From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 837AAC433E0 for ; Mon, 25 May 2020 15:42:56 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 39BCE2071C for ; Mon, 25 May 2020 15:42:56 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="IqD+ho9t" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 39BCE2071C Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id C4D3D8004F; Mon, 25 May 2020 11:42:55 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id BFD188E0008; Mon, 25 May 2020 11:42:55 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B11548004F; Mon, 25 May 2020 11:42:55 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0039.hostedemail.com [216.40.44.39]) by kanga.kvack.org (Postfix) with ESMTP id 981138E0008 for ; Mon, 25 May 2020 11:42:55 -0400 (EDT) Received: from smtpin25.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 5783F181AC9CB for ; Mon, 25 May 2020 15:42:55 +0000 (UTC) X-FDA: 76855659510.25.milk49_3685c6c65012b X-HE-Tag: milk49_3685c6c65012b X-Filterd-Recvd-Size: 6047 Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by imf22.hostedemail.com (Postfix) with ESMTP for ; Mon, 25 May 2020 15:42:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1590421373; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=3vYHKDvyAIo7f+4+8rStf8JenmWg3cFq5KE9Yy8/9hM=; b=IqD+ho9ta7sHOQnLac2ohsmVtZUVTtGp/pW1Alopt4ZOwc8Chnk8MG4MtGGXdFodJESxY/ 2N/x7mXdlOiGnFEmekqjh8aJ34rqqS/OXp0YO4su1UQWR4Pfk+oOh9nOD73f5yv7azLtuQ KP2RiC5YLZMrv7sACSU6teHZcJm5QR4= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-411-MJ4P20NoOtu1JENlemBP0A-1; Mon, 25 May 2020 11:42:52 -0400 X-MC-Unique: MJ4P20NoOtu1JENlemBP0A-1 Received: by mail-ed1-f70.google.com with SMTP id e1so7659535edn.14 for ; Mon, 25 May 2020 08:42:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version; bh=3vYHKDvyAIo7f+4+8rStf8JenmWg3cFq5KE9Yy8/9hM=; b=OnHzDQAAdADbr0LVp4Kbw0Y6HYyWBRYGt27k565ulKo7xl57N8qnWCyzVmWrJNWLan mY3PKsMmGaI4vtR+xt69GMYoFik8UfW/j55IELmYcZJtdoOoJCDMTOiQOIiNGIeTWF/8 SDoSfLEG8EjJQ46UIsY7c140M9sazQslPMZdpDiKefgbkT8MJqFnbiX+RxtTVJnBoMZ0 xNnbWOkiJRDryhTEt5GnUBzWDXhIW8rp85g/Bo2vRzHKcmXyojmVzHSshtL4aYAO66eA bAgFVhGFsRob6chvEh2whyPhBmTZx9oSbsMuCYUQGfIzi9QBqQKXpNhbBw8zlW3JyH8w v9Ig== X-Gm-Message-State: AOAM531C8PE2+Oc0DZ1nDAPzDEsR/xer2zjw3X98Q764/hv/2iBY1zjH JdfyMaDdDkhTK1+WDtPD0A5ike66D5i5fOScMB22Bkldnj7gAnHOeqj/FTLT1e5SnJY04a+soVx CWBr6Gl5BynU= X-Received: by 2002:a50:8165:: with SMTP id 92mr16085666edc.263.1590421370954; Mon, 25 May 2020 08:42:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzGSWgO76QR2V0LyE7qteEGb8bQaL/pDvG4rJS4OeAKgPxt9awtw5ua1zb/U6iY5ijx4zHUBg== X-Received: by 2002:a50:8165:: with SMTP id 92mr16085655edc.263.1590421370763; Mon, 25 May 2020 08:42:50 -0700 (PDT) Received: from vitty.brq.redhat.com (g-server-2.ign.cz. [91.219.240.2]) by smtp.gmail.com with ESMTPSA id b27sm15514775ejd.6.2020.05.25.08.42.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 May 2020 08:42:50 -0700 (PDT) From: Vitaly Kuznetsov To: "Kirill A. Shutemov" Cc: David Rientjes , Andrea Arcangeli , Kees Cook , Will Drewry , "Edgecombe\, Rick P" , "Kleen\, Andi" , x86@kernel.org, kvm@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" , Dave Hansen , Andy Lutomirski , Peter Zijlstra , Paolo Bonzini , Sean Christopherson , Wanpeng Li , Jim Mattson , Joerg Roedel Subject: Re: [RFC 13/16] x86/kvmclock: Share hvclock memory with the host In-Reply-To: <20200525152527.7g57us6imlh62x7i@box> References: <20200522125214.31348-1-kirill.shutemov@linux.intel.com> <20200522125214.31348-14-kirill.shutemov@linux.intel.com> <875zck82fx.fsf@vitty.brq.redhat.com> <20200525152527.7g57us6imlh62x7i@box> Date: Mon, 25 May 2020 17:42:48 +0200 Message-ID: <87v9kk6mx3.fsf@vitty.brq.redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: "Kirill A. Shutemov" writes: > On Mon, May 25, 2020 at 05:22:10PM +0200, Vitaly Kuznetsov wrote: >> "Kirill A. Shutemov" writes: >> >> > hvclock is shared between the guest and the hypervisor. It has to be >> > accessible by host. >> > >> > Signed-off-by: Kirill A. Shutemov >> > --- >> > arch/x86/kernel/kvmclock.c | 2 +- >> > 1 file changed, 1 insertion(+), 1 deletion(-) >> > >> > diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c >> > index 34b18f6eeb2c..ac6c2abe0d0f 100644 >> > --- a/arch/x86/kernel/kvmclock.c >> > +++ b/arch/x86/kernel/kvmclock.c >> > @@ -253,7 +253,7 @@ static void __init kvmclock_init_mem(void) >> > * hvclock is shared between the guest and the hypervisor, must >> > * be mapped decrypted. >> > */ >> > - if (sev_active()) { >> > + if (sev_active() || kvm_mem_protected()) { >> > r = set_memory_decrypted((unsigned long) hvclock_mem, >> > 1UL << order); >> > if (r) { >> >> Sorry if I missed something but we have other structures which KVM guest >> share with the host, >> >> sev_map_percpu_data(): >> ... >> for_each_possible_cpu(cpu) { >> __set_percpu_decrypted(&per_cpu(apf_reason, cpu), sizeof(apf_reason)); >> __set_percpu_decrypted(&per_cpu(steal_time, cpu), sizeof(steal_time)); >> __set_percpu_decrypted(&per_cpu(kvm_apic_eoi, cpu), sizeof(kvm_apic_eoi)); >> } >> ... >> >> Do you handle them somehow in the patchset? (I'm probably just blind >> failing to see how 'early_set_memory_decrypted()' is wired up) > > I don't handle them yet: I've seen the function, but have not modified it. > I want to understand first why it doesn't blow up for me without the > change. Any clues? (if I got the idea of the patchset right) these features are kernel-only (e.g. QEMU doesn't need to access these areas). E.g. for APF KVM will do kvm_write_guest_cached() and this will use FOLL_KVM. Guests should not rely on that and mark all shared areas as unprotected. -- Vitaly