From patchwork Sun May 7 23:46:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 13233954 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B2216C77B7D for ; Sun, 7 May 2023 23:46:50 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5329B6B0085; Sun, 7 May 2023 19:46:47 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4BB4D6B0087; Sun, 7 May 2023 19:46:47 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2BFD86B0088; Sun, 7 May 2023 19:46:47 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 150796B0085 for ; Sun, 7 May 2023 19:46:47 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id E701AAD9ED for ; Sun, 7 May 2023 23:46:46 +0000 (UTC) X-FDA: 80765096412.11.7616455 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by imf15.hostedemail.com (Postfix) with ESMTP id ABFCBA0006 for ; Sun, 7 May 2023 23:46:44 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=crEdxRfj; spf=none (imf15.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 192.55.52.115) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1683503205; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=HskbkhwwUPKLOoVolrbqtCrS6mqN11goU/yFBFvJqDM=; b=Z0beY6fwm8fVNfYPfhA/y9/qP6YC+nJ/DKO4Rb6UoEq4XZ9SKxrnK2xcX2bQAWD7O0l9Tp wimesBfd6Q8PTJamBLjaY1KN4tWAWMa+aFC318DcYWWDHsQXGFKieAbFy3aGRlOjlnkNqt CyXp/smx/4MG7Cpec+vHe2JM5L42dMU= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1683503205; a=rsa-sha256; cv=none; b=X3LmGQ0mQiQPkKix9cWThFmh815IfpU2Utgs35CUcJFxxmLrFGjvz/D9z+jAD2ETr8Dt4q CNr4nhB9prWjmZZKU3PcM1TUyoe5UjRb1ZZHr15GwQfL3ZEVaAGMPRoKlIgSTwG1Zw/QIt Znz/ZLvzBqHSBxM0H92yeDQROB496d0= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=crEdxRfj; spf=none (imf15.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 192.55.52.115) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1683503204; x=1715039204; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=i5KLg2PtjNA0aS2FICwds+HU2Sxn6WOAGGMewQBMCK4=; b=crEdxRfj0iC6nmdOH/CtNv/Ic4KMxsDf4ciOOQTi3zBhd1SRnYGh8g2x el9PuPPo6rECWR7rYiatGEJdkw8GPbSqyBdZL0CsnQG98jpoGZLtE5EFF z6FEpaIc8MJuqjrSHUS4lS5gBKnSFYjSAJDAIz3qExRvp04Q3NbCUJ/vB XDNvyNS7zCvZ5uL5czFppoJiC4EqnV7IfjfMdmnD11s38q0hrt4ExWgJN DUSeP2HBchIwDeqgFUW74fE4DPTK+8r9JiDR6ciJQYihnsSGODU7BHgEC 1QOjmaPdAVa/DiqLqY1yFQayiDg2fN2jcweXI3OHWVZIYwB6NR7c2n2aX w==; X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="349550245" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="349550245" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 16:46:29 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="701222788" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="701222788" Received: from dancaspi-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.252.61.73]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 16:46:22 -0700 Received: by box.shutemov.name (Postfix, from userid 1000) id 1138210D1E7; Mon, 8 May 2023 02:46:20 +0300 (+03) From: "Kirill A. Shutemov" To: Borislav Petkov , Andy Lutomirski , Dave Hansen , Sean Christopherson , Andrew Morton , Joerg Roedel , Ard Biesheuvel Cc: Andi Kleen , Kuppuswamy Sathyanarayanan , David Rientjes , Vlastimil Babka , Tom Lendacky , Thomas Gleixner , Peter Zijlstra , Paolo Bonzini , Ingo Molnar , Dario Faggioli , Mike Rapoport , David Hildenbrand , Mel Gorman , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, aarcange@redhat.com, peterx@redhat.com, x86@kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" , Mike Rapoport Subject: [PATCHv10 01/11] mm: Add support for unaccepted memory Date: Mon, 8 May 2023 02:46:08 +0300 Message-Id: <20230507234618.18067-2-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20230507234618.18067-1-kirill.shutemov@linux.intel.com> References: <20230507234618.18067-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: ABFCBA0006 X-Rspam-User: X-Rspamd-Server: rspam06 X-Stat-Signature: ijkk4oqze1braeffpbaihtrd3cmxi6cx X-HE-Tag: 1683503204-205621 X-HE-Meta: U2FsdGVkX19cdXQsR4wa9rmz91ZuMXNsp99gyY+ajZOrZ2ymK2dJUwfRxDCG9G6dh7XGYcFvsVlh6g7dWnMNl0ODfz8DHKE1n0l5FJAqkgQZlN06eGFXc+Y9/5iLn4lKhZWv1duf19laHA1EuA85S5gBHCNR3qROn0x3Zmg9FhAyLx7RxLY3zaym5NUcghmLXtufTtY8a4GODJ73s7DRV+2w0FUPYWiqSPmZC9r74ifHcyyVYXdOId/IAk2xG9kR5y6C8cXZotHed+WWWdlPnEtTTfp8W8xkPmipmGhLNP4MaLWBDxaoMgtRHON1d0FozwvMu1cklrgAcVbKFvM57FEAFiORZcfz7X52eqSwtOrcIqLJq1K+mGQEgJIk2abHRMzExEDyiW3XONOjRbQA7NAirHfnVihhyp5AMXAjg+HKGqypXvluTK1q87iEKxx/Hk7ioA+F+/C97x3zVGEHlroErOcsqfclpffNb51zF/fmwPy2wlk+1FUz+rdsczP/W0BPtKXDqqYJq0oLqWGCqVR2qPPkhkvA3sKcVSON2cVYcPohXh+4nWXIowzLKIHq/vkmxxErrGvEJakKOjf/KWMvJHN2BRsw6XPTEdfqZTT/ISwlFwtxMWVlyBsby+BMP1Sbv5Ud+uuZtRHl3vHSkJxcyX2/Giiigb384SlMRW6aoJZ/9OT3P4ut3MK5ib7DIrZ1DabTr1z3rePIkje55wj3hKg7Ws1eP28H91imYw59w34/VRh9mdy120jfiwd1iC13ziatvd/DVfc5ZBSdgDsQgF1dIMbBdztEVmVYQ3r3LQQUzt4G+AcVYPE+q5cKP/hEaP+whTUKmgt6sGfBUcvLWhozWh+0ZS0nBDBLCOxcQJ92/5zpJ1A5Iiwq81yimNm9/mSfbSdX/twaoZxDy2xTrMvzu3ydmSs+alP/0NYNdXrUnqxy8qJjQ7tyqe47OKDAQJVMhkBaScoUwME usuLU+LC mtwVPGU9Z+JAYvcEKh9GPkOHVROHqHJuAW03CFhPW46Fvc6p3+XklnbjfoPW+0xxiDxt2ojlUpziVwVxWX+sjO0yo0kh7h4/xfixrZ3/OlkL5B1r5ZKMP8gcTc1pmFDlBJMFzp2E9j2SuIGvc8ziiC84TJzUvADadLDznooxlzeqEIeY= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: UEFI Specification version 2.9 introduces the concept of memory acceptance. Some Virtual Machine platforms, such as Intel TDX or AMD SEV-SNP, require memory to be accepted before it can be used by the guest. Accepting happens via a protocol specific to the Virtual Machine platform. There are several ways kernel can deal with unaccepted memory: 1. Accept all the memory during the boot. It is easy to implement and it doesn't have runtime cost once the system is booted. The downside is very long boot time. Accept can be parallelized to multiple CPUs to keep it manageable (i.e. via DEFERRED_STRUCT_PAGE_INIT), but it tends to saturate memory bandwidth and does not scale beyond the point. 2. Accept a block of memory on the first use. It requires more infrastructure and changes in page allocator to make it work, but it provides good boot time. On-demand memory accept means latency spikes every time kernel steps onto a new memory block. The spikes will go away once workload data set size gets stabilized or all memory gets accepted. 3. Accept all memory in background. Introduce a thread (or multiple) that gets memory accepted proactively. It will minimize time the system experience latency spikes on memory allocation while keeping low boot time. This approach cannot function on its own. It is an extension of #2: background memory acceptance requires functional scheduler, but the page allocator may need to tap into unaccepted memory before that. The downside of the approach is that these threads also steal CPU cycles and memory bandwidth from the user's workload and may hurt user experience. The patch implements #1 and #2 for now. #2 is the default. Some workloads may want to use #1 with accept_memory=eager in kernel command line. #3 can be implemented later based on user's demands. Support of unaccepted memory requires a few changes in core-mm code: - memblock has to accept memory on allocation; - page allocator has to accept memory on the first allocation of the page; Memblock change is trivial. The page allocator is modified to accept pages. New memory gets accepted before putting pages on free lists. It is done lazily: only accept new pages when we run out of already accepted memory. The memory gets accepted until the high watermark is reached. Architecture has to provide two helpers if it wants to support unaccepted memory: - accept_memory() makes a range of physical addresses accepted. - range_contains_unaccepted_memory() checks anything within the range of physical addresses requires acceptance. Signed-off-by: Kirill A. Shutemov Acked-by: Mike Rapoport # memblock Reviewed-by: Vlastimil Babka --- drivers/base/node.c | 7 ++ fs/proc/meminfo.c | 5 ++ include/linux/mmzone.h | 8 ++ mm/internal.h | 13 ++++ mm/memblock.c | 9 +++ mm/mm_init.c | 7 ++ mm/page_alloc.c | 173 +++++++++++++++++++++++++++++++++++++++++ mm/vmstat.c | 3 + 8 files changed, 225 insertions(+) diff --git a/drivers/base/node.c b/drivers/base/node.c index b46db17124f3..655975946ef6 100644 --- a/drivers/base/node.c +++ b/drivers/base/node.c @@ -448,6 +448,9 @@ static ssize_t node_read_meminfo(struct device *dev, "Node %d ShmemPmdMapped: %8lu kB\n" "Node %d FileHugePages: %8lu kB\n" "Node %d FilePmdMapped: %8lu kB\n" +#endif +#ifdef CONFIG_UNACCEPTED_MEMORY + "Node %d Unaccepted: %8lu kB\n" #endif , nid, K(node_page_state(pgdat, NR_FILE_DIRTY)), @@ -477,6 +480,10 @@ static ssize_t node_read_meminfo(struct device *dev, nid, K(node_page_state(pgdat, NR_SHMEM_PMDMAPPED)), nid, K(node_page_state(pgdat, NR_FILE_THPS)), nid, K(node_page_state(pgdat, NR_FILE_PMDMAPPED)) +#endif +#ifdef CONFIG_UNACCEPTED_MEMORY + , + nid, K(sum_zone_node_page_state(nid, NR_UNACCEPTED)) #endif ); len += hugetlb_report_node_meminfo(buf, len, nid); diff --git a/fs/proc/meminfo.c b/fs/proc/meminfo.c index b43d0bd42762..8dca4d6d96c7 100644 --- a/fs/proc/meminfo.c +++ b/fs/proc/meminfo.c @@ -168,6 +168,11 @@ static int meminfo_proc_show(struct seq_file *m, void *v) global_zone_page_state(NR_FREE_CMA_PAGES)); #endif +#ifdef CONFIG_UNACCEPTED_MEMORY + show_val_kb(m, "Unaccepted: ", + global_zone_page_state(NR_UNACCEPTED)); +#endif + hugetlb_report_meminfo(m); arch_report_meminfo(m); diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h index a4889c9d4055..6c1c2fc13017 100644 --- a/include/linux/mmzone.h +++ b/include/linux/mmzone.h @@ -143,6 +143,9 @@ enum zone_stat_item { NR_ZSPAGES, /* allocated in zsmalloc */ #endif NR_FREE_CMA_PAGES, +#ifdef CONFIG_UNACCEPTED_MEMORY + NR_UNACCEPTED, +#endif NR_VM_ZONE_STAT_ITEMS }; enum node_stat_item { @@ -910,6 +913,11 @@ struct zone { /* free areas of different sizes */ struct free_area free_area[MAX_ORDER + 1]; +#ifdef CONFIG_UNACCEPTED_MEMORY + /* Pages to be accepted. All pages on the list are MAX_ORDER */ + struct list_head unaccepted_pages; +#endif + /* zone flags, see below */ unsigned long flags; diff --git a/mm/internal.h b/mm/internal.h index 68410c6d97ac..ed042e366d49 100644 --- a/mm/internal.h +++ b/mm/internal.h @@ -1099,4 +1099,17 @@ struct vma_prepare { struct vm_area_struct *remove; struct vm_area_struct *remove2; }; + +#ifndef CONFIG_UNACCEPTED_MEMORY +static inline bool range_contains_unaccepted_memory(phys_addr_t start, + phys_addr_t end) +{ + return false; +} + +static inline void accept_memory(phys_addr_t start, phys_addr_t end) +{ +} +#endif + #endif /* __MM_INTERNAL_H */ diff --git a/mm/memblock.c b/mm/memblock.c index 3feafea06ab2..50b921119600 100644 --- a/mm/memblock.c +++ b/mm/memblock.c @@ -1436,6 +1436,15 @@ phys_addr_t __init memblock_alloc_range_nid(phys_addr_t size, */ kmemleak_alloc_phys(found, size, 0); + /* + * Some Virtual Machine platforms, such as Intel TDX or AMD SEV-SNP, + * require memory to be accepted before it can be used by the + * guest. + * + * Accept the memory of the allocated buffer. + */ + accept_memory(found, found + size); + return found; } diff --git a/mm/mm_init.c b/mm/mm_init.c index 7f7f9c677854..1cfc08e25f93 100644 --- a/mm/mm_init.c +++ b/mm/mm_init.c @@ -1375,6 +1375,10 @@ static void __meminit zone_init_free_lists(struct zone *zone) INIT_LIST_HEAD(&zone->free_area[order].free_list[t]); zone->free_area[order].nr_free = 0; } + +#ifdef CONFIG_UNACCEPTED_MEMORY + INIT_LIST_HEAD(&zone->unaccepted_pages); +#endif } void __meminit init_currently_empty_zone(struct zone *zone, @@ -1960,6 +1964,9 @@ static void __init deferred_free_range(unsigned long pfn, return; } + /* Accept chunks smaller than MAX_ORDER upfront */ + accept_memory(PFN_PHYS(pfn), PFN_PHYS(pfn + nr_pages)); + for (i = 0; i < nr_pages; i++, page++, pfn++) { if (pageblock_aligned(pfn)) set_pageblock_migratetype(page, MIGRATE_MOVABLE); diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 47421bedc12b..d239fba3f31c 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -387,6 +387,12 @@ EXPORT_SYMBOL(nr_node_ids); EXPORT_SYMBOL(nr_online_nodes); #endif +static bool page_contains_unaccepted(struct page *page, unsigned int order); +static void accept_page(struct page *page, unsigned int order); +static bool try_to_accept_memory(struct zone *zone, unsigned int order); +static inline bool has_unaccepted_memory(void); +static bool __free_unaccepted(struct page *page); + int page_group_by_mobility_disabled __read_mostly; #ifdef CONFIG_DEFERRED_STRUCT_PAGE_INIT @@ -1481,6 +1487,13 @@ void __free_pages_core(struct page *page, unsigned int order) atomic_long_add(nr_pages, &page_zone(page)->managed_pages); + if (page_contains_unaccepted(page, order)) { + if (order == MAX_ORDER && __free_unaccepted(page)) + return; + + accept_page(page, order); + } + /* * Bypass PCP and place fresh pages right to the tail, primarily * relevant for memory onlining. @@ -3159,6 +3172,9 @@ static inline long __zone_watermark_unusable_free(struct zone *z, if (!(alloc_flags & ALLOC_CMA)) unusable_free += zone_page_state(z, NR_FREE_CMA_PAGES); #endif +#ifdef CONFIG_UNACCEPTED_MEMORY + unusable_free += zone_page_state(z, NR_UNACCEPTED); +#endif return unusable_free; } @@ -3458,6 +3474,11 @@ get_page_from_freelist(gfp_t gfp_mask, unsigned int order, int alloc_flags, gfp_mask)) { int ret; + if (has_unaccepted_memory()) { + if (try_to_accept_memory(zone, order)) + goto try_this_zone; + } + #ifdef CONFIG_DEFERRED_STRUCT_PAGE_INIT /* * Watermark failed for this zone, but see if we can @@ -3510,6 +3531,11 @@ get_page_from_freelist(gfp_t gfp_mask, unsigned int order, int alloc_flags, return page; } else { + if (has_unaccepted_memory()) { + if (try_to_accept_memory(zone, order)) + goto try_this_zone; + } + #ifdef CONFIG_DEFERRED_STRUCT_PAGE_INIT /* Try again if zone has deferred pages */ if (deferred_pages_enabled()) { @@ -7215,3 +7241,150 @@ bool has_managed_dma(void) return false; } #endif /* CONFIG_ZONE_DMA */ + +#ifdef CONFIG_UNACCEPTED_MEMORY + +/* Counts number of zones with unaccepted pages. */ +static DEFINE_STATIC_KEY_FALSE(zones_with_unaccepted_pages); + +static bool lazy_accept = true; + +static int __init accept_memory_parse(char *p) +{ + if (!strcmp(p, "lazy")) { + lazy_accept = true; + return 0; + } else if (!strcmp(p, "eager")) { + lazy_accept = false; + return 0; + } else { + return -EINVAL; + } +} +early_param("accept_memory", accept_memory_parse); + +static bool page_contains_unaccepted(struct page *page, unsigned int order) +{ + phys_addr_t start = page_to_phys(page); + phys_addr_t end = start + (PAGE_SIZE << order); + + return range_contains_unaccepted_memory(start, end); +} + +static void accept_page(struct page *page, unsigned int order) +{ + phys_addr_t start = page_to_phys(page); + + accept_memory(start, start + (PAGE_SIZE << order)); +} + +static bool try_to_accept_memory_one(struct zone *zone) +{ + unsigned long flags; + struct page *page; + bool last; + + if (list_empty(&zone->unaccepted_pages)) + return false; + + spin_lock_irqsave(&zone->lock, flags); + page = list_first_entry_or_null(&zone->unaccepted_pages, + struct page, lru); + if (!page) { + spin_unlock_irqrestore(&zone->lock, flags); + return false; + } + + list_del(&page->lru); + last = list_empty(&zone->unaccepted_pages); + + __mod_zone_freepage_state(zone, -MAX_ORDER_NR_PAGES, MIGRATE_MOVABLE); + __mod_zone_page_state(zone, NR_UNACCEPTED, -MAX_ORDER_NR_PAGES); + spin_unlock_irqrestore(&zone->lock, flags); + + accept_page(page, MAX_ORDER); + + __free_pages_ok(page, MAX_ORDER, FPI_TO_TAIL); + + if (last) + static_branch_dec(&zones_with_unaccepted_pages); + + return true; +} + +static bool try_to_accept_memory(struct zone *zone, unsigned int order) +{ + long to_accept; + int ret = false; + + /* How much to accept to get to high watermark? */ + to_accept = high_wmark_pages(zone) - + (zone_page_state(zone, NR_FREE_PAGES) - + __zone_watermark_unusable_free(zone, order, 0)); + + /* Accept at least one page */ + do { + if (!try_to_accept_memory_one(zone)) + break; + ret = true; + to_accept -= MAX_ORDER_NR_PAGES; + } while (to_accept > 0); + + return ret; +} + +static inline bool has_unaccepted_memory(void) +{ + return static_branch_unlikely(&zones_with_unaccepted_pages); +} + +static bool __free_unaccepted(struct page *page) +{ + struct zone *zone = page_zone(page); + unsigned long flags; + bool first = false; + + if (!lazy_accept) + return false; + + spin_lock_irqsave(&zone->lock, flags); + first = list_empty(&zone->unaccepted_pages); + list_add_tail(&page->lru, &zone->unaccepted_pages); + __mod_zone_freepage_state(zone, MAX_ORDER_NR_PAGES, MIGRATE_MOVABLE); + __mod_zone_page_state(zone, NR_UNACCEPTED, MAX_ORDER_NR_PAGES); + spin_unlock_irqrestore(&zone->lock, flags); + + if (first) + static_branch_inc(&zones_with_unaccepted_pages); + + return true; +} + +#else + +static bool page_contains_unaccepted(struct page *page, unsigned int order) +{ + return false; +} + +static void accept_page(struct page *page, unsigned int order) +{ +} + +static bool try_to_accept_memory(struct zone *zone, unsigned int order) +{ + return false; +} + +static inline bool has_unaccepted_memory(void) +{ + return false; +} + +static bool __free_unaccepted(struct page *page) +{ + BUILD_BUG(); + return false; +} + +#endif /* CONFIG_UNACCEPTED_MEMORY */ diff --git a/mm/vmstat.c b/mm/vmstat.c index c28046371b45..282349cabf01 100644 --- a/mm/vmstat.c +++ b/mm/vmstat.c @@ -1180,6 +1180,9 @@ const char * const vmstat_text[] = { "nr_zspages", #endif "nr_free_cma", +#ifdef CONFIG_UNACCEPTED_MEMORY + "nr_unaccepted", +#endif /* enum numa_stat_item counters */ #ifdef CONFIG_NUMA From patchwork Sun May 7 23:46:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 13233947 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58421C77B75 for ; Sun, 7 May 2023 23:46:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9EBFC6B0078; Sun, 7 May 2023 19:46:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9757C6B007D; Sun, 7 May 2023 19:46:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7EEE36B007E; Sun, 7 May 2023 19:46:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 6CAC16B0078 for ; Sun, 7 May 2023 19:46:36 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 383DB1404A5 for ; Sun, 7 May 2023 23:46:36 +0000 (UTC) X-FDA: 80765095992.29.C959DDA Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by imf05.hostedemail.com (Postfix) with ESMTP id 65A2F10000B for ; Sun, 7 May 2023 23:46:33 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=GgGKz6j6; spf=none (imf05.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 134.134.136.126) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1683503194; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=sv6wo6vxOffMBn9+KXstoWGKRgNi5dzIFAWw39uzvSo=; b=rTRTYJe/UIABq/PSBwxDVk/br2xk1fz772ASlgvkl/Z/tSwAVitcqj5/1znN+4BZfC/154 IBLfFS83Fwz6Nd1kTULokmbCDELtCMyf6DZglVr2DiBnvaUGJzPFfwF+GfVUVgms1ehelb bemtgHbimCDj2jVux9i5pdyWhyDnU68= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1683503194; a=rsa-sha256; cv=none; b=zifZakairheBqAGzvEQbk1ZGOy3zReh1L0F8uH7Mkay5cxSiBze2bMo15PQsaDQ7LQII03 H6wuDzk2SJk98/HjC8L2O8i4gA3uGfp67dZiebja3ZMO/GMBSLuGyVqJK8J1AdFoP0gLNZ IYY/U5uRkTcayDjidSRaO6gDnmXGkAo= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=GgGKz6j6; spf=none (imf05.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 134.134.136.126) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1683503193; x=1715039193; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=BwDi/PWmIK31K/TDtylUIn7yoV9Lz0nwLx+9+7bRLdU=; b=GgGKz6j6bAtu+7cuCkvNdShM1JnjhaqevSabiFvyIRLYT1sEMTBixWFp mLubHGOGoPoCSzvuUSKft5bSuwp2tsEbByi1XgR7iBf7jNqpcQmjj31Cm y/3/iv18pQkJRAhM77xpsA8kVaQX2jPWKXYq42RGv7wJbk1k80l6C+M/n pEhtxFKnmT1GM4EeE8wE2C+laXFpOkiyc4dcUUK75VXwPC9CfzPkZ/Nbd ZbTbfeQB2HZIcaktlWqnazhemfb8sfHhKw0BECSgqsIlen+8FqXiKRJnl pM90vowXlbqrVET8HqfM+FJ69LYRjZ/pZ08kow9GvsynBlNPBsXGhTGiv g==; X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="333953470" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="333953470" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 16:46:30 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="675852933" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="675852933" Received: from dancaspi-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.252.61.73]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 16:46:22 -0700 Received: by box.shutemov.name (Postfix, from userid 1000) id 1B12C10D1E8; Mon, 8 May 2023 02:46:20 +0300 (+03) From: "Kirill A. Shutemov" To: Borislav Petkov , Andy Lutomirski , Dave Hansen , Sean Christopherson , Andrew Morton , Joerg Roedel , Ard Biesheuvel Cc: Andi Kleen , Kuppuswamy Sathyanarayanan , David Rientjes , Vlastimil Babka , Tom Lendacky , Thomas Gleixner , Peter Zijlstra , Paolo Bonzini , Ingo Molnar , Dario Faggioli , Mike Rapoport , David Hildenbrand , Mel Gorman , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, aarcange@redhat.com, peterx@redhat.com, x86@kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" , Borislav Petkov Subject: [PATCHv10 02/11] efi/x86: Get full memory map in allocate_e820() Date: Mon, 8 May 2023 02:46:09 +0300 Message-Id: <20230507234618.18067-3-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20230507234618.18067-1-kirill.shutemov@linux.intel.com> References: <20230507234618.18067-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: 65A2F10000B X-Stat-Signature: adh56iwhif71gsw5xb8auaw8isuf7991 X-Rspam-User: X-Rspamd-Server: rspam09 X-HE-Tag: 1683503193-955832 X-HE-Meta: U2FsdGVkX1/hYHsVvXoAb908Ip4lasWzEdWtGF5nTFdQWLqeISTA6S3O6sGNLmNJggvVk/QHXxl+jaiYYE4J8CrxLH45nlBQZdD7HCGW74RspnYa4ADNto2xXmAgnQ8N25oDUHqVbQZN8bV/F+f5Qqfa/uLAqsbnY1xjxZDpRccQGe+yVzDGwZXuyeoYA6+TQix7J+ZjwRDlnr+chJ9WhvLO9le89pb6HwwYIkGB+o7Z+vmniWEjE4Q4AmVu8EZOYIsL3Uz4Mx+/BzWn9/qRQQFedoFVSe/c9wiTet8MdtwyRIfiHOOhJ/D00x3DuDZzIEuJgLXZn2l07HhOpc9nbURBbCCWmD+AHTkSx1DhWt+fAklg6dsDy1KKpIAdCLWpjP9gHgT27/7R7y5T+tmKtABVTbX6HuNCbU+VTYTR5USA3UJsT/VJYYw3AtQT7+mvbuDM4I8oY+LYUh13ZGCeOwgmbZZLRhraoRcqKZxuDToeIailsdVpKQsJxexKUvdek+/VLBcY6WzaEo4Xa0bdNeeRv+ldHPl6KOnKEdoAEdXrCtUOeuOCOe8RVU3U8A/tEusbPC8DTyHMZseI37B/OKDfymWKqImJuGq3S1+JW72n4iZW/C7i+ZTy98mpAkNEAJCCZZxlPJIIadNjyGV5eAAFZcoNSrBhmC9bflJbBz922hf7/v0QCBpiavmM17+AA6C1E5vMHCdSO/wIzOvvN3zPXpkNheO9ImFpglaf2W7UpthSXUnq50GxCI3yDTt6EE/HPX8VWhnhMXlniYGoBVsx2bfpNW9BwNmhxtyMysbx/wBWtdVju/+/v+ie1lSbmC1Bxn7phOuc39I9t09Fc9ZHN86eKGrhYAbnd9DsLDRxW4HFAnekVd3ii7HPHuZIjYAPhF7YfxIc75etp0GE1sE2+EgtegUVexfa9rQ7h66qaCPxK8iA2nD13ieG4WWAt1N0vWd0qQTcGKLnYPk qV8S9jXl HYbLK0kkEI0TBj82IRWsmTAf8QuWjxdDCjsVgtnwT0q+1kUbG8TwSl+pVajcEhjh6mCqYJeUy0ogWZGvoo/JOwbMDVLctDTTPviqRWcqB+zjaQi40149EhuHhWitF37aMQiCzOykRp3D2vyA1job+eIoRtOxblrX2vWfNl79f+KMT+pmORa/17o2t4A== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Currently allocate_e820() is only interested in the size of map and size of memory descriptor to determine how many e820 entries the kernel needs. UEFI Specification version 2.9 introduces a new memory type -- unaccepted memory. To track unaccepted memory kernel needs to allocate a bitmap. The size of the bitmap is dependent on the maximum physical address present in the system. A full memory map is required to find the maximum address. Modify allocate_e820() to get a full memory map. Signed-off-by: Kirill A. Shutemov Reviewed-by: Borislav Petkov Acked-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/x86-stub.c | 26 +++++++++++-------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index a0bfd31358ba..fff81843169c 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -681,28 +681,24 @@ static efi_status_t allocate_e820(struct boot_params *params, struct setup_data **e820ext, u32 *e820ext_size) { - unsigned long map_size, desc_size, map_key; + struct efi_boot_memmap *map; efi_status_t status; - __u32 nr_desc, desc_version; + __u32 nr_desc; - /* Only need the size of the mem map and size of each mem descriptor */ - map_size = 0; - status = efi_bs_call(get_memory_map, &map_size, NULL, &map_key, - &desc_size, &desc_version); - if (status != EFI_BUFFER_TOO_SMALL) - return (status != EFI_SUCCESS) ? status : EFI_UNSUPPORTED; + status = efi_get_memory_map(&map, false); + if (status != EFI_SUCCESS) + return status; - nr_desc = map_size / desc_size + EFI_MMAP_NR_SLACK_SLOTS; - - if (nr_desc > ARRAY_SIZE(params->e820_table)) { - u32 nr_e820ext = nr_desc - ARRAY_SIZE(params->e820_table); + nr_desc = map->map_size / map->desc_size; + if (nr_desc > ARRAY_SIZE(params->e820_table) - EFI_MMAP_NR_SLACK_SLOTS) { + u32 nr_e820ext = nr_desc - ARRAY_SIZE(params->e820_table) + + EFI_MMAP_NR_SLACK_SLOTS; status = alloc_e820ext(nr_e820ext, e820ext, e820ext_size); - if (status != EFI_SUCCESS) - return status; } - return EFI_SUCCESS; + efi_bs_call(free_pool, map); + return status; } struct exit_boot_struct { From patchwork Sun May 7 23:46:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 13233948 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D0EE9C7EE2C for ; Sun, 7 May 2023 23:46:39 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3AA596B007D; Sun, 7 May 2023 19:46:39 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 334756B007E; Sun, 7 May 2023 19:46:39 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 111916B0080; Sun, 7 May 2023 19:46:39 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id F13E16B007D for ; Sun, 7 May 2023 19:46:38 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id BC0DFA0110 for ; Sun, 7 May 2023 23:46:38 +0000 (UTC) X-FDA: 80765096076.17.5C2FCD7 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by imf05.hostedemail.com (Postfix) with ESMTP id 6275B100002 for ; Sun, 7 May 2023 23:46:36 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=cNRbzfzG; spf=none (imf05.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 134.134.136.126) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1683503196; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ZGXKaBYrFkl2FixtKibuu/CP0D7rw/VLwjlOmFgYZe4=; b=Tfj3bkz+lcAp3vMxLofcCzyTXCooMxEGkGmoq8BijlHZZHzsxBCELAMjWsXVx++hvc/1Sq a6GnP9OSL45XCSaoTpUXbVunM/sAbN70sijIaZjR5c7GCFIUE1ymctXmHTzge9rL2+Asjl 9s6ETCqt1sFKNCecwuZdsEgYjWTie3s= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1683503196; a=rsa-sha256; cv=none; b=sM+9HKCm/mcirnUgSoO89/hwyIsGHrwLWuZG2Gv3F086x64caAFmoRB+8CzXJdWG6gWh1h c89jn2FsNbYkoC29P64RmfIJOM5evFE86TD8ynRMKR7rN1TYcNlJ8WLpt5x+2/Racw++uT GGlfPw9dwmnBsB4ZNPc7+ZddYpYV8fE= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=cNRbzfzG; spf=none (imf05.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 134.134.136.126) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1683503196; x=1715039196; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ornchwLRxxMt3IL6fN5LNuraAvHcewiyqSa44mkVJkw=; b=cNRbzfzG4/5OchBYZ9UPG5Qv+EQPDFYjmJvOTXSfHKvAf82urkhTLf7s bQIlUdY0anY71Gbj+b+h9JQFOjh+fUwTg8zy6AKgnc+cfwjg0zumVK4ze cGOMn50APQq7enmOR5RVPt8NAqFA0XetlmYP9TIYiJ+jF+xAPTkx8edGB yOfAm4mzEpjH2IVC/Rrj5UH39Rwq7KvBwgXAvkHwGW8CBBhWL0uZRgzDy TPgDl8K7EpF19lk3VuyjlNs6Gb0Hl4ynZ+6bmmvNNo2fD6C7bG9fIO4mh pXHtd70/4VXFSjGAVUtBFUew9KjrpFl7uFLOALKevfYOYoD/DC5fuxHXk w==; X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="333953501" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="333953501" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 16:46:31 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="675852935" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="675852935" Received: from dancaspi-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.252.61.73]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 16:46:22 -0700 Received: by box.shutemov.name (Postfix, from userid 1000) id 262E810D1E9; Mon, 8 May 2023 02:46:20 +0300 (+03) From: "Kirill A. Shutemov" To: Borislav Petkov , Andy Lutomirski , Dave Hansen , Sean Christopherson , Andrew Morton , Joerg Roedel , Ard Biesheuvel Cc: Andi Kleen , Kuppuswamy Sathyanarayanan , David Rientjes , Vlastimil Babka , Tom Lendacky , Thomas Gleixner , Peter Zijlstra , Paolo Bonzini , Ingo Molnar , Dario Faggioli , Mike Rapoport , David Hildenbrand , Mel Gorman , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, aarcange@redhat.com, peterx@redhat.com, x86@kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv10 03/11] x86/boot: Add infrastructure required for unaccepted memory support Date: Mon, 8 May 2023 02:46:10 +0300 Message-Id: <20230507234618.18067-4-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20230507234618.18067-1-kirill.shutemov@linux.intel.com> References: <20230507234618.18067-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: 6275B100002 X-Stat-Signature: 5pb9q9ci98bsho3hnhabptk3mh8bddmo X-Rspam-User: X-Rspamd-Server: rspam09 X-HE-Tag: 1683503196-406185 X-HE-Meta: U2FsdGVkX1/tsHo0pJSw+3t82ytWBevG4tx4PqX+/9EqGa5ehqu4dbl2iqWgZ4zBVijK8FeXfbW6jtTGxuwemSrZx0aHTESF+Ei/0RTgUXym5CIC8xwgQQtEQZwHZTyq6jx63xfv2dxtobAWr9nvi+PVQ2yAZcNIbrYptWBNzDsmbcGfekAxi0nZji0q+8yHPhJ1xgwdSKQ2s/YjuctYO2DR18+IEr/AN6S+45yXvFr2GPkRrV3hYAZpOultIUUm222hAif6O1d9YTWORUyDCfRyxMjT36YhFXULZiPWywjQg6yy8XfbCpmU/qv9Q2DN5vG97/uj76AWEeTHqywSIoYe7oPi8eakFL4DIEfdSgnk4x1yRtIytyUEtFGiECmhPc/9Z7EggP86dHpmeHi2SoplV8XCWBoHgrBNM5AmuS3wpOJ0wXX1BvQnciePk6ciJwdTySKVVZV0t7AMTv9UdhPcEpiuhRtvv7VuH54xlJXO1WylPoh+3eB2gWctSlvyFtM0HMDQcJOd+L08psIFJG6xmw/3IbsV3WN2/SAlf4Yw3zGBWQlx7v9+7CjM2p8XD6V2i+hcEuJxFe0VH78P06ZTM8bJKlyTHcPV3zF0/NVHP10h0xAKuU+gyHiomk52ILLNtZc8mPSofzFuRYCklqspmMlKovClq+xaCXg2vsZUjAhgenlzkbFJ00n/Rf4kbKFBnoIB8Ehtnl6cdhw+I9b6pqSStgl5sVfiEc/A3KeHl1I/frL0gCyYzspS9tDXjpEAc4wZA1u/p4A62PWf/vk3Wau/wNqkdE0rjcvYLVkqNHwlhnrog1faRG/ShCYwyx5Qx2xwgg2tTArHzenpAEXCt5yfH7CQKSNktqRBRetZLZ7ZYABblFgX9gwbMqOJCSMz0kuWH4vLBQJC5v792hrVjFa212veeyXlg5KJDKF/LplubAVwtb/rcgR6sqEFzhdv0w7qQC9SZNeBvmE cCFV/+af nPJtt0vyhLaAxydw8nxDJyMn1lsXzZDMCnZKCW29tx09FDSjmb3/ysz3ZA7VQONn+Qpjy16vn5Jt3hdt4W1uWJhFRfBIfKhxZoXwrsV7iQqsYjEpeopRmrv9dBlWc7LA2aKhgrRJYBj/zpVI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Pull functionality from the main kernel headers and lib/ that is required for unaccepted memory support. This is preparatory patch. The users for the functionality will come in following patches. Signed-off-by: Kirill A. Shutemov Reviewed-by: Borislav Petkov (AMD) --- arch/x86/boot/bitops.h | 40 ++++++++++++ arch/x86/boot/compressed/align.h | 14 +++++ arch/x86/boot/compressed/bitmap.c | 43 +++++++++++++ arch/x86/boot/compressed/bitmap.h | 49 +++++++++++++++ arch/x86/boot/compressed/bits.h | 36 +++++++++++ arch/x86/boot/compressed/find.c | 54 ++++++++++++++++ arch/x86/boot/compressed/find.h | 79 ++++++++++++++++++++++++ arch/x86/boot/compressed/math.h | 37 +++++++++++ arch/x86/boot/compressed/minmax.h | 61 ++++++++++++++++++ arch/x86/boot/compressed/pgtable_types.h | 25 ++++++++ 10 files changed, 438 insertions(+) create mode 100644 arch/x86/boot/compressed/align.h create mode 100644 arch/x86/boot/compressed/bitmap.c create mode 100644 arch/x86/boot/compressed/bitmap.h create mode 100644 arch/x86/boot/compressed/bits.h create mode 100644 arch/x86/boot/compressed/find.c create mode 100644 arch/x86/boot/compressed/find.h create mode 100644 arch/x86/boot/compressed/math.h create mode 100644 arch/x86/boot/compressed/minmax.h create mode 100644 arch/x86/boot/compressed/pgtable_types.h diff --git a/arch/x86/boot/bitops.h b/arch/x86/boot/bitops.h index 8518ae214c9b..38badf028543 100644 --- a/arch/x86/boot/bitops.h +++ b/arch/x86/boot/bitops.h @@ -41,4 +41,44 @@ static inline void set_bit(int nr, void *addr) asm("btsl %1,%0" : "+m" (*(u32 *)addr) : "Ir" (nr)); } +static __always_inline void __set_bit(long nr, volatile unsigned long *addr) +{ + asm volatile(__ASM_SIZE(bts) " %1,%0" : : "m" (*(volatile long *) addr), + "Ir" (nr) : "memory"); +} + +static __always_inline void __clear_bit(long nr, volatile unsigned long *addr) +{ + asm volatile(__ASM_SIZE(btr) " %1,%0" : : "m" (*(volatile long *) addr), + "Ir" (nr) : "memory"); +} + +/** + * __ffs - find first set bit in word + * @word: The word to search + * + * Undefined if no bit exists, so code should check against 0 first. + */ +static __always_inline unsigned long __ffs(unsigned long word) +{ + asm("rep; bsf %1,%0" + : "=r" (word) + : "rm" (word)); + return word; +} + +/** + * ffz - find first zero bit in word + * @word: The word to search + * + * Undefined if no zero exists, so code should check against ~0UL first. + */ +static __always_inline unsigned long ffz(unsigned long word) +{ + asm("rep; bsf %1,%0" + : "=r" (word) + : "r" (~word)); + return word; +} + #endif /* BOOT_BITOPS_H */ diff --git a/arch/x86/boot/compressed/align.h b/arch/x86/boot/compressed/align.h new file mode 100644 index 000000000000..7ccabbc5d1b8 --- /dev/null +++ b/arch/x86/boot/compressed/align.h @@ -0,0 +1,14 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#ifndef BOOT_ALIGN_H +#define BOOT_ALIGN_H +#define _LINUX_ALIGN_H /* Inhibit inclusion of */ + +/* @a is a power of 2 value */ +#define ALIGN(x, a) __ALIGN_KERNEL((x), (a)) +#define ALIGN_DOWN(x, a) __ALIGN_KERNEL((x) - ((a) - 1), (a)) +#define __ALIGN_MASK(x, mask) __ALIGN_KERNEL_MASK((x), (mask)) +#define PTR_ALIGN(p, a) ((typeof(p))ALIGN((unsigned long)(p), (a))) +#define PTR_ALIGN_DOWN(p, a) ((typeof(p))ALIGN_DOWN((unsigned long)(p), (a))) +#define IS_ALIGNED(x, a) (((x) & ((typeof(x))(a) - 1)) == 0) + +#endif diff --git a/arch/x86/boot/compressed/bitmap.c b/arch/x86/boot/compressed/bitmap.c new file mode 100644 index 000000000000..789ecadeb521 --- /dev/null +++ b/arch/x86/boot/compressed/bitmap.c @@ -0,0 +1,43 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include "bitmap.h" + +void __bitmap_set(unsigned long *map, unsigned int start, int len) +{ + unsigned long *p = map + BIT_WORD(start); + const unsigned int size = start + len; + int bits_to_set = BITS_PER_LONG - (start % BITS_PER_LONG); + unsigned long mask_to_set = BITMAP_FIRST_WORD_MASK(start); + + while (len - bits_to_set >= 0) { + *p |= mask_to_set; + len -= bits_to_set; + bits_to_set = BITS_PER_LONG; + mask_to_set = ~0UL; + p++; + } + if (len) { + mask_to_set &= BITMAP_LAST_WORD_MASK(size); + *p |= mask_to_set; + } +} + +void __bitmap_clear(unsigned long *map, unsigned int start, int len) +{ + unsigned long *p = map + BIT_WORD(start); + const unsigned int size = start + len; + int bits_to_clear = BITS_PER_LONG - (start % BITS_PER_LONG); + unsigned long mask_to_clear = BITMAP_FIRST_WORD_MASK(start); + + while (len - bits_to_clear >= 0) { + *p &= ~mask_to_clear; + len -= bits_to_clear; + bits_to_clear = BITS_PER_LONG; + mask_to_clear = ~0UL; + p++; + } + if (len) { + mask_to_clear &= BITMAP_LAST_WORD_MASK(size); + *p &= ~mask_to_clear; + } +} diff --git a/arch/x86/boot/compressed/bitmap.h b/arch/x86/boot/compressed/bitmap.h new file mode 100644 index 000000000000..35357f5feda2 --- /dev/null +++ b/arch/x86/boot/compressed/bitmap.h @@ -0,0 +1,49 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#ifndef BOOT_BITMAP_H +#define BOOT_BITMAP_H +#define __LINUX_BITMAP_H /* Inhibit inclusion of */ + +#include "../bitops.h" +#include "../string.h" +#include "align.h" + +#define BITMAP_MEM_ALIGNMENT 8 +#define BITMAP_MEM_MASK (BITMAP_MEM_ALIGNMENT - 1) + +#define BITMAP_FIRST_WORD_MASK(start) (~0UL << ((start) & (BITS_PER_LONG - 1))) +#define BITMAP_LAST_WORD_MASK(nbits) (~0UL >> (-(nbits) & (BITS_PER_LONG - 1))) + +#define BIT_WORD(nr) ((nr) / BITS_PER_LONG) + +void __bitmap_set(unsigned long *map, unsigned int start, int len); +void __bitmap_clear(unsigned long *map, unsigned int start, int len); + +static __always_inline void bitmap_set(unsigned long *map, unsigned int start, + unsigned int nbits) +{ + if (__builtin_constant_p(nbits) && nbits == 1) + __set_bit(start, map); + else if (__builtin_constant_p(start & BITMAP_MEM_MASK) && + IS_ALIGNED(start, BITMAP_MEM_ALIGNMENT) && + __builtin_constant_p(nbits & BITMAP_MEM_MASK) && + IS_ALIGNED(nbits, BITMAP_MEM_ALIGNMENT)) + memset((char *)map + start / 8, 0xff, nbits / 8); + else + __bitmap_set(map, start, nbits); +} + +static __always_inline void bitmap_clear(unsigned long *map, unsigned int start, + unsigned int nbits) +{ + if (__builtin_constant_p(nbits) && nbits == 1) + __clear_bit(start, map); + else if (__builtin_constant_p(start & BITMAP_MEM_MASK) && + IS_ALIGNED(start, BITMAP_MEM_ALIGNMENT) && + __builtin_constant_p(nbits & BITMAP_MEM_MASK) && + IS_ALIGNED(nbits, BITMAP_MEM_ALIGNMENT)) + memset((char *)map + start / 8, 0, nbits / 8); + else + __bitmap_clear(map, start, nbits); +} + +#endif diff --git a/arch/x86/boot/compressed/bits.h b/arch/x86/boot/compressed/bits.h new file mode 100644 index 000000000000..b0ffa007ee19 --- /dev/null +++ b/arch/x86/boot/compressed/bits.h @@ -0,0 +1,36 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#ifndef BOOT_BITS_H +#define BOOT_BITS_H +#define __LINUX_BITS_H /* Inhibit inclusion of */ + +#ifdef __ASSEMBLY__ +#define _AC(X,Y) X +#define _AT(T,X) X +#else +#define __AC(X,Y) (X##Y) +#define _AC(X,Y) __AC(X,Y) +#define _AT(T,X) ((T)(X)) +#endif + +#define _UL(x) (_AC(x, UL)) +#define _ULL(x) (_AC(x, ULL)) +#define UL(x) (_UL(x)) +#define ULL(x) (_ULL(x)) + +#define BIT(nr) (UL(1) << (nr)) +#define BIT_ULL(nr) (ULL(1) << (nr)) +#define BIT_MASK(nr) (UL(1) << ((nr) % BITS_PER_LONG)) +#define BIT_WORD(nr) ((nr) / BITS_PER_LONG) +#define BIT_ULL_MASK(nr) (ULL(1) << ((nr) % BITS_PER_LONG_LONG)) +#define BIT_ULL_WORD(nr) ((nr) / BITS_PER_LONG_LONG) +#define BITS_PER_BYTE 8 + +#define GENMASK(h, l) \ + (((~UL(0)) - (UL(1) << (l)) + 1) & \ + (~UL(0) >> (BITS_PER_LONG - 1 - (h)))) + +#define GENMASK_ULL(h, l) \ + (((~ULL(0)) - (ULL(1) << (l)) + 1) & \ + (~ULL(0) >> (BITS_PER_LONG_LONG - 1 - (h)))) + +#endif diff --git a/arch/x86/boot/compressed/find.c b/arch/x86/boot/compressed/find.c new file mode 100644 index 000000000000..b97a9e7c8085 --- /dev/null +++ b/arch/x86/boot/compressed/find.c @@ -0,0 +1,54 @@ +// SPDX-License-Identifier: GPL-2.0-only +#include "bitmap.h" +#include "find.h" +#include "math.h" +#include "minmax.h" + +static __always_inline unsigned long swab(const unsigned long y) +{ +#if __BITS_PER_LONG == 64 + return __builtin_bswap32(y); +#else /* __BITS_PER_LONG == 32 */ + return __builtin_bswap64(y); +#endif +} + +unsigned long _find_next_bit(const unsigned long *addr1, + const unsigned long *addr2, unsigned long nbits, + unsigned long start, unsigned long invert, unsigned long le) +{ + unsigned long tmp, mask; + + if (start >= nbits) + return nbits; + + tmp = addr1[start / BITS_PER_LONG]; + if (addr2) + tmp &= addr2[start / BITS_PER_LONG]; + tmp ^= invert; + + /* Handle 1st word. */ + mask = BITMAP_FIRST_WORD_MASK(start); + if (le) + mask = swab(mask); + + tmp &= mask; + + start = round_down(start, BITS_PER_LONG); + + while (!tmp) { + start += BITS_PER_LONG; + if (start >= nbits) + return nbits; + + tmp = addr1[start / BITS_PER_LONG]; + if (addr2) + tmp &= addr2[start / BITS_PER_LONG]; + tmp ^= invert; + } + + if (le) + tmp = swab(tmp); + + return min(start + __ffs(tmp), nbits); +} diff --git a/arch/x86/boot/compressed/find.h b/arch/x86/boot/compressed/find.h new file mode 100644 index 000000000000..903574b9d57a --- /dev/null +++ b/arch/x86/boot/compressed/find.h @@ -0,0 +1,79 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#ifndef BOOT_FIND_H +#define BOOT_FIND_H +#define __LINUX_FIND_H /* Inhibit inclusion of */ + +#include "../bitops.h" +#include "align.h" +#include "bits.h" + +unsigned long _find_next_bit(const unsigned long *addr1, + const unsigned long *addr2, unsigned long nbits, + unsigned long start, unsigned long invert, unsigned long le); + +/** + * find_next_bit - find the next set bit in a memory region + * @addr: The address to base the search on + * @offset: The bitnumber to start searching at + * @size: The bitmap size in bits + * + * Returns the bit number for the next set bit + * If no bits are set, returns @size. + */ +static inline +unsigned long find_next_bit(const unsigned long *addr, unsigned long size, + unsigned long offset) +{ + if (small_const_nbits(size)) { + unsigned long val; + + if (offset >= size) + return size; + + val = *addr & GENMASK(size - 1, offset); + return val ? __ffs(val) : size; + } + + return _find_next_bit(addr, NULL, size, offset, 0UL, 0); +} + +/** + * find_next_zero_bit - find the next cleared bit in a memory region + * @addr: The address to base the search on + * @offset: The bitnumber to start searching at + * @size: The bitmap size in bits + * + * Returns the bit number of the next zero bit + * If no bits are zero, returns @size. + */ +static inline +unsigned long find_next_zero_bit(const unsigned long *addr, unsigned long size, + unsigned long offset) +{ + if (small_const_nbits(size)) { + unsigned long val; + + if (offset >= size) + return size; + + val = *addr | ~GENMASK(size - 1, offset); + return val == ~0UL ? size : ffz(val); + } + + return _find_next_bit(addr, NULL, size, offset, ~0UL, 0); +} + +/** + * for_each_set_bitrange_from - iterate over all set bit ranges [b; e) + * @b: bit offset of start of current bitrange (first set bit); must be initialized + * @e: bit offset of end of current bitrange (first unset bit) + * @addr: bitmap address to base the search on + * @size: bitmap size in number of bits + */ +#define for_each_set_bitrange_from(b, e, addr, size) \ + for ((b) = find_next_bit((addr), (size), (b)), \ + (e) = find_next_zero_bit((addr), (size), (b) + 1); \ + (b) < (size); \ + (b) = find_next_bit((addr), (size), (e) + 1), \ + (e) = find_next_zero_bit((addr), (size), (b) + 1)) +#endif diff --git a/arch/x86/boot/compressed/math.h b/arch/x86/boot/compressed/math.h new file mode 100644 index 000000000000..f7eede84bbc2 --- /dev/null +++ b/arch/x86/boot/compressed/math.h @@ -0,0 +1,37 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#ifndef BOOT_MATH_H +#define BOOT_MATH_H +#define __LINUX_MATH_H /* Inhibit inclusion of */ + +/* + * + * This looks more complex than it should be. But we need to + * get the type for the ~ right in round_down (it needs to be + * as wide as the result!), and we want to evaluate the macro + * arguments just once each. + */ +#define __round_mask(x, y) ((__typeof__(x))((y)-1)) + +/** + * round_up - round up to next specified power of 2 + * @x: the value to round + * @y: multiple to round up to (must be a power of 2) + * + * Rounds @x up to next multiple of @y (which must be a power of 2). + * To perform arbitrary rounding up, use roundup() below. + */ +#define round_up(x, y) ((((x)-1) | __round_mask(x, y))+1) + +/** + * round_down - round down to next specified power of 2 + * @x: the value to round + * @y: multiple to round down to (must be a power of 2) + * + * Rounds @x down to next multiple of @y (which must be a power of 2). + * To perform arbitrary rounding down, use rounddown() below. + */ +#define round_down(x, y) ((x) & ~__round_mask(x, y)) + +#define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d)) + +#endif diff --git a/arch/x86/boot/compressed/minmax.h b/arch/x86/boot/compressed/minmax.h new file mode 100644 index 000000000000..4efd05673260 --- /dev/null +++ b/arch/x86/boot/compressed/minmax.h @@ -0,0 +1,61 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#ifndef BOOT_MINMAX_H +#define BOOT_MINMAX_H +#define __LINUX_MINMAX_H /* Inhibit inclusion of */ + +/* + * This returns a constant expression while determining if an argument is + * a constant expression, most importantly without evaluating the argument. + * Glory to Martin Uecker + */ +#define __is_constexpr(x) \ + (sizeof(int) == sizeof(*(8 ? ((void *)((long)(x) * 0l)) : (int *)8))) + +/* + * min()/max()/clamp() macros must accomplish three things: + * + * - avoid multiple evaluations of the arguments (so side-effects like + * "x++" happen only once) when non-constant. + * - perform strict type-checking (to generate warnings instead of + * nasty runtime surprises). See the "unnecessary" pointer comparison + * in __typecheck(). + * - retain result as a constant expressions when called with only + * constant expressions (to avoid tripping VLA warnings in stack + * allocation usage). + */ +#define __typecheck(x, y) \ + (!!(sizeof((typeof(x) *)1 == (typeof(y) *)1))) + +#define __no_side_effects(x, y) \ + (__is_constexpr(x) && __is_constexpr(y)) + +#define __safe_cmp(x, y) \ + (__typecheck(x, y) && __no_side_effects(x, y)) + +#define __cmp(x, y, op) ((x) op (y) ? (x) : (y)) + +#define __cmp_once(x, y, unique_x, unique_y, op) ({ \ + typeof(x) unique_x = (x); \ + typeof(y) unique_y = (y); \ + __cmp(unique_x, unique_y, op); }) + +#define __careful_cmp(x, y, op) \ + __builtin_choose_expr(__safe_cmp(x, y), \ + __cmp(x, y, op), \ + __cmp_once(x, y, __UNIQUE_ID(__x), __UNIQUE_ID(__y), op)) + +/** + * min - return minimum of two values of the same or compatible types + * @x: first value + * @y: second value + */ +#define min(x, y) __careful_cmp(x, y, <) + +/** + * max - return maximum of two values of the same or compatible types + * @x: first value + * @y: second value + */ +#define max(x, y) __careful_cmp(x, y, >) + +#endif diff --git a/arch/x86/boot/compressed/pgtable_types.h b/arch/x86/boot/compressed/pgtable_types.h new file mode 100644 index 000000000000..8f1d87a69efc --- /dev/null +++ b/arch/x86/boot/compressed/pgtable_types.h @@ -0,0 +1,25 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef BOOT_COMPRESSED_PGTABLE_TYPES_H +#define BOOT_COMPRESSED_PGTABLE_TYPES_H +#define _ASM_X86_PGTABLE_DEFS_H /* Inhibit inclusion of */ + +#define PAGE_SHIFT 12 + +#ifdef CONFIG_X86_64 +#define PTE_SHIFT 9 +#elif defined CONFIG_X86_PAE +#define PTE_SHIFT 9 +#else /* 2-level */ +#define PTE_SHIFT 10 +#endif + +enum pg_level { + PG_LEVEL_NONE, + PG_LEVEL_4K, + PG_LEVEL_2M, + PG_LEVEL_1G, + PG_LEVEL_512G, + PG_LEVEL_NUM +}; + +#endif From patchwork Sun May 7 23:46:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 13233949 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 09A19C77B75 for ; Sun, 7 May 2023 23:46:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 77C5E6B007E; Sun, 7 May 2023 19:46:40 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 705406B0080; Sun, 7 May 2023 19:46:40 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4E3876B0081; Sun, 7 May 2023 19:46:40 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 3CCD36B007E for ; Sun, 7 May 2023 19:46:40 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 069C71403E1 for ; Sun, 7 May 2023 23:46:40 +0000 (UTC) X-FDA: 80765096160.11.B4C1A65 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by imf11.hostedemail.com (Postfix) with ESMTP id C2B814000C for ; Sun, 7 May 2023 23:46:37 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=Ztu2MuUc; spf=none (imf11.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 134.134.136.126) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1683503198; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=6/Hs8CVa7v61ipgz7zqTG/KGe2TXOPjdHhBgbCq3keQ=; b=nMqdbc1/08UgDMC/xrZf5rUdz4+cc7JqaY5/1Qf1g0p1ALCIIq7i4dErncy2DJn5C/umFs g70u2oBPphMmAMzYC87u6eZlu+lWQD6uBhPG1opHPmAjqbGI3yifUSJ72CrZ5N5cQzinNa gZ9bAO8LkOa8vkreGQFG+USOsjexnro= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1683503198; a=rsa-sha256; cv=none; b=AupWaUYgPHsrgDrbl28B9n4tcDEdfE6buwOpZLIlXauzJjZMIsYZNDAL5aV0TX1RYCVlS1 b/nthB+h0AYkrFNBhdAwjwPtn69dWNCSEbn0LEeHBachJUzEiHPgXHdmi657zzJUiqhIhu m4ItnS+ws4JwP+OYDyfWLeWGiCwwYMc= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=Ztu2MuUc; spf=none (imf11.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 134.134.136.126) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1683503197; x=1715039197; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=NaT/juuKbBMptaBDgfUZ6LorMaWgDmTNBuDOmZykrPk=; b=Ztu2MuUceYDjDy/SRF9KpeVD1WyHaZiiLAkDMQzsdaAY4oSYhkt0hcBI Zvi6uYaITKA9yAGevFq+CyZTAFmvZc4rEi+0g7ZIfPwb8pyS31W+uAGFn R9uLEPQeE8kV/WpIOcW9l80fepzubWbZXMu58ZcEKyXmFh0tlUFIy+yHa hRaWTdkEFzA7ySRx5KoBrE4Oz/bXP82ovB4VeEiL0MKF0XJ9ix9LN/W88 Oez8s5Y1X1PUfFv5aUWLXCf+Dn5nV7u2wpDrU1UK9yrxHouuZdMruHnfY 46rgP/PxOv0mU+1m3I9B/fgvvahrVhpvnmr/1RYh5koiI55ZPI7qzKO/m A==; X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="333953485" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="333953485" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 16:46:30 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="675852934" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="675852934" Received: from dancaspi-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.252.61.73]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 16:46:22 -0700 Received: by box.shutemov.name (Postfix, from userid 1000) id 332AD10D1EA; Mon, 8 May 2023 02:46:20 +0300 (+03) From: "Kirill A. Shutemov" To: Borislav Petkov , Andy Lutomirski , Dave Hansen , Sean Christopherson , Andrew Morton , Joerg Roedel , Ard Biesheuvel Cc: Andi Kleen , Kuppuswamy Sathyanarayanan , David Rientjes , Vlastimil Babka , Tom Lendacky , Thomas Gleixner , Peter Zijlstra , Paolo Bonzini , Ingo Molnar , Dario Faggioli , Mike Rapoport , David Hildenbrand , Mel Gorman , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, aarcange@redhat.com, peterx@redhat.com, x86@kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv10 04/11] efi/x86: Implement support for unaccepted memory Date: Mon, 8 May 2023 02:46:11 +0300 Message-Id: <20230507234618.18067-5-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20230507234618.18067-1-kirill.shutemov@linux.intel.com> References: <20230507234618.18067-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: C2B814000C X-Stat-Signature: 8degrmhnxwny3e9f8ahpy3chps9qm17n X-Rspam-User: X-HE-Tag: 1683503197-710561 X-HE-Meta: U2FsdGVkX1+7UbHdh+B5TwZpg+n/9D61QWgTGxta9AsYHTKnm3aqOwKMSAnJXp6BLM37cHIW42m6MjXHNTpIcbPCIh+19CMiRTMq6sZxfgN50zAOv5qxFpsifH/+RVSSY23zF5Tjs99uB/qG+IzUglHIvpAGSTT5jZPEE4U7rxJeCzPWftOWtW4XakkEHjg/+Th8uIZYCvtsnZlRcmchNrZvtioEkePhfoHRmoflRE9TTUalfSD2nB1DquDTuQwf3zkeGJ2K33gOfQ1zBu9x1pagBGQgHLNJwq1OZBeq2NMYXCyXeU+RkDnZcv6yhR7OtOWahvSUoe1Nkg8TwVL201TH+ASkB2HVzez1WXhRQVnL5IXApYkJQ6oZzYBvZKisKXCHLhWmKnbNbmH4QqfrQJchKiEXQlFPz7w6sL5XnDAe7SYYe9lKgmQcrL23fa30OovwhvZKZAQnCN7N5z4uUceZFVwXxDXu0PmD0YotBxyL+EayNumw7WUFVsW4ZvrjDqz7FnUS3O3wOrRNLsdvLd0SHEsnR0ZXNbSccEW87hwUJiWdjTH0JeLVsOJ9aef+JxPDB0WV2z3SP9W8otdqtF8tL6CCd5CeNMFdsNNe8ToH+UzO086R/GoUfFiptQ5+Oyldlu4EaIlUxvAQuhG4C15cfbq9EUEOG9UQ1d3x4ccs2baWvV7vA9H40/d4EYiLNrbApi+zaAtq6pgtpwEYovLm1g1YUDkTkffyLla7qtViu/uH50X+L0onErS2Bdp9iR6NoMEDjmHycrR9mFUwZAAWvi/P/apM+IwLTZabc91A8SWftKjgIv/XMfNKcSAq3wXboLIbG6BXh+Lylz0uKbHMdJ1at7eWPS9rsHUjjwxgpyCB1lR8pnfW2pQWPmJLDau3644L0aXW0nVHSUvdt9IJNO67nHYld+1vyEM38VHhqhgxdYarGaToUdn72jV39OyE/k42KUp0eixKqRm f0tUNtUy XEXhJRQgpxC+YCnhMhm1xeLr4CHCexdbnpEassr+FPuHwSb22tegaeQnxvhghLPZVGacb/RWuzzsLUrE+eY+kbu1uNK12xRmeOXEecv15ROXqKqFyGin+p2mXApibNO7FgqVe5d/0gcWB4xg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: UEFI Specification version 2.9 introduces the concept of memory acceptance: Some Virtual Machine platforms, such as Intel TDX or AMD SEV-SNP, requiring memory to be accepted before it can be used by the guest. Accepting happens via a protocol specific for the Virtual Machine platform. Accepting memory is costly and it makes VMM allocate memory for the accepted guest physical address range. It's better to postpone memory acceptance until memory is needed. It lowers boot time and reduces memory overhead. The kernel needs to know what memory has been accepted. Firmware communicates this information via memory map: a new memory type -- EFI_UNACCEPTED_MEMORY -- indicates such memory. Range-based tracking works fine for firmware, but it gets bulky for the kernel: e820 has to be modified on every page acceptance. It leads to table fragmentation, but there's a limited number of entries in the e820 table Another option is to mark such memory as usable in e820 and track if the range has been accepted in a bitmap. One bit in the bitmap represents 2MiB in the address space: one 4k page is enough to track 64GiB or physical address space. In the worst-case scenario -- a huge hole in the middle of the address space -- It needs 256MiB to handle 4PiB of the address space. Any unaccepted memory that is not aligned to 2M gets accepted upfront. The bitmap is allocated and constructed in the EFI stub and passed down to the kernel via boot_params. allocate_e820() allocates the bitmap if unaccepted memory is present, according to the maximum address in the memory map. Signed-off-by: Kirill A. Shutemov --- Documentation/arch/x86/zero-page.rst | 1 + arch/x86/boot/compressed/Makefile | 1 + arch/x86/boot/compressed/mem.c | 73 ++++++++++++++++++++++++ arch/x86/include/asm/unaccepted_memory.h | 10 ++++ arch/x86/include/uapi/asm/bootparam.h | 2 +- drivers/firmware/efi/Kconfig | 14 +++++ drivers/firmware/efi/efi.c | 1 + drivers/firmware/efi/libstub/x86-stub.c | 65 +++++++++++++++++++++ include/linux/efi.h | 3 +- 9 files changed, 168 insertions(+), 2 deletions(-) create mode 100644 arch/x86/boot/compressed/mem.c create mode 100644 arch/x86/include/asm/unaccepted_memory.h diff --git a/Documentation/arch/x86/zero-page.rst b/Documentation/arch/x86/zero-page.rst index 45aa9cceb4f1..f21905e61ade 100644 --- a/Documentation/arch/x86/zero-page.rst +++ b/Documentation/arch/x86/zero-page.rst @@ -20,6 +20,7 @@ Offset/Size Proto Name Meaning 060/010 ALL ist_info Intel SpeedStep (IST) BIOS support information (struct ist_info) 070/008 ALL acpi_rsdp_addr Physical address of ACPI RSDP table +078/008 ALL unaccepted_memory Bitmap of unaccepted memory (1bit == 2M) 080/010 ALL hd0_info hd0 disk parameter, OBSOLETE!! 090/010 ALL hd1_info hd1 disk parameter, OBSOLETE!! 0A0/010 ALL sys_desc_table System description table (struct sys_desc_table), diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 6b6cfe607bdb..f62c02348f9a 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -107,6 +107,7 @@ endif vmlinux-objs-$(CONFIG_ACPI) += $(obj)/acpi.o vmlinux-objs-$(CONFIG_INTEL_TDX_GUEST) += $(obj)/tdx.o $(obj)/tdcall.o +vmlinux-objs-$(CONFIG_UNACCEPTED_MEMORY) += $(obj)/bitmap.o $(obj)/mem.o vmlinux-objs-$(CONFIG_EFI) += $(obj)/efi.o vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_mixed.o diff --git a/arch/x86/boot/compressed/mem.c b/arch/x86/boot/compressed/mem.c new file mode 100644 index 000000000000..6b15a0ed8b54 --- /dev/null +++ b/arch/x86/boot/compressed/mem.c @@ -0,0 +1,73 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include "../cpuflags.h" +#include "bitmap.h" +#include "error.h" +#include "math.h" + +#define PMD_SHIFT 21 +#define PMD_SIZE (_AC(1, UL) << PMD_SHIFT) +#define PMD_MASK (~(PMD_SIZE - 1)) + +static inline void __accept_memory(phys_addr_t start, phys_addr_t end) +{ + /* Platform-specific memory-acceptance call goes here */ + error("Cannot accept memory"); +} + +/* + * The accepted memory bitmap only works at PMD_SIZE granularity. Take + * unaligned start/end addresses and either: + * 1. Accepts the memory immediately and in its entirety + * 2. Accepts unaligned parts, and marks *some* aligned part unaccepted + * + * The function will never reach the bitmap_set() with zero bits to set. + */ +void process_unaccepted_memory(struct boot_params *params, u64 start, u64 end) +{ + /* + * Ensure that at least one bit will be set in the bitmap by + * immediately accepting all regions under 2*PMD_SIZE. This is + * imprecise and may immediately accept some areas that could + * have been represented in the bitmap. But, results in simpler + * code below + * + * Consider case like this: + * + * | 4k | 2044k | 2048k | + * ^ 0x0 ^ 2MB ^ 4MB + * + * Only the first 4k has been accepted. The 0MB->2MB region can not be + * represented in the bitmap. The 2MB->4MB region can be represented in + * the bitmap. But, the 0MB->4MB region is <2*PMD_SIZE and will be + * immediately accepted in its entirety. + */ + if (end - start < 2 * PMD_SIZE) { + __accept_memory(start, end); + return; + } + + /* + * No matter how the start and end are aligned, at least one unaccepted + * PMD_SIZE area will remain to be marked in the bitmap. + */ + + /* Immediately accept a unaccepted_memory, + start / PMD_SIZE, (end - start) / PMD_SIZE); +} diff --git a/arch/x86/include/asm/unaccepted_memory.h b/arch/x86/include/asm/unaccepted_memory.h new file mode 100644 index 000000000000..df0736d32858 --- /dev/null +++ b/arch/x86/include/asm/unaccepted_memory.h @@ -0,0 +1,10 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* Copyright (C) 2020 Intel Corporation */ +#ifndef _ASM_X86_UNACCEPTED_MEMORY_H +#define _ASM_X86_UNACCEPTED_MEMORY_H + +struct boot_params; + +void process_unaccepted_memory(struct boot_params *params, u64 start, u64 num); + +#endif diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h index 01d19fc22346..630a54046af0 100644 --- a/arch/x86/include/uapi/asm/bootparam.h +++ b/arch/x86/include/uapi/asm/bootparam.h @@ -189,7 +189,7 @@ struct boot_params { __u64 tboot_addr; /* 0x058 */ struct ist_info ist_info; /* 0x060 */ __u64 acpi_rsdp_addr; /* 0x070 */ - __u8 _pad3[8]; /* 0x078 */ + __u64 unaccepted_memory; /* 0x078 */ __u8 hd0_info[16]; /* obsolete! */ /* 0x080 */ __u8 hd1_info[16]; /* obsolete! */ /* 0x090 */ struct sys_desc_table sys_desc_table; /* obsolete! */ /* 0x0a0 */ diff --git a/drivers/firmware/efi/Kconfig b/drivers/firmware/efi/Kconfig index 043ca31c114e..231f1c70d1db 100644 --- a/drivers/firmware/efi/Kconfig +++ b/drivers/firmware/efi/Kconfig @@ -269,6 +269,20 @@ config EFI_COCO_SECRET virt/coco/efi_secret module to access the secrets, which in turn allows userspace programs to access the injected secrets. +config UNACCEPTED_MEMORY + bool + depends on EFI_STUB + help + Some Virtual Machine platforms, such as Intel TDX, require + some memory to be "accepted" by the guest before it can be used. + This mechanism helps prevent malicious hosts from making changes + to guest memory. + + UEFI specification v2.9 introduced EFI_UNACCEPTED_MEMORY memory type. + + This option adds support for unaccepted memory and makes such memory + usable by the kernel. + config EFI_EMBEDDED_FIRMWARE bool select CRYPTO_LIB_SHA256 diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index abeff7dc0b58..7dce06e419c5 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -843,6 +843,7 @@ static __initdata char memory_type_name[][13] = { "MMIO Port", "PAL Code", "Persistent", + "Unaccepted", }; char * __init efi_md_typeattr_format(char *buf, size_t size, diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index fff81843169c..1643ddbde249 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -15,6 +15,7 @@ #include #include #include +#include #include "efistub.h" @@ -613,6 +614,16 @@ setup_e820(struct boot_params *params, struct setup_data *e820ext, u32 e820ext_s e820_type = E820_TYPE_PMEM; break; + case EFI_UNACCEPTED_MEMORY: + if (!IS_ENABLED(CONFIG_UNACCEPTED_MEMORY)) { + efi_warn_once( +"The system has unaccepted memory, but kernel does not support it\nConsider enabling CONFIG_UNACCEPTED_MEMORY\n"); + continue; + } + e820_type = E820_TYPE_RAM; + process_unaccepted_memory(params, d->phys_addr, + d->phys_addr + PAGE_SIZE * d->num_pages); + break; default: continue; } @@ -677,6 +688,57 @@ static efi_status_t alloc_e820ext(u32 nr_desc, struct setup_data **e820ext, return status; } +static efi_status_t allocate_unaccepted_bitmap(struct boot_params *params, + __u32 nr_desc, + struct efi_boot_memmap *map) +{ + unsigned long *mem = NULL; + u64 size, max_addr = 0; + efi_status_t status; + bool found = false; + int i; + + /* Check if there's any unaccepted memory and find the max address */ + for (i = 0; i < nr_desc; i++) { + efi_memory_desc_t *d; + unsigned long m = (unsigned long)map->map; + + d = efi_early_memdesc_ptr(m, map->desc_size, i); + if (d->type == EFI_UNACCEPTED_MEMORY) + found = true; + if (d->phys_addr + d->num_pages * PAGE_SIZE > max_addr) + max_addr = d->phys_addr + d->num_pages * PAGE_SIZE; + } + + if (!found) { + params->unaccepted_memory = 0; + return EFI_SUCCESS; + } + + /* + * If unaccepted memory is present, allocate a bitmap to track what + * memory has to be accepted before access. + * + * One bit in the bitmap represents 2MiB in the address space: + * A 4k bitmap can track 64GiB of physical address space. + * + * In the worst case scenario -- a huge hole in the middle of the + * address space -- It needs 256MiB to handle 4PiB of the address + * space. + * + * The bitmap will be populated in setup_e820() according to the memory + * map after efi_exit_boot_services(). + */ + size = DIV_ROUND_UP(max_addr, PMD_SIZE * BITS_PER_BYTE); + status = efi_allocate_pages(size, (unsigned long *)&mem, ULONG_MAX); + if (status == EFI_SUCCESS) { + memset(mem, 0, size); + params->unaccepted_memory = (unsigned long)mem; + } + + return status; +} + static efi_status_t allocate_e820(struct boot_params *params, struct setup_data **e820ext, u32 *e820ext_size) @@ -697,6 +759,9 @@ static efi_status_t allocate_e820(struct boot_params *params, status = alloc_e820ext(nr_e820ext, e820ext, e820ext_size); } + if (IS_ENABLED(CONFIG_UNACCEPTED_MEMORY) && status == EFI_SUCCESS) + status = allocate_unaccepted_bitmap(params, nr_desc, map); + efi_bs_call(free_pool, map); return status; } diff --git a/include/linux/efi.h b/include/linux/efi.h index 7aa62c92185f..efbe14641638 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -108,7 +108,8 @@ typedef struct { #define EFI_MEMORY_MAPPED_IO_PORT_SPACE 12 #define EFI_PAL_CODE 13 #define EFI_PERSISTENT_MEMORY 14 -#define EFI_MAX_MEMORY_TYPE 15 +#define EFI_UNACCEPTED_MEMORY 15 +#define EFI_MAX_MEMORY_TYPE 16 /* Attribute values: */ #define EFI_MEMORY_UC ((u64)0x0000000000000001ULL) /* uncached */ From patchwork Sun May 7 23:46:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 13233955 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1888FC7EE2C for ; Sun, 7 May 2023 23:46:52 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1625E6B0087; Sun, 7 May 2023 19:46:48 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0EB3F6B0088; Sun, 7 May 2023 19:46:48 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E7FDC6B0089; Sun, 7 May 2023 19:46:47 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id CF90D6B0087 for ; Sun, 7 May 2023 19:46:47 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id A9BBC1401DB for ; Sun, 7 May 2023 23:46:47 +0000 (UTC) X-FDA: 80765096454.06.11E26DF Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by imf29.hostedemail.com (Postfix) with ESMTP id 80F71120002 for ; Sun, 7 May 2023 23:46:45 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b="FLflC/PR"; spf=none (imf29.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 192.55.52.115) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1683503205; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=s2l9L+PPZsIlZ0I0XFYzxl9BcDX1nwLLyMqKbsnyUDA=; b=CCPon1Sabv8ajeE7A6UoMbN2gJByLItGcenM6h7h4mE1c4lwwS98ZvLeTACkj0WfewoSdA 8FzEg/6CWVfskUQa1vyPLxqdxzKvtizrFct3C6k72U0+7RejQY70t9B9lmj/xSNZjvpWf+ Hg1rkbCT5rxDoGxXAo1idPulchoEXCg= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1683503205; a=rsa-sha256; cv=none; b=gRLEmGxaeuE37dkwcvOYpDiM9Dh0GY4gvY9upd0dRtnYtO8Ga2KJK6U5/83XwboO8iwXgU eYOAeL6d5IA3es7TGELYCPtDKkvvYsjp1euBqJounUYN/y6vjkv/0PCcETjuGORPYqY/Qj FNA2R7brnPjQotzbeQkJ6xnlEHnVoZ8= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b="FLflC/PR"; spf=none (imf29.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 192.55.52.115) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1683503205; x=1715039205; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Y619tJKuPjwZ/y2uw6gP6ILX0dPH5S7/IjFdg41hRrw=; b=FLflC/PRTE6kxHP+Ng6fnPFNFJya0Zf1sZYFjUoV7UYvp8MmMxlPlN0M k1xchpA3IypdQu83B4hzwNJL0IA6XWjdnFv0zo/JuuXj8QBR90N0x5/r4 9buXRh9tit7cdw8YfrOt9elqQUbDUmfrRUAFETdN8L/dr3Qd882LJkK5A UI19PzXYvWzc5lcRDKvAQWoKiSDb2tXDSlHiok2n8kTSv4iYp6vNoCYD8 Y8DLemfFrmXs9PF7vmOJeMfAoM8HZaaoxZLA86RuMlufojW2dCOXczys/ r2/8oDSmjRldpiqWkLPwkcvZxany5tBcLa4LQpm/O4soaxaAQWyjO1uGW g==; X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="349550274" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="349550274" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 16:46:39 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="701222808" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="701222808" Received: from dancaspi-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.252.61.73]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 16:46:31 -0700 Received: by box.shutemov.name (Postfix, from userid 1000) id 3C28910D1EB; Mon, 8 May 2023 02:46:20 +0300 (+03) From: "Kirill A. Shutemov" To: Borislav Petkov , Andy Lutomirski , Dave Hansen , Sean Christopherson , Andrew Morton , Joerg Roedel , Ard Biesheuvel Cc: Andi Kleen , Kuppuswamy Sathyanarayanan , David Rientjes , Vlastimil Babka , Tom Lendacky , Thomas Gleixner , Peter Zijlstra , Paolo Bonzini , Ingo Molnar , Dario Faggioli , Mike Rapoport , David Hildenbrand , Mel Gorman , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, aarcange@redhat.com, peterx@redhat.com, x86@kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv10 05/11] x86/boot/compressed: Handle unaccepted memory Date: Mon, 8 May 2023 02:46:12 +0300 Message-Id: <20230507234618.18067-6-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20230507234618.18067-1-kirill.shutemov@linux.intel.com> References: <20230507234618.18067-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: 80F71120002 X-Rspam-User: X-Rspamd-Server: rspam06 X-Stat-Signature: qcw138r58m49i6fj9bafaczchc15w7iu X-HE-Tag: 1683503205-374371 X-HE-Meta: U2FsdGVkX199Kpu5hoSpB5c6frLAAgXSLlyHlo67zUeHpwQ3DNK/rVcowWqYwhTjBhibe58019HNNNJyxPp+k9KiGbTaUbLUUkUVg5wC2NrFZSAPUC6h5nYcZC9RI4JZX0ImLXFUFUj8YAZTUmuLm8XoVbDMvsDwFYDYd9caeNloCJWdIh3QeMp8sZ+JI8VMUiiAvmo1zwgZTKBlX/6QiY5v2o5WKa2F2QXChxLgcr66xf2v7mMDP3J1LZ3Qdoil3Isl7uuP1lILNCZmFV6D9YwAB+cm0PXEeQHvVBJPEXB75kN+YOtP8D05TlEtA9s/5FNDgr9lhd0m09evQmoA1bXSlR/j/9fl4vIcB5MOPLEJlSmpiTfClnBKbQs9OYlg8+aVz1sbJdU3/Sg4Y1XVsCRSl8luQyRNjapmjss/qbAmfq1EttJFfI7viCq6FMjjrOwdM2nCGUL1oCekMnNWTef41jS6zgymwH/G7kBBIRT/KxBeu6SyAkg9sncUR3QHjiqX+Qy01dMwZWPkk4nU7kFPk5IgtF0dxtu4ngUImMO6eTrcaVL9+ppyHDbOI7+TOOLwMh81r+UGvOrBmrCWTCJmbLa9Poblxd0HmXEbU5oPwuzNwTiQY1YUlP4cKQYQn+KqCdad+WjL3j79dLJy5TewbSjFAP7tnQqpGAsLDijyOsiSETnM4CLDKQ2+iAYwgp8qonQySvhSZyyczQL/STzBEaN1bfc4qY0jPCd7ArLE6G/o9s+X+WW2CcouyD09PstEUWVdKk0iYkSOfQIpAyrMzKeIt5iikIDlmNR19Rbyws69W9Lx9uVtprmCEAIMS1RgpvhsT79OU22Vf1/jGI8hjTtWTk6cl5+EWBG+BSjL38cLqwTtqnjtVI0gnYXUu0Jf/nqhASqCMywWXQjWElA3JLjVfDmfAqk4HH3d/ZDLDaYGUHpbBUfCI1DWvAyp5JCZfJU0+9d8RGX8HCQ NzuWKeLm sbrUIdMUym8Pvl9Vruh6loWmPt+efjXhlGHqanh/mQb6BHf8lEcUftktoKbYk8RuvmuT9UBoN1BKzfBiFVDZSWauP1qSmyv0khVafxFn2AIQ4jGQsCaGNbcn9j4oCbGcIfVpjK4Rax/DRMFI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The firmware will pre-accept the memory used to run the stub. But, the stub is responsible for accepting the memory into which it decompresses the main kernel. Accept memory just before decompression starts. The stub is also responsible for choosing a physical address in which to place the decompressed kernel image. The KASLR mechanism will randomize this physical address. Since the unaccepted memory region is relatively small, KASLR would be quite ineffective if it only used the pre-accepted area (EFI_CONVENTIONAL_MEMORY). Ensure that KASLR randomizes among the entire physical address space by also including EFI_UNACCEPTED_MEMORY. Signed-off-by: Kirill A. Shutemov Acked-by: Ard Biesheuvel --- arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/efi.h | 1 + arch/x86/boot/compressed/kaslr.c | 35 ++++++++++++++++-------- arch/x86/boot/compressed/mem.c | 18 ++++++++++++ arch/x86/boot/compressed/misc.c | 6 ++++ arch/x86/boot/compressed/misc.h | 6 ++++ arch/x86/include/asm/unaccepted_memory.h | 2 ++ 7 files changed, 57 insertions(+), 13 deletions(-) diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index f62c02348f9a..74f7adee46ad 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -107,7 +107,7 @@ endif vmlinux-objs-$(CONFIG_ACPI) += $(obj)/acpi.o vmlinux-objs-$(CONFIG_INTEL_TDX_GUEST) += $(obj)/tdx.o $(obj)/tdcall.o -vmlinux-objs-$(CONFIG_UNACCEPTED_MEMORY) += $(obj)/bitmap.o $(obj)/mem.o +vmlinux-objs-$(CONFIG_UNACCEPTED_MEMORY) += $(obj)/bitmap.o $(obj)/find.o $(obj)/mem.o vmlinux-objs-$(CONFIG_EFI) += $(obj)/efi.o vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_mixed.o diff --git a/arch/x86/boot/compressed/efi.h b/arch/x86/boot/compressed/efi.h index 7db2f41b54cd..cf475243b6d5 100644 --- a/arch/x86/boot/compressed/efi.h +++ b/arch/x86/boot/compressed/efi.h @@ -32,6 +32,7 @@ typedef struct { } efi_table_hdr_t; #define EFI_CONVENTIONAL_MEMORY 7 +#define EFI_UNACCEPTED_MEMORY 15 #define EFI_MEMORY_MORE_RELIABLE \ ((u64)0x0000000000010000ULL) /* higher reliability */ diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c index 454757fbdfe5..749f0fe7e446 100644 --- a/arch/x86/boot/compressed/kaslr.c +++ b/arch/x86/boot/compressed/kaslr.c @@ -672,6 +672,28 @@ static bool process_mem_region(struct mem_vector *region, } #ifdef CONFIG_EFI + +/* + * Only EFI_CONVENTIONAL_MEMORY and EFI_UNACCEPTED_MEMORY (if supported) are + * guaranteed to be free. + * + * It is more conservative in picking free memory than the EFI spec allows: + * + * According to the spec, EFI_BOOT_SERVICES_{CODE|DATA} are also free memory + * and thus available to place the kernel image into, but in practice there's + * firmware where using that memory leads to crashes. + */ +static inline bool memory_type_is_free(efi_memory_desc_t *md) +{ + if (md->type == EFI_CONVENTIONAL_MEMORY) + return true; + + if (md->type == EFI_UNACCEPTED_MEMORY) + return IS_ENABLED(CONFIG_UNACCEPTED_MEMORY); + + return false; +} + /* * Returns true if we processed the EFI memmap, which we prefer over the E820 * table if it is available. @@ -716,18 +738,7 @@ process_efi_entries(unsigned long minimum, unsigned long image_size) for (i = 0; i < nr_desc; i++) { md = efi_early_memdesc_ptr(pmap, e->efi_memdesc_size, i); - /* - * Here we are more conservative in picking free memory than - * the EFI spec allows: - * - * According to the spec, EFI_BOOT_SERVICES_{CODE|DATA} are also - * free memory and thus available to place the kernel image into, - * but in practice there's firmware where using that memory leads - * to crashes. - * - * Only EFI_CONVENTIONAL_MEMORY is guaranteed to be free. - */ - if (md->type != EFI_CONVENTIONAL_MEMORY) + if (!memory_type_is_free(md)) continue; if (efi_soft_reserve_enabled() && diff --git a/arch/x86/boot/compressed/mem.c b/arch/x86/boot/compressed/mem.c index 6b15a0ed8b54..de858a5180b6 100644 --- a/arch/x86/boot/compressed/mem.c +++ b/arch/x86/boot/compressed/mem.c @@ -3,12 +3,15 @@ #include "../cpuflags.h" #include "bitmap.h" #include "error.h" +#include "find.h" #include "math.h" #define PMD_SHIFT 21 #define PMD_SIZE (_AC(1, UL) << PMD_SHIFT) #define PMD_MASK (~(PMD_SIZE - 1)) +extern struct boot_params *boot_params; + static inline void __accept_memory(phys_addr_t start, phys_addr_t end) { /* Platform-specific memory-acceptance call goes here */ @@ -71,3 +74,18 @@ void process_unaccepted_memory(struct boot_params *params, u64 start, u64 end) bitmap_set((unsigned long *)params->unaccepted_memory, start / PMD_SIZE, (end - start) / PMD_SIZE); } + +void accept_memory(phys_addr_t start, phys_addr_t end) +{ + unsigned long range_start, range_end; + unsigned long *bitmap, bitmap_size; + + bitmap = (unsigned long *)boot_params->unaccepted_memory; + range_start = start / PMD_SIZE; + bitmap_size = DIV_ROUND_UP(end, PMD_SIZE); + + for_each_set_bitrange_from(range_start, range_end, bitmap, bitmap_size) { + __accept_memory(range_start * PMD_SIZE, range_end * PMD_SIZE); + bitmap_clear(bitmap, range_start, range_end - range_start); + } +} diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c index 014ff222bf4b..186bfd53e042 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -455,6 +455,12 @@ asmlinkage __visible void *extract_kernel(void *rmode, memptr heap, #endif debug_putstr("\nDecompressing Linux... "); + + if (boot_params->unaccepted_memory) { + debug_putstr("Accepting memory... "); + accept_memory(__pa(output), __pa(output) + needed_size); + } + __decompress(input_data, input_len, NULL, NULL, output, output_len, NULL, error); entry_offset = parse_elf(output); diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h index 2f155a0e3041..9663d1839f54 100644 --- a/arch/x86/boot/compressed/misc.h +++ b/arch/x86/boot/compressed/misc.h @@ -247,4 +247,10 @@ static inline unsigned long efi_find_vendor_table(struct boot_params *bp, } #endif /* CONFIG_EFI */ +#ifdef CONFIG_UNACCEPTED_MEMORY +void accept_memory(phys_addr_t start, phys_addr_t end); +#else +static inline void accept_memory(phys_addr_t start, phys_addr_t end) {} +#endif + #endif /* BOOT_COMPRESSED_MISC_H */ diff --git a/arch/x86/include/asm/unaccepted_memory.h b/arch/x86/include/asm/unaccepted_memory.h index df0736d32858..41fbfc798100 100644 --- a/arch/x86/include/asm/unaccepted_memory.h +++ b/arch/x86/include/asm/unaccepted_memory.h @@ -7,4 +7,6 @@ struct boot_params; void process_unaccepted_memory(struct boot_params *params, u64 start, u64 num); +void accept_memory(phys_addr_t start, phys_addr_t end); + #endif From patchwork Sun May 7 23:46:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 13233956 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 882A0C77B75 for ; Sun, 7 May 2023 23:46:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 754F96B0088; Sun, 7 May 2023 19:46:49 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7060C6B0089; Sun, 7 May 2023 19:46:49 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 509C26B008A; Sun, 7 May 2023 19:46:49 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 3A2DD6B0088 for ; Sun, 7 May 2023 19:46:49 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 10FB91A0288 for ; Sun, 7 May 2023 23:46:49 +0000 (UTC) X-FDA: 80765096538.28.5DEB69A Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by imf22.hostedemail.com (Postfix) with ESMTP id E6ACBC0003 for ; Sun, 7 May 2023 23:46:46 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=gMSAfSx8; spf=none (imf22.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 192.55.52.115) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1683503207; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=SxAVKXcnaB18uGCScmaGm0KtqOzQ9BlZ2AI3oJdJlic=; b=vIQ/CNrvDbmkTNxH7nWIEsVFAJiDevhVMd2lwtW5LgLwyOsfPoWYmnlLoByo0MsVgNXAsA yV70S/WR5cS7JVfNYDKUQ8JBSSRzjvHAl4HJ40rS4NgaDcOMbNSQXS03/0vS7RxWvSgoBY Qun3YUO/xpQ2ND8N5pK/QaiAna9Mjhs= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1683503207; a=rsa-sha256; cv=none; b=N+RvYjTh6C/wSQ5nlkC/Zh3UV00b8+JP4RW8Jnvwk3K3jjXlVM4xEVP/52w/QEITqGV3h9 48LLHS2x9dnEXrdMvbQ5RTkmbblSlQx5Z4xa9+uJtvNlRQwnikGZsR51f4PHDcVr1W8MkJ DlUNCttO3biD5ZmMs0lMGflkxinvvvk= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=gMSAfSx8; spf=none (imf22.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 192.55.52.115) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1683503207; x=1715039207; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=XL6vN5u+KeCOGSvPKGIDg51xwwNZ7oq3J9d7SYKdrYE=; b=gMSAfSx8893oi4lAInR0ccjfUNDoZ08LIc1JYC/ulDrKmqr4zNGjoFV4 ol3xrXrrhRoiUT1otSYrN8APA1Ltb7P/plICLhy305gU3JWNsJbPqfYlL CgDTCcxTn3rOWdVcXDzVkuwt9tDyF0zHRjQOY0jphEv8odXNyvr84xpqK SOIvToiBhF5Vz/ioAPGSpaUvhuGx1bRtsAv8LzhZv4b5+dNBOH5HqAKLu Sfkx0r8zBIcju1/51AHrD00bSFIB69aNTwnjOeEDwIY0LatBRdec9NBm0 pwjN7DU+s8wsWKIXvMxhSw5utaK+RtTZaEmYAv5HNChIJBXSUP/zrYNvc A==; X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="349550288" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="349550288" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 16:46:39 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="701222810" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="701222810" Received: from dancaspi-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.252.61.73]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 16:46:32 -0700 Received: by box.shutemov.name (Postfix, from userid 1000) id 47A4610D334; Mon, 8 May 2023 02:46:20 +0300 (+03) From: "Kirill A. Shutemov" To: Borislav Petkov , Andy Lutomirski , Dave Hansen , Sean Christopherson , Andrew Morton , Joerg Roedel , Ard Biesheuvel Cc: Andi Kleen , Kuppuswamy Sathyanarayanan , David Rientjes , Vlastimil Babka , Tom Lendacky , Thomas Gleixner , Peter Zijlstra , Paolo Bonzini , Ingo Molnar , Dario Faggioli , Mike Rapoport , David Hildenbrand , Mel Gorman , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, aarcange@redhat.com, peterx@redhat.com, x86@kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" , Mike Rapoport Subject: [PATCHv10 06/11] x86/mm: Reserve unaccepted memory bitmap Date: Mon, 8 May 2023 02:46:13 +0300 Message-Id: <20230507234618.18067-7-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20230507234618.18067-1-kirill.shutemov@linux.intel.com> References: <20230507234618.18067-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: E6ACBC0003 X-Stat-Signature: iinqjm333uznksa1x8w18fpwm5anwrkg X-Rspam-User: X-Rspamd-Server: rspam09 X-HE-Tag: 1683503206-922130 X-HE-Meta: U2FsdGVkX18YJAjvycaADX/g0x4JuR8XFZy42gfD5ljbPN1f/dYhk+42MUsJoQbEUFFKVIdBvgayAMHGD0fhRtYjjNNWtz+QMqXfRnxwEYBwETFWd/m0yEVTUTFUMT83SpCkBJTTyJVqz4CLigd1NK0zi1r1yk6ojId/aFlIvQcE4LX6y5xZ9/GLCCir7fFPytgg49nAdHmIVW8Xjxi6f1VpUFqcR+LCALB0BZrExpCaDEwEciu1X1KcNRcV2D5xndJooz+bU2vidYH/bytI6vUCEXKvN5z5G4E1CBZ6yrzhlYsPswLTW1AHMiXcT3vJCpyabIaRmPmrwBmYtTgXap/hY+1AtT2AugyKVKEGtB1sWC2NP1v7VUs604X4oKGmSHvqlbcjVP4j7IC6417Msth6hWMC4PKziKl+x5OGgwwOMhHmJGVDR97HSqeriRWmOc9suBrrFIJbDuZ+W3L9fxSyYxdYIZGx3/TUHR9hMod5iUC+yYTdhZcHhf4BIDlwmb+4QvOpREmlD32i1RPfPCxsKeqXm1DT/o+ZgcJCN7CuVOA376iVrAhILa5ugGY39I4cRlIi2ly63zq67tr537OrVDg6Wz/daoEo67aS8mxSxp3QdN8/pEnXY7T8duch5VSwtjTiqiEQw2sYpHD7E/FFppFyenl/hAeDHxMEZDE250AYAJAZ9SWBWAUH/Fuay5cCVqlaEObkI4hDQDbNZpn23wpmnuKHUh6donlIGEz3R0x1xCOBUzWo7NkuAKott0ZI4wzMtpeK7ZX/F1crhS5HDJXyAK+4ALTHD1d8N1Kmzf0d4lVVkvmdW0qiitI3cipxdBTH72gg7Wr/OojVo7KHpX/9MjTiTbJFjW3VtUuKmwMPjfSgeG/hXMSypj8+cJ8rrabGfEyoup1pUOgqYL5+dKLzVBzaxaNIWDDIPew6lXZI+idW/ivaM6gBp5Q4cwnBqzKP6ly1dLExx6U frIZ2s0y /3GwYkJFDuxT7xN+T8y0NcaiVP5PvwziTHk59QRn2b0WBshhUAIEpa18qvV28gPC7Ux5AUHtsKeCtWVQnYiLusbM7eVG292gi6BLYMxvN/xmNgqosV2RmphP0rcroKVbW46YVQXeGZMnCvm26INuBfmFHO0Gt0vn4Tjtj X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: A given page of memory can only be accepted once. The kernel has to accept memory both in the early decompression stage and during normal runtime. A bitmap is used to communicate the acceptance state of each page between the decompression stage and normal runtime. boot_params is used to communicate location of the bitmap throughout the boot. The bitmap is allocated and initially populated in EFI stub. Decompression stage accepts pages required for kernel/initrd and marks these pages accordingly in the bitmap. The main kernel picks up the bitmap from the same boot_params and uses it to determine what has to be accepted on allocation. In the runtime kernel, reserve the bitmap's memory to ensure nothing overwrites it. The size of bitmap is determined with e820__end_of_ram_pfn() which relies on setup_e820() marking unaccepted memory as E820_TYPE_RAM. Signed-off-by: Kirill A. Shutemov Acked-by: Mike Rapoport --- arch/x86/kernel/e820.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/arch/x86/kernel/e820.c b/arch/x86/kernel/e820.c index fb8cf953380d..483c36a28d2e 100644 --- a/arch/x86/kernel/e820.c +++ b/arch/x86/kernel/e820.c @@ -1316,6 +1316,23 @@ void __init e820__memblock_setup(void) int i; u64 end; + /* + * Mark unaccepted memory bitmap reserved. + * + * This kind of reservation usually done from early_reserve_memory(), + * but early_reserve_memory() called before e820__memory_setup(), so + * e820_table is not finalized and e820__end_of_ram_pfn() cannot be + * used to get correct RAM size. + */ + if (boot_params.unaccepted_memory) { + unsigned long size; + + /* One bit per 2MB */ + size = DIV_ROUND_UP(e820__end_of_ram_pfn() * PAGE_SIZE, + PMD_SIZE * BITS_PER_BYTE); + memblock_reserve(boot_params.unaccepted_memory, size); + } + /* * The bootstrap memblock region count maximum is 128 entries * (INIT_MEMBLOCK_REGIONS), but EFI might pass us more E820 entries From patchwork Sun May 7 23:46:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 13233950 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C2590C7EE22 for ; Sun, 7 May 2023 23:46:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5A6E76B0080; Sun, 7 May 2023 19:46:44 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 52F646B0081; Sun, 7 May 2023 19:46:44 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3A9396B0082; Sun, 7 May 2023 19:46:44 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 244BF6B0080 for ; Sun, 7 May 2023 19:46:44 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id EFD6D1A03F1 for ; Sun, 7 May 2023 23:46:43 +0000 (UTC) X-FDA: 80765096286.27.17107E5 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by imf17.hostedemail.com (Postfix) with ESMTP id BD37140009 for ; Sun, 7 May 2023 23:46:41 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=bxFX0ajp; spf=none (imf17.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 134.134.136.126) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1683503202; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=jIUiMzRZmjN22DK9+hQvhuVQsg2FufEr/pUGXFgijKU=; b=Wqnz0x4j31Inejjw17syocZ9xI69I/TCBmnn8/+nxjrgrmDavdD/Ny7gsVC2xORJ+LKhAw FbuqELJpA+gYlWrFFy2kvkwsHbaVjOnfjGR5cGQBNlu3yo9Csme3uTzAbj17iZd07auzFJ d4xTEfpBW4BACuaOiWHVOjX2Vq7HSiU= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1683503202; a=rsa-sha256; cv=none; b=KWYuL0LBeoQt6XMRgqJJgoe2TweIFmFuNMMoqhJUBzXtEGkjIUuiO+5nDlaSi6tznrTtiB ZKY/449ffiQ2RsMXpPy7UasGTXfzEEZdfLhuFkybp9X7VNwsGgYFek9MJQPaDgZfVGKHdI iWhM1MSBf0A9efsrB8KPRKxAIrbKk6g= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=bxFX0ajp; spf=none (imf17.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 134.134.136.126) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1683503202; x=1715039202; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=gf4ahacUkHLsgr0L6SRROIOspGC7mKmz2423NAe8qwk=; b=bxFX0ajptPlksyf0eHzPbkzpB2sOOt7ygtkiWZnL6nNyCl8S1oVipU4+ 6lRydv4IDrJS+s5Bt/+yepZA2YTm+Mm7Cn44z9YhlcS/3vO1GJQZhSMu0 xZ+QNwKV7ip4YMd1oIAyaskGHCiJvSd34KuRGgXD8gGzeXMTN6V1eboFO FOu479TSPGFx27qIZAAiZ2JztRZANHwo1LMPDGit2HIEA+071BZ/gjCSB U4wlmpX0wRPX5SklPWGkvWHd9JeoZFdl/dvVQr90C9HRG3S9zu5dqY5nO rMNj2sF/n78XxsiQ3piMXTB6hfw05Lt2oi4xhSR7QhzVX+CCJE30THrBn Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="333953538" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="333953538" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 16:46:40 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="675852968" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="675852968" Received: from dancaspi-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.252.61.73]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 16:46:32 -0700 Received: by box.shutemov.name (Postfix, from userid 1000) id 53CDB10D33B; Mon, 8 May 2023 02:46:20 +0300 (+03) From: "Kirill A. Shutemov" To: Borislav Petkov , Andy Lutomirski , Dave Hansen , Sean Christopherson , Andrew Morton , Joerg Roedel , Ard Biesheuvel Cc: Andi Kleen , Kuppuswamy Sathyanarayanan , David Rientjes , Vlastimil Babka , Tom Lendacky , Thomas Gleixner , Peter Zijlstra , Paolo Bonzini , Ingo Molnar , Dario Faggioli , Mike Rapoport , David Hildenbrand , Mel Gorman , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, aarcange@redhat.com, peterx@redhat.com, x86@kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv10 07/11] x86/mm: Provide helpers for unaccepted memory Date: Mon, 8 May 2023 02:46:14 +0300 Message-Id: <20230507234618.18067-8-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20230507234618.18067-1-kirill.shutemov@linux.intel.com> References: <20230507234618.18067-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: BD37140009 X-Rspam-User: X-Rspamd-Server: rspam06 X-Stat-Signature: 3fs8t9gwefyphfrbeowxs83b3hibo3w7 X-HE-Tag: 1683503201-95247 X-HE-Meta: U2FsdGVkX19pK9UVOTL0g2fn5P9DkbJdPRoKT0vREL/DoZeFSVXhZ2W2OMG75qd/vIijQnTHx/pmx4AObNb6oi0tvJ0L8EHPrnmk/YGT+Apzj8Mt0jWahptLKW9058HVd9XXmTEMElzOTd5+SwO+hCGm0xuyKikvSX6YXaXU0lEXJrcjGI5V1gBABwnaxpE59BA4ccvZCMLkf0dq0MOk1LNg1oDdY6Lzpw/X4tcGay7VpvdZ8rXDeryLy4fo0xSudQ7KVC+SNhU9Q0foWwkvl7sZH/Bn3/VM0jwzgC3p/EuXEGuKpH0HZSPmuYDt4ZJQ79ePQRHCMJa9Km+gZCtWZR52oispCxt9XSimBiF/Xg2KogYCcNATgupDItbcp+6We1MuftRxBaVaclIVSoGCjp0Sb3Uxv0MGb/UHH1jn8pC2uhS52MWSMUjtp1g5mdcanSrY5Fval9Pb0l1ojPputQWL/R4X/Uqk5QeWUOVYxxAqWL1/SD3OAIgaHia0lb3EnXaTo12O9+Gi867+yDJwPvF/vy8kAqmxOyig+qY6ct/xVblgueGoc24keFxLehWdDDqSHyaMTpXvC7DPh1aneGAJ4SmcOUbo0a5L7rR8EqWIcRn951L3EApEw5eW2B9xfRGx/IxVbpifgmF4KmLF34ntPuU/c/zNyliQslunfHocgMZq2zIo0lVvvy0fa4dhRSEAKma56Mnbn0Bz4k6arI0MWLCSrUzLjW52M3qeM6HFHuZYZ1zNauJ63ejBJIwW+65qa5UwJquQ4rq6x6Xm7L7Jz2nDIEr/vvjp5oIT8xVE9olAF+jLMK/P7BFOyBHktb0xHISUSZrGK4a8fjqd3vR2yu6PdMe2NnD6g0OKzNk6UBVjd58DFANKtVJ6MMC/CbG45nenPG2mQGk7kGCg4cPlG3fZxI/2BUGIRqZcVDQNaXWt9N6lT0DQ+FJNcenyum4EavvatuDylnDU4a3 16WCEpHz w2vkmsBo+uDCHENY9BFsQmcwC3fKkBharpOIov+mZaDnOVYorXEPyipCzuVbHSVpsZ2jsG1MZuDmhDTT9m40ekfK/WiJYf3gMU2ZZyUs6ar6kws/OQgEOASdN88oqs6dFh+KoxSGQKZRHm+M= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Core-mm requires few helpers to support unaccepted memory: - accept_memory() checks the range of addresses against the bitmap and accept memory if needed. - range_contains_unaccepted_memory() checks if anything within the range requires acceptance. Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/page.h | 3 ++ arch/x86/include/asm/unaccepted_memory.h | 4 ++ arch/x86/mm/Makefile | 2 + arch/x86/mm/unaccepted_memory.c | 61 ++++++++++++++++++++++++ 4 files changed, 70 insertions(+) create mode 100644 arch/x86/mm/unaccepted_memory.c diff --git a/arch/x86/include/asm/page.h b/arch/x86/include/asm/page.h index d18e5c332cb9..4bab2bb2c9c0 100644 --- a/arch/x86/include/asm/page.h +++ b/arch/x86/include/asm/page.h @@ -19,6 +19,9 @@ struct page; #include + +#include + extern struct range pfn_mapped[]; extern int nr_pfn_mapped; diff --git a/arch/x86/include/asm/unaccepted_memory.h b/arch/x86/include/asm/unaccepted_memory.h index 41fbfc798100..89fc91c61560 100644 --- a/arch/x86/include/asm/unaccepted_memory.h +++ b/arch/x86/include/asm/unaccepted_memory.h @@ -7,6 +7,10 @@ struct boot_params; void process_unaccepted_memory(struct boot_params *params, u64 start, u64 num); +#ifdef CONFIG_UNACCEPTED_MEMORY + void accept_memory(phys_addr_t start, phys_addr_t end); +bool range_contains_unaccepted_memory(phys_addr_t start, phys_addr_t end); #endif +#endif diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile index c80febc44cd2..b0ef1755e5c8 100644 --- a/arch/x86/mm/Makefile +++ b/arch/x86/mm/Makefile @@ -67,3 +67,5 @@ obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt_amd.o obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt_identity.o obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt_boot.o + +obj-$(CONFIG_UNACCEPTED_MEMORY) += unaccepted_memory.o diff --git a/arch/x86/mm/unaccepted_memory.c b/arch/x86/mm/unaccepted_memory.c new file mode 100644 index 000000000000..1df918b21469 --- /dev/null +++ b/arch/x86/mm/unaccepted_memory.c @@ -0,0 +1,61 @@ +// SPDX-License-Identifier: GPL-2.0-only +#include +#include +#include +#include + +#include +#include +#include + +/* Protects unaccepted memory bitmap */ +static DEFINE_SPINLOCK(unaccepted_memory_lock); + +void accept_memory(phys_addr_t start, phys_addr_t end) +{ + unsigned long range_start, range_end; + unsigned long *bitmap; + unsigned long flags; + + if (!boot_params.unaccepted_memory) + return; + + bitmap = __va(boot_params.unaccepted_memory); + range_start = start / PMD_SIZE; + + spin_lock_irqsave(&unaccepted_memory_lock, flags); + for_each_set_bitrange_from(range_start, range_end, bitmap, + DIV_ROUND_UP(end, PMD_SIZE)) { + unsigned long len = range_end - range_start; + + /* Platform-specific memory-acceptance call goes here */ + panic("Cannot accept memory: unknown platform\n"); + bitmap_clear(bitmap, range_start, len); + } + spin_unlock_irqrestore(&unaccepted_memory_lock, flags); +} + +bool range_contains_unaccepted_memory(phys_addr_t start, phys_addr_t end) +{ + unsigned long *bitmap; + unsigned long flags; + bool ret = false; + + if (!boot_params.unaccepted_memory) + return 0; + + bitmap = __va(boot_params.unaccepted_memory); + + spin_lock_irqsave(&unaccepted_memory_lock, flags); + while (start < end) { + if (test_bit(start / PMD_SIZE, bitmap)) { + ret = true; + break; + } + + start += PMD_SIZE; + } + spin_unlock_irqrestore(&unaccepted_memory_lock, flags); + + return ret; +} From patchwork Sun May 7 23:46:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 13233957 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E1CB8C7EE26 for ; Sun, 7 May 2023 23:46:54 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CD32E6B0089; Sun, 7 May 2023 19:46:49 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C363F6B008A; Sun, 7 May 2023 19:46:49 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9F3FD6B0092; Sun, 7 May 2023 19:46:49 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 82E336B008A for ; Sun, 7 May 2023 19:46:49 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 42C9412026D for ; Sun, 7 May 2023 23:46:49 +0000 (UTC) X-FDA: 80765096538.01.B76AE60 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by imf15.hostedemail.com (Postfix) with ESMTP id 178D8A0005 for ; Sun, 7 May 2023 23:46:46 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=eKUx+Pn0; spf=none (imf15.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 192.55.52.115) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1683503207; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=KoKwMAhZFAmJwxiMvcgiTAY8oHb4/KjGuOEPAN481k8=; b=TmySxyUawSMi7f1XMeCrufJXLYnsyXwz5LjTXfeqs5QOrex8sen1UeMXN1Pw77n47Wr2y0 4t8dCEn/1xRZbFtO3Rz2DVNgd4aM+uekwcL/82QUBn/nLieXZ8bBTQuFjN0mjwN1r67WV8 cNNHZzUKDsgz+SB60RnKLD4jMci5IDQ= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1683503207; a=rsa-sha256; cv=none; b=u+06PifXzSBkVk8jp1AmAVRyiqCxNlFUihOH40qzXgTZ6VWrE5sgyfwNaCXpN4YFd9P5Gk 7bPFCKJVC/EFhr6A42lfPSrk5vPfs77rExjMbNZyhEyDQAjJq8KX2k7lbpLn/9zAoi2E+W HoOBqHZK4vM6iaPvEd21Jn6odNt+eVQ= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=eKUx+Pn0; spf=none (imf15.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 192.55.52.115) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1683503207; x=1715039207; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=9TDbO3a4jRT5J+8rG9pcod0nyB+3DpMcKz9PP7HQwro=; b=eKUx+Pn09w8DHmmLtfJtGLJRpjowwmOQQ9OI1lkQTnJeUb/YBXTRfz4Y vrSps6Nf1ODtcOUe6wIsBJo7kLs2yIMINKcDCuO1UraflQ6IV02V94VoW nWPWrekzIvYPDDNeKtPv/aRU54LC2UVkN+2TOVnP7hlHXWRm9oC5P7/eu N+lv+vmK2r6m5NpTkA7iYS3a2eoKfZ7WvcxWcoqbO3S9CB6Ip2yEcGmeq z8FBsLnM9iNJgyvm5L94td1IRYZPVvoZOaQW3xt/c+eXv9VSRbGSMx88j sQYqddRpOghaPbpTd1nuJQbEu+maOazJGxh5DrOf1fraDzsv8xy3qyHjI Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="349550306" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="349550306" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 16:46:39 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="701222812" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="701222812" Received: from dancaspi-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.252.61.73]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 16:46:32 -0700 Received: by box.shutemov.name (Postfix, from userid 1000) id 5EDD010D349; Mon, 8 May 2023 02:46:20 +0300 (+03) From: "Kirill A. Shutemov" To: Borislav Petkov , Andy Lutomirski , Dave Hansen , Sean Christopherson , Andrew Morton , Joerg Roedel , Ard Biesheuvel Cc: Andi Kleen , Kuppuswamy Sathyanarayanan , David Rientjes , Vlastimil Babka , Tom Lendacky , Thomas Gleixner , Peter Zijlstra , Paolo Bonzini , Ingo Molnar , Dario Faggioli , Mike Rapoport , David Hildenbrand , Mel Gorman , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, aarcange@redhat.com, peterx@redhat.com, x86@kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" , Dave Hansen Subject: [PATCHv10 08/11] x86/mm: Avoid load_unaligned_zeropad() stepping into unaccepted memory Date: Mon, 8 May 2023 02:46:15 +0300 Message-Id: <20230507234618.18067-9-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20230507234618.18067-1-kirill.shutemov@linux.intel.com> References: <20230507234618.18067-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: 178D8A0005 X-Rspam-User: X-Rspamd-Server: rspam06 X-Stat-Signature: 5k64qmncacz5yticbjmixxthyh7kkhqc X-HE-Tag: 1683503206-496944 X-HE-Meta: U2FsdGVkX18RBY/voj128cnrozeWQwHquvAckWFZIn6P5sjD+GgVMqw3Y5dKV/rv//MX8ygLxGHpzm+WIPhqC8V0US7Q4ZemhZ2CqPYqP6AJPV1rxLL6SRzPz1r8B0glaeiL1QfefYgS6/Ce6PlslId4teGYAc6mRzVtRo96t9WKYz0WMYnAZ67bDAThp6ZIvfcp6GpJSnmWbFUtAJIntwcWCCTRUFq1vmJcLxoAogcHElS8SUpGjr60QGtfkMLFbaSr2OK+SkvqekfxddmPZRlSHWpCE0fjiH+ULrp3VP1BelG+N4iHrThYLL3GAvfxby4LxZSG04kHzzWn9Mwh+gOBFFfj6RykPHrtepTorX5QPslmyOhONnKCG5aJoITKqwRZDPBc0z2SWR47bJz3e9VoMLq01QlIauJTL1LG/yd4lPu29H7azug29Uu87TR+b8yKEq65J/CBrvMGIJb7Xjd2gqpYHOmNZlFX0BiJufGEe6rSL5gwZc09vOgrHGRxPp7Pq7kDOKpxLtlkCSy5sgqt92kEexeWAACRFhlWLnGZt6NWnqt+/BsUBTqJuAaQqWnYuEQuiNHKRIUPSzQCbN1AO91/YdABPJlru0hYlavEUesM+D32f/cELV2l0/Ga0Bzz2LzCLQ/uhjjMUncyS9CB/HvX2mnYg8F9yqmkWWEkbmLPJ7Ul9oXBDffyhT0eWcX0yvlQQ75LMVmWDzaMEvR5nGktVLg7GQ9dMziYBK6WABMNuVKXD4p2r9I4M2+q8xEgjpwaxEFP6xiTZnNmE7WLewhX71DlPh5DmSIYkeUhFBblvEbVwkYbT86EzxiCRj/TUnb8hA7p3ns425Pc0E10/ZYQ7+2LTbnkXdrMyqq1xcUU1wCzMJbOVrXUs1rYib/zVro8zJCkb5K9SRijHF3mdRk/YyFnOiArsOblAEz7fWMmSzJDUQkhRURZYlrlYze28sS9KVF2X0j4iyb ZjMi+0j9 QJ3VJAGUbKfwkT9eMu9XTpkjqXZDJkObVSEltvlH7CBSw51ji8XeTUIpqhxgivRuXPCPkQz26ZRhCPEDOqAEBjgsHNUESpjvIc7L422e9Ukn5hpsDJLEfhO4Z9vb/Sd3EVQrD8UnFZ8ZiPLfwcbQgA88igd+WyTb4f1Pi8jb5GctyE5ZKTp+/qOYTmswM71MGom0y X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: load_unaligned_zeropad() can lead to unwanted loads across page boundaries. The unwanted loads are typically harmless. But, they might be made to totally unrelated or even unmapped memory. load_unaligned_zeropad() relies on exception fixup (#PF, #GP and now #VE) to recover from these unwanted loads. But, this approach does not work for unaccepted memory. For TDX, a load from unaccepted memory will not lead to a recoverable exception within the guest. The guest will exit to the VMM where the only recourse is to terminate the guest. There are two parts to fix this issue and comprehensively avoid access to unaccepted memory. Together these ensure that an extra "guard" page is accepted in addition to the memory that needs to be used. 1. Implicitly extend the range_contains_unaccepted_memory(start, end) checks up to end+2M if 'end' is aligned on a 2M boundary. It may require checking 2M chunk beyond end of RAM. The bitmap allocation is modified to accommodate this. 2. Implicitly extend accept_memory(start, end) to end+2M if 'end' is aligned on a 2M boundary. Side note: This leads to something strange. Pages which were accepted at boot, marked by the firmware as accepted and will never _need_ to be accepted might be on unaccepted_pages list This is a cue to ensure that the next page is accepted before 'page' can be used. This is an actual, real-world problem which was discovered during TDX testing. Signed-off-by: Kirill A. Shutemov Reviewed-by: Dave Hansen --- arch/x86/mm/unaccepted_memory.c | 33 +++++++++++++++++++++++++ drivers/firmware/efi/libstub/x86-stub.c | 7 ++++++ 2 files changed, 40 insertions(+) diff --git a/arch/x86/mm/unaccepted_memory.c b/arch/x86/mm/unaccepted_memory.c index 1df918b21469..2f38059e5b08 100644 --- a/arch/x86/mm/unaccepted_memory.c +++ b/arch/x86/mm/unaccepted_memory.c @@ -23,6 +23,32 @@ void accept_memory(phys_addr_t start, phys_addr_t end) bitmap = __va(boot_params.unaccepted_memory); range_start = start / PMD_SIZE; + /* + * load_unaligned_zeropad() can lead to unwanted loads across page + * boundaries. The unwanted loads are typically harmless. But, they + * might be made to totally unrelated or even unmapped memory. + * load_unaligned_zeropad() relies on exception fixup (#PF, #GP and now + * #VE) to recover from these unwanted loads. + * + * But, this approach does not work for unaccepted memory. For TDX, a + * load from unaccepted memory will not lead to a recoverable exception + * within the guest. The guest will exit to the VMM where the only + * recourse is to terminate the guest. + * + * There are two parts to fix this issue and comprehensively avoid + * access to unaccepted memory. Together these ensure that an extra + * "guard" page is accepted in addition to the memory that needs to be + * used: + * + * 1. Implicitly extend the range_contains_unaccepted_memory(start, end) + * checks up to end+2M if 'end' is aligned on a 2M boundary. + * + * 2. Implicitly extend accept_memory(start, end) to end+2M if 'end' is + * aligned on a 2M boundary. (immediately following this comment) + */ + if (!(end % PMD_SIZE)) + end += PMD_SIZE; + spin_lock_irqsave(&unaccepted_memory_lock, flags); for_each_set_bitrange_from(range_start, range_end, bitmap, DIV_ROUND_UP(end, PMD_SIZE)) { @@ -46,6 +72,13 @@ bool range_contains_unaccepted_memory(phys_addr_t start, phys_addr_t end) bitmap = __va(boot_params.unaccepted_memory); + /* + * Also consider the unaccepted state of the *next* page. See fix #1 in + * the comment on load_unaligned_zeropad() in accept_memory(). + */ + if (!(end % PMD_SIZE)) + end += PMD_SIZE; + spin_lock_irqsave(&unaccepted_memory_lock, flags); while (start < end) { if (test_bit(start / PMD_SIZE, bitmap)) { diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index 1643ddbde249..1afe7b5b02e1 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -715,6 +715,13 @@ static efi_status_t allocate_unaccepted_bitmap(struct boot_params *params, return EFI_SUCCESS; } + /* + * range_contains_unaccepted_memory() may need to check one 2M chunk + * beyond the end of RAM to deal with load_unaligned_zeropad(). Make + * sure that the bitmap is large enough handle it. + */ + max_addr += PMD_SIZE; + /* * If unaccepted memory is present, allocate a bitmap to track what * memory has to be accepted before access. From patchwork Sun May 7 23:46:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 13233953 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6AE7BC7EE2D for ; Sun, 7 May 2023 23:46:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A89386B0082; Sun, 7 May 2023 19:46:46 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A14FB6B0085; Sun, 7 May 2023 19:46:46 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7A1EC6B0087; Sun, 7 May 2023 19:46:46 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 451706B0082 for ; Sun, 7 May 2023 19:46:46 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 266F11401DB for ; Sun, 7 May 2023 23:46:46 +0000 (UTC) X-FDA: 80765096412.09.B39A04E Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by imf17.hostedemail.com (Postfix) with ESMTP id 0672740004 for ; Sun, 7 May 2023 23:46:43 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=V3mbjWnQ; spf=none (imf17.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 134.134.136.126) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1683503204; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=cAZ5dclHmr3bPqqN6wlS/ms38HkegOt+k+1Qe8V3J/Y=; b=LPUCYnCLidRECPoua6pp7CBUDkwYVO735/O88diiQzRf9/4HZPA8r6yUaMV6ViMOy+tXms HsnOLriJ+MVfLE93SWlimypV8iz/KIshlE8J0jrKmClLpbhAIZNb5Re4771IG3+t+pyLfN MWqPPU/WfBtYNIuOTwo8SEWQr+CLvSc= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1683503204; a=rsa-sha256; cv=none; b=YeDYHUprWLza2VMpP0Fmqwkgq3hZBY9IfmqGFlTDKDHZK+k3cWoySbGQOfjP0/WpKW9t5S DlEqCnE7yLanqhAaEtir+A8TsiB88lbk3bWwYdilU+xgOgwbasi0ARrtc3octxzMcdxgKS +jo0n2HGvjtHE0QlWGg2rrSfm1uCwqQ= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=V3mbjWnQ; spf=none (imf17.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 134.134.136.126) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1683503204; x=1715039204; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Eu57mUO9ct2ICW4Etq/GrS2vGWKQMEDS8IVWtzUCpBo=; b=V3mbjWnQsFPnD6hyzO6hvE7EAAq171caU5UEUyP0fE29sKKdB7aTiuKI Zpii+lfNXDYt4YaLiVKXLQjABhW87D6P3a4sw/0ZBflwE3N46blTn4QEg a/yyrtIPhEAC3y2WK+xvbRjZ32qmocARtSc/L1HfD5ycojaZRQTdVLyMh HUQiJVZxfp94jNrAKQqyvmSbTMIdrgVSmoL/4qZilJxhBIlHDozraDpqK M8VbebHolfIrQnaQ8f+q6UBooWgfrN6iFoh+lbDJxPAU8g8/SE9QZ5xAq EFaqk22UQDsZzfvE6gLm8JfW8ZdOw6JmyuwKtEti7kYSRDgvIaoRSqR1k Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="333953576" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="333953576" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 16:46:41 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="675852973" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="675852973" Received: from dancaspi-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.252.61.73]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 16:46:33 -0700 Received: by box.shutemov.name (Postfix, from userid 1000) id 6ACA110D476; Mon, 8 May 2023 02:46:20 +0300 (+03) From: "Kirill A. Shutemov" To: Borislav Petkov , Andy Lutomirski , Dave Hansen , Sean Christopherson , Andrew Morton , Joerg Roedel , Ard Biesheuvel Cc: Andi Kleen , Kuppuswamy Sathyanarayanan , David Rientjes , Vlastimil Babka , Tom Lendacky , Thomas Gleixner , Peter Zijlstra , Paolo Bonzini , Ingo Molnar , Dario Faggioli , Mike Rapoport , David Hildenbrand , Mel Gorman , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, aarcange@redhat.com, peterx@redhat.com, x86@kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" , Dave Hansen Subject: [PATCHv10 09/11] x86/tdx: Make _tdx_hypercall() and __tdx_module_call() available in boot stub Date: Mon, 8 May 2023 02:46:16 +0300 Message-Id: <20230507234618.18067-10-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20230507234618.18067-1-kirill.shutemov@linux.intel.com> References: <20230507234618.18067-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: 0672740004 X-Rspam-User: X-Rspamd-Server: rspam06 X-Stat-Signature: 8ds4ewmcx75dspb11t5551pjzbi179ti X-HE-Tag: 1683503203-883625 X-HE-Meta: U2FsdGVkX1+macnuVUwnMQsjW4f1IZoOhxiJXbZ2A3YRQi+kcjNUYkpb4MPljcPoLbe7Xg0EfVZabZQ1n2MkrwYWcBdEZ1J/WI4l6QbIPsSnew22UeFud/ecgDymF7oeQIMpELD59J1v1P67QSqLaAm4Xdk8Da9a9P4wHGJG5ewAueusX19WZyEXM36d/nqDCKu1dMXAo1oNCLBYPUQJ6vh1a9ExdRB/YebGph0k4hq82a8Cvkl9VHl0JAGKyeCS1o2ojZxkGcf6rMhlNQA4BvEMYMoSRNLhj5nlbmuHOxFzpZy9kOo281t9BD9KyQ1hAA+sZiFUNMoRD50d5Yk7PXW6HKMhjgiD99dVgQi5Uz5TWMAppBQ3mzn57D3O+jEEAWGMgl8G4HS1yeyiKHUO0uHYSx6J8Z78888Jg2g3dJZXunewUZwNMpR2CdVfBm8xeiTikQsZzl0LjetX6BMWRyllmQj5TwK8OrYUa9bTekSX7ZQnBwojbAkgIL5dyCxtaYZYX8d9CJWcVuZ8YyZcJL8KXdKLtiNDrt8kd7wFOT+nctalg8LPg3QK4fzSpYrzVCAaUhdVqpjT1vsztl1edgueUolGhRksReAhyDmRAfa31QVmqvhNxBpraqjJwcnFA3wqhowOoPFh2E10Fbd+ClJqCNHeuGMgubyiEcn+Y2qeU8NS+GctMqcKNpuWj8rPSm03m62FOcvJ53TJsOlob0XYlKUV39EGVGeIbFzwFYEVXcleKjVGWZvEcyNNtI/clgFdWlpDu3y9aGgQiXcHntAbapLj9dhohzHNgfx3mq/3siIDOLk8QwS+3qXpsCIp66uJ1SJDJfnqA42neEMEhiq6P5mKcJB6P1LXQS8OrD5jGOw6+M5HNrQzuNJ+39wemSsSJhIaSNPHJfoYPvfj1EoW8460tdTEmCpZ7VXoUH0Oesr59wznnmet0rvBu0cPxVu9cKgK91YXme38fXw jkDIBRDg g1LKe4eikBbeHHM9WgYuiT9YFL30REjDDffMrYZKpRbRv8hFx+NnkeCee5PHJG34sPf4+OEDcOWsJnVtgxn5dhsYUR0uyHyOvzYDHUEYTXeCx76pax4MHk8c8yH1A0lmLN15xAJTCqspBbiONf0hF19I2N5GdeBklerHdfSkAvSh243mxy5JikePn8cbR13FkBBJJ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Memory acceptance requires a hypercall and one or multiple module calls. Make helpers for the calls available in boot stub. It has to accept memory where kernel image and initrd are placed. Signed-off-by: Kirill A. Shutemov Reviewed-by: Dave Hansen --- arch/x86/coco/tdx/tdx.c | 32 ------------------- arch/x86/include/asm/shared/tdx.h | 51 +++++++++++++++++++++++++++++++ arch/x86/include/asm/tdx.h | 19 ------------ 3 files changed, 51 insertions(+), 51 deletions(-) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index e146b599260f..e6f4c2758a68 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -14,20 +14,6 @@ #include #include -/* TDX module Call Leaf IDs */ -#define TDX_GET_INFO 1 -#define TDX_GET_VEINFO 3 -#define TDX_GET_REPORT 4 -#define TDX_ACCEPT_PAGE 6 -#define TDX_WR 8 - -/* TDCS fields. To be used by TDG.VM.WR and TDG.VM.RD module calls */ -#define TDCS_NOTIFY_ENABLES 0x9100000000000010 - -/* TDX hypercall Leaf IDs */ -#define TDVMCALL_MAP_GPA 0x10001 -#define TDVMCALL_REPORT_FATAL_ERROR 0x10003 - /* MMIO direction */ #define EPT_READ 0 #define EPT_WRITE 1 @@ -51,24 +37,6 @@ #define TDREPORT_SUBTYPE_0 0 -/* - * Wrapper for standard use of __tdx_hypercall with no output aside from - * return code. - */ -static inline u64 _tdx_hypercall(u64 fn, u64 r12, u64 r13, u64 r14, u64 r15) -{ - struct tdx_hypercall_args args = { - .r10 = TDX_HYPERCALL_STANDARD, - .r11 = fn, - .r12 = r12, - .r13 = r13, - .r14 = r14, - .r15 = r15, - }; - - return __tdx_hypercall(&args); -} - /* Called from __tdx_hypercall() for unrecoverable failure */ noinstr void __tdx_hypercall_failed(void) { diff --git a/arch/x86/include/asm/shared/tdx.h b/arch/x86/include/asm/shared/tdx.h index 2631e01f6e0f..1ff0ee822961 100644 --- a/arch/x86/include/asm/shared/tdx.h +++ b/arch/x86/include/asm/shared/tdx.h @@ -10,6 +10,20 @@ #define TDX_CPUID_LEAF_ID 0x21 #define TDX_IDENT "IntelTDX " +/* TDX module Call Leaf IDs */ +#define TDX_GET_INFO 1 +#define TDX_GET_VEINFO 3 +#define TDX_GET_REPORT 4 +#define TDX_ACCEPT_PAGE 6 +#define TDX_WR 8 + +/* TDCS fields. To be used by TDG.VM.WR and TDG.VM.RD module calls */ +#define TDCS_NOTIFY_ENABLES 0x9100000000000010 + +/* TDX hypercall Leaf IDs */ +#define TDVMCALL_MAP_GPA 0x10001 +#define TDVMCALL_REPORT_FATAL_ERROR 0x10003 + #ifndef __ASSEMBLY__ /* @@ -37,8 +51,45 @@ struct tdx_hypercall_args { u64 __tdx_hypercall(struct tdx_hypercall_args *args); u64 __tdx_hypercall_ret(struct tdx_hypercall_args *args); +/* + * Wrapper for standard use of __tdx_hypercall with no output aside from + * return code. + */ +static inline u64 _tdx_hypercall(u64 fn, u64 r12, u64 r13, u64 r14, u64 r15) +{ + struct tdx_hypercall_args args = { + .r10 = TDX_HYPERCALL_STANDARD, + .r11 = fn, + .r12 = r12, + .r13 = r13, + .r14 = r14, + .r15 = r15, + }; + + return __tdx_hypercall(&args); +} + + /* Called from __tdx_hypercall() for unrecoverable failure */ void __tdx_hypercall_failed(void); +/* + * Used in __tdx_module_call() to gather the output registers' values of the + * TDCALL instruction when requesting services from the TDX module. This is a + * software only structure and not part of the TDX module/VMM ABI + */ +struct tdx_module_output { + u64 rcx; + u64 rdx; + u64 r8; + u64 r9; + u64 r10; + u64 r11; +}; + +/* Used to communicate with the TDX module */ +u64 __tdx_module_call(u64 fn, u64 rcx, u64 rdx, u64 r8, u64 r9, + struct tdx_module_output *out); + #endif /* !__ASSEMBLY__ */ #endif /* _ASM_X86_SHARED_TDX_H */ diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index 28d889c9aa16..234197ec17e4 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -20,21 +20,6 @@ #ifndef __ASSEMBLY__ -/* - * Used to gather the output registers values of the TDCALL and SEAMCALL - * instructions when requesting services from the TDX module. - * - * This is a software only structure and not part of the TDX module/VMM ABI. - */ -struct tdx_module_output { - u64 rcx; - u64 rdx; - u64 r8; - u64 r9; - u64 r10; - u64 r11; -}; - /* * Used by the #VE exception handler to gather the #VE exception * info from the TDX module. This is a software only structure @@ -55,10 +40,6 @@ struct ve_info { void __init tdx_early_init(void); -/* Used to communicate with the TDX module */ -u64 __tdx_module_call(u64 fn, u64 rcx, u64 rdx, u64 r8, u64 r9, - struct tdx_module_output *out); - void tdx_get_ve_info(struct ve_info *ve); bool tdx_handle_virt_exception(struct pt_regs *regs, struct ve_info *ve); From patchwork Sun May 7 23:46:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 13233951 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6E2F0C7EE26 for ; Sun, 7 May 2023 23:46:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B4C226B0083; Sun, 7 May 2023 19:46:45 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AE01D6B0081; Sun, 7 May 2023 19:46:45 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7C8A56B0083; Sun, 7 May 2023 19:46:45 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 6E6406B0081 for ; Sun, 7 May 2023 19:46:45 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 45313140277 for ; Sun, 7 May 2023 23:46:45 +0000 (UTC) X-FDA: 80765096370.17.1F51D40 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by imf20.hostedemail.com (Postfix) with ESMTP id 2647F1C0004 for ; Sun, 7 May 2023 23:46:42 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=ZCllpkOK; spf=none (imf20.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 134.134.136.126) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1683503203; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=5QNweM8SAaqY0llbQtMpYPXKIrYhie9z8hDfHUvFa6Y=; b=a4TJ8tHDi/n+d4Pc91+Zl+NNpCj2js8TdlolvfUyTZXM/a1YJPs9yuxC9gFCkmGA+zAlL7 bLtNj/G8kLKENcyJiSdVcmZ5DhMvLxl2RaAyPAKjFvdzdwJAq/6UrYo5yzuNmyWEvevsA2 c87/aPyq7LsQUAVGYdFNWbX9HC+rtTc= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1683503203; a=rsa-sha256; cv=none; b=QEmPooui7yZ7VLbLprIFVHptXpGTxy9AMG55LN4Qdf1aN5nQMZD1G+C+7NsDUEiKfzzAfA NkZkxib49hC7tU/luvfVGHgC1lDi8ui2/LyUp3aoShwuZ1OHRE5BHMWA1+6VPYJtQxj2Hf Lntxy/gb6+nSYgdWy+hwrDB6+ZFYE0Q= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=ZCllpkOK; spf=none (imf20.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 134.134.136.126) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1683503203; x=1715039203; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ZRWbbgKJS3P7pe8ruC5AYEzSpFJMHJrlR+e2/skszlg=; b=ZCllpkOK2S8ivLaKT+AhNDFGIrNnUU0y5m0zZJ3xaHIIBi5izZJO0Brg GRqirZW0Y5Peu7QWLw34gGxu8iifLk7QYiX38MAvtgAyqEBwOztjEGgBX JE60kesuvncPkCZfAyR+XP//XZnhdJ7e7VutXgo4MQ3y6Xq/DCxjoBQEz K6ds+n4HA6/yjJ+35VxEdBVCo8xxsFkKNRiCa0duK+6qgeqlcy1bnyNad dR9XtiU6b4D3XdNvd9vANQhPmrPQAGV5D4FjuS40X74PZlBROQhrndqLZ daL6lM+yYPtsoIzBqz2eY06AVHSt1MtJ1E1EujrrOzbcsfAKoOsIqn3SX w==; X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="333953554" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="333953554" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 16:46:40 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="675852971" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="675852971" Received: from dancaspi-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.252.61.73]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 16:46:33 -0700 Received: by box.shutemov.name (Postfix, from userid 1000) id 76D6610D48D; Mon, 8 May 2023 02:46:20 +0300 (+03) From: "Kirill A. Shutemov" To: Borislav Petkov , Andy Lutomirski , Dave Hansen , Sean Christopherson , Andrew Morton , Joerg Roedel , Ard Biesheuvel Cc: Andi Kleen , Kuppuswamy Sathyanarayanan , David Rientjes , Vlastimil Babka , Tom Lendacky , Thomas Gleixner , Peter Zijlstra , Paolo Bonzini , Ingo Molnar , Dario Faggioli , Mike Rapoport , David Hildenbrand , Mel Gorman , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, aarcange@redhat.com, peterx@redhat.com, x86@kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" , Dave Hansen Subject: [PATCHv10 10/11] x86/tdx: Refactor try_accept_one() Date: Mon, 8 May 2023 02:46:17 +0300 Message-Id: <20230507234618.18067-11-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20230507234618.18067-1-kirill.shutemov@linux.intel.com> References: <20230507234618.18067-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 2647F1C0004 X-Stat-Signature: jy6cza9pb9hru51acqgygdh54cy7mijq X-Rspam-User: X-HE-Tag: 1683503202-764465 X-HE-Meta: U2FsdGVkX1+NTNtKQH7MQbwmz91c6/zq6LqNMzbJbfp28hTREvlokZqoIefcMdILdMVxUiOShFV3LRN/04n/Rhq073B/iva0S52SN3Y93/FDn/0KSVkBj+F6I4X+Sh9zjKA78qLlxn7bl/SA0LVHEoHR3GIisCjW/VyqtJbmobHrtRuqDMlAZct/7uFWe4dCreKeNaAIQoJjK0/tCLmnc3zCrDUDSsQhMtAQ4/b26uL3yw6QZL0V02LZhvt6E2UxcJPCVEaNV559ML0TKCLUGlsDWp8n7VAQ821dIW/4A7qBB6EjU9RsRKXfRT6RAlFCPPYg14vYIX7rUP0fJH8aNzFsscKBxEZ0N48kmKRw/PdSMLAr92GBzIJAdGUMwXf97DU/aPLYv0Mp07SiVqZE978N5Ebr2F7feZkPO0bu8KL6zoPVavC7508XfH7VGtbey6fFWAWjk/ZPYEeFEeM7o5KbpwMjS0DGKNxkHmWK+U03PIfjO5Rv+PPrUpkUsRxgE+fFZTsSbL/Hfl/vsPrbyKJA5G2E5gEpmA8J6DxP5HnsZ1qdPOPGs4XsVU6ViPn+ZSfBK5FKyjnLiu/5Hgpg698MsHdn9EYKc5t8CCEQrSxo3JigyDroW6hFsRusy1p1yWxAx6YfwSFtVnEuTvSiP3chdpETKlUOUE/Ve0nNhkgPJtPMlJF0Shsv2qR6llixU9iaR5WXn8fSnFMCOzXj1i3NayQQCmJkocu6sGLL8c3Zb5Fger+rgB99uffp38O4lZveKSj7+rJwsZlfPmWq9R9lR053XVOTixX4CB2QxVBtX5d4RurbRfjsRg9MKnKNpjRWD5wJl7v6Ylto+FI+dDMnPAvGHNDqIsCHeYqWIq0y1WyxgMLFrSIJCdzI4Q/KoalbEZFblJDGeixGekVawQRwfhQuh7jG04Wc/lrYc0A5k8Ts9MvAfR+InIwpSC1xGMaps9Fwd46xQL+J9eJ pPtCVRsJ VkkBCZLlk0VfGaOAezB0RlpSOmhKVYb2L3fHC9jg5Bgcl1z/qHOlRiuwOLzbw6Tp6T54aKqO8mpFSVcLq/4agI9/zidjKYjyT4PtdsJkGzq4nJ3GqsoZoaElBcEm1zNhRecu0AGJRA+EmGhCe0IyRheoiwuHRiwOWndjJKgDBc7XOinz0kSsYsO+NYQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Rework try_accept_one() to return accepted size instead of modifying 'start' inside the helper. It makes 'start' in-only argument and streamlines code on the caller side. Signed-off-by: Kirill A. Shutemov Suggested-by: Borislav Petkov Reviewed-by: Dave Hansen --- arch/x86/coco/tdx/tdx.c | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index e6f4c2758a68..0d5fe6e24e45 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -713,18 +713,18 @@ static bool tdx_cache_flush_required(void) return true; } -static bool try_accept_one(phys_addr_t *start, unsigned long len, - enum pg_level pg_level) +static unsigned long try_accept_one(phys_addr_t start, unsigned long len, + enum pg_level pg_level) { unsigned long accept_size = page_level_size(pg_level); u64 tdcall_rcx; u8 page_size; - if (!IS_ALIGNED(*start, accept_size)) - return false; + if (!IS_ALIGNED(start, accept_size)) + return 0; if (len < accept_size) - return false; + return 0; /* * Pass the page physical address to the TDX module to accept the @@ -743,15 +743,14 @@ static bool try_accept_one(phys_addr_t *start, unsigned long len, page_size = 2; break; default: - return false; + return 0; } - tdcall_rcx = *start | page_size; + tdcall_rcx = start | page_size; if (__tdx_module_call(TDX_ACCEPT_PAGE, tdcall_rcx, 0, 0, 0, NULL)) - return false; + return 0; - *start += accept_size; - return true; + return accept_size; } /* @@ -788,21 +787,22 @@ static bool tdx_enc_status_changed(unsigned long vaddr, int numpages, bool enc) */ while (start < end) { unsigned long len = end - start; + unsigned long accept_size; /* * Try larger accepts first. It gives chance to VMM to keep - * 1G/2M SEPT entries where possible and speeds up process by - * cutting number of hypercalls (if successful). + * 1G/2M Secure EPT entries where possible and speeds up + * process by cutting number of hypercalls (if successful). */ - if (try_accept_one(&start, len, PG_LEVEL_1G)) - continue; - - if (try_accept_one(&start, len, PG_LEVEL_2M)) - continue; - - if (!try_accept_one(&start, len, PG_LEVEL_4K)) + accept_size = try_accept_one(start, len, PG_LEVEL_1G); + if (!accept_size) + accept_size = try_accept_one(start, len, PG_LEVEL_2M); + if (!accept_size) + accept_size = try_accept_one(start, len, PG_LEVEL_4K); + if (!accept_size) return false; + start += accept_size; } return true; From patchwork Sun May 7 23:46:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 13233958 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45F18C7EE30 for ; Sun, 7 May 2023 23:46:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7F4596B008A; Sun, 7 May 2023 19:46:50 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 72D836B008C; Sun, 7 May 2023 19:46:50 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 420306B0092; Sun, 7 May 2023 19:46:50 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 272A26B008A for ; Sun, 7 May 2023 19:46:50 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id DE9F712026D for ; Sun, 7 May 2023 23:46:49 +0000 (UTC) X-FDA: 80765096538.26.EDC62BC Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by imf29.hostedemail.com (Postfix) with ESMTP id CFF25120002 for ; Sun, 7 May 2023 23:46:47 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=eZRwUJPY; spf=none (imf29.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 192.55.52.115) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1683503208; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=2YsV/DKAVXQOpXmJbc+TOdWN302hGXSAQIBnV3rtLVQ=; b=b5/1cWo8xfdY3wygH4IAjNadYr7oNwOvLn1+8oal1O3kOp54S7eY9xXO/zIgXXUICm1pCJ lzBOE161SxsD8u89S0liqBQXDqYcYRAQHY6tGgDn4Kq2itE7Sd2LeZaiHpK2KaHeC1sofx AA5xHJlNbCIdzUtqiy6euQEkDhFFhvc= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1683503208; a=rsa-sha256; cv=none; b=nwEdJUyK33UoHp+FLPf+ikICDBuVRNmASsyWSTQLC4l5fsPfBvGkwkAIL1D9vtfrWfznle 2p1vt5P6DC3JE83zygmRuJnDb8G9V/w9jQ4R5outCHApe/cL7VvvJ7bYuwAAASyMNryDkO j2DfzYs4CJZLcfNrnzN/99WKRaleDH4= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=eZRwUJPY; spf=none (imf29.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 192.55.52.115) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1683503207; x=1715039207; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=aZopMiOqySx7JndnTrSUPweowgUAMNn3NhckmECikp4=; b=eZRwUJPYk+1Km1lSN6haNvsxiGDGu0ZZglcrJvXLB22n7HnHWM13ErZd dWFC34iTSWCXL1BEFmuuZgFdHIu7hzVYocwrWZipqOkAUuNDA1bv4qrVi 6HYmMw+k+jIqg2X4hh9Nks7qpaPG2g8JiAuz3lfonRwKu4Kgfu7jS7a8v Fd/CPrmANtBj5CxwrtNUGzHYz7wzsd3nM81Zp8SVkPwB5GFHeuVYPy0ip iBn8E6TbvH2D544x46v28ZVKkdllYvEBgjrGuBXuFKzRUbOzm3qUzUUIF fjG7hQCTPvFF8TMjzT4ymEjTBlxVO9tUQJTlTVSdLnQG4PKcNFJubRh50 A==; X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="349550323" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="349550323" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 16:46:40 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="701222816" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="701222816" Received: from dancaspi-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.252.61.73]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 16:46:33 -0700 Received: by box.shutemov.name (Postfix, from userid 1000) id 833ED10D48E; Mon, 8 May 2023 02:46:20 +0300 (+03) From: "Kirill A. Shutemov" To: Borislav Petkov , Andy Lutomirski , Dave Hansen , Sean Christopherson , Andrew Morton , Joerg Roedel , Ard Biesheuvel Cc: Andi Kleen , Kuppuswamy Sathyanarayanan , David Rientjes , Vlastimil Babka , Tom Lendacky , Thomas Gleixner , Peter Zijlstra , Paolo Bonzini , Ingo Molnar , Dario Faggioli , Mike Rapoport , David Hildenbrand , Mel Gorman , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, aarcange@redhat.com, peterx@redhat.com, x86@kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv10 11/11] x86/tdx: Add unaccepted memory support Date: Mon, 8 May 2023 02:46:18 +0300 Message-Id: <20230507234618.18067-12-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20230507234618.18067-1-kirill.shutemov@linux.intel.com> References: <20230507234618.18067-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: CFF25120002 X-Rspam-User: X-Rspamd-Server: rspam06 X-Stat-Signature: 6hz9n51u836iwqqemhca78pf1kg6ycwt X-HE-Tag: 1683503207-180509 X-HE-Meta: U2FsdGVkX19IqDtN9BXaJQs5IhrEO0/Qc9LVhcXU5+lGTOfGsWc3Qjp2Lxe3JDZbIDT/OZwM12t78kjwMQsXtYdAhIIFLel3zrC/KduhWXwDI15oz9a08IgbinsOpdjs3gP8lwXuSJq4B2Shvgaj/ma34BsJg9MCRXSl8Vgr3pATSIkaetFcNKNPFzatDl2pP/obEGKxMAD9HspG61tjuqp4M9q2ZHr4GGlQaplKqxWoApSkFAR8NKxXEXefG0FZnL+sURh+oTcI0LonT0KKSNeFyVGUmkVSHC3DUYKLzfXTdg8+G1K3mHtoZABZymo/Bri3KcvpzB0dXrJQrZfD+8D1b6rbTJAjJ2v3Yqky+ZK9GQD8iut90164TyLRIOLar045SZh8zIJ/c+y4jQs9RaTcA+2EmEPE8NTE2IzONbZn+KaUS/eSkgpXNWDk68iLodkS7BWafhPFnrwf0aEBlizX39KfYU/B+tvI00RaQ7dklY2cs0PSDnrqb8NSYDN8Qf8ern7JHtXY1WrhPbY0nbaEeu4FiAnjgIjnCbOH4iKmAASQzMJgdwr3bjFyMS+m1W2EIZDsOLk9UOXe3XouN1RxzYEOOUJuRX/pkTOSkI0pDxaQhQ3gANqlYGFrph1Wj+d/XP6MOP2rN16yWmJSKc6jxhiW7XJSkrq2gafpQw0aJosQzqJQKYTpXpDdD33rFL7NbqdhejbhgP2ehfy7LhXZ85Cv4tgJBu6bMCGJUZlMv8rdvtYNOnnXrBVCnUIXOrqzYmNWg5rWOseEOl1X4AX7zqMCJnatNzaGSdVmqPqiOioD/Fcsk0eW8KMbq+JnXYxRaLA09e3q+Dz0QFO+pZJuLE0dwXbLV7U43xHl92gXD3ntqnNyFvG6/rwagWUpjS/r6FRil5vrT/rcYYy7CV+ZRpPzhvPNY9955IQM64TO6eb18HgDRd4ZzwGhUzvlsNZOSDYDT8fz4n+Rmvh yl0dfaCs M5amw63wa5Ly7Rf3xQcT0DYyPvHB6WCdNXvz/Wga3vWeAZ3byEJ61AsE00KKNoLRM9pOelDgfyVoAxZD3R/prSbTvRRCY2boTUYHTHStBIoSeLiPjdeMDQJeGs3Y1ltgDlVCg0BjE7g7H2Q9by2tJ8YJVamVNGixp+DxY0q/Bm48Y1tvBUVOGZfIle1iG0BZ/UYeFBI5+bmlqrkA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hookup TDX-specific code to accept memory. Accepting the memory is the same process as converting memory from shared to private: kernel notifies VMM with MAP_GPA hypercall and then accept pages with ACCEPT_PAGE module call. The implementation in core kernel uses tdx_enc_status_changed(). It already used for converting memory to shared and back for I/O transactions. Boot stub provides own implementation of tdx_accept_memory(). It is similar in structure to tdx_enc_status_changed(), but only cares about converting memory to private. Signed-off-by: Kirill A. Shutemov --- arch/x86/Kconfig | 2 + arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/error.c | 19 ++++++ arch/x86/boot/compressed/error.h | 1 + arch/x86/boot/compressed/mem.c | 33 +++++++++- arch/x86/boot/compressed/tdx-shared.c | 2 + arch/x86/boot/compressed/tdx.c | 39 +++++++++++ arch/x86/coco/tdx/Makefile | 2 +- arch/x86/coco/tdx/tdx-shared.c | 95 +++++++++++++++++++++++++++ arch/x86/coco/tdx/tdx.c | 86 +----------------------- arch/x86/include/asm/shared/tdx.h | 2 + arch/x86/include/asm/tdx.h | 2 + arch/x86/mm/unaccepted_memory.c | 9 ++- 13 files changed, 206 insertions(+), 88 deletions(-) create mode 100644 arch/x86/boot/compressed/tdx-shared.c create mode 100644 arch/x86/coco/tdx/tdx-shared.c diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 53bab123a8ee..5c72067c06d4 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -884,9 +884,11 @@ config INTEL_TDX_GUEST bool "Intel TDX (Trust Domain Extensions) - Guest Support" depends on X86_64 && CPU_SUP_INTEL depends on X86_X2APIC + depends on EFI_STUB select ARCH_HAS_CC_PLATFORM select X86_MEM_ENCRYPT select X86_MCE + select UNACCEPTED_MEMORY help Support running as a guest under Intel TDX. Without this support, the guest kernel can not boot or run under TDX. diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 74f7adee46ad..71d9f71c13eb 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -106,7 +106,7 @@ ifdef CONFIG_X86_64 endif vmlinux-objs-$(CONFIG_ACPI) += $(obj)/acpi.o -vmlinux-objs-$(CONFIG_INTEL_TDX_GUEST) += $(obj)/tdx.o $(obj)/tdcall.o +vmlinux-objs-$(CONFIG_INTEL_TDX_GUEST) += $(obj)/tdx.o $(obj)/tdx-shared.o $(obj)/tdcall.o vmlinux-objs-$(CONFIG_UNACCEPTED_MEMORY) += $(obj)/bitmap.o $(obj)/find.o $(obj)/mem.o vmlinux-objs-$(CONFIG_EFI) += $(obj)/efi.o diff --git a/arch/x86/boot/compressed/error.c b/arch/x86/boot/compressed/error.c index c881878e56d3..5313c5cb2b80 100644 --- a/arch/x86/boot/compressed/error.c +++ b/arch/x86/boot/compressed/error.c @@ -22,3 +22,22 @@ void error(char *m) while (1) asm("hlt"); } + +/* EFI libstub provides vsnprintf() */ +#ifdef CONFIG_EFI_STUB +void panic(const char *fmt, ...) +{ + static char buf[1024]; + va_list args; + int len; + + va_start(args, fmt); + len = vsnprintf(buf, sizeof(buf), fmt, args); + va_end(args); + + if (len && buf[len - 1] == '\n') + buf[len - 1] = '\0'; + + error(buf); +} +#endif diff --git a/arch/x86/boot/compressed/error.h b/arch/x86/boot/compressed/error.h index 1de5821184f1..86fe33b93715 100644 --- a/arch/x86/boot/compressed/error.h +++ b/arch/x86/boot/compressed/error.h @@ -6,5 +6,6 @@ void warn(char *m); void error(char *m) __noreturn; +void panic(const char *fmt, ...) __noreturn __cold; #endif /* BOOT_COMPRESSED_ERROR_H */ diff --git a/arch/x86/boot/compressed/mem.c b/arch/x86/boot/compressed/mem.c index de858a5180b6..e6b92e822ddd 100644 --- a/arch/x86/boot/compressed/mem.c +++ b/arch/x86/boot/compressed/mem.c @@ -5,6 +5,8 @@ #include "error.h" #include "find.h" #include "math.h" +#include "tdx.h" +#include #define PMD_SHIFT 21 #define PMD_SIZE (_AC(1, UL) << PMD_SHIFT) @@ -12,10 +14,39 @@ extern struct boot_params *boot_params; +/* + * accept_memory() and process_unaccepted_memory() called from EFI stub which + * runs before decompresser and its early_tdx_detect(). + * + * Enumerate TDX directly from the early users. + */ +static bool early_is_tdx_guest(void) +{ + static bool once; + static bool is_tdx; + + if (!IS_ENABLED(CONFIG_INTEL_TDX_GUEST)) + return false; + + if (!once) { + u32 eax, sig[3]; + + cpuid_count(TDX_CPUID_LEAF_ID, 0, &eax, + &sig[0], &sig[2], &sig[1]); + is_tdx = !memcmp(TDX_IDENT, sig, sizeof(sig)); + once = true; + } + + return is_tdx; +} + static inline void __accept_memory(phys_addr_t start, phys_addr_t end) { /* Platform-specific memory-acceptance call goes here */ - error("Cannot accept memory"); + if (early_is_tdx_guest()) + tdx_accept_memory(start, end); + else + error("Cannot accept memory: unknown platform\n"); } /* diff --git a/arch/x86/boot/compressed/tdx-shared.c b/arch/x86/boot/compressed/tdx-shared.c new file mode 100644 index 000000000000..5ac43762fe13 --- /dev/null +++ b/arch/x86/boot/compressed/tdx-shared.c @@ -0,0 +1,2 @@ +#include "error.h" +#include "../../coco/tdx/tdx-shared.c" diff --git a/arch/x86/boot/compressed/tdx.c b/arch/x86/boot/compressed/tdx.c index 2d81d3cc72a1..5cc4053f9df5 100644 --- a/arch/x86/boot/compressed/tdx.c +++ b/arch/x86/boot/compressed/tdx.c @@ -3,12 +3,17 @@ #include "../cpuflags.h" #include "../string.h" #include "../io.h" +#include "align.h" #include "error.h" +#include "pgtable_types.h" #include #include #include +#include + +static u64 cc_mask; /* Called from __tdx_hypercall() for unrecoverable failure */ void __tdx_hypercall_failed(void) @@ -16,6 +21,38 @@ void __tdx_hypercall_failed(void) error("TDVMCALL failed. TDX module bug?"); } +static u64 get_cc_mask(void) +{ + struct tdx_module_output out; + unsigned int gpa_width; + + /* + * TDINFO TDX module call is used to get the TD execution environment + * information like GPA width, number of available vcpus, debug mode + * information, etc. More details about the ABI can be found in TDX + * Guest-Host-Communication Interface (GHCI), section 2.4.2 TDCALL + * [TDG.VP.INFO]. + * + * The GPA width that comes out of this call is critical. TDX guests + * can not meaningfully run without it. + */ + if (__tdx_module_call(TDX_GET_INFO, 0, 0, 0, 0, &out)) + error("TDCALL GET_INFO failed (Buggy TDX module!)\n"); + + gpa_width = out.rcx & GENMASK(5, 0); + + /* + * The highest bit of a guest physical address is the "sharing" bit. + * Set it for shared pages and clear it for private pages. + */ + return BIT_ULL(gpa_width - 1); +} + +u64 cc_mkdec(u64 val) +{ + return val & ~cc_mask; +} + static inline unsigned int tdx_io_in(int size, u16 port) { struct tdx_hypercall_args args = { @@ -70,6 +107,8 @@ void early_tdx_detect(void) if (memcmp(TDX_IDENT, sig, sizeof(sig))) return; + cc_mask = get_cc_mask(); + /* Use hypercalls instead of I/O instructions */ pio_ops.f_inb = tdx_inb; pio_ops.f_outb = tdx_outb; diff --git a/arch/x86/coco/tdx/Makefile b/arch/x86/coco/tdx/Makefile index 46c55998557d..2c7dcbf1458b 100644 --- a/arch/x86/coco/tdx/Makefile +++ b/arch/x86/coco/tdx/Makefile @@ -1,3 +1,3 @@ # SPDX-License-Identifier: GPL-2.0 -obj-y += tdx.o tdcall.o +obj-y += tdx.o tdx-shared.o tdcall.o diff --git a/arch/x86/coco/tdx/tdx-shared.c b/arch/x86/coco/tdx/tdx-shared.c new file mode 100644 index 000000000000..ee74f7bbe806 --- /dev/null +++ b/arch/x86/coco/tdx/tdx-shared.c @@ -0,0 +1,95 @@ +#include +#include + +static unsigned long try_accept_one(phys_addr_t start, unsigned long len, + enum pg_level pg_level) +{ + unsigned long accept_size = page_level_size(pg_level); + u64 tdcall_rcx; + u8 page_size; + + if (!IS_ALIGNED(start, accept_size)) + return 0; + + if (len < accept_size) + return 0; + + /* + * Pass the page physical address to the TDX module to accept the + * pending, private page. + * + * Bits 2:0 of RCX encode page size: 0 - 4K, 1 - 2M, 2 - 1G. + */ + switch (pg_level) { + case PG_LEVEL_4K: + page_size = 0; + break; + case PG_LEVEL_2M: + page_size = 1; + break; + case PG_LEVEL_1G: + page_size = 2; + break; + default: + return 0; + } + + tdcall_rcx = start | page_size; + if (__tdx_module_call(TDX_ACCEPT_PAGE, tdcall_rcx, 0, 0, 0, NULL)) + return 0; + + return accept_size; +} + +bool tdx_enc_status_changed_phys(phys_addr_t start, phys_addr_t end, bool enc) +{ + if (!enc) { + /* Set the shared (decrypted) bits: */ + start |= cc_mkdec(0); + end |= cc_mkdec(0); + } + + /* + * Notify the VMM about page mapping conversion. More info about ABI + * can be found in TDX Guest-Host-Communication Interface (GHCI), + * section "TDG.VP.VMCALL" + */ + if (_tdx_hypercall(TDVMCALL_MAP_GPA, start, end - start, 0, 0)) + return false; + + /* private->shared conversion requires only MapGPA call */ + if (!enc) + return true; + + /* + * For shared->private conversion, accept the page using + * TDX_ACCEPT_PAGE TDX module call. + */ + while (start < end) { + unsigned long len = end - start; + unsigned long accept_size; + + /* + * Try larger accepts first. It gives chance to VMM to keep + * 1G/2M Secure EPT entries where possible and speeds up + * process by cutting number of hypercalls (if successful). + */ + + accept_size = try_accept_one(start, len, PG_LEVEL_1G); + if (!accept_size) + accept_size = try_accept_one(start, len, PG_LEVEL_2M); + if (!accept_size) + accept_size = try_accept_one(start, len, PG_LEVEL_4K); + if (!accept_size) + return false; + start += accept_size; + } + + return true; +} + +void tdx_accept_memory(phys_addr_t start, phys_addr_t end) +{ + if (!tdx_enc_status_changed_phys(start, end, true)) + panic("Accepting memory failed: %#llx-%#llx\n", start, end); +} diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 0d5fe6e24e45..32501277ef84 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -713,46 +713,6 @@ static bool tdx_cache_flush_required(void) return true; } -static unsigned long try_accept_one(phys_addr_t start, unsigned long len, - enum pg_level pg_level) -{ - unsigned long accept_size = page_level_size(pg_level); - u64 tdcall_rcx; - u8 page_size; - - if (!IS_ALIGNED(start, accept_size)) - return 0; - - if (len < accept_size) - return 0; - - /* - * Pass the page physical address to the TDX module to accept the - * pending, private page. - * - * Bits 2:0 of RCX encode page size: 0 - 4K, 1 - 2M, 2 - 1G. - */ - switch (pg_level) { - case PG_LEVEL_4K: - page_size = 0; - break; - case PG_LEVEL_2M: - page_size = 1; - break; - case PG_LEVEL_1G: - page_size = 2; - break; - default: - return 0; - } - - tdcall_rcx = start | page_size; - if (__tdx_module_call(TDX_ACCEPT_PAGE, tdcall_rcx, 0, 0, 0, NULL)) - return 0; - - return accept_size; -} - /* * Inform the VMM of the guest's intent for this physical page: shared with * the VMM or private to the guest. The VMM is expected to change its mapping @@ -761,51 +721,9 @@ static unsigned long try_accept_one(phys_addr_t start, unsigned long len, static bool tdx_enc_status_changed(unsigned long vaddr, int numpages, bool enc) { phys_addr_t start = __pa(vaddr); - phys_addr_t end = __pa(vaddr + numpages * PAGE_SIZE); + phys_addr_t end = __pa(vaddr + numpages * PAGE_SIZE); - if (!enc) { - /* Set the shared (decrypted) bits: */ - start |= cc_mkdec(0); - end |= cc_mkdec(0); - } - - /* - * Notify the VMM about page mapping conversion. More info about ABI - * can be found in TDX Guest-Host-Communication Interface (GHCI), - * section "TDG.VP.VMCALL" - */ - if (_tdx_hypercall(TDVMCALL_MAP_GPA, start, end - start, 0, 0)) - return false; - - /* private->shared conversion requires only MapGPA call */ - if (!enc) - return true; - - /* - * For shared->private conversion, accept the page using - * TDX_ACCEPT_PAGE TDX module call. - */ - while (start < end) { - unsigned long len = end - start; - unsigned long accept_size; - - /* - * Try larger accepts first. It gives chance to VMM to keep - * 1G/2M Secure EPT entries where possible and speeds up - * process by cutting number of hypercalls (if successful). - */ - - accept_size = try_accept_one(start, len, PG_LEVEL_1G); - if (!accept_size) - accept_size = try_accept_one(start, len, PG_LEVEL_2M); - if (!accept_size) - accept_size = try_accept_one(start, len, PG_LEVEL_4K); - if (!accept_size) - return false; - start += accept_size; - } - - return true; + return tdx_enc_status_changed_phys(start, end, enc); } void __init tdx_early_init(void) diff --git a/arch/x86/include/asm/shared/tdx.h b/arch/x86/include/asm/shared/tdx.h index 1ff0ee822961..95fbe7376694 100644 --- a/arch/x86/include/asm/shared/tdx.h +++ b/arch/x86/include/asm/shared/tdx.h @@ -91,5 +91,7 @@ struct tdx_module_output { u64 __tdx_module_call(u64 fn, u64 rcx, u64 rdx, u64 r8, u64 r9, struct tdx_module_output *out); +void tdx_accept_memory(phys_addr_t start, phys_addr_t end); + #endif /* !__ASSEMBLY__ */ #endif /* _ASM_X86_SHARED_TDX_H */ diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index 234197ec17e4..3a7340ad9a4b 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -50,6 +50,8 @@ bool tdx_early_handle_ve(struct pt_regs *regs); int tdx_mcall_get_report0(u8 *reportdata, u8 *tdreport); +bool tdx_enc_status_changed_phys(phys_addr_t start, phys_addr_t end, bool enc); + #else static inline void tdx_early_init(void) { }; diff --git a/arch/x86/mm/unaccepted_memory.c b/arch/x86/mm/unaccepted_memory.c index 2f38059e5b08..f61174d4c3cb 100644 --- a/arch/x86/mm/unaccepted_memory.c +++ b/arch/x86/mm/unaccepted_memory.c @@ -6,6 +6,7 @@ #include #include +#include #include /* Protects unaccepted memory bitmap */ @@ -55,7 +56,13 @@ void accept_memory(phys_addr_t start, phys_addr_t end) unsigned long len = range_end - range_start; /* Platform-specific memory-acceptance call goes here */ - panic("Cannot accept memory: unknown platform\n"); + if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) { + tdx_accept_memory(range_start * PMD_SIZE, + range_end * PMD_SIZE); + } else { + panic("Cannot accept memory: unknown platform\n"); + } + bitmap_clear(bitmap, range_start, len); } spin_unlock_irqrestore(&unaccepted_memory_lock, flags);