Received: by 2002:a89:2c3:0:b0:1ed:23cc:44d1 with SMTP id d3csp800578lqs; Tue, 5 Mar 2024 18:02:31 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXd25OodUg+yI2vyLk3EFkvBXuTsgJHFTvWb7mi+Hg7o1GRh1letReVefnwHKwUX4y4U3josf0j5263+P07OtZpqm9hLZDrmVf05PE42w== X-Google-Smtp-Source: AGHT+IFSYtdxyjF64dhOOwhojLmg5FQK+xeG646OtHk9bIjGeznmK/9nfKYNR38/lMfJzDteJ8Zn X-Received: by 2002:a05:6102:b07:b0:472:71f0:e6b9 with SMTP id b7-20020a0561020b0700b0047271f0e6b9mr4123250vst.8.1709690551692; Tue, 05 Mar 2024 18:02:31 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709690551; cv=pass; d=google.com; s=arc-20160816; b=b6O6dQBzZTXU8WYh3CI4NzmtdPvQqzieVZdVNIFAIDX7BEy25gGJ61obi4HvTSIDAt /kXYF/VxA5MqoMwfbsqlp9K0OV/91pmEy+04BgLA6Uq5SOoAQQkV7sKxTimp13bKCaa5 nGUt66aOsoqqlAWs5YXW8b37yekMh6TiuvbK4nCy0xRaufrtmy9iYOcN571DZsnHzAz4 t57X/umfl3dmCjBsrgPnKeH5/Q04g7kB7qHPSpdAFvSyrArsygJVhQjAaj//RFpwI2PG Y2LLXaODkuhJ1nf68HbNIGjf7QmpS+8TVNgYXs/CEqyp3AL/di3DwCA8JeXyjY0Fjtsm HeZA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :dkim-signature; bh=cgtE41l9iCbMAdWAWVcpbmBmFwz/dS6MgbuAWiL0tj0=; fh=vjvS1A/cwRx2mFsodzIn1bTsBsB/PVUPBaGc/qLrHqU=; b=b+Sj09Hnx9ZUkIw1PcMvb5LfSVdpdtmqxoszoem2HefbKsDo+pPh/hmcK5sRYGDqg3 nwDVM6Nkr7900OmZmvG7GFsAd5i4cVbmhGFTl+NmAVKlNcMePv+BS4xgixcW+uAhImxz NcMwcBtSjPeZY7/1A4OZkA8SMdEJnLOZ/qbAXcMiUzOp06Lo8ZJd//nkgU3w2tsG6JST sLmCyiWVi5Xbicor9nlAu0EZ5CRK7vpBoXKQ2ItnbMY9sHta4M11bfY+QIHoBMk7pW6J FwQ1Zfsu0nsmQnmVTzP5YF+jrdZDboLrZwgDxudaUioktUlH9EUhNI63ZDp8lWfAGzZv ouzg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=utogkRrk; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-93225-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-93225-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id w4-20020a67c904000000b00472d641d6e7si700796vsk.215.2024.03.05.18.02.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Mar 2024 18:02:31 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-93225-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=utogkRrk; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-93225-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-93225-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 655971C21934 for ; Wed, 6 Mar 2024 02:02:31 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id F22B5DDA9; Wed, 6 Mar 2024 02:02:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="utogkRrk" Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A957CD517 for ; Wed, 6 Mar 2024 02:02:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709690529; cv=none; b=r6uLLHopQAQYkMWVPanz9I5mXl155ixzXImtkFIi+09dOPTGMBL5xtsbVMY1RmX8qaIuNl4bdjYX6CPw4wxTquJePrv/a8IeztjbJHUEKkEDwYZJDWVmztgA55QbRqWKKBxD2esp/zkiewt8950/WtG0fHbMF2bNAW9geiyq/1Y= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709690529; c=relaxed/simple; bh=sj3Ndp8Opn8SFftC+mF5wy9/jACmHxqK0vbq4I+R76A=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=aHbsHaqxeFxNyWNn9wKGNAQzx9f2bHoj6fjphr+9r0BP5bep2R+0Mjm6lZgTMa6PNnaGIBKuSGY0Skx/OFMbYC0rLWfDEX49rBlKtQcTnDg5uhwNgb1xYHrwaQ3elupFwguREWXRdoDLDbPteI9puc9BBBmp/+kZCGhbSPul3MY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=utogkRrk; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-dc746178515so762361276.2 for ; Tue, 05 Mar 2024 18:02:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1709690527; x=1710295327; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=cgtE41l9iCbMAdWAWVcpbmBmFwz/dS6MgbuAWiL0tj0=; b=utogkRrkPApnUcTlU5sBTWWEi9jelbMAGtB3RUoH1WJMrjjqedIvdnsRkjQJb0lbmt BBWkoQ4xEbo5QowpV9887J8LvAswGpF8STuRX3la/c5+NbmKVcBuGb3zbV6JtHb//BtQ kclJsnfHuGV+f/gHBckerVpHv7YzUSkh2FhDISZmo7fptBHheYJEMqmqzlvJPkw1DqD5 ZcZrkPNPpUYESBFvQNp8Bu794PEC7/AChzf1+uLmIkSd/v0u+L5VcaTbeRu3lMJA0tY2 IfD1bK4tmFHwNkXFTZbS+n7jXEsOujxik2o3AgCsJlX3cjvVej97toU7T/BPaD3i2x8S eJow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709690527; x=1710295327; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=cgtE41l9iCbMAdWAWVcpbmBmFwz/dS6MgbuAWiL0tj0=; b=XxbqHL0YkD57x1DiWJa5WUvxr5QaVeP0sE9rRnGw+4FH/wuJIrbb2Q8vk/mk7fuhSs xTp2DaOUGI3Nkr/wJnRoP5ODgCGyNGQaKtUr8uqEEod2bvRD/oaIqHiE8p9pdc1LQc1L mAHdw1jJWP3sNx3160GrbpmQzN0aVSHFEv/A+Js0JyH4f5D0drJDqh0dCByT/FbICwqP kT1LzJqXGP7dL4p2K9NTIlwYukP2iiOHB+QzHzXlyf0lKG/q9izhs3dwL6vw5uAdpuEo iHtSmGAlsxalksprvX7y9rUzkPhc9NvGlkz3qdJO1+Xb5HTJkitKtSfj7dRlLlYM3vxg s5Cg== X-Forwarded-Encrypted: i=1; AJvYcCU2vO1gMemH9e5JM2fOmT4WG6ymUFsyXDGE6vTebqIjKcYOmyGl8/wzyyiRvMc4zx+4r3yiXqhlFyB78B66Xl5E6YHiTKm2/TUzb+OF X-Gm-Message-State: AOJu0Yy/O2cFf020KlDxCcDgU4l9NXeXc74cyI37/EM93HraJpBYWQfB 3K3Y8QpLl7QEfzJZdvGEZlR1wsEyKdNoeVqU2eqNgpI7/W6aXEe/79QnHce5vbWtNEKIeIPzH6e P5w== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6902:2181:b0:dc6:ff54:249f with SMTP id dl1-20020a056902218100b00dc6ff54249fmr3435657ybb.8.1709690526675; Tue, 05 Mar 2024 18:02:06 -0800 (PST) Date: Tue, 5 Mar 2024 18:02:05 -0800 In-Reply-To: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240228024147.41573-1-seanjc@google.com> <20240228024147.41573-10-seanjc@google.com> Message-ID: Subject: Re: [PATCH 09/16] KVM: x86/mmu: Move private vs. shared check above slot validity checks From: Sean Christopherson To: Kai Huang Cc: Paolo Bonzini , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Yan Zhao , Isaku Yamahata , Michael Roth , Yu Zhang , Chao Peng , Fuad Tabba , David Matlack Content-Type: text/plain; charset="us-ascii" On Wed, Mar 06, 2024, Kai Huang wrote: > > > On 6/03/2024 1:38 pm, Sean Christopherson wrote: > > On Wed, Mar 06, 2024, Kai Huang wrote: > > > > > > > > > On 28/02/2024 3:41 pm, Sean Christopherson wrote: > > > > Prioritize private vs. shared gfn attribute checks above slot validity > > > > checks to ensure a consistent userspace ABI. E.g. as is, KVM will exit to > > > > userspace if there is no memslot, but emulate accesses to the APIC access > > > > page even if the attributes mismatch. > > > > > > IMHO, it would be helpful to explicitly say that, in the later case (emulate > > > APIC access page) we still want to report MEMORY_FAULT error first (so that > > > userspace can have chance to fixup, IIUC) instead of emulating directly, > > > which will unlikely work. > > > > Hmm, it's not so much that emulating directly won't work, it's that KVM would be > > violating its ABI. Emulating APIC accesses after userspace converted the APIC > > gfn to private would still work (I think), but KVM's ABI is that emulated MMIO > > is shared-only. > > But for (at least) TDX guest I recall we _CAN_ allow guest's MMIO to be > mapped as private, right? The guest is supposed to get a #VE anyway? Not really. KVM can't _map_ emulated MMIO as private memory, because S-EPT entries can only point at convertible memory. KVM _could_ emulate in response to a !PRESENT EPT violation, but KVM is not going to do that. https://lore.kernel.org/all/ZcUO5sFEAIH68JIA@google.com > Perhaps I am missing something -- I apologize if this has already been > discussed. > > > > > FWIW, I doubt there's a legitmate use case for converting the APIC gfn to private, > > this is purely to ensure KVM has simple, consistent rules for how private vs. > > shared access work. > > Again I _think_ for TDX APIC gfn can be private? IIUC virtualizing APIC is > done by the TDX module, which injects #VE to guest when emulation is > required. It's a moot point for TDX, as x2APIC is mandatory.