From: Yang Weijiang <weijiang.yang@intel.com>
To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, pbonzini@redhat.com
Cc: mst@redhat.com, rkrcmar@redhat.com, jmattson@google.com,
yu.c.zhang@intel.com, alazar@bitdefender.com,
Yang Weijiang <weijiang.yang@intel.com>
Subject: [PATCH v4 1/9] Documentation: Introduce EPT based Subpage Protection
Date: Wed, 17 Jul 2019 21:37:43 +0800 [thread overview]
Message-ID: <20190717133751.12910-2-weijiang.yang@intel.com> (raw)
In-Reply-To: <20190717133751.12910-1-weijiang.yang@intel.com>
Co-developed-by: yi.z.zhang@linux.intel.com
Signed-off-by: yi.z.zhang@linux.intel.com
Co-developed-by: Yang Weijiang <weijiang.yang@intel.com>
Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
---
Documentation/virtual/kvm/spp_kvm.txt | 173 ++++++++++++++++++++++++++
1 file changed, 173 insertions(+)
create mode 100644 Documentation/virtual/kvm/spp_kvm.txt
diff --git a/Documentation/virtual/kvm/spp_kvm.txt b/Documentation/virtual/kvm/spp_kvm.txt
new file mode 100644
index 000000000000..072fa86f14d3
--- /dev/null
+++ b/Documentation/virtual/kvm/spp_kvm.txt
@@ -0,0 +1,173 @@
+EPT-Based Sub-Page Protection (SPP) for KVM
+====================================================
+
+1.Overview
+ EPT-based Sub-Page Protection(SPP) allows VMM to specify
+ fine-grained(128byte per sub-page) write-protection for guest physical
+ memory. When it's enabled, the CPU enforces write-access permission
+ for the sub-pages within a 4KB page, if corresponding bit is set in
+ permission vector, write to sub-page region is allowed, otherwise,
+ it's prevented with a EPT violation.
+
+2.SPP Operation
+ Sub-Page Protection Table (SPPT) is introduced to manage sub-page
+ write-access permission.
+
+ It is active when:
+ a) large paging is disabled on host side.
+ b) "sub-page write protection" VM-execution control is 1.
+ c) SPP is initialized with KVM_INIT_SPP ioctl successfully.
+ d) Sub-page permissions are set with KVM_SUBPAGES_SET_ACCESS ioctl
+ successfully. see below sections for details.
+
+ __________________________________________________________________________
+
+ How SPP hardware works:
+ __________________________________________________________________________
+
+ Guest write access --> GPA --> Walk EPT --> EPT leaf entry -----|
+ |---------------------------------------------------------------|
+ |-> if VMexec_control.spp && ept_leaf_entry.spp_bit (bit 61)
+ |
+ |-> <false> --> EPT legacy behavior
+ |
+ |
+ |-> <true> --> if ept_leaf_entry.writable
+ |
+ |-> <true> --> Ignore SPP
+ |
+ |-> <false> --> GPA --> Walk SPP 4-level table--|
+ |
+ |------------<----------get-the-SPPT-point-from-VMCS-filed-----<------|
+ |
+ Walk SPP L4E table
+ |
+ |---> if-entry-misconfiguration ------------>-------|-------<---------|
+ | | |
+ else | |
+ | | |
+ | |------------------SPP VMexit<-----------------| |
+ | | |
+ | |-> exit_qualification & sppt_misconfig --> sppt misconfig |
+ | | |
+ | |-> exit_qualification & sppt_miss --> sppt miss |
+ |---| |
+ | |
+ walk SPPT L3E--|--> if-entry-misconfiguration------------>------------|
+ | |
+ else |
+ | |
+ | |
+ walk SPPT L2E --|--> if-entry-misconfiguration-------->-------|
+ | |
+ else |
+ | |
+ | |
+ walk SPPT L1E --|-> if-entry-misconfiguration--->----|
+ |
+ else
+ |
+ |-> if sub-page writable
+ |-> <true> allow, write access
+ |-> <false> disallow, EPT violation
+ ______________________________________________________________________________
+
+3.IOCTL Interfaces
+
+ KVM_INIT_SPP:
+ Allocate storage for sub-page permission vectors and SPPT root page.
+
+ KVM_SUBPAGES_GET_ACCESS:
+ Get sub-page write permission vectors for given continuous guest pages.
+
+ KVM_SUBPAGES_SET_ACCESS
+ Set sub-pages write permission vectors for given continuous guest pages.
+
+ /* for KVM_SUBPAGES_GET_ACCESS and KVM_SUBPAGES_SET_ACCESS */
+ struct kvm_subpage_info {
+ __u64 gfn; /* the first page gfn of the continuous pages */
+ __u64 npages; /* number of 4K pages */
+ __u64 *access_map; /* sub-page write-access bitmap array */
+ };
+
+ #define KVM_SUBPAGES_GET_ACCESS _IOR(KVMIO, 0x49, __u64)
+ #define KVM_SUBPAGES_SET_ACCESS _IOW(KVMIO, 0x4a, __u64)
+ #define KVM_INIT_SPP _IOW(KVMIO, 0x4b, __u64)
+
+4.Set Sub-Page Permission
+
+ * To enable SPP protection, system admin sets sub-page permission via
+ KVM_SUBPAGES_SET_ACCESS ioctl:
+
+ (1) If the target 4KB pages are there, it locates EPT leaf entries
+ via the guest physical addresses, sets the bit 61 of the corresponding
+ entries to enable sub-page protection, then set up SPPT paging structure.
+ (2) otherwise, stores the [gfn,permission] mappings in KVM data structure. When
+ EPT page-fault is generated due to access to target page, it settles
+ EPT entry configuration together with SPPT setup, this is called lazy mode
+ setup.
+
+ The SPPT paging structure format is as below:
+
+ Format of the SPPT L4E, L3E, L2E:
+ | Bit | Contents |
+ | :----- | :------------------------------------------------------------------------|
+ | 0 | Valid entry when set; indicates whether the entry is present |
+ | 11:1 | Reserved (0) |
+ | N-1:12 | Physical address of 4KB aligned SPPT LX-1 Table referenced by this entry |
+ | 51:N | Reserved (0) |
+ | 63:52 | Reserved (0) |
+ Note: N is the physical address width supported by the processor. X is the page level
+
+ Format of the SPPT L1E:
+ | Bit | Contents |
+ | :---- | :---------------------------------------------------------------- |
+ | 0+2i | Write permission for i-th 128 byte sub-page region. |
+ | 1+2i | Reserved (0). |
+ Note: 0<=i<=31
+
+5.SPPT-induced VM exit
+
+ * SPPT miss and misconfiguration induced VM exit
+
+ A SPPT missing VM exit occurs when walk the SPPT, there is no SPPT
+ misconfiguration but a paging-structure entry is not
+ present in any of L4E/L3E/L2E entries.
+
+ A SPPT misconfiguration VM exit occurs when reserved bits or unsupported values
+ are set in SPPT entry.
+
+ *NOTE* SPPT miss and SPPT misconfigurations can occur only due to an
+ attempt to write memory with a guest physical address.
+
+ * SPP permission induced VM exit
+ SPP sub-page permission induced violation is reported as EPT violation
+ thesefore causes VM exit.
+
+6.SPPT-induced VM exit handling
+
+ #define EXIT_REASON_SPP 66
+
+ static int (*const kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = {
+ ...
+ [EXIT_REASON_SPP] = handle_spp,
+ ...
+ };
+
+ New exit qualification for SPPT-induced vmexits.
+
+ | Bit | Contents |
+ | :---- | :---------------------------------------------------------------- |
+ | 10:0 | Reserved (0). |
+ | 11 | SPPT VM exit type. Set for SPPT Miss, cleared for SPPT Misconfig. |
+ | 12 | NMI unblocking due to IRET |
+ | 63:13 | Reserved (0) |
+
+ In addition to the exit qualification, guest linear address and guest
+ physical address fields will be reported.
+
+ * SPPT miss and misconfiguration induced VM exit
+ Allocate a physical page for the SPPT and set the entry correctly.
+
+ * SPP permission induced VM exit
+ This kind of VM exit is left to VMI tool to handle.
--
2.17.2
next prev parent reply other threads:[~2019-07-17 13:36 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-17 13:37 [PATCH v4 0/9] Enable Sub-page Write Protection Support Yang Weijiang
2019-07-17 13:37 ` Yang Weijiang [this message]
2019-07-17 13:37 ` [PATCH v4 2/9] KVM: VMX: Add control flags for SPP enabling Yang Weijiang
2019-07-17 13:37 ` [PATCH v4 3/9] KVM: VMX: Implement functions for SPPT paging setup Yang Weijiang
2019-07-17 13:37 ` [PATCH v4 4/9] KVM: VMX: Introduce SPP access bitmap and operation functions Yang Weijiang
2019-07-17 13:37 ` [PATCH v4 5/9] KVM: VMX: Add init/set/get functions for SPP Yang Weijiang
2019-07-17 13:37 ` [PATCH v4 6/9] KVM: VMX: Introduce SPP user-space IOCTLs Yang Weijiang
2019-07-17 13:37 ` [PATCH v4 7/9] KVM: VMX: Handle SPP induced vmexit and page fault Yang Weijiang
2019-07-17 13:37 ` [PATCH v4 8/9] KVM: MMU: Enable Lazy mode SPPT setup Yang Weijiang
2019-07-17 13:37 ` [PATCH v4 9/9] KVM: MMU: Handle host memory remapping and reclaim Yang Weijiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190717133751.12910-2-weijiang.yang@intel.com \
--to=weijiang.yang@intel.com \
--cc=alazar@bitdefender.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=yu.c.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.