Hi Sean,
On 8/4/20 2:40 PM, Brijesh Singh wrote:
> On 8/3/20 12:16 PM, Sean Christopherson wrote:
>> On Mon, Aug 03, 2020 at 10:52:05AM -0500, Brijesh Singh wrote:
>>> Thanks for series Sean. Some thoughts
>>>
>>>
>>> On 7/31/20 4:23 PM, Sean Christop
On 9/15/20 12:32 PM, Sean Christopherson wrote:
> On Tue, Sep 15, 2020 at 12:22:05PM -0500, Tom Lendacky wrote:
>> On 9/14/20 5:59 PM, Sean Christopherson wrote:
>>> On Mon, Sep 14, 2020 at 03:15:14PM -0500, Tom Lendacky wrote:
From: Tom Lendacky
This patch series provides
> Changelog since v1:
> - Updated commit message.
>
> arch/x86/kvm/svm/sev.c | 15 ++-
> 1 file changed, 14 insertions(+), 1 deletion(-)
Reviewed-by: Brijesh Singh
>
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index 5573a97f1520..37c47
On 8/3/20 12:16 PM, Sean Christopherson wrote:
> On Mon, Aug 03, 2020 at 10:52:05AM -0500, Brijesh Singh wrote:
>> Thanks for series Sean. Some thoughts
>>
>>
>> On 7/31/20 4:23 PM, Sean Christopherson wrote:
>>> SEV currently needs to pin guest me
> Cc: Tom Lendacky
> Cc: Brijesh Singh
> Signed-off-by: Sean Christopherson
> ---
>
> RFC as it's entirely possible that I am completely misunderstanding how
> SEV works. Compile tested only.
Reviewed-By: Brijesh Singh
>
> arch/x86/kvm/svm/svm.c | 14 +++---
Thanks for series Sean. Some thoughts
On 7/31/20 4:23 PM, Sean Christopherson wrote:
> SEV currently needs to pin guest memory as it doesn't support migrating
> encrypted pages. Introduce a framework in KVM's MMU to support pinning
> pages on demand without requiring additional memory
On 6/26/20 2:09 PM, Tom Lendacky wrote:
> From: Tom Lendacky
>
> Add John Allen as a new CCP driver maintainer. Additionally, break out
> the driver SEV support and create a new maintainer entry, with Brijesh
> Singh and Tom Lendacky as maintainers.
>
> Cc: John Allen
On 6/26/20 2:00 PM, Tom Lendacky wrote:
> From: Tom Lendacky
>
> Add John Allen as a new CCP driver maintainer. Additionally, break out
> the driver SEV support and create a new maintainer entry, with Brijesh
> Singh and Tom Lendacky as maintainers.
>
> Cc: John Allen
On 4/30/20 4:49 AM, Jürgen Groß wrote:
> On 30.04.20 10:45, Ashish Kalra wrote:
>> From: Brijesh Singh
>>
>> Invoke a hypercall when a memory region is changed from encrypted ->
>> decrypted and vice versa. Hypervisor needs to know the page encryption
>&g
Commit-ID: eccd906484d1cd4b5da00f093d678badb6f48f28
Gitweb: https://git.kernel.org/tip/eccd906484d1cd4b5da00f093d678badb6f48f28
Author: Brijesh Singh
AuthorDate: Wed, 17 Apr 2019 15:41:17 +
Committer: Borislav Petkov
CommitDate: Wed, 8 May 2019 19:08:35 +0200
x86/mm: Do not use
Commit-ID: 6a1cac56f41f9ea94e440dfcc1cac44b41a1b194
Gitweb: https://git.kernel.org/tip/6a1cac56f41f9ea94e440dfcc1cac44b41a1b194
Author: Brijesh Singh
AuthorDate: Fri, 14 Sep 2018 08:45:59 -0500
Committer: Thomas Gleixner
CommitDate: Sat, 15 Sep 2018 20:48:46 +0200
x86/kvm: Use
Commit-ID: b3f0907c71e006e12fde74ea9a745b6096b6f90f
Gitweb: https://git.kernel.org/tip/b3f0907c71e006e12fde74ea9a745b6096b6f90f
Author: Brijesh Singh
AuthorDate: Fri, 14 Sep 2018 08:45:58 -0500
Committer: Thomas Gleixner
CommitDate: Sat, 15 Sep 2018 20:48:45 +0200
x86/mm: Add .bss
Commit-ID: 6a1cac56f41f9ea94e440dfcc1cac44b41a1b194
Gitweb: https://git.kernel.org/tip/6a1cac56f41f9ea94e440dfcc1cac44b41a1b194
Author: Brijesh Singh
AuthorDate: Fri, 14 Sep 2018 08:45:59 -0500
Committer: Thomas Gleixner
CommitDate: Sat, 15 Sep 2018 20:48:46 +0200
x86/kvm: Use
Commit-ID: b3f0907c71e006e12fde74ea9a745b6096b6f90f
Gitweb: https://git.kernel.org/tip/b3f0907c71e006e12fde74ea9a745b6096b6f90f
Author: Brijesh Singh
AuthorDate: Fri, 14 Sep 2018 08:45:58 -0500
Committer: Thomas Gleixner
CommitDate: Sat, 15 Sep 2018 20:48:45 +0200
x86/mm: Add .bss
On 09/14/2018 09:12 AM, Borislav Petkov wrote:
On Fri, Sep 14, 2018 at 02:17:05PM +0200, Thomas Gleixner wrote:
The sme_encrypt_kernel() does not have access to pmd (after pointer
fixup is applied). You can extend the sme_encrypt_kernel() to pass an
additional arguments but then we start
On 09/14/2018 09:12 AM, Borislav Petkov wrote:
On Fri, Sep 14, 2018 at 02:17:05PM +0200, Thomas Gleixner wrote:
The sme_encrypt_kernel() does not have access to pmd (after pointer
fixup is applied). You can extend the sme_encrypt_kernel() to pass an
additional arguments but then we start
memory encryption is
not active.
Signed-off-by: Brijesh Singh
Suggested-by: Thomas Gleixner
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
Cc: Borislav Petkov
Cc: "H. Peter Anvin"
Cc: linux-kernel@vger.kernel.org
Cc: Paolo Bonzini
Cc: Sean Christopherson
Cc: &qu
memory encryption is
not active.
Signed-off-by: Brijesh Singh
Suggested-by: Thomas Gleixner
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
Cc: Borislav Petkov
Cc: "H. Peter Anvin"
Cc: linux-kernel@vger.kernel.org
Cc: Paolo Bonzini
Cc: Sean Christopherson
Cc: &qu
is active.
Signed-off-by: Brijesh Singh
Suggested-by: Thomas Gleixner
Fixes: 368a540e0232 ("x86/kvmclock: Remove memblock dependency")
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
Cc: Borislav Petkov
Cc: "H. Peter Anvin"
Cc: linux-kernel@vger.kernel.org
C
is active.
Signed-off-by: Brijesh Singh
Suggested-by: Thomas Gleixner
Fixes: 368a540e0232 ("x86/kvmclock: Remove memblock dependency")
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
Cc: Borislav Petkov
Cc: "H. Peter Anvin"
Cc: linux-kernel@vger.kernel.org
C
_pgd to update the pte/pmd flags when mapping exist
Brijesh Singh (2):
x86/mm: add .bss..decrypted section to hold shared variables
x86/kvm: use __bss_decrypted attribute in shared variables
arch/x86/include/asm/mem_encrypt.h | 7 +
arch/x86/kernel/head64.c | 16
_pgd to update the pte/pmd flags when mapping exist
Brijesh Singh (2):
x86/mm: add .bss..decrypted section to hold shared variables
x86/kvm: use __bss_decrypted attribute in shared variables
arch/x86/include/asm/mem_encrypt.h | 7 +
arch/x86/kernel/head64.c | 16
On 9/14/18 2:10 AM, Borislav Petkov wrote:
> On Thu, Sep 13, 2018 at 04:51:10PM -0500, Brijesh Singh wrote:
>> kvmclock defines few static variables which are shared with the
>> hypervisor during the kvmclock initialization.
> ...
>
>> diff --git a/arch/x86/kernel
On 9/14/18 2:10 AM, Borislav Petkov wrote:
> On Thu, Sep 13, 2018 at 04:51:10PM -0500, Brijesh Singh wrote:
>> kvmclock defines few static variables which are shared with the
>> hypervisor during the kvmclock initialization.
> ...
>
>> diff --git a/arch/x86/kernel
On 9/13/18 6:24 PM, Thomas Gleixner wrote:
> On Thu, 13 Sep 2018, Brijesh Singh wrote:
>>
>> +void __weak mem_encrypt_free_decrypted_mem(void) { }
>> +
>> void __ref free_initmem(void)
>> {
>> e820__reallocate_tables();
>
On 9/13/18 6:24 PM, Thomas Gleixner wrote:
> On Thu, 13 Sep 2018, Brijesh Singh wrote:
>>
>> +void __weak mem_encrypt_free_decrypted_mem(void) { }
>> +
>> void __ref free_initmem(void)
>> {
>> e820__reallocate_tables();
>
memory encryption is
not active.
Signed-off-by: Brijesh Singh
Suggested-by: Thomas Gleixner
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
Cc: Borislav Petkov
Cc: "H. Peter Anvin"
Cc: linux-kernel@vger.kernel.org
Cc: Paolo Bonzini
Cc: Sean Christopherson
Cc: &qu
memory encryption is
not active.
Signed-off-by: Brijesh Singh
Suggested-by: Thomas Gleixner
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
Cc: Borislav Petkov
Cc: "H. Peter Anvin"
Cc: linux-kernel@vger.kernel.org
Cc: Paolo Bonzini
Cc: Sean Christopherson
Cc: &qu
e_populate_pgd to update the pte/pmd flags when mapping exist
Brijesh Singh (2):
x86/mm: add .bss..decrypted section to hold shared variables
x86/kvm: use __bss_decrypted attribute in shared variables
arch/x86/include/asm/mem_encrypt.h | 7 +++
arch/x86/kernel/head64.c | 16
e_populate_pgd to update the pte/pmd flags when mapping exist
Brijesh Singh (2):
x86/mm: add .bss..decrypted section to hold shared variables
x86/kvm: use __bss_decrypted attribute in shared variables
arch/x86/include/asm/mem_encrypt.h | 7 +++
arch/x86/kernel/head64.c | 16
is active.
Signed-off-by: Brijesh Singh
Suggested-by: Thomas Gleixner
Fixes: 368a540e0232 ("x86/kvmclock: Remove memblock dependency")
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
Cc: Borislav Petkov
Cc: "H. Peter Anvin"
Cc: linux-kernel@vger.kernel.org
C
is active.
Signed-off-by: Brijesh Singh
Suggested-by: Thomas Gleixner
Fixes: 368a540e0232 ("x86/kvmclock: Remove memblock dependency")
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
Cc: Borislav Petkov
Cc: "H. Peter Anvin"
Cc: linux-kernel@vger.kernel.org
C
On 09/13/2018 11:22 AM, Thomas Gleixner wrote:
On Mon, 10 Sep 2018, Brijesh Singh wrote:
x86/kvmclock: Remove memblock dependency
introduced SEV guest regression.
The guest physical address holding the wall_clock and hv_clock_boot
are shared with the hypervisor must be mapped with C=0 when
On 09/13/2018 11:22 AM, Thomas Gleixner wrote:
On Mon, 10 Sep 2018, Brijesh Singh wrote:
x86/kvmclock: Remove memblock dependency
introduced SEV guest regression.
The guest physical address holding the wall_clock and hv_clock_boot
are shared with the hypervisor must be mapped with C=0 when
that they are mapped decrypted during boot.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Reviewed-by: Borislav Petkov
Acked-by: Paolo Bonzini
Fixes: 368a540e0232 ("x86/kvmclock: Remove memblock dependency")
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
Cc
that they are mapped decrypted during boot.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Reviewed-by: Borislav Petkov
Acked-by: Paolo Bonzini
Fixes: 368a540e0232 ("x86/kvmclock: Remove memblock dependency")
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
Cc
encryption is active, free it when memory encryption is not active.
Signed-off-by: Brijesh Singh
Suggested-by: Sean Christopherson
Acked-by: Paolo Bonzini
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
Cc: Borislav Petkov
Cc: "H. Peter Anvin"
Cc: linux-kernel@vger.ker
encryption is active, free it when memory encryption is not active.
Signed-off-by: Brijesh Singh
Suggested-by: Sean Christopherson
Acked-by: Paolo Bonzini
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
Cc: Borislav Petkov
Cc: "H. Peter Anvin"
Cc: linux-kernel@vger.ker
and SEV cases.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
Cc: Borislav Petkov
Cc: "H. Peter Anvin"
Cc: linux-kernel@vger.kernel.org
Cc: Paolo Bonzini
Cc: Sean Christopherson
Cc: "Radim Krčmář"
---
and SEV cases.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
Cc: Borislav Petkov
Cc: "H. Peter Anvin"
Cc: linux-kernel@vger.kernel.org
Cc: Paolo Bonzini
Cc: Sean Christopherson
Cc: "Radim Krčmář"
---
Enhance sme_populate_pgd() to update page flags if the PMD/PTE entry
already exists.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Reviewed-by: Borislav Petkov
Fixes: 6ebcb060713f ("x86/mm: Add support to encrypt the kernel in-place")
Cc: Tom Lendacky
Cc: k...@vger.ker
Enhance sme_populate_pgd() to update page flags if the PMD/PTE entry
already exists.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Reviewed-by: Borislav Petkov
Fixes: 6ebcb060713f ("x86/mm: Add support to encrypt the kernel in-place")
Cc: Tom Lendacky
Cc: k...@vger.ker
Re-arrange the sme_encrypt_kernel() by moving the workarea map/unmap
logic in a separate static function. There are no logical changes in this
patch. The restructuring will allow us to expand the sme_encrypt_kernel
in future.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Reviewed
Re-arrange the sme_encrypt_kernel() by moving the workarea map/unmap
logic in a separate static function. There are no logical changes in this
patch. The restructuring will allow us to expand the sme_encrypt_kernel
in future.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Reviewed
er patch is upstreamed.
Changes since v1:
- move the logic to re-arrange mapping in new patch
- move the definition of __start_data_* in mem_encrypt.h
- map the workarea buffer as encrypted when SEV is enabled
- enhance the sme_populate_pgd to update the pte/pmd flags when mapping exist
Brijesh
er patch is upstreamed.
Changes since v1:
- move the logic to re-arrange mapping in new patch
- move the definition of __start_data_* in mem_encrypt.h
- map the workarea buffer as encrypted when SEV is enabled
- enhance the sme_populate_pgd to update the pte/pmd flags when mapping exist
Brijesh
On 09/10/2018 10:53 AM, Borislav Petkov wrote:
On Mon, Sep 10, 2018 at 08:15:38AM -0500, Brijesh Singh wrote:
Now, the real question from all this SNAFU is, why can't all those point
to a single struct pvclock_vsyscall_time_info and all CPUs read a single
thing? Why do they have to be per
On 09/10/2018 10:53 AM, Borislav Petkov wrote:
On Mon, Sep 10, 2018 at 08:15:38AM -0500, Brijesh Singh wrote:
Now, the real question from all this SNAFU is, why can't all those point
to a single struct pvclock_vsyscall_time_info and all CPUs read a single
thing? Why do they have to be per
On 09/10/2018 10:28 AM, Sean Christopherson wrote:
...
IIRC, during guest creation time qemu will check the host supported
VCPUS count. If count is greater than KVM_MAX_VCPUS then it will
fail to launch guest (or fail to hot plug vcpus). In other words, the
number of vcpus in a KVM guest
On 09/10/2018 10:28 AM, Sean Christopherson wrote:
...
IIRC, during guest creation time qemu will check the host supported
VCPUS count. If count is greater than KVM_MAX_VCPUS then it will
fail to launch guest (or fail to hot plug vcpus). In other words, the
number of vcpus in a KVM guest
On 09/10/2018 08:29 AM, Sean Christopherson wrote:
...
+ */
+static struct pvclock_vsyscall_time_info
+ hv_clock_aux[NR_CPUS] __decrypted_aux;
Hmm, so worst case that's 64 4K pages:
(8192*32)/4096 = 64 4K pages.
We can minimize the worst case memory usage. The number
On 09/10/2018 08:29 AM, Sean Christopherson wrote:
...
+ */
+static struct pvclock_vsyscall_time_info
+ hv_clock_aux[NR_CPUS] __decrypted_aux;
Hmm, so worst case that's 64 4K pages:
(8192*32)/4096 = 64 4K pages.
We can minimize the worst case memory usage. The number
On 9/10/18 7:27 AM, Borislav Petkov wrote:
> On Fri, Sep 07, 2018 at 12:57:30PM -0500, Brijesh Singh wrote:
>> Currently, the per-cpu pvclock data is allocated dynamically when
>> cpu > HVC_BOOT_ARRAY_SIZE.
> Well no, you need to write this correctly - what is "c
On 9/10/18 7:27 AM, Borislav Petkov wrote:
> On Fri, Sep 07, 2018 at 12:57:30PM -0500, Brijesh Singh wrote:
>> Currently, the per-cpu pvclock data is allocated dynamically when
>> cpu > HVC_BOOT_ARRAY_SIZE.
> Well no, you need to write this correctly - what is "c
On 9/10/18 6:54 AM, Borislav Petkov wrote:
...
>> @@ -487,28 +510,69 @@ static void __init teardown_workarea_map(struct
>> sme_workarea_data *wa,
>> native_write_cr3(__native_read_cr3());
>> }
>>
>> +static void __init decrypt_shared_data(struct sme_workarea_data *wa,
>> +
On 9/10/18 6:54 AM, Borislav Petkov wrote:
...
>> @@ -487,28 +510,69 @@ static void __init teardown_workarea_map(struct
>> sme_workarea_data *wa,
>> native_write_cr3(__native_read_cr3());
>> }
>>
>> +static void __init decrypt_shared_data(struct sme_workarea_data *wa,
>> +
On 9/10/18 6:36 AM, Borislav Petkov wrote:
> On Fri, Sep 07, 2018 at 12:57:27PM -0500, Brijesh Singh wrote:
>> Fix sme_populate_pgd() to update page flags if the PMD/PTE entry
>> already exists.
>>
>> Signed-off-by: Brijesh Singh
>> Reviewed-by: Tom Lendac
On 9/10/18 6:36 AM, Borislav Petkov wrote:
> On Fri, Sep 07, 2018 at 12:57:27PM -0500, Brijesh Singh wrote:
>> Fix sme_populate_pgd() to update page flags if the PMD/PTE entry
>> already exists.
>>
>> Signed-off-by: Brijesh Singh
>> Reviewed-by: Tom Lendac
ata..decrypted
section so that its mapped with C=0 during boot. The .data..decrypted
section has a big chunk of memory that is currently unused. And since
second array will be used only when memory encryption is active hence
free it when encryption is not active.
Signed-off-by: Brijesh Singh
Sugges
and SEV
cases.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
Cc: Borislav Petkov
Cc: "H. Peter Anvin"
Cc: linux-kernel@vger.kernel.org
Cc: Paolo Bonzini
Cc: Sean Christopherson
Cc: k...@vger.kernel.org
Cc: &qu
during boot. Use
__decrypted attribute to put the wall_clock and hv_clock_boot in
.data..decrypted section so that they are mapped with C=0.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Fixes: 368a540e0232 ("x86/kvmclock: Remove memblock dependency")
Cc: Tom Lenda
ata..decrypted
section so that its mapped with C=0 during boot. The .data..decrypted
section has a big chunk of memory that is currently unused. And since
second array will be used only when memory encryption is active hence
free it when encryption is not active.
Signed-off-by: Brijesh Singh
Sugges
and SEV
cases.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
Cc: Borislav Petkov
Cc: "H. Peter Anvin"
Cc: linux-kernel@vger.kernel.org
Cc: Paolo Bonzini
Cc: Sean Christopherson
Cc: k...@vger.kernel.org
Cc: &qu
during boot. Use
__decrypted attribute to put the wall_clock and hv_clock_boot in
.data..decrypted section so that they are mapped with C=0.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Fixes: 368a540e0232 ("x86/kvmclock: Remove memblock dependency")
Cc: Tom Lenda
Fix sme_populate_pgd() to update page flags if the PMD/PTE entry
already exists.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
Cc: Borislav Petkov
Cc: "H. Peter Anvin"
Cc: linux-kernel@vger.kernel.org
Cc: Pao
Fix sme_populate_pgd() to update page flags if the PMD/PTE entry
already exists.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
Cc: Borislav Petkov
Cc: "H. Peter Anvin"
Cc: linux-kernel@vger.kernel.org
Cc: Pao
e definition of __start_data_* in mem_encrypt.h
- map the workarea buffer as encrypted when SEV is enabled
- enhance the sme_populate_pgd to update the pte/pmd flags when mapping exist
Brijesh Singh (5):
x86/mm: Restructure sme_encrypt_kernel()
x86/mm: fix sme_populate_pgd() to update page flags
Re-arrange the sme_encrypt_kernel() by moving the workarea map/unmap
logic in a separate static function. There are no logical changes in this
patch. The restructuring will allow us to expand the sme_encrypt_kernel
in future.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Cc: Tom
e definition of __start_data_* in mem_encrypt.h
- map the workarea buffer as encrypted when SEV is enabled
- enhance the sme_populate_pgd to update the pte/pmd flags when mapping exist
Brijesh Singh (5):
x86/mm: Restructure sme_encrypt_kernel()
x86/mm: fix sme_populate_pgd() to update page flags
Re-arrange the sme_encrypt_kernel() by moving the workarea map/unmap
logic in a separate static function. There are no logical changes in this
patch. The restructuring will allow us to expand the sme_encrypt_kernel
in future.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Cc: Tom
On 9/6/18 1:50 PM, Brijesh Singh wrote:
...
>>
>> #define HVC_DECRYPTED_ARRAY_SIZE \
>> PAGE_ALIGN((NR_CPUS - HVC_BOOT_ARRAY_SIZE) * \
>> sizeof(struct pvclock_vsyscall_time_info))
>>
>
Since the hv_clock_aux array will have NR_CPUS elemen
On 9/6/18 1:50 PM, Brijesh Singh wrote:
...
>>
>> #define HVC_DECRYPTED_ARRAY_SIZE \
>> PAGE_ALIGN((NR_CPUS - HVC_BOOT_ARRAY_SIZE) * \
>> sizeof(struct pvclock_vsyscall_time_info))
>>
>
Since the hv_clock_aux array will have NR_CPUS elemen
On 09/06/2018 03:39 PM, Sean Christopherson wrote:
On Thu, Sep 06, 2018 at 03:20:46PM -0500, Brijesh Singh wrote:
On 09/06/2018 02:47 PM, Sean Christopherson wrote:
...
Yes, the auxiliary array will dumped into the regular .bss when
CONFIG_AMD_MEM_ENCRYPT=n. Typically it will be few k
On 09/06/2018 03:39 PM, Sean Christopherson wrote:
On Thu, Sep 06, 2018 at 03:20:46PM -0500, Brijesh Singh wrote:
On 09/06/2018 02:47 PM, Sean Christopherson wrote:
...
Yes, the auxiliary array will dumped into the regular .bss when
CONFIG_AMD_MEM_ENCRYPT=n. Typically it will be few k
On 09/06/2018 02:47 PM, Sean Christopherson wrote:
...
Yes, the auxiliary array will dumped into the regular .bss when
CONFIG_AMD_MEM_ENCRYPT=n. Typically it will be few k, I am not
sure if its worth complicating the code to save those extra memory.
Most of the distro's have
On 09/06/2018 02:47 PM, Sean Christopherson wrote:
...
Yes, the auxiliary array will dumped into the regular .bss when
CONFIG_AMD_MEM_ENCRYPT=n. Typically it will be few k, I am not
sure if its worth complicating the code to save those extra memory.
Most of the distro's have
On 09/06/2018 02:24 PM, Brijesh Singh wrote:
...
Again we have to consider the bare metal scenario while doing this. The
aux array you proposed will be added in decrypted section only when
CONFIG_AMD_MEM_ENCRYPT=y. If CONFIG_AMD_MEM_ENCRYPT=n then nothng
gets put in .data.decrypted
On 09/06/2018 02:24 PM, Brijesh Singh wrote:
...
Again we have to consider the bare metal scenario while doing this. The
aux array you proposed will be added in decrypted section only when
CONFIG_AMD_MEM_ENCRYPT=y. If CONFIG_AMD_MEM_ENCRYPT=n then nothng
gets put in .data.decrypted
On 09/06/2018 01:47 PM, Sean Christopherson wrote:
On Thu, Sep 06, 2018 at 01:37:50PM -0500, Brijesh Singh wrote:
On 09/06/2018 09:18 AM, Sean Christopherson wrote:
So are we going to be defining a decrypted section for every piece of
machinery now?
That's a bit too much in my
On 09/06/2018 01:47 PM, Sean Christopherson wrote:
On Thu, Sep 06, 2018 at 01:37:50PM -0500, Brijesh Singh wrote:
On 09/06/2018 09:18 AM, Sean Christopherson wrote:
So are we going to be defining a decrypted section for every piece of
machinery now?
That's a bit too much in my
On 09/06/2018 09:07 AM, Sean Christopherson wrote:
...
+
+/* This should cover upto 512 VCPUS (first 64 are covered by hv_clock_boot[]).
*/
+#define HVC_DECRYPTED_ARRAY_SIZE \
+ ((PAGE_SIZE * 7) / sizeof(struct pvclock_vsyscall_time_info))
I think we can define the size relative to
On 09/06/2018 09:07 AM, Sean Christopherson wrote:
...
+
+/* This should cover upto 512 VCPUS (first 64 are covered by hv_clock_boot[]).
*/
+#define HVC_DECRYPTED_ARRAY_SIZE \
+ ((PAGE_SIZE * 7) / sizeof(struct pvclock_vsyscall_time_info))
I think we can define the size relative to
On 09/06/2018 01:33 PM, Borislav Petkov wrote:
On Thu, Sep 06, 2018 at 08:54:52AM -0700, Sean Christopherson wrote:
My thought was that we could simply define a second array for the SEV
case to statically allocate for NR_CPUS since __decrypted has a big
chunk of memory that would be ununsed
On 09/06/2018 01:33 PM, Borislav Petkov wrote:
On Thu, Sep 06, 2018 at 08:54:52AM -0700, Sean Christopherson wrote:
My thought was that we could simply define a second array for the SEV
case to statically allocate for NR_CPUS since __decrypted has a big
chunk of memory that would be ununsed
On 09/06/2018 09:18 AM, Sean Christopherson wrote:
So are we going to be defining a decrypted section for every piece of
machinery now?
That's a bit too much in my book.
Why can't you simply free everything in .data..decrypted on !SVE guests?
That would prevent adding __decrypted
On 09/06/2018 09:18 AM, Sean Christopherson wrote:
So are we going to be defining a decrypted section for every piece of
machinery now?
That's a bit too much in my book.
Why can't you simply free everything in .data..decrypted on !SVE guests?
That would prevent adding __decrypted
On 09/06/2018 08:50 AM, Sean Christopherson wrote:
...
So are we going to be defining a decrypted section for every piece of
machinery now?
That's a bit too much in my book.
Why can't you simply free everything in .data..decrypted on !SVE guests?
That would prevent adding __decrypted to
On 09/06/2018 08:50 AM, Sean Christopherson wrote:
...
So are we going to be defining a decrypted section for every piece of
machinery now?
That's a bit too much in my book.
Why can't you simply free everything in .data..decrypted on !SVE guests?
That would prevent adding __decrypted to
Re-arrange the sme_encrypt_kernel() by moving the workarea map/unmap
logic in a separate static function. There are no logical changes in this
patch. The restructuring will allow us to expand the sme_encrypt_kernel
in future.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Cc: Tom
Re-arrange the sme_encrypt_kernel() by moving the workarea map/unmap
logic in a separate static function. There are no logical changes in this
patch. The restructuring will allow us to expand the sme_encrypt_kernel
in future.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Cc: Tom
ray will be put in
the .data..decrypted section so that its mapped with C=0 during the boot.
In non-SEV case, this static page will unused and free'd by the
free_decrypted_mem().
Signed-off-by: Brijesh Singh
Suggested-by: Sean Christopherson
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
ray will be put in
the .data..decrypted section so that its mapped with C=0 during the boot.
In non-SEV case, this static page will unused and free'd by the
free_decrypted_mem().
Signed-off-by: Brijesh Singh
Suggested-by: Sean Christopherson
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
Fix sme_populate_pgd() to update page flags if the PMD/PTE entry
already exists.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
Cc: Borislav Petkov
Cc: "H. Peter Anvin"
Cc: linux-kernel@vger.kernel.org
Cc: Pao
during boot. Use
__decrypted attribute to put the wall_clock and hv_clock_boot in
.data..decrypted section so that they are mapped with C=0.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Fixes: 368a540e0232 ("x86/kvmclock: Remove memblock dependency")
Cc: Tom Lenda
and SEV
cases.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
Cc: Borislav Petkov
Cc: "H. Peter Anvin"
Cc: linux-kernel@vger.kernel.org
Cc: Paolo Bonzini
Cc: Sean Christopherson
Cc: k...@vger.kernel.org
Cc: &qu
Fix sme_populate_pgd() to update page flags if the PMD/PTE entry
already exists.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
Cc: Borislav Petkov
Cc: "H. Peter Anvin"
Cc: linux-kernel@vger.kernel.org
Cc: Pao
during boot. Use
__decrypted attribute to put the wall_clock and hv_clock_boot in
.data..decrypted section so that they are mapped with C=0.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Fixes: 368a540e0232 ("x86/kvmclock: Remove memblock dependency")
Cc: Tom Lenda
and SEV
cases.
Signed-off-by: Brijesh Singh
Reviewed-by: Tom Lendacky
Cc: Tom Lendacky
Cc: k...@vger.kernel.org
Cc: Thomas Gleixner
Cc: Borislav Petkov
Cc: "H. Peter Anvin"
Cc: linux-kernel@vger.kernel.org
Cc: Paolo Bonzini
Cc: Sean Christopherson
Cc: k...@vger.kernel.org
Cc: &qu
anges since v1:
- move the logic to re-arrange mapping in new patch
- move the definition of __start_data_* in mem_encrypt.h
- map the workarea buffer as encrypted when SEV is enabled
- enhance the sme_populate_pgd to update the pte/pmd flags when mapping exist
Brijesh Singh (5):
x86/mm: Restruc
anges since v1:
- move the logic to re-arrange mapping in new patch
- move the definition of __start_data_* in mem_encrypt.h
- map the workarea buffer as encrypted when SEV is enabled
- enhance the sme_populate_pgd to update the pte/pmd flags when mapping exist
Brijesh Singh (5):
x86/mm: Restruc
101 - 200 of 1608 matches
Mail list logo