Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp5031450rwd; Sun, 11 Jun 2023 21:34:19 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7mH5WPY1zwV2n2U36JSIPKB0ONhuaoWAF7grdZb7sKOV4ELhAOI89ZVXJSGnJ2By+1D36l X-Received: by 2002:a05:6a20:3d28:b0:117:2125:559d with SMTP id y40-20020a056a203d2800b001172125559dmr9962795pzi.4.1686544459075; Sun, 11 Jun 2023 21:34:19 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1686544459; cv=pass; d=google.com; s=arc-20160816; b=sOH0cYyh+IFrzj9jH7WV/VtxYH99llJ+Mzkm4Tf+yDzS9i0ckWPJWoEAlZP6K2o2d9 B6Ja8kKxCjGwHSx+MSyXGqw1hF7nrPEivUzvxi1Amq5H6+alYSwDxn3+QbyRADAR7MBm 2SKOpsABGDni3VOb+Hjw6CPlxp9M6I/OtY8h040LQeqUwv6z/xkXGSiqVWa5IZTdMC6e JQYSPpDNwP9UrSswqePbZ9dovaNHLTcvyNevmABmGtVk+oxxdNObWBsexGgp9XaUwKeu FGDC4kh/jEVCVzyvqHE3c7+wONKIrld0wnDtGde9afMsjxYZMdP/KrVi9rWHUlbXnHQ4 Z6sA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=7D8NSAImjaylny2njAump970VGru0JZBPQv/dh1rn8E=; b=beVF6C15e5JrXt+Q6kXBYgXgXMkHTTWiAjumqphB/j5nPsLkQy3IVaO2gtgpV+OGHa MSWATzXT9eAa/pVOpMkCB3m2fcL3Hom0+hL3MwDZnYN1ZMARPq9slguoDMrt1OBatF1d xiuiwVsf0Vr3dYQN5pP5dptJYuCHlnd9yNK0ua04CQVbMQztoYrg61Svzg2oYw9J2H8D I8u5IkWisdrU66dtXP65MrByF1uEI1sXkyg0tOKeEhwgelsEQFzY75dTFb2FqNlQZbKw rYnrrZxPJNZDCPjd9XzNF0RQy+YIUyGXT0kF2u0unh3sJxtSzRiwWMw9z6gGeGrXIAye Zegg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=JoK9PkOV; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x33-20020a634a21000000b005347fcb785bsi6142837pga.204.2023.06.11.21.34.06; Sun, 11 Jun 2023 21:34:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=JoK9PkOV; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234453AbjFLEbb (ORCPT + 99 others); Mon, 12 Jun 2023 00:31:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37968 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234562AbjFLEan (ORCPT ); Mon, 12 Jun 2023 00:30:43 -0400 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2043.outbound.protection.outlook.com [40.107.95.43]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3D82D1710; Sun, 11 Jun 2023 21:30:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UXD41z/c3O0mYE3WzOZNFDq7WyLwQv+14HXxsr02H0yiqvvDdRTUB1Mi/8sqzcZ8ju30iyGb4sDrGLm2tQ3X/lF6Z/r8vuyIYWhXMnNQHyUDdNQogWhIrKYxOT5hDwmnG3JQh9IfKr5Cy4IGUtMiutMnbvrKRJlPlOSlqcHRmAMVrVzDiNja4RJ8yLLUN4KpesAAGYCclxySXYxgbFDKOpdXT2kxaOzCATqZOGY6zTsjJ+1QeRdCxu6wyG9Y2BqSK4pAPlZ1vrCfzFKnkDUT9kdbkCRA2F9t2e8106ayZZiIYEf6YHhCj33gCwR3eOkPhRkSE7LpOZYSXSNWJY8ZKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7D8NSAImjaylny2njAump970VGru0JZBPQv/dh1rn8E=; b=ZX1hh/fhboNKRs5TqYY1dGwwusAdYsdWX5WovPrONiKJ13sS5GVEPxCzDaO2n+3x1PQ84+3A6f/1WbqHCVgIBk7v67qIB32ivv2LwuXtpb9g4cVrCIAVjwJkHipK+O2tX2YnIx9P3rM5YLdrALD/691INo+Z3fBVjNEtpSSizv2o1rVD49X3xczquSj/KO1CKlzbrhr4Jku0RL5NdD0g2iO2Hvj4oDpbA9ra+P8A3sezIrwcO+5Erp8UROThR+secv5MIe8NzyJw7JV8RDOiYVctlichb8lo9/A0pgdQSTQHOS8gTViC4R0FOu22YBOAGdycY+e2bkVXZu0kj9ZIgQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7D8NSAImjaylny2njAump970VGru0JZBPQv/dh1rn8E=; b=JoK9PkOVJ0xdPfgjKlQfz78T3IuWWYDntxT7O46V8Vvy3xsgJjFtlJ+07miyFT2nu7QDKTxBnS4k52DfxQghDowl1siPHzGu9/FckngwkZ+DYNFozEJuMVfDviuN1bmloX7jwp9+QDiVdRtKbFEnB50QQTXlGyKT2POxh4AByRU= Received: from DS7PR05CA0057.namprd05.prod.outlook.com (2603:10b6:8:2f::21) by BL1PR12MB5111.namprd12.prod.outlook.com (2603:10b6:208:31b::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6455.38; Mon, 12 Jun 2023 04:30:37 +0000 Received: from CY4PEPF0000E9D4.namprd03.prod.outlook.com (2603:10b6:8:2f:cafe::6e) by DS7PR05CA0057.outlook.office365.com (2603:10b6:8:2f::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6500.21 via Frontend Transport; Mon, 12 Jun 2023 04:30:36 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000E9D4.mail.protection.outlook.com (10.167.241.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6500.21 via Frontend Transport; Mon, 12 Jun 2023 04:30:36 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Sun, 11 Jun 2023 23:30:33 -0500 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh Subject: [PATCH RFC v9 15/51] x86/sev: Invalidate pages from the direct map when adding them to the RMP table Date: Sun, 11 Jun 2023 23:25:23 -0500 Message-ID: <20230612042559.375660-16-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230612042559.375660-1-michael.roth@amd.com> References: <20230612042559.375660-1-michael.roth@amd.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000E9D4:EE_|BL1PR12MB5111:EE_ X-MS-Office365-Filtering-Correlation-Id: 37be58db-3847-4dd0-0f9b-08db6afdc4cf X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: YVIwqOiaBzXW7N8vmS8g4n7UbapTkP9kys5RWUQR8eX2eA1zFtJ2DUr2Z0JEWW2GpI/4BtsHGyDxcunMADsodtx3ScrOtRiZxyHA4T1jzfgCptWlbuiLHhu30vfy0qdFbUCylMI808UkJ7sF5KFfNqqHJ0JS/bLpTGLIC2RgArSAI2Ozwk1mtmGgeIwya/VysDVSzgUGz8vvShV5WYEZ4PDSpJG9iux9Sh50eLX0deIe7qsJVNcth8FpHErD58gGExlMHO3VqJ1KhNLq4ahgBmYzYBPUVaHSBW3k1/0lwocYU/sYAtSbHxMdY8fu3GTf3Ri3Dq5j+CpcmTajO8jvQUduZj7D2k+DfZ2Yl3CN+UhkLHNpTQO49Gkw7vQcvsRmTZqadcgGxptFsrwBG9ZIIqpUsPe6I12x3THqVZCx9tDO3YC1JC22jTWZDZBcIW7OB1tOyz2iUiV3zOJ4N3qnZfiy+9NXKu4+VJ/f5ClEwnWc+t7dOba8ygs0xHF8CCApS9Z6xg0sMg+QJrBdEMJbcBb+r/4Bo0NuiGjRp0odrEXxrSe+9MGbmlMIMb32V/wXz5SNKlgW2nwILz++PJ2O8t5LQlkIE8Ow2M+DDjF026kR+3ZWWSQuxBllkmea55o9VdOd/a2DU0v8G3+T7/ZDm2OU1TopHnRe8A3F+iRtTF/+qlKsUdlmVLyQou5oWAfdz3j7A+1/A66afcjymifskBT29HnXBeyiLodoPAo/3i74d4QoHaadWrjCt+2LplDA7cnc9n9UgQZN4Dv5EjZlGw== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(396003)(376002)(39860400002)(346002)(136003)(451199021)(40470700004)(36840700001)(46966006)(5660300002)(7416002)(8936002)(8676002)(2906002)(70206006)(70586007)(7406005)(54906003)(44832011)(6666004)(4326008)(1076003)(26005)(316002)(6916009)(41300700001)(186003)(16526019)(36860700001)(356005)(82740400003)(336012)(426003)(47076005)(83380400001)(2616005)(40460700003)(478600001)(40480700001)(36756003)(86362001)(82310400005)(81166007)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jun 2023 04:30:36.2668 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 37be58db-3847-4dd0-0f9b-08db6afdc4cf X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000E9D4.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR12MB5111 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org From: Brijesh Singh The integrity guarantee of SEV-SNP is enforced through the RMP table. The RMP is used with standard x86 and IOMMU page tables to enforce memory restrictions and page access rights. The RMP check is enforced as soon as SEV-SNP is enabled globally in the system. When hardware encounters an RMP-check failure, it raises a page-fault exception. The rmp_make_private() and rmp_make_shared() helpers are used to add or remove the pages from the RMP table. Improve the rmp_make_private() to invalidate state so that pages cannot be used in the direct-map after they are added the RMP table, and restored to their default valid permission after the pages are removed from the RMP table. Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth --- arch/x86/coco/sev/host.c | 62 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/arch/x86/coco/sev/host.c b/arch/x86/coco/sev/host.c index 9df690b0b263..cd3b4c6a25bc 100644 --- a/arch/x86/coco/sev/host.c +++ b/arch/x86/coco/sev/host.c @@ -366,6 +366,42 @@ int psmash(u64 pfn) } EXPORT_SYMBOL_GPL(psmash); +static int restore_direct_map(u64 pfn, int npages) +{ + int i, ret = 0; + + for (i = 0; i < npages; i++) { + ret = set_direct_map_default_noflush(pfn_to_page(pfn + i)); + if (ret) + break; + } + + if (ret) + pr_warn("Failed to restore direct map for pfn 0x%llx, ret: %d\n", + pfn + i, ret); + + return ret; +} + +static int invalidate_direct_map(u64 pfn, int npages) +{ + int i, ret = 0; + + for (i = 0; i < npages; i++) { + ret = set_direct_map_invalid_noflush(pfn_to_page(pfn + i)); + if (ret) + break; + } + + if (ret) { + pr_warn("Failed to invalidate direct map for pfn 0x%llx, ret: %d\n", + pfn + i, ret); + restore_direct_map(pfn, i); + } + + return ret; +} + static int rmpupdate(u64 pfn, struct rmp_state *val) { unsigned long paddr = pfn << PAGE_SHIFT; @@ -375,6 +411,21 @@ static int rmpupdate(u64 pfn, struct rmp_state *val) if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) return -ENXIO; + level = RMP_TO_X86_PG_LEVEL(val->pagesize); + npages = page_level_size(level) / PAGE_SIZE; + + /* + * If page is getting assigned in the RMP table then unmap it from the + * direct map. + */ + if (val->assigned) { + if (invalidate_direct_map(pfn, npages)) { + pr_err("Failed to unmap %d pages at pfn 0x%llx from the direct_map\n", + npages, pfn); + return -EFAULT; + } + } + do { /* Binutils version 2.36 supports the RMPUPDATE mnemonic. */ asm volatile(".byte 0xF2, 0x0F, 0x01, 0xFE" @@ -393,6 +444,17 @@ static int rmpupdate(u64 pfn, struct rmp_state *val) return -EFAULT; } + /* + * Restore the direct map after the page is removed from the RMP table. + */ + if (!val->assigned) { + if (restore_direct_map(pfn, npages)) { + pr_err("Failed to map %d pages at pfn 0x%llx into the direct_map\n", + npages, pfn); + return -EFAULT; + } + } + return 0; } -- 2.25.1