Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp6362019rwr; Mon, 24 Apr 2023 19:11:10 -0700 (PDT) X-Google-Smtp-Source: AKy350ZYoBpJxfxqUaxMf5R97aZvxFLe1yc7f2rDDdgBg4Hlgu6juK+E0n2/carVDVXyKW92URg3 X-Received: by 2002:a05:6a00:c88:b0:63b:5ef5:d968 with SMTP id a8-20020a056a000c8800b0063b5ef5d968mr23144687pfv.9.1682388669727; Mon, 24 Apr 2023 19:11:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682388669; cv=none; d=google.com; s=arc-20160816; b=tPZUwJx2lAm51aqM28MIWFIDSs24PDOV7CHuA4HptWoubg1q4TtEdC4fWaNQDTeAlr ApizUqdHGMpom2Mns0tcLK8l8VN1ERR1W+SdCB5KVMykIWWY4niQd/UjUYQlKWUp06wh UrNIp6m7q1w7wU7UUDEwe0vz9esM+c+wBqJpx+LegDEegwxPryl+cD9/5yabaMeBA8dj 3oTzxR1Tko88Yb0Xqws+G6ETcK3EF6lPCz4t1XixEXYN2BIJOT/cX69ncuOviGGrfeA2 62TK0NRVNDmhs6wSmVPOTHPiFHxh1WjD067ANwMNL7W2qz9VcHbUk01bZruOR4niRSsI uHtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=QHZh7nxc9KHoHSu7B2vEd+gneHiI8NVzReyDt1tDKng=; b=zMU1MRSwqDneBCBmHRsEpKmGtUBa589TvPNH2bsKjAu0UJai7D36B+2VeOAL1LqJq5 S6FqZX/4Fawb6U0z4lwFcUhpa5BWJRUyJj/EjhXjIEMe9kaOZOxg7QFO2TehFEe4XvlI 3ffyLkhs1aUCDEn8HGQxUAiZLiGwXE3m6ujpLtCDjcevqVEgX9wq6vvGC6QBy9d95uv6 rr/waHJhXVfITFD3MsZDmzn7cbdjmz++f96zQ+OVGa/K9P9Tib/j7HP57AWv+kO2FxMt yfYr5VyhKiWmQDsuOG+XpO2tli0PCM9YjObWatqUdyo/6bORa3+nWJ2YmT+aH3IRK1HR sWbg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=M9FPGRK5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d11-20020a621d0b000000b0063b7c4435c0si12303398pfd.54.2023.04.24.19.10.53; Mon, 24 Apr 2023 19:11:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=M9FPGRK5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233036AbjDYBtO (ORCPT + 99 others); Mon, 24 Apr 2023 21:49:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47508 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229872AbjDYBtN (ORCPT ); Mon, 24 Apr 2023 21:49:13 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5B8DB19BF; Mon, 24 Apr 2023 18:49:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1682387352; x=1713923352; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=RB7MLCszjLdl8wX7HNrdA2L4B19aRn4tLeyPvTGxnqA=; b=M9FPGRK55kG5r/f7tduDmTXFOM1VMchk2lRdkA5pEMG5YleLRN4Veqse 6BRfEbvwzZwuBaLUw/JdwVBsE0T2vxw4TVVDdeA/MjFNcETzt1xRrIkc/ rGRphXNmp7n8TlDJ4cgQKB8mu00skUDmWkX2MfoPk4pogjAeQ4CJb2xpv 4OqfYmHv3JHYiFjwbVVwm/e2jEiFuYeJuiQQ/nQD3ol5zfoPgW/xtcJ9v S6sHKpyehulXZ8Adl+TtNTgtPIVAHMFP50PxajKolE9+1QCHEoOYteIOl qmqd/1L1i33cihjXMlAKMxDSHCX/l1rUywzsTJy5XT0TM1DJuSrh0amIM g==; X-IronPort-AV: E=McAfee;i="6600,9927,10690"; a="326929330" X-IronPort-AV: E=Sophos;i="5.99,224,1677571200"; d="scan'208";a="326929330" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Apr 2023 18:49:10 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10690"; a="817488512" X-IronPort-AV: E=Sophos;i="5.99,224,1677571200"; d="scan'208";a="817488512" Received: from zengguan-mobl1.ccr.corp.intel.com (HELO [10.238.0.183]) ([10.238.0.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Apr 2023 18:49:06 -0700 Message-ID: <1b0db39e-2591-1af9-06d8-8e65c8a0e1eb@intel.com> Date: Tue, 25 Apr 2023 09:49:00 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 Subject: Re: [PATCH 0/6] LASS KVM virtualization support To: Binbin Wu , Paolo Bonzini , "Christopherson,, Sean" , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , "kvm@vger.kernel.org" Cc: "x86@kernel.org" , "linux-kernel@vger.kernel.org" , "Gao, Chao" References: <20230420133724.11398-1-guang.zeng@intel.com> <99fd6359-bc5d-b633-9b16-711f16063da8@linux.intel.com> Content-Language: en-US From: Zeng Guang In-Reply-To: <99fd6359-bc5d-b633-9b16-711f16063da8@linux.intel.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-5.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4/24/2023 9:20 AM, Binbin Wu wrote: > On 4/20/2023 9:37 PM, Zeng Guang wrote: >> Linear Address Space Separation (LASS)[1] is a new mechanism that >> enforces the same mode-based protections as paging, i.e. SMAP/SMEP but >> without traversing the paging structures. Because the protections >> enforced by LASS are applied before paging, "probes" by malicious >> software will provide no paging-based timing information. >> >> LASS works in long mode and partitions the 64-bit canonical linear >> address space into two halves: >> 1. Lower half (LA[63]=0) --> user space >> 2. Upper half (LA[63]=1) --> kernel space >> >> When LASS is enabled, a general protection #GP fault or a stack fault >> #SS will be generated if software accesses the address from the half >> in which it resides to another half, > The accessor's mode is based on CPL, not the address range, > so it feels a bit inaccurate of descripton "in which it resides". > This is alternative description to implicitly signify the privilege level, i.e. code running in upper half means it is in supervisor mode, otherwise it's in user mode.  :) >> e.g., either from user space to >> upper half, or from kernel space to lower half. This protection applies >> to data access, code execution. >> >> This series add KVM LASS virtualization support. >> >> When platform has LASS capability, KVM requires to expose this feature >> to guest VM enumerated by CPUID.(EAX=07H.ECX=1):EAX.LASS[bit 6], and >> allow guest to enable it via CR4.LASS[bit 27] on demand. For instruction >> executed in the guest directly, hardware will perform the LASS violation >> check, while KVM also needs to apply LASS to instructions emulated by >> software and injects #GP or #SS fault to the guest. >> >> Following LASS voilations check will be taken on KVM emulation path. > /s/voilations/violations > > >> User-mode access to supervisor space address: >> LA[bit 63] && (CPL == 3) >> Supervisor-mode access to user space address: >> Instruction fetch: !LA[bit 63] && (CPL < 3) >> Data access: !LA[bit 63] && (CR4.SMAP==1) && ((RFLAGS.AC == 0 && >> CPL < 3) || Implicit supervisor access) >> >> We tested the basic function of LASS virtualization including LASS >> enumeration and enabling in non-root and nested environment. As current >> KVM unittest framework is not compatible to LASS rule that kernel should >> run in the upper half, we use kernel module and application test to verify >> LASS functionalities in guest instead. The data access related x86 emulator >> code is verified with forced emulation prefix (FEP) mechanism. Other test >> cases are working in progress. >> >> How to add tests for LASS in KUT or kselftest is still under investigation. >> >> [1] Intel Architecutre Instruction Set Extensions and Future Features > /s/Architecutre/Architecture > Sorry for typos above. Thanks. >> Programming Reference: Chapter Linear Address Space Separation (LASS) >> https://cdrdv2.intel.com/v1/dl/getContent/671368 >> >> Zeng Guang (6): >> KVM: x86: Virtualize CR4.LASS >> KVM: VMX: Add new ops in kvm_x86_ops for LASS violation check >> KVM: x86: Add emulator helper for LASS violation check >> KVM: x86: LASS protection on KVM emulation when LASS enabled >> KVM: x86: Advertise LASS CPUID to user space >> KVM: x86: Set KVM LASS based on hardware capability >> >> arch/x86/include/asm/cpuid.h | 36 +++++++++++++++++++ >> arch/x86/include/asm/kvm-x86-ops.h | 1 + >> arch/x86/include/asm/kvm_host.h | 7 +++- >> arch/x86/kvm/cpuid.c | 8 +++-- >> arch/x86/kvm/emulate.c | 36 ++++++++++++++++--- >> arch/x86/kvm/kvm_emulate.h | 1 + >> arch/x86/kvm/vmx/nested.c | 3 ++ >> arch/x86/kvm/vmx/sgx.c | 2 ++ >> arch/x86/kvm/vmx/vmx.c | 58 ++++++++++++++++++++++++++++++ >> arch/x86/kvm/vmx/vmx.h | 2 ++ >> arch/x86/kvm/x86.c | 9 +++++ >> arch/x86/kvm/x86.h | 2 ++ >> 12 files changed, 157 insertions(+), 8 deletions(-) >>