Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp56845pxb; Wed, 30 Mar 2022 22:59:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxVSvYhp4Nct2PUy4bkh9w7/igsP7NJcDZQ75tFoYeR6Fs41Miy2Cg2HKxuJfD/tfdRU6yo X-Received: by 2002:a17:907:6e93:b0:6df:8c1a:d08b with SMTP id sh19-20020a1709076e9300b006df8c1ad08bmr3417577ejc.557.1648706390016; Wed, 30 Mar 2022 22:59:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648706390; cv=none; d=google.com; s=arc-20160816; b=XG6MCQvmGgU4uLjAY4zBSTvts49tFTswoR7BUnzDQzl/zYIQ+wt5mq0t99t4GEboXm Bu08LdCq3OW8GPCDfTWbZi0Z7huFa5rzVa6+pqvArSf3WSA8EdKlXsMIzKRLo8Bv1gH6 KYoV8BH9g6MwkQR50XsFxOyFlhCOiw49/LO2Rx6ZEKXSllXl+SnTQJ+iHdVtPy1VV7dk 7zW3Nze++L0cElWhtOfeIoofPGbPGK4NIxwk1215DfkZz8G6x9SnsLg1SXXg3XBdNKl9 k07tlzbaa3dnvL5MpT0GbDU2FveDGWwJ/ylGVDQM525stPKd87fWuYR6OudsS8slgkag KFxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=unVoyXmmnbcthsyySjVfJAE6mIlNHrJPVevLR8rHf7E=; b=wWiL9EnfAOqpvaDj1+ZlhDWcBI5klngP9OKdSsB4PhJuHyLvdu13MZxdIAADd+nHqE oJu2Ec4kCYf7t1trF3+dYfHHoS7+iTvnxwdKbrhwomrhBtuv4gLdme2gmW1eMj9pA+jr oySvVQrM5nY1BVXCwfOVjsvPVs5rXWjEY1nRx/L643tsBhl5WvdWy1HQV5JGj3qy/bHd 61qLy1BpGaBLaZ7HVaPLyUtmRLXv9ISUxdoA+yYg9agrO5vDtDswJU0ZulXzNKETTHiZ ZGoxKPeT8AlWkbbnyAuUanGnFPBZ4BW4VVySfDd07H682si/De+1gMA37A+dA2x2ISAG msoQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=NN8HjWL4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id zd21-20020a17090698d500b006dfad220facsi24297622ejb.474.2022.03.30.22.59.23; Wed, 30 Mar 2022 22:59:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=NN8HjWL4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229910AbiCaFpp (ORCPT + 99 others); Thu, 31 Mar 2022 01:45:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53140 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229721AbiCaFpn (ORCPT ); Thu, 31 Mar 2022 01:45:43 -0400 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E3408FD2; Wed, 30 Mar 2022 22:43:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1648705436; x=1680241436; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=32l1uw52vjX3hXWFSGOXFGPoiNZh7RQ9ud/xkeBw28U=; b=NN8HjWL4n5rOe6BIol17kSXbSZOl4r77RyoYWrk3t6BCmYTC3m6dUcQL SvXU3DH1xxNtTZol8L0FNcBDmX+GisOb9fxUAisamakkzvJEPOZ7OajMw rYgwuhQjvtbdjoNMh3K0r2aly3Qi9au5IjSjt0OUrsCu3ix047/wp3y7L ljNfDbeRkRr0yPNNjEswHFcQvd1EdtPA3mw8lC9ffOyACXvgIldz1AUk9 T66UP8VRpkM5t8qmKU+3K33WnhVcGO4kMa5Ei7hEr+ruHwJ5T8+k+LR5o 7nzyc6sRFFHrEao5Z72tpCWiG8aTVA7tbi8COqkaR7n45Ji9fPJFgL6vb g==; X-IronPort-AV: E=McAfee;i="6200,9189,10302"; a="346162846" X-IronPort-AV: E=Sophos;i="5.90,224,1643702400"; d="scan'208";a="346162846" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Mar 2022 22:43:56 -0700 X-IronPort-AV: E=Sophos;i="5.90,224,1643702400"; d="scan'208";a="566161887" Received: from cqiang-mobl.ccr.corp.intel.com (HELO [10.249.172.223]) ([10.249.172.223]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Mar 2022 22:43:53 -0700 Message-ID: <873f6789-6ec2-245c-d61d-98a14b546733@intel.com> Date: Thu, 31 Mar 2022 13:43:51 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0 Thunderbird/91.7.0 Subject: Re: [PATCH v6 5/7] KVM: MMU: Add support for PKS emulation Content-Language: en-US To: Sean Christopherson Cc: Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Xiaoyao Li , kvm@vger.kernel.org, linux-kernel@vger.kernel.org References: <20220221080840.7369-1-chenyi.qiang@intel.com> <20220221080840.7369-6-chenyi.qiang@intel.com> From: Chenyi Qiang In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 3/31/2022 5:27 AM, Sean Christopherson wrote: > On Mon, Feb 21, 2022, Chenyi Qiang wrote: >> @@ -277,14 +278,18 @@ static inline u8 permission_fault(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, >> WARN_ON(pfec & (PFERR_PK_MASK | PFERR_RSVD_MASK)); >> if (unlikely(mmu->pkr_mask)) { >> u32 pkr_bits, offset; >> + u32 pkr; >> >> /* >> - * PKRU defines 32 bits, there are 16 domains and 2 >> - * attribute bits per domain in pkru. pte_pkey is the >> - * index of the protection domain, so pte_pkey * 2 is >> - * is the index of the first bit for the domain. >> + * PKRU and PKRS both define 32 bits. There are 16 domains >> + * and 2 attribute bits per domain in them. pte_key is the >> + * index of the protection domain, so pte_pkey * 2 is the >> + * index of the first bit for the domain. The use of PKRU >> + * versus PKRS is selected by the address type, as determined >> + * by the U/S bit in the paging-structure entries. >> */ >> - pkr_bits = (vcpu->arch.pkru >> (pte_pkey * 2)) & 3; >> + pkr = pte_access & PT_USER_MASK ? vcpu->arch.pkru : kvm_read_pkrs(vcpu); > > Blindly reading PKRU/PKRS is wrong. I think this magic insanity will be functionally > correct due to update_pkr_bitmask() clearing the appropriate bits in pkr_mask based > on CR4.PK*, but the read should never happen. PKRU is benign, but I believe reading > PKRS will result in VMREAD to an invalid field if PKRU is supported and enabled, but > PKRS is not supported. > Nice catch. > I belive the easiest solution is: > > if (pte_access & PT_USER_MASK) > pkr = is_cr4_pke(mmu) ? vcpu->arch.pkru : 0; > else > pkr = is_cr4_pks(mmu) ? kvm_read_pkrs(vcpu) : 0; > > The is_cr4_pk*() helpers are restricted to mmu.c, but this presents a good > opportunity to extra the PKR stuff to a separate, non-inline helper (as a prep > patch). E.g. > > > WARN_ON(pfec & (PFERR_PK_MASK | PFERR_RSVD_MASK)); > if (unlikely(mmu->pkr_mask)) > u32 pkr_bits = kvm_mmu_pkr_bits(vcpu, mmu, pte_access, pte_pkey); > > errcode |= -pkr_bits & PFERR_PK_MASK; > fault |= (pkr_bits != 0); > } > > return -(u32)fault & errcode; > > permission_fault() is inline because it's heavily used for shadow paging, but > when using TDP, it's far less performance critical. PKR is TDP-only, so moving > it out-of-line should be totally ok (this is also why this patch is "unlikely"). Make sense, will do it.