Il 31/03/2014 08:16, Wu, Feng ha scritto:
/*
* If CPL < 3, SMAP protections are disabled if EFLAGS.AC = 1.
*
* If CPL = 3, SMAP applies to all supervisor-mode data accesses
* (
> -Original Message-
> From: Paolo Bonzini [mailto:paolo.bonz...@gmail.com] On Behalf Of Paolo
> Bonzini
> Sent: Monday, March 31, 2014 3:29 PM
> To: Wu, Feng; g...@redhat.com; h...@zytor.com; kvm@vger.kernel.org
> Subject: Re: [PATCH 2/4] KVM: Add SMAP support when setting CR4
>
> Il 31
Linus,
The following changes since commit 6d0abeca3242a88cab8232e4acd7e2bf088f3bc2:
Linux 3.14-rc3 (2014-02-16 13:30:25 -0800)
are available in the git repository at:
git://git.kernel.org/pub/scm/virt/kvm/kvm.git tags/kvm-3.15-1
for you to fetch changes up to 7227fc006b0df2c0d2966a7f48
Il 31/03/2014 10:06, Wu, Feng ha scritto:
>
> It is faster if you avoid the "!" and shift right from the AC bit into
> position PFERR_RSVD_BIT - 1. In update_permission_bitmask you can
> invert the direction of the bit when you extract it from pfec.
So in that case, we should set "smapf" in upd
Il 31/03/2014 10:30, Paolo Bonzini ha scritto:
Linus,
The following changes since commit 6d0abeca3242a88cab8232e4acd7e2bf088f3bc2:
Linux 3.14-rc3 (2014-02-16 13:30:25 -0800)
are available in the git repository at:
git://git.kernel.org/pub/scm/virt/kvm/kvm.git tags/kvm-3.15-1
Also at tag
Supervisor Mode Access Prevention (SMAP) is a new security feature
disclosed by Intel, please refer to the following document:
http://software.intel.com/sites/default/files/319433-014.pdf
Every access to a linear address is either a supervisor-mode access
or a user-mode access. All accesses pe
This patch removes SMAP bit from CR4_RESERVED_BITS.
Signed-off-by: Feng Wu
---
arch/x86/include/asm/kvm_host.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index fdf83af..4eeb049 100644
--- a/arch/x86/includ
SMAP is disabled if CPU is in non-paging mode in hardware.
However KVM always uses paging mode to emulate guest non-paging
mode with TDP. To emulate this behavior, SMAP needs to be
manually disabled when guest switches to non-paging mode.
Signed-off-by: Feng Wu
---
arch/x86/kvm/vmx.c | 11 ++
This patch exposes SMAP feature to guest
Signed-off-by: Feng Wu
---
arch/x86/kvm/cpuid.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index c697625..deb5f9b 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -303,7 +
This patch adds SMAP handling logic when setting CR4 for guests
Thanks a lot to Paolo Bonzini for his suggestion to use the branchless
way to detect SMAP violation.
Signed-off-by: Feng Wu
---
arch/x86/kvm/cpuid.h | 8
arch/x86/kvm/mmu.c | 35 +
Hi
Please, send any topic that you are interested in covering.
Thanks, Juan.
Call details:
10:00 AM to 11:00 AM EDT
Every two weeks
If you need phone number details, contact me privately.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@
Hi,
Am 31.03.2014 12:40, schrieb Juan Quintela:
>
> Please, send any topic that you are interested in covering.
I would like to discuss the state of the QEMU release process, please:
* -rc1 has not been tagged.
* Who besides Anthony could upload a tarball if we tag and create it?
* make-release
On Mon, Mar 31, 2014 at 12:51:31PM +0200, Andreas Färber wrote:
> Am 31.03.2014 12:40, schrieb Juan Quintela:
> >
> > Please, send any topic that you are interested in covering.
>
> I would like to discuss the state of the QEMU release process, please:
>
> * -rc1 has not been tagged.
> * Who bes
On 31 March 2014 14:21, Christian Borntraeger wrote:
> Another thing might be the release process in general. Currently it seems
> that everybody tries to push everything just before the hard freeze. I had
> to debug some problems introduced _after_ soft freeze. Is there some
> interest in having
On 31/03/14 12:51, Andreas Färber wrote:
> Hi,
>
> Am 31.03.2014 12:40, schrieb Juan Quintela:
>>
>> Please, send any topic that you are interested in covering.
>
> I would like to discuss the state of the QEMU release process, please:
>
> * -rc1 has not been tagged.
> * Who besides Anthony coul
Just a few comments...
-static void update_permission_bitmask(struct kvm_vcpu *vcpu,
+void update_permission_bitmask(struct kvm_vcpu *vcpu,
struct kvm_mmu *mmu, bool ept)
{
unsigned bit, byte, pfec;
u8 map;
- bool fault, x, w, u, wf, uf, ff, smep;
+ b
On 03/26/2014 09:52 PM, Scott Wood wrote:
On Thu, 2014-02-20 at 18:30 +0200, Mihai Caraman wrote:
diff --git a/arch/powerpc/kvm/book3s_paired_singles.c
b/arch/powerpc/kvm/book3s_paired_singles.c
index a59a25a..80c533e 100644
--- a/arch/powerpc/kvm/book3s_paired_singles.c
+++ b/arch/powerpc/kvm/
On 03/26/2014 10:17 PM, Scott Wood wrote:
On Thu, 2014-02-20 at 18:30 +0200, Mihai Caraman wrote:
Load external pid (lwepx) instruction faults (when called from
KVM with guest context) needs to be handled by KVM. This implies
additional code in DO_KVM macro to identify the source of the
exceptio
On Mon, Mar 31, 2014 at 6:25 AM, Peter Maydell wrote:
> On 31 March 2014 14:21, Christian Borntraeger wrote:
>> Another thing might be the release process in general. Currently it seems
>> that everybody tries to push everything just before the hard freeze. I had
>> to debug some problems introd
Il 31/03/2014 16:01, Anthony Liguori ha scritto:
> "merge window" has been suggested before. I think it would be
> a terrible idea for QEMU, personally. We're not the kernel in
> many ways, notably dev community size and a greater tendency
> to changes that have effects across the whole tree.
>
>
On 31 March 2014 15:28, Paolo Bonzini wrote:
> I think it would be a good idea to separate the committer and release
> manager roles. Peter is providing the community with a wonderful service,
> just like you were; putting too much work on his shoulders risks getting us
> in the same situation if
Am 31.03.2014 16:32, schrieb Peter Maydell:
> On 31 March 2014 15:28, Paolo Bonzini wrote:
>> I think it would be a good idea to separate the committer and release
>> manager roles. Peter is providing the community with a wonderful service,
>> just like you were; putting too much work on his shou
On Mon, Mar 31, 2014 at 7:46 AM, Andreas Färber wrote:
> Am 31.03.2014 16:32, schrieb Peter Maydell:
>> On 31 March 2014 15:28, Paolo Bonzini wrote:
>>> I think it would be a good idea to separate the committer and release
>>> manager roles. Peter is providing the community with a wonderful serv
Anthony Liguori writes:
> On Mon, Mar 31, 2014 at 7:46 AM, Andreas Färber wrote:
>> Am 31.03.2014 16:32, schrieb Peter Maydell:
>>> On 31 March 2014 15:28, Paolo Bonzini wrote:
I think it would be a good idea to separate the committer and release
manager roles. Peter is providing the
On Sun, Mar 30, 2014 at 03:10:50PM -0700, Olof Johansson wrote:
> On Fri, Mar 28, 2014 at 11:45 AM, Christoffer Dall
> wrote:
> > ARM VM System Specification
> > ===
>
> [not quoting the whole spec here]
>
> This looks very sane to me, and aligns very well with non-virtua
On 03/29/2014 01:47 AM, Zhanghailiang wrote:
> Hi,
> I found when Guest is idle, VDSO pvclock may increase host consumption.
> We can calcutate as follow, Correct me if I am wrong.
> (Host)250 * update_pvclock_gtod = 1500 * gettimeofday(Guest)
> In Host, VDSO pvclock introduce a notifier chai
Hi Grigory,
On Thu, Mar 20, 2014 at 10:50:07AM -0700, Grigory Makarevich wrote:
> Andrea, Paolo,
>
> Thanks a lot for the comments.
>
> I like the idea of userfaultfd a lot. For my prototype I had to solve a
> problem of accessing to the ondemand page from the paths where exiting is
> not safe
> -Original Message-
> From: Alex Williamson [mailto:alex.william...@redhat.com]
> Sent: Wednesday, March 26, 2014 5:09 PM
> To: Alexander Graf
> Cc: kvm@vger.kernel.org; jan.kis...@siemens.com; will.dea...@arm.com;
> Yoder Stuart-B08248; a.r...@virtualopensystems.com; Michal Hocko; Wood
It is sometimes benefitial to ignore IO size, and only match on address.
In hindsight this would have been a better default than matching length
when KVM_IOEVENTFD_FLAG_DATAMATCH is not set, In particular, this kind
of access can be optimized on VMX: there no need to do page lookups.
This can curre
With KVM, MMIO is much slower than PIO, due to the need to
do page walk and emulation. But with EPT, it does not have to be: we
know the address from the VMCS so if the address is unique, we can look
up the eventfd directly, bypassing emulation.
Unfortunately, this only works if userspace does not
Quoting Andreas Färber (2014-03-31 09:46:45)
> Am 31.03.2014 16:32, schrieb Peter Maydell:
> > On 31 March 2014 15:28, Paolo Bonzini wrote:
> >> I think it would be a good idea to separate the committer and release
> >> manager roles. Peter is providing the community with a wonderful service,
> >
Minor changes to enable Xen as a L1 hypervisor.
Tested with a Haswell host, Xen-4.3 L1 and debian6 L2
v2:
* Remove advertising single context invalidation for emulated invept
Patch "KVM: nVMX: check for null vmcs12 when L1 does invept" from v1
is now obsolete and is removed
* Reorder patche
For single context invalidation, we fall through to global
invalidation in handle_invept() except for one case - when
the operand supplied by L1 is different from what we have in
vmcs12. However, typically hypervisors will only call invept
for the currently loaded eptp, so the condition will
never
This feature emulates the "Acknowledge interrupt on exit" behavior.
We can safely emulate it for L1 to run L2 even if L0 itself has it
disabled (to run L1).
Signed-off-by: Bandan Das
---
arch/x86/kvm/irq.c | 1 +
arch/x86/kvm/vmx.c | 19 +++
2 files changed, 20 insertions(+)
di
Some Type 1 hypervisors such as XEN won't enable VMX without it present
Signed-off-by: Bandan Das
---
arch/x86/kvm/vmx.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index e864b7a..a2a03c5 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch
On Mon, 31 Mar 2014 20:23:36 +
Stuart Yoder wrote:
> > From: Greg KH [mailto:gre...@linuxfoundation.org]
> > Sent: Monday, March 31, 2014 2:47 PM
> >
> > On Mon, Mar 31, 2014 at 06:47:51PM +, Stuart Yoder wrote:
> > > I also, was at the point where I thought we should perhaps just
> > >
On Fri, 28 Mar 2014 11:10:23 -0600
Alex Williamson wrote:
> On Fri, 2014-03-28 at 12:58 -0400, Konrad Rzeszutek Wilk wrote:
> > On Wed, Mar 26, 2014 at 04:09:21PM -0600, Alex Williamson wrote:
> > > On Wed, 2014-03-26 at 10:21 -0600, Alex Williamson wrote:
> > > > On Wed, 2014-03-26 at 23:06 +080
On Mon, 2014-03-31 at 15:41 +0200, Alexander Graf wrote:
> On 03/26/2014 10:17 PM, Scott Wood wrote:
> > On Thu, 2014-02-20 at 18:30 +0200, Mihai Caraman wrote:
> >> + /*
> >> + * Another thread may rewrite the TLB entry in parallel, don't
> >> + * execute from the address if the execute permi
On Mon, 2014-03-31 at 17:36 -0500, Kim Phillips wrote:
> On Fri, 28 Mar 2014 11:10:23 -0600
> Alex Williamson wrote:
>
> > On Fri, 2014-03-28 at 12:58 -0400, Konrad Rzeszutek Wilk wrote:
> > > On Wed, Mar 26, 2014 at 04:09:21PM -0600, Alex Williamson wrote:
> > > > On Wed, 2014-03-26 at 10:21 -06
Thanks Stefan and thanks Michael also.
That situation regarding the IRC was very special, since i didnt
wanted to tell Michael "hey, everyone in the mailing list got it and
im here chatting with you and you didn't" so i assumed the IRC was
9 times more pro than the mailing list so i de
> -Original Message-
> From: kvm-ow...@vger.kernel.org [mailto:kvm-ow...@vger.kernel.org] On
> Behalf Of Paolo Bonzini
> Sent: Monday, March 31, 2014 9:31 PM
> To: Wu, Feng; g...@redhat.com; h...@zytor.com; kvm@vger.kernel.org
> Subject: Re: [PATCH v3 2/4] KVM: Add SMAP support when setti
Supervisor Mode Access Prevention (SMAP) is a new security feature
disclosed by Intel, please refer to the following document:
http://software.intel.com/sites/default/files/319433-014.pdf
Every access to a linear address is either a supervisor-mode access
or a user-mode access. All accesses pe
This patch exposes SMAP feature to guest
Signed-off-by: Feng Wu
---
arch/x86/kvm/cpuid.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index c697625..deb5f9b 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -303,7 +
SMAP is disabled if CPU is in non-paging mode in hardware.
However KVM always uses paging mode to emulate guest non-paging
mode with TDP. To emulate this behavior, SMAP needs to be
manually disabled when guest switches to non-paging mode.
Signed-off-by: Feng Wu
---
arch/x86/kvm/vmx.c | 11 ++
This patch removes SMAP bit from CR4_RESERVED_BITS.
Signed-off-by: Feng Wu
---
arch/x86/include/asm/kvm_host.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index fdf83af..4eeb049 100644
--- a/arch/x86/includ
This patch adds SMAP handling logic when setting CR4 for guests
Thanks a lot to Paolo Bonzini for his suggestion to use the branchless
way to detect SMAP violation.
Signed-off-by: Feng Wu
---
arch/x86/kvm/cpuid.h | 8
arch/x86/kvm/mmu.c | 34 +
This patch is based on the smap patchset
Feng Wu (1):
Rename variable smep to cr4_smep
arch/x86/kvm/mmu.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--
1.8.3.1
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kerne
Rename variable smep to cr4_smep, which can better reflect the
meaning of the variable.
Signed-off-by: Feng Wu
---
arch/x86/kvm/mmu.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index a183783..6000557 100644
--- a/arch/x86/kvm
On Mon, Mar 31, 2014 at 10:52:25AM -0700, Andy Lutomirski wrote:
> On 03/29/2014 01:47 AM, Zhanghailiang wrote:
> > Hi,
> > I found when Guest is idle, VDSO pvclock may increase host consumption.
> > We can calcutate as follow, Correct me if I am wrong.
> > (Host)250 * update_pvclock_gtod = 1
On Mar 31, 2014 8:45 PM, "Marcelo Tosatti" wrote:
>
> On Mon, Mar 31, 2014 at 10:52:25AM -0700, Andy Lutomirski wrote:
> > On 03/29/2014 01:47 AM, Zhanghailiang wrote:
> > > Hi,
> > > I found when Guest is idle, VDSO pvclock may increase host consumption.
> > > We can calcutate as follow, Correct
> Am 01.04.2014 um 01:03 schrieb Scott Wood :
>
>> On Mon, 2014-03-31 at 15:41 +0200, Alexander Graf wrote:
>>> On 03/26/2014 10:17 PM, Scott Wood wrote:
On Thu, 2014-02-20 at 18:30 +0200, Mihai Caraman wrote:
+/*
+ * Another thread may rewrite the TLB entry in parallel, d
https://bugzilla.kernel.org/show_bug.cgi?id=73331
Bug ID: 73331
Summary: Nested Virtualization, L2 cannot boot up on Ivybridge
and Haswell
Product: Virtualization
Version: unspecified
Kernel Version: 3.14.0-rc3
Hardware
52 matches
Mail list logo
