From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 94423EED60D for ; Thu, 12 Sep 2024 14:38:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: Content-Type:Cc:To:From:Subject:Message-ID:References:Mime-Version: In-Reply-To:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=IuWyNxzcGe6GM7Msd7pGsCR+v4gYGRud4L+CnasmxO4=; b=Zi47AWqOjX9xy9uyWC7R8eVvFI /1ph7jByEOwW1JRFDEFYrNKhhF5c37G91zFAsWObYGhg74VggrQzZsgG0bWfd+pzn6QJSUEJq6M9q tFMmCPzv8dx9LndVsb20VRd52F1Rfk3eXJUTyk33TyDkp1DOb7LdcRaPvGKCBUsENWrRFawdP63kT BmewmXnqt+EkRDgegDmKNhUINuvXb2426XuUMK1mMPQn3pk+2D65yVhUOYJejGH2YIlgstQ7uP7aM BsEoWOBgZncsZnoyaSMz2rqJlYYBm6a136zrqMdMAuYVtdMukgnDgX7ihHI9ZIiiA4YPc3Q5cwoEN sckBZz9Q==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1sokxh-0000000DOEP-2dqy; Thu, 12 Sep 2024 14:38:21 +0000 Received: from mail-pl1-x64a.google.com ([2607:f8b0:4864:20::64a]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1sokw3-0000000DNXD-1TKz for linux-arm-kernel@lists.infradead.org; Thu, 12 Sep 2024 14:36:40 +0000 Received: by mail-pl1-x64a.google.com with SMTP id d9443c01a7336-205443cf91fso11930685ad.1 for ; Thu, 12 Sep 2024 07:36:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1726151797; x=1726756597; darn=lists.infradead.org; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id :reply-to; bh=IuWyNxzcGe6GM7Msd7pGsCR+v4gYGRud4L+CnasmxO4=; b=4zQpt4Ek+ZaZltK5az0cw5grcvemt78pfuz4evvXcMbm9T2/sdwtCgxbJcahLSAsdK x6bgRjtMvMZmNvKbZ8pht43VoWF1QoPgfv1Lo8yItL22r6Aqmv/LcjTBiPK+d40tfTML kRoMKKF5LOVUDGSKZnDQMypvJMpC/uIAYH5gE8uQl5gMZcokGjCEYFBnsRpO/Lo0EhVc Ru1xBCeDIc6abC7lADJcstKelBmjtN+TmO/bvicOL9gWwRdpmyeSONRp4QEwyXcH3mGV DG0gyifMfNchsg2Hn6phtubawtRiqGyaw5MhNbmAOUi4u95UfWFgMyyt3l1ga0ci+eX3 5oYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726151797; x=1726756597; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=IuWyNxzcGe6GM7Msd7pGsCR+v4gYGRud4L+CnasmxO4=; b=n7be1GEet3jYuOSeS4A9jVbktc/0VtEf/6SC5BNKRSe+OJDieCMuEQnHfLmKl8OgC0 3MRyHwaRkki4iV5vC25hv8OOb6Z7pHDrFHgWVTFrUzexnMWmDfAtj5lPRgqVhR05D8gH I1nYHGdQal+6tKd/YXKNIQlzcg2rL8anr4JykDQ7SDDJ+DP9z5AT+KIv+V+HpeKm6qJk QS0c7tFIJ+Dpnen8Znz1oUZ+JrfeWJaraibRF+5UR11IQ57uL/NYsoTnVoqq6uNgC/6E +u2VxGfSsh3L33dO5E4G7Yjm8PLP2SLCXJErk1/81pgGVGVMOrkrgviUl3QyMAxJc1MR iPGQ== X-Forwarded-Encrypted: i=1; AJvYcCU/UOmjR5W3lqs4+SmnzrtJkdXrVWlKpB5dX/zqxQNUtixxnGw09bqqrmwWk2l/+gzUDxneBsElijy12GTC8I4y@lists.infradead.org X-Gm-Message-State: AOJu0Yz97uG2wmS2+tgY4liWCW8XnhB4qsFaqVGw4V5rGO50zrr7Xp/i vGiEeYps6vP/9kOARRAj0kC95aWO4GZ73QN6xfINKIG5BAkJvY8hd6rBF3H0mFSNu8S3gA7pBN8 C4A== X-Google-Smtp-Source: AGHT+IFuWC8JsJR3HsGyaRESNbHfLvQfpWc/wR0gpPN/S8O3DJQxAYIEFm0Vm/kFYnlxP670Kr6C2sD3R10= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:fa47:b0:205:71fb:2b27 with SMTP id d9443c01a7336-2076e3793dbmr630405ad.4.1726151796967; Thu, 12 Sep 2024 07:36:36 -0700 (PDT) Date: Thu, 12 Sep 2024 07:36:35 -0700 In-Reply-To: Mime-Version: 1.0 References: <20240911204158.2034295-1-seanjc@google.com> <20240911204158.2034295-14-seanjc@google.com> Message-ID: Subject: Re: [PATCH v2 13/13] KVM: selftests: Verify KVM correctly handles mprotect(PROT_READ) From: Sean Christopherson To: James Houghton Cc: Marc Zyngier , Oliver Upton , Anup Patel , Paolo Bonzini , Christian Borntraeger , Janosch Frank , Claudio Imbrenda , linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, kvm@vger.kernel.org, kvm-riscv@lists.infradead.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240912_073639_622626_FB339C1F X-CRM114-Status: GOOD ( 26.32 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Wed, Sep 11, 2024, James Houghton wrote: > On Wed, Sep 11, 2024 at 1:42=E2=80=AFPM Sean Christopherson wrote: > > @@ -31,6 +33,42 @@ static void guest_code(uint64_t start_gpa, uint64_t = end_gpa, uint64_t stride) > > *((volatile uint64_t *)gpa); > > GUEST_SYNC(2); > > > > + /* > > + * Write to the region while mprotect(PROT_READ) is underway. = Keep > > + * looping until the memory is guaranteed to be read-only, othe= rwise > > + * vCPUs may complete their writes and advance to the next stag= e > > + * prematurely. > > + * > > + * For architectures that support skipping the faulting instruc= tion, > > + * generate the store via inline assembly to ensure the exact l= ength > > + * of the instruction is known and stable (vcpu_arch_put_guest(= ) on > > + * fixed-length architectures should work, but the cost of para= noia > > + * is low in this case). For x86, hand-code the exact opcode s= o that > > + * there is no room for variability in the generated instructio= n. > > + */ > > + do { > > + for (gpa =3D start_gpa; gpa < end_gpa; gpa +=3D stride) > > +#ifdef __x86_64__ > > + asm volatile(".byte 0x48,0x89,0x00" :: "a"(gpa)= : "memory"); /* mov %rax, (%rax) */ >=20 > I'm curious what you think about using labels (in asm, but perhaps > also in C) and *setting* the PC instead of incrementing the PC.=20 I have nothing against asm labels, but generally speaking I don't like usin= g _global_ labels to skip instructions. E.g. __KVM_ASM_SAFE() uses labels to= compute the instruction size, but those labels are local and never directly used ou= tside of the macro. The biggest problem with global labels is that they don't scale. E.g. if w= e extend this test in the future with another testcase that needs to skip a g= pa, then we'll end up with skip_page1 and skip_page2, and the code starts to be= come even harder to follow. Don't get me wrong, skipping a fixed instruction size is awful too, but in = my experience they are less painful to maintain over the long haul. > Diff attached (tested on x86). Nit, in the future, just copy+pase the diff for small things like this (and= even for large diffs in many cases) so that readers don't need to open an attach= ment (depending on their mail client), and so that it's easier to comment on the proposed changed. `git am --scissors` (a.k.a. `git am -c`) can be used to essentially extract= and apply such a diff from the mail. > It might even be safe/okay to always use vcpu_arch_put_guest(), just set = the > PC to a label immediately following it. That would not be safe/feasible. Labels in C code are scoped to the functi= on. And AFAIK, labels for use with goto are also not visible symbols, they are statements. The "standard" way to expose a label from a function is to use= inline asm, at which point there are zero guarantees that nothing necessary is gen= erated between vcpu_arch_put_guest() and the next asm() block. E.g. ignoring the inline asm for the moment, the compiler could generate mu= ltiple paths for a loop, e.g. an unrolled version for a small number of iterations= , and an actual loop for a larger number of iterations. Trying to define a label= as a singular symbol for that is nonsensical.