Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp4693834pxb; Mon, 28 Mar 2022 01:22:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzx4gaiGxf0hXEh1GwmfFczfGMAynIsM4ab4kS76T0VdPyQyv5g1+sb1yUKzQzIw3F6/gDa X-Received: by 2002:a17:902:c9c2:b0:154:68e7:7c5a with SMTP id q2-20020a170902c9c200b0015468e77c5amr25154367pld.122.1648455733714; Mon, 28 Mar 2022 01:22:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648455733; cv=none; d=google.com; s=arc-20160816; b=muF/HF3zCRbxRM+79lchkZC5KMe4e09kq+OGHP+10yG8wpNypJoPvwUsfUHyfZutEJ rGLNnPu39KroH/Md0/gCbyx/dpsXohqE222DSEBEtBHcv+OuuNY0QbsaYDpXEYCnHESN h62ZxtZTwjJeatpsfImUpgP1AExi3on18klfqMO/Ir35oxxV064QIij2Re4G1qjiDWMx HrOf7bocuIflwHACZaL+FQNta+xwmmKp5rSSjzod7Z3dvI+37+hwscNmLbS2rOccKapf 233yVFWDlrxtUSjiH0Rf2p7/pZGapPzd760OYGDOp8J4kDIuxbmlR/bfRMG0NyXwDir/ 1xLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=DFpx52hLENNUCnYCRr3fwx2/YCWA7fnbAZ4R1kF5ErM=; b=vRs/mtIxmt5clwvVYZ/RP17yqGMJoq8uM6I/2np99EWRQaj3FQrdzFpnaxH0vd/UGm HialgYgamARkuiQSxU1XU725eUjCQ/4PU8UhMupQGAj7q1Cmbg+5CGxaaWTYVxIQ7wwJ pCHlt0iVujVdieMHm+4KOZ5wHULWCB4WT95mUMW8G4k5t3AmxS5BkWdF8E61RZKarR0J JW0KyUJBf1E9PfCGI7wIkM5Tc6+0Wv7U/5kQQGM/VeSWqgXwPty4ocaIB/sdoT/JnhPf 1q8NUBQ0iIiYbMs2aH+5vUlXYS3xV3Z2rlVrNg/6r3l1Kl5peIvmp7JG13dmmI/Yyq3T Jl9A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b11-20020a170902d88b00b00153b2d164c9si12071461plz.209.2022.03.28.01.22.00; Mon, 28 Mar 2022 01:22:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233305AbiCZOnL (ORCPT + 99 others); Sat, 26 Mar 2022 10:43:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34400 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232561AbiCZOnK (ORCPT ); Sat, 26 Mar 2022 10:43:10 -0400 Received: from theia.8bytes.org (8bytes.org [IPv6:2a01:238:4383:600:38bc:a715:4b6d:a889]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D64E520288F for ; Sat, 26 Mar 2022 07:41:32 -0700 (PDT) Received: from cap.home.8bytes.org (p5b006cf2.dip0.t-ipconnect.de [91.0.108.242]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by theia.8bytes.org (Postfix) with ESMTPSA id 66E6F4ED; Sat, 26 Mar 2022 15:41:30 +0100 (CET) From: Joerg Roedel To: x86@kernel.org Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , hpa@zytor.com, Tom Lendacky , Brijesh Singh , Joerg Roedel , linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: [PATCH v3] x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO Date: Sat, 26 Mar 2022 15:41:27 +0100 Message-Id: <20220326144127.15967-1-joro@8bytes.org> X-Mailer: git-send-email 2.35.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_PASS, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Joerg Roedel The io specific memcpy/memset functions use string mmio accesses to do their work. Under SEV the hypervisor can't emulate these instructions, because they read/write directly from/to encrypted memory. KVM will inject a page fault exception into the guest when it is asked to emulate string mmio instructions for an SEV guest: BUG: unable to handle page fault for address: ffffc90000065068 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 8000100000067 P4D 8000100000067 PUD 80001000fb067 PMD 80001000fc067 PTE 80000000fed40173 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.17.0-rc7 #3 As string mmio for an SEV guest can not be supported by the hypervisor, unroll the instructions for CC_ATTR_GUEST_UNROLL_STRING_IO enabled kernels. This issue appears when kernels are launched in recent libvirt-managed SEV virtual machines, because libvirt started to add a tpm-crb device to the guest by default. The kernel driver for tpm-crb uses memcpy_to/from_io() functions to access MMIO memory, resulting in a page-fault injected by KVM and crashing the kernel at boot. Cc: stable@vger.kernel.org #4.15+ Fixes: d8aa7eea78a1 ('x86/mm: Add Secure Encrypted Virtualization (SEV) support') Reviewed-by: Tom Lendacky Signed-off-by: Joerg Roedel --- Changes v2->v3: - Fix sparse warnings introduced by v2 arch/x86/lib/iomem.c | 65 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 57 insertions(+), 8 deletions(-) diff --git a/arch/x86/lib/iomem.c b/arch/x86/lib/iomem.c index df50451d94ef..3e2f33fc33de 100644 --- a/arch/x86/lib/iomem.c +++ b/arch/x86/lib/iomem.c @@ -22,7 +22,7 @@ static __always_inline void rep_movs(void *to, const void *from, size_t n) : "memory"); } -void memcpy_fromio(void *to, const volatile void __iomem *from, size_t n) +static void string_memcpy_fromio(void *to, const volatile void __iomem *from, size_t n) { if (unlikely(!n)) return; @@ -38,9 +38,8 @@ void memcpy_fromio(void *to, const volatile void __iomem *from, size_t n) } rep_movs(to, (const void *)from, n); } -EXPORT_SYMBOL(memcpy_fromio); -void memcpy_toio(volatile void __iomem *to, const void *from, size_t n) +static void string_memcpy_toio(volatile void __iomem *to, const void *from, size_t n) { if (unlikely(!n)) return; @@ -56,14 +55,64 @@ void memcpy_toio(volatile void __iomem *to, const void *from, size_t n) } rep_movs((void *)to, (const void *) from, n); } + +static void unrolled_memcpy_fromio(void *to, const volatile void __iomem *from, size_t n) +{ + const volatile char __iomem *in = from; + char *out = to; + int i; + + for (i = 0; i < n; ++i) + out[i] = readb(&in[i]); +} + +static void unrolled_memcpy_toio(volatile void __iomem *to, const void *from, size_t n) +{ + volatile char __iomem *out = to; + const char *in = from; + int i; + + for (i = 0; i < n; ++i) + writeb(in[i], &out[i]); +} + +static void unrolled_memset_io(volatile void __iomem *a, int b, size_t c) +{ + volatile char __iomem *mem = a; + int i; + + for (i = 0; i < c; ++i) + writeb(b, &mem[i]); +} + +void memcpy_fromio(void *to, const volatile void __iomem *from, size_t n) +{ + if (cc_platform_has(CC_ATTR_GUEST_UNROLL_STRING_IO)) + unrolled_memcpy_fromio(to, from, n); + else + string_memcpy_fromio(to, from, n); +} +EXPORT_SYMBOL(memcpy_fromio); + +void memcpy_toio(volatile void __iomem *to, const void *from, size_t n) +{ + if (cc_platform_has(CC_ATTR_GUEST_UNROLL_STRING_IO)) + unrolled_memcpy_toio(to, from, n); + else + string_memcpy_toio(to, from, n); +} EXPORT_SYMBOL(memcpy_toio); void memset_io(volatile void __iomem *a, int b, size_t c) { - /* - * TODO: memset can mangle the IO patterns quite a bit. - * perhaps it would be better to use a dumb one: - */ - memset((void *)a, b, c); + if (cc_platform_has(CC_ATTR_GUEST_UNROLL_STRING_IO)) { + unrolled_memset_io(a, b, c); + } else { + /* + * TODO: memset can mangle the IO patterns quite a bit. + * perhaps it would be better to use a dumb one: + */ + memset((void *)a, b, c); + } } EXPORT_SYMBOL(memset_io); -- 2.35.1