lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YRFKABg2MOJxcq+y@google.com>
Date:   Mon, 9 Aug 2021 15:30:08 +0000
From:   Sean Christopherson <seanjc@...gle.com>
To:     Yu Zhang <yu.c.zhang@...ux.intel.com>
Cc:     Wei Huang <wei.huang2@....com>, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org, pbonzini@...hat.com,
        vkuznets@...hat.com, wanpengli@...cent.com, jmattson@...gle.com,
        joro@...tes.org, tglx@...utronix.de, mingo@...hat.com,
        bp@...en8.de, x86@...nel.org, hpa@...or.com
Subject: Re: [PATCH v2 1/3] KVM: x86: Allow CPU to force vendor-specific TDP
 level

On Mon, Aug 09, 2021, Yu Zhang wrote:
> On Sun, Aug 08, 2021 at 11:33:44PM -0500, Wei Huang wrote:
> > 
> > On 8/8/21 11:27 PM, Yu Zhang wrote:
> > > On Sun, Aug 08, 2021 at 11:11:40PM -0500, Wei Huang wrote:
> > > > 
> > > > 
> > > > On 8/8/21 10:58 PM, Yu Zhang wrote:
> > > > > On Sun, Aug 08, 2021 at 02:26:56PM -0500, Wei Huang wrote:
> > > > > > AMD future CPUs will require a 5-level NPT if host CR4.LA57 is set.
> > > > > 
> > > > > Sorry, but why? NPT is not indexed by HVA.
> > > > 
> > > > NPT is not indexed by HVA - it is always indexed by GPA. What I meant is NPT
> > > > page table level has to be the same as the host OS page table: if 5-level
> > > > page table is enabled in host OS (CR4.LA57=1), guest NPT has to 5-level too.
> > > 
> > > I know what you meant. But may I ask why?
> > 
> > I don't have a good answer for it. From what I know, VMCB doesn't have a
> > field to indicate guest page table level. As a result, hardware relies on
> > host CR4 to infer NPT level.
> 
> I guess you mean not even in the N_CR3 field of VMCB? 

Correct, nCR3 is a basically a pure representation of a regular CR3.

> Then it's not a broken design - it's a limitation of SVM. :)

That's just a polite way of saying it's a broken design ;-)

Joking aside, NPT opted for a semblance of backwards compatibility at the cost of
having to carry all the baggage that comes with a legacy design.  Keeping the core
functionality from IA32 paging presumably miminizes design and hardware costs, and
required minimal enabling in hypervisors.  The downside is that it's less flexible
than EPT and has a few warts, e.g. shadowing NPT is gross because the host can't
easily mirror L1's desired paging mode.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ