Received: by 2002:a25:2c96:0:0:0:0:0 with SMTP id s144csp1168167ybs; Mon, 25 May 2020 08:45:59 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz4LYBSw+6wtm3+C2pfdwcglZa5U2aq1OIWluBLiyiC8wJ39fKw4W854QbEXyaK7VMLdfjQ X-Received: by 2002:a05:6402:31b5:: with SMTP id dj21mr16649782edb.160.1590421559541; Mon, 25 May 2020 08:45:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590421559; cv=none; d=google.com; s=arc-20160816; b=yL2D/68Nt8pUCEFgBnHlqPUKf0MQ8F0el4ldim3pfqEq2KDACR6kMlJRjlgCpE22oi 9PBCONcZzSrJUQvEHrNoIiz/gpyqJzLS7DYxylaJo2cl9hO8Juqihj4Ubn3Id0RPcoGF KPQaiHJXNEy7Ij2zVWaaXseEGgz52WE3c1ZsJm50xknJ5CyMUlJUlsqCWkG214q+2ets xRKZaQO/zUHa9X70m95ZMe7oejZRINmGUiTWUXzULS2355CecVD93mjHsUk2tIxzox8H sXzq+QtWR6Av8q/v3/oKHKFVlvyZ5zrWNW4r+9G6+0bke+F+Gkkr90Y6ZGEmYx/uAIjK V/Yg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:dkim-signature; bh=3vYHKDvyAIo7f+4+8rStf8JenmWg3cFq5KE9Yy8/9hM=; b=q4zKNzwn8D17B+sGcWlJetNkqChcgyrRAb2IEKFs4dHDUuo88CoszA/rbvyw4X3yzQ r0qTdCflclg7A9ZyscgmwcHgRqf65+nVJYtuUmw/MV5AZWFGiKRmAMPIBDqn2em5zbtq XYKu4OTT/KS7n2VBJZMFYRo+I4JpQmiwyxxoO2zjzrtzVfD/LlARBP5ZMZAaJvJ/xknN bQDQgc9c3TrPCaSN0pDZYxzMkkAEjYZcg1kQ72I3q8blD5x10WKI8RXhlrVBAaPXQM8b dPxTUv4BbJ+bMZlJBWrhk6vmqlYbrVv6zbboPlKM5Knm+epteLPz/lZox22GRYZbwUZ+ ZgHA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=IqD+ho9t; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id mb2si9788730ejb.270.2020.05.25.08.45.35; Mon, 25 May 2020 08:45:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=IqD+ho9t; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404240AbgEYPm4 (ORCPT + 99 others); Mon, 25 May 2020 11:42:56 -0400 Received: from us-smtp-2.mimecast.com ([205.139.110.61]:29792 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2404152AbgEYPmz (ORCPT ); Mon, 25 May 2020 11:42:55 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1590421373; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=3vYHKDvyAIo7f+4+8rStf8JenmWg3cFq5KE9Yy8/9hM=; b=IqD+ho9ta7sHOQnLac2ohsmVtZUVTtGp/pW1Alopt4ZOwc8Chnk8MG4MtGGXdFodJESxY/ 2N/x7mXdlOiGnFEmekqjh8aJ34rqqS/OXp0YO4su1UQWR4Pfk+oOh9nOD73f5yv7azLtuQ KP2RiC5YLZMrv7sACSU6teHZcJm5QR4= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-88-w6HAmsVvNmOi4mYoSwfORg-1; Mon, 25 May 2020 11:42:52 -0400 X-MC-Unique: w6HAmsVvNmOi4mYoSwfORg-1 Received: by mail-ej1-f69.google.com with SMTP id gl5so6478090ejb.5 for ; Mon, 25 May 2020 08:42:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version; bh=3vYHKDvyAIo7f+4+8rStf8JenmWg3cFq5KE9Yy8/9hM=; b=Ett+jJZ7mQli7WyDXQERrVlyMt1SdEDqmzIpB76TEUUhaysD2/1rRS/+zvlleJbBHn neaeeJEM3sARmybmMCAf3woapnG0D0WC/v/8CvqPM7ONKM3hJu1UDxS6RPsNmTEu61Gf e1OarrBkqK7YdY2HCzksmR4TJkkRz7bpvgigBUdjIQAOER48WKmUc2tgVOlnlQDlx43H +vTykvlaMO7OHhK7QXwcwx3FeGx49CuuohXqvKceQhxlbO0GWZoGtzBIblg9yeC5WlUa Mmp9zwkihj8DyUVh/+ck5HnVLR8wFiM/3O9vgiQ8O/boaI9QSSWFPykTFDxQRG5+DobJ o+8g== X-Gm-Message-State: AOAM532MliHWu/z0x0fIM7WOApLlppENPAG4Q5xALoby7Dp+E0eph5bZ /hlI4ZmhE+bGlndMviOa5ECYyYkla02WNh8nbJhCRdAizknDlhr64Lh26vA6eOpd68YS3HbKdaE CrpRFFbMn11rRiNdOoWQpotsY X-Received: by 2002:a50:8165:: with SMTP id 92mr16085679edc.263.1590421370956; Mon, 25 May 2020 08:42:50 -0700 (PDT) X-Received: by 2002:a50:8165:: with SMTP id 92mr16085655edc.263.1590421370763; Mon, 25 May 2020 08:42:50 -0700 (PDT) Received: from vitty.brq.redhat.com (g-server-2.ign.cz. [91.219.240.2]) by smtp.gmail.com with ESMTPSA id b27sm15514775ejd.6.2020.05.25.08.42.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 May 2020 08:42:50 -0700 (PDT) From: Vitaly Kuznetsov To: "Kirill A. Shutemov" Cc: David Rientjes , Andrea Arcangeli , Kees Cook , Will Drewry , "Edgecombe\, Rick P" , "Kleen\, Andi" , x86@kernel.org, kvm@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" , Dave Hansen , Andy Lutomirski , Peter Zijlstra , Paolo Bonzini , Sean Christopherson , Wanpeng Li , Jim Mattson , Joerg Roedel Subject: Re: [RFC 13/16] x86/kvmclock: Share hvclock memory with the host In-Reply-To: <20200525152527.7g57us6imlh62x7i@box> References: <20200522125214.31348-1-kirill.shutemov@linux.intel.com> <20200522125214.31348-14-kirill.shutemov@linux.intel.com> <875zck82fx.fsf@vitty.brq.redhat.com> <20200525152527.7g57us6imlh62x7i@box> Date: Mon, 25 May 2020 17:42:48 +0200 Message-ID: <87v9kk6mx3.fsf@vitty.brq.redhat.com> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org "Kirill A. Shutemov" writes: > On Mon, May 25, 2020 at 05:22:10PM +0200, Vitaly Kuznetsov wrote: >> "Kirill A. Shutemov" writes: >> >> > hvclock is shared between the guest and the hypervisor. It has to be >> > accessible by host. >> > >> > Signed-off-by: Kirill A. Shutemov >> > --- >> > arch/x86/kernel/kvmclock.c | 2 +- >> > 1 file changed, 1 insertion(+), 1 deletion(-) >> > >> > diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c >> > index 34b18f6eeb2c..ac6c2abe0d0f 100644 >> > --- a/arch/x86/kernel/kvmclock.c >> > +++ b/arch/x86/kernel/kvmclock.c >> > @@ -253,7 +253,7 @@ static void __init kvmclock_init_mem(void) >> > * hvclock is shared between the guest and the hypervisor, must >> > * be mapped decrypted. >> > */ >> > - if (sev_active()) { >> > + if (sev_active() || kvm_mem_protected()) { >> > r = set_memory_decrypted((unsigned long) hvclock_mem, >> > 1UL << order); >> > if (r) { >> >> Sorry if I missed something but we have other structures which KVM guest >> share with the host, >> >> sev_map_percpu_data(): >> ... >> for_each_possible_cpu(cpu) { >> __set_percpu_decrypted(&per_cpu(apf_reason, cpu), sizeof(apf_reason)); >> __set_percpu_decrypted(&per_cpu(steal_time, cpu), sizeof(steal_time)); >> __set_percpu_decrypted(&per_cpu(kvm_apic_eoi, cpu), sizeof(kvm_apic_eoi)); >> } >> ... >> >> Do you handle them somehow in the patchset? (I'm probably just blind >> failing to see how 'early_set_memory_decrypted()' is wired up) > > I don't handle them yet: I've seen the function, but have not modified it. > I want to understand first why it doesn't blow up for me without the > change. Any clues? (if I got the idea of the patchset right) these features are kernel-only (e.g. QEMU doesn't need to access these areas). E.g. for APF KVM will do kvm_write_guest_cached() and this will use FOLL_KVM. Guests should not rely on that and mark all shared areas as unprotected. -- Vitaly