From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: Jim Mattson <jmattson@google.com>
Cc: "kvm list" <kvm@vger.kernel.org>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Roman Kagan" <rkagan@virtuozzo.com>,
"K. Y. Srinivasan" <kys@microsoft.com>,
"Haiyang Zhang" <haiyangz@microsoft.com>,
"Stephen Hemminger" <sthemmin@microsoft.com>,
"Michael Kelley (EOSG)" <Michael.H.Kelley@microsoft.com>,
LKML <linux-kernel@vger.kernel.org>,
"Liran Alon" <liran.alon@oracle.com>
Subject: Re: [PATCH v6 05/13] KVM: nVMX: implement enlightened VMPTRLD and VMCLEAR
Date: Thu, 13 Dec 2018 11:26:02 +0100 [thread overview]
Message-ID: <87k1kd4tad.fsf@vitty.brq.redhat.com> (raw)
In-Reply-To: <CALMp9eTqBJsZ0L36CGeRy20BVTryJgQtmqAUs0Lg_+NJnbyxzw@mail.gmail.com>
Jim Mattson <jmattson@google.com> writes:
> On Tue, Oct 16, 2018 at 9:50 AM Vitaly Kuznetsov <vkuznets@redhat.com> wrote:
>>
>> +
>> + vmx->nested.hv_evmcs = kmap(vmx->nested.hv_evmcs_page);
>
> Are you sure that directly mapping guest memory isn't going to lead to
> time-of-check vs. time-of-use bugs? This is a very hard programming
> model to get right.
The basic assumption here is that Enlightened VMCS (just like normal or
shadow VMCSes) is being access by one L1 vCPU only. When we access it
from KVM the vCPU is not running. Yes, L1 guest can screw itself up by
breaking this assumption but honestly I don't see how this is different
from normal VMCS: we can always break things by writing to the page from
a different vCPU.
Enlightened VMCS is (mostly) not used directly: we copy it to vmcs12 and
then back before entry. The only field we always access directly is
hv_clean_fields. We can, of course, copy it to vmcs12 too but I failed
to find a reason to do so: L1 guest is in control of the field, it can
always write junk there and L2 guest will likely get broken.
I remember having map/copy/unmap sequences for eVMCS on entry/exit in
some early version of this series but it was just slowing things down so
I switched to having it permanently mapped. In case you see (potential)
grave bugs with this we can of course re-consider.
Thanks,
--
Vitaly
next prev parent reply other threads:[~2018-12-13 10:26 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-16 16:49 [PATCH v6 00/13] KVM: nVMX: Enlightened VMCS for Hyper-V on KVM Vitaly Kuznetsov
2018-10-16 16:49 ` [PATCH v6 01/13] KVM: hyperv: define VP assist page helpers Vitaly Kuznetsov
2018-10-16 16:50 ` [PATCH v6 02/13] KVM: VMX: refactor evmcs_sanitize_exec_ctrls() Vitaly Kuznetsov
2018-10-16 16:50 ` [PATCH v6 03/13] KVM: nVMX: add KVM_CAP_HYPERV_ENLIGHTENED_VMCS capability Vitaly Kuznetsov
2018-10-16 16:50 ` [PATCH v6 04/13] KVM: nVMX: add enlightened VMCS state Vitaly Kuznetsov
2018-10-16 16:50 ` [PATCH v6 05/13] KVM: nVMX: implement enlightened VMPTRLD and VMCLEAR Vitaly Kuznetsov
2018-12-12 23:19 ` Jim Mattson
2018-12-13 10:26 ` Vitaly Kuznetsov [this message]
2018-10-16 16:50 ` [PATCH v6 06/13] KVM: nVMX: optimize prepare_vmcs02{,_full} for Enlightened VMCS case Vitaly Kuznetsov
2018-10-16 21:55 ` Paolo Bonzini
2018-10-17 14:47 ` Vitaly Kuznetsov
2018-10-17 17:02 ` Paolo Bonzini
2018-10-17 17:08 ` Jim Mattson
2018-10-17 17:17 ` Paolo Bonzini
2018-10-18 11:14 ` Vitaly Kuznetsov
2018-10-18 12:42 ` Paolo Bonzini
2018-10-16 16:50 ` [PATCH v6 07/13] x86/kvm/hyperv: don't clear VP assist pages on init Vitaly Kuznetsov
2018-10-16 16:50 ` [PATCH v6 08/13] x86/kvm/lapic: preserve gfn_to_hva_cache len on cache reinit Vitaly Kuznetsov
2018-10-16 16:50 ` [PATCH v6 09/13] x86/kvm/nVMX: allow bare VMXON state migration Vitaly Kuznetsov
2018-10-16 16:50 ` [PATCH v6 10/13] KVM: selftests: state_test: test bare VMXON migration Vitaly Kuznetsov
2018-10-16 16:50 ` [PATCH v6 11/13] x86/kvm/nVMX: nested state migration for Enlightened VMCS Vitaly Kuznetsov
2018-10-16 16:50 ` [PATCH v6 12/13] tools/headers: update kvm.h Vitaly Kuznetsov
2018-10-16 16:50 ` [PATCH v6 13/13] KVM: selftests: add Enlightened VMCS test Vitaly Kuznetsov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k1kd4tad.fsf@vitty.brq.redhat.com \
--to=vkuznets@redhat.com \
--cc=Michael.H.Kelley@microsoft.com \
--cc=haiyangz@microsoft.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=kys@microsoft.com \
--cc=linux-kernel@vger.kernel.org \
--cc=liran.alon@oracle.com \
--cc=pbonzini@redhat.com \
--cc=rkagan@virtuozzo.com \
--cc=rkrcmar@redhat.com \
--cc=sthemmin@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox