Skip to content

small fixes for secret hiding CI patches #5243

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 2 commits into
base: feature/secret-hiding
Choose a base branch
from
Draft

small fixes for secret hiding CI patches #5243

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7f78d60
temporary workaround for secret-hidden kvm-clock
roypat Jun 3, 2025
650f256
fix: clear private flag after freeing gmem folio
roypat Jun 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 35 additions & 11 deletions ...tches/10-direct-map-removal/0011-KVM-guest_memfd-Add-flag-to-remove-from-direct-map.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
From b1fc478976c93fd42b14e06d2de57e121be03142 Mon Sep 17 00:00:00 2001
From a06590a8007e35c86caf7344f76e69d4501bc43a Mon Sep 17 00:00:00 2001
From: Patrick Roy <roypat@amazon.co.uk>
Date: Fri, 7 Feb 2025 14:33:01 +0000
Subject: [PATCH 11/26] KVM: guest_memfd: Add flag to remove from direct map
Subject: [PATCH] KVM: guest_memfd: Add flag to remove from direct map

Add KVM_GMEM_NO_DIRECT_MAP flag for KVM_CREATE_GUEST_MEMFD() ioctl. When
set, guest_memfd folios will be removed from the direct map after
Expand Down Expand Up @@ -56,9 +56,9 @@ spectre-gadget.
Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
---
include/uapi/linux/kvm.h | 3 +++
virt/kvm/guest_memfd.c | 28 +++++++++++++++++++++++++++-
virt/kvm/guest_memfd.c | 38 +++++++++++++++++++++++++++++++++-----
virt/kvm/kvm_main.c | 5 +++++
3 files changed, 35 insertions(+), 1 deletion(-)
3 files changed, 41 insertions(+), 5 deletions(-)

diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
index 117937a895da..fb02a93546d8 100644
Expand All @@ -82,7 +82,7 @@ index 117937a895da..fb02a93546d8 100644

struct kvm_pre_fault_memory {
diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c
index fbf89e643add..a2b96bc51391 100644
index fbf89e643add..5545a35ce900 100644
--- a/virt/kvm/guest_memfd.c
+++ b/virt/kvm/guest_memfd.c
@@ -4,6 +4,7 @@
Expand Down Expand Up @@ -117,18 +117,42 @@ index fbf89e643add..a2b96bc51391 100644
folio_mark_uptodate(folio);
}

@@ -478,6 +494,10 @@ static void kvm_gmem_free_folio(struct folio *folio)
@@ -471,24 +487,30 @@ static int kvm_gmem_error_folio(struct address_space *mapping, struct folio *fol
return MF_DELAYED;
}

-#ifdef CONFIG_HAVE_KVM_ARCH_GMEM_INVALIDATE
static void kvm_gmem_free_folio(struct folio *folio)
{
+#ifdef CONFIG_HAVE_KVM_ARCH_GMEM_INVALIDATE
struct page *page = folio_page(folio, 0);
kvm_pfn_t pfn = page_to_pfn(page);
int order = folio_order(folio);
+#endif

+ if (folio_test_private(folio))
+ if (folio_test_private(folio)) {
+ WARN_ON_ONCE(set_direct_map_valid_noflush(folio_page(folio, 0),
+ folio_nr_pages(folio), true));
+ folio_clear_private(folio);
+ }
+
+#ifdef CONFIG_HAVE_KVM_ARCH_GMEM_INVALIDATE
kvm_arch_gmem_invalidate(pfn, pfn + (1ul << order));
}
-}
#endif
@@ -551,6 +571,9 @@ static int __kvm_gmem_create(struct kvm *kvm, loff_t size, u64 flags)
+}

static const struct address_space_operations kvm_gmem_aops = {
.dirty_folio = noop_dirty_folio,
.migrate_folio = kvm_gmem_migrate_folio,
.error_remove_folio = kvm_gmem_error_folio,
-#ifdef CONFIG_HAVE_KVM_ARCH_GMEM_INVALIDATE
.free_folio = kvm_gmem_free_folio,
-#endif
};

static int kvm_gmem_getattr(struct mnt_idmap *idmap, const struct path *path,
@@ -551,6 +573,9 @@ static int __kvm_gmem_create(struct kvm *kvm, loff_t size, u64 flags)
/* Unmovable mappings are supposed to be marked unevictable as well. */
WARN_ON_ONCE(!mapping_unevictable(inode->i_mapping));

Expand All @@ -138,7 +162,7 @@ index fbf89e643add..a2b96bc51391 100644
kvm_get_kvm(kvm);
gmem->kvm = kvm;
xa_init(&gmem->bindings);
@@ -570,7 +593,10 @@ int kvm_gmem_create(struct kvm *kvm, struct kvm_create_guest_memfd *args)
@@ -570,7 +595,10 @@ int kvm_gmem_create(struct kvm *kvm, struct kvm_create_guest_memfd *args)
{
loff_t size = args->size;
u64 flags = args->flags;
Expand Down Expand Up @@ -174,5 +198,5 @@ index 3e40acb9f5c0..32ca1c921ab0 100644
return !kvm || kvm_arch_has_private_mem(kvm);
#endif
--
2.47.1
2.49.0

51 changes: 0 additions & 51 deletions .../hiding_ci/linux_patches/10-direct-map-removal/0012-fixup-for-direct-map-removal-v4.patch
View file
Open in desktop

This file was deleted.

159 changes: 159 additions & 0 deletions resources/hiding_ci/linux_patches/11-kvmclock.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,159 @@
From 48bd0eb952cf1455b124fa06c348b801ef2254ad Mon Sep 17 00:00:00 2001
From: Patrick Roy <roypat@amazon.co.uk>
Date: Tue, 3 Jun 2025 15:32:13 +0100
Subject: [PATCH] de-gpc-ify kvm-clock

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
---
arch/x86/include/asm/kvm_host.h | 2 +-
arch/x86/kvm/x86.c | 53 +++++++++++----------------------
2 files changed, 19 insertions(+), 36 deletions(-)

diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index b874e54a5ee4..7cdef9002af8 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -911,7 +911,7 @@ struct kvm_vcpu_arch {
gpa_t time;
struct pvclock_vcpu_time_info hv_clock;
unsigned int hw_tsc_khz;
- struct gfn_to_pfn_cache pv_time;
+ gpa_t system_time;
/* set guest stopped flag in pvclock flags field */
bool pvclock_set_guest_stopped_request;

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 4b64ab350bcd..b8fbe9b4331b 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -2326,12 +2326,9 @@ static void kvm_write_system_time(struct kvm_vcpu *vcpu, gpa_t system_time,

/* we verify if the enable bit is set... */
if (system_time & 1)
- kvm_gpc_activate(&vcpu->arch.pv_time, system_time & ~1ULL,
- sizeof(struct pvclock_vcpu_time_info));
+ vcpu->arch.system_time = system_time & ~1ULL;
else
- kvm_gpc_deactivate(&vcpu->arch.pv_time);
-
- return;
+ vcpu->arch.system_time = INVALID_GPA;
}

static uint32_t div_frac(uint32_t dividend, uint32_t divisor)
@@ -3117,25 +3114,13 @@ u64 get_kvmclock_ns(struct kvm *kvm)
}

static void kvm_setup_guest_pvclock(struct kvm_vcpu *v,
- struct gfn_to_pfn_cache *gpc,
- unsigned int offset,
+ gpa_t gpa,
bool force_tsc_unstable)
{
struct kvm_vcpu_arch *vcpu = &v->arch;
- struct pvclock_vcpu_time_info *guest_hv_clock;
- unsigned long flags;
+ struct pvclock_vcpu_time_info guest_hv_clock;

- read_lock_irqsave(&gpc->lock, flags);
- while (!kvm_gpc_check(gpc, offset + sizeof(*guest_hv_clock))) {
- read_unlock_irqrestore(&gpc->lock, flags);
-
- if (kvm_gpc_refresh(gpc, offset + sizeof(*guest_hv_clock)))
- return;
-
- read_lock_irqsave(&gpc->lock, flags);
- }
-
- guest_hv_clock = (void *)(gpc->khva + offset);
+ kvm_read_guest(v->kvm, gpa, &guest_hv_clock, sizeof(struct pvclock_vcpu_time_info));

/*
* This VCPU is paused, but it's legal for a guest to read another
@@ -3144,28 +3129,28 @@ static void kvm_setup_guest_pvclock(struct kvm_vcpu *v,
* it is consistent.
*/

- guest_hv_clock->version = vcpu->hv_clock.version = (guest_hv_clock->version + 1) | 1;
+ guest_hv_clock.version = vcpu->hv_clock.version = (guest_hv_clock.version + 1) | 1;
+ kvm_write_guest(v->kvm, gpa, &guest_hv_clock, sizeof(struct pvclock_vcpu_time_info));
+
smp_wmb();

/* retain PVCLOCK_GUEST_STOPPED if set in guest copy */
- vcpu->hv_clock.flags |= (guest_hv_clock->flags & PVCLOCK_GUEST_STOPPED);
+ vcpu->hv_clock.flags |= (guest_hv_clock.flags & PVCLOCK_GUEST_STOPPED);

if (vcpu->pvclock_set_guest_stopped_request) {
vcpu->hv_clock.flags |= PVCLOCK_GUEST_STOPPED;
vcpu->pvclock_set_guest_stopped_request = false;
}

- memcpy(guest_hv_clock, &vcpu->hv_clock, sizeof(*guest_hv_clock));
+ kvm_write_guest(v->kvm, gpa, &vcpu->hv_clock, sizeof(struct pvclock_vcpu_time_info));

if (force_tsc_unstable)
- guest_hv_clock->flags &= ~PVCLOCK_TSC_STABLE_BIT;
+ guest_hv_clock.flags &= ~PVCLOCK_TSC_STABLE_BIT;

smp_wmb();

- guest_hv_clock->version = ++vcpu->hv_clock.version;
-
- kvm_gpc_mark_dirty_in_slot(gpc);
- read_unlock_irqrestore(&gpc->lock, flags);
+ ++vcpu->hv_clock.version;
+ kvm_write_guest(v->kvm, gpa, &vcpu->hv_clock, sizeof(struct pvclock_vcpu_time_info));

trace_kvm_pvclock_update(v->vcpu_id, &vcpu->hv_clock);
}
@@ -3267,8 +3252,8 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)

vcpu->hv_clock.flags = pvclock_flags;

- if (vcpu->pv_time.active)
- kvm_setup_guest_pvclock(v, &vcpu->pv_time, 0, false);
+ if (vcpu->system_time != INVALID_GPA)
+ kvm_setup_guest_pvclock(v, vcpu->system_time, false);
#ifdef CONFIG_KVM_XEN
if (vcpu->xen.vcpu_info_cache.active)
kvm_setup_guest_pvclock(v, &vcpu->xen.vcpu_info_cache,
@@ -3570,7 +3555,7 @@ static int kvm_pv_enable_async_pf_int(struct kvm_vcpu *vcpu, u64 data)

static void kvmclock_reset(struct kvm_vcpu *vcpu)
{
- kvm_gpc_deactivate(&vcpu->arch.pv_time);
+ vcpu->arch.system_time = INVALID_GPA;
vcpu->arch.time = 0;
}

@@ -5656,7 +5641,7 @@ static int kvm_vcpu_ioctl_x86_set_xcrs(struct kvm_vcpu *vcpu,
*/
static int kvm_set_guest_paused(struct kvm_vcpu *vcpu)
{
- if (!vcpu->arch.pv_time.active)
+ if (vcpu->arch.system_time == INVALID_GPA)
return -EINVAL;
vcpu->arch.pvclock_set_guest_stopped_request = true;
kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu);
@@ -6909,7 +6894,7 @@ static int kvm_arch_suspend_notifier(struct kvm *kvm)

mutex_lock(&kvm->lock);
kvm_for_each_vcpu(i, vcpu, kvm) {
- if (!vcpu->arch.pv_time.active)
+ if (vcpu->arch.system_time == INVALID_GPA)
continue;

ret = kvm_set_guest_paused(vcpu);
@@ -12251,8 +12236,6 @@ int kvm_arch_vcpu_create(struct kvm_vcpu *vcpu)
vcpu->arch.regs_avail = ~0;
vcpu->arch.regs_dirty = ~0;

- kvm_gpc_init(&vcpu->arch.pv_time, vcpu->kvm);
-
if (!irqchip_in_kernel(vcpu->kvm) || kvm_vcpu_is_reset_bsp(vcpu))
vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
else
--
2.49.0

2 changes: 1 addition & 1 deletion src/vmm/src/builder.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -235,7 +235,7 @@

#[cfg(target_arch = "x86_64")]
if secret_free {
boot_cmdline.insert_str("no-kvmclock")?;
//boot_cmdline.insert_str("no-kvmclock")?;

Check warning on line 238 in src/vmm/src/builder.rs

View check run for this annotation

Codecov / codecov/patch

src/vmm/src/builder.rs#L238 

Added line #L238 was not covered by tests
}

let (mut vmm, mut vcpus) = create_vmm_and_vcpus(
Expand Down
2 changes: 1 addition & 1 deletion src/vmm/src/cpu_config/x86_64/cpuid/intel/normalize.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ impl super::IntelCpuid {
self.update_performance_monitoring_entry()?;
self.update_extended_topology_v2_entry();
self.update_brand_string_entry()?;
self.update_frequency_information();
//self.update_frequency_information();

Ok(())
}
Expand Down