[Patch v5 0/4] Enable SMEP feature support for kvm

[Patch v5 0/4] Enable SMEP feature support for kvm

[Yang, Wei Y]

This patchset enables a new CPU feature SMEP (Supervisor Mode Execution
Protection) in KVM. SMEP prevents kernel from executing code in application.
Updated Intel SDM describes this CPU feature. The document will be 
published soon.

This patchset is based on Fenghua's SMEP patch series, as referred by:
https://lkml.org/lkml/2011/5/17/523

changes since v4:
	Update patch 1/4 comment
	Change PT_USER_MASK to ACC_USER_MASK

changes since v3:
	Add SMEP bit in CR4_RESERVED_BITS while removing cr4_reserved_bits;
	Mask CPUID leaf 7 ebx against host capability word9 in do_cpuid_ent;
 
Changes since v2: 
	add instruction fetch checking when walking guest page table.

---
 arch/x86/include/asm/kvm_host.h |    2 +-
 arch/x86/kvm/paging_tmpl.h      |    9 ++++++++-
 arch/x86/kvm/x86.c              |   22 +++++++++++++++++++---
 3 files changed, 28 insertions(+), 5 deletions(-)

Re: [Patch v5 0/4] Enable SMEP feature support for kvm

[Avi Kivity]

On 05/30/2011 06:01 AM, Yang, Wei Y wrote:
> This patchset enables a new CPU feature SMEP (Supervisor Mode Execution
> Protection) in KVM. SMEP prevents kernel from executing code in application.
> Updated Intel SDM describes this CPU feature. The document will be
> published soon.
>
> This patchset is based on Fenghua's SMEP patch series, as referred by:
> https://lkml.org/lkml/2011/5/17/523

Looks good.  I'll post the cr0.wp=0 fixup soon.

Please update x86/access.c in 
http://git.kernel.org/?p=virt/kvm/kvm-unit-tests.git;a=summary to cover 
smep; it should be similar to nx.

Note: in the future, please use git-send-email to post all patches as 
one thread.  This way, when people post their replies, the thread sticks 
together as a unit in the reader rather than breaking up.

-- 
error compiling committee.c: too many arguments to function

RE: [Patch v5 0/4] Enable SMEP feature support for kvm

[Tian, Kevin]

> From: Avi Kivity
> Sent: Monday, May 30, 2011 4:52 PM
> 
> On 05/30/2011 06:01 AM, Yang, Wei Y wrote:
> > This patchset enables a new CPU feature SMEP (Supervisor Mode Execution
> > Protection) in KVM. SMEP prevents kernel from executing code in application.
> > Updated Intel SDM describes this CPU feature. The document will be
> > published soon.
> >
> > This patchset is based on Fenghua's SMEP patch series, as referred by:
> > https://lkml.org/lkml/2011/5/17/523
> 
> Looks good.  I'll post the cr0.wp=0 fixup soon.
> 

what's your planned fix? through NX bit? :-)

btw, why is current scheme used to emulate cr0.wp=0 case instead of simply
emulating it?

Thanks
Kevin

Re: [Patch v5 0/4] Enable SMEP feature support for kvm

[Avi Kivity]

On 05/30/2011 12:08 PM, Tian, Kevin wrote:
> >  From: Avi Kivity
> >  Sent: Monday, May 30, 2011 4:52 PM
> >
> >  On 05/30/2011 06:01 AM, Yang, Wei Y wrote:
> >  >  This patchset enables a new CPU feature SMEP (Supervisor Mode Execution
> >  >  Protection) in KVM. SMEP prevents kernel from executing code in application.
> >  >  Updated Intel SDM describes this CPU feature. The document will be
> >  >  published soon.
> >  >
> >  >  This patchset is based on Fenghua's SMEP patch series, as referred by:
> >  >  https://lkml.org/lkml/2011/5/17/523
> >
> >  Looks good.  I'll post the cr0.wp=0 fixup soon.
> >
>
> what's your planned fix? through NX bit? :-)

Yes.

> btw, why is current scheme used to emulate cr0.wp=0 case instead of simply
> emulating it?

How would you simply emulate it?

We have to force cr0.wp=1, otherwise we cannot write-protect guest page 
tables.  Once we do that, we have to set U=1 to allow user reads or U=0 
to allow kernel writes.

-- 
error compiling committee.c: too many arguments to function

RE: [Patch v5 0/4] Enable SMEP feature support for kvm

[Tian, Kevin]

> From: Avi Kivity [mailto:avi@redhat.com]
> Sent: Monday, May 30, 2011 5:14 PM
> 
> On 05/30/2011 12:08 PM, Tian, Kevin wrote:
> > >  From: Avi Kivity
> > >  Sent: Monday, May 30, 2011 4:52 PM
> > >
> > >  On 05/30/2011 06:01 AM, Yang, Wei Y wrote:
> > >  >  This patchset enables a new CPU feature SMEP (Supervisor Mode
> Execution
> > >  >  Protection) in KVM. SMEP prevents kernel from executing code in
> application.
> > >  >  Updated Intel SDM describes this CPU feature. The document will be
> > >  >  published soon.
> > >  >
> > >  >  This patchset is based on Fenghua's SMEP patch series, as referred
> by:
> > >  >  https://lkml.org/lkml/2011/5/17/523
> > >
> > >  Looks good.  I'll post the cr0.wp=0 fixup soon.
> > >
> >
> > what's your planned fix? through NX bit? :-)
> 
> Yes.
> 
> > btw, why is current scheme used to emulate cr0.wp=0 case instead of simply
> > emulating it?
> 
> How would you simply emulate it?
> 
> We have to force cr0.wp=1, otherwise we cannot write-protect guest page
> tables.  Once we do that, we have to set U=1 to allow user reads or U=0
> to allow kernel writes.
> 

I mean using instruction emulation instead of changing permission to re-execute
faulting instruction. Or is current KVM instruction emulator not complete enough
to handle various memory access instructions (just designed for page table access
and real mode instructions?)?

Thanks
Kevin

Re: [Patch v5 0/4] Enable SMEP feature support for kvm

[Avi Kivity]

On 05/30/2011 12:18 PM, Tian, Kevin wrote:
> >  From: Avi Kivity [mailto:avi@redhat.com]
> >  Sent: Monday, May 30, 2011 5:14 PM
> >
> >  On 05/30/2011 12:08 PM, Tian, Kevin wrote:
> >  >  >   From: Avi Kivity
> >  >  >   Sent: Monday, May 30, 2011 4:52 PM
> >  >  >
> >  >  >   On 05/30/2011 06:01 AM, Yang, Wei Y wrote:
> >  >  >   >   This patchset enables a new CPU feature SMEP (Supervisor Mode
> >  Execution
> >  >  >   >   Protection) in KVM. SMEP prevents kernel from executing code in
> >  application.
> >  >  >   >   Updated Intel SDM describes this CPU feature. The document will be
> >  >  >   >   published soon.
> >  >  >   >
> >  >  >   >   This patchset is based on Fenghua's SMEP patch series, as referred
> >  by:
> >  >  >   >   https://lkml.org/lkml/2011/5/17/523
> >  >  >
> >  >  >   Looks good.  I'll post the cr0.wp=0 fixup soon.
> >  >  >
> >  >
> >  >  what's your planned fix? through NX bit? :-)
> >
> >  Yes.
> >
> >  >  btw, why is current scheme used to emulate cr0.wp=0 case instead of simply
> >  >  emulating it?
> >
> >  How would you simply emulate it?
> >
> >  We have to force cr0.wp=1, otherwise we cannot write-protect guest page
> >  tables.  Once we do that, we have to set U=1 to allow user reads or U=0
> >  to allow kernel writes.
> >
>
> I mean using instruction emulation instead of changing permission to re-execute
> faulting instruction. Or is current KVM instruction emulator not complete enough
> to handle various memory access instructions (just designed for page table access
> and real mode instructions?)?

I think by now it's complete enough (it wasn't when the shadow mmu was 
written).  But emulation will be slow if the guest writes a lot of data 
to the page.

-- 
error compiling committee.c: too many arguments to function

RE: [Patch v5 0/4] Enable SMEP feature support for kvm

[Tian, Kevin]

> From: Avi Kivity [mailto:avi@redhat.com]
> Sent: Monday, May 30, 2011 6:00 PM
> 
> On 05/30/2011 12:18 PM, Tian, Kevin wrote:
> > >  From: Avi Kivity [mailto:avi@redhat.com]
> > >  Sent: Monday, May 30, 2011 5:14 PM
> > >
> > >  On 05/30/2011 12:08 PM, Tian, Kevin wrote:
> > >  >  >   From: Avi Kivity
> > >  >  >   Sent: Monday, May 30, 2011 4:52 PM
> > >  >  >
> > >  >  >   On 05/30/2011 06:01 AM, Yang, Wei Y wrote:
> > >  >  >   >   This patchset enables a new CPU feature SMEP (Supervisor
> Mode
> > >  Execution
> > >  >  >   >   Protection) in KVM. SMEP prevents kernel from executing
> code in
> > >  application.
> > >  >  >   >   Updated Intel SDM describes this CPU feature. The
> document will be
> > >  >  >   >   published soon.
> > >  >  >   >
> > >  >  >   >   This patchset is based on Fenghua's SMEP patch series, as
> referred
> > >  by:
> > >  >  >   >   https://lkml.org/lkml/2011/5/17/523
> > >  >  >
> > >  >  >   Looks good.  I'll post the cr0.wp=0 fixup soon.
> > >  >  >
> > >  >
> > >  >  what's your planned fix? through NX bit? :-)
> > >
> > >  Yes.
> > >
> > >  >  btw, why is current scheme used to emulate cr0.wp=0 case instead of
> simply
> > >  >  emulating it?
> > >
> > >  How would you simply emulate it?
> > >
> > >  We have to force cr0.wp=1, otherwise we cannot write-protect guest
> page
> > >  tables.  Once we do that, we have to set U=1 to allow user reads or U=0
> > >  to allow kernel writes.
> > >
> >
> > I mean using instruction emulation instead of changing permission to
> re-execute
> > faulting instruction. Or is current KVM instruction emulator not complete
> enough
> > to handle various memory access instructions (just designed for page table
> access
> > and real mode instructions?)?
> 
> I think by now it's complete enough (it wasn't when the shadow mmu was
> written).  But emulation will be slow if the guest writes a lot of data
> to the page.

OK, got it.

Thanks
Kevin