Message ID | 20230601142309.6307-1-guang.zeng@intel.com (mailing list archive) |
---|---|
Headers | show |
Series | LASS KVM virtualization support | expand |
On Thu, Jun 01, 2023, Zeng Guang wrote:
> v0->v1
Heh, the kernel process is a bit of a heathen and starts counting patch versions
at '1', not '0'. I.e. this should be v2, not v1. No need to resend, just an FYI
for the future.
On 6/1/2023 10:23 PM, Zeng Guang wrote: > Subject: > [PATCH v1 0/6] LASS KVM virtualization support > From: > Zeng Guang <guang.zeng@intel.com> > Date: > 6/1/2023, 10:23 PM > > To: > Paolo Bonzini <pbonzini@redhat.com>, Sean Christopherson > <seanjc@google.com>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar > <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, Dave Hansen > <dave.hansen@linux.intel.com>, H Peter Anvin <hpa@zytor.com>, > kvm@vger.kernel.org > CC: > x86@kernel.org, linux-kernel@vger.kernel.org, Zeng Guang > <guang.zeng@intel.com> > > > Linear Address Space Separation (LASS)[1] is an independent mechanism > that enforces the mode-based protections on any access to a linear > address. > > Based on a linear-address organization, the 64-bit canonical linear > address space is partitioned into two halves: all linear addresses > whose most significant bit is 0 are user space addresses, while linear > addresses whose most significant bit is 1 are supervisor space address. > > LASS aims to prevent any attempt to probe supervisor space addresses by > user mode, and likewise stop any attempt to access (if SMAP enabled) or > execute user space addresses from supervisor mode. > > When platform has LASS capability, KVM requires to expose this feature > to guest VM enumerated by CPUID.(EAX=07H.ECX=1):EAX.LASS[bit 6], and > allow guest to enable it via CR4.LASS[bit 27] on demand. For instruction > executed in the guest directly, hardware will perform the check. But KVM > also needs to behave same as hardware to apply LASS to kinds of guest > memory accesses when emulating privileged instructions by software. Not just privileged instructions, e.g. MMIO access instructions. > > KVM will take following LASS voilations check on emulation path. /s/voilations/violations > User-mode access to supervisor space address: > LA[bit 63] && (CPL == 3) > Supervisor-mode access to user space address: > Instruction fetch: !LA[bit 63] && (CPL < 3) > Data access: !LA[bit 63] && (CR4.SMAP==1) && ((RFLAGS.AC == 0 && > CPL < 3) || Implicit supervisor access) > > This patch series provide a LASS KVM solution. > > We tested the basic function of LASS virtualization including LASS > enumeration and enabling in non-root and nested environment. As KVM > unittest framework is not compatible to LASS rule, we use kernel module > and application test to emulate LASS violation instead. With KVM forced > emulation mechanism, we also verified the LASS functionality on some > emulation path with instruction fetch and data access to have same > behavior as hardware. > > [1] Intel ISEhttps://cdrdv2.intel.com/v1/dl/getContent/671368 > Chapter Linear Address Space Separation (LASS) > > ------------------------------------------------------ > > v0->v1 > 1. Adapt to new __linearize() API > 2. Function refactor of vmx_check_lass() > 3. Refine commit message to be more precise > 4. Drop LASS kvm cap detection depending > on hardware capability > > > Binbin Wu (1): > KVM: x86: Consolidate flags for __linearize() > > Zeng Guang (5): > KVM: x86: Virtualize CR4.LASS > KVM: VMX: Add new ops in kvm_x86_ops for LASS violation check > KVM: x86: Add emulator helper for LASS violation check > KVM: x86: LASS protection on KVM emulation > KVM: x86: Advertise LASS CPUID to user space > > arch/x86/include/asm/kvm-x86-ops.h | 3 +- > arch/x86/include/asm/kvm_host.h | 4 ++- > arch/x86/kvm/cpuid.c | 5 ++- > arch/x86/kvm/emulate.c | 47 +++++++++++++++++++++++----- > arch/x86/kvm/kvm_emulate.h | 6 ++++ > arch/x86/kvm/vmx/nested.c | 3 ++ > arch/x86/kvm/vmx/sgx.c | 4 +++ > arch/x86/kvm/vmx/vmx.c | 50 ++++++++++++++++++++++++++++++ > arch/x86/kvm/vmx/vmx.h | 2 ++ > arch/x86/kvm/x86.c | 12 +++++++ > arch/x86/kvm/x86.h | 2 ++ > 11 files changed, 126 insertions(+), 12 deletions(-) > > -- 2.27.0
On 6/2/2023 8:35 AM, Sean Christopherson wrote: > On Thu, Jun 01, 2023, Zeng Guang wrote: >> v0->v1 > Heh, the kernel process is a bit of a heathen and starts counting patch versions > at '1', not '0'. I.e. this should be v2, not v1. No need to resend, just an FYI > for the future. Got it ! Thanks.
On 6/5/2023 9:39 AM, Binbin Wu wrote: > > On 6/1/2023 10:23 PM, Zeng Guang wrote: >> Subject: >> [PATCH v1 0/6] LASS KVM virtualization support >> From: >> Zeng Guang <guang.zeng@intel.com> >> Date: >> 6/1/2023, 10:23 PM >> >> To: >> Paolo Bonzini <pbonzini@redhat.com>, Sean Christopherson >> <seanjc@google.com>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar >> <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, Dave Hansen >> <dave.hansen@linux.intel.com>, H Peter Anvin <hpa@zytor.com>, >> kvm@vger.kernel.org >> CC: >> x86@kernel.org, linux-kernel@vger.kernel.org, Zeng Guang >> <guang.zeng@intel.com> >> >> >> Linear Address Space Separation (LASS)[1] is an independent mechanism >> that enforces the mode-based protections on any access to a linear >> address. >> >> Based on a linear-address organization, the 64-bit canonical linear >> address space is partitioned into two halves: all linear addresses >> whose most significant bit is 0 are user space addresses, while linear >> addresses whose most significant bit is 1 are supervisor space address. >> >> LASS aims to prevent any attempt to probe supervisor space addresses by >> user mode, and likewise stop any attempt to access (if SMAP enabled) or >> execute user space addresses from supervisor mode. >> >> When platform has LASS capability, KVM requires to expose this feature >> to guest VM enumerated by CPUID.(EAX=07H.ECX=1):EAX.LASS[bit 6], and >> allow guest to enable it via CR4.LASS[bit 27] on demand. For instruction >> executed in the guest directly, hardware will perform the check. But KVM >> also needs to behave same as hardware to apply LASS to kinds of guest >> memory accesses when emulating privileged instructions by software. > Not just privileged instructions, e.g. MMIO access instructions. OK. I'll revise it. >> KVM will take following LASS voilations check on emulation path. > /s/voilations/violations Thanks. >> User-mode access to supervisor space address: >> LA[bit 63] && (CPL == 3) >> Supervisor-mode access to user space address: >> Instruction fetch: !LA[bit 63] && (CPL < 3) >> Data access: !LA[bit 63] && (CR4.SMAP==1) && ((RFLAGS.AC == 0 && >> CPL < 3) || Implicit supervisor access) >> >> This patch series provide a LASS KVM solution. >> >> We tested the basic function of LASS virtualization including LASS >> enumeration and enabling in non-root and nested environment. As KVM >> unittest framework is not compatible to LASS rule, we use kernel module >> and application test to emulate LASS violation instead. With KVM forced >> emulation mechanism, we also verified the LASS functionality on some >> emulation path with instruction fetch and data access to have same >> behavior as hardware. >> >> [1] Intel ISEhttps://cdrdv2.intel.com/v1/dl/getContent/671368 >> Chapter Linear Address Space Separation (LASS) >> >> ------------------------------------------------------ >> >> v0->v1 >> 1. Adapt to new __linearize() API >> 2. Function refactor of vmx_check_lass() >> 3. Refine commit message to be more precise >> 4. Drop LASS kvm cap detection depending >> on hardware capability >> >> >> Binbin Wu (1): >> KVM: x86: Consolidate flags for __linearize() >> >> Zeng Guang (5): >> KVM: x86: Virtualize CR4.LASS >> KVM: VMX: Add new ops in kvm_x86_ops for LASS violation check >> KVM: x86: Add emulator helper for LASS violation check >> KVM: x86: LASS protection on KVM emulation >> KVM: x86: Advertise LASS CPUID to user space >> >> arch/x86/include/asm/kvm-x86-ops.h | 3 +- >> arch/x86/include/asm/kvm_host.h | 4 ++- >> arch/x86/kvm/cpuid.c | 5 ++- >> arch/x86/kvm/emulate.c | 47 +++++++++++++++++++++++----- >> arch/x86/kvm/kvm_emulate.h | 6 ++++ >> arch/x86/kvm/vmx/nested.c | 3 ++ >> arch/x86/kvm/vmx/sgx.c | 4 +++ >> arch/x86/kvm/vmx/vmx.c | 50 ++++++++++++++++++++++++++++++ >> arch/x86/kvm/vmx/vmx.h | 2 ++ >> arch/x86/kvm/x86.c | 12 +++++++ >> arch/x86/kvm/x86.h | 2 ++ >> 11 files changed, 126 insertions(+), 12 deletions(-) >> >> -- 2.27.0
On Thu, Jun 01, 2023, Zeng Guang wrote: > This patch series provide a LASS KVM solution. ... and depends on kernel enabling that can be found at https://lore.kernel.org/all/20230609183632.48706-1-alexander.shishkin@linux.intel.com > We tested the basic function of LASS virtualization including LASS > enumeration and enabling in non-root and nested environment. As KVM > unittest framework is not compatible to LASS rule, we use kernel module > and application test to emulate LASS violation instead. With KVM forced > emulation mechanism, we also verified the LASS functionality on some > emulation path with instruction fetch and data access to have same > behavior as hardware. > > [1] Intel ISE https://cdrdv2.intel.com/v1/dl/getContent/671368 > Chapter Linear Address Space Separation (LASS)
On 6/28/2023 1:08 AM, Sean Christopherson wrote: > On Thu, Jun 01, 2023, Zeng Guang wrote: >> This patch series provide a LASS KVM solution. > ... and depends on kernel enabling that can be found at > > https://lore.kernel.org/all/20230609183632.48706-1-alexander.shishkin@linux.intel.com OK. I will add the dependency statement in next version. >> We tested the basic function of LASS virtualization including LASS >> enumeration and enabling in non-root and nested environment. As KVM >> unittest framework is not compatible to LASS rule, we use kernel module >> and application test to emulate LASS violation instead. With KVM forced >> emulation mechanism, we also verified the LASS functionality on some >> emulation path with instruction fetch and data access to have same >> behavior as hardware. >> >> [1] Intel ISE https://cdrdv2.intel.com/v1/dl/getContent/671368 >> Chapter Linear Address Space Separation (LASS)