Received: by 2002:ab2:6a05:0:b0:1f8:1780:a4ed with SMTP id w5csp1854092lqo;
        Sun, 12 May 2024 23:29:59 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCU2a+74hGkkuQPGznoRn7ufTlA/AhgazkA+xisJIhviNvwBs3R5Br8l/ABGLUUfSQW+CerXSL+hi9ELAbaH5l417DN804W3E3rh8ytFEA==
X-Google-Smtp-Source: AGHT+IGGr47F+qlmJf/7nS2C6XMjflQBYxX24DUrib+5M4zW79kVhxj++TH779SccIG8/XVbfFKP
X-Received: by 2002:a05:6a00:1ac6:b0:6ea:bdbc:614 with SMTP id d2e1a72fcca58-6f4e02b245dmr8415735b3a.13.1715581799195;
        Sun, 12 May 2024 23:29:59 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1715581799; cv=pass;
        d=google.com; s=arc-20160816;
        b=gAwNFD+PF7K1t0U9jF3++Jmpc0JBItqs0d4w5wLfCp3Hl7l/REHJkIdgMlPvUI680k
         yZu/ruwKiJvLy67TJHlTRRVMsVQGU0x4VSPW8CaBXuhkfEefEDhWNxn+EvWO7B2EAf+Z
         mXwb8IrARLJy4fEiw/z6fLViojIBPzr9/Jn8CogocF/O3HS37CAD0sWTTBK6IbzGHuBL
         9ksHQ8tTmOPpT+pQcftG51mcz0zbeZp4gitai6O45nS3gpD1UgRu0l4upX1H1xyTCrEB
         0IblfyR21wVkMtpWAgPdS3c6CGY8HYEAzyCX0POGET3wwYytP97Q2lSvhddkD2WEauHP
         6vKg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:cc:to:subject:user-agent:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:date:message-id:dkim-signature;
        bh=O2LTR7nsflv1SRQPijboigyaAO6zMmoLwx4OUJn6YQg=;
        fh=6thij/mWCT786QK5tfmc5sFat9x3XvyOpqOp4Fh1r48=;
        b=ioPN5y60YO6WCxXskJ+v2KcGCr0na5h1y6gP/95je1VRzLYs3I2+ZLC+tE4Ae8xb9k
         KHvwvb0y7WhFHhVwtLcagjwDdfNoeply6E4+Tv5+RSnSN2e/TOvfnuzm+xh/30R+iV+a
         LQ7yDWAB4F6a+iWgI7iAyEvUFFKvoWiuh0kfbXsjbqog/kT7Vklx3jXb3fgBAtDQONp6
         8d9J+2pIgvGg/y9GPBwriSECcfkI5cW5PBzpqerMYDcuj/RUewICxrt4muoj16JvGJ72
         K0MmWO3Phubdsi1EUB6dnfwt8/6Mkoop3MU/whml/fQuRV4tPOCyQXvXs/R5vPbHGN57
         bLAA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=hnUOUzo2;
       arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com);
       spf=pass (google.com: domain of linux-kernel+bounces-177202-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-177202-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel+bounces-177202-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1])
        by mx.google.com with ESMTPS id d2e1a72fcca58-6f4d2b1bb25si8630588b3a.251.2024.05.12.23.29.58
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 12 May 2024 23:29:59 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-177202-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=hnUOUzo2;
       arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com);
       spf=pass (google.com: domain of linux-kernel+bounces-177202-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-177202-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id CDFE1280F32
	for <linux.lists.archive@gmail.com>; Mon, 13 May 2024 06:29:58 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 050541465B4;
	Mon, 13 May 2024 06:29:23 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="hnUOUzo2"
Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id BDE1D14659C;
	Mon, 13 May 2024 06:29:20 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.18
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1715581762; cv=none; b=SPxcxyM6QB7BbuJsnFTbjzgq0A/6QdWRZhjisSQlH0YWnYHLuiXSgsekhStscDS/oenMC0NJ16wdI18+fBVrygf049wibrDA8LyKzfDyQQyxYS/Nyqt4lbZDH/BlfwlKMTE0zEeEOuNhtVpWwOTlEMgQcLy7o09P1Cku56TGr3A=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1715581762; c=relaxed/simple;
	bh=K7+q6mEcm0MecmJSlBCIXqsx3wgnaExLsqGzVizM7Xo=;
	h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:
	 In-Reply-To:Content-Type; b=itQUZ52xL4wLXKcH8Xft1dypKEi0u1OAarb4YkwzQx2FgUDeD3vF2a8tyz4UKkh8vtdZAAEVWCuk8H5qam3C123rj/lYJfVNEdMEEcHjtwk8dn+K95zHN5bsyYmcizjjHb/+atu7jGTTiVUYW3TV+mN9H+O/z7Qc22x/NwRs1qs=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=hnUOUzo2; arc=none smtp.client-ip=198.175.65.18
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1715581760; x=1747117760;
  h=message-id:date:mime-version:subject:to:cc:references:
   from:in-reply-to:content-transfer-encoding;
  bh=K7+q6mEcm0MecmJSlBCIXqsx3wgnaExLsqGzVizM7Xo=;
  b=hnUOUzo2x4jMNABw42639RXHQAgDkiKsB/hgWlmRajPuHEOhtxjRETdb
   6E8Q/HJfcZTIdrvptcde8QYL3dUm33x15waVQ0vpXUiLx1Fgd3yQrUuAY
   QmDHtTQ5E7I0wYdmaOt40t49daw1OGBtIfqbD89LniDW44OODLNzvs/rH
   k7asF4d8enWHehJw24RV5fps3Vaq1o20ER2r8FVm+1DRj9ruOhmyM5wY9
   L1MOfguspv8W571cldqIoGAHf8+zh38BBwgfWNEnlJHflqEmUdcHGIOpm
   GoDTQwIqJYdTYq93IsDSoMc+4HBssr7HH9XbRPwkZdpAvnxOhqITXVSDR
   A==;
X-CSE-ConnectionGUID: qaXgFiLhTBSut6dXHmBifw==
X-CSE-MsgGUID: 5g9tkjAqQT2ZvwizQvkQUA==
X-IronPort-AV: E=McAfee;i="6600,9927,11071"; a="11655697"
X-IronPort-AV: E=Sophos;i="6.08,157,1712646000"; 
   d="scan'208";a="11655697"
Received: from fmviesa010.fm.intel.com ([10.60.135.150])
  by orvoesa110.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 May 2024 23:29:19 -0700
X-CSE-ConnectionGUID: iqHQaP97SoWQmYvu0WAhNQ==
X-CSE-MsgGUID: 2F7NualDTfS34ToEW564sw==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.08,157,1712646000"; 
   d="scan'208";a="30317533"
Received: from xiaoyaol-hp-g830.ccr.corp.intel.com (HELO [10.125.243.198]) ([10.125.243.198])
  by fmviesa010-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 May 2024 23:29:18 -0700
Message-ID: <e9b58170-8746-42b9-a4a5-413736d47a7d@intel.com>
Date: Mon, 13 May 2024 14:29:15 +0800
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH 16/17] KVM: x86/mmu: Initialize kvm_page_fault's pfn and
 hva to error values
To: Paolo Bonzini <pbonzini@redhat.com>, linux-kernel@vger.kernel.org,
 kvm@vger.kernel.org
Cc: Sean Christopherson <seanjc@google.com>, Kai Huang <kai.huang@intel.com>
References: <20240507155817.3951344-1-pbonzini@redhat.com>
 <20240507155817.3951344-17-pbonzini@redhat.com>
Content-Language: en-US
From: Xiaoyao Li <xiaoyao.li@intel.com>
In-Reply-To: <20240507155817.3951344-17-pbonzini@redhat.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

On 5/7/2024 11:58 PM, Paolo Bonzini wrote:
> From: Sean Christopherson <seanjc@google.com>
> 
> Explicitly set "pfn" and "hva" to error values in kvm_mmu_do_page_fault()
> to harden KVM against using "uninitialized" values.  In quotes because the
> fields are actually zero-initialized, and zero is a legal value for both
> page frame numbers and virtual addresses.  E.g. failure to set "pfn" prior
> to creating an SPTE could result in KVM pointing at physical address '0',
> which is far less desirable than KVM generating a SPTE with reserved PA
> bits set and thus effectively killing the VM.
> 
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> Reviewed-by: Kai Huang <kai.huang@intel.com>
> Message-ID: <20240228024147.41573-16-seanjc@google.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>

> ---
>   arch/x86/kvm/mmu/mmu_internal.h | 3 +++
>   1 file changed, 3 insertions(+)
> 
> diff --git a/arch/x86/kvm/mmu/mmu_internal.h b/arch/x86/kvm/mmu/mmu_internal.h
> index dfd9ff383663..ce2fcd19ba6b 100644
> --- a/arch/x86/kvm/mmu/mmu_internal.h
> +++ b/arch/x86/kvm/mmu/mmu_internal.h
> @@ -307,6 +307,9 @@ static inline int kvm_mmu_do_page_fault(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
>   		.req_level = PG_LEVEL_4K,
>   		.goal_level = PG_LEVEL_4K,
>   		.is_private = err & PFERR_PRIVATE_ACCESS,
> +
> +		.pfn = KVM_PFN_ERR_FAULT,
> +		.hva = KVM_HVA_ERR_BAD,
>   	};
>   	int r;
>