Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp7084171rwb; Tue, 15 Nov 2022 07:30:27 -0800 (PST) X-Google-Smtp-Source: AA0mqf6QWU2gCqLyrfNolsNipgCx+IcPjIvdn2rEHZvXhEO+vAxEZyah6WG7XF9V/KACYdFF0Pv2 X-Received: by 2002:a17:906:f148:b0:7ae:eae9:25a5 with SMTP id gw8-20020a170906f14800b007aeeae925a5mr9870306ejb.394.1668526226942; Tue, 15 Nov 2022 07:30:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668526226; cv=none; d=google.com; s=arc-20160816; b=m0ktZA3wHKjuXoLsTxhEYRsvRytDzgaLwrw9gIHPLgdIUVFzYIpoeQvYiJaok4x0KL B45zdm0Vprbtz4ewd6I0TBw734257qzHFP5k+iIFhKa7qd6qtMEE5fSKtEUPEISoH/K+ GNC+1iYVNZAGVn9/FtR72Ox4KSU21XLbH5z5Jfnz6sMkb/DpExfgf4ISXjaglFmoWuU1 KaPKzdLFFSKI4wsf0lsnG3t8kkQdCOgrIJy7SPkWmD8VdC4sJosAEw13QleV+aX5Nc3h FPTX3IB4rNlAcib/sAv4JvHuVV2jxpZdcASN5nllFKMiSLeOg9CIZKYIIFE+KkP+5pEr 4B9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature:dkim-signature; bh=t/Ojq7esMZK1UpIZw2DCNQEYBbxO60KA3dy0uIVi5dI=; b=Wl5EMbThWsFIYek+bSapEgfw6Qd32iQsr00xXGkpdlgoiIaCFT9eSbkRzQigRlm3+R UBUTk/lzsFaXn0h8czqNr8IHR6Ohz0MyqvsCutOxd8Xjwkw01c+Xwu4lMuemvRGH8DeW 8D9AmJ9/I9Ni/e9L3j0Profv2M+ndTedu448+Rfy9rmi0DY/ITkDuWetGY3gmV0CyOuS fYwnQfWp8s28c+uGR4Wh56ckEGKdNqxKgZ3/BZBBlx+bejNFmocB4NA+n3455vH7lwnw sXAFeCO9xa2u5f5fMhReieKbIHf3CfUJlO8rc9bm99dHfvtCNeCnhxbSL/1JvVMeYE1C SrYw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=femMqr0z; dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519 header.b=W3Q9Q4+J; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m9-20020a056402430900b00450c1de6234si12548916edc.587.2022.11.15.07.30.01; Tue, 15 Nov 2022 07:30:26 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=femMqr0z; dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519 header.b=W3Q9Q4+J; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229553AbiKOPOr (ORCPT + 99 others); Tue, 15 Nov 2022 10:14:47 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50762 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230347AbiKOPOp (ORCPT ); Tue, 15 Nov 2022 10:14:45 -0500 Received: from smtp-out2.suse.de (smtp-out2.suse.de [IPv6:2001:67c:2178:6::1d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7285127FC5; Tue, 15 Nov 2022 07:14:44 -0800 (PST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 2A43D1F8D2; Tue, 15 Nov 2022 15:14:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1668525283; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=t/Ojq7esMZK1UpIZw2DCNQEYBbxO60KA3dy0uIVi5dI=; b=femMqr0zM7sK7IDyHk+wRHu13d6aqFkag91Q9FkaEeTOfVD3Ynz/2LW73N01t0fEgWC27H QuX31155LvxDVPPqvf2ijYDNEXVdxrDYHEog5E1T73IAix+8nUyqY59SdZ+mTBlxPVkCyi Oi/J7qttoGTmyV1M3XWeDVfeBmkOYxE= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1668525283; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=t/Ojq7esMZK1UpIZw2DCNQEYBbxO60KA3dy0uIVi5dI=; b=W3Q9Q4+Juw62o7Z2XISJgT5h/Vrie6Hs9f4/wbuxSsfn9htzzZGtNAhMjPpllC/MGdPhjG KxESqqV+6aWKmlAg== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 8953C13A91; Tue, 15 Nov 2022 15:14:42 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id AqPDIOKsc2OiGAAAMHmgww (envelope-from ); Tue, 15 Nov 2022 15:14:42 +0000 Message-ID: <7882353e-2b13-d35a-b462-cef35ee56f51@suse.cz> Date: Tue, 15 Nov 2022 16:14:42 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2 Subject: Re: [PATCH Part2 v6 14/49] crypto: ccp: Handle the legacy TMR allocation when SNP is enabled Content-Language: en-US To: "Kalra, Ashish" , Borislav Petkov Cc: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, seanjc@google.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, michael.roth@amd.com, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, dgilbert@redhat.com, jarkko@kernel.org, "Kaplan, David" , Naoya Horiguchi , Miaohe Lin , Oscar Salvador References: <3a51840f6a80c87b39632dc728dbd9b5dd444cd7.1655761627.git.ashish.kalra@amd.com> <380c9748-1c86-4763-ea18-b884280a3b60@amd.com> <6511c122-d5cc-3f8d-9651-7c2cd67dc5af@amd.com> From: Vlastimil Babka In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_SOFTFAIL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Cc'ing memory failure folks, the beinning of this subthread is here: https://lore.kernel.org/all/3a51840f6a80c87b39632dc728dbd9b5dd444cd7.1655761627.git.ashish.kalra@amd.com/ On 11/15/22 00:36, Kalra, Ashish wrote: > Hello Boris, > > On 11/2/2022 6:22 AM, Borislav Petkov wrote: >> On Mon, Oct 31, 2022 at 04:58:38PM -0500, Kalra, Ashish wrote: >>>       if (snp_lookup_rmpentry(pfn, &rmp_level)) { >>>              do_sigbus(regs, error_code, address, VM_FAULT_SIGBUS); >>>              return RMP_PF_RETRY; >> >> Does this issue some halfway understandable error message why the >> process got killed? >> >>> Will look at adding our own recovery function for the same, but that will >>> again mark the pages as poisoned, right ? >> >> Well, not poisoned but PG_offlimits or whatever the mm folks agree upon. >> Semantically, it'll be handled the same way, ofc. > > Added a new PG_offlimits flag and a simple corresponding handler for it. One thing is, there's not enough page flags to be adding more (except aliases for existing) for cases that can avoid it, but as Boris says, if using alias to PG_hwpoison it depends what will become confused with the actual hwpoison. > But there is still added complexity of handling hugepages as part of > reclamation failures (both HugeTLB and transparent hugepages) and that > means calling more static functions in mm/memory_failure.c > > There is probably a more appropriate handler in mm/memory-failure.c: > > soft_offline_page() - this will mark the page as HWPoisoned and also has > handling for hugepages. And we can avoid adding a new page flag too. > > soft_offline_page - Soft offline a page. > Soft offline a page, by migration or invalidation, without killing anything. > > So, this looks like a good option to call > soft_offline_page() instead of memory_failure() in case of > failure to transition the page back to HV/shared state via SNP_RECLAIM_CMD > and/or RMPUPDATE instruction. So it's a bit unclear to me what exact situation we are handling here. The original patch here seems to me to be just leaking back pages that are unsafe for further use. soft_offline_page() seems to fit that scenario of a graceful leak before something is irrepairably corrupt and we page fault on it. But then in the thread you discus PF handling and killing. So what is the case here? If we detect this need to call snp_leak_pages() does it mean: a) nobody that could page fault at them (the guest?) is running anymore, we are tearing it down, we just can't reuse the pages further on the host - seem like soft_offline_page() could work, but maybe we could just put the pages on some leaked lists without special page? The only thing that should matter is not to free the pages to the page allocator so they would be reused by something else. b) something can stil page fault at them (what?) - AFAIU can't be resolved without killing something, memory_failure() might limit the damage > Thanks, > Ashish > >> >>> Still waiting for some/more feedback from mm folks on the same. >> >> Just send the patch and they'll give it. >> >> Thx. >>