From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 936DEC433FE for ; Fri, 12 Nov 2021 19:48:24 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 310CB610A2 for ; Fri, 12 Nov 2021 19:48:24 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 310CB610A2 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 4DA986B0075; Fri, 12 Nov 2021 14:48:23 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 48BE06B0078; Fri, 12 Nov 2021 14:48:23 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 351F06B007B; Fri, 12 Nov 2021 14:48:23 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0252.hostedemail.com [216.40.44.252]) by kanga.kvack.org (Postfix) with ESMTP id 269DC6B0075 for ; Fri, 12 Nov 2021 14:48:23 -0500 (EST) Received: from smtpin07.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id D8C017FABD for ; Fri, 12 Nov 2021 19:48:22 +0000 (UTC) X-FDA: 78801314844.07.28F8065 Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by imf15.hostedemail.com (Postfix) with ESMTP id 63DBED0000A9 for ; Fri, 12 Nov 2021 19:48:08 +0000 (UTC) Received: by mail-pl1-f178.google.com with SMTP id o14so9260241plg.5 for ; Fri, 12 Nov 2021 11:48:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=zr5FgjktMhow+NOFcAQVViEc+ANJI2M0r6r48QGgVI4=; b=ju07XZYoPBdZerGoypJVNunlreP0szj3eP3wBUKtjj3PgeSmreG3NLWofDNDwV6K29 FsSfNhHPjnLQwrYJbcInKVbPImCmeaSbNg1PrGgCt/txR88PNm1nU0RTbPjM3JdC3wf3 uZ85zCueTnCAB+k9Pw+WeIIKYWLJn2vZxUaWaMXx1CvRCQcsZjqW9kwUlCANJLD9YPbf TOq6qB/AcWNguhQgpAU6PKmtZwvGrzVt2V5i98njwxtUv/Qc7NCreMhve1otMefuO7y8 W2WfbjoI5XZ/n45uufMVitUf7PZW+0Okf36r5AIHuD1vpBBTL6m1a0mtY/OWfjjaOpfP oGnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=zr5FgjktMhow+NOFcAQVViEc+ANJI2M0r6r48QGgVI4=; b=jucLKxEOpz3MJHmWEJG9HhoA/S+pMR3zuoj78m4EqcX1GrNohYEGAYF9/5finSEx5z EPmut16WZhQDTzpJAgRyf4WjUxVqNVIj88SF5eV2IsakXKhA7x1SmxPH0iYUPqDlc/IL vYR9qqm8RnJftW/aSjy169EzJrm7OFnzsmoCZb0WR4tLnBnTvSbLb9AOsshYkm6RqDbV oiLYS5K+Cv5XKeDmXLyRw2yYeraUpRj+LekEJcxG/YH/b/YRTjB9S6+2qEswV05KW3Oy 1qdkFEpQ/GNjfvTeDlgCZCa3pT35TvUymsTo/11RfDRIZ158ZvK+HW3mUzu36DtVQLc5 KWnQ== X-Gm-Message-State: AOAM530Ys/ZnxLZHauUe39I1MF4R2WLL+NaTa4joZid6rL+WRvFjOcnM evf8yTG+ZRSuKsquGu8kZWicbA== X-Google-Smtp-Source: ABdhPJy4Qx6b+7+ByFpOdO4v0MJjsrHOwn6ocVpZeRM8XbBpXpi+sLPnEs6oezsNOzfZQuqOUI4/kw== X-Received: by 2002:a17:90b:1b07:: with SMTP id nu7mr21351128pjb.140.1636746501253; Fri, 12 Nov 2021 11:48:21 -0800 (PST) Received: from google.com (157.214.185.35.bc.googleusercontent.com. [35.185.214.157]) by smtp.gmail.com with ESMTPSA id y6sm7644847pfi.154.2021.11.12.11.48.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 Nov 2021 11:48:20 -0800 (PST) Date: Fri, 12 Nov 2021 19:48:17 +0000 From: Sean Christopherson To: Borislav Petkov Cc: Dave Hansen , Peter Gonda , Brijesh Singh , x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com Subject: Re: [PATCH Part2 v5 00/45] Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support Message-ID: References: <20210820155918.7518-1-brijesh.singh@amd.com> <061ccd49-3b9f-d603-bafd-61a067c3f6fa@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 63DBED0000A9 X-Stat-Signature: u56if3nr1zzz3yus4w7994gskzjkzqnj Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=ju07XZYo; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf15.hostedemail.com: domain of seanjc@google.com designates 209.85.214.178 as permitted sender) smtp.mailfrom=seanjc@google.com X-HE-Tag: 1636746488-912323 Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, Nov 12, 2021, Borislav Petkov wrote: > On Fri, Nov 12, 2021 at 09:59:46AM -0800, Dave Hansen wrote: > > Or, is there some mechanism that prevent guest-private memory from be= ing > > accessed in random host kernel code? Or random host userspace code... > So I'm currently under the impression that random host->guest accesses > should not happen if not previously agreed upon by both. Key word "should". > Because, as explained on IRC, if host touches a private guest page, > whatever the host does to that page, the next time the guest runs, it'l= l > get a #VC where it will see that that page doesn't belong to it anymore > and then, out of paranoia, it will simply terminate to protect itself. >=20 > So cloud providers should have an interest to prevent such random stray > accesses if they wanna have guests. :) Yes, but IMO inducing a fault in the guest because of _host_ bug is wrong= . On Fri, Nov 12, 2021, Peter Gonda wrote: > Here is an alternative to the current approach: On RMP violation (host > or userspace) the page fault handler converts the page from private to > shared to allow the write to continue. This pulls from s390=E2=80=99s e= rror > handling which does exactly this. See =E2=80=98arch_make_page_accessibl= e()=E2=80=99. Ah, after further reading, s390 does _not_ do implicit private=3D>shared = conversions. s390's arch_make_page_accessible() is somewhat similar, but it is not a d= irect comparison. IIUC, it exports and integrity protects the data and thus pr= eserves the guest's data in an encrypted form, e.g. so that it can be swapped to = disk. And if the host corrupts the data, attempting to convert it back to secur= e on a subsequent guest access will fail. The host kernel's handling of the "convert to secure" failures doesn't ap= pear to be all that robust, e.g. it looks like there are multiple paths where the= error is dropped on the floor and the guest is resumed , but IMO soft hanging t= he guest=20 is still better than inducing a fault in the guest, and far better than p= otentially coercing the guest into reading corrupted memory ("spurious" PVALIDATE). = And s390's behavior is fixable since it's purely a host error handling problem. To truly make a page shared, s390 requires the guest to call into the ult= ravisor to make a page shared. And on the host side, the host can pin a page as = shared to prevent the guest from unsharing it while the host is accessing it as = a shared page. So, inducing #VC is similar in the sense that a malicious s390 can also D= oS itself, but is quite different in that (AFAICT) s390 does not create an attack su= rface where a malicious or buggy host userspace can induce faults in the guest, or wo= rst case in SNP, exploit a buggy guest into accepting and accessing corrupted data. It's also different in that s390 doesn't implicitly convert between share= d and private. Functionally, it doesn't really change the end result because a= buggy host that writes guest private memory will DoS the guest (by inducing a #= VC or corrupting exported data), but at least for s390 there's a sane, legitima= te use case for accessing guest private memory (swap and maybe migration?), wher= eas for SNP, IMO implicitly converting to shared on a host access is straight up = wrong. > Additionally it adds less complexity to the SNP kernel patches, and > requires no new ABI. I disagree, this would require "new" ABI in the sense that it commits KVM= to supporting SNP without requiring userspace to initiate any and all conver= sions between shared and private. Which in my mind is the big elephant in the = room: do we want to require new KVM (and kernel?) ABI to allow/force userspace = to explicitly declare guest private memory for TDX _and_ SNP, or just TDX?