From patchwork Tue Dec 8 22:03:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11959905 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 22F85C2BB48 for ; Tue, 8 Dec 2020 22:05:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0BFC923AC4 for ; Tue, 8 Dec 2020 22:05:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730754AbgLHWFD (ORCPT ); Tue, 8 Dec 2020 17:05:03 -0500 Received: from mail-dm6nam10on2062.outbound.protection.outlook.com ([40.107.93.62]:37153 "EHLO NAM10-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1730739AbgLHWFC (ORCPT ); Tue, 8 Dec 2020 17:05:02 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eShcA53hVoYDJyFyd2d6Kl+U65ko/f0DRh/nz6Y8fxAFCw34+LFGsUghIl6CK5UmQcddBsJ35kmC218exJEJhi+oI6EzAEmvBis2g94SBeUZMIbnoRzO2Bebba6/BtysFzoqkUk988eJ35be552kIRIPTh1NGEOCrOQ7TphCJB8PgD028CkPF3ecsAiFeO5ex+axBtgyipB/bfbRnsHUuuth11/g171Jdu6mUSniF3qIYOKklsfUt2gqTusZ0HyGrw1WQKvUlCd7ywAV4s50AalFLukgk4iXk6ly09u67UAa4QOiaMdSmQkbQ9oJE5fmEMzANe/HJB4Pl/BDkTqg+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZLuRQUgfGdBflyqEaDs9Jkt2i6psVdRmX5pDNuT531I=; b=cxPW7hNIzQWp61yyPgS+QOAFcmvXeBMzV0lx0jnZqC9B9aECXGYu4zEYBjx2AYIboNtrdP8K5O+KSuvPKH7ck8YQwtEyB8yaS7kDauz1RgCNKxIHWPBXbbL7WEUlXPpjUezzs9sBE8fGHopic+HTVDUb9tmOjrUOR/U14/Zm3NZACkSGgqqMATEUlqns/hSNYECM12ahhXbXXVRMefn6Ix6Y74iyBY/f+uNwuPRnFtbtMCWHUM6a7U+JCHXiYzfYYcezULgSDWMfx4R4YYoYW00Bgb+2JCKrO2g8g1iW0+kP73YPte+ODO3m45EYNPp9lK7kd833d0EBHRkAll12/Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZLuRQUgfGdBflyqEaDs9Jkt2i6psVdRmX5pDNuT531I=; b=R+qyDO4DMxVe9qImuv5hOfpyBUf0afNtsZgX/2fHdeir6GUTLyF2fdLKKxGapMmQcj0Q2V/Ni67jGNqEbStxcg1qRe3bDSjRtsqhqGFY3JTLzYZvb/RMwyfJ8zC3iGVesvyEaJioIZIAkoace+zHlg+AL+OStgQZYytYzvus4SY= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4365.namprd12.prod.outlook.com (2603:10b6:806:96::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17; Tue, 8 Dec 2020 22:04:06 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3632.021; Tue, 8 Dec 2020 22:04:06 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v9 01/18] KVM: SVM: Add KVM_SEV SEND_START command Date: Tue, 8 Dec 2020 22:03:56 +0000 Message-Id: <813ea518ab74252cd66565fe87975dcbdf15b3f3.1607460588.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0701CA0032.namprd07.prod.outlook.com (2603:10b6:803:2d::12) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN4PR0701CA0032.namprd07.prod.outlook.com (2603:10b6:803:2d::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.18 via Frontend Transport; Tue, 8 Dec 2020 22:04:06 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 2913bee2-3362-4061-3f18-08d89bc52ecb X-MS-TrafficTypeDiagnostic: SA0PR12MB4365: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6108; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: G2wbGfz9diPPGiNnQzER8Pwf/Y+o1owrQb9uvU2xjEZwdIUPeXsTHlA7hqGEnjK8BCttonq3qosA1Ef88RIK6lghCyV4ZzgDPpn5ZD5LVgwe6WG6+CjRc6Evqa8pJA4A85dNV0kA0pZyFUBkfpy5pl3E+EoW7oyB1Fa3m0B96AlbjASlf/L+Rb44gPqn2Dk5SBKWxb0pXOmsc2guI4plx/yzzF+c1lMFXJ4PdWOY+/yXb5QccAxuz7PIH7/KhhVv8xMrRYi8V21Q4OLOdMvWu8WVmHcWrYz+KYxmftqA2LvgA1x1xDnZNcehPSvLH9u0x/ehuzIfmVxnWkPEjHehOBD5UDYJ+5OwPGanVl9hNlsKz5DeckWdl27cLTacWevD X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(346002)(366004)(136003)(7696005)(508600001)(6666004)(66476007)(66574015)(66556008)(4326008)(66946007)(52116002)(5660300002)(186003)(2906002)(6916009)(34490700003)(86362001)(2616005)(16526019)(26005)(956004)(7416002)(8936002)(36756003)(6486002)(8676002)(83380400001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?iZJtTQSJsj6vmi8Ly65phmjVwoewg/?= =?utf-8?q?ufyY++IPtIX20TCD+zZuRE/Ymz5BzaZoAy8zXHdTLJC4t7vNiOcGjI2bbtXXNcd03?= =?utf-8?q?qK0vJUqpAbjlDUv2OysnqKzfVgNdHZpBKSxgCALPtGKjEXZ2O5mCxPgv/mz7wGLkd?= =?utf-8?q?YHxY2VetkHF6UpvhBXvuNXBOavLZk/ptkiyrfLAddCL0jLXT0YrlXVdsgCE3xWTC4?= =?utf-8?q?iQInZZWK2M7QEDVP0AHonL14nbP9cmQCr9eiVJGOiVbSl3eO3530gdciE19ZXZhsU?= =?utf-8?q?q3YoXduECL00gGq7IbXjIeikJOo/NNQ8sZRXrQGincvAm9qCpathu2wUJw9kzpOSR?= =?utf-8?q?0TDd/X2fwVuAz+MzEthDlUeQWCzlV9U8xMhPLQkrNXDXFhlLVWxF6ojrgXoWg21NE?= =?utf-8?q?1g9Xh3M1l7ZVqVLKuwEevfDUuxbyIGo30EEkuBjp0SrJmzu06k1qSc/0uHecX9QjG?= =?utf-8?q?UAwT7MnHSEkC8Mleb+w/apIe8Wi5byuAiVw45TjaYdGl/r0jHHV2nlIIbspocpddJ?= =?utf-8?q?vwhbgpGWHhtjQCfdtyGF8C9oA33IhOzsC4AbYEO9CLGnt1FEhjYDzO3koWUZCUssj?= =?utf-8?q?yHDgw7I6R09XrveNmFPeCSrO4F7Vuy3WHgYNunE/m+roLU4JzmO5WG76vag/nJVd9?= =?utf-8?q?7fchSXByVACQrpN06iordgmv4M17cck6HfOlqk94gNNIIZn+vnQLFgNWE4rEFXjiO?= =?utf-8?q?FyrowKcQhqcKpweLLqiKC9/xBb0UUoG/LQtgVWZn2rmJv9DyfZ913SSqHvfevlb/u?= =?utf-8?q?IfgLV34NCYGY/2mq/W39b+MV3ciPZtTOP53AgUkBcI9+UaRWWq278ubH/xUZsTEGF?= =?utf-8?q?kUhfD9Jdq/LqkhdN9OTC3CP6X5GHCDipk99CbqnXYOYN9CoNoulz22SexTWUbK/rv?= =?utf-8?q?PYW5Llc4T8uB2n6wfo2hTqkcl3TA36+ZLaUr7Wwxqzj6uWL2CemimgwvMF9WAgOJA?= =?utf-8?q?wamzwSGGnaFMaXQtajz?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2020 22:04:06.8060 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 2913bee2-3362-4061-3f18-08d89bc52ecb X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Qd9W1NL/hw4a+lvKRLP9u2f9ABFs0cBedMHRaVZzATDS+dVhzPYWhtcMi127WeABS38UBlqeSa7FX+iEVN0lZQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4365 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The command is used to create an outgoing SEV guest encryption context. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Steve Rutherford Reviewed-by: Venu Busireddy Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- .../virt/kvm/amd-memory-encryption.rst | 27 ++++ arch/x86/kvm/svm/sev.c | 125 ++++++++++++++++++ include/linux/psp-sev.h | 8 +- include/uapi/linux/kvm.h | 12 ++ 4 files changed, 168 insertions(+), 4 deletions(-) diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst index 09a8f2a34e39..9f9896b72d36 100644 --- a/Documentation/virt/kvm/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/amd-memory-encryption.rst @@ -263,6 +263,33 @@ Returns: 0 on success, -negative on error __u32 trans_len; }; +10. KVM_SEV_SEND_START +---------------------- + +The KVM_SEV_SEND_START command can be used by the hypervisor to create an +outgoing guest encryption context. + +Parameters (in): struct kvm_sev_send_start + +Returns: 0 on success, -negative on error + +:: + struct kvm_sev_send_start { + __u32 policy; /* guest policy */ + + __u64 pdh_cert_uaddr; /* platform Diffie-Hellman certificate */ + __u32 pdh_cert_len; + + __u64 plat_certs_uaddr; /* platform certificate chain */ + __u32 plat_certs_len; + + __u64 amd_certs_uaddr; /* AMD certificate */ + __u32 amd_certs_len; + + __u64 session_uaddr; /* Guest session information */ + __u32 session_len; + }; + References ========== diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index c0b14106258a..f28a800e087a 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -927,6 +927,128 @@ static int sev_launch_secret(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +/* Userspace wants to query session length. */ +static int +__sev_send_start_query_session_length(struct kvm *kvm, struct kvm_sev_cmd *argp, + struct kvm_sev_send_start *params) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_send_start *data; + int ret; + + data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT); + if (data == NULL) + return -ENOMEM; + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_START, data, &argp->error); + + params->session_len = data->session_len; + if (copy_to_user((void __user *)(uintptr_t)argp->data, params, + sizeof(struct kvm_sev_send_start))) + ret = -EFAULT; + + kfree(data); + return ret; +} + +static int sev_send_start(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_send_start *data; + struct kvm_sev_send_start params; + void *amd_certs, *session_data; + void *pdh_cert, *plat_certs; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, + sizeof(struct kvm_sev_send_start))) + return -EFAULT; + + /* if session_len is zero, userspace wants to query the session length */ + if (!params.session_len) + return __sev_send_start_query_session_length(kvm, argp, + ¶ms); + + /* some sanity checks */ + if (!params.pdh_cert_uaddr || !params.pdh_cert_len || + !params.session_uaddr || params.session_len > SEV_FW_BLOB_MAX_SIZE) + return -EINVAL; + + /* allocate the memory to hold the session data blob */ + session_data = kmalloc(params.session_len, GFP_KERNEL_ACCOUNT); + if (!session_data) + return -ENOMEM; + + /* copy the certificate blobs from userspace */ + pdh_cert = psp_copy_user_blob(params.pdh_cert_uaddr, + params.pdh_cert_len); + if (IS_ERR(pdh_cert)) { + ret = PTR_ERR(pdh_cert); + goto e_free_session; + } + + plat_certs = psp_copy_user_blob(params.plat_certs_uaddr, + params.plat_certs_len); + if (IS_ERR(plat_certs)) { + ret = PTR_ERR(plat_certs); + goto e_free_pdh; + } + + amd_certs = psp_copy_user_blob(params.amd_certs_uaddr, + params.amd_certs_len); + if (IS_ERR(amd_certs)) { + ret = PTR_ERR(amd_certs); + goto e_free_plat_cert; + } + + data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT); + if (data == NULL) { + ret = -ENOMEM; + goto e_free_amd_cert; + } + + /* populate the FW SEND_START field with system physical address */ + data->pdh_cert_address = __psp_pa(pdh_cert); + data->pdh_cert_len = params.pdh_cert_len; + data->plat_certs_address = __psp_pa(plat_certs); + data->plat_certs_len = params.plat_certs_len; + data->amd_certs_address = __psp_pa(amd_certs); + data->amd_certs_len = params.amd_certs_len; + data->session_address = __psp_pa(session_data); + data->session_len = params.session_len; + data->handle = sev->handle; + + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_START, data, &argp->error); + + if (!ret && copy_to_user((void __user *)(uintptr_t)params.session_uaddr, + session_data, params.session_len)) { + ret = -EFAULT; + goto e_free; + } + + params.policy = data->policy; + params.session_len = data->session_len; + if (copy_to_user((void __user *)(uintptr_t)argp->data, ¶ms, + sizeof(struct kvm_sev_send_start))) + ret = -EFAULT; + +e_free: + kfree(data); +e_free_amd_cert: + kfree(amd_certs); +e_free_plat_cert: + kfree(plat_certs); +e_free_pdh: + kfree(pdh_cert); +e_free_session: + kfree(session_data); + return ret; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -971,6 +1093,9 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_LAUNCH_SECRET: r = sev_launch_secret(kvm, &sev_cmd); break; + case KVM_SEV_SEND_START: + r = sev_send_start(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 49d155cd2dfe..454f35904d47 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -325,11 +325,11 @@ struct sev_data_send_start { u64 pdh_cert_address; /* In */ u32 pdh_cert_len; /* In */ u32 reserved1; - u64 plat_cert_address; /* In */ - u32 plat_cert_len; /* In */ + u64 plat_certs_address; /* In */ + u32 plat_certs_len; /* In */ u32 reserved2; - u64 amd_cert_address; /* In */ - u32 amd_cert_len; /* In */ + u64 amd_certs_address; /* In */ + u32 amd_certs_len; /* In */ u32 reserved3; u64 session_address; /* In */ u32 session_len; /* In/Out */ diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 886802b8ffba..f91aca926e89 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1643,6 +1643,18 @@ struct kvm_sev_dbg { __u32 len; }; +struct kvm_sev_send_start { + __u32 policy; + __u64 pdh_cert_uaddr; + __u32 pdh_cert_len; + __u64 plat_certs_uaddr; + __u32 plat_certs_len; + __u64 amd_certs_uaddr; + __u32 amd_certs_len; + __u64 session_uaddr; + __u32 session_len; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Tue Dec 8 22:04:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11959921 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CBA63C2BBCA for ; Tue, 8 Dec 2020 22:06:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A2BA723A33 for ; Tue, 8 Dec 2020 22:06:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731029AbgLHWGE (ORCPT ); Tue, 8 Dec 2020 17:06:04 -0500 Received: from mail-mw2nam12on2045.outbound.protection.outlook.com ([40.107.244.45]:62081 "EHLO NAM12-MW2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1730370AbgLHWFu (ORCPT ); Tue, 8 Dec 2020 17:05:50 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ft6bxEGWnPnz+XktTMMf29BDxfpnWfKSugflWxBB8EIMKZ02usaLZnPFmwu+al7ToXd+59B4kURwovMwvsluMkWMJXgUCPFGijbBxu0nnQMCN9nayLIpC+DGvKNINecgKcjJxMW/nbpcwNu/uk84ElxEiMyKdag12fEKsc7Wn7/q6jBhgNs5QR0Ro5PiA3RUmfo1cDNIeMU3qB+vNZyhTptIcWuwo9cQBsADEsaCmpUEf3yx/TIUlUDaQ87qWQQ+tS1BqSYo4+4/oYOwlOkQ/NIkUFXakWgdXOnpDLPGBE9Cw3lUUILir+4dh/bbvMPoTlXEFn4TWaAIzNIjb1vxSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IqfZHu1UBRE1TEpbNIxfADaDPUI/FgfkoeIJpAYkjJQ=; b=SOBURB9W0OQc1DOc+Mf37awbPPFJfm8MylyHZvQWt7+HX0yGUdzyjMuKg9AQb17ysv8kqJqqKOr0qR7FQEoRg2Jz/hbpbJiRBPnl3rLWSZAADSy27w3qhdPNkCozkFB6yQHzosOpvfDSYNJ1IotpY7zOhIxVvLhFviQ4tt34Qgrh2rM/jXYHzspH5oEk9XTmH2p1NTRh0C7kLpw3jNb2+TGcv48GYMaaKBPR1UvnQmyW3C+JyBKHrsFC3Y8HvUL2MTk6e9vu8G7Un9TgmXVUKbqp7L3tVu/oVYfm6az7S1euLVu4S9iFMAIhAEl6l+qfG9fTggV9dMYp9dHL0GL3sA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IqfZHu1UBRE1TEpbNIxfADaDPUI/FgfkoeIJpAYkjJQ=; b=SQcvhwQn08nxuVjUMrnwOzsCInc+2lc+/zNxZd8OMgjppW2QkEZju8z2IBJYMd8YK+mPJqnfr3U1nETwzD/rCO8lp2niGTCb6tLIxaU/PcIwEG/igzpEBRmWG8ivruaFDdQpWvjjkm849Mmz9sJ8VzPrpTVWPd15vZTFYhe29tM= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4365.namprd12.prod.outlook.com (2603:10b6:806:96::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17; Tue, 8 Dec 2020 22:04:23 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3632.021; Tue, 8 Dec 2020 22:04:23 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v9 02/18] KVM: SVM: Add KVM_SEND_UPDATE_DATA command Date: Tue, 8 Dec 2020 22:04:12 +0000 Message-Id: <294c63b0f9e7dbc94cdf813a94eb0cdc9622b4bb.1607460588.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR13CA0208.namprd13.prod.outlook.com (2603:10b6:806:26::33) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SA9PR13CA0208.namprd13.prod.outlook.com (2603:10b6:806:26::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.9 via Frontend Transport; Tue, 8 Dec 2020 22:04:22 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 8b0eeb9c-d4e5-4dcb-f546-08d89bc53866 X-MS-TrafficTypeDiagnostic: SA0PR12MB4365: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4303; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: RpAtde3w4upe8tQviuCB3Pho4fC+gQq+tD+u8FxQQY7NrMDrwahfxN25/tzfDjDNeRXg7EiUmjm3AZDY8vp3ZY7Ib8mWtkeG1HyMW6eCsFAZH7EjLr+9AzRdzYBTbMIHMuwzBLRcqwVPJTBeg7en8a+LwX9GsdmQu4VpYkqrcUKdT0Nd5kVxAXSz2T08tAlOMOBcquENa9IvBhYwItz8zFSu08cWkhpcoqSw4BweI2Dx7QJnbgyREdGWJRRwB//kT2fd0KkwlsMxL4f2Kd2kUch9Lw4+byVxYIWn8sT/NyQhJmjCuua/eaS+221xd5WzzvCyhBq8Y226qvW8eYF+cZeWP658sJMrjoNAsQbUT+jlXx17ybDuaZ+/JkYjIbiH X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(346002)(366004)(136003)(7696005)(508600001)(6666004)(66476007)(66574015)(66556008)(4326008)(66946007)(52116002)(5660300002)(186003)(2906002)(6916009)(34490700003)(86362001)(2616005)(16526019)(26005)(956004)(7416002)(8936002)(36756003)(6486002)(8676002)(83380400001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?UE3WL4V1d07VzyHP1gZsbW4nJfJUbM?= =?utf-8?q?ZfeBfzWgnriO+7GsK0bQ2rOFPBnXwxd1lVV4F3YrPTa7rGphyzu68ksU5zwFHfQYm?= =?utf-8?q?fDtpGHIWtl5Owmc3bYC9Eh3f+vRoMbBNb4XNgfBC82+lLoJOdxq8sS3wORfNH246y?= =?utf-8?q?21J9b1p4pWCylTgaZJUFxYQ9ICL5b1au3hwLb3tVxfft7fDA4qQ0yy9w4QPTIc+AF?= =?utf-8?q?YOOnQo6qj1q+3h8VGlNjN3GxBK1Ws26FGdpyMpRerRdeUf0Mu3a1OZV1Vpnr1JYky?= =?utf-8?q?05xV4vwZr8gjRhdwiotiTzA9U2nIKxp35O1asDtJ7/H4bBBPfHoickYIt782Emkkd?= =?utf-8?q?+8ZbZadyLY4m2iICPLyyG0D85LzpaEwlSn6wVLRciDLLJhgL/hFw7rG0s/4esB9hF?= =?utf-8?q?lU7L38nlgGDTC0j6EmpX6PF+nPfcrQlpAGGb+kPO8yIJa7w7JrYEo5yYd9XwETVmg?= =?utf-8?q?35aMX4glsOEbDMrLKhigbyAp/Yh7C33PWUE84vyAhqb6JrBn4SD8a5Da0EcC2abET?= =?utf-8?q?59giHeE1TfCoJrG1ye1im29zjhk1DiXry9yXg5oGc8ajggFgKxwUSD0iqr6lt2O6J?= =?utf-8?q?1ffim9uW9WSXhwHMy1W9fCFJqrZIjrV+BdkafOwmd3Y1hiR1fI/Dj6c7A0YCPLdLz?= =?utf-8?q?FBLBAwpJM4ElDXGWoDfdP2cNSgIH+uRM9zgtBIPw15ELCkrv2eMZUwScuYxwQXOOA?= =?utf-8?q?9do4/e0qDD6cNIfSB6P0zox65FoJgj8MpQPta/INlzdVTAiQbkB8gCv1ofsQlQHW8?= =?utf-8?q?SGcD17WzcfGLl4ttK8sDvK99D7xudEZ9J26b1zKd0BdbQCbjcgVxmYmzj+OzWXJv1?= =?utf-8?q?ClNy95hEzmU/4cJT7E9KmumUaTr+X7tmrAPzSt9jVe9RRH3fml/ABJCDVCJi4bb35?= =?utf-8?q?2yzLrmupLejdp5xaV4xYcDau4fNVSNmwgl3hgfwBKn+NYG0/SA+wRc31PgjrvWmuu?= =?utf-8?q?eww42+3JsDDfW9pjy0D?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2020 22:04:22.8979 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 8b0eeb9c-d4e5-4dcb-f546-08d89bc53866 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Xahb9PSvzMb9zPmRSO8vj70/C4apytx2XJkoCW6aB9Bjf5ikiXQN87GEjafIT6OQISrqum7oCBovfCd48T7oAw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4365 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The command is used for encrypting the guest memory region using the encryption context created with KVM_SEV_SEND_START. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by : Steve Rutherford Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- .../virt/kvm/amd-memory-encryption.rst | 24 ++++ arch/x86/kvm/svm/sev.c | 124 ++++++++++++++++++ include/uapi/linux/kvm.h | 9 ++ 3 files changed, 157 insertions(+) diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst index 9f9896b72d36..8bed1d801558 100644 --- a/Documentation/virt/kvm/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/amd-memory-encryption.rst @@ -290,6 +290,30 @@ Returns: 0 on success, -negative on error __u32 session_len; }; +11. KVM_SEV_SEND_UPDATE_DATA +---------------------------- + +The KVM_SEV_SEND_UPDATE_DATA command can be used by the hypervisor to encrypt the +outgoing guest memory region with the encryption context creating using +KVM_SEV_SEND_START. + +Parameters (in): struct kvm_sev_send_update_data + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_launch_send_update_data { + __u64 hdr_uaddr; /* userspace address containing the packet header */ + __u32 hdr_len; + + __u64 guest_uaddr; /* the source memory region to be encrypted */ + __u32 guest_len; + + __u64 trans_uaddr; /* the destition memory region */ + __u32 trans_len; + }; + References ========== diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index f28a800e087a..adfe2e53abf3 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -23,6 +23,7 @@ static DECLARE_RWSEM(sev_deactivate_lock); static DEFINE_MUTEX(sev_bitmap_lock); unsigned int max_sev_asid; static unsigned int min_sev_asid; +static unsigned long sev_me_mask; static unsigned long *sev_asid_bitmap; static unsigned long *sev_reclaim_asid_bitmap; #define __sme_page_pa(x) __sme_set(page_to_pfn(x) << PAGE_SHIFT) @@ -1049,6 +1050,123 @@ static int sev_send_start(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +/* Userspace wants to query either header or trans length. */ +static int +__sev_send_update_data_query_lengths(struct kvm *kvm, struct kvm_sev_cmd *argp, + struct kvm_sev_send_update_data *params) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_send_update_data *data; + int ret; + + data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT); + if (!data) + return -ENOMEM; + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_UPDATE_DATA, data, &argp->error); + + params->hdr_len = data->hdr_len; + params->trans_len = data->trans_len; + + if (copy_to_user((void __user *)(uintptr_t)argp->data, params, + sizeof(struct kvm_sev_send_update_data))) + ret = -EFAULT; + + kfree(data); + return ret; +} + +static int sev_send_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_send_update_data *data; + struct kvm_sev_send_update_data params; + void *hdr, *trans_data; + struct page **guest_page; + unsigned long n; + int ret, offset; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, + sizeof(struct kvm_sev_send_update_data))) + return -EFAULT; + + /* userspace wants to query either header or trans length */ + if (!params.trans_len || !params.hdr_len) + return __sev_send_update_data_query_lengths(kvm, argp, ¶ms); + + if (!params.trans_uaddr || !params.guest_uaddr || + !params.guest_len || !params.hdr_uaddr) + return -EINVAL; + + /* Check if we are crossing the page boundary */ + offset = params.guest_uaddr & (PAGE_SIZE - 1); + if ((params.guest_len + offset > PAGE_SIZE)) + return -EINVAL; + + /* Pin guest memory */ + guest_page = sev_pin_memory(kvm, params.guest_uaddr & PAGE_MASK, + PAGE_SIZE, &n, 0); + if (!guest_page) + return -EFAULT; + + /* allocate memory for header and transport buffer */ + ret = -ENOMEM; + hdr = kmalloc(params.hdr_len, GFP_KERNEL_ACCOUNT); + if (!hdr) + goto e_unpin; + + trans_data = kmalloc(params.trans_len, GFP_KERNEL_ACCOUNT); + if (!trans_data) + goto e_free_hdr; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + goto e_free_trans_data; + + data->hdr_address = __psp_pa(hdr); + data->hdr_len = params.hdr_len; + data->trans_address = __psp_pa(trans_data); + data->trans_len = params.trans_len; + + /* The SEND_UPDATE_DATA command requires C-bit to be always set. */ + data->guest_address = (page_to_pfn(guest_page[0]) << PAGE_SHIFT) + + offset; + data->guest_address |= sev_me_mask; + data->guest_len = params.guest_len; + data->handle = sev->handle; + + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_UPDATE_DATA, data, &argp->error); + + if (ret) + goto e_free; + + /* copy transport buffer to user space */ + if (copy_to_user((void __user *)(uintptr_t)params.trans_uaddr, + trans_data, params.trans_len)) { + ret = -EFAULT; + goto e_free; + } + + /* Copy packet header to userspace. */ + ret = copy_to_user((void __user *)(uintptr_t)params.hdr_uaddr, hdr, + params.hdr_len); + +e_free: + kfree(data); +e_free_trans_data: + kfree(trans_data); +e_free_hdr: + kfree(hdr); +e_unpin: + sev_unpin_memory(kvm, guest_page, n); + + return ret; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -1096,6 +1214,9 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_SEND_START: r = sev_send_start(kvm, &sev_cmd); break; + case KVM_SEV_SEND_UPDATE_DATA: + r = sev_send_update_data(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; @@ -1253,6 +1374,7 @@ void sev_vm_destroy(struct kvm *kvm) int __init sev_hardware_setup(void) { struct sev_user_data_status *status; + unsigned int ebx; int rc; /* Maximum number of encrypted guests supported simultaneously */ @@ -1263,6 +1385,8 @@ int __init sev_hardware_setup(void) /* Minimum ASID value that should be used for SEV guest */ min_sev_asid = cpuid_edx(0x8000001F); + ebx = cpuid_ebx(0x8000001F); + sev_me_mask = 1UL << (ebx & 0x3f); /* Initialize SEV ASID bitmaps */ sev_asid_bitmap = bitmap_zalloc(max_sev_asid, GFP_KERNEL); diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index f91aca926e89..c6f9d58b5a81 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1655,6 +1655,15 @@ struct kvm_sev_send_start { __u32 session_len; }; +struct kvm_sev_send_update_data { + __u64 hdr_uaddr; + __u32 hdr_len; + __u64 guest_uaddr; + __u32 guest_len; + __u64 trans_uaddr; + __u32 trans_len; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Tue Dec 8 22:04:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11959907 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id ABF63C2BB9A for ; Tue, 8 Dec 2020 22:06:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8D05D222B3 for ; Tue, 8 Dec 2020 22:06:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730890AbgLHWFj (ORCPT ); Tue, 8 Dec 2020 17:05:39 -0500 Received: from mail-mw2nam12on2060.outbound.protection.outlook.com ([40.107.244.60]:11169 "EHLO NAM12-MW2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1730829AbgLHWFd (ORCPT ); Tue, 8 Dec 2020 17:05:33 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VO43tqK5QbWB9FToARROAOiVTyQW0oBB2L288J8VJQRUplqt0YbmYwK4B8QDNTjN4dH7kE5S6wTm+eSIEZdLdFbJ4pb2s+bmd1Cd2F+aYyHFWFIdeyQfBtAmlZQ4ugE5sdWATgF/8Fneq30X8gWBQxCURitxjuom2UY551ukMPheu9+sjBkeAOlbH13Fwyh5CWyXurgP89n1cTefz7Ulu9q9caCBDTnnQzna3EwvqZ4eF+cFmzyJvV1oLFnJrNza/JveVBvizv3xhJYi3FRVV3yXin6xMvLhOGd4y49H88dR2jv/AqAxdHoy+2MJ6LzaDdqERaAqbWU5A/H/S4VPiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rmg4NnjGtFHeBFDkCxpthshagXkYd/DC/lMiLNF3pjY=; b=PAxVWfFvlW1Uy4Ofdn38izcoqYgj8BuF5hlIUi3kXDv/ZU4K23GwdTHUdFSWRWYc18nAMBjubCotZUBJDO8JKc/GQfo8b/q1TrPS565rwPAFFNTxnBNQcsk4ldOONW9+8TM7VXTAfyNuuKRO8uKpF3fAYvpCnuyQgjrl+MhUsAUoqNl0LFWH651HMTKxgjj5Ys2/t84Y8bckXzqPfPuTeqLE80STcetdZkIwDLSLN1XqhttfwJhGI7i+0YUJ65sBZ6TODpl30scIocw/JUBCtRC+sB9YiqYO+B0TIJhKZy0LqDnCbo7mNHuLZemLug+bxFhhLBseWPauOazAutM4qg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rmg4NnjGtFHeBFDkCxpthshagXkYd/DC/lMiLNF3pjY=; b=B3OJNI+NBPzpt6alFCSj8E5Pa7m+w7JQOmVEjcHEXqOq7KRRgIzey4m0AfcOwREPQBFx9XjYSF86AJIGtuqvvY/VnGSeGNYJRko5upk3MuPVa5EHmCYw7417fuHx1WXgfPOfkFDXPgG+AwTsFvtgEJUMqj8nswn8pykY76gxlUI= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4415.namprd12.prod.outlook.com (2603:10b6:806:70::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.23; Tue, 8 Dec 2020 22:04:39 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3632.021; Tue, 8 Dec 2020 22:04:39 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v9 03/18] KVM: SVM: Add KVM_SEV_SEND_FINISH command Date: Tue, 8 Dec 2020 22:04:28 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR19CA0026.namprd19.prod.outlook.com (2603:10b6:610:4d::36) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by CH2PR19CA0026.namprd19.prod.outlook.com (2603:10b6:610:4d::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17 via Frontend Transport; Tue, 8 Dec 2020 22:04:38 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: b53cf4d7-3deb-4377-13fa-08d89bc5423d X-MS-TrafficTypeDiagnostic: SA0PR12MB4415: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3826; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: zCZn/JCcqpQXnBUVQERWOt3B2ZgtKyAeadO5jgMzlBFJpQOhP7X4L7722+jMjo5gulgBssrDENlP4X+9wui4A3NYeOqYm+q/AY9H6A47j6YzswS/LfoNGgF5hinz9lP/eKlsT7VDELVTyrqE70JpNUb7TYFNG3Jn0sLFDzcj6QnIqsmFuoZkrnp+EtWvz1BpNQ0qHpNFz27DKJbuBhP+dsS27IKdXrpg+RYG7bSezqC2uAZuPTl856c8FhxMUl9m6opaVp6kEp6/QkRQD6zO4kYoxKQhxr4TFVzbLwiEu5mLm3M1cAN9ITTwU761bA+HnlalxoEeKerORm7Chvnz1pJpXXj1kO3VemyUXEKAKQ23cRLhpNJ8iCFe94PxR3iD X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(346002)(136003)(366004)(34490700003)(83380400001)(186003)(4326008)(86362001)(6916009)(7416002)(16526019)(6486002)(5660300002)(66556008)(8676002)(8936002)(508600001)(7696005)(52116002)(66574015)(66946007)(956004)(36756003)(2906002)(6666004)(26005)(66476007)(2616005);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?GUU2uXbNoZe7lLv3mKnTg2B37MlWHs?= =?utf-8?q?Dp72IN5pZSKRgP5PHY0bJPNGPw6CiuJXTzKXUJc5HgoplZjlcy4O48PaCxLvMedfk?= =?utf-8?q?4lpnIIvrZQ9NpNMXmKlz4txlgcHK6WOWfPHzCO/w5lw1225vOPYTLIVSzWFg0oyqh?= =?utf-8?q?cBFfYrMh0KRkyC40Esy1O+Cq0+F+4SkTSpzSslvaDTwfFKgtmKG2gCSWDZ9lJb/6H?= =?utf-8?q?EAFwpk1kYWhlz3XLzijENoz568sHRHJd+ylyeodR7+9vQbdFB8U1h9yFICjYoH9xA?= =?utf-8?q?PuK5NkTCV+xVV2UxMM2mwmaCHmarlKdPYhEETIxkA+NolWIlWpXCjj+bqwvyL2iZo?= =?utf-8?q?PJ1u7+K6/GIS10OByP65OnuMe8u/OPnkXaww0EgWmE5XGRLZ/CpwiyAOQ2bUGN42N?= =?utf-8?q?b2zbVPDQ4Cff6PATy9YtuGDWOZYdNn9cs+SU2tzD+ABKaZ9Vm8PE1xoVm9KTKUxw7?= =?utf-8?q?S/GL19VISr4o8ZmH+rk9RvogymhJN82E7aeZZR5Cl/FeneTKNFCkcLSJc8Yhrm2Qs?= =?utf-8?q?hwOgPsSMM4QXvMwGl1PtdsOfNLPe0rw220DXtG+wGC0gnGSBMesZopRQs/Rc4yWKc?= =?utf-8?q?/vANmJ64+OHcatf3w67RZDUnOCprtN4Q0emSpmbUtjLgRz/r1kueWl4oPVGUKUoKV?= =?utf-8?q?a58caeYEAex/ivU7L2eiEoOKZkBN1Rb1ec7T9O/vlJtDvBLHEecec45euziqGiCc3?= =?utf-8?q?tSoI0RLi+0+zcapbjzjEOKC/G3ICrSOVAKuNP5bIdfD6z4cVMk0ixXGTdrj89I4W/?= =?utf-8?q?iSn7yPxFNNsK6M4X1HBglgtzNt5GSd+abaU0TlP4QiTFk6BdJrt/VY5Lb1f9e/Qdc?= =?utf-8?q?2Uj0zI5S/IY0TFFT6Wl/oRKuz0NO5zwfItX1Kkkw8Pp16kNzPw/qrYAdMcjE1wLbc?= =?utf-8?q?/A5+sH4OrAqmLpcGts5VmE9QmjeGovtTlDu9bAwmFOBh4xac3/OmqKS58oUX6uE?= =?utf-8?q?=3D?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2020 22:04:39.4357 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: b53cf4d7-3deb-4377-13fa-08d89bc5423d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 4yLFK1h0spIryUbpD4Jhf/gg2+LzRIgVKEag215TTd8ZDh5j9BpcF0YoxDdRLV2qBFp/BlfX9bdBAiHw5Wg8mw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4415 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The command is used to finailize the encryption context created with KVM_SEV_SEND_START command. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Steve Rutherford Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- .../virt/kvm/amd-memory-encryption.rst | 8 +++++++ arch/x86/kvm/svm/sev.c | 23 +++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst index 8bed1d801558..0da0c199efa8 100644 --- a/Documentation/virt/kvm/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/amd-memory-encryption.rst @@ -314,6 +314,14 @@ Returns: 0 on success, -negative on error __u32 trans_len; }; +12. KVM_SEV_SEND_FINISH +------------------------ + +After completion of the migration flow, the KVM_SEV_SEND_FINISH command can be +issued by the hypervisor to delete the encryption context. + +Returns: 0 on success, -negative on error + References ========== diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index adfe2e53abf3..877780222378 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1167,6 +1167,26 @@ static int sev_send_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_send_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_send_finish *data; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_FINISH, data, &argp->error); + + kfree(data); + return ret; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -1217,6 +1237,9 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_SEND_UPDATE_DATA: r = sev_send_update_data(kvm, &sev_cmd); break; + case KVM_SEV_SEND_FINISH: + r = sev_send_finish(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; From patchwork Tue Dec 8 22:05:03 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11959909 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7DAE8C4167B for ; Tue, 8 Dec 2020 22:06:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4AD7323A33 for ; Tue, 8 Dec 2020 22:06:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731090AbgLHWGR (ORCPT ); Tue, 8 Dec 2020 17:06:17 -0500 Received: from mail-co1nam11on2064.outbound.protection.outlook.com ([40.107.220.64]:57249 "EHLO NAM11-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1730486AbgLHWGK (ORCPT ); Tue, 8 Dec 2020 17:06:10 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=W0swFEb4D4NZaMFYrBBCRaazF220c4Z2pBXiNpFHVKLDyVNA4FNfH6A9edlBGeCMd8SQZjpexDRbPLzxR2teQTr66HmddldbyeNFRDXmQN8JRMCf5jRpPgftsfworsMWnK492PrlqYv2TwKA8scpQKouzlJ65RN0INTqT8xl8jarAYYxsm4S7W0tM3hc1UbmyDa61gcG47nwgAvYlIvt+TKZKDJphCvOMaAMu7dC7nfrILAEA8ZLr4l3H7kv/K/+knrLrPM2B/mujkmJXiTB+VEt4dW5X8zh6Gh6vd9hrn4XBlAkZZhk4XXtIbMcDQI1YWUkqY/GT6ke/U/ZeTPh+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NAmR6CWsuJUlQeY7uPxGIgdpumtP2nA0+dUYjhT1NzI=; b=M/VXo7BTuUjBMuHYAM8BPi21rzbIuhuhR29t/Zy1g0cWyggTw4R9VEAPe5I7tVBtD+wJvLNcne4GiM7MCvLikA+ARVl6Z1r0o1G1UfOaInB297gFKcsMRhWssgDWZd4wgjXpIFFTKq3w0EN1/eBMIukPAbVSan68hisoQmLkKlfJZVQ458DLWtxlJ9tCm7I2VeAuX9uc+DKR2tDuxdzAAPXX6ibjunSXac669HakpFg36N6UNF6EXk64nkX7bmnK2TNmGL+G0RV9GMuWqNtR+G4G+zez/v5U4tdpiy1jEhCMKnatD9xe0miM3UYAC809q9JmE0IHB04PLlrTmLM9fA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NAmR6CWsuJUlQeY7uPxGIgdpumtP2nA0+dUYjhT1NzI=; b=K16ZHoMT2NXB8vF/5WAnYx9u10+ITlUBfoUkD6CD9BDdjdh83cHCYd4dKtJILz3oC2S1+eN147sxCg1+bjiJmargEYbCwst3xySyRTm+He0wEiWmhRtMb8KUtEMyw0bitKQqB5RGY2LPQmJWOYtN7/sAKX+8YiupOayt04TvmCI= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN6PR12MB2640.namprd12.prod.outlook.com (2603:10b6:805:6c::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.21; Tue, 8 Dec 2020 22:05:14 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3632.021; Tue, 8 Dec 2020 22:05:14 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v9 04/18] KVM: SVM: Add support for KVM_SEV_RECEIVE_START command Date: Tue, 8 Dec 2020 22:05:03 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR19CA0030.namprd19.prod.outlook.com (2603:10b6:610:4d::40) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by CH2PR19CA0030.namprd19.prod.outlook.com (2603:10b6:610:4d::40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Tue, 8 Dec 2020 22:05:13 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 0b804054-7ff8-4a65-4a67-08d89bc55752 X-MS-TrafficTypeDiagnostic: SN6PR12MB2640: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2331; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: or/gCWIAtzcsQdksawbWSkq1cxm6dDhqLgRnhqpimwCT5DmfCQIO/thMHSSciyuwYZpqPNB8cj9g6qUuQKhkTXe9gnqy18ntLJ8nyYX95sO/9W6yID6NNJyfbroqjeNXtgUlpLVGSXgopc4vR/cOYXXmuFigHQ/nOcF8I58pvzRSXPIaLKtAXrobtoXuuW35VbKeSv+bwKqBgmhxcgBmRFME9iuUew+jS/lHF6YMeFQ4pzfJjIFzmK7gU5R1kicwx2eje47NpKI4189C88HB/JiipwkoO/0RH2uUIMpMbK3DHf1r+chtvLj5xjMuGck3GHRwL/Ie6nEsCzSUCX2d5Fj32NCvEBgHXeDVhd2i12UEa819fKhOnz7/h8HCUV9V X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(376002)(366004)(136003)(2616005)(2906002)(66556008)(83380400001)(508600001)(4326008)(5660300002)(6916009)(52116002)(7416002)(66476007)(6486002)(66574015)(34490700003)(186003)(6666004)(8936002)(16526019)(8676002)(66946007)(86362001)(7696005)(26005)(956004)(36756003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?67u8d3N5jJbI2NwsG7bBs2pXzpNFPW?= =?utf-8?q?JdA3jclaUHjFllwtMSKZvs22Kmz6R0Z9ids2QKK5hqiQwIclnCyZEmfXirrOezLFl?= =?utf-8?q?ODF8T1EL4Cd0U6gJsCV/xvU0w8GQ27IlGvENyyDH83dqNKiG7s3NV0JRb5s3NJXP2?= =?utf-8?q?UQpaVggKczf8PoXHE6OIDzffOrC54FIn+qD4aKeMJAKr5GEYHFtm4qmaT1xmAmwdv?= =?utf-8?q?YO4SVSLIv3gh8tdGOdF44HzNLxKWL2lWl2Mq5h2kUS+RYB56v8M8vFk3DIeLU+s0A?= =?utf-8?q?d54KZO/fTiOERvXXtKaNkWE8aPfz4okKYtE1Pc9CgM69MZRcHOfbJvvXSl6XtiHR8?= =?utf-8?q?W9r+aR8nk+DWh5xZIGppTvsbjhhsAk2Sc6h/eY6K1PxifD1Osq3wzrSQZqMCBu+CI?= =?utf-8?q?7Wv0O3h/5WpHuk+Avnd/2zlRkyjUUDRfz47kQHD0mtirJ7xRbcfvjHwtTmdnrdXCm?= =?utf-8?q?cApdIXzER0W4qzQyWvqBD7ddAc4ihoqOqZ9K4fjELZ+mXA8iKl7biiewvZP6W0sid?= =?utf-8?q?rDfFvKpmqemXJRpM4EB+Bn+K6sWyFolQW6ZWdGSrUUrQzNX+df7HV89t9HI8j5+wu?= =?utf-8?q?JIdZ89nkQFmJNutSg17sm9Q9waIJYmMgzXXLNFpB8FHeOIePiTuBL6zG1IjaGMf3D?= =?utf-8?q?ihDphfxvShqvt7Bug6tChM/t9MQATmWaxbISWI1KzP7OsPcTQsaT99BFLUje4+N+9?= =?utf-8?q?dm2+568CHyK2nhmgLy41QCTUrXzLc/Itt1FJtHaxCkAu+k6qgZSyaFEFRBX0eLG5z?= =?utf-8?q?ODIPUf4lpl9SMP30mOc1msPi1JAdDkLFC6WANViQ5wfAVwyppsxCKR7AOcKbUbu0r?= =?utf-8?q?56CsVwOrcdszyQ8meD44xx7iVXlA7mU/R0bGDiGy3XAPz9+jbzEv4CIpfwPOHS0w+?= =?utf-8?q?AJOeKq4k5pHxMWOi/19ORmJ4g9TER5ikSMBPMjM5s7l1ltaQjfzOeZElgJPX+bA?= =?utf-8?q?=3D?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2020 22:05:14.7179 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 0b804054-7ff8-4a65-4a67-08d89bc55752 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 7kcMu2O4sfgx6ZFwEzwVOth33yMMzZbwQK63lCXjij6HrZUcElLSB+/dRyLujol6PZsiXkbR1No6EG8ScEsmPQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2640 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The command is used to create the encryption context for an incoming SEV guest. The encryption context can be later used by the hypervisor to import the incoming data into the SEV guest memory space. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Steve Rutherford Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- .../virt/kvm/amd-memory-encryption.rst | 29 +++++++ arch/x86/kvm/svm/sev.c | 81 +++++++++++++++++++ include/uapi/linux/kvm.h | 9 +++ 3 files changed, 119 insertions(+) diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst index 0da0c199efa8..079ac5ac2459 100644 --- a/Documentation/virt/kvm/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/amd-memory-encryption.rst @@ -322,6 +322,35 @@ issued by the hypervisor to delete the encryption context. Returns: 0 on success, -negative on error +13. KVM_SEV_RECEIVE_START +------------------------ + +The KVM_SEV_RECEIVE_START command is used for creating the memory encryption +context for an incoming SEV guest. To create the encryption context, the user must +provide a guest policy, the platform public Diffie-Hellman (PDH) key and session +information. + +Parameters: struct kvm_sev_receive_start (in/out) + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_receive_start { + __u32 handle; /* if zero then firmware creates a new handle */ + __u32 policy; /* guest's policy */ + + __u64 pdh_uaddr; /* userspace address pointing to the PDH key */ + __u32 pdh_len; + + __u64 session_uaddr; /* userspace address which points to the guest session information */ + __u32 session_len; + }; + +On success, the 'handle' field contains a new handle and on error, a negative value. + +For more details, see SEV spec Section 6.12. + References ========== diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 877780222378..25f869dc1448 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1187,6 +1187,84 @@ static int sev_send_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_receive_start(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_receive_start *start; + struct kvm_sev_receive_start params; + int *error = &argp->error; + void *session_data; + void *pdh_data; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + /* Get parameter from the userspace */ + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, + sizeof(struct kvm_sev_receive_start))) + return -EFAULT; + + /* some sanity checks */ + if (!params.pdh_uaddr || !params.pdh_len || + !params.session_uaddr || !params.session_len) + return -EINVAL; + + pdh_data = psp_copy_user_blob(params.pdh_uaddr, params.pdh_len); + if (IS_ERR(pdh_data)) + return PTR_ERR(pdh_data); + + session_data = psp_copy_user_blob(params.session_uaddr, + params.session_len); + if (IS_ERR(session_data)) { + ret = PTR_ERR(session_data); + goto e_free_pdh; + } + + ret = -ENOMEM; + start = kzalloc(sizeof(*start), GFP_KERNEL); + if (!start) + goto e_free_session; + + start->handle = params.handle; + start->policy = params.policy; + start->pdh_cert_address = __psp_pa(pdh_data); + start->pdh_cert_len = params.pdh_len; + start->session_address = __psp_pa(session_data); + start->session_len = params.session_len; + + /* create memory encryption context */ + ret = __sev_issue_cmd(argp->sev_fd, SEV_CMD_RECEIVE_START, start, + error); + if (ret) + goto e_free; + + /* Bind ASID to this guest */ + ret = sev_bind_asid(kvm, start->handle, error); + if (ret) + goto e_free; + + params.handle = start->handle; + if (copy_to_user((void __user *)(uintptr_t)argp->data, + ¶ms, sizeof(struct kvm_sev_receive_start))) { + ret = -EFAULT; + sev_unbind_asid(kvm, start->handle); + goto e_free; + } + + sev->handle = start->handle; + sev->fd = argp->sev_fd; + +e_free: + kfree(start); +e_free_session: + kfree(session_data); +e_free_pdh: + kfree(pdh_data); + + return ret; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -1240,6 +1318,9 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_SEND_FINISH: r = sev_send_finish(kvm, &sev_cmd); break; + case KVM_SEV_RECEIVE_START: + r = sev_receive_start(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index c6f9d58b5a81..a9e6ffcfe7e2 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1664,6 +1664,15 @@ struct kvm_sev_send_update_data { __u32 trans_len; }; +struct kvm_sev_receive_start { + __u32 handle; + __u32 policy; + __u64 pdh_uaddr; + __u32 pdh_len; + __u64 session_uaddr; + __u32 session_len; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Tue Dec 8 22:05:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11959925 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2AB8DC19437 for ; Tue, 8 Dec 2020 22:07:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E9F9F222B3 for ; Tue, 8 Dec 2020 22:07:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731116AbgLHWHC (ORCPT ); Tue, 8 Dec 2020 17:07:02 -0500 Received: from mail-co1nam11on2072.outbound.protection.outlook.com ([40.107.220.72]:15073 "EHLO NAM11-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729512AbgLHWHC (ORCPT ); Tue, 8 Dec 2020 17:07:02 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JSghebjzTLB64Dy+MwgzW3M6rNqhlEc/EEd9S2WaKjzRbt/T0zSJTRuOP8x7QKf3JiJiIx3vSDZ2wjn+iJrUOOAqE7cL3aYA+HUCNFFgkb9+EzcfG3oav8Ztv+buuHkkBPRvkDckGOQeOUABFbx3hpw4hV90Tu78J8p4PdUN1x4Wa51tReG5hINEwE4vVKPNsPoJhQBFHEUQwkRXXDcJRXg9ZGhf65BtLlJqbMhHOimfV4aTn69JE5Zh/ey7PuHDEMy+W5FqXVREqzF5jyPbWlRrBnYMEyZFglZRpCzQZa/eFIW/Nz0PxjSG6jkypuY2si4uLqZhNwFerBfYUeVSig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/GzUfptb1o9LpS39d6U0Vl8Zl4L1BADu/Gjsvh7RIEI=; b=T8ev5MYcgVN6Z+HKcEC6rY/5KL0vDZ73yg0AC1ORH+X1TqJZUq6lRrbU4MgGRqqltXXTy8vl+kXWhJQv7XB0BGFZ1aT/f1dxH5rp/3ePajiXW4ub/VMO6n/OsOy15cIj5LJPwTXyIkw16mvRb4YXFaDdyfyo3FM48xLVRnfZO9s0++u1oOCbm18r2ZiFQJA0+ehfZZzGZkFLMFaGmt6nF9ux4mpagpzrW3vPCWC5iu3FUNBnk50BUkbnIfgvvqLQzy5EESAVpKpRxeoJ/duz1v13v79JzUw9DbqCth/hXM89hjHGvBDUK71vq/pXHi0hXQh03/Kyb0S8kd6JkoNkEA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/GzUfptb1o9LpS39d6U0Vl8Zl4L1BADu/Gjsvh7RIEI=; b=xbG7KbV9WcCszAsQohT00NouK959YYgyCresodw40wktVKSvpIELEGoLcSKPW0RFLYFPPrrLSkixABPcDOiEh09KgQM5PQPx3UwiqJ2oYvzMSyDA2xtK/6G0JUlfh+dbtI2BGqMLGwuxqFU2ZmFTKMxkRIYS3XfLXnMn8x9z8Kc= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN6PR12MB2640.namprd12.prod.outlook.com (2603:10b6:805:6c::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.21; Tue, 8 Dec 2020 22:05:32 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3632.021; Tue, 8 Dec 2020 22:05:32 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v9 05/18] KVM: SVM: Add KVM_SEV_RECEIVE_UPDATE_DATA command Date: Tue, 8 Dec 2020 22:05:21 +0000 Message-Id: <50c8df07a4469bd121c335dbe6107c55d459259e.1607460588.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH0PR03CA0032.namprd03.prod.outlook.com (2603:10b6:610:b3::7) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by CH0PR03CA0032.namprd03.prod.outlook.com (2603:10b6:610:b3::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17 via Frontend Transport; Tue, 8 Dec 2020 22:05:31 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 99933383-f05e-4c4a-2dd6-08d89bc56214 X-MS-TrafficTypeDiagnostic: SN6PR12MB2640: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6108; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: VvM80az3OdRxAeoX2+5VTIShvCceSFmM1aWtB9WGrVwwVYhoT7eDKWCe1L42uSrCpfR/BCv1UwWvYu2mJUxBDn8ZplXdtRJsq84ToWqEYPqO7LbOaFMH+B3h6zk7Xzh/lsFZGZXrH6p8//QT9OEHuTLrcTL+1Pmb+rTpunvTKS6jWDfpHVBk6kRSAxMV15TGINQxVLrZ3LP5uDK75ddXsMhho4JZcnB4F9OHHrDNZ6ps9sy9HgRtydu+X5MUKqSKRx9Np0Wek0iQdCvp6Ybn73y4XKR5Ta2Vd9J2lkzXPTlbNzYEWUjSO+RUAq8zfwnzBMYgtVwAqlArnyuJsvdAKBG2iDqczJ9hyzECza+huYArrw2Awg0kQ5+WzwjtN76A X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(376002)(366004)(136003)(2616005)(2906002)(66556008)(83380400001)(508600001)(4326008)(5660300002)(6916009)(52116002)(7416002)(66476007)(6486002)(66574015)(34490700003)(186003)(6666004)(8936002)(16526019)(8676002)(66946007)(86362001)(7696005)(26005)(956004)(36756003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?s1I6Zrt1r6jFrWH7rN96ICZa68CnNE?= =?utf-8?q?FsLw01l//EaSAV3tDOc+Rd1t6k7VUXB183KxCNWBS+Udc7OQTReaDbwh00wR/QEzn?= =?utf-8?q?gjo1/tjTCuqWNg2q2O8dPu7iyldc+L1qM+BUubyF8ZSBK9mHlr38bE+eivZw8LcG5?= =?utf-8?q?uYms6/BTSZYARqxohRhgEcJQTN4/Cfs1Yfv+upmhmnQwf+Qj3o5u22lgXhBoIqsgh?= =?utf-8?q?+b7UrMnHBylP5Kc7ikdXIAgxttEwa0A6U83gJdEgnMjxWNUL16oDE1rLmfb6JXAio?= =?utf-8?q?CTWy8iDIMrP0q3bOtMbS6MYjcToBMLkSSKiPrjLSBP+QEygrNIqnYbEeWtKyRkDxb?= =?utf-8?q?9/6C8hUajwVvG3OlZ3+dOKEQ4qk6zk06Ff9HERcH7muIiHzlRtlzc/htRunscuiHh?= =?utf-8?q?lpSB9f9vdpiMwuZnKMeFk5tHg5rzFXxX73CjQvbiG9Vws8kGYVoakSFl5UQ+9btnc?= =?utf-8?q?P6BIRA5ltmxBDR7Ksua9U2o26PZpdAo+BWyUta0qzTtBSXPUu0HXIiFnJxvkJQNLB?= =?utf-8?q?R5Cf+GSUj1YAd+efmc16G4hK/faVgtbAA1QZL2wGykfUVMxUQzBvMR8nC8IBsnu+1?= =?utf-8?q?aV7Eqa/Ep85+NMfGjFQEySAE2WdTosl7iWlW0H6yNZimRZsqZRdBrPEcB8CpxNW6i?= =?utf-8?q?W9LcBQYplux+MwDURJJFRh8ITh9DD1+XljrCBRciKnSx4q+44JSI/8ujphxSHwDkz?= =?utf-8?q?gRyFVFlA1SYvQKpTX4/OzmDZjcyY70s9ZvJgZPG1dZWH9DxnsbeOd8Kv2cED57ysA?= =?utf-8?q?4uvR4J8q0X/fwK3iVha6/qsQKy/G3Z9puuZusRQqRHkcBiHO8MYIqzvWRO7x3/MBX?= =?utf-8?q?OPdzMUN9AnSD7w4CVD7sC1rl2g3QsPBzD2Ey6dFq3csOa5Fa0r8rG62xcbAwz4fui?= =?utf-8?q?DrZURAnRwbNmnAlvSDaIOyTHBROR2iBLSeZ8Vme/uJ7F3J9CmJHbzMUZLpnawDE?= =?utf-8?q?=3D?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2020 22:05:32.8208 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 99933383-f05e-4c4a-2dd6-08d89bc56214 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: FWJsLadhdomjYCqT7vCQVlK0iicVx1G/jf5R2r2jW8U26u1uYG6E2ZWTvEi2ZiLhvSRPvn6b9RznyQVU7dptMw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2640 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The command is used for copying the incoming buffer into the SEV guest memory space. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Venu Busireddy Reviewed-by: Steve Rutherford Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- .../virt/kvm/amd-memory-encryption.rst | 24 ++++++ arch/x86/kvm/svm/sev.c | 79 +++++++++++++++++++ include/uapi/linux/kvm.h | 9 +++ 3 files changed, 112 insertions(+) diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst index 079ac5ac2459..da40be3d8bc2 100644 --- a/Documentation/virt/kvm/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/amd-memory-encryption.rst @@ -351,6 +351,30 @@ On success, the 'handle' field contains a new handle and on error, a negative va For more details, see SEV spec Section 6.12. +14. KVM_SEV_RECEIVE_UPDATE_DATA +---------------------------- + +The KVM_SEV_RECEIVE_UPDATE_DATA command can be used by the hypervisor to copy +the incoming buffers into the guest memory region with encryption context +created during the KVM_SEV_RECEIVE_START. + +Parameters (in): struct kvm_sev_receive_update_data + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_launch_receive_update_data { + __u64 hdr_uaddr; /* userspace address containing the packet header */ + __u32 hdr_len; + + __u64 guest_uaddr; /* the destination guest memory region */ + __u32 guest_len; + + __u64 trans_uaddr; /* the incoming buffer memory region */ + __u32 trans_len; + }; + References ========== diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 25f869dc1448..34240c022042 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1265,6 +1265,82 @@ static int sev_receive_start(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_receive_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct kvm_sev_receive_update_data params; + struct sev_data_receive_update_data *data; + void *hdr = NULL, *trans = NULL; + struct page **guest_page; + unsigned long n; + int ret, offset; + + if (!sev_guest(kvm)) + return -EINVAL; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, + sizeof(struct kvm_sev_receive_update_data))) + return -EFAULT; + + if (!params.hdr_uaddr || !params.hdr_len || + !params.guest_uaddr || !params.guest_len || + !params.trans_uaddr || !params.trans_len) + return -EINVAL; + + /* Check if we are crossing the page boundary */ + offset = params.guest_uaddr & (PAGE_SIZE - 1); + if ((params.guest_len + offset > PAGE_SIZE)) + return -EINVAL; + + hdr = psp_copy_user_blob(params.hdr_uaddr, params.hdr_len); + if (IS_ERR(hdr)) + return PTR_ERR(hdr); + + trans = psp_copy_user_blob(params.trans_uaddr, params.trans_len); + if (IS_ERR(trans)) { + ret = PTR_ERR(trans); + goto e_free_hdr; + } + + ret = -ENOMEM; + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + goto e_free_trans; + + data->hdr_address = __psp_pa(hdr); + data->hdr_len = params.hdr_len; + data->trans_address = __psp_pa(trans); + data->trans_len = params.trans_len; + + /* Pin guest memory */ + ret = -EFAULT; + guest_page = sev_pin_memory(kvm, params.guest_uaddr & PAGE_MASK, + PAGE_SIZE, &n, 0); + if (!guest_page) + goto e_free; + + /* The RECEIVE_UPDATE_DATA command requires C-bit to be always set. */ + data->guest_address = (page_to_pfn(guest_page[0]) << PAGE_SHIFT) + + offset; + data->guest_address |= sev_me_mask; + data->guest_len = params.guest_len; + data->handle = sev->handle; + + ret = sev_issue_cmd(kvm, SEV_CMD_RECEIVE_UPDATE_DATA, data, + &argp->error); + + sev_unpin_memory(kvm, guest_page, n); + +e_free: + kfree(data); +e_free_trans: + kfree(trans); +e_free_hdr: + kfree(hdr); + + return ret; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -1321,6 +1397,9 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_RECEIVE_START: r = sev_receive_start(kvm, &sev_cmd); break; + case KVM_SEV_RECEIVE_UPDATE_DATA: + r = sev_receive_update_data(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index a9e6ffcfe7e2..fc0a48c37aac 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1673,6 +1673,15 @@ struct kvm_sev_receive_start { __u32 session_len; }; +struct kvm_sev_receive_update_data { + __u64 hdr_uaddr; + __u32 hdr_len; + __u64 guest_uaddr; + __u32 guest_len; + __u64 trans_uaddr; + __u32 trans_len; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Tue Dec 8 22:05:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11959923 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 561A0C2BBD4 for ; Tue, 8 Dec 2020 22:06:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0FF36222B3 for ; Tue, 8 Dec 2020 22:06:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730920AbgLHWGp (ORCPT ); Tue, 8 Dec 2020 17:06:45 -0500 Received: from mail-mw2nam12on2074.outbound.protection.outlook.com ([40.107.244.74]:34912 "EHLO NAM12-MW2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1730486AbgLHWGm (ORCPT ); Tue, 8 Dec 2020 17:06:42 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KvmzFZp2vVvO7DTSbWAgMde4DOy5jSACGsXF9ZQDgGvAfdjkQ+eJUln4OQxZmYFsBzt5siWKJ3doAzxWQkAeQhwMtbftn31UEsVqzPfOLqMjAF07dTcIzqOUfG/P82MRubd0L++OM3eCgbyzLQEtlkoIxQyk2AMfHCBiP/Ufwe6cYytbgh6lUU5yq/xEWONr8U80qbFnvn9V6cVxxh3l5nDrq2yhTQtnFXE/pDDd/8TvKJI94fW3Pr4asZ3U4etYkw+wMcxz6wDDckEAUzzFHfHtqTAufWtfV/0limQr/kigqeW5qKU/32u2ACHwl9IJtUvW7NV9ZVQcFaCDwsMfzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M75rSIoIjHyp8gjWTs/3Jm6+mwNRo44GL4tGH8ct4lA=; b=DEQpy4LrRZIEJyYwLCPkUBz4iwoHNp4jzcuuDq+4CL4DxNInveRmfPbH9WbyzO2JdDXjDpdchV4+1p76AmGx6ugd0smGR67QkG6mIbWsfLdBYqRsHXnt1VmkbuwHxhbsU3EYQoHvAeFQHlz7RRoyDjm+awG36CUVWUN4B19OKOoePSmQNDLiqnOrUkoOCXbanYUcktVojnEoT610vUJKPpcwYZv7Pb0YgO6RXPw4cHE+OMzbCkzCw4F7EuyRGk2t9LVfA5Faa+UZHaC83A0DsMZfr4NV3yLBJs5M4Dzf8lG6USatSzKh2HP9ymRZg+xElLGh1Lv3Yb6YMlQACZyWig== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M75rSIoIjHyp8gjWTs/3Jm6+mwNRo44GL4tGH8ct4lA=; b=gdfR6GmfRd6U5VJq7ciyQhjGZXm0p6Z9BP2hgOw8lkA9hu9UlksMIKDo+MLHZksJQr/4WqcHhuONpEXuoE8gTqfUfLoa+486lL/pJL4aOMVbVH0Upxp2KsKcHUF2wBIq3Q1wmZ5BgT+utBzs/nbnpCTNhyMfK+o9DtNd4UezhE8= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4415.namprd12.prod.outlook.com (2603:10b6:806:70::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.23; Tue, 8 Dec 2020 22:05:50 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3632.021; Tue, 8 Dec 2020 22:05:50 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v9 06/18] KVM: SVM: Add KVM_SEV_RECEIVE_FINISH command Date: Tue, 8 Dec 2020 22:05:38 +0000 Message-Id: <97f0da36644b54701cb8a85b5d9394585da3a66f.1607460588.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR05CA0007.namprd05.prod.outlook.com (2603:10b6:610::20) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by CH2PR05CA0007.namprd05.prod.outlook.com (2603:10b6:610::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.5 via Frontend Transport; Tue, 8 Dec 2020 22:05:48 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: f273f058-e10c-4e9f-c216-08d89bc56c64 X-MS-TrafficTypeDiagnostic: SA0PR12MB4415: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: xvfvOQXNvfEoQrW+tK7kW+NQy0mPgZEks7Z8YZmf+lnIBbjSZS+IAFc44whdb1q1MolZzyz6ZZcnJ5efrLGN0Z3rrL/rlp/o2FcM2nqkWtwUhXm6JSa/W4EpTyhnI5p67W+YPb9ojt9LGdmv6yYwQKoefjEp8hIGNdQP6QwbrY1LwEQnVuHOq8ICizzw5byX7cjPaFtiLZ4s5zErkrS+uNjNqilUT/dke73+A1dO634gN0CqCiUsV7oHANu8ioy60dfi54iqwVsVZRHIbxg17KRsBJDsCw1UFtGeIq+FYju1pP63xRrv95e1CZBE7N0oCY29/dGkylaZK4dEB2ZAJz4q0P3L8jSgVDQX1D3butkNR8jSirZ4sX8hyeVT0pds X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(346002)(136003)(366004)(34490700003)(83380400001)(186003)(4326008)(86362001)(6916009)(7416002)(16526019)(6486002)(5660300002)(66556008)(8676002)(8936002)(508600001)(7696005)(52116002)(66574015)(66946007)(956004)(36756003)(2906002)(6666004)(26005)(66476007)(2616005);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?+ei7nvjVkmEPjApZTBaw3pAtBJUN4C?= =?utf-8?q?V1lmMV3JXUH627DEETyh3eAPV9xET9c7C2Z0CnhU9OKy5rmck9ONZ+a7OQEEZBz5i?= =?utf-8?q?5XQ8+lE47CMZzTAg9MHRk2K0VUjRDCjjU5AbCMYmK2OgJwxy9ZF/T9Wqw1/GXsrAI?= =?utf-8?q?mmcGu3Ii4poLnOqCJTx5Ju3WkPP/zwayTSHZCcjVvcJQ4NnuEIUaUNP1YfoTcqSOi?= =?utf-8?q?0wMPEhOB5XyLJVDXdPAaseKdMSphpTX6etkoxDP/yfDBHg9hY8dN+XEhsToy7CmHK?= =?utf-8?q?OepjU33urok9X1soiRAUGZ1JqfcUXjZ9hvfW2tlkqzXAVGF1pTrj7ZKWpbykrmzrJ?= =?utf-8?q?IK0+wJUlakKK8PI49B+T8o3VC46jaJx/mcUZzxLuaZvSVWC5HnvmeaFUZuJdjhTz+?= =?utf-8?q?+yvDefBj8fwVP3ZqQWE4VsSXSZrb3Kna3o2JTzO0nT3FUQ7RvxDr0TDqSPhtkCe/E?= =?utf-8?q?MToORBsLbDlPGVXFvL42xvhC7AnpIcOTUMUbAp6gzu2ZjAAk7pn9SDeC1+/OyOUBK?= =?utf-8?q?uMTP7rwNmemdb5TUS87bL2hreD+fNf9dz9YwkNjCafNwysXeXM1CumBel1PWo9QxV?= =?utf-8?q?wygWTg34WfOMhkUet9ssjOLzpVe/N28mSvOlDopKj5u3w3TZaCcCU2WnfPI1pjkPQ?= =?utf-8?q?tbwsrdgkRHYGXRcdN3AN3MAbARnhGHzGC7i+IF71BC2U55nmf2weQP1yadtx147+8?= =?utf-8?q?5CuDCAj9JJLsVxE3MJsOAkQslUqmNCC/5WsJZNUSwbOY+W49paoR9YG21d3SGkfZz?= =?utf-8?q?lX+MxqdNw1IAIpxhsiS4+MNLs/kHM6Z3MCslzwVlov+hDBwk6wVCqDsD9UmcLbvJe?= =?utf-8?q?lju97VMHz6zEJTBL+qhtivSNoTeIjoy1KfqWsd0+1nZ9wm6tI7nQyZdn7dDOhtH/6?= =?utf-8?q?51iL+sxfX4fsaRCeXjMZxsifT29CHYtFYpxv+4SjvD8Igb0jy48EHb0hrYXm/QFvZ?= =?utf-8?q?bClBfUyfv0MsgKO2iVk?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2020 22:05:50.1560 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: f273f058-e10c-4e9f-c216-08d89bc56c64 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: kKjgp2+6LTMGroCIAZ1hLx3JMCEIU97RlbH6c7mW4V/QM4gq1Kx0W5vPiUVwxfAJBylYl7neQuFTzg71RRfBpw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4415 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The command finalize the guest receiving process and make the SEV guest ready for the execution. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Steve Rutherford Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- .../virt/kvm/amd-memory-encryption.rst | 8 +++++++ arch/x86/kvm/svm/sev.c | 23 +++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst index da40be3d8bc2..1f7bbda1f971 100644 --- a/Documentation/virt/kvm/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/amd-memory-encryption.rst @@ -375,6 +375,14 @@ Returns: 0 on success, -negative on error __u32 trans_len; }; +15. KVM_SEV_RECEIVE_FINISH +------------------------ + +After completion of the migration flow, the KVM_SEV_RECEIVE_FINISH command can be +issued by the hypervisor to make the guest ready for execution. + +Returns: 0 on success, -negative on error + References ========== diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 34240c022042..edd98a8de2f8 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1341,6 +1341,26 @@ static int sev_receive_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_receive_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_receive_finish *data; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_RECEIVE_FINISH, data, &argp->error); + + kfree(data); + return ret; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -1400,6 +1420,9 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_RECEIVE_UPDATE_DATA: r = sev_receive_update_data(kvm, &sev_cmd); break; + case KVM_SEV_RECEIVE_FINISH: + r = sev_receive_finish(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; From patchwork Tue Dec 8 22:05:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11959931 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id ED62FC4361B for ; Tue, 8 Dec 2020 22:08:09 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C0C68222B3 for ; Tue, 8 Dec 2020 22:08:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730652AbgLHWHc (ORCPT ); Tue, 8 Dec 2020 17:07:32 -0500 Received: from mail-mw2nam12on2059.outbound.protection.outlook.com ([40.107.244.59]:19552 "EHLO NAM12-MW2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729512AbgLHWHc (ORCPT ); Tue, 8 Dec 2020 17:07:32 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mW4ncGhUc2toQx1V49hUot87fWvOlOKWpItlMXPrACatLFK+1tA8xo2WmI8iQE2VYG1LXNR2q6Xhq0ytxEMYvJOLP1EuDLt8N3q5llZ1WDy3Qtbcc1htaf3T/amiRPWhAn8hR4kxgmElTOp2zhEO1uTcGUKv+bWSeRfEhyLfeYdrfJpmB0nZgYbPkysTouwrTw+KuNmdbvq2nw1b5Rs4WmhZWVqGUzVOkxzjZ5NSd6HdIjR0IRqrD3/6JELtH26OJlPcLlHCneeKdbIVfERM5DuKrUvfRAdo4+o1A2hpRQdNqvkdFROefq+BXPsmgYFDZmmNvisXz/WBIMsyTgFqkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=djYOIZIAe+UUpzeBZtr/RMxOzG5cL+NruPXwZsscQuI=; b=RlKs6ypQqmb8gkx95LRQ0pwbpueDC800d279T/5riOKrWn9Cr3OjwKN2MU/ix1UWqR1xecURpEB/xr6f0TE5D7iRWOz0y8+RXbG4aBToXTHHh4sFmnarxMVDyMN923D1lMel9lxP9Zzj7DCIJlNC/IoLgaERFO7OmOnONS7MspHJTYgNPJSU2xpeqlZ9XJG5dBBIdkA2PAQYNMJ0KQQvRuCOBHr9iD61NXo6mFZizVj6EqZ06CTLYZsFRTWLQFODIRKqld3Vv5ruNtyaD51U6NpEhoimawYtaeOMSdskgu+6gQCTycFNQwk+JkJlTnWFUi7XfprYEeqqMz64dnbRIg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=djYOIZIAe+UUpzeBZtr/RMxOzG5cL+NruPXwZsscQuI=; b=BaK70AuuJBIxuywqMB1R77GsKHlgFHq0FThDU+TmNTSIUg5MU9871U8RTQQ/8EIm9EuvkgSAjLWAArDf/q8Ma1F6WivxBIyh8as7z8M0m48ktKDmn2+nUkCNAqauPdsq3Y4PARUW4kLL+QDSeyDUlBPR57qTImKFQwalouwbq1I= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4415.namprd12.prod.outlook.com (2603:10b6:806:70::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.23; Tue, 8 Dec 2020 22:06:08 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3632.021; Tue, 8 Dec 2020 22:06:08 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v9 07/18] KVM: x86: Add AMD SEV specific Hypercall3 Date: Tue, 8 Dec 2020 22:05:56 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR05CA0032.namprd05.prod.outlook.com (2603:10b6:610::45) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by CH2PR05CA0032.namprd05.prod.outlook.com (2603:10b6:610::45) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.7 via Frontend Transport; Tue, 8 Dec 2020 22:06:07 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: e384e82f-25bd-49d2-963f-08d89bc57747 X-MS-TrafficTypeDiagnostic: SA0PR12MB4415: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3513; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ahEtrBOLmqHrXvkQ6npitCAdpB5kQ/lk9XqhRgyOZho+Sb54i83RTDnSRUIZEFA5hg117sVftjdLNJsBWRV7B5/2W8VslO2tU9DunF1ir+swjFqv1LDsPRE6wSBOsvHgf0kx2HDfIRfi3J/V5t6QOsm6mm75ct7xvZvfOMXEAGBujmPHY+5HBdQ32FNvKsNygRMSV7cQY5OobK3haxcj5VYCR28QvLAe/m51thvTCeYwZzFjRU/cOkCalI+eDbTFs6Z18SVEG9O1yBytt3RQ9eZyP5V+UZCngYwBkrJVMa+3kTXCsmCftcDYRlT0bETUpzfgksdQLXU8fmTs7/8MVCZvok6jshD3E3TFlBs3jECAf6PGxvtq84PgjL/K3QVV X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(346002)(136003)(366004)(34490700003)(186003)(4326008)(86362001)(6916009)(7416002)(16526019)(6486002)(5660300002)(66556008)(8676002)(8936002)(508600001)(7696005)(52116002)(66946007)(956004)(36756003)(2906002)(6666004)(26005)(66476007)(2616005);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?vhqHMiswzgVTX0G89BabYjjRBso86u?= =?utf-8?q?IbHxTY3cHBKnp+y5M3BTRq14alfAcI5HLpR9fXQy12kciLpgmBLCDEivTD2AjJhEP?= =?utf-8?q?k8J+fAET1wY241jcFwjQF5cI7mSvMK3zboaHd6qiAfFG32FzrTiswAD6DMPLRdnfZ?= =?utf-8?q?2qKiGXy3xLmFzav0INUSBqSKoWK4eeRCAeT77GfO7Tv2JkOKVd8iobJTQBYmfWpj1?= =?utf-8?q?oGl+f9YvcjEQ9UHo6p2uuQZFmG+fIV0KIQdwLwEFcBYQQZRBk+3XK0S34H34bCWMv?= =?utf-8?q?j9okiIwlYSeTtBjYhUyh9KoF1d9qFULDn0S2g3NV1DMAMMD4zpkdYOaGrKy+aS3D8?= =?utf-8?q?YhR+rcJjrQowFWNBg0d9dCS7mZMeojevadz1COq8q4VIxqymwvsMTHehrD4qt6mMQ?= =?utf-8?q?cSs0U628Yg3xmsnGHJ8B26+PZMYUEqXCzeWr7UklVC3Zj1W24VDf/lL91hfapGZGk?= =?utf-8?q?I1Ketv7DS6ARu4p7iYrTbvKIh01oSlO8ZM5STaqmNyD3CCm1k/vBKhU9oCO0CCtNe?= =?utf-8?q?Y4otrv2YBILDR70ehWhBPHWPngyosHi44ME1Wlm6EP6gn63gNV7mJOIwUa67Z63b8?= =?utf-8?q?gLZauFA75jzT3UN544UQdru3JnzbAgsuSwTLtVrvHWIofQ1/Ds1XnNx7q0kSD5qJ5?= =?utf-8?q?tD3meWgVe1W3D6cd7fB6L6x4b6Imgk+RF91zYXA3lUzX9eY6R1syJvfgtW14vEepy?= =?utf-8?q?iZ/ee1sZeB5tjlXrDzzSWgPvTQ53zObI2COvGYA13F2JtYdf1dQRVsVXKxhX0YwDF?= =?utf-8?q?1dazoQMLgKOO6vrcPgUw3Y910JSWi8h+CwYsovshhGYVgOX90WR1s2bpu5xONI03C?= =?utf-8?q?JbKxHcWRpUN11W8JLCleXEbSWmhlVg/4IzC5ir+80R932NQB/pkUZRTg8qA/Gsofr?= =?utf-8?q?m5I4sd4NQxxeJewfY+EleGGMAD2TWMP/IIEMWgn3UKuBZYSaybZxly2htGDFI0t5j?= =?utf-8?q?xyN2ifW/hrFFhEKFsFT?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2020 22:06:08.3778 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: e384e82f-25bd-49d2-963f-08d89bc57747 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: iaoetLSuAU/0WX8LQRL2tSzULD2KdsRIUXM4cEaBR0FcYPMcy7xvsPN6rHVYYy5P1pO6n0ZuimbGKW2j0IZ/ag== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4415 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh KVM hypercall framework relies on alternative framework to patch the VMCALL -> VMMCALL on AMD platform. If a hypercall is made before apply_alternative() is called then it defaults to VMCALL. The approach works fine on non SEV guest. A VMCALL would causes #UD, and hypervisor will be able to decode the instruction and do the right things. But when SEV is active, guest memory is encrypted with guest key and hypervisor will not be able to decode the instruction bytes. Add SEV specific hypercall3, it unconditionally uses VMMCALL. The hypercall will be used by the SEV guest to notify encrypted pages to the hypervisor. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Steve Rutherford Reviewed-by: Venu Busireddy Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- arch/x86/include/asm/kvm_para.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/arch/x86/include/asm/kvm_para.h b/arch/x86/include/asm/kvm_para.h index 338119852512..bc1b11d057fc 100644 --- a/arch/x86/include/asm/kvm_para.h +++ b/arch/x86/include/asm/kvm_para.h @@ -85,6 +85,18 @@ static inline long kvm_hypercall4(unsigned int nr, unsigned long p1, return ret; } +static inline long kvm_sev_hypercall3(unsigned int nr, unsigned long p1, + unsigned long p2, unsigned long p3) +{ + long ret; + + asm volatile("vmmcall" + : "=a"(ret) + : "a"(nr), "b"(p1), "c"(p2), "d"(p3) + : "memory"); + return ret; +} + #ifdef CONFIG_KVM_GUEST bool kvm_para_available(void); unsigned int kvm_arch_para_features(void); From patchwork Tue Dec 8 22:06:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11959927 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4AC81C4167B for ; Tue, 8 Dec 2020 22:07:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2ED4123A33 for ; Tue, 8 Dec 2020 22:07:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731135AbgLHWHJ (ORCPT ); Tue, 8 Dec 2020 17:07:09 -0500 Received: from mail-mw2nam12on2074.outbound.protection.outlook.com ([40.107.244.74]:34912 "EHLO NAM12-MW2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729512AbgLHWHG (ORCPT ); Tue, 8 Dec 2020 17:07:06 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=m7ukVRJwdT+Vo++KH3tzAt4MFHipzfVFfBar2qNz7HKp9oJKqRj8gB3ae/6lYmLxdfcGvgaXFOBYE3E+mATjeGTYbhO7ktI22xCeTo1velbfpOIBkUMjHPDZbJKK3lfnkVhKWQQubDRmJe8B6l6T8nDFVCEgbra+T+3tI1XoDqUBZPFrlfvqXsWTynHMiD8vU1ethY5bUdHrNut+otLXvOrP7uCO8HGm+NkrJzw/dk4JKuEefXbBwkXlb/JiAnfMU9vebU+BPJCbyEShjwJvmfK0DE6NYjuGwpBj0dokyqng3xf7ddR2tav335oZAdWJSzvkRMjMI/QebG/dPCnGRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y/5wfYm2q3Xhned3b/mnMFzFkfmUAFtT0lW+lT+hCCY=; b=hYraxTESypBOIPPF1HelRwcJ+3a+7SdjNHvUR2XuvFcb2TugnxnA8YML131p0MHLrP7zT4gvCpZfHezwRosWn9LZpU7VIb+A32mSM1R4wQ+b4cOhwYAmRVPqYkZyRt/g+gLtYW2hgNastyL61n5qQpz8F3BEkuJsMaII8tgK6qnd4x9KMPPeCqUYTqv4VdLzNjvy9A63uH7IdEEp0OEF5oogT6AmEWWzWJ+53EWHpwNkd5QD8jOCghxjK//Hh6pTGTUQV6BqVYfBc3o5CPzlLS/yGDA9aMaoFz3tRfwC2OF0zys0QA0X6TS9tE6I0qLvtgfjtX4MbxXllZvRHLukBg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y/5wfYm2q3Xhned3b/mnMFzFkfmUAFtT0lW+lT+hCCY=; b=ECQf4jycjSLXsr4bUmccof2VRP2KDraMIAt1UlcItve/VBV2N4TDnpxv6UzH6XO8yOEsFVry79+mpxK9SGFAvrzySICxltk113A0N/V/5L/UTRouAHl6XOJ8bj+cfkBpHNRYduMYQeIgYkOPDUrrg2hUJlYAtTnFe7o5xbqLyfI= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4415.namprd12.prod.outlook.com (2603:10b6:806:70::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.23; Tue, 8 Dec 2020 22:06:29 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3632.021; Tue, 8 Dec 2020 22:06:29 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v9 08/18] KVM: X86: Introduce KVM_HC_PAGE_ENC_STATUS hypercall Date: Tue, 8 Dec 2020 22:06:14 +0000 Message-Id: <5506c55bbf19794c7815c9c4d2a9867158b275eb.1607460588.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR05CA0025.namprd05.prod.outlook.com (2603:10b6:610::38) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by CH2PR05CA0025.namprd05.prod.outlook.com (2603:10b6:610::38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.5 via Frontend Transport; Tue, 8 Dec 2020 22:06:27 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: db097197-06b3-424d-7265-08d89bc583b8 X-MS-TrafficTypeDiagnostic: SA0PR12MB4415: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:324; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: qKzSYbbcvu0aKzmNr37MLlCboumo3ruhH45JYUM0+QNvBEEHFOhgMqOohWwhh/Y9U0DRyCDe0Rtcl4B3S5/9PVfoYTZ/IYEkc1cLYfjH/LSF9gBZHIp4EKpVMNrXH6CF0oa53JMX9nC1i/b0sSoofIqCN1Lj6olX7IT/FVYOyiGUOVjlMgVgO+M1gVrb9y+mdcPsgcCpkGDa8IKl3LERlDF7vTQgXH5NFEkP2qf4/CD/BPn2idGIqKv0AU7gJsnCT7WlvMsz9i7/6sEz8DVAiLxZHM8ZhZLAWjZeS9c1Y6+SlY+sHTe/9Jq3p2QMLemVOXXIuDZen9UVrxK0ra8uXRZ2nFXMM9MrTT5VBwiJXBtwZ8svUt34s+Z9tYHy0hci X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(346002)(136003)(366004)(34490700003)(83380400001)(186003)(4326008)(86362001)(6916009)(7416002)(16526019)(6486002)(5660300002)(66556008)(8676002)(8936002)(508600001)(7696005)(52116002)(66574015)(66946007)(956004)(36756003)(2906002)(6666004)(26005)(66476007)(2616005);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?lBmWpn9OuqwFesHWU312kC8kMf5UlA?= =?utf-8?q?NJ/g5GFcHJQsmF34f/ES5dHdpzeiSQ6mCS+Mmd971LQr3FYDrbkelwoW2uA1OvcZt?= =?utf-8?q?jCFw6hO83L+/qcVgnE4elUxWv7Ttc3oeK0PiM00T+MVKLAcL77JO+F/FQN+Y9Vi3C?= =?utf-8?q?gw3vbU2IIJ20h19/NMeOJWHrRP9p0uJ8JfUp4uRiwaqCAXujqFFDKlKYb6csP9u9D?= =?utf-8?q?3DgaJFqoMB6ot1LJR78uXYjliXsJf3kmFJCi++uuFcOqpqRk30bxPsbkZcFt76/3i?= =?utf-8?q?0XAJYkH30iQiptE4ECw0+OF1anIncyRPvbZKZkPBTEsgAgVmGbDFPDWw9RWKEB/xt?= =?utf-8?q?8ocgeltoI3B8llNPVjMASkd+qVVCwdoQUNKSWmPhjs6/cpqBZtANlmrKJk4/XA0aD?= =?utf-8?q?C9hm9e/+yrFrMWm4F9tz0JOA9ODll6F6MeHFxfHzLPad3BdyE5gv4IFEiCG9Tl7dX?= =?utf-8?q?mokaeCs3AXAAmZTMbr6w/SnYXiu9Cmfo/nQaW9b8CB0H6zGdtsxXfRgVr9zk/m0s6?= =?utf-8?q?AjSRPIlzK6b5OePF9WJBQAYVY5CNqvxMjnxAKWho/q/idnsKR4g5FJ/Ygq+pBGMvc?= =?utf-8?q?Ckt4SocaN27SkA9I10eoalve0sdFMM5EqAvHIvflvcgAlOQnoqmiXROPBd1Ikuwza?= =?utf-8?q?g8kN+prWQrDX3M+IEJ07RXmR00jHlZHJpY1hQ6Ktn+fpmtfOycvOaZGT/2a30HCRb?= =?utf-8?q?50ZJTyH2i7ZgikxaQ/FN8Mhsbfe6xj5rHSxVNnFLG5hbg44g2Y1fIzo5JkEzVT+KM?= =?utf-8?q?WzkTV7P3fVPQs4JyyESFdaL5Uy2q9YpMjnb+2MLXEqxN8nrQ7olF3reFlfeIet2Q2?= =?utf-8?q?WXJUI4dZ9RIMMmAK1SpC1reFbye7KQblFy0ScAnvkPn6XDeA05Hl6yQ6lHBkRzJbi?= =?utf-8?q?e7qlP5cweAtdRT5yxrj7nQ3PfwXFrGIW/xx+Tap7UyaeWYsJ9kCSN/5NQD6B7a3Mz?= =?utf-8?q?tF6ugxFi/BhD/XJxhfq?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2020 22:06:29.2551 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: db097197-06b3-424d-7265-08d89bc583b8 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: NnTYh0eOfWHqC4biQXtO+7bOOf3XA47XVT14mtliTDq8EF6mYaqE4VlbhR61e8COuSdD44VYlYFvQgCXftWw2g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4415 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh This hypercall is used by the SEV guest to notify a change in the page encryption status to the hypervisor. The hypercall should be invoked only when the encryption attribute is changed from encrypted -> decrypted and vice versa. By default all guest pages are considered encrypted. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Venu Busireddy Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- Documentation/virt/kvm/hypercalls.rst | 15 +++++ arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kvm/svm/sev.c | 90 +++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 2 + arch/x86/kvm/svm/svm.h | 4 ++ arch/x86/kvm/vmx/vmx.c | 1 + arch/x86/kvm/x86.c | 6 ++ include/uapi/linux/kvm_para.h | 1 + 8 files changed, 121 insertions(+) diff --git a/Documentation/virt/kvm/hypercalls.rst b/Documentation/virt/kvm/hypercalls.rst index ed4fddd364ea..7aff0cebab7c 100644 --- a/Documentation/virt/kvm/hypercalls.rst +++ b/Documentation/virt/kvm/hypercalls.rst @@ -169,3 +169,18 @@ a0: destination APIC ID :Usage example: When sending a call-function IPI-many to vCPUs, yield if any of the IPI target vCPUs was preempted. + + +8. KVM_HC_PAGE_ENC_STATUS +------------------------- +:Architecture: x86 +:Status: active +:Purpose: Notify the encryption status changes in guest page table (SEV guest) + +a0: the guest physical address of the start page +a1: the number of pages +a2: encryption attribute + + Where: + * 1: Encryption attribute is set + * 0: Encryption attribute is cleared diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index f002cdb13a0b..d035dc983a7a 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1282,6 +1282,8 @@ struct kvm_x86_ops { void (*migrate_timers)(struct kvm_vcpu *vcpu); void (*msr_filter_changed)(struct kvm_vcpu *vcpu); + int (*page_enc_status_hc)(struct kvm *kvm, unsigned long gpa, + unsigned long sz, unsigned long mode); }; struct kvm_x86_nested_ops { diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index edd98a8de2f8..134d7f330fed 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1361,6 +1361,93 @@ static int sev_receive_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_resize_page_enc_bitmap(struct kvm *kvm, unsigned long new_size) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + unsigned long *map; + unsigned long sz; + + if (sev->page_enc_bmap_size >= new_size) + return 0; + + sz = ALIGN(new_size, BITS_PER_LONG) / 8; + + map = vmalloc(sz); + if (!map) { + pr_err_once("Failed to allocate encrypted bitmap size %lx\n", + sz); + return -ENOMEM; + } + + /* mark the page encrypted (by default) */ + memset(map, 0xff, sz); + + bitmap_copy(map, sev->page_enc_bmap, sev->page_enc_bmap_size); + kvfree(sev->page_enc_bmap); + + sev->page_enc_bmap = map; + sev->page_enc_bmap_size = new_size; + + return 0; +} + +int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, + unsigned long npages, unsigned long enc) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + kvm_pfn_t pfn_start, pfn_end; + gfn_t gfn_start, gfn_end; + + if (!sev_guest(kvm)) + return -EINVAL; + + if (!npages) + return 0; + + gfn_start = gpa_to_gfn(gpa); + gfn_end = gfn_start + npages; + + /* out of bound access error check */ + if (gfn_end <= gfn_start) + return -EINVAL; + + /* lets make sure that gpa exist in our memslot */ + pfn_start = gfn_to_pfn(kvm, gfn_start); + pfn_end = gfn_to_pfn(kvm, gfn_end); + + if (is_error_noslot_pfn(pfn_start) && !is_noslot_pfn(pfn_start)) { + /* + * Allow guest MMIO range(s) to be added + * to the page encryption bitmap. + */ + return -EINVAL; + } + + if (is_error_noslot_pfn(pfn_end) && !is_noslot_pfn(pfn_end)) { + /* + * Allow guest MMIO range(s) to be added + * to the page encryption bitmap. + */ + return -EINVAL; + } + + mutex_lock(&kvm->lock); + + if (sev->page_enc_bmap_size < gfn_end) + goto unlock; + + if (enc) + __bitmap_set(sev->page_enc_bmap, gfn_start, + gfn_end - gfn_start); + else + __bitmap_clear(sev->page_enc_bmap, gfn_start, + gfn_end - gfn_start); + +unlock: + mutex_unlock(&kvm->lock); + return 0; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -1575,6 +1662,9 @@ void sev_vm_destroy(struct kvm *kvm) sev_unbind_asid(kvm, sev->handle); sev_asid_free(sev->asid); + + kvfree(sev->page_enc_bmap); + sev->page_enc_bmap = NULL; } int __init sev_hardware_setup(void) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 6dc337b9c231..7122ea5f7c47 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4312,6 +4312,8 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .apic_init_signal_blocked = svm_apic_init_signal_blocked, .msr_filter_changed = svm_msr_filter_changed, + + .page_enc_status_hc = svm_page_enc_status_hc, }; static struct kvm_x86_init_ops svm_init_ops __initdata = { diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index fdff76eb6ceb..0103a23ca174 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -66,6 +66,8 @@ struct kvm_sev_info { int fd; /* SEV device fd */ unsigned long pages_locked; /* Number of pages locked */ struct list_head regions_list; /* List of registered regions */ + unsigned long *page_enc_bmap; + unsigned long page_enc_bmap_size; }; struct kvm_svm { @@ -409,6 +411,8 @@ int nested_svm_check_exception(struct vcpu_svm *svm, unsigned nr, bool has_error_code, u32 error_code); int nested_svm_exit_special(struct vcpu_svm *svm); void sync_nested_vmcb_control(struct vcpu_svm *svm); +int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, + unsigned long npages, unsigned long enc); extern struct kvm_x86_nested_ops svm_nested_ops; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index c3441e7e5a87..f0a00e69f892 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7719,6 +7719,7 @@ static struct kvm_x86_ops vmx_x86_ops __initdata = { .can_emulate_instruction = vmx_can_emulate_instruction, .apic_init_signal_blocked = vmx_apic_init_signal_blocked, .migrate_timers = vmx_migrate_timers, + .page_enc_status_hc = NULL, .msr_filter_changed = vmx_msr_filter_changed, .cpu_dirty_log_size = vmx_cpu_dirty_log_size, diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index a3fdc16cfd6f..3afc78f18f69 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -8125,6 +8125,12 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu) kvm_sched_yield(vcpu->kvm, a0); ret = 0; break; + case KVM_HC_PAGE_ENC_STATUS: + ret = -KVM_ENOSYS; + if (kvm_x86_ops.page_enc_status_hc) + ret = kvm_x86_ops.page_enc_status_hc(vcpu->kvm, + a0, a1, a2); + break; default: ret = -KVM_ENOSYS; break; diff --git a/include/uapi/linux/kvm_para.h b/include/uapi/linux/kvm_para.h index 8b86609849b9..847b83b75dc8 100644 --- a/include/uapi/linux/kvm_para.h +++ b/include/uapi/linux/kvm_para.h @@ -29,6 +29,7 @@ #define KVM_HC_CLOCK_PAIRING 9 #define KVM_HC_SEND_IPI 10 #define KVM_HC_SCHED_YIELD 11 +#define KVM_HC_PAGE_ENC_STATUS 12 /* * hypercalls use architecture specific From patchwork Tue Dec 8 22:06:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11959929 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B1BDBC2BB48 for ; Tue, 8 Dec 2020 22:07:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8A24423A33 for ; Tue, 8 Dec 2020 22:07:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731186AbgLHWHe (ORCPT ); Tue, 8 Dec 2020 17:07:34 -0500 Received: from mail-mw2nam12on2074.outbound.protection.outlook.com ([40.107.244.74]:34912 "EHLO NAM12-MW2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729455AbgLHWHd (ORCPT ); Tue, 8 Dec 2020 17:07:33 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EPIaB8kBT+1dWVqEp5nHvaPpkSdKVFDUKC6c4dyQcAZxbtcP2AP1jwnsd43NJzx5CR5RRV6fDGM1WdXV0PsaAbiLyt9WQGjaTuIOeYDurLG8P/ZWrxmaUi6uknXOmS4p4AdAAAuSRCZiBklZZ96+kS/UnoYBDHHLjM+PRrP2kxqGpICkXF3YLluFUoH0KSP5u+6nX9XqsQ487S807EuCRMuGt/IbQp/p4eNUsPFC8LECBMfnwGfPaDGG0bXF1rKvMrBPULVLx/5atflgp3e3hI92ybdjbTJYIDCuLOD4x4g6Va1jwh1ffG5WA9xhC9DjGJCPANoKK4u2K1K3q43CkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=m/ye5BF2QSmbj0xCHmJG8H4YTIhBT+GtTRwrQhIqe90=; b=a7Vs/n+twk2CIZAna4wbI/Zs6k6DX7kgXyqwpSzS6IJapbk01xtL1lXp6NPUxXr7joIxx1LtIzY+a2NTMYyBJ/g7/swAeE0AeZk6y+y2v/TDw7J+AjweFI1gNV/U6qyzIyHBlj9N/DLZumsD9nyFvV2B7XjlRkqz6NtWmRKzFnHOyzXtNkVE/ffrg/KbqiWVAeSqguzE2VBiJkbgqnl50Qe1wCiz90cArMMPmnhfl3Y9lWjt+SiXOrIGOwiSO+ABo39g4plm0u9Ij2WrsiO1WZnwrcXPUbFXFrSD5Jsmo0o0/MbkA+IBfdAjv5yrCvW9Mw6ce2TMtusr0Xz7swyeXQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=m/ye5BF2QSmbj0xCHmJG8H4YTIhBT+GtTRwrQhIqe90=; b=qTDSZqYmR2OawDLLtsI1GdWgs4hL041Uzh79NAa/seUVSzs16gYPwvy5GlzDitSKk8DKXSNZhP/pphWpOMab+jiayF6xDhbpqEmd4Q5ULuWe2ltQXYrAheUgiWiZSXspQwGJSFwq8ya/nExtB5JI7vc+OgmUKkJw/twjZn9Fq+4= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4415.namprd12.prod.outlook.com (2603:10b6:806:70::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.23; Tue, 8 Dec 2020 22:06:48 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3632.021; Tue, 8 Dec 2020 22:06:48 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v9 09/18] KVM: x86: Introduce KVM_GET_PAGE_ENC_BITMAP ioctl Date: Tue, 8 Dec 2020 22:06:35 +0000 Message-Id: <9f10ed65931287fbcb375cab9b8496b01782c346.1607460588.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH0PR04CA0062.namprd04.prod.outlook.com (2603:10b6:610:74::7) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by CH0PR04CA0062.namprd04.prod.outlook.com (2603:10b6:610:74::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Tue, 8 Dec 2020 22:06:46 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 654ee23a-2c95-4539-710e-08d89bc58ee8 X-MS-TrafficTypeDiagnostic: SA0PR12MB4415: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3173; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: HOYX0sN3b+Jme5UPWaYEiHDyGIhwnx0AVaNjFdCAPUUb0C18gKCBDwyM+E4+2m4ycanGZ1tn2h+/nj4C/EHpFVcaMboYq2Ct1nBrzZecbzkURHiLYzwsKRqNu+2Po21zoxzP2DkmL+eNzVNUtsyXWf5DjaGIKuUWZ4rtgpRu9NkHtNZYzUxkqixjUZ3Fj5smp2qYUOY79qrfmymXgliq5RDD+bs9YShD1BgYOqvWnKcvdomRIVMUvkz2V3ZkpzhNkZ9kutRXNAL4EmXYiwpmhwnkw7gxdSDIXEvW3Gm30ENhc33vuHInU4/xPmymvYYkQ4utubYEo1TtDCH49BKeX0jaBhvi5NEgLjipu/7dDXzAzCQOwaB/elmY3Ls82UJl X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(346002)(136003)(366004)(34490700003)(83380400001)(186003)(4326008)(86362001)(6916009)(7416002)(16526019)(6486002)(5660300002)(66556008)(8676002)(8936002)(508600001)(7696005)(52116002)(66574015)(66946007)(956004)(36756003)(2906002)(6666004)(26005)(66476007)(2616005);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?BZ1/xfNURyxnYpztCw8mpO48uCyoB5?= =?utf-8?q?kEhiANvgG6S6L3eLypY8NMhilrEcJFtt9qZw3qf8ca9Cu815x2v9zI4bKAZGBKKFs?= =?utf-8?q?F6fXJBrZRHUSFhpMzNkWlLXbk+yrCVOna9j7VbXFfFjCMfi9ijIZ3IBv4sAxDGFpb?= =?utf-8?q?gg3NRWMX+BBqBlClLUwAu7+Fhw9upTnQKpwp2ObK8txRgorxwHMx+3/d9N/NCwz4D?= =?utf-8?q?LwR6c7YuYF7SGredFRBiqxfVFdokUqXRwsYHn/8KeAmMIYanVZk3y9kIt3GmQxN2k?= =?utf-8?q?Yyy8lsPQh7+iIf4lccQ89U5w7oYyVH7XSqBdM2S2Qe3LYd9GR7iMTzK/nLMqgySji?= =?utf-8?q?KaCV/DnhCmVAZvVkU8fJwnXs4sHkYvxXxKvXUQvczn4jVL6MOh60A2+6meZHNlcnW?= =?utf-8?q?ogucI9D/XUMXqk9yWpS9z81hptFXekP8YIE74+qZMldgu8Svw5GKls+MDPnQ0uSWU?= =?utf-8?q?cfZWWX8HqMCVbJ+dnnZvjtj0qN2qqQlnc16TEqV9PJ8OLDqrAvpyLhMwtcRyTFcE9?= =?utf-8?q?041B6/tdiIFjSxom7SVpU9A4itt86+X/2RuQaKb6ShOCTDwQmeKypVSkwBDcSERo6?= =?utf-8?q?jwyGnEC3u8xZD50f9Z/peqtxWQWM8Emcd0r9dPUPhbHlQAurTIGJJ3ISDbBxnU4CT?= =?utf-8?q?UeBYLVQIwgUjw2nFmC3ogmAaZzSqkgzNWAzNcJQ5qG6xcYpG2ejQtyx90MiF9HcFz?= =?utf-8?q?vS2mOYPyZeAhVSQdp2b8zVJS4LCpLJBG0VB+P8TH8f5B3Gt9ko/OwoA0YfoXK562Q?= =?utf-8?q?VBt2Je8cEXMAG74wzLVjXjVa3nsZjAxcdfx8itduGf2LmVsABQgbmRAQYLYPdS9Yu?= =?utf-8?q?m06q6exqu47ZMPu2Cbnft+h9k5bJTem8ew6ASvLhEeQ32ofCO5FYOBhXNTD4SPofG?= =?utf-8?q?kzVC1CQF5paM2wMW/xr5UK9Z3jkeoLEyqDjCoqyYal4VKt1h/zr06RhnjuDM5U7Pp?= =?utf-8?q?wock3z2blHOzkCqgHpG?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2020 22:06:47.9886 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 654ee23a-2c95-4539-710e-08d89bc58ee8 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 6WzO8i0N29Boj5F3UFc6J28JMCoM1VEFMzaBRmi5YvpoK450YSSAAgnMtQYkBH9/mJ4XfSuehW9Be3DrYOaJbQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4415 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The ioctl can be used to retrieve page encryption bitmap for a given gfn range. Return the correct bitmap as per the number of pages being requested by the user. Ensure that we only copy bmap->num_pages bits in the userspace buffer, if bmap->num_pages is not byte aligned we read the trailing bits from the userspace and copy those bits as is. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Venu Busireddy Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- Documentation/virt/kvm/api.rst | 27 +++++++++++++ arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kvm/svm/sev.c | 70 +++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 1 + arch/x86/kvm/svm/svm.h | 1 + arch/x86/kvm/x86.c | 12 ++++++ include/uapi/linux/kvm.h | 12 ++++++ 7 files changed, 125 insertions(+) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 70254eaa5229..ae410f4332ab 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -4671,6 +4671,33 @@ This ioctl resets VCPU registers and control structures according to the clear cpu reset definition in the POP. However, the cpu is not put into ESA mode. This reset is a superset of the initial reset. +4.125 KVM_GET_PAGE_ENC_BITMAP (vm ioctl) +--------------------------------------- + +:Capability: basic +:Architectures: x86 +:Type: vm ioctl +:Parameters: struct kvm_page_enc_bitmap (in/out) +:Returns: 0 on success, -1 on error + +/* for KVM_GET_PAGE_ENC_BITMAP */ +struct kvm_page_enc_bitmap { + __u64 start_gfn; + __u64 num_pages; + union { + void __user *enc_bitmap; /* one bit per page */ + __u64 padding2; + }; +}; + +The encrypted VMs have the concept of private and shared pages. The private +pages are encrypted with the guest-specific key, while the shared pages may +be encrypted with the hypervisor key. The KVM_GET_PAGE_ENC_BITMAP can +be used to get the bitmap indicating whether the guest page is private +or shared. The bitmap can be used during the guest migration. If the page +is private then the userspace need to use SEV migration commands to transmit +the page. + 4.125 KVM_S390_PV_COMMAND ------------------------- diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index d035dc983a7a..8c2e40199ecb 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1284,6 +1284,8 @@ struct kvm_x86_ops { void (*msr_filter_changed)(struct kvm_vcpu *vcpu); int (*page_enc_status_hc)(struct kvm *kvm, unsigned long gpa, unsigned long sz, unsigned long mode); + int (*get_page_enc_bitmap)(struct kvm *kvm, + struct kvm_page_enc_bitmap *bmap); }; struct kvm_x86_nested_ops { diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 134d7f330fed..4280da9dfea1 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1448,6 +1448,76 @@ int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, return 0; } +int svm_get_page_enc_bitmap(struct kvm *kvm, + struct kvm_page_enc_bitmap *bmap) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + unsigned long gfn_start, gfn_end; + unsigned long sz, i, sz_bytes; + unsigned long *bitmap; + int ret, n; + + if (!sev_guest(kvm)) + return -ENOTTY; + + gfn_start = bmap->start_gfn; + gfn_end = gfn_start + bmap->num_pages; + + sz = ALIGN(bmap->num_pages, BITS_PER_LONG) / BITS_PER_BYTE; + bitmap = kmalloc(sz, GFP_KERNEL); + if (!bitmap) + return -ENOMEM; + + /* by default all pages are marked encrypted */ + memset(bitmap, 0xff, sz); + + mutex_lock(&kvm->lock); + if (sev->page_enc_bmap) { + i = gfn_start; + for_each_clear_bit_from(i, sev->page_enc_bmap, + min(sev->page_enc_bmap_size, gfn_end)) + clear_bit(i - gfn_start, bitmap); + } + mutex_unlock(&kvm->lock); + + ret = -EFAULT; + + n = bmap->num_pages % BITS_PER_BYTE; + sz_bytes = ALIGN(bmap->num_pages, BITS_PER_BYTE) / BITS_PER_BYTE; + + /* + * Return the correct bitmap as per the number of pages being + * requested by the user. Ensure that we only copy bmap->num_pages + * bits in the userspace buffer, if bmap->num_pages is not byte + * aligned we read the trailing bits from the userspace and copy + * those bits as is. + */ + + if (n) { + unsigned char *bitmap_kernel = (unsigned char *)bitmap; + unsigned char bitmap_user; + unsigned long offset, mask; + + offset = bmap->num_pages / BITS_PER_BYTE; + if (copy_from_user(&bitmap_user, bmap->enc_bitmap + offset, + sizeof(unsigned char))) + goto out; + + mask = GENMASK(n - 1, 0); + bitmap_user &= ~mask; + bitmap_kernel[offset] &= mask; + bitmap_kernel[offset] |= bitmap_user; + } + + if (copy_to_user(bmap->enc_bitmap, bitmap, sz_bytes)) + goto out; + + ret = 0; +out: + kfree(bitmap); + return ret; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 7122ea5f7c47..bff89cab3ed0 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4314,6 +4314,7 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .msr_filter_changed = svm_msr_filter_changed, .page_enc_status_hc = svm_page_enc_status_hc, + .get_page_enc_bitmap = svm_get_page_enc_bitmap, }; static struct kvm_x86_init_ops svm_init_ops __initdata = { diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 0103a23ca174..4ce73f1034b9 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -413,6 +413,7 @@ int nested_svm_exit_special(struct vcpu_svm *svm); void sync_nested_vmcb_control(struct vcpu_svm *svm); int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, unsigned long npages, unsigned long enc); +int svm_get_page_enc_bitmap(struct kvm *kvm, struct kvm_page_enc_bitmap *bmap); extern struct kvm_x86_nested_ops svm_nested_ops; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 3afc78f18f69..d3cb95a4dd55 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -5695,6 +5695,18 @@ long kvm_arch_vm_ioctl(struct file *filp, case KVM_X86_SET_MSR_FILTER: r = kvm_vm_ioctl_set_msr_filter(kvm, argp); break; + case KVM_GET_PAGE_ENC_BITMAP: { + struct kvm_page_enc_bitmap bitmap; + + r = -EFAULT; + if (copy_from_user(&bitmap, argp, sizeof(bitmap))) + goto out; + + r = -ENOTTY; + if (kvm_x86_ops.get_page_enc_bitmap) + r = kvm_x86_ops.get_page_enc_bitmap(kvm, &bitmap); + break; + } default: r = -ENOTTY; } diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index fc0a48c37aac..67cdb301ec4d 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -532,6 +532,16 @@ struct kvm_dirty_log { }; }; +/* for KVM_GET_PAGE_ENC_BITMAP */ +struct kvm_page_enc_bitmap { + __u64 start_gfn; + __u64 num_pages; + union { + void __user *enc_bitmap; /* one bit per page */ + __u64 padding2; + }; +}; + /* for KVM_CLEAR_DIRTY_LOG */ struct kvm_clear_dirty_log { __u32 slot; @@ -1563,6 +1573,8 @@ struct kvm_pv_cmd { /* Available with KVM_CAP_DIRTY_LOG_RING */ #define KVM_RESET_DIRTY_RINGS _IO(KVMIO, 0xc7) +#define KVM_GET_PAGE_ENC_BITMAP _IOW(KVMIO, 0xc8, struct kvm_page_enc_bitmap) + /* Secure Encrypted Virtualization command */ enum sev_cmd_id { /* Guest initialization commands */ From patchwork Tue Dec 8 22:06:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11959933 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 41D91C4167B for ; Tue, 8 Dec 2020 22:08:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 12C3B222B3 for ; Tue, 8 Dec 2020 22:08:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731215AbgLHWIC (ORCPT ); Tue, 8 Dec 2020 17:08:02 -0500 Received: from mail-co1nam11on2052.outbound.protection.outlook.com ([40.107.220.52]:39170 "EHLO NAM11-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727844AbgLHWIB (ORCPT ); Tue, 8 Dec 2020 17:08:01 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BT8OrtLhcePGf7NjsB+l7S/efvkAvR6/psYdiKnN62aRSRRhMhRp3c7MXjFf/TX276F/8FM0AU9vMoV/omnV1IE0cRVWDYLXsPWXU6hFhU+mm2sNJETDnojo6YjIgXqkOZ6RJ8xY9oyTtkHrEbsuvtWZYBB73Lbgp+vjkzEIjUeadpn/8+TmbuQQ0+Bd9dJFRReNtDxudkM2EBPctrHBwCI95Bnxj9C1ZQKsyKG9biOL56+vxrDaGixCZGuUvrikECGBcIsp5wt7UetTQyNBs/1g+7uyoZE/aO7oBRksRrHs9smmnbDID1GELdM1Pn6YdJxHEkqdFG2KcWp1oJM20Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZhKI0DkAsAvx2gmnAyq5fMDUyMXKmNtJ5iq1d326ZZk=; b=lybSB97w8VIfCgUzw4gIwa+OPtodukGQFCXfAdSL2z63DElboFcw9fdlLPd95I2GSPxsYJIJm0O4gPd6QwAIFrQVO6lTlKIblFD1ZquvEoxT0aBj6PNoY7dcntEhpscdKBClJ7/y2aAMNRo77C97TujnFd7pYGCeK1mNeP0MBlWEEnppBC75FyMZpLAaEdghJWfeFSrLJEEPStJ9KIEN1/e07UfUn1o6VaaHhUwne91+yd4ZsXQkvb/AcZST6UYooDOOGa5RGk+o/1AJFjF9zCEdzAsRP8ksVEgcUVeEOm1lef9T1QZQCrOH+79Lwk3/Ag4VQCih2alQkI2jg1IHTQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZhKI0DkAsAvx2gmnAyq5fMDUyMXKmNtJ5iq1d326ZZk=; b=SXJyxsf8zDI5NGlAxVkU5XgBy1/nIsME/ZaqYtCg05g/KJ8LWECs0k8tVWKzdLvhfgGc/L2cWDRSD3UpIPxdLdCE5D802XBTbIP/CMWwPYu4rSf92/WBQ6dpB2OV2wPHK/2Y8RuCICJXj3PCVqyJnyqBxODB3GD6ZheS7QfSn9I= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN6PR12MB2640.namprd12.prod.outlook.com (2603:10b6:805:6c::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.21; Tue, 8 Dec 2020 22:07:05 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3632.021; Tue, 8 Dec 2020 22:07:05 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v9 10/18] mm: x86: Invoke hypercall when page encryption status is changed Date: Tue, 8 Dec 2020 22:06:54 +0000 Message-Id: <1d9d2aef208d23d0667082e95bdf4aa54b062289.1607460588.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH0PR04CA0072.namprd04.prod.outlook.com (2603:10b6:610:74::17) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by CH0PR04CA0072.namprd04.prod.outlook.com (2603:10b6:610:74::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Tue, 8 Dec 2020 22:07:04 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 60443ecf-328d-453e-4bde-08d89bc59968 X-MS-TrafficTypeDiagnostic: SN6PR12MB2640: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5516; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: sYIt6jy2C/cEGIVxO1avQ5Zi2MNMJWYYdR8Dvhe5pq78+mtRoSpspCt2RuyIfLlfWkYy8NOy9VIw9R6BtPNPgGSaqTw5eORZVjGMQjPfc+p2vKXC6+7pVHK4lfdb2pFi3ifqciSdW9JZ2rcDTbFtiweP40zZmGv7jbDG/Wp3wOHnC5o8Y0CjFKGubS76GKYq2CUKzBp9WPwRAwP/oq1AuK6CVLwMMUaviF21HN1Tcv1ki3lx5it9zVLqk5ekIG2nHafgmTGLGrnkPmKxyGdN04YCGjKm6l2+Vv94DuvQa7b1RhNps05wwW1zVRc0Y7VJQD+xHJq9gf194tt1dHwpvkqtqnW6cl8mPDcGvzOuEDtAqthE6aVJa8BBZlPNHPon X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(376002)(366004)(136003)(2616005)(2906002)(66556008)(83380400001)(508600001)(4326008)(5660300002)(6916009)(52116002)(7416002)(66476007)(6486002)(66574015)(34490700003)(186003)(6666004)(8936002)(16526019)(8676002)(66946007)(86362001)(7696005)(26005)(956004)(36756003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?G1G0rOPET/qdqdimc/+DuSImutgurP?= =?utf-8?q?njLyOSiP0D7O9fWVr6SRI4bJaYgMUDUg3Jxo9R+I9fddP/DOLSKKMK4Uix3mDIrVC?= =?utf-8?q?XfkoxVvMJYr+qDf6/icTAA8No13pKcnVky2eeNe6ppa9aLFNjLcBM9oNKvO8lmZXP?= =?utf-8?q?54RH5JWOjd/2ONNUTXskh9ulsPlbzxz9IPsUkshTXz1iS3aa/ttAtgjK7d0bEuC4z?= =?utf-8?q?Ky7WOAqHcEh7C44di/TpFEONAuky4YQcCiUu4zQPuYNFcQEtBM0H3nBNxWqon7Tar?= =?utf-8?q?d3/BIUJ+Z67QIrnkvQg9vfG32PHviXHo1pHklxMwA3WXpvy/DVMlP+JUXQhYhlivB?= =?utf-8?q?sJmpjnFT0o9Vfk0UJNPTwMKGdc8ijB9cQuMLJhK5iZ50VcGBZVHzc+WHtwA6cAoI5?= =?utf-8?q?cpwGJ2mt6jU4Gu/25FOoyNb1odNeBtwk3WWfgtupkuZleYNp99QKd9Y3bO2lFNZVm?= =?utf-8?q?2qCLIEnCB6DihWxkMU4Qa6Z4ybZIbNujzn/N8xxGPTZWbBw/uk0WExF1Eo5Ip5H9S?= =?utf-8?q?QfwO+8lK6dd8eMnjuTytDXOQqdbCw/0CHOXMj/jrD92xjL4JJfTWe+qXclAwsYH6p?= =?utf-8?q?GdyGQk++8sL+adjCgIQbJ5LynQeqcuwDr+7MvPbUzMckX7R1uenmWNbQvZjiI2QUL?= =?utf-8?q?Ix6gXK24O0d//LSPHoOfNsDO3twkfNFXef8eQ3EDy0/SLL5nTedUQ9lETKMm9ZTJ/?= =?utf-8?q?RqYri7dNOGP4/vyOzxjLXNAByVVL2yK74I1EPBj+DjXhgXx9O17AZ4hW0SZQ3YO+g?= =?utf-8?q?Ldn+ov7dfRydc5VB/ZRhbIDR71burXyWpum6sTtFIc6MfbxM1ssHZ5TmPu+daJYXm?= =?utf-8?q?SkjcxpC5PZc94Do2udgPt5XKgmNJLXmGEHi8Cm0aZLqE/LTS5Jj4NE6jlZHcFEi/x?= =?utf-8?q?Fe94w6Ttb2UXRCQUMRfvjphTT4J/dpC4T/6QBFk0E9Fi4p7Etp7k6LGv5BUs/mNoL?= =?utf-8?q?orsKMw1OfX4wRsA8fI8?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2020 22:07:05.5987 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 60443ecf-328d-453e-4bde-08d89bc59968 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: semdlmsLqsNqrc9+bs4CwoIUANAd969Co9PfFBmcJtpe9vpseCkJuANmdrrK6Q2AN8K4TSsLqZnjeyP9mFISYA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2640 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh Invoke a hypercall when a memory region is changed from encrypted -> decrypted and vice versa. Hypervisor needs to know the page encryption status during the guest migration. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Venu Busireddy Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- arch/x86/include/asm/paravirt.h | 10 +++++ arch/x86/include/asm/paravirt_types.h | 2 + arch/x86/kernel/paravirt.c | 1 + arch/x86/mm/mem_encrypt.c | 57 ++++++++++++++++++++++++++- arch/x86/mm/pat/set_memory.c | 7 ++++ 5 files changed, 76 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h index d25cc6830e89..7aeb7c508c53 100644 --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h @@ -84,6 +84,12 @@ static inline void paravirt_arch_exit_mmap(struct mm_struct *mm) PVOP_VCALL1(mmu.exit_mmap, mm); } +static inline void page_encryption_changed(unsigned long vaddr, int npages, + bool enc) +{ + PVOP_VCALL3(mmu.page_encryption_changed, vaddr, npages, enc); +} + #ifdef CONFIG_PARAVIRT_XXL static inline void load_sp0(unsigned long sp0) { @@ -840,6 +846,10 @@ static inline void paravirt_arch_dup_mmap(struct mm_struct *oldmm, static inline void paravirt_arch_exit_mmap(struct mm_struct *mm) { } + +static inline void page_encryption_changed(unsigned long vaddr, int npages, bool enc) +{ +} #endif #endif /* __ASSEMBLY__ */ #endif /* _ASM_X86_PARAVIRT_H */ diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h index 0fad9f61c76a..d7787ec4d19f 100644 --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h @@ -209,6 +209,8 @@ struct pv_mmu_ops { /* Hook for intercepting the destruction of an mm_struct. */ void (*exit_mmap)(struct mm_struct *mm); + void (*page_encryption_changed)(unsigned long vaddr, int npages, + bool enc); #ifdef CONFIG_PARAVIRT_XXL struct paravirt_callee_save read_cr2; diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c index 6c3407ba6ee9..52913356b6fa 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -340,6 +340,7 @@ struct paravirt_patch_template pv_ops = { (void (*)(struct mmu_gather *, void *))tlb_remove_page, .mmu.exit_mmap = paravirt_nop, + .mmu.page_encryption_changed = paravirt_nop, #ifdef CONFIG_PARAVIRT_XXL .mmu.read_cr2 = __PV_IS_CALLEE_SAVE(native_read_cr2), diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index bc0833713be9..9d1ac65050d0 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include @@ -29,6 +30,7 @@ #include #include #include +#include #include "mm_internal.h" @@ -198,6 +200,47 @@ void __init sme_early_init(void) swiotlb_force = SWIOTLB_FORCE; } +static void set_memory_enc_dec_hypercall(unsigned long vaddr, int npages, + bool enc) +{ + unsigned long sz = npages << PAGE_SHIFT; + unsigned long vaddr_end, vaddr_next; + + vaddr_end = vaddr + sz; + + for (; vaddr < vaddr_end; vaddr = vaddr_next) { + int psize, pmask, level; + unsigned long pfn; + pte_t *kpte; + + kpte = lookup_address(vaddr, &level); + if (!kpte || pte_none(*kpte)) + return; + + switch (level) { + case PG_LEVEL_4K: + pfn = pte_pfn(*kpte); + break; + case PG_LEVEL_2M: + pfn = pmd_pfn(*(pmd_t *)kpte); + break; + case PG_LEVEL_1G: + pfn = pud_pfn(*(pud_t *)kpte); + break; + default: + return; + } + + psize = page_level_size(level); + pmask = page_level_mask(level); + + kvm_sev_hypercall3(KVM_HC_PAGE_ENC_STATUS, + pfn << PAGE_SHIFT, psize >> PAGE_SHIFT, enc); + + vaddr_next = (vaddr & pmask) + psize; + } +} + static void __init __set_clr_pte_enc(pte_t *kpte, int level, bool enc) { pgprot_t old_prot, new_prot; @@ -255,12 +298,13 @@ static void __init __set_clr_pte_enc(pte_t *kpte, int level, bool enc) static int __init early_set_memory_enc_dec(unsigned long vaddr, unsigned long size, bool enc) { - unsigned long vaddr_end, vaddr_next; + unsigned long vaddr_end, vaddr_next, start; unsigned long psize, pmask; int split_page_size_mask; int level, ret; pte_t *kpte; + start = vaddr; vaddr_next = vaddr; vaddr_end = vaddr + size; @@ -315,6 +359,8 @@ static int __init early_set_memory_enc_dec(unsigned long vaddr, ret = 0; + set_memory_enc_dec_hypercall(start, PAGE_ALIGN(size) >> PAGE_SHIFT, + enc); out: __flush_tlb_all(); return ret; @@ -448,6 +494,15 @@ void __init mem_encrypt_init(void) if (sev_active()) static_branch_enable(&sev_enable_key); +#ifdef CONFIG_PARAVIRT + /* + * With SEV, we need to make a hypercall when page encryption state is + * changed. + */ + if (sev_active()) + pv_ops.mmu.page_encryption_changed = set_memory_enc_dec_hypercall; +#endif + print_mem_encrypt_feature_info(); } diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c index 40baa90e74f4..dcd4557bb7fa 100644 --- a/arch/x86/mm/pat/set_memory.c +++ b/arch/x86/mm/pat/set_memory.c @@ -27,6 +27,7 @@ #include #include #include +#include #include "../mm_internal.h" @@ -2012,6 +2013,12 @@ static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc) */ cpa_flush(&cpa, 0); + /* Notify hypervisor that a given memory range is mapped encrypted + * or decrypted. The hypervisor will use this information during the + * VM migration. + */ + page_encryption_changed(addr, numpages, enc); + return ret; } From patchwork Tue Dec 8 22:07:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11959935 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7045BC4361B for ; Tue, 8 Dec 2020 22:09:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 37B5822288 for ; Tue, 8 Dec 2020 22:09:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731308AbgLHWIt (ORCPT ); Tue, 8 Dec 2020 17:08:49 -0500 Received: from mail-co1nam11on2089.outbound.protection.outlook.com ([40.107.220.89]:31937 "EHLO NAM11-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1730400AbgLHWIs (ORCPT ); Tue, 8 Dec 2020 17:08:48 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CrF50yefmZq4gQcWUEoqH8/sjgsLxOg2s9rKyrQtBImg7RZe5kuAbv4/ktDBCiHaS64ql57y29Le/0qOfcdtF5XSJbfjKzRBj689IhJHSUSOiOqekU97B+tZGF9ThMfAO4eu5sm/iOWxcWXCmiETR+6RMJRNdOq3CXUiPWCZTcRHZPx49vAQh6sfJpgZjWcDGRVb/+mYi6Z1K1bRLebhApHg5nAtliNK2Ln7unQjr1/3LROdi4F5Hf1ejUNi0985ijwbticJ16pci3HG8QDLs2k3FPes9x8Dp+6cQViWlR6RrXxCW6uQMPrDU4GbT7cED/PWFJmeqlRTgsMxIV3DwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UsZaEuAQ/93o6jJ7PP8H0kJ72lYvSkBTWtz8MmVKmWs=; b=Jg909qKd0Owl5XYvpyfVCsNyfkb91l1faOPx/5USLUS119GroEWJqH2BhxEiMiotzAhZOL2qDl5Q0GTdRfDq87/cXekzMmz8o83YQj34/uD4z727Q8judODkzj3aY3FvzknfhDZ0E7lqPjz0FJjgEXmbDuXjRbgEliicBt47rlT/qjHxp/ZkO+HnL/8j8l/HEmAnnq295sp130KfQq/Rbvw5b71r3hF1ByYZbf9Y/CHAvuT71hTW1mch7ssBXOzNW3gEuCQKE6F8vt3ZrlyJyZ3fjf59pwQWf3vm9kLHeiiP3AvuWi8vBgynESeAq8ydw5Ztp9/FsCqnFeMf2S2/tA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UsZaEuAQ/93o6jJ7PP8H0kJ72lYvSkBTWtz8MmVKmWs=; b=X8l8uJY+6PA23u0co0VNS3WIgYPNsE7Dn1/gyxgDRjvaJhAIrGOkP7Ssj4QokGMnz3x/oodEYPuVlo9ye+kfo7YjmQdYEvlfVhi8FOIH6Byn+3WgiB52/MpH74cqwNkQirob110i3mdruuMJcSqjXkQEKkCh+MbD05Sudvlkjls= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN6PR12MB2640.namprd12.prod.outlook.com (2603:10b6:805:6c::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.21; Tue, 8 Dec 2020 22:07:23 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3632.021; Tue, 8 Dec 2020 22:07:23 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v9 11/18] KVM: x86: Introduce KVM_SET_PAGE_ENC_BITMAP ioctl Date: Tue, 8 Dec 2020 22:07:11 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH0PR04CA0083.namprd04.prod.outlook.com (2603:10b6:610:74::28) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by CH0PR04CA0083.namprd04.prod.outlook.com (2603:10b6:610:74::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Tue, 8 Dec 2020 22:07:21 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 875d6f96-3b22-4d92-c3ff-08d89bc5a3d6 X-MS-TrafficTypeDiagnostic: SN6PR12MB2640: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6790; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: +2NhryJOhppunBRr0xHIJnXEXwZBAnqkRJoPDm3mM0GOGrHgNTa70yrdOjKXv9W29MZxMN0moXHfr4Bz5inriMzJ6jxSnGRcFmIPwgjm4VQomp+gfkkAFtwKfSYFMeITrbicHIb123VVU/gwDWYY5yciLGNiZnv+P9Y0DXr0IuJaesvUYEwzxcyyubxY1RH38/+9g1eRHSJOo1mfBk5emoYwXamOp5j62u8uvCe+5o/2RTk08ZHND3CFV5NaG7HFDloEwz4zy4U7Bvl25FcKyLRS/opxbUdw5bBayKsP+K59rS32KkG1lzT4bqFw3fEkHtpxdt3NdstR0zBsMmU+McYyS/LVHxrevh8emi3WK+IG0NiAR4/Ai7UDb8aUL/eV X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(376002)(366004)(136003)(2616005)(2906002)(66556008)(83380400001)(508600001)(4326008)(5660300002)(6916009)(52116002)(7416002)(66476007)(6486002)(66574015)(34490700003)(186003)(6666004)(8936002)(16526019)(8676002)(66946007)(86362001)(7696005)(26005)(956004)(36756003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?DNU92Y9d7s0B6/20GpJOlrI3bV5j+T?= =?utf-8?q?DKU5935NNxZXLbMGAa7H+Odrb+dGEowc0OgItAY6ih/zvePCqyUrJY1njwztFE98D?= =?utf-8?q?TCjMoYHKBO14E/YWrYvCvsvqjmY/MSx4Sy2zOz6L2CYVCpenJoNCnPjAZB5o8ljVj?= =?utf-8?q?YsQSIGVbhFhZt/qbtLZmwAkN2fO43UJzHvd0Ja1oHhfJVyyN+dui7A9YvhJXoAVqr?= =?utf-8?q?CD+zSvrFxwpRwj8k34ag3Zw1nxFNfnwDnOVoswNR55xuqFFPJ33GeSiQacQ54sQFk?= =?utf-8?q?Ym2tn6TymRLvq6yHh3ToysQvclsst7eKhr0KnnOgk0ACF+SIY6Y5WWommdeGL5dBg?= =?utf-8?q?/pn7lNBDBkr40NLFvtp33hieyQJjB0WRpOY8O5DeONk+bqI5/zVQ7L87S8kgDUZB8?= =?utf-8?q?vstML9C3msPjGEI/2lJh9SAT/CEMWKyZR93FoiPLVsIBkNp7PuCVBNq8Zz/8jSoIh?= =?utf-8?q?4hXBuUgONUxkukSs6kzqpNIR7GJwp/wjkBM+NSyai8tOdB2X9WEihR25uic6gqZWz?= =?utf-8?q?pGhPCwT8Fi6ybI7VipWCX0YaM86Whb3yOrozLVPa4wCkmGJo5x2+aRWNlamoKnbp/?= =?utf-8?q?GD7XkpcW+9oRr/fYlj781pa80BXdlDSZyp3IWGEFPNPOxCg0ctkqhouyC+y8VB9j9?= =?utf-8?q?mB1Xmty6WgOsX9lCiqqqGRoPihSzmOaAB6UgxEZseshS3Z3RKajTbky32o1l/QMaN?= =?utf-8?q?C6CMLcqGHroUNbkHNLqqZlVKjDKd9jYwN968wsfNMZmc+sg4yHfN0tBf4bU61CeOD?= =?utf-8?q?ldHzQB4Sff3j1ODJxm++YD/UFroX5uQkIYAcIUGIPXxW6zLwO+N9VtPIYAIpvHYG5?= =?utf-8?q?tFWXwGbJPhlA9/KcMyT7y0kQHvtVbgP/GpN5iBEXdmtEJNG2PKISvuQH6Rk//R4V+?= =?utf-8?q?wfWoURCOpTFRrVx8nOMC00cDAf3X8fHnyAcFRs/SPUvKTpO1F9SVULScnBSooQczg?= =?utf-8?q?7/o9gQMpgPPYE8pNEzF?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2020 22:07:23.1719 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 875d6f96-3b22-4d92-c3ff-08d89bc5a3d6 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 2PpeRslbtMhQme3B7gX1k57TfAqicIy0jP9o4oOpxeC8cWnNd+NmXekYWTQ824pwbZneevOzXtcgM3NUGyTc9g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2640 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The ioctl can be used to set page encryption bitmap for an incoming guest. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Venu Busireddy Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- Documentation/virt/kvm/api.rst | 44 +++++++++++++++++++++++++++++ arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/svm/sev.c | 50 +++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 1 + arch/x86/kvm/svm/svm.h | 1 + arch/x86/kvm/x86.c | 12 ++++++++ include/uapi/linux/kvm.h | 1 + 7 files changed, 111 insertions(+) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index ae410f4332ab..1a3336cbbfe8 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -4698,6 +4698,28 @@ or shared. The bitmap can be used during the guest migration. If the page is private then the userspace need to use SEV migration commands to transmit the page. +4.126 KVM_SET_PAGE_ENC_BITMAP (vm ioctl) +--------------------------------------- + +:Capability: basic +:Architectures: x86 +:Type: vm ioctl +:Parameters: struct kvm_page_enc_bitmap (in/out) +:Returns: 0 on success, -1 on error + +/* for KVM_SET_PAGE_ENC_BITMAP */ +struct kvm_page_enc_bitmap { + __u64 start_gfn; + __u64 num_pages; + union { + void __user *enc_bitmap; /* one bit per page */ + __u64 padding2; + }; +}; + +During the guest live migration the outgoing guest exports its page encryption +bitmap, the KVM_SET_PAGE_ENC_BITMAP can be used to build the page encryption +bitmap for an incoming guest. 4.125 KVM_S390_PV_COMMAND ------------------------- @@ -4852,6 +4874,28 @@ into user space. If a vCPU is in running state while this ioctl is invoked, the vCPU may experience inconsistent filtering behavior on MSR accesses. +4.126 KVM_SET_PAGE_ENC_BITMAP (vm ioctl) +--------------------------------------- + +:Capability: basic +:Architectures: x86 +:Type: vm ioctl +:Parameters: struct kvm_page_enc_bitmap (in/out) +:Returns: 0 on success, -1 on error + +/* for KVM_SET_PAGE_ENC_BITMAP */ +struct kvm_page_enc_bitmap { + __u64 start_gfn; + __u64 num_pages; + union { + void __user *enc_bitmap; /* one bit per page */ + __u64 padding2; + }; +}; + +During the guest live migration the outgoing guest exports its page encryption +bitmap, the KVM_SET_PAGE_ENC_BITMAP can be used to build the page encryption +bitmap for an incoming guest. 5. The kvm_run structure ======================== diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 8c2e40199ecb..352ebc576036 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1286,6 +1286,8 @@ struct kvm_x86_ops { unsigned long sz, unsigned long mode); int (*get_page_enc_bitmap)(struct kvm *kvm, struct kvm_page_enc_bitmap *bmap); + int (*set_page_enc_bitmap)(struct kvm *kvm, + struct kvm_page_enc_bitmap *bmap); }; struct kvm_x86_nested_ops { diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 4280da9dfea1..6f34d0214440 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1518,6 +1518,56 @@ int svm_get_page_enc_bitmap(struct kvm *kvm, return ret; } +int svm_set_page_enc_bitmap(struct kvm *kvm, + struct kvm_page_enc_bitmap *bmap) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + unsigned long gfn_start, gfn_end; + unsigned long *bitmap; + unsigned long sz; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + /* special case of resetting the complete bitmap */ + if (!bmap->enc_bitmap) { + mutex_lock(&kvm->lock); + /* by default all pages are marked encrypted */ + if (sev->page_enc_bmap_size) + bitmap_fill(sev->page_enc_bmap, + sev->page_enc_bmap_size); + mutex_unlock(&kvm->lock); + return 0; + } + + gfn_start = bmap->start_gfn; + gfn_end = gfn_start + bmap->num_pages; + + sz = ALIGN(bmap->num_pages, BITS_PER_LONG) / 8; + bitmap = kmalloc(sz, GFP_KERNEL); + if (!bitmap) + return -ENOMEM; + + ret = -EFAULT; + if (copy_from_user(bitmap, bmap->enc_bitmap, sz)) + goto out; + + mutex_lock(&kvm->lock); + ret = sev_resize_page_enc_bitmap(kvm, gfn_end); + if (ret) + goto unlock; + + bitmap_copy(sev->page_enc_bmap + BIT_WORD(gfn_start), bitmap, + (gfn_end - gfn_start)); + + ret = 0; +unlock: + mutex_unlock(&kvm->lock); +out: + kfree(bitmap); + return ret; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index bff89cab3ed0..6ebdf20773ea 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4315,6 +4315,7 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .page_enc_status_hc = svm_page_enc_status_hc, .get_page_enc_bitmap = svm_get_page_enc_bitmap, + .set_page_enc_bitmap = svm_set_page_enc_bitmap, }; static struct kvm_x86_init_ops svm_init_ops __initdata = { diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 4ce73f1034b9..2268c0ab650b 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -414,6 +414,7 @@ void sync_nested_vmcb_control(struct vcpu_svm *svm); int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, unsigned long npages, unsigned long enc); int svm_get_page_enc_bitmap(struct kvm *kvm, struct kvm_page_enc_bitmap *bmap); +int svm_set_page_enc_bitmap(struct kvm *kvm, struct kvm_page_enc_bitmap *bmap); extern struct kvm_x86_nested_ops svm_nested_ops; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index d3cb95a4dd55..3cf64a94004f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -5707,6 +5707,18 @@ long kvm_arch_vm_ioctl(struct file *filp, r = kvm_x86_ops.get_page_enc_bitmap(kvm, &bitmap); break; } + case KVM_SET_PAGE_ENC_BITMAP: { + struct kvm_page_enc_bitmap bitmap; + + r = -EFAULT; + if (copy_from_user(&bitmap, argp, sizeof(bitmap))) + goto out; + + r = -ENOTTY; + if (kvm_x86_ops.set_page_enc_bitmap) + r = kvm_x86_ops.set_page_enc_bitmap(kvm, &bitmap); + break; + } default: r = -ENOTTY; } diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 67cdb301ec4d..79cd28b17b33 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1574,6 +1574,7 @@ struct kvm_pv_cmd { #define KVM_RESET_DIRTY_RINGS _IO(KVMIO, 0xc7) #define KVM_GET_PAGE_ENC_BITMAP _IOW(KVMIO, 0xc8, struct kvm_page_enc_bitmap) +#define KVM_SET_PAGE_ENC_BITMAP _IOW(KVMIO, 0xc9, struct kvm_page_enc_bitmap) /* Secure Encrypted Virtualization command */ enum sev_cmd_id { From patchwork Tue Dec 8 22:07:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11959937 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF7F7C2BB40 for ; Tue, 8 Dec 2020 22:09:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B1C0D23A33 for ; Tue, 8 Dec 2020 22:09:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730854AbgLHWIr (ORCPT ); Tue, 8 Dec 2020 17:08:47 -0500 Received: from mail-dm6nam10on2068.outbound.protection.outlook.com ([40.107.93.68]:52065 "EHLO NAM10-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1730668AbgLHWIm (ORCPT ); Tue, 8 Dec 2020 17:08:42 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ac5VNPQXC/3XV65sT8Q+mcHP9/U7yfpvUm2xG4y1orzyc2T1gNgjo+zd13liBKwW5wrj8n7QiT0ViS6V/TYBv5PpZAzngW03qF+vm7Bp0gKQrZ19q8rcKFkyfM8uQe0Pw56BYs2VA5VJoL/dKS7JRaU4YA0xbTRcVp1YH8t4AafwYSB98+EfgkvuBt9Olm7kUY1yPUJxp3CLHq9xuPadJsN+sr+KQo3I+PEWboJ0Rtyol1Scf06bq1ECoiJKh50+4T5McLGEMjiKVUsJ96g82QUqjYPPhEDXOvTJ2AC6nIFgpEl5L4Y6bhBmXtbCQOW+KYINm34OitNVzIfPQ9g4AQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dUad8WtavNRvjkOG6pfq/WlfOVALNJV8QAuHWl7VQHY=; b=C1SlrUZolPXfWGQ2+eRpoP1VF7s2mCnwJIFomTKhEMGQhfqTiQyTIShrDFDGjhHFgUonYPypeF6t9dd96YeYTmRL6wJSADbdet7VzV71TE6aAPRFhu1sUtVU+YgosxRcSsbsyjcCeADYR/drB0NBz4AIMZEulYnic+Rxj9qEomfJIjgcIBrVtVHiFyrX34sBMc/g7xY9r0fjG4SWeM8KZ0+1A06H5VSHGgW1Gtcq3cyaqYPegQL5ff5q8UJGTQ4LWnaXIwLBFOuFPfXp6wQ5bqghsh2Ok5K5uwX8fSsgAC0gaNHt2w842ptJxGRFR/Bqa1rPBV8HPYtfnEacrv1BrA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dUad8WtavNRvjkOG6pfq/WlfOVALNJV8QAuHWl7VQHY=; b=S+VxQ6c/wbQBe9s+GU3fY26yPJBpMs8KJWOLOenungVUmQXoUPWVcmjXRYORI9k+KZwFtT7dkrtJVzkPkGe83zVNFqGZzKi2LzLBDtDVco9e0ptTf1ITmRCC2Y0sQLD5uKCJ80Z6ZTSSAdeOTGmnHledidysN+b0ik6TEVdl8Yc= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4415.namprd12.prod.outlook.com (2603:10b6:806:70::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.23; Tue, 8 Dec 2020 22:07:49 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3632.021; Tue, 8 Dec 2020 22:07:49 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v9 12/18] KVM: SVM: Add support for static allocation of unified Page Encryption Bitmap. Date: Tue, 8 Dec 2020 22:07:39 +0000 Message-Id: <280944e548d7be754a36b037984633451828533b.1607460588.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0501CA0147.namprd05.prod.outlook.com (2603:10b6:803:2c::25) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN4PR0501CA0147.namprd05.prod.outlook.com (2603:10b6:803:2c::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.7 via Frontend Transport; Tue, 8 Dec 2020 22:07:48 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 7880f250-8565-4b47-e7d6-08d89bc5b36d X-MS-TrafficTypeDiagnostic: SA0PR12MB4415: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:565; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: bEexBAWldCAFMwqgiZU37Mgv8vsWjCsssucjIIyOsxUtTjiH8kidewIFwGRIt/mrdq6uIbgZG18PnpKq3kVe1O+cew9ksYIV8VQGXPlev/LiEAxzsuUiKY2sApob5pqSsYh60beYY059sMU1mgqXuUwKC4JomZRwSnzamGsuW9wLd5TeEpAlP8TF0fYcF9H7DfjItGqfKKXXHS4gVXGSj9V3hky3uSwG0bALf0i2gzRLRgIEAt2n16qVF7HVwGCUr6k03DLA4JKKZOh75kU4vDRIp6YjYEccg8WqNKqEcl1cyOdr9MGsxJ8X7Q7+u0c3YOiAjiBOW01UtcBTRa0TOc5tzGj9RW/hbJ4VeA3zPncbQrlQORfMZ1xb+GXSfnpA X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(346002)(136003)(366004)(34490700003)(83380400001)(186003)(4326008)(86362001)(6916009)(7416002)(16526019)(6486002)(5660300002)(66556008)(8676002)(8936002)(508600001)(7696005)(52116002)(66946007)(956004)(36756003)(2906002)(6666004)(26005)(66476007)(2616005);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: h5tywQhQdpyVJObJ2tx5D2ImLMrh9Lka2J+W92NRa38Yf2sgYpDmlwUdKGsGCTaz3OjWel7NQx9NLuV7IASKNvmkM9xN2LYFykxML+Y4HpSnWAPKO1cbMdVRkQyiewWDAgtcpxxToBgWd/VUBbju7Ymyu4g1IPqmCuI/dwrEJAyy1oDjrB3VYkU+WR7itIPoGdX9ejNm1LJ9jbmGdTMI6g0Jfps0rjkkf9SZ1Ciq9Wtdc4VPaGyvmhlPDAKJFOr+nkM5RibO3yHJcR3is28THDAfG6F3gsTKc5wSKv684dxnKevCKtp5a53A2u+iVisj3cdMXZzarRCWjSI3e8dJw/FPs/kvbYGtOP+iQZhzE5KOPvdS4miVTHHeO+hB9YPG0xcCZ0FxqTy0Ol1BINtcgGp5KJmZfIbGSRIp82v9LHw1w4QjLzXEmOKxDBEvkG1xm0Nkh/rm/BgCMa7zrVgS/CaDuPi9s2qmJ3eB4QvHU08eVC72EhUd+9IOXoKrx4NuEP2wk2kTWc6r1gZgYop/ZYpIgydvzCGuu5Z1krLZ1TL39cgq3uRmRzyLVo2VpglLeFQlxWJtqo1INBJWaF7Z1Y+yjt3xwBOKLJY8Er83Sy0i9mBGN1PLppurxM+KPlO/C8yaArlg/qrQ0lmL+Xrfr9rNByPQ5EesttKsBtUlFnhcEf8GisW5xJDWnjD96214SsrKtr7Cnrtisu1L644yEFMaQlm56Bgmi3TJv5j4ufCXo0lo6bKmg6sIcE+AuniFvQf5Oyjk3q4TDJmf+THh8k97uP70vP669vG1Ih3ygsNebsnS6RBhMJQOnfWk+Zk9y8kw6OrtEJUjDkKFvmYIgAJOB+t0rpKcJ7jc9gSE8XXYlCxWXhNjYdG9bQ7FgW1fvl5PS+WOH30uMwganzaRC6lGX5sW+YHbStFZ5Tb88RZiPRnQ3WPqoLj3Gse1nNiMO5+K2A9NFmf6PkWiFg/6Mll0J8wS1V+ny0G7YHP6Q7x2F2dqyUPdGyaNvLCOeNb9 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2020 22:07:49.3512 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 7880f250-8565-4b47-e7d6-08d89bc5b36d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: vgizT2LgjS8PutTfmDHpPYlSwH/Z7SfW2v9V8B5rIwfE2/JcJ8M83Ckxdrj2Ob6wR/A+59upu8P7YkIFns/w7w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4415 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Ashish Kalra Add support for static allocation of the unified Page encryption bitmap by extending kvm_arch_commit_memory_region() callack to add svm specific x86_ops which can read the userspace provided memory region/memslots and calculate the amount of guest RAM managed by the KVM and grow the bitmap based on that information, i.e. the highest guest PA that is mapped by a memslot. Earlier we used to dynamic resizing of the page encryption bitmap based on the guest hypercall, but potentially a malicious guest can make a hypercall which can trigger a really large memory allocation on the host side and may eventually cause denial of service. Hence now we don't do dynamic resizing of the page encryption bitmap as per the hypercall and allocate it statically based on guest memory allocation by walking through memslots and computing it's size. Signed-off-by: Ashish Kalra --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm/sev.c | 35 +++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 1 + arch/x86/kvm/svm/svm.h | 1 + arch/x86/kvm/x86.c | 5 +++++ 5 files changed, 43 insertions(+) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 352ebc576036..91fc22d793e8 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1282,6 +1282,7 @@ struct kvm_x86_ops { void (*migrate_timers)(struct kvm_vcpu *vcpu); void (*msr_filter_changed)(struct kvm_vcpu *vcpu); + void (*commit_memory_region)(struct kvm *kvm, enum kvm_mr_change change); int (*page_enc_status_hc)(struct kvm *kvm, unsigned long gpa, unsigned long sz, unsigned long mode); int (*get_page_enc_bitmap)(struct kvm *kvm, diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 6f34d0214440..b87b6225d2da 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1391,6 +1391,41 @@ static int sev_resize_page_enc_bitmap(struct kvm *kvm, unsigned long new_size) return 0; } +void svm_commit_memory_region(struct kvm *kvm, enum kvm_mr_change change) +{ + struct kvm_memslots *slots; + struct kvm_memory_slot *memslot; + gfn_t start, end = 0; + + spin_lock(&kvm->mmu_lock); + if (change == KVM_MR_CREATE) { + slots = kvm_memslots(kvm); + kvm_for_each_memslot(memslot, slots) { + start = memslot->base_gfn; + end = memslot->base_gfn + memslot->npages; + /* + * KVM memslots is a sorted list, starting with + * the highest mapped guest PA, so pick the topmost + * valid guest PA. + */ + if (memslot->npages) + break; + } + } + spin_unlock(&kvm->mmu_lock); + + if (end) { + /* + * NORE: This callback is invoked in vm ioctl + * set_user_memory_region, hence we can use a + * mutex here. + */ + mutex_lock(&kvm->lock); + sev_resize_page_enc_bitmap(kvm, end); + mutex_unlock(&kvm->lock); + } +} + int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, unsigned long npages, unsigned long enc) { diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 6ebdf20773ea..7aa7858c8209 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4313,6 +4313,7 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .msr_filter_changed = svm_msr_filter_changed, + .commit_memory_region = svm_commit_memory_region, .page_enc_status_hc = svm_page_enc_status_hc, .get_page_enc_bitmap = svm_get_page_enc_bitmap, .set_page_enc_bitmap = svm_set_page_enc_bitmap, diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 2268c0ab650b..5a4656bad681 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -415,6 +415,7 @@ int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, unsigned long npages, unsigned long enc); int svm_get_page_enc_bitmap(struct kvm *kvm, struct kvm_page_enc_bitmap *bmap); int svm_set_page_enc_bitmap(struct kvm *kvm, struct kvm_page_enc_bitmap *bmap); +void svm_commit_memory_region(struct kvm *kvm, enum kvm_mr_change change); extern struct kvm_x86_nested_ops svm_nested_ops; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 3cf64a94004f..c1acbd397b50 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -10717,6 +10717,11 @@ void kvm_arch_commit_memory_region(struct kvm *kvm, /* Free the arrays associated with the old memslot. */ if (change == KVM_MR_MOVE) kvm_arch_free_memslot(kvm, old); + + if (change == KVM_MR_CREATE || change == KVM_MR_DELETE) { + if (kvm_x86_ops.commit_memory_region) + kvm_x86_ops.commit_memory_region(kvm, change); + } } void kvm_arch_flush_shadow_all(struct kvm *kvm) From patchwork Tue Dec 8 22:07:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11959941 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D9E5BC433FE for ; Tue, 8 Dec 2020 22:09:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A7F23222B3 for ; Tue, 8 Dec 2020 22:09:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730880AbgLHWJb (ORCPT ); Tue, 8 Dec 2020 17:09:31 -0500 Received: from mail-mw2nam12on2043.outbound.protection.outlook.com ([40.107.244.43]:26709 "EHLO NAM12-MW2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726421AbgLHWJb (ORCPT ); Tue, 8 Dec 2020 17:09:31 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WlZZOtY4hcjAs2OMEMeFh48bx2cP3ZFvy4utOcDtSB7G6vlmZDKuOriGVCwg8ezBnGMFqRC7MWDhYd0FiI1U9MqabUKo63siLobiLCAVBwUTzh7T77df1Z2801I2jZKv0G4bG/2U7QIYK1g909/3bZO9RcWvtOMi1twZVs1WrJtHLdSYtNY3mQdZiVXZ4i6UszekkuHQNX9ALEjbqtV4eRu3ZqiukiENZQBM1ko4Fya8XX2A5W9YVjGxp62dX/UwoF6pR4hCKMNUzhSo1/wadR2V0v6aOtjCMxdvBEV4rFQqX1sV8N7ZxRARHRm9DHeoyvSXtm9GQWW2jYXiNZtOmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ny1Gd7lV7WlaLdpwyPbHskbBU2WwJwrVGgHlVvGi90U=; b=Z6+vr0TR2ilRXK30aBAAN0FHrkrPJkqWvNqh8/eYN1S5Voa4QbR8IGU1FYHF/PK9ruU8lZcrR9Ts7F9Babfedf5B0EZNHt2+tItCg7dlsQsq6wEhWblYv0J4os5k9qY+foSkz/TFV+7nAYoLZ5jx4/05kNuI/Z0PSHp4b62cwtthTS+b0sYzA8zmjdFwPzAxIBAQY10c96qlC3lyrOj57tMjhhRS37l5vxUACHX4T+L2kndepcRCsieS1ydgDDx1leWovSYjxLJPEkuV84+cSEl36gd+StxAogzFek18U8Pb8hWkaeYB7HvTWNPXqJhXktCC8CAAr2BT+aCenVx4vQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ny1Gd7lV7WlaLdpwyPbHskbBU2WwJwrVGgHlVvGi90U=; b=v1b9fVenJTUYJ22poT8fTDnUmIxiM7nyUOt9H6/F+iRgXk1GGWM1hDDFgBShj9asML8b3h+K5gfDWhRpSRMZMz8h4pG32Ad6PD71gLofgqx8IZ8KOieo7XH3kgYSk5wUgHy9ArUVp9DAA2itftWNfZCNhQbp3tfk0kJypelZL40= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4415.namprd12.prod.outlook.com (2603:10b6:806:70::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.23; Tue, 8 Dec 2020 22:08:04 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3632.021; Tue, 8 Dec 2020 22:08:04 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v9 13/18] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR. Date: Tue, 8 Dec 2020 22:07:55 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0501CA0013.namprd05.prod.outlook.com (2603:10b6:803:40::26) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN4PR0501CA0013.namprd05.prod.outlook.com (2603:10b6:803:40::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.5 via Frontend Transport; Tue, 8 Dec 2020 22:08:03 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: e29e0b37-269c-4863-bf0c-08d89bc5bc5d X-MS-TrafficTypeDiagnostic: SA0PR12MB4415: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: V/p0LSdIThXbWp02evdctzhkrpQvfN+1NaWAhhrhsb/GlY7p4vZY5HZGsifXafGpqqyhKh4Wgmv9nQxRro78lMahusDyJNbAYjQtFZ5iagf5CL30dekCGlBJhQp0VZ8bgbhuIFVzTemk231BlYp34nuYWEXtR19besSCCqYNqkFnueU1eO8qN2TeskP6cuLLeqaPsVuCQfsrR61RIg3n+ouj0OH989fEkQJ4l4xlKbUqf69DvsyiYs9vlx0St6Oe2sBKg1YiZlfIrh2qnrCCHQ4FgVOr3LRLDlAfX2cnyMzxdcr+UUqJ0F5EF62SnPmJmdZl3KVqai7aTxu+0ZZkbvDwwjIJ3z8biCbJJvsYtacXUytIepL3y0qoiUe6xmco X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(346002)(136003)(366004)(34490700003)(83380400001)(186003)(4326008)(86362001)(6916009)(7416002)(16526019)(6486002)(5660300002)(66556008)(8676002)(8936002)(508600001)(7696005)(52116002)(66946007)(956004)(36756003)(2906002)(6666004)(26005)(66476007)(2616005);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: nw61Sn/uJiLjzN/gJjHeoxG4seKXtEpPqlXZAtRVZDEYmfK0oHy/cWEtzuknt9YCksIE9KqONo0dWc10b+DWe8RZtN0uw7Z24P9R/MIQxiU7VXVOjyO2F3WWMipO+CuVd3UefCgdba9/LsIt/h2hpvVReV/XCND0qX3cAtBz/COBvUwfsRfuLQV9Kkgar/CqqCl9/fChKHO+yPeePphSfpJrIFhwagzdwPlbGEm352PPV7J+7mAuMwNXZfodTGTZgpBjOzgKeeTw+AGZOzKs/MJx3athTjhpwpzZ2y/e1MAIsX01Rzo5IV7fNUng8zrct3Els4oKZRrsYCdGCLlLu+PmaZqJ9hahf4RXU7CpmGEhPMH1lOUKqOn8v+S3MrKGLkT89IJn3SF1VTesOWR9jl9Pq3FSJymyGhUOsnOXc9GpUvwY7NATyh27biHJ51SZA3aVJHu3eJTbMnsFOAFlOdos5bZEg6tBGzV5+7aIuEq6ZXVwBGNR8YTP1fLVjxovskjV7OQa5zrTjAM2EiE9/2dJe67K7XgJsxrWZ92WcwHIvt/SmkCcHU9c7N6A4pCC71FlZOreXINUxn9ZvIqBjypzLIP641pQegPKW+JmV3u7GGCllTUAFFUWuUTx0nljCSjvlMMwjXd8bl9YGEb+Ov2R389Yx9sOoYvN/dHMK4lzCKLh57RCIY1VJ2UFMu5oIaQDAnEKyu2V3i7kGALECUPvt0+yil2rqhI4VBzpO/fOZIfFscAHSMcvkyhHsLwtJLVw02TBPEDkcaaNQbMuVPMXqwQerhO4RgqF2lN1rViGxu7oBGdkLx8p5fEbUSwgHlnsb/7+331DqcPwF2kWomh5eBQ8XCqZmBBhW37Puxqy7AGMx4n5Qoe3c9bNXmroZ8ecQYJFRE0YpL0AyzgcIXkAUqiuEh99oFoJUpjHYHyJ9bUjWfsDRugl/rpZz9q84Or3HWhpU2FYsPNFmn8E0X98YuPZ7YnMZLJ2MQprHBTwyT3Hz1fLTe8BfZNpEzeD X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2020 22:08:04.2948 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: e29e0b37-269c-4863-bf0c-08d89bc5bc5d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: EfGQlkRebI+aeFy0NbluZAb4j81xlanhXMY2EhPP5fvf75GoKT/wZx+W3Cb19ov2xsaqjSLBoUVoKSGFLBMCpg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4415 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Ashish Kalra Add new KVM_FEATURE_SEV_LIVE_MIGRATION feature for guest to check for host-side support for SEV live migration. Also add a new custom MSR_KVM_SEV_LIVE_MIG_EN for guest to enable the SEV live migration feature. Signed-off-by: Ashish Kalra --- Documentation/virt/kvm/cpuid.rst | 5 +++++ Documentation/virt/kvm/msr.rst | 16 ++++++++++++++++ arch/x86/include/uapi/asm/kvm_para.h | 5 +++++ arch/x86/kvm/svm/sev.c | 14 ++++++++++++++ arch/x86/kvm/svm/svm.c | 16 ++++++++++++++++ arch/x86/kvm/svm/svm.h | 2 ++ 6 files changed, 58 insertions(+) diff --git a/Documentation/virt/kvm/cpuid.rst b/Documentation/virt/kvm/cpuid.rst index cf62162d4be2..0bdb6cdb12d3 100644 --- a/Documentation/virt/kvm/cpuid.rst +++ b/Documentation/virt/kvm/cpuid.rst @@ -96,6 +96,11 @@ KVM_FEATURE_MSI_EXT_DEST_ID 15 guest checks this feature bit before using extended destination ID bits in MSI address bits 11-5. +KVM_FEATURE_SEV_LIVE_MIGRATION 16 guest checks this feature bit before + using the page encryption state + hypercall to notify the page state + change + KVM_FEATURE_CLOCKSOURCE_STABLE_BIT 24 host will warn if no guest-side per-cpu warps are expected in kvmclock diff --git a/Documentation/virt/kvm/msr.rst b/Documentation/virt/kvm/msr.rst index e37a14c323d2..ffac027aba5b 100644 --- a/Documentation/virt/kvm/msr.rst +++ b/Documentation/virt/kvm/msr.rst @@ -376,3 +376,19 @@ data: write '1' to bit 0 of the MSR, this causes the host to re-scan its queue and check if there are more notifications pending. The MSR is available if KVM_FEATURE_ASYNC_PF_INT is present in CPUID. + +MSR_KVM_SEV_LIVE_MIG_EN: + 0x4b564d08 + + Control SEV Live Migration features. + +data: + Bit 0 enables (1) or disables (0) host-side SEV Live Migration feature, + in other words, this is guest->host communication that it's properly + handling the encryption bitmap. + + Bit 1 enables (1) or disables (0) support for SEV Live Migration extensions, + any future extensions related to this live migration support, such as + extensions/support for accelerated migration, etc. + + All other bits are reserved. diff --git a/arch/x86/include/uapi/asm/kvm_para.h b/arch/x86/include/uapi/asm/kvm_para.h index 950afebfba88..0e8e59115ce2 100644 --- a/arch/x86/include/uapi/asm/kvm_para.h +++ b/arch/x86/include/uapi/asm/kvm_para.h @@ -33,6 +33,7 @@ #define KVM_FEATURE_PV_SCHED_YIELD 13 #define KVM_FEATURE_ASYNC_PF_INT 14 #define KVM_FEATURE_MSI_EXT_DEST_ID 15 +#define KVM_FEATURE_SEV_LIVE_MIGRATION 16 #define KVM_HINTS_REALTIME 0 @@ -54,6 +55,7 @@ #define MSR_KVM_POLL_CONTROL 0x4b564d05 #define MSR_KVM_ASYNC_PF_INT 0x4b564d06 #define MSR_KVM_ASYNC_PF_ACK 0x4b564d07 +#define MSR_KVM_SEV_LIVE_MIG_EN 0x4b564d08 struct kvm_steal_time { __u64 steal; @@ -136,4 +138,7 @@ struct kvm_vcpu_pv_apf_data { #define KVM_PV_EOI_ENABLED KVM_PV_EOI_MASK #define KVM_PV_EOI_DISABLED 0x0 +#define KVM_SEV_LIVE_MIGRATION_ENABLED (1 << 0) +#define KVM_SEV_LIVE_MIGRATION_EXTENSIONS_SUPPORTED (1 << 1) + #endif /* _UAPI_ASM_X86_KVM_PARA_H */ diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index b87b6225d2da..83565e35fa09 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1483,6 +1483,17 @@ int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, return 0; } +void sev_update_migration_flags(struct kvm *kvm, u64 data) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + + if (!sev_guest(kvm)) + return; + + if (data & KVM_SEV_LIVE_MIGRATION_ENABLED) + sev->live_migration_enabled = true; +} + int svm_get_page_enc_bitmap(struct kvm *kvm, struct kvm_page_enc_bitmap *bmap) { @@ -1495,6 +1506,9 @@ int svm_get_page_enc_bitmap(struct kvm *kvm, if (!sev_guest(kvm)) return -ENOTTY; + if (!sev->live_migration_enabled) + return -EINVAL; + gfn_start = bmap->start_gfn; gfn_end = gfn_start + bmap->num_pages; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 7aa7858c8209..6f47db7b8805 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2765,6 +2765,9 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) svm->msr_decfg = data; break; } + case MSR_KVM_SEV_LIVE_MIG_EN: + sev_update_migration_flags(vcpu->kvm, data); + break; case MSR_IA32_APICBASE: if (kvm_vcpu_apicv_active(vcpu)) avic_update_vapic_bar(to_svm(vcpu), data); @@ -3769,6 +3772,19 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) vcpu->arch.cr3_lm_rsvd_bits &= ~(1UL << (best->ebx & 0x3f)); } + /* + * If SEV guest then enable the Live migration feature. + */ + if (sev_guest(vcpu->kvm)) { + struct kvm_cpuid_entry2 *best; + + best = kvm_find_cpuid_entry(vcpu, KVM_CPUID_FEATURES, 0); + if (!best) + return; + + best->eax |= (1 << KVM_FEATURE_SEV_LIVE_MIGRATION); + } + if (!kvm_vcpu_apicv_active(vcpu)) return; diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 5a4656bad681..d1f503dc2584 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -66,6 +66,7 @@ struct kvm_sev_info { int fd; /* SEV device fd */ unsigned long pages_locked; /* Number of pages locked */ struct list_head regions_list; /* List of registered regions */ + bool live_migration_enabled; unsigned long *page_enc_bmap; unsigned long page_enc_bmap_size; }; @@ -505,5 +506,6 @@ int svm_unregister_enc_region(struct kvm *kvm, void pre_sev_run(struct vcpu_svm *svm, int cpu); int __init sev_hardware_setup(void); void sev_hardware_teardown(void); +void sev_update_migration_flags(struct kvm *kvm, u64 data); #endif From patchwork Tue Dec 8 22:08:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11959939 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3407C47434 for ; Tue, 8 Dec 2020 22:09:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C9BD123A1D for ; Tue, 8 Dec 2020 22:09:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731265AbgLHWJJ (ORCPT ); Tue, 8 Dec 2020 17:09:09 -0500 Received: from mail-dm6nam10on2068.outbound.protection.outlook.com ([40.107.93.68]:52065 "EHLO NAM10-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726421AbgLHWJI (ORCPT ); Tue, 8 Dec 2020 17:09:08 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gvpq1Z7H2wIOk60G9qqjcF5OQmObg6OSJ5SSMeIf/iOeBk6OtbPhyX7L+KnTFPnBJ6Ilu5bcBksuMcX4ADAdRdrWEQSrQGRUIBzncrEngmNp2l36O07E62WMNZhPB++ImwDL9w0af1X/JnqXd94nlpNZvSDYl/ITuRysFZdJKHAoLBxc3g6qspnsBPckEAnvva9Ft2qbEt/DLo0Th41XgyG1iwBW/28JWsdSfytNIVPnh8qz5Zm2A3a0z6YuO4aPP3SBDoWz1L9ti0OxJXwCZltpdQrzxalVavTRfYhSJAW3dwFyQV7xKV7uDFKoSAwdHCFkXeMpO5t/VU/iw3czVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=awtWtr6qcudGngNaB89F/KCqTuyYWVy8YJE2RT9vcM8=; b=ZEr4A9HEchMJ0zcANYx/7F8bSKKcdcjANtNt9syzd/1sakH83cncmNwJZalof/Xu6J6ZqEXFTK17ICvn4nFPxY2ues+S+yC3uXkMWFJqy2kpGCC03bOC90gf4qXuCNUNZPqW1m/vu/7KgoMFftoWMWWBQrIP5Orf9c4wg7JVVO6NWXUnCgoaLg0AW6nYhDF6eVEF5VnusYhFJPseANuab0+gnvNK/DHSPllb4NZrff+4zlsFME9iVjZrwuULxK/Uk4F+KKgLxBM42GrCUuk7jSYiv1VJ5UZwocBnDBLS5OjjqSh5hYc5kHEhAuFLdd5JIkWy2LyH+ZQzIEyl62xoPA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=awtWtr6qcudGngNaB89F/KCqTuyYWVy8YJE2RT9vcM8=; b=lS53bYMk+6XzC5Es77zqK8eXGYz9Wr3zbudafUpEXGM8dndds1rMVuWwRAZ9uD35tlAT8k4qsQ0FPBT5KV/ODnrFEvbBTT5kcjsSCzjMOKnaGA+ykx6gstd6SHdCuC/cNXvj0U1pGpjBAOjon+j/SaX3C/iChXzQ+qUzCnBbUpI= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4415.namprd12.prod.outlook.com (2603:10b6:806:70::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.23; Tue, 8 Dec 2020 22:08:24 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3632.021; Tue, 8 Dec 2020 22:08:24 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v9 14/18] EFI: Introduce the new AMD Memory Encryption GUID. Date: Tue, 8 Dec 2020 22:08:14 +0000 Message-Id: <3a2140b46673543a2c29b9450199a2793cc13cee.1607460588.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0701CA0002.namprd07.prod.outlook.com (2603:10b6:803:28::12) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN4PR0701CA0002.namprd07.prod.outlook.com (2603:10b6:803:28::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17 via Frontend Transport; Tue, 8 Dec 2020 22:08:23 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: f78f6837-c818-4010-12bc-08d89bc5c828 X-MS-TrafficTypeDiagnostic: SA0PR12MB4415: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4941; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: c2QV8dIDyO280nKFG2vBb4cOX9SDeDgVaeTTZL0yopO78NjdHkCDbb6Gctb04/bTX7ATXrZne41baQ5tGX+6qAwLnIBB+tcCjqwk/5q7JV/0LJI8OdeMFUZRY8ybCbNOpixM3qp/4mzkUIkzgVnjy6w5XyBTRWjQOyGAXmml7seyerUiXK0J9nFQYzFJZy9lsvrYXaFDjIynyk9zLxwcfroB9fEp3wBhgCNOijc5+HtuUuUyXS0PNvqPMOObKfXpeTG/nqW8M0DnhtFjyqwSq6zZDlrdnOD+5AlFxeKGWnKQQ333IHPTWGIEvqZDKXSgIG4xquXQusRa4kRYkZhGKXhbB8KgJKutcORXIg/zBBDr3v5o70GnDoN+akxQ7Nvk X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(346002)(136003)(366004)(34490700003)(83380400001)(186003)(4326008)(86362001)(6916009)(7416002)(16526019)(6486002)(5660300002)(66556008)(8676002)(8936002)(508600001)(7696005)(52116002)(66946007)(956004)(36756003)(2906002)(6666004)(26005)(66476007)(2616005);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: dFAmL9aUA2HQA+cS10T/w4SGddBZ/ehfk7jdTK9qSGxfiUBWY85lMZFvCixSunF7LcnTv+ekuNNOXKcWcGVe20lHeh2gnBSp58Trnr+57L+NodjEhwI8eoPfgbT5JgxhhFvh5JWaxq2JUEDSpRteu4gXKutxhrUYEyqf41YV43hwBvYpk4xoHkWLvnjrnr47DFgjjjfAFm0j7XHYqfl/CuFWvDaCGbGxmaGldqyEMy09GLyijgc0wqIH7cxBvs+fNmaCONNlD2nkdgVFOk0kl4iomzCyY1ziYnzek8FU5Qh69Mndd0v75plqt4J6pd2qv6/XHEtoK/XaNll+xEPfU+OCORAGFIDGtCp1sjSpaP2+1pgX9JCM5qJ2S2n+CYvnpV9sQMdOHnyHsg5HkMEo/zlzTVTarjEd152WYDrmMeepvtimb7HTSCFaQjH4lDo2LSe3cgdMPu7jjd2Sg7/gY72Ctt8HEResGaDnLpOgW/gFSQiK7CW7SIIPi2oNCO0KrI25a7/amfnSZZEQTC4SOrDKgWV9IbldYIpJNtdRBjZ2mp/tOxVxljg65o1nVfrWy+7Vpt75SyTVU5SPHwhcgq2mdabpuZen2XJ8LE6IQnQIEvp0qdn8KNW9aJg91tCAoq/2LWt4AvDCDo14VrrsYLnkrlL9tinujcqyimWmxoQQQMGhRmc9JE1PldAT8rEG6sxVWuOIak2IZ0ctKmgr8J5zXIrvNbW7GVCkjcR3zzuDdG7De/IB48KtwewjYcvZ+S/DEubYKQ8rIaTyxub0J75snmq2zthg1hHrRt4XUh7ROaqs266NKprhS37viQkM6CgqXgmKGMb8ACWq+co/imOz7QsosF+3w2n21t4Eqaoye8/FCUdBRTsEJwO+qdLRM46uNFLD6rY+pGJ2+DuAHceR6FW6u32tUts0Z3D9/Ah/fvEZIPjLuUtQSiAUR8jYB8UQ8MfJ6VmklsZrlLIEOhiU3ZVkfZKzieFQo45aqLV9liOQd8fgpgpEZkS5a2tJ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2020 22:08:24.0787 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: f78f6837-c818-4010-12bc-08d89bc5c828 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 0/XzO9y+zLeCfwQehCwSc0LV0neJPfwaXVpfKWW1Wv0t0UlWjxhEzIIbJQsCfsoVjxOlEc40YPVCb6cSVRUAJA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4415 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Ashish Kalra Introduce a new AMD Memory Encryption GUID which is currently used for defining a new UEFI enviroment variable which indicates UEFI/OVMF support for the SEV live migration feature. This variable is setup when UEFI/OVMF detects host/hypervisor support for SEV live migration and later this variable is read by the kernel using EFI runtime services to verify if OVMF supports the live migration feature. Signed-off-by: Ashish Kalra --- include/linux/efi.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/linux/efi.h b/include/linux/efi.h index d7c0e73af2b9..47d5b70ec058 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -362,6 +362,7 @@ void efi_native_runtime_setup(void); /* OEM GUIDs */ #define DELLEMC_EFI_RCI2_TABLE_GUID EFI_GUID(0x2d9f28a2, 0xa886, 0x456a, 0x97, 0xa8, 0xf1, 0x1e, 0xf2, 0x4f, 0xf4, 0x55) +#define MEM_ENCRYPT_GUID EFI_GUID(0x0cf29b71, 0x9e51, 0x433a, 0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75) typedef struct { efi_guid_t guid; From patchwork Tue Dec 8 22:08:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11959943 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 03C7EC4167B for ; Tue, 8 Dec 2020 22:09:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CFA4122288 for ; Tue, 8 Dec 2020 22:09:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731414AbgLHWJh (ORCPT ); Tue, 8 Dec 2020 17:09:37 -0500 Received: from mail-dm6nam10on2068.outbound.protection.outlook.com ([40.107.93.68]:52065 "EHLO NAM10-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1730419AbgLHWJc (ORCPT ); Tue, 8 Dec 2020 17:09:32 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Nek0qdivJnIcbY/YhyeM9Hc8u6Su4rwQQoIegYanONKq4wMXWGZjPw8k2kU8SXWrMpFfvVITMrCpvIyw+DJ4ay4AvLpF5ATP6uCEwKBMpXj4aeMTWGnY4veTl4L9QAu9gkRG+TJ8qX9dptrbdT3tGque0cyhrRnudwXh3hCOHUZ31UYrS9TvaJscwMGFsyXRE/VT6LkVLmFKHIUXWdkD9eQoCtlBZ83Oqd1KpXGfJda4jkInbe/iNXDGCv1xSahB1jZJV5ExsFqx9S3FMvrR1yVddkLVaXCFLB1+2y3v5M+JhCblZf6U8+FlBuHPWpeExBllOrPNL/nYe+UbjVPjgw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2wRrNktCQvx/Hr6Ndr0y61lwW0pqOcX0iTItXVRCy5g=; b=ExvuhwZYO6PgWQdNXwx+Q0UvrrY6VrqJabwAaPGkhrbKqR4hzU3NPoUV1AEIfUObT/AzjxRQQw4xR7WifFJXnwuksvVQ+wRVh9obkug9dach1ON5SwjOpjdE7gCEeR1QcnWrvFFq7I1aKbKnbmN2djGGl7pzckJmES7XpCBakg/ML3lIBnwFM9y9dAzfDUQlF3+TBMJCfd+561u5ih1LD6R4cDvjdN2wR/SuWfj89U6EG1k+aQ0X5vVghkY+RDCMftK+m8avLSWLgEx0XZk8jZBZEHjQTaHYh/x93BWlmakps+ccGfyU6a1hYO3uKY5ydGMJcCw+Zyr0X4n61kKMHg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2wRrNktCQvx/Hr6Ndr0y61lwW0pqOcX0iTItXVRCy5g=; b=YQKlKUtgxOTMhY6YMtyK+4h5c+Qaw2SMIbUSveNhUqXxA9FD98frnHPbrOALJymojn3n+vk1T8sMC3cI/8Uikfz6+gD9szk/wbndlCmqaejl0khnBf3FzDJzjsjOK2CJOijulBwnBuYtZ1vg1jU+NJF+5bvKA5n2z3uStFxuDaU= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4415.namprd12.prod.outlook.com (2603:10b6:806:70::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.23; Tue, 8 Dec 2020 22:08:39 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3632.021; Tue, 8 Dec 2020 22:08:39 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v9 15/18] KVM: x86: Add guest support for detecting and enabling SEV Live Migration feature. Date: Tue, 8 Dec 2020 22:08:30 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN1PR12CA0043.namprd12.prod.outlook.com (2603:10b6:802:20::14) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN1PR12CA0043.namprd12.prod.outlook.com (2603:10b6:802:20::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Tue, 8 Dec 2020 22:08:38 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: d3799fe5-c467-479b-8ca5-08d89bc5d138 X-MS-TrafficTypeDiagnostic: SA0PR12MB4415: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: FthA0Vz+wkouSKpJL3hO6BmDJ+QcJboDuA+4MWaDLDIfU2S18a9SmYIIWOZqvQMLcDRGmkRQs+jrfE5GTi/PQ1Vb+G8Ei7fwCAnSYNBKnSdXcxaYU0ZNBENs2+5Zenv6ksaoNzhN0cSE0QGH9R8HfGlxN0hi/N2K5OTP0fNQjX+Npr90hs0ebToP5BItrY4e/XvXyCQTsO0hW++rCluGamRZkxrnndfj/08mOXK/JxmKX6WTv+rbtqe1kZCvtU02sCwiq5KURCCchBQIXGOmWe42RlFDtednonsruVklZi3THWy7T+5/LAcDnL3wmgNKPFi5xz4YTfb9puZbWxk8/WjkT71+4h+fUQYS/ZbOxPiGnRF6MRdLfYkcSWY5XSxz X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(346002)(136003)(366004)(34490700003)(83380400001)(186003)(4326008)(86362001)(6916009)(7416002)(16526019)(6486002)(5660300002)(66556008)(8676002)(8936002)(508600001)(7696005)(52116002)(66946007)(956004)(36756003)(2906002)(6666004)(26005)(66476007)(2616005);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: EuSyWqv/NOheymI+rcJTfelf2n1iAMyGaj94zGhybg3kU5FVkrbo7+KGsr+xOG3UaSx/0j7IxIi8xXtVnZyLwZANKkhMHUs/B04xyZMPyPJI4fEZqw4AFwJ40RGHhXP6yW7GmPprIOr/sqTCjkDb0ferY8T0UEOJbSyjdJlrBbQZwtrPBOj4eTONLPUFnRqaX8lBa7z9ejkFbjhKaByRy70RzRGwPpTch4kV6ESj2CWQE1fJ4VDNYguq9B+bEsSt1FNdryTcK1z8PsII7NnK62RDTxJe0/9z5wddMwMTmRHC5vXbjtNRC49CGEYnZQQAyJ1aN8UVdmsO77gIsRDP44EktRj4tS/e0QCtKFGw9uN0OhVJzuRIS1gW6Nu3Odo6izioU64pj1rH0NEdSKV9OWT7reQISSH1z64etfbufFSce18RJRXWHPNTMoeTsEkFiqzvCQ/Yzs6hLcTu3t6Caapf43mWFK/XETqqiU0JNbMvXH2kQ5VAayFVjyaAwgQh/dZp4k8DdV3zkJ+e8rwQsgdbhfQrvkoXPbNx9GkUPdJ47Ioadl2sHLLkGNZxv96B6wh7byTEnrHSb7h9Qqce43HTOuEdMGPFhC238znUtTG4uSYS9mx/KOGNkMcLUmOMZHqjOzSJP6XkA0kFcUCQkr6bSVsInA/3cb/WbijUtN35u/amfAXyElt8rOEhJa9jG85jEMmlt+L10QGZvbpfvo2/S44dXN6AO++sX7QwROPglBhh6ow2kSSp9TR99dhfs5eFcYowZz/ElHnckxRQx2IXgOlhLAAlttR7EhyB3sGDvGTs7mtIFsc1dswYul4s0B7vnaZWmgn9t89Va82dxeKtN3ExcyKEED/fC67RFY6DiLN6I62Ao35MpJgLeabtpqmc9n0yWwLzw2H0g8eeFBfBVTtTs9f6QVdAD0yK8KEVxIu35CgDwKwyP1D2K9i+0C2jlCuuqzxKVHafvytjPLc3aQ3Kie+E0hKclc+YdQBe/QFBJ0QB+U4/W5ogTHRu X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2020 22:08:39.3042 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: d3799fe5-c467-479b-8ca5-08d89bc5d138 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: j+Pcun4thhHxQqGymxwZpaDErln/uNZBt1NFHRPJfP6lc1UDxru7z0x/Dfexdj/ybLdvharJl8GA3uUBDg2/8Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4415 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Ashish Kalra The guest support for detecting and enabling SEV Live migration feature uses the following logic : - kvm_init_plaform() checks if its booted under the EFI - If not EFI, i) check for the KVM_FEATURE_CPUID ii) if CPUID reports that migration is support then issue wrmsrl to enable the SEV migration support - If EFI, i) Check the KVM_FEATURE_CPUID. ii) If CPUID reports that migration is supported, then reads the UEFI enviroment variable which indicates OVMF support for live migration. iii) If variable is set then wrmsr to enable the SEV migration support. The EFI live migration check is done using a late_initcall() callback. Signed-off-by: Ashish Kalra --- arch/x86/include/asm/mem_encrypt.h | 11 ++++++ arch/x86/kernel/kvm.c | 62 ++++++++++++++++++++++++++++++ arch/x86/mm/mem_encrypt.c | 11 ++++++ 3 files changed, 84 insertions(+) diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h index 2f62bbdd9d12..83012af1660c 100644 --- a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -21,6 +21,7 @@ extern u64 sme_me_mask; extern u64 sev_status; extern bool sev_enabled; +extern bool sev_live_mig_enabled; void sme_encrypt_execute(unsigned long encrypted_kernel_vaddr, unsigned long decrypted_kernel_vaddr, @@ -43,6 +44,8 @@ void __init sme_enable(struct boot_params *bp); int __init early_set_memory_decrypted(unsigned long vaddr, unsigned long size); int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size); +void __init early_set_mem_enc_dec_hypercall(unsigned long vaddr, int npages, + bool enc); void __init mem_encrypt_free_decrypted_mem(void); @@ -59,6 +62,7 @@ bool sev_es_active(void); #else /* !CONFIG_AMD_MEM_ENCRYPT */ #define sme_me_mask 0ULL +#define sev_live_mig_enabled false static inline void __init sme_early_encrypt(resource_size_t paddr, unsigned long size) { } @@ -82,6 +86,8 @@ static inline int __init early_set_memory_decrypted(unsigned long vaddr, unsigned long size) { return 0; } static inline int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size) { return 0; } +static inline void __init +early_set_mem_enc_dec_hypercall(unsigned long vaddr, int npages, bool enc) {} static inline void mem_encrypt_free_decrypted_mem(void) { } @@ -110,6 +116,11 @@ static inline u64 sme_get_me_mask(void) return sme_me_mask; } +static inline bool sev_live_migration_enabled(void) +{ + return sev_live_mig_enabled; +} + #endif /* __ASSEMBLY__ */ #endif /* __X86_MEM_ENCRYPT_H__ */ diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c index 7f57ede3cb8e..7da8b6b3528c 100644 --- a/arch/x86/kernel/kvm.c +++ b/arch/x86/kernel/kvm.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -429,6 +430,53 @@ static inline void __set_percpu_decrypted(void *ptr, unsigned long size) early_set_memory_decrypted((unsigned long) ptr, size); } +#ifdef CONFIG_EFI +static bool setup_kvm_sev_migration(void) +{ + efi_char16_t efi_Sev_Live_Mig_support_name[] = L"SevLiveMigrationEnabled"; + efi_guid_t efi_variable_guid = MEM_ENCRYPT_GUID; + efi_status_t status; + unsigned long size; + bool enabled; + + if (!sev_live_migration_enabled()) + return false; + + size = sizeof(enabled); + + if (!efi_enabled(EFI_RUNTIME_SERVICES)) { + pr_info("setup_kvm_sev_migration: no efi\n"); + return false; + } + + /* Get variable contents into buffer */ + status = efi.get_variable(efi_Sev_Live_Mig_support_name, + &efi_variable_guid, NULL, &size, &enabled); + + if (status == EFI_NOT_FOUND) { + pr_info("setup_kvm_sev_migration: variable not found\n"); + return false; + } + + if (status != EFI_SUCCESS) { + pr_info("setup_kvm_sev_migration: get_variable fail\n"); + return false; + } + + if (enabled == 0) { + pr_info("setup_kvm_sev_migration: live migration disabled in OVMF\n"); + return false; + } + + pr_info("setup_kvm_sev_migration: live migration enabled in OVMF\n"); + wrmsrl(MSR_KVM_SEV_LIVE_MIG_EN, KVM_SEV_LIVE_MIGRATION_ENABLED); + + return true; +} + +late_initcall(setup_kvm_sev_migration); +#endif + /* * Iterate through all possible CPUs and map the memory region pointed * by apf_reason, steal_time and kvm_apic_eoi as decrypted at once. @@ -742,6 +790,20 @@ static void __init kvm_apic_init(void) static void __init kvm_init_platform(void) { +#ifdef CONFIG_AMD_MEM_ENCRYPT + if (sev_active() && + kvm_para_has_feature(KVM_FEATURE_SEV_LIVE_MIGRATION)) { + printk(KERN_INFO "KVM enable live migration\n"); + sev_live_mig_enabled = true; + /* + * If not booted using EFI, enable Live migration support. + */ + if (!efi_enabled(EFI_BOOT)) + wrmsrl(MSR_KVM_SEV_LIVE_MIG_EN, + KVM_SEV_LIVE_MIGRATION_ENABLED); + } else + printk(KERN_INFO "KVM enable live migration feature unsupported\n"); +#endif kvmclock_init(); x86_platform.apic_post_init = kvm_apic_init; } diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index 9d1ac65050d0..cc1a4c762149 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -48,6 +48,8 @@ EXPORT_SYMBOL_GPL(sev_enable_key); bool sev_enabled __section(".data"); +bool sev_live_mig_enabled __section(".data"); + /* Buffer used for early in-place encryption by BSP, no locking needed */ static char sme_early_buffer[PAGE_SIZE] __initdata __aligned(PAGE_SIZE); @@ -206,6 +208,9 @@ static void set_memory_enc_dec_hypercall(unsigned long vaddr, int npages, unsigned long sz = npages << PAGE_SHIFT; unsigned long vaddr_end, vaddr_next; + if (!sev_live_migration_enabled()) + return; + vaddr_end = vaddr + sz; for (; vaddr < vaddr_end; vaddr = vaddr_next) { @@ -376,6 +381,12 @@ int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size) return early_set_memory_enc_dec(vaddr, size, true); } +void __init early_set_mem_enc_dec_hypercall(unsigned long vaddr, int npages, + bool enc) +{ + set_memory_enc_dec_hypercall(vaddr, npages, enc); +} + /* * SME and SEV are very similar but they are not the same, so there are * times that the kernel will need to distinguish between SME and SEV. The From patchwork Tue Dec 8 22:08:45 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11959945 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18779C4361B for ; Tue, 8 Dec 2020 22:10:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DDF6722288 for ; Tue, 8 Dec 2020 22:10:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731420AbgLHWJt (ORCPT ); Tue, 8 Dec 2020 17:09:49 -0500 Received: from mail-co1nam11on2067.outbound.protection.outlook.com ([40.107.220.67]:15968 "EHLO NAM11-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1730697AbgLHWJt (ORCPT ); Tue, 8 Dec 2020 17:09:49 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=C962lhQ6uYJ5lU6QCGm5WnGG7qi5/e2f1KlOmtIvZdh90ie7MGy989ocGS3b04qMFqs8Tyg385JVOy15oKEdlwgG47dCvuBZiJjFKg/QuAtqDskGdA9xdSqQFCm3/cMk9mDUeX9/Z4XbZOAPOoWXByDWknyS3+aMnExAKISy3DmwQbfsm7tBwMQw609dyIyN8sfy1kWOcQfyvRYfDOSgvD5XfeRhqxTEt9g/5KnePQuSHUxg2hXHBdUtqSr4mTl17R84N2gfUqAZpRcR/bT06cXw9XS4pj8txJGWpHGn1TKQck0ydxkzP3olVx59600VLspBma1uOYciCwtZAHnaxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y8gS01XJgSEW8j6D72RNHJqLJ4u86vTtL6/YJwKNssQ=; b=KwLuucvq/Fn84N+XTAAIyybM33GTJ+QUIwMOw7LbqaKx/EIk7t8sU02p07mxgp9VZtj6dE7v878K2y+dK4vonnwaScLd34FXMJbpmR5GgCIS9/BYbVuwXvgmqcVghavTdWldmlJdDaa3bCkd+K+FEC/ci4kVcZHlfXgeWCx5ELiEZE0Efq+DiDzcf45e6TnOv2ZtlyKxoTZGd04D2XgaklqaEf9DHUSkT/9RAf3gsxPvcZuaG3XILQBBNhku4inzqtsSjnS4psMRWHoaN/HA+YoaFQ5FRjGg4wjSDAo+1USzfY+PIzWdNZoLNGEFlSLicYpuZTiX1Mla2FRVY96n6g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y8gS01XJgSEW8j6D72RNHJqLJ4u86vTtL6/YJwKNssQ=; b=wsm0v2lWP0gs8t29PeIqNdzj3FQzfTkDwCMA7K01yqwZxslAjta4EL+Qlu1lGcpiVaTTibCz1vjXF4ue2djYsixONhZ2P1TnN+aMlYsLeQkijpzS10HTRXP2DeEjoVxYW90EbE+7QET9F6U3qeb7+ZQwdN9C3lWkeK5Ii5A7RzI= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN6PR12MB2640.namprd12.prod.outlook.com (2603:10b6:805:6c::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.21; Tue, 8 Dec 2020 22:08:55 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3632.021; Tue, 8 Dec 2020 22:08:55 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v9 16/18] KVM: x86: Mark _bss_decrypted section variables as decrypted in page encryption bitmap. Date: Tue, 8 Dec 2020 22:08:45 +0000 Message-Id: <45bf5465811db7bb22aff49728adb2b7dcebbcb8.1607460588.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR13CA0064.namprd13.prod.outlook.com (2603:10b6:806:23::9) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SA9PR13CA0064.namprd13.prod.outlook.com (2603:10b6:806:23::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.7 via Frontend Transport; Tue, 8 Dec 2020 22:08:54 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 53fad189-4aa6-4629-b77c-08d89bc5da97 X-MS-TrafficTypeDiagnostic: SN6PR12MB2640: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1186; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: BmtyhrlRPwKjPmsNQjSiBbYbYXaWmmj0EPCvdzkQtNCvFK7JPFeEcazqFlnYl3x3Vt1HJdIYSIT3AUVce7ZfD4fhZcqE7+cciK7ecfUbieJ8/xea0xC719NmHS117Pja64E9KeUbbYRcf0hBZsPcRaHsGox3HkfFh2cnwxuZtWil5G1jpfuGsqCt9HAYLA2tC81k022L2qUj+mmZSgmLriRVKi1xlkVFzW6WenP/HVpDVwtqi2eAdT+DUA4joo0+zS7/K3pYOfpjtbT+lqzXC9cdKeW6CTaRKUeQTdpFiG7GfPS130X760rMlT11uKo25s+k3sNghEGuYePVUz93AyJIyhS1HsavjkFVi5idWj0De3D7u5YOirrweumSnU9i X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(376002)(366004)(136003)(2616005)(2906002)(66556008)(83380400001)(508600001)(4326008)(5660300002)(6916009)(52116002)(7416002)(66476007)(6486002)(34490700003)(186003)(6666004)(8936002)(16526019)(8676002)(66946007)(86362001)(7696005)(26005)(956004)(36756003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: Oj8QoKgQV3hm5B5wGoZLpOpAz7EOVQ7wlHhEQuxB/SIjyQp7xM2Vr6+oIUgkEZqmN8w9APWMUX2i/PY3uKrOiqSsgUTG3p3tjBmti5b8f2iPqmpu/bkzP71gi9hUyXOTobC3obDmBMW55DYXTfNN53bkH3sdDSSk+IV22E39LxmETbWtEL5z1ZP+m2bhkgJKdDATV9rNzEViXs6Q0n/h4hGrtkijsOSSFPLEThITGFqZXxlBGioOx9JAMecufK5ZD03qnh8nWtFjAWupPmLFIuOZPj5rBMwiXf83oa2LycUopIDEwHc7UCiUNpDGXdjVkowMnEFli0pVLnyeXTmfqfa7ZVCrTpx3dDu50MmtdhvoH6LvnAeZ4Sh7PcBa+4RFcyGlV/bIl7pcX3WeN6JCF8Ve1MWuG2omwORRAUhzsTJPNJNe0pWmWVLa/G0PMjzyipIwihpI8/zc7lNBvbcQhUFw/H44d1MUHjyWwDfqFVdsCvjUHwJzPiBGvKoSimhT/v3a1zatczmQkb5wsbluEdl1s87MoXf0s+ezGsRfZ0FT+IRXvylnm5KxWLcqkgKm+vBkl0cR60eU5XHHXY87GsbgiJZAWDZGRU97W7G8GwzePJOCW4dhSc8aIDqgNFyazTZazS5QA/BxaYxtfwmseiOsDWSxuqecDt8gVOEu4U0U16ShUdeON+ztMAJVULC1gWXYwXBsyyYGL0VPjYJAx28SGWC0kWUjDCQ1wCsUgccOTlPxIUOf1PomOkVpMUD2iQu7uuZDOri1oKTBIEBF7Y43dx/BdO8sFkZrwy9RjZN+qdRUkEgv3loz+SLlAToFtmPSwcXZk7ie+WH0VxKHKJ0ftU3FpYVcLRkOi35K2DNEQT1/FsDSwSumYnIzGwyvQepvzs+S3dJwyFcyPgxBNv8dCnzh8jt2DkGJwff6viftFZHNZkm7VznC0UrYu7h6Fi+Jp1AL6SYRpTNEx1OsEVXv+dkFNbOXf34KNOfJfWBe/edyIpulQ0uEDs4dC3bx X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2020 22:08:55.0534 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 53fad189-4aa6-4629-b77c-08d89bc5da97 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: dgeC5gJTT/nrTZ7QzlrH+oamXPiLXKMO+M8re+f5BHDcMyr9SEBzPqJHES/n1M7NF627xeRsDhV/tYFo++Vifg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2640 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Ashish Kalra Ensure that _bss_decrypted section variables such as hv_clock_boot and wall_clock are marked as decrypted in the page encryption bitmap if sev live migration is supported. Signed-off-by: Ashish Kalra --- arch/x86/kernel/kvmclock.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c index aa593743acf6..f80cc637ff2c 100644 --- a/arch/x86/kernel/kvmclock.c +++ b/arch/x86/kernel/kvmclock.c @@ -333,6 +333,18 @@ void __init kvmclock_init(void) pr_info("kvm-clock: Using msrs %x and %x", msr_kvm_system_time, msr_kvm_wall_clock); + if (sev_live_migration_enabled()) { + unsigned long nr_pages; + /* + * sizeof(hv_clock_boot) is already PAGE_SIZE aligned + */ + early_set_mem_enc_dec_hypercall((unsigned long)hv_clock_boot, + 1, 0); + nr_pages = DIV_ROUND_UP(sizeof(wall_clock), PAGE_SIZE); + early_set_mem_enc_dec_hypercall((unsigned long)&wall_clock, + nr_pages, 0); + } + this_cpu_write(hv_clock_per_cpu, &hv_clock_boot[0]); kvm_register_clock("primary cpu clock"); pvclock_set_pvti_cpu0_va(hv_clock_boot); From patchwork Tue Dec 8 22:09:00 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11959949 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B1408C4361B for ; Tue, 8 Dec 2020 22:10:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8124A222B3 for ; Tue, 8 Dec 2020 22:10:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731441AbgLHWKj (ORCPT ); Tue, 8 Dec 2020 17:10:39 -0500 Received: from mail-co1nam11on2057.outbound.protection.outlook.com ([40.107.220.57]:20577 "EHLO NAM11-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1731434AbgLHWKi (ORCPT ); Tue, 8 Dec 2020 17:10:38 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VnqM18GxsMBvS84XCF7+y5FQ6MuJZYK9bPjbm0zZTeEh4ksSjPHpnA/PIbieigv1Q1NbUJdJcMAMkO1WeZ8Lc1nOZPI/v7zzfapVWZnQQkK8lA3gghTFlRJiHm+rvwPTRoDXerV5nQavIDOBONawQQVTKEk/C58QHOAFiX/+oqS/HSwRYItdXwJOCL62MHa/MXyBQlqs87AftOTrVp+1kJip9DtlFBxvizozY6IGsv67Dy8Je8wC2U0e8pRN+hmwXjchCiFR+ilPq+mxVD8d06QVVCLZ5ebLYwwiT9q8Q4vrm1DC/4qgzW1niTd+toZ+Q/fjBZI6kT7qPvOLmeZWQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y32Jsat7mUDBkXETurjQXw1KLTgJMT3lbi/K3NLfE9M=; b=bCmyJduWLf1qcl9WAhiCPeGY/4q8AUWCsksoFBXw4YHL83poqgqu6u1AGlj7Z28jTbnnQb4g6oryninMVawsSl7h2PHwwDQ35f5HgCm2YBVp4VqruNg7V4MNXrAPAfqqlT0sTdhczJx9UUTvZNatRtVtb3G2Rn3006rT6MKUwEtjfFc5CjFPY5h3pb8fW/ChjdO7gUJmFYkAoWcMM9o0A1ek9HXdmLd4OsUrW0/O76P9LOJjYSXVEZLAxnnMrX96SUJ6gQCiRQ9lnZWTOhs2znj9PtSHMS3zsafrlXVwxUQbQlQ8R2ot5/Sp6B4HkzNpqlXsPIU8YPpQuNAYQPN5xg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y32Jsat7mUDBkXETurjQXw1KLTgJMT3lbi/K3NLfE9M=; b=0p+6CVe/eqnX5gxqW7NHStjMfAttqFUe4eVbVmeIVxiTgBMIT5T/rqicqCZiJYSFGozKj7hAfY86KhEKcFdjLOh4LukPuiirM+9agrB6h1q488KC31tJpDNcCqDt/ixm7ELXLyF8LMBT+BnMIXs+4o34Ad8fd0FxyeEGeCfcPm0= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN6PR12MB2640.namprd12.prod.outlook.com (2603:10b6:805:6c::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.21; Tue, 8 Dec 2020 22:09:10 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3632.021; Tue, 8 Dec 2020 22:09:10 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v9 17/18] KVM: x86: Add kexec support for SEV Live Migration. Date: Tue, 8 Dec 2020 22:09:00 +0000 Message-Id: <1199f844e26c7e761c55d13a5fa2db30fc80f769.1607460588.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN1PR12CA0056.namprd12.prod.outlook.com (2603:10b6:802:20::27) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN1PR12CA0056.namprd12.prod.outlook.com (2603:10b6:802:20::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Tue, 8 Dec 2020 22:09:09 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: a40b1d0d-087c-41d0-78e6-08d89bc5e388 X-MS-TrafficTypeDiagnostic: SN6PR12MB2640: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3383; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: xzSTZGov2rpRzVs3C1TscUymXl707UrJz7uTQUskSKrqRoRmtAhpqELZ0197im0JdAlV1AVUbXpgWnl0hKFZjxJfhb2AXdsgBHvEQGUBx2+s8EI+91gTmfWMf/t5hqSkMlU5X39LTj0bTuMbLd9ytO0O1HKgW7R+QJkfrt1tQkXtLfx62gyWC2kqry7GTrN9P83EeCNIYAWzFBonLYsOcwUI8NP5A8ezZqGcZZe7FZG9epPpEYwVb3/F6h5UbqfAQfbc9aArsffyie9V8sE6R6LjayVFVhQZpIKT28sKHn26SEkYrKk/UAAIk/HZjgWSy67hfJv5Fs4UqrzubFYNhsYt1AdNRC38itG3I+aHCu64epjvI8inZakFXq5G+4ZY X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(376002)(366004)(136003)(2616005)(2906002)(66556008)(508600001)(4326008)(5660300002)(6916009)(52116002)(7416002)(66476007)(6486002)(34490700003)(186003)(6666004)(8936002)(16526019)(8676002)(66946007)(86362001)(7696005)(26005)(956004)(36756003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: AoaYT3USW9ykf+r0nBnePZJwjRZ4rK9MIpZSTaFOLnoogz5oTASck9sobn4gnwzCMw83se2VHYyK9cEgCrG82qbOMZ9/J7ITbDReQxraWsCqCxs2ZUGy7aWLHO0PiRBKyCHLqpDefRH6aI6kjUIzRyWIfM4jCkkOFvEr0GtOZ0zPHqWzLCqHnkN7nc7PJCjoSIJNrkBZwG0NOPvL6+Hl4rsuBiq1dZjtyr53Ogw6U2DPalEs1IF7evqcxq+AiaOW+42ZuswG1EZiKfZ2FwjfyP1DIB0DmhFQY8jZM3aAoYxhjknXWEj0KES7lC/1TszRz9JooCfT0WgfXH1fAfNRlbYeXRheMczPP0abCcYwkklID/Cf+aFNE01r1hWmJR3k9O63YMiltk3akf5KtxGrZrlwya4gRlZHSocPbCQd4g8TscdWmeQAv579x4Y/Wv9hOGaEVt7g8nNfzvtbqC3kycWOfwT8Moy6tjEBSXkTGKFytM4xGjQd7u32fwZLeA69D4Is8no0a1jckSJH9e54HO8LZYg/Cz4JEhrkmhVilx40MGGj6AEsMJZ5f1+KO2nsg2ZEZADKPGcbNNrzLRUOrQm6bZ3jA9+ECKxdABRMKdUB2jBh2WBqZzA5+G/cEDGBx9lAUtYBV85JydRdiBo80oXeP9ftkky/q0b+vqk6XFthm0NFhKcH9zhprTytoClgVA2umpz6jtUNQeFDcTq7at1dZgR0gR3LJEvQSzVpm8gMKWSwR06Nhyk96XkmHSlSnd2e07KPxM2ywdVrFv+wnFphiAS8Q9gQnBERt3q7IA9f182CkXx7I/8qNp79TctIRbbKmvIvEwVbB8qTTGqkLpyGtm3SZSE2/9oncldtUggQ/UpRsOSHwP6RWrS1cDhd5oolC20l/3kogc/BOtR1NPAIHd1WNhw3vhEPnuViaBlCioD9tYlXBpfIl7R8GhWNGz/+mlxN6CrEG3ERw9tEfrP6cq+PUN9B7tLVxWtd3ht4F+rw7fwSjDxEWTAcmrw7 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2020 22:09:10.0370 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: a40b1d0d-087c-41d0-78e6-08d89bc5e388 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 72OrdjIGN7GEdW3GJb3JvFylySj1ou2hNtfKkE1YhZ+entaU8qY+ztQ13LHhqmjWH64M7dNaFwp2++7eEmWjcA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2640 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Ashish Kalra Reset the host's page encryption bitmap related to kernel specific page encryption status settings before we load a new kernel by kexec. We cannot reset the complete page encryption bitmap here as we need to retain the UEFI/OVMF firmware specific settings. The host's page encryption bitmap is maintained for the guest to keep the encrypted/decrypted state of the guest pages, therefore we need to explicitly mark all shared pages as encrypted again before rebooting into the new guest kernel. Signed-off-by: Ashish Kalra --- arch/x86/kernel/kvm.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c index 7da8b6b3528c..3245ec003401 100644 --- a/arch/x86/kernel/kvm.c +++ b/arch/x86/kernel/kvm.c @@ -39,6 +39,7 @@ #include #include #include +#include DEFINE_STATIC_KEY_FALSE(kvm_async_pf_enabled); @@ -384,6 +385,33 @@ static void kvm_pv_guest_cpu_reboot(void *unused) */ if (kvm_para_has_feature(KVM_FEATURE_PV_EOI)) wrmsrl(MSR_KVM_PV_EOI_EN, 0); + /* + * Reset the host's page encryption bitmap related to kernel + * specific page encryption status settings before we load a + * new kernel by kexec. NOTE: We cannot reset the complete + * page encryption bitmap here as we need to retain the + * UEFI/OVMF firmware specific settings. + */ + if (sev_live_migration_enabled() & (smp_processor_id() == 0)) { + int i; + unsigned long nr_pages; + + for (i = 0; i < e820_table->nr_entries; i++) { + struct e820_entry *entry = &e820_table->entries[i]; + unsigned long start_pfn; + unsigned long end_pfn; + + if (entry->type != E820_TYPE_RAM) + continue; + + start_pfn = entry->addr >> PAGE_SHIFT; + end_pfn = (entry->addr + entry->size) >> PAGE_SHIFT; + nr_pages = DIV_ROUND_UP(entry->size, PAGE_SIZE); + + kvm_sev_hypercall3(KVM_HC_PAGE_ENC_STATUS, + entry->addr, nr_pages, 1); + } + } kvm_pv_disable_apf(); kvm_disable_steal_time(); } From patchwork Tue Dec 8 22:09:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11959947 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A6653C433FE for ; Tue, 8 Dec 2020 22:10:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 76C7D233A1 for ; Tue, 8 Dec 2020 22:10:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730697AbgLHWKM (ORCPT ); Tue, 8 Dec 2020 17:10:12 -0500 Received: from mail-co1nam11on2067.outbound.protection.outlook.com ([40.107.220.67]:15968 "EHLO NAM11-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1730552AbgLHWKM (ORCPT ); Tue, 8 Dec 2020 17:10:12 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Lyzw37eJGTlKWzNLFoEYXE7eSp4mbgSMh8Ob7cyntgk1arjbOZGA4NA5kqlMunkZh1Vza+ujZaUC4PRQ30apYdHkzRMAik0BEHVCsC5fifVyUz7JlSBd4ONBf6FzL6/aWV4l9LFXych6YnAAS8R6htK2b3ZGHdcJW9C1x7E3g+3+hMf9ACanKzHahTp5S033GiLFvSRm9mc7Phs6Z1R5ZEvIHvIASzeYG4U515+J+j718cUeLNLvgHKFhb1o89fhEuWMQwXss8ynZGUjveuv7XESll0sCGvwVe7cvOS9r0mzAUAbWERnv7CmrL7x7IuxAdwBuptfcxmQtNXwA5e0hw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Pyb/AdcWHNJO4hx0tqbBzqOyCCgIgiYSEF6v0WqbEy8=; b=jRfTdOQV6v2TD7TAB+B5ffUUV6mXq/iiFANHfZiztrAFUdHjKgjvoeheguZh2Ol3c4FsmB5kkNFuHjnlpAtrcE0s58AMJRTOSdDrRlljnhzbNGqkqE/EzL/8zVA2sCk89pKZO6inpXS190zP/O4mN/ZirDmF3csGnJMMY9oRONcR/shk74hcZ5yXWLaI0GI5jKCjDSV46jrKpkyni5lmesp488OoRmn01Hhf2sI3515TgdSjExXDK7dj2lMMbasE56KzuLYFq1TkxoXRLTfFzKt7ipvNKLjs2wsBz+vf7ltNMYyKRtdurAY/JYxtBX1pg58vQ9RXIDE72PbxDtJ5Tg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Pyb/AdcWHNJO4hx0tqbBzqOyCCgIgiYSEF6v0WqbEy8=; b=DeEfpFZ0J0fm8h4d9F6AHFkKHydu2ofyMfsSXrHIVRNbUBC/DOm1wLQyGdT7zwJqBV7gdZaaZPkGYiV3CBByF4W3oVoWCAMvQeslvvg2wB2Q/yVXJuQb+vBKm2wSrif8kII1TwSHw8dajZNUeUPeBeb1gSsbb2I95zfEKmOYODs= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN6PR12MB2640.namprd12.prod.outlook.com (2603:10b6:805:6c::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.21; Tue, 8 Dec 2020 22:09:27 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3632.021; Tue, 8 Dec 2020 22:09:27 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v9 18/18] KVM: SVM: Bypass DBG_DECRYPT API calls for unecrypted guest memory. Date: Tue, 8 Dec 2020 22:09:16 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR18CA0007.namprd18.prod.outlook.com (2603:10b6:610:4f::17) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by CH2PR18CA0007.namprd18.prod.outlook.com (2603:10b6:610:4f::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Tue, 8 Dec 2020 22:09:26 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 09ee149b-e387-4c22-9ca0-08d89bc5ee13 X-MS-TrafficTypeDiagnostic: SN6PR12MB2640: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:747; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: re6ZS82Utv0cUjqgQTeXA1I7dYrXNqlmytoPLEEH3lt3wmJN2CBipzj173qSBDg5ATAzJ7UH8miPkcV8wIPmPpNnIvVi23y65cbtE4iD/t8NZ3VfduPso98l+CxC4smHEE9PLh6vNFtsjcAo53xpkkM+9x7G0oz9rzPq5RwtUK8Tr37ET63fDjYDpVNrPebhuUyWsxxWXJC8HaSlOR4lL76x9r6gKfq6FrSVzQoH98j6uzxHXNHXLu2Qw5D7dRmUmYvHCbkzJzKnD1CQTnxTJDpSrWyRXP6h5dkB+vGeusKl78PHwS2yMq1NCJCH+GoGsfcRMEz9pob0ev5dhveOnTntnhCrmc9RMfjaNVEL0za0CxqIcUI/id2Iu3UH8+9U X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(376002)(366004)(136003)(2616005)(2906002)(66556008)(83380400001)(508600001)(4326008)(5660300002)(6916009)(52116002)(7416002)(66476007)(6486002)(34490700003)(186003)(6666004)(8936002)(16526019)(8676002)(66946007)(86362001)(7696005)(26005)(956004)(36756003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: IQOyr1gExZ+cqm8bjIuQ5oIpyzCZcZ0WVCmtlN9eWIcVfaI5u7mqNTfKRVmnaZ3EcT2EVKnUYmAhvYkAtnI0oGSWjNLiE2JaSua3jz/lHd28zWpTHWKpjcI+xf6iWojzxVf7RXKBoW/FS84R+cziV/whgSx5NyUSF6NNoCYAtuu9uxENGWcSdLB9nVjtgZnFzZqMdBdKozjbLeGWueXCIi7TeuTnsckaeNqVB3o+ING6PS6a0qaYwRdg61jBmdQgXAjZfSodUx6dU6HK7gfHxK2JCAjnbtQsUEmJ+PK+OD+mOInSkchOKt87zN5vdrUwn4IYLXJDkJc+k2lXe8AF1uq8HBgOVTPGTkYQXXNPoyxtqQSj7cbjRBrgr2p13vbrzPjhCuI6KJDnOYqpBvg/+iEqMf2eTQhs5kfmiH7NkpQyDa/6C6bc6wwAxY+TAyCPKCBIkJ6eY1rHiiDLYU6fk0p6CcYgkHK7JPJCk6l4XOkMWb29pa1gvBSOga6AsebQzjZXCprLrx1SI1nC2va7w58sPINqpYPZrSatC7HY2cqBIU82I5eT2QpiicWWgPDo0H+u8fPWMCXnM7HU2YsIViGUCx3SHdgH5QXgIFt7oLhhfO2VKuwV3fjwSNJUDUgFfpcHBeIzsbHE4JDDOvygU4sy7jZX72xdE0vjUCeAXoaAF8j1MmBvFwvS3b2d5Q/5rvHgVLXJ9VPprBQbWWBNMMiWRvwHaJ6kTuNfvidpFMjaXsBuOojov04Px6FtsiZ7KN4qD7RUluyYqaR4Gw5cPf7frV5MKbDHfxm24wBFeYEJW1IzfqLxql22kfanoWU0r8tKdoX7L0qX4g7HA+4XBKnUaLGbiLthXTu95d/aieeHpn/bj6S4ULVnGehblGRLjEEIFSZyjN1OphmhbW6nz+A6Q2fBk/LkWmNAnVVtKhpjJ5H/9hkKMThhDLfFUvNfIlTTkpFwZBC6vqMuvowns4NaG5Y/DWWZeglDuYr7YZMGF0mufJQlWhYkngSlDjux X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2020 22:09:27.7270 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 09ee149b-e387-4c22-9ca0-08d89bc5ee13 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 5uW7NQv4Fab+5LbxrZO0qU1WGAkt3Cq7A9nogG2xT1lemculc8EELuRaSGzyhZIY2Yx/w4sadnQK/oCTdAp/xA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2640 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Ashish Kalra For all explicitly unecrypted guest memory regions such as S/W IOTLB bounce buffers, dma_decrypted() allocated regions and for guest regions marked as "__bss_decrypted", ensure that DBG_DECRYPT API calls are bypassed for such regions. The guest memory regions encryption status is referenced using the page encryption bitmap. Uses the two added infrastructure functions hva_to_memslot() and hva_to_gfn(). Signed-off-by: Ashish Kalra --- arch/x86/kvm/svm/sev.c | 76 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 83565e35fa09..da002945a5ae 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -764,6 +764,37 @@ static int __sev_dbg_encrypt_user(struct kvm *kvm, unsigned long paddr, return ret; } +static struct kvm_memory_slot *hva_to_memslot(struct kvm *kvm, + unsigned long hva) +{ + struct kvm_memslots *slots = kvm_memslots(kvm); + struct kvm_memory_slot *memslot; + + kvm_for_each_memslot(memslot, slots) { + if (hva >= memslot->userspace_addr && + hva < memslot->userspace_addr + + (memslot->npages << PAGE_SHIFT)) + return memslot; + } + + return NULL; +} + +static bool hva_to_gfn(struct kvm *kvm, unsigned long hva, gfn_t *gfn) +{ + struct kvm_memory_slot *memslot; + gpa_t gpa_offset; + + memslot = hva_to_memslot(kvm, hva); + if (!memslot) + return false; + + gpa_offset = hva - memslot->userspace_addr; + *gfn = ((memslot->base_gfn << PAGE_SHIFT) + gpa_offset) >> PAGE_SHIFT; + + return true; +} + static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec) { unsigned long vaddr, vaddr_end, next_vaddr; @@ -793,6 +824,50 @@ static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec) for (; vaddr < vaddr_end; vaddr = next_vaddr) { int len, s_off, d_off; + if (dec) { + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct page *src_tpage = NULL; + gfn_t gfn_start; + int srcu_idx; + + /* ensure hva_to_gfn translations remain valid */ + srcu_idx = srcu_read_lock(&kvm->srcu); + if (!hva_to_gfn(kvm, vaddr, &gfn_start)) { + srcu_read_unlock(&kvm->srcu, srcu_idx); + return -EINVAL; + } + if (sev->page_enc_bmap) { + if (!test_bit(gfn_start, sev->page_enc_bmap)) { + src_tpage = alloc_page(GFP_KERNEL); + if (!src_tpage) { + srcu_read_unlock(&kvm->srcu, srcu_idx); + return -ENOMEM; + } + /* + * Since user buffer may not be page aligned, calculate the + * offset within the page. + */ + s_off = vaddr & ~PAGE_MASK; + d_off = dst_vaddr & ~PAGE_MASK; + len = min_t(size_t, (PAGE_SIZE - s_off), size); + + if (copy_from_user(page_address(src_tpage), + (void __user *)(uintptr_t)vaddr, len)) { + __free_page(src_tpage); + srcu_read_unlock(&kvm->srcu, srcu_idx); + return -EFAULT; + } + if (copy_to_user((void __user *)(uintptr_t)dst_vaddr, + page_address(src_tpage), len)) { + ret = -EFAULT; + } + __free_page(src_tpage); + srcu_read_unlock(&kvm->srcu, srcu_idx); + goto already_decrypted; + } + } + } + /* lock userspace source and destination page */ src_p = sev_pin_memory(kvm, vaddr & PAGE_MASK, PAGE_SIZE, &n, 0); if (IS_ERR(src_p)) @@ -837,6 +912,7 @@ static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec) sev_unpin_memory(kvm, src_p, n); sev_unpin_memory(kvm, dst_p, n); +already_decrypted: if (ret) goto err;