From: "Kirill A. Shutemov" <kirill@shutemov.name>
To: Andy Lutomirski <luto@kernel.org>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Borislav Petkov <bp@alien8.de>,
Sean Christopherson <seanjc@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Joerg Roedel <jroedel@suse.de>, Ard Biesheuvel <ardb@kernel.org>,
Andi Kleen <ak@linux.intel.com>,
Sathyanarayanan Kuppuswamy
<sathyanarayanan.kuppuswamy@linux.intel.com>,
David Rientjes <rientjes@google.com>,
Vlastimil Babka <vbabka@suse.cz>,
Tom Lendacky <thomas.lendacky@amd.com>,
Thomas Gleixner <tglx@linutronix.de>,
"Peter Zijlstra (Intel)" <peterz@infradead.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Ingo Molnar <mingo@redhat.com>,
Varad Gautam <varad.gautam@suse.com>,
Dario Faggioli <dfaggioli@suse.com>,
Dave Hansen <dave.hansen@intel.com>,
Mike Rapoport <rppt@kernel.org>,
David Hildenbrand <david@redhat.com>,
Marcelo Henrique Cerri <marcelo.cerri@canonical.com>,
tim.gardner@canonical.com, khalid.elmously@canonical.com,
philip.cox@canonical.com,
the arch/x86 maintainers <x86@kernel.org>,
linux-mm@kvack.org, linux-coco@lists.linux.dev,
linux-efi@vger.kernel.org,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [PATCHv7 10/14] x86/mm: Avoid load_unaligned_zeropad() stepping into unaccepted memory
Date: Sun, 14 Aug 2022 00:02:15 +0300 [thread overview]
Message-ID: <20220813210215.ti7f2vqdg6olthjv@box.shutemov.name> (raw)
In-Reply-To: <453fb432-ac13-4819-8395-95561bca948b@www.fastmail.com>
On Sat, Aug 13, 2022 at 09:03:13AM -0700, Andy Lutomirski wrote:
>
>
> On Tue, Aug 9, 2022, at 4:38 AM, Kirill A. Shutemov wrote:
> > On Tue, Jul 26, 2022 at 01:17:13PM -0700, Andy Lutomirski wrote:
> >>
> >>
> >> On Tue, Jun 14, 2022, at 5:02 AM, Kirill A. Shutemov wrote:
> >> > load_unaligned_zeropad() can lead to unwanted loads across page boundaries.
> >> > The unwanted loads are typically harmless. But, they might be made to
> >> > totally unrelated or even unmapped memory. load_unaligned_zeropad()
> >> > relies on exception fixup (#PF, #GP and now #VE) to recover from these
> >> > unwanted loads.
> >> >
> >> > But, this approach does not work for unaccepted memory. For TDX, a load
> >> > from unaccepted memory will not lead to a recoverable exception within
> >> > the guest. The guest will exit to the VMM where the only recourse is to
> >> > terminate the guest.
> >>
> >> Why is unaccepted memory marked present in the direct map in the first place?
> >>
> >> Having kernel code assume that every valid address is followed by
> >> several bytes of memory that may be read without side effects other than
> >> #PF also seems like a mistake, but I probably won’t win that fight. But
> >> sticking guard pages in front of definitely-not-logically present pages
> >> seems silly to me. Let’s just not map it.
> >
> > It would mean no 1G pages in direct mapping for TDX as we accept 2M a
> > time.
As of now, we don't have a way to recover direct mapping from
fragmentation. So once we split 1G to 2M it stays this way.
> >> (What if MMIO memory is mapped next to regular memory? Doing random
> >> unaligned reads that cross into MMIO seems unwise.)
> >
> > MMIO is shared, not unaccpted private. We already handle the situation.
> > See 1e7769653b06 ("x86/tdx: Handle load_unaligned_zeropad() page-cross to
> > a shared page").
> >
>
> I don’t mean in a confidential guest — I mean generally. This whole
> model of “overrun the buffer — no big deal” is just fragile.
If you want to remove load_unaligned_zeropad(), I would not object. It can
make life easier.
I presumed that optimization it brings has measuarable benefit (otherwise,
why bother).
--
Kiryl Shutsemau / Kirill A. Shutemov
next prev parent reply other threads:[~2022-08-13 20:59 UTC|newest]
Thread overview: 207+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-14 12:02 [PATCHv7 00/14] mm, x86/cc: Implement support for unaccepted memory Kirill A. Shutemov
2022-06-14 12:02 ` [PATCHv7 01/14] x86/boot: Centralize __pa()/__va() definitions Kirill A. Shutemov
2022-06-23 17:37 ` Dave Hansen
2022-06-14 12:02 ` [PATCHv7 02/14] mm: Add support for unaccepted memory Kirill A. Shutemov
2022-06-14 12:57 ` Gupta, Pankaj
2022-06-17 19:28 ` Tom Lendacky
2022-06-17 20:53 ` Tom Lendacky
2022-07-21 15:14 ` Borislav Petkov
2022-07-21 15:49 ` Dave Hansen
2022-07-22 19:18 ` Borislav Petkov
2022-07-22 19:30 ` Dave Hansen
2022-07-25 12:23 ` Borislav Petkov
2022-07-25 12:38 ` David Hildenbrand
2022-07-25 12:53 ` Borislav Petkov
2022-07-26 14:30 ` David Hildenbrand
2022-07-25 13:00 ` Mike Rapoport
2022-07-25 13:05 ` Borislav Petkov
2022-08-05 11:49 ` Vlastimil Babka
2022-08-05 12:09 ` David Hildenbrand
2022-08-05 13:38 ` Vlastimil Babka
2022-08-05 14:22 ` David Hildenbrand
2022-08-05 14:53 ` Dave Hansen
2022-08-05 14:41 ` Dave Hansen
2022-08-05 18:17 ` Vlastimil Babka
2022-08-08 15:55 ` Dave Hansen
2022-08-10 14:19 ` Mel Gorman
2022-08-15 21:08 ` Dionna Amalie Glaze
2022-08-15 22:02 ` Tom Lendacky
2022-08-29 16:02 ` Dionna Amalie Glaze
2022-08-29 16:19 ` Dave Hansen
2022-09-06 17:50 ` Dionna Amalie Glaze
2022-09-08 12:11 ` Mike Rapoport
2022-09-08 16:23 ` Dionna Amalie Glaze
2022-09-08 19:28 ` Mike Rapoport
2022-09-22 14:31 ` Tom Lendacky
2022-09-24 1:03 ` Kirill A. Shutemov
2022-09-24 9:36 ` Mike Rapoport
2022-09-26 12:10 ` Kirill A. Shutemov
2022-09-26 13:38 ` Tom Lendacky
2022-09-26 15:42 ` Kirill A. Shutemov
2022-09-26 15:42 ` Tom Lendacky
2022-06-14 12:02 ` [PATCHv7 03/14] mm: Report unaccepted memory in meminfo Kirill A. Shutemov
2022-07-26 14:33 ` David Hildenbrand
2022-06-14 12:02 ` [PATCHv7 04/14] efi/x86: Get full memory map in allocate_e820() Kirill A. Shutemov
2022-07-25 13:02 ` Borislav Petkov
2022-06-14 12:02 ` [PATCHv7 05/14] x86/boot: Add infrastructure required for unaccepted memory support Kirill A. Shutemov
2022-06-15 10:19 ` Peter Zijlstra
2022-06-15 15:05 ` Kirill A. Shutemov
2022-07-17 17:16 ` Borislav Petkov
2022-07-25 21:33 ` Borislav Petkov
2022-06-14 12:02 ` [PATCHv7 06/14] efi/x86: Implement support for unaccepted memory Kirill A. Shutemov
2022-06-22 19:58 ` Dave Hansen
2022-07-26 8:35 ` Borislav Petkov
2022-06-14 12:02 ` [PATCHv7 07/14] x86/boot/compressed: Handle " Kirill A. Shutemov
2022-06-14 12:02 ` [PATCHv7 08/14] x86/mm: Reserve unaccepted memory bitmap Kirill A. Shutemov
2022-07-26 9:07 ` Borislav Petkov
2022-11-30 1:28 ` Kirill A. Shutemov
2022-12-01 9:37 ` Mike Rapoport
2022-12-01 13:47 ` Kirill A. Shutemov
2022-06-14 12:02 ` [PATCHv7 09/14] x86/mm: Provide helpers for unaccepted memory Kirill A. Shutemov
2022-06-14 12:02 ` [PATCHv7 10/14] x86/mm: Avoid load_unaligned_zeropad() stepping into " Kirill A. Shutemov
2022-06-23 17:19 ` Dave Hansen
2022-07-26 10:21 ` Borislav Petkov
2022-08-02 23:46 ` Dave Hansen
2022-08-03 14:02 ` Dave Hansen
2022-08-11 11:26 ` Borislav Petkov
2022-08-13 16:11 ` Andy Lutomirski
2022-08-13 21:13 ` Kirill A. Shutemov
2022-08-13 16:04 ` Andy Lutomirski
2022-08-13 20:58 ` Kirill A. Shutemov
2022-07-26 17:25 ` Borislav Petkov
2022-07-26 17:46 ` Dave Hansen
2022-07-26 20:17 ` Andy Lutomirski
2022-08-09 11:38 ` Kirill A. Shutemov
2022-08-13 16:03 ` Andy Lutomirski
2022-08-13 21:02 ` Kirill A. Shutemov [this message]
2022-06-14 12:02 ` [PATCHv7 11/14] x86: Disable kexec if system has " Kirill A. Shutemov
2022-06-23 17:23 ` Dave Hansen
2022-06-23 17:23 ` Dave Hansen
2022-06-23 21:48 ` Eric W. Biederman
2022-06-23 21:48 ` Eric W. Biederman
2022-06-24 2:00 ` Kirill A. Shutemov
2022-06-24 2:00 ` Kirill A. Shutemov
2022-06-28 23:51 ` Kirill A. Shutemov
2022-06-28 23:51 ` Kirill A. Shutemov
2022-06-29 0:10 ` Dave Hansen
2022-06-29 0:10 ` Dave Hansen
2022-06-29 0:59 ` Kirill A. Shutemov
2022-06-29 0:59 ` Kirill A. Shutemov
2022-07-04 7:18 ` Dave Young
2022-07-04 7:18 ` Dave Young
2022-06-14 12:02 ` [PATCHv7 12/14] x86/tdx: Make _tdx_hypercall() and __tdx_module_call() available in boot stub Kirill A. Shutemov
2022-06-23 17:25 ` Dave Hansen
2022-06-14 12:02 ` [PATCHv7 13/14] x86/tdx: Refactor try_accept_one() Kirill A. Shutemov
2022-06-23 17:31 ` Dave Hansen
2022-07-26 10:58 ` Borislav Petkov
2022-06-14 12:02 ` [PATCHv7 14/14] x86/tdx: Add unaccepted memory support Kirill A. Shutemov
2022-06-24 16:22 ` Dave Hansen
2022-06-27 10:42 ` Kirill A. Shutemov
2022-07-26 14:51 ` Borislav Petkov
2022-08-09 11:45 ` Kirill A. Shutemov
2022-08-10 10:27 ` Borislav Petkov
2022-06-24 16:37 ` [PATCHv7 00/14] mm, x86/cc: Implement support for unaccepted memory Peter Gonda
2022-06-24 16:57 ` Dave Hansen
2022-06-24 17:06 ` Marc Orr
2022-06-24 17:09 ` Dave Hansen
2022-06-24 17:15 ` Peter Gonda
2022-06-24 17:19 ` Marc Orr
2022-06-24 17:21 ` Peter Gonda
2022-06-24 17:47 ` Dave Hansen
2022-06-24 18:10 ` Peter Gonda
2022-06-24 18:13 ` Dave Hansen
2022-06-24 17:40 ` Michael Roth
2022-06-24 17:58 ` Michael Roth
2022-06-24 18:05 ` Peter Gonda
2022-06-27 11:30 ` Kirill A. Shutemov
2022-06-27 11:54 ` Ard Biesheuvel
2022-06-27 12:22 ` Kirill A. Shutemov
2022-06-27 16:17 ` Peter Gonda
2022-06-27 16:33 ` Ard Biesheuvel
2022-06-27 22:38 ` Kirill A. Shutemov
2022-06-28 17:17 ` Ard Biesheuvel
2022-07-18 17:21 ` Kirill A. Shutemov
2022-07-18 23:32 ` Dionna Amalie Glaze
2022-07-19 0:31 ` Dionna Amalie Glaze
2022-07-19 18:29 ` Dionna Amalie Glaze
2022-07-19 19:13 ` Borislav Petkov
2022-07-19 20:45 ` Ard Biesheuvel
2022-07-19 21:23 ` Borislav Petkov
2022-07-19 21:35 ` Dave Hansen
2022-07-19 21:50 ` Borislav Petkov
2022-07-19 22:01 ` Kirill A. Shutemov
2022-07-19 22:02 ` Dave Hansen
2022-07-19 22:08 ` Tom Lendacky
2022-07-20 0:26 ` Marc Orr
2022-07-20 5:44 ` Borislav Petkov
2022-07-20 17:03 ` Marc Orr
2022-07-22 15:07 ` Borislav Petkov
2022-07-21 17:12 ` Dave Hansen
2022-07-23 11:14 ` Ard Biesheuvel
2022-07-28 22:01 ` Dionna Amalie Glaze
2022-08-09 11:14 ` Kirill A. Shutemov
2022-08-09 11:36 ` Ard Biesheuvel
2022-08-09 11:54 ` Kirill A. Shutemov
2022-08-09 21:09 ` Dionna Amalie Glaze
2022-07-19 2:48 ` Yao, Jiewen
2022-07-29 14:01 ` [PATCH v1 0/2] Provide SEV-SNP " Tom Lendacky
2022-07-29 14:01 ` [PATCH v1 1/2] x86/sev: Use per-CPU PSC structure in prep for unaccepted memory support Tom Lendacky
2022-07-29 14:18 ` Dave Hansen
2022-07-29 14:25 ` Tom Lendacky
2022-07-29 19:08 ` Dave Hansen
2022-07-29 19:22 ` Tom Lendacky
2022-07-29 19:28 ` Dave Hansen
2022-07-29 20:12 ` Tom Lendacky
2022-08-03 18:11 ` [PATCH v1.1 0/2] Provide SEV-SNP support for unaccepted memory Tom Lendacky
2022-08-03 18:11 ` [PATCH v1.1 1/2] x86/sev: Use per-CPU PSC structure in prep for unaccepted memory support Tom Lendacky
2022-08-03 18:17 ` Dave Hansen
2022-08-03 18:21 ` Tom Lendacky
2022-08-03 18:24 ` Dave Hansen
2022-08-03 21:03 ` Tom Lendacky
2022-08-03 21:18 ` Dave Hansen
2022-08-03 21:34 ` Tom Lendacky
2022-08-03 21:48 ` Dave Hansen
2022-08-03 22:17 ` Tom Lendacky
2022-08-03 18:18 ` Tom Lendacky
2022-08-03 18:11 ` [PATCH v1.1 2/2] x86/sev: Add SNP-specific " Tom Lendacky
2022-07-29 14:01 ` [PATCH v1 " Tom Lendacky
2022-08-23 0:24 ` Dionna Amalie Glaze
2022-08-23 14:28 ` Tom Lendacky
2022-08-23 23:28 ` Dionna Amalie Glaze
2022-08-08 17:16 ` [PATCH v2 0/2] Provide SEV-SNP support for unaccepted memory Tom Lendacky
2022-08-08 17:16 ` [PATCH v2 1/2] x86/sev: Put PSC struct on the stack in prep for unaccepted memory support Tom Lendacky
2022-08-08 21:43 ` Dave Hansen
2022-08-08 22:18 ` Tom Lendacky
2022-08-08 22:33 ` Dave Hansen
2022-08-08 22:35 ` Tom Lendacky
2022-08-12 13:03 ` Borislav Petkov
2022-08-12 14:11 ` Tom Lendacky
2022-08-12 14:33 ` Borislav Petkov
2022-08-12 14:51 ` Tom Lendacky
2022-08-13 19:40 ` Borislav Petkov
2022-08-14 13:36 ` Tom Lendacky
2022-08-08 17:16 ` [PATCH v2 2/2] x86/sev: Add SNP-specific " Tom Lendacky
2022-08-15 15:57 ` [PATCH v3 0/2] Provide SEV-SNP support for unaccepted memory Tom Lendacky
2022-08-15 15:57 ` [PATCH v3 1/2] x86/sev: Put PSC struct on the stack in prep for unaccepted memory support Tom Lendacky
2022-08-17 16:08 ` Borislav Petkov
2022-08-17 21:17 ` Tom Lendacky
2022-08-15 15:57 ` [PATCH v3 2/2] x86/sev: Add SNP-specific " Tom Lendacky
2022-08-18 13:39 ` Borislav Petkov
2022-08-25 14:23 ` [PATCH v4 0/4] Provide SEV-SNP support for unaccepted memory Tom Lendacky
2022-08-25 14:23 ` [PATCH v4 1/4] x86/sev: Put PSC struct on the stack in prep for unaccepted memory support Tom Lendacky
2022-09-20 16:15 ` Borislav Petkov
2022-08-25 14:23 ` [PATCH v4 2/4] x86/sev: Allow for use of the early boot GHCB for PSC requests Tom Lendacky
2022-08-25 14:23 ` [PATCH v4 3/4] x86/sev: Use large PSC requests if applicable Tom Lendacky
2022-08-25 14:23 ` [PATCH v4 4/4] x86/sev: Add SNP-specific unaccepted memory support Tom Lendacky
2022-08-25 22:10 ` Dionna Amalie Glaze
2022-08-26 21:29 ` Tom Lendacky
2022-09-27 17:04 ` [PATCH v5 0/6] Provide SEV-SNP support for unaccepted memory Tom Lendacky
2022-09-27 17:04 ` [PATCH v5 1/6] x86/sev: Fix calculation of end address based on number of pages Tom Lendacky
2022-09-27 17:10 ` Dave Hansen
2022-09-27 20:45 ` Tom Lendacky
2022-09-27 19:04 ` Dionna Amalie Glaze
2022-09-27 17:04 ` [PATCH v5 2/6] " Tom Lendacky
2022-09-27 17:04 ` [PATCH v5 3/6] x86/sev: Put PSC struct on the stack in prep for unaccepted memory support Tom Lendacky
2022-09-27 17:04 ` [PATCH v5 4/6] x86/sev: Allow for use of the early boot GHCB for PSC requests Tom Lendacky
2022-09-27 17:04 ` [PATCH v5 5/6] x86/sev: Use large PSC requests if applicable Tom Lendacky
2022-09-27 17:04 ` [PATCH v5 6/6] x86/sev: Add SNP-specific unaccepted memory support Tom Lendacky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220813210215.ti7f2vqdg6olthjv@box.shutemov.name \
--to=kirill@shutemov.name \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=ardb@kernel.org \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=david@redhat.com \
--cc=dfaggioli@suse.com \
--cc=jroedel@suse.de \
--cc=khalid.elmously@canonical.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=marcelo.cerri@canonical.com \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=philip.cox@canonical.com \
--cc=rientjes@google.com \
--cc=rppt@kernel.org \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tim.gardner@canonical.com \
--cc=varad.gautam@suse.com \
--cc=vbabka@suse.cz \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.