lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Apr 2020 11:37:42 -0700 From: Krish Sadhukhan <krish.sadhukhan@...cle.com> To: Ashish Kalra <ashish.kalra@....com> Cc: pbonzini@...hat.com, tglx@...utronix.de, mingo@...hat.com, hpa@...or.com, joro@...tes.org, bp@...e.de, thomas.lendacky@....com, x86@...nel.org, kvm@...r.kernel.org, linux-kernel@...r.kernel.org, rientjes@...gle.com, srutherford@...gle.com, luto@...nel.org, brijesh.singh@....com Subject: Re: [PATCH v6 14/14] KVM: x86: Add kexec support for SEV Live Migration. On 4/4/20 2:57 PM, Ashish Kalra wrote: > The host's page encryption bitmap is maintained for the guest to keep the encrypted/decrypted state > of the guest pages, therefore we need to explicitly mark all shared pages as encrypted again before > rebooting into the new guest kernel. > > On Fri, Apr 03, 2020 at 05:55:52PM -0700, Krish Sadhukhan wrote: >> On 3/29/20 11:23 PM, Ashish Kalra wrote: >>> From: Ashish Kalra <ashish.kalra@....com> >>> >>> Reset the host's page encryption bitmap related to kernel >>> specific page encryption status settings before we load a >>> new kernel by kexec. We cannot reset the complete >>> page encryption bitmap here as we need to retain the >>> UEFI/OVMF firmware specific settings. >> >> Can the commit message mention why host page encryption needs to be reset ? >> Since the theme of these patches is guest migration in-SEV context, it might >> be useful to mention why the host context comes in here. >> >>> Signed-off-by: Ashish Kalra <ashish.kalra@....com> >>> --- >>> arch/x86/kernel/kvm.c | 28 ++++++++++++++++++++++++++++ >>> 1 file changed, 28 insertions(+) >>> >>> diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c >>> index 8fcee0b45231..ba6cce3c84af 100644 >>> --- a/arch/x86/kernel/kvm.c >>> +++ b/arch/x86/kernel/kvm.c >>> @@ -34,6 +34,7 @@ >>> #include <asm/hypervisor.h> >>> #include <asm/tlb.h> >>> #include <asm/cpuidle_haltpoll.h> >>> +#include <asm/e820/api.h> >>> static int kvmapf = 1; >>> @@ -357,6 +358,33 @@ static void kvm_pv_guest_cpu_reboot(void *unused) >>> */ >>> if (kvm_para_has_feature(KVM_FEATURE_PV_EOI)) >>> wrmsrl(MSR_KVM_PV_EOI_EN, 0); >>> + /* >>> + * Reset the host's page encryption bitmap related to kernel >>> + * specific page encryption status settings before we load a >>> + * new kernel by kexec. NOTE: We cannot reset the complete >>> + * page encryption bitmap here as we need to retain the >>> + * UEFI/OVMF firmware specific settings. >>> + */ >>> + if (kvm_para_has_feature(KVM_FEATURE_SEV_LIVE_MIGRATION) && >>> + (smp_processor_id() == 0)) { >>> + unsigned long nr_pages; >>> + int i; >>> + >>> + for (i = 0; i < e820_table->nr_entries; i++) { >>> + struct e820_entry *entry = &e820_table->entries[i]; >>> + unsigned long start_pfn, end_pfn; >>> + >>> + if (entry->type != E820_TYPE_RAM) >>> + continue; >>> + >>> + start_pfn = entry->addr >> PAGE_SHIFT; >>> + end_pfn = (entry->addr + entry->size) >> PAGE_SHIFT; >>> + nr_pages = DIV_ROUND_UP(entry->size, PAGE_SIZE); >>> + >>> + kvm_sev_hypercall3(KVM_HC_PAGE_ENC_STATUS, >>> + entry->addr, nr_pages, 1); >>> + } >>> + } >>> kvm_pv_disable_apf(); >>> kvm_disable_steal_time(); >>> } Thanks for the explanation. It will certainly help one understand the context better if you add it to the commit message. Reviewed-by: Krish Sadhukhan <krish.sadhukhan@...cle.com>
Powered by blists - more mailing lists