From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 22072C4338F for ; Wed, 11 Aug 2021 12:19:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 00A616023B for ; Wed, 11 Aug 2021 12:19:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237453AbhHKMTp (ORCPT ); Wed, 11 Aug 2021 08:19:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53972 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237382AbhHKMTe (ORCPT ); Wed, 11 Aug 2021 08:19:34 -0400 Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E3D26C06179B for ; Wed, 11 Aug 2021 05:19:07 -0700 (PDT) Received: by mail-lf1-x133.google.com with SMTP id w20so5259617lfu.7 for ; Wed, 11 Aug 2021 05:19:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=QRfjFOudnOiwA+M7/UAaVDTJpihSFBYjea6mHo6NSYA=; b=FrdABWFOYFHYVQYvsn9eIFG1XXIqUnaFBCPEPrWXTbkImjcaYqnfbbDKJbjXTj8n2z XKpeeMl+HDYMaw1njH7BCzSmXb2GWH1pBn4+E1w1Zkax9zqjTCMN0ceFLpN0oNSL7p4h tTOYo06jVnb3EuSp9CAkw3RajLjCGRh5DcWWOVaUC3oCLa3fiXHjMHrKiPKxkbd9MHf4 XWiG9YDES/j+Q6K8AbBgatHhy3Ey7EF4Mw9l8egNLjOvPiIJBkLqlDJHfGJd1OD2IwY9 /Dj5oeYRUTA55X3eykWwXtvq+RdRhaXu8H17iGSYXfRtDXdJr3ACYPa147h4M5kexh1Q 1YFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=QRfjFOudnOiwA+M7/UAaVDTJpihSFBYjea6mHo6NSYA=; b=OHbfiXm8OYwNFVQY1q4kGPboAOjuHq/B2vlca7CUtLP3roKB/cIzKN1IUcZgmeH70M heVaIJYrgrXdGvcNjh9OCS4jdScaDJHXZ34DGiP/LU7RKtdDpMUjsMVKln9C5GhYrvtm GFpN9JUPdRLU2T5nKezAks7bfHZUL5LNs1w+KtapGjlk/5uc6y6z39S2RN0ZzrLopgjR NSD2mhkoW4HrAVhjwzgMumxcqksZ2rnCQ10lPHYF18DKoFK+S4sZEAOBsMvxW9Ss3PwI 8A40DhH8R4+mnsPK1EhItuDrJ/pT6CaqpGkCvBuAIp4XPrqM6TKezRLnD313ScH0XZUT xYmA== X-Gm-Message-State: AOAM531athbcn7OrTQC/F+zV3TmqWtMkoy2CgSdHqhiaDgG46dsacERQ 7isDK9iYCyEXpJc5MCHdBZq2mg== X-Google-Smtp-Source: ABdhPJwYqCmmrayYkwT8dKOh/tHUuUvcGTl6bQD02skpgV77PxIfPFHOo1k2HSgXk2Z2qwWhaj6ksA== X-Received: by 2002:ac2:50d8:: with SMTP id h24mr4762329lfm.631.1628684346244; Wed, 11 Aug 2021 05:19:06 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id w7sm2337599lft.285.2021.08.11.05.19.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Aug 2021 05:19:05 -0700 (PDT) Received: by box.localdomain (Postfix, from userid 1000) id A68EB102A2E; Wed, 11 Aug 2021 15:19:17 +0300 (+03) Date: Wed, 11 Aug 2021 15:19:17 +0300 From: "Kirill A. Shutemov" To: Tom Lendacky Cc: "Kuppuswamy, Sathyanarayanan" , linux-kernel@vger.kernel.org, x86@kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org, iommu@lists.linux-foundation.org, kvm@vger.kernel.org, linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org, linux-graphics-maintainer@vmware.com, amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, kexec@lists.infradead.org, linux-fsdevel@vger.kernel.org, Borislav Petkov , Brijesh Singh , Joerg Roedel , Andi Kleen , Tianyu Lan , Thomas Gleixner , Ingo Molnar , Dave Hansen , Andy Lutomirski , Peter Zijlstra , David Airlie , Daniel Vetter , Maarten Lankhorst , Maxime Ripard , Thomas Zimmermann , Will Deacon , Dave Young , Baoquan He Subject: Re: [PATCH 07/11] treewide: Replace the use of mem_encrypt_active() with prot_guest_has() Message-ID: <20210811121917.ghxi7g4mctuybhbk@box.shutemov.name> References: <029791b24c6412f9427cfe6ec598156c64395964.1627424774.git.thomas.lendacky@amd.com> <166f30d8-9abb-02de-70d8-6e97f44f85df@linux.intel.com> <4b885c52-f70a-147e-86bd-c71a8f4ef564@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <4b885c52-f70a-147e-86bd-c71a8f4ef564@amd.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Aug 10, 2021 at 02:48:54PM -0500, Tom Lendacky wrote: > On 8/10/21 1:45 PM, Kuppuswamy, Sathyanarayanan wrote: > > > > > > On 7/27/21 3:26 PM, Tom Lendacky wrote: > >> diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c > >> index de01903c3735..cafed6456d45 100644 > >> --- a/arch/x86/kernel/head64.c > >> +++ b/arch/x86/kernel/head64.c > >> @@ -19,7 +19,7 @@ > >>   #include > >>   #include > >>   #include > >> -#include > >> +#include > >>   #include > >>     #include > >> @@ -285,7 +285,7 @@ unsigned long __head __startup_64(unsigned long > >> physaddr, > >>        * there is no need to zero it after changing the memory encryption > >>        * attribute. > >>        */ > >> -    if (mem_encrypt_active()) { > >> +    if (prot_guest_has(PATTR_MEM_ENCRYPT)) { > >>           vaddr = (unsigned long)__start_bss_decrypted; > >>           vaddr_end = (unsigned long)__end_bss_decrypted; > > > > > > Since this change is specific to AMD, can you replace PATTR_MEM_ENCRYPT with > > prot_guest_has(PATTR_SME) || prot_guest_has(PATTR_SEV). It is not used in > > TDX. > > This is a direct replacement for now. With current implementation of prot_guest_has() for TDX it breaks boot for me. Looking at code agains, now I *think* the reason is accessing a global variable from __startup_64() inside TDX version of prot_guest_has(). __startup_64() is special. If you access any global variable you need to use fixup_pointer(). See comment before __startup_64(). I'm not sure how you get away with accessing sme_me_mask directly from there. Any clues? Maybe just a luck and complier generates code just right for your case, I donno. A separate point is that TDX version of prot_guest_has() relies on cpu_feature_enabled() which is not ready at this point. I think __bss_decrypted fixup has to be done if sme_me_mask is non-zero. Or just do it uncoditionally because it's NOP for sme_me_mask == 0. > I think the change you're requesting > should be done as part of the TDX support patches so it's clear why it is > being changed. > > But, wouldn't TDX still need to do something with this shared/unencrypted > area, though? Or since it is shared, there's actually nothing you need to > do (the bss decrpyted section exists even if CONFIG_AMD_MEM_ENCRYPT is not > configured)? AFAICS, only kvmclock uses __bss_decrypted. We don't enable kvmclock in TDX at the moment. It may change in the future. -- Kirill A. Shutemov From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4A19FC4338F for ; Wed, 11 Aug 2021 12:19:16 +0000 (UTC) Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D370260FC4 for ; Wed, 11 Aug 2021 12:19:15 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org D370260FC4 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=shutemov.name Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.linux-foundation.org Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 9612A60878; Wed, 11 Aug 2021 12:19:15 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id inZupzHF8VxQ; Wed, 11 Aug 2021 12:19:11 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTPS id 5D51160093; Wed, 11 Aug 2021 12:19:11 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 2B91AC001A; Wed, 11 Aug 2021 12:19:11 +0000 (UTC) Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 4F81BC000E for ; Wed, 11 Aug 2021 12:19:09 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 3E0CF4045A for ; Wed, 11 Aug 2021 12:19:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp4.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=shutemov-name.20150623.gappssmtp.com Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id coaDVyhS-xDS for ; Wed, 11 Aug 2021 12:19:08 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) by smtp4.osuosl.org (Postfix) with ESMTPS id 5C36840472 for ; Wed, 11 Aug 2021 12:19:08 +0000 (UTC) Received: by mail-lf1-x12e.google.com with SMTP id g30so5291130lfv.4 for ; Wed, 11 Aug 2021 05:19:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=QRfjFOudnOiwA+M7/UAaVDTJpihSFBYjea6mHo6NSYA=; b=FrdABWFOYFHYVQYvsn9eIFG1XXIqUnaFBCPEPrWXTbkImjcaYqnfbbDKJbjXTj8n2z XKpeeMl+HDYMaw1njH7BCzSmXb2GWH1pBn4+E1w1Zkax9zqjTCMN0ceFLpN0oNSL7p4h tTOYo06jVnb3EuSp9CAkw3RajLjCGRh5DcWWOVaUC3oCLa3fiXHjMHrKiPKxkbd9MHf4 XWiG9YDES/j+Q6K8AbBgatHhy3Ey7EF4Mw9l8egNLjOvPiIJBkLqlDJHfGJd1OD2IwY9 /Dj5oeYRUTA55X3eykWwXtvq+RdRhaXu8H17iGSYXfRtDXdJr3ACYPa147h4M5kexh1Q 1YFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=QRfjFOudnOiwA+M7/UAaVDTJpihSFBYjea6mHo6NSYA=; b=YHeQJyvv1pA/hSXstwixwa3dmoMf5tvIQTo3EdO6jb9o2ELFbGxRxuWiD9Jxhm48QM E45yzoKvePYIz6vXNG2zq0h7VqYbfpKcX+qDNvsQ4x7mcdP28JCp4YvoWQfpljwlOO3i uV5YlxZLp+f2/H/n0dJqADuXYf7cfG4MpRVwaKXAnWcW2R1tvkLHlE3LWxn1By6kwaF8 W/a8KM0eShBEEifMdOpSL5xvKk6wrF8S16QxriCPMb5rrCkk53BSOr3rRQQsJ3l5Fqme Iyk4pX/IbOCW63fwgHxUX/n9mDIXiYDEMTfC5svZAoVo6Xzx5kmbvfxG7+BuTcuFXlMl kJ2A== X-Gm-Message-State: AOAM532+ETznhzZ/Z/OQTq2qz4CauAKtTOmRf0liA1qx/P34pOrmTGIX yTUHffgmVcVUo+4YVJ8yCVhE6A== X-Google-Smtp-Source: ABdhPJwYqCmmrayYkwT8dKOh/tHUuUvcGTl6bQD02skpgV77PxIfPFHOo1k2HSgXk2Z2qwWhaj6ksA== X-Received: by 2002:ac2:50d8:: with SMTP id h24mr4762329lfm.631.1628684346244; Wed, 11 Aug 2021 05:19:06 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id w7sm2337599lft.285.2021.08.11.05.19.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Aug 2021 05:19:05 -0700 (PDT) Received: by box.localdomain (Postfix, from userid 1000) id A68EB102A2E; Wed, 11 Aug 2021 15:19:17 +0300 (+03) Date: Wed, 11 Aug 2021 15:19:17 +0300 From: "Kirill A. Shutemov" To: Tom Lendacky Subject: Re: [PATCH 07/11] treewide: Replace the use of mem_encrypt_active() with prot_guest_has() Message-ID: <20210811121917.ghxi7g4mctuybhbk@box.shutemov.name> References: <029791b24c6412f9427cfe6ec598156c64395964.1627424774.git.thomas.lendacky@amd.com> <166f30d8-9abb-02de-70d8-6e97f44f85df@linux.intel.com> <4b885c52-f70a-147e-86bd-c71a8f4ef564@amd.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <4b885c52-f70a-147e-86bd-c71a8f4ef564@amd.com> Cc: linux-efi@vger.kernel.org, Brijesh Singh , kvm@vger.kernel.org, Peter Zijlstra , Dave Hansen , dri-devel@lists.freedesktop.org, platform-driver-x86@vger.kernel.org, Will Deacon , linux-s390@vger.kernel.org, Andi Kleen , x86@kernel.org, amd-gfx@lists.freedesktop.org, David Airlie , Ingo Molnar , linux-graphics-maintainer@vmware.com, Dave Young , Tianyu Lan , Thomas Zimmermann , Maarten Lankhorst , Maxime Ripard , Borislav Petkov , Andy Lutomirski , Thomas Gleixner , kexec@lists.infradead.org, linux-kernel@vger.kernel.org, iommu@lists.linux-foundation.org, Daniel Vetter , linux-fsdevel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org X-BeenThere: iommu@lists.linux-foundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Development issues for Linux IOMMU support List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Errors-To: iommu-bounces@lists.linux-foundation.org Sender: "iommu" On Tue, Aug 10, 2021 at 02:48:54PM -0500, Tom Lendacky wrote: > On 8/10/21 1:45 PM, Kuppuswamy, Sathyanarayanan wrote: > > = > > = > > On 7/27/21 3:26 PM, Tom Lendacky wrote: > >> diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c > >> index de01903c3735..cafed6456d45 100644 > >> --- a/arch/x86/kernel/head64.c > >> +++ b/arch/x86/kernel/head64.c > >> @@ -19,7 +19,7 @@ > >> =A0 #include > >> =A0 #include > >> =A0 #include > >> -#include > >> +#include > >> =A0 #include > >> =A0 =A0 #include > >> @@ -285,7 +285,7 @@ unsigned long __head __startup_64(unsigned long > >> physaddr, > >> =A0=A0=A0=A0=A0=A0 * there is no need to zero it after changing the me= mory encryption > >> =A0=A0=A0=A0=A0=A0 * attribute. > >> =A0=A0=A0=A0=A0=A0 */ > >> -=A0=A0=A0 if (mem_encrypt_active()) { > >> +=A0=A0=A0 if (prot_guest_has(PATTR_MEM_ENCRYPT)) { > >> =A0=A0=A0=A0=A0=A0=A0=A0=A0 vaddr =3D (unsigned long)__start_bss_decry= pted; > >> =A0=A0=A0=A0=A0=A0=A0=A0=A0 vaddr_end =3D (unsigned long)__end_bss_dec= rypted; > > = > > = > > Since this change is specific to AMD, can you replace PATTR_MEM_ENCRYPT= with > > prot_guest_has(PATTR_SME) || prot_guest_has(PATTR_SEV). It is not used = in > > TDX. > = > This is a direct replacement for now. With current implementation of prot_guest_has() for TDX it breaks boot for me. Looking at code agains, now I *think* the reason is accessing a global variable from __startup_64() inside TDX version of prot_guest_has(). __startup_64() is special. If you access any global variable you need to use fixup_pointer(). See comment before __startup_64(). I'm not sure how you get away with accessing sme_me_mask directly from there. Any clues? Maybe just a luck and complier generates code just right for your case, I donno. A separate point is that TDX version of prot_guest_has() relies on cpu_feature_enabled() which is not ready at this point. I think __bss_decrypted fixup has to be done if sme_me_mask is non-zero. Or just do it uncoditionally because it's NOP for sme_me_mask =3D=3D 0. > I think the change you're requesting > should be done as part of the TDX support patches so it's clear why it is > being changed. > = > But, wouldn't TDX still need to do something with this shared/unencrypted > area, though? Or since it is shared, there's actually nothing you need to > do (the bss decrpyted section exists even if CONFIG_AMD_MEM_ENCRYPT is not > configured)? AFAICS, only kvmclock uses __bss_decrypted. We don't enable kvmclock in TDX at the moment. It may change in the future. -- = Kirill A. Shutemov _______________________________________________ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E93A2C4338F for ; Wed, 11 Aug 2021 12:19:56 +0000 (UTC) Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E25C96023B for ; Wed, 11 Aug 2021 12:19:55 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org E25C96023B Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=shutemov.name Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.ozlabs.org Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4Gl85k0jDQz3bW8 for ; Wed, 11 Aug 2021 22:19:54 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=shutemov-name.20150623.gappssmtp.com header.i=@shutemov-name.20150623.gappssmtp.com header.a=rsa-sha256 header.s=20150623 header.b=FrdABWFO; dkim-atps=neutral Authentication-Results: lists.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=shutemov.name (client-ip=2a00:1450:4864:20::134; helo=mail-lf1-x134.google.com; envelope-from=kirill@shutemov.name; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=shutemov-name.20150623.gappssmtp.com header.i=@shutemov-name.20150623.gappssmtp.com header.a=rsa-sha256 header.s=20150623 header.b=FrdABWFO; dkim-atps=neutral Received: from mail-lf1-x134.google.com (mail-lf1-x134.google.com [IPv6:2a00:1450:4864:20::134]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4Gl84x28bJz3019 for ; Wed, 11 Aug 2021 22:19:11 +1000 (AEST) Received: by mail-lf1-x134.google.com with SMTP id d4so5219308lfk.9 for ; Wed, 11 Aug 2021 05:19:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=QRfjFOudnOiwA+M7/UAaVDTJpihSFBYjea6mHo6NSYA=; b=FrdABWFOYFHYVQYvsn9eIFG1XXIqUnaFBCPEPrWXTbkImjcaYqnfbbDKJbjXTj8n2z XKpeeMl+HDYMaw1njH7BCzSmXb2GWH1pBn4+E1w1Zkax9zqjTCMN0ceFLpN0oNSL7p4h tTOYo06jVnb3EuSp9CAkw3RajLjCGRh5DcWWOVaUC3oCLa3fiXHjMHrKiPKxkbd9MHf4 XWiG9YDES/j+Q6K8AbBgatHhy3Ey7EF4Mw9l8egNLjOvPiIJBkLqlDJHfGJd1OD2IwY9 /Dj5oeYRUTA55X3eykWwXtvq+RdRhaXu8H17iGSYXfRtDXdJr3ACYPa147h4M5kexh1Q 1YFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=QRfjFOudnOiwA+M7/UAaVDTJpihSFBYjea6mHo6NSYA=; b=K4jmz71F2KbFKpB8/1vfkJWYghr61sa7AIGuoHN0a1peZgeAmgfJYw7f2xQR1vfsq9 mlqxzWhlVtRDr+7lmfmzHhpzKk7iCwgWfCen2E3H4qJr0Y8lzJ6ukd15gscsbh4P3rxa /1GbwHKh4XZGI5GdX7mJ4GNHy9AkmsKsep6UnGxnEGDhOKFYPs1SYeVn/epa/cTO6c0i q8NSZHkyBrObfVNq3qXKalQvPGS76my1lg3mw0VO2d26XQJzRfW5wRvf5AxAYndTtDFn W0uBRNVWr/2wwT5WvKiL6JFcXQeC4OWg2sS7ijNXtmgoIoN0/ZFaGkF2qNTE7JMSf6ut xmAg== X-Gm-Message-State: AOAM530iOTtt/xnErMz2KCk9jcyGDc+mTYYI7+nniSnmNHrSBQX/wrgc K6j3qLIf6UFvrbFiDpUiFBJRTw== X-Google-Smtp-Source: ABdhPJwYqCmmrayYkwT8dKOh/tHUuUvcGTl6bQD02skpgV77PxIfPFHOo1k2HSgXk2Z2qwWhaj6ksA== X-Received: by 2002:ac2:50d8:: with SMTP id h24mr4762329lfm.631.1628684346244; Wed, 11 Aug 2021 05:19:06 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id w7sm2337599lft.285.2021.08.11.05.19.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Aug 2021 05:19:05 -0700 (PDT) Received: by box.localdomain (Postfix, from userid 1000) id A68EB102A2E; Wed, 11 Aug 2021 15:19:17 +0300 (+03) Date: Wed, 11 Aug 2021 15:19:17 +0300 From: "Kirill A. Shutemov" To: Tom Lendacky Subject: Re: [PATCH 07/11] treewide: Replace the use of mem_encrypt_active() with prot_guest_has() Message-ID: <20210811121917.ghxi7g4mctuybhbk@box.shutemov.name> References: <029791b24c6412f9427cfe6ec598156c64395964.1627424774.git.thomas.lendacky@amd.com> <166f30d8-9abb-02de-70d8-6e97f44f85df@linux.intel.com> <4b885c52-f70a-147e-86bd-c71a8f4ef564@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <4b885c52-f70a-147e-86bd-c71a8f4ef564@amd.com> X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Kuppuswamy, Sathyanarayanan" , linux-efi@vger.kernel.org, Brijesh Singh , kvm@vger.kernel.org, Peter Zijlstra , Dave Hansen , dri-devel@lists.freedesktop.org, platform-driver-x86@vger.kernel.org, Will Deacon , linux-s390@vger.kernel.org, Andi Kleen , Baoquan He , Joerg Roedel , x86@kernel.org, amd-gfx@lists.freedesktop.org, David Airlie , Ingo Molnar , linux-graphics-maintainer@vmware.com, Dave Young , Tianyu Lan , Thomas Zimmermann , Maarten Lankhorst , Maxime Ripard , Borislav Petkov , Andy Lutomirski , Thomas Gleixner , kexec@lists.infradead.org, linux-kernel@vger.kernel.org, iommu@lists.linux-foundation.org, Daniel Vetter , linux-fsdevel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" On Tue, Aug 10, 2021 at 02:48:54PM -0500, Tom Lendacky wrote: > On 8/10/21 1:45 PM, Kuppuswamy, Sathyanarayanan wrote: > > > > > > On 7/27/21 3:26 PM, Tom Lendacky wrote: > >> diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c > >> index de01903c3735..cafed6456d45 100644 > >> --- a/arch/x86/kernel/head64.c > >> +++ b/arch/x86/kernel/head64.c > >> @@ -19,7 +19,7 @@ > >>   #include > >>   #include > >>   #include > >> -#include > >> +#include > >>   #include > >>     #include > >> @@ -285,7 +285,7 @@ unsigned long __head __startup_64(unsigned long > >> physaddr, > >>        * there is no need to zero it after changing the memory encryption > >>        * attribute. > >>        */ > >> -    if (mem_encrypt_active()) { > >> +    if (prot_guest_has(PATTR_MEM_ENCRYPT)) { > >>           vaddr = (unsigned long)__start_bss_decrypted; > >>           vaddr_end = (unsigned long)__end_bss_decrypted; > > > > > > Since this change is specific to AMD, can you replace PATTR_MEM_ENCRYPT with > > prot_guest_has(PATTR_SME) || prot_guest_has(PATTR_SEV). It is not used in > > TDX. > > This is a direct replacement for now. With current implementation of prot_guest_has() for TDX it breaks boot for me. Looking at code agains, now I *think* the reason is accessing a global variable from __startup_64() inside TDX version of prot_guest_has(). __startup_64() is special. If you access any global variable you need to use fixup_pointer(). See comment before __startup_64(). I'm not sure how you get away with accessing sme_me_mask directly from there. Any clues? Maybe just a luck and complier generates code just right for your case, I donno. A separate point is that TDX version of prot_guest_has() relies on cpu_feature_enabled() which is not ready at this point. I think __bss_decrypted fixup has to be done if sme_me_mask is non-zero. Or just do it uncoditionally because it's NOP for sme_me_mask == 0. > I think the change you're requesting > should be done as part of the TDX support patches so it's clear why it is > being changed. > > But, wouldn't TDX still need to do something with this shared/unencrypted > area, though? Or since it is shared, there's actually nothing you need to > do (the bss decrpyted section exists even if CONFIG_AMD_MEM_ENCRYPT is not > configured)? AFAICS, only kvmclock uses __bss_decrypted. We don't enable kvmclock in TDX at the moment. It may change in the future. -- Kirill A. Shutemov From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail-lf1-x12e.google.com ([2a00:1450:4864:20::12e]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mDnCP-006xqt-0n for kexec@lists.infradead.org; Wed, 11 Aug 2021 12:19:10 +0000 Received: by mail-lf1-x12e.google.com with SMTP id w1so5068372lfq.10 for ; Wed, 11 Aug 2021 05:19:07 -0700 (PDT) Date: Wed, 11 Aug 2021 15:19:17 +0300 From: "Kirill A. Shutemov" Subject: Re: [PATCH 07/11] treewide: Replace the use of mem_encrypt_active() with prot_guest_has() Message-ID: <20210811121917.ghxi7g4mctuybhbk@box.shutemov.name> References: <029791b24c6412f9427cfe6ec598156c64395964.1627424774.git.thomas.lendacky@amd.com> <166f30d8-9abb-02de-70d8-6e97f44f85df@linux.intel.com> <4b885c52-f70a-147e-86bd-c71a8f4ef564@amd.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <4b885c52-f70a-147e-86bd-c71a8f4ef564@amd.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: "kexec" Errors-To: kexec-bounces+dwmw2=infradead.org@lists.infradead.org To: Tom Lendacky Cc: "Kuppuswamy, Sathyanarayanan" , linux-kernel@vger.kernel.org, x86@kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org, iommu@lists.linux-foundation.org, kvm@vger.kernel.org, linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org, linux-graphics-maintainer@vmware.com, amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, kexec@lists.infradead.org, linux-fsdevel@vger.kernel.org, Borislav Petkov , Brijesh Singh , Joerg Roedel , Andi Kleen , Tianyu Lan , Thomas Gleixner , Ingo Molnar , Dave Hansen , Andy Lutomirski , Peter Zijlstra , David Airlie , Daniel Vetter , Maarten Lankhorst , Maxime Ripard , Thomas Zimmermann , Will Deacon , Dave Young , Baoquan He On Tue, Aug 10, 2021 at 02:48:54PM -0500, Tom Lendacky wrote: > On 8/10/21 1:45 PM, Kuppuswamy, Sathyanarayanan wrote: > > = > > = > > On 7/27/21 3:26 PM, Tom Lendacky wrote: > >> diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c > >> index de01903c3735..cafed6456d45 100644 > >> --- a/arch/x86/kernel/head64.c > >> +++ b/arch/x86/kernel/head64.c > >> @@ -19,7 +19,7 @@ > >> =A0 #include > >> =A0 #include > >> =A0 #include > >> -#include > >> +#include > >> =A0 #include > >> =A0 =A0 #include > >> @@ -285,7 +285,7 @@ unsigned long __head __startup_64(unsigned long > >> physaddr, > >> =A0=A0=A0=A0=A0=A0 * there is no need to zero it after changing the me= mory encryption > >> =A0=A0=A0=A0=A0=A0 * attribute. > >> =A0=A0=A0=A0=A0=A0 */ > >> -=A0=A0=A0 if (mem_encrypt_active()) { > >> +=A0=A0=A0 if (prot_guest_has(PATTR_MEM_ENCRYPT)) { > >> =A0=A0=A0=A0=A0=A0=A0=A0=A0 vaddr =3D (unsigned long)__start_bss_decry= pted; > >> =A0=A0=A0=A0=A0=A0=A0=A0=A0 vaddr_end =3D (unsigned long)__end_bss_dec= rypted; > > = > > = > > Since this change is specific to AMD, can you replace PATTR_MEM_ENCRYPT= with > > prot_guest_has(PATTR_SME) || prot_guest_has(PATTR_SEV). It is not used = in > > TDX. > = > This is a direct replacement for now. With current implementation of prot_guest_has() for TDX it breaks boot for me. Looking at code agains, now I *think* the reason is accessing a global variable from __startup_64() inside TDX version of prot_guest_has(). __startup_64() is special. If you access any global variable you need to use fixup_pointer(). See comment before __startup_64(). I'm not sure how you get away with accessing sme_me_mask directly from there. Any clues? Maybe just a luck and complier generates code just right for your case, I donno. A separate point is that TDX version of prot_guest_has() relies on cpu_feature_enabled() which is not ready at this point. I think __bss_decrypted fixup has to be done if sme_me_mask is non-zero. Or just do it uncoditionally because it's NOP for sme_me_mask =3D=3D 0. > I think the change you're requesting > should be done as part of the TDX support patches so it's clear why it is > being changed. > = > But, wouldn't TDX still need to do something with this shared/unencrypted > area, though? Or since it is shared, there's actually nothing you need to > do (the bss decrpyted section exists even if CONFIG_AMD_MEM_ENCRYPT is not > configured)? AFAICS, only kvmclock uses __bss_decrypted. We don't enable kvmclock in TDX at the moment. It may change in the future. -- = Kirill A. Shutemov _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec