Re: [PATCH v2 0/2] Dirtying, failing memop: don't indicate suppression

[Janosch Frank]

[...]
> > > The only question is, do we need to change the suppression parameter in
> > > access_guest_with_key
> > >
> > >     (mode != GACC_STORE) || (idx == 0)
> > >
> > > to also check for prot != PROT_TYPE_KEYC
> > > ? I think we do not need this as we have checked other reasons before.
>
> Yes, it is not necessary, the control flow is such that a protection exception
> implies that is due to keys.
> > To me this measure looks like a last resort option and the POP doesn't state a 100% what is to be done. Some instructions can mandate suppression instead of termination according to the architects.
> >
> > My intuition tells me that if we are in a situation where this would happen then we would be much better off just doing it by hand (i.e. in the instruction emulation code) and not letting this function decide.
>
> For the instructions we currently need to emulate in KVM we should be fine.
> So the question is what's best for the future and for instructions emulated by user space.
> Upward in the call stack (including user space), we don't know the failing address,
> which complicates handling it in the emulation code.
> You could chop up the memop in page chunks to find out, but that might have other issues.
>
> Since this behavior is very implicit and easy to overlook maybe we should document it
> in the description of the memop ioctl?

Yeah, properly documenting this is the least we can do.