The purpose of this series is to help debugging failed ITS saves and restores. Failures can be due to misconfiguration on the guest side: tables with bogus base addresses, or the guest overwriting L1 indirect tables. KVM can't do much in these cases, but one thing it can do to help is raising errors as soon as possible. Here are a couple of cases where KVM could do more: - A command that adds an entry into an ITS table that is not in guest memory should fail, as any command should be treated as if it was actually saving entries in guest memory (KVM doesn't until saving). KVM does this check for collections and devices (using vgic_its_check_id), but it doesn't for the ITT (Interrupt Translation Table). Commit #1 adds the missing check. - Restoring the ITS tables does some checks for corrupted tables, but not as many as in a save. For example, a device ID overflowing the table will be detected on save but not on restore. The consequence is that restoring a corrupted table won't be detected until the next save; including the ITS not working as expected after the restore. As an example, if the guest sets tables overlapping each other, this would most likely result in some corrupted table; and this is what we would see from the host point of view: guest sets bogus baser addresses save ioctl restore ioctl save ioctl (fails) This failed save could happen many days after the first operation, so it would be hard to track down. Commit #2 adds some checks into restore: like checking that the ITE entries are not repeated. - Restoring a corrupted collection entry is being ignored. Commit #3 fixes this while trying to organize the code so to make the bug more obvious next time. Finally, failed restores should clean up all intermediate state. Commit #4 takes care of cleaning up everything created until the restore was deemed a failure. v2: https://lore.kernel.org/kvmarm/20220427184814.2204513-1-ricarkol@xxxxxxxxxx/ v2 -> v3: - collect RBs from Eric (Thanks!) - reorder check in vgic_its_cmd_handle_mapi (commit 1) [Eric] - removed some checks in vgic_its_restore_ite and vgic_its_restore_dte. [Eric] - not skipping dummy end elements when restoring collection tables. [Eric] v1: https://lore.kernel.org/kvmarm/20220425185534.57011-1-ricarkol@xxxxxxxxxx/ v1 -> v2: - moved alloc_collection comment to its respective commit. [marc] - refactored check_ite to reuse some code from check_id. [marc] - rewrote all commit messages. [marc] Tested with kvm-unit-tests ITS tests. Ricardo Koller (4): KVM: arm64: vgic: Check that new ITEs could be saved in guest memory KVM: arm64: vgic: Add more checks when restoring ITS tables KVM: arm64: vgic: Do not ignore vgic_its_restore_cte failures KVM: arm64: vgic: Undo work in failed ITS restores arch/arm64/kvm/vgic/vgic-its.c | 96 +++++++++++++++++++++++++++------- 1 file changed, 78 insertions(+), 18 deletions(-) -- 2.36.0.512.ge40c2bad7a-goog _______________________________________________ kvmarm mailing list kvmarm@xxxxxxxxxxxxxxxxxxxxx https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
