Re: [PATCH Part2 v5 05/45] x86/sev: Add helper functions for RMPUPDATE and PSMASH instruction
From: Sean Christopherson
Date: Fri Oct 15 2021 - 14:05:57 EST
On Fri, Aug 20, 2021, Brijesh Singh wrote:
> diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c
> index f383d2a89263..8627c49666c9 100644
> --- a/arch/x86/kernel/sev.c
> +++ b/arch/x86/kernel/sev.c
> @@ -2419,3 +2419,75 @@ int snp_lookup_rmpentry(u64 pfn, int *level)
> return !!rmpentry_assigned(e);
> }
> EXPORT_SYMBOL_GPL(snp_lookup_rmpentry);
> +
> +int psmash(u64 pfn)
> +{
> + unsigned long paddr = pfn << PAGE_SHIFT;
Probably better to use __pfn_to_phys()?
> + int ret;
> +
> + if (!pfn_valid(pfn))
> + return -EINVAL;
> +
> + if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP))
Shouldn't this be a WARN_ON_ONCE()?
> + return -ENXIO;
> +
> + /* Binutils version 2.36 supports the PSMASH mnemonic. */
> + asm volatile(".byte 0xF3, 0x0F, 0x01, 0xFF"
> + : "=a"(ret)
> + : "a"(paddr)
> + : "memory", "cc");
> +
> + return ret;
I don't like returning the raw result from hardware; it's mostly works because
hardware also uses '0' for success, but it will cause confusion should hardware
ever set bit 31. There are also failures that likely should never happen unless
there's a kernel bug, e.g. I suspect we can do:
if (WARN_ON_ONCE(ret == FAIL_INPUT))
return -EINVAL;
if (WARN_ON_ONCE(ret == FAIL_PERMISSION))
return -EPERM;
....
or if all errors are "impossible"
if (WARN_ON_ONCE(ret))
return snp_error_code_to_errno(ret);
FAIL_INUSE and FAIL_OVERLAP also need further discussion. It's not clear to me
that two well-behaved callers can't encounter collisions due to the 2mb <=> 4kb
interactions. If collisions between well-behaved callers are possible, then this
helper likely needs some form of serialization. Either, the concurrency rules
for RMP access need explicit and lengthy documentation.