Received: by 2002:a05:7412:518d:b0:e2:908c:2ebd with SMTP id fn13csp410335rdb; Thu, 5 Oct 2023 09:17:47 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGHBT/+CYOftX2iOi7ejReHm8UvJSMosFWqDJAYegncYLV4CfEPOBwcVOBZ6VsMn7EHoA13 X-Received: by 2002:a17:90b:384c:b0:276:caee:db4d with SMTP id nl12-20020a17090b384c00b00276caeedb4dmr5184697pjb.10.1696522666825; Thu, 05 Oct 2023 09:17:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696522666; cv=none; d=google.com; s=arc-20160816; b=CL5SiSh4OzVyBnoqPlpMLqQFweY/TSrgUZW4Unvi3hSDzoDeLgkUsNYqdV2xzoiukW jyo9RGtqnu+pz/fud5P+8oPrXBOXqqAU0FITesiN6u07sEgQYc08VRzshpdDUB76n6qS DOEviYgMxuHAfutwVz8mvDnG8X9ogp76L93Bjgvb1gppxEvEWxpM6QWeV+wT/m14azlV pYX4E8AXlCUq+DmC3uUp8VRICxsrnRag+kwqufeNy1nCWx3yXDCi5FiFvGFbfNdLsl6s kZ+MpYEcTvBZx+tCefS9PX6soVelLxQE79kTHXh5WRPp4GzyPZERZ0sAixaEvx4LI/Bd HalQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:mime-version:dkim-signature; bh=EE8iPYu9LpRlrA3P5svRFO6CzOzjvPUAMSGvj485Oxk=; fh=vqefJevMRAXqpurEcObFcP/cMRxXOwAblaJBkrAOc4M=; b=kPcYc2t6Pphqu0V8bg0z4xAp2B+jlr5qd5SN30OChPY/+WPW626F5FwdCv3cWQLlP4 kBCBKvzJ5yRfNf01RHFkf72rcjTQkOE0HC97LPvfTNRDScGf9qv1oqtmlmMLmWTpawuj azxWx3+URUqagOWrnt1zt7vJU60Oi85ATiPYsfOFcRF3H+0Ud/Yp96dMKS0YbO4vHDx6 ys1osa8ox4m295IWE6D/Dpxib/Nvg4S+AWEFQPnlPeElNWYDDI677y5sCwhD7hv1NH2w ppjwHhT7D/L1zc1/w3je77QtczzqujaL2aR5eWo0CNUZHwrbsqw0Yo8+klYWLcXJEeIu 1D7w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=inptMAmD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id 8-20020a17090a0e8800b00273e2f407casi3924625pjx.76.2023.10.05.09.17.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Oct 2023 09:17:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=inptMAmD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 84E1C830C331; Thu, 5 Oct 2023 09:16:51 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241260AbjJEQQG (ORCPT + 99 others); Thu, 5 Oct 2023 12:16:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33280 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234753AbjJEQNj (ORCPT ); Thu, 5 Oct 2023 12:13:39 -0400 Received: from mail-yb1-xb36.google.com (mail-yb1-xb36.google.com [IPv6:2607:f8b0:4864:20::b36]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D56AB698D for ; Thu, 5 Oct 2023 07:43:19 -0700 (PDT) Received: by mail-yb1-xb36.google.com with SMTP id 3f1490d57ef6-d81afd5273eso1126505276.3 for ; Thu, 05 Oct 2023 07:43:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1696516999; x=1697121799; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=EE8iPYu9LpRlrA3P5svRFO6CzOzjvPUAMSGvj485Oxk=; b=inptMAmDcUZ1iBCTY/rT4ZJ75tNZgRwaf6/zv4O44QzEe+ZBaFB053c+VOj3C4QipE zMd3KGrBNxPCRXwqq1eVQpP9HB/gPjmGNvFGD/oshJzSOEdaCYIrYk80LOKEJGLs6wzF IzrmKnbTd8vJPVU4VxrBBFi1dwoGbLrnE+ePMOrSam8Z3FyJiYZRJOyaw7Gc6ehQdczz kuadF+lYJQ6jNTREZqwL7fMtvowk4Lg/LP8kG4CiqDg5BDXkY4OEB5cCttwxjLvLAtJH c1vJ5f88oeq9RNFpgmcs5T/k9u5AUAMp4qdytFz3UEGHD+Z+7oNCmB0arvYqa1lVa+AN J2gA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696516999; x=1697121799; h=content-transfer-encoding:cc:to:subject:message-id:date:from :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=EE8iPYu9LpRlrA3P5svRFO6CzOzjvPUAMSGvj485Oxk=; b=KetBznT4TEPkFfu09jyz83inGMXY+OUsFny21p9T1uOnYT10hFVu7cC55LmR9EIBpd DaEgtTsC/0y8BKBT9yXXdP9jIlPMEGbw+I3FETujcTu71DUC5npimqdVJL0yAW4w2tRX eLNhMQXBv6b8dKBYWH/ViuiOcN6hI2zc/pNlVa9qFDRwZzLLQqmQOfS9J0LXJtBFJ+K1 MrgtTL8Qq1VwO1ttDIsHSEfD5tgdpTZndgTlrAs9z/taGQ6L/dHJLKD3+yjmS9t+vWBg r+okKLSZI0FbGcUVtdk7RaIMjzb78gMtM/mSgA9qJvw70m2ALLFYwnGVSfxBjsAvKD6K 8gcg== X-Gm-Message-State: AOJu0YwBN5+cYIQwyRQMXVKlvk2/bb4jmpYUBnamEgrOWjgQ0aRFwu3h 7pDbJmPlg5mhcHkjWFHpi7SB49DvEwUuySW9WvzPKg== X-Received: by 2002:a25:23ce:0:b0:d91:5a1b:eea with SMTP id j197-20020a2523ce000000b00d915a1b0eeamr4876224ybj.50.1696516998560; Thu, 05 Oct 2023 07:43:18 -0700 (PDT) MIME-Version: 1.0 From: Fuad Tabba Date: Thu, 5 Oct 2023 15:42:42 +0100 Message-ID: Subject: Re: [RFC PATCH v12 11/33] KVM: Introduce per-page memory attributes To: Sean Christopherson Cc: Paolo Bonzini , Marc Zyngier , Oliver Upton , Huacai Chen , Michael Ellerman , Anup Patel , Paul Walmsley , Palmer Dabbelt , Albert Ou , "Matthew Wilcox (Oracle)" , Andrew Morton , Paul Moore , James Morris , "Serge E. Hallyn" , KVM , "moderated list:ARM64 PORT (AARCH64 ARCHITECTURE)" , KVMARM , LinuxMIPS , linuxppc-dev@lists.ozlabs.org, kvm-riscv@lists.infradead.org, linux-riscv@lists.infradead.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-security-module@vger.kernel.org, open list , Chao Peng , Jarkko Sakkinen , Anish Moorthy , Yu Zhang , Isaku Yamahata , Xu Yilun , Vlastimil Babka , Vishal Annapurve , Ackerley Tng , Maciej Szmigiero , David Hildenbrand , Quentin Perret , Michael Roth , Wang , Liam Merwick , Isaku Yamahata , "Kirill A . Shutemov" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 05 Oct 2023 09:16:51 -0700 (PDT) Hi Sean, On Tue, Oct 3, 2023 at 9:51=E2=80=AFPM Sean Christopherson wrote: > > On Tue, Oct 03, 2023, Fuad Tabba wrote: > > On Tue, Oct 3, 2023 at 4:59=E2=80=AFPM Sean Christopherson wrote: > > > On Tue, Oct 03, 2023, Fuad Tabba wrote: > > > > > +#define KVM_MEMORY_ATTRIBUTE_PRIVATE (1ULL << 3) > > > > > + > > > > > > > > In pKVM, we don't want to allow setting (or clearing) of PRIVATE/SH= ARED > > > > attributes from userspace. > > > > > > Why not? The whole thing falls apart if userspace doesn't *know* the= state of a > > > page, and the only way for userspace to know the state of a page at a= given moment > > > in time is if userspace controls the attributes. E.g. even if KVM we= re to provide > > > a way for userspace to query attributes, the attributes exposed to us= rspace would > > > become stale the instant KVM drops slots_lock (or whatever lock prote= cts the attributes) > > > since userspace couldn't prevent future changes. > > > > I think I might not quite understand the purpose of the > > KVM_SET_MEMORY_ATTRIBUTES ABI. In pKVM, all of a protected guest's memo= ry is > > private by default, until the guest shares it with the host (via a > > hypercall), or another guest (future work). When the guest shares it, > > userspace is notified via KVM_EXIT_HYPERCALL. In many use cases, usersp= ace > > doesn't need to keep track directly of all of this, but can reactively = un/map > > the memory being un/shared. > > Yes, and then userspace needs to tell KVM, via KVM_SET_MEMORY_ATTRIBUTES,= that > userspace has agreed to change the state of the page. Userspace may not = need/want > to explicitly track the state of pages, but userspace still needs to tell= KVM what > userspace wants. > > KVM is primarily an accelerator, e.g. KVM's role is to make things go fas= t (relative > to doing things in userspace) and provide access to resources/instruction= s that > require elevated privileges. As a general rule, we try to avoid defining= the vCPU > model, security policies, etc. in KVM, because hardcoding policy into KVM= (and the > kernel as a whole) eventually limits the utility of KVM. > > As it pertains to PRIVATE vs. SHARED, KVM's role is to define and enforce= the basic > rules, but KVM shouldn't do things like define when it is (il)legal to co= nvert > memory to/from SHARED, what pages can be converted, what happens if the g= uest and > userspace disagree, etc. Thanks for clarifying that. My initial understanding of the purpose of KVM_SET_MEMORY_ATTRIBUTES wasn't clear. Now I see how having the userspace view in KVM would avoid the need to hardcore many policies, and I can see how this could come in handy in the future when we start going into multi-sharing, for example. > > > Why does pKVM need to prevent userspace from stating *its* view of at= tributes? > > > > > > If the goal is to reduce memory overhead, that can be solved by using= an internal, > > > non-ABI attributes flag to track pKVM's view of SHARED vs. PRIVATE. = If the guest > > > attempts to access memory where pKVM and userspace don't agree on the= state, > > > generate an exit to userspace. Or kill the guest. Or do something e= lse entirely. > > > > For the pKVM hypervisor the guest's view of the attributes doesn't > > matter. The hypervisor at the end of the day is the ultimate arbiter > > for what is shared and with how. For pKVM (at least in my port of > > guestmem), we use the memory attributes from guestmem essentially to > > control which memory can be mapped by the host. > > The guest's view absolutely matters. The guest's view may not be express= ed at > access time, e.g. as you note below, pKVM and other software-protected VM= s don't > have a dedicated shared vs. private bit like TDX and SNP. But the view i= s still > there, e.g. in the pKVM model, the guest expresses its desire for shared = vs. > private via hypercall, and IIRC, the guest's view is tracked by the hyper= visor > in the stage-2 PTEs. pKVM itself may track the guest's view on things, b= ut the > view is still the guest's. This was poorly worded on my part. You're right that in practice the pKVM hypervisor is the one tracking the guest's view, based on the hypercalls from the guest. > E.g. if the guest thinks a page is private, but in reality KVM and host u= serspace > have it as shared, then the guest may unintentionally leak data to the un= trusted > world. > > IIUC, you have implemented guest_memfd support in pKVM by changing the at= tributes > when the guest makes the hypercall. This can work, but only so long as t= he guest > and userspace are well-behaved, and it will likely paint pKVM into a corn= er in > the long run. > > E.g. if the guest makes a hypercall to convert memory to PRIVATE, but the= re is > no memslot or the memslot doesn't support private memory, then unless the= re is > policy baked into KVM, or an ABI for the guest<=3D>host hypercall interfa= ce that > allows unwinding the program counter, you're stuck. Returning an error f= or the > hypercall straight from KVM is undesirable as that would put policy into = KVM that > doesn't need to be there, e.g. that would prevent userspace from manipula= ting > memslots in response to (un)share requests from the guest. It's a simila= r story > if KVM marks the page as PRIVATE, as that would prevent userspace from re= turning > an error for the hypercall, i.e. would prevent usersepace from denying th= e request > to convert to PRIVATE. Ack. > > One difference between pKVM and TDX (as I understand it), is that TDX > > uses the msb of the guest's IPA to indicate whether memory is shared > > or private, and that can generate a mismatch on guest memory access > > between what it thinks the state is, and what the sharing state in > > reality is. pKVM doesn't have that. Memory is private by default, and > > can be shared in-place, both in the guest's IPA space as well as the > > underlying physical page. > > TDX's shared bit and SNP's encryption bit are just a means of hardware en= forcement. > pKVM does have a hardware bit because hardware doesn't provide any enforc= ement. > But as above, pKVM does have an equivalent *somewhere*. > > > > > The other thing, which we need for pKVM anyway, is to make > > > > kvm_vm_set_mem_attributes() global, so that it can be called from o= utside of > > > > kvm_main.c (already have a local patch for this that declares it in > > > > kvm_host.h), > > > > > > That's no problem, but I am definitely opposed to KVM modifying attri= butes that > > > are owned by userspace. > > > > > > > and not gate this function by KVM_GENERIC_MEMORY_ATTRIBUTES. > > > > > > As above, I am opposed to pKVM having a completely different ABI for = managing > > > PRIVATE vs. SHARED. I have no objection to pKVM using unclaimed flag= s in the > > > attributes to store extra metadata, but if KVM_SET_MEMORY_ATTRIBUTES = doesn't work > > > for pKVM, then we've failed miserably and should revist the uAPI. > > > > Like I said, pKVM doesn't need a userspace ABI for managing PRIVATE/SHA= RED, > > just a way of tracking in the host kernel of what is shared (as opposed= to > > the hypervisor, which already has the knowledge). The solution could si= mply > > be that pKVM does not enable KVM_GENERIC_MEMORY_ATTRIBUTES, has its own > > tracking of the status of the guest pages, and only selects KVM_PRIVATE= _MEM. > > At the risk of overstepping my bounds, I think that effectively giving th= e guest > full control over what is shared vs. private is a mistake. It more or le= ss locks > pKVM into a single model, and even within that model, dealing with errors= and/or > misbehaving guests becomes unnecessarily problematic. > > Using KVM_SET_MEMORY_ATTRIBUTES may not provide value *today*, e.g. the u= serspace > side of pKVM could simply "reflect" all conversion hypercalls, and termin= ate the > VM on errors. But the cost is very minimal, e.g. a single extra ioctl() = per > converion, and the upside is that pKVM won't be stuck if a use case comes= along > that wants to go beyond "all conversion requests either immediately succe= ed or > terminate the guest". Now that I understand the purpose of KVM_SET_MEMORY_ATTRIBUTES, I agree. However, pKVM needs to track at the host kernel (i.e., EL1) whether guest memory is shared or private. One approach would be to add another flag to the attributes that tracks the host kernel view. The way KVM_SET_MEMORY_ATTRIBUTES is implemented now, userspace can zero it, so in that case, that operation would need to be masked to avoid that. Another approach would be to have a pKVM-specific xarray (or similar) to do the tracking, but since there is a structure that's already doing something similar (i.e.,the attributes array), it seems like it would be unnecessary overhead. Do you have any ideas or preferences? Cheers, /fuad