From: Sean Christopherson <seanjc@google.com>
To: Zeng Guang <guang.zeng@intel.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
H Peter Anvin <hpa@zytor.com>,
kvm@vger.kernel.org, x86@kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v1 3/6] KVM: VMX: Add new ops in kvm_x86_ops for LASS violation check
Date: Tue, 27 Jun 2023 15:45:11 -0700 [thread overview]
Message-ID: <ZJtmdxrr2cC+gpVO@google.com> (raw)
In-Reply-To: <ZJspu3uS2mirF+4k@google.com>
On Tue, Jun 27, 2023, Sean Christopherson wrote:
> > + /*
> > + * An access is a supervisor-mode access if CPL < 3 or if it implicitly
> > + * accesses a system data structure. For implicit accesses to system
> > + * data structure, the processor acts as if RFLAGS.AC is clear.
> > + */
> > + if (access & PFERR_IMPLICIT_ACCESS) {
>
> Please don't use PFERR_IMPLICIT_ACCESS, just extend the new flags. This is
> obviously not coming from a page fault. PFERR_IMPLICIT_ACCESS really shouldn't
> exist, but at least there was reasonable justification for adding it (changing
> all of the paths that lead to permission_fault() would have require a massive
> overhaul).
>
> ***HOWEVER***
>
> I think the entire approach of hooking __linearize() may be a mistake, and LASS
> should instead be implemented in a wrapper of ->gva_to_gpa(). The two calls to
> __linearize() that are escaped with SKIPLASS are escaped *because* they don't
> actually access memory (branch targets and INVLPG), and so if LASS is enforced
> only when ->gva_to_gpa() is invoked, all of these new flags go away because the
> cases that ignore LASS are naturally handled.
>
> That should also make it unnecessary to add one-off checks since e.g. kvm_handle_invpcid()
> will hit kvm_read_guest_virt() and thus ->gva_to_gpa(), i.e. we won't end up playing
> an ongoing game of whack-a-mole.
Drat, that won't work, at least not without quite a few more changes.
1. kvm_{read,write,fetch}_guest_virt() are effectively defined to work with a
fully resolve linear address, i.e. callers assume failure means #PF
2. Similar to (1), segment information isn't available, i.e. KVM wouldn't know
when to inject #SS instead of #GP
And IIUC, LASS violations are higher priority than instruction specific alignment
checks, e.g. on CMPXCHG16B.
And looking at LAM, that untagging needs to be done before the canonical checks,
which means that we'll need at least X86EMUL_F_INVLPG.
So my idea of shoving this into a ->gva_to_gpa() wrapper won't work well. Bummer.
next prev parent reply other threads:[~2023-06-27 22:45 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-01 14:23 [PATCH v1 0/6] LASS KVM virtualization support Zeng Guang
2023-06-01 14:23 ` [PATCH v1 1/6] KVM: x86: Consolidate flags for __linearize() Zeng Guang
2023-06-27 17:40 ` Sean Christopherson
2023-06-28 5:13 ` Binbin Wu
2023-06-28 7:27 ` Zeng Guang
2023-06-01 14:23 ` [PATCH v1 2/6] KVM: x86: Virtualize CR4.LASS Zeng Guang
2023-06-05 1:57 ` Binbin Wu
2023-06-06 2:57 ` Zeng Guang
2023-06-27 17:43 ` Sean Christopherson
2023-06-28 8:19 ` Zeng Guang
2023-08-16 22:16 ` Sean Christopherson
2023-06-01 14:23 ` [PATCH v1 3/6] KVM: VMX: Add new ops in kvm_x86_ops for LASS violation check Zeng Guang
2023-06-05 3:31 ` Binbin Wu
2023-06-05 12:53 ` Zhi Wang
2023-06-06 2:57 ` Binbin Wu
2023-06-06 3:53 ` Zhi Wang
2023-06-07 6:28 ` Zeng Guang
2023-06-05 3:47 ` Chao Gao
2023-06-06 6:22 ` Zeng Guang
2023-06-05 14:07 ` Yuan Yao
2023-06-06 3:08 ` Zeng Guang
2023-06-27 18:26 ` Sean Christopherson
2023-06-27 22:45 ` Sean Christopherson [this message]
2023-06-30 18:50 ` Zeng Guang
2023-06-01 14:23 ` [PATCH v1 4/6] KVM: x86: Add emulator helper " Zeng Guang
2023-06-27 18:28 ` Sean Christopherson
2023-06-29 15:06 ` Zeng Guang
2023-06-01 14:23 ` [PATCH v1 5/6] KVM: x86: LASS protection on KVM emulation Zeng Guang
2023-06-06 4:20 ` Binbin Wu
2023-06-01 14:23 ` [PATCH v1 6/6] KVM: x86: Advertise LASS CPUID to user space Zeng Guang
2023-06-02 0:35 ` [PATCH v1 0/6] LASS KVM virtualization support Sean Christopherson
2023-06-06 2:22 ` Zeng Guang
2023-06-05 1:39 ` Binbin Wu
2023-06-06 2:40 ` Zeng Guang
2023-06-27 17:08 ` Sean Christopherson
2023-06-28 8:42 ` Zeng Guang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZJtmdxrr2cC+gpVO@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=guang.zeng@intel.com \
--cc=hpa@zytor.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.