From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E6EA0C7EE23 for ; Tue, 16 May 2023 19:16:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 49E31900003; Tue, 16 May 2023 15:16:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 44D09900002; Tue, 16 May 2023 15:16:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 313FF900003; Tue, 16 May 2023 15:16:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 21152900002 for ; Tue, 16 May 2023 15:16:06 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id E1BAE160336 for ; Tue, 16 May 2023 19:16:05 +0000 (UTC) X-FDA: 80797073490.13.754EC5D Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by imf16.hostedemail.com (Postfix) with ESMTP id 910EB180013 for ; Tue, 16 May 2023 19:16:02 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=PbGqgZ5j; dmarc=pass (policy=none) header.from=intel.com; spf=none (imf16.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 134.134.136.20) smtp.mailfrom=kirill.shutemov@linux.intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1684264562; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=HhYNn3TCN5ueSKPyXqbhH5tr3hFiIJ3YGimjpIOMT8o=; b=xZVgjs7ROniLIHB6V7xsDTDkN/r6VuuxOF7ofv+JiM2QkO82PtUFQViH8K1b+XMKBfa//p Y9IPBeemEcGlfBpXJcWfEyrTgbpcmXLWKp/MerAO0zrs8nTAhKRL0wgOmfsUZNLzGCfLuI UCdQJOrvD/eyeVPKeiMfuJvSfb8MXWM= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=PbGqgZ5j; dmarc=pass (policy=none) header.from=intel.com; spf=none (imf16.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 134.134.136.20) smtp.mailfrom=kirill.shutemov@linux.intel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1684264562; a=rsa-sha256; cv=none; b=I/7F5ggr7rdWfZ27D9grwdTqjo6l50Hu3Z8QuwEIvBX5aEgHjtESk9BQ/wfwLrAiRFVhMR pMOKwACMQWdxsZyptIBUNL7UXSyDllNQnXQ5mdCpLg9dWYlv+n+A9/TFKmN1ZwyiZclOsO fSoRbSlL0ORwnGcBAmY6ES8UfzDWFhQ= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1684264562; x=1715800562; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=kFUQ6MboftdOLOEvZid5f2b59TWc3NhFgO6Ggzr+aXU=; b=PbGqgZ5jRtzNOsMzRMFHg3Bh7GYl8QQG1HIK7vkhn+Yrsvxjf2ixc6DD +fnqppEtoEylI4jW5uCXw47DRjjC/mjklyp3p8IIjAQKh9xXuX0Bswrqg EXkZHvKh6CeyMtgAwxwAVF/bfvyladPX/0lYLJhM06DAWZyFGgIwRBtql SsRsfz13uJy3TmNgNOHRTtdsjPF6nwmISefoVy2QVBX47vLEPXJcOzGlE 3a+coUzaWcgMV8QXpZtmVjc21hlHDqDua2Fiq4N4wTwK6vA3mob7NakU3 Guqv5G0XedUBJFTfOLXPOokteorQqgXl90CLHTPmQz3TUgX4X4AofEJnh w==; X-IronPort-AV: E=McAfee;i="6600,9927,10712"; a="340941496" X-IronPort-AV: E=Sophos;i="5.99,278,1677571200"; d="scan'208";a="340941496" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 May 2023 12:16:00 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10712"; a="678966984" X-IronPort-AV: E=Sophos;i="5.99,278,1677571200"; d="scan'208";a="678966984" Received: from unisar-mobl.ger.corp.intel.com (HELO box.shutemov.name) ([10.251.219.243]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 May 2023 12:15:52 -0700 Received: by box.shutemov.name (Postfix, from userid 1000) id D219F10C8C1; Tue, 16 May 2023 22:15:49 +0300 (+03) Date: Tue, 16 May 2023 22:15:49 +0300 From: "Kirill A. Shutemov" To: Ard Biesheuvel Cc: Dave Hansen , Borislav Petkov , Andy Lutomirski , Sean Christopherson , Andrew Morton , Joerg Roedel , Andi Kleen , Kuppuswamy Sathyanarayanan , David Rientjes , Vlastimil Babka , Tom Lendacky , Thomas Gleixner , Peter Zijlstra , Paolo Bonzini , Ingo Molnar , Dario Faggioli , Mike Rapoport , David Hildenbrand , Mel Gorman , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, aarcange@redhat.com, peterx@redhat.com, x86@kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, Dave Hansen Subject: Re: [PATCHv11 6/9] efi/unaccepted: Avoid load_unaligned_zeropad() stepping into unaccepted memory Message-ID: <20230516191549.tjub26jvlqymp27x@box.shutemov.name> References: <20230513220418.19357-1-kirill.shutemov@linux.intel.com> <20230513220418.19357-7-kirill.shutemov@linux.intel.com> <6fe42f66-819c-f2c8-176b-759c1c5a9cf5@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Stat-Signature: 5s8k57sb88dbogi9md986fti8r66rrau X-Rspam-User: X-Rspamd-Queue-Id: 910EB180013 X-Rspamd-Server: rspam07 X-HE-Tag: 1684264562-573257 X-HE-Meta: U2FsdGVkX1+4oBaFd8KQMDSwjAkTd3iOoJqeEYpAgT+g/aXI3DcXrYRCFD5/29MQ8c9VaqVJsWaioX4UJfmHDCIkaMlC7+6EjG5tXLYJBG1xVueoIHUL5s4c8/iJ39UnXOWegkK13+90Tby183Yy5JV9YDW0J75ZfGHVlObKpSkJ4SaSbdkP2UqlUlg4b7a9tOt0QlCfogOBJZFIh7aF6eU0BEeaNwlJM9T/aPoyjXaRzLKnGLXdF3Ljsv/cDmCtvDdN6Iblplw5EtE+8YGqflXWmcbXxTFyT+ryvwVZ5qlcWEA2qPJpp8Ov7z5gk23Xzp7dkreyv4XgaHYAIDQKaTpN4VUXqsQte+BaQVb/lvYLeptOudZzxCYFjoY2CrqgiYPDNEkpOF0JX9/yOJZaYMVieWKCcMAAOfTiQLIlnhj3SQf9TofsxzxmCX9TY5T2TbufYNoesHoSx4j3l+MTC3w12iucu2TWJFEoeh8VqUFkhqKLXUKOjFuEYuzFK+gEtZB5UTaaocKDdBC3po3+nlUO5XKUbPxTEnVc/GDS3aj5oFqa/f81UEyybrJH+JbBl8HsYaa5VeMlZXdko0JB3TEBOiIumTvAErGmjGhN+shEgAmV0xkq5SbSWtenf10itlJYlg4C6w7s1z1lsKOxaNAmwD1glnOZCUOin1vkW0UcIUto5QF1nBRzmEhHtjJodyPZQlRleBOfTRkJeeQ3k5e/jX1d48Ut0WiG4wCMwBVaKQ6tnPV0sBvEt7fxW3DFn2Ot2ZP5IPV0dUtx+0RoRcJisXAhZCsu1mpqlLkoXuktBzok+hozbphvqL5YUZng065fhugMHs6+H5lkj8J/KPvVTB3NZB0iBKuK1ZwOOecBzQAlzefLTN2uIaHoSY04iiFOvBqBCfJP5bfnG7Xdy02cDiNI6rL0TjckkQG6GIAFVkFTazH9PaK3MuEe9e2bC7e35IBDIugocr7OcEg U3E6XLHh GJ6r2PrkkBD3VTUIuph53HE4VjvurkApZZOJRBR7dDpzjd0NMfxbJcq51w5PCLxKaZ9p+7FUFvgzS7d3d91TIHv8XYS2cW6Hl7DdCOqI0yag5r9hUZE+mzxcq007EvvQjObiFAvKV6xsq8fflQ22RKHU/Rc/phM4vBlkF7fYzGxcDhvx7TgRLA5Yg/Q== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, May 16, 2023 at 08:35:27PM +0200, Ard Biesheuvel wrote: > On Tue, 16 May 2023 at 20:27, Dave Hansen wrote: > > > > On 5/16/23 11:08, Ard Biesheuvel wrote: > > >> But, this approach does not work for unaccepted memory. For TDX, a load > > >> from unaccepted memory will not lead to a recoverable exception within > > >> the guest. The guest will exit to the VMM where the only recourse is to > > >> terminate the guest. > > >> > > > Does this mean that the kernel maps memory before accepting it? As > > > otherwise, I would assume that such an access would page fault inside > > > the guest before triggering an exception related to the unaccepted > > > state. > > > > Yes, the kernel maps memory before accepting it (modulo things like > > DEBUG_PAGEALLOC). > > > > OK, and so the architecture stipulates that prefetching or other > speculative accesses must never deliver exceptions to the host > regarding such ranges? > > If this all works as it should, then I'm ok with leaving this here, > but I imagine we may want to factor out some arch specific policy here > in the future, as I don't think this would work the same on ARM. Even if other architectures don't need this, it is harmless: we just accept one unit ahead of time. -- Kiryl Shutsemau / Kirill A. Shutemov