Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp1522009rwl; Fri, 24 Mar 2023 11:36:34 -0700 (PDT) X-Google-Smtp-Source: AK7set/eH/eSZYThX/zo8D+bhPFEgbqIqNguLYj2dln6TjcmkDctpT8Fb8wwAW5ZwwHYSjqiPzEV X-Received: by 2002:a05:6a20:899e:b0:da:e69c:c2e2 with SMTP id h30-20020a056a20899e00b000dae69cc2e2mr3721343pzg.61.1679682993824; Fri, 24 Mar 2023 11:36:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679682993; cv=none; d=google.com; s=arc-20160816; b=ANy6CQNcvbqvl3pZ9N+KMgX7xEtsDUn+2G71YUd1HWXQh6H/ZNcDTEMcQB/4aXizdd cVtuIVpooLePFTlhFAfTZjSJKO7DzRK6KgjuygUsvSiJH0DIt9fJ/aN9SDT2Yk/sSkm8 vLb2jnEZncQTZLio5hls82xRbuP2hkXZJ4JbZQkP265nBVQRGT809rf4Flx3d5r1TxcN gJ91MGK1uRBIzzN2jyctcOUq0SGWv4D5y/A309NU+YsSiDLr0xc6j2M6WTreHFLsKVDx tn3gjz/Q/vo+BvmxqyC6m+YHGlOQe7vwfp8d9kU86LNtoefn41e4o47/z1hvY2Q8Qcg0 kuFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=c6NswupsfIhuqFBcnQy/83JAo/+d4572KJXCmPdgXQo=; b=kNmuHNETCTUqIttxE8X56qjAOTFnphH+A1Ks8MxdhSScf5DgSFd5liDxCk70kiLpl8 Zvx5bP5RsR/m7RWW+BtIa2Pc6VhXxqhvg/v1r8KQ8pIf6UgBIQ/pejCZ9VLbM4Q8wbDa hUHoVLWOrIvL+DSzQtAk+jb2sfSto3xboFCCYyjfKSlUx1/BRUALIBG6Map3vp38CpsK 9XEgtWGiUw2xmAYXpz/bPX1tnFhga426LbACudcJ0gWc360z+Wgz568vwfzIWLVnLziy zgq/Gt84r71e4V9S4uF/KoAw/Jwex+5Sse+vG9iQRAOQHgW7uG1efmEZVIXJi2OeDR9Q ZOxw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=qT97gXws; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t41-20020a056a0013a900b00625e738ce58si22679567pfg.211.2023.03.24.11.36.21; Fri, 24 Mar 2023 11:36:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=qT97gXws; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231402AbjCXSf3 (ORCPT + 99 others); Fri, 24 Mar 2023 14:35:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50344 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231289AbjCXSfV (ORCPT ); Fri, 24 Mar 2023 14:35:21 -0400 Received: from mail-yb1-xb31.google.com (mail-yb1-xb31.google.com [IPv6:2607:f8b0:4864:20::b31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 546D81716C for ; Fri, 24 Mar 2023 11:35:05 -0700 (PDT) Received: by mail-yb1-xb31.google.com with SMTP id cf7so3359816ybb.5 for ; Fri, 24 Mar 2023 11:35:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; t=1679682904; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=c6NswupsfIhuqFBcnQy/83JAo/+d4572KJXCmPdgXQo=; b=qT97gXwseq6XfGvc0vAFQ1yKSTEj44+PfQRo5w9+1avD9ifBebs86KuwekzuCRqkwc RJtWjHj5ktafb2j5BAbVBGMf0Nlk/oPG1p9nKkKlZ0PFvbMsTcDHEk/kq2G519BiYlq1 ubS43c3Jtwe7rp7Q6g6AhEanPBGYNB+GZFtLII3Qc0O0ey+YkK9/PR23yLfkv7I/LqrA n4umamZGxbX+0LORHyYut7CH97krVGqSP40patAqS5t52/vRG3XgUOT6fWpxAei1/pyT Bv6MPgrp7HL1eTilZgaMhI3ZZqbUceRA5kBdXSFJuLe+Wl5WO4CDbFKUA2k5MBjiiRyk W2/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679682904; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=c6NswupsfIhuqFBcnQy/83JAo/+d4572KJXCmPdgXQo=; b=TNBeSJQNTimS5PDYtRlurvkKlWZlDIqzu4sGA1mteVeBXZwu+uS7JWDW2phD6xg4tr rD/LDC8qYFMlmflPJu3cNiNJevx/iC+BoLm00xLgYyQMUIezzoeLZ0RPcew7BwEbbVSR BhZoLl0tbYpN80Go/eNTHInCoeTB3fSIGZAFZcUJAt8XpHiBRn4O0OqII42laZRhFJjJ tzq2Sn7GcwTqXpPSX1NzCj2RAwAPio2js3mlXP/KHomVnoM6BWLb5yhqhjnx9Nx3q5O4 O8I/moQX0sblpSzN52iUQoxjl7gpaM5Mv8GBsPZcXy+k55k5W4QxRGUBBv8bxTPP8m83 ZlIQ== X-Gm-Message-State: AAQBX9dcHZf8tNjPmhmIymMXSLg6y45P2zlZkptvbfZIOHXppcZloghV FEhCYg1bzSZDckhcUPgCW9boc/eX/KGDdnO61LJVYQ== X-Received: by 2002:a05:6902:1181:b0:b6c:2224:8a77 with SMTP id m1-20020a056902118100b00b6c22248a77mr1983582ybu.1.1679682904419; Fri, 24 Mar 2023 11:35:04 -0700 (PDT) MIME-Version: 1.0 References: <20230113122910.672417-1-jiangshanlai@gmail.com> <167934153606.1941128.1026865175616779306.b4-ty@google.com> In-Reply-To: <167934153606.1941128.1026865175616779306.b4-ty@google.com> From: Mingwei Zhang Date: Fri, 24 Mar 2023 11:34:28 -0700 Message-ID: Subject: Re: [PATCH] kvm: x86/mmu: Simplify pte_list_{add|remove} To: Sean Christopherson Cc: linux-kernel@vger.kernel.org, Lai Jiangshan , Paolo Bonzini , Lai Jiangshan , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , kvm@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-15.7 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,ENV_AND_HDR_SPF_MATCH, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL, USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 23, 2023 at 3:51=E2=80=AFPM Sean Christopherson wrote: > > On Fri, 13 Jan 2023 20:29:10 +0800, Lai Jiangshan wrote: > > Simplify pte_list_{add|remove} by ensuring all the non-head pte_list_de= sc > > to be full and addition/removal actions being performed on the head. > > > > To make pte_list_add() return a count as before, @tail_count is also > > added to the struct pte_list_desc. > > > > No visible performace is changed in tests. But pte_list_add() is no lo= nger > > shown in the perf result for the COWed pages even the guest forks milli= ons > > of tasks. > > > > [...] > > Applied to kvm-x86 mmu, thanks! I added quite a few comments and a BUG_O= N() to > sanity check that the head is never empty when trying to remove an entry,= but I > didn't make anything changes to the code itself. > > [1/1] kvm: x86/mmu: Simplify pte_list_{add|remove} > https://github.com/kvm-x86/linux/commit/141705b78381 > I am not sure if it is possible, but now spte_count is u32 so does tail_count. I wonder if an attacker could use the potential integer overflow to trigger this? E.g,: creating a huge number of little L1 EPTs with the many nGPA-> one GPA? hmm, I think it could overflow tail_count? Please double check. spte_count is u32, but assigned to an (signed) int j and BUG_ON(j < 0)? Please don't add more BUG_ON in KVM mmu... and please change either 'spte_count' to 'int' or 'j' to u32. In general, please, no BUG_ON(), at least no more BUG_ON() on our nested MM= U... Please take a second thought on this one before merge! Thanks. -Mingwei