Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp933195rwd; Thu, 1 Jun 2023 08:20:08 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6PBZatBDm1evDdOHp3tK43ul1RzHZ580ecxQzYdjyKWfwbAlvBLTbW0wbcrJelRd/rA38L X-Received: by 2002:a05:6a00:2488:b0:643:980:65b with SMTP id c8-20020a056a00248800b006430980065bmr11423319pfv.2.1685632808160; Thu, 01 Jun 2023 08:20:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685632808; cv=none; d=google.com; s=arc-20160816; b=knKBTgYf+79iilUEnqLOC8i+O1Hcb/3bR1iqTfkg3oBKk/Sba2KxhEN31a/69bA4HO 3iGIoCsruLfbs91SeeYiaXzmxwyOGn+ZyhlTgH5Iu1Hr/rTyjz0Ei25LgwBQtUXWL44/ ZjvtQd0F26EVgbsvTQrTc4tjQL00yRdlYnP5FRQDn+YM/VQhm3+dxUlbG+lkxIl0DJrE lM0x+CgQGAFSC8HfehxXzTlqx/0JgNvsmVQS7fBlPOa8DjFP64YxlUftu0UYYrAg7ciV yrElFPDy/7NGTXC1IlpREqRSbiWx8uXgVFIm6XbpVYurd/NNPNw/8y09IK5+NTiDkFKU eYag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from :dkim-signature; bh=PJQPnXmXajJXwJgA+G0zk8GEKj6ODfftf6O1vVa5TrQ=; b=KNX99Xfj5cYtLSPrNE2MR+PhoMOjRKSxxu0HPDU+/SxgaMlEi2FlJMnocvpC4CNlPT CS8kdibWCu+cfxWsRpRfJP0okidQxotCcIsxjovxCDYgnL7VR05aUfnH5NGowOjzN1jQ qip3u5vir49JPTfN2AI2T07C7F/Fm3pT325F+ZqUgApct6L1fhdUYcz97tdxcBorDIfh yvMX8j4TL1EsBtef8i/BlNi6YOcL3kZJFNdUm6N9/6xPK405u5qYjxPDe1muM0V/ElFD EHogK92pYJbSrEZ4ejcVZiI9IwqQBYNWbo/p+m6+3bi4mVvZHr9fBNVRuqT9i5/ywgvk ezTw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="KfZ/yxlG"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b18-20020a621b12000000b0064d5b6864d0si5479442pfb.76.2023.06.01.08.19.54; Thu, 01 Jun 2023 08:20:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="KfZ/yxlG"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234866AbjFAPFz (ORCPT + 99 others); Thu, 1 Jun 2023 11:05:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43794 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234780AbjFAPEt (ORCPT ); Thu, 1 Jun 2023 11:04:49 -0400 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 90270199D; Thu, 1 Jun 2023 08:03:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1685631815; x=1717167815; h=from:to:cc:subject:date:message-id; bh=TN8mEM6PrgghswcSaJg6JTqK0dAJhCqFJfHWLbnUFXw=; b=KfZ/yxlGcC8es4mscHtriRcZ17mwKR3DBNIy3QGno/ulpaLpHmVY8qvy GfzQkT7RcyPCUVVrYHDACFkE/rQJEqneIGuim2spYsK04nKCVxo9XkKVa S6HoFxl9XF2BsikALsCYWklU5pXjwDuNL5iyedNdZs4K77dxkmJkXnYFZ 82OrTekL8FejhIZhyDs23yFL3mWiK6sst/Nr7LRml+Bk8IkaEBJHpFC0F 5GtiN8mNXgyOTJ1/veAXfCSZV5bpZUf/EgfD/LGBzY5Z2xbRIzlvIZpWg AjvK8AApukHFqbCANeaJfr6DLVZgFqDgFEdaQO4ngP/0qHkM/aEDhhywV w==; X-IronPort-AV: E=McAfee;i="6600,9927,10728"; a="383853319" X-IronPort-AV: E=Sophos;i="6.00,210,1681196400"; d="scan'208";a="383853319" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Jun 2023 08:02:39 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10728"; a="657828135" X-IronPort-AV: E=Sophos;i="6.00,210,1681196400"; d="scan'208";a="657828135" Received: from arthur-vostro-3668.sh.intel.com ([10.238.200.123]) by orsmga003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Jun 2023 08:02:34 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Zeng Guang Subject: [PATCH v1 0/6] LASS KVM virtualization support Date: Thu, 1 Jun 2023 22:23:03 +0800 Message-Id: <20230601142309.6307-1-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 X-Spam-Status: No, score=-4.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Linear Address Space Separation (LASS)[1] is an independent mechanism that enforces the mode-based protections on any access to a linear address. Based on a linear-address organization, the 64-bit canonical linear address space is partitioned into two halves: all linear addresses whose most significant bit is 0 are user space addresses, while linear addresses whose most significant bit is 1 are supervisor space address. LASS aims to prevent any attempt to probe supervisor space addresses by user mode, and likewise stop any attempt to access (if SMAP enabled) or execute user space addresses from supervisor mode. When platform has LASS capability, KVM requires to expose this feature to guest VM enumerated by CPUID.(EAX=07H.ECX=1):EAX.LASS[bit 6], and allow guest to enable it via CR4.LASS[bit 27] on demand. For instruction executed in the guest directly, hardware will perform the check. But KVM also needs to behave same as hardware to apply LASS to kinds of guest memory accesses when emulating privileged instructions by software. KVM will take following LASS voilations check on emulation path. User-mode access to supervisor space address: LA[bit 63] && (CPL == 3) Supervisor-mode access to user space address: Instruction fetch: !LA[bit 63] && (CPL < 3) Data access: !LA[bit 63] && (CR4.SMAP==1) && ((RFLAGS.AC == 0 && CPL < 3) || Implicit supervisor access) This patch series provide a LASS KVM solution. We tested the basic function of LASS virtualization including LASS enumeration and enabling in non-root and nested environment. As KVM unittest framework is not compatible to LASS rule, we use kernel module and application test to emulate LASS violation instead. With KVM forced emulation mechanism, we also verified the LASS functionality on some emulation path with instruction fetch and data access to have same behavior as hardware. [1] Intel ISE https://cdrdv2.intel.com/v1/dl/getContent/671368 Chapter Linear Address Space Separation (LASS) ------------------------------------------------------ v0->v1 1. Adapt to new __linearize() API 2. Function refactor of vmx_check_lass() 3. Refine commit message to be more precise 4. Drop LASS kvm cap detection depending on hardware capability Binbin Wu (1): KVM: x86: Consolidate flags for __linearize() Zeng Guang (5): KVM: x86: Virtualize CR4.LASS KVM: VMX: Add new ops in kvm_x86_ops for LASS violation check KVM: x86: Add emulator helper for LASS violation check KVM: x86: LASS protection on KVM emulation KVM: x86: Advertise LASS CPUID to user space arch/x86/include/asm/kvm-x86-ops.h | 3 +- arch/x86/include/asm/kvm_host.h | 4 ++- arch/x86/kvm/cpuid.c | 5 ++- arch/x86/kvm/emulate.c | 47 +++++++++++++++++++++++----- arch/x86/kvm/kvm_emulate.h | 6 ++++ arch/x86/kvm/vmx/nested.c | 3 ++ arch/x86/kvm/vmx/sgx.c | 4 +++ arch/x86/kvm/vmx/vmx.c | 50 ++++++++++++++++++++++++++++++ arch/x86/kvm/vmx/vmx.h | 2 ++ arch/x86/kvm/x86.c | 12 +++++++ arch/x86/kvm/x86.h | 2 ++ 11 files changed, 126 insertions(+), 12 deletions(-) -- 2.27.0