Received: by 2002:a25:ef43:0:0:0:0:0 with SMTP id w3csp631846ybm; Wed, 27 May 2020 04:20:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxRufxfsulbXh2z2nvYmPzZJvPWTFylGSkpVXPo4gBsMN3KS02kMPLr2Nwia701jsb7vyF8 X-Received: by 2002:a17:906:17c5:: with SMTP id u5mr5309890eje.275.1590578434444; Wed, 27 May 2020 04:20:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590578434; cv=none; d=google.com; s=arc-20160816; b=UvV952XQdCEMCAgzmok+pmtMlqWKlRXoJWd+gv3iKECQbSR/xBmkIbpAHY0oL6JMT5 JXVd0LNX9IEc60j/Ablxy1xsgT15vu9LPEXsN5w1IIb5Bzz+M4hahQsQPwna3+lMst1n mO2kjefXvO/22oODL/ri87xWZ6CStbKcpJwx57B7kkGLGxoREq2eAKnVHOTOMDTYDh1i YYd4h1hOtZ+3Rod59UkpkYGgalyhq4t+XkgXlou0eWyr8Afoeov5K6IcTBGUCJ3lTXFr OEemPhg4IaHENQBmZ41MB4WVjMrMrDFF9KG/JFDeGFM19hxJsT7zrB0pfUZoeJqLCYj7 vOmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:dkim-signature; bh=5CtVNmzXXKb/GJnyK3cmtp2ErHYUKsptEP9TQUHQbxw=; b=Osvz7PeXY/prjqFHggvrC0aKF6WLp08swGQ4TNDspffLpypHCIwq62kNTVykheFt6T eDZmg0Y4FR5IovfdQY7spzKuTC2ZS8v7YEtLHbSi1TlUtCMstrWDHa7i1ApYyyLizAQc D2Iqdq1y6Nydeo7q9UaMPuUUfxYQBpRofj0u2hZo6IvHmloJys5YTIWDYqVOrRrXKpYJ FviP/kYZnuS9aa2NLTtBVqxgnQgvwv31rW8/lpxL8AcLFVGrV39vz0TYN0f8jYElexcC yah+u4ZxFm2RD017sn2H8NilAZzNTGlaSE2RBFpfLV6E3nc2qrYzs3AFq1yuPQ/BbLPv FC1A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=G6qMI0JX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u25si1668099ejz.707.2020.05.27.04.20.11; Wed, 27 May 2020 04:20:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=G6qMI0JX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388115AbgE0Ijk (ORCPT + 99 others); Wed, 27 May 2020 04:39:40 -0400 Received: from us-smtp-2.mimecast.com ([205.139.110.61]:25100 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2387999AbgE0Ijj (ORCPT ); Wed, 27 May 2020 04:39:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1590568779; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=5CtVNmzXXKb/GJnyK3cmtp2ErHYUKsptEP9TQUHQbxw=; b=G6qMI0JXsaEA95oPVcjzNX79Go3SDGiFDpal7vxbO2y4h8ho3U/KFii69k6zYtjqj9VLdg HnXc3RqgI2/u9p6fwj8gdtrYyxrK1ybmE9SZvFudCMKjaRVksrvo8A3SEl6mMIHNvDeU4H NoEqqriNzM/HOfwc43jpJ0sAAofe5E8= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-190-j355oZm9NvOb8-tm1aLtvg-1; Wed, 27 May 2020 04:39:37 -0400 X-MC-Unique: j355oZm9NvOb8-tm1aLtvg-1 Received: by mail-ej1-f69.google.com with SMTP id qo26so8595641ejb.1 for ; Wed, 27 May 2020 01:39:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version; bh=5CtVNmzXXKb/GJnyK3cmtp2ErHYUKsptEP9TQUHQbxw=; b=ZK9Amn6kIAfR2shcBY5G5QMBkYdHdmK0k47ewyt15vqIE6KKvFI5MEsCjpVZke9wq0 J0vzog7TMbU/c/aKQpsU7YtukH0Y1nZA0Hk/5KDg1f7JXINJVDTJUlaTAlbwRONOgyXc Ti5jRk1ly2eErDV3m3UwEj93rm965VFPMMvfLLByVfsrEUgiMataXOqn/EMVrwNimjSJ TVVDgHYGR0jGnYlhw9Eisp1TQqPiEf9WkLC3vB5LHZ4llBR9s39DQY6ckNIXdHNk0IkR llpRucm4zC5AcvRCVzKnfRJRsn/96kbBOzQY81g7qOEvq1N1ZBDr1kOvc4BcAnZiS5xp 2P3Q== X-Gm-Message-State: AOAM532Ku9sU9qTHQSkbIFzX+/q3IeBmL/NA2lVnPfbCncYHc8Axrzju 90N2031VtjMdL9JEdxkO6WhbDvGr4CypNcyS7Qhge3AQnzrTzEPeA6PQwLRFaDJERsDeW9uh4GJ iXI068Y7cOlOGh0hsn433C7N3 X-Received: by 2002:a17:906:3b9a:: with SMTP id u26mr4827603ejf.456.1590568776134; Wed, 27 May 2020 01:39:36 -0700 (PDT) X-Received: by 2002:a17:906:3b9a:: with SMTP id u26mr4827580ejf.456.1590568775832; Wed, 27 May 2020 01:39:35 -0700 (PDT) Received: from vitty.brq.redhat.com (g-server-2.ign.cz. [91.219.240.2]) by smtp.gmail.com with ESMTPSA id s19sm2124076eja.91.2020.05.27.01.39.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 May 2020 01:39:34 -0700 (PDT) From: Vitaly Kuznetsov To: Sean Christopherson , "Kirill A. Shutemov" Cc: David Rientjes , Andrea Arcangeli , Kees Cook , Will Drewry , "Edgecombe\, Rick P" , "Kleen\, Andi" , x86@kernel.org, kvm@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" , Dave Hansen , Andy Lutomirski , Peter Zijlstra , Paolo Bonzini , Wanpeng Li , Jim Mattson , Joerg Roedel Subject: Re: [RFC 02/16] x86/kvm: Introduce KVM memory protection feature In-Reply-To: <20200527050350.GK31696@linux.intel.com> References: <20200522125214.31348-1-kirill.shutemov@linux.intel.com> <20200522125214.31348-3-kirill.shutemov@linux.intel.com> <87d06s83is.fsf@vitty.brq.redhat.com> <20200525151525.qmfvzxbl7sq46cdq@box> <20200527050350.GK31696@linux.intel.com> Date: Wed, 27 May 2020 10:39:33 +0200 Message-ID: <87eer56abe.fsf@vitty.brq.redhat.com> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Sean Christopherson writes: > On Mon, May 25, 2020 at 06:15:25PM +0300, Kirill A. Shutemov wrote: >> On Mon, May 25, 2020 at 04:58:51PM +0200, Vitaly Kuznetsov wrote: >> > > @@ -727,6 +734,15 @@ static void __init kvm_init_platform(void) >> > > { >> > > kvmclock_init(); >> > > x86_platform.apic_post_init = kvm_apic_init; >> > > + >> > > + if (kvm_para_has_feature(KVM_FEATURE_MEM_PROTECTED)) { >> > > + if (kvm_hypercall0(KVM_HC_ENABLE_MEM_PROTECTED)) { >> > > + pr_err("Failed to enable KVM memory protection\n"); >> > > + return; >> > > + } >> > > + >> > > + mem_protected = true; >> > > + } >> > > } >> > >> > Personally, I'd prefer to do this via setting a bit in a KVM-specific >> > MSR instead. The benefit is that the guest doesn't need to remember if >> > it enabled the feature or not, it can always read the config msr. May >> > come handy for e.g. kexec/kdump. >> >> I think we would need to remember it anyway. Accessing MSR is somewhat >> expensive. But, okay, I can rework it MSR if needed. > > I think Vitaly is talking about the case where the kernel can't easily get > at its cached state, e.g. after booting into a new kernel. The kernel would > still have an X86_FEATURE bit or whatever, providing a virtual MSR would be > purely for rare slow paths. > > That being said, a hypercall plus CPUID bit might be better, e.g. that'd > allow the guest to query the state without risking a #GP. We have rdmsr_safe() for that! :-) MSR (and hypercall to that matter) should have an associated CPUID feature bit of course. Yes, hypercall + CPUID would do but normally we treat CPUID data as static and in this case we'll make it a dynamically flipping bit. Especially if we introduce 'KVM_HC_DISABLE_MEM_PROTECTED' later. > >> Note, that we can avoid the enabling algother, if we modify BIOS to deal >> with private/shared memory. Currently BIOS get system crash if we enable >> the feature from time zero. > > Which would mesh better with a CPUID feature bit. > And maybe even help us to resolve 'reboot' problem. -- Vitaly