| Message ID | 20230601142309.6307-1-guang.zeng@intel.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | LASS KVM virtualization support | expand |
On Thu, Jun 01, 2023, Zeng Guang wrote:
> v0->v1
Heh, the kernel process is a bit of a heathen and starts counting patch versions
at '1', not '0'. I.e. this should be v2, not v1. No need to resend, just an FYI
for the future.
On 6/1/2023 10:23 PM, Zeng Guang wrote: > Subject: > [PATCH v1 0/6] LASS KVM virtualization support > From: > Zeng Guang <guang.zeng@intel.com> > Date: > 6/1/2023, 10:23 PM > > To: > Paolo Bonzini <pbonzini@redhat.com>, Sean Christopherson > <seanjc@google.com>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar > <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, Dave Hansen > <dave.hansen@linux.intel.com>, H Peter Anvin <hpa@zytor.com>, > kvm@vger.kernel.org > CC: > x86@kernel.org, linux-kernel@vger.kernel.org, Zeng Guang > <guang.zeng@intel.com> > > > Linear Address Space Separation (LASS)[1] is an independent mechanism > that enforces the mode-based protections on any access to a linear > address. > > Based on a linear-address organization, the 64-bit canonical linear > address space is partitioned into two halves: all linear addresses > whose most significant bit is 0 are user space addresses, while linear > addresses whose most significant bit is 1 are supervisor space address. > > LASS aims to prevent any attempt to probe supervisor space addresses by > user mode, and likewise stop any attempt to access (if SMAP enabled) or > execute user space addresses from supervisor mode. > > When platform has LASS capability, KVM requires to expose this feature > to guest VM enumerated by CPUID.(EAX=07H.ECX=1):EAX.LASS[bit 6], and > allow guest to enable it via CR4.LASS[bit 27] on demand. For instruction > executed in the guest directly, hardware will perform the check. But KVM > also needs to behave same as hardware to apply LASS to kinds of guest > memory accesses when emulating privileged instructions by software. Not just privileged instructions, e.g. MMIO access instructions. > > KVM will take following LASS voilations check on emulation path. /s/voilations/violations > User-mode access to supervisor space address: > LA[bit 63] && (CPL == 3) > Supervisor-mode access to user space address: > Instruction fetch: !LA[bit 63] && (CPL < 3) > Data access: !LA[bit 63] && (CR4.SMAP==1) && ((RFLAGS.AC == 0 && > CPL < 3) || Implicit supervisor access) > > This patch series provide a LASS KVM solution. > > We tested the basic function of LASS virtualization including LASS > enumeration and enabling in non-root and nested environment. As KVM > unittest framework is not compatible to LASS rule, we use kernel module > and application test to emulate LASS violation instead. With KVM forced > emulation mechanism, we also verified the LASS functionality on some > emulation path with instruction fetch and data access to have same > behavior as hardware. > > [1] Intel ISEhttps://cdrdv2.intel.com/v1/dl/getContent/671368 > Chapter Linear Address Space Separation (LASS) > > ------------------------------------------------------ > > v0->v1 > 1. Adapt to new __linearize() API > 2. Function refactor of vmx_check_lass() > 3. Refine commit message to be more precise > 4. Drop LASS kvm cap detection depending > on hardware capability > > > Binbin Wu (1): > KVM: x86: Consolidate flags for __linearize() > > Zeng Guang (5): > KVM: x86: Virtualize CR4.LASS > KVM: VMX: Add new ops in kvm_x86_ops for LASS violation check > KVM: x86: Add emulator helper for LASS violation check > KVM: x86: LASS protection on KVM emulation > KVM: x86: Advertise LASS CPUID to user space > > arch/x86/include/asm/kvm-x86-ops.h | 3 +- > arch/x86/include/asm/kvm_host.h | 4 ++- > arch/x86/kvm/cpuid.c | 5 ++- > arch/x86/kvm/emulate.c | 47 +++++++++++++++++++++++----- > arch/x86/kvm/kvm_emulate.h | 6 ++++ > arch/x86/kvm/vmx/nested.c | 3 ++ > arch/x86/kvm/vmx/sgx.c | 4 +++ > arch/x86/kvm/vmx/vmx.c | 50 ++++++++++++++++++++++++++++++ > arch/x86/kvm/vmx/vmx.h | 2 ++ > arch/x86/kvm/x86.c | 12 +++++++ > arch/x86/kvm/x86.h | 2 ++ > 11 files changed, 126 insertions(+), 12 deletions(-) > > -- 2.27.0
On 6/2/2023 8:35 AM, Sean Christopherson wrote: > On Thu, Jun 01, 2023, Zeng Guang wrote: >> v0->v1 > Heh, the kernel process is a bit of a heathen and starts counting patch versions > at '1', not '0'. I.e. this should be v2, not v1. No need to resend, just an FYI > for the future. Got it ! Thanks.
On 6/5/2023 9:39 AM, Binbin Wu wrote: > > On 6/1/2023 10:23 PM, Zeng Guang wrote: >> Subject: >> [PATCH v1 0/6] LASS KVM virtualization support >> From: >> Zeng Guang <guang.zeng@intel.com> >> Date: >> 6/1/2023, 10:23 PM >> >> To: >> Paolo Bonzini <pbonzini@redhat.com>, Sean Christopherson >> <seanjc@google.com>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar >> <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, Dave Hansen >> <dave.hansen@linux.intel.com>, H Peter Anvin <hpa@zytor.com>, >> kvm@vger.kernel.org >> CC: >> x86@kernel.org, linux-kernel@vger.kernel.org, Zeng Guang >> <guang.zeng@intel.com> >> >> >> Linear Address Space Separation (LASS)[1] is an independent mechanism >> that enforces the mode-based protections on any access to a linear >> address. >> >> Based on a linear-address organization, the 64-bit canonical linear >> address space is partitioned into two halves: all linear addresses >> whose most significant bit is 0 are user space addresses, while linear >> addresses whose most significant bit is 1 are supervisor space address. >> >> LASS aims to prevent any attempt to probe supervisor space addresses by >> user mode, and likewise stop any attempt to access (if SMAP enabled) or >> execute user space addresses from supervisor mode. >> >> When platform has LASS capability, KVM requires to expose this feature >> to guest VM enumerated by CPUID.(EAX=07H.ECX=1):EAX.LASS[bit 6], and >> allow guest to enable it via CR4.LASS[bit 27] on demand. For instruction >> executed in the guest directly, hardware will perform the check. But KVM >> also needs to behave same as hardware to apply LASS to kinds of guest >> memory accesses when emulating privileged instructions by software. > Not just privileged instructions, e.g. MMIO access instructions. OK. I'll revise it. >> KVM will take following LASS voilations check on emulation path. > /s/voilations/violations Thanks. >> User-mode access to supervisor space address: >> LA[bit 63] && (CPL == 3) >> Supervisor-mode access to user space address: >> Instruction fetch: !LA[bit 63] && (CPL < 3) >> Data access: !LA[bit 63] && (CR4.SMAP==1) && ((RFLAGS.AC == 0 && >> CPL < 3) || Implicit supervisor access) >> >> This patch series provide a LASS KVM solution. >> >> We tested the basic function of LASS virtualization including LASS >> enumeration and enabling in non-root and nested environment. As KVM >> unittest framework is not compatible to LASS rule, we use kernel module >> and application test to emulate LASS violation instead. With KVM forced >> emulation mechanism, we also verified the LASS functionality on some >> emulation path with instruction fetch and data access to have same >> behavior as hardware. >> >> [1] Intel ISEhttps://cdrdv2.intel.com/v1/dl/getContent/671368 >> Chapter Linear Address Space Separation (LASS) >> >> ------------------------------------------------------ >> >> v0->v1 >> 1. Adapt to new __linearize() API >> 2. Function refactor of vmx_check_lass() >> 3. Refine commit message to be more precise >> 4. Drop LASS kvm cap detection depending >> on hardware capability >> >> >> Binbin Wu (1): >> KVM: x86: Consolidate flags for __linearize() >> >> Zeng Guang (5): >> KVM: x86: Virtualize CR4.LASS >> KVM: VMX: Add new ops in kvm_x86_ops for LASS violation check >> KVM: x86: Add emulator helper for LASS violation check >> KVM: x86: LASS protection on KVM emulation >> KVM: x86: Advertise LASS CPUID to user space >> >> arch/x86/include/asm/kvm-x86-ops.h | 3 +- >> arch/x86/include/asm/kvm_host.h | 4 ++- >> arch/x86/kvm/cpuid.c | 5 ++- >> arch/x86/kvm/emulate.c | 47 +++++++++++++++++++++++----- >> arch/x86/kvm/kvm_emulate.h | 6 ++++ >> arch/x86/kvm/vmx/nested.c | 3 ++ >> arch/x86/kvm/vmx/sgx.c | 4 +++ >> arch/x86/kvm/vmx/vmx.c | 50 ++++++++++++++++++++++++++++++ >> arch/x86/kvm/vmx/vmx.h | 2 ++ >> arch/x86/kvm/x86.c | 12 +++++++ >> arch/x86/kvm/x86.h | 2 ++ >> 11 files changed, 126 insertions(+), 12 deletions(-) >> >> -- 2.27.0
On Thu, Jun 01, 2023, Zeng Guang wrote: > This patch series provide a LASS KVM solution. ... and depends on kernel enabling that can be found at https://lore.kernel.org/all/20230609183632.48706-1-alexander.shishkin@linux.intel.com > We tested the basic function of LASS virtualization including LASS > enumeration and enabling in non-root and nested environment. As KVM > unittest framework is not compatible to LASS rule, we use kernel module > and application test to emulate LASS violation instead. With KVM forced > emulation mechanism, we also verified the LASS functionality on some > emulation path with instruction fetch and data access to have same > behavior as hardware. > > [1] Intel ISE https://cdrdv2.intel.com/v1/dl/getContent/671368 > Chapter Linear Address Space Separation (LASS)
On 6/28/2023 1:08 AM, Sean Christopherson wrote: > On Thu, Jun 01, 2023, Zeng Guang wrote: >> This patch series provide a LASS KVM solution. > ... and depends on kernel enabling that can be found at > > https://lore.kernel.org/all/20230609183632.48706-1-alexander.shishkin@linux.intel.com OK. I will add the dependency statement in next version. >> We tested the basic function of LASS virtualization including LASS >> enumeration and enabling in non-root and nested environment. As KVM >> unittest framework is not compatible to LASS rule, we use kernel module >> and application test to emulate LASS violation instead. With KVM forced >> emulation mechanism, we also verified the LASS functionality on some >> emulation path with instruction fetch and data access to have same >> behavior as hardware. >> >> [1] Intel ISE https://cdrdv2.intel.com/v1/dl/getContent/671368 >> Chapter Linear Address Space Separation (LASS)
Linear Address Space Separation (LASS)[1] is an independent mechanism that enforces the mode-based protections on any access to a linear address. Based on a linear-address organization, the 64-bit canonical linear address space is partitioned into two halves: all linear addresses whose most significant bit is 0 are user space addresses, while linear addresses whose most significant bit is 1 are supervisor space address. LASS aims to prevent any attempt to probe supervisor space addresses by user mode, and likewise stop any attempt to access (if SMAP enabled) or execute user space addresses from supervisor mode. When platform has LASS capability, KVM requires to expose this feature to guest VM enumerated by CPUID.(EAX=07H.ECX=1):EAX.LASS[bit 6], and allow guest to enable it via CR4.LASS[bit 27] on demand. For instruction executed in the guest directly, hardware will perform the check. But KVM also needs to behave same as hardware to apply LASS to kinds of guest memory accesses when emulating privileged instructions by software. KVM will take following LASS voilations check on emulation path. User-mode access to supervisor space address: LA[bit 63] && (CPL == 3) Supervisor-mode access to user space address: Instruction fetch: !LA[bit 63] && (CPL < 3) Data access: !LA[bit 63] && (CR4.SMAP==1) && ((RFLAGS.AC == 0 && CPL < 3) || Implicit supervisor access) This patch series provide a LASS KVM solution. We tested the basic function of LASS virtualization including LASS enumeration and enabling in non-root and nested environment. As KVM unittest framework is not compatible to LASS rule, we use kernel module and application test to emulate LASS violation instead. With KVM forced emulation mechanism, we also verified the LASS functionality on some emulation path with instruction fetch and data access to have same behavior as hardware. [1] Intel ISE https://cdrdv2.intel.com/v1/dl/getContent/671368 Chapter Linear Address Space Separation (LASS) ------------------------------------------------------ v0->v1 1. Adapt to new __linearize() API 2. Function refactor of vmx_check_lass() 3. Refine commit message to be more precise 4. Drop LASS kvm cap detection depending on hardware capability Binbin Wu (1): KVM: x86: Consolidate flags for __linearize() Zeng Guang (5): KVM: x86: Virtualize CR4.LASS KVM: VMX: Add new ops in kvm_x86_ops for LASS violation check KVM: x86: Add emulator helper for LASS violation check KVM: x86: LASS protection on KVM emulation KVM: x86: Advertise LASS CPUID to user space arch/x86/include/asm/kvm-x86-ops.h | 3 +- arch/x86/include/asm/kvm_host.h | 4 ++- arch/x86/kvm/cpuid.c | 5 ++- arch/x86/kvm/emulate.c | 47 +++++++++++++++++++++++----- arch/x86/kvm/kvm_emulate.h | 6 ++++ arch/x86/kvm/vmx/nested.c | 3 ++ arch/x86/kvm/vmx/sgx.c | 4 +++ arch/x86/kvm/vmx/vmx.c | 50 ++++++++++++++++++++++++++++++ arch/x86/kvm/vmx/vmx.h | 2 ++ arch/x86/kvm/x86.c | 12 +++++++ arch/x86/kvm/x86.h | 2 ++ 11 files changed, 126 insertions(+), 12 deletions(-)