| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d8c1a2b8-8770-c0af-4c90-280f5e267ce9@redhat.com>
Date: Thu, 24 Aug 2017 15:47:33 +0200
From: Paolo Bonzini <pbonzini@...hat.com>
To: Yu Zhang <yu.c.zhang@...ux.intel.com>, kvm@...r.kernel.org
Cc: linux-kernel@...r.kernel.org, rkrcmar@...hat.com,
tglx@...utronix.de, mingo@...hat.com, hpa@...or.com,
xiaoguangrong@...cent.com, joro@...tes.org
Subject: Re: [PATCH v3 0/5] KVM: MMU: 5 level EPT/shadow support
On 24/08/2017 14:27, Yu Zhang wrote:
> Intel's existing processors limit the maximum linear address width to
> 48 bits, and the maximum physical address width to 46 bits. And the
> upcoming processors will extend maximum linear address width to 57 bits
> and maximum physical address width can go upto 52 bits in practical.
>
> With linear address width greater than 48, a new paging mode in IA-32e
> is introduced - 5 level paging(also known as LA57). And to support VMs
> with this feature, KVM MMU code need to be extended.
>
> And to achieve this, this patchset:
> 1> leverages 2 qemu parameters: +la57 and phys-bits to expose wider linear
> address width and physical address width to the VM;
> 2> extends shadow logic to construct 5 level shadow page for VMs running
> in LA57 mode;
> 3> extends ept logic to construct 5 level ept table for VMs whose maximum
> physical width exceeds 48 bits.
>
> Changes in v3:
> - Address comments from Paolo Bonzini: do not fall into check_cpuid_limit()
> in kvm_cpuid() for em_movbe() and check_fxsr();
> - Address comments from Paolo Bonzini: change parameter 'check_limit' of
> kvm_cpuid() to bool type;
> - Address comments from Paolo Bonzini: set maxphyaddr to 36, for guest cr3
> reserved bits check if cpuid.0x80000008 is not available;
> - Address comments from Paolo Bonzini: replace the hardcoded value 48 as
> va_bits in __linearize();
> - Rebase change: add new eptp definition VMX_EPTP_PWL_5, instead of use bit
> shifts(in line with previous commit bb97a01).
>
> Changes in v2:
> - Address comments from Paolo Bonzini and Jim Mattson: add a new patch to let
> kvm_cpuid() return false when cpuid entry is not found;
> - Address comments from Paolo Bonzini: fix a typo in check_cr_write() and use
> 62 as the upper limit when checking reserved bits for a physical address;
> - Address comments from Paolo Bonzini: move definition of PT64_ROOT_MAX_LEVEL
> into kvm_host.h;
> - Address comments from Paolo Bonzini: add checking for shadow_root_level in
> mmu_free_roots();
> - Address comments from Paolo Bonzini: set root_level & shadow_root_level both
> to PT64_ROOT_4LEVEL for shadow ept situation.
>
>
> Yu Zhang (5):
> KVM: x86: Add return value to kvm_cpuid().
> KVM: MMU: check guest CR3 reserved bits based on its physical address
> width.
> KVM: MMU: Rename PT64_ROOT_LEVEL to PT64_ROOT_4LEVEL.
> KVM: MMU: Add 5 level EPT & Shadow page table support.
> KVM: MMU: Expose the LA57 feature to VM.
>
> arch/x86/include/asm/kvm_emulate.h | 4 +--
> arch/x86/include/asm/kvm_host.h | 31 ++++++--------------
> arch/x86/include/asm/vmx.h | 2 ++
> arch/x86/kvm/cpuid.c | 38 +++++++++++++++++-------
> arch/x86/kvm/cpuid.h | 3 +-
> arch/x86/kvm/emulate.c | 42 +++++++++++++++++----------
> arch/x86/kvm/kvm_cache_regs.h | 2 +-
> arch/x86/kvm/mmu.c | 59 ++++++++++++++++++++++++--------------
> arch/x86/kvm/mmu.h | 6 +++-
> arch/x86/kvm/mmu_audit.c | 4 +--
> arch/x86/kvm/svm.c | 8 +++---
> arch/x86/kvm/trace.h | 11 ++++---
> arch/x86/kvm/vmx.c | 29 ++++++++++++-------
> arch/x86/kvm/x86.c | 21 ++++++++------
> arch/x86/kvm/x86.h | 44 ++++++++++++++++++++++++++++
> 15 files changed, 201 insertions(+), 103 deletions(-)
>
Applied to kvm/queue. The only change I made is to make
kvm_mmu_reset_context unconditional in patch 4, because changing
MAXPHYADDR invalidates the MMU's bitmasks for reserved bits.
Thanks,
Paolo
Powered by blists - more mailing lists