From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3AAC2C4345F for ; Thu, 25 Apr 2024 00:45:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A15E06B0085; Wed, 24 Apr 2024 20:45:23 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 99F146B0087; Wed, 24 Apr 2024 20:45:23 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 818626B0088; Wed, 24 Apr 2024 20:45:23 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 609856B0085 for ; Wed, 24 Apr 2024 20:45:23 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id BC6B0C06C1 for ; Thu, 25 Apr 2024 00:45:22 +0000 (UTC) X-FDA: 82046210484.13.C9A6D8D Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) by imf28.hostedemail.com (Postfix) with ESMTP id E29C5C000A for ; Thu, 25 Apr 2024 00:45:20 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b="nUiOxR/7"; spf=pass (imf28.hostedemail.com: domain of 3n6cpZgYKCMwAws51uy66y3w.u64305CF-442Dsu2.69y@flex--seanjc.bounces.google.com designates 209.85.214.201 as permitted sender) smtp.mailfrom=3n6cpZgYKCMwAws51uy66y3w.u64305CF-442Dsu2.69y@flex--seanjc.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1714005921; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ehGLjycYzRvV+RegBC+30jOD4jldKpLBzIes+g3Te5M=; b=lgVnRCwpxHmZbKiVViqWFa4dSPhkyqCPvKzkPoT3WTLg19cII/Fr+p59zszDKoRvBFmT5E S/W9YA5K2JfPVPjhi2hKFqRVITIonrU9/h1eeZAW8C0N4hZSpozqOa47z+IJB7Ubrx7a6c YV/6IM6DlguWSiv9S1lpRi2Je9D8cjw= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1714005921; a=rsa-sha256; cv=none; b=AP3BGl24Ga5YmzK8vA1WIkatgBFG5qxU2BC7E8cGQCJyTKh7ZAweZjsMyBhTCYIy6IdTLN ZHNBERGhpGKWSnvWfozhxExdkLwpxK0dDslYtTsOmHWJn/x/Njk8okk7n1THgXw63j221/ v8hs1rj81gPNofvQP4oS0Le8ehiIIVc= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b="nUiOxR/7"; spf=pass (imf28.hostedemail.com: domain of 3n6cpZgYKCMwAws51uy66y3w.u64305CF-442Dsu2.69y@flex--seanjc.bounces.google.com designates 209.85.214.201 as permitted sender) smtp.mailfrom=3n6cpZgYKCMwAws51uy66y3w.u64305CF-442Dsu2.69y@flex--seanjc.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-1e99fd7eadaso4600525ad.2 for ; Wed, 24 Apr 2024 17:45:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1714005920; x=1714610720; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=ehGLjycYzRvV+RegBC+30jOD4jldKpLBzIes+g3Te5M=; b=nUiOxR/7Ho3jzFKI02YsztyEjiaCx0wXoBnznczaVOvKqVefIl8VYesRteuxwZjD2o sSP/qGU/5sNOU+rdgQkuoCLbJ4557waRGXDj45oFYGgSooDfct8D6lERDcQH0F7tKhvv +rz60w9yiJlr9c65SvQm6DZMw3y4AbV+fszhDjUQUyuW7Ae0ASnLf0eui/TE3XvNwb3D vx0NS5IbW1wojMD4MF27l5NSYgWCRDzzFns4nj/INZpO5XhArdYQXEPrxoAKISy2qrW2 AaEkat/NyJBrHiIkvplHi8oxF39XEDGzNixhvKpWYlLPIMu9vmZE2YcIlXG0/oD4yDm6 aXuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714005920; x=1714610720; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ehGLjycYzRvV+RegBC+30jOD4jldKpLBzIes+g3Te5M=; b=ghEZspQDuxEXQ//W6909Jb47pgQUanE4Q8OV3sAT0bHpM96fQzYz1J+kfgFhfAtSma YsxX8Byc0HXjO2jt0VRNhb64IFywZRMT1KhT3zzWRaHASiveKaaAHoa4SwzBZxM2vGXi w2MmyoS83rdqoIXH9x0M5IYK8vyYWImQFJeoU9U7FMd55x7FJZe6vs+WCAFQC1UrFWxh Xao7Zw09NdShiJCQic0n4s0Ztzy3DXSAixv2TH4+sy4ZHoJGUKy+iX/RmVOacoHf8DhL 3lIDcuYdqNPB/9XtVojrDnLIFVZD/pAdAnoxuENn4gCwZdkHxT3zBPUpNkKbthRBrTTI c1Pw== X-Forwarded-Encrypted: i=1; AJvYcCW/2NpNqCYTP3+dFGWZq8ndBu7r1Xa5SQweCPFw8t7g5wpDPdzLhvLb4sOWcQJS3CmqS4c4cdvu/Jr7p5iOaGJLp8g= X-Gm-Message-State: AOJu0YyO/mnLdoMF3qlNXzqbkLLJhwzdOixC4FyJxyQy4B8k83ynohpJ tdIK18/+l7fK/bGcNCdURDmMpnS6ycwtuAqNeNzXH4kHTyr9mkGjQfV6d8B3Q7rj+XlTJMjLO5y M2g== X-Google-Smtp-Source: AGHT+IFR9HYBLarlt9ZsOvhUbV8OSiFHhgh7AV7IIXgugq1S0Quy5L1i73/i89wy47ffAjGpD3+fDEtcXsg= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:903:244e:b0:1e3:e6cb:a06e with SMTP id l14-20020a170903244e00b001e3e6cba06emr344607pls.5.1714005919640; Wed, 24 Apr 2024 17:45:19 -0700 (PDT) Date: Wed, 24 Apr 2024 17:45:18 -0700 In-Reply-To: <20240421180122.1650812-17-michael.roth@amd.com> Mime-Version: 1.0 References: <20240421180122.1650812-1-michael.roth@amd.com> <20240421180122.1650812-17-michael.roth@amd.com> Message-ID: Subject: Re: [PATCH v14 16/22] KVM: x86: Implement gmem hook for determining max NPT mapping level From: Sean Christopherson To: Michael Roth Cc: kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, jarkko@kernel.org, ashish.kalra@amd.com, nikunj.dadhania@amd.com, pankaj.gupta@amd.com, liam.merwick@oracle.com Content-Type: text/plain; charset="us-ascii" X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: E29C5C000A X-Rspam-User: X-Stat-Signature: kmfnnqm8wms6afx4b38rntrsabf837hh X-HE-Tag: 1714005920-568070 X-HE-Meta: U2FsdGVkX183g2YJ/9Y3oQTAubvs/fytMETZBXtUL65hzvBlGAmkyvW5Y6Tutj072yguyXUiOK0NGNJrkE+/ez1lb5YWgMJDgCI1BOaPGnCioTNA0aAnX8cdU3r3DfBnDOInzh6fjx/r3ElvLcGFoiyT3iARX79b5/7mBonMrYNn6ipKwtzZ46OStiTpzHkKyfoc0JOfAC6JtOzP9zrETdDbP15/UWpj6zX/U5utVp0MSTkGHhEd/JblQTC5J/IjQY7RXCpnqsnMWy3tsdtbYHJQs3byRUPJR2SG9EIZ3Y5KdutRKIXTjn37xnefZgmWwWcwg9GTLj10DhLqi0YkiplPfppsOzN2fvEPd+WbY3C/oBlqjlV3ocvZXqHSkonXV4c7kMt0JIDXGJj0zZtbXU4GkIi21SoaQhomJS5SnEpBFrUB52beqvEaS7kBrCbNmhEWbuQhZg1M/S8TGMbincm2ZnIlGcj+1m1UCTBFRwKURSHg6zYiB1eTqC22myy1iQ/L4iSU/ju9V9cJhWASDsTiRfw8nF7iVP9JsJV/7OnrmLcz2m40brezFhDQ96etfMh1/VGDnWnVyXZSXNou8X5lfydFD0BzKwtngpA2jBqDb5l70c++8VFcRkRZjemPcgO9mONskW9zGFxVPE/JbhKNZNhMTq7TY0vW0B7CsCv4QKgtpZ9BlaqgRnS6q2QTQqAmQOQdiDAcJoDh/WWZQz6xrJqf1aFH5kR0poeRo1r9TXohFP4qL6SxlC9RQylY/Mg34Oy5yXa++bFtk6o2v4nSQjw3vn2laz5FemF07jCobpI1QxypcZ5gSShXNI2PDg5MOVrEv5abG5xqqnveYJoEuTDXt8mj+R5531FDyVTsatKqIFUQJRpA58yvXxgcnGKcjloHll5POGhrU/LQCWdMEPklsj4qNUQ7NkX4h2qcOTkUoEEnsMUcaY/vy7tkUY0cyCct7UoRKbu3TGX uDmasxnZ MWaN1xGsgub+i3+lC5whQd416kAfd0eT/ohsUkFau+Caekd6XgFbKbTPAC81+0y3ysd2MvcXhXdCm3sGXCO0DSJAHcYLawML41dYdQw0LSzNAGgKGViHn/VsBxjTJrLqOO6vaPXikUl9AwSmTpVFANhSujeHC7XP/XMIiANl7ORAOHQhwm9ehVv25mpsq1mPFAbI8Wd/ADzX+ategK1pGT9tw/oxi9zEu986uChSer443jbVWmiMwmt5lrSuSS203ZFQaG7W4Xl1BSCAWnWYLXwhqeE1nUG83L1m28elhrmdhL0h7SoJhEv+yC+BcCu00WhsCMQVYT4QHmCSTdQOj9Mqoifb3GzMIZGZ1L+4hNiMhHfVUBw8P7ZVnk0qyvH2CZ/veHWUHQoKNz2XHc/F3pav+NvbWn+1lhKyqUxgcSI46ukbOkn2Ju1nDaA8iCPEHbeSuPjCzyiZxIuL8fxVqITmrD6SFZDlEIVWzt8B2LOtCP7iEKflq/c7dDSitjLC1GvJZW/fevpHTMRM1sv6Ixq0aRGQmgW6CezQtnZH1aNyKaLsfwOdHziB7hkYEkRLLZUWgZ02xvJcbYnVhA3CsevPhmQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Sun, Apr 21, 2024, Michael Roth wrote: > --- > arch/x86/kvm/svm/sev.c | 32 ++++++++++++++++++++++++++++++++ > arch/x86/kvm/svm/svm.c | 1 + > arch/x86/kvm/svm/svm.h | 7 +++++++ > 3 files changed, 40 insertions(+) > > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c > index ff9b8c68ae56..243369e302f4 100644 > --- a/arch/x86/kvm/svm/sev.c > +++ b/arch/x86/kvm/svm/sev.c > @@ -4528,3 +4528,35 @@ void sev_gmem_invalidate(kvm_pfn_t start, kvm_pfn_t end) > cond_resched(); > } > } > + > +/* > + * Re-check whether an #NPF for a private/gmem page can still be serviced, and > + * adjust maximum mapping level if needed. > + */ > +int sev_gmem_validate_fault(struct kvm *kvm, kvm_pfn_t pfn, gfn_t gfn, bool is_private, This is a misleading name. The primary purpose is not to validate the fault, the primary purpose is to get the max mapping level. The fact that this can fail should not dictate the name. I also think we should skip the call if the max level is already PG_LEVEL_4K. Something _could_ race and invalidate the RMP, but that's _exactly_ why KVM guards the page fault path with mmu_invalidate_seq. Actually, is returning an error in this case even correct? Me thinks no. If something invalidates the RMP between kvm_gmem_get_pfn() and getting the mapping level, then KVM should retry, which mmu_invalidate_seq handles. Returning -EINVAL and killing the VM is wrong. And IMO, "gmem" shouldn't be in the name, this is not a hook from guest_memfd, it's a hook for mapping private memory. And as someone called out somwhere else, the "private" parameters is pointless. And for that matter, so is the gfn. And even _if_ we want to return an error, we could even overload the return code to handle this, e.g. in the caller: r = static_call(kvm_x86_max_private_mapping_level)(vcpu->kvm, fault->pfn); if (r < 0) { kvm_release_pfn_clean(fault->pfn); return r; } fault->max_level = min(fault->max_level, r); but what I think we want is: --- int sev_snp_private_max_mapping_level(struct kvm *kvm, kvm_pfn_t pfn) { int level, rc; bool assigned; if (!sev_snp_guest(kvm)) return 0; rc = snp_lookup_rmpentry(pfn, &assigned, &level); if (rc || !assigned) return PG_LEVEL_4K; return level; } static u8 kvm_max_private_mapping_level(struct kvm *kvm, kvm_pfn_t pfn, u8 max_level, int gmem_order) { if (max_level == PG_LEVEL_4K) return PG_LEVEL_4K; max_level = min(kvm_max_level_for_order(gmem_order),max_level); if (max_level == PG_LEVEL_4K) return PG_LEVEL_4K; return min(max_level, static_call(kvm_x86_private_max_mapping_level)(kvm, pfn); } static int kvm_faultin_pfn_private(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault) { struct kvm *kvm = vcpu->kvm; int max_order, r; if (!kvm_slot_can_be_private(fault->slot)) { kvm_mmu_prepare_memory_fault_exit(vcpu, fault); return -EFAULT; } r = kvm_gmem_get_pfn(kvm, fault->slot, fault->gfn, &fault->pfn, &max_order); if (r) { kvm_mmu_prepare_memory_fault_exit(vcpu, fault); return r; } fault->map_writable = !(fault->slot->flags & KVM_MEM_READONLY); fault->max_level = kvm_max_private_mapping_level(kvm, fault->pfn, fault->max_level, order); return RET_PF_CONTINUE; } --- Side topic, the KVM_MEM_READONLY check is unnecessary, KVM doesn't allow RO memslots to coincide with guest_memfd. I missed that in commit e563592224e0 ("KVM: Make KVM_MEM_GUEST_MEMFD mutually exclusive with KVM_MEM_READONLY").