| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Jul 2020 18:37:47 -0500
From: Babu Moger <babu.moger@....com>
To: pbonzini@...hat.com, vkuznets@...hat.com, wanpengli@...cent.com,
sean.j.christopherson@...el.com, jmattson@...gle.com
Cc: kvm@...r.kernel.org, joro@...tes.org, x86@...nel.org,
linux-kernel@...r.kernel.org, mingo@...hat.com, bp@...en8.de,
hpa@...or.com, tglx@...utronix.de
Subject: [PATCH v3 00/11] SVM cleanup and INVPCID support for the AMD guests
The following series adds the support for PCID/INVPCID on AMD guests.
While doing it re-structured the vmcb_control_area data structure to
combine all the intercept vectors into one 32 bit array. Makes it easy
for future additions.
INVPCID interceptions are added only when the guest is running with
shadow page table enabled. In this case the hypervisor needs to handle
the tlbflush based on the type of invpcid instruction.
For the guests with nested page table (NPT) support, the INVPCID feature
works as running it natively. KVM does not need to do any special handling.
AMD documentation for INVPCID feature is available at "AMD64 Architecture
Programmer’s Manual Volume 2: System Programming, Pub. 24593 Rev. 3.34(or later)"
The documentation can be obtained at the links below:
Link: https://www.amd.com/system/files/TechDocs/24593.pdf
Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537
---
v3:
1. Addressing the comments from Jim Mattson. Follow the v2 link below
for the context.
2. Introduced the generic __set_intercept, __clr_intercept and is_intercept
using native __set_bit, clear_bit and test_bit.
3. Combined all the intercepts vectors into single 32 bit array.
4. Removed set_intercept_cr, clr_intercept_cr, set_exception_intercepts,
clr_exception_intercept etc. Used the generic set_intercept and
clr_intercept where applicable.
5. Tested both L1 guest and l2 nested guests.
v2:
https://lore.kernel.org/lkml/159234483706.6230.13753828995249423191.stgit@bmoger-ubuntu/
- Taken care of few comments from Jim Mattson.
- KVM interceptions added only when tdp is off. No interceptions
when tdp is on.
- Reverted the fault priority to original order in VMX.
v1:
https://lore.kernel.org/lkml/159191202523.31436.11959784252237488867.stgit@bmoger-ubuntu/
Babu Moger (11):
KVM: SVM: Introduce __set_intercept, __clr_intercept and __is_intercept
KVM: SVM: Change intercept_cr to generic intercepts
KVM: SVM: Change intercept_dr to generic intercepts
KVM: SVM: Modify intercept_exceptions to generic intercepts
KVM: SVM: Modify 64 bit intercept field to two 32 bit vectors
KVM: SVM: Add new intercept vector in vmcb_control_area
KVM: nSVM: Cleanup nested_state data structure
KVM: SVM: Remove set_cr_intercept, clr_cr_intercept and is_cr_intercept
KVM: SVM: Remove set_exception_intercept and clr_exception_intercept
KVM: X86: Move handling of INVPCID types to x86
KVM:SVM: Enable INVPCID feature on AMD
arch/x86/include/asm/svm.h | 117 ++++++++++++++++++++++---------
arch/x86/include/uapi/asm/svm.h | 2 +
arch/x86/kvm/svm/nested.c | 66 ++++++++----------
arch/x86/kvm/svm/svm.c | 146 ++++++++++++++++++++++++++++-----------
arch/x86/kvm/svm/svm.h | 87 ++++++++---------------
arch/x86/kvm/trace.h | 21 ++++--
arch/x86/kvm/vmx/vmx.c | 62 -----------------
arch/x86/kvm/x86.c | 69 ++++++++++++++++++
arch/x86/kvm/x86.h | 3 +
9 files changed, 335 insertions(+), 238 deletions(-)
--
Powered by blists - more mailing lists