Re: [PATCHv11 10/19] x86/mm: Add callbacks to prepare encrypted memory for kexec

From: Borislav Petkov
Date: Wed May 29 2024 - 06:44:05 EST

Next message: Ravi Bangoria: "Re: [PATCH v3 1/3] KVM: SEV-ES: Prevent MSR access post VMSA encryption"
Previous message: Ravi Bangoria: "Re: [PATCH v3 2/3] KVM: SEV-ES: Disallow SEV-ES guests when X86_FEATURE_LBRV is absent"
In reply to: Kirill A. Shutemov: "[PATCHv11 10/19] x86/mm: Add callbacks to prepare encrypted memory for kexec"
Next in thread: Kirill A. Shutemov: "[PATCHv11 12/19] x86/mm: Make e820__end_ram_pfn() cover E820_TYPE_ACPI ranges"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, May 28, 2024 at 12:55:13PM +0300, Kirill A. Shutemov wrote:
> diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h
> index 28ac3cb9b987..6cade48811cc 100644
> --- a/arch/x86/include/asm/x86_init.h
> +++ b/arch/x86/include/asm/x86_init.h
> @@ -149,12 +149,21 @@ struct x86_init_acpi {
> * @enc_status_change_finish Notify HV after the encryption status of a range is changed
> * @enc_tlb_flush_required Returns true if a TLB flush is needed before changing page encryption status
> * @enc_cache_flush_required Returns true if a cache flush is needed before changing page encryption status
> + * @enc_kexec_begin Begin the two-step process of conversion shared memory back

s/conversion/converting/

> + * to private. It stops the new conversions from being started
> + * and waits in-flight conversions to finish, if possible.

Good.

Now add "The @crash parameter denotes whether the function is being
called in the crash shutdown path."

> + * @enc_kexec_finish Finish the two-step process of conversion shared memory to

s/conversion/converting/

> + * private. All memory is private after the call.

"... when the function returns."

> + * It called with all CPUs but one shutdown and interrupts
> + * disabled.

"It is called on only one CPU while the others are shut down and with
interrupts disabled."

> */
> struct x86_guest {
> int (*enc_status_change_prepare)(unsigned long vaddr, int npages, bool enc);
> int (*enc_status_change_finish)(unsigned long vaddr, int npages, bool enc);
> bool (*enc_tlb_flush_required)(bool enc);
> bool (*enc_cache_flush_required)(void);
> + void (*enc_kexec_begin)(bool crash);
> + void (*enc_kexec_finish)(void);
> };
>
> /**
> diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c
> index f06501445cd9..74f6305eb9ec 100644
> --- a/arch/x86/kernel/crash.c
> +++ b/arch/x86/kernel/crash.c
> @@ -128,6 +128,18 @@ void native_machine_crash_shutdown(struct pt_regs *regs)
> #ifdef CONFIG_HPET_TIMER
> hpet_disable();
> #endif
> +
> + /*
> + * Non-crash kexec calls enc_kexec_begin() while scheduling is still
> + * active. This allows the callback to wait until all in-flight
> + * shared<->private conversions are complete. In a crash scenario,
> + * enc_kexec_begin() get call after all but one CPU has been shut down

"gets called" ... "have been shut down"

> + * and interrupts have been disabled. This only allows the callback to

only?

> + * detect a race with the conversion and report it.
> + */
> + x86_platform.guest.enc_kexec_begin(true);
> + x86_platform.guest.enc_kexec_finish();
> +

..

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Next message: Ravi Bangoria: "Re: [PATCH v3 1/3] KVM: SEV-ES: Prevent MSR access post VMSA encryption"
Previous message: Ravi Bangoria: "Re: [PATCH v3 2/3] KVM: SEV-ES: Disallow SEV-ES guests when X86_FEATURE_LBRV is absent"
In reply to: Kirill A. Shutemov: "[PATCHv11 10/19] x86/mm: Add callbacks to prepare encrypted memory for kexec"
Next in thread: Kirill A. Shutemov: "[PATCHv11 12/19] x86/mm: Make e820__end_ram_pfn() cover E820_TYPE_ACPI ranges"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]