Received: by 2002:ab2:6d45:0:b0:1fb:d597:ff75 with SMTP id d5csp427382lqr; Wed, 5 Jun 2024 09:53:13 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUjKLEHSsIIBaWa/1lhYoa15VZVu+AVXAvjvFpLjbJ2+j5rW0qUFjpP8WlglAhYnrd9zNIWrCwoLaQ6rZ01JAfbYLWZbmMLw9C2010TdA== X-Google-Smtp-Source: AGHT+IF9L15V9CAY6lAhk9kov+XDBjoHjtWhoXzZop1cearScPveR3A+zLF3wA/ci0UlI+rFT3BZ X-Received: by 2002:a05:6a20:734f:b0:1b2:aa82:4b33 with SMTP id adf61e73a8af0-1b2b710b7bcmr3964112637.49.1717606392833; Wed, 05 Jun 2024 09:53:12 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717606392; cv=pass; d=google.com; s=arc-20160816; b=K94lzQFDphBAJbh3UTu0ZrDwDePys3boX6uzOOhsS1wgoM66gJkA7tP4ct6vCgiVKc 2GqDs/ugGpr467fcov6Sjg/A/8nzxgeuIsIwOT9MHCAUzKugbuFUue/q8zQVj3NtlLG5 YmT1wQTkzoStXpBwFxBD4NhDKvijbpdvWRJcuWDRrD0/+aZJ8bGEOcTDyp0nikirzYvB 2ssFBTryY+aS0w16RDMR0E+RYfFtRMNzhppHd9BqK6eQNIK5PvwzicWpt0mXE4Zu72Gb Me/HKI0THmbVKYhpPNPb5K6MY+NRGjAZoK38ooUQuG3DSK104M0Bb2A+wMT1w/lRWOmT syQQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=n46pw7E8aLNckIy2epyAQOGtaSvYkGoJmNm1e5xwUSY=; fh=kQiP5NwTViA44VlqguMLrhtyYV6A9eslZre2gLTq5Gs=; b=Oa2H25Y+jokEK14ZZS5UkMHI1Qz2uyz2pizyi7KlSud/kH9jgpYuP4YgrXCb7Cyzd9 o3QKuqTlDXLiWVAmFNz8aETzgJTSlajNKyhluw/cGHkLsY417VYQF3L57OdxQcJsaLSM 61GWhqdft3XhTzrKPZUXL2z6jwAz/dg5zCFQfxzJnX2UQiqUu4FiG8eELRjh70EvF+sP tkksMUTupn9QJP09vAvuzeQmx3L0BtA/BVkxgN5H20rs/sEveh5J219XpOto9E/Gl0l4 nvI5BdedskTL3jvzGugq7CUVdojuZKKZ1TRYvXeH2yUBi8xBhz+B7ZLwCNHwYkCr1Q6s Invg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=iG0rIBEp; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-202590-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-202590-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id 41be03b00d2f7-6c3542e394bsi10267604a12.95.2024.06.05.09.53.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Jun 2024 09:53:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-202590-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=iG0rIBEp; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-202590-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-202590-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 12B74286E6F for ; Wed, 5 Jun 2024 13:07:14 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9C40B1D3657; Wed, 5 Jun 2024 12:21:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="iG0rIBEp" Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5EFDD1D3651; Wed, 5 Jun 2024 12:21:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.19 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717590111; cv=none; b=W0wP7zMQTjqdhUaOWy4b6OiJiAKqhwgVR5+mN+Y1ODkuDyEJFGES3fEJeY9uiA7Yv2rYIopZITR8ECyNvghazXmGZKZPtqCWNLMSbhE2vHdghPmL0m66FU+htjI+cc/oSIMDrmYyMduPCkrYQhNmk6eWU7e56O4VfOIbZt2vJD8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717590111; c=relaxed/simple; bh=UHHCuXxgr4YI01SKxX+c/bFPiTRBKJKPTARrf8CN9LM=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=JdsIykdupdVCNw6FTES+pylz9Nf0ZH9DzubP46R3AWUjGvKEZUeYE3TwV+BJ2/6V/T7h/BVyGcZqKjks3C32K2EvPW/tYPH+08Yng6CEEZ6kJFEviEdxHKS3OdvVpmSZxnN0Xn+RGKxoOtBvVje7i8z8MxtrHVS9yhsw/zEVq1w= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=iG0rIBEp; arc=none smtp.client-ip=192.198.163.19 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1717590110; x=1749126110; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=UHHCuXxgr4YI01SKxX+c/bFPiTRBKJKPTARrf8CN9LM=; b=iG0rIBEpIqDlSNQ9xy3z1IUpZZhOjEOJQCLm3JOytg0QVLRLQTKMzy2t t08zE4bJupjrd4JEbQaDqlHiH4FIqfOp202xa1S4tadLX0Gwn7geVSIao M5OWxzym+YJjExTula0L2GSIAjTYMBqUJvYE5MSRrVfrtF3sADX6uomuS KTuUUKRSCZqwH9yJxgYnhGNk053Vog63ruOcPFRtkoOmObZzsotwTNUye smGS8SWdc06j9HrXqTAo6+TOdRCu8Q0JzBPsx1YWuyNr9PVnWvb4SSDXg rgXikCBVulhxt+d1mgODtQA+dWSumAv1TyfrVg4g/nmZs+Tn0C4cQgj/f w==; X-CSE-ConnectionGUID: JP5Hg7PqSwC7Qq2DAG/WFA== X-CSE-MsgGUID: BiSN2J+PSLq+MZpHu1INXA== X-IronPort-AV: E=McAfee;i="6600,9927,11093"; a="13998764" X-IronPort-AV: E=Sophos;i="6.08,216,1712646000"; d="scan'208";a="13998764" Received: from fmviesa001.fm.intel.com ([10.60.135.141]) by fmvoesa113.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Jun 2024 05:21:49 -0700 X-CSE-ConnectionGUID: CApkPYYZQBC0yiDEy7bMSw== X-CSE-MsgGUID: 1fIP69SpRjaarDLU3PYGpA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,216,1712646000"; d="scan'208";a="68714614" Received: from black.fi.intel.com ([10.237.72.28]) by fmviesa001.fm.intel.com with ESMTP; 05 Jun 2024 05:21:43 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 5E1A81B6; Wed, 05 Jun 2024 15:21:42 +0300 (EEST) Date: Wed, 5 Jun 2024 15:21:42 +0300 From: "Kirill A. Shutemov" To: Borislav Petkov Cc: Dave Hansen , adrian.hunter@intel.com, ardb@kernel.org, ashish.kalra@amd.com, bhe@redhat.com, dave.hansen@linux.intel.com, elena.reshetova@intel.com, haiyangz@microsoft.com, hpa@zytor.com, jun.nakajima@intel.com, kai.huang@intel.com, kexec@lists.infradead.org, kys@microsoft.com, linux-acpi@vger.kernel.org, linux-coco@lists.linux.dev, linux-hyperv@vger.kernel.org, linux-kernel@vger.kernel.org, ltao@redhat.com, mingo@redhat.com, peterz@infradead.org, rafael@kernel.org, rick.p.edgecombe@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, seanjc@google.com, tglx@linutronix.de, thomas.lendacky@amd.com, x86@kernel.org Subject: Re: [PATCHv11.1 11/19] x86/tdx: Convert shared memory back to private on kexec Message-ID: References: <20240531151442.GMZlnpYkDCRlg1_YS0@fat_crate.local> <20240602142303.3263551-1-kirill.shutemov@linux.intel.com> <20240603083754.GAZl2A4uXvVB5w4l9u@fat_crate.local> <78d33a31-0ef2-417b-a240-b2880b64518e@intel.com> <20240604180554.GIZl9XgscEI3PUvR-W@fat_crate.local> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240604180554.GIZl9XgscEI3PUvR-W@fat_crate.local> On Tue, Jun 04, 2024 at 08:05:54PM +0200, Borislav Petkov wrote: > On Tue, Jun 04, 2024 at 07:14:00PM +0300, Kirill A. Shutemov wrote: > > /* > > * If tdx_enc_status_changed() fails, it leaves memory > > * in an unknown state. If the memory remains shared, > > * it can result in an unrecoverable guest shutdown on > > * the first accessed through a private mapping. > > "access" Okay. > So this sentence above can go too, right? I don't think so. > Because that comment is in tdx_kexec_finish() and we're basically going > off to kexec. So can a guest even access it through a private mapping? > We're shutting down so nothing is running anymore... This kernel can't. But the next kernel can. If a page can be accessed via private mapping is determined by the presence in Secure EPT. This state persist across kexec. > > * The kdump kernel boot is not impacted as it uses > > * a pre-reserved memory range that is always private. > > * However, gathering crash information could lead to > > * a crash if it accesses unconverted memory through > > * a private mapping. > > When does the kexec kernel even get such a private mapping? It is not > even up yet... Crash kernel provides access to this memory via /proc/vmcore. Crash kernel will assume all memory there is private. > > * pr_err() may assist in understanding such crashes. > > "Print error info in order to leave bread crumbs for debugging." is what > I'd say. Okay. -- Kiryl Shutsemau / Kirill A. Shutemov