From patchwork Tue Sep 19 20:46:13 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 9960269 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 5A31F6038F for ; Tue, 19 Sep 2017 20:53:41 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4F34728E8E for ; Tue, 19 Sep 2017 20:53:41 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 436A828EDA; Tue, 19 Sep 2017 20:53:41 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 352D928E8E for ; Tue, 19 Sep 2017 20:53:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751966AbdISUxZ (ORCPT ); Tue, 19 Sep 2017 16:53:25 -0400 Received: from mail-by2nam01on0056.outbound.protection.outlook.com ([104.47.34.56]:55572 "EHLO NAM01-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751858AbdISUrM (ORCPT ); Tue, 19 Sep 2017 16:47:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=tnwnPFfDWPRKyyWEwzpzs6TT2ZFJHHxKg/UgsAkFRIM=; b=kFAFc82WmLQjXuRe4NQ1JBuhNIY0SIl7Gv1B1WdcPjBy98DmlA9ll0vSs7FMkRvFUcETF1LNIvrTt/P2vSW4+lVTUSeh/ihD2pWLFvISJxIKxAIvI1rcOVXscfmLT05LnlExmPFyZldIouZm5oRCi5A3pc9g376UaSscjZHPewo= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from ubuntu-010236106000.amd.com (165.204.78.1) by SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.56.11; Tue, 19 Sep 2017 20:47:03 +0000 From: Brijesh Singh To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: Brijesh Singh , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Joerg Roedel , Borislav Petkov , Tom Lendacky , x86@kernel.org Subject: [Part2 PATCH v4 15/29] KVM: SVM: VMRUN should use assosiated ASID when SEV is enabled Date: Tue, 19 Sep 2017 15:46:13 -0500 Message-Id: <20170919204627.3875-16-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20170919204627.3875-1-brijesh.singh@amd.com> References: <20170919204627.3875-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: CY4PR04CA0071.namprd04.prod.outlook.com (10.171.243.164) To SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 5a7618bf-098f-4904-a6c7-08d4ff9f9585 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(48565401081)(300000503095)(300135400095)(2017052603199)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:SN1PR12MB0158; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 3:O6jzeyuDgHWWHxKpNJKdAX375uoaLEHR80rcTc1W40xo9/Vcv4GPzruq22HxZ0WbRRNFUGDorlvjdDisyceA2iJXEnmjZ4ZGz7oUHFczA2J2un4NdQDItz6UIEto70SCQ1gDjJGIagOHQMYOAkxIn7wKkeg5GGqvkLMQpbJ0pAojo19c065U+CNIjXYph9tn3ecApW/BPi7Ta/o89RSg6yK5nGFSQ30OP0LcLiclPPGx2QMVg87ZpTnzM9PCfOLj; 25:m7k+oyQD6uw6x+rJrNjpC8DGq+dCDzuC8cReB3uthhiKzfwH5+CAWIYe31dtspaEbCVALlok4yyDGFP2JMfKg2jyQecfdE+guFydSiZpRNC4Yxb+IcIZAwmdf5FTwg0BPOplQllrgdOIoBUp+Vqh38aYD6ZeBaZUqKJPZ6Pxo+XjKFift4ncZpdgN6OK1oz5jxWZo5Oi8JYojDltBL6WBvryqvosZixD8UcH1aORUGHMLipz65E56XXiAVuCvuYjnbJz9CCEdi6MdoOQnFKibpj590NDj9MUjPjLSeddAObqSG1MBa+QjVfuQv7x4s5/kwNbMK+E65hJtVkkrdM2ow==; 31:3SDpbK+mRIrxGkV00eU3SItm1LcYscqHbiJpYXtST7ckooft2O/XQ8JfJAgUSNc/IYCj4ef/8ffKMvWCa6d4t223sRJEcpLc6k2kut8x3prnIDZMrrNygsCdz9Yn+R2cRYWotSaOLldi2Q1WoimZeDaV5ULvBBSvORfDCgM6zt0C7aYWld1GJWFAH/x5bsisjpenuAkQsZVyDFdC7VOTFBM0kwhD507xGAbHpEUeoms= X-MS-TrafficTypeDiagnostic: SN1PR12MB0158: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:lCvQjS5XLA0d244SLBeonMsPNY8jKWJnFDmCiUtLYrYBBmZJVqfwBo+ezYuCmmT/yTYA8PBKEKjh7Ferk4EljW4sxKuYx0SUbaer9Xg/3UkQYj2Fe7k0bhj6jTSAJ1iS1pB5sSvjU/FAqqlicnShYw0RzGrE0esJtY6Z/+BaW2xFUGZszTFCChdvAVA464QhIyHPHYFa/plsUhvL3E0Qm4JUSvgpXkdCLhEnc+0t2HGaE7AcuW19VN3UeuER7GqXD67W2LH+WpM23rfmmUufsjBRpUCcMKpXmWi4RQ68bYCR4hulXDbzK+rfRK0ts5LijlttjBogkct+KuReEL5wNVMAotfUIcLyAlVniVK65FBfWCvtX+qNAwvziy5FzTyjF/L2mQ1nkX8qbQ5nQ1kTZ2vTRgyF+7xb7bAvb64oLDWcmZ0nIKY9OXfyXQPW9u9WbrGXU7AIedkOIaqYI8FyTM6dpI/x5r38XcjIhgXgQ7zHU2kvs4EQIwNnG9BrlAB2; 4:wxLfUh1wLScLpHOaJNDakeSG2vFcz0RF3QbcFHlVfPJba7/tiJF1RYVjouMuH7Q0ptqo93ArnB9aqzXCMXTIXfBoeL36tFqyRAeCdUPfZUb2gI3TLHfDJ6ZgGAMU1w8KtNOj98NRN9CqzM6nnF7Dt2ZFfqzRr2867HPPmMe+few+qP7KqZss+MOVllg1nYZqEtvwYSV0/FAUM3wr/vffRyELtpWqfWlCUfmbQKuznwTjmDRRx6RTECw7kC/oKqZ6HKOlIcMQw0lEYJhbGbCo+pw3afb+Eh+Y4Ysz/FSDNjUPNM/rnyeol2thYpGUXJim X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(100000703101)(100105400095)(3002001)(10201501046)(6055026)(6041248)(20161123560025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123562025)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:SN1PR12MB0158; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:SN1PR12MB0158; X-Forefront-PRVS: 04359FAD81 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(39860400002)(199003)(189002)(86362001)(50466002)(8936002)(97736004)(6116002)(3846002)(7416002)(81156014)(8676002)(50226002)(2950100002)(81166006)(316002)(478600001)(16526017)(6666003)(7736002)(66066001)(305945005)(47776003)(6486002)(189998001)(53416004)(25786009)(101416001)(2870700001)(50986999)(76176999)(53936002)(2906002)(68736007)(36756003)(106356001)(1076002)(4326008)(5660300001)(105586002)(33646002)(23676002)(54906003); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0158; H:ubuntu-010236106000.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIwMTU4OzIzOjlYK1JGajQrQkF0TEJuUDU1SDFOWVQ5WmlK?= =?utf-8?B?K0x4YWdzMlIzcWZmYnV5aENuNjVDUFVLaTBXMXdLOVlqdWlRbUI5dmUvS2Fk?= =?utf-8?B?b1FpUkhoZWFjZzJUUFc1WHhyN3pjczBNNjQ0WStlYnE5NHdGOXZ6NEMvUjJi?= =?utf-8?B?SWgyMFNEcy9UU2dWaWxOQitTN1R6YXhlZ0VITk1nZTN6V1FpVTBiN3hZQnZj?= =?utf-8?B?Zmx5emRDWk1CL1lsSnVlQVllVjlPVExPdHJ6eEsyOUFkNWRZcUdxK1NaUnNO?= =?utf-8?B?dVNXNm4zR3RXb21JTGd5dXNMWVhwV1NlNkNOZG9PcG5VWDZsRFB6Zk5DbEQ1?= =?utf-8?B?N3VnZEtpMUE2VmNnY0RpcW5YNHdHclRqb0VlaUdsR0FIV3RKU1Vhc25QMVMr?= =?utf-8?B?LzR3RHN6RXhZdkhkNEVBWlVZRTZtQ3lIUnMvTUovVnAzck5hSHlFSG9kYjVD?= =?utf-8?B?TUpPWGpJVDFzYlBiVld6Z0hDRm1PM2ZUV25qaVI3UCtMUVlPTVhNNEUwaGpl?= =?utf-8?B?Z29DNUpDMHg1SXpZZGxwMFZlR1h3ZEdYQ01zUDFHbU42TGFReHZLdElJbGM1?= =?utf-8?B?MlZ3c2I3RUpDM05LRktXeXBkVUZLeTd6Q01OUUxMWUZadDFadmZIMmc0MDN5?= =?utf-8?B?aWd6SnRTY29nNHIrUW9qdmRHNXVKbWlHeFp3d2ZlZDhqV3ZsckFUWHlLQUZy?= =?utf-8?B?c3NzNW5qSHV5Q0JRQ1hDK2pUcUN2RFFhcHlpQlFvajJSRXFXUjhUY2Q0YnA4?= =?utf-8?B?dWY3ZFhtSFEzWnp5bkxwb05mRThFci9UNmJNalVEc0t5LzhJS2VsZ3c3aEYv?= =?utf-8?B?M3FROXVFZzJsUmQvZUx5SWpEbmhoY1pGWXdRaEpNL1VYZ1dWQ2ZIbkswQmxH?= =?utf-8?B?K2RaU0NMeExHMHJmMGc1b3Bsa1FWc2VGL0YrM3VLREtWZ0RuWXhaM1Zrb3ZO?= =?utf-8?B?WE1rNFR6UjhTR2ZqdUk3bjVKUG5WUHlvMjIyaFNuVnNQMDc1WnpPOEU3cm5I?= =?utf-8?B?Y3hvWmZkd3pjVGQzcDg5dDI3c1Ywb0VmWHVkWG9DOXhVa0JRQkVNVGYrTjE0?= =?utf-8?B?MEEzYUFYanZxZkNMVWJGYm81eXJ3QUN2bk8xSnVIV2hLSHY0YXo2VjNxNE9k?= =?utf-8?B?M0hJMWRLWloxMFhpMEdRWG85bW1xZ1h6ek5hSmNTL0RvdlVVWkIxWTBPL0Nh?= =?utf-8?B?ZXE5NmV0QzFYUUxtTThJdUMxelErZnU0SzJORjF2Q0VBR2NoNlF1WWltbTN5?= =?utf-8?B?YUN3Vk1mS3FVaS8xZUNQT2FMNHBweHJpOHEzSFRzSmIxT0NReE9EV0NpQWpH?= =?utf-8?B?ZXVZTmNrbzlMaWxOVFNVZGQxZlBvVUd2Y0FTUnYrdjJvRElTeVROTTBFR0Iz?= =?utf-8?B?UHN0SFRwY20yQ0hnOHE1UVl1aGJNNjJwUmRFOW16VzlrSVJ0aFdRKzhONU5k?= =?utf-8?Q?8oEnOcvu01LLDGM+wRRObqIYr0g?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 6:a+FnVPxTJ4OBdRk9KdbEYB+1YZT/qa2/07OjEVJ8ArxbJzJ3kJjtMHY7MlZUs8HpNlYkvoOXZAVp0SJA7tZS5AMuLxrSS0H+Z/C344O/U7BoZy/P+tmzDvVDmCn64C4/zomzW9YSYvZDStBqALspZqTYuNiRuKQFC/+zcQMhhOts9Ktt8PWr0ux34B5WxR4zEiPbYW7DFUE69kW599ITVReZaBtqRSFxQ8Pvo6J7Eo3Edy/ktWakjwfq31sKHTPhWaSag/CBEakEpbaRZEJwdJZGR0L2kogYUDzfbTppW+qNqDAgLdhWOkI5NnU0sYp98JIaA+KQVhblMBa2qCqXFA==; 5:Zxj7E5i9JOvEM//q3iBG2bfMi1hSTbYtkOGvph5inInDAFIsRgALTzL9ACEhRhXFBAMp5TsJHmFnzTjjS+3rLKoO/SmHLvb/yAGBSo/Fsujtp0l0BVn/SkkznPI3okwaqtuqIMRBhy+ctfuMqZZdPg==; 24:9wDU9d5HciDt44x8VpgYpVNs0AQA+tGP3+AORwXBU1+ixSJKtBbUHNsl3Be3jvc8CX37MBwdxCqskUjncflKDbfsWQxLA3qzn6grBE99Waw=; 7:TOsgDHRVhpdgpt8JrTuNTU/73NqH714B9XI38cH9z7sDjooPwc/eT4K5iWqeSSHzQmb9U6vpc50cN3j2fyuA6FZ8NDCBzq5nLI4qpzeg/DrVgkP6CTlDWT32VGXLTcV7/M6fui0OlcKAKIYmPXVt2hWS0Kt4/tZOqcBVzmw14TRUEeKljd6T9Wlk2ZiuBksDcFoQSz8W1r5Kpty6K7+aQM3057/5R8uXQ9tuO3h7M5g= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:D3sPwyjXpoY2LGRxaZXC7u9tQ5Ga2bQAQGrf2uP5RxoZ2u/1pYJH1vtvvEX2jo6BarCP516zIemUjH2i0KIup/MFPaHS8sjpQl224JtDbv40Ck309zAE5m0vUx1rPsuvD+hBRsVHVpwX0PkQn7Ux7rXeArnd+sC2BHwIxBAe2wGXWzxGBIdiYGpMa6p56iIiGFVzML88m1w2gkQTqvv75Qf2XLRE9YgXGSRzcVPgHcjly7qLz9m0aSIdXWbKufIm X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Sep 2017 20:47:03.0625 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0158 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP SEV hardware uses ASIDs to associate memory encryption key with the guest VMs. During the guest creation time, SEV VM use SEV_CMD_ACTIVATE command to bind a particular ASID to the guest. Lets make sure that the VMCB is programmed with the bound ASID before a VMRUN. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 56 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 229bb7d09c44..0149bfa75bb2 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -213,6 +213,9 @@ struct vcpu_svm { */ struct list_head ir_list; spinlock_t ir_list_lock; + + /* which host CPU was used for running this vcpu */ + unsigned int last_cpu; }; /* @@ -336,6 +339,13 @@ static inline bool sev_guest(struct kvm *kvm) return sev->active; } +static inline int sev_get_asid(struct kvm *kvm) +{ + struct kvm_sev_info *sev = &kvm->arch.sev_info; + + return sev->asid; +} + static inline void mark_all_dirty(struct vmcb *vmcb) { vmcb->control.clean = 0; @@ -546,6 +556,9 @@ struct svm_cpu_data { struct kvm_ldttss_desc *tss_desc; struct page *save_area; + + /* index = sev_asid, value = vmcb pointer */ + struct vmcb **sev_vmcbs; }; static DEFINE_PER_CPU(struct svm_cpu_data *, svm_data); @@ -859,6 +872,7 @@ static void svm_cpu_uninit(int cpu) return; per_cpu(svm_data, raw_smp_processor_id()) = NULL; + kfree(sd->sev_vmcbs); __free_page(sd->save_area); kfree(sd); } @@ -872,11 +886,18 @@ static int svm_cpu_init(int cpu) if (!sd) return -ENOMEM; sd->cpu = cpu; - sd->save_area = alloc_page(GFP_KERNEL); r = -ENOMEM; + sd->save_area = alloc_page(GFP_KERNEL); if (!sd->save_area) goto err_1; + if (svm_sev_enabled()) { + r = -ENOMEM; + sd->sev_vmcbs = kmalloc((max_sev_asid + 1) * sizeof(void *), GFP_KERNEL); + if (!sd->sev_vmcbs) + goto err_1; + } + per_cpu(svm_data, cpu) = sd; return 0; @@ -1503,7 +1524,8 @@ static void sev_firmware_exit(void) static void sev_asid_free(struct kvm *kvm) { struct kvm_sev_info *sev = &kvm->arch.sev_info; - int pos, asid; + struct svm_cpu_data *sd; + int pos, asid, cpu; if (svm_sev_enabled()) return; @@ -1511,6 +1533,11 @@ static void sev_asid_free(struct kvm *kvm) asid = sev->asid; pos = asid - 1; clear_bit(pos, sev_asid_bitmap); + + for_each_possible_cpu(cpu) { + sd = per_cpu(svm_data, cpu); + sd->sev_vmcbs[pos] = NULL; + } } static void sev_vm_destroy(struct kvm *kvm) @@ -4444,12 +4471,39 @@ static void reload_tss(struct kvm_vcpu *vcpu) load_TR_desc(); } +static void pre_sev_run(struct vcpu_svm *svm, int cpu) +{ + struct svm_cpu_data *sd = per_cpu(svm_data, cpu); + int asid = sev_get_asid(svm->vcpu.kvm); + + /* Assign the asid allocated with this SEV guest */ + svm->vmcb->control.asid = asid; + + /* + * Flush guest TLB: + * + * 1) when different VMCB for the same ASID is to be run on the same host CPU. + * 2) or this VMCB was executed on different host CPU in previous VMRUNs. + */ + if (sd->sev_vmcbs[asid] == svm->vmcb && + svm->last_cpu == cpu) + return; + + svm->last_cpu = cpu; + sd->sev_vmcbs[asid] = svm->vmcb; + svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ASID; + mark_dirty(svm->vmcb, VMCB_ASID); +} + static void pre_svm_run(struct vcpu_svm *svm) { int cpu = raw_smp_processor_id(); struct svm_cpu_data *sd = per_cpu(svm_data, cpu); + if (sev_guest(svm->vcpu.kvm)) + return pre_sev_run(svm, cpu); + /* FIXME: handle wraparound of asid_generation */ if (svm->asid_generation != sd->asid_generation) new_asid(svm, sd);