Received: by 2002:a05:7412:8521:b0:e2:908c:2ebd with SMTP id t33csp2024617rdf; Mon, 6 Nov 2023 02:24:32 -0800 (PST) X-Google-Smtp-Source: AGHT+IF9/uJAs0ukk9jS8JYrseeS54v7oDgPrvOatnW8J82toRaRCoEvYZzh7c2OKno2FUTxtEPx X-Received: by 2002:a05:6a20:8421:b0:181:16c7:6cd0 with SMTP id c33-20020a056a20842100b0018116c76cd0mr16416154pzd.17.1699266272238; Mon, 06 Nov 2023 02:24:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699266272; cv=none; d=google.com; s=arc-20160816; b=X79VWfP9yYKN5SzyUbMdUAU1dth29vb6Vil+RX4vBrn99eNKHFP7sUUsecG/ta0uJI LpLPqwyTaM85HN/T5NjzU7mzstIxvens8KEFcbz09UGX4Co+VciftHmgme01DkEI1Tn1 zYCkk2vE1NwBr8Wfy/+NwYSrhtfG+zn6U0AvQmdIrRW/YPTXX6VXGYx0nzeNT5VD0WJ8 NDRFQeJ9BAZm+nDzY5KN3c+hu6qRW6V0Gm20CRjtr8JpymLhwYpjudYWNnffE7FzhXBU YV0MklhYiWLMs062lSrL6E6dUrNEQnImjr839MRpVYsmuqJWm0/OhlMIRNui81lGlfid ocag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=Jx7pzo9zslWgjVRljunAjs24sdVG2mkanbp0iYdFwaI=; fh=6NDLbPegWN39ihzRI+XD38qv7OUBTPlYZUUvtWMZU2Q=; b=Sk2q7DXYHGiSakDak9Eznm091sI+K01tFMqyc2+iDVLLJhPv/rFPu/CmQTb/u8HNKs Mlk9iQVmLtZ28nq5YV9SE0qUT/w9nA58om9MfyY3nboGfP+3TOmOHNVrzIdZKZG7z5gn j6xcS/s70ZYzpSrhpNErCyo/BmHo4izsL4by9MJjZt4FvjwkD3ypur2bmLGEgy5JBL4t IPxmGiDkDzRl5Nc+lFofDh0hAvwyGGvQMzShFqGarRpP9NK5E66C2C/lBcjr51RUrCQ5 WN9UAVEgAE0aUqrYcOkjs/MmRSTTePJrN3WJgfSA/TcWSO0rF3bhS0fzD4tCOSPpoypv CsoQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=JODhOQh6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id me7-20020a17090b17c700b002801a3de64csi8104859pjb.97.2023.11.06.02.24.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 02:24:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=JODhOQh6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 3E2B7802BE64; Mon, 6 Nov 2023 02:24:31 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230217AbjKFKY2 (ORCPT + 99 others); Mon, 6 Nov 2023 05:24:28 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35856 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229478AbjKFKY1 (ORCPT ); Mon, 6 Nov 2023 05:24:27 -0500 Received: from mail-qv1-xf2d.google.com (mail-qv1-xf2d.google.com [IPv6:2607:f8b0:4864:20::f2d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CC5AAA9 for ; Mon, 6 Nov 2023 02:24:23 -0800 (PST) Received: by mail-qv1-xf2d.google.com with SMTP id 6a1803df08f44-66d76904928so26730556d6.2 for ; Mon, 06 Nov 2023 02:24:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1699266263; x=1699871063; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Jx7pzo9zslWgjVRljunAjs24sdVG2mkanbp0iYdFwaI=; b=JODhOQh6IZK5b57bgt+tbqhYpZqu7mAtmnj1I32IhxvEx0ZCQkkP9PNPPw7my+Se5G 0hfnoehIHwyUPmlnrOSQaEoWPTKByzqfvvpf+fCCE0DAWR4otXPZlgUbxo0FwwSu2TL6 +c6hC+umSddz6JJA9YBwnCkfcvFXt7JsvJndnmbqWQ6Y5FV54XMB5SAHiJ+EpaPkk7ZX pEGd/4torDbF86UQf7p8JtGsPxnFUuE4vSMo06/30v9R1XZ+L6vEKHC0DvVUBKQYzieZ o/hd7mGCBXUTxitZ1Cmf1obG3elW4OIX83b7qYlFZG1t64gSG6XindjeWVThhtilCtrZ YMug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699266263; x=1699871063; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Jx7pzo9zslWgjVRljunAjs24sdVG2mkanbp0iYdFwaI=; b=jDXgyHh3iXn5yLEvWUhyaa536FKownC668TbTAWBJIqZMQNsSqp8YCNIzb85mhnGBI qPAGca6qezAx9JMyc2FGB2RAWu3rtgm4DgdLGr37+5Ty7HGN3jl4RGusbpMp1v6hcMKn 8D6ZS73cXmyn8ME0gqMTfGLHbA7mP4jNGksxFPb6iiRDU8DmA928R3vCVHW4MYBL7HyQ CrlbQ8eSzZlFEF0VidyqLY5vCdvW+uR9i75DX3UgJpdQCI9nvymNNEf41kaZonJMHLsp Fkdsww+Epu2W1TTMyoeL1KTJ1ILMaHmh8wmDwy/REBX0hKXgi06nNlDMxGy2A3D5vU4/ KZ0w== X-Gm-Message-State: AOJu0YxkULDcsvRFMqfwvPVp5RWrXubYsUX4o1wtABvBCSmmAi5euQUK ITMCOhDzbSqaLkxlA17fl+9ntvN9TDMTYyNnpXQdgw== X-Received: by 2002:ad4:5aa3:0:b0:66d:bc21:814c with SMTP id u3-20020ad45aa3000000b0066dbc21814cmr37429526qvg.65.1699266262770; Mon, 06 Nov 2023 02:24:22 -0800 (PST) MIME-Version: 1.0 References: <20231105163040.14904-1-pbonzini@redhat.com> <20231105163040.14904-10-pbonzini@redhat.com> In-Reply-To: <20231105163040.14904-10-pbonzini@redhat.com> From: Fuad Tabba Date: Mon, 6 Nov 2023 10:23:46 +0000 Message-ID: Subject: Re: [PATCH 09/34] KVM: Add KVM_EXIT_MEMORY_FAULT exit to report faults to userspace To: Paolo Bonzini Cc: Marc Zyngier , Oliver Upton , Huacai Chen , Michael Ellerman , Anup Patel , Paul Walmsley , Palmer Dabbelt , Albert Ou , Sean Christopherson , Alexander Viro , Christian Brauner , "Matthew Wilcox (Oracle)" , Andrew Morton , kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-mips@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, kvm-riscv@lists.infradead.org, linux-riscv@lists.infradead.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Xiaoyao Li , Xu Yilun , Chao Peng , Jarkko Sakkinen , Anish Moorthy , David Matlack , Yu Zhang , Isaku Yamahata , =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= , Vlastimil Babka , Vishal Annapurve , Ackerley Tng , Maciej Szmigiero , David Hildenbrand , Quentin Perret , Michael Roth , Wang , Liam Merwick , Isaku Yamahata , "Kirill A. Shutemov" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Mon, 06 Nov 2023 02:24:31 -0800 (PST) On Sun, Nov 5, 2023 at 4:32=E2=80=AFPM Paolo Bonzini = wrote: > > From: Chao Peng > > Add a new KVM exit type to allow userspace to handle memory faults that > KVM cannot resolve, but that userspace *may* be able to handle (without > terminating the guest). > > KVM will initially use KVM_EXIT_MEMORY_FAULT to report implicit > conversions between private and shared memory. With guest private memory= , > there will be two kind of memory conversions: > > - explicit conversion: happens when the guest explicitly calls into KVM > to map a range (as private or shared) > > - implicit conversion: happens when the guest attempts to access a gfn > that is configured in the "wrong" state (private vs. shared) > > On x86 (first architecture to support guest private memory), explicit > conversions will be reported via KVM_EXIT_HYPERCALL+KVM_HC_MAP_GPA_RANGE, > but reporting KVM_EXIT_HYPERCALL for implicit conversions is undesriable > as there is (obviously) no hypercall, and there is no guarantee that the > guest actually intends to convert between private and shared, i.e. what > KVM thinks is an implicit conversion "request" could actually be the > result of a guest code bug. > > KVM_EXIT_MEMORY_FAULT will be used to report memory faults that appear to > be implicit conversions. > > Note! To allow for future possibilities where KVM reports > KVM_EXIT_MEMORY_FAULT and fills run->memory_fault on _any_ unresolved > fault, KVM returns "-EFAULT" (-1 with errno =3D=3D EFAULT from userspace'= s > perspective), not '0'! Due to historical baggage within KVM, exiting to > userspace with '0' from deep callstacks, e.g. in emulation paths, is > infeasible as doing so would require a near-complete overhaul of KVM, > whereas KVM already propagates -errno return codes to userspace even when > the -errno originated in a low level helper. > > Report the gpa+size instead of a single gfn even though the initial usage > is expected to always report single pages. It's entirely possible, likel= y > even, that KVM will someday support sub-page granularity faults, e.g. > Intel's sub-page protection feature allows for additional protections at > 128-byte granularity. > > Link: https://lore.kernel.org/all/20230908222905.1321305-5-amoorthy@googl= e.com > Link: https://lore.kernel.org/all/ZQ3AmLO2SYv3DszH@google.com > Cc: Anish Moorthy > Cc: David Matlack > Suggested-by: Sean Christopherson > Co-developed-by: Yu Zhang > Signed-off-by: Yu Zhang > Signed-off-by: Chao Peng > Co-developed-by: Sean Christopherson > Signed-off-by: Sean Christopherson > Reviewed-by: Paolo Bonzini > Message-Id: <20231027182217.3615211-10-seanjc@google.com> > Signed-off-by: Paolo Bonzini > --- Reviewed-by: Fuad Tabba Tested-by: Fuad Tabba Cheers, /fuad > Documentation/virt/kvm/api.rst | 41 ++++++++++++++++++++++++++++++++++ > arch/x86/kvm/x86.c | 1 + > include/linux/kvm_host.h | 11 +++++++++ > include/uapi/linux/kvm.h | 8 +++++++ > 4 files changed, 61 insertions(+) > > diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.= rst > index bdea1423c5f8..481fb0e2ce90 100644 > --- a/Documentation/virt/kvm/api.rst > +++ b/Documentation/virt/kvm/api.rst > @@ -6846,6 +6846,26 @@ array field represents return values. The userspac= e should update the return > values of SBI call before resuming the VCPU. For more details on RISC-V = SBI > spec refer, https://github.com/riscv/riscv-sbi-doc. > > +:: > + > + /* KVM_EXIT_MEMORY_FAULT */ > + struct { > + __u64 flags; > + __u64 gpa; > + __u64 size; > + } memory_fault; > + > +KVM_EXIT_MEMORY_FAULT indicates the vCPU has encountered a memory fault = that > +could not be resolved by KVM. The 'gpa' and 'size' (in bytes) describe = the > +guest physical address range [gpa, gpa + size) of the fault. The 'flags= ' field > +describes properties of the faulting access that are likely pertinent. > +Currently, no flags are defined. > + > +Note! KVM_EXIT_MEMORY_FAULT is unique among all KVM exit reasons in tha= t it > +accompanies a return code of '-1', not '0'! errno will always be set to= EFAULT > +or EHWPOISON when KVM exits with KVM_EXIT_MEMORY_FAULT, userspace should= assume > +kvm_run.exit_reason is stale/undefined for all other error numbers. > + > :: > > /* KVM_EXIT_NOTIFY */ > @@ -7880,6 +7900,27 @@ This capability is aimed to mitigate the threat th= at malicious VMs can > cause CPU stuck (due to event windows don't open up) and make the CPU > unavailable to host or other VMs. > > +7.34 KVM_CAP_MEMORY_FAULT_INFO > +------------------------------ > + > +:Architectures: x86 > +:Returns: Informational only, -EINVAL on direct KVM_ENABLE_CAP. > + > +The presence of this capability indicates that KVM_RUN will fill > +kvm_run.memory_fault if KVM cannot resolve a guest page fault VM-Exit, e= .g. if > +there is a valid memslot but no backing VMA for the corresponding host v= irtual > +address. > + > +The information in kvm_run.memory_fault is valid if and only if KVM_RUN = returns > +an error with errno=3DEFAULT or errno=3DEHWPOISON *and* kvm_run.exit_rea= son is set > +to KVM_EXIT_MEMORY_FAULT. > + > +Note: Userspaces which attempt to resolve memory faults so that they can= retry > +KVM_RUN are encouraged to guard against repeatedly receiving the same > +error/annotated fault. > + > +See KVM_EXIT_MEMORY_FAULT for more information. > + > 8. Other capabilities. > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index 7b389f27dffc..8f9d8939b63b 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -4625,6 +4625,7 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, l= ong ext) > case KVM_CAP_ENABLE_CAP: > case KVM_CAP_VM_DISABLE_NX_HUGE_PAGES: > case KVM_CAP_IRQFD_RESAMPLE: > + case KVM_CAP_MEMORY_FAULT_INFO: > r =3D 1; > break; > case KVM_CAP_EXIT_HYPERCALL: > diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h > index 4e741ff27af3..96aa930536b1 100644 > --- a/include/linux/kvm_host.h > +++ b/include/linux/kvm_host.h > @@ -2327,4 +2327,15 @@ static inline void kvm_account_pgtable_pages(void = *virt, int nr) > /* Max number of entries allowed for each kvm dirty ring */ > #define KVM_DIRTY_RING_MAX_ENTRIES 65536 > > +static inline void kvm_prepare_memory_fault_exit(struct kvm_vcpu *vcpu, > + gpa_t gpa, gpa_t size) > +{ > + vcpu->run->exit_reason =3D KVM_EXIT_MEMORY_FAULT; > + vcpu->run->memory_fault.gpa =3D gpa; > + vcpu->run->memory_fault.size =3D size; > + > + /* Flags are not (yet) defined or communicated to userspace. */ > + vcpu->run->memory_fault.flags =3D 0; > +} > + > #endif > diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h > index 308cc70bd6ab..59010a685007 100644 > --- a/include/uapi/linux/kvm.h > +++ b/include/uapi/linux/kvm.h > @@ -275,6 +275,7 @@ struct kvm_xen_exit { > #define KVM_EXIT_RISCV_CSR 36 > #define KVM_EXIT_NOTIFY 37 > #define KVM_EXIT_LOONGARCH_IOCSR 38 > +#define KVM_EXIT_MEMORY_FAULT 39 > > /* For KVM_EXIT_INTERNAL_ERROR */ > /* Emulate instruction failed. */ > @@ -528,6 +529,12 @@ struct kvm_run { > #define KVM_NOTIFY_CONTEXT_INVALID (1 << 0) > __u32 flags; > } notify; > + /* KVM_EXIT_MEMORY_FAULT */ > + struct { > + __u64 flags; > + __u64 gpa; > + __u64 size; > + } memory_fault; > /* Fix the size of the union. */ > char padding[256]; > }; > @@ -1212,6 +1219,7 @@ struct kvm_ppc_resize_hpt { > #define KVM_CAP_ARM_SUPPORTED_BLOCK_SIZES 229 > #define KVM_CAP_ARM_SUPPORTED_REG_MASK_RANGES 230 > #define KVM_CAP_USER_MEMORY2 231 > +#define KVM_CAP_MEMORY_FAULT_INFO 232 > > #ifdef KVM_CAP_IRQ_ROUTING > > -- > 2.39.1 > >