When a TDX guest runs on Hyper-V, the hv_netvsc driver's netvsc_init_buf()
allocates buffers using vzalloc(), and needs to share the buffers with the
host OS by calling set_memory_decrypted(), which is not working for
vmalloc() yet. Add the support by handling the pages one by one.
Co-developed-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Signed-off-by: Dexuan Cui <decui@microsoft.com>
---
arch/x86/coco/tdx/tdx.c | 36 ++++++++++++++++++++++++++++++------
1 file changed, 30 insertions(+), 6 deletions(-)
Changes in v10:
Dave kindly improved tdx_enc_status_changed():
Call tdx_enc_status_changed_phys() only once.
Make the change concise and more readable
See https://lwn.net/ml/linux-kernel/69b46bf3-40ab-c379-03d5-efd537ed44c7@intel.com/
diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c
index 746075d20cd2d..38044bb32c498 100644
--- a/arch/x86/coco/tdx/tdx.c
+++ b/arch/x86/coco/tdx/tdx.c
@@ -7,6 +7,7 @@
#include <linux/cpufeature.h>
#include <linux/export.h>
#include <linux/io.h>
+#include <linux/mm.h>
#include <asm/coco.h>
#include <asm/tdx.h>
#include <asm/vmx.h>
@@ -753,6 +754,19 @@ static bool tdx_map_gpa(phys_addr_t start, phys_addr_t end, bool enc)
return false;
}
+static bool tdx_enc_status_changed_phys(phys_addr_t start, phys_addr_t end,
+ bool enc)
+{
+ if (!tdx_map_gpa(start, end, enc))
+ return false;
+
+ /* shared->private conversion requires memory to be accepted before use */
+ if (enc)
+ return tdx_accept_memory(start, end);
+
+ return true;
+}
+
/*
* Inform the VMM of the guest's intent for this physical page: shared with
* the VMM or private to the guest. The VMM is expected to change its mapping
@@ -760,15 +774,25 @@ static bool tdx_map_gpa(phys_addr_t start, phys_addr_t end, bool enc)
*/
static bool tdx_enc_status_changed(unsigned long vaddr, int numpages, bool enc)
{
- phys_addr_t start = __pa(vaddr);
- phys_addr_t end = __pa(vaddr + numpages * PAGE_SIZE);
+ unsigned long start = vaddr;
+ unsigned long end = start + numpages * PAGE_SIZE;
+ unsigned long step = end - start;
+ unsigned long addr;
- if (!tdx_map_gpa(start, end, enc))
+ if (offset_in_page(start) != 0)
return false;
- /* shared->private conversion requires memory to be accepted before use */
- if (enc)
- return tdx_accept_memory(start, end);
+ /* Step through page-by-page for vmalloc() mappings: */
+ if (is_vmalloc_addr((void *)vaddr))
+ step = PAGE_SIZE;
+
+ for (addr = start; addr < end; addr += step) {
+ phys_addr_t start_pa = slow_virt_to_phys((void *)addr);
+ phys_addr_t end_pa = start_pa + step;
+
+ if (!tdx_enc_status_changed_phys(start_pa, end_pa, enc))
+ return false;
+ }
return true;
}
--
2.25.1On 8/11/23 14:48, Dexuan Cui wrote: > When a TDX guest runs on Hyper-V, the hv_netvsc driver's netvsc_init_buf() > allocates buffers using vzalloc(), and needs to share the buffers with the > host OS by calling set_memory_decrypted(), which is not working for > vmalloc() yet. Add the support by handling the pages one by one. > > Co-developed-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> > Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> > Reviewed-by: Michael Kelley <mikelley@microsoft.com> > Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> > Signed-off-by: Dexuan Cui <decui@microsoft.com> Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
On Fri, 2023-08-11 at 14:48 -0700, Dexuan Cui wrote: > When a TDX guest runs on Hyper-V, the hv_netvsc driver's netvsc_init_buf() > allocates buffers using vzalloc(), and needs to share the buffers with the > host OS by calling set_memory_decrypted(), which is not working for > vmalloc() yet. Add the support by handling the pages one by one. > > Co-developed-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> > Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> > Reviewed-by: Michael Kelley <mikelley@microsoft.com> > Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> > Signed-off-by: Dexuan Cui <decui@microsoft.com> Acked-by: Kai Huang <kai.huang@intel.com> One nit below ... [...] > > - if (!tdx_map_gpa(start, end, enc)) > + if (offset_in_page(start) != 0) > return false; ... "!= 0" isn't needed. Or should we even WARN()? IIUC by reaching here the caller should already verified both address and size are page aligned, but I didn't do full check.
On Fri, 2023-08-11 at 14:48 -0700, Dexuan Cui wrote: > When a TDX guest runs on Hyper-V, the hv_netvsc driver's > netvsc_init_buf() > allocates buffers using vzalloc(), and needs to share the buffers > with the > host OS by calling set_memory_decrypted(), which is not working for > vmalloc() yet. Add the support by handling the pages one by one. > > Co-developed-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> > Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> > Reviewed-by: Michael Kelley <mikelley@microsoft.com> > Reviewed-by: Kuppuswamy Sathyanarayanan > <sathyanarayanan.kuppuswamy@linux.intel.com> > Signed-off-by: Dexuan Cui <decui@microsoft.com> > --- > arch/x86/coco/tdx/tdx.c | 36 ++++++++++++++++++++++++++++++------ > 1 file changed, 30 insertions(+), 6 deletions(-) Reviewed-by: Rick Edgecombe <rick.p.edgecombe@intel.com> Only small comment, it is possible to have huge vmalloc's now, which would mean this would do 512 TDVMCALL_MAP_GPA calls instead of 1 when encountering a huge vmalloc mapping. If this used lookup_address() directly instead of slow_virt_to_phys(), it could catch this case. I don't think there are any cases of huge vmallocs today that would get passed into set_memory_en/decrypted(), so would only be future proofing.
> From: Edgecombe, Rick P <rick.p.edgecombe@intel.com> > Sent: Tuesday, September 5, 2023 9:25 AM > [...] > On Fri, 2023-08-11 at 14:48 -0700, Dexuan Cui wrote: > > When a TDX guest runs on Hyper-V, the hv_netvsc driver's > > netvsc_init_buf() > > allocates buffers using vzalloc(), and needs to share the buffers > > with the > > host OS by calling set_memory_decrypted(), which is not working for > > vmalloc() yet. Add the support by handling the pages one by one. > > > > Co-developed-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> > > Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> > > Reviewed-by: Michael Kelley <mikelley@microsoft.com> > > Reviewed-by: Kuppuswamy Sathyanarayanan > > <sathyanarayanan.kuppuswamy@linux.intel.com> > > Signed-off-by: Dexuan Cui <decui@microsoft.com> > > --- > > arch/x86/coco/tdx/tdx.c | 36 ++++++++++++++++++++++++++++++------ > > 1 file changed, 30 insertions(+), 6 deletions(-) > > Reviewed-by: Rick Edgecombe <rick.p.edgecombe@intel.com> Thanks! > Only small comment, it is possible to have huge vmalloc's now, which > would mean this would do 512 TDVMCALL_MAP_GPA calls instead of 1 when > encountering a huge vmalloc mapping. If this used lookup_address() > directly instead of slow_virt_to_phys(), it could catch this case. I > don't think there are any cases of huge vmallocs today that would get > passed into set_memory_en/decrypted(), so would only be future > proofing. Thanks for the suggestion! So I think let's keep the code as-is for simplicity. We can enhance the code in future when it's necessary.
© 2016 - 2025 Red Hat, Inc.