Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp1147609rwd; Tue, 16 May 2023 12:31:34 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ51zE9PEEaHpbGemPrs7rFzwZJNaOQPTJrNRHh0s8R13mBBEcMWZjdKPZ2Ro2eI393GgSs0 X-Received: by 2002:a05:6a20:7d99:b0:107:1f60:3edf with SMTP id v25-20020a056a207d9900b001071f603edfmr2541272pzj.61.1684265494004; Tue, 16 May 2023 12:31:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684265493; cv=none; d=google.com; s=arc-20160816; b=FcYEnQ/Vv3skv1Hpd1dgojJE6ogDjPm4hB83L40haQZ1ENLrZQLs5JxkurBr1X6EzN 8L4BUv8sR4Q/pj1HH4roewi2UUVUZjrKyQnxNlqJ/gb6ZDFJ1kWwbvTXtb+kfwDwxSR+ leN5khVjv9J9F4ZOM3k/eDnEyY+O3X8qqcCJPnDjS9RcFPAKqT3mHKpVOt4XwjFloH45 nzApiPb8yndSS3iuhWfzj7nfx4Fdmqnj3X8tkTBJ+UPrisvWNeXP/Z3VvMnF9vhGO0pG eiyU/uNqx43RCq3HbG711ttvePVUW9pbljIF4AfF9i+ErS4pC9d08bjgTf4z3FHJU7Jx YBtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=HhYNn3TCN5ueSKPyXqbhH5tr3hFiIJ3YGimjpIOMT8o=; b=vriiIIqSAOloajB/uwsPDBE5NBP5dnTNXB4zCDB9EinKWUeO+rfodxPzsIgNPSZOTG VDiuuVUjighun1kXvi5xhdeY8FrhWOHD3a2QOgSzzVE2+D/lJ7+uaGcdYWGcCx6mU3Ia b6FAJrFJzcdDPLtOMLJEh5fwL3fKZ/R33tFvSJH6imxcdRuMwqSTr7pUZAOdp6zdPtlT uLuVIS/DevcaqD28v3hlgsyNN3E/iOAueW6dulS/IPO9oT/FVurE5iafyIhzcynHEBDX 59GSvKkyv0Ti+2YEsQYpDfLL+RNOYwJjhsoM7mR23oOVcYDaj0rHh+tJxMl/7Fil1P1S rJFA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=lxpzhrY+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z124-20020a633382000000b0051367d909efsi19050030pgz.106.2023.05.16.12.31.19; Tue, 16 May 2023 12:31:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=lxpzhrY+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229608AbjEPTQE (ORCPT + 99 others); Tue, 16 May 2023 15:16:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44412 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229522AbjEPTQD (ORCPT ); Tue, 16 May 2023 15:16:03 -0400 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4849B525D; Tue, 16 May 2023 12:16:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1684264561; x=1715800561; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=kFUQ6MboftdOLOEvZid5f2b59TWc3NhFgO6Ggzr+aXU=; b=lxpzhrY+TPvyXsk1sFUsJIe4TxXGMtmX7BbxQMTKceHyDLmgfeNeJNyA dHqMrEx9nH8l121ACHSXlM/+NvQdXJ+tQnOnWUmio7e1+LPDCRMUuGAwc DK6+RnycM6wKfAaU02Qh76v3twxPwdqjJNeikGMzJjNEkrXScOQDJl6j+ oCLMsyDdAuTALRljo+6yvzR484V1/2jc/gcRAT90F/EXFsdFju19eH9Lf eQlVBC8kZqhw5wW8Dm8ogtDW9w8N64c6Kv1r2wmnfVtXJ4Cx2bar9c+Ej A4sE34Y/GsRprMch3buw55qEOvIKRHVydYjV14mdFTYPeO81L+L2bR2i1 w==; X-IronPort-AV: E=McAfee;i="6600,9927,10712"; a="340941498" X-IronPort-AV: E=Sophos;i="5.99,278,1677571200"; d="scan'208";a="340941498" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 May 2023 12:16:00 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10712"; a="678966984" X-IronPort-AV: E=Sophos;i="5.99,278,1677571200"; d="scan'208";a="678966984" Received: from unisar-mobl.ger.corp.intel.com (HELO box.shutemov.name) ([10.251.219.243]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 May 2023 12:15:52 -0700 Received: by box.shutemov.name (Postfix, from userid 1000) id D219F10C8C1; Tue, 16 May 2023 22:15:49 +0300 (+03) Date: Tue, 16 May 2023 22:15:49 +0300 From: "Kirill A. Shutemov" To: Ard Biesheuvel Cc: Dave Hansen , Borislav Petkov , Andy Lutomirski , Sean Christopherson , Andrew Morton , Joerg Roedel , Andi Kleen , Kuppuswamy Sathyanarayanan , David Rientjes , Vlastimil Babka , Tom Lendacky , Thomas Gleixner , Peter Zijlstra , Paolo Bonzini , Ingo Molnar , Dario Faggioli , Mike Rapoport , David Hildenbrand , Mel Gorman , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, aarcange@redhat.com, peterx@redhat.com, x86@kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, Dave Hansen Subject: Re: [PATCHv11 6/9] efi/unaccepted: Avoid load_unaligned_zeropad() stepping into unaccepted memory Message-ID: <20230516191549.tjub26jvlqymp27x@box.shutemov.name> References: <20230513220418.19357-1-kirill.shutemov@linux.intel.com> <20230513220418.19357-7-kirill.shutemov@linux.intel.com> <6fe42f66-819c-f2c8-176b-759c1c5a9cf5@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 16, 2023 at 08:35:27PM +0200, Ard Biesheuvel wrote: > On Tue, 16 May 2023 at 20:27, Dave Hansen wrote: > > > > On 5/16/23 11:08, Ard Biesheuvel wrote: > > >> But, this approach does not work for unaccepted memory. For TDX, a load > > >> from unaccepted memory will not lead to a recoverable exception within > > >> the guest. The guest will exit to the VMM where the only recourse is to > > >> terminate the guest. > > >> > > > Does this mean that the kernel maps memory before accepting it? As > > > otherwise, I would assume that such an access would page fault inside > > > the guest before triggering an exception related to the unaccepted > > > state. > > > > Yes, the kernel maps memory before accepting it (modulo things like > > DEBUG_PAGEALLOC). > > > > OK, and so the architecture stipulates that prefetching or other > speculative accesses must never deliver exceptions to the host > regarding such ranges? > > If this all works as it should, then I'm ok with leaving this here, > but I imagine we may want to factor out some arch specific policy here > in the future, as I don't think this would work the same on ARM. Even if other architectures don't need this, it is harmless: we just accept one unit ahead of time. -- Kiryl Shutsemau / Kirill A. Shutemov