Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp1361543pxf; Fri, 2 Apr 2021 08:27:39 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy4y/B79brLe07XHlJCew9UWBdsf9Gt7Q7sBbiJ/m24V/cjApXrnRI0i/T8H+/zYxBALlgF X-Received: by 2002:a02:971a:: with SMTP id x26mr13224709jai.61.1617377259088; Fri, 02 Apr 2021 08:27:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617377259; cv=none; d=google.com; s=arc-20160816; b=sYU1QAMngkUZ4gDVGy8e1q1R7xj5L37avzN2wvMM5Z83aq3eRSpqd4Q5Id/bWaxtpb 6ypJjMgIYumffBv3SLdhMr/o/VhTyi2EYmZl3Ngawxcl2RXBFdX5qmPFe99vNgRfvrDe +yfaVuaMTV9a18JhTsoD5x6c3Wn8aqj1bVsMxfiLS1AsVpDucjl7o/P072pvptA2hMXW HvAXdyfGeJxIpzNf323qtN2PcByYI9OUO40Y3mfu2cLyYsIxC9+xHkazG1FOHdYBtCPz DY2jTnECigBOx+9AvXTTzWgVCvxRsMzF4bXCcaq3smsHPOQpV+FeNvj3rid3iclDYtTm gZuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=ZjsS1bI2uKq/2mrnLoFtUTJW7+/w5vjC+pfAdCGzd/4=; b=Gd+Hs/keGtWypSz9Wp4ZooHbv5yeegMdxw6i97i4oAWpj04VkobhGCFSdEDzgz/p5J 7ZJ7zH/qaBjEyvCH5umMBXxoEHhvqJi1vHM4S2vICIDW+EORoF8cf+BiS2RXRkVumzCS yuBXXOYN2m1quwmkZtJ2bb8xEe30wmmfjjP2TqM4o7fVU7JE0IhfLVJkFg4XqeAFgHzI RrONA/Y/cpwbN1v8EVZPju7BjODD7gaftekfWUtS7JsfSS1C/8jYXA+AKLaOXRgUa0NB Z+oqCUcFOiP5FCiezspG7CHKJiJMiQ3j4m6tzPt1Z2frQYKiNwJGyCmYwiYu+XkLyyE3 rExA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@shutemov-name.20150623.gappssmtp.com header.s=20150623 header.b=sLsxFjLl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f19si8239423jat.55.2021.04.02.08.27.24; Fri, 02 Apr 2021 08:27:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@shutemov-name.20150623.gappssmtp.com header.s=20150623 header.b=sLsxFjLl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235952AbhDBP1D (ORCPT + 99 others); Fri, 2 Apr 2021 11:27:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58500 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235113AbhDBP1B (ORCPT ); Fri, 2 Apr 2021 11:27:01 -0400 Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 23574C061788 for ; Fri, 2 Apr 2021 08:27:00 -0700 (PDT) Received: by mail-lf1-x12e.google.com with SMTP id b4so8052583lfi.6 for ; Fri, 02 Apr 2021 08:27:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=ZjsS1bI2uKq/2mrnLoFtUTJW7+/w5vjC+pfAdCGzd/4=; b=sLsxFjLldrKmyHyURfqQVaKuUqWfHVD0j45vA/YcBUS7CK7j45ipCGAFB8I3JUaul7 EeEMeHuOsEsTv/LrV3rlZXAaQxWH6eHqX/HhMPc2amFnqgahdYRDYS01rQ3A3gNG09Q6 /wpQeMSCIKilbzP9PBU+7XDjS3/CKdHWx5T4wwUIHeCsLzuHQfv2lJ0sHOn2ypoBLhsr ffP0o/FDsjV36uhUX+CKEbJ28/nBdgfXMNS+cPDy0ExO4c6D5sPQoPmVHZnpD4tMFq0A jDdGh3Vgx9XQFa3JfbWE5j+nPUsokwi2vRJ+mCVB5TiW94Z81EUfv0ybUkXSh2ftQIiD tN/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=ZjsS1bI2uKq/2mrnLoFtUTJW7+/w5vjC+pfAdCGzd/4=; b=TaDPUMG8Q2rJ/DsgGaplwC0zWLhxHWwvYU3Oqbg4SMnS1cCly9sNKlfUPrJ0YCwW7F XRVIMit4QqBTM0XYYi9+h3KePVtMxg9RvWu6e+LbtYiZicDCRXMyRH3CeNTv5SfzaZc3 WJnayURMmNUIZfMdPxv6RtNmOiI2R5858rjjmxJgQQONwb8WaacV08r4Fp49LahzM6zt 8GkpFKOtIZ+kTPNhvlNtpLDbO7F63TNROOOQOJoDUUpBObdEvm8oPANpY+s08VEfmjj+ j3gW+kpbSna7BkkR3YAuS4hWAMTTafl3GLYgGgJbU4L+3kWCPj0hRNzO+i5cQrGLG1w6 9AvQ== X-Gm-Message-State: AOAM533XwNMo1aOEPdpxccQLp1QyA0IGYF5QCdpPKLaCeh/PlBGNNg9A 6XbK3vEcD5qIiLf9vXqbWTZtwA== X-Received: by 2002:a05:6512:21a:: with SMTP id a26mr9409958lfo.507.1617377218429; Fri, 02 Apr 2021 08:26:58 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id o11sm950978ljg.42.2021.04.02.08.26.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Apr 2021 08:26:57 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 1E1E310257C; Fri, 2 Apr 2021 18:26:59 +0300 (+03) To: Dave Hansen , Andy Lutomirski , Peter Zijlstra , Sean Christopherson , Jim Mattson Cc: David Rientjes , "Edgecombe, Rick P" , "Kleen, Andi" , "Yamahata, Isaku" , x86@kernel.org, kvm@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [RFCv1 0/7] TDX and guest memory unmapping Date: Fri, 2 Apr 2021 18:26:38 +0300 Message-Id: <20210402152645.26680-1-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.26.3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org TDX integrity check failures may lead to system shutdown host kernel must not allow any writes to TD-private memory. This requirment clashes with KVM design: KVM expects the guest memory to be mapped into host userspace (e.g. QEMU). This patchset aims to start discussion on how we can approach the issue. The core of the change is in the last patch. Please see more detailed description of the issue and proposoal of the solution there. The patchset can also be found here: git://git.kernel.org/pub/scm/linux/kernel/git/kas/linux.git kvm-unmapped-poison Kirill A. Shutemov (7): x86/mm: Move force_dma_unencrypted() to common code x86/kvm: Introduce KVM memory protection feature x86/kvm: Make DMA pages shared x86/kvm: Use bounce buffers for KVM memory protection x86/kvmclock: Share hvclock memory with the host x86/realmode: Share trampoline area if KVM memory protection enabled KVM: unmap guest memory using poisoned pages arch/x86/Kconfig | 9 +- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/io.h | 4 +- arch/x86/include/asm/kvm_para.h | 5 + arch/x86/include/asm/mem_encrypt.h | 7 +- arch/x86/include/uapi/asm/kvm_para.h | 3 +- arch/x86/kernel/kvm.c | 20 ++++ arch/x86/kernel/kvmclock.c | 2 +- arch/x86/kernel/pci-swiotlb.c | 3 +- arch/x86/kvm/Kconfig | 1 + arch/x86/kvm/cpuid.c | 3 +- arch/x86/kvm/mmu/mmu.c | 15 ++- arch/x86/kvm/mmu/paging_tmpl.h | 10 +- arch/x86/kvm/x86.c | 6 + arch/x86/mm/Makefile | 2 + arch/x86/mm/mem_encrypt.c | 74 ------------ arch/x86/mm/mem_encrypt_common.c | 87 ++++++++++++++ arch/x86/mm/pat/set_memory.c | 10 ++ arch/x86/realmode/init.c | 7 +- include/linux/kvm_host.h | 12 ++ include/linux/swapops.h | 20 ++++ include/uapi/linux/kvm_para.h | 5 +- mm/gup.c | 31 +++-- mm/memory.c | 45 +++++++- mm/page_vma_mapped.c | 8 +- mm/rmap.c | 2 +- mm/shmem.c | 7 ++ virt/kvm/Kconfig | 3 + virt/kvm/kvm_main.c | 164 ++++++++++++++++++++++++--- 29 files changed, 442 insertions(+), 124 deletions(-) create mode 100644 arch/x86/mm/mem_encrypt_common.c -- 2.26.3