openhcl/loader: move snp specific pages to new vtl2 reserved region #304
Conversation
| // Page indices for reserved vtl2 ranges, ranges that are marked as reserved to | ||
| // both the kernel and usermode. Today, these are SNP specific pages. | ||
| // | ||
| // TODO SNP: Does the kernel require that the CPUID and secrets pages are |
| @@ -321,6 +321,13 @@ where | |||
|
|
|||
| offset += HV_PAGE_SIZE; | |||
|
|
|||
| // Reserve space for the VTL2 reserved region. | |||
| let reserved_region_size = PARAVISOR_RESERVED_VTL2_PAGE_COUNT_MAX * HV_PAGE_SIZE; | |||
There was a problem hiding this comment.
We're reserving space on all architectures even though only SNP uses it? Is that just for simplicity?
There was a problem hiding this comment.
On x64 only. But yes, it makes things simpler. I'm not too concerned about a losing a few pages, but if need be we could modify the loader so that we get these pages back, if we need to.
There was a problem hiding this comment.
it just makes layout calculation more complicated. Maybe I'll fix all of it again later, but I don't think it's worth doing now.
Note that these pages were already reserved everywhere before.
There was a problem hiding this comment.
Were they? I thought for "VSM" we didn't include the secrets page, vmsa, or cpuid pages:
pub const PARAVISOR_UNMEASURED_VTL2_CONFIG_REGION_PAGE_COUNT_VSM: u64 =
PARAVISOR_UNMEASURED_VTL2_CONFIG_REGION_PAGE_COUNT_COMMON;
/// Size in pages for AMD SEV-SNP isolation.
pub const PARAVISOR_UNMEASURED_VTL2_CONFIG_REGION_PAGE_COUNT_SNP: u64 =
PARAVISOR_UNMEASURED_VTL2_CONFIG_REGION_PAGE_COUNT_COMMON
+ PARAVISOR_CONFIG_SECRETS_SIZE_PAGES
+ PARAVISOR_CONFIG_CPUID_SIZE_PAGES
+ PARAVISOR_CONFIG_VMSA_SIZE_PAGES;
There was a problem hiding this comment.
we used max always, not VSM.
There was a problem hiding this comment.
let parameter_region_size = PARAVISOR_VTL2_CONFIG_REGION_PAGE_COUNT_MAX * HV_PAGE_SIZE;
There was a problem hiding this comment.
We should probably file an issue to track making all of these calculations work per-isolation type so we don't waste pages.
chris-oo
added
the
backport_2411
…icrosoft#304) Previously, we put some SNP specific pages into the same VTL2 config region. microsoft#265 broke SNP, because this region contains pages that _cannot be_ zeroed, like the VMSA, CPUID pages and secrets pages. Move those to a new region, that is marked as persisted to both kernelmode and usermode. It is unclear to me if the kernel requires that the CPUID page and secrets page are persisted, but treat them like the VMSA for now. Fixes microsoft#295
…334) Cherry pick of #304 to release/2411 Previously, we put some SNP specific pages into the same VTL2 config region. #265 broke SNP, because this region contains pages that _cannot be_ zeroed, like the VMSA, CPUID pages and secrets pages. Move those to a new region, that is marked as persisted to both kernelmode and usermode. It is unclear to me if the kernel requires that the CPUID page and secrets page are persisted, but treat them like the VMSA for now. Fixes #295
Previously, we put some SNP specific pages into the same VTL2 config region. #265 broke SNP, because this region contains pages that cannot be zeroed, like the VMSA, CPUID pages and secrets pages.
Move those to a new region, that is marked as persisted to both kernelmode and usermode. It is unclear to me if the kernel requires that the CPUID page and secrets page are persisted, but treat them like the VMSA for now.
Fixes #295