Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1772362rwb; Mon, 7 Nov 2022 05:44:16 -0800 (PST) X-Google-Smtp-Source: AMsMyM4Dga75uCw4utvqySopdXVbEOUM31Mpb6zCGfmjsibxv5aBIk+Hy5DaBTJ4GPlOeDnaUowL X-Received: by 2002:a17:902:e84f:b0:187:11a7:b1b with SMTP id t15-20020a170902e84f00b0018711a70b1bmr46434786plg.110.1667828655718; Mon, 07 Nov 2022 05:44:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667828655; cv=none; d=google.com; s=arc-20160816; b=YN+cPlJvP5iV14FUEMUP/95fQu0CFdXLlN+R5AEaVmX75NQKWvD9BYGd1WAbV26S63 3F0dOnAunC+qx1oGxkd65TDB+VSbGy03ZpjbAKHMktrXNI4HLiDS6wI5YDJ3OwDH2uah 8hEq6nz+PAGxvCC4+k/eWYF0U8pE3X1Hs4JaArKLIQz+/Xt7A9FoP7kWC0E4y0DTZdqx AEIZ+NqQh+vZ7DH2MJcLueYCxzXvn65Nbmw4zg2V9KfKEro4Vxd4pdbnwlS5VmsX46u3 CItSk8/MbDBPi0HLkZdykrXmqqT6XPreOt2tnj/e4oZ5qJ0OtgsWwk8iVpvkXTOT2f3y ZH5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=VvpxXSn2wgIBljAhumMGKThLOZTS6IbjD8CnX4P4RQA=; b=PR0OMGZFsdmB2ZUdnJIPH7M5zY3++Ux7iE4P3hSTWf+TVI19yfG4iCZ7nIapgxTkDn Y11xM85vGJXZ+ilH8dHBnEsBpbiUuvGCP77YRPGIejdj9f6CX0vTqijYQpdyP7RezgSt CA2HV+p7XtKlfVMay64B2LQeP1opUDtT8fXvOhJ7Ftbwinr2pRWtSNSwsm8FSBAaxLhK SNT1CWx7Uisamqz6vdxARu/aWSbCPcCCfQu9QS61WCdb5fLepJ7o8RZR68tXnIhK7qn4 yficdqXEuocks0mVuBUGeqw3JJMHud9kpwl1j8xJn55w/5LTB8rUzqzmOxaYLiH/xsVx icIw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="FUE/MnYu"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u1-20020a17090a890100b001fe1c9436b1si9428642pjn.86.2022.11.07.05.44.02; Mon, 07 Nov 2022 05:44:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="FUE/MnYu"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231553AbiKGNbJ (ORCPT + 93 others); Mon, 7 Nov 2022 08:31:09 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33540 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231324AbiKGNbF (ORCPT ); Mon, 7 Nov 2022 08:31:05 -0500 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0DBFA1B9FA for ; Mon, 7 Nov 2022 05:31:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1667827865; x=1699363865; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=v1gI9Pe6bvHrL0dWTyJyctWSrUg2IYLGOLoOANLiJ3Y=; b=FUE/MnYuJUdy5AfXF9/nr+Q9403SmU1wcQrDXeze85TLtywAhcV8zxje ko5A3ucGKlZrnUPSK6PnAmj2sMeZXCvmbl8jzX4ZVCRxh63OCCZy22irs pqMCG8FMNo+WtE1jZ/sPkgrQsysC3KBaaPZNEq82MWTOGSgpbHmNKsVwg MRHpfQFjcMoTgZ8t98t0UY/htBKoZfoHUVwyLwLfDKmg0UypNx+wiFXdg zNHgpVNlKWH8ZKBk7R/LbC+DdYkkLM1RodJIVgvYBNOwNGK9nMzlmNUi2 AuPCnBCbYacYmQwIIO/P1sN5IDkrcvVM0NUPt3dfvdPbS6cvlqGgbnWE4 g==; X-IronPort-AV: E=McAfee;i="6500,9779,10523"; a="297900053" X-IronPort-AV: E=Sophos;i="5.96,145,1665471600"; d="scan'208";a="297900053" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Nov 2022 05:31:04 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10523"; a="586968694" X-IronPort-AV: E=Sophos;i="5.96,145,1665471600"; d="scan'208";a="586968694" Received: from dkthrons-mobl2.amr.corp.intel.com (HELO [10.209.29.113]) ([10.209.29.113]) by orsmga003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Nov 2022 05:31:04 -0800 Message-ID: <3cdb5bf8-7f26-0416-46d2-a5640dd27f22@intel.com> Date: Mon, 7 Nov 2022 05:31:03 -0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2 Subject: Re: [PATCH 2/2] x86/tdx: Do not allow #VE due to EPT violation on the private memory Content-Language: en-US To: Guorui Yu , kirill.shutemov@linux.intel.com Cc: ak@linux.intel.com, bp@alien8.de, dan.j.williams@intel.com, david@redhat.com, elena.reshetova@intel.com, hpa@zytor.com, linux-kernel@vger.kernel.org, luto@kernel.org, mingo@redhat.com, peterz@infradead.org, sathyanarayanan.kuppuswamy@linux.intel.com, seanjc@google.com, tglx@linutronix.de, thomas.lendacky@amd.com, x86@kernel.org References: <20221028141220.29217-3-kirill.shutemov@linux.intel.com> <4bfcd256-b926-9b1c-601c-efcff0d16605@intel.com> From: Dave Hansen In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/6/22 21:10, Guorui Yu wrote: >> Without ATTR_SEPT_VE_DISABLE, a #VE can occur on basically any >> instruction.  We call those kinds of exceptions "paranoid entry" points. >>   They need special handling like the NMI or #MC handlers. >> >> I'd be happy to look at a patch that does the MMIO path check *and* >> turns the #VE handler into a robust entry point. >> >> Bonus points if you can do ~5 lines of C like the approach in this >> thread. > > Yes, there is a fix to satify your requirement and get the bouns points ???? > > Please refer to > https://github.com/intel/tdx/commit/f045b0d52a5f7d8bf66cd4410307d05a90523f10 > > case EXIT_REASON_EPT_VIOLATION: > + if (!(ve->gpa & tdx_shared_mask())) { > + panic("#VE due to access to unaccepted memory. " > + "GPA: %#llx\n", ve->gpa); > + } > + > /* original from Kirill and Kuppuswamy */ > > It's already there, but it just didn't get into the main branch. Could you explain how that prevents the #VE from occurring in the "syscall gap" or in a place where the kernel is running with the user GSBASE value? It doesn't as far as I can tell. You need the SEPT_VE_DISABLE check for that.