Received: by 2002:a05:7412:3b8b:b0:fc:a2b0:25d7 with SMTP id nd11csp393660rdb; Thu, 8 Feb 2024 08:50:05 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUFdn3/1r6KK5tVopqODppFS8vtTnIyS7tyILmB8al6qoeA7GQBuzF8+df0Gr9xG+oQbOgHfOPQnMy3MGJUKPcZNRJIWpg4PIXkHtEkSQ== X-Google-Smtp-Source: AGHT+IH1l7m2Y53JETCHisx/yAB2u9PqmPZZvajRUuQR/jf3TFUmvlyGjjE0YPOdNs2cPAgSYgL8 X-Received: by 2002:a05:6358:528b:b0:176:40fb:e123 with SMTP id g11-20020a056358528b00b0017640fbe123mr7063251rwa.5.1707411005197; Thu, 08 Feb 2024 08:50:05 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707411005; cv=pass; d=google.com; s=arc-20160816; b=zMrNktkPgQilVXoytSa01HX0d+M5+awWTS9cEAZUfGgvqPwaQCw7zieKoemdarduQh L+IoGQhlSd/bQUGVf/Y2EI8bTDzLz46uxHiWpZccBqts+Qbscyz9u7r1dTsv3+0YghQx 7vuJPMwFb7eRiMx9Fb6hAa6xoYJzGQLM/jhBscgEpAhVcgnC/j7T5THkW5R0GZDeUZo6 zp7aIxqKA88IB3nz+7lx4DbUos3kA/W9xIk1wYZ6sUmMqTFBYR2gjIDxTfZnA7giut9v 7OTOeYdutQPToGCSW6BV1xCJgOyckR9D1YHxUOy53U7dtAv+0lmFKklBtAhjfFruze2y +OUg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :dkim-signature; bh=lOwnn26TKMYPd0wmIeXSxvlCDp0GqmDj4OeL7dzZHIA=; fh=PxZz88z2VQ8LrgpFLkHQuJHQ9ZqndXQtD648QGNjbzA=; b=Tu3Q8keIjjJ+U81Hh3uD/PIuDsEpLtFtWsJuENJke5v6elqq55trGlI5SYYAE4v90p LKGVjzUg0VN66QieMkzc/SHv+67hMEqpB+Sy/hLdYAz6PXzStCnEinMjgVoQ7s1Bx8pJ dvWU46oPH098krAQmPc2bjU1AfxeIQ0+iJeYdNqIgf4dB+q0/R7h/X27oCnMHhaOjqKL Np4jcRXkkE3hd7m3fxYz4O1WmFdC8rmLhuZgaEhopzPLOddlAm7IiHxC47zW2lcs9fC/ IduAFFqe8zFOeguk81bXGGEicX6RCIACqVTtAfe5msmQIYapngVV08QP2YuULwYzt1Uh Vs5Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=QQyfUJy4; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-58375-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-58375-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com X-Forwarded-Encrypted: i=2; AJvYcCXnlH8HjFxgRxmS5CarosZD9+yHlSK6FLqdJbUnhtA9HfBZ0ROwtMsf1mz1Ms5RvbT9VG8RMklqdd5bATFVit5xfFeAAe3Sybsoom/P7Q== Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id y17-20020a637d11000000b005dc4b41e2d0si13286pgc.591.2024.02.08.08.50.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Feb 2024 08:50:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-58375-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=QQyfUJy4; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-58375-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-58375-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 8CB40283903 for ; Thu, 8 Feb 2024 16:49:08 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id EC0DD7EF11; Thu, 8 Feb 2024 16:49:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="QQyfUJy4" Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 75A067B3F7 for ; Thu, 8 Feb 2024 16:48:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707410941; cv=none; b=mlgTQaF/YK7gYJ4wtcyt5venAdSaTDtnYo0ZjdSJnO0dPP+iVqXtHvLp743H0HkZ+KJ3RLQULouUy1Nh1BoGEMhJZrJmrCScFvDEH7wWYbKvgf09a/yJAZx7/uilHRSb5UIFp6jB7S+HraN1ona4gh3u1FPyZfI3v4Juraiqn9Y= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707410941; c=relaxed/simple; bh=pIkQcZS9dPhEHcosG9RvWsKh81a3Ju3tnA2/A83HRUI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=vFAeZ9qciuOD0o2QVohVx1muRmSOjxZcrSbr8k+BTmqnphzwyBETIf9EhqH+actg03VCJOK0Bkz+z9TnqVgCDXaDokGi/KZXPy4noJnnhPk6nyYPJz1ve7YQpjRG24L6DF+KNiDdzPjXy84qcOsgq6tvCaEbvV8bKEuYnJpG5gk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=QQyfUJy4; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-dc74800c869so754218276.2 for ; Thu, 08 Feb 2024 08:48:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1707410938; x=1708015738; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=lOwnn26TKMYPd0wmIeXSxvlCDp0GqmDj4OeL7dzZHIA=; b=QQyfUJy4VaY6qF1ffR89eKTTiCe+wRKJS1CVSaicweFzZ8gujNbUWsiIpk2pr8ZCM8 mDpYZSGygkyOxefclvVCXi2ZUv1oQbD9Zww5abP1ZDYWDrAjFbovXNsrh33kSMekCdBa KgoqqgekplgDRfFWHc30TZckLAL2dXATCQclEL7s5PrsHSYc0Y/2UAXYrmGS3Kxcbh6J m0/CrqrXIAF6voQ3+hcjGsboPt0I84aAQ8HNdlfJsb4+pS6salKppRGpRPLW4Nabu5br YS32TAGLPbH88J+JmqlKYofCPv9ynOB6HrwmuQGfLTumBrYxTn+Qb/PRoourTrBtRZoo p8Qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707410938; x=1708015738; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=lOwnn26TKMYPd0wmIeXSxvlCDp0GqmDj4OeL7dzZHIA=; b=DqvTR5j/WsROg94KFrcMV3XmGUb7IacBU7MaY9Goj7QsSwTBkpgbT8j5QfPd23SG0s 2ToB941XB50PE9ZULX+5WG3wuHsmBfHxfQu4mCB8S3dH77pUUWiwLkPSemlpqguMPVT0 DCXL+7vipUcZBsWzks0OpfLqwBCE4U2xfkUaOsP6mX/S41WSTS7DVyTF/iwj0hw3mNHX aY7zdGDjgZKZ3zP64+tNqjGfBEZazKg4LNV+tRFp0iX3xfmTd8xcT7LWb/1+6oDTVGQH 6QeGtbA2BAY8ntWTYh4WFV3E9eU/CKZKvhGOnPd4VxENIz9gdXxmcqJOQayi6h/EOyk+ Bttw== X-Forwarded-Encrypted: i=1; AJvYcCUcsQ1avsvPRSlnR8uXYA9yrVnHUOzYfagvLLub7UTB7vfWUayAjOqJ7knq8hSn+y+Iks9SKaL68XbVEJng8n0y6Vng3Zl9kME+K2nC X-Gm-Message-State: AOJu0YxqgWrQZ/AN1i/z3QY1puXgd14E+xeNDTxT9fumRGWtblw7ZnRY GGR6U+S7jRcfaTV0FaYZ+a9MxN9IZNI1692A+fijRe3s1dVcQ3t0+PVaUnLrwxbW9qb0jt87iaD sDQ== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6902:1a48:b0:dc2:3441:897f with SMTP id cy8-20020a0569021a4800b00dc23441897fmr2126896ybb.6.1707410938415; Thu, 08 Feb 2024 08:48:58 -0800 (PST) Date: Thu, 8 Feb 2024 08:48:57 -0800 In-Reply-To: <92918ee8-3cc9-41c3-a284-5cd6648abc05@xen.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240115125707.1183-1-paul@xen.org> <20240115125707.1183-12-paul@xen.org> <92918ee8-3cc9-41c3-a284-5cd6648abc05@xen.org> Message-ID: Subject: Re: [PATCH v12 11/20] KVM: xen: allow shared_info to be mapped by fixed HVA From: Sean Christopherson To: paul@xen.org Cc: Paolo Bonzini , Jonathan Corbet , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , David Woodhouse , Shuah Khan , kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org Content-Type: text/plain; charset="us-ascii" On Thu, Feb 08, 2024, Paul Durrant wrote: > On 07/02/2024 04:10, Sean Christopherson wrote: > > On Mon, Jan 15, 2024, Paul Durrant wrote: > > > @@ -638,20 +637,32 @@ int kvm_xen_hvm_set_attr(struct kvm *kvm, struct kvm_xen_hvm_attr *data) > > > } > > > break; > > > - case KVM_XEN_ATTR_TYPE_SHARED_INFO: { > > > + case KVM_XEN_ATTR_TYPE_SHARED_INFO: > > > + case KVM_XEN_ATTR_TYPE_SHARED_INFO_HVA: { > > > int idx; > > > mutex_lock(&kvm->arch.xen.xen_lock); > > > idx = srcu_read_lock(&kvm->srcu); > > > - if (data->u.shared_info.gfn == KVM_XEN_INVALID_GFN) { > > > - kvm_gpc_deactivate(&kvm->arch.xen.shinfo_cache); > > > - r = 0; > > > + if (data->type == KVM_XEN_ATTR_TYPE_SHARED_INFO) { > > > + if (data->u.shared_info.gfn == KVM_XEN_INVALID_GFN) { > > > + kvm_gpc_deactivate(&kvm->arch.xen.shinfo_cache); > > > + r = 0; > > > + } else { > > > + r = kvm_gpc_activate(&kvm->arch.xen.shinfo_cache, > > > + gfn_to_gpa(data->u.shared_info.gfn), > > > + PAGE_SIZE); > > > + } > > > } else { > > > - r = kvm_gpc_activate(&kvm->arch.xen.shinfo_cache, > > > - gfn_to_gpa(data->u.shared_info.gfn), > > > - PAGE_SIZE); > > > + if (data->u.shared_info.hva == 0) { > > > > I know I said I don't care about the KVM Xen ABI, but I still think using '0' as > > "invalid" is ridiculous. > > > > With the benefit of some sleep, I'm wondering why 0 is a 'ridiculous' > invalid value for a *virtual* address? Surely it's essentially a numerical > cast of the canonically invalid NULL pointer? It's legal to mmap() virtual address '0', albeit not by default: config DEFAULT_MMAP_MIN_ADDR int "Low address space to protect from user allocation" depends on MMU default 4096 help This is the portion of low virtual memory which should be protected from userspace allocation. Keeping a user from writing to low pages can help reduce the impact of kernel NULL pointer bugs. For most ppc64 and x86 users with lots of address space a value of 65536 is reasonable and should cause no problems. On arm and other archs it should not be higher than 32768. Programs which use vm86 functionality or have some need to map this low address space will need CAP_SYS_RAWIO or disable this protection by setting the value to 0. This value can be changed after boot using the /proc/sys/vm/mmap_min_addr tunable. Obviously it's equally ridiculous that userspace would ever mmap() '0' and pass that as the shared_info, but given that this is x86-only, there are architecturally illegal addresses that can be used, at least until Intel adds LA64 ;-)