From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7C6B5C433B4 for ; Thu, 22 Apr 2021 14:36:40 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id BCD8861435 for ; Thu, 22 Apr 2021 14:36:39 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BCD8861435 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id DE6936B006C; Thu, 22 Apr 2021 10:36:38 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DBE956B006E; Thu, 22 Apr 2021 10:36:38 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C5E286B0070; Thu, 22 Apr 2021 10:36:38 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0054.hostedemail.com [216.40.44.54]) by kanga.kvack.org (Postfix) with ESMTP id A55816B006C for ; Thu, 22 Apr 2021 10:36:38 -0400 (EDT) Received: from smtpin25.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 514234DCD for ; Thu, 22 Apr 2021 14:36:38 +0000 (UTC) X-FDA: 78060254076.25.9584778 Received: from mail-vk1-f172.google.com (mail-vk1-f172.google.com [209.85.221.172]) by imf21.hostedemail.com (Postfix) with ESMTP id 2F250E000122 for ; Thu, 22 Apr 2021 14:36:35 +0000 (UTC) Received: by mail-vk1-f172.google.com with SMTP id u200so7302434vku.3 for ; Thu, 22 Apr 2021 07:36:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=GR8P6grrgB3ruOkM69G+4yKFVdAdfJxp2iiL3+XxziA=; b=SQf0wC9CJvMOB8pFyT3KrisZwvQ+yvrp0Xt/8dDvabcTCj2hf2KUmlVdk3VtEzHlz7 J4inyZ5isJE1XxSbpUP2+BSPpHS/5eV697c/RLrwzFCQzCn5EdQ99MWEEjRSHculFL5P zwIWATBEuGR+iXRgqwZCy3KojPJ15BOQDD4FPWeLLI4vyc1L5cqljjiLkp4hHNn8+ohP Qxaysor7W6+gzjS8ltHNu1Mgz3HuRTuBRp8D40nxarNd0s8q5tcG3+ZiupOShJKqGs/1 HjMrFih3kZhJh3aM65EiGg2HLzpuev5s5OcanU8ciUu4pNgRlhrL6l+Uo63cbO2VJ+X+ 2r+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=GR8P6grrgB3ruOkM69G+4yKFVdAdfJxp2iiL3+XxziA=; b=Gdji0Od8wlDVYg//3VT0fHMBq6GfUqTQHXSXkufk9Wr/STBVMIi5/nCA9XDTkdjZkN U563BWXgA6O1wv7sT1kjTCbuwx/17dKQOJJG0KHA/qBEMGPnoOKRZ/BTzZiV4NlFP4Rp h3pwj+ctjPVIgsnpnojzOWqAO1YzMgT3oY9RHp/56jgIdc4wZruQtrb1hehybC5so+iu l0/aJ9ni9LoRAHajjAbQcaV46u+FSup2Vr18GN7wcdOvoLVj6Td9SwPRBiYL0NnotX3S BeY3Nn5H9GSRzvIKVW8nvRTalgI+nF+ZxWiaFovIpUQbMftj3zM03RAQCv+Be3eaGa/+ djiA== X-Gm-Message-State: AOAM532Lm3mJ39qPo0It4svg9stPuVpaKEcUm3uOoNcVHtLZVrclDi8Q OM+YxER5yvTx9HvKYO5szdxwYIziDXBI0kvoBYdSWw== X-Google-Smtp-Source: ABdhPJw2/4Q0etYHJIX8SUZrn0cxC9aDLUykjju5XsssaMG4RXKlwNRaWAk8OwmetWkgN7dTRMyHRiyfGopnQ57nIvs= X-Received: by 2002:a1f:53c7:: with SMTP id h190mr3106831vkb.19.1619102196901; Thu, 22 Apr 2021 07:36:36 -0700 (PDT) MIME-Version: 1.0 From: Jue Wang Date: Thu, 22 Apr 2021 07:36:25 -0700 Message-ID: Subject: Re: [RFCv2 00/13] TDX and guest memory unmapping To: kirill.shutemov@linux.intel.com Cc: andi.kleen@intel.com, dave.hansen@linux.intel.com, david@redhat.com, erdemaktas@google.com, isaku.yamahata@intel.com, jmattson@google.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, luto@kernel.org, peterz@infradead.org, pgonda@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, seanjc@google.com, srutherford@google.com, x86@kernel.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 2F250E000122 X-Stat-Signature: q35caaobzdp1ojujs1hyput3to1i3hot Received-SPF: none (google.com>: No applicable sender policy available) receiver=imf21; identity=mailfrom; envelope-from=""; helo=mail-vk1-f172.google.com; client-ip=209.85.221.172 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1619102195-114785 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, 16 Apr 2021 18:40:53 +0300, Kirill A. Shutemov wrote: > TDX integrity check failures may lead to system shutdown host kernel must > not allow any writes to TD-private memory. This requirment clashes with > KVM design: KVM expects the guest memory to be mapped into host userspace > (e.g. QEMU). > This patchset aims to start discussion on how we can approach the issue. Hi Kirill, Some potential food for thought: Repurpose Linux page hwpoison semantics for TDX-private memory protection is smart, however, treating PG_hwpoison or hwpoison swap pte differently when kvm->mem_protected=true implicitly disabled the original capability of page hwpoison: protecting the whole system from known corrupted physical memory and giving user space applications an opportunity to recover from physical memory corruptions. Have you considered introducing a set of similar but independent page/pte semantics for TDX private memory protection purpose? Best regards, -Jue