From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755324AbdGXUL3 (ORCPT ); Mon, 24 Jul 2017 16:11:29 -0400 Received: from mail-by2nam01on0058.outbound.protection.outlook.com ([104.47.34.58]:44256 "EHLO NAM01-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753530AbdGXUIS (ORCPT ); Mon, 24 Jul 2017 16:08:18 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: linux-kernel@vger.kernel.org, x86@kernel.org, kvm@vger.kernel.org Cc: Thomas Gleixner , Borislav Petkov , Joerg Roedel , "Michael S . Tsirkin" , Paolo Bonzini , =?UTF-8?q?=5C=22Radim=20Kr=C4=8Dm=C3=A1=C5=99=5C=22?= , Tom Lendacky , Brijesh Singh Subject: [RFC Part2 PATCH v3 22/26] KVM: SVM: Pin guest memory when SEV is active Date: Mon, 24 Jul 2017 15:02:59 -0500 Message-Id: <20170724200303.12197-23-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.4 In-Reply-To: <20170724200303.12197-1-brijesh.singh@amd.com> References: <20170724200303.12197-1-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: DM3PR12CA0049.namprd12.prod.outlook.com (10.161.151.17) To BY2PR12MB0145.namprd12.prod.outlook.com (10.162.82.18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 1a0de691-9a66-4650-9ae2-08d4d2cf1942 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(48565401081)(300000503095)(300135400095)(201703131423075)(201703031133081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);SRVR:BY2PR12MB0145; X-Microsoft-Exchange-Diagnostics: 1;BY2PR12MB0145;3:dnDFr/BJ1+NnPF2oFpuawCaSly5IAhV8ZbxuMfjK2Oxtt6WshDhVYNT0gK9yDucL+Q/+goN8L/Jl5FU5koJiBSl+fNke0FcpCIw1okNhc5iKegIab3gBGpO2vbSvbdQtK8goVr2RzC99b/y4QAge2Ep9a7IzZ9iVVuot2FlPtzpRLeNd4ugJKrU2UWFIR7dmoGdTenL/+uY58r51MOK+enj6UQkwbfXFcFUeNFCyVgJXsuydo5h9xz46gtThsUn4ZTKUqViEsGsRS1HSL4juqG1cyO1YCa87ydQI24ZvlO3Le20GF2ogiwvTkjPNv5d3WNjZUh9Y50lqNk0HVAIsOaFVSSnIcHGUK8iNjgMF5qzB/kFhHv0/CpMoizwwp53BXQIs9XkhOHnr/tCi6gCfc6Y3Ulx3RtmGp4n797EPHvdVl3RU8L18RK7iF7Y+Rd1+t5Bc2F3iNgRH23EssnLUxFslynfLYm0T82ZX1fDNpZrQ0MuawTwJNV++N1JQtMNHoUgNCKwBAw6bDm9sINgOkcBK9AJlq+/6bUsR4NvreEdIyOc+jX4qdmK+GxGXJ5ET0IZrwyDZXQDha6vY+LSYgXOp+GTT8vc/2/SkXFUujga5AR0FVT/bZ7475uuCRkMCNcqWAYrDO4E0rCXhXtH+uDCwcgWIQE6zL2WKyFVTfQf/QXBaG+R/6cX8goPqxHvPTHy7ZWrNQ05zXof2D7inx62ou2uHhDrm4v9kTZeaBY2MQX8kr2o/D/p6l8AK4UsfqrXv417Z/4xu1Bu4BYyBxw== X-MS-TrafficTypeDiagnostic: BY2PR12MB0145: X-Microsoft-Exchange-Diagnostics: 1;BY2PR12MB0145;25:nbdalm7tX6xfrhzxRLgSWWAl8FaYu8yHESur1J0NiHHj+o9iEazxZrcaupZ5vChMPHCKsKf4LzVGRZc7UHbd1kv7JXRHqGsM/YPT+qKG0s3lC9PxXRg2+XwI1PZhp12ci5aVPKeS0HzPj87UNRkjAe8oCthTZs4GsG5rQysJeWeiXAjkwh2UxJbn9fgSN+85Nz9sWIQS3kBZCgYDAKYxT6kdAjJOJnTGCfHEtbdKOqxA2jbbA2W7YGZAAp4OJzq8e2hUj4yaHRnvnPu/b9uZycSPBF9w9Ya6HBmPPG8DcudPyoThQSNgJFBOvAIgEG/zmdLm8foYELRDa/VumAjgGbbSLwkGXW8MxaWNUA+elIxwIPCJjS+H2/2NWMFbvv44NsbOSkb1HY4RGeKciMp4gM7bzlOKFSynaqYsAbH7A7hUE8zpCL+7OJqtVuEuzobC91At6rsVw4gs884OyDUchO1DxS2G4vbBh+MIiGrXCJJYXhT3Ep70igyR2eiM6g1Qq+k+uDm4VBMWg5NKGiulcHxrNdcMu9zMoSqjLt/k4+h87/jpQ+WD4PBxMSfnlCC7oJ9yl5lUpRH1H7iYBZSZ1S8PzXbKyBl3IL9q+m93phpUFK7BiZAY451NcsM8rp3Ong0M/p2TI2wcsy09HIkBv13FyRDVIo+A/9nfCySPuhpWS+1tFCDK6onK4bsqftB05/Hb1sb3mIoYWSyYnfkNkXTMGEFXrV9q/05FOf23ZBqwlN4QiBex/0L2tjN1SdX/kzy4iMKpeONmjXF6+IBvnDIlYz9aWkQts7IvRGVcf4EK87BKrpjxGgC2KMbS4gJ6p0VeFHKMr8tp8CyWlAXs9Ie42Eh9KUDRmjzXAkuOLUfn+z393U8oIgiGKu6fsGVGqKYg000WA9a8QBWc07WxgX2e4/3pJvb7qNtW3tuh/mw= X-Microsoft-Exchange-Diagnostics: 1;BY2PR12MB0145;31:RkWbjoese7I+37yepRgE3IAoaATE/AgnL7Ob9y8HTQgXhSIerQ1QaQwpGYWZulU63FMWDDfKeYSGyLgtkfQwbsz9Vrq5FNQqyNyNsvjR4Hkg6ixUpU9F+sWVd7PDBQIQ8ahFEfdxOrmzlsNhaE8S5BkCNc29P4NV3IBP+619j5dccUa0TwR6r+B6Z6VpiJLIFA52ejJUWkkMekjYwbuxrRzcfg0qywor3ATsYWs8Poux343m9tpnnpWICK2quk/6uxDk7UD3GbSZrvIhL061MSGUSv8X6+zvvBUYdab02ZcoAOdza7AUEwmB00KCmHUfnT/wmCGjzZ3al50953WKVm4KqqK8aOI0d8BG2nix89qNtZOpAS14kYXT+IXm2RmL8vuu8a3RX3RxvYhI6WeZtjftMTunmfbxCLnTIXC2aRdZmqthiIsCwkfr6r9+jF5/LYQVes7HTOATg10Ba7uFtsXY51+osVmeuqCh5ZS3jHJvrNba2piMaZctccMwVK9l0MDasOfqcEGQ4KqYKyPnPQRjRG3Vh/Ky59d6yzrwRZWNSmenI1zNlYBMOsBo7beHfmicl3A+gIEdPZ7dxLqKceTElWvB5B5MZv0z5TmygJvnV2h1cRzdUQ6AJv7NR5gLzn0tHr4pSIviC6zXF9Zgb2bBvVSLo+DGaR3RMsn8sQg= X-Microsoft-Exchange-Diagnostics: 1;BY2PR12MB0145;20:6P3vMePDUfFjMdRkLBAeeCN87DlO8Y2GnEmP5NOYVdmHzTC7uzke7QYDzb+sVcbHmYLU/FakL0Z+oa37ebrqP5Efk771hJILHks1/e6/QAoZ0N91Na2XlNtr0FNQ75FNTkCFg3BHerxYA7y4U9uzbUkK5c3KW1DIWuAtE9i+wUVGD7XX1G9auyp8TFhDaGuePiUTOl0m3MqjVwZayKlPCFm1sFDxaBF6o6g23WAkIAUIIS/8PktToE1xkoGk1EFsckgxyAM1OnIuxsmul552tKSxggtSlcrwkbzSJ/LE6XWKoqdcbuC7MS1cDbeQYfPPJkd86LU8tBZ+GNvQ3mKQvnG2gVepOTBUfAZuq1qBXMhvJ8iF5IsfYwjbC3NGXPwq7X+odIRt+tXYwT6TBLd1oe4RhWCRnitdsA0vZKji0wSz/cnVRQa92S6p7T31e7pmiJmAwUmOXfo77fK1MnGUwAZItxGEdTyFGV0UJiFbb85ImC7CwGx/J4nksIqNzl9c X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(3002001)(93006095)(93001095)(100000703101)(100105400095)(10201501046)(6055026)(6041248)(20161123562025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123564025)(20161123555025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:BY2PR12MB0145;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:BY2PR12MB0145; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;BY2PR12MB0145;4:U6Wto3pDy1lGR6zc/2Sf6Cx2G7IYWjtsHXZDOTMAGy?= =?us-ascii?Q?7d4uJwOVF9O+eH71fKdVOg3Ynlr6EB0WqRgpL0fgjKQ/nwFyxJv6N4yDaRn6?= =?us-ascii?Q?+dUTJFvhH0gZuxUDBitAmsA5AKSOX4D2ye0tkAb36GwozmoSL+dHaH69lssD?= =?us-ascii?Q?C+OE2inmVXCtCILwfr3kCHvZvLJJIfypJzsuvWmeVXJsyJedpgqOx6S+72Gg?= =?us-ascii?Q?y0dXO8UmWaMgZW5M31bmNsOguuqXE6xA/8fkYwC+NXmmIa+fZWG/H5MG7gVy?= =?us-ascii?Q?lZV713AZoXwMaI2vzD89i7u3/FhyDBqZRML2ikYfbOcZ2/5vZG26MD2CfuFr?= =?us-ascii?Q?1GrfpJn5p0lDH9iU0S2AhBjypoxfJctoPI9DxITvcQo9drvYrPuwmVeDcB+i?= =?us-ascii?Q?QlxVUI+/H53tUtOpmFmg4VC7L6WwYLT31htUv0Gziluclzs4vk2JXq1KRxPY?= =?us-ascii?Q?M/2EcrThWO89iPyJNqj+MS3kEFMaYlHvav52/MshUH/qAKP/XcIVV2NaI0m8?= =?us-ascii?Q?k1vAGc81p0VTUp/MWtV30sa4l1C0W8ZgTKtc0WnIwphr8RmKOIjIh9rgsSSq?= =?us-ascii?Q?cxtl+oXsoqvf6y1r5YNPqI67erzUlOIf4i1UzVjMima8vjVFdHLCg/wBeu+i?= =?us-ascii?Q?mV3DLhjNnYxPWz4T8wQf3MUXKuXMYVblpKi5pyx1nnv9wXTtediHG80kmnSx?= =?us-ascii?Q?VackMTgmDFpQerlzX9K9M1fXSimEruO+6xV8bz1b1gvVO4acR3SaIIzAvBrB?= =?us-ascii?Q?A1T4pO/DeAs8SfghVwJ5X3r1t/59XdVHtf5qz/snrJZlmC50Z05rgezqmTmX?= =?us-ascii?Q?Fh0Q2yjy9s2qO+tJvYdyddyEv7Y16+hcuQbHLir57a6DdGN7MtAhsEcLprd7?= =?us-ascii?Q?//F1+uDxZDyJ1Q0SkKUoVjegIWnC689IyBJNXOLQsR7NH0N02nqPtmInVFWP?= =?us-ascii?Q?05Eke/BVbUvUa+SP9xCShVGwCtOoaJ4TUXEdLY6+9xfd7RFlIz/40kzgrrQx?= =?us-ascii?Q?JtqWEBx5eWH9pQX1rW9vu53OeaO+UtF/+ZH1e32iE3c05ZDxcQDO6jq0TV9c?= =?us-ascii?Q?1/7/6FoRGSZcs/axN7d3MLTfphA77dsyoNUi9aq8zpY83SyJ22JWWv9OYbfz?= =?us-ascii?Q?SdMY/eJo5gzRVWG2F7KAdJPa7m3OqbhFbfy4rJ0+RR7sVh+iI2fcuvCRHvFN?= =?us-ascii?Q?/OUoQ0qZp5M90JQIL7h4VxKljaPrAl2Jue?= X-Forefront-PRVS: 0378F1E47A X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(7370300001)(6009001)(39450400003)(39410400002)(39400400002)(39850400002)(39860400002)(39840400002)(189002)(199003)(7350300001)(68736007)(53416004)(105586002)(54906002)(97736004)(50466002)(6486002)(48376002)(2906002)(106356001)(33646002)(6116002)(1076002)(53936002)(3846002)(189998001)(101416001)(6666003)(2950100002)(478600001)(50986999)(76176999)(81156014)(50226002)(38730400002)(47776003)(5003940100001)(86362001)(25786009)(4326008)(36756003)(42186005)(8676002)(81166006)(110136004)(5660300001)(66066001)(7736002)(305945005)(309714004);DIR:OUT;SFP:1101;SCL:1;SRVR:BY2PR12MB0145;H:ubuntu-010236106000.amd.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;BY2PR12MB0145;23:QfxUEibQw3OAA3ygkCSj2qEUVIbr5oLGqXZshlZjr?= =?us-ascii?Q?0rPq4u++Yn8FBfIpOFioPIZ6y5nN+NIn8WmYfPy3J/82TLHpIzv0fRo8TK47?= =?us-ascii?Q?k7IzuuYn5Ou7K2rEVqGD2FkLPVi1Vp9EjibN5s+FWXjl2hf2HTn8a/DQSR2d?= =?us-ascii?Q?pOCh7Kn2rS/i38b/3vW0hbyovyUrmuAAvaLfLyQT2AJyrFs2FsFyq7TaaxmY?= =?us-ascii?Q?D4XKo7cIjjUCuVrgxAyJPo+b/hwV3qqRhyAAkMvPXMNN1kLPZpj4DAR8esos?= =?us-ascii?Q?rl8zC4hxRPj43Pb8b2Qwc9/gsGPhtRJ4aG3rjpDZcZ6EYheFQTEgpG+au/wC?= =?us-ascii?Q?K3Nr7r6U7wdM4y3HabJtMhFdePpkgAA8hnzjUkeSnp8ALjcrsLtJDP/oCyKl?= =?us-ascii?Q?P5qhR2azVH97O+j5/49NKFYU21R9HG9GsAC1zD+r/hRtscSVpVCkmcdsFrzc?= =?us-ascii?Q?v/h+sWwks6+BHg7iqs654DPx/UzV3pHU7cukUIsiSgj5jX/eSGN5htdR6K/k?= =?us-ascii?Q?nu3SW/9m3hB13BTIkVCDPGqP9Pwo5aJPrqKejRhxzbnytUjBmdD0FCorOuoC?= =?us-ascii?Q?tdz+BquqDS6AvCxxWa88adHy+PY3R2B9WvV+MML0gxb9fqYrFv3sXMzRWify?= =?us-ascii?Q?zKFCGcKQCE7shWZnkluwv1d5klNReLHvT8RayTDWaNcx3xDX6gt9OuqlWhlT?= =?us-ascii?Q?6gQedbrFCj14tV9sD73AVaOStmSJgnVDV+rQO73R77rvP0lykAABNWIGv+1I?= =?us-ascii?Q?tch0yniEIo313FYPNiSHKW0JIg6wTtEjHgTZHman+KnKEEWWCmb19cmK2X4c?= =?us-ascii?Q?nchA7EP1awiPJ8lJvLsBfeURNy2oq+symzKKNJv6ZDYHxmyz41mJSb490LvG?= =?us-ascii?Q?FvZRHCGH88/ozqD8H7yWWUzQ3tfvSNeDk9GKhPpxozRdjCGkZJRqUodSZDEj?= =?us-ascii?Q?KnG2zoaX69V9B8X4ZIi8iYUzZoK4jJIQuDxCHVAlDs4mUJLIDkarzlIOw4za?= =?us-ascii?Q?UzF6kMYhMeHXYrNIYpXOhWWkptufOOEG9GRUC9C+d+TsAMSnm3C06F+Iyiqz?= =?us-ascii?Q?tkahMbYO4WzIfqLpNHZXq8Y75k3HlDl+MIDfRaHidbMjzkJy4u5XtZyWpveg?= =?us-ascii?Q?FpL2JJIgV8kUacPZ4I6JOFybXW4Apo4SC/CNwHyDZM/a1x9r7xpm0R6lzWKZ?= =?us-ascii?Q?VV34G9lYyZyfGcB+2MGkGJidQON+5yVaM+JeK5jdx2rbE+VZyrFEYUo+lXih?= =?us-ascii?Q?mD0SMiLJKnNPeoGeAGX0g9OsiXxePHoI6PBmxFcnPCx57Al+HNLCL6xhyXRO?= =?us-ascii?B?QT09?= X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;BY2PR12MB0145;6:a+fwWKMRAHdxXUJ48wQUiSwn3byueNqqVcxhfNLDSW?= =?us-ascii?Q?gyMafSTPst4IqloL8o4sVSIjMluhRhKgF95HeCmL5aNuWbsdGwTJAyWc0OKx?= =?us-ascii?Q?qDDYuRxtTZUs1HMpYlyBOAh5CPoumr3PTIQinlkIpkhUTZGtPtJ4F1xRSYI6?= =?us-ascii?Q?jLGiVhtZ/s6Ncplvx9bagAz58EQ1LXSJKGLKOiV6FVoZIwZ29WdlCF5kg7dZ?= =?us-ascii?Q?ZuodoUrwcOq4dhmC4WLS8K6FpM3eN9OcjpEm/wkMh79nOWPBzUMAuNZmACOx?= =?us-ascii?Q?2qF3VVthUvLJQ2WvQqWNvSZxpXsNRJDBkJ1AHBQfZNimjtrRI5esh0HMOCam?= =?us-ascii?Q?kUXEsxWSQvY5wh4p6cLb3PbQJx4vKumN72F5c76hxD6L4xsVTTHunWGBCupt?= =?us-ascii?Q?fb5W5K124iLJWRKfoqldO+Bm1JJjuoKKC94ZhodZujoz8zkD92Lpu4cHDKZr?= =?us-ascii?Q?pNEmFM2A9ky+79EJzpz15YVC7EwpBqMIYMZmyNe/Ohdi+Bf+VGtukfi8HeGd?= =?us-ascii?Q?qYs943V/pBLRD1dS+SL16kWZ9M91IwyehchOIExaf6mprJaeTqxO9fLY/FIg?= =?us-ascii?Q?1EBMIPOtVSkKuWUoztJ+pmgd5jxJVdFyvGvRP0aUrZvthkR1XqmMzyagP5y7?= =?us-ascii?Q?SYVCgE6dHxidBfxUJ0MyBlAuZgtBM+RlwiqiKO6AOaLgZ1QgGmtxkgWlm34c?= =?us-ascii?Q?8jUYdP0QwOCdmfAgRbToqA0VLKgX7Yyz8VzQP/97rIWUnErHE4C9P4zF28hy?= =?us-ascii?Q?30PVSB88XchMPdRqA98n+R8VumeAcOghZeqQpuXWGoOXQipo46R1+I3Z5fcN?= =?us-ascii?Q?5xMUr/yZBiz+vttLNokf7g65bTOg44sUDSgilSeyCINiUPdSEjmWra+PfDB+?= =?us-ascii?Q?J6NhQqJzeB24FVIE2774E1alAnOeSU+UV/Nooqo2Wt3JvikcG5mTjsZizOKg?= =?us-ascii?Q?ksFIGN1XPayHCPwuhl7lvT/OeW4QDvivQiCtl56gr24mu9V0unfq0m0L8aZ3?= =?us-ascii?Q?5xXUd4e+Gj34rBOOlzm0A8?= X-Microsoft-Exchange-Diagnostics: 1;BY2PR12MB0145;5:vzLsB37jcBYrrGWbUdDeMJDdY2fcO2g3sPm/2MbLNpzQuM5qAlqBmnaXMMN1HDyk2Gqb73EP9OptuYXRi3IJg0WTb64GEMXhp2F3gHkNMCAJVrr4zcz1Tt4VfEf1qN2t7MvpGA/VxAVnfhSQ7JyDEpwPgWR6iMcUj1NdsgPi3dxs/wfje99ECngv10TDydeC/BgLhBehkvQE5/DkFC3/NCHw++wz0uMAkhkq6VEpGolNcLDJB2NoqoGYRTBQwvITqiw0JQ8yaG6orXFCCLAAzWSZPJsxkI2PjNobv76TUMKxVszLKujJfv0ET059P+0MLvWBmE5EEvG6EFjNdq2bAGrV7iATNb1cigh+Mzv/V3btXZ913O4VU7UxbnsLdmXEa5bMqdtwt4xCyboejNOpax5ygbsRAyOyrf5xtDpw+KRhGmMId1ucfEmaXyq8rg7vGKmBtzh49UgCFsnHStV8D9Pq+Cw7ZcAxDGdy2+u/UCa/QC7gKyY4hvCkEXqXKuKj;24:Q523skJkMb4Uchf69iO5fwJfydiLjgYtu96xVsNk7KMrEdSgIUesn10ypLP+PJWB3B3I6FgtmyjkKVlRKol5F1rl/S5doz9mku9IGQSizzo= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;BY2PR12MB0145;7:S7GIJ6b48HRTHbA9aTkpm9Xy10JHEXTBHWjM+uDv3g3oqI1G49OG5r8fwVDWkSCL3ZqoQ06XNYBtSVpwfTD+9dtG3UopHnPqqzaVD8hexwHPj6DPul4EaAgjHL3RYWsjUlgwuVvyiekXPeeJwuc5ITE2gpHjT3pgF+zl34znERcF8CdEx/SXU1E39szWsztpCC6r33NmXkMdJFzVGf2P6LTr54fe27CwmSUK6J0CaWN8yr1H7LVLxhASY7H/GyWY2PaC0kaW3Ca4ZAozg8rAIJSFscMC68B/9cA0vxgg1rCm6lKBzlgYTfy4yFqQBc/7D1eGQmpk/9Io1WYgVqIohQkcXDtmEare19iAEiW/KQTkJaS02pOo+nJemJfntPNNcWpyqDOrN7rxvaYnyutPCtjauvYGq0OG5KjHEWTSzM5PqeIRfwd6TIosaBwCQXMnMVgUoiu2h9sYHFD0obv12hNFSJ889JVbGcl95BVJJqSoHpnSdiqvh1N2vg29JdAPRjFok+ypY//FL+od0sqdJsK6o6TbpmvXJ5z+BMUHDjl5XX6GiJ9lyla3WNC9UNkavHDAtDBLQrlJYF4VsTvFOfHSqwVtbCQlEVmG0y2angtQKxhje9c/sTtiqcIXjhDLVMNo5UhFTwF1CI08Vwi3JrQNLk+1k01Sp7VYRmjXkcOgx0ezh04f0LJdhNToKKnlX94oX+w0UeGqkYM0hu0+xre7M5mkHBBctVFzEUjPjYwKWw4U1BewT74hkvoWvmKJTs3s34NuVaUYTdLupWp+WG+U+RzprSc8k/B30Y8Uh2s= X-Microsoft-Exchange-Diagnostics: 1;BY2PR12MB0145;20:UoE3420x/MS0Q3i44pZ18Men1r7OkqZUPtGyth5mMysQB074lX6D84Eqvomczi1v1tWdWtXwV7+wxddtLC8EqnNsZchsA+kitS1lxJEpbbMRLSwGPyu1Djs6y03kopV55becp5/8me7yUCuyzDg3X+Zd04vvABm0BsFvhWio6BIL2BEVrxxFv/sJrMKnBTAQEmiYx6TawRvWN/P2oKK75mB3HoM0RwtIgCe5kSAsxaEBj72BoPaiANDl99afOGVm X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jul 2017 20:03:48.0409 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR12MB0145 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The SEV memory encryption engine uses a tweak such that two identical plaintexts at different location will have a different ciphertexts. So swapping or moving ciphertexts of two pages will not result in plaintexts being swapped. Relocating (or migrating) a physical backing pages for SEV guest will require some additional steps. The current SEV key management spec does not provide commands to swap or migrate (move) ciphertexts. For now, we pin the guest memory registered through KVM_MEMORY_ENCRYPT_REGISTER_RAM ioctl. Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm.c | 113 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 114 insertions(+) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 150177e..a91aadf 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -747,6 +747,7 @@ struct kvm_sev_info { unsigned int handle; /* firmware handle */ unsigned int asid; /* asid for this guest */ int sev_fd; /* SEV device fd */ + struct list_head ram_list; /* list of registered ram */ }; struct kvm_arch { diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 75dcaa9..cdb1cf3 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -333,8 +333,19 @@ static int sev_asid_new(void); static void sev_asid_free(int asid); static void sev_deactivate_handle(struct kvm *kvm, int *error); static void sev_decommission_handle(struct kvm *kvm, int *error); +static void sev_unpin_memory(struct page **pages, unsigned long npages); + #define __sme_page_pa(x) __sme_set(page_to_pfn(x) << PAGE_SHIFT) +struct kvm_sev_pin_ram { + struct list_head list; + unsigned long npages; + struct page **pages; + struct kvm_memory_encrypt_ram userspace; +}; + +static void __mem_encrypt_unregister_ram(struct kvm_sev_pin_ram *ram); + static bool svm_sev_enabled(void) { return !!max_sev_asid; @@ -385,6 +396,11 @@ static inline void sev_set_fd(struct kvm *kvm, int fd) to_sev_info(kvm)->sev_fd = fd; } +static inline struct list_head *sev_get_ram_list(struct kvm *kvm) +{ + return &to_sev_info(kvm)->ram_list; +} + static inline void mark_all_dirty(struct vmcb *vmcb) { vmcb->control.clean = 0; @@ -1566,10 +1582,24 @@ static void sev_firmware_uninit(void) static void sev_vm_destroy(struct kvm *kvm) { int state, error; + struct list_head *pos, *q; + struct kvm_sev_pin_ram *ram; + struct list_head *head = sev_get_ram_list(kvm); if (!sev_guest(kvm)) return; + /* + * if userspace was terminated before unregistering the memory region + * then lets unpin all the registered memory. + */ + if (!list_empty(head)) { + list_for_each_safe(pos, q, head) { + ram = list_entry(pos, struct kvm_sev_pin_ram, list); + __mem_encrypt_unregister_ram(ram); + } + } + /* release the firmware resources for this guest */ if (sev_get_handle(kvm)) { sev_deactivate_handle(kvm, &error); @@ -5640,6 +5670,7 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) sev_set_active(kvm); sev_set_asid(kvm, asid); sev_set_fd(kvm, argp->sev_fd); + INIT_LIST_HEAD(sev_get_ram_list(kvm)); ret = 0; e_err: fdput(f); @@ -6437,6 +6468,86 @@ static int svm_memory_encryption_op(struct kvm *kvm, void __user *argp) return r; } +static int mem_encrypt_register_ram(struct kvm *kvm, + struct kvm_memory_encrypt_ram *ram) +{ + struct list_head *head = sev_get_ram_list(kvm); + struct kvm_sev_pin_ram *pin_ram; + + if (!sev_guest(kvm)) + return -ENOTTY; + + pin_ram = kzalloc(sizeof(*pin_ram), GFP_KERNEL); + if (!pin_ram) + return -ENOMEM; + + pin_ram->pages = sev_pin_memory(ram->address, ram->size, + &pin_ram->npages, 1); + if (!pin_ram->pages) + goto e_free; + + /* + * Guest may change the memory encryption attribute from C=0 -> C=1 + * for this memory range. Lets make sure caches are flushed to ensure + * that guest data gets written into memory with correct C-bit. + */ + sev_clflush_pages(pin_ram->pages, pin_ram->npages); + + pin_ram->userspace.address = ram->address; + pin_ram->userspace.size = ram->size; + list_add_tail(&pin_ram->list, head); + return 0; +e_free: + kfree(pin_ram); + return 1; +} + +static struct kvm_sev_pin_ram *sev_find_pinned_ram(struct kvm *kvm, + struct kvm_memory_encrypt_ram *ram) +{ + struct list_head *head = sev_get_ram_list(kvm); + struct kvm_sev_pin_ram *i; + + list_for_each_entry(i, head, list) { + if (i->userspace.address == ram->address && + i->userspace.size == ram->size) + return i; + } + + return NULL; +} + +static void __mem_encrypt_unregister_ram(struct kvm_sev_pin_ram *ram) +{ + /* + * Guest may have changed the memory encryption attribute from + * C=0 -> C=1. Lets make sure caches are flushed to ensure in data + * gets written into memory with correct C-bit. + */ + sev_clflush_pages(ram->pages, ram->npages); + + sev_unpin_memory(ram->pages, ram->npages); + list_del(&ram->list); + kfree(ram); +} + +static int mem_encrypt_unregister_ram(struct kvm *kvm, + struct kvm_memory_encrypt_ram *ram) +{ + struct kvm_sev_pin_ram *pinned_ram; + + if (!sev_guest(kvm)) + return -ENOTTY; + + pinned_ram = sev_find_pinned_ram(kvm, ram); + if (!pinned_ram) + return -EINVAL; + + __mem_encrypt_unregister_ram(pinned_ram); + + return 0; +} + static struct kvm_x86_ops svm_x86_ops __ro_after_init = { .cpu_has_kvm_support = has_svm, .disabled_by_bios = is_disabled, @@ -6551,6 +6662,8 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = { .setup_mce = svm_setup_mce, .memory_encryption_op = svm_memory_encryption_op, + .memory_encryption_register_ram = mem_encrypt_register_ram, + .memory_encryption_unregister_ram = mem_encrypt_unregister_ram, }; static int __init svm_init(void) -- 2.9.4