From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=4OSM=MM=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-13.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=no
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 50AD5C07E95
	for <linux-mm@archiver.kernel.org>; Tue, 20 Jul 2021 02:01:02 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id E0F9E61166
	for <linux-mm@archiver.kernel.org>; Tue, 20 Jul 2021 02:01:01 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E0F9E61166
Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 8D9078D0003; Mon, 19 Jul 2021 22:01:02 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 8AF8D8D0001; Mon, 19 Jul 2021 22:01:02 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 750788D0003; Mon, 19 Jul 2021 22:01:02 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0103.hostedemail.com [216.40.44.103])
	by kanga.kvack.org (Postfix) with ESMTP id 52C1C8D0001
	for <linux-mm@kvack.org>; Mon, 19 Jul 2021 22:01:02 -0400 (EDT)
Received: from smtpin29.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay03.hostedemail.com (Postfix) with ESMTP id E24178248047
	for <linux-mm@kvack.org>; Tue, 20 Jul 2021 02:01:00 +0000 (UTC)
X-FDA: 78381313080.29.D4AEB23
Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47])
	by imf08.hostedemail.com (Postfix) with ESMTP id 9EA993000242
	for <linux-mm@kvack.org>; Tue, 20 Jul 2021 02:01:00 +0000 (UTC)
Received: by mail-pj1-f47.google.com with SMTP id g4-20020a17090ace84b029017554809f35so1000008pju.5
        for <linux-mm@kvack.org>; Mon, 19 Jul 2021 19:01:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=fhC8Ee84m8n91ic1agZoDi2pwIgBkw63s0oQyQatbeU=;
        b=MVzoQ8/S9EEvfjnmnz3u06MrGwyNTV2MI4XDsyzc7hTDbPd+pQctop5S4YRPYBXh+H
         NYSH/Ndk5n5G+Rfl8dw8FGYZiqQ/dfucJEp05lYYFZISV7uEEtsuyw/x6kmbYtxj7RSk
         +8u7rWJZn7AvNUJJfFjbkXQW3Hr6Wwap6rvVHRhVkNRT2MVztVuFZ57itjqyjWSCEC/c
         afvJ27Po0JXt981iQNIox4Z9FY66RJaB/A7MQN6BQGFlnBtecDuqJxUo+gAUji8RQc3T
         11vK5uIKJhQEWpkAMSAixN8z1y4JX8S09TK47FGjlMjrqgPj7ASt67NZO2PmDE5QTulv
         Ia9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=fhC8Ee84m8n91ic1agZoDi2pwIgBkw63s0oQyQatbeU=;
        b=fzHbdKJQw23tDW3dGTMaFUOMn/vNcilBIxU0kP7wqT+9j3dFkrO8kp/V6ZtvAWYKwp
         m86Td4ZgpzMkQw+8FWdadDMUYJmgGBuioggwBuT2ARejOVABvKXG3sKQ656c8ZvwKM18
         /+qGj6ZYbQEvoZOq8hKZrDri1vH7/zxcg8hNCfWIXm/1ddYV/Rae4rAYBoT9fEQiiNeS
         CR+6nuPq+FF0mziR4UmsRWqaNoiManzzEXK03do4olU4Kg73UtjvfwyxCJyhQtawrmtc
         TMcg0+Fhc/iAnT2pJ+HhUcyT4g6a2CiFhbzC8mntY7vNAJzEFEaYBVYRxeLS3mlDsL8w
         aOHA==
X-Gm-Message-State: AOAM531WKB8JCz+m2uNPl7CLrX00UHtNOgz+kQMNNQr1WszVNedUo8Kh
	i6QadKreFO/0NBWSUVaAjCLofi+NBrXKySM1mssj+w==
X-Google-Smtp-Source: ABdhPJwb5tMwTeB9KzI6ba3L+IPAc2H3/M0IsXe5O4rpl1V3Z+DYi+nYlKvmONJMXuFmmjndn9LnKXLq+E47ZTDV9pI=
X-Received: by 2002:a17:90a:43c3:: with SMTP id r61mr33612552pjg.11.1626746459455;
 Mon, 19 Jul 2021 19:00:59 -0700 (PDT)
MIME-Version: 1.0
References: <YPV27hDPZUoVsIZt@suse.de> <a5ac5af6-7e28-4e9c-e55b-db31842a5911@kernel.org>
 <CAAYXXYwFzrf8uY-PFkMRSG28+HztfGdJft8kB3Y3keWCx9K8TQ@mail.gmail.com>
In-Reply-To: <CAAYXXYwFzrf8uY-PFkMRSG28+HztfGdJft8kB3Y3keWCx9K8TQ@mail.gmail.com>
From: Erdem Aktas <erdemaktas@google.com>
Date: Mon, 19 Jul 2021 19:00:48 -0700
Message-ID: <CAAYXXYyPnM1FE2BPbK-vz-QcZdQxPZmEbayohzt-gCM5V=2TaQ@mail.gmail.com>
Subject: Re: Runtime Memory Validation in Intel-TDX and AMD-SNP
To: Andy Lutomirski <luto@kernel.org>
Cc: Joerg Roedel <jroedel@suse.de>, David Rientjes <rientjes@google.com>, Borislav Petkov <bp@alien8.de>, 
	Sean Christopherson <seanjc@google.com>, Andrew Morton <akpm@linux-foundation.org>, 
	Vlastimil Babka <vbabka@suse.cz>, "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>, 
	Andi Kleen <ak@linux.intel.com>, Brijesh Singh <brijesh.singh@amd.com>, 
	Tom Lendacky <thomas.lendacky@amd.com>, Jon Grimm <jon.grimm@amd.com>, 
	Thomas Gleixner <tglx@linutronix.de>, Peter Zijlstra <peterz@infradead.org>, 
	Paolo Bonzini <pbonzini@redhat.com>, Ingo Molnar <mingo@redhat.com>, 
	"Kaplan, David" <David.Kaplan@amd.com>, Varad Gautam <varad.gautam@suse.com>, 
	Dario Faggioli <dfaggioli@suse.com>, x86 <x86@kernel.org>, linux-mm@kvack.org, 
	linux-coco@lists.linux.dev
Content-Type: text/plain; charset="UTF-8"
Authentication-Results: imf08.hostedemail.com;
	dkim=pass header.d=google.com header.s=20161025 header.b="MVzoQ8/S";
	spf=pass (imf08.hostedemail.com: domain of erdemaktas@google.com designates 209.85.216.47 as permitted sender) smtp.mailfrom=erdemaktas@google.com;
	dmarc=pass (policy=reject) header.from=google.com
X-Stat-Signature: rbhyq169dnytiro3tcxtupdb7wo3x7u6
X-Rspamd-Queue-Id: 9EA993000242
X-Rspamd-Server: rspam01
X-HE-Tag: 1626746460-312206
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

PS: Apologize for sending this twice (resending in plain text mode).

With the new UEFI memory type, option 2 seems like a better option to me.

I was thinking with the lack of new UEFI memory type support yet,
option 3 can be implemented as a temporary solution. IMO, this is
crucial for a reasonable boot performance.

> There's one exception to this, which is the previous memory view in
> crash kernels. But that's an relatively obscure case and there might be
> other solutions for this.

I think this is an important angle. It might cause reliability issues.
if kexec kernel does not know which page is shared or private, it can
use a previously shared page as a code page which will not work. It is
also a security concern. Hosts can always cause crashes which forces
guests to do kexec for crash dump. If the kexec kernel does not know
which pages are validated before, it might be compromised with page
replay attacks.

Also kexec is not only for crash dumps. For warm resets, kexec kernel
needs to know the valid page map.

>> Also in general i don't think it will really happen, at least initially.
>> All the shared buffers we use are allocated and never freed. So such a
>> problem could be deferred.

Does it not depend on kernel configs? Currently, there is a valid
control path in dma_alloc_coherent which might alloc and free shared
pages.

>> At the risk of asking a potentially silly question, would it be
>> reasonable to treat non-validated memory as not-present for kernel
>> purposes and hot-add it in a thread as it gets validated?

My concern with this is, it assumes that all the present memory is
private. UEFI might have some pages which are shared therefore also
are present.

> On Mon, Jul 19, 2021 at 5:26 PM Andy Lutomirski <luto@kernel.org> wrote:
>>
>> On 7/19/21 5:58 AM, Joerg Roedel wrote:
>>
>> > Memory Validation through the Boot Process and in the Running System
>> > --------------------------------------------------------------------
>> >
>> > The memory is validated throughout the boot process as described below.
>> > These steps assume a firmware is present, but this proposal does not
>> > strictly require a firmware. The tasks done be the firmware can also be
>> > done by the hypervisor before starting the guest. The steps are:
>> >
>> >       1. The firmware validates all memory which will not be owned by
>> >          the boot loader or the OS.
>> >
>> >       2. The firmware also validates the first X MB of memory, just
>> >          enough to run a boot loader and to load the compressed Linux
>> >          kernel image. X is not expected to be very large, 64 or 128
>> >          MB should be enough. This pre-validation should not cause
>> >          significant delays in the boot process.
>> >
>> >       3. The validated memory is marked E820-Usable in struct
>> >          boot_params for the Linux decompressor. The rest of the
>> >          memory is also passed to Linux via new special E820 entries
>> >          which mark the memory as Usable-but-Invalid.
>> >
>> >       4. When the Linux decompressor takes over control, it evaluates
>> >          the E820 table and calculates to total amount of memory
>> >          available to Linux (valid and invalid memory).
>> >
>> >          The decompressor allocates a physically contiguous data
>> >          structure at a random memory location which is big enough to
>> >          hold the the validation states of all 4kb pages available to
>> >          the guest. This data structure will be called the Validation
>> >          Bitmap through the rest of this document. The Validation
>> >          Bitmap is indexed by page frame numbers.
>>
>> At the risk of asking a potentially silly question, would it be
>> reasonable to treat non-validated memory as not-present for kernel
>> purposes and hot-add it in a thread as it gets validated?  Or would this
>> result in poor system behavior before enough memory is validated?
>> Perhaps we should block instead of failing allocations if we want more
>> memory than is currently validated?
>>
>> --Andy
>>