arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/include/asm/msr-index.h | 3 + arch/x86/include/asm/sev.h | 2 + arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kvm/svm/sev.c | 2 + arch/x86/virt/svm/sev.c | 263 +++++++++++++++++++++++++++++ drivers/crypto/ccp/sev-dev.c | 4 + 7 files changed, 276 insertions(+), 1 deletion(-)
From: Ashish Kalra <ashish.kalra@amd.com> In the SEV-SNP architecture, hypervisor and non-SNP guests are subject to RMP checks on writes to provide integrity of SEV-SNP guest memory. The RMPOPT architecture enables optimizations whereby the RMP checks can be skipped if 1GB regions of memory are known to not contain any SNP guest memory. RMPOPT is a new instruction designed to minimize the performance overhead of RMP checks for the hypervisor and non-SNP guests. RMPOPT instruction currently supports two functions. In case of the verify and report status function the CPU will read the RMP contents, verify the entire 1GB region starting at the provided SPA is HV-owned. For the entire 1GB region it checks that all RMP entries in this region are HV-owned (i.e, not in assigned state) and then accordingly updates the RMPOPT table to indicate if optimization has been enabled and provide indication to software if the optimization was successful. In case of report status function, the CPU returns the optimization status for the 1GB region. The RMPOPT table is managed by a combination of software and hardware. Software uses the RMPOPT instruction to set bits in the table, indicating that regions of memory are entirely HV-owned. Hardware automatically clears bits in the RMPOPT table when RMP contents are changed during RMPUPDATE instruction. For more information on the RMPOPT instruction, see the AMD64 RMPOPT technical documentation. As SNP is enabled by default the hypervisor and non-SNP guests are subject to RMP write checks to provide integrity of SNP guest memory. This patch-series adds support to enable RMP optimizations for up to 2TB of system RAM across the system and allow RMPUPDATE to disable those optimizations as SNP guests are launched. Support for RAM larger than 2 TB will be added in follow-on series. This series also introduces support to re-enable RMP optimizations during SNP guest termination, after guest pages have been converted back to shared. RMP optimizations are performed asynchronously by queuing work on a dedicated workqueue after a 10 second delay. Delaying work allows batching of multiple SNP guest terminations. Once 1GB hugetlb guest_memfd support is merged, support for re-enabling RMPOPT optimizations during 1GB page cleanup will be added in follow-on series. Additionally add debugfs interface to report per-CPU RMPOPT status across all system RAM. v3: - Drop all RMPOPT kthread support and introduce adding custom and dedicated workqueue to schedule delayed and asynchronous RMPOPT work. - Drop the guest_memfd inode cleanup interface and add support to re-enable RMP optimizations during guest shutdown using the asynchronous and delayed workqueue interface. - Introduce new __rmpopt() helper and rmpopt() and rmpopt_report_status() wrappers on top which use rax and rcx parameters to closely match RMPOPT specs. - Use new optimized RMPOPT loop to issue RMPOPT instructions on all system RAM upto 2TB and all CPUs, by optimizing each range on one CPU first, then let other CPUs execute RMPOPT in parallel so they can skip most work as the range has already been optimized. - Also add support for running the optimized RMPOPT loop only on one thread per core. - Replace all PUD_SIZE references with SZ_1G to conform to 1GB regions as specified by RMPOPT specifications and not be dependent on PUD_SIZE which makes the RMPOPT patch-set independent of x86 page table sizes. - Use wrmsrq_on_cpu() to program the RMPOPT_BASE MSR registers on all CPUs that removes all ugly casting to use on_each_cpu_mask(). - Fix inline commits and patch commit messages v2: - Drop all NUMA and Socket configuration and enablement support and enable RMPOPT support for up to 2TB of system RAM. - Drop get_cpumask_of_primary_threads() and enable per-core RMPOPT base MSRs and issue RMPOPT instruction on all CPUs. - Drop the configfs interface to manually re-enable RMP optimizations. - Add new guest_memfd cleanup interface to automatically re-enable RMP optimizations during guest shutdown. - Include references to the public RMPOPT documentation. - Move debugfs directory for RMPOPT under architecuture specific parent directory. Ashish Kalra (6): x86/cpufeatures: Add X86_FEATURE_AMD_RMPOPT feature flag x86/sev: Add support for enabling RMPOPT x86/sev: Add support to perform RMP optimizations asynchronously x86/sev: Add interface to re-enable RMP optimizations. KVM: SEV: Perform RMP optimizations on SNP guest shutdown x86/sev: Add debugfs support for RMPOPT arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/include/asm/msr-index.h | 3 + arch/x86/include/asm/sev.h | 2 + arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kvm/svm/sev.c | 2 + arch/x86/virt/svm/sev.c | 263 +++++++++++++++++++++++++++++ drivers/crypto/ccp/sev-dev.c | 4 + 7 files changed, 276 insertions(+), 1 deletion(-) -- 2.43.0
© 2016 - 2026 Red Hat, Inc.