Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp1060933pxb; Fri, 1 Apr 2022 03:37:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxtstzJy71+hog5xkvQs6bjyHl5ojq/nnaQFPvv/YVTjNyMtqcqn+U98KodqXnr8eUviBXI X-Received: by 2002:a17:906:9b95:b0:6e0:6f6b:997 with SMTP id dd21-20020a1709069b9500b006e06f6b0997mr8371728ejc.367.1648809452910; Fri, 01 Apr 2022 03:37:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648809452; cv=none; d=google.com; s=arc-20160816; b=mLDHmhX14vrrbYrI3mYGHUAZIKMj8dFj63AvVAjV3NlCec/E776Z8U7BF3nHGuitmW 4yTln0dUPocC2FNRfk9aFRQI5fS+9VxMowWFsn+wbxSvdPMNXcI5mhvKo3aCb/4ITNix 8dTMX6Vn+82kKxsfA8lxJLG3qhogE2Cml7Nc8vgP5FrviJsTq2QbRFrpUcGgPxbXJG/K 2teyt+wKfGX1mFyJEpRd2SJwulZqRWb6+c9m/JOt8wmAG9+4xuLIKtA5sSm5eEH1zS8S /+sQ9aw585TUk1F0QnekU/qOlP/iQbvZNIyKQ3N/CM/mGJvNhiMTWpLdHbJook6YOd7e pFbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=6xhUFLRScuyFCnUhUoIR3SPfrzjg+j6qyCN8RW8eGig=; b=JMcSG0NLCsmEsXEiZuKrq4AtuCivCheMaEMGiawSmcdgH7g+VC4meZJZIphYKYFbf5 RRj1D4oMRT8rbaTkrEULaiExQRuxnZE4z/iQ2+xPhwtMK2JAS58kRYGQ+/EvMEiaAWCt YtODff0CQh5n1VezOMwPYpeQFtXlVSUtbBCjbc2VBvoAY4Gvgw1TWAKKoDV9SsIypPPM qNpzb2yFreoVmfwdypsk09FxDfiN8ajymX/W7E9i4r1MgBgi99z8ZL/4mQSNhC6jaiCI qexZ17WoXWhS0t/ERDgKW3MQYr6xdwVhor0dBtaNkwnKOcFJpqDeUineuYbJlCB5GVMx Xr7w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=cuv4YQG5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s10-20020a50daca000000b004198e823191si1312595edj.317.2022.04.01.03.37.07; Fri, 01 Apr 2022 03:37:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=cuv4YQG5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238029AbiCaTCv (ORCPT + 99 others); Thu, 31 Mar 2022 15:02:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52292 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238038AbiCaTCs (ORCPT ); Thu, 31 Mar 2022 15:02:48 -0400 Received: from mail-pj1-x102e.google.com (mail-pj1-x102e.google.com [IPv6:2607:f8b0:4864:20::102e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C19441C8A96 for ; Thu, 31 Mar 2022 12:01:00 -0700 (PDT) Received: by mail-pj1-x102e.google.com with SMTP id a16-20020a17090a6d9000b001c7d6c1bb13so319693pjk.4 for ; Thu, 31 Mar 2022 12:01:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=6xhUFLRScuyFCnUhUoIR3SPfrzjg+j6qyCN8RW8eGig=; b=cuv4YQG5MhHIlxGxGuK8VWdC9U8nDgoP1kzwTDzs5EyNCNy8rN4SwPQDWAVBywvesN EvNGP8X7KSwj1vBpUHEBsRnkaTffUo6CSmYbWuEuRADNw5vRD25X3RFa9nFHwdMRofzg 5kQXICBz5BsL25hQAMVOjA8L6Fy8AI1yifJs5EpM/CUH1MQa5AOr8V1Dh2SfBMF1hH02 mN+HrQRF5mAaEP8fkB5MCMsFD9+90nPv4oy5b91NYlNHk+f7Vyv8zsIQHIrVaBD+c21W /yEHBJRog/07hBAPKfz6+2NGxVuXoQXEFSgzCJDdPIWX6C3UEJEe5SVyyJpb1Rq3vqcN 6TwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=6xhUFLRScuyFCnUhUoIR3SPfrzjg+j6qyCN8RW8eGig=; b=ytegu2VPQX1JWzKaJINdtgF1FfQRN/nRjw/98X4pr9A7QmOU8dFRgG5jJ98D5rST7E ajHosnFZduWcTx9PAKfv074is1jBhp6Z/yMaSuBnjpJPfN1a2rKQS4idRlbq6CbdTx7T T8TLv+L0kQypy2/tuydz32c7RUjddPeYrFh3ZBDU473eYwF4M1DWQICEFQEH+FArSCgr zInkDgc3EDUnIGaUkZ/FYnQmfqJkUMWROGetm5tCxSjjxQ4ZmIMw1S841h1+6ziTGpgF tAbjMunwhInL+hDzijKQT6iUZWQYAs/uoWQ4JqD9QFlS+aVyMoUacuPyEALyRMJGoz9r QTAw== X-Gm-Message-State: AOAM530sEWZjr6V9GXYux3kN2FuQdyBtMxXDW7no5ktIZgam7NQLESSP XJmWDO6TLyVB33nIXhBT385mbw== X-Received: by 2002:a17:902:6b8b:b0:14d:66c4:f704 with SMTP id p11-20020a1709026b8b00b0014d66c4f704mr43195285plk.53.1648753260011; Thu, 31 Mar 2022 12:01:00 -0700 (PDT) Received: from google.com (157.214.185.35.bc.googleusercontent.com. [35.185.214.157]) by smtp.gmail.com with ESMTPSA id h13-20020a056a00230d00b004f427ffd485sm225805pfh.143.2022.03.31.12.00.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 31 Mar 2022 12:00:59 -0700 (PDT) Date: Thu, 31 Mar 2022 19:00:56 +0000 From: Sean Christopherson To: Peter Gonda Cc: "Nikunj A. Dadhania" , Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Brijesh Singh , Tom Lendacky , Bharata B Rao , "Maciej S . Szmigiero" , Mingwei Zhang , David Hildenbrand , kvm list , LKML Subject: Re: [PATCH RFC v1 0/9] KVM: SVM: Defer page pinning for SEV guests Message-ID: References: <20220308043857.13652-1-nikunj@amd.com> <5567f4ec-bbcf-4caf-16c1-3621b77a1779@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 31, 2022, Peter Gonda wrote: > On Wed, Mar 30, 2022 at 10:48 PM Nikunj A. Dadhania wrote: > > On 3/31/2022 1:17 AM, Sean Christopherson wrote: > > > On Wed, Mar 30, 2022, Nikunj A. Dadhania wrote: > > >> On 3/29/2022 2:30 AM, Sean Christopherson wrote: > > >>> Let me preface this by saying I generally like the idea and especially the > > >>> performance, but... > > >>> > > >>> I think we should abandon this approach in favor of committing all our resources > > >>> to fd-based private memory[*], which (if done right) will provide on-demand pinning > > >>> for "free". > > >> > > >> I will give this a try for SEV, was on my todo list. > > >> > > >>> I would much rather get that support merged sooner than later, and use > > >>> it as a carrot for legacy SEV to get users to move over to its new APIs, with a long > > >>> term goal of deprecating and disallowing SEV/SEV-ES guests without fd-based private > > >>> memory. > > >> > > >>> That would require guest kernel support to communicate private vs. shared, > > >> > > >> Could you explain this in more detail? This is required for punching hole for shared pages? > > > > > > Unlike SEV-SNP, which enumerates private vs. shared in the error code, SEV and SEV-ES > > > don't provide private vs. shared information to the host (KVM) on page fault. And > > > it's even more fundamental then that, as SEV/SEV-ES won't even fault if the guest > > > accesses the "wrong" GPA variant, they'll silent consume/corrupt data. > > > > > > That means KVM can't support implicit conversions for SEV/SEV-ES, and so an explicit > > > hypercall is mandatory. SEV doesn't even have a vendor-agnostic guest/host paravirt > > > ABI, and IIRC SEV-ES doesn't provide a conversion/map hypercall in the GHCB spec, so > > > running a SEV/SEV-ES guest under UPM would require the guest firmware+kernel to be > > > properly enlightened beyond what is required architecturally. > > > > > > > So with guest supporting KVM_FEATURE_HC_MAP_GPA_RANGE and host (KVM) supporting > > KVM_HC_MAP_GPA_RANGE hypercall, SEV/SEV-ES guest should communicate private/shared > > pages to the hypervisor, this information can be used to mark page shared/private. > > One concern here may be that the VMM doesn't know which guests have > KVM_FEATURE_HC_MAP_GPA_RANGE support and which don't. Only once the > guest boots does the guest tell KVM that it supports > KVM_FEATURE_HC_MAP_GPA_RANGE. If the guest doesn't we need to pin all > the memory before we run the guest to be safe to be safe. Yep, that's a big reason why I view purging the existing SEV memory management as a long term goal. The other being that userspace obviously needs to be updated to support UPM[*]. I suspect the only feasible way to enable this for SEV/SEV-ES would be to restrict it to new VM types that have a disclaimer regarding additional requirements. [*] I believe Peter coined the UPM acronym for "Unmapping guest Private Memory". We've been using it iternally for discussion and it rolls off the tongue a lot easier than the full phrase, and is much more precise/descriptive than just "private fd".