From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=pDS3=MT=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-13.2 required=3.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_IN_DEF_DKIM_WL
	autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1FFA9C4338F
	for <linux-mm@archiver.kernel.org>; Tue, 27 Jul 2021 01:36:14 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id A986660F8F
	for <linux-mm@archiver.kernel.org>; Tue, 27 Jul 2021 01:36:13 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org A986660F8F
Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org
Received: by kanga.kvack.org (Postfix)
	id EFEE26B0036; Mon, 26 Jul 2021 21:36:12 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id EAF546B005D; Mon, 26 Jul 2021 21:36:12 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id D9D5E6B006C; Mon, 26 Jul 2021 21:36:12 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0181.hostedemail.com [216.40.44.181])
	by kanga.kvack.org (Postfix) with ESMTP id C3EE36B0036
	for <linux-mm@kvack.org>; Mon, 26 Jul 2021 21:36:12 -0400 (EDT)
Received: from smtpin11.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay05.hostedemail.com (Postfix) with ESMTP id 6179B183459E5
	for <linux-mm@kvack.org>; Tue, 27 Jul 2021 01:36:12 +0000 (UTC)
X-FDA: 78406652184.11.1B35CF9
Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169])
	by imf10.hostedemail.com (Postfix) with ESMTP id 1876D600F2C0
	for <linux-mm@kvack.org>; Tue, 27 Jul 2021 01:36:11 +0000 (UTC)
Received: by mail-pl1-f169.google.com with SMTP id i10so10806618pla.3
        for <linux-mm@kvack.org>; Mon, 26 Jul 2021 18:36:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=uqs7wPoYvjupDmvY95nIZzSlDX7z5THEkJjsxSRzknI=;
        b=W+35xInGw8KXJBZWRJ/K7EF5UdYYy1vvkTYzNVcc/wcu2dOUNGU8YhpulGClPtFEkv
         RF/kEAF7gVp7qZhsCN1NI+QuDpsN6HufxjjE+t7/jhcSFInRurnceAQ12phXfsiSlnNw
         d6KQEVDs7uL4kLb/ZxGuiYPrXNwKnmK6cocc9nSlpjwzSUAmXMTGTCKRFzYPgl79SnxH
         LjWbBLBtXGRkpdJdudHyTwsa3TC1//IrKweZuWnTDoBgGG/hcMn+O818FwoX/Pn9pvUr
         KuHHowQyJ4NarEwkTcNFCmDQRkjcloZR3BY9q+Lw10vguJOD4i+YviDY42xqiZL6WQll
         4yUg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=uqs7wPoYvjupDmvY95nIZzSlDX7z5THEkJjsxSRzknI=;
        b=pCMhZybq4eH/eO5p9AP+2ZMF4WI82gypsrOPz4OJMx06mOzhaEWwFIh9/8cI8t8F4W
         9SzqSc3IGDVDUn2j6qUB08CfvSIMim+3aOzorG8eBi2CYzk8XgURRcMD9Tgo2EP0R3le
         Gz1zuXTq0DffrmUVBy+l9JgaXs5aHGP2+s8j3mKrtmySXyTrH6qJHiqTkeqmy2iF3n59
         dyBS06tvd2nSsR+Q7faCHZVRdpVnIdmMGVBEfptIlWW7alHoBRS0IEzx2stFJHrcCHO5
         JhLj99tZ+RGroZKl2UdppEIez0LGIUnZUaXHo7s+2/BdhBC2+qmFd31zJZA0tiZcabh/
         U4jw==
X-Gm-Message-State: AOAM5328U11ZGp9pdomG3MppkzN+leyvJ00gg/PMZGX6fQhceSw1KjuV
	di+BjUEfa3+C3X86V2tRWOe0e9zVY1NI0loWeVj2gQ==
X-Google-Smtp-Source: ABdhPJwsP2Z3T6g5hCCArNcYzZAtZe7GOZfA7lwcFV/I3fLGXJd1x/V3I6FtrfzsSCx2k030rZSqM1+H0gCdtskHYsc=
X-Received: by 2002:a63:4446:: with SMTP id t6mr3417283pgk.76.1627349770708;
 Mon, 26 Jul 2021 18:36:10 -0700 (PDT)
MIME-Version: 1.0
References: <YPV27hDPZUoVsIZt@suse.de> <20210722195130.beazbb5blvj3mruo@box>
 <CAAYXXYxS2mK=AkqZDzG=k3=W4ChbYnwzo-hMLU8d6iusDpqXbQ@mail.gmail.com> <20210726235417.fuxa5s32jta76lcv@box.shutemov.name>
In-Reply-To: <20210726235417.fuxa5s32jta76lcv@box.shutemov.name>
From: Erdem Aktas <erdemaktas@google.com>
Date: Mon, 26 Jul 2021 18:35:59 -0700
Message-ID: <CAAYXXYyRKt88xJFFAqiN0xr3DHiBzxtSxDf7bLB9=FkZWwT95A@mail.gmail.com>
Subject: Re: Runtime Memory Validation in Intel-TDX and AMD-SNP
To: "Kirill A. Shutemov" <kirill@shutemov.name>
Cc: Joerg Roedel <jroedel@suse.de>, Andi Kleen <ak@linux.intel.com>, 
	David Rientjes <rientjes@google.com>, Borislav Petkov <bp@alien8.de>, Andy Lutomirski <luto@kernel.org>, 
	Sean Christopherson <seanjc@google.com>, Andrew Morton <akpm@linux-foundation.org>, 
	Vlastimil Babka <vbabka@suse.cz>, "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>, 
	Brijesh Singh <brijesh.singh@amd.com>, Tom Lendacky <thomas.lendacky@amd.com>, 
	Jon Grimm <jon.grimm@amd.com>, Thomas Gleixner <tglx@linutronix.de>, 
	Peter Zijlstra <peterz@infradead.org>, Paolo Bonzini <pbonzini@redhat.com>, 
	Ingo Molnar <mingo@redhat.com>, "Kaplan, David" <David.Kaplan@amd.com>, 
	Varad Gautam <varad.gautam@suse.com>, Dario Faggioli <dfaggioli@suse.com>, x86 <x86@kernel.org>, 
	linux-mm@kvack.org, linux-coco@lists.linux.dev
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Server: rspam04
X-Rspamd-Queue-Id: 1876D600F2C0
Authentication-Results: imf10.hostedemail.com;
	dkim=pass header.d=google.com header.s=20161025 header.b=W+35xInG;
	dmarc=pass (policy=reject) header.from=google.com;
	spf=pass (imf10.hostedemail.com: domain of erdemaktas@google.com designates 209.85.214.169 as permitted sender) smtp.mailfrom=erdemaktas@google.com
X-Stat-Signature: j9j18bborzhxscgj7w4ft555x7woifhe
X-HE-Tag: 1627349771-479024
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Mon, Jul 26, 2021 at 4:54 PM Kirill A. Shutemov <kirill@shutemov.name> wrote:

> >
> > Is not the above code will accept the pages that are already accepted?
>
> No. This code will get called for all UNACCEPTED ranges in EFI table.
> If such memory is accepted it is a bug.
>
> > It is accepting the pages in the same 2MB region that is before start
> > and after end. We do not know what code/data is stored on those pages,
> > right? This might cause security issues depending on what is stored on
> > those pages.
>
> As I told above, it only get called for unaccepted memory and nothing can
> be stored there before the point.

Thanks Kirill! You are right, it looks like I messed up with
round_up/down in my mind. Thanks for the clarification.

> Yes, because we constructed the bitmap this way. Non-2M-aligned chunks get
> accepted when we accept upfront when we populate the bitmap.
>
> See mark_unaccepted().
>
> (mark_unaccepted() has few bugs that will be fixed in the next version)
>
> Have you looked at what __accept_pages() does? It only accept unaccepted
> pages, according to the bitmap.

Ahh, makes sense!
Thanks for the explanation and sorry for my confusion, Kirill!

-Erdem