From patchwork Fri May 19 16:30:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 96497 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp1368625vqo; Fri, 19 May 2023 09:40:44 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6DUSRTEA2Wr4T//ogRdFPafrwqij2LfEBlx0YHWJ5DNRJP5VDFBEKE/qJjU7Zqw5zuErNT X-Received: by 2002:a17:90b:30d5:b0:252:8b33:52cc with SMTP id hi21-20020a17090b30d500b002528b3352ccmr2646968pjb.16.1684514443791; Fri, 19 May 2023 09:40:43 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1684514443; cv=pass; d=google.com; s=arc-20160816; b=YJyIuzkp/pJHR2cdkh6bsF6eTAtyBIu7WKj4chZ/HngMK0oP3xN1aT4ohWbBdm1lRo SjPKej5RXc8u9DbgukcoB2DCUKGYu0xJCswPygUQTtzaxoyaOZBmT+sLwFEJfazcXu4A iGFeh/6Aqm9rv4SMA5vg2ZI0vJNhD2SiD6QfqIE0SG6TET3mouctnRfpVgKMGpAjKOwy lZkEtIohDwdB5TBIxPHBXgbgsWEqfHORrjk1JhVq/4gV8tod+ygp0K4dNU5z43maGH9c Pn24JjfjjxrWaQVRBpaAI96np4soBoLWGxrNXmha+cbMUjP0Y6Z9MjMadMPqs7up90Wr P47g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=zrl1+aY9B4MUc/Htnd/dbIrwQO2Nvs4GfUL3eP6gJLY=; b=mZLVdsSwYEfM2cMpB+cm7PtG+FQG4lezxVuZ1puyqJQT6rnL/oicEsasUTokUUPnri G/qNRqUPBGq3eKBJbfu1xJJD7mZkkYu1tbOTw+9NpV+SjSqZ/9dDhd+nSJRfb6V8O8u9 Of9rQlXZusVLScVEWvRi1qLkcA4O6r3cvSQdSgDsnXHc6TtuOWtRW6npqXOmr85j0O1+ MWawrnVzLLG/DPV9GoGreg58pPriEbSHWsCASZK/Bin4mfXpCw0nIFBLMs9tymNn/aTy q0RyKeLidgKLaNuc4XnScWB2beYms7jAO2fvGfKsK25sWQQy3phl7oDj7dalNl3GEKvI ibEg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=GmELiOWm; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bt14-20020a17090af00e00b0024e3527e8e9si1994451pjb.9.2023.05.19.09.40.28; Fri, 19 May 2023 09:40:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=GmELiOWm; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230409AbjESQal (ORCPT + 99 others); Fri, 19 May 2023 12:30:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54696 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230356AbjESQai (ORCPT ); Fri, 19 May 2023 12:30:38 -0400 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2089.outbound.protection.outlook.com [40.107.92.89]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 587868F for ; Fri, 19 May 2023 09:30:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EzR5c/BQWzZjKSkKHsX5bNwhFiMRVhF1b7AtA+iz1aaxEmlkmdRKou2HHWR3RJJdGcIUC/TaOoEWJkOBAOFg0hfjl/eedEzjVxR4g8JpuJUmPgBEhhSt1NgkNBbfu2WAP9TxtvGItT/ncSuPdtCNlPekzgj13coza72Y06P2PuxSYBJUPmIzA1d6WJqJyu47yvborLKF7UJcG611yA0mQbEyOmjapqr+4/N8RBeLGseLRC5IOY4cF9fze+Ed/k/DPZirXXKO6LQ2qs283pvX050iRWYg0993DyJ9IMKFfRj2gxpaFHZfr6Vs9pFUbiVmmSsqj3pzh33s9yJpCPKYjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zrl1+aY9B4MUc/Htnd/dbIrwQO2Nvs4GfUL3eP6gJLY=; b=HxGNSBdQO3ROXZe7bezTQ9+G+SofqaxVQbANneeRx09uC2YrWIeeqeX9bk1txZ3NPWtgMMmyPCSAk/cy41dBPuEAuF8YeT5/leiPNoJHtutXrOxW+qxwlZp+HezRAB9P4TYyURP5U+Ge7QOH2ltzDRsmmDZBAMmj/MjmEq/C+sRrVYSywksuWGc6MI35/OZbPdeD0GMSIQaag7uXy1+twQJIl4UL3cx7xDdraZeK1iMloqI1rr5viMJ5bjIVbfMmbeWSVRA/B6WsTp/uDepE2UkHrSXVacKDZ0ckGaaLcZ0xtZIcg1x6YxJr8aTY6L7B+TfP7yGMG8BkENyGeKaeLw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zrl1+aY9B4MUc/Htnd/dbIrwQO2Nvs4GfUL3eP6gJLY=; b=GmELiOWmq7RC2wVOyVHG5NtpWoZ0YTJMdBAFeJuBTlyNSZ+CFLb+lNW3T8JUzRDUA2hpMranpacBk0lgaP7YHjP+c/fM0Bw2rPzzu0MMJ8AhHJxe5rwsNfmec24HaJLDYT7nP8q7OvwEqCCluO0Igilb3dXOE5da0rhJaf+B5qY= Received: from DM6PR07CA0070.namprd07.prod.outlook.com (2603:10b6:5:74::47) by DS7PR12MB6336.namprd12.prod.outlook.com (2603:10b6:8:93::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.21; Fri, 19 May 2023 16:30:32 +0000 Received: from DM6NAM11FT009.eop-nam11.prod.protection.outlook.com (2603:10b6:5:74:cafe::fc) by DM6PR07CA0070.outlook.office365.com (2603:10b6:5:74::47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.21 via Frontend Transport; Fri, 19 May 2023 16:30:32 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DM6NAM11FT009.mail.protection.outlook.com (10.13.173.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6411.21 via Frontend Transport; Fri, 19 May 2023 16:30:32 +0000 Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Fri, 19 May 2023 11:30:30 -0500 From: Tom Lendacky To: , CC: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "Kirill A. Shutemov" , "H. Peter Anvin" , Michael Roth , Joerg Roedel , Dionna Glaze , Andy Lutomirski , Peter Zijlstra Subject: [RESEND PATCH v8 1/6] x86/sev: Fix calculation of end address based on number of pages Date: Fri, 19 May 2023 11:30:08 -0500 Message-ID: X-Mailer: git-send-email 2.40.0 In-Reply-To: References: <20230518231434.26080-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM11FT009:EE_|DS7PR12MB6336:EE_ X-MS-Office365-Filtering-Correlation-Id: 57e49ce1-0f46-41b4-a936-08db58865dc5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 3gIlnJH/5e5IWpVX+IdVz+30yZ/5K7FaAKfwoEkUTmPDtCL96xrvS3LoXyneR47VNhbA/w4JMYpi6Zojx99zjflqPbLUp6ovE1Brk9TSoVBhJeYJYaHsGAQzbIXwNBEvXno13XskykY8HBmhOTGUcgA5tDX8hWIdrAZh5F1wJ1Hlm+FO13lz8EzwGWBhaanQZtqvlxhSSSfSAb+FvWOfDRJ+evhmeDf22ydmSlu/g9Ttzxh/Z8lbIOyCb9yZZMSlaOkxz6rzu51mVXdFEKAuat0wEJ7j+e//NP4aaW89oHpVlRuN2wth/Akk7yA1HJCCSQ95+aPkSa7rFuUidD4mR6WtWzBkVdriG7DyB8IY/jH6AqQ7rgDj03knGwrAF4VqCsvS4rmMlStHwPOtRBFaFGAcwHBemrnOCVluVz1l60/QnCLfW8IAcexymd0dc2zeNQHX2J4OcP9YDpV40LpX6M4/jaTJ5Fi+SIoY7NaQauvIo4V37JUCSlXGJzbGuhw0RBzNg8TFrpTVbxvXeo3m7juJQoj73+Efs40eZTYPWHQd0RlYC/+hEPVBiZfVaYGvgkqjg+iBoxS21WhFTT2F3NIQ2a1NKM4VgNEew5fnmcllU30i2aBdsUx2xy+ZX9GxJYBgVmHSm00AT5Tffr5FePeINMZpJyK3ylAXc8Z5Wz7fqYs/xLhjY1Z0yuZgTE2lWhZmqj+Az/ceTzK+42mw5fHCK11Bcpovs4UUv23Q/R7PItLSxnc0U3BByOUsQ+rTOhxNZ2Zfi3fcsHLhYf1vxw== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(39860400002)(136003)(396003)(346002)(376002)(451199021)(36840700001)(40470700004)(46966006)(16526019)(70206006)(70586007)(4326008)(110136005)(54906003)(82740400003)(8936002)(8676002)(40480700001)(478600001)(316002)(6666004)(41300700001)(40460700003)(2906002)(86362001)(356005)(81166007)(26005)(82310400005)(47076005)(36756003)(186003)(336012)(426003)(7416002)(36860700001)(5660300002)(2616005)(83380400001)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 May 2023 16:30:32.4372 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 57e49ce1-0f46-41b4-a936-08db58865dc5 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT009.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB6336 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1766341417230029293?= X-GMAIL-MSGID: =?utf-8?q?1766341417230029293?= When calculating an end address based on an unsigned int number of pages, any value greater than or equal to 0x100000 that is shift PAGE_SHIFT bits results in a 0 value, resulting in an invalid end address. Change the number of pages variable in various routines from an unsigned int to an unsigned long to calculate the end address correctly. Fixes: 5e5ccff60a29 ("x86/sev: Add helper for validating pages in early enc attribute changes") Fixes: dc3f3d2474b8 ("x86/mm: Validate memory when changing the C-bit") Signed-off-by: Tom Lendacky --- arch/x86/include/asm/sev.h | 16 ++++++++-------- arch/x86/kernel/sev.c | 14 +++++++------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 13dc2a9d23c1..7ca5c9ec8b52 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -192,12 +192,12 @@ struct snp_guest_request_ioctl; void setup_ghcb(void); void __init early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr, - unsigned int npages); + unsigned long npages); void __init early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr, - unsigned int npages); + unsigned long npages); void __init snp_prep_memory(unsigned long paddr, unsigned int sz, enum psc_op op); -void snp_set_memory_shared(unsigned long vaddr, unsigned int npages); -void snp_set_memory_private(unsigned long vaddr, unsigned int npages); +void snp_set_memory_shared(unsigned long vaddr, unsigned long npages); +void snp_set_memory_private(unsigned long vaddr, unsigned long npages); void snp_set_wakeup_secondary_cpu(void); bool snp_init(struct boot_params *bp); void __init __noreturn snp_abort(void); @@ -212,12 +212,12 @@ static inline int pvalidate(unsigned long vaddr, bool rmp_psize, bool validate) static inline int rmpadjust(unsigned long vaddr, bool rmp_psize, unsigned long attrs) { return 0; } static inline void setup_ghcb(void) { } static inline void __init -early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr, unsigned int npages) { } +early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr, unsigned long npages) { } static inline void __init -early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr, unsigned int npages) { } +early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr, unsigned long npages) { } static inline void __init snp_prep_memory(unsigned long paddr, unsigned int sz, enum psc_op op) { } -static inline void snp_set_memory_shared(unsigned long vaddr, unsigned int npages) { } -static inline void snp_set_memory_private(unsigned long vaddr, unsigned int npages) { } +static inline void snp_set_memory_shared(unsigned long vaddr, unsigned long npages) { } +static inline void snp_set_memory_private(unsigned long vaddr, unsigned long npages) { } static inline void snp_set_wakeup_secondary_cpu(void) { } static inline bool snp_init(struct boot_params *bp) { return false; } static inline void snp_abort(void) { } diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index b031244d6d2d..108bbae59c35 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -645,7 +645,7 @@ static u64 __init get_jump_table_addr(void) return ret; } -static void pvalidate_pages(unsigned long vaddr, unsigned int npages, bool validate) +static void pvalidate_pages(unsigned long vaddr, unsigned long npages, bool validate) { unsigned long vaddr_end; int rc; @@ -662,7 +662,7 @@ static void pvalidate_pages(unsigned long vaddr, unsigned int npages, bool valid } } -static void __init early_set_pages_state(unsigned long paddr, unsigned int npages, enum psc_op op) +static void __init early_set_pages_state(unsigned long paddr, unsigned long npages, enum psc_op op) { unsigned long paddr_end; u64 val; @@ -701,7 +701,7 @@ static void __init early_set_pages_state(unsigned long paddr, unsigned int npage } void __init early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr, - unsigned int npages) + unsigned long npages) { /* * This can be invoked in early boot while running identity mapped, so @@ -723,7 +723,7 @@ void __init early_snp_set_memory_private(unsigned long vaddr, unsigned long padd } void __init early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr, - unsigned int npages) + unsigned long npages) { /* * This can be invoked in early boot while running identity mapped, so @@ -879,7 +879,7 @@ static void __set_pages_state(struct snp_psc_desc *data, unsigned long vaddr, sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PSC); } -static void set_pages_state(unsigned long vaddr, unsigned int npages, int op) +static void set_pages_state(unsigned long vaddr, unsigned long npages, int op) { unsigned long vaddr_end, next_vaddr; struct snp_psc_desc *desc; @@ -904,7 +904,7 @@ static void set_pages_state(unsigned long vaddr, unsigned int npages, int op) kfree(desc); } -void snp_set_memory_shared(unsigned long vaddr, unsigned int npages) +void snp_set_memory_shared(unsigned long vaddr, unsigned long npages) { if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) return; @@ -914,7 +914,7 @@ void snp_set_memory_shared(unsigned long vaddr, unsigned int npages) set_pages_state(vaddr, npages, SNP_PAGE_STATE_SHARED); } -void snp_set_memory_private(unsigned long vaddr, unsigned int npages) +void snp_set_memory_private(unsigned long vaddr, unsigned long npages) { if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) return; From patchwork Fri May 19 16:30:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 96500 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp1370131vqo; Fri, 19 May 2023 09:43:00 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ418lQGCoh4XbHbFtB7TjygPRTTFqgMBSJ6eF3hqdGNH/5qxfkciUw/UTjXDnCxeLObfMwa X-Received: by 2002:a05:6a20:2585:b0:f0:3e78:715b with SMTP id k5-20020a056a20258500b000f03e78715bmr3140366pzd.40.1684514580535; Fri, 19 May 2023 09:43:00 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1684514580; cv=pass; d=google.com; s=arc-20160816; b=zAEx5w3PhinV0NCYFttlgNMM5PU0GjDSd3UPSU6BfLEzclPCaMMokucr5usvTovfYs aL3p8fcSo5NKKw9NqLk5ZFnISG4/KuSzbUvaBQ6654wAZN9KfJsKJvuaJmaafgHGJ5NE WdbVxNO+fWZjbFjZuwO+e3p9tG5kXX4bZ6997bG1TbK+vFAm5fAhzLEhBYVIpfi5NYtG +4XX2bF7PgfxRNGJSOrVi1HZVohTmdP9a7OHgOQCR4+oWS9MqXzKLx6m4XvyL1ALBmEE cw9CyH/aR6QWdC2kFKAcU/nzPXsxqFyZxv4XTg87iZHzLwiRWWvuzkDNHACcoXBqyVkf hjxg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=XMQqH5m4QXLuZBkFFVr61vvEYj4Js0xBdEZitHzZIe0=; b=cTpIOv8dJtjMPYfwd8eIjFCyOSbqJMdROE6X1ATlzmZV8E/DfEOJW6FutNAFQ8RXa0 pLE383/h32+5Ak2ueheZeEsx4A3z8ENXNnSAcRCWLtgcgKazJBihxfMo6Xz+PuWaPhAZ /s4KyRSBKEXVSAktAOiNqFcVPhdyXmiH8Bvy6Ft3DZMAA7jXescD3qNbKf2iDuVCFGmO uTt+wvtLYWK6ciw/Lk70jvbhWBD4AT+skN1BGpXeESP6PIsERtihINMzFL7f2UO+gYBS G3DSgjgybBw6j2cdQSf2CqT7W8HTLyqH/ttZZWLJeDtreHsE9vYsU64SYQlO/rtk4lUq ItbA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=FiIkF9Cm; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m29-20020a637d5d000000b0053076a4da8asi2314960pgn.770.2023.05.19.09.42.40; Fri, 19 May 2023 09:43:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=FiIkF9Cm; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230466AbjESQay (ORCPT + 99 others); Fri, 19 May 2023 12:30:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54830 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230450AbjESQas (ORCPT ); Fri, 19 May 2023 12:30:48 -0400 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2061a.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe5b::61a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0ECD3198 for ; Fri, 19 May 2023 09:30:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NKt4wkoZKFck51bjffuzdQB7KNXuMbzNoS+kmuxxC5LnW2P6NXRzbPqca/kQaC+AhxKjGsJLJomp6bQxdH2os95V1wsgg5gx9v0YJmqVZH8oPiyIMyVmf8Y5amvhVlDaM9NPXhtLqr5NEBy6ocdAZ5KzZhVP8Mxrh96M/AQixV08e2ad2/FTmNl3Q5MZy3R0j0Wy8pbXMSPWqIyWe7XbwpwbM/aVYxKHL4tGLOA0bD5EGHMAN8vSjz/pPEcSdK3AxEPuLDaTgrgw6Jrd6qDj/vpEZYrtWN2FjBnQmWjSRdxguO7TEbrJApiCKdwlsvy+CcYHQEYLQQ8jAp5Nn2n9lw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XMQqH5m4QXLuZBkFFVr61vvEYj4Js0xBdEZitHzZIe0=; b=JGeLJ7S8dI8Z5AsUz8/7ALKI4ybaGf6ik9avL6pyQRPKV4nrfB3YlKB4knlRnq150yy/9uYtJi2Q5fcz+mcnbZ6lJtxI3Sn6KELlcO2umcCtdt7aigsbv8+Es+BZL2uckCEG6z/dzb+0Hr88iqEuYkTKvHyKsM66MHnZLp9nEvkmwlhBTUwkH7It4cj7m6vMoXoN3O+jQbq5G1esO5rFPQuT5jgKD4iG2ylZMRL3aPTDWPFYJUNAxzT1URHEuoUpuSvSkbMgoo0q9S8IJ2ZSVQJYk9MgYczkr4CJ8W+D7xFKtzy8reueB8K8l6SFohfqRlTVxhyvMDFCHRm+m62T1Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XMQqH5m4QXLuZBkFFVr61vvEYj4Js0xBdEZitHzZIe0=; b=FiIkF9CmfT5vMw/rlf54sw8JJkG2r7lJWscgQ1jjUQv64UqT+EiHXLa3iH7ZDs4TkMPNL33uZOpJREtgkjFeYooUWAhfguXzOWKR74BRD+K2cGhlfOkXS0KEN5AhbgNIuRHnexHS/+78xlixW/5GFnRWOSCQai/OYjhYY/7duMQ= Received: from DM6PR03CA0086.namprd03.prod.outlook.com (2603:10b6:5:333::19) by DM4PR12MB5865.namprd12.prod.outlook.com (2603:10b6:8:64::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.19; Fri, 19 May 2023 16:30:42 +0000 Received: from DM6NAM11FT042.eop-nam11.prod.protection.outlook.com (2603:10b6:5:333:cafe::60) by DM6PR03CA0086.outlook.office365.com (2603:10b6:5:333::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.21 via Frontend Transport; Fri, 19 May 2023 16:30:42 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DM6NAM11FT042.mail.protection.outlook.com (10.13.173.165) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6411.21 via Frontend Transport; Fri, 19 May 2023 16:30:42 +0000 Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Fri, 19 May 2023 11:30:40 -0500 From: Tom Lendacky To: , CC: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "Kirill A. Shutemov" , "H. Peter Anvin" , Michael Roth , Joerg Roedel , Dionna Glaze , Andy Lutomirski , Peter Zijlstra Subject: [RESEND PATCH v8 2/6] x86/sev: Put PSC struct on the stack in prep for unaccepted memory support Date: Fri, 19 May 2023 11:30:09 -0500 Message-ID: <12e07432b4f4db949ef7ca5b93c0b2adb5b80a1b.1684513813.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.40.0 In-Reply-To: References: <20230518231434.26080-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM11FT042:EE_|DM4PR12MB5865:EE_ X-MS-Office365-Filtering-Correlation-Id: bfcaad32-4a6b-4531-2d87-08db588663b8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: OI5+MrBdDBSCmgmF42/8X2B3ZJpiyyDzkIcdFf4JBZzrXelNuw9owSGOBKPww+YCeN3NZ1Hsmok8NqZqbzT8Eda6RLlP8Y6k2pNVZbRnTxMsOzu7jRS8eUCcMdWHy2QY/IXJLZLO2B+dKYICHx04kA19nTtlZU3SIQkED87oW5A75AScGrv6gQ65ci+hqK7lRUI26tMlr4nNeHSk3lKr5/1A7mqW+Tsja3BgtRB6HO/Qmw/fCassRpsrNp/GVLq2NJZXjJj7bPIRyfOaxYQei2IIu8LCDP74dNF5elG+yEncafeBNDq4IW/HnToLLf9+foRYltbLjsxHDiBnsrCdHSuCS2cd2LPfwyTzHwfLuMNbu13GdLxFraI+1/ATdRZgNOQPoIoKzPvuYNxYDEz6BOr2MkXS7XTXq5qmmpkEwxoOgQmVlG7ZUFTYnGkiVmHguYCmoBlR0Z+k/vxMFLhGhMpeuNMtqm2kMWBkxes42xr8c602MpLEBSbonxJsu6SU9N+4qq87TjkXVDnU5GsW6B6Tis8dweoydwdyB0APJMxm3bsQdzmSQQD5smttkApeN2dUgtGoBlfiO8KVd/0CDr3d/NprLgyGjj4DZxCEkXFLc2L6azuvLBqZPLsRJN53yQWPHP8dkJ8Dcp+mKSqMxv52tokOhVdY8kpPHjNRUUmYlNyd8R04qnaI6y7uoAGy7xrndmpBWaZG2au10h5ZnoV4JgDtbi24BeRrAkMdO/O+M70tp682QKY8ToBl4RAL X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(376002)(346002)(136003)(396003)(39860400002)(451199021)(46966006)(40470700004)(36840700001)(40460700003)(26005)(966005)(36756003)(426003)(36860700001)(83380400001)(47076005)(40480700001)(336012)(86362001)(82310400005)(2616005)(81166007)(16526019)(82740400003)(186003)(356005)(54906003)(110136005)(7416002)(5660300002)(478600001)(316002)(2906002)(4326008)(8676002)(8936002)(41300700001)(70206006)(70586007)(6666004)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 May 2023 16:30:42.4152 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bfcaad32-4a6b-4531-2d87-08db588663b8 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT042.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5865 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO,SPF_HELO_PASS, SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1766341561011041437?= X-GMAIL-MSGID: =?utf-8?q?1766341561011041437?= In advance of providing support for unaccepted memory, switch from using kmalloc() for allocating the Page State Change (PSC) structure to using a local variable that lives on the stack. This is needed to avoid a possible recursive call into set_pages_state() if the kmalloc() call requires (more) memory to be accepted, which would result in a hang. The current size of the PSC struct is 2,032 bytes. To make the struct more stack friendly, reduce the number of PSC entries from 253 down to 64, resulting in a size of 520 bytes. This is a nice compromise on struct size and total PSC requests while still allowing parallel PSC operations across vCPUs. If the reduction in PSC entries results in any kind of performance issue (that is not seen at the moment), use of a larger static PSC struct, with fallback to the smaller stack version, can be investigated. For more background info on this decision, see the subthread in the Link: tag below. Signed-off-by: Tom Lendacky Link: https://lore.kernel.org/lkml/658c455c40e8950cb046dd885dd19dc1c52d060a.1659103274.git.thomas.lendacky@amd.com --- arch/x86/include/asm/sev-common.h | 9 +++++++-- arch/x86/kernel/sev.c | 10 ++-------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h index 0759af9b1acf..b463fcbd4b90 100644 --- a/arch/x86/include/asm/sev-common.h +++ b/arch/x86/include/asm/sev-common.h @@ -106,8 +106,13 @@ enum psc_op { #define GHCB_HV_FT_SNP BIT_ULL(0) #define GHCB_HV_FT_SNP_AP_CREATION BIT_ULL(1) -/* SNP Page State Change NAE event */ -#define VMGEXIT_PSC_MAX_ENTRY 253 +/* + * SNP Page State Change NAE event + * The VMGEXIT_PSC_MAX_ENTRY determines the size of the PSC structure, which + * is a local stack variable in set_pages_state(). Do not increase this value + * without evaluating the impact to stack usage. + */ +#define VMGEXIT_PSC_MAX_ENTRY 64 struct psc_hdr { u16 cur_entry; diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index 108bbae59c35..7b0144acd7bf 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -882,11 +882,7 @@ static void __set_pages_state(struct snp_psc_desc *data, unsigned long vaddr, static void set_pages_state(unsigned long vaddr, unsigned long npages, int op) { unsigned long vaddr_end, next_vaddr; - struct snp_psc_desc *desc; - - desc = kmalloc(sizeof(*desc), GFP_KERNEL_ACCOUNT); - if (!desc) - panic("SNP: failed to allocate memory for PSC descriptor\n"); + struct snp_psc_desc desc; vaddr = vaddr & PAGE_MASK; vaddr_end = vaddr + (npages << PAGE_SHIFT); @@ -896,12 +892,10 @@ static void set_pages_state(unsigned long vaddr, unsigned long npages, int op) next_vaddr = min_t(unsigned long, vaddr_end, (VMGEXIT_PSC_MAX_ENTRY * PAGE_SIZE) + vaddr); - __set_pages_state(desc, vaddr, next_vaddr, op); + __set_pages_state(&desc, vaddr, next_vaddr, op); vaddr = next_vaddr; } - - kfree(desc); } void snp_set_memory_shared(unsigned long vaddr, unsigned long npages) From patchwork Fri May 19 16:30:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 96493 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp1364666vqo; Fri, 19 May 2023 09:34:42 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6MLJu4+IpHhZSzEfqKW6YohJtNIotm7XeEBB7jkUi4w/lUKDJqNvvoDKdl0pgHXkZ+F2zf X-Received: by 2002:a17:902:da90:b0:1ae:32d3:43b2 with SMTP id j16-20020a170902da9000b001ae32d343b2mr3918494plx.25.1684514082569; Fri, 19 May 2023 09:34:42 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1684514082; cv=pass; d=google.com; s=arc-20160816; b=kiOOUYZ+UITJLqhregNNB2kmjSXN4NotNf/4NbROy4ASdfx/apX3wc5ZOquqvr6of6 77n8KYK/eAy8x3DW6ek7WEvRdzjbudM8OPDEaB60zQK1gLZ+eZOjtIlUnFgRf3iKKY2L 0HXz85RXmqLoe6oqOytJNRXohWrkePSaBWwxoymLYDTgr6yDZIuC4P96cVLxiZBfIf8g 67pNFlj+6gWbAF98FOYl7yiG/SRo7rIcWRdnuibeaX5bXDsvkdiJ6oJyYvsvY9+lY1jo 2BM9bp92HL67nCPJG7BPGwqAx43TI5j0r/PoBmG4iFoBvAeRpizo4DWSbsSEckCBG8Ex jf2g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=adTuFZ8iQMiM83q2NY8/acoI9AbzAM/9fd4rMUYoVsk=; b=uVx47Rqo0+Q2iCvxbJ7hZ8exjNkGKq3ShSIGVzNEtl23Urm3MWVgwQnoxo/FKMkMM0 WkyL6DQHh29z0elyrR38Yxi5b1rLV1ofKV/BMfbZ4iz/um8EW1Gb3ZRF4TRSlvmxGexR lBH84lRBsaW3dTiWtZbYgvIgAzj+z336v7uELVvkJVYEzBkZCLs4d8hUeaPhXdzOJpFQ tX7+jcN14gmReg7tzJrZ7urnwPETX5igLje1OFqy1d3Ojk1/8c5vwrvDb2jE2Al4Dwjs A0DCUOC9lBcGjvHbyldE5BaHEyzDJKbD5eSvUQLIJm+ByNHrC9uB5uYmsAlnOkhTDRLM PU3g== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=spSvzULi; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i5-20020a170902eb4500b001ade5e66c39si3827776pli.114.2023.05.19.09.34.06; Fri, 19 May 2023 09:34:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=spSvzULi; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230492AbjESQbN (ORCPT + 99 others); Fri, 19 May 2023 12:31:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55272 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229599AbjESQbL (ORCPT ); Fri, 19 May 2023 12:31:11 -0400 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2082.outbound.protection.outlook.com [40.107.223.82]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C2EDF10E4 for ; Fri, 19 May 2023 09:30:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=n5RXD6nP7+sZarfrm/rpLwayOA/hJ7Yp9e22BONKR8NigU7+5CwFriEeIR3F0mGKnaukvrpNw5m03dPelkmLyS+fMsLOFfD77tD5UGkHkJ7SzOygIPAU/En5KuEfBlKGaqZh6XsRPN5GSYCo+rAzQNOSk5sGqyD3++QlbzxGO/wsE0kAtBYjI5ww6tygsDK6FOy66HfBvnA/E6hEywu3hi9jZDicfrKi9ftat7JtAuCEsCzq0GVHbenAveNWdtArGTqTOReuKuNMecmZI6cc9OVCANGW6a/6xuXUjQqiflsO8JXdHn4jHBg0PQHbT9ujac+1jGF5Dku3j9Wz8VM13A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=adTuFZ8iQMiM83q2NY8/acoI9AbzAM/9fd4rMUYoVsk=; b=UXfc9k4917HB64U29Town5q4yQehQgGfIopHHvcACzF8xX3kznuTlhGv36zcPwIsypOJyliSNSDtLRmSRIONcQr10vRwLppwvVJ8oWvNSa2v8YELi1wejFJs0KwuNpaRdDbjUdV9yaOdRYfBUHuvCOXPTYBlmE1CpAT5m6jMQ13FT1xsAYCgFYfopJZ/W4pC7WXPcEKI7ea045Rxr+znjgX2MIF87tqyZ7DP+d7MFYRBGTvjbI4AKdLFdApo3rTuI0oiNw2YeQMUeNcOvwK1fw80XweiRjLTIgDqGV9WUdxMIGsOWWplo/uBSTvhHgd3jY3jjXPWvuZBqMjOfllGfQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=adTuFZ8iQMiM83q2NY8/acoI9AbzAM/9fd4rMUYoVsk=; b=spSvzULi9Eg0FXzonVKe9i4Y//7SbfVeKjFTjcPxOTBLHPJMZ2CNk0UdBSb1Ocf3rgD7+SSrD1Vfed1W6AOcBDa43HnM/6B1KFTIgDFoaRlnuHlC67TmcMBuB48ZcZ8igwlt3UKxYfLJEszW3rGH15WbXZpw1dIXc/G0AeSkxm0= Received: from DM6PR03CA0037.namprd03.prod.outlook.com (2603:10b6:5:100::14) by CY5PR12MB6249.namprd12.prod.outlook.com (2603:10b6:930:23::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.19; Fri, 19 May 2023 16:30:52 +0000 Received: from DM6NAM11FT098.eop-nam11.prod.protection.outlook.com (2603:10b6:5:100:cafe::6b) by DM6PR03CA0037.outlook.office365.com (2603:10b6:5:100::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.21 via Frontend Transport; Fri, 19 May 2023 16:30:52 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DM6NAM11FT098.mail.protection.outlook.com (10.13.173.61) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6411.22 via Frontend Transport; Fri, 19 May 2023 16:30:52 +0000 Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Fri, 19 May 2023 11:30:50 -0500 From: Tom Lendacky To: , CC: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "Kirill A. Shutemov" , "H. Peter Anvin" , Michael Roth , Joerg Roedel , Dionna Glaze , Andy Lutomirski , Peter Zijlstra Subject: [RESEND PATCH v8 3/6] x86/sev: Allow for use of the early boot GHCB for PSC requests Date: Fri, 19 May 2023 11:30:10 -0500 Message-ID: <49e0e596d71de92150f5d27b773d738eaf7dd68b.1684513813.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.40.0 In-Reply-To: References: <20230518231434.26080-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM11FT098:EE_|CY5PR12MB6249:EE_ X-MS-Office365-Filtering-Correlation-Id: 18f2978a-1a5f-4b46-93a5-08db58866982 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: W6/EoQaZ0XrEsGN/Y+F962Hezk4IWTpw1HUwOp32aSdRHHsY8wcMTA99i3y0n0IXGBJV++UryztZLsVHnfnj5bakCqOLwHtuvADDpyvIFdzZ4c6epJLICRx/0qti/FBfdJ+NkGJN7Ji+zJEXudPjPy34547dndp5tjiaVu/EYJo0TFzSJBg8AORT2BSWgo3U5a9gvpSRgxFy6+QaoGSVcyJdLvL79khu1FoNTjbburQZnUN2UDRwiVG4ZgjdInuRoi9bhhlZCcUbCebe25itrWa1Lyx75g93Gk6QmorOJZH5zffX2GJDioKy2j24jb2wXp9uF1FPjuXh72n9fANTCXYapBrUdczcNBnQRxPiA+8moLglGMm8n+Suo+T5ihe+x4N7QDuqbHBs2Fp46l87HpWC0TK2wGK7PV8LIHhJkOJG9O9GVVKAP6fsDFsjMK1Xjot/PmO5ShcpTFyN1WkRbJLr/qk7ci5BTikZnF7U+RZCDvxW0Z7zF2aixG7z4lFEw2GAiFboKjDMm4X+in1PnXSixNzhYKZLfFa5z4KFTfQFC1JqLcZgkkHN3s/qFv3f3JsdM9xD2EpNqAGvSTEnN5BI9wVwCBK/oKHhmU07lpBSkkfsKMyxbobpoIFTj5CbCVFK57nF5agMUc5wL9z31ydt7kaV37kvthRfj6NlIiV2cVXnuzro4Jrfac7/Dq4KNjA6crLVDepcLZ7BzXjItSABbCexBJjdDoqqEvlyeid2Dj2fW5lwFNC++DwATveAeRh3Wj+fQqkbpUBIuyZ5SA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(396003)(346002)(39860400002)(376002)(136003)(451199021)(36840700001)(46966006)(40470700004)(86362001)(26005)(40460700003)(81166007)(83380400001)(336012)(40480700001)(47076005)(426003)(36860700001)(2616005)(36756003)(82310400005)(356005)(16526019)(186003)(82740400003)(478600001)(110136005)(7416002)(54906003)(8676002)(2906002)(316002)(8936002)(41300700001)(5660300002)(70586007)(70206006)(4326008)(6666004)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 May 2023 16:30:52.0990 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 18f2978a-1a5f-4b46-93a5-08db58866982 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT098.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR12MB6249 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1766341038889882161?= X-GMAIL-MSGID: =?utf-8?q?1766341038889882161?= Using a GHCB for a page stage change (as opposed to the MSR protocol) allows for multiple pages to be processed in a single request. In prep for early PSC requests in support of unaccepted memory, update the invocation of vmgexit_psc() to be able to use the early boot GHCB and not just the per-CPU GHCB structure. In order to use the proper GHCB (early boot vs per-CPU), set a flag that indicates when the per-CPU GHCBs are available and registered. For APs, the per-CPU GHCBs are created before they are started and registered upon startup, so this flag can be used globally for the BSP and APs instead of creating a per-CPU flag. This will allow for a significant reduction in the number of MSR protocol page state change requests when accepting memory. Signed-off-by: Tom Lendacky --- arch/x86/kernel/sev.c | 61 +++++++++++++++++++++++++++---------------- 1 file changed, 38 insertions(+), 23 deletions(-) diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index 7b0144acd7bf..973756c89dac 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -119,7 +119,19 @@ static DEFINE_PER_CPU(struct sev_es_save_area *, sev_vmsa); struct sev_config { __u64 debug : 1, - __reserved : 63; + + /* + * A flag used by __set_pages_state() that indicates when the + * per-CPU GHCB has been created and registered and thus can be + * used by the BSP instead of the early boot GHCB. + * + * For APs, the per-CPU GHCB is created before they are started + * and registered upon startup, so this flag can be used globally + * for the BSP and APs. + */ + ghcbs_initialized : 1, + + __reserved : 62; }; static struct sev_config sev_cfg __read_mostly; @@ -662,7 +674,7 @@ static void pvalidate_pages(unsigned long vaddr, unsigned long npages, bool vali } } -static void __init early_set_pages_state(unsigned long paddr, unsigned long npages, enum psc_op op) +static void early_set_pages_state(unsigned long paddr, unsigned long npages, enum psc_op op) { unsigned long paddr_end; u64 val; @@ -756,26 +768,13 @@ void __init snp_prep_memory(unsigned long paddr, unsigned int sz, enum psc_op op WARN(1, "invalid memory op %d\n", op); } -static int vmgexit_psc(struct snp_psc_desc *desc) +static int vmgexit_psc(struct ghcb *ghcb, struct snp_psc_desc *desc) { int cur_entry, end_entry, ret = 0; struct snp_psc_desc *data; - struct ghcb_state state; struct es_em_ctxt ctxt; - unsigned long flags; - struct ghcb *ghcb; - /* - * __sev_get_ghcb() needs to run with IRQs disabled because it is using - * a per-CPU GHCB. - */ - local_irq_save(flags); - - ghcb = __sev_get_ghcb(&state); - if (!ghcb) { - ret = 1; - goto out_unlock; - } + vc_ghcb_invalidate(ghcb); /* Copy the input desc into GHCB shared buffer */ data = (struct snp_psc_desc *)ghcb->shared_buffer; @@ -832,20 +831,18 @@ static int vmgexit_psc(struct snp_psc_desc *desc) } out: - __sev_put_ghcb(&state); - -out_unlock: - local_irq_restore(flags); - return ret; } static void __set_pages_state(struct snp_psc_desc *data, unsigned long vaddr, unsigned long vaddr_end, int op) { + struct ghcb_state state; struct psc_hdr *hdr; struct psc_entry *e; + unsigned long flags; unsigned long pfn; + struct ghcb *ghcb; int i; hdr = &data->hdr; @@ -875,8 +872,20 @@ static void __set_pages_state(struct snp_psc_desc *data, unsigned long vaddr, i++; } - if (vmgexit_psc(data)) + local_irq_save(flags); + + if (sev_cfg.ghcbs_initialized) + ghcb = __sev_get_ghcb(&state); + else + ghcb = boot_ghcb; + + if (!ghcb || vmgexit_psc(ghcb, data)) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PSC); + + if (sev_cfg.ghcbs_initialized) + __sev_put_ghcb(&state); + + local_irq_restore(flags); } static void set_pages_state(unsigned long vaddr, unsigned long npages, int op) @@ -884,6 +893,10 @@ static void set_pages_state(unsigned long vaddr, unsigned long npages, int op) unsigned long vaddr_end, next_vaddr; struct snp_psc_desc desc; + /* Use the MSR protocol when a GHCB is not available. */ + if (!boot_ghcb) + return early_set_pages_state(__pa(vaddr), npages, op); + vaddr = vaddr & PAGE_MASK; vaddr_end = vaddr + (npages << PAGE_SHIFT); @@ -1261,6 +1274,8 @@ void setup_ghcb(void) if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) snp_register_per_cpu_ghcb(); + sev_cfg.ghcbs_initialized = true; + return; } From patchwork Fri May 19 16:30:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 96498 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp1368656vqo; Fri, 19 May 2023 09:40:46 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5qpaXVaHPhOd8wG2dZR8B6KmNo7625x3iYmdaJJCEofWERToVKcH/aTTcgE94RZahO1eZk X-Received: by 2002:a05:6a00:a21:b0:644:ad29:fd37 with SMTP id p33-20020a056a000a2100b00644ad29fd37mr3804240pfh.28.1684514446273; Fri, 19 May 2023 09:40:46 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1684514446; cv=pass; d=google.com; s=arc-20160816; b=GqJ88t4E15oUKzjJcqsxStIdyuujPPQUL8SKL7gwh9/+kh1s/+iv4LJnlHl500h+b7 fIU/VcReHcqfn6OgH4zMkpuoGHZkBj+E4tk8uuEkSWwwlK5I3MSFqhJkhxnD6igCL+9j jFFdOdgDgnCz7GQfXgLf+v5ZPcVS6hI/7E/27fZS4bqEfmgoJenxCMiKbRNN1dYQvT54 h6FDJthRh2MlTToGIDZbF3mVVM18hFd/n7xX3GeI29Z8adxvajlF8xgpf59XDjyBl/fi Ml+yVI5IZGegjEf3Vv+IsAf596UJvjSet1VEwgyPt6p1tzL4PRdOn79JKBsCXdTIFZQI qEPQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=blqlGSo1u7qyUOO+G4REHTh7X/rBN0iZH9kWG9Z8W9U=; b=HDxyt2quPE/e2xdM94uFH+O6wdYsjm9Sbi3NPa2+Q0yP7T9O0ZDu46h11k3lsaSYe0 3FWTuqPK6Ww0nsUpF2rMIqmTooASnBonDmpJjH9NWh5cMfNp6ViTB7rIWCgjBYQRbb+f MsiFn9Y3z6ynyhooy73QhxcvReIdW2XN3cvYdS9gtwO7JPZqo0eXRjm29o6Fn8f+PfgV IvyEBXH8R+q39ONamUdrlJylhvb45hKEna9aNHHmzhQR8O5rO2Nijrfoz2GHnCT89s06 CaUTLW4MSFHcgyjuWjwPexdXujxKbFwhGXrSNleDV3Ksc6dnqJpEAFY6mWR9CDa+EG16 nm3Q== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=feFK3H9m; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g4-20020aa796a4000000b006436b625317si2452415pfk.122.2023.05.19.09.40.31; Fri, 19 May 2023 09:40:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=feFK3H9m; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230212AbjESQbf (ORCPT + 99 others); Fri, 19 May 2023 12:31:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55586 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230394AbjESQbd (ORCPT ); Fri, 19 May 2023 12:31:33 -0400 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2073.outbound.protection.outlook.com [40.107.92.73]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 679EBE5A for ; Fri, 19 May 2023 09:31:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PkzxQ9SZNyCl7etXpbBQwTLID3df+HdYXW9QAmP1OBRbI6ihL/CBQu52Ikb4JVksi1u4j3o3jhhp7jU3j9OUyWqE9Qi5D8dg9DpruXAD6ggAdsVQvQF1JLlpQpLofPMnUOYnR36VTrxmD0ReNyoRqViKFRAGInI5tuHBIhz+IY3vzioHrQSjDKWBuDDH+pGr4OV29/E6/BQYfFn0R7Vzl1fVwlJ3lftWtlgIDOpwYs1bAN/XrmkjiBI1Z+F/Tz7RBNw6OMgq/3hGQe51X8dQQ8xvaQUxljNLtuezCVhZiaO8lvpDaN3CXfONRqi9TGwsOTsSeRZy4L2rl41TUeo9Xw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=blqlGSo1u7qyUOO+G4REHTh7X/rBN0iZH9kWG9Z8W9U=; b=RQMkMTMsZrUhDA1hOzSuO7T8I6MbmT0UGx9lRsV/sUJ8xv8VILbbX2wXvW7vghVg1pyuNMaCUa6mYYkB9u2E4ifBuozREa5uE3UKDF+zWXQe8u5kTeuwetx8YXl+oUz4bVxeTgQbh38hZ0XhNeC+o09hzf17kvFLnlAZsCyY713fUTLJhQdPV9OzhXb3uYi8Q9esNynM6HrsL8dBnEG2lab9BLvu6QD580qHH2xQLltDNOHt8CiV98N8uzwvvJS68DHnbkg3uJTOfmIiDwkpUSWq1YsyuRg2QLSt8diKnWiuDMQvAv+D3FQ4YhR7WmfD4Mhbp4gid22kj/CayVBIUQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=blqlGSo1u7qyUOO+G4REHTh7X/rBN0iZH9kWG9Z8W9U=; b=feFK3H9mG43Ta3PwP6NJZqdNvIeqNGqjeV0tckMeFDGHYt6AZCgO0hIGZLVGMHNc14OjQp2PwtRkOAPvgDMI+wnF/4wsZEFXANFsLFn5ZkbZlasjguD74WjFeghXpFtnqF4h4hcAMG/QkMCtWK+wICjuCvmllRAhPLBThWLSXq0= Received: from DM6PR07CA0055.namprd07.prod.outlook.com (2603:10b6:5:74::32) by SN7PR12MB7954.namprd12.prod.outlook.com (2603:10b6:806:344::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.30; Fri, 19 May 2023 16:31:03 +0000 Received: from DM6NAM11FT065.eop-nam11.prod.protection.outlook.com (2603:10b6:5:74:cafe::ea) by DM6PR07CA0055.outlook.office365.com (2603:10b6:5:74::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.21 via Frontend Transport; Fri, 19 May 2023 16:31:03 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DM6NAM11FT065.mail.protection.outlook.com (10.13.172.109) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6411.21 via Frontend Transport; Fri, 19 May 2023 16:31:03 +0000 Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Fri, 19 May 2023 11:31:00 -0500 From: Tom Lendacky To: , CC: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "Kirill A. Shutemov" , "H. Peter Anvin" , Michael Roth , Joerg Roedel , Dionna Glaze , Andy Lutomirski , Peter Zijlstra Subject: [RESEND PATCH v8 4/6] x86/sev: Use large PSC requests if applicable Date: Fri, 19 May 2023 11:30:11 -0500 Message-ID: X-Mailer: git-send-email 2.40.0 In-Reply-To: References: <20230518231434.26080-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM11FT065:EE_|SN7PR12MB7954:EE_ X-MS-Office365-Filtering-Correlation-Id: 63466187-9c81-4e7e-5802-08db58867077 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: vlu4I8+GrMAZEqc7mwlZ0wE9znzBQiHBYTDmZZOFuiLi8szSSuU5yQB3tU4Nk3C7/dFAMueV9NpSm/mY0t7gVo9ivDf+kL+dYGj5Sgo1KTpO5jlYW3tLubPA003/OfDUUdUZ5X7dEVidF4uoM7Fk0lkeutxSYJ6XgV7cpYiX6c3+WQYdYx/jCiMC+bruljhXpuVZHEXt74lStKJHfjb5QJ8x20QiRaYeHrX0/4eb54WYz9M1clLMdqGltU3qz/OK1uwjXIYxmou3SIfND7zA1nlqJyO8HUawH5TtEGcUpmpySwBcs/5RX6qPQH3yev6KdChLHumoN5e+GSmF1rBgMmJA7ljkogF7XEZEu4eP1ZyBg0QfpOr574Bwhw+YCI0brCv22YtcDI+R7DokpzcpanUR4CYuhEQzENi+OhCVtgh6HyaGSqqhI0G7UGZk/Ndjz0PnLge/zbZaHnq3zbiVhpKAJ93FetEypqkDx/nCwHfWJwmPbYCXONJHBiKUrAFI4j2Kne12c3IYEuLAG7ggf9VkgAgaWh35uEgt9H5L8dh8Hd3+CqIibq9IrP0Dj+Uifq4atexbPBs8XR+UC2BVGEd8vW1RZ/mG5OdXwBeb/Ll+ZO5zGTLT2Ix9O6zeU3OWlJXVprFGgEhiiwdJdGJaUAtUNrtqJYLOgbCpxVuPdNSIXB3P3L/hTvEpZr1NZ38IfeLJon9ZjxHiDj5+ZjyMKFteTFyUPvJ6jyBHYLJRrMOmaoo6nMr57Ki1zThIrjq6+GkmlKqP+3Yee6VsTIBuGg== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(39860400002)(346002)(376002)(396003)(136003)(451199021)(36840700001)(40470700004)(46966006)(40460700003)(70586007)(70206006)(4326008)(54906003)(316002)(110136005)(86362001)(36756003)(478600001)(83380400001)(47076005)(186003)(2616005)(336012)(426003)(36860700001)(16526019)(26005)(5660300002)(41300700001)(8936002)(8676002)(7416002)(2906002)(82310400005)(40480700001)(81166007)(82740400003)(356005)(6666004)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 May 2023 16:31:03.8163 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 63466187-9c81-4e7e-5802-08db58867077 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT065.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB7954 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, T_FILL_THIS_FORM_SHORT,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1766341053236958628?= X-GMAIL-MSGID: =?utf-8?q?1766341419853699928?= In advance of providing support for unaccepted memory, request 2M Page State Change (PSC) requests when the address range allows for it. By using a 2M page size, more PSC operations can be handled in a single request to the hypervisor. The hypervisor will determine if it can accommodate the larger request by checking the mapping in the nested page table. If mapped as a large page, then the 2M page request can be performed, otherwise the 2M page request will be broken down into 512 4K page requests. This is still more efficient than having the guest perform multiple PSC requests in order to process the 512 4K pages. In conjunction with the 2M PSC requests, attempt to perform the associated PVALIDATE instruction of the page using the 2M page size. If PVALIDATE fails with a size mismatch, then fallback to validating 512 4K pages. To do this, page validation is modified to work with the PSC structure and not just a virtual address range. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/sev.h | 4 ++ arch/x86/kernel/sev.c | 125 ++++++++++++++++++++++++------------- 2 files changed, 84 insertions(+), 45 deletions(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 7ca5c9ec8b52..e21e1c5397c1 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -80,11 +80,15 @@ extern void vc_no_ghcb(void); extern void vc_boot_ghcb(void); extern bool handle_vc_boot_ghcb(struct pt_regs *regs); +/* PVALIDATE return codes */ +#define PVALIDATE_FAIL_SIZEMISMATCH 6 + /* Software defined (when rFlags.CF = 1) */ #define PVALIDATE_FAIL_NOUPDATE 255 /* RMP page size */ #define RMP_PG_SIZE_4K 0 +#define RMP_PG_SIZE_2M 1 #define RMPADJUST_VMSA_PAGE_BIT BIT(16) diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index 973756c89dac..8802a75e1c20 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -657,32 +657,58 @@ static u64 __init get_jump_table_addr(void) return ret; } -static void pvalidate_pages(unsigned long vaddr, unsigned long npages, bool validate) +static void pvalidate_pages(struct snp_psc_desc *desc) { - unsigned long vaddr_end; + struct psc_entry *e; + unsigned long vaddr; + unsigned int size; + unsigned int i; + bool validate; int rc; - vaddr = vaddr & PAGE_MASK; - vaddr_end = vaddr + (npages << PAGE_SHIFT); + for (i = 0; i <= desc->hdr.end_entry; i++) { + e = &desc->entries[i]; + + vaddr = (unsigned long)pfn_to_kaddr(e->gfn); + size = e->pagesize ? RMP_PG_SIZE_2M : RMP_PG_SIZE_4K; + validate = (e->operation == SNP_PAGE_STATE_PRIVATE) ? true : false; + + rc = pvalidate(vaddr, size, validate); + if (rc == PVALIDATE_FAIL_SIZEMISMATCH && size == RMP_PG_SIZE_2M) { + unsigned long vaddr_end = vaddr + PMD_SIZE; + + for (; vaddr < vaddr_end; vaddr += PAGE_SIZE) { + rc = pvalidate(vaddr, RMP_PG_SIZE_4K, validate); + if (rc) + break; + } + } - while (vaddr < vaddr_end) { - rc = pvalidate(vaddr, RMP_PG_SIZE_4K, validate); if (WARN(rc, "Failed to validate address 0x%lx ret %d", vaddr, rc)) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PVALIDATE); - - vaddr = vaddr + PAGE_SIZE; } } -static void early_set_pages_state(unsigned long paddr, unsigned long npages, enum psc_op op) +static void early_set_pages_state(unsigned long vaddr, unsigned long paddr, + unsigned long npages, enum psc_op op) { unsigned long paddr_end; u64 val; + int ret; + + vaddr = vaddr & PAGE_MASK; paddr = paddr & PAGE_MASK; paddr_end = paddr + (npages << PAGE_SHIFT); while (paddr < paddr_end) { + if (op == SNP_PAGE_STATE_SHARED) { + /* Page validation must be rescinded before changing to shared */ + ret = pvalidate(vaddr, RMP_PG_SIZE_4K, false); + if (WARN(ret, "Failed to validate address 0x%lx ret %d", paddr, ret)) + goto e_term; + } + /* * Use the MSR protocol because this function can be called before * the GHCB is established. @@ -703,7 +729,15 @@ static void early_set_pages_state(unsigned long paddr, unsigned long npages, enu paddr, GHCB_MSR_PSC_RESP_VAL(val))) goto e_term; - paddr = paddr + PAGE_SIZE; + if (op == SNP_PAGE_STATE_PRIVATE) { + /* Page validation must be performed after changing to private */ + ret = pvalidate(vaddr, RMP_PG_SIZE_4K, true); + if (WARN(ret, "Failed to validate address 0x%lx ret %d", paddr, ret)) + goto e_term; + } + + vaddr += PAGE_SIZE; + paddr += PAGE_SIZE; } return; @@ -728,10 +762,7 @@ void __init early_snp_set_memory_private(unsigned long vaddr, unsigned long padd * Ask the hypervisor to mark the memory pages as private in the RMP * table. */ - early_set_pages_state(paddr, npages, SNP_PAGE_STATE_PRIVATE); - - /* Validate the memory pages after they've been added in the RMP table. */ - pvalidate_pages(vaddr, npages, true); + early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_PRIVATE); } void __init early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr, @@ -746,11 +777,8 @@ void __init early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr if (!(sev_status & MSR_AMD64_SEV_SNP_ENABLED)) return; - /* Invalidate the memory pages before they are marked shared in the RMP table. */ - pvalidate_pages(vaddr, npages, false); - /* Ask hypervisor to mark the memory pages shared in the RMP table. */ - early_set_pages_state(paddr, npages, SNP_PAGE_STATE_SHARED); + early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_SHARED); } void __init snp_prep_memory(unsigned long paddr, unsigned int sz, enum psc_op op) @@ -834,10 +862,11 @@ static int vmgexit_psc(struct ghcb *ghcb, struct snp_psc_desc *desc) return ret; } -static void __set_pages_state(struct snp_psc_desc *data, unsigned long vaddr, - unsigned long vaddr_end, int op) +static unsigned long __set_pages_state(struct snp_psc_desc *data, unsigned long vaddr, + unsigned long vaddr_end, int op) { struct ghcb_state state; + bool use_large_entry; struct psc_hdr *hdr; struct psc_entry *e; unsigned long flags; @@ -851,27 +880,37 @@ static void __set_pages_state(struct snp_psc_desc *data, unsigned long vaddr, memset(data, 0, sizeof(*data)); i = 0; - while (vaddr < vaddr_end) { - if (is_vmalloc_addr((void *)vaddr)) + while (vaddr < vaddr_end && i < ARRAY_SIZE(data->entries)) { + hdr->end_entry = i; + + if (is_vmalloc_addr((void *)vaddr)) { pfn = vmalloc_to_pfn((void *)vaddr); - else + use_large_entry = false; + } else { pfn = __pa(vaddr) >> PAGE_SHIFT; + use_large_entry = true; + } e->gfn = pfn; e->operation = op; - hdr->end_entry = i; - /* - * Current SNP implementation doesn't keep track of the RMP page - * size so use 4K for simplicity. - */ - e->pagesize = RMP_PG_SIZE_4K; + if (use_large_entry && IS_ALIGNED(vaddr, PMD_SIZE) && + (vaddr_end - vaddr) >= PMD_SIZE) { + e->pagesize = RMP_PG_SIZE_2M; + vaddr += PMD_SIZE; + } else { + e->pagesize = RMP_PG_SIZE_4K; + vaddr += PAGE_SIZE; + } - vaddr = vaddr + PAGE_SIZE; e++; i++; } + /* Page validation must be rescinded before changing to shared */ + if (op == SNP_PAGE_STATE_SHARED) + pvalidate_pages(data); + local_irq_save(flags); if (sev_cfg.ghcbs_initialized) @@ -879,6 +918,7 @@ static void __set_pages_state(struct snp_psc_desc *data, unsigned long vaddr, else ghcb = boot_ghcb; + /* Invoke the hypervisor to perform the page state changes */ if (!ghcb || vmgexit_psc(ghcb, data)) sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PSC); @@ -886,29 +926,28 @@ static void __set_pages_state(struct snp_psc_desc *data, unsigned long vaddr, __sev_put_ghcb(&state); local_irq_restore(flags); + + /* Page validation must be performed after changing to private */ + if (op == SNP_PAGE_STATE_PRIVATE) + pvalidate_pages(data); + + return vaddr; } static void set_pages_state(unsigned long vaddr, unsigned long npages, int op) { - unsigned long vaddr_end, next_vaddr; struct snp_psc_desc desc; + unsigned long vaddr_end; /* Use the MSR protocol when a GHCB is not available. */ if (!boot_ghcb) - return early_set_pages_state(__pa(vaddr), npages, op); + return early_set_pages_state(vaddr, __pa(vaddr), npages, op); vaddr = vaddr & PAGE_MASK; vaddr_end = vaddr + (npages << PAGE_SHIFT); - while (vaddr < vaddr_end) { - /* Calculate the last vaddr that fits in one struct snp_psc_desc. */ - next_vaddr = min_t(unsigned long, vaddr_end, - (VMGEXIT_PSC_MAX_ENTRY * PAGE_SIZE) + vaddr); - - __set_pages_state(&desc, vaddr, next_vaddr, op); - - vaddr = next_vaddr; - } + while (vaddr < vaddr_end) + vaddr = __set_pages_state(&desc, vaddr, vaddr_end, op); } void snp_set_memory_shared(unsigned long vaddr, unsigned long npages) @@ -916,8 +955,6 @@ void snp_set_memory_shared(unsigned long vaddr, unsigned long npages) if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) return; - pvalidate_pages(vaddr, npages, false); - set_pages_state(vaddr, npages, SNP_PAGE_STATE_SHARED); } @@ -927,8 +964,6 @@ void snp_set_memory_private(unsigned long vaddr, unsigned long npages) return; set_pages_state(vaddr, npages, SNP_PAGE_STATE_PRIVATE); - - pvalidate_pages(vaddr, npages, true); } static int snp_set_vmsa(void *va, bool vmsa) From patchwork Fri May 19 16:30:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 96495 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp1367598vqo; Fri, 19 May 2023 09:39:05 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5bh+qoz/sI1iwK8Kwn2cySpvOpunfwBxAPWb1YREzwi30n36OPWgq9Gxd4osbO+XKNp9D/ X-Received: by 2002:a17:90b:3016:b0:253:37a9:178 with SMTP id hg22-20020a17090b301600b0025337a90178mr2624735pjb.45.1684514345386; Fri, 19 May 2023 09:39:05 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1684514345; cv=pass; d=google.com; s=arc-20160816; b=1D67lxDOnLU7pd350umAWPdWwu3//aEH1cSozpgybAq0PfXP/+kHBbCI0X/5F5FRIj DRnIv+ie67bgJpAb75pfFHjrd8zVI0yomDVtgdxYYhsmyukvPwgiYJxB05LEBLievpzA GaLs1TsmTJeIM64fgwrbjM+qFKlAyEgVWyVY3E8ES/1hlowtqrVjWT98txyEWXaSHhRg 6RPG4smTX/B+AGbaeKgYstFh3fAefCRonoDxh1U/WsQbS5M2QBhJC5qeRvZ5W7OT/DCv b+iF2OUy+52pc/6t+bP/QVfvemfl0IriQba82AOhDGlpA+QYFM4XS2sKzbiOY8iA1UBI b//w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=MRl98XliT95INHRWHlCFvP+XcTziK7Bl8ILB8nXUGFo=; b=p3yZrjh6UjNtig5L/MTyY5wt8VeU/Dfue9cbx9aKqGg1FxY9zcal4fw/8617QywLgu LHTM748haqr/TdMFkVYnckQAQPNgIEjS7u7S89rt/WeDwEyKDE8LFhGwPbesJeNupESC qUbXquftJ7jKFgMz64pggL+qg0MvJhf58RfL8AclAmGgOjKFdgtAocL7z+3CEozRrGuJ Ly15RDdMrzae3dEc2kOPx3oEaY5d4rfdur5vr7mSJPHPNekzxZGKglSQ4zNYrOdD/abF 6M+d+JriZjKUTktkFrTgoz8NrIF02oDs9WO51+TLoYAcNpXMM8GIRwOGXuD2FkOX67zc hnYg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=vvMulTe3; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g64-20020a636b43000000b005321c4f2f54si3738710pgc.844.2023.05.19.09.38.50; Fri, 19 May 2023 09:39:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=vvMulTe3; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230526AbjESQbq (ORCPT + 99 others); Fri, 19 May 2023 12:31:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55728 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230518AbjESQbo (ORCPT ); Fri, 19 May 2023 12:31:44 -0400 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2079.outbound.protection.outlook.com [40.107.223.79]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 988991718 for ; Fri, 19 May 2023 09:31:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HSNRQk34ppTuZ9+Ezbkm+KvNYc5CcpcX2yANahyThzz2oRnxT1Lu+XvYNXa02QYnd+7v5/iC34flklluutzMDGjCgsiJHX5aaoPtyg69fJ14GBhiyqaO7E5ZlA0euZ/lhr+J6nZC55l5LjEQHQ39olcPOno/gUTGGDUDBIX5Y3VBWr5a86gGa5H2qXF1aY7IbmkfIa9+gW/Ea6Hgqlwz2pIxzNSGSPlVmH++5i+6YByyK6kp2gRD0ftW+w9ECabh/PektIDXzmfJ8I4BEYp2IR1sfJuB2Vr/uI+h2BN7DtN4UimP6thTs9WL53Yn3JBNoAyaWZVjPDJJj1mphugeWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MRl98XliT95INHRWHlCFvP+XcTziK7Bl8ILB8nXUGFo=; b=BN5JeWqXnn2lGhobUI6inLNETU1ObwztKzT0O3m3mJEATJbEOjoIEjn9QxH5V5mo+1cY4jQkNMfha5lBbXLMCINevkj1SKBpKg9ES4XUwKBHEP7pbX50NEKTAjbBcURda37ZZmHVmGk6ECMhOXqZ0tH5CwU4Pjj8CXcmxG5BaxnhtOLVm7/PeUoqyo9gKB41pn+H86C8CzYMQcKMt8IM3sXoTQAQ+1j7hRwPl9YJHuvuLf7CSiUtgL0ARbM9Qv+hcBG64PbMXIYsKdAo2X6zWSGHzjkrmYtJvK5//fWDkBoJWtVm8RptE0Igqe/J0a9XwBDeCvIJm7SyfYqHcD16xA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MRl98XliT95INHRWHlCFvP+XcTziK7Bl8ILB8nXUGFo=; b=vvMulTe39pDz0yXXP+2/NIgHO3LKzytwlXjNP4/DPw+5Gz5E7IlRnTRF//85gIc/G7XkFDgyKzxeKD6PhqvmQGNuRENXLoqBr+tiG/aeAkVZ+lKsJwydp4efJdxqQ6/oTy/SCGxXn6bdfFNXlU/KMbHg5955foxwineXZUV+xhw= Received: from SJ0PR05CA0210.namprd05.prod.outlook.com (2603:10b6:a03:330::35) by CY5PR12MB6060.namprd12.prod.outlook.com (2603:10b6:930:2b::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.19; Fri, 19 May 2023 16:31:13 +0000 Received: from DM6NAM11FT087.eop-nam11.prod.protection.outlook.com (2603:10b6:a03:330:cafe::7e) by SJ0PR05CA0210.outlook.office365.com (2603:10b6:a03:330::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.7 via Frontend Transport; Fri, 19 May 2023 16:31:12 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DM6NAM11FT087.mail.protection.outlook.com (10.13.172.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6411.21 via Frontend Transport; Fri, 19 May 2023 16:31:12 +0000 Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Fri, 19 May 2023 11:31:09 -0500 From: Tom Lendacky To: , CC: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "Kirill A. Shutemov" , "H. Peter Anvin" , Michael Roth , Joerg Roedel , Dionna Glaze , Andy Lutomirski , Peter Zijlstra Subject: [RESEND PATCH v8 5/6] x86/sev: Add SNP-specific unaccepted memory support Date: Fri, 19 May 2023 11:30:12 -0500 Message-ID: <262831c7c519fedb1bdb3b51bf3019d49e68ff9e.1684513813.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.40.0 In-Reply-To: References: <20230518231434.26080-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM11FT087:EE_|CY5PR12MB6060:EE_ X-MS-Office365-Filtering-Correlation-Id: 2dba92e1-7264-4b72-ee6b-08db588675d4 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: xXBEQR5N8UW98zj3T4QfTh2t8DOQd6WgtgMYmj0EXvM4Pr2Cu2EWp+ctJRLlBlg0guC2YEbBQTFMdZvRkxtGcxPXerpNpFqZTOzwl24gaweZSaTiYofrqQJByNINU0SaE2puzPAMYJnEq1v+6B+O8nX6CVBfD+291rCnFA4WMUAXpGthW0XRFEhqijM9B4Z1pgJYhXNodORdbszi3HYnESeaBjbZAUKr1RaBitUZTZXJIA9L96bWfND3cfav7q38CYiilAoF3Qli4PMiIvzsbrKmf3JxwaQxsqxUWZk6XCp9Ibp3zw1dVXugKNhmlr5TEvKFsrCbk1DWziJN8qeLgGn9+z3t85NEkwOMMbFyByGVNCs+HhkiTjCCbx4yqFwMpj2zLggJNirNvmy+B1HyBZtcAQLGk0yeOEZhS6z/t90ak+TUlxMW+yfPGeyK3STl+TLSDuNS87mmia5x0s1DMGQFPgOeg27r8ldY0fDzb73q0g2zlsASSOxE61eBaInaa2a67DX48pzR0QH9EgiLFg1ZjfiuRV9S5XzxSYVNx6XqMaVBFJ+60tZQq3InmpfyM3c9PzJmmYM8TokyaNMHVzFkgTWBewciGZQQFvPOse7zRl9Y7k8YyxyslysvcgxeH6PTQG8mM5a2dXn6b141DaSmcqtNq/C+WMGxXPhk7TANCfPQUw7fJwutXQr+mPVcMANWL+phjluxC4b2Obxz1Dg/vaw3R8f8IC2UHVxVJfeDFT4yCe3GZ05fuwMTFEFQfK2jCvV1LpCQZLk1PrBgcQ== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(39860400002)(396003)(346002)(376002)(136003)(451199021)(36840700001)(40470700004)(46966006)(26005)(40460700003)(36756003)(40480700001)(47076005)(36860700001)(336012)(426003)(86362001)(83380400001)(82310400005)(2616005)(82740400003)(356005)(16526019)(186003)(81166007)(110136005)(54906003)(7416002)(478600001)(30864003)(2906002)(316002)(8936002)(4326008)(8676002)(41300700001)(5660300002)(70586007)(70206006)(6666004)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 May 2023 16:31:12.7714 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2dba92e1-7264-4b72-ee6b-08db588675d4 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT087.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR12MB6060 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, T_FILL_THIS_FORM_SHORT,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1766341313797317093?= X-GMAIL-MSGID: =?utf-8?q?1766341313797317093?= Add SNP-specific hooks to the unaccepted memory support in the boot path (__accept_memory()) and the core kernel (accept_memory()) in order to support booting SNP guests when unaccepted memory is present. Without this support, SNP guests will fail to boot and/or panic() when unaccepted memory is present in the EFI memory map. The process of accepting memory under SNP involves invoking the hypervisor to perform a page state change for the page to private memory and then issuing a PVALIDATE instruction to accept the page. Since the boot path and the core kernel paths perform similar operations, move the pvalidate_pages() and vmgexit_psc() functions into sev-shared.c to avoid code duplication. Create the new header file arch/x86/boot/compressed/sev.h because adding the function declaration to any of the existing SEV related header files pulls in too many other header files, causing the build to fail. Signed-off-by: Tom Lendacky --- arch/x86/Kconfig | 2 + arch/x86/boot/compressed/mem.c | 3 + arch/x86/boot/compressed/sev.c | 54 ++++++++++- arch/x86/boot/compressed/sev.h | 23 +++++ arch/x86/include/asm/sev.h | 3 + arch/x86/include/asm/unaccepted_memory.h | 3 + arch/x86/kernel/sev-shared.c | 103 +++++++++++++++++++++ arch/x86/kernel/sev.c | 112 +++-------------------- 8 files changed, 204 insertions(+), 99 deletions(-) create mode 100644 arch/x86/boot/compressed/sev.h diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 5c72067c06d4..b9c451f75d5e 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1543,11 +1543,13 @@ config X86_MEM_ENCRYPT config AMD_MEM_ENCRYPT bool "AMD Secure Memory Encryption (SME) support" depends on X86_64 && CPU_SUP_AMD + depends on EFI_STUB select DMA_COHERENT_POOL select ARCH_USE_MEMREMAP_PROT select INSTRUCTION_DECODER select ARCH_HAS_CC_PLATFORM select X86_MEM_ENCRYPT + select UNACCEPTED_MEMORY help Say yes to enable support for the encryption of system memory. This requires an AMD processor that supports Secure Memory diff --git a/arch/x86/boot/compressed/mem.c b/arch/x86/boot/compressed/mem.c index 8df3d988ae69..c8f2353f6894 100644 --- a/arch/x86/boot/compressed/mem.c +++ b/arch/x86/boot/compressed/mem.c @@ -3,6 +3,7 @@ #include "error.h" #include "misc.h" #include "tdx.h" +#include "sev.h" #include /* @@ -36,6 +37,8 @@ void arch_accept_memory(phys_addr_t start, phys_addr_t end) /* Platform-specific memory-acceptance call goes here */ if (early_is_tdx_guest()) tdx_accept_memory(start, end); + else if (sev_snp_enabled()) + snp_accept_memory(start, end); else error("Cannot accept memory: unknown platform\n"); } diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 014b89c89088..09dc8c187b3c 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -115,7 +115,7 @@ static enum es_result vc_read_mem(struct es_em_ctxt *ctxt, /* Include code for early handlers */ #include "../../kernel/sev-shared.c" -static inline bool sev_snp_enabled(void) +bool sev_snp_enabled(void) { return sev_status & MSR_AMD64_SEV_SNP_ENABLED; } @@ -181,6 +181,58 @@ static bool early_setup_ghcb(void) return true; } +static phys_addr_t __snp_accept_memory(struct snp_psc_desc *desc, + phys_addr_t pa, phys_addr_t pa_end) +{ + struct psc_hdr *hdr; + struct psc_entry *e; + unsigned int i; + + hdr = &desc->hdr; + memset(hdr, 0, sizeof(*hdr)); + + e = desc->entries; + + i = 0; + while (pa < pa_end && i < VMGEXIT_PSC_MAX_ENTRY) { + hdr->end_entry = i; + + e->gfn = pa >> PAGE_SHIFT; + e->operation = SNP_PAGE_STATE_PRIVATE; + if (IS_ALIGNED(pa, PMD_SIZE) && (pa_end - pa) >= PMD_SIZE) { + e->pagesize = RMP_PG_SIZE_2M; + pa += PMD_SIZE; + } else { + e->pagesize = RMP_PG_SIZE_4K; + pa += PAGE_SIZE; + } + + e++; + i++; + } + + if (vmgexit_psc(boot_ghcb, desc)) + sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PSC); + + pvalidate_pages(desc); + + return pa; +} + +void snp_accept_memory(phys_addr_t start, phys_addr_t end) +{ + struct snp_psc_desc desc = {}; + unsigned int i; + phys_addr_t pa; + + if (!boot_ghcb && !early_setup_ghcb()) + sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PSC); + + pa = start; + while (pa < end) + pa = __snp_accept_memory(&desc, pa, end); +} + void sev_es_shutdown_ghcb(void) { if (!boot_ghcb) diff --git a/arch/x86/boot/compressed/sev.h b/arch/x86/boot/compressed/sev.h new file mode 100644 index 000000000000..fc725a981b09 --- /dev/null +++ b/arch/x86/boot/compressed/sev.h @@ -0,0 +1,23 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * AMD SEV header for early boot related functions. + * + * Author: Tom Lendacky + */ + +#ifndef BOOT_COMPRESSED_SEV_H +#define BOOT_COMPRESSED_SEV_H + +#ifdef CONFIG_AMD_MEM_ENCRYPT + +bool sev_snp_enabled(void); +void snp_accept_memory(phys_addr_t start, phys_addr_t end); + +#else + +static inline bool sev_snp_enabled(void) { return false; } +static inline void snp_accept_memory(phys_addr_t start, phys_addr_t end) { } + +#endif + +#endif diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index e21e1c5397c1..86e1296e87f5 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -206,6 +206,7 @@ void snp_set_wakeup_secondary_cpu(void); bool snp_init(struct boot_params *bp); void __init __noreturn snp_abort(void); int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio); +void snp_accept_memory(phys_addr_t start, phys_addr_t end); #else static inline void sev_es_ist_enter(struct pt_regs *regs) { } static inline void sev_es_ist_exit(void) { } @@ -229,6 +230,8 @@ static inline int snp_issue_guest_request(u64 exit_code, struct snp_req_data *in { return -ENOTTY; } + +static inline void snp_accept_memory(phys_addr_t start, phys_addr_t end) { } #endif #endif diff --git a/arch/x86/include/asm/unaccepted_memory.h b/arch/x86/include/asm/unaccepted_memory.h index 72b354f992bb..ed3fcd3ac9dd 100644 --- a/arch/x86/include/asm/unaccepted_memory.h +++ b/arch/x86/include/asm/unaccepted_memory.h @@ -3,12 +3,15 @@ #include #include +#include static inline void arch_accept_memory(phys_addr_t start, phys_addr_t end) { /* Platform-specific memory-acceptance call goes here */ if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) { tdx_accept_memory(start, end); + } else if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) { + snp_accept_memory(start, end); } else { panic("Cannot accept memory: unknown platform\n"); } diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c index 3a5b0c9c4fcc..be312db48a49 100644 --- a/arch/x86/kernel/sev-shared.c +++ b/arch/x86/kernel/sev-shared.c @@ -12,6 +12,9 @@ #ifndef __BOOT_COMPRESSED #define error(v) pr_err(v) #define has_cpuflag(f) boot_cpu_has(f) +#else +#undef WARN +#define WARN(condition, format...) (!!(condition)) #endif /* I/O parameters for CPUID-related helpers */ @@ -991,3 +994,103 @@ static void __init setup_cpuid_table(const struct cc_blob_sev_info *cc_info) cpuid_ext_range_max = fn->eax; } } + +static void pvalidate_pages(struct snp_psc_desc *desc) +{ + struct psc_entry *e; + unsigned long vaddr; + unsigned int size; + unsigned int i; + bool validate; + int rc; + + for (i = 0; i <= desc->hdr.end_entry; i++) { + e = &desc->entries[i]; + + vaddr = (unsigned long)pfn_to_kaddr(e->gfn); + size = e->pagesize ? RMP_PG_SIZE_2M : RMP_PG_SIZE_4K; + validate = (e->operation == SNP_PAGE_STATE_PRIVATE) ? true : false; + + rc = pvalidate(vaddr, size, validate); + if (rc == PVALIDATE_FAIL_SIZEMISMATCH && size == RMP_PG_SIZE_2M) { + unsigned long vaddr_end = vaddr + PMD_SIZE; + + for (; vaddr < vaddr_end; vaddr += PAGE_SIZE) { + rc = pvalidate(vaddr, RMP_PG_SIZE_4K, validate); + if (rc) + break; + } + } + + if (rc) { + WARN(1, "Failed to validate address 0x%lx ret %d", vaddr, rc); + sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PVALIDATE); + } + } +} + +static int vmgexit_psc(struct ghcb *ghcb, struct snp_psc_desc *desc) +{ + int cur_entry, end_entry, ret = 0; + struct snp_psc_desc *data; + struct es_em_ctxt ctxt; + + vc_ghcb_invalidate(ghcb); + + /* Copy the input desc into GHCB shared buffer */ + data = (struct snp_psc_desc *)ghcb->shared_buffer; + memcpy(ghcb->shared_buffer, desc, min_t(int, GHCB_SHARED_BUF_SIZE, sizeof(*desc))); + + /* + * As per the GHCB specification, the hypervisor can resume the guest + * before processing all the entries. Check whether all the entries + * are processed. If not, then keep retrying. Note, the hypervisor + * will update the data memory directly to indicate the status, so + * reference the data->hdr everywhere. + * + * The strategy here is to wait for the hypervisor to change the page + * state in the RMP table before guest accesses the memory pages. If the + * page state change was not successful, then later memory access will + * result in a crash. + */ + cur_entry = data->hdr.cur_entry; + end_entry = data->hdr.end_entry; + + while (data->hdr.cur_entry <= data->hdr.end_entry) { + ghcb_set_sw_scratch(ghcb, (u64)__pa(data)); + + /* This will advance the shared buffer data points to. */ + ret = sev_es_ghcb_hv_call(ghcb, &ctxt, SVM_VMGEXIT_PSC, 0, 0); + + /* + * Page State Change VMGEXIT can pass error code through + * exit_info_2. + */ + if (WARN(ret || ghcb->save.sw_exit_info_2, + "SNP: PSC failed ret=%d exit_info_2=%llx\n", + ret, ghcb->save.sw_exit_info_2)) { + ret = 1; + goto out; + } + + /* Verify that reserved bit is not set */ + if (WARN(data->hdr.reserved, "Reserved bit is set in the PSC header\n")) { + ret = 1; + goto out; + } + + /* + * Sanity check that entry processing is not going backwards. + * This will happen only if hypervisor is tricking us. + */ + if (WARN(data->hdr.end_entry > end_entry || cur_entry > data->hdr.cur_entry, +"SNP: PSC processing going backward, end_entry %d (got %d) cur_entry %d (got %d)\n", + end_entry, data->hdr.end_entry, cur_entry, data->hdr.cur_entry)) { + ret = 1; + goto out; + } + } + +out: + return ret; +} diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index 8802a75e1c20..ea2546e5130f 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -657,38 +657,6 @@ static u64 __init get_jump_table_addr(void) return ret; } -static void pvalidate_pages(struct snp_psc_desc *desc) -{ - struct psc_entry *e; - unsigned long vaddr; - unsigned int size; - unsigned int i; - bool validate; - int rc; - - for (i = 0; i <= desc->hdr.end_entry; i++) { - e = &desc->entries[i]; - - vaddr = (unsigned long)pfn_to_kaddr(e->gfn); - size = e->pagesize ? RMP_PG_SIZE_2M : RMP_PG_SIZE_4K; - validate = (e->operation == SNP_PAGE_STATE_PRIVATE) ? true : false; - - rc = pvalidate(vaddr, size, validate); - if (rc == PVALIDATE_FAIL_SIZEMISMATCH && size == RMP_PG_SIZE_2M) { - unsigned long vaddr_end = vaddr + PMD_SIZE; - - for (; vaddr < vaddr_end; vaddr += PAGE_SIZE) { - rc = pvalidate(vaddr, RMP_PG_SIZE_4K, validate); - if (rc) - break; - } - } - - if (WARN(rc, "Failed to validate address 0x%lx ret %d", vaddr, rc)) - sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PVALIDATE); - } -} - static void early_set_pages_state(unsigned long vaddr, unsigned long paddr, unsigned long npages, enum psc_op op) { @@ -796,72 +764,6 @@ void __init snp_prep_memory(unsigned long paddr, unsigned int sz, enum psc_op op WARN(1, "invalid memory op %d\n", op); } -static int vmgexit_psc(struct ghcb *ghcb, struct snp_psc_desc *desc) -{ - int cur_entry, end_entry, ret = 0; - struct snp_psc_desc *data; - struct es_em_ctxt ctxt; - - vc_ghcb_invalidate(ghcb); - - /* Copy the input desc into GHCB shared buffer */ - data = (struct snp_psc_desc *)ghcb->shared_buffer; - memcpy(ghcb->shared_buffer, desc, min_t(int, GHCB_SHARED_BUF_SIZE, sizeof(*desc))); - - /* - * As per the GHCB specification, the hypervisor can resume the guest - * before processing all the entries. Check whether all the entries - * are processed. If not, then keep retrying. Note, the hypervisor - * will update the data memory directly to indicate the status, so - * reference the data->hdr everywhere. - * - * The strategy here is to wait for the hypervisor to change the page - * state in the RMP table before guest accesses the memory pages. If the - * page state change was not successful, then later memory access will - * result in a crash. - */ - cur_entry = data->hdr.cur_entry; - end_entry = data->hdr.end_entry; - - while (data->hdr.cur_entry <= data->hdr.end_entry) { - ghcb_set_sw_scratch(ghcb, (u64)__pa(data)); - - /* This will advance the shared buffer data points to. */ - ret = sev_es_ghcb_hv_call(ghcb, &ctxt, SVM_VMGEXIT_PSC, 0, 0); - - /* - * Page State Change VMGEXIT can pass error code through - * exit_info_2. - */ - if (WARN(ret || ghcb->save.sw_exit_info_2, - "SNP: PSC failed ret=%d exit_info_2=%llx\n", - ret, ghcb->save.sw_exit_info_2)) { - ret = 1; - goto out; - } - - /* Verify that reserved bit is not set */ - if (WARN(data->hdr.reserved, "Reserved bit is set in the PSC header\n")) { - ret = 1; - goto out; - } - - /* - * Sanity check that entry processing is not going backwards. - * This will happen only if hypervisor is tricking us. - */ - if (WARN(data->hdr.end_entry > end_entry || cur_entry > data->hdr.cur_entry, -"SNP: PSC processing going backward, end_entry %d (got %d) cur_entry %d (got %d)\n", - end_entry, data->hdr.end_entry, cur_entry, data->hdr.cur_entry)) { - ret = 1; - goto out; - } - } - -out: - return ret; -} - static unsigned long __set_pages_state(struct snp_psc_desc *data, unsigned long vaddr, unsigned long vaddr_end, int op) { @@ -966,6 +868,20 @@ void snp_set_memory_private(unsigned long vaddr, unsigned long npages) set_pages_state(vaddr, npages, SNP_PAGE_STATE_PRIVATE); } +void snp_accept_memory(phys_addr_t start, phys_addr_t end) +{ + unsigned long vaddr; + unsigned int npages; + + if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) + return; + + vaddr = (unsigned long)__va(start); + npages = (end - start) >> PAGE_SHIFT; + + set_pages_state(vaddr, npages, SNP_PAGE_STATE_PRIVATE); +} + static int snp_set_vmsa(void *va, bool vmsa) { u64 attrs; From patchwork Fri May 19 16:30:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 96517 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp1386061vqo; Fri, 19 May 2023 10:06:18 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4iS+o4b3WVCjoo/JKeZQAk//HkKGGF/LZCSS+fsUIVz4ea9/DVL0VVBFBFQAlv7sS2Owfb X-Received: by 2002:a17:90a:2806:b0:253:e0e1:618f with SMTP id e6-20020a17090a280600b00253e0e1618fmr472253pjd.29.1684515978551; Fri, 19 May 2023 10:06:18 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1684515978; cv=pass; d=google.com; s=arc-20160816; b=EY/3JKNZPBFpxMGatSvpkfVf8HDLhVaJUKWEo5R8j4U3oWCie70Odn//jwdE/VVvaW xIVRsAwIS5Ez5WVFOrbrqlp8jPmb7pv15BqS+C6siFJsVkEzfPmK7kAoERNaJHIP6C19 Km0p0V/HFKZDmOsuunVIF3GGWfrurqZJ3qLb23ux8YFnh8DgrpjgUsW4IEshLIfd982N ZpC2IQzThZf9owTJ56xffUsf06cizr+OQYZt5+D3bZItwA1KQpfBtKAbXrr6jBn6wKX4 LsOQ52D4nP1XEAW3Lq0NCZny6D1QNcqaTE/Nky04l6rdmwITV23TyhbGwh/+0nMRruK3 hzNg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=MH9GCEWsgAt9YKaKenSWcFZ6c7NWvrzv26GHiVvz04o=; b=j8IhLLPCZrjZq2SpU1eunwWTT24llK6/qKatmizuqxuqbvrq8YrIsVny4EnlnniaLY CsW/PY8QpoUC8GkOGmp5HekGPf0WB4ybo8GWodQuNJ/JKoBqfWtSbIfWj1Dy+IF6SIHc QQPYoS01wBd/oBsRytcLufV26kGenPfV1rwSoRze7REtyMUUCAcq2ccM42g8HedAD28b 7phJL5l3JG9CfEe8QmtQhgnYOYPBMH9yPLzEarb91NXXc7kJ6MoQ+JS265ardqY14fER LYfEkqqJCgh4uuxF4zQ/BOTRJgQSqHg6h371KmvLoclIA1BFJKEJsEYyyXztzDS9jrPh RY5g== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=Jb3vWBKq; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c9-20020a63a409000000b0053070cb6da8si97856pgf.99.2023.05.19.10.05.50; Fri, 19 May 2023 10:06:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=Jb3vWBKq; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231165AbjESQcD (ORCPT + 99 others); Fri, 19 May 2023 12:32:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55868 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230518AbjESQb5 (ORCPT ); Fri, 19 May 2023 12:31:57 -0400 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2040.outbound.protection.outlook.com [40.107.236.40]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F2E7310F9 for ; Fri, 19 May 2023 09:31:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ljeGTnfaFvG6KsoFBQ+ghS1FTM8CfWSNtcXKhzGpm6A7Z3FDsF4N9uaJVNTJrCWhFhm1O1SKPwICwlJJLLxY2wyqjuPvdRGTlLK2uNkjiVYHOEhsCbzf7FAi38PPWknjXb5cMpRRJn5mo8bQxVO8O+IEmIgb4GjlWHLcdDbFxNDg/n1nwZId4NMzJYJt20S7mFLrsstJD+NFnQMt4DqMuNuFY7oM2Qtu2z+RfYIGxFbeTFqN5kaIwWTUXmV8i0WtT3UL/h0S+qx1HNAG9A9dDQ2Wp8TbhahsnCvWWubfJfgsH6swI5xxt5e4p4Od8OWVrV1Df9v7hhrPKjDyVPPuyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MH9GCEWsgAt9YKaKenSWcFZ6c7NWvrzv26GHiVvz04o=; b=gN7qlV7033lFckMMoOmLZsNiFJwQX0cQ+vzgH+dM1gOuIMkZ4n4r98l7bduRQ2CafvvwnAl2Q9RxCklZ+CoY30r8TnrolJ3bW9ztCyPWrP/ix5C63peK7haZgzfgDFtRf44gyPhmtm4SreIb7NoNy1T3HVn076r5SRJieoo4viqDdw87EnfVyhdMvLsCTyi/l9TTKBhQToj9rrjSaeDwkc90oZggM/NmhnpHqUkD2c/5LAnnqOjTRrY0CT/EXdtqbAGMpxbt4cGsno9NtjKA07cD2KyCzYMwj/ZnVHNFUTx0SYdRt2UcW0YZBH2Y1fPjZTQlbOBLAUJp3vq5o4y6xw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MH9GCEWsgAt9YKaKenSWcFZ6c7NWvrzv26GHiVvz04o=; b=Jb3vWBKq+0BbPU1Af1yIsBj0zwifNXhDnUgd1vz48y+7GSeLJpY9lf29I6lauM1h3Px9XzN2cpZ0FBTW1nTkZT34f14Pr8lfTc6tPyM4KdxorxwDN24rRXWniCb2pWStaJ/OYFHt0ir8bIFawgSlJkE+ENU/yDaU7aLOpYSnRfY= Received: from DM6PR13CA0022.namprd13.prod.outlook.com (2603:10b6:5:bc::35) by BY5PR12MB4919.namprd12.prod.outlook.com (2603:10b6:a03:1d6::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.33; Fri, 19 May 2023 16:31:23 +0000 Received: from DM6NAM11FT082.eop-nam11.prod.protection.outlook.com (2603:10b6:5:bc:cafe::50) by DM6PR13CA0022.outlook.office365.com (2603:10b6:5:bc::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.7 via Frontend Transport; Fri, 19 May 2023 16:31:21 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DM6NAM11FT082.mail.protection.outlook.com (10.13.173.107) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6411.21 via Frontend Transport; Fri, 19 May 2023 16:31:21 +0000 Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Fri, 19 May 2023 11:31:19 -0500 From: Tom Lendacky To: , CC: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "Kirill A. Shutemov" , "H. Peter Anvin" , Michael Roth , Joerg Roedel , Dionna Glaze , Andy Lutomirski , Peter Zijlstra , Ard Biescheuvel , "Min M. Xu" , Gerd Hoffmann , James Bottomley , Tom Lendacky , Jiewen Yao , Erdem Aktas , "Kirill A. Shutemov" Subject: [RESEND PATCH v8 6/6] x86/efi: Safely enable unaccepted memory in UEFI Date: Fri, 19 May 2023 11:30:13 -0500 Message-ID: <430269747cb961c7e70288b5808925f4fa4c544d.1684513813.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.40.0 In-Reply-To: References: <20230518231434.26080-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM11FT082:EE_|BY5PR12MB4919:EE_ X-MS-Office365-Filtering-Correlation-Id: 6f698388-b5db-4b14-4a4d-08db58867b31 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: zWY6vejXYPtE/Ak68a7ThSXn2M3vKQVjEPa2EF4jdG1FvYlqhlz9DpC7UlKJZ9BvyE89kJ5JMvtY3M1LXY2RedkV7rfycc1YZ4DOw36fpsOpXmPbg0tNH3PPcrGM0AtdHkwINNILHk1PVE6G9lK4odzvpf6HgkNXUZN8ISVYwFsHnoXPRFm5Ui8rEQYu5QtGp7SUg0OzXMNLU9LI3/4lqOAR96c1grgGkTmJBgpeSPtvDDKndtdDmoKjTU7OtbvTtPd8qabD/uD9M9hNOgP0i1FdPm+hkoGP7LaQmFHhw5oq444FEHCTKbs3QbI5cyN2gY3oFRnULo7gL6FYzg6Yn24aDTcrVAnwrvzh7XTdC/I+yXjgT1qCnrLzip4GPRtaTc+RuVviY+Zmc6BqJeJSr6LMr3UOkDOcxKT90dSTcPI69UD0Ufv3cGUN0emagrO9ZnFySnFAnqRYVB6Va9frFeHxtgXGfNShGp2XfGWnDPRtOog+/UM5HUOef1mZgS/+qasx9ESh8O10PfXkA5DIEgUa67mGQSTORaPfbgqsTp+4pAiYPFj0l853bXY05ElG08pz+WBUb8Bccg0RUrY7yUYb+iq9A5cwQGCY4wi7eHm7eDmylhzOpZfj4PzJxBMFGMG/0XmIYehSYGqeW9D4YpT8JYMPowjBPXcaHj2a14xMJQh6Tyav2hbXvlRnTGY1Fz6FtJkx2SLemHu7ojuJtWRyXPrIUl3ZTrzhSeJHJu5NQA14G9Y1uEgyNJlgQnLlKmsGrTohZizZXtAON1krPQ== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(136003)(346002)(376002)(396003)(39860400002)(451199021)(40470700004)(46966006)(36840700001)(6666004)(40480700001)(16526019)(40460700003)(186003)(5660300002)(26005)(7416002)(82310400005)(86362001)(8936002)(41300700001)(82740400003)(356005)(4326008)(70586007)(70206006)(54906003)(81166007)(336012)(316002)(8676002)(2616005)(36860700001)(426003)(36756003)(2906002)(110136005)(47076005)(478600001)(83380400001)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 May 2023 16:31:21.8122 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6f698388-b5db-4b14-4a4d-08db58867b31 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT082.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB4919 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1766341038449099882?= X-GMAIL-MSGID: =?utf-8?q?1766343026816031926?= From: Dionna Glaze The UEFI v2.9 specification includes a new memory type to be used in environments where the OS must accept memory that is provided from its host. Before the introduction of this memory type, all memory was accepted eagerly in the firmware. In order for the firmware to safely stop accepting memory on the OS's behalf, the OS must affirmatively indicate support to the firmware. This is only a problem for AMD SEV-SNP, since Linux has had support for it since 5.19. The other technology that can make use of unaccepted memory, Intel TDX, does not yet have Linux support, so it can strictly require unaccepted memory support as a dependency of CONFIG_TDX and not require communication with the firmware. Enabling unaccepted memory requires calling a 0-argument enablement protocol before ExitBootServices. This call is only made if the kernel is compiled with UNACCEPTED_MEMORY=y This protocol will be removed after the end of life of the first LTS that includes it, in order to give firmware implementations an expiration date for it. When the protocol is removed, firmware will strictly infer that a SEV-SNP VM is running an OS that supports the unaccepted memory type. At the earliest convenience, when unaccepted memory support is added to Linux, SEV-SNP may take strict dependence in it. After the firmware removes support for the protocol, this patch should be reverted. [tl: address some checkscript warnings] Cc: Ard Biescheuvel Cc: "Min M. Xu" Cc: Gerd Hoffmann Cc: James Bottomley Cc: Tom Lendacky Cc: Jiewen Yao Cc: Erdem Aktas Cc: "Kirill A. Shutemov" Cc: Dave Hansen Cc: Borislav Petkov Signed-off-by: Dionna Glaze Signed-off-by: Tom Lendacky --- drivers/firmware/efi/libstub/x86-stub.c | 36 +++++++++++++++++++++++++ include/linux/efi.h | 3 +++ 2 files changed, 39 insertions(+) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index 8d17cee8b98e..e2193dbe1f66 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -26,6 +26,17 @@ const efi_dxe_services_table_t *efi_dxe_table; u32 image_offset __section(".data"); static efi_loaded_image_t *image = NULL; +typedef union sev_memory_acceptance_protocol sev_memory_acceptance_protocol_t; +union sev_memory_acceptance_protocol { + struct { + efi_status_t (__efiapi * allow_unaccepted_memory)( + sev_memory_acceptance_protocol_t *); + }; + struct { + u32 allow_unaccepted_memory; + } mixed_mode; +}; + static efi_status_t preserve_pci_rom_image(efi_pci_io_protocol_t *pci, struct pci_setup_rom **__rom) { @@ -310,6 +321,29 @@ setup_memory_protection(unsigned long image_base, unsigned long image_size) #endif } +static void setup_unaccepted_memory(void) +{ + efi_guid_t mem_acceptance_proto = OVMF_SEV_MEMORY_ACCEPTANCE_PROTOCOL_GUID; + sev_memory_acceptance_protocol_t *proto; + efi_status_t status; + + if (!IS_ENABLED(CONFIG_UNACCEPTED_MEMORY)) + return; + + /* + * Enable unaccepted memory before calling exit boot services in order + * for the UEFI to not accept all memory on EBS. + */ + status = efi_bs_call(locate_protocol, &mem_acceptance_proto, NULL, + (void **)&proto); + if (status != EFI_SUCCESS) + return; + + status = efi_call_proto(proto, allow_unaccepted_memory); + if (status != EFI_SUCCESS) + efi_err("Memory acceptance protocol failed\n"); +} + static const efi_char16_t apple[] = L"Apple"; static void setup_quirks(struct boot_params *boot_params, @@ -908,6 +942,8 @@ asmlinkage unsigned long efi_main(efi_handle_t handle, setup_quirks(boot_params, bzimage_addr, buffer_end - buffer_start); + setup_unaccepted_memory(); + status = exit_boot(boot_params, handle); if (status != EFI_SUCCESS) { efi_err("exit_boot() failed!\n"); diff --git a/include/linux/efi.h b/include/linux/efi.h index 9864f9c00da2..8c5abcf70a05 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -437,6 +437,9 @@ void efi_native_runtime_setup(void); #define DELLEMC_EFI_RCI2_TABLE_GUID EFI_GUID(0x2d9f28a2, 0xa886, 0x456a, 0x97, 0xa8, 0xf1, 0x1e, 0xf2, 0x4f, 0xf4, 0x55) #define AMD_SEV_MEM_ENCRYPT_GUID EFI_GUID(0x0cf29b71, 0x9e51, 0x433a, 0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75) +/* OVMF protocol GUIDs */ +#define OVMF_SEV_MEMORY_ACCEPTANCE_PROTOCOL_GUID EFI_GUID(0xc5a010fe, 0x38a7, 0x4531, 0x8a, 0x4a, 0x05, 0x00, 0xd2, 0xfd, 0x16, 0x49) + typedef struct { efi_guid_t guid; u64 table;