* [PATCH] KVM: PPC: HV: Remove generic instruction emulation
@ 2014-07-30 13:27 ` Alexander Graf
0 siblings, 0 replies; 10+ messages in thread
From: Alexander Graf @ 2014-07-30 13:27 UTC (permalink / raw)
To: kvm-ppc; +Cc: kvm
Now that we have properly split load/store instruction emulation and generic
instruction emulation, we can move the generic one from kvm.ko to kvm-pr.ko
on book3s_64.
This reduces the attack surface and amount of code loaded on HV KVM kernels.
Signed-off-by: Alexander Graf <agraf@suse.de>
---
arch/powerpc/kvm/Makefile | 2 +-
arch/powerpc/kvm/trace_pr.h | 20 ++++++++++++++++++++
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/kvm/Makefile b/arch/powerpc/kvm/Makefile
index 1ccd7a1..2d590de 100644
--- a/arch/powerpc/kvm/Makefile
+++ b/arch/powerpc/kvm/Makefile
@@ -48,6 +48,7 @@ kvm-book3s_64-builtin-objs-$(CONFIG_KVM_BOOK3S_64_HANDLER) := \
kvm-pr-y := \
fpu.o \
+ emulate.o \
book3s_paired_singles.o \
book3s_pr.o \
book3s_pr_papr.o \
@@ -91,7 +92,6 @@ kvm-book3s_64-module-objs += \
$(KVM)/kvm_main.o \
$(KVM)/eventfd.o \
powerpc.o \
- emulate.o \
emulate_loadstore.o \
book3s.o \
book3s_64_vio.o \
diff --git a/arch/powerpc/kvm/trace_pr.h b/arch/powerpc/kvm/trace_pr.h
index e1357cd..a674f09 100644
--- a/arch/powerpc/kvm/trace_pr.h
+++ b/arch/powerpc/kvm/trace_pr.h
@@ -291,6 +291,26 @@ TRACE_EVENT(kvm_unmap_hva,
TP_printk("unmap hva 0x%lx\n", __entry->hva)
);
+TRACE_EVENT(kvm_ppc_instr,
+ TP_PROTO(unsigned int inst, unsigned long _pc, unsigned int emulate),
+ TP_ARGS(inst, _pc, emulate),
+
+ TP_STRUCT__entry(
+ __field( unsigned int, inst )
+ __field( unsigned long, pc )
+ __field( unsigned int, emulate )
+ ),
+
+ TP_fast_assign(
+ __entry->inst = inst;
+ __entry->pc = _pc;
+ __entry->emulate = emulate;
+ ),
+
+ TP_printk("inst %u pc 0x%lx emulate %u\n",
+ __entry->inst, __entry->pc, __entry->emulate)
+);
+
#endif /* _TRACE_KVM_H */
/* This part must be outside protection */
--
1.8.1.4
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH] KVM: PPC: HV: Remove generic instruction emulation
@ 2014-07-30 13:27 ` Alexander Graf
0 siblings, 0 replies; 10+ messages in thread
From: Alexander Graf @ 2014-07-30 13:27 UTC (permalink / raw)
To: kvm-ppc; +Cc: kvm
Now that we have properly split load/store instruction emulation and generic
instruction emulation, we can move the generic one from kvm.ko to kvm-pr.ko
on book3s_64.
This reduces the attack surface and amount of code loaded on HV KVM kernels.
Signed-off-by: Alexander Graf <agraf@suse.de>
---
arch/powerpc/kvm/Makefile | 2 +-
arch/powerpc/kvm/trace_pr.h | 20 ++++++++++++++++++++
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/kvm/Makefile b/arch/powerpc/kvm/Makefile
index 1ccd7a1..2d590de 100644
--- a/arch/powerpc/kvm/Makefile
+++ b/arch/powerpc/kvm/Makefile
@@ -48,6 +48,7 @@ kvm-book3s_64-builtin-objs-$(CONFIG_KVM_BOOK3S_64_HANDLER) := \
kvm-pr-y := \
fpu.o \
+ emulate.o \
book3s_paired_singles.o \
book3s_pr.o \
book3s_pr_papr.o \
@@ -91,7 +92,6 @@ kvm-book3s_64-module-objs += \
$(KVM)/kvm_main.o \
$(KVM)/eventfd.o \
powerpc.o \
- emulate.o \
emulate_loadstore.o \
book3s.o \
book3s_64_vio.o \
diff --git a/arch/powerpc/kvm/trace_pr.h b/arch/powerpc/kvm/trace_pr.h
index e1357cd..a674f09 100644
--- a/arch/powerpc/kvm/trace_pr.h
+++ b/arch/powerpc/kvm/trace_pr.h
@@ -291,6 +291,26 @@ TRACE_EVENT(kvm_unmap_hva,
TP_printk("unmap hva 0x%lx\n", __entry->hva)
);
+TRACE_EVENT(kvm_ppc_instr,
+ TP_PROTO(unsigned int inst, unsigned long _pc, unsigned int emulate),
+ TP_ARGS(inst, _pc, emulate),
+
+ TP_STRUCT__entry(
+ __field( unsigned int, inst )
+ __field( unsigned long, pc )
+ __field( unsigned int, emulate )
+ ),
+
+ TP_fast_assign(
+ __entry->inst = inst;
+ __entry->pc = _pc;
+ __entry->emulate = emulate;
+ ),
+
+ TP_printk("inst %u pc 0x%lx emulate %u\n",
+ __entry->inst, __entry->pc, __entry->emulate)
+);
+
#endif /* _TRACE_KVM_H */
/* This part must be outside protection */
--
1.8.1.4
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH] KVM: PPC: HV: Remove generic instruction emulation
2014-07-30 13:27 ` Alexander Graf
@ 2014-07-30 16:21 ` Paolo Bonzini
-1 siblings, 0 replies; 10+ messages in thread
From: Paolo Bonzini @ 2014-07-30 16:21 UTC (permalink / raw)
To: Alexander Graf, kvm-ppc; +Cc: kvm
Il 30/07/2014 15:27, Alexander Graf ha scritto:
> Now that we have properly split load/store instruction emulation and generic
> instruction emulation, we can move the generic one from kvm.ko to kvm-pr.ko
> on book3s_64.
>
> This reduces the attack surface and amount of code loaded on HV KVM kernels.
Can emulation races happen on HV KVM like you can have on x86?
Basically one CPU writes to MMIO while the other patches instructions so
that basically anything can end up in the hands of the emulator? On PPC
it may even happen simply because of a missing icache invalidation, I
think, since it doesn't support self-modifying code without explicit
invalidation.
Paolo
> Signed-off-by: Alexander Graf <agraf@suse.de>
> ---
> arch/powerpc/kvm/Makefile | 2 +-
> arch/powerpc/kvm/trace_pr.h | 20 ++++++++++++++++++++
> 2 files changed, 21 insertions(+), 1 deletion(-)
>
> diff --git a/arch/powerpc/kvm/Makefile b/arch/powerpc/kvm/Makefile
> index 1ccd7a1..2d590de 100644
> --- a/arch/powerpc/kvm/Makefile
> +++ b/arch/powerpc/kvm/Makefile
> @@ -48,6 +48,7 @@ kvm-book3s_64-builtin-objs-$(CONFIG_KVM_BOOK3S_64_HANDLER) := \
>
> kvm-pr-y := \
> fpu.o \
> + emulate.o \
> book3s_paired_singles.o \
> book3s_pr.o \
> book3s_pr_papr.o \
> @@ -91,7 +92,6 @@ kvm-book3s_64-module-objs += \
> $(KVM)/kvm_main.o \
> $(KVM)/eventfd.o \
> powerpc.o \
> - emulate.o \
> emulate_loadstore.o \
> book3s.o \
> book3s_64_vio.o \
> diff --git a/arch/powerpc/kvm/trace_pr.h b/arch/powerpc/kvm/trace_pr.h
> index e1357cd..a674f09 100644
> --- a/arch/powerpc/kvm/trace_pr.h
> +++ b/arch/powerpc/kvm/trace_pr.h
> @@ -291,6 +291,26 @@ TRACE_EVENT(kvm_unmap_hva,
> TP_printk("unmap hva 0x%lx\n", __entry->hva)
> );
>
> +TRACE_EVENT(kvm_ppc_instr,
> + TP_PROTO(unsigned int inst, unsigned long _pc, unsigned int emulate),
> + TP_ARGS(inst, _pc, emulate),
> +
> + TP_STRUCT__entry(
> + __field( unsigned int, inst )
> + __field( unsigned long, pc )
> + __field( unsigned int, emulate )
> + ),
> +
> + TP_fast_assign(
> + __entry->inst = inst;
> + __entry->pc = _pc;
> + __entry->emulate = emulate;
> + ),
> +
> + TP_printk("inst %u pc 0x%lx emulate %u\n",
> + __entry->inst, __entry->pc, __entry->emulate)
> +);
> +
> #endif /* _TRACE_KVM_H */
>
> /* This part must be outside protection */
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] KVM: PPC: HV: Remove generic instruction emulation
@ 2014-07-30 16:21 ` Paolo Bonzini
0 siblings, 0 replies; 10+ messages in thread
From: Paolo Bonzini @ 2014-07-30 16:21 UTC (permalink / raw)
To: Alexander Graf, kvm-ppc; +Cc: kvm
Il 30/07/2014 15:27, Alexander Graf ha scritto:
> Now that we have properly split load/store instruction emulation and generic
> instruction emulation, we can move the generic one from kvm.ko to kvm-pr.ko
> on book3s_64.
>
> This reduces the attack surface and amount of code loaded on HV KVM kernels.
Can emulation races happen on HV KVM like you can have on x86?
Basically one CPU writes to MMIO while the other patches instructions so
that basically anything can end up in the hands of the emulator? On PPC
it may even happen simply because of a missing icache invalidation, I
think, since it doesn't support self-modifying code without explicit
invalidation.
Paolo
> Signed-off-by: Alexander Graf <agraf@suse.de>
> ---
> arch/powerpc/kvm/Makefile | 2 +-
> arch/powerpc/kvm/trace_pr.h | 20 ++++++++++++++++++++
> 2 files changed, 21 insertions(+), 1 deletion(-)
>
> diff --git a/arch/powerpc/kvm/Makefile b/arch/powerpc/kvm/Makefile
> index 1ccd7a1..2d590de 100644
> --- a/arch/powerpc/kvm/Makefile
> +++ b/arch/powerpc/kvm/Makefile
> @@ -48,6 +48,7 @@ kvm-book3s_64-builtin-objs-$(CONFIG_KVM_BOOK3S_64_HANDLER) := \
>
> kvm-pr-y := \
> fpu.o \
> + emulate.o \
> book3s_paired_singles.o \
> book3s_pr.o \
> book3s_pr_papr.o \
> @@ -91,7 +92,6 @@ kvm-book3s_64-module-objs += \
> $(KVM)/kvm_main.o \
> $(KVM)/eventfd.o \
> powerpc.o \
> - emulate.o \
> emulate_loadstore.o \
> book3s.o \
> book3s_64_vio.o \
> diff --git a/arch/powerpc/kvm/trace_pr.h b/arch/powerpc/kvm/trace_pr.h
> index e1357cd..a674f09 100644
> --- a/arch/powerpc/kvm/trace_pr.h
> +++ b/arch/powerpc/kvm/trace_pr.h
> @@ -291,6 +291,26 @@ TRACE_EVENT(kvm_unmap_hva,
> TP_printk("unmap hva 0x%lx\n", __entry->hva)
> );
>
> +TRACE_EVENT(kvm_ppc_instr,
> + TP_PROTO(unsigned int inst, unsigned long _pc, unsigned int emulate),
> + TP_ARGS(inst, _pc, emulate),
> +
> + TP_STRUCT__entry(
> + __field( unsigned int, inst )
> + __field( unsigned long, pc )
> + __field( unsigned int, emulate )
> + ),
> +
> + TP_fast_assign(
> + __entry->inst = inst;
> + __entry->pc = _pc;
> + __entry->emulate = emulate;
> + ),
> +
> + TP_printk("inst %u pc 0x%lx emulate %u\n",
> + __entry->inst, __entry->pc, __entry->emulate)
> +);
> +
> #endif /* _TRACE_KVM_H */
>
> /* This part must be outside protection */
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] KVM: PPC: HV: Remove generic instruction emulation
2014-07-30 16:21 ` Paolo Bonzini
@ 2014-07-30 18:57 ` Alexander Graf
-1 siblings, 0 replies; 10+ messages in thread
From: Alexander Graf @ 2014-07-30 18:57 UTC (permalink / raw)
To: Paolo Bonzini, kvm-ppc; +Cc: kvm
On 30.07.14 18:21, Paolo Bonzini wrote:
> Il 30/07/2014 15:27, Alexander Graf ha scritto:
>> Now that we have properly split load/store instruction emulation and generic
>> instruction emulation, we can move the generic one from kvm.ko to kvm-pr.ko
>> on book3s_64.
>>
>> This reduces the attack surface and amount of code loaded on HV KVM kernels.
> Can emulation races happen on HV KVM like you can have on x86?
> Basically one CPU writes to MMIO while the other patches instructions so
> that basically anything can end up in the hands of the emulator? On PPC
> it may even happen simply because of a missing icache invalidation, I
> think, since it doesn't support self-modifying code without explicit
> invalidation.
Yes, this is perfectly possible. As of my last patch set we will never
enter the generic emulator for HV KVM, so that race is moot (we just
inject a PROGRAM interrupt into the guest). With this patch even the
code to emulate these bits doesn't exist in the kernel anymore if you
don't modprobe kvm-pr.ko.
Alex
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] KVM: PPC: HV: Remove generic instruction emulation
@ 2014-07-30 18:57 ` Alexander Graf
0 siblings, 0 replies; 10+ messages in thread
From: Alexander Graf @ 2014-07-30 18:57 UTC (permalink / raw)
To: Paolo Bonzini, kvm-ppc; +Cc: kvm
On 30.07.14 18:21, Paolo Bonzini wrote:
> Il 30/07/2014 15:27, Alexander Graf ha scritto:
>> Now that we have properly split load/store instruction emulation and generic
>> instruction emulation, we can move the generic one from kvm.ko to kvm-pr.ko
>> on book3s_64.
>>
>> This reduces the attack surface and amount of code loaded on HV KVM kernels.
> Can emulation races happen on HV KVM like you can have on x86?
> Basically one CPU writes to MMIO while the other patches instructions so
> that basically anything can end up in the hands of the emulator? On PPC
> it may even happen simply because of a missing icache invalidation, I
> think, since it doesn't support self-modifying code without explicit
> invalidation.
Yes, this is perfectly possible. As of my last patch set we will never
enter the generic emulator for HV KVM, so that race is moot (we just
inject a PROGRAM interrupt into the guest). With this patch even the
code to emulate these bits doesn't exist in the kernel anymore if you
don't modprobe kvm-pr.ko.
Alex
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] KVM: PPC: HV: Remove generic instruction emulation
2014-07-30 18:57 ` Alexander Graf
@ 2014-07-30 19:47 ` Paolo Bonzini
-1 siblings, 0 replies; 10+ messages in thread
From: Paolo Bonzini @ 2014-07-30 19:47 UTC (permalink / raw)
To: Alexander Graf, kvm-ppc; +Cc: kvm
Il 30/07/2014 20:57, Alexander Graf ha scritto:
> Yes, this is perfectly possible. As of my last patch set we will never
> enter the generic emulator for HV KVM, so that race is moot (we just
> inject a PROGRAM interrupt into the guest). With this patch even the
> code to emulate these bits doesn't exist in the kernel anymore if you
> don't modprobe kvm-pr.ko.
What is a PROGRAM interrupt? :)
Paolo
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] KVM: PPC: HV: Remove generic instruction emulation
@ 2014-07-30 19:47 ` Paolo Bonzini
0 siblings, 0 replies; 10+ messages in thread
From: Paolo Bonzini @ 2014-07-30 19:47 UTC (permalink / raw)
To: Alexander Graf, kvm-ppc; +Cc: kvm
Il 30/07/2014 20:57, Alexander Graf ha scritto:
> Yes, this is perfectly possible. As of my last patch set we will never
> enter the generic emulator for HV KVM, so that race is moot (we just
> inject a PROGRAM interrupt into the guest). With this patch even the
> code to emulate these bits doesn't exist in the kernel anymore if you
> don't modprobe kvm-pr.ko.
What is a PROGRAM interrupt? :)
Paolo
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] KVM: PPC: HV: Remove generic instruction emulation
2014-07-30 19:47 ` Paolo Bonzini
@ 2014-07-30 19:48 ` Alexander Graf
-1 siblings, 0 replies; 10+ messages in thread
From: Alexander Graf @ 2014-07-30 19:48 UTC (permalink / raw)
To: Paolo Bonzini, kvm-ppc; +Cc: kvm
On 30.07.14 21:47, Paolo Bonzini wrote:
> Il 30/07/2014 20:57, Alexander Graf ha scritto:
>> Yes, this is perfectly possible. As of my last patch set we will never
>> enter the generic emulator for HV KVM, so that race is moot (we just
>> inject a PROGRAM interrupt into the guest). With this patch even the
>> code to emulate these bits doesn't exist in the kernel anymore if you
>> don't modprobe kvm-pr.ko.
> What is a PROGRAM interrupt? :)
The thing that happens when you invoke an illegal or privileged
instruction ;)
Alex
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] KVM: PPC: HV: Remove generic instruction emulation
@ 2014-07-30 19:48 ` Alexander Graf
0 siblings, 0 replies; 10+ messages in thread
From: Alexander Graf @ 2014-07-30 19:48 UTC (permalink / raw)
To: Paolo Bonzini, kvm-ppc; +Cc: kvm
On 30.07.14 21:47, Paolo Bonzini wrote:
> Il 30/07/2014 20:57, Alexander Graf ha scritto:
>> Yes, this is perfectly possible. As of my last patch set we will never
>> enter the generic emulator for HV KVM, so that race is moot (we just
>> inject a PROGRAM interrupt into the guest). With this patch even the
>> code to emulate these bits doesn't exist in the kernel anymore if you
>> don't modprobe kvm-pr.ko.
> What is a PROGRAM interrupt? :)
The thing that happens when you invoke an illegal or privileged
instruction ;)
Alex
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2014-07-30 19:48 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-07-30 13:27 [PATCH] KVM: PPC: HV: Remove generic instruction emulation Alexander Graf
2014-07-30 13:27 ` Alexander Graf
2014-07-30 16:21 ` Paolo Bonzini
2014-07-30 16:21 ` Paolo Bonzini
2014-07-30 18:57 ` Alexander Graf
2014-07-30 18:57 ` Alexander Graf
2014-07-30 19:47 ` Paolo Bonzini
2014-07-30 19:47 ` Paolo Bonzini
2014-07-30 19:48 ` Alexander Graf
2014-07-30 19:48 ` Alexander Graf
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.