Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp1257368rwb; Tue, 27 Sep 2022 10:23:03 -0700 (PDT) X-Google-Smtp-Source: AMsMyM70C8mGwWW2LrrRJ/eaakijYUmhNn52w1jsQeyG3LQXdBOf6ZcW4WPi9ZMcbGak46O2MLv9 X-Received: by 2002:a17:90b:2785:b0:203:6279:f03a with SMTP id pw5-20020a17090b278500b002036279f03amr5715204pjb.36.1664299383207; Tue, 27 Sep 2022 10:23:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664299383; cv=none; d=google.com; s=arc-20160816; b=SPD5ZlWGm8MwEyDwAo/NcLw/IGaGG7/RrTPtTE0ghN0i2x5GCO3juOjHxogBHFUGxE A+PJRUv/7mdhWXvAEWcM2aJI201jRtfllov9t9uvAJQF7vjF2X8Wp5wwaP7ezb+F/fKD nGLuktPe3HIU8658+YaY4k+dUyz0LfTNh6TJZThnQXR9npqon1WSZvo1Scd4cnrXb0R4 XboJ7e8yiWnvhzKzUaacBxcggs3HnH3m/bqStNzVuCoYrbPuCLhXe/yvdDGRSFDarRiA 9LXyYgxfUUJWiZnUjaBkb6jEfBLTpvGx33RGBzhhrt6DwmLMAzii+Zt7jmDVUXtbDSGN m93w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=hka2MB6GtBxZvbqko4sxk5z5NDTLJ3qOesEZCD0X7vU=; b=ene16xa62yijCNsunuRyxfW5z/Kfq1ZqJoGpD28JPy/FeuX3MQRF4eBdyPFBzL5DHh EChaJj9qiqYrwMpWYEo2TLo+2ki/nqwHtgAqAnZn7UZVC0bwpmnp6dj5Kyy+IRJNvKVs pNFxnCmIXBdGLzr+3LBKpbhugaCmr0FIYqeesCmz1OaMpzFRtQDvJto2qKvM8YwRr48y 6aU10wPRt0B9I2F6pdjFgi5J88GmtPr3hrEE3dAdgat41g8JnZ77HVHOyb1AyXoY8RyK ny5MSBO60nmpfcc6qV/m2hm6lmnOb7I9nk2FiqvA6DCdJotdpXvO2BPjLEpj7jyC7L6p XRhQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="i/cUOlzv"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p10-20020a1709028a8a00b00178112e5248si2154178plo.540.2022.09.27.10.22.50; Tue, 27 Sep 2022 10:23:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="i/cUOlzv"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229616AbiI0QoU (ORCPT + 99 others); Tue, 27 Sep 2022 12:44:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36410 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231602AbiI0QoR (ORCPT ); Tue, 27 Sep 2022 12:44:17 -0400 Received: from mail-pj1-x102e.google.com (mail-pj1-x102e.google.com [IPv6:2607:f8b0:4864:20::102e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6718A1E05E3 for ; Tue, 27 Sep 2022 09:44:15 -0700 (PDT) Received: by mail-pj1-x102e.google.com with SMTP id a5-20020a17090aa50500b002008eeb040eso1575309pjq.1 for ; Tue, 27 Sep 2022 09:44:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date; bh=hka2MB6GtBxZvbqko4sxk5z5NDTLJ3qOesEZCD0X7vU=; b=i/cUOlzvOFqjpGlqE7Jt5HlWISkyhBpSqtHRYPwIs2x/jE14c88WOLIDeVswI5sXGi /JZEoefvgVUIUeEmIgtO345p6YNqrwTSqHX1ME9QhHmNciQix8sRA9s3FCuUhDawbhh8 4EspsgU1Z30HYK8eA575FPhVusVE7l+aj5FGoGsPLxSFF9GSmvIlt+pIK7FI/YInT1nT CKxSDbXfHgxDKQmQarcXrnT+OufYvQFXHZ52c1Zf8qINJbeZtGzQhsJAPdd9MY16bagL Gyw9A2mOz0JDIEOkepz+uaJEDHNgCbyV474fp0QClmBSRxtevHIoZQV7LlPiVYK1eqZV YOKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date; bh=hka2MB6GtBxZvbqko4sxk5z5NDTLJ3qOesEZCD0X7vU=; b=AILzJUNnRvXnO9tbyYd2Mmh8ZAfy6/AfY6qYo0DoILdJ3WwoHNB/CNKt+gCRmjlqXs i/0NL5xGKDRdn1pOO0rMU8epNZQo/Snc5XQXfgpj+TLPoFEl1tKTEag6x8Mh/1yrToBC knIC9WsgdnEKp9W6qJ9eZpUXtRAQ8QUcpFxzqsEFe/M26aMEs7EBeS+KDquUIu65+Iib zbq0oQaEWPVdcpUV9LPHR5Yf5pWOwpMMu2QS6j/TVYfis+Io53QVRzCvcgAinIfDpDSN ChxEFwCTjgjXBdqOt46M2uWKtt61YQAEldV8box7bj5YktmjVZVrrAkY60NqmS2ahMvm dIUg== X-Gm-Message-State: ACrzQf1BFFvPfI6zD69S3aGDNNP8xgxX8qATwS+H8/ee/XwKTB22w1+8 bdWlMmMsfKZC4j1JmaTbVMP+KQ== X-Received: by 2002:a17:903:247:b0:179:b5e1:54b7 with SMTP id j7-20020a170903024700b00179b5e154b7mr27777288plh.84.1664297054476; Tue, 27 Sep 2022 09:44:14 -0700 (PDT) Received: from google.com (7.104.168.34.bc.googleusercontent.com. [34.168.104.7]) by smtp.gmail.com with ESMTPSA id mn22-20020a17090b189600b001fde265ff4bsm158957pjb.4.2022.09.27.09.44.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Sep 2022 09:44:13 -0700 (PDT) Date: Tue, 27 Sep 2022 16:44:10 +0000 From: Sean Christopherson To: Robert Hoo Cc: David Matlack , Hou Wenlong , kvm list , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , X86 ML , "H. Peter Anvin" , Lan Tianyu , LKML Subject: Re: [PATCH v2 1/6] KVM: x86/mmu: Fix wrong gfn range of tlb flushing in validate_direct_spte() Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Sep 27, 2022, Robert Hoo wrote: > On Tue, 2022-09-20 at 11:44 -0700, David Matlack wrote: > > That being said, we might as well replace the WARN_ON_ONCE() with > > KVM_BUG_ON(). That will still do a WARN_ON_ONCE() but has the added > > benefit of terminating the VM. > > Yeah, here was my point, WARN_ON_ONCE() might not be warning obviously > enough, as it usually for recoverable cases. But terminating VM is also > over action I think. Agreed, from the helper's perspective, killing the VM is unnecessary, e.g. it can simply flush the entire TLB as a fallback. if (WARN_ON_ONCE(!sp->role.direct)) { kvm_flush_remote_tlbs(kvm); return; } But looking at the series as a whole, I think the better option is to just not introduce this helper. There's exactly one user, and if that path encounters an indirect shadow page then KVM is deep in the weeds. But that's a moot point, because unless I'm misreading the flow, there's no need for the unique helper. kvm_flush_remote_tlbs_sptep() will do the right thing even if the target SP happens to be indirect. If we really want to assert that the child is a direct shadow page, then validate_direct_spte() would be the right location for such an assert. IMO that's unnecessary paranoia. The odds of KVM reaching this point with a completely messed up shadow paging tree, and without already having hosed the guest and/or yelled loudly are very, very low. In other words, IMO we're getting too fancy for this one and we should instead simply do: child = to_shadow_page(*sptep & SPTE_BASE_ADDR_MASK); if (child->role.access == direct_access) return; drop_parent_pte(child, sptep); kvm_flush_remote_tlbs_sptep(kvm, sptep); That has the added benefit of flushing the same "thing" that is zapped, i.e. both operate on the parent SPTE, not the child. Note, kvm_flush_remote_tlbs_sptep() operates on the _parent_, where the above snippets retrieves the child. This becomes much more obvious once spte_to_child_sp() comes along: https://lore.kernel.org/all/20220805230513.148869-8-seanjc@google.com.