On 5/20/21 12:52 PM, Borislav Petkov wrote: > On Fri, Apr 30, 2021 at 07:16:07AM -0500, Brijesh Singh wrote: >> @@ -278,12 +279,28 @@ static int set_clr_page_flags(struct x86_mapping_info *info, >> if ((set | clr) & _PAGE_ENC) >> clflush_page(address); >> >> + /* >> + * If the encryption attribute is being cleared, then change the page state to >> + * shared in the RMP entry. Change of the page state must be done before the >> + * PTE updates. >> + */ >> + if (clr & _PAGE_ENC) >> + snp_set_page_shared(pte_pfn(*ptep) << PAGE_SHIFT); > From the last review: > > The statement above already looks at clr - just merge the two together. Maybe I am missing something, the statement above was executed for either set or clr but the page shared need to happen only for clr. So, from code readability point I kept it outside of that if(). Otherwise we may have to do something like. ... if ((set | clr) & _PAGE_EN) { if (clr) snp_set_page_shared(pte_pfn(*ptep) << PAGE_SHIFT); } I am okay with above is the preferred approach. > >> @@ -136,6 +137,55 @@ static inline bool sev_snp_enabled(void) >> return sev_status_val & MSR_AMD64_SEV_SNP_ENABLED ? true : false; >> } >> >> +static void snp_page_state_change(unsigned long paddr, int op) > From the last review: > > no need for too many prefixes on static functions - just call this one > __change_page_state() or so, so that the below one can be called... I guess I still kept the "snp" prefix because vmgexit was named that way. Based on your feedback, I am droping the "SNP" prefix from the VMGEXIT and will update it as well. >> +{ >> + u64 val; >> + >> + if (!sev_snp_enabled()) >> + return; >> + >> + /* >> + * If the page is getting changed from private to shard then invalidate the page > shared > > And you can write this a lot shorter > > * If private -> shared, ... > >> + * before requesting the state change in the RMP table. >> + */ >> + if ((op == SNP_PAGE_STATE_SHARED) && pvalidate(paddr, RMP_PG_SIZE_4K, 0)) >> + goto e_pvalidate; >> + >> + /* Issue VMGEXIT to change the page state in RMP table. */ >> + sev_es_wr_ghcb_msr(GHCB_MSR_PSC_REQ_GFN(paddr >> PAGE_SHIFT, op)); >> + VMGEXIT(); >> + >> + /* Read the response of the VMGEXIT. */ >> + val = sev_es_rd_ghcb_msr(); >> + if ((GHCB_RESP_CODE(val) != GHCB_MSR_PSC_RESP) || GHCB_MSR_PSC_RESP_VAL(val)) >> + goto e_psc; > That label is used only once - just do the termination here directly and > remove it. Noted. > > Thx. >