On Sat, Jun 24, 2023, Kai Huang wrote: > > > From: Sean Christopherson <seanjc@xxxxxxxxxx> > > Date: Fri, 23 Jun 2023 09:46:38 -0700 > > Subject: [PATCH] KVM: x86/mmu: Guard against collision with KVM-defined > > PFERR_IMPLICIT_ACCESS > > > > Add an assertion in kvm_mmu_page_fault() to ensure the error code provided > > by hardware doesn't conflict with KVM's software-defined IMPLICIT_ACCESS > > flag. In the unlikely scenario that future hardware starts using bit 48 > > for a hardware-defined flag, preserving the bit could result in KVM > > incorrectly interpreting the unknown flag as KVM's IMPLICIT_ACCESS flag. > > > > WARN so that any such conflict can be surfaced to KVM developers and > > resolved, but otherwise ignore the bit as KVM can't possibly rely on a > > flag it knows nothing about. > > I think the fundamental problem is we mix synthetic bit(s) with the hardware > error code together into a single 'u64'. Given there's no guarantee from > hardware vendors (Intel/AMD) that some bits will be always reserved for software > use, there's no guarantee the synthetic bit(s) won't conflict with those > hardware defined bits. > > Perhaps a fundamental fix is to use a new 'u64' as parameter for software- > defined error code passing to all relevant code paths. Yeah, in an ideal world KVM wouldn't usurp error code bits. But I don't know that it's worth plumbing in an extra param to all the affected helpers. From a functional perspective, unless someone runs with panic_on_warn=1 in production, or I'm missing something, the warn-and-clear approach is sufficient. If we get more synthetic "access" bits, then we should revisit this, but I think for now it's ok > But I think your fix (or detection) below should be good enough perhaps for a > long time, and even in the future when such conflict merges, we can move the > synthetic bit to another bit. The only problem is probably we will need > relevant patch(es) back-ported to stable kernels.
