Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp1362090pxb; Fri, 24 Sep 2021 02:51:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwpWKtan0OX1cqJ6WziDmk9Ycr6ww9SVj2AIqzdPhhZqQasin6XjjV9pyd1jxIL/QRRnDYj X-Received: by 2002:a50:dac2:: with SMTP id s2mr3950654edj.141.1632477095914; Fri, 24 Sep 2021 02:51:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632477095; cv=none; d=google.com; s=arc-20160816; b=x3xp45kKIYaO9+A9t91lY/3tMRP3s2k4dm1PX5y9HtZMtytf1apZbNOM3j1nOoQ0v1 rkwi9wktqt4PnxxOvvb2t76c/9AZ0H3SDonqQN0uVxJRhPy9hJgcoLYdwxGuUC326V91 3kOX5U2UdeU2973GRRxa4rN0o/P6dOPACWPgMvLVuS5O2ROsB/GKbAWBtHk+EageoyMB aIGMHF0n94T438gkSq/okAnXAYKycaoWFs/W8n+G2j7USW6ECA9ZGHoMWysrnLRFkMN7 gfun7dBqvnS2YBVq/jK3ob2kiw7tuE065etYw1tBITGzKemBpvEQOentufuDxImjiKFM sEeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=BUpgk3dKEy8b32WZnzp1rzB730dZntv9H5UAz8bOGWk=; b=p5LAtyIvlOwYZ2AtK1CUUX6ed1ypxn3gAqNJ9DoJydwl5BjqNDSxS0GqbS8+ZZX75C uyYSpC/PAnc5/4cshBFWOX3SIykzaOvjb5ECx7CD14O8i13oa1TFJ6WXo2EzeOnevnDY JSZ3IViL/MxJtp3wgZIMwV09v8VUguMP8D6/0pCP9CdpVSRlUJhmvIzXO10elFMqEzu0 v0hta2uECBGgnb5X9Xhfq3yQ1iIDpXnZL5Qpj++HwYgqwFUlrcllhaca1gsHoGpdVc2s oSrYmtfTUyNh4o9AMdlQg7JCG6BDj7XD19dE5KqGuJ5SGFFJloe6iBmZk8i0csRwNRP5 m03Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b="lBrUymj/"; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f6si8495193ejl.695.2021.09.24.02.51.03; Fri, 24 Sep 2021 02:51:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b="lBrUymj/"; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245376AbhIXJvh (ORCPT + 99 others); Fri, 24 Sep 2021 05:51:37 -0400 Received: from mail.skyhub.de ([5.9.137.197]:56210 "EHLO mail.skyhub.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245340AbhIXJvh (ORCPT ); Fri, 24 Sep 2021 05:51:37 -0400 Received: from zn.tnic (p200300ec2f0dd600d43e805889b23e24.dip0.t-ipconnect.de [IPv6:2003:ec:2f0d:d600:d43e:8058:89b2:3e24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 7CF6F1EC0545; Fri, 24 Sep 2021 11:49:58 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1632476998; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=BUpgk3dKEy8b32WZnzp1rzB730dZntv9H5UAz8bOGWk=; b=lBrUymj/1QmZ4FQNJqYn/gxECEVEdHAREMp+ape5AjP0I4nJev+JIBIrOD29llxaI00Fe2 P14LnS7io2ZUdJ2JtgJTB2P4u9GLS4VrR09dA9mKUHmwTDVTTtQQMzpkB/jRIc6iuVq8/S HyIw7qYuftFTRUW4mi2RTSTAobe14Do= Date: Fri, 24 Sep 2021 11:49:52 +0200 From: Borislav Petkov To: Brijesh Singh Cc: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com Subject: Re: [PATCH Part2 v5 04/45] x86/sev: Add RMP entry lookup helpers Message-ID: References: <20210820155918.7518-1-brijesh.singh@amd.com> <20210820155918.7518-5-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20210820155918.7518-5-brijesh.singh@amd.com> Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Fri, Aug 20, 2021 at 10:58:37AM -0500, Brijesh Singh wrote: > +struct __packed rmpentry { > + union { > + struct { > + u64 assigned : 1, > + pagesize : 1, > + immutable : 1, > + rsvd1 : 9, > + gpa : 39, > + asid : 10, > + vmsa : 1, > + validated : 1, > + rsvd2 : 1; > + } info; > + u64 low; > + }; > + u64 high; > +}; __packed goes at the end of the struct definition. > + > +#define rmpentry_assigned(x) ((x)->info.assigned) > +#define rmpentry_pagesize(x) ((x)->info.pagesize) Inline functions pls so that you can get typechecking too. > > #define RMPADJUST_VMSA_PAGE_BIT BIT(16) > > diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c > index 7936c8139c74..f383d2a89263 100644 > --- a/arch/x86/kernel/sev.c > +++ b/arch/x86/kernel/sev.c > @@ -54,6 +54,8 @@ > * bookkeeping, the range need to be added during the RMP entry lookup. > */ > #define RMPTABLE_CPU_BOOKKEEPING_SZ 0x4000 > +#define RMPENTRY_SHIFT 8 > +#define rmptable_page_offset(x) (RMPTABLE_CPU_BOOKKEEPING_SZ + (((unsigned long)x) >> RMPENTRY_SHIFT)) > > /* For early boot hypervisor communication in SEV-ES enabled guests */ > static struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE); > @@ -2376,3 +2378,44 @@ static int __init snp_rmptable_init(void) > * available after subsys_initcall(). > */ > fs_initcall(snp_rmptable_init); > + > +static struct rmpentry *__snp_lookup_rmpentry(u64 pfn, int *level) > +{ > + unsigned long vaddr, paddr = pfn << PAGE_SHIFT; > + struct rmpentry *entry, *large_entry; > + > + if (!pfn_valid(pfn)) > + return ERR_PTR(-EINVAL); > + > + if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) > + return ERR_PTR(-ENXIO); I think that check should happen first. > + > + vaddr = rmptable_start + rmptable_page_offset(paddr); > + if (unlikely(vaddr > rmptable_end)) > + return ERR_PTR(-ENXIO); Maybe the above -E should be -ENOENT instead so that you have unique error types for each check to facilitate debugging. > + > + entry = (struct rmpentry *)vaddr; > + > + /* Read a large RMP entry to get the correct page level used in RMP entry. */ That comment needs rewriting. > + vaddr = rmptable_start + rmptable_page_offset(paddr & PMD_MASK); > + large_entry = (struct rmpentry *)vaddr; > + *level = RMP_TO_X86_PG_LEVEL(rmpentry_pagesize(large_entry)); > + > + return entry; > +} > + > +/* > + * Return 1 if the RMP entry is assigned, 0 if it exists but is not assigned, > + * and -errno if there is no corresponding RMP entry. > + */ kernel-doc format since it is being exported. > +int snp_lookup_rmpentry(u64 pfn, int *level) > +{ > + struct rmpentry *e; > + > + e = __snp_lookup_rmpentry(pfn, level); > + if (IS_ERR(e)) > + return PTR_ERR(e); > + > + return !!rmpentry_assigned(e); > +} > +EXPORT_SYMBOL_GPL(snp_lookup_rmpentry); This export is for kvm, I presume? > diff --git a/include/linux/sev.h b/include/linux/sev.h > new file mode 100644 > index 000000000000..1a68842789e1 > --- /dev/null > +++ b/include/linux/sev.h > @@ -0,0 +1,30 @@ > +/* SPDX-License-Identifier: GPL-2.0 */ > +/* > + * AMD Secure Encrypted Virtualization > + * > + * Author: Brijesh Singh > + */ > + > +#ifndef __LINUX_SEV_H > +#define __LINUX_SEV_H > + > +/* RMUPDATE detected 4K page and 2MB page overlap. */ > +#define RMPUPDATE_FAIL_OVERLAP 7 > + > +#ifdef CONFIG_AMD_MEM_ENCRYPT > +int snp_lookup_rmpentry(u64 pfn, int *level); > +int psmash(u64 pfn); > +int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, int asid, bool immutable); > +int rmp_make_shared(u64 pfn, enum pg_level level); > +#else > +static inline int snp_lookup_rmpentry(u64 pfn, int *level) { return 0; } > +static inline int psmash(u64 pfn) { return -ENXIO; } > +static inline int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, int asid, > + bool immutable) > +{ > + return -ENODEV; > +} > +static inline int rmp_make_shared(u64 pfn, enum pg_level level) { return -ENODEV; } > + > +#endif /* CONFIG_AMD_MEM_ENCRYPT */ > +#endif /* __LINUX_SEV_H */ > -- What is going to use this linux/ namespace header? -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette