From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 75F86173 for ; Wed, 21 Jul 2021 08:51:10 +0000 (UTC) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id E0EA81FE7F; Wed, 21 Jul 2021 08:51:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1626857462; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=RgODuVW3AaV2E0f9UPQm0t7b6U8BHQyRuS3VzEAnXZ8=; b=FQSKW8knkTEp5/E1cgVIPc289sKfAUTSzNkE1RDQUVag449dya2FCrQ4WxTsEFPq3hbOup IlMThr1d7vBAcu43/0V08meLXkAHblcVJeJZ1+csntKarE4u5ZAUEiodSbud59QuoQNMoA c3T+BY1LHgezMA1UOpVS8RBnYtm7VDU= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1626857462; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=RgODuVW3AaV2E0f9UPQm0t7b6U8BHQyRuS3VzEAnXZ8=; b=ZkIIlxCXNeGrRWdra/1UuYLRW4ht9H4gfYF8hhS317yaWIwzhSjRcG+DfZjWd72WGo5zje 8iIhld61tRJIkuAg== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 2CABD13B36; Wed, 21 Jul 2021 08:51:02 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id uzk9Cfbf92CVFgAAMHmgww (envelope-from ); Wed, 21 Jul 2021 08:51:02 +0000 Date: Wed, 21 Jul 2021 10:51:00 +0200 From: Joerg Roedel To: Andi Kleen Cc: Erdem Aktas , Andy Lutomirski , David Rientjes , Borislav Petkov , Sean Christopherson , Andrew Morton , Vlastimil Babka , "Kirill A. Shutemov" , Brijesh Singh , Tom Lendacky , Jon Grimm , Thomas Gleixner , "Peter Zijlstra (Intel)" , Paolo Bonzini , Ingo Molnar , "Kaplan, David" , Varad Gautam , Dario Faggioli , the arch/x86 maintainers , linux-mm@kvack.org, linux-coco@lists.linux.dev Subject: Re: Runtime Memory Validation in Intel-TDX and AMD-SNP Message-ID: References: <20210720220113.GA535804@tassilo.jf.intel.com> Precedence: bulk X-Mailing-List: linux-coco@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210720220113.GA535804@tassilo.jf.intel.com> On Tue, Jul 20, 2021 at 03:01:13PM -0700, Andi Kleen wrote: > On Tue, Jul 20, 2021 at 12:54:16PM -0700, Erdem Aktas wrote: > > I did not see any #VE implementation to handle SEPT violations when a > > page is in PENDING state. I am assuming that this needs to be > > supported at some point (If not then we need to discuss the use cases > > for such support). > > We actually plan to disable those #VEs, to avoid any problems with > the system call gap. Instead the plan is that the kernel will know > in advance what memory has been accepted or not, and accept it before > touching. This confuses me a bit, what happens when the VMM is malicious and re-maps an already accepted page and the TD tries to access it? My thinking was that this causes a #VE, but what happens instead when this #VE can be disabled? Regards, Joerg