lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 6 Mar 2024 17:51:51 -0800
From: Isaku Yamahata <isaku.yamahata@...ux.intel.com>
To: David Matlack <dmatlack@...gle.com>
Cc: isaku.yamahata@...el.com, kvm@...r.kernel.org, isaku.yamahata@...il.com,
	linux-kernel@...r.kernel.org,
	Sean Christopherson <seanjc@...gle.com>,
	Paolo Bonzini <pbonzini@...hat.com>,
	Michael Roth <michael.roth@....com>,
	Federico Parola <federico.parola@...ito.it>,
	isaku.yamahata@...ux.intel.com
Subject: Re: [RFC PATCH 6/8] KVM: x86: Implement kvm_arch_{,
 pre_}vcpu_map_memory()

On Wed, Mar 06, 2024 at 04:36:25PM -0800,
David Matlack <dmatlack@...gle.com> wrote:

> On Wed, Mar 6, 2024 at 4:31 PM David Matlack <dmatlack@...gle.com> wrote:
> >
> > On 2024-03-01 09:28 AM, isaku.yamahata@...el.com wrote:
> > >
> > > +     if (IS_ALIGNED(mapping->base_gfn, KVM_PAGES_PER_HPAGE(PG_LEVEL_1G)) &&
> > > +         mapping->nr_pages >= KVM_PAGES_PER_HPAGE(PG_LEVEL_1G))
> > > +             max_level = PG_LEVEL_1G;
> > > +     else if (IS_ALIGNED(mapping->base_gfn, KVM_PAGES_PER_HPAGE(PG_LEVEL_2M)) &&
> > > +              mapping->nr_pages >= KVM_PAGES_PER_HPAGE(PG_LEVEL_2M))
> > > +             max_level = PG_LEVEL_2M;
> > > +     else
> > > +             max_level = PG_LEVEL_4K;
> >
> > Is there a requirement that KVM must not map memory outside of the
> > requested region?
> 
> And if so, what if the requested region is already mapped with a larger page?

Yes. We'd like to map exact gpa range for SNP or TDX case. We don't want to map
zero at around range.  For SNP or TDX, we map page to GPA, it's one time
operation.  It updates measurement.

Say, we'd like to populate GPA1 and GPA2 with initial guest memory image.  And
they are within same 2M range.  Map GPA1 first. If GPA2 is also mapped with zero
with 2M page, the following mapping of GPA2 fails.  Even if mapping of GPA2
succeeds, measurement may be updated when mapping GPA1. 

It's user space VMM responsibility to map GPA range only once at most for SNP or
TDX.  Is this too strict requirement for default VM use case to mitigate KVM
page fault at guest boot up?  If so, what about a flag like EXACT_MAPPING or
something?
-- 
Isaku Yamahata <isaku.yamahata@...ux.intel.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ