From patchwork Tue Jun 27 15:13:04 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 9812503 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 3B90B603D7 for ; Tue, 27 Jun 2017 15:16:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2CC9E286BC for ; Tue, 27 Jun 2017 15:16:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 20F66286CF; Tue, 27 Jun 2017 15:16:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4004E286BC for ; Tue, 27 Jun 2017 15:16:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751988AbdF0PP4 (ORCPT ); Tue, 27 Jun 2017 11:15:56 -0400 Received: from mail-sn1nam01on0079.outbound.protection.outlook.com ([104.47.32.79]:55378 "EHLO NAM01-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753215AbdF0PNO (ORCPT ); Tue, 27 Jun 2017 11:13:14 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=M0077Zg2X22fOYEokw2JDkb1z5Gf/buP+2FXC34vnxs=; b=s5ffGF2h0R2aIYDRPe+zOxkbPiuvfOLD0fwiMjAdLKokOQ5+V/JzpajLpUGt5XN2Ae1uHd1RBDRacHC18/Mwri7RroIYqnx9xQ3Ve+/UoonWfC9NQPu+Q8CemuIsAIFIjPpqmZf2T+0dfQF/Ed0ZQ26NfDt6IeFmYioV1gwIwes= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none; vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from tlendack-t1.amdoffice.net (165.204.77.1) by BN6PR12MB1138.namprd12.prod.outlook.com (10.168.226.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1199.15; Tue, 27 Jun 2017 15:13:07 +0000 From: Tom Lendacky Subject: [PATCH v8 RESEND 30/38] kvm: x86: svm: Support Secure Memory Encryption within KVM To: linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, x86@kernel.org, kexec@lists.infradead.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, xen-devel@lists.xen.org, linux-mm@kvack.org, iommu@lists.linux-foundation.org Cc: Brijesh Singh , Toshimitsu Kani , Radim =?utf-8?b?S3LEjW3DocWZ?= , Matt Fleming , Alexander Potapenko , "H. Peter Anvin" , Larry Woodman , Jonathan Corbet , Joerg Roedel , "Michael S. Tsirkin" , Ingo Molnar , Andrey Ryabinin , Dave Young , Rik van Riel , Arnd Bergmann , Konrad Rzeszutek Wilk , Borislav Petkov , Andy Lutomirski , Boris Ostrovsky , Dmitry Vyukov , Juergen Gross , Thomas Gleixner , Paolo Bonzini Date: Tue, 27 Jun 2017 10:13:04 -0500 Message-ID: <20170627151304.17428.80457.stgit@tlendack-t1.amdoffice.net> In-Reply-To: <20170627150718.17428.81813.stgit@tlendack-t1.amdoffice.net> References: <20170627150718.17428.81813.stgit@tlendack-t1.amdoffice.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: BN6PR03CA0011.namprd03.prod.outlook.com (10.168.230.149) To BN6PR12MB1138.namprd12.prod.outlook.com (10.168.226.140) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: efd58863-1c2d-4ffa-69aa-08d4bd6f0544 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(48565401081)(300000503095)(300135400095)(201703131423075)(201703031133081)(300000504095)(300135200095)(300000505095)(300135600095); SRVR:BN6PR12MB1138; X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1138; 3:XO/9WNhFd/Pd9wVd33DyzMfiw1KbvNJi4JhejPYJYgyUthTQ8kvfF0p9M9CkOShVkasm6d4wIeoE1gjtOirCoJzT/PrvBiopTmBjYL29Q1jcVosLXq03tnx3hj7BZkqBWzujzCAfCV7uw/WNJO2A5ZyGm8XXjZCejSOt54ghxqV1vT0g9n71vSaHfRtRgYuXB4keEhvdVO8MaRlVdsp+bxoN4gCjMrl8meLQUTNvDJXAvEG7uxPVBZcIqtvs/XAwErXepuLTF4Ka2oHMrY53iD2qId+38YkSosnKTRMpM71UL7ZGFvEYe3NUCDpsqWHCGf9UNI8+70Opk7U7o3HNyZIqdPnPGcqyEoazgNkRgjobm9bXlNGN5ZKjjYBVKfVsryy4yfVrLwcPJdRI0Es0XVYQwkWTAq4ZRVUd75FF6s7KsiJdTYrwcfq1Aw+pKX4/dvJjwPVLZKuEQ1NC2aPgb91EJezSZMRxqrxpyAWmsCnIsSA+Q8ccnRwDDyV9k2zBmB22QugYLNun999CTw1jmD5Fe6lYx09o0iMQDrnyusYhBRlv/SLvI91g0y3ApjUadqm7TRMpA7zf+Rn9QivbWQXR/fm1BbwWYxTLAPVMkVjlya/MHDIFfdZUnoA/H5u/nb9+ZXgFuxWwWf2BMykIfbflYBeh0wdNGoGXXn88oB7KDmey8uD7f1yfYbcjXneQIz1FV79H9ZTSW1z6XPt53g== X-MS-TrafficTypeDiagnostic: BN6PR12MB1138: X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1138; 25:TKuYFrn5/RXLcY/30CG1b80w1phbmcgzcYRjQGBmzyrgvjvdRFCB0EPgdcjL3wdKCh0+cMxSGtKDcu3gs2EXmx1EsNtQozfAtMNPfnfGyG9QtGQvQbfqyq440h97SachvXsyF5qNxObaeOZXFKa4EJ1bWr7/y3okd+zoU3u3EWCD7WIp06E2smzJ/fenbU1teis4rbh4UsXLB0S1dglZpFT0ZniSlk6Cacg+vrG891G9GrVSGHHusXrpZfS/aMac0cOYoGk4GZV3cX1TwmQuOfKnibnwk+Qa3DG6ggF+prePwo5KIhtX4EI60OQUJ8upt7jWWgQ/+ZATlqaYDlodcprGHlPi6a+4Hsw/qIprw4sTn/kPumK6T9X06LvVth4m4+PHl1seK70keCEXF4JqA/KHxI1KED3wuNbB8gquodUxVddFjoUgeRnNkaNZWPoHGqnDVZs18Gq6Ru+UONuXMQ12wfvkjpyt7wTx0aMlw2xRAq6R3JRNE/NbVxKPU2LGDHbtiFyAPr84H4tVFW5uUJW8z7vLCrR6GqJDaK+jTARi1lR7A1wdY40MkCCD6CphPzFOO5z+Jinn+3UGn0tTfo2rtQq823ndaZ3p3w/c5y04t5StliqpZaAtH+zFV6btko8rV5HRvWrFwXDfTOvqieZ9jef+ml5vptkZ/h2TE8xBq0Sr/dt4+eKHni3jVkTpcz/ZbgPikozRJs/m8hcu2OowQ95Dw7itsoxdmvP89Ja7Q54besTYVji0D76MVcY0YweXrB1vwsMPaQKQaghh/liwNXEymybHsH+AJW5Jm3eVTaQzMzsEhPJF699pRkIRhgxdT5qVxFtDUaULiq7GPANTeYoAfCkTvgwsHGRMqlknAnnrGMgD35SkNCQptjfRdPucZrYZ3DVNFqInnQ16KjT6obUjwWc5uA4HfeHUt eQ= X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1138; 31:mT+dKq/2FOAsaXAKUKhOM3xJ6XSNjqKSIux5lO/TCIwZHKpr16OsLu3H8Hg/fGdPoYzVYzh3wjh2L7soOhOaBjUwVOTjnccW31dLBbxLPVgVxcq33Ra1o8egcDrIw9a1ma5z2D5xnwNo6lxD1BVyIXB/9pEkfWy67JarTCXVvwIROrdsJArALMw3McBxei6fkpvKeMpQSxxRgFPmQZ9W5eez3esvPIIIGujq6985r4dAhrCoAulgns7YlgR9oUeTOKIGgmO4P9J8TuZPP08Q+lzInGYGzdFTlBQbhdYJMVaZQP7fCc+eh7V/nskiuFOb2iQsAeshsTuDu89nHPE9q/hyJBdMI7u2/xWsPYnSPOsLipdgVX/1aALtnqGL9oA3WkqVj0MmxPQY+U+bEQ8lkAIYqP78oISERtOCOh2OYUErfs4NdjOZNjkb2oawO1DNIKApMJMmLMSyt+CHmZqZZ1xZ05lXSTbQTgp9jeXJb0d0tyXIowPL6+uNu/v9kcDE0lsT5G1tA/sQa4rlDE1pR95e08z4RwsAKlD8dvdIpbg3X2TWnVIGk1LfWBcz4kAUbVmD0vESWfjoO7u488UvlBXzsokEOhEzmcQKBgdhwmPACO9AOcv04sEoNrsQwa36km2WHrjFBLfQTLccrnKrIFhoRJzgu7rG73+AW+DH37A= X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1138; 20:12/7ORULfzesxHWw80CMc25wh7KfLwbn75B8XMkcEB9Jai9vGKGM8oo9JtzFmcCtY9oBI//7p6Ypr4RkrvM7S8N7MheEmAPwjrwZ4fwCFDk/rUONVswk3f2srLk853w0T7mR1rOstkm79ieIyZqlaKx1cjR/hAgnOOHe/IUR5A/80y8DXaXnxd1ZIT6hYeghgfyiRSmVVoclfDI33BsV74lQV6FXyQveVVr6/93hGbkLJkYweAcgd4Y+AZG4xli5PqOvYO4q4k39roYv7dInf1LvKlVo59uvNogh77pmIHZWucta85B5VO3edmQNMd0v/zqb5m6otSLH8EQEqm8iUrgzlNIGCbxFbyh3wjvftPemNXi7c9zy2QNFkAUT1Nknjjbkp7WVTkxm+yQmazFnIk86Q5yTNAhIR8MByUdVhEsTUD+Fwfa3yTlr9yWjX0SloZdfQ/Ty22N9QzFSE1aplYydoyKUsWZ3Rk0Wrug1Eqf3pkngangoJTHiHmKUNMgo X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(125551606395959)(133145235818549)(236129657087228)(767451399110)(148574349560750)(167848164394848); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(3002001)(100000703101)(100105400095)(10201501046)(93006095)(93001095)(6055026)(6041248)(20161123555025)(20161123562025)(20161123564025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BN6PR12MB1138; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BN6PR12MB1138; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjZQUjEyTUIxMTM4OzQ6dXhLcm5hK3lmWXZQZXhDSDVINWQwZFRHWGIv?= =?utf-8?B?R04zVDNtaHQ4V1E5WVYwWFVMUXIzc1B3ZHppdEp3a3BITVVIck5RYTVpblVx?= =?utf-8?B?TWd4TXFOaThGeXh5QWhFQ1dyNTZ5cURTRC9PRVk0MWtUaW1wYlBpOHI2cjZZ?= =?utf-8?B?aU1FbDZ6R0NBeHR1c1R2RU1DYlpxejAzSnQxYjhvVUJLUmFyVEZ6NHRXWVFu?= =?utf-8?B?aHZhQXpKaUgxb1lWN1hEMFZMbVBVMWwvRC9OLzRza3BoVHRyRnBrQmJjODJU?= =?utf-8?B?MnpCTDlwZTJFS0owZjNHdTAyZ3VkckRCVFhzcWFheWxKZm94eVgyeUhlRFg1?= =?utf-8?B?d1h5U0dYMDNKZWk3UDQwaXNkS2M3bHlvYjgwdHNlRXRvZnRKclJwK2FHMTZ0?= =?utf-8?B?QktmcHNjNi81anlLWGMySXBENXQvWUlmZHdzY05RSjBpZmkxdUlvSVdML0FN?= =?utf-8?B?cVl5QVRodHZYcU5TeFo5ZlF0ZnVKazZrNmFVWVlod3ZUM1dVam5DeGVTbkJT?= =?utf-8?B?aE5uakpaaVVYdGFFUHJDYVNQNHFQL2p6UnYrUForTC96UWNTdERnN0JCY3Bm?= =?utf-8?B?QzZab0FUOFpmOTVWK0hsUnpGMlNNRmpSV3FhanVyVnEvcURDemh1QmNCTkpT?= =?utf-8?B?S3BOZXVmMUxsWjluclF5R0N5bDF4ajJ2aWRWQVhibnNOWk95V0ZpdzViSS91?= =?utf-8?B?a0tlVUV1L0p3OTBFdXZOTHY4MlVjQ0tyTnJOaFQ1YlgreVlpWVhpclFPVTRX?= =?utf-8?B?eENDditReXJKU1VRL1N6czBEQ0NvaDMvQjJKQ0xYdVV1alZZSUVwaHlubmVZ?= =?utf-8?B?QXQ5Mzk5ZEtFM0FOSXM1MEhzU2ZoWER4dE9XVmtVWWtBTk9NbTNQbk03V2Nq?= =?utf-8?B?WmpJYlN3WGZyVnBuY3BsUWV1SEQzbkM1R1FZQWlIa2p6dUwzU1l3Rjl4dVhz?= =?utf-8?B?b1pXbWFVcFhzT2hWU3Z0WUptb2VvUTVBK1grOHh5ekZpaFhoUStrUTJMQXE3?= =?utf-8?B?MllMdjMza2JtcXZtRElLMk5FLy9uUzRWU0FmS05lVVBnM09Fb21QYVhLZ3JC?= =?utf-8?B?aVhaR0VNd3JKRzZhSXZ6QzRGZFZDL2VMR1ZVWDdMZU9HV3lEM1ZtL2d5Qkln?= =?utf-8?B?Ni94ZmkvQUwyUXc5NkF4cmxBdGhlLzFyUy9NSWN0YmU4djhYaWhXWkh4dU5w?= =?utf-8?B?OHl0UEpibm5VK1pyT3ZveEZaaUZNSGFXS2FYSXdDK2xvKy9oQjBRK04rSWVt?= =?utf-8?B?Zm5FenB0UEJ0VTRyN1JnendVeXc0RTNIdlhmWWM2QkFCcWNKZEUvYUZmNzlu?= =?utf-8?B?S3VRclI1TDFXU2hISDF4S1lhamJKTDNleldTVDFXVnpXdWJPWFNKZDZWOGVS?= =?utf-8?B?M1JYQXk1cUFDK2diSEM2K3FRdnZFRUY5RmxGejdhbktSb09lOTVBN3p3RTZt?= =?utf-8?B?bnNucFNycnNkMVdjUkF2MlF5ZkJ6bEdaZ3RVOWVNT2dBRnVJZFp4ODVXYjBM?= =?utf-8?B?MnFKVDYyOGxFdkh2UE1GT09BUnR3SklBZzNMQ05zQjZ6S1lzYm9aU3ZnMm1R?= =?utf-8?B?d2szeG5Hdm02cW1LM283UUVod0ljY3JVYUxBTlBTVzhyczl3OTBCR3RiOHMx?= =?utf-8?B?c1JobFo2Tzl1L3h2QjZKV0p2QlFSZXFwZEI1NWdZUVhpWDVXbEZGTWlWSEZs?= =?utf-8?B?RmluaktVN1d1K0pxa1FZdEZJMm5zNlp0ZUpPejNTVFBoSGZIZXVsSWFLOS9u?= =?utf-8?B?UTYvVHBUTGE0b2UyODB0K2VIeXQ2eUdmOGMvS1FKS1lZd0N3ajdJMC9UeDdz?= =?utf-8?B?NzViZ0hqblJiMURpWStWNlhTaG1jQ3FkcTNoenNJNFRIVThFdnhQZTk4NXA3?= =?utf-8?Q?FLl5rOJtf0=3D?= X-Forefront-PRVS: 0351D213B3 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6009001)(39850400002)(39400400002)(39410400002)(39860400002)(39450400003)(39840400002)(189998001)(47776003)(66066001)(53936002)(33646002)(50466002)(42186005)(110136004)(103116003)(38730400002)(53416004)(1076002)(478600001)(54906002)(6116002)(3846002)(7736002)(6506006)(72206003)(9686003)(55016002)(4326008)(25786009)(305945005)(230700001)(5660300001)(81166006)(7416002)(7406005)(2906002)(2950100002)(54356999)(6666003)(23676002)(50986999)(4001350100001)(76176999)(83506001)(8676002)(97746001)(86362001)(921003)(1121003); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR12MB1138; H:tlendack-t1.amdoffice.net; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjZQUjEyTUIxMTM4OzIzOkNFSUV0VFJpb25qVFhkYUNQUlRRT1Arb1RQ?= =?utf-8?B?MFVRQmJpUDBTaGF2Um5KcGtHcmJtMVo5ckpDcmxKQU1sNmxJdldNcjR4dUps?= =?utf-8?B?SEl4cFVuUVg2SmhUWnZXY0VveThCRC81NjlBaTNNcEZldWltRkxhSTU3RjF3?= =?utf-8?B?RTBJYzAvemJpNUkvOFRRZGFubWRxUk82ODJGa2wzV1dHL3N1b0dUMEJQeGlJ?= =?utf-8?B?RVpydFdXbE1PMFBLMGtybmVidkNXZG43bXdtYXplSHlueFZGbCtJMmFyRllB?= =?utf-8?B?djVmcnZROEpQdkEwbk5oMERsaTlKaHBTcTBsOHM0SEt4OGpIeGVJR2pWc3Bl?= =?utf-8?B?VjVQRW90dFBTeTBzT0l1M00wckU1WE5HM21Xd2F1L3UxaUtsUndPQTFja3Nh?= =?utf-8?B?VFVVZ3BQZy9vYjN4ODZpQjRzYVEzaGtqamFPLzBLZjU4Tk43VHFYWCtWdXZn?= =?utf-8?B?OGFERTNVcHRKcjJxTFB5VlE3VU80WGFsdEp1dmF6VWEvaTNMMGJQSFArWnRF?= =?utf-8?B?SWN6VVA5RDUrS3RsdEpEcEpzTFFRSXQwVndYZy95bFhCbXpLUzBXTnJ3Q3NF?= =?utf-8?B?L2RSZzhrckdnVlZVVmxaQ244K0twVnBlMVJyZy9WOWJYRUhlUnpYcnE5N3RV?= =?utf-8?B?M3dGZEZ0Y05GQmpsRmZiQjNTYkhZMk9pb3FwOWdNRTUzQnVkdUl5eDA4allx?= =?utf-8?B?NlZodlRtSnYrU0RXMndsY2VZd1d5WGhOekMrdzhGUkZXUUZjME5FQ2p6OWtE?= =?utf-8?B?WnVLNFh1Z3d0UVpuR0ZubEpJcGdKaUxPMnN2VzNKZHJxak83Y3k4eXU3bWVW?= =?utf-8?B?aFZiQ3RMMUZnOWdnN2R6ZVkwTTlvY2ZDeGFvSVd5V2N1eXdKVUV3M3U2Y25J?= =?utf-8?B?OWNHMHFyYXhhT21TbGpLT0JZRDNmZ25VSTV0UUdjc09tWXFSbktGRkViOTQw?= =?utf-8?B?NHZUU0ZETkdOWXZPMFlMTGtnYURWMkVoU2ZiR3VVK05aNUpoWU8ya3JEek5i?= =?utf-8?B?aFhCakM0eFNSZEoyb24yTTI4bTltTjlwa3M1bWNQRWRBNkQ1TFZOdnRjTWo2?= =?utf-8?B?TUhtblJZVkxGWGMrRlhUbEdvaUgwK1FncHhrWUVuYWVKWnBkOWtCdEEySSsy?= =?utf-8?B?cVo1bks5MVJDNDNuR0VPWnhuWmN3dC82ZmpJSFFVU01ZV3NaQnFDajM1Y3RT?= =?utf-8?B?QWZ5U2JkTVZWN0FPMGFFNU9jVlZPVHlLbkJRQlQ3NExueEtsYmlnM0NISEIy?= =?utf-8?B?RElWOW1JNzA1UnZGQTdWVDRzQ2hQK256MmxuZ3BiTDBrVWp6cWxTRVViU3pF?= =?utf-8?B?ZGlqSG9TMzJBQUFkbUgvT0padkpVMHNwM1NVOW5KaC9xY3d3RVBNSjNSeHIz?= =?utf-8?B?cWJhVTJtdVI1NGl0L0RyM254c2ZnUWsvRnpZd29RVFFrOWFYYzBEdmVUS2tY?= =?utf-8?B?QW1tUVZyaHJwUlNwS3RKWGNTbVlrd0pxKytZaFNNc0tndHhNeUhlQjJ5ak1i?= =?utf-8?B?U2pwYmdlb0YzeW1iZmZsQ000dm9QbWd2UjF0d3UvUXhGdFR3Uno1b1BXWjRZ?= =?utf-8?B?UFVBM1l4dlRQbENTdHhWMnhmeDRIekY4Q01LSlhYYVEzbXVtUXlZSEk1SUhG?= =?utf-8?B?Z0hpOWVRS2ROQVJoSFZmZHg3NGdZc085ZmJiT0xrVTkvVEpkQjZWalZzendp?= =?utf-8?Q?x0KpL2Yj5dBZ+gFaZo=3D?= X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjZQUjEyTUIxMTM4OzY6clBtRlFKQmpHcjlPU2UvaHJ0TVJYY1M2MlYr?= =?utf-8?B?cDBySk15aktuN0dwbytQQXZQdzNzekFJc3M5Ty9SQktiVit2M0Y5UW5PQXFS?= =?utf-8?B?dHVabDdPZERIbVh1NjhndG00bTNqZWE2aEFXaFdmOGYvem4vU3NMSDFQWk5s?= =?utf-8?B?SEdRRVJWa25ERFFFdTNHazRrOXJoZndIV0ZJaWhjc0xTTHQwY1kzSGNmYnRK?= =?utf-8?B?YjIzZ1YrdGFwZmk4bVUyVVQ3OWV5QTZsNHdOeEM5Uk5iS1FnS1U4d2dwM0dt?= =?utf-8?B?akR3SmRJZjZETFpxb1pCVHVJUlJQbU5jU24weDBwZGZaZnN2ZWwrRXBzM0Zz?= =?utf-8?B?UmRhYmZnL3hySWtoM1BkL1ZOS0xjd0dBNjkwLy9zdW5BN0ZWU09jaCtNKzdQ?= =?utf-8?B?a1A1dkVLSEoxR1JZaldVNVQ5RUcwZk96Nm8rbmR3RStzOUhoWTlQcXB1SG9T?= =?utf-8?B?NW4rNTYvSFhOMWpSb0xOU0hNUndSczJ2b3FpaGQzdkErYWhLQTQwZFl5OFBG?= =?utf-8?B?VTlua0VUSThPdmRpcWdnUjVGUk9wK2h6bnNqTWkvWjRkQWVNNGIwZ2RGcEIv?= =?utf-8?B?OFIrV2Npamk3YUMxclh5VGI5bUxLL2NwMysxMGxoYlNxY1RQaGRIeEkwZG1r?= =?utf-8?B?a2JkV1RNZUo0bkkxSTAxY3ZFajhhZ2RvTzF3anREL3p5ck5HSzFZM2lUMGtr?= =?utf-8?B?MkU0YWhvazZpd3RrT0R0WWtNRmhMTk1pY25HSnMwbTJkTUM2QzV3N2F6K01z?= =?utf-8?B?c1ZZR0tOYTFJMGJUS2lFYmJKN0lyT0tjd291dlM1c3hVUXpYR0c0ajlYd1My?= =?utf-8?B?KzRpZUplOC82YUM4RVdSRVZyOHZWUE5NaWxwaVRFTVBQUU9BR0d1SWVaWEdX?= =?utf-8?B?MFhDUkYyVnZBcFgvbjRZMXdzekhEOGpoZmVVVEZlempleFlnb2JMV0dnOWVW?= =?utf-8?B?cGN0YSs0bG9NbjZnU0x6d3dwQk42T0lDZXdHU25BZGdrSnQxZW04UnVVUnls?= =?utf-8?B?aUpZSk03US9Jc0t2VWdmUXQvT3ZaUldMbUJUL1FUSjRNSnd0a3NDOGJoUjRF?= =?utf-8?B?MDBBaWFQd3NyMkNQZTZLdmlsdFU0TS8rOGIvVXl0OHNWWGsyS0crR3l6T0RI?= =?utf-8?B?L0ZDOGwveFFCQ2hkNldVTGcrZFBtd1FWVURRbkpGVzYxUlprUkJqWVVRWVpn?= =?utf-8?B?eU1rZW1RSnl6YzhaM1Vlbms5Mm5OMjV0dnVOTk1kbjFNQk1WempsZUNvODV2?= =?utf-8?B?d1lmQU1mblZoN01Qd2swcEVzSlJ2NXBtMXhxWnpuVlNQOG1PcDZUaktuQUtF?= =?utf-8?B?bTRDL096VzVGWHJ3SWZrNXpXQzZwMVhSZkxQZUtnTVc2OGEwdUNTa2JyZE5W?= =?utf-8?Q?daIfs29?= X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1138; 5:ueXpe0ASOCsrZFJA91fJM4EHJcxxgboabdiD8798Ny1cJ2VWJjgBqK2v1AsNM06B2zv1bs3BmCNlhQKJK0AjINVJ9orYkX3Butfcqr3wCFEvIKKsv9U4TApVotlysZdV99yoJLAvNf0LK6TP223l7NxsGM/nbj4lfYsEfaEpn0mCLjh0zYDOcfeXud/R8DhT7QjGysinOjOtHZWFpri6Lu1L51FKOBOmlOOvcw5EsXsl8TQDg4TehD6X9rdx6CLeCHI3iFjwdQuWOl+x5Wg94gjv07uTYKsy2LmA2lm+qZaZTs8CJE52h7ykBMQS0jRb6bfoWc9WGx5Dcr3MlxJlM4o2G1JZyfciOxThVKFzB47sCpKl/6S4Wo6Me4trMe9kdt6tRooUyv11WMNgbapIHa9t+eprRKwkWGYKvMPoVc4r2DR0jG2udvDtM6M/PoReD8vwQlBX4YoD3QivN1xACk2aTDOl2GkarxntLaSWdChZLYZhnvwI8SYHSm1qwp2x; 24:kjrNaZlk8MPTJ45gzqCSYu7nPBiqXN7FKRNXUWTAkA+OLmZ5WNP/cH+Bw/ERES8KZfW1XOLd402iC4P1FcBgCP7dGs/QGcu2jsbeisMhe4o= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1138; 7:0uMf+ca5BagX4UjrEWul+7mq67J/+bB/HYvV/XLPiUuq9eowso3mSonbLjxj4rVrnm/q3XvkDdgRcFynHHp1ErybIKC8vl4VIfZjuwMhUxZg6/pBmGgF16va5h0OrStOAqNMSe4C6ceOLAWbl7w3eCJrcre0h/P3zXi+kUtjtZJvI3tX7NFeWRkBNKgdZveCwE+pXHBLiT13L/q7rqiWZDVOr16laA+wKRUKt3yREfMqMhk1k13GhvOKE06YEoRR7Xi0rhYO7+QMzvbdZRtXuF8pFhUf9gMBaP6GxohNIiU04cofLlVTDXbjvL8PSshvXC4nE3OhqZoCQsRdy9Cs3wEyjwV+MkkE51kc2JrZTWq+mDlfGEvDG7YVr+h7frQxP1FqbgQajYKeFj/bEY92EmT8jFqLpr/kK/BuXG5mr0jeh0e/G3+JpTFCOLUJYmT2fUIaluVCTgBjjlS7BFH5o5FiOhatjCSVmXOBMSktSEwszV8ejEhPoOmWdiHjLgHBKQYCi9pyAsp2fxsjglochMu2rl/I7S7vDfKd4zDyIzch5KwU4brac44xwcVF0Zor6WtWTpvRqI3d5CRuzxG++XgS/kndCrjCgLQseA5AFaeKMSFZ7Yn7xxwhxiUjahoP/9qJq2J2m2dWkvtUEMFK9He7XoQ0UGiB5Sq0GtyFj2m9FTF+UkUQHp6EEGYkI0CcbNfN26yTFdKP83MrTHpr8hiQ0nNTCZvzzlN96Oe5pc8JgnBxrZxCJd1gDY+he8pNnZoy+blFeIRhP5aRsyIJ3KLBXTin5G96JnmbMzafv7o= X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1138; 20:rtgHVqlM1QVMKopgRWBfPm+IQv0KqTQjCP59K2+s7sgOeSeL52veAVuv/jcQ+75ejVcynSl1hu3eMkTTxw2Yccahu32QoyTcHTatLQkapE7BgXmX3thQ+X5Ed3Tuxd0GElanBr2bxyQ8F2cPWQ+8fzHmSJNviLk9iuJ3OGMZ0SVkIUIjGdMlj/0AK4/5q3/NY8A+ix1Sp6o2N1OKj4DqnRLKiK6ORbQ9gOe4d36WSs8NtoRB4SrA0Od3djcC2LGX X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jun 2017 15:13:07.7690 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR12MB1138 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Update the KVM support to work with SME. The VMCB has a number of fields where physical addresses are used and these addresses must contain the memory encryption mask in order to properly access the encrypted memory. Also, use the memory encryption mask when creating and using the nested page tables. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kvm/mmu.c | 12 ++++++++---- arch/x86/kvm/mmu.h | 2 +- arch/x86/kvm/svm.c | 35 ++++++++++++++++++----------------- arch/x86/kvm/vmx.c | 3 ++- arch/x86/kvm/x86.c | 3 ++- 6 files changed, 32 insertions(+), 25 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 695605e..6d1267f 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1069,7 +1069,7 @@ struct kvm_arch_async_pf { void kvm_mmu_uninit_vm(struct kvm *kvm); void kvm_mmu_set_mask_ptes(u64 user_mask, u64 accessed_mask, u64 dirty_mask, u64 nx_mask, u64 x_mask, u64 p_mask, - u64 acc_track_mask); + u64 acc_track_mask, u64 me_mask); void kvm_mmu_reset_context(struct kvm_vcpu *vcpu); void kvm_mmu_slot_remove_write_access(struct kvm *kvm, diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index cb82259..e85888c 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -107,7 +107,7 @@ enum { (((address) >> PT32_LEVEL_SHIFT(level)) & ((1 << PT32_LEVEL_BITS) - 1)) -#define PT64_BASE_ADDR_MASK (((1ULL << 52) - 1) & ~(u64)(PAGE_SIZE-1)) +#define PT64_BASE_ADDR_MASK __sme_clr((((1ULL << 52) - 1) & ~(u64)(PAGE_SIZE-1))) #define PT64_DIR_BASE_ADDR_MASK \ (PT64_BASE_ADDR_MASK & ~((1ULL << (PAGE_SHIFT + PT64_LEVEL_BITS)) - 1)) #define PT64_LVL_ADDR_MASK(level) \ @@ -125,7 +125,7 @@ enum { * PT32_LEVEL_BITS))) - 1)) #define PT64_PERM_MASK (PT_PRESENT_MASK | PT_WRITABLE_MASK | shadow_user_mask \ - | shadow_x_mask | shadow_nx_mask) + | shadow_x_mask | shadow_nx_mask | shadow_me_mask) #define ACC_EXEC_MASK 1 #define ACC_WRITE_MASK PT_WRITABLE_MASK @@ -184,6 +184,7 @@ struct kvm_shadow_walk_iterator { static u64 __read_mostly shadow_dirty_mask; static u64 __read_mostly shadow_mmio_mask; static u64 __read_mostly shadow_present_mask; +static u64 __read_mostly shadow_me_mask; /* * The mask/value to distinguish a PTE that has been marked not-present for @@ -317,7 +318,7 @@ static bool check_mmio_spte(struct kvm_vcpu *vcpu, u64 spte) void kvm_mmu_set_mask_ptes(u64 user_mask, u64 accessed_mask, u64 dirty_mask, u64 nx_mask, u64 x_mask, u64 p_mask, - u64 acc_track_mask) + u64 acc_track_mask, u64 me_mask) { if (acc_track_mask != 0) acc_track_mask |= SPTE_SPECIAL_MASK; @@ -330,6 +331,7 @@ void kvm_mmu_set_mask_ptes(u64 user_mask, u64 accessed_mask, shadow_present_mask = p_mask; shadow_acc_track_mask = acc_track_mask; WARN_ON(shadow_accessed_mask != 0 && shadow_acc_track_mask != 0); + shadow_me_mask = me_mask; } EXPORT_SYMBOL_GPL(kvm_mmu_set_mask_ptes); @@ -2398,7 +2400,8 @@ static void link_shadow_page(struct kvm_vcpu *vcpu, u64 *sptep, BUILD_BUG_ON(VMX_EPT_WRITABLE_MASK != PT_WRITABLE_MASK); spte = __pa(sp->spt) | shadow_present_mask | PT_WRITABLE_MASK | - shadow_user_mask | shadow_x_mask | shadow_accessed_mask; + shadow_user_mask | shadow_x_mask | shadow_accessed_mask | + shadow_me_mask; mmu_spte_set(sptep, spte); @@ -2700,6 +2703,7 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep, pte_access &= ~ACC_WRITE_MASK; spte |= (u64)pfn << PAGE_SHIFT; + spte |= shadow_me_mask; if (pte_access & ACC_WRITE_MASK) { diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index 330bf3a..08b779d 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -48,7 +48,7 @@ static inline u64 rsvd_bits(int s, int e) { - return ((1ULL << (e - s + 1)) - 1) << s; + return __sme_clr(((1ULL << (e - s + 1)) - 1) << s); } void kvm_mmu_set_mmio_spte_mask(u64 mmio_mask); diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index ba9891a..d2e9fca 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -1138,9 +1138,9 @@ static void avic_init_vmcb(struct vcpu_svm *svm) { struct vmcb *vmcb = svm->vmcb; struct kvm_arch *vm_data = &svm->vcpu.kvm->arch; - phys_addr_t bpa = page_to_phys(svm->avic_backing_page); - phys_addr_t lpa = page_to_phys(vm_data->avic_logical_id_table_page); - phys_addr_t ppa = page_to_phys(vm_data->avic_physical_id_table_page); + phys_addr_t bpa = __sme_set(page_to_phys(svm->avic_backing_page)); + phys_addr_t lpa = __sme_set(page_to_phys(vm_data->avic_logical_id_table_page)); + phys_addr_t ppa = __sme_set(page_to_phys(vm_data->avic_physical_id_table_page)); vmcb->control.avic_backing_page = bpa & AVIC_HPA_MASK; vmcb->control.avic_logical_id = lpa & AVIC_HPA_MASK; @@ -1203,8 +1203,8 @@ static void init_vmcb(struct vcpu_svm *svm) set_intercept(svm, INTERCEPT_MWAIT); } - control->iopm_base_pa = iopm_base; - control->msrpm_base_pa = __pa(svm->msrpm); + control->iopm_base_pa = __sme_set(iopm_base); + control->msrpm_base_pa = __sme_set(__pa(svm->msrpm)); control->int_ctl = V_INTR_MASKING_MASK; init_seg(&save->es); @@ -1338,9 +1338,9 @@ static int avic_init_backing_page(struct kvm_vcpu *vcpu) return -EINVAL; new_entry = READ_ONCE(*entry); - new_entry = (page_to_phys(svm->avic_backing_page) & - AVIC_PHYSICAL_ID_ENTRY_BACKING_PAGE_MASK) | - AVIC_PHYSICAL_ID_ENTRY_VALID_MASK; + new_entry = __sme_set((page_to_phys(svm->avic_backing_page) & + AVIC_PHYSICAL_ID_ENTRY_BACKING_PAGE_MASK) | + AVIC_PHYSICAL_ID_ENTRY_VALID_MASK); WRITE_ONCE(*entry, new_entry); svm->avic_physical_id_cache = entry; @@ -1608,7 +1608,7 @@ static struct kvm_vcpu *svm_create_vcpu(struct kvm *kvm, unsigned int id) svm->vmcb = page_address(page); clear_page(svm->vmcb); - svm->vmcb_pa = page_to_pfn(page) << PAGE_SHIFT; + svm->vmcb_pa = __sme_set(page_to_pfn(page) << PAGE_SHIFT); svm->asid_generation = 0; init_vmcb(svm); @@ -1636,7 +1636,7 @@ static void svm_free_vcpu(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); - __free_page(pfn_to_page(svm->vmcb_pa >> PAGE_SHIFT)); + __free_page(pfn_to_page(__sme_clr(svm->vmcb_pa) >> PAGE_SHIFT)); __free_pages(virt_to_page(svm->msrpm), MSRPM_ALLOC_ORDER); __free_page(virt_to_page(svm->nested.hsave)); __free_pages(virt_to_page(svm->nested.msrpm), MSRPM_ALLOC_ORDER); @@ -2303,7 +2303,7 @@ static u64 nested_svm_get_tdp_pdptr(struct kvm_vcpu *vcpu, int index) u64 pdpte; int ret; - ret = kvm_vcpu_read_guest_page(vcpu, gpa_to_gfn(cr3), &pdpte, + ret = kvm_vcpu_read_guest_page(vcpu, gpa_to_gfn(__sme_clr(cr3)), &pdpte, offset_in_page(cr3) + index * 8, 8); if (ret) return 0; @@ -2315,7 +2315,7 @@ static void nested_svm_set_tdp_cr3(struct kvm_vcpu *vcpu, { struct vcpu_svm *svm = to_svm(vcpu); - svm->vmcb->control.nested_cr3 = root; + svm->vmcb->control.nested_cr3 = __sme_set(root); mark_dirty(svm->vmcb, VMCB_NPT); svm_flush_tlb(vcpu); } @@ -2803,7 +2803,7 @@ static bool nested_svm_vmrun_msrpm(struct vcpu_svm *svm) svm->nested.msrpm[p] = svm->msrpm[p] | value; } - svm->vmcb->control.msrpm_base_pa = __pa(svm->nested.msrpm); + svm->vmcb->control.msrpm_base_pa = __sme_set(__pa(svm->nested.msrpm)); return true; } @@ -4435,7 +4435,7 @@ static int svm_ir_list_add(struct vcpu_svm *svm, struct amd_iommu_pi_data *pi) pr_debug("SVM: %s: use GA mode for irq %u\n", __func__, irq.vector); *svm = to_svm(vcpu); - vcpu_info->pi_desc_addr = page_to_phys((*svm)->avic_backing_page); + vcpu_info->pi_desc_addr = __sme_set(page_to_phys((*svm)->avic_backing_page)); vcpu_info->vector = irq.vector; return 0; @@ -4486,7 +4486,8 @@ static int svm_update_pi_irte(struct kvm *kvm, unsigned int host_irq, struct amd_iommu_pi_data pi; /* Try to enable guest_mode in IRTE */ - pi.base = page_to_phys(svm->avic_backing_page) & AVIC_HPA_MASK; + pi.base = __sme_set(page_to_phys(svm->avic_backing_page) & + AVIC_HPA_MASK); pi.ga_tag = AVIC_GATAG(kvm->arch.avic_vm_id, svm->vcpu.vcpu_id); pi.is_guest_mode = true; @@ -4911,7 +4912,7 @@ static void svm_set_cr3(struct kvm_vcpu *vcpu, unsigned long root) { struct vcpu_svm *svm = to_svm(vcpu); - svm->vmcb->save.cr3 = root; + svm->vmcb->save.cr3 = __sme_set(root); mark_dirty(svm->vmcb, VMCB_CR); svm_flush_tlb(vcpu); } @@ -4920,7 +4921,7 @@ static void set_tdp_cr3(struct kvm_vcpu *vcpu, unsigned long root) { struct vcpu_svm *svm = to_svm(vcpu); - svm->vmcb->control.nested_cr3 = root; + svm->vmcb->control.nested_cr3 = __sme_set(root); mark_dirty(svm->vmcb, VMCB_NPT); /* Also sync guest cr3 here in case we live migrate */ diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 7dd53fb..53098cd 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -6452,7 +6452,8 @@ void vmx_enable_tdp(void) enable_ept_ad_bits ? VMX_EPT_DIRTY_BIT : 0ull, 0ull, VMX_EPT_EXECUTABLE_MASK, cpu_has_vmx_ept_execute_only() ? 0ull : VMX_EPT_READABLE_MASK, - enable_ept_ad_bits ? 0ull : VMX_EPT_RWX_MASK); + enable_ept_ad_bits ? 0ull : VMX_EPT_RWX_MASK, + 0ull); ept_set_mmio_spte_mask(); kvm_enable_tdp(); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 87d3cb9..559f710 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -54,6 +54,7 @@ #include #include #include +#include #include @@ -6095,7 +6096,7 @@ int kvm_arch_init(void *opaque) kvm_mmu_set_mask_ptes(PT_USER_MASK, PT_ACCESSED_MASK, PT_DIRTY_MASK, PT64_NX_MASK, 0, - PT_PRESENT_MASK, 0); + PT_PRESENT_MASK, 0, sme_me_mask); kvm_timer_init(); perf_register_guest_info_callbacks(&kvm_guest_cbs);