Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp6514212rwd; Mon, 5 Jun 2023 20:26:02 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ48+RNIYFHTXAH3NbXkvBQICiwJqVQAjR9th3dSkoE2mdYo2G4pdvXfujPtgBVAIiHXwH7C X-Received: by 2002:a05:6a20:7488:b0:10a:f3df:b86e with SMTP id p8-20020a056a20748800b0010af3dfb86emr668390pzd.44.1686021962487; Mon, 05 Jun 2023 20:26:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686021962; cv=none; d=google.com; s=arc-20160816; b=V2P7AgoZbpSokbO+Gnny5xIQKAZhSbVkiHDZStVcg/WUw89u+NfBnehGOn0ZxYx/lE BvopXVay+1ilULDGEqEcfDcItnb7LEK/kmkWI/nuMcIc1QYmgs8PD98VUcsyYP1wbwyJ xgswaaGzUBvwZQQkl//IniETvLzr7lFuYW/1zsLclcwj8Jd7R7y0QjRU6q7L8QouDRT+ UpPoLeYq7q6ZbW2aqErB9aAp9ZEwn1AbSpVnKk72O/zEF2AuMig5nfmOWG2IikqQes28 j1kLjROLnGbMTG+KS2MqaOcUtOK2UufYx1dx0yAv7+Yf04VGHuGU2N7VDyCNJ8jOn96e k4tQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=WjHfCvRNCza3H5O8K3rPFKh6iVC7JugAowd69F4aoDU=; b=LtXFWsnuXI8y5cPMsqNEy2gjzUOnKh+NniiYf8Edz5gQ/Rnorns+zWJnYkX0cFJTD5 i21oz1REJQx9I/mpsfUJsJF1e7wMIEqVFrKn5exXpQ1QDyjX10t1hHxIPgSpfVD60D1d zMe7chROr9xyezYhpqu4hNJd/N/ij3JTx1/NGWgDlmHd7GAM7XKuheR9PAkau8e6Kbf4 AZUeDR5L/20iawll1z9fJVl6IPa6mX8RXAaGWYfqqfOKvWlf3aUPKw0Y/4YCYlXLVQbG DpYoePhw8/UfTLeZ9LLlwwzyBv0NPw1RQ6F/f/HTlMesSIHdXzn6NHkP43K43CHpnmV+ pj6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=mBymGkh6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q5-20020aa78425000000b0064d35b6cdd8si6219955pfn.168.2023.06.05.20.25.50; Mon, 05 Jun 2023 20:26:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=mBymGkh6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230112AbjFFDJW (ORCPT + 99 others); Mon, 5 Jun 2023 23:09:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36886 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232629AbjFFDJU (ORCPT ); Mon, 5 Jun 2023 23:09:20 -0400 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2CF7A118; Mon, 5 Jun 2023 20:09:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1686020956; x=1717556956; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=ZjPiHD2dLaeUV1DyYVTrMSjB4gNCH7qHbTFOV0ktpik=; b=mBymGkh6FrurtWg7NOk6vAQcdttcK01yTxzYFIMh3V2Dd0FAqmN2KqKd SHcvCQ4Ag0k22XL/INFnLUjk+GR73JfP0/w+blKvj16JiLcTqjHfIXRy9 yIcBYJ8qlpID+Ffw2A15LTTRBTJGmuVgOmOF64vdt3dYFidT3VSA1BjlC BME2pZP5q0ZITsmCspVI+0kTmkn3Be3ckbGGuTXZ97hnJYDzQpjXmFgfO 6yy6BY6hw6iDi94DAxuTiQ8Nx2kj/5mo3eqlKDk8cUFD4BaE+PwbZmHRK rhBWqHBToMpnQh/TBZsgXCWke/wqVumsMfy9Ow0sU8Wt2EjuGX71n41do w==; X-IronPort-AV: E=McAfee;i="6600,9927,10732"; a="346145155" X-IronPort-AV: E=Sophos;i="6.00,219,1681196400"; d="scan'208";a="346145155" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Jun 2023 20:09:15 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10732"; a="659345977" X-IronPort-AV: E=Sophos;i="6.00,219,1681196400"; d="scan'208";a="659345977" Received: from zengguan-mobl1.ccr.corp.intel.com (HELO [10.249.170.218]) ([10.249.170.218]) by orsmga003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Jun 2023 20:09:12 -0700 Message-ID: <2a7bd52d-441e-a8da-9c1b-dbc60f6bad7e@intel.com> Date: Tue, 6 Jun 2023 11:08:57 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.11.2 Subject: Re: [PATCH v1 3/6] KVM: VMX: Add new ops in kvm_x86_ops for LASS violation check Content-Language: en-US To: Yuan Yao Cc: Paolo Bonzini , "Christopherson,, Sean" , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , "kvm@vger.kernel.org" , "x86@kernel.org" , "linux-kernel@vger.kernel.org" References: <20230601142309.6307-1-guang.zeng@intel.com> <20230601142309.6307-4-guang.zeng@intel.com> <20230605140725.32ogo6gbhqyl4kfl@yy-desk-7060> From: Zeng Guang In-Reply-To: <20230605140725.32ogo6gbhqyl4kfl@yy-desk-7060> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, SCC_BODY_URI_ONLY,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/5/2023 10:07 PM, Yuan Yao wrote: > On Thu, Jun 01, 2023 at 10:23:06PM +0800, Zeng Guang wrote: >> Intel introduces LASS (Linear Address Separation) feature providing >> an independent mechanism to achieve the mode-based protection. >> >> LASS partitions 64-bit linear address space into two halves, user-mode >> address (LA[bit 63]=0) and supervisor-mode address (LA[bit 63]=1). It >> stops any code execution or conditional data access[1] >> 1. from user mode to supervisor-mode address space >> 2. from supervisor mode to user-mode address space >> and generates LASS violation fault accordingly. >> >> +/* >> + * Determine whether an access to the linear address causes a LASS violation. >> + * LASS protection is only effective in long mode. As a prerequisite, caller >> + * should make sure vCPU running in long mode and invoke this api to do LASS >> + * violation check. >> + */ >> +bool vmx_check_lass(struct kvm_vcpu *vcpu, u64 access, u64 la, u32 flags) >> +{ >> + bool user_mode, user_as, rflags_ac; >> + >> + if (!!(flags & X86EMUL_F_SKIPLASS) || >> + !kvm_is_cr4_bit_set(vcpu, X86_CR4_LASS)) >> + return false; >> + >> + WARN_ON_ONCE(!is_long_mode(vcpu)); >> + >> + user_as = !(la >> 63); >> + >> + /* >> + * An access is a supervisor-mode access if CPL < 3 or if it implicitly >> + * accesses a system data structure. For implicit accesses to system >> + * data structure, the processor acts as if RFLAGS.AC is clear. >> + */ >> + if (access & PFERR_IMPLICIT_ACCESS) { >> + user_mode = false; >> + rflags_ac = false; >> + } else { >> + user_mode = vmx_get_cpl(vcpu) == 3; >> + if (!user_mode) >> + rflags_ac = !!(kvm_get_rflags(vcpu) & X86_EFLAGS_AC); >> + } >> + >> + if (user_mode == user_as) > Confused by user_as, it's role of address(U/S) so how about > "user_addr" ? "if (user_mode == user_addr)" looks more clear > to me. > Actually "as" stands for "address space". I suppose it more precise. :)