From: Dave Hansen <dave.hansen@intel.com>
To: Sean Christopherson <seanjc@google.com>
Cc: Alexey Gladkov <legion@kernel.org>,
linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Andrew Morton <akpm@linux-foundation.org>,
Yuan Yao <yuan.yao@intel.com>,
Geert Uytterhoeven <geert@linux-m68k.org>,
Yuntao Wang <ytcoode@gmail.com>, Kai Huang <kai.huang@intel.com>,
Baoquan He <bhe@redhat.com>, Oleg Nesterov <oleg@redhat.com>,
cho@microsoft.com, decui@microsoft.com,
John.Starks@microsoft.com, Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH v6 0/6] x86/tdx: Allow MMIO instructions from userspace
Date: Wed, 11 Sep 2024 08:38:15 -0700 [thread overview]
Message-ID: <d3895e03-bdfc-4f2a-a1c4-b2c95a098fb5@intel.com> (raw)
In-Reply-To: <ZttwkLP74TrQgVtL@google.com>
On 9/6/24 14:13, Sean Christopherson wrote:
> Ditto for what behavior is supported/allowed. The kernel could choose to disallow
> userspace MMIO entirely, limit what instructions are supported, etc, in the name
> of security, simplicity, or whatever. Doing so would likely cause friction with
> folks that want to run their workloads in an SNP/TDX VM, but that friction is very
> much with the guest kernel, not with KVM.
I think by "guest kernel" you really mean "x86 maintainers". Thanks for
throwing us under the bus, Sean. ;)
I do agree with you, though. In the process of taking the VMM out of
the TCB, confidential computing has to fill the gap with _something_ and
that something is usually arch-specific code in the guest kernel.
By dragging the KVM folks in here, I was less asking what KVM does per
se and more asking for some advice from the experienced VMM folks.
> FWIW, emulating MMIO that isn't controlled by the kernel gets to be a bit of a
> slippery slope, e.g. there are KVM patches on the list to support emulating AVX
> instructions[*]. But, a major use case of any hypervisor is to lift-and-shift
> workloads, and so KVM users, developers, and maintainers are quite motivated to
> ensure that anything that works on bare metal also works on KVM.
Do you have a link for that AVX discussion? I searched a bit but came
up empty.
The slippery slope is precisely what I'm worried about. I suspect the
AVX instructions are a combination of compilers that are increasingly
happy to spit out AVX and users who just want to use whatever the
compiler spits out on "pointers" in their apps that just happen to be
pointed at MMIO.
But before we start digging in to avoid the slippery slope, we really do
need to know more about the friction. Who are we causing it for and how
bad is it for them?
next prev parent reply other threads:[~2024-09-11 15:38 UTC|newest]
Thread overview: 109+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-30 17:35 [PATCH v1 0/4] x86/tdx: Allow MMIO instructions from userspace Alexey Gladkov (Intel)
2024-07-30 17:35 ` [PATCH v1 1/4] x86/tdx: Split MMIO read and write operations Alexey Gladkov (Intel)
2024-07-30 18:31 ` Thomas Gleixner
2024-08-05 12:48 ` Alexey Gladkov
2024-07-30 17:35 ` [PATCH v1 2/4] x86/tdx: Add validation of userspace MMIO instructions Alexey Gladkov (Intel)
2024-07-30 18:34 ` Thomas Gleixner
2024-08-02 7:41 ` Kirill A. Shutemov
2024-08-05 12:50 ` Alexey Gladkov
2024-07-30 17:35 ` [PATCH v1 3/4] x86/tdx: Allow MMIO from userspace Alexey Gladkov (Intel)
2024-07-30 18:36 ` Thomas Gleixner
2024-07-30 17:35 ` [PATCH v1 4/4] x86/tdx: Implement movs for MMIO Alexey Gladkov (Intel)
2024-07-30 18:41 ` Thomas Gleixner
2024-08-05 12:51 ` Alexey Gladkov
2024-08-05 13:29 ` [PATCH v2 0/5] x86/tdx: Allow MMIO instructions from userspace Alexey Gladkov (Intel)
2024-08-05 13:29 ` [PATCH v2 1/5] x86/tdx: Split MMIO read and write operations Alexey Gladkov (Intel)
2024-08-05 13:29 ` [PATCH v2 2/5] x86/tdx: Add validation of userspace MMIO instructions Alexey Gladkov (Intel)
2024-08-05 22:40 ` Edgecombe, Rick P
2024-08-06 7:18 ` kirill.shutemov
2024-08-06 11:11 ` Alexey Gladkov
2024-08-06 11:41 ` Reshetova, Elena
2024-08-08 15:56 ` Alexey Gladkov
2024-08-08 15:53 ` Alexey Gladkov
2024-08-08 15:42 ` [PATCH v3 6/7] x86/tdx: Add a restriction on access to MMIO address Alexey Gladkov (Intel)
2024-08-08 15:42 ` [PATCH v3 7/7] x86/tdx: Avoid crossing the page boundary Alexey Gladkov (Intel)
2024-08-05 13:29 ` [PATCH v2 3/5] x86/tdx: Allow MMIO from userspace Alexey Gladkov (Intel)
2024-08-05 13:29 ` [PATCH v2 4/5] x86/tdx: Move MMIO helpers to common library Alexey Gladkov (Intel)
2024-08-05 13:29 ` [PATCH v2 5/5] x86/tdx: Implement movs for MMIO Alexey Gladkov (Intel)
2024-08-08 13:48 ` Tom Lendacky
2024-08-08 15:42 ` Alexey Gladkov
2024-08-08 16:53 ` Alexey Gladkov
2024-08-16 13:43 ` [PATCH v3 00/10] x86/tdx: Allow MMIO instructions from userspace Alexey Gladkov
2024-08-16 13:43 ` [PATCH v3 01/10] x86/tdx: Split MMIO read and write operations Alexey Gladkov
2024-08-19 10:19 ` Kirill A. Shutemov
2024-08-16 13:43 ` [PATCH v3 02/10] x86/tdx: Add validation of userspace MMIO instructions Alexey Gladkov
2024-08-19 10:39 ` Kirill A. Shutemov
2024-08-19 11:48 ` Alexey Gladkov
2024-08-19 12:07 ` Kirill A. Shutemov
2024-08-19 12:39 ` Alexey Gladkov
2024-08-16 13:43 ` [PATCH v3 03/10] x86/tdx: Allow MMIO from userspace Alexey Gladkov
2024-08-19 10:46 ` Kirill A. Shutemov
2024-08-19 11:50 ` Alexey Gladkov
2024-08-16 13:43 ` [PATCH v3 04/10] x86/insn: Read and decode insn without crossing the page boundary Alexey Gladkov
2024-08-17 3:28 ` kernel test robot
2024-08-19 10:48 ` Kirill A. Shutemov
2024-08-19 11:56 ` Alexey Gladkov
2024-08-19 12:08 ` Kirill A. Shutemov
2024-08-16 13:43 ` [PATCH v3 05/10] x86/tdx: Avoid " Alexey Gladkov
2024-08-16 13:43 ` [PATCH v3 06/10] x86/sev: " Alexey Gladkov
2024-08-16 13:43 ` [PATCH v3 07/10] x86/umip: " Alexey Gladkov
2024-08-16 13:43 ` [PATCH v3 08/10] x86/tdx: Add a restriction on access to MMIO address Alexey Gladkov
2024-08-16 13:43 ` [PATCH v3 09/10] x86/tdx: Move MMIO helpers to common library Alexey Gladkov
2024-08-16 13:44 ` [PATCH v3 10/10] x86/tdx: Implement movs for MMIO Alexey Gladkov
2024-08-21 14:24 ` [PATCH v4 0/6] x86/tdx: Allow MMIO instructions from userspace Alexey Gladkov
2024-08-21 14:24 ` [PATCH v4 1/6] x86/tdx: Split MMIO read and write operations Alexey Gladkov
2024-08-21 14:24 ` [PATCH v4 2/6] x86/tdx: Add validation of userspace MMIO instructions Alexey Gladkov
2024-08-22 7:16 ` Kirill A. Shutemov
2024-08-21 14:24 ` [PATCH v4 3/6] x86/tdx: Allow MMIO from userspace Alexey Gladkov
2024-08-22 7:18 ` Kirill A. Shutemov
2024-08-21 14:24 ` [PATCH v4 4/6] x86/tdx: Add a restriction on access to MMIO address Alexey Gladkov
2024-08-22 8:18 ` Kirill A. Shutemov
2024-08-21 14:24 ` [PATCH v4 5/6] x86/tdx: Move MMIO helpers to common library Alexey Gladkov
2024-08-22 8:23 ` Kirill A. Shutemov
2024-08-21 14:24 ` [PATCH v4 6/6] x86/tdx: Implement movs for MMIO Alexey Gladkov
2024-08-22 8:28 ` Kirill A. Shutemov
2024-08-24 16:57 ` Alexey Gladkov
2024-08-28 10:44 ` [PATCH v5 0/6] x86/tdx: Allow MMIO instructions from userspace Alexey Gladkov
2024-08-28 10:44 ` [PATCH v5 1/6] x86/tdx: Split MMIO read and write operations Alexey Gladkov
2024-08-28 10:44 ` [PATCH v5 2/6] x86/tdx: Add validation of userspace MMIO instructions Alexey Gladkov
2024-08-28 10:44 ` [PATCH v5 3/6] x86/tdx: Allow MMIO from userspace Alexey Gladkov
2024-08-28 10:44 ` [PATCH v5 4/6] x86/tdx: Add a restriction on access to MMIO address Alexey Gladkov
2024-08-29 12:30 ` Kirill A. Shutemov
2024-08-28 10:44 ` [PATCH v5 5/6] x86/tdx: Move MMIO helpers to common library Alexey Gladkov
2024-08-28 10:44 ` [PATCH v5 6/6] x86/tdx: Implement MOVS for MMIO Alexey Gladkov
2024-08-29 12:44 ` Kirill A. Shutemov
2024-08-29 18:40 ` Alexey Gladkov
2024-09-09 9:17 ` Kirill A. Shutemov
2024-09-06 11:49 ` [PATCH v6 0/6] x86/tdx: Allow MMIO instructions from userspace Alexey Gladkov
2024-09-06 11:49 ` [PATCH v6 1/6] x86/tdx: Fix "in-kernel MMIO" check Alexey Gladkov
2024-09-10 19:54 ` Dave Hansen
2024-09-11 12:08 ` Alexey Gladkov
2024-09-11 13:03 ` Kirill A. Shutemov
2024-09-10 19:59 ` Kirill A. Shutemov
2024-09-06 11:50 ` [PATCH v6 2/6] x86/tdx: Split MMIO read and write operations Alexey Gladkov
2024-09-06 11:50 ` [PATCH v6 3/6] x86/tdx: Add validation of userspace MMIO instructions Alexey Gladkov
2024-09-06 11:50 ` [PATCH v6 4/6] x86/tdx: Allow MMIO from userspace Alexey Gladkov
2024-09-06 11:50 ` [PATCH v6 5/6] x86/tdx: Move MMIO helpers to common library Alexey Gladkov
2024-09-09 9:19 ` Kirill A. Shutemov
2024-09-06 11:50 ` [PATCH v6 6/6] x86/tdx: Implement MOVS for MMIO Alexey Gladkov
2024-09-09 9:24 ` Kirill A. Shutemov
2024-09-06 16:19 ` [PATCH v6 0/6] x86/tdx: Allow MMIO instructions from userspace Dave Hansen
2024-09-06 21:13 ` Sean Christopherson
2024-09-11 15:38 ` Dave Hansen [this message]
2024-09-11 16:19 ` Sean Christopherson
2024-09-12 9:45 ` Kirill A. Shutemov
2024-09-12 15:49 ` Dave Hansen
2024-09-13 15:53 ` Kirill A. Shutemov
2024-09-13 16:01 ` Dave Hansen
2024-09-13 16:28 ` Sean Christopherson
2024-09-13 16:47 ` Dave Hansen
2024-09-13 17:39 ` Sean Christopherson
2024-09-13 17:05 ` [PATCH v7 " Alexey Gladkov
2024-09-13 17:05 ` [PATCH v7 1/6] x86/tdx: Fix "in-kernel MMIO" check Alexey Gladkov
2024-09-13 17:18 ` Dave Hansen
2024-09-13 17:23 ` Dave Hansen
2024-09-13 17:05 ` [PATCH v7 2/6] x86/tdx: Split MMIO read and write operations Alexey Gladkov
2024-09-13 17:05 ` [PATCH v7 3/6] x86/tdx: Add validation of userspace MMIO instructions Alexey Gladkov
2024-09-13 17:05 ` [PATCH v7 4/6] x86/tdx: Allow MMIO from userspace Alexey Gladkov
2024-09-13 17:06 ` [PATCH v7 5/6] x86/tdx: Move MMIO helpers to common library Alexey Gladkov
2024-09-13 17:06 ` [PATCH v7 6/6] x86/tdx: Implement MOVS for MMIO Alexey Gladkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d3895e03-bdfc-4f2a-a1c4-b2c95a098fb5@intel.com \
--to=dave.hansen@intel.com \
--cc=John.Starks@microsoft.com \
--cc=akpm@linux-foundation.org \
--cc=bhe@redhat.com \
--cc=bp@alien8.de \
--cc=cho@microsoft.com \
--cc=dave.hansen@linux.intel.com \
--cc=decui@microsoft.com \
--cc=geert@linux-m68k.org \
--cc=hpa@zytor.com \
--cc=kai.huang@intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=legion@kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=oleg@redhat.com \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=ytcoode@gmail.com \
--cc=yuan.yao@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).