Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp3158432ybx; Fri, 8 Nov 2019 15:01:55 -0800 (PST) X-Google-Smtp-Source: APXvYqycNrYjmL/4OcwVTpCFBwrjsbb+DXcpaaRPZBDJx00DNKYgz/jh9Gi4BY/vasiBvTk3VLIl X-Received: by 2002:a17:906:b2c7:: with SMTP id cf7mr4195814ejb.218.1573254115190; Fri, 08 Nov 2019 15:01:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573254115; cv=none; d=google.com; s=arc-20160816; b=pwZF+kaM6zm3hMhdE1ce176xUlRjmuJ9WH9uk9WLrMz3X4rUjI74xVfZqddDXussgw xTbdvF3O8+OI+V3/IfpVfKxVm1KDAlP+3AOmnoBBe/riWErte55RA/zctx7DvFcJGtP6 RNE6sxmpkDt1ejIQF+XQv+SJ4/FTobUz9g0Baw0jhqsMyerubfZYtdbXBZf80SLyBPWM Um+nV0hL4tKKc1lrNd4b6zHyS8gsOK4QwwRuGw4SAUq6wXY6BllxjRPGPItjtH68jtCd YZjjYQ5tHC9zak+V03m1jC7Hc8jemv/RtcIbe2j2XiZhO+e++h9qeq26jrDWxzFfwnRt l30g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:references:in-reply-to:date :subject:cc:to:from; bh=qDiPP5eorJii2annBd4lfvDwL0S3Xuf3w0V72epWF7U=; b=Zpy8+PHClsWJ6KPQ7S2WfwOQUam8VpcFusgH9m6jiQLA8Vdckg5hVlJ19y6ydXP5sz W4ldcj5I8+iJZuobF3BwNpmI/eXeAT4y6zBtlBgO2ZElNVah9Xz/OBNm+GceREoZWgK6 OfQHYTgaM41bpSeNSEhNQqei4GGomNsj26uJGB8K7+pzNtRrQYHd5whsU4d/yT0DMa7L RatonCc0HBS6PU6uhyuNQuUA+ppwwvw1OJrJgj1a6AUQpnAYJLxKIlT2R9qEubXNfPAT 78MIaa/RscYi92frhg+mxXeHehnYYp5lFpqmjBZM2JmnFPi9xTppzJgFex/cUczMcdT9 K9aw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id ha21si4637555ejb.137.2019.11.08.15.01.32; Fri, 08 Nov 2019 15:01:55 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728149AbfKHXAz (ORCPT + 99 others); Fri, 8 Nov 2019 18:00:55 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:55198 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726121AbfKHXAz (ORCPT ); Fri, 8 Nov 2019 18:00:55 -0500 Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id xA8MvCYK102357 for ; Fri, 8 Nov 2019 18:00:54 -0500 Received: from e06smtp04.uk.ibm.com (e06smtp04.uk.ibm.com [195.75.94.100]) by mx0a-001b2d01.pphosted.com with ESMTP id 2w5heegbt6-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 08 Nov 2019 18:00:53 -0500 Received: from localhost by e06smtp04.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 8 Nov 2019 23:00:51 -0000 Received: from b06cxnps4076.portsmouth.uk.ibm.com (9.149.109.198) by e06smtp04.uk.ibm.com (192.168.101.134) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Fri, 8 Nov 2019 23:00:47 -0000 Received: from d06av26.portsmouth.uk.ibm.com (d06av26.portsmouth.uk.ibm.com [9.149.105.62]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id xA8N0ksT29032452 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 8 Nov 2019 23:00:46 GMT Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A80F9AE04D; Fri, 8 Nov 2019 23:00:46 +0000 (GMT) Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 41FF4AE057; Fri, 8 Nov 2019 23:00:43 +0000 (GMT) Received: from oc0525413822.ibm.com (unknown [9.80.217.215]) by d06av26.portsmouth.uk.ibm.com (Postfix) with ESMTP; Fri, 8 Nov 2019 23:00:43 +0000 (GMT) From: Ram Pai To: linuxppc-dev@lists.ozlabs.org Cc: benh@kernel.crashing.org, david@gibson.dropbear.id.au, mpe@ellerman.id.au, paulus@ozlabs.org, mdroth@linux.vnet.ibm.com, hch@lst.de, linuxram@us.ibm.com, andmike@us.ibm.com, sukadev@linux.vnet.ibm.com, mst@redhat.com, ram.n.pai@gmail.com, aik@ozlabs.ru, cai@lca.pw, tglx@linutronix.de, bauerman@linux.ibm.com, linux-kernel@vger.kernel.org Subject: [RFC v2 1/2] powerpc/pseries/iommu: Share the per-cpu TCE page with the hypervisor. Date: Fri, 8 Nov 2019 15:00:10 -0800 X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1573254011-1604-1-git-send-email-linuxram@us.ibm.com> References: <1573254011-1604-1-git-send-email-linuxram@us.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 19110823-0016-0000-0000-000002C20A74 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19110823-0017-0000-0000-0000332393FB Message-Id: <1573254011-1604-2-git-send-email-linuxram@us.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-11-08_09:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=573 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1910280000 definitions=main-1911080221 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The hypervisor needs to access the contents of the page holding the TCE entries while setting up the TCE entries in the IOMMU's TCE table. For SecureVMs, since this page is encrypted, the hypervisor cannot access valid entries. Share the page with the hypervisor. This ensures that the hypervisor sees those valid entries. Why is this safe? The page contains only TCE entries; not any sensitive data belonging to the Secure VM. The hypervisor has a genuine need to know the value of the TCE entries, without which it will not be able to DMA to/from the pages pointed to by the TCE entries. In a Secure VM the TCE entries point to pages that are also shared with the hypervisor; example: pages containing bounce buffers. Signed-off-by: Ram Pai --- arch/powerpc/platforms/pseries/iommu.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/platforms/pseries/iommu.c b/arch/powerpc/platforms/pseries/iommu.c index 8d9c2b1..a302aaa 100644 --- a/arch/powerpc/platforms/pseries/iommu.c +++ b/arch/powerpc/platforms/pseries/iommu.c @@ -37,6 +37,7 @@ #include #include #include +#include #include "pseries.h" @@ -179,6 +180,23 @@ static int tce_build_pSeriesLP(struct iommu_table *tbl, long tcenum, static DEFINE_PER_CPU(__be64 *, tce_page); +/* + * Allocate a tce page. If secure VM, share the page with the hypervisor. + * + * NOTE: the TCE page is shared with the hypervisor explicitly and remains + * shared for the lifetime of the kernel. It is implicitly unshared at kernel + * shutdown through a UV_UNSHARE_ALL_PAGES ucall. + */ +static __be64 *alloc_tce_page(void) +{ + __be64 *tcep = (__be64 *)__get_free_page(GFP_ATOMIC); + + if (tcep && is_secure_guest()) + uv_share_page(PHYS_PFN(__pa(tcep)), 1); + + return tcep; +} + static int tce_buildmulti_pSeriesLP(struct iommu_table *tbl, long tcenum, long npages, unsigned long uaddr, enum dma_data_direction direction, @@ -206,8 +224,7 @@ static int tce_buildmulti_pSeriesLP(struct iommu_table *tbl, long tcenum, * from iommu_alloc{,_sg}() */ if (!tcep) { - tcep = (__be64 *)__get_free_page(GFP_ATOMIC); - /* If allocation fails, fall back to the loop implementation */ + tcep = alloc_tce_page(); if (!tcep) { local_irq_restore(flags); return tce_build_pSeriesLP(tbl, tcenum, npages, uaddr, @@ -405,7 +422,7 @@ static int tce_setrange_multi_pSeriesLP(unsigned long start_pfn, tcep = __this_cpu_read(tce_page); if (!tcep) { - tcep = (__be64 *)__get_free_page(GFP_ATOMIC); + tcep = alloc_tce_page(); if (!tcep) { local_irq_enable(); return -ENOMEM; -- 1.8.3.1