Received: by 2002:a05:6520:1682:b0:147:d1a0:b502 with SMTP id ck2csp5609998lkb; Mon, 11 Oct 2021 09:55:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwb0kZqGEuLGV1KOSaL5HCEybIVmsONd3Sqa6COPl+9QjE0Eco5QXkDAipIic5/i+ArXdFX X-Received: by 2002:a05:6402:1e88:: with SMTP id f8mr31040102edf.86.1633971300072; Mon, 11 Oct 2021 09:55:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633971300; cv=none; d=google.com; s=arc-20160816; b=G4foaR87L/EGVHti7uJKgGUj0xXLy3sVHJNeMhIRqUrwBrwGfJe7QaZsF1X6R5FiUT 8IwPa3DHfbbNI/17W6MSxUT8k9Tea8vkgoi6p18/0rzDs7blDchdbOMwEMrBx8MVom6B CmIRvHzmykKc4VpQDS1k5thoPEHLGlgXrdk2jIOfaIm090vpdxkRLFc/HH4+uoH0dEvd AMdu1W2m53iRdlZFSR7u6RMT2b16GSUY9Ry4becilUTxiD+GGqq0ElOgBUMaPSE52Edw 7SOc4QVLYZAMuNaiFSiO8AfoMo+VOMgYi8U9d3bxp2Cwpm2rK46kEd7diw90+4zQrPUa v9sg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=ph1Xd1S8e8NUHo5oyA+GH0T8LoJkxvSNNsKj/1NCtxs=; b=rQypD8lUl77xwNsOLU2rx8SIrVufhtIYYaDTbAElPXj0uhxZr7UIE4goxhMSULES5z uXUI8S7XGAyZyaqVvK4gJtYVeustu9Rr2NDulzXqRIx4ZL0FZe9xcJ7gZszRWVIChnq/ FBFcHv1eECWzzw/J5ava5O75DsyPJoXuTtPRlRVMQdZ6gKWOtjcVvsQX0bJpyfmCYrIf cuwTv57Y4JAVxCfHsenQ3CeTB4UoB4rD5FiGpk/7ZDNZ9k3LwhvuldkvIwkieSs3qek6 iSZSczeMPY81pDHfM78vE/vwJZiuTZxpbi2r24R9hnkZjqbdcm8wtMM9xibl9QSRoyHk MrcQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id eb8si1647249edb.325.2021.10.11.09.54.36; Mon, 11 Oct 2021 09:55:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231614AbhJKQv0 (ORCPT + 95 others); Mon, 11 Oct 2021 12:51:26 -0400 Received: from mga06.intel.com ([134.134.136.31]:20202 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229816AbhJKQv0 (ORCPT ); Mon, 11 Oct 2021 12:51:26 -0400 X-IronPort-AV: E=McAfee;i="6200,9189,10134"; a="287797930" X-IronPort-AV: E=Sophos;i="5.85,364,1624345200"; d="scan'208";a="287797930" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2021 09:49:16 -0700 X-IronPort-AV: E=Sophos;i="5.85,364,1624345200"; d="scan'208";a="440871699" Received: from akleen-mobl1.amr.corp.intel.com (HELO [10.255.229.69]) ([10.255.229.69]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2021 09:49:15 -0700 Message-ID: <924d36a6-480b-2ef4-4691-dc010ed82d45@linux.intel.com> Date: Mon, 11 Oct 2021 09:49:15 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.2.0 Subject: Re: [PATCH v8 06/11] x86/traps: Add #VE support for TDX guest Content-Language: en-US To: Sean Christopherson , Lai Jiangshan Cc: Kuppuswamy Sathyanarayanan , Thomas Gleixner , Ingo Molnar , Borislav Petkov , X86 ML , Paolo Bonzini , David Hildenbrand , Andrea Arcangeli , Josh Poimboeuf , Juergen Gross , Deep Shah , VMware Inc , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Peter H Anvin , Dave Hansen , Tony Luck , Dan Williams , Kirill Shutemov , Kuppuswamy Sathyanarayanan , LKML References: <20211005025205.1784480-1-sathyanarayanan.kuppuswamy@linux.intel.com> <20211005025205.1784480-7-sathyanarayanan.kuppuswamy@linux.intel.com> From: Andi Kleen In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > Minor clarification: it eliminates the chance of a #VE during the syscall gap > _if the VMM is benign_. If the VMM is malicious, it can unmap and remap the > syscall page to induce an EPT Violation #VE due to the page not being accepted. This has been addressed. The TDX module will support a mode that forbids unmapping pages permanently, and Linux is going to check/enforce that this mode is enabled. The patch for the check is not included in the posted patches yet though. > > This question? > > Can the hypervisor cause an already-accepted secure-EPT page to transition to > the unaccepted state? > > Yep. I wrote the above before following the link, I should have guessed which > question it was :-) > > IIRC, the proposed middle ground was to add a TDCALL and/or TDPARAMS setting that > would allow the guest to opt-out of EPT Violation #VE due to page not accepted, It's a TDPARAMS setting -Andi