lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Yo1okaacf2kbvrxh@google.com>
Date:   Tue, 24 May 2022 23:21:53 +0000
From:   Sean Christopherson <seanjc@...gle.com>
To:     Lei Wang <lei4.wang@...el.com>
Cc:     pbonzini@...hat.com, vkuznets@...hat.com, wanpengli@...cent.com,
        jmattson@...gle.com, joro@...tes.org, chenyi.qiang@...el.com,
        kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v7 5/8] KVM: MMU: Add helper function to get pkr bits

On Sun, Apr 24, 2022, Lei Wang wrote:
> Extra the PKR stuff to a separate, non-inline helper, which is a

s/Extra/Extract

> preparation to introduce pks support.

Please provide more justification.  The change is justified, by random readers of
this patch/commit will be clueless.

  Extract getting the effective PKR bits to a helper that lives in mmu.c
  in order to keep the is_cr4_*() helpers contained to mmu.c.  Support for
  PKRS (versus just PKRU) will require querying MMU state to see if the
  relevant CR4 bit is enabled because pkr_mask will be non-zero if _either_
  bit is enabled).

  PKR{U,S} are exposed to the guest if and only if TDP is enabled, and
  while permission_fault() is performance critical for ia32 shadow paging,
  it's a rarely used path with TDP is enabled.  I.e. moving the PKR code
  out-of-line is not a performance concern.

> Signed-off-by: Lei Wang <lei4.wang@...el.com>
> ---
>  arch/x86/kvm/mmu.h     | 20 +++++---------------
>  arch/x86/kvm/mmu/mmu.c | 21 +++++++++++++++++++++
>  2 files changed, 26 insertions(+), 15 deletions(-)
> 
> diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h
> index cb3f07e63778..cea03053a153 100644
> --- a/arch/x86/kvm/mmu.h
> +++ b/arch/x86/kvm/mmu.h
> @@ -204,6 +204,9 @@ static inline int kvm_mmu_do_page_fault(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
>  	return vcpu->arch.mmu->page_fault(vcpu, &fault);
>  }
>  
> +u32 kvm_mmu_pkr_bits(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu,

kvm_mmu_get_pkr_bits() so that there's a verb in there.

> +		     unsigned pte_access, unsigned pte_pkey, unsigned int pfec);
> +
>  /*
>   * Check if a given access (described through the I/D, W/R and U/S bits of a
>   * page fault error code pfec) causes a permission fault with the given PTE
> @@ -240,21 +243,8 @@ static inline u8 permission_fault(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu,
>  
>  	WARN_ON(pfec & (PFERR_PK_MASK | PFERR_RSVD_MASK));
>  	if (unlikely(mmu->pkr_mask)) {
> -		u32 pkr_bits, offset;
> -
> -		/*
> -		* PKRU defines 32 bits, there are 16 domains and 2
> -		* attribute bits per domain in pkru.  pte_pkey is the
> -		* index of the protection domain, so pte_pkey * 2 is
> -		* is the index of the first bit for the domain.
> -		*/
> -		pkr_bits = (vcpu->arch.pkru >> (pte_pkey * 2)) & 3;
> -
> -		/* clear present bit, replace PFEC.RSVD with ACC_USER_MASK. */
> -		offset = (pfec & ~1) +
> -			((pte_access & PT_USER_MASK) << (PFERR_RSVD_BIT - PT_USER_SHIFT));
> -
> -		pkr_bits &= mmu->pkr_mask >> offset;
> +		u32 pkr_bits =
> +			kvm_mmu_pkr_bits(vcpu, mmu, pte_access, pte_pkey, pfec);

Nit, I prefer wrapping in the params, that way the first line shows the most
important information, e.g. what variable is being set and how (by a function call).
And then there won't be overflow with the longer helper name:

		u32 pkr_bits = kvm_mmu_get_pkr_bits(vcpu, mmu, pte_access,
						    pte_pkey, pfec);

>  		errcode |= -pkr_bits & PFERR_PK_MASK;
>  		fault |= (pkr_bits != 0);
>  	}
> diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
> index de665361548d..6d3276986102 100644
> --- a/arch/x86/kvm/mmu/mmu.c
> +++ b/arch/x86/kvm/mmu/mmu.c
> @@ -6477,3 +6477,24 @@ void kvm_mmu_pre_destroy_vm(struct kvm *kvm)
>  	if (kvm->arch.nx_lpage_recovery_thread)
>  		kthread_stop(kvm->arch.nx_lpage_recovery_thread);
>  }
> +
> +u32 kvm_mmu_pkr_bits(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu,
> +		     unsigned pte_access, unsigned pte_pkey, unsigned int pfec)
> +{
> +	u32 pkr_bits, offset;
> +
> +	/*
> +	* PKRU defines 32 bits, there are 16 domains and 2

Comment needs to be aligned, and it can be adjust to wrap at 80 chars (its
indentation has changed).


	/*
	 * PKRU and PKRS both define 32 bits. There are 16 domains and 2
	 * attribute bits per domain in them. pte_key is the index of the
	 * protection domain, so pte_pkey * 2 is the index of the first bit for
	 * the domain. The use of PKRU versus PKRS is selected by the address
	 * type, as determined by the U/S bit in the paging-structure entries.
	 */

> +	* attribute bits per domain in pkru.  pte_pkey is the
> +	* index of the protection domain, so pte_pkey * 2 is
> +	* is the index of the first bit for the domain.
> +	*/
> +	pkr_bits = (vcpu->arch.pkru >> (pte_pkey * 2)) & 3;
> +
> +	/* clear present bit, replace PFEC.RSVD with ACC_USER_MASK. */
> +	offset = (pfec & ~1) + ((pte_access & PT_USER_MASK)
> +				<< (PFERR_RSVD_BIT - PT_USER_SHIFT));
> +
> +	pkr_bits &= mmu->pkr_mask >> offset;
> +	return pkr_bits;
> +}
> -- 
> 2.25.1
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ