Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp2403155pxb; Tue, 13 Apr 2021 00:38:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyUdMHJES1o+qJHd8o1Y8FnGFfxlVJhPkwWXjJv4DSB5RJYs6Lb35fKuV70gsyfFjTy2eXW X-Received: by 2002:a05:6402:b26:: with SMTP id bo6mr34768919edb.162.1618299480118; Tue, 13 Apr 2021 00:38:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618299480; cv=none; d=google.com; s=arc-20160816; b=1HoV3P/hAfgqZ28HtUtvGxal/iwY3CrLMFhU3Xl/b1UB6MPa0PkUWD9EfwazID0NRX NPnNRb9zTzTzZG+PPDUT4GtYUoyW6xgtp0MHbbca+ZEhX9h0zJnrR6eoaYs+5lPoNFBr cdlsm/dtdySZcuoxN94H08yNnPUwqL4i5zHpCSKJSPGsGWJjXbAqowb5komyvnvv5wmU IPW7E30wQozXzVa1O3te+ihjvC/WqIVkkhlm8dBz4PblfHP+zF+oe3Y7e+SHqgDbe10c Szf130DYfm5/UYzrJ8NcS1Pb+suoChSavnRkGCX2eFfNrrxtcf1sDcsxWW2kqxPXFqMr eXiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=kRssdtFHKi97tNyc5D+V2cDQ5RHWUMi++g4fZzFZXRg=; b=PpSvXAmd4Ftyrks9d3q/P3oNR3KqVs9ew6C4n1TTafonhEITJl/s2e69ukVG+k6sKg HjV6aQY4frItSf86itm6oCCVnniyYlNP+Qn48sm73W4wagJUQmpzo9e5hkkaer9bQEpg JV7+7p8UGwr7ofQdmKwYqs7fq8A+96TPL2g4CRfOPgrNpMj1x7FUI0HHKJkYO1xuKQQt PNQ48DFPM8M3XDc6E1oM9kiHBK5PZJq0bUb7OIX3s9Fdw4kZ00K1N6RPVTufpyWmeGev R57lxSyyP9EBRwlD+fDte0riLunlce7Y1/bsfkahKVGtsFKJHWFg9HMZa6/tY3BeAFn0 zPmA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=vAcFAzMK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h9si5334278ejb.384.2021.04.13.00.37.36; Tue, 13 Apr 2021 00:38:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=vAcFAzMK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239529AbhDMAXx (ORCPT + 99 others); Mon, 12 Apr 2021 20:23:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44100 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229581AbhDMAXw (ORCPT ); Mon, 12 Apr 2021 20:23:52 -0400 Received: from mail-il1-x129.google.com (mail-il1-x129.google.com [IPv6:2607:f8b0:4864:20::129]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 30420C061574 for ; Mon, 12 Apr 2021 17:23:34 -0700 (PDT) Received: by mail-il1-x129.google.com with SMTP id 7so10976291ilz.0 for ; Mon, 12 Apr 2021 17:23:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kRssdtFHKi97tNyc5D+V2cDQ5RHWUMi++g4fZzFZXRg=; b=vAcFAzMKpNpNOdQbVBxXaL8NIRssz2A0T70BqLEbbCva8esUHoy1CiUge40ajK6OFY MxSGvp0eOi0oX68c0nc3F3rye/jLuYftu6Fn8piIHgcMPRgCTsjOWVjcyb9Wpl2vZe0O aDelcZ8mtHb+MHsJ3E20k3G4WKhp1g9fQYoKSZckDZp3l7paguUMwrv265NHxnW32SwA Y535vKY8yE+qx5b+IUZId5WK/lYcefqdvXMg5wlSvQCsV+NPbEL0xRqDbU3HazeMbyos wmsS91C1fkryNiabTWPK7eqVxkOLTzLVa8ZmotDbz24wQKLFX4//qSpcFFTEY7ox7As/ 5/ow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kRssdtFHKi97tNyc5D+V2cDQ5RHWUMi++g4fZzFZXRg=; b=oKcgOb4ynGwZe7wQ2ulj/Gd6GTb8O1w8EiWQZOqtAExscwiw0rljA6J17A2HlU8CZL odO0F7SMvYGeVlpcE+PT74BJoKISQFWEe4jAqqvoJL08qH62cPhn0jJBJGowQopuZ5zS N+8h8H8gNSJGQTpn62YHnab6pBkxVIRsFuSqD6PBqh4r/ssr6MwfTYYwGh4cT2cXtBTD noPU47tWq6Nt18X3+CLjiiWurhIjvC+UfQ67hjdDoeoTTKUQDAbNfjXitNCIhHIiLxlY FDt92YaJtYqJbhOby8IbA8ey4GN5yluCe3cXVIcCLwKqmKYC/iulqSnPjav+FwzQ/B7q Mjhg== X-Gm-Message-State: AOAM530ZseFU4+pcEtwcQAzxM1Z0O7262rz1vK/dRdA2q2V9XI7KtFql FK5njGP3zZhNzHmRuYhuDwzwmEwDwzv0y8erW7EOWA== X-Received: by 2002:a05:6e02:1e08:: with SMTP id g8mr25478517ila.176.1618273413327; Mon, 12 Apr 2021 17:23:33 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Steve Rutherford Date: Mon, 12 Apr 2021 17:22:57 -0700 Message-ID: Subject: Re: [PATCH v12 13/13] x86/kvm: Add kexec support for SEV Live Migration. To: Ashish Kalra Cc: Paolo Bonzini , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Joerg Roedel , Borislav Petkov , Tom Lendacky , X86 ML , KVM list , LKML , Sean Christopherson , Venu Busireddy , Brijesh Singh , kexec@lists.infradead.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 12, 2021 at 12:48 PM Ashish Kalra wrote: > > From: Ashish Kalra > > Reset the host's shared pages list related to kernel > specific page encryption status settings before we load a > new kernel by kexec. We cannot reset the complete > shared pages list here as we need to retain the > UEFI/OVMF firmware specific settings. > > The host's shared pages list is maintained for the > guest to keep track of all unencrypted guest memory regions, > therefore we need to explicitly mark all shared pages as > encrypted again before rebooting into the new guest kernel. > > Signed-off-by: Ashish Kalra > --- > arch/x86/kernel/kvm.c | 24 ++++++++++++++++++++++++ > 1 file changed, 24 insertions(+) > > diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c > index bcc82e0c9779..4ad3ed547ff1 100644 > --- a/arch/x86/kernel/kvm.c > +++ b/arch/x86/kernel/kvm.c > @@ -39,6 +39,7 @@ > #include > #include > #include > +#include > > DEFINE_STATIC_KEY_FALSE(kvm_async_pf_enabled); > > @@ -384,6 +385,29 @@ static void kvm_pv_guest_cpu_reboot(void *unused) > */ > if (kvm_para_has_feature(KVM_FEATURE_PV_EOI)) > wrmsrl(MSR_KVM_PV_EOI_EN, 0); > + /* > + * Reset the host's shared pages list related to kernel > + * specific page encryption status settings before we load a > + * new kernel by kexec. NOTE: We cannot reset the complete > + * shared pages list here as we need to retain the > + * UEFI/OVMF firmware specific settings. > + */ > + if (sev_live_migration_enabled & (smp_processor_id() == 0)) { What happens if the reboot of CPU0 races with another CPU servicing a device request (while the reboot is pending for that CPU)? Seems like you could run into a scenario where you have hypercalls racing. Calling this on every core isn't free, but it is an easy way to avoid this race. You could also count cores, and have only last core do the job, but that seems more complicated. Steve > + int i; > + unsigned long nr_pages; > + > + for (i = 0; i < e820_table->nr_entries; i++) { > + struct e820_entry *entry = &e820_table->entries[i]; > + > + if (entry->type != E820_TYPE_RAM) > + continue; > + > + nr_pages = DIV_ROUND_UP(entry->size, PAGE_SIZE); > + > + kvm_sev_hypercall3(KVM_HC_PAGE_ENC_STATUS, > + entry->addr, nr_pages, 1); > + } > + } > kvm_pv_disable_apf(); > kvm_disable_steal_time(); > } > -- > 2.17.1 >