From: Bharata B Rao <bharata@linux.ibm.com>
To: Ram Pai <linuxram@us.ibm.com>
Cc: rcampbell@nvidia.com, ldufour@linux.ibm.com,
cclaudio@linux.ibm.com, kvm-ppc@vger.kernel.org,
aneesh.kumar@linux.ibm.com, sukadev@linux.vnet.ibm.com,
linuxppc-dev@lists.ozlabs.org, bauerman@linux.ibm.com,
david@gibson.dropbear.id.au
Subject: Re: [PATCH v1 3/4] KVM: PPC: Book3S HV: migrate remaining normal-GFNs to secure-GFNs in H_SVM_INIT_D
Date: Thu, 04 Jun 2020 02:43:32 +0000 [thread overview]
Message-ID: <20200604023132.GC31382@in.ibm.com> (raw)
In-Reply-To: <20200603231025.GA5772@oc0525413822.ibm.com>
On Wed, Jun 03, 2020 at 04:10:25PM -0700, Ram Pai wrote:
> On Tue, Jun 02, 2020 at 03:36:39PM +0530, Bharata B Rao wrote:
> > On Mon, Jun 01, 2020 at 12:05:35PM -0700, Ram Pai wrote:
> > > On Mon, Jun 01, 2020 at 05:25:18PM +0530, Bharata B Rao wrote:
> > > > On Sat, May 30, 2020 at 07:27:50PM -0700, Ram Pai wrote:
> > > > > H_SVM_INIT_DONE incorrectly assumes that the Ultravisor has explicitly
> > > > > called H_SVM_PAGE_IN for all secure pages.
> > > >
> > > > I don't think that is quite true. HV doesn't assume anything about
> > > > secure pages by itself.
> > >
> > > Yes. Currently, it does not assume anything about secure pages. But I am
> > > proposing that it should consider all pages (except the shared pages) as
> > > secure pages, when H_SVM_INIT_DONE is called.
> >
> > Ok, then may be also add the proposed changes to H_SVM_INIT_DONE
> > documentation.
>
> ok.
>
> >
> > >
> > > In other words, HV should treat all pages; except shared pages, as
> > > secure pages once H_SVM_INIT_DONE is called. And this includes pages
> > > added subsequently through memory hotplug.
> >
> > So after H_SVM_INIT_DONE, if HV touches a secure page for any
> > reason and gets encrypted contents via page-out, HV drops the
> > device pfn at that time. So what state we would be in that case? We
> > have completed H_SVM_INIT_DONE, but still have a normal (but encrypted)
> > page in HV?
>
> Good point.
>
> The corresponding GFN will continue to be a secure GFN. Just that its
> backing PFN is not a device-PFN, but a memory-PFN. Also that backing
> memory-PFN contains encrypted content.
>
> I will clarify this in the patch; about secure-GFN state.
I feel all this is complicating the states in HV and is avoidable
if UV just issued page-in calls during memslot registration uvcall.
Regards,
Bharata.
WARNING: multiple messages have this Message-ID (diff)
From: Bharata B Rao <bharata@linux.ibm.com>
To: Ram Pai <linuxram@us.ibm.com>
Cc: rcampbell@nvidia.com, ldufour@linux.ibm.com,
cclaudio@linux.ibm.com, kvm-ppc@vger.kernel.org,
aneesh.kumar@linux.ibm.com, sukadev@linux.vnet.ibm.com,
linuxppc-dev@lists.ozlabs.org, bauerman@linux.ibm.com,
david@gibson.dropbear.id.au
Subject: Re: [PATCH v1 3/4] KVM: PPC: Book3S HV: migrate remaining normal-GFNs to secure-GFNs in H_SVM_INIT_DONE
Date: Thu, 4 Jun 2020 08:01:32 +0530 [thread overview]
Message-ID: <20200604023132.GC31382@in.ibm.com> (raw)
In-Reply-To: <20200603231025.GA5772@oc0525413822.ibm.com>
On Wed, Jun 03, 2020 at 04:10:25PM -0700, Ram Pai wrote:
> On Tue, Jun 02, 2020 at 03:36:39PM +0530, Bharata B Rao wrote:
> > On Mon, Jun 01, 2020 at 12:05:35PM -0700, Ram Pai wrote:
> > > On Mon, Jun 01, 2020 at 05:25:18PM +0530, Bharata B Rao wrote:
> > > > On Sat, May 30, 2020 at 07:27:50PM -0700, Ram Pai wrote:
> > > > > H_SVM_INIT_DONE incorrectly assumes that the Ultravisor has explicitly
> > > > > called H_SVM_PAGE_IN for all secure pages.
> > > >
> > > > I don't think that is quite true. HV doesn't assume anything about
> > > > secure pages by itself.
> > >
> > > Yes. Currently, it does not assume anything about secure pages. But I am
> > > proposing that it should consider all pages (except the shared pages) as
> > > secure pages, when H_SVM_INIT_DONE is called.
> >
> > Ok, then may be also add the proposed changes to H_SVM_INIT_DONE
> > documentation.
>
> ok.
>
> >
> > >
> > > In other words, HV should treat all pages; except shared pages, as
> > > secure pages once H_SVM_INIT_DONE is called. And this includes pages
> > > added subsequently through memory hotplug.
> >
> > So after H_SVM_INIT_DONE, if HV touches a secure page for any
> > reason and gets encrypted contents via page-out, HV drops the
> > device pfn at that time. So what state we would be in that case? We
> > have completed H_SVM_INIT_DONE, but still have a normal (but encrypted)
> > page in HV?
>
> Good point.
>
> The corresponding GFN will continue to be a secure GFN. Just that its
> backing PFN is not a device-PFN, but a memory-PFN. Also that backing
> memory-PFN contains encrypted content.
>
> I will clarify this in the patch; about secure-GFN state.
I feel all this is complicating the states in HV and is avoidable
if UV just issued page-in calls during memslot registration uvcall.
Regards,
Bharata.
next prev parent reply other threads:[~2020-06-04 2:43 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-31 2:27 [PATCH v1 0/4] Migrate non-migrated pages of a SVM Ram Pai
2020-05-31 2:27 ` Ram Pai
2020-05-31 2:27 ` [PATCH v1 1/4] KVM: PPC: Book3S HV: Fix function definition in book3s_hv_uvmem.c Ram Pai
2020-05-31 2:27 ` Ram Pai
2020-05-31 2:27 ` [PATCH v1 2/4] KVM: PPC: Book3S HV: track shared GFNs of secure VMs Ram Pai
2020-05-31 2:27 ` Ram Pai
2020-06-01 4:12 ` kbuild test robot
2020-06-01 4:12 ` kbuild test robot
2020-06-01 4:12 ` kbuild test robot
2020-06-05 9:48 ` Laurent Dufour
2020-06-05 9:48 ` Laurent Dufour
2020-06-05 14:38 ` Ram Pai
2020-06-05 14:38 ` Ram Pai
2020-05-31 2:27 ` [PATCH v1 3/4] KVM: PPC: Book3S HV: migrate remaining normal-GFNs to secure-GFNs in H_SVM_INIT_DONE Ram Pai
2020-05-31 2:27 ` Ram Pai
2020-06-01 11:55 ` Bharata B Rao
2020-06-01 11:55 ` [PATCH v1 3/4] KVM: PPC: Book3S HV: migrate remaining normal-GFNs to secure-GFNs in H_SVM_INIT_D Bharata B Rao
2020-06-01 19:05 ` Ram Pai
2020-06-01 19:05 ` [PATCH v1 3/4] KVM: PPC: Book3S HV: migrate remaining normal-GFNs to secure-GFNs in H_SVM_INIT_DONE Ram Pai
2020-06-02 10:06 ` Bharata B Rao
2020-06-02 10:18 ` [PATCH v1 3/4] KVM: PPC: Book3S HV: migrate remaining normal-GFNs to secure-GFNs in H_SVM_INIT_D Bharata B Rao
2020-06-03 23:10 ` Ram Pai
2020-06-03 23:10 ` [PATCH v1 3/4] KVM: PPC: Book3S HV: migrate remaining normal-GFNs to secure-GFNs in H_SVM_INIT_DONE Ram Pai
2020-06-04 2:31 ` Bharata B Rao [this message]
2020-06-04 2:43 ` [PATCH v1 3/4] KVM: PPC: Book3S HV: migrate remaining normal-GFNs to secure-GFNs in H_SVM_INIT_D Bharata B Rao
2020-05-31 2:27 ` [PATCH v1 4/4] KVM: PPC: Book3S HV: migrate hot plugged memory Ram Pai
2020-05-31 2:27 ` Ram Pai
2020-06-01 4:35 ` kbuild test robot
2020-06-01 4:35 ` kbuild test robot
2020-06-01 4:35 ` kbuild test robot
2020-06-01 4:45 ` kbuild test robot
2020-06-01 4:45 ` kbuild test robot
2020-06-01 4:45 ` kbuild test robot
2020-06-02 8:31 ` Laurent Dufour
2020-06-02 8:31 ` Laurent Dufour
2020-06-03 13:25 ` Ram Pai
2020-06-03 13:25 ` Ram Pai
2020-06-15 17:00 ` Laurent Dufour
2020-06-15 17:00 ` Laurent Dufour
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200604023132.GC31382@in.ibm.com \
--to=bharata@linux.ibm.com \
--cc=aneesh.kumar@linux.ibm.com \
--cc=bauerman@linux.ibm.com \
--cc=cclaudio@linux.ibm.com \
--cc=david@gibson.dropbear.id.au \
--cc=kvm-ppc@vger.kernel.org \
--cc=ldufour@linux.ibm.com \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=linuxram@us.ibm.com \
--cc=rcampbell@nvidia.com \
--cc=sukadev@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.