Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp5432875ybx; Sun, 10 Nov 2019 13:11:55 -0800 (PST) X-Google-Smtp-Source: APXvYqyrluiaxESmA+unKFgiYMX4OgUsQ/In/sj8bwJnds/j3ncI8vrp+UjTU0rXfvvtg+W/Ko0d X-Received: by 2002:a50:ac2c:: with SMTP id v41mr22523430edc.11.1573420315030; Sun, 10 Nov 2019 13:11:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573420315; cv=none; d=google.com; s=arc-20160816; b=guk2EnC/wzdDczIN5wJmO90ldrnOFStV2W5G/gMlgwvgn5UTEYj4KOE/di3YXPyTUv rsHCFkzIUIUUaI54mxd+hOl7A3IGT6W5Sa8DIMNo5olWLlo8Bpxli23xAXRDepAcZBpb s/k62pfPKV2lptmHxjYyUf7hj1aQLm3TLPaVMK6uEp3WenHxwVO809Gtkj62xGO1+xiK Fnz/cCVOgV0S7cRcEzqiKrV6UJeEyRAEXFibrAJqKe+CLlw0p2YJwGWztqq2qjtZUWga H4rHAJHoXlA9H3b2ZoqnKhQve2tSP2HDGwlPM2YK8g9I//eenvFff2A5OtYvyyYQiHAj gryw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=S4JR4lv8Y86WM6sSdRgoYbCO9U/PBssIT24SbLsToTQ=; b=V7vsoTfNFIGZz2WtJaOWjJL8wxQAMqQEfB0oD6FhhEIzv2w3xINWLPJnc9gnAQMFE8 EL36ymayhFR2LANbyqMPDFWGFRgUEaWQ9G+IP5iv70QODaucmhWNq3WAoNkVq3BUQQ8c cr1eGL01wSbWhfT/ge2B7doc4LsACk4Jds6cl9iDUpXDSSyk2+lRJtjjdzlKG5LdpHFc 8F4Kq+Sq+rG9NOzmAbpK43pLz5QT/70zKtn2kYaYYToaHpg/LR6D5Qpm2X4/RmNtzBYF 7Gn/tXEb1cMvUbht6FBZoY5Sp1Mb0ncArkim+v10RZWcynl3V27VqKpR1WJNi/36nm+S d+Pg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gibson.dropbear.id.au header.s=201602 header.b="GXUH/Zuc"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i13si8125265ejc.76.2019.11.10.13.11.32; Sun, 10 Nov 2019 13:11:55 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gibson.dropbear.id.au header.s=201602 header.b="GXUH/Zuc"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727011AbfKJVKu (ORCPT + 99 others); Sun, 10 Nov 2019 16:10:50 -0500 Received: from ozlabs.org ([203.11.71.1]:47885 "EHLO ozlabs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726856AbfKJVKu (ORCPT ); Sun, 10 Nov 2019 16:10:50 -0500 Received: by ozlabs.org (Postfix, from userid 1007) id 47B69g21Jbz9sPK; Mon, 11 Nov 2019 08:10:46 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gibson.dropbear.id.au; s=201602; t=1573420247; bh=sgl6XwaqQKuWwNLFcxgCVCJd1ny8a3Y5WhLWIZgRB+w=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=GXUH/ZucMTSO8lUMwgX4o1MuQVS9+ZQ/DD/1O8usLKlRKOyhuj/4hI8/57w/C9XLP SnmdxtnIbeEhqXifQjE5gJSakdwrJwzIk2m0e2GOxJZ7fI2ctXgvC+WP6SVSAFn6M4 Rwg/wedGqEhGy8Ca+ER2oTOv+sJZHGOBeMj9j3os= Date: Sun, 10 Nov 2019 19:40:06 +0000 From: David Gibson To: Ram Pai Cc: linuxppc-dev@lists.ozlabs.org, benh@kernel.crashing.org, mpe@ellerman.id.au, paulus@ozlabs.org, mdroth@linux.vnet.ibm.com, hch@lst.de, andmike@us.ibm.com, sukadev@linux.vnet.ibm.com, mst@redhat.com, ram.n.pai@gmail.com, aik@ozlabs.ru, cai@lca.pw, tglx@linutronix.de, bauerman@linux.ibm.com, linux-kernel@vger.kernel.org Subject: Re: [RFC v2 1/2] powerpc/pseries/iommu: Share the per-cpu TCE page with the hypervisor. Message-ID: <20191110194006.GQ2461@umbus.Home> References: <1573254011-1604-1-git-send-email-linuxram@us.ibm.com> <1573254011-1604-2-git-send-email-linuxram@us.ibm.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="63aIh6YiuHX+oBFP" Content-Disposition: inline In-Reply-To: <1573254011-1604-2-git-send-email-linuxram@us.ibm.com> User-Agent: Mutt/1.12.1 (2019-06-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --63aIh6YiuHX+oBFP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Nov 08, 2019 at 03:00:10PM -0800, Ram Pai wrote: > The hypervisor needs to access the contents of the page holding the TCE > entries while setting up the TCE entries in the IOMMU's TCE table. >=20 > For SecureVMs, since this page is encrypted, the hypervisor cannot > access valid entries. Share the page with the hypervisor. This ensures > that the hypervisor sees those valid entries. >=20 > Why is this safe? > The page contains only TCE entries; not any sensitive data > belonging to the Secure VM. The hypervisor has a genuine need to know > the value of the TCE entries, without which it will not be able to > DMA to/from the pages pointed to by the TCE entries. In a Secure > VM the TCE entries point to pages that are also shared with the > hypervisor; example: pages containing bounce buffers. The bit that may not be obvious to reviewers from the above is this: This is *not* a page of "live" TCEs which are actively used for translation. Instead this is just a transient buffer with a batch of TCEs to set, passed to the hypervisor with the H_PUT_TCE_INDIRECT call. >=20 > Signed-off-by: Ram Pai > --- > arch/powerpc/platforms/pseries/iommu.c | 23 ++++++++++++++++++++--- > 1 file changed, 20 insertions(+), 3 deletions(-) >=20 > diff --git a/arch/powerpc/platforms/pseries/iommu.c b/arch/powerpc/platfo= rms/pseries/iommu.c > index 8d9c2b1..a302aaa 100644 > --- a/arch/powerpc/platforms/pseries/iommu.c > +++ b/arch/powerpc/platforms/pseries/iommu.c > @@ -37,6 +37,7 @@ > #include > #include > #include > +#include > =20 > #include "pseries.h" > =20 > @@ -179,6 +180,23 @@ static int tce_build_pSeriesLP(struct iommu_table *t= bl, long tcenum, > =20 > static DEFINE_PER_CPU(__be64 *, tce_page); > =20 > +/* > + * Allocate a tce page. If secure VM, share the page with the hyperviso= r. > + * > + * NOTE: the TCE page is shared with the hypervisor explicitly and remai= ns > + * shared for the lifetime of the kernel. It is implicitly unshared at k= ernel > + * shutdown through a UV_UNSHARE_ALL_PAGES ucall. > + */ > +static __be64 *alloc_tce_page(void) > +{ > + __be64 *tcep =3D (__be64 *)__get_free_page(GFP_ATOMIC); > + > + if (tcep && is_secure_guest()) > + uv_share_page(PHYS_PFN(__pa(tcep)), 1); > + > + return tcep; > +} > + > static int tce_buildmulti_pSeriesLP(struct iommu_table *tbl, long tcenum, > long npages, unsigned long uaddr, > enum dma_data_direction direction, > @@ -206,8 +224,7 @@ static int tce_buildmulti_pSeriesLP(struct iommu_tabl= e *tbl, long tcenum, > * from iommu_alloc{,_sg}() > */ > if (!tcep) { > - tcep =3D (__be64 *)__get_free_page(GFP_ATOMIC); > - /* If allocation fails, fall back to the loop implementation */ > + tcep =3D alloc_tce_page(); > if (!tcep) { > local_irq_restore(flags); > return tce_build_pSeriesLP(tbl, tcenum, npages, uaddr, > @@ -405,7 +422,7 @@ static int tce_setrange_multi_pSeriesLP(unsigned long= start_pfn, > tcep =3D __this_cpu_read(tce_page); > =20 > if (!tcep) { > - tcep =3D (__be64 *)__get_free_page(GFP_ATOMIC); > + tcep =3D alloc_tce_page(); > if (!tcep) { > local_irq_enable(); > return -ENOMEM; --=20 David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson --63aIh6YiuHX+oBFP Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAl3IZ5MACgkQbDjKyiDZ s5K+kQ/+PKlvYDKC8LlZl7hGJs9oVVlDQG/Q3tWSAsQWzhygYK+NhJxNT1t0AF0I 0HnXRPw673myMED+6+j/cIS6zKg3N9GoOwBnaIxh+CzpsbzGtG+4XpCPcrAVO5+k 9vBX6Bhr+UmvI4V1tfW6Q3c7MEMEtH4VX57ZSZe9Poq5p39NVyX3nggrIZxlsgjC SI90Vj/iGgfs3lyT+bIq9TU9N7pduaW6+JvNArThePpmUMgwc+EbVSGEh851wsGe Uav8B7Axg8ZlKsA1XSf+WfHU4Z+/fsYYOBMSfecs1SvyxizGaWoGXayKe1aaGWSj amPV9YZYecLkDPZG558cvT20KGnJ6JpJwebhVVzKIv8b/oLOzIjrHEku7Jy1OR+o PfYzfpt2Ddc2NGQjsq8ppB6FuAAMRcn5FXtXnxWqS0AbIo+nJ7r9R2gYk1TD+VF7 S/7LmPh1Cd/xBZyxJFruj0qL21lGA9J0ff1MY7/qZ/8tySd0qJ4ehfQElJAFGSQC 4JFQFXrC6GLyHdAgF3jCr7AVIcSEy7Zwt4ueNYtPoFFXYqR29UXzGngVUXSb1+90 nZ9AJDRbFwtQo0ySgMYrchZw9ZOcRkDVuU730lwznf9+n0XpEdBjCauCuV0AK4PY yrrBbg8WWdqOYmtgafVuQmUQhX2NFMVYx98wTFJWLT9FaJVBoo4= =zGQn -----END PGP SIGNATURE----- --63aIh6YiuHX+oBFP--