From patchwork Tue Jul 9 10:25:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bharata B Rao X-Patchwork-Id: 11036823 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3C3231395 for ; Tue, 9 Jul 2019 10:26:20 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2B3D928600 for ; Tue, 9 Jul 2019 10:26:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1EE1428715; Tue, 9 Jul 2019 10:26:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5E4F428600 for ; Tue, 9 Jul 2019 10:26:19 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 31B398E004C; Tue, 9 Jul 2019 06:26:15 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 27C278E0032; Tue, 9 Jul 2019 06:26:15 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 11C058E004C; Tue, 9 Jul 2019 06:26:15 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f197.google.com (mail-pf1-f197.google.com [209.85.210.197]) by kanga.kvack.org (Postfix) with ESMTP id C91EB8E0032 for ; Tue, 9 Jul 2019 06:26:14 -0400 (EDT) Received: by mail-pf1-f197.google.com with SMTP id u21so12181075pfn.15 for ; Tue, 09 Jul 2019 03:26:14 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:in-reply-to:references:mime-version :content-transfer-encoding:message-id; bh=z/bk9WuQKKaJFYt9npRuulNrfUhLVKxcBlkbV7H56K8=; b=XxHcF1/nRAvxT68uQGAzBBDB76xPiup+cEth3CquqweFBIYFdd0kjyIo3UBKkKsoO2 +vRnFKjT6muxj3cl6Mo1YEIcuskaCmB3Xi0C9Mf1QoP05pNVj1e1x63Ur1CqfMlB3DIW mp99Y8ZB5AvKjLWaZ3AoL/NYKVatXRqlTp1jjh3K3Jv8m8HMogOwSrq8CVbvq6JJhovU N2Yxx8aVp+Vi6rtXovAy/mu8dSSli246AJYT1Uc0zLVP13SxiBCFy5Da1Th19c7VQqzd qlbcuIBKHo4/gyF5hb+jr/BHO3Dy5lXdfPuQYmRNPGVAgNt23LpAcYqFrWJy7i90sE8G bl9Q== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of bharata@linux.ibm.com designates 148.163.156.1 as permitted sender) smtp.mailfrom=bharata@linux.ibm.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com X-Gm-Message-State: APjAAAVTrx38r8FfwEm/K8puV/1iU3qylkxZpchIZUZWGSR5C7RgZiLT zYwju8RS+TfjvtC6i7s51735wl/xouFgb3Gad12UhJ9lmlugPUu0WK/H600LGLTMuBFONeP4LLJ sH9t+eURVsQ7/6yWbCvXnBULVQiVOtvek0ql0J/wMnWE9wsw6x4a+1kGHe1JFWvFABg== X-Received: by 2002:a17:90a:2767:: with SMTP id o94mr1007383pje.25.1562667974490; Tue, 09 Jul 2019 03:26:14 -0700 (PDT) X-Google-Smtp-Source: APXvYqzxMNqps6HVPweyehz0qQxmLQeLIJxA5watxtR2jpu3+fcg+/IYhUGRQwRqdk18Xg4spd/7 X-Received: by 2002:a17:90a:2767:: with SMTP id o94mr1007314pje.25.1562667973547; Tue, 09 Jul 2019 03:26:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562667973; cv=none; d=google.com; s=arc-20160816; b=Wg5D30pGcEthqCCx1POE6TbJSLd/58oBpdzNH9ke1NaMoBSV3df7U4rHdUqCjqBUbf Ouxv61SQ3J0FnQFJwtxB7QlS8XK3e+aH4hOOIULE2AI1Yg3HZnv7NjdreckW3cB5gOgi HxA6FlRsWOf29niP6pSVXesjCePlVN/VY6lyfvsnIJ5N2GdnaSc8TgBBnxpdjGJICrxA im74pCqoskROtPfHfPW/jIWRC/DZoUsNCj6oXJFEfVhvO6j6STmxJZ2EOcdFY2LOc+4v IGrXKlZlbBPiteLN2+nxuIFbtmzh6rNs0NRXUSdgxbE0pm1FSo/zieZzBY46bXREj7Op c6dQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=message-id:content-transfer-encoding:mime-version:references :in-reply-to:date:subject:cc:to:from; bh=z/bk9WuQKKaJFYt9npRuulNrfUhLVKxcBlkbV7H56K8=; b=01qZJ2GW3xzcsSgXOAe0t7wqBLmui3H2edpughGqluAbX1c+JQicb6ZXASotVdw/u5 5EOzA9ki6jwWJDadtpYM53DI4mMMXVTtH/rIjyzt4y7/5041N2C/8U1gGpOljkby1ReB mt2Qn+QRdfQAhVbz61ip4NccAp2Z+/96oc9pl2D/LZ0Tqpv0Oqefg1ezcXIDVJhwSDst tYEHEI1zKAhaFbJXR6swOlrEO2ngpMuNYctZ0gtXDU4sxc8MVoF+N8Miaw9c4yfLeVN9 iRNpTrvRYGAfZxWpCWOvshuQycLRTokq9QV/XP/RH8dS9ha+GJBQc+ynUfydhGm0uld8 oUeg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of bharata@linux.ibm.com designates 148.163.156.1 as permitted sender) smtp.mailfrom=bharata@linux.ibm.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com. [148.163.156.1]) by mx.google.com with ESMTPS id g11si21889210plm.390.2019.07.09.03.26.13 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 Jul 2019 03:26:13 -0700 (PDT) Received-SPF: pass (google.com: domain of bharata@linux.ibm.com designates 148.163.156.1 as permitted sender) client-ip=148.163.156.1; Authentication-Results: mx.google.com; spf=pass (google.com: domain of bharata@linux.ibm.com designates 148.163.156.1 as permitted sender) smtp.mailfrom=bharata@linux.ibm.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x69AMYvO142716 for ; Tue, 9 Jul 2019 06:26:13 -0400 Received: from e06smtp02.uk.ibm.com (e06smtp02.uk.ibm.com [195.75.94.98]) by mx0a-001b2d01.pphosted.com with ESMTP id 2tmrd6t364-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 09 Jul 2019 06:26:12 -0400 Received: from localhost by e06smtp02.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 9 Jul 2019 11:26:10 +0100 Received: from b06avi18626390.portsmouth.uk.ibm.com (9.149.26.192) by e06smtp02.uk.ibm.com (192.168.101.132) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 9 Jul 2019 11:26:08 +0100 Received: from d06av26.portsmouth.uk.ibm.com (d06av26.portsmouth.uk.ibm.com [9.149.105.62]) by b06avi18626390.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x69APsmO36176274 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 9 Jul 2019 10:25:54 GMT Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6FE6FAE04D; Tue, 9 Jul 2019 10:26:06 +0000 (GMT) Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9D9C4AE051; Tue, 9 Jul 2019 10:26:04 +0000 (GMT) Received: from bharata.ibmuc.com (unknown [9.85.81.51]) by d06av26.portsmouth.uk.ibm.com (Postfix) with ESMTP; Tue, 9 Jul 2019 10:26:04 +0000 (GMT) From: Bharata B Rao To: linuxppc-dev@lists.ozlabs.org Cc: kvm-ppc@vger.kernel.org, linux-mm@kvack.org, paulus@au1.ibm.com, aneesh.kumar@linux.vnet.ibm.com, jglisse@redhat.com, linuxram@us.ibm.com, sukadev@linux.vnet.ibm.com, cclaudio@linux.ibm.com, Bharata B Rao Subject: [RFC PATCH v5 5/7] kvmppc: Radix changes for secure guest Date: Tue, 9 Jul 2019 15:55:43 +0530 X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190709102545.9187-1-bharata@linux.ibm.com> References: <20190709102545.9187-1-bharata@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 19070910-0008-0000-0000-000002FB3B6D X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19070910-0009-0000-0000-000022689B4A Message-Id: <20190709102545.9187-6-bharata@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-07-09_04:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907090127 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP - After the guest becomes secure, when we handle a page fault of a page belonging to SVM in HV, send that page to UV via UV_PAGE_IN. - Whenever a page is unmapped on the HV side, inform UV via UV_PAGE_INVAL. - Ensure all those routines that walk the secondary page tables of the guest don't do so in case of secure VM. For secure guest, the active secondary page tables are in secure memory and the secondary page tables in HV are freed when guest becomes secure. Signed-off-by: Bharata B Rao --- arch/powerpc/include/asm/kvm_host.h | 12 ++++++++++++ arch/powerpc/include/asm/ultravisor-api.h | 1 + arch/powerpc/include/asm/ultravisor.h | 7 +++++++ arch/powerpc/kvm/book3s_64_mmu_radix.c | 22 ++++++++++++++++++++++ arch/powerpc/kvm/book3s_hv_hmm.c | 20 ++++++++++++++++++++ 5 files changed, 62 insertions(+) diff --git a/arch/powerpc/include/asm/kvm_host.h b/arch/powerpc/include/asm/kvm_host.h index 0c49c3401c63..dcbf7480cb10 100644 --- a/arch/powerpc/include/asm/kvm_host.h +++ b/arch/powerpc/include/asm/kvm_host.h @@ -865,6 +865,8 @@ static inline void kvm_arch_vcpu_block_finish(struct kvm_vcpu *vcpu) {} #ifdef CONFIG_PPC_UV extern int kvmppc_hmm_init(void); extern void kvmppc_hmm_free(void); +extern bool kvmppc_is_guest_secure(struct kvm *kvm); +extern int kvmppc_send_page_to_uv(struct kvm *kvm, unsigned long gpa); #else static inline int kvmppc_hmm_init(void) { @@ -872,6 +874,16 @@ static inline int kvmppc_hmm_init(void) } static inline void kvmppc_hmm_free(void) {} + +static inline bool kvmppc_is_guest_secure(struct kvm *kvm) +{ + return false; +} + +static inline int kvmppc_send_page_to_uv(struct kvm *kvm, unsigned long gpa) +{ + return -EFAULT; +} #endif /* CONFIG_PPC_UV */ #endif /* __POWERPC_KVM_HOST_H__ */ diff --git a/arch/powerpc/include/asm/ultravisor-api.h b/arch/powerpc/include/asm/ultravisor-api.h index d6d6eb2e6e6b..9f5510b55892 100644 --- a/arch/powerpc/include/asm/ultravisor-api.h +++ b/arch/powerpc/include/asm/ultravisor-api.h @@ -24,5 +24,6 @@ #define UV_UNREGISTER_MEM_SLOT 0xF124 #define UV_PAGE_IN 0xF128 #define UV_PAGE_OUT 0xF12C +#define UV_PAGE_INVAL 0xF138 #endif /* _ASM_POWERPC_ULTRAVISOR_API_H */ diff --git a/arch/powerpc/include/asm/ultravisor.h b/arch/powerpc/include/asm/ultravisor.h index fe45be9ee63b..f4f674794b35 100644 --- a/arch/powerpc/include/asm/ultravisor.h +++ b/arch/powerpc/include/asm/ultravisor.h @@ -77,6 +77,13 @@ static inline int uv_unregister_mem_slot(u64 lpid, u64 slotid) return ucall(UV_UNREGISTER_MEM_SLOT, retbuf, lpid, slotid); } + +static inline int uv_page_inval(u64 lpid, u64 gpa, u64 page_shift) +{ + unsigned long retbuf[UCALL_BUFSIZE]; + + return ucall(UV_PAGE_INVAL, retbuf, lpid, gpa, page_shift); +} #endif /* !__ASSEMBLY__ */ #endif /* _ASM_POWERPC_ULTRAVISOR_H */ diff --git a/arch/powerpc/kvm/book3s_64_mmu_radix.c b/arch/powerpc/kvm/book3s_64_mmu_radix.c index f55ef071883f..c454600c454f 100644 --- a/arch/powerpc/kvm/book3s_64_mmu_radix.c +++ b/arch/powerpc/kvm/book3s_64_mmu_radix.c @@ -21,6 +21,8 @@ #include #include #include +#include +#include /* * Supported radix tree geometry. @@ -923,6 +925,9 @@ int kvmppc_book3s_radix_page_fault(struct kvm_run *run, struct kvm_vcpu *vcpu, if (!(dsisr & DSISR_PRTABLE_FAULT)) gpa |= ea & 0xfff; + if (kvmppc_is_guest_secure(kvm)) + return kvmppc_send_page_to_uv(kvm, gpa & PAGE_MASK); + /* Get the corresponding memslot */ memslot = gfn_to_memslot(kvm, gfn); @@ -980,6 +985,11 @@ int kvm_unmap_radix(struct kvm *kvm, struct kvm_memory_slot *memslot, unsigned long gpa = gfn << PAGE_SHIFT; unsigned int shift; + if (kvmppc_is_guest_secure(kvm)) { + uv_page_inval(kvm->arch.lpid, gpa, PAGE_SIZE); + return 0; + } + ptep = __find_linux_pte(kvm->arch.pgtable, gpa, NULL, &shift); if (ptep && pte_present(*ptep)) kvmppc_unmap_pte(kvm, ptep, gpa, shift, memslot, @@ -997,6 +1007,9 @@ int kvm_age_radix(struct kvm *kvm, struct kvm_memory_slot *memslot, int ref = 0; unsigned long old, *rmapp; + if (kvmppc_is_guest_secure(kvm)) + return ref; + ptep = __find_linux_pte(kvm->arch.pgtable, gpa, NULL, &shift); if (ptep && pte_present(*ptep) && pte_young(*ptep)) { old = kvmppc_radix_update_pte(kvm, ptep, _PAGE_ACCESSED, 0, @@ -1021,6 +1034,9 @@ int kvm_test_age_radix(struct kvm *kvm, struct kvm_memory_slot *memslot, unsigned int shift; int ref = 0; + if (kvmppc_is_guest_secure(kvm)) + return ref; + ptep = __find_linux_pte(kvm->arch.pgtable, gpa, NULL, &shift); if (ptep && pte_present(*ptep) && pte_young(*ptep)) ref = 1; @@ -1038,6 +1054,9 @@ static int kvm_radix_test_clear_dirty(struct kvm *kvm, int ret = 0; unsigned long old, *rmapp; + if (kvmppc_is_guest_secure(kvm)) + return ret; + ptep = __find_linux_pte(kvm->arch.pgtable, gpa, NULL, &shift); if (ptep && pte_present(*ptep) && pte_dirty(*ptep)) { ret = 1; @@ -1090,6 +1109,9 @@ void kvmppc_radix_flush_memslot(struct kvm *kvm, unsigned long gpa; unsigned int shift; + if (kvmppc_is_guest_secure(kvm)) + return; + gpa = memslot->base_gfn << PAGE_SHIFT; spin_lock(&kvm->mmu_lock); for (n = memslot->npages; n; --n) { diff --git a/arch/powerpc/kvm/book3s_hv_hmm.c b/arch/powerpc/kvm/book3s_hv_hmm.c index 55bab9c4e60a..9e6c88de456f 100644 --- a/arch/powerpc/kvm/book3s_hv_hmm.c +++ b/arch/powerpc/kvm/book3s_hv_hmm.c @@ -62,6 +62,11 @@ struct kvmppc_hmm_migrate_args { unsigned long page_shift; }; +bool kvmppc_is_guest_secure(struct kvm *kvm) +{ + return !!(kvm->arch.secure_guest & KVMPPC_SECURE_INIT_DONE); +} + unsigned long kvmppc_h_svm_init_start(struct kvm *kvm) { struct kvm_memslots *slots; @@ -494,6 +499,21 @@ kvmppc_h_svm_page_out(struct kvm *kvm, unsigned long gpa, return ret; } +int kvmppc_send_page_to_uv(struct kvm *kvm, unsigned long gpa) +{ + unsigned long pfn; + int ret; + + pfn = gfn_to_pfn(kvm, gpa >> PAGE_SHIFT); + if (is_error_noslot_pfn(pfn)) + return -EFAULT; + + ret = uv_page_in(kvm->arch.lpid, pfn << PAGE_SHIFT, gpa, 0, PAGE_SHIFT); + kvm_release_pfn_clean(pfn); + + return (ret == U_SUCCESS) ? RESUME_GUEST : -EFAULT; +} + static u64 kvmppc_get_secmem_size(void) { struct device_node *np;