From: Wander Lairson Costa <wander@redhat.com>
To: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H . Peter Anvin" <hpa@zytor.com>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
Tony Luck <tony.luck@intel.com>, Andi Kleen <ak@linux.intel.com>,
Kai Huang <kai.huang@intel.com>,
Isaku Yamahata <isaku.yamahata@gmail.com>,
marcelo.cerri@canonical.com, tim.gardner@canonical.com,
khalid.elmously@canonical.com, philip.cox@canonical.com,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v7 4/5] x86/mm: Add noalias variants of set_memory_*crypted() functions
Date: Thu, 26 May 2022 11:38:59 -0300 [thread overview]
Message-ID: <Yo+RA8EZJx82xmjn@fedora> (raw)
In-Reply-To: <20220524040517.703581-5-sathyanarayanan.kuppuswamy@linux.intel.com>
On Mon, May 23, 2022 at 09:05:16PM -0700, Kuppuswamy Sathyanarayanan wrote:
> set_memory_*crypted() functions are used to modify the "shared" page
> attribute of the given memory. Using these APIs will modify the page
> attributes of the aliased mappings (which also includes the direct
> mapping).
>
> But such aliased mappings modification is not desirable in use cases
> like TDX guest, where the requirement is to create the shared mapping
> without touching the direct map. It is used when allocating VMM shared
> buffers using alloc_pages()/vmap()/set_memory_*crypted() API
> combinations.
>
> So to support such use cases, add support for noalias variants of
> set_memory_*crypted() functions.
>
> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
> ---
> arch/x86/include/asm/set_memory.h | 2 ++
> arch/x86/mm/pat/set_memory.c | 26 ++++++++++++++++++++------
> 2 files changed, 22 insertions(+), 6 deletions(-)
>
> diff --git a/arch/x86/include/asm/set_memory.h b/arch/x86/include/asm/set_memory.h
> index 78ca53512486..0e5fc2b818be 100644
> --- a/arch/x86/include/asm/set_memory.h
> +++ b/arch/x86/include/asm/set_memory.h
> @@ -46,7 +46,9 @@ int set_memory_wb(unsigned long addr, int numpages);
> int set_memory_np(unsigned long addr, int numpages);
> int set_memory_4k(unsigned long addr, int numpages);
> int set_memory_encrypted(unsigned long addr, int numpages);
> +int set_memory_encrypted_noalias(unsigned long addr, int numpages);
> int set_memory_decrypted(unsigned long addr, int numpages);
> +int set_memory_decrypted_noalias(unsigned long addr, int numpages);
> int set_memory_np_noalias(unsigned long addr, int numpages);
> int set_memory_nonglobal(unsigned long addr, int numpages);
> int set_memory_global(unsigned long addr, int numpages);
> diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c
> index 0656db33574d..4475f6e3bebb 100644
> --- a/arch/x86/mm/pat/set_memory.c
> +++ b/arch/x86/mm/pat/set_memory.c
> @@ -1976,7 +1976,8 @@ int set_memory_global(unsigned long addr, int numpages)
> * __set_memory_enc_pgtable() is used for the hypervisors that get
> * informed about "encryption" status via page tables.
> */
> -static int __set_memory_enc_pgtable(unsigned long addr, int numpages, bool enc)
> +static int __set_memory_enc_pgtable(unsigned long addr, int numpages,
> + bool enc, int checkalias)
> {
> pgprot_t empty = __pgprot(0);
> struct cpa_data cpa;
> @@ -2004,7 +2005,7 @@ static int __set_memory_enc_pgtable(unsigned long addr, int numpages, bool enc)
> /* Notify hypervisor that we are about to set/clr encryption attribute. */
> x86_platform.guest.enc_status_change_prepare(addr, numpages, enc);
>
> - ret = __change_page_attr_set_clr(&cpa, 1);
> + ret = __change_page_attr_set_clr(&cpa, checkalias);
>
> /*
> * After changing the encryption attribute, we need to flush TLBs again
> @@ -2024,29 +2025,42 @@ static int __set_memory_enc_pgtable(unsigned long addr, int numpages, bool enc)
> return ret;
> }
>
> -static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc)
> +static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc,
> + int checkalias)
> {
> if (hv_is_isolation_supported())
> return hv_set_mem_host_visibility(addr, numpages, !enc);
>
> if (cc_platform_has(CC_ATTR_MEM_ENCRYPT))
> - return __set_memory_enc_pgtable(addr, numpages, enc);
> + return __set_memory_enc_pgtable(addr, numpages, enc, checkalias);
>
> return 0;
> }
>
> int set_memory_encrypted(unsigned long addr, int numpages)
> {
> - return __set_memory_enc_dec(addr, numpages, true);
> + return __set_memory_enc_dec(addr, numpages, true, 1);
> }
> EXPORT_SYMBOL_GPL(set_memory_encrypted);
>
> int set_memory_decrypted(unsigned long addr, int numpages)
> {
> - return __set_memory_enc_dec(addr, numpages, false);
> + return __set_memory_enc_dec(addr, numpages, false, 1);
> }
> EXPORT_SYMBOL_GPL(set_memory_decrypted);
>
> +int set_memory_encrypted_noalias(unsigned long addr, int numpages)
> +{
> + return __set_memory_enc_dec(addr, numpages, true, 0);
> +}
> +EXPORT_SYMBOL_GPL(set_memory_encrypted_noalias);
> +
> +int set_memory_decrypted_noalias(unsigned long addr, int numpages)
> +{
> + return __set_memory_enc_dec(addr, numpages, false, 0);
> +}
> +EXPORT_SYMBOL_GPL(set_memory_decrypted_noalias);
> +
> int set_pages_uc(struct page *page, int numpages)
> {
> unsigned long addr = (unsigned long)page_address(page);
> --
> 2.25.1
>
>
Acked-by: Wander Lairson Costa <wander@redhat.com>
next prev parent reply other threads:[~2022-05-26 14:39 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-24 4:05 [PATCH v7 0/5] Add TDX Guest Attestation support Kuppuswamy Sathyanarayanan
2022-05-24 4:05 ` [PATCH v7 1/5] x86/tdx: Add TDX Guest attestation interface driver Kuppuswamy Sathyanarayanan
2022-05-26 14:37 ` Wander Lairson Costa
2022-05-27 11:45 ` Kai Huang
2022-05-24 4:05 ` [PATCH v7 2/5] x86/tdx: Add TDX Guest event notify interrupt support Kuppuswamy Sathyanarayanan
2022-05-24 6:40 ` Kai Huang
2022-05-25 15:40 ` Sathyanarayanan Kuppuswamy
2022-05-26 13:48 ` Wander Lairson Costa
2022-05-26 14:45 ` Sathyanarayanan Kuppuswamy
2022-05-24 4:05 ` [PATCH v7 3/5] x86/mm: Make tdx_enc_status_changed() vmalloc address compatible Kuppuswamy Sathyanarayanan
2022-05-26 14:38 ` Wander Lairson Costa
2022-05-30 10:47 ` Kai Huang
2022-05-30 19:54 ` Sathyanarayanan Kuppuswamy
2022-05-24 4:05 ` [PATCH v7 4/5] x86/mm: Add noalias variants of set_memory_*crypted() functions Kuppuswamy Sathyanarayanan
2022-05-26 14:38 ` Wander Lairson Costa [this message]
2022-05-24 4:05 ` [PATCH v7 5/5] x86/tdx: Add Quote generation support Kuppuswamy Sathyanarayanan
2022-05-26 15:37 ` Wander Lairson Costa
2022-06-03 17:15 ` Sathyanarayanan Kuppuswamy
2022-06-20 0:36 ` [PATCH v7 0/5] Add TDX Guest Attestation support Sathyanarayanan Kuppuswamy
2022-06-20 12:46 ` Kai Huang
2022-06-20 14:37 ` Sathyanarayanan Kuppuswamy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yo+RA8EZJx82xmjn@fedora \
--to=wander@redhat.com \
--cc=ak@linux.intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=isaku.yamahata@gmail.com \
--cc=kai.huang@intel.com \
--cc=khalid.elmously@canonical.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=marcelo.cerri@canonical.com \
--cc=mingo@redhat.com \
--cc=philip.cox@canonical.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=tglx@linutronix.de \
--cc=tim.gardner@canonical.com \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.