[PATCH v11 09/13] mm: x86: Invoke hypercall when page encryption status is changed

Ashish Kalra Mon, 05 Apr 2021 07:30:05 -0700

From: Brijesh Singh <brijesh.si...@amd.com>

Invoke a hypercall when a memory region is changed from encrypted ->
decrypted and vice versa. Hypervisor needs to know the page encryption
status during the guest migration.


Cc: Thomas Gleixner <t...@linutronix.de>
Cc: Ingo Molnar <mi...@redhat.com>
Cc: "H. Peter Anvin" <h...@zytor.com>
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: Joerg Roedel <j...@8bytes.org>
Cc: Borislav Petkov <b...@suse.de>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: x...@kernel.org
Cc: k...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Venu Busireddy <venu.busire...@oracle.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Signed-off-by: Ashish Kalra <ashish.ka...@amd.com>
---
 arch/x86/include/asm/paravirt.h       | 10 +++++
 arch/x86/include/asm/paravirt_types.h |  2 +
 arch/x86/kernel/paravirt.c            |  1 +
 arch/x86/mm/mem_encrypt.c             | 57 ++++++++++++++++++++++++++-
 arch/x86/mm/pat/set_memory.c          |  7 ++++
 5 files changed, 76 insertions(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h
index 4abf110e2243..efaa3e628967 100644
--- a/arch/x86/include/asm/paravirt.h
+++ b/arch/x86/include/asm/paravirt.h
@@ -84,6 +84,12 @@ static inline void paravirt_arch_exit_mmap(struct mm_struct 
*mm)
        PVOP_VCALL1(mmu.exit_mmap, mm);
 }
 
+static inline void page_encryption_changed(unsigned long vaddr, int npages,
+                                               bool enc)
+{
+       PVOP_VCALL3(mmu.page_encryption_changed, vaddr, npages, enc);
+}
+
 #ifdef CONFIG_PARAVIRT_XXL
 static inline void load_sp0(unsigned long sp0)
 {
@@ -799,6 +805,10 @@ static inline void paravirt_arch_dup_mmap(struct mm_struct 
*oldmm,
 static inline void paravirt_arch_exit_mmap(struct mm_struct *mm)
 {
 }
+
+static inline void page_encryption_changed(unsigned long vaddr, int npages, 
bool enc)
+{
+}
 #endif
 #endif /* __ASSEMBLY__ */
 #endif /* _ASM_X86_PARAVIRT_H */
diff --git a/arch/x86/include/asm/paravirt_types.h 
b/arch/x86/include/asm/paravirt_types.h
index de87087d3bde..69ef9c207b38 100644
--- a/arch/x86/include/asm/paravirt_types.h
+++ b/arch/x86/include/asm/paravirt_types.h
@@ -195,6 +195,8 @@ struct pv_mmu_ops {
 
        /* Hook for intercepting the destruction of an mm_struct. */
        void (*exit_mmap)(struct mm_struct *mm);
+       void (*page_encryption_changed)(unsigned long vaddr, int npages,
+                                       bool enc);
 
 #ifdef CONFIG_PARAVIRT_XXL
        struct paravirt_callee_save read_cr2;
diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c
index c60222ab8ab9..9f206e192f6b 100644
--- a/arch/x86/kernel/paravirt.c
+++ b/arch/x86/kernel/paravirt.c
@@ -335,6 +335,7 @@ struct paravirt_patch_template pv_ops = {
                        (void (*)(struct mmu_gather *, void *))tlb_remove_page,
 
        .mmu.exit_mmap          = paravirt_nop,
+       .mmu.page_encryption_changed    = paravirt_nop,
 
 #ifdef CONFIG_PARAVIRT_XXL
        .mmu.read_cr2           = __PV_IS_CALLEE_SAVE(native_read_cr2),
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index ae78cef79980..fae9ccbd0da7 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -19,6 +19,7 @@
 #include <linux/kernel.h>
 #include <linux/bitops.h>
 #include <linux/dma-mapping.h>
+#include <linux/kvm_para.h>
 
 #include <asm/tlbflush.h>
 #include <asm/fixmap.h>
@@ -29,6 +30,7 @@
 #include <asm/processor-flags.h>
 #include <asm/msr.h>
 #include <asm/cmdline.h>
+#include <asm/kvm_para.h>
 
 #include "mm_internal.h"
 
@@ -229,6 +231,47 @@ void __init sev_setup_arch(void)
        swiotlb_adjust_size(size);
 }
 
+static void set_memory_enc_dec_hypercall(unsigned long vaddr, int npages,
+                                       bool enc)
+{
+       unsigned long sz = npages << PAGE_SHIFT;
+       unsigned long vaddr_end, vaddr_next;
+
+       vaddr_end = vaddr + sz;
+
+       for (; vaddr < vaddr_end; vaddr = vaddr_next) {
+               int psize, pmask, level;
+               unsigned long pfn;
+               pte_t *kpte;
+
+               kpte = lookup_address(vaddr, &level);
+               if (!kpte || pte_none(*kpte))
+                       return;
+
+               switch (level) {
+               case PG_LEVEL_4K:
+                       pfn = pte_pfn(*kpte);
+                       break;
+               case PG_LEVEL_2M:
+                       pfn = pmd_pfn(*(pmd_t *)kpte);
+                       break;
+               case PG_LEVEL_1G:
+                       pfn = pud_pfn(*(pud_t *)kpte);
+                       break;
+               default:
+                       return;
+               }
+
+               psize = page_level_size(level);
+               pmask = page_level_mask(level);
+
+               kvm_sev_hypercall3(KVM_HC_PAGE_ENC_STATUS,
+                                  pfn << PAGE_SHIFT, psize >> PAGE_SHIFT, enc);
+
+               vaddr_next = (vaddr & pmask) + psize;
+       }
+}
+
 static void __init __set_clr_pte_enc(pte_t *kpte, int level, bool enc)
 {
        pgprot_t old_prot, new_prot;
@@ -286,12 +329,13 @@ static void __init __set_clr_pte_enc(pte_t *kpte, int 
level, bool enc)
 static int __init early_set_memory_enc_dec(unsigned long vaddr,
                                           unsigned long size, bool enc)
 {
-       unsigned long vaddr_end, vaddr_next;
+       unsigned long vaddr_end, vaddr_next, start;
        unsigned long psize, pmask;
        int split_page_size_mask;
        int level, ret;
        pte_t *kpte;
 
+       start = vaddr;
        vaddr_next = vaddr;
        vaddr_end = vaddr + size;
 
@@ -346,6 +390,8 @@ static int __init early_set_memory_enc_dec(unsigned long 
vaddr,
 
        ret = 0;
 
+       set_memory_enc_dec_hypercall(start, PAGE_ALIGN(size) >> PAGE_SHIFT,
+                                       enc);
 out:
        __flush_tlb_all();
        return ret;
@@ -481,6 +527,15 @@ void __init mem_encrypt_init(void)
        if (sev_active() && !sev_es_active())
                static_branch_enable(&sev_enable_key);
 
+#ifdef CONFIG_PARAVIRT
+       /*
+        * With SEV, we need to make a hypercall when page encryption state is
+        * changed.
+        */
+       if (sev_active())
+               pv_ops.mmu.page_encryption_changed = 
set_memory_enc_dec_hypercall;
+#endif
+
        print_mem_encrypt_feature_info();
 }
 
diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c
index 16f878c26667..3576b583ac65 100644
--- a/arch/x86/mm/pat/set_memory.c
+++ b/arch/x86/mm/pat/set_memory.c
@@ -27,6 +27,7 @@
 #include <asm/proto.h>
 #include <asm/memtype.h>
 #include <asm/set_memory.h>
+#include <asm/paravirt.h>
 
 #include "../mm_internal.h"
 
@@ -2012,6 +2013,12 @@ static int __set_memory_enc_dec(unsigned long addr, int 
numpages, bool enc)
         */
        cpa_flush(&cpa, 0);
 
+       /* Notify hypervisor that a given memory range is mapped encrypted
+        * or decrypted. The hypervisor will use this information during the
+        * VM migration.
+        */
+       page_encryption_changed(addr, numpages, enc);
+
        return ret;
 }
 
-- 
2.17.1

[PATCH v11 09/13] mm: x86: Invoke hypercall when page encryption status is changed

Reply via email to