From patchwork Mon Feb 20 18:38:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13146860 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6FCA8C27C7C for ; Mon, 20 Feb 2023 18:45:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0EF476B0073; Mon, 20 Feb 2023 13:45:45 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 0A0166B0074; Mon, 20 Feb 2023 13:45:45 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E82D16B0075; Mon, 20 Feb 2023 13:45:44 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id D6AF26B0073 for ; Mon, 20 Feb 2023 13:45:44 -0500 (EST) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 700A2A0339 for ; Mon, 20 Feb 2023 18:45:44 +0000 (UTC) X-FDA: 80488549008.08.BDF95BA Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2077.outbound.protection.outlook.com [40.107.92.77]) by imf19.hostedemail.com (Postfix) with ESMTP id 6B43C1A000A for ; Mon, 20 Feb 2023 18:45:41 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=iTRJU2R8; arc=pass ("microsoft.com:s=arcselector9901:i=1"); spf=pass (imf19.hostedemail.com: domain of Michael.Roth@amd.com designates 40.107.92.77 as permitted sender) smtp.mailfrom=Michael.Roth@amd.com; dmarc=pass (policy=quarantine) header.from=amd.com ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1676918741; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=YbUe5MPV5IcipfQc+HmmLC3mcPpmVfsdPBM6AWSlV6s=; b=ohUOwOdBWc27allH1Y74wjB9F2qhLzRP7klhCIvx8xNBgLX8LQf7zMwZirENsKpGgf+Hsn +dRKbO6Ys4G8/OnH4KqdXU51ONX1tSmKnHyrNShWB2+2F1i3c5OiD3jzqdmvkr0bhoMeL7 nwgSOej0NGshrPqBmmOlEm8iC0F2qYM= ARC-Authentication-Results: i=2; imf19.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=iTRJU2R8; arc=pass ("microsoft.com:s=arcselector9901:i=1"); spf=pass (imf19.hostedemail.com: domain of Michael.Roth@amd.com designates 40.107.92.77 as permitted sender) smtp.mailfrom=Michael.Roth@amd.com; dmarc=pass (policy=quarantine) header.from=amd.com ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1676918741; a=rsa-sha256; cv=pass; b=YK3Hb6MwkQ8Csy6YWUq8vEOAtucyL/d0NLBIR/G32Mhd8pWaD1cXoDYo7KbsR6LgUb8hHn JiviGsw+NNy01cHjrs1Evz8nnRmAe5EGw4exkbd9sCXVKq+7M3Qkr3d6SeDuEQtjFGp14C Tkw7LFzPycQP6Hvz/Toc0WZ5m91Lr/c= ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M1L6SGKpp9ocXlZdXp0N3Us/tZIlA6KIrYrwWnF92htZIqOJZF4vtspXPSMe1EauxRmKP1BW0SUVDmZ0+WPd55iH4u7yiibHzTK1blVPioMqON0OdL6LXMVRwpuc4ATknu/tEg1Z+IRKzRtjboq3UzuX+hG4YQ8o44gb4uiPTkptzy4zSkvBz+gmOIbtw+gi6r50Xaf6N50CTruN30O5JHLHGstsfsA8dwpqVqdXLS4rbQDdobMPN0N0HCL+7m5kw18JeBPijm3rgcWyYlwt2iMMXXXYMv9d+jxrgBBoiS8jmTUrNET8xU4/XAae2YmTJ29KaFWPywVNjhc6y5saAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YbUe5MPV5IcipfQc+HmmLC3mcPpmVfsdPBM6AWSlV6s=; b=IRSDhQPsurvL+0oEmU1QqbLhgeyOe4GmR25ISNi4U/HrFYxBOwhepntf8MBTzKiHDjL4L+eBHcJlaefI578i+8Np4Lmq4re6I6v9HbevQEz6crOY6/2eM9S18SCsOmuQV3O/ootKrCV8qoG81cOUL0mZoKcPImkuLa3FN/8d3ZHGHh2fQypEnPDtaqkALf4KDiRbcZvAGVvYmKWvKBaOGCDdbT6fmE8Zxy5bqHoZYLNs8hZMGeXKgQWg30zzpEEzGtkDor+GU8sWBgpTsbSFP1x8v/qVcE0ZW+BlbY/eIZl9pZMG3EtAr2OOVVFXDUcSZ5O0vIWtfEhagyN+cbPV0Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YbUe5MPV5IcipfQc+HmmLC3mcPpmVfsdPBM6AWSlV6s=; b=iTRJU2R8wg/ieKSHtq75FVVJyby9r3WrsNP2qRqVGZdCQ0ReWqFvt0KTdUUYA43EuQp5JdqTnHSRZsaxQE6MPW0TED4mfR1AgirJgPVodz4W/JLJuguMs7AawD9g/VodkUWU4inkI4v1cW88to9uDZMKYdd1TanGWKfyE0KoxVU= Received: from CY8PR19CA0002.namprd19.prod.outlook.com (2603:10b6:930:44::11) by IA0PR12MB8277.namprd12.prod.outlook.com (2603:10b6:208:3de::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6111.20; Mon, 20 Feb 2023 18:45:39 +0000 Received: from CY4PEPF0000C96A.namprd02.prod.outlook.com (2603:10b6:930:44:cafe::43) by CY8PR19CA0002.outlook.office365.com (2603:10b6:930:44::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6111.20 via Frontend Transport; Mon, 20 Feb 2023 18:45:38 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000C96A.mail.protection.outlook.com (10.167.241.74) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6134.14 via Frontend Transport; Mon, 20 Feb 2023 18:45:38 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Mon, 20 Feb 2023 12:45:37 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh Subject: [PATCH RFC v8 15/56] x86/sev: Invalidate pages from the direct map when adding them to the RMP table Date: Mon, 20 Feb 2023 12:38:06 -0600 Message-ID: <20230220183847.59159-16-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230220183847.59159-1-michael.roth@amd.com> References: <20230220183847.59159-1-michael.roth@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000C96A:EE_|IA0PR12MB8277:EE_ X-MS-Office365-Filtering-Correlation-Id: 4fb6eb3b-8dec-40c1-12d5-08db1372a920 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: jvQ48W5gzOiaKIfldMU6eOipFaHDQEN93lXnmKlUHh2g+hjw59RYzpTOl6yfxSpM658lv8Ak+1WPE1wxnjpLbn28GPc7vS5XhlrbbGWs7N2R13OXOVmMIpCSSE/myAqZHlLpRMYLDUFPumysJQN8JwMfyoyyE7yFd7OxdrOsQ0WZUz+jz2KFluvVSib8PyCmd8JdBmxK0VrOmQGCtF2xcxg++jcWuEKLOuZgNTCvqEvORV9HFc0ocAjmUjFn0I9ydZhW59kUf+khoIyv2+wWuo95cBcxSO6QVb1zveo/1jjWBLbIVfMCSPgJ8IZcH4WKzqZmYU8chcKbbcwbWG6DrpA+XDvUTxqR8VFjBILp14HveGQCa9JmcGJLkbY/NY7APZJzJphNZKTbqtixelV4MXK+EPb43mdnMuQCtWfPX5F0aqTx72hb0FxMmeVbNGwgy63bsPhabZIfMay0GJaeTzNLEjlpZ7LvHCGOR8HAqeYzZhrozdvbQ870MzEOLlO3eGP/yxbk/Ewxffw8ltg4BEInhXQkDtO+43nvNTmzkiz3STsMveutICFcfQ93gztjx7T6A0ImgeOLkHItdCKFx8sDMTtbSD+Y/ueg/leOBSsb5sEmoRswfsOyMwTMP5lxa20Z5j/+lV67QNzN//iJK9dh2uwg9eBAz20oD1lfptk5niZhE7+sxv9MffqDRwcYrzjic32iBdN7/qV0RCmRtzw97WUxUVvHfeFEatL2PqY= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230025)(4636009)(396003)(136003)(346002)(376002)(39860400002)(451199018)(40470700004)(46966006)(36840700001)(70206006)(40480700001)(40460700003)(6666004)(8936002)(83380400001)(7416002)(7406005)(5660300002)(41300700001)(47076005)(44832011)(426003)(86362001)(16526019)(26005)(186003)(1076003)(8676002)(2906002)(70586007)(6916009)(316002)(4326008)(336012)(54906003)(478600001)(2616005)(356005)(36860700001)(36756003)(82310400005)(81166007)(82740400003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Feb 2023 18:45:38.6770 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4fb6eb3b-8dec-40c1-12d5-08db1372a920 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000C96A.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR12MB8277 X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: 6B43C1A000A X-Stat-Signature: rskjnie871ukx14owcas84w1yn9rau65 X-Rspam-User: X-HE-Tag: 1676918741-904601 X-HE-Meta: U2FsdGVkX18cqaXyKwueVhUwyDaqGgY7vexkBteupfwjkNT6EiMHQgwO2SqEoOKg0vySF9ARylsy44kRCk9/rpy/C1+eedmxy3Geuxf/NZiXwwnilMdVd1k5s1tMkXv7VGwW1PNc/J09Kk5niNCIvfvgMSKJIL8sLRVPAzmtkch6/48mj84WQlaAsH4FJHaekUewPz1bOA2LUtd/lSoca2Smy2gwm8QUN7tIiQ5rkxrVSTvCU1PTpS7arGbF1HH2GxYA9HINkOGVZ06VIYCfysriD3+CG45mwZnW5tPvc39uGSoM5lRRe4MwbaCIWT137sHYt0TAdo+5Q+gOid8sjJzaqSr6N/qO/TgBYHCcZUvwpKkM7r7gFa8tHpAR5cyDczajSd3273OrJxoJvKbf0yMKBNt9+WL5SwePqW/61i8nmd6M/nD05xFgv1hENNzwBK+Wy0xA9a7o1SVout4AJqBlCZxoOOTB2bM4ey5FqRcJRsXqext+dm36C+gQXXaNjcbWFm3QOV/N4w0PFMnYKCt3tm9Xt15YX/oSzZ4t0jUjdDroizmtJsClFytScqWuMwXocWkrkcoV1buWC029tLGeX19biUiUrtVN2JBQHftbyNBwG5ydtaezNCsvrsD2GtFelX3FDFR1o12NwDSBBPXNgpeg98FQ78NkK2/w5wq6B5ZqV6JFu4frd9+MEyAkvPQaCcxdLht3uZh/f+5BeVDdPIYKbRYwcRMxMqTLSU2pi1X4P4ojdNpjKKlf1h6qX0jgU7C8bgExV5KBtZa89W/yMXXGSePXk0zRDq50t8aX7z/lx5/D9/VvWXX2jRODzyx3ZzotAzQ9gqCF6frC+Q/5mhFUhQOpZ6pGv0bQ+/uf2RIg5FQidx3gI1CKYdCp8V1GQ4RBxxTkgTENLPrVE4Ijse0vSqaDjUJrDN7bqF1KQizPCrpxnB+cnN5ah3l6H2wYkXaFRvd8h5b4daE QH36EGIC I1VoVhApsTWaw7kjkexUSggsoMvFb/vt17u5m5wSjDV71/EE/yZRRiDGMz9RjewFCt4YXsBP0DxJzJXbS6fLg1UlSWXcHYhEM+5Ze4QPVWtJ1K1k/0OltgVFWm95hf2l8ABIdyDeSyS9+E44TGCQcEDon5MMOsTMOoPk9wy6VPclydkqnnlW0MLJ0BS7M9hxMNm5rOrlDtmbHvU3aoUa5dRIyaA8rjIjqUhO7Ga2dMFeEpwjYRjaPlzjXutwoXyoG0/hmsEzrc8JrvxFDGvY0VCYjKsbcxv89OEcBpnSLUj5PHDLjO3/CLqpSRD9ZCGfCSXNp2rVViCKhAeg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Brijesh Singh The integrity guarantee of SEV-SNP is enforced through the RMP table. The RMP is used with standard x86 and IOMMU page tables to enforce memory restrictions and page access rights. The RMP check is enforced as soon as SEV-SNP is enabled globally in the system. When hardware encounters an RMP-check failure, it raises a page-fault exception. The rmp_make_private() and rmp_make_shared() helpers are used to add or remove the pages from the RMP table. Improve the rmp_make_private() to invalidate state so that pages cannot be used in the direct-map after they are added the RMP table, and restored to their default valid permission after the pages are removed from the RMP table. Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth --- arch/x86/kernel/sev.c | 57 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index a49f30c10dc1..3e5ff5934e83 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -2595,6 +2595,37 @@ int psmash(u64 pfn) } EXPORT_SYMBOL_GPL(psmash); +static int restore_direct_map(u64 pfn, int npages) +{ + int i, ret = 0; + + for (i = 0; i < npages; i++) { + ret = set_direct_map_default_noflush(pfn_to_page(pfn + i)); + if (ret) + goto cleanup; + } + +cleanup: + WARN(ret > 0, "Failed to restore direct map for pfn 0x%llx\n", pfn + i); + return ret; +} + +static int invalidate_direct_map(u64 pfn, int npages) +{ + int i, ret = 0; + + for (i = 0; i < npages; i++) { + ret = set_direct_map_invalid_noflush(pfn_to_page(pfn + i)); + if (ret) + goto cleanup; + } + +cleanup: + WARN(ret > 0, "Failed to invalidate direct map for pfn 0x%llx\n", pfn + i); + restore_direct_map(pfn, i); + return ret; +} + static int rmpupdate(u64 pfn, struct rmp_state *val) { int max_attempts = 4 * num_present_cpus(); @@ -2605,6 +2636,21 @@ static int rmpupdate(u64 pfn, struct rmp_state *val) if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) return -ENXIO; + level = RMP_TO_X86_PG_LEVEL(val->pagesize); + npages = page_level_size(level) / PAGE_SIZE; + + /* + * If page is getting assigned in the RMP table then unmap it from the + * direct map. + */ + if (val->assigned) { + if (invalidate_direct_map(pfn, npages)) { + pr_err("Failed to unmap %d pages at pfn 0x%llx from the direct_map\n", + npages, pfn); + return -EFAULT; + } + } + do { /* Binutils version 2.36 supports the RMPUPDATE mnemonic. */ asm volatile(".byte 0xF2, 0x0F, 0x01, 0xFE" @@ -2630,6 +2676,17 @@ static int rmpupdate(u64 pfn, struct rmp_state *val) attempts, val->asid, ret, pfn, npages); } + /* + * Restore the direct map after the page is removed from the RMP table. + */ + if (!val->assigned) { + if (restore_direct_map(pfn, npages)) { + pr_err("Failed to map %d pages at pfn 0x%llx into the direct_map\n", + npages, pfn); + return -EFAULT; + } + } + return 0; }