lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <070710b6-0bf4-5f6e-2352-969e077eba14@amd.com>
Date:   Mon, 11 Nov 2019 18:05:07 -0600
From:   Suravee Suthikulpanit <suravee.suthikulpanit@....com>
To:     "rkagan@...tuozzo.com" <rkagan@...tuozzo.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
        "pbonzini@...hat.com" <pbonzini@...hat.com>,
        "rkrcmar@...hat.com" <rkrcmar@...hat.com>,
        "joro@...tes.org" <joro@...tes.org>,
        "vkuznets@...hat.com" <vkuznets@...hat.com>,
        "graf@...zon.com" <graf@...zon.com>,
        "jschoenh@...zon.de" <jschoenh@...zon.de>,
        "karahmed@...zon.de" <karahmed@...zon.de>,
        "rimasluk@...zon.com" <rimasluk@...zon.com>,
        "Grimm, Jon" <Jon.Grimm@....com>
Subject: Re: [PATCH v4 07/17] svm: Add support for setup/destroy virutal APIC
 backing page for AVIC

Roman,

On 11/4/19 3:53 PM, Roman Kagan wrote:
> On Fri, Nov 01, 2019 at 10:41:30PM +0000, Suthikulpanit, Suravee wrote:
>> Re-factor avic_init_access_page() to avic_update_access_page() since
>> activate/deactivate AVIC requires setting/unsetting the memory region used
>> for virtual APIC backing page (APIC_ACCESS_PAGE_PRIVATE_MEMSLOT).
>
> AFAICT the patch actually touches the (de)allocation of the APIC access
> page rather than the APIC backing page (or I'm confused in the
> nomenclature).

The APIC backing page is allocated during vcpu initialization, while
the APIC_ACCESS_PAGE_PRIVATE_MEMSLOT, is initialized per-vm, and is
used mainly for access permission control of the APIC backing page.

There is a comment in the arch/x86/kvm/svm.c:

  /**
   * Note:
   * AVIC hardware walks the nested page table to check permissions,
   * but does not use the SPA address specified in the leaf page
   * table entry since it uses address in the AVIC_BACKING_PAGE pointer
   * field of the VMCB. Therefore, we set up the
   * APIC_ACCESS_PAGE_PRIVATE_MEMSLOT (4KB) here.
   */

When deactivate APICv, we do not destroy the APIC backing page, but
we need to de-allocate the APIC_ACCESS_PAGE_PRIVATE_MEMSLOT.

Thanks,
Suravee

> Thanks,
> Roman.
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ