Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp5590579rwb; Wed, 9 Aug 2023 06:32:57 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGcobFqXWPIqr2VOuKHh2eIVWPyosEuBX2o5Fqe3eKdh1QXLD0Oz+a1x8EBMaX74MZjYwS4 X-Received: by 2002:a17:907:7614:b0:993:d5bd:a757 with SMTP id jx20-20020a170907761400b00993d5bda757mr2023694ejc.19.1691587977328; Wed, 09 Aug 2023 06:32:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691587977; cv=none; d=google.com; s=arc-20160816; b=U0yS5umdgBAb0LWUSX21uaJosVB2SgfYkdVS5cUApt2s3fIXUtL1WGJAhvGKD+NOTH 6YOD4LgoGbRFI8Xm3Iv/a5gPMNWaIkoGD2XUOCckbl+71dF28EXXme6evnfgN+vFt5/A MwZQTGWZzIKMa4AhDTOYJBQKgKXoTOmO7D+N+RGbhgOVYhhhSUK6WWnJZlKprCdXhMVk 3rpqMALUTFuzuqTwN8u7cLktHrpWi1uQ9vHVcEaA+6agQMUfp1hKwPRzcLXgJug7u8YS W1v1FBuJ5sxxuSTr29CfM/QceKHaSGCB7dNQ8Rr8wFyhLWdQf6QKFpAlgYP/XtBV/PpU T/uA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature:dkim-filter; bh=G0gxRN5QnxTLEOIdIvEe864KwskWfmwxWJZYwvjDSlo=; fh=Pw5NjKoluy88Wn+3u4n/+uuIBMdwOVgy5M0S6vWvoW0=; b=XVsAftL78u543jZ76wE+Vh/u5U+WQK4rWvic/t9h5QNRs+Eiyvgtj98TrvtOwxadkI tDWIKH88Z1rJW4h3nhQEDteLyERD0o6GDUYebZN3gsbCvvhUosMr0V1A0kUB6zHCyrOg WGe2rYeLluCw+/hVxbymied3EVVZtI1hCIi+InRjIKuvG2BpS3fNp8Bgmd8655YCby6P Gjr7wqVKnT3+SZ7mV7Tx+dDa9s+XQ6nyuCBJiWnh1CIC4tihDNVEQFFWijrsXvBe+iSD 3pRywBKhuLWoM/DUv63U3D3NuRv15ZxpU5j9XS6ulYxbpi4CDxRzLdESTz2qCo/AylrP 9LYg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=JvqfUwlr; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c25-20020a170906529900b0099ce38da75csi3866628ejm.1002.2023.08.09.06.32.33; Wed, 09 Aug 2023 06:32:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=JvqfUwlr; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229861AbjHIMqc (ORCPT + 99 others); Wed, 9 Aug 2023 08:46:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43010 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229549AbjHIMqc (ORCPT ); Wed, 9 Aug 2023 08:46:32 -0400 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 83F2F19A1; Wed, 9 Aug 2023 05:46:31 -0700 (PDT) Received: by linux.microsoft.com (Postfix, from userid 1112) id D6FD120FC3FE; Wed, 9 Aug 2023 05:46:30 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com D6FD120FC3FE DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1691585190; bh=G0gxRN5QnxTLEOIdIvEe864KwskWfmwxWJZYwvjDSlo=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=JvqfUwlrN8SFoQZfvoGT5ol8Tmiz9HmGGUsXNPJy28y9tdBKDtRIpIkaO0RTgvnGy me82/2JlMkKOJ8nouwy+b6PR8sxGfLnSMkNPCxFctzUFbnJb3MMLT5naT+6xEjxA9q sQa3F9+OJGboaWVu/aYlKhbXeWKFEEG9axlkdoYo= Date: Wed, 9 Aug 2023 05:46:30 -0700 From: Jeremi Piotrowski To: Michael Roth Cc: kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, seanjc@google.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, dgilbert@redhat.com, jarkko@kernel.org, ashish.kalra@amd.com, nikunj.dadhania@amd.com, liam.merwick@oracle.com, zhi.a.wang@intel.com Subject: Re: [PATCH RFC v9 19/51] x86/sev: Introduce snp leaked pages list Message-ID: <20230809124630.GA11150@linuxonhyperv3.guj3yctzbm1etfxqx2vob5hsef.xx.internal.cloudapp.net> References: <20230612042559.375660-1-michael.roth@amd.com> <20230612042559.375660-20-michael.roth@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230612042559.375660-20-michael.roth@amd.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Status: No, score=-19.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_MED, SPF_HELO_PASS,SPF_PASS,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Sun, Jun 11, 2023 at 11:25:27PM -0500, Michael Roth wrote: > From: Ashish Kalra > > Pages are unsafe to be released back to the page-allocator, if they > have been transitioned to firmware/guest state and can't be reclaimed > or transitioned back to hypervisor/shared state. In this case add > them to an internal leaked pages list to ensure that they are not freed > or touched/accessed to cause fatal page faults. > > Signed-off-by: Ashish Kalra > [mdr: relocate to arch/x86/coco/sev/host.c] > Signed-off-by: Michael Roth > --- > arch/x86/coco/sev/host.c | 28 ++++++++++++++++++++++++++++ > arch/x86/include/asm/sev-host.h | 3 +++ > 2 files changed, 31 insertions(+) > > diff --git a/arch/x86/coco/sev/host.c b/arch/x86/coco/sev/host.c > index cd3b4c6a25bc..373e91f5a337 100644 > --- a/arch/x86/coco/sev/host.c > +++ b/arch/x86/coco/sev/host.c > @@ -64,6 +64,12 @@ struct rmpentry { > static unsigned long rmptable_start __ro_after_init; > static unsigned long rmptable_end __ro_after_init; > > +/* list of pages which are leaked and cannot be reclaimed */ > +static LIST_HEAD(snp_leaked_pages_list); > +static DEFINE_SPINLOCK(snp_leaked_pages_list_lock); > + > +static atomic_long_t snp_nr_leaked_pages = ATOMIC_LONG_INIT(0); > + > #undef pr_fmt > #define pr_fmt(fmt) "SEV-SNP: " fmt > > @@ -494,3 +500,25 @@ int rmp_make_shared(u64 pfn, enum pg_level level) > return rmpupdate(pfn, &val); > } > EXPORT_SYMBOL_GPL(rmp_make_shared); > + > +void snp_leak_pages(unsigned long pfn, unsigned int npages) > +{ > + struct page *page = pfn_to_page(pfn); > + > + WARN(1, "psc failed, pfn 0x%lx pages %d (marked offline)\n", pfn, npages); > + > + spin_lock(&snp_leaked_pages_list_lock); > + while (npages--) { > + /* > + * Reuse the page's buddy list for chaining into the leaked > + * pages list. This page should not be on a free list currently > + * and is also unsafe to be added to a free list. > + */ > + list_add_tail(&page->buddy_list, &snp_leaked_pages_list); > + sev_dump_rmpentry(pfn); > + pfn++; > + } > + spin_unlock(&snp_leaked_pages_list_lock); > + atomic_long_inc(&snp_nr_leaked_pages); > +} > +EXPORT_SYMBOL_GPL(snp_leak_pages); > diff --git a/arch/x86/include/asm/sev-host.h b/arch/x86/include/asm/sev-host.h > index 753e80d16433..bab3b226777a 100644 > --- a/arch/x86/include/asm/sev-host.h > +++ b/arch/x86/include/asm/sev-host.h > @@ -19,6 +19,8 @@ void sev_dump_rmpentry(u64 pfn); > int psmash(u64 pfn); > int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, int asid, bool immutable); > int rmp_make_shared(u64 pfn, enum pg_level level); > +void snp_leak_pages(unsigned long pfn, unsigned int npages); > + > #else > static inline int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level) { return 0; } > static inline void sev_dump_rmpentry(u64 pfn) {} > @@ -29,6 +31,7 @@ static inline int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, int as > return -ENODEV; > } > static inline int rmp_make_shared(u64 pfn, enum pg_level level) { return -ENODEV; } > +void snp_leak_pages(unsigned long pfn, unsigned int npages) {} This needs to be 'static inline' or the build fails with multiple definition errors. I'm building a guest kernel with CONFIG_KVM_AMD_SEV disabled. Jeremi > #endif > > #endif > -- > 2.25.1 >