From: Sean Christopherson <seanjc@google.com>
To: Yan Zhao <yan.y.zhao@intel.com>
Cc: Rick P Edgecombe <rick.p.edgecombe@intel.com>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
Kai Huang <kai.huang@intel.com>,
"ackerleytng@google.com" <ackerleytng@google.com>,
Vishal Annapurve <vannapurve@google.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Ira Weiny <ira.weiny@intel.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"michael.roth@amd.com" <michael.roth@amd.com>
Subject: Re: [RFC PATCH v2 05/18] KVM: TDX: Drop superfluous page pinning in S-EPT management
Date: Tue, 2 Sep 2025 10:33:10 -0700 [thread overview]
Message-ID: <aLcqVtqxrKtzziK-@google.com> (raw)
In-Reply-To: <aLT2FwlMySKVYP1i@yzhao56-desk.sh.intel.com>
On Mon, Sep 01, 2025, Yan Zhao wrote:
> On Sat, Aug 30, 2025 at 03:53:24AM +0800, Edgecombe, Rick P wrote:
> > On Thu, 2025-08-28 at 17:06 -0700, Sean Christopherson wrote:
> > > From: Yan Zhao <yan.y.zhao@intel.com>
> > > When S-EPT zapping errors occur, KVM_BUG_ON() is invoked to kick off all
> > > vCPUs and mark the VM as dead. Although there is a potential window that a
> > > private page mapped in the S-EPT could be reallocated and used outside the
> > > VM, the loud warning from KVM_BUG_ON() should provide sufficient debug
> > > information.
> ...
> > Yan, can you clarify what you mean by "there could be a small window"? I'm
> > thinking this is a hypothetical window around vm_dead races? Or more concrete? I
> > *don't* want to re-open the debate on whether to go with this approach, but I
> > think this is a good teaching edge case to settle on how we want to treat
> > similar issues. So I just want to make sure we have the justification right.
> I think this window isn't hypothetical.
>
> 1. SEAMCALL failure in tdx_sept_remove_private_spte().
But tdx_sept_remove_private_spte() failing is already a hypothetical scenario.
> KVM_BUG_ON() sets vm_dead and kicks off all vCPUs.
> 2. guest_memfd invalidation completes. memory is freed.
> 3. VM gets killed.
>
> After 2, the page is still mapped in the S-EPT, but it could potentially be
> reallocated and used outside the VM.
>
> >From the TDX module and hardware's perspective, the mapping in the S-EPT for
> this page remains valid. So, I'm uncertain if the TDX module might do something
> creative to access the guest page after 2.
>
> Besides, a cache flush after 2 can essentially cause a memory write to the page.
> Though we could invoke tdh_phymem_page_wbinvd_hkid() after the KVM_BUG_ON(), the
> SEAMCALL itself can fail.
I think this falls into the category of "don't screw up" flows. Failure to remove
a private SPTE is a near-catastrophic error. Going out of our way to reduce the
impact of such errors increases complexity without providing much in the way of
value.
E.g. if VMCLEAR fails, KVM WARNs but continues on and hopes for the best, even
though there's a decent chance failure to purge the VMCS cache entry could be
lead to UAF-like problems. To me, this is largely the same.
If anything, we should try to prevent #2, e.g. by marking the entire guest_memfd
as broken or something, and then deliberately leaking _all_ pages.
next prev parent reply other threads:[~2025-09-02 17:33 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-29 0:06 [RFC PATCH v2 00/18] KVM: x86/mmu: TDX post-populate cleanups Sean Christopherson
2025-08-29 0:06 ` [RFC PATCH v2 01/18] KVM: TDX: Drop PROVE_MMU=y sanity check on to-be-populated mappings Sean Christopherson
2025-08-29 6:20 ` Binbin Wu
2025-08-29 0:06 ` [RFC PATCH v2 02/18] KVM: x86/mmu: Add dedicated API to map guest_memfd pfn into TDP MMU Sean Christopherson
2025-08-29 18:34 ` Edgecombe, Rick P
2025-08-29 20:27 ` Sean Christopherson
2025-08-29 0:06 ` [RFC PATCH v2 03/18] Revert "KVM: x86/tdp_mmu: Add a helper function to walk down the TDP MMU" Sean Christopherson
2025-08-29 19:00 ` Edgecombe, Rick P
2025-08-29 0:06 ` [RFC PATCH v2 04/18] KVM: x86/mmu: Rename kvm_tdp_map_page() to kvm_tdp_page_prefault() Sean Christopherson
2025-08-29 19:03 ` Edgecombe, Rick P
2025-08-29 0:06 ` [RFC PATCH v2 05/18] KVM: TDX: Drop superfluous page pinning in S-EPT management Sean Christopherson
2025-08-29 8:36 ` Binbin Wu
2025-08-29 19:53 ` Edgecombe, Rick P
2025-08-29 20:19 ` Sean Christopherson
2025-08-29 21:54 ` Edgecombe, Rick P
2025-08-29 22:02 ` Sean Christopherson
2025-08-29 22:17 ` Edgecombe, Rick P
2025-08-29 22:58 ` Sean Christopherson
2025-08-29 22:59 ` Edgecombe, Rick P
2025-09-01 1:25 ` Yan Zhao
2025-09-02 17:33 ` Sean Christopherson [this message]
2025-09-02 18:55 ` Edgecombe, Rick P
2025-08-29 0:06 ` [RFC PATCH v2 06/18] KVM: TDX: Return -EIO, not -EINVAL, on a KVM_BUG_ON() condition Sean Christopherson
2025-08-29 9:40 ` Binbin Wu
2025-08-29 16:58 ` Ira Weiny
2025-08-29 19:59 ` Edgecombe, Rick P
2025-08-29 0:06 ` [RFC PATCH v2 07/18] KVM: TDX: Fold tdx_sept_drop_private_spte() into tdx_sept_remove_private_spte() Sean Christopherson
2025-08-29 9:49 ` Binbin Wu
2025-08-29 0:06 ` [RFC PATCH v2 08/18] KVM: x86/mmu: Drop the return code from kvm_x86_ops.remove_external_spte() Sean Christopherson
2025-08-29 9:52 ` Binbin Wu
2025-08-29 0:06 ` [RFC PATCH v2 09/18] KVM: TDX: Avoid a double-KVM_BUG_ON() in tdx_sept_zap_private_spte() Sean Christopherson
2025-08-29 9:52 ` Binbin Wu
2025-08-29 0:06 ` [RFC PATCH v2 10/18] KVM: TDX: Use atomic64_dec_return() instead of a poor equivalent Sean Christopherson
2025-08-29 10:06 ` Binbin Wu
2025-08-29 0:06 ` [RFC PATCH v2 11/18] KVM: TDX: Fold tdx_mem_page_record_premap_cnt() into its sole caller Sean Christopherson
2025-09-02 22:46 ` Edgecombe, Rick P
2025-08-29 0:06 ` [RFC PATCH v2 12/18] KVM: TDX: Bug the VM if extended the initial measurement fails Sean Christopherson
2025-08-29 8:18 ` Yan Zhao
2025-08-29 18:16 ` Edgecombe, Rick P
2025-08-29 20:11 ` Sean Christopherson
2025-08-29 22:39 ` Edgecombe, Rick P
2025-08-29 23:15 ` Edgecombe, Rick P
2025-08-29 23:18 ` Sean Christopherson
2025-09-02 9:24 ` Yan Zhao
2025-09-02 17:04 ` Sean Christopherson
2025-09-03 0:18 ` Edgecombe, Rick P
2025-09-03 3:34 ` Yan Zhao
2025-09-03 9:19 ` Yan Zhao
2025-08-29 0:06 ` [RFC PATCH v2 13/18] KVM: TDX: ADD pages to the TD image while populating mirror EPT entries Sean Christopherson
2025-08-29 23:42 ` Edgecombe, Rick P
2025-09-02 17:09 ` Sean Christopherson
2025-08-29 0:06 ` [RFC PATCH v2 14/18] KVM: TDX: Fold tdx_sept_zap_private_spte() into tdx_sept_remove_private_spte() Sean Christopherson
2025-09-02 17:31 ` Edgecombe, Rick P
2025-08-29 0:06 ` [RFC PATCH v2 15/18] KVM: TDX: Combine KVM_BUG_ON + pr_tdx_error() into TDX_BUG_ON() Sean Christopherson
2025-08-29 9:03 ` Binbin Wu
2025-08-29 14:19 ` Sean Christopherson
2025-09-01 1:46 ` Binbin Wu
2025-09-02 18:55 ` Edgecombe, Rick P
2025-08-29 0:06 ` [RFC PATCH v2 16/18] KVM: TDX: Derive error argument names from the local variable names Sean Christopherson
2025-08-30 0:00 ` Edgecombe, Rick P
2025-08-29 0:06 ` [RFC PATCH v2 17/18] KVM: TDX: Assert that mmu_lock is held for write when removing S-EPT entries Sean Christopherson
2025-08-29 0:06 ` [RFC PATCH v2 18/18] KVM: TDX: Add macro to retry SEAMCALLs when forcing vCPUs out of guest Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aLcqVtqxrKtzziK-@google.com \
--to=seanjc@google.com \
--cc=ackerleytng@google.com \
--cc=ira.weiny@intel.com \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=vannapurve@google.com \
--cc=yan.y.zhao@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).