Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp1526590pxv; Fri, 16 Jul 2021 11:15:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxGr1A3JfCxfO2ESv/c3Waqf7nS2ZhiqMgw4U06KT50eo6bSZTzPFjyAhuNoZgz8UXSkg/y X-Received: by 2002:a05:6e02:1b03:: with SMTP id i3mr3534073ilv.160.1626459336206; Fri, 16 Jul 2021 11:15:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626459336; cv=none; d=google.com; s=arc-20160816; b=Tocq/Wn9MbLI0Km8twn626tYbbFjkvwyeOtGG9mg9iDGTVEbC1YPgAC8TRgOd//opb OpUXzwuXM+ei4x3lrK4Eh/BhQw1OZeXKAVpFDDfU9qxdzYlSZKeoQxpU77a0U8+Hk0Y+ GSkEApmVq+BjsmZ1O5M3VEyr55CSP3toiNJgWrgjp3I7dLrHFiVF8TEo7qYToBisTKkc fmrC/u7pGtS96ZosoD9evKtD5JwsJb71V/7Xrdoreg8vAoBNLHSXW5eCbRfDi3fxfN3B uqK+NlVVjn5s63OUJ8WDSUQzZMxbFWSzxCGXDdaO9+UI9kkorrAV/tvqMEoKObHDOQ9H oVdA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=wVN/iDIudUuTtvffNdHVJek4W2vj0jwmUlaVHOVcX6g=; b=q87QpBERk/d7KBx0wiqYFZM0DO4YocCCgal2iWw+mTjWFlSdVOWj77XPQvM1P38yfN X56d8yt5Z3desftCS2DVRZZTCj5jA9RJn1EqnKOfJ3EzieeNzPV+CYAwQQ6n8Gj3VVDF tg2aOfGQDU6brEbL+HqLz2moRzVUI+RBvGbDotLkSu8DyYf7naZZ27nO31Lj113lwas1 FijUBsSlzHzp2yIcpBmISSaOIgWfiD5VMman8I3oxcRVZSYEc1XcdYqVzosbE8q24s2Q Ga4k7RD4Oj/oZtKOGoJ80nqnmJVMDVn5UIkE3LfUHvYnIfVWUa410nnU/zpVm4T0q7Y7 DPjw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=k5qWLNHz; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d20si247129ioo.61.2021.07.16.11.15.15; Fri, 16 Jul 2021 11:15:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=k5qWLNHz; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231728AbhGPSSC (ORCPT + 99 others); Fri, 16 Jul 2021 14:18:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37224 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231640AbhGPSSC (ORCPT ); Fri, 16 Jul 2021 14:18:02 -0400 Received: from mail-pg1-x533.google.com (mail-pg1-x533.google.com [IPv6:2607:f8b0:4864:20::533]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1672FC061764 for ; Fri, 16 Jul 2021 11:15:07 -0700 (PDT) Received: by mail-pg1-x533.google.com with SMTP id y4so10701367pgl.10 for ; Fri, 16 Jul 2021 11:15:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=wVN/iDIudUuTtvffNdHVJek4W2vj0jwmUlaVHOVcX6g=; b=k5qWLNHzSnnWN0UAxjp03hvk7WlSuNe7oMs/qkUkZqoD+Gh+CjdDdFA5IriWV0hLXc St1QHeoPM6fZ3bDQT70Et/jissBJZoORHIo/zH6SP5BK7LLS/HGEI5LUnlAn3Kx4P72B CvCxJ7wDGFaawPhPzbVHO5mJ9ka40eSz+E3wwCB4hbNr+m38+X8VxlrKd3Z9QEe52f9z y8lMZUeY3UOdsXfE7aCDTt47ep3SpBzp5pE4RgxW3jl76KgTaRDPdeQYBD7MArSGDC1a tH4v2gktiah865XZOC00Z3Yk7yp+iyIFok/BsUV0/mfjqR0xGbA7YikRaIKzJsmi4jTX u2uA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=wVN/iDIudUuTtvffNdHVJek4W2vj0jwmUlaVHOVcX6g=; b=EiNGdMejn0GuLovHBid+iiUOQUIcqf59exmyHsIGz9kDOITKmJySwwc9qXWaNJWwDh MI6PMsfNwaUjhHquW6B6Cb/jY6I/kQPY2/mMrOYOo6+kwgWcmUtM4P8RYyoFV6JhFCJZ 5kGE9+Ke/JTyntT2bHGOg7Vj/hUnj93lpXC3sRUD9NsUBO9+Ey60kz2Bm6HckcR0ppbg U3DcxTCge3PIpApQStlu0+ly3JTa9njfEXlNpk2oSk67fqo4Lj0R5vgws5HDOcy00Y4B FJK2ACTCXYhticDKS666i3M5mcHdDp4ro+fBykas/QX5lKSGhT+/K35izJigTLQC/LOl rz2A== X-Gm-Message-State: AOAM532gm7Rk+QZ0bRURUJ8Wnm2zo04g8NUGElvpsEcsXkPYcdID7Bc1 90ULrrUKhli1M0+LihTISXsbgA== X-Received: by 2002:a63:4302:: with SMTP id q2mr11128659pga.428.1626459306182; Fri, 16 Jul 2021 11:15:06 -0700 (PDT) Received: from google.com (157.214.185.35.bc.googleusercontent.com. [35.185.214.157]) by smtp.gmail.com with ESMTPSA id k8sm2825228pfu.116.2021.07.16.11.15.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Jul 2021 11:15:05 -0700 (PDT) Date: Fri, 16 Jul 2021 18:15:01 +0000 From: Sean Christopherson To: Brijesh Singh Cc: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , tony.luck@intel.com, npmccallum@redhat.com, brijesh.ksingh@gmail.com Subject: Re: [PATCH Part2 RFC v4 28/40] KVM: X86: Introduce kvm_mmu_map_tdp_page() for use by SEV Message-ID: References: <20210707183616.5620-1-brijesh.singh@amd.com> <20210707183616.5620-29-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210707183616.5620-29-brijesh.singh@amd.com> Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Wed, Jul 07, 2021, Brijesh Singh wrote: > +int kvm_mmu_map_tdp_page(struct kvm_vcpu *vcpu, gpa_t gpa, u32 error_code, int max_level) > +{ > + int r; > + > + /* > + * Loop on the page fault path to handle the case where an mmu_notifier > + * invalidation triggers RET_PF_RETRY. In the normal page fault path, > + * KVM needs to resume the guest in case the invalidation changed any > + * of the page fault properties, i.e. the gpa or error code. For this > + * path, the gpa and error code are fixed by the caller, and the caller > + * expects failure if and only if the page fault can't be fixed. > + */ > + do { > + r = direct_page_fault(vcpu, gpa, error_code, false, max_level, true); > + } while (r == RET_PF_RETRY); > + > + return r; This implementation is completely broken, which in turn means that the page state change code is not well tested. The mess is likely masked to some extent because the call is bookendeda by calls to kvm_mmu_get_tdp_walk(), i.e. most of the time it's not called, and when it is called, the bugs are hidden by the second walk detecting that the mapping was not installed. 1. direct_page_fault() does not return a pfn, it returns the action that should be taken by the caller. 2. The while() can be optimized to bail on no_slot PFNs. 3. mmu_topup_memory_caches() needs to be called here, otherwise @pfn will be uninitialized. The alternative would be to set @pfn when that fails in direct_page_fault(). 4. The 'int' return value is wrong, it needs to be kvm_pfn_t. A correct implementation can be found in the TDX series, the easiest thing would be to suck in those patches. https://lore.kernel.org/kvm/ceffc7ef0746c6064330ef5c30bc0bb5994a1928.1625186503.git.isaku.yamahata@intel.com/ https://lore.kernel.org/kvm/a7e7602375e1f63b32eda19cb8011f11794ebe28.1625186503.git.isaku.yamahata@intel.com/ > +} > +EXPORT_SYMBOL_GPL(kvm_mmu_map_tdp_page); > + > static void nonpaging_init_context(struct kvm_vcpu *vcpu, > struct kvm_mmu *context) > { > -- > 2.17.1 >