From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.1 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A, SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9F71C433ED for ; Tue, 6 Apr 2021 14:58:01 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 5F00C613C6 for ; Tue, 6 Apr 2021 14:58:01 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5F00C613C6 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id BBEC76B0073; Tue, 6 Apr 2021 10:57:59 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B6DE36B0080; Tue, 6 Apr 2021 10:57:59 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9E6ED6B0081; Tue, 6 Apr 2021 10:57:59 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0149.hostedemail.com [216.40.44.149]) by kanga.kvack.org (Postfix) with ESMTP id 7EBAD6B0073 for ; Tue, 6 Apr 2021 10:57:59 -0400 (EDT) Received: from smtpin13.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 2417775BB for ; Tue, 6 Apr 2021 14:57:59 +0000 (UTC) X-FDA: 78002247078.13.03D7667 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf24.hostedemail.com (Postfix) with ESMTP id 526EEA0003A5 for ; Tue, 6 Apr 2021 14:57:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1617721078; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JKDcOIFPZJ62VRJvhDT2hmTM6kAbID3Fjqmj7ekGUOQ=; b=EM7w4nLX3cp+vvBsuOSSU9rYk4Aws4P6J7ugJA+zQjOWsejnUnf4gzAyxYRBsS5mEo/P3v EZnhQZZi/wSqYLJKgxU58QOp3KQWIA0GtVP3qe0YVymw8PUxYJuOe1tvPsb6KYNCzLwdMK ZF4oWxqwitxkzDXmHXXvPBNiGmOldf0= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-254-UtF-KEdZMee-b0oXQVGlcA-1; Tue, 06 Apr 2021 10:57:54 -0400 X-MC-Unique: UtF-KEdZMee-b0oXQVGlcA-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 6C323E99C4; Tue, 6 Apr 2021 14:57:52 +0000 (UTC) Received: from [10.36.113.79] (ovpn-113-79.ams2.redhat.com [10.36.113.79]) by smtp.corp.redhat.com (Postfix) with ESMTP id 35E7A5D9D0; Tue, 6 Apr 2021 14:57:47 +0000 (UTC) To: Dave Hansen , "Kirill A. Shutemov" , Dave Hansen , Andy Lutomirski , Peter Zijlstra , Sean Christopherson , Jim Mattson Cc: David Rientjes , "Edgecombe, Rick P" , "Kleen, Andi" , "Yamahata, Isaku" , x86@kernel.org, kvm@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" References: <20210402152645.26680-1-kirill.shutemov@linux.intel.com> <20210402152645.26680-8-kirill.shutemov@linux.intel.com> <52518f09-7350-ebe9-7ddb-29095cd3a4d9@intel.com> From: David Hildenbrand Organization: Red Hat GmbH Subject: Re: [RFCv1 7/7] KVM: unmap guest memory using poisoned pages Message-ID: Date: Tue, 6 Apr 2021 16:57:46 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 MIME-Version: 1.0 In-Reply-To: <52518f09-7350-ebe9-7ddb-29095cd3a4d9@intel.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Rspamd-Queue-Id: 526EEA0003A5 X-Stat-Signature: fnozmho8utohkq7dfegsbymx5z7cqto8 X-Rspamd-Server: rspam02 Received-SPF: none (redhat.com>: No applicable sender policy available) receiver=imf24; identity=mailfrom; envelope-from=""; helo=us-smtp-delivery-124.mimecast.com; client-ip=170.10.133.124 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1617721075-344960 Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 06.04.21 16:33, Dave Hansen wrote: > On 4/6/21 12:44 AM, David Hildenbrand wrote: >> On 02.04.21 17:26, Kirill A. Shutemov wrote: >>> TDX architecture aims to provide resiliency against confidentiality a= nd >>> integrity attacks. Towards this goal, the TDX architecture helps enfo= rce >>> the enabling of memory integrity for all TD-private memory. >>> >>> The CPU memory controller computes the integrity check value (MAC) fo= r >>> the data (cache line) during writes, and it stores the MAC with the >>> memory as meta-data. A 28-bit MAC is stored in the ECC bits. >>> >>> Checking of memory integrity is performed during memory reads. If >>> integrity check fails, CPU poisones cache line. >>> >>> On a subsequent consumption (read) of the poisoned data by software, >>> there are two possible scenarios: >>> >>> =C2=A0 - Core determines that the execution can continue and it trea= ts >>> =C2=A0=C2=A0=C2=A0 poison with exception semantics signaled as a #MC= E >>> >>> =C2=A0 - Core determines execution cannot continue,and it does an un= breakable >>> =C2=A0=C2=A0=C2=A0 shutdown >>> >>> For more details, see Chapter 14 of Intel TDX Module EAS[1] >>> >>> As some of integrity check failures may lead to system shutdown host >>> kernel must not allow any writes to TD-private memory. This requirmen= t >>> clashes with KVM design: KVM expects the guest memory to be mapped in= to >>> host userspace (e.g. QEMU). >> >> So what you are saying is that if QEMU would write to such memory, it >> could crash the kernel? What a broken design. >=20 > IMNHO, the broken design is mapping the memory to userspace in the firs= t > place. Why the heck would you actually expose something with the MMU t= o > a context that can't possibly meaningfully access or safely write to it= ? I'd say the broken design is being able to crash the machine via a=20 simple memory write, instead of only crashing a single process in case=20 you're doing something nasty. From the evaluation of the problem it=20 feels like this was a CPU design workaround: instead of properly=20 cleaning up when it gets tricky within the core, just crash the machine.=20 And that's a CPU "feature", not a kernel "feature". Now we have to fix=20 broken HW in the kernel - once again. However, you raise a valid point: it does not make too much sense to to=20 map this into user space. Not arguing against that; but crashing the=20 machine is just plain ugly. I wonder: why do we even *want* a VMA/mmap describing that memory?=20 Sounds like: for hacking support for that memory type into QEMU/KVM. This all feels wrong, but I cannot really tell how it could be better.=20 That memory can really only be used (right now?) with hardware=20 virtualization from some point on. From that point on (right from the=20 start?), there should be no VMA/mmap/page tables for user space anymore. Or am I missing something? Is there still valid user space access? >=20 > This started with SEV. QEMU creates normal memory mappings with the SE= V > C-bit (encryption) disabled. The kernel plumbs those into NPT, but whe= n > those are instantiated, they have the C-bit set. So, we have mismatche= d > mappings. Where does that lead? The two mappings not only differ in > the encryption bit, causing one side to read gibberish if the other > writes: they're not even cache coherent. >=20 > That's the situation *TODAY*, even ignoring TDX. >=20 > BTW, I'm pretty sure I know the answer to the "why would you expose thi= s > to userspace" question: it's what QEMU/KVM did alreadhy for > non-encrypted memory, so this was the quickest way to get SEV working. >=20 Yes, I guess so. It was the fastest way to "hack" it into QEMU. Would we ever even want a VMA/mmap/process page tables for that memory?=20 How could user space ever do something *not so nasty* with that memory=20 (in the current context of VMs)? --=20 Thanks, David / dhildenb