From: Joerg Roedel <joro@xxxxxxxxxx> > Sent: 26 March 2022 14:41 > > The io specific memcpy/memset functions use string mmio accesses to do > their work. Under SEV the hypervisor can't emulate these instructions, > because they read/write directly from/to encrypted memory. > > KVM will inject a page fault exception into the guest when it is asked > to emulate string mmio instructions for an SEV guest: > > BUG: unable to handle page fault for address: ffffc90000065068 > #PF: supervisor read access in kernel mode > #PF: error_code(0x0000) - not-present page > PGD 8000100000067 P4D 8000100000067 PUD 80001000fb067 PMD 80001000fc067 PTE 80000000fed40173 > Oops: 0000 [#1] PREEMPT SMP NOPTI > CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.17.0-rc7 #3 > > As string mmio for an SEV guest can not be supported by the > hypervisor, unroll the instructions for CC_ATTR_GUEST_UNROLL_STRING_IO > enabled kernels. > > This issue appears when kernels are launched in recent libvirt-managed > SEV virtual machines, because libvirt started to add a tpm-crb device > to the guest by default. > > The kernel driver for tpm-crb uses memcpy_to/from_io() functions to > access MMIO memory, resulting in a page-fault injected by KVM and > crashing the kernel at boot. > > Cc: stable@xxxxxxxxxxxxxxx #4.15+ > Fixes: d8aa7eea78a1 ('x86/mm: Add Secure Encrypted Virtualization (SEV) support') > Reviewed-by: Tom Lendacky <thomas.lendacky@xxxxxxx> > Signed-off-by: Joerg Roedel <jroedel@xxxxxxx> > --- > Changes v2->v3: > - Fix sparse warnings introduced by v2 > > arch/x86/lib/iomem.c | 65 ++++++++++++++++++++++++++++++++++++++------ > 1 file changed, 57 insertions(+), 8 deletions(-) > > diff --git a/arch/x86/lib/iomem.c b/arch/x86/lib/iomem.c > index df50451d94ef..3e2f33fc33de 100644 > --- a/arch/x86/lib/iomem.c > +++ b/arch/x86/lib/iomem.c > @@ -22,7 +22,7 @@ static __always_inline void rep_movs(void *to, const void *from, size_t n) > : "memory"); > } > > -void memcpy_fromio(void *to, const volatile void __iomem *from, size_t n) > +static void string_memcpy_fromio(void *to, const volatile void __iomem *from, size_t n) > { > if (unlikely(!n)) > return; > @@ -38,9 +38,8 @@ void memcpy_fromio(void *to, const volatile void __iomem *from, size_t n) > } > rep_movs(to, (const void *)from, n); > } > -EXPORT_SYMBOL(memcpy_fromio); > > -void memcpy_toio(volatile void __iomem *to, const void *from, size_t n) > +static void string_memcpy_toio(volatile void __iomem *to, const void *from, size_t n) > { > if (unlikely(!n)) > return; > @@ -56,14 +55,64 @@ void memcpy_toio(volatile void __iomem *to, const void *from, size_t n) > } > rep_movs((void *)to, (const void *) from, n); > } > + > +static void unrolled_memcpy_fromio(void *to, const volatile void __iomem *from, size_t n) > +{ > + const volatile char __iomem *in = from; > + char *out = to; > + int i; > + > + for (i = 0; i < n; ++i) > + out[i] = readb(&in[i]); > +} Wait a minute.... Aren't these functions supposed to be doing 'memory' copies? In which case they need to be using 64bit IO accesses where appropriate - otherwise the performance is horrid. I thought the x86 memcpy_to/from_io() had been changed to always use a software loop rather than using whatever memcpy() ended up using. In particular the 'rep movsb' ERMS (EMRS?) copy that is fast (on some cpu) for memory-memory copies is always a byte copy on uncached locations typical for io addresses. PIO reads from PCIe can be spectacularly slow. You really do want to use the largest register available. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)