| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 23 Dec 2022 00:13:47 +0000
From: Vishal Annapurve <vannapurve@...gle.com>
To: x86@...nel.org, kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-kselftest@...r.kernel.org
Cc: pbonzini@...hat.com, vkuznets@...hat.com, wanpengli@...cent.com,
jmattson@...gle.com, joro@...tes.org, tglx@...utronix.de,
mingo@...hat.com, bp@...en8.de, dave.hansen@...ux.intel.com,
hpa@...or.com, shuah@...nel.org, yang.zhong@...el.com,
drjones@...hat.com, ricarkol@...gle.com, aaronlewis@...gle.com,
wei.w.wang@...el.com, kirill.shutemov@...ux.intel.com,
corbet@....net, hughd@...gle.com, jlayton@...nel.org,
bfields@...ldses.org, akpm@...ux-foundation.org,
chao.p.peng@...ux.intel.com, yu.c.zhang@...ux.intel.com,
jun.nakajima@...el.com, dave.hansen@...el.com,
michael.roth@....com, qperret@...gle.com, steven.price@....com,
ak@...ux.intel.com, david@...hat.com, luto@...nel.org,
vbabka@...e.cz, marcorr@...gle.com, erdemaktas@...gle.com,
pgonda@...gle.com, nikunj@....com, seanjc@...gle.com,
diviness@...gle.com, maz@...nel.org, dmatlack@...gle.com,
axelrasmussen@...gle.com, maciej.szmigiero@...cle.com,
mizhang@...gle.com, bgardon@...gle.com, ackerleytng@...gle.com,
Vishal Annapurve <vannapurve@...gle.com>
Subject: [V3 PATCH 3/8] KVM: selftests: x86: Support changing gpa encryption masks
Add support for guest side functionality to modify encryption/shared
masks for entries in page table to allow accessing GPA ranges as private
or shared.
Signed-off-by: Vishal Annapurve <vannapurve@...gle.com>
---
.../selftests/kvm/include/x86_64/processor.h | 4 ++
.../selftests/kvm/lib/x86_64/processor.c | 39 +++++++++++++++++++
2 files changed, 43 insertions(+)
diff --git a/tools/testing/selftests/kvm/include/x86_64/processor.h b/tools/testing/selftests/kvm/include/x86_64/processor.h
index 3617f83bb2e5..c8c55f54c14f 100644
--- a/tools/testing/selftests/kvm/include/x86_64/processor.h
+++ b/tools/testing/selftests/kvm/include/x86_64/processor.h
@@ -945,6 +945,10 @@ void vcpu_init_descriptor_tables(struct kvm_vcpu *vcpu);
void vm_install_exception_handler(struct kvm_vm *vm, int vector,
void (*handler)(struct ex_regs *));
+void guest_set_region_shared(void *vaddr, uint64_t size);
+
+void guest_set_region_private(void *vaddr, uint64_t size);
+
/* If a toddler were to say "abracadabra". */
#define KVM_EXCEPTION_MAGIC 0xabacadabaULL
diff --git a/tools/testing/selftests/kvm/lib/x86_64/processor.c b/tools/testing/selftests/kvm/lib/x86_64/processor.c
index ab7d4cc4b848..42d1e4074f32 100644
--- a/tools/testing/selftests/kvm/lib/x86_64/processor.c
+++ b/tools/testing/selftests/kvm/lib/x86_64/processor.c
@@ -276,6 +276,45 @@ static uint64_t *guest_code_get_pte(uint64_t vaddr)
return (uint64_t *)&pte[index[0]];
}
+static void guest_code_change_region_prot(void *vaddr_start, uint64_t mem_size,
+ bool private)
+{
+ uint64_t vaddr = (uint64_t)vaddr_start;
+ uint32_t num_pages;
+
+ GUEST_ASSERT(gpgt_info != NULL);
+ uint32_t guest_page_size = gpgt_info->page_size;
+
+ GUEST_ASSERT(!(mem_size % guest_page_size) && !(vaddr % guest_page_size));
+ GUEST_ASSERT(gpgt_info->enc_mask | gpgt_info->shared_mask);
+
+ num_pages = mem_size / guest_page_size;
+ for (uint32_t i = 0; i < num_pages; i++) {
+ uint64_t *pte = guest_code_get_pte(vaddr);
+
+ GUEST_ASSERT(pte);
+ if (private) {
+ *pte &= ~(gpgt_info->shared_mask);
+ *pte |= gpgt_info->enc_mask;
+ } else {
+ *pte &= ~(gpgt_info->enc_mask);
+ *pte |= gpgt_info->shared_mask;
+ }
+ asm volatile("invlpg (%0)" :: "r"(vaddr) : "memory");
+ vaddr += guest_page_size;
+ }
+}
+
+void guest_set_region_shared(void *vaddr, uint64_t size)
+{
+ guest_code_change_region_prot(vaddr, size, /* shared */ false);
+}
+
+void guest_set_region_private(void *vaddr, uint64_t size)
+{
+ guest_code_change_region_prot(vaddr, size, /* private */ true);
+}
+
void sync_vm_gpgt_info(struct kvm_vm *vm, vm_vaddr_t pgt_info)
{
gpgt_info = (struct guest_pgt_info *)pgt_info;
--
2.39.0.314.g84b9a713c41-goog
Powered by blists - more mailing lists