| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b0228048-d2c2-6081-cfae-147e17acf785@redhat.com>
Date: Tue, 17 Aug 2021 17:00:55 +0200
From: David Hildenbrand <david@...hat.com>
To: Joerg Roedel <jroedel@...e.de>, Dave Hansen <dave.hansen@...el.com>
Cc: Andi Kleen <ak@...ux.intel.com>,
"Kirill A. Shutemov" <kirill@...temov.name>,
Borislav Petkov <bp@...en8.de>,
Andy Lutomirski <luto@...nel.org>,
Sean Christopherson <seanjc@...gle.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@...ux.intel.com>,
David Rientjes <rientjes@...gle.com>,
Vlastimil Babka <vbabka@...e.cz>,
Tom Lendacky <thomas.lendacky@....com>,
Thomas Gleixner <tglx@...utronix.de>,
Peter Zijlstra <peterz@...radead.org>,
Paolo Bonzini <pbonzini@...hat.com>,
Ingo Molnar <mingo@...hat.com>,
Varad Gautam <varad.gautam@...e.com>,
Dario Faggioli <dfaggioli@...e.com>, x86@...nel.org,
linux-mm@...ck.org, linux-coco@...ts.linux.dev,
linux-kernel@...r.kernel.org,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
Subject: Re: [PATCH 1/5] mm: Add support for unaccepted memory
On 13.08.21 16:49, Joerg Roedel wrote:
> Hi Dave,
>
> On Thu, Aug 12, 2021 at 07:14:20AM -0700, Dave Hansen wrote:
>> maybe_accept_page()
>> {
>> unsigned long huge_pfn = page_to_phys(page) / PMD_SIZE;
>>
>> /* Test the bit before taking any locks: */
>> if (test_bit(huge_pfn, &accepted_bitmap))
>> return;
>>
>> spin_lock_irq();
>> /* Retest inside the lock: */
>> if (test_bit(huge_pfn, &accepted_bitmap))
>> return;
>> tdx_accept_page(page, PMD_SIZE);
>> set_bit(huge_pfn, &accepted_bitmap));
>> spin_unlock_irq();
>> }
>
> Yeah, this could work, but the global lock is likely the show-stopper
> here. For SNP we also not allowed to double-validate, so we need
> something that basically indicates 'validation-is-ongoing' on a per 2MB
> basis.
>
> I am not an mm expert, but a page flag probably doesn't work. The flag
> would be on the head of the 2MB range and when that page is already used
> somewhere else there is no guarantee that the flag will survive. But
> correct me if I am wrong here :)
>
> The other options I can come up with are not great either:
>
> 1) using an AVL bit in the direct-mapping PMD of that page. The
> page-table would only be walked if the bit in the
> accept_bitmap is clear. But I am not sure that all memory
> which needs to be validated is in the direct-map.
>
> 2) Use another page-sized bitmap. If the machine has more than
> 64GB of memory the bit index is wrapped around. This
> shouldn't be a performance problem at runtime, if this page
> is only consulted when the valid bit is clear in the
> accept_bitmap.
>
> MM experts could certainly come up with better ideas :)
Not sure if already discussed, but what about making sure that free
pages are not a mixture (partially unaccepted, partially accepted).
You'd have to expose the pages in that granularity to the buddy
(__free_pages_core), indicating the state. You'd have to reject merging
pages of differing acceptance state.
Accepting a page would then be handled outside of the zone lock,
completely controlled by the state.
So a page in the buddy would either be completely accepted or completely
unaccepted, signaled e.g., by PageOffline().
Consequently, when allocating a 4KiB page, you'd split an unaccepted
2MiB page into separate unaccepted pages. You'd grab one of the
unaccepted 4KiB pages and accept it before initializing it and handing
it out.
--
Thanks,
David / dhildenb
Powered by blists - more mailing lists