[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CWTH00RO3SCI.31S210JQ8XP8J@amazon.com>
Date: Wed, 8 Nov 2023 13:38:35 +0000
From: Nicolas Saenz Julienne <nsaenz@...zon.com>
To: Alexander Graf <graf@...zon.com>, <kvm@...r.kernel.org>
CC: <linux-kernel@...r.kernel.org>, <linux-hyperv@...r.kernel.org>,
<pbonzini@...hat.com>, <seanjc@...gle.com>, <vkuznets@...hat.com>,
<anelkz@...zon.com>, <dwmw@...zon.co.uk>, <jgowans@...zon.com>,
<corbert@....net>, <kys@...rosoft.com>, <haiyangz@...rosoft.com>,
<decui@...rosoft.com>, <x86@...nel.org>,
<linux-doc@...r.kernel.org>
Subject: Re: [RFC 30/33] KVM: x86: hyper-v: Introduce
KVM_REQ_HV_INJECT_INTERCEPT request
On Wed Nov 8, 2023 at 12:45 PM UTC, Alexander Graf wrote:
>
> On 08.11.23 12:18, Nicolas Saenz Julienne wrote:
> > Introduce a new request type, KVM_REQ_HV_INJECT_INTERCEPT which allows
> > injecting out-of-band Hyper-V secure intercepts. For now only memory
> > access intercepts are supported. These are triggered when access a GPA
> > protected by a higher VTL. The memory intercept metadata is filled based
> > on the GPA provided through struct kvm_vcpu_hv_intercept_info, and
> > injected into the guest through SynIC message.
> >
> > Signed-off-by: Nicolas Saenz Julienne <nsaenz@...zon.com>
>
>
> IMHO memory protection violations should result in a user space exit.
It already does, it's not very explicit from the patch itself, since the
functionality was introduced in through the "KVM: guest_memfd() and
per-page attributes" series [1].
See this snippet in patch #27:
+ if (kvm_hv_vsm_enabled(vcpu->kvm)) {
+ if (kvm_hv_faultin_pfn(vcpu, fault)) {
+ kvm_mmu_prepare_memory_fault_exit(vcpu, fault);
+ return -EFAULT;
+ }
+ }
Otherwise the doc in patch #33 also mentions this. :)
> User space can then validate what to do with the violation and if
> necessary inject an intercept.
I do agree that secure intercept injection should be moved into to
user-space, and happen as a reaction to a user-space memory fault exit.
I was unable to do so yet, since the intercepts require a level of
introspection that is not yet available to QEMU. For example, providing
the length of the instruction that caused the fault. I'll work on
exposing the necessary information to user-space and move the whole
intercept concept there.
Nicolas
[1] https://lore.kernel.org/lkml/20231105163040.14904-1-pbonzini@redhat.com/.
Powered by blists - more mailing lists