Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp3416796rwb; Sun, 20 Nov 2022 13:46:49 -0800 (PST) X-Google-Smtp-Source: AA0mqf6UH0VPMtc2P15S5Rr0UYWbLCHdocpeGJOIIEl/ugP9+ijJfFydaqumwS46YJnKFjfJKB+F X-Received: by 2002:a17:906:29cc:b0:78d:a836:1d88 with SMTP id y12-20020a17090629cc00b0078da8361d88mr2292949eje.470.1668980809239; Sun, 20 Nov 2022 13:46:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668980809; cv=none; d=google.com; s=arc-20160816; b=WPlnm81IDKYduaVR0OOBbtVrg553bsfY8LYhEbw0lzLe3+NlO5yK/YiUFQowoFotCe CTq+tty7N4cXyGrWO9ZRpj4Ug6PcP615AxAQb4l0LaZspXxvAUpnkSSurYdTH7eDjGm9 FR9z7UWEz9tJgQqzcS/i79k9hTv/QDUStuHKt0sJR8DG+Qe8Xy7UrEatWk9//sh12JLt ltnrdaN7eRHiktRKT578kvjCqQ3qpd7m511SkbMltHFluWtufuUB+Ja6H4/GQWd4Wp1F USFp2cM10O0Rf40p+h37xjS4fqEKUnCAfu9RaENlN/VELfS3peng3i3sUQ8VXoCLQofM 9Jfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=MU/mPOtQaxPIEiXZaqef4n2ESApESPnWFV9ksNgEQU0=; b=m6YDNZRb0M5U4L/47jnumrTON/eTCDTBklEAfPeAn7Aj622ZF+gtZ+N2U0FUaOiXTi bnX28WD8q3wg5guy4A8atUJhRpIEmzp5wcw/VGOyQ3+9+wjQ1e/QBTzFaSD8DoQ/yShX zDgfeS19TMV03n3SML3gItA4uGWsV92WnPFZFg8EWK24W0M75S1taASuKFNQP5YrDVWe DCcGa9MsmfpohjtJz62vz2GKT2/gyWGTvx6EkV3Aiql0aQP1PZcorXf402mLviAO7ktO KHRXDR0mzcobbR3k9slc47NFRc5gk3wrAEIPVYTxuECMC0PbxDvqlJuN/klP352/EMfX fI2A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=gFsAknCC; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id sb1-20020a1709076d8100b007af0bc6e10asi8832136ejc.213.2022.11.20.13.46.15; Sun, 20 Nov 2022 13:46:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=gFsAknCC; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229600AbiKTVeR (ORCPT + 99 others); Sun, 20 Nov 2022 16:34:17 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47198 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229554AbiKTVeQ (ORCPT ); Sun, 20 Nov 2022 16:34:16 -0500 Received: from mail.skyhub.de (mail.skyhub.de [IPv6:2a01:4f8:190:11c2::b:1457]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6F87927FED; Sun, 20 Nov 2022 13:34:13 -0800 (PST) Received: from zn.tnic (p200300ea9733e725329c23fffea6a903.dip0.t-ipconnect.de [IPv6:2003:ea:9733:e725:329c:23ff:fea6:a903]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id C6D581EC02FE; Sun, 20 Nov 2022 22:34:11 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1668980051; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=MU/mPOtQaxPIEiXZaqef4n2ESApESPnWFV9ksNgEQU0=; b=gFsAknCC944e+v3lSc/yaLPJAy9TZ++t5KLypK6/QtbQQV1+nSewg1M/XPNPbe7udjUoKY XkJYWm7M3S2B55bQ82gf5JmgRLTzx9o51DwMSbzF90QR2CE4t51TA++ITub8kM89vDlwYj WqVsyvDAGl5XDyti2GFZL3qEqoO94ZU= Date: Sun, 20 Nov 2022 22:34:06 +0100 From: Borislav Petkov To: "Kalra, Ashish" Cc: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, seanjc@google.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, michael.roth@amd.com, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, dgilbert@redhat.com, jarkko@kernel.org Subject: Re: [PATCH Part2 v6 14/49] crypto: ccp: Handle the legacy TMR allocation when SNP is enabled Message-ID: References: <3a51840f6a80c87b39632dc728dbd9b5dd444cd7.1655761627.git.ashish.kalra@amd.com> <380c9748-1c86-4763-ea18-b884280a3b60@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, Nov 17, 2022 at 02:56:47PM -0600, Kalra, Ashish wrote: > So we need to be able to reclaim all the pages or none. /me goes and looks at SNP_PAGE_RECLAIM's retvals: - INVALID_PLATFORM_STATE - platform is not in INIT state. That's certainly not a reason to leak pages. - INVALID_ADDRESS - PAGE_PADDR is not a valid system physical address. That's botched command buffer but not a broken page so no reason to leak them either. - INVALID_PAGE_STATE - the page is neither of those types: metadata, firmware, pre-guest nor pre-swap. So if you issue page reclaim on the wrong range of pages that looks again like a user error but no need to leak pages. - INVALID_PAGE_SIZE - a size mismatch. Still sounds to me like a user error of sev-guest instead of anything wrong deeper in the FW or HW. So in all those, if you end up supplying the wrong range of addresses, you most certainly will end up leaking the wrong pages. So it sounds to me like you wanna say: "Error reclaiming range, check your driver" instead of punishing any innocent pages. Now, if the retval from the fw were FIRMWARE_INTERNAL_ERROR or so, then sure, by all means. But not for the above. All the error conditions above sound like the kernel has supplied the wrong range/botched command buffer to the firmware so there's no need to leak pages. Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette