Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp2568845ybl; Thu, 29 Aug 2019 09:53:53 -0700 (PDT) X-Google-Smtp-Source: APXvYqwHRjImte/s+ZF1ckXHvej1cJeYmLC4eYH71YJP9OgpZp56e6/4L/vEyGDEdzXo3NF1fwxc X-Received: by 2002:a17:90a:1ae1:: with SMTP id p88mr10586307pjp.26.1567097633069; Thu, 29 Aug 2019 09:53:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567097633; cv=none; d=google.com; s=arc-20160816; b=V5em3H00Sr7NVkTemGix5iKoYegoBnE/tX+cTP1/H7G+2BwMD8xWph+Z5a907IFqkf DWEPo7Shw1K+1cl9HZ9miBX3EBaHMElpDRL5+QC5zx1W/QcG79t9eLO05aB+bg40x7ET eMLFDH6ilEQtpjkYcMMPR0vitiQZPLYgRw6aANxclz+dYwYpqcQ7WwgU3WTcioum9t9s Bijhdit22MkVIBul4jDmfcOqJkZhvJgqEC2SNJIjSeZKqVNHGBnuuzRJqeiMml5zg+ST C8aGTHTMdafaF8k41MaLsn0IWVxjZLdZ9GaXEtIuknEykuFaya3K9fa9aDmelgL3+ftY ei6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=pBk/9TcWG0hTJRgx5Sh21OOoKL6iKoxlxUZvgL6QE80=; b=CQ+L4Mf++B3Cj9VA96PlyHisXb9c+E3LGF27vHahjKlSONHxub/lfFk3t+xjoxjoc5 e9QuuyolQ6X28HArhfCSDO1LL4YsEFZuz3AGgWohuvAAEmq/ACjJWsfMQ/6mD8jpGAIx oFbpmxZeLiAxfDJeKq3qRp3Ol6Zxob0SPssencgrbAO0f/82lm/J9yL1mY+LPppA2gGH 3XjiAgyb2XA2Me1MoKUk4RHlhOttINlLPpYAl+ZCG6s6kxWlpnp/nsywKofup3Qldn+n sg5Wa+VzytXsTmDQR8l73A0aZVHA1goDEJIY/cdZeCRkRmCBE4MmZ2m296dFaY7uoGY/ m6mA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x14si1442502plm.44.2019.08.29.09.53.37; Thu, 29 Aug 2019 09:53:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727773AbfH2Qw0 (ORCPT + 99 others); Thu, 29 Aug 2019 12:52:26 -0400 Received: from mx2.suse.de ([195.135.220.15]:37824 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727565AbfH2Qw0 (ORCPT ); Thu, 29 Aug 2019 12:52:26 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 4C677AF95; Thu, 29 Aug 2019 16:52:24 +0000 (UTC) Date: Thu, 29 Aug 2019 18:52:18 +0200 From: Borislav Petkov To: "Singh, Brijesh" Cc: "kvm@vger.kernel.org" , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , Radim =?utf-8?B?S3LEjW3DocWZ?= , Joerg Roedel , "Lendacky, Thomas" , "x86@kernel.org" , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH v3 10/11] mm: x86: Invoke hypercall when page encryption status is changed Message-ID: <20190829165218.GD2132@zn.tnic> References: <20190710201244.25195-1-brijesh.singh@amd.com> <20190710201244.25195-11-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20190710201244.25195-11-brijesh.singh@amd.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jul 10, 2019 at 08:13:11PM +0000, Singh, Brijesh wrote: > Subject: Re: [PATCH v3 10/11] mm: x86: Invoke hypercall when page encryption status is changed Subject prefix: "x86/mm: Invoke ..." git log would usually show you how the prefixing should look like. > Invoke a hypercall when a memory region is changed from encrypted -> > decrypted and vice versa. Hypervisor need to know the page encryption > status during the guest migration. > > Cc: Thomas Gleixner > Cc: Ingo Molnar > Cc: "H. Peter Anvin" > Cc: Paolo Bonzini > Cc: "Radim Krčmář" > Cc: Joerg Roedel > Cc: Borislav Petkov > Cc: Tom Lendacky > Cc: x86@kernel.org > Cc: kvm@vger.kernel.org > Cc: linux-kernel@vger.kernel.org > Signed-off-by: Brijesh Singh > --- > arch/x86/include/asm/mem_encrypt.h | 3 ++ > arch/x86/mm/mem_encrypt.c | 45 +++++++++++++++++++++++++++++- > arch/x86/mm/pageattr.c | 15 ++++++++++ > 3 files changed, 62 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h > index 0c196c47d621..6e654ab5a8e4 100644 > --- a/arch/x86/include/asm/mem_encrypt.h > +++ b/arch/x86/include/asm/mem_encrypt.h > @@ -94,4 +94,7 @@ extern char __start_bss_decrypted[], __end_bss_decrypted[], __start_bss_decrypte > > #endif /* __ASSEMBLY__ */ > > +extern void set_memory_enc_dec_hypercall(unsigned long vaddr, > + unsigned long size, bool enc); > + > #endif /* __X86_MEM_ENCRYPT_H__ */ > diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c > index e0df96fdfe46..f3fda1de2869 100644 > --- a/arch/x86/mm/mem_encrypt.c > +++ b/arch/x86/mm/mem_encrypt.c > @@ -15,6 +15,7 @@ > #include > #include > #include > +#include > > #include > #include > @@ -25,6 +26,7 @@ > #include > #include > #include > +#include > > #include "mm_internal.h" > > @@ -192,6 +194,45 @@ void __init sme_early_init(void) > swiotlb_force = SWIOTLB_FORCE; > } > > +void set_memory_enc_dec_hypercall(unsigned long vaddr, unsigned long sz, bool enc) > +{ > + unsigned long vaddr_end, vaddr_next; > + > + vaddr_end = vaddr + sz; > + > + for (; vaddr < vaddr_end; vaddr = vaddr_next) { > + int psize, pmask, level; > + unsigned long pfn; > + pte_t *kpte; > + > + kpte = lookup_address(vaddr, &level); > + if (!kpte || pte_none(*kpte)) > + return; > + > + switch (level) { > + case PG_LEVEL_4K: > + pfn = pte_pfn(*kpte); > + break; > + case PG_LEVEL_2M: > + pfn = pmd_pfn(*(pmd_t *)kpte); > + break; > + case PG_LEVEL_1G: > + pfn = pud_pfn(*(pud_t *)kpte); > + break; > + default: > + return; > + } > + > + psize = page_level_size(level); > + pmask = page_level_mask(level); > + > + kvm_sev_hypercall3(KVM_HC_PAGE_ENC_STATUS, > + pfn << PAGE_SHIFT, psize >> PAGE_SHIFT, enc); > + > + vaddr_next = (vaddr & pmask) + psize; > + } > +} > + > static void __init __set_clr_pte_enc(pte_t *kpte, int level, bool enc) > { > pgprot_t old_prot, new_prot; > @@ -249,12 +290,13 @@ static void __init __set_clr_pte_enc(pte_t *kpte, int level, bool enc) > static int __init early_set_memory_enc_dec(unsigned long vaddr, > unsigned long size, bool enc) > { > - unsigned long vaddr_end, vaddr_next; > + unsigned long vaddr_end, vaddr_next, start; > unsigned long psize, pmask; > int split_page_size_mask; > int level, ret; > pte_t *kpte; > > + start = vaddr; > vaddr_next = vaddr; > vaddr_end = vaddr + size; > > @@ -309,6 +351,7 @@ static int __init early_set_memory_enc_dec(unsigned long vaddr, > > ret = 0; > > + set_memory_enc_dec_hypercall(start, size, enc); That function iterates the same way over the virtual addresses as early_set_memory_enc_dec() does. Please call kvm_sev_hypercall3(), wrapped of course, directly from early_set_memory_enc_dec(), for each iteration of the loop instead of iterating over all the virtual addresses a second time in set_memory_enc_dec_hypercall(). -- Regards/Gruss, Boris. SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer, HRB 247165, AG München