Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2006731pxb;
        Thu, 11 Feb 2021 01:37:56 -0800 (PST)
X-Google-Smtp-Source: ABdhPJz7ep0KW4DtnqJHeHU0e7IPV3MPm1M1IeOoDOwCk6bWs/UYOXLQ18yEk1a4dj5yuck2ibeF
X-Received: by 2002:a17:906:8053:: with SMTP id x19mr7452272ejw.470.1613036276320;
        Thu, 11 Feb 2021 01:37:56 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1613036276; cv=none;
        d=google.com; s=arc-20160816;
        b=tKiz6OgL5SOYKwMzXRTHL1gC01Np89THspdv9zow1f3fLoHCAlXwel/hzwI6EfDkKJ
         ssw3AEsnsvH+gsADuZsI1zkydi899jK7HsNPa4relvWRNX3jZLvTWtX0n4NL1xXHUext
         JbnaY0jYP7cuCiMutCh6VQ3yOq5czEqEFXyJ0A+mutxHjbdprRXY4m7WZsFAH5DlldI0
         wS8XVEZtxzhublANHTjJJC7z0dD3qk16THMh/zOl1MZG6p5dEsQ0hUg5xuwqINd42k6w
         f1Z710862OdaHUjAjVFOwXbjo3hBs9rqMKzJ77EUuwfaYlJ5yikTjcrrhj47O/Tb9Mgn
         q8GQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :in-reply-to:mime-version:user-agent:date:message-id:subject
         :organization:from:references:cc:to:dkim-signature;
        bh=u4st3dUfUDrEYqTNg6+oyu4V3aGVRlCGOHLDzYx7178=;
        b=Rrx1dKKeWJJxWv0XTpo05Oc0vEILIP8uKykCFUVttGGsgIf8RGjC6I1svx8R+VrwTA
         2XC91w3+umA/6M3kV6JHJkWXJsj7Pmwv1Yl8F9UH1Wd9D7hiKTwz/ynVvjdtX/sBUl9J
         uwqYFpxoQZNVTegDppE9pKevTk1hqvQnRdwjN9fB9t47g0DxScj/DmSKvakNzufv2K4W
         3IsMHlTkxMMmBUGT5pZwsIBk2bVRz+sFCUWC4NWpkWGuqJmGLwsqJuAWpW389oQmhzo6
         k6It7/dH+2uulcwaABhcftZwkj8/Ne+qvewPGJkuI3Qw5hXQld4AijPwxKNi8TLZHi8J
         bHnA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=g1xwoReg;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id a67si3557256edf.42.2021.02.11.01.37.32;
        Thu, 11 Feb 2021 01:37:56 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=g1xwoReg;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229948AbhBKJgu (ORCPT <rfc822;loserzhuang@gmail.com>
        + 99 others); Thu, 11 Feb 2021 04:36:50 -0500
Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:52672 "EHLO
        us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S230299AbhBKJVB (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 11 Feb 2021 04:21:01 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1613035145;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=u4st3dUfUDrEYqTNg6+oyu4V3aGVRlCGOHLDzYx7178=;
        b=g1xwoRegAzaikCzpPFqIz/CPUQbZAGG5SbWR6L36e9hUtZXRi0z8CH0FxF0L9aw/9pVdOm
        YzydncWppRwG4Az5l0KsH15z56fpjfrNi4JUiqyQEIgGgcHEmlPDtct2qiE3ZSKnmxXviz
        2ESws2uqZH3B0H2KYD7Cor3yjI1yO1k=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-14-cwDao8JwMxi9SulrTdCGIQ-1; Thu, 11 Feb 2021 04:19:01 -0500
X-MC-Unique: cwDao8JwMxi9SulrTdCGIQ-1
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8E031BBEE4;
        Thu, 11 Feb 2021 09:18:59 +0000 (UTC)
Received: from [10.36.114.52] (ovpn-114-52.ams2.redhat.com [10.36.114.52])
        by smtp.corp.redhat.com (Postfix) with ESMTP id D2DF360C17;
        Thu, 11 Feb 2021 09:18:57 +0000 (UTC)
To:     Claudio Imbrenda <imbrenda@linux.ibm.com>,
        linux-kernel@vger.kernel.org
Cc:     borntraeger@de.ibm.com, frankja@linux.ibm.com, cohuck@redhat.com,
        kvm@vger.kernel.org, linux-s390@vger.kernel.org,
        stable@vger.kernel.org
References: <20210209154302.1033165-1-imbrenda@linux.ibm.com>
 <20210209154302.1033165-2-imbrenda@linux.ibm.com>
From:   David Hildenbrand <david@redhat.com>
Organization: Red Hat GmbH
Subject: Re: [PATCH v3 1/2] s390/kvm: extend kvm_s390_shadow_fault to return
 entry pointer
Message-ID: <2a65f089-1728-7bc7-a2a8-a2c089a01cec@redhat.com>
Date:   Thu, 11 Feb 2021 10:18:56 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.5.0
MIME-Version: 1.0
In-Reply-To: <20210209154302.1033165-2-imbrenda@linux.ibm.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 09.02.21 16:43, Claudio Imbrenda wrote:
> Extend kvm_s390_shadow_fault to return the pointer to the valid leaf
> DAT table entry, or to the invalid entry.
> 
> Also return some flags in the lower bits of the address:
> DAT_PROT: indicates that DAT protection applies because of the
>            protection bit in the segment (or, if EDAT, region) tables
> NOT_PTE: indicates that the address of the DAT table entry returned
>           does not refer to a PTE, but to a segment or region table.
> 

I've been thinking about one possible issue, but I think it's not 
actually an issue. Just sharing so others can verify:

In case our guest uses huge pages / gigantic pages / ASCE R, we create 
fake page tables (GMAP_SHADOW_FAKE_TABLE).

So, it could be that kvm_s390_shadow_fault()->gmap_shadow_pgt_lookup()
succeeds, however, we have a fake PTE in our hands. We lost the
actual guest STE/RTE address. (I think it could be recovered somehow via 
page->index, thought)

But I guess, if there is a fake PTE, then there is not acutally
something that could go wrong in gmap_shadow_page() anymore that could
lead us in responding something wrong to the guest. We can only really
fail with -EINVAL, -ENOMEM or -EFAULT.

So if the guest changed anything in the meantime (e.g., zap a segment), 
we would have unshadowed the whole fake page table hierarchy and would
simply retry.

> Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
> Cc: stable@vger.kernel.org
> ---
>   arch/s390/kvm/gaccess.c | 30 +++++++++++++++++++++++++-----
>   arch/s390/kvm/gaccess.h |  5 ++++-
>   arch/s390/kvm/vsie.c    |  8 ++++----
>   3 files changed, 33 insertions(+), 10 deletions(-)
> 
> diff --git a/arch/s390/kvm/gaccess.c b/arch/s390/kvm/gaccess.c
> index 6d6b57059493..e0ab83f051d2 100644
> --- a/arch/s390/kvm/gaccess.c
> +++ b/arch/s390/kvm/gaccess.c
> @@ -976,7 +976,9 @@ int kvm_s390_check_low_addr_prot_real(struct kvm_vcpu *vcpu, unsigned long gra)
>    * kvm_s390_shadow_tables - walk the guest page table and create shadow tables
>    * @sg: pointer to the shadow guest address space structure
>    * @saddr: faulting address in the shadow gmap
> - * @pgt: pointer to the page table address result
> + * @pgt: pointer to the beginning of the page table for the given address if
> + *       successful (return value 0), or to the first invalid DAT entry in
> + *       case of exceptions (return value > 0)
>    * @fake: pgt references contiguous guest memory block, not a pgtable
>    */
>   static int kvm_s390_shadow_tables(struct gmap *sg, unsigned long saddr,
> @@ -1034,6 +1036,7 @@ static int kvm_s390_shadow_tables(struct gmap *sg, unsigned long saddr,
>   			rfte.val = ptr;
>   			goto shadow_r2t;
>   		}
> +		*pgt = ptr + vaddr.rfx * 8;
>   		rc = gmap_read_table(parent, ptr + vaddr.rfx * 8, &rfte.val);

Using

gmap_read_table(parent, *pgt, &rfte.val);

or similar with a local variable might then be even clearer. But no 
strong opinion.

>   		if (rc)
>   			return rc;
> @@ -1060,6 +1063,7 @@ static int kvm_s390_shadow_tables(struct gmap *sg, unsigned long saddr,
>   			rste.val = ptr;
>   			goto shadow_r3t;
>   		}
> +		*pgt = ptr + vaddr.rsx * 8;
>   		rc = gmap_read_table(parent, ptr + vaddr.rsx * 8, &rste.val);
>   		if (rc)
>   			return rc;
> @@ -1087,6 +1091,7 @@ static int kvm_s390_shadow_tables(struct gmap *sg, unsigned long saddr,
>   			rtte.val = ptr;
>   			goto shadow_sgt;
>   		}
> +		*pgt = ptr + vaddr.rtx * 8;
>   		rc = gmap_read_table(parent, ptr + vaddr.rtx * 8, &rtte.val);
>   		if (rc)
>   			return rc;
> @@ -1123,6 +1128,7 @@ static int kvm_s390_shadow_tables(struct gmap *sg, unsigned long saddr,
>   			ste.val = ptr;
>   			goto shadow_pgt;
>   		}
> +		*pgt = ptr + vaddr.sx * 8;
>   		rc = gmap_read_table(parent, ptr + vaddr.sx * 8, &ste.val);
>   		if (rc)
>   			return rc;
> @@ -1157,6 +1163,8 @@ static int kvm_s390_shadow_tables(struct gmap *sg, unsigned long saddr,
>    * @vcpu: virtual cpu
>    * @sg: pointer to the shadow guest address space structure
>    * @saddr: faulting address in the shadow gmap
> + * @datptr: will contain the address of the faulting DAT table entry, or of
> + *          the valid leaf, plus some flags
>    *
>    * Returns: - 0 if the shadow fault was successfully resolved
>    *	    - > 0 (pgm exception code) on exceptions while faulting
> @@ -1165,11 +1173,11 @@ static int kvm_s390_shadow_tables(struct gmap *sg, unsigned long saddr,
>    *	    - -ENOMEM if out of memory
>    */
>   int kvm_s390_shadow_fault(struct kvm_vcpu *vcpu, struct gmap *sg,
> -			  unsigned long saddr)
> +			  unsigned long saddr, unsigned long *datptr)
>   {
>   	union vaddress vaddr;
>   	union page_table_entry pte;
> -	unsigned long pgt;
> +	unsigned long pgt = 0;
>   	int dat_protection, fake;
>   	int rc;
>   
> @@ -1191,8 +1199,20 @@ int kvm_s390_shadow_fault(struct kvm_vcpu *vcpu, struct gmap *sg,
>   		pte.val = pgt + vaddr.px * PAGE_SIZE;
>   		goto shadow_page;
>   	}
> -	if (!rc)
> -		rc = gmap_read_table(sg->parent, pgt + vaddr.px * 8, &pte.val);
> +
> +	switch (rc) {
> +	case PGM_SEGMENT_TRANSLATION:
> +	case PGM_REGION_THIRD_TRANS:
> +	case PGM_REGION_SECOND_TRANS:
> +	case PGM_REGION_FIRST_TRANS:
> +		pgt |= NOT_PTE;
> +		break;
> +	case 0:
> +		pgt += vaddr.px * 8;
> +		rc = gmap_read_table(sg->parent, pgt, &pte.val);
> +	}
> +	if (*datptr)
> +		*datptr = pgt | dat_protection * DAT_PROT;
>   	if (!rc && pte.i)
>   		rc = PGM_PAGE_TRANSLATION;
>   	if (!rc && pte.z)
> diff --git a/arch/s390/kvm/gaccess.h b/arch/s390/kvm/gaccess.h
> index f4c51756c462..fec26bbb17ba 100644
> --- a/arch/s390/kvm/gaccess.h
> +++ b/arch/s390/kvm/gaccess.h
> @@ -359,7 +359,10 @@ void ipte_unlock(struct kvm_vcpu *vcpu);
>   int ipte_lock_held(struct kvm_vcpu *vcpu);
>   int kvm_s390_check_low_addr_prot_real(struct kvm_vcpu *vcpu, unsigned long gra);
>   
> +#define DAT_PROT 2
> +#define NOT_PTE 4

What if our guest is using ASCE.R ?

-- 
Thanks,

David / dhildenb