| Message ID | 20231108111806.92604-30-nsaenz@amazon.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:aa0b:0:b0:403:3b70:6f57 with SMTP id k11csp844469vqo;
Wed, 8 Nov 2023 03:25:16 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IHKwCf3aETnQ5oTDZk2yfUjDlzwdev18MA5GGY2TxEriVgIqPPryBQmUVcRXQD28NzB/0sf
X-Received: by 2002:a05:6870:a912:b0:1e9:bfe7:e842 with SMTP id
eq18-20020a056870a91200b001e9bfe7e842mr1551441oab.32.1699442716387;
Wed, 08 Nov 2023 03:25:16 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1699442716; cv=none;
d=google.com; s=arc-20160816;
b=diesn3EWJ6bk5ES8GYSq19XIhLg4wgE/WqjsAWJk/yYhM3o3oJcJseEwNwylb3K0bD
P8aibnBxs77X+KokVfU7z6QSgcqqeC6ruby6NbuZ5e/HzsisB5o2139SntnaQciG4gr7
a6rdYui32ZudCFBfGbGdee8rLHswDz0lbuqG+zF01WjXOpwi9478hPHbk9yLyMgjDC3O
QXwAN34pVImjyc3Vfm98q9Tqx07Pf8EW0YKb8qdQgcHQswwKqRIhyubGyQLmG7Mk7GRo
urR/NIcJDZ2pbl6rGX8NIoU+zveDL8R0QmyyH5OpV6fz2KDWp05Iik5uH4wjoQKGoMqd
bnLg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=r3WKjqld4qql+FLcnzKJq/fsWtORZpLYW1PJ8L9F7HI=;
fh=Qdq7NqGm5JR9LpctBpXjoRI38Lb2mCk6xy26GEDp1Bg=;
b=ro4ZBkugGbCJ9pu7iuWC1Bn76//9K5p0Z9rvbkxl6KOfbOZ7r4Kalq/b31BYTeqpI5
9oOnFfSupWLeTk3068Pj6tQQhyRHEd5ILWMqiUHiiioL4IsOpXrtuw9toxWKqHAy+PI+
9YsCTm9uooYrjNbLgGz5ifBORKWV6r8oW83l6bmwHKRQm2cHzBm2lIs6yjC97A2O00PY
T5SI7aL81VGaJOZq0NPBFDfIyELdkiIHooc+zzEYMVW+PV2uB4WZF3rWWS0OhPFB9cY0
PXFf8hWewVu4WnRSoD1eitoy46/q+izq251njwoS33Rmulw1+kXd/NuaV0/w7jCBl44E
o0zA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=lRDOzF+2;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.32 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com
Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32])
by mx.google.com with ESMTPS id
bq10-20020a056a02044a00b00563da455862si4632015pgb.311.2023.11.08.03.25.15
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 08 Nov 2023 03:25:16 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32;
Authentication-Results: mx.google.com;
dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=lRDOzF+2;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.32 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by agentk.vger.email (Postfix) with ESMTP id 4764681A1BD1;
Wed, 8 Nov 2023 03:25:12 -0800 (PST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S1344373AbjKHLYo (ORCPT <rfc822;jaysivo@gmail.com> + 32 others);
Wed, 8 Nov 2023 06:24:44 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51778 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S235583AbjKHLY2 (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 8 Nov 2023 06:24:28 -0500
Received: from smtp-fw-52003.amazon.com (smtp-fw-52003.amazon.com
[52.119.213.152])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C4A871FC2;
Wed, 8 Nov 2023 03:24:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209;
t=1699442667; x=1730978667;
h=from:to:cc:subject:date:message-id:in-reply-to:
references:mime-version:content-transfer-encoding;
bh=r3WKjqld4qql+FLcnzKJq/fsWtORZpLYW1PJ8L9F7HI=;
b=lRDOzF+2/uSWtu6g6xiZPogGFIFZOEPhkU35BDMtOA7U8brSCvQ0mnZX
jD8hivVkW40ZS2DOg3FS40/NOB5hG3A4n2gQbMg/ocMKnrcgInsI44svG
MLXztXFUWmKvEOTR2olymytYWaNwqvRsY2Z8rlBbsWNEtaQ+AKlJonGxq
w=;
X-IronPort-AV: E=Sophos;i="6.03,286,1694736000";
d="scan'208";a="618316712"
Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO
email-inbound-relay-iad-1a-m6i4x-54a853e6.us-east-1.amazon.com) ([10.43.8.6])
by smtp-border-fw-52003.iad7.amazon.com with
ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Nov 2023 11:24:26 +0000
Received: from smtpout.prod.us-east-1.prod.farcaster.email.amazon.dev
(iad7-ws-svc-p70-lb3-vlan3.iad.amazon.com [10.32.235.38])
by email-inbound-relay-iad-1a-m6i4x-54a853e6.us-east-1.amazon.com
(Postfix) with ESMTPS id 2BB5348ECD;
Wed, 8 Nov 2023 11:24:21 +0000 (UTC)
Received: from EX19MTAEUC001.ant.amazon.com [10.0.10.100:34530]
by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.22.222:2525]
with esmtp (Farcaster)
id ada2ae65-467f-4b1a-8aba-0d7dc7fba03f; Wed, 8 Nov 2023 11:24:21 +0000 (UTC)
X-Farcaster-Flow-ID: ada2ae65-467f-4b1a-8aba-0d7dc7fba03f
Received: from EX19D004EUC001.ant.amazon.com (10.252.51.190) by
EX19MTAEUC001.ant.amazon.com (10.252.51.155) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1118.39; Wed, 8 Nov 2023 11:24:19 +0000
Received: from dev-dsk-nsaenz-1b-189b39ae.eu-west-1.amazon.com (10.13.235.138)
by EX19D004EUC001.ant.amazon.com (10.252.51.190) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1118.39; Wed, 8 Nov 2023 11:24:14 +0000
From: Nicolas Saenz Julienne <nsaenz@amazon.com>
To: <kvm@vger.kernel.org>
CC: <linux-kernel@vger.kernel.org>, <linux-hyperv@vger.kernel.org>,
<pbonzini@redhat.com>, <seanjc@google.com>, <vkuznets@redhat.com>,
<anelkz@amazon.com>, <graf@amazon.com>, <dwmw@amazon.co.uk>,
<jgowans@amazon.com>, <corbert@lwn.net>, <kys@microsoft.com>,
<haiyangz@microsoft.com>, <decui@microsoft.com>, <x86@kernel.org>,
<linux-doc@vger.kernel.org>,
Nicolas Saenz Julienne <nsaenz@amazon.com>
Subject: [RFC 29/33] KVM: VMX: Save instruction length on EPT violation
Date: Wed, 8 Nov 2023 11:18:02 +0000
Message-ID: <20231108111806.92604-30-nsaenz@amazon.com>
X-Mailer: git-send-email 2.40.1
In-Reply-To: <20231108111806.92604-1-nsaenz@amazon.com>
References: <20231108111806.92604-1-nsaenz@amazon.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-Originating-IP: [10.13.235.138]
X-ClientProxiedBy: EX19D031UWC003.ant.amazon.com (10.13.139.252) To
EX19D004EUC001.ant.amazon.com (10.252.51.190)
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]);
Wed, 08 Nov 2023 03:25:12 -0800 (PST)
X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,
UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no
version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1781994845751914758
X-GMAIL-MSGID: 1781994845751914758
|
| Series |
KVM: x86: hyperv: Introduce VSM support
|
|
Commit Message
Nicolas Saenz Julienne
Nov. 8, 2023, 11:18 a.m. UTC
Save the length of the instruction that triggered an EPT violation in
struct kvm_vcpu_arch. This will be used to populate Hyper-V VSM memory
intercept messages.
Signed-off-by: Nicolas Saenz Julienne <nsaenz@amazon.com>
---
arch/x86/include/asm/kvm_host.h | 2 ++
arch/x86/kvm/vmx/vmx.c | 1 +
2 files changed, 3 insertions(+)
Comments
On 08.11.23 12:18, Nicolas Saenz Julienne wrote: > Save the length of the instruction that triggered an EPT violation in > struct kvm_vcpu_arch. This will be used to populate Hyper-V VSM memory > intercept messages. > > Signed-off-by: Nicolas Saenz Julienne <nsaenz@amazon.com> In v1, please do this for SVM as well :) Alex Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879
On Wed, Nov 08, 2023, Alexander Graf wrote: > > On 08.11.23 12:18, Nicolas Saenz Julienne wrote: > > Save the length of the instruction that triggered an EPT violation in > > struct kvm_vcpu_arch. This will be used to populate Hyper-V VSM memory > > intercept messages. > > > > Signed-off-by: Nicolas Saenz Julienne <nsaenz@amazon.com> > > > In v1, please do this for SVM as well :) Why? KVM caches values on VMX because VMREAD is measurable slower than memory accesses, especially when running nested. SVM has no such problems. I wouldn't be surprised if adding a "cache" is actually less performant due to increased pressure and misses on the hardware cache.
On 08.11.23 17:15, Sean Christopherson wrote: > > On Wed, Nov 08, 2023, Alexander Graf wrote: >> On 08.11.23 12:18, Nicolas Saenz Julienne wrote: >>> Save the length of the instruction that triggered an EPT violation in >>> struct kvm_vcpu_arch. This will be used to populate Hyper-V VSM memory >>> intercept messages. >>> >>> Signed-off-by: Nicolas Saenz Julienne <nsaenz@amazon.com> >> >> In v1, please do this for SVM as well :) > Why? KVM caches values on VMX because VMREAD is measurable slower than memory > accesses, especially when running nested. SVM has no such problems. I wouldn't > be surprised if adding a "cache" is actually less performant due to increased > pressure and misses on the hardware cache. My understanding was that this patch wasn't about caching it, it was about storing it somewhere generically so we can use it for the fault injection code path in the following patch. And if we don't set this variable for SVM, it just means Credential Guard fault injection would be broken there. Alex Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879
On Wed, Nov 08, 2023, Nicolas Saenz Julienne wrote: > Save the length of the instruction that triggered an EPT violation in > struct kvm_vcpu_arch. This will be used to populate Hyper-V VSM memory > intercept messages. This is silly and unnecessarily obfuscates *why* (as my response regarding SVM shows), i.e. that this is "needed" becuase the value is consumed by a *different* vCPU, not because of performance concerns. It's also broken, AFAICT nothing prevents the intercepted vCPU from hitting a different EPT violation before the target vCPU consumes exit_instruction_len. Holy cow. All of deliver_gpa_intercept() is wildly unsafe. Aside from race conditions, which in and of themselves are a non-starter, nothing guarantees that the intercepted vCPU actually cached all of the information that is held in its VMCS. The sane way to do this is to snapshot *all* information on the intercepted vCPU, and then hand that off as a payload to the target vCPU. That is, assuming the cross-vCPU stuff is actually necessary. At a glance, I don't see anything that explains *why*.
On 08.11.23 18:20, Sean Christopherson wrote: > On Wed, Nov 08, 2023, Nicolas Saenz Julienne wrote: >> Save the length of the instruction that triggered an EPT violation in >> struct kvm_vcpu_arch. This will be used to populate Hyper-V VSM memory >> intercept messages. > This is silly and unnecessarily obfuscates *why* (as my response regarding SVM > shows), i.e. that this is "needed" becuase the value is consumed by a *different* > vCPU, not because of performance concerns. > > It's also broken, AFAICT nothing prevents the intercepted vCPU from hitting a > different EPT violation before the target vCPU consumes exit_instruction_len. > > Holy cow. All of deliver_gpa_intercept() is wildly unsafe. Aside from race > conditions, which in and of themselves are a non-starter, nothing guarantees that > the intercepted vCPU actually cached all of the information that is held in its VMCS. > > The sane way to do this is to snapshot *all* information on the intercepted vCPU, > and then hand that off as a payload to the target vCPU. That is, assuming the > cross-vCPU stuff is actually necessary. At a glance, I don't see anything that > explains *why*. Yup, I believe you repeated the comment I had on the function - and Nicolas already agreed :). This should go through user space which automatically means you need to bubble up all necessary trap data to user space on the faulting vCPU and then inject the full set of data into the receiving one. My point with the comment on this patch was "Don't break AMD (or ancient VMX without instruction length decoding [Does that exist? I know SVM has old CPUs that don't do it]) please". Alex Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879
On Wed, Nov 8, 2023 at 9:27 AM Alexander Graf <graf@amazon.com> wrote: > My point with the comment on this patch was "Don't break AMD (or ancient > VMX without instruction length decoding [Does that exist? I know SVM has > old CPUs that don't do it]) please". VM-exit instruction length is not defined for all VM-exit reasons (EPT misconfiguration is one that is notably absent), but the field has been there since Prescott.
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 1f5a85d461ce..1a854776d91e 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -967,6 +967,8 @@ struct kvm_vcpu_arch { /* set at EPT violation at this point */ unsigned long exit_qualification; + u32 exit_instruction_len; + /* pv related host specific info */ struct { bool pv_unhalted; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 6e502ba93141..9c83ee3a293d 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -5773,6 +5773,7 @@ static int handle_ept_violation(struct kvm_vcpu *vcpu) PFERR_GUEST_FINAL_MASK : PFERR_GUEST_PAGE_MASK; vcpu->arch.exit_qualification = exit_qualification; + vcpu->arch.exit_instruction_len = vmcs_read32(VM_EXIT_INSTRUCTION_LEN); /* * Check that the GPA doesn't exceed physical memory limits, as that is