Received-SPF: pass (google.com: domain of linux-kernel+bounces-130454-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3;
Date: Wed, 3 Apr 2024 11:42:16 -0700
From: Isaku Yamahata <isaku.yamahata@intel.com>
To: Chao Gao <chao.gao@intel.com>
Cc: isaku.yamahata@intel.com, kvm@vger.kernel.org,
	linux-kernel@vger.kernel.org, isaku.yamahata@gmail.com,
	Paolo Bonzini <pbonzini@redhat.com>, erdemaktas@google.com,
	Sean Christopherson <seanjc@google.com>,
	Sagi Shahar <sagis@google.com>, Kai Huang <kai.huang@intel.com>,
	chen.bo@intel.com, hang.yuan@intel.com, tina.zhang@intel.com,
	isaku.yamahata@linux.intel.com
Subject: Re: [PATCH v19 101/130] KVM: TDX: handle ept violation/misconfig exit
Message-ID: <20240403184216.GJ2444378@ls.amr.corp.intel.com>
References: <cover.1708933498.git.isaku.yamahata@intel.com>
 <f05b978021522d70a259472337e0b53658d47636.1708933498.git.isaku.yamahata@intel.com>
 <Zgoz0sizgEZhnQ98@chao-email>
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <Zgoz0sizgEZhnQ98@chao-email>

On Mon, Apr 01, 2024 at 12:10:58PM +0800,
Chao Gao <chao.gao@intel.com> wrote:

> >+static int tdx_handle_ept_violation(struct kvm_vcpu *vcpu)
> >+{
> >+	unsigned long exit_qual;
> >+
> >+	if (kvm_is_private_gpa(vcpu->kvm, tdexit_gpa(vcpu))) {
> >+		/*
> >+		 * Always treat SEPT violations as write faults.  Ignore the
> >+		 * EXIT_QUALIFICATION reported by TDX-SEAM for SEPT violations.
> >+		 * TD private pages are always RWX in the SEPT tables,
> >+		 * i.e. they're always mapped writable.  Just as importantly,
> >+		 * treating SEPT violations as write faults is necessary to
> >+		 * avoid COW allocations, which will cause TDAUGPAGE failures
> >+		 * due to aliasing a single HPA to multiple GPAs.
> >+		 */
> >+#define TDX_SEPT_VIOLATION_EXIT_QUAL	EPT_VIOLATION_ACC_WRITE
> >+		exit_qual = TDX_SEPT_VIOLATION_EXIT_QUAL;
> >+	} else {
> >+		exit_qual = tdexit_exit_qual(vcpu);
> >+		if (exit_qual & EPT_VIOLATION_ACC_INSTR) {
> 
> Unless the CPU has a bug, instruction fetch in TD from shared memory causes a
> #PF. I think you can add a comment for this.

Yes.


> Maybe KVM_BUG_ON() is more appropriate as it signifies a potential bug.

Bug of what component? CPU. If so, I think KVM_EXIT_INTERNAL_ERROR +
KVM_INTERNAL_ERROR_UNEXPECTED_EXIT_REASON is more appropriate.


> >+			pr_warn("kvm: TDX instr fetch to shared GPA = 0x%lx @ RIP = 0x%lx\n",
> >+				tdexit_gpa(vcpu), kvm_rip_read(vcpu));
> >+			vcpu->run->exit_reason = KVM_EXIT_EXCEPTION;
> >+			vcpu->run->ex.exception = PF_VECTOR;
> >+			vcpu->run->ex.error_code = exit_qual;
> >+			return 0;
> >+		}
> >+	}
> >+
> >+	trace_kvm_page_fault(vcpu, tdexit_gpa(vcpu), exit_qual);
> >+	return __vmx_handle_ept_violation(vcpu, tdexit_gpa(vcpu), exit_qual);
> >+}
> >+
> >+static int tdx_handle_ept_misconfig(struct kvm_vcpu *vcpu)
> >+{
> >+	WARN_ON_ONCE(1);
> >+
> >+	vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
> >+	vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_UNEXPECTED_EXIT_REASON;
> >+	vcpu->run->internal.ndata = 2;
> >+	vcpu->run->internal.data[0] = EXIT_REASON_EPT_MISCONFIG;
> >+	vcpu->run->internal.data[1] = vcpu->arch.last_vmentry_cpu;
> >+
> >+	return 0;
> >+}
> >+
> > int tdx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t fastpath)
> > {
> > 	union tdx_exit_reason exit_reason = to_tdx(vcpu)->exit_reason;
> >@@ -1345,6 +1390,10 @@ int tdx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t fastpath)
> > 	WARN_ON_ONCE(fastpath != EXIT_FASTPATH_NONE);
> > 
> > 	switch (exit_reason.basic) {
> >+	case EXIT_REASON_EPT_VIOLATION:
> >+		return tdx_handle_ept_violation(vcpu);
> >+	case EXIT_REASON_EPT_MISCONFIG:
> >+		return tdx_handle_ept_misconfig(vcpu);
> 
> Handling EPT misconfiguration can be dropped because the "default" case handles
> all unexpected exits in the same way

Ah, right. Will update it.
-- 
Isaku Yamahata <isaku.yamahata@intel.com>