On Fri, Jun 07, 2019 at 03:27:01PM +0200, Paolo Bonzini wrote: > On 06/06/19 17:28, Yang Weijiang wrote: > > EPT-Based Sub-Page write Protection(SPP)is a HW capability which > > allows Virtual Machine Monitor(VMM) to specify write-permission for > > guest physical memory at a sub-page(128 byte) granularity. When this > > capability is enabled, the CPU enforces write-access check for > > sub-pages within a 4KB page. > > > > The feature is targeted to provide fine-grained memory protection > > for usages such as device virtualization, memory check-point and > > VM introspection etc. > > > > SPP is active when the "sub-page write protection" (bit 23) is 1 in > > Secondary VM-Execution Controls. The feature is backed with a Sub-Page > > Permission Table(SPPT), SPPT is referenced via a 64-bit control field > > called Sub-Page Permission Table Pointer (SPPTP) which contains a > > 4K-aligned physical address. > > > > Right now, only 4KB physical pages are supported for SPP. To enable SPP > > for certain physical page, we need to first make the physical page > > write-protected, then set bit 61 of the corresponding EPT leaf entry. > > While HW walks EPT, if bit 61 is set, it traverses SPPT with the guset > > physical address to find out the sub-page permissions at the leaf entry. > > If the corresponding bit is set, write to sub-page is permitted, > > otherwise, SPP induced EPT vilation is generated. > > > > Please refer to the SPP introduction document in this patch set and Intel SDM > > for details: > > > > Intel SDM: > > https://software.intel.com/sites/default/files/managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdf > > > > Previous patch: > > https://lkml.org/lkml/2018/11/30/605 > > > > Patch 1: Introduction to SPP. > > Patch 2: Add SPP related flags and control bits. > > Patch 3: Functions for SPPT setup. > > Patch 4: Add SPP access bitmaps for memslots. > > Patch 5: Low level implementation of SPP operations. > > Patch 6: Implement User space access IOCTLs. > > Patch 7: Handle SPP induced VMExit and EPT violation. > > Patch 8: Enable lazy mode SPPT setup. > > Patch 9: Handle memory remapping and reclaim. > > > > > > Change logs: > > > > V2 - V3: > > 1. Rebased patches to kernel 5.1 release > > 2. Deferred SPPT setup to EPT fault handler if the page is not available > > while set_subpage() is being called. > > 3. Added init IOCTL to reduce extra cost if SPP is not used. > > 4. Refactored patch structure, cleaned up cross referenced functions. > > 5. Added code to deal with memory swapping/migration/shrinker cases. > > > > V2 - V1: > > 1. Rebased to 4.20-rc1 > > 2. Move VMCS change to a separated patch. > > 3. Code refine and Bug fix > > > > > > Yang Weijiang (9): > > Documentation: Introduce EPT based Subpage Protection > > KVM: VMX: Add control flags for SPP enabling > > KVM: VMX: Implement functions for SPPT paging setup > > KVM: VMX: Introduce SPP access bitmap and operation functions > > KVM: VMX: Add init/set/get functions for SPP > > KVM: VMX: Introduce SPP user-space IOCTLs > > KVM: VMX: Handle SPP induced vmexit and page fault > > KVM: MMU: Enable Lazy mode SPPT setup > > KVM: MMU: Handle host memory remapping and reclaim > > > > Documentation/virtual/kvm/spp_kvm.txt | 216 ++++++++++++ > > arch/x86/include/asm/cpufeatures.h | 1 + > > arch/x86/include/asm/kvm_host.h | 26 +- > > arch/x86/include/asm/vmx.h | 10 + > > arch/x86/include/uapi/asm/vmx.h | 2 + > > arch/x86/kernel/cpu/intel.c | 4 + > > arch/x86/kvm/mmu.c | 469 ++++++++++++++++++++++++++ > > arch/x86/kvm/mmu.h | 1 + > > arch/x86/kvm/vmx/capabilities.h | 5 + > > arch/x86/kvm/vmx/vmx.c | 138 ++++++++ > > arch/x86/kvm/x86.c | 141 ++++++++ > > include/linux/kvm_host.h | 9 + > > include/uapi/linux/kvm.h | 17 + > > 13 files changed, 1038 insertions(+), 1 deletion(-) > > create mode 100644 Documentation/virtual/kvm/spp_kvm.txt > > > > Please add testcases in tools/testing/selftests/kvm. > > Paolo Hi, Paolo, Selftest patch for SPP has been released to community, please check and review, thanks!