lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 28 Jan 2015 11:25:05 +0000
From:	"Zhang, Yang Z" <yang.z.zhang@...el.com>
To:	Wincy Van <fanwenyi0529@...il.com>
CC:	Paolo Bonzini <pbonzini@...hat.com>,
	"gleb@...nel.org" <gleb@...nel.org>,
	"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Wanpeng Li <wanpeng.li@...ux.intel.com>,
	Jan Kiszka <jan.kiszka@....de>
Subject: RE: [PATCH v3 1/6] KVM: nVMX: Use hardware MSR bitmap

Wincy Van wrote on 2015-01-28:
> On Wed, Jan 28, 2015 at 4:05 PM, Zhang, Yang Z <yang.z.zhang@...el.com>
> wrote:
>>> @@ -8344,7 +8394,68 @@ static int
>>> nested_vmx_check_msr_bitmap_controls(struct kvm_vcpu *vcpu,  static
>>> inline bool nested_vmx_merge_msr_bitmap(struct kvm_vcpu *vcpu,
>>>                                                struct vmcs12
>>> *vmcs12)  { -       return false; +       struct page *page; +      
>>> unsigned long *msr_bitmap; + +       if
>>> (!nested_cpu_has_virt_x2apic_mode(vmcs12)) +               return
>>> false; + +       page = nested_get_page(vcpu, vmcs12->msr_bitmap); +  
>>>     if (!page) { +               WARN_ON(1); +               return
>>> false; +       } +       msr_bitmap = (unsigned long *)kmap(page); +  
>>>     if (!msr_bitmap) { +              
>>> nested_release_page_clean(page); +               WARN_ON(1); +        
>>>       return false; +       } + +       memset(vmx_msr_bitmap_nested,
>>> 0xff, PAGE_SIZE); + +       if
>>> (nested_cpu_has_virt_x2apic_mode(vmcs12)) +               /* TPR is
>>> allowed */ +              
>>> nested_vmx_disable_intercept_for_msr(msr_bitmap, +                    
>>>           vmx_msr_bitmap_nested, +                              
>>> APIC_BASE_MSR + (APIC_TASKPRI >> 4), +                              
>>> MSR_TYPE_R | MSR_TYPE_W);
>> 
>> I didn't understand what this function does? Per my understanding,
>> you only
> need to set the (vmx_msr_bitmap_nested = vmcs01->msr_bitmap |
> vmcs12->msr_bitmap) and inject the nested vmexit to L1 if the bit in
> vmcs12->msr_bitmap is setting. Am I missing some patches?
> 
> In the beginning, I want to do "vmcs01->msr_bitmap |
> vmcs12->msr_bitmap", but I remember that there isn't a instruction to
> do a bit or operation in two pages effectively, so I do the bit or
> operation in nested_vmx_disable_intercept_for_msr. If the hardware do
> not support this, I think it is faster if we deal with the bits on demand.
> nested_vmx_merge_msr_bitmap is used to merge L0's and L1's bitmaps,
> any features can put their logic here.

You construct the nested_msr_bitmap based on vmcs12->msr_bitmap, what happens if vmcs01->msr_bitmap want to trap this msr?

> 
> If there is a faster way, please teach me how to do it : )

You are right. Interception should be much faster.

> 
> Thanks,
> Wincy
> 
> 
>> 
>> Best regards,
>> Yang
>> 
>>


Best regards,
Yang

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ