[v8,08/16] x86/mm: Add generic guest initialization hook

Message ID	20240215113128.275608-9-nikunj@amd.com (mailing list archive)
State	New, archived
Headers	show Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2072.outbound.protection.outlook.com [40.107.95.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5B5FA12E1F8; Thu, 15 Feb 2024 11:32:33 +0000 (UTC) Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C From: Nikunj A Dadhania <nikunj@amd.com> To: <linux-kernel@vger.kernel.org>, <thomas.lendacky@amd.com>, <bp@alien8.de>, <x86@kernel.org>, <kvm@vger.kernel.org> CC: <mingo@redhat.com>, <tglx@linutronix.de>, <dave.hansen@linux.intel.com>, <pgonda@google.com>, <seanjc@google.com>, <pbonzini@redhat.com>, <nikunj@amd.com> Subject: [PATCH v8 08/16] x86/mm: Add generic guest initialization hook Date: Thu, 15 Feb 2024 17:01:20 +0530 Message-ID: <20240215113128.275608-9-nikunj@amd.com> In-Reply-To: <20240215113128.275608-1-nikunj@amd.com> References: <20240215113128.275608-1-nikunj@amd.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	Add Secure TSC support for SNP guests \| expand [v8,00/16] Add Secure TSC support for SNP guests [v8,01/16] virt: sev-guest: Use AES GCM crypto library [v8,02/16] virt: sev-guest: Replace dev_dbg with pr_debug [v8,03/16] virt: sev-guest: Add SNP guest request structure [v8,04/16] virt: sev-guest: Add vmpck_id to snp_guest_dev struct [v8,05/16] x86/sev: Cache the secrets page address [v8,06/16] virt: sev-guest: Move SNP Guest command mutex [v8,07/16] x86/sev: Move and reorganize sev guest request api [v8,08/16] x86/mm: Add generic guest initialization hook [v8,09/16] x86/cpufeatures: Add synthetic Secure TSC bit [v8,10/16] x86/sev: Add Secure TSC support for SNP guests [v8,11/16] x86/sev: Change TSC MSR behavior for Secure TSC enabled guests [v8,12/16] x86/sev: Prevent RDTSC/RDTSCP interception for Secure TSC enabled guests [v8,13/16] x86/kvmclock: Skip kvmclock when Secure TSC is available [v8,14/16] x86/sev: Mark Secure TSC as reliable [v8,15/16] x86/cpu/amd: Do not print FW_BUG for Secure TSC [v8,16/16] x86/sev: Enable Secure TSC for SNP guests

Message ID

20240215113128.275608-9-nikunj@amd.com (mailing list archive)

State

New, archived

Headers

Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
From: Nikunj A Dadhania <nikunj@amd.com>
To: <linux-kernel@vger.kernel.org>, <thomas.lendacky@amd.com>, <bp@alien8.de>,
	<x86@kernel.org>, <kvm@vger.kernel.org>
CC: <mingo@redhat.com>, <tglx@linutronix.de>, <dave.hansen@linux.intel.com>,
	<pgonda@google.com>, <seanjc@google.com>, <pbonzini@redhat.com>,
	<nikunj@amd.com>
Subject: [PATCH v8 08/16] x86/mm: Add generic guest initialization hook
Date: Thu, 15 Feb 2024 17:01:20 +0530
Message-ID: <20240215113128.275608-9-nikunj@amd.com>
In-Reply-To: <20240215113128.275608-1-nikunj@amd.com>
References: <20240215113128.275608-1-nikunj@amd.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Feb 2024 11:32:29.7181
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 b1cbac2b-f8b2-4e83-e244-08dc2e19cb30
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	SN1PEPF0002BA52.namprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4269

Series

Add Secure TSC support for SNP guests | expand

Commit Message

Nikunj A. Dadhania Feb. 15, 2024, 11:31 a.m. UTC

Add generic enc_init guest hook for performing any type of initialization
that is vendor specific. Generic enc_init hook can be used for early guest
feature initialization before secondary processors are up.

Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
Tested-by: Peter Gonda <pgonda@google.com>
---
 arch/x86/include/asm/x86_init.h | 2 ++
 arch/x86/kernel/x86_init.c      | 2 ++
 arch/x86/mm/mem_encrypt.c       | 2 ++
 3 files changed, 6 insertions(+)

Comments

Borislav Petkov April 22, 2024, 1:20 p.m. UTC | #1

On Thu, Feb 15, 2024 at 05:01:20PM +0530, Nikunj A Dadhania wrote:
> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
> index d035bce3a2b0..68aa06852466 100644
> --- a/arch/x86/mm/mem_encrypt.c
> +++ b/arch/x86/mm/mem_encrypt.c
> @@ -89,6 +89,8 @@ void __init mem_encrypt_init(void)
>  	/* Call into SWIOTLB to update the SWIOTLB DMA buffers */
>  	swiotlb_update_mem_attributes();
>  
> +	x86_platform.guest.enc_init();
> +
>  	print_mem_encrypt_feature_info();

Why all this hoopla if all you need is to call it once in mem_encrypt.c?

IOW, you can simply call snp_secure_tsc_prepare() there, no?

Those function pointers are to be used in generic code in order to hide
all the platform-specific hackery but mem_encrypt.c is not really
generic code, I'd say...

Nikunj A. Dadhania April 23, 2024, 4:34 a.m. UTC | #2

On 4/22/2024 6:50 PM, Borislav Petkov wrote:
> On Thu, Feb 15, 2024 at 05:01:20PM +0530, Nikunj A Dadhania wrote:
>> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
>> index d035bce3a2b0..68aa06852466 100644
>> --- a/arch/x86/mm/mem_encrypt.c
>> +++ b/arch/x86/mm/mem_encrypt.c
>> @@ -89,6 +89,8 @@ void __init mem_encrypt_init(void)
>>  	/* Call into SWIOTLB to update the SWIOTLB DMA buffers */
>>  	swiotlb_update_mem_attributes();
>>  
>> +	x86_platform.guest.enc_init();
>> +
>>  	print_mem_encrypt_feature_info();
> 
> Why all this hoopla if all you need is to call it once in mem_encrypt.c?

This was added thinking in mind that any SNP/TDX init can happen in this hook.

> IOW, you can simply call snp_secure_tsc_prepare() there, no?

Yes, that is very simple, will drop this change.

> Those function pointers are to be used in generic code in order to hide
> all the platform-specific hackery but mem_encrypt.c is not really
> generic code, I'd say...
> 

Sure.

Regards
Nikunj

diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h
index c878616a18b8..8095553e14a7 100644
--- a/arch/x86/include/asm/x86_init.h
+++ b/arch/x86/include/asm/x86_init.h
@@ -148,12 +148,14 @@  struct x86_init_acpi {
  * @enc_status_change_finish	Notify HV after the encryption status of a range is changed
  * @enc_tlb_flush_required	Returns true if a TLB flush is needed before changing page encryption status
  * @enc_cache_flush_required	Returns true if a cache flush is needed before changing page encryption status
+ * @enc_init			Prepare and initialize encryption features
  */
 struct x86_guest {
 	bool (*enc_status_change_prepare)(unsigned long vaddr, int npages, bool enc);
 	bool (*enc_status_change_finish)(unsigned long vaddr, int npages, bool enc);
 	bool (*enc_tlb_flush_required)(bool enc);
 	bool (*enc_cache_flush_required)(void);
+	void (*enc_init)(void);
 };
 
 /**
diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c
index a37ebd3b4773..a07985a96ca5 100644
--- a/arch/x86/kernel/x86_init.c
+++ b/arch/x86/kernel/x86_init.c
@@ -136,6 +136,7 @@  static bool enc_status_change_finish_noop(unsigned long vaddr, int npages, bool
 static bool enc_tlb_flush_required_noop(bool enc) { return false; }
 static bool enc_cache_flush_required_noop(void) { return false; }
 static bool is_private_mmio_noop(u64 addr) {return false; }
+static void enc_init_noop(void) { }
 
 struct x86_platform_ops x86_platform __ro_after_init = {
 	.calibrate_cpu			= native_calibrate_cpu_early,
@@ -158,6 +159,7 @@  struct x86_platform_ops x86_platform __ro_after_init = {
 		.enc_status_change_finish  = enc_status_change_finish_noop,
 		.enc_tlb_flush_required	   = enc_tlb_flush_required_noop,
 		.enc_cache_flush_required  = enc_cache_flush_required_noop,
+		.enc_init		   = enc_init_noop,
 	},
 };
 
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index d035bce3a2b0..68aa06852466 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -89,6 +89,8 @@  void __init mem_encrypt_init(void)
 	/* Call into SWIOTLB to update the SWIOTLB DMA buffers */
 	swiotlb_update_mem_attributes();
 
+	x86_platform.guest.enc_init();
+
 	print_mem_encrypt_feature_info();
 }

[v8,08/16] x86/mm: Add generic guest initialization hook

Commit Message

Comments

Patch