From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6966BC27C5F for ; Fri, 7 Jun 2024 15:13:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=/C11drEpg6dV1pr5TwUCtPiQet9e4eunkc3N/nhK+iE=; b=eXr3Z+sAJLwfAv 74i2ckeX1W3gnGyzXTbyQI2u2FtskZ2ocNgOYuIR5xvGHej6+W7f8wy6SMnD+SCD71qL7uACAWeCf 4cmw0UPyoYN1ByJJovZf/wy8LskGS5RcYVVytCuI1V5BGrq900j1oFAxW4Z7mXL6Wtw1OiO6eieMe xuveBFnySJd7nzK8bR0WfcpYQzGZXTsjdqOygXfXmezKJzTfTuk+zuGqIfPjR9KBmEYuSX4V2nd+c BXTH1owDrqzUuaxWAAzi5Z1UrBqSzXuX9EARbEOeKxyYBxMJ1PQw5phNCYcVBiAN3HJwUlZKFh93K fngQbjx+Yrc9bB22g90g==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1sFbGx-0000000EdxN-0AR5; Fri, 07 Jun 2024 15:12:55 +0000 Received: from sin.source.kernel.org ([145.40.73.55]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1sFbGt-0000000EdwY-1QHG for linux-arm-kernel@lists.infradead.org; Fri, 07 Jun 2024 15:12:53 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 54333CE1D9C; Fri, 7 Jun 2024 15:12:49 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 37809C2BBFC; Fri, 7 Jun 2024 15:12:45 +0000 (UTC) Date: Fri, 7 Jun 2024 16:12:42 +0100 From: Catalin Marinas To: Michael Kelley Cc: Steven Price , "kvm@vger.kernel.org" , "kvmarm@lists.linux.dev" , Marc Zyngier , Will Deacon , James Morse , Oliver Upton , Suzuki K Poulose , Zenghui Yu , "linux-arm-kernel@lists.infradead.org" , "linux-kernel@vger.kernel.org" , Joey Gouly , Alexandru Elisei , Christoffer Dall , Fuad Tabba , "linux-coco@lists.linux.dev" , Ganapatrao Kulkarni Subject: Re: [PATCH v3 00/14] arm64: Support for running as a guest in Arm CCA Message-ID: References: <20240605093006.145492-1-steven.price@arm.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240607_081251_642467_83D4145E X-CRM114-Status: GOOD ( 25.48 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Fri, Jun 07, 2024 at 01:38:15AM +0000, Michael Kelley wrote: > From: Steven Price Sent: Wednesday, June 5, 2024 2:30 AM > > This series adds support for running Linux in a protected VM under the > > Arm Confidential Compute Architecture (CCA). This has been updated > > following the feedback from the v2 posting[1]. Thanks for the feedback! > > Individual patches have a change log for v3. > > > > The biggest change from v2 is fixing set_memory_{en,de}crypted() to > > perform a break-before-make sequence. Note that only the virtual address > > supplied is flipped between shared and protected, so if e.g. a vmalloc() > > address is passed the linear map will still point to the (now invalid) > > previous IPA. Attempts to access the wrong address may trigger a > > Synchronous External Abort. However any code which attempts to access > > the 'encrypted' alias after set_memory_decrypted() is already likely to > > be broken on platforms that implement memory encryption, so I don't > > expect problems. > > In the case of a vmalloc() address, load_unaligned_zeropad() could still > make an access to the underlying pages through the linear address. In > CoCo guests on x86, both the vmalloc PTE and the linear map PTE are > flipped, so the load_unaligned_zeropad() problem can occur only during > the transition between decrypted and encrypted. But even then, the > exception handlers have code to fixup this case and allow everything to > proceed normally. > > I haven't looked at the code in your patches, but do you handle that case, > or somehow prevent it? If we can guarantee that only full a vm_struct area is changed at a time, the vmap guard page would prevent this issue (not sure we can though). Otherwise I think we either change the set_memory_*() code to deal with the other mappings or we handle the exception. We also have potential user mappings, do we need to do anything about them? -- Catalin _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel