From: Sean Christopherson <seanjc@google.com>
To: Lai Jiangshan <jiangshanlai@gmail.com>
Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
Paolo Bonzini <pbonzini@redhat.com>,
Lai Jiangshan <laijs@linux.alibaba.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>
Subject: Re: [PATCH 3/4] KVM: X86: Handle implicit supervisor access with SMAP
Date: Tue, 7 Dec 2021 21:52:33 +0000 [thread overview]
Message-ID: <Ya/XoYTsEvkPqRuh@google.com> (raw)
In-Reply-To: <20211207095039.53166-4-jiangshanlai@gmail.com>
On Tue, Dec 07, 2021, Lai Jiangshan wrote:
> diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h
> index b70b36734bc0..0cb2c52377c8 100644
> --- a/arch/x86/kvm/mmu.h
> +++ b/arch/x86/kvm/mmu.h
> @@ -252,23 +252,26 @@ static inline u8 permission_fault(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu,
> unsigned pte_access, unsigned pte_pkey,
> unsigned pfec)
> {
> - int cpl = static_call(kvm_x86_get_cpl)(vcpu);
> unsigned long rflags = static_call(kvm_x86_get_rflags)(vcpu);
>
> /*
> - * If CPL < 3, SMAP prevention are disabled if EFLAGS.AC = 1.
> + * If explicit supervisor accesses, SMAP is disabled
Slight reword, and each clause can fit on one line.
* For explicit supervisor accesses, SMAP is disabled if EFLAGS.AC = 1.
*
* For implicit supervisor accesses, SMAP cannot be overridden.
> + * if EFLAGS.AC = 1.
> *
> - * If CPL = 3, SMAP applies to all supervisor-mode data accesses
> - * (these are implicit supervisor accesses) regardless of the value
> - * of EFLAGS.AC.
> + * If implicit supervisor accesses, SMAP can not be disabled
> + * regardless of the value EFLAGS.AC.
> *
> - * This computes (cpl < 3) && (rflags & X86_EFLAGS_AC), leaving
> + * SMAP works on supervisor accesses only, and not_smap can
> + * be set or not set when user access with neither has any bearing
> + * on the result.
This is quite jumbled, I'd just drop it entirely, the interesting bits are
the rules for implicit vs. explicit and the blurb below that describes the magic.
> + *
> + * This computes explicit_access && (rflags & X86_EFLAGS_AC), leaving
Too many &&, the logic below is a bitwise &, not a logical &&.
> * the result in X86_EFLAGS_AC. We then insert it in place of
> * the PFERR_RSVD_MASK bit; this bit will always be zero in pfec,
> * but it will be one in index if SMAP checks are being overridden.
> * It is important to keep this branchless.
Heh, so important that it incurs multiple branches and possible VMREADs in
vmx_get_cpl() and vmx_get_rflags(). And before static_call, multiple retpolines
to boot. Probably a net win now as only the first permission_fault() check for
a given VM-Exit be penalized, but the comment is amusing nonetheless.
> */
> - unsigned long not_smap = (cpl - 3) & (rflags & X86_EFLAGS_AC);
> + u32 not_smap = (rflags & X86_EFLAGS_AC) & vcpu->arch.explicit_access;
I really, really dislike shoving this into vcpu->arch. I'd much prefer to make
this a property of the access, even if that means adding another param or doing
something gross with @access (@pfec here).
> int index = (pfec >> 1) +
> (not_smap >> (X86_EFLAGS_AC_BIT - PFERR_RSVD_BIT + 1));
> bool fault = (mmu->permissions[index] >> pte_access) & 1;
next prev parent reply other threads:[~2021-12-07 21:52 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-07 9:50 [PATCH 0/4] KVM: X86: Improve permission_fault() for SMAP Lai Jiangshan
2021-12-07 9:50 ` [PATCH 1/4] KVM: X86: Fix comments in update_permission_bitmask Lai Jiangshan
2021-12-07 9:50 ` [PATCH 2/4] KVM: X86: Rename variable smap to not_smap in permission_fault() Lai Jiangshan
2021-12-07 9:50 ` [PATCH 3/4] KVM: X86: Handle implicit supervisor access with SMAP Lai Jiangshan
2021-12-07 21:52 ` Sean Christopherson [this message]
2021-12-07 23:30 ` Lai Jiangshan
2021-12-08 9:12 ` Paolo Bonzini
2021-12-07 9:50 ` [PATCH 4/4] KVM: X86: Only get rflags when needed in permission_fault() Lai Jiangshan
2021-12-07 21:57 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Ya/XoYTsEvkPqRuh@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jiangshanlai@gmail.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=laijs@linux.alibaba.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox