From: Sean Christopherson <seanjc@google.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
yan.y.zhao@intel.com, isaku.yamahata@intel.com,
binbin.wu@linux.intel.com, rick.p.edgecombe@intel.com,
Kai Huang <kai.huang@intel.com>
Subject: Re: [PATCH v6 15/18] KVM: x86/tdp_mmu: Propagate tearing down mirror page tables
Date: Fri, 17 Jan 2025 17:09:48 -0800 [thread overview]
Message-ID: <Z4r_XNcxPWpgjZio@google.com> (raw)
In-Reply-To: <20241222193445.349800-16-pbonzini@redhat.com>
On Sun, Dec 22, 2024, Paolo Bonzini wrote:
> + /* Because write lock is held, operation should success. */
succeed.
> + ret = static_call(kvm_x86_remove_external_spte)(kvm, gfn, level, old_pfn);
> + KVM_BUG_ON(ret, kvm);
> +}
> +
> /**
> * handle_removed_pt() - handle a page table removed from the TDP structure
> *
> @@ -435,6 +458,23 @@ static void handle_removed_pt(struct kvm *kvm, tdp_ptep_t pt, bool shared)
> }
> handle_changed_spte(kvm, kvm_mmu_page_as_id(sp), gfn,
> old_spte, FROZEN_SPTE, level, shared);
> +
> + if (is_mirror_sp(sp)) {
> + KVM_BUG_ON(shared, kvm);
Should these bail early if the KVM_BUG_ON() is hit? Calling into the TDX module
after bugging the VM is a bit odd.
> + remove_external_spte(kvm, gfn, old_spte, level);
> + }
> + }
> +
> + if (is_mirror_sp(sp) &&
> + WARN_ON(static_call(kvm_x86_free_external_spt)(kvm, base_gfn, sp->role.level,
WARN_ON_ONCE(). I suspect that if this ever gets hit, it'll come in bunches.
> + sp->external_spt))) {
> + /*
> + * Failed to free page table page in mirror page table and
> + * there is nothing to do further.
> + * Intentionally leak the page to prevent the kernel from
> + * accessing the encrypted page.
> + */
> + sp->external_spt = NULL;
> }
>
> call_rcu(&sp->rcu_head, tdp_mmu_free_sp_rcu_callback);
> @@ -608,6 +648,13 @@ static inline int __must_check __tdp_mmu_set_spte_atomic(struct kvm *kvm,
> if (is_mirror_sptep(iter->sptep) && !is_frozen_spte(new_spte)) {
> int ret;
>
> + /*
> + * Users of atomic zapping don't operate on mirror roots,
> + * so don't handle it and bug the VM if it's seen.
> + */
> + if (KVM_BUG_ON(!is_shadow_present_pte(new_spte), kvm))
> + return -EBUSY;
> +
> ret = set_external_spte_present(kvm, iter->sptep, iter->gfn,
> iter->old_spte, new_spte, iter->level);
> if (ret)
> @@ -700,8 +747,10 @@ static u64 tdp_mmu_set_spte(struct kvm *kvm, int as_id, tdp_ptep_t sptep,
> * Users that do non-atomic setting of PTEs don't operate on mirror
> * roots, so don't handle it and bug the VM if it's seen.
> */
> - if (is_mirror_sptep(sptep))
> + if (is_mirror_sptep(sptep)) {
> KVM_BUG_ON(is_shadow_present_pte(new_spte), kvm);
> + remove_external_spte(kvm, gfn, old_spte, level);
> + }
>
> return old_spte;
> }
> --
> 2.43.5
>
>
next prev parent reply other threads:[~2025-01-18 1:09 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-22 19:34 [PATCH v6 00/18] TDX MMU prep series part 1 Paolo Bonzini
2024-12-22 19:34 ` [PATCH v6 01/18] KVM: x86/mmu: Zap invalid roots with mmu_lock held for write at uninit Paolo Bonzini
2024-12-23 7:58 ` Yan Zhao
2024-12-22 19:34 ` [PATCH v6 02/18] KVM: Add member to struct kvm_gfn_range to indicate private/shared Paolo Bonzini
2024-12-22 19:34 ` [PATCH v6 03/18] KVM: x86: Add a VM type define for TDX Paolo Bonzini
2024-12-22 19:34 ` [PATCH v6 04/18] KVM: x86/mmu: Add an external pointer to struct kvm_mmu_page Paolo Bonzini
2024-12-22 19:34 ` [PATCH v6 05/18] KVM: x86/mmu: Add an is_mirror member for union kvm_mmu_page_role Paolo Bonzini
2024-12-23 11:23 ` Yan Zhao
2024-12-22 19:34 ` [PATCH v6 06/18] KVM: x86/mmu: Make kvm_tdp_mmu_alloc_root() return void Paolo Bonzini
2024-12-22 19:34 ` [PATCH v6 07/18] KVM: x86/tdp_mmu: Take struct kvm in iter loops Paolo Bonzini
2024-12-22 19:34 ` [PATCH v6 08/18] KVM: x86/mmu: Support GFN direct bits Paolo Bonzini
2025-01-18 1:03 ` Sean Christopherson
2024-12-22 19:34 ` [PATCH v6 09/18] KVM: x86/tdp_mmu: Extract root invalid check from tdx_mmu_next_root() Paolo Bonzini
2025-01-18 1:05 ` Sean Christopherson
2025-01-22 18:20 ` Paolo Bonzini
2024-12-22 19:34 ` [PATCH v6 10/18] KVM: x86/tdp_mmu: Introduce KVM MMU root types to specify page table type Paolo Bonzini
2024-12-22 19:34 ` [PATCH v6 11/18] KVM: x86/tdp_mmu: Take root in tdp_mmu_for_each_pte() Paolo Bonzini
2024-12-22 19:34 ` [PATCH v6 12/18] KVM: x86/tdp_mmu: Support mirror root for TDP MMU Paolo Bonzini
2024-12-22 19:34 ` [PATCH v6 13/18] KVM: x86/tdp_mmu: Propagate attr_filter to MMU notifier callbacks Paolo Bonzini
2024-12-22 19:34 ` [PATCH v6 14/18] KVM: x86/tdp_mmu: Propagate building mirror page tables Paolo Bonzini
2024-12-22 19:34 ` [PATCH v6 15/18] KVM: x86/tdp_mmu: Propagate tearing down " Paolo Bonzini
2025-01-18 1:09 ` Sean Christopherson [this message]
2024-12-22 19:34 ` [PATCH v6 16/18] KVM: x86/tdp_mmu: Take root types for kvm_tdp_mmu_invalidate_all_roots() Paolo Bonzini
2024-12-22 19:34 ` [PATCH v6 17/18] KVM: x86/tdp_mmu: Don't zap valid mirror roots in kvm_tdp_mmu_zap_all() Paolo Bonzini
2024-12-22 19:34 ` [PATCH v6 18/18] KVM: x86/mmu: Prevent aliased memslot GFNs Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z4r_XNcxPWpgjZio@google.com \
--to=seanjc@google.com \
--cc=binbin.wu@linux.intel.com \
--cc=isaku.yamahata@intel.com \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=yan.y.zhao@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.