From: Sean Christopherson <seanjc@google.com>
To: Dave Hansen <dave.hansen@intel.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Andy Lutomirski <luto@kernel.org>, Jon Kohler <jon@nutanix.com>,
Babu Moger <babu.moger@amd.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
X86 ML <x86@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
Fenghua Yu <fenghua.yu@intel.com>,
Yu-cheng Yu <yu-cheng.yu@intel.com>,
Tony Luck <tony.luck@intel.com>, Uros Bizjak <ubizjak@gmail.com>,
Petteri Aimonen <jpa@git.mail.kapsi.fi>,
Kan Liang <kan.liang@linux.intel.com>,
Andrew Morton <akpm@linux-foundation.org>,
Mike Rapoport <rppt@kernel.org>,
Benjamin Thiel <b.thiel@posteo.de>,
Fan Yang <Fan_Yang@sjtu.edu.cn>, Juergen Gross <jgross@suse.com>,
Dave Jiang <dave.jiang@intel.com>,
"Peter Zijlstra (Intel)" <peterz@infradead.org>,
Ricardo Neri <ricardo.neri-calderon@linux.intel.com>,
Arvind Sankar <nivedita@alum.mit.edu>,
LKML <linux-kernel@vger.kernel.org>,
kvm list <kvm@vger.kernel.org>
Subject: Re: [PATCH] KVM: x86: add hint to skip hidden rdpkru under kvm_load_host_xsave_state
Date: Mon, 17 May 2021 18:02:49 +0000 [thread overview]
Message-ID: <YKKvychM0nYV8pOJ@google.com> (raw)
In-Reply-To: <d568276b-5eda-80db-146e-273066aa6793@intel.com>
On Mon, May 17, 2021, Dave Hansen wrote:
> On 5/17/21 10:39 AM, Sean Christopherson wrote:
> > On Mon, May 17, 2021, Paolo Bonzini wrote:
> >> On 14/05/21 07:11, Andy Lutomirski wrote:
> >>> I don't even want to think about what happens if a perf NMI hits and
> >>> accesses host user memory while the guest PKRU is live (on VMX -- I
> >>> think this can't happen on SVM).
> >> This is indeed a problem, which indeed cannot happen on SVM but is there on
> >> VMX. Note that the function above is not handling all of the xstate, it's
> >> handling the *XSAVE state*, that is XCR0, XSS and PKRU. Thus the window is
> >> small, but it's there.
> >>
> >> Is it solvable at all, without having PKRU fields in the VMCS (and without
> >> masking NMIs in the LAPIC which would be too expensive)? Dave, Sean, what
> >> do you think?
> > The least awful solution would be to have the NMI handler restore the host's
> > PKRU. The NMI handler would need to save/restore the register, a la CR2, but the
> > whole thing could be optimized to run if and only if the NMI lands in the window
> > where the guest's PKRU is loaded.
>
> What were you thinking about? Something like:
>
> *this_cpu_ptr(&need_nmi_wpkru) = 1
> // Enter Guest
> __write_pkru(vcpu->arch.pkru);
> *this_cpu_ptr(&need_nmi_wpkru) = 0
>
> And then in the NMI handler:
>
> u32 pkru;
>
> if (*this_cpu_ptr(&need_nmi_wpkru)) {
> pkru = rdpku();
> __write_pkru(vcpu->arch.pkru);
This isn't correct, vcpu->arch.pkru holds the guest value, the NMI handler needs
to load the host value. I was thinking KVM would stash away the current host
value, and the NMI handler would check the saved value against rdpkru().
> }
> ...
> copy_*_user_nmi(... whatever ...);
> ...
> if (*this_cpu_ptr(&need_nmi_wpkru))
> __write_pkru(pkru);
>
> ?
>
> I was thinking we could just blow away PKRU without saving/restoring it
> in the NMI handler, but that might clobber PKRU in the window between
> need_nmi_wpkru=1 and entering the guest.
Yep. It would also blow away the guest's value if the guest did WRPKU while it
was running since KVM would never get a chance to read/save the guest's new value.
> But, the save/restore seems doable especially since we can do it in C
> and don't have to mess with the NMI stack or anything.
next prev parent reply other threads:[~2021-05-17 18:02 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-07 16:44 [PATCH] KVM: x86: add hint to skip hidden rdpkru under kvm_load_host_xsave_state Jon Kohler
2021-05-07 16:52 ` Paolo Bonzini
2021-05-07 16:58 ` Dave Hansen
2021-05-07 17:13 ` Jon Kohler
2021-05-14 5:11 ` Andy Lutomirski
2021-05-17 2:50 ` Jon Kohler
2021-05-17 16:35 ` Tom Lendacky
2021-05-17 7:46 ` Paolo Bonzini
2021-05-17 17:39 ` Sean Christopherson
2021-05-17 17:55 ` Dave Hansen
2021-05-17 18:02 ` Sean Christopherson [this message]
[not found] ` <4e6f7056-6b66-46b9-9eac-922ae1c7b526@www.fastmail.com>
2021-05-17 17:59 ` Dave Hansen
2021-05-17 18:04 ` Sean Christopherson
2021-05-17 18:15 ` Jim Mattson
2021-05-17 18:34 ` Sean Christopherson
2021-05-19 22:44 ` Dave Hansen
2021-05-19 23:15 ` Andy Lutomirski
2021-05-17 13:54 ` Dave Hansen
2021-05-17 16:43 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YKKvychM0nYV8pOJ@google.com \
--to=seanjc@google.com \
--cc=Fan_Yang@sjtu.edu.cn \
--cc=akpm@linux-foundation.org \
--cc=b.thiel@posteo.de \
--cc=babu.moger@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=dave.jiang@intel.com \
--cc=fenghua.yu@intel.com \
--cc=hpa@zytor.com \
--cc=jgross@suse.com \
--cc=jmattson@google.com \
--cc=jon@nutanix.com \
--cc=joro@8bytes.org \
--cc=jpa@git.mail.kapsi.fi \
--cc=kan.liang@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=nivedita@alum.mit.edu \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=ricardo.neri-calderon@linux.intel.com \
--cc=rppt@kernel.org \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=ubizjak@gmail.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
--cc=yu-cheng.yu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.