Received: by 2002:ac0:e350:0:0:0:0:0 with SMTP id g16csp234457imn; Thu, 4 Aug 2022 03:59:50 -0700 (PDT) X-Google-Smtp-Source: AA6agR5ifoJwHZgDplA5EElItdftq6TLjSqZx8EAXHhVFmFjTgOnAc612jTt4Ap4q7grlTQilvw+ X-Received: by 2002:a17:906:8455:b0:730:ce3b:5b13 with SMTP id e21-20020a170906845500b00730ce3b5b13mr978741ejy.151.1659610789936; Thu, 04 Aug 2022 03:59:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659610789; cv=none; d=google.com; s=arc-20160816; b=fXW5x4xMNUi9OorAi2yiUoDsTwYySzriwdLCvLiYf7PO19FAC2wMXArqdiS0pPtupJ lT0c03tGy3n53KTIMwYxkJYysU+cWWMbkIJryVC0POOjZKOyCxTH1uSZ2TeTRt4tOQo8 eG5hHx7jcPV7mCKASZqll/D2HZPKEefAl6u9vm90HzboZwrnJe39RhW3XhZacdMo/+0r a0ulIDuHpDaMXwnkI1uUkhWEIslJ6LlnnZ1z2/w1y7uO616leFZFfQMkpL1FmzEQdtc4 od2IqVzY3cjni5SDrl3WAm5Jiee5bECvr1dSZuHtvvxvNjsuqopWwb/UjfXuFtbZNdUM Uo5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature:dkim-signature; bh=mlktYDm7Q9WWK6B+W/bogBPhH4hH8aSA3B4MxQAXBh8=; b=p0THqAqrDijjPdVGgtcnkUHLx39T8dvlyy+AA+c/nhlKjPBfHKCMF2RhyW5Vpk6aWk 5X9UV6T6oauYbrmMaTSNy6E2dDoA+w04vVMnlXas4eKZPKeWRebLhO8vH9+tSRomQjkh KG35jkx9xBhRPly6SN0tCiV2HNmivrhI8oAlazmTobYFnQFWRQxMzJYhdN9qqzaVPfXR vIvD2f1BgbglitHYRjppDTCxuj5W2bp3eO9QpuFIsnIhwcOAj7RPowahNKegoGyvgPrV uFzmhxmAk423q0iCJxPpwJCteibZUhXNdn6xJHt6a9SXrfitqgAVoRF31Pbao023eSRg j+HQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=TPP8b3t9; dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519 header.b=o817tBQa; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hs23-20020a1709073e9700b007305f8cc1d8si485885ejc.819.2022.08.04.03.59.11; Thu, 04 Aug 2022 03:59:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=TPP8b3t9; dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519 header.b=o817tBQa; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238997AbiHDK4j (ORCPT + 99 others); Thu, 4 Aug 2022 06:56:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46500 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239183AbiHDK40 (ORCPT ); Thu, 4 Aug 2022 06:56:26 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [IPv6:2001:67c:2178:6::1d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1D5ED13E33; Thu, 4 Aug 2022 03:56:25 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 84CC520EDD; Thu, 4 Aug 2022 10:56:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1659610583; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mlktYDm7Q9WWK6B+W/bogBPhH4hH8aSA3B4MxQAXBh8=; b=TPP8b3t9rP/4eLEeZXO6gehvwrqcL7GwZPmNp1ThS0tbE/j1542zCGpq07mMbmExjzmwlX lXfgzuJ0CY6iYJqXmo4ApAu9S70VWGRjriAiRy5aI4x0SlodVrU8dHzjD3ON/ppZumNNz6 +x3nxSFky7Yjy+JgErlSstlF1EA2l8I= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1659610583; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mlktYDm7Q9WWK6B+W/bogBPhH4hH8aSA3B4MxQAXBh8=; b=o817tBQaO2BN6keT74Cjjte1SJotvXncGsbi9oVX1SnL7Y2Brd2tIf1H/kzQQWeXDBGYly BMVwf/IvHGGT+ZCA== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 06ED513A94; Thu, 4 Aug 2022 10:56:23 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id YtDiANel62J/GwAAMHmgww (envelope-from ); Thu, 04 Aug 2022 10:56:23 +0000 Message-ID: <5c6e8435-22bb-234a-87a1-96c9f4e93dc9@suse.cz> Date: Thu, 4 Aug 2022 12:56:22 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.0.3 Subject: Re: [PATCH Part2 v6 27/49] KVM: SVM: Mark the private vma unmerable for SEV-SNP guests Content-Language: en-US To: Ashish Kalra , x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, seanjc@google.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, michael.roth@amd.com, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, dgilbert@redhat.com, jarkko@kernel.org References: From: Vlastimil Babka In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,SPF_HELO_NONE, SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 6/21/22 01:08, Ashish Kalra wrote: > From: Brijesh Singh > > When SEV-SNP is enabled, the guest private pages are added in the RMP > table; while adding the pages, the rmp_make_private() unmaps the pages > from the direct map. If KSM attempts to access those unmapped pages then > it will trigger #PF (page-not-present). > > Encrypted guest pages cannot be shared between the process, so an > userspace should not mark the region mergeable but to be safe, mark the > process vma unmerable before adding the pages in the RMP table. > > Signed-off-by: Brijesh Singh Note this doesn't really mark the vma unmergeable, rather it unmarks it as mergeable, and unmerges any already merged pages. Which seems like a good idea. Is snp_launch_update() the only place that needs it or can private pages be added elsewhere too? However, AFAICS nothing stops userspace to do another madvise(MADV_MERGEABLE) afterwards, so we should make somehow sure that ksm will still be prevented, as we should protect the kernel even from a buggy userspace. So either we stop it with a flag at vma level (see ksm_madvise() for which flags currently stop it), or page level - currently only PageAnon() pages are handled. The vma level is probably easier/cheaper. It's also possible that this will solve itself with the switch to UPM as those vma's or pages might be incompatible with ksm naturally (didn't check closely), and then this patch can be just dropped. But we should double-check.