Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp6675407ybv; Wed, 12 Feb 2020 17:19:03 -0800 (PST) X-Google-Smtp-Source: APXvYqwj+um4TSVf+jj4p/+JUzkeCbv6lkGBPx/06wBzy4vPEEqMC05bYdYgfXrjEp4J3xHLlAqg X-Received: by 2002:a05:6830:22e2:: with SMTP id t2mr11809709otc.129.1581556743702; Wed, 12 Feb 2020 17:19:03 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1581556743; cv=pass; d=google.com; s=arc-20160816; b=eVHOoSpYP9nG2q1BCNjIl1daDbQZf/Uu6VYphUvCNk9jDHMKxTlld5izQeLmwC7Jrk LU9wjuo7ccofuvP+eLK1BNaIPefGSfuwSrlxg9Ltpnok6w8PBSEBzVESmJ+C1fYE4CVn K2NArwufsveyBfh4LwEmFc8seO/rpKW3IHvg74UGSdTbWO2FhAZvfyuMhbhne8hinSMi nRChdgnUnU3DR5hGphz0eNLoNwYRC2X8rlK+3ieALt3B9V2UiZl0xqfCDqnpSjXcIpOj 2/y2hJmRhwlqCLk/miakVIfwb8jeU5UqU7Z281xMCPHGu5XCAYJz8BVZLgoJGFvLaw5S dIog== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=GPMvzJiqgsSpBBGiQ6apc66YyDCF3wZx6csWONfJg4I=; b=OjIgsljstJKt2vweHvJH/iJa/p463NQjH3/M+C0lsJ4uZEYn87GqCfVokquRkZAoOc Q18cZdQ+vojwY2OrkxJvEnPvDUoneves7gHuluRyEE2j6PkQsbDp3EwSNhni973VtSj3 7chSpPGaxZofUm2yOprfWDtAuJ/AdmKP6eP9UPLgyKoX19AhsJaY1lfo7s2YUgl9zAHb 2MfmrYPiBx0TDrgwg1eQ4+Ne4jK69w70i5THTWiztKo3yUPRnKpaoTKGnhrP7jTe+eQp au191/R8yzS1ZoGU6xZDA9JIQZBR2xOLEK5u5o5nacip6bbvvmaPxZ14/H505p+EUwDh g+XQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=a6iJUOjB; arc=pass (i=1 spf=pass spfdomain=amd.com dkim=pass dkdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f187si380864oia.218.2020.02.12.17.18.52; Wed, 12 Feb 2020 17:19:03 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=a6iJUOjB; arc=pass (i=1 spf=pass spfdomain=amd.com dkim=pass dkdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729529AbgBMBSN (ORCPT + 99 others); Wed, 12 Feb 2020 20:18:13 -0500 Received: from mail-eopbgr690062.outbound.protection.outlook.com ([40.107.69.62]:33346 "EHLO NAM04-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729406AbgBMBSN (ORCPT ); Wed, 12 Feb 2020 20:18:13 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NR7McuTm2X0SXr7mnuDDIIKfSoAQq2cPGINJrVgvNvI+0joc/aHMIL3WbsdstiSuCdVsvEkSJD5RSKjutAKE+ZGFf5zam/un+SjPK7PGR5/tN36KgndBDgXbIdTD6HD+iWpsaCsNoDZpFcNR0PBv8FYzuETX/VopmHwBts0E5NYlx62qj4aO4TeG8PBedjgoVwLisTURWda7E7ReqOy5YFHdCPNFzwZwGGKZRobrl3vL/DlW7v+ux0I0W6ENkl/FdxY2R6ADYoo9YcZDQG6BAACVQ6Ayh1pGNQptcx7aUVfu11BSpL46G9SC5C3q143JjAH/r04jTOD+xyfdD9Qgmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GPMvzJiqgsSpBBGiQ6apc66YyDCF3wZx6csWONfJg4I=; b=cCT6CKvwt/dcCq2hSdLkqRBhQDoZiq2qkbmMtZNwf+MsbfVrpTaWGXvQ+meDnGsIRSlJccnU8u8EE/s6yaBuEw+PG4iBuk2ZykdvcIBfxCj7K7/rRfW3nzCELBg1+9HaaFxAl7E731CRPnLGlcfunvqnbv9QD8fWYDG/e5mDw/XAOLiMipZXDIllZYYV2asiAWntLId/SWL9CmsWUS+JbMp/bGsqkSapQ4ML2JbOWs7DyJ7/p6Ful4/Nf0QoJhTRqnL3wb+hjquniay9ebz4hvvBU138XOwXoUkEG9dtEe/PR4GwkuajnP8rM30JxTPcSuC93cFqhA1OS4TkfVr0WQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GPMvzJiqgsSpBBGiQ6apc66YyDCF3wZx6csWONfJg4I=; b=a6iJUOjBZyPT0Wesq32bgjZdpWqMrEghmEegYRhGY9uE6qDkaCoNfL3AvvjPqBkPS/p9/0ypMSI7+PfOpoE5CgqHtJzpvgZl390dxI+iYJ7u1crnVmjOhKXQHGN65hNupcrTT/wCxV9UBTYH+2YBKcp412Ll2XHiDxa2efxowd0= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Ashish.Kalra@amd.com; Received: from SN1PR12MB2528.namprd12.prod.outlook.com (52.132.196.33) by SN1PR12MB2366.namprd12.prod.outlook.com (52.132.194.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.22; Thu, 13 Feb 2020 01:18:09 +0000 Received: from SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1]) by SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1%7]) with mapi id 15.20.2707.030; Thu, 13 Feb 2020 01:18:09 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, rientjes@google.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 10/12] mm: x86: Invoke hypercall when page encryption status is changed Date: Thu, 13 Feb 2020 01:18:01 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-ClientProxiedBy: SN2PR01CA0082.prod.exchangelabs.com (2603:10b6:800::50) To SN1PR12MB2528.namprd12.prod.outlook.com (2603:10b6:802:28::33) MIME-Version: 1.0 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN2PR01CA0082.prod.exchangelabs.com (2603:10b6:800::50) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.22 via Frontend Transport; Thu, 13 Feb 2020 01:18:09 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [165.204.77.1] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: cac6df95-43dc-4f0a-00be-08d7b0229651 X-MS-TrafficTypeDiagnostic: SN1PR12MB2366:|SN1PR12MB2366: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5516; X-Forefront-PRVS: 031257FE13 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4636009)(346002)(136003)(366004)(376002)(39860400002)(396003)(199004)(189003)(8936002)(5660300002)(66946007)(66476007)(66556008)(7416002)(2906002)(6916009)(6666004)(4326008)(7696005)(52116002)(316002)(36756003)(66574012)(6486002)(86362001)(956004)(2616005)(81156014)(478600001)(8676002)(81166006)(26005)(16526019)(186003);DIR:OUT;SFP:1101;SCL:1;SRVR:SN1PR12MB2366;H:SN1PR12MB2528.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: mKBPl7exwvR5ly9urIVeteEX8P5qtpJWDcElMZRL6kqAh2RIdIGNC8hPCwRsa4HIgQX7ZXRFKLopNjH6tBYMRN4H0JoiJZ0hjZQ8mvgfq1XowhnW9Rs6PxaYcYSg8wVXievizH0UjbRRQfPceLj1jEcjkOJNLEdpAr7kchpJB5INNuOHGcRU1iitwyJwe7c+9xH5Hq8WQ70cY05WrGSMlTDLP3ZTfMLBVFJk7X5KJaRBNtXM4i7fttV38u6BO16UXxw890v/b3ZjaIo8vHs3JV/K5WJ9345VFetIv4PN7b29yADM8wjCwPdUqhlFsYpGUkCIioHEB9gAPje55YxurfPs4Zd3EVxz3AStgHh+3TC7y9tpNzLNLawWO47hcwKqhSVSOD+WLxrmi+znC8X0I/Dn6/cdi8OwZ44/2/hPE59xIK4E1U1fTcAh5Jo4Tj5l X-MS-Exchange-AntiSpam-MessageData: LiwdKbKxy98PzOkq3uURo4MSkrfYVLUbip6KBG1ZvF/mNdaa6uOZs+PIfBczogj4hVstwba0Dv7+3XVdgzGpQa/6X+iLzu/5zffihZnx3V6pyokItOU8TnJOG4NaZjUaqboCPdZWh5kTra0wdsIetQ== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: cac6df95-43dc-4f0a-00be-08d7b0229651 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Feb 2020 01:18:09.4501 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: L/JV5hXaZGsupNgTuN/h1cGqj+T7Y0VJYlp9lgegmYvLC8yE+S+jKa8aXXoWpYavPc0e8bDgTy9iTzQs71/xBg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2366 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Brijesh Singh Invoke a hypercall when a memory region is changed from encrypted -> decrypted and vice versa. Hypervisor need to know the page encryption status during the guest migration. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- arch/x86/include/asm/paravirt.h | 6 +++ arch/x86/include/asm/paravirt_types.h | 2 + arch/x86/kernel/paravirt.c | 1 + arch/x86/mm/mem_encrypt.c | 57 ++++++++++++++++++++++++++- arch/x86/mm/pat/set_memory.c | 7 ++++ 5 files changed, 72 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h index 86e7317eb31f..407104613b06 100644 --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h @@ -78,6 +78,12 @@ static inline void paravirt_arch_exit_mmap(struct mm_struct *mm) PVOP_VCALL1(mmu.exit_mmap, mm); } +static inline void page_encryption_changed(unsigned long vaddr, int npages, + bool enc) +{ + PVOP_VCALL3(mmu.page_encryption_changed, vaddr, npages, enc); +} + #ifdef CONFIG_PARAVIRT_XXL static inline void load_sp0(unsigned long sp0) { diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h index 84812964d3dd..5ff03ac9a5f8 100644 --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h @@ -211,6 +211,8 @@ struct pv_mmu_ops { /* Hook for intercepting the destruction of an mm_struct. */ void (*exit_mmap)(struct mm_struct *mm); + void (*page_encryption_changed)(unsigned long vaddr, int npages, + bool enc); #ifdef CONFIG_PARAVIRT_XXL struct paravirt_callee_save read_cr2; diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c index 789f5e4f89de..8953447f327c 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -362,6 +362,7 @@ struct paravirt_patch_template pv_ops = { (void (*)(struct mmu_gather *, void *))tlb_remove_page, .mmu.exit_mmap = paravirt_nop, + .mmu.page_encryption_changed = paravirt_nop, #ifdef CONFIG_PARAVIRT_XXL .mmu.read_cr2 = __PV_IS_CALLEE_SAVE(native_read_cr2), diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index f4bd4b431ba1..c9800fa811f6 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include @@ -29,6 +30,7 @@ #include #include #include +#include #include "mm_internal.h" @@ -196,6 +198,47 @@ void __init sme_early_init(void) swiotlb_force = SWIOTLB_FORCE; } +static void set_memory_enc_dec_hypercall(unsigned long vaddr, int npages, + bool enc) +{ + unsigned long sz = npages << PAGE_SHIFT; + unsigned long vaddr_end, vaddr_next; + + vaddr_end = vaddr + sz; + + for (; vaddr < vaddr_end; vaddr = vaddr_next) { + int psize, pmask, level; + unsigned long pfn; + pte_t *kpte; + + kpte = lookup_address(vaddr, &level); + if (!kpte || pte_none(*kpte)) + return; + + switch (level) { + case PG_LEVEL_4K: + pfn = pte_pfn(*kpte); + break; + case PG_LEVEL_2M: + pfn = pmd_pfn(*(pmd_t *)kpte); + break; + case PG_LEVEL_1G: + pfn = pud_pfn(*(pud_t *)kpte); + break; + default: + return; + } + + psize = page_level_size(level); + pmask = page_level_mask(level); + + kvm_sev_hypercall3(KVM_HC_PAGE_ENC_STATUS, + pfn << PAGE_SHIFT, psize >> PAGE_SHIFT, enc); + + vaddr_next = (vaddr & pmask) + psize; + } +} + static void __init __set_clr_pte_enc(pte_t *kpte, int level, bool enc) { pgprot_t old_prot, new_prot; @@ -253,12 +296,13 @@ static void __init __set_clr_pte_enc(pte_t *kpte, int level, bool enc) static int __init early_set_memory_enc_dec(unsigned long vaddr, unsigned long size, bool enc) { - unsigned long vaddr_end, vaddr_next; + unsigned long vaddr_end, vaddr_next, start; unsigned long psize, pmask; int split_page_size_mask; int level, ret; pte_t *kpte; + start = vaddr; vaddr_next = vaddr; vaddr_end = vaddr + size; @@ -313,6 +357,8 @@ static int __init early_set_memory_enc_dec(unsigned long vaddr, ret = 0; + set_memory_enc_dec_hypercall(start, PAGE_ALIGN(size) >> PAGE_SHIFT, + enc); out: __flush_tlb_all(); return ret; @@ -451,6 +497,15 @@ void __init mem_encrypt_init(void) if (sev_active()) static_branch_enable(&sev_enable_key); +#ifdef CONFIG_PARAVIRT + /* + * With SEV, we need to make a hypercall when page encryption state is + * changed. + */ + if (sev_active()) + pv_ops.mmu.page_encryption_changed = set_memory_enc_dec_hypercall; +#endif + pr_info("AMD %s active\n", sev_active() ? "Secure Encrypted Virtualization (SEV)" : "Secure Memory Encryption (SME)"); diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c index c4aedd00c1ba..86b7804129fc 100644 --- a/arch/x86/mm/pat/set_memory.c +++ b/arch/x86/mm/pat/set_memory.c @@ -26,6 +26,7 @@ #include #include #include +#include #include "../mm_internal.h" @@ -1987,6 +1988,12 @@ static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc) */ cpa_flush(&cpa, 0); + /* Notify hypervisor that a given memory range is mapped encrypted + * or decrypted. The hypervisor will use this information during the + * VM migration. + */ + page_encryption_changed(addr, numpages, enc); + return ret; } -- 2.17.1