Received: by 2002:ab2:3350:0:b0:1f4:6588:b3a7 with SMTP id o16csp1913013lqe; Tue, 9 Apr 2024 04:33:30 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCX7G3PLbEE42jQ5vrV3DmEcDDDrBTbET5exkr38ZX6PEZuZsiozCMbZIvovYRGnmNIE1ZjITVv30YBlPxm+AOcHbpL5vvvuR4PgPGUPNA== X-Google-Smtp-Source: AGHT+IGnBLayRmm+TOw3xLgVWE7Qm03AzgM9DA1RoLfm3ntUSoseGetBpVdprqHJlm1rgDdZ0sGQ X-Received: by 2002:a50:9f21:0:b0:56e:2abd:9d13 with SMTP id b30-20020a509f21000000b0056e2abd9d13mr9690504edf.7.1712662410676; Tue, 09 Apr 2024 04:33:30 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712662410; cv=pass; d=google.com; s=arc-20160816; b=zaxEl+EkIoqCr0PcvKHzbJMDM/D1p5aX4RMlAArUqLwIX8HjKxwDWCX4C0AqtpyEFY TQDY7edGzZFTa7TQa0y6rwrRe2GcoD3/faWnAJTLQxnq7TGWbaiODH3nU2H2R6iUpezR HKPRCoNZxVpj43IIFarKOEGR7h7o/xnKusvfSksR2FTsAjqeVgnIa9FJ8LEUIC1cPbLk BnPH+ghnSY+dIFqdZXuzCmd5t0RD6m0/VkH6cbvkImyQXql1jTqA07Dz+9c61AIjGBH1 4c4yJ4j5JYhqQDdHSDLGsxN8DDykoWAfwaYp06EexbUuuqDCq9Dh0reEHGz5D6pO+s4P pCZg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=hqG8e9JW1kYBLews/kg+HHFikpu8oG8YIuPwVE69Xeg=; fh=ocmdIymNp0g3ZgtAlUb6ObFMiRv3f+sdEppjYq8IlpE=; b=QeWnVku/QbU/ZzjuZ6ZYsDKQWOOqg27UJyD/tDZ0i0Cs8LDWTRu7Hf64wq3gBl6rdC A/vwXMt7CSZJk8gB8Q5fZ21xJYtgtqIkZRIcdt6/79dWZIRch30fvCdMfFRwxM8SDUmy 06uXrWyzVUpA+2w3UP1MwV1FXg2WZkBMx+2mpqwZmh6NJBOmAJ4iTldtrxg03bIMpqG8 pM3J02UJ8lt/nkLKkKL3hzzrOw7hZTOGbjgZ61z68nnOE21tFHVk8rjOqljathoeX8Ip 5l+S+tkN4N10Elxpe4wl9Wr48WBgjlsHEKKtiLYMZPF1QBdxZlFOQzVtkxzbznQCsGp/ wTSw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=DN+XHNXb; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-136760-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-136760-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id u22-20020a50d516000000b0056e1018b59esi4565929edi.106.2024.04.09.04.33.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Apr 2024 04:33:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-136760-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=DN+XHNXb; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-136760-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-136760-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 3D2FA1F22194 for ; Tue, 9 Apr 2024 11:32:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id DF60C12FF6C; Tue, 9 Apr 2024 11:30:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="DN+XHNXb" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BA74F12F363 for ; Tue, 9 Apr 2024 11:30:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.9 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712662235; cv=none; b=JIEmdXiIkvJZ2nSbdmEaUKnvgEe1bbB09IhyzrirPlEcbCq+JLVOGo9jLOMqEIFI82SVwF0+uhGIJcvJNBtGSq+qqIozplrcHVxFS2y/jEbHeDjjTizpR6wNGZpWVS4uR0iIIGWQhinUtqgc3sA765flx5cADQOzYdtrphGRFEM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712662235; c=relaxed/simple; bh=nTkqIKFbFNF7KIfvSjwb+TYQAkwBV6/1sk3/m2T/8JA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=m64+0dPHvPFHq5KpZOaetlhMGdWcwboNERVCEp/78LtNKLOORY7rs3ESHUg6nsdyeZ73epqnylL5qFBhGnCIb3ZrgExkuduxx34A+Ta/IIUI8YwTpl5rZUu5FLLZztSxXeZfxsv0dZtXg9aMPbImRk0hg9X5ouH4SFT9yRwp7IA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.helo=mgamail.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=DN+XHNXb; arc=none smtp.client-ip=198.175.65.9 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.helo=mgamail.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1712662234; x=1744198234; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=nTkqIKFbFNF7KIfvSjwb+TYQAkwBV6/1sk3/m2T/8JA=; b=DN+XHNXbSxhXQk/JUm1ptrqYwi15KP7JZmlXmZzK+ijgTFm/Kd9RhFFV hmNBKqJYZzp4xhtF6QuBvN2vrrwmxkxfBvVpeaRTwBL/2Pj1tA9Y1xLhl K+vtV+pS+iS3SfFQEswerQLgP/IQ/YKQQQERXtFKljCh7D25aTYUDKJW3 tfWisr+fo6OolQqS8VP+5Hcr7mWQZJeyfcpM3tIclByp+h2HjPTAzNkRn enjXlXxDKdZAZ9CFwGOwMV12EhvIrFY1cav4WSj78Qy+VE4Szm/Q2HD5n VDuq9+QrwimhljK8yc92OgaRKUj83pMaHO8yfaCFG9oxEYfPrY2gJAyYJ A==; X-CSE-ConnectionGUID: cGXj707XRYuev3T6rXpLlw== X-CSE-MsgGUID: 7W7xph+PSeS+bfDZdRxEPw== X-IronPort-AV: E=McAfee;i="6600,9927,11038"; a="30460432" X-IronPort-AV: E=Sophos;i="6.07,189,1708416000"; d="scan'208";a="30460432" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orvoesa101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Apr 2024 04:30:30 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,11038"; a="937093342" X-IronPort-AV: E=Sophos;i="6.07,189,1708416000"; d="scan'208";a="937093342" Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga001.fm.intel.com with ESMTP; 09 Apr 2024 04:30:24 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id DAE3DBC4; Tue, 9 Apr 2024 14:30:17 +0300 (EEST) From: "Kirill A. Shutemov" To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org Cc: "Rafael J. Wysocki" , Peter Zijlstra , Adrian Hunter , Kuppuswamy Sathyanarayanan , Elena Reshetova , Jun Nakajima , Rick Edgecombe , Tom Lendacky , "Kalra, Ashish" , Sean Christopherson , "Huang, Kai" , Baoquan He , kexec@lists.infradead.org, linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" , Nikolay Borisov , Tao Liu Subject: [PATCHv10 09/18] x86/mm: Adding callbacks to prepare encrypted memory for kexec Date: Tue, 9 Apr 2024 14:30:01 +0300 Message-ID: <20240409113010.465412-10-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240409113010.465412-1-kirill.shutemov@linux.intel.com> References: <20240409113010.465412-1-kirill.shutemov@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit AMD SEV and Intel TDX guests allocate shared buffers for performing I/O. This is done by allocating pages normally from the buddy allocator and then converting them to shared using set_memory_decrypted(). On kexec, the second kernel is unaware of which memory has been converted in this manner. It only sees E820_TYPE_RAM. Accessing shared memory as private is fatal. Therefore, the memory state must be reset to its original state before starting the new kernel with kexec. The process of converting shared memory back to private occurs in two steps: - enc_kexec_stop_conversion() stops new conversions. - enc_kexec_unshare_mem() unshares all existing shared memory, reverting it back to private. Signed-off-by: Kirill A. Shutemov Reviewed-by: Nikolay Borisov x Reviewed-by: Kai Huang Tested-by: Tao Liu --- arch/x86/include/asm/x86_init.h | 2 ++ arch/x86/kernel/crash.c | 6 ++++++ arch/x86/kernel/reboot.c | 12 ++++++++++++ arch/x86/kernel/x86_init.c | 4 ++++ 4 files changed, 24 insertions(+) diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h index 28ac3cb9b987..c731e6bc4343 100644 --- a/arch/x86/include/asm/x86_init.h +++ b/arch/x86/include/asm/x86_init.h @@ -155,6 +155,8 @@ struct x86_guest { int (*enc_status_change_finish)(unsigned long vaddr, int npages, bool enc); bool (*enc_tlb_flush_required)(bool enc); bool (*enc_cache_flush_required)(void); + void (*enc_kexec_stop_conversion)(bool crash); + void (*enc_kexec_unshare_mem)(void); }; /** diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c index e74d0c4286c1..7a1560d7e62d 100644 --- a/arch/x86/kernel/crash.c +++ b/arch/x86/kernel/crash.c @@ -128,6 +128,12 @@ void native_machine_crash_shutdown(struct pt_regs *regs) #ifdef CONFIG_HPET_TIMER hpet_disable(); #endif + + if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT)) { + x86_platform.guest.enc_kexec_stop_conversion(true); + x86_platform.guest.enc_kexec_unshare_mem(); + } + crash_save_cpu(regs, safe_smp_processor_id()); } diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c index f3130f762784..1ec478f40963 100644 --- a/arch/x86/kernel/reboot.c +++ b/arch/x86/kernel/reboot.c @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include @@ -716,6 +717,14 @@ static void native_machine_emergency_restart(void) void native_machine_shutdown(void) { + /* + * Call enc_kexec_stop_conversion() while all CPUs are still active and + * interrupts are enabled. This will allow all in-flight memory + * conversions to finish cleanly. + */ + if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT) && kexec_in_progress) + x86_platform.guest.enc_kexec_stop_conversion(false); + /* Stop the cpus and apics */ #ifdef CONFIG_X86_IO_APIC /* @@ -752,6 +761,9 @@ void native_machine_shutdown(void) #ifdef CONFIG_X86_64 x86_platform.iommu_shutdown(); #endif + + if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT) && kexec_in_progress) + x86_platform.guest.enc_kexec_unshare_mem(); } static void __machine_emergency_restart(int emergency) diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c index a7143bb7dd93..045ce1c70070 100644 --- a/arch/x86/kernel/x86_init.c +++ b/arch/x86/kernel/x86_init.c @@ -138,6 +138,8 @@ static int enc_status_change_prepare_noop(unsigned long vaddr, int npages, bool static int enc_status_change_finish_noop(unsigned long vaddr, int npages, bool enc) { return 0; } static bool enc_tlb_flush_required_noop(bool enc) { return false; } static bool enc_cache_flush_required_noop(void) { return false; } +static void enc_kexec_stop_conversion_noop(bool crash) {} +static void enc_kexec_unshare_mem_noop(void) {} static bool is_private_mmio_noop(u64 addr) {return false; } struct x86_platform_ops x86_platform __ro_after_init = { @@ -161,6 +163,8 @@ struct x86_platform_ops x86_platform __ro_after_init = { .enc_status_change_finish = enc_status_change_finish_noop, .enc_tlb_flush_required = enc_tlb_flush_required_noop, .enc_cache_flush_required = enc_cache_flush_required_noop, + .enc_kexec_stop_conversion = enc_kexec_stop_conversion_noop, + .enc_kexec_unshare_mem = enc_kexec_unshare_mem_noop, }, }; -- 2.43.0