From: "Huang, Kai" <kai.huang@intel.com>
To: "Christopherson, Sean J" <sean.j.christopherson@intel.com>
Cc: "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"guangrong.xiao@gmail.com" <guangrong.xiao@gmail.com>,
"hpa@zytor.com" <hpa@zytor.com>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"bp@alien8.de" <bp@alien8.de>,
"thomas.lendacky@amd.com" <thomas.lendacky@amd.com>,
"rkrcmar@redhat.com" <rkrcmar@redhat.com>,
"brijesh.singh@amd.com" <brijesh.singh@amd.com>,
"junaids@google.com" <junaids@google.com>
Subject: Re: [PATCH] kvm: x86: Fix several SPTE mask calculation errors caused by MKTME
Date: Wed, 24 Apr 2019 20:51:03 +0000 [thread overview]
Message-ID: <1556139060.29618.34.camel@intel.com> (raw)
In-Reply-To: <20190424155754.GD18442@linux.intel.com>
On Wed, 2019-04-24 at 08:57 -0700, Sean Christopherson wrote:
> On Wed, Apr 24, 2019 at 05:13:12AM -0700, Huang, Kai wrote:
> >
> > > > > low_phys_bits = boot_cpu_data.x86_phys_bits;
> > > > > - if (boot_cpu_data.x86_phys_bits <
> > > > > - 52 - shadow_nonpresent_or_rsvd_mask_len) {
> > > > > + shadow_nonpresent_or_rsvd_mask = 0;
> > > > > + if (need_l1tf) {
> > > > > shadow_nonpresent_or_rsvd_mask =
> > > > > rsvd_bits(boot_cpu_data.x86_phys_bits -
> > > > > shadow_nonpresent_or_rsvd_mask_len,
> > > >
> > > > This is broken, the reserved bits mask is being calculated with the wrong
> > > > number of physical bits. I think fixing this would eliminate the need for
> > > > the high_gpa_offset shenanigans.
> > >
> > > You are right. should use 'shadow_phys_bits' instead. Thanks. Let me think
> > > whether high_gpa_offset can be avoided.
> > >
> >
> > Hi Sean, Paolo, and others,
> >
> > After re-thinking, I think we should even use boot_cpu_data.x86_cache_bits to
> > calculate shadow_nonpresent_or_rsvd_mask, but not shadow_phys_bits, since for
> > some particular Intel CPU, the internal cache bits are larger than physical
> > address bits reported by CPUID. To make this KVM L1TF migitation work, we
> > actually have to set the highest bit of cache bits, but not the physical
> > address bits in SPTE (which means the original code also has a bug if I
> > understand correctly).
>
> What's the exact CPU behavior you're referencing? Unless it's doing some
> crazy PA aliasing it should be a non-issue.
There's no spec saying the exact behavior, but I am looking at this:
https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-l1-terminal-
fault
"Some processors may internally implement more address bits in the L1D cache than are
reported in MAXPHYADDR. This is not reported by CPUID, so the following table can be used:
Table 2: Processors Implementing More L1D Address Bits than Reported
Processor code name Implemented L1D bits
Nehalem, Westmere 44
Sandy Bridge and newer 46
On these systems the OS can set one or more bits above MAXPHYADDR but below the L1D limit
to ensure that the PTE does not reference any physical memory address. This can often be
used to avoid limiting the amount of usable physical memory."
And kernel actually set limit of usable physical memory by checking boot_cpu_data.x86_cache_bits:
static inline unsigned long long l1tf_pfn_limit(void)
{
return BIT_ULL(boot_cpu_data.x86_cache_bits - 1 - PAGE_SHIFT);
}
Thanks,
-Kai
prev parent reply other threads:[~2019-04-24 20:51 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-16 9:19 [PATCH] kvm: x86: Fix several SPTE mask calculation errors caused by MKTME Kai Huang
2019-04-22 16:39 ` Sean Christopherson
2019-04-23 1:57 ` Huang, Kai
2019-04-23 15:08 ` Sean Christopherson
2019-04-23 23:38 ` Huang, Kai
2019-04-24 15:35 ` Sean Christopherson
2019-04-24 12:13 ` Huang, Kai
2019-04-24 15:57 ` Sean Christopherson
2019-04-24 20:51 ` Huang, Kai [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1556139060.29618.34.camel@intel.com \
--to=kai.huang@intel.com \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=guangrong.xiao@gmail.com \
--cc=hpa@zytor.com \
--cc=junaids@google.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=sean.j.christopherson@intel.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox