lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240718211230.1492011-1-rick.p.edgecombe@intel.com>
Date: Thu, 18 Jul 2024 14:12:12 -0700
From: Rick Edgecombe <rick.p.edgecombe@...el.com>
To: seanjc@...gle.com,
	pbonzini@...hat.com,
	kvm@...r.kernel.org
Cc: kai.huang@...el.com,
	dmatlack@...gle.com,
	erdemaktas@...gle.com,
	isaku.yamahata@...il.com,
	linux-kernel@...r.kernel.org,
	sagis@...gle.com,
	yan.y.zhao@...el.com,
	rick.p.edgecombe@...el.com
Subject: [PATCH v4 00/18] TDX MMU prep series part 1

Hi,

This is v4 of the TDX MMU prep series, split out of the giant 130 patch 
TDX base enabling series [0]. It is focusing on the changes to the x86 MMU 
to support TDX’s separation of private/shared EPT into separate roots. A 
future breakout series will include the changes to actually interact with 
the TDX module to actually map private memory.

There is a larger team working on TDX KVM base enabling. The patches were 
originally authored by Sean Christopherson and Isaku Yamahata, but 
otherwise it especially represents the work of Isaku and Yan Y Zhao and 
myself.

The series has been tested as part of a development branch for the TDX base
series [1]. The testing of this series consists TDX kvm-unit-tests [2],
regular KVM and TDX selftests, and booting a Linux TD.

Updates from v3
===============
For v4, we have a smattering of cosmetic changes and two issues worth
elaborated on found by Yan.

1. Private memory was zapped as part of the MMU notifier release callback
   during VM destruction. This was previously rejected as a solution for a
   this cleanup for a couple of reasons. While the actual S-EPT cleanup is
   implemented in later latches, part of it is setup in "KVM: x86/tdp_mmu:
   Take root types for kvm_tdp_mmu_invalidate_all_roots()". So the MMU
   notifier release patch is updated to not touch the valid mirror roots in
   this path.
2. A case was found where the memslot generation number could roll around
   and end up zapping the mirrored EPT. There actually was protection for
   this in v19 and it was thought to be not needed. So we added it back in
   mmu_alloc_direct_roots().
   
Also, some changes following the conversation in this max GFN thread [3]
1. Zap whole EPT GFN range in __tdp_mmu_zap_root()
2. Add patch for preventing memslots and fault with alias bits

This series is on top of the commit in kvm-coco-queue commit where it was
previously applied (9a6ddc3e2e1e selftests: KVM: SEV-SNP test for
KVM_SEV_INIT2).

Here is v3:
https://lore.kernel.org/kvm/20240619223614.290657-1-rick.p.edgecombe@intel.com/

[0] https://lore.kernel.org/kvm/cover.1708933498.git.isaku.yamahata@intel.com/
[1] https://github.com/intel/tdx/tree/tdx_kvm_dev-2024-07-18
[2] https://lore.kernel.org/kvm/20231218072247.2573516-1-qian.wen@intel.com/
[3] https://lore.kernel.org/kvm/ZpbKqG_ZhCWxl-Fc@google.com/

Isaku Yamahata (13):
  KVM: Add member to struct kvm_gfn_range for target alias
  KVM: x86/mmu: Add an external pointer to struct kvm_mmu_page
  KVM: x86/mmu: Add an is_mirror member for union kvm_mmu_page_role
  KVM: x86/tdp_mmu: Take struct kvm in iter loops
  KVM: x86/mmu: Support GFN direct bits
  KVM: x86/tdp_mmu: Extract root invalid check from tdx_mmu_next_root()
  KVM: x86/tdp_mmu: Introduce KVM MMU root types to specify page table
    type
  KVM: x86/tdp_mmu: Take root in tdp_mmu_for_each_pte()
  KVM: x86/tdp_mmu: Support mirror root for TDP MMU
  KVM: x86/tdp_mmu: Propagate attr_filter to MMU notifier callbacks
  KVM: x86/tdp_mmu: Propagate building mirror page tables
  KVM: x86/tdp_mmu: Propagate tearing down mirror page tables
  KVM: x86/tdp_mmu: Take root types for
    kvm_tdp_mmu_invalidate_all_roots()

Rick Edgecombe (5):
  KVM: x86/mmu: Zap invalid roots with mmu_lock holding for write at
    uninit
  KVM: x86: Add a VM type define for TDX
  KVM: x86/mmu: Make kvm_tdp_mmu_alloc_root() return void
  KVM: x86/tdp_mmu: Don't zap valid mirror roots in
    kvm_tdp_mmu_zap_all()
  KVM: x86/mmu: Prevent aliased memslot GFNs

 arch/x86/include/asm/kvm-x86-ops.h |   4 +
 arch/x86/include/asm/kvm_host.h    |  26 ++-
 arch/x86/include/uapi/asm/kvm.h    |   1 +
 arch/x86/kvm/mmu.h                 |  31 +++
 arch/x86/kvm/mmu/mmu.c             |  50 ++++-
 arch/x86/kvm/mmu/mmu_internal.h    |  64 +++++-
 arch/x86/kvm/mmu/spte.h            |   5 +
 arch/x86/kvm/mmu/tdp_iter.c        |  10 +-
 arch/x86/kvm/mmu/tdp_iter.h        |  21 +-
 arch/x86/kvm/mmu/tdp_mmu.c         | 323 ++++++++++++++++++++++-------
 arch/x86/kvm/mmu/tdp_mmu.h         |  51 ++++-
 arch/x86/kvm/x86.c                 |   3 +
 include/linux/kvm_host.h           |   6 +
 virt/kvm/guest_memfd.c             |   2 +
 virt/kvm/kvm_main.c                |  14 ++
 15 files changed, 506 insertions(+), 105 deletions(-)

base-commit: 9a6ddc3e2e1ebe37181c5fe9714d3a3590e3a792
-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ