| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 04 Apr 2022 15:04:17 -0700
From: "Andy Lutomirski" <luto@...nel.org>
To: "Sean Christopherson" <seanjc@...gle.com>,
"Quentin Perret" <qperret@...gle.com>
Cc: "Steven Price" <steven.price@....com>,
"Chao Peng" <chao.p.peng@...ux.intel.com>,
"kvm list" <kvm@...r.kernel.org>,
"Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>,
linux-mm@...ck.org, linux-fsdevel@...r.kernel.org,
"Linux API" <linux-api@...r.kernel.org>, qemu-devel@...gnu.org,
"Paolo Bonzini" <pbonzini@...hat.com>,
"Jonathan Corbet" <corbet@....net>,
"Vitaly Kuznetsov" <vkuznets@...hat.com>,
"Wanpeng Li" <wanpengli@...cent.com>,
"Jim Mattson" <jmattson@...gle.com>,
"Joerg Roedel" <joro@...tes.org>,
"Thomas Gleixner" <tglx@...utronix.de>,
"Ingo Molnar" <mingo@...hat.com>, "Borislav Petkov" <bp@...en8.de>,
"the arch/x86 maintainers" <x86@...nel.org>,
"H. Peter Anvin" <hpa@...or.com>,
"Hugh Dickins" <hughd@...gle.com>,
"Jeff Layton" <jlayton@...nel.org>,
"J . Bruce Fields" <bfields@...ldses.org>,
"Andrew Morton" <akpm@...ux-foundation.org>,
"Mike Rapoport" <rppt@...nel.org>,
"Maciej S . Szmigiero" <mail@...iej.szmigiero.name>,
"Vlastimil Babka" <vbabka@...e.cz>,
"Vishal Annapurve" <vannapurve@...gle.com>,
"Yu Zhang" <yu.c.zhang@...ux.intel.com>,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
"Nakajima, Jun" <jun.nakajima@...el.com>,
"Dave Hansen" <dave.hansen@...el.com>,
"Andi Kleen" <ak@...ux.intel.com>,
"David Hildenbrand" <david@...hat.com>,
"Marc Zyngier" <maz@...nel.org>, "Will Deacon" <will@...nel.org>
Subject: Re: [PATCH v5 00/13] KVM: mm: fd-based approach for supporting KVM guest
private memory
On Mon, Apr 4, 2022, at 10:06 AM, Sean Christopherson wrote:
> On Mon, Apr 04, 2022, Quentin Perret wrote:
>> On Friday 01 Apr 2022 at 12:56:50 (-0700), Andy Lutomirski wrote:
>> FWIW, there are a couple of reasons why I'd like to have in-place
>> conversions:
>>
>> - one goal of pKVM is to migrate some things away from the Arm
>> Trustzone environment (e.g. DRM and the likes) and into protected VMs
>> instead. This will give Linux a fighting chance to defend itself
>> against these things -- they currently have access to _all_ memory.
>> And transitioning pages between Linux and Trustzone (donations and
>> shares) is fast and non-destructive, so we really do not want pKVM to
>> regress by requiring the hypervisor to memcpy things;
>
> Is there actually a _need_ for the conversion to be non-destructive?
> E.g. I assume
> the "trusted" side of things will need to be reworked to run as a pKVM
> guest, at
> which point reworking its logic to understand that conversions are
> destructive and
> slow-ish doesn't seem too onerous.
>
>> - it can be very useful for protected VMs to do shared=>private
>> conversions. Think of a VM receiving some data from the host in a
>> shared buffer, and then it wants to operate on that buffer without
>> risking to leak confidential informations in a transient state. In
>> that case the most logical thing to do is to convert the buffer back
>> to private, do whatever needs to be done on that buffer (decrypting a
>> frame, ...), and then share it back with the host to consume it;
>
> If performance is a motivation, why would the guest want to do two
> conversions
> instead of just doing internal memcpy() to/from a private page? I
> would be quite
> surprised if multiple exits and TLB shootdowns is actually faster,
> especially at
> any kind of scale where zapping stage-2 PTEs will cause lock contention
> and IPIs.
I don't know the numbers or all the details, but this is arm64, which is a rather better architecture than x86 in this regard. So maybe it's not so bad, at least in very simple cases, ignoring all implementation details. (But see below.) Also the systems in question tend to have fewer CPUs than some of the massive x86 systems out there.
If we actually wanted to support transitioning the same page between shared and private, though, we have a bit of an awkward situation. Private to shared is conceptually easy -- do some bookkeeping, reconstitute the direct map entry, and it's done. The other direction is a mess: all existing uses of the page need to be torn down. If the page has been recently used for DMA, this includes IOMMU entries.
Quentin: let's ignore any API issues for now. Do you have a concept of how a nondestructive shared -> private transition could work well, even in principle? The best I can come up with is a special type of shared page that is not GUP-able and maybe not even mmappable, having a clear option for transitions to fail, and generally preventing the nasty cases from happening in the first place.
Maybe there could be a special mode for the private memory fds in which specific pages are marked as "managed by this fd but actually shared". pread() and pwrite() would work on those pages, but not mmap(). (Or maybe mmap() but the resulting mappings would not permit GUP.) And transitioning them would be a special operation on the fd that is specific to pKVM and wouldn't work on TDX or SEV.
Hmm. Sean and Chao, are we making a bit of a mistake by making these fds technology-agnostic? That is, would we want to distinguish between a TDX backing fd, a SEV backing fd, a software-based backing fd, etc? API-wise this could work by requiring the fd to be bound to a KVM VM instance and possibly even configured a bit before any other operations would be allowed.
(Destructive transitions nicely avoid all the nasty cases. If something is still pinning a shared page when it's "transitioned" to private (really just replaced with a new page), then the old page continues existing for as long as needed as a separate object.)
Powered by blists - more mailing lists