| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b1ffbf50-7728-64a1-5d46-10331a17530d@linux.microsoft.com>
Date: Wed, 24 May 2023 15:53:18 -0500
From: "Madhavan T. Venkataraman" <madvenka@...ux.microsoft.com>
To: Sean Christopherson <seanjc@...gle.com>,
Mickaël Salaün <mic@...ikod.net>
Cc: Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"H . Peter Anvin" <hpa@...or.com>, Ingo Molnar <mingo@...hat.com>,
Kees Cook <keescook@...omium.org>,
Paolo Bonzini <pbonzini@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Alexander Graf <graf@...zon.com>,
Forrest Yuan Yu <yuanyu@...gle.com>,
James Morris <jamorris@...ux.microsoft.com>,
John Andersen <john.s.andersen@...el.com>,
Liran Alon <liran.alon@...cle.com>,
Marian Rotariu <marian.c.rotariu@...il.com>,
Mihai Donțu <mdontu@...defender.com>,
Nicușor Cîțu <nicu.citu@...oud.com>,
Rick Edgecombe <rick.p.edgecombe@...el.com>,
Thara Gopinath <tgopinath@...rosoft.com>,
Will Deacon <will@...nel.org>,
Zahra Tarkhani <ztarkhani@...rosoft.com>,
Ștefan Șicleru <ssicleru@...defender.com>,
dev@...ts.cloudhypervisor.org, kvm@...r.kernel.org,
linux-hardening@...r.kernel.org, linux-hyperv@...r.kernel.org,
linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org, qemu-devel@...gnu.org,
virtualization@...ts.linux-foundation.org, x86@...nel.org,
xen-devel@...ts.xenproject.org
Subject: Re: [PATCH v1 2/9] KVM: x86/mmu: Add support for prewrite page
tracking
On 5/5/23 12:31, Sean Christopherson wrote:
> On Fri, May 05, 2023, Micka�l Sala�n wrote:
>>
>> On 05/05/2023 18:28, Sean Christopherson wrote:
>>> I have no doubt that we'll need to solve performance and scaling issues with the
>>> memory attributes implementation, e.g. to utilize xarray multi-range support
>>> instead of storing information on a per-4KiB-page basis, but AFAICT, the core
>>> idea is sound. And a very big positive from a maintenance perspective is that
>>> any optimizations, fixes, etc. for one use case (CoCo vs. hardening) should also
>>> benefit the other use case.
>>>
>>> [1] https://lore.kernel.org/all/20230311002258.852397-22-seanjc@google.com
>>> [2] https://lore.kernel.org/all/Y2WB48kD0J4VGynX@google.com
>>> [3] https://lore.kernel.org/all/Y1a1i9vbJ%2FpVmV9r@google.com
>>
>> I agree, I used this mechanism because it was easier at first to rely on a
>> previous work, but while I was working on the MBEC support, I realized that
>> it's not the optimal way to do it.
>>
>> I was thinking about using a new special EPT bit similar to
>> EPT_SPTE_HOST_WRITABLE, but it may not be portable though. What do you
>> think?
>
> On x86, SPTEs are even more ephemeral than memslots. E.g. for historical reasons,
> KVM zaps all SPTEs if _any_ memslot is deleted, which is problematic if the guest
> is moving around BARs, using option ROMs, etc.
>
> ARM's pKVM tracks metadata in its stage-2 PTEs, i.e. doesn't need an xarray to
> otrack attributes, but that works only because pKVM is more privileged than the
> host kernel, and the shared vs. private memory attribute that pKVM cares about
> is very, very restricted in how it can be used and changed.
>
> I tried shoehorning private vs. shared metadata into x86's SPTEs in the past, and
> it ended up being a constant battle with the kernel, e.g. page migration, and with
> KVM itself, e.g. the above memslot mess.
Sorry for the delay in responding to this. I wanted to study the KVM code and fully
understand your comment before responding.
Yes, I quite agree with you. I will make an attempt to address this in the next version.
I am working on it right now.
Thanks.
Madhavan
Powered by blists - more mailing lists