From: Sean Christopherson <seanjc@google.com>
To: Mathias Krause <minipli@grsecurity.net>
Cc: stable@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>,
kvm@vger.kernel.org
Subject: Re: [PATCH 5.15 0/8] KVM CR0.WP series backport
Date: Thu, 11 May 2023 14:15:31 -0700 [thread overview]
Message-ID: <ZF1a8xIGLwcdJDVZ@google.com> (raw)
In-Reply-To: <20230508154709.30043-1-minipli@grsecurity.net>
On Mon, May 08, 2023, Mathias Krause wrote:
> This is a backport of the CR0.WP KVM series[1] to Linux v5.15. It
> differs from the v6.1 backport as in needing additional prerequisite
> patches from Lai Jiangshan (and fixes for those) to ensure the
> assumption it's safe to let CR0.WP be a guest owned bit still stand.
NAK.
The CR0.WP changes also very subtly rely on commit 2ba676774dfc ("KVM: x86/mmu:
cleanup computation of MMU roles for two-dimensional paging"), which hardcodes
WP=1 in the mmu role. Without that, KVM will end up in a weird state when
reinitializing the MMU context without reloading the root, as KVM will effectively
change the role of an active root. E.g. child pages in the legacy MMU will have
a mix of WP=0 and WP=1 in their role.
The inconsistency may or may not cause functional problems (I honestly don't know),
but this missed dependency is exactly the type of problem that I am/was worried
about with respect to backporting these changes all the way to 5.15. I'm simply
not comfortable backporting these changes due to the number of modifications and
enhancements that we've made to the TDP MMU, and to KVM's MMU handling in general,
between 5.15 and 6.1.
next prev parent reply other threads:[~2023-05-11 21:15 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-08 15:47 [PATCH 5.15 0/8] KVM CR0.WP series backport Mathias Krause
2023-05-08 15:47 ` [PATCH 5.15 1/8] KVM: x86/mmu: Avoid indirect call for get_cr3 Mathias Krause
2023-05-08 15:47 ` [PATCH 5.15 2/8] KVM: x86: Do not unload MMU roots when only toggling CR0.WP with TDP enabled Mathias Krause
2023-05-08 15:47 ` [PATCH 5.15 3/8] KVM: x86: Make use of kvm_read_cr*_bits() when testing bits Mathias Krause
2023-05-08 15:47 ` [PATCH 5.15 4/8] KVM: VMX: Make CR0.WP a guest owned bit Mathias Krause
2023-05-08 15:47 ` [PATCH 5.15 5/8] KVM: X86: Don't reset mmu context when X86_CR4_PCIDE 1->0 Mathias Krause
2023-05-08 15:47 ` [PATCH 5.15 6/8] KVM: X86: Don't reset mmu context when toggling X86_CR4_PGE Mathias Krause
2023-05-08 15:47 ` [PATCH 5.15 7/8] KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed Mathias Krause
2023-05-08 15:47 ` [PATCH 5.15 8/8] KVM: x86/mmu: Refresh CR0.WP prior to checking for emulated permission faults Mathias Krause
2023-05-11 21:15 ` Sean Christopherson [this message]
2023-05-15 21:05 ` [PATCH 5.15 0/8] KVM CR0.WP series backport Mathias Krause
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZF1a8xIGLwcdJDVZ@google.com \
--to=seanjc@google.com \
--cc=kvm@vger.kernel.org \
--cc=minipli@grsecurity.net \
--cc=pbonzini@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox