Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp849246rwb; Sat, 13 Aug 2022 10:03:57 -0700 (PDT) X-Google-Smtp-Source: AA6agR54W3NbuUx5Kmtq1cSxkWHeiVDhADHwuBZ4P3yfoW1iVbDOVTqxt4NXxRamp3VuUYdi5oUt X-Received: by 2002:a63:5264:0:b0:427:e7f2:a43 with SMTP id s36-20020a635264000000b00427e7f20a43mr298636pgl.159.1660410237646; Sat, 13 Aug 2022 10:03:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660410237; cv=none; d=google.com; s=arc-20160816; b=wBTg/cZsE39u5ZGeiXOIMLaPZIQ1+Ju1RwwPU0E0s5UsWvW/ha3eHVBydI4I6ZK9Cm C23/hyLXJvuedeVpqeVLeDidPV4aQmE4gHd63BEoKwR0W6Cf/vMUsWFm9I3T7BDkGek+ 15n5oUFZfWrQdd41uePZmMSeqB5wQiYo7jPzNj+4VPV+nEZMoi9hE/tohVIjWacfu/AP iuis1zBmoHUkmZshvBLbqhE4hh+UBIg7MZ6FigUXlVbEJ9B0zyv6P3TUSxD0Ph03D8wq lfzm+xoGQqbvtZyHQ94TlIUnkkCpJE6TQmWWP9VLIf5S9gE/5gwRM5V3Gj6CDEsrgIZ/ qazA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:subject:cc:to:from :date:references:in-reply-to:message-id:mime-version:user-agent :feedback-id:dkim-signature; bh=0Hvh3cs6sg0lMFHJa5PUPNvgK6WJ0NM/JweaMw6KaNw=; b=AJact3B8s/7UTgNLRN7lZCbxnYAQjcijacgtevjB/ulGXWY4GRIEqqI50luWA7GzC9 rPdf1iIPsa+D+Jc3wMxrqeWQyU5mquL3WG8J2Ncdeit8ReZNtPHmQqV4j1DY++70uXJc 3s6YX63sTBeKPD+yVelnomsGPrqyikqeX85nT9viWZqXczfaC1X+mnqfUDEH5J3x/MMG BrQK+8qgMz1xqgsNJhhpS8K40Tu3fv6JJWILKT0QMrpVPaFNiJe+Noz9bc3MQIyUDQ1Z evVgYr8p8CpNxPojdUJ5/5uXGp18yu5vM+uIxCWHZ+JWBYsYTQInlSHDC1sKLSRHJ84t GBEQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="C3DO/cdG"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r24-20020a6560d8000000b0041cfc9ef388si5985712pgv.159.2022.08.13.10.03.46; Sat, 13 Aug 2022 10:03:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="C3DO/cdG"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239876AbiHMQMY (ORCPT + 99 others); Sat, 13 Aug 2022 12:12:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55264 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239668AbiHMQMW (ORCPT ); Sat, 13 Aug 2022 12:12:22 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AA54CE0FD; Sat, 13 Aug 2022 09:12:20 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 50282B8069F; Sat, 13 Aug 2022 16:12:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9C0E8C433B5; Sat, 13 Aug 2022 16:12:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1660407137; bh=AyAGH0PcMtFcg49U7U4FZXoOq5ScRaVgEYBLreXB280=; h=In-Reply-To:References:Date:From:To:Cc:Subject:From; b=C3DO/cdGuqKWCfuMHu5t/g+mL7ExtT5COBjzp8ik3KD3XW89sZ9v7usUWfktdkG+W PYCGPVujPe3RYQIvQiwABCvqA87KPi2vVJvULFlIRcQltxAyHP16J8Umzyj9sOAGDz rwRea+hTT2B7ZfR3F7U7MbSjxIekEX74zgelB32A3Dc+IAZ7QcHvt9G+seoP6KnNJc CD+WQZ+LhSvHEbiIwCryqQzE78My/f0uQwxuHwxKw0rEB/kacZOz0HcduvWItqSj+n WPjXe08MEpEn1ho3s+2RNkOp2/3Vh8xlEnyvx0fP0jlvih5Ke0PHTASXzlRtTg+CrC 6Y+QBoFP9/hSA== Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailauth.nyi.internal (Postfix) with ESMTP id 825C627C005A; Sat, 13 Aug 2022 12:12:15 -0400 (EDT) Received: from imap48 ([10.202.2.98]) by compute2.internal (MEProxy); Sat, 13 Aug 2022 12:12:15 -0400 X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrvdegkedguddttdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefofgggkfgjfhffhffvvefutgfgsehtqhertderreejnecuhfhrohhmpedf tehnugihucfnuhhtohhmihhrshhkihdfuceolhhuthhosehkvghrnhgvlhdrohhrgheqne cuggftrfgrthhtvghrnhepieetjeelgeejkeelgeevueejjedvheejkeevgeduudduffeu keejffefueejkefhnecuffhomhgrihhnpehkvghrnhgvlhdrohhrghenucevlhhushhtvg hrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegrnhguhidomhgvshhmthhp rghuthhhphgvrhhsohhnrghlihhthidqudduiedukeehieefvddqvdeifeduieeitdekqd hluhhtoheppehkvghrnhgvlhdrohhrgheslhhinhhugidrlhhuthhordhush X-ME-Proxy: Feedback-ID: ieff94742:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id DFF4D31A0062; Sat, 13 Aug 2022 12:12:13 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.7.0-alpha0-841-g7899e99a45-fm-20220811.002-g7899e99a Mime-Version: 1.0 Message-Id: In-Reply-To: References: <20220614120231.48165-1-kirill.shutemov@linux.intel.com> <20220614120231.48165-11-kirill.shutemov@linux.intel.com> <80cc204b-a24f-684f-ec66-1361b69cae39@intel.com> <073c5a97-272c-c5a0-19f2-c3f14f916c72@intel.com> Date: Sat, 13 Aug 2022 09:11:52 -0700 From: "Andy Lutomirski" To: "Borislav Petkov" , "Dave Hansen" Cc: "Kirill A. Shutemov" , "Sean Christopherson" , "Andrew Morton" , "Joerg Roedel" , "Ard Biesheuvel" , "Andi Kleen" , "Sathyanarayanan Kuppuswamy" , "David Rientjes" , "Vlastimil Babka" , "Tom Lendacky" , "Thomas Gleixner" , "Peter Zijlstra (Intel)" , "Paolo Bonzini" , "Ingo Molnar" , "Varad Gautam" , "Dario Faggioli" , "Mike Rapoport" , "David Hildenbrand" , "Marcelo Henrique Cerri" , tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, "the arch/x86 maintainers" , linux-mm@kvack.org, linux-coco@lists.linux.dev, linux-efi@vger.kernel.org, "Linux Kernel Mailing List" Subject: Re: [PATCHv7 10/14] x86/mm: Avoid load_unaligned_zeropad() stepping into unaccepted memory Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Aug 11, 2022, at 4:26 AM, Borislav Petkov wrote: > On Wed, Aug 03, 2022 at 07:02:31AM -0700, Dave Hansen wrote: >> One other thing I remembered as I re-read my write up on this. >>=20 >> In the "new" mode, guests never get #VE's for unaccepted memory. They >> just exit to the host and can never be reentered. They must be kille= d. > > Yeah, this is the part which I think is really silly. > > OSes, in their execution lifetime, can - erroneously or not - but it > happens pretty often in real life, touch some unrelated memory. And th= is > has never been a big deal - #PF, that's it. > > But now they don't even get a chance to correct their mistake - VMEXIT, > die. > > load_unaligned_zeropad() is just one case. > > Imagine the user loads some buggy driver in the guest and that driver > starts doing stray memory accesses through a wild pointer into the > fields. Guest dies immediately. > > Dunno bit it all feels a bit too harsh and unfriendly to me. > > Sure, if that user is really unlucky, those stray accesses can kill > his OS on baremetal too. So maybe you could argue here that such stray > accesses are actually a good thing. :) > > All I know is, there should be a more resilient way to handle those. > >> In the "old" mode, I _believe_ that the guest always gets a #VE for >> non-EPT-present memory. The #VE is basically the same no matter if t= he >> page is unaccepted or if the host goes out and makes a >> previously-accepted page non-present. >>=20 >> One really nasty implication of this "old" mode is that the host can >> remove *accepted* pages that are used in the syscall gap. That means >> that the #VE handler would need to be of the paranoid variety which >> opens up all kinds of other fun. > > Yeah, I believe this needs to be dealt with anyway, for SNP at least. > But on AMD it would simply cause an exception and it'll be handled in > the #VC thing. And there's some ugly code to deal with the gap too. I do not believe for a second that the =E2=80=9Cugly=E2=80=9D code in qu= estion is correct. Let=E2=80=99s please not go there for TDX. The whole= point of this thing is security =E2=80=94 I would rather see a somewhat= fragile situation than an exploit. Now if the TD module could deliver an unrecoverable #MC instead of an im= possible-to-handle #VE, maybe we could at least get a nice debug trace o= ut? Of course it=E2=80=99s not so easy to do anything with a debug trac= e that doesn=E2=80=99t break confidentiality. So, Dave (and other Intel folks), here=E2=80=99s a different feature I t= hink we will want: a secure way to get debug logs out of a TDX guest. Ma= ybe the guest could have a way to send syslog lines to the TD module (vi= a hypercall or a ring buffer) and the TD module could encrypt them again= st a secret that is only accessible to future boots of the same guest or= to an attested outside key. TDX already has an exceedingly flexible at= testation mechanism =E2=80=94 there is surely room for the guest config = to include a public key that is used for encryption of exported logs. (Yes, this is sort of doable in software, but the part where any kind of= buffer actually gets saved anywhere if the guest goes kaboom requires e= ither help from the TD module or a defined protocol with key negotiation= involving the untrusted host.) The model where the guest leaves a panic on the screen or serial console= won=E2=80=99t work in TDX=E2=80=A6 > >> * "Old" - #VE's can happen in the syscall gap >> * "New" - #VE's happen at better-defined times. Unexpected ones are >> fatal. >>=20 >> There's a third option which I proposed but doesn't yet exist. The T= DX >> module _could_ separate the behavior of unaccepted memory #VE's and >> host-induced #VEs. This way, we could use load_unaligned_zeropad() w= ith >> impunity and handle it in the #VE handler. At the same time, the host >> would not be allowed to remove accepted memory and cause problems in = the >> syscall gap. Kinda the best of both worlds. > > I like that. This should've been the default from the get-go. Oh well, > what's it called in English, hindsight is 20 20...? > >> But, I'm not sure how valuable that would be now that we have the >> (admittedly squirrelly) code to avoid load_unaligned_zeropad() #VE's. > > I think you should push for the bestest solution and one day we can ki= ll > those ugly workarounds. > > Thx. > > --=20 > Regards/Gruss, > Boris. > > https://people.kernel.org/tglx/notes-about-netiquette