| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Sep 2023 19:06:52 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Maxim Levitsky <mlevitsk@...hat.com>
Cc: kvm@...r.kernel.org, iommu@...ts.linux.dev,
"H. Peter Anvin" <hpa@...or.com>,
Paolo Bonzini <pbonzini@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>,
Borislav Petkov <bp@...en8.de>, Joerg Roedel <joro@...tes.org>,
x86@...nel.org,
Suravee Suthikulpanit <suravee.suthikulpanit@....com>,
linux-kernel@...r.kernel.org,
Dave Hansen <dave.hansen@...ux.intel.com>,
Will Deacon <will@...nel.org>, Ingo Molnar <mingo@...hat.com>,
Robin Murphy <robin.murphy@....com>
Subject: Re: [PATCH v2 4/4] x86: KVM: SVM: workaround for AVIC's errata #1235
On Thu, Sep 28, 2023, Maxim Levitsky wrote:
> diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c
> index 4b74ea91f4e6bb6..28bb0e6b321660d 100644
> --- a/arch/x86/kvm/svm/avic.c
> +++ b/arch/x86/kvm/svm/avic.c
> @@ -62,6 +62,9 @@ static_assert(__AVIC_GATAG(AVIC_VM_ID_MASK, AVIC_VCPU_ID_MASK) == -1u);
> static bool force_avic;
> module_param_unsafe(force_avic, bool, 0444);
>
> +static int avic_zen2_errata_workaround = -1;
> +module_param(avic_zen2_errata_workaround, int, 0444);
> +
> /* Note:
> * This hash table is used to map VM_ID to a struct kvm_svm,
> * when handling AMD IOMMU GALOG notification to schedule in
> @@ -276,7 +279,7 @@ static u64 *avic_get_physical_id_entry(struct kvm_vcpu *vcpu,
>
> static int avic_init_backing_page(struct kvm_vcpu *vcpu)
> {
> - u64 *entry, new_entry;
> + u64 *entry;
> int id = vcpu->vcpu_id;
> struct vcpu_svm *svm = to_svm(vcpu);
>
> @@ -308,10 +311,10 @@ static int avic_init_backing_page(struct kvm_vcpu *vcpu)
> if (!entry)
> return -EINVAL;
>
> - new_entry = __sme_set((page_to_phys(svm->avic_backing_page) &
> - AVIC_PHYSICAL_ID_ENTRY_BACKING_PAGE_MASK) |
> - AVIC_PHYSICAL_ID_ENTRY_VALID_MASK);
> - WRITE_ONCE(*entry, new_entry);
> + svm->avic_physical_id_entry = __sme_set((page_to_phys(svm->avic_backing_page) &
> + AVIC_PHYSICAL_ID_ENTRY_BACKING_PAGE_MASK) |
> + AVIC_PHYSICAL_ID_ENTRY_VALID_MASK);
> + WRITE_ONCE(*entry, svm->avic_physical_id_entry);
Aha! Rather than deal with the dummy entry at runtime, simply point the pointer
at the dummy entry during setup.
And instead of adding a dedicated erratum param, let's piggyback VMX's enable_ipiv.
It's not a true disable, but IMO it's close enough. That will make the param
much more self-documenting, and won't feel so awkward if someone wants to disable
IPI virtualization for other reasons.
Then we can do this in three steps:
1. Move enable_ipiv to common code
2. Let userspace disable enable_ipiv for SVM+AVIC
3. Disable enable_ipiv for affected CPUs
The biggest downside to using enable_ipiv is that a the "auto" behavior for the
erratum will be a bit ugly, but that's a solvable problem.
If you've no objection to the above approach, I'll post the attached patches along
with a massaged version of this patch.
The attached patches apply on top of an AVIC clean[*], which (shameless plug)
could use a review ;-)
[*] https://lore.kernel.org/all/20230815213533.548732-1-seanjc@google.com
View attachment "0001-KVM-VMX-Move-enable_ipiv-knob-to-common-x86.patch" of type "text/x-diff" (2652 bytes)
View attachment "0002-KVM-SVM-Add-enable_ipiv-param-skip-physical-ID-progr.patch" of type "text/x-diff" (3227 bytes)
Powered by blists - more mailing lists