From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3EE53C47422 for ; Mon, 29 Jan 2024 14:30:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C95536B007B; Mon, 29 Jan 2024 09:30:30 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id C44F76B0081; Mon, 29 Jan 2024 09:30:30 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B0D8A6B0082; Mon, 29 Jan 2024 09:30:30 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id A24786B007B for ; Mon, 29 Jan 2024 09:30:30 -0500 (EST) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 382391A0A87 for ; Mon, 29 Jan 2024 14:30:30 +0000 (UTC) X-FDA: 81732584220.22.020C6CB Received: from mail.alien8.de (mail.alien8.de [65.109.113.108]) by imf17.hostedemail.com (Postfix) with ESMTP id 9979B40032 for ; Mon, 29 Jan 2024 14:30:26 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=alien8.de header.s=alien8 header.b="EXF/t4Ls"; dmarc=pass (policy=none) header.from=alien8.de; spf=pass (imf17.hostedemail.com: domain of bp@alien8.de designates 65.109.113.108 as permitted sender) smtp.mailfrom=bp@alien8.de ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706538627; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=v/O0496sOj7E1BARErP/HiyS4WURPDfte46HYKMJ6P4=; b=64HqTZEzL8BQJDf2ZACOBtyevXAgHgMF1JF1RwpREGoQZ6dVwjBq7I32fCdL8piD9xNRCy 4+CMnwOx3qFfMGvPcTkPcOOQspfY3sYg1rN8xVf9B2DH4vl9U9iAdPLgtUQwOHSRD/BY6B rzqAfAD3LINdywL/Tz8Aeu0lz3YoacA= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=alien8.de header.s=alien8 header.b="EXF/t4Ls"; dmarc=pass (policy=none) header.from=alien8.de; spf=pass (imf17.hostedemail.com: domain of bp@alien8.de designates 65.109.113.108 as permitted sender) smtp.mailfrom=bp@alien8.de ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706538627; a=rsa-sha256; cv=none; b=NvLd43QciGmORtULvi1MOIoHEqWY6ltA9hz00ZEaZpuVzpk4PgeQgNCkrpe4PnHcEIdhIB D7rHAf1QyNqR7sFgHc2j4A6xWVpzyaVDflY0k40aTGsfXO+qh8Lv/wNe7BBGFZ6nNWrcdo ujk9gGthzz6yTmOI8R/Ksoclh15hhPc= Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTP id D582D40E0177; Mon, 29 Jan 2024 14:30:23 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at mail.alien8.de Received: from mail.alien8.de ([127.0.0.1]) by localhost (mail.alien8.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id FUPz_7lY-mHO; Mon, 29 Jan 2024 14:30:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=alien8; t=1706538620; bh=v/O0496sOj7E1BARErP/HiyS4WURPDfte46HYKMJ6P4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=EXF/t4Lsre5LWHpg3suGTHt3uoe6qWn8BUr86sTS2Gc6R2Xs5NwBmITbk/8FoyjUN Ey9o45iD9r94OG5RO2A4jONYert5Z5i0txtLKsaFPexOyVPm/I04zPL3yth7wDKsWV plJYH+ODDcLgOl6qGGk/qtuO/55VVrSN9pntqb5PpGaof+HIOaA+TK7XfnYPclelBL 5CJUuOg09x6MdBIMAeUDkSja7oJFNAKH93g7xKq9S7BBzAdajaIZco3qRl5gaN6Feb tEKtApW/w/WznqteTuX2SM4KB9kY24IRQ16NRlxrOjLtfxxk2ySB/kjU+YABK1hrQS glqxWD+qciDMmlEFHRoXbKijLSGPzWktgBlgEGTaMIoP2s1TFtf2wkM08IkGx936Ac HPjwxrmcS28yDBWWpF7xpu+DIM/KwZEDbn5fccpk1T1CpdCxSk1iVwgzZ14vZcGn2E /nV/ozXRkFdREB08sa7/8X+wV2f+qHXUIZh3H74YDq4yWYX+2j+55pljfu1PuHauQ4 lLGIqWRSvj0mM8JLHApHV2s1bOU0CMq2C1XOgJgLjqGR3Y5Ixp8QebJBYUYOKuo89q SvFDW6w2HEFXtHMQ/uoXpIDw1Npgc7fYp8n5oBbNd+mXkuLiTUabQWq25OLvvsv1S2 xIiLpOGbHDTn0ICST7wICnHE= Received: from zn.tnic (pd953033e.dip0.t-ipconnect.de [217.83.3.62]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 0337A40E00C5; Mon, 29 Jan 2024 14:29:43 +0000 (UTC) Date: Mon, 29 Jan 2024 15:29:39 +0100 From: Borislav Petkov To: Vlastimil Babka Cc: Michael Roth , x86@kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, seanjc@google.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, tobin@ibm.com, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, jarkko@kernel.org, ashish.kalra@amd.com, nikunj.dadhania@amd.com, pankaj.gupta@amd.com, liam.merwick@oracle.com Subject: Re: [PATCH v2 15/25] x86/sev: Introduce snp leaked pages list Message-ID: <20240129142939.GCZbe2U3lb2RPV7VOg@fat_crate.local> References: <20240126041126.1927228-1-michael.roth@amd.com> <20240126041126.1927228-16-michael.roth@amd.com> <1cc76023-ef3e-4639-9a02-644c5abe918d@suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <1cc76023-ef3e-4639-9a02-644c5abe918d@suse.cz> X-Rspamd-Queue-Id: 9979B40032 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: cg8oike8ek47fee9uaqdbhs9q949sfow X-HE-Tag: 1706538626-343646 X-HE-Meta: U2FsdGVkX1/i7Xn5Deb/BxkJoww/oODesb1984C5+RLfs7HvVLMVdtu5HWD6kEUkIWhps07/UZ6ctby0vFtZ1T2AubX0ZBKBxzldlaVIM1chwDKP8oYAjneU1h+6dSFw8+AWdeyLQepo1IZ8Q8gMev/WRL3Fvh/8AkzWvI7crk4rWYrQxUL0fkXRziQM3f+9hz9+Kn72sl4cs4peYOXdDehLb3pQfC+mSW5xDIHcAHQMwRGjFMVcAcoEH0lo2zWC+F2wJjmj0cQPG+K6QpwVQsHNbQy7XHPcBQjq4uuZWBJ5S34KRa14IkmpxgYW1aYT95EpLZiPk6vbTgiO4erywD6EAxG7oqbnXR8X8umqS0AdmRIisGmtbaax/q9kNOy6I81EjxjzjQ2xwIPa9OTBF4N3J/RoAPMGFeLO8vLMwxYG+PAE6/MHeJBJ38TyDgsCEExD0rMPt7RUbkFd6BFjnNcgmVVJ63ZOWf4+BTrXDRoYs0Yz+24pR0g27+4DjTkt+YHNICM8+ZSMU7L6VbzDUgquPUS68v7fyvyUwwG1mgOc459Xc/w9puc3WLXb/10CTjf6mq1EOPIejXM95ID0qMbimZ0Vep4Qar4nS9Wo2/0OLllPw0BaWuAoblwyTEsxfRjeEG5LsN+f4wqSfShdlto/VGWROhYks8yufX/cO4KwxIx+FmvKSH1zGuYnT3yJ7jEIfu9R5avAzJKo2z82qFd8ZlHAOeiXUE+WvMB+F6wVyOm7U1q4NF8aGDJ22CzvicGRVLcO+QBtCoauKp9/7bQkC9bDsQDYwMVqg+/ZUUaA0Znj6c8GwrJMBgESDN5OQqbKRTcxSYaSjrdQAcFL9pysKmxv2WC/mi0q7NNtt8IzfXBc/5L2W9+5KotjgYsPv75EM76qRRdvtXBCVobHfVvMwyFYXUBzYAnEjFz82DX0bMsYs7w5gEu7vBOHhv+HJNmPJcH+vCXbK4OdTHv L2HBb7bK V9eW1Le+L7+vAt46A67Mm2gv0jE3+M4PO6fd6ZVmRrrW687zJTzWOcVzKep/5H2DL8Vs2TB0/UUdmF/U2kOiN4aCWy191iLjqYgEbFXRED1mmdO63cJTmO7D0EXThVgu20dop7/hJnYaRpOhNN+TArRj4hkcVOdu2jWnq6yLMHhTO9VTysgNwBGygaHDYIxeyVL5TyN8TEESOm2NmQYEvGBvuggmRizkLKbBd X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Jan 29, 2024 at 03:26:29PM +0100, Vlastimil Babka wrote: > Reviewed-by: Vlastimil Babka > > Some minor nitpicks: Thanks, here's what I have applied: commit c3875aff4e0739a6af385795470da70d675a7635 Author: Ashish Kalra Date: Thu Jan 25 22:11:15 2024 -0600 x86/sev: Introduce an SNP leaked pages list Pages are unsafe to be released back to the page-allocator if they have been transitioned to firmware/guest state and can't be reclaimed or transitioned back to hypervisor/shared state. In this case, add them to an internal leaked pages list to ensure that they are not freed or touched/accessed to cause fatal page faults. [ mdr: Relocate to arch/x86/virt/svm/sev.c ] Suggested-by: Vlastimil Babka Signed-off-by: Ashish Kalra Signed-off-by: Michael Roth Signed-off-by: Borislav Petkov (AMD) Reviewed-by: Vlastimil Babka Link: https://lore.kernel.org/r/20240126041126.1927228-16-michael.roth@amd.com diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index d3ccb7a0c7e9..435ba9bc4510 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -264,6 +264,7 @@ void snp_dump_hva_rmpentry(unsigned long address); int psmash(u64 pfn); int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, int asid, bool immutable); int rmp_make_shared(u64 pfn, enum pg_level level); +void snp_leak_pages(u64 pfn, unsigned int npages); #else static inline bool snp_probe_rmptable_info(void) { return false; } static inline int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level) { return -ENODEV; } @@ -275,6 +276,7 @@ static inline int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, int as return -ENODEV; } static inline int rmp_make_shared(u64 pfn, enum pg_level level) { return -ENODEV; } +static inline void snp_leak_pages(u64 pfn, unsigned int npages) {} #endif #endif diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c index f1be56555ee6..901863a842d7 100644 --- a/arch/x86/virt/svm/sev.c +++ b/arch/x86/virt/svm/sev.c @@ -65,6 +65,11 @@ static u64 probed_rmp_base, probed_rmp_size; static struct rmpentry *rmptable __ro_after_init; static u64 rmptable_max_pfn __ro_after_init; +static LIST_HEAD(snp_leaked_pages_list); +static DEFINE_SPINLOCK(snp_leaked_pages_list_lock); + +static unsigned long snp_nr_leaked_pages; + #undef pr_fmt #define pr_fmt(fmt) "SEV-SNP: " fmt @@ -515,3 +520,35 @@ int rmp_make_shared(u64 pfn, enum pg_level level) return rmpupdate(pfn, &state); } EXPORT_SYMBOL_GPL(rmp_make_shared); + +void snp_leak_pages(u64 pfn, unsigned int npages) +{ + struct page *page = pfn_to_page(pfn); + + pr_warn("Leaking PFN range 0x%llx-0x%llx\n", pfn, pfn + npages); + + spin_lock(&snp_leaked_pages_list_lock); + while (npages--) { + + /* + * Reuse the page's buddy list for chaining into the leaked + * pages list. This page should not be on a free list currently + * and is also unsafe to be added to a free list. + */ + if (likely(!PageCompound(page)) || + + /* + * Skip inserting tail pages of compound page as + * page->buddy_list of tail pages is not usable. + */ + (PageHead(page) && compound_nr(page) <= npages)) + list_add_tail(&page->buddy_list, &snp_leaked_pages_list); + + dump_rmpentry(pfn); + snp_nr_leaked_pages++; + pfn++; + page++; + } + spin_unlock(&snp_leaked_pages_list_lock); +} +EXPORT_SYMBOL_GPL(snp_leak_pages); -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette