From: Sean Christopherson <seanjc@google.com>
To: "Kalra, Ashish" <ashish.kalra@amd.com>
Cc: ovidiu.panait@windriver.com, kvm@vger.kernel.org,
liam.merwick@oracle.com, mizhang@google.com, pbonzini@redhat.com,
thomas.lendacky@amd.com, michael.roth@amd.com, pgonda@google.com,
marcorr@google.com, alpergun@google.com, jarkko@kernel.org,
jroedel@suse.de, bp@alien8.de, rientjes@google.com
Subject: Re: [PATCH 5.4 1/1] KVM: SEV: add cache flush to solve SEV cache incoherency issues
Date: Fri, 7 Oct 2022 01:15:08 +0000 [thread overview]
Message-ID: <Yz99nF+d6D+37efE@google.com> (raw)
In-Reply-To: <215ee1ce-b6eb-9699-d682-f2e592cde448@amd.com>
On Thu, Oct 06, 2022, Kalra, Ashish wrote:
> For the MMU invalidation notifiers we are going to make two changes
> currently:
>
> 1). Use clflush/clflushopt instead of wbinvd_on_all_cpus() for range <= 2MB.
IMO, this isn't worth pursuing, to the point where I might object to this code
being added upstream. Avoiding WBINVD for the mmu_notifiers doesn't prevent a
malicious userspace from using SEV-induced WBINVD to effectively DoS the host,
e.g. userspace can simply ADD+DELETE memslots, or mprotect() chunks > 2mb.
Using clfushopt also effectively puts a requirement on mm/ that the notifiers
be invoked _before_ PTEs are modified in the primary MMU, otherwise KVM may not
be able to resolve the VA=>PFN, or even worse, resolve the wrong PFN.
And no sane VMM should be modifying userspace mappings that cover SEV guest memory
at any reasonable rate.
In other words, switching to CLFUSHOPT for SEV+SEV-ES VMs is effectively a
band-aid for the NUMA balancing issue. A far better solution for NUMA balancing
would be to pursue a fix for the underlying problem, e.g. disable NUMA balancing
entirely for SEV/SEV-ES VMs. That might already be doable from userspace by
manipulating memory policy, and if not there's a WIP patch[*] that would make it
trivial for the userspace VMM to disable NUMA balancing.
As for guarding against DoS, /dev/sev should really be locked down so that only
sufficiently privileged users can create SEV VMs.
[*] https://lore.kernel.org/all/20220929064359.46932-1-ligang.bdlg@bytedance.com
next prev parent reply other threads:[~2022-10-07 1:15 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-26 14:52 [PATCH 5.4 1/1] KVM: SEV: add cache flush to solve SEV cache incoherency issues Ovidiu Panait
2022-09-26 19:00 ` Liam Merwick
2022-09-27 0:07 ` Ashish Kalra
2022-09-27 0:37 ` Sean Christopherson
2022-10-06 17:36 ` Kalra, Ashish
2022-10-07 1:15 ` Sean Christopherson [this message]
2022-10-07 6:03 ` Mingwei Zhang
2022-10-07 15:51 ` Sean Christopherson
2022-10-07 17:00 ` Sean Christopherson
2022-09-27 8:03 ` Ovidiu Panait
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yz99nF+d6D+37efE@google.com \
--to=seanjc@google.com \
--cc=alpergun@google.com \
--cc=ashish.kalra@amd.com \
--cc=bp@alien8.de \
--cc=jarkko@kernel.org \
--cc=jroedel@suse.de \
--cc=kvm@vger.kernel.org \
--cc=liam.merwick@oracle.com \
--cc=marcorr@google.com \
--cc=michael.roth@amd.com \
--cc=mizhang@google.com \
--cc=ovidiu.panait@windriver.com \
--cc=pbonzini@redhat.com \
--cc=pgonda@google.com \
--cc=rientjes@google.com \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.