2020-09-17 21:25:45

by Krish Sadhukhan

[permalink] [raw]
Subject: [PATCH 0/3 v4] x86: AMD: Don't flush cache if hardware enforces cache coherency across encryption domains

v3 -> v4:
1. Patch# 1 from v3 has been dropped.
2. The CPUID feature for hardware-enforced cache coherency has been
renamed.

[PATCH 1/3 v4] x86: AMD: Add hardware-enforced cache coherency as a
[PATCH 2/3 v4] x86: AMD: Don't flush cache if hardware enforces cache
[PATCH 3/3 v4] KVM: SVM: Don't flush cache if hardware enforces cache

arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/kernel/cpu/scattered.c | 1 +
arch/x86/kvm/svm/sev.c | 3 ++-
arch/x86/mm/pat/set_memory.c | 2 +-
4 files changed, 5 insertions(+), 2 deletions(-)

Krish Sadhukhan (3):
x86: AMD: Add hardware-enforced cache coherency as a CPUID feature
x86: AMD: Don't flush cache if hardware enforces cache coherency across encryption domnains
KVM: SVM: Don't flush cache if hardware enforces cache coherency across encryption domains


2020-09-17 21:26:36

by Krish Sadhukhan

[permalink] [raw]
Subject: [PATCH 1/3 v4] x86: AMD: Add hardware-enforced cache coherency as a CPUID feature

In some hardware implementations, coherency between the encrypted and
unencrypted mappings of the same physical page is enforced. In such a system,
it is not required for software to flush the page from all CPU caches in the
system prior to changing the value of the C-bit for a page. This hardware-
enforced cache coherency is indicated by EAX[10] in CPUID leaf 0x8000001f.

Suggested-by: Tom Lendacky <[email protected]>
Signed-off-by: Krish Sadhukhan <[email protected]>
---
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/kernel/cpu/scattered.c | 1 +
2 files changed, 2 insertions(+)

diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index 2901d5df4366..c3fada5f5f71 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -288,6 +288,7 @@
#define X86_FEATURE_FENCE_SWAPGS_USER (11*32+ 4) /* "" LFENCE in user entry SWAPGS path */
#define X86_FEATURE_FENCE_SWAPGS_KERNEL (11*32+ 5) /* "" LFENCE in kernel entry SWAPGS path */
#define X86_FEATURE_SPLIT_LOCK_DETECT (11*32+ 6) /* #AC for split lock */
+#define X86_FEATURE_SME_COHERENT (11*32+ 7) /* "" AMD hardware-enforced cache coherency */

/* Intel-defined CPU features, CPUID level 0x00000007:1 (EAX), word 12 */
#define X86_FEATURE_AVX512_BF16 (12*32+ 5) /* AVX512 BFLOAT16 instructions */
diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c
index 62b137c3c97a..0bc2668f22e6 100644
--- a/arch/x86/kernel/cpu/scattered.c
+++ b/arch/x86/kernel/cpu/scattered.c
@@ -41,6 +41,7 @@ static const struct cpuid_bit cpuid_bits[] = {
{ X86_FEATURE_MBA, CPUID_EBX, 6, 0x80000008, 0 },
{ X86_FEATURE_SME, CPUID_EAX, 0, 0x8000001f, 0 },
{ X86_FEATURE_SEV, CPUID_EAX, 1, 0x8000001f, 0 },
+ { X86_FEATURE_SME_COHERENT, CPUID_EAX, 10, 0x8000001f, 0 },
{ 0, 0, 0, 0, 0 }
};

--
2.18.4

2020-09-17 21:27:27

by Krish Sadhukhan

[permalink] [raw]
Subject: [PATCH 3/3 v4] KVM: SVM: Don't flush cache if hardware enforces cache coherency across encryption domains

In some hardware implementations, coherency between the encrypted and
unencrypted mappings of the same physical page in a VM is enforced. In such a
system, it is not required for software to flush the VM's page from all CPU
caches in the system prior to changing the value of the C-bit for the page.

Signed-off-by: Krish Sadhukhan <[email protected]>
---
arch/x86/kvm/svm/sev.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 7bf7bf734979..3c9a45efdd4d 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -384,7 +384,8 @@ static void sev_clflush_pages(struct page *pages[], unsigned long npages)
uint8_t *page_virtual;
unsigned long i;

- if (npages == 0 || pages == NULL)
+ if (this_cpu_has(X86_FEATURE_SME_COHERENT) || npages == 0 ||
+ pages == NULL)
return;

for (i = 0; i < npages; i++) {
--
2.18.4

2020-09-17 21:28:48

by Krish Sadhukhan

[permalink] [raw]
Subject: [PATCH 2/3 v4] x86: AMD: Don't flush cache if hardware enforces cache coherency across encryption domnains

In some hardware implementations, coherency between the encrypted and
unencrypted mappings of the same physical page is enforced. In such a system,
it is not required for software to flush the page from all CPU caches in the
system prior to changing the value of the C-bit for the page.

Suggested-by: Tom Lendacky <[email protected]>
Signed-off-by: Krish Sadhukhan <[email protected]>
---
arch/x86/mm/pat/set_memory.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c
index d1b2a889f035..40baa90e74f4 100644
--- a/arch/x86/mm/pat/set_memory.c
+++ b/arch/x86/mm/pat/set_memory.c
@@ -1999,7 +1999,7 @@ static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc)
/*
* Before changing the encryption attribute, we need to flush caches.
*/
- cpa_flush(&cpa, 1);
+ cpa_flush(&cpa, !this_cpu_has(X86_FEATURE_SME_COHERENT));

ret = __change_page_attr_set_clr(&cpa, 1);

--
2.18.4

Subject: [tip: x86/cpu] x86/cpu: Add hardware-enforced cache coherency as a CPUID feature

The following commit has been merged into the x86/cpu branch of tip:

Commit-ID: f1f325183519ba25370765607e2732d6edf53de1
Gitweb: https://git.kernel.org/tip/f1f325183519ba25370765607e2732d6edf53de1
Author: Krish Sadhukhan <[email protected]>
AuthorDate: Thu, 17 Sep 2020 21:20:36
Committer: Borislav Petkov <[email protected]>
CommitterDate: Fri, 18 Sep 2020 09:46:06 +02:00

x86/cpu: Add hardware-enforced cache coherency as a CPUID feature

In some hardware implementations, coherency between the encrypted and
unencrypted mappings of the same physical page is enforced. In such a system,
it is not required for software to flush the page from all CPU caches in the
system prior to changing the value of the C-bit for a page. This hardware-
enforced cache coherency is indicated by EAX[10] in CPUID leaf 0x8000001f.

Suggested-by: Tom Lendacky <[email protected]>
Signed-off-by: Krish Sadhukhan <[email protected]>
Signed-off-by: Borislav Petkov <[email protected]>
Link: https://lkml.kernel.org/r/[email protected]
---
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/kernel/cpu/scattered.c | 1 +
2 files changed, 2 insertions(+)

diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index 83fc9d3..ba6e8f4 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -288,6 +288,7 @@
#define X86_FEATURE_FENCE_SWAPGS_USER (11*32+ 4) /* "" LFENCE in user entry SWAPGS path */
#define X86_FEATURE_FENCE_SWAPGS_KERNEL (11*32+ 5) /* "" LFENCE in kernel entry SWAPGS path */
#define X86_FEATURE_SPLIT_LOCK_DETECT (11*32+ 6) /* #AC for split lock */
+#define X86_FEATURE_SME_COHERENT (11*32+ 7) /* "" AMD hardware-enforced cache coherency */

/* Intel-defined CPU features, CPUID level 0x00000007:1 (EAX), word 12 */
#define X86_FEATURE_AVX512_BF16 (12*32+ 5) /* AVX512 BFLOAT16 instructions */
diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c
index 62b137c..3221b71 100644
--- a/arch/x86/kernel/cpu/scattered.c
+++ b/arch/x86/kernel/cpu/scattered.c
@@ -41,6 +41,7 @@ static const struct cpuid_bit cpuid_bits[] = {
{ X86_FEATURE_MBA, CPUID_EBX, 6, 0x80000008, 0 },
{ X86_FEATURE_SME, CPUID_EAX, 0, 0x8000001f, 0 },
{ X86_FEATURE_SEV, CPUID_EAX, 1, 0x8000001f, 0 },
+ { X86_FEATURE_SME_COHERENT, CPUID_EAX, 10, 0x8000001f, 0 },
{ 0, 0, 0, 0, 0 }
};

2020-09-18 08:17:59

by Borislav Petkov

[permalink] [raw]
Subject: Re: [PATCH 3/3 v4] KVM: SVM: Don't flush cache if hardware enforces cache coherency across encryption domains

On Thu, Sep 17, 2020 at 09:20:38PM +0000, Krish Sadhukhan wrote:
> In some hardware implementations, coherency between the encrypted and
> unencrypted mappings of the same physical page in a VM is enforced. In such a
> system, it is not required for software to flush the VM's page from all CPU
> caches in the system prior to changing the value of the C-bit for the page.
>
> Signed-off-by: Krish Sadhukhan <[email protected]>
> ---
> arch/x86/kvm/svm/sev.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index 7bf7bf734979..3c9a45efdd4d 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -384,7 +384,8 @@ static void sev_clflush_pages(struct page *pages[], unsigned long npages)
> uint8_t *page_virtual;
> unsigned long i;
>
> - if (npages == 0 || pages == NULL)
> + if (this_cpu_has(X86_FEATURE_SME_COHERENT) || npages == 0 ||
> + pages == NULL)
> return;
>
> for (i = 0; i < npages; i++) {
> --

Took the first two, Paolo lemme know if I should route this one through
tip too.

Thx.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Subject: [tip: x86/cpu] x86/mm/pat: Don't flush cache if hardware enforces cache coherency across encryption domnains

The following commit has been merged into the x86/cpu branch of tip:

Commit-ID: 789521fca70ec8cb98f7257b880405e46f8a47a1
Gitweb: https://git.kernel.org/tip/789521fca70ec8cb98f7257b880405e46f8a47a1
Author: Krish Sadhukhan <[email protected]>
AuthorDate: Thu, 17 Sep 2020 21:20:37
Committer: Borislav Petkov <[email protected]>
CommitterDate: Fri, 18 Sep 2020 09:48:22 +02:00

x86/mm/pat: Don't flush cache if hardware enforces cache coherency across encryption domnains

In some hardware implementations, coherency between the encrypted and
unencrypted mappings of the same physical page is enforced. In such a
system, it is not required for software to flush the page from all CPU
caches in the system prior to changing the value of the C-bit for the
page. So check that bit before flushing the cache.

[ bp: Massage commit message. ]

Suggested-by: Tom Lendacky <[email protected]>
Signed-off-by: Krish Sadhukhan <[email protected]>
Signed-off-by: Borislav Petkov <[email protected]>
Link: https://lkml.kernel.org/r/[email protected]
---
arch/x86/mm/pat/set_memory.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c
index d1b2a88..40baa90 100644
--- a/arch/x86/mm/pat/set_memory.c
+++ b/arch/x86/mm/pat/set_memory.c
@@ -1999,7 +1999,7 @@ static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc)
/*
* Before changing the encryption attribute, we need to flush caches.
*/
- cpa_flush(&cpa, 1);
+ cpa_flush(&cpa, !this_cpu_has(X86_FEATURE_SME_COHERENT));

ret = __change_page_attr_set_clr(&cpa, 1);

Subject: [tip: x86/cpu] x86/mm/pat: Don't flush cache if hardware enforces cache coherency across encryption domnains

The following commit has been merged into the x86/cpu branch of tip:

Commit-ID: 75d1cc0e05af579301ce4e49cf6399be4b4e6e76
Gitweb: https://git.kernel.org/tip/75d1cc0e05af579301ce4e49cf6399be4b4e6e76
Author: Krish Sadhukhan <[email protected]>
AuthorDate: Thu, 17 Sep 2020 21:20:37
Committer: Borislav Petkov <[email protected]>
CommitterDate: Fri, 18 Sep 2020 10:47:00 +02:00

x86/mm/pat: Don't flush cache if hardware enforces cache coherency across encryption domnains

In some hardware implementations, coherency between the encrypted and
unencrypted mappings of the same physical page is enforced. In such a
system, it is not required for software to flush the page from all CPU
caches in the system prior to changing the value of the C-bit for the
page. So check that bit before flushing the cache.

[ bp: Massage commit message. ]

Suggested-by: Tom Lendacky <[email protected]>
Signed-off-by: Krish Sadhukhan <[email protected]>
Signed-off-by: Borislav Petkov <[email protected]>
Link: https://lkml.kernel.org/r/[email protected]
---
arch/x86/mm/pat/set_memory.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c
index d1b2a88..40baa90 100644
--- a/arch/x86/mm/pat/set_memory.c
+++ b/arch/x86/mm/pat/set_memory.c
@@ -1999,7 +1999,7 @@ static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc)
/*
* Before changing the encryption attribute, we need to flush caches.
*/
- cpa_flush(&cpa, 1);
+ cpa_flush(&cpa, !this_cpu_has(X86_FEATURE_SME_COHERENT));

ret = __change_page_attr_set_clr(&cpa, 1);

Subject: [tip: x86/cpu] x86/cpu: Add hardware-enforced cache coherency as a CPUID feature

The following commit has been merged into the x86/cpu branch of tip:

Commit-ID: 5866e9205b47a983a77ebc8654949f696342f2ab
Gitweb: https://git.kernel.org/tip/5866e9205b47a983a77ebc8654949f696342f2ab
Author: Krish Sadhukhan <[email protected]>
AuthorDate: Thu, 17 Sep 2020 21:20:36
Committer: Borislav Petkov <[email protected]>
CommitterDate: Fri, 18 Sep 2020 10:46:41 +02:00

x86/cpu: Add hardware-enforced cache coherency as a CPUID feature

In some hardware implementations, coherency between the encrypted and
unencrypted mappings of the same physical page is enforced. In such a system,
it is not required for software to flush the page from all CPU caches in the
system prior to changing the value of the C-bit for a page. This hardware-
enforced cache coherency is indicated by EAX[10] in CPUID leaf 0x8000001f.

[ bp: Use one of the free slots in word 3. ]

Suggested-by: Tom Lendacky <[email protected]>
Signed-off-by: Krish Sadhukhan <[email protected]>
Signed-off-by: Borislav Petkov <[email protected]>
Link: https://lkml.kernel.org/r/[email protected]
---
arch/x86/include/asm/cpufeatures.h | 2 +-
arch/x86/kernel/cpu/scattered.c | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index 83fc9d3..50b2a8d 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -96,7 +96,7 @@
#define X86_FEATURE_SYSCALL32 ( 3*32+14) /* "" syscall in IA32 userspace */
#define X86_FEATURE_SYSENTER32 ( 3*32+15) /* "" sysenter in IA32 userspace */
#define X86_FEATURE_REP_GOOD ( 3*32+16) /* REP microcode works well */
-/* free ( 3*32+17) */
+#define X86_FEATURE_SME_COHERENT ( 3*32+17) /* "" AMD hardware-enforced cache coherency */
#define X86_FEATURE_LFENCE_RDTSC ( 3*32+18) /* "" LFENCE synchronizes RDTSC */
#define X86_FEATURE_ACC_POWER ( 3*32+19) /* AMD Accumulated Power Mechanism */
#define X86_FEATURE_NOPL ( 3*32+20) /* The NOPL (0F 1F) instructions */
diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c
index 62b137c..3221b71 100644
--- a/arch/x86/kernel/cpu/scattered.c
+++ b/arch/x86/kernel/cpu/scattered.c
@@ -41,6 +41,7 @@ static const struct cpuid_bit cpuid_bits[] = {
{ X86_FEATURE_MBA, CPUID_EBX, 6, 0x80000008, 0 },
{ X86_FEATURE_SME, CPUID_EAX, 0, 0x8000001f, 0 },
{ X86_FEATURE_SEV, CPUID_EAX, 1, 0x8000001f, 0 },
+ { X86_FEATURE_SME_COHERENT, CPUID_EAX, 10, 0x8000001f, 0 },
{ 0, 0, 0, 0, 0 }
};

2020-09-19 15:22:25

by Paolo Bonzini

[permalink] [raw]
Subject: Re: [PATCH 3/3 v4] KVM: SVM: Don't flush cache if hardware enforces cache coherency across encryption domains

On 18/09/20 09:56, Borislav Petkov wrote:
> On Thu, Sep 17, 2020 at 09:20:38PM +0000, Krish Sadhukhan wrote:
>> In some hardware implementations, coherency between the encrypted and
>> unencrypted mappings of the same physical page in a VM is enforced. In such a
>> system, it is not required for software to flush the VM's page from all CPU
>> caches in the system prior to changing the value of the C-bit for the page.
>>
>> Signed-off-by: Krish Sadhukhan <[email protected]>
>> ---
>> arch/x86/kvm/svm/sev.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
>> index 7bf7bf734979..3c9a45efdd4d 100644
>> --- a/arch/x86/kvm/svm/sev.c
>> +++ b/arch/x86/kvm/svm/sev.c
>> @@ -384,7 +384,8 @@ static void sev_clflush_pages(struct page *pages[], unsigned long npages)
>> uint8_t *page_virtual;
>> unsigned long i;
>>
>> - if (npages == 0 || pages == NULL)
>> + if (this_cpu_has(X86_FEATURE_SME_COHERENT) || npages == 0 ||
>> + pages == NULL)
>> return;
>>
>> for (i = 0; i < npages; i++) {
>> --
>
> Took the first two, Paolo lemme know if I should route this one through
> tip too.
>
> Thx.
>

Yeah, it's innocuous enough as far as conflicts are concerned.

Acked-by: Paolo Bonzini <[email protected]>

Paolo

Subject: [tip: x86/cpu] KVM: SVM: Don't flush cache if hardware enforces cache coherency across encryption domains

The following commit has been merged into the x86/cpu branch of tip:

Commit-ID: e1ebb2b49048c4767cfa0d8466f9c701e549fa5e
Gitweb: https://git.kernel.org/tip/e1ebb2b49048c4767cfa0d8466f9c701e549fa5e
Author: Krish Sadhukhan <[email protected]>
AuthorDate: Thu, 17 Sep 2020 21:20:38
Committer: Borislav Petkov <[email protected]>
CommitterDate: Sat, 19 Sep 2020 20:46:59 +02:00

KVM: SVM: Don't flush cache if hardware enforces cache coherency across encryption domains

In some hardware implementations, coherency between the encrypted and
unencrypted mappings of the same physical page in a VM is enforced. In
such a system, it is not required for software to flush the VM's page
from all CPU caches in the system prior to changing the value of the
C-bit for the page.

So check that bit before flushing the cache.

Signed-off-by: Krish Sadhukhan <[email protected]>
Signed-off-by: Borislav Petkov <[email protected]>
Acked-by: Paolo Bonzini <[email protected]>
Link: https://lkml.kernel.org/r/[email protected]
---
arch/x86/kvm/svm/sev.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 402dc42..567792f 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -384,7 +384,8 @@ static void sev_clflush_pages(struct page *pages[], unsigned long npages)
uint8_t *page_virtual;
unsigned long i;

- if (npages == 0 || pages == NULL)
+ if (this_cpu_has(X86_FEATURE_SME_COHERENT) || npages == 0 ||
+ pages == NULL)
return;

for (i = 0; i < npages; i++) {