Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp2289506rbb;
        Tue, 27 Feb 2024 18:03:20 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCXM8Tf+mAh6mWuPiaXtLuEfVcGvOzHPeNlzKhZsXCzUY10omqUOkiAAFOVK02Fp9vv0i2cjWro01sbjliK4gVC9WrgerzRtRNjz7IB5ww==
X-Google-Smtp-Source: AGHT+IG/uVAKWOCmXW+7hgUHn61jLM7Nd9vBsUWJ2789T/bT+eHBdUhkjMjxsk5ordTT0lHZnVi4
X-Received: by 2002:a2e:8410:0:b0:2d1:1de5:3c42 with SMTP id z16-20020a2e8410000000b002d11de53c42mr6859832ljg.24.1709085800152;
        Tue, 27 Feb 2024 18:03:20 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1709085800; cv=pass;
        d=google.com; s=arc-20160816;
        b=BIEvqgnl+AQIFxs8kQFzuL56O38d9IW2phmcNyWdhPkZARlCWkzuRfs2zjbo/3u5OQ
         vA/W+g3Fat/IiR9YORt9DSVsePmVLHOweOJnHYgBTxRTJoX4Wv2EC6pePNUI0jnMj5i2
         hAV5OvvbFwFYPbgomR0B5vPoIfBuKIjaR9m3EaH2Fu7XlvtPXjvjTsuIIF5G0UPQ0QOr
         RVI0J/R/AyeS3R/O0F2DCbSbI9ix20cokGulUu9pdTWqXo012Ko3mqynY0FFVqP6lglm
         kxEJj3btdQwvZtl9smSJAl4qGmJlx9dZWqmPlUld1toqox43fDg1HRCjfQ+qiU11gCeR
         6HKA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=cc:to:from:subject:message-id:references:mime-version
         :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date
         :dkim-signature;
        bh=2cRk3uqvSbJiBHA3pyhGkClPVcG1HOgMZ3vlrWdyKlg=;
        fh=3MI4bsUq5Tu0FLJus7Axcem2jDGCHw+ZY2hxOAue5HI=;
        b=Y7/Lrc63D6NzmNE/VUQhE5W1J22mcBYJlFnJQO+M5ih7TW8oVcoE+ZYQR4uM6R/pzf
         tQ8VosK+HVK/0pxzG79wErL+evp9vpjv5pzgQQ8wVXoVO/NEnBlU+PbgcCK3opJZFbl2
         P6D32NI7dkqIKxdrFRCmgdqmc0HgcYeTuI1W2xMDQQOBiHkgJ0ZBElnVfRVXfap7B8em
         h3D4XMRcyDqUSuqYi3XT57kThQ/elIOrx3m/NnrKwjNKO/7OA7D3C5WC9deart9M/AhO
         HvLYZ3JRmB8b0uo5tXz7RnFK42F928ibqJDcj57rEsGRDNUvf5sCT972hZ+aLLYRK/Xm
         illQ==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b=RNfKPtf0;
       arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com);
       spf=pass (google.com: domain of linux-kernel+bounces-84399-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-84399-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel+bounces-84399-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
        by mx.google.com with ESMTPS id c12-20020aa7c98c000000b0056586fb16d9si1178442edt.422.2024.02.27.18.03.20
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 27 Feb 2024 18:03:20 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-84399-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b=RNfKPtf0;
       arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com);
       spf=pass (google.com: domain of linux-kernel+bounces-84399-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-84399-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id AC40D1F2F3DA
	for <linux.lists.archive@gmail.com>; Wed, 28 Feb 2024 02:03:19 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 75AFE6AC0;
	Wed, 28 Feb 2024 02:03:06 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="RNfKPtf0"
Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 19AD04400
	for <linux-kernel@vger.kernel.org>; Wed, 28 Feb 2024 02:03:03 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1709085785; cv=none; b=QJqsHSw4JAposygSjpY/0Zxo70asxQf86t+ReXePx/f3IiMS9jeUoIft5dNiMpg398lPtdxvYskPf29y/H1WF90GOv0qT4CMsx8yGgLz0isSZG2yGhz2OgCJCpfQuKi4Q+7P9NUl/u2vGrt0WZVf75eRltv4uN5WPhnSskt49jc=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1709085785; c=relaxed/simple;
	bh=4on74mCYLeE6XaAwNoUjaXzsgV6wvEl6lBJmqfetf9k=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type; b=KKeib2hlhYbEFUV9xfMh8tQ77PI7SEyogCGDb/9VhO2AvZ4aRJz7ZoDmtoeQgnaNVve12cG0NNYi/j+R+kMoBz1aIqYd90XVsihCIthk3ZPwbhsIJGDX5CtImAW6i/Njplv98bw+uGCpiPoRORtl8BjwGZ8fMEDit2+66eYL3Es=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=RNfKPtf0; arc=none smtp.client-ip=209.85.128.202
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-6093f75fc81so438407b3.1
        for <linux-kernel@vger.kernel.org>; Tue, 27 Feb 2024 18:03:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1709085783; x=1709690583; darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=2cRk3uqvSbJiBHA3pyhGkClPVcG1HOgMZ3vlrWdyKlg=;
        b=RNfKPtf0FOjno52HqOg1L+E2Ncf7KNg1pCXFiGPr8aQp2k1Fi0+Jbav4dmR7Sdg3Sx
         WIQQIack4+Hf8X89I8XQFmO+Knxc5pqXlO+fN+7sJPZo4o9Lt9Nf4EFf+vixHYdK6O3j
         nhLQjY5zZH92KRoHJexIMSHoAducE43vF268hY986rYShBnPtlxz7HyPrQKyqpzE7Ihj
         r+UtbUhJcvBwCvQWQuo6WI2t3w3KhUGmF+mc5/tv2C4M7A5+hBcmcj/gEqVOLOh8WTlR
         pAlo40RZFcq0N7P1xXkBSg+0Pgf47tWAbpWeLrSvvbg3306mMWatgFJq7kvUnzzpKGQQ
         IYVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1709085783; x=1709690583;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=2cRk3uqvSbJiBHA3pyhGkClPVcG1HOgMZ3vlrWdyKlg=;
        b=aY/HrmzU8JEBd3HJh3A9P+aKnI274L9JinDyXq0R/tNpNfjF+eiNHSZZB89IDc2xNG
         H97DKiQFILvT2ZgUw5Tr058gS/ZV+mScoska7V2D8wcIZQzcNpmpl8DnqCu5Uq3W1VRo
         WCHHZCQEz94/Iao7HKrDSTlmub5qqtqST69Oi2knaNtcGepSoNZOpIZC6pqBb5Mr2V/Q
         Ma1MakrU2I4SnYECt4puIJkqGBXApYnf4DQlhvos0Gw0Hs2oLvDNthMZTpGy4OcFUhaW
         3poiEszDZ8Lbj/5GYdGUcWuJJl3vm1Fdqu1eLN/S/9U3yEij7jJH3v2igX45dwVOVQIW
         cLAA==
X-Gm-Message-State: AOJu0YxD2J0aFAbs+Tf81GPqyhvtZw7RrOrzy06Uzh7t1eADFGhftBre
	rz/Q8voHko/gGWedWgQpMobgVDtplrL9dn/lOP/hcT1YVmWg7Mkii+iNv4/IzHy2mlzmZAI+KnJ
	kcg==
X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a81:fe08:0:b0:608:f15:5ba7 with SMTP id
 j8-20020a81fe08000000b006080f155ba7mr907857ywn.0.1709085783122; Tue, 27 Feb
 2024 18:03:03 -0800 (PST)
Date: Tue, 27 Feb 2024 18:03:01 -0800
In-Reply-To: <20240227232100.478238-15-pbonzini@redhat.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20240227232100.478238-1-pbonzini@redhat.com> <20240227232100.478238-15-pbonzini@redhat.com>
Message-ID: <Zd6UVfhzdMp8z2O2@google.com>
Subject: Re: [PATCH 14/21] KVM: x86/mmu: pass error code back to MMU when
 async pf is ready
From: Sean Christopherson <seanjc@google.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, michael.roth@amd.com, 
	isaku.yamahata@intel.com, thomas.lendacky@amd.com
Content-Type: text/plain; charset="us-ascii"

On Tue, Feb 27, 2024, Paolo Bonzini wrote:
> Right now the error code is not used when an async page fault is completed.
> This is not a problem in the current code, but it is untidy.  For protected
> VMs we need to check that the page attributes match the current state of the
> page.  Async page faults can only occur on shared pages (because
> private pages go through kvm_faultin_pfn_private() instead of
> __gfn_to_pfn_memslot()), but it is risky to rely on the polarity of
> PFERR_GUEST_ENC_MASK and the high 32 bits of the error code being zero.
> So, for clarity and future-proofing of the code, pipe the error code
> from kvm_arch_setup_async_pf() to kvm_arch_async_page_ready() via the
> architecture-specific async page fault data.
> 
> Extracted from a patch by Isaku Yamahata.
> 
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  arch/x86/include/asm/kvm_host.h |  1 +
>  arch/x86/kvm/mmu/mmu.c          | 14 +++++++-------
>  2 files changed, 8 insertions(+), 7 deletions(-)
> 
> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
> index a4514c2ef0ec..24e30ca2ca8f 100644
> --- a/arch/x86/include/asm/kvm_host.h
> +++ b/arch/x86/include/asm/kvm_host.h
> @@ -1839,6 +1839,7 @@ struct kvm_arch_async_pf {
>  	gfn_t gfn;
>  	unsigned long cr3;
>  	bool direct_map;
> +	u64 error_code;
>  };
>  
>  extern u32 __read_mostly kvm_nr_uret_msrs;
> diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
> index f58ca6cb789a..c9890e5b6e4c 100644
> --- a/arch/x86/kvm/mmu/mmu.c
> +++ b/arch/x86/kvm/mmu/mmu.c
> @@ -4260,18 +4260,18 @@ static u32 alloc_apf_token(struct kvm_vcpu *vcpu)
>  	return (vcpu->arch.apf.id++ << 12) | vcpu->vcpu_id;
>  }
>  
> -static bool kvm_arch_setup_async_pf(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
> -				    gfn_t gfn)
> +static bool kvm_arch_setup_async_pf(struct kvm_vcpu *vcpu,
> +				    struct kvm_page_fault *fault)
>  {
>  	struct kvm_arch_async_pf arch;
>  
>  	arch.token = alloc_apf_token(vcpu);
> -	arch.gfn = gfn;
> +	arch.gfn = fault->gfn;
>  	arch.direct_map = vcpu->arch.mmu->root_role.direct;
>  	arch.cr3 = kvm_mmu_get_guest_pgd(vcpu, vcpu->arch.mmu);
>  
> -	return kvm_setup_async_pf(vcpu, cr2_or_gpa,
> -				  kvm_vcpu_gfn_to_hva(vcpu, gfn), &arch);
> +	return kvm_setup_async_pf(vcpu, fault->addr,
> +				  kvm_vcpu_gfn_to_hva(vcpu, fault->gfn), &arch);
>  }
>  
>  void kvm_arch_async_page_ready(struct kvm_vcpu *vcpu, struct kvm_async_pf *work)
> @@ -4290,7 +4290,7 @@ void kvm_arch_async_page_ready(struct kvm_vcpu *vcpu, struct kvm_async_pf *work)
>  	      work->arch.cr3 != kvm_mmu_get_guest_pgd(vcpu, vcpu->arch.mmu))
>  		return;
>  
> -	kvm_mmu_do_page_fault(vcpu, work->cr2_or_gpa, 0, true, NULL);
> +	kvm_mmu_do_page_fault(vcpu, work->cr2_or_gpa, work->arch.error_code, true, NULL);

This is silly.  If we're going to bother plumbing in the error code, then we
should use it to do sanity checks.  Things have gone off the rails if end up with
an async #PF on private memory.

>  }
>  
>  static inline u8 kvm_max_level_for_order(int order)
> @@ -4395,7 +4395,7 @@ static int __kvm_faultin_pfn(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault
>  			trace_kvm_async_pf_repeated_fault(fault->addr, fault->gfn);
>  			kvm_make_request(KVM_REQ_APF_HALT, vcpu);
>  			return RET_PF_RETRY;
> -		} else if (kvm_arch_setup_async_pf(vcpu, fault->addr, fault->gfn)) {
> +		} else if (kvm_arch_setup_async_pf(vcpu, fault)) {
>  			return RET_PF_RETRY;
>  		}
>  	}
> -- 
> 2.39.0
> 
>