Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp892261pxf; Wed, 7 Apr 2021 14:19:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwELytFwuW3hW8Oa+7+cnQpuJXMvdspLhwXpWlqnzyFmUB3C80DMganiaFwMJm/zwsRhQ6u X-Received: by 2002:a05:6e02:1285:: with SMTP id y5mr4446934ilq.4.1617830342355; Wed, 07 Apr 2021 14:19:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617830342; cv=none; d=google.com; s=arc-20160816; b=VDwWXfYzXBOypZ5yCYnVxrQlgomibIX9Z9FqS5idvRZVomxg/TvmLbSDX0nEVzboUx NWCsCke53GFWFvgXTR56hxz21dBRW2+wZlbgYPhQ4O3BxxqqQ7A+i+2g55pGBXf110QL vN64BfytIut8v873QpxIpYDANuNd1gZM/dQyovesh+fOMH+QRKYMYhJ8f/Oxrr3E1vJz +kLocxXfCLv9A57ZG6EXr5t75PFRhdzgsP0ug1PyM6j3bDKKFtRyrFxZW+O5VtpYIQID UKXmipLceRALM8bV5LI/bR2yxg5QcqknE7ci2+/7sa9lH3MdFjcdfYckUT7CEpgbIjwn lb+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:subject :organization:from:references:cc:to:dkim-signature; bh=rHuby28rSVBEts9hw5b8nEC5zGAh17eoAFfYGcwxu7Q=; b=JeEjBWIZeH9kM1fwY2idkLHn77fK3iByuBSt0dKPaxbczm6AFuzL+hq/Kpd5MNeKKR 9uoOoOiZhuqLew5QfvbTbxyqZC4H+1ktNESm/SxsE0XHF9cF91N1Cb994ssMk8N/UWVe JzL7vkksMH5C/pRfx+AXtp2mffLWvyLKYWxOOrcctz0tM7zy8TgCXAdE1LJKN6a/mTdL TllS77wYGiau9WvapkKWIFAkFHgYEgf+wBA05WZdoIELHH1oEjYEgi/XuqBz3RMvhNCo vV3LCyvApgKP0t75SDTtDAAcLljuN3D/NLy/SMi58OcL9988kCg02L88gj9cu3KQUyPs 2vdQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=g2AgWffp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y16si22111666jaq.71.2021.04.07.14.18.50; Wed, 07 Apr 2021 14:19:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=g2AgWffp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1353588AbhDGPaa (ORCPT + 99 others); Wed, 7 Apr 2021 11:30:30 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:57270 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1353563AbhDGPa2 (ORCPT ); Wed, 7 Apr 2021 11:30:28 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1617809418; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rHuby28rSVBEts9hw5b8nEC5zGAh17eoAFfYGcwxu7Q=; b=g2AgWffpn6TO+hohi/KwachzJcLKc8nwRf+xbuNds2r5tLGItbf5tJpit5VIF7oxb6MPR8 X4e2gC22ibsysWraW/OYUspBU0LY4j0j48ccQOjRHX/a0/yJVz2hHn9LIockHAjuARdSKJ OfqWPQzcDMMzR+v4pLFwg40rNvxm2Z0= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-180-H2GLtm1WMquhgnK143jYrw-1; Wed, 07 Apr 2021 11:30:14 -0400 X-MC-Unique: H2GLtm1WMquhgnK143jYrw-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 08789107ACF2; Wed, 7 Apr 2021 15:30:12 +0000 (UTC) Received: from [10.36.114.68] (ovpn-114-68.ams2.redhat.com [10.36.114.68]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1B45419C78; Wed, 7 Apr 2021 15:30:06 +0000 (UTC) To: Catalin Marinas , Steven Price Cc: Mark Rutland , Peter Maydell , "Dr. David Alan Gilbert" , Andrew Jones , Haibo Xu , Suzuki K Poulose , qemu-devel@nongnu.org, Marc Zyngier , Juan Quintela , Richard Henderson , linux-kernel@vger.kernel.org, Dave Martin , James Morse , linux-arm-kernel@lists.infradead.org, Thomas Gleixner , Will Deacon , kvmarm@lists.cs.columbia.edu, Julien Thierry References: <20210327152324.GA28167@arm.com> <20210328122131.GB17535@arm.com> <20210330103013.GD18075@arm.com> <8977120b-841d-4882-2472-6e403bc9c797@redhat.com> <20210331092109.GA21921@arm.com> <86a968c8-7a0e-44a4-28c3-bac62c2b7d65@arm.com> <20210331184311.GA10737@arm.com> <20210407151458.GC21451@arm.com> From: David Hildenbrand Organization: Red Hat GmbH Subject: Re: [PATCH v10 2/6] arm64: kvm: Introduce MTE VM feature Message-ID: <396423df-5c30-67f6-fcba-c041c08eef7e@redhat.com> Date: Wed, 7 Apr 2021 17:30:05 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 MIME-Version: 1.0 In-Reply-To: <20210407151458.GC21451@arm.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 07.04.21 17:14, Catalin Marinas wrote: > On Wed, Apr 07, 2021 at 11:20:18AM +0100, Steven Price wrote: >> On 31/03/2021 19:43, Catalin Marinas wrote: >>> When a slot is added by the VMM, if it asked for MTE in guest (I guess >>> that's an opt-in by the VMM, haven't checked the other patches), can we >>> reject it if it's is going to be mapped as Normal Cacheable but it is a >>> ZONE_DEVICE (i.e. !kvm_is_device_pfn() + one of David's suggestions to >>> check for ZONE_DEVICE)? This way we don't need to do more expensive >>> checks in set_pte_at(). >> >> The problem is that KVM allows the VMM to change the memory backing a slot >> while the guest is running. This is obviously useful for the likes of >> migration, but ultimately means that even if you were to do checks at the >> time of slot creation, you would need to repeat the checks at set_pte_at() >> time to ensure a mischievous VMM didn't swap the page for a problematic one. > > Does changing the slot require some KVM API call? Can we intercept it > and do the checks there? User space can simply mmap(MAP_FIXED) the user space area registered in a KVM memory slot. You cannot really intercept that. You can only check in the KVM MMU code at fault time that the VMA which you hold in your hands is still in a proper state. The KVM MMU is synchronous, which means that updates to the VMA layout are reflected in the KVM MMU page tables -- e.g., via mmu notifier calls. E.g., in s390x code we cannot handle VMAs with gigantic pages. We check that when faulting (creating the links in the page table) via __gmap_link(). You could either check the page itself (ZONE_DEVICE) or might even be able to check via the VMA/file. -- Thanks, David / dhildenb