lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241213195711.316050-1-pbonzini@redhat.com>
Date: Fri, 13 Dec 2024 14:56:53 -0500
From: Paolo Bonzini <pbonzini@...hat.com>
To: linux-kernel@...r.kernel.org,
	kvm@...r.kernel.org
Cc: yan.y.zhao@...el.com,
	isaku.yamahata@...el.com,
	binbin.wu@...ux.intel.com,
	rick.p.edgecombe@...el.com
Subject: [PATCH v5 00/18] TDX MMU prep series part 1

Hi,

this is the essentially final version of the TDX MMU prep series, focusing
on supporting TDX's separation of EPT into a direct part (for shared pages)
and a part that is managed by the TDX module and cached (into a "mirror"
EPT) by KVM.

The changes from v4 (https://patchew.org/linux/20240718211230.1492011-1-rick.p.edgecombe@intel.com/)
are minor:

- patch 7: kvm_tdp_mmu_handle_gfn is now __kvm_tdp_mmu_age_gfn_range

- patch 7: zap_collapsible_spte_range is now split into
  tdp_mmu_make_huge_spte and recover_huge_pages_range

- patch 10/12: KVM_INVALID_ROOTS used to mean "walk all invalid roots";
  now it means "walk *also* invalid roots of the kind (direct/mirror)
  specified by the other bits.  This is closer in meaning to the
  existing code, as kvm_tdp_mmu_unmap_gfn_range() will then operate
  only on direct or only on mirror pages depending on the path that
  caused the invalidation (guest_memfd vs. MMU notifier)

- patch 13: adjust commit message due to change from kvm_tdp_mmu_handle_gfn
  to __kvm_tdp_mmu_age_gfn_range; "or" KVM_INVALID_ROOTS into the
  "types" variable in kvm_tdp_mmu_unmap_gfn_range, otherwise the loop
  would not affect invalid roots.  This is the problematic code from v4:

-	__for_each_tdp_mmu_root_yield_safe(kvm, root, range->slot->as_id, KVM_ALL_ROOTS)
+	types = kvm_gfn_range_filter_to_root_types(kvm, range->attr_filter);
+
+	__for_each_tdp_mmu_root_yield_safe(kvm, root, range->slot->as_id, types)

  and here is it in v5

+	types = kvm_gfn_range_filter_to_root_types(kvm, range->attr_filter) | KVM_INVALID_ROOTS;
+
+	__for_each_tdp_mmu_root_yield_safe(kvm, root, range->slot->as_id, types)

- patch 14: tdp_mmu_zap_spte_atomic() disappeared in commit 35ef80eb29ab
  ("KVM: x86/mmu: Batch TLB flushes when zapping collapsible TDP MMU SPTEs", 2024-10-30)

- patch 18: context changes due to kvm_release_pfn_clean -> kvm_mmu_finish_page_fault

Thanks,

Paolo

Isaku Yamahata (12):
  KVM: Add member to struct kvm_gfn_range for target alias
  KVM: x86/mmu: Add an external pointer to struct kvm_mmu_page
  KVM: x86/mmu: Add an is_mirror member for union kvm_mmu_page_role
  KVM: x86/tdp_mmu: Take struct kvm in iter loops
  KVM: x86/mmu: Support GFN direct bits
  KVM: x86/tdp_mmu: Extract root invalid check from tdx_mmu_next_root()
  KVM: x86/tdp_mmu: Introduce KVM MMU root types to specify page table
    type
  KVM: x86/tdp_mmu: Take root in tdp_mmu_for_each_pte()
  KVM: x86/tdp_mmu: Support mirror root for TDP MMU
  KVM: x86/tdp_mmu: Propagate building mirror page tables
  KVM: x86/tdp_mmu: Propagate tearing down mirror page tables
  KVM: x86/tdp_mmu: Take root types for
    kvm_tdp_mmu_invalidate_all_roots()

Paolo Bonzini (1):
  KVM: x86/tdp_mmu: Propagate attr_filter to MMU notifier callbacks

Rick Edgecombe (5):
  KVM: x86/mmu: Zap invalid roots with mmu_lock holding for write at
    uninit
  KVM: x86: Add a VM type define for TDX
  KVM: x86/mmu: Make kvm_tdp_mmu_alloc_root() return void
  KVM: x86/tdp_mmu: Don't zap valid mirror roots in
    kvm_tdp_mmu_zap_all()
  KVM: x86/mmu: Prevent aliased memslot GFNs

 arch/x86/include/asm/kvm-x86-ops.h |   4 +
 arch/x86/include/asm/kvm_host.h    |  26 ++-
 arch/x86/include/uapi/asm/kvm.h    |   1 +
 arch/x86/kvm/mmu.h                 |  31 +++
 arch/x86/kvm/mmu/mmu.c             |  50 ++++-
 arch/x86/kvm/mmu/mmu_internal.h    |  64 +++++-
 arch/x86/kvm/mmu/spte.h            |   5 +
 arch/x86/kvm/mmu/tdp_iter.c        |  10 +-
 arch/x86/kvm/mmu/tdp_iter.h        |  21 +-
 arch/x86/kvm/mmu/tdp_mmu.c         | 323 ++++++++++++++++++++++-------
 arch/x86/kvm/mmu/tdp_mmu.h         |  51 ++++-
 arch/x86/kvm/x86.c                 |   3 +
 include/linux/kvm_host.h           |   6 +
 virt/kvm/guest_memfd.c             |   2 +
 virt/kvm/kvm_main.c                |  14 ++
 15 files changed, 506 insertions(+), 105 deletions(-)

-- 
2.43.5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ