Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp1886477pxj; Wed, 19 May 2021 16:45:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzKldFSaCmc3ViuQjIxpIsm3R5LO5W1gwyKen3bTSo+UDW1GhrSrRFrjNXVtQEQX6Urf+m2 X-Received: by 2002:a05:6402:17d9:: with SMTP id s25mr1670324edy.337.1621467954743; Wed, 19 May 2021 16:45:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621467954; cv=none; d=google.com; s=arc-20160816; b=equD6G3Z4+5aMFSfMA8jTVtGg2fJw1DX6VOtW4tmdE2jupeFIPwLmEJFBXizpe4y4z 4oXj1tzDQzbVuCQYwuNzjf8mmkYjOKRjxfhtR7R5EH6RDptpy3LJbMT5l2deaI1IHi09 6hGAQUUp645g8hKbU0RJnMx32ryQGcXPiB4lnXpurlKTByOewMaPcxfVcb6cKtoZUmQT Hgdb1Y8VcLMprWMIRoZK3DDkOiqqTkkWilZYrFdWV7s1igrSTAyRWy3Zwda4wnSpnPw0 vIBEiRKxYqmLYG4q8olMuJipoGZWX4dCRopQ3dt0WzmqyW0j3dBj5ejISm7XBHlU5DSu XHoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=nZuNfGfiKyXKRGv3YKg4ctxDIT6bECxQ0f3JGFBP+Jc=; b=CTUTErNi9vv26rjAFHJaWv578oMGspYnhQLS9tpJjAo1n+w2e2lj8xBj69KyYGlGl7 YIbIyqzzDKypWUafAA7YkSctFxjcE0u9G9i7huQsCqCSdeUg1MHLZPn1DBNvFB9Di2gf cfYrOuYXfglIE+DzUfZVM/j28HAUYHDl3p7YT7j6Yc4Q3B6Zt1TbNMzBhjliKJ5a+v2/ SUuQieASdFcqXr7/YjMIDYGLxwsxKT5MHC5QYPaKNZN3mNzuKM109Cbac7Bt/DJw9El0 LhZ34sFYYPMj72RhkOqnDG3tKwf2oUtjftqYCuE6Zq5ITcaBTEFYiyhGO3PuFRXO106U ziTQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Sgx3LcjY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f6si1016303ejk.677.2021.05.19.16.45.31; Wed, 19 May 2021 16:45:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Sgx3LcjY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230138AbhESXpv (ORCPT + 99 others); Wed, 19 May 2021 19:45:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54964 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230062AbhESXps (ORCPT ); Wed, 19 May 2021 19:45:48 -0400 Received: from mail-pg1-x534.google.com (mail-pg1-x534.google.com [IPv6:2607:f8b0:4864:20::534]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D2D76C061574 for ; Wed, 19 May 2021 16:44:27 -0700 (PDT) Received: by mail-pg1-x534.google.com with SMTP id k15so10553780pgb.10 for ; Wed, 19 May 2021 16:44:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=nZuNfGfiKyXKRGv3YKg4ctxDIT6bECxQ0f3JGFBP+Jc=; b=Sgx3LcjYq6ETYEDY47hsYdaRrCnGN5F+wvbCKhFTmXMWw0u20UAbMuFGPG9jqIUIDU P7xy6mX2t46w8BN7ogPNyFnieYyRV1A5wNHWtckVTaOalBCdY2k7i8vqSzUaeIOv1HJm SdhnOlnT85Ku+HNVywQC6S0Q0CSpGbSV0jji0h4u0H9ZZUbw2Oc2PaGvP3QqVTLp8v0a ndubfFE0z+CIhyCbHHksip7jVF0c4qS1bEXgLcb/8gbO/zaMys9Od89i9374vQ0nkfkK fpPfQX8A8bK+ARVFMCi1+CZ1hnIlV089tUlC1ZxUt4UrYtf3X/fOG88O+/RFSOPkzxu2 UgYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=nZuNfGfiKyXKRGv3YKg4ctxDIT6bECxQ0f3JGFBP+Jc=; b=OnbJ3Ra3VtKbdo/OozVmodeW8WrwnpCp59vvOGkCxDfNPP+OOx3fiGZAeCx8XtlE4p 5TFhMt7QQL51ReyfGIxf42DBolb5WQO8XUmlzn+F7hnN7l6xWbs+HjF/P3cGmfAAIfKf N82q6SUdYHsZfySMTnMIFhNURUsWOgptsPe/ph1m4kn8un0o+F7lwhHCyejlE7Dwl26M bnj0MK4XS7kjYpVZUJysQfsSUdwoaMwbpT1xulIXKT8In3EVDCLRvRQqcR/WUiKAM6UN rtrVGI8Stv6Ah3/LQ+wcgmTsg5lQBLs3icuxU3OdRJeBZvTwEZr8OjKTr8LMLhNbLp7R i7mw== X-Gm-Message-State: AOAM532r1NVcdjy0ASbhdAx7sVNfimt1LvBqWl/bX257R31huTNztmcA M0ILGNw5pI25G2u3dh8ApBES5g== X-Received: by 2002:a63:ba03:: with SMTP id k3mr1612845pgf.81.1621467867151; Wed, 19 May 2021 16:44:27 -0700 (PDT) Received: from google.com (240.111.247.35.bc.googleusercontent.com. [35.247.111.240]) by smtp.gmail.com with ESMTPSA id v14sm364605pgl.86.2021.05.19.16.44.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 19 May 2021 16:44:26 -0700 (PDT) Date: Wed, 19 May 2021 23:44:22 +0000 From: Sean Christopherson To: Andy Lutomirski Cc: Borislav Petkov , Ashish Kalra , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Joerg Roedel , thomas.lendacky@amd.com, the arch/x86 maintainers , kvm list , Linux Kernel Mailing List , srutherford@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: Re: [PATCH v2 2/4] mm: x86: Invoke hypercall when page encryption status is changed Message-ID: References: <86701a5e-87b5-4e73-9b7a-557d8c855f89@www.fastmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <86701a5e-87b5-4e73-9b7a-557d8c855f89@www.fastmail.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 19, 2021, Andy Lutomirski wrote: > On Wed, May 12, 2021, at 6:15 AM, Borislav Petkov wrote: > > On Fri, Apr 23, 2021 at 03:58:43PM +0000, Ashish Kalra wrote: > > > +static inline void notify_page_enc_status_changed(unsigned long pfn, > > > + int npages, bool enc) > > > +{ > > > + PVOP_VCALL3(mmu.notify_page_enc_status_changed, pfn, npages, enc); > > > +} > > > > Now the question is whether something like that is needed for TDX, and, > > if so, could it be shared by both. > > The TDX MapGPA call can fail, and presumably it will fail if the page is not > sufficiently quiescent from the host's perspective. Barring a guest bug, e.g. requesting a completely non-existent page, MapGPA shouldn't fail. The example in the the GHCI: Invalid operand – for example, the GPA may be already mapped as a shared page. makes no sense to me. An already-mapped page would be an -EBUSY style error, not an invalid operand, and IIRC, I explicitly lobbied against allowing the VMM to return "try again" precisely because it's impossible for the guest to handle in a sane manner. If the physical page is in a state that requires stalling the vCPU, then the VMM is supposed to do exactly that, not punt the problem to the guest. Maybe we should get stronger language into the GHCI? > It seems like a mistake to me to have a KVM-specific hypercall for this that > cannot cleanly fail.