| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Feb 2022 17:40:08 +0000
From: Sean Christopherson <seanjc@...gle.com>
To: Maxim Levitsky <mlevitsk@...hat.com>
Cc: Paolo Bonzini <pbonzini@...hat.com>, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org
Subject: Re: [PATCH v2 15/18] KVM: x86/mmu: rename kvm_mmu_new_pgd, introduce
variant that calls get_guest_pgd
On Thu, Feb 24, 2022, Maxim Levitsky wrote:
> On Fri, 2022-02-18 at 21:00 +0000, Sean Christopherson wrote:
> > On Fri, Feb 18, 2022, Paolo Bonzini wrote:
> > > On 2/17/22 22:03, Paolo Bonzini wrote:
> > > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> > > > index adcee7c305ca..9800c8883a48 100644
> > > > --- a/arch/x86/kvm/x86.c
> > > > +++ b/arch/x86/kvm/x86.c
> > > > @@ -1189,7 +1189,7 @@ int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
> > > > return 1;
> > > > if (cr3 != kvm_read_cr3(vcpu))
> > > > - kvm_mmu_new_pgd(vcpu, cr3);
> > > > + kvm_mmu_update_root(vcpu);
> > > > vcpu->arch.cr3 = cr3;
> > > > kvm_register_mark_dirty(vcpu, VCPU_EXREG_CR3);
> > >
> > > Uh-oh, this has to become:
> > >
> > > vcpu->arch.cr3 = cr3;
> > > kvm_register_mark_dirty(vcpu, VCPU_EXREG_CR3);
> > > if (!is_pae_paging(vcpu))
> > > kvm_mmu_update_root(vcpu);
> > >
> > > The regression would go away after patch 16, but this is more tidy apart
> > > from having to check is_pae_paging *again*.
> > >
> > > Incremental patch:
> > >
> > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> > > index adcee7c305ca..0085e9fba372 100644
> > > --- a/arch/x86/kvm/x86.c
> > > +++ b/arch/x86/kvm/x86.c
> > > @@ -1188,11 +1189,11 @@ int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
> > > if (is_pae_paging(vcpu) && !load_pdptrs(vcpu, cr3))
> > > return 1;
> > > - if (cr3 != kvm_read_cr3(vcpu))
> > > - kvm_mmu_update_root(vcpu);
> > > -
> > > vcpu->arch.cr3 = cr3;
> > > kvm_register_mark_dirty(vcpu, VCPU_EXREG_CR3);
> > > + if (!is_pae_paging(vcpu))
> > > + kvm_mmu_update_root(vcpu);
> > > +
> > > /* Do not call post_set_cr3, we do not get here for confidential guests. */
> > >
> > > An alternative is to move the vcpu->arch.cr3 update in load_pdptrs.
> > > Reviewers, let me know if you prefer that, then I'll send v3.
> >
> > c) None of the above.
> >
> > MOV CR3 never requires a new root if TDP is enabled, and the guest_mmu is used if
> > and only if TDP is enabled. Even when KVM intercepts CR3 when EPT=1 && URG=0, it
> > does so only to snapshot vcpu->arch.cr3, there's no need to get a new PGD.
> >
> > Unless I'm missing something, your original suggestion of checking tdp_enabled is
> > the way to go.
> >
> > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> > index 6e0f7f22c6a7..2b02029c63d0 100644
> > --- a/arch/x86/kvm/x86.c
> > +++ b/arch/x86/kvm/x86.c
> > @@ -1187,7 +1187,7 @@ int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
> > if (is_pae_paging(vcpu) && !load_pdptrs(vcpu, cr3))
> > return 1;
> >
> > - if (cr3 != kvm_read_cr3(vcpu))
> > + if (!tdp_enabled && cr3 != kvm_read_cr3(vcpu))
> > kvm_mmu_new_pgd(vcpu, cr3);
> >
> > vcpu->arch.cr3 = cr3;
> >
> >
>
> Is this actually related to the discussion? The original issue that Paolo
> found in his patch was that kvm_mmu_update_root now reads _current_ cr3, thus
> it has to be set before calling it.
Yes, if we instead do the above, then replacing kvm_mmu_new_pgd() with
kvm_mmu_update_root() is unnecessary. Paolo is trying to fix the case where
kvm_mmu_new_pgd() does the wrong thing for guest_mmu. My point is that we
should never call kvm_mmu_new_pgd() if mmu == guest_mmu in the first place, and
adding the tdp_enabled checks fixes that bug.
I'm ok with kvm_mmu_new_pgd() acting on a pre-computed role, assuming we actually
get sanity checks. Deliberately ignoring the pgd/cr3 we already have is silly.
Powered by blists - more mailing lists