[v7,13/45] x86/sev: Check the vmpl level

Message ID	20211110220731.2396491-14-brijesh.singh@amd.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <kvm-owner@kernel.org> Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; From: Brijesh Singh <brijesh.singh@amd.com> To: <x86@kernel.org>, <linux-kernel@vger.kernel.org>, <kvm@vger.kernel.org>, <linux-efi@vger.kernel.org>, <platform-driver-x86@vger.kernel.org>, <linux-coco@lists.linux.dev>, <linux-mm@kvack.org> CC: Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, Joerg Roedel <jroedel@suse.de>, Tom Lendacky <thomas.lendacky@amd.com>, "H. Peter Anvin" <hpa@zytor.com>, Ard Biesheuvel <ardb@kernel.org>, Paolo Bonzini <pbonzini@redhat.com>, Sean Christopherson <seanjc@google.com>, "Vitaly Kuznetsov" <vkuznets@redhat.com>, Jim Mattson <jmattson@google.com>, "Andy Lutomirski" <luto@kernel.org>, Dave Hansen <dave.hansen@linux.intel.com>, Sergio Lopez <slp@redhat.com>, Peter Gonda <pgonda@google.com>, "Peter Zijlstra" <peterz@infradead.org>, Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>, David Rientjes <rientjes@google.com>, Dov Murik <dovmurik@linux.ibm.com>, Tobin Feldman-Fitzthum <tobin@ibm.com>, Borislav Petkov <bp@alien8.de>, Michael Roth <michael.roth@amd.com>, Vlastimil Babka <vbabka@suse.cz>, "Kirill A . Shutemov" <kirill@shutemov.name>, Andi Kleen <ak@linux.intel.com>, "Dr . David Alan Gilbert" <dgilbert@redhat.com>, <tony.luck@intel.com>, <marcorr@google.com>, <sathyanarayanan.kuppuswamy@linux.intel.com>, Brijesh Singh <brijesh.singh@amd.com> Subject: [PATCH v7 13/45] x86/sev: Check the vmpl level Date: Wed, 10 Nov 2021 16:06:59 -0600 Message-ID: <20211110220731.2396491-14-brijesh.singh@amd.com> In-Reply-To: <20211110220731.2396491-1-brijesh.singh@amd.com> References: <20211110220731.2396491-1-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: bulk
Series	Add AMD Secure Nested Paging (SEV-SNP) Guest Support \| expand [v7,00/45] Add AMD Secure Nested Paging (SEV-SNP) Guest Support [v7,01/45] x86/compressed/64: detect/setup SEV/SME features earlier in boot [v7,02/45] x86/sev: detect/setup SEV/SME features earlier in boot [v7,03/45] x86/mm: Extend cc_attr to include AMD SEV-SNP [v7,04/45] x86/sev: Shorten GHCB terminate macro names [v7,05/45] x86/sev: Get rid of excessive use of defines [v7,06/45] x86/head64: Carve out the guest encryption postprocessing into a helper [v7,07/45] x86/sev: Remove do_early_exception() forward declarations [v7,08/45] x86/sev: Define the Linux specific guest termination reasons [v7,09/45] x86/sev: Save the negotiated GHCB version [v7,10/45] x86/sev: Add support for hypervisor feature VMGEXIT [v7,11/45] x86/sev: Check SEV-SNP features support [v7,12/45] x86/sev: Add a helper for the PVALIDATE instruction [v7,13/45] x86/sev: Check the vmpl level [v7,14/45] x86/compressed: Add helper for validating pages in the decompression stage [v7,15/45] x86/compressed: Register GHCB memory when SEV-SNP is active [v7,16/45] x86/sev: Register GHCB memory when SEV-SNP is active [v7,17/45] x86/sev: Add helper for validating pages in early enc attribute changes [v7,18/45] x86/kernel: Make the bss.decrypted section shared in RMP table [v7,19/45] x86/kernel: Validate rom memory before accessing when SEV-SNP is active [v7,20/45] x86/mm: Add support to validate memory when changing C-bit [v7,21/45] KVM: SVM: Define sev_features and vmpl field in the VMSA [v7,22/45] KVM: SVM: Create a separate mapping for the SEV-ES save area [v7,23/45] KVM: SVM: Create a separate mapping for the GHCB save area [v7,24/45] KVM: SVM: Update the SEV-ES save area mapping [v7,25/45] x86/sev: Use SEV-SNP AP creation to start secondary CPUs [v7,26/45] x86/head: re-enable stack protection for 32/64-bit builds [v7,27/45] x86/sev: move MSR-based VMGEXITs for CPUID to helper [v7,28/45] KVM: x86: move lookup of indexed CPUID leafs to helper [v7,29/45] x86/compressed/acpi: move EFI system table lookup to helper [v7,30/45] x86/compressed/acpi: move EFI config table lookup to helper [v7,31/45] x86/compressed/acpi: move EFI vendor table lookup to helper [v7,32/45] x86/boot: Add Confidential Computing type to setup_data [v7,33/45] KVM: SEV: Add documentation for SEV-SNP CPUID Enforcement [v7,34/45] x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers [v7,35/45] x86/boot: add a pointer to Confidential Computing blob in bootparams [v7,36/45] x86/compressed: add SEV-SNP feature detection/setup [v7,37/45] x86/compressed: use firmware-validated CPUID for SEV-SNP guests [v7,38/45] x86/compressed/64: add identity mapping for Confidential Computing blob [v7,39/45] x86/sev: add SEV-SNP feature detection/setup [v7,40/45] x86/sev: use firmware-validated CPUID for SEV-SNP guests [v7,41/45] x86/sev: Provide support for SNP guest request NAEs [v7,42/45] x86/sev: Register SNP guest request platform device [v7,43/45] virt: Add SEV-SNP guest driver [v7,44/45] virt: sevguest: Add support to derive key [v7,45/45] virt: sevguest: Add support to get extended report

Message ID

20211110220731.2396491-14-brijesh.singh@amd.com (mailing list archive)

State

New, archived

Headers

Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com;
From: Brijesh Singh <brijesh.singh@amd.com>
To: <x86@kernel.org>, <linux-kernel@vger.kernel.org>,
        <kvm@vger.kernel.org>, <linux-efi@vger.kernel.org>,
        <platform-driver-x86@vger.kernel.org>,
        <linux-coco@lists.linux.dev>, <linux-mm@kvack.org>
CC: Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Joerg Roedel <jroedel@suse.de>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        "H. Peter Anvin" <hpa@zytor.com>, Ard Biesheuvel <ardb@kernel.org>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Sean Christopherson <seanjc@google.com>,
        "Vitaly Kuznetsov" <vkuznets@redhat.com>,
        Jim Mattson <jmattson@google.com>,
        "Andy Lutomirski" <luto@kernel.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Sergio Lopez <slp@redhat.com>, Peter Gonda <pgonda@google.com>,
        "Peter Zijlstra" <peterz@infradead.org>,
        Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>,
        David Rientjes <rientjes@google.com>,
        Dov Murik <dovmurik@linux.ibm.com>,
        Tobin Feldman-Fitzthum <tobin@ibm.com>,
        Borislav Petkov <bp@alien8.de>,
        Michael Roth <michael.roth@amd.com>,
        Vlastimil Babka <vbabka@suse.cz>,
        "Kirill A . Shutemov" <kirill@shutemov.name>,
        Andi Kleen <ak@linux.intel.com>,
        "Dr . David Alan Gilbert" <dgilbert@redhat.com>,
        <tony.luck@intel.com>, <marcorr@google.com>,
        <sathyanarayanan.kuppuswamy@linux.intel.com>,
        Brijesh Singh <brijesh.singh@amd.com>
Subject: [PATCH v7 13/45] x86/sev: Check the vmpl level
Date: Wed, 10 Nov 2021 16:06:59 -0600
Message-ID: <20211110220731.2396491-14-brijesh.singh@amd.com>
In-Reply-To: <20211110220731.2396491-1-brijesh.singh@amd.com>
References: <20211110220731.2396491-1-brijesh.singh@amd.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Nov 2021 22:08:20.6569
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 bad18c0e-4334-4c51-2eac-08d9a4969b50
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 DM6NAM11FT026.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB2500
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org

Series

Add AMD Secure Nested Paging (SEV-SNP) Guest Support | expand

Commit Message

Brijesh Singh Nov. 10, 2021, 10:06 p.m. UTC

Virtual Machine Privilege Level (VMPL) is an optional feature in the
SEV-SNP architecture, which allows a guest VM to divide its address space
into four levels. The level can be used to provide the hardware isolated
abstraction layers with a VM. The VMPL0 is the highest privilege, and
VMPL3 is the least privilege. Certain operations must be done by the VMPL0
software, such as:

* Validate or invalidate memory range (PVALIDATE instruction)
* Allocate VMSA page (RMPADJUST instruction when VMSA=1)

The initial SEV-SNP support assumes that the guest kernel is running on
VMPL0. Let's add a check to make sure that kernel is running at VMPL0
before continuing the boot. There is no easy method to query the current
VMPL level, so use the RMPADJUST instruction to determine whether its
booted at the VMPL0.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 arch/x86/boot/compressed/sev.c    | 34 ++++++++++++++++++++++++++++---
 arch/x86/include/asm/sev-common.h |  1 +
 arch/x86/include/asm/sev.h        | 16 +++++++++++++++
 3 files changed, 48 insertions(+), 3 deletions(-)

Comments

Borislav Petkov Dec. 6, 2021, 6:25 p.m. UTC | #1

On Wed, Nov 10, 2021 at 04:06:59PM -0600, Brijesh Singh wrote:
> Virtual Machine Privilege Level (VMPL) is an optional feature in the
> SEV-SNP architecture, which allows a guest VM to divide its address space
> into four levels. The level can be used to provide the hardware isolated
> abstraction layers with a VM.

That sentence needs improving.

> The VMPL0 is the highest privilege, and
> VMPL3 is the least privilege. Certain operations must be done by the VMPL0
> software, such as:
> 
> * Validate or invalidate memory range (PVALIDATE instruction)
> * Allocate VMSA page (RMPADJUST instruction when VMSA=1)
> 
> The initial SEV-SNP support assumes that the guest kernel is running on

assumes? I think it is "requires".

> VMPL0. Let's add a check to make sure that kernel is running at VMPL0

s/Let's //

> before continuing the boot. There is no easy method to query the current
> VMPL level, so use the RMPADJUST instruction to determine whether its

"... whether the guest is running at VMPL0."

> booted at the VMPL0.
> 
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
>  arch/x86/boot/compressed/sev.c    | 34 ++++++++++++++++++++++++++++---
>  arch/x86/include/asm/sev-common.h |  1 +
>  arch/x86/include/asm/sev.h        | 16 +++++++++++++++
>  3 files changed, 48 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c
> index e525fa74a551..21feb7f4f76f 100644
> --- a/arch/x86/boot/compressed/sev.c
> +++ b/arch/x86/boot/compressed/sev.c
> @@ -124,6 +124,29 @@ static inline bool sev_snp_enabled(void)
>  	return sev_status & MSR_AMD64_SEV_SNP_ENABLED;
>  }
>  
> +static bool is_vmpl0(void)
> +{
> +	u64 attrs;
> +	int err;
> +
> +	/*
> +	 * There is no straightforward way to query the current VMPL level. The
> +	 * simplest method is to use the RMPADJUST instruction to change a page
> +	 * permission to a VMPL level-1, and if the guest kernel is launched at
> +	 * a level <= 1, then RMPADJUST instruction will return an error.
> +	 */

So I was wondering what this is changing because if the change you do is
relevant, you'd have to undo it.

But looking at RMPADJUST, TARGET_PERM_MASK is 0 for target VMPL1 so
you're basically clearing all permissions for boot_ghcb_page on VMPL1.
Which is fine currently as we do only VMPL0 but pls write that out
explicitly what you're doing here and why it is ok to use RMPADJUST
without having to restore any changes it has done to the RMP table.

> +	attrs = 1;
> +
> +	/*
> +	 * Any page-aligned virtual address is sufficient to test the VMPL level.
> +	 * The boot_ghcb_page is page aligned memory, so lets use for the test.
> +	 */
> +	if (rmpadjust((unsigned long)&boot_ghcb_page, RMP_PG_SIZE_4K, attrs))
> +		return false;
> +
> +	return true;
> +}
> +
>  static bool do_early_sev_setup(void)
>  {
>  	if (!sev_es_negotiate_protocol())
> @@ -132,10 +155,15 @@ static bool do_early_sev_setup(void)
>  	/*
>  	 * SNP is supported in v2 of the GHCB spec which mandates support for HV
>  	 * features. If SEV-SNP is enabled, then check if the hypervisor supports
> -	 * the SEV-SNP features.
> +	 * the SEV-SNP features and is launched at VMPL-0 level.

"VMPL0" - no hyphen - like in the APM. Below too.

>  	 */
> -	if (sev_snp_enabled() && !(sev_hv_features & GHCB_HV_FT_SNP))
> -		sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED);
> +	if (sev_snp_enabled()) {
> +		if (!(sev_hv_features & GHCB_HV_FT_SNP))
> +			sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED);
> +
> +		if (!is_vmpl0())
> +			sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_NOT_VMPL0);
> +	}
>  
>  	if (set_page_decrypted((unsigned long)&boot_ghcb_page))
>  		return false;

diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c
index e525fa74a551..21feb7f4f76f 100644
--- a/arch/x86/boot/compressed/sev.c
+++ b/arch/x86/boot/compressed/sev.c
@@ -124,6 +124,29 @@  static inline bool sev_snp_enabled(void)
 	return sev_status & MSR_AMD64_SEV_SNP_ENABLED;
 }
 
+static bool is_vmpl0(void)
+{
+	u64 attrs;
+	int err;
+
+	/*
+	 * There is no straightforward way to query the current VMPL level. The
+	 * simplest method is to use the RMPADJUST instruction to change a page
+	 * permission to a VMPL level-1, and if the guest kernel is launched at
+	 * a level <= 1, then RMPADJUST instruction will return an error.
+	 */
+	attrs = 1;
+
+	/*
+	 * Any page-aligned virtual address is sufficient to test the VMPL level.
+	 * The boot_ghcb_page is page aligned memory, so lets use for the test.
+	 */
+	if (rmpadjust((unsigned long)&boot_ghcb_page, RMP_PG_SIZE_4K, attrs))
+		return false;
+
+	return true;
+}
+
 static bool do_early_sev_setup(void)
 {
 	if (!sev_es_negotiate_protocol())
@@ -132,10 +155,15 @@  static bool do_early_sev_setup(void)
 	/*
 	 * SNP is supported in v2 of the GHCB spec which mandates support for HV
 	 * features. If SEV-SNP is enabled, then check if the hypervisor supports
-	 * the SEV-SNP features.
+	 * the SEV-SNP features and is launched at VMPL-0 level.
 	 */
-	if (sev_snp_enabled() && !(sev_hv_features & GHCB_HV_FT_SNP))
-		sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED);
+	if (sev_snp_enabled()) {
+		if (!(sev_hv_features & GHCB_HV_FT_SNP))
+			sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED);
+
+		if (!is_vmpl0())
+			sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_NOT_VMPL0);
+	}
 
 	if (set_page_decrypted((unsigned long)&boot_ghcb_page))
 		return false;
diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h
index f80a3cde2086..d426c30ae7b4 100644
--- a/arch/x86/include/asm/sev-common.h
+++ b/arch/x86/include/asm/sev-common.h
@@ -89,6 +89,7 @@ 
 #define GHCB_TERM_REGISTER		0	/* GHCB GPA registration failure */
 #define GHCB_TERM_PSC			1	/* Page State Change failure */
 #define GHCB_TERM_PVALIDATE		2	/* Pvalidate failure */
+#define GHCB_TERM_NOT_VMPL0		3	/* SNP guest is not running at VMPL-0 */
 
 #define GHCB_RESP_CODE(v)		((v) & GHCB_MSR_INFO_MASK)
 
diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
index 4ee98976aed8..e37451849165 100644
--- a/arch/x86/include/asm/sev.h
+++ b/arch/x86/include/asm/sev.h
@@ -63,6 +63,9 @@  extern bool handle_vc_boot_ghcb(struct pt_regs *regs);
 /* Software defined (when rFlags.CF = 1) */
 #define PVALIDATE_FAIL_NOUPDATE		255
 
+/* RMP page size */
+#define RMP_PG_SIZE_4K			0
+
 #ifdef CONFIG_AMD_MEM_ENCRYPT
 extern struct static_key_false sev_es_enable_key;
 extern void __sev_es_ist_enter(struct pt_regs *regs);
@@ -90,6 +93,18 @@  extern enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb,
 					  struct es_em_ctxt *ctxt,
 					  u64 exit_code, u64 exit_info_1,
 					  u64 exit_info_2);
+static inline int rmpadjust(unsigned long vaddr, bool rmp_psize, unsigned long attrs)
+{
+	int rc;
+
+	/* "rmpadjust" mnemonic support in binutils 2.36 and newer */
+	asm volatile(".byte 0xF3,0x0F,0x01,0xFE\n\t"
+		     : "=a"(rc)
+		     : "a"(vaddr), "c"(rmp_psize), "d"(attrs)
+		     : "memory", "cc");
+
+	return rc;
+}
 static inline int pvalidate(unsigned long vaddr, bool rmp_psize, bool validate)
 {
 	bool no_rmpupdate;
@@ -114,6 +129,7 @@  static inline int sev_es_setup_ap_jump_table(struct real_mode_header *rmh) { ret
 static inline void sev_es_nmi_complete(void) { }
 static inline int sev_es_efi_map_ghcbs(pgd_t *pgd) { return 0; }
 static inline int pvalidate(unsigned long vaddr, bool rmp_psize, bool validate) { return 0; }
+static inline int rmpadjust(unsigned long vaddr, bool rmp_psize, unsigned long attrs) { return 0; }
 #endif
 
 #endif

[v7,13/45] x86/sev: Check the vmpl level

Commit Message

Comments

Patch