lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <d577eb84-a9bc-78c6-32e5-df59cb6d9dd5@gmail.com>
Date:   Thu, 8 Nov 2018 14:12:51 +0800
From:   Tianyu Lan <ltykernel@...il.com>
To:     Vitaly Kuznetsov <vkuznets@...hat.com>
Cc:     Lan Tianyu <Tianyu.Lan@...rosoft.com>, pbonzini@...hat.com,
        rkrcmar@...hat.com, tglx@...utronix.de, mingo@...hat.com,
        bp@...en8.de, hpa@...or.com, x86@...nel.org, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org, michael.h.kelley@...rosoft.com,
        kys@...rosoft.com
Subject: Re: [PATCH] KVM/VMX: Check ept_pointer before flushing ept tlb



On 11/7/2018 6:49 PM, Vitaly Kuznetsov wrote:
> Tianyu Lan <ltykernel@...il.com> writes:
> 
>> Hi Vitaly:
>> 	Thanks for your review.
>>
>> On 11/6/2018 11:50 PM, Vitaly Kuznetsov wrote:
>>> ltykernel@...il.com writes:
>>>
>>>> From: Lan Tianyu <Tianyu.Lan@...rosoft.com>
>>>>
>>>> This patch is to initialize ept_pointer to INVALID_PAGE and check it
>>>> before flushing ept tlb. If ept_pointer is invalidated, bypass the flush
>>>> request.
>>>>
>>>
>>> To be honest I fail to understand the reason behind the patch: instead
>>> of doing one unneeded flush request with ept_pointer==0 (after vCPU is
>>> initialized) we now do the check every time. Could you please elaborate
>>> on why this is needed?
>>
>> The reason to introduce the check here is to avoid flushing ept tlb
>> without valid ept table. When nested guest boots up and only BP is
>> active, we should not do flush for APs and L1 hypervisor hasn't set
>> valid EPT table for APs.
> 
> Yes, I understand that but I'm trying to avoid additional checks on
> hotpath as during normal operation EPT pointer is always set.
>
> Could we just initialize ept_pointers_match to something like
> EPT_POINTERS_NOTSET and achive the same result?

vmx->ept_pointers_match presents match status of all vcpus' ept table. 
EPT_POINTER_NOSET should be per cpu status and so I select ept_pointer 
as check condition.

BTW, I think we may remove the check for match case which is normal 
status and all ept pointers should be set at that point. Mismatch status 
should be corner case when VM runs and this will not affect a lot.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ