From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3EC59C433FE for ; Fri, 12 Nov 2021 21:23:28 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id D9E7B60F4B for ; Fri, 12 Nov 2021 21:23:27 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org D9E7B60F4B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 66C456B0075; Fri, 12 Nov 2021 16:23:27 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 61A5D6B0078; Fri, 12 Nov 2021 16:23:27 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 509706B007B; Fri, 12 Nov 2021 16:23:27 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0122.hostedemail.com [216.40.44.122]) by kanga.kvack.org (Postfix) with ESMTP id 408B06B0075 for ; Fri, 12 Nov 2021 16:23:27 -0500 (EST) Received: from smtpin07.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 0092118205804 for ; Fri, 12 Nov 2021 21:23:26 +0000 (UTC) X-FDA: 78801554454.07.20C532A Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by imf30.hostedemail.com (Postfix) with ESMTP id 301ACE0019B3 for ; Fri, 12 Nov 2021 21:23:04 +0000 (UTC) Received: by mail.kernel.org (Postfix) with ESMTPSA id 80FC460FE3; Fri, 12 Nov 2021 21:23:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1636752205; bh=lx7eciPrF/BBoyKZDT93AJxWh2JCgt0BeWSKXENAJFQ=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=bJPu5lCSOzrkVvhS7ygoyiJD7QWq/BJp91+5S4lbYZq92OzolpVxpu5Tjp+YDrTw8 nMNmk56DMjjvq0HImMjWN3n3cmoWSXiUmTcV3GPv7kFTn6gZyFk7QwUwDveyk9r8uh DVzMyW9RbqXewpj0Iheo2z9NiivVOB38QXRvLzEewO5CZHAyl2cv4ChNIlFUEbz3oy KnvRvcmdpZAqXkTr4tjwzoYpzobPvUVHHY9DAz/sGXl5Q4+X3esbY6Xf+q3OtYexb2 GDwlzNwhUsLSyO363Hfb4WNqsQUqlp+jMuMTvRjbVjEHcwAvC1rXev9wjbqQm3g/HW Kkq6TPAOB8c0A== Message-ID: Date: Fri, 12 Nov 2021 13:23:25 -0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.2.0 Subject: Re: [PATCH Part2 v5 00/45] Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support Content-Language: en-US To: Marc Orr , Sean Christopherson Cc: Borislav Petkov , Dave Hansen , Peter Gonda , Brijesh Singh , x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Dave Hansen , Sergio Lopez , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com References: <20210820155918.7518-1-brijesh.singh@amd.com> <061ccd49-3b9f-d603-bafd-61a067c3f6fa@intel.com> From: Andy Lutomirski In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=bJPu5lCS; spf=pass (imf30.hostedemail.com: domain of luto@kernel.org designates 198.145.29.99 as permitted sender) smtp.mailfrom=luto@kernel.org; dmarc=pass (policy=none) header.from=kernel.org X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 301ACE0019B3 X-Stat-Signature: nu3nko37f1yooaz8gt93nw7x1s6xfmqw X-HE-Tag: 1636752184-986937 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 11/12/21 13:16, Marc Orr wrote: >>> So cloud providers should have an interest to prevent such random stray >>> accesses if they wanna have guests. :) >> >> Yes, but IMO inducing a fault in the guest because of _host_ bug is wrong. > > I want to push back on "inducing a fault in the guest because of > _host_ bug is wrong.". The guest is _required_ to be robust against > the host maliciously (or accidentally) writing its memory. SNP > security depends on the guest detecting such writes. Therefore, why is > leveraging this system property that the guest will detect when its > private memory has been written wrong? > > Especially when its orders or > magnitudes simpler than the alternative to have everything in the > system -- kernel, user-space, and guest -- all coordinate to agree > what's private and what's shared. Such a complex approach is likely to > bring a lot of bugs, vulnerabilities, and limitations on future design > into the picture. > SEV-SNP, TDX, and any reasonable software solution all require that the host know which pages are private and which pages are shared. Sure, the old SEV-ES Linux host implementation was very simple, but it's nasty and fundamentally can't support migration.