| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 7 Feb 2022 23:08:48 +0000
From: David Matlack <dmatlack@...gle.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
seanjc@...gle.com, vkuznets@...hat.com
Subject: Re: [PATCH 00/23] KVM: MMU: MMU role refactoring
On Fri, Feb 04, 2022 at 06:56:55AM -0500, Paolo Bonzini wrote:
> The TDP MMU has a performance regression compared to the legacy
> MMU when CR0 changes often. This was reported for the grsecurity
> kernel, which uses CR0.WP to implement kernel W^X. In that case,
> each change to CR0.WP unloads the MMU and causes a lot of unnecessary
> work. When running nested, this can even cause the L1 to hardly
> make progress, as the L0 hypervisor it is overwhelmed by the amount
> of MMU work that is needed.
>
> The root cause of the issue is that the "MMU role" in KVM is a mess
> that mixes the CPU setup (CR0/CR4/EFER, SMM, guest mode, etc.)
> and the shadow page table format. Whenever something is different
> between the MMU and the CPU, it is stored as an extra field in struct
> kvm_mmu---and for extra bonus complication, sometimes the same thing
> is stored in both the role and an extra field.
>
> So, this is the "no functional change intended" part of the changes
> required to fix the performance regression. It separates neatly
> the shadow page table format ("MMU role") from the guest page table
> format ("CPU role"), and removes the duplicate fields.
What do you think about calling this the guest_role instead of cpu_role?
There is a bit of a precedent for using "guest" instead of "cpu" already
for this type of concept (e.g. guest_walker), and I find it more
intuitive.
> The next
> step then is to avoid unloading the MMU as long as the MMU role
> stays the same.
>
> Please review!
>
> Paolo
>
> Paolo Bonzini (23):
> KVM: MMU: pass uses_nx directly to reset_shadow_zero_bits_mask
> KVM: MMU: nested EPT cannot be used in SMM
> KVM: MMU: remove valid from extended role
> KVM: MMU: constify uses of struct kvm_mmu_role_regs
> KVM: MMU: pull computation of kvm_mmu_role_regs to kvm_init_mmu
> KVM: MMU: load new PGD once nested two-dimensional paging is
> initialized
> KVM: MMU: remove kvm_mmu_calc_root_page_role
> KVM: MMU: rephrase unclear comment
> KVM: MMU: remove "bool base_only" arguments
> KVM: MMU: split cpu_role from mmu_role
> KVM: MMU: do not recompute root level from kvm_mmu_role_regs
> KVM: MMU: remove ept_ad field
> KVM: MMU: remove kvm_calc_shadow_root_page_role_common
> KVM: MMU: cleanup computation of MMU roles for two-dimensional paging
> KVM: MMU: cleanup computation of MMU roles for shadow paging
> KVM: MMU: remove extended bits from mmu_role
> KVM: MMU: remove redundant bits from extended role
> KVM: MMU: fetch shadow EFER.NX from MMU role
> KVM: MMU: simplify and/or inline computation of shadow MMU roles
> KVM: MMU: pull CPU role computation to kvm_init_mmu
> KVM: MMU: store shadow_root_level into mmu_role
> KVM: MMU: use cpu_role for root_level
> KVM: MMU: replace direct_map with mmu_role.direct
>
> arch/x86/include/asm/kvm_host.h | 13 +-
> arch/x86/kvm/mmu.h | 2 +-
> arch/x86/kvm/mmu/mmu.c | 408 ++++++++++++--------------------
> arch/x86/kvm/mmu/mmu_audit.c | 6 +-
> arch/x86/kvm/mmu/paging_tmpl.h | 12 +-
> arch/86/kvm/mmu/tdp_mmu.c | 4 +-
> arch/x86/kvm/svm/svm.c | 2 +-
> arch/x86/kvm/vmx/vmx.c | 2 +-
> arch/x86/kvm/x86.c | 12 +-
> 10 files changed, 178 insertions(+), 284 deletions(-)
>
> --
> 2.31.1
>
Powered by blists - more mailing lists