Received: by 2002:a89:2c3:0:b0:1ed:23cc:44d1 with SMTP id d3csp776778lqs; Tue, 5 Mar 2024 16:56:11 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWDdCz5mQz+9Gha3DUM7/HClS/+Fqq1PR8cROau9SC4My4WHkLt0Z+FFnlPJIOKhqE1xY1su7RDcDwiQRtB/HOmN2txS9QGPbqMpl7gHg== X-Google-Smtp-Source: AGHT+IGvF+9xQ0Fd9QxjE+OTHVTJxskkb7CMJjOdwzpSArsEkyeAzB9kV2081RI39E8gSgB+Ftmo X-Received: by 2002:a05:6a20:2589:b0:1a1:156f:44cb with SMTP id k9-20020a056a20258900b001a1156f44cbmr4048669pzd.30.1709686570868; Tue, 05 Mar 2024 16:56:10 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709686570; cv=pass; d=google.com; s=arc-20160816; b=K+tnX1qnjQb0HDkHgSqgO9hfm66p2JO5rqXSntAA04pQbeOXecVZ1OpsmRUmM+OLpN M9OFfHBGN63roSVEimCTrGiIS6kssT5vtWP49v06tda1wdsJd+HIa+hQi8IdyIlHvaIs zVlEYxxE3CGHToBhdFksUu7o5bcU6B6idAtMGUzvIN+5wq98B0Pkfk9VbKdrReB15jfB 5JLvzewScrxJt1J9DUkoVxkqsfqKdbWqwcFPDVF6TeDocFhBD3CO2Dh6X3E2d1kul/yO Ff+0y+3Qe5BEPRzqgR68hwHGypX/p/enL/wM/h44vF2hQeE7eiC8x3MeTN1XaqBwdcX9 Jw4Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :dkim-signature; bh=/i3rfw64O52qXGZ4d4T6bC7gn+jBl0OoygyLhiTiv84=; fh=G5VRmh+9j9BEjDc+6Xdw55z93M+uSHlXBPGNDQqnoe4=; b=Zw0/JdbzzSM/yGET5Rw5W9Patj/tDDFfyzAVLP/R5tsDlGqgciAYVWoJB8wlC+fQCY y+hy9zzorjXGBeRsiBaB+ZrNbQgGyKRzPyFKv3rUuA3BfenZMyUyobtV33XRAiuvICJj wLZjVqnYLu3Is7ke0eP3Yi6jRBBAtyzcMBhEGUyMq8epA2Nu6viSUZp8FqN3TsA7tTfb 9dYpnov/eESYHAROWU0DiyIbvMyPNzJufk0NtKRh5H2GcH6lU4GCP7X/CNqULqF7rUY2 zXipyeP2TE9zlKnDCaD7W5CyWCl4W6U5w7FwV3pAebSCKtjndvY+rLbrENH5uyDkZFx5 QZdA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=0euno7dS; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-93172-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-93172-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id my14-20020a17090b4c8e00b0029b5a41d452si3100228pjb.94.2024.03.05.16.56.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Mar 2024 16:56:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-93172-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=0euno7dS; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-93172-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-93172-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 50978B220CF for ; Wed, 6 Mar 2024 00:39:12 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 62A016FD1; Wed, 6 Mar 2024 00:39:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="0euno7dS" Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2B86E1870 for ; Wed, 6 Mar 2024 00:39:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709685542; cv=none; b=IVP4YQFc46FJ/UuuhD9ywKIaP+V8us9zQMust6TYaZmxwZW3lcwheQhNYw9dGttqQck7Ho1TZhq8Da4LWsGTTyCx7oXXf2NPZPVisJDxWMRGn9QoXCRNNjmRC6AL7BY3MUL9Nc59CJcqF20d6BwCQf6h8Fle0v28ba8isoOy01U= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709685542; c=relaxed/simple; bh=19srNkeRmKulCVt7yRP8P5lYwBwZ5dAunV44wgovb7g=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=fo7fCQrEeGV5fuOpiD+/rX6SfdH2lir9d32SmNkekbKWNhMux1ig9tEBByo6LB8j2A4F37D9rR5PPbnIKS5dlxVC5juRZlmDpm/Uob1qFeQVrD0+OQgMYjmfeTauqLTRVL54MD17uBf9yQ+Bl1NFU0axNezp5f8pSiPm27hRHE8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=0euno7dS; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-dc693399655so11587011276.1 for ; Tue, 05 Mar 2024 16:39:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1709685540; x=1710290340; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=/i3rfw64O52qXGZ4d4T6bC7gn+jBl0OoygyLhiTiv84=; b=0euno7dS8aC+u17jPskbyw25I+CmThVyNw//SFdM8p0duoJBxvxZmstx0FB3sGNdd5 AmpKmqx+ECNlPIyI33oEcJKjWN4v3a3F9I3LIscKFXtS3LEOvggtRWrP/Sx8QeyZ7nK2 hCnHuo46js8srw01wQiVSKMQl5kP/DXQPgM8WdVgjq25NuVVRv3yzLfzAOH7VZDagA9P Nciym+UUNNRAl2nRpZH+4PLkM1vHaIlMaZCTgOJuGar1CU7CAeSPdLGGSqcB6lGUVeug wKX7S1uml7E0q6DVf3/7lQxNtvNSlubas+1KlYRO9ziLUVG107V5pCgHeTOzYZ8ap9IR Yp9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709685540; x=1710290340; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=/i3rfw64O52qXGZ4d4T6bC7gn+jBl0OoygyLhiTiv84=; b=BlwcgHfeF5mdXkHjb359t/jXOEY0lQfpWYW3p4O2neTgSyZgBs/TUqj4o62fCdvjUY KJjWUt7wMfLdOL29szONmVwzzXjNQtI3qMP2oVIVpUvQL428pq7yaDrO1269XXVZBgAI eoHB21kWkise6o286up5tXX0h7eqD98o+qN1zPLpO2/jvzfnaI63gAakkf2UW/JrNjFX mPvbQlhlNxgsnM/rb2V1Sp8MORToRrMcNVE+H0wdckxtDtc09XGeT9DZHxLVfDQv4sBM 14on0B60rZcwXamRv+9L8gIHxrYRhWfL8kLaHORs9YZGKGKZRSZfL0zBjLI0162JCNac WRLg== X-Forwarded-Encrypted: i=1; AJvYcCVft0nNmha3hqikazHMjj31p3im2ClpfCFv8qr9RIWHDJKir3gcLx6v8QD4UVq7Zpt53L8q+doWpaOfZNPA5ASzOJt2GC6TiZUvg7IU X-Gm-Message-State: AOJu0Ywuo29my2UVYa8PM2htGZHJVNiflmc08kJWgb+lIt29IA+DoZ2H wqlv9HdIkfswlCycfYi98MB+1GoFnDHKdneJ+KyJVpETIZqTlZtbz+IfdSMye1C/M/hooU6kVDu KsA== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:dc47:0:b0:dcd:25be:aefb with SMTP id y68-20020a25dc47000000b00dcd25beaefbmr3445801ybe.13.1709685540197; Tue, 05 Mar 2024 16:39:00 -0800 (PST) Date: Tue, 5 Mar 2024 16:38:58 -0800 In-Reply-To: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240228024147.41573-1-seanjc@google.com> <20240228024147.41573-10-seanjc@google.com> Message-ID: Subject: Re: [PATCH 09/16] KVM: x86/mmu: Move private vs. shared check above slot validity checks From: Sean Christopherson To: Kai Huang Cc: Paolo Bonzini , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Yan Zhao , Isaku Yamahata , Michael Roth , Yu Zhang , Chao Peng , Fuad Tabba , David Matlack Content-Type: text/plain; charset="us-ascii" On Wed, Mar 06, 2024, Kai Huang wrote: > > > On 28/02/2024 3:41 pm, Sean Christopherson wrote: > > Prioritize private vs. shared gfn attribute checks above slot validity > > checks to ensure a consistent userspace ABI. E.g. as is, KVM will exit to > > userspace if there is no memslot, but emulate accesses to the APIC access > > page even if the attributes mismatch. > > IMHO, it would be helpful to explicitly say that, in the later case (emulate > APIC access page) we still want to report MEMORY_FAULT error first (so that > userspace can have chance to fixup, IIUC) instead of emulating directly, > which will unlikely work. Hmm, it's not so much that emulating directly won't work, it's that KVM would be violating its ABI. Emulating APIC accesses after userspace converted the APIC gfn to private would still work (I think), but KVM's ABI is that emulated MMIO is shared-only. FWIW, I doubt there's a legitmate use case for converting the APIC gfn to private, this is purely to ensure KVM has simple, consistent rules for how private vs. shared access work.