From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5AA34C4828F for ; Thu, 8 Feb 2024 17:27:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BB06C6B0071; Thu, 8 Feb 2024 12:27:07 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id B5FCC6B0074; Thu, 8 Feb 2024 12:27:07 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A27F16B0075; Thu, 8 Feb 2024 12:27:07 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 93FD66B0071 for ; Thu, 8 Feb 2024 12:27:07 -0500 (EST) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 5F865C0146 for ; Thu, 8 Feb 2024 17:27:07 +0000 (UTC) X-FDA: 81769317294.23.4D11A35 Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) by imf04.hostedemail.com (Postfix) with ESMTP id A225B4000D for ; Thu, 8 Feb 2024 17:27:05 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=T5AB33dP; spf=pass (imf04.hostedemail.com: domain of 36A7FZQYKCE89vr40tx55x2v.t532z4BE-331Crt1.58x@flex--seanjc.bounces.google.com designates 209.85.210.201 as permitted sender) smtp.mailfrom=36A7FZQYKCE89vr40tx55x2v.t532z4BE-331Crt1.58x@flex--seanjc.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1707413225; a=rsa-sha256; cv=none; b=nGk48PQOIx/KMJL0+pjl/Is6WYDGOZp/OnNz7KYADkPTFokbCxGiALNowgck4d+A0rb+zH FJKiaDh9PRqmrdyseg1TZZzslfrZo3EkmaThpdWrjvNtGwWAE7+JZKllZ7UL5W8YMkeFqe bzdL53jq0dRh1grNjXR5ho1C8n829Us= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=T5AB33dP; spf=pass (imf04.hostedemail.com: domain of 36A7FZQYKCE89vr40tx55x2v.t532z4BE-331Crt1.58x@flex--seanjc.bounces.google.com designates 209.85.210.201 as permitted sender) smtp.mailfrom=36A7FZQYKCE89vr40tx55x2v.t532z4BE-331Crt1.58x@flex--seanjc.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1707413225; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=gBwp2cY+kDK1oMSufcYCS0Brw297vTH+3c3ODiiUoog=; b=8cPXqhe9I80eWn8U807MXJK4M7KPiTl5OFFlwLbx6HsR6/pVBilFA5yCL8NS1BxoEIecW0 nHrGYGn06Xwzy+1JE6O4ExkObIhC1AC2HMb+UTk6l8zYsdLik6qSS6aOBgWpxl3qSMiL+E f/Prs5rdTxH4RLCN+DNC63Ai7BfLOO0= Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-6e0783cd249so72848b3a.0 for ; Thu, 08 Feb 2024 09:27:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1707413224; x=1708018024; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=gBwp2cY+kDK1oMSufcYCS0Brw297vTH+3c3ODiiUoog=; b=T5AB33dPimEYtpt1HVFBw3dEpj7pwGqzxfxYoKOYlHSvHRcDwO3wk3VGZ+eJjOQwT6 0qH1pJmuTvgFVY+RgY7cXzyYkvPJxO5Y3RlhwKDD6f0UvWmy6d454NN6nwTz4K5hMGfq xTdNoCKgJmI32bTz2SBk5DsnmWDlJ8nBIhXF4LuW6D8ACm35spBUzaVtQvCdkSQcHRNb 0eL7NvKGjMHIiPkzDLbFT77yNVuPd28T06V0/bbVtQBqNLLONiEKXgOAxEz7Us7VB1J5 lKhFS5a6i3KX68q2kD0rFqotRGAD8UcqrIJoV31GP1PGWLuGMk6qem0kJtDshlnCTDsO LkQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707413224; x=1708018024; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=gBwp2cY+kDK1oMSufcYCS0Brw297vTH+3c3ODiiUoog=; b=YG5ND0CbWs4ewNbfppGtvrt6fGVVFHO9fuY6XYqybRxUHjlaanbZV5tWbu1LAQg9d9 B2b/Eh/01MhrL75TxDrYnjujG3YrHy4SKyePKqWloCcpbMMwyJmRVU5fv5woWGhVKfDM puOxkSSamj5kD4psD2gWTpYndmeuFo2yiup4TulXcLx+dgdHItcI2iTebDDjmUdQf2rE 2nSKYMI89oI/+/4+foeFstRZJM08UOtgeBvO6pwhhj8Jm+XMio2SgGl+fCwl8C7cpk4X X9yfPs8bkDNkQOdZZTxCA2V8LqW8yhud11okeIk/Qy8WEYwxkposc5KALjt5h4AU5hiu 3U1g== X-Gm-Message-State: AOJu0YxnKwQllliXtQJNL8nookQAd1jDxgB0NBlZn4C6dDRplt0gxOkD 37qGvOQ583yegdt3uWE/kGcliiGPp131mNerxnF1uDOAdxS+mpxff8fwFm5VxS9MACAFE1ZmZ1T 5Ug== X-Google-Smtp-Source: AGHT+IF6y2Fj9Q0xzklv4qNxJB4M0iqYnYF4z+RAImjVdV5uh7OyzZLHK0LW86J/FLUDUS/+nQQagI/rkCc= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6a00:2281:b0:6df:e3d1:dd0f with SMTP id f1-20020a056a00228100b006dfe3d1dd0fmr365573pfe.4.1707413224273; Thu, 08 Feb 2024 09:27:04 -0800 (PST) Date: Thu, 8 Feb 2024 09:27:02 -0800 In-Reply-To: <20240208002420.34mvemnzrwwsaesw@amd.com> Mime-Version: 1.0 References: <20231016115028.996656-1-michael.roth@amd.com> <20231016115028.996656-9-michael.roth@amd.com> <20240208002420.34mvemnzrwwsaesw@amd.com> Message-ID: Subject: Re: [PATCH RFC gmem v1 8/8] KVM: x86: Determine shared/private faults based on vm_type From: Sean Christopherson To: Michael Roth Cc: kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, pbonzini@redhat.com, isaku.yamahata@intel.com, ackerleytng@google.com, vbabka@suse.cz, ashish.kalra@amd.com, nikunj.dadhania@amd.com, jroedel@suse.de, pankaj.gupta@amd.com, thomas.lendacky@amd.com Content-Type: text/plain; charset="us-ascii" X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: A225B4000D X-Stat-Signature: yjmzzoeh1u9bx5mw5w89pibn6797dny9 X-Rspam-User: X-HE-Tag: 1707413225-973982 X-HE-Meta: U2FsdGVkX184K7O4rlAxcMvX3ERdxvEBdPreTX19nwxiAEc7vSEY+0MOZbvC5k+lA5cvUEv/k4Wq1JdQc5yclr/IUt9xkbsCXw6FRJhC5xhebdjhPvAkI86oobJeFRsWbYwCfxwQ58tVIAvS7vBtZf4xYeDjXmmD8rDVHgEjBRwyK9j9Gx73VqDBc4y40AhdKw9lIUMEnsYNuqbPLMwoxYs9AagdFj+8jZ87Q/+WUtGOqQoFdaaEh0yBz8eFj13htiLb0/EXbZOLzsOXt4V8HMDdx5C/s96oINMpUuqXTj55MqsIbzFYPwQPSFy4r9KQioXzHNvC4CSpDbqT5dFXhCchY71//vRfANc4LhDaTrmpg4D/HzhTTSx6bjEQgWlSjwoTprh/1qVKgtzxZGM0pIjPrFj6oVOQYW+LBqGuPcIy1obPOMNdxoz/3RAoE5gi5Jz3fSlTARIFwn6DI8uen2ST0QE7z9sil6UeFAMSKMaFfP4N8xHTcOUNdw7F6P9fGEHz+0IVc9H+xOa/eqXZfcT7Tdj+iDBCdscsk4BoYNOnT1F4uTtibqP/50kL8VscWglWtgkGaXU1ocipokzf3yJVuomc8Y7kkdccQ/tAZGu/A8cOdSyW0Ua+yeF57dR191FGkClTtLav31EqPjYOYtFEe1N7iB6UoRH14QjmGEJTj9ulQdpUdGgbx7LkO7dEWWjzJX0+KryatqC+VKoWhc9C+/cQdVfhI2/+9pKoxoRg66lgDbN/iuTOVpUYcNi8VmuFs3N1z63vhbqP94pvRvElRkFTSKMXEnFh9r+/c5gaTkP+QT1oJ7CNMjwNlNh8d2LlRiF9HBZKTtfZXJnKDRovhyxIfmG3awJac72sMxyrthS//jm7lLwI3//faeqDDn0gQ472iSby9W4zWIzrfB4LBu1efZ2tGRE7hkCsbr31hu4Vh+24Kjn552uapUX/QrRP5eNuy/Mr8RSVBQU DHl/xe1v EppKoZw3HJjqhaumoh1QW/GEprZrey13okT2W7UjLvMLcYVibx3//1s8oKGvWEiiTQwSJeU45p51evUNCmIvZkfYaWjklzHArJPqJijy3WqXG/3ouityIIcWGVrsP0+hzMGiPGcyPwMWETqENXEu+DlmgSqPspWMTvjTaty5HkJHhar0g2s3ikx1tUpzjhufMVOT9SMHl+bzsMvBD//4CwLzzCAD3dn5nHM7oBqiVK4qKZJyXKDEMvGWiL82Zfj9Xehx7hNbWvJEDsdCxbnuyRCvyRvt8wv3g2qZOcvjWLbb94pWpk8YR6dYhWSdb1cjLSJXL7bKEZMRb0UsSl5rEHfUVcajSgrEH1DVoDdElYkWaRwCYnVX1/hSnldL4w8SO5qcy+cjUZWDdgkDyIE1E2eHYme+cxF9h+GjICau8enH455TQt5hiU50hzXTvSzSHsDHAS8budIEF4/zGcFYrkwb4YeuNWfzDp/EssL+HgLoPOkdfynjcr6iahNbrv+LcMYHOuQgXadAMuTViF4ROf96JhdcarllDyd1JNyqiS0UZgOHNO+OiRPsRlXrg+GQWS2h2kyg2053pbDg8pdtt1wmeH3hMJy8/BJWC5bzuq5qreLGW/lT8oNHticoShTgIQor15G9dBrdh14ch990GTmvXCywkdS1sMpF91alZfCjZywjYwm3K2/2Eh4YgAMUzsg2ynYvrSstcB4comvfmbukB0WfePjnv5r5nY1Hfd5UBfjE= X-Bogosity: Ham, tests=bogofilter, spamicity=0.017222, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Feb 07, 2024, Michael Roth wrote: > On Tue, Jan 30, 2024 at 05:13:00PM -0800, Sean Christopherson wrote: > > On Mon, Oct 16, 2023, Michael Roth wrote: > > > For KVM_X86_SNP_VM, only the PFERR_GUEST_ENC_MASK flag is needed to > > > determine with an #NPF is due to a private/shared access by the guest. > > > Implement that handling here. Also add handling needed to deal with > > > SNP guests which in some cases will make MMIO accesses with the > > > encryption bit. > > > > ... > > > > > @@ -4356,12 +4357,19 @@ static int __kvm_faultin_pfn(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault > > > return RET_PF_EMULATE; > > > } > > > > > > - if (fault->is_private != kvm_mem_is_private(vcpu->kvm, fault->gfn)) { > > > + /* > > > + * In some cases SNP guests will make MMIO accesses with the encryption > > > + * bit set. Handle these via the normal MMIO fault path. > > > + */ > > > + if (!slot && private_fault && kvm_is_vm_type(vcpu->kvm, KVM_X86_SNP_VM)) > > > + private_fault = false; > > > > Why? This is inarguably a guest bug. > > AFAICT this isn't explicitly disallowed by the SNP spec. There are _lots_ of things that aren't explicitly disallowed by the APM, that doesn't mean that _KVM_ needs to actively support them. I am *not* taking on more broken crud in KVM to workaround OVMF's stupidity, the KVM_X86_QUIRK_CD_NW_CLEARED has taken up literally days of my time at this point. > So KVM would need to allow for these cases in order to be fully compatible > with existing SNP guests that do this. No. KVM does not yet support SNP, so as far as KVM's ABI goes, there are no existing guests. Yes, I realize that I am burying my head in the sand to some extent, but it is simply not sustainable for KVM to keep trying to pick up the pieces of poorly defined hardware specs and broken guest firmware. > > > +static bool kvm_mmu_fault_is_private(struct kvm *kvm, gpa_t gpa, u64 err) > > > +{ > > > + bool private_fault = false; > > > + > > > + if (kvm_is_vm_type(kvm, KVM_X86_SNP_VM)) { > > > + private_fault = !!(err & PFERR_GUEST_ENC_MASK); > > > + } else if (kvm_is_vm_type(kvm, KVM_X86_SW_PROTECTED_VM)) { > > > + /* > > > + * This handling is for gmem self-tests and guests that treat > > > + * userspace as the authority on whether a fault should be > > > + * private or not. > > > + */ > > > + private_fault = kvm_mem_is_private(kvm, gpa >> PAGE_SHIFT); > > > + } > > > > This can be more simply: > > > > if (kvm_is_vm_type(kvm, KVM_X86_SNP_VM)) > > return !!(err & PFERR_GUEST_ENC_MASK); > > > > if (kvm_is_vm_type(kvm, KVM_X86_SW_PROTECTED_VM)) > > return kvm_mem_is_private(kvm, gpa >> PAGE_SHIFT); > > > > Yes, indeed. But TDX has taken a different approach for SW_PROTECTED_VM > case where they do this check in kvm_mmu_page_fault() and then synthesize > the PFERR_GUEST_ENC_MASK into error_code before calling > kvm_mmu_do_page_fault(). It's not in the v18 patchset AFAICT, but it's > in the tdx-upstream git branch that corresponds to it: > > https://github.com/intel/tdx/commit/3717a903ef453aa7b62e7eb65f230566b7f158d4 > > Would you prefer that SNP adopt the same approach? Ah, yes, 'twas my suggestion in the first place. FWIW, I was just reviewing the literal code here and wasn't paying much attention to the content. https://lore.kernel.org/all/f474282d701aca7af00e4f7171445abb5e734c6f.1689893403.git.isaku.yamahata@intel.com