From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=CdCv=MS=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6331DC4338F
	for <linux-mm@archiver.kernel.org>; Mon, 26 Jul 2021 18:55:30 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id E6E6360F8F
	for <linux-mm@archiver.kernel.org>; Mon, 26 Jul 2021 18:55:29 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org E6E6360F8F
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=8bytes.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org
Received: by kanga.kvack.org (Postfix)
	id 37B398D0002; Mon, 26 Jul 2021 14:55:29 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 304018D0001; Mon, 26 Jul 2021 14:55:29 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 1CC498D0002; Mon, 26 Jul 2021 14:55:29 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0031.hostedemail.com [216.40.44.31])
	by kanga.kvack.org (Postfix) with ESMTP id F421F8D0001
	for <linux-mm@kvack.org>; Mon, 26 Jul 2021 14:55:28 -0400 (EDT)
Received: from smtpin16.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay01.hostedemail.com (Postfix) with ESMTP id 9BC531828D94E
	for <linux-mm@kvack.org>; Mon, 26 Jul 2021 18:55:28 +0000 (UTC)
X-FDA: 78405642336.16.89C1CDD
Received: from theia.8bytes.org (8bytes.org [81.169.241.247])
	by imf27.hostedemail.com (Postfix) with ESMTP id B8C607001F4B
	for <linux-mm@kvack.org>; Mon, 26 Jul 2021 18:55:27 +0000 (UTC)
Received: by theia.8bytes.org (Postfix, from userid 1000)
	id 99991296; Mon, 26 Jul 2021 20:55:25 +0200 (CEST)
Date: Mon, 26 Jul 2021 20:55:24 +0200
From: Joerg Roedel <joro@8bytes.org>
To: Marc Orr <marcorr@google.com>
Cc: Andi Kleen <ak@linux.intel.com>, Erdem Aktas <erdemaktas@google.com>,
	Andy Lutomirski <luto@kernel.org>, Joerg Roedel <jroedel@suse.de>,
	David Rientjes <rientjes@google.com>,
	Borislav Petkov <bp@alien8.de>,
	Sean Christopherson <seanjc@google.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Vlastimil Babka <vbabka@suse.cz>,
	"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jon Grimm <jon.grimm@amd.com>, Thomas Gleixner <tglx@linutronix.de>,
	Peter Zijlstra <peterz@infradead.org>,
	Paolo Bonzini <pbonzini@redhat.com>, Ingo Molnar <mingo@redhat.com>,
	"Kaplan, David" <David.Kaplan@amd.com>,
	Varad Gautam <varad.gautam@suse.com>,
	Dario Faggioli <dfaggioli@suse.com>, x86 <x86@kernel.org>,
	linux-mm@kvack.org, linux-coco@lists.linux.dev
Subject: Re: Runtime Memory Validation in Intel-TDX and AMD-SNP
Message-ID: <YP8FHHRnf6utkvd/@8bytes.org>
References: <YPV27hDPZUoVsIZt@suse.de>
 <a5ac5af6-7e28-4e9c-e55b-db31842a5911@kernel.org>
 <CAAYXXYwFzrf8uY-PFkMRSG28+HztfGdJft8kB3Y3keWCx9K8TQ@mail.gmail.com>
 <aa564856-36c7-ae19-7a82-17638cdf5ec1@linux.intel.com>
 <CAA03e5EDGdD05+PQsfv+b3ce_4SaMrmXsVGq292D2Gxjs6Xr8A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
In-Reply-To: <CAA03e5EDGdD05+PQsfv+b3ce_4SaMrmXsVGq292D2Gxjs6Xr8A@mail.gmail.com>
Authentication-Results: imf27.hostedemail.com;
	dkim=none;
	spf=pass (imf27.hostedemail.com: domain of joro@8bytes.org designates 81.169.241.247 as permitted sender) smtp.mailfrom=joro@8bytes.org;
	dmarc=pass (policy=none) header.from=8bytes.org
X-Rspamd-Server: rspam05
X-Rspamd-Queue-Id: B8C607001F4B
X-Stat-Signature: afc53yj7cted1iko75cngwmd5fbaro1g
X-HE-Tag: 1627325727-778055
Content-Transfer-Encoding: quoted-printable
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Thu, Jul 22, 2021 at 10:31:27AM -0700, Marc Orr wrote:
> IMHO, we need to be completely certain that guest data cannot be
> compromised if we're going to remove the requirement that guest memory
> only be validated once in a certain state (e.g., from within a crash
> kernel). Perhaps it is the case that we're certain that guest data
> cannot be compromised from within a crash kernel -- but it's not what
> I read in the email exchange.

Right, at least SNP has a strict requirement that no memory could be
validated or invalidated twice without giving up security guarantees for
that memory.

Regards,

	J=F6rg