From: Borislav Petkov <bp@alien8.de>
To: Brijesh Singh <brijesh.singh@amd.com>,
"Kirill A . Shutemov" <kirill@shutemov.name>
Cc: x86@kernel.org, linux-kernel@vger.kernel.org,
kvm@vger.kernel.org, linux-efi@vger.kernel.org,
platform-driver-x86@vger.kernel.org, linux-coco@lists.linux.dev,
linux-mm@kvack.org, Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Joerg Roedel <jroedel@suse.de>,
Tom Lendacky <thomas.lendacky@amd.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Ard Biesheuvel <ardb@kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Sean Christopherson <seanjc@google.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Jim Mattson <jmattson@google.com>,
Andy Lutomirski <luto@kernel.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
Sergio Lopez <slp@redhat.com>, Peter Gonda <pgonda@google.com>,
Peter Zijlstra <peterz@infradead.org>,
Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>,
David Rientjes <rientjes@google.com>,
Dov Murik <dovmurik@linux.ibm.com>,
Tobin Feldman-Fitzthum <tobin@ibm.com>,
Michael Roth <michael.roth@amd.com>,
Vlastimil Babka <vbabka@suse.cz>, Andi Kleen <ak@linux.intel.com>,
"Dr . David Alan Gilbert" <dgilbert@redhat.com>,
brijesh.ksingh@gmail.com, tony.luck@intel.com,
marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com
Subject: Re: [PATCH v10 21/45] x86/mm: Add support to validate memory when changing C-bit
Date: Wed, 16 Feb 2022 14:32:34 +0100 [thread overview]
Message-ID: <Ygz88uacbwuTTNat@zn.tnic> (raw)
In-Reply-To: <YgZ427v95xcdOKSC@zn.tnic>
On Fri, Feb 11, 2022 at 03:55:23PM +0100, Borislav Petkov wrote:
> Also, I think adding required functions to x86_platform.guest. is a very
> nice way to solve the ugly if (guest_type) querying all over the place.
So I guess something like below. It builds here...
---
arch/x86/include/asm/set_memory.h | 1 -
arch/x86/include/asm/sev.h | 2 ++
arch/x86/include/asm/x86_init.h | 12 ++++++++++++
arch/x86/kernel/sev.c | 2 ++
arch/x86/mm/mem_encrypt_amd.c | 6 +++---
arch/x86/mm/pat/set_memory.c | 2 +-
6 files changed, 20 insertions(+), 5 deletions(-)
diff --git a/arch/x86/include/asm/set_memory.h b/arch/x86/include/asm/set_memory.h
index ff0f2d90338a..ce8dd215f5b3 100644
--- a/arch/x86/include/asm/set_memory.h
+++ b/arch/x86/include/asm/set_memory.h
@@ -84,7 +84,6 @@ int set_pages_rw(struct page *page, int numpages);
int set_direct_map_invalid_noflush(struct page *page);
int set_direct_map_default_noflush(struct page *page);
bool kernel_page_present(struct page *page);
-void notify_range_enc_status_changed(unsigned long vaddr, int npages, bool enc);
extern int kernel_set_to_readonly;
diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
index ec060c433589..2435b0ca6cfc 100644
--- a/arch/x86/include/asm/sev.h
+++ b/arch/x86/include/asm/sev.h
@@ -95,4 +95,6 @@ static inline void sev_es_nmi_complete(void) { }
static inline int sev_es_efi_map_ghcbs(pgd_t *pgd) { return 0; }
#endif
+void amd_notify_range_enc_status_changed(unsigned long vaddr, int npages, bool enc);
+
#endif
diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h
index 22b7412c08f6..226663e2d769 100644
--- a/arch/x86/include/asm/x86_init.h
+++ b/arch/x86/include/asm/x86_init.h
@@ -141,6 +141,17 @@ struct x86_init_acpi {
void (*reduced_hw_early_init)(void);
};
+/**
+ * struct x86_guest - Functions used by misc guest incarnations like SEV, TDX,
+ * etc.
+ *
+ * @enc_status_change Notify HV about change of encryption status of a
+ * range of pages
+ */
+struct x86_guest {
+ void (*enc_status_change)(unsigned long vaddr, int npages, bool enc);
+};
+
/**
* struct x86_init_ops - functions for platform specific setup
*
@@ -287,6 +298,7 @@ struct x86_platform_ops {
struct x86_legacy_features legacy;
void (*set_legacy_features)(void);
struct x86_hyper_runtime hyper;
+ struct x86_guest guest;
};
struct x86_apic_ops {
diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c
index e6d316a01fdd..e645e868a49b 100644
--- a/arch/x86/kernel/sev.c
+++ b/arch/x86/kernel/sev.c
@@ -766,6 +766,8 @@ void __init sev_es_init_vc_handling(void)
if (!sev_es_check_cpu_features())
panic("SEV-ES CPU Features missing");
+ x86_platform.guest.enc_status_change = amd_notify_range_enc_status_changed;
+
/* Enable SEV-ES special handling */
static_branch_enable(&sev_es_enable_key);
diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c
index 2b2d018ea345..7038a9f7ae55 100644
--- a/arch/x86/mm/mem_encrypt_amd.c
+++ b/arch/x86/mm/mem_encrypt_amd.c
@@ -256,7 +256,7 @@ static unsigned long pg_level_to_pfn(int level, pte_t *kpte, pgprot_t *ret_prot)
return pfn;
}
-void notify_range_enc_status_changed(unsigned long vaddr, int npages, bool enc)
+void amd_notify_range_enc_status_changed(unsigned long vaddr, int npages, bool enc)
{
#ifdef CONFIG_PARAVIRT
unsigned long sz = npages << PAGE_SHIFT;
@@ -392,7 +392,7 @@ static int __init early_set_memory_enc_dec(unsigned long vaddr,
ret = 0;
- notify_range_enc_status_changed(start, PAGE_ALIGN(size) >> PAGE_SHIFT, enc);
+ amd_notify_range_enc_status_changed(start, PAGE_ALIGN(size) >> PAGE_SHIFT, enc);
out:
__flush_tlb_all();
return ret;
@@ -410,7 +410,7 @@ int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size)
void __init early_set_mem_enc_dec_hypercall(unsigned long vaddr, int npages, bool enc)
{
- notify_range_enc_status_changed(vaddr, npages, enc);
+ amd_notify_range_enc_status_changed(vaddr, npages, enc);
}
void __init mem_encrypt_free_decrypted_mem(void)
diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c
index b4072115c8ef..0acc52a3a5b7 100644
--- a/arch/x86/mm/pat/set_memory.c
+++ b/arch/x86/mm/pat/set_memory.c
@@ -2027,7 +2027,7 @@ static int __set_memory_enc_pgtable(unsigned long addr, int numpages, bool enc)
* Notify hypervisor that a given memory range is mapped encrypted
* or decrypted.
*/
- notify_range_enc_status_changed(addr, numpages, enc);
+ x86_platform.guest.enc_status_change(addr, numpages, enc);
return ret;
}
--
2.29.2
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
next prev parent reply other threads:[~2022-02-16 13:32 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-09 18:09 [PATCH v10 00/45] Add AMD Secure Nested Paging (SEV-SNP) Guest Support Brijesh Singh
2022-02-09 18:09 ` [PATCH v10 01/45] KVM: SVM: Define sev_features and vmpl field in the VMSA Brijesh Singh
2022-02-09 18:09 ` [PATCH v10 02/45] KVM: SVM: Create a separate mapping for the SEV-ES save area Brijesh Singh
2022-02-09 18:09 ` [PATCH v10 03/45] KVM: SVM: Create a separate mapping for the GHCB " Brijesh Singh
2022-02-09 18:09 ` [PATCH v10 04/45] KVM: SVM: Update the SEV-ES save area mapping Brijesh Singh
2022-02-09 18:09 ` [PATCH v10 05/45] x86/boot: Introduce helpers for MSR reads/writes Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 06/45] x86/boot: Use MSR read/write helpers instead of inline assembly Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 07/45] x86/compressed/64: Detect/setup SEV/SME features earlier in boot Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 08/45] x86/sev: " Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 09/45] x86/mm: Extend cc_attr to include AMD SEV-SNP Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 10/45] x86/sev: Define the Linux specific guest termination reasons Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 11/45] x86/sev: Save the negotiated GHCB version Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 12/45] x86/sev: Check SEV-SNP features support Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 13/45] x86/sev: Add a helper for the PVALIDATE instruction Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 14/45] x86/sev: Check the vmpl level Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 15/45] x86/compressed: Add helper for validating pages in the decompression stage Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 16/45] x86/compressed: Register GHCB memory when SEV-SNP is active Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 17/45] x86/sev: " Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 18/45] x86/sev: Add helper for validating pages in early enc attribute changes Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 19/45] x86/kernel: Make the .bss..decrypted section shared in RMP table Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 20/45] x86/kernel: Validate ROM memory before accessing when SEV-SNP is active Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 21/45] x86/mm: Add support to validate memory when changing C-bit Brijesh Singh
2022-02-10 16:48 ` Borislav Petkov
2022-02-11 14:55 ` Borislav Petkov
2022-02-11 17:27 ` Brijesh Singh
2022-02-13 12:15 ` Borislav Petkov
2022-02-13 14:50 ` Tom Lendacky
2022-02-13 17:21 ` Borislav Petkov
2022-02-15 12:43 ` Kirill A. Shutemov
2022-02-15 12:54 ` Borislav Petkov
2022-02-15 13:15 ` Kirill A. Shutemov
2022-02-15 14:41 ` Borislav Petkov
2022-02-16 13:32 ` Borislav Petkov [this message]
2022-02-09 18:10 ` [PATCH v10 22/45] x86/sev: Use SEV-SNP AP creation to start secondary CPUs Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 23/45] x86/head/64: Re-enable stack protection Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 24/45] x86/compressed/acpi: Move EFI detection to helper Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 25/45] x86/compressed/acpi: Move EFI system table lookup " Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 26/45] x86/compressed/acpi: Move EFI config " Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 27/45] x86/compressed/acpi: Move EFI vendor " Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 28/45] x86/compressed/acpi: Move EFI kexec handling into common code Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 29/45] x86/boot: Add Confidential Computing type to setup_data Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 30/45] KVM: x86: Move lookup of indexed CPUID leafs to helper Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 31/45] x86/sev: Move MSR-based VMGEXITs for CPUID " Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 32/45] x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 33/45] x86/boot: Add a pointer to Confidential Computing blob in bootparams Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 34/45] x86/compressed: Add SEV-SNP feature detection/setup Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 35/45] x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 36/45] x86/compressed: Export and rename add_identity_map() Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 37/45] x86/compressed/64: Add identity mapping for Confidential Computing blob Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 38/45] x86/sev: Add SEV-SNP feature detection/setup Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 39/45] x86/sev: Use firmware-validated CPUID for SEV-SNP guests Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 40/45] x86/sev: Provide support for SNP guest request NAEs Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 41/45] x86/sev: Register SEV-SNP guest request platform device Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 42/45] virt: Add SEV-SNP guest driver Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 43/45] virt: sevguest: Add support to derive key Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 44/45] virt: sevguest: Add support to get extended report Brijesh Singh
2022-02-09 18:10 ` [PATCH v10 45/45] virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement Brijesh Singh
[not found] <Ygz88uacbwuTTNat@zn.tnic.mbx>
2022-02-16 16:04 ` [PATCH v10 21/45] x86/mm: Add support to validate memory when changing C-bit Brijesh Singh
2022-02-21 17:41 ` Kirill A. Shutemov
2022-02-21 18:06 ` Borislav Petkov
2022-02-21 19:54 ` Brijesh Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Ygz88uacbwuTTNat@zn.tnic \
--to=bp@alien8.de \
--cc=ak@linux.intel.com \
--cc=ardb@kernel.org \
--cc=brijesh.ksingh@gmail.com \
--cc=brijesh.singh@amd.com \
--cc=dave.hansen@linux.intel.com \
--cc=dgilbert@redhat.com \
--cc=dovmurik@linux.ibm.com \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=jroedel@suse.de \
--cc=kirill@shutemov.name \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=marcorr@google.com \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=pgonda@google.com \
--cc=platform-driver-x86@vger.kernel.org \
--cc=rientjes@google.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=seanjc@google.com \
--cc=slp@redhat.com \
--cc=srinivas.pandruvada@linux.intel.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tobin@ibm.com \
--cc=tony.luck@intel.com \
--cc=vbabka@suse.cz \
--cc=vkuznets@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.