Re: [Part1 PATCH v4 16/17] X86/KVM: Unencrypt shared per-cpu variables when SEV is active

From: Brijesh Singh
Date: Tue Sep 19 2017 - 10:00:57 EST




On 09/19/2017 06:06 AM, Borislav Petkov wrote:
...

+ unsigned long pa = slow_virt_to_phys(var);
+
+ /* decrypt the memory in-place */
+ sme_early_decrypt(pa, size);
+
+ /* clear the C-bit from the page table */
+ early_set_memory_decrypted(pa, size);

So those two do a lot of work like TLB flushing and WBINVD for each
per-CPU variable and normally I'd say you do this on one go instead of
variable per variable and thus save yourself the subsequent expensive
invalidation calls but we do it once only during boot so maybe something
to think about later, when there's more time and boredom.

:)


Yes, we can revisit it later to optimize it.

...


Let it stick out and shorten function name:

for_each_possible_cpu(cpu) {
__set_percpu_decrypted(&per_cpu(apf_reason, cpu), sizeof(struct kvm_vcpu_pv_apf_data));
__set_percpu_decrypted(&per_cpu(steal_time, cpu), sizeof(struct kvm_steal_time));
__set_percpu_decrypted(&per_cpu(kvm_apic_eoi, cpu), sizeof(unsigned long));
}

Also, we agreed to call everything that's not encrypted "decrypted" so
that we have only two different states: encrypted and decrypted and thus
less confusion.


Will do.