From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 84E43CA9EAE for ; Tue, 29 Oct 2019 23:36:19 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 4525420659 for ; Tue, 29 Oct 2019 23:36:19 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="UptlDa50" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4525420659 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id D32746B0007; Tue, 29 Oct 2019 19:36:18 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CE2736B0008; Tue, 29 Oct 2019 19:36:18 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BD1016B000A; Tue, 29 Oct 2019 19:36:18 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0110.hostedemail.com [216.40.44.110]) by kanga.kvack.org (Postfix) with ESMTP id 974D86B0007 for ; Tue, 29 Oct 2019 19:36:18 -0400 (EDT) Received: from smtpin06.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with SMTP id 3C9106D9C for ; Tue, 29 Oct 2019 23:36:18 +0000 (UTC) X-FDA: 76098433236.06.kiss70_19e30e032f232 X-HE-Tag: kiss70_19e30e032f232 X-Filterd-Recvd-Size: 4436 Received: from mail-pg1-f194.google.com (mail-pg1-f194.google.com [209.85.215.194]) by imf37.hostedemail.com (Postfix) with ESMTP for ; Tue, 29 Oct 2019 23:36:17 +0000 (UTC) Received: by mail-pg1-f194.google.com with SMTP id u23so192260pgo.0 for ; Tue, 29 Oct 2019 16:36:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=pO5EP9I+LBxB7yIlj2s2YUsswQ7j2e2u16gjfNSXk60=; b=UptlDa50f1JAlt+aS7I4OkBsE2baetlINAb8Lq8yFR96Izhi8NnFnTPbq9c0ob3/uP oC+KuRvVRF7Y6/E03mE4kuJE1J9n5saEvqk2igqnDlzdpkY/l5n6kdpAkPwGQs01WTxF zMzz0sZ7T7nf4oU10cPjUR4Nof3EPxt55B4UE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=pO5EP9I+LBxB7yIlj2s2YUsswQ7j2e2u16gjfNSXk60=; b=MfoBk/vEukuLkb171+lcAv/JNY15ntKhThP69z34KnGSLdtPnqVD14FWFjUwDncPzK vSVUfIlJa2EEkIuydTrElO81hxm4Oltw550RHCrCh9lOIlBp2y8W2iD9/pN9K75aeLPw Eoe5Tk4sEmTA/ek5L2lDxO1TneB7np64unzrJea5J6WfOKdo76pBGsQA99LOVJXYmnOD qGXsGpccKsUWw8dv1TMIjSgeYDthroxISYfCysSMzZNDyJPtcC8R90cjKuI2z39VhbuV PqTXefvZUEe9b9NumGt4Y3nVlTVZkpLtb8SLuAc7EEUn0jyiJS4v4mgYkY5gYm0tyKQl SOuw== X-Gm-Message-State: APjAAAXgw3358JXKQilgVZ+X388F4Ucg1628+5/RsHCdWjYK/qN+4phr KZXjJ+ZlwaHyXH/4/s15d0EfRA== X-Google-Smtp-Source: APXvYqyjQn11mGF5URB+KSojLfEtrQjFMKKR2s9mheYyNy4PKJHiwiJWMMvBfilUsEyYDXaGBmEnZg== X-Received: by 2002:a17:90a:1424:: with SMTP id j33mr10347220pja.2.1572392176869; Tue, 29 Oct 2019 16:36:16 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id e3sm211440pff.134.2019.10.29.16.36.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2019 16:36:16 -0700 (PDT) Date: Tue, 29 Oct 2019 16:36:15 -0700 From: Kees Cook To: Rick Edgecombe Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org, linux-mm@kvack.org, luto@kernel.org, peterz@infradead.org, dave.hansen@intel.com, pbonzini@redhat.com, sean.j.christopherson@intel.com, kristen@linux.intel.com, deneen.t.dock@intel.com Subject: Re: [RFC PATCH 13/13] x86/Kconfig: Add Kconfig for KVM based XO Message-ID: <201910291634.7993D32374@keescook> References: <20191003212400.31130-1-rick.p.edgecombe@intel.com> <20191003212400.31130-14-rick.p.edgecombe@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20191003212400.31130-14-rick.p.edgecombe@intel.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Oct 03, 2019 at 02:24:00PM -0700, Rick Edgecombe wrote: > Add CONFIG_KVM_XO for supporting KVM based execute only memory. I would expect this config to be added earlier in the series so that the code being added that depends on it can be incrementally build tested... (Also, if this is default=y, why have a Kconfig for it at all? Guests need to know to use this already, yes?) -Kees > > Signed-off-by: Rick Edgecombe > --- > arch/x86/Kconfig | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index 222855cc0158..3a3af2a456e8 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -802,6 +802,19 @@ config KVM_GUEST > underlying device model, the host provides the guest with > timing infrastructure such as time of day, and system time > > +config KVM_XO > + bool "Support for KVM based execute only virtual memory permissions" > + select DYNAMIC_PHYSICAL_MASK > + select SPARSEMEM_VMEMMAP > + depends on KVM_GUEST && X86_64 > + default y > + help > + This option enables support for execute only memory for KVM guests. If > + support from the underlying VMM is not detected at boot, this > + capability will automatically disable. > + > + If you are unsure how to answer this question, answer Y. > + > config PVH > bool "Support for running PVH guests" > ---help--- > -- > 2.17.1 > -- Kees Cook