Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp1095776rwd; Tue, 16 May 2023 11:43:43 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7hCDIHA+SKSZVdcJbSNXuEsIxLt2PvDz0CrkLHaabBNwTQKqhPSmucJwcr0HoUXt/+gEtH X-Received: by 2002:a17:90b:4a51:b0:247:5654:fcf3 with SMTP id lb17-20020a17090b4a5100b002475654fcf3mr37572634pjb.11.1684262623001; Tue, 16 May 2023 11:43:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684262622; cv=none; d=google.com; s=arc-20160816; b=xZmFDAidkdOQyx33Lj4Z5M3vLlHmiKVKlhx17td0G3vAIylh+lQshbAtBi7YHvR/yf hXCqmKXiGnQ49fzGaj5pwutSQff2gH8SP+U1ejLDLuU25sHbDAGGlGmMjRrEPz/PwRI7 2/85uCezMl7tSqB1Sszy+mpnNvzCV2B+gJaTPffgTJ6sRHJCmOqvzLs665Idgc6waYqx TSy13HMjaG8jSYW4/UAhiUCGZnUAEGMpxSkdbgxXH+uWm+3Ya/9BiJbsVsamkwITEbmz fDjwKlwV79F6GdX/5MjmDGYPVmennDnihdrqbdMaB7+KDBjAQj2wQg6Ft9TQcLTglCxc PFRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=Z+rISdoaaFjE0H3onVx9q3vVqV+GW7MmEBF4x723LEk=; b=ZAqeF1J9eWNaKPgdC0CbQKebdy/zxliu2Sz0RN+0Hi/sZK+/g/P1R3cbHrkCeLcvyL KG8F5nQbSY+dFxdLyhijh24YnV3E2nRo1CCB8nCTBHh8aM8z4HhTCUNzFmWqXSN/Yx3+ RqBckqDjBsLZ0/yzE+qB1SDF0Mq67YsmZeD1Fjcl0ldR4WfM4Co+CPCAMnjK4YCF3Jhb qGd1ssTG7ABgWD9QTvnSD+0HRa6x3km/I1j6IAApjBm3cuNzB2V1cdQR1tShFdaGM0dY HGhsT6//mXCBnDPfltqoNr6ZWZE+5i4gshDvR+JjzN9X7jGUPKLh7o+P0dU75VnpGUVI aTng== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=qsSCep0o; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a21-20020a63e855000000b0050f817c6c82si19252043pgk.232.2023.05.16.11.43.30; Tue, 16 May 2023 11:43:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=qsSCep0o; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229670AbjEPSgS (ORCPT + 99 others); Tue, 16 May 2023 14:36:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46890 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229483AbjEPSgQ (ORCPT ); Tue, 16 May 2023 14:36:16 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7823783FF; Tue, 16 May 2023 11:35:41 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 03E5163DD9; Tue, 16 May 2023 18:35:41 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6A443C433AE; Tue, 16 May 2023 18:35:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1684262140; bh=Z+rISdoaaFjE0H3onVx9q3vVqV+GW7MmEBF4x723LEk=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=qsSCep0ovkhnWtUBCdQLs1goten8s2jtIjcw8Yn2A2Fx9CEsj8jaFZW5pav22M/HH XlvZMyzFG13P/7meyUFtu84nuLvAQXuG4R0y7+LgQ8V1zVT18jpd6BpkyvH3yKLAV/ bdmUK7ysNMhHrbnGRgjCkgfN3VBQW4CKjLOlxE2was/rt8ZpfT5eH6JcsX8IIknCGe Vj+md7SuXZceBuvLqI49DO3mcpc6wzNUQHWckel1K3XT343ftCeDkunrEoGR+J8Ewp AeUsFU9acu5rgFVPCiBlN20Fb4XjLPyQAbym96z38y7pW0PzLE3wiPpr7NULICnHVC DwHhJrmLqcJOw== Received: by mail-lj1-f172.google.com with SMTP id 38308e7fff4ca-2ac82b07eb3so147496631fa.1; Tue, 16 May 2023 11:35:40 -0700 (PDT) X-Gm-Message-State: AC+VfDwfmMlzz4rh1pQKL7+veWv14w5JfrzgAhvzvnIYyKxPN4jQkDCz t7oqYWPdM2i1Kax4Nhtf9Td9+IvyMQApMP9s+TQ= X-Received: by 2002:a2e:8695:0:b0:2ad:90c9:bd29 with SMTP id l21-20020a2e8695000000b002ad90c9bd29mr8255580lji.18.1684262138332; Tue, 16 May 2023 11:35:38 -0700 (PDT) MIME-Version: 1.0 References: <20230513220418.19357-1-kirill.shutemov@linux.intel.com> <20230513220418.19357-7-kirill.shutemov@linux.intel.com> <6fe42f66-819c-f2c8-176b-759c1c5a9cf5@intel.com> In-Reply-To: <6fe42f66-819c-f2c8-176b-759c1c5a9cf5@intel.com> From: Ard Biesheuvel Date: Tue, 16 May 2023 20:35:27 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCHv11 6/9] efi/unaccepted: Avoid load_unaligned_zeropad() stepping into unaccepted memory To: Dave Hansen Cc: "Kirill A. Shutemov" , Borislav Petkov , Andy Lutomirski , Sean Christopherson , Andrew Morton , Joerg Roedel , Andi Kleen , Kuppuswamy Sathyanarayanan , David Rientjes , Vlastimil Babka , Tom Lendacky , Thomas Gleixner , Peter Zijlstra , Paolo Bonzini , Ingo Molnar , Dario Faggioli , Mike Rapoport , David Hildenbrand , Mel Gorman , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, aarcange@redhat.com, peterx@redhat.com, x86@kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, Dave Hansen Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 16 May 2023 at 20:27, Dave Hansen wrote: > > On 5/16/23 11:08, Ard Biesheuvel wrote: > >> But, this approach does not work for unaccepted memory. For TDX, a load > >> from unaccepted memory will not lead to a recoverable exception within > >> the guest. The guest will exit to the VMM where the only recourse is to > >> terminate the guest. > >> > > Does this mean that the kernel maps memory before accepting it? As > > otherwise, I would assume that such an access would page fault inside > > the guest before triggering an exception related to the unaccepted > > state. > > Yes, the kernel maps memory before accepting it (modulo things like > DEBUG_PAGEALLOC). > OK, and so the architecture stipulates that prefetching or other speculative accesses must never deliver exceptions to the host regarding such ranges? If this all works as it should, then I'm ok with leaving this here, but I imagine we may want to factor out some arch specific policy here in the future, as I don't think this would work the same on ARM.