From patchwork Tue Sep 4 01:29:42 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10586435 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 69A7D920 for ; Tue, 4 Sep 2018 01:30:55 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4E19E28BD5 for ; Tue, 4 Sep 2018 01:30:55 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3F7DE28BE4; Tue, 4 Sep 2018 01:30:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9E3FA28BD5 for ; Tue, 4 Sep 2018 01:30:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726280AbeIDFxZ (ORCPT ); Tue, 4 Sep 2018 01:53:25 -0400 Received: from mail-bl2nam02on0082.outbound.protection.outlook.com ([104.47.38.82]:42369 "EHLO NAM02-BL2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725837AbeIDFxZ (ORCPT ); Tue, 4 Sep 2018 01:53:25 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6tObxVukwyqWeihVatFhIVvDkEbDhPcuBsbQp6yoncs=; b=gsMAMDnoOTXUa22HtmP9RaqlzsStK/1xpESQXHE+mV7BACwqppy91w7w/fX2Ne9cN2BL2XNG3JefaUyshwnoMtaqhtpqPw8I3FrjJ064UeXpfdI2W7UKwjnKNUGgQOQfaQYQNEObeCANjM8SVw+jfs6HN6uNC8Wtgth4ap3KeoA= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN6PR12MB2687.namprd12.prod.outlook.com (2603:10b6:805:6f::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1101.18; Tue, 4 Sep 2018 01:30:03 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: Brijesh Singh , Tom Lendacky , Thomas Gleixner , Borislav Petkov , "H. Peter Anvin" , Paolo Bonzini , Sean Christopherson , =?utf-8?b?UmFkaW0g?= =?utf-8?b?S3LEjW3DocWZ?= Subject: [PATCH v4 4/4] x86/kvm: use __decrypted attribute in shared variables Date: Mon, 3 Sep 2018 20:29:42 -0500 Message-Id: <1536024582-25700-5-git-send-email-brijesh.singh@amd.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1536024582-25700-1-git-send-email-brijesh.singh@amd.com> References: <1536024582-25700-1-git-send-email-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: BN6PR20CA0066.namprd20.prod.outlook.com (2603:10b6:404:151::28) To SN6PR12MB2687.namprd12.prod.outlook.com (2603:10b6:805:6f::28) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 57f75fe8-c8a0-4a95-f7a5-08d61205f12f X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020);SRVR:SN6PR12MB2687; X-Microsoft-Exchange-Diagnostics: 1;SN6PR12MB2687;3:5fM6m96X8o8lYB3XQgeIW6SVVRUTzfSGTiJxDAKXjPv1NIwsX+wPxA4uk4sOb4I9x/yxfNWmSQOWGArc4wvghutLa9nnA4dCK9i+X31xqTJkw/wSwsiBTZGMGiHkFReD0WYqRz7WIu1KUBdRaKx7C/orqfWQ3ZA4CVQjealw1isqiVU+YshZ2fZV0m/fHHaDe5MyBmg3RbP4vR+8BZ9GVAd0lnOHh5C7vyU3BikAvkMVYRj6ZfBcdBOSuXqWgcUd;25:iGqbZIY5wljqHETjuhtumXICAoXdXNTGzIkkV1oZWIK3vUZsz7TpjrHFcT21TO0Yasqb20RTPH4ei58WZTWVOTvLAWH6MB0R0ZeUVf929eY2FoDhCowbrUQgxGBlnlam6VOmnKnUSte29vjZ8n11pLvUAk2WEAWXiOQ9Xod38VO19C73/cI5sl/9SAoaLLARnmQVmyRIx6MlWdJ+QtaZRX5zUYB8SXz+w+6Dt0Zjqcp2fr2mF2MAfBilojFg785UllSInuax4VAaOsoR0BcfEWzksj9K8lKjawf0LdIAzv8VLNV78C+kVmEr2pnpH13IdNcMC+zQ8uGpLBa+sI2XAw==;31:xgpPtl2eTGhGd05MNcKOtrtip2+2D8WHjLOcypu63ko7D9v3FWyOt6qIr/sVQa3byk5fkNI84lHiW0eSY1uuYFG5HZgjuZFWObJ1yVrj/st+TywUV79K6V8GXdA3rj9eX22JP5Sy9+4qnYTwnnWbhz5yJ7EMZKV4r8+rrf4Al3MtdkC1ch6qxoJXYrTjT77jRiLWjjLVfKCVYFfSIv4rBz4jIdywAQ2DjCFSHFCPOLw= X-MS-TrafficTypeDiagnostic: SN6PR12MB2687: X-Microsoft-Exchange-Diagnostics: 1;SN6PR12MB2687;20:z8JlcFiIBC0adFU6b0BQPEVHQBGozBQsFn0QXOHP44mzOEhS0sLakbso1fZDHz7c6w0VaHBW/CcPaj+lbkNBLFTul+ofgKnx/1ueC6Z59WtnqipZt3LjVZPuJwx8oREW3NilL1TJ04P1ImiM9FaFQiQkdoX8YhEmkkLJwDQO0xkXVw4rsv9HqFPhZQq/CzX7TDhkSfWcIuAhgfrHisTEQ6c8MYftobMdAaqfXcR5KB6TK9f0YUkM9RNP5jNzz721yDkfGJiwR3pW37/5mo9tNf1I7LkgR7E+HYmLc+3NiU39IKOt8MyJ0eXPf1YXWo9Twll1mZplv362vPlJeH6oC6P55U52S6C5aS4hPZk6P5vr3FLNuGOXYemmWfXvxb1zvA8DHkVgyaAN8rX5uNuxC6DmGUPwdQDOqhcOwOJrDXDXkvbWkT7p7rGE8ylHMPOamAKHsvBbQgJKVAxSzgTyS7p9U3vMgeGs1fFKU/4sVuqQWX9pNkNlSlLWeYmm/g9T;4:Om5dtLG7qJAaWqEeWejCEGcAYERzFUfpBBfmckPHC74H6p6u0Pk2blszm9mDnwcBozjR8bFS4QILmYiAo7DJGgi9mkpDOXIkgZL7FwojfcY5azdvtW6zqjbWNYiEw8pu7Oh9meLIbije725BPbTJVwXjn9jRj9pcTnrZawvgZ8Iz4RUd55OaR4iYh5Nvfb0JWziEZs4kzCfVxwHU3NK8QbOznatWXQaksYEG89H77r0diPg7kJ4giNHLNRZrp07wrf8I2lbzbDK8PyBsdkfp/iaelJGJ0A89qd4nXu5HrLPk+DgARUABwZ7OF371Nj8Xqq2otHzYgvvsOH6rNaq7P4xcTwiCAbStPWellTs1DzJzGSkpLf5eYKmQ98IPtU11 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110)(228905959029699); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(823301075)(93006095)(93001095)(3231311)(944501410)(52105095)(10201501046)(3002001)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123558120)(20161123564045)(201708071742011)(7699016);SRVR:SN6PR12MB2687;BCL:0;PCL:0;RULEID:;SRVR:SN6PR12MB2687; X-Forefront-PRVS: 0785459C39 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(366004)(396003)(39860400002)(136003)(376002)(346002)(199004)(189003)(14444005)(6116002)(105586002)(76176011)(7696005)(47776003)(23676004)(66066001)(68736007)(52116002)(2870700001)(53936002)(53416004)(2906002)(316002)(36756003)(3846002)(97736004)(6486002)(50226002)(4326008)(25786009)(54906003)(106356001)(81166006)(81156014)(8936002)(478600001)(2616005)(6666003)(50466002)(86362001)(8676002)(44832011)(5660300001)(186003)(7736002)(305945005)(16526019)(386003)(486006)(476003)(26005)(446003)(11346002)(956004);DIR:OUT;SFP:1101;SCL:1;SRVR:SN6PR12MB2687;H:sbrijesh-desktop.amd.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?q?1=3BSN6PR12MB2687=3B23=3AoW1yXBc?= =?utf-8?q?fiE0Xn2Dsi3Tzd7WJdyXM4ONhz+l/fQozI0xNXV/zZTbAUJpPsXnhHDN0eXOU+pul?= =?utf-8?q?Cwm6BEumzRnu0ZazSScOOOrKP39aepzYCerwDqJIcvwPB8SoIElVyrzpw7LMqZJT/?= =?utf-8?q?tHIeUD1DOHdWycRg0cOB0EAGeLEA3XchnP9YB8GaHVQVmUERth2hJgbzvmuuD+akE?= =?utf-8?q?hJSh0RneR5rR+5wYqOdefkOVu3+UXGLhyseOgBtRocPE5VXOAZnt0NYzGdV+CMs+S?= =?utf-8?q?OCZRaZ9p0hPgarq9HROfIxvT7KDtzkt0HDsvUqPR2jeB7rL5XVrXiLcKd2f+ApSFD?= =?utf-8?q?KhI1baIJHVMiPv83KepuidGVvGfaxmZZB3Qq+oCnfD6mVM1pciROrE68w3R2Rs4q5?= =?utf-8?q?DgFJUHiy2G34o/lEi/8evEHQyc4ntc4pqV2a2KO/23Eo+mrfgsSNfMLggc173NX9n?= =?utf-8?q?Dmy7Q4a9ysHeDqh2bTCT7Ukrq6peDq6sDaT2zpFbn4CwbYfMMsDJBd0R8u+Yrs2gA?= =?utf-8?q?q3avnDO8LaZpnH52jdctlKYgDcF9A9NFPd+nDrA4q2Wmvqd1C7TqgteawM/xYJi+b?= =?utf-8?q?i2L3IrRLA5XC/+nSaG5kDhGMhnXwcnR/0rvgm+SdDKIHs30bmCQzsRnTp374N4IcN?= =?utf-8?q?QmZHHqwfSGjwznLCzLcouwReSqriXaDmYFednXZTWHaRecS2y30XaNVZzZ0UhqwoJ?= =?utf-8?q?aXAK1+IpbsDvW2t2PMun3XP6k6dEPk66vI0a7nhTSXgm6Uta25cSIi5TesiCqDGdp?= =?utf-8?q?bb+oyXBdLd7USn2TtvMSVnz50CS9AQqiWOUPM2dWjVq3xXLZuoY+AlY8z7SDshbq+?= =?utf-8?q?jTuf3VAwFJ8eGSAVycAnEXqPQd6kTwVVMbxijjelAYQvlBUlDhJvSLWN49wKUUcxd?= =?utf-8?q?ThwyGCPeeRqUGTqz9qe9FZwyAorIidLRxb0x1oh4cZGWW3irfXbQuz7jemNTnS02B?= =?utf-8?q?3mUjf6qMCKmAP8jnmjKtbvDGlu3u/wOJOdGPCXPodwTAIC5fxPqqLWM+hwINfjwvg?= =?utf-8?q?RfMsHV+CjrurHVgo6Jycx7uIQywKMxOxQ8uUNnruor3uy6QYc3iwEbthDOVLfvqQF?= =?utf-8?q?QSAUvmlQvxKd7VVRlVUTSSJNtKCo+SXCKV+N/H41yoazehBIJIlcbeOpyESH0DkM9?= =?utf-8?q?xCkDOcFn+sQrCN0Xy2zmrOiaOo4KbrT/oQbyZVf?= X-Microsoft-Antispam-Message-Info: 4XxUlP6/MyWIvNWa9LDxTFpUkKd9x0UT0mI+G5mpWGJVn4irVl2LJH5cUR8e4EYDV75cmqDNJ3yTC8ISCuGq/sqS/NrKD85LIn+B1HDpETY/zqABbbA9l+cec4K6W9puaYCkfpntF54I1oMSyPmW6UBFqXTnz52PBloKqlEd8cLECKG8MERDrnbdYV92qjBIIQT+vzIAil0CKheU+udi4tOWE5OwEyRB6pvlaIsDMAnqI/z0hZNUhxRnvaBTCrq414ZHBdPAGiGdxk8p+BwWC7KM1rLoOmBFlPezOMkWcnFswPANXqCqAocfe+BufRImB9yY4TQjzQrr3Sb6+AIX/51LTwmJ4zzcdI9HLWZlqSc= X-Microsoft-Exchange-Diagnostics: 1;SN6PR12MB2687;6:oW38tdx5MQBwrC5pBHYn79/DqDhkzDfcAYmT0SqkvKznV7cgnHNNP5YKjjerQFHU6PB7UtYei5eIJgBWpSM2QI685v/9hikb6Gmbpd1g/eQO9P9/r5UNP9nXJvp9qTUr7Z6AI5wRSY6pNsB39GAJdb0NY3EW978MFL05qReiXwjGeL6X9EyEXBnmuEhnZuAdBgB5qKu9x5DtMt18NP6ht04+pqK95DLhpcaPCbko7RNfZ9ti/coTMEuEL2bGKl95/lzrBiCVpcVqqJYmGLwwcImaw7Y4wZDUxgwP95gSJ4ohFJpJX9KMvp4UYk3bT54y0yNhWg3Bj5RXGprZUiby94eD7RIIPVf4a2/dmgO59m6oRoMKFJsYgs4oy+wepa5YB0YGZzPTsqZNgEs47V9e9FBx7uitigvW4OGH4FPJxITOkvuljRK002SSoGn/WOymyWApSzjh07n7yHlc3tC89w==;5:iujXbbr+Km3KO9ac6k/CBLQ4PNCJyFxQB0jTEv8UaxDhZhTuOhMoRtjpwfmytsPz0mLfFzgQQMdqWKtpCqxleYSUg99FZIvKs4mE5EZ7FRzt6iePk+RF0sfuYOCevO34+0dFMiKQ4ia7tShiyPX88FyRw535KhuAq7WN8fv3gT4=;7:39aJcW+slZR41eUGCsJ2ruCIp7cMToqDN3CQ/sbEScvelZ8ayMhKh+uPtcnTcK96CiiVqJb7wV+BrF9N/GPqUqg11jUcpSX+VxUF5HuBlohxKDMUs96h0zACIspor3ojg3g0I2j9SO1iXj1qZ4T/41V8wR4k0bqzAVOMJsDWZ3iKAzGrcrvCl2W/duOiYl08fwDqY58KqHrGsYd5VyEVLqF8M8y7qV/x33mDQoOCEkDeg9CSoE7prLc/BDsTP+17 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;SN6PR12MB2687;20:fjyHXe2W6jDd9SuJiv47tAxOqosQYx7pmJ4bU3iEaa08tjly/rXGECpxujr78+9y9BT9WuBTC+x23D0FmvjVZkQ+E4lntJ0YW1s9OMYv0B/sME52UDeGtd5Qii0qxKZz8K+LRLBTjRjIMbHOmClnfBKf5VXHVHuWb/EpRIAiE0DfAu39zna9bEDGX9uG3rsSV2OXJk511ZT6SjO2hJuJaTQ1K8Vf+vJlcLOZ8zAAaiPi8PQZoEWw1tmTXEWt9Vy2 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Sep 2018 01:30:03.9936 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 57f75fe8-c8a0-4a95-f7a5-08d61205f12f X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2687 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Commit: 368a540e0232 (x86/kvmclock: Remove memblock dependency) caused SEV guest regression. When SEV is active, we map the shared variables (wall_clock and hv_clock_boot) with C=0 to ensure that both the guest and the hypervisor are able to access the data. To map the variables we use kernel_physical_mapping_init() to split the large pages, but splitting large pages requires allocating a new PMD, which fails now that kvmclock initialization is called early during boot. Recently we added a special .data..decrypted section to hold the shared variables. This section is mapped with C=0 early during boot. Use __decrypted attribute to put the wall_clock and hv_clock_boot in .data..decrypted section so that they are mapped with C=0. Signed-off-by: Brijesh Singh Reviewed-by: Tom Lendacky Fixes: 368a540e0232 ("x86/kvmclock: Remove memblock dependency") Cc: Tom Lendacky Cc: kvm@vger.kernel.org Cc: Thomas Gleixner Cc: Borislav Petkov Cc: "H. Peter Anvin" Cc: linux-kernel@vger.kernel.org Cc: Paolo Bonzini Cc: Sean Christopherson Cc: kvm@vger.kernel.org Cc: "Radim Krčmář" --- arch/x86/kernel/kvmclock.c | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c index 1e67646..08f5f8a 100644 --- a/arch/x86/kernel/kvmclock.c +++ b/arch/x86/kernel/kvmclock.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #include @@ -61,8 +62,8 @@ early_param("no-kvmclock-vsyscall", parse_no_kvmclock_vsyscall); (PAGE_SIZE / sizeof(struct pvclock_vsyscall_time_info)) static struct pvclock_vsyscall_time_info - hv_clock_boot[HVC_BOOT_ARRAY_SIZE] __aligned(PAGE_SIZE); -static struct pvclock_wall_clock wall_clock; + hv_clock_boot[HVC_BOOT_ARRAY_SIZE] __decrypted __aligned(PAGE_SIZE); +static struct pvclock_wall_clock wall_clock __decrypted; static DEFINE_PER_CPU(struct pvclock_vsyscall_time_info *, hv_clock_per_cpu); static inline struct pvclock_vcpu_time_info *this_cpu_pvti(void) @@ -267,10 +268,29 @@ static int kvmclock_setup_percpu(unsigned int cpu) return 0; /* Use the static page for the first CPUs, allocate otherwise */ - if (cpu < HVC_BOOT_ARRAY_SIZE) + if (cpu < HVC_BOOT_ARRAY_SIZE) { p = &hv_clock_boot[cpu]; - else - p = kzalloc(sizeof(*p), GFP_KERNEL); + } else { + int rc; + unsigned int sz = sizeof(*p); + + if (sev_active()) + sz = PAGE_ALIGN(sz); + + p = kzalloc(sz, GFP_KERNEL); + + /* + * The physical address of per-cpu variable will be shared with + * the hypervisor. Let's clear the C-bit before we assign the + * memory to per_cpu variable. + */ + if (p && sev_active()) { + rc = set_memory_decrypted((unsigned long)p, sz >> PAGE_SHIFT); + if (rc) + return rc; + memset(p, 0, sz); + } + } per_cpu(hv_clock_per_cpu, cpu) = p; return p ? 0 : -ENOMEM;