Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp6077656yba; Tue, 14 May 2019 01:01:34 -0700 (PDT) X-Google-Smtp-Source: APXvYqzxdlQfMXJLFmziWXqYWZ6z6EOMxUKRfD+Q/pG2vIFQUyors0SEp3eLhBNkzsGq53VoQC6E X-Received: by 2002:a63:5907:: with SMTP id n7mr36796078pgb.416.1557820894190; Tue, 14 May 2019 01:01:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557820894; cv=none; d=google.com; s=arc-20160816; b=kQj/TzsJmPUMtwTGcEkCahSo4MtpOmfJYmwndE7RXfpAWugdPOGGlI01y08cRmguf8 4FeZC6qv9SY6xd1evSl/yrwWIg6+hf1KKkVGl8FuRNvj3TtBazkomAzDAZKaUjlmtfhX EUg3eErSNF1hGsOQOUOS4mj2ILrPJsUMNemieivLoXD1Wur4n/h4s9fL11aB6W9GaCxt cKhUTtCPTRWnq/5Stue/XoXs+7mFQ5eNYHQR/2uJsARSZYTWJE6mWNWXd4SYiDYSczf0 rhVS44SmkuHL13TItaKplTgkKT4P6c3+TK3C0w/spoosn2emak/fSR2FPJLFfJNNB90j 98RQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:organization:from:references:cc:to:subject :dkim-signature; bh=APVvqr1lJvph+nzc+bHSkxPBxoL6T6+MikT3VYcFYTY=; b=AIaP0hSQf7czKduxaL5NlSbjU2WZqNWWadMBJlIbmyzg6bkl+j+2dWuwyqxHpO7Jo9 qta8sWqYk8GhfmvOnmDh774B3tWBKl3ygpeNseReeH3bFFY5dl6J8T7nPa02v4y2SCpF Ot/S8MN6KfmQ+mU2mTEKWJ/RC37smmHPBuIhXsKEXYB6Tc648wPfShHoCThJFNvv79Zh Hk884tzqU6sHRKFrTLMMoLQKGiv7oyEGdKDQF9FOo/qFa22RyCWsijyJGpKDSDRziBIA rTu5S3dFg8u6ZdaDetJOsgUr4O/XowpcNQf7xFdye12Dr9nLzqaz7zhAtmiqbPmWmDSh 3hBg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=Qa00vacP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i190si18396409pgd.320.2019.05.14.01.01.18; Tue, 14 May 2019 01:01:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=Qa00vacP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726314AbfENIAK (ORCPT + 99 others); Tue, 14 May 2019 04:00:10 -0400 Received: from aserp2130.oracle.com ([141.146.126.79]:59392 "EHLO aserp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725866AbfENIAK (ORCPT ); Tue, 14 May 2019 04:00:10 -0400 Received: from pps.filterd (aserp2130.oracle.com [127.0.0.1]) by aserp2130.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x4E7rZFV025235; Tue, 14 May 2019 07:58:08 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : to : cc : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=APVvqr1lJvph+nzc+bHSkxPBxoL6T6+MikT3VYcFYTY=; b=Qa00vacPoKAcDmadtKFTWQ86hpzpK8edI+E8nptO4qmbHNiluW4rA72QRsqn8dqQgb+H YGHr2ncstXf+JbqVMohLL2958KIfwz1ytfCJ7tbXXGN1fYU2kBNJ1BY7oD907Cqwg837 A61+vFfLiLoFKI7Ug++Agy45D9NhL2tIeOvullD7o5jCeYuuFEqelfAWsJg31pIUxGK3 zAykOuGR1A4gFP7D39sMxyz/OAWKeBzSF37EeCYYD6w2+diBlhHO4t4uR/f89UX7hgse NPu/z0kCRo8ZxHnDBqoSzEiQzVrR8NVl4GGZs4KQwlhUmJ6N7g8nenjrZc4sJIEKLJad cQ== Received: from aserp3030.oracle.com (aserp3030.oracle.com [141.146.126.71]) by aserp2130.oracle.com with ESMTP id 2sdkwdm73v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 14 May 2019 07:58:08 +0000 Received: from pps.filterd (aserp3030.oracle.com [127.0.0.1]) by aserp3030.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x4E7vKet144428; Tue, 14 May 2019 07:58:08 GMT Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by aserp3030.oracle.com with ESMTP id 2sdmeax9xs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 14 May 2019 07:58:08 +0000 Received: from abhmp0018.oracle.com (abhmp0018.oracle.com [141.146.116.24]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id x4E7w7PM008960; Tue, 14 May 2019 07:58:07 GMT Received: from [10.166.106.34] (/10.166.106.34) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 14 May 2019 00:58:07 -0700 Subject: Re: [RFC KVM 06/27] KVM: x86: Exit KVM isolation on IRQ entry To: Peter Zijlstra , Andy Lutomirski Cc: Paolo Bonzini , Radim Krcmar , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Dave Hansen , kvm list , X86 ML , Linux-MM , LKML , Konrad Rzeszutek Wilk , jan.setjeeilers@oracle.com, Liran Alon , Jonathan Adams References: <1557758315-12667-1-git-send-email-alexandre.chartre@oracle.com> <1557758315-12667-7-git-send-email-alexandre.chartre@oracle.com> <64c49aa6-e7f2-4400-9254-d280585b4067@oracle.com> <20190514070719.GD2589@hirez.programming.kicks-ass.net> From: Alexandre Chartre Organization: Oracle Corporation Message-ID: Date: Tue, 14 May 2019 09:58:04 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0 MIME-Version: 1.0 In-Reply-To: <20190514070719.GD2589@hirez.programming.kicks-ass.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9256 signatures=668686 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905140058 X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9256 signatures=668686 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905140058 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/14/19 9:07 AM, Peter Zijlstra wrote: > On Mon, May 13, 2019 at 11:13:34AM -0700, Andy Lutomirski wrote: >> On Mon, May 13, 2019 at 9:28 AM Alexandre Chartre >> wrote: > >>> Actually, I am not sure this is effectively useful because the IRQ >>> handler is probably faulting before it tries to exit isolation, so >>> the isolation exit will be done by the kvm page fault handler. I need >>> to check that. >>> >> >> The whole idea of having #PF exit with a different CR3 than was loaded >> on entry seems questionable to me. I'd be a lot more comfortable with >> the whole idea if a page fault due to accessing the wrong data was an >> OOPS and the code instead just did the right thing directly. > > So I've ran into this idea before; it basically allows a lazy approach > to things. > > I'm somewhat conflicted on things, on the one hand, changing CR3 from > #PF is a natural extention in that #PF already changes page-tables (for > userspace / vmalloc etc..), on the other hand, there's a thin line > between being lazy and being sloppy. > > If we're going down this route; I think we need a very coherent design > and strong rules. > Right. We should particularly ensure that the KVM page-table remains a subset of the kernel page-table, in particular page-table changes (e.g. for vmalloc etc...) should happen in the kernel page-table and not in the kvm page-table. So we should probably enforce switching to the kernel page-table when doing operation like vmalloc. The current code doesn't enforce it, but I can see it faulting, when doing any allocation (because the kvm page table doesn't have all structures used during an allocation). alex.