lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9b885e65c3ec0ab8b4de0d38f2f20686a7afe0d0.camel@intel.com>
Date:   Fri, 4 Oct 2019 19:06:49 +0000
From:   "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>
To:     "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "peterz@...radead.org" <peterz@...radead.org>,
        "keescook@...omium.org" <keescook@...omium.org>,
        "Christopherson, Sean J" <sean.j.christopherson@...el.com>,
        "linux-mm@...ck.org" <linux-mm@...ck.org>,
        "x86@...nel.org" <x86@...nel.org>,
        "luto@...nel.org" <luto@...nel.org>,
        "pbonzini@...hat.com" <pbonzini@...hat.com>,
        "Hansen, Dave" <dave.hansen@...el.com>
CC:     "kristen@...ux.intel.com" <kristen@...ux.intel.com>,
        "Dock, Deneen T" <deneen.t.dock@...el.com>,
        "yu.c.zhang@...ux.intel.com" <yu.c.zhang@...ux.intel.com>
Subject: Re: [RFC PATCH 03/13] kvm: Add XO memslot type

On Fri, 2019-10-04 at 09:27 +0200, Paolo Bonzini wrote:
> On 03/10/19 23:23, Rick Edgecombe wrote:
> > Add XO memslot type to create execute-only guest physical memory based on
> > the RO memslot. Like the RO memslot, disallow changing the memslot type
> > to/from XO.
> > 
> > In the EPT case ACC_USER_MASK represents the readable bit, so add the
> > ability for set_spte() to unset this.
> > 
> > This is based in part on a patch by Yu Zhang.
> > 
> > Signed-off-by: Yu Zhang <yu.c.zhang@...ux.intel.com>
> > Signed-off-by: Rick Edgecombe <rick.p.edgecombe@...el.com>
> 
> Instead of this, why not check the exit qualification gpa and, if it has
> the XO bit set, mask away both the XO bit and the R bit?  It can be done
> unconditionally for all memslots.  This should require no change to
> userspace.
> 
> Paolo
> 
The reasoning was that it seems like KVM leaves it to userspace to control the
physical address space layout since userspace decides the supported physical
address bits and lays out memory in the physical address space. So duplication
with XO memslots was an attempt was to keep the logic around that together.

I'll take another look at doing it this way though. I think userspace may still
need to adjust the MAXPHYADDR and be aware it can't layout memory in the XO
range.

Thanks,

Rick

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ