Received: by 2002:a05:7412:31a9:b0:e2:908c:2ebd with SMTP id et41csp3370909rdb; Wed, 13 Sep 2023 09:57:43 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEZ6eR7NcM5iEGN65gl836v2QlJ8JOcmcOw2rr/45ZbMmAFkqSntxhzqU7FZ0oeJSNZiZ8d X-Received: by 2002:a17:90a:1283:b0:268:38a7:842e with SMTP id g3-20020a17090a128300b0026838a7842emr2596097pja.2.1694624263268; Wed, 13 Sep 2023 09:57:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694624263; cv=none; d=google.com; s=arc-20160816; b=zcH+aDyGjxgv4OdXLi2UlhYF4Tjj6ZDzA2kwCZIDqysZVX+/Qt5quihaQZ/uYL8yNj wDG8kjBk0n65dQkTZSEkNhXXmYSw9y/Fe01xctE3pGgYFN2tRDFEHBQj0RqFNt2r0Pln JJoll9une2nfvzrg6+2fm1vuzfVUGNS/ZGMzZnBw5ra2J8pahRx14biZeUEq/Jh6gJIQ UHdZvvIXrbXk09B/uCaEvD0lswxjja/yWz3hjtcC2/Pq6VsI1FDJ7zcvlpy/AjxBQzqa qyAbVShnk81MTUyArbVXJ0GFHYJxXf3nBngk1YrL1nZP3V5i5pH3fUn8doaKB86KinUi 1Xww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=3OLYNu/HPKxsY1DT2wTQPSxunB0xH8i+GAiAeuIC53g=; fh=XU07i6VjSHyq3GxtsXSBrQ3+Dy8rztqr00WST2j1mn0=; b=Dtv6GNXGNL8UsrJQMk74XYqv5Li2MH0R4U06i3v/Eqq3NfzKVnP43idNDqJ6wLNeEO XvVCjs3wK+4u8SEGth5issWBZ+meLTpfrh2NaqIqvO6TEyw9yA5d/ztTgyfjeP4TtIYx kOyeqj1U/RI8eP/61FZozfz8uuW59JAT4X99kVyZ7BOcLH+eHlTsY4OHqDf+z5CSwbtt hZCnf/DI0UOrti+cGD1CzD6mftK+cEQLqwQ5W4qdPNory661hZ4FVpaOIiv1+3ZcrUy5 oPIHHZZhUO7okMOKpZeqj0TohiDatgjGfAj//og8xjBp3pw18RRW2oVnnpz2p6sDGCHK jBFQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=QZEoI2HT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id b24-20020a17090ae39800b002689d34ae8dsi1912925pjz.18.2023.09.13.09.57.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Sep 2023 09:57:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=QZEoI2HT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 4CE468029572; Wed, 13 Sep 2023 08:39:52 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229655AbjIMPjq (ORCPT + 99 others); Wed, 13 Sep 2023 11:39:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35532 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229514AbjIMPjq (ORCPT ); Wed, 13 Sep 2023 11:39:46 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 43C0CCCD; Wed, 13 Sep 2023 08:39:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694619582; x=1726155582; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=Qs1xzAFowV1OHGg4Me+cx2ZGEWEkE10b8u4FIoQkz5Q=; b=QZEoI2HTY7pAsrnfajJYdpppDY9KQkBiWSDg/WHD1fon+gZz6WPS7vwc ygyomTjbSfAHjdSl+RTWYRALrpBpDn2Xr3FQo1olDXy5aBaeW+/zBudOP UPEvR+2H3ISMzWEh3rCPwVdzudFwrt/V5zvbtugVMBSQ3JCn5/wPLus3Q mxrle0Pg0VG3h/AWrMwtJQuFgqnwdHOvVFvPYOS6EgHQWXUovEqSBtSui AejrtIrzZ9k+FRKGWIdTV0vJzThzUJ6thRSYQDcEN6jk4DoFPKJ6lLJ3o bbNsLFBtH7/cK9wg8hL+MhSj9KBfP70ubFbjChEel60vNfdttEAZR/PKS A==; X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="376030083" X-IronPort-AV: E=Sophos;i="6.02,143,1688454000"; d="scan'208";a="376030083" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Sep 2023 08:39:41 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10832"; a="867851977" X-IronPort-AV: E=Sophos;i="6.02,143,1688454000"; d="scan'208";a="867851977" Received: from binbinwu-mobl.ccr.corp.intel.com (HELO binbinwu-mobl.sh.intel.com) ([10.93.2.44]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Sep 2023 08:39:38 -0700 From: Binbin Wu To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, chao.gao@intel.com, kai.huang@intel.com, David.Laight@ACULAB.COM, robert.hu@linux.intel.com, guang.zeng@intel.com, binbin.wu@linux.intel.com Subject: [PATCH v11 00/16] LAM and LASS KVM Enabling Date: Wed, 13 Sep 2023 20:42:11 +0800 Message-Id: <20230913124227.12574-1-binbin.wu@linux.intel.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 13 Sep 2023 08:39:52 -0700 (PDT) X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email This patch series includes KVM enabling patches for Linear-address masking (LAM) v11 and Linear Address Space Separation (LASS) v3 since the two features have overlapping prep work and concepts. Sent as a single series to reduce the probability of conflicts. The patch series is organized as follows: - Patch 1-4: Common prep work for both LAM and LASS. - Patch 5-13: LAM part. - Patch 14-16: LASS part. Dependency: - LAM has no other dependency. - LASS patches depends on LASS kernel enabling patches, which are not merged yet. https://lore.kernel.org/all/20230609183632.48706-1-alexander.shishkin@linux.intel.com/ ==== LAM v11 ==== Linear-address masking (LAM) [1], modifies the checking that is applied to *64-bit* linear addresses, allowing software to use of the untranslated address bits for metadata and masks the metadata bits before using them as linear addresses to access memory. When the feature is virtualized and exposed to guest, it can be used for efficient address sanitizers (ASAN) implementation and for optimizations in JITs and virtual machines. The patch series brings LAM virtualization support in KVM. Please review and consider applying. LAM QEMU patch: https://lists.gnu.org/archive/html/qemu-devel/2023-07/msg04160.html LAM kvm-unit-tests patch: https://lore.kernel.org/kvm/20230530024356.24870-1-binbin.wu@linux.intel.com/ --- Test --- 1. Add test cases in kvm-unit-test for LAM [2], including LAM_SUP and LAM_{U57,U48}. For supervisor pointers, the test covers CR4 LAM_SUP bits toggle, Memory/MMIO access with tagged pointer, and some special instructions (INVLPG, INVPCID, INVVPID), INVVPID cases also used to cover VMX instruction VMExit path. For user pointers, the test covers CR3 LAM bits toggle, Memory/MMIO access with tagged pointer. MMIO cases are used to trigger instruction emulation path. Run the unit test with both LAM feature on/off (i.e. including negative cases). Run the unit test in L1 guest with both LAM feature on/off. 2. Run Kernel LAM kselftests in guest, with both EPT=Y/N. 3. Launch a nested guest and run tests listed in 1 & 2. All tests have passed on real machine supporting LAM. [1] Intel ISE https://cdrdv2.intel.com/v1/dl/getContent/671368 Chapter Linear Address Masking (LAM) [2] https://lore.kernel.org/kvm/20230530024356.24870-1-binbin.wu@linux.intel.com/ ---------- Changelog v11: - A separate patch to drop non-PA bits when getting GFN for guest's PGD [Sean] - Add a patch to remove kvm_vcpu_is_illegal_gpa() [Isaku] - Squash CR4 LAM bit handling with the address untag for supervisor pointers. [Sean] - Squash CR3 LAM bits handling with the address untag for user pointers. [Sean] - Adopt KVM-governed feature framework to track "LAM enabled" as a separate optimization patch, and add the reason in patch change log. [Sean, Kai] - Some comment modifications/additions according to reviews [Sean] v10: https://lore.kernel.org/kvm/20230719144131.29052-1-binbin.wu@linux.intel.com/ ==== LASS v3 ==== Linear Address Space Separation (LASS)[1] is a new mechanism that enforces the same mode-based protections as paging, i.e. SMAP/SMEP but without traversing the paging structures. Because the protections enforced by LASS are applied before paging, "probes" by malicious software will provide no paging-based timing information. This patch series provide a LASS KVM solution and depends on kernel enabling that can be found at [2]. --- Test --- 1. Test the basic function of LASS virtualization including LASS enumeration and enabling in guest and nested environment. 2. Run selftest with following cases: - data access to user address space in supervisor mode - data access to supervisor address space in user mode - data access to linear address across space boundary - Using KVM FEP mechanism to run test cases above - VMX instruction execution with VMCS structure in user address space - instruction fetch from user address space in supervisor mode - instruction fetch from supervisor address space in user mode All tests have passed on real machine supporting LASS. [1] Intel ISE spec https://cdrdv2.intel.com/v1/dl/getContent/671368 Chapter Linear Address Space Separation (LASS) [2] LASS kernel patch series https://lore.kernel.org/all/20230609183632.48706-1-alexander.shishkin@linux.intel.com/ ---------- Change log v3: 1. Refine commit message [Sean/Chao Gao] 2. Enhance the implementation of LASS violation check [Sean] 3. Re-organize patch as Sean's suggestion [Sean] v2: https://lore.kernel.org/all/20230719024558.8539-1-guang.zeng@intel.com/ Binbin Wu (10): KVM: x86: Consolidate flags for __linearize() KVM: x86: Use a new flag for branch targets KVM: x86: Add an emulation flag for implicit system access KVM: x86: Add X86EMUL_F_INVLPG and pass it in em_invlpg() KVM: x86/mmu: Drop non-PA bits when getting GFN for guest's PGD KVM: x86: Add & use kvm_vcpu_is_legal_cr3() to check CR3's legality KVM: x86: Remove kvm_vcpu_is_illegal_gpa() KVM: x86: Introduce get_untagged_addr() in kvm_x86_ops and call it in emulator KVM: x86: Untag address for vmexit handlers when LAM applicable KVM: x86: Use KVM-governed feature framework to track "LAM enabled" Robert Hoo (3): KVM: x86: Virtualize LAM for supervisor pointer KVM: x86: Virtualize LAM for user pointer KVM: x86: Advertise and enable LAM (user and supervisor) Zeng Guang (3): KVM: emulator: Add emulation of LASS violation checks on linear address KVM: VMX: Virtualize LASS KVM: x86: Advertise LASS CPUID to user space arch/x86/include/asm/kvm-x86-ops.h | 4 +- arch/x86/include/asm/kvm_host.h | 8 ++- arch/x86/kvm/cpuid.c | 4 +- arch/x86/kvm/cpuid.h | 13 ++-- arch/x86/kvm/emulate.c | 39 +++++++---- arch/x86/kvm/governed_features.h | 1 + arch/x86/kvm/kvm_emulate.h | 13 ++++ arch/x86/kvm/mmu.h | 8 +++ arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/mmu/mmu_internal.h | 1 + arch/x86/kvm/mmu/paging_tmpl.h | 2 +- arch/x86/kvm/svm/nested.c | 4 +- arch/x86/kvm/vmx/nested.c | 14 ++-- arch/x86/kvm/vmx/sgx.c | 4 +- arch/x86/kvm/vmx/vmx.c | 106 ++++++++++++++++++++++++++++- arch/x86/kvm/vmx/vmx.h | 5 ++ arch/x86/kvm/x86.c | 28 +++++++- arch/x86/kvm/x86.h | 4 ++ 18 files changed, 226 insertions(+), 34 deletions(-) base-commit: 0bb80ecc33a8fb5a682236443c1e740d5c917d1d prerequisite-patch-id: 51db36ad7156234d05f8c4004ec6a31ef609b81a -- 2.25.1