From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 49185C19F2B for ; Thu, 4 Aug 2022 10:56:26 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id ABA128E0002; Thu, 4 Aug 2022 06:56:25 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A68A08E0001; Thu, 4 Aug 2022 06:56:25 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8E2468E0002; Thu, 4 Aug 2022 06:56:25 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 7BE258E0001 for ; Thu, 4 Aug 2022 06:56:25 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 3FC19ABED5 for ; Thu, 4 Aug 2022 10:56:25 +0000 (UTC) X-FDA: 79761606330.17.901DADE Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by imf14.hostedemail.com (Postfix) with ESMTP id BE1E6100134 for ; Thu, 4 Aug 2022 10:56:24 +0000 (UTC) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 84CC520EDD; Thu, 4 Aug 2022 10:56:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1659610583; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mlktYDm7Q9WWK6B+W/bogBPhH4hH8aSA3B4MxQAXBh8=; b=TPP8b3t9rP/4eLEeZXO6gehvwrqcL7GwZPmNp1ThS0tbE/j1542zCGpq07mMbmExjzmwlX lXfgzuJ0CY6iYJqXmo4ApAu9S70VWGRjriAiRy5aI4x0SlodVrU8dHzjD3ON/ppZumNNz6 +x3nxSFky7Yjy+JgErlSstlF1EA2l8I= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1659610583; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mlktYDm7Q9WWK6B+W/bogBPhH4hH8aSA3B4MxQAXBh8=; b=o817tBQaO2BN6keT74Cjjte1SJotvXncGsbi9oVX1SnL7Y2Brd2tIf1H/kzQQWeXDBGYly BMVwf/IvHGGT+ZCA== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 06ED513A94; Thu, 4 Aug 2022 10:56:23 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id YtDiANel62J/GwAAMHmgww (envelope-from ); Thu, 04 Aug 2022 10:56:23 +0000 Message-ID: <5c6e8435-22bb-234a-87a1-96c9f4e93dc9@suse.cz> Date: Thu, 4 Aug 2022 12:56:22 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.0.3 Subject: Re: [PATCH Part2 v6 27/49] KVM: SVM: Mark the private vma unmerable for SEV-SNP guests Content-Language: en-US To: Ashish Kalra , x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, seanjc@google.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, michael.roth@amd.com, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, dgilbert@redhat.com, jarkko@kernel.org References: From: Vlastimil Babka In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1659610584; a=rsa-sha256; cv=none; b=sHmWZHozTk51rpnPI+f14/PDNr3L9bhXXc6Ltw9cUkudrOQ7o7Q174ZH0IoMbR+uloSu8B MrhxDonDg8vxLoZrj+pNhlsxxIa4YE5YwK5nB248lMDV44wX+6+NHsxht74FJnLGIEjJoO EQb0JaEba5fmH43EfD1jFrRGl9dgJ68= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=TPP8b3t9; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=o817tBQa; spf=pass (imf14.hostedemail.com: domain of vbabka@suse.cz designates 195.135.220.29 as permitted sender) smtp.mailfrom=vbabka@suse.cz; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1659610584; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=mlktYDm7Q9WWK6B+W/bogBPhH4hH8aSA3B4MxQAXBh8=; b=mVm2D+EcmfaPC53LCFN5VO+Tc3QvKo3zEQ3rV0LNPpO5ctDqbmyfbjXy7B5lYGqkMgS6/g mCl6yKqI6niS9E8VeGCFW7NL+NtOzCPq3PNdy/s8xHXQv6sFOpMvd0SFf8kTiwh4qivBAS jHWM1t44zgVgABhSFBheaLZuk3UtXIQ= X-Rspamd-Server: rspam04 X-Stat-Signature: g9z565afjz6hau8ns9tdcytihnerfum5 Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=TPP8b3t9; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=o817tBQa; spf=pass (imf14.hostedemail.com: domain of vbabka@suse.cz designates 195.135.220.29 as permitted sender) smtp.mailfrom=vbabka@suse.cz; dmarc=none X-Rspamd-Queue-Id: BE1E6100134 X-Rspam-User: X-HE-Tag: 1659610584-322431 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 6/21/22 01:08, Ashish Kalra wrote: > From: Brijesh Singh > > When SEV-SNP is enabled, the guest private pages are added in the RMP > table; while adding the pages, the rmp_make_private() unmaps the pages > from the direct map. If KSM attempts to access those unmapped pages then > it will trigger #PF (page-not-present). > > Encrypted guest pages cannot be shared between the process, so an > userspace should not mark the region mergeable but to be safe, mark the > process vma unmerable before adding the pages in the RMP table. > > Signed-off-by: Brijesh Singh Note this doesn't really mark the vma unmergeable, rather it unmarks it as mergeable, and unmerges any already merged pages. Which seems like a good idea. Is snp_launch_update() the only place that needs it or can private pages be added elsewhere too? However, AFAICS nothing stops userspace to do another madvise(MADV_MERGEABLE) afterwards, so we should make somehow sure that ksm will still be prevented, as we should protect the kernel even from a buggy userspace. So either we stop it with a flag at vma level (see ksm_madvise() for which flags currently stop it), or page level - currently only PageAnon() pages are handled. The vma level is probably easier/cheaper. It's also possible that this will solve itself with the switch to UPM as those vma's or pages might be incompatible with ksm naturally (didn't check closely), and then this patch can be just dropped. But we should double-check.