From patchwork Mon Nov 30 23:31:51 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11941519 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 620F2C64E90 for ; Mon, 30 Nov 2020 23:33:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0227120857 for ; Mon, 30 Nov 2020 23:33:17 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="UtQBwLjX" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388587AbgK3Xc4 (ORCPT ); Mon, 30 Nov 2020 18:32:56 -0500 Received: from mail-bn7nam10on2065.outbound.protection.outlook.com ([40.107.92.65]:9217 "EHLO NAM10-BN7-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2387524AbgK3Xcz (ORCPT ); Mon, 30 Nov 2020 18:32:55 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PDxWx+SJrJX7YswGRR98ciqIuSGN/z4KyHT0OWNYxZaXiivgYxoEDqdPk1DtGo2uSesb8/tOiocYjLakqkSROr+Duis6bYFam+2vysLnh7sJB6tAaMtZAHaCRl+CLiAqEsnyKFkGOJG6NOldXBRRHaLVpJVJBVWuQtI8IYVf8UbVO5WOQmz7SGLb5aWaWDl2yMmD9XG1VHhgw/hyaFb29fIVdUteX1kUJSM9XIO2P4sef9Odpc3wZC8OYwidHYJh/P87FwVDVyGi3VaoYQun8iCdzp2XrbQTw6aXYkBj2xHSsUX7ICBei7Ca0bHsv6pR8bop1TXfnzUDLfwFlMqnmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=djYOIZIAe+UUpzeBZtr/RMxOzG5cL+NruPXwZsscQuI=; b=g4fBt5DbqnLX9IRc4HWjt8v7NpWRE8wxBJz866zqOIGJ/iaNRG/TWoXNd+iQ5BtZGryyk6gvHzJhFN2Ykw19lfEDkoQ09KtDkr2RvpH9mVbVo05eylROfn54OzERMsARdysw8q3kIWl02hYve5zTIqQCXbwWQboPkCBJGx5ZQfy40FBEl8nonCkTsdgJpN+KhrJfi+1YPiuV7OQKiuqiU2Ztwg62Sq0xA9S83EdBRvNERxF87QTOfZizVL4wrxTrPXTKX+M6qT7Lvrd+nHuD9JO0YDvXCkIBWAEoOurLVIq5KZpX6icxBhyZdGuXNGS5WrxeFGKdzN7F2aHyVxqeSw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=djYOIZIAe+UUpzeBZtr/RMxOzG5cL+NruPXwZsscQuI=; b=UtQBwLjXckQQAd2MmOeaLPkhKGP1uhEDEkiXJt0foJenL85tH58fliENWlXe96RrWv/7IPtd8m+Epc4xOkh7A7pukYMyD+y2jjnsK2gEYySzKMrt2yBHObkOJgyJHuGKYPZINElZf8l/RGjhL6U3qxFyUK2EyISQ64ZzbyJ70B4= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4509.namprd12.prod.outlook.com (2603:10b6:806:9e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.25; Mon, 30 Nov 2020 23:32:01 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3611.025; Mon, 30 Nov 2020 23:32:01 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, brijesh.singh@amd.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com, frankeh@us.ibm.com, dgilbert@redhat.com Subject: [PATCH 1/9] KVM: x86: Add AMD SEV specific Hypercall3 Date: Mon, 30 Nov 2020 23:31:51 +0000 Message-Id: <07e95f9e92673dc6373e7664f24db6c82ea596c9.1606633738.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR13CA0115.namprd13.prod.outlook.com (2603:10b6:806:24::30) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SA9PR13CA0115.namprd13.prod.outlook.com (2603:10b6:806:24::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.6 via Frontend Transport; Mon, 30 Nov 2020 23:32:01 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: f3f9c834-53f8-44f2-0ecb-08d895882379 X-MS-TrafficTypeDiagnostic: SA0PR12MB4509: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3513; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: xbfZkGFZAa/KC1a3OoqPtuRscmOGfzbuLm8ryCFc+GgOc1hY04Gt7vzolNgqaDY1C5ONcBJt6V7plEGV1tkzz8te04+fAFkLn9j78NLXnoaff0brI0YNAvPbkQVbeTPsAN18g+70opabBGk7qi1EuIFODGUPCIcZLOagTT8hVXZ+EkFWQU+/85LDjV9Oogq7TbMsFpLnWaR1sX8hRCSo46C0My/MGMgTKoFvOd/eTUcTIBCei/YYgAnEqpTttKRprh4bkGVKUFLpqPNf3e7mbmPnJj0nP89K4jgtPzbaTxAF902SspECY8xR2j8T3WPSUB/KC/e6i8evW56WQsVdxA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39860400002)(396003)(346002)(366004)(376002)(26005)(956004)(5660300002)(16526019)(7416002)(4326008)(86362001)(2616005)(186003)(316002)(7696005)(6916009)(2906002)(8936002)(6486002)(52116002)(8676002)(66946007)(478600001)(6666004)(66476007)(66556008)(36756003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: 4ohkbZHLXIkdiksEUkQmKv2eJQXc+l+dgsY2mYpRqIe2CkXiazVUIQsKLzNO96LLhM+gNZAsqbe8Met4molsrNTVMxbAqtywYpgWOQ7xCqjHN4bxi+BfqoplarA5jUIcFD6xlnqfV8BMMLVE9E6DVJ+OchHxUnn3WC0di8wnibH1aGC2uDeZEbP19NObXrpPBu86g0ZHar0jIRu5JJyanwMhmQRr1qxFkjXCL+11eq1k+E5E1aRax8VqVmylOruAkGmS++uJNI8Y7R1rlTnFzxmHLCDGAZmID+LIH80iQmP1mFFRGecxrL5+mv/LITeYlvA11BIXWDak+6Rd764oBGK+YIfdkNs7QQ8Et/RPznDKOAYjCTBxptephowJ1b92OsxHbE6QgvY3uR47nVcv6pR6rr4QhHHQ7ToBHAFz3/MUIfr5w/WW67YfDmdQTo4GX4ihk8j2qlMowYHC0hJLzfIJy3j3adr6vHGBtiVW+2RzSuDYi+4Xt5eUXT8imXqSp/HJoEDUpJWOqIYypU5jng8x68KQO0c0PKdTzNM33aByLoHvRz+7lvwR1pggQ7T7izK6Vguyreriv/NLLOGvCnBVZsqsAzqH+Qk4WePsYNQDRumcTKUhhAuHQL0kvw2fsATSPvjABeBbccIbVw9hvnpNivKqq+A2d+fsbSb/X+QkXazAVfmO5aTSi4sHLeWp3/eayKNu40f88xS9bhNgKXrJ8LHKqd7lLBMOZEPV+CBCKfKmqjaqWhLFo6uX1ysZ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: f3f9c834-53f8-44f2-0ecb-08d895882379 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Nov 2020 23:32:01.7841 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: QAqT6RRRSHJqTM4qFSxaVensdU7yRYmmZLCc9RTCsaigSbo3kymkh2J76MiHOIaf2iqfWojx3AEYJSH0HUa/kw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4509 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh KVM hypercall framework relies on alternative framework to patch the VMCALL -> VMMCALL on AMD platform. If a hypercall is made before apply_alternative() is called then it defaults to VMCALL. The approach works fine on non SEV guest. A VMCALL would causes #UD, and hypervisor will be able to decode the instruction and do the right things. But when SEV is active, guest memory is encrypted with guest key and hypervisor will not be able to decode the instruction bytes. Add SEV specific hypercall3, it unconditionally uses VMMCALL. The hypercall will be used by the SEV guest to notify encrypted pages to the hypervisor. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Steve Rutherford Reviewed-by: Venu Busireddy Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- arch/x86/include/asm/kvm_para.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/arch/x86/include/asm/kvm_para.h b/arch/x86/include/asm/kvm_para.h index 338119852512..bc1b11d057fc 100644 --- a/arch/x86/include/asm/kvm_para.h +++ b/arch/x86/include/asm/kvm_para.h @@ -85,6 +85,18 @@ static inline long kvm_hypercall4(unsigned int nr, unsigned long p1, return ret; } +static inline long kvm_sev_hypercall3(unsigned int nr, unsigned long p1, + unsigned long p2, unsigned long p3) +{ + long ret; + + asm volatile("vmmcall" + : "=a"(ret) + : "a"(nr), "b"(p1), "c"(p2), "d"(p3) + : "memory"); + return ret; +} + #ifdef CONFIG_KVM_GUEST bool kvm_para_available(void); unsigned int kvm_arch_para_features(void); From patchwork Mon Nov 30 23:32:08 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11941525 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 870ABC71156 for ; Mon, 30 Nov 2020 23:34:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 25A5320725 for ; Mon, 30 Nov 2020 23:34:44 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="uBFKXQqw" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388858AbgK3Xdo (ORCPT ); Mon, 30 Nov 2020 18:33:44 -0500 Received: from mail-bn8nam11on2064.outbound.protection.outlook.com ([40.107.236.64]:11880 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2388814AbgK3Xdn (ORCPT ); Mon, 30 Nov 2020 18:33:43 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Pa91OK90B0XcG/Qo68m7Rf7lJcw27ehvotxgZOlDH5HO1kTM6gWK9cMC0FqDcj7kMvRCG5BiYsCRWV1O7vFgwej6kjyB3FcU7hg+6lBcQ44TYHrGqxOW+HPkpMelBrrrL84SCKkrxmw2KfWFFJsGpSzbGJN3dsx8+ZwcuF/5+VnDi9TbOBt1KDxej4ETe2n63ql5wXYfOH4OBRhHIRlV5kkHLqyd3NjzqWShO7WFF1xyUv9sWzJjmxigE6p5xIzzXNgPykI9mrHpq1hS9lk7MI4WZxurG8IfC0zpfoMV8YDDyuWpMadq7Cfs/TBIskPru32gSX8ojT/0+yQE/VhBFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6/W/Bj1oWA6as8Ly5QDHBEa5SeBoKho1LBHHRkltC9s=; b=ahVH2psgaoGoAhvJE3FNOBDE4Irdy2ZHPy8KoExKu73Ea1d6RqFPP5ugCqF27a8wW8yOlBoAeKgIE0q+9fqPCYXAL09iKg6Y3pmke2CBls8qBlLm4kbtU1LZp9z+b8HCPH+7j+7qM8ltjYkXItMIDKz9L4gJDBTavc8/F4iQ+rNbj79q+KTGRH9c7sEdpkSE2uHXbRFaRzdTjbXIXhURC/XH5VfKWbNJWdlkH0adNUTg3XD1Fhn99CUwdzftXb/yelpu1sbajyoKId+p9ukHYEz9UOa3HXnikMhNLnNhHRwacJioUoocav02SqktedS+ENuhGgNemDTV2NlvjK6B/Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6/W/Bj1oWA6as8Ly5QDHBEa5SeBoKho1LBHHRkltC9s=; b=uBFKXQqwrgPGhLL4gV8aMtGTb4oLXlJM13y4AzHFyFwZ5I8fmI8XT7+2P/kjPgMiFI/+PpFjTMkIlrB4VWxdpyc9yup6/GwDVL4JJ9eI+SDDoInKtSGMdQx69kKCBuHRfb5Z5VrYt87wQi8CFv0GTuHPHaW0TbkxQBxmMJNzZ64= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4509.namprd12.prod.outlook.com (2603:10b6:806:9e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.25; Mon, 30 Nov 2020 23:32:18 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3611.025; Mon, 30 Nov 2020 23:32:18 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, brijesh.singh@amd.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com, frankeh@us.ibm.com, dgilbert@redhat.com Subject: [PATCH 2/9] KVM: X86: Introduce KVM_HC_PAGE_ENC_STATUS hypercall Date: Mon, 30 Nov 2020 23:32:08 +0000 Message-Id: <75ca679a44a12cb482ddf75cb95943f74a594bad.1606633738.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN6PR16CA0057.namprd16.prod.outlook.com (2603:10b6:805:ca::34) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN6PR16CA0057.namprd16.prod.outlook.com (2603:10b6:805:ca::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.20 via Frontend Transport; Mon, 30 Nov 2020 23:32:17 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: e50db2f0-3909-452d-b1b1-08d895882d6b X-MS-TrafficTypeDiagnostic: SA0PR12MB4509: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:289; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: p5/VZU8MPXpp/KGq8WYFna6kyEViqTPLYgX9/o117Gk/ElsgwvKvgDW69CPXhIWjsmwCabdX+4CzONhgghSypgCgOsz5gSIL4HNwKzybQKd+rXdaYuhSF6bJZpjFRpBsvkilYjaaBVN3zs3/RGQbO4PVFQVrXFM00XzFFfoDgolTHammGREvj/DIq51eGHWZlP0iGGLABnIvq6YIiaivjgggt+6rw94OTX4Fmx2FMHzUleQVGLPdiWpI7dVWEwZFj0b7nHcKZqsavO8VM8GWSMfbt/CsA+mqJ9IRG2i3fzF9rdyLXaO6lej0P55pVDDBcQEJXBh3rhLg9tLW+vgsuw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39860400002)(396003)(346002)(366004)(376002)(26005)(83380400001)(956004)(5660300002)(16526019)(7416002)(4326008)(86362001)(2616005)(186003)(316002)(7696005)(6916009)(2906002)(8936002)(6486002)(52116002)(8676002)(66946007)(478600001)(6666004)(66476007)(66556008)(66574015)(36756003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: VE3WGiOW1zp4jXxoR8Q7MGfDL1OAwUAzocKjsnatliN41aELV34W/ytsh5rD1nMm2EtL69uOKNMzaMDfFfs1Y+dyFIh9paKYwEa2gYBMWfiBN0UbWJ43ZncDm+0jaoID8S3CBGwzp1pL+hht3190trykt2c3FnKulqjod7LWH+yfqM7fvV7lNyhdFml7WwovhuAauEF5zdOr44dtc1/rkkpDZ9i9MjkRPZAdC097Bj2DC0bW4Ly9FmZQkwGMr2zxWO9g/I6QdydXGlJUCcS+TriA50qRc9OJazl++r4zkDKEgvQcCgQISH5SgVHfVLHS9HfHJOeE2c+LTtE8X/D4Qghw9EikJUZWVPbb0LME5yJaXrzc+tqACiXuzCsF43OZ0kBdE6gZTT+FWLaTsJ8IZY5p1v217hWMOg8ibBP/xNwyFzI5ob2BqutcldHsqKvJDGtacOFV6A2PxfrwsISV2XEFtx8N/udNKVuL5eZr0ZnAJtpBSCwifBm99kdSQSbnc+rYUMAtfsob2KORUAg0MZNDVySx+mhBdUismI6DDpabOmcBJaNIn9V9Eqgsn8AQ4aTonyJh0ZY2cIkzy5hEUTFvdQnWcsqE7EGhsmvS/TpydVhNB/ueSwqZCB9JBMYJ4xH1CnYCN+9M39Ssk9Ez/aMqL/hNS6vZMX9vHxyhZ6PBlcCNjFg8385/ElIlvJujhrOQo3ZHs8+vfxxmnDgWmOvgGqiu8XfwlhwSvwj5X+wmJ7k0uZCl+Cos8P9N+0y+ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: e50db2f0-3909-452d-b1b1-08d895882d6b X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Nov 2020 23:32:18.4577 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: YZ14Iyk1cEJlEewcyRKI7tfY7t0pwBqsqd6jlOHDEiEjx8fwZvY4xp9R3XBNjzuralQd2eOepsz1C77SIll3Uw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4509 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh This hypercall is used by the SEV guest to notify a change in the page encryption status to the hypervisor. The hypercall should be invoked only when the encryption attribute is changed from encrypted -> decrypted and vice versa. By default all guest pages are considered encrypted. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Venu Busireddy Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- Documentation/virt/kvm/hypercalls.rst | 15 +++++ arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kvm/svm/sev.c | 90 +++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 2 + arch/x86/kvm/svm/svm.h | 4 ++ arch/x86/kvm/vmx/vmx.c | 1 + arch/x86/kvm/x86.c | 6 ++ include/uapi/linux/kvm_para.h | 1 + 8 files changed, 121 insertions(+) diff --git a/Documentation/virt/kvm/hypercalls.rst b/Documentation/virt/kvm/hypercalls.rst index ed4fddd364ea..7aff0cebab7c 100644 --- a/Documentation/virt/kvm/hypercalls.rst +++ b/Documentation/virt/kvm/hypercalls.rst @@ -169,3 +169,18 @@ a0: destination APIC ID :Usage example: When sending a call-function IPI-many to vCPUs, yield if any of the IPI target vCPUs was preempted. + + +8. KVM_HC_PAGE_ENC_STATUS +------------------------- +:Architecture: x86 +:Status: active +:Purpose: Notify the encryption status changes in guest page table (SEV guest) + +a0: the guest physical address of the start page +a1: the number of pages +a2: encryption attribute + + Where: + * 1: Encryption attribute is set + * 0: Encryption attribute is cleared diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index f002cdb13a0b..d035dc983a7a 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1282,6 +1282,8 @@ struct kvm_x86_ops { void (*migrate_timers)(struct kvm_vcpu *vcpu); void (*msr_filter_changed)(struct kvm_vcpu *vcpu); + int (*page_enc_status_hc)(struct kvm *kvm, unsigned long gpa, + unsigned long sz, unsigned long mode); }; struct kvm_x86_nested_ops { diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 566f4d18185b..3e56d00aa1c6 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -927,6 +927,93 @@ static int sev_launch_secret(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_resize_page_enc_bitmap(struct kvm *kvm, unsigned long new_size) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + unsigned long *map; + unsigned long sz; + + if (sev->page_enc_bmap_size >= new_size) + return 0; + + sz = ALIGN(new_size, BITS_PER_LONG) / 8; + + map = vmalloc(sz); + if (!map) { + pr_err_once("Failed to allocate encrypted bitmap size %lx\n", + sz); + return -ENOMEM; + } + + /* mark the page encrypted (by default) */ + memset(map, 0xff, sz); + + bitmap_copy(map, sev->page_enc_bmap, sev->page_enc_bmap_size); + kvfree(sev->page_enc_bmap); + + sev->page_enc_bmap = map; + sev->page_enc_bmap_size = new_size; + + return 0; +} + +int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, + unsigned long npages, unsigned long enc) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + kvm_pfn_t pfn_start, pfn_end; + gfn_t gfn_start, gfn_end; + + if (!sev_guest(kvm)) + return -EINVAL; + + if (!npages) + return 0; + + gfn_start = gpa_to_gfn(gpa); + gfn_end = gfn_start + npages; + + /* out of bound access error check */ + if (gfn_end <= gfn_start) + return -EINVAL; + + /* lets make sure that gpa exist in our memslot */ + pfn_start = gfn_to_pfn(kvm, gfn_start); + pfn_end = gfn_to_pfn(kvm, gfn_end); + + if (is_error_noslot_pfn(pfn_start) && !is_noslot_pfn(pfn_start)) { + /* + * Allow guest MMIO range(s) to be added + * to the page encryption bitmap. + */ + return -EINVAL; + } + + if (is_error_noslot_pfn(pfn_end) && !is_noslot_pfn(pfn_end)) { + /* + * Allow guest MMIO range(s) to be added + * to the page encryption bitmap. + */ + return -EINVAL; + } + + mutex_lock(&kvm->lock); + + if (sev->page_enc_bmap_size < gfn_end) + goto unlock; + + if (enc) + __bitmap_set(sev->page_enc_bmap, gfn_start, + gfn_end - gfn_start); + else + __bitmap_clear(sev->page_enc_bmap, gfn_start, + gfn_end - gfn_start); + +unlock: + mutex_unlock(&kvm->lock); + return 0; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -1123,6 +1210,9 @@ void sev_vm_destroy(struct kvm *kvm) sev_unbind_asid(kvm, sev->handle); sev_asid_free(sev->asid); + + kvfree(sev->page_enc_bmap); + sev->page_enc_bmap = NULL; } int __init sev_hardware_setup(void) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 6dc337b9c231..7122ea5f7c47 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4312,6 +4312,8 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .apic_init_signal_blocked = svm_apic_init_signal_blocked, .msr_filter_changed = svm_msr_filter_changed, + + .page_enc_status_hc = svm_page_enc_status_hc, }; static struct kvm_x86_init_ops svm_init_ops __initdata = { diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index fdff76eb6ceb..0103a23ca174 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -66,6 +66,8 @@ struct kvm_sev_info { int fd; /* SEV device fd */ unsigned long pages_locked; /* Number of pages locked */ struct list_head regions_list; /* List of registered regions */ + unsigned long *page_enc_bmap; + unsigned long page_enc_bmap_size; }; struct kvm_svm { @@ -409,6 +411,8 @@ int nested_svm_check_exception(struct vcpu_svm *svm, unsigned nr, bool has_error_code, u32 error_code); int nested_svm_exit_special(struct vcpu_svm *svm); void sync_nested_vmcb_control(struct vcpu_svm *svm); +int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, + unsigned long npages, unsigned long enc); extern struct kvm_x86_nested_ops svm_nested_ops; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index c3441e7e5a87..5bc37a38e6be 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7722,6 +7722,7 @@ static struct kvm_x86_ops vmx_x86_ops __initdata = { .msr_filter_changed = vmx_msr_filter_changed, .cpu_dirty_log_size = vmx_cpu_dirty_log_size, + .page_enc_status_hc = NULL, }; static __init int hardware_setup(void) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index a3fdc16cfd6f..3afc78f18f69 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -8125,6 +8125,12 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu) kvm_sched_yield(vcpu->kvm, a0); ret = 0; break; + case KVM_HC_PAGE_ENC_STATUS: + ret = -KVM_ENOSYS; + if (kvm_x86_ops.page_enc_status_hc) + ret = kvm_x86_ops.page_enc_status_hc(vcpu->kvm, + a0, a1, a2); + break; default: ret = -KVM_ENOSYS; break; diff --git a/include/uapi/linux/kvm_para.h b/include/uapi/linux/kvm_para.h index 8b86609849b9..847b83b75dc8 100644 --- a/include/uapi/linux/kvm_para.h +++ b/include/uapi/linux/kvm_para.h @@ -29,6 +29,7 @@ #define KVM_HC_CLOCK_PAIRING 9 #define KVM_HC_SEND_IPI 10 #define KVM_HC_SCHED_YIELD 11 +#define KVM_HC_PAGE_ENC_STATUS 12 /* * hypercalls use architecture specific From patchwork Mon Nov 30 23:32:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11941521 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 29219C83016 for ; Mon, 30 Nov 2020 23:33:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CDCFD207BB for ; Mon, 30 Nov 2020 23:33:43 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="vOBFMjjr" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388728AbgK3XdT (ORCPT ); Mon, 30 Nov 2020 18:33:19 -0500 Received: from mail-bn7nam10on2065.outbound.protection.outlook.com ([40.107.92.65]:9217 "EHLO NAM10-BN7-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2388510AbgK3XdT (ORCPT ); Mon, 30 Nov 2020 18:33:19 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MjF3vK5RYhSrIP2ypQK1L7JvX01W3UT2Ppgyj7JxkKHNGritWe+GJ9+hWW8z8MndRTBEzFGp4zerd/l6/+R6LFT4RuqN4DC9kx82ws81DQAXZZS4BtGRYrUsrial6cBiULsqeqBRDTWaMn5G2z7AFAchPWSECgN1L3e0T3PKK8HsnYkeCZtVh8fcAN7RWabH1MYKY42t1a+XU3cjTzlrrNJXMZWFKwfPEQvVYT2Mqj3dglCvR8xxS5I6hUQ4lwY0Zu66SSDlekXVSBDL9HlUIbTASgGoSTXiqPAEGdz/kqMnLSSzExPYXzVKVkGxJjTviMSmJP3JkbgOsS/wY/ifuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/UXhCfDxTgEvBE5vtdMRkbTkXKFCt0VRwT/duu9C8kI=; b=Ivwx7DsOPQjZko5sflW2isFZsoLctak/hfOOF4BoObKPxqLY8y1JgyZKg5cRIlSnxzV+p8qd2OVuCs1DFGGymZnjZqpqvmvNWXRgOBujlfDInIlj1p3F4XeMYyebdxsLCXblfdxqC7hyTPHoG0t+NuXNuEsYkmF5CctNE6tHr97rDk7NUvJ7698gpPs2OBYTZjYHD7b8nuSycUWLrt+nY8rW+ZhKFz/RkgXm+5/0YaX0daek0IhRS5zmZlZNF5xJqN9vkUpDfFobx4LhlVAK51lJ4RGbtNY91svvTOvhqdFBRK4dsTKWQ/L9JevV3/P2SF4FrEcjILX4Gq6iJTBw4w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/UXhCfDxTgEvBE5vtdMRkbTkXKFCt0VRwT/duu9C8kI=; b=vOBFMjjr+r9oQkqAz5bYgPs2K1Imn5z81fAjc0ahbuOMbBQJ0HT8j6JaMapRrEmjGbOj7XnQ4+XKwVYOK7l2K3UPKqhXWcO7tIZdS5NSWYS4bJrLWC2pCu+FHFHQkw42xp6zPgEc74WY3c52Bs0TwuSA45yxcFHoooFSFOmgUYQ= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4509.namprd12.prod.outlook.com (2603:10b6:806:9e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.25; Mon, 30 Nov 2020 23:32:34 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3611.025; Mon, 30 Nov 2020 23:32:34 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, brijesh.singh@amd.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com, frankeh@us.ibm.com, dgilbert@redhat.com Subject: [PATCH 3/9] KVM: x86: Introduce KVM_GET_PAGE_ENC_BITMAP ioctl Date: Mon, 30 Nov 2020 23:32:24 +0000 Message-Id: <4770cb6f815a3061d6c6073ed22aa13ef43db783.1606633738.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN6PR05CA0014.namprd05.prod.outlook.com (2603:10b6:805:de::27) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN6PR05CA0014.namprd05.prod.outlook.com (2603:10b6:805:de::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.16 via Frontend Transport; Mon, 30 Nov 2020 23:32:33 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: ca8145b7-cf57-4ed4-facc-08d895883688 X-MS-TrafficTypeDiagnostic: SA0PR12MB4509: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3173; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: CRaUwN8ZpSMLYdaCNofowE0pTiGEf+gYIW6NqC57YThDBzbG5hvMTRavQ03Bt/1Sy9juKtyhXfYiP33uhOnsiwVhK4M0MCbBvFvPJeKsHx8oEpp4hjAkw8ufLydjatCixVIQ4TLwZYMculbhmGrCTncFsEtbSPmmr7h6QCW33qRNAIxFVi7VktftLBJrRLVWnWJYhNSkIj6tNH6e1tuVdg23I99RP+QPPnyT0O+OSJwS4cx9C4I+ZSmXWQdTNWxiEhDImvmDFn9tON9iItM3RA9+r/ZSzTMhdzE+CvRaX51/D0Tn+uY8ykyQlECkG7CRmHYe/NTKKOt5o+R1qFtXeQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39860400002)(396003)(346002)(366004)(376002)(26005)(83380400001)(956004)(5660300002)(16526019)(7416002)(4326008)(86362001)(2616005)(186003)(316002)(7696005)(6916009)(2906002)(8936002)(6486002)(52116002)(8676002)(66946007)(478600001)(6666004)(66476007)(66556008)(66574015)(36756003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: DeGe668Ed+oYHTu/nIxg6icmem4x9itcY/bi79epo2FONU14LVO5173M+9ky+OIaEiGgMrSufwY107K9XfArQypgNgKcry2nP9XjbIJD/gScL3UdUc814w8sFiUgr+wR+MUMU6f60Mvn7J2XUkKqjROoCHBCASkDqg/VYz5+cGvgpGe9Y2XIv8GaMw7zk5GKxSSG5MtLWftNWpdszpKvvhVFqETF//UTR2OfV1HmNnh55aIkS/ST/OASGhtayx63cLbmraBff86AdpKT4r3TceINH5A49xBKFc+idXF4eH5OjkWw1OUyFpwQjNlLo1cMBt8bv8SqSZuuQNpWoV2bPEdIKKq3hft5GDx5vbg+qfxk3sRbNKEMwC7jOMV+fn243hitbK2cp0P3r6IU+2AoAm3X5fbiTI1wNTph1yYs5uA1pqdNPxiujvXfDSdDUbx0PijPRw6/7UBeLTpQMZnIX8oXbGrcghAWfsR60GeOjWKoE2IDzLKJdMwJMKeg+JUF6kw7V0v3X6VjWaAt99Wj53tofH22sXWyH2ot0OYODYeLp6in31HNSaH4WqXhKSSk6fOODFVW+dxGZAB/tsqhuk1KoBoiqdpRWowqBhaUApE8dGZ1kSv1F/fBHu9+fEEI8DGEapuIqPjqqXphIFyXqem/ptO1rtx7biKDZUK9owfN9mT6UfLh1+u/7BsokBk5ayTCFXuF6CJbaGsKU+tZN2c6tvd/xB1zqxVnWATGPkp/LCILzlKMARXT1RIFwpfx X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ca8145b7-cf57-4ed4-facc-08d895883688 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Nov 2020 23:32:33.8181 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 8rzMLLx6F5NCXccLJr5LBGBDr1+8zGz+cWsPdOA3Fyr2dT8fTa6QHFlRYokFqBbBHp9zGgYl9hjg1IUaGPej9g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4509 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The ioctl can be used to retrieve page encryption bitmap for a given gfn range. Return the correct bitmap as per the number of pages being requested by the user. Ensure that we only copy bmap->num_pages bytes in the userspace buffer, if bmap->num_pages is not byte aligned we read the trailing bits from the userspace and copy those bits as is. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Venu Busireddy Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- Documentation/virt/kvm/api.rst | 27 +++++++++++++ arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kvm/svm/sev.c | 70 +++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 1 + arch/x86/kvm/svm/svm.h | 1 + arch/x86/kvm/x86.c | 12 ++++++ include/uapi/linux/kvm.h | 12 ++++++ 7 files changed, 125 insertions(+) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 70254eaa5229..ae410f4332ab 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -4671,6 +4671,33 @@ This ioctl resets VCPU registers and control structures according to the clear cpu reset definition in the POP. However, the cpu is not put into ESA mode. This reset is a superset of the initial reset. +4.125 KVM_GET_PAGE_ENC_BITMAP (vm ioctl) +--------------------------------------- + +:Capability: basic +:Architectures: x86 +:Type: vm ioctl +:Parameters: struct kvm_page_enc_bitmap (in/out) +:Returns: 0 on success, -1 on error + +/* for KVM_GET_PAGE_ENC_BITMAP */ +struct kvm_page_enc_bitmap { + __u64 start_gfn; + __u64 num_pages; + union { + void __user *enc_bitmap; /* one bit per page */ + __u64 padding2; + }; +}; + +The encrypted VMs have the concept of private and shared pages. The private +pages are encrypted with the guest-specific key, while the shared pages may +be encrypted with the hypervisor key. The KVM_GET_PAGE_ENC_BITMAP can +be used to get the bitmap indicating whether the guest page is private +or shared. The bitmap can be used during the guest migration. If the page +is private then the userspace need to use SEV migration commands to transmit +the page. + 4.125 KVM_S390_PV_COMMAND ------------------------- diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index d035dc983a7a..8c2e40199ecb 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1284,6 +1284,8 @@ struct kvm_x86_ops { void (*msr_filter_changed)(struct kvm_vcpu *vcpu); int (*page_enc_status_hc)(struct kvm *kvm, unsigned long gpa, unsigned long sz, unsigned long mode); + int (*get_page_enc_bitmap)(struct kvm *kvm, + struct kvm_page_enc_bitmap *bmap); }; struct kvm_x86_nested_ops { diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 3e56d00aa1c6..7869fca983f5 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1014,6 +1014,76 @@ int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, return 0; } +int svm_get_page_enc_bitmap(struct kvm *kvm, + struct kvm_page_enc_bitmap *bmap) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + unsigned long gfn_start, gfn_end; + unsigned long sz, i, sz_bytes; + unsigned long *bitmap; + int ret, n; + + if (!sev_guest(kvm)) + return -ENOTTY; + + gfn_start = bmap->start_gfn; + gfn_end = gfn_start + bmap->num_pages; + + sz = ALIGN(bmap->num_pages, BITS_PER_LONG) / BITS_PER_BYTE; + bitmap = kmalloc(sz, GFP_KERNEL); + if (!bitmap) + return -ENOMEM; + + /* by default all pages are marked encrypted */ + memset(bitmap, 0xff, sz); + + mutex_lock(&kvm->lock); + if (sev->page_enc_bmap) { + i = gfn_start; + for_each_clear_bit_from(i, sev->page_enc_bmap, + min(sev->page_enc_bmap_size, gfn_end)) + clear_bit(i - gfn_start, bitmap); + } + mutex_unlock(&kvm->lock); + + ret = -EFAULT; + + n = bmap->num_pages % BITS_PER_BYTE; + sz_bytes = ALIGN(bmap->num_pages, BITS_PER_BYTE) / BITS_PER_BYTE; + + /* + * Return the correct bitmap as per the number of pages being + * requested by the user. Ensure that we only copy bmap->num_pages + * bytes in the userspace buffer, if bmap->num_pages is not byte + * aligned we read the trailing bits from the userspace and copy + * those bits as is. + */ + + if (n) { + unsigned char *bitmap_kernel = (unsigned char *)bitmap; + unsigned char bitmap_user; + unsigned long offset, mask; + + offset = bmap->num_pages / BITS_PER_BYTE; + if (copy_from_user(&bitmap_user, bmap->enc_bitmap + offset, + sizeof(unsigned char))) + goto out; + + mask = GENMASK(n - 1, 0); + bitmap_user &= ~mask; + bitmap_kernel[offset] &= mask; + bitmap_kernel[offset] |= bitmap_user; + } + + if (copy_to_user(bmap->enc_bitmap, bitmap, sz_bytes)) + goto out; + + ret = 0; +out: + kfree(bitmap); + return ret; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 7122ea5f7c47..bff89cab3ed0 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4314,6 +4314,7 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .msr_filter_changed = svm_msr_filter_changed, .page_enc_status_hc = svm_page_enc_status_hc, + .get_page_enc_bitmap = svm_get_page_enc_bitmap, }; static struct kvm_x86_init_ops svm_init_ops __initdata = { diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 0103a23ca174..4ce73f1034b9 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -413,6 +413,7 @@ int nested_svm_exit_special(struct vcpu_svm *svm); void sync_nested_vmcb_control(struct vcpu_svm *svm); int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, unsigned long npages, unsigned long enc); +int svm_get_page_enc_bitmap(struct kvm *kvm, struct kvm_page_enc_bitmap *bmap); extern struct kvm_x86_nested_ops svm_nested_ops; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 3afc78f18f69..d3cb95a4dd55 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -5695,6 +5695,18 @@ long kvm_arch_vm_ioctl(struct file *filp, case KVM_X86_SET_MSR_FILTER: r = kvm_vm_ioctl_set_msr_filter(kvm, argp); break; + case KVM_GET_PAGE_ENC_BITMAP: { + struct kvm_page_enc_bitmap bitmap; + + r = -EFAULT; + if (copy_from_user(&bitmap, argp, sizeof(bitmap))) + goto out; + + r = -ENOTTY; + if (kvm_x86_ops.get_page_enc_bitmap) + r = kvm_x86_ops.get_page_enc_bitmap(kvm, &bitmap); + break; + } default: r = -ENOTTY; } diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 886802b8ffba..d0b9171bdb03 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -532,6 +532,16 @@ struct kvm_dirty_log { }; }; +/* for KVM_GET_PAGE_ENC_BITMAP */ +struct kvm_page_enc_bitmap { + __u64 start_gfn; + __u64 num_pages; + union { + void __user *enc_bitmap; /* one bit per page */ + __u64 padding2; + }; +}; + /* for KVM_CLEAR_DIRTY_LOG */ struct kvm_clear_dirty_log { __u32 slot; @@ -1563,6 +1573,8 @@ struct kvm_pv_cmd { /* Available with KVM_CAP_DIRTY_LOG_RING */ #define KVM_RESET_DIRTY_RINGS _IO(KVMIO, 0xc7) +#define KVM_GET_PAGE_ENC_BITMAP _IOW(KVMIO, 0xc6, struct kvm_page_enc_bitmap) + /* Secure Encrypted Virtualization command */ enum sev_cmd_id { /* Guest initialization commands */ From patchwork Mon Nov 30 23:32:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11941523 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0C232C63777 for ; Mon, 30 Nov 2020 23:34:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 921A4207BB for ; Mon, 30 Nov 2020 23:34:43 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="CiDr0DQu" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388843AbgK3Xdn (ORCPT ); Mon, 30 Nov 2020 18:33:43 -0500 Received: from mail-bn7nam10on2065.outbound.protection.outlook.com ([40.107.92.65]:9217 "EHLO NAM10-BN7-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2388510AbgK3Xdm (ORCPT ); Mon, 30 Nov 2020 18:33:42 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ikkv3Xl3cRTnXfYtfhwybpGZIzFxZ2rloO7g6QIEkGZnargUN76ssGIwhtPZc6jL7sjIG3khcTOaKuA4O2nKUaR7NWWzUdBkRYm5KxJV9oaT4arRNcKnKnhxRjtjVvIjD2n1oS/z7YbA0QEILPFe75qxqFmTxXQMXY6pAAcp+bbBJXSaVRsxV15R7yeSxLTv/OiWMj6Q7LOCQwSJ2hnltTGAdSzAdNNWo5xAVnkn0kKXHuRU0LHxOVnm9oURrxtA2Pgmev0rIvfo2PicIEy1anH2f0dCClQPNyv4t7Y7vZG6itSNUnrVyJa+NZ5aK/00m9K2djtekZirvNCNbOB4oA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZhKI0DkAsAvx2gmnAyq5fMDUyMXKmNtJ5iq1d326ZZk=; b=i2YMGvEzku7oKhlKYUQF1oIyJXP/V4gq7tgzFP8XiXb6ehvhMcsZn6iLuHHmBPpkOqj6vds/bhjn7LoJwqtbD5NcYm+BW69otnNPHWpPMBvye1rWxxqweCE0l7edxDFg6D5Mj56BkXKnacq6Usw0+9HQrC37UO9zww3mBAap5QJt+EsUMpIWJNLlKuWq6+ylnUoEtqexhCIBv61ps/DYWw1IzjbyieS3aqT7Smg8VD6XmyzBrmywLXyz+CIweqNrbeudfZfhumrhdJ66BmYBaLZHhDDDokf1jXfu55z4ks+xIq/W+WOxRcHCK29yuxT4ylIQAv8W/x3bhUGQK7ZtvQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZhKI0DkAsAvx2gmnAyq5fMDUyMXKmNtJ5iq1d326ZZk=; b=CiDr0DQu8/ggEI9J9wa81JH33gaRws1R1RNMGTYABxvpGNVl/bo0KF1x/xMfxEeg8rLfixte0KmkIzz4zwi2PJZ60QIhbbH/pVUTFeOI29UR9wKIdpPgTxaXBlFL1srqFv2uz37P3GsV/QHzfmN/SU+9x9/poq4Bfv1I7V9AJbs= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4509.namprd12.prod.outlook.com (2603:10b6:806:9e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.25; Mon, 30 Nov 2020 23:32:53 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3611.025; Mon, 30 Nov 2020 23:32:53 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, brijesh.singh@amd.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com, frankeh@us.ibm.com, dgilbert@redhat.com Subject: [PATCH 4/9] mm: x86: Invoke hypercall when page encryption status is changed. Date: Mon, 30 Nov 2020 23:32:44 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0501CA0052.namprd05.prod.outlook.com (2603:10b6:803:41::29) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN4PR0501CA0052.namprd05.prod.outlook.com (2603:10b6:803:41::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.7 via Frontend Transport; Mon, 30 Nov 2020 23:32:52 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 371de7c6-5420-4b86-688e-08d895884250 X-MS-TrafficTypeDiagnostic: SA0PR12MB4509: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5516; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: MGA8oBzux5zbQ8fCa/4fjXFtP2JYnV3S3rsIh5e4FiVG0Tyx/cHQRqfxt1tW3P7XriwkiiiuDTrb1r0vB1enYyY1l5bz/Me0PQLwI/14YMXlBT81cobe2SYrDZhovBWVPYh189uSYmmZ6bBoN+xZoq7yVH6DUG4/C6iQH2laaLBC+teQUH5XkM0L5sLILMsMEhS2hAgrXFukRtAQNkAeDnqZ9FQdCJgJ4ZwU23KxnWOnXqUCQdfOfEDmVFqjpuonix6JzuBJfVl3iP192u9mOrFto4gWqNhtTywgzWdZ4XvqtTB5fKt345BiatC6nBGbJSejk8KjAHG4Ht6wYbzr7w== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39860400002)(396003)(346002)(366004)(376002)(26005)(83380400001)(956004)(5660300002)(16526019)(7416002)(4326008)(86362001)(2616005)(186003)(316002)(7696005)(6916009)(2906002)(8936002)(6486002)(52116002)(8676002)(66946007)(478600001)(6666004)(66476007)(66556008)(66574015)(36756003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: mP9tnzDK1B4HB8SmYMhW9pSxr6YKVAhb/xvODlJGJYAVCuepWQQpeR0ZeJ5g16/+jW9h/o7Dotxj0mEJQjyNpQPFqjrI80m/xgo0jDTS8kFYcU6VnVwbdwid/DI+IRCgkqRdTDt1hl3xOMecqGJe1j1+fN3naATCPD6L7moO2gW1VKfUaabQMY8A+0SgdlA/KWA/wZpbjZ+OpGMHw+rD9NchgDPdtxEX1wFAG9GDrMceMNsr/zl9Qq5+iFIclhR0IP61OMJigUETP95BA0SpdEay1wTawB0moKjf5jkwfjJFC1vTT87CRM1iYm+wzpl5CrpDJ0juyQ0M3b1W3JwQwjXmRxasRYrdJutw9yOK18aL6cUfKuc0oC7njlSi9FIotVFKQdXWHXVFYqyUajjhR2ezXpCTZ8Vr5/Doi6gVNOm+7eSTc3NSrCC524W6HcWLstytHSJ8diMqZSt0pKI1rPvhcATMzZXult2mJ/qCD5ZyDyOQYFkRoxPab3uhyB9jOGJA5jMSLTy99X++pUylQ8Rk/+Rg19OWAEehrpuHq13WAfCFrveLiAWhlc6qMYKGS4WERFHDMxc18L36kpVDfzPav2k7tRDgNxOw/kkEY9GbX7mN9UaPtPqeBnb1mLkd/qWsCHnrBg6IrG3lkoDWvkrYQxZNopYCSprNszxu7fu6wKUKmNA1I+ltTXFr9dtSkgpJjNizCODFLh1pveFyaMaVb5C1nTWmdFhPVgJ+sm3h90JuZWxZJG/B63xlnbXd X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 371de7c6-5420-4b86-688e-08d895884250 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Nov 2020 23:32:53.5330 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ZslHagqPvH4bJamFPbRkuoS3XAA4wro253/v/qStuNLUOCYqPCgoSRlzS/O2SXYlkw6Or7InwmYiYcpjrzuiiQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4509 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh Invoke a hypercall when a memory region is changed from encrypted -> decrypted and vice versa. Hypervisor needs to know the page encryption status during the guest migration. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Venu Busireddy Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- arch/x86/include/asm/paravirt.h | 10 +++++ arch/x86/include/asm/paravirt_types.h | 2 + arch/x86/kernel/paravirt.c | 1 + arch/x86/mm/mem_encrypt.c | 57 ++++++++++++++++++++++++++- arch/x86/mm/pat/set_memory.c | 7 ++++ 5 files changed, 76 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h index d25cc6830e89..7aeb7c508c53 100644 --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h @@ -84,6 +84,12 @@ static inline void paravirt_arch_exit_mmap(struct mm_struct *mm) PVOP_VCALL1(mmu.exit_mmap, mm); } +static inline void page_encryption_changed(unsigned long vaddr, int npages, + bool enc) +{ + PVOP_VCALL3(mmu.page_encryption_changed, vaddr, npages, enc); +} + #ifdef CONFIG_PARAVIRT_XXL static inline void load_sp0(unsigned long sp0) { @@ -840,6 +846,10 @@ static inline void paravirt_arch_dup_mmap(struct mm_struct *oldmm, static inline void paravirt_arch_exit_mmap(struct mm_struct *mm) { } + +static inline void page_encryption_changed(unsigned long vaddr, int npages, bool enc) +{ +} #endif #endif /* __ASSEMBLY__ */ #endif /* _ASM_X86_PARAVIRT_H */ diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h index 0fad9f61c76a..d7787ec4d19f 100644 --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h @@ -209,6 +209,8 @@ struct pv_mmu_ops { /* Hook for intercepting the destruction of an mm_struct. */ void (*exit_mmap)(struct mm_struct *mm); + void (*page_encryption_changed)(unsigned long vaddr, int npages, + bool enc); #ifdef CONFIG_PARAVIRT_XXL struct paravirt_callee_save read_cr2; diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c index 6c3407ba6ee9..52913356b6fa 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -340,6 +340,7 @@ struct paravirt_patch_template pv_ops = { (void (*)(struct mmu_gather *, void *))tlb_remove_page, .mmu.exit_mmap = paravirt_nop, + .mmu.page_encryption_changed = paravirt_nop, #ifdef CONFIG_PARAVIRT_XXL .mmu.read_cr2 = __PV_IS_CALLEE_SAVE(native_read_cr2), diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index bc0833713be9..9d1ac65050d0 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include @@ -29,6 +30,7 @@ #include #include #include +#include #include "mm_internal.h" @@ -198,6 +200,47 @@ void __init sme_early_init(void) swiotlb_force = SWIOTLB_FORCE; } +static void set_memory_enc_dec_hypercall(unsigned long vaddr, int npages, + bool enc) +{ + unsigned long sz = npages << PAGE_SHIFT; + unsigned long vaddr_end, vaddr_next; + + vaddr_end = vaddr + sz; + + for (; vaddr < vaddr_end; vaddr = vaddr_next) { + int psize, pmask, level; + unsigned long pfn; + pte_t *kpte; + + kpte = lookup_address(vaddr, &level); + if (!kpte || pte_none(*kpte)) + return; + + switch (level) { + case PG_LEVEL_4K: + pfn = pte_pfn(*kpte); + break; + case PG_LEVEL_2M: + pfn = pmd_pfn(*(pmd_t *)kpte); + break; + case PG_LEVEL_1G: + pfn = pud_pfn(*(pud_t *)kpte); + break; + default: + return; + } + + psize = page_level_size(level); + pmask = page_level_mask(level); + + kvm_sev_hypercall3(KVM_HC_PAGE_ENC_STATUS, + pfn << PAGE_SHIFT, psize >> PAGE_SHIFT, enc); + + vaddr_next = (vaddr & pmask) + psize; + } +} + static void __init __set_clr_pte_enc(pte_t *kpte, int level, bool enc) { pgprot_t old_prot, new_prot; @@ -255,12 +298,13 @@ static void __init __set_clr_pte_enc(pte_t *kpte, int level, bool enc) static int __init early_set_memory_enc_dec(unsigned long vaddr, unsigned long size, bool enc) { - unsigned long vaddr_end, vaddr_next; + unsigned long vaddr_end, vaddr_next, start; unsigned long psize, pmask; int split_page_size_mask; int level, ret; pte_t *kpte; + start = vaddr; vaddr_next = vaddr; vaddr_end = vaddr + size; @@ -315,6 +359,8 @@ static int __init early_set_memory_enc_dec(unsigned long vaddr, ret = 0; + set_memory_enc_dec_hypercall(start, PAGE_ALIGN(size) >> PAGE_SHIFT, + enc); out: __flush_tlb_all(); return ret; @@ -448,6 +494,15 @@ void __init mem_encrypt_init(void) if (sev_active()) static_branch_enable(&sev_enable_key); +#ifdef CONFIG_PARAVIRT + /* + * With SEV, we need to make a hypercall when page encryption state is + * changed. + */ + if (sev_active()) + pv_ops.mmu.page_encryption_changed = set_memory_enc_dec_hypercall; +#endif + print_mem_encrypt_feature_info(); } diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c index 40baa90e74f4..dcd4557bb7fa 100644 --- a/arch/x86/mm/pat/set_memory.c +++ b/arch/x86/mm/pat/set_memory.c @@ -27,6 +27,7 @@ #include #include #include +#include #include "../mm_internal.h" @@ -2012,6 +2013,12 @@ static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc) */ cpa_flush(&cpa, 0); + /* Notify hypervisor that a given memory range is mapped encrypted + * or decrypted. The hypervisor will use this information during the + * VM migration. + */ + page_encryption_changed(addr, numpages, enc); + return ret; } From patchwork Mon Nov 30 23:32:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11941529 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 71752C83014 for ; Mon, 30 Nov 2020 23:34:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3CC7022247 for ; Mon, 30 Nov 2020 23:34:45 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="FQaK/B5t" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388881AbgK3XeG (ORCPT ); Mon, 30 Nov 2020 18:34:06 -0500 Received: from mail-bn7nam10on2065.outbound.protection.outlook.com ([40.107.92.65]:9217 "EHLO NAM10-BN7-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2388814AbgK3XeG (ORCPT ); Mon, 30 Nov 2020 18:34:06 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bc063egESTz8I+5xq6PkMnm7/Uj0FH6/RSBYTv8fdOIAYkBo6tnYFnLKaXqCaJptocJrRXKhYAum/glse92HwNhS8TddmuKX6myyvVxSYOdvDUv7pN4OqO2FBj3wForrP0CCfTHoGX3pAA6oQMGEDciQQK7ekYAliPf8b7bxgtFg3TKCr+TiyCmuLgfgmsbmSjQiGXMJ+QyvamRURs440lJxlDk8KePOx7R8KokqF5DM56nR9F8fMbLwYX7CG6Y6x2nJDGg1WTlTh7j2LK40oK70mIU9PUT+8d0KahMTv8sm5ww2ymUbyO2ONBgNbBw9XQdif6e/i7BFsLIvPESriA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vszFLMoX/s17wRHoUePPotaCNXNSWa1oBMPFC2/BB9o=; b=mHebipH7ek7J+IJgeqrFT1dmW7Vt+P3+FKNYBgSSioogRpBJMH25KoEjcOl9YBi0eWMdpaFGbD8N1YGSv+hBZSoLfjDqYeJfEsiv07yok+Fof7DVoezz7nIT5RdyTIs2/pNvvwpqjgWTQVnvRJ9X32Ghd4P20e2Luz7KAeHAVv6FPd+mvxGV0lDyhavVnOUz05Vd96o0+pMTrswfCzPyeYgFFvb+sPLq/fmoiS3S15f+5rNGsh3xvEdfPdQiDIF8n6tQyOfwR6c/E1JVzdSfrh6QB0ltdQdecoEpd8FaHBjuFZlTJmra7dV8WJtVi8SdRUc3nMPWfeLVUEc+7oBB5w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vszFLMoX/s17wRHoUePPotaCNXNSWa1oBMPFC2/BB9o=; b=FQaK/B5tq5aRLlk10MFFWr6BVyCgHOcrhInl1aeCnkh3ZQOUR6d3wAZ969ZoRjUuX9XIQ1thcJeI/dRWYxytuLcIneaIkR47bgWe1KgE68BAisBtfoqxZo6pW9N2MCzIfF81FiZG0sflhv/i0KJkLo3Ch1+EXBm3uE0feoziTTI= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4509.namprd12.prod.outlook.com (2603:10b6:806:9e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.25; Mon, 30 Nov 2020 23:33:09 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3611.025; Mon, 30 Nov 2020 23:33:09 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, brijesh.singh@amd.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com, frankeh@us.ibm.com, dgilbert@redhat.com Subject: [PATCH 5/9] KVM: x86: Introduce KVM_SET_PAGE_ENC_BITMAP ioctl Date: Mon, 30 Nov 2020 23:32:59 +0000 Message-Id: <8495534821c6270bd7013085243d8224b91e1e81.1606633738.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0501CA0053.namprd05.prod.outlook.com (2603:10b6:803:41::30) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN4PR0501CA0053.namprd05.prod.outlook.com (2603:10b6:803:41::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.6 via Frontend Transport; Mon, 30 Nov 2020 23:33:08 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 4a40377b-ee4b-4fb9-23c8-08d895884b9b X-MS-TrafficTypeDiagnostic: SA0PR12MB4509: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6790; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: +sPhFTb89QMYCPBnMz+eqQKTV35NFkIpoTrEt17B2rVSXUeod54K2ulbi2DY0b7aiKqnzC8nSyg0X5FR7nkqTVuD5GV97A2sb8wd8aKz6FigrThoW4rGwWfSRYUmB9oQAlqxJqqBSEW11mFrl8ZGE4xKHqFhL/PKZKZ844wTrbSOOnTXzQm5zTbegqu4UsiIcYLKj/BmIu3bZO+5o3gcug3VcUXmDpDx7jFThT0NSDyWXA/aKcUVKeC1vf/vZw9K7qMO79PFYHmeM6p/tJbse/ljSDZCyQEYFZTxR4m+Nvc5Bw0IBq1NAEJSbOcrDA1Ms4RulGPwXD5YgOWxgGBLfA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39860400002)(396003)(346002)(366004)(376002)(26005)(83380400001)(956004)(5660300002)(16526019)(7416002)(4326008)(86362001)(2616005)(186003)(316002)(7696005)(6916009)(2906002)(8936002)(6486002)(52116002)(8676002)(66946007)(478600001)(6666004)(66476007)(66556008)(66574015)(36756003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: ftO8bvNRzjFUJ5rQIRGlJZwOHO7but112xOuq4LCjlaqI2t/f8U+GfoIlkUYXq2wB6goj3oO4AEvUs6aXQaW8DqLSLdHLsgk7Zw8pXZT7Bw8JdWdccH+3mTNLWAgaeOHrUUi1dwN0rDtU1eK1eNCazCv6XKBh5AOKDGXaB0FJB3KMh2C3R1uHY8Pg+5ohJhdteKCTDwDuk62Vi/M4O8Qtc7/XRs4aGECJ4hFNDJcFhyxJnks9lAt1NzGPrZ3J6XopCO2xhZI2pKtqNN7zRZss/7C304WFXfP3jBE1667B5oz44IpN3L7YLHssCkGsSx4cGxPRntxcsTQYXr1nZs800XxSMh/HKTdUuxSN4yPU0GMZT8qe7112LIYtLNM23BqMsslvxh3Jl/CYVbEorEhrPfkQ1Uvo4fX8T1rGv3U0bQE/5K6LLKiTNjA9COrceNNngVXz6MpDboTVrmsoz0rqAxGyFEtR07FS8RxQa+YTEl9zJfKj3QtzGPxxW80HREHN2NA3Wrck5jUZEYpyU0OrPAo3W/reaP6+D3WbsUl4AKPgOnrubTHtPSVdqpZq/Q22G52OrdS0eBAKz5MqzwfjlMeKyZ+naCv/JWAJunlNkPI3Ilp5f0/AUuIzNMFEqsv6MARQHU0WDrTvhUttT5dLxT/NvUbwQnnsSh8Y1xQ2+HZ4SzRfTjAiKxE8gspM2rOd6ZviQNIiiPJ9upX+GtkNKoCiG/3YObhOvL7ETGhQVEsnuDSOgtHsfpvCSSzcmQI X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4a40377b-ee4b-4fb9-23c8-08d895884b9b X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Nov 2020 23:33:09.1283 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: QY+iLLf8oDmEAv9un9PKny72HzGuTvagcZnuL0ks/SpWdPFTs+XlXGhzLZ7+jufd8MiW+Y1oW4j7S9jHpxiQrQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4509 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The ioctl can be used to set page encryption bitmap for an incoming guest. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Venu Busireddy Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- Documentation/virt/kvm/api.rst | 44 +++++++++++++++++++++++++++++ arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/svm/sev.c | 50 +++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 1 + arch/x86/kvm/svm/svm.h | 1 + arch/x86/kvm/x86.c | 12 ++++++++ include/uapi/linux/kvm.h | 1 + 7 files changed, 111 insertions(+) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index ae410f4332ab..1a3336cbbfe8 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -4698,6 +4698,28 @@ or shared. The bitmap can be used during the guest migration. If the page is private then the userspace need to use SEV migration commands to transmit the page. +4.126 KVM_SET_PAGE_ENC_BITMAP (vm ioctl) +--------------------------------------- + +:Capability: basic +:Architectures: x86 +:Type: vm ioctl +:Parameters: struct kvm_page_enc_bitmap (in/out) +:Returns: 0 on success, -1 on error + +/* for KVM_SET_PAGE_ENC_BITMAP */ +struct kvm_page_enc_bitmap { + __u64 start_gfn; + __u64 num_pages; + union { + void __user *enc_bitmap; /* one bit per page */ + __u64 padding2; + }; +}; + +During the guest live migration the outgoing guest exports its page encryption +bitmap, the KVM_SET_PAGE_ENC_BITMAP can be used to build the page encryption +bitmap for an incoming guest. 4.125 KVM_S390_PV_COMMAND ------------------------- @@ -4852,6 +4874,28 @@ into user space. If a vCPU is in running state while this ioctl is invoked, the vCPU may experience inconsistent filtering behavior on MSR accesses. +4.126 KVM_SET_PAGE_ENC_BITMAP (vm ioctl) +--------------------------------------- + +:Capability: basic +:Architectures: x86 +:Type: vm ioctl +:Parameters: struct kvm_page_enc_bitmap (in/out) +:Returns: 0 on success, -1 on error + +/* for KVM_SET_PAGE_ENC_BITMAP */ +struct kvm_page_enc_bitmap { + __u64 start_gfn; + __u64 num_pages; + union { + void __user *enc_bitmap; /* one bit per page */ + __u64 padding2; + }; +}; + +During the guest live migration the outgoing guest exports its page encryption +bitmap, the KVM_SET_PAGE_ENC_BITMAP can be used to build the page encryption +bitmap for an incoming guest. 5. The kvm_run structure ======================== diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 8c2e40199ecb..352ebc576036 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1286,6 +1286,8 @@ struct kvm_x86_ops { unsigned long sz, unsigned long mode); int (*get_page_enc_bitmap)(struct kvm *kvm, struct kvm_page_enc_bitmap *bmap); + int (*set_page_enc_bitmap)(struct kvm *kvm, + struct kvm_page_enc_bitmap *bmap); }; struct kvm_x86_nested_ops { diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 7869fca983f5..9fe9fba34e68 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1084,6 +1084,56 @@ int svm_get_page_enc_bitmap(struct kvm *kvm, return ret; } +int svm_set_page_enc_bitmap(struct kvm *kvm, + struct kvm_page_enc_bitmap *bmap) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + unsigned long gfn_start, gfn_end; + unsigned long *bitmap; + unsigned long sz; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + /* special case of resetting the complete bitmap */ + if (!bmap->enc_bitmap) { + mutex_lock(&kvm->lock); + /* by default all pages are marked encrypted */ + if (sev->page_enc_bmap_size) + bitmap_fill(sev->page_enc_bmap, + sev->page_enc_bmap_size); + mutex_unlock(&kvm->lock); + return 0; + } + + gfn_start = bmap->start_gfn; + gfn_end = gfn_start + bmap->num_pages; + + sz = ALIGN(bmap->num_pages, BITS_PER_LONG) / 8; + bitmap = kmalloc(sz, GFP_KERNEL); + if (!bitmap) + return -ENOMEM; + + ret = -EFAULT; + if (copy_from_user(bitmap, bmap->enc_bitmap, sz)) + goto out; + + mutex_lock(&kvm->lock); + ret = sev_resize_page_enc_bitmap(kvm, gfn_end); + if (ret) + goto unlock; + + bitmap_copy(sev->page_enc_bmap + BIT_WORD(gfn_start), bitmap, + (gfn_end - gfn_start)); + + ret = 0; +unlock: + mutex_unlock(&kvm->lock); +out: + kfree(bitmap); + return ret; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index bff89cab3ed0..6ebdf20773ea 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4315,6 +4315,7 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .page_enc_status_hc = svm_page_enc_status_hc, .get_page_enc_bitmap = svm_get_page_enc_bitmap, + .set_page_enc_bitmap = svm_set_page_enc_bitmap, }; static struct kvm_x86_init_ops svm_init_ops __initdata = { diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 4ce73f1034b9..2268c0ab650b 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -414,6 +414,7 @@ void sync_nested_vmcb_control(struct vcpu_svm *svm); int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, unsigned long npages, unsigned long enc); int svm_get_page_enc_bitmap(struct kvm *kvm, struct kvm_page_enc_bitmap *bmap); +int svm_set_page_enc_bitmap(struct kvm *kvm, struct kvm_page_enc_bitmap *bmap); extern struct kvm_x86_nested_ops svm_nested_ops; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index d3cb95a4dd55..3cf64a94004f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -5707,6 +5707,18 @@ long kvm_arch_vm_ioctl(struct file *filp, r = kvm_x86_ops.get_page_enc_bitmap(kvm, &bitmap); break; } + case KVM_SET_PAGE_ENC_BITMAP: { + struct kvm_page_enc_bitmap bitmap; + + r = -EFAULT; + if (copy_from_user(&bitmap, argp, sizeof(bitmap))) + goto out; + + r = -ENOTTY; + if (kvm_x86_ops.set_page_enc_bitmap) + r = kvm_x86_ops.set_page_enc_bitmap(kvm, &bitmap); + break; + } default: r = -ENOTTY; } diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index d0b9171bdb03..8e1adcd598a8 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1574,6 +1574,7 @@ struct kvm_pv_cmd { #define KVM_RESET_DIRTY_RINGS _IO(KVMIO, 0xc7) #define KVM_GET_PAGE_ENC_BITMAP _IOW(KVMIO, 0xc6, struct kvm_page_enc_bitmap) +#define KVM_SET_PAGE_ENC_BITMAP _IOW(KVMIO, 0xc7, struct kvm_page_enc_bitmap) /* Secure Encrypted Virtualization command */ enum sev_cmd_id { From patchwork Mon Nov 30 23:33:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11941527 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C0801C83016 for ; Mon, 30 Nov 2020 23:34:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8A062207BB for ; Mon, 30 Nov 2020 23:34:45 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="EN7P5pNf" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388893AbgK3XeI (ORCPT ); Mon, 30 Nov 2020 18:34:08 -0500 Received: from mail-bn8nam11on2064.outbound.protection.outlook.com ([40.107.236.64]:11880 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2388841AbgK3XeH (ORCPT ); Mon, 30 Nov 2020 18:34:07 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DOGYdSH/trEgIv+JkUeoYOISc/W13qiJnfUwvdYSEBYGWgMV6QBjxy4qGq28inlQoHrTqsEr6HuMxDTQulfrfjVZlG1uzSUmAAyzu5jIBLOT7WVdFvak/Z+tuulB3JmgKfey4VhTXMSJwgXgHmR9wfKtyBXGuzVwT7MwXx2GpbxB85NB5jdCVSyuHk+PgnL/oPujM+6+YN647SaVMtl3acQDXnvWiXgGSBawG/RwOfqv+gaJu4pAKRTsLe1GS1XEwAHyvhiyjITpmk3tVTFjub4iTz3VZovVq2nvNOLapBj24/WrJKnCawQFF3s3Tmt3o0FsDl3O1+HJ6WGxz946iw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Oq4xgEBXAXim7+gUnLYnR6taLJt7lkglAW3Retl8+Vs=; b=RFvVUWDr5QtEDFgoOLHlBJ5CWVkj/LvngIvB1gJb/DonBx1gWTLG1UZXYtATO+GqjulN68qnzqIEgmTCte0AlOk/P1cnLRh0lQZ01lxQpKfsuWr6tVILLULSXTSVtYpN/PYcR+ajwn/4nW0W7JwU6xDqSMh6BTZgZQDxj9ZVLBPI+2Zsj3NeVRw+lOl8ZEp2LK1VpdQsuUVkftF5rtJIn4uFFI8bD+QdhnCp2caeOLVFF7tbKUKtidjxHS47iNCV7D6MJbfSlWemHuR0UTrsRHDlGIdV+M2ld78IXGkApHi9SRhDN4/Y2sl1lLwYWibPGuyBP+H+claFt1Idfg7/1w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Oq4xgEBXAXim7+gUnLYnR6taLJt7lkglAW3Retl8+Vs=; b=EN7P5pNfd2VYutACtWzD2+QQ5U2lVHsSfN5rguSNks1PO1Gv1GakjksxBbeuISCrbW+4m+SvG4Ctjf4SozExACdIiGDJmS60P5vUlsd1y5EKQr6hwymDwwNjZFEn6te2Z5Rb7rDGAxFxzbfhn1p54XQVLwvQ/7TOz0hQg5RsC64= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4509.namprd12.prod.outlook.com (2603:10b6:806:9e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.25; Mon, 30 Nov 2020 23:33:24 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3611.025; Mon, 30 Nov 2020 23:33:24 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, brijesh.singh@amd.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com, frankeh@us.ibm.com, dgilbert@redhat.com Subject: [PATCH 6/9] KVM: SVM: Add support for static allocation of unified Page Encryption Bitmap. Date: Mon, 30 Nov 2020 23:33:14 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0003.namprd06.prod.outlook.com (2603:10b6:803:2f::13) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN4PR0601CA0003.namprd06.prod.outlook.com (2603:10b6:803:2f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.20 via Frontend Transport; Mon, 30 Nov 2020 23:33:23 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: e6ea91d0-a0a8-473e-75ab-08d895885477 X-MS-TrafficTypeDiagnostic: SA0PR12MB4509: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:267; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: x2FE8KaiaA6ZDSKG07k5VfbKfKFDJRjFnDh+gupxgLXAPhcgx7Fkai149oonkuhCJAGGx8QNn7fFcO0xMZk4p6UktXrsr9JAq8QrfMyc82hl/1cVktzPyf+hkBKWNmskp53evfdI+ybiPG6mTQ0Szv2zGgchzycjdn2zy15hr5yGuqacq2AmkcFzFyKX45LwkDfbemxJbHnLtgwI4POpUCF9iXaBXEKQAT6yCmwpXOtJUQWx+mUZTCNzeLE55T2zyN0EncizHZZOPPZVDe2L69KtCUEsO3ycJPyz7p7G2n9ax/WEht5uxWShCWmjyXB9Oz2IB1xH275m6AqUY2NMZA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39860400002)(396003)(346002)(366004)(376002)(26005)(83380400001)(956004)(5660300002)(16526019)(7416002)(4326008)(86362001)(2616005)(186003)(316002)(7696005)(6916009)(2906002)(8936002)(6486002)(52116002)(8676002)(66946007)(478600001)(6666004)(66476007)(66556008)(36756003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: arKRodgvCk88plhsrRH+3ov6fDQWCpDqI0nanTXhpGua1mJKvdJXMwL61zJkgMZTYhqSLdVg45wvfpDvlwLbUbyBH0skl/VjAeRo+wCu42jsHTk7aN9CpgXLcKXy3v/eREy5maBL3BIFB/ln/6wqtJS5SWW70/vTpAgq4f/HAbzT3XeTyqoL/ctMYCJ1bS/7IAstnl7xnJcxkxozDvReXBCuT98HzQOwTbKozPzprlcDA+M4C7ql0Qk4gDNwVLdjtpgeeAykXe2eX+MqOZXmOjiYMXhkJ9hCCGUxmcWlA2CV3LeSfuXXD1/fez7kZxcD/U7YTnilAz7drzIhM4UHnke1G1qI0h11uRnR+gdwlSA9o9NMd9qr/9l5ClQuHucf0NW2qI+b9IGl3J/Jp+ER2XbLQUzq0SkvIkuGB3IUA7GfVftCdBctW2tZPKa3Cv46EaPcpvEiQoZVTh4bz2dfW1MvDobz3VXMNqchSKgfZqnIfnyQ6XnFOxsxaAJlCYvCzGcVap6SUoI+zfxiOp62bjuR4oSvNOwKbYHR7YsUKyZgL/k/qJHFKI18sLFgUFAPOHsrPocqELQzwZdB+Y7Fp16Ew7YwfWzBC/Q/9CwUHT87Xlq/cGLEFmdQEVvIU5Tlc1VO8fC4TtsHuVpvWUb0Q2LSOyDAE/Gyfa+P1BmQRf5v8TEjzHJWhdpJwEWt6V+SK3Z0sqEdKxUo/g8JKtC+M2nXPyUHpTnEgYvGpcc89OtS3jQG1+EHaUpu+WuaiHaO X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: e6ea91d0-a0a8-473e-75ab-08d895885477 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Nov 2020 23:33:24.2748 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: W40RsxBLZH+ZAt2Zycg0rMT3d/LHS/4hEL22nAZhpQsobCQyEIYp5yb6+xXLFUBm+8i4aUHHuJI4TZ+T4HhiDQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4509 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Ashish Kalra Add support for static allocation of the unified Page encryption bitmap by extending kvm_arch_commit_memory_region() callack to add svm specific x86_ops which can read the userspace provided memory region/memslots and calculate the amount of guest RAM managed by the KVM and grow the bitmap based on that information, i.e. the highest guest PA that is mapped by a memslot. Signed-off-by: Ashish Kalra --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm/sev.c | 35 +++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 1 + arch/x86/kvm/svm/svm.h | 1 + arch/x86/kvm/x86.c | 5 +++++ 5 files changed, 43 insertions(+) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 352ebc576036..91fc22d793e8 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1282,6 +1282,7 @@ struct kvm_x86_ops { void (*migrate_timers)(struct kvm_vcpu *vcpu); void (*msr_filter_changed)(struct kvm_vcpu *vcpu); + void (*commit_memory_region)(struct kvm *kvm, enum kvm_mr_change change); int (*page_enc_status_hc)(struct kvm *kvm, unsigned long gpa, unsigned long sz, unsigned long mode); int (*get_page_enc_bitmap)(struct kvm *kvm, diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 9fe9fba34e68..37cf12cfbde6 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -957,6 +957,41 @@ static int sev_resize_page_enc_bitmap(struct kvm *kvm, unsigned long new_size) return 0; } +void svm_commit_memory_region(struct kvm *kvm, enum kvm_mr_change change) +{ + struct kvm_memslots *slots; + struct kvm_memory_slot *memslot; + gfn_t start, end = 0; + + spin_lock(&kvm->mmu_lock); + if (change == KVM_MR_CREATE) { + slots = kvm_memslots(kvm); + kvm_for_each_memslot(memslot, slots) { + start = memslot->base_gfn; + end = memslot->base_gfn + memslot->npages; + /* + * KVM memslots is a sorted list, starting with + * the highest mapped guest PA, so pick the topmost + * valid guest PA. + */ + if (memslot->npages) + break; + } + } + spin_unlock(&kvm->mmu_lock); + + if (end) { + /* + * NORE: This callback is invoked in vm ioctl + * set_user_memory_region, hence we can use a + * mutex here. + */ + mutex_lock(&kvm->lock); + sev_resize_page_enc_bitmap(kvm, end); + mutex_unlock(&kvm->lock); + } +} + int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, unsigned long npages, unsigned long enc) { diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 6ebdf20773ea..7aa7858c8209 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4313,6 +4313,7 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .msr_filter_changed = svm_msr_filter_changed, + .commit_memory_region = svm_commit_memory_region, .page_enc_status_hc = svm_page_enc_status_hc, .get_page_enc_bitmap = svm_get_page_enc_bitmap, .set_page_enc_bitmap = svm_set_page_enc_bitmap, diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 2268c0ab650b..5a4656bad681 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -415,6 +415,7 @@ int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, unsigned long npages, unsigned long enc); int svm_get_page_enc_bitmap(struct kvm *kvm, struct kvm_page_enc_bitmap *bmap); int svm_set_page_enc_bitmap(struct kvm *kvm, struct kvm_page_enc_bitmap *bmap); +void svm_commit_memory_region(struct kvm *kvm, enum kvm_mr_change change); extern struct kvm_x86_nested_ops svm_nested_ops; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 3cf64a94004f..c1acbd397b50 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -10717,6 +10717,11 @@ void kvm_arch_commit_memory_region(struct kvm *kvm, /* Free the arrays associated with the old memslot. */ if (change == KVM_MR_MOVE) kvm_arch_free_memslot(kvm, old); + + if (change == KVM_MR_CREATE || change == KVM_MR_DELETE) { + if (kvm_x86_ops.commit_memory_region) + kvm_x86_ops.commit_memory_region(kvm, change); + } } void kvm_arch_flush_shadow_all(struct kvm *kvm) From patchwork Mon Nov 30 23:33:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11941531 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8F9FEC8301E for ; Mon, 30 Nov 2020 23:34:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3B000207BB for ; Mon, 30 Nov 2020 23:34:47 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="KyNl4OiS" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388969AbgK3Xea (ORCPT ); Mon, 30 Nov 2020 18:34:30 -0500 Received: from mail-bn7nam10on2065.outbound.protection.outlook.com ([40.107.92.65]:9217 "EHLO NAM10-BN7-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2388949AbgK3Xe2 (ORCPT ); Mon, 30 Nov 2020 18:34:28 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Sqkv9m2sJMHnzh7uIcGGZZ2uMXcf5c213kT+XC6artpDIMaejCTdut/QT4gNMWTWF2CzQZBcIwo9rrh6LA/mT27WXg/sXNx5GFcDgXr8Mg5v9y/npGGo7cknRrx8WyFL2+Eub06mIybrNCYTvmI2ZtRL7S8yK55GgZvzw5ogr9bi6AiVQNyDgM9b4+WRltg4t4Cz3QDziwGT3B32w0FmmPnscfDQBrQgDyk7OrnVNJWcHcArj5W9M/7Y+nBZx5hN9J8O4QZt5BUnKsvbhz87L5nEUl/UxeBj7x5yssmVU8M34ErmOlybALcBY1GUYV27sNR4AS0LIdae/xwhg0DHXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ez+E+ZdxtGGPPZQ8bYXP+fWYSNIYW25ERPpDKhCks6g=; b=ZvK8tOp4x7TYyjY2rjbF9eaiOBkehEqR9HXoIJg4g55sOeeUuHpJj+V7uRwJyS8mHHub+CWBETl+EbwL68Z7nW0TQkzN+KEw2f2lvBRq3woArPuD5V2x/hkePhrFmFViz96r0ofgjVWlOIcc91yvQKo5YC4Zv2Gm73Ax8cDsonXIs8cllNBF9+1YSXp5fRAxJ8mg5zgLokKd4eHJOdjdEvBO/2Co62qZLpikr/02hCgPw6rE6CB8yxLt2nbaDAxCvCP+4mUN9gVwv3WP6LnaF4AWfmZxxAexruRazKaqCNOMoDRm7RE0ze9i/OxgzxkZTB40rhBC+aeyO7GsTNnTEA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ez+E+ZdxtGGPPZQ8bYXP+fWYSNIYW25ERPpDKhCks6g=; b=KyNl4OiSbwt3KK8HO06NlfO6rUY7ruDldhFN3TAVoSnat3D5EBQHb1nkwgOVbH1PVZQOmbm21/7xcd3RXmImefGsziRNC1fN9+ofv24TNL9EERUrNopenXsykuxprAHFwyFvMxHR5wZ0QGgHQMPE9Nr2cTzFF/65UARhDzeY2W0= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4509.namprd12.prod.outlook.com (2603:10b6:806:9e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.25; Mon, 30 Nov 2020 23:33:40 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3611.025; Mon, 30 Nov 2020 23:33:40 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, brijesh.singh@amd.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com, frankeh@us.ibm.com, dgilbert@redhat.com Subject: [PATCH 7/9] KVM: x86: Mark _bss_decrypted section variables as decrypted in page encryption bitmap. Date: Mon, 30 Nov 2020 23:33:30 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN6PR2101CA0029.namprd21.prod.outlook.com (2603:10b6:805:106::39) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN6PR2101CA0029.namprd21.prod.outlook.com (2603:10b6:805:106::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.2 via Frontend Transport; Mon, 30 Nov 2020 23:33:39 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: c8369755-3b85-489c-15ba-08d895885e14 X-MS-TrafficTypeDiagnostic: SA0PR12MB4509: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5797; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: HXFRIpOrnNmMCYew1nbBIDLzlnQ9vYc8VhJDylg6YChUYi7oyD+PXDMZB80nN3bXKyj2y+xAMA6fteAbsby62guzqyI2zGcDa/Y2vLw+0+cEQzKl5ZoT7YsjQR3WJxw35sD1Lt4nCDDVTbZc5pPSj59OsbVs1qcYlV7U9Ue9zK00kYq21Ou1OtXdYWkORfYHUzo4k1Jc6QIneC0VClko25mOedu/U6At7RQXtR50lddJGZSJKEzEHIa13GhgiL55DndhrRKr757eSsN5f9z7oPZKNThF6AeE3JdD2U5tqOCbOYOyhM23mBeTZM3m79AsBwEmuE+RsqWbCl4QNdvmPw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39860400002)(396003)(346002)(366004)(376002)(26005)(83380400001)(956004)(5660300002)(16526019)(7416002)(4326008)(86362001)(2616005)(186003)(316002)(7696005)(6916009)(2906002)(8936002)(6486002)(52116002)(8676002)(66946007)(478600001)(6666004)(66476007)(66556008)(36756003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: HUgwuatq4QayFFwfl8es/izFXy6UFWBkcCbW+N8oOCAb/yVdef68h62aUs+Oofeph5yTjZftBxk3bfIvC8He+/ADWOfVSshImBCC/dNnyxO5Be9V/iZPQJVMqldiMjvP8aA3fp4Uar//OdQE3kjxT+/F2TThLqAck3OtQVBt7kYCRXVBf/jJa+SOrY+f3sO4wARnW3HUkYYi7tuYcszpndjdZPeGIkNqnzJVgos5eFFtU4L49HeEaGFjPvmWth7pXsPy1Cmx7wmcNNo64EwTjo7U48K2Nv0iPG8TDpifkuqeHl/sJRdxjRIeuxHpsndGOVHw38C8DVmYXZrFnDGLG+/NRu6YgI8tUKmCxkTKn0Dg7Dw40oUoy18o74OKTo8COaurtclfTDsDct16/rOx9ZPRz2U9IuLxHUmMUAsDgEQh1v2XMuBzW6bK0pQ9PwtZIgSTeR7D8zFSN0Zh62zc1jVsWpTQvhZR52zpbXRcBb1vqLUnCm0r40XZObVollfHtblaaVAU6TEq71pdzTHUbbkzYWmRWDRd2pPb7/uPPDjTofTu/ciSvAY2wyvpXva7aw9uZ0+56c7ZBjZrUymwuWt7in6Cpa5NT3DX8rMKhSsQyZBNyAS6xnjWKWuRM5F3wcU10i2OHedvtXQgy7rqpZjghY4qKf2NJjJaq0ZDJhpEeZj9pUOf1a+GDfDhXPB8t5vzBBJad2D8UkWSfOM8789HTC8glEYFgdBWTVZ1Ohhe0TLXuGQ+qVQbhrkHM0yV X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c8369755-3b85-489c-15ba-08d895885e14 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Nov 2020 23:33:40.3678 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: B40LiPQHyWKasFgWgB8u7it2OK5m/I8pSmscKXUKhFCQR1SHXD+E+ctDXYrnLZ5g7EByopz4JEK3o1XUlwFDeQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4509 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Ashish Kalra Ensure that _bss_decrypted section variables such as hv_clock_boot and wall_clock are marked as decrypted in the page encryption bitmap if sev liv migration is supported. Signed-off-by: Ashish Kalra --- arch/x86/include/asm/mem_encrypt.h | 4 ++++ arch/x86/kernel/kvmclock.c | 12 ++++++++++++ arch/x86/mm/mem_encrypt.c | 6 ++++++ 3 files changed, 22 insertions(+) diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h index 2f62bbdd9d12..a4fd6a4229eb 100644 --- a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -43,6 +43,8 @@ void __init sme_enable(struct boot_params *bp); int __init early_set_memory_decrypted(unsigned long vaddr, unsigned long size); int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size); +void __init early_set_mem_enc_dec_hypercall(unsigned long vaddr, int npages, + bool enc); void __init mem_encrypt_free_decrypted_mem(void); @@ -82,6 +84,8 @@ static inline int __init early_set_memory_decrypted(unsigned long vaddr, unsigned long size) { return 0; } static inline int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size) { return 0; } +static inline void __init +early_set_mem_enc_dec_hypercall(unsigned long vaddr, int npages, bool enc) {} static inline void mem_encrypt_free_decrypted_mem(void) { } diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c index aa593743acf6..94a4fbf80e44 100644 --- a/arch/x86/kernel/kvmclock.c +++ b/arch/x86/kernel/kvmclock.c @@ -333,6 +333,18 @@ void __init kvmclock_init(void) pr_info("kvm-clock: Using msrs %x and %x", msr_kvm_system_time, msr_kvm_wall_clock); + if (sev_active()) { + unsigned long nr_pages; + /* + * sizeof(hv_clock_boot) is already PAGE_SIZE aligned + */ + early_set_mem_enc_dec_hypercall((unsigned long)hv_clock_boot, + 1, 0); + nr_pages = DIV_ROUND_UP(sizeof(wall_clock), PAGE_SIZE); + early_set_mem_enc_dec_hypercall((unsigned long)&wall_clock, + nr_pages, 0); + } + this_cpu_write(hv_clock_per_cpu, &hv_clock_boot[0]); kvm_register_clock("primary cpu clock"); pvclock_set_pvti_cpu0_va(hv_clock_boot); diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index 9d1ac65050d0..1bcfbcd2bfd7 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -376,6 +376,12 @@ int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size) return early_set_memory_enc_dec(vaddr, size, true); } +void __init early_set_mem_enc_dec_hypercall(unsigned long vaddr, int npages, + bool enc) +{ + set_memory_enc_dec_hypercall(vaddr, npages, enc); +} + /* * SME and SEV are very similar but they are not the same, so there are * times that the kernel will need to distinguish between SME and SEV. The From patchwork Mon Nov 30 23:33:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11941533 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id F18FCC83020 for ; Mon, 30 Nov 2020 23:34:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B1CCD207BB for ; Mon, 30 Nov 2020 23:34:47 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="hidfG1QV" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388977AbgK3Xee (ORCPT ); Mon, 30 Nov 2020 18:34:34 -0500 Received: from mail-bn8nam11on2064.outbound.protection.outlook.com ([40.107.236.64]:11880 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2388951AbgK3Xe3 (ORCPT ); Mon, 30 Nov 2020 18:34:29 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ra0FlBqpYN+4z6Q+cmvqcbLwsKZWBQdeKHG9k//zexhZeq7EHSZ3huwaE3PvSkO1gF4CdPWCuSREn+Js3FDLSAY3nr624an4a3uKKkPimMyAvkGF2e9t1mqwuplQ6FUtaI704T05P7SSqMBhTKn3t4TXJiMwHncBZHtnRH8VuG4AmGQye3Nn0AhluhsycoRKQdnu2k12ZjKP620HTdszfPLx4Odd39le+rhhqyQ7i/XDB2crkEjnUT3PJgzWZ57w0CwLcvZsK1B+6N3pgP9+Co8cgKsdCc8Q2fyUxLNf1MEVq72AR+OIZc+xm1lFMTDQmZscJmg37m9C3JmI1l6lsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GMm/eQKJw+rQ14sDUPcwk4EWWQ3Fl7hyawwQTrrgXy0=; b=og292iKWDfrNtoapqHQffSofYAbZt9uBkUkrJ0y5e9bTS4R7dSiZddvGwht5BQdkdg6t4ka0oad9f+9OUH5GuDch2T2isUg5CmRCOYeD+I1XrJ2icbRfofCWzRMX5KRoYpvP6he/u4CBJQGIQmhPw9YpSAWlWJpKMub+yewzrWvYwMRuhJwqfT+RNS6pe2NlTY3TEkRvRlLZh3F40mIXPmAFpJs8vXs129nihVkJmlX8NIb9ACHcoAIk1+tyv9TVuyks8PUNHH2NJ0Hly9Z5egTdQOGWZZAxDm48g92M2QvmJQQ0e7qhu83Ac7Px6IO5MXowKZ0AtCnt2kT3HZl2Ug== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GMm/eQKJw+rQ14sDUPcwk4EWWQ3Fl7hyawwQTrrgXy0=; b=hidfG1QVmqWexBpfen9eGw0zrmVszL2c6O/SXZh3RlGyzF088xCgLnGP14QUxTPCic3Z6AxKjVejwVNN85+8Y+Mz63of/Ooly9TlanVvXH+2z8pfs6/MBD2I8xVYkDxyWRBcVUZieFtZx15jXBUvPtwvg88YgipdGag7AnqKhkU= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4509.namprd12.prod.outlook.com (2603:10b6:806:9e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.25; Mon, 30 Nov 2020 23:33:57 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3611.025; Mon, 30 Nov 2020 23:33:57 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, brijesh.singh@amd.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com, frankeh@us.ibm.com, dgilbert@redhat.com Subject: [PATCH 8/9] KVM: x86: Add kexec support for SEV page encryption bitmap. Date: Mon, 30 Nov 2020 23:33:46 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0401CA0003.namprd04.prod.outlook.com (2603:10b6:803:21::13) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN4PR0401CA0003.namprd04.prod.outlook.com (2603:10b6:803:21::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.25 via Frontend Transport; Mon, 30 Nov 2020 23:33:57 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 94611639-dba2-4603-8b44-08d8958868a6 X-MS-TrafficTypeDiagnostic: SA0PR12MB4509: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3383; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: adlC/l5qxO7c6cGIWpItKLNoblG6W44ksXI4Kdvj2LgyO137/IGBdJL0JsjWu8RkEySmKoK9NOB+7E20hdNGaeHap+Jr+z0UxHl7Xmu0Eusf+FM/CSoEWeYo8gTB4ZQx4mnp4uyhysWz6bU8sueQLOOaGrnjw8crsXVSDc+kDw1byw5DhmT/X6EdNFg6cMG6v+VjE85N3EKiGeEhS+qCV/smiCzme3bwwXMXMTxZlsNsuwFY1NhgVeojrm2jzOwgaLFl2+3kZr9Ih62rywp7lyL7x0fVtJRcCqJ5VOdxZ3WBosSe7g7DBAX9M+Ov3uvrNMyBY5fduJJEUTm0rrbg9A== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39860400002)(396003)(346002)(366004)(376002)(26005)(956004)(5660300002)(16526019)(7416002)(4326008)(86362001)(2616005)(186003)(316002)(7696005)(6916009)(2906002)(8936002)(6486002)(52116002)(8676002)(66946007)(478600001)(6666004)(66476007)(66556008)(36756003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: Lwk4eioi4d9NSJ6eP0clL9xDytpm0lTkRV4ap5urtI8REIWnFcDiPBXzANx5Wst5LiedRL32T+FEq6CwrJ6aA4onDIL+Ay4SOBTD2uWhUME8NmNXvZzZt7DGCpFJrrjiQ8uI9/s+PnxXLzH1U5ucWfE3vdR2SHe1XXz0UyPKYacfxyZfVPE2G9IZlSMLSO4juG0Kczt4GimY3zrezYYnE+QyP/KMVBTZD6pahCYrWayTPN9IJRruwwbJpnefBuNUQu2u+8y+733GZBj4975qUAHjxehFPNp5XeYsNBXQKuUJm7BQ5ue7yfJyROoUPm3KiV0bwddAvTruvzS8+Rm1kMNx+eIdnEy8AMs+SmtbGN0HeB5tvZlGU6ZWVnTjFQ42zebDaeoXtZI+jKCxF5ClcEfmtVbkXU5ob81A+Xs8yNIRgJD5NoD+z88sgcbuzmkYJDy59cnML9S1lDHNkSsmHHlk5aPvdhFug/jf3aV6udDKO2vAKh3plPc+P7+zUwy679+j3u1PthBLIZUg2udhT4dOB7MrCcxuM3KDY8wx6PF8QiDTxNz+k0UtS0SIsHaQ0bm0Pt98iVMZ2TOR9SUBA0d2AEg181DYpMOXL9KzAFxYW3WtLOeVrmKYS7X5KHNrM0w/WxvRCKC4I8QfTMp/HvUKAHYcodDGp0kLHIKD82/4b3HHW4cP/GNXoqhAhcuWFlZawrMLLHkWX2IVQp3G7G2I0SGE3W4uOnMX/f9AqaCIh/+ph7v4AaefLpJRJQTp X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 94611639-dba2-4603-8b44-08d8958868a6 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Nov 2020 23:33:57.8250 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: nByA6pYO+2XMuK4zM/U6EDgl7y78Kwo9wj1raio/0bPJyx4JQAZl33B5i91Ltl56KDNSbOpfvqtHwAMFsEjdLA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4509 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Ashish Kalra Reset the host's page encryption bitmap related to kernel specific page encryption status settings before we load a new kernel by kexec. We cannot reset the complete page encryption bitmap here as we need to retain the UEFI/OVMF firmware specific settings. The host's page encryption bitmap is maintained for the guest to keep the encrypted/decrypted state of the guest pages, therefore we need to explicitly mark all shared pages as encrypted again before rebooting into the new guest kernel. Signed-off-by: Ashish Kalra --- arch/x86/kernel/kvm.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c index 7f57ede3cb8e..55d845e025b2 100644 --- a/arch/x86/kernel/kvm.c +++ b/arch/x86/kernel/kvm.c @@ -38,6 +38,7 @@ #include #include #include +#include DEFINE_STATIC_KEY_FALSE(kvm_async_pf_enabled); @@ -383,6 +384,33 @@ static void kvm_pv_guest_cpu_reboot(void *unused) */ if (kvm_para_has_feature(KVM_FEATURE_PV_EOI)) wrmsrl(MSR_KVM_PV_EOI_EN, 0); + /* + * Reset the host's page encryption bitmap related to kernel + * specific page encryption status settings before we load a + * new kernel by kexec. NOTE: We cannot reset the complete + * page encryption bitmap here as we need to retain the + * UEFI/OVMF firmware specific settings. + */ + if (sev_active() & (smp_processor_id() == 0)) { + int i; + unsigned long nr_pages; + + for (i = 0; i < e820_table->nr_entries; i++) { + struct e820_entry *entry = &e820_table->entries[i]; + unsigned long start_pfn; + unsigned long end_pfn; + + if (entry->type != E820_TYPE_RAM) + continue; + + start_pfn = entry->addr >> PAGE_SHIFT; + end_pfn = (entry->addr + entry->size) >> PAGE_SHIFT; + nr_pages = DIV_ROUND_UP(entry->size, PAGE_SIZE); + + kvm_sev_hypercall3(KVM_HC_PAGE_ENC_STATUS, + entry->addr, nr_pages, 1); + } + } kvm_pv_disable_apf(); kvm_disable_steal_time(); } From patchwork Mon Nov 30 23:34:03 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11941535 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 856FEC71156 for ; Mon, 30 Nov 2020 23:35:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 35FC2207BB for ; Mon, 30 Nov 2020 23:35:24 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="LeAmU3Iy" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388997AbgK3Xex (ORCPT ); Mon, 30 Nov 2020 18:34:53 -0500 Received: from mail-bn8nam11on2064.outbound.protection.outlook.com ([40.107.236.64]:11880 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2388951AbgK3Xew (ORCPT ); Mon, 30 Nov 2020 18:34:52 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cELLfQkYLue05RdjMgNMBszhRRP7A6kGAnL0hYKIbyU3BYGs8HST3vIMzePhR+dVqUL/rl9h02tP9JEVnpsigF1+Mj4wEUYJNmo7I3QfP6VJlLEWfHJHBQykNmI2GbJkKluFfpcwAnbSb9CUMgEiwX3XaQgf+/y0bA+HvRDZXO5kwJSzNg/BI7UZ7VnY230P8wNpjCP2+iqJRpZdFDXsjfCVXrfDbPrWSUkqPQ9M736diYPdHzCzMzfxrD+aBtfkXoMaXCChAr2M/pNU1qVLq+0UgdfNyitDNi3ub0W+UjD9dD8L0hCKFgRChLns9U0YoiFr7VH7ZmgidozMl2ZXQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8/74j3Bng+v30Jvcj+OAfvabtGBBqTJhxgRHD6tfhu0=; b=IgssKWuu3Ha7J87kdiOc3eusoKgKuIbp2AcwTwaBV4JCsn37LDv/rpSYaeXZ2R4OYDWco/evTEhUwsx3hB4IWSWXMoTrx0iFl5UlQx/LgEX6m+lWiXigIWdC34JZL+zHsIFY/SaC/Nf0hRCAQ8YFfQ6btzhRMguUO0ewa/dNYT68Pk2g1ELdJ17c7aasADkA2z/1farOskIqUguCtrjMgQucdv6bo8Gv/TnuFuX3AHUg0k1yHpwrMFUt3zduSMKBJHA/KchcW3aql44NvWGLfMRbgNxzd2S6n9zb0IbQQcejJlCQm9p+C2lUO+PhnsjjoN5hj3trf75Hp9XDGrfucQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8/74j3Bng+v30Jvcj+OAfvabtGBBqTJhxgRHD6tfhu0=; b=LeAmU3Iyf+n5Pm9OoZcqVTEP5df1/O2+V1DsU1fbduNIUvwSKSLJGq8V5IXZ/+zpu0wTbEQas35UXsBaV+PHOhxPrUYMbGjmT0jeKjzvUIU7ibhvTDaJWmwaUv11QbGb/7LPO4XdldUIVSZ7caw5kuV9YOV+BGo5RoS5HmZwuFs= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4509.namprd12.prod.outlook.com (2603:10b6:806:9e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.25; Mon, 30 Nov 2020 23:34:12 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3611.025; Mon, 30 Nov 2020 23:34:12 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, brijesh.singh@amd.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com, frankeh@us.ibm.com, dgilbert@redhat.com Subject: [PATCH 9/9] KVM: SVM: Bypass DBG_DECRYPT API calls for unecrypted guest memory. Date: Mon, 30 Nov 2020 23:34:03 +0000 Message-Id: <9d82016559ff5397fba0b6d06c54526396e24c1a.1606633738.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0401CA0047.namprd04.prod.outlook.com (2603:10b6:803:2a::33) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN4PR0401CA0047.namprd04.prod.outlook.com (2603:10b6:803:2a::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.22 via Frontend Transport; Mon, 30 Nov 2020 23:34:12 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 6891bf21-f430-45dd-49fe-08d89588717e X-MS-TrafficTypeDiagnostic: SA0PR12MB4509: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:747; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 3XiFTvT5SPY6GMhNxnKk6F6aOlm0qdMaoIx6FFmpmjPNGB+E87s1avYAfj+0ip1BzHljz/45mKXjqSOOBJI/Gzf7RdlLKDg8xv+ECzRcCSx7Kmbhu8Z+mtqlAPIHg3DFY2fONvEkRwZozj7rQzqied2S0qbr9sOIHm3zCP0x47FudbRyUyB4kOBMORwBY7zA7lO6YfimdvuE/HNzgktEwIPeJnuSy718+Xdcunh/Z3AHkHcNHYLbsYdKK1BxkBtl/k+KOLSeBH2lZRpBX4JQc/wCaQgYhnO+eG0TC4PcFZjBsvDuN+RwI838cOBeyfr6vN0MavRFbNCGkC/x4gmgPQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39860400002)(396003)(346002)(366004)(376002)(26005)(83380400001)(956004)(5660300002)(16526019)(7416002)(4326008)(86362001)(2616005)(186003)(316002)(7696005)(6916009)(2906002)(8936002)(6486002)(52116002)(8676002)(66946007)(478600001)(6666004)(66476007)(66556008)(36756003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: PVUEiK3m+hKZ8SNyrH44Lei/UG3ZvywVPoKo7hktD8NoiElQshT8qmSrd61yk7HrFIlAZfJqHvhK8LUv288kd3spbJI2aGV6bhYoZCziU+8Fx8iRLJn07CixLCYvq7ZQvzFPPatK6XZIlfv3kkqRedDIGinzbtwK+nJqFN0763OyBSK2mpyLe9mXVBN615b8LjZmL0UIR9JsbA+lm0eyVZygsTf6LIKsJidsaMqo9FcwljpceAZe5SECkm2F59OZ8eFUIjIAsthWwjf3Y2CL+59Sfbdy0ICAuRk/GJH1wsBr1X3BLtWmiMY1AYuAzb02YoS8ATpiJ/lakHBm467cuiATOWi7wqh0AKF2fH/dj5PzHUF20JBDbF+r6GgZfwMOXxxydAK5sWWpNFrU9ajTm2wTEN40xnxbIZ7eWe0b3XVogLZiAwv4USYZeeCniADndLcQxTZMBMFgi4pEW0VhaML00Vwb3zyrPZx/b3NIWFRPlmAJtYcm55cH10IUIMMNfLN2RZDf1Pl02oNMNj0upDAD1jwGHlV4/bXMLxN4DCAX6B/DjCKVrQevhZwmGyqGXx4mlEqp9xE+Rmw0Yc2ObjADObl8thobgvp2WImWyc2KKPlfRYlz+z16fp1TerR5WjXwoza18IyzeaQevByjZ08sUBPZg69+b4oEK8L28+d+QcL1tjAnNBRjmq64lSJjw4UEwwobS8OnKsCWYugHTPSfSrUbs//oVh1kN/H9lh20Q4QplIdU8u7vJjnARXzP X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6891bf21-f430-45dd-49fe-08d89588717e X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Nov 2020 23:34:12.6437 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 5ZGXSzZdi58TVzq9we1w19Li2VLvzXYileM+lzbUaX3lxWf/33gQwqevgIIGQ14oUUssb01elinQ3HIDZk5aEw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4509 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Ashish Kalra For all explicitly unecrypted guest memory regions such as S/W IOTLB bounce buffers, dma_decrypted() allocated regions and for guest regions marked as "__bss_decrypted", ensure that DBG_DECRYPT API calls are bypassed for such regions. The guest memory regions encryption status is referenced using the page encryption bitmap. Uses the two added infrastructure functions hva_to_memslot() and hva_to_gfn(). Signed-off-by: Ashish Kalra --- arch/x86/kvm/svm/sev.c | 74 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 37cf12cfbde6..8b3268878911 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -763,6 +763,37 @@ static int __sev_dbg_encrypt_user(struct kvm *kvm, unsigned long paddr, return ret; } +static struct kvm_memory_slot *hva_to_memslot(struct kvm *kvm, + unsigned long hva) +{ + struct kvm_memslots *slots = kvm_memslots(kvm); + struct kvm_memory_slot *memslot; + + kvm_for_each_memslot(memslot, slots) { + if (hva >= memslot->userspace_addr && + hva < memslot->userspace_addr + + (memslot->npages << PAGE_SHIFT)) + return memslot; + } + + return NULL; +} + +static bool hva_to_gfn(struct kvm *kvm, unsigned long hva, gfn_t *gfn) +{ + struct kvm_memory_slot *memslot; + gpa_t gpa_offset; + + memslot = hva_to_memslot(kvm, hva); + if (!memslot) + return false; + + gpa_offset = hva - memslot->userspace_addr; + *gfn = ((memslot->base_gfn << PAGE_SHIFT) + gpa_offset) >> PAGE_SHIFT; + + return true; +} + static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec) { unsigned long vaddr, vaddr_end, next_vaddr; @@ -792,6 +823,48 @@ static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec) for (; vaddr < vaddr_end; vaddr = next_vaddr) { int len, s_off, d_off; + if (dec) { + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct page *src_tpage = NULL; + gfn_t gfn_start; + int srcu_idx; + + /* ensure hva_to_gfn translations remain valid */ + srcu_idx = srcu_read_lock(&kvm->srcu); + if (!hva_to_gfn(kvm, vaddr, &gfn_start)) + return -EINVAL; + if (sev->page_enc_bmap) { + if (!test_bit(gfn_start, sev->page_enc_bmap)) { + src_tpage = alloc_page(GFP_KERNEL); + if (!src_tpage) { + srcu_read_unlock(&kvm->srcu, srcu_idx); + return -ENOMEM; + } + /* + * Since user buffer may not be page aligned, calculate the + * offset within the page. + */ + s_off = vaddr & ~PAGE_MASK; + d_off = dst_vaddr & ~PAGE_MASK; + len = min_t(size_t, (PAGE_SIZE - s_off), size); + + if (copy_from_user(page_address(src_tpage), + (void __user *)(uintptr_t)vaddr, len)) { + __free_page(src_tpage); + srcu_read_unlock(&kvm->srcu, srcu_idx); + return -EFAULT; + } + if (copy_to_user((void __user *)(uintptr_t)dst_vaddr, + page_address(src_tpage), len)) { + ret = -EFAULT; + } + __free_page(src_tpage); + srcu_read_unlock(&kvm->srcu, srcu_idx); + goto already_decrypted; + } + } + } + /* lock userspace source and destination page */ src_p = sev_pin_memory(kvm, vaddr & PAGE_MASK, PAGE_SIZE, &n, 0); if (IS_ERR(src_p)) @@ -836,6 +909,7 @@ static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec) sev_unpin_memory(kvm, src_p, n); sev_unpin_memory(kvm, dst_p, n); +already_decrypted: if (ret) goto err;