From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 21FE9C25B10 for ; Fri, 10 May 2024 13:47:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5C0186B0099; Fri, 10 May 2024 09:47:42 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 56F8A6B00E4; Fri, 10 May 2024 09:47:42 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 437246B00E5; Fri, 10 May 2024 09:47:42 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 24BEF6B00E4 for ; Fri, 10 May 2024 09:47:42 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 9B89C1202EF for ; Fri, 10 May 2024 13:47:41 +0000 (UTC) X-FDA: 82102613922.10.A7476E6 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) by imf14.hostedemail.com (Postfix) with ESMTP id D646010000D for ; Fri, 10 May 2024 13:47:39 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=h5igo1sU; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf14.hostedemail.com: domain of 3eiU-ZgYKCPUpbXkgZdlldib.Zljifkru-jjhsXZh.lod@flex--seanjc.bounces.google.com designates 209.85.219.202 as permitted sender) smtp.mailfrom=3eiU-ZgYKCPUpbXkgZdlldib.Zljifkru-jjhsXZh.lod@flex--seanjc.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1715348859; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=s0BQ7TnRKjFMrxEq7NT+cPq9l36GVpbuuSkGmH4Esl8=; b=cA1zUGo7ynCwWI1745JnXEVH2vcP+B5x9ZUSzK5d8UROUlNgCIDG+/1/j4/cN2Rocqtx2n qUaBIRia5X756G0JpYE//gO14kY2ybiEAVrCBJ9X6iYRV2QZeBESyJEYrOlaowDoI7pdQO DOfvkWEoQ7SNG5dXStEPBPtlGiA8Uoo= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1715348859; a=rsa-sha256; cv=none; b=T9rHNycD6NKuViL9rRa+LswA4YTzhgUl5ZwPt+SQ/lP7derIsqQ1XyFQZzHXDen/wi92r6 wzGkvsxSVzMLX7TcSt8RKMHc+epZFJtBLLNxrUQJr7DQG8AThZH1ESFRLvzPaXlfAwNxNl 9QdQcYlRfW3VlbIEvQqlw3wtQbsQIjE= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=h5igo1sU; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf14.hostedemail.com: domain of 3eiU-ZgYKCPUpbXkgZdlldib.Zljifkru-jjhsXZh.lod@flex--seanjc.bounces.google.com designates 209.85.219.202 as permitted sender) smtp.mailfrom=3eiU-ZgYKCPUpbXkgZdlldib.Zljifkru-jjhsXZh.lod@flex--seanjc.bounces.google.com Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-de59e612376so2832140276.3 for ; Fri, 10 May 2024 06:47:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1715348859; x=1715953659; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=s0BQ7TnRKjFMrxEq7NT+cPq9l36GVpbuuSkGmH4Esl8=; b=h5igo1sU4MYHE2o3WfRNg1jXwS47A82cBhhuiAJh4PM0HwoOHemzRj1MpZBeKutXwI CZ8K1MXW1rIeV473X2MdMbC3JUHxY8YAoXEWpfjsCA64fQyyMu0gaZX9WN9cnVB1QTEH g1Ruj8HB4+F/wrYWcKIM97cUDqkx6br7TYCPpCv5yqNpvTu4HYVUaCB8yMWhZI7KnUzn uiwQBRFBM8ggMANPJPEStM2b5sUgVI8P7JCY67aPsci/PbGvw27zvBRFC+Z2WpfGRu+O 2A3dK6f4cpG/mIvjdFc4kCplxpJEEo61LrwU5pu0HVpCIACCe8ZBt6Irr3oMawZuonUy 7imQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715348859; x=1715953659; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=s0BQ7TnRKjFMrxEq7NT+cPq9l36GVpbuuSkGmH4Esl8=; b=CthMDBX74qyBqGaLFXi5HIqVzF8t2ViTVUXQ/tGw4Q1fyPhv8K88MyAX0rr62QvYY+ koYt73nxIaiztGyMlEzo5CJ1g0ncEXEKBIm2/uxgtwfUDtauZJvdRMdkqlWReJjYRhEl Zd0gXUzzEGqpD4unMpoAzGe8oQ9IDpjwKvyozf1aCHITFhAZLd6bHiXTJd9Oa5vrTQv/ c+HWcjEmEJ3jQlPxWi/iBEt74lPFiCCO4QSDCgyqbXD5aTPn8xWe+UV2irTSJ/s59zks NH7XUGvDo9uL38ioYkwhoLH+ZwD4lqLDE9eRI7E8nBNy4KXdyWR9OwODCKhnFlpXMJfN 28OA== X-Forwarded-Encrypted: i=1; AJvYcCXT9e08h89wSEMH4eCCsrHydNkltntVRpvrk9AonMDtpJ8wjXgWBJvssRbfnNj/MwefPVeEF6CSerSAbMXysrLTlWs= X-Gm-Message-State: AOJu0YzNfWfLPNbBWkO1SQaHra2HhTbHNSL8kCEiNDbJA472xI7yClU+ XRyqmtl7lhlt7X2Zn49PqP0UsvONORM3z2yMWyx+Bqdxa7cob6V/At/0uv6DG4jez3kgSg0/pQY 9Ng== X-Google-Smtp-Source: AGHT+IGeFXcvsiksARA9h1b7EfkKsK64PaIzGQcHXGZ3C4+3t16ZKMcUaQTapjqXNiSAJUTt6kTNKMrdw7g= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6902:2b85:b0:de5:2ce1:b638 with SMTP id 3f1490d57ef6-dee4f0719dfmr158392276.0.1715348858717; Fri, 10 May 2024 06:47:38 -0700 (PDT) Date: Fri, 10 May 2024 06:47:37 -0700 In-Reply-To: <20240510015822.503071-1-michael.roth@amd.com> Mime-Version: 1.0 References: <20240501085210.2213060-1-michael.roth@amd.com> <20240510015822.503071-1-michael.roth@amd.com> Message-ID: Subject: Re: [PATCH v15 21/23] KVM: MMU: Disable fast path for private memslots From: Sean Christopherson To: Michael Roth Cc: kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, jarkko@kernel.org, ashish.kalra@amd.com, nikunj.dadhania@amd.com, pankaj.gupta@amd.com, liam.merwick@oracle.com, papaluri@amd.com, Isaku Yamahata Content-Type: text/plain; charset="us-ascii" X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: D646010000D X-Stat-Signature: 4dggors3nroerbcn9sb44q1wxssws4mn X-Rspam-User: X-HE-Tag: 1715348859-892897 X-HE-Meta: U2FsdGVkX1/BI7qDbfRMQixvv9RNXhiZzr5Qq52dUNPXn/FxJKgZ9jnDZAD1GyRew1Gc55u3JubJTqNvuiG8fdGPLKNQ5urBi76C0dYO5rj1WQm6SUtVhSuXzMj7V/OT/iGc20tVekhkY9zpQCiZhpZMe9aCk3VUqVun/N/4j6aeXl5vYqe9UvHxSMzy8TDS/ylqMyshBI3SdAcPm1o1lC7bSp0nezzw0Q1JbL7zwDxMRMYNLCpjOCaHeeRyl8U0PKc6nvI7qH8cYpPwKpUjYGj3QR33kgSOdRwjjUHYtZywkvTKGMyJgP8DlqN2WSl+yvlMw6VEYoXIzuQnTS5eFXTfkMgaFodJfBkhfIEBJ6pLcmc/Gy6Op8YgUOycPmeXj+GaKYPDrVVKTaNfY0XzDi8jHRhDqlqI0U6KLU0nmDyMuZa74wDz9QCu+c84OP+tYS5X1x1e6ahnPqeR181V4B7wlNHKO3JoLx+M+vkh2NGtw516MHQ7fI64EAWaTF6KC1v16EaFRQkovKv9p04OEZzshyx9YK5cgPD2vPVkyDXL7/H83LZL7R0VkjfxXNwxcrERIJhhhpCFnvyEolMrfPbi3vOgBeUd6RxsDCSbHt5XThO9aoNtUq49qylXr+vq/QuVGCUMB4iKRMVn/DGAmH+3o8ZAdlE7tRSmlq3IH/SB+20KChViSklOyyO2kNADFwklaXjQmx5WN9PIrpceNWd6T9XyhovuufQt+bTzNgNKSlHl5xpcjFZQwZRgE7ZFxO2fw1jRGxrvfV+NftYTkZPqikD8bJ9G70QS/2NWGvUkbF7Lgy7wJi70wjB7ZCQrROpxYJ1AeAW5jxHvkTwTfJEWEtU0Xw+H+QRq8LWtbBegEVpXsS0yAbzema3wEwmlD6/bEi8YN/lMUnYYQV/R6oSQgvQXmNI0DSD1Aq2kIGiAq/BYK0vKxFGlt8KiN2fiz2PNyWdfUoFZy1MuVWv IY++GoTI 5sircwDfBJf0J1Fo9pXRo6mCP1wEElg9zA1MW9byA/SnC06wBPReDvnglczZBNHBl/ueaMMYDDw/ItYhvsUuv+wN2znyGf6hb2KtmxmF+Lg72JGN4YWe5633WbDbrLBBh5dxpj0pEOpz9DBGXrLzb/q8AT//kQNll5eoj6p7Z2ClxgLNGZzCUgohZ7umTKDwCTF0vNj4aYSS70yNo/qqpoOs6lZ3SjhiviBj7DguhTWfQcI7L4pcGXKw5naZqphARmEnhBYcuoE5cZp239evrDJ/+C2IM1Di7Y8fxmB1mj32ThwenUYFrQKUNW7tBPlO3XdQLDYoZ4JtarkJt/6YuRrwCbYoygvjCoGr9uLlg6gRsw6qcKkASu6zzT/Arf7/T4oIH8/xy0fVwVHf8HrgTWBLzVGo/zhA57kBx8IkxAEM6Hqj3ikEMotQ7Ftq3yYUQboHS06FWbTJ0JN0OmyIFuh7PHOuXbDOA7KIEl5B76b/FH/BUEzX6FgWQbKjttYTMVqaAjC/DVSP1rds/iaXoLCRtBkqYYmWHqzxxL75cZr7MvUjtP9Di7c6amUntPhiUV+MPF2e/o8Qo9uTP6mVYzqhM6w== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, May 09, 2024, Michael Roth wrote: > --- > arch/x86/kvm/mmu/mmu.c | 30 ++++++++++++++++++++++++++++-- > 1 file changed, 28 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c > index 62ad38b2a8c9..cecd8360378f 100644 > --- a/arch/x86/kvm/mmu/mmu.c > +++ b/arch/x86/kvm/mmu/mmu.c > @@ -3296,7 +3296,7 @@ static int kvm_handle_noslot_fault(struct kvm_vcpu *vcpu, > return RET_PF_CONTINUE; > } > > -static bool page_fault_can_be_fast(struct kvm_page_fault *fault) > +static bool page_fault_can_be_fast(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault) > { > /* > * Page faults with reserved bits set, i.e. faults on MMIO SPTEs, only > @@ -3307,6 +3307,32 @@ static bool page_fault_can_be_fast(struct kvm_page_fault *fault) > if (fault->rsvd) > return false; > > + /* > + * For hardware-protected VMs, certain conditions like attempting to > + * perform a write to a page which is not in the state that the guest > + * expects it to be in can result in a nested/extended #PF. In this > + * case, the below code might misconstrue this situation as being the > + * result of a write-protected access, and treat it as a spurious case > + * rather than taking any action to satisfy the real source of the #PF > + * such as generating a KVM_EXIT_MEMORY_FAULT. This can lead to the > + * guest spinning on a #PF indefinitely. > + * > + * For now, just skip the fast path for hardware-protected VMs since > + * they don't currently utilize any of this machinery anyway. In the > + * future, these considerations will need to be taken into account if > + * there's any need/desire to re-enable the fast path for > + * hardware-protected VMs. > + * > + * Since software-protected VMs don't have a notion of a shared vs. > + * private that's separate from what KVM is tracking, the above > + * KVM_EXIT_MEMORY_FAULT condition wouldn't occur, so avoid the > + * special handling for that case for now. Very technically, it can occur if userspace _just_ modified the attributes. And as I've said multiple times, at least for now, I want to avoid special casing SW-protected VMs unless it is *absolutely* necessary, because their sole purpose is to allow testing flows that are impossible to excercise without SNP/TDX hardware. > + */ > + if (kvm_slot_can_be_private(fault->slot) && > + !(IS_ENABLED(CONFIG_KVM_SW_PROTECTED_VM) && > + vcpu->kvm->arch.vm_type == KVM_X86_SW_PROTECTED_VM)) Heh, !(x && y) kills me, I misread this like 4 times. Anyways, I don't like the heuristic. It doesn't tie the restriction back to the cause in any reasonable way. Can't this simply be? if (fault->is_private != kvm_mem_is_private(vcpu->kvm, fault->gfn) return false; Which is much, much more self-explanatory.