From: Sean Christopherson <seanjc@google.com>
To: Xiaoyao Li <xiaoyao.li@intel.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
Kai Huang <kai.huang@intel.com>,
Binbin Wu <binbin.wu@linux.intel.com>
Subject: Re: [PATCH 04/17] KVM: x86: Move synthetic PFERR_* sanity checks to SVM's #NPF handler
Date: Mon, 13 May 2024 10:31:27 -0700 [thread overview]
Message-ID: <ZkJOb4zJJnOAYnTi@google.com> (raw)
In-Reply-To: <3b6bc6ac-276f-4a83-8972-68b98db672c7@intel.com>
On Mon, May 13, 2024, Xiaoyao Li wrote:
> On 5/7/2024 11:58 PM, Paolo Bonzini wrote:
> > From: Sean Christopherson <seanjc@google.com>
> >
> > Move the sanity check that hardware never sets bits that collide with KVM-
> > define synthetic bits from kvm_mmu_page_fault() to npf_interception(),
> > i.e. make the sanity check #NPF specific. The legacy #PF path already
> > WARNs if _any_ of bits 63:32 are set, and the error code that comes from
> > VMX's EPT Violatation and Misconfig is 100% synthesized (KVM morphs VMX's
> > EXIT_QUALIFICATION into error code flags).
> >
> > Add a compile-time assert in the legacy #PF handler to make sure that KVM-
> > define flags are covered by its existing sanity check on the upper bits.
> >
> > Opportunistically add a description of PFERR_IMPLICIT_ACCESS, since we
> > are removing the comment that defined it.
> >
> > Signed-off-by: Sean Christopherson <seanjc@google.com>
> > Reviewed-by: Kai Huang <kai.huang@intel.com>
> > Reviewed-by: Binbin Wu <binbin.wu@linux.intel.com>
> > Message-ID: <20240228024147.41573-8-seanjc@google.com>
> > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> > ---
> > arch/x86/include/asm/kvm_host.h | 6 ++++++
> > arch/x86/kvm/mmu/mmu.c | 14 +++-----------
> > arch/x86/kvm/svm/svm.c | 9 +++++++++
> > 3 files changed, 18 insertions(+), 11 deletions(-)
> >
> > diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
> > index 58bbcf76ad1e..12e727301262 100644
> > --- a/arch/x86/include/asm/kvm_host.h
> > +++ b/arch/x86/include/asm/kvm_host.h
> > @@ -267,7 +267,13 @@ enum x86_intercept_stage;
> > #define PFERR_GUEST_ENC_MASK BIT_ULL(34)
> > #define PFERR_GUEST_SIZEM_MASK BIT_ULL(35)
> > #define PFERR_GUEST_VMPL_MASK BIT_ULL(36)
> > +
> > +/*
> > + * IMPLICIT_ACCESS is a KVM-defined flag used to correctly perform SMAP checks
> > + * when emulating instructions that triggers implicit access.
> > + */
> > #define PFERR_IMPLICIT_ACCESS BIT_ULL(48)
> > +#define PFERR_SYNTHETIC_MASK (PFERR_IMPLICIT_ACCESS)
> > #define PFERR_NESTED_GUEST_PAGE (PFERR_GUEST_PAGE_MASK | \
> > PFERR_WRITE_MASK | \
> > diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
> > index c72a2033ca96..5562d693880a 100644
> > --- a/arch/x86/kvm/mmu/mmu.c
> > +++ b/arch/x86/kvm/mmu/mmu.c
> > @@ -4502,6 +4502,9 @@ int kvm_handle_page_fault(struct kvm_vcpu *vcpu, u64 error_code,
> > return -EFAULT;
> > #endif
> > + /* Ensure the above sanity check also covers KVM-defined flags. */
>
> 1. There is no sanity check above related to KVM-defined flags yet. It has
> to be after Patch 6.
Ya, it's not just the comment, the entire changelog expects this patch to land
after patch 6.
>
> 2. I somehow cannot parse the comment properly, though I know it's to ensure
> KVM-defined PFERR_SYNTHETIC_MASK not contain any bit below 32-bits.
Hmm, how about this?
/*
* Ensure that the above sanity check on hardware error code bits 63:32
* also prevents false positives on KVM-defined flags.
*/
next prev parent reply other threads:[~2024-05-13 17:31 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-07 15:58 [PATCH v2 00/17] KVM: x86/mmu: Page fault and MMIO cleanups Paolo Bonzini
2024-05-07 15:58 ` [PATCH 01/17] KVM: x86/mmu: Exit to userspace with -EFAULT if private fault hits emulation Paolo Bonzini
2024-05-13 5:25 ` Xiaoyao Li
2024-05-07 15:58 ` [PATCH 02/17] KVM: x86: Remove separate "bit" defines for page fault error code masks Paolo Bonzini
2024-05-13 5:29 ` Xiaoyao Li
2024-05-07 15:58 ` [PATCH 03/17] KVM: x86: Define more SEV+ page fault error bits/flags for #NPF Paolo Bonzini
2024-05-07 15:58 ` [PATCH 04/17] KVM: x86: Move synthetic PFERR_* sanity checks to SVM's #NPF handler Paolo Bonzini
2024-05-13 5:50 ` Xiaoyao Li
2024-05-13 17:31 ` Sean Christopherson [this message]
2024-05-14 4:25 ` Xiaoyao Li
2024-05-14 15:32 ` Sean Christopherson
2024-05-15 1:03 ` Xiaoyao Li
2024-05-07 15:58 ` [PATCH 05/17] KVM: x86/mmu: Pass full 64-bit error code when handling page faults Paolo Bonzini
2024-05-07 15:58 ` [PATCH 06/17] KVM: x86/mmu: WARN if upper 32 bits of legacy #PF error code are non-zero Paolo Bonzini
2024-05-07 15:58 ` [PATCH 07/17] KVM: x86/mmu: Use synthetic page fault error code to indicate private faults Paolo Bonzini
2024-05-13 5:56 ` Xiaoyao Li
2024-05-07 15:58 ` [PATCH 08/17] KVM: x86/mmu: check for invalid async page faults involving private memory Paolo Bonzini
2024-05-07 15:58 ` [PATCH 09/17] KVM: x86/mmu: WARN and skip MMIO cache on private, reserved page faults Paolo Bonzini
2024-05-13 6:15 ` Xiaoyao Li
2024-05-07 15:58 ` [PATCH 10/17] KVM: x86/mmu: Move private vs. shared check above slot validity checks Paolo Bonzini
2024-05-13 6:22 ` Xiaoyao Li
2024-05-07 15:58 ` [PATCH 11/17] KVM: x86/mmu: Don't force emulation of L2 accesses to non-APIC internal slots Paolo Bonzini
2024-05-07 15:58 ` [PATCH 12/17] KVM: x86/mmu: Explicitly disallow private accesses to emulated MMIO Paolo Bonzini
2024-05-13 6:26 ` Xiaoyao Li
2024-05-07 15:58 ` [PATCH 13/17] KVM: x86/mmu: Move slot checks from __kvm_faultin_pfn() to kvm_faultin_pfn() Paolo Bonzini
2024-05-13 6:27 ` Xiaoyao Li
2024-05-07 15:58 ` [PATCH 14/17] KVM: x86/mmu: Handle no-slot faults at the beginning of kvm_faultin_pfn() Paolo Bonzini
2024-05-13 6:28 ` Xiaoyao Li
2024-05-07 15:58 ` [PATCH 15/17] KVM: x86/mmu: Set kvm_page_fault.hva to KVM_HVA_ERR_BAD for "no slot" faults Paolo Bonzini
2024-05-13 6:28 ` Xiaoyao Li
2024-05-07 15:58 ` [PATCH 16/17] KVM: x86/mmu: Initialize kvm_page_fault's pfn and hva to error values Paolo Bonzini
2024-05-13 6:29 ` Xiaoyao Li
2024-05-07 15:58 ` [PATCH 17/17] KVM: x86/mmu: Sanity check that __kvm_faultin_pfn() doesn't create noslot pfns Paolo Bonzini
2024-05-13 6:40 ` Xiaoyao Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZkJOb4zJJnOAYnTi@google.com \
--to=seanjc@google.com \
--cc=binbin.wu@linux.intel.com \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.