lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 15 Oct 2018 14:04:43 +0200
From:   Paolo Bonzini <pbonzini@...hat.com>
To:     lantianyu1986@...il.com
Cc:     Lan Tianyu <Tianyu.Lan@...rosoft.com>, benh@...nel.crashing.org,
        catalin.marinas@....com, christoffer.dall@....com,
        devel@...uxdriverproject.org, haiyangz@...rosoft.com,
        hpa@...or.com, jhogan@...nel.org, kvmarm@...ts.cs.columbia.edu,
        kvm-ppc@...r.kernel.org, kvm@...r.kernel.org, kys@...rosoft.com,
        linux-arm-kernel@...ts.infradead.org, linux@...linux.org,
        linux-kernel@...r.kernel.org, linux-mips@...ux-mips.org,
        linuxppc-dev@...ts.ozlabs.org, marc.zyngier@....com,
        mingo@...hat.com, mpe@...erman.id.au, paul.burton@...s.com,
        paulus@...abs.org, ralf@...ux-mips.org, rkrcmar@...hat.com,
        sthemmin@...rosoft.com, tglx@...utronix.de, will.deacon@....com,
        x86@...nel.org, michael.h.kelley@...rosoft.com, vkuznets@...hat.com
Subject: Re: [PATCH V4 00/15] x86/KVM/Hyper-v: Add HV ept tlb range flush
 hypercall support in KVM

On 13/10/2018 16:53, lantianyu1986@...il.com wrote:
> From: Lan Tianyu <Tianyu.Lan@...rosoft.com>
> 
> For nested memory virtualization, Hyper-v doesn't set write-protect
> L1 hypervisor EPT page directory and page table node to track changes 
> while it relies on guest to tell it changes via HvFlushGuestAddressLlist
> hypercall. HvFlushGuestAddressLlist hypercall provides a way to flush
> EPT page table with ranges which are specified by L1 hypervisor.
> 
> If L1 hypervisor uses INVEPT or HvFlushGuestAddressSpace hypercall to
> flush EPT tlb, Hyper-V will invalidate associated EPT shadow page table
> and sync L1's EPT table when next EPT page fault is triggered.
> HvFlushGuestAddressLlist hypercall helps to avoid such redundant EPT
> page fault and synchronization of shadow page table.

So I just told you that the first part is well understood but I must
retract that; after carefully reviewing the whole series, I think one of
us is actually very confused.

I am not afraid to say it can be me, but my understanding is that you're
passing L1 GPAs to the hypercall and instead the spec says it expects L2
GPAs.  (Consider that, because KVM's shadow paging code is shared
between nested EPT and !EPT cases, every time you see gpa/gfn in the
code it is for L1, while nested EPT GPAs are really what the code calls
gva.)

What's going on?

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ