From patchwork Fri Jul 26 23:51:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 1965475 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=Xe5oSuUz; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.a=rsa-sha256 header.s=20230601 header.b=wyE64ImB; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WW4cj5vsGz20FH for ; Sat, 27 Jul 2024 10:04:53 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:Reply-To:List-Subscribe:List-Help: List-Post:List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Message-ID :References:Mime-Version:In-Reply-To:Date:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=bJavTwMdPYbh6ZmVYN/DwO/tuNa1TM7qghVLU/bFqF4=; b=Xe5oSuUzWWQpKz xwRIU9625SRcAyCBSwhpKDGPkxZXMQXtXTCRGSL+zp4hj78CBjMWYoAtEJV+F4zgvvt2Dr3jb2Wh/ lBNSTLjP5+bxk7ki1YKlxZ2OIHsY1Hl2EWamCjmc82J+CaiNmoS7LBpVvzIYEucNM5mZP53eZTSfz 7GpaQPznmutw348FzXf6W3sq9U+ol2OZ+aiqFsJLQ7flZHGYAyM9yfoxXMkJPopkJqGQQotwCtJtr gv9lxplD9xCwmAH0tU0XBcdNB55UnwRMWZOOcjECbOEhqZaPjsy+E0nE2EeJUeaz6++e/7HpJLUzt tNSZkfMqT8gdZJdWb8TA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1sXUvc-00000005WNY-29Ri; Sat, 27 Jul 2024 00:04:52 +0000 Received: from mail-yb1-xb4a.google.com ([2607:f8b0:4864:20::b4a]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1sXUkn-00000005PxY-2BjW for kvm-riscv@lists.infradead.org; Fri, 26 Jul 2024 23:53:44 +0000 Received: by mail-yb1-xb4a.google.com with SMTP id 3f1490d57ef6-e05faf3fdc4so435380276.2 for ; Fri, 26 Jul 2024 16:53:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722038020; x=1722642820; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=ABkrzr1cGSxzpfOXTkcnfxpngM7W7Byv3yxUL9/Xpog=; b=wyE64ImBNbMdo6E0DTERUJzgCvzHeAYGZGutnCKneiUwLYcNVm53aTqAu7fHClgsrS GtYbnE6jxLpB+a/yDh6y5oY+X5TSAzRqVlJUTyiNv/lWcm0l7qaxCSXq2X9F+EgLiLlu ymJ5mjfnqQHj8ayV1r2PTJfm4bei+VYut6COJDF562CwznPkhFGDqv/ah+CCoMhanb4k 4nyOP483zqSHkGR4fo5wvw2mCH8w4e5/VKc96KEMIWmZQhmnQ2M3/xRANkQHkyBfnUnH 38yBsU4Jukdz30a18ZEChMd2XZKmuK2egQvA7AJ/3glgbd8jdBEs5Os9wZk3M2MqTG91 8S8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722038020; x=1722642820; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ABkrzr1cGSxzpfOXTkcnfxpngM7W7Byv3yxUL9/Xpog=; b=cEEHsjpBgJf/+tTHYDSqLepvpDmM4AyLUd8ekWiGmaYHphilgJSEr3s8CUtt3KWcNK YmIO5yh1z5TPM6JfEBRi6e7XIDO4px5cIBLp8GljbG5ITbjTIJel1vV7W/TfTxUtyaya NxOixhVahpWvJ5ucw3yqaEi67DSYdm2KlMb8/EU+AD7A9EvG6Vxp4jFMu9AtFFRW8s8a gsBH9ZkcgfdbvOp/MZCkVb1Gs50toZ2MROVO2JTs21LSg2qVw7V1xKqvtZR7AnyrEpQE GRuVZbii4Q0ZRNeqluhyQ2Hfx5kaggb0qVCOIvGEHkVKNnt4SM05EfUcm8oYsrp3e0Mt Mwsw== X-Forwarded-Encrypted: i=1; AJvYcCW2TP29Vc9qWybkI2cDWRLZsde/idxVvW/uCUtjVUIGGqLytltaHMw6+Sf91ru5ijc4hDnIvLWZo026O4w2SVBmGWiGIDtiZ/bAnI/4EA== X-Gm-Message-State: AOJu0Yx9yy0a9AWejQzmC9+2bxO78q2iHD0m8zaLGWWdZnLMJx0gSpNw y6RqW7EMm/ONTz0/KabAjMvOXB7xD3+BoHJSVLb9lN5+/uM8bbGCBjyHsvRj/28RYUopiOFUSiq YWA== X-Google-Smtp-Source: AGHT+IF9e10ucuu5PEDYEm2t1VHH57SvniduNcr3PDVCEbnd2uQ/527xnsEGixiu/Fx7KhH32OKutuDbjT0= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:9004:0:b0:e03:b9df:aa13 with SMTP id 3f1490d57ef6-e0b5455eafcmr36206276.8.1722038019655; Fri, 26 Jul 2024 16:53:39 -0700 (PDT) Date: Fri, 26 Jul 2024 16:51:39 -0700 In-Reply-To: <20240726235234.228822-1-seanjc@google.com> Mime-Version: 1.0 References: <20240726235234.228822-1-seanjc@google.com> X-Mailer: git-send-email 2.46.0.rc1.232.g9752f9e123-goog Message-ID: <20240726235234.228822-31-seanjc@google.com> Subject: [PATCH v12 30/84] KVM: nVMX: Mark vmcs12's APIC access page dirty when unmapping From: Sean Christopherson To: Paolo Bonzini , Marc Zyngier , Oliver Upton , Tianrui Zhao , Bibo Mao , Huacai Chen , Michael Ellerman , Anup Patel , Paul Walmsley , Palmer Dabbelt , Albert Ou , Christian Borntraeger , Janosch Frank , Claudio Imbrenda , Sean Christopherson Cc: kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, loongarch@lists.linux.dev, linux-mips@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, kvm-riscv@lists.infradead.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, David Matlack , David Stevens X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240726_165341_698827_B252DB68 X-CRM114-Status: GOOD ( 11.78 ) X-Spam-Score: -9.5 (---------) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Mark the APIC access page as dirty when unmapping it from KVM. The fact that the page _shouldn't_ be written doesn't guarantee the page _won't_ be written. And while the contents are likely irrelevant [...] Content analysis details: (-9.5 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:b4a listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -7.5 USER_IN_DEF_DKIM_WL From: address is in the default DKIM welcome-list 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.0 DKIMWL_WL_MED DKIMwl.org - Medium trust sender X-BeenThere: kvm-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Sean Christopherson Sender: "kvm-riscv" Errors-To: kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Mark the APIC access page as dirty when unmapping it from KVM. The fact that the page _shouldn't_ be written doesn't guarantee the page _won't_ be written. And while the contents are likely irrelevant, the values _are_ visible to the guest, i.e. dropping writes would be visible to the guest (though obviously highly unlikely to be problematic in practice). Marking the map dirty will allow specifying the write vs. read-only when *mapping* the memory, which in turn will allow creating read-only maps. Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/nested.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 8d05d1d9f544..3096f6f5ecdb 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -318,12 +318,7 @@ static void nested_put_vmcs12_pages(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); - /* - * Unpin physical memory we referred to in the vmcs02. The APIC access - * page's backing page (yeah, confusing) shouldn't actually be accessed, - * and if it is written, the contents are irrelevant. - */ - kvm_vcpu_unmap(vcpu, &vmx->nested.apic_access_page_map, false); + kvm_vcpu_unmap(vcpu, &vmx->nested.apic_access_page_map, true); kvm_vcpu_unmap(vcpu, &vmx->nested.virtual_apic_map, true); kvm_vcpu_unmap(vcpu, &vmx->nested.pi_desc_map, true); vmx->nested.pi_desc = NULL;