Received: by 2002:ab2:1149:0:b0:1f3:1f8c:d0c6 with SMTP id z9csp2899950lqz; Wed, 3 Apr 2024 11:44:25 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVcOtSMHraE/TZPCNazZi7nf1nZnKxEW/etDkLCh3Lzazhh1N3hnTsSasaiMSNvXcKDe4psFU6Ptgkb6urm6aQsPUkdkdAA2gwGrxwITQ== X-Google-Smtp-Source: AGHT+IHtD0P0DKjMGfdR7tpGhKRtvjq+ctniiygrjlDqQztaOhe3S4+p/Xdkxls4vj+fIuDCZVY4 X-Received: by 2002:ac2:5624:0:b0:513:5dc3:9ebb with SMTP id b4-20020ac25624000000b005135dc39ebbmr217242lff.4.1712169865760; Wed, 03 Apr 2024 11:44:25 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712169865; cv=pass; d=google.com; s=arc-20160816; b=04eVAtNdtEtlDdtGe0tKiDMZDFvDklg/+cBw//qlDGPaVz6SjVHYGQDP5acQLRL9uq euWUYqcKV3mcSR5ssSDsjWJdvp2MtOTLMb8yzNlpXGfs4LscArczS6i3FR3DE8MIhROx FVH3dYNfF83N9rygT6wAPxGwZUdt5qyHlvSqWTZEgs3FkbVvH01sRWyCHA9SxPuaG76z t+fa0Y0FLwhc5DfGNRlUCnQ2DIFkoPhm6TPrbSP8euiymj2NIIRoLStHvwS+z13YIVdr QcdhOOPTiPdYfOCGjYLt2aqXNRPBu1hau0VwsoM4B+pm9UvT/DpJ98myrl5eho4ANF96 PyiQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=mABubARY8XiO8l9bKcARP2J3o2pWmSRws8yPdNNRB0I=; fh=tt0CEY5xhom/IlvDKU6vi+rzDvhB3cKAIKF4sAkibAI=; b=dItf8vbfsT0h6FopY3slZWUpLICPS01t/r+knWRvYPX97N+L4J/XixisVl9uaJf1U9 0e7U53zIR+JMMKNjhvMAKYOijh6Y01GAkrmZS+t6k6ejbZ8IEPHeoPZIwuIH163SzADZ H4JFMJnvl80Zk/2gho8NC5OnWbqIY0/Kwt8l7yj6r0KDunuUHyt7XjF3Ywntq3WkUJbZ oPDEMANOQr7z++MFKWOxZ1Eee7R3tqaJanwPgYOw1cp1ic5mSD6GE1+5uYbk/DB6G/Mg U35f93itSJwefbMtQD93wgBM1sSHlynkeFKGIYz23xHEPcaQkx9Arcl+7W/1/NM+z+ua v1Xg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="Vh/U0a5Y"; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-130454-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-130454-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id x9-20020a1709064bc900b00a4e25425c7fsi6612353ejv.719.2024.04.03.11.44.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Apr 2024 11:44:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-130454-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="Vh/U0a5Y"; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-130454-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-130454-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id EAF6C1F27F62 for ; Wed, 3 Apr 2024 18:42:54 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1E428155310; Wed, 3 Apr 2024 18:42:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Vh/U0a5Y" Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5492115443D; Wed, 3 Apr 2024 18:42:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.15 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712169741; cv=none; b=c4A8R5mPv3JitAnzFi4Dys5GGuYSBi04e3nG6SJhDwWaPEjJFh3sxdEUwNYiUkl+vbVDB7W0zxTSVS2S3jnG3HwdD+FVuHRzKGMHtWxtauTNOOBl/6UnjSF7DxV3AIsljj6bJet7vtAOcWzHk3Cd2wU+iLOWoQPBIEWl1qHUc3Q= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712169741; c=relaxed/simple; bh=4JVyEyoYbipbxSWd/wP8gsZCAW+Sod7HLMF2MXV2s08=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=j9Ee9VryYAdx70Yd7PpK4grBeAePdyvZQ9YzOGTupvcl8QTtVD6+zQu3j+ux9We9KJcxSlOqNAyxUDepfHEDG4Kp4s6yHwHyoTItIccZEv++uaC54nEpoQi/NEcvJ3QbRwcmkkBVr9A147MN2CNklxCx1rKpocD6g63++LNkNg4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Vh/U0a5Y; arc=none smtp.client-ip=192.198.163.15 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1712169739; x=1743705739; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=4JVyEyoYbipbxSWd/wP8gsZCAW+Sod7HLMF2MXV2s08=; b=Vh/U0a5Y7z1TdUveeS0ErOhih+IxpONd31HNqWBluuK8CogBHUIPghau ElVW2yoTK2pA3L/WD8DeIn63D7UJKNPK5jey28RV/g+AcI78hhgY+nJZg n0E0ffcpnFk7W8ugRQtohvDzXFLUoLtZJJ8pAXQQNXRzpKBDjrRCXmn7L tW0FIslPAIGd/rY9fbM4ONbxpBUXmSImaAtIHQP7ui/ys06MHwQOUaOWh grYCUQjzI9FwpIVAWHHwFHHyur57iZq61xqymmB6z1m79sMLNLXIZP7MT yL1jDwT7D8ipjBKeOP5JJ8DtLHtlFOfhlMWmawfSYsqHVWeuW+0MwAc30 g==; X-CSE-ConnectionGUID: b6ktroVYQL20TO2HH2WXlA== X-CSE-MsgGUID: d2UC0cZOQnW3vlGK/ywosg== X-IronPort-AV: E=McAfee;i="6600,9927,11033"; a="7611409" X-IronPort-AV: E=Sophos;i="6.07,177,1708416000"; d="scan'208";a="7611409" Received: from orviesa010.jf.intel.com ([10.64.159.150]) by fmvoesa109.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Apr 2024 11:42:18 -0700 X-CSE-ConnectionGUID: 5Ic5RadQQLWb1NA4KICpQA== X-CSE-MsgGUID: xXvb5k7RSHmzu85oVxvBgQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,177,1708416000"; d="scan'208";a="18375601" Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.31]) by orviesa010-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Apr 2024 11:42:18 -0700 Date: Wed, 3 Apr 2024 11:42:16 -0700 From: Isaku Yamahata To: Chao Gao Cc: isaku.yamahata@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar , Kai Huang , chen.bo@intel.com, hang.yuan@intel.com, tina.zhang@intel.com, isaku.yamahata@linux.intel.com Subject: Re: [PATCH v19 101/130] KVM: TDX: handle ept violation/misconfig exit Message-ID: <20240403184216.GJ2444378@ls.amr.corp.intel.com> References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: On Mon, Apr 01, 2024 at 12:10:58PM +0800, Chao Gao wrote: > >+static int tdx_handle_ept_violation(struct kvm_vcpu *vcpu) > >+{ > >+ unsigned long exit_qual; > >+ > >+ if (kvm_is_private_gpa(vcpu->kvm, tdexit_gpa(vcpu))) { > >+ /* > >+ * Always treat SEPT violations as write faults. Ignore the > >+ * EXIT_QUALIFICATION reported by TDX-SEAM for SEPT violations. > >+ * TD private pages are always RWX in the SEPT tables, > >+ * i.e. they're always mapped writable. Just as importantly, > >+ * treating SEPT violations as write faults is necessary to > >+ * avoid COW allocations, which will cause TDAUGPAGE failures > >+ * due to aliasing a single HPA to multiple GPAs. > >+ */ > >+#define TDX_SEPT_VIOLATION_EXIT_QUAL EPT_VIOLATION_ACC_WRITE > >+ exit_qual = TDX_SEPT_VIOLATION_EXIT_QUAL; > >+ } else { > >+ exit_qual = tdexit_exit_qual(vcpu); > >+ if (exit_qual & EPT_VIOLATION_ACC_INSTR) { > > Unless the CPU has a bug, instruction fetch in TD from shared memory causes a > #PF. I think you can add a comment for this. Yes. > Maybe KVM_BUG_ON() is more appropriate as it signifies a potential bug. Bug of what component? CPU. If so, I think KVM_EXIT_INTERNAL_ERROR + KVM_INTERNAL_ERROR_UNEXPECTED_EXIT_REASON is more appropriate. > >+ pr_warn("kvm: TDX instr fetch to shared GPA = 0x%lx @ RIP = 0x%lx\n", > >+ tdexit_gpa(vcpu), kvm_rip_read(vcpu)); > >+ vcpu->run->exit_reason = KVM_EXIT_EXCEPTION; > >+ vcpu->run->ex.exception = PF_VECTOR; > >+ vcpu->run->ex.error_code = exit_qual; > >+ return 0; > >+ } > >+ } > >+ > >+ trace_kvm_page_fault(vcpu, tdexit_gpa(vcpu), exit_qual); > >+ return __vmx_handle_ept_violation(vcpu, tdexit_gpa(vcpu), exit_qual); > >+} > >+ > >+static int tdx_handle_ept_misconfig(struct kvm_vcpu *vcpu) > >+{ > >+ WARN_ON_ONCE(1); > >+ > >+ vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; > >+ vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_UNEXPECTED_EXIT_REASON; > >+ vcpu->run->internal.ndata = 2; > >+ vcpu->run->internal.data[0] = EXIT_REASON_EPT_MISCONFIG; > >+ vcpu->run->internal.data[1] = vcpu->arch.last_vmentry_cpu; > >+ > >+ return 0; > >+} > >+ > > int tdx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t fastpath) > > { > > union tdx_exit_reason exit_reason = to_tdx(vcpu)->exit_reason; > >@@ -1345,6 +1390,10 @@ int tdx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t fastpath) > > WARN_ON_ONCE(fastpath != EXIT_FASTPATH_NONE); > > > > switch (exit_reason.basic) { > >+ case EXIT_REASON_EPT_VIOLATION: > >+ return tdx_handle_ept_violation(vcpu); > >+ case EXIT_REASON_EPT_MISCONFIG: > >+ return tdx_handle_ept_misconfig(vcpu); > > Handling EPT misconfiguration can be dropped because the "default" case handles > all unexpected exits in the same way Ah, right. Will update it. -- Isaku Yamahata