From patchwork Fri Oct 20 14:30:57 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10020363 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id E284160211 for ; Fri, 20 Oct 2017 14:33:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CAF9828D12 for ; Fri, 20 Oct 2017 14:33:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BE50728D51; Fri, 20 Oct 2017 14:33:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1FA1728D12 for ; Fri, 20 Oct 2017 14:33:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753134AbdJTOcm (ORCPT ); Fri, 20 Oct 2017 10:32:42 -0400 Received: from mail-dm3nam03on0088.outbound.protection.outlook.com ([104.47.41.88]:47104 "EHLO NAM03-DM3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752851AbdJTObs (ORCPT ); Fri, 20 Oct 2017 10:31:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=WVmbkfJJctsAcGgIX/Ivdc6gfSlFMmVF7HipYsVB1EA=; b=Ibm9AvficSzVjPndD37FlWlfuZDI8xSd0ighxTpPPdWqQQC/CUZYKePaYwVl+D1AqtDXi22zMgNP75LXBtRVfU25N4WQNFduGEPGZqHch3nJRAEn/3On7HyLgOAh+19sBb+1E7phkdTZJW/7/zWKEYSawh/xjJgT8UJ8a/9co0w= Received: from ubuntu-010236106000.amd.com (165.204.78.1) by SN1PR12MB0160.namprd12.prod.outlook.com (10.162.3.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.156.4; Fri, 20 Oct 2017 14:31:33 +0000 From: Brijesh Singh To: x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Borislav Petkov , Brijesh Singh , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Arnd Bergmann , Tejun Heo , Christoph Lameter , linux-arch@vger.kernel.org, Tom Lendacky Subject: [Part1 PATCH v7 15/17] percpu: Introduce DEFINE_PER_CPU_DECRYPTED Date: Fri, 20 Oct 2017 09:30:57 -0500 Message-Id: <20171020143059.3291-16-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171020143059.3291-1-brijesh.singh@amd.com> References: <20171020143059.3291-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR14CA0029.namprd14.prod.outlook.com (10.171.172.143) To SN1PR12MB0160.namprd12.prod.outlook.com (10.162.3.147) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 98fd6b88-9c1e-4d36-b293-08d517c743db X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(4627075)(201703031133081)(201702281549075)(2017052603229); SRVR:SN1PR12MB0160; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0160; 3:ACisdEr/9FwDEgIkd4wwlK6hIyYWkbrMQVCtrT3KwT+/iQBmMXAS1WXk2xPdHwGYRvhleL5Yc9/82AznR//UEfdRysTGWsJw7doAxGj1jty6M4sU2qhC9vVyDmDolrTUPchQSWC+bdpJVIfJdwKQNACUxwap+LxsBCdrsCzqZ4+VhpKiDzpPnIr0vO5T9QMR/+5aw4IVKvQppz4+pfAP1dzrioBVrv9MinBchUTKR9SILZ3YC8SFeP2p2KbCP5CL; 25:a/QmOduhFdJlU6PkXaQBF6SySgd60sPqsWZ8xyS0SUJmXxP25eJ08tRO3RoBEP7txPAn6YAaMWbsK5D5yAjl37A8SAfcNxU+hfoKAPVOo33Dsoo2nA7ZGGMGfH2bDIG4UaB4DP30l1WEnec1ZjqQ52vx/MDikvwxk69QpJPghrISnL5qxsAJWauxRZidDyreqFHq5jwRVOlbhaXfILEymTIsiMjTXINiFwTLbFNRe7bZIEjxYI543OGruw7fbEogJPUXUipu3nw7nmxTG2bF6ARP+7nSQbvq2JrdpuphdwUPjuX1b4wyqoHmzESIc995Gu4XUE6ZpyQrBrET7SGRSg==; 31:XkQW1tk8+dAiGMtPFRBrjdwd+mi5pMrpuunQNtVfXWPd96znj/0xTCxrAwjmxD82t8EWyWoPdXEjxRwkDBcATmD4VknuaS8lHNqXzAqlehLJW3O9bDgQHoQdq0cPfAgoUMLqrghEWj2by/63YcalT7wUSi9FSVE4sJ7OR8mbKMzpYrvBU4ATuUxyY+8ypF0grlggz4jFt8kvxWBiPCpWocRWMdJ6RFTBpzv43q7lb40= X-MS-TrafficTypeDiagnostic: SN1PR12MB0160: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0160; 20:W5yPRzfrGKRu/77eyOl+iPNw1owQ4A3bDDalYgR34WJ47169qry5oRoikffu2RDjGPRMFq3k8RYxz69yVEUQK/1AWmiJLNHamvS3ziGxEUsQmfBJVNt1pr/XXyFOWUzCKu/8Rskwuo2lsI5Vux6gUBHK7Rs/+Hfsv13408qk7+CI4rrBrhJYKdBl3/AH2//PAM42T5/ewhErqG7ue6aSN+G2+jWswL+1uTn/sVO+i1IVUUG/A4bcXnQntixYBNy0W15Slh/OX8J9GNRbyDEG0HVeUDLVK4v1R9SylgQuc1QyOChV3WFp5mD0o/nv3/4VdsPEoaRkzZrl+/OGECodxd5VjShOlE+XBQvKlGCE0i+mFTcd4HlyZZv8ndqTr4/Tf7D/IVvaOdKyzEl9RDnd6pPK8vv+ykoUdJ8SJXMZx4WCHQhiPu+yt8/+hm5pEeW9IeIvOFb2qxjdLx8yZxO/8K7X5g2ZxZwIqVaTDcBkfxV1vOlf6ha27szK+pgl+4n4; 4:rGTjDhrzX+gbUP7N/c9u8zxXDEwFwdrlCtRlt4n8uPMNfQX2FK+PG0zqnOcdwyKSZQITiDsXHVJr123Iu0vYxK01vqzlqu+IcWhzRrx8U2UWLlsx+/qSNnK5oVW5XVyDLTfln++mNUgX/1nwpqJtYFH7n2R4ulBrDqk6y9vPikg93A1K66hKrBleQIAeADev/8bP33Qx0rP7BVpIwYwPakfSfEskAIj1uyCfNCj3XvZPfthbFXGy/ynbkOTpDnEBIBojLuvLyibCigTiMsjA5U3ySbqjucEmgIW2N6AjQ94SNqG6LEi1qpe9DDGRMqR1yS7/xNWSvov4E+bn7at3Zw== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(3002001)(3231020)(93006095)(93001095)(10201501046)(100000703101)(100105400095)(6055026)(6041248)(20161123562025)(20161123564025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:SN1PR12MB0160; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:SN1PR12MB0160; X-Forefront-PRVS: 0466CA5A45 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(376002)(346002)(199003)(189002)(54906003)(1076002)(6666003)(189998001)(68736007)(8676002)(305945005)(50226002)(7736002)(101416001)(76176999)(8936002)(97736004)(25786009)(81166006)(81156014)(16526018)(6486002)(478600001)(48376002)(2906002)(50466002)(4326008)(7416002)(47776003)(66066001)(5660300001)(2950100002)(53936002)(106356001)(3846002)(50986999)(16586007)(53416004)(6116002)(5003940100001)(36756003)(33646002)(86362001)(105586002)(316002); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0160; H:ubuntu-010236106000.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0160; 23:zjhDrS7BUYAhKihVnR9CmXVXjTlscFN2hwuADKa0O?= =?us-ascii?Q?wL3acqZEMNgB0L3q6Cj1T/6nnZs7rDiJMuddoeSl+rdJN2noNeqjcSsng5/6?= =?us-ascii?Q?gQ2lxJzR0KHGCRh7t8aJ7lafdccUeAvaAXED1JBpbpNO8It+6+f3xMTn8hLe?= =?us-ascii?Q?TCPb3iSkqd6Bpf44fjmrBwvjpIQkyNwbVGB6b+EgXeXVANLSwkds1xusMxk7?= =?us-ascii?Q?+M9zKO2URIJ178xJ1lzTeISgwaD3PJO+uYFx28GGzSfwhIYO+tNzhHQ98Vxz?= =?us-ascii?Q?w8BG4z2fn2vLktQRFud4mnqm3ej17rybe2w/i2y+aX407lCsZ2vd0yjqkMJN?= =?us-ascii?Q?Rc9X4IyNiENehhX/fpZ3Svwbzi29rwvSilUZ3meQPa3vWPdvokANl9lJ2fp6?= =?us-ascii?Q?G1A61QqrgKQXKH+WTKicc/BreUIC+ah38NXdGAEXo2zdrMYd0rTs7HwGBZfK?= =?us-ascii?Q?ySuAEni+3FvrSBvU96HBBKfVabgCszb6AUr2HsZGJfrPbGK/KPtBjeqg3E4j?= =?us-ascii?Q?lyqyFggywWgRMTQO1sSYKrG37tBt2XdbK1Lde6+w1IgUvWvdcPLh+yNIGgKW?= =?us-ascii?Q?ttZiLo07Gg+Xqg0z0vH6yYeJEW0eRfFeWjCEs/xH4qV6q6qKZNSzf+mq5vNM?= =?us-ascii?Q?7ulJ69ScEcrWDjRpQWJXxeC/PDr25XMEzmt1jT86mn2EiGjCkeIHdbbn1GyC?= =?us-ascii?Q?007ClT97o7b5l64EeMw3lRo9sk5/2dSsxj9P47rMMaX5jo9/94BzfDTBeqGK?= =?us-ascii?Q?G9XX8pXtJFHxi0H9WpKJrvLhVqqL1IjeLiNDE4lWCdWFlj+e32vseWZ8dnjN?= =?us-ascii?Q?4GrI1qtxVFXxOulOUNb6c3Zb4pCOVTwB5wtVPmXWCpb3/arB7ASzt1UpexB9?= =?us-ascii?Q?trDu8NuuNKIon/SeHdUDi5jC1L3vmFxdjldEa6HedN/4D3VZVmb790wI3rRg?= =?us-ascii?Q?wzWMRgy8PGu+a0BhE0AV0sSCtBGFKlRBVGpkuEVo5TZlJfdTaKDMTKqzupBh?= =?us-ascii?Q?po3Tt24nWqVNDQo43TTq+xmE5bAjB5d71eSHmR9K45MC/s7QFCFWXFY4U3Fr?= =?us-ascii?Q?yTrRzi5EtBMs73VRbeeMcukhR3MlCIQYCZCbJkm0jOAfMR07KP5xE25OTE2U?= =?us-ascii?Q?/fO4d99rrI=3D?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0160; 6:7dQo8osi3vac0Ca9fj3IYjqLcYs373d83Zvj4kqH26y+7sCc5MCgAVp4DxY5nKHOyuuW6Ctvw12JjnZGoU0REg4QgS/hPkOc2GNlEDR0DLTQZ2rt5LwrSIsUvrOMc/x2YKHM8lrWYx/54hcMuTwVlEYOLLzQ6yjgCQtrM8Fc+PXgshm7bXRPCay5a+aVLnEjPZzOeUUY5iU9Znt0m4RHdmqS/yJRuhUyFuPOZq3sHL+bIumPNuWKD7su0dujYZEav8YqKu9As8FAZyQwf4ZhpDzIP/fJuGVGSQL+YEBv+iCh416RstCSIUnZEnnJWZKsHboEAEi+SE56ytkZEZTTBg==; 5:4bj/mdX0+IliKKLgpWlpPgl/oJrn7WJg77j1hpGcy2+cdwXgE3GeXAlsp6FnkzizGYueA7BOIwvXg6QpxhfrA+ByU+rLHK9SPfuYKnpDITGzNPEOObKwLALB2CJWNhL72fKtqWeAhZNzNVUJdmFopQ==; 24:Lj3G//dKQIiiu5qYM5LNURNo0O6C4eBqXmRdVXGVF7bzxWEQ25qgwap5OI86bauMGvDEq/RBpKxZp/DYXOBrRwsJdib9xw6bD+I+xLMF8jk=; 7:rOUoCNqXwlYx2RfUniwOoSxTCwTis9lPy5qZDb9MUjv56eBs67hYDMJ/GoaTWS94LlhsMdqjmhsO+3b1btVGyEhMgAES63msyLWuJDH3QLs08gKJTc2XnLixhNHtLTm+l1oS+pRsHA8qO8+rJPRK4PwiqADtN4wOMthIRERS7qCgEPMxieS0VQqjlhEYJUCEIjLmGD0sEsqUBJ3dF1utgXarg6zSY6k7OeKYAs/AMvw= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0160; 20:p3C5vNsQAjsspfE9nPoaPnIO4vkvohZXjRIDOfSoHUgAjhwq3EhIAtIG/Fr8TLAfgVFLg1eWN8gLRQMoOg2AKE68ZtPnmIV3uiNU6occ8Q3b8zfszIrOxkkQfiuF5Hgw1MrEBGcIk3ARoYPDo+jxOBvX2CBeS2Vx1On9RTRiw5BHaW1RRjjVBMCmZMDfe+AE2z5YJ10mmu9rpY0Vtt5vIqboYkN2yT+ejHEoP/yRkhW9UciVcZ7jSUyfukJ+6EXI X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Oct 2017 14:31:33.5320 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 98fd6b88-9c1e-4d36-b293-08d517c743db X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0160 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP KVM guest defines three per-CPU variables (steal-time, apf_reason, and avic_eio) which are shared between a guest and a hypervisor. When SEV is active, memory is encrypted with a guest-specific key, and if the guest OS wants to share the memory region with the hypervisor then it must clear the C-bit (i.e set decrypted) before sharing it. DEFINE_PER_CPU_DECRYPTED can be used to define the per-CPU variables which will be shared between a guest and a hypervisor. Signed-off-by: Brijesh Singh Acked-by: Tejun Heo Reviewed-by: Borislav Petkov Tested-by: Borislav Petkov Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Borislav Petkov Cc: Arnd Bergmann Cc: Tejun Heo Cc: Christoph Lameter Cc: linux-arch@vger.kernel.org Cc: x86@kernel.org Cc: linux-kernel@vger.kernel.org Cc: Tom Lendacky --- include/asm-generic/vmlinux.lds.h | 19 +++++++++++++++++++ include/linux/percpu-defs.h | 15 +++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 353f52fdc35e..bdcd1caae092 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -779,6 +779,24 @@ #endif /* + * Memory encryption operates on a page basis. Since we need to clear + * the memory encryption mask for this section, it needs to be aligned + * on a page boundary and be a page-size multiple in length. + * + * Note: We use a separate section so that only this section gets + * decrypted to avoid exposing more than we wish. + */ +#ifdef CONFIG_AMD_MEM_ENCRYPT +#define PERCPU_DECRYPTED_SECTION \ + . = ALIGN(PAGE_SIZE); \ + *(.data..percpu..decrypted) \ + . = ALIGN(PAGE_SIZE); +#else +#define PERCPU_DECRYPTED_SECTION +#endif + + +/* * Default discarded sections. * * Some archs want to discard exit text/data at runtime rather than @@ -816,6 +834,7 @@ . = ALIGN(cacheline); \ *(.data..percpu) \ *(.data..percpu..shared_aligned) \ + PERCPU_DECRYPTED_SECTION \ VMLINUX_SYMBOL(__per_cpu_end) = .; /** diff --git a/include/linux/percpu-defs.h b/include/linux/percpu-defs.h index 8f16299ca068..2d2096ba1cfe 100644 --- a/include/linux/percpu-defs.h +++ b/include/linux/percpu-defs.h @@ -173,6 +173,21 @@ DEFINE_PER_CPU_SECTION(type, name, "..read_mostly") /* + * Declaration/definition used for per-CPU variables that should be accessed + * as decrypted when memory encryption is enabled in the guest. + */ +#if defined(CONFIG_VIRTUALIZATION) && defined(CONFIG_AMD_MEM_ENCRYPT) + +#define DECLARE_PER_CPU_DECRYPTED(type, name) \ + DECLARE_PER_CPU_SECTION(type, name, "..decrypted") + +#define DEFINE_PER_CPU_DECRYPTED(type, name) \ + DEFINE_PER_CPU_SECTION(type, name, "..decrypted") +#else +#define DEFINE_PER_CPU_DECRYPTED(type, name) DEFINE_PER_CPU(type, name) +#endif + +/* * Intermodule exports for per-CPU variables. sparse forgets about * address space across EXPORT_SYMBOL(), change EXPORT_SYMBOL() to * noop if __CHECKER__.