From patchwork Fri Oct 20 02:34:01 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10018663 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 092CB60234 for ; Fri, 20 Oct 2017 02:39:55 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E5CAB28E87 for ; Fri, 20 Oct 2017 02:39:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DA23D28E8B; Fri, 20 Oct 2017 02:39:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5238A28E87 for ; Fri, 20 Oct 2017 02:39:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752035AbdJTCjk (ORCPT ); Thu, 19 Oct 2017 22:39:40 -0400 Received: from mail-bl2nam02on0071.outbound.protection.outlook.com ([104.47.38.71]:59884 "EHLO NAM02-BL2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752108AbdJTCfg (ORCPT ); Thu, 19 Oct 2017 22:35:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=IMqPOV3z+Ed5f8daEY1rfeDU7HbtU2T/TTy0L7g2aOM=; b=b7uW1KxC9a25bA+8rC2/Sl2x2gI4A63bzZWhxpgZixhYmlIGZaQaYEmMBEqNv7v8aqsa7iPXDoZ4XssC0/TW8ufTQx4y5INxvlVbHnmik/NkOVPHMc7Ao7bog7LCDooYqK0PnUy8ZTPts/G5fjc4mbwK/gNI8lJlbYp0SBfcRnc= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from ubuntu-010236106000.amd.com (165.204.78.1) by SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.156.4; Fri, 20 Oct 2017 02:35:23 +0000 From: Brijesh Singh To: kvm@vger.kernel.org Cc: bp@alien8.de, Brijesh Singh , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Joerg Roedel , Borislav Petkov , Tom Lendacky , x86@kernel.org, linux-kernel@vger.kernel.org Subject: [Part2 PATCH v6 26/38] KVM: SVM: VMRUN should use assosiated ASID when SEV is enabled Date: Thu, 19 Oct 2017 21:34:01 -0500 Message-Id: <20171020023413.122280-27-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171020023413.122280-1-brijesh.singh@amd.com> References: <20171020023413.122280-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: MWHPR1701CA0020.namprd17.prod.outlook.com (10.172.58.30) To SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 56e12938-37d4-480d-7847-08d51763382e X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(4627075)(201703031133081)(201702281549075)(2017052603199); SRVR:SN1PR12MB0157; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 3:lRAXv2BCX1YQVwnyNUBRNXSaEG9qiqbpfujVvoj5yy/raadQnuYd3E5893AUjuO2hyeNYm73xrUOHQg6IPOk1LjSzg/M49T9ZsIlwUQbqCewC8n+wuh1exlEo1q5M1oJrSf4beswHTuUcqi75FwBnWP+d7pX1lTOZ2cHQ3ZH5QvP96J3jDCjOgJzvW5p4TTB6fhQPbjXIMERu1K1GU/VD6ZWyyhShFEqjOohJ/YaFZgTvRqYonC0jRRoHm50awzm; 25:rDUd3QcNDIy+p+wWV+PlH7ZqvyXx5fDMJtMQYGauzSahl93wD/gWMs+6ApEtQ7nRofShTDB5L/dsd6MweU+nDbRHERp9S6m6TaO7P6nH7NEbeD4fnOD+TdcHxcFXGpiezsBrr2SFeANx+Dj3aj1u6L0BJY4nDAHB0mgY5r9eQ27ZGXji+4pwf9QFlSNDy1ZqfEi1F4SN7DUDR0rmGYhw3cpt7PUeFXcSPxkzuIRkkRxpMEmQLEXCmAWMyJy/BL8/YI+uRK44ae6Q+4SD02pEBhcoGx4aCkoRI9cnZGzRyRYw+pJNSuknl0Yz30/k2zgGhVehzB4nJgYLfZ4oQa9Nlw==; 31:N4wOIc2h9eeUpx0XBsRatDgv5OKzi+Ne7PnC/8ytTvHNjLUHg9hPchCb+2AFxT2xPowD5pUDmyubY6AnSZvIHFsXxKdFp/G/YawNE5m/2auFlkW3XAJfrJUSNW63ed4Q8rMr+zEQWuxsJul/rWMlKTMTc2wyjuYHvZwhsBxSwqUHx5Hzy/tjH0tXP2Ma+MWoXVyUwcuD0YrQS0jzubn/ps3h9dCXYlQ19CfH5CF437A= X-MS-TrafficTypeDiagnostic: SN1PR12MB0157: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 20:3JrZozQWcKQckwtJZSujrIWsxu/9E98CsbjUb8x0a/vhlrbaWpBn1vjOOXvWK+dxqwtOiqt8gp2ceE5jv8Rr9TjKg0f9+XF8ZW1vWN/+oNAoS0yhk1KqVZgbzLsVsj3QkPHxQn3x4+T7z1yk/fdYbTuV3v+tcvY0cWyQu6uYCZUz9coom/GMEB/lAEUSPVPM7AF1iNtknZnptlOzWyikp3ulrIltTsNyhwJCik41TBKedNY3iLDUD0TkBd57VDQ3uk6M2VrGXrq760FibPULvyvy6GflJhyGkxvMUmWk/RkxDtMTD6IF/4Su1vzSoO3m6m04XXtLker6d2i8tmNkzuwhBVePETl7njBhEht13NYii3aVLVelGleqKRiI0tdV+MLep1XTWiJKesH8/Ihh4JZGaifEZwmt6UCOVGMTgmr8oPJ8rhmbPrYvR/M1jrAqgyMY5N3Ek+B6nAXQ8kHkeHjA/N8aGAaPDo8Sjtb98bcSZou0zjr7aSzs8ZxoJS34; 4:i3/vW4iQxc0KdYQlqA5XMnZs6YDBnXKyc3+QXQjEHepH2ICaRC1MqYuufBnkOLxFz6OI0rZS6rgVtiMruFCf10/KupGmIxZTRm4hQXaQECT2kgLTT/3t47ikSVH5tJYpTiat6dC5VfaA1MWuDPElzFanHSOyiD6XLF1YjH2oeZERQxh4nXJKy5ZifINufflNLn9qTNyps2EE1nnucAKlFIv26VUDFpn3xhX14hrKXMAauHdmbqct6fmAeYekHak+mm67Nss5Fh9dElYUK4qzH2tH0R3Q+znriVsXykWGboo9pS134tGnxC0xF5X4N+y9 X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3231020)(100000703101)(100105400095)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123555025)(20161123564025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:SN1PR12MB0157; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:SN1PR12MB0157; X-Forefront-PRVS: 0466CA5A45 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(979002)(6009001)(346002)(376002)(39860400002)(199003)(189002)(36756003)(7736002)(68736007)(50466002)(1076002)(478600001)(4326008)(16526018)(316002)(53936002)(6486002)(86362001)(305945005)(53416004)(54906003)(50226002)(2351001)(106356001)(101416001)(81166006)(105586002)(8676002)(2361001)(76176999)(2870700001)(2906002)(50986999)(6916009)(23676002)(66066001)(47776003)(6666003)(97736004)(6116002)(2950100002)(189998001)(8936002)(3846002)(33646002)(81156014)(7416002)(5660300001)(25786009)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0157; H:ubuntu-010236106000.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIwMTU3OzIzOjg0bTU3cHF1SVd4eFdKNFNKVm85Z2c5YzZx?= =?utf-8?B?dVdwcCtjNEtjMk9oUURSYS9XY3liNVBrTGphT2FyY05MQUxMVitqbkxsbFlZ?= =?utf-8?B?WE44SjE5bEhvZHo1ZldrY1ZzYlV3OG40U0FOVGZYMmxLdFBncUMxWGtkV3Jl?= =?utf-8?B?OCtYOUFJMVJZYThsNjdjOW05cVpUNkZUcFVTclMvL2w5ODZ2bXROczluSzY0?= =?utf-8?B?RXJOc01jalUySXE2VXFidXZjTWs1TGROZkU3VXJvWGRETGJxV3Q0SHBDU0Jo?= =?utf-8?B?OE5QbUJONE1lVVBLdmw5a3ptRUV1eDBHNWZTd3psUXVlSHk3OTk0NzhxQ25J?= =?utf-8?B?K0ljeE1MeW9JMjNIM01FdjRmMTFuVXUrUjNxbGllU05yK0xVdy94cGdEUXpq?= =?utf-8?B?UVpTTFNvOFZoeGVacjZabUlNR0dJeVBwMEo4dEZSZEdvRHU5b2lIRjJocGha?= =?utf-8?B?b2JxSCtLc2tLRUdLR1lOMG8yTWticUtZcXFIa1Fpb09yUE1JS1pCQVRzeG02?= =?utf-8?B?N3N2aHZpWnptVWdLbFUzZmlrdVR0aHFRMys0ZnJ5LzRsTUJUR1hmNDhJN2tz?= =?utf-8?B?L3ZmYnUwWStWM2w5cUw3UVpRbmJ1UGZJMnlFbXdTalVvNVJKTkR4OTJveGs4?= =?utf-8?B?dnF2RXNIS09aeEtMSTdZanZINkZ3VjAwSy9DblhyTmtNdDVHT0E3VE1lVysw?= =?utf-8?B?cjVKZTdWOFdlLzRSMXErTnNsTTJpRUZZOXM2UTEyTDdrVDNzY0Jid3JxTk01?= =?utf-8?B?WGZtUEhGZVVhS1dVWGc2L3RHb0VhRFUzUjlXL3BKbnorV2VWZW51d3ZDa2NZ?= =?utf-8?B?RytKeGVVaG1UZGY4cUdSazVEVmppdVNLUnptRnZlSDUvNUR6SEVEdkE4bDJU?= =?utf-8?B?QWdscFBHNk1xQ0o3V3JNS0MrT1VHdE1FTllJUlNoOCtuajdBZit6SVNZNEdG?= =?utf-8?B?ODFjNG8xNFp5RnlRK1R2NDdDY1NEbTcxcWNaV3VMdGZmSzI3UTVXZmtrK3B1?= =?utf-8?B?MVcrWEt4NXdYVHJYZkJ3YjJHNjhCbmR0cmFlWURzTzNKNEZuNStzRkdYQ29l?= =?utf-8?B?alcwMWc2TThiWEJzUGxHN0lYT1NjaHZTOUMwUlMvQUNMYVNYWjJ6Qm8zOEtP?= =?utf-8?B?QzRsMTJmQ2RueWVsVUFXUWhJYldOUGdYVjNLSE9OU1Jha0t1OEVISURzSzU3?= =?utf-8?B?ano1ZjE1L045cmMzWVBoQXMzVmtLcFVwWXhUWEpqQ0krb1c3NVF0TFRFTkRN?= =?utf-8?B?WEE5cGMzMzRFd3Y4RjY0V1ExcG4vbVhSWXUxZjEzdHJqK0FkOURmUWFYUjJt?= =?utf-8?B?dW8vampINUExblVhb2ltSGpGUVVXaVZEcWcvL2I0eVpIVTl2WnBsdXBQQU4y?= =?utf-8?B?R3dxVUJEOFhWZDh4Z2w0SldyMzZVQ2loSkV4VEpXT1NOUU5wYjlMbnVqK3lM?= =?utf-8?B?TGtDbmhXNWN1VGZYSTBtYUpSUlJVS2hQRnR3QWZ1akthWGlKZ2FaQ3M2SU95?= =?utf-8?B?REM3NFRHa0wrQ3dGQUZTaUFtT1I3SWVqdytNTFVYSC9PRFVsMHpmZVVWRmtG?= =?utf-8?B?S0R4UVFiRy9ZdzZPSFdyUkxkOExIYkp6MkZKZGhnMS84bUFJdjlwUUIyeEl0?= =?utf-8?B?dnhsc3ZYTzBoQitERVo5Z0FrZHRDK0JKcnUyR2Q5dUtwRWY0cm01TEtGa1dI?= =?utf-8?Q?r3QVsaCZjjEx7lb+gc=3D?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 6:k/G2BrIs/z4/OCuIPKeRrHE6IxVSci/7LYqdfWw+gHyPPEdn8jszk2IhA+6sWpLBkZSV+46YgqU1Lf0ZxSbFfysQD2qKJwTGxYB4IGBf6aaUlZkuYrOS1+IZxd8QhxN+njDAunUuK2WrOKQbvBz5RrEcbKW6KR65UHDk7vZDvmgRiAHDkIwIJqRSGq7jWSq6wH8aYdQGtdX1AvabrwYOTHuzypxh/rGnVXedwJ9Laecq1jsG7TVf9Q4QborMlZ7m8crAtrffOZR3q7WXdHNaki9t+TFtVXsagji4MS8x4xGfnuiZ4tvhv9KFRj9u76JESH7Fxt0iDOZyQ9nT/KZrdA==; 5:ZEk6NGFUA4+KzeuDaPR4wY5rNgjhZAr3lbKMZkH4TuFsC8gCilMXIf0Z9XQvH3k3AP361F17i1qGRUfK96AlhbgLOVAKfZ9La6xFXWy1Fp77k0EM7/MvHwn3hD4e6YdoDBM3FlPaCawsXoB4E2bkQQ==; 24:MlZVHcDh181fBmPKc0l20iJLb+XrdzUvzNJU/w3BBp8yPg9A0R3yEyMdcCDoB9v4+BCnzQ6Js1i4Bx/660FFMfXyugljAfgwk3/d7JoCvf0=; 7:/YH7klLeaTeDlFTtkPxCJ7WM34kFzCuyrPnk0vc2KcvX63zyE4zZD4BJ+XwmjhAZqiyqE9ubUK9zhttQssneoEC2A6uFkeTDRs7lpLhiwOv1ZvYfq7/KajXD4JxYEWNAcf8rZws7DRgPVvjwGUlqTg9L3NPY6nQq1u3k/QZnpyJgmFhhTtqWgs0jzLphBRKl3oARd+ulMHXatS0MJR9VFCyPqUdqiCxNOhfmk4O2LV0= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 20:dPjyWgXEMkaFWolLpnjDwlcRMoMNZPqZdSd0jhoeLwKgJixIWH1+Kaaskb4UQu173Za4AGsFc+nhJi6SLdO2pa+ej+WhI3GobhrHwlgD4+8kOASYYP0rRD+JQsUNiQqxilyyCYHEfqQvEG6V127FhxM4Ee36vRDbjqENg2i9U55w2rIvdHc+wPevYnU5lJYSw2LJY6nxNw5iylrdNM8of+thE0ywY3QCi2d1weuiAXv94RZZpQN+7Nn7XEFs/bPn X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Oct 2017 02:35:23.7376 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 56e12938-37d4-480d-7847-08d51763382e X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0157 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP SEV hardware uses ASIDs to associate a memory encryption key with a guest VM. During guest creation, a SEV VM uses the SEV_CMD_ACTIVATE command to bind a particular ASID to the guest. Lets make sure that the VMCB is programmed with the bound ASID before a VMRUN. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- arch/x86/kvm/svm.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 56 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index d496063ccd78..2f10bb47359c 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -213,6 +213,9 @@ struct vcpu_svm { */ struct list_head ir_list; spinlock_t ir_list_lock; + + /* which host CPU was used for running this vcpu */ + unsigned int last_cpu; }; /* @@ -340,6 +343,13 @@ static inline bool sev_guest(struct kvm *kvm) return sev->active; } +static inline int sev_get_asid(struct kvm *kvm) +{ + struct kvm_sev_info *sev = &kvm->arch.sev_info; + + return sev->asid; +} + static inline void mark_all_dirty(struct vmcb *vmcb) { vmcb->control.clean = 0; @@ -550,6 +560,9 @@ struct svm_cpu_data { struct kvm_ldttss_desc *tss_desc; struct page *save_area; + + /* index = sev_asid, value = vmcb pointer */ + struct vmcb **sev_vmcbs; }; static DEFINE_PER_CPU(struct svm_cpu_data *, svm_data); @@ -863,6 +876,7 @@ static void svm_cpu_uninit(int cpu) return; per_cpu(svm_data, raw_smp_processor_id()) = NULL; + kfree(sd->sev_vmcbs); __free_page(sd->save_area); kfree(sd); } @@ -876,11 +890,18 @@ static int svm_cpu_init(int cpu) if (!sd) return -ENOMEM; sd->cpu = cpu; - sd->save_area = alloc_page(GFP_KERNEL); r = -ENOMEM; + sd->save_area = alloc_page(GFP_KERNEL); if (!sd->save_area) goto err_1; + if (svm_sev_enabled()) { + r = -ENOMEM; + sd->sev_vmcbs = kmalloc((max_sev_asid + 1) * sizeof(void *), GFP_KERNEL); + if (!sd->sev_vmcbs) + goto err_1; + } + per_cpu(svm_data, cpu) = sd; return 0; @@ -1477,7 +1498,8 @@ static int avic_init_backing_page(struct kvm_vcpu *vcpu) static void sev_asid_free(struct kvm *kvm) { struct kvm_sev_info *sev = &kvm->arch.sev_info; - int pos, asid; + struct svm_cpu_data *sd; + int pos, asid, cpu; if (!svm_sev_enabled()) return; @@ -1485,6 +1507,11 @@ static void sev_asid_free(struct kvm *kvm) asid = sev->asid; pos = asid - 1; clear_bit(pos, sev_asid_bitmap); + + for_each_possible_cpu(cpu) { + sd = per_cpu(svm_data, cpu); + sd->sev_vmcbs[pos] = NULL; + } } static void sev_vm_destroy(struct kvm *kvm) @@ -4419,12 +4446,39 @@ static void reload_tss(struct kvm_vcpu *vcpu) load_TR_desc(); } +static void pre_sev_run(struct vcpu_svm *svm, int cpu) +{ + struct svm_cpu_data *sd = per_cpu(svm_data, cpu); + int asid = sev_get_asid(svm->vcpu.kvm); + + /* Assign the asid allocated with this SEV guest */ + svm->vmcb->control.asid = asid; + + /* + * Flush guest TLB: + * + * 1) when different VMCB for the same ASID is to be run on the same host CPU. + * 2) or this VMCB was executed on different host CPU in previous VMRUNs. + */ + if (sd->sev_vmcbs[asid] == svm->vmcb && + svm->last_cpu == cpu) + return; + + svm->last_cpu = cpu; + sd->sev_vmcbs[asid] = svm->vmcb; + svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ASID; + mark_dirty(svm->vmcb, VMCB_ASID); +} + static void pre_svm_run(struct vcpu_svm *svm) { int cpu = raw_smp_processor_id(); struct svm_cpu_data *sd = per_cpu(svm_data, cpu); + if (sev_guest(svm->vcpu.kvm)) + return pre_sev_run(svm, cpu); + /* FIXME: handle wraparound of asid_generation */ if (svm->asid_generation != sd->asid_generation) new_asid(svm, sd);