From: Vlastimil Babka <vbabka@suse.cz>
To: Borislav Petkov <bp@alien8.de>, Michael Roth <michael.roth@amd.com>
Cc: x86@kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev,
linux-mm@kvack.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org, tglx@linutronix.de,
mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com,
hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com,
seanjc@google.com, vkuznets@redhat.com, jmattson@google.com,
luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com,
pgonda@google.com, peterz@infradead.org,
srinivas.pandruvada@linux.intel.com, rientjes@google.com,
tobin@ibm.com, kirill@shutemov.name, ak@linux.intel.com,
tony.luck@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com,
alpergun@google.com, jarkko@kernel.org, ashish.kalra@amd.com,
nikunj.dadhania@amd.com, pankaj.gupta@amd.com,
liam.merwick@oracle.com
Subject: Re: [PATCH v2 11/25] x86/sev: Adjust directmap to avoid inadvertant RMP faults
Date: Mon, 29 Jan 2024 16:26:01 +0100 [thread overview]
Message-ID: <2068cfca-b99b-4cf0-addc-43376c2681cb@suse.cz> (raw)
In-Reply-To: <20240129115928.GBZbeTIJUYivEMSonh@fat_crate.local>
On 1/29/24 12:59, Borislav Petkov wrote:
> On Sat, Jan 27, 2024 at 05:02:49PM +0100, Borislav Petkov wrote:
>> This function takes any PFN it gets passed in as it is. I don't care
>> who its users are now or in the future and whether they pay attention
>> what they pass into - it needs to be properly defined.
>
> Ok, we solved it offlist, here's the final version I have. It has
> a comment explaining what I was asking.
>
> ---
> From: Michael Roth <michael.roth@amd.com>
> Date: Thu, 25 Jan 2024 22:11:11 -0600
> Subject: [PATCH] x86/sev: Adjust the directmap to avoid inadvertent RMP faults
>
> If the kernel uses a 2MB or larger directmap mapping to write to an
> address, and that mapping contains any 4KB pages that are set to private
> in the RMP table, an RMP #PF will trigger and cause a host crash.
>
> SNP-aware code that owns the private PFNs will never attempt such
> a write, but other kernel tasks writing to other PFNs in the range may
> trigger these checks inadvertently due to writing to those other PFNs
> via a large directmap mapping that happens to also map a private PFN.
>
> Prevent this by splitting any 2MB+ mappings that might end up containing
> a mix of private/shared PFNs as a result of a subsequent RMPUPDATE for
> the PFN/rmp_level passed in.
>
> Another way to handle this would be to limit the directmap to 4K
> mappings in the case of hosts that support SNP, but there is potential
> risk for performance regressions of certain host workloads.
>
> Handling it as-needed results in the directmap being slowly split over
> time, which lessens the risk of a performance regression since the more
> the directmap gets split as a result of running SNP guests, the more
> likely the host is being used primarily to run SNP guests, where
> a mostly-split directmap is actually beneficial since there is less
> chance of TLB flushing and cpa_lock contention being needed to perform
> these splits.
>
> Cases where a host knows in advance it wants to primarily run SNP guests
> and wishes to pre-split the directmap can be handled by adding
> a tuneable in the future, but preliminary testing has shown this to not
> provide a signficant benefit in the common case of guests that are
> backed primarily by 2MB THPs, so it does not seem to be warranted
> currently and can be added later if a need arises in the future.
>
> Signed-off-by: Michael Roth <michael.roth@amd.com>
> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
> Link: https://lore.kernel.org/r/20240126041126.1927228-12-michael.roth@amd.com
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Thanks!
next prev parent reply other threads:[~2024-01-29 15:26 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-26 4:11 [PATCH v2 00/25] Add AMD Secure Nested Paging (SEV-SNP) Initialization Support Michael Roth
2024-01-26 4:11 ` [PATCH v2 01/25] x86/cpufeatures: Add SEV-SNP CPU feature Michael Roth
2024-01-26 4:11 ` [PATCH v2 02/25] x86/speculation: Do not enable Automatic IBRS if SEV SNP is enabled Michael Roth
2024-01-26 4:11 ` [PATCH v2 03/25] iommu/amd: Don't rely on external callers to enable IOMMU SNP support Michael Roth
2024-01-26 4:11 ` [PATCH v2 04/25] x86/sev: Add the host SEV-SNP initialization support Michael Roth
2024-01-26 4:11 ` [PATCH v2 05/25] x86/mtrr: Don't print errors if MtrrFixDramModEn is set when SNP enabled Michael Roth
2024-01-26 4:11 ` [PATCH v2 06/25] x86/sev: Add RMP entry lookup helpers Michael Roth
2024-01-26 4:11 ` [PATCH v2 07/25] x86/fault: Add helper for dumping RMP entries Michael Roth
2024-01-26 4:11 ` [PATCH v2 08/25] x86/traps: Define RMP violation #PF error code Michael Roth
2024-01-26 4:11 ` [PATCH v2 09/25] x86/fault: Dump RMP table information when RMP page faults occur Michael Roth
2024-01-26 4:11 ` [PATCH v2 10/25] x86/sev: Add helper functions for RMPUPDATE and PSMASH instruction Michael Roth
2024-01-29 18:00 ` Liam Merwick
2024-01-29 19:28 ` Borislav Petkov
2024-01-29 19:33 ` Borislav Petkov
2024-01-26 4:11 ` [PATCH v2 11/25] x86/sev: Adjust directmap to avoid inadvertant RMP faults Michael Roth
2024-01-26 15:34 ` Borislav Petkov
2024-01-26 17:04 ` Michael Roth
2024-01-26 18:43 ` Borislav Petkov
2024-01-26 23:54 ` Michael Roth
2024-01-27 11:42 ` Borislav Petkov
2024-01-27 15:45 ` Michael Roth
2024-01-27 16:02 ` Borislav Petkov
2024-01-29 11:59 ` Borislav Petkov
2024-01-29 15:26 ` Vlastimil Babka [this message]
2024-01-26 4:11 ` [PATCH v2 12/25] crypto: ccp: Define the SEV-SNP commands Michael Roth
2024-01-26 4:11 ` [PATCH v2 13/25] crypto: ccp: Add support to initialize the AMD-SP for SEV-SNP Michael Roth
2024-01-29 17:58 ` Borislav Petkov
2024-01-26 4:11 ` [PATCH v2 14/25] crypto: ccp: Provide API to issue SEV and SNP commands Michael Roth
2024-01-26 4:11 ` [PATCH v2 15/25] x86/sev: Introduce snp leaked pages list Michael Roth
2024-01-29 14:26 ` Vlastimil Babka
2024-01-29 14:29 ` Borislav Petkov
2024-01-26 4:11 ` [PATCH v2 16/25] crypto: ccp: Handle the legacy TMR allocation when SNP is enabled Michael Roth
2024-01-29 15:04 ` Borislav Petkov
2024-01-26 4:11 ` [PATCH v2 17/25] crypto: ccp: Handle non-volatile INIT_EX data " Michael Roth
2024-01-29 15:12 ` Borislav Petkov
2024-01-26 4:11 ` [PATCH v2 18/25] crypto: ccp: Handle legacy SEV commands " Michael Roth
2024-01-26 4:11 ` [PATCH v2 19/25] iommu/amd: Clean up RMP entries for IOMMU pages during SNP shutdown Michael Roth
2024-01-26 4:11 ` [PATCH v2 20/25] crypto: ccp: Add panic notifier for SEV/SNP firmware shutdown on kdump Michael Roth
2024-01-26 4:11 ` [PATCH v2 21/25] KVM: SEV: Make AVIC backing, VMSA and VMCB memory allocation SNP safe Michael Roth
2024-01-26 11:00 ` Paolo Bonzini
2024-01-26 4:11 ` [PATCH v2 22/25] x86/cpufeatures: Enable/unmask SEV-SNP CPU feature Michael Roth
2024-01-26 4:11 ` [PATCH v2 23/25] crypto: ccp: Add the SNP_PLATFORM_STATUS command Michael Roth
2024-01-26 4:11 ` [PATCH v2 24/25] crypto: ccp: Add the SNP_COMMIT command Michael Roth
2024-01-26 4:11 ` [PATCH v2 25/25] crypto: ccp: Add the SNP_SET_CONFIG command Michael Roth
2024-01-29 19:18 ` Liam Merwick
2024-01-29 20:10 ` Michael Roth
2024-01-30 16:19 ` [PATCH v2 00/25] Add AMD Secure Nested Paging (SEV-SNP) Initialization Support Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2068cfca-b99b-4cf0-addc-43376c2681cb@suse.cz \
--to=vbabka@suse.cz \
--cc=ak@linux.intel.com \
--cc=alpergun@google.com \
--cc=ardb@kernel.org \
--cc=ashish.kalra@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jarkko@kernel.org \
--cc=jmattson@google.com \
--cc=jroedel@suse.de \
--cc=kirill@shutemov.name \
--cc=kvm@vger.kernel.org \
--cc=liam.merwick@oracle.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=nikunj.dadhania@amd.com \
--cc=pankaj.gupta@amd.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=pgonda@google.com \
--cc=rientjes@google.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=seanjc@google.com \
--cc=slp@redhat.com \
--cc=srinivas.pandruvada@linux.intel.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tobin@ibm.com \
--cc=tony.luck@intel.com \
--cc=vkuznets@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).