Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp7802613rwb; Wed, 23 Nov 2022 10:56:52 -0800 (PST) X-Google-Smtp-Source: AA0mqf7DayIdvBp6VJBQKCMcfsxj8HUNtCrqSeECVGQaMZaJ2IMAfSabqdoFIFWhhjGSpD8W1Jw9 X-Received: by 2002:a63:121a:0:b0:477:6ccb:9f1d with SMTP id h26-20020a63121a000000b004776ccb9f1dmr9066749pgl.537.1669229812746; Wed, 23 Nov 2022 10:56:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669229812; cv=none; d=google.com; s=arc-20160816; b=pLfn2RjHYW3lBIy3lV/2cjOjyzocUNDYW1C09y+r0k9/CQouaCE0LCCQVkSBO8JvnH a3/4VTJROyI42fYQvP+fUvQm2AqQk9QYGEEq99ns0GZ271MlVoY3rlS1G7BmfB3AWB2j J5kSZ1pAr+k+THBETmigtjVodz4USE7/DzB8LPQXfJLUE1exsG04sNNbb8Vw8n5wdpWl 7nnb6xpGD0gIB4cJIHY0V2kcppFjOAHOue3pz3cTidjuOI51e27ycIExp4f1o8bmQ4yO s77TreiSejzHcJzZxxUlbnoPTFUzB70M2JiLpCRnwQQY5kfI45AVF3Rv1DdQpXFvj1V7 MBcg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=JBAHsDOjy5OO4Ngubx5UMoEA0/sDtPMwp6OMmJM5Kq8=; b=BaqpDU6GMBeD3BdK75utQmpx89wvD2297SHDQkqm418S09z77YQ08vP8YFXSZYIIkU YKhCZBRkdUjXGv+viKWXytUpTbHBqiVq/bbtN1UvvxZ5vgqMlHq9ZMS0YUiaWAkPw2wr VGfjx/P3ijYwo7lXG1VfwIF19q4c9YQitEknx6nGTs1aOMJSw3JJGweYTQlcNwwHV7Pa W8HcUWp21XSliRuS1yp32MeiZgtc11yo7bjZPR2+SVPP4tp2f08SK/rwog1JjMv2QR/J zUQIwbgOqz7TgNFB+kHym5fxQTvUsVfNRVztitkT7dtQYZERT54gTrCcmCYSDOLfnAlJ bUsA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=j0pjNho9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d17-20020a170902729100b001893627cc84si3764182pll.243.2022.11.23.10.56.40; Wed, 23 Nov 2022 10:56:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=j0pjNho9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239462AbiKWSCv (ORCPT + 88 others); Wed, 23 Nov 2022 13:02:51 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53594 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239354AbiKWSCU (ORCPT ); Wed, 23 Nov 2022 13:02:20 -0500 Received: from mail-pl1-x631.google.com (mail-pl1-x631.google.com [IPv6:2607:f8b0:4864:20::631]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8D7B093700 for ; Wed, 23 Nov 2022 10:02:16 -0800 (PST) Received: by mail-pl1-x631.google.com with SMTP id w4so8548060plp.1 for ; Wed, 23 Nov 2022 10:02:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=JBAHsDOjy5OO4Ngubx5UMoEA0/sDtPMwp6OMmJM5Kq8=; b=j0pjNho9RlZm19Tehr3FVjo7Db8885B4Y7xkdDdUAoWctaEVu0QXpeH4dAhlT+H/66 rXShciLYPKXX/As5ej1NnFhKVYsgqZOAIM86zq/8g4IoL0rpFkAis4hyMIxH32ObpzTD q12ac2q20Bq/175aKSlrDsis/kh1ZErXHlsfXaFF0vLM0VKl7Q/KOGrAwfHxRNQmXI/O driosPsB+7yejIXs59Nh7GScXFt/2qGI69bVfBSTlUwjFNjy1R5omvxslKZApaKKy6Vb bCz1WtnxHp4F2zgsQTYD/KhQpB2n22TuYLklkc67sIj+R3YF0oMYZg8xQcjMBvZBgqVR chmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=JBAHsDOjy5OO4Ngubx5UMoEA0/sDtPMwp6OMmJM5Kq8=; b=hLKZq3PGL4TQ8YmyRh7gc5Wsc1t1aS1g3ssc7NuZJtuFWXEo8rJnbR+XFLyuU3MLs7 eKwFJOcq/aNGXqmkjCMF1t/AJjq7/W+QAE/q66bD0DMk0QWHz6Pt9LrKgU3IDFcMs1Fk APO54j136bFhR4HxJEt5zt0XI/Fufqo1TdNMPVDJu03jeDMtXpA+OL6BneExonzLjPNz E89dk6Gj8SPQ2J8myjyyMVPX8Wo+toNFt020DQYIP2FVSMBOaM39yC6tTHp2RY3MCZKu gp4wbL6+sDHIjYJEi2VpfDen+xzGCsO59U2PNcjIfBHbM75t/YWSBA4AZuqgh3PvuxAZ wL2A== X-Gm-Message-State: ANoB5pnwfwxKDu5mkEqbjAf1OGSQWqs50asHtPxYY/WVsiZvRwI6zECG q7E2s6viekBsk/AMj6B4bEqMVA== X-Received: by 2002:a17:902:da89:b0:189:8b2:b069 with SMTP id j9-20020a170902da8900b0018908b2b069mr10756414plx.13.1669226535720; Wed, 23 Nov 2022 10:02:15 -0800 (PST) Received: from google.com (7.104.168.34.bc.googleusercontent.com. [34.168.104.7]) by smtp.gmail.com with ESMTPSA id w26-20020a63475a000000b00462612c2699sm11075143pgk.86.2022.11.23.10.02.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 23 Nov 2022 10:02:15 -0800 (PST) Date: Wed, 23 Nov 2022 18:02:11 +0000 From: Sean Christopherson To: Chao Peng Cc: Alex =?utf-8?B?QmVubu+/vWU=?= , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, linux-doc@vger.kernel.org, qemu-devel@nongnu.org, Paolo Bonzini , Jonathan Corbet , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, "H . Peter Anvin" , Hugh Dickins , Jeff Layton , "J . Bruce Fields" , Andrew Morton , Shuah Khan , Mike Rapoport , Steven Price , "Maciej S . Szmigiero" , Vlastimil Babka , Vishal Annapurve , Yu Zhang , "Kirill A . Shutemov" , luto@kernel.org, jun.nakajima@intel.com, dave.hansen@intel.com, ak@linux.intel.com, david@redhat.com, aarcange@redhat.com, ddutile@redhat.com, dhildenb@redhat.com, Quentin Perret , tabba@google.com, Michael Roth , mhocko@suse.com, Muchun Song , wei.w.wang@intel.com Subject: Re: [PATCH v9 3/8] KVM: Add KVM_EXIT_MEMORY_FAULT exit Message-ID: References: <20221025151344.3784230-4-chao.p.peng@linux.intel.com> <87cz9o9mr8.fsf@linaro.org> <20221116031441.GA364614@chaop.bj.intel.com> <87mt8q90rw.fsf@linaro.org> <20221117134520.GD422408@chaop.bj.intel.com> <87a64p8vof.fsf@linaro.org> <20221118013201.GA456562@chaop.bj.intel.com> <87o7t475o7.fsf@linaro.org> <20221122095022.GA617784@chaop.bj.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221122095022.GA617784@chaop.bj.intel.com> X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Nov 22, 2022, Chao Peng wrote: > On Fri, Nov 18, 2022 at 03:59:12PM +0000, Sean Christopherson wrote: > > On Fri, Nov 18, 2022, Alex Benn?e wrote: > > > > We don't actually need a new bit, the opposite side of private is > > > > shared, i.e. flags with KVM_MEMORY_EXIT_FLAG_PRIVATE cleared expresses > > > > 'shared'. > > > > > > If that is always true and we never expect a 3rd type of memory that is > > > fine. But given we are leaving room for expansion having an explicit bit > > > allows for that as well as making cases of forgetting to set the flags > > > more obvious. > > > > Hrm, I'm on the fence. > > > > A dedicated flag isn't strictly needed, e.g. even if we end up with 3+ types in > > this category, the baseline could always be "private". > > The baseline for the current code is actually "shared". Ah, right, the baseline needs to be "shared" so that legacy code doesn't end up with impossible states. > > I do like being explicit, and adding a PRIVATE flag costs KVM practically nothing > > to implement and maintain, but evetually we'll up with flags that are paired with > > an implicit state, e.g. see the many #PF error codes in x86. In other words, > > inevitably KVM will need to define the default/base state of the access, at which > > point the base state for SHARED vs. PRIVATE is "undefined". > > Current memory conversion for confidential usage is bi-directional so we > already need both private and shared states and if we use one bit for > both "shared" and "private" then we will have to define the default > state, e.g, currently the default state is "shared" when we define > > KVM_MEMORY_EXIT_FLAG_PRIVATE (1 << 0) ... > > So I would say if we add an explicit READ flag, then we might as well add an explicit > > PRIVATE flag too. But if we omit PRIVATE, then we should omit READ too. > > Since we assume the default state is shared, so we actually only need a > PRIVATE flag, e.g. there is no SHARED flag and will ignore the RWX for now. Yeah, I'm leading towards "shared" being the implied default state. Ditto for "read" if/when we need to communicate write/execute information E.g. for VMs that don't support guest private memory, the "shared" flag is in some ways nonsensical. Worst case scenario, e.g. if we end up with variations of "shared", we'll need something like KVM_MEMORY_EXIT_FLAG_SHARED_RESTRICTIVE or whatever, but the basic "shared" default will still work.