From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E090EEB64D7 for ; Tue, 20 Jun 2023 16:06:26 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6211A8D0003; Tue, 20 Jun 2023 12:06:26 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5D1E08D0001; Tue, 20 Jun 2023 12:06:26 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 472888D0003; Tue, 20 Jun 2023 12:06:26 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 3A0E68D0001 for ; Tue, 20 Jun 2023 12:06:26 -0400 (EDT) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 7D0CC1611EF for ; Tue, 20 Jun 2023 16:06:25 +0000 (UTC) X-FDA: 80923603530.16.160AE83 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf29.hostedemail.com (Postfix) with ESMTP id A095C120182 for ; Tue, 20 Jun 2023 16:04:24 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=fV3Ds+ld; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf29.hostedemail.com: domain of david@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=david@redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1687277065; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=+QqdU7GkDQhFCN54Fcp3vfTEcL3yBRMC5K6R5qPbNUw=; b=QFxj/V3HNxCqovaDAgC9xzZ43GgkIvOz9nl3dqdSNGcsJbQGvY5R7ssspAs4IXqiClxasR Hl9Mi5kqMe8DqYpCSctlk0CYf7PXeonNW9ZpF3M6hmC2wfkyll0RvXNVnxVvOXmXOQrK36 SkZgrZ0w7/u1GAwiXFEB/RmQUEqvA9A= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=fV3Ds+ld; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf29.hostedemail.com: domain of david@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=david@redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1687277065; a=rsa-sha256; cv=none; b=wlusx8pyKPzdqFaQyNBjK+6PnylHAN42RLoIgY77unUXs+JuziiE/bruOO8o2DwfR+o4iP Y9JqRvJqYkOkv7qu6SDk43tUgQGbXCnY/pv1YDV4XKkOAzEHbw5w/0MGwURyLZSA6VDBq5 vEBiEq0COHo6AWDo5gIS+UwhVcbnLWw= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1687277061; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+QqdU7GkDQhFCN54Fcp3vfTEcL3yBRMC5K6R5qPbNUw=; b=fV3Ds+ldVd270PHPU4ojFWac2dXsmOoN5AffNRGE3cuRGk+3IxtP35zvSgbyHMJHj1P7ul JGz3atk3M/6Gct4yihPl28B63Giuu+AuykgPbJ0lE5kYDe4pqrQuVsj0WB1zv13p/xb8kH UqroTBeUgg/hL8qUfo0Zsq5uVs43Ccc= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-32-SL_tccqwNxy5SnN_YVAk6w-1; Tue, 20 Jun 2023 12:03:50 -0400 X-MC-Unique: SL_tccqwNxy5SnN_YVAk6w-1 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-3f7e7cfcae4so26368365e9.1 for ; Tue, 20 Jun 2023 09:03:33 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687277012; x=1689869012; h=content-transfer-encoding:in-reply-to:subject:organization:from :references:cc:to:content-language:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+QqdU7GkDQhFCN54Fcp3vfTEcL3yBRMC5K6R5qPbNUw=; b=ffVNeggn31hcI7SlRCq5TojYH8TtV8v3k6ppNtjrkbqnTsKmlxHdPFtoDenS1nYNLv RfjP6Jxi9Sqi78kUrjXscx5g5XHTPVRiivq2pj4PlPngx1cP97+KXgBn14jeIJrTl6DL qEvJAz652Do9HLYg0FM92e0yvcuZFghRi8eMebG3Blyx5kvOxSNntu2smeIUerA79K1D kv/0xEPFvnVTec6tFmnxIfZyNkYtKyeOBeSwuMIAJSVpojQcnrkHEZMRLMl/9wm4jhcU WgXCOO6U/GfRcU+xFldgTvt4ZmpkW4nk8dtwnNJ/2Ahc3WlLhMXUGKaLekndEbv4RkZp r9GA== X-Gm-Message-State: AC+VfDyIcQonTi0aYayf3jjolF+eQces5JKs+rfnHgiHXtq1xA031faa 1Rjs9FNF5gTYgi+76QtPlR877haZoLz9q4xDoz7b4cHGLPeXaBcLcyoFsnKBXiBU2GlhWDvna25 HQz6Y635WhlA= X-Received: by 2002:a7b:cd89:0:b0:3f9:137:af7c with SMTP id y9-20020a7bcd89000000b003f90137af7cmr10011873wmj.10.1687277012289; Tue, 20 Jun 2023 09:03:32 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ61lrarMfjZlrZkjJ/W1vUZw/v7MfmOMrcSXIPEfWRJscK2bUg0DxFkiod61KlmAL7Fgz7IcA== X-Received: by 2002:a7b:cd89:0:b0:3f9:137:af7c with SMTP id y9-20020a7bcd89000000b003f90137af7cmr10011844wmj.10.1687277011873; Tue, 20 Jun 2023 09:03:31 -0700 (PDT) Received: from ?IPV6:2003:cb:c739:d200:8745:c520:8bf6:b587? (p200300cbc739d2008745c5208bf6b587.dip0.t-ipconnect.de. [2003:cb:c739:d200:8745:c520:8bf6:b587]) by smtp.gmail.com with ESMTPSA id k4-20020a05600c0b4400b003f727764b10sm2714531wmr.4.2023.06.20.09.03.30 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 20 Jun 2023 09:03:31 -0700 (PDT) Message-ID: <216753fd-c659-711e-12d0-d12e34110efc@redhat.com> Date: Tue, 20 Jun 2023 18:03:30 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 To: Dave Hansen , Kai Huang , linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: linux-mm@kvack.org, kirill.shutemov@linux.intel.com, tony.luck@intel.com, peterz@infradead.org, tglx@linutronix.de, seanjc@google.com, pbonzini@redhat.com, dan.j.williams@intel.com, rafael.j.wysocki@intel.com, ying.huang@intel.com, reinette.chatre@intel.com, len.brown@intel.com, ak@linux.intel.com, isaku.yamahata@intel.com, chao.gao@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, bagasdotme@gmail.com, sagis@google.com, imammedo@redhat.com References: <86f2a8814240f4bbe850f6a09fc9d0b934979d1b.1685887183.git.kai.huang@intel.com> <723dd9da-ebd5-edb0-e9e5-2d8c14aaffe2@redhat.com> From: David Hildenbrand Organization: Red Hat Subject: Re: [PATCH v11 04/20] x86/cpu: Detect TDX partial write machine check erratum In-Reply-To: X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: A095C120182 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: w4ddozud1a6q7m9ggb6sfesptifr3fu9 X-HE-Tag: 1687277064-568629 X-HE-Meta: U2FsdGVkX1/zdb51B5/dNOAFy1PP/6uQOs/fXPi/kfqWfMhcgD46uUYP38Vvwjrf28mpCLVfofuL+Dgz9dqkUzuC8tDlYJq4gEU7ImQvp6UsXGj+Y5cFF1oWWBED9+4mpTeAhWa3ogmv3/okUIkL3qz6l7KWMCjBdW2j8z6n01BTitTzM6IVhAbHCKlY3AV+A5250FJjHyjstyvSiSk9sN/+Xz9mrfW1MTnZygqwq5KlVeatEBkROuTTKlghn7TinQKJythx88w3cgJ5qNLIMmd1BJF1ewvbdyoDmJn7epVOr+Xwm6TFlPRguZtPjRS1n+BYj8hCruG1qjj0w59E85ZJiKExgoW+dh4QRnWlqEwCKmmQdjRFw/JRHBqC4nXmQwMIoYuJDet71bmQMRemv15oEgTGWwhUoE4EZZFqXrpJbxKuEjnRwjpBHzKglknaP8lvGHIHBMgW0gdGaOGc6AIhN6trI5g0tWLkJ2h3eraRCPpE0OgIEBffKTYyV8f+Owxd9oUOfmGJDHMs9Luqn8NQnUWOdjb3my0wVnfdxewP6qBE7ubCpC7dFZsExU6GbLvu+NqoSKqDHlLmQfOh6W6V212MUYBIRSmB6SqJEGvXreo16jap4b2OcYbOY7iYvPOLEjAgYOjdtgF3yL+vu1/CafZNWtyBKUrmekQuHWqAxC1KnMMI8dioZiRB2X2/wcNskF62ds/JG6UrryG67LfsmjdXEaX26+ul3tvMkgQgf/A5Spc3xvl2rJ2BmrWvHLSG/PRv/X3D8xgVtGe+vwcbCpA5AueVtggCxCaR6+crs/dySogMJAfwny0G8GovfjpHnFPdqg21k/VgBpBO27cKQ9a2i5tCD9aGe5vLuTSZVRKyickfFYBp4gwVZjPZS5paT2J1LeJnwte4nHGFPqMy9AiZe937jwzddsI5DAh2Sxa4nKJQJokl6h/pj9KoHdS+9XgZphSPwvvwpHB N6htGLaG KKGz5mjoaurD0KTiZxUWlJTKnU+0YWkP4jxUwqjz2EdL97s9EEIDbxvBP3eftOa1DuFCOCAL8rufvxhoqegpoPf4aI3iBaLiFtFgBRowkxLtsy9P/y7JEAdYm6lINT7wI4iznVluCqpeENj7lIb2YuzGWWIhOnsebNCF5qo4kToPMnieSxodShLuhmNvpOMX3Nzna2Nq86MSbJAwgwI9Jb/PIbZPaIMOCvCiNuybAzxIt8TPgzYj3jwFljS9djHZg6JbKnpisMLbYfyiUWf7rLk9coMHU0oQ8Y3B5aL8W4tx0xk5uE8X3/0B6xxZyq3JD0sWAieaaVdYHqnPfhOH0cijfi8NT+NrCtMMRv0KDzSZ2z2Hf4s4bJGCF92yyZ118SUTw X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 20.06.23 17:39, Dave Hansen wrote: > On 6/19/23 05:21, David Hildenbrand wrote: >> So, ordinary writes to TD private memory are not a problem? I thought >> one motivation for the unmapped-guest-memory discussion was to prevent >> host (userspace) writes to such memory because it would trigger a MC and >> eventually crash the host. > > Those are two different problems. > > Problem #1 (this patch): The host encounters poison when going about its > normal business accessing normal memory. This happens when something in > the host accidentally clobbers some TDX memory and *then* reads it. > Only occurs with partial writes. > > Problem #2 (addressed with unmapping): Host *userspace* intentionally > and maliciously clobbers some TDX memory and then the TDX module or a > TDX guest can't run because the memory integrity checks (checksum or TD > bit) fail. This can also take the system down because #MC's are nasty. > > Host userspace unmapping doesn't prevent problem #1 because it's the > kernel who screwed up with the _kernel_ mapping. Ahh, thanks for verifying. I was hoping that problem #2 would get fixed in HW as well (and treated like a BUG). Because problem #2 also sounds like something that directly violates the first paragraph of this patch description "violations of this integrity protection are supposed to only affect TDX operations and are never supposed to affect the host kernel itself." So I would expect the TDX guest to fail hard, but not other TDX guests (or the host kernel). -- Cheers, David / dhildenb