Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp253134pxb; Wed, 25 Aug 2021 02:18:28 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyGk2OCk6xSiZOH7YpQUkINGcRMhUcJopK+JV1QgUk/3nJxvBOs73cQArUJZj1ONWT/blZg X-Received: by 2002:a02:1d04:: with SMTP id 4mr38019262jaj.98.1629883108215; Wed, 25 Aug 2021 02:18:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629883108; cv=none; d=google.com; s=arc-20160816; b=iFkydFtZEoHZVufPHsv6zfWrZTzNZ3BpHvaACYZk3z8hyWyjCb+CegxnVPepSZ5aOT vjh8inCqFDBxJzFp1mrWuO7oOoEz4etpB8g/kux+uO94G2wdfWaEbR9PCF33b2ulsLoj LHsuyAGK5nID4INGbCPY6+ZZPYsjuXL2gMNS4pOG2rG9xkrlIHza+5pXc/WiAPnfztvd suJXIYcAdPgHjgFRKj/xIrtjSwUcLcJPKcifC0f9r0zYJKBsl3Iozv8D6ghxf+ZKy5zO qpEI0/neApg6AUf3JejFepMz3lsB8G48H6AW7g14C+OVhwhzSwJpAMQLig9HvzucA9th tkNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:subject :from:references:cc:to:content-language:user-agent:mime-version:date :message-id:dkim-signature:dkim-signature; bh=Af1e3tXHfDmT+9DXS/it5aFxSlFxaJjERigjhxDIiFU=; b=StE1FIJ9iRZ7VZovqAGlu9dp0Hdo8/r9IKIY3wp/NGWM88C9S+6KysIF1Yhs1LHPJ2 XEbBUAsPi9gIUafZD+PQeob7p6VebquTakt++MiA1GEjoAVEBMWJoQxo6uOh4QCwuzHy BI1vvIFALn9H6ZVCFNq6iqNQuzPVBFT5OuffCTxyrO+9pXUPV1lQNdRBZEJgbg1irTFF x2UP11f8+1iRyVgxhTt66gbXT5/jSlqauxz/Jjlwigvm/vzukOoP+I01I4+XwSNru9wp 3bwz1EoxoTbOMH/zoC9RMMuAYuXhIJ8Moclx7XjslF0blILjXWCyVhBLedUPkpXGpHvR yunQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=afayu3X7; dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519 header.b="R1a/N7HL"; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e123si22272185iof.100.2021.08.25.02.17.58; Wed, 25 Aug 2021 02:18:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=afayu3X7; dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519 header.b="R1a/N7HL"; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233287AbhHYJRp (ORCPT + 99 others); Wed, 25 Aug 2021 05:17:45 -0400 Received: from smtp-out1.suse.de ([195.135.220.28]:47480 "EHLO smtp-out1.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233272AbhHYJRp (ORCPT ); Wed, 25 Aug 2021 05:17:45 -0400 Received: from imap1.suse-dmz.suse.de (imap1.suse-dmz.suse.de [192.168.254.73]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 7DC1C22118; Wed, 25 Aug 2021 09:16:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1629883018; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Af1e3tXHfDmT+9DXS/it5aFxSlFxaJjERigjhxDIiFU=; b=afayu3X7kmeLNmWI9HNgB4XgqHLBu/38tnAdiLCX9Wvv9JUPYhhqAUI7a/198WLzrBO1pt MCGZ8/3foZ6/6cl72S53bhKn34JCT2VLupgzf4BlEsi0s1nYVM5CintXUCBgve41+Me+qr Jh5/Hxh5KZt5Sneik0OjP1jblLJRJk4= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1629883018; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Af1e3tXHfDmT+9DXS/it5aFxSlFxaJjERigjhxDIiFU=; b=R1a/N7HLX60OgiBSyY2rCXzD3P3OK3BckIgrns05/Noa9UYraEMBisfjXuXabmk6KK8bEd 5zhn9vYRNDDzXjBg== Received: from imap1.suse-dmz.suse.de (imap1.suse-dmz.suse.de [192.168.254.73]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap1.suse-dmz.suse.de (Postfix) with ESMTPS id F0B0C13887; Wed, 25 Aug 2021 09:16:57 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap1.suse-dmz.suse.de with ESMTPSA id QV/vOYkKJmGFAQAAGKfGzw (envelope-from ); Wed, 25 Aug 2021 09:16:57 +0000 Message-ID: Date: Wed, 25 Aug 2021 11:16:56 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.0.1 Content-Language: en-US To: Joerg Roedel , Dave Hansen Cc: Brijesh Singh , x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, Thomas Gleixner , Ingo Molnar , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Mike Kravetz References: <20210820155918.7518-1-brijesh.singh@amd.com> <20210820155918.7518-9-brijesh.singh@amd.com> <19599ede-9fc5-25e1-dcb3-98aafd8b7e87@amd.com> <3f426ef8-060e-ccc9-71b9-2448f2582a30@intel.com> From: Vlastimil Babka Subject: Re: [PATCH Part2 v5 08/45] x86/fault: Add support to handle the RMP fault for user address In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 8/24/21 18:42, Joerg Roedel wrote: > On Mon, Aug 23, 2021 at 07:50:22AM -0700, Dave Hansen wrote: >> It *has* to be done in KVM, IMNHO. >> >> The core kernel really doesn't know much about SEV. It *really* doesn't >> know when its memory is being exposed to a virtualization architecture >> that doesn't know how to split TLBs like every single one before it. >> >> This essentially *must* be done at the time that the KVM code realizes >> that it's being asked to shove a non-splittable page mapping into the >> SEV hardware structures. >> >> The only other alternative is raising a signal from the fault handler >> when the page can't be split. That's a *LOT* nastier because it's so >> much later in the process. >> >> It's either that, or figure out a way to split hugetlbfs (and DAX) >> mappings in a failsafe way. > > Yes, I agree with that. KVM needs a check to disallow HugeTLB pages in > SEV-SNP guests, at least as a temporary workaround. When HugeTLBfs > mappings can be split into smaller pages the check can be removed. FTR, this is Sean's reply with concerns in v4: https://lore.kernel.org/linux-coco/YPCuTiNET%2FhJHqOY@google.com/ I think there are two main arguments there: - it's not KVM business to decide - guest may do all page state changes with 2mb granularity so it might be fine with hugetlb The latter might become true, but I think it's more probable that sooner hugetlbfs will learn to split the mappings to base pages - I know people plan to work on that. At that point qemu will have to recognize if the host kernel is the new one that can do this splitting vs older one that can't. Preferably without relying on kernel version number, as backports exist. Thus, trying to register a hugetlbfs range that either is rejected (kernel can't split) or passes (kernel can split) seems like a straightforward way. So I'm also in favor of adding that, hopefuly temporary, check. Vlastimil > Regards, > > Joerg >