[RFC,04/18] KVM: Fail __gfn_to_hva_many for userfault gfns.

Message ID	20240710234222.2333120-5-jthoughton@google.com (mailing list archive)
State	New, archived
Headers	show Received: from mail-ua1-f73.google.com (mail-ua1-f73.google.com [209.85.222.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 20D0515A87C for <kvm@vger.kernel.org>; Wed, 10 Jul 2024 23:42:43 +0000 (UTC) Date: Wed, 10 Jul 2024 23:42:08 +0000 In-Reply-To: <20240710234222.2333120-1-jthoughton@google.com> Precedence: bulk Mime-Version: 1.0 References: <20240710234222.2333120-1-jthoughton@google.com> Message-ID: <20240710234222.2333120-5-jthoughton@google.com> Subject: [RFC PATCH 04/18] KVM: Fail __gfn_to_hva_many for userfault gfns. From: James Houghton <jthoughton@google.com> To: Paolo Bonzini <pbonzini@redhat.com> Cc: Marc Zyngier <maz@kernel.org>, Oliver Upton <oliver.upton@linux.dev>, James Morse <james.morse@arm.com>, Suzuki K Poulose <suzuki.poulose@arm.com>, Zenghui Yu <yuzenghui@huawei.com>, Sean Christopherson <seanjc@google.com>, Shuah Khan <shuah@kernel.org>, Peter Xu <peterx@redhat.org>, Axel Rasmussen <axelrasmussen@google.com>, David Matlack <dmatlack@google.com>, James Houghton <jthoughton@google.com>, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev Content-Type: text/plain; charset="UTF-8"
Series	KVM: Post-copy live migration for guest_memfd \| expand [RFC,00/18] KVM: Post-copy live migration for guest_memfd [RFC,01/18] KVM: Add KVM_USERFAULT build option [RFC,02/18] KVM: Add KVM_CAP_USERFAULT and KVM_MEMORY_ATTRIBUTE_USERFAULT [RFC,03/18] KVM: Put struct kvm pointer in memslot [RFC,04/18] KVM: Fail __gfn_to_hva_many for userfault gfns. [RFC,05/18] KVM: Add KVM_PFN_ERR_USERFAULT [RFC,06/18] KVM: Add KVM_MEMORY_EXIT_FLAG_USERFAULT [RFC,07/18] KVM: Provide attributes to kvm_arch_pre_set_memory_attributes [RFC,08/18] KVM: x86: Add KVM Userfault support [RFC,09/18] KVM: x86: Add vCPU fault fast-path for Userfault [RFC,10/18] KVM: arm64: Add KVM Userfault support [RFC,11/18] KVM: arm64: Add vCPU memory fault fast-path for Userfault [RFC,12/18] KVM: arm64: Add userfault support for steal-time [RFC,13/18] KVM: Add atomic parameter to __gfn_to_hva_many [RFC,14/18] KVM: Add asynchronous userfaults, KVM_READ_USERFAULT [RFC,15/18] KVM: guest_memfd: Add KVM Userfault support [RFC,16/18] KVM: Advertise KVM_CAP_USERFAULT in KVM_CHECK_EXTENSION [RFC,17/18] KVM: selftests: Add KVM Userfault mode to demand_paging_test [RFC,18/18] KVM: selftests: Remove restriction in vm_set_memory_attributes

Message ID

20240710234222.2333120-5-jthoughton@google.com (mailing list archive)

State

New, archived

Headers

Date: Wed, 10 Jul 2024 23:42:08 +0000
In-Reply-To: <20240710234222.2333120-1-jthoughton@google.com>
Precedence: bulk
Mime-Version: 1.0
References: <20240710234222.2333120-1-jthoughton@google.com>
Message-ID: <20240710234222.2333120-5-jthoughton@google.com>
Subject: [RFC PATCH 04/18] KVM: Fail __gfn_to_hva_many for userfault gfns.
From: James Houghton <jthoughton@google.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Marc Zyngier <maz@kernel.org>, Oliver Upton <oliver.upton@linux.dev>,
	James Morse <james.morse@arm.com>, Suzuki K Poulose <suzuki.poulose@arm.com>,
	Zenghui Yu <yuzenghui@huawei.com>, Sean Christopherson <seanjc@google.com>,
 Shuah Khan <shuah@kernel.org>,
	Peter Xu <peterx@redhat.org>, Axel Rasmussen <axelrasmussen@google.com>,
	David Matlack <dmatlack@google.com>, James Houghton <jthoughton@google.com>,
 kvm@vger.kernel.org,
	linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev
Content-Type: text/plain; charset="UTF-8"

Series

KVM: Post-copy live migration for guest_memfd | expand

Commit Message

James Houghton July 10, 2024, 11:42 p.m. UTC

Add gfn_has_userfault() that (1) checks that KVM Userfault is enabled,
and (2) that our particular gfn is a userfault gfn.

Check gfn_has_userfault() as part of __gfn_to_hva_many to prevent
gfn->hva translations for userfault gfns.

Signed-off-by: James Houghton <jthoughton@google.com>
---
 include/linux/kvm_host.h | 12 ++++++++++++
 virt/kvm/kvm_main.c      |  3 +++
 2 files changed, 15 insertions(+)

Comments

David Matlack July 11, 2024, 11:40 p.m. UTC | #1

On Wed, Jul 10, 2024 at 4:42 PM James Houghton <jthoughton@google.com> wrote:
>
> Add gfn_has_userfault() that (1) checks that KVM Userfault is enabled,
> and (2) that our particular gfn is a userfault gfn.
>
> Check gfn_has_userfault() as part of __gfn_to_hva_many to prevent
> gfn->hva translations for userfault gfns.
>
> Signed-off-by: James Houghton <jthoughton@google.com>
> ---
>  include/linux/kvm_host.h | 12 ++++++++++++
>  virt/kvm/kvm_main.c      |  3 +++
>  2 files changed, 15 insertions(+)
>
> diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
> index c1eb59a3141b..4cca896fb44a 100644
> --- a/include/linux/kvm_host.h
> +++ b/include/linux/kvm_host.h
> @@ -140,6 +140,7 @@ static inline bool is_noslot_pfn(kvm_pfn_t pfn)
>
>  #define KVM_HVA_ERR_BAD                (PAGE_OFFSET)
>  #define KVM_HVA_ERR_RO_BAD     (PAGE_OFFSET + PAGE_SIZE)
> +#define KVM_HVA_ERR_USERFAULT  (PAGE_OFFSET + 2 * PAGE_SIZE)
>
>  static inline bool kvm_is_error_hva(unsigned long addr)
>  {
> @@ -2493,4 +2494,15 @@ static inline bool kvm_userfault_enabled(struct kvm *kvm)
>  #endif
>  }
>
> +static inline bool gfn_has_userfault(struct kvm *kvm, gfn_t gfn)
> +{
> +#ifdef CONFIG_KVM_USERFAULT
> +       return kvm_userfault_enabled(kvm) &&
> +               (kvm_get_memory_attributes(kvm, gfn) &
> +                KVM_MEMORY_ATTRIBUTE_USERFAULT);
> +#else
> +       return false;
> +#endif
> +}
> +
>  #endif
> diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> index ffa452a13672..758deb90a050 100644
> --- a/virt/kvm/kvm_main.c
> +++ b/virt/kvm/kvm_main.c
> @@ -2686,6 +2686,9 @@ static unsigned long __gfn_to_hva_many(const struct kvm_memory_slot *slot, gfn_t
>         if (memslot_is_readonly(slot) && write)
>                 return KVM_HVA_ERR_RO_BAD;
>
> +       if (gfn_has_userfault(slot->kvm, gfn))
> +               return KVM_HVA_ERR_USERFAULT;

You missed the "many" part :)

Speaking of, to do this you'll need to convert all callers that pass
in nr_pages to actually set the number of pages they need. Today KVM
just checks from gfn to the end of the slot and returns the total
number of pages via nr_pages. i.e. We could end up checking (and async
fetching) the entire slot!

> +
>         if (nr_pages)
>                 *nr_pages = slot->npages - (gfn - slot->base_gfn);
>
> --
> 2.45.2.993.g49e7a77208-goog
>

diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index c1eb59a3141b..4cca896fb44a 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -140,6 +140,7 @@  static inline bool is_noslot_pfn(kvm_pfn_t pfn)
 
 #define KVM_HVA_ERR_BAD		(PAGE_OFFSET)
 #define KVM_HVA_ERR_RO_BAD	(PAGE_OFFSET + PAGE_SIZE)
+#define KVM_HVA_ERR_USERFAULT	(PAGE_OFFSET + 2 * PAGE_SIZE)
 
 static inline bool kvm_is_error_hva(unsigned long addr)
 {
@@ -2493,4 +2494,15 @@  static inline bool kvm_userfault_enabled(struct kvm *kvm)
 #endif
 }
 
+static inline bool gfn_has_userfault(struct kvm *kvm, gfn_t gfn)
+{
+#ifdef CONFIG_KVM_USERFAULT
+	return kvm_userfault_enabled(kvm) &&
+		(kvm_get_memory_attributes(kvm, gfn) &
+		 KVM_MEMORY_ATTRIBUTE_USERFAULT);
+#else
+	return false;
+#endif
+}
+
 #endif
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index ffa452a13672..758deb90a050 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -2686,6 +2686,9 @@  static unsigned long __gfn_to_hva_many(const struct kvm_memory_slot *slot, gfn_t
 	if (memslot_is_readonly(slot) && write)
 		return KVM_HVA_ERR_RO_BAD;
 
+	if (gfn_has_userfault(slot->kvm, gfn))
+		return KVM_HVA_ERR_USERFAULT;
+
 	if (nr_pages)
 		*nr_pages = slot->npages - (gfn - slot->base_gfn);

[RFC,04/18] KVM: Fail __gfn_to_hva_many for userfault gfns.

Commit Message

Comments

Patch