* [Part1 PATCH v7 15/17] percpu: Introduce DEFINE_PER_CPU_DECRYPTED [not found] <20171020143059.3291-1-brijesh.singh@amd.com> @ 2017-10-20 14:30 ` Brijesh Singh 2017-10-20 14:30 ` Brijesh Singh 0 siblings, 1 reply; 2+ messages in thread From: Brijesh Singh @ 2017-10-20 14:30 UTC (permalink / raw) To: x86, kvm, linux-kernel Cc: Borislav Petkov, Brijesh Singh, Thomas Gleixner, Ingo Molnar, H. Peter Anvin, Borislav Petkov, Arnd Bergmann, Tejun Heo, Christoph Lameter, linux-arch, Tom Lendacky KVM guest defines three per-CPU variables (steal-time, apf_reason, and avic_eio) which are shared between a guest and a hypervisor. When SEV is active, memory is encrypted with a guest-specific key, and if the guest OS wants to share the memory region with the hypervisor then it must clear the C-bit (i.e set decrypted) before sharing it. DEFINE_PER_CPU_DECRYPTED can be used to define the per-CPU variables which will be shared between a guest and a hypervisor. Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Acked-by: Tejun Heo <tj@kernel.org> Reviewed-by: Borislav Petkov <bp@suse.de> Tested-by: Borislav Petkov <bp@suse.de> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@redhat.com> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Borislav Petkov <bp@suse.de> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Tejun Heo <tj@kernel.org> Cc: Christoph Lameter <cl@linux.com> Cc: linux-arch@vger.kernel.org Cc: x86@kernel.org Cc: linux-kernel@vger.kernel.org Cc: Tom Lendacky <thomas.lendacky@amd.com> --- include/asm-generic/vmlinux.lds.h | 19 +++++++++++++++++++ include/linux/percpu-defs.h | 15 +++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 353f52fdc35e..bdcd1caae092 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -779,6 +779,24 @@ #endif /* + * Memory encryption operates on a page basis. Since we need to clear + * the memory encryption mask for this section, it needs to be aligned + * on a page boundary and be a page-size multiple in length. + * + * Note: We use a separate section so that only this section gets + * decrypted to avoid exposing more than we wish. + */ +#ifdef CONFIG_AMD_MEM_ENCRYPT +#define PERCPU_DECRYPTED_SECTION \ + . = ALIGN(PAGE_SIZE); \ + *(.data..percpu..decrypted) \ + . = ALIGN(PAGE_SIZE); +#else +#define PERCPU_DECRYPTED_SECTION +#endif + + +/* * Default discarded sections. * * Some archs want to discard exit text/data at runtime rather than @@ -816,6 +834,7 @@ . = ALIGN(cacheline); \ *(.data..percpu) \ *(.data..percpu..shared_aligned) \ + PERCPU_DECRYPTED_SECTION \ VMLINUX_SYMBOL(__per_cpu_end) = .; /** diff --git a/include/linux/percpu-defs.h b/include/linux/percpu-defs.h index 8f16299ca068..2d2096ba1cfe 100644 --- a/include/linux/percpu-defs.h +++ b/include/linux/percpu-defs.h @@ -173,6 +173,21 @@ DEFINE_PER_CPU_SECTION(type, name, "..read_mostly") /* + * Declaration/definition used for per-CPU variables that should be accessed + * as decrypted when memory encryption is enabled in the guest. + */ +#if defined(CONFIG_VIRTUALIZATION) && defined(CONFIG_AMD_MEM_ENCRYPT) + +#define DECLARE_PER_CPU_DECRYPTED(type, name) \ + DECLARE_PER_CPU_SECTION(type, name, "..decrypted") + +#define DEFINE_PER_CPU_DECRYPTED(type, name) \ + DEFINE_PER_CPU_SECTION(type, name, "..decrypted") +#else +#define DEFINE_PER_CPU_DECRYPTED(type, name) DEFINE_PER_CPU(type, name) +#endif + +/* * Intermodule exports for per-CPU variables. sparse forgets about * address space across EXPORT_SYMBOL(), change EXPORT_SYMBOL() to * noop if __CHECKER__. -- 2.9.5 ^ permalink raw reply related [flat|nested] 2+ messages in thread
* [Part1 PATCH v7 15/17] percpu: Introduce DEFINE_PER_CPU_DECRYPTED 2017-10-20 14:30 ` [Part1 PATCH v7 15/17] percpu: Introduce DEFINE_PER_CPU_DECRYPTED Brijesh Singh @ 2017-10-20 14:30 ` Brijesh Singh 0 siblings, 0 replies; 2+ messages in thread From: Brijesh Singh @ 2017-10-20 14:30 UTC (permalink / raw) To: x86, kvm, linux-kernel Cc: Borislav Petkov, Brijesh Singh, Thomas Gleixner, Ingo Molnar, H. Peter Anvin, Borislav Petkov, Arnd Bergmann, Tejun Heo, Christoph Lameter, linux-arch, Tom Lendacky KVM guest defines three per-CPU variables (steal-time, apf_reason, and avic_eio) which are shared between a guest and a hypervisor. When SEV is active, memory is encrypted with a guest-specific key, and if the guest OS wants to share the memory region with the hypervisor then it must clear the C-bit (i.e set decrypted) before sharing it. DEFINE_PER_CPU_DECRYPTED can be used to define the per-CPU variables which will be shared between a guest and a hypervisor. Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Acked-by: Tejun Heo <tj@kernel.org> Reviewed-by: Borislav Petkov <bp@suse.de> Tested-by: Borislav Petkov <bp@suse.de> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@redhat.com> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Borislav Petkov <bp@suse.de> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Tejun Heo <tj@kernel.org> Cc: Christoph Lameter <cl@linux.com> Cc: linux-arch@vger.kernel.org Cc: x86@kernel.org Cc: linux-kernel@vger.kernel.org Cc: Tom Lendacky <thomas.lendacky@amd.com> --- include/asm-generic/vmlinux.lds.h | 19 +++++++++++++++++++ include/linux/percpu-defs.h | 15 +++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 353f52fdc35e..bdcd1caae092 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -779,6 +779,24 @@ #endif /* + * Memory encryption operates on a page basis. Since we need to clear + * the memory encryption mask for this section, it needs to be aligned + * on a page boundary and be a page-size multiple in length. + * + * Note: We use a separate section so that only this section gets + * decrypted to avoid exposing more than we wish. + */ +#ifdef CONFIG_AMD_MEM_ENCRYPT +#define PERCPU_DECRYPTED_SECTION \ + . = ALIGN(PAGE_SIZE); \ + *(.data..percpu..decrypted) \ + . = ALIGN(PAGE_SIZE); +#else +#define PERCPU_DECRYPTED_SECTION +#endif + + +/* * Default discarded sections. * * Some archs want to discard exit text/data at runtime rather than @@ -816,6 +834,7 @@ . = ALIGN(cacheline); \ *(.data..percpu) \ *(.data..percpu..shared_aligned) \ + PERCPU_DECRYPTED_SECTION \ VMLINUX_SYMBOL(__per_cpu_end) = .; /** diff --git a/include/linux/percpu-defs.h b/include/linux/percpu-defs.h index 8f16299ca068..2d2096ba1cfe 100644 --- a/include/linux/percpu-defs.h +++ b/include/linux/percpu-defs.h @@ -173,6 +173,21 @@ DEFINE_PER_CPU_SECTION(type, name, "..read_mostly") /* + * Declaration/definition used for per-CPU variables that should be accessed + * as decrypted when memory encryption is enabled in the guest. + */ +#if defined(CONFIG_VIRTUALIZATION) && defined(CONFIG_AMD_MEM_ENCRYPT) + +#define DECLARE_PER_CPU_DECRYPTED(type, name) \ + DECLARE_PER_CPU_SECTION(type, name, "..decrypted") + +#define DEFINE_PER_CPU_DECRYPTED(type, name) \ + DEFINE_PER_CPU_SECTION(type, name, "..decrypted") +#else +#define DEFINE_PER_CPU_DECRYPTED(type, name) DEFINE_PER_CPU(type, name) +#endif + +/* * Intermodule exports for per-CPU variables. sparse forgets about * address space across EXPORT_SYMBOL(), change EXPORT_SYMBOL() to * noop if __CHECKER__. -- 2.9.5 ^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-10-20 14:31 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20171020143059.3291-1-brijesh.singh@amd.com>
2017-10-20 14:30 ` [Part1 PATCH v7 15/17] percpu: Introduce DEFINE_PER_CPU_DECRYPTED Brijesh Singh
2017-10-20 14:30 ` Brijesh Singh
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox