From: David Hildenbrand <david@redhat.com>
To: Catalin Marinas <catalin.marinas@arm.com>,
Steven Price <steven.price@arm.com>
Cc: Mark Rutland <mark.rutland@arm.com>,
Peter Maydell <peter.maydell@linaro.org>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
Andrew Jones <drjones@redhat.com>, Haibo Xu <Haibo.Xu@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
qemu-devel@nongnu.org, Marc Zyngier <maz@kernel.org>,
Juan Quintela <quintela@redhat.com>,
Richard Henderson <richard.henderson@linaro.org>,
linux-kernel@vger.kernel.org, Dave Martin <Dave.Martin@arm.com>,
James Morse <james.morse@arm.com>,
linux-arm-kernel@lists.infradead.org,
Thomas Gleixner <tglx@linutronix.de>,
Will Deacon <will@kernel.org>,
kvmarm@lists.cs.columbia.edu,
Julien Thierry <julien.thierry.kdev@gmail.com>
Subject: Re: [PATCH v10 2/6] arm64: kvm: Introduce MTE VM feature
Date: Wed, 7 Apr 2021 17:30:05 +0200 [thread overview]
Message-ID: <396423df-5c30-67f6-fcba-c041c08eef7e@redhat.com> (raw)
In-Reply-To: <20210407151458.GC21451@arm.com>
On 07.04.21 17:14, Catalin Marinas wrote:
> On Wed, Apr 07, 2021 at 11:20:18AM +0100, Steven Price wrote:
>> On 31/03/2021 19:43, Catalin Marinas wrote:
>>> When a slot is added by the VMM, if it asked for MTE in guest (I guess
>>> that's an opt-in by the VMM, haven't checked the other patches), can we
>>> reject it if it's is going to be mapped as Normal Cacheable but it is a
>>> ZONE_DEVICE (i.e. !kvm_is_device_pfn() + one of David's suggestions to
>>> check for ZONE_DEVICE)? This way we don't need to do more expensive
>>> checks in set_pte_at().
>>
>> The problem is that KVM allows the VMM to change the memory backing a slot
>> while the guest is running. This is obviously useful for the likes of
>> migration, but ultimately means that even if you were to do checks at the
>> time of slot creation, you would need to repeat the checks at set_pte_at()
>> time to ensure a mischievous VMM didn't swap the page for a problematic one.
>
> Does changing the slot require some KVM API call? Can we intercept it
> and do the checks there?
User space can simply mmap(MAP_FIXED) the user space area registered in
a KVM memory slot. You cannot really intercept that. You can only check
in the KVM MMU code at fault time that the VMA which you hold in your
hands is still in a proper state. The KVM MMU is synchronous, which
means that updates to the VMA layout are reflected in the KVM MMU page
tables -- e.g., via mmu notifier calls.
E.g., in s390x code we cannot handle VMAs with gigantic pages. We check
that when faulting (creating the links in the page table) via __gmap_link().
You could either check the page itself (ZONE_DEVICE) or might even be
able to check via the VMA/file.
--
Thanks,
David / dhildenb
WARNING: multiple messages have this Message-ID (diff)
From: David Hildenbrand <david@redhat.com>
To: Catalin Marinas <catalin.marinas@arm.com>,
Steven Price <steven.price@arm.com>
Cc: Mark Rutland <mark.rutland@arm.com>,
Peter Maydell <peter.maydell@linaro.org>,
Andrew Jones <drjones@redhat.com>, Haibo Xu <Haibo.Xu@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Marc Zyngier <maz@kernel.org>,
Juan Quintela <quintela@redhat.com>,
Richard Henderson <richard.henderson@linaro.org>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
qemu-devel@nongnu.org, James Morse <james.morse@arm.com>,
linux-arm-kernel@lists.infradead.org,
kvmarm@lists.cs.columbia.edu,
Thomas Gleixner <tglx@linutronix.de>,
Julien Thierry <julien.thierry.kdev@gmail.com>,
Will Deacon <will@kernel.org>, Dave Martin <Dave.Martin@arm.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v10 2/6] arm64: kvm: Introduce MTE VM feature
Date: Wed, 7 Apr 2021 17:30:05 +0200 [thread overview]
Message-ID: <396423df-5c30-67f6-fcba-c041c08eef7e@redhat.com> (raw)
In-Reply-To: <20210407151458.GC21451@arm.com>
On 07.04.21 17:14, Catalin Marinas wrote:
> On Wed, Apr 07, 2021 at 11:20:18AM +0100, Steven Price wrote:
>> On 31/03/2021 19:43, Catalin Marinas wrote:
>>> When a slot is added by the VMM, if it asked for MTE in guest (I guess
>>> that's an opt-in by the VMM, haven't checked the other patches), can we
>>> reject it if it's is going to be mapped as Normal Cacheable but it is a
>>> ZONE_DEVICE (i.e. !kvm_is_device_pfn() + one of David's suggestions to
>>> check for ZONE_DEVICE)? This way we don't need to do more expensive
>>> checks in set_pte_at().
>>
>> The problem is that KVM allows the VMM to change the memory backing a slot
>> while the guest is running. This is obviously useful for the likes of
>> migration, but ultimately means that even if you were to do checks at the
>> time of slot creation, you would need to repeat the checks at set_pte_at()
>> time to ensure a mischievous VMM didn't swap the page for a problematic one.
>
> Does changing the slot require some KVM API call? Can we intercept it
> and do the checks there?
User space can simply mmap(MAP_FIXED) the user space area registered in
a KVM memory slot. You cannot really intercept that. You can only check
in the KVM MMU code at fault time that the VMA which you hold in your
hands is still in a proper state. The KVM MMU is synchronous, which
means that updates to the VMA layout are reflected in the KVM MMU page
tables -- e.g., via mmu notifier calls.
E.g., in s390x code we cannot handle VMAs with gigantic pages. We check
that when faulting (creating the links in the page table) via __gmap_link().
You could either check the page itself (ZONE_DEVICE) or might even be
able to check via the VMA/file.
--
Thanks,
David / dhildenb
WARNING: multiple messages have this Message-ID (diff)
From: David Hildenbrand <david@redhat.com>
To: Catalin Marinas <catalin.marinas@arm.com>,
Steven Price <steven.price@arm.com>
Cc: Marc Zyngier <maz@kernel.org>,
Juan Quintela <quintela@redhat.com>,
Richard Henderson <richard.henderson@linaro.org>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
qemu-devel@nongnu.org, linux-arm-kernel@lists.infradead.org,
kvmarm@lists.cs.columbia.edu,
Thomas Gleixner <tglx@linutronix.de>,
Will Deacon <will@kernel.org>, Dave Martin <Dave.Martin@arm.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v10 2/6] arm64: kvm: Introduce MTE VM feature
Date: Wed, 7 Apr 2021 17:30:05 +0200 [thread overview]
Message-ID: <396423df-5c30-67f6-fcba-c041c08eef7e@redhat.com> (raw)
In-Reply-To: <20210407151458.GC21451@arm.com>
On 07.04.21 17:14, Catalin Marinas wrote:
> On Wed, Apr 07, 2021 at 11:20:18AM +0100, Steven Price wrote:
>> On 31/03/2021 19:43, Catalin Marinas wrote:
>>> When a slot is added by the VMM, if it asked for MTE in guest (I guess
>>> that's an opt-in by the VMM, haven't checked the other patches), can we
>>> reject it if it's is going to be mapped as Normal Cacheable but it is a
>>> ZONE_DEVICE (i.e. !kvm_is_device_pfn() + one of David's suggestions to
>>> check for ZONE_DEVICE)? This way we don't need to do more expensive
>>> checks in set_pte_at().
>>
>> The problem is that KVM allows the VMM to change the memory backing a slot
>> while the guest is running. This is obviously useful for the likes of
>> migration, but ultimately means that even if you were to do checks at the
>> time of slot creation, you would need to repeat the checks at set_pte_at()
>> time to ensure a mischievous VMM didn't swap the page for a problematic one.
>
> Does changing the slot require some KVM API call? Can we intercept it
> and do the checks there?
User space can simply mmap(MAP_FIXED) the user space area registered in
a KVM memory slot. You cannot really intercept that. You can only check
in the KVM MMU code at fault time that the VMA which you hold in your
hands is still in a proper state. The KVM MMU is synchronous, which
means that updates to the VMA layout are reflected in the KVM MMU page
tables -- e.g., via mmu notifier calls.
E.g., in s390x code we cannot handle VMAs with gigantic pages. We check
that when faulting (creating the links in the page table) via __gmap_link().
You could either check the page itself (ZONE_DEVICE) or might even be
able to check via the VMA/file.
--
Thanks,
David / dhildenb
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
WARNING: multiple messages have this Message-ID (diff)
From: David Hildenbrand <david@redhat.com>
To: Catalin Marinas <catalin.marinas@arm.com>,
Steven Price <steven.price@arm.com>
Cc: Mark Rutland <mark.rutland@arm.com>,
Peter Maydell <peter.maydell@linaro.org>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
Andrew Jones <drjones@redhat.com>, Haibo Xu <Haibo.Xu@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
qemu-devel@nongnu.org, Marc Zyngier <maz@kernel.org>,
Juan Quintela <quintela@redhat.com>,
Richard Henderson <richard.henderson@linaro.org>,
linux-kernel@vger.kernel.org, Dave Martin <Dave.Martin@arm.com>,
James Morse <james.morse@arm.com>,
linux-arm-kernel@lists.infradead.org,
Thomas Gleixner <tglx@linutronix.de>,
Will Deacon <will@kernel.org>,
kvmarm@lists.cs.columbia.edu,
Julien Thierry <julien.thierry.kdev@gmail.com>
Subject: Re: [PATCH v10 2/6] arm64: kvm: Introduce MTE VM feature
Date: Wed, 7 Apr 2021 17:30:05 +0200 [thread overview]
Message-ID: <396423df-5c30-67f6-fcba-c041c08eef7e@redhat.com> (raw)
In-Reply-To: <20210407151458.GC21451@arm.com>
On 07.04.21 17:14, Catalin Marinas wrote:
> On Wed, Apr 07, 2021 at 11:20:18AM +0100, Steven Price wrote:
>> On 31/03/2021 19:43, Catalin Marinas wrote:
>>> When a slot is added by the VMM, if it asked for MTE in guest (I guess
>>> that's an opt-in by the VMM, haven't checked the other patches), can we
>>> reject it if it's is going to be mapped as Normal Cacheable but it is a
>>> ZONE_DEVICE (i.e. !kvm_is_device_pfn() + one of David's suggestions to
>>> check for ZONE_DEVICE)? This way we don't need to do more expensive
>>> checks in set_pte_at().
>>
>> The problem is that KVM allows the VMM to change the memory backing a slot
>> while the guest is running. This is obviously useful for the likes of
>> migration, but ultimately means that even if you were to do checks at the
>> time of slot creation, you would need to repeat the checks at set_pte_at()
>> time to ensure a mischievous VMM didn't swap the page for a problematic one.
>
> Does changing the slot require some KVM API call? Can we intercept it
> and do the checks there?
User space can simply mmap(MAP_FIXED) the user space area registered in
a KVM memory slot. You cannot really intercept that. You can only check
in the KVM MMU code at fault time that the VMA which you hold in your
hands is still in a proper state. The KVM MMU is synchronous, which
means that updates to the VMA layout are reflected in the KVM MMU page
tables -- e.g., via mmu notifier calls.
E.g., in s390x code we cannot handle VMAs with gigantic pages. We check
that when faulting (creating the links in the page table) via __gmap_link().
You could either check the page itself (ZONE_DEVICE) or might even be
able to check via the VMA/file.
--
Thanks,
David / dhildenb
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-04-07 15:30 UTC|newest]
Thread overview: 112+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-12 15:18 [PATCH v10 0/6] MTE support for KVM guest Steven Price
2021-03-12 15:18 ` Steven Price
2021-03-12 15:18 ` Steven Price
2021-03-12 15:18 ` Steven Price
2021-03-12 15:18 ` [PATCH v10 1/6] arm64: mte: Sync tags for pages where PTE is untagged Steven Price
2021-03-12 15:18 ` Steven Price
2021-03-12 15:18 ` Steven Price
2021-03-12 15:18 ` Steven Price
2021-03-26 18:56 ` Catalin Marinas
2021-03-26 18:56 ` Catalin Marinas
2021-03-26 18:56 ` Catalin Marinas
2021-03-26 18:56 ` Catalin Marinas
2021-03-29 15:55 ` Steven Price
2021-03-29 15:55 ` Steven Price
2021-03-29 15:55 ` Steven Price
2021-03-29 15:55 ` Steven Price
2021-03-30 10:13 ` Catalin Marinas
2021-03-30 10:13 ` Catalin Marinas
2021-03-30 10:13 ` Catalin Marinas
2021-03-30 10:13 ` Catalin Marinas
2021-03-31 10:09 ` Steven Price
2021-03-31 10:09 ` Steven Price
2021-03-31 10:09 ` Steven Price
2021-03-31 10:09 ` Steven Price
2021-03-12 15:18 ` [PATCH v10 2/6] arm64: kvm: Introduce MTE VM feature Steven Price
2021-03-12 15:18 ` Steven Price
2021-03-12 15:18 ` Steven Price
2021-03-12 15:18 ` Steven Price
2021-03-27 15:23 ` Catalin Marinas
2021-03-27 15:23 ` Catalin Marinas
2021-03-27 15:23 ` Catalin Marinas
2021-03-27 15:23 ` Catalin Marinas
2021-03-28 12:21 ` Catalin Marinas
2021-03-28 12:21 ` Catalin Marinas
2021-03-28 12:21 ` Catalin Marinas
2021-03-28 12:21 ` Catalin Marinas
2021-03-29 16:06 ` Steven Price
2021-03-29 16:06 ` Steven Price
2021-03-29 16:06 ` Steven Price
2021-03-29 16:06 ` Steven Price
2021-03-30 10:30 ` Catalin Marinas
2021-03-30 10:30 ` Catalin Marinas
2021-03-30 10:30 ` Catalin Marinas
2021-03-30 10:30 ` Catalin Marinas
2021-03-31 7:34 ` David Hildenbrand
2021-03-31 7:34 ` David Hildenbrand
2021-03-31 7:34 ` David Hildenbrand
2021-03-31 7:34 ` David Hildenbrand
2021-03-31 9:21 ` Catalin Marinas
2021-03-31 9:21 ` Catalin Marinas
2021-03-31 9:21 ` Catalin Marinas
2021-03-31 9:21 ` Catalin Marinas
2021-03-31 9:32 ` David Hildenbrand
2021-03-31 9:32 ` David Hildenbrand
2021-03-31 9:32 ` David Hildenbrand
2021-03-31 9:32 ` David Hildenbrand
2021-03-31 10:41 ` Steven Price
2021-03-31 10:41 ` Steven Price
2021-03-31 10:41 ` Steven Price
2021-03-31 10:41 ` Steven Price
2021-03-31 14:14 ` David Hildenbrand
2021-03-31 14:14 ` David Hildenbrand
2021-03-31 14:14 ` David Hildenbrand
2021-03-31 14:14 ` David Hildenbrand
2021-03-31 18:43 ` Catalin Marinas
2021-03-31 18:43 ` Catalin Marinas
2021-03-31 18:43 ` Catalin Marinas
2021-03-31 18:43 ` Catalin Marinas
2021-04-07 10:20 ` Steven Price
2021-04-07 10:20 ` Steven Price
2021-04-07 10:20 ` Steven Price
2021-04-07 10:20 ` Steven Price
2021-04-07 15:14 ` Catalin Marinas
2021-04-07 15:14 ` Catalin Marinas
2021-04-07 15:14 ` Catalin Marinas
2021-04-07 15:14 ` Catalin Marinas
2021-04-07 15:30 ` David Hildenbrand [this message]
2021-04-07 15:30 ` David Hildenbrand
2021-04-07 15:30 ` David Hildenbrand
2021-04-07 15:30 ` David Hildenbrand
2021-04-07 15:52 ` Steven Price
2021-04-07 15:52 ` Steven Price
2021-04-07 15:52 ` Steven Price
2021-04-07 15:52 ` Steven Price
2021-04-08 14:18 ` Catalin Marinas
2021-04-08 14:18 ` Catalin Marinas
2021-04-08 14:18 ` Catalin Marinas
2021-04-08 14:18 ` Catalin Marinas
2021-04-08 18:16 ` David Hildenbrand
2021-04-08 18:16 ` David Hildenbrand
2021-04-08 18:16 ` David Hildenbrand
2021-04-08 18:16 ` David Hildenbrand
2021-04-08 18:21 ` Catalin Marinas
2021-04-08 18:21 ` Catalin Marinas
2021-04-08 18:21 ` Catalin Marinas
2021-04-08 18:21 ` Catalin Marinas
2021-03-12 15:18 ` [PATCH v10 3/6] arm64: kvm: Save/restore MTE registers Steven Price
2021-03-12 15:18 ` Steven Price
2021-03-12 15:18 ` Steven Price
2021-03-12 15:18 ` Steven Price
2021-03-12 15:19 ` [PATCH v10 4/6] arm64: kvm: Expose KVM_ARM_CAP_MTE Steven Price
2021-03-12 15:19 ` Steven Price
2021-03-12 15:19 ` Steven Price
2021-03-12 15:19 ` Steven Price
2021-03-12 15:19 ` [PATCH v10 5/6] KVM: arm64: ioctl to fetch/store tags in a guest Steven Price
2021-03-12 15:19 ` Steven Price
2021-03-12 15:19 ` Steven Price
2021-03-12 15:19 ` Steven Price
2021-03-12 15:19 ` [PATCH v10 6/6] KVM: arm64: Document MTE capability and ioctl Steven Price
2021-03-12 15:19 ` Steven Price
2021-03-12 15:19 ` Steven Price
2021-03-12 15:19 ` Steven Price
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=396423df-5c30-67f6-fcba-c041c08eef7e@redhat.com \
--to=david@redhat.com \
--cc=Dave.Martin@arm.com \
--cc=Haibo.Xu@arm.com \
--cc=catalin.marinas@arm.com \
--cc=dgilbert@redhat.com \
--cc=drjones@redhat.com \
--cc=james.morse@arm.com \
--cc=julien.thierry.kdev@gmail.com \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=maz@kernel.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
--cc=richard.henderson@linaro.org \
--cc=steven.price@arm.com \
--cc=suzuki.poulose@arm.com \
--cc=tglx@linutronix.de \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.