From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73E74C7EE23 for ; Wed, 1 Mar 2023 22:59:50 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C605C6B0074; Wed, 1 Mar 2023 17:59:49 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id C101B6B0075; Wed, 1 Mar 2023 17:59:49 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AFE266B0078; Wed, 1 Mar 2023 17:59:49 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id A1BE96B0074 for ; Wed, 1 Mar 2023 17:59:49 -0500 (EST) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 7176480887 for ; Wed, 1 Mar 2023 22:59:49 +0000 (UTC) X-FDA: 80521848498.26.D78C2E9 Received: from mail-lf1-f46.google.com (mail-lf1-f46.google.com [209.85.167.46]) by imf27.hostedemail.com (Postfix) with ESMTP id 744444000D for ; Wed, 1 Mar 2023 22:59:47 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=dfpYmq2P; spf=pass (imf27.hostedemail.com: domain of zhi.wang.linux@gmail.com designates 209.85.167.46 as permitted sender) smtp.mailfrom=zhi.wang.linux@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1677711587; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=cq6JtszAd/uLsfuDjslZ5BwQBYc2QLNd/Q/ORRtI1lk=; b=mLPZPBlvaTYU7Qx2OcEGQUMWmVY2pY61MlL7nBSBxpp/9gTIIEooZoYoSDKIpN6Yiz7gjG Qg/GaqgAmjqG0rrMZ5OWsOLb7pm9ArU2V5Q4SIaCW1LG+snqnTzgzXPekdoYoFQoAWFO8K /TB/Z8+EZj63DdqJKjmpz61V7Hp4iao= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=dfpYmq2P; spf=pass (imf27.hostedemail.com: domain of zhi.wang.linux@gmail.com designates 209.85.167.46 as permitted sender) smtp.mailfrom=zhi.wang.linux@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1677711587; a=rsa-sha256; cv=none; b=QKmCMwVK3Til7eMHkBQvoaBy993qTzjQ6mKHZah4mNJDMzWjlCEDQ7it3yZ7DeW/60BP9r PldWYvxIoGVxBG2XrZzH8QVX2C60dqiXG9pyZ4Qsk7QVHSVOrz+nhPinHQaqwain01Vs1v bVtGgYhojUqaIm5GptqfLGVZWVgjFPs= Received: by mail-lf1-f46.google.com with SMTP id g17so19791300lfv.4 for ; Wed, 01 Mar 2023 14:59:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1677711585; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:date:from:from:to:cc:subject:date :message-id:reply-to; bh=cq6JtszAd/uLsfuDjslZ5BwQBYc2QLNd/Q/ORRtI1lk=; b=dfpYmq2PNG54SS8ia04DO+uL3grlthWKLD89howZ36X8GU27v5TLvRGdGW+t8dWOB4 Se8NRZNEsbPggEVS1ckF9FE1TZFkXtOyLkrFwtypJIpHPUOdcLQzxePKavB9l9/AEvqp gaULyNyQq8cgP8VfINqkq941ljoJP4C0A3rK4x6doXeHSGLbeK6ylBQaQTnv8e0EPLYG s9z7mFCZZbe7Wusc0nRDPIGi2yr7ynSL1Pm8WZuERUWU/DC3KpKVQ7auHgzdHVV9OXLJ 5P00d882SJsNjuG4uziCxFwDNg7Woq3O5MA7MtYov2N7EENwtWwvDiXkdIuC+twRxZDy /foA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1677711585; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cq6JtszAd/uLsfuDjslZ5BwQBYc2QLNd/Q/ORRtI1lk=; b=jgw86VEeBSofKQMd81D95kYORniCyJ5SJZKYuj1fwxVFsUAiEdHlMRSsWCwzcvEVSd xGz5/FBGU3/j/tjMRWD4IjejkUkiogR4XNrPdLkWWa810kg7OsYuJiNYv8VcZ8WZUf2q AHBlLRfiAtQ5Z18QmFNIYZsawjSBMt1UATq8vjUB2of3EBVyda37qwWsGwt7BIVjrsEu gNQw34N3SfuF/BdDuDFYVOgYM9R/XTmHNNQsMKqAI+Wp5w3hhEJhfO3iBj+QGf6XsUcH akLNp1AJyUzwnGrVZYHmjRH0f6XhuZTRIwuqftN2bfsbIyhjWoScQi5gd7js9beWixoB 5+0A== X-Gm-Message-State: AO0yUKUzGHyzAiugvyH6kBcYrzDYd5vd48SMMUDeuf+HE8TTLA8Xngie 6pvD9KBuND3yuO+e/middKs= X-Google-Smtp-Source: AK7set/BPYqdOnbeAKkU76dP9CqqweuXat20Hca70pdpT2iKMrvQVVaWiZHBqH7PbYNMVYfwqF/KoA== X-Received: by 2002:ac2:5197:0:b0:4b5:3e6e:382e with SMTP id u23-20020ac25197000000b004b53e6e382emr1951450lfi.4.1677711585446; Wed, 01 Mar 2023 14:59:45 -0800 (PST) Received: from localhost (88-115-161-74.elisa-laajakaista.fi. [88.115.161.74]) by smtp.gmail.com with ESMTPSA id h5-20020a05651211c500b004dc48d91061sm1892988lfr.304.2023.03.01.14.59.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Mar 2023 14:59:45 -0800 (PST) From: Zhi Wang X-Google-Original-From: Zhi Wang Date: Thu, 2 Mar 2023 00:59:43 +0200 To: Dave Hansen Cc: Michael Roth , kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, seanjc@google.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, dgilbert@redhat.com, jarkko@kernel.org, ashish.kalra@amd.com, nikunj.dadhania@amd.com Subject: Re: [PATCH RFC v8 00/56] Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support Message-ID: <20230302005943.00001a8e@intel.com> In-Reply-To: References: <20230220183847.59159-1-michael.roth@amd.com> X-Mailer: Claws Mail 4.1.0 (GTK 3.24.33; x86_64-w64-mingw32) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Stat-Signature: y6iygrocnuzin9cg8yzk4f7o879znwr6 X-Rspam-User: X-Rspamd-Queue-Id: 744444000D X-Rspamd-Server: rspam06 X-HE-Tag: 1677711587-173425 X-HE-Meta: U2FsdGVkX1/8pNiKI373qnyMeGe3gf04nRB9HW8cvmHyQEPaVly3U2wJ6MpPB8T9d8XVx+O9fBVZaINRgMkr8HflUKTHUC68pfd8TN8QK2yQx8FrKHKwc4shXz31WLWANA1WUE+gsSjRUZH5qo9jk7XGFrXgS63T8ybxcw7B7fxM2naLGVR+cHwkF7GpgEnO4N5iUuwf4qcOWyRseh58RegUl6+f4Y7OsvFNUiZAdd8cXZK86MakCVA3BamY1IEgruvNWhpxIcimN5fi8GpHnD5evnrA98d2YbkOpVh3VBofW9q+YBmR0qvdGJNMjq5apROcIziiodMRswxt0Ca/vUdV+DhBb+UgM1ky9m/+XUFuO6reib1yOLyadV3Pt63ip3M7HIYd/3HApqLnu8O7aNEy5t4jVNhKdo0lpr2AfnRO75GUN/1iqr2HG9+PxIEwyFEys1ZROjq0nKFcpvGO8HCqPA+ncbsNHi6jYvTljj+z6A03xsPpZk/+dSPJIIhIFuXPwUGSTcQ81Pyp+FeufONkFRY1tIM6qUWejrOwZsgo5m1dovrRf32hzKKP+/GelgHAdpdMRg6QvFx8zfkSLYnv3lZAhKF/ap0VsoC33N6cqXlXcjSpZG/6hrbfxqOY6yZLRUcbzlGc2cBPBCSAwPgMK1yWEzOY7td+XmLtpID7zZe9Ft2sCI4VcNHBKzK/t/toySYpU2KeKrdoixVhUQHKl4HCLKjqsBocYQVOGZeHcfBOBH5e7k4EY/de0gcoeYHIXsbk9yAv9gGCF9eXdO6pNpvKdA99uT1ViHx9Ttn/aoqo72KQjYqbgbgjKcMqevfUwdaS8BtYvh3pqHdf1MZHD1lsjhTopo6o8y59/U8lSJ9ZQcoMymfqTutaypW035iwov+fdcPHcikKyZs3biBfII8oFw7CV9RznHH1zRi+sxmaGvHstkTCSkttbBglYFqlmLfIZbk5L0hS5Zs lRhMJ1tK HxLDTv9CeB4OaiwRZKbD85fR1J2740PhFyu0zP1Xtee4eyV3oqnN5H6u3NqHRpfOJrypHJkN9PdheZASaguBqvfhrowcxT2H5uLXFVO3pcsmZIc3r46fSR/8huja1oB5VPMoYFoA6KRTwMxTNZ1I6I7JWMbmNtIWkpdIzmDA89rzo+6DsW8UiF2G0wmAsYY54SNV06QR+nVnN4dksVnMaxqmzatknkdsmhkdS7D168bG0my23arwMpa+X8m5L9LMgM7IRHbOg/9l+ZjL8+P4iYOtIz+JhYwXINIHAsHnwrKLjcMAIVnBtsN/QE1HsQm+rwqNJsC0xkhPh4qAhKujtLCsrshG9GwUbF6SVzFBwT1/gu7z8agx+C43d2JhHpxqUwhbeLt9yiD4uTqHk+miFFoMlQmXGF5gQUDuC3H/E/A0Cds2nHfFthhbw9O6ULsu2HFPMWC+I+qd6JeYeW6ig03jW84qoCaweDHx02egsTSZHJm0LTN8wAEVhOSt+HTi6EN+NQeifenGJQtiBCXLF+oONEQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, 1 Mar 2023 08:56:05 -0800 Dave Hansen wrote: > On 2/20/23 10:37, Michael Roth wrote: > > The RMP check is enforced as soon as SEV-SNP is enabled. Not every memory > > access requires an RMP check. In particular, the read accesses from the > > hypervisor do not require RMP checks because the data confidentiality is > > already protected via memory encryption. When hardware encounters an RMP > > checks failure, it raises a page-fault exception. If RMP check failure > > is due to the page-size mismatch, then split the large page to resolve > > the fault. > > What does this all _mean_? > Unlike TDX which implements secure EPT to hold the restricted memory mapping, SEV-SNP is still using one NPT (similar to Intel EPT) while adding another level of HW-enforced check controlled by the "RMP" table. Similar to TDX, it has firmware calls to modify the attributes in the RMP table to achieve isolation and shared-private memory conversion. The purpose and structure of RMP is quite similar to the PAMT table in TDX from the perspective of managing the per-page attributes. Each system page has a collection of attribute bits. But TDX only uses the PAMT as metadata as it has a separate secure EPT to achieve HW-enforced check. The RMP memory access checks has its own schematics. E.g. data write, page table access from VMM will be checked, but data read is not, mostly I guess, due to performance consideration. More details can be found from Table 15-39. RMP Memory Access Checks in [1]. > When does the kernel need to care about a "page-size mismatch"? The RMP table has the ability to describe a large page (similar to a large page with a description of large-page PAMT entry in TDX that can be demoted via TDX SEAMCALLs). E.g. 2MB page. When the userspace sets the memory attribute of a GFN range through the restricted memory ioctl, the sev logic (sev_update_mem_attr() in PATCH 48, to be precise) will try to build a large page description in the RMP table if the PFNs are continuous. When kernel mm breaks the the large page due to THP, KVM updates the NPT accordingly. Then there will be a page-size mismatch between NPT and RMP. It will be resolved by a RMP fault later. Kinda of lazy sync. [1] https://www.amd.com/system/files/TechDocs/24593.pdf