| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 01 Apr 2021 20:10:24 +0300
From: Maxim Levitsky <mlevitsk@...hat.com>
To: Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org
Cc: "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" <x86@...nel.org>,
Jim Mattson <jmattson@...gle.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Sean Christopherson <seanjc@...gle.com>,
Joerg Roedel <joro@...tes.org>,
"H. Peter Anvin" <hpa@...or.com>,
"open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)"
<linux-kernel@...r.kernel.org>,
Thomas Gleixner <tglx@...utronix.de>,
Jonathan Corbet <corbet@....net>,
Borislav Petkov <bp@...en8.de>, Ingo Molnar <mingo@...hat.com>,
"open list:DOCUMENTATION" <linux-doc@...r.kernel.org>
Subject: Re: [PATCH 4/6] KVM: x86: Introduce KVM_GET_SREGS2 / KVM_SET_SREGS2
On Thu, 2021-04-01 at 16:44 +0200, Paolo Bonzini wrote:
> Just a quick review on the API:
>
> On 01/04/21 16:18, Maxim Levitsky wrote:
> > +struct kvm_sregs2 {
> > + /* out (KVM_GET_SREGS2) / in (KVM_SET_SREGS2) */
> > + struct kvm_segment cs, ds, es, fs, gs, ss;
> > + struct kvm_segment tr, ldt;
> > + struct kvm_dtable gdt, idt;
> > + __u64 cr0, cr2, cr3, cr4, cr8;
> > + __u64 efer;
> > + __u64 apic_base;
> > + __u64 flags; /* must be zero*/
>
> I think it would make sense to define a flag bit for the PDPTRs, so that
> userspace can use KVM_SET_SREGS2 unconditionally (e.g. even when
> migrating from a source that uses KVM_GET_SREGS and therefore doesn't
> provide the PDPTRs).
Yes, I didn't think about this case! I'll add this to the next version.
Thanks!
>
> > + __u64 pdptrs[4];
> > + __u64 padding;
>
> No need to add padding; if we add more fields in the future we can use
> the flags to determine the length of the userspace data, similar to
> KVM_GET/SET_NESTED_STATE.
Got it, will fix. I added it just in case.
>
>
> > + idx = srcu_read_lock(&vcpu->kvm->srcu);
> > + if (is_pae_paging(vcpu)) {
> > + for (i = 0 ; i < 4 ; i++)
> > + kvm_pdptr_write(vcpu, i, sregs2->pdptrs[i]);
> > + kvm_register_mark_dirty(vcpu, VCPU_EXREG_PDPTR);
> > + mmu_reset_needed = 1;
> > + }
> > + srcu_read_unlock(&vcpu->kvm->srcu, idx);
> > +
>
> SRCU should not be needed here?
I haven't yet studied in depth the locking that is used in the kvm,
so I put this to be on the safe side.
I looked at it a bit and it looks like the pdptr reading code takes
this lock because it accesses the memslots, which is not done here,
and therefore the lock is indeed not needed here.
I need to study in depth how locking is done in kvm to be 100% sure
about this.
>
> > + case KVM_GET_SREGS2: {
> > + u.sregs2 = kzalloc(sizeof(struct kvm_sregs2), GFP_KERNEL_ACCOUNT);
> > + r = -ENOMEM;
> > + if (!u.sregs2)
> > + goto out;
>
> No need to account, I think it's a little slower and this allocation is
> very short lived.
Right, I will fix this in the next version.
>
> > #define KVM_CAP_PPC_DAWR1 194
> > +#define KVM_CAP_SREGS2 196
>
> 195, not 196.
I am also planning to add KVM_CAP_SET_GUEST_DEBUG2 for which I
used 195.
Prior to sending I rebased all of my patch series on top of kvm/queue,
but I kept the numbers just in case.
>
> > #define KVM_XEN_VCPU_GET_ATTR _IOWR(KVMIO, 0xca, struct kvm_xen_vcpu_attr)
> > #define KVM_XEN_VCPU_SET_ATTR _IOW(KVMIO, 0xcb, struct kvm_xen_vcpu_attr)
> > +
> > +#define KVM_GET_SREGS2 _IOR(KVMIO, 0xca, struct kvm_sregs2)
> > +#define KVM_SET_SREGS2 _IOW(KVMIO, 0xcb, struct kvm_sregs2)
> > +
>
> It's not exactly overlapping, but please bump the ioctls to 0xcc/0xcd.
Will do.
Thanks a lot for the review!
Best regards,
Maxim Levitsky
>
> Paolo
>
Powered by blists - more mailing lists