From: Sean Christopherson <seanjc@google.com>
To: Kai Huang <kai.huang@intel.com>
Cc: "isaku.yamahata@gmail.com" <isaku.yamahata@gmail.com>,
"dmatlack@google.com" <dmatlack@google.com>,
"chao.p.peng@linux.intel.com" <chao.p.peng@linux.intel.com>,
"ackerleytng@google.com" <ackerleytng@google.com>,
Bo2 Chen <chen.bo@intel.com>, Sagi Shahar <sagis@google.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Vishal Annapurve <vannapurve@google.com>,
Erdem Aktas <erdemaktas@google.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"michael.roth@amd.com" <michael.roth@amd.com>,
Isaku Yamahata <isaku.yamahata@intel.com>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
"zhi.wang.linux@gmail.com" <zhi.wang.linux@gmail.com>
Subject: Re: [RFC PATCH v2 3/6] KVM: x86/mmu: Pass round full 64-bit error code for the KVM page fault
Date: Mon, 26 Jun 2023 14:48:14 -0700 [thread overview]
Message-ID: <ZJoHNPn/tppcJDLG@google.com> (raw)
In-Reply-To: <93404a98324f1a4e93a6b6e711b209bc57c831de.camel@intel.com>
On Sat, Jun 24, 2023, Kai Huang wrote:
>
> > From: Sean Christopherson <seanjc@google.com>
> > Date: Fri, 23 Jun 2023 09:46:38 -0700
> > Subject: [PATCH] KVM: x86/mmu: Guard against collision with KVM-defined
> > PFERR_IMPLICIT_ACCESS
> >
> > Add an assertion in kvm_mmu_page_fault() to ensure the error code provided
> > by hardware doesn't conflict with KVM's software-defined IMPLICIT_ACCESS
> > flag. In the unlikely scenario that future hardware starts using bit 48
> > for a hardware-defined flag, preserving the bit could result in KVM
> > incorrectly interpreting the unknown flag as KVM's IMPLICIT_ACCESS flag.
> >
> > WARN so that any such conflict can be surfaced to KVM developers and
> > resolved, but otherwise ignore the bit as KVM can't possibly rely on a
> > flag it knows nothing about.
>
> I think the fundamental problem is we mix synthetic bit(s) with the hardware
> error code together into a single 'u64'. Given there's no guarantee from
> hardware vendors (Intel/AMD) that some bits will be always reserved for software
> use, there's no guarantee the synthetic bit(s) won't conflict with those
> hardware defined bits.
>
> Perhaps a fundamental fix is to use a new 'u64' as parameter for software-
> defined error code passing to all relevant code paths.
Yeah, in an ideal world KVM wouldn't usurp error code bits. But I don't know
that it's worth plumbing in an extra param to all the affected helpers. From a
functional perspective, unless someone runs with panic_on_warn=1 in production,
or I'm missing something, the warn-and-clear approach is sufficient. If we get
more synthetic "access" bits, then we should revisit this, but I think for now
it's ok
> But I think your fix (or detection) below should be good enough perhaps for a
> long time, and even in the future when such conflict merges, we can move the
> synthetic bit to another bit. The only problem is probably we will need
> relevant patch(es) back-ported to stable kernels.
next prev parent reply other threads:[~2023-06-26 21:48 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-22 23:16 [RFC PATCH v2 0/6] KVM: guest memory: Misc enhacnement isaku.yamahata
2023-06-22 23:16 ` [RFC PATCH v2 1/6] KVM: selftests: Fix test_add_overlapping_private_memory_regions() isaku.yamahata
2023-06-22 23:16 ` [RFC PATCH v2 2/6] KVM: selftests: Fix guest_memfd() isaku.yamahata
2023-06-22 23:16 ` [RFC PATCH v2 3/6] KVM: x86/mmu: Pass round full 64-bit error code for the KVM page fault isaku.yamahata
2023-06-22 23:28 ` Huang, Kai
2023-06-23 2:54 ` Isaku Yamahata
2023-06-23 17:18 ` Sean Christopherson
2023-06-24 4:15 ` Huang, Kai
2023-06-26 21:48 ` Sean Christopherson [this message]
2023-06-22 23:16 ` [RFC PATCH v2 4/6] KVM: x86: Introduce fault type to indicate kvm page fault is private isaku.yamahata
2023-06-23 20:04 ` Sean Christopherson
2023-06-26 1:07 ` Michael Roth
2023-06-26 18:21 ` Sean Christopherson
2023-06-27 23:58 ` Michael Roth
2023-06-28 16:53 ` Sean Christopherson
2023-06-22 23:16 ` [RFC PATCH v2 5/6] KVM: Add flags to struct kvm_gfn_range isaku.yamahata
2023-06-28 6:41 ` Yuan Yao
2023-06-28 17:03 ` Isaku Yamahata
2023-06-28 15:21 ` Michael Roth
2023-06-28 17:05 ` Isaku Yamahata
2023-06-22 23:16 ` [RFC PATCH v2 6/6] KVM: x86: Add is_vm_type_supported callback isaku.yamahata
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZJoHNPn/tppcJDLG@google.com \
--to=seanjc@google.com \
--cc=ackerleytng@google.com \
--cc=chao.p.peng@linux.intel.com \
--cc=chen.bo@intel.com \
--cc=dmatlack@google.com \
--cc=erdemaktas@google.com \
--cc=isaku.yamahata@gmail.com \
--cc=isaku.yamahata@intel.com \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=pbonzini@redhat.com \
--cc=sagis@google.com \
--cc=vannapurve@google.com \
--cc=zhi.wang.linux@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.