Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp3107969lqo;
        Tue, 21 May 2024 07:10:42 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCWOBNIBxZJV9ylbn/5/5fszRnZ0cjlAxlG4MzCxIhUrhqtrOecfLMWmH2ibpeYHIjn+x5ozxifK6rS03gtEJUKYnItD6jGq3XiJpLHBrA==
X-Google-Smtp-Source: AGHT+IEJtUFQTPb048Mm6WT5AK8aDID4Xnozt2egjNsiH4dxkpaAp+UlTtDMzQPzg/cLnY6PVBay
X-Received: by 2002:a05:6102:a46:b0:47f:1aa9:192e with SMTP id ada2fe7eead31-48077e7c576mr28961748137.26.1716300641725;
        Tue, 21 May 2024 07:10:41 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1716300641; cv=pass;
        d=google.com; s=arc-20160816;
        b=XzYlkH9/5KI+8C2SQv/SmRg6/VTnHysoHwuTC7kdE90tCgNE0vt8ZLRTx1UDoYRckQ
         5V43xvs8L3HxULvT7G001YdPEZl/2T3i/sUt+gSnNtLynjLT7wERZDIb4DO/X8Mj1zAs
         2Wfqh6AnSms4GS/AdVSfBIyim6LR6cYORt/6xRTzHx/jV5dFaUHK7Wi4+zbF9Ktk9Rou
         wVoSlzyLKo9moF5/1t/HzO6NagkdrxtEB16+F0Ykzp766vUDTvJzu8cafeAtrlRjHdQS
         tvzBUZDp8HqMu7m1gsgSgCx1FvMfHxhu5ySg5KLld69uzf69A1sq7hyEG0bHGTKhJkr3
         psTg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=cc:to:from:subject:message-id:references:mime-version
         :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date
         :dkim-signature;
        bh=ESvGWXS0fD/t8ylmnmWa5FToXUokd2bJzguAulWr/QU=;
        fh=rmSFeCAGVcoLQhwUpOgOIRFBLcqon4LW3aOhkArNJSk=;
        b=dE9E8gYUmlDtM/03W2MEsZqeg7+O/gXRrz6blVDfh3MPZLKWXqMlYvV8muenG7u5jx
         070RrBX+bB88zq5+wgJra43h27ypKblqukiplyQC2grnjDFQ6nuG14v7EHQfPgMGz5Vi
         +rHtxbYbShL16C/nT+0sdr7eqoYqc1d6NbfTRRFv7FbmVwHAH4tBMRhxxz1zPl7Umlzj
         FXJM3/225PlSXiG8Zkl68LJ4oe0KsvU/4gtFVLx/D1GoNluOfZSa6KCZA7qXe847StRL
         jvdhySGWqYViiVkbcKV568nfMB2y/oniOw2wJJUPQ4YXlh26F7t1RXunzrBsPm+ldr/F
         Mozw==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b=CSWuwS47;
       arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com);
       spf=pass (google.com: domain of linux-kernel+bounces-185064-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-185064-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel+bounces-185064-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223])
        by mx.google.com with ESMTPS id ada2fe7eead31-4806cc90a7csi5465200137.603.2024.05.21.07.10.41
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 May 2024 07:10:41 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-185064-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b=CSWuwS47;
       arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com);
       spf=pass (google.com: domain of linux-kernel+bounces-185064-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-185064-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id D5E641C22E45
	for <linux.lists.archive@gmail.com>; Tue, 21 May 2024 14:09:16 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 198EC7F7D1;
	Tue, 21 May 2024 14:09:09 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="CSWuwS47"
Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D48527EF1F
	for <linux-kernel@vger.kernel.org>; Tue, 21 May 2024 14:09:06 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1716300548; cv=none; b=GcIXv7IaMIEMUhY1hv3hHeHogVufiKEc21Wn34nvXTLyrDKCCF9qurnZ5z7Aw3N3XPOBZVcz1LBHX36YO27PU/7C4AnYCaBFmvUE+GSMPX+mjDlRBxkh5ShlLjxivQZxJLaRpCL5TRFOe824GE4vhEfAv0GOe9Lkdf18Csx9k34=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1716300548; c=relaxed/simple;
	bh=/caslErRT+Hc56Anfjhz6C34hVHNqoRgVZhJ+3+OHxg=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type; b=Q6IosqXhyzg9d3DU4WIptG0hvnekpNAWNN7OTSA6b5E4hGNYTK+cwYX4XZAYbA5qvJF0CKZMHdXi5xJ9nUH4ngJWhXd9zqR7ENByoT5NcoIYsUEfpavGxlu/OsZT2df6I11LOtFGue7uGWWjdQ0C2VgjKZp2r8npa3bUe0NPWZ0=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=CSWuwS47; arc=none smtp.client-ip=209.85.219.201
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-dee8315174dso18105496276.0
        for <linux-kernel@vger.kernel.org>; Tue, 21 May 2024 07:09:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1716300546; x=1716905346; darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=ESvGWXS0fD/t8ylmnmWa5FToXUokd2bJzguAulWr/QU=;
        b=CSWuwS477MsQct4LeuXgF5z9n9kh2YlCgMjA2JxFq3sOuBI2xWwJJNEP/RQd1DQTEg
         2FwyO8ZofUSODa58yTwTD7FTA7hQUBFVaTJfTWRusfMSp8XR5f/BUAvJWZfH2k+28iKn
         Z4nnUe0nvrQVpFezJXUH1c2i23QfMjb7sEcP+rcaz+MYdKsn0EzQtjMJFR64eni4drvj
         Bbh3cpNTHlVLPYdXdAf/nroyAaoQ6LRiaqxi5foEjQXUaBIZEFrY9W/QBirPsoIKKFBE
         mcWIKVrNZQPCJ8ns2PbyEUKR7k2NmNWkafFk+7pHQ+WvKsKHAUlJ6r/zpzw3O6/+WPdN
         Zulg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1716300546; x=1716905346;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=ESvGWXS0fD/t8ylmnmWa5FToXUokd2bJzguAulWr/QU=;
        b=hihRAqJ/jzV6XnOv7Y0SVhZ1cbZOLXP4jVlgnSBY9t64XGhY0nVtBybS6hSDcH9LgN
         iXO0sZPSyUT5n0saRJ2xinoZa/WX2wwUSDk8uEkeKOV4z8+N9vdpfZRuEjZs2vpDn6NB
         lZwE2c9gtP5UtebqN7Q+pBSBeqjgZ/oZDm7+dfCvf/5wEtujIr2MgbByklNtxfnD0TtX
         PWHjeHyTpf+3B0E5Bd7aOL5imLKRk/4zZuO6MQ/ytfKn3rGQkzT8koYhXE9jNTRaf7sa
         XkhkVqECIi3kYjC7bdVXdYm/11A9OAeLxoe4pksL1oUH5FPAUBc2H2Mup3zzF/UaVxhu
         qdXA==
X-Forwarded-Encrypted: i=1; AJvYcCUHOTRcKJ79rnH3eFjNmoyCKbeXQQfxBvACz6BneBngm1cJAipsjS3JjAw1Ue+yc++08jbfIryMUETfsgrixob8A9tWF8c1Dnbx0pyh
X-Gm-Message-State: AOJu0YxoJZL0qb4ENeD4tREiYjySQDcnyOySZIWT6yVJaI3xGjxqZlEF
	6AIvzzFYMeJYUqF3KKRcdmiWd07bU1umU4gDju6uedkMJx+DOd8AHpxrwtF56f0FJrUD6I5wQIN
	m8Q==
X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a05:6902:100f:b0:dda:c4ec:7db5 with SMTP id
 3f1490d57ef6-df49063341cmr2813975276.4.1716300545914; Tue, 21 May 2024
 07:09:05 -0700 (PDT)
Date: Tue, 21 May 2024 07:09:04 -0700
In-Reply-To: <20240521020049.tm3pa2jdi2pg4agh@amd.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <58492a1a-63bb-47d2-afef-164557d15261@redhat.com>
 <20240518150457.1033295-1-michael.roth@amd.com> <ZktbBRLXeOp9X6aH@google.com>
 <iqzde53xfkcpqpjvrpyetklutgqpepy3pzykwpdwyjdo7rth3m@taolptudb62c>
 <ZkvddEe3lnAlYQbQ@google.com> <20240521020049.tm3pa2jdi2pg4agh@amd.com>
Message-ID: <ZkyrAETobNEjI4Tr@google.com>
Subject: Re: [PATCH] KVM: SEV: Fix guest memory leak when handling guest requests
From: Sean Christopherson <seanjc@google.com>
To: Michael Roth <michael.roth@amd.com>
Cc: Michael Roth <mdroth@utexas.edu>, pbonzini@redhat.com, kvm@vger.kernel.org, 
	linux-kernel@vger.kernel.org, ashish.kalra@amd.com, thomas.lendacky@amd.com, 
	rick.p.edgecombe@intel.com
Content-Type: text/plain; charset="us-ascii"

On Mon, May 20, 2024, Michael Roth wrote:
> On Mon, May 20, 2024 at 04:32:04PM -0700, Sean Christopherson wrote:
> > On Mon, May 20, 2024, Michael Roth wrote:
> > > But there is a possibility that the guest will attempt access the response
> > > PFN before/during that reporting and spin on an #NPF instead though. So
> > > maybe the safer more repeatable approach is to handle the error directly
> > > from KVM and propagate it to userspace.
> > 
> > I was thinking more along the lines of KVM marking the VM as dead/bugged.  
> 
> In practice userspace will get an unhandled exit and kill the vcpu/guest,
> but we could additionally flag the guest as dead.

Honest question, does it make sense from KVM to make the VM unusable?  E.g. is
it feasible for userspace to keep running the VM?  Does the page that's in a bad
state present any danger to the host?

> Is there a existing mechanism for this?

kvm_vm_dead()