Received: by 2002:a25:2c96:0:0:0:0:0 with SMTP id s144csp1673788ybs; Tue, 26 May 2020 00:21:22 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzh7XRe79yfSGlx8znznU2RFNrBTU4HJhIDvF6A9IRtHWWnS/cguYZnU+W1fqTpe+wp+Mo+ X-Received: by 2002:a17:906:8556:: with SMTP id h22mr22854808ejy.535.1590477682701; Tue, 26 May 2020 00:21:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590477682; cv=none; d=google.com; s=arc-20160816; b=ZdrjKgFZ91mBfmG1nP1IQ5X6ISmFZ2y1pZWHpGVeAEdFsTW72ih15DXOcR3hCoz3n2 tR8LgOd9VELtzBOwnrEdBpxeQ6z5IQS2mXpfV80wFF2R4WljFrHdwrei8HPZuHph6aek nOEwwbxqg7dHu5hoeT2Kcj0lX38xSfAYl00dsTMGV69457H96oKqCGpHpT8ByqjOa8YX ke6DmxblalBLXlMjNomAY+u8UrAvffE+3keYDZHjoFyNqe1fphLorxScLA7nfmQ89K+h 8Zj0ZFx07soH90z1QsJK5XIFIEkJlSMryWtbj9YlBo/2XUqgcJph554e6hwA9ed0pIH6 YDqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=IV9CgDfDy6IU5sYVvn9FXQ+wQI2g4pFGolEqJax22U0=; b=OwjiJp+Gcmp6od8i+dwR04qS6p3fZqA0rcI3a4IuJU8oof2NhU40+45I4ZyJusnFe7 YhYXmfrmCblIg4aOYH17ol+gn/myASCpCu+EGysOjV2oK+Z8N3rIHXYt/6TZRSbcnoel B4T30my0CNmN3DT1dDiLEVcXjPz5+q+YP08DRFkhRH5qbm8KhgEl/QD9rl7WzghjJOyK RImgmiwp5rQCkRqjTJnie1bXMKlGNvI0mnfykeql5nDwC5cwgHGvAL0lXka42j0UJLL7 9YhlBfntA7PFtp6PBNyjtktTqFMfCCC4bmLD0K+KTItYZ5ZOZl21FTSJn0Z8Ab37/J4J hXeA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=xEQnl9qu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k10si10783946edx.155.2020.05.26.00.21.00; Tue, 26 May 2020 00:21:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=xEQnl9qu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729958AbgEZGRg (ORCPT + 99 others); Tue, 26 May 2020 02:17:36 -0400 Received: from mail.kernel.org ([198.145.29.99]:32870 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726746AbgEZGRf (ORCPT ); Tue, 26 May 2020 02:17:35 -0400 Received: from kernel.org (unknown [87.70.212.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 35DCB207CB; Tue, 26 May 2020 06:17:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1590473855; bh=mialz6+4JExXiplq4nSrBLYzTjZOqrM1xhFXpnEOLgc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=xEQnl9quZ9K04sqX5aILNnhy4om7uaT4xNs8TjpQH8TUR9KN3E3yxcAJNvX/uG07T CdBG05n9SnX45opvfvn4Yr1hTS2GDC6g8fqiXMpisVFocklxDZj3pHqQgeqKEhsipU A/b525HTRdHf10ZM/LvBwefG6D27z5bGPfzDjNag= Date: Tue, 26 May 2020 09:17:21 +0300 From: Mike Rapoport To: Liran Alon Cc: "Kirill A. Shutemov" , Dave Hansen , Andy Lutomirski , Peter Zijlstra , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , David Rientjes , Andrea Arcangeli , Kees Cook , Will Drewry , "Edgecombe, Rick P" , "Kleen, Andi" , x86@kernel.org, kvm@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: Re: [RFC 00/16] KVM protected memory extension Message-ID: <20200526061721.GB48741@kernel.org> References: <20200522125214.31348-1-kirill.shutemov@linux.intel.com> <42685c32-a7a9-b971-0cf4-e8af8d9a40c6@oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42685c32-a7a9-b971-0cf4-e8af8d9a40c6@oracle.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 25, 2020 at 04:47:18PM +0300, Liran Alon wrote: > > On 22/05/2020 15:51, Kirill A. Shutemov wrote: > > Furthermore, I would like to point out that just unmapping guest data from > kernel direct-map is not sufficient to prevent all > guest-to-guest info-leaks via a kernel memory info-leak vulnerability. This > is because host kernel VA space have other regions > which contains guest sensitive data. For example, KVM per-vCPU struct (which > holds vCPU state) is allocated on slab and therefore > still leakable. Objects allocated from slab use the direct map, vmalloc() is another story. > > - Touching direct mapping leads to fragmentation. We need to be able to > > recover from it. I have a buggy patch that aims at recovering 2M/1G page. > > It has to be fixed and tested properly > > As I've mentioned above, not mapping all guest memory from 1GB hugetlbfs > will lead to holes in kernel direct-map which force it to not be mapped > anymore as a series of 1GB huge-pages. > This have non-trivial performance cost. Thus, I am not sure addressing this > use-case is valuable. Out of curiosity, do we actually have some numbers for the "non-trivial performance cost"? For instance for KVM usecase? -- Sincerely yours, Mike.