Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp8228826rwb; Wed, 23 Nov 2022 18:01:45 -0800 (PST) X-Google-Smtp-Source: AA0mqf6zw03LuBcubx3SsS9j3o1rKPtE8RU77GqFpEIX5iFSTSPMLq+pEQytNPBr+WRwjaiwAmmw X-Received: by 2002:aa7:cb49:0:b0:468:f307:3014 with SMTP id w9-20020aa7cb49000000b00468f3073014mr19606784edt.321.1669255305735; Wed, 23 Nov 2022 18:01:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669255305; cv=none; d=google.com; s=arc-20160816; b=gyFskkxemr7BF3cCAGhOc3riIdWPY9AfU4+YuVoiAY7M3DqNDYz8YrcoxuCbSIsRRr Ob8Fbc3bvewMoqylU7uNPTTFp76T2GvEPmZWUPpnp5Vwm2S4WiAvNP+9IMPIeOhNZzXu b5u4PAniwrjNmom5xlJaSeAMHTg/yqTNI5Tme5FSy1fvvLBKKWu12f+9n9eKvQPEQfHJ uEhniH29PkBe39m1voyV/B/IVyEXUeJaYF8KB9oo29XZeVn5l36E4Qz9+0HUURo0SAQY BmlRVeNquTsynI3LnzaUL/fajDlRZR1/gDaOg/iRNzRZdXHZpRGQDgUyzr+ZpvnpguFB CVmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=pFXAYSso24erMxKEqTgV7fqALlyuXGJeC0HNS0f0bq0=; b=vowZvW/fWwBFg8nRKARYQqAzHZxrTaIqyocEZLgaIiALZHGv+iBGnhE8OopADMy1Kn IUCph6G8R6olZsdmcHY4jlP3Pscr0t/dWq6KrS/4ZzWH73qkAquavy4E74jwp5obe2x+ ZXXo+IDD/5Kz/t173F0QsSXNGPWRDrinumS1WKzJk8n+mboIVN77ct/+yRqDW2qVKSxz V7KG6fiFP8mJbrUVOitjopEH/CSQNoi7dHVChzej7Mq+c1qaANP7Lqf1Tf+Bmh5JiXd6 thBhLm6lnA8d9tOeV8Xz5TsQC1kaAiAunjys6qfVXYCIvFDizGBTy/B440iYO/riHvVy LnJA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=owMa+l0F; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p2-20020a056402500200b00463b0df4604si15525064eda.488.2022.11.23.18.01.24; Wed, 23 Nov 2022 18:01:45 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=owMa+l0F; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229531AbiKXBtx (ORCPT + 89 others); Wed, 23 Nov 2022 20:49:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48700 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229617AbiKXBtv (ORCPT ); Wed, 23 Nov 2022 20:49:51 -0500 Received: from mail-yb1-xb2f.google.com (mail-yb1-xb2f.google.com [IPv6:2607:f8b0:4864:20::b2f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F22DE7DEF6 for ; Wed, 23 Nov 2022 17:49:49 -0800 (PST) Received: by mail-yb1-xb2f.google.com with SMTP id e141so288287ybh.3 for ; Wed, 23 Nov 2022 17:49:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=pFXAYSso24erMxKEqTgV7fqALlyuXGJeC0HNS0f0bq0=; b=owMa+l0F1MPgSxktqKWBkBrKYYPKNuE31gk11hVKlLL9Ii0TS7/nbHmeEV7MTunQGA NfuA1t0cCxnV+lVGz4ld4y0pXk0vJwdrkjqXJjwiGXTORL48BNuUVpwkAjKZ5aKp63jX Muwe2B6B1ZeaJXT0JMEbwVsnDO3h2ZGbDcwXAppbUYH6zhZy4uFo5n3PCzjqepTuEEUH AgiIcubvIK/Hx9bpqOhifm1c9wwWp9AEQC6PmO5wQa+CUbtQ0h4xfHVmCC7jO6GfnwQ+ ji0T5ro9lEG1sDsnAzBZYll8Nqi7iYp892V3lCDmQd+/Otx6AR7Q6XdmBgxjaZDQOIw+ UjFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=pFXAYSso24erMxKEqTgV7fqALlyuXGJeC0HNS0f0bq0=; b=HG0HZaOWrCERdZfc4pA27AiA3+/olB06zwGsidphmpZyMICA3Kv2YZBc6Otfi4fck0 FW/Xgl1Q17qkTo/XClSfZ1yTO8htwQhcV7R6YpApc2UB2vpx10o4gw6Z//FbTB0MiGqf y1S6nyUYA6xFx6B2QE8Mon8W9apktcrC2/GFy7N/uLCX3AAc2QqOdIDa8SkSkBqW7ywN ZSy41aqnIY5UBhNG2muVxFNUURqz8ozv/JrE18EVcyYRnff5zhYP8Bx4GAYn7aWtfkoz 4K01BITw11muhrf9PXVqQLP0Ki+ZaKSkOMDP5gHzUtW6khMZl15yxIuC8z2aScOt0ydi MOQw== X-Gm-Message-State: ANoB5pmYFefS1tc5MAYD5Fm1CTYMLY5ZRXoW7syWFQxSV58W+mM2lDuK xGSbAHMRFc/VXi10msikPg2Eip4ztNxiojLYDsmjTA== X-Received: by 2002:a25:4ac6:0:b0:6ee:8d5a:3bcc with SMTP id x189-20020a254ac6000000b006ee8d5a3bccmr9932060yba.413.1669254588847; Wed, 23 Nov 2022 17:49:48 -0800 (PST) MIME-Version: 1.0 References: <20221111014244.1714148-1-vannapurve@google.com> <20221111014244.1714148-2-vannapurve@google.com> <20221122100705.GA619277@chaop.bj.intel.com> In-Reply-To: From: Marc Orr Date: Wed, 23 Nov 2022 17:49:38 -0800 Message-ID: Subject: Re: [V1 PATCH 1/6] KVM: x86: Add support for testing private memory To: Sean Christopherson Cc: Chao Peng , Vishal Annapurve , x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, pbonzini@redhat.com, vkuznets@redhat.com, wanpengli@tencent.com, jmattson@google.com, joro@8bytes.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com, shuah@kernel.org, yang.zhong@intel.com, ricarkol@google.com, aaronlewis@google.com, wei.w.wang@intel.com, kirill.shutemov@linux.intel.com, corbet@lwn.net, hughd@google.com, jlayton@kernel.org, bfields@fieldses.org, akpm@linux-foundation.org, yu.c.zhang@linux.intel.com, jun.nakajima@intel.com, dave.hansen@intel.com, michael.roth@amd.com, qperret@google.com, steven.price@arm.com, ak@linux.intel.com, david@redhat.com, luto@kernel.org, vbabka@suse.cz, erdemaktas@google.com, pgonda@google.com, nikunj@amd.com, diviness@google.com, maz@kernel.org, dmatlack@google.com, axelrasmussen@google.com, maciej.szmigiero@oracle.com, mizhang@google.com, bgardon@google.com, ackerleytng@google.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Nov 22, 2022 at 12:06 PM Sean Christopherson wrote: > > On Tue, Nov 22, 2022, Chao Peng wrote: > > > diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c > > > index 10017a9f26ee..b3118d00b284 100644 > > > --- a/arch/x86/kvm/mmu/mmu.c > > > +++ b/arch/x86/kvm/mmu/mmu.c > > > @@ -4280,6 +4280,10 @@ static int direct_page_fault(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault > > > > > > fault->gfn = fault->addr >> PAGE_SHIFT; > > > fault->slot = kvm_vcpu_gfn_to_memslot(vcpu, fault->gfn); > > > +#ifdef CONFIG_HAVE_KVM_PRIVATE_MEM_TESTING > > > + fault->is_private = kvm_slot_can_be_private(fault->slot) && > > > + kvm_mem_is_private(vcpu->kvm, fault->gfn); > > > +#endif > > > > > > if (page_fault_handle_page_track(vcpu, fault)) > > > return RET_PF_EMULATE; > > > diff --git a/arch/x86/kvm/mmu/mmu_internal.h b/arch/x86/kvm/mmu/mmu_internal.h > > > index 5cdff5ca546c..2e759f39c2c5 100644 > > > --- a/arch/x86/kvm/mmu/mmu_internal.h > > > +++ b/arch/x86/kvm/mmu/mmu_internal.h > > > @@ -188,7 +188,6 @@ struct kvm_page_fault { > > > > > > /* Derived from mmu and global state. */ > > > const bool is_tdp; > > > - const bool is_private; > > > const bool nx_huge_page_workaround_enabled; > > > > > > /* > > > @@ -221,6 +220,9 @@ struct kvm_page_fault { > > > /* The memslot containing gfn. May be NULL. */ > > > struct kvm_memory_slot *slot; > > > > > > + /* Derived from encryption bits of the faulting GPA for CVMs. */ > > > + bool is_private; > > > > Either we can wrap it with the CONFIG_HAVE_KVM_PRIVATE_MEM_TESTING or if > > it looks ugly I can remove the "const" in my code. > > Hmm, I think we can keep the const. Similar to the bug in kvm_faultin_pfn()[*], > the kvm_slot_can_be_private() is bogus. A fault should be considered private if > it's marked as private, whether or not userspace has configured the slot to be > private is irrelevant. I.e. the xarray is the single source of truth, memslots > are just plumbing. If we incorporate Sean's suggestion and use xarray as the single source of truth, then can we get rid of the HAVE_KVM_PRIVATE_MEM_TESTING config? Specifically, the self test can call the KVM_MEMORY_ENCRYPT_REG_REGION ioctl which will set the bits for the private FD within KVM's xarray. (Maybe this was part of the point that Sean was making; but his feedback seemed focused on the discussion about keeping `is_private` const, whereas I've been staring at this trying to figure out if we can run the UPM selftests on a non-TDX/SNP VM WITHOUT a special test-only config. And Sean's idea seems to eliminate the need for the awkward CONFIG.)