From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CA5E4C433FE for ; Sat, 13 Nov 2021 18:28:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B0D3E611C9 for ; Sat, 13 Nov 2021 18:28:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236006AbhKMSbP (ORCPT ); Sat, 13 Nov 2021 13:31:15 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43382 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230363AbhKMSbO (ORCPT ); Sat, 13 Nov 2021 13:31:14 -0500 Received: from mail-pg1-x52f.google.com (mail-pg1-x52f.google.com [IPv6:2607:f8b0:4864:20::52f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 64A6AC061766 for ; Sat, 13 Nov 2021 10:28:22 -0800 (PST) Received: by mail-pg1-x52f.google.com with SMTP id r132so8706032pgr.9 for ; Sat, 13 Nov 2021 10:28:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=5Ycmt8tegHM9+iX2tw5kVKKQzYyX28cv7Zc0okImoEE=; b=S0fC6nUpGsYzMDkH2fwRs2kslWGsA0ZT433CI4HTX9RKW5R96rXkcQ/0Zyd00TxgsA 3JKbKipk4vpz56yCcFNbQIuQqjsCczhrMCYx00uSOjXMxpUjSj60DkNqZl/Yb225PSb1 ShrqJF6fxpJ5JQxJQ9HImAZL1hsIkrWX/d0+TBsWu80+W91/3jdRmWD8pieJYmU5r9jr uAvF4Qcy0159z4xAvQagHfO2T4J4m+CDLVYDN+KmSL7qR6s06QYrglpM4qsrqLdlkY2M GkaQeb87LHzjh3U0dSuftpxx1AU4Vhurn/wCS3UhRblDyYA0/UZuZzO8jmOr4uRfUC7P iLOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=5Ycmt8tegHM9+iX2tw5kVKKQzYyX28cv7Zc0okImoEE=; b=IIsfJgfXyL0HzQZuDohqXYg36sYsHXTuyUTkVowdcx/6IoE9KaZcYpEKwXKXDe/wPu 6SX13ijSHYLsEcnZecp8fqEflL7/XzOyd2FYreFkBBGOXIT/mnPhyit9csC9RKvgLqTr 9Iw1K25ugYzFb2GPxOCS9dpjqHkFUOnoaJHN42ho7VsKi9u9lLWhqDnJWFFCQDTBRFLx 78qs15yL+lPvBs8AZaEu9Pfh7PLgh96P3qHmROYeB7XZ2OlESdiK2z2WSLpi0MAit19T Z2KCAlccSDTYkC7o40gzmQoyLEUXQ1K1qPpRo3MWWlxg3S9JPbHyw41jZy8FaF/T1p3n 15zw== X-Gm-Message-State: AOAM53049/4FQPxizbiPICn90bHeG7SRVcN8y5rSOBrd7Y8c8CluEubU UQ0XrxBM8XJjRboxmv3sftCh+w== X-Google-Smtp-Source: ABdhPJwd0lZ9M5eG7/pjsaMsb0UCHSKrCM/hqTbMkiLkRbr2swjCDNY5Edw8/HsS2qWXhggajuV/kw== X-Received: by 2002:a62:1b86:0:b0:47b:d112:96d4 with SMTP id b128-20020a621b86000000b0047bd11296d4mr22281236pfb.52.1636828101667; Sat, 13 Nov 2021 10:28:21 -0800 (PST) Received: from google.com (157.214.185.35.bc.googleusercontent.com. [35.185.214.157]) by smtp.gmail.com with ESMTPSA id z13sm10074099pfg.36.2021.11.13.10.28.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 13 Nov 2021 10:28:20 -0800 (PST) Date: Sat, 13 Nov 2021 18:28:16 +0000 From: Sean Christopherson To: Marc Orr Cc: Peter Gonda , Andy Lutomirski , Borislav Petkov , Dave Hansen , Brijesh Singh , the arch/x86 maintainers , Linux Kernel Mailing List , kvm list , linux-coco@lists.linux.dev, linux-mm@kvack.org, Linux Crypto Mailing List , Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Dave Hansen , Sergio Lopez , "Peter Zijlstra (Intel)" , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , Tony Luck , Sathyanarayanan Kuppuswamy Subject: Re: [PATCH Part2 v5 00/45] Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support Message-ID: References: <2cb3217b-8af5-4349-b59f-ca4a3703a01a@www.fastmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Fri, Nov 12, 2021, Marc Orr wrote: > On Fri, Nov 12, 2021 at 4:53 PM Sean Christopherson wrote: > > On Fri, Nov 12, 2021, Peter Gonda wrote: > > > Having a way for userspace to lock pages as shared was an idea I just > > > proposed the simplest solution to start the conversation. > > > > Assuming you meant that to read: > > > > Having a way for userspace to lock pages as shared is an alternative idea; I > > just proposed the simplest solution to start the conversation. > > > > The unmapping[*] guest private memory proposal is essentially that, a way for userspace > > to "lock" the state of a page by requiring all conversions to be initiated by userspace > > and by providing APIs to associate a pfn 1:1 with a KVM instance, i.e. lock a pfn to > > a guest. > > > > Andy's DMA example brings up a very good point though. If the shared and private > > variants of a given GPA are _not_ required to point at a single PFN, which is the > > case in the current unmapping proposal, userspace doesn't need to do any additional > > juggling to track guest conversions across multiple processes. > > > > Any process that's accessing guest (shared!) memory simply does its locking as normal, > > which as Andy pointed out, is needed for correctness today. If the guest requests a > > conversion from shared=>private without first ensuring the gfn is unused (by a host > > "device"), the host will side will continue accessing the old, shared memory, which it > > locked, while the guest will be doing who knows what. And if the guest provides a GPA > > that isn't mapped shared in the VMM's address space, it's conceptually no different > > than if the guest provided a completely bogus GPA, which again needs to be handled today. > > > > In other words, if done properly, differentiating private from shared shouldn't be a > > heavy lift for host userspace. > > > > [*] Actually unmapping memory may not be strictly necessary for SNP because a > > #PF(RMP) is likely just as good as a #PF(!PRESENT) when both are treated as > > fatal, but the rest of the proposal that allows KVM to understand the stage > > of a page and exit to userspace accordingly applies. > > Thanks for this explanation. When you write "while the guest will be > doing who knows what": > > Isn't that a large weakness of this proposal? To me, it seems better > for debuggability to corrupt the private memory (i.e., convert the > page to shared) so the guest can detect the issue via a PVALIDATE > failure. The behavior is no different than it is today for regular VMs. > The main issue I see with corrupting the guest memory is that we may > not know whether the host is at fault or the guest. Yes, one issue is that bugs in the host will result in downstream errors in the guest, as opposed to immediate, synchronous detection in the guest. IMO that is a significant flaw. Another issue is that the host kernel, which despite being "untrusted", absolutely should be acting in the best interests of the guest. Allowing userspace to inject #VC, e.g. to attempt to attack the guest by triggering a spurious PVALIDATE, means the kernel is failing miserably on that front.