| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Mar 2023 12:27:28 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Ackerley Tng <ackerleytng@...gle.com>
Cc: Chao Peng <chao.p.peng@...ux.intel.com>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-mm@...ck.org,
linux-fsdevel@...r.kernel.org, linux-arch@...r.kernel.org,
linux-api@...r.kernel.org, linux-doc@...r.kernel.org,
qemu-devel@...gnu.org, pbonzini@...hat.com, corbet@....net,
vkuznets@...hat.com, wanpengli@...cent.com, jmattson@...gle.com,
joro@...tes.org, tglx@...utronix.de, mingo@...hat.com,
bp@...en8.de, arnd@...db.de, naoya.horiguchi@....com,
linmiaohe@...wei.com, x86@...nel.org, hpa@...or.com,
hughd@...gle.com, jlayton@...nel.org, bfields@...ldses.org,
akpm@...ux-foundation.org, shuah@...nel.org, rppt@...nel.org,
steven.price@....com, mail@...iej.szmigiero.name, vbabka@...e.cz,
vannapurve@...gle.com, yu.c.zhang@...ux.intel.com,
kirill.shutemov@...ux.intel.com, luto@...nel.org,
jun.nakajima@...el.com, dave.hansen@...el.com, ak@...ux.intel.com,
david@...hat.com, aarcange@...hat.com, ddutile@...hat.com,
dhildenb@...hat.com, qperret@...gle.com, tabba@...gle.com,
michael.roth@....com, mhocko@...e.com, wei.w.wang@...el.com
Subject: Re: [PATCH v10 9/9] KVM: Enable and expose KVM_MEM_PRIVATE
Please trim your replies so that readers don't need to scan through a hundred or
so lines of quotes just to confirm there's nothing there.
On Tue, Mar 07, 2023, Ackerley Tng wrote:
> Chao Peng <chao.p.peng@...ux.intel.com> writes:
>
> > Register/unregister private memslot to fd-based memory backing store
> > restrictedmem and implement the callbacks for restrictedmem_notifier:
> > - invalidate_start()/invalidate_end() to zap the existing memory
> > mappings in the KVM page table.
> > - error() to request KVM_REQ_MEMORY_MCE and later exit to userspace
> > with KVM_EXIT_SHUTDOWN.
>
> > Expose KVM_MEM_PRIVATE for memslot and KVM_MEMORY_ATTRIBUTE_PRIVATE for
> > KVM_GET_SUPPORTED_MEMORY_ATTRIBUTES to userspace but either are
> > controlled by kvm_arch_has_private_mem() which should be rewritten by
> > architecture code.
>
> Could we perhaps rename KVM_MEM_PRIVATE to KVM_MEM_PROTECTED, to be in
> line with KVM_X86_PROTECTED_VM?
>
> I feel that a memslot that has the KVM_MEM_PRIVATE flag need not always
> be private; It can sometimes be providing memory that is shared and
> also accessible from the host.
>
> KVM_MEMORY_ATTRIBUTE_PRIVATE is fine as-is because this flag is set when
> the guest memory is meant to be backed by private memory.
>
> KVM_MEMORY_EXIT_FLAG_PRIVATE is also okay because the flag is used to
> indicate when the memory error is caused by a private access (as opposed
> to a shared access).
>
> kvm_slot_can_be_private() could perhaps be renamed kvm_is_protected_slot()?
No to this suggestion. I agree that KVM_MEM_PRIVATE is a bad name, but
kvm_is_protected_slot() is just as wrong. The _only_ thing that the flag controls
is whether whether or not the memslot has an fd that is bound to restricted memory.
The memslot itself is not protected in any way, and if the entire memslot is mapped
shared, then the data backed by the memslot isn't protected either.
What about KVM_MEM_CAN_BE_PRIVATE? KVM_MEM_PRIVATIZABLE is more succinct, but
AFAICT that's a made up word, and IMO is unnecessarily fancy.
Powered by blists - more mailing lists