From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70B69C46CD2 for ; Sat, 27 Jan 2024 15:45:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9D9576B008A; Sat, 27 Jan 2024 10:45:30 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 9627C6B008C; Sat, 27 Jan 2024 10:45:30 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7B4AC6B0092; Sat, 27 Jan 2024 10:45:30 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 652B66B008A for ; Sat, 27 Jan 2024 10:45:30 -0500 (EST) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id E68C41C0EE6 for ; Sat, 27 Jan 2024 15:45:29 +0000 (UTC) X-FDA: 81725515578.01.D8F0CB0 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2066.outbound.protection.outlook.com [40.107.94.66]) by imf13.hostedemail.com (Postfix) with ESMTP id E58A220019 for ; Sat, 27 Jan 2024 15:45:26 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=VM0q+w5H; dmarc=pass (policy=quarantine) header.from=amd.com; arc=pass ("microsoft.com:s=arcselector9901:i=1"); spf=pass (imf13.hostedemail.com: domain of Michael.Roth@amd.com designates 40.107.94.66 as permitted sender) smtp.mailfrom=Michael.Roth@amd.com ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706370327; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=eIgWZRkoHR8/peI0RlxwsM2rSt1Umjo3Dmebk+MIZtI=; b=VGxF3voW9WsfBVdWeonQxvEGdW6favVwH8NtsSG9bciaq1U/ZtcW0PG0vaIEBMdKybAIen IiZcEcrcEmwC3Zf7/j5Cw6XnqsDfdTkcP1Z7MjwHwWf4HOEIdl8o+6W7mwhpzOcyxOt0Cf 24O0wCcppUKBl9gtcnNVmRWUVymIQFg= ARC-Authentication-Results: i=2; imf13.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=VM0q+w5H; dmarc=pass (policy=quarantine) header.from=amd.com; arc=pass ("microsoft.com:s=arcselector9901:i=1"); spf=pass (imf13.hostedemail.com: domain of Michael.Roth@amd.com designates 40.107.94.66 as permitted sender) smtp.mailfrom=Michael.Roth@amd.com ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1706370327; a=rsa-sha256; cv=pass; b=YkusgrFU1tK9m6lfOBJ4fmf/RbjG4LLeMJWisIRtNj9FswuElxyJactRiFHHz1SDg06BZa vvkz8ru3qzKbzKM9XjG+a9fL+8N/6+ZPT1LDtNrFpuO03BfpLiejtLbQyjL5ynBZsa+myJ eXw5/FMFg/GQxzZCejkyGqcUToPnw7s= ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YI7Shyar2bN32WpDzsK313uAHkaQ6IM+JPitk98C1SwpCZPaR6WW+YMPeHokxbbieVqIAua5vY0bC1d42YLVq0mGSesAacISioGlFCjDrdBGY4kiks/0E7T9AoFjQGwxK0OLjn35GY7olcHScZnC423rHe7lSic38fPutJbIUlcq3rK4HXENEQ2cY7qfwcEfIvD1lOymLnmpQQaax7y2L3EeTYx0MMl5SAZcUZZAcNtCOYaaPazZ70U7fc/HtqOhFil+AxBxCUEF7lfiZ3gzTjazg/qYARlp49DJvf/R/791ec8a0+2CVwe68Q2y/kaNVaq0evY1zkFWQFw2h1g3BA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eIgWZRkoHR8/peI0RlxwsM2rSt1Umjo3Dmebk+MIZtI=; b=FRJgvbb6uGaGlI86PHFyyLfhzdxj0vYgt1B93IRYYwzVjNpNFrbcMCoKX2L51leFPkNuduob/aOtCaV/dbw6XNWNvJYkdKOWIA5LvtsF9Lc97fnUwGpZa7bx8mMkyUrCKaRbn9NLKywJc2t5m7SvLHYHlPXGPMKIwTNBjY5OLOkXFBA+0bBXjNaVk8sGisBjISRbrkSJRXO+RXAS98dFHcVo8T0CAOF11x4KVTi963r1DNtDm6QPMTErxTduvBZUlWiNLR/bd/LVsXYDhoC8rHjF70K7UjaOdw1EiMnEJ7Io9k+RdF34LBzx02lKvJvZivhnGpAo1zm0YUFh9Y/2Ew== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=alien8.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eIgWZRkoHR8/peI0RlxwsM2rSt1Umjo3Dmebk+MIZtI=; b=VM0q+w5HG9BR0v2QTQxSOWGWMiOegojSJdyPszSKVnSYfYTrgZYsTMSnfnK1QP2l5/IpZQGNsHRHYDGLXDbd/D3vhb/nFZTyKp4zDs6reSsiBXnxiFnnbsxKO3El912vgk0Pwo3dHNDoBlO8NOdfB6HFKk1K/5DTRoRVhZqzLAA= Received: from BL0PR02CA0107.namprd02.prod.outlook.com (2603:10b6:208:51::48) by BY5PR12MB4258.namprd12.prod.outlook.com (2603:10b6:a03:20d::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.31; Sat, 27 Jan 2024 15:45:21 +0000 Received: from BL6PEPF0001AB55.namprd02.prod.outlook.com (2603:10b6:208:51:cafe::8b) by BL0PR02CA0107.outlook.office365.com (2603:10b6:208:51::48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.30 via Frontend Transport; Sat, 27 Jan 2024 15:45:20 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB55.mail.protection.outlook.com (10.167.241.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7181.14 via Frontend Transport; Sat, 27 Jan 2024 15:45:20 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Sat, 27 Jan 2024 09:45:19 -0600 Date: Sat, 27 Jan 2024 09:45:06 -0600 From: Michael Roth To: Borislav Petkov CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Subject: Re: [PATCH v2 11/25] x86/sev: Adjust directmap to avoid inadvertant RMP faults Message-ID: <20240127154506.v3wdio25zs6i2lc3@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> <20240126041126.1927228-12-michael.roth@amd.com> <20240126153451.GDZbPRG3KxaQik-0aY@fat_crate.local> <20240126170415.f7r4nvsrzgpzcrzv@amd.com> <20240126184340.GEZbP9XA13X91-eybA@fat_crate.local> <20240126235420.mu644waj2eyoxqx6@amd.com> <20240127114207.GBZbTsDyC3hFq8pQ3D@fat_crate.local> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <20240127114207.GBZbTsDyC3hFq8pQ3D@fat_crate.local> X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB55:EE_|BY5PR12MB4258:EE_ X-MS-Office365-Filtering-Correlation-Id: 11b8c8e4-a730-4017-64e4-08dc1f4ef7a8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: T0uix9xMryNqjhgdI4rJ7He12MGm+7IlakDuSdpDu04OLYaLmBJSVIYMknC5gGl0IqHyOy6o5pkfwUb2Z/g4oivTZZOlLFlOOE3EPRxp0x3/VSPdZGzcvTxH8Qtj6u7giYSMwn7l2qwyHuzCjGHD3XZ7eJNBOU9yVgUk36MwlaBJd23LK4dJUGCbq8AKMTgxqSXfHxrbcC0edKlbO7hv6MZxD+InyVstTluWmvL0AK3vA0JHPeActObYayg00muhuqUIhcaIXvA9NRnvtEk5QKlVRIUYioc72ZYMtlzazdqdBGC6azfTFg4Axx1G7JBXSEmWI1RYCBl8RG5hnHHunI/TaGojHRmv3do0i6NHpPw4n66G0ug3zSnHkeKC5+spG5haSv7RtKqBMVkmLnyi410VSllcH1BSDDz6PEtGdA+4RLlaVy5Vud9NSuxTr0lrT9GiIAQznciz4lybk8kgbzAiZy1UtkhkKcuGfstg2HzmHqsh5FbOUez7Yhu6JFqg2sfXionKPaLXZCDxdDe2fecD75PRQRQpT97RsjIT3mR7ekskObliTc5DLWtx0o2umI2Vqp5v5tM65GbeTfdmumfPVP8Dyn+edGWVABBX8sQYlVVQgWf4tOkCN8MrQOS+t1FCfRSjowTL9ifes8/+9xqG8tNaKkmwq29Wx3sjdJ50zN3/X0QF/7L9KEa7fza+Yh5FjIt+R141kx9a0SAL5bL6BFQO3UgyFoUbNVYql91Ucsn6bPMinxepCkfjXwl1fbayeP/uhvz7JakBMjvH3w== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(396003)(376002)(136003)(346002)(39850400004)(230922051799003)(451199024)(82310400011)(186009)(1800799012)(64100799003)(36840700001)(46966006)(40470700004)(36860700001)(83380400001)(36756003)(47076005)(54906003)(6916009)(316002)(70586007)(70206006)(8936002)(8676002)(86362001)(966005)(478600001)(6666004)(4326008)(26005)(16526019)(2906002)(1076003)(336012)(426003)(44832011)(7416002)(7406005)(2616005)(5660300002)(41300700001)(356005)(40480700001)(40460700003)(81166007)(82740400003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jan 2024 15:45:20.2061 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 11b8c8e4-a730-4017-64e4-08dc1f4ef7a8 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB55.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB4258 X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: E58A220019 X-Stat-Signature: 1btyatf8b3m36w37wp9wycc66yjsnmmd X-HE-Tag: 1706370326-68494 X-HE-Meta: U2FsdGVkX1/NH8gO3Ot5TykTcxPcDuIpPVi4iKlQhC0qis24qTirEa+rzbi+LbFq0bAUnu7YFSJSoZDCVUHR7XyFQ2jVpibzC6qRpS6xaVFapttI0fvqf4Ad50no0/WqL6xgOUJVaUvEd4s06kH4Iv5p9qnyZYNgzsPZOKlpYXbBRE4yBIhJjRSEIMYjCG3I0ACinfuKGxwv1yRWNTByorlv4lNbqqzuquW6rCoMD2v+lGUoIT/n9F7wDK+KbVxMWmlmf19fbzAkTY1ZRlpt/GbATyvMrt0BkUIkCJrTZEU1/rkwAQllpnpRenS7SmIEG4cJtW8pimVZCER7r87oUXEnGx5VfY+23OX+PArW9vOkrtkM0gGLBS+uWVx8Y/MPDR4fXmlNeYqs+Nkxtensmehe1B+B2y8+Grp6IuvEjGyy/BxfA0cr89aVK9Zt7uzNCRcQTgmBMk2eYuRfiA/TLxIdutTs30UZSfYi7jOWBgWli39FCLLgOFg4s9NYzrMrlmknz1wbb8AGVTULXTGgESy0UVnf0Q5NXiDSVbgK/jbokZBTK8NFmRA1nQLGvshgQOkvQrBOjTyMAN5E27zHTnjnaNNZjOE2JtVBSgMToKCpi4QJ9fBtWyCDjxfa4U3w758TFgmrAGsY8W6iPquejB5mEeCnJ7anubd7RYsmlCRuunHAkxN8G/2GwDfE3wFMspBZ4VpBkgPqL19uSIyTYohKCQHRej7++HjwrR437VEOIq6nM4zVmg96g24xj22ruvZGQI4k1nFI+MAZaw2eKHC0lf8V7l1gIz+y1JJ4VdVJkDO242PHc8WbnOqTqNqyF3Gqu4Mr2CHHVxvKbj6QBpmQNn20EKZBvLSLeqRLrbOlkuZYlHupsZ9Ai+HaaKHkA1hPJWsayRQUoWTPfYa3lTafJRgr8VqqQtXGSxBinV2mvCwMkhvCmm24XGH5Hdd76NRUadn722c6GEuMGwm uqOcNRrm 4G0k8HzO+iGDhoKYr2FLe5r7L+ZR+whA5Rkjv9E8h70CFHA2eZW/7ttqKw6dlOfnbplb60O7mVN3f0jGaWGprYimM6dhv0R4fOQ+4+H4sfu1qAOUtX09N3cIjMQdwwpSICBRWdSLjNClQQi7Urzu4gOtVWpsXMGs/T77Ozxgeey9rY6Ip6OLZwPQCZsJaimouYggtrfz0JqNEgWfdaXGB07Z73dz7OoE7NjbJHPL+PR1E2xQzmrlQ2569QUdakQScheSGOKIkwCu2RyQnYrJx2rbS4GIOyUQ6ABKua0qVKzU04nV30/yP5KRa6gDlMf9CxDH8x0sF9cEblFKobxDcjrgL8R1uE/20ob6eM1dk+5NvuKeCt0/Pqr+DzbxuYHm5x9zsoRoCPwObS1Q6iy+47hACDRn8NwnzvzNoZWdgRw0qjsI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Sat, Jan 27, 2024 at 12:42:07PM +0100, Borislav Petkov wrote: > On Fri, Jan 26, 2024 at 05:54:20PM -0600, Michael Roth wrote: > > Is something like this close to what you're thinking? I've re-tested with > > SNP guests and it seems to work as expected. > > > > diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c > > index 846e9e53dff0..c09497487c08 100644 > > --- a/arch/x86/virt/svm/sev.c > > +++ b/arch/x86/virt/svm/sev.c > > @@ -421,7 +421,12 @@ static int adjust_direct_map(u64 pfn, int rmp_level) > > if (WARN_ON_ONCE(rmp_level > PG_LEVEL_2M)) > > return -EINVAL; > > > > - if (WARN_ON_ONCE(rmp_level == PG_LEVEL_2M && !IS_ALIGNED(pfn, PTRS_PER_PMD))) > > + if (!pfn_valid(pfn)) > > _text at VA 0xffffffff81000000 is also a valid pfn so no, this is not > enough. directmap maps all physical memory accessible by kernel, including text pages, so those are valid PFNs as far as this function is concerned. We can't generally guard against the caller passing in any random PFN that might also be mapped into additional address ranges, similarly to how we can't guard against something doing a write to some random PFN __va(0x1234) and scribbling over memory that it doesn't own, or just unmapping the entire directmap range and blowing up the kernel. The expectation is that the caller is aware of what PFNs it is passing in, whether those PFNs have additional mappings, and if those mappings are of concern, implement the necessary handlers if new use-cases are ever introducted, like the adjust_kernel_text_mapping() example I mentioned earlier. > > Either this function should not have "direct map" in the name as it > converts *any* valid pfn not just the direct map ones or it should check > whether the pfn belongs to the direct map range. This function only splits mappings in the 0xffff888000000000 directmap range. It would be inaccurate to name it in such a way that suggests that it does anything else. If a use-case ever arises for splitting _text mappings at 0xffffffff81000000, or any other ranges, those too would best served by dedicated helpers adjust_kernel_text_mapping() that *actually* modify mappings for those virtual ranges, and implement bounds-checking appropriate for those physical/virtual ranges. The directmap range maps all kernel-accessible physical memory, so it's appropriate that our bounds-checking for the purpose of adjust_direct_map() is all kernel-accessible physical memory. If that includes PFNs mapped to other virtual ranges as well, the caller needs to consider that and implement additional helpers as necessary, but they'd likely *still* need to call adjust_direct_map() to adjust the directmap range in addition to those other ranges, so even if were possible to do so reliably, we shouldn't try to selectively reject any PFN ranges beyond what mm.rst suggests is valid for 0xffff888000000000. -Mike > > Thx. > > -- > Regards/Gruss, > Boris. > > https://people.kernel.org/tglx/notes-about-netiquette >