Received: by 2002:a05:7412:3b8b:b0:fc:a2b0:25d7 with SMTP id nd11csp418633rdb; Thu, 8 Feb 2024 09:28:30 -0800 (PST) X-Google-Smtp-Source: AGHT+IEVixxCDMZ8OJBCfY4w/lWOccAFygx6Kc4fx6yK/GXx6sSBhY4QxhNRz5q20LMxdYsTGwu4 X-Received: by 2002:aa7:d58b:0:b0:560:e51e:bea0 with SMTP id r11-20020aa7d58b000000b00560e51ebea0mr3036395edq.40.1707413310487; Thu, 08 Feb 2024 09:28:30 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707413310; cv=pass; d=google.com; s=arc-20160816; b=rwSOfZ5vgBXfYlsHjj5mSPmZ3G6fIzJutbM6Zfa2tiEzaX9xDDHSj7R7nSg8+JsN01 CZckGoEzLlryxVsfBHb5jpQ7YqLtzscoBirgVSu669OD1BzN0QEDS8AgCovNk3DW0eo0 85jxZuNzlK/vrnuWFsyrZSX7XAFAsZBKdKqcAOjew5I3SNZHGb6F0aDQr5hj/eULhv21 glXwMN/RaFuJuKj0pj+PXjdImIHpPS65UsYBd6qZrAutTfaKgA8PRo3frUMrjauBCHjm SSFpv/WdI8DrAGfZpKP2RCkr6BMBWsWiV0AaupJKSHb2kUM8eFaRKrQvvxtQFMdEU+bm +9ag== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :dkim-signature; bh=gBwp2cY+kDK1oMSufcYCS0Brw297vTH+3c3ODiiUoog=; fh=GqywQuoSIySWUH3QqXve129jDQ5TX35l3yDJLyMdnxw=; b=JOF4I+a4TwtRZPsQCYN0rXVjskLmcRRc+dtZqLzv0OaahzxjQjVCl3xRE09dR7tMnx O+yeZ6d5ioGyhtoBdnbSVhwIcD6+H0RMy4S1sv//IuOxnuwtKu5m7mZZltAOeOwZoYtu aN32zwlsSrBt1S06goXi/SGbSo5xlWYDPWcyBq7NYEXVsHKK30SMZQ786qe2cBvPjbmK Qd2wgQK+4WCCGxZI5lpV8wT5T0IxBY8eO22V8mRnqfh5pjupCgSblyKSuwD79pCUz2WW 2vqxQrKEMjdToxEygNoKr6anVGnOPbqNibgTbxYCPmiTIlF+xZdJKyYiYj4DXSAuXn3H gNtQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=Gn175dGl; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-58457-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-58457-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com X-Forwarded-Encrypted: i=2; AJvYcCXbiPQxDLMDOSy8mduu0gZzXOxsOibiJTkLsXk1vZUIKxMNKi0SdzEoZenQEbZdw+l/eiiUsxMjpn2jvDKADCMor5XyjmpF98VoeUTA6Q== Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id f2-20020aa7d842000000b005607847d045si1085911eds.559.2024.02.08.09.28.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Feb 2024 09:28:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-58457-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=Gn175dGl; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-58457-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-58457-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 0C2FE1F237FA for ; Thu, 8 Feb 2024 17:28:30 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D070D86AD0; Thu, 8 Feb 2024 17:27:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Gn175dGl" Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F0ABC85C53 for ; Thu, 8 Feb 2024 17:27:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707413226; cv=none; b=plVMxxia2Qgz7ZK6m9HxrhiDuzXTPlFHm45ouM8oe5FQTv8sqsSrOjC3mhhs88mdxV6sNKtH1RJO3p8i8cT6ckIGnySNFngP11BcrWxa1wzPqbuL9qQBvcOOv+1jzBB8RWJQh0YPeIPMy/n0PPcX3AR3TPuI6964pCa1i+eHqNI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707413226; c=relaxed/simple; bh=sx6KhQk9Is/4dxTU8a0rjN3JOBcYjPFn14qRnNkA5SY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=IbGtbyuqsshB3Z0u/HEPSTRmNsP5nsBqyfg1Y74NkwDnNWIrpdoiDgMWzmkq9YJVsdq8O/1w6LBRSHzsVOWsu+vdQGp8r5a+owgDsSIyLcou0FtM5vBsaEZlmxKYZF10BbmYpez5i89/6U9TKicje+UIAjI2PMt7LZY1OQSArfU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Gn175dGl; arc=none smtp.client-ip=209.85.210.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-6e05b360ecdso52548b3a.1 for ; Thu, 08 Feb 2024 09:27:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1707413224; x=1708018024; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=gBwp2cY+kDK1oMSufcYCS0Brw297vTH+3c3ODiiUoog=; b=Gn175dGli9LztjZ+EVogEBA46VYuRBuiuZ4zQYf0EVSw8NFYfO/rGT1H8cFWX/5aVE U1ykf89PUDhWzmLxcblWZIpkvewo+/sszS80JcQnsl0vOX1+2MejjTBe2rU0fa2lR2/+ qPAPbn5+weGildRfWjvYbrsrKP8OybaRpOVE5hQ+beBS6nuUkj8R2XSAOLvnoqiL++MC cNjBWWFIGPR9wmoxqOFw7FQvMur61sOxID6kjJqQkv0MOK+y6P3UMawwO6D1tJ44boJn 6RDI0Fd00H2tx1CEIXuRVnqo0h7+AZbSi2HVbEazMVZzLd1SS6KPJvDMFWlpRVb3cx0Q NCiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707413224; x=1708018024; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=gBwp2cY+kDK1oMSufcYCS0Brw297vTH+3c3ODiiUoog=; b=X02HT/GOFbQN80/xP1TtGnZtVSzoOOu5LXQiCMZEOZGjJDmxe1cE51cLkAYLJ/aDnN JwugvEnTIolOC261bE5cD70RCp505xZmn3Yn/dpYoEwaMO4oT7Yi/osHh2Ja4P/Yoqvp sfV0TJCZzbXLtpNvRUuWbcA+gVjFWA2ZoH2zLVnVJa9Eg2y0ItIU5qtA7L54PQUM59yE KcW0PCDEBjAd6I4vg+5PugDKEGpOlCLQywv0MAszplF9Nr8qlGCyMthVvzcR5nx8dW6E HaCBsRdChMaJh6rdPjLy/HYuQDSMXW76iYqpoMO+B3g6ORRJC9EZYSG26XGZxKQNa9i1 p2gA== X-Gm-Message-State: AOJu0YwcoBud0I0wBB9lSSNK8WN0ncKVZPOkKtWFc9Zvgfaj8qEGgm4N s9M7Ox64hvYXp7R3v0Ei+nCudwrWT6XdH1UXHhjtl9q0u9StAtSttCf6PzMVS6MQdlZctKBeAja oYw== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6a00:2281:b0:6df:e3d1:dd0f with SMTP id f1-20020a056a00228100b006dfe3d1dd0fmr365573pfe.4.1707413224273; Thu, 08 Feb 2024 09:27:04 -0800 (PST) Date: Thu, 8 Feb 2024 09:27:02 -0800 In-Reply-To: <20240208002420.34mvemnzrwwsaesw@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20231016115028.996656-1-michael.roth@amd.com> <20231016115028.996656-9-michael.roth@amd.com> <20240208002420.34mvemnzrwwsaesw@amd.com> Message-ID: Subject: Re: [PATCH RFC gmem v1 8/8] KVM: x86: Determine shared/private faults based on vm_type From: Sean Christopherson To: Michael Roth Cc: kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, pbonzini@redhat.com, isaku.yamahata@intel.com, ackerleytng@google.com, vbabka@suse.cz, ashish.kalra@amd.com, nikunj.dadhania@amd.com, jroedel@suse.de, pankaj.gupta@amd.com, thomas.lendacky@amd.com Content-Type: text/plain; charset="us-ascii" On Wed, Feb 07, 2024, Michael Roth wrote: > On Tue, Jan 30, 2024 at 05:13:00PM -0800, Sean Christopherson wrote: > > On Mon, Oct 16, 2023, Michael Roth wrote: > > > For KVM_X86_SNP_VM, only the PFERR_GUEST_ENC_MASK flag is needed to > > > determine with an #NPF is due to a private/shared access by the guest. > > > Implement that handling here. Also add handling needed to deal with > > > SNP guests which in some cases will make MMIO accesses with the > > > encryption bit. > > > > ... > > > > > @@ -4356,12 +4357,19 @@ static int __kvm_faultin_pfn(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault > > > return RET_PF_EMULATE; > > > } > > > > > > - if (fault->is_private != kvm_mem_is_private(vcpu->kvm, fault->gfn)) { > > > + /* > > > + * In some cases SNP guests will make MMIO accesses with the encryption > > > + * bit set. Handle these via the normal MMIO fault path. > > > + */ > > > + if (!slot && private_fault && kvm_is_vm_type(vcpu->kvm, KVM_X86_SNP_VM)) > > > + private_fault = false; > > > > Why? This is inarguably a guest bug. > > AFAICT this isn't explicitly disallowed by the SNP spec. There are _lots_ of things that aren't explicitly disallowed by the APM, that doesn't mean that _KVM_ needs to actively support them. I am *not* taking on more broken crud in KVM to workaround OVMF's stupidity, the KVM_X86_QUIRK_CD_NW_CLEARED has taken up literally days of my time at this point. > So KVM would need to allow for these cases in order to be fully compatible > with existing SNP guests that do this. No. KVM does not yet support SNP, so as far as KVM's ABI goes, there are no existing guests. Yes, I realize that I am burying my head in the sand to some extent, but it is simply not sustainable for KVM to keep trying to pick up the pieces of poorly defined hardware specs and broken guest firmware. > > > +static bool kvm_mmu_fault_is_private(struct kvm *kvm, gpa_t gpa, u64 err) > > > +{ > > > + bool private_fault = false; > > > + > > > + if (kvm_is_vm_type(kvm, KVM_X86_SNP_VM)) { > > > + private_fault = !!(err & PFERR_GUEST_ENC_MASK); > > > + } else if (kvm_is_vm_type(kvm, KVM_X86_SW_PROTECTED_VM)) { > > > + /* > > > + * This handling is for gmem self-tests and guests that treat > > > + * userspace as the authority on whether a fault should be > > > + * private or not. > > > + */ > > > + private_fault = kvm_mem_is_private(kvm, gpa >> PAGE_SHIFT); > > > + } > > > > This can be more simply: > > > > if (kvm_is_vm_type(kvm, KVM_X86_SNP_VM)) > > return !!(err & PFERR_GUEST_ENC_MASK); > > > > if (kvm_is_vm_type(kvm, KVM_X86_SW_PROTECTED_VM)) > > return kvm_mem_is_private(kvm, gpa >> PAGE_SHIFT); > > > > Yes, indeed. But TDX has taken a different approach for SW_PROTECTED_VM > case where they do this check in kvm_mmu_page_fault() and then synthesize > the PFERR_GUEST_ENC_MASK into error_code before calling > kvm_mmu_do_page_fault(). It's not in the v18 patchset AFAICT, but it's > in the tdx-upstream git branch that corresponds to it: > > https://github.com/intel/tdx/commit/3717a903ef453aa7b62e7eb65f230566b7f158d4 > > Would you prefer that SNP adopt the same approach? Ah, yes, 'twas my suggestion in the first place. FWIW, I was just reviewing the literal code here and wasn't paying much attention to the content. https://lore.kernel.org/all/f474282d701aca7af00e4f7171445abb5e734c6f.1689893403.git.isaku.yamahata@intel.com