From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751668AbdHaVbs (ORCPT ); Thu, 31 Aug 2017 17:31:48 -0400 Received: from mx2.suse.de ([195.135.220.15]:35233 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750908AbdHaVbp (ORCPT ); Thu, 31 Aug 2017 17:31:45 -0400 Date: Thu, 31 Aug 2017 17:06:23 +0200 From: Borislav Petkov To: Brijesh Singh , Paolo Bonzini , Radim =?utf-8?B?S3LEjW3DocWZ?= Cc: linux-kernel@vger.kernel.org, x86@kernel.org, linux-efi@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, kvm@vger.kernel.org, Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , Andy Lutomirski , Tony Luck , Piotr Luc , Tom Lendacky , Fenghua Yu , Lu Baolu , Reza Arbab , David Howells , Matt Fleming , "Kirill A . Shutemov" , Laura Abbott , Ard Biesheuvel , Andrew Morton , Eric Biederman , Benjamin Herrenschmidt , Paul Mackerras , Konrad Rzeszutek Wilk , Jonathan Corbet , Dave Airlie , Kees Cook , Arnd Bergmann , Tejun Heo , Christoph Lameter Subject: Re: [RFC Part1 PATCH v3 17/17] X86/KVM: Clear encryption attribute when SEV is active Message-ID: <20170831150623.cljoy6rm72pn24wg@pd.tnic> References: <20170724190757.11278-1-brijesh.singh@amd.com> <20170724190757.11278-18-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20170724190757.11278-18-brijesh.singh@amd.com> User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 24, 2017 at 02:07:57PM -0500, Brijesh Singh wrote: > The guest physical memory area holding the struct pvclock_wall_clock and > struct pvclock_vcpu_time_info are shared with the hypervisor. Hypervisor > periodically updates the contents of the memory. When SEV is active, we > must clear the encryption attributes from the shared memory pages so that > both hypervisor and guest can access the data. > > Signed-off-by: Brijesh Singh > --- > arch/x86/entry/vdso/vma.c | 5 ++-- > arch/x86/kernel/kvmclock.c | 64 +++++++++++++++++++++++++++++++++++++++------- > 2 files changed, 58 insertions(+), 11 deletions(-) > > diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c > index 726355c..ff50251 100644 > --- a/arch/x86/entry/vdso/vma.c > +++ b/arch/x86/entry/vdso/vma.c > @@ -114,10 +114,11 @@ static int vvar_fault(const struct vm_special_mapping *sm, > struct pvclock_vsyscall_time_info *pvti = > pvclock_pvti_cpu0_va(); > if (pvti && vclock_was_used(VCLOCK_PVCLOCK)) { > - ret = vm_insert_pfn( > + ret = vm_insert_pfn_prot( > vma, > vmf->address, > - __pa(pvti) >> PAGE_SHIFT); > + __pa(pvti) >> PAGE_SHIFT, > + pgprot_decrypted(vma->vm_page_prot)); > } > } else if (sym_offset == image->sym_hvclock_page) { > struct ms_hyperv_tsc_page *tsc_pg = hv_get_tsc_page(); Yuck, that vvar_fault() function is one unreadable mess. > diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c > index d889676..f3a8101 100644 > --- a/arch/x86/kernel/kvmclock.c > +++ b/arch/x86/kernel/kvmclock.c > @@ -27,6 +27,7 @@ > #include > #include > > +#include > #include > #include > #include > @@ -45,7 +46,7 @@ early_param("no-kvmclock", parse_no_kvmclock); > > /* The hypervisor will put information about time periodically here */ > static struct pvclock_vsyscall_time_info *hv_clock; > -static struct pvclock_wall_clock wall_clock; > +static struct pvclock_wall_clock *wall_clock; > > struct pvclock_vsyscall_time_info *pvclock_pvti_cpu0_va(void) > { > @@ -64,15 +65,18 @@ static void kvm_get_wallclock(struct timespec *now) > int low, high; > int cpu; > > - low = (int)__pa_symbol(&wall_clock); > - high = ((u64)__pa_symbol(&wall_clock) >> 32); > + if (!wall_clock) > + return; Hmm, so if you return here, @now will remain unchanged so how is the caller to know that ->get_wallclock() failed? Maybe a WARN_ON_ONCE() at least...? Dunno, what's the policy in kvm if the kvmclock init fails? Paolo? Radim? Because it does say: printk(KERN_INFO "kvm-clock: Using msrs %x and %x", msr_kvm_system_time, msr_kvm_wall_clock); too early. We can error out later and users will still think it is using kvmclock ... Hmmm. -- Regards/Gruss, Boris. SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) -- From mboxrd@z Thu Jan 1 00:00:00 1970 From: Borislav Petkov Subject: Re: [RFC Part1 PATCH v3 17/17] X86/KVM: Clear encryption attribute when SEV is active Date: Thu, 31 Aug 2017 17:06:23 +0200 Message-ID: <20170831150623.cljoy6rm72pn24wg@pd.tnic> References: <20170724190757.11278-1-brijesh.singh@amd.com> <20170724190757.11278-18-brijesh.singh@amd.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Content-Disposition: inline In-Reply-To: <20170724190757.11278-18-brijesh.singh-5C7GfCeVMHo@public.gmane.org> Sender: linux-efi-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Brijesh Singh , Paolo Bonzini , Radim =?utf-8?B?S3LEjW3DocWZ?= Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org, linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linuxppc-dev-uLR06cmDAlY/bJ5BZ2RsiQ@public.gmane.org, kvm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , Andy Lutomirski , Tony Luck , Piotr Luc , Tom Lendacky , Fenghua Yu , Lu Baolu , Reza Arbab , David Howells , Matt Fleming , "Kirill A . Shutemov" , Laura Abbott , Ard Biesheuvel , Andrew Morton , Eric List-Id: linux-efi@vger.kernel.org On Mon, Jul 24, 2017 at 02:07:57PM -0500, Brijesh Singh wrote: > The guest physical memory area holding the struct pvclock_wall_clock and > struct pvclock_vcpu_time_info are shared with the hypervisor. Hypervisor > periodically updates the contents of the memory. When SEV is active, we > must clear the encryption attributes from the shared memory pages so that > both hypervisor and guest can access the data. > > Signed-off-by: Brijesh Singh > --- > arch/x86/entry/vdso/vma.c | 5 ++-- > arch/x86/kernel/kvmclock.c | 64 +++++++++++++++++++++++++++++++++++++++------- > 2 files changed, 58 insertions(+), 11 deletions(-) > > diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c > index 726355c..ff50251 100644 > --- a/arch/x86/entry/vdso/vma.c > +++ b/arch/x86/entry/vdso/vma.c > @@ -114,10 +114,11 @@ static int vvar_fault(const struct vm_special_mapping *sm, > struct pvclock_vsyscall_time_info *pvti = > pvclock_pvti_cpu0_va(); > if (pvti && vclock_was_used(VCLOCK_PVCLOCK)) { > - ret = vm_insert_pfn( > + ret = vm_insert_pfn_prot( > vma, > vmf->address, > - __pa(pvti) >> PAGE_SHIFT); > + __pa(pvti) >> PAGE_SHIFT, > + pgprot_decrypted(vma->vm_page_prot)); > } > } else if (sym_offset == image->sym_hvclock_page) { > struct ms_hyperv_tsc_page *tsc_pg = hv_get_tsc_page(); Yuck, that vvar_fault() function is one unreadable mess. > diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c > index d889676..f3a8101 100644 > --- a/arch/x86/kernel/kvmclock.c > +++ b/arch/x86/kernel/kvmclock.c > @@ -27,6 +27,7 @@ > #include > #include > > +#include > #include > #include > #include > @@ -45,7 +46,7 @@ early_param("no-kvmclock", parse_no_kvmclock); > > /* The hypervisor will put information about time periodically here */ > static struct pvclock_vsyscall_time_info *hv_clock; > -static struct pvclock_wall_clock wall_clock; > +static struct pvclock_wall_clock *wall_clock; > > struct pvclock_vsyscall_time_info *pvclock_pvti_cpu0_va(void) > { > @@ -64,15 +65,18 @@ static void kvm_get_wallclock(struct timespec *now) > int low, high; > int cpu; > > - low = (int)__pa_symbol(&wall_clock); > - high = ((u64)__pa_symbol(&wall_clock) >> 32); > + if (!wall_clock) > + return; Hmm, so if you return here, @now will remain unchanged so how is the caller to know that ->get_wallclock() failed? Maybe a WARN_ON_ONCE() at least...? Dunno, what's the policy in kvm if the kvmclock init fails? Paolo? Radim? Because it does say: printk(KERN_INFO "kvm-clock: Using msrs %x and %x", msr_kvm_system_time, msr_kvm_wall_clock); too early. We can error out later and users will still think it is using kvmclock ... Hmmm. -- Regards/Gruss, Boris. SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) -- From mboxrd@z Thu Jan 1 00:00:00 1970 From: Borislav Petkov Subject: Re: [RFC Part1 PATCH v3 17/17] X86/KVM: Clear encryption attribute when SEV is active Date: Thu, 31 Aug 2017 17:06:23 +0200 Message-ID: <20170831150623.cljoy6rm72pn24wg@pd.tnic> References: <20170724190757.11278-1-brijesh.singh@amd.com> <20170724190757.11278-18-brijesh.singh@amd.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org, linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linuxppc-dev-uLR06cmDAlY/bJ5BZ2RsiQ@public.gmane.org, kvm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , Andy Lutomirski , Tony Luck , Piotr Luc , Tom Lendacky , Fenghua Yu , Lu Baolu , Reza Arbab , David Howells , Matt Fleming , "Kirill A . Shutemov" , Laura Abbott , Ard Biesheuvel , Andrew Morton , Eric Biederma To: Brijesh Singh , Paolo Bonzini , Radim =?utf-8?B?S3LEjW3DocWZ?= Return-path: Content-Disposition: inline In-Reply-To: <20170724190757.11278-18-brijesh.singh-5C7GfCeVMHo@public.gmane.org> Sender: linux-efi-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-Id: kvm.vger.kernel.org On Mon, Jul 24, 2017 at 02:07:57PM -0500, Brijesh Singh wrote: > The guest physical memory area holding the struct pvclock_wall_clock and > struct pvclock_vcpu_time_info are shared with the hypervisor. Hypervisor > periodically updates the contents of the memory. When SEV is active, we > must clear the encryption attributes from the shared memory pages so that > both hypervisor and guest can access the data. > > Signed-off-by: Brijesh Singh > --- > arch/x86/entry/vdso/vma.c | 5 ++-- > arch/x86/kernel/kvmclock.c | 64 +++++++++++++++++++++++++++++++++++++++------- > 2 files changed, 58 insertions(+), 11 deletions(-) > > diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c > index 726355c..ff50251 100644 > --- a/arch/x86/entry/vdso/vma.c > +++ b/arch/x86/entry/vdso/vma.c > @@ -114,10 +114,11 @@ static int vvar_fault(const struct vm_special_mapping *sm, > struct pvclock_vsyscall_time_info *pvti = > pvclock_pvti_cpu0_va(); > if (pvti && vclock_was_used(VCLOCK_PVCLOCK)) { > - ret = vm_insert_pfn( > + ret = vm_insert_pfn_prot( > vma, > vmf->address, > - __pa(pvti) >> PAGE_SHIFT); > + __pa(pvti) >> PAGE_SHIFT, > + pgprot_decrypted(vma->vm_page_prot)); > } > } else if (sym_offset == image->sym_hvclock_page) { > struct ms_hyperv_tsc_page *tsc_pg = hv_get_tsc_page(); Yuck, that vvar_fault() function is one unreadable mess. > diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c > index d889676..f3a8101 100644 > --- a/arch/x86/kernel/kvmclock.c > +++ b/arch/x86/kernel/kvmclock.c > @@ -27,6 +27,7 @@ > #include > #include > > +#include > #include > #include > #include > @@ -45,7 +46,7 @@ early_param("no-kvmclock", parse_no_kvmclock); > > /* The hypervisor will put information about time periodically here */ > static struct pvclock_vsyscall_time_info *hv_clock; > -static struct pvclock_wall_clock wall_clock; > +static struct pvclock_wall_clock *wall_clock; > > struct pvclock_vsyscall_time_info *pvclock_pvti_cpu0_va(void) > { > @@ -64,15 +65,18 @@ static void kvm_get_wallclock(struct timespec *now) > int low, high; > int cpu; > > - low = (int)__pa_symbol(&wall_clock); > - high = ((u64)__pa_symbol(&wall_clock) >> 32); > + if (!wall_clock) > + return; Hmm, so if you return here, @now will remain unchanged so how is the caller to know that ->get_wallclock() failed? Maybe a WARN_ON_ONCE() at least...? Dunno, what's the policy in kvm if the kvmclock init fails? Paolo? Radim? Because it does say: printk(KERN_INFO "kvm-clock: Using msrs %x and %x", msr_kvm_system_time, msr_kvm_wall_clock); too early. We can error out later and users will still think it is using kvmclock ... Hmmm. -- Regards/Gruss, Boris. SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) --