From: Dave Hansen <dave.hansen@intel.com>
To: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Sean Christopherson <seanjc@google.com>,
Jim Mattson <jmattson@google.com>
Cc: David Rientjes <rientjes@google.com>,
"Edgecombe, Rick P" <rick.p.edgecombe@intel.com>,
"Kleen, Andi" <andi.kleen@intel.com>,
"Yamahata, Isaku" <isaku.yamahata@intel.com>,
Erdem Aktas <erdemaktas@google.com>,
Steve Rutherford <srutherford@google.com>,
Peter Gonda <pgonda@google.com>,
David Hildenbrand <david@redhat.com>,
x86@kernel.org, kvm@vger.kernel.org, linux-mm@kvack.org,
linux-kernel@vger.kernel.org
Subject: Re: [RFCv2 04/13] x86/kvm: Use bounce buffers for KVM memory protection
Date: Fri, 16 Apr 2021 09:21:33 -0700 [thread overview]
Message-ID: <2ea287f6-9e2f-1607-c9d6-8c985438f989@intel.com> (raw)
In-Reply-To: <20210416154106.23721-5-kirill.shutemov@linux.intel.com>
On 4/16/21 8:40 AM, Kirill A. Shutemov wrote:
> Mirror SEV, use SWIOTLB always if KVM memory protection is enabled.
...
> arch/x86/mm/mem_encrypt.c | 44 ---------------------------
> arch/x86/mm/mem_encrypt_common.c | 48 ++++++++++++++++++++++++++++++
The changelog need to at least mention what's going on here. It doesn't
prepare me at all for having code move around.
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index d197b3beb904..c51d14db5620 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -812,6 +812,7 @@ config KVM_GUEST
> select ARCH_CPUIDLE_HALTPOLL
> select X86_HV_CALLBACK_VECTOR
> select X86_MEM_ENCRYPT_COMMON
> + select SWIOTLB
> default y
> help
> This option enables various optimizations for running under the KVM
So, this feature is always compiled in with KVM. Could you say a couple
of things about that? Why did you decide not have a Kconfig option for it?
> diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h
> index 31c4df123aa0..a748b30c2f23 100644
> --- a/arch/x86/include/asm/mem_encrypt.h
> +++ b/arch/x86/include/asm/mem_encrypt.h
> @@ -47,10 +47,8 @@ int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size);
>
> void __init mem_encrypt_free_decrypted_mem(void);
>
> -/* Architecture __weak replacement functions */
> -void __init mem_encrypt_init(void);
> -
> void __init sev_es_init_vc_handling(void);
> +
> bool sme_active(void);
> bool sev_active(void);
> bool sev_es_active(void);
> @@ -91,6 +89,9 @@ static inline void mem_encrypt_free_decrypted_mem(void) { }
>
> #endif /* CONFIG_AMD_MEM_ENCRYPT */
>
> +/* Architecture __weak replacement functions */
> +void __init mem_encrypt_init(void);
FWIW, I'd rather have the code movement in separate patches from the
functional changes.
> /*
> * The __sme_pa() and __sme_pa_nodebug() macros are meant for use when
> * writing to or comparing values from the cr3 register. Having the
> diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
> index aed6034fcac1..ba179f5ca198 100644
> --- a/arch/x86/kernel/kvm.c
> +++ b/arch/x86/kernel/kvm.c
> @@ -26,6 +26,7 @@
> #include <linux/kprobes.h>
> #include <linux/nmi.h>
> #include <linux/swait.h>
> +#include <linux/swiotlb.h>
> #include <asm/timer.h>
> #include <asm/cpu.h>
> #include <asm/traps.h>
> @@ -765,6 +766,7 @@ static void __init kvm_init_platform(void)
> pr_info("KVM memory protection enabled\n");
> mem_protected = true;
> setup_force_cpu_cap(X86_FEATURE_KVM_MEM_PROTECTED);
> + swiotlb_force = SWIOTLB_FORCE;
> }
> }
>
> diff --git a/arch/x86/kernel/pci-swiotlb.c b/arch/x86/kernel/pci-swiotlb.c
> index c2cfa5e7c152..814060a6ceb0 100644
> --- a/arch/x86/kernel/pci-swiotlb.c
> +++ b/arch/x86/kernel/pci-swiotlb.c
> @@ -13,6 +13,7 @@
> #include <asm/dma.h>
> #include <asm/xen/swiotlb-xen.h>
> #include <asm/iommu_table.h>
> +#include <asm/kvm_para.h>
>
> int swiotlb __read_mostly;
>
> @@ -49,7 +50,7 @@ int __init pci_swiotlb_detect_4gb(void)
> * buffers are allocated and used for devices that do not support
> * the addressing range required for the encryption mask.
> */
> - if (sme_active())
> + if (sme_active() || kvm_mem_protected())
> swiotlb = 1;
>
> return swiotlb;
While I don't doubt you got it right, it would be nice to also explain
in the changelog why you manipulate both 'swiotlb_force' and 'swiotlb'.
> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
> index 9ca477b9b8ba..3478f20fb46f 100644
> --- a/arch/x86/mm/mem_encrypt.c
> +++ b/arch/x86/mm/mem_encrypt.c
> @@ -409,47 +409,3 @@ void __init mem_encrypt_free_decrypted_mem(void)
>
> free_init_pages("unused decrypted", vaddr, vaddr_end);
> }
> -
> -static void print_mem_encrypt_feature_info(void)
> -{
> - pr_info("AMD Memory Encryption Features active:");
> -
> - /* Secure Memory Encryption */
> - if (sme_active()) {
> - /*
> - * SME is mutually exclusive with any of the SEV
> - * features below.
> - */
> - pr_cont(" SME\n");
> - return;
> - }
> -
> - /* Secure Encrypted Virtualization */
> - if (sev_active())
> - pr_cont(" SEV");
> -
> - /* Encrypted Register State */
> - if (sev_es_active())
> - pr_cont(" SEV-ES");
> -
> - pr_cont("\n");
> -}
> -
> -/* Architecture __weak replacement functions */
> -void __init mem_encrypt_init(void)
> -{
> - if (!sme_me_mask)
> - return;
> -
> - /* Call into SWIOTLB to update the SWIOTLB DMA buffers */
> - swiotlb_update_mem_attributes();
> -
> - /*
> - * With SEV, we need to unroll the rep string I/O instructions.
> - */
> - if (sev_active())
> - static_branch_enable(&sev_enable_key);
> -
> - print_mem_encrypt_feature_info();
> -}
> -
> diff --git a/arch/x86/mm/mem_encrypt_common.c b/arch/x86/mm/mem_encrypt_common.c
> index 6bf0718bb72a..351b77361a5d 100644
> --- a/arch/x86/mm/mem_encrypt_common.c
> +++ b/arch/x86/mm/mem_encrypt_common.c
> @@ -11,6 +11,7 @@
> #include <linux/mem_encrypt.h>
> #include <linux/dma-direct.h>
> #include <asm/kvm_para.h>
> +#include <asm/mem_encrypt.h>
>
> /* Override for DMA direct allocation check - ARCH_HAS_FORCE_DMA_UNENCRYPTED */
> bool force_dma_unencrypted(struct device *dev)
> @@ -37,3 +38,50 @@ bool force_dma_unencrypted(struct device *dev)
>
> return false;
> }
> +
> +static void print_mem_encrypt_feature_info(void)
> +{
> + if (kvm_mem_protected()) {
> + pr_info("KVM memory protection enabled\n");
> + return;
> + }
I understand that they're touching similar areas of code, but I'm a bit
unnerved with memory protection being in all these "encryption"
functions and files.
I think some thoughtful renaming is in order.
> + pr_info("AMD Memory Encryption Features active:");
> +
> + /* Secure Memory Encryption */
> + if (sme_active()) {
> + /*
> + * SME is mutually exclusive with any of the SEV
> + * features below.
> + */
> + pr_cont(" SME\n");
> + return;
> + }
> +
> + /* Secure Encrypted Virtualization */
> + if (sev_active())
> + pr_cont(" SEV");
> +
> + /* Encrypted Register State */
> + if (sev_es_active())
> + pr_cont(" SEV-ES");
> +
> + pr_cont("\n");
> +}
This, for instance really shouldn't be in common code. It should be in
an AMD-specific area.
> +void __init mem_encrypt_init(void)
> +{
> + if (!sme_me_mask && !kvm_mem_protected())
> + return;
> +
> + /* Call into SWIOTLB to update the SWIOTLB DMA buffers */
> + swiotlb_update_mem_attributes();
> +
> + /*
> + * With SEV, we need to unroll the rep string I/O instructions.
> + */
> + if (sev_active())
> + static_branch_enable(&sev_enable_key);
> +
> + print_mem_encrypt_feature_info();
> +}
This function is called like this:
> /*
> * This needs to be called before any devices perform DMA
> * operations that might use the SWIOTLB bounce buffers. It will
> * mark the bounce buffers as decrypted so that their usage will
> * not cause "plain-text" data to be decrypted when accessed.
> */
> mem_encrypt_init();
So, maybe this should be x86_swiotlb_init() or something. Then, move
the print_mem_encrypt_feature_info() elsewhere, probably back out to
mem_init(). Maybe even just call it print_arch_mem_features() or something.
next prev parent reply other threads:[~2021-04-16 16:22 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-16 15:40 [RFCv2 00/13] TDX and guest memory unmapping Kirill A. Shutemov
2021-04-16 15:40 ` [RFCv2 01/13] x86/mm: Move force_dma_unencrypted() to common code Kirill A. Shutemov
2021-04-16 15:40 ` [RFCv2 02/13] x86/kvm: Introduce KVM memory protection feature Kirill A. Shutemov
2021-04-16 16:10 ` Borislav Petkov
2021-04-19 10:10 ` Kirill A. Shutemov
2021-04-16 15:40 ` [RFCv2 03/13] x86/kvm: Make DMA pages shared Kirill A. Shutemov
2021-04-16 15:40 ` [RFCv2 04/13] x86/kvm: Use bounce buffers for KVM memory protection Kirill A. Shutemov
2021-04-16 16:21 ` Dave Hansen [this message]
2021-04-16 15:40 ` [RFCv2 05/13] x86/kvmclock: Share hvclock memory with the host Kirill A. Shutemov
2021-04-16 15:40 ` [RFCv2 06/13] x86/realmode: Share trampoline area if KVM memory protection enabled Kirill A. Shutemov
2021-04-19 16:49 ` Dave Hansen
2021-04-16 15:41 ` [RFCv2 07/13] mm: Add hwpoison_entry_to_pfn() and hwpoison_entry_to_page() Kirill A. Shutemov
2021-04-16 15:41 ` [RFCv2 08/13] mm/gup: Add FOLL_ALLOW_POISONED Kirill A. Shutemov
2021-04-16 15:41 ` [RFCv2 09/13] shmem: Fail shmem_getpage_gfp() on poisoned pages Kirill A. Shutemov
2021-04-16 15:41 ` [RFCv2 10/13] mm: Keep page reference for hwpoison entries Kirill A. Shutemov
2021-04-16 15:41 ` [RFCv2 11/13] mm: Replace hwpoison entry with present PTE if page got unpoisoned Kirill A. Shutemov
2021-04-16 15:41 ` [RFCv2 12/13] KVM: passdown struct kvm to hva_to_pfn_slow() Kirill A. Shutemov
2021-04-16 15:41 ` [RFCv2 13/13] KVM: unmap guest memory using poisoned pages Kirill A. Shutemov
2021-04-16 17:30 ` Sean Christopherson
2021-04-19 11:32 ` Xiaoyao Li
2021-04-19 14:26 ` Kirill A. Shutemov
2021-04-19 16:01 ` Sean Christopherson
2021-04-19 16:40 ` Kirill A. Shutemov
2021-04-19 18:09 ` Sean Christopherson
2021-04-19 18:12 ` David Hildenbrand
2021-04-19 18:53 ` Kirill A. Shutemov
2021-04-19 20:09 ` Sean Christopherson
2021-04-19 22:57 ` Kirill A. Shutemov
2021-04-20 17:13 ` Sean Christopherson
2021-05-21 12:31 ` Kirill A. Shutemov
2021-05-26 19:46 ` Sean Christopherson
2021-05-31 20:07 ` Kirill A. Shutemov
2021-06-02 17:51 ` Sean Christopherson
2021-06-02 23:33 ` Kirill A. Shutemov
2021-06-03 19:46 ` Sean Christopherson
2021-06-04 14:29 ` Kirill A. Shutemov
2021-06-04 17:16 ` Andy Lutomirski
2021-06-04 17:54 ` Kirill A. Shutemov
2021-04-16 16:46 ` [RFCv2 00/13] TDX and guest memory unmapping Matthew Wilcox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2ea287f6-9e2f-1607-c9d6-8c985438f989@intel.com \
--to=dave.hansen@intel.com \
--cc=andi.kleen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=david@redhat.com \
--cc=erdemaktas@google.com \
--cc=isaku.yamahata@intel.com \
--cc=jmattson@google.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=peterz@infradead.org \
--cc=pgonda@google.com \
--cc=rick.p.edgecombe@intel.com \
--cc=rientjes@google.com \
--cc=seanjc@google.com \
--cc=srutherford@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.