From: "Adalbert Lazăr" <alazar@bitdefender.com>
To: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
Yang Weijiang <weijiang.yang@intel.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
pbonzini@redhat.com, sean.j.christopherson@intel.com,
mst@redhat.com, rkrcmar@redhat.com, jmattson@google.com,
yu.c.zhang@intel.com
Subject: Re: [PATCH v5 0/9] Enable Sub-page Write Protection Support
Date: Tue, 17 Sep 2019 19:24:15 +0300 [thread overview]
Message-ID: <15687374550.b5d3c.30742@host> (raw)
In-Reply-To: <20190917125904.GB22162@char.us.oracle.com>
On Tue, 17 Sep 2019 08:59:04 -0400, Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> wrote:
> On Tue, Sep 17, 2019 at 04:52:55PM +0800, Yang Weijiang wrote:
> > EPT-Based Sub-Page write Protection(SPP)is a HW capability which allows
> > Virtual Machine Monitor(VMM) to specify write-permission for guest
> > physical memory at a sub-page(128 byte) granularity. When this
> > capability is enabled, the CPU enforces write-access check for sub-pages
> > within a 4KB page.
> >
> > The feature is targeted to provide fine-grained memory protection for
> > usages such as device virtualization, memory check-point and VM
> > introspection etc.
> >
> > SPP is active when the "sub-page write protection" (bit 23) is 1 in
> > Secondary VM-Execution Controls. The feature is backed with a Sub-Page
> > Permission Table(SPPT), SPPT is referenced via a 64-bit control field
> > called Sub-Page Permission Table Pointer (SPPTP) which contains a
> > 4K-aligned physical address.
> >
> > To enable SPP for certain physical page, the gfn should be first mapped
> > to a 4KB entry, then set bit 61 of the corresponding EPT leaf entry.
> > While HW walks EPT, if bit 61 is set, it traverses SPPT with the guset
> > physical address to find out the sub-page permissions at the leaf entry.
> > If the corresponding bit is set, write to sub-page is permitted,
> > otherwise, SPP induced EPT violation is generated.
> >
> > This patch serial passed SPP function test and selftest on Ice-Lake platform.
> >
> > Please refer to the SPP introduction document in this patch set and
> > Intel SDM for details:
> >
> > Intel SDM:
> > https://software.intel.com/sites/default/files/managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdf
> >
> > SPP selftest patch:
> > https://lkml.org/lkml/2019/6/18/1197
> >
> > Previous patch:
> > https://lkml.org/lkml/2019/8/14/97
>
> I saw the patches as part of the introspection patch-set.
> Are you all working together on this?
Weijiang helped us to start using the SPP feature with the introspection
API and tested the integration when we didn't had the hardware
available. I've included the SPP patches in the introspection patch
series in order to "show the full picture".
> Would it be possible for some of the bitdefender folks who depend on this
> to provide Tested-by adn could they also take the time to review this patch-set?
Sure. Once we rebase the introspection patches on 5.3, we'll replace
the previous version this new one in our tree and test it.
next prev parent reply other threads:[~2019-09-17 16:33 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-17 8:52 [PATCH v5 0/9] Enable Sub-page Write Protection Support Yang Weijiang
2019-09-17 8:52 ` [PATCH v5 1/9] Documentation: Introduce EPT based Subpage Protection Yang Weijiang
2019-10-11 20:31 ` Jim Mattson
2019-10-15 8:53 ` Yang Weijiang
2019-09-17 8:52 ` [PATCH v5 2/9] vmx: spp: Add control flags for Sub-Page Protection(SPP) Yang Weijiang
2019-10-04 20:48 ` Jim Mattson
2019-10-04 21:02 ` Sean Christopherson
2019-10-15 1:53 ` Yang Weijiang
2019-09-17 8:52 ` [PATCH v5 3/9] mmu: spp: Add SPP Table setup functions Yang Weijiang
2019-09-17 8:52 ` [PATCH v5 4/9] mmu: spp: Add functions to create/destroy SPP bitmap block Yang Weijiang
2019-09-17 8:53 ` [PATCH v5 5/9] mmu: spp: Introduce SPP {init,set,get} functions Yang Weijiang
2019-09-17 8:53 ` [PATCH v5 6/9] x86: spp: Introduce user-space SPP IOCTLs Yang Weijiang
2019-09-17 8:53 ` [PATCH v5 7/9] vmx: spp: Set up SPP paging table at vm-entry/exit Yang Weijiang
2019-09-17 10:56 ` kbuild test robot
2019-09-17 8:53 ` [PATCH v5 8/9] mmu: spp: Enable Lazy mode SPP protection Yang Weijiang
2019-09-17 8:53 ` [PATCH v5 9/9] mmu: spp: Handle SPP protected pages when VM memory changes Yang Weijiang
2019-09-17 12:59 ` [PATCH v5 0/9] Enable Sub-page Write Protection Support Konrad Rzeszutek Wilk
2019-09-17 16:24 ` Adalbert Lazăr [this message]
2019-10-09 2:17 ` Yang Weijiang
2019-10-10 21:42 ` Jim Mattson
2019-10-11 7:50 ` Yang Weijiang
2019-10-11 16:11 ` Jim Mattson
2019-10-22 6:19 ` Yang Weijiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=15687374550.b5d3c.30742@host \
--to=alazar@bitdefender.com \
--cc=jmattson@google.com \
--cc=konrad.wilk@oracle.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=sean.j.christopherson@intel.com \
--cc=weijiang.yang@intel.com \
--cc=yu.c.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox