lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <ZJn4OFrQfTYpoIYE@google.com>
Date:   Mon, 26 Jun 2023 13:42:32 -0700
From:   Sean Christopherson <seanjc@...gle.com>
To:     Jim Mattson <jmattson@...gle.com>
Cc:     Mingwei Zhang <mizhang@...gle.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org, Ben Gardon <bgardon@...gle.com>
Subject: Re: [PATCH] KVM: x86/mmu: Remove KVM MMU write lock when accessing indirect_shadow_pages

On Mon, Jun 26, 2023, Jim Mattson wrote:
> On Thu, Jun 15, 2023 at 4:58 PM Mingwei Zhang <mizhang@...gle.com> wrote:
> >
> > On Tue, Jun 6, 2023 at 5:28 PM Sean Christopherson <seanjc@...gle.com> wrote:
> > >
> > > On Tue, Jun 06, 2023, Mingwei Zhang wrote:
> > > > > > Hmm. I agree with both points above, but below, the change seems too
> > > > > > heavyweight. smp_wb() is a mfence(), i.e., serializing all
> > > > > > loads/stores before the instruction. Doing that for every shadow page
> > > > > > creation and destruction seems a lot.
> > > > >
> > > > > No, the smp_*b() variants are just compiler barriers on x86.
> > > >
> > > > hmm, it is a "lock addl" now for smp_mb(). Check this: 450cbdd0125c
> > > > ("locking/x86: Use LOCK ADD for smp_mb() instead of MFENCE")
> > > >
> > > > So this means smp_mb() is not a free lunch and we need to be a little
> > > > bit careful.
> > >
> > > Oh, those sneaky macros.  x86 #defines __smp_mb(), not the outer helper.  I'll
> > > take a closer look before posting to see if there's a way to avoid the runtime
> > > barrier.
> >
> > Checked again, I think using smp_wmb() and smp_rmb() should be fine as
> > those are just compiler barriers. We don't need a full barrier here.
> 
> That seems adequate.

Strictly speaking, no, because neither FNAME(fetch) nor kvm_mmu_pte_write() are
pure readers or writers.  FNAME(fetch) reads guest memory (guest PTEs) and writes
indirect_shadow_pages.   kvm_mmu_pte_write() writes guest memory (guest PTEs) and
reads indirect_shadow_pages (it later writes indirect_shadow_pages too, but that
write isn't relevant to the ordering we care about here).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ