From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.3 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 673E4C433E0 for ; Tue, 16 Feb 2021 18:33:59 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 1637E64E28 for ; Tue, 16 Feb 2021 18:33:59 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1637E64E28 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id A41806B006E; Tue, 16 Feb 2021 13:33:58 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 9F1F06B0070; Tue, 16 Feb 2021 13:33:58 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8E2CD8D0002; Tue, 16 Feb 2021 13:33:58 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0047.hostedemail.com [216.40.44.47]) by kanga.kvack.org (Postfix) with ESMTP id 780B76B006E for ; Tue, 16 Feb 2021 13:33:58 -0500 (EST) Received: from smtpin01.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 2A32F8407 for ; Tue, 16 Feb 2021 18:33:58 +0000 (UTC) X-FDA: 77824980156.01.A394E19 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by imf10.hostedemail.com (Postfix) with ESMTP id B3A77407F8C4 for ; Tue, 16 Feb 2021 18:33:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1613500436; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7b8D3TIT3PxzxgiATxmMr39lw1+Cfd11LR4tG+hobCE=; b=HOZQyHjoLrLQxBrQMWU2YPcUm1jtcAD4RlAgqmsSezYlaPCqFscjdiG3XeEgeKTyaL76mA Fyh1Eb8hxXAZj+elswQ+lXM3JF3zqk4pgoi2APfREkcYqqng5KsE9LpnqZMfm/d5Pb23Vf kfh//fkpT5ygnGZl506cMoq1pgvKRM0= Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-360-B-I0fkufOZSqONUbyOqDhw-1; Tue, 16 Feb 2021 13:33:55 -0500 X-MC-Unique: B-I0fkufOZSqONUbyOqDhw-1 Received: by mail-wm1-f71.google.com with SMTP id c125so10871719wmf.9 for ; Tue, 16 Feb 2021 10:33:55 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=7b8D3TIT3PxzxgiATxmMr39lw1+Cfd11LR4tG+hobCE=; b=MNFrjNehTC8Yeq6qvLUm0uF5UAva51/fexchtbp3yuLb3Cvs03ALDxC7yLhlLTy7Xu 2Zne6XSbLKEnAQAr1F3T6gfWF3Ggs11x5B+nR0/T4iss6RyV6d+0oLPz4oU7ysy9tn2v 7LoZEv637x/tZDQpoEiHk05u7eSobl5JnUIXKMKbfmXdpghx1QplSv0FfXCkgr2vBsUQ 3TjnlT1jogqTNn1WAzwWWzR/UPfMbK9dCI20Elh7mpqCgEbLhd+yOISRT6ZwtqisVxX+ XhRCcC2PsS05qArY+d0xFOzeytjUYe0KtvJP8vu0aS+Ek5Twj9qNCIF545d+02OFlVo3 ABQQ== X-Gm-Message-State: AOAM530QJcCZyHgSLjf6fyGgf8yh7bJdSQc0znPTLkzkLi+3BNrBgRAM /NzVXMk/14BGzhF2T3+p1iA8Tx+eL41P6g8X8vs6sQsNCeWX1zJZWBKPqI/hYIkl9mPEJ45sqDv rw21v5nTqkKciPL2SJMgvK+bN9wZ2AGMWV0JyjSyR1AeVJfZX1QWMK/FtKae/1SY= X-Received: by 2002:a7b:cbd4:: with SMTP id n20mr3504235wmi.171.1613500433749; Tue, 16 Feb 2021 10:33:53 -0800 (PST) X-Google-Smtp-Source: ABdhPJzfdMS5X3sFg/xPXStsknT+g1lbwbIbekMauD0Y2Hw1ACOyV35erItku/PElJxtA+zi4WPplA== X-Received: by 2002:a7b:cbd4:: with SMTP id n20mr3504197wmi.171.1613500433427; Tue, 16 Feb 2021 10:33:53 -0800 (PST) Received: from ?IPv6:2001:b07:6468:f312:c8dd:75d4:99ab:290a? ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id m24sm6595611wml.36.2021.02.16.10.33.51 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 16 Feb 2021 10:33:52 -0800 (PST) Subject: Re: AMD SEV-SNP/Intel TDX: validation of memory pages To: Joerg Roedel Cc: Peter Zijlstra , Andi Kleen , David Rientjes , Borislav Petkov , Andy Lutomirski , Sean Christopherson , Andrew Morton , "Kirill A. Shutemov" , Brijesh Singh , Tom Lendacky , Jon Grimm , Thomas Gleixner , Christoph Hellwig , Ingo Molnar , x86@kernel.org, linux-mm@kvack.org References: <20210212152813.GA28884@suse.de> <20210212161849.GB28884@suse.de> <20210216100045.GE28884@suse.de> <20210216142741.GI365765@tassilo.jf.intel.com> <5ff9690f-331a-8322-3431-212b14f64fcc@redhat.com> <20210216162504.GH12716@suse.de> <92003e9a-c532-bede-1200-ef3b8f50bc6e@redhat.com> <20210216182640.GI12716@suse.de> From: Paolo Bonzini Message-ID: <7a4acbf7-e920-e509-0017-edf2390370ed@redhat.com> Date: Tue, 16 Feb 2021 19:33:51 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0 MIME-Version: 1.0 In-Reply-To: <20210216182640.GI12716@suse.de> Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=pbonzini@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Stat-Signature: h1ojqmrxwn4o7drfuozu8j456ao7m8tx X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: B3A77407F8C4 Received-SPF: none (redhat.com>: No applicable sender policy available) receiver=imf10; identity=mailfrom; envelope-from=""; helo=us-smtp-delivery-124.mimecast.com; client-ip=63.128.21.124 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1613500434-21431 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 16/02/21 19:26, Joerg Roedel wrote: > On Tue, Feb 16, 2021 at 05:48:29PM +0100, Paolo Bonzini wrote: >> We should minimize the number of #VEs that we get, as they are very slow. >> Could almost everything that can invoke a #VE go through pvops and be turned >> into a TDCALL? And if so the same should be true for SEV-ES #VC as well. > > The problem with that is that it requires the guest to know what the > hypervisor will intercept or what instruction will cause a #VE. I > considered this paravirtualization for #VC, but stayed away from it for > that exact reason. You can't easily know which MMIO-access will cause a > #VE/#VC exception. Probing also doesn't work, as the Hypervisor can > change that at runtime. There is just no decent way to handle that > without taking the #VE/#VC. Or take 'hlt' for example, there are > hypervisor configurations which don't intercept it. How do you know that > from within the guest? I'm thinking that the SEV-ES/TDX specs and the hypervisor's PV interface (CPUID/MSR) should tell the guest what to invoke directly, not the other way round. TDCALL-ing out should always be possible. Not saying this is the case right now, but I think the SEV-ES and TDX specs should evolve in that direction. Paolo >>> I guess those could all be replaced direct TDCALLs, >>> but the question remains whether this is possible with MSR accesses, means >>> that the list of MSRs which will cause #VEs is statically defined and >>> doesn't change between hypervisors. All in all this sounds hard to >>> maintain and easy to break by unrelated changes. >> >> I would expect that all MSRs except for a handful (SPEC_CTRL/PRED_CMD, the >> FS/GS/kernelGS bases, anything else?) would be redirect to TDCALL. > > You never know which HV your guest runs under and what it intercepts. It > can certainly be made part of the Spec to only allow direct access to a > given set of MSRs in a TDX guest and require to intercept everything > else. But that Spec probably requires constant updating and will > certainly cause compatibility headaches in the future. > > Regards, > > Joerg >