Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp2777437pxb; Mon, 19 Apr 2021 13:45:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyhfLT1+lnSWMjSAmDj3FaFtum/qCnqxDtEQD7gEqIWvX98T4UWihmt+43aVJBZgiBntKy7 X-Received: by 2002:a17:90b:1e10:: with SMTP id pg16mr1021798pjb.30.1618865102554; Mon, 19 Apr 2021 13:45:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618865102; cv=none; d=google.com; s=arc-20160816; b=vTNBR9KahdKw4yEeFX1Jx7tOV/aWR14NKPs4kdyJdJrerVDkGWYQVYD2XzBEVWarw9 hMdFo37kg5yg01XrR/kkfFFBPPlPv49319dS5kTzp4+HSGWu5P55CEW9XUqbyM0ycBbx ksD3e5Co0viZzk2IjxKisreXnD/AVOIHUgNCsoXDruzI9eMetojuNEPKonTMwpOhrNku BtGd3eELpJnDBraLJZLetdstiG5XyhSgX1hhghshSe9BGJFW5NJhPfxnnCWQAyZNA8VH t5/iKWWxHsCJqmmJnr+1xjeRdRiK4zFJBuyp+DCCtmFUM7FhZM5CH3dr8Z8aCcYDSNtJ t9zA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:in-reply-to:cc:references:message-id:date :subject:mime-version:from:content-transfer-encoding:dkim-signature; bh=eEKtsAAow5Dnwj5Ukh0H9erKggNyhtm8xWDkEDWhElY=; b=ilSF49/1XlHwrS9csrH2AMyxIokbVj0j0MkHSGcxfcBOlJfCyOvtmwlYpSdUVZ0WZO FxZaLgoGg3ltTUIkrbeOpHpSdebK9SqfPf1jAVDxFnFzIKSmtacPmr9x7apUrAVCmXPn iR+oQHQJe/TP3iO0SPTwiLDxVAdoFZAnEynzxFGcMIiomiCV/Qlv9f6aERslyzlGvpnF JsbpsRNG1QrJBd/VrI4+x+l+XOPpcpEGqGYNzixyVIjzUV5rq0J/afJxG+lEKJlmsWh9 kD+ZvgihCXgRf/IoC1GFKaL24xlgeRHC+V531gqmYzfl5aDe3UhDP6QBPkp+MFBznTAL yzvA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=SdOkjGAw; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r6si17887178pld.349.2021.04.19.13.44.49; Mon, 19 Apr 2021 13:45:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=SdOkjGAw; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240703AbhDSSLS (ORCPT + 99 others); Mon, 19 Apr 2021 14:11:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39122 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233488AbhDSSLR (ORCPT ); Mon, 19 Apr 2021 14:11:17 -0400 Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com [IPv6:2607:f8b0:4864:20::1033]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CEB30C06174A for ; Mon, 19 Apr 2021 11:10:47 -0700 (PDT) Received: by mail-pj1-x1033.google.com with SMTP id lt13so9551465pjb.1 for ; Mon, 19 Apr 2021 11:10:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=eEKtsAAow5Dnwj5Ukh0H9erKggNyhtm8xWDkEDWhElY=; b=SdOkjGAwQmWRjRZoqn33rspfHFqBAlsFUlx7jXY9qj+P859E3WXad4U/JMoOr82OC+ mqJJ2QKinkJnOfHSXafhEEzmiHU3RncqAfGZesTY6Lu8H2FOhTzLo5YkPPqXFpOK/dZ0 /qvpIiBHskG1Ba1iL4oNh0N7htrhblTJfLxj7xB2n/lS2qG0hIywrUTePoxCvHyeVAF4 4XfmApwJJIdIgqC8+MnGivBrzBPk2iPzrD51LZHgO/nvKbBRq71ICw11PassQjKUwr4h Q5x3H2oAqfopZWRtrF0ENtXyQA+SZzZB8lvTcTQJu0b4FG2TP5I/eAox+yUeBD7gzdNQ MR4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=eEKtsAAow5Dnwj5Ukh0H9erKggNyhtm8xWDkEDWhElY=; b=AORljZM9MucAnLSIqJ5E8yL5Xs4NQdenCTpGtWz+LoMzkKp8yw655DcjQunCZSvkDB PWkFlryg8q8SGL6EglSP6SdjDbcdM0oAx8eB1sYcZv7+SrW0Mvmf/NUXn13mqTquxnIq P9rmdHL7dsieXaXY2bp8y0v3wUIYKclPod4tQkly1eSAaMZ5C2PtQH9Khv85Sr6Q/MDQ CgFZhHhzWfDJrwJ1oZ6JI7uYn7qvYnlFVno7GDJGPRC+SI433lV5wQZHW0wZy1K2bR/S 6+mcuauwGutLr3sn1bKoGM5soA1cG6qsQNbpZSMZVL4FkQCOZ7dnhFV7p7SyfDgtm2DO LRSA== X-Gm-Message-State: AOAM5332epOVbx9ECxS4ZVFb8odmd5r6e+yxdQoywrONBQuL0pJ2LZE9 WM7R8fNkmrLZDOAt/Dg/j6wWSg== X-Received: by 2002:a17:902:6907:b029:ea:d1e8:b80b with SMTP id j7-20020a1709026907b02900ead1e8b80bmr24524259plk.41.1618855847387; Mon, 19 Apr 2021 11:10:47 -0700 (PDT) Received: from ?IPv6:2600:1010:b018:f7a3:b93c:afa3:79ad:4736? ([2600:1010:b018:f7a3:b93c:afa3:79ad:4736]) by smtp.gmail.com with ESMTPSA id x12sm13302587pfu.193.2021.04.19.11.10.46 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 19 Apr 2021 11:10:46 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Andy Lutomirski Mime-Version: 1.0 (1.0) Subject: Re: [RFC Part2 PATCH 04/30] x86/mm: split the physmap when adding the page in RMP table Date: Mon, 19 Apr 2021 11:10:45 -0700 Message-Id: References: <61596c4c-3849-99d5-b0aa-6ad6b415dff9@intel.com> Cc: Brijesh Singh , Borislav Petkov , linux-kernel@vger.kernel.org, x86@kernel.org, kvm@vger.kernel.org, linux-crypto@vger.kernel.org, ak@linux.intel.com, herbert@gondor.apana.org.au, Thomas Gleixner , Ingo Molnar , Joerg Roedel , "H. Peter Anvin" , Tony Luck , "Peter Zijlstra (Intel)" , Paolo Bonzini , Tom Lendacky , David Rientjes , Sean Christopherson , Vlastimil Babka In-Reply-To: <61596c4c-3849-99d5-b0aa-6ad6b415dff9@intel.com> To: Dave Hansen X-Mailer: iPhone Mail (18D70) Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org > On Apr 19, 2021, at 10:58 AM, Dave Hansen wrote: >=20 > =EF=BB=BFOn 4/19/21 10:46 AM, Brijesh Singh wrote: >> - guest wants to make gpa 0x1000 as a shared page. To support this, we >> need to psmash the large RMP entry into 512 4K entries. The psmash >> instruction breaks the large RMP entry into 512 4K entries without >> affecting the previous validation. Now the we need to force the host to >> use the 4K page level instead of the 2MB. >>=20 >> To my understanding, Linux kernel fault handler does not build the page >> tables on demand for the kernel addresses. All kernel addresses are >> pre-mapped on the boot. Currently, I am proactively spitting the physmap >> to avoid running into situation where x86 page level is greater than the >> RMP page level. >=20 > In other words, if the host maps guest memory with 2M mappings, the > guest can induce page faults in the host. The only way the host can > avoid this is to map everything with 4k mappings. >=20 > If the host does not avoid this, it could end up in the situation where > it gets page faults on access to kernel data structures. Imagine if a > kernel stack page ended up in the same 2M mapping as a guest page. I > *think* the next write to the kernel stack would end up double-faulting. I=E2=80=99m confused by this scenario. This should only affect physical page= s that are in the 2M area that contains guest memory. But, if we have a 2M d= irect map PMD entry that contains kernel data and guest private memory, we=E2= =80=99re already in a situation in which the kernel touching that memory wou= ld machine check, right? ISTM we should fully unmap any guest private page from the kernel and all ho= st user pagetables before actually making it be a guest private page.=