From patchwork Tue Dec 5 01:04:26 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10091871 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id CF08C60327 for ; Tue, 5 Dec 2017 01:09:53 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C2E53294CE for ; Tue, 5 Dec 2017 01:09:53 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B6EEC294DE; Tue, 5 Dec 2017 01:09:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 29466294CE for ; Tue, 5 Dec 2017 01:09:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752677AbdLEBJv (ORCPT ); Mon, 4 Dec 2017 20:09:51 -0500 Received: from mail-bn3nam01on0083.outbound.protection.outlook.com ([104.47.33.83]:27456 "EHLO NAM01-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752585AbdLEBFw (ORCPT ); Mon, 4 Dec 2017 20:05:52 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=r7tAaIktcIGr5PlSp/ejplXMHnIccEFUdw94l4vFZOo=; b=lI6BX0c1H5ITY+2tEYPPqvI8U0uxM48m14LkdIoMV0pZT+JnsWr2Fgq2prX30SYi/4xRWtzMDz1B+DRkbnw02TV1F1Tl6tWclkhLEOMx/FggCeOi4SuFbmkI8dY8QFWzHo+r7yhONs3eaH2yqWH4gkxwk9CEbsKlhsDabjZZ71k= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by CY1PR12MB0149.namprd12.prod.outlook.com (10.161.173.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.5; Tue, 5 Dec 2017 01:05:17 +0000 From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: bp@alien8.de, Brijesh Singh , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Joerg Roedel , Borislav Petkov , Tom Lendacky Subject: [Part2 PATCH v9 26/38] KVM: SVM: VMRUN should use associated ASID when SEV is enabled Date: Mon, 4 Dec 2017 19:04:26 -0600 Message-Id: <20171205010438.5773-27-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171205010438.5773-1-brijesh.singh@amd.com> References: <20171205010438.5773-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: CY4PR0601CA0087.namprd06.prod.outlook.com (52.132.96.156) To CY1PR12MB0149.namprd12.prod.outlook.com (10.161.173.19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7985bcaa-16a0-4a23-3c17-08d53b7c4060 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603286); SRVR:CY1PR12MB0149; X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149; 3:9WuYwmFAH47D9AgUUpxdZpu43ef6y2u4O4EOr9M2C3Z5fWSrNavBbL+ccmtF5cnfSutSeh2kEKzjTzR0x6foJPCIVtS+LBO52h+5frRDEm3R7xCYqWsgXVyf7CRP19UeaFhEnUwIkcHe0zkXej4TUByuRHZtaYon6qDb8kA90JfgGGTJp+xGz1t7SlQUy+YLe1zXKNbsarkIYSvpdNzZ35wdx7gTS78+ht39LS7xXoXjB5XUsPQKUgL7seh8CdOd; 25:To9d1NlBhm7Wtv4jfMz7D5ghF0oRLQoK3qFNgtnvcSOhH2duXF6KbxzxrUcGsaoxYO6w+cgb86Cu32+iryzTeLmX6SbROPgIPR5XzOEKX120Tz9rvruwWMVowq7JRU2wZDFK9t4Lc0yzxAk3IcX/cnA/eu8TS85DDkyDUhQ+wAFGkfTJGrj3ZuXfs81WRL/TPmKYEeDdaY+8wUwS3rAH5fSmMMadm3If/t4hAJkXL/lvqLHfl1fQ4ei94kqDW6ULut9EZf7geFz40GcOv1xG5Vlh228NRMdNEG7bDHlEGiIj2EQUQfynXa3e7PIUX5Qwai18wMsYXb3V4hjsVQE/nw==; 31:6GDeZsSnRE4OHiWwlib8IERpMe9qANa9T6DsdZvGuzBBI83p257Jz4UET38Y2NvaULpgADn0jsfAU06RJBKdsA7rV1MG2jIRLIr31mmNguHF1ODvhbZGES2sun/9n8fYOH674vNvjwAuNUAIxkbJ3mL9M9gUxk+NtJBo2njpkTM24Gk+jWm2xuZaLcenLbYn+VaGAnCSKRlTebE8nqhdqJr/mFhxIQILcSmAyvYDUPk= X-MS-TrafficTypeDiagnostic: CY1PR12MB0149: X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149; 20:CaxwN9sbK6soh6epZD6gyI8x5Dm65BjWyXMupiBC8cVB9wZ55mBsxntfriMrFlz/XaUjt2mJAn8Llzg7INSfh8PeujLnACtbkoP+R9JHyhvi8SI5UDiDrowJU9md+QVBQuhEtHp41Wd+zOIKAtn3HxOWWIi0tbl/C+W95asuejtDXZ5v4xVkLDGGM+Cx6OlGetMQxPF13iSI4DOD4TKVldl9Tfd2/YOF2i2WQ0WZn8tWCB8mXcDv9kjXJ6aVf5LakA6U888WKl1VALxUGR7+gFkj6oLWIj5WNGzfRVBYBuCV4vBeeiSUaf8u0Tq0BG6DNk6FbFiXWdRINTAIZFQP3RtOHTtZxd3LC4tXvyXi4t+zMg9Y4wP88OxDppAgoizP0PCv9CpaH5iBk/JLt7k+zuyEOeK/nVpVlehUPmuO4SB7/AfDKxTKpBz+j44zPpgsi5VAyy0Ry236kkuRgDlHK5mCM5lRBiUD/56GcjeoaHATRtAEWJZBFBShIijANUFj; 4:ltJe3KpUkhBqcWGTYATABrT3EyicrGD8/7W1pxeqbkr0lq1UYeu57d81+VvP0yYbWNKUbMdLmOkRBavMYj6xbat0wc/jV5t8qUnSjzW443uFgpwrX0oyXX8LR9YMbenrTCqNHSWvO8uivaE0eq6Bsuti9y8eOrO3eoH8SHWOfm2wcsoN743IuZxd/6akQFjvAXdXml0NHlwX4bziIE9N63EiEIawUgK0u5+aUawXWejrt2fclrqdlKWpIaCqjMok++Rkc25TID3FDiYc+YObLr+HBWogLK1S19vALeTHPgUyUCRNXSS17bIs0nOv9nmOKgG20pWIAjGlGaC4JRrhhg== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123558100)(20161123555025)(20161123562025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(6072148)(201708071742011); SRVR:CY1PR12MB0149; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:CY1PR12MB0149; X-Forefront-PRVS: 0512CC5201 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(366004)(39860400002)(346002)(376002)(189002)(199003)(16526018)(189998001)(106356001)(478600001)(7416002)(2870700001)(101416001)(23676004)(52116002)(97736004)(86362001)(7696005)(33646002)(54906003)(25786009)(105586002)(76176011)(316002)(2950100002)(6666003)(7736002)(2906002)(6486002)(50226002)(81166006)(81156014)(8936002)(53936002)(8676002)(4326008)(1076002)(305945005)(66066001)(6116002)(53416004)(5660300001)(47776003)(68736007)(3846002)(50466002)(36756003); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR12MB0149; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTFQUjEyTUIwMTQ5OzIzOnByL1VnazY0K3psVTcrV2VzeTIrZjlQV0h1?= =?utf-8?B?Q2Vuc01jVGdrNHpQY3Zza2tGNXFEaGNUdDNybkMxQ3FSU3VpRWk3UE1PQUlK?= =?utf-8?B?Z0dnQjNUMjM1bnRFdS9lODZVVlppSFl0elBPMlRWeGZkSDlibEhIbmxybGp6?= =?utf-8?B?N1kvMTNBL1oxaTNWcWRzaVNVUmxsNHdWbnNId3dkTmhzYWYvT0d3aEJOekgy?= =?utf-8?B?YzRWaUhQbXphYmdFS0ZHRUFyYnArZ1hVYjlNaTJMT3BvUkdDcGgvTzk2bUVE?= =?utf-8?B?WnZJZG9JRjBCUGp3eEc1dFlIRG9MTFZEeDVIc3RrRU85Z3ZJS3hueW9obWtQ?= =?utf-8?B?MFdmeVlVSENaY2VIL09JMUJRWDl0V1lDeTV3ekpyeUpUdlk2eUlMcFdMd3lv?= =?utf-8?B?VFBOWlZvWHl4Y25iaUpuUFFya1Rwd2YwdHg4SXlHWWJGRklYODZvbVRhWHlm?= =?utf-8?B?MGhaMVhkR0lBZFFtVXhoQis1VzhCdzM3MDFtTmZtMTh2dmZsaU1xQlU0Ni9H?= =?utf-8?B?MnRFRjE4OGFoK243N1Q3UVgwSXJkR1BqMk92UE1uck5DbG92ZjVpMFRzaUJo?= =?utf-8?B?YVA3aXJqWmhMeXJDYkRWREQzbExkRWY4RmZReCt0cXNDOFYyQ1dXbVRIbGFS?= =?utf-8?B?VFJVbzBEYVd5MHZTVWlPM0JkdmlyK25sUlFMSkhnM0tqTEhzbTMrV01VNk1C?= =?utf-8?B?L1dXUHRLaWQ3a200eHliZ3JOeXhmTmJ4ZU9VQlJHV211TlBPWC9PYUdwb3VN?= =?utf-8?B?ME1zUnRHc2Z3MEY5UE5XbkZwaFU4TWhVcHVycGcrYXJ6UHRxQTBRcUFqU3dG?= =?utf-8?B?ZW5pSjZyRXB3dEFYYkpEbkdKY2pVWXNKK3laWEpZWCtuVktIN2p3TUQraFB6?= =?utf-8?B?ZUQrbXlMblh6aHBpZG83K3VMdFdtRTl3RFVxWndQYjZ6YnB4alEzekRtTm5s?= =?utf-8?B?MUFrbjFBd1BJQjc5OWliU0c5UHJGRFZzOUJ6azk0N2crVjRTTXhOeXdiS0ZQ?= =?utf-8?B?UUdBUHI5azk1MzlvRkppaWdXaHZveFRpeUpubGVyUnFIMkhBd1lqd2V6SndZ?= =?utf-8?B?SXoreC9nY056aVF4WU9teGNNZGROSE13cU5kUHNVNGFFb0k5VUh3OGV1NStE?= =?utf-8?B?c0kvU2w4bm9jeUtiUWEzVmhkR1BDeld1VEdDWlFrYUxrbi9ZYTlZcTJ2QmNs?= =?utf-8?B?c0VhTXpQODVoSGdKN2pmblZrV3c4Q1VHVkxua3lnYnpKVFZ6SkJDQ2hiYTgr?= =?utf-8?B?a0Z2cmhocHJwYTlGeHVxK1BlcXNWWTMzSEw1VFh1cTEzU2lQdVB5NFB4c2h3?= =?utf-8?B?UzdTV3dabUhxM1NoQ0c1T3FDbDByZlp6cjl4RkIxMmtkWjNJdml6M2ZMNE9Q?= =?utf-8?B?WjRrcGk1Y05XL01Od1IyUTdjc29hRVhNK0cvd1ptcUs3amI0YXovenlnOU11?= =?utf-8?B?K3JXZVdBY0srWldJQ0dYOU1mNXZnK1ZWYjdUWDJzSWxWeVJVcTNVcGhyRmxK?= =?utf-8?Q?Ppk8AD5l85Gy0+B1j5cgrpNtg=3D?= X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149; 6:CH2tuXi+1QrvG2sVgOSdeIpANFQ9TGOE4uATMUqMA020FNa2kT2eIt5mBOLh69H+0X1NgLb5P//kYzaaLwWfKOXEyJoFC2OB+dV7YsbsL5M4M0MOVmOz6I8rcz7j912PxnIUwQcp/MfoAqjt/ja7hH9cN8lHP+esBmfbOkM0GNR0HlmJJks34+xh9ysd+RRmZedrq3FXzijQRh/fYUmQIf4SSGjyj5+HtnsW5zKyF+K994gqiQwwesQHgGeX+U9AD3ldAZYICMwF05vSGhC+utcZWFGTJtc4TcKsmovSjsaCzNRk//XF2HrK/o9g7tJlkEHFvOWOSYJMYZ86ANQNqz+HMkw5eRyQYPZEFa8IHdU=; 5:Vh4oyv/YwKL+NXoj8bySRKCYsergadXstWY6G89zACG0JXVyBjXN7a1/NZPsoVXTrLQP5OyNVf1eOo/1XI1fPThp0cOX6zticmlO+ZCKK/AtiAFjXrjje/2bhV9WXdr6Qs7xDd7U6A5L3z4iWMPNfVesugdNrZ+m95Z3xwP9Nag=; 24:6J3SiIGchyErfpvd9RgUIR7X4NbdY6TWKugCx4lohOzVA7ii/5xzN/zqy7sjB0YM8J+hE8GNa0RGO1RmwSw6jETQaG84sIj8/lhHi+mag+s=; 7:Wl/Wtizzt6waqIUhIyQGyoruPv72VC77xPPN/6HmiL7rISwBwnfRA0BXRuOvuN9HN4XDJysUI4wbO9VMbixMSUR8XIM5mFdwGWS7scBfJDnVsE12YsOYI1ZBcvaKVQq2Xw1LuOOaix0K5L3ysLnuBiM3m6vM292oFHaniK2JifRNp8cRmT0G0urVGoi6bUf9o6i95HDLw1wTtDox3TjjVuqPHAeC3di6rDf3vv5POu95IGSTvZHs8idNwOWfume+ SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149; 20:bjIroiKcgV7jmUhMj5G2pAUnK3ARSXCqMMpQfdCxIe/Fq5zXEApU4j1vkrwnWxWwxbS7mLHjQRkMXNwfQSRlbATAo+fJZAx7xTseZpD5jOeUtyWUWV/nuQCZmsdW50aOGeNDRJbicchHUS61VgAeruWdRPZ8io1XHr8uFiFLf4u9OfhR4/qRXQIxmLPGxL7sXFUTSHdjx4TZ7mHw168hQ+O51UOl/RfonVKwvOGq7zpsE/rFxG0cl6AkXDQIHsbD X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Dec 2017 01:05:17.8731 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7985bcaa-16a0-4a23-3c17-08d53b7c4060 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB0149 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP SEV hardware uses ASIDs to associate a memory encryption key with a guest VM. During guest creation, a SEV VM uses the SEV_CMD_ACTIVATE command to bind a particular ASID to the guest. Lets make sure that the VMCB is programmed with the bound ASID before a VMRUN. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- arch/x86/kvm/svm.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 56 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 51186107eb22..cdbdc86d7aee 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -213,6 +213,9 @@ struct vcpu_svm { */ struct list_head ir_list; spinlock_t ir_list_lock; + + /* which host CPU was used for running this vcpu */ + unsigned int last_cpu; }; /* @@ -341,6 +344,13 @@ static inline bool sev_guest(struct kvm *kvm) return sev->active; } +static inline int sev_get_asid(struct kvm *kvm) +{ + struct kvm_sev_info *sev = &kvm->arch.sev_info; + + return sev->asid; +} + static inline void mark_all_dirty(struct vmcb *vmcb) { vmcb->control.clean = 0; @@ -551,6 +561,9 @@ struct svm_cpu_data { struct kvm_ldttss_desc *tss_desc; struct page *save_area; + + /* index = sev_asid, value = vmcb pointer */ + struct vmcb **sev_vmcbs; }; static DEFINE_PER_CPU(struct svm_cpu_data *, svm_data); @@ -864,6 +877,7 @@ static void svm_cpu_uninit(int cpu) return; per_cpu(svm_data, raw_smp_processor_id()) = NULL; + kfree(sd->sev_vmcbs); __free_page(sd->save_area); kfree(sd); } @@ -877,11 +891,18 @@ static int svm_cpu_init(int cpu) if (!sd) return -ENOMEM; sd->cpu = cpu; - sd->save_area = alloc_page(GFP_KERNEL); r = -ENOMEM; + sd->save_area = alloc_page(GFP_KERNEL); if (!sd->save_area) goto err_1; + if (svm_sev_enabled()) { + r = -ENOMEM; + sd->sev_vmcbs = kmalloc((max_sev_asid + 1) * sizeof(void *), GFP_KERNEL); + if (!sd->sev_vmcbs) + goto err_1; + } + per_cpu(svm_data, cpu) = sd; return 0; @@ -1498,10 +1519,16 @@ static int avic_init_backing_page(struct kvm_vcpu *vcpu) static void __sev_asid_free(int asid) { - int pos; + struct svm_cpu_data *sd; + int cpu, pos; pos = asid - 1; clear_bit(pos, sev_asid_bitmap); + + for_each_possible_cpu(cpu) { + sd = per_cpu(svm_data, cpu); + sd->sev_vmcbs[pos] = NULL; + } } static void sev_asid_free(struct kvm *kvm) @@ -4466,12 +4493,39 @@ static void reload_tss(struct kvm_vcpu *vcpu) load_TR_desc(); } +static void pre_sev_run(struct vcpu_svm *svm, int cpu) +{ + struct svm_cpu_data *sd = per_cpu(svm_data, cpu); + int asid = sev_get_asid(svm->vcpu.kvm); + + /* Assign the asid allocated with this SEV guest */ + svm->vmcb->control.asid = asid; + + /* + * Flush guest TLB: + * + * 1) when different VMCB for the same ASID is to be run on the same host CPU. + * 2) or this VMCB was executed on different host CPU in previous VMRUNs. + */ + if (sd->sev_vmcbs[asid] == svm->vmcb && + svm->last_cpu == cpu) + return; + + svm->last_cpu = cpu; + sd->sev_vmcbs[asid] = svm->vmcb; + svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ASID; + mark_dirty(svm->vmcb, VMCB_ASID); +} + static void pre_svm_run(struct vcpu_svm *svm) { int cpu = raw_smp_processor_id(); struct svm_cpu_data *sd = per_cpu(svm_data, cpu); + if (sev_guest(svm->vcpu.kvm)) + return pre_sev_run(svm, cpu); + /* FIXME: handle wraparound of asid_generation */ if (svm->asid_generation != sd->asid_generation) new_asid(svm, sd);