From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9099C636CC for ; Thu, 16 Feb 2023 05:14:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C91E16B0071; Thu, 16 Feb 2023 00:14:26 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id C422D6B0072; Thu, 16 Feb 2023 00:14:26 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B09C26B0073; Thu, 16 Feb 2023 00:14:26 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id A0A3B6B0071 for ; Thu, 16 Feb 2023 00:14:26 -0500 (EST) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 5E22C16016A for ; Thu, 16 Feb 2023 05:14:26 +0000 (UTC) X-FDA: 80471989332.23.5712FCD Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf11.hostedemail.com (Postfix) with ESMTP id EE36E4001A for ; Thu, 16 Feb 2023 05:14:23 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=S6DhiGdH; spf=pass (imf11.hostedemail.com: domain of rppt@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=rppt@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1676524464; a=rsa-sha256; cv=none; b=lfHBHO0IAg4nLqHQZYghWe4QgsmnFAj2wmab5RY9ExUstfLDraoW2wCGa8w95hSpTsQxaP mlwLziO+H12MSZRAbLQ9tdnSbyZ+0LOUzaw5B2vBSSqPfF+TRx57ZQLyyKIlAX1iOM1I8N 16TP2emXcL+roVQs4BRMzusJP+QRg94= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=S6DhiGdH; spf=pass (imf11.hostedemail.com: domain of rppt@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=rppt@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1676524464; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=q76epm8XWybS/cSDnkX1jM1lOTqBsOjb63VoY2QQ21U=; b=5my4Op2wVVY4rwNP6nIN2Uav8FCY74Y6WauVlKUChx1SertRjoCXUw9E5hCmqr8z0p6Q+S lXryV0bRh1sY9XqqJSn8Hnlm7TyjBkeWvfHBDPQEfq8FFGPKyIDGp+NzSU363jN/y603Cq Xg3WmpB5eB0h7QZGgDHj7FYM8EXEGug= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id C462DCE25F0; Thu, 16 Feb 2023 05:14:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 57DFEC433EF; Thu, 16 Feb 2023 05:14:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1676524457; bh=5bN2qNXzQ4ZA0g4le+lak/ncOAC6JWfVkeV3mS7J638=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=S6DhiGdHj1JDcPoZ1SfQW0UbLyKedojDvkeLmMsMmBwPwm5Yt9ALPyAEdUcNs/Kri y0wdQjtRgesQPv1yH4KbX2jBYemiOzTpuPf+dczvYxTVGZ2quVV8mTHQhPE8aLG4e7 DXI8KPzfDbQEhul6FRH1xmCTTBptlv18inIYrE3lZPKsxHrObglGNVUJjYWLJw+yRh qLoEV/M0+FXsR2Yyl4A/8ONxeFBM4nRHoCK+SPySEBCED0DLIe2fRJWz1w55/Uvg/l XxPsCan76eLvTZglTKRcCOa4i7hQJI9KrgiS2Iu63uqvrH8MGX/DwoTfVEw+ty44Xp JVI04vumpZNTw== Date: Thu, 16 Feb 2023 07:13:53 +0200 From: Mike Rapoport To: Chao Peng Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, linux-doc@vger.kernel.org, qemu-devel@nongnu.org, Paolo Bonzini , Jonathan Corbet , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Arnd Bergmann , Naoya Horiguchi , Miaohe Lin , x86@kernel.org, "H . Peter Anvin" , Hugh Dickins , Jeff Layton , "J . Bruce Fields" , Andrew Morton , Shuah Khan , Steven Price , "Maciej S . Szmigiero" , Vlastimil Babka , Vishal Annapurve , Yu Zhang , "Kirill A . Shutemov" , luto@kernel.org, jun.nakajima@intel.com, dave.hansen@intel.com, ak@linux.intel.com, david@redhat.com, aarcange@redhat.com, ddutile@redhat.com, dhildenb@redhat.com, Quentin Perret , tabba@google.com, Michael Roth , mhocko@suse.com, wei.w.wang@intel.com Subject: Re: [PATCH v10 0/9] KVM: mm: fd-based approach for supporting KVM Message-ID: References: <20221202061347.1070246-1-chao.p.peng@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221202061347.1070246-1-chao.p.peng@linux.intel.com> X-Rspam-User: X-Rspamd-Queue-Id: EE36E4001A X-Rspamd-Server: rspam01 X-Stat-Signature: n8eqhe4jwbd6mzn9o4mdayhaz84x7kze X-HE-Tag: 1676524463-50512 X-HE-Meta: U2FsdGVkX19CmwgZ4A6wHUTxWtrUC9NLsJlRAc52HO5M6jxUdinpr7cbxDn156govWVu3ALHy/ep4+rrBdfuEaTpZP616aYOZ/6eqPdCHmhCjv/tdbf0sFkNEEQ2hygwi6LUV6rE5IqqiXJoL4PQjMuMTwa9aDByC1eoeihvTNVEHtnqVKtLQQxMC3eS6Vx1OpI10+yaxjYJd6kW6JTmkwlIMq3ZqfKE56U0fovS2R2c4Gcmajma4/7U24Ew11vy2v7t7z/6IW54wkdlKHnB1wvVi1CX2xojJo3AEGuytcDePoGVS4WL9SYfBRYfgt8gEWgv8htY8MRiSXdchrROf4cv+tewdTwRL+rdT/lSMgkSUqNGm9TrN2Vp4UD1e6G1G86mbz6dI3e2TQ9MG1FgYE4607SH4DVCx8FquqCeCVerTUv4t+S0PIxizQj/qL8Jfss2MD8fBJrX56dkI3VVDx4L3e2gvJ4Peqt+Q9e38e5TsjihO172HFeqBsY1Bu5OotMr0rwpmqA8ZhhCrc8Vlc31cFH6xPLGveToXaDXDn6GWMdJ4P3L1zzXlmZDihfwzGRolqhVRaeVTaPIYEimdPLBM+8hyJcYr2OP/RZgOhH4lMaOQorLradlWjxWVvQ3Pyz/4KPeQNZY5MRyPicv20bYtuuEmGEE27FFct+FMlfiHwEo2qRdkki4WNEUJdb7sCGqUyPnjPqiq3obBEq4ejoHGGTc9TuIcybsP1xeMEhv03lw+hfYNqsb4dkDhsB2bhwZitCrODvSdygHGgNGkSXCH3NVyBQl5matf+LxJwrxcHlnQqkEVveFf2WzBumOlNNAq2B3xVJaCuRswEoJ/6pNm4vfioFkVX7mxCvFBXmLLNeI7z+DgSYbPz/oNOkk/iFj+x0zjraOW+MHqcO9a4B0apFdu5aguGUNsRBNmQg83RZES5p43ZM0i46SlI/BJNFa0FfSvzccpwsN9pX TP1hBYEg 9Yg1j8//scYCcR8e7cIjQbmpKt1fNGouuG2q3sg7Yb9kImEkaN5XdKLHv87OdnsmybwiRqYxVm7bgGAD/OYrn+l3cS42pZc9hwTWJ1FNmdr9dtseBSEBB9sg8DbmCpf4A2GmQNGC6oRjWMW7etxE3S8tKZGycT1VCCJqfzR4vCzbYGqF4cuO90noq57SpjAiWtWB4JOTMUzcTchKPneSjyFmj63BNZB+oZjILD36KwhOYjEw8gncUpJ37jIl8Q0ZZ9vtOOttlx3vzMD1/OQqDFYRx1YUO08L5dUKkGM8GeeEdi58gF1kM0x4I7Q== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hi, On Fri, Dec 02, 2022 at 02:13:38PM +0800, Chao Peng wrote: > This patch series implements KVM guest private memory for confidential > computing scenarios like Intel TDX[1]. If a TDX host accesses > TDX-protected guest memory, machine check can happen which can further > crash the running host system, this is terrible for multi-tenant > configurations. The host accesses include those from KVM userspace like > QEMU. This series addresses KVM userspace induced crash by introducing > new mm and KVM interfaces so KVM userspace can still manage guest memory > via a fd-based approach, but it can never access the guest memory > content. Sorry for jumping late. Unless I'm missing something, hibernation will also cause an machine check when there is TDX-protected memory in the system. When the hibernation creates memory snapshot it essentially walks all physical pages and saves their contents, so for TDX memory this will trigger machine check, right? > Documentation/virt/kvm/api.rst | 125 ++++++- > arch/x86/entry/syscalls/syscall_32.tbl | 1 + > arch/x86/entry/syscalls/syscall_64.tbl | 1 + > arch/x86/include/asm/kvm_host.h | 9 + > arch/x86/kvm/Kconfig | 3 + > arch/x86/kvm/mmu/mmu.c | 205 ++++++++++- > arch/x86/kvm/mmu/mmu_internal.h | 14 +- > arch/x86/kvm/mmu/mmutrace.h | 1 + > arch/x86/kvm/mmu/tdp_mmu.c | 2 +- > arch/x86/kvm/x86.c | 17 +- > include/linux/kvm_host.h | 103 +++++- > include/linux/restrictedmem.h | 71 ++++ > include/linux/syscalls.h | 1 + > include/uapi/asm-generic/unistd.h | 5 +- > include/uapi/linux/kvm.h | 53 +++ > include/uapi/linux/magic.h | 1 + > kernel/sys_ni.c | 3 + > mm/Kconfig | 4 + > mm/Makefile | 1 + > mm/memory-failure.c | 3 + > mm/restrictedmem.c | 318 +++++++++++++++++ > virt/kvm/Kconfig | 6 + > virt/kvm/kvm_main.c | 469 +++++++++++++++++++++---- > 23 files changed, 1323 insertions(+), 93 deletions(-) > create mode 100644 include/linux/restrictedmem.h > create mode 100644 mm/restrictedmem.c -- Sincerely yours, Mike.