[PATCH v2 2/2] x86/sev: Add callback to apply RMP table fixups for kexec.

From: Ashish Kalra
Date: Mon Apr 15 2024 - 17:09:46 EST

Next message: Jernej Škrabec: " Re: [PATCH 1/4] arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3"
Previous message: Ashish Kalra: "[PATCH v2 1/2] x86/e820: Expose API to update e820 kexec and firmware tables externally."
In reply to: Ashish Kalra: "[PATCH v2 1/2] x86/e820: Expose API to update e820 kexec and firmware tables externally."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ashish Kalra <ashish.kalra@xxxxxxx>

Handle cases where the RMP table placement in the BIOS is
not 2M aligned and then the kexec kernel could try to allocate
from within that chunk and that causes a fatal RMP fault.
Check if RMP table start & end physical range in e820_table
is not aligned to 2MB and in that case use e820__range_update()
to map this range to reserved.

The callback to apply these RMP table fixups needs to be called
after the e820 tables are setup/populated and before the e820 map
has been converted to the standard Linux memory resources and e820 map
is no longer used and modifying it has no effect.

Fixes: c3b86e61b756 ("x86/cpufeatures: Enable/unmask SEV-SNP CPU feature")
Signed-off-by: Ashish Kalra <ashish.kalra@xxxxxxx>
---
arch/x86/include/asm/sev.h | 2 ++
arch/x86/mm/mem_encrypt.c | 3 +++
arch/x86/virt/svm/sev.c | 44 ++++++++++++++++++++++++++++++++++++++
3 files changed, 49 insertions(+)

diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
index 7f57382afee4..6600ac467cf9 100644
--- a/arch/x86/include/asm/sev.h
+++ b/arch/x86/include/asm/sev.h
@@ -269,6 +269,7 @@ int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, u32 asid, bool immut
int rmp_make_shared(u64 pfn, enum pg_level level);
void snp_leak_pages(u64 pfn, unsigned int npages);
void kdump_sev_callback(void);
+void snp_rmptable_e820_fixup(void);
#else
static inline bool snp_probe_rmptable_info(void) { return false; }
static inline int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level) { return -ENODEV; }
@@ -282,6 +283,7 @@ static inline int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, u32 as
static inline int rmp_make_shared(u64 pfn, enum pg_level level) { return -ENODEV; }
static inline void snp_leak_pages(u64 pfn, unsigned int npages) {}
static inline void kdump_sev_callback(void) { }
+static inline void snp_rmptable_e820_fixup(void) {}
#endif

#endif
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index 6f3b3e028718..765ce94e4b89 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -102,6 +102,9 @@ void __init mem_encrypt_setup_arch(void)
phys_addr_t total_mem = memblock_phys_mem_size();
unsigned long size;

+ if (cpu_feature_enabled(X86_FEATURE_SEV_SNP))
+ snp_rmptable_e820_fixup();
+
if (!cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
return;

diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c
index ab0e8448bb6e..d999ff7f1671 100644
--- a/arch/x86/virt/svm/sev.c
+++ b/arch/x86/virt/svm/sev.c
@@ -163,6 +163,50 @@ bool snp_probe_rmptable_info(void)
return true;
}

+/*
+ * Callback to do any RMP table fixups, needs to be called
+ * after e820__memory_setup(), after the e820 tables are
+ * setup/populated and before e820__reserve_resources(), before
+ * the e820 map has been converted to the standard Linux memory
+ * resources and e820 map is no longer used and modifying it
+ * has no effect.
+ */
+void __init snp_rmptable_e820_fixup(void)
+{
+ u64 pa;
+
+ /*
+ * Handle cases where the RMP table placement in the BIOS is not 2M aligned
+ * and then the kexec kernel could try to allocate from within that chunk
+ * and that causes a fatal RMP fault. Check if RMP table start & end
+ * physical range in e820_table is not aligned to 2MB and in that case use
+ * e820__range_update() to map this range to reserved, e820__range_update()
+ * nicely handles partial range update and also merges any consecutive
+ * ranges of the same type.
+ */
+ pa = probed_rmp_base;
+ if (!IS_ALIGNED(pa, PMD_SIZE)) {
+ pa = ALIGN_DOWN(pa, PMD_SIZE);
+ if (e820__mapped_any(pa, pa + PMD_SIZE, E820_TYPE_RAM)) {
+ pr_info("Reserving start of RMP table on a 2MB boundary [0x%016llx]\n", pa);
+ e820__range_update(pa, PMD_SIZE, E820_TYPE_RAM, E820_TYPE_RESERVED);
+ e820__range_update_kexec(pa, PMD_SIZE, E820_TYPE_RAM, E820_TYPE_RESERVED);
+ e820__range_update_firmware(pa, PMD_SIZE, E820_TYPE_RAM, E820_TYPE_RESERVED);
+ }
+ }
+
+ pa = probed_rmp_base + probed_rmp_size;
+ if (!IS_ALIGNED(pa, PMD_SIZE)) {
+ pa = ALIGN_DOWN(pa, PMD_SIZE);
+ if (e820__mapped_any(pa, pa + PMD_SIZE, E820_TYPE_RAM)) {
+ pr_info("Reserving end of RMP table on a 2MB boundary [0x%016llx]\n", pa);
+ e820__range_update(pa, PMD_SIZE, E820_TYPE_RAM, E820_TYPE_RESERVED);
+ e820__range_update_kexec(pa, PMD_SIZE, E820_TYPE_RAM, E820_TYPE_RESERVED);
+ e820__range_update_firmware(pa, PMD_SIZE, E820_TYPE_RAM, E820_TYPE_RESERVED);
+ }
+ }
+}
+
/*
* Do the necessary preparations which are verified by the firmware as
* described in the SNP_INIT_EX firmware command description in the SNP
--
2.34.1

Next message: Jernej Škrabec: " Re: [PATCH 1/4] arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3"
Previous message: Ashish Kalra: "[PATCH v2 1/2] x86/e820: Expose API to update e820 kexec and firmware tables externally."
In reply to: Ashish Kalra: "[PATCH v2 1/2] x86/e820: Expose API to update e820 kexec and firmware tables externally."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]