From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6330FE6F069 for ; Fri, 1 Nov 2024 15:18:17 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B89926B0085; Fri, 1 Nov 2024 11:18:16 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B3A056B0088; Fri, 1 Nov 2024 11:18:16 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9D9FF6B0089; Fri, 1 Nov 2024 11:18:16 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 793116B0085 for ; Fri, 1 Nov 2024 11:18:16 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 2955680816 for ; Fri, 1 Nov 2024 15:18:16 +0000 (UTC) X-FDA: 82737881604.18.D299C0D Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) by imf13.hostedemail.com (Postfix) with ESMTP id 2255020028 for ; Fri, 1 Nov 2024 15:17:44 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=LYNNhK0F; spf=pass (imf13.hostedemail.com: domain of 3NfEkZwYKCOoeQMZVOSaaSXQ.OaYXUZgj-YYWhMOW.adS@flex--seanjc.bounces.google.com designates 209.85.128.202 as permitted sender) smtp.mailfrom=3NfEkZwYKCOoeQMZVOSaaSXQ.OaYXUZgj-YYWhMOW.adS@flex--seanjc.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1730474115; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=By0MMba+WbzG2cXuHlWeMQpST2oOpWmZSXA68XVHYo0=; b=KPRtXtjBuuvkVFHbI+d3b4Le/o8gWioxxzx7fmevI+qFjYJyqyqa3Cmi/CInn+szx2RQST bBs79moGy6blM3l7tqhCKGd+zYmZ/G3hpIn6aTXzo+Q5EWoovElQjsqa1G8H56Ud1vTV5r /zpzhgX5QETLgJBKzVDroC8AGy/80UQ= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=LYNNhK0F; spf=pass (imf13.hostedemail.com: domain of 3NfEkZwYKCOoeQMZVOSaaSXQ.OaYXUZgj-YYWhMOW.adS@flex--seanjc.bounces.google.com designates 209.85.128.202 as permitted sender) smtp.mailfrom=3NfEkZwYKCOoeQMZVOSaaSXQ.OaYXUZgj-YYWhMOW.adS@flex--seanjc.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1730474115; a=rsa-sha256; cv=none; b=2WKOUNsjvpaR0l3fbOwQPT8hjXCP0e7mYtT11tJeJ8EXChH9hEKZWQLaYCcQ4kzLt8v3aD qOwrMCe/zYlhthTESmei8DlHMmWH74TRlYBnQaeAe6YMC8BFd6LVa+RtRbmSuy3YBEPlsD h72lV+JSDyvOUaX9z849dGo44wwdXXE= Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-6e3d660a1afso42787337b3.0 for ; Fri, 01 Nov 2024 08:18:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1730474293; x=1731079093; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=By0MMba+WbzG2cXuHlWeMQpST2oOpWmZSXA68XVHYo0=; b=LYNNhK0Fa7LXjB/tulHHLaD3DvxSajQ8FTQPkZAQVjfN0+8IrklPhaX5MQiCsPbM25 wArBV2mbBIsLUjqKluBmh+k7tE1oU4EDuV3fdrYOO7fHQr/e3Wt3l3CagqvR2VBsyxpa tOYRYHI+PnuRhfb5Dg9LsjOBnR4O0NK8fqfizVO6jZWSssICvlQt2PX/vu7rySwdRA/1 t1mClMIk/GR3n5hve9brvBWLvNyqY+bbDxU8pteIVvSaKTXicaI/pRP7FheDNOpawGPX I07mUhveujvb0jPsyd3AdU8Bu40IjqefECx4okkiO7ALDXHziGIyjJWQtdIJcqrcsDuy 1GlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730474293; x=1731079093; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=By0MMba+WbzG2cXuHlWeMQpST2oOpWmZSXA68XVHYo0=; b=Gs9zJsSa7DFGpOa8VBoPK+4nil/iqCyRwfOml3oyb2WyT5a+OBiB05QqTQtz+Kl7GE HfeeO75pCz4CNTUuSZOTVgiXhdi/z7/2etg55gfkT9+5f5QnL1WTGCp7enhezRG/zpxO 0Vjafb9+eA6eq1V4UQpGtQ71Y7lAc3cHUVpwIsocfq6EpKohE5hkXz5Y0w/dI/PB2iDK 4l9ARQ8iXTq4NCRsKs4cqIn5QtlXOg+aYvRIQoFhPhRFP9qplqCX3l7b+5VYceaGdVsz pEJhlQ8AqXOFxedC2iVryNqlbBCS1etadCj6ubDnKHuw+KwWXZylw71aWuR8SHRk5vyM vmCg== X-Forwarded-Encrypted: i=1; AJvYcCVREuRmWh2ztyRllxBjXn4o4cbZpVzhrG6x170kFYTK3W4ghylZN+ylLfEZr4UcJBpO4kBk+K5pkQ==@kvack.org X-Gm-Message-State: AOJu0YyzTWwy3qnrg7FNJ7CqpNfnk3PBtH5S7mSL/haR392BzbLR3kUH vARSaR1n9+ExUguQmvyILCLANYAtaNcJEJIh1fpdJpyhR8Ue0Feq5EXN0FUY8rzWD41WWZzyQa3 L1w== X-Google-Smtp-Source: AGHT+IFdnwVveoc9N/MGUlZwVqfEB7IUicwB9rrAOOy2FhtDeXiq05HGyssNX0DfJOP/ZgHAaQZXrEGcvIk= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:9d:3983:ac13:c240]) (user=seanjc job=sendgmr) by 2002:a05:690c:6c8c:b0:6e3:1702:b3e6 with SMTP id 00721157ae682-6ea64b8c450mr251257b3.4.1730474293279; Fri, 01 Nov 2024 08:18:13 -0700 (PDT) Date: Fri, 1 Nov 2024 08:18:11 -0700 In-Reply-To: <2233397c-f423-40e3-8546-728b50ce0489@amazon.com> Mime-Version: 1.0 References: <27646c08-f724-49f7-9f45-d03bad500219@amazon.co.uk> <2233397c-f423-40e3-8546-728b50ce0489@amazon.com> Message-ID: Subject: Re: [RFC PATCH v3 0/6] Direct Map Removal for guest_memfd From: Sean Christopherson To: Derek Manwaring Cc: roypat@amazon.co.uk, ackerleytng@google.com, agordeev@linux.ibm.com, aou@eecs.berkeley.edu, borntraeger@linux.ibm.com, bp@alien8.de, catalin.marinas@arm.com, chenhuacai@kernel.org, corbet@lwn.net, dave.hansen@linux.intel.com, david@redhat.com, gerald.schaefer@linux.ibm.com, gor@linux.ibm.com, graf@amazon.com, hca@linux.ibm.com, hpa@zytor.com, jgowans@amazon.com, jthoughton@google.com, kalyazin@amazon.com, kernel@xen0n.name, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, linux-s390@vger.kernel.org, linux-trace-kernel@vger.kernel.org, loongarch@lists.linux.dev, luto@kernel.org, mathieu.desnoyers@efficios.com, mhiramat@kernel.org, mingo@redhat.com, palmer@dabbelt.com, paul.walmsley@sifive.com, pbonzini@redhat.com, peterz@infradead.org, quic_eberman@quicinc.com, rostedt@goodmis.org, rppt@kernel.org, shuah@kernel.org, svens@linux.ibm.com, tabba@google.com, tglx@linutronix.de, vannapurve@google.com, will@kernel.org, x86@kernel.org, xmarcalx@amazon.com, David Kaplan Content-Type: text/plain; charset="us-ascii" X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 2255020028 X-Stat-Signature: x9kbiy7zzzbma5snt9hneqedqy8p8wdu X-Rspam-User: X-HE-Tag: 1730474264-673762 X-HE-Meta: U2FsdGVkX19hf5SamoH8NGC8tuJUbWFtRY0tgAP3A/O4zomVwKsdzUJOkVv/UXUQLOiiHo2lho1NxSuio/Kolu4kTOR1sZl0uQfR4HavUlRWMz8Mp+He59lgwoWkB3/6wQ3bbSGcFGgg1au3pUiWKylRND5ThzC6kWa7k78aVkzQymV3x5ej/WU/fFzO+iOhbPK2O6dDvFIzxHYVZOsLQ9P8pVcrIVv/xMSRU4qa3ljC5qf9BgOUEQnM8lhWUaZmGyu4HO2kuZ1WjBRXepxAfP3wak/XreJTGQU1gREFhHHWVK7DnwM89YK2XUA/uaq+/gvR8+aVIRsihQTK3nSMLuqzBSsf0244gyRrWFlh+2mPDUJL906NJLL71NMghJbMH/BuEf6zt0nhSOpu6ymYkOnt8BON7rJfG8/2TK4x0py/2JBkdJLWj/1xJk9BPbwSsuNdVgKDDNojVTNpCyQrhMd6RL9pd6HqnyK74WRh/KLxGETWXRQfu+CRP6xqNatRR2BQisRMqXGBbnF0lxdohV+aeU4FCyt5fBx8GWzfYDIy8VRwV81RIv3HlFPOaK/dRetCWWY1ooxmTw6JHkIkzarHPw3rasgwll5GpvPttLVpdanGcHQi2rTH8Gv/OfbrXRVyedktDY4/N5bZ8GnRcqwjxMn0yZKyPzDLbbVvowhCwZSxQtRjIiwhmfIBaWvlC8c2jMuwKxd0CFxjymGp/mnQUbOasBKRd39xSCFznSd0bGn2xdSvuewAEVgciFP2mJOfG5cGk1LZs1QK7DI6FrIo83T7FnZbyS9tv9GC44v63d6id51Mcvdpz5nlqCMBqMaM7gTjXK/yd4sb92hdbC6suNuvTh5cakB0awe1jymFh1k17EZVUoiJKDW8WkQdKJcQpVsBI/10k02PQOw+4VnBx6do6o33eoY75eMDc28OpgtSiPR3a0/47pbyvcTWC+1j0lleijaJJeF0R4k 16LR0JJA Lsw1a1TFQbAF5BddMjgxrAvNrgYXhN0TcN34q/IlqyccuGqY16LJeLJTmRWMDI11zvoGa971QFcksUVFAw5/iT1k+GL3H4RjEj3ePd1N4FO6Yt3YI58TteVclwEq4ocNMCjIsitCMocIAGUkq1Qw00HvgcGX8CUY3Pzd/epZ3mPavJBWRQ19kUKEqdJ2MVMmiBs6XFP/VQK9DlAhGJW+IolwlMngoIkHAJh2FsYnsIsaOmnv2tA9eOtdAg6UzQEEI/DRyEAHRtzudn8fW9gIiWcz+C2gUFLHzdTtI+DSNncuqWBaRsSnxpTO/gd6hMuOAR3BoZ6InwLrKwj63ZJ6OJ2uztDendVSl0e5LafbEkKaQ9zmcbRh7Ct0Nr66KU6lJMm6NdD9NuW/A8taDpSnGoyuD+8NackpFN0UBzlzk9d9WAdREur49aTYLUY8pm4GjL7js/Gig+EtvTz1mIKB6RHu00DAZSCCNvlqSl+56t0SWa2msReIOwSX9ZZiyrByoR0X0stfVVy69EhWa132ggMMgld23w0HvG/M0cwGURGIK0JAD8Ndx4OL55IEgZMSEhcCee3NziDSI++vWmRIGZC3h5wtOYZE/Uw+/QgUKSeOzsPK5JxbItNFw9p6lj76DMUOjKkUXZ1fr/GM= X-Bogosity: Ham, tests=bogofilter, spamicity=0.001486, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: +David Kaplan On Thu, Oct 31, 2024, Derek Manwaring wrote: > On 2024-10-31 at 10:42+0000 Patrick Roy wrote: > > On Thu, 2024-10-31 at 09:50 +0000, David Hildenbrand wrote: > > > On 30.10.24 14:49, Patrick Roy wrote: > > >> Most significantly, I've reduced the patch series to focus only on > > >> direct map removal for guest_memfd for now, leaving the whole "how to do > > >> non-CoCo VMs in guest_memfd" for later. If this separation is > > >> acceptable, then I think I can drop the RFC tag in the next revision > > >> (I've mainly kept it here because I'm not entirely sure what to do with > > >> patches 3 and 4). > > > > > > Hi, > > > > > > keeping upcoming "shared and private memory in guest_memfd" in mind, I > > > assume the focus would be to only remove the direct map for private memory? > > > > > > So in the current upstream state, you would only be removing the direct > > > map for private memory, currently translating to "encrypted"/"protected" > > > memory that is inaccessible either way already. > > > > > > Correct? > > > > Yea, with the upcomming "shared and private" stuff, I would expect the > > the shared<->private conversions would call the routines from patch 3 to > > restore direct map entries on private->shared, and zap them on > > shared->private. > > > > But as you said, the current upstream state has no notion of "shared" > > memory in guest_memfd, so everything is private and thus everything is > > direct map removed (although it is indeed already inaccessible anyway > > for TDX and friends. That's what makes this patch series a bit awkward > > :( ) > > TDX and SEV encryption happens between the core and main memory, so > cached guest data we're most concerned about for transient execution > attacks isn't necessarily inaccessible. > > I'd be interested what Intel, AMD, and other folks think on this, but I > think direct map removal is worthwhile for CoCo cases as well. Removal of the direct map entries for guest private PFNs likely won't affect the ability of an attacker to glean information from the unencrypted data that's in the CPU caches, at least not on x86. Both TDX and SEV steal physical address bit(s) for tagging encrypted memory, and unless things have changed on recent AMD microarchitectures (I'm 99.9% certain Intel CPUs haven't changed), those stolen address bits are propagated into the caches. I.e. the encrypted and unencrypted forms of a given PFN are actually two different physical addresses under the hood. I don't actually know how SEV uses the stolen PA bits though. I don't see how it simply be the ASID, because IIUC, AMD CPUs allow for more unique SEV-capable ASIDs than uniquely addressable PAs by the number of stolen bits. But I would be very surprised if the tag for the cache isn't guaranteed to be unique per encryption key. David?