Re: [RFC PATCH v2 3/6] KVM: x86/mmu: Pass round full 64-bit error code for the KVM page fault
From: Sean Christopherson
Date: Mon Jun 26 2023 - 17:48:23 EST
On Sat, Jun 24, 2023, Kai Huang wrote:
>
> > From: Sean Christopherson <seanjc@xxxxxxxxxx>
> > Date: Fri, 23 Jun 2023 09:46:38 -0700
> > Subject: [PATCH] KVM: x86/mmu: Guard against collision with KVM-defined
> > PFERR_IMPLICIT_ACCESS
> >
> > Add an assertion in kvm_mmu_page_fault() to ensure the error code provided
> > by hardware doesn't conflict with KVM's software-defined IMPLICIT_ACCESS
> > flag. In the unlikely scenario that future hardware starts using bit 48
> > for a hardware-defined flag, preserving the bit could result in KVM
> > incorrectly interpreting the unknown flag as KVM's IMPLICIT_ACCESS flag.
> >
> > WARN so that any such conflict can be surfaced to KVM developers and
> > resolved, but otherwise ignore the bit as KVM can't possibly rely on a
> > flag it knows nothing about.
>
> I think the fundamental problem is we mix synthetic bit(s) with the hardware
> error code together into a single 'u64'. Given there's no guarantee from
> hardware vendors (Intel/AMD) that some bits will be always reserved for software
> use, there's no guarantee the synthetic bit(s) won't conflict with those
> hardware defined bits.
>
> Perhaps a fundamental fix is to use a new 'u64' as parameter for software-
> defined error code passing to all relevant code paths.
Yeah, in an ideal world KVM wouldn't usurp error code bits. But I don't know
that it's worth plumbing in an extra param to all the affected helpers. From a
functional perspective, unless someone runs with panic_on_warn=1 in production,
or I'm missing something, the warn-and-clear approach is sufficient. If we get
more synthetic "access" bits, then we should revisit this, but I think for now
it's ok
> But I think your fix (or detection) below should be good enough perhaps for a
> long time, and even in the future when such conflict merges, we can move the
> synthetic bit to another bit. The only problem is probably we will need
> relevant patch(es) back-ported to stable kernels.