Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp6099645yba; Tue, 14 May 2019 01:29:30 -0700 (PDT) X-Google-Smtp-Source: APXvYqw9UK225A9Cz33naZd26R0PIan9VokQm1X2KtlywNpAvaS+hJMTxzJqe1D4JOzI1b2RiTqw X-Received: by 2002:a63:a1f:: with SMTP id 31mr20240211pgk.233.1557822570364; Tue, 14 May 2019 01:29:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557822570; cv=none; d=google.com; s=arc-20160816; b=lRgNNjWRXhLxyCYKxEAG3KvT1axvXOJm2flIYyUVF4hDnqil4OZCn2b14oinTW26B3 u6FOwUF0zFimb3ULL8xS1FePvmfLs6VtwRQdgjJrPZsbckUYFYu1u+8yuYnQgs0wYxYp MMjKC5qnauZ5uUTITC8Ya9yvsCLPTszaNKsHbj1dIggMMwGsatGpvLf2gnLH4oog0N3n ZJw9giZh7q2787CJeIi3MmUmZf2Svpo8qJLw8SihJW+5ndv2yatO/3GXN/fK6vauCXDb UYhCs5A4iB1kILNLN9cS8GrcGgoiB3fnKks+FAjKfK9VMY/unOkJrIhvzTJa9JFdQnCg dO9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:organization:from:references:cc:to:subject :dkim-signature; bh=4GwONZKT5RET7N6PWlM860uaduZb6+5QuVv3rFgtIho=; b=d8W6BUIbaO9M3dQpDUqdbpKPYQJM64RgqIpqlOGK/8I5k+gIAHWQH/DuURtehGGsEc XiydoNRAco49CZfACHFetLA/pvURtiol6zZhpmNNEWvMzYCviVBRJwnkhPGlY9UWN+sU cEIRmPocgIdtLK+xfxbme9SZqUYiOyrvzKMI1xIbLU5wx70qeOON/8GHQwt3R2WYhEnT wLfJDdNuUqrslG5DVFUT0c6g843wFyZt4Nve/U47G8J2+ON38kqpiyAuPBsgh9D1NTRv Is/qGCTN1EMJs6BXuy/6bF3C0e3xvq8gCCuPebUIWhqYyxLU6rl9hL1RxSjZE+jk5wvJ w+Ng== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=Me7oLnU0; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a17si9231901pfa.108.2019.05.14.01.29.16; Tue, 14 May 2019 01:29:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=Me7oLnU0; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726827AbfENI1p (ORCPT + 99 others); Tue, 14 May 2019 04:27:45 -0400 Received: from userp2130.oracle.com ([156.151.31.86]:52738 "EHLO userp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726723AbfENI1n (ORCPT ); Tue, 14 May 2019 04:27:43 -0400 Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x4E8NRWe038322; Tue, 14 May 2019 08:26:05 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : to : cc : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=4GwONZKT5RET7N6PWlM860uaduZb6+5QuVv3rFgtIho=; b=Me7oLnU0/rmmtbQAySa5AOY/0LStOilrC3J76991LQTTFatI8eSBS258oGayJxjOmJ/D yHWDyCS73SnTaafYTYObBvbUdom0TeUggz2cbj3NFCkO1ERgywX83bGDVXanVtBN1ADK rA9iUbU7+FYqBDOL8FnBoQQUrjXihLOaBqP3eCUS59RzXfix50RyTJXON2aGBWJKluN4 nYFPxujFDsqwPztKIgZhuv4YbdpzXoGhW26Z4odBcUA885M8JB4OpiAy7A73R0NJiT0E Jao0Uz8of4JvQOSHd+YQqAK/xhBmvYcu6KHzbKIrQkMWK4Qd0qKc+Pxc/nzUYRNj0Iuo ag== Received: from userp3030.oracle.com (userp3030.oracle.com [156.151.31.80]) by userp2130.oracle.com with ESMTP id 2sdnttm68s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 14 May 2019 08:26:05 +0000 Received: from pps.filterd (userp3030.oracle.com [127.0.0.1]) by userp3030.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x4E8OA2d011637; Tue, 14 May 2019 08:26:05 GMT Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by userp3030.oracle.com with ESMTP id 2sf3cn4jgq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 14 May 2019 08:26:04 +0000 Received: from abhmp0009.oracle.com (abhmp0009.oracle.com [141.146.116.15]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id x4E8Q0LQ024611; Tue, 14 May 2019 08:26:00 GMT Received: from [10.166.106.34] (/10.166.106.34) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 14 May 2019 01:26:00 -0700 Subject: Re: [RFC KVM 18/27] kvm/isolation: function to copy page table entries for percpu buffer To: Peter Zijlstra , Andy Lutomirski Cc: Paolo Bonzini , Radim Krcmar , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Dave Hansen , kvm list , X86 ML , Linux-MM , LKML , Konrad Rzeszutek Wilk , jan.setjeeilers@oracle.com, Liran Alon , Jonathan Adams References: <1557758315-12667-1-git-send-email-alexandre.chartre@oracle.com> <1557758315-12667-19-git-send-email-alexandre.chartre@oracle.com> <20190514070941.GE2589@hirez.programming.kicks-ass.net> From: Alexandre Chartre Organization: Oracle Corporation Message-ID: Date: Tue, 14 May 2019 10:25:56 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0 MIME-Version: 1.0 In-Reply-To: <20190514070941.GE2589@hirez.programming.kicks-ass.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9256 signatures=668686 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905140062 X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9256 signatures=668686 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905140062 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/14/19 9:09 AM, Peter Zijlstra wrote: > On Mon, May 13, 2019 at 11:18:41AM -0700, Andy Lutomirski wrote: >> On Mon, May 13, 2019 at 7:39 AM Alexandre Chartre >> wrote: >>> >>> pcpu_base_addr is already mapped to the KVM address space, but this >>> represents the first percpu chunk. To access a per-cpu buffer not >>> allocated in the first chunk, add a function which maps all cpu >>> buffers corresponding to that per-cpu buffer. >>> >>> Also add function to clear page table entries for a percpu buffer. >>> >> >> This needs some kind of clarification so that readers can tell whether >> you're trying to map all percpu memory or just map a specific >> variable. In either case, you're making a dubious assumption that >> percpu memory contains no secrets. > > I'm thinking the per-cpu random pool is a secrit. IOW, it demonstrably > does contain secrits, invalidating that premise. > The current code unconditionally maps the entire first percpu chunk (pcpu_base_addr). So it assumes it doesn't contain any secret. That is mainly a simplification for the POC because a lot of core information that we need, for example just to switch mm, are stored there (like cpu_tlbstate, current_task...). If the entire first percpu chunk effectively has secret then we will need to individually map only buffers we need. The kvm_copy_percpu_mapping() function is added to copy mapping for a specified percpu buffer, so this used to map percpu buffers which are not in the first percpu chunk. Also note that mapping is constrained by PTE (4K), so mapped buffers (percpu or not) which do not fill a whole set of pages can leak adjacent data store on the same pages. alex.