Re: [PATCH v9 3/8] KVM: Add KVM_EXIT_MEMORY_FAULT exit

From: Sean Christopherson
Date: Fri Nov 18 2022 - 10:59:29 EST

Next message: Alan Stern: "Re: [PATCH 1/1] usb: gadget: f_hid: Conduct proper refcounting on shared f_hidg pointer"
Previous message: Dmitry Torokhov: "Re: [PATCH 1/3] net: davicom: dm9000: switch to using gpiod API"
In reply to: Alex Bennée: "Re: [PATCH v9 3/8] KVM: Add KVM_EXIT_MEMORY_FAULT exit"
Next in thread: Chao Peng: "Re: [PATCH v9 3/8] KVM: Add KVM_EXIT_MEMORY_FAULT exit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Nov 18, 2022, Alex Bennée wrote:
>
> Chao Peng <chao.p.peng@xxxxxxxxxxxxxxx> writes:
>
> > On Thu, Nov 17, 2022 at 03:08:17PM +0000, Alex Bennée wrote:
> >> >> I think this should be explicit rather than implied by the absence of
> >> >> another flag. Sean suggested you might want flags for RWX failures so
> >> >> maybe something like:
> >> >>
> >> >> KVM_MEMORY_EXIT_SHARED_FLAG_READ (1 << 0)
> >> >> KVM_MEMORY_EXIT_SHARED_FLAG_WRITE (1 << 1)
> >> >> KVM_MEMORY_EXIT_SHARED_FLAG_EXECUTE (1 << 2)
> >> >> KVM_MEMORY_EXIT_FLAG_PRIVATE (1 << 3)
> >> >
> >> > Yes, but I would not add 'SHARED' to RWX, they are not share memory
> >> > specific, private memory can also set them once introduced.
> >>
> >> OK so how about:
> >>
> >> KVM_MEMORY_EXIT_FLAG_READ (1 << 0)
> >> KVM_MEMORY_EXIT_FLAG_WRITE (1 << 1)
> >> KVM_MEMORY_EXIT_FLAG_EXECUTE (1 << 2)
> >> KVM_MEMORY_EXIT_FLAG_SHARED (1 << 3)
> >> KVM_MEMORY_EXIT_FLAG_PRIVATE (1 << 4)
> >
> > We don't actually need a new bit, the opposite side of private is
> > shared, i.e. flags with KVM_MEMORY_EXIT_FLAG_PRIVATE cleared expresses
> > 'shared'.
>
> If that is always true and we never expect a 3rd type of memory that is
> fine. But given we are leaving room for expansion having an explicit bit
> allows for that as well as making cases of forgetting to set the flags
> more obvious.

Hrm, I'm on the fence.

A dedicated flag isn't strictly needed, e.g. even if we end up with 3+ types in
this category, the baseline could always be "private".

I do like being explicit, and adding a PRIVATE flag costs KVM practically nothing
to implement and maintain, but evetually we'll up with flags that are paired with
an implicit state, e.g. see the many #PF error codes in x86. In other words,
inevitably KVM will need to define the default/base state of the access, at which
point the base state for SHARED vs. PRIVATE is "undefined".

The RWX bits are in the same boat, e.g. the READ flag isn't strictly necessary.
I was thinking more of the KVM_SET_MEMORY_ATTRIBUTES ioctl(), which does need
the full RWX gamut, when I typed out that response.

So I would say if we add an explicit READ flag, then we might as well add an explicit
PRIVATE flag too. But if we omit PRIVATE, then we should omit READ too.

Next message: Alan Stern: "Re: [PATCH 1/1] usb: gadget: f_hid: Conduct proper refcounting on shared f_hidg pointer"
Previous message: Dmitry Torokhov: "Re: [PATCH 1/3] net: davicom: dm9000: switch to using gpiod API"
In reply to: Alex Bennée: "Re: [PATCH v9 3/8] KVM: Add KVM_EXIT_MEMORY_FAULT exit"
Next in thread: Chao Peng: "Re: [PATCH v9 3/8] KVM: Add KVM_EXIT_MEMORY_FAULT exit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]