Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7EEA3C433EF for ; Thu, 25 Nov 2021 10:07:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1354194AbhKYKLI (ORCPT ); Thu, 25 Nov 2021 05:11:08 -0500 Received: from smtp-out2.suse.de ([195.135.220.29]:57768 "EHLO smtp-out2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1354391AbhKYKJH (ORCPT ); Thu, 25 Nov 2021 05:09:07 -0500 Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 956CC1FD37; Thu, 25 Nov 2021 10:05:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1637834755; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kLPULizaw+dBwYMC93K74dbVtddw6M0ydyywTzQqk/g=; b=raCxzSygda+EyfOy/HkKqzNIozsd/tth4uNMD+gAzqhgwmCtE84LczdR0N42CyCySfr0vz 4NSscVkTyETAVvpPlsnFZYu5OSG9YFVZUfeeobFwSIPtDtPlqLJfk50KeraCGRB+kz/YIm 6D1DVwZrfgctmB0qd23TV6hQUy4UL9w= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1637834755; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kLPULizaw+dBwYMC93K74dbVtddw6M0ydyywTzQqk/g=; b=hYJaK8EcP6btovpH+1sJkuNWQ89VC0QAgBKNpeivVpR7P3nLfG0eRJAlC+gG/KYla3RL7n 7EE3TtUZ+qLom5Ag== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 6439C13F5A; Thu, 25 Nov 2021 10:05:54 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id OTKTFgJgn2GVNgAAMHmgww (envelope-from ); Thu, 25 Nov 2021 10:05:54 +0000 Date: Thu, 25 Nov 2021 11:05:52 +0100 From: Joerg Roedel To: Dave Hansen Cc: Brijesh Singh , Peter Gonda , x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, Thomas Gleixner , Ingo Molnar , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com Subject: Re: [PATCH Part2 v5 00/45] Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support Message-ID: References: <20210820155918.7518-1-brijesh.singh@amd.com> <5f3b3aab-9ec2-c489-eefd-9136874762ee@intel.com> <38282b0c-7eb5-6a91-df19-2f4cfa8549ce@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Wed, Nov 24, 2021 at 09:48:14AM -0800, Dave Hansen wrote: > That covers things like copy_from_user(). It does not account for > things where kernel mappings are used, like where a > get_user_pages()/kmap() is in play. The kmap case is guarded by KVM code, which locks the page first so that the guest can't change the page state, then checks the page state, and if it is shared does the kmap and the access. This should turn an RMP fault in the kernel which is not covered in the uaccess exception table into a fatal error. Regards, -- J?rg R?del jroedel@suse.de SUSE Software Solutions Germany GmbH Maxfeldstr. 5 90409 N?rnberg Germany (HRB 36809, AG N?rnberg) Gesch?ftsf?hrer: Ivo Totev