Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp269484iob; Wed, 18 May 2022 01:40:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx+X6EZqbZ2Xzv02q94VIdUq9ym0MhF/V62emsLsHL7K99m+I+CEgQYAV9M7bJ1PSeIMEEs X-Received: by 2002:a05:6a00:1709:b0:505:fa47:b611 with SMTP id h9-20020a056a00170900b00505fa47b611mr21881030pfc.65.1652863209172; Wed, 18 May 2022 01:40:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652863209; cv=none; d=google.com; s=arc-20160816; b=nMmh3yu5BbieSRkWsGOnbtRBwcXoWdLTg87tSkpBcMwJQOr2ZCxYj/RYD2YXQt0fju nvc7yFkqQtLse9vtmaRxqOns5y3ckZl0h4Qx0fiVpI1xiXdT+ZT26jk+4SD67LCJPS82 gQm0tXPpyvYyQJVwJbSj+HIxbQNW1f6vz+hT5nn5GY0I/ylw/Wvmc+EXhtcHq52g+bqj /ssDlvdn5nRXjF+82aLcIB/pEvTFBZue46tbrJTU05Zyw3/ml/AQZlG+nWg8vdmsovua o6nKabamelAZBySt8cMyX1bNLv1IOLXT1EGx+m/zEeT7veDksTR+UAerYYJsyQg7yLqU ByEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :mime-version:accept-language:in-reply-to:references:message-id:date :thread-index:thread-topic:subject:cc:to:from; bh=TQGsAfwxvPnyRC3DBAzfvjRJ/wsZnGcoEQ5l+dTdv1U=; b=Yo75hbJDB3JoaUSCHxwmM1mBgiwjwW4A+oAkheDOrew2AHCysvBRO0aZ24UAb76W74 /4TzP8txjsun6R6/dvzIUVY18KD0/YdIjc8z/fctIm2ABt9r15AKzkic6Vb63VcW68VB W/a6yY/AJqEZLO6Jyym+BLzLaBiyLz5esYKQFZ0JqbIGtknRbjtRVP+9CZqZJIjaQ4Tb DSs9dAaiMaScUuLKUr5hh4Kf9uLkZ9HnjovdOEbbyZ+epRtw/ZP/9owC0JoCNKkgqcnY oGno1KujylgeXOf2NbZhwycfH6s7sGX1XyrJ3NWfIXf/Z5KJgH/b8PBs01315aXQhsIA ss+w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id x20-20020a63f714000000b003db86914412si1732513pgh.665.2022.05.18.01.40.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 May 2022 01:40:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 7A395245A7; Wed, 18 May 2022 01:40:07 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233433AbiERIj6 convert rfc822-to-8bit (ORCPT + 99 others); Wed, 18 May 2022 04:39:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46056 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233424AbiERIjv (ORCPT ); Wed, 18 May 2022 04:39:51 -0400 Received: from eu-smtp-delivery-151.mimecast.com (eu-smtp-delivery-151.mimecast.com [185.58.86.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id F1EBFB00 for ; Wed, 18 May 2022 01:39:49 -0700 (PDT) Received: from AcuMS.aculab.com (156.67.243.121 [156.67.243.121]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id uk-mta-79-NduRNFJ4Pp-5rcXrHSSEXw-1; Wed, 18 May 2022 09:39:46 +0100 X-MC-Unique: NduRNFJ4Pp-5rcXrHSSEXw-1 Received: from AcuMS.Aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) by AcuMS.aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) with Microsoft SMTP Server (TLS) id 15.0.1497.36; Wed, 18 May 2022 09:39:45 +0100 Received: from AcuMS.Aculab.com ([fe80::994c:f5c2:35d6:9b65]) by AcuMS.aculab.com ([fe80::994c:f5c2:35d6:9b65%12]) with mapi id 15.00.1497.036; Wed, 18 May 2022 09:39:45 +0100 From: David Laight To: "'Kirill A. Shutemov'" , "tglx@linutronix.de" , "mingo@redhat.com" , "bp@alien8.de" , "dave.hansen@intel.com" , "luto@kernel.org" , "peterz@infradead.org" CC: "sathyanarayanan.kuppuswamy@linux.intel.com" , "ak@linux.intel.com" , "dan.j.williams@intel.com" , "david@redhat.com" , "hpa@zytor.com" , "seanjc@google.com" , "thomas.lendacky@amd.com" , "x86@kernel.org" , "linux-kernel@vger.kernel.org" Subject: RE: [PATCH] x86/tdx: Handle load_unaligned_zeropad() page-cross to a shared page Thread-Topic: [PATCH] x86/tdx: Handle load_unaligned_zeropad() page-cross to a shared page Thread-Index: AQHYagMRu09I4StjsUmLP0Gmi9Ue260kTo+g Date: Wed, 18 May 2022 08:39:45 +0000 Message-ID: <70df6e274d4a40e78f11ef93521edab6@AcuMS.aculab.com> References: <20220517153021.11116-1-kirill.shutemov@linux.intel.com> In-Reply-To: <20220517153021.11116-1-kirill.shutemov@linux.intel.com> Accept-Language: en-GB, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.202.205.107] MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=C51A453 smtp.mailfrom=david.laight@aculab.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: aculab.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Kirill A. Shutemov > Sent: 17 May 2022 16:30 > > load_unaligned_zeropad() can lead to unwanted loads across page boundaries. > The unwanted loads are typically harmless. But, they might be made to > totally unrelated or even unmapped memory. load_unaligned_zeropad() > relies on exception fixup (#PF, #GP and now #VE) to recover from these > unwanted loads. > > In TDX guest the second page can be shared page and VMM may configure it > to trigger #VE. > > Kernel assumes that #VE on a shared page is MMIO access and tries to > decode instruction to handle it. In case of load_unaligned_zeropad() it > may result in confusion as it is not MMIO access. > > Check fixup table before trying to handle MMIO. Is it best to avoid that all happening by avoiding mapping 'normal memory' below anything that isn't normal memory. Even on a normal system it is potentially possibly that the second page might be MMIO and reference a target that doesn't want to see non-word sized reads. (Or the first location might be a fifo and the read consumes some data.) In that case the cpu won't fault the access, but the hardware access might have rather unexpected side effects. Now the way MMIO pages are allocated probably makes that impossible - but load_unaligned_zeropad() relies on it not happening or not breaking anything. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)