Intel Posts Linux Patches Enabling LASS KVM Support
Back in January Intel engineers posted Linux patches for Linear Address Space Separation (LASS) as a feature being introduced with future Intel CPUs. Intel engineers today posted a set of patches extending that LASS support to the realm of KVM virtualization.
Intel Linear Address Space Separation was documented publicly in Intel's programming reference manual as an upcoming CPU feature. LASS is designed to help fend off speculative address accesses across user and kernel mode.
All the LASS technical details can be found via the Intel PRM for those interested.
What's new today are a set of six patches providing KVM LASS virtualization support. As explained in that new patch series:
I haven't seen Intel publicly indicate when they will be introducing processors with Linear Address Space Separation support, but based on the timing of these patches and Intel's tendency to get new features squared away in the mainline Linux kernel in advance of launch, it wouldn't surprise me at all if LASS is being introduced with Xeon Scalable "Granite Rapids" processors next year.
Intel Linear Address Space Separation was documented publicly in Intel's programming reference manual as an upcoming CPU feature. LASS is designed to help fend off speculative address accesses across user and kernel mode.
All the LASS technical details can be found via the Intel PRM for those interested.
What's new today are a set of six patches providing KVM LASS virtualization support. As explained in that new patch series:
When platform has LASS capability, KVM requires to expose this feature to guest VM enumerated by CPUID.(EAX=07H.ECX=1):EAX.LASS[bit 6], and allow guest to enable it via CR4.LASS[bit 27] on demand. For instruction executed in the guest directly, hardware will perform the LASS violation check, while KVM also needs to apply LASS to instructions emulated by software and injects #GP or #SS fault to the guest.
...
We tested the basic function of LASS virtualization including LASS enumeration and enabling in non-root and nested environment. As current KVM unittest framework is not compatible to LASS rule that kernel should run in the upper half, we use kernel module and application test to verify LASS functionalities in guest instead. The data access related x86 emulator code is verified with forced emulation prefix (FEP) mechanism. Other test cases are working in progress.
I haven't seen Intel publicly indicate when they will be introducing processors with Linear Address Space Separation support, but based on the timing of these patches and Intel's tendency to get new features squared away in the mainline Linux kernel in advance of launch, it wouldn't surprise me at all if LASS is being introduced with Xeon Scalable "Granite Rapids" processors next year.
Add A Comment