From: Brijesh Singh <brijesh.singh@amd.com>
To: <x86@kernel.org>, <linux-kernel@vger.kernel.org>,
	<kvm@vger.kernel.org>, <linux-efi@vger.kernel.org>,
	<platform-driver-x86@vger.kernel.org>,
	<linux-coco@lists.linux.dev>, <linux-mm@kvack.org>
Cc: Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Joerg Roedel <jroedel@suse.de>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	"H. Peter Anvin" <hpa@zytor.com>,
	Ard Biesheuvel <ardb@kernel.org>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Sean Christopherson <seanjc@google.com>,
	"Vitaly Kuznetsov" <vkuznets@redhat.com>,
	Jim Mattson <jmattson@google.com>,
	"Andy Lutomirski" <luto@kernel.org>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Sergio Lopez <slp@redhat.com>, Peter Gonda <pgonda@google.com>,
	"Peter Zijlstra" <peterz@infradead.org>,
	Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>,
	David Rientjes <rientjes@google.com>,
	Dov Murik <dovmurik@linux.ibm.com>,
	Tobin Feldman-Fitzthum <tobin@ibm.com>,
	Borislav Petkov <bp@alien8.de>,
	Michael Roth <michael.roth@amd.com>,
	Vlastimil Babka <vbabka@suse.cz>,
	"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
	Andi Kleen <ak@linux.intel.com>,
	"Dr . David Alan Gilbert" <dgilbert@redhat.com>,
	<brijesh.ksingh@gmail.com>, <tony.luck@intel.com>,
	<marcorr@google.com>,
	<sathyanarayanan.kuppuswamy@linux.intel.com>,
	Brijesh Singh <brijesh.singh@amd.com>
Subject: [PATCH v11 19/45] x86/kernel: Make the .bss..decrypted section shared in RMP table
Date: Thu, 24 Feb 2022 10:55:59 -0600	[thread overview]
Message-ID: <20220224165625.2175020-20-brijesh.singh@amd.com> (raw)
In-Reply-To: <20220224165625.2175020-1-brijesh.singh@amd.com>
The encryption attribute for the .bss..decrypted section is cleared in the
initial page table build. This is because the section contains the data
that need to be shared between the guest and the hypervisor.
When SEV-SNP is active, just clearing the encryption attribute in the
page table is not enough. The page state need to be updated in the RMP
table.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 arch/x86/kernel/head64.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index 83514b9827e6..656d2f3e2cf0 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -143,7 +143,20 @@ static unsigned long __head sme_postprocess_startup(struct boot_params *bp, pmdv
 	if (sme_get_me_mask()) {
 		vaddr = (unsigned long)__start_bss_decrypted;
 		vaddr_end = (unsigned long)__end_bss_decrypted;
+
 		for (; vaddr < vaddr_end; vaddr += PMD_SIZE) {
+			/*
+			 * On SNP, transition the page to shared in the RMP table so that
+			 * it is consistent with the page table attribute change.
+			 *
+			 * __start_bss_decrypted has a virtual address in the high range
+			 * mapping (kernel .text). PVALIDATE, by way of
+			 * early_snp_set_memory_shared(), requires a valid virtual
+			 * address but the kernel is currently running off of the identity
+			 * mapping so use __pa() to get a *currently* valid virtual address.
+			 */
+			early_snp_set_memory_shared(__pa(vaddr), __pa(vaddr), PTRS_PER_PMD);
+
 			i = pmd_index(vaddr);
 			pmd[i] -= sme_get_me_mask();
 		}
-- 
2.25.1
next prev parent reply	other threads:[~2022-02-24 16:58 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-02-24 16:55 [PATCH v11 00/45] Add AMD Secure Nested Paging (SEV-SNP) Guest Support Brijesh Singh
2022-02-24 16:55 ` [PATCH v11 01/45] KVM: SVM: Define sev_features and vmpl field in the VMSA Brijesh Singh
2022-02-24 16:55 ` [PATCH v11 02/45] KVM: SVM: Create a separate mapping for the SEV-ES save area Brijesh Singh
2022-02-24 16:55 ` [PATCH v11 03/45] KVM: SVM: Create a separate mapping for the GHCB " Brijesh Singh
2022-02-24 19:38   ` [PATCH v11 3.1/45] " Brijesh Singh
2022-02-24 16:55 ` [PATCH v11 04/45] KVM: SVM: Update the SEV-ES save area mapping Brijesh Singh
2022-02-24 16:55 ` [PATCH v11 05/45] x86/boot: Introduce helpers for MSR reads/writes Brijesh Singh
2022-02-24 16:55 ` [PATCH v11 06/45] x86/boot: Use MSR read/write helpers instead of inline assembly Brijesh Singh
2022-02-24 16:55 ` [PATCH v11 07/45] x86/compressed/64: Detect/setup SEV/SME features earlier in boot Brijesh Singh
2022-02-24 16:55 ` [PATCH v11 08/45] x86/sev: " Brijesh Singh
2022-02-24 16:55 ` [PATCH v11 09/45] x86/mm: Extend cc_attr to include AMD SEV-SNP Brijesh Singh
2022-02-24 16:55 ` [PATCH v11 10/45] x86/sev: Define the Linux specific guest termination reasons Brijesh Singh
2022-02-24 16:55 ` [PATCH v11 11/45] x86/sev: Save the negotiated GHCB version Brijesh Singh
2022-02-24 16:55 ` [PATCH v11 12/45] x86/sev: Check SEV-SNP features support Brijesh Singh
2022-02-24 16:55 ` [PATCH v11 13/45] x86/sev: Add a helper for the PVALIDATE instruction Brijesh Singh
2022-02-24 16:55 ` [PATCH v11 14/45] x86/sev: Check the vmpl level Brijesh Singh
2022-02-24 16:55 ` [PATCH v11 15/45] x86/compressed: Add helper for validating pages in the decompression stage Brijesh Singh
2022-02-24 16:55 ` [PATCH v11 16/45] x86/compressed: Register GHCB memory when SEV-SNP is active Brijesh Singh
2022-02-24 16:55 ` [PATCH v11 17/45] x86/sev: " Brijesh Singh
2022-02-24 16:55 ` [PATCH v11 18/45] x86/sev: Add helper for validating pages in early enc attribute changes Brijesh Singh
2022-02-24 16:55 ` Brijesh Singh [this message]
2022-02-24 16:56 ` [PATCH v11 20/45] x86/kernel: Validate ROM memory before accessing when SEV-SNP is active Brijesh Singh
2022-02-24 16:56 ` [PATCH v11 21/45] x86/mm: Validate memory when changing the C-bit Brijesh Singh
2022-02-24 16:56 ` [PATCH v11 22/45] x86/sev: Use SEV-SNP AP creation to start secondary CPUs Brijesh Singh
2022-03-03 17:09   ` Dave Hansen
2022-03-03 18:01     ` Brijesh Singh
2022-02-24 16:56 ` [PATCH v11 23/45] x86/head/64: Re-enable stack protection Brijesh Singh
2022-02-24 16:56 ` [PATCH v11 24/45] x86/compressed/acpi: Move EFI detection to helper Brijesh Singh
2022-02-24 16:56 ` [PATCH v11 25/45] x86/compressed/acpi: Move EFI system table lookup " Brijesh Singh
2022-02-24 16:56 ` [PATCH v11 26/45] x86/compressed/acpi: Move EFI config " Brijesh Singh
2022-02-24 16:56 ` [PATCH v11 27/45] x86/compressed/acpi: Move EFI vendor " Brijesh Singh
2022-02-24 16:56 ` [PATCH v11 28/45] x86/compressed/acpi: Move EFI kexec handling into common code Brijesh Singh
2022-02-24 16:56 ` [PATCH v11 29/45] x86/boot: Add Confidential Computing type to setup_data Brijesh Singh
2022-03-01  9:48   ` Borislav Petkov
2022-03-02 14:25     ` Brijesh Singh
2022-03-02 15:13       ` Borislav Petkov
2022-03-03  9:21         ` Ard Biesheuvel
2022-02-24 16:56 ` [PATCH v11 30/45] KVM: x86: Move lookup of indexed CPUID leafs to helper Brijesh Singh
2022-02-24 16:56 ` [PATCH v11 31/45] x86/sev: Move MSR-based VMGEXITs for CPUID " Brijesh Singh
2022-02-24 16:56 ` [PATCH v11 32/45] x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers Brijesh Singh
2022-02-24 16:56 ` [PATCH v11 33/45] x86/boot: Add a pointer to Confidential Computing blob in bootparams Brijesh Singh
2022-02-24 16:56 ` [PATCH v11 34/45] x86/compressed: Add SEV-SNP feature detection/setup Brijesh Singh
2022-02-24 16:56 ` [PATCH v11 35/45] x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests Brijesh Singh
2022-02-24 16:56 ` [PATCH v11 36/45] x86/compressed: Export and rename add_identity_map() Brijesh Singh
2022-02-24 16:56 ` [PATCH v11 37/45] x86/compressed/64: Add identity mapping for Confidential Computing blob Brijesh Singh
2022-02-24 16:56 ` [PATCH v11 38/45] x86/sev: Add SEV-SNP feature detection/setup Brijesh Singh
2022-02-24 16:56 ` [PATCH v11 39/45] x86/sev: Use firmware-validated CPUID for SEV-SNP guests Brijesh Singh
2022-03-03 11:51   ` Borislav Petkov
2022-03-04  0:31     ` Michael Roth
2022-03-04  7:43       ` Borislav Petkov
2022-02-24 16:56 ` [PATCH v11 40/45] x86/sev: Provide support for SNP guest request NAEs Brijesh Singh
2022-02-24 16:56 ` [PATCH v11 41/45] x86/sev: Register SEV-SNP guest request platform device Brijesh Singh
2022-02-24 16:56 ` [PATCH v11 42/45] virt: Add SEV-SNP guest driver Brijesh Singh
2022-03-02 10:03   ` Dov Murik
2022-03-02 14:33     ` Brijesh Singh
2022-03-03 17:33   ` Dave Hansen
2022-03-04 13:17     ` Brijesh Singh
2022-03-04 15:23       ` Dave Hansen
2022-03-04 15:43         ` Brijesh Singh
2022-02-24 16:56 ` [PATCH v11 43/45] virt: sevguest: Add support to derive key Brijesh Singh
2022-02-24 16:56 ` [PATCH v11 44/45] virt: sevguest: Add support to get extended report Brijesh Singh
2022-03-03 15:28   ` Borislav Petkov
2022-03-03 16:47     ` Brijesh Singh
2022-03-04 14:06       ` Borislav Petkov
2022-03-04 15:39         ` Brijesh Singh
2022-03-04 15:53           ` Borislav Petkov
2022-03-04 16:03             ` Brijesh Singh
2022-03-04 16:14               ` Borislav Petkov
2022-02-24 16:56 ` [PATCH v11 45/45] virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement Brijesh Singh
2022-03-02 14:22 ` [PATCH v11 00/45] Add AMD Secure Nested Paging (SEV-SNP) Guest Support Borislav Petkov
2022-03-02 16:09   ` Paolo Bonzini
2022-03-02 16:14     ` Borislav Petkov
2022-04-03 22:36       ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox
  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):
  git send-email \
    --in-reply-to=20220224165625.2175020-20-brijesh.singh@amd.com \
    --to=brijesh.singh@amd.com \
    --cc=ak@linux.intel.com \
    --cc=ardb@kernel.org \
    --cc=bp@alien8.de \
    --cc=brijesh.ksingh@gmail.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=dgilbert@redhat.com \
    --cc=dovmurik@linux.ibm.com \
    --cc=hpa@zytor.com \
    --cc=jmattson@google.com \
    --cc=jroedel@suse.de \
    --cc=kirill.shutemov@linux.intel.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-coco@lists.linux.dev \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=luto@kernel.org \
    --cc=marcorr@google.com \
    --cc=michael.roth@amd.com \
    --cc=mingo@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=peterz@infradead.org \
    --cc=pgonda@google.com \
    --cc=platform-driver-x86@vger.kernel.org \
    --cc=rientjes@google.com \
    --cc=sathyanarayanan.kuppuswamy@linux.intel.com \
    --cc=seanjc@google.com \
    --cc=slp@redhat.com \
    --cc=srinivas.pandruvada@linux.intel.com \
    --cc=tglx@linutronix.de \
    --cc=thomas.lendacky@amd.com \
    --cc=tobin@ibm.com \
    --cc=tony.luck@intel.com \
    --cc=vbabka@suse.cz \
    --cc=vkuznets@redhat.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY
  https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
  Be sure your reply has a Subject: header at the top and a blank line
  before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).