Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp4680853pxb; Tue, 22 Feb 2022 04:08:50 -0800 (PST) X-Google-Smtp-Source: ABdhPJwF/6oluFfg8K1zLAZP3SY0rejZWdVZU7k7JV0UuhioEYSLaF5oQIUdwJvRWHui8fYfNpWd X-Received: by 2002:aa7:8643:0:b0:4d1:d068:ef15 with SMTP id a3-20020aa78643000000b004d1d068ef15mr24508193pfo.9.1645531730138; Tue, 22 Feb 2022 04:08:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645531730; cv=none; d=google.com; s=arc-20160816; b=ZLRk5IhYXrs6eu6qX7eqn8Bj6419eTSlu9fgPGkiPShjYzroEn/48DD9ml4QBhuWB6 O2qzZ0JSVKhh0haVU7x77sGnSrAzrG4urWa2bGTxE+/HnNbpUVueaiQrLOtvlv0ugtqY S34wkGkW802PSq8Z2D2VLDFBCxlyZ4kbJGJbeZVhpuYceqPwueUpoqWG0Bp2a8hzIweP RWmuLEBIAQGLr0blYOfErtne53qTTP1PsqJLx+qiq/kd8SnaV9PBdP7qUMYzCzf3BE/d UXnyI9/C2X2YQlEHmv0Uzh9mNhrZuY/67s38TEEUXIZ8+qmgDtexkMInyGg4o951mKns tf8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=RP6O1xrrPIvWpXENCpEC5PUbduUyVYDO+XkQf9zxdKk=; b=GKBgBvYep1EOFPEn/4uDGgWMwoPe3859GCpIT2uyg5sDXoa/+nEWwvspHeH5ZxsAt0 AcnHmQz22+rfU3fbAGseR+DCihqDtW2U6HHNjV/9Pbt8S70ptfl+GH2vqkAToRk8ld/6 NMRxP/a2wlNmf17fC5McWv9z9Wlj+a2IPFOiEyDUFIxWeJXs0iTsJTVSWLXHv22wAzg/ LyiT4Ws2d8YlGsySj9cXTwLBYPSHeyHR0gbv6Cj/r+hqcTMyS8nzeZS2rt6QuuNMt+1g jKJZjJGI8CU/KTl96sAp91BP+uujOFZe8HJ+RhvnPzolo9m0ax7utMAFED5SRAWPqo7J VuhA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=b8D1iAxh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u8si12034816pfg.1.2022.02.22.04.08.36; Tue, 22 Feb 2022 04:08:50 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=b8D1iAxh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231580AbiBVLD3 (ORCPT + 99 others); Tue, 22 Feb 2022 06:03:29 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47772 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229659AbiBVLD1 (ORCPT ); Tue, 22 Feb 2022 06:03:27 -0500 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 436FBA9973 for ; Tue, 22 Feb 2022 03:03:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1645527782; x=1677063782; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=yUrwj5E/F7AoILmfvYw5jCWArXoiGjjQGiO38xKyypQ=; b=b8D1iAxh8QwUo7HZcNYTEaf6mpDyDjeS+mbO4Xn+41Zzir34up9QF4OQ nSCQt6P8WDtLkF/cmuLy5kof3NKBZkNmH3XERIOWvfPQm/yHgS5oOFDip mw/XBv7aYOa3VpsRs+GEqFzb/RjlvmQ/X02gT41l7gHicDsX5k4m35Izy WTrOKMCdPwRPCbAGOTfpDzNcyRc970gAMkG5PrAtwxfrhuP4EYdnF9X/V K31xznUsIIqYLUX0r8q+nXWYduglqAHuilx5YguEzz+wrrpCyorw0Y5jC LLG0XPX8p9ZpYALRNwxWp4GN5vTdZTcxOWzhRcCVo2o/OjzfBY/jbunFK A==; X-IronPort-AV: E=McAfee;i="6200,9189,10265"; a="251427913" X-IronPort-AV: E=Sophos;i="5.88,387,1635231600"; d="scan'208";a="251427913" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Feb 2022 03:03:01 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,387,1635231600"; d="scan'208";a="779066664" Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga005.fm.intel.com with ESMTP; 22 Feb 2022 03:02:56 -0800 Received: by black.fi.intel.com (Postfix, from userid 1000) id 9B35412C; Tue, 22 Feb 2022 13:03:12 +0200 (EET) Date: Tue, 22 Feb 2022 14:03:12 +0300 From: "Kirill A. Shutemov" To: Dave Hansen Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, luto@kernel.org, peterz@infradead.org, sathyanarayanan.kuppuswamy@linux.intel.com, aarcange@redhat.com, ak@linux.intel.com, dan.j.williams@intel.com, david@redhat.com, hpa@zytor.com, jgross@suse.com, jmattson@google.com, joro@8bytes.org, jpoimboe@redhat.com, knsathya@kernel.org, pbonzini@redhat.com, sdeep@vmware.com, seanjc@google.com, tony.luck@intel.com, vkuznets@redhat.com, wanpengli@tencent.com, x86@kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCHv3 02/32] x86/coco: Add API to handle encryption mask Message-ID: <20220222110312.q7eaepfph2tyjq3e@black.fi.intel.com> References: <20220218161718.67148-1-kirill.shutemov@linux.intel.com> <20220218161718.67148-3-kirill.shutemov@linux.intel.com> <66fcd7e7-deb6-f27e-9fc6-33293ce04f16@intel.com> <20220218213300.2bs4t3admhozonaq@black.fi.intel.com> <7ebd6ba1-85a4-6fee-c897-22ed108ac8b7@intel.com> <20220221222856.c6b74b3n3fwqe6vy@black.fi.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220221222856.c6b74b3n3fwqe6vy@black.fi.intel.com> X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 22, 2022 at 01:28:56AM +0300, Kirill A. Shutemov wrote: > On Mon, Feb 21, 2022 at 11:28:16AM -0800, Dave Hansen wrote: > > I'm just a bit confused why *this* was chosen as the cc_whatever() hook. > > Just like the mask function, it has one spot where it gets used: > > > > +#define pgprot_encrypted(prot) __pgprot(cc_mkenc(pgprot_val(prot))) > > +#define pgprot_decrypted(prot) __pgprot(cc_mkdec(pgprot_val(prot))) > > > > So, why bother having another level of abstraction? > > > > Why don't we just have: > > > > pgprot_t cc_mkenc(pgprot prot) > > pgprot_t cc_mkenc(pgprot prot) > > > > and *no* pgprot_{en,de}crypted()? > > Okay. Let me try this. Below it how it would look like. I don't like it, especially, tdx_enc_status_changed() case. There are more cases like this in attestation code. I would rather make cc_mkenc()/cc_mkdec() to operate on u64 (or phys_addr_t?) while pgprot_encrypted()/pgprot_decrypted() cover pgprot_t. It also makes set_memory cleaner: cpa.mask_set = __pgprot(enc ? cc_mkenc(0) : cc_mkdec(0)); cpa.mask_clr = __pgprot(enc ? cc_mkdec(0) : cc_mkenc(0)); Opinions? diff --git a/arch/x86/coco/tdx.c b/arch/x86/coco/tdx.c index fb32c271fe34..bf5ba7d5b736 100644 --- a/arch/x86/coco/tdx.c +++ b/arch/x86/coco/tdx.c @@ -514,8 +514,8 @@ static int tdx_enc_status_changed(unsigned long vaddr, int numpages, bool enc) return -EINVAL; if (!enc) { - start = cc_mkenc(start); - end = cc_mkenc(end); + start |= pgprot_val(cc_mkenc(__pgprot(0))); + end |= pgprot_val(cc_mkenc(__pgprot(0))); } /* diff --git a/arch/x86/include/asm/coco.h b/arch/x86/include/asm/coco.h index 802d87d08e31..fba1dd2ef319 100644 --- a/arch/x86/include/asm/coco.h +++ b/arch/x86/include/asm/coco.h @@ -14,13 +14,18 @@ enum cc_vendor { void cc_init(enum cc_vendor, u64 mask); #ifdef CONFIG_ARCH_HAS_CC_PLATFORM -u64 cc_get_mask(bool enc); -u64 cc_mkenc(u64 val); -u64 cc_mkdec(u64 val); +pgprot_t cc_mkenc(pgprot_t prot); +pgprot_t cc_mkdec(pgprot_t prot); #else -#define cc_get_mask(enc) 0 -#define cc_mkenc(val) (val) -#define cc_mkdec(val) (val) +static inline pgprot_t cc_mkenc(pgprot_t prot) +{ + return prot; +} + +static inline pgprot_t cc_mkdec(pgprot_t prot) +{ + return prot; +} #endif #endif /* _ASM_X86_COCO_H */ diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h index 62ab07e24aef..8cba0d258e49 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -36,8 +36,8 @@ void ptdump_walk_user_pgd_level_checkwx(void); /* * Macros to add or remove encryption attribute */ -#define pgprot_encrypted(prot) __pgprot(cc_mkenc(pgprot_val(prot))) -#define pgprot_decrypted(prot) __pgprot(cc_mkdec(pgprot_val(prot))) +#define pgprot_encrypted(prot) cc_mkenc(prot) +#define pgprot_decrypted(prot) cc_mkdec(prot) #ifdef CONFIG_DEBUG_WX #define debug_checkwx() ptdump_walk_pgd_level_checkwx() diff --git a/arch/x86/kernel/cc_platform.c b/arch/x86/kernel/cc_platform.c index 12a34e80ef50..d13a034e9a21 100644 --- a/arch/x86/kernel/cc_platform.c +++ b/arch/x86/kernel/cc_platform.c @@ -12,6 +12,7 @@ #include #include +#include static u64 cc_mask; static enum cc_vendor cc_vendor; @@ -93,39 +94,27 @@ bool cc_platform_has(enum cc_attr attr) } EXPORT_SYMBOL_GPL(cc_platform_has); -u64 cc_get_mask(bool enc) +pgprot_t cc_mkenc(pgprot_t prot) { switch (cc_vendor) { case CC_VENDOR_AMD: - return enc ? cc_mask : 0; + return __pgprot(pgprot_val(prot) | cc_mask); case CC_VENDOR_INTEL: - return enc ? 0 : cc_mask; + return __pgprot(pgprot_val(prot) & ~cc_mask); default: - return 0; + return prot; } } -u64 cc_mkenc(u64 val) +pgprot_t cc_mkdec(pgprot_t prot) { switch (cc_vendor) { case CC_VENDOR_AMD: - return val | cc_mask; + return __pgprot(pgprot_val(prot) & ~cc_mask); case CC_VENDOR_INTEL: - return val & ~cc_mask; + return __pgprot(pgprot_val(prot) | cc_mask); default: - return val; - } -} - -u64 cc_mkdec(u64 val) -{ - switch (cc_vendor) { - case CC_VENDOR_AMD: - return val & ~cc_mask; - case CC_VENDOR_INTEL: - return val | cc_mask; - default: - return val; + return prot; } } EXPORT_SYMBOL_GPL(cc_mkdec); diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c index 65a27dec095f..1ef63ea377dd 100644 --- a/arch/x86/mm/pat/set_memory.c +++ b/arch/x86/mm/pat/set_memory.c @@ -1999,8 +1999,8 @@ static int __set_memory_enc_pgtable(unsigned long addr, int numpages, bool enc) memset(&cpa, 0, sizeof(cpa)); cpa.vaddr = &addr; cpa.numpages = numpages; - cpa.mask_set = __pgprot(cc_get_mask(enc)); - cpa.mask_clr = __pgprot(cc_get_mask(!enc)); + cpa.mask_set = enc ? cc_mkenc(__pgprot(0)) : cc_mkdec(__pgprot(0)); + cpa.mask_clr = enc ? cc_mkdec(__pgprot(0)) : cc_mkenc(__pgprot(0)); cpa.pgd = init_mm.pgd; /* Must avoid aliasing mappings in the highmem code */ -- Kirill A. Shutemov