From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751366AbdIOOtJ (ORCPT ); Fri, 15 Sep 2017 10:49:09 -0400 Received: from mail-by2nam01on0088.outbound.protection.outlook.com ([104.47.34.88]:11613 "EHLO NAM01-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751111AbdIOOtF (ORCPT ); Fri, 15 Sep 2017 10:49:05 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Cc: brijesh.singh@amd.com, Tom Lendacky , "H. Peter Anvin" , Arnd Bergmann , David Laight , "linux-kernel@vger.kernel.org" , "x86@kernel.org" , "linux-efi@vger.kernel.org" , "linuxppc-dev@lists.ozlabs.org" , "kvm@vger.kernel.org" , Fenghua Yu , Matt Fleming , David Howells , Paul Mackerras , Christoph Lameter , Jonathan Corbet , =?UTF-8?Q?Radim_Krcm=c3=a1r?= , Piotr Luc , Ingo Molnar , Dave Airlie , Kees Cook , Konrad Rzeszutek Wilk , Reza Arbab , Andy Lutomirski , Thomas Gleixner , Laura Abbott , Tony Luck , Ard.Biesheuvel@zytor.com Subject: Re: [RFC Part1 PATCH v3 13/17] x86/io: Unroll string I/O when SEV is active To: Borislav Petkov References: <20170724190757.11278-1-brijesh.singh@amd.com> <20170724190757.11278-14-brijesh.singh@amd.com> <063D6719AE5E284EB5DD2968C1650D6DD003FB85@AcuExch.aculab.com> <201707261927.v6QJR228008075@mail.zytor.com> <589d65a4-eb09-bae9-e8b4-a2d78ca6b509@amd.com> <20170822165248.rkbluikdgduu7ucy@pd.tnic> <20170915122430.pnroy6vsg53warel@pd.tnic> <95314c89-2620-8bb7-cbe8-cd9bc3adabb0@amd.com> <20170915143935.6vtfp5rtj5h324fi@pd.tnic> From: Brijesh Singh Message-ID: Date: Fri, 15 Sep 2017 09:48:53 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: <20170915143935.6vtfp5rtj5h324fi@pd.tnic> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM5PR10CA0003.namprd10.prod.outlook.com (10.172.33.13) To CY1PR12MB0152.namprd12.prod.outlook.com (10.161.173.22) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 83ba82f8-a8bd-42ca-5967-08d4fc48e614 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(48565401081)(300000503095)(300135400095)(2017052603199)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);SRVR:CY1PR12MB0152; X-Microsoft-Exchange-Diagnostics: 1;CY1PR12MB0152;3:FTHofcChdJU/5V9l/XEIwwIb6XClqFxeW+i5G6CjvJ5pq1Mnf+WvVCyRAK7v/OHt8jkdzY6M7glazSgIqvIKJkgX3tFzoVPv1eI89kSJX90wbsP7XHRsee2CvY7hbenkolTCcZbJcZHjY4AOByobOAHrXr4zsp4foxl1JTpBdik4fg8umGWm1bbfI8VnBHLsz5MxZukztp75YzYngUFfGqXdK5cj5ljn0N2PCqjAEghKte3yhPsB4l5yRvYb6FDp;25:HMBko8dnlJvSB+SNQ+kme2gOIIz3Qa9N2taa8NsVP5lKKDsigUDuVyJ6T/YP9h/71MSMLCpicdgI39R4XqyY8mxc/tIGrvqy1UtaOVot1o5pPxBMMfdDZkbmrjy9TAa2bpWKvAwfrqjEpUOjARX73lRQwTzRbQO+A6UtEwHkmtHerYwjdl8+QDzyqo0+085T4Ovbtw7xJhjsGFz8r0aTDZcMT+H0JgSRWmkyZiHd3/OUHkRFGFjAmK9V/ohdYCNFAK2xoxZqRtsMEqHiRlbtx4L1IO+jaQ9eaEoP9nSSkHi4NDWyi5wzHiuKqsMEKHJIqxM7oGxmZfoVEvjpp4YKlA==;31:X9H2FjhXh+L2IjAClhXjHnni6o0HPm9w1DLtpfkj7ayGUvdqyK2Zp4J5tm5rtSWHFpXJn0NNFw4O+qTR7ZIy5lvIzeeMfwm5EB6m53SLIKLgYQgfvt/p6QFGKZXaIBuql4JiJsHEw4HDqpJnG4oVU8ZrovlthLO1ldXFgjwVAXonaTO+nja0ADfR1poFQw5fYYouUthNCyyNm1eo9HHTwhWTmN3sOiB4PSQqoM/+XTg= X-MS-TrafficTypeDiagnostic: CY1PR12MB0152: X-Microsoft-Exchange-Diagnostics: 1;CY1PR12MB0152;20:JqEB3onYSYPCBm3O9Zo2R/h8XlLvouLSCwlb4zUwG95GPMODP5FTtlEgbWJEW6qAOA4Pl6zMX2EIGDNDei5ePMUY9LlL/HWVmK/1CvitXiJmvftvMlrlekYeBCfKx3vkwpzI0kLF4yXmTR/VtnhG+I2aqH1acBQ7tK/qgZhBaWjOziG9AcHpMAzTshv1doiSJ9vyWrj0fRIMz8SHg74mBUYeayGTJktN+vRjMLjzGGY+Pj2KBq5fi1YjKKItjqilAZmEcdkAfoP3We4T2BxxMRc2NOvq//35ttB028gSJXQKR9HW9PvRm1NDcFpxk1o1JZfw8u6Q2jjeJMY3pUH0LJa96JkNoVdmU90C/zgB5Zb1XDIq5vdjC1ygCkZ6a9XFLySzgxVLsZTHgOF2gxg/l983EjIn5a2dUoYznzJF7UBLba5L78AR/f64vVzeDbD+/AXhewcfM6mqAdOX2x7LSZnXiQM3/w6cj1dsGk5yrU95uqNMQghnD3ZPIi4WosVR;4:FuscRa0ifxnwFunVIna3VKDLf6LMHqFwwbAACS/O4P7MRzh+95lt5QkmsYSMtScJc4oCHbuP1WMkIwvuTt0bdwhDV+yKrCkeOgcXrQdhdDybUhC7f8cP+ZFsZkRsrndzZDKUe4wsAH2rA8hPf2HIViWxu7gDoEyS4o/yashvkgU18j35zGX/K4beOw7wfKe1bp4Nut+S6jKZ3WEaHixLmWBvIRXwYVSepokHtuD5/WolCU0lrojijQhkuwBbzl4c X-Exchange-Antispam-Report-Test: UriScan:; X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(100000703101)(100105400095)(6055026)(6041248)(20161123555025)(20161123564025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:CY1PR12MB0152;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:CY1PR12MB0152; X-Forefront-PRVS: 0431F981D8 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6009001)(6049001)(376002)(39860400002)(346002)(24454002)(377454003)(199003)(189002)(23676002)(50986999)(105586002)(6246003)(33646002)(25786009)(106356001)(6116002)(3846002)(68736007)(110136004)(54356999)(4326008)(189998001)(76176999)(53546010)(65806001)(36756003)(8936002)(66066001)(2950100002)(47776003)(101416001)(6916009)(50466002)(8676002)(58126008)(7416002)(81166006)(81156014)(65826007)(6666003)(90366009)(229853002)(6486002)(65956001)(97736004)(77096006)(5660300001)(83506001)(2906002)(305945005)(7736002)(230700001)(86362001)(478600001)(93886005)(54906002)(31696002)(64126003)(31686004)(316002)(16576012)(16526017)(53936002);DIR:OUT;SFP:1101;SCL:1;SRVR:CY1PR12MB0152;H:[10.236.136.62];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTFQUjEyTUIwMTUyOzIzOlYwdVJKZlNCaDU5UnRMa1p0SEl0L0JjbFds?= =?utf-8?B?TEpxK1UxMVoxVlRmTTNxdkQ2bHVEaGFPN2FWa1lrYzNqdzhCNDlXTU9hUXhx?= =?utf-8?B?N2VBdFI5VHQzK0tOaFE2d0JQTGU4a3VrMCtWRERqVUpmRjg5Y1Z6OUdOQ01O?= =?utf-8?B?QWx1K1ZIWldqd084MDk4Vk93dlMzT0s3WENDbUhRcnZpeDFaa1BhN3hJRVFG?= =?utf-8?B?QVBiamZEeEtGRVJ6WThrNC94R0tCd2RUQkRrV01QYlcwMnBlbzVJRUJabXZX?= =?utf-8?B?MVVoMkFGZjMyKy9uSkdPeFRkMng3VUwxWmJxUUNrUE0yNWFyV090TVJrWFZM?= =?utf-8?B?NVBHZ2FHTnpkWk8xaTVvVDc4MGc3djdQYmtQWndQajF3RVcwUitGWlI2dkhV?= =?utf-8?B?di9MTGt4Sjd2TjkvYnQxcTNxYlBJbXA0KzRPdjZwV09MWmNPVHA1OGZieERQ?= =?utf-8?B?TzFmN2N5YUlIVEVEak1SNUF2VExZam94aFJ5OUVvbmhOUGIxYlZVaC9IU3Yy?= =?utf-8?B?SkU2c1RjeXVkL3g2MnVpMXNKTXVrQ2ZaZDZwd2kzYmo5OGdjTTI2K1k3MjF3?= =?utf-8?B?SGJyQzl3YXNWQVNqajRwQnBaY3JGV1FEekFqRS83K1A3cUtYcUJ1UG8rQTNG?= =?utf-8?B?SEswUkh2RER6UjhFeTZJc3Bjd2dtVDgzeDg1K2g3TXZsSlhhZHFMdjRXeFRn?= =?utf-8?B?NFBGamdSMVllUGZiRExGV2liOWlCNjhCN2krejY3cGJzV1k2a29oR0V6dDZI?= =?utf-8?B?SjRZSW5sby9qcjFsc3RqYm9VaGpSelRQb0FZUnJGQ3lFOElEMk12UmsyYkZy?= =?utf-8?B?TjZCc1hUS2ZqcDgzd2xSQXdFRGxBNlBpMjdVa1V4eXVSTWRwTE8vQVMvMFlY?= =?utf-8?B?a1V6WUdIT2Z6UVUvTXFRckpLbTF2eHI4dDVxcVJzajU5SVQ1Z2tPSklFQ0tY?= =?utf-8?B?YUF3QUpTOGo0U0Q3TTd4NkNoTzIwdFZnMTNKU0N1U2tSNmxZcG53L0QyQVFs?= =?utf-8?B?SjFDd2pSRVNxZ3NtaGhGVnU1YW4weGlWeWRQTFZNbk9kRHFDQkJONUVvd01v?= =?utf-8?B?ZDU1Vk1jcFlGN2ZSTjh1S0hTa0w2ZllWVFNOY1RjVmJmbVJ6YmF2Z3dNd3p6?= =?utf-8?B?T1NhaDRLdlJUVnlRWGNPejhOUUk1N2Jwd1Z5SnBrL2I1Smgyc0pnQkFUUXdG?= =?utf-8?B?RkpIZnRYQlNWTmlaT1U0bzdYMCtRZVRiL3FDcm5DaS9kNmlFKytudlJETEdB?= =?utf-8?B?Vm5tQzdRNFB1UWVWSGZibkFDSWhVcWM2bkQySlFUVmRrUHRJOXcwdEVyemFL?= =?utf-8?B?d0JVamZnT3RnSlRzNmdzMGFNakFKZy8yTHJqc3g3QzJwbnc3ZHNadHZZU2gx?= =?utf-8?B?TjJpOFZXQ2FlQ3lSWitsSEc0YSsyQUtOOXFXQ3FLOUxkdXRtVXIvcUlZUjRj?= =?utf-8?B?QnozVXdJUVFJTVAraWtBc2V0M1lheFAzTis1OHRnbnphL3JKbC92ZDlvTWZL?= =?utf-8?B?dVFRS2M3K3d6L21iaHJxWVBLYldVQ2tTQi9pT2owQjRpSlpCS0dRcXZmcVZ6?= =?utf-8?B?Y2ozVmF3UVRxY2JnYmRYRS8xcXFFUFRPK2pHd0JIUDY1VDN5cXZJa0R3RUpP?= =?utf-8?B?VHRuOVUxRG5sUkJiVEhmbXdEbWQyTEZOYmU3ZHNueS8vN3BWMUFXZ21FdjIw?= =?utf-8?B?RjZUeWF2am8wVU1jcWdrVC9KRnZxeWlBNTlDUjd0bElmT3dWVDJtWEJ6bFVJ?= =?utf-8?B?aVIxS2cyaWlqNGI2dk5Yd2hvanl3VEYvYk9mcVROY1JGOVhCYXVyY25kME52?= =?utf-8?B?Skh5cWRkWUxOT2FWb2k5NS9hby9KWDhoWlYzV2pHYkdXQWZwK25LMGlLQ2Ez?= =?utf-8?B?YjNQM0JzS2RnK2JUaUZpUHcydmFiV1JFTHJ1WGlGNjlRZUthbk5Kdng4N0pP?= =?utf-8?B?dEQzTGVNdGltNlBYdE9qTkJPWkpWR0tuR3R6ZjBzNzhXM0ptMG1USFNSZmdZ?= =?utf-8?Q?7Efzs5?= X-Microsoft-Exchange-Diagnostics: 1;CY1PR12MB0152;6:29fVQpOS6bft3tVKwaCPzoZs/lJ87lOfgl1A0+XvIc3DOAT60mOml+DnnZlTBrgaTi3CFLSoSatYCvjPq7nTmsWayFliqUJSGJc8rbou+l32v1sNEqKpjy1xR+YZuCiwYkK87lhOtHvdzGOnSMoD8VzNVanW0wiIVWytJkv8RFDlH/+BFF7nQNtuyrixjItWX2aKwM2mdWXS+QmjoTotw3xD9MxUKeC0/JQEfch6WAYwqO41llwFpPmyPorW2bpzjOHnR8RF/SRNFnibJW4CSZhjL9mzW4MoPNPnXTD+19ZP/aM0eH8GCn0p8wi6UnB8VVppqOVvcZc8Q2b50AWdtA==;5:z8atdVpv0GybRYkZpU5zhQ9OBpgpPLTDTXm3k4WGcnSw695cB+BPf2tJHKENpq4ZvpXGXtzxQDgaY8KQoOIrKmEcPMiaOafaDweqKHfM9RYicjDEi44ufHzC2q2d6b/Mg5GaF5IUaRvcK88rU2WrXg==;24:h60S3IfHzwuWBF/aiwXwkpxqqSwqow/SdgmsMw/4e0HB0JUOpMSegUOGCXHBLIUOSuP9ZDM4YSrcb4mMVbcsMbi3/0D6WLClnZeLMmYXcSw=;7:OVa3TTJbyXnwrbFSBUtxWg65m/qoLz37UDbFoc9ooHHWUEUjMFIL4F+1Y5Du/RGumxV1Gg3XVEuZ32350kyw0GcsFIlVeW2yyDNyaozHCAKxi2zig9cSSl+e3a5NXUzQDeDwAVExNen/D46aD0nlncGoX6ghZJycmmb03QNS7c7Iv2LDY0BEmg4GVaFaWzW/vtBb/NyNOYRydoK1cb3IVayqAK05N1X+5GY/NkdVlyM= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;CY1PR12MB0152;20:4VkJJmcrdtXepbWOABWtoenhifU+6PrVmkxhPcEQx5H9TKIqh9Ycn/6slkliXA6WiQj5zhIX3arZQBDE1pvaCN2iCCFAKYXHQy/sQf5duxgWt0IY1VrHMIjAZUBvC5EDtGtOsoCmhS0Ut0NRm2KwFEcjeFCUQc5gDBJ7KSCVlzXS0wQL25MU9hpRtKUzeMciXjpHuACaTdfa0LvhcaPCZ2hV22yPJqR+xdxJ4EEpGNPbA6DZNXI/XVHjFU8AyPgh X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Sep 2017 14:48:57.6676 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB0152 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 09/15/2017 09:40 AM, Borislav Petkov wrote: > I need to figure out the include hell first. I am working with slightly newer patch sets -- in that patch Tom has moved the sev_active() definition in arch/x86/mm/mem_encrypt.c and I have no issue using your recommended (since I no longer need the include path changes). But in my quick run I did found a runtime issue, it seems enabling the static key in sme_enable is too early. Guest reboots as soon as it tries to enable the key. I see the similar issue with non SEV guest with my simple patch below. Guest will reboot as soon as it tries to enable the key. --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -40,6 +40,8 @@ pmdval_t early_pmd_flags = __PAGE_KERNEL_LARGE & ~(_PAGE_GLOBAL | _PAGE_NX); #define __head __section(.head.text) +DEFINE_STATIC_KEY_FALSE(__testme); + static void __head *fixup_pointer(void *ptr, unsigned long physaddr) { return ptr - (void *)_text + (void *)physaddr; @@ -71,6 +73,8 @@ unsigned long __head __startup_64(unsigned long physaddr, if (load_delta & ~PMD_PAGE_MASK) for (;;); + static_branch_enable(&__testme); + /* Activate Secure Memory Encryption (SME) if supported and enabled */ sme_enable(bp); From mboxrd@z Thu Jan 1 00:00:00 1970 From: Brijesh Singh Subject: Re: [RFC Part1 PATCH v3 13/17] x86/io: Unroll string I/O when SEV is active Date: Fri, 15 Sep 2017 09:48:53 -0500 Message-ID: References: <20170724190757.11278-1-brijesh.singh@amd.com> <20170724190757.11278-14-brijesh.singh@amd.com> <063D6719AE5E284EB5DD2968C1650D6DD003FB85@AcuExch.aculab.com> <201707261927.v6QJR228008075@mail.zytor.com> <589d65a4-eb09-bae9-e8b4-a2d78ca6b509@amd.com> <20170822165248.rkbluikdgduu7ucy@pd.tnic> <20170915122430.pnroy6vsg53warel@pd.tnic> <95314c89-2620-8bb7-cbe8-cd9bc3adabb0@amd.com> <20170915143935.6vtfp5rtj5h324fi@pd.tnic> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20170915143935.6vtfp5rtj5h324fi@pd.tnic> Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org To: Borislav Petkov Cc: brijesh.singh@amd.com, Tom Lendacky , "H. Peter Anvin" , Arnd Bergmann , David Laight , "linux-kernel@vger.kernel.org" , "x86@kernel.org" , "linux-efi@vger.kernel.org" , "linuxppc-dev@lists.ozlabs.org" , "kvm@vger.kernel.org" , Fenghua Yu , Matt Fleming , David Howells , Paul Mackerras , Christoph Lameter , Jonathan Corbet , =?UTF-8?Q?Radim_Krcm=c3=a1r?= , Piotr Luc , Ingo Molnar List-Id: linux-efi@vger.kernel.org On 09/15/2017 09:40 AM, Borislav Petkov wrote: > I need to figure out the include hell first. I am working with slightly newer patch sets -- in that patch Tom has moved the sev_active() definition in arch/x86/mm/mem_encrypt.c and I have no issue using your recommended (since I no longer need the include path changes). But in my quick run I did found a runtime issue, it seems enabling the static key in sme_enable is too early. Guest reboots as soon as it tries to enable the key. I see the similar issue with non SEV guest with my simple patch below. Guest will reboot as soon as it tries to enable the key. --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -40,6 +40,8 @@ pmdval_t early_pmd_flags = __PAGE_KERNEL_LARGE & ~(_PAGE_GLOBAL | _PAGE_NX); #define __head __section(.head.text) +DEFINE_STATIC_KEY_FALSE(__testme); + static void __head *fixup_pointer(void *ptr, unsigned long physaddr) { return ptr - (void *)_text + (void *)physaddr; @@ -71,6 +73,8 @@ unsigned long __head __startup_64(unsigned long physaddr, if (load_delta & ~PMD_PAGE_MASK) for (;;); + static_branch_enable(&__testme); + /* Activate Secure Memory Encryption (SME) if supported and enabled */ sme_enable(bp);