From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Janosch Frank <frankja@linux.vnet.ibm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Marc Zyngier <maz@kernel.org>,
Tom Lendacky <thomas.lendacky@amd.com>, KVM <kvm@vger.kernel.org>,
Cornelia Huck <cohuck@redhat.com>,
David Hildenbrand <david@redhat.com>,
Thomas Huth <thuth@redhat.com>,
Ulrich Weigand <Ulrich.Weigand@de.ibm.com>,
Claudio Imbrenda <imbrenda@linux.ibm.com>,
Andrea Arcangeli <aarcange@redhat.com>,
linux-s390 <linux-s390@vger.kernel.org>,
Michael Mueller <mimu@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
linux-mm@kvack.org, kvm-ppc@vger.kernel.org,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH 01/35] mm:gup/writeback: add callbacks for inaccessible pages
Date: Thu, 13 Feb 2020 20:46:28 +0000 [thread overview]
Message-ID: <20200213204628.GE18610@linux.intel.com> (raw)
In-Reply-To: <e2c41b25-6d6d-6685-3450-2e3e8d84efd1@de.ibm.com>
On Thu, Feb 13, 2020 at 09:13:35PM +0100, Christian Borntraeger wrote:
>
> On 13.02.20 20:56, Sean Christopherson wrote:
> > On Mon, Feb 10, 2020 at 06:27:04PM +0100, Christian Borntraeger wrote:
> > Am I missing a need to do this for the swap/reclaim case? Or is there a
> > completely different use case I'm overlooking?
>
> This is actually to protect the host against a malicious user space. For
> example a bad QEMU could simply start direct I/O on such protected memory.
> We do not want userspace to be able to trigger I/O errors and thus we
> implemented the logic to "whenever somebody accesses that page (gup) or
> doing I/O, make sure that this page can be accessed. When the guest tries
> to access that page we will wait in the page fault handler for writeback to
> have finished and for the page_ref to be the expected value.
Ah. I was assuming the pages would unmappable by userspace, enforced by
some other mechanism
> >
> > Tangentially related, hooks here could be quite useful for sanity checking
> > the kernel/KVM and/or debugging kernel/KVM bugs. Would it make sense to
> > pass a param to arch_make_page_accessible() to provide some information as
> > to why the page needs to be made accessible?
>
> Some kind of enum that can be used optionally to optimize things?
Not just optimize, in the case above it'd probably preferable for us to
reject a userspace mapping outright, e.g. return -EFAULT if called from
gup()/follow(). Debug scenarios might also require differentiating between
writeback and "other".
WARNING: multiple messages have this Message-ID (diff)
From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Janosch Frank <frankja@linux.vnet.ibm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Marc Zyngier <maz@kernel.org>,
Tom Lendacky <thomas.lendacky@amd.com>, KVM <kvm@vger.kernel.org>,
Cornelia Huck <cohuck@redhat.com>,
David Hildenbrand <david@redhat.com>,
Thomas Huth <thuth@redhat.com>,
Ulrich Weigand <Ulrich.Weigand@de.ibm.com>,
Claudio Imbrenda <imbrenda@linux.ibm.com>,
Andrea Arcangeli <aarcange@redhat.com>,
linux-s390 <linux-s390@vger.kernel.org>,
Michael Mueller <mimu@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
linux-mm@kvack.org, kvm-ppc@vger.kernel.org,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH 01/35] mm:gup/writeback: add callbacks for inaccessible pages
Date: Thu, 13 Feb 2020 12:46:28 -0800 [thread overview]
Message-ID: <20200213204628.GE18610@linux.intel.com> (raw)
In-Reply-To: <e2c41b25-6d6d-6685-3450-2e3e8d84efd1@de.ibm.com>
On Thu, Feb 13, 2020 at 09:13:35PM +0100, Christian Borntraeger wrote:
>
> On 13.02.20 20:56, Sean Christopherson wrote:
> > On Mon, Feb 10, 2020 at 06:27:04PM +0100, Christian Borntraeger wrote:
> > Am I missing a need to do this for the swap/reclaim case? Or is there a
> > completely different use case I'm overlooking?
>
> This is actually to protect the host against a malicious user space. For
> example a bad QEMU could simply start direct I/O on such protected memory.
> We do not want userspace to be able to trigger I/O errors and thus we
> implemented the logic to "whenever somebody accesses that page (gup) or
> doing I/O, make sure that this page can be accessed. When the guest tries
> to access that page we will wait in the page fault handler for writeback to
> have finished and for the page_ref to be the expected value.
Ah. I was assuming the pages would unmappable by userspace, enforced by
some other mechanism
> >
> > Tangentially related, hooks here could be quite useful for sanity checking
> > the kernel/KVM and/or debugging kernel/KVM bugs. Would it make sense to
> > pass a param to arch_make_page_accessible() to provide some information as
> > to why the page needs to be made accessible?
>
> Some kind of enum that can be used optionally to optimize things?
Not just optimize, in the case above it'd probably preferable for us to
reject a userspace mapping outright, e.g. return -EFAULT if called from
gup()/follow(). Debug scenarios might also require differentiating between
writeback and "other".
next prev parent reply other threads:[~2020-02-13 20:46 UTC|newest]
Thread overview: 147+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-07 11:39 [PATCH 00/35] KVM: s390: Add support for protected VMs Christian Borntraeger
2020-02-07 11:39 ` [PATCH 01/35] mm:gup/writeback: add callbacks for inaccessible pages Christian Borntraeger
2020-02-10 17:27 ` Christian Borntraeger
2020-02-10 17:27 ` Christian Borntraeger
2020-02-11 11:26 ` Will Deacon
2020-02-11 11:43 ` Christian Borntraeger
2020-02-11 11:43 ` Christian Borntraeger
2020-02-13 14:48 ` Christian Borntraeger
2020-02-13 14:48 ` Christian Borntraeger
2020-02-18 16:02 ` Will Deacon
2020-02-13 19:56 ` Sean Christopherson
2020-02-13 19:56 ` Sean Christopherson
2020-02-13 20:13 ` Christian Borntraeger
2020-02-13 20:13 ` Christian Borntraeger
2020-02-13 20:46 ` Sean Christopherson [this message]
2020-02-13 20:46 ` Sean Christopherson
2020-02-17 20:55 ` Tom Lendacky
2020-02-17 20:55 ` Tom Lendacky
2020-02-17 21:14 ` Christian Borntraeger
2020-02-17 21:14 ` Christian Borntraeger
2020-02-10 18:17 ` David Hildenbrand
2020-02-10 18:28 ` Christian Borntraeger
2020-02-10 18:43 ` David Hildenbrand
2020-02-10 18:51 ` Christian Borntraeger
2020-02-18 3:36 ` Tian, Kevin
2020-02-18 6:44 ` Christian Borntraeger
2020-02-07 11:39 ` [PATCH 02/35] KVM: s390/interrupt: do not pin adapter interrupt pages Christian Borntraeger
2020-02-10 12:26 ` David Hildenbrand
2020-02-10 18:38 ` Christian Borntraeger
2020-02-10 19:33 ` David Hildenbrand
2020-02-11 9:23 ` [PATCH v2 RFC] " Christian Borntraeger
2020-02-12 11:52 ` Christian Borntraeger
2020-02-12 12:16 ` David Hildenbrand
2020-02-12 12:22 ` Christian Borntraeger
2020-02-12 12:47 ` David Hildenbrand
2020-02-12 12:39 ` Cornelia Huck
2020-02-12 12:44 ` Christian Borntraeger
2020-02-12 13:07 ` Cornelia Huck
2020-02-10 18:56 ` [PATCH 02/35] KVM: s390/interrupt: do not pin adapter interrupt Ulrich Weigand
2020-02-10 18:56 ` Ulrich Weigand
2020-02-10 12:40 ` [PATCH 02/35] KVM: s390/interrupt: do not pin adapter interrupt pages David Hildenbrand
2020-02-07 11:39 ` [PATCH 03/35] s390/protvirt: introduce host side setup Christian Borntraeger
2020-02-10 9:42 ` Thomas Huth
2020-02-10 9:48 ` Christian Borntraeger
2020-02-10 11:54 ` Cornelia Huck
2020-02-10 12:14 ` Christian Borntraeger
2020-02-10 12:31 ` Cornelia Huck
2020-02-10 12:38 ` David Hildenbrand
2020-02-10 12:54 ` Christian Borntraeger
2020-02-07 11:39 ` [PATCH 04/35] s390/protvirt: add ultravisor initialization Christian Borntraeger
2020-02-14 10:25 ` David Hildenbrand
2020-02-14 10:33 ` Christian Borntraeger
2020-02-14 10:34 ` David Hildenbrand
2020-02-07 11:39 ` [PATCH 05/35] s390/mm: provide memory management functions for protected KVM guests Christian Borntraeger
2020-02-12 13:42 ` Cornelia Huck
2020-02-13 7:43 ` Christian Borntraeger
2020-02-13 8:44 ` Cornelia Huck
2020-02-14 17:59 ` David Hildenbrand
2020-02-14 21:17 ` Christian Borntraeger
2020-02-07 11:39 ` [PATCH 06/35] s390/mm: add (non)secure page access exceptions handlers Christian Borntraeger
2020-02-14 18:05 ` David Hildenbrand
2020-02-14 19:59 ` Christian Borntraeger
2020-02-07 11:39 ` [PATCH 07/35] KVM: s390: add new variants of UV CALL Christian Borntraeger
2020-02-07 14:34 ` Thomas Huth
2020-02-07 15:03 ` Christian Borntraeger
2020-02-10 12:16 ` Cornelia Huck
2020-02-10 12:22 ` Christian Borntraeger
2020-02-14 18:28 ` David Hildenbrand
2020-02-14 20:13 ` Christian Borntraeger
2020-02-07 11:39 ` [PATCH 08/35] KVM: s390: protvirt: Add initial lifecycle handling Christian Borntraeger
2020-02-07 16:32 ` Thomas Huth
2020-02-10 8:34 ` Christian Borntraeger
2020-02-08 14:54 ` Thomas Huth
2020-02-10 11:43 ` Christian Borntraeger
2020-02-10 11:45 ` [PATCH/RFC] KVM: s390: protvirt: pass-through rc and rrc Christian Borntraeger
2020-02-10 12:06 ` Christian Borntraeger
2020-02-10 12:29 ` Thomas Huth
2020-02-10 12:50 ` Cornelia Huck
2020-02-10 12:56 ` Christian Borntraeger
2020-02-11 8:48 ` Janosch Frank
2020-02-13 8:43 ` Christian Borntraeger
2020-02-14 18:39 ` [PATCH 08/35] KVM: s390: protvirt: Add initial lifecycle handling David Hildenbrand
2020-02-14 21:22 ` Christian Borntraeger
2020-02-07 11:39 ` [PATCH 09/35] KVM: s390: protvirt: Add KVM api documentation Christian Borntraeger
2020-02-08 14:57 ` Thomas Huth
2020-02-10 12:26 ` Christian Borntraeger
2020-02-10 12:57 ` Cornelia Huck
2020-02-10 13:02 ` Christian Borntraeger
2020-02-07 11:39 ` [PATCH 10/35] KVM: s390: protvirt: Secure memory is not mergeable Christian Borntraeger
2020-02-07 11:39 ` [PATCH 11/35] KVM: s390/mm: Make pages accessible before destroying the guest Christian Borntraeger
2020-02-14 18:40 ` David Hildenbrand
2020-02-07 11:39 ` [PATCH 12/35] KVM: s390: protvirt: Handle SE notification interceptions Christian Borntraeger
2020-02-07 11:39 ` [PATCH 13/35] KVM: s390: protvirt: Instruction emulation Christian Borntraeger
2020-02-07 11:39 ` [PATCH 14/35] KVM: s390: protvirt: Add interruption injection controls Christian Borntraeger
2020-02-07 11:39 ` [PATCH 15/35] KVM: s390: protvirt: Implement interruption injection Christian Borntraeger
2020-02-10 10:03 ` Thomas Huth
2020-02-07 11:39 ` [PATCH 16/35] KVM: s390: protvirt: Add SCLP interrupt handling Christian Borntraeger
2020-02-11 12:00 ` Thomas Huth
2020-02-11 20:06 ` Christian Borntraeger
2020-02-07 11:39 ` [PATCH 17/35] KVM: s390: protvirt: Handle spec exception loops Christian Borntraeger
2020-02-07 11:39 ` [PATCH 18/35] KVM: s390: protvirt: Add new gprs location handling Christian Borntraeger
2020-02-07 11:39 ` [PATCH 19/35] KVM: S390: protvirt: Introduce instruction data area bounce buffer Christian Borntraeger
2020-02-07 11:39 ` [PATCH 20/35] KVM: s390: protvirt: handle secure guest prefix pages Christian Borntraeger
2020-02-13 8:37 ` Christian Borntraeger
2020-02-07 11:39 ` [PATCH 21/35] KVM: s390/mm: handle guest unpin events Christian Borntraeger
2020-02-10 14:58 ` Thomas Huth
2020-02-11 13:21 ` Cornelia Huck
2020-02-07 11:39 ` [PATCH 22/35] KVM: s390: protvirt: Write sthyi data to instruction data area Christian Borntraeger
2020-02-07 11:39 ` [PATCH 23/35] KVM: s390: protvirt: STSI handling Christian Borntraeger
2020-02-08 15:01 ` Thomas Huth
2020-02-11 10:55 ` Cornelia Huck
2020-02-07 11:39 ` [PATCH 24/35] KVM: s390: protvirt: disallow one_reg Christian Borntraeger
2020-02-10 17:53 ` Cornelia Huck
2020-02-10 18:34 ` Christian Borntraeger
2020-02-11 8:27 ` Cornelia Huck
2020-02-07 11:39 ` [PATCH 25/35] KVM: s390: protvirt: Only sync fmt4 registers Christian Borntraeger
2020-02-09 15:50 ` Thomas Huth
2020-02-10 9:33 ` Christian Borntraeger
2020-02-11 10:51 ` Cornelia Huck
2020-02-11 12:59 ` Christian Borntraeger
2020-02-07 11:39 ` [PATCH 26/35] KVM: s390: protvirt: Add program exception injection Christian Borntraeger
2020-02-09 15:52 ` Thomas Huth
2020-02-07 11:39 ` [PATCH 27/35] KVM: s390: protvirt: Add diag 308 subcode 8 - 10 handling Christian Borntraeger
2020-02-07 11:39 ` [PATCH 28/35] KVM: s390: protvirt: UV calls diag308 0, 1 Christian Borntraeger
2020-02-09 16:03 ` Thomas Huth
2020-02-10 8:45 ` Christian Borntraeger
2020-02-07 11:39 ` [PATCH 29/35] KVM: s390: protvirt: Report CPU state to Ultravisor Christian Borntraeger
2020-02-07 11:39 ` [PATCH 30/35] KVM: s390: protvirt: Support cmd 5 operation state Christian Borntraeger
2020-02-07 11:39 ` [PATCH 31/35] KVM: s390: protvirt: Add UV debug trace Christian Borntraeger
2020-02-10 13:22 ` Cornelia Huck
2020-02-10 13:40 ` Christian Borntraeger
2020-02-07 11:39 ` [PATCH 32/35] KVM: s390: protvirt: Mask PSW interrupt bits for interception 104 and 112 Christian Borntraeger
2020-02-09 16:07 ` Thomas Huth
2020-02-10 13:28 ` Cornelia Huck
2020-02-10 13:48 ` Christian Borntraeger
2020-02-10 14:47 ` Cornelia Huck
2020-02-07 11:39 ` [PATCH 33/35] KVM: s390: protvirt: do not inject interrupts after start Christian Borntraeger
2020-02-07 11:39 ` [PATCH 34/35] KVM: s390: protvirt: Add UV cpu reset calls Christian Borntraeger
2020-02-10 13:17 ` Cornelia Huck
2020-02-10 13:25 ` Christian Borntraeger
2020-02-07 11:39 ` [PATCH 35/35] DOCUMENTATION: Protected virtual machine introduction and IPL Christian Borntraeger
2020-02-11 12:23 ` Thomas Huth
2020-02-11 20:03 ` Christian Borntraeger
2020-02-12 11:03 ` Cornelia Huck
2020-02-12 11:49 ` Christian Borntraeger
2020-02-12 11:01 ` Cornelia Huck
2020-02-12 16:36 ` Christian Borntraeger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200213204628.GE18610@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=Ulrich.Weigand@de.ibm.com \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=frankja@linux.vnet.ibm.com \
--cc=gor@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=kvm-ppc@vger.kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-s390@vger.kernel.org \
--cc=maz@kernel.org \
--cc=mimu@linux.ibm.com \
--cc=pbonzini@redhat.com \
--cc=thomas.lendacky@amd.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.