From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=gLXF=HN=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.5 required=3.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,
	SPF_PASS autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 24681C433DB
	for <linux-mm@archiver.kernel.org>; Thu, 11 Feb 2021 20:47:12 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id B772B64E13
	for <linux-mm@archiver.kernel.org>; Thu, 11 Feb 2021 20:47:11 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B772B64E13
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=infradead.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 3AE1F6B015F; Thu, 11 Feb 2021 15:47:11 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 35DCD6B0160; Thu, 11 Feb 2021 15:47:11 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 2771A6B0161; Thu, 11 Feb 2021 15:47:11 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0049.hostedemail.com [216.40.44.49])
	by kanga.kvack.org (Postfix) with ESMTP id 126DC6B015F
	for <linux-mm@kvack.org>; Thu, 11 Feb 2021 15:47:11 -0500 (EST)
Received: from smtpin23.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay04.hostedemail.com (Postfix) with ESMTP id D2B71363C
	for <linux-mm@kvack.org>; Thu, 11 Feb 2021 20:47:10 +0000 (UTC)
X-FDA: 77807171820.23.car88_4a0b7502761b
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin23.hostedemail.com (Postfix) with ESMTP id B4A6937604
	for <linux-mm@kvack.org>; Thu, 11 Feb 2021 20:47:10 +0000 (UTC)
X-HE-Tag: car88_4a0b7502761b
X-Filterd-Recvd-Size: 3513
Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134])
	by imf28.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Thu, 11 Feb 2021 20:47:10 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=infradead.org; s=merlin.20170209; h=In-Reply-To:Content-Type:MIME-Version:
	References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To:
	Content-Transfer-Encoding:Content-ID:Content-Description;
	bh=MTpl77mqHMqaSN7ktDu092WJSNKh/hSCcabxNwaApss=; b=MIbrw5ltXZPq2ioRMYeoZlSbxi
	L91LoXV0DaWlZOH55tNn2zo2ryfEJzGpB1bWs6XsVVtsOS4yhPRdfyGmZo36p6D6bedcyyMqcRt4l
	UQ+jUJrCPYtkpqsBY5BvYv/lsstQgmA8D1s3Thw1sxIVPww01pYMvhwnXzeii9oHs7WFHgriktYAR
	B7grV7tNKR4YFuuwm1Jb523AXl6kjIyfoFX9zdTIauHLGQeb9X7TqvDM59yy4d3hoVgCPSTI+3pYU
	qApo6J/J29A/ghRo0ovsgAGtKraVUow8Kx7M8UzGc+New6pPSqI/fs3UFeWxgH2rwUJRbVbfMlKg4
	93yVfqwg==;
Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=noisy.programming.kicks-ass.net)
	by merlin.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux))
	id 1lAIrc-0002MT-PL; Thu, 11 Feb 2021 20:47:00 +0000
Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client did not present a certificate)
	by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id 80706301A27;
	Thu, 11 Feb 2021 21:46:57 +0100 (CET)
Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000)
	id 68DC32BD4B2BE; Thu, 11 Feb 2021 21:46:57 +0100 (CET)
Date: Thu, 11 Feb 2021 21:46:57 +0100
From: Peter Zijlstra <peterz@infradead.org>
To: David Rientjes <rientjes@google.com>
Cc: Borislav Petkov <bp@alien8.de>, Andy Lutomirski <luto@kernel.org>,
	Sean Christopherson <seanjc@google.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	Andi Kleen <ak@linux.intel.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jon Grimm <jon.grimm@amd.com>, Thomas Gleixner <tglx@linutronix.de>,
	Christoph Hellwig <hch@lst.de>, Paolo Bonzini <pbonzini@redhat.com>,
	Ingo Molnar <mingo@redhat.com>, Joerg Roedel <jroedel@suse.de>,
	x86@kernel.org, linux-mm@kvack.org
Subject: Re: AMD SEV-SNP/Intel TDX: validation of memory pages
Message-ID: <YCWXwQa+CUvOo8cQ@hirez.programming.kicks-ass.net>
References: <7515a81a-19e-b063-2081-3f5e79f0f7a8@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <7515a81a-19e-b063-2081-3f5e79f0f7a8@google.com>
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Mon, Feb 01, 2021 at 05:51:09PM -0800, David Rientjes wrote:
> I think quite invasive changes are needed for the guest to support lazy
> validation/acceptance to core areas that lots of people on the recipient
> list have strong opinions about.  Some things that come to mind:
> 
>  - Annotations for pages that must be pre-validated in the x86 boot
>    sequence, including IST stacks
> 
>  - Proliferation of these annotations throughout any kernel code that can
>    access memory for #VC or #VE

Kernel code that is critical should already be covered by the noinstr
annotation. Data that is used from noinstr should ideally be placed in
noinstr data sections, but that is currently still a TODO.

This is all required for correct functioning of the entry code on
native, but seems to nicely line up with the TDX requirements.

The thing we'll not accept is making #VE an IST.