Message ID | 20210820155918.7518-7-brijesh.singh@amd.com (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support | expand |
On Fri, Aug 20, 2021 at 10:58:39AM -0500, Brijesh Singh wrote: > Subject: Re: [PATCH Part2 v5 06/45] x86/sev: Invalid pages from direct map when adding it to RMP table That subject needs to have a verb. I think that verb should be "Invalidate". > The integrity guarantee of SEV-SNP is enforced through the RMP table. > The RMP is used with standard x86 and IOMMU page tables to enforce memory > restrictions and page access rights. The RMP check is enforced as soon as > SEV-SNP is enabled globally in the system. When hardware encounters an > RMP checks failure, it raises a page-fault exception. > > The rmp_make_private() and rmp_make_shared() helpers are used to add > or remove the pages from the RMP table. > Improve the rmp_make_private() to > invalid state so that pages cannot be used in the direct-map after its > added in the RMP table, and restore to its default valid permission after > the pages are removed from the RMP table. That sentence needs rewriting into proper english. The more important thing is, though, this doesn't talk about *why* you're doing this: you want to remove pages from the direct map when they're in the RMP table because something might modify the page and then the RMP check will fail? Also, set_direct_map_invalid_noflush() simply clears the Present and RW bit of a pte. So what's up? > Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> > --- > arch/x86/kernel/sev.c | 61 ++++++++++++++++++++++++++++++++++++++++++- > 1 file changed, 60 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c > index 8627c49666c9..bad41deb8335 100644 > --- a/arch/x86/kernel/sev.c > +++ b/arch/x86/kernel/sev.c > @@ -2441,10 +2441,42 @@ int psmash(u64 pfn) > } > EXPORT_SYMBOL_GPL(psmash); > > +static int restore_direct_map(u64 pfn, int npages) restore_pages_in_direct_map() > +{ > + int i, ret = 0; > + > + for (i = 0; i < npages; i++) { > + ret = set_direct_map_default_noflush(pfn_to_page(pfn + i)); > + if (ret) > + goto cleanup; > + } So this is looping over a set of virtually contiguous pages, I presume, and if so, you should add a function called set_memory_p_rw() to arch/x86/mm/pat/set_memory.c which does return change_page_attr_set(&addr, numpages, __pgprot(_PAGE_PRESENT | _PAGE_RW), 0); so that you can do all pages in one go. > + > +cleanup: > + WARN(ret > 0, "Failed to restore direct map for pfn 0x%llx\n", pfn + i); > + return ret; > +} > + > +static int invalid_direct_map(unsigned long pfn, int npages) invalidate_pages_in_direct_map() or so. > +{ > + int i, ret = 0; > + > + for (i = 0; i < npages; i++) { > + ret = set_direct_map_invalid_noflush(pfn_to_page(pfn + i)); Same as above but that helper should do the reverse: set_memory_np_ro() { return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_PRESENT | _PAGE_RW), 0); } Btw, please add those helpers in a separate patch. Thx.
Hi Boris, On 9/29/21 9:34 AM, Borislav Petkov wrote: ... >> Improve the rmp_make_private() to >> invalid state so that pages cannot be used in the direct-map after its >> added in the RMP table, and restore to its default valid permission after >> the pages are removed from the RMP table. > That sentence needs rewriting into proper english. > > The more important thing is, though, this doesn't talk about *why* > you're doing this: you want to remove pages from the direct map when > they're in the RMP table because something might modify the page and > then the RMP check will fail? I'll work to improve the commit description. > Also, set_direct_map_invalid_noflush() simply clears the Present and RW > bit of a pte. > > So what's up? The set_direct_map_invalid_noflush() does two steps 1) Split the host page table (if needed) 2) Clear the present and RW bit from pte In previous patches I was using the set_memory_4k() to split the direct map before adding the pages in the RMP table. Based on Sean's review comment [1], I switched to using set_direct_map_invalid_noflush() so that page is not just split but also removed from the direct map. The thought process is if in the futureĀ set_direct_map_default_noflush() is improved to restore the large mapping then it will all work transparently. [1] https://lore.kernel.org/lkml/YO9kP1v0TAFXISHD@google.com/#t >> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> >> --- >> arch/x86/kernel/sev.c | 61 ++++++++++++++++++++++++++++++++++++++++++- >> 1 file changed, 60 insertions(+), 1 deletion(-) >> >> diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c >> index 8627c49666c9..bad41deb8335 100644 >> --- a/arch/x86/kernel/sev.c >> +++ b/arch/x86/kernel/sev.c >> @@ -2441,10 +2441,42 @@ int psmash(u64 pfn) >> } >> EXPORT_SYMBOL_GPL(psmash); >> >> +static int restore_direct_map(u64 pfn, int npages) > restore_pages_in_direct_map() > >> +{ >> + int i, ret = 0; >> + >> + for (i = 0; i < npages; i++) { >> + ret = set_direct_map_default_noflush(pfn_to_page(pfn + i)); >> + if (ret) >> + goto cleanup; >> + } > So this is looping over a set of virtually contiguous pages, I presume, > and if so, you should add a function called > > set_memory_p_rw() > > to arch/x86/mm/pat/set_memory.c which does > > return change_page_attr_set(&addr, numpages, __pgprot(_PAGE_PRESENT | _PAGE_RW), 0); > > so that you can do all pages in one go. I will look into it. thanks
On Thu, Sep 30, 2021 at 09:19:52AM -0700, Brijesh Singh wrote: > . The thought process is if in the futureĀ > set_direct_map_default_noflush() is improved to restore the large > mapping then it will all work transparently. That's only scratching the surface of the *why* this is done so please explain why this dance is being done in a comment above the code so that it is clear. It is not really obvious why that hiding from the direct map is being done. Good reason from that memfd_secret mail are: "* Prevent cross-process secret userspace memory exposures. Once the secret memory is allocated, the user can't accidentally pass it into the kernel to be transmitted somewhere. The secreremem pages cannot be accessed via the direct map and they are disallowed in GUP." and in general hiding RMP pages from the direct map is a nice additional protection. Thx.
diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index 8627c49666c9..bad41deb8335 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -2441,10 +2441,42 @@ int psmash(u64 pfn) } EXPORT_SYMBOL_GPL(psmash); +static int restore_direct_map(u64 pfn, int npages) +{ + int i, ret = 0; + + for (i = 0; i < npages; i++) { + ret = set_direct_map_default_noflush(pfn_to_page(pfn + i)); + if (ret) + goto cleanup; + } + +cleanup: + WARN(ret > 0, "Failed to restore direct map for pfn 0x%llx\n", pfn + i); + return ret; +} + +static int invalid_direct_map(unsigned long pfn, int npages) +{ + int i, ret = 0; + + for (i = 0; i < npages; i++) { + ret = set_direct_map_invalid_noflush(pfn_to_page(pfn + i)); + if (ret) + goto cleanup; + } + + return 0; + +cleanup: + restore_direct_map(pfn, i); + return ret; +} + static int rmpupdate(u64 pfn, struct rmpupdate *val) { unsigned long paddr = pfn << PAGE_SHIFT; - int ret; + int ret, level, npages; if (!pfn_valid(pfn)) return -EINVAL; @@ -2452,11 +2484,38 @@ static int rmpupdate(u64 pfn, struct rmpupdate *val) if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) return -ENXIO; + level = RMP_TO_X86_PG_LEVEL(val->pagesize); + npages = page_level_size(level) / PAGE_SIZE; + + /* + * If page is getting assigned in the RMP table then unmap it from the + * direct map. + */ + if (val->assigned) { + if (invalid_direct_map(pfn, npages)) { + pr_err("Failed to unmap pfn 0x%llx pages %d from direct_map\n", + pfn, npages); + return -EFAULT; + } + } + /* Binutils version 2.36 supports the RMPUPDATE mnemonic. */ asm volatile(".byte 0xF2, 0x0F, 0x01, 0xFE" : "=a"(ret) : "a"(paddr), "c"((unsigned long)val) : "memory", "cc"); + + /* + * Restore the direct map after the page is removed from the RMP table. + */ + if (!ret && !val->assigned) { + if (restore_direct_map(pfn, npages)) { + pr_err("Failed to map pfn 0x%llx pages %d in direct_map\n", + pfn, npages); + return -EFAULT; + } + } + return ret; }
The integrity guarantee of SEV-SNP is enforced through the RMP table. The RMP is used with standard x86 and IOMMU page tables to enforce memory restrictions and page access rights. The RMP check is enforced as soon as SEV-SNP is enabled globally in the system. When hardware encounters an RMP checks failure, it raises a page-fault exception. The rmp_make_private() and rmp_make_shared() helpers are used to add or remove the pages from the RMP table. Improve the rmp_make_private() to invalid state so that pages cannot be used in the direct-map after its added in the RMP table, and restore to its default valid permission after the pages are removed from the RMP table. Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> --- arch/x86/kernel/sev.c | 61 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 60 insertions(+), 1 deletion(-)