| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 01 Apr 2022 12:56:50 -0700
From: "Andy Lutomirski" <luto@...nel.org>
To: "Quentin Perret" <qperret@...gle.com>
Cc: "Sean Christopherson" <seanjc@...gle.com>,
"Steven Price" <steven.price@....com>,
"Chao Peng" <chao.p.peng@...ux.intel.com>,
"kvm list" <kvm@...r.kernel.org>,
"Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>,
linux-mm@...ck.org, linux-fsdevel@...r.kernel.org,
"Linux API" <linux-api@...r.kernel.org>, qemu-devel@...gnu.org,
"Paolo Bonzini" <pbonzini@...hat.com>,
"Jonathan Corbet" <corbet@....net>,
"Vitaly Kuznetsov" <vkuznets@...hat.com>,
"Wanpeng Li" <wanpengli@...cent.com>,
"Jim Mattson" <jmattson@...gle.com>,
"Joerg Roedel" <joro@...tes.org>,
"Thomas Gleixner" <tglx@...utronix.de>,
"Ingo Molnar" <mingo@...hat.com>, "Borislav Petkov" <bp@...en8.de>,
"the arch/x86 maintainers" <x86@...nel.org>,
"H. Peter Anvin" <hpa@...or.com>,
"Hugh Dickins" <hughd@...gle.com>,
"Jeff Layton" <jlayton@...nel.org>,
"J . Bruce Fields" <bfields@...ldses.org>,
"Andrew Morton" <akpm@...ux-foundation.org>,
"Mike Rapoport" <rppt@...nel.org>,
"Maciej S . Szmigiero" <mail@...iej.szmigiero.name>,
"Vlastimil Babka" <vbabka@...e.cz>,
"Vishal Annapurve" <vannapurve@...gle.com>,
"Yu Zhang" <yu.c.zhang@...ux.intel.com>,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
"Nakajima, Jun" <jun.nakajima@...el.com>,
"Dave Hansen" <dave.hansen@...el.com>,
"Andi Kleen" <ak@...ux.intel.com>,
"David Hildenbrand" <david@...hat.com>,
"Marc Zyngier" <maz@...nel.org>, "Will Deacon" <will@...nel.org>
Subject: Re: [PATCH v5 00/13] KVM: mm: fd-based approach for supporting KVM guest
private memory
On Fri, Apr 1, 2022, at 7:59 AM, Quentin Perret wrote:
> On Thursday 31 Mar 2022 at 09:04:56 (-0700), Andy Lutomirski wrote:
> To answer your original question about memory 'conversion', the key
> thing is that the pKVM hypervisor controls the stage-2 page-tables for
> everyone in the system, all guests as well as the host. As such, a page
> 'conversion' is nothing more than a permission change in the relevant
> page-tables.
>
So I can see two different ways to approach this.
One is that you split the whole address space in half and, just like SEV and TDX, allocate one bit to indicate the shared/private status of a page. This makes it work a lot like SEV and TDX.
The other is to have shared and private pages be distinguished only by their hypercall history and the (protected) page tables. This saves some address space and some page table allocations, but it opens some cans of worms too. In particular, the guest and the hypervisor need to coordinate, in a way that the guest can trust, to ensure that the guest's idea of which pages are private match the host's. This model seems a bit harder to support nicely with the private memory fd model, but not necessarily impossible.
Also, what are you trying to accomplish by having the host userspace mmap private pages? Is the idea that multiple guest could share the same page until such time as one of them tries to write to it? That would be kind of like having a third kind of memory that's visible to host and guests but is read-only for everyone. TDX and SEV can't support this at all (a private page belongs to one guest and one guest only, at least in SEV and in the current TDX SEAM spec). I imagine that this could be supported with private memory fds with some care without mmap, though -- the host could still populate the page with memcpy. Or I suppose a memslot could support using MAP_PRIVATE fds and have approximately the right semantics.
--Andy
Powered by blists - more mailing lists