lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 22 Jan 2024 15:57:13 +0800
From: Binbin Wu <binbin.wu@...ux.intel.com>
To: Paolo Bonzini <pbonzini@...hat.com>,
 Sean Christopherson <seanjc@...gle.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [GIT PULL] KVM: x86: LAM support for 6.8



On 1/8/2024 9:04 PM, Paolo Bonzini wrote:
> On Thu, Jan 4, 2024 at 8:33 PM Sean Christopherson <seanjc@...gle.com> wrote:
>> LAM virtualization support.  FWIW, I intended to send this in early-ish
>> December as you've asked in the past, but December was basically a lost cause
>> for me in terms of doing upstream work.  :-/
>>
>> The following changes since commit e9e60c82fe391d04db55a91c733df4a017c28b2f:
>>
>>    selftests/kvm: fix compilation on non-x86_64 platforms (2023-11-21 11:58:25 -0500)
>>
>> are available in the Git repository at:
>>
>>    https://github.com/kvm-x86/linux.git tags/kvm-x86-lam-6.8
>>
>> for you to fetch changes up to 183bdd161c2b773a62f01d1c030f5a3a5b7c33b5:
>>
>>    KVM: x86: Use KVM-governed feature framework to track "LAM enabled" (2023-11-28 17:54:09 -0800)
> Patches are surprisingly small for this. What's the state of tests
> (https://www.spinics.net/lists/kvm/msg313712.html) though?

The patch series is tested by the LAM kselftest cases as well as
a set of test cases[1] in kvm-unit-tests.

[1] 
https://lore.kernel.org/kvm/20230530024356.24870-1-binbin.wu@linux.intel.com/
Will send a new version with minor change to resolve a feedback soon.


>
> Thanks,
>
> Paolo
>
>> ----------------------------------------------------------------
>> KVM x86 support for virtualizing Linear Address Masking (LAM)
>>
>> Add KVM support for Linear Address Masking (LAM).  LAM tweaks the canonicality
>> checks for most virtual address usage in 64-bit mode, such that only the most
>> significant bit of the untranslated address bits must match the polarity of the
>> last translated address bit.  This allows software to use ignored, untranslated
>> address bits for metadata, e.g. to efficiently tag pointers for address
>> sanitization.
>>
>> LAM can be enabled separately for user pointers and supervisor pointers, and
>> for userspace LAM can be select between 48-bit and 57-bit masking
>>
>>   - 48-bit LAM: metadata bits 62:48, i.e. LAM width of 15.
>>   - 57-bit LAM: metadata bits 62:57, i.e. LAM width of 6.
>>
>> For user pointers, LAM enabling utilizes two previously-reserved high bits from
>> CR3 (similar to how PCID_NOFLUSH uses bit 63): LAM_U48 and LAM_U57, bits 62 and
>> 61 respectively.  Note, if LAM_57 is set, LAM_U48 is ignored, i.e.:
>>
>>   - CR3.LAM_U48=0 && CR3.LAM_U57=0 == LAM disabled for user pointers
>>   - CR3.LAM_U48=1 && CR3.LAM_U57=0 == LAM-48 enabled for user pointers
>>   - CR3.LAM_U48=x && CR3.LAM_U57=1 == LAM-57 enabled for user pointers
>>
>> For supervisor pointers, LAM is controlled by a single bit, CR4.LAM_SUP, with
>> the 48-bit versus 57-bit LAM behavior following the current paging mode, i.e.:
>>
>>   - CR4.LAM_SUP=0 && CR4.LA57=x == LAM disabled for supervisor pointers
>>   - CR4.LAM_SUP=1 && CR4.LA57=0 == LAM-48 enabled for supervisor pointers
>>   - CR4.LAM_SUP=1 && CR4.LA57=1 == LAM-57 enabled for supervisor pointers
>>
>> The modified LAM canonicality checks:
>>   - LAM_S48                : [ 1 ][ metadata ][ 1 ]
>>                                63               47
>>   - LAM_U48                : [ 0 ][ metadata ][ 0 ]
>>                                63               47
>>   - LAM_S57                : [ 1 ][ metadata ][ 1 ]
>>                                63               56
>>   - LAM_U57 + 5-lvl paging : [ 0 ][ metadata ][ 0 ]
>>                                63               56
>>   - LAM_U57 + 4-lvl paging : [ 0 ][ metadata ][ 0...0 ]
>>                                63               56..47
>>
>> The bulk of KVM support for LAM is to emulate LAM's modified canonicality
>> checks.  The approach taken by KVM is to "fill" the metadata bits using the
>> highest bit of the translated address, e.g. for LAM-48, bit 47 is sign-extended
>> to bits 62:48.  The most significant bit, 63, is *not* modified, i.e. its value
>> from the raw, untagged virtual address is kept for the canonicality check. This
>> untagging allows
>>
>> Aside from emulating LAM's canonical checks behavior, LAM has the usual KVM
>> touchpoints for selectable features: enumeration (CPUID.7.1:EAX.LAM[bit 26],
>> enabling via CR3 and CR4 bits, etc.
>>
>> ----------------------------------------------------------------
>> Binbin Wu (9):
>>        KVM: x86: Consolidate flags for __linearize()
>>        KVM: x86: Add an emulation flag for implicit system access
>>        KVM: x86: Add X86EMUL_F_INVLPG and pass it in em_invlpg()
>>        KVM: x86/mmu: Drop non-PA bits when getting GFN for guest's PGD
>>        KVM: x86: Add & use kvm_vcpu_is_legal_cr3() to check CR3's legality
>>        KVM: x86: Remove kvm_vcpu_is_illegal_gpa()
>>        KVM: x86: Introduce get_untagged_addr() in kvm_x86_ops and call it in emulator
>>        KVM: x86: Untag addresses for LAM emulation where applicable
>>        KVM: x86: Use KVM-governed feature framework to track "LAM enabled"
>>
>> Robert Hoo (3):
>>        KVM: x86: Virtualize LAM for supervisor pointer
>>        KVM: x86: Virtualize LAM for user pointer
>>        KVM: x86: Advertise and enable LAM (user and supervisor)
>>
>>   arch/x86/include/asm/kvm-x86-ops.h |  1 +
>>   arch/x86/include/asm/kvm_host.h    |  5 +++-
>>   arch/x86/kvm/cpuid.c               |  2 +-
>>   arch/x86/kvm/cpuid.h               | 13 +++++----
>>   arch/x86/kvm/emulate.c             | 27 ++++++++++---------
>>   arch/x86/kvm/governed_features.h   |  1 +
>>   arch/x86/kvm/kvm_emulate.h         |  9 +++++++
>>   arch/x86/kvm/mmu.h                 |  8 ++++++
>>   arch/x86/kvm/mmu/mmu.c             |  2 +-
>>   arch/x86/kvm/mmu/mmu_internal.h    |  1 +
>>   arch/x86/kvm/mmu/paging_tmpl.h     |  2 +-
>>   arch/x86/kvm/svm/nested.c          |  4 +--
>>   arch/x86/kvm/vmx/nested.c          | 11 +++++---
>>   arch/x86/kvm/vmx/sgx.c             |  1 +
>>   arch/x86/kvm/vmx/vmx.c             | 55 ++++++++++++++++++++++++++++++++++++--
>>   arch/x86/kvm/vmx/vmx.h             |  2 ++
>>   arch/x86/kvm/x86.c                 | 18 +++++++++++--
>>   arch/x86/kvm/x86.h                 |  2 ++
>>   18 files changed, 134 insertions(+), 30 deletions(-)
>>
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ