From patchwork Wed Jan 10 06:22:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zheyun Shen X-Patchwork-Id: 186686 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2411:b0:101:2151:f287 with SMTP id m17csp608354dyi; Tue, 9 Jan 2024 22:23:08 -0800 (PST) X-Google-Smtp-Source: AGHT+IFcHPLEIZgojGPnCW88SKuqr+4gVWB+GcVNB9ct+FsICCaqNkLDdGBcTJiyNOpdxBxt9xhV X-Received: by 2002:a17:903:40c2:b0:1d3:77b0:39ab with SMTP id t2-20020a17090340c200b001d377b039abmr410461pld.4.1704867788582; Tue, 09 Jan 2024 22:23:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704867788; cv=none; d=google.com; s=arc-20160816; b=d0xSbvQ8apVWf4eCTTxv7Mwen4Q9mQtojITLgmKX8JsG7RiKfl8DpHFRXzGWqo10Ef gfXsrQU5IyR0QVps9CjldirXtjBSqQpyg73d+i4VKHnu1xcXhu38Tzp57xgx6BZE2wUb J9o6gttYn8rxak9Q5I00fMJUALxRm4ptndclMgmsBqScMGCHlgdJxCRZSVD6ALiYuJgh xP2nepcrC5q1lMTxlsx8JgSscX3Vlz/93V/O9PpOKAp4U6KCIAej+iGpyjgw83nDfr64 8ggy1+Oqf7V2MLvei6Z39n6yswB0AqkvofEIcEl4f6slRRB8Uy3ZxEVkIZwerX3yt9WR tDJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=thread-topic:thread-index:content-transfer-encoding:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:subject :message-id:cc:to:from:date; bh=5Uj66djizm046Zc4iGV7sOsWD9cEZjulmkky9fGMjRU=; fh=HBWjq0NvVpGyCgFngWH8o+BXnFlksBA2/MWQzQkkS3w=; b=jv/czHRnCUN5IJRDvsZ7uP4LKyTZq8PX61bjtvsjJuF+yhSBs7oixXAUenblx2wJ9D y3ieyxcV/ZezKDlmt6jWWIDG2ybMkRmBQ3ufSA7A6BaS5zbqGSqG2XXZJj3erQyCR8yH xmGgALfkm/kJ3jGmbY6TLns2fOht63bIvggILoi21X3RurmA5oI8rOJKoIrw7vQUQAC7 LffpDKw83mDi2RuFbu6O5Jg/pr75GOHgBlESYvJo4rAAhOXqWDaWzJK7EH0QQ5UcfwJc 1MuZ3rXKzW3lNkcMhbTcP/FHZgJP/K6MxCvV3affYBhiLGq+OzbpysfHzbVuk08RAvDr VxaQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-21745-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21745-ouuuleilei=gmail.com@vger.kernel.org" Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id p7-20020a170902e74700b001d573476f54si561802plf.241.2024.01.09.22.23.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 22:23:08 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-21745-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-21745-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21745-ouuuleilei=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 5BF9428A359 for ; Wed, 10 Jan 2024 06:23:08 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4457F360BF; Wed, 10 Jan 2024 06:22:51 +0000 (UTC) Received: from smtp238.sjtu.edu.cn (smtp238.sjtu.edu.cn [202.120.2.238]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2C95A2E623 for ; Wed, 10 Jan 2024 06:22:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=sjtu.edu.cn Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sjtu.edu.cn Received: from mta90.sjtu.edu.cn (unknown [10.118.0.90]) by smtp238.sjtu.edu.cn (Postfix) with ESMTPS id 96E9AFD3; Wed, 10 Jan 2024 14:22:43 +0800 (CST) Received: from mstore135.sjtu.edu.cn (unknown [10.118.0.135]) by mta90.sjtu.edu.cn (Postfix) with ESMTP id 1B5C537C878; Wed, 10 Jan 2024 14:22:43 +0800 (CST) Date: Wed, 10 Jan 2024 14:22:42 +0800 (CST) From: Zheyun Shen To: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev Cc: mst , david , jasowang@redhat.com, xuanzhuo@linux.alibaba.com Message-ID: <2035137075.1083380.1704867762955.JavaMail.zimbra@sjtu.edu.cn> Subject: [PATCH] driver/virtio: Add Memory Balloon Support for SEV/SEV-ES Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mailer: Zimbra 10.0.5_GA_4574 (ZimbraWebClient - GC120 (Win)/10.0.5_GA_4574) Thread-Index: nRAlPVyQalrgrDDzaMwssMGu/GR6fw== Thread-Topic: driver/virtio: Add Memory Balloon Support for SEV/SEV-ES X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1787683446333851910 X-GMAIL-MSGID: 1787683446333851910 For now, SEV pins guest's memory to avoid swapping or moving ciphertext, but leading to the inhibition of Memory Ballooning. In Memory Ballooning, only guest's free pages will be relocated in balloon inflation and deflation, so the difference of plaintext doesn't matter to guest. Memory Ballooning is a nice memory overcommitment technology can be used in CVM based on SEV and SEV-ES, so userspace tools can provide an option to allow SEV not to pin memory and enable Memory Ballooning. Guest kernel may not inhibit Balloon and should set shared memory for Balloon decrypted. Signed-off-by: Zheyun Shen --- drivers/virtio/virtio_balloon.c | 18 ++++++++++++++++++ drivers/virtio/virtio_ring.c | 7 +++++++ 2 files changed, 25 insertions(+) -- 2.34.1 diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c index 1fe93e93f..aca4c8a58 100644 --- a/drivers/virtio/virtio_balloon.c +++ b/drivers/virtio/virtio_balloon.c @@ -18,6 +18,9 @@ #include #include #include +#ifdef CONFIG_AMD_MEM_ENCRYPT +#include +#endif /* * Balloon device works in 4K page units. So each page is pointed to by @@ -870,6 +873,9 @@ static int virtio_balloon_register_shrinker(struct virtio_balloon *vb) static int virtballoon_probe(struct virtio_device *vdev) { struct virtio_balloon *vb; +#ifdef CONFIG_AMD_MEM_ENCRYPT + size_t vb_size = PAGE_ALIGN(sizeof(*vb)); +#endif int err; if (!vdev->config->get) { @@ -878,11 +884,19 @@ static int virtballoon_probe(struct virtio_device *vdev) return -EINVAL; } +#ifdef CONFIG_AMD_MEM_ENCRYPT + vdev->priv = vb = kzalloc(vb_size, GFP_KERNEL); +#else vdev->priv = vb = kzalloc(sizeof(*vb), GFP_KERNEL); +#endif if (!vb) { err = -ENOMEM; goto out; } +#ifdef CONFIG_AMD_MEM_ENCRYPT + set_memory_decrypted((unsigned long)vb, vb_size / PAGE_SIZE); + memset(vb, 0, vb_size); +#endif INIT_WORK(&vb->update_balloon_stats_work, update_balloon_stats_func); INIT_WORK(&vb->update_balloon_size_work, update_balloon_size_func); @@ -1101,7 +1115,11 @@ static int virtballoon_validate(struct virtio_device *vdev) else if (!virtio_has_feature(vdev, VIRTIO_BALLOON_F_PAGE_POISON)) __virtio_clear_bit(vdev, VIRTIO_BALLOON_F_REPORTING); +#ifdef CONFIG_AMD_MEM_ENCRYPT + __virtio_set_bit(vdev, VIRTIO_F_ACCESS_PLATFORM); +#else __virtio_clear_bit(vdev, VIRTIO_F_ACCESS_PLATFORM); +#endif return 0; } diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c index 49299b1f9..875612a2e 100644 --- a/drivers/virtio/virtio_ring.c +++ b/drivers/virtio/virtio_ring.c @@ -14,6 +14,9 @@ #include #include #include +#ifdef CONFIG_AMD_MEM_ENCRYPT +#include +#endif #ifdef DEBUG /* For development, we want to crash whenever the ring is screwed. */ @@ -321,6 +324,10 @@ static void *vring_alloc_queue(struct virtio_device *vdev, size_t size, if (queue) { phys_addr_t phys_addr = virt_to_phys(queue); *dma_handle = (dma_addr_t)phys_addr; +#ifdef CONFIG_AMD_MEM_ENCRYPT + set_memory_decrypted((unsigned long)queue, PAGE_ALIGN(size) / PAGE_SIZE); + memset(queue, 0, PAGE_ALIGN(size)); +#endif /* * Sanity check: make sure we dind't truncate