| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1195d9ce-3f16-4b11-b6d2-88f593a25e0d@redhat.com> Date: Tue, 30 Jul 2024 12:17:42 +0200 From: David Hildenbrand <david@...hat.com> To: Patrick Roy <roypat@...zon.co.uk>, "Vlastimil Babka (SUSE)" <vbabka@...nel.org>, seanjc@...gle.com, pbonzini@...hat.com, akpm@...ux-foundation.org, dwmw@...zon.co.uk, rppt@...nel.org Cc: tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, dave.hansen@...ux.intel.com, x86@...nel.org, hpa@...or.com, willy@...radead.org, graf@...zon.com, derekmn@...zon.com, kalyazin@...zon.com, kvm@...r.kernel.org, linux-kernel@...r.kernel.org, linux-mm@...ck.org, dmatlack@...gle.com, tabba@...gle.com, chao.p.peng@...ux.intel.com, xmarcalx@...zon.co.uk Subject: Re: [RFC PATCH 0/8] Unmapping guest_memfd from Direct Map On 26.07.24 08:55, Patrick Roy wrote: > > > On Mon, 2024-07-22 at 13:28 +0100, "Vlastimil Babka (SUSE)" wrote: >>> === Implementation === >>> >>> This patch series introduces a new flag to the `KVM_CREATE_GUEST_MEMFD` >>> to remove its pages from the direct map when they are allocated. When >>> trying to run a guest from such a VM, we now face the problem that >>> without either userspace or kernelspace mappings of guest_memfd, KVM >>> cannot access guest memory to, for example, do MMIO emulation of access >>> memory used to guest/host communication. We have multiple options for >>> solving this when running non-CoCo VMs: (1) implement a TDX-light >>> solution, where the guest shares memory that KVM needs to access, and >>> relies on paravirtual solutions where this is not possible (e.g. MMIO), >>> (2) have KVM use userspace mappings of guest_memfd (e.g. a >>> memfd_secret-style solution), or (3) dynamically reinsert pages into the >>> direct map whenever KVM wants to access them. >>> >>> This RFC goes for option (3). Option (1) is a lot of overhead for very >>> little gain, since we are not actually constrained by a physical >>> inability to access guest memory (e.g. we are not in a TDX context where >>> accesses to guest memory cause a #MC). Option (2) has previously been >>> rejected [1]. >> >> Do the pages have to have the same address when they are temporarily mapped? >> Wouldn't it be easier to do something similar to kmap_local_page() used for >> HIMEM? I.e. you get a temporary kernel mapping to do what's needed, but it >> doesn't have to alter the shared directmap. >> >> Maybe that was already discussed somewhere as unsuitable but didn't spot it >> here. > > For what I had prototyped here, there's no requirement to have the pages > mapped at the same address (I remember briefly looking at memremap to > achieve the temporary mappings, but since that doesnt work for normal > memory, I gave up on that path). However, I think guest_memfd is moving > into a direction where ranges marked as "in-place shared" (e.g. those > that are temporarily reinserted into the direct map in this RFC) should > be able to be GUP'd [1]. I think for that the direct map entries would > need to be present, right? Yes, we'd allow GUP. Of course, one could think of a similar extension like secretmem that would allow shared memory to get mapped into user page tables but would disallow any GUP on (shared) guest_memfd memory. -- Cheers, David / dhildenb
Powered by blists - more mailing lists