From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D51B6C433DF for ; Thu, 4 Jun 2020 15:48:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BCE7720823 for ; Thu, 4 Jun 2020 15:48:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729605AbgFDPsi (ORCPT ); Thu, 4 Jun 2020 11:48:38 -0400 Received: from mga12.intel.com ([192.55.52.136]:39160 "EHLO mga12.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729302AbgFDPsh (ORCPT ); Thu, 4 Jun 2020 11:48:37 -0400 IronPort-SDR: 9atNL4XUTZ19L5gP8tQAWfViLRx27VV39bZUzYFE2wr//jNLRr0MMbrx091SntBXHG2XNJ0+LA adakuz7Lj1Eg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Jun 2020 08:48:35 -0700 IronPort-SDR: czgfksgqsVm/VnDrBXeRHwEEa5jbQTP7gldiJ1egYZulRkXR9PaUheprFn3q2xd5lhLpAlflog lDqkO3C6d/Jw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,472,1583222400"; d="scan'208";a="312930509" Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.152]) by FMSMGA003.fm.intel.com with ESMTP; 04 Jun 2020 08:48:34 -0700 Date: Thu, 4 Jun 2020 08:48:35 -0700 From: Sean Christopherson To: Marc Zyngier Cc: "Kirill A. Shutemov" , Dave Hansen , Andy Lutomirski , Peter Zijlstra , Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , David Rientjes , Andrea Arcangeli , Kees Cook , Will Drewry , "Edgecombe, Rick P" , "Kleen, Andi" , x86@kernel.org, kvm@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" , kernel-team@android.com, will@kernel.org, Jun Nakajima Subject: Re: [RFC 00/16] KVM protected memory extension Message-ID: <20200604154835.GE30223@linux.intel.com> References: <20200522125214.31348-1-kirill.shutemov@linux.intel.com> <20200604161523.39962919@why> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20200604161523.39962919@why> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org +Jun On Thu, Jun 04, 2020 at 04:15:23PM +0100, Marc Zyngier wrote: > Hi Kirill, > > Thanks for this. > > On Fri, 22 May 2020 15:51:58 +0300 > "Kirill A. Shutemov" wrote: > > > == Background / Problem == > > > > There are a number of hardware features (MKTME, SEV) which protect guest > > memory from some unauthorized host access. The patchset proposes a purely > > software feature that mitigates some of the same host-side read-only > > attacks. > > > > > > == What does this set mitigate? == > > > > - Host kernel ”accidental” access to guest data (think speculation) > > > > - Host kernel induced access to guest data (write(fd, &guest_data_ptr, len)) > > > > - Host userspace access to guest data (compromised qemu) > > > > == What does this set NOT mitigate? == > > > > - Full host kernel compromise. Kernel will just map the pages again. > > > > - Hardware attacks > > Just as a heads up, we (the Android kernel team) are currently > involved in something pretty similar for KVM/arm64 in order to bring > some level of confidentiality to guests. > > The main idea is to de-privilege the host kernel by wrapping it in its > own nested set of page tables which allows us to remove memory > allocated to guests on a per-page basis. The core hypervisor runs more > or less independently at its own privilege level. It still is KVM > though, as we don't intend to reinvent the wheel. > > Will has written a much more lingo-heavy description here: > https://lore.kernel.org/kvmarm/20200327165935.GA8048@willie-the-truck/ Pardon my arm64 ignorance... IIUC, in this mode, the host kernel runs at EL1? And to switch to a guest it has to bounce through EL2, which is KVM, or at least a chunk of KVM? I assume the EL1->EL2->EL1 switch is done by trapping an exception of some form? If all of the above are "yes", does KVM already have the necessary logic to perform the EL1->EL2->EL1 switches, or is that being added as part of the de-privileging effort? > This works for one of the virtualization modes that arm64 can use (what > we call non-VHE, or nVHE for short). The other mode (VHE), is much more > similar to what happens on other architectures, where the kernel and > the hypervisor are one single entity. In this case, we cannot use the > same trick with nested page tables, and have to rely on something that > would very much look like what you're proposing. > > Note that the two modes of the architecture would benefit from this > work anyway, as I'd like the host to know that we've pulled memory > from under its feet. Since you have done most of the initial work, I > intend to give it a go on arm64 shortly and see what sticks.