Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp52771rwd; Wed, 24 May 2023 14:03:05 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7diUa5Qe7FjpIu1wjisgd94ZROkt+y5D/E2b7yliWgbK06T5UFqimPyF065lIx/ODArOFK X-Received: by 2002:a05:6a00:1503:b0:64c:ae1c:3385 with SMTP id q3-20020a056a00150300b0064cae1c3385mr5956837pfu.32.1684962184977; Wed, 24 May 2023 14:03:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684962184; cv=none; d=google.com; s=arc-20160816; b=vp3UTSavjJUvL3E+C21sZWwjmvCbYrXHDjAKJbaBaM0Y/Fq8l5cgQEFrHfE2+2h6nG lQenBvXwOyldjGgaJfJ5Jd9mGH/wVynvFiH9B6pPqVAo34bXFQhneWogXRbQoXa7j35E ZOEzCgdeBC2jT92Ag5iG4BJAvG+DjV0/BJjj2bYc3gi9qgdXqP/tdDi6Fxxcg5gsuIWZ wTULoBkjw3Qt6pvXJ6fwiWEH1S1RB9oY4ensdic/2olQrUAf1+92jlJz183dAKi+99XN 7D1/HC+J51olaXMCHmvt03WVeqmHabKKNIKQZgbi+xV5QNiKJmBsbFPmu7eLbP+n/mej gD4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:dkim-signature:dkim-filter; bh=jaoGaATWl6qH0LBuT7PMpFhq3wR8UB0SRjcinmr2MGw=; b=GKoICX9Ld3B5t5eflTdoSo5fdOnnJKnZ5ukCwMyDuapkJFdpQp8RqeXaRjJCxWlY54 VTS2uwTaCiLoi3oh/ODMp7Gg5fmHGG8EKG2cRrGEKjioIw3n8mFeALnUnoWLh+x0aHSz s5Jg2qRLVGwtKXzGuzzSqTWo4LudoFGPGJ/hdZyMyuy7uneP4nbhsH7V00cc1fLXW6d4 l2Lgkq/GoFFhxJ78Z7s0R1oMnlEZG00uxc8V7Q5eEiimbnWwduliib4kR7mK8RxhRKRa Oe0bbsaBLmxkIScfBmtmKgNC4KtYNPFpKJJsbOg7ZrVt9Bz2ZfZK2GeMjeHMGLi4IqmE 9Lmw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=gdGCklkn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c30-20020a63725e000000b00524ecfa05d8si2221431pgn.15.2023.05.24.14.02.51; Wed, 24 May 2023 14:03:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=gdGCklkn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230017AbjEXUxZ (ORCPT + 99 others); Wed, 24 May 2023 16:53:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46944 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229451AbjEXUxY (ORCPT ); Wed, 24 May 2023 16:53:24 -0400 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id F141C12E; Wed, 24 May 2023 13:53:22 -0700 (PDT) Received: from [192.168.4.26] (unknown [47.186.50.133]) by linux.microsoft.com (Postfix) with ESMTPSA id E7B6E20FBA6D; Wed, 24 May 2023 13:53:19 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com E7B6E20FBA6D DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1684961602; bh=jaoGaATWl6qH0LBuT7PMpFhq3wR8UB0SRjcinmr2MGw=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=gdGCklkn+W2FG8nWXMknVmZRf7MOqfBXFQSg1XVTieJjYv2pZpbSK13nBh6SaoEhT jcL639wc1nVXAHEnmQmaX6AIuaD25yFRRA9zSSEUAf6N/FK7V8PguD80UGHHcNbtZY /rfQmT61JJHHOojvC0XgtjYl2COQYPXjTiszLZkM= Message-ID: Date: Wed, 24 May 2023 15:53:18 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: [PATCH v1 2/9] KVM: x86/mmu: Add support for prewrite page tracking To: Sean Christopherson , =?UTF-8?B?TWlja2HDq2wgU2FsYcO8?= =?UTF-8?Q?n?= Cc: Borislav Petkov , Dave Hansen , "H . Peter Anvin" , Ingo Molnar , Kees Cook , Paolo Bonzini , Thomas Gleixner , Vitaly Kuznetsov , Wanpeng Li , Alexander Graf , Forrest Yuan Yu , James Morris , John Andersen , Liran Alon , Marian Rotariu , =?UTF-8?Q?Mihai_Don=c8=9bu?= , =?UTF-8?B?TmljdciZb3IgQ8OuyJt1?= , Rick Edgecombe , Thara Gopinath , Will Deacon , Zahra Tarkhani , =?UTF-8?Q?=c8=98tefan_=c8=98icleru?= , dev@lists.cloudhypervisor.org, kvm@vger.kernel.org, linux-hardening@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org, x86@kernel.org, xen-devel@lists.xenproject.org References: <20230505152046.6575-1-mic@digikod.net> <20230505152046.6575-3-mic@digikod.net> <6412bf27-4d05-eab8-3db1-d4efa44af3aa@digikod.net> Content-Language: en-US From: "Madhavan T. Venkataraman" In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-19.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,ENV_AND_HDR_SPF_MATCH,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/5/23 12:31, Sean Christopherson wrote: > On Fri, May 05, 2023, Micka�l Sala�n wrote: >> >> On 05/05/2023 18:28, Sean Christopherson wrote: >>> I have no doubt that we'll need to solve performance and scaling issues with the >>> memory attributes implementation, e.g. to utilize xarray multi-range support >>> instead of storing information on a per-4KiB-page basis, but AFAICT, the core >>> idea is sound. And a very big positive from a maintenance perspective is that >>> any optimizations, fixes, etc. for one use case (CoCo vs. hardening) should also >>> benefit the other use case. >>> >>> [1] https://lore.kernel.org/all/20230311002258.852397-22-seanjc@google.com >>> [2] https://lore.kernel.org/all/Y2WB48kD0J4VGynX@google.com >>> [3] https://lore.kernel.org/all/Y1a1i9vbJ%2FpVmV9r@google.com >> >> I agree, I used this mechanism because it was easier at first to rely on a >> previous work, but while I was working on the MBEC support, I realized that >> it's not the optimal way to do it. >> >> I was thinking about using a new special EPT bit similar to >> EPT_SPTE_HOST_WRITABLE, but it may not be portable though. What do you >> think? > > On x86, SPTEs are even more ephemeral than memslots. E.g. for historical reasons, > KVM zaps all SPTEs if _any_ memslot is deleted, which is problematic if the guest > is moving around BARs, using option ROMs, etc. > > ARM's pKVM tracks metadata in its stage-2 PTEs, i.e. doesn't need an xarray to > otrack attributes, but that works only because pKVM is more privileged than the > host kernel, and the shared vs. private memory attribute that pKVM cares about > is very, very restricted in how it can be used and changed. > > I tried shoehorning private vs. shared metadata into x86's SPTEs in the past, and > it ended up being a constant battle with the kernel, e.g. page migration, and with > KVM itself, e.g. the above memslot mess. Sorry for the delay in responding to this. I wanted to study the KVM code and fully understand your comment before responding. Yes, I quite agree with you. I will make an attempt to address this in the next version. I am working on it right now. Thanks. Madhavan