Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp3291612ybi; Mon, 17 Jun 2019 21:21:41 -0700 (PDT) X-Google-Smtp-Source: APXvYqysALWlVLtx6zw9i5yk99dbXSqsd4/G1SwA9BAg3GSqdCeqN2Dyz4Hv/eU3gol5+N+/hLKf X-Received: by 2002:a17:90a:5288:: with SMTP id w8mr2847861pjh.61.1560831701310; Mon, 17 Jun 2019 21:21:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560831701; cv=none; d=google.com; s=arc-20160816; b=i4Mci94EgheklEARiJs7W5u2dRJzcrlazRjBiy9V6QwUnyYJEF3QVDbkGvWyMcJ7Km mwOtvCEl9u7Os9VNZ4KtitLZ5hv+34JBa4lfCeoUsnIf28dIgu/TbAoM+oPkiIO9XOlO azkz3dTICwmJPxSnZTbn5aaXBJv95+jiYegqpJe233/gOPwXCvOkEvF3GP73iAp9Sd+g j1Z7XFCpTdQLDKKObXPHPRYGAIKZW/cgxHFX1C68TklJOwprjfkbrknbHEH4Zx6OI3xV hj78TweHXkPQbzVPHsiw2N9sqHy39w43Gi3HE5h6BiE99piSNWlL9/WguzoSN64rqMQe BwsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=U0bgcwdCYh7A9L1+kJ/BXTzLGPDAuWCyNs3vhvtV0Pk=; b=mdJGq1hHV+Q0FLlFvlT1rQMJLNYwewUPd6t2eLHj3C4iJ0o8KV6K7NtflG0QBobaSb 6UYtlHXeVaXPLmnkMyjvwpMTckjpn67DZ+qTRFHQmzGTo/tDRgdFLv79fVdbcGj7sUC+ LXEySZVlWFNtv57gs0Qbv0nT31Zbku1HUDpFofDK63iqQ8R6SvdCGv73O3e2zHIjcTKi 253lmjDDiDpqGyJ0JAObAbSH34nVSeGYgQPaNyWEFVX8PfgAUcVRVD8zV85M90VWbVP7 OT7Hh7HtkJsjj4X1Oz/uecohINfcIFE/kEEPDb/PpRITZT/+0PVdLaV70qO7QGruUx63 nQuw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=DuLk3e8E; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u194si12932584pgc.353.2019.06.17.21.21.25; Mon, 17 Jun 2019 21:21:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=DuLk3e8E; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726558AbfFRET6 (ORCPT + 99 others); Tue, 18 Jun 2019 00:19:58 -0400 Received: from mail.kernel.org ([198.145.29.99]:57468 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726376AbfFRET5 (ORCPT ); Tue, 18 Jun 2019 00:19:57 -0400 Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com [209.85.221.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 343C521874 for ; Tue, 18 Jun 2019 04:19:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1560831596; bh=51rZ9e9LkNVBLGHAIif1eIVHEBL3AZLf/1gX1DPTttU=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=DuLk3e8EkWUmqjbMfqOhBVznVeVo0ij+gX+dBj6X0D/RiqGPAyRXac3zAcRajl+NC rG8dKjmVC7cMcg+ACN+3b4bthSfnYsFrxPjfTgqhyZKFcThYwI8P3UENip/XJE3+MM sTMSBKCyqPy5UWo0Vh97re/7Sj11UC+1Gd22CCLk= Received: by mail-wr1-f41.google.com with SMTP id k11so12300282wrl.1 for ; Mon, 17 Jun 2019 21:19:56 -0700 (PDT) X-Gm-Message-State: APjAAAW/OLgXTNAZZK+wgtcp4Ge5gk3ZuPqM4rPNylrFKM6OexSH2IRV MoHZ3fP/0baD97UaMlH7LH/jLzBAyM6vRm1f22d+kA== X-Received: by 2002:adf:a443:: with SMTP id e3mr26082705wra.221.1560831594613; Mon, 17 Jun 2019 21:19:54 -0700 (PDT) MIME-Version: 1.0 References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> <20190508144422.13171-46-kirill.shutemov@linux.intel.com> <3c658cce-7b7e-7d45-59a0-e17dae986713@intel.com> <5cbfa2da-ba2e-ed91-d0e8-add67753fc12@intel.com> <1560815959.5187.57.camel@linux.intel.com> In-Reply-To: From: Andy Lutomirski Date: Mon, 17 Jun 2019 21:19:42 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH, RFC 45/62] mm: Add the encrypt_mprotect() system call for MKTME To: Andy Lutomirski Cc: "Lendacky, Thomas" , Kai Huang , Dave Hansen , "Kirill A. Shutemov" , Andrew Morton , X86 ML , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , David Howells , Kees Cook , Jacob Pan , Alison Schofield , Linux-MM , kvm list , "keyrings@vger.kernel.org" , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jun 17, 2019 at 6:40 PM Andy Lutomirski wrote: > > On Mon, Jun 17, 2019 at 6:34 PM Lendacky, Thomas > wrote: > > > > On 6/17/19 6:59 PM, Kai Huang wrote: > > > On Mon, 2019-06-17 at 11:27 -0700, Dave Hansen wrote: > > > > > > > And yes from my reading (better to have AMD guys to confirm) SEV guest uses anonymous memory, but it > > > also pins all guest memory (by calling GUP from KVM -- SEV specifically introduced 2 KVM ioctls for > > > this purpose), since SEV architecturally cannot support swapping, migraiton of SEV-encrypted guest > > > memory, because SME/SEV also uses physical address as "tweak", and there's no way that kernel can > > > get or use SEV-guest's memory encryption key. In order to swap/migrate SEV-guest memory, we need SGX > > > EPC eviction/reload similar thing, which SEV doesn't have today. > > > > Yes, all the guest memory is currently pinned by calling GUP when creating > > an SEV guest. > > Ick. > > What happens if QEMU tries to read the memory? Does it just see > ciphertext? Is cache coherency lost if QEMU writes it? I should add: is the current interface that SEV uses actually good, or should the kernel try to do something differently? I've spent exactly zero time looking at SEV APIs or at how QEMU manages its memory.