From: Oliver Upton <oliver.upton@linux.dev>
To: Marc Zyngier <maz@kernel.org>
Cc: kvm@vger.kernel.org, Will Deacon <will@kernel.org>,
stable@vger.kernel.org, kvmarm@lists.linux.dev,
kvmarm@lists.cs.columbia.edu,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH 1/3] KVM: arm64: Fix S1PTW handling on RO memslots
Date: Wed, 21 Dec 2022 16:50:30 +0000 [thread overview]
Message-ID: <Y6M5Vh+EGOhkR5hd@google.com> (raw)
In-Reply-To: <86pmcdaylx.wl-maz@kernel.org>
On Wed, Dec 21, 2022 at 09:35:06AM +0000, Marc Zyngier wrote:
[...]
> > > + if (kvm_vcpu_abt_iss1tw(vcpu)) {
> > > + /*
> > > + * Only a permission fault on a S1PTW should be
> > > + * considered as a write. Otherwise, page tables baked
> > > + * in a read-only memslot will result in an exception
> > > + * being delivered in the guest.
> >
> > Somewhat of a tangent, but:
> >
> > Aren't we somewhat unaligned with the KVM UAPI by injecting an
> > exception in this case? I know we've been doing it for a while, but it
> > flies in the face of the rules outlined in the
> > KVM_SET_USER_MEMORY_REGION documentation.
>
> That's an interesting point, and I certainly haven't considered that
> for faults introduced by page table walks.
>
> I'm not sure what userspace can do with that though. The problem is
> that this is a write for which we don't have useful data: although we
> know it is a page-table walker access, we don't know what it was about
> to write. The instruction that caused the write is meaningless (it
> could either be a load, a store, or an instruction fetch). How do you
> populate the data[] field then?
>
> If anything, this is closer to KVM_EXIT_ARM_NISV, for which we give
> userspace the full ESR and ask it to sort it out. I doubt it will be
> able to, but hey, maybe it is worth a shot. This would need to be a
> different exit reason though, as NISV is explicitly for non-memslot
> stuff.
>
> In any case, the documentation for KVM_SET_USER_MEMORY_REGION needs to
> reflect the fact that KVM_EXIT_MMIO cannot represent a fault due to a
> S1 PTW.
Oh I completely agree with you here. I probably should have said before,
I think the exit would be useless anyway. Getting the documentation in
line with the intended behavior seems to be the best fix.
> >
> > > + * The drawback is that we end-up fauling twice if the
> >
> > typo: s/fauling/faulting/
> >
> > > + * guest is using any of HW AF/DB: a translation fault
> > > + * to map the page containing the PT (read only at
> > > + * first), then a permission fault to allow the flags
> > > + * to be set.
> > > + */
> > > + switch (kvm_vcpu_trap_get_fault_type(vcpu)) {
> > > + case ESR_ELx_FSC_PERM:
> > > + return true;
> > > + default:
> > > + return false;
> > > + }
> > > + }
> > >
> > > if (kvm_vcpu_trap_is_iabt(vcpu))
> > > return false;
> > > --
> > > 2.34.1
> > >
> >
> > Besides the changelog/comment suggestions, the patch looks good to me.
> >
> > Reviewed-by: Oliver Upton <oliver.upton@linux.dev>
>
> Thanks for the quick review! I'll wait a bit before respinning the
> series, as I'd like to get closure on the UAPI point you have raised.
I'm satisfied if you are :)
--
Thanks,
Oliver
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
WARNING: multiple messages have this Message-ID (diff)
From: Oliver Upton <oliver.upton@linux.dev>
To: Marc Zyngier <maz@kernel.org>
Cc: kvmarm@lists.cs.columbia.edu, kvmarm@lists.linux.dev,
kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
James Morse <james.morse@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Ard Biesheuvel <ardb@kernel.org>, Will Deacon <will@kernel.org>,
Quentin Perret <qperret@google.com>,
stable@vger.kernel.org
Subject: Re: [PATCH 1/3] KVM: arm64: Fix S1PTW handling on RO memslots
Date: Wed, 21 Dec 2022 16:50:30 +0000 [thread overview]
Message-ID: <Y6M5Vh+EGOhkR5hd@google.com> (raw)
Message-ID: <20221221165030.ogDX6j1vGJAgDSQQFvSVpJJr6Ika41kFpmNkoIMlNm8@z> (raw)
In-Reply-To: <86pmcdaylx.wl-maz@kernel.org>
On Wed, Dec 21, 2022 at 09:35:06AM +0000, Marc Zyngier wrote:
[...]
> > > + if (kvm_vcpu_abt_iss1tw(vcpu)) {
> > > + /*
> > > + * Only a permission fault on a S1PTW should be
> > > + * considered as a write. Otherwise, page tables baked
> > > + * in a read-only memslot will result in an exception
> > > + * being delivered in the guest.
> >
> > Somewhat of a tangent, but:
> >
> > Aren't we somewhat unaligned with the KVM UAPI by injecting an
> > exception in this case? I know we've been doing it for a while, but it
> > flies in the face of the rules outlined in the
> > KVM_SET_USER_MEMORY_REGION documentation.
>
> That's an interesting point, and I certainly haven't considered that
> for faults introduced by page table walks.
>
> I'm not sure what userspace can do with that though. The problem is
> that this is a write for which we don't have useful data: although we
> know it is a page-table walker access, we don't know what it was about
> to write. The instruction that caused the write is meaningless (it
> could either be a load, a store, or an instruction fetch). How do you
> populate the data[] field then?
>
> If anything, this is closer to KVM_EXIT_ARM_NISV, for which we give
> userspace the full ESR and ask it to sort it out. I doubt it will be
> able to, but hey, maybe it is worth a shot. This would need to be a
> different exit reason though, as NISV is explicitly for non-memslot
> stuff.
>
> In any case, the documentation for KVM_SET_USER_MEMORY_REGION needs to
> reflect the fact that KVM_EXIT_MMIO cannot represent a fault due to a
> S1 PTW.
Oh I completely agree with you here. I probably should have said before,
I think the exit would be useless anyway. Getting the documentation in
line with the intended behavior seems to be the best fix.
> >
> > > + * The drawback is that we end-up fauling twice if the
> >
> > typo: s/fauling/faulting/
> >
> > > + * guest is using any of HW AF/DB: a translation fault
> > > + * to map the page containing the PT (read only at
> > > + * first), then a permission fault to allow the flags
> > > + * to be set.
> > > + */
> > > + switch (kvm_vcpu_trap_get_fault_type(vcpu)) {
> > > + case ESR_ELx_FSC_PERM:
> > > + return true;
> > > + default:
> > > + return false;
> > > + }
> > > + }
> > >
> > > if (kvm_vcpu_trap_is_iabt(vcpu))
> > > return false;
> > > --
> > > 2.34.1
> > >
> >
> > Besides the changelog/comment suggestions, the patch looks good to me.
> >
> > Reviewed-by: Oliver Upton <oliver.upton@linux.dev>
>
> Thanks for the quick review! I'll wait a bit before respinning the
> series, as I'd like to get closure on the UAPI point you have raised.
I'm satisfied if you are :)
--
Thanks,
Oliver
WARNING: multiple messages have this Message-ID (diff)
From: Oliver Upton <oliver.upton@linux.dev>
To: Marc Zyngier <maz@kernel.org>
Cc: kvmarm@lists.cs.columbia.edu, kvmarm@lists.linux.dev,
kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
James Morse <james.morse@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Ard Biesheuvel <ardb@kernel.org>, Will Deacon <will@kernel.org>,
Quentin Perret <qperret@google.com>,
stable@vger.kernel.org
Subject: Re: [PATCH 1/3] KVM: arm64: Fix S1PTW handling on RO memslots
Date: Wed, 21 Dec 2022 16:50:30 +0000 [thread overview]
Message-ID: <Y6M5Vh+EGOhkR5hd@google.com> (raw)
In-Reply-To: <86pmcdaylx.wl-maz@kernel.org>
On Wed, Dec 21, 2022 at 09:35:06AM +0000, Marc Zyngier wrote:
[...]
> > > + if (kvm_vcpu_abt_iss1tw(vcpu)) {
> > > + /*
> > > + * Only a permission fault on a S1PTW should be
> > > + * considered as a write. Otherwise, page tables baked
> > > + * in a read-only memslot will result in an exception
> > > + * being delivered in the guest.
> >
> > Somewhat of a tangent, but:
> >
> > Aren't we somewhat unaligned with the KVM UAPI by injecting an
> > exception in this case? I know we've been doing it for a while, but it
> > flies in the face of the rules outlined in the
> > KVM_SET_USER_MEMORY_REGION documentation.
>
> That's an interesting point, and I certainly haven't considered that
> for faults introduced by page table walks.
>
> I'm not sure what userspace can do with that though. The problem is
> that this is a write for which we don't have useful data: although we
> know it is a page-table walker access, we don't know what it was about
> to write. The instruction that caused the write is meaningless (it
> could either be a load, a store, or an instruction fetch). How do you
> populate the data[] field then?
>
> If anything, this is closer to KVM_EXIT_ARM_NISV, for which we give
> userspace the full ESR and ask it to sort it out. I doubt it will be
> able to, but hey, maybe it is worth a shot. This would need to be a
> different exit reason though, as NISV is explicitly for non-memslot
> stuff.
>
> In any case, the documentation for KVM_SET_USER_MEMORY_REGION needs to
> reflect the fact that KVM_EXIT_MMIO cannot represent a fault due to a
> S1 PTW.
Oh I completely agree with you here. I probably should have said before,
I think the exit would be useless anyway. Getting the documentation in
line with the intended behavior seems to be the best fix.
> >
> > > + * The drawback is that we end-up fauling twice if the
> >
> > typo: s/fauling/faulting/
> >
> > > + * guest is using any of HW AF/DB: a translation fault
> > > + * to map the page containing the PT (read only at
> > > + * first), then a permission fault to allow the flags
> > > + * to be set.
> > > + */
> > > + switch (kvm_vcpu_trap_get_fault_type(vcpu)) {
> > > + case ESR_ELx_FSC_PERM:
> > > + return true;
> > > + default:
> > > + return false;
> > > + }
> > > + }
> > >
> > > if (kvm_vcpu_trap_is_iabt(vcpu))
> > > return false;
> > > --
> > > 2.34.1
> > >
> >
> > Besides the changelog/comment suggestions, the patch looks good to me.
> >
> > Reviewed-by: Oliver Upton <oliver.upton@linux.dev>
>
> Thanks for the quick review! I'll wait a bit before respinning the
> series, as I'd like to get closure on the UAPI point you have raised.
I'm satisfied if you are :)
--
Thanks,
Oliver
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-12-21 16:50 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-20 20:09 [PATCH 0/3] KVM: arm64: Fix handling of S1PTW S2 fault on RO memslots Marc Zyngier
2022-12-20 20:09 ` Marc Zyngier
2022-12-20 20:09 ` Marc Zyngier
2022-12-20 20:09 ` [PATCH 1/3] KVM: arm64: Fix S1PTW handling " Marc Zyngier
2022-12-20 20:09 ` Marc Zyngier
2022-12-20 20:09 ` Marc Zyngier
2022-12-20 21:47 ` Oliver Upton
2022-12-20 21:47 ` Oliver Upton
2022-12-20 21:47 ` Oliver Upton
2022-12-21 9:35 ` Marc Zyngier
2022-12-21 9:35 ` Marc Zyngier
2022-12-21 9:35 ` Marc Zyngier
2022-12-21 16:50 ` Oliver Upton [this message]
2022-12-21 16:50 ` Oliver Upton
2022-12-21 16:50 ` Oliver Upton
2022-12-21 17:53 ` Marc Zyngier
2022-12-21 17:53 ` Marc Zyngier
2022-12-21 17:53 ` Marc Zyngier
2022-12-21 18:26 ` Oliver Upton
2022-12-21 18:26 ` Oliver Upton
2022-12-21 18:26 ` Oliver Upton
2022-12-22 13:01 ` Ard Biesheuvel
2022-12-22 13:01 ` Ard Biesheuvel
2022-12-22 13:01 ` Ard Biesheuvel
2022-12-24 12:18 ` Marc Zyngier
2022-12-24 12:18 ` Marc Zyngier
2022-12-24 12:18 ` Marc Zyngier
2022-12-24 13:09 ` Ard Biesheuvel
2022-12-24 13:09 ` Ard Biesheuvel
2022-12-24 13:09 ` Ard Biesheuvel
2022-12-20 20:09 ` [PATCH 2/3] KVM: arm64: Handle S1PTW translation with TCR_HA set as a write Marc Zyngier
2022-12-20 20:09 ` Marc Zyngier
2022-12-20 20:09 ` Marc Zyngier
2022-12-21 16:46 ` Ricardo Koller
2022-12-21 16:46 ` Ricardo Koller
2022-12-21 16:46 ` Ricardo Koller
2022-12-21 17:43 ` Marc Zyngier
2022-12-21 17:43 ` Marc Zyngier
2022-12-21 17:43 ` Marc Zyngier
2022-12-23 0:33 ` Ricardo Koller
2022-12-23 0:33 ` Ricardo Koller
2022-12-23 0:33 ` Ricardo Koller
2022-12-21 17:46 ` Oliver Upton
2022-12-21 17:46 ` Oliver Upton
2022-12-21 17:46 ` Oliver Upton
2022-12-22 9:01 ` Marc Zyngier
2022-12-22 9:01 ` Marc Zyngier
2022-12-22 9:01 ` Marc Zyngier
2022-12-22 20:58 ` Oliver Upton
2022-12-22 20:58 ` Oliver Upton
2022-12-22 20:58 ` Oliver Upton
2022-12-23 1:00 ` Ricardo Koller
2022-12-23 1:00 ` Ricardo Koller
2022-12-23 1:00 ` Ricardo Koller
2022-12-24 11:59 ` Marc Zyngier
2022-12-24 11:59 ` Marc Zyngier
2022-12-24 11:59 ` Marc Zyngier
2022-12-20 20:09 ` [PATCH 3/3] KVM: arm64: Convert FSC_* over to ESR_ELx_FSC_* Marc Zyngier
2022-12-20 20:09 ` Marc Zyngier
2022-12-20 20:09 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y6M5Vh+EGOhkR5hd@google.com \
--to=oliver.upton@linux.dev \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=maz@kernel.org \
--cc=stable@vger.kernel.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.