might set restrictions for the whol...

...LE (Jason); - Only support the network backend w/o multiqueue for now; - Some minor fixes and improvements; - Rebase on top of virtio-mdev series v4; RFC v4 -> v1: - Implement vhost-mdev as a mdev device driver directly and connect it to VFIO container/group. (Jason); - Pass ring addresses as GPAs/IOVAs in vhost-mdev to avoid meaningless HVA->GPA translations (Jason); RFC v3 -> RFC v4: - Build vhost-mdev on top of the same abstraction used by virtio-mdev (Jason); - Introduce vhost fd and pass VFIO fd via SET_BACKEND ioctl (MST); RFC v2 -> RFC v3: - Reuse vhost's ioctls ins...