Message ID | 20210422021125.3417167-16-seanjc@google.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | KVM: SVM: Misc SEV cleanups | expand |
On 22/04/21 04:11, Sean Christopherson wrote: > + int ret, pos, error = 0; > + > + /* Check if there are any ASIDs to reclaim before performing a flush */ > + pos = find_next_bit(sev_reclaim_asid_bitmap, max_sev_asid, min_asid); > + if (pos >= max_asid) > + return -EBUSY; There's a tiny bug here which would cause sev_flush_asids to return 0 if there are reclaimed SEV ASIDs and the caller is looking for an SEV-ES ASID, or vice versa. The bug used to be in __sev_recycle_asids, you're just moving the code. It's not a big deal because sev_asid_new only retries once, but we might as well fix it: diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 02b3426a9e39..403c6991e67c 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -74,12 +74,13 @@ struct enc_region { unsigned long size; }; +/* Called with the sev_bitmap_lock held, or on shutdown */ static int sev_flush_asids(int min_asid, int max_asid) { int ret, pos, error = 0; /* Check if there are any ASIDs to reclaim before performing a flush */ - pos = find_next_bit(sev_reclaim_asid_bitmap, max_sev_asid, min_asid); + pos = find_next_bit(sev_reclaim_asid_bitmap, max_asid, min_asid); if (pos >= max_asid) return -EBUSY; Paolo > /* > * DEACTIVATE will clear the WBINVD indicator causing DF_FLUSH to fail, > @@ -87,14 +92,7 @@ static inline bool is_mirroring_enc_context(struct kvm *kvm) > /* Must be called with the sev_bitmap_lock held */ > static bool __sev_recycle_asids(int min_asid, int max_asid) > { > - int pos; > - > - /* Check if there are any ASIDs to reclaim before performing a flush */ > - pos = find_next_bit(sev_reclaim_asid_bitmap, max_sev_asid, min_asid); > - if (pos >= max_asid) > - return false; > - > - if (sev_flush_asids()) > + if (sev_flush_asids(min_asid, max_asid)) > return false; > > /* The flush process will flush all reclaimable SEV and SEV-ES ASIDs */ > @@ -1846,10 +1844,11 @@ void sev_hardware_teardown(void) > if (!sev_enabled) > return; > > + /* No need to take sev_bitmap_lock, all VMs have been destroyed. */ > + sev_flush_asids(0, max_sev_asid); > + > bitmap_free(sev_asid_bitmap); > bitmap_free(sev_reclaim_asid_bitmap); > - > - sev_flush_asids(); > } > > int sev_cpu_init(struct svm_cpu_data *sd) >
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 5cdfea8b1c47..d65193a4ea17 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -58,9 +58,14 @@ struct enc_region { unsigned long size; }; -static int sev_flush_asids(void) +static int sev_flush_asids(int min_asid, int max_asid) { - int ret, error = 0; + int ret, pos, error = 0; + + /* Check if there are any ASIDs to reclaim before performing a flush */ + pos = find_next_bit(sev_reclaim_asid_bitmap, max_sev_asid, min_asid); + if (pos >= max_asid) + return -EBUSY; /* * DEACTIVATE will clear the WBINVD indicator causing DF_FLUSH to fail, @@ -87,14 +92,7 @@ static inline bool is_mirroring_enc_context(struct kvm *kvm) /* Must be called with the sev_bitmap_lock held */ static bool __sev_recycle_asids(int min_asid, int max_asid) { - int pos; - - /* Check if there are any ASIDs to reclaim before performing a flush */ - pos = find_next_bit(sev_reclaim_asid_bitmap, max_sev_asid, min_asid); - if (pos >= max_asid) - return false; - - if (sev_flush_asids()) + if (sev_flush_asids(min_asid, max_asid)) return false; /* The flush process will flush all reclaimable SEV and SEV-ES ASIDs */ @@ -1846,10 +1844,11 @@ void sev_hardware_teardown(void) if (!sev_enabled) return; + /* No need to take sev_bitmap_lock, all VMs have been destroyed. */ + sev_flush_asids(0, max_sev_asid); + bitmap_free(sev_asid_bitmap); bitmap_free(sev_reclaim_asid_bitmap); - - sev_flush_asids(); } int sev_cpu_init(struct svm_cpu_data *sd)
Skip SEV's expensive WBINVD and DF_FLUSH if there are no SEV ASIDs waiting to be reclaimed, e.g. if SEV was never used. This "fixes" an issue where the DF_FLUSH fails during hardware teardown if the original SEV_INIT failed. Ideally, SEV wouldn't be marked as enabled in KVM if SEV_INIT fails, but that's a problem for another day. Signed-off-by: Sean Christopherson <seanjc@google.com> --- arch/x86/kvm/svm/sev.c | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-)