All of lore.kernel.org
 help / color / mirror / Atom feed
From: Avi Kivity <avi@redhat.com>
To: Ingo Molnar <mingo@elte.hu>
Cc: "Yang, Wei Y" <wei.y.yang@intel.com>,
	Pekka Enberg <penberg@cs.helsinki.fi>,
	"kvm@vger.kernel.org" <kvm@vger.kernel.org>
Subject: Re: [Patch v5 1/4] Remove SMEP bit from CR4_RESERVED_BITS
Date: Mon, 30 May 2011 11:43:43 +0300	[thread overview]
Message-ID: <4DE358BF.2000902@redhat.com> (raw)
In-Reply-To: <20110530080552.GG27557@elte.hu>

On 05/30/2011 11:05 AM, Ingo Molnar wrote:
> * Avi Kivity<avi@redhat.com>  wrote:
>
> >  On 05/30/2011 10:40 AM, Ingo Molnar wrote:
> >  >* Yang, Wei Y<wei.y.yang@intel.com>   wrote:
> >  >
> >  >>   This patch removes SMEP bit from CR4_RESERVED_BITS.
> >  >
> >  >I'm wondering, what is the best-practice way for tools/kvm/ to set
> >  >SMEP for the guest kernel automatically, even if the guest kernel
> >  >itsef has not requested SMEP?
> >  >
> >  >  The portion i'm worried about are old KVM versions that have the
> >  >  SMEP bit in CR4_RESERVED_BITS and reject it. So we cannot just
> >  >  unilaterally add SMEP to every cr4 write of the guest.
> >
> >  tools/kvm doesn't see cr4 writes at all. [...]
>
> I feared small complications like that! :-)
>
> We can definitely use KVM_GET_SREGS, fiddle the SMEP bit in
> kvm_regs.cr4 and call KVM_SET_SREGS, once the fine patch above goes
> upstream.

It's not a good idea.  First, the guest will see cr4.smep where it 
hasn't set it before, which may confuse it.  Second, the guest may 
rewrite cr4.smep, clearing it, giving a false sense of security.

> >  [...]  The only way to do this is in kvm itself.
> >
> >  >  Is there a way to query whether the host KVM version supports
> >  >  SMEP setting in cr4?
> >  >
> >
> >  KVM_GET_SUPPORTED_CPUID (it returns whether both the host cpu and
> >  kvm support smep; if one of them doesn't, you'll see smep
> >  disabled).
>
> That looks useful.
>
> So the way to go appears to be to do a GET_SREGS/SET_SREGS sequence
> to enable SMEP in the guest, some time after it has booted and has
> enabled paging.
>
> I'm wondering whether there's a suitable place to do that, when we
> are more or less guaranteed to exit the VM for some other reason -
> such as the first MMIO done with paging enabled?
>
> This solution means that we'll slow down pre-paging MMIOs with a
> GET_SREGS call, but that's ok, they are rare and the pre-paging
> bootup phase is very short.
>
> So the only worry would be where the guest sets cr4 itself - and
> since it does not know about SMEP it will probably disable it. Guest
> suspend/resume is one such place ...
>
> Another option would be to try to set the SMEP bit *before* we enable
> paging. In theory this should not confuse a Linux guest - and while i
> have not tested it i *think* we let it survive in the
> saved_cr4_features shadow variable. That would make guest
> suspend/resume work out of box as well.

Is there any reason not to do it in a hidden way in kvm?  Why must we 
play tricks?

-- 
error compiling committee.c: too many arguments to function


  reply	other threads:[~2011-05-30  8:44 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-05-30  3:01 [Patch v5 1/4] Remove SMEP bit from CR4_RESERVED_BITS Yang, Wei Y
2011-05-30  7:40 ` Ingo Molnar
2011-05-30  7:49   ` Avi Kivity
2011-05-30  8:05     ` Ingo Molnar
2011-05-30  8:43       ` Avi Kivity [this message]
2011-05-30  8:52         ` Ingo Molnar
2011-05-30  8:53           ` Avi Kivity
2011-05-30  8:57             ` Ingo Molnar
2011-05-30  9:00               ` Avi Kivity
2011-06-01  7:18   ` Tian, Kevin
2011-06-01  7:46     ` Ingo Molnar
2011-06-01  7:55     ` Avi Kivity

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4DE358BF.2000902@redhat.com \
    --to=avi@redhat.com \
    --cc=kvm@vger.kernel.org \
    --cc=mingo@elte.hu \
    --cc=penberg@cs.helsinki.fi \
    --cc=wei.y.yang@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.