From patchwork Thu Jun 20 16:38:50 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11007447 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7F59413AF for ; Thu, 20 Jun 2019 16:40:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6B58328816 for ; Thu, 20 Jun 2019 16:40:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5BF072881A; Thu, 20 Jun 2019 16:40:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 295A628815 for ; Thu, 20 Jun 2019 16:40:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732379AbfFTQjx (ORCPT ); Thu, 20 Jun 2019 12:39:53 -0400 Received: from mail-eopbgr770049.outbound.protection.outlook.com ([40.107.77.49]:36184 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1732179AbfFTQiy (ORCPT ); Thu, 20 Jun 2019 12:38:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kc71Y2ypexjgI19ljEHBbP4Xsc0D4nCMgwKamL+Nql4=; b=atu7k5H5uNjjZdtVMameEBmC+uS5pRm0iub5TuXgZno/wHYtIeF6E/2tV5YFnfiwntKurGZWEgAMA16xV46h8VkzK+c0iAXkIWweqg/JfuRDpxW0Qg2jJp+m8DckEOzeS09w/nwc9OZ6iJeIb3RysrSCllfSj7gJMcdVYEsryRM= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB3401.namprd12.prod.outlook.com (20.178.198.96) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1987.11; Thu, 20 Jun 2019 16:38:50 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::b9c1:b235:fff3:dba2]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::b9c1:b235:fff3:dba2%6]) with mapi id 15.20.1987.014; Thu, 20 Jun 2019 16:38:50 +0000 From: "Singh, Brijesh" To: "kvm@vger.kernel.org" CC: "Singh, Brijesh" , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= , Joerg Roedel , Borislav Petkov , "Lendacky, Thomas" , "x86@kernel.org" , "linux-kernel@vger.kernel.org" Subject: [RFC PATCH v2 01/11] KVM: SVM: Add KVM_SEV SEND_START command Thread-Topic: [RFC PATCH v2 01/11] KVM: SVM: Add KVM_SEV SEND_START command Thread-Index: AQHVJ4ajn+++m5i4FkqNC4fjbVLm0A== Date: Thu, 20 Jun 2019 16:38:50 +0000 Message-ID: <20190620163832.5451-2-brijesh.singh@amd.com> References: <20190620163832.5451-1-brijesh.singh@amd.com> In-Reply-To: <20190620163832.5451-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM5PR15CA0055.namprd15.prod.outlook.com (2603:10b6:3:ae::17) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: e280143d-6dea-4e18-3878-08d6f59dc609 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020);SRVR:DM6PR12MB3401; x-ms-traffictypediagnostic: DM6PR12MB3401: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6790; x-forefront-prvs: 0074BBE012 x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(366004)(346002)(376002)(39860400002)(396003)(136003)(199004)(189003)(446003)(305945005)(6116002)(36756003)(54906003)(11346002)(478600001)(25786009)(50226002)(14454004)(8936002)(4326008)(7416002)(1730700003)(8676002)(86362001)(68736007)(5660300002)(316002)(81166006)(1076003)(81156014)(256004)(66476007)(66556008)(53936002)(99286004)(2501003)(6916009)(71190400001)(7736002)(186003)(73956011)(71200400001)(66946007)(66446008)(26005)(64756008)(2906002)(2351001)(3846002)(66066001)(6436002)(102836004)(5640700003)(6486002)(476003)(2616005)(386003)(6506007)(6512007)(52116002)(486006)(76176011);DIR:OUT;SFP:1101;SCL:1;SRVR:DM6PR12MB3401;H:DM6PR12MB2682.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: IZAeqjJGvKmAyMXAz1Se/RQoh6R+FH5JoDPmvYkHJU/8SV8xY1cMUW7mocPpC91biGiDNbx7PKbFpw6KjVkWSVRgZBM4YddpJFvfFg+HKbA8JIJc+GBPKmxR76aewcqwwre72xLYGT+QyeZphCQ3VcSU5wfqHKsGNMssciCtyGv9hqdxdRcx4lgsu8WC49eHNAfPWN7wuow3HVIqCOQjiJyy4jBdMu0Jf+JunyaZY5PAUJPaLd8bb8o6v3/wyIEfU4jA3qFuZCjfyZIhrXwdb47xRuVOhxODQigrT1m0fjercJYnIfzIPYhPgIqBxcPxh6ADRh/nDevi9RKT9YlUgsmfrDquuPRtV6/ksJOOn4Am9KLl8lOa9r02Qkcq9T15ILrGIooQN8CbWLKKAqEnkOb35aFxVqlFXu1Wlem63cE= Content-ID: <15A0A480CEC5094DB055252DB37F88CA@namprd12.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: e280143d-6dea-4e18-3878-08d6f59dc609 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jun 2019 16:38:50.5374 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3401 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The command is used to create an outgoing SEV guest encryption context. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- .../virtual/kvm/amd-memory-encryption.rst | 27 +++++ arch/x86/kvm/svm.c | 105 ++++++++++++++++++ include/uapi/linux/kvm.h | 12 ++ 3 files changed, 144 insertions(+) diff --git a/Documentation/virtual/kvm/amd-memory-encryption.rst b/Documentation/virtual/kvm/amd-memory-encryption.rst index 659bbc093b52..9ea974c87980 100644 --- a/Documentation/virtual/kvm/amd-memory-encryption.rst +++ b/Documentation/virtual/kvm/amd-memory-encryption.rst @@ -238,6 +238,33 @@ Returns: 0 on success, -negative on error __u32 trans_len; }; +10. KVM_SEV_SEND_START +---------------------- + +The KVM_SEV_SEND_START command can be used by the hypervisor to create an +outgoing guest encryption context. + +Parameters (in): struct kvm_sev_send_start + +Returns: 0 on success, -negative on error + +:: + struct kvm_sev_send_start { + __u32 policy; /* guest policy */ + + __u64 pdh_cert_uaddr; /* platform Diffie-Hellman certificate */ + __u32 pdh_cert_len; + + __u64 plat_cert_uaddr; /* platform certificate chain */ + __u32 plat_cert_len; + + __u64 amd_cert_uaddr; /* AMD certificate */ + __u32 amd_cert_len; + + __u64 session_uaddr; /* Guest session information */ + __u32 session_len; + }; + References ========== diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 735b8c01895e..98e5a6c2bacc 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -6960,6 +6960,108 @@ static int sev_launch_secret(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_send_start(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + void *amd_cert = NULL, *session_data = NULL; + void *pdh_cert = NULL, *plat_cert = NULL; + struct sev_data_send_start *data = NULL; + struct kvm_sev_send_start params; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, + sizeof(struct kvm_sev_send_start))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + /* userspace wants to query the session length */ + if (!params.session_len) + goto cmd; + + if (!params.pdh_cert_uaddr || !params.pdh_cert_len || + !params.session_uaddr) + return -EINVAL; + + /* copy the certificate blobs from userspace */ + pdh_cert = psp_copy_user_blob(params.pdh_cert_uaddr, params.pdh_cert_len); + if (IS_ERR(pdh_cert)) { + ret = PTR_ERR(pdh_cert); + goto e_free; + } + + data->pdh_cert_address = __psp_pa(pdh_cert); + data->pdh_cert_len = params.pdh_cert_len; + + plat_cert = psp_copy_user_blob(params.plat_cert_uaddr, params.plat_cert_len); + if (IS_ERR(plat_cert)) { + ret = PTR_ERR(plat_cert); + goto e_free_pdh; + } + + data->plat_cert_address = __psp_pa(plat_cert); + data->plat_cert_len = params.plat_cert_len; + + amd_cert = psp_copy_user_blob(params.amd_cert_uaddr, params.amd_cert_len); + if (IS_ERR(amd_cert)) { + ret = PTR_ERR(amd_cert); + goto e_free_plat_cert; + } + + data->amd_cert_address = __psp_pa(amd_cert); + data->amd_cert_len = params.amd_cert_len; + + ret = -EINVAL; + if (params.session_len > SEV_FW_BLOB_MAX_SIZE) + goto e_free_amd_cert; + + ret = -ENOMEM; + session_data = kmalloc(params.session_len, GFP_KERNEL); + if (!session_data) + goto e_free_amd_cert; + + data->session_address = __psp_pa(session_data); + data->session_len = params.session_len; +cmd: + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_START, data, &argp->error); + + /* if we queried the session length, FW responded with expected data */ + if (!params.session_len) + goto done; + + if (copy_to_user((void __user *)(uintptr_t) params.session_uaddr, + session_data, params.session_len)) { + ret = -EFAULT; + goto e_free_session; + } + + params.policy = data->policy; + +done: + params.session_len = data->session_len; + if (copy_to_user((void __user *)(uintptr_t)argp->data, ¶ms, + sizeof(struct kvm_sev_send_start))) + ret = -EFAULT; + +e_free_session: + kfree(session_data); +e_free_amd_cert: + kfree(amd_cert); +e_free_plat_cert: + kfree(plat_cert); +e_free_pdh: + kfree(pdh_cert); +e_free: + kfree(data); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -7001,6 +7103,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_LAUNCH_SECRET: r = sev_launch_secret(kvm, &sev_cmd); break; + case KVM_SEV_SEND_START: + r = sev_send_start(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 2fe12b40d503..4e9e7a5b2066 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1531,6 +1531,18 @@ struct kvm_sev_dbg { __u32 len; }; +struct kvm_sev_send_start { + __u32 policy; + __u64 pdh_cert_uaddr; + __u32 pdh_cert_len; + __u64 plat_cert_uaddr; + __u32 plat_cert_len; + __u64 amd_cert_uaddr; + __u32 amd_cert_len; + __u64 session_uaddr; + __u32 session_len; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Thu Jun 20 16:38:51 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11007429 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D1E10924 for ; Thu, 20 Jun 2019 16:38:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C364E28812 for ; Thu, 20 Jun 2019 16:38:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B765E28816; Thu, 20 Jun 2019 16:38:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 95C9428812 for ; Thu, 20 Jun 2019 16:38:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732203AbfFTQiz (ORCPT ); Thu, 20 Jun 2019 12:38:55 -0400 Received: from mail-eopbgr770082.outbound.protection.outlook.com ([40.107.77.82]:17878 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1732193AbfFTQiy (ORCPT ); Thu, 20 Jun 2019 12:38:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4RPfiQuGM4+VRpYT5pPW8bzPAnrPV1BLNuZaiqFDl78=; b=AS4SxB8ofvEaTBQf4qE9EqMBjYE7XErbs9jtAmcWc6k68/K7m5hSL6oHnouXnE23+uLbQInXE0cZn1n8yHd9q9ICME/Ovox6dSsYMcmnfy3zIPkUsRK+x46+FrkdQDRdn1WbLv9SeMb5YE0WWAXAt3b0bN2P0kFkpVcD6l4dTPc= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB3914.namprd12.prod.outlook.com (10.255.174.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1987.10; Thu, 20 Jun 2019 16:38:51 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::b9c1:b235:fff3:dba2]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::b9c1:b235:fff3:dba2%6]) with mapi id 15.20.1987.014; Thu, 20 Jun 2019 16:38:51 +0000 From: "Singh, Brijesh" To: "kvm@vger.kernel.org" CC: "Singh, Brijesh" , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= , Joerg Roedel , Borislav Petkov , "Lendacky, Thomas" , "x86@kernel.org" , "linux-kernel@vger.kernel.org" Subject: [RFC PATCH v2 02/11] KVM: SVM: Add KVM_SEND_UPDATE_DATA command Thread-Topic: [RFC PATCH v2 02/11] KVM: SVM: Add KVM_SEND_UPDATE_DATA command Thread-Index: AQHVJ4akAjVw6iJu7U2yYEmI8BC5cQ== Date: Thu, 20 Jun 2019 16:38:51 +0000 Message-ID: <20190620163832.5451-3-brijesh.singh@amd.com> References: <20190620163832.5451-1-brijesh.singh@amd.com> In-Reply-To: <20190620163832.5451-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM5PR15CA0055.namprd15.prod.outlook.com (2603:10b6:3:ae::17) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 8e64760d-fef5-4774-c21a-08d6f59dc69d x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020);SRVR:DM6PR12MB3914; x-ms-traffictypediagnostic: DM6PR12MB3914: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7691; x-forefront-prvs: 0074BBE012 x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(396003)(346002)(136003)(366004)(376002)(39860400002)(199004)(189003)(2616005)(52116002)(54906003)(86362001)(305945005)(256004)(6916009)(71190400001)(2501003)(71200400001)(6116002)(2906002)(25786009)(6512007)(53936002)(66446008)(6506007)(5640700003)(386003)(7416002)(14444005)(2351001)(66476007)(66556008)(7736002)(486006)(5660300002)(11346002)(476003)(99286004)(446003)(73956011)(68736007)(8936002)(6436002)(66946007)(478600001)(64756008)(4326008)(6486002)(3846002)(36756003)(66066001)(1730700003)(14454004)(81166006)(1076003)(102836004)(66574012)(81156014)(50226002)(186003)(8676002)(26005)(316002)(76176011);DIR:OUT;SFP:1101;SCL:1;SRVR:DM6PR12MB3914;H:DM6PR12MB2682.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: oUiaVF+B7PI3RISM/5cDy48BfHfW7dxmc0FnpB31ymiclfxcVt34lfv2x5qdbD5nSWSwfZxiHDyBzKON7f6dvdOP4uQ0zwUV3D0dEOyfc+May/paJ+KjuoVqUtJa/ZZlU+Z5DNGSDoX3V71VVoazXZ6N+qZ7AeaT487RBeRBCFC0hHGXHYvvPyBTi3gtZnm4mBf1MhOi8QvuGpyB7ozQOys80rwIPv0asCuf66jpQff8ILRwsKt4abvaDVZxvrUnst07/YOhw4BhU40TjL7+Z4zbIJT4yeVml0m2OvxwZYftMTOEkMH9tsRQRm8czc+XwZLYVexWBUnp0VjFAiKzCL+o9O5Zcj9/4VvmO5EJqZvkHub1SMUFQBlz3Akp7RgUAdqs8Bc0sj5aU392UnHlfUa/U4Cia729sxGGpVt1a7k= Content-ID: MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8e64760d-fef5-4774-c21a-08d6f59dc69d X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jun 2019 16:38:51.5159 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3914 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The command is used for encrypting the guest memory region using the encryption context created with KVM_SEV_SEND_START. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- .../virtual/kvm/amd-memory-encryption.rst | 24 ++++ arch/x86/kvm/svm.c | 120 +++++++++++++++++- include/uapi/linux/kvm.h | 9 ++ 3 files changed, 149 insertions(+), 4 deletions(-) diff --git a/Documentation/virtual/kvm/amd-memory-encryption.rst b/Documentation/virtual/kvm/amd-memory-encryption.rst index 9ea974c87980..ea881f21bc60 100644 --- a/Documentation/virtual/kvm/amd-memory-encryption.rst +++ b/Documentation/virtual/kvm/amd-memory-encryption.rst @@ -265,6 +265,30 @@ Returns: 0 on success, -negative on error __u32 session_len; }; +11. KVM_SEV_SEND_UPDATE_DATA +---------------------------- + +The KVM_SEV_SEND_UPDATE_DATA command can be used by the hypervisor to encrypt the +outgoing guest memory region with the encryption context creating using +KVM_SEV_SEND_START. + +Parameters (in): struct kvm_sev_send_update_data + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_launch_send_update_data { + __u64 hdr_uaddr; /* userspace address containing the packet header */ + __u32 hdr_len; + + __u64 guest_uaddr; /* the source memory region to be encrypted */ + __u32 guest_len; + + __u64 trans_uaddr; /* the destition memory region */ + __u32 trans_len; + }; + References ========== diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 98e5a6c2bacc..de353664ea22 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -421,6 +421,7 @@ enum { static unsigned int max_sev_asid; static unsigned int min_sev_asid; +static unsigned long sev_me_mask; static unsigned long *sev_asid_bitmap; #define __sme_page_pa(x) __sme_set(page_to_pfn(x) << PAGE_SHIFT) @@ -1219,16 +1220,21 @@ static int avic_ga_log_notifier(u32 ga_tag) static __init int sev_hardware_setup(void) { struct sev_user_data_status *status; + int eax, ebx; int rc; - /* Maximum number of encrypted guests supported simultaneously */ - max_sev_asid = cpuid_ecx(0x8000001F); + /* + * Query the memory encryption information. + * EBX: Bit 0:5 Pagetable bit position used to indicate encryption (aka Cbit). + * ECX: Maximum number of encrypted guests supported simultaneously. + * EDX: Minimum ASID value that should be used for SEV guest. + */ + cpuid(0x8000001f, &eax, &ebx, &max_sev_asid, &min_sev_asid); if (!max_sev_asid) return 1; - /* Minimum ASID value that should be used for SEV guest */ - min_sev_asid = cpuid_edx(0x8000001F); + sev_me_mask = 1UL << (ebx & 0x3f); /* Initialize SEV ASID bitmap */ sev_asid_bitmap = bitmap_zalloc(max_sev_asid, GFP_KERNEL); @@ -7062,6 +7068,109 @@ static int sev_send_start(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_send_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_send_update_data *data; + struct kvm_sev_send_update_data params; + void *hdr = NULL, *trans_data = NULL; + struct page **guest_page = NULL; + unsigned long n; + int ret, offset; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, + sizeof(struct kvm_sev_send_update_data))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + /* userspace wants to query either header or trans length */ + if (!params.trans_len || !params.hdr_len) + goto cmd; + + ret = -EINVAL; + if (!params.trans_uaddr || !params.guest_uaddr || + !params.guest_len || !params.hdr_uaddr) + goto e_free; + + /* Check if we are crossing the page boundry */ + ret = -EINVAL; + offset = params.guest_uaddr & (PAGE_SIZE - 1); + if ((params.guest_len + offset > PAGE_SIZE)) + goto e_free; + + ret = -ENOMEM; + hdr = kmalloc(params.hdr_len, GFP_KERNEL); + if (!hdr) + goto e_free; + + data->hdr_address = __psp_pa(hdr); + data->hdr_len = params.hdr_len; + + ret = -ENOMEM; + trans_data = kmalloc(params.trans_len, GFP_KERNEL); + if (!trans_data) + goto e_free; + + data->trans_address = __psp_pa(trans_data); + data->trans_len = params.trans_len; + + /* Pin guest memory */ + ret = -EFAULT; + guest_page = sev_pin_memory(kvm, params.guest_uaddr & PAGE_MASK, + PAGE_SIZE, &n, 0); + if (!guest_page) + goto e_free; + + /* The SEND_UPDATE_DATA command requires C-bit to be always set. */ + data->guest_address = (page_to_pfn(guest_page[0]) << PAGE_SHIFT) + offset; + data->guest_address |= sev_me_mask; + data->guest_len = params.guest_len; + +cmd: + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_UPDATE_DATA, data, &argp->error); + + /* userspace asked for header or trans length and FW responded with data */ + if (!params.trans_len || !params.hdr_len) { + params.hdr_len = data->hdr_len; + params.trans_len = data->trans_len; + goto done; + } + + if (ret) + goto e_unpin; + + /* copy transport buffer to user space */ + if (copy_to_user((void __user *)(uintptr_t)params.trans_uaddr, + trans_data, params.trans_len)) { + ret = -EFAULT; + goto e_unpin; + } + + /* copy packet header to userspace */ + if (copy_to_user((void __user *)(uintptr_t)params.hdr_uaddr, hdr, params.hdr_len)) + ret = -EFAULT; + +e_unpin: + sev_unpin_memory(kvm, guest_page, n); +done: + if (copy_to_user((void __user *)(uintptr_t)argp->data, ¶ms, + sizeof(struct kvm_sev_send_update_data))) + ret = -EFAULT; +e_free: + kfree(data); + kfree(trans_data); + kfree(hdr); + + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -7106,6 +7215,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_SEND_START: r = sev_send_start(kvm, &sev_cmd); break; + case KVM_SEV_SEND_UPDATE_DATA: + r = sev_send_update_data(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 4e9e7a5b2066..4cb6c3774ec2 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1543,6 +1543,15 @@ struct kvm_sev_send_start { __u32 session_len; }; +struct kvm_sev_send_update_data { + __u64 hdr_uaddr; + __u32 hdr_len; + __u64 guest_uaddr; + __u32 guest_len; + __u64 trans_uaddr; + __u32 trans_len; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Thu Jun 20 16:38:52 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11007449 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0A6611932 for ; Thu, 20 Jun 2019 16:40:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EE4FC28816 for ; Thu, 20 Jun 2019 16:40:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E29382881A; Thu, 20 Jun 2019 16:40:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6FFA428856 for ; Thu, 20 Jun 2019 16:40:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732373AbfFTQjx (ORCPT ); Thu, 20 Jun 2019 12:39:53 -0400 Received: from mail-eopbgr770082.outbound.protection.outlook.com ([40.107.77.82]:17878 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1732192AbfFTQiz (ORCPT ); Thu, 20 Jun 2019 12:38:55 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gEhuR7xLcxz1XvInAUK+j4c3cLrgxl4PvmZ25H5rp+s=; b=dr0yvH04Ppd4BqOhZXXUI+lkkBXqquWsI2/b1Ab3vofNzxvurBHGBr5iRKmW7xLcAI8uodtXBfqxdOBw3vJYqgAPqehq/0GZbtUmoN23GQDyK/NU+hFJ/H7ih4QYGtZAcERz58xup0+80a4hbK4P9h1U4h39mpz5GXBtLNoD0dg= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB3914.namprd12.prod.outlook.com (10.255.174.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1987.10; Thu, 20 Jun 2019 16:38:52 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::b9c1:b235:fff3:dba2]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::b9c1:b235:fff3:dba2%6]) with mapi id 15.20.1987.014; Thu, 20 Jun 2019 16:38:52 +0000 From: "Singh, Brijesh" To: "kvm@vger.kernel.org" CC: "Singh, Brijesh" , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= , Joerg Roedel , Borislav Petkov , "Lendacky, Thomas" , "x86@kernel.org" , "linux-kernel@vger.kernel.org" Subject: [RFC PATCH v2 03/11] KVM: SVM: Add KVM_SEV_SEND_FINISH command Thread-Topic: [RFC PATCH v2 03/11] KVM: SVM: Add KVM_SEV_SEND_FINISH command Thread-Index: AQHVJ4akn6U5xGOMbkOlBkZQ6vknPA== Date: Thu, 20 Jun 2019 16:38:52 +0000 Message-ID: <20190620163832.5451-4-brijesh.singh@amd.com> References: <20190620163832.5451-1-brijesh.singh@amd.com> In-Reply-To: <20190620163832.5451-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM5PR15CA0055.namprd15.prod.outlook.com (2603:10b6:3:ae::17) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4d2394d8-55a0-40f9-6e43-08d6f59dc734 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020);SRVR:DM6PR12MB3914; x-ms-traffictypediagnostic: DM6PR12MB3914: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:3826; x-forefront-prvs: 0074BBE012 x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(396003)(346002)(136003)(366004)(376002)(39860400002)(199004)(189003)(2616005)(52116002)(54906003)(86362001)(305945005)(256004)(6916009)(71190400001)(2501003)(71200400001)(6116002)(2906002)(25786009)(6512007)(53936002)(66446008)(6506007)(5640700003)(386003)(7416002)(14444005)(2351001)(66476007)(66556008)(7736002)(486006)(5660300002)(11346002)(476003)(99286004)(446003)(73956011)(68736007)(8936002)(6436002)(66946007)(478600001)(64756008)(4326008)(6486002)(3846002)(36756003)(66066001)(1730700003)(14454004)(81166006)(1076003)(102836004)(66574012)(81156014)(50226002)(186003)(8676002)(26005)(316002)(76176011);DIR:OUT;SFP:1101;SCL:1;SRVR:DM6PR12MB3914;H:DM6PR12MB2682.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: x9TfNDIG0ht6ZqRMjhutULSDbOEVJoEgEIam0//ODCEWmqDQJWrkJxQM+AqjcCUX59WH9FZ8R4q9UuOoVVTBW9ZvH24KjBJFYRG+CSqYSj8dY6YyozkbegWIwSv9BHeu4uYDg4D46GMiCIhd3KgBehyMhZcxSAxNfYvWdtvkTDT2iJP4JPNlqXDIqQmafYVWwfoWwIV11i77eSSF/4dGPrnstunrtY/mhmJW6bex0y9zvUOou9fAgw1Ic4XO0vQupGgLHGk4CxB+pPGJ9zggtfwIpfgkCXZIfG1s02Ps7SvC4k41syNwu8kXjbil8JTgLESr+8bHA1M65z2RaKAb8DfXFFXSx+qvzurfE9osC9rl00wnObGnWAGclwbYsrmb+iYy5d7Viww322In0Mq0j6QV+UM+GG34IS2kGOGOBgA= Content-ID: <61A9524CD9E75C43873CC11E9F69E0F5@namprd12.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4d2394d8-55a0-40f9-6e43-08d6f59dc734 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jun 2019 16:38:52.4274 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3914 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The command is used to finailize the encryption context created with KVM_SEV_SEND_START command. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- .../virtual/kvm/amd-memory-encryption.rst | 8 +++++++ arch/x86/kvm/svm.c | 23 +++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/Documentation/virtual/kvm/amd-memory-encryption.rst b/Documentation/virtual/kvm/amd-memory-encryption.rst index ea881f21bc60..afa11a7271f1 100644 --- a/Documentation/virtual/kvm/amd-memory-encryption.rst +++ b/Documentation/virtual/kvm/amd-memory-encryption.rst @@ -289,6 +289,14 @@ Returns: 0 on success, -negative on error __u32 trans_len; }; +12. KVM_SEV_SEND_FINISH +------------------------ + +After completion of the migration flow, the KVM_SEV_SEND_FINISH command can be +issued by the hypervisor to delete the encryption context. + +Returns: 0 on success, -negative on error + References ========== diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index de353664ea22..3dfe3f051dd9 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -7171,6 +7171,26 @@ static int sev_send_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_send_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_send_finish *data; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_FINISH, data, &argp->error); + + kfree(data); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -7218,6 +7238,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_SEND_UPDATE_DATA: r = sev_send_update_data(kvm, &sev_cmd); break; + case KVM_SEV_SEND_FINISH: + r = sev_send_finish(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; From patchwork Thu Jun 20 16:38:53 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11007433 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id F0D35924 for ; Thu, 20 Jun 2019 16:39:05 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DE5F028812 for ; Thu, 20 Jun 2019 16:39:05 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CE7EE28816; Thu, 20 Jun 2019 16:39:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 07D7C28812 for ; Thu, 20 Jun 2019 16:39:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732256AbfFTQjE (ORCPT ); Thu, 20 Jun 2019 12:39:04 -0400 Received: from mail-eopbgr770088.outbound.protection.outlook.com ([40.107.77.88]:38590 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1732193AbfFTQjA (ORCPT ); Thu, 20 Jun 2019 12:39:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3d+JTMFJuiBLFQONRtO4gKVPMHPFop0AC5kikiFiylo=; b=LYLqOMV+mNWNHHsAQwrPvC+2+JO/qIfa1a2B8QJ2iujUuxKPU4gcn7JveHG7F+I1WqzasUz4RzMgxPF25O1SuxdwVc9aTr6kdQ/g1WrJ0MDBfZ8vgc0GEIGNw7EKQdHUp8J9C4zL0QpNM2wL44408/hqWrSQzj8ganmQUVRW0gg= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB3914.namprd12.prod.outlook.com (10.255.174.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1987.10; Thu, 20 Jun 2019 16:38:53 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::b9c1:b235:fff3:dba2]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::b9c1:b235:fff3:dba2%6]) with mapi id 15.20.1987.014; Thu, 20 Jun 2019 16:38:53 +0000 From: "Singh, Brijesh" To: "kvm@vger.kernel.org" CC: "Singh, Brijesh" , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= , Joerg Roedel , Borislav Petkov , "Lendacky, Thomas" , "x86@kernel.org" , "linux-kernel@vger.kernel.org" Subject: [RFC PATCH v2 04/11] KVM: SVM: Add support for KVM_SEV_RECEIVE_START command Thread-Topic: [RFC PATCH v2 04/11] KVM: SVM: Add support for KVM_SEV_RECEIVE_START command Thread-Index: AQHVJ4al/U5QDArzlUynC35qznGTOQ== Date: Thu, 20 Jun 2019 16:38:53 +0000 Message-ID: <20190620163832.5451-5-brijesh.singh@amd.com> References: <20190620163832.5451-1-brijesh.singh@amd.com> In-Reply-To: <20190620163832.5451-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM5PR15CA0055.namprd15.prod.outlook.com (2603:10b6:3:ae::17) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: d392c89d-705f-4b2d-fcf6-08d6f59dc7bd x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020);SRVR:DM6PR12MB3914; x-ms-traffictypediagnostic: DM6PR12MB3914: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2331; x-forefront-prvs: 0074BBE012 x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(396003)(346002)(136003)(366004)(376002)(39860400002)(199004)(189003)(2616005)(52116002)(54906003)(86362001)(305945005)(256004)(6916009)(71190400001)(2501003)(71200400001)(6116002)(2906002)(25786009)(6512007)(53936002)(66446008)(6506007)(5640700003)(386003)(7416002)(14444005)(2351001)(66476007)(66556008)(7736002)(486006)(5660300002)(11346002)(476003)(99286004)(446003)(73956011)(68736007)(8936002)(6436002)(66946007)(478600001)(64756008)(4326008)(6486002)(3846002)(36756003)(66066001)(1730700003)(14454004)(81166006)(1076003)(102836004)(66574012)(81156014)(50226002)(186003)(8676002)(26005)(316002)(76176011);DIR:OUT;SFP:1101;SCL:1;SRVR:DM6PR12MB3914;H:DM6PR12MB2682.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: cyOYL1L5SfnAY7Deanek9lcmpaLmbJJ7d/UtWLvi651acvC3sYO8Zj6NMd7+YglNuHh610IZ4olj/6BxWOF0Al9qpZgEon5H/fmT+46f/ibW5KAj6lV86P+QkMsVz3nk4KR/iWsos49pWkIQ1KTYuCHnkrMlWXMHGQ16V7ZB5wsIg6qbGHjS+Vp9ZOwM6CTircrgACG8zbNloNT9VjNozMFXA+XslezPkNtZkyWlPRtFTPspzptHX3xtqQQyWQGE7MH62KDmTm8swFFiVhBhtkTXXqixZuez8RqKRA553BlX02Auqtm/9J4DCHazwd5uOGYL5/a9LtEZRqbHEz73Z+mNFpMlKi+MnOb0vZ5L5sXShUdeF/H0OJK+vMRTOuYpsDkoGHUJhp3naBovPXRXXbQ0ZlXrzwQ4W7NH8f8Y/KU= Content-ID: MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: d392c89d-705f-4b2d-fcf6-08d6f59dc7bd X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jun 2019 16:38:53.4188 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3914 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The command is used to create the encryption context for an incoming SEV guest. The encryption context can be later used by the hypervisor to import the incoming data into the SEV guest memory space. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- .../virtual/kvm/amd-memory-encryption.rst | 29 +++++++ arch/x86/kvm/svm.c | 80 +++++++++++++++++++ include/uapi/linux/kvm.h | 9 +++ 3 files changed, 118 insertions(+) diff --git a/Documentation/virtual/kvm/amd-memory-encryption.rst b/Documentation/virtual/kvm/amd-memory-encryption.rst index afa11a7271f1..85abe0871031 100644 --- a/Documentation/virtual/kvm/amd-memory-encryption.rst +++ b/Documentation/virtual/kvm/amd-memory-encryption.rst @@ -297,6 +297,35 @@ issued by the hypervisor to delete the encryption context. Returns: 0 on success, -negative on error +13. KVM_SEV_RECEIVE_START +------------------------ + +The KVM_SEV_RECEIVE_START command is used for creating the memory encryption +context for an incoming SEV guest. To create the encryption context, the user must +provide a guest policy, the platform public Diffie-Hellman (PDH) key and session +information. + +Parameters: struct kvm_sev_receive_start (in/out) + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_receive_start { + __u32 handle; /* if zero then firmware creates a new handle */ + __u32 policy; /* guest's policy */ + + __u64 pdh_uaddr; /* userspace address pointing to the PDH key */ + __u32 dh_len; + + __u64 session_addr; /* userspace address which points to the guest session information */ + __u32 session_len; + }; + +On success, the 'handle' field contains a new handle and on error, a negative value. + +For more details, see SEV spec Section 6.12. + References ========== diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 3dfe3f051dd9..94a55e4128aa 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -7191,6 +7191,83 @@ static int sev_send_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_receive_start(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_receive_start *start; + struct kvm_sev_receive_start params; + int *error = &argp->error; + void *session_data = NULL; + void *pdh_data = NULL; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + /* Get parameter from the user */ + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, + sizeof(struct kvm_sev_receive_start))) + return -EFAULT; + + if (!params.pdh_uaddr || !params.pdh_len || + !params.session_uaddr || !params.session_len) + return -EINVAL; + + start = kzalloc(sizeof(*start), GFP_KERNEL); + if (!start) + return -ENOMEM; + + start->handle = params.handle; + start->policy = params.policy; + + pdh_data = psp_copy_user_blob(params.pdh_uaddr, params.pdh_len); + if (IS_ERR(pdh_data)) { + ret = PTR_ERR(pdh_data); + goto e_free; + } + + start->pdh_cert_address = __psp_pa(pdh_data); + start->pdh_cert_len = params.pdh_len; + + session_data = psp_copy_user_blob(params.session_uaddr, params.session_len); + if (IS_ERR(session_data)) { + ret = PTR_ERR(session_data); + goto e_free_pdh; + } + + start->session_address = __psp_pa(session_data); + start->session_len = params.session_len; + + /* create memory encryption context */ + ret = __sev_issue_cmd(argp->sev_fd, SEV_CMD_RECEIVE_START, start, error); + if (ret) + goto e_free_session; + + /* Bind ASID to this guest */ + ret = sev_bind_asid(kvm, start->handle, error); + if (ret) + goto e_free_session; + + params.handle = start->handle; + if (copy_to_user((void __user *)(uintptr_t)argp->data, + ¶ms, sizeof(struct kvm_sev_receive_start))) { + ret = -EFAULT; + sev_unbind_asid(kvm, start->handle); + goto e_free_session; + } + + sev->handle = start->handle; + sev->fd = argp->sev_fd; + +e_free_session: + kfree(session_data); +e_free_pdh: + kfree(pdh_data); +e_free: + kfree(start); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -7241,6 +7318,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_SEND_FINISH: r = sev_send_finish(kvm, &sev_cmd); break; + case KVM_SEV_RECEIVE_START: + r = sev_receive_start(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 4cb6c3774ec2..28d240974ea7 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1552,6 +1552,15 @@ struct kvm_sev_send_update_data { __u32 trans_len; }; +struct kvm_sev_receive_start { + __u32 handle; + __u32 policy; + __u64 pdh_uaddr; + __u32 pdh_len; + __u64 session_uaddr; + __u32 session_len; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Thu Jun 20 16:38:54 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11007441 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C6D24924 for ; Thu, 20 Jun 2019 16:39:37 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B4E5828812 for ; Thu, 20 Jun 2019 16:39:37 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A680428816; Thu, 20 Jun 2019 16:39:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0955C28812 for ; Thu, 20 Jun 2019 16:39:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732267AbfFTQjE (ORCPT ); Thu, 20 Jun 2019 12:39:04 -0400 Received: from mail-eopbgr770082.outbound.protection.outlook.com ([40.107.77.82]:17878 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1732191AbfFTQjC (ORCPT ); Thu, 20 Jun 2019 12:39:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yEqLXdHA8YKJNBY9MZ+JiBArP82BjiJD6+bZEM9Ni1k=; b=F2spIOfCGko9R9rMHgoIJTcoypVZN5mg7tbqSeeAIdmyoL6SNNErehN/osGJiSNzPeJnNSFevZxtX7m0X6+FWNN8OLLpTomzgwuPODDqDj66DvyUH8KoN3lm7LSRBzgkd9zVdjSeMz5to8XsajHmtglLkhQpqHh/uoCOr9bVFu0= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB3914.namprd12.prod.outlook.com (10.255.174.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1987.10; Thu, 20 Jun 2019 16:38:54 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::b9c1:b235:fff3:dba2]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::b9c1:b235:fff3:dba2%6]) with mapi id 15.20.1987.014; Thu, 20 Jun 2019 16:38:54 +0000 From: "Singh, Brijesh" To: "kvm@vger.kernel.org" CC: "Singh, Brijesh" , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= , Joerg Roedel , Borislav Petkov , "Lendacky, Thomas" , "x86@kernel.org" , "linux-kernel@vger.kernel.org" Subject: [RFC PATCH v2 05/11] KVM: SVM: Add KVM_SEV_RECEIVE_UPDATE_DATA command Thread-Topic: [RFC PATCH v2 05/11] KVM: SVM: Add KVM_SEV_RECEIVE_UPDATE_DATA command Thread-Index: AQHVJ4am6aYlKKczIEabW8drEZ3wiQ== Date: Thu, 20 Jun 2019 16:38:54 +0000 Message-ID: <20190620163832.5451-6-brijesh.singh@amd.com> References: <20190620163832.5451-1-brijesh.singh@amd.com> In-Reply-To: <20190620163832.5451-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM5PR15CA0055.namprd15.prod.outlook.com (2603:10b6:3:ae::17) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ba0ed45e-366e-4899-040b-08d6f59dc858 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020);SRVR:DM6PR12MB3914; x-ms-traffictypediagnostic: DM6PR12MB3914: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6108; x-forefront-prvs: 0074BBE012 x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(396003)(346002)(136003)(366004)(376002)(39860400002)(199004)(189003)(2616005)(52116002)(54906003)(86362001)(305945005)(256004)(6916009)(71190400001)(2501003)(71200400001)(6116002)(2906002)(25786009)(6512007)(53936002)(66446008)(6506007)(5640700003)(386003)(7416002)(14444005)(2351001)(66476007)(66556008)(7736002)(486006)(5660300002)(11346002)(476003)(99286004)(446003)(73956011)(68736007)(8936002)(6436002)(66946007)(478600001)(64756008)(4326008)(6486002)(3846002)(36756003)(66066001)(1730700003)(14454004)(81166006)(1076003)(102836004)(66574012)(81156014)(50226002)(186003)(8676002)(26005)(316002)(76176011);DIR:OUT;SFP:1101;SCL:1;SRVR:DM6PR12MB3914;H:DM6PR12MB2682.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: DER4viwojDnl1EcH+Yi2tmFQpSOog5zbNUUBqsv5pv2zUDAHjkefvWp0GRyw2SOz6BnsBZE3mCln1B0ry0QYEiFw52/n/H1LPuHI7qrblPYEyVES7JaTPjfnHW7CUIGf8DbLbtJSlDGVvU6ktQtTVkZU/wE0dWPHJDfkKlgJX9Gepao8UTp7hlcL4NPVgH2ksEu13iq5mCe6FpMv+gHLifBWVxzs0eRGpv5H7v+sYbmXvt9VZCD++4QdQYqcLmdkAhsMdMnVEapWR/10mx3fpowrNxITqZMEh0BWuOCBIzTmiAzPKjqmfOUygPlYKBFfZWd5jk6xCEKunA1gVciugQa1eELbVjCfMkK2ZdiF3wJhhVui2QjT/v5ywRe3W/uaWWdaVKjA92dqLKW49xpkqiCXogZS3BG4KyEwhpNetV8= Content-ID: MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ba0ed45e-366e-4899-040b-08d6f59dc858 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jun 2019 16:38:54.2853 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3914 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The command is used for copying the incoming buffer into the SEV guest memory space. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- .../virtual/kvm/amd-memory-encryption.rst | 24 ++++++ arch/x86/kvm/svm.c | 75 +++++++++++++++++++ include/uapi/linux/kvm.h | 9 +++ 3 files changed, 108 insertions(+) diff --git a/Documentation/virtual/kvm/amd-memory-encryption.rst b/Documentation/virtual/kvm/amd-memory-encryption.rst index 85abe0871031..6ce4cedb84e4 100644 --- a/Documentation/virtual/kvm/amd-memory-encryption.rst +++ b/Documentation/virtual/kvm/amd-memory-encryption.rst @@ -326,6 +326,30 @@ On success, the 'handle' field contains a new handle and on error, a negative va For more details, see SEV spec Section 6.12. +14. KVM_SEV_RECEIVE_UPDATE_DATA +---------------------------- + +The KVM_SEV_RECEIVE_UPDATE_DATA command can be used by the hypervisor to copy +the incoming buffers into the guest memory region with encryption context +created during the KVM_SEV_RECEIVE_START. + +Parameters (in): struct kvm_sev_receive_update_data + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_launch_receive_update_data { + __u64 hdr_uaddr; /* userspace address containing the packet header */ + __u32 hdr_len; + + __u64 guest_uaddr; /* the destination guest memory region */ + __u32 guest_len; + + __u64 trans_uaddr; /* the incoming buffer memory region */ + __u32 trans_len; + }; + References ========== diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 94a55e4128aa..51e8c2bf28db 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -7268,6 +7268,78 @@ static int sev_receive_start(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_receive_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct kvm_sev_receive_update_data params; + struct sev_data_receive_update_data *data; + void *hdr = NULL, *trans = NULL; + struct page **guest_page; + unsigned long n; + int ret, offset; + + if (!sev_guest(kvm)) + return -EINVAL; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, + sizeof(struct kvm_sev_receive_update_data))) + return -EFAULT; + + if (!params.hdr_uaddr || !params.hdr_len || + !params.guest_uaddr || !params.guest_len || + !params.trans_uaddr || !params.trans_len) + return -EINVAL; + + /* Check if we are crossing the page boundry */ + offset = params.guest_uaddr & (PAGE_SIZE - 1); + if ((params.guest_len + offset > PAGE_SIZE)) + return -EINVAL; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + hdr = psp_copy_user_blob(params.hdr_uaddr, params.hdr_len); + if (IS_ERR(hdr)) { + ret = PTR_ERR(hdr); + goto e_free; + } + + data->hdr_address = __psp_pa(hdr); + data->hdr_len = params.hdr_len; + + trans = psp_copy_user_blob(params.trans_uaddr, params.trans_len); + if (IS_ERR(trans)) { + ret = PTR_ERR(trans); + goto e_free; + } + + data->trans_address = __psp_pa(trans); + data->trans_len = params.trans_len; + + /* Pin guest memory */ + ret = -EFAULT; + guest_page = sev_pin_memory(kvm, params.guest_uaddr & PAGE_MASK, + PAGE_SIZE, &n, 0); + if (!guest_page) + goto e_free; + + /* The RECEIVE_UPDATE_DATA command requires C-bit to be always set. */ + data->guest_address = (page_to_pfn(guest_page[0]) << PAGE_SHIFT) + offset; + data->guest_address |= sev_me_mask; + data->guest_len = params.guest_len; + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_RECEIVE_UPDATE_DATA, data, &argp->error); + + sev_unpin_memory(kvm, guest_page, n); +e_free: + kfree(data); + kfree(hdr); + kfree(trans); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -7321,6 +7393,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_RECEIVE_START: r = sev_receive_start(kvm, &sev_cmd); break; + case KVM_SEV_RECEIVE_UPDATE_DATA: + r = sev_receive_update_data(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 28d240974ea7..e31cdb41519f 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1561,6 +1561,15 @@ struct kvm_sev_receive_start { __u32 session_len; }; +struct kvm_sev_receive_update_data { + __u64 hdr_uaddr; + __u32 hdr_len; + __u64 guest_uaddr; + __u32 guest_len; + __u64 trans_uaddr; + __u32 trans_len; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Thu Jun 20 16:38:55 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11007445 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 87B9713AF for ; Thu, 20 Jun 2019 16:39:50 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 769BA28812 for ; Thu, 20 Jun 2019 16:39:50 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6800528816; Thu, 20 Jun 2019 16:39:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E91C328812 for ; Thu, 20 Jun 2019 16:39:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732350AbfFTQjq (ORCPT ); Thu, 20 Jun 2019 12:39:46 -0400 Received: from mail-eopbgr770088.outbound.protection.outlook.com ([40.107.77.88]:38590 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1732237AbfFTQjC (ORCPT ); Thu, 20 Jun 2019 12:39:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J8lvkGX2ykNEVOFWNFs2TGHjPAVnovaCJ2xplC3hKJc=; b=h1Y1MfDMkdpku5p6ECJMWcs1SUH/rc+r2/8YlCDuasCRmfJwGxbhPdXQq8CPI9Epxko16ngDOOaIZHGpO8gbVnTRySStTck7GhN8hcqGhq09vEnDD3rIuk6TUDu/j8suK2vfBX/P9lDxlcVNaS5WHgeAuoxVRhZD/xYZSK8RHbw= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB3914.namprd12.prod.outlook.com (10.255.174.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1987.10; Thu, 20 Jun 2019 16:38:55 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::b9c1:b235:fff3:dba2]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::b9c1:b235:fff3:dba2%6]) with mapi id 15.20.1987.014; Thu, 20 Jun 2019 16:38:55 +0000 From: "Singh, Brijesh" To: "kvm@vger.kernel.org" CC: "Singh, Brijesh" , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= , Joerg Roedel , Borislav Petkov , "Lendacky, Thomas" , "x86@kernel.org" , "linux-kernel@vger.kernel.org" Subject: [RFC PATCH v2 06/11] KVM: SVM: Add KVM_SEV_RECEIVE_FINISH command Thread-Topic: [RFC PATCH v2 06/11] KVM: SVM: Add KVM_SEV_RECEIVE_FINISH command Thread-Index: AQHVJ4amTQKfLpY4dEetwxxvxhTsgQ== Date: Thu, 20 Jun 2019 16:38:55 +0000 Message-ID: <20190620163832.5451-7-brijesh.singh@amd.com> References: <20190620163832.5451-1-brijesh.singh@amd.com> In-Reply-To: <20190620163832.5451-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM5PR15CA0055.namprd15.prod.outlook.com (2603:10b6:3:ae::17) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c1e59c87-d28b-4e39-c730-08d6f59dc8db x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020);SRVR:DM6PR12MB3914; x-ms-traffictypediagnostic: DM6PR12MB3914: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7219; x-forefront-prvs: 0074BBE012 x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(396003)(346002)(136003)(366004)(376002)(39860400002)(199004)(189003)(2616005)(52116002)(54906003)(86362001)(305945005)(256004)(6916009)(71190400001)(2501003)(71200400001)(6116002)(2906002)(25786009)(6512007)(53936002)(66446008)(6506007)(5640700003)(386003)(7416002)(14444005)(2351001)(66476007)(66556008)(7736002)(486006)(5660300002)(11346002)(476003)(99286004)(446003)(73956011)(68736007)(8936002)(6436002)(66946007)(478600001)(64756008)(4326008)(6486002)(3846002)(36756003)(66066001)(1730700003)(14454004)(81166006)(1076003)(102836004)(66574012)(81156014)(50226002)(186003)(8676002)(26005)(316002)(76176011);DIR:OUT;SFP:1101;SCL:1;SRVR:DM6PR12MB3914;H:DM6PR12MB2682.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 7vCgQL2IpV3NX7bCqUuTL3bnflD+C0Llg+gFzc5q3cwpLTnGHmAKmpz7QkAjnUoKCM/FG9xPrTONliefvnx3AKTmvd04Y5kT9VN5mTx0kFQI7Ef32JSQDKHj9cRCpfx/t54QsrlAlTCZs02+FDwzyYCBS/0ntB9KVweAaOg/Wn7YjHIn1poxDjA0J7arC0OGkKVNFGOpKqdS+ng6w95WYFXo3Svv5h8c8y9K1V8spl20EH6W0s7nC+yijSBt8qIFDTP+IGiXvO36zPoB+gq/WhX+gqhyPmZxg2Q/8YdkU+IvDh970nU7QQUmkX73dv7UG4vGuegK0xPLKR77XSW8Lrm3/sgPj+59UozOJHbpW2dUpG10UUBQqzjzzEjsWUrFWXsSYM4zOqbHybo7TXhCkMi6Ah8nPQ8VFLh9zuNIXwk= Content-ID: MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c1e59c87-d28b-4e39-c730-08d6f59dc8db X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jun 2019 16:38:55.0809 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3914 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The command finalize the guest receiving process and make the SEV guest ready for the execution. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- .../virtual/kvm/amd-memory-encryption.rst | 8 +++++++ arch/x86/kvm/svm.c | 23 +++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/Documentation/virtual/kvm/amd-memory-encryption.rst b/Documentation/virtual/kvm/amd-memory-encryption.rst index 6ce4cedb84e4..04e13aeffd2b 100644 --- a/Documentation/virtual/kvm/amd-memory-encryption.rst +++ b/Documentation/virtual/kvm/amd-memory-encryption.rst @@ -350,6 +350,14 @@ Returns: 0 on success, -negative on error __u32 trans_len; }; +15. KVM_SEV_RECEIVE_FINISH +------------------------ + +After completion of the migration flow, the KVM_SEV_RECEIVE_FINISH command can be +issued by the hypervisor to make the guest ready for execution. + +Returns: 0 on success, -negative on error + References ========== diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 51e8c2bf28db..90e32e3f2a8b 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -7340,6 +7340,26 @@ static int sev_receive_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_receive_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_receive_finish *data; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_RECEIVE_FINISH, data, &argp->error); + + kfree(data); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -7396,6 +7416,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_RECEIVE_UPDATE_DATA: r = sev_receive_update_data(kvm, &sev_cmd); break; + case KVM_SEV_RECEIVE_FINISH: + r = sev_receive_finish(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; From patchwork Thu Jun 20 16:38:55 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11007443 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6B40E13AF for ; Thu, 20 Jun 2019 16:39:44 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5B90E28812 for ; Thu, 20 Jun 2019 16:39:44 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4FFAD28846; Thu, 20 Jun 2019 16:39:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9D4C628812 for ; Thu, 20 Jun 2019 16:39:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732232AbfFTQji (ORCPT ); Thu, 20 Jun 2019 12:39:38 -0400 Received: from mail-eopbgr770082.outbound.protection.outlook.com ([40.107.77.82]:17878 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1731871AbfFTQjE (ORCPT ); Thu, 20 Jun 2019 12:39:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=I0lXV5tySe2KfbECTa8PFrwmGekrzFQvQXc0vjomi4M=; b=s0YH7dyn7xL8hayTb9B6fL49cweM6nxse78E57qRAhp2UmeRnn1Zvt5WBcFNVxBRpkDFnUT2d3zps5LjHogdvToTTOMlFuNjkgWDwZgUwXXIeoSE7RAAPCkqNLBo7/uCWi0sapg6rmH5hSPrsU4X1rkyXWT9odMRN5FStCk7A9c= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB3914.namprd12.prod.outlook.com (10.255.174.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1987.10; Thu, 20 Jun 2019 16:38:56 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::b9c1:b235:fff3:dba2]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::b9c1:b235:fff3:dba2%6]) with mapi id 15.20.1987.014; Thu, 20 Jun 2019 16:38:56 +0000 From: "Singh, Brijesh" To: "kvm@vger.kernel.org" CC: "Singh, Brijesh" , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= , Joerg Roedel , Borislav Petkov , "Lendacky, Thomas" , "x86@kernel.org" , "linux-kernel@vger.kernel.org" Subject: [RFC PATCH v2 07/11] KVM: x86: Add AMD SEV specific Hypercall3 Thread-Topic: [RFC PATCH v2 07/11] KVM: x86: Add AMD SEV specific Hypercall3 Thread-Index: AQHVJ4anWvgVOiHxrkGOjoenz2w59g== Date: Thu, 20 Jun 2019 16:38:55 +0000 Message-ID: <20190620163832.5451-8-brijesh.singh@amd.com> References: <20190620163832.5451-1-brijesh.singh@amd.com> In-Reply-To: <20190620163832.5451-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM5PR15CA0055.namprd15.prod.outlook.com (2603:10b6:3:ae::17) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: de3002ba-ae3f-49f8-8f65-08d6f59dc954 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020);SRVR:DM6PR12MB3914; x-ms-traffictypediagnostic: DM6PR12MB3914: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:3513; x-forefront-prvs: 0074BBE012 x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(396003)(346002)(136003)(366004)(376002)(39860400002)(199004)(189003)(2616005)(52116002)(54906003)(86362001)(305945005)(256004)(6916009)(71190400001)(2501003)(71200400001)(6116002)(2906002)(25786009)(6512007)(53936002)(66446008)(6506007)(5640700003)(386003)(7416002)(2351001)(66476007)(66556008)(7736002)(486006)(5660300002)(11346002)(476003)(99286004)(446003)(73956011)(68736007)(8936002)(6436002)(66946007)(478600001)(64756008)(4326008)(6486002)(3846002)(36756003)(66066001)(1730700003)(14454004)(81166006)(1076003)(102836004)(81156014)(50226002)(186003)(8676002)(26005)(316002)(76176011);DIR:OUT;SFP:1101;SCL:1;SRVR:DM6PR12MB3914;H:DM6PR12MB2682.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: PtzgMv/XR9pWes0BzhPwo0W3WlRgeYISuyVVW2Lf07aPCwLeB5dg7PMMLmLr8x6sQ5j6KNBaIn6W0qJlgTq8EOFG1L4IM8vYN6uauYXeVI+sCOgE5+Z2SIpKQmIkT4UhtpW1OWxrNaQQw9MY/roirl6j+ZkCzjQM0BO2vnXLVVwsrgGzTpKsXAGrXHmDsdc7JoBICzjctghMk3WLiOcthYzmJrqfVWldwePmLSpYSyjDfSFtFa7uOQOlVnxBtknydHmmWJ5tZD3akt55YeJ4ZWtgQxK5g2E3bHIOFJ2Vbgq7Qayks04POFK4faHWzWoZFCiPmDS1X/oZy3ZpTwtdarySSXeqjqDL3xv35zuKP/572An371ak7BNMsNMP0n8swnsHd2v0KgESHFOduD9eZJD2JP/Kxf13f0imBNB/hWY= Content-ID: <7E8A3813C601F743B1C623209018717F@namprd12.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: de3002ba-ae3f-49f8-8f65-08d6f59dc954 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jun 2019 16:38:55.9484 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3914 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP KVM hypercall framework relies on alternative framework to patch the VMCALL -> VMMCALL on AMD platform. If a hypercall is made before apply_alternative() is called then it defaults to VMCALL. The approach works fine on non SEV guest. A VMCALL would causes #UD, and hypervisor will be able to decode the instruction and do the right things. But when SEV is active, guest memory is encrypted with guest key and hypervisor will not be able to decode the instruction bytes. Add SEV specific hypercall3, it unconditionally uses VMMCALL. The hypercall will be used by the SEV guest to notify encrypted pages to the hypervisor. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm_para.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/arch/x86/include/asm/kvm_para.h b/arch/x86/include/asm/kvm_para.h index 5ed3cf1c3934..94e91c0bc2e0 100644 --- a/arch/x86/include/asm/kvm_para.h +++ b/arch/x86/include/asm/kvm_para.h @@ -84,6 +84,18 @@ static inline long kvm_hypercall4(unsigned int nr, unsigned long p1, return ret; } +static inline long kvm_sev_hypercall3(unsigned int nr, unsigned long p1, + unsigned long p2, unsigned long p3) +{ + long ret; + + asm volatile("vmmcall" + : "=a"(ret) + : "a"(nr), "b"(p1), "c"(p2), "d"(p3) + : "memory"); + return ret; +} + #ifdef CONFIG_KVM_GUEST bool kvm_para_available(void); unsigned int kvm_arch_para_features(void); From patchwork Thu Jun 20 16:38:56 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11007435 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6A59E13AF for ; Thu, 20 Jun 2019 16:39:08 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5B05628815 for ; Thu, 20 Jun 2019 16:39:08 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4F0A72881A; Thu, 20 Jun 2019 16:39:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8E2A728815 for ; Thu, 20 Jun 2019 16:39:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732284AbfFTQjG (ORCPT ); Thu, 20 Jun 2019 12:39:06 -0400 Received: from mail-eopbgr770088.outbound.protection.outlook.com ([40.107.77.88]:38590 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1732249AbfFTQjE (ORCPT ); Thu, 20 Jun 2019 12:39:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xwWck6lp1NDcuXm39OIygPz63bjxcRCjMZq1GMgGCgw=; b=M6MeyO2aqkw7JkdEvjEsLQ+5+ypt+g/qiW8gDRIPPqbXhZLoO0hBhbt+NiOEaJ+t565zoL7PeX56o248EKzpO8E7WiWRkjK/c43vkgktCcM+6DfQWpinMkpXFwRory0xKC3GOfhyCo2sRfM55OGkEBh35RL810CtfssJVg4msIo= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB3914.namprd12.prod.outlook.com (10.255.174.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1987.10; Thu, 20 Jun 2019 16:38:57 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::b9c1:b235:fff3:dba2]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::b9c1:b235:fff3:dba2%6]) with mapi id 15.20.1987.014; Thu, 20 Jun 2019 16:38:57 +0000 From: "Singh, Brijesh" To: "kvm@vger.kernel.org" CC: "Singh, Brijesh" , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= , Joerg Roedel , Borislav Petkov , "Lendacky, Thomas" , "x86@kernel.org" , "linux-kernel@vger.kernel.org" Subject: [RFC PATCH v2 08/11] KVM: X86: Introduce KVM_HC_PAGE_ENC_STATUS hypercall Thread-Topic: [RFC PATCH v2 08/11] KVM: X86: Introduce KVM_HC_PAGE_ENC_STATUS hypercall Thread-Index: AQHVJ4anrvpomOxhck6ta8ND94N/dw== Date: Thu, 20 Jun 2019 16:38:56 +0000 Message-ID: <20190620163832.5451-9-brijesh.singh@amd.com> References: <20190620163832.5451-1-brijesh.singh@amd.com> In-Reply-To: <20190620163832.5451-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM5PR15CA0055.namprd15.prod.outlook.com (2603:10b6:3:ae::17) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c2e2eff9-b18b-4ba7-eeb2-08d6f59dc9d8 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020);SRVR:DM6PR12MB3914; x-ms-traffictypediagnostic: DM6PR12MB3914: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2657; x-forefront-prvs: 0074BBE012 x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(396003)(346002)(136003)(366004)(376002)(39860400002)(199004)(189003)(2616005)(52116002)(54906003)(86362001)(305945005)(256004)(6916009)(71190400001)(2501003)(71200400001)(6116002)(2906002)(25786009)(6512007)(53936002)(66446008)(6506007)(5640700003)(386003)(7416002)(14444005)(2351001)(66476007)(66556008)(7736002)(486006)(5660300002)(11346002)(476003)(99286004)(446003)(73956011)(68736007)(8936002)(6436002)(66946007)(478600001)(64756008)(4326008)(6486002)(3846002)(36756003)(66066001)(1730700003)(14454004)(81166006)(1076003)(102836004)(66574012)(81156014)(50226002)(186003)(8676002)(26005)(316002)(76176011);DIR:OUT;SFP:1101;SCL:1;SRVR:DM6PR12MB3914;H:DM6PR12MB2682.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: exx0QU2VAME+ZCqVaa5myudkSeuKsFh5mo1ctLajRx8YlrQyJ9pjXnBuHFYocCUSWTPG3xugStsFnqNmWx/9do/wqFtS6eRjcpSvUsXmW5lFX6916WsFOfyobZ+TRhTmeLe2aYbkOY88l82HnbgigeSjCENYzZI1jfAGKdrJs1ikxOPQN71xXbI3n/lGst3eSEQLF4N/biyrGevNkp+neyki6kVhmSe9EPadXDz/fH8Fh1HlmFV+ezObtuVvtOc7OtOeKaCahOAn696dstju3BYoGk45A5IXsaFaN1xGBvBa3k4ONh88JTwTfnNK7ofSoCnlQaArawb+yiXC8LkRjdjnNDGRngk1qnvimdviGvXQk2BN0f5XjSsLATHiCxf4xIK9qJSum81OMx0hjXEO5XjNuRaKREGfYSYXw9IYPbI= Content-ID: <7A7DD2F6CF1B3342A7F6082C64B0806F@namprd12.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c2e2eff9-b18b-4ba7-eeb2-08d6f59dc9d8 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jun 2019 16:38:56.8839 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3914 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This hypercall is used by the SEV guest to notify a change in the page encryption status to the hypervisor. The hypercall should be invoked only when the encryption attribute is changed from encrypted -> decrypted and vice versa. By default all guest pages are considered encrypted. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- Documentation/virtual/kvm/hypercalls.txt | 14 ++++++ arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kvm/svm.c | 63 ++++++++++++++++++++++++ arch/x86/kvm/vmx/vmx.c | 1 + arch/x86/kvm/x86.c | 5 ++ include/uapi/linux/kvm_para.h | 1 + 6 files changed, 86 insertions(+) diff --git a/Documentation/virtual/kvm/hypercalls.txt b/Documentation/virtual/kvm/hypercalls.txt index da24c138c8d1..94f0611f4d88 100644 --- a/Documentation/virtual/kvm/hypercalls.txt +++ b/Documentation/virtual/kvm/hypercalls.txt @@ -141,3 +141,17 @@ a0 corresponds to the APIC ID in the third argument (a2), bit 1 corresponds to the APIC ID a2+1, and so on. Returns the number of CPUs to which the IPIs were delivered successfully. + +7. KVM_HC_PAGE_ENC_STATUS +------------------------- +Architecture: x86 +Status: active +Purpose: Notify the encryption status changes in guest page table (SEV guest) + +a0: the guest physical address of the start page +a1: the number of pages +a2: encryption attribute + + Where: + * 1: Encryption attribute is set + * 0: Encryption attribute is cleared diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 450d69a1e6fa..a54fef979a8e 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1202,6 +1202,8 @@ struct kvm_x86_ops { uint16_t (*nested_get_evmcs_version)(struct kvm_vcpu *vcpu); bool (*need_emulation_on_page_fault)(struct kvm_vcpu *vcpu); + int (*page_enc_status_hc)(struct kvm *kvm, unsigned long gpa, + unsigned long sz, unsigned long mode); }; struct kvm_arch_async_pf { diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 90e32e3f2a8b..b47a05a5e137 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -138,6 +138,8 @@ struct kvm_sev_info { int fd; /* SEV device fd */ unsigned long pages_locked; /* Number of pages locked */ struct list_head regions_list; /* List of registered regions */ + unsigned long *page_enc_bmap; + unsigned long page_enc_bmap_size; }; struct kvm_svm { @@ -1913,6 +1915,8 @@ static void sev_vm_destroy(struct kvm *kvm) sev_unbind_asid(kvm, sev->handle); sev_asid_free(kvm); + + kvfree(sev->page_enc_bmap); } static void avic_vm_destroy(struct kvm *kvm) @@ -7360,6 +7364,63 @@ static int sev_receive_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_resize_page_enc_bitmap(struct kvm *kvm, unsigned long new_size) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + unsigned long *map; + unsigned long sz; + + if (sev->page_enc_bmap_size >= new_size) + return 0; + + sz = ALIGN(new_size, BITS_PER_LONG) / 8; + + map = vmalloc(sz); + if (!map) { + pr_err_once("Failed to allocate decrypted bitmap size %lx\n", sz); + return -ENOMEM; + } + + /* mark the page encrypted (by default) */ + memset(map, 0xff, sz); + + bitmap_copy(map, sev->page_enc_bmap, sev->page_enc_bmap_size); + kvfree(sev->page_enc_bmap); + + sev->page_enc_bmap = map; + sev->page_enc_bmap_size = new_size; + + return 0; +} + +static int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, + unsigned long npages, unsigned long enc) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + gfn_t gfn_start, gfn_end; + int ret; + + if (!npages) + return 0; + + gfn_start = gpa_to_gfn(gpa); + gfn_end = gfn_start + npages; + + mutex_lock(&kvm->lock); + ret = sev_resize_page_enc_bitmap(kvm, gfn_end); + if (ret) + goto unlock; + + if (enc) + __bitmap_set(sev->page_enc_bmap, gfn_start, gfn_end - gfn_start); + else + __bitmap_clear(sev->page_enc_bmap, gfn_start, gfn_end - gfn_start); + +unlock: + mutex_unlock(&kvm->lock); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -7701,6 +7762,8 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = { .nested_get_evmcs_version = nested_get_evmcs_version, .need_emulation_on_page_fault = svm_need_emulation_on_page_fault, + + .page_enc_status_hc = svm_page_enc_status_hc }; static int __init svm_init(void) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index b93e36ddee5e..b0fc6c322a75 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7727,6 +7727,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = { .get_vmcs12_pages = NULL, .nested_enable_evmcs = NULL, .need_emulation_on_page_fault = vmx_need_emulation_on_page_fault, + .page_enc_status_hc = NULL, }; static void vmx_cleanup_l1d_flush(void) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 83aefd759846..88a672da68d5 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -7221,6 +7221,11 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu) case KVM_HC_SEND_IPI: ret = kvm_pv_send_ipi(vcpu->kvm, a0, a1, a2, a3, op_64_bit); break; + case KVM_HC_PAGE_ENC_STATUS: + ret = -KVM_ENOSYS; + if (kvm_x86_ops->page_enc_status_hc) + ret = kvm_x86_ops->page_enc_status_hc(vcpu->kvm, a0, a1, a2); + break; default: ret = -KVM_ENOSYS; break; diff --git a/include/uapi/linux/kvm_para.h b/include/uapi/linux/kvm_para.h index 6c0ce49931e5..3dc9e579f4f9 100644 --- a/include/uapi/linux/kvm_para.h +++ b/include/uapi/linux/kvm_para.h @@ -28,6 +28,7 @@ #define KVM_HC_MIPS_CONSOLE_OUTPUT 8 #define KVM_HC_CLOCK_PAIRING 9 #define KVM_HC_SEND_IPI 10 +#define KVM_HC_PAGE_ENC_STATUS 11 /* * hypercalls use architecture specific From patchwork Thu Jun 20 16:38:57 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11007431 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BAF9A924 for ; Thu, 20 Jun 2019 16:39:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AD5DD28812 for ; Thu, 20 Jun 2019 16:39:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A16A528816; Thu, 20 Jun 2019 16:39:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1038428812 for ; Thu, 20 Jun 2019 16:39:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732246AbfFTQjC (ORCPT ); Thu, 20 Jun 2019 12:39:02 -0400 Received: from mail-eopbgr780044.outbound.protection.outlook.com ([40.107.78.44]:56128 "EHLO NAM03-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1732227AbfFTQjA (ORCPT ); Thu, 20 Jun 2019 12:39:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OIDhuwpdNoZZzaAiozaYieMpP+TSCYN/t/wib5gzffE=; b=RTfSJIFKhL184U1wR8x0QYqTnrnKr0CBBHNOup31D07XI9YRr5H8wjPN2w64v535bzUflojV/VgSWmJK5FFdhY0xq6b5nJqqhYkgBFMtuGkaWnkNUIRrcY8wjWc2wlZsVBoaot3DcTd7z1he4m4HRiZssN5UT1IfDITaEDfQZuA= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB3402.namprd12.prod.outlook.com (20.178.198.97) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1987.11; Thu, 20 Jun 2019 16:38:57 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::b9c1:b235:fff3:dba2]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::b9c1:b235:fff3:dba2%6]) with mapi id 15.20.1987.014; Thu, 20 Jun 2019 16:38:57 +0000 From: "Singh, Brijesh" To: "kvm@vger.kernel.org" CC: "Singh, Brijesh" , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= , Joerg Roedel , Borislav Petkov , "Lendacky, Thomas" , "x86@kernel.org" , "linux-kernel@vger.kernel.org" Subject: [RFC PATCH v2 09/11] KVM: x86: Introduce KVM_GET_PAGE_ENC_BITMAP ioctl Thread-Topic: [RFC PATCH v2 09/11] KVM: x86: Introduce KVM_GET_PAGE_ENC_BITMAP ioctl Thread-Index: AQHVJ4aofLcEYvDS006/L5KMdAGS8w== Date: Thu, 20 Jun 2019 16:38:57 +0000 Message-ID: <20190620163832.5451-10-brijesh.singh@amd.com> References: <20190620163832.5451-1-brijesh.singh@amd.com> In-Reply-To: <20190620163832.5451-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM5PR15CA0055.namprd15.prod.outlook.com (2603:10b6:3:ae::17) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c4709a77-eadc-4429-a850-08d6f59dca69 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020);SRVR:DM6PR12MB3402; x-ms-traffictypediagnostic: DM6PR12MB3402: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:416; x-forefront-prvs: 0074BBE012 x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(366004)(396003)(136003)(39860400002)(346002)(376002)(199004)(189003)(4326008)(186003)(256004)(476003)(99286004)(50226002)(14444005)(2501003)(1076003)(478600001)(66574012)(53936002)(26005)(446003)(305945005)(68736007)(5660300002)(66066001)(11346002)(2616005)(486006)(8936002)(8676002)(81156014)(3846002)(6116002)(81166006)(1730700003)(6506007)(6486002)(6436002)(2906002)(6916009)(71190400001)(2351001)(54906003)(6512007)(316002)(14454004)(386003)(102836004)(5640700003)(76176011)(73956011)(36756003)(7736002)(66946007)(66446008)(64756008)(66556008)(66476007)(86362001)(52116002)(25786009)(7416002)(71200400001);DIR:OUT;SFP:1101;SCL:1;SRVR:DM6PR12MB3402;H:DM6PR12MB2682.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: ZSgCRYp5A8SVEXVqxu516eUA1vaYwh0JkRz5jn2Uv8Fg0xCCkTudLo8ENfTC9u4W41GC/x2ZcV040uiCxmQovDXxP+/sWu7kAKBvR5GUHEJSS0SVzLlp6RfceNlxwylZTcEllsbHZUrWoPkvtdPUgaSAaHGdzaKCG6Z75uCzWCWS3QQNUAkdyfLYVT0fcrzXnBLRD5BEhiC7QkV8PTOZo0OOxcO9SSza6FcrFwE+VIOpJooEdGoFTIo1fgIlNGG7E2f+N3715+3WKSlSFln7pVojoHQ9nbrYV5KZinal33EAJg3sm1M9seLz0N1Dz7lqhNnYMbkmMwtzPNKsu8Fdk+nSJVbY1xXr9S6A5sr9G/Jo+Df0r8vw2/B/BVlMNWKDmilSNB/fEnn7hh6V2B6dGVzZg1KIjUFgI3MrztZNQY4= Content-ID: <100AF63F5970654D80DBFF78A7046288@namprd12.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c4709a77-eadc-4429-a850-08d6f59dca69 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jun 2019 16:38:57.8114 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3402 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The ioctl can be used to retrieve page encryption bitmap for a given gfn range. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm.c | 44 ++++++++++++++++++++++++++++++++- arch/x86/kvm/x86.c | 12 +++++++++ include/uapi/linux/kvm.h | 12 +++++++++ 4 files changed, 68 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index a54fef979a8e..4dda5891200d 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1204,6 +1204,7 @@ struct kvm_x86_ops { bool (*need_emulation_on_page_fault)(struct kvm_vcpu *vcpu); int (*page_enc_status_hc)(struct kvm *kvm, unsigned long gpa, unsigned long sz, unsigned long mode); + int (*get_page_enc_bitmap)(struct kvm *kvm, struct kvm_page_enc_bitmap *bmap); }; struct kvm_arch_async_pf { diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index b47a05a5e137..af9b33e4bb53 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -7421,6 +7421,47 @@ static int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, return ret; } +static int svm_get_page_enc_bitmap(struct kvm *kvm, + struct kvm_page_enc_bitmap *bmap) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + unsigned long gfn_start, gfn_end; + unsigned long *bitmap; + unsigned long sz, i; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + gfn_start = bmap->start; + gfn_end = gfn_start + bmap->num_pages; + + sz = ALIGN(bmap->num_pages, BITS_PER_LONG) / 8; + bitmap = kmalloc(sz, GFP_KERNEL); + if (!bitmap) + return -ENOMEM; + + memset(bitmap, 0xff, sz); /* by default all pages are marked encrypted */ + + mutex_lock(&kvm->lock); + if (sev->page_enc_bmap) { + i = gfn_start; + for_each_clear_bit_from(i, sev->page_enc_bmap, + min(sev->page_enc_bmap_size, gfn_end)) + clear_bit(i - gfn_start, bitmap); + } + mutex_unlock(&kvm->lock); + + ret = -EFAULT; + if (copy_to_user(bmap->enc_bitmap, bitmap, sz)) + goto out; + + ret = 0; +out: + kfree(bitmap); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -7763,7 +7804,8 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = { .need_emulation_on_page_fault = svm_need_emulation_on_page_fault, - .page_enc_status_hc = svm_page_enc_status_hc + .page_enc_status_hc = svm_page_enc_status_hc, + .get_page_enc_bitmap = svm_get_page_enc_bitmap }; static int __init svm_init(void) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 88a672da68d5..cec986ebc793 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4929,6 +4929,18 @@ long kvm_arch_vm_ioctl(struct file *filp, r = kvm_vm_ioctl_hv_eventfd(kvm, &hvevfd); break; } + case KVM_GET_PAGE_ENC_BITMAP: { + struct kvm_page_enc_bitmap bitmap; + + r = -EFAULT; + if (copy_from_user(&bitmap, argp, sizeof(bitmap))) + goto out; + + r = -ENOTTY; + if (kvm_x86_ops->get_page_enc_bitmap) + r = kvm_x86_ops->get_page_enc_bitmap(kvm, &bitmap); + break; + } default: r = -ENOTTY; } diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index e31cdb41519f..ce4ae8929d00 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -492,6 +492,16 @@ struct kvm_dirty_log { }; }; +/* for KVM_GET_PAGE_ENC_BITMAP */ +struct kvm_page_enc_bitmap { + __u64 start; + __u64 num_pages; + union { + void __user *enc_bitmap; /* one bit per page */ + __u64 padding2; + }; +}; + /* for KVM_CLEAR_DIRTY_LOG */ struct kvm_clear_dirty_log { __u32 slot; @@ -1451,6 +1461,8 @@ struct kvm_enc_region { /* Available with KVM_CAP_ARM_SVE */ #define KVM_ARM_VCPU_FINALIZE _IOW(KVMIO, 0xc2, int) +#define KVM_GET_PAGE_ENC_BITMAP _IOW(KVMIO, 0xc2, struct kvm_page_enc_bitmap) + /* Secure Encrypted Virtualization command */ enum sev_cmd_id { /* Guest initialization commands */ From patchwork Thu Jun 20 16:38:58 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11007437 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 10A9313AF for ; Thu, 20 Jun 2019 16:39:28 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 01BB028812 for ; Thu, 20 Jun 2019 16:39:28 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E989928816; Thu, 20 Jun 2019 16:39:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B7CCF28812 for ; Thu, 20 Jun 2019 16:39:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732300AbfFTQjI (ORCPT ); Thu, 20 Jun 2019 12:39:08 -0400 Received: from mail-eopbgr770088.outbound.protection.outlook.com ([40.107.77.88]:38590 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1732227AbfFTQjH (ORCPT ); Thu, 20 Jun 2019 12:39:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=65kw4j+nIj7bH85fEGcIyoyjDqAkDbBzIUoGLO+djjU=; b=NjCCU2TrdepCmQEAB0hMDLFDznw+8jeJBeMEOwAxnf2nddnU4c2fDI5qUt8MWrBGvna4lFbUhueH/mCU6xgJVV97h+cim4EOmpdq6bmDVezfGGlEkeln2zsvkYOFTlon8rWz4NpJNn3NvmMiHr30saqS3shTnzbTDV2zxEkM74I= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB3914.namprd12.prod.outlook.com (10.255.174.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1987.10; Thu, 20 Jun 2019 16:38:58 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::b9c1:b235:fff3:dba2]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::b9c1:b235:fff3:dba2%6]) with mapi id 15.20.1987.014; Thu, 20 Jun 2019 16:38:58 +0000 From: "Singh, Brijesh" To: "kvm@vger.kernel.org" CC: "Singh, Brijesh" , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= , Joerg Roedel , Borislav Petkov , "Lendacky, Thomas" , "x86@kernel.org" , "linux-kernel@vger.kernel.org" Subject: [RFC PATCH v2 10/11] mm: x86: Invoke hypercall when page encryption status is changed Thread-Topic: [RFC PATCH v2 10/11] mm: x86: Invoke hypercall when page encryption status is changed Thread-Index: AQHVJ4aoL9SIPauJiU+/IFnPleXg4w== Date: Thu, 20 Jun 2019 16:38:58 +0000 Message-ID: <20190620163832.5451-11-brijesh.singh@amd.com> References: <20190620163832.5451-1-brijesh.singh@amd.com> In-Reply-To: <20190620163832.5451-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM5PR15CA0055.namprd15.prod.outlook.com (2603:10b6:3:ae::17) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 89e825ad-045b-4841-d322-08d6f59dcaf3 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020);SRVR:DM6PR12MB3914; x-ms-traffictypediagnostic: DM6PR12MB3914: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:5797; x-forefront-prvs: 0074BBE012 x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(396003)(346002)(136003)(366004)(376002)(39860400002)(199004)(189003)(2616005)(52116002)(54906003)(86362001)(305945005)(256004)(6916009)(71190400001)(2501003)(71200400001)(6116002)(2906002)(25786009)(6512007)(53936002)(66446008)(6506007)(5640700003)(386003)(7416002)(14444005)(2351001)(66476007)(66556008)(7736002)(486006)(5660300002)(11346002)(476003)(99286004)(446003)(73956011)(68736007)(8936002)(6436002)(66946007)(478600001)(64756008)(4326008)(6486002)(3846002)(36756003)(66066001)(1730700003)(14454004)(81166006)(1076003)(102836004)(66574012)(81156014)(50226002)(186003)(8676002)(26005)(316002)(76176011);DIR:OUT;SFP:1101;SCL:1;SRVR:DM6PR12MB3914;H:DM6PR12MB2682.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: f/KhYjudbXwaSfJ8IiaAlDhTgxQviOsy7BqzCaD2FkRX3O9bniWMDW8BQJSiGN1kfZXicMTr1AjCjxrl1bBDZ/rFvxctVSFIcuZLAsEiF3bShfzhB0212tTJNEymKcJjfnTh5WUUo0R7cOY3OH7OuC6qQaIecnOYF23eLIW+DeDunZTy9X0A4GeBQx8+cMr3VUNzb/bL3du9MTJi16lECaVUnodnR5Fa/bRblltlGibQSf/I4Z+YHXwHyvLy5pHW7d4t9P46gikeXmyP47CEDSuAzw9D7+41oxQqHsoiE8F8FS0Rv4B4BYZeijJWA63JMCI3AuGt/hHLpHCPZrt8QMWHfPH6FjLlrBvY7uVHSN1P7Ek0vlg76v6ocWbxbMsFGbMIFZp23YU/MMejDV9+OlOuOXC3sQCCSS6AmEFEKtg= Content-ID: MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 89e825ad-045b-4841-d322-08d6f59dcaf3 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jun 2019 16:38:58.6479 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3914 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Invoke a hypercall when a memory region is changed from encrypted -> decrypted and vice versa. Hypervisor need to know the page encryption status during the guest migration. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/mem_encrypt.h | 3 ++ arch/x86/mm/mem_encrypt.c | 45 +++++++++++++++++++++++++++++- arch/x86/mm/pageattr.c | 15 ++++++++++ 3 files changed, 62 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h index 616f8e637bc3..3f43cfdd0209 100644 --- a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -97,4 +97,7 @@ extern char __start_bss_decrypted[], __end_bss_decrypted[], __start_bss_decrypte #endif /* __ASSEMBLY__ */ +extern void set_memory_enc_dec_hypercall(unsigned long vaddr, + unsigned long size, bool enc); + #endif /* __X86_MEM_ENCRYPT_H__ */ diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index 51f50a7a07ef..55a4c806786d 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -18,6 +18,7 @@ #include #include #include +#include #include #include @@ -28,6 +29,7 @@ #include #include #include +#include #include "mm_internal.h" @@ -195,6 +197,45 @@ void __init sme_early_init(void) swiotlb_force = SWIOTLB_FORCE; } +void set_memory_enc_dec_hypercall(unsigned long vaddr, unsigned long sz, bool enc) +{ + unsigned long vaddr_end, vaddr_next; + + vaddr_end = vaddr + sz; + + for (; vaddr < vaddr_end; vaddr = vaddr_next) { + int psize, pmask, level; + unsigned long pfn; + pte_t *kpte; + + kpte = lookup_address(vaddr, &level); + if (!kpte || pte_none(*kpte)) + return; + + switch (level) { + case PG_LEVEL_4K: + pfn = pte_pfn(*kpte); + break; + case PG_LEVEL_2M: + pfn = pmd_pfn(*(pmd_t *)kpte); + break; + case PG_LEVEL_1G: + pfn = pud_pfn(*(pud_t *)kpte); + break; + default: + return; + } + + psize = page_level_size(level); + pmask = page_level_mask(level); + + kvm_sev_hypercall3(KVM_HC_PAGE_ENC_STATUS, + pfn << PAGE_SHIFT, psize >> PAGE_SHIFT, enc); + + vaddr_next = (vaddr & pmask) + psize; + } +} + static void __init __set_clr_pte_enc(pte_t *kpte, int level, bool enc) { pgprot_t old_prot, new_prot; @@ -252,12 +293,13 @@ static void __init __set_clr_pte_enc(pte_t *kpte, int level, bool enc) static int __init early_set_memory_enc_dec(unsigned long vaddr, unsigned long size, bool enc) { - unsigned long vaddr_end, vaddr_next; + unsigned long vaddr_end, vaddr_next, start; unsigned long psize, pmask; int split_page_size_mask; int level, ret; pte_t *kpte; + start = vaddr; vaddr_next = vaddr; vaddr_end = vaddr + size; @@ -312,6 +354,7 @@ static int __init early_set_memory_enc_dec(unsigned long vaddr, ret = 0; + set_memory_enc_dec_hypercall(start, size, enc); out: __flush_tlb_all(); return ret; diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c index 6a9a77a403c9..971f70f58f49 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -26,6 +26,7 @@ #include #include #include +#include #include "mm_internal.h" @@ -2020,6 +2021,12 @@ int set_memory_global(unsigned long addr, int numpages) __pgprot(_PAGE_GLOBAL), 0); } +void __attribute__((weak)) set_memory_enc_dec_hypercall(unsigned long addr, + unsigned long size, + bool enc) +{ +} + static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc) { struct cpa_data cpa; @@ -2060,6 +2067,14 @@ static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc) */ cpa_flush(&cpa, 0); + /* + * When SEV is active, notify hypervisor that a given memory range is mapped + * encrypted or decrypted. Hypervisor will use this information during + * the VM migration. + */ + if (sev_active()) + set_memory_enc_dec_hypercall(addr, numpages << PAGE_SHIFT, enc); + return ret; } From patchwork Thu Jun 20 16:38:59 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 11007439 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2E8B7924 for ; Thu, 20 Jun 2019 16:39:33 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1F87528812 for ; Thu, 20 Jun 2019 16:39:33 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 13E2228816; Thu, 20 Jun 2019 16:39:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 79D6B28812 for ; Thu, 20 Jun 2019 16:39:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732227AbfFTQj1 (ORCPT ); Thu, 20 Jun 2019 12:39:27 -0400 Received: from mail-eopbgr770088.outbound.protection.outlook.com ([40.107.77.88]:38590 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1732193AbfFTQjI (ORCPT ); Thu, 20 Jun 2019 12:39:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZbtNYxLxGV8f6QaGQ4ahAqBMG7VRpdsSTa+UoFQ2y9c=; b=R8544UScaXHdQ/3ocFMQfllL7LwKnKopZhcZTp68cCkrMSiJkMOgqEfzMuKhrJQ+X59t7+8mMBCxUJ0bQgb/K2iNXTW2OXm62lnYMDhx1SFChrH4GT2TX+u6ULoNs15tkmK/FTSwedMFN92pe9d3i3DKvf+Vou+xtkpYEUdYWfU= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB3914.namprd12.prod.outlook.com (10.255.174.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1987.10; Thu, 20 Jun 2019 16:38:59 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::b9c1:b235:fff3:dba2]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::b9c1:b235:fff3:dba2%6]) with mapi id 15.20.1987.014; Thu, 20 Jun 2019 16:38:59 +0000 From: "Singh, Brijesh" To: "kvm@vger.kernel.org" CC: "Singh, Brijesh" , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= , Joerg Roedel , Borislav Petkov , "Lendacky, Thomas" , "x86@kernel.org" , "linux-kernel@vger.kernel.org" Subject: [RFC PATCH v2 11/11] KVM: x86: Introduce KVM_SET_PAGE_ENC_BITMAP ioctl Thread-Topic: [RFC PATCH v2 11/11] KVM: x86: Introduce KVM_SET_PAGE_ENC_BITMAP ioctl Thread-Index: AQHVJ4apDh2KKU1Q4k6H2coLOcAvZw== Date: Thu, 20 Jun 2019 16:38:59 +0000 Message-ID: <20190620163832.5451-12-brijesh.singh@amd.com> References: <20190620163832.5451-1-brijesh.singh@amd.com> In-Reply-To: <20190620163832.5451-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: DM5PR15CA0055.namprd15.prod.outlook.com (2603:10b6:3:ae::17) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 0911ff85-c080-47b3-7833-08d6f59dcb73 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020);SRVR:DM6PR12MB3914; x-ms-traffictypediagnostic: DM6PR12MB3914: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2043; x-forefront-prvs: 0074BBE012 x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(396003)(346002)(136003)(366004)(376002)(39860400002)(199004)(189003)(2616005)(52116002)(54906003)(86362001)(305945005)(256004)(6916009)(71190400001)(2501003)(71200400001)(6116002)(2906002)(25786009)(6512007)(53936002)(66446008)(6506007)(5640700003)(386003)(7416002)(14444005)(2351001)(66476007)(66556008)(7736002)(486006)(5660300002)(11346002)(476003)(99286004)(446003)(73956011)(68736007)(8936002)(6436002)(66946007)(478600001)(64756008)(4326008)(6486002)(3846002)(36756003)(66066001)(1730700003)(14454004)(81166006)(1076003)(102836004)(66574012)(81156014)(50226002)(186003)(8676002)(26005)(316002)(76176011);DIR:OUT;SFP:1101;SCL:1;SRVR:DM6PR12MB3914;H:DM6PR12MB2682.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: KatWGLYB+7UqoA2xSrDvHAEJL3jWBc4+ZH1EH7cNaFzEy2S6AGCryERM54YsSnHN3eeVZalgYfWmcjJ/EZgGw7ptlQ6hpLM3FcjQOzCbEqjTFTlw0iME0ScOlJRV6ZmGX2Ia/BjoEhAVpQ0EhJxFgqVeke2jHwiFX9KkRCgIRz4nsprB/LPGTvP+I9yDOWeWFK8I97ZeuoS91yqomYgXzFJ8QrAvYZ+dkSVRheTiwdaQd1GNXENFHXO+1vlCfVxvi1NjiEk0q10koJPebPIzqSPvK2PwsAJ+JjobagwvaAWrEBjQ9zyHps5Va7+pt2ioQVKn/xKFIWQu/tS60xj4X2a1g/S/fgcw3qdm+xA4bfnyDKt1BXPsn4xbX+KOb1528wS50vAKbWIwiVudj766sfnr8GNK957h7W4iJf9tmN8= Content-ID: MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0911ff85-c080-47b3-7833-08d6f59dcb73 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jun 2019 16:38:59.6164 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sbrijesh@amd.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3914 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The ioctl can be used to set page encryption bitmap for an incoming guest. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm.c | 44 ++++++++++++++++++++++++++++++++- arch/x86/kvm/x86.c | 12 +++++++++ include/uapi/linux/kvm.h | 1 + 4 files changed, 57 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 4dda5891200d..1867fb67c866 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1205,6 +1205,7 @@ struct kvm_x86_ops { int (*page_enc_status_hc)(struct kvm *kvm, unsigned long gpa, unsigned long sz, unsigned long mode); int (*get_page_enc_bitmap)(struct kvm *kvm, struct kvm_page_enc_bitmap *bmap); + int (*set_page_enc_bitmap)(struct kvm *kvm, struct kvm_page_enc_bitmap *bmap); }; struct kvm_arch_async_pf { diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index af9b33e4bb53..96bc1da31b49 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -7462,6 +7462,47 @@ static int svm_get_page_enc_bitmap(struct kvm *kvm, return ret; } +static int svm_set_page_enc_bitmap(struct kvm *kvm, + struct kvm_page_enc_bitmap *bmap) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + unsigned long gfn_start, gfn_end; + unsigned long *bitmap; + unsigned long sz, i; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + gfn_start = bmap->start; + gfn_end = gfn_start + bmap->num_pages; + + sz = ALIGN(bmap->num_pages, BITS_PER_LONG) / 8; + bitmap = kmalloc(sz, GFP_KERNEL); + if (!bitmap) + return -ENOMEM; + + ret = -EFAULT; + if (copy_from_user(bitmap, bmap->enc_bitmap, sz)) + goto out; + + mutex_lock(&kvm->lock); + ret = sev_resize_page_enc_bitmap(kvm, gfn_end); + if (ret) + goto unlock; + + i = gfn_start; + for_each_clear_bit_from(i, bitmap, (gfn_end - gfn_start)) + clear_bit(i + gfn_start, sev->page_enc_bmap); + + ret = 0; +unlock: + mutex_unlock(&kvm->lock); +out: + kfree(bitmap); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -7805,7 +7846,8 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = { .need_emulation_on_page_fault = svm_need_emulation_on_page_fault, .page_enc_status_hc = svm_page_enc_status_hc, - .get_page_enc_bitmap = svm_get_page_enc_bitmap + .get_page_enc_bitmap = svm_get_page_enc_bitmap, + .set_page_enc_bitmap = svm_set_page_enc_bitmap }; static int __init svm_init(void) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index cec986ebc793..9b2f69d9d049 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4941,6 +4941,18 @@ long kvm_arch_vm_ioctl(struct file *filp, r = kvm_x86_ops->get_page_enc_bitmap(kvm, &bitmap); break; } + case KVM_SET_PAGE_ENC_BITMAP: { + struct kvm_page_enc_bitmap bitmap; + + r = -EFAULT; + if (copy_from_user(&bitmap, argp, sizeof(bitmap))) + goto out; + + r = -ENOTTY; + if (kvm_x86_ops->set_page_enc_bitmap) + r = kvm_x86_ops->set_page_enc_bitmap(kvm, &bitmap); + break; + } default: r = -ENOTTY; } diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index ce4ae8929d00..217719b8c795 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1462,6 +1462,7 @@ struct kvm_enc_region { #define KVM_ARM_VCPU_FINALIZE _IOW(KVMIO, 0xc2, int) #define KVM_GET_PAGE_ENC_BITMAP _IOW(KVMIO, 0xc2, struct kvm_page_enc_bitmap) +#define KVM_SET_PAGE_ENC_BITMAP _IOW(KVMIO, 0xc3, struct kvm_page_enc_bitmap) /* Secure Encrypted Virtualization command */ enum sev_cmd_id {