Received: by 2002:ab2:b82:0:b0:1f3:401:3cfb with SMTP id 2csp134747lqh; Wed, 27 Mar 2024 18:04:58 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWJ339bSJvxUciYb0Y0S5iFlboSYxPXNVnebq0FMFF0qmGdxCk1S+T6Lc5gfuiycMKaMZzzNaTlxB8id05n0E1yiOCM6+SH9li+z9pZrg== X-Google-Smtp-Source: AGHT+IE2/er0KQFqDJZ42Q3xrQ6ur5Ajn6nVbd67jNxjzQsfAmD/Tfn7hh0oeZaJdJeGofUN6N9L X-Received: by 2002:a05:6a00:1253:b0:6ea:b690:f146 with SMTP id u19-20020a056a00125300b006eab690f146mr1815131pfi.15.1711587898118; Wed, 27 Mar 2024 18:04:58 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711587898; cv=pass; d=google.com; s=arc-20160816; b=JdErGBvkedgHpJ+qCpPShLk5nfDGuCI3n1HCLdpjCCBabHw7xkNHja40cCMnVcvChP YSYLuzqaweH7iT42XfSAxqLaxB5zDZ4+sPVjSFhtmBHHGhTRJEKD8y7ZYFDy6BlbBLMa nzp5N94XBWr+l9G0igF5fcFYxoyy5lkryMJG4qZ5Ot6nMUyd+CemCf8FLm3gGp+WVpiQ OAk2J9gSUZwJOIdud1NRezu5m/mQ3gaF+TPKV2q59hPvQQ7OzcmzFXSE6+N4aknYePmc Z2cdTN44BDn2hRF9Lo8uRQMKOMiRpZqqe03wokParlr7ub7kl0uv+/Fwkk8j//j5hJDT rvJQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature; bh=JsVfYrzpvf8rWft1mdt52LohqAVVlFwTc9JoNLiyX0s=; fh=9kqSjTKRDWgcfBgRpMpW9kyHeQWZouvaN/SAA9aA4HY=; b=BCCPZ0/gHBpRKDXtwqG9AEyAdQlyWQXujLKFlqN0o+iKVrKRYCGnX7e034ijHq8h7Q 1xNZ0pZ+xMFx3e4m9sWOw6FiGE0avyYqUixg3CJVJHEI2roCmSazbcorJbr5Iy9woToa HTbEtudZgogRbSk4HUym1WWpU/KjTdK1xXACU/TdJwYQ4UG9RWbgzveSS0U4hF66abBH CZ/tVvENU1kOXzDsXi8+h4lcWalWOUaGiQyopwxT271TXlMjmRIWa9PRA4cvvu/oUs+J CV9ykzBaJC4fVjHnfgTHV/gbhXqHE+cyz0vhloYMPmNU6n2D60pJ8YnSljQEIghyNKAT zxXA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="cj/wRyZG"; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-122254-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-122254-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id h127-20020a625385000000b006ea887b78c1si337825pfb.113.2024.03.27.18.04.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Mar 2024 18:04:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-122254-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="cj/wRyZG"; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-122254-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-122254-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id D999A2A58BE for ; Thu, 28 Mar 2024 01:04:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id DA3CE1C680; Thu, 28 Mar 2024 01:04:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="cj/wRyZG" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8C902386; Thu, 28 Mar 2024 01:04:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.19 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711587889; cv=none; b=XYsesrF3tQ5qGcvgJH6wAg+3JCAs01wXzmYBKm2KRUFhsCGNMnTkisk6S4mDlmn+bT7ix05ivkWX1StODf6V4I0ONPhiXclzu956J5LDr/31fDeItoq6jNIOiyJi0EGSXJcWbky4M7FxxaxAUJ0/YEKV8hxbnCx3zaG/RBwOgzw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711587889; c=relaxed/simple; bh=ODTY/+5GEj70aq4Me3Q78wpIvSHWibrd9gcFfA1okEk=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=owntYpJepqaq/F6A0xKF13amSvrA02SqEx4DbAU7sbNp3+2N3rLUIZfxVukTM96a538meG4TAhiYj46VdSuCq48oYbKqQjIPufplwcQZHn1BUhaEW6NAT9o0WgfYBsDy9IG9Yp++s6gpUDIbzMHRParHpOOU2DEirfjUcJG81bg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=cj/wRyZG; arc=none smtp.client-ip=198.175.65.19 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1711587887; x=1743123887; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=ODTY/+5GEj70aq4Me3Q78wpIvSHWibrd9gcFfA1okEk=; b=cj/wRyZGiYQkFzNLNGOgzZnl9CVrRQUKMSt1IWjVHPR6iCxUAQeBgvR+ 5PPWVmYUnG7labxm+DIbjH19TiSnuOZcgOIEAhQj5GJ11bOow/bgsWtb6 EeVzE5Oe3n9fY1kkCNljcGmNgppwgW+evDTxFeDFgN7l4gQ8LqFH98HAI h72+o6tqrjefBumI7mvTqbgqKmncFZTB5q0ht8V4OR5sBROjl9LLcNceQ YCNvNhpzvt2zxScVcQ9teGjeBpNC3AXxGAQkiGSpZub/PnUXgFv7KUqwf ZoGFtqHe8wKbf4Bcg8AtNRjeSf4K9gc90VERvZxfWyCD2KS1ewOv7gze9 g==; X-CSE-ConnectionGUID: OzRFaG3gScmnXe2pBlHxsg== X-CSE-MsgGUID: y9g6QfNJQ5qzNfW/0UNbDw== X-IronPort-AV: E=McAfee;i="6600,9927,11026"; a="6579149" X-IronPort-AV: E=Sophos;i="6.07,160,1708416000"; d="scan'208";a="6579149" Received: from fmviesa001.fm.intel.com ([10.60.135.141]) by orvoesa111.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Mar 2024 18:04:46 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,160,1708416000"; d="scan'208";a="47685904" Received: from xiaoyaol-hp-g830.ccr.corp.intel.com (HELO [10.124.224.7]) ([10.124.224.7]) by smtpauth.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Mar 2024 18:04:42 -0700 Message-ID: <494b2a74-1351-49f6-9d2e-57eda908c2b5@intel.com> Date: Thu, 28 Mar 2024 09:04:39 +0800 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v19 059/130] KVM: x86/tdp_mmu: Don't zap private pages for unsupported cases To: Isaku Yamahata Cc: "Edgecombe, Rick P" , "Gao, Chao" , "Zhang, Tina" , "seanjc@google.com" , "Huang, Kai" , "sean.j.christopherson@intel.com" , "Chen, Bo2" , "sagis@google.com" , "isaku.yamahata@linux.intel.com" , "linux-kernel@vger.kernel.org" , "Aktas, Erdem" , "isaku.yamahata@gmail.com" , "kvm@vger.kernel.org" , "Yuan, Hang" , "pbonzini@redhat.com" References: <20240325231058.GP2357401@ls.amr.corp.intel.com> <20240325233528.GQ2357401@ls.amr.corp.intel.com> <20db87741e356e22a72fadeda8ab982260f26705.camel@intel.com> <20240326174859.GB2444378@ls.amr.corp.intel.com> <481141ba-4bdf-40f3-9c32-585281c7aa6f@intel.com> <34ca8222fcfebf1d9b2ceb20e44582176d2cef24.camel@intel.com> <873263e8-371a-47a0-bba3-ed28fcc1fac0@intel.com> <20240328003637.GM2444378@ls.amr.corp.intel.com> Content-Language: en-US From: Xiaoyao Li In-Reply-To: <20240328003637.GM2444378@ls.amr.corp.intel.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 3/28/2024 8:36 AM, Isaku Yamahata wrote: > On Thu, Mar 28, 2024 at 08:06:53AM +0800, > Xiaoyao Li wrote: > >> On 3/28/2024 1:36 AM, Edgecombe, Rick P wrote: >>> On Wed, 2024-03-27 at 10:54 +0800, Xiaoyao Li wrote: >>>>>> If QEMU doesn't configure the msr filter list correctly, KVM has to handle >>>>>> guest's MTRR MSR accesses. In my understanding, the >>>>>> suggestion is KVM zap private memory mappings. >> >> TDX spec states that >> >> 18.2.1.4.1 Memory Type for Private and Opaque Access >> >> The memory type for private and opaque access semantics, which use a >> private HKID, is WB. >> >> 18.2.1.4.2 Memory Type for Shared Accesses >> >> Intel SDM, Vol. 3, 28.2.7.2 Memory Type Used for Translated Guest- >> Physical Addresses >> >> The memory type for shared access semantics, which use a shared HKID, >> is determined as described below. Note that this is different from the >> way memory type is determined by the hardware during non-root mode >> operation. Rather, it is a best-effort approximation that is designed >> to still allow the host VMM some control over memory type. >> • For shared access during host-side (SEAMCALL) flows, the memory >> type is determined by MTRRs. >> • For shared access during guest-side flows (VM exit from the guest >> TD), the memory type is determined by a combination of the Shared >> EPT and MTRRs. >> o If the memory type determined during Shared EPT walk is WB, then >> the effective memory type for the access is determined by MTRRs. >> o Else, the effective memory type for the access is UC. >> >> My understanding is that guest MTRR doesn't affect the memory type for >> private memory. So we don't need to zap private memory mappings. > > So, there is no point to (try to) emulate MTRR. The direction is, don't > advertise MTRR to the guest (new TDX module is needed.) or enforce > the guest to not use MTRR (guest command line clearcpuid=mtrr). Ideally, it would be better if TD guest learns to disable/not use MTRR itself. > KVM will > simply return error to guest access to MTRR related registers. > > QEMU or user space VMM can use the MSR filter if they want. > > >>>>>> But guests won't accept memory again because no one >>>>>> currently requests guests to do this after writes to MTRR MSRs. In this case, >>>>>> guests may access unaccepted memory, causing infinite EPT violation loop >>>>>> (assume SEPT_VE_DISABLE is set). This won't impact other guests/workloads on >>>>>> the host. But I think it would be better if we can avoid wasting CPU resource >>>>>> on the useless EPT violation loop. >>>>> >>>>> Qemu is expected to do it correctly.  There are manyways for userspace to go >>>>> wrong.  This isn't specific to MTRR MSR. >>>> >>>> This seems incorrect. KVM shouldn't force userspace to filter some >>>> specific MSRs. The semantic of MSR filter is userspace configures it on >>>> its own will, not KVM requires to do so. >>> >>> I'm ok just always doing the exit to userspace on attempt to use MTRRs in a TD, and not rely on the >>> MSR list. At least I don't see the problem. >> >> What is the exit reason in vcpu->run->exit_reason? KVM_EXIT_X86_RDMSR/WRMSR? >> If so, it breaks the ABI on KVM_EXIT_X86_RDMSR/WRMSR. > > It's only when the user space requested it with the MSR filter. right. But userspace has no reason to filter them because userspace can do nothing except 1) either kill the TD, or 2) eat the instruction.