Thread (178 messages) 178 messages, 11 authors, 2022-06-06

Re: [PATCH Part2 RFC v4 37/40] KVM: SVM: Add support to handle the RMP nested page fault

From: Sean Christopherson <seanjc@google.com>
Date: 2021-07-21 20:15:31
Also in: kvm, linux-coco, linux-crypto, linux-mm, lkml, platform-driver-x86 

On Tue, Jul 20, 2021, Brijesh Singh wrote:
On 7/20/21 5:31 PM, Sean Christopherson wrote:
...
quoted
quoted
This is a good question, the GHCB spec does not enforce that a guest *must*
use page state. If the page state changes is not done by the guest then it
will cause #NPF and its up to the hypervisor to decide on what it wants to
do.
Drat.  Is there any hope of pushing through a GHCB change to require the guest
to use PSC?
Well, I am not sure if we can push it through GHCB. Other hypervisor
also need to agree to it. We need to define them some architectural way
for hypervisor to detect the violation and notify guest about it.
And other guest's, too :-/
quoted
quoted
quoted
It would simplify KVM (albeit not much of a simplificiation) and would also
make debugging easier since transitions would require an explicit guest
request and guest bugs would result in errors instead of random
corruption/weirdness.
I am good with enforcing this from the KVM. But the question is, what fault
we should inject in the guest when KVM detects that guest has issued the
page state change.
Injecting a fault, at least from KVM, isn't an option since there's no architectural
behavior we can leverage.  E.g. a guest that isn't enlightened enough to properly
use PSC isn't going to do anything useful with a #MC or #VC.

Sadly, as is I think our only options are to either automatically convert RMP
entries as need, or to punt the exit to userspace.  Maybe we could do both, e.g.
have a module param to control the behavior?  The problem with punting to userspace
is that KVM would also need a way for userspace to fix the issue, otherwise we're
just taking longer to kill the guest :-/
I think we should automatically convert the RMP entries at time, its
possible that non Linux guest may access the page without going through
the PSC.
Agreed.  I don't love that KVM will disallow automatic conversions when the host
is accessing guest memory, but not when the guest is accessing memory.  On the
other hand, auto-converting when accessing from the host is far, far worse.

And FWIW, IIRC this is also aligns with the expected/proposed TDX behavior, so
that's a plus.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help