From patchwork Mon Feb 19 16:14:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10228209 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id C71B4602B7 for ; Mon, 19 Feb 2018 16:15:20 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B70AE28792 for ; Mon, 19 Feb 2018 16:15:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id AABAA28AAC; Mon, 19 Feb 2018 16:15:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4F24328792 for ; Mon, 19 Feb 2018 16:15:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753163AbeBSQPL (ORCPT ); Mon, 19 Feb 2018 11:15:11 -0500 Received: from mail-co1nam03on0089.outbound.protection.outlook.com ([104.47.40.89]:42610 "EHLO NAM03-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753130AbeBSQPH (ORCPT ); Mon, 19 Feb 2018 11:15:07 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=+RHkcjxidB2zm3ZsfMgsq0Kf2gBokSdvF5hI7MA8lmM=; b=XW+s9JG4Gqj6EtDFJpi0ltEBGh+geOwRhyck3TYxwKk1jmlDdXPbTCc/LhUUp/xieJTORSTwQz+5vRXbFLG/y8vfx++ZJ2IGPuPnDtjVfb/hslmoH7pprFKiZus+znk8jiWwLkMCsHnlwCl3DahH+OcYf4eMLb+8kMPg6TXg9jQ= Received: from wsp141597wss.amd.com (165.204.78.1) by BY2PR12MB0148.namprd12.prod.outlook.com (10.162.82.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.506.18; Mon, 19 Feb 2018 16:15:03 +0000 From: Brijesh Singh To: kvm@vger.kernel.org Cc: Brijesh Singh , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Joerg Roedel , Borislav Petkov , Tom Lendacky Subject: [PATCH] KVM: SVM: install RSM intercept Date: Mon, 19 Feb 2018 10:14:44 -0600 Message-Id: <20180219161444.47050-1-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: DM5PR16CA0002.namprd16.prod.outlook.com (10.173.216.12) To BY2PR12MB0148.namprd12.prod.outlook.com (10.162.82.21) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 727d02d5-16d5-4d5e-3a25-08d577b3ef4f X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:BY2PR12MB0148; X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0148; 3:eglwoo5IytRNuwAIReNSAJybv+ybpJd/qTYqFznaYhBCX2yAnZq3T++dX8X9pHYagmDrX5sZMPXxCpZWo38lDl0biTUItyOPiu+NNuhXKu1U/z8JJsLeXUxAkZy+ItJxDEoytCdvcNPp0AyvT6ZCS3mjdX4q1j+41f0yGt6AjhJi9bfnofpWdaBLkewuSAxJ5SAkXv89VGkJXg3ivMweut7TK6kNcZfz8K3cNOGmFwVU7vBRF1IeBIqAsKvJbd/K; 25:C1xXUpRokHdbtMbpIGZBeYIMBHP5M9/E1xvzgGHJEYq6bjtn2mX3/kEES3fGI3AKafcAVsg1IrllDPegchICzC+/+ZxHLg8wajMmXZUSGR0H5fLHZDyj9BtIZACPsgD+azvSJ94Djja6uiyWK1DdOrQUANwwDu4rM7eddWLgoSb7Dqz/0IHLrjvjY/qBAdeGsoDsZIYkWy+V6AJiCu1i9ZZgGTdt3Jvq/RRAKbDM0EVPm+l51UvpXC24J63b7EuX5KzTiK/SFS9uOdnUgmmBO/DFHY75WTOkJ9MwVhz58rUebOHhwGiGjKkb1l5eHNbAWrh90Br+FXW7vE26sQQtOA==; 31:+LOKpxg01sOzhJH5R8oTHbi0ArFYyRreOIkY6Rrudih4aNmw1um8zVbnb2A521ZsqqHfYXNZriNxrSwQrvypwbuXaN//l3yo9dijhdlfnKPND6Fb8KefcSWfzucfDM16lU9ZcC3Ly19gue73R/whowEYPtSo3dbfWqwXDOXSjQso8617PiGy4ro0nJPAZzB7svG7qsdNfa2v9XEGqywbkPf3GXav8cNzebQDyrPczqw= X-MS-TrafficTypeDiagnostic: BY2PR12MB0148: Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0148; 20:YjCalw8rWiQOa+Uyt/lZw6kp/c8r11MaEOrAJUruP1qB9fHTMXdHYfmwIYepUX9czL1myRryOW1fYl91nAxhdoQhnNL8b8Q4XU1HnbOf44cOnfI15ZXJdwGXfRdOs5zUlPQvwIh7DL5TxjrjTo7MDGJDuq+vPhSY9Hgd/E2ATi46k5mobDZJ2zK3MXaZovVoMuUM3Ca8cKYNu1RbvUECvEjItS80oZe6ejyTYUv4t+3agSUwOaDOoBDu+QjRffrQcM+9dCwpvK5x7ar9ad9annzHaqupGtDymPkmmyEhD4pMHPchcFjeUraZNH4+EbKjWm8Y4EiKMz4fLyEqWBa9FBYybz6ajk/+bLJearNichHrYTSDSme//RDq68ionng3qP8uZD6AnkHuWGsYYsm5/2kGBOp7u4+suEc0yl+4nKjjL8EEBDW30FRy4hOx4fu2JiXvPDRnr1yfhhkIxT0u9KNRu8z8h/5GL07Wmm0H7fMeDswPn4PflkAASwWP8p5W; 4:NATp5h1182cj9YcPEzWJFu7jxUKYVzdu2CBKVAy405j8gUve9DhuFKf2wm8NFV7gvmuA3bm9nvK3asnnoxhcJnH640WBOLefVAhZBkNSiH0gF4ybVIiZS1B8BIlvqlKurzbONrGyaAfUbqqEC3ALP3Kw2PfxVi5PP1LgO305nrpo2y3vsnvvudbyaq9H/65gje3RU2sZq/VkbucSMrPMwp+uwnkkdUeBiXYN0qU4Jpu24RbkqWKugyihoHrzP7P3kZ5LteOrMehzoyRSIfzj2tfwJkW2UA/sBkcYE3jgRcDM1RwH0EeFwT8odr7WU6Q2 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001056)(6040501)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3231101)(944501161)(3002001)(6055026)(6041288)(20161123564045)(20161123560045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:BY2PR12MB0148; BCL:0; PCL:0; RULEID:; SRVR:BY2PR12MB0148; X-Forefront-PRVS: 0588B2BD96 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(346002)(366004)(396003)(39860400002)(39380400002)(189003)(199004)(4326008)(47776003)(105586002)(2906002)(8936002)(36756003)(68736007)(2351001)(316002)(6916009)(50226002)(54906003)(305945005)(2870700001)(6666003)(53416004)(2361001)(575784001)(86362001)(7736002)(478600001)(1857600001)(6486002)(106356001)(97736004)(53936002)(8676002)(7696005)(386003)(6116002)(81166006)(3846002)(25786009)(52116002)(50466002)(26005)(1076002)(5660300001)(66066001)(23676004)(81156014)(186003)(59450400001)(16526019); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR12MB0148; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCWTJQUjEyTUIwMTQ4OzIzOnNhcEkyeG9rTFQyRWhrRUNMQTRRKy9XZ1px?= =?utf-8?B?RW5DM2VKZDJDWkozdjFodzA3ZE1raUhXMHg5Y2Y4Y1g2eFpVN3A1NVd4YXdj?= =?utf-8?B?dStyWlh3S0pqMGg4dExoUUZQMmpUV1c1WVhxZWpPUjBlUXNHTmhSbDZKRi9i?= =?utf-8?B?SWJHTmNvcFBJS2luaTdBY2tVeFpLV090QUhKWWpzTmtDTlZ5QjVwcHdTVHNS?= =?utf-8?B?VzVQc0Zud0dRVVl1K3lWRVVkeENlZHJ6MWtJN0IvQVVPTnN1T2p1eVdUWFFS?= =?utf-8?B?b3dReHhRbHhUV0ZER1JTNmQ1aHgvUUFZRE5qR2FJQW5qL2d1TnA5SndGWWsv?= =?utf-8?B?K0FselBxM3VRaEpON3BUaW9nUlNLRWhjMlVtcjBpOHUyRzV3N2s1K3dJejVi?= =?utf-8?B?YlZUaE5JcXpJUTZZSmpobnYvMWZtZFVSdGxjNDBhY2d3bkZaS0xrYmlLOGxl?= =?utf-8?B?UDFDTWdFK2ZuQklLeVZhalRKQURaZHoyYStBd0d1MWx0Y0l6RUhHR2w5RnhC?= =?utf-8?B?U294dk02M3dlRXZ6WjIzZllIL1ZwaUUrQlNCSCtkZTBvbjFHVjlMdFZCZlZD?= =?utf-8?B?YXBsRTU5OEFEWmxncStBMWg5M2VnZUd3cTRYTnRudkZ3RERwNmR0dWZwbFpV?= =?utf-8?B?azZOZW91aE5FSlhTcmltdENaNnZHbW5BRWFKTi9pTXJVY1Z6elhBQ2dQdGov?= =?utf-8?B?WlppSG1YeHBTZENJYmMwR0MrVkgwY2U2aFZDSWFtbFc1N1RyRDI0YTR1NEQv?= =?utf-8?B?dENDMTRJM05VUk1teXJ0MUd2Z3ZESHY0U0J0Z0ZJZldjRHYyT0NvTEdCYWtS?= =?utf-8?B?cTVWV1J5QXY2NlF0NnowVENTemo0bTRhWDlKVnhFeFBhaVgwR1ZzeXc3aWNH?= =?utf-8?B?WC9STkxNbTYxQnk0YXgvbURUOVFHRXZDZW9URm9Md1VkZkJZVGo1OHFrTkpY?= =?utf-8?B?ZlNVTWppQTFtWFFoUmt4NVZRaGFUU1B2YVhUWVdEYzFVV0F4VFRuUGhsQlQ4?= =?utf-8?B?Z2Q0OHFKZGVQMFRWUUdyNjdaMDRERWJvb0E1bFQwdzhqR1FDYmwydTE2RGQ2?= =?utf-8?B?T2JtQm9McVkvRFdQVnVTMnllQ01UcUEzS1ROQjJHQXRDTENMV0NUQ2hpUWhQ?= =?utf-8?B?aVBFM3lyak9yN2ZKQmxxMTFJRGFiN0FCazNUS1AveVRZMU96MVgxNDgwUUNy?= =?utf-8?B?RmQ2VDhpSUtaOVBRS3U3VDFtaVN2Qk50czlvNnNKa1BYVk9LWmFOR0tOUEUz?= =?utf-8?B?ck5USDZ3N0czdDkzL3VOZHZaU3k3YVlqQmJRQ3ZYVW1TdzhaT2hqcm95NVRa?= =?utf-8?B?QmRudmtpb2JwL21WcGovZzNsc2FHS0ExRWNnUm8zUjJZSDlGdTU2UzM2K3Rl?= =?utf-8?B?S1lJNm9DbDAzY051TjlaVHNsTlE4T09KMUhjb1N6MVp6MGUwZHcwUTRjSlpI?= =?utf-8?B?SEg3b0QxMGwrMlJmTGh2bTcwbUdWakRBVE83VEwxQUFiRzROK2NpQWpQTWNO?= =?utf-8?B?V3BkZ1RaeS8xcnZqa1BXZC82a3U3T1ZsVGxXcmxTbnpvamQ3bWZwNFNyNmJ1?= =?utf-8?Q?KlO7kTk9PaiNEhZ7IUjiY4BK8THwiEmhL3+kq/dNl5mE=3D?= X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0148; 6:7np7sihxZWvOB9cT/k750yxrYzLTd4C4V+b43HqGfyuKoRFp/BnhP4btKVKQp3HnoS2uTLIAqPCy48lrvYldQfXCD1K6Zf5CWaUjSezh1Lp7ha3JK7P4f7sa62VKhWVQUGdHEnCged1YOfGVwZ7HXM2bxqRKXCfYxzBy6cVvofJ/1R4u9Tcgna0V4Uz1RIiTp7Po7HMfijFNQXankGsPpyBBr9w/uoYb5osfLg+agK3Zbyp7AdFWj99dkOi9fUqt9pCHCzUsiESgO1LsSWtTOV918Ckn3CB3caVOQMQK05/ZWtnt1SwxPr/xYvj7xwRYflUO+l+LdyT8RAIIGfFjsrVSPKbtLMCjlEXo36coucY=; 5:mfw0gpuvXHGPBI5Lvd+WPSY/ca8iBRaqA3uGQIK8gOLEKWarRAWvhFivO6I3r4ETOJxJU9i1pClhbaapGQCd+ogtS3qjB8wwAihLEzil14h6oIp4qZaS1UtZuvIZeKGyhW1Tji/8BW/0FGotTbuqGURCBHBh/88QqX6vDtnIHT4=; 24:9CA/3a9zEJauInEhPnM0WJBNKe9NbqdCgMQiMBYe380RLal2UMe1b7cajpf2Qe0E315D5yB4a6w+as7V0KSL7IPxbL7lQa2Qllo3nHGhKMQ=; 7:bomJz0wgTv4/b3RFU0HfcbCcv7ixZJYQmfOwpi7CBgUjBa7rjLMbX1627O3we5wjOteyJZwGagKGepOKDS1L6MQ7mniO4w32aViYErvlw2KsBEdLuToAkqJZzuLUN0tR/qUCEnFAbLxqcCssObvFlgYcyBq8VWH2LQCGcLYH6C0aG5g9CvKkwHpvOFGgdAQZzJlv67VIfKohxUecBg+rYt57HQ+ueIDfraw29rVb11ZHQpqjQ0r846SrXuGd9U+t SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0148; 20:nv1WX0rq18qJ8FKQDEySM604ke4FsdQFS9MQsgFwaKRv64F0Ukme1y3exNf39946/+HgQx7quEiQrcHFJ67E6eM7QKCVGQhpncjevDbhGOo6DQBil96vh3fRqXe1bPdOKmZYF39hnLOgKAS8Nm/1M0nwkckzlcNNYZuOQ7tT3beRunzItpoap2u3Nc9hJaG+1faGOmntPwfMMu9I4LYIOgq5RPe2wukh61mILuH9yE4ruqQifSEIan2a3fhFsRw4 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Feb 2018 16:15:03.4497 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 727d02d5-16d5-4d5e-3a25-08d577b3ef4f X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR12MB0148 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP RSM instruction is used by the SMM handler to return from SMM mode. Currently, rsm causes a #UD - which results in instruction fetch, decode, and emulate. By installing the RSM intercept we can avoid the instruction fetch since we know that #VMEXIT was due to rsm. The patch is required for the SEV guest, because in case of SEV guest memory is encrypted with guest-specific key and hypervisor will not able to fetch the instruction bytes from the guest memory. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 22fc3022386a..20c75e6b74dc 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -300,6 +300,8 @@ module_param(vgif, int, 0444); static int sev = IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT); module_param(sev, int, 0444); +static u8 rsm_ins_bytes[] = "\x0f\xaa"; + static void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0); static void svm_flush_tlb(struct kvm_vcpu *vcpu, bool invalidate_gpa); static void svm_complete_interrupts(struct vcpu_svm *svm); @@ -1383,6 +1385,7 @@ static void init_vmcb(struct vcpu_svm *svm) set_intercept(svm, INTERCEPT_SKINIT); set_intercept(svm, INTERCEPT_WBINVD); set_intercept(svm, INTERCEPT_XSETBV); + set_intercept(svm, INTERCEPT_RSM); if (!kvm_mwait_in_guest()) { set_intercept(svm, INTERCEPT_MONITOR); @@ -3699,6 +3702,12 @@ static int emulate_on_interception(struct vcpu_svm *svm) return emulate_instruction(&svm->vcpu, 0) == EMULATE_DONE; } +static int rsm_interception(struct vcpu_svm *svm) +{ + return x86_emulate_instruction(&svm->vcpu, 0, 0, + rsm_ins_bytes, 2) == EMULATE_DONE; +} + static int rdpmc_interception(struct vcpu_svm *svm) { int err; @@ -4541,7 +4550,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = { [SVM_EXIT_MWAIT] = mwait_interception, [SVM_EXIT_XSETBV] = xsetbv_interception, [SVM_EXIT_NPF] = npf_interception, - [SVM_EXIT_RSM] = emulate_on_interception, + [SVM_EXIT_RSM] = rsm_interception, [SVM_EXIT_AVIC_INCOMPLETE_IPI] = avic_incomplete_ipi_interception, [SVM_EXIT_AVIC_UNACCELERATED_ACCESS] = avic_unaccelerated_access_interception, };