From patchwork Fri Mar 15 23:05:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Matlack X-Patchwork-Id: 13594113 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4E47D524C3 for ; Fri, 15 Mar 2024 23:05:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710543951; cv=none; b=NaFZZ6jbJ9sBKBBUfELgjFjx4pMqyztjoEKL2l2Jhp+E2SLu8hcQAhmFgbRp2hGYtibp2BO5/v36WXSLfXUMQ9WhmHhuKDySBkjTF+GpxVF4wTm8/uzwNM3YAXsl0qqR1KxUfjG0gtkafX7ZZtYoQIDrb0pUgcUJeNyfIei4L9E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710543951; c=relaxed/simple; bh=Cov+K61W3yOa0ObcP5pESyRYZi1gcNyUFK/aJ3wNmNA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=orI423zGY9g3PRfw6vqnyHOs6WFA/8AUtEnNkJrLbzhz/Z3mr0FW6ypf/ASvXYvatIJGcTSUJE9coP/ZtfqsdTZjkaXsEIKrNYbdkuuCptmO8EHVJx2Q9SScYClidQLSGrfoffMYsdrnt64Q1ciYVo6FSXhOvrpE/Vo7Fu5WjXw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dmatlack.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=nx2xfPQs; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dmatlack.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="nx2xfPQs" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-dbf618042daso4086525276.0 for ; Fri, 15 Mar 2024 16:05:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1710543947; x=1711148747; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Jq6dTiQO4a7GzTIlCZ/7Sr+NoQ1v4+WQzk26lh1YhWg=; b=nx2xfPQsmrlIMvymOTajI1vWZCq3JXkc3DqiDKzlAVi1Boe7XR5uZRuO8NyXiFMz0a KUBiattLFvFkbUF8Q53ZVNTJ1x2Gbk8EdFPh072SlxwvUd+hcgOHhfpjXKdkbqckEhu/ Uo6yqc3hMx6i6ed6+08daFtEobEdnkoXExMwExvjzIh1lbuvr7MWyLJRXKIkR3/RN1a4 0fQxGqxx1gyPego0cypJil5xXHC22AFRnTaX+scyc0z8FtZ1lRa68wV2Zf8spscYqP8c UhAksR1hFFzrfFUyZd9dYIPwENlWDSeamzOZlWvqcLkE4sNCn7xtA63Ry4Yw1IA6JGj3 ARzg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710543947; x=1711148747; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Jq6dTiQO4a7GzTIlCZ/7Sr+NoQ1v4+WQzk26lh1YhWg=; b=gkbwMgc2NtzoYz0c6TUXUbXyoH81wWdUbYVFmoGnuTB0AjQb6aOcSoMIr8dP3Fb387 LXr7iENbjoc/mWtIAHWpdG/S4wUPIvcK1/1+E+lMzdJBIhbhwwlGIJXpK09qIgDAyTEA 13bydhuhwwhnJ0CAg7PU1ccSjRY8780iNJ7znf0R978qDQba5L9jsMTtLpACZW/pPHdH 4lVaUrV1gHVIG2KpM2XsMBSscY2aTUwf0HLlqLrhyWkg4WNkPVM8v/4BYh7u6Z66FPCV BxW/6GKWPWH2GP4xrnk24OhY/g+Cqro0Qxs0MKdm3y3i+ncwNlPUhPNKn4Kq4vjIyUvi h4Iw== X-Forwarded-Encrypted: i=1; AJvYcCUcza9RWL4bw1h/LIjuPu5n1VSHIvOFOJ+ejCy1Ufh6mr7cmwqsqJVrsPU8ecRXFRkcyj7uxIuXfzIzwocLphIEn13E X-Gm-Message-State: AOJu0Yw4ebqF3l0ZGdSkFuI/0VSuiOsBLndJItGwfZfHqHGKuU6R8Dgn hvFbpnpGeXVpcyXxnqCKmmho17e+MhH0T/FHgGansdp+ipubo/MWJd0o4RaxWL8sbYNAgRIWiZi kJ5CWEnaCww== X-Google-Smtp-Source: AGHT+IFwIWtAdHF9qqf2R5hkb2fp5Hri3uJzjkEaEVE9KnILaqL8bJMQ8Iv75zE4rNjwop2zjTqbg6D2eL2TPg== X-Received: from dmatlack-n2d-128.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1309]) (user=dmatlack job=sendgmr) by 2002:a05:6902:2301:b0:dc7:865b:22c6 with SMTP id do1-20020a056902230100b00dc7865b22c6mr338437ybb.8.1710543947439; Fri, 15 Mar 2024 16:05:47 -0700 (PDT) Date: Fri, 15 Mar 2024 16:05:38 -0700 In-Reply-To: <20240315230541.1635322-1-dmatlack@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240315230541.1635322-1-dmatlack@google.com> X-Mailer: git-send-email 2.44.0.291.gc1ea87d7ee-goog Message-ID: <20240315230541.1635322-2-dmatlack@google.com> Subject: [PATCH 1/4] KVM: x86/mmu: Check kvm_mmu_page_ad_need_write_protect() when clearing TDP MMU dirty bits From: David Matlack To: Paolo Bonzini , Sean Christopherson Cc: Vipin Sharma , kvm@vger.kernel.org, David Matlack , syzbot+900d58a45dcaab9e4821@syzkaller.appspotmail.com, stable@vger.kernel.org Check kvm_mmu_page_ad_need_write_protect() when deciding whether to write-protect or clear D-bits on TDP MMU SPTEs. TDP MMU SPTEs must be write-protected when the TDP MMU is being used to run an L2 (i.e. L1 has disabled EPT) and PML is enabled. KVM always disables the PML hardware when running L2, so failing to write-protect TDP MMU SPTEs will cause writes made by L2 to not be reflected in the dirty log. Reported-by: syzbot+900d58a45dcaab9e4821@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=900d58a45dcaab9e4821 Fixes: 5982a5392663 ("KVM: x86/mmu: Use kvm_ad_enabled() to determine if TDP MMU SPTEs need wrprot") Cc: stable@vger.kernel.org Cc: Vipin Sharma Cc: Sean Christopherson Signed-off-by: David Matlack --- arch/x86/kvm/mmu/tdp_mmu.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/mmu/tdp_mmu.c b/arch/x86/kvm/mmu/tdp_mmu.c index 6ae19b4ee5b1..c3c1a8f430ef 100644 --- a/arch/x86/kvm/mmu/tdp_mmu.c +++ b/arch/x86/kvm/mmu/tdp_mmu.c @@ -1498,6 +1498,16 @@ void kvm_tdp_mmu_try_split_huge_pages(struct kvm *kvm, } } +static bool tdp_mmu_need_write_protect(struct kvm_mmu_page *sp) +{ + /* + * All TDP MMU shadow pages share the same role as their root, aside + * from level, so it is valid to key off any shadow page to determine if + * write protection is needed for an entire tree. + */ + return kvm_mmu_page_ad_need_write_protect(sp) || !kvm_ad_enabled(); +} + /* * Clear the dirty status of all the SPTEs mapping GFNs in the memslot. If * AD bits are enabled, this will involve clearing the dirty bit on each SPTE. @@ -1508,7 +1518,8 @@ void kvm_tdp_mmu_try_split_huge_pages(struct kvm *kvm, static bool clear_dirty_gfn_range(struct kvm *kvm, struct kvm_mmu_page *root, gfn_t start, gfn_t end) { - u64 dbit = kvm_ad_enabled() ? shadow_dirty_mask : PT_WRITABLE_MASK; + const u64 dbit = tdp_mmu_need_write_protect(root) + ? PT_WRITABLE_MASK : shadow_dirty_mask; struct tdp_iter iter; bool spte_set = false; @@ -1523,7 +1534,7 @@ static bool clear_dirty_gfn_range(struct kvm *kvm, struct kvm_mmu_page *root, if (tdp_mmu_iter_cond_resched(kvm, &iter, false, true)) continue; - KVM_MMU_WARN_ON(kvm_ad_enabled() && + KVM_MMU_WARN_ON(dbit == shadow_dirty_mask && spte_ad_need_write_protect(iter.old_spte)); if (!(iter.old_spte & dbit)) @@ -1570,8 +1581,8 @@ bool kvm_tdp_mmu_clear_dirty_slot(struct kvm *kvm, static void clear_dirty_pt_masked(struct kvm *kvm, struct kvm_mmu_page *root, gfn_t gfn, unsigned long mask, bool wrprot) { - u64 dbit = (wrprot || !kvm_ad_enabled()) ? PT_WRITABLE_MASK : - shadow_dirty_mask; + const u64 dbit = (wrprot || tdp_mmu_need_write_protect(root)) + ? PT_WRITABLE_MASK : shadow_dirty_mask; struct tdp_iter iter; lockdep_assert_held_write(&kvm->mmu_lock); @@ -1583,7 +1594,7 @@ static void clear_dirty_pt_masked(struct kvm *kvm, struct kvm_mmu_page *root, if (!mask) break; - KVM_MMU_WARN_ON(kvm_ad_enabled() && + KVM_MMU_WARN_ON(dbit == shadow_dirty_mask && spte_ad_need_write_protect(iter.old_spte)); if (iter.level > PG_LEVEL_4K || From patchwork Fri Mar 15 23:05:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Matlack X-Patchwork-Id: 13594112 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E66D95A781 for ; Fri, 15 Mar 2024 23:05:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710543951; cv=none; b=St7OE/5M/Wxm5YY3tKU7xHur7YAVMpuRUq5A9MAI2HhjkCVHMrx4BuF4qqbpJ9IZWEEnibfVjVxZx6wcWAs7F0z9wrqKwLynO5C5hXlN091mpuvR8mn5fUv6nv6gdM7BYhPvTSN01WDnJcdRqMG+JRV9SxmQHYUV2hp/+na1/ck= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710543951; c=relaxed/simple; bh=RgksbGdG7u8AJtswXzk4EgEq/WqMCsdEj8clRIpoDtA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Xt/J3m5RJkZCRMpkqMnog+N5ZvKCs92B9dzyb6MplpoYfuk9AM8SI66U/5prQtRGFfEFgZcYrt/7k5Uu67xkltaTgAxZoDaWCWO1pblGq6KHV0FwPlde3rB+8IRxPRTTDdCrajjEkTY/jDtUNOB9qsrruCNQohy+deQPGJX8cdU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dmatlack.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ALNQDpkl; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dmatlack.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ALNQDpkl" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-60a2386e932so53434007b3.1 for ; Fri, 15 Mar 2024 16:05:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1710543949; x=1711148749; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=ksRJk3x87pZ96f9GyVsWOxdyk8h+nYAhCGhZDsSlgQQ=; b=ALNQDpklgpJpHF/4U8wr8y0lUnMSxAMmFFvKXI7RSSgXjdVKxZcJX89TWvKsRsOZ9E ndDOnXCt/9cu6hQ4hpP8bGs+lX806AyVCOGUrjDsxJVVf6PYEuXgo165jc9SjJAHQDvj oExvxAiLSC0fiALh6fSJKivAp/Dk8uI2/wnAai3dyBIFha4stsGMJD7+f45YhpxELp+3 ++uo2mn6+2dzq4KqJwQJJNGwRfYJ9brkgygsRndBov7+OBE9FBtAgELIh7UpaIlG/3fb RbMJcxjnB4gdpT7Lk/irujrDpWkSI9vnLqzvxg/y02fBiWX2D/qDsNLitqS9Z92whhm6 JY1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710543949; x=1711148749; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ksRJk3x87pZ96f9GyVsWOxdyk8h+nYAhCGhZDsSlgQQ=; b=jjXVNDnGgSIQpWAfbiDg41d935GB3j+djcsn6E51mUbDK0ZqHJjNHtyPV5PYTBlT2L Uk1LiIGcsJ+0kM8Ig1diqqFngiOfqliVa+KgtG8/MN4+8YwFK0RJbemcgiJq2AJisxRq D8aYNGglqUd5s7STCRQLUkuUhY5jvPpi5KZxoX7zbM1LtpeinEvU+a/jOyMOQjYqEH1c 8BXWHJPEX0DZejSY1UMc9m96O1ABsw7GE958QKLP7/Fu62l02kF5wToFJQosgQVhVI8N YUnU03Xyoy3gt17B5ja7y6k3trdenj/q8cOZpPQOxURToSLx5AOyguS9GrbMn/iDh5Av HzMw== X-Forwarded-Encrypted: i=1; AJvYcCXzGXYKZl014/GrXL3ixOaqbRkVm7+e+DjLOkN21iLijwEkGYDoM7fn3nN0VGlwPDHkcRapQVo70B6lcY8RhRpf+8UA X-Gm-Message-State: AOJu0Yw21Ujh8zx7lshgG2RhlkSzRcKjYRPRoGTgruEb4jcwWMq+oC9E qmh1dJHb8Rn9u8IEhgrlsjlsiQya47X/lltxSNx5JDKqMu8dh1SkuvaCv9NBWNRYrmdpP5Nbyae 56f4gLogrXw== X-Google-Smtp-Source: AGHT+IGzhC4ZdWs3utQUbG6j+VuczjacZXFTDw5ktSfLWXz0VqjwH2I4gLaKvg6uasSzJxOVx2PwcoUfthAaxw== X-Received: from dmatlack-n2d-128.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1309]) (user=dmatlack job=sendgmr) by 2002:a05:690c:a15:b0:60c:ca8a:4c10 with SMTP id cg21-20020a05690c0a1500b0060cca8a4c10mr1478867ywb.2.1710543949017; Fri, 15 Mar 2024 16:05:49 -0700 (PDT) Date: Fri, 15 Mar 2024 16:05:39 -0700 In-Reply-To: <20240315230541.1635322-1-dmatlack@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240315230541.1635322-1-dmatlack@google.com> X-Mailer: git-send-email 2.44.0.291.gc1ea87d7ee-goog Message-ID: <20240315230541.1635322-3-dmatlack@google.com> Subject: [PATCH 2/4] KVM: x86/mmu: Remove function comments above clear_dirty_{gfn_range,pt_masked}() From: David Matlack To: Paolo Bonzini , Sean Christopherson Cc: Vipin Sharma , kvm@vger.kernel.org, David Matlack Drop the comments above clear_dirty_gfn_range() and clear_dirty_pt_masked(), since each is word-for-word identical to the comment above their parent function. Leave the comment on the parent functions since they are APIs called by the KVM/x86 MMU. No functional change intended. Signed-off-by: David Matlack --- arch/x86/kvm/mmu/tdp_mmu.c | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/arch/x86/kvm/mmu/tdp_mmu.c b/arch/x86/kvm/mmu/tdp_mmu.c index c3c1a8f430ef..01192ac760f1 100644 --- a/arch/x86/kvm/mmu/tdp_mmu.c +++ b/arch/x86/kvm/mmu/tdp_mmu.c @@ -1508,13 +1508,6 @@ static bool tdp_mmu_need_write_protect(struct kvm_mmu_page *sp) return kvm_mmu_page_ad_need_write_protect(sp) || !kvm_ad_enabled(); } -/* - * Clear the dirty status of all the SPTEs mapping GFNs in the memslot. If - * AD bits are enabled, this will involve clearing the dirty bit on each SPTE. - * If AD bits are not enabled, this will require clearing the writable bit on - * each SPTE. Returns true if an SPTE has been changed and the TLBs need to - * be flushed. - */ static bool clear_dirty_gfn_range(struct kvm *kvm, struct kvm_mmu_page *root, gfn_t start, gfn_t end) { @@ -1571,13 +1564,6 @@ bool kvm_tdp_mmu_clear_dirty_slot(struct kvm *kvm, return spte_set; } -/* - * Clears the dirty status of all the 4k SPTEs mapping GFNs for which a bit is - * set in mask, starting at gfn. The given memslot is expected to contain all - * the GFNs represented by set bits in the mask. If AD bits are enabled, - * clearing the dirty status will involve clearing the dirty bit on each SPTE - * or, if AD bits are not enabled, clearing the writable bit on each SPTE. - */ static void clear_dirty_pt_masked(struct kvm *kvm, struct kvm_mmu_page *root, gfn_t gfn, unsigned long mask, bool wrprot) { From patchwork Fri Mar 15 23:05:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Matlack X-Patchwork-Id: 13594114 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 851F05A0F2 for ; Fri, 15 Mar 2024 23:05:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710543953; cv=none; b=Puq4e8A/qp2n8cS9ph4/lJjxNXIcHVftu+FAm9OrYoVmApfnLXnjX4Ot+GaW1pi8RI1+BJeizXaQy0HT0OB77Hnj194h0YU9dBAxht2w77j7bJM58VZ++hbuaQ9gd4GhCbNQakDDL+rEikAhMGsTZfeZypclHBYbWZGQLuYWTkE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710543953; c=relaxed/simple; bh=zALevsy+o6WoiT50ZSSg7EyHQ/7hii1b9a2RndIfQqY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=nmqdzV73Zt8Upl4lvuEKwqbVJzFKxcM3hns/cjop6eNSYiZRsfMekHgOBwg72VfJ7NRdZV3zSjNXT+ze+sZIbXYwNsmONyTSAPeup1VyuQLa3Myvgh/wI4J2tF0P2G50V+oqueOhNCz0e6YCfJEegdhuQK5FnuZQ5VOf096Z0cw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dmatlack.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ciUrS3yi; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dmatlack.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ciUrS3yi" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-60cd073522cso40409527b3.1 for ; Fri, 15 Mar 2024 16:05:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1710543950; x=1711148750; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=5v7s3VCD/BPCCGhMCnWgAFl+8Ao/7l2vN01DQs4HrL0=; b=ciUrS3yipLiNdiP791VLtUhjcRLI2sIwMoZQc/B+0uDDSET7ZQeoGNwG5NZrSX14/C w0yBvhCzD8qnVlTGVqP5+UO4v+TxXQhOcCTuSncCVzFKam3oLdtDkw/vmQhn1GkJYf/r WLobSEAz1UtnJQNswdaLWDaZNolkGEnBIFG3311QkdGh8khvCn2PZBlL4+iTJA9/Ns3G ppWSgUx/qdXl4IGasPp0UuhuMDiyVqO6fKYecIjWTpf6lrhLG5WdDbftwvCp06MjGTIY Psi9ftaNr2rj99kOnOldJNWCMxn9axy2OhabDYfMy1XYOW0boVXXYnE3pTniqfvxcsAd tojQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710543950; x=1711148750; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=5v7s3VCD/BPCCGhMCnWgAFl+8Ao/7l2vN01DQs4HrL0=; b=MYHlQYYuruoBx3Kh9Sts0wT0MLye7z56JkRdoPI7KqW8grz4WRiVpHWzDz6K8wvDNu tS42+Htx4e6fg0wskEwgKM3W7qJ/WwE8Tf7t7woZ8Y9gixuMZM2L5liJpwq62Ji98ewD dsTynMSUiGZV4FDIa8li0HXwxc7czNC3gDX9Vfkq1XjOSaLBjc5mnQ8cHtULmYVct9+5 VBcKtez56GpULiP+CVeTN4xvu4eMEtbRdk3Xv8UkrFOr3PUZ87xOLE1opFtB1tvsB2Dd fn4qUzalscy7+v0UvIGT95orza3Hw48zmO8akoO0o8687h7B+5ezHDu4D59WLYAG6qGq 2jJA== X-Forwarded-Encrypted: i=1; AJvYcCUwieekwxy9i3ixy4XGlzEHUqU1agLFYoqHewD2kbgk9VdCFdfn/cwMqC+2i9Ks+oHFot/SggcRwi5EhxAWRZ9/hLSf X-Gm-Message-State: AOJu0Yx2DtlZ6wmvrLuQneng1DmAO5bJLe2i3Zr7RWvHCb9aWK92wiqe 42w7V6dOy2UEZZ2vbyVVMeRrwNSa6P76gXEyFutLzWjhjdSewAVQ1mbEd1WIYy/UVuO3Bw6hTp0 oK8gMshvj7Q== X-Google-Smtp-Source: AGHT+IFntGQygsjXJXgkdvTYDs+81NQOnpgf6NpmaludXdFIGLiDkz0yYncTNz80iNi3n4Q4ghI/ivLkql7Dhw== X-Received: from dmatlack-n2d-128.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1309]) (user=dmatlack job=sendgmr) by 2002:a05:690c:6d09:b0:60f:c5ef:f6b7 with SMTP id iv9-20020a05690c6d0900b0060fc5eff6b7mr637180ywb.9.1710543950699; Fri, 15 Mar 2024 16:05:50 -0700 (PDT) Date: Fri, 15 Mar 2024 16:05:40 -0700 In-Reply-To: <20240315230541.1635322-1-dmatlack@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240315230541.1635322-1-dmatlack@google.com> X-Mailer: git-send-email 2.44.0.291.gc1ea87d7ee-goog Message-ID: <20240315230541.1635322-4-dmatlack@google.com> Subject: [PATCH 3/4] KVM: x86/mmu: Fix and clarify comments about clearing D-bit vs. write-protecting From: David Matlack To: Paolo Bonzini , Sean Christopherson Cc: Vipin Sharma , kvm@vger.kernel.org, David Matlack Drop the "If AD bits are enabled/disabled" verbiage from the comments above kvm_tdp_mmu_clear_dirty_{slot,pt_masked}() since TDP MMU SPTEs may need to be write-protected even when A/D bits are enabled. i.e. These comments aren't technically correct. No functional change intended. Signed-off-by: David Matlack --- arch/x86/kvm/mmu/tdp_mmu.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/mmu/tdp_mmu.c b/arch/x86/kvm/mmu/tdp_mmu.c index 01192ac760f1..1e9b48b5f6e1 100644 --- a/arch/x86/kvm/mmu/tdp_mmu.c +++ b/arch/x86/kvm/mmu/tdp_mmu.c @@ -1544,11 +1544,9 @@ static bool clear_dirty_gfn_range(struct kvm *kvm, struct kvm_mmu_page *root, } /* - * Clear the dirty status of all the SPTEs mapping GFNs in the memslot. If - * AD bits are enabled, this will involve clearing the dirty bit on each SPTE. - * If AD bits are not enabled, this will require clearing the writable bit on - * each SPTE. Returns true if an SPTE has been changed and the TLBs need to - * be flushed. + * Clear the dirty status (D-bit or W-bit) of all the SPTEs mapping GFNs in the + * memslot. Returns true if an SPTE has been changed and the TLBs need to be + * flushed. */ bool kvm_tdp_mmu_clear_dirty_slot(struct kvm *kvm, const struct kvm_memory_slot *slot) @@ -1606,11 +1604,9 @@ static void clear_dirty_pt_masked(struct kvm *kvm, struct kvm_mmu_page *root, } /* - * Clears the dirty status of all the 4k SPTEs mapping GFNs for which a bit is - * set in mask, starting at gfn. The given memslot is expected to contain all - * the GFNs represented by set bits in the mask. If AD bits are enabled, - * clearing the dirty status will involve clearing the dirty bit on each SPTE - * or, if AD bits are not enabled, clearing the writable bit on each SPTE. + * Clears the dirty status (D-bit or W-bit) of all the 4k SPTEs mapping GFNs for + * which a bit is set in mask, starting at gfn. The given memslot is expected to + * contain all the GFNs represented by set bits in the mask. */ void kvm_tdp_mmu_clear_dirty_pt_masked(struct kvm *kvm, struct kvm_memory_slot *slot, From patchwork Fri Mar 15 23:05:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Matlack X-Patchwork-Id: 13594115 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 254805B1F4 for ; Fri, 15 Mar 2024 23:05:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710543954; cv=none; b=L5G+vHkBZ3YtHoOMwhVlW72ZE79DyXckPG0uqHr1UGF2JQh5MtXPI5tFR24V+jGXwA3s6l9igQ4cwgPYg4ZkV0PrmRevoapVhzZxkJljFgLRHP/q9TOxEzNGzvXoarpj9Pp+E2rb3ZFXZ8g1T+4+ekMbKZTpg/A2O5tlQDbuIxo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710543954; c=relaxed/simple; bh=DrjjQDQmTQ6MfjqFz5UMMoMg+e9wqNZYRrpOZI0Q134=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=KKjPPlmeNWaMIqbHDrKsnWcbpdcrqebr9FWwcIPGtmf+Im/xV62BXD3+URK67MpGVkWWdup8c+Id/cuLLy23Ly5ya3eQVR8OrcEuYbBYr9TX/DYSiPaELdMUeI/gl73Cl+Soby0uURQASOVrkUgkNuFmOh/eOd5o9qmV7bCNRaQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dmatlack.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=NtGOwhCP; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dmatlack.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="NtGOwhCP" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-60cc8d4e1a4so46890617b3.3 for ; Fri, 15 Mar 2024 16:05:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1710543952; x=1711148752; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=wGLRgFhMbgZdEh1jhanrBdvdUugPHHTzVEIVM0gop9E=; b=NtGOwhCPs3AsySU/kFGCGM2fY/qrgr83MhfAvjctMUFZuJir23Yv67q0M6PozNgFLb TbBX2ha9Nxc9x4BuJIUSnmYcV8RbfXfnnDtoFY1tJU/EE33LkyrAhDGsFapk6Sjydhnd zp44Q2hvZauh6eADRc0XnLzyC43MpnRUiPpNTIw3vEVPAZINk6Hg1kDFv88eH3Zv4hb2 xQMBTI6U3AsV8RtRift9LgLrlXlTQU9v+J/wkr8NO4can3k2smH7G5KJdQ1goS3DIKzh J6IgBRoDnRvdDtmfts489VaEzHh0VpZvBKiMgo3mqBRRTQ92LgNAxRFWxqAP17/PDbpE 4cKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710543952; x=1711148752; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=wGLRgFhMbgZdEh1jhanrBdvdUugPHHTzVEIVM0gop9E=; b=QPGpQVCJpNGcHMsQtx/bSs/EtFR7tdx0uQURJ7LL/T6tTHjE1HB/Hb/VWPb9Jcosl7 Oked1bOyzCtO9IJq5CSnybEYY5N+fZI4WxWH7bKmoKI4QRAZSy5W2/bnwbXon98wNGnX qM+h77X/JVBBE6f6X/tiF6YSEi3/S/kXfc4rA0R+lehsG8Ctu9PRi9R/tTQHebkYC8Su YgEbypNIqMDpAxqrdfYbYg02BNdbQkv62cQw5Qmy2/RK33a6oRh5AFP6g+Hh2MniHGBm p4S6uDPFOnlDcJ940Ou03alCW/tgXknspIVsEpcKg8x2qhLzXXrD0oAhx849i3tuVEW5 kDuA== X-Forwarded-Encrypted: i=1; AJvYcCVSTGJB1e7Zy5IPy54hHsXBbd3DI7p5psi0IkE1DWO5kbxseeOavnxgThhgLZ8GmWNpg5xzA255vw/DOjSfrNVZOaWH X-Gm-Message-State: AOJu0YyKdpMeYHGDw/mqK+yX2+zWx8ErgDkaA3zBTjSSQNwEgdQzoFGp Vc9wTFoVuNH3TEo8zqYiLPZoTyPz+W733iP1EHCCoHK+HW/Y3AhI/mJGAC6yHjZY8lD8PNBhy4N JhW5lQFp6rQ== X-Google-Smtp-Source: AGHT+IET3wnOuPzj06SPr66uFtMl9XQns+Gvge1Pv6RXnrDimezDYFhd+WpwQybR/shVDEPqnsfUUqqx8bDwog== X-Received: from dmatlack-n2d-128.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:1309]) (user=dmatlack job=sendgmr) by 2002:a0d:e252:0:b0:60c:29b7:41b5 with SMTP id l79-20020a0de252000000b0060c29b741b5mr1328282ywe.6.1710543952272; Fri, 15 Mar 2024 16:05:52 -0700 (PDT) Date: Fri, 15 Mar 2024 16:05:41 -0700 In-Reply-To: <20240315230541.1635322-1-dmatlack@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240315230541.1635322-1-dmatlack@google.com> X-Mailer: git-send-email 2.44.0.291.gc1ea87d7ee-goog Message-ID: <20240315230541.1635322-5-dmatlack@google.com> Subject: [PATCH 4/4] KVM: selftests: Add coverage of EPT-disabled to vmx_dirty_log_test From: David Matlack To: Paolo Bonzini , Sean Christopherson Cc: Vipin Sharma , kvm@vger.kernel.org, David Matlack Extend vmx_dirty_log_test to include accesses made by L2 when EPT is disabled. This commit adds explicit coverage of a bug caught by syzkaller, where the TDP MMU would clear D-bits instead of write-protecting SPTEs being used to map an L2, which only happens when L1 does not enable EPT, causing writes made by L2 to not be reflected in the dirty log when PML is enabled: $ ./vmx_dirty_log_test Nested EPT: disabled ==== Test Assertion Failure ==== x86_64/vmx_dirty_log_test.c:151: test_bit(0, bmap) pid=72052 tid=72052 errno=4 - Interrupted system call (stack trace empty) Page 0 incorrectly reported clean Opportunistically replace the volatile casts with {READ,WRITE}_ONCE(). Link: https://lore.kernel.org/kvm/000000000000c6526f06137f18cc@google.com/ Signed-off-by: David Matlack --- .../selftests/kvm/x86_64/vmx_dirty_log_test.c | 60 ++++++++++++++----- 1 file changed, 46 insertions(+), 14 deletions(-) diff --git a/tools/testing/selftests/kvm/x86_64/vmx_dirty_log_test.c b/tools/testing/selftests/kvm/x86_64/vmx_dirty_log_test.c index e4ad5fef52ff..609a767c4655 100644 --- a/tools/testing/selftests/kvm/x86_64/vmx_dirty_log_test.c +++ b/tools/testing/selftests/kvm/x86_64/vmx_dirty_log_test.c @@ -28,16 +28,16 @@ #define NESTED_TEST_MEM1 0xc0001000 #define NESTED_TEST_MEM2 0xc0002000 -static void l2_guest_code(void) +static void l2_guest_code(u64 *a, u64 *b) { - *(volatile uint64_t *)NESTED_TEST_MEM1; - *(volatile uint64_t *)NESTED_TEST_MEM1 = 1; + READ_ONCE(*a); + WRITE_ONCE(*a, 1); GUEST_SYNC(true); GUEST_SYNC(false); - *(volatile uint64_t *)NESTED_TEST_MEM2 = 1; + READ_ONCE(*b); GUEST_SYNC(true); - *(volatile uint64_t *)NESTED_TEST_MEM2 = 1; + WRITE_ONCE(*b, 1); GUEST_SYNC(true); GUEST_SYNC(false); @@ -45,17 +45,33 @@ static void l2_guest_code(void) vmcall(); } +static void l2_guest_code_ept_enabled(void) +{ + l2_guest_code((u64 *)NESTED_TEST_MEM1, (u64 *)NESTED_TEST_MEM2); +} + +static void l2_guest_code_ept_disabled(void) +{ + /* Access the same L1 GPAs as l2_guest_code_ept_enabled() */ + l2_guest_code((u64 *)GUEST_TEST_MEM, (u64 *)GUEST_TEST_MEM); +} + void l1_guest_code(struct vmx_pages *vmx) { #define L2_GUEST_STACK_SIZE 64 unsigned long l2_guest_stack[L2_GUEST_STACK_SIZE]; + void *l2_rip; GUEST_ASSERT(vmx->vmcs_gpa); GUEST_ASSERT(prepare_for_vmx_operation(vmx)); GUEST_ASSERT(load_vmcs(vmx)); - prepare_vmcs(vmx, l2_guest_code, - &l2_guest_stack[L2_GUEST_STACK_SIZE]); + if (vmx->eptp_gpa) + l2_rip = l2_guest_code_ept_enabled; + else + l2_rip = l2_guest_code_ept_disabled; + + prepare_vmcs(vmx, l2_rip, &l2_guest_stack[L2_GUEST_STACK_SIZE]); GUEST_SYNC(false); GUEST_ASSERT(!vmlaunch()); @@ -64,7 +80,7 @@ void l1_guest_code(struct vmx_pages *vmx) GUEST_DONE(); } -int main(int argc, char *argv[]) +static void test_vmx_dirty_log(bool enable_ept) { vm_vaddr_t vmx_pages_gva = 0; struct vmx_pages *vmx; @@ -76,8 +92,7 @@ int main(int argc, char *argv[]) struct ucall uc; bool done = false; - TEST_REQUIRE(kvm_cpu_has(X86_FEATURE_VMX)); - TEST_REQUIRE(kvm_cpu_has_ept()); + pr_info("Nested EPT: %s\n", enable_ept ? "enabled" : "disabled"); /* Create VM */ vm = vm_create_with_one_vcpu(&vcpu, l1_guest_code); @@ -103,11 +118,16 @@ int main(int argc, char *argv[]) * * Note that prepare_eptp should be called only L1's GPA map is done, * meaning after the last call to virt_map. + * + * When EPT is disabled, the L2 guest code will still access the same L1 + * GPAs as the EPT enabled case. */ - prepare_eptp(vmx, vm, 0); - nested_map_memslot(vmx, vm, 0); - nested_map(vmx, vm, NESTED_TEST_MEM1, GUEST_TEST_MEM, 4096); - nested_map(vmx, vm, NESTED_TEST_MEM2, GUEST_TEST_MEM, 4096); + if (enable_ept) { + prepare_eptp(vmx, vm, 0); + nested_map_memslot(vmx, vm, 0); + nested_map(vmx, vm, NESTED_TEST_MEM1, GUEST_TEST_MEM, 4096); + nested_map(vmx, vm, NESTED_TEST_MEM2, GUEST_TEST_MEM, 4096); + } bmap = bitmap_zalloc(TEST_MEM_PAGES); host_test_mem = addr_gpa2hva(vm, GUEST_TEST_MEM); @@ -148,3 +168,15 @@ int main(int argc, char *argv[]) } } } + +int main(int argc, char *argv[]) +{ + TEST_REQUIRE(kvm_cpu_has(X86_FEATURE_VMX)); + + test_vmx_dirty_log(/*enable_ept=*/false); + + if (kvm_cpu_has_ept()) + test_vmx_dirty_log(/*enable_ept=*/true); + + return 0; +}