From patchwork Thu Jul 4 00:00:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13723082 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 24C39C41513 for ; Thu, 4 Jul 2024 00:07:59 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sP9zz-0002ah-Q5; Wed, 03 Jul 2024 20:06:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sP9zr-0002Zy-1F for qemu-devel@nongnu.org; Wed, 03 Jul 2024 20:06:48 -0400 Received: from mail-bn8nam12on2052.outbound.protection.outlook.com ([40.107.237.52] helo=NAM12-BN8-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sP9zc-0002Zo-Uk for qemu-devel@nongnu.org; Wed, 03 Jul 2024 20:06:46 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ijsmdG81HNhHEmk2BtEzHjbydalT+YWAlUdm3oCaAnEHM4Cty+bcEkijlcv1GzpKzOfW4MRjfvc2EGBtuLcOVHdj4G10HLp7ppU/+1Dln0HQYvPK/8TFXgs1l4Tyi3TxAMW3e5rSkFLP3pOjAA5T1W68qkbErWmfIMkj4yIzq67IoPhdP+e3UgIP8o5hiYpclJIQoTGUMuJUqRdRoMQxWhV3K3hNKvBbULkRUPAykkR1k53Mr80FyjrWDzDfZXd+c1r7Xm4kvqiFNR6glVWGK/4GoD1kOdfsU0ddK+wOy5dwwZAyVxr2fUSpzBLcMS3TES2gt8b7lvu5RjKBeQ3uWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YVy/eR8ifWXY4MCIq+yHoIgKsHrfQilhGMiPY9WrrEI=; b=mqV1zlPLVeP+aHU6fRo5DX70PqsT19IappOrXkzhCTRVQFinokRc89ykw6RBNlQC3ybgXQTWQcsrZF9n7OGBenIaovS1gw9M9d7AlClC+uI4Nf9uV91LikXQfvAtb+N/lC4MyW6otlUgJD8fu8zTvJRvG9Hle8ECUJ42ASUno8oBO71qEIsQeXu83+vPCD2xkRxNpaAcg4xUnjaDu3PLNCJrgrpvanlHomhmR2ZiDnepQtf6b9HNDN6ZXxxgKHZf6ro49AEamkbOyWBXoIers1eSI18EJZ06NkdyNpZMBUV0gT4Db7Hjz5iztEMG1TqlAyaz3A03maSjHfT+2uq8ug== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YVy/eR8ifWXY4MCIq+yHoIgKsHrfQilhGMiPY9WrrEI=; b=QySHwBvl7TMRI2/F1l7lgiWFOBFEWCRfCHeDNuadvEBQSjzdyItpcJXqNj1zgJ4eau0UCVLBepGli+Z4hmT+4Pd0KBhjhGRYsZQ5wg3u6VgYH8CWy0dKokfepqQdu4xSbqfdU5aNenDQUm1HxnZdOPtxsMyuz22++lVQMWQMZaQ= Received: from BY3PR03CA0016.namprd03.prod.outlook.com (2603:10b6:a03:39a::21) by MN2PR12MB4208.namprd12.prod.outlook.com (2603:10b6:208:1d0::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.25; Thu, 4 Jul 2024 00:01:24 +0000 Received: from SJ1PEPF00001CEB.namprd03.prod.outlook.com (2603:10b6:a03:39a:cafe::1e) by BY3PR03CA0016.outlook.office365.com (2603:10b6:a03:39a::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.25 via Frontend Transport; Thu, 4 Jul 2024 00:01:24 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00001CEB.mail.protection.outlook.com (10.167.242.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7741.18 via Frontend Transport; Thu, 4 Jul 2024 00:01:23 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 3 Jul 2024 19:01:23 -0500 From: Michael Roth To: CC: =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Paolo Bonzini , Subject: [PATCH] i386/sev: Don't allow automatic fallback to legacy KVM_SEV*_INIT Date: Wed, 3 Jul 2024 19:00:19 -0500 Message-ID: <20240704000019.3928862-1-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00001CEB:EE_|MN2PR12MB4208:EE_ X-MS-Office365-Filtering-Correlation-Id: ab6f2141-c6b7-4ccf-510b-08dc9bbc7185 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|36860700013|1800799024|376014|82310400026; X-Microsoft-Antispam-Message-Info: =?utf-8?q?+LYqJgq9hTEGefHhac8E2J/B8z64ALK?= =?utf-8?q?+eKS5PFTcfWH1wNRWJqnBuRAmKyX0Z0immrrMEqz5aL+HbCYyEL/vtRaDE2AXA2d9?= =?utf-8?q?5irdbVNYkTPXcK1CTOKh0ki5tO+ZS8TgGxqMxmrnByGJX9G0HD+CZ3PRjhCLlG81i?= =?utf-8?q?SMRkimrr5hVaSbt+yVB+iyYPjUr8W8GkLuk/KEeZTz7a2Rr4gQL7rYOfl274nUW9e?= =?utf-8?q?oAQBQmwPT10bktzgBDufv+Bzf35efYrnMzuG+9nbdXtbYOIq3jnOjxDmTEADF30It?= =?utf-8?q?81epOHwE3V3nk3C/kXLLgKuDzxIRHmJXzElbySiD9vaUOnlHUy36JvP4o2ansDYgk?= =?utf-8?q?PcrTp8bkt54qERamagdgSBZTa8CFL4fH7mQWv2s1JIH47a5flRUQZTlGWp1pocPiY?= =?utf-8?q?0ktGvJxy45ZKmIWXGCR0VX+B5AsoAQXh5Sm5e5e+33aqHsllAffwSrhDz0gx34DwS?= =?utf-8?q?M375GhsiZEdQ4dnYyDh/hH2UEY54B8PrYOTQBXmOguo6i1Wt37gcVUT3Yj+da0C8L?= =?utf-8?q?qk5AC9f0y44dS84ItmNEyj7R2yobYzzQJek4UtzTGAA4MA3h8gJoysKiWt6qEL4xD?= =?utf-8?q?yGsp1UuNI7M6vkKsoZA6TwryYIjceN4J7oIKEyfKoNJeWr7PD2m1KsSB/TKJXdBYe?= =?utf-8?q?Rr/JS1YXUEFGuPNvuahdiuFip4gfuM97Xd52c6OD0q8xvdXJu7ZtDqTextgmSmz3L?= =?utf-8?q?FoL4Np6y572ndkgCNe9Gqro4fcxt2bUNgSIeQ5oTqgQ52+wljEQmFhNqFdISGmF73?= =?utf-8?q?uz9SpnubBNPOIkbUU+iYvSYkZFGUgKsVDnx4brD8cSCiBPFHCDS96+6dPAcmvXIAz?= =?utf-8?q?NkuEz2MP3qIP/5n+VNdwHBqiqLcyoRBsIrLO4ZHtRC1lHDiwrFm7twrv4lQMQLmX7?= =?utf-8?q?UB5kO8vkmJFqzjNzB8UnXhzYLL8EM83GiPjYsMxMujEKFaM5TzNPLcV4hXhI1Obe3?= =?utf-8?q?3SAzpZZ+6U0KPpRJlUlDATosBzVDWCGS7BjjZQirzFU+eA0I5H7oM4gp7U3an48gD?= =?utf-8?q?JXLlyWFB5Fzqu0bc79Yy5CCqhC7S5P8Sl3nxbNrO4RewO9TPrreHF4hMLLjANAEFU?= =?utf-8?q?u23Eul+A4DFXYWuygv9RvxDkaD01wcbKC8BZp6y1/x9EdD7uYRG3LVxSbgZzGbSna?= =?utf-8?q?BRVygZWFpPS2xhKGnm7PqIdot0vRrjJOoDolwm2adxtALLWoGa5vHl54psMxHLHzz?= =?utf-8?q?xlZmMMJQyzBC6cP+nSB6BvfuEecLPBygoRbYNxb1JoesB7LtKGcJWIjMou6vW5LaW?= =?utf-8?q?ytNyNdXZbHYHrOCE130zfK6G1yXZ2g7TCtVjeTlEiWhWAqnMDxx++GK5fFTUOTz6t?= =?utf-8?q?XPvleN4rOrpkkTEcShFBlaLimF3s4Q6fMg/mKeJbvjg6g3ytkQpTzsZvlf7YGyCHH?= =?utf-8?q?sGEWLwVTwXD?= X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230040)(36860700013)(1800799024)(376014)(82310400026); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Jul 2024 00:01:23.8924 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ab6f2141-c6b7-4ccf-510b-08dc9bbc7185 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00001CEB.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4208 Received-SPF: permerror client-ip=40.107.237.52; envelope-from=Michael.Roth@amd.com; helo=NAM12-BN8-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Currently if the 'legacy-vm-type' property of the sev-guest object is left unset, QEMU will attempt to use the newer KVM_SEV_INIT2 kernel interface in conjunction with the newer KVM_X86_SEV_VM and KVM_X86_SEV_ES_VM KVM VM types. This can lead to measurement changes if, for instance, an SEV guest was created on a host that originally had an older kernel that didn't support KVM_SEV_INIT2, but is booted on the same host later on after the host kernel was upgraded. Cc: Daniel P. Berrangé Cc: Paolo Bonzini cc: kvm@vger.kernel.org Signed-off-by: Michael Roth --- qapi/qom.json | 11 ++++++----- target/i386/sev.c | 30 ++++++++++++++++++++++++------ 2 files changed, 30 insertions(+), 11 deletions(-) diff --git a/qapi/qom.json b/qapi/qom.json index 8bd299265e..a212c009aa 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -912,11 +912,12 @@ # @handle: SEV firmware handle (default: 0) # # @legacy-vm-type: Use legacy KVM_SEV_INIT KVM interface for creating the VM. -# The newer KVM_SEV_INIT2 interface syncs additional vCPU -# state when initializing the VMSA structures, which will -# result in a different guest measurement. Set this to -# maintain compatibility with older QEMU or kernel versions -# that rely on legacy KVM_SEV_INIT behavior. +# The newer KVM_SEV_INIT2 interface, from Linux >= 6.10, syncs +# additional vCPU state when initializing the VMSA structures, +# which will result in a different guest measurement. Set +# this to force compatibility with older QEMU or kernel +# versions that rely on legacy KVM_SEV_INIT behavior. +# Otherwise, QEMU will require KVM_SEV_INIT2 for SEV guests. # (default: false) (since 9.1) # # Since: 2.12 diff --git a/target/i386/sev.c b/target/i386/sev.c index 3ab8b3c28b..8f56c0cf0c 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -1347,14 +1347,22 @@ static int sev_kvm_type(X86ConfidentialGuest *cg) goto out; } + if (sev_guest->legacy_vm_type) { + sev_common->kvm_type = KVM_X86_DEFAULT_VM; + goto out; + } + kvm_type = (sev_guest->policy & SEV_POLICY_ES) ? KVM_X86_SEV_ES_VM : KVM_X86_SEV_VM; - if (kvm_is_vm_type_supported(kvm_type) && !sev_guest->legacy_vm_type) { - sev_common->kvm_type = kvm_type; - } else { - sev_common->kvm_type = KVM_X86_DEFAULT_VM; + if (!kvm_is_vm_type_supported(kvm_type)) { + error_report("SEV: host kernel does not support requested %s VM type. To allow use of " + "legacy KVM_X86_DEFAULT_VM VM type, the 'legacy-vm-type' argument must be " + "set to true for the sev-guest object.", + kvm_type == KVM_X86_SEV_VM ? "KVM_X86_SEV_VM" : "KVM_X86_SEV_ES_VM"); + return -1; } + sev_common->kvm_type = kvm_type; out: return sev_common->kvm_type; } @@ -1445,14 +1453,24 @@ static int sev_common_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) } trace_kvm_sev_init(); - if (x86_klass->kvm_type(X86_CONFIDENTIAL_GUEST(sev_common)) == KVM_X86_DEFAULT_VM) { + switch (x86_klass->kvm_type(X86_CONFIDENTIAL_GUEST(sev_common))) { + case KVM_X86_DEFAULT_VM: cmd = sev_es_enabled() ? KVM_SEV_ES_INIT : KVM_SEV_INIT; ret = sev_ioctl(sev_common->sev_fd, cmd, NULL, &fw_error); - } else { + break; + case KVM_X86_SEV_VM: + case KVM_X86_SEV_ES_VM: + case KVM_X86_SNP_VM: { struct kvm_sev_init args = { 0 }; ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_INIT2, &args, &fw_error); + break; + } + default: + error_setg(errp, "%s: host kernel does not support the requested SEV configuration.", + __func__); + return -1; } if (ret) {