Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1792208rwb; Mon, 7 Nov 2022 05:59:36 -0800 (PST) X-Google-Smtp-Source: AMsMyM5475DeTkYIpolvWO+JPvjaE4q3TM3bGvWnc4lUmPQDHv1kIjr0efBJq3U477xbQopNmgMo X-Received: by 2002:a17:907:7214:b0:7ad:94cf:4a36 with SMTP id dr20-20020a170907721400b007ad94cf4a36mr48104033ejc.226.1667829575908; Mon, 07 Nov 2022 05:59:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667829575; cv=none; d=google.com; s=arc-20160816; b=GxQpcHhqscybjMJhJy/TMIEa/Ii6s0JD3PlJjKoX+R5PivMFk4PD2+p3IQYZSt4QyR MPTmazri7pFNHIUbSRWMdj4O57qB7fbWSrF1Y+l7t2LeCSyIWIuZZ5Y0v/aO4F8wXrWv CaBqReHL8JXm4SiarZAQ2e0RoQ+KKf8N3h6ON6+yLNuVMKmOLdrN493u/MdmbOFtl1fl Hlsqsf9fPBYFzKffrO/Y5SsKY4V4Y+FpzXy8b9yDlQlinHi6knzIBP5wfCNz/Exd0LfS Q9+Nhudcn89klzd3Woa3oMpF/F+YL2p9FZ2IiBoP8kSjOdKCtrzfiwQnfIObXB10gg2O gK+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:subject:user-agent:mime-version:date:message-id; bh=LOvzbEqP/kVLwoVpjOHJUrURIfxn9o8L1GsMLzHFOSQ=; b=oupzjNhGZfyEj2puLwecwFrHcu+r3phGrkBUm6Kalp1DX6cHk6UWGY3lDhSKr/w7mp +h/4lGJxahtRdhBCvpvCebn9HAX6jFBGmBsOVnLitJAKQQTe3lxY+TPjiW5UVXrLWV1b K48tNwyqzXtJhLOcFbUH8xT+WUfJLENb4FYktf5ocjaGWooHM3Zg1dhWR0urG8N3mZV+ GZpoLwx3AH73ZshKvRYdK4jnPlU57AqRgCfu2aXZLwPzNqn+He5qbFe6deqbQJzOncif pcXmp3Tm9p8HHHhV2Ti0G9ADMSEkfTaUdN452eTKqRnXryKV9xycZHeYuoEelQYzkLuW gUZw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f19-20020a0564021e9300b00462764a8b8esi11160123edf.592.2022.11.07.05.59.11; Mon, 07 Nov 2022 05:59:35 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231698AbiKGNnp (ORCPT + 94 others); Mon, 7 Nov 2022 08:43:45 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40372 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231378AbiKGNnm (ORCPT ); Mon, 7 Nov 2022 08:43:42 -0500 Received: from out30-42.freemail.mail.aliyun.com (out30-42.freemail.mail.aliyun.com [115.124.30.42]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2462BD6B for ; Mon, 7 Nov 2022 05:43:40 -0800 (PST) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R701e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018046060;MF=guorui.yu@linux.alibaba.com;NM=1;PH=DS;RN=17;SR=0;TI=SMTPD_---0VUF-Nrn_1667828611; Received: from 127.0.0.1(mailfrom:GuoRui.Yu@linux.alibaba.com fp:SMTPD_---0VUF-Nrn_1667828611) by smtp.aliyun-inc.com; Mon, 07 Nov 2022 21:43:36 +0800 Message-ID: <0cd8601b-aa74-ee9a-cfb5-bb69445acc4c@linux.alibaba.com> Date: Mon, 7 Nov 2022 21:43:29 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.4.1 Subject: Re: [PATCH 2/2] x86/tdx: Do not allow #VE due to EPT violation on the private memory To: Dave Hansen , kirill.shutemov@linux.intel.com Cc: ak@linux.intel.com, bp@alien8.de, dan.j.williams@intel.com, david@redhat.com, elena.reshetova@intel.com, hpa@zytor.com, linux-kernel@vger.kernel.org, luto@kernel.org, mingo@redhat.com, peterz@infradead.org, sathyanarayanan.kuppuswamy@linux.intel.com, seanjc@google.com, tglx@linutronix.de, thomas.lendacky@amd.com, x86@kernel.org References: <20221028141220.29217-3-kirill.shutemov@linux.intel.com> <4bfcd256-b926-9b1c-601c-efcff0d16605@intel.com> <3cdb5bf8-7f26-0416-46d2-a5640dd27f22@intel.com> From: Guorui Yu In-Reply-To: <3cdb5bf8-7f26-0416-46d2-a5640dd27f22@intel.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-9.9 required=5.0 tests=BAYES_00, ENV_AND_HDR_SPF_MATCH,NICE_REPLY_A,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,UNPARSEABLE_RELAY, USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 在 2022/11/7 21:31, Dave Hansen 写道: > On 11/6/22 21:10, Guorui Yu wrote: >>> Without ATTR_SEPT_VE_DISABLE, a #VE can occur on basically any >>> instruction.  We call those kinds of exceptions "paranoid entry" points. >>>   They need special handling like the NMI or #MC handlers. >>> >>> I'd be happy to look at a patch that does the MMIO path check *and* >>> turns the #VE handler into a robust entry point. >>> >>> Bonus points if you can do ~5 lines of C like the approach in this >>> thread. >> >> Yes, there is a fix to satify your requirement and get the bouns points ???? >> >> Please refer to >> https://github.com/intel/tdx/commit/f045b0d52a5f7d8bf66cd4410307d05a90523f10 >> >> case EXIT_REASON_EPT_VIOLATION: >> + if (!(ve->gpa & tdx_shared_mask())) { >> + panic("#VE due to access to unaccepted memory. " >> + "GPA: %#llx\n", ve->gpa); >> + } >> + >> /* original from Kirill and Kuppuswamy */ >> >> It's already there, but it just didn't get into the main branch. > > Could you explain how that prevents the #VE from occurring in the > "syscall gap" or in a place where the kernel is running with the user > GSBASE value? > Thank you for explaining the "paranoid entry" points with there examples to me, now I understand why the SEPT_VE_DISABLE is necessary for TD. > It doesn't as far as I can tell. You need the SEPT_VE_DISABLE check for > that.