Received: by 2002:ab2:69cc:0:b0:1fd:c486:4f03 with SMTP id n12csp504151lqp; Tue, 11 Jun 2024 10:25:40 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVnu410hSPHnXoAzRIMWTT2EG55dhSJebIUy8BMnLoheIGm9TlB7tvBx5XfRTMHzaJcmls7qjS/N0rfe+BSkmj5f25MpTIPxb9aq1H5rA== X-Google-Smtp-Source: AGHT+IFz/oyOkrNiCuq/yhiSrZpYvayPc3QHpwGRSqJFYpfWGBdqgpv63SJnTWiXgFAqmLo0hHYe X-Received: by 2002:a50:8e17:0:b0:57c:6955:41ea with SMTP id 4fb4d7f45d1cf-57c6955422cmr5781618a12.38.1718126740324; Tue, 11 Jun 2024 10:25:40 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1718126740; cv=pass; d=google.com; s=arc-20160816; b=jW/gOI6GTPUkuBYbeTZV6CJk7iVhpwU/IIQkaSdEH3qRsx20zh5fa88iDSTXOYlvKq xc1l1dAjYnnLDd0e032NxmZs3ry7iy/UFtB2MSSwEK7hXfAcGGBPHKa3sIb9dpW2MAxE dvfQNTbxSpFA1deDb0DLXOcD02H28BheAsLtp6MvckmCRPMYhoWuID06rqSQ24i28ISt zMsinIxSE20dPp0nUWqLc6Fdddbp3qt5YrWb7mV4on2StbwGh1a7UN3uCkURk1ML45OL a6WbNPjewtDsK0Q8m9nGTXZm1PABunl/aUAm4pNs1N5kKOOc8n+p2vkIYc5EwUVtK8aO bTmg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature :dkim-filter; bh=hYy9Z7UOfeApYVUUfEu6Uk3cY5SNJtjciFlw18SBFjg=; fh=ZD44VuQNc5RtaGb0Tqops3Tcn+qyh0GW3JMeIqbh0VU=; b=qDL060FOmw62ubW+V9wZrlA3HuUIC9x4vI+/PDVWWRS8nd/cF8VlKVh3k+Z4ZTxhtw tJBHEi2wZc14/rH5mxtO7yr+6IV4yRTWWlcZxnXRTIYCAtFJ7ssktkMOlIgUH7xrB8gH YI8YeaQIzRfj0blF4noHj4WP69E+mCkK/ETaWODS1i2KfXVrEhZGKab0cbfqaehZTwHG /8AlHMnsdrQmWmUKFZUicp38oLPJy4+Uh2JXBIYvyQxYTwFTZ5LtTLK9EM6iRb66Eprs /VR48d9DL6LTKPuKW3aEvLWvBmKD167+w1w8YVTEKcKHd2TCA3fGPNpWLhErMvQEwAfI AkLA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=TfVWZPhu; arc=pass (i=1 spf=pass spfdomain=linux.microsoft.com dkim=pass dkdomain=linux.microsoft.com dmarc=pass fromdomain=linux.microsoft.com); spf=pass (google.com: domain of linux-kernel+bounces-210325-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-210325-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id 4fb4d7f45d1cf-57c6e55fbd3si3805804a12.629.2024.06.11.10.25.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Jun 2024 10:25:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-210325-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=TfVWZPhu; arc=pass (i=1 spf=pass spfdomain=linux.microsoft.com dkim=pass dkdomain=linux.microsoft.com dmarc=pass fromdomain=linux.microsoft.com); spf=pass (google.com: domain of linux-kernel+bounces-210325-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-210325-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 11D6E1F24BA1 for ; Tue, 11 Jun 2024 17:25:40 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D6ACE4CB55; Tue, 11 Jun 2024 17:25:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="TfVWZPhu" Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B684B29CFB for ; Tue, 11 Jun 2024 17:25:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718126733; cv=none; b=LRnbU5S1oezKQYiyu1q/fBOdIbbxvAdhbTBkcCtWzBd32OJvWwu+968lvL/C4y3+o4/0z9JX8POfyUmeyS8LuDIuRx/tTYC6zA4YlJ6jJZeWc8CJYPYabPSYhm1hiz0i1TKZqx4aeod53VlgSz3KUx/rKVd+rloio9QVEnUaXoM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718126733; c=relaxed/simple; bh=sXsOnOsEJkzdxHb0AOeo80FrLDjg8+O7EkvX3iyA3cw=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=uK1yVR00fdtgovEyKo7XYVeHiud/32Qgo/RFWiB8VHoWAOV31mQTf/zZelhHucnd4NBuX7EDXFdiyhBorjPxcnDWz0pDpfKckucthLVC1BKMzfy+kGSM65dixFw9IW/Q0QlH8v/wwnTgBD+Qr8qrxAuFdTc62fHNFAAGI8baGms= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=TfVWZPhu; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Received: from [192.168.1.212] (103-24-144-85.ftth.glasoperator.nl [85.144.24.103]) by linux.microsoft.com (Postfix) with ESMTPSA id 5FE1F201F17B; Tue, 11 Jun 2024 10:25:28 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 5FE1F201F17B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1718126730; bh=hYy9Z7UOfeApYVUUfEu6Uk3cY5SNJtjciFlw18SBFjg=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=TfVWZPhuOEPUhvge2t3eWBrq5Xs+fciFZeQd+9BHY7bmruOwjJwOfWnOef8AzDfjV KuGF5ntY+kyWuyT8fxcIB/hEQ7ul1pWBgxERnYFoLUc3/AesZ1aysJ6ztqornQFRRU gC/gGDZoKaF5/05iddjqth0JkF5CsHQ01TJ09oac= Message-ID: <31ead5ce-fb38-4c0d-9bf9-606b59d6da09@linux.microsoft.com> Date: Tue, 11 Jun 2024 19:25:27 +0200 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [EXTERNAL] Re: [PATCH] x86/tdx: Generate SIGBUS on userspace MMIO To: Chris Oo , Dave Hansen , "Kirill A. Shutemov" , Dave Hansen , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "x86@kernel.org" , "H. Peter Anvin" Cc: "linux-coco@lists.linux.dev" , "linux-kernel@vger.kernel.org" , Dexuan Cui , John Starks References: <20240528100919.520881-1-kirill.shutemov@linux.intel.com> <4df2ebee-40c0-4ea3-8909-13b90f049ff1@intel.com> Content-Language: en-CA From: Jeremi Piotrowski In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 11/06/2024 19:17, Chris Oo wrote: > We have a usecase where we have device drivers in usermode using vfio that mmap regions of the address space to access device BARs. In this case, when the #VE handler cannot emulate mmio on behalf of usermode, we need the SIGBUS to know if we should retry the attempt via doing a write via the vfio file descriptor. > > We don't want to have every mmio go through the vfio file descriptor, because for pages that are actually backed by physical device's BAR we won't take a #VE and introduce a bunch of extra path length, but only if the host has chosen to emulate some page in that BAR. We also don't have any way of knowing which pages will cause a #VE because there's no way for the guest to query which pages the host has chosen to emulate accesses on. > > Chris > > -----Original Message----- > From: Dave Hansen > Sent: Tuesday, June 11, 2024 9:16 AM > To: Kirill A. Shutemov ; Dave Hansen ; Thomas Gleixner ; Ingo Molnar ; Borislav Petkov ; x86@kernel.org; H. Peter Anvin > Cc: linux-coco@lists.linux.dev; linux-kernel@vger.kernel.org; Chris Oo ; Dexuan Cui ; John Starks > Subject: [EXTERNAL] Re: [PATCH] x86/tdx: Generate SIGBUS on userspace MMIO > > [Some people who received this message don't often get email from dave.hansen@intel.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] > > On 6/10/24 06:55, Dave Hansen wrote: >>> Enlightened userspace may choose to handle MMIO on their own if the >>> kernel does not emulate it. >>> >>> Handle the EPT_VIOLATION exit reason for userspace and deliver SIGBUS >>> instead of SIGSEGV. SIGBUS is more appropriate for the MMIO situation. >> Is any userspace _actually_ doing this? Sure, SIGBUS is more >> appropriate but in practice unprepared userspace crashes either way. > > I also can't help but wonder if there's a better way to do this. > > Just thinking out loud.... Ideally, we'd reject creating a potentially troublesome VMA at mmap() time. That's way better than, for instance, panic()'ing at some random place in the middle of program execution. > > But I guess that's likely not possible because someone could be doing a VM_MIXEDMAP VMA that only has normal private pages and never _actually_ needs or has a shared page mapped. > > I'd still love to know what actual kernel drivers and actual userspace would be involved in this whole dance. It's still way too theoretical for me. Is there a reason we can't fix the handler to do the #VE->mmio emulation for userspace too, so that this scenario works just like outside of a CVM?