Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1131947imu;
        Thu, 13 Dec 2018 09:50:37 -0800 (PST)
X-Google-Smtp-Source: AFSGD/VK+Hp+V8+ys3lx/Dgl1bryuzFZZIX/8AuyH+AnQQmgarMv2p/cuDW2ImCgndMUX7Tdcv/f
X-Received: by 2002:a17:902:8d8e:: with SMTP id v14mr24363735plo.133.1544723437662;
        Thu, 13 Dec 2018 09:50:37 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544723437; cv=none;
        d=google.com; s=arc-20160816;
        b=CDXicegW/feImHR+BoiHDDHNu3ppf2xPnwPVLzii424he7hq8lC9ZrQ8xbjCtF9XYb
         /0TBvLKR8syDqSjHLjxpSJpH3zxNYeabfDTPCz/UZ6jZdF0+xnW1bEJ3XGV1cxZxQdAj
         GtSKfExVkYnsCt9OiTIjJ0CYmefOp+EveskADZbcjbNc2zYck+n2l9Z3tJTJLRVOwSoG
         bGmj+EP4NYErEoK0Oobbcr5jCoJ6Of8pqlS2db4xHk81ASXs7uX+AgQqQ/c2pFoC/wki
         VwE35xbDuHQjof4AW1ey8IjOQyxOvG0rgPhhka5BIwcLYR+v8UitipyXmVEDg8HlW5FV
         uGBQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=84yR9u94FchxuM6bLlwEw8+aUqVwObavnlxKODAuoY0=;
        b=Qcs725/wX9zbTmUDwwd+gR/8KLqEob4k/zupxW0bQXVb8EC+glFc3u0St9ebTjhAAW
         dCDhmrK9a/PWmwWANy4HJG0Fd1534NbRUBqB6BFKeNYeqJGhj1107DIH31tnkCcC2CnZ
         LkJiJxr5QkTPwQe8jcrRs1mLp0eDeV1b8wXWOOcjU473PbzICToeXqwdVb+JGWizTPge
         yrLBnXsQtLn3zHVFQj9vsnRqP+n1fy9XrFpYimt6B+msyaCasredrZQiRBsDR+k5ekgM
         ZMm6pgVFIOxbTlfun5no09OOrpTqgWk1FepNtrGkafiomTz7mhDUvbjt/+DjM2rjzgLD
         CbVQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@mena-vt-edu.20150623.gappssmtp.com header.s=20150623 header.b=0II1czK8;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vt.edu
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id n78si2104697pfi.235.2018.12.13.09.50.21;
        Thu, 13 Dec 2018 09:50:37 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@mena-vt-edu.20150623.gappssmtp.com header.s=20150623 header.b=0II1czK8;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vt.edu
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729014AbeLMQBD (ORCPT <rfc822;chaneybenjamini@gmail.com>
        + 99 others); Thu, 13 Dec 2018 11:01:03 -0500
Received: from mail-ua1-f66.google.com ([209.85.222.66]:45972 "EHLO
        mail-ua1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728682AbeLMQBD (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 13 Dec 2018 11:01:03 -0500
Received: by mail-ua1-f66.google.com with SMTP id e16so871946uam.12
        for <linux-kernel@vger.kernel.org>; Thu, 13 Dec 2018 08:01:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=mena-vt-edu.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=84yR9u94FchxuM6bLlwEw8+aUqVwObavnlxKODAuoY0=;
        b=0II1czK8gAnU/Iv1ee5SltTk87Ew1CNMUmZ/HWgMIcTwtQQBBIM5N3Mo07oPwbMkoW
         timi8VvYZhmn/rbnPVEErCAiZNTtfwKg8FnEcaELbd8Q19qLwfZkmDDksPCTMeZa0EDV
         YyKvgnHVlUbAMqgOPvIv/9yWb29e931WBAGiqJ5Fj+KyfQMlCnEJ3TcdunwgzjbE2rdd
         h76wCWBE7iY85N0qJMWOWY28dpuRSXXh1HM8Q14VICKCvYrGFTB61nJRJZFXQmZk+3F/
         75HmgGzP+n5riyuGlMU0Y614Va+EG45OB4fvKLJL75YYQtGkFBMWdDqHjzR0o65ZuAgm
         QNTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=84yR9u94FchxuM6bLlwEw8+aUqVwObavnlxKODAuoY0=;
        b=HLltd1LRMZKwewZAhsOR7FWHfDOMqPPT7Bt09qMLu9Z21w2mz+ZDHOZbdNbMHwu3Ge
         XOF7zVEFG8dbvNrW4ZnICyDhD5khqJf1BzMQH7Km32CuRinB7U2q7WoZwxRxYcxrweht
         hk2keKpSH3v7BFxARR0FUsssNh7MwEpLps7rP5w3uQfSLcaZy0v1VLqDWraJ3PcuiPOV
         uXgqL2rxngFx807epacegnYTBNaXBoZf2N5mgKSLYBwlfib/y3KtGKiR/2j2MmdLGdQP
         XTK6PgQJ8f81n5BOUxl9Oo0DpLK8BQWSEegKwG377q6I00lcstb4/myRjEqTN+xMZhJV
         k3bw==
X-Gm-Message-State: AA+aEWYtY4K9Fi2ocm7zwZRU/kbvtDPH+BnJv5tVp4WfAC0ZaGAW5SjU
        nVJssBZZm0OWGdrgh1HlQ9IWS4EdfNNyqnBHLOmrjg==
X-Received: by 2002:ab0:1d17:: with SMTP id j23mr11094550uak.133.1544716861667;
 Thu, 13 Dec 2018 08:01:01 -0800 (PST)
MIME-Version: 1.0
References: <20181207124803.10828-1-ahmedsoliman@mena.vt.edu> <1544708187.5826.1.camel@amazon.de>
In-Reply-To: <1544708187.5826.1.camel@amazon.de>
From:   Ahmed Soliman <ahmedsoliman@mena.vt.edu>
Date:   Thu, 13 Dec 2018 18:00:05 +0200
Message-ID: <CANBxJ=FP9GSfMES3e5dSct2qV0Z=uz7uPXufQNqoi5e+sWxvgQ@mail.gmail.com>
Subject: Re: [PATCH V7 0/10] KVM: X86: Introducing ROE Protection Kernel Hardening
To:     jsteckli@amazon.de
Cc:     Jonathan Corbet <corbet@lwn.net>, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org,
        Ahmed Soliman <ahmedsoliman0x666@gmail.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        =?UTF-8?B?6rmA7J246rK4?= <ovich00@gmail.com>, x86@kernel.org,
        Igor Stoppa <igor.stoppa@gmail.com>, hpa@zytor.com,
        Ingo Molnar <mingo@redhat.com>, nigel.edwards@hpe.com,
        Paolo Bonzini <pbonzini@redhat.com>,
        Borislav Petkov <bp@alien8.de>,
        kernel-hardening@lists.openwall.com, rkrcmar@redhat.com,
        linux-doc@vger.kernel.org,
        Boris Lukashev <blukashev@sempervictus.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hello,

> Given that writes to these areas should be exceptional occurrences,

No not in the case of partially protected page.

> I don't  understand why this path needs to be optimized. To me it seems, a straight-
> forward userspace implementation with no additional code in the kernel achieves
> the same feature. Can you elaborate?

The performance hit I was talking about was when dealing with page with
mixed content, given that page is partially read only and partially writable.
The way this is handled is by emulating the writes from inside kvm, now if this
was done from host's userspace, then every write operating (a size of at most
1 cpu  word I guess ?) will require switching from guest to kvm and then to host
userspace, which is major performance hit. I originally made it for protecting
guest's page table part that shouldn't be remapped ever. Since the page table
gets modified a lot, emulating the writes from host user space instead
of the kernel
would add an unnecessary overhead. Also it doesn't sound right to me
to place the
protection inside the page table when it can be placed inside the
virtualization EPT.

But aside from that, I think I was wrong about hinting that it is
simple when done from
user space, handling cases like THP and huge pages (which I did not support yet)
doesn't seam to be easy when done from user space and when doing Registers
ROE has some arch specific details. That's why I think it is better to
continue doing
it from KVM kernel module.

thanks,
Ahmed