| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z4mFL8wfHjvz6F1Y@google.com> Date: Thu, 16 Jan 2025 14:16:15 -0800 From: Sean Christopherson <seanjc@...gle.com> To: Peter Xu <peterx@...hat.com> Cc: James Houghton <jthoughton@...gle.com>, Paolo Bonzini <pbonzini@...hat.com>, Jonathan Corbet <corbet@....net>, Marc Zyngier <maz@...nel.org>, Oliver Upton <oliver.upton@...ux.dev>, Yan Zhao <yan.y.zhao@...el.com>, Nikita Kalyazin <kalyazin@...zon.com>, Anish Moorthy <amoorthy@...gle.com>, Peter Gonda <pgonda@...gle.com>, David Matlack <dmatlack@...gle.com>, Wei W <wei.w.wang@...el.com>, kvm@...r.kernel.org, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, kvmarm@...ts.linux.dev Subject: Re: [PATCH v1 00/13] KVM: Introduce KVM Userfault On Thu, Jan 16, 2025, Peter Xu wrote: > On Thu, Jan 16, 2025 at 03:19:49PM -0500, Peter Xu wrote: > > > For the gmem case, userfaultfd cannot be used, so KVM Userfault isn't > > > replacing it. And as of right now anyway, KVM Userfault *does* provide > > > a complete post-copy system for gmem. > > > > > > When gmem pages can be mapped into userspace, for post-copy to remain > > > functional, userspace-mapped gmem will need userfaultfd integration. > > > Keep in mind that even after this integration happens, userfaultfd > > > alone will *not* be a complete post-copy solution, as vCPU faults > > > won't be resolved via the userspace page tables. > > > > Do you know in context of CoCo, whether a private page can be accessed at > > all outside of KVM? > > > > I think I'm pretty sure now a private page can never be mapped to > > userspace. However, can another module like vhost-kernel access it during > > postcopy? My impression of that is still a yes, but then how about > > vhost-user? > > > > Here, the "vhost-kernel" part represents a question on whether private > > pages can be accessed at all outside KVM. While "vhost-user" part > > represents a question on whether, if the previous vhost-kernel question > > answers as "yes it can", such access attempt can happen in another > > process/task (hence, not only does it lack KVM context, but also not > > sharing the same task context). > > Right after I sent it, I just recalled whenever a device needs to access > the page, it needs to be converted to shared pages first.. FWIW, once Trusted I/O comes along, "trusted" devices will be able to access guest private memory. The basic gist is that the IOMMU will enforce access to private memory, e.g. on AMD the IOMMU will check the RMP[*], and I believe the plan for TDX is to have the IOMMU share the Secure-EPT tables that are used by the CPU. [*] https://www.amd.com/content/dam/amd/en/documents/developer/sev-tio-whitepaper.pdf > So I suppose the questions were not valid at all! It is not about the > context but that the pages will be shared always whenever a device in > whatever form will access it.. > > Fundamentally I'm thinking about whether userfaultfd must support (fd, > offset) tuple. Now I suppose it's not, because vCPUs accessing > private/shared will all exit to userspace, while all non-vCPU / devices can > access shared pages only. > > In that case, looks like userfaultfd can support CoCo on device emulations > by sticking with virtual-address traps like before, at least from that > specific POV. > > -- > Peter Xu >
Powered by blists - more mailing lists