|
Robin Zheng <zhengwenbin.zwb@...>
sPMP(MPU) is designed for the separation between U-mode and S-mode and it only make sense only when paging is not available. With H extension, there're 3 atp registers to control the translation for different stages: - satp (normal translation for HS-mode) - vsatp (1st translation for VS-mode) - hgatp (2nd translation for VS-mode) and there also has 2 hypervisor types for virtualization model:
For Hypervisor Type-I, sPMP(MPU) makes sense when paging is not available in Guest OS(s). But it makes no sense for hypervisor itself(who is working in HS-mode) even if hypervisor has no paging too, because Type-I hypervisor only runs under HS-mode and has no user space. For Hypervisor Type-II, sPMP(MPU) also makes sense when paging is not available in Guest OS(s). sPMP(MPU) also makes sense for Host OS who without paging, but for most host OS, e.g., Linux, Windows, MacOS, paging is always available, I didn't see a Host OS who supports virtualization but has no paging support.
Thus, when H extension exists, sPMP(MPU) makes more sense for VS-mode other than HS-mode, i don't think we need to support sPMP(MPU) for both(HS-mode and VS-mode).
Regards,
Robin
------------------------------------------------------------------ From:Dong Du <dudong@...> Send Time:2021年5月4日(星期二) 16:54 To:bichengyang <bichengyang@...>; tech-privileged <tech-privileged@...>; tech-tee <tech-tee@...> Subject:Re: [RISC-V] [tech-tee] [RISC-V] [tech-privileged] Updates on the proposal of MPU (privious sPMP)
BTW, we would like to know more opinions from privilege group and H-extension group on how MPU/sPMP and virtualization should be used together, e.g., do we have any scenarios that should use paging, MPU (sPMP), and G-stage translation together?
Please feel free to give us any feedbacks to help moving forward.
All the best, Dong ------------------ Original ------------------ Date: Tue, May 4, 2021 04:44 PM To: "tech-privileged"<tech-privileged@...>; "tech-tee"<tech-tee@...>; Subject: [RISC-V] [tech-privileged] Updates on the proposal of MPU (privious sPMP)
|
|
|
Στις 2021-05-05 07:47, Robin Zheng via lists.riscv.org έγραψε: sPMP(MPU) is designed for the separation between U-mode and S-mode and it only make sense only when paging is not available. With H extension, there're 3 atp registers to control the translation for different stages:
- satp (normal translation for HS-mode)
- vsatp (1st translation for VS-mode)
- hgatp (2nd translation for VS-mode)
and there also has 2 hypervisor types for virtualization model:
For Hypervisor Type-I, sPMP(MPU) makes sense when paging is not available in Guest OS(s). But it makes no sense for hypervisor itself(who is working in HS-mode) even if hypervisor has no paging too, because Type-I hypervisor only runs under HS-mode and has no user space.
For Hypervisor Type-II, sPMP(MPU) also makes sense when paging is not available in Guest OS(s). sPMP(MPU) also makes sense for Host OS who without paging, but for most host OS, e.g., Linux, Windows, MacOS, paging is always available, I didn't see a Host OS who supports virtualization but has no paging support.
Thus, when H extension exists, sPMP(MPU) makes more sense for VS-mode other than HS-mode, i don't think we need to support sPMP(MPU) for both(HS-mode and VS-mode).
Regards,
Robin (ccing Anup for more feedback on this) This distinction between type 1 and type 2 hypervisors is a bit obsolete. If you consider type 1 hypervisors as bare-metal, then KVM for example is a type 1 hypervisor, you may check out Anup's patches for KVM on RISC-V and you'll notice that the kernel runs on HS mode, modifying h* CSRs, so basically Host OS is the hypervisor as well, and it still has userspace for monitoring, configuration, device emulation etc. If you consider type 1 hypervisors as standalone without their own userspace then it makes sense to not use paging for their own mappings, they can reduce code complexity and memory usage, in which case having an MPU to enforce memory protections makes perfect sense. There is nothing preventing satp = bare && vsatp != bare, its a very possible scenario, supported by the current spec, so since we introduce an MPU why not make it available for HS mode as well ? Wouldn't that break the concept that "HS-mode acts the same as S-mode, but with additional instructions and CSRs that control the new stage of address translation and support hosting a guest OS in virtual S-mode (VS-mode). Regular S-mode operating systems can execute without modification either in HS-mode or as VS-mode guests" ? Also in case the vendor doesn't want to implement 2-stage translation (hgatp can be hardwired to 0 in the current spec), doesn't it make sense to have an option of using MPU for managing memory protection for the guest's physical memory, providing isolation between the host and the guest and between guests ? Why rely on PMP/ePMP on M-mode for that requiring to go though M-mode every time the hypervisor wants to switch between guests ? Regards, Nick
|
|
|
Robin Zheng <zhengwenbin.zwb@...>
Hi, Nick There is nothing preventing satp = bare && vsatp != bare, its a very possible
scenario, supported by the current spec, so since we introduce an MPU
why not make it available for HS mode as well ? For hypervisor type-I, when satp = bare && vsatp != bare, the protection for VM can be done by 2nd-stage translation(hgatp != bare), but in that case, since the bare hypervisor can access VM memory freely, SMAP protection may be required by HS-mode. That may require the MPU(sPMP) to extend another bit to distinguish VS-mode and HS-mode, just like S bit does, isn't it ? When 2nd-stage translation is disabled(hgatp = bare), it makes sense by MPU, and for SMAP protection, it still requries the distinction for the access, from HS-mode or VS-mode. Since there're 3 modes, i.e., U/VS/HS, would we add another bit besides S bit for MPU(sPMP)?
Regards,
Robin
------------------------------------------------------------------ From:Nick Kossifidis <mick@...> Send Time:2021年5月5日(星期三) 16:29 To:郑文斌(玄翦) <zhengwenbin.zwb@...> Cc:bichengyang <bichengyang@...>; tech-privileged <tech-privileged@...>; tech-tee <tech-tee@...>; 杜东 <dudong@...>; anup.patel <anup.patel@...> Subject:Re: [RISC-V] [tech-tee] [RISC-V] [tech-privileged] Updates on the proposal of MPU (privious sPMP)
Στις 2021-05-05 07:47, Robin Zheng via lists.riscv.org έγραψε:
> sPMP(MPU) is designed for the separation between U-mode and S-mode and
> it only make sense only when paging is not available. With H extension,
> there're 3 atp registers to control the translation for different
> stages:
> - satp (normal translation for HS-mode)
> - vsatp (1st translation for VS-mode)
> - hgatp (2nd translation for VS-mode)
> and there also has 2 hypervisor types for virtualization model:
>
> For Hypervisor Type-I, sPMP(MPU) makes sense when paging is not
> available in Guest OS(s). But it makes no sense for hypervisor
> itself(who is working in HS-mode) even if hypervisor has no paging too,
> because Type-I hypervisor only runs under HS-mode and has no user
> space.
> For Hypervisor Type-II, sPMP(MPU) also makes sense when paging is not
> available in Guest OS(s). sPMP(MPU) also makes sense for Host OS who
> without paging, but for most host OS, e.g., Linux, Windows, MacOS,
> paging is always available, I didn't see a Host OS who supports
> virtualization but has no paging support.
>
> Thus, when H extension exists, sPMP(MPU) makes more sense for VS-mode
> other than HS-mode, i don't think we need to support sPMP(MPU) for
> both(HS-mode and VS-mode).
>
> Regards,
> Robin
(ccing Anup for more feedback on this)
This distinction between type 1 and type 2 hypervisors is a bit
obsolete. If you consider type 1 hypervisors as bare-metal, then KVM for
example is a type 1 hypervisor, you may check out Anup's patches for KVM
on RISC-V and you'll notice that the kernel runs on HS mode, modifying
h* CSRs, so basically Host OS is the hypervisor as well, and it still
has userspace for monitoring, configuration, device emulation etc. If
you consider type 1 hypervisors as standalone without their own
userspace then it makes sense to not use paging for their own mappings,
they can reduce code complexity and memory usage, in which case having
an MPU to enforce memory protections makes perfect sense. There is
nothing preventing satp = bare && vsatp != bare, its a very possible
scenario, supported by the current spec, so since we introduce an MPU
why not make it available for HS mode as well ? Wouldn't that break the
concept that "HS-mode acts the same as S-mode, but with additional
instructions and CSRs that control the new stage of address translation
and support hosting a guest OS in virtual S-mode (VS-mode). Regular
S-mode operating systems can execute without modification either in
HS-mode or as VS-mode guests" ?
Also in case the vendor doesn't want to implement 2-stage translation
(hgatp can be hardwired to 0 in the current spec), doesn't it make sense
to have an option of using MPU for managing memory protection for the
guest's physical memory, providing isolation between the host and the
guest and between guests ? Why rely on PMP/ePMP on M-mode for that
requiring to go though M-mode every time the hypervisor wants to switch
between guests ?
Regards,
Nick
|
|
|
Στις 2021-05-06 08:04, Robin Zheng via lists.riscv.org έγραψε: Hi, Nick
There is nothing preventing satp = bare && vsatp != bare, its a very possible
scenario, supported by the current spec, so since we introduce an MPU
why not make it available for HS mode as well ?
For hypervisor type-I, when satp = bare && vsatp != bare, the protection for VM can be done by 2nd-stage translation(hgatp != bare), but in that case, since the bare hypervisor can access VM memory freely, SMAP protection may be required by HS-mode. That may require the MPU(sPMP) to extend another bit to distinguish VS-mode and HS-mode, just like S bit does, isn't it ? When 2nd-stage translation is disabled(hgatp = bare), it makes sense by MPU, and for SMAP protection, it still requries the distinction for the access, from HS-mode or VS-mode. Since there're 3 modes, i.e., U/VS/HS, would we add another bit besides S bit for MPU(sPMP)?
Regards,
Robin
The goal of SMAP/SMEP (or HSMAP/HSMEP in this case) is to prevent accidental access / execution of memory controlled by a low privileged level, from a higher privileged one (e.g. due to a bug), but for this to happen both privilege levels need to have the same view of the virtual memory or at least share some memory regions / mappings. This doesn't apply here, in the general case the host and the guest will use a different set of physical regions / page tables, and when hgatp != bare, they'll also have a different view of the physical memory. So for accessing the memory of the guest, even when hgatp = bare, the host would need to create shared regions / mappings, and that's not accidental (it can only be accidental when satp = vsatp = hgatp = bare, a highly unlikely scenario), if an attacker manages to compromise the hypervisor like this it's game over. We can't do much in the scenario of a compromised/malicious host, it's still an open issue and the way to solve it is probably to use some form of attestation to prove to the guest that the host is trustworthy (but that's another discussion). The problem is when hgatp = bare, in which case a malicious guest will be able to access the memory of other guests and / or the host by creating mappings to the same physical memory. With the current spec it's possible to prevent this using PMP/ePMP on M-mode, my point is that it makes more sense to e.g. have a set of hmpu* registers and let the hypervisor handle it directly on HS mode. My other point is that since MPU is defined for S mode it should be available to both HS/VS modes. Using a separate bit for distinguishing between HS/VS wouldn't work here because we still need VS to manage its own regions, we need a separate table, so basically I'm talking about mpu*/vmpu*/hmpu* registers in the same way we have satp/vsatp/hgatp. Regards, Nick
|
|
|
Robin Zheng <zhengwenbin.zwb@...>
Hi, Nick It's much clear. Besides mpu*, we also need vsmpu* and hgmpu*. Another concern is, how to prevent HS-mode hypervisor from accessing VS-mode memory(i.e., high privileged access to low privileged memory )? The SUM bit(SUM=0) can prevent access from HS-mode to U-mode or VS-mode to VU-mode, it can not prevent access from HS-mode to VS-mode, since the S bit in mpu* table can only distinguish S-mode and U-mode. A simple way is to insert entres for VM areas in mpu table and disallow HS-mode to acess?
Regards,
Robin
------------------------------------------------------------------ From:Nick Kossifidis <mick@...> Send Time:2021年5月6日(星期四) 19:58 To:郑文斌(玄翦) <zhengwenbin.zwb@...> Cc:Nick Kossifidis <mick@...>; bichengyang <bichengyang@...>; tech-privileged <tech-privileged@...>; tech-tee <tech-tee@...>; 杜东 <dudong@...>; anup.patel <anup.patel@...> Subject:Re: [RISC-V] [tech-tee] [RISC-V] [tech-privileged] Updates on the proposal of MPU (privious sPMP)
Στις 2021-05-06 08:04, Robin Zheng via lists.riscv.org έγραψε:
> Hi, Nick
> There is nothing preventing satp = bare && vsatp != bare, its a very
> possible
> scenario, supported by the current spec, so since we introduce an MPU
> why not make it available for HS mode as well ?
> For hypervisor type-I, when satp = bare && vsatp != bare, the
> protection for VM can be done by 2nd-stage translation(hgatp != bare),
> but in that case, since the bare hypervisor can access VM memory
> freely, SMAP protection may be required by HS-mode. That may require
> the MPU(sPMP) to extend another bit to distinguish VS-mode and HS-mode,
> just like S bit does, isn't it ? When 2nd-stage translation is
> disabled(hgatp = bare), it makes sense by MPU, and for SMAP protection,
> it still requries the distinction for the access, from HS-mode or
> VS-mode. Since there're 3 modes, i.e., U/VS/HS, would we add another
> bit besides S bit for MPU(sPMP)?
>
> Regards,
> Robin
>
The goal of SMAP/SMEP (or HSMAP/HSMEP in this case) is to prevent
accidental access / execution of memory controlled by a low privileged
level, from a higher privileged one (e.g. due to a bug), but for this to
happen both privilege levels need to have the same view of the virtual
memory or at least share some memory regions / mappings. This doesn't
apply here, in the general case the host and the guest will use a
different set of physical regions / page tables, and when hgatp != bare,
they'll also have a different view of the physical memory. So for
accessing the memory of the guest, even when hgatp = bare, the host
would need to create shared regions / mappings, and that's not
accidental (it can only be accidental when satp = vsatp = hgatp = bare,
a highly unlikely scenario), if an attacker manages to compromise the
hypervisor like this it's game over. We can't do much in the scenario of
a compromised/malicious host, it's still an open issue and the way to
solve it is probably to use some form of attestation to prove to the
guest that the host is trustworthy (but that's another discussion). The
problem is when hgatp = bare, in which case a malicious guest will be
able to access the memory of other guests and / or the host by creating
mappings to the same physical memory. With the current spec it's
possible to prevent this using PMP/ePMP on M-mode, my point is that it
makes more sense to e.g. have a set of hmpu* registers and let the
hypervisor handle it directly on HS mode. My other point is that since
MPU is defined for S mode it should be available to both HS/VS modes.
Using a separate bit for distinguishing between HS/VS wouldn't work here
because we still need VS to manage its own regions, we need a separate
table, so basically I'm talking about mpu*/vmpu*/hmpu* registers in the
same way we have satp/vsatp/hgatp.
Regards,
Nick
|
|
|
Hi Robin, As far as I know, currently H-extension does allow hypervisor to access VS memory through, HLV (hypervisor virtual-machine load), HSV (hypervisor virtual-machine store) and, HLVX. However, I am not sure whether there are some mechanisms for Execution Prevention. My thought was to keep consistent with existing strategies in H-ext. But I do not think it's reasonable to insert entries related to VM into MPU, as MPU is used in scenarios without paging/virtualization (in most cases I believe).
All the best, Dong ------------------ Original ------------------ Date: Thu, May 6, 2021 10:05 PM To: "Nick Kossifidis"<mick@...>; Cc: "bichengyang"<bichengyang@...>; "tech-privileged"<tech-privileged@...>; "tech-tee"<tech-tee@...>; "杜东"<dudong@...>; "anup.patel"<anup.patel@...>; Subject: Re: [RISC-V] [tech-tee] [RISC-V] [tech-privileged] Updates on the proposal of MPU (privious sPMP) Hi, Nick It's much clear. Besides mpu*, we also need vsmpu* and hgmpu*. Another concern is, how to prevent HS-mode hypervisor from accessing VS-mode memory(i.e., high privileged access to low privileged memory )? The SUM bit(SUM=0) can prevent access from HS-mode to U-mode or VS-mode to VU-mode, it can not prevent access from HS-mode to VS-mode, since the S bit in mpu* table can only distinguish S-mode and U-mode. A simple way is to insert entres for VM areas in mpu table and disallow HS-mode to acess?
Regards,
Robin
------------------------------------------------------------------ From:Nick Kossifidis <mick@...> Send Time:2021年5月6日(星期四) 19:58 To:郑文斌(玄翦) <zhengwenbin.zwb@...> Cc:Nick Kossifidis <mick@...>; bichengyang <bichengyang@...>; tech-privileged <tech-privileged@...>; tech-tee <tech-tee@...>; 杜东 <dudong@...>; anup.patel <anup.patel@...> Subject:Re: [RISC-V] [tech-tee] [RISC-V] [tech-privileged] Updates on the proposal of MPU (privious sPMP)
Στις 2021-05-06 08:04, Robin Zheng via lists.riscv.org έγραψε:
> Hi, Nick
> There is nothing preventing satp = bare && vsatp != bare, its a very
> possible
> scenario, supported by the current spec, so since we introduce an MPU
> why not make it available for HS mode as well ?
> For hypervisor type-I, when satp = bare && vsatp != bare, the
> protection for VM can be done by 2nd-stage translation(hgatp != bare),
> but in that case, since the bare hypervisor can access VM memory
> freely, SMAP protection may be required by HS-mode. That may require
> the MPU(sPMP) to extend another bit to distinguish VS-mode and HS-mode,
> just like S bit does, isn't it ? When 2nd-stage translation is
> disabled(hgatp = bare), it makes sense by MPU, and for SMAP protection,
> it still requries the distinction for the access, from HS-mode or
> VS-mode. Since there're 3 modes, i.e., U/VS/HS, would we add another
> bit besides S bit for MPU(sPMP)?
>
> Regards,
> Robin
>
The goal of SMAP/SMEP (or HSMAP/HSMEP in this case) is to prevent
accidental access / execution of memory controlled by a low privileged
level, from a higher privileged one (e.g. due to a bug), but for this to
happen both privilege levels need to have the same view of the virtual
memory or at least share some memory regions / mappings. This doesn't
apply here, in the general case the host and the guest will use a
different set of physical regions / page tables, and when hgatp != bare,
they'll also have a different view of the physical memory. So for
accessing the memory of the guest, even when hgatp = bare, the host
would need to create shared regions / mappings, and that's not
accidental (it can only be accidental when satp = vsatp = hgatp = bare,
a highly unlikely scenario), if an attacker manages to compromise the
hypervisor like this it's game over. We can't do much in the scenario of
a compromised/malicious host, it's still an open issue and the way to
solve it is probably to use some form of attestation to prove to the
guest that the host is trustworthy (but that's another discussion). The
problem is when hgatp = bare, in which case a malicious guest will be
able to access the memory of other guests and / or the host by creating
mappings to the same physical memory. With the current spec it's
possible to prevent this using PMP/ePMP on M-mode, my point is that it
makes more sense to e.g. have a set of hmpu* registers and let the
hypervisor handle it directly on HS mode. My other point is that since
MPU is defined for S mode it should be available to both HS/VS modes.
Using a separate bit for distinguishing between HS/VS wouldn't work here
because we still need VS to manage its own regions, we need a separate
table, so basically I'm talking about mpu*/vmpu*/hmpu* registers in the
same way we have satp/vsatp/hgatp.
Regards,
Nick
|
|
|
