| Message ID | 20230612042559.375660-20-michael.roth@amd.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support | expand |
On Sun, Jun 11, 2023 at 11:25:27PM -0500, Michael Roth wrote: > From: Ashish Kalra <ashish.kalra@amd.com> > > Pages are unsafe to be released back to the page-allocator, if they > have been transitioned to firmware/guest state and can't be reclaimed > or transitioned back to hypervisor/shared state. In this case add > them to an internal leaked pages list to ensure that they are not freed > or touched/accessed to cause fatal page faults. > > Signed-off-by: Ashish Kalra <ashish.kalra@amd.com> > [mdr: relocate to arch/x86/coco/sev/host.c] > Signed-off-by: Michael Roth <michael.roth@amd.com> > --- > arch/x86/coco/sev/host.c | 28 ++++++++++++++++++++++++++++ > arch/x86/include/asm/sev-host.h | 3 +++ > 2 files changed, 31 insertions(+) > > diff --git a/arch/x86/coco/sev/host.c b/arch/x86/coco/sev/host.c > index cd3b4c6a25bc..373e91f5a337 100644 > --- a/arch/x86/coco/sev/host.c > +++ b/arch/x86/coco/sev/host.c > @@ -64,6 +64,12 @@ struct rmpentry { > static unsigned long rmptable_start __ro_after_init; > static unsigned long rmptable_end __ro_after_init; > > +/* list of pages which are leaked and cannot be reclaimed */ > +static LIST_HEAD(snp_leaked_pages_list); > +static DEFINE_SPINLOCK(snp_leaked_pages_list_lock); > + > +static atomic_long_t snp_nr_leaked_pages = ATOMIC_LONG_INIT(0); > + > #undef pr_fmt > #define pr_fmt(fmt) "SEV-SNP: " fmt > > @@ -494,3 +500,25 @@ int rmp_make_shared(u64 pfn, enum pg_level level) > return rmpupdate(pfn, &val); > } > EXPORT_SYMBOL_GPL(rmp_make_shared); > + > +void snp_leak_pages(unsigned long pfn, unsigned int npages) > +{ > + struct page *page = pfn_to_page(pfn); > + > + WARN(1, "psc failed, pfn 0x%lx pages %d (marked offline)\n", pfn, npages); > + > + spin_lock(&snp_leaked_pages_list_lock); > + while (npages--) { > + /* > + * Reuse the page's buddy list for chaining into the leaked > + * pages list. This page should not be on a free list currently > + * and is also unsafe to be added to a free list. > + */ > + list_add_tail(&page->buddy_list, &snp_leaked_pages_list); > + sev_dump_rmpentry(pfn); > + pfn++; > + } > + spin_unlock(&snp_leaked_pages_list_lock); > + atomic_long_inc(&snp_nr_leaked_pages); > +} > +EXPORT_SYMBOL_GPL(snp_leak_pages); > diff --git a/arch/x86/include/asm/sev-host.h b/arch/x86/include/asm/sev-host.h > index 753e80d16433..bab3b226777a 100644 > --- a/arch/x86/include/asm/sev-host.h > +++ b/arch/x86/include/asm/sev-host.h > @@ -19,6 +19,8 @@ void sev_dump_rmpentry(u64 pfn); > int psmash(u64 pfn); > int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, int asid, bool immutable); > int rmp_make_shared(u64 pfn, enum pg_level level); > +void snp_leak_pages(unsigned long pfn, unsigned int npages); > + > #else > static inline int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level) { return 0; } > static inline void sev_dump_rmpentry(u64 pfn) {} > @@ -29,6 +31,7 @@ static inline int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, int as > return -ENODEV; > } > static inline int rmp_make_shared(u64 pfn, enum pg_level level) { return -ENODEV; } > +void snp_leak_pages(unsigned long pfn, unsigned int npages) {} This needs to be 'static inline' or the build fails with multiple definition errors. I'm building a guest kernel with CONFIG_KVM_AMD_SEV disabled. Jeremi > #endif > > #endif > -- > 2.25.1 >
diff --git a/arch/x86/coco/sev/host.c b/arch/x86/coco/sev/host.c index cd3b4c6a25bc..373e91f5a337 100644 --- a/arch/x86/coco/sev/host.c +++ b/arch/x86/coco/sev/host.c @@ -64,6 +64,12 @@ struct rmpentry { static unsigned long rmptable_start __ro_after_init; static unsigned long rmptable_end __ro_after_init; +/* list of pages which are leaked and cannot be reclaimed */ +static LIST_HEAD(snp_leaked_pages_list); +static DEFINE_SPINLOCK(snp_leaked_pages_list_lock); + +static atomic_long_t snp_nr_leaked_pages = ATOMIC_LONG_INIT(0); + #undef pr_fmt #define pr_fmt(fmt) "SEV-SNP: " fmt @@ -494,3 +500,25 @@ int rmp_make_shared(u64 pfn, enum pg_level level) return rmpupdate(pfn, &val); } EXPORT_SYMBOL_GPL(rmp_make_shared); + +void snp_leak_pages(unsigned long pfn, unsigned int npages) +{ + struct page *page = pfn_to_page(pfn); + + WARN(1, "psc failed, pfn 0x%lx pages %d (marked offline)\n", pfn, npages); + + spin_lock(&snp_leaked_pages_list_lock); + while (npages--) { + /* + * Reuse the page's buddy list for chaining into the leaked + * pages list. This page should not be on a free list currently + * and is also unsafe to be added to a free list. + */ + list_add_tail(&page->buddy_list, &snp_leaked_pages_list); + sev_dump_rmpentry(pfn); + pfn++; + } + spin_unlock(&snp_leaked_pages_list_lock); + atomic_long_inc(&snp_nr_leaked_pages); +} +EXPORT_SYMBOL_GPL(snp_leak_pages); diff --git a/arch/x86/include/asm/sev-host.h b/arch/x86/include/asm/sev-host.h index 753e80d16433..bab3b226777a 100644 --- a/arch/x86/include/asm/sev-host.h +++ b/arch/x86/include/asm/sev-host.h @@ -19,6 +19,8 @@ void sev_dump_rmpentry(u64 pfn); int psmash(u64 pfn); int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, int asid, bool immutable); int rmp_make_shared(u64 pfn, enum pg_level level); +void snp_leak_pages(unsigned long pfn, unsigned int npages); + #else static inline int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level) { return 0; } static inline void sev_dump_rmpentry(u64 pfn) {} @@ -29,6 +31,7 @@ static inline int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, int as return -ENODEV; } static inline int rmp_make_shared(u64 pfn, enum pg_level level) { return -ENODEV; } +void snp_leak_pages(unsigned long pfn, unsigned int npages) {} #endif #endif