Received: by 2002:a05:7208:20d2:b0:82:bbfa:f723 with SMTP id z18csp55947rbz; Tue, 7 May 2024 10:21:50 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUIoLXdsuBn1ahORVN6Ji0XFMeSObaIUhm6ZAE0p8vntkdaDBKJzNqB6DPTnzQMR8EYif8aJPrJuX8RiEmzlvU56jZ+e3jGO0KKuPhh9Q== X-Google-Smtp-Source: AGHT+IGhfAxFlyjFeKxv2P1BEpAML9QY/cB1Fu8NtnK/5L8anoKhwOpWmXMCQVvvEafLuYD26RNr X-Received: by 2002:a17:902:bc42:b0:1e6:7700:1698 with SMTP id d9443c01a7336-1eeb069614bmr2784965ad.35.1715102510173; Tue, 07 May 2024 10:21:50 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715102510; cv=pass; d=google.com; s=arc-20160816; b=UCKZY1/1M29cqhBLY8S1VldQrlza72S9VeCh+Gt28nWD5LhZEXT1x2wNrrtwrdwNRg yw3XzVxTLr3q4r6iuahHPcNjEVprjzzXOakAhl/v3wK8LnglP+DoOd+VNjq+ey1qO6XO cb5vTE+DxEz+vfoTXK1gwuEjmH33W2x9aQNIM4EsPesQLocdmeUgjSE92i2ySlXNqfr8 wP7ycfptN1uIiBn1a79VoDLCAwBQAbsdKkLHl5Ck8L37+baCzyKYd92R48nF8wSWEdcz rMGUzIUZN36hTqy0WvhpTSeJ2yvWKj5Bfy5CBxxBq+bdFMDUK3WHbLFtw+G15JbxSz12 +mxg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=7okTVrMGeOFFHG7UxCDS+WAENSApopanLrurLFC1rq0=; fh=ZMByjYGlbSXlW1FI6/XgDD6OegD0lWuHc1BizeFchS0=; b=NHH4Wij3RECZun41lXjPEE48xoZedkCAZ2AYcMakY5nt7q/w/Rfm+rasf3ygw6PHFB W7hYYYedMnIY1NQ0x+K/efVxNwBo4SUtSexlGbvOQcxSBmqVJKox32tzJ/vlFIDqp4zc dv+x1Xr6zTUrXPQ1OahJ20P1MxPnbhrdG5nA67OyRYVsdN/J64uyiQ+cEz7C1zrbco/L tp9jia+Kpi0qRjlFnvqAzu8G5abOYmNyQVXW3dOY1nPULUlBy4nLpV6EKK5fqqzQ49p/ sDOs3hQrvmcLl86xLcwjCQsuCfDCkH8k9lyQNF41wNUakOdmbZjQIZtyGnDf0sBC2lHZ x3Hw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=GRqIgX4P; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-171746-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-171746-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id p11-20020a170902e74b00b001ec3bf71870si8333965plf.89.2024.05.07.10.21.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 May 2024 10:21:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-171746-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=GRqIgX4P; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-171746-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-171746-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 20CA1288F57 for ; Tue, 7 May 2024 16:02:22 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 0F0A616E86A; Tue, 7 May 2024 15:58:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="GRqIgX4P" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 15069168AF5 for ; Tue, 7 May 2024 15:58:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715097504; cv=none; b=tyShtDh7sUSBp5AAcGHwi4ZlacUhzXicoBMKBe5pTcm+AysZbKLDSWvY5cgA7MWq2X7P0sJtonPHyjY6nlh77pfsDnNGtoCYrfw3PV03GKnmQHVLEZkDMSkFl29Z5woz1xCgO3mLwu2N4OnfetBijUw3tHq5ooFJMk4U6i2vNkk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715097504; c=relaxed/simple; bh=HsxzZgC5jxXkHY4zYL00OfgSETswji4hR2HknJAifG0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=nLctak4SP4NAcbiMcLUDItWN2rp2DpJ07zlUtufAUVLwSG01dMPqa9rLj43my33jolCG5ToAWSi1cDuAxXL8A19n/PiYJ1f0ZjxlzuSxPuqu1CP3hSMycMf7QwNFokmBxAKk74p0emqqYC4Eq9qo60SKMkZ3floV+/0PGUpav3E= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=GRqIgX4P; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1715097502; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7okTVrMGeOFFHG7UxCDS+WAENSApopanLrurLFC1rq0=; b=GRqIgX4PJzjGOpaZeE2mkRe/i4GZ/nSgzCxxqAUjzmKa8MabcsWxzMYKovneKo7XxQzNTV qDm+F+5hjLECyo0+9NllEqRAVwE7ae7M7RSPu0ohtBtcX0Moc6BHwUnQ9bIsPOvxAzkvpU De/WjdtqrybM5GerCKM5TWuK4fhYX2s= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-320--GQ-nhaZOYWobWN9zV6GFw-1; Tue, 07 May 2024 11:58:18 -0400 X-MC-Unique: -GQ-nhaZOYWobWN9zV6GFw-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2FC1A29ABA0C; Tue, 7 May 2024 15:58:18 +0000 (UTC) Received: from virtlab701.virt.lab.eng.bos.redhat.com (virtlab701.virt.lab.eng.bos.redhat.com [10.19.152.228]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0E60E2141800; Tue, 7 May 2024 15:58:18 +0000 (UTC) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: Sean Christopherson , Yan Zhao Subject: [PATCH 01/17] KVM: x86/mmu: Exit to userspace with -EFAULT if private fault hits emulation Date: Tue, 7 May 2024 11:58:01 -0400 Message-ID: <20240507155817.3951344-2-pbonzini@redhat.com> In-Reply-To: <20240507155817.3951344-1-pbonzini@redhat.com> References: <20240507155817.3951344-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.6 From: Sean Christopherson Exit to userspace with -EFAULT / KVM_EXIT_MEMORY_FAULT if a private fault triggers emulation of any kind, as KVM doesn't currently support emulating access to guest private memory. Practically speaking, private faults and emulation are already mutually exclusive, but there are many flow that can result in KVM returning RET_PF_EMULATE, and adding one last check to harden against weird, unexpected combinations and/or KVM bugs is inexpensive. Suggested-by: Yan Zhao Signed-off-by: Sean Christopherson Message-ID: <20240228024147.41573-2-seanjc@google.com> Signed-off-by: Paolo Bonzini --- arch/x86/kvm/mmu/mmu.c | 8 -------- arch/x86/kvm/mmu/mmu_internal.h | 19 +++++++++++++++++++ 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 45b6d8f9e359..c72a2033ca96 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -4257,14 +4257,6 @@ static inline u8 kvm_max_level_for_order(int order) return PG_LEVEL_4K; } -static void kvm_mmu_prepare_memory_fault_exit(struct kvm_vcpu *vcpu, - struct kvm_page_fault *fault) -{ - kvm_prepare_memory_fault_exit(vcpu, fault->gfn << PAGE_SHIFT, - PAGE_SIZE, fault->write, fault->exec, - fault->is_private); -} - static int kvm_faultin_pfn_private(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault) { diff --git a/arch/x86/kvm/mmu/mmu_internal.h b/arch/x86/kvm/mmu/mmu_internal.h index 5390a591a571..61f49967047a 100644 --- a/arch/x86/kvm/mmu/mmu_internal.h +++ b/arch/x86/kvm/mmu/mmu_internal.h @@ -279,6 +279,14 @@ enum { RET_PF_SPURIOUS, }; +static inline void kvm_mmu_prepare_memory_fault_exit(struct kvm_vcpu *vcpu, + struct kvm_page_fault *fault) +{ + kvm_prepare_memory_fault_exit(vcpu, fault->gfn << PAGE_SHIFT, + PAGE_SIZE, fault->write, fault->exec, + fault->is_private); +} + static inline int kvm_mmu_do_page_fault(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, u32 err, bool prefetch, int *emulation_type) { @@ -320,6 +328,17 @@ static inline int kvm_mmu_do_page_fault(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, else r = vcpu->arch.mmu->page_fault(vcpu, &fault); + /* + * Not sure what's happening, but punt to userspace and hope that + * they can fix it by changing memory to shared, or they can + * provide a better error. + */ + if (r == RET_PF_EMULATE && fault.is_private) { + pr_warn_ratelimited("kvm: unexpected emulation request on private memory\n"); + kvm_mmu_prepare_memory_fault_exit(vcpu, &fault); + return -EFAULT; + } + if (fault.write_fault_to_shadow_pgtable && emulation_type) *emulation_type |= EMULTYPE_WRITE_PF_TO_SP; -- 2.43.0