[v7,09/45] x86/sev: Save the negotiated GHCB version

Message ID	20211110220731.2396491-10-brijesh.singh@amd.com (mailing list archive)
State	New
Headers	show Return-Path: <SRS0=AzIT=P5=kvack.org=owner-linux-mm@kernel.org> DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org E6CB9613D3 Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; From: Brijesh Singh <brijesh.singh@amd.com> To: <x86@kernel.org>, <linux-kernel@vger.kernel.org>, <kvm@vger.kernel.org>, <linux-efi@vger.kernel.org>, <platform-driver-x86@vger.kernel.org>, <linux-coco@lists.linux.dev>, <linux-mm@kvack.org> CC: Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, Joerg Roedel <jroedel@suse.de>, Tom Lendacky <thomas.lendacky@amd.com>, "H. Peter Anvin" <hpa@zytor.com>, Ard Biesheuvel <ardb@kernel.org>, Paolo Bonzini <pbonzini@redhat.com>, Sean Christopherson <seanjc@google.com>, "Vitaly Kuznetsov" <vkuznets@redhat.com>, Jim Mattson <jmattson@google.com>, "Andy Lutomirski" <luto@kernel.org>, Dave Hansen <dave.hansen@linux.intel.com>, Sergio Lopez <slp@redhat.com>, Peter Gonda <pgonda@google.com>, "Peter Zijlstra" <peterz@infradead.org>, Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>, David Rientjes <rientjes@google.com>, Dov Murik <dovmurik@linux.ibm.com>, Tobin Feldman-Fitzthum <tobin@ibm.com>, Borislav Petkov <bp@alien8.de>, Michael Roth <michael.roth@amd.com>, Vlastimil Babka <vbabka@suse.cz>, "Kirill A . Shutemov" <kirill@shutemov.name>, Andi Kleen <ak@linux.intel.com>, "Dr . David Alan Gilbert" <dgilbert@redhat.com>, <tony.luck@intel.com>, <marcorr@google.com>, <sathyanarayanan.kuppuswamy@linux.intel.com>, Brijesh Singh <brijesh.singh@amd.com> Subject: [PATCH v7 09/45] x86/sev: Save the negotiated GHCB version Date: Wed, 10 Nov 2021 16:06:55 -0600 Message-ID: <20211110220731.2396491-10-brijesh.singh@amd.com> In-Reply-To: <20211110220731.2396491-1-brijesh.singh@amd.com> References: <20211110220731.2396491-1-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	Add AMD Secure Nested Paging (SEV-SNP) Guest Support \| expand [v7,00/45] Add AMD Secure Nested Paging (SEV-SNP) Guest Support [v7,01/45] x86/compressed/64: detect/setup SEV/SME features earlier in boot [v7,02/45] x86/sev: detect/setup SEV/SME features earlier in boot [v7,03/45] x86/mm: Extend cc_attr to include AMD SEV-SNP [v7,04/45] x86/sev: Shorten GHCB terminate macro names [v7,05/45] x86/sev: Get rid of excessive use of defines [v7,06/45] x86/head64: Carve out the guest encryption postprocessing into a helper [v7,07/45] x86/sev: Remove do_early_exception() forward declarations [v7,08/45] x86/sev: Define the Linux specific guest termination reasons [v7,09/45] x86/sev: Save the negotiated GHCB version [v7,10/45] x86/sev: Add support for hypervisor feature VMGEXIT [v7,11/45] x86/sev: Check SEV-SNP features support [v7,12/45] x86/sev: Add a helper for the PVALIDATE instruction [v7,13/45] x86/sev: Check the vmpl level [v7,14/45] x86/compressed: Add helper for validating pages in the decompression stage [v7,15/45] x86/compressed: Register GHCB memory when SEV-SNP is active [v7,16/45] x86/sev: Register GHCB memory when SEV-SNP is active [v7,17/45] x86/sev: Add helper for validating pages in early enc attribute changes [v7,18/45] x86/kernel: Make the bss.decrypted section shared in RMP table [v7,19/45] x86/kernel: Validate rom memory before accessing when SEV-SNP is active [v7,20/45] x86/mm: Add support to validate memory when changing C-bit [v7,21/45] KVM: SVM: Define sev_features and vmpl field in the VMSA [v7,22/45] KVM: SVM: Create a separate mapping for the SEV-ES save area [v7,23/45] KVM: SVM: Create a separate mapping for the GHCB save area [v7,24/45] KVM: SVM: Update the SEV-ES save area mapping [v7,25/45] x86/sev: Use SEV-SNP AP creation to start secondary CPUs [v7,26/45] x86/head: re-enable stack protection for 32/64-bit builds [v7,27/45] x86/sev: move MSR-based VMGEXITs for CPUID to helper [v7,28/45] KVM: x86: move lookup of indexed CPUID leafs to helper [v7,29/45] x86/compressed/acpi: move EFI system table lookup to helper [v7,30/45] x86/compressed/acpi: move EFI config table lookup to helper [v7,31/45] x86/compressed/acpi: move EFI vendor table lookup to helper [v7,32/45] x86/boot: Add Confidential Computing type to setup_data [v7,33/45] KVM: SEV: Add documentation for SEV-SNP CPUID Enforcement [v7,34/45] x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers [v7,35/45] x86/boot: add a pointer to Confidential Computing blob in bootparams [v7,36/45] x86/compressed: add SEV-SNP feature detection/setup [v7,37/45] x86/compressed: use firmware-validated CPUID for SEV-SNP guests [v7,38/45] x86/compressed/64: add identity mapping for Confidential Computing blob [v7,39/45] x86/sev: add SEV-SNP feature detection/setup [v7,40/45] x86/sev: use firmware-validated CPUID for SEV-SNP guests [v7,41/45] x86/sev: Provide support for SNP guest request NAEs [v7,42/45] x86/sev: Register SNP guest request platform device [v7,43/45] virt: Add SEV-SNP guest driver [v7,44/45] virt: sevguest: Add support to derive key [v7,45/45] virt: sevguest: Add support to get extended report

Message ID

20211110220731.2396491-10-brijesh.singh@amd.com (mailing list archive)

State

New

Headers

DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org E6CB9613D3
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com;
From: Brijesh Singh <brijesh.singh@amd.com>
To: <x86@kernel.org>, <linux-kernel@vger.kernel.org>, <kvm@vger.kernel.org>,
	<linux-efi@vger.kernel.org>, <platform-driver-x86@vger.kernel.org>,
	<linux-coco@lists.linux.dev>, <linux-mm@kvack.org>
CC: Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
	Joerg Roedel <jroedel@suse.de>, Tom Lendacky <thomas.lendacky@amd.com>, "H.
 Peter Anvin" <hpa@zytor.com>, Ard Biesheuvel <ardb@kernel.org>, Paolo Bonzini
	<pbonzini@redhat.com>, Sean Christopherson <seanjc@google.com>, "Vitaly
 Kuznetsov" <vkuznets@redhat.com>, Jim Mattson <jmattson@google.com>, "Andy
 Lutomirski" <luto@kernel.org>, Dave Hansen <dave.hansen@linux.intel.com>,
	Sergio Lopez <slp@redhat.com>, Peter Gonda <pgonda@google.com>, "Peter
 Zijlstra" <peterz@infradead.org>, Srinivas Pandruvada
	<srinivas.pandruvada@linux.intel.com>, David Rientjes <rientjes@google.com>,
	Dov Murik <dovmurik@linux.ibm.com>, Tobin Feldman-Fitzthum <tobin@ibm.com>,
	Borislav Petkov <bp@alien8.de>, Michael Roth <michael.roth@amd.com>,
	Vlastimil Babka <vbabka@suse.cz>, "Kirill A . Shutemov"
	<kirill@shutemov.name>, Andi Kleen <ak@linux.intel.com>, "Dr . David Alan
 Gilbert" <dgilbert@redhat.com>, <tony.luck@intel.com>, <marcorr@google.com>,
	<sathyanarayanan.kuppuswamy@linux.intel.com>, Brijesh Singh
	<brijesh.singh@amd.com>
Subject: [PATCH v7 09/45] x86/sev: Save the negotiated GHCB version
Date: Wed, 10 Nov 2021 16:06:55 -0600
Message-ID: <20211110220731.2396491-10-brijesh.singh@amd.com>
In-Reply-To: <20211110220731.2396491-1-brijesh.singh@amd.com>
References: <20211110220731.2396491-1-brijesh.singh@amd.com>
MIME-Version: 1.0
Content-Type: text/plain
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Nov 2021 22:08:15.8863
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 b50718e0-f891-4022-c09a-08d9a496987b
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	DM6NAM11FT066.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4029
Authentication-Results: imf19.hostedemail.com;
	dkim=pass header.d=amd.com header.s=selector1 header.b=Z6iEB7WN;
	spf=pass (imf19.hostedemail.com: domain of brijesh.singh@amd.com designates
 40.107.220.79 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com;
	dmarc=pass (policy=quarantine) header.from=amd.com
X-Rspamd-Server: rspam04
X-Rspamd-Queue-Id: DEF9FB0000BC
X-Stat-Signature: e85xinfgcewi9pszeusaxocsrpfrktnq
X-HE-Tag: 1636582095-60791
Content-Transfer-Encoding: quoted-printable
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Series

Add AMD Secure Nested Paging (SEV-SNP) Guest Support | expand

Commit Message

Brijesh Singh Nov. 10, 2021, 10:06 p.m. UTC

The SEV-ES guest calls the sev_es_negotiate_protocol() to negotiate the
GHCB protocol version before establishing the GHCB. Cache the negotiated
GHCB version so that it can be used later.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 arch/x86/include/asm/sev.h   |  2 +-
 arch/x86/kernel/sev-shared.c | 17 ++++++++++++++---
 2 files changed, 15 insertions(+), 4 deletions(-)

Comments

Tianyu Lan Dec. 7, 2021, 12:51 p.m. UTC | #1

Hi Brijesh:
      We find this patch breaks AMD SEV support in the Hyper-V Isolation
VM. Hyper-V code also uses sev_es_ghcb_hv_call() to read or write msr
value. The sev_es_check_cpu_features() isn't called in the Hyper-V code
and so the ghcb_version is always 0. Could you add a new parameter 
ghcb_version for sev_es_ghcb_hv_call() and then caller may input 
ghcb_version?

Thanks.

On 11/11/2021 6:06 AM, Brijesh Singh wrote:
> The SEV-ES guest calls the sev_es_negotiate_protocol() to negotiate the
> GHCB protocol version before establishing the GHCB. Cache the negotiated
> GHCB version so that it can be used later.
> 
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
>   arch/x86/include/asm/sev.h   |  2 +-
>   arch/x86/kernel/sev-shared.c | 17 ++++++++++++++---
>   2 files changed, 15 insertions(+), 4 deletions(-)
> 
> diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
> index ec060c433589..9b9c190e8c3b 100644
> --- a/arch/x86/include/asm/sev.h
> +++ b/arch/x86/include/asm/sev.h
> @@ -12,7 +12,7 @@
>   #include <asm/insn.h>
>   #include <asm/sev-common.h>
>   
> -#define GHCB_PROTO_OUR		0x0001UL
> +#define GHCB_PROTOCOL_MIN	1ULL
>   #define GHCB_PROTOCOL_MAX	1ULL
>   #define GHCB_DEFAULT_USAGE	0ULL
>   
> diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c
> index 2abf8a7d75e5..91105f5a02a8 100644
> --- a/arch/x86/kernel/sev-shared.c
> +++ b/arch/x86/kernel/sev-shared.c
> @@ -14,6 +14,15 @@
>   #define has_cpuflag(f)	boot_cpu_has(f)
>   #endif
>   
> +/*
> + * Since feature negotiation related variables are set early in the boot
> + * process they must reside in the .data section so as not to be zeroed
> + * out when the .bss section is later cleared.
> + *
> + * GHCB protocol version negotiated with the hypervisor.
> + */
> +static u16 ghcb_version __ro_after_init;
> +
>   static bool __init sev_es_check_cpu_features(void)
>   {
>   	if (!has_cpuflag(X86_FEATURE_RDRAND)) {
> @@ -51,10 +60,12 @@ static bool sev_es_negotiate_protocol(void)
>   	if (GHCB_MSR_INFO(val) != GHCB_MSR_SEV_INFO_RESP)
>   		return false;
>   
> -	if (GHCB_MSR_PROTO_MAX(val) < GHCB_PROTO_OUR ||
> -	    GHCB_MSR_PROTO_MIN(val) > GHCB_PROTO_OUR)
> +	if (GHCB_MSR_PROTO_MAX(val) < GHCB_PROTOCOL_MIN ||
> +	    GHCB_MSR_PROTO_MIN(val) > GHCB_PROTOCOL_MAX)
>   		return false;
>   
> +	ghcb_version = min_t(size_t, GHCB_MSR_PROTO_MAX(val), GHCB_PROTOCOL_MAX);
> +
>   	return true;
>   }
>   
> @@ -127,7 +138,7 @@ enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb, bool set_ghcb_msr,
>   				   u64 exit_info_1, u64 exit_info_2)
>   {
>   	/* Fill in protocol and format specifiers */
> -	ghcb->protocol_version = GHCB_PROTOCOL_MAX;
> +	ghcb->protocol_version = ghcb_version;
>   	ghcb->ghcb_usage       = GHCB_DEFAULT_USAGE;
>   
>   	ghcb_set_sw_exit_code(ghcb, exit_code);
>

Brijesh Singh Dec. 7, 2021, 4:58 p.m. UTC | #2

On 12/7/21 7:17 AM, Borislav Petkov wrote:
> On Tue, Dec 07, 2021 at 08:51:53PM +0800, Tianyu Lan wrote:
>> Hi Brijesh:
> 
> Do me a favor please and learn not to top-post on a public mailing list.
> Also, take the time to read Documentation/process/ before you send
> upstream patches and how to work with the community in general.
> 
>> We find this patch breaks AMD SEV support in the Hyper-V Isolation
>> VM. Hyper-V code also uses sev_es_ghcb_hv_call() to read or write msr
>> value. The sev_es_check_cpu_features() isn't called in the Hyper-V
>> code and so the ghcb_version is always 0.
> 
> If hyperv is going to expose hypervisor features, then it better report
> GHCB v2. If not, then I guess < 2 or 1 or so, depending on how this is
> defined.
> 
>> Could you add a new parameter ghcb_version for sev_es_ghcb_hv_call()
>> and then caller may input ghcb_version?
> 
> No, your hypervisor needs to adhere to the spec and report proper ghcb
> version. We won't be doing any accomodate-hyperv hacks.
> 


Agreed, the HyperV support need to negotiate the GHCB version before 
making those HC. In the current patch, the sev_es_negotiate_protocol() 
will save the ghcb_version in global variable and the saved value is 
used during the HC. Just make sure that initial HyperV support is 
adhering to the specification.

thanks

diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
index ec060c433589..9b9c190e8c3b 100644
--- a/arch/x86/include/asm/sev.h
+++ b/arch/x86/include/asm/sev.h
@@ -12,7 +12,7 @@ 
 #include <asm/insn.h>
 #include <asm/sev-common.h>
 
-#define GHCB_PROTO_OUR		0x0001UL
+#define GHCB_PROTOCOL_MIN	1ULL
 #define GHCB_PROTOCOL_MAX	1ULL
 #define GHCB_DEFAULT_USAGE	0ULL
 
diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c
index 2abf8a7d75e5..91105f5a02a8 100644
--- a/arch/x86/kernel/sev-shared.c
+++ b/arch/x86/kernel/sev-shared.c
@@ -14,6 +14,15 @@ 
 #define has_cpuflag(f)	boot_cpu_has(f)
 #endif
 
+/*
+ * Since feature negotiation related variables are set early in the boot
+ * process they must reside in the .data section so as not to be zeroed
+ * out when the .bss section is later cleared.
+ *
+ * GHCB protocol version negotiated with the hypervisor.
+ */
+static u16 ghcb_version __ro_after_init;
+
 static bool __init sev_es_check_cpu_features(void)
 {
 	if (!has_cpuflag(X86_FEATURE_RDRAND)) {
@@ -51,10 +60,12 @@  static bool sev_es_negotiate_protocol(void)
 	if (GHCB_MSR_INFO(val) != GHCB_MSR_SEV_INFO_RESP)
 		return false;
 
-	if (GHCB_MSR_PROTO_MAX(val) < GHCB_PROTO_OUR ||
-	    GHCB_MSR_PROTO_MIN(val) > GHCB_PROTO_OUR)
+	if (GHCB_MSR_PROTO_MAX(val) < GHCB_PROTOCOL_MIN ||
+	    GHCB_MSR_PROTO_MIN(val) > GHCB_PROTOCOL_MAX)
 		return false;
 
+	ghcb_version = min_t(size_t, GHCB_MSR_PROTO_MAX(val), GHCB_PROTOCOL_MAX);
+
 	return true;
 }
 
@@ -127,7 +138,7 @@  enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb, bool set_ghcb_msr,
 				   u64 exit_info_1, u64 exit_info_2)
 {
 	/* Fill in protocol and format specifiers */
-	ghcb->protocol_version = GHCB_PROTOCOL_MAX;
+	ghcb->protocol_version = ghcb_version;
 	ghcb->ghcb_usage       = GHCB_DEFAULT_USAGE;
 
 	ghcb_set_sw_exit_code(ghcb, exit_code);

[v7,09/45] x86/sev: Save the negotiated GHCB version

Commit Message

Comments

Patch