Received: by 2002:a05:7412:3b8b:b0:fc:a2b0:25d7 with SMTP id nd11csp967301rdb; Fri, 9 Feb 2024 06:38:54 -0800 (PST) X-Google-Smtp-Source: AGHT+IGFVS7MoH5Fd/zFSGY4Cosj/17gI4XA3DD9TywjErgB0Wx617+usdI/5CACbKskKk8smp6C X-Received: by 2002:a17:90b:238c:b0:296:2845:aa43 with SMTP id mr12-20020a17090b238c00b002962845aa43mr1867082pjb.38.1707489533718; Fri, 09 Feb 2024 06:38:53 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707489533; cv=pass; d=google.com; s=arc-20160816; b=r+NCPRGARDIrqKbexC/zexITUMxN9SsV97A51cn710Hv3PEh9A/KhqUZcKGGfivLKD LU/aJIDWfpBgSUjfir70Ei0lHuD2WRoNPbe5V8smZZ9KeIo4YCwkHEYku5gSmqNFUmle xaz3bdmBZd7m1rh7DV3KVpYNjU0Syp2XGQpAkiLw7AqZQGtfRY4kP1VYZrOf6dbg6Bvo q/6RKam+dhtU8oywTB05QNXRX1M+O0W/a3i9kvWnIyzh3a/At7ZSrV6QLVB6h2q75ize C0WM2V0KmXmtA5zDQt1newlkXMuaTAAh8sqe9dSS+mjvfYd0fYFZ40iy36EJGrjhGmyc Pr5Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :in-reply-to:date:dkim-signature; bh=ogb4ATBnN2iysVy3kYWYrQJMQNa+6CsJIghREb4Ixj8=; fh=2gvgyYCYpEFrNVhctZr/wUgDQrv4PKm7hF2HhM+qMdo=; b=0xVCPsa1w6hkWi7PLkf3pd82qEopOz548hI37SBQ0c2Y9tKtmpCQ5WaXllCu5W0mRP uy2xR/S1UV9VyHE/Ta0QDHXkRnOs3HLIl+3EBKyOoURAvSbYTDIzQqpdtW+aBPaY/dwh qukmHb3vkSwuSsxnBu3PaqpN380VVNiwZaKYwPxLR+wXZCpXQZNWFr8sJgzulYa8CDQr CjEySK6A90cX+qdnEAUkFRbjUtsEclsKpUQAvoEdQiXOH47cA5mCZEACq9tlyLXwb3mA VAkKxxiI0bbbk/YfzZoy6/m4tzI8acKSg//si3LH1RNoBkWrv56fDUjxeGeKaRCCivaW MJQw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=Q0np9RMG; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-crypto+bounces-1943-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-crypto+bounces-1943-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com X-Forwarded-Encrypted: i=2; AJvYcCVIwP91T5PKF4jivV6WRW8Wd2FEOn9J5DFGLQjYc2af0+DOlxM/4cAhAUecztbrRYv4UMLHPXfkJ+/PyL2mUQJ1SI3j1UmIjfBD6Ks/pA== Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id r9-20020a17090aad0900b0029689cd7463si1634327pjq.186.2024.02.09.06.38.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Feb 2024 06:38:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto+bounces-1943-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=Q0np9RMG; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-crypto+bounces-1943-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-crypto+bounces-1943-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 2EB6E28197F for ; Fri, 9 Feb 2024 14:38:51 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E95B26A018; Fri, 9 Feb 2024 14:34:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Q0np9RMG" X-Original-To: linux-crypto@vger.kernel.org Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3629A69955 for ; Fri, 9 Feb 2024 14:34:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707489267; cv=none; b=GzEJeoaIX5AKOljf0yuIxILRXhBKJzzFsJYwjpfL0MhsGyIOPA2szIoMVrRjMkodCDAClmL4FAyN+NVkABIf5y56z/0pH/iwdLIRdGLhoY0Ta1vFTW4iqwECqrdcqAuUcmukgtNIfteP0mPy6zbJWyeN12D7Zqd+EVrwSW/M8kk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707489267; c=relaxed/simple; bh=uDVju7ixAiwjpj/e3kzUH3e/2RTTarHMD2S0WTFI0dk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=upRGJpJFrRIOhhE89RtloOLz+jz4w1azB0KZn1+ozwkOPFmnf62+7UEOan+SB8KUzXZJA37bVX1A8gcnS252R/ETv+LYWzjog24v4FjqSLLeB+n3pwUD3QNVS++oAG0rvPeDEK89AhZAfPHwAF74Ko6nMrzfdDrHaiPdwgGHt+k= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Q0np9RMG; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-dc6b2685ebeso101012276.1 for ; Fri, 09 Feb 2024 06:34:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1707489265; x=1708094065; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id :reply-to; bh=ogb4ATBnN2iysVy3kYWYrQJMQNa+6CsJIghREb4Ixj8=; b=Q0np9RMGkeKUjHcN5rGnEpwKssz80xtQ0E1KR+92F8G6I6IT6UJOgzIRHL2gMNnSOq 0S0L8wSuQZ9XeOkGRwzv9lh+x3Owlwtx31OdaEETC0f7NQ5WuKxhbByx8a6ingjmedd2 XlU9o+HnlhIWrbCyMVxiRL4wsHi/9neAW47hBqLPAjb30Pt/eUdbEecroOp+a3wRljgm bFCLb/HaUrPqFX4z2R3ppEysFFy5zawjRNagSbnnOgchYpK9aK5FlvcGNAh/B1eM6qq7 oc7UeFU/NLI2CpWFB4mdqLT7gyUCG/KN+xjC1RJLvUgOyILfk8OVAl/Pjv/qMnCo28JF Czrw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707489265; x=1708094065; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=ogb4ATBnN2iysVy3kYWYrQJMQNa+6CsJIghREb4Ixj8=; b=mLbsVBn+2TvWnDnZ+Mgk0RwVxT/ogX8vbIVzAibjUlcMwvuf2NOhvUqRmCW0aarmah eJdMVInXoSltD8z3pJ6jiOIblWSCaV/pH15c0pBE17M2gZoQWc6+Y3NycBX7ZY1TRzUx OutQEJMDdbrdN4yxAl435w097JJtOge9p2nyE3nl0ED1aYC/nRz35bxLbXkmmzu2Nz6y x4Oa2T25oLrIDODkfFl+ZXvFPvJSgonQnAPwbvRpMWRMWFVTIbEnLzyIoIsjf2552WqI +hgfWcqQLWOetElCfSVdiO1szW2cMOMF8DOgezOZAbncvTznrKOAIQGmQUkML6rOY/F8 ya3A== X-Gm-Message-State: AOJu0YxC8OI2xytPSFCVWcp2oVY1sU1af06ylLlv6/GLVt8PDGXJvWn0 iU5ZY4gYVoErAXJycTJT76LdlH2XF5LFMZ4FdCfIrnJDUD38ZMFcJwrzOYUju9uKaVfxFsuLmpg 6IQ== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:a1e5:0:b0:dc6:e823:9edc with SMTP id a92-20020a25a1e5000000b00dc6e8239edcmr354524ybi.8.1707489265182; Fri, 09 Feb 2024 06:34:25 -0800 (PST) Date: Fri, 9 Feb 2024 06:34:23 -0800 In-Reply-To: <20240209015205.xv66udh6hqz7a6t7@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20231230172351.574091-1-michael.roth@amd.com> <20231230172351.574091-19-michael.roth@amd.com> <20240116041457.wver7acnwthjaflr@amd.com> <20240209015205.xv66udh6hqz7a6t7@amd.com> Message-ID: Subject: Re: [PATCH v11 18/35] KVM: SEV: Add KVM_SEV_SNP_LAUNCH_UPDATE command From: Sean Christopherson To: Michael Roth Cc: Paolo Bonzini , kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, jarkko@kernel.org, ashish.kalra@amd.com, nikunj.dadhania@amd.com, pankaj.gupta@amd.com, liam.merwick@oracle.com, zhi.a.wang@intel.com, Brijesh Singh Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Thu, Feb 08, 2024, Michael Roth wrote: > On Wed, Feb 07, 2024 at 12:43:02AM +0100, Paolo Bonzini wrote: > > On Fri, Feb 2, 2024 at 11:55=E2=80=AFPM Sean Christopherson wrote: > > What sanity is being checked for, in other words why are they useful? > > If all you get for breaking the promise is a KVM_BUG_ON, for example, > > that's par for the course. If instead you get an oops, then we have a > > problem. > >=20 > > I may be a bit less draconian than Sean, but the assumptions need to > > be documented and explained because they _are_ going to go away. >=20 > Maybe in this case sanity-check isn't the right word, but for instance > the occurance Sean objected to: >=20 > kvaddr =3D pfn_to_kaddr(pfns[i]); > if (!virt_addr_valid(kvaddr)) { > ... > ret =3D -EINVAL; >=20 > where there are pfn_valid() checks underneath the covers that provide > some assurance this is normal struct-page-backed/kernel-tracked memory > that has a mapping in the directmap we can use here. Dropping that > assumption means we need to create temporary mappings to access the PFN, No, you don't. kvm_vcpu_map() does all of the lifting for you, with the sm= all caveat that it obviously needs a vCPU. But that's trivial to solve with a = minor refactoring, *if* we need to solve that problem (it's not clear to me wheth= er or not the APIs for copying data into guest_memfd will be VM-scoped or vCPU-sc= oped).