From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sean Christopherson Date: Wed, 13 Dec 2023 14:59:16 -0800 Subject: [PATCH v4 10/12] KVM: x86: never write to memory from kvm_vcpu_check_block() In-Reply-To: <5ca5592b21131f515e296afae006e5bb28b1fb87.camel@redhat.com> References: <20220921003201.1441511-11-seanjc@google.com> <20231207010302.2240506-1-jmattson@google.com> <5ca5592b21131f515e296afae006e5bb28b1fb87.camel@redhat.com> Message-ID: List-Id: To: kvm-riscv@lists.infradead.org MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit On Thu, Dec 14, 2023, Maxim Levitsky wrote: > On Tue, 2023-12-12 at 07:28 -0800, Sean Christopherson wrote: > > On Sun, Dec 10, 2023, Jim Mattson wrote: > > > On Thu, Dec 7, 2023 at 8:21?AM Sean Christopherson wrote: > > > > Doh. We got the less obvious cases and missed the obvious one. > > > > > > > > Ugh, and we also missed a related mess in kvm_guest_apic_has_interrupt(). That > > > > thing should really be folded into vmx_has_nested_events(). > > > > > > > > Good gravy. And vmx_interrupt_blocked() does the wrong thing because that > > > > specifically checks if L1 interrupts are blocked. > > > > > > > > Compile tested only, and definitely needs to be chunked into multiple patches, > > > > but I think something like this mess? > > > > > > The proposed patch does not fix the problem. In fact, it messes things > > > up so much that I don't get any test results back. > > > > Drat. > > > > > Google has an internal K-U-T test that demonstrates the problem. I > > > will post it soon. > > > > Received, I'll dig in soonish, though "soonish" might unfortunately might mean > > 2024. > > > > Hi, > > So this is what I think: > > KVM does have kvm_guest_apic_has_interrupt() for this exact purpose, > to check if nested APICv has a pending interrupt before halting. For all intents and purposes, so was nested_ops->has_events(). I don't see any reason to have two APIs that do the same thing, and the call to kvm_guest_apic_has_interrupt() is wrong in that it doesn't verify that IRQs are enabled for _L2_. That's why my preference is to fold the two together. > However the problem is bigger - with APICv we have in essence 2 pending > interrupt bitmaps - the PIR and the IRR, and to know if the guest has a > pending interrupt one has in theory to copy PIR to IRR, then see if the max > is larger then the current PPR. Yeah, this is what my untested hack-a-patch tried to do. > Since we don't want to write to guest memory, The changelog is misleading/wrong. Writing guest memory is ok, what isn't safe is blocking or sleeping, i.e. KVM must not trigger a host page fault due to accessing a page that's been swapped out. Read vs. write doesn't matter. So KVM can safely read and write guest memory so long as it already mapped by kvm_vcpu_map() (or I suppose if we wrapped an access with pagefault_disable(), but I can't think of a sane reason to do that). E.g. nVMX can access a vCPU's PID mapping, but synthesizing a nested VM-Exit will cause explosions on nSVM. > and the IRR here resides in the guest memory, I guess we have to do a > 'dry-run' version of 'vmx_complete_nested_posted_interrupt' and call it from > kvm_guest_apic_has_interrupt(). nested_ops->has_events() is the much better fit, e.g. the naming won't get weird and we can gate the whole thing on is_guest_mode(). Though we probably need a wrapper to handle any commonalities between nVMX and nSVM. > What do you think? I can prepare a patch for this. As above, this is what I tried to do, sort of. Though it's obviously broken. We don't need a full dry-run because KVM only needs to detect events that are unique to L2, e.g. nVMX's preemption timer, MTF, and pending virtual interrupts (hmm, I suspect nSVM's vNMI is broken too). Things like INIT and SMI don't require nested virtualization awareness because the event itself is tracked for the vCPU as a whole. From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="KfqFARil" Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 534AAD5 for ; Wed, 13 Dec 2023 14:59:19 -0800 (PST) Received: by mail-yb1-xb49.google.com with SMTP id 3f1490d57ef6-dbcd8f64549so982829276.3 for ; Wed, 13 Dec 2023 14:59:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1702508358; x=1703113158; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id :reply-to; bh=P+J5uhAeT04KXTELzQDOfFmLaVLnZ2vRpEsBsoOgLL4=; b=KfqFARilZk67aIMqxNzCzRfq/DqZxGxtsMpp6prFL06MxhzS4rmbbTrr45NGtdGuXx KGDWdDc5pUuYn4KLtlljQWjoyefiJ+ddfqQuBYsPI8iJsD84nclDLmF2M7jNwCDXWZx9 oBgnaPFFWpVJ5b6NyJHDx6StNjYYfzDlP/WjURuo/sjTiO5kc68j/f+3k/UBpiDMhxAi r2yE5mkELOpmdYkZGb0OZ0RL7MbMuN0alb7bGZs52REVX6RUQZKuJ+yePas9LILeCKQM qV48pvLgllVHnX7o8YniHt4JydRf0XU7yJq97zg22VyJ/0tYr5ajGy0mRBUcvtURKr/B h7nA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702508358; x=1703113158; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=P+J5uhAeT04KXTELzQDOfFmLaVLnZ2vRpEsBsoOgLL4=; b=XppTwkL9QKXy4fot7r5yMDBf4XuLLCMSrvAF205IMpZp/8/mBZfiJbfVED4hwh3ySe FkWZ1O/vykJrWJlyonD++W2OghfPIMMF6sFNOEoCozUWVZyz9EUwQSHZZLqnqtPUEizQ WIAPkqct/R7qWuz9mgfLEWbnecPKfRKkiujwSqlXzQNRIfYnsFZ7gYYS/m3KqrFE6qLn KUcdkoDBVdg0DlIB9D4/aZvTVWkJLYs6zOeFRptL/5JsanyyFpaiCDxtAlIzVy7XbmEl bqIAkk4V/RnMQFkYOa7D+6yTfxarncAnoeBmtetlLo9X/ijI9r1P9Smf7xPAUWAB9A9u q7uA== X-Gm-Message-State: AOJu0YxMEC/MMzndzL2f0Qk+QwKpjebEB4vU2N+aLY/69zYxtuO5/ULM GuVW4hHvywH/Qr4i6HTzxAm7h2HFf3k= X-Google-Smtp-Source: AGHT+IF/2tOKGAnp02CUAmcGGknds7jEyZkdjWAgG3ZJhjWlZQOPu75oZHl38j1efeikxZ9gYUCkkMb1/cI= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:a28c:0:b0:dbc:d4c4:15d3 with SMTP id c12-20020a25a28c000000b00dbcd4c415d3mr27833ybi.5.1702508358541; Wed, 13 Dec 2023 14:59:18 -0800 (PST) Date: Wed, 13 Dec 2023 14:59:16 -0800 In-Reply-To: <5ca5592b21131f515e296afae006e5bb28b1fb87.camel@redhat.com> Precedence: bulk X-Mailing-List: linux-mips@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20220921003201.1441511-11-seanjc@google.com> <20231207010302.2240506-1-jmattson@google.com> <5ca5592b21131f515e296afae006e5bb28b1fb87.camel@redhat.com> Message-ID: Subject: Re: [PATCH v4 10/12] KVM: x86: never write to memory from kvm_vcpu_check_block() From: Sean Christopherson To: Maxim Levitsky Cc: Jim Mattson , alexandru.elisei@arm.com, anup@brainfault.org, aou@eecs.berkeley.edu, atishp@atishpatra.org, borntraeger@linux.ibm.com, chenhuacai@kernel.org, david@redhat.com, frankja@linux.ibm.com, imbrenda@linux.ibm.com, james.morse@arm.com, kvm-riscv@lists.infradead.org, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mips@vger.kernel.org, linux-riscv@lists.infradead.org, linuxppc-dev@lists.ozlabs.org, maz@kernel.org, oliver.upton@linux.dev, palmer@dabbelt.com, paul.walmsley@sifive.com, pbonzini@redhat.com, suzuki.poulose@arm.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Thu, Dec 14, 2023, Maxim Levitsky wrote: > On Tue, 2023-12-12 at 07:28 -0800, Sean Christopherson wrote: > > On Sun, Dec 10, 2023, Jim Mattson wrote: > > > On Thu, Dec 7, 2023 at 8:21=E2=80=AFAM Sean Christopherson wrote: > > > > Doh. We got the less obvious cases and missed the obvious one. > > > >=20 > > > > Ugh, and we also missed a related mess in kvm_guest_apic_has_interr= upt(). That > > > > thing should really be folded into vmx_has_nested_events(). > > > >=20 > > > > Good gravy. And vmx_interrupt_blocked() does the wrong thing becau= se that > > > > specifically checks if L1 interrupts are blocked. > > > >=20 > > > > Compile tested only, and definitely needs to be chunked into multip= le patches, > > > > but I think something like this mess? > > >=20 > > > The proposed patch does not fix the problem. In fact, it messes thing= s > > > up so much that I don't get any test results back. > >=20 > > Drat. > >=20 > > > Google has an internal K-U-T test that demonstrates the problem. I > > > will post it soon. > >=20 > > Received, I'll dig in soonish, though "soonish" might unfortunately mig= ht mean > > 2024. > >=20 >=20 > Hi, >=20 > So this is what I think: >=20 > KVM does have kvm_guest_apic_has_interrupt() for this exact purpose, > to check if nested APICv has a pending interrupt before halting. For all intents and purposes, so was nested_ops->has_events(). I don't see any reason to have two APIs that do the same thing, and the call to kvm_guest_apic_has_interrupt() is wrong in that it doesn't verify that IRQs= are enabled for _L2_. That's why my preference is to fold the two together. > However the problem is bigger - with APICv we have in essence 2 pending > interrupt bitmaps - the PIR and the IRR, and to know if the guest has a > pending interrupt one has in theory to copy PIR to IRR, then see if the m= ax > is larger then the current PPR. Yeah, this is what my untested hack-a-patch tried to do. > Since we don't want to write to guest memory, The changelog is misleading/wrong. Writing guest memory is ok, what isn't = safe is blocking or sleeping, i.e. KVM must not trigger a host page fault due to accessing a page that's been swapped out. Read vs. write doesn't matter. So KVM can safely read and write guest memory so long as it already mapped = by=20 kvm_vcpu_map() (or I suppose if we wrapped an access with pagefault_disable= (), but I can't think of a sane reason to do that). E.g. nVMX can access a vCP= U's PID mapping, but synthesizing a nested VM-Exit will cause explosions on nSV= M. > and the IRR here resides in the guest memory, I guess we have to do a > 'dry-run' version of 'vmx_complete_nested_posted_interrupt' and call it f= rom > kvm_guest_apic_has_interrupt(). nested_ops->has_events() is the much better fit, e.g. the naming won't get = weird and we can gate the whole thing on is_guest_mode(). Though we probably nee= d a wrapper to handle any commonalities between nVMX and nSVM. > What do you think? I can prepare a patch for this. As above, this is what I tried to do, sort of. Though it's obviously broke= n. We don't need a full dry-run because KVM only needs to detect events that are = unique to L2, e.g. nVMX's preemption timer, MTF, and pending virtual interrupts (h= mm, I suspect nSVM's vNMI is broken too). Things like INIT and SMI don't requi= re nested virtualization awareness because the event itself is tracked for the= vCPU as a whole. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7174BC4332F for ; Wed, 13 Dec 2023 22:59:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Message-ID: References:Mime-Version:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=HDVoaL3EV+JB3KUUXuyh208SKuZZZ2SG/wog2sg1n1Q=; b=Xi2XYhAl3hHdcv1PEPi95qUici xih2/jf8uRnQw0euFOVcccbPMOfqofqZX9Q+pEi9OvxVC8KY/Fp+5iy0ZZ8eNkdmzhQE3oNGNqjKJ j2iQaYswolO7I9z1riDI0XbEySwNEZ05zj7u/c514Pyn3WlBBppnVMoZR+R4wEt+JS95q82E5G4l0 u+yY5fYOpTt6bWQ/1tx7Gzox65JfE6k5vsKEObhUgzooLrKwwfG7aY3LhQKzOc71HEW5/bkaSNAcd UieLt/XhbslQb07jhbRz3b5+zx4FG3Oa6hSG2WdHSxVHq/bVWtYwrukHA1+SsVqtkOObwDRr0p6lu ceRxAlaw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1rDYCQ-00GC89-0s; Wed, 13 Dec 2023 22:59:30 +0000 Received: from mail-yb1-xb4a.google.com ([2607:f8b0:4864:20::b4a]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1rDYCL-00GC5Y-2T for linux-riscv@lists.infradead.org; Wed, 13 Dec 2023 22:59:28 +0000 Received: by mail-yb1-xb4a.google.com with SMTP id 3f1490d57ef6-dbcc6933a14so1973045276.1 for ; Wed, 13 Dec 2023 14:59:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1702508358; x=1703113158; darn=lists.infradead.org; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id :reply-to; bh=P+J5uhAeT04KXTELzQDOfFmLaVLnZ2vRpEsBsoOgLL4=; b=r1jryfbj3yXQBG35BuewYaUA7c7mkXeFiBp0Vsh/zoMxxCLb4X1YdVQ4w8SIuQ4wnX cmQTBbqLpJG9AoLIB8y+1ks8qrXdBDWjAWDuEw797iS9kJhq7GqK10NLBpuDhqeILJ5v ebhhMcnX8Hx6VX/lvn0zcm6LRcy5p1ZCPtdyWH2ye9FszHpxyjww0KvhGerSjc68nf9a Fv8paK3zlinkxt1zwh9I3jBo84xPnWRuylxZWV1QngtG7yVT8inGP11/6RBQoD3PWRA+ 3WCwmSDhfOwEaEN90ho6zkWnzue/NiP+614G/AAHpeCYuqK/MplElo8X0cprA+Jkz0vJ 0uPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702508358; x=1703113158; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=P+J5uhAeT04KXTELzQDOfFmLaVLnZ2vRpEsBsoOgLL4=; b=PWE3ngFSa6ht7s1+6hH14TbCeDAFNHAucLu4iCFXdyESt/dxQ7usrDDqgg7iZf5TNL oZNVRdEFVi7SwGVFPjU7xud29PRbix1aZ9rPekdv3Dtzj6RL36TTFNNnoex5KCzuHegU KPPpYxtzI35D6PHPRO7oBaqhSpUzLtlDZdOnFpPHwYK6VYFk0nFtientAOYR7ie1j+lz 3PgJrIEju9UWOw1/VekjSrahHR0q+CPWtp8LNCYIyocDVqgYGaLL2GcTWL6t3wJ+LY8I Uyth78P3uKEFm8BMgj42WwlIQjc9RLBZQWZxZeWez8x5DK9oZox8AIJVYSfnjI/jNAVR 3ExA== X-Gm-Message-State: AOJu0YzoMZCk7AJvKPY7GeDBXbKASpWfpRZfNyeOi2jLGKXEejHeWl+K y5ft3hmH9Mn1wepvaZLWHkJSIkYL1L4= X-Google-Smtp-Source: AGHT+IF/2tOKGAnp02CUAmcGGknds7jEyZkdjWAgG3ZJhjWlZQOPu75oZHl38j1efeikxZ9gYUCkkMb1/cI= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:a28c:0:b0:dbc:d4c4:15d3 with SMTP id c12-20020a25a28c000000b00dbcd4c415d3mr27833ybi.5.1702508358541; Wed, 13 Dec 2023 14:59:18 -0800 (PST) Date: Wed, 13 Dec 2023 14:59:16 -0800 In-Reply-To: <5ca5592b21131f515e296afae006e5bb28b1fb87.camel@redhat.com> Mime-Version: 1.0 References: <20220921003201.1441511-11-seanjc@google.com> <20231207010302.2240506-1-jmattson@google.com> <5ca5592b21131f515e296afae006e5bb28b1fb87.camel@redhat.com> Message-ID: Subject: Re: [PATCH v4 10/12] KVM: x86: never write to memory from kvm_vcpu_check_block() From: Sean Christopherson To: Maxim Levitsky Cc: Jim Mattson , alexandru.elisei@arm.com, anup@brainfault.org, aou@eecs.berkeley.edu, atishp@atishpatra.org, borntraeger@linux.ibm.com, chenhuacai@kernel.org, david@redhat.com, frankja@linux.ibm.com, imbrenda@linux.ibm.com, james.morse@arm.com, kvm-riscv@lists.infradead.org, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mips@vger.kernel.org, linux-riscv@lists.infradead.org, linuxppc-dev@lists.ozlabs.org, maz@kernel.org, oliver.upton@linux.dev, palmer@dabbelt.com, paul.walmsley@sifive.com, pbonzini@redhat.com, suzuki.poulose@arm.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20231213_145925_810185_BDD88DD3 X-CRM114-Status: GOOD ( 34.86 ) X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org T24gVGh1LCBEZWMgMTQsIDIwMjMsIE1heGltIExldml0c2t5IHdyb3RlOgo+IE9uIFR1ZSwgMjAy My0xMi0xMiBhdCAwNzoyOCAtMDgwMCwgU2VhbiBDaHJpc3RvcGhlcnNvbiB3cm90ZToKPiA+IE9u IFN1biwgRGVjIDEwLCAyMDIzLCBKaW0gTWF0dHNvbiB3cm90ZToKPiA+ID4gT24gVGh1LCBEZWMg NywgMjAyMyBhdCA4OjIx4oCvQU0gU2VhbiBDaHJpc3RvcGhlcnNvbiA8c2VhbmpjQGdvb2dsZS5j b20+IHdyb3RlOgo+ID4gPiA+IERvaC4gIFdlIGdvdCB0aGUgbGVzcyBvYnZpb3VzIGNhc2VzIGFu ZCBtaXNzZWQgdGhlIG9idmlvdXMgb25lLgo+ID4gPiA+IAo+ID4gPiA+IFVnaCwgYW5kIHdlIGFs c28gbWlzc2VkIGEgcmVsYXRlZCBtZXNzIGluIGt2bV9ndWVzdF9hcGljX2hhc19pbnRlcnJ1cHQo KS4gIFRoYXQKPiA+ID4gPiB0aGluZyBzaG91bGQgcmVhbGx5IGJlIGZvbGRlZCBpbnRvIHZteF9o YXNfbmVzdGVkX2V2ZW50cygpLgo+ID4gPiA+IAo+ID4gPiA+IEdvb2QgZ3JhdnkuICBBbmQgdm14 X2ludGVycnVwdF9ibG9ja2VkKCkgZG9lcyB0aGUgd3JvbmcgdGhpbmcgYmVjYXVzZSB0aGF0Cj4g PiA+ID4gc3BlY2lmaWNhbGx5IGNoZWNrcyBpZiBMMSBpbnRlcnJ1cHRzIGFyZSBibG9ja2VkLgo+ ID4gPiA+IAo+ID4gPiA+IENvbXBpbGUgdGVzdGVkIG9ubHksIGFuZCBkZWZpbml0ZWx5IG5lZWRz IHRvIGJlIGNodW5rZWQgaW50byBtdWx0aXBsZSBwYXRjaGVzLAo+ID4gPiA+IGJ1dCBJIHRoaW5r IHNvbWV0aGluZyBsaWtlIHRoaXMgbWVzcz8KPiA+ID4gCj4gPiA+IFRoZSBwcm9wb3NlZCBwYXRj aCBkb2VzIG5vdCBmaXggdGhlIHByb2JsZW0uIEluIGZhY3QsIGl0IG1lc3NlcyB0aGluZ3MKPiA+ ID4gdXAgc28gbXVjaCB0aGF0IEkgZG9uJ3QgZ2V0IGFueSB0ZXN0IHJlc3VsdHMgYmFjay4KPiA+ IAo+ID4gRHJhdC4KPiA+IAo+ID4gPiBHb29nbGUgaGFzIGFuIGludGVybmFsIEstVS1UIHRlc3Qg dGhhdCBkZW1vbnN0cmF0ZXMgdGhlIHByb2JsZW0uIEkKPiA+ID4gd2lsbCBwb3N0IGl0IHNvb24u Cj4gPiAKPiA+IFJlY2VpdmVkLCBJJ2xsIGRpZyBpbiBzb29uaXNoLCB0aG91Z2ggInNvb25pc2gi IG1pZ2h0IHVuZm9ydHVuYXRlbHkgbWlnaHQgbWVhbgo+ID4gMjAyNC4KPiA+IAo+IAo+IEhpLAo+ IAo+IFNvIHRoaXMgaXMgd2hhdCBJIHRoaW5rOgo+IAo+IEtWTSBkb2VzIGhhdmUga3ZtX2d1ZXN0 X2FwaWNfaGFzX2ludGVycnVwdCgpIGZvciB0aGlzIGV4YWN0IHB1cnBvc2UsCj4gdG8gY2hlY2sg aWYgbmVzdGVkIEFQSUN2IGhhcyBhIHBlbmRpbmcgaW50ZXJydXB0IGJlZm9yZSBoYWx0aW5nLgoK Rm9yIGFsbCBpbnRlbnRzIGFuZCBwdXJwb3Nlcywgc28gd2FzIG5lc3RlZF9vcHMtPmhhc19ldmVu dHMoKS4gIEkgZG9uJ3Qgc2VlCmFueSByZWFzb24gdG8gaGF2ZSB0d28gQVBJcyB0aGF0IGRvIHRo ZSBzYW1lIHRoaW5nLCBhbmQgdGhlIGNhbGwgdG8Ka3ZtX2d1ZXN0X2FwaWNfaGFzX2ludGVycnVw dCgpIGlzIHdyb25nIGluIHRoYXQgaXQgZG9lc24ndCB2ZXJpZnkgdGhhdCBJUlFzIGFyZQplbmFi bGVkIGZvciBfTDJfLiAgVGhhdCdzIHdoeSBteSBwcmVmZXJlbmNlIGlzIHRvIGZvbGQgdGhlIHR3 byB0b2dldGhlci4KCj4gSG93ZXZlciB0aGUgcHJvYmxlbSBpcyBiaWdnZXIgLSB3aXRoIEFQSUN2 IHdlIGhhdmUgaW4gZXNzZW5jZSAyIHBlbmRpbmcKPiBpbnRlcnJ1cHQgYml0bWFwcyAtIHRoZSBQ SVIgYW5kIHRoZSBJUlIsIGFuZCB0byBrbm93IGlmIHRoZSBndWVzdCBoYXMgYQo+IHBlbmRpbmcg aW50ZXJydXB0IG9uZSBoYXMgaW4gdGhlb3J5IHRvIGNvcHkgUElSIHRvIElSUiwgdGhlbiBzZWUg aWYgdGhlIG1heAo+IGlzIGxhcmdlciB0aGVuIHRoZSBjdXJyZW50IFBQUi4KClllYWgsIHRoaXMg aXMgd2hhdCBteSB1bnRlc3RlZCBoYWNrLWEtcGF0Y2ggdHJpZWQgdG8gZG8uCgo+IFNpbmNlIHdl IGRvbid0IHdhbnQgdG8gd3JpdGUgdG8gZ3Vlc3QgbWVtb3J5LAoKVGhlIGNoYW5nZWxvZyBpcyBt aXNsZWFkaW5nL3dyb25nLiAgV3JpdGluZyBndWVzdCBtZW1vcnkgaXMgb2ssIHdoYXQgaXNuJ3Qg c2FmZQppcyBibG9ja2luZyBvciBzbGVlcGluZywgaS5lLiBLVk0gbXVzdCBub3QgdHJpZ2dlciBh IGhvc3QgcGFnZSBmYXVsdCBkdWUgdG8KYWNjZXNzaW5nIGEgcGFnZSB0aGF0J3MgYmVlbiBzd2Fw cGVkIG91dC4gIFJlYWQgdnMuIHdyaXRlIGRvZXNuJ3QgbWF0dGVyLgoKU28gS1ZNIGNhbiBzYWZl bHkgcmVhZCBhbmQgd3JpdGUgZ3Vlc3QgbWVtb3J5IHNvIGxvbmcgYXMgaXQgYWxyZWFkeSBtYXBw ZWQgYnkgCmt2bV92Y3B1X21hcCgpIChvciBJIHN1cHBvc2UgaWYgd2Ugd3JhcHBlZCBhbiBhY2Nl c3Mgd2l0aCBwYWdlZmF1bHRfZGlzYWJsZSgpLApidXQgSSBjYW4ndCB0aGluayBvZiBhIHNhbmUg cmVhc29uIHRvIGRvIHRoYXQpLiAgRS5nLiBuVk1YIGNhbiBhY2Nlc3MgYSB2Q1BVJ3MKUElEIG1h cHBpbmcsIGJ1dCBzeW50aGVzaXppbmcgYSBuZXN0ZWQgVk0tRXhpdCB3aWxsIGNhdXNlIGV4cGxv c2lvbnMgb24gblNWTS4KCj4gYW5kIHRoZSBJUlIgaGVyZSByZXNpZGVzIGluIHRoZSBndWVzdCBt ZW1vcnksIEkgZ3Vlc3Mgd2UgaGF2ZSB0byBkbyBhCj4gJ2RyeS1ydW4nIHZlcnNpb24gb2YgJ3Zt eF9jb21wbGV0ZV9uZXN0ZWRfcG9zdGVkX2ludGVycnVwdCcgYW5kIGNhbGwgaXQgZnJvbQo+IGt2 bV9ndWVzdF9hcGljX2hhc19pbnRlcnJ1cHQoKS4KCm5lc3RlZF9vcHMtPmhhc19ldmVudHMoKSBp cyB0aGUgbXVjaCBiZXR0ZXIgZml0LCBlLmcuIHRoZSBuYW1pbmcgd29uJ3QgZ2V0IHdlaXJkCmFu ZCB3ZSBjYW4gZ2F0ZSB0aGUgd2hvbGUgdGhpbmcgb24gaXNfZ3Vlc3RfbW9kZSgpLiAgVGhvdWdo IHdlIHByb2JhYmx5IG5lZWQgYQp3cmFwcGVyIHRvIGhhbmRsZSBhbnkgY29tbW9uYWxpdGllcyBi ZXR3ZWVuIG5WTVggYW5kIG5TVk0uCgo+IFdoYXQgZG8geW91IHRoaW5rPyBJIGNhbiBwcmVwYXJl IGEgcGF0Y2ggZm9yIHRoaXMuCgpBcyBhYm92ZSwgdGhpcyBpcyB3aGF0IEkgdHJpZWQgdG8gZG8s IHNvcnQgb2YuICBUaG91Z2ggaXQncyBvYnZpb3VzbHkgYnJva2VuLiAgV2UKZG9uJ3QgbmVlZCBh IGZ1bGwgZHJ5LXJ1biBiZWNhdXNlIEtWTSBvbmx5IG5lZWRzIHRvIGRldGVjdCBldmVudHMgdGhh dCBhcmUgdW5pcXVlCnRvIEwyLCBlLmcuIG5WTVgncyBwcmVlbXB0aW9uIHRpbWVyLCBNVEYsIGFu ZCBwZW5kaW5nIHZpcnR1YWwgaW50ZXJydXB0cyAoaG1tLApJIHN1c3BlY3QgblNWTSdzIHZOTUkg aXMgYnJva2VuIHRvbykuICBUaGluZ3MgbGlrZSBJTklUIGFuZCBTTUkgZG9uJ3QgcmVxdWlyZQpu ZXN0ZWQgdmlydHVhbGl6YXRpb24gYXdhcmVuZXNzIGJlY2F1c2UgdGhlIGV2ZW50IGl0c2VsZiBp cyB0cmFja2VkIGZvciB0aGUgdkNQVQphcyBhIHdob2xlLgoKX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX18KbGludXgtcmlzY3YgbWFpbGluZyBsaXN0CmxpbnV4 LXJpc2N2QGxpc3RzLmluZnJhZGVhZC5vcmcKaHR0cDovL2xpc3RzLmluZnJhZGVhZC5vcmcvbWFp bG1hbi9saXN0aW5mby9saW51eC1yaXNjdgo= From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 10FEDC4167B for ; Wed, 13 Dec 2023 23:00:22 +0000 (UTC) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.a=rsa-sha256 header.s=20230601 header.b=uvDTFbVs; dkim-atps=neutral Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4Sr9tX58zfz3cXk for ; Thu, 14 Dec 2023 10:00:20 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.a=rsa-sha256 header.s=20230601 header.b=uvDTFbVs; dkim-atps=neutral Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=flex--seanjc.bounces.google.com (client-ip=2607:f8b0:4864:20::b49; helo=mail-yb1-xb49.google.com; envelope-from=3rjd6zqykdm8dzv84x19916z.x97638fiaax-yzg63ded.9k6vwd.9c1@flex--seanjc.bounces.google.com; receiver=lists.ozlabs.org) Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4Sr9sQ4cbPz3c8h for ; Thu, 14 Dec 2023 09:59:21 +1100 (AEDT) Received: by mail-yb1-xb49.google.com with SMTP id 3f1490d57ef6-dbcd8f64549so982830276.3 for ; Wed, 13 Dec 2023 14:59:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1702508358; x=1703113158; darn=lists.ozlabs.org; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id :reply-to; bh=P+J5uhAeT04KXTELzQDOfFmLaVLnZ2vRpEsBsoOgLL4=; b=uvDTFbVs1+0k9sH6luuKgzGH30hiuVLUNBXdMs1mPQ6cKp7gQoe4zEy7agyQMEvxP2 gUJCeiLsgvOEgGsQFRwitp2an+nzdC2ainNZLdiL+lHHX7a7yyesXoCWencZwr67RkX+ G/bMAZXsMUeDTSc3EEz8un0Lk0OGLtCrDJ0OgD+pz4OMHtI/pW9fZL4nvlJPvQsSw/+J IrqnPwnkTvmZX7E9gQVteUwlmRen++eJ2lycKILlP168JIeInQX3IJK8xsBAFzCZ+7d2 WOSn0dqok2ms7tApkREHIYtkuQapBZuZwsTQ6tclSJcsEEtje4IZjcf2plOzFaxONT8L VzyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702508358; x=1703113158; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=P+J5uhAeT04KXTELzQDOfFmLaVLnZ2vRpEsBsoOgLL4=; b=a3BqXXr0UjIRLnhq6OGQ20xmF3JrRK9HBNBj4NODS8kUUAfuLrh2pJxsvnt8Lq7Ruq 6RWmLW/hHPHVLBuswGemXRquV4bYwyz9rAbcazGjaS1cZmboQqgyTuA918qKwYDo6ZFz oLbCZB34M1vi86/GOa3+7APAO3HTQ7RI57yEl5UtksXfb1PdhnwcVIg+h8P9yFSWZpDE cH1pw3CkdqkxKBuCXZipdpxfLMLPsZrHXAtXvQrSMwuWyOvkFbTBG53l3e/WRzyZ2/NC tLowlKJHYGW19D9UYky037MU1cCUFXp4wYrqUgI1+y4L7vrbB4QeDm3BJcqcNjMnAs7r UFxg== X-Gm-Message-State: AOJu0YyzxMaNTpXYTNWD0EIHqP9uhIWoFF5V+Cmq6w69QSSsZJ5QAAHc MCElhqvKouPHYryQgK6iYb0nD9KNV6g= X-Google-Smtp-Source: AGHT+IF/2tOKGAnp02CUAmcGGknds7jEyZkdjWAgG3ZJhjWlZQOPu75oZHl38j1efeikxZ9gYUCkkMb1/cI= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:a28c:0:b0:dbc:d4c4:15d3 with SMTP id c12-20020a25a28c000000b00dbcd4c415d3mr27833ybi.5.1702508358541; Wed, 13 Dec 2023 14:59:18 -0800 (PST) Date: Wed, 13 Dec 2023 14:59:16 -0800 In-Reply-To: <5ca5592b21131f515e296afae006e5bb28b1fb87.camel@redhat.com> Mime-Version: 1.0 References: <20220921003201.1441511-11-seanjc@google.com> <20231207010302.2240506-1-jmattson@google.com> <5ca5592b21131f515e296afae006e5bb28b1fb87.camel@redhat.com> Message-ID: Subject: Re: [PATCH v4 10/12] KVM: x86: never write to memory from kvm_vcpu_check_block() From: Sean Christopherson To: Maxim Levitsky Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kvm@vger.kernel.org, david@redhat.com, atishp@atishpatra.org, linux-mips@vger.kernel.org, linux-riscv@lists.infradead.org, imbrenda@linux.ibm.com, frankja@linux.ibm.com, maz@kernel.org, chenhuacai@kernel.org, palmer@dabbelt.com, borntraeger@linux.ibm.com, aou@eecs.berkeley.edu, suzuki.poulose@arm.com, paul.walmsley@sifive.com, alexandru.elisei@arm.com, linux-arm-kernel@lists.infradead.org, Jim Mattson , linux-kernel@vger.kernel.org, oliver.upton@linux.dev, james.morse@arm.com, kvm-riscv@lists.infradead.org, anup@brainfault.org, pbonzini@redhat.com, linuxppc-dev@lists.ozlabs.org Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" On Thu, Dec 14, 2023, Maxim Levitsky wrote: > On Tue, 2023-12-12 at 07:28 -0800, Sean Christopherson wrote: > > On Sun, Dec 10, 2023, Jim Mattson wrote: > > > On Thu, Dec 7, 2023 at 8:21=E2=80=AFAM Sean Christopherson wrote: > > > > Doh. We got the less obvious cases and missed the obvious one. > > > >=20 > > > > Ugh, and we also missed a related mess in kvm_guest_apic_has_interr= upt(). That > > > > thing should really be folded into vmx_has_nested_events(). > > > >=20 > > > > Good gravy. And vmx_interrupt_blocked() does the wrong thing becau= se that > > > > specifically checks if L1 interrupts are blocked. > > > >=20 > > > > Compile tested only, and definitely needs to be chunked into multip= le patches, > > > > but I think something like this mess? > > >=20 > > > The proposed patch does not fix the problem. In fact, it messes thing= s > > > up so much that I don't get any test results back. > >=20 > > Drat. > >=20 > > > Google has an internal K-U-T test that demonstrates the problem. I > > > will post it soon. > >=20 > > Received, I'll dig in soonish, though "soonish" might unfortunately mig= ht mean > > 2024. > >=20 >=20 > Hi, >=20 > So this is what I think: >=20 > KVM does have kvm_guest_apic_has_interrupt() for this exact purpose, > to check if nested APICv has a pending interrupt before halting. For all intents and purposes, so was nested_ops->has_events(). I don't see any reason to have two APIs that do the same thing, and the call to kvm_guest_apic_has_interrupt() is wrong in that it doesn't verify that IRQs= are enabled for _L2_. That's why my preference is to fold the two together. > However the problem is bigger - with APICv we have in essence 2 pending > interrupt bitmaps - the PIR and the IRR, and to know if the guest has a > pending interrupt one has in theory to copy PIR to IRR, then see if the m= ax > is larger then the current PPR. Yeah, this is what my untested hack-a-patch tried to do. > Since we don't want to write to guest memory, The changelog is misleading/wrong. Writing guest memory is ok, what isn't = safe is blocking or sleeping, i.e. KVM must not trigger a host page fault due to accessing a page that's been swapped out. Read vs. write doesn't matter. So KVM can safely read and write guest memory so long as it already mapped = by=20 kvm_vcpu_map() (or I suppose if we wrapped an access with pagefault_disable= (), but I can't think of a sane reason to do that). E.g. nVMX can access a vCP= U's PID mapping, but synthesizing a nested VM-Exit will cause explosions on nSV= M. > and the IRR here resides in the guest memory, I guess we have to do a > 'dry-run' version of 'vmx_complete_nested_posted_interrupt' and call it f= rom > kvm_guest_apic_has_interrupt(). nested_ops->has_events() is the much better fit, e.g. the naming won't get = weird and we can gate the whole thing on is_guest_mode(). Though we probably nee= d a wrapper to handle any commonalities between nVMX and nSVM. > What do you think? I can prepare a patch for this. As above, this is what I tried to do, sort of. Though it's obviously broke= n. We don't need a full dry-run because KVM only needs to detect events that are = unique to L2, e.g. nVMX's preemption timer, MTF, and pending virtual interrupts (h= mm, I suspect nSVM's vNMI is broken too). Things like INIT and SMI don't requi= re nested virtualization awareness because the event itself is tracked for the= vCPU as a whole. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4B536C4332F for ; Wed, 13 Dec 2023 22:59:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Message-ID: References:Mime-Version:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=8ma2GHlT3CjVfXP6KNw2zyAs816lhPdIeFddreyGv2U=; b=aTyOwQFIB/KP07KSiaheT6tp1e R0gfxTl0s66sRGA26bvWMpuryD5PNqt2RNHS4bAr90hiCwBXIloF+GYdCsdNzNQhdBOLXzSUBTXAP 330o5aa0CHzOH/y8VJRcOADY0M+qWYJHGFF4fhRjUQm75xu0OTgPOPpdRMyys8/pFKLRmOL0wS/ht ecklUHN9b7ioybRabGpJkV5ULidWa4ghQSn8G9XThGisrUNReWhkYWNUmlhT+yMvdbdkrkRdeHymQ hgmePaD4a1B3rnZZvKCh2CZyF7SJLhXxS7qPLYRLl3tATd6fcGQgOBNHMFWeRTfIS5Bhd7yg94hr4 y+dypRGw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1rDYCM-00GC6k-07; Wed, 13 Dec 2023 22:59:26 +0000 Received: from mail-yb1-xb49.google.com ([2607:f8b0:4864:20::b49]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1rDYCI-00GC5Z-16 for linux-arm-kernel@lists.infradead.org; Wed, 13 Dec 2023 22:59:23 +0000 Received: by mail-yb1-xb49.google.com with SMTP id 3f1490d57ef6-dbcd8f64549so982832276.3 for ; Wed, 13 Dec 2023 14:59:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1702508358; x=1703113158; darn=lists.infradead.org; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id :reply-to; bh=P+J5uhAeT04KXTELzQDOfFmLaVLnZ2vRpEsBsoOgLL4=; b=r1jryfbj3yXQBG35BuewYaUA7c7mkXeFiBp0Vsh/zoMxxCLb4X1YdVQ4w8SIuQ4wnX cmQTBbqLpJG9AoLIB8y+1ks8qrXdBDWjAWDuEw797iS9kJhq7GqK10NLBpuDhqeILJ5v ebhhMcnX8Hx6VX/lvn0zcm6LRcy5p1ZCPtdyWH2ye9FszHpxyjww0KvhGerSjc68nf9a Fv8paK3zlinkxt1zwh9I3jBo84xPnWRuylxZWV1QngtG7yVT8inGP11/6RBQoD3PWRA+ 3WCwmSDhfOwEaEN90ho6zkWnzue/NiP+614G/AAHpeCYuqK/MplElo8X0cprA+Jkz0vJ 0uPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702508358; x=1703113158; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=P+J5uhAeT04KXTELzQDOfFmLaVLnZ2vRpEsBsoOgLL4=; b=cCp8n1kyJw6NfZudLoZ+CJyin6suDVZfSUWEkRumxjGEP4+H34MCi3U5LqtSKPsm8y gmZ3/GEYhAOSUMMNfBT3FeW30/6t++mh04uYmX+mBY1QFfun+SLmFrT5QT3uL133dxKl 5lQWEWR1WafA1vFbXq8PLno68Bwd8V1IbBPdB78kvSQAbClreV2M9H+xByUJLdCT1RHc 9ED7Uq2o7x61LFkTNtLdJSWFRarKFp0IDEPvsYXNM2++Ad+hUZg6QC+BBV5hl+DK3+BA 7cksbSsYS2iupAxkkUNOHFgg2Zf4IgcrI79YiyZMFT5E9LnTN2lnxNY5UsuztLRbXk/5 iSrw== X-Gm-Message-State: AOJu0YxiT+uiUzfnBIN6ka0HBDL+FbcSS64WWMU1xhRP+S1Zm3+KD2Pd Xh4lqVoCBwzGnA+f3+r6iIkMJJBFIoY= X-Google-Smtp-Source: AGHT+IF/2tOKGAnp02CUAmcGGknds7jEyZkdjWAgG3ZJhjWlZQOPu75oZHl38j1efeikxZ9gYUCkkMb1/cI= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:a28c:0:b0:dbc:d4c4:15d3 with SMTP id c12-20020a25a28c000000b00dbcd4c415d3mr27833ybi.5.1702508358541; Wed, 13 Dec 2023 14:59:18 -0800 (PST) Date: Wed, 13 Dec 2023 14:59:16 -0800 In-Reply-To: <5ca5592b21131f515e296afae006e5bb28b1fb87.camel@redhat.com> Mime-Version: 1.0 References: <20220921003201.1441511-11-seanjc@google.com> <20231207010302.2240506-1-jmattson@google.com> <5ca5592b21131f515e296afae006e5bb28b1fb87.camel@redhat.com> Message-ID: Subject: Re: [PATCH v4 10/12] KVM: x86: never write to memory from kvm_vcpu_check_block() From: Sean Christopherson To: Maxim Levitsky Cc: Jim Mattson , alexandru.elisei@arm.com, anup@brainfault.org, aou@eecs.berkeley.edu, atishp@atishpatra.org, borntraeger@linux.ibm.com, chenhuacai@kernel.org, david@redhat.com, frankja@linux.ibm.com, imbrenda@linux.ibm.com, james.morse@arm.com, kvm-riscv@lists.infradead.org, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mips@vger.kernel.org, linux-riscv@lists.infradead.org, linuxppc-dev@lists.ozlabs.org, maz@kernel.org, oliver.upton@linux.dev, palmer@dabbelt.com, paul.walmsley@sifive.com, pbonzini@redhat.com, suzuki.poulose@arm.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20231213_145922_383704_7DF81247 X-CRM114-Status: GOOD ( 36.46 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org T24gVGh1LCBEZWMgMTQsIDIwMjMsIE1heGltIExldml0c2t5IHdyb3RlOgo+IE9uIFR1ZSwgMjAy My0xMi0xMiBhdCAwNzoyOCAtMDgwMCwgU2VhbiBDaHJpc3RvcGhlcnNvbiB3cm90ZToKPiA+IE9u IFN1biwgRGVjIDEwLCAyMDIzLCBKaW0gTWF0dHNvbiB3cm90ZToKPiA+ID4gT24gVGh1LCBEZWMg NywgMjAyMyBhdCA4OjIx4oCvQU0gU2VhbiBDaHJpc3RvcGhlcnNvbiA8c2VhbmpjQGdvb2dsZS5j b20+IHdyb3RlOgo+ID4gPiA+IERvaC4gIFdlIGdvdCB0aGUgbGVzcyBvYnZpb3VzIGNhc2VzIGFu ZCBtaXNzZWQgdGhlIG9idmlvdXMgb25lLgo+ID4gPiA+IAo+ID4gPiA+IFVnaCwgYW5kIHdlIGFs c28gbWlzc2VkIGEgcmVsYXRlZCBtZXNzIGluIGt2bV9ndWVzdF9hcGljX2hhc19pbnRlcnJ1cHQo KS4gIFRoYXQKPiA+ID4gPiB0aGluZyBzaG91bGQgcmVhbGx5IGJlIGZvbGRlZCBpbnRvIHZteF9o YXNfbmVzdGVkX2V2ZW50cygpLgo+ID4gPiA+IAo+ID4gPiA+IEdvb2QgZ3JhdnkuICBBbmQgdm14 X2ludGVycnVwdF9ibG9ja2VkKCkgZG9lcyB0aGUgd3JvbmcgdGhpbmcgYmVjYXVzZSB0aGF0Cj4g PiA+ID4gc3BlY2lmaWNhbGx5IGNoZWNrcyBpZiBMMSBpbnRlcnJ1cHRzIGFyZSBibG9ja2VkLgo+ ID4gPiA+IAo+ID4gPiA+IENvbXBpbGUgdGVzdGVkIG9ubHksIGFuZCBkZWZpbml0ZWx5IG5lZWRz IHRvIGJlIGNodW5rZWQgaW50byBtdWx0aXBsZSBwYXRjaGVzLAo+ID4gPiA+IGJ1dCBJIHRoaW5r IHNvbWV0aGluZyBsaWtlIHRoaXMgbWVzcz8KPiA+ID4gCj4gPiA+IFRoZSBwcm9wb3NlZCBwYXRj aCBkb2VzIG5vdCBmaXggdGhlIHByb2JsZW0uIEluIGZhY3QsIGl0IG1lc3NlcyB0aGluZ3MKPiA+ ID4gdXAgc28gbXVjaCB0aGF0IEkgZG9uJ3QgZ2V0IGFueSB0ZXN0IHJlc3VsdHMgYmFjay4KPiA+ IAo+ID4gRHJhdC4KPiA+IAo+ID4gPiBHb29nbGUgaGFzIGFuIGludGVybmFsIEstVS1UIHRlc3Qg dGhhdCBkZW1vbnN0cmF0ZXMgdGhlIHByb2JsZW0uIEkKPiA+ID4gd2lsbCBwb3N0IGl0IHNvb24u Cj4gPiAKPiA+IFJlY2VpdmVkLCBJJ2xsIGRpZyBpbiBzb29uaXNoLCB0aG91Z2ggInNvb25pc2gi IG1pZ2h0IHVuZm9ydHVuYXRlbHkgbWlnaHQgbWVhbgo+ID4gMjAyNC4KPiA+IAo+IAo+IEhpLAo+ IAo+IFNvIHRoaXMgaXMgd2hhdCBJIHRoaW5rOgo+IAo+IEtWTSBkb2VzIGhhdmUga3ZtX2d1ZXN0 X2FwaWNfaGFzX2ludGVycnVwdCgpIGZvciB0aGlzIGV4YWN0IHB1cnBvc2UsCj4gdG8gY2hlY2sg aWYgbmVzdGVkIEFQSUN2IGhhcyBhIHBlbmRpbmcgaW50ZXJydXB0IGJlZm9yZSBoYWx0aW5nLgoK Rm9yIGFsbCBpbnRlbnRzIGFuZCBwdXJwb3Nlcywgc28gd2FzIG5lc3RlZF9vcHMtPmhhc19ldmVu dHMoKS4gIEkgZG9uJ3Qgc2VlCmFueSByZWFzb24gdG8gaGF2ZSB0d28gQVBJcyB0aGF0IGRvIHRo ZSBzYW1lIHRoaW5nLCBhbmQgdGhlIGNhbGwgdG8Ka3ZtX2d1ZXN0X2FwaWNfaGFzX2ludGVycnVw dCgpIGlzIHdyb25nIGluIHRoYXQgaXQgZG9lc24ndCB2ZXJpZnkgdGhhdCBJUlFzIGFyZQplbmFi bGVkIGZvciBfTDJfLiAgVGhhdCdzIHdoeSBteSBwcmVmZXJlbmNlIGlzIHRvIGZvbGQgdGhlIHR3 byB0b2dldGhlci4KCj4gSG93ZXZlciB0aGUgcHJvYmxlbSBpcyBiaWdnZXIgLSB3aXRoIEFQSUN2 IHdlIGhhdmUgaW4gZXNzZW5jZSAyIHBlbmRpbmcKPiBpbnRlcnJ1cHQgYml0bWFwcyAtIHRoZSBQ SVIgYW5kIHRoZSBJUlIsIGFuZCB0byBrbm93IGlmIHRoZSBndWVzdCBoYXMgYQo+IHBlbmRpbmcg aW50ZXJydXB0IG9uZSBoYXMgaW4gdGhlb3J5IHRvIGNvcHkgUElSIHRvIElSUiwgdGhlbiBzZWUg aWYgdGhlIG1heAo+IGlzIGxhcmdlciB0aGVuIHRoZSBjdXJyZW50IFBQUi4KClllYWgsIHRoaXMg aXMgd2hhdCBteSB1bnRlc3RlZCBoYWNrLWEtcGF0Y2ggdHJpZWQgdG8gZG8uCgo+IFNpbmNlIHdl IGRvbid0IHdhbnQgdG8gd3JpdGUgdG8gZ3Vlc3QgbWVtb3J5LAoKVGhlIGNoYW5nZWxvZyBpcyBt aXNsZWFkaW5nL3dyb25nLiAgV3JpdGluZyBndWVzdCBtZW1vcnkgaXMgb2ssIHdoYXQgaXNuJ3Qg c2FmZQppcyBibG9ja2luZyBvciBzbGVlcGluZywgaS5lLiBLVk0gbXVzdCBub3QgdHJpZ2dlciBh IGhvc3QgcGFnZSBmYXVsdCBkdWUgdG8KYWNjZXNzaW5nIGEgcGFnZSB0aGF0J3MgYmVlbiBzd2Fw cGVkIG91dC4gIFJlYWQgdnMuIHdyaXRlIGRvZXNuJ3QgbWF0dGVyLgoKU28gS1ZNIGNhbiBzYWZl bHkgcmVhZCBhbmQgd3JpdGUgZ3Vlc3QgbWVtb3J5IHNvIGxvbmcgYXMgaXQgYWxyZWFkeSBtYXBw ZWQgYnkgCmt2bV92Y3B1X21hcCgpIChvciBJIHN1cHBvc2UgaWYgd2Ugd3JhcHBlZCBhbiBhY2Nl c3Mgd2l0aCBwYWdlZmF1bHRfZGlzYWJsZSgpLApidXQgSSBjYW4ndCB0aGluayBvZiBhIHNhbmUg cmVhc29uIHRvIGRvIHRoYXQpLiAgRS5nLiBuVk1YIGNhbiBhY2Nlc3MgYSB2Q1BVJ3MKUElEIG1h cHBpbmcsIGJ1dCBzeW50aGVzaXppbmcgYSBuZXN0ZWQgVk0tRXhpdCB3aWxsIGNhdXNlIGV4cGxv c2lvbnMgb24gblNWTS4KCj4gYW5kIHRoZSBJUlIgaGVyZSByZXNpZGVzIGluIHRoZSBndWVzdCBt ZW1vcnksIEkgZ3Vlc3Mgd2UgaGF2ZSB0byBkbyBhCj4gJ2RyeS1ydW4nIHZlcnNpb24gb2YgJ3Zt eF9jb21wbGV0ZV9uZXN0ZWRfcG9zdGVkX2ludGVycnVwdCcgYW5kIGNhbGwgaXQgZnJvbQo+IGt2 bV9ndWVzdF9hcGljX2hhc19pbnRlcnJ1cHQoKS4KCm5lc3RlZF9vcHMtPmhhc19ldmVudHMoKSBp cyB0aGUgbXVjaCBiZXR0ZXIgZml0LCBlLmcuIHRoZSBuYW1pbmcgd29uJ3QgZ2V0IHdlaXJkCmFu ZCB3ZSBjYW4gZ2F0ZSB0aGUgd2hvbGUgdGhpbmcgb24gaXNfZ3Vlc3RfbW9kZSgpLiAgVGhvdWdo IHdlIHByb2JhYmx5IG5lZWQgYQp3cmFwcGVyIHRvIGhhbmRsZSBhbnkgY29tbW9uYWxpdGllcyBi ZXR3ZWVuIG5WTVggYW5kIG5TVk0uCgo+IFdoYXQgZG8geW91IHRoaW5rPyBJIGNhbiBwcmVwYXJl IGEgcGF0Y2ggZm9yIHRoaXMuCgpBcyBhYm92ZSwgdGhpcyBpcyB3aGF0IEkgdHJpZWQgdG8gZG8s IHNvcnQgb2YuICBUaG91Z2ggaXQncyBvYnZpb3VzbHkgYnJva2VuLiAgV2UKZG9uJ3QgbmVlZCBh IGZ1bGwgZHJ5LXJ1biBiZWNhdXNlIEtWTSBvbmx5IG5lZWRzIHRvIGRldGVjdCBldmVudHMgdGhh dCBhcmUgdW5pcXVlCnRvIEwyLCBlLmcuIG5WTVgncyBwcmVlbXB0aW9uIHRpbWVyLCBNVEYsIGFu ZCBwZW5kaW5nIHZpcnR1YWwgaW50ZXJydXB0cyAoaG1tLApJIHN1c3BlY3QgblNWTSdzIHZOTUkg aXMgYnJva2VuIHRvbykuICBUaGluZ3MgbGlrZSBJTklUIGFuZCBTTUkgZG9uJ3QgcmVxdWlyZQpu ZXN0ZWQgdmlydHVhbGl6YXRpb24gYXdhcmVuZXNzIGJlY2F1c2UgdGhlIGV2ZW50IGl0c2VsZiBp cyB0cmFja2VkIGZvciB0aGUgdkNQVQphcyBhIHdob2xlLgoKX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX18KbGludXgtYXJtLWtlcm5lbCBtYWlsaW5nIGxpc3QK bGludXgtYXJtLWtlcm5lbEBsaXN0cy5pbmZyYWRlYWQub3JnCmh0dHA6Ly9saXN0cy5pbmZyYWRl YWQub3JnL21haWxtYW4vbGlzdGluZm8vbGludXgtYXJtLWtlcm5lbAo=