Received: by 2002:a05:6358:489b:b0:bb:da1:e618 with SMTP id x27csp7785126rwn; Wed, 14 Sep 2022 04:35:51 -0700 (PDT) X-Google-Smtp-Source: AA6agR6aKXLi3xymnQwpq8PGZ3UEngVJ7+kS8OPUf4rUnus1Y+VBC8O5JYc3yb6CWtvTfYfscwjV X-Received: by 2002:a63:ee46:0:b0:434:a81e:60f4 with SMTP id n6-20020a63ee46000000b00434a81e60f4mr31271808pgk.368.1663155350729; Wed, 14 Sep 2022 04:35:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663155350; cv=none; d=google.com; s=arc-20160816; b=rVC/txTDwqe+em5x+JeU5P7ssSO/std5dwdVa6/EWhlnb1/fj6LLNy+ga5G+hYW7Ye FJlMq4ZGszT8NhhabRIe6gEvkeR8nzMBQiPizAJgYtiePtqI7qX5ZV+nZpsduQWp8WnU f81DmhHfhCqUczN+l9C1324UKmCjooqqA69ZHpqTqzL128LRye7MYnnwUYVaPLtcPzdU lJhJir+RjbuP5EvRCcIMGIz8J5H+Iq1z0gG7pEbBnM2OKMe7RKLHAhURWYq3vSrakYmp Ny0DluoR5UvpjwOd2Iuy9ev5lMPXixed2l9dr8RkHnHyMF58RS2pLOYvgwjNHMsXpDcc cHOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=/x00XsnVTU+kUzsYJrpklCSNRK/9eB/Ro0omNgHKcjw=; b=o7gOggLSZh9UqeA3iy/JmR2QG9h94RgOFfyDZnT7KpB1eauERAg6PjwnSOYL2m1Ah1 piNs84OjWlflqJ7zBvGkyEyEJ0h/zJQAv4HdvUL2Atirswr4SMatgKA5nqgflDolcV+i SJVML2ed0ll3izrDqetphq71jyTEEt7sjAonFIKY6evCjaaEeSMpvLmaA+obfaY/wmpn K9919SG1PShLvqJ4aGhO1N1shIRs4l7dCELkblm0DOrLVk+wrPKK2W//9tVcnprwaDpS F1mBIUW9+AmKcpMLya9ttDcz8IXElU527XIWCf3DaOluhUOtZyj1YHwi+mbuaiWYWLd/ XGig== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Ac+HILwH; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b4-20020a170902d30400b0017684444f77si14217465plc.266.2022.09.14.04.35.22; Wed, 14 Sep 2022 04:35:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Ac+HILwH; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230081AbiINLCm (ORCPT + 99 others); Wed, 14 Sep 2022 07:02:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58948 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230100AbiINLCj (ORCPT ); Wed, 14 Sep 2022 07:02:39 -0400 Received: from mail-yb1-xb31.google.com (mail-yb1-xb31.google.com [IPv6:2607:f8b0:4864:20::b31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2D0E845F5E for ; Wed, 14 Sep 2022 04:02:36 -0700 (PDT) Received: by mail-yb1-xb31.google.com with SMTP id 198so17080498ybc.1 for ; Wed, 14 Sep 2022 04:02:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=/x00XsnVTU+kUzsYJrpklCSNRK/9eB/Ro0omNgHKcjw=; b=Ac+HILwHqFFR2pInEWD80qd2Hhz+KfnP4ARhZ3KyCXTpvJHHyDr5V77NYqhoryvKQF dJl70OsGI0lKszgDLTBOZms3/5pvkgfdBUsbSMNSOIBlxaFsdc7cgn5psSKITP8kpB8V xOzwhPJMSYAUctwdpFGlbaEV8SCKDjuEChL+pePwijO8xIoqVkrcYcsRV3btirYx+tku aJU0WUO414C/Wxp0Pun9MOzwXxccxG7OLsrzTyXTmPxK4MXbny48p17mxgOF8jpFZlSC vn7QRQpNrCPXxTAfiA2XvFNUXAO+i9LMxAgMQkBRd9WFAiYeZLTuesMC0akB+54eK5HU ub8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=/x00XsnVTU+kUzsYJrpklCSNRK/9eB/Ro0omNgHKcjw=; b=jbAEyz9HuHQcW5/5Ait/UW5diRHN8DxZ1EVvxU5paxXJk2Yj1X83ye73EAmQyg35dn uno1/mfkD0Vf3RQiGwCwNBiQFWXQAGZ9h3sTFKKwoj6Ux4ai5KsYhQ0lZZE7m276TLlx jMJClTXE4/fa74SZ/BfwK16yx11kTw/+R6/7S5XbgxOATshLgRa1k+mixAS84SatKhuK JRsszD6YCMOPKKIWsIcl1mErRgpucf8Elx+7JANMMLgvl/16XUfGlFYc1slIz4qpz7+q tULxEscoB5zfYgqf9wQJ5iuRee0qaQwqIirOzgS+IB25O2IRJK1ngh7XzuE83iBvr9RO ptAQ== X-Gm-Message-State: ACrzQf1KmsxIGkrZt90+8QnGylGKvr2jkvVJi3feRKKqGIA1UX72OmNC hqJzEJ7Ib+fMkMU79FYOjKFnklHmywKxcevZO9zAORWuBYVVJg== X-Received: by 2002:a25:720b:0:b0:6b0:4b3:c121 with SMTP id n11-20020a25720b000000b006b004b3c121mr1725545ybc.473.1663153355073; Wed, 14 Sep 2022 04:02:35 -0700 (PDT) MIME-Version: 1.0 References: <20210820155918.7518-1-brijesh.singh@amd.com> <20210820155918.7518-40-brijesh.singh@amd.com> <4e41dcff-7c7b-cf36-434a-c7732e7e8ff2@amd.com> <20220908212114.sqne7awimfwfztq7@amd.com> In-Reply-To: From: Marc Orr Date: Wed, 14 Sep 2022 12:02:24 +0100 Message-ID: Subject: Re: [PATCH Part2 v5 39/45] KVM: SVM: Introduce ops for the post gfn map and unmap To: Sean Christopherson Cc: Michael Roth , Brijesh Singh , x86 , LKML , kvm list , linux-coco@lists.linux.dev, Linux Memory Management List , Linux Crypto Mailing List , Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , Tony Luck , Sathyanarayanan Kuppuswamy , jarkko@profian.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Wed, Sep 14, 2022 at 9:05 AM Sean Christopherson wrote: > > On Thu, Sep 08, 2022, Michael Roth wrote: > > On Fri, Oct 15, 2021 at 05:16:28PM +0000, Sean Christopherson wrote: > > So in the context of this interim solution, we're trying to look for a > > solution that's simple enough that it can be used reliably, without > > introducing too much additional complexity into KVM. There is one > > approach that seems to fit that bill, that Brijesh attempted in an > > earlier version of this series (I'm not sure what exactly was the > > catalyst to changing the approach, as I wasn't really in the loop at > > the time, but AIUI there weren't any showstoppers there, but please > > correct me if I'm missing anything): > > > > - if the host is writing to a page that it thinks is supposed to be > > shared, and the guest switches it to private, we get an RMP fault > > (actually, we will get a !PRESENT fault, since as of v5 we now > > remove the mapping from the directmap as part of conversion) > > - in the host #PF handler, if we see that the page is marked private > > in the RMP table, simply switch it back to shared > > - if this was a bug on the part of the host, then the guest will see > > As discussed off-list, attempting to fix up RMP violations in the host #PF handler > is not a viable approach. There was also extensive discussion on-list a while back: > > https://lore.kernel.org/all/8a244d34-2b10-4cf8-894a-1bf12b59cf92@www.fastmail.com I mentioned this during Mike's talk at the micro-conference: For pages mapped in by the kernel can we disallow them to be converted to private? Note, userspace accesses are already handled by UPM. In pseudo-code, I'm thinking something like this: kmap_helper() { // And all other interfaces where the kernel can map a GPA // into the kernel page tables mapped_into_kernel_mem_set[hpa] = true; } kunmap_helper() { // And all other interfaces where the kernel can unmap a GPA // into the kernel page tables mapped_into_kernel_mem_set[hpa] = false; // Except it's not this simple because we probably need ref counting // for multiple mappings. Sigh. But you get the idea. } rmpupdate_helper() { if (conversion = SHARED_TO_PRIVATE && mapped_into_kernel_mem_set[hpa]) return -EINVAL; // Or whatever the appropriate error code here is. }