| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Mar 2022 23:36:00 +0800
From: Lai Jiangshan <jiangshanlai@...il.com>
To: linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
Paolo Bonzini <pbonzini@...hat.com>,
Sean Christopherson <seanjc@...gle.com>
Cc: Lai Jiangshan <jiangshan.ljs@...group.com>
Subject: [RFC PATCH V2 0/4] KVM: X86: Add and use shadow page with level expanded or acting as pae_root
From: Lai Jiangshan <jiangshan.ljs@...group.com>
(Request For Help for testing on AMD machine with 32 bit L1 hypervisor,
see information below)
KVM handles root pages specially for these cases:
direct mmu (nonpaping for 32 bit guest):
gCR0_PG=0
shadow mmu (shadow paping for 32 bit guest):
gCR0_PG=1,gEFER_LMA=0,gCR4_PSE=0
gCR0_PG=1,gEFER_LMA=0,gCR4_PSE=1
direct mmu (NPT for 32bit host):
hEFER_LMA=0
shadow nested NPT (for 32bit L1 hypervisor):
gCR0_PG=1,gEFER_LMA=0,gCR4_PSE=0,hEFER_LMA=0
gCR0_PG=1,gEFER_LMA=0,gCR4_PSE=1,hEFER_LMA=0
gCR0_PG=1,gEFER_LMA=0,gCR4_PSE={0|1},hEFER_LMA=1,hCR4_LA57={0|1}
Shadow nested NPT for 64bit L1 hypervisor:
gEFER_LMA=1,gCR4_LA57=0,hEFER_LMA=1,hCR4_LA57=1
They are either using special roots or matched the condition
((mmu->shadow_root_level > mmu->root_level) && !mm->direct_map)
(refered as level expansion) or both.
All the cases are using special roots except the last one.
Many cases are doing level expansion including the last one.
When special roots are used, the root page will not be backed by
kvm_mmu_page. So they must be treated specially, but not all places
is considering this problem, and Sean is adding some code to check
this special roots.
When level expansion, the kvm treats them silently always.
These treaments incur problems or complication, see the changelog
of every patch.
These patches were made when I reviewed all the usage of shadow_root_level
and root_level. Many root level patches are sent and accepted.
These patches has not been tested with shadow NPT cases listed above.
Because I don't have guest images can act as 32 bit L1 hypervisor, nor
I can access to AMD machine with 5 level paging. I'm a bit reluctant
to ask for the resource, so I send the patches and wish someone test
them and modify them. At least, it provides some thinking and reveals
problems of the existing code and of the AMD cases.
( *Request For Help* here.)
These patches have been tested with the all cases except the shadow-NPT
cases, the code coverage is believed to be more than 95% (hundreds of
code related to shadow-NPT are shoved, and be replaced with common
role.pae_root and role.passthrough code with only 8 line of code is
added for shadow-NPT, only 2 line of code is not covered in my tests).
[V1]: https://lore.kernel.org/lkml/20211210092508.7185-1-jiangshanlai@gmail.com/
Changed from V1:
Apply Sean's comments and suggestion. (Too much to list. Thanks!)
Add some comments.
Change changelog for role.pae_root patch.
Lai Jiangshan (4):
KVM: X86: Add arguement gfn and role to kvm_mmu_alloc_page()
KVM: X86: Introduce role.passthrough for level expanded pagetable
KVM: X86: Alloc role.pae_root shadow page
KVM: X86: Use passthrough and pae_root shadow page for 32bit guests
Documentation/virt/kvm/mmu.rst | 7 +
arch/x86/include/asm/kvm_host.h | 16 +-
arch/x86/kvm/mmu/mmu.c | 400 +++++++++-----------------------
arch/x86/kvm/mmu/paging_tmpl.h | 15 +-
4 files changed, 138 insertions(+), 300 deletions(-)
--
2.19.1.6.gb485710b
Powered by blists - more mailing lists