Received-SPF: pass (google.com: domain of linux-kernel+bounces-126436-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Date: Mon, 1 Apr 2024 12:10:58 +0800
From: Chao Gao <chao.gao@intel.com>
To: <isaku.yamahata@intel.com>
CC: <kvm@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
	<isaku.yamahata@gmail.com>, Paolo Bonzini <pbonzini@redhat.com>,
	<erdemaktas@google.com>, Sean Christopherson <seanjc@google.com>, Sagi Shahar
	<sagis@google.com>, Kai Huang <kai.huang@intel.com>, <chen.bo@intel.com>,
	<hang.yuan@intel.com>, <tina.zhang@intel.com>
Subject: Re: [PATCH v19 101/130] KVM: TDX: handle ept violation/misconfig exit
Message-ID: <Zgoz0sizgEZhnQ98@chao-email>
References: <cover.1708933498.git.isaku.yamahata@intel.com>
 <f05b978021522d70a259472337e0b53658d47636.1708933498.git.isaku.yamahata@intel.com>
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <f05b978021522d70a259472337e0b53658d47636.1708933498.git.isaku.yamahata@intel.com>
Precedence: bulk
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?BuLORrxWSyU5vtXi7bmtokRJjH84yEAOI3dV4avoMO7e/jpeNyg0uPEjEwrO?=
 =?us-ascii?Q?xZrZ9axuvbCDtwXMPOvp4mf5mOc7in6j0SAbO2Bmnymzorcnoz8XmJWqGTXy?=
 =?us-ascii?Q?3FpioOweyPql4I9nA247YMDvY04qNR7vl/8Xx7Znz1a+M4jlyzIMrQdAgy4h?=
 =?us-ascii?Q?RADxZJsDRCSo7rbVktz/dQ+mfSZetVzozWFju2jhB8Im4ycXAI5dxlSjkkPp?=
 =?us-ascii?Q?/MbTand/8nDtnVxK2CR/EoO0pBoVJIrZi2qxUM9qq2Ui5nwFjDMDtCu4cYf7?=
 =?us-ascii?Q?ua7+aEOmmwTWaffqO+NYX/9+6eEoCILc5tEJi+NcZ+4OZAE8BCi/aD81AYLw?=
 =?us-ascii?Q?Bd8phzwzHO7/+whmP2YVTGWKfKZe60z+J86xrAj28cbqOlz2zAWeuLYtl2fC?=
 =?us-ascii?Q?RHcfawrZ0HqUS0GNtPhuMH5UK6UGByPIIOJiyugrx70zM56CVj+4IPZ3kjqq?=
 =?us-ascii?Q?cXQcxsSJZvu8ygbC2vZyfjyoR2YnKEyM0gG0AkxiWq4d9nHOyn914oZ9nn63?=
 =?us-ascii?Q?7KHOk5gI40CmDB1exOtm1wKuLpO5ql+eIrg+hr+RXyj2t+ivWRLmrFkFBuXx?=
 =?us-ascii?Q?WkS26HM1vSA4SLmE7YZCGuczNjpvvdkOCEn6nbXDbAp5RIEvLHDNsiuvfbg6?=
 =?us-ascii?Q?wlrQ63MjCD+hmW05luu2SE+9BfsR8HSliuGzPrhURB0C17nNY7eKJfCi21SX?=
 =?us-ascii?Q?vlusck2HezvAtvAFY71n1i+b+UKKrqRhnkWbregsNOjzHLq1Hwf6ycBCVeSp?=
 =?us-ascii?Q?GkCRnhxjEyfs0QaRvcQO8zkgQJi9yf8HTTejgmByPgnOX6xNm+is1JInHcqv?=
 =?us-ascii?Q?QM5sf5HY8yNBNjLdGWO+T2dOtCI+4KvNqMIrKeIohho/djJP1L4jmREW2gvl?=
 =?us-ascii?Q?07PBO1+cShrsj6VEbPBMVjNr4IdarqslFm1nVjg+RNYrrjerz/OT5RssUacq?=
 =?us-ascii?Q?haqi86x05O+drms1RHZqjLpg6i4J6b090mf4lZsSuR4I4rrCoxDvnlklOAsf?=
 =?us-ascii?Q?ukDzDJFdaw7ki2L7QdMxEzs5OPK7qNciUBntzICnOV801Q/p07g5cawDhPM1?=
 =?us-ascii?Q?WQTd6HET+CHR+M/evTg6VsBFgal6HQ0L18PccH7TO+JZUxgiDHEprYD+Vpwy?=
 =?us-ascii?Q?p/0vMEIq3xUqolfrnCbcn3Ep+Xae3rZxkvtmynSwRab6JZ/pz0HvM+hKbU4v?=
 =?us-ascii?Q?opZt/zOaDkEC07vtrfBJzoC+zsgZJm0/6BL6f8w1cdOttjdBVg7CS83aXvqU?=
 =?us-ascii?Q?3BNPQYP8VX+LGsvtWi2YEcToiQzndEHlupSIFbT5AR7QSSsuUwJT/Z8VrLUV?=
 =?us-ascii?Q?DbsyIqjd5Me/4/8RVoDjeh/SyilduJ8+0/iB1fmJmrySGL7XM874QOn8Of5A?=
 =?us-ascii?Q?5zO9zQASMYQov97Sm4KI1Oh1JwRGuIbcTzjbloSxDbc8iuzrnYwF3u5PW5GZ?=
 =?us-ascii?Q?ZSQTBsDxABDDHEQllwgJsx4GeGGggcvUJwTK7ByPUKQVzLi4+yPdgvFfMAXP?=
 =?us-ascii?Q?8UUNNtbQuQ3gfXQDHJH+HEmvOXelwXLyEndkVj2UbnZpBf9dufFVRKw1xUeP?=
 =?us-ascii?Q?ns+UQ/42VbrdkcqhcW5KMfTSxyrWV0m/PvDzKjlf?=
X-MS-Exchange-CrossTenant-Network-Message-Id: c68f1f5b-ff8b-4a78-cf3f-08dc5201c1a4
X-MS-Exchange-CrossTenant-AuthSource: CH3PR11MB8660.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2024 04:11:07.8626
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: A8aJvBRUjOBTH4MzJ4zrMLfrSXFb7kx9URkWw+J2sOjIRxwIuEaccv5sgmTDWOMpfBmpEY2PrRHFUSCWeZE7Mw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR11MB4900
X-OriginatorOrg: intel.com

>+static int tdx_handle_ept_violation(struct kvm_vcpu *vcpu)
>+{
>+	unsigned long exit_qual;
>+
>+	if (kvm_is_private_gpa(vcpu->kvm, tdexit_gpa(vcpu))) {
>+		/*
>+		 * Always treat SEPT violations as write faults.  Ignore the
>+		 * EXIT_QUALIFICATION reported by TDX-SEAM for SEPT violations.
>+		 * TD private pages are always RWX in the SEPT tables,
>+		 * i.e. they're always mapped writable.  Just as importantly,
>+		 * treating SEPT violations as write faults is necessary to
>+		 * avoid COW allocations, which will cause TDAUGPAGE failures
>+		 * due to aliasing a single HPA to multiple GPAs.
>+		 */
>+#define TDX_SEPT_VIOLATION_EXIT_QUAL	EPT_VIOLATION_ACC_WRITE
>+		exit_qual = TDX_SEPT_VIOLATION_EXIT_QUAL;
>+	} else {
>+		exit_qual = tdexit_exit_qual(vcpu);
>+		if (exit_qual & EPT_VIOLATION_ACC_INSTR) {

Unless the CPU has a bug, instruction fetch in TD from shared memory causes a
#PF. I think you can add a comment for this.

Maybe KVM_BUG_ON() is more appropriate as it signifies a potential bug.

>+			pr_warn("kvm: TDX instr fetch to shared GPA = 0x%lx @ RIP = 0x%lx\n",
>+				tdexit_gpa(vcpu), kvm_rip_read(vcpu));
>+			vcpu->run->exit_reason = KVM_EXIT_EXCEPTION;
>+			vcpu->run->ex.exception = PF_VECTOR;
>+			vcpu->run->ex.error_code = exit_qual;
>+			return 0;
>+		}
>+	}
>+
>+	trace_kvm_page_fault(vcpu, tdexit_gpa(vcpu), exit_qual);
>+	return __vmx_handle_ept_violation(vcpu, tdexit_gpa(vcpu), exit_qual);
>+}
>+
>+static int tdx_handle_ept_misconfig(struct kvm_vcpu *vcpu)
>+{
>+	WARN_ON_ONCE(1);
>+
>+	vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
>+	vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_UNEXPECTED_EXIT_REASON;
>+	vcpu->run->internal.ndata = 2;
>+	vcpu->run->internal.data[0] = EXIT_REASON_EPT_MISCONFIG;
>+	vcpu->run->internal.data[1] = vcpu->arch.last_vmentry_cpu;
>+
>+	return 0;
>+}
>+
> int tdx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t fastpath)
> {
> 	union tdx_exit_reason exit_reason = to_tdx(vcpu)->exit_reason;
>@@ -1345,6 +1390,10 @@ int tdx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t fastpath)
> 	WARN_ON_ONCE(fastpath != EXIT_FASTPATH_NONE);
> 
> 	switch (exit_reason.basic) {
>+	case EXIT_REASON_EPT_VIOLATION:
>+		return tdx_handle_ept_violation(vcpu);
>+	case EXIT_REASON_EPT_MISCONFIG:
>+		return tdx_handle_ept_misconfig(vcpu);

Handling EPT misconfiguration can be dropped because the "default" case handles
all unexpected exits in the same way


> 	case EXIT_REASON_OTHER_SMI:
> 		/*
> 		 * If reach here, it's not a Machine Check System Management
>-- 
>2.25.1
>
>