Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp1682912pxj; Wed, 19 May 2021 11:22:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwKnUSRQxN1+eYLFj7WMrdYGQkX7rIEnbawg19wmE5EWCJkLzpjXfLIMHyTKgXPausiF1gs X-Received: by 2002:a17:906:7d7:: with SMTP id m23mr423018ejc.331.1621448553887; Wed, 19 May 2021 11:22:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621448553; cv=none; d=google.com; s=arc-20160816; b=Pr7H4wI51q+ZFJ7TX9GdVKgQwPvENVvgMNtAHLqMde22QuOKDg9FvoosHFynAg7fUV ZvIkMvbjAoW3xhyhxHol0tBihv0qqsk20HLLlA1ZB2R3x0S5MIgDrUOpLho9C+0Vag4E Bk0LlIp1MfUNMDza2tAe/eRZp6oAJnC0K3MOydXx9XyiJxiuctg7r1gzffwFTgjJ0hIE pVSNU8ubcovIttM394yc7hpIzJ+MrE5+SDFzCDil1lm0WSgexaMk6kHzljky36pkhv21 q5fzr2agmPNoXYb1OOIEIqULtAjXfz0iBzLor8KfxJFIuGchV3Jt4ma2CRUmr0guOeuC POdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-language:content-transfer-encoding :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:ironport-sdr:ironport-sdr; bh=YL5vuIuZhojp3YrZJ6I8qsDIW3kjCXHgtiWuv23VcWM=; b=dP5qgqrjJy1OibSBh3MPjmvfqxnSHu0c4Wmxg1IgG2Yjk9WMuGCQPQs0c0fIBDTGSb ngbbZwmHWdYgxhRfHxuk7HCn5un3mnantG62WL4aVePAUIqzVBaRQBCfSoLU9us4UeZO Ur0tmfkMRs5kRic6QjAgUB+vQi3oqg24raiQmH5kIWyxGOviqwDdDN22H1eT0AsMKd4o 3amovY+ZLP6GUPfpr+bKJCl/E7kCZUdtJxI+Or2Qm9zcP5oMwAh0qV7jvt2q9DvyOhUP BJx6YWm7XZDoETd+TWFz6o0LM8jrN0T7uF+2cOIqYq4rZmvV2X7WI/Ps0WgVhuJ0pRED URuQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c11si541928edy.550.2021.05.19.11.22.10; Wed, 19 May 2021 11:22:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350504AbhERP6x (ORCPT + 99 others); Tue, 18 May 2021 11:58:53 -0400 Received: from mga12.intel.com ([192.55.52.136]:59187 "EHLO mga12.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1350480AbhERP6v (ORCPT ); Tue, 18 May 2021 11:58:51 -0400 IronPort-SDR: GvKliayCrsKSygqPg55lDbUbeUxabKMuz5/1EiA75JS+Azcr7I2ebYihEyrKdztxva1nYcVJ89 gAMLtYx+VBDQ== X-IronPort-AV: E=McAfee;i="6200,9189,9988"; a="180349931" X-IronPort-AV: E=Sophos;i="5.82,310,1613462400"; d="scan'208";a="180349931" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 May 2021 08:56:35 -0700 IronPort-SDR: z0g/9luv2LW0Bv8ya4CBBWhVf/O0tqqr6okTgFhwzmWzVguUBYB2Ep7t7ZLaMTP1i933egEkiU Q4Px3ZljA5Xw== X-IronPort-AV: E=Sophos;i="5.82,310,1613462400"; d="scan'208";a="439500398" Received: from msaber-mobl.amr.corp.intel.com (HELO [10.209.65.183]) ([10.209.65.183]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 May 2021 08:56:34 -0700 Subject: Re: [RFC v2-fix 1/1] x86/tdx: Handle in-kernel MMIO To: Dave Hansen , Kuppuswamy Sathyanarayanan , Peter Zijlstra , Andy Lutomirski Cc: Tony Luck , Kirill Shutemov , Kuppuswamy Sathyanarayanan , Dan Williams , Raj Ashok , Sean Christopherson , linux-kernel@vger.kernel.org References: <3e9a26c3-8eee-88f5-f8e2-8a2dd2c028ea@intel.com> <20210518004807.258503-1-sathyanarayanan.kuppuswamy@linux.intel.com> <36cd2665-6d8b-9c0b-eec1-25152dcca2a3@intel.com> From: Andi Kleen Message-ID: <43e583a3-ee2b-52d8-5275-e26a6609c126@linux.intel.com> Date: Tue, 18 May 2021 08:56:33 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1 MIME-Version: 1.0 In-Reply-To: <36cd2665-6d8b-9c0b-eec1-25152dcca2a3@intel.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/18/2021 8:00 AM, Dave Hansen wrote: > On 5/17/21 5:48 PM, Kuppuswamy Sathyanarayanan wrote: >> From: "Kirill A. Shutemov" >> >> In traditional VMs, MMIO tends to be implemented by giving a >> guest access to a mapping which will cause a VMEXIT on access. >> That's not possible in TDX guest. > Why is it not possible? For once the TDX module doesn't support uncached mappings (IgnorePAT is always 1) > >> For now we only handle a subset of instructions that the kernel >> uses for MMIO operations. User-space access triggers SIGBUS. > How do you know which instructions the kernel uses? They're all in MMIO macros. > How do you know > that the compiler won't change them? The macros try hard to prevent that because it would likely break real MMIO too. Besides it works for others, like AMD-SEV today and of course all the hypervisors that do the same. > That sounds like something objective we can measure. Does this cost 1 > byte of extra text per readl/writel? 10? 100? Alternatives are at least a pointer, but also the extra alternative code. It's definitely more than 10, I would guess 40+ > > I thought there were more than a few ways that userspace could get > access to MMIO mappings. Yes and they will all fault in TDX guests. >> + if (user_mode(regs)) { >> + pr_err("Unexpected user-mode MMIO access.\n"); >> + force_sig_fault(SIGBUS, BUS_ADRERR, (void __user *) ve->gla); > extra space ^ > > Is a non-ratelimited pr_err() appropriate here? I guess there shouldn't > be any MMIO passthrough to userspace on these systems. Yes rate limiting makes sense.