From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: "Kirill A. Shutemov" <kirill@shutemov.name>
Cc: David Rientjes <rientjes@google.com>,
Andrea Arcangeli <aarcange@redhat.com>,
Kees Cook <keescook@chromium.org>, Will Drewry <wad@chromium.org>,
"Edgecombe\, Rick P" <rick.p.edgecombe@intel.com>, "Kleen\,
Andi" <andi.kleen@intel.com>,
x86@kernel.org, kvm@vger.kernel.org, linux-mm@kvack.org,
linux-kernel@vger.kernel.org,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Sean Christopherson <sean.j.christopherson@intel.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>
Subject: Re: [RFC 02/16] x86/kvm: Introduce KVM memory protection feature
Date: Mon, 25 May 2020 16:58:51 +0200 [thread overview]
Message-ID: <87d06s83is.fsf@vitty.brq.redhat.com> (raw)
In-Reply-To: <20200522125214.31348-3-kirill.shutemov@linux.intel.com>
"Kirill A. Shutemov" <kirill@shutemov.name> writes:
> Provide basic helpers, KVM_FEATURE and a hypercall.
>
> Host side doesn't provide the feature yet, so it is a dead code for now.
>
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
> ---
> arch/x86/include/asm/kvm_para.h | 5 +++++
> arch/x86/include/uapi/asm/kvm_para.h | 3 ++-
> arch/x86/kernel/kvm.c | 16 ++++++++++++++++
> include/uapi/linux/kvm_para.h | 3 ++-
> 4 files changed, 25 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/include/asm/kvm_para.h b/arch/x86/include/asm/kvm_para.h
> index 9b4df6eaa11a..3ce84fc07144 100644
> --- a/arch/x86/include/asm/kvm_para.h
> +++ b/arch/x86/include/asm/kvm_para.h
> @@ -10,11 +10,16 @@ extern void kvmclock_init(void);
>
> #ifdef CONFIG_KVM_GUEST
> bool kvm_check_and_clear_guest_paused(void);
> +bool kvm_mem_protected(void);
> #else
> static inline bool kvm_check_and_clear_guest_paused(void)
> {
> return false;
> }
> +static inline bool kvm_mem_protected(void)
> +{
> + return false;
> +}
> #endif /* CONFIG_KVM_GUEST */
>
> #define KVM_HYPERCALL \
> diff --git a/arch/x86/include/uapi/asm/kvm_para.h b/arch/x86/include/uapi/asm/kvm_para.h
> index 2a8e0b6b9805..c3b499acc98f 100644
> --- a/arch/x86/include/uapi/asm/kvm_para.h
> +++ b/arch/x86/include/uapi/asm/kvm_para.h
> @@ -28,9 +28,10 @@
> #define KVM_FEATURE_PV_UNHALT 7
> #define KVM_FEATURE_PV_TLB_FLUSH 9
> #define KVM_FEATURE_ASYNC_PF_VMEXIT 10
> -#define KVM_FEATURE_PV_SEND_IPI 11
> +#define KVM_FEATURE_PV_SEND_IPI 11
Nit: spurrious change
> #define KVM_FEATURE_POLL_CONTROL 12
> #define KVM_FEATURE_PV_SCHED_YIELD 13
> +#define KVM_FEATURE_MEM_PROTECTED 14
>
> #define KVM_HINTS_REALTIME 0
>
> diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
> index 6efe0410fb72..bda761ca0d26 100644
> --- a/arch/x86/kernel/kvm.c
> +++ b/arch/x86/kernel/kvm.c
> @@ -35,6 +35,13 @@
> #include <asm/tlb.h>
> #include <asm/cpuidle_haltpoll.h>
>
> +static bool mem_protected;
> +
> +bool kvm_mem_protected(void)
> +{
> + return mem_protected;
> +}
> +
Honestly, I don't see a need for kvm_mem_protected(), just rename the
bool if you need kvm_ prefix :-)
> static int kvmapf = 1;
>
> static int __init parse_no_kvmapf(char *arg)
> @@ -727,6 +734,15 @@ static void __init kvm_init_platform(void)
> {
> kvmclock_init();
> x86_platform.apic_post_init = kvm_apic_init;
> +
> + if (kvm_para_has_feature(KVM_FEATURE_MEM_PROTECTED)) {
> + if (kvm_hypercall0(KVM_HC_ENABLE_MEM_PROTECTED)) {
> + pr_err("Failed to enable KVM memory protection\n");
> + return;
> + }
> +
> + mem_protected = true;
> + }
> }
Personally, I'd prefer to do this via setting a bit in a KVM-specific
MSR instead. The benefit is that the guest doesn't need to remember if
it enabled the feature or not, it can always read the config msr. May
come handy for e.g. kexec/kdump.
>
> const __initconst struct hypervisor_x86 x86_hyper_kvm = {
> diff --git a/include/uapi/linux/kvm_para.h b/include/uapi/linux/kvm_para.h
> index 8b86609849b9..1a216f32e572 100644
> --- a/include/uapi/linux/kvm_para.h
> +++ b/include/uapi/linux/kvm_para.h
> @@ -27,8 +27,9 @@
> #define KVM_HC_MIPS_EXIT_VM 7
> #define KVM_HC_MIPS_CONSOLE_OUTPUT 8
> #define KVM_HC_CLOCK_PAIRING 9
> -#define KVM_HC_SEND_IPI 10
> +#define KVM_HC_SEND_IPI 10
Same spurrious change detected.
> #define KVM_HC_SCHED_YIELD 11
> +#define KVM_HC_ENABLE_MEM_PROTECTED 12
>
> /*
> * hypercalls use architecture specific
--
Vitaly
next prev parent reply other threads:[~2020-05-25 14:59 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-22 12:51 [RFC 00/16] KVM protected memory extension Kirill A. Shutemov
2020-05-22 12:51 ` [RFC 01/16] x86/mm: Move force_dma_unencrypted() to common code Kirill A. Shutemov
2020-05-22 12:52 ` [RFC 02/16] x86/kvm: Introduce KVM memory protection feature Kirill A. Shutemov
2020-05-25 14:58 ` Vitaly Kuznetsov [this message]
2020-05-25 15:15 ` Kirill A. Shutemov
2020-05-27 5:03 ` Sean Christopherson
2020-05-27 8:39 ` Vitaly Kuznetsov
2020-05-27 8:52 ` Sean Christopherson
2020-06-03 2:09 ` Huang, Kai
2020-06-03 11:14 ` Vitaly Kuznetsov
2020-05-22 12:52 ` [RFC 03/16] x86/kvm: Make DMA pages shared Kirill A. Shutemov
2020-05-22 12:52 ` [RFC 04/16] x86/kvm: Use bounce buffers for KVM memory protection Kirill A. Shutemov
2020-05-22 12:52 ` [RFC 05/16] x86/kvm: Make VirtIO use DMA API in KVM guest Kirill A. Shutemov
2020-05-22 12:52 ` [RFC 06/16] KVM: Use GUP instead of copy_from/to_user() to access guest memory Kirill A. Shutemov
2020-05-25 15:08 ` Vitaly Kuznetsov
2020-05-25 15:17 ` Kirill A. Shutemov
2020-06-01 16:35 ` Paolo Bonzini
2020-06-02 13:33 ` Kirill A. Shutemov
2020-05-26 6:14 ` Mike Rapoport
2020-05-26 21:56 ` Kirill A. Shutemov
2020-05-29 15:24 ` Kees Cook
2020-05-22 12:52 ` [RFC 07/16] KVM: mm: Introduce VM_KVM_PROTECTED Kirill A. Shutemov
2020-05-26 6:15 ` Mike Rapoport
2020-05-26 22:01 ` Kirill A. Shutemov
2020-05-26 6:40 ` John Hubbard
2020-05-26 22:04 ` Kirill A. Shutemov
2020-05-22 12:52 ` [RFC 08/16] KVM: x86: Use GUP for page walk instead of __get_user() Kirill A. Shutemov
2020-05-22 12:52 ` [RFC 09/16] KVM: Protected memory extension Kirill A. Shutemov
2020-05-25 15:26 ` Vitaly Kuznetsov
2020-05-25 15:34 ` Kirill A. Shutemov
2020-06-03 1:34 ` Huang, Kai
2020-05-22 12:52 ` [RFC 10/16] KVM: x86: Enabled protected " Kirill A. Shutemov
2020-05-25 15:26 ` Vitaly Kuznetsov
2020-05-26 6:16 ` Mike Rapoport
2020-05-26 21:58 ` Kirill A. Shutemov
2020-05-22 12:52 ` [RFC 11/16] KVM: Rework copy_to/from_guest() to avoid direct mapping Kirill A. Shutemov
2020-05-22 12:52 ` [RFC 12/16] x86/kvm: Share steal time page with host Kirill A. Shutemov
2020-05-22 12:52 ` [RFC 13/16] x86/kvmclock: Share hvclock memory with the host Kirill A. Shutemov
2020-05-25 15:22 ` Vitaly Kuznetsov
2020-05-25 15:25 ` Kirill A. Shutemov
2020-05-25 15:42 ` Vitaly Kuznetsov
2020-05-22 12:52 ` [RFC 14/16] KVM: Introduce gfn_to_pfn_memslot_protected() Kirill A. Shutemov
2020-05-22 12:52 ` [RFC 15/16] KVM: Handle protected memory in __kvm_map_gfn()/__kvm_unmap_gfn() Kirill A. Shutemov
2020-05-22 12:52 ` [RFC 16/16] KVM: Unmap protected pages from direct mapping Kirill A. Shutemov
2020-05-26 6:16 ` Mike Rapoport
2020-05-26 22:10 ` Kirill A. Shutemov
2020-05-25 5:27 ` [RFC 00/16] KVM protected memory extension Kirill A. Shutemov
2020-05-25 13:47 ` Liran Alon
2020-05-25 14:46 ` Kirill A. Shutemov
2020-05-25 15:56 ` Liran Alon
2020-05-26 6:17 ` Mike Rapoport
2020-05-26 10:16 ` Liran Alon
2020-05-26 11:38 ` Mike Rapoport
2020-05-27 15:45 ` Dave Hansen
2020-05-27 21:22 ` Mike Rapoport
2020-06-04 15:15 ` Marc Zyngier
2020-06-04 15:48 ` Sean Christopherson
2020-06-04 16:27 ` Marc Zyngier
2020-06-04 16:35 ` Will Deacon
2020-06-04 19:09 ` Nakajima, Jun
2020-06-04 21:03 ` Jim Mattson
2020-06-04 23:29 ` Nakajima, Jun
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87d06s83is.fsf@vitty.brq.redhat.com \
--to=vkuznets@redhat.com \
--cc=aarcange@redhat.com \
--cc=andi.kleen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=keescook@chromium.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=kirill@shutemov.name \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=rientjes@google.com \
--cc=sean.j.christopherson@intel.com \
--cc=wad@chromium.org \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).