lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 22 Oct 2021 17:49:08 +0300
From:   Maxim Levitsky <mlevitsk@...hat.com>
To:     Emanuele Giuseppe Esposito <eesposit@...hat.com>,
        kvm@...r.kernel.org
Cc:     Paolo Bonzini <pbonzini@...hat.com>,
        Sean Christopherson <seanjc@...gle.com>,
        Vitaly Kuznetsov <vkuznets@...hat.com>,
        Wanpeng Li <wanpengli@...cent.com>,
        Jim Mattson <jmattson@...gle.com>,
        Joerg Roedel <joro@...tes.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 6/8] nSVM: introduce struct vmcb_ctrl_area_cached

On Mon, 2021-10-11 at 10:37 -0400, Emanuele Giuseppe Esposito wrote:
> This structure will replace vmcb_control_area in
> svm_nested_state, providing only the fields that are actually
> used by the nested state. This avoids having and copying around
> uninitialized fields. The cost of this, however, is that all
> functions (in this case vmcb_is_intercept) expect the old
> structure, so they need to be duplicated.
> 
> Introduce also nested_copy_vmcb_cache_to_control(), useful to copy
> vmcb_ctrl_area_cached fields in vmcb_control_area. This will
> be used in the next patch.
> 
> Signed-off-by: Emanuele Giuseppe Esposito <eesposit@...hat.com>
> ---
>  arch/x86/kvm/svm/nested.c | 32 ++++++++++++++++++++++++++++++++
>  arch/x86/kvm/svm/svm.h    | 31 +++++++++++++++++++++++++++++++
>  2 files changed, 63 insertions(+)
> 
> diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
> index e08f2c31beae..c84cded1dcf6 100644
> --- a/arch/x86/kvm/svm/nested.c
> +++ b/arch/x86/kvm/svm/nested.c
> @@ -1213,6 +1213,38 @@ int nested_svm_exit_special(struct vcpu_svm *svm)
>  	return NESTED_EXIT_CONTINUE;
>  }
>  
> +/* Inverse operation of nested_copy_vmcb_control_to_cache(). asid is copied too. */
> +static void nested_copy_vmcb_cache_to_control(struct vmcb_control_area *dst,
> +					      struct vmcb_ctrl_area_cached *from)
> +{
> +	unsigned int i;
> +
> +	for (i = 0; i < MAX_INTERCEPT; i++)
> +		dst->intercepts[i] = from->intercepts[i];
> +
> +	dst->iopm_base_pa         = from->iopm_base_pa;
> +	dst->msrpm_base_pa        = from->msrpm_base_pa;
> +	dst->tsc_offset           = from->tsc_offset;
> +	dst->asid                 = from->asid;
> +	dst->tlb_ctl              = from->tlb_ctl;
> +	dst->int_ctl              = from->int_ctl;
> +	dst->int_vector           = from->int_vector;
> +	dst->int_state            = from->int_state;
> +	dst->exit_code            = from->exit_code;
> +	dst->exit_code_hi         = from->exit_code_hi;
> +	dst->exit_info_1          = from->exit_info_1;
> +	dst->exit_info_2          = from->exit_info_2;
> +	dst->exit_int_info        = from->exit_int_info;
> +	dst->exit_int_info_err    = from->exit_int_info_err;
> +	dst->nested_ctl           = from->nested_ctl;
> +	dst->event_inj            = from->event_inj;
> +	dst->event_inj_err        = from->event_inj_err;
> +	dst->nested_cr3           = from->nested_cr3;
> +	dst->virt_ext              = from->virt_ext;
> +	dst->pause_filter_count   = from->pause_filter_count;
> +	dst->pause_filter_thresh  = from->pause_filter_thresh;
> +}

Nitpick: Just in case I would 'memset to zero' the dst, to avoid potentionally having undefined values
in fields which we don't copy.


> +
>  static int svm_get_nested_state(struct kvm_vcpu *vcpu,
>  				struct kvm_nested_state __user *user_kvm_nested_state,
>  				u32 user_data_size)
> diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
> index 3c950aeca646..78006245e334 100644
> --- a/arch/x86/kvm/svm/svm.h
> +++ b/arch/x86/kvm/svm/svm.h
> @@ -116,6 +116,31 @@ struct vmcb_save_area_cached {
>  	u64 dr6;
>  };
>  
> +struct vmcb_ctrl_area_cached {
> +	u32 intercepts[MAX_INTERCEPT];
> +	u16 pause_filter_thresh;
> +	u16 pause_filter_count;
> +	u64 iopm_base_pa;
> +	u64 msrpm_base_pa;
> +	u64 tsc_offset;
> +	u32 asid;
> +	u8 tlb_ctl;
> +	u32 int_ctl;
> +	u32 int_vector;
> +	u32 int_state;
> +	u32 exit_code;
> +	u32 exit_code_hi;
> +	u64 exit_info_1;
> +	u64 exit_info_2;
> +	u32 exit_int_info;
> +	u32 exit_int_info_err;
> +	u64 nested_ctl;
> +	u32 event_inj;
> +	u32 event_inj_err;
> +	u64 nested_cr3;
> +	u64 virt_ext;
> +};

This looks great.

> +
>  struct svm_nested_state {
>  	struct kvm_vmcb_info vmcb02;
>  	u64 hsave_msr;
> @@ -308,6 +333,12 @@ static inline bool vmcb_is_intercept(struct vmcb_control_area *control, u32 bit)
>  	return test_bit(bit, (unsigned long *)&control->intercepts);
>  }
>  
> +static inline bool vmcb12_is_intercept(struct vmcb_ctrl_area_cached *control, u32 bit)
> +{
> +	WARN_ON_ONCE(bit >= 32 * MAX_INTERCEPT);
> +	return test_bit(bit, (unsigned long *)&control->intercepts);
> +}
> +
>  static inline void set_dr_intercepts(struct vcpu_svm *svm)
>  {
>  	struct vmcb *vmcb = svm->vmcb01.ptr;

So other than the nitpick:

Reviewed-by: Maxim Levitsky <mlevitsk@...hat.com>

Best regards,
	Maxim Levitsky

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ