linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v5 0/9] Enable Sub-page Write Protection Support
@ 2019-09-17  8:52 Yang Weijiang
  2019-09-17  8:52 ` [PATCH v5 1/9] Documentation: Introduce EPT based Subpage Protection Yang Weijiang
                   ` (11 more replies)
  0 siblings, 12 replies; 23+ messages in thread
From: Yang Weijiang @ 2019-09-17  8:52 UTC (permalink / raw)
  To: kvm, linux-kernel, pbonzini, sean.j.christopherson
  Cc: mst, rkrcmar, jmattson, yu.c.zhang, alazar, Yang Weijiang

EPT-Based Sub-Page write Protection(SPP)is a HW capability which allows
Virtual Machine Monitor(VMM) to specify write-permission for guest
physical memory at a sub-page(128 byte) granularity. When this
capability is enabled, the CPU enforces write-access check for sub-pages
within a 4KB page.

The feature is targeted to provide fine-grained memory protection for
usages such as device virtualization, memory check-point and VM
introspection etc.

SPP is active when the "sub-page write protection" (bit 23) is 1 in
Secondary VM-Execution Controls. The feature is backed with a Sub-Page
Permission Table(SPPT), SPPT is referenced via a 64-bit control field
called Sub-Page Permission Table Pointer (SPPTP) which contains a
4K-aligned physical address.

To enable SPP for certain physical page, the gfn should be first mapped
to a 4KB entry, then set bit 61 of the corresponding EPT leaf entry. 
While HW walks EPT, if bit 61 is set, it traverses SPPT with the guset
physical address to find out the sub-page permissions at the leaf entry.
If the corresponding bit is set, write to sub-page is permitted,
otherwise, SPP induced EPT violation is generated.

This patch serial passed SPP function test and selftest on Ice-Lake platform.

Please refer to the SPP introduction document in this patch set and
Intel SDM for details:

Intel SDM:
https://software.intel.com/sites/default/files/managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdf

SPP selftest patch:
https://lkml.org/lkml/2019/6/18/1197

Previous patch:
https://lkml.org/lkml/2019/8/14/97

Patch 1: Introduction to SPP.
Patch 2: Add SPP related flags and control bits.
Patch 3: Functions for SPPT setup.
Patch 4: Add SPP access bitmaps for memslots.
Patch 5: Introduce SPP {init,set,get} functions
Patch 6: Implement User space access IOCTLs.
Patch 7: Set up SPP paging table at vm-entry/exit.
Patch 8: Enable lazy mode SPPT setup.
Patch 9: Handle SPP protected pages when VM memory changes


Change logs:

V5 -> V4:
  1. Enable SPP support for Hugepage(1GB/2MB) to extend application.
  2. Make SPP miss vm-exit handler as the unified place to set up SPPT.
  3. If SPP protected pages are access-tracked or dirty-page-tracked,
     store SPP flag in reserved address bit, restore it in
     fast_page_fault() handler.
  4. Move SPP specific functions to vmx/spp.c and vmx/spp.h
  5. Rebased code to kernel v5.3
  6. Other change suggested by KVM community.
  
V3 -> V4:
  1. Modified documentation to make it consistent with patches.
  2. Allocated SPPT root page in init_spp() instead of vmx_set_cr3() to
     avoid SPPT miss error.
  3. Added back co-developers and sign-offs.

V2 -> V3:                                                                
  1. Rebased patches to kernel 5.1 release                                
  2. Deferred SPPT setup to EPT fault handler if the page is not
     available while set_subpage() is being called.
  3. Added init IOCTL to reduce extra cost if SPP is not used.
  4. Refactored patch structure, cleaned up cross referenced functions.
  5. Added code to deal with memory swapping/migration/shrinker cases.

V2 -> V1:
  1. Rebased to 4.20-rc1
  2. Move VMCS change to a separated patch.
  3. Code refine and Bug fix 


Yang Weijiang (9):
  Documentation: Introduce EPT based Subpage Protection
  vmx: spp: Add control flags for Sub-Page Protection(SPP)
  mmu: spp: Add SPP Table setup functions
  mmu: spp: Add functions to create/destroy SPP bitmap block
  mmu: spp: Introduce SPP {init,set,get} functions
  x86: spp: Introduce user-space SPP IOCTLs
  vmx: spp: Set up SPP paging table at vm-entry/exit
  mmu: spp: Enable Lazy mode SPP protection
  mmu: spp: Handle SPP protected pages when VM memory changes

 Documentation/virtual/kvm/spp_kvm.txt | 178 +++++++
 arch/x86/include/asm/cpufeatures.h    |   1 +
 arch/x86/include/asm/kvm_host.h       |  10 +-
 arch/x86/include/asm/vmx.h            |  10 +
 arch/x86/include/uapi/asm/vmx.h       |   2 +
 arch/x86/kernel/cpu/intel.c           |   4 +
 arch/x86/kvm/mmu.c                    |  78 ++-
 arch/x86/kvm/mmu.h                    |   2 +
 arch/x86/kvm/vmx/capabilities.h       |   5 +
 arch/x86/kvm/vmx/spp.c                | 651 ++++++++++++++++++++++++++
 arch/x86/kvm/vmx/spp.h                |  27 ++
 arch/x86/kvm/vmx/vmx.c                |  99 ++++
 arch/x86/kvm/x86.c                    |  51 ++
 include/uapi/linux/kvm.h              |  17 +
 14 files changed, 1133 insertions(+), 2 deletions(-)
 create mode 100644 Documentation/virtual/kvm/spp_kvm.txt
 create mode 100644 arch/x86/kvm/vmx/spp.c
 create mode 100644 arch/x86/kvm/vmx/spp.h

-- 
2.17.2


^ permalink raw reply	[flat|nested] 23+ messages in thread

end of thread, other threads:[~2019-10-22  6:16 UTC | newest]

Thread overview: 23+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-17  8:52 [PATCH v5 0/9] Enable Sub-page Write Protection Support Yang Weijiang
2019-09-17  8:52 ` [PATCH v5 1/9] Documentation: Introduce EPT based Subpage Protection Yang Weijiang
2019-10-11 20:31   ` Jim Mattson
2019-10-15  8:53     ` Yang Weijiang
2019-09-17  8:52 ` [PATCH v5 2/9] vmx: spp: Add control flags for Sub-Page Protection(SPP) Yang Weijiang
2019-10-04 20:48   ` Jim Mattson
2019-10-04 21:02     ` Sean Christopherson
2019-10-15  1:53       ` Yang Weijiang
2019-09-17  8:52 ` [PATCH v5 3/9] mmu: spp: Add SPP Table setup functions Yang Weijiang
2019-09-17  8:52 ` [PATCH v5 4/9] mmu: spp: Add functions to create/destroy SPP bitmap block Yang Weijiang
2019-09-17  8:53 ` [PATCH v5 5/9] mmu: spp: Introduce SPP {init,set,get} functions Yang Weijiang
2019-09-17  8:53 ` [PATCH v5 6/9] x86: spp: Introduce user-space SPP IOCTLs Yang Weijiang
2019-09-17  8:53 ` [PATCH v5 7/9] vmx: spp: Set up SPP paging table at vm-entry/exit Yang Weijiang
2019-09-17 10:56   ` kbuild test robot
2019-09-17  8:53 ` [PATCH v5 8/9] mmu: spp: Enable Lazy mode SPP protection Yang Weijiang
2019-09-17  8:53 ` [PATCH v5 9/9] mmu: spp: Handle SPP protected pages when VM memory changes Yang Weijiang
2019-09-17 12:59 ` [PATCH v5 0/9] Enable Sub-page Write Protection Support Konrad Rzeszutek Wilk
2019-09-17 16:24   ` Adalbert Lazăr
2019-10-09  2:17 ` Yang Weijiang
2019-10-10 21:42 ` Jim Mattson
2019-10-11  7:50   ` Yang Weijiang
2019-10-11 16:11     ` Jim Mattson
2019-10-22  6:19       ` Yang Weijiang

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).