From patchwork Thu Dec 10 17:06:45 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965693 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C55FEC4361B for ; Thu, 10 Dec 2020 17:09:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 99E7C23D39 for ; Thu, 10 Dec 2020 17:09:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392496AbgLJRJZ (ORCPT ); Thu, 10 Dec 2020 12:09:25 -0500 Received: from mail-dm6nam12on2055.outbound.protection.outlook.com ([40.107.243.55]:46528 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1730503AbgLJRJK (ORCPT ); Thu, 10 Dec 2020 12:09:10 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lLAJzhBDKxzJdFcSf89HT1YTauyoEQ/4TziLaGANXL8Y/KWjh+/VR+qiKKvWWJTj7yOGKyaJrREb4KmXscXrc+QG2m4mfsYTPXzPZDllSr1pAu54ghjPFY79XlL4QEcn0ETyFqmEJxY+MwjlAjr3+enW8odIVTq4ceBIL3JRn/fpMdI9qrSUMJ58ilYJEpP4qbZeB1n0ZiDJpxETofVjKRpY+IpRHiGsZdMyL+k02tlzMl8mvL98erg+t/+gNm4ZXWmiuljgvRWdHMKzf+o2A1KuOMPq4V72O98KTguO8CJjSa/iiba+kSULCCtKd4d3eQiCRHRPniMFQOlQyhYzSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jIDSQVwBhceTkXrKGCJrfTL5U9e5STc9iqm9UuU3694=; b=jWouVlkxPGesp+cgKzaZXoFSsmGuvve45KZw+wtsGiWj8AJbv5KKg+pPqFq0YYYZDaRb4uXhy/LqBWtjOuwA/lUFtTNTDNEoXhPpVcEZ7GxotVY2uqddsJdfkLKuZ8lzSL7fOcOM4xqJHlSJReVs5KlPVjzSy3nOfQfUMBEKJ6enKIXi72bxNsJzcf+4i0EmlJgZtp/AWRjeFenkvl+VHnjQJULL/9mMuImy6/q3GCIaDNu7WXhT9XxWyY9qQYoZTXDfyh9eUCHW1MT5JAqbgb6pxmGhfCkKbGyX/QfcoNMNlzG7abz8B4Nh1BvnTfp8bPE/xP9fQTQNxnE2Lc7VQQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jIDSQVwBhceTkXrKGCJrfTL5U9e5STc9iqm9UuU3694=; b=NdS51naCgAUj3Gvu6z0BMHLHBDsNM366Fb5sA6CCt9jgssQSk6y8VVV2acrpf9Avcmr5eUlEhPP+eZGeOceZ8sEODN06awJubZ1Rm0hjpnKelKjCWNJcTSQfSwhoHDYQHPvvtJChKBjvNf8CRFULL+0FzZkscIFjC0BQTx+C3/E= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR12MB1493.namprd12.prod.outlook.com (2603:10b6:910:11::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:07:43 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:07:43 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 01/34] x86/cpu: Add VM page flush MSR availablility as a CPUID feature Date: Thu, 10 Dec 2020 11:06:45 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR03CA0013.namprd03.prod.outlook.com (2603:10b6:610:59::23) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR03CA0013.namprd03.prod.outlook.com (2603:10b6:610:59::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:07:42 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: f213ff22-85c6-4d90-4d6d-08d89d2e1bc9 X-MS-TrafficTypeDiagnostic: CY4PR12MB1493: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: gMfvoe2AdnTKdr6tfMlnus88PrYJm1e0iKvqCte7+5TJStINuX6B61I75KMoSEg2tHZYbdoh5aDDQ2ruuJOzA9Uii2RkMCYRn9luKo8RMMshri0IqLd2zpHrcGDFUMwcPNbOu0rvAuiXbk4qm/rWo4vt21lGfUSatF+xMIA0ptIo8caPW3+OqALiUNxrKx1En0ShP0bV7IV0uYFcW9kFJ7sdtffHJ8uIKv1WYPD3P2dIHg2qc7FJXz8QN50EbhB5AFHaXO9+P3tC6XzhDzLA4HlIcI4QPvz9j2bnDl8yqjvKV++0jvd20wApQoo4KBocq4CbSfh8l0rfz9UPTRA/hKx6pIK9TeC3kt8/pzzkiQyO5zldaq7ttWrXGy3xN/PU X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(136003)(376002)(346002)(5660300002)(66476007)(186003)(52116002)(8676002)(36756003)(8936002)(4326008)(86362001)(2906002)(66946007)(66556008)(26005)(508600001)(34490700003)(7416002)(2616005)(16526019)(54906003)(7696005)(956004)(6486002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: F6l0gRMtm6TicIMHKEA/LCdtLmfsboFj4kcUOaG9EkogsdIAanrmJOo9CXK+HYW8vmVTLz9JbxBQLxvjgqfzqeC3jkOsUht1q1YQUMAqWhkGIkT48WDpWiPYg5XnqkicJzzZh/7czCv5CSuhY/BnlvgtEpjSlEnTCMKzcYPdKC4nEjJhfX/uZ8/DTPNQXdPcePlTXGy6x0oZ7oA6dQxGmwj2GzXZVb268y1LeCEY8i35RYOHNhVHE0rRXkOWDjv8E0DJvSjmagKs6A1++vrOSc+GH7bv2YgY9ESr4UFFNblSNtQO9qgsp1ZSwOc4Oc0FNDbahuOAjqoUfl71qzYD0Hmz/ch98JtpmL7hAQImvsNFIs7vPeVkqHrBeVBbDuf3rlOQ4pkKuMp9LDG6mepsm6Pv6FXV5aHj2Iq4OGWCNvWqjmrYBCffk3MlcqWbRWYrH3UIM2zvleY3AYz/VgYffv6OEIDBHCJrIiaZjETKYnLIuW5nRT1HKnvAllitXtDizD5HCrIQ0pqYMHGcGzgQkYUUWjb3wdk3QNZHIgpCID3eutELv4bjC/dXMsuVq/3rjVyREv1A6Ee0HXALye1u8FfCl4LGkAJkg4LIupsVbMc9q1/LGNlIkj/KvikXWLZUD1AF8zBE0isEd6DTuRBEOOsy9D4sun+PBI4tOWJJZ9vRl7HSTMONxL0XaArOgHFahrrV+3Ggalx81WapZybBErwb7dJjutnwgx/XSHw8Sks6VQWNhAdcVYu2hhQyC0v77Hvuka+Enl/UPV71v8Knr34qVGKu+zfxskPrT3WR4qLaOy4gdtRk8SdR/Tbertsf0bRuQP9g3SXqnjmkZIgD92jo94Z41Ok24yVZYltMklvkHb6Zl0p9Vk4lzFH9ymuB8yLQv7N5ZaDithe9pTuIuCfSr+MyT6MWwSOqhbsZ9fqkutHfmPxbQ1PO09ay0oEgTSJIWILxljReN1Mttsa/Ez+8vSE4lJaGQrknOznQgj/wYvD3LAOVyrO0KfyDtHCE X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:07:43.2509 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: f213ff22-85c6-4d90-4d6d-08d89d2e1bc9 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: d8I5PNeM1OeCRnSKJ1wO2yXAnqPBNTc17PK+JtouS+g8+3rwNXppOM7Yba3JIyj2t3ENEj2TM0i6KRkzNEUFvg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1493 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky On systems that do not have hardware enforced cache coherency between encrypted and unencrypted mappings of the same physical page, the hypervisor can use the VM page flush MSR (0xc001011e) to flush the cache contents of an SEV guest page. When a small number of pages are being flushed, this can be used in place of issuing a WBINVD across all CPUs. CPUID 0x8000001f_eax[2] is used to determine if the VM page flush MSR is available. Add a CPUID feature to indicate it is supported and define the MSR. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/msr-index.h | 1 + arch/x86/kernel/cpu/scattered.c | 1 + 3 files changed, 3 insertions(+) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index dad350d42ecf..54df367b3180 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -237,6 +237,7 @@ #define X86_FEATURE_VMCALL ( 8*32+18) /* "" Hypervisor supports the VMCALL instruction */ #define X86_FEATURE_VMW_VMMCALL ( 8*32+19) /* "" VMware prefers VMMCALL hypercall instruction */ #define X86_FEATURE_SEV_ES ( 8*32+20) /* AMD Secure Encrypted Virtualization - Encrypted State */ +#define X86_FEATURE_VM_PAGE_FLUSH ( 8*32+21) /* "" VM Page Flush MSR is supported */ /* Intel-defined CPU features, CPUID level 0x00000007:0 (EBX), word 9 */ #define X86_FEATURE_FSGSBASE ( 9*32+ 0) /* RDFSBASE, WRFSBASE, RDGSBASE, WRGSBASE instructions*/ diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index 972a34d93505..abfc9b0fbd8d 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -470,6 +470,7 @@ #define MSR_AMD64_ICIBSEXTDCTL 0xc001103c #define MSR_AMD64_IBSOPDATA4 0xc001103d #define MSR_AMD64_IBS_REG_COUNT_MAX 8 /* includes MSR_AMD64_IBSBRTARGET */ +#define MSR_AMD64_VM_PAGE_FLUSH 0xc001011e #define MSR_AMD64_SEV_ES_GHCB 0xc0010130 #define MSR_AMD64_SEV 0xc0010131 #define MSR_AMD64_SEV_ENABLED_BIT 0 diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c index 866c9a9bcdee..236924930bf0 100644 --- a/arch/x86/kernel/cpu/scattered.c +++ b/arch/x86/kernel/cpu/scattered.c @@ -44,6 +44,7 @@ static const struct cpuid_bit cpuid_bits[] = { { X86_FEATURE_SEV, CPUID_EAX, 1, 0x8000001f, 0 }, { X86_FEATURE_SEV_ES, CPUID_EAX, 3, 0x8000001f, 0 }, { X86_FEATURE_SME_COHERENT, CPUID_EAX, 10, 0x8000001f, 0 }, + { X86_FEATURE_VM_PAGE_FLUSH, CPUID_EAX, 2, 0x8000001f, 0 }, { 0, 0, 0, 0, 0 } }; From patchwork Thu Dec 10 17:06:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965691 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9B962C433FE for ; Thu, 10 Dec 2020 17:09:21 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 61C7823D39 for ; Thu, 10 Dec 2020 17:09:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392480AbgLJRJC (ORCPT ); Thu, 10 Dec 2020 12:09:02 -0500 Received: from mail-bn8nam12on2064.outbound.protection.outlook.com ([40.107.237.64]:38097 "EHLO NAM12-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2391374AbgLJRIz (ORCPT ); Thu, 10 Dec 2020 12:08:55 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iodZAQJ6R8BQDFw7uZKbS76J4SzQryu8hM81b6yJP5DShhmDzkqs6HaioYMpPRI9d1EDkb3OYNyNSI8LTv5+DMLAr7mDtuwrUNlLmBaIZ5TlYNDiT+iWHsEa5HMAbXNu3rEl6tNqX2Z1MPh/cqPoMYl9oZpHEHFL5hWpTS0eXiVz+5Ij3+Lr4hXrv9s+tbJEvclO2+hCMBqoZpjjUWCZ4je3Iri90w5xhd6wLDfqfkgsA5iBGtr9ZKA7yDBB8SnLWa3OZrgMDPPtfX7z1QSooqa3JkYbxfcOCZ1rJi+sfkK7kectLgLysw7tfLdxaWj/lMocnIN/pHz/6aZF961Qhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dezrM75SgkRzYWh4Ln72KARkco3Iwy+sJTmsje+sres=; b=R3H646wn8VRREH9Oeai/rQ/DtuIvjOrLlyr477wNxifYxF5aJ+h24fNbxpFdT64O+biga9iVLPqo93FFQH8gqb8ZhBv9RyJ+7AIl4s/DdnzU8PGqGXDU/rUPJTo5RIY9InKW5CFVKFkJmrbJJ7KLPstrfmVTl4utE3pVA+et0ii5Tx5WOinrrfpwSfJ2rvUiMZiKSCQ+Cg/suc6GGKALpA1ziA0wt7qq1EO8Ns95LkLV8a0FtMb2YvtUDNUQkIXVAuRIEbTgecInvmK9PMfrWeayFwapzPqJ8rjbhvYawOomycZqt12rID6u8ys7+7uWF6Hvp1affJ6akR9/qkivwQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dezrM75SgkRzYWh4Ln72KARkco3Iwy+sJTmsje+sres=; b=hpGOCcNCAhEfY97iwwcS0bsSsHWmUptYEZImvZSQ6h6Yx3+tIrqkeUMWQdsTtQWr4O5kud3JH0QN8EeoR4gHa8T5UO84/Tvqid08oyK/XucOa+yOvd7RZabqUTx40GwPsrtS1CrPQexbPL1jrzZtsHLU5fU7bp50ehyO5tAwbBs= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR12MB1493.namprd12.prod.outlook.com (2603:10b6:910:11::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:07:52 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:07:52 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 02/34] KVM: SVM: Remove the call to sev_platform_status() during setup Date: Thu, 10 Dec 2020 11:06:46 -0600 Message-Id: <618380488358b56af558f2682203786f09a49483.1607620037.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR03CA0015.namprd03.prod.outlook.com (2603:10b6:610:59::25) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR03CA0015.namprd03.prod.outlook.com (2603:10b6:610:59::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:07:50 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: cd976015-2c88-42c1-098e-08d89d2e20ff X-MS-TrafficTypeDiagnostic: CY4PR12MB1493: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: QziQro2RXCI/BanbiGpiyx3rXmHVKz/j3kGPZpSELzku+NnESom2recatIkXHf9WDqpe8glwjmVIQVKIYw0rH8tG5Dx6CbzapReVV4tH4j0UAINhBmpkvdaECQonhP68VmZTdKMjGs+YoQ70n9Bswl7CcI86ieNU5qulVh/ibyQ2rIarY6T/Rchv+8leAFPnQesDCogFGVcfA96l2/OnqHfHIn7yZ+JquNoo93MchQQ/o1uYOp17dfR8N50wiqomr898Dscz4idyKkWgFmyU4CeWjm9nVuQ7yBmqsH/EhPP5JL0uQfCcm+x1Sdb6VXrcVdDd4n8APVqpRtcLmlDrbc+hBAdeswZcdSomSocb1yRFj4NaNn6wimRt12Eb0ybK X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(136003)(376002)(346002)(5660300002)(66476007)(186003)(52116002)(8676002)(36756003)(8936002)(4326008)(86362001)(2906002)(66946007)(6666004)(66556008)(26005)(508600001)(34490700003)(7416002)(2616005)(16526019)(54906003)(7696005)(83380400001)(956004)(6486002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: xxtxgu+UmhJPsPapv3B6ZFidWs09UIrgXmr5Cnks+syF7vXjfRHEA7zqy/1LnxbYVE5yJ/UD7jyEORMcaI/jMLLg5y1FCZAgCVKzLIKj9ZF+/ZCRslZ/VFoKGt4K6W5Q58yCizzfqzlihwuaI4aN0fT1+jV3d7Q314JTm61XuVwUJW3IFZKFn6C/4Ggg/xKMxqXfc+PmcbDQmIxELvjYFZPbGi726bQp5pdPsllRn3x2HDMnod8EwewG2nh6McaNZsE78npOqWaefj3Ep0bO9uSdI5eszPUvKYhAU6HgIT2V0SGbeqq0AeWytlSVohiXliqro88bvPd66potLvKi4VdYe4uxyrurPTwQXSsd7/Uq9AOB1cjKSkPOJOwcnracSCyrTV5uXKnvGhoHWUVB8tcVacgwXXXVpRW9Rt4jQlnqPcOTprtYSlKC8r7A3w0HsDH5JHmWmzYXa3VS2RZsQKqxneuXZhmAiCTtHNdU77NEcWi0pHLWU+cecktztzT3GPLBl975AA1iJD62QnlcwtvpaDh70BGZUrwJR615KIrS1yQsVa9XSNhd+LwyywbGwGeFUreWxx4/DO37rQXnARdlTIy6OQo/oNg4lzqJ5k4UM+Oyqtt27vj0pPF7LNqkZVEXF6rFTBhk0WWFu9F4ENVzDan3H5msxmPz/OkiEJ2i5NsRmInON92zVUbzb+2/SesbOlF8CQiC5l2mueljTxF+KjBdyYpOAVsacjT+ORAvGSFoBpCVIzf21X5XMkkeY2ZkO9mYNwXD2l2qXdnmzsQbNm+WN5Sj3xw+8kiMNVf6P5RYfpDncJ2hleOdQduFhwqFdzIXkXYN5y0+aaLGeAWp7iUoJn7+WtEoKxGHQwZPG2kLJJ5J4sd+xE9DDbmyGdTDORYj9OzFUZHwzqJtXTQMQTCIK+va+nb0di9E672pvuaRSFAC2t4/JwQzIjQVkrbidbqGWRVG2e9kiplstczZpBBJKKF9yXjdHNoIROfPGtLS0bDZSnrItirFSQsQ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:07:51.9627 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: cd976015-2c88-42c1-098e-08d89d2e20ff X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: G/v7hvbOP/TKMR0b8Gqt2YtiHVHfOpCzURBg1Di7R4t/oHhzFJ+BT5CA4KolKmuxKwBbc6oOJ41bTH+CbhHovA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1493 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky When both KVM support and the CCP driver are built into the kernel instead of as modules, KVM initialization can happen before CCP initialization. As a result, sev_platform_status() will return a failure when it is called from sev_hardware_setup(), when this isn't really an error condition. Since sev_platform_status() doesn't need to be called at this time anyway, remove the invocation from sev_hardware_setup(). Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 22 +--------------------- 1 file changed, 1 insertion(+), 21 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index c0b14106258a..a4ba5476bf42 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1127,9 +1127,6 @@ void sev_vm_destroy(struct kvm *kvm) int __init sev_hardware_setup(void) { - struct sev_user_data_status *status; - int rc; - /* Maximum number of encrypted guests supported simultaneously */ max_sev_asid = cpuid_ecx(0x8000001F); @@ -1148,26 +1145,9 @@ int __init sev_hardware_setup(void) if (!sev_reclaim_asid_bitmap) return 1; - status = kmalloc(sizeof(*status), GFP_KERNEL); - if (!status) - return 1; - - /* - * Check SEV platform status. - * - * PLATFORM_STATUS can be called in any state, if we failed to query - * the PLATFORM status then either PSP firmware does not support SEV - * feature or SEV firmware is dead. - */ - rc = sev_platform_status(status, NULL); - if (rc) - goto err; - pr_info("SEV supported\n"); -err: - kfree(status); - return rc; + return 0; } void sev_hardware_teardown(void) From patchwork Thu Dec 10 17:06:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965701 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id F235BC4361B for ; Thu, 10 Dec 2020 17:11:00 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B6F9C23D39 for ; Thu, 10 Dec 2020 17:11:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2403820AbgLJRK4 (ORCPT ); Thu, 10 Dec 2020 12:10:56 -0500 Received: from mail-bn8nam12on2064.outbound.protection.outlook.com ([40.107.237.64]:38097 "EHLO NAM12-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2392495AbgLJRJR (ORCPT ); Thu, 10 Dec 2020 12:09:17 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jxrPyJ4mSADB7T5L4nsbrQoO2VaYo94vXnN6ksiTp30kQoU327i4jqMqLX2GLnduBsnMvKsbX0x4DBbkKxVTMcVtAKyQvrs8vyYOZ3+wQZDdAGyShARSUk9MTkc/3A++NiHG1iUbYvj4RNbLDqF3aAsuJaCHtVAJClbLOqHQVE5QE+6kAB0x4Qzhj4GaxyomnT1pgCWyBSI0BVZVUBot+2KaWbcjwRmfSp9RpD7Gx95ZaLYZxQi2EDg2jD5K3HJ3Penpuiby3/bflAZq/nqVhuZkCxPnKZ6O3cm7vLbqeS+ie7hQ/HaBYIxvMlhvEAueS994H2LAjaUOD1GZTLv6YQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pEu7KmoSe2wsLRyaIXnIQhWobneKjtSr6mvX8Tyf+V4=; b=WMff2aedm/fcCJoJx6E5Xq//EfXDB2woE5ozqe1eKz6bJICBCj9uG+Z3ScXHtEMhz3AihEScP+CEInX4eG6cXCLkn1BR/202GavZXfDx13/8ZRF0cdhWu5IaFW0GgLwB+cc4VzmZp3NP32st4fGJ3kqi3/R3P3is1jm/WNMIMEoQRNgodQgsDqJ4y0fYhAN3leV/FTSpelV3R000f4h1lMnPzqUwtZAxDnMsMOQTbTpO8B+sahwOYfmx2h0gtYDopuzqV7Jjyk6pD/pXuaWHYu3F1tigRavlV66xSxswI2ilqU43ZRjMAOG8dxBH6LhG9q3ZsQ3rWgoc4XlAoaR0/w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pEu7KmoSe2wsLRyaIXnIQhWobneKjtSr6mvX8Tyf+V4=; b=tMUeSe0emQ8eLT81ZTNr5JlvJtGjs0FwdZTJFXRXvEF3JsS+JLj7hVDU2HfH9NTIniRouuMtbbzcaCQUSgdBHLzN0UvXN5tO1eNUJoMvDQ+dj+8CADeUzi5ufU09YTK1os6hq/lTSJwWEc77ijTcnH5A6ZB875IcFtCxSc2BIOo= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR12MB1493.namprd12.prod.outlook.com (2603:10b6:910:11::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:08:01 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:08:00 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 03/34] KVM: SVM: Add support for SEV-ES capability in KVM Date: Thu, 10 Dec 2020 11:06:47 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR03CA0025.namprd03.prod.outlook.com (2603:10b6:610:59::35) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR03CA0025.namprd03.prod.outlook.com (2603:10b6:610:59::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:07:59 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 8c20e564-74cb-4811-2836-08d89d2e264f X-MS-TrafficTypeDiagnostic: CY4PR12MB1493: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2958; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: k/l7DFBSB4o13E1r35LCt60j3YO6MeBrHYhi/LxWCesV12Ly2tGXoR5BcLtnxbXhgA8OJBK3OBLOCS14l1+Z5C755JsO8Z6iFXD5Tp5QHgEOTdDJvn5hLBe4DnbDCaJgEa4ZIQCDLbsk/xGSFmqirhGfalArG9nwf9Ah0iS89VaOLlU4STIJIJsfv9liggON96qobCl4PRmTI5sbh3yiuPYBQvIBBvG7PImmeEGfaSiA8Z39bsBiiWbhocc5fTLgXm6gkPAVGW88rpKvqHd4EiUIAeTzXrSPngFrNID+g4eIpswcilVqQHJv2SyQx2vH5jkHIUcN8DX4H+khDtU4g9c9e/CyBbxC/S4KCmjVFHDiVgTg+UzaD4nVgK/1tEz7 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(136003)(376002)(346002)(5660300002)(66476007)(186003)(52116002)(8676002)(36756003)(8936002)(4326008)(86362001)(2906002)(66946007)(6666004)(66556008)(26005)(508600001)(34490700003)(7416002)(2616005)(16526019)(54906003)(7696005)(83380400001)(956004)(6486002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: rvilIUvV6rUUCuN2pDbT4U/TqvVDmVJEtRxm31VnJwM4+dRJ9oladYiKc24uCSdmo8z/1Npmb8Ysa6ajDxvGtp2DRH2gXgm1FjywngyCh90+eyLX8PFRNiLf546qs7DtK7KQEZ8FuVdrKDCOkwyiR0YvqOmf55ijbUloozQXXP1iJY5YmySkbaGj0HaUO1hQ/hLCzGJtcSMgNDNadviX9+zvxioLwqll1P05DCS3AG4orfbB9HKylDIawJgqoc/btLSmTf1SEJyOBhJgQ5UMTKrztZafmb5diz66gCmlwRd/ME36D5KCVUmLmCbi6SCKeRUyNmx9T6boks8kuHUe94FW78NQrznpIakd3heQ5ff/FXKlOX6O/X5JN/gj5AD5B9+dH0qFRaLXmo4I5yBuSSMaQItPgcduwqf38xKWkSi40iEvhD5KzSovdewpbPpp8+qvLnIRiyhLB9Wpiu4+Ob/gDoH8JbgtqWk+jjflKMmR8DF0Webgmi+4LX7kALHDtjNY5E2Drz8Ght+gXAeWs0LIjr/Cjfvj954zDfGUAHQ+I4jlTbnYn4SzGYh4m9nNgSSsZNRnskgeCpyMYiMb/wiO5XLn2be1uf4W5Z7wKqkYdPZ+d6VA8zSoQVPO7rVzs3M4PMFNB2vhVm4ECiIizVqbqXykN82qL+XhnaVLq5jTQQ72b2pv4Vkr2Mrd4fXWadkO6e2FPkix1P3h2JMRlr1QrlfaGbZnHcRRVYXCR3e0q+OtWCUHSyuFBR18PBG82tCoVwz0GRABSvT+hZ9W5w0LfMmH0X8IdU5bGRyd969m4xb238/dWQ5IDdxNAPG1A1jTee6vpWcKjUWG12mD1CUpAK2av6oFIBni3ShDcRS7T60E7HNl+WlgxU8fdksW2DSBpGacM6p0fjZP6CkNHh/BWTyf5GeGRF+XqCBT3ZWMs4dioAVJ8OU1SWX1V21G+zeupF/btCdMB++UI20OnsHlv1HrkZpuXAECdAwZ1JASFheySOEezm2j1QvT5GDf X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:08:00.8663 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 8c20e564-74cb-4811-2836-08d89d2e264f X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: vCllvE3tY2kFwgxPfvxCxe5lXUUrT7MbUApHdphgmOdCDXkRyMKCzHY1veatYePVuBqgXkLHN2CfFWL11JRuDg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1493 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky Add support to KVM for determining if a system is capable of supporting SEV-ES as well as determining if a guest is an SEV-ES guest. Signed-off-by: Tom Lendacky --- arch/x86/kvm/Kconfig | 3 ++- arch/x86/kvm/svm/sev.c | 47 ++++++++++++++++++++++++++++++++++-------- arch/x86/kvm/svm/svm.c | 20 +++++++++--------- arch/x86/kvm/svm/svm.h | 17 ++++++++++++++- 4 files changed, 66 insertions(+), 21 deletions(-) diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig index f92dfd8ef10d..7ac592664c52 100644 --- a/arch/x86/kvm/Kconfig +++ b/arch/x86/kvm/Kconfig @@ -100,7 +100,8 @@ config KVM_AMD_SEV depends on KVM_AMD && X86_64 depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m) help - Provides support for launching Encrypted VMs on AMD processors. + Provides support for launching Encrypted VMs (SEV) and Encrypted VMs + with Encrypted State (SEV-ES) on AMD processors. config KVM_MMU_AUDIT bool "Audit KVM MMU" diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index a4ba5476bf42..9bf5e9dadff5 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -932,7 +932,7 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp) struct kvm_sev_cmd sev_cmd; int r; - if (!svm_sev_enabled()) + if (!svm_sev_enabled() || !sev) return -ENOTTY; if (!argp) @@ -1125,29 +1125,58 @@ void sev_vm_destroy(struct kvm *kvm) sev_asid_free(sev->asid); } -int __init sev_hardware_setup(void) +void __init sev_hardware_setup(void) { + unsigned int eax, ebx, ecx, edx; + bool sev_es_supported = false; + bool sev_supported = false; + + /* Does the CPU support SEV? */ + if (!boot_cpu_has(X86_FEATURE_SEV)) + goto out; + + /* Retrieve SEV CPUID information */ + cpuid(0x8000001f, &eax, &ebx, &ecx, &edx); + /* Maximum number of encrypted guests supported simultaneously */ - max_sev_asid = cpuid_ecx(0x8000001F); + max_sev_asid = ecx; if (!svm_sev_enabled()) - return 1; + goto out; /* Minimum ASID value that should be used for SEV guest */ - min_sev_asid = cpuid_edx(0x8000001F); + min_sev_asid = edx; /* Initialize SEV ASID bitmaps */ sev_asid_bitmap = bitmap_zalloc(max_sev_asid, GFP_KERNEL); if (!sev_asid_bitmap) - return 1; + goto out; sev_reclaim_asid_bitmap = bitmap_zalloc(max_sev_asid, GFP_KERNEL); if (!sev_reclaim_asid_bitmap) - return 1; + goto out; - pr_info("SEV supported\n"); + pr_info("SEV supported: %u ASIDs\n", max_sev_asid - min_sev_asid + 1); + sev_supported = true; - return 0; + /* SEV-ES support requested? */ + if (!sev_es) + goto out; + + /* Does the CPU support SEV-ES? */ + if (!boot_cpu_has(X86_FEATURE_SEV_ES)) + goto out; + + /* Has the system been allocated ASIDs for SEV-ES? */ + if (min_sev_asid == 1) + goto out; + + pr_info("SEV-ES supported: %u ASIDs\n", min_sev_asid - 1); + sev_es_supported = true; + +out: + sev = sev_supported; + sev_es = sev_es_supported; } void sev_hardware_teardown(void) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 6dc337b9c231..a1ea30c98629 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -187,9 +187,13 @@ static int vgif = true; module_param(vgif, int, 0444); /* enable/disable SEV support */ -static int sev = IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT); +int sev = IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT); module_param(sev, int, 0444); +/* enable/disable SEV-ES support */ +int sev_es = IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT); +module_param(sev_es, int, 0444); + static bool __read_mostly dump_invalid_vmcb = 0; module_param(dump_invalid_vmcb, bool, 0644); @@ -959,15 +963,11 @@ static __init int svm_hardware_setup(void) kvm_enable_efer_bits(EFER_SVME | EFER_LMSLE); } - if (sev) { - if (boot_cpu_has(X86_FEATURE_SEV) && - IS_ENABLED(CONFIG_KVM_AMD_SEV)) { - r = sev_hardware_setup(); - if (r) - sev = false; - } else { - sev = false; - } + if (IS_ENABLED(CONFIG_KVM_AMD_SEV) && sev) { + sev_hardware_setup(); + } else { + sev = false; + sev_es = false; } svm_adjust_mmio_mask(); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index fdff76eb6ceb..56d950df82e5 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -61,6 +61,7 @@ enum { struct kvm_sev_info { bool active; /* SEV enabled guest */ + bool es_active; /* SEV-ES enabled guest */ unsigned int asid; /* ASID used for this guest */ unsigned int handle; /* SEV firmware handle */ int fd; /* SEV device fd */ @@ -352,6 +353,9 @@ static inline bool gif_set(struct vcpu_svm *svm) #define MSR_CR3_LONG_MBZ_MASK 0xfff0000000000000U #define MSR_INVALID 0xffffffffU +extern int sev; +extern int sev_es; + u32 svm_msrpm_offset(u32 msr); u32 *svm_vcpu_alloc_msrpm(void); void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu, u32 *msrpm); @@ -484,6 +488,17 @@ static inline bool sev_guest(struct kvm *kvm) #endif } +static inline bool sev_es_guest(struct kvm *kvm) +{ +#ifdef CONFIG_KVM_AMD_SEV + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + + return sev_guest(kvm) && sev->es_active; +#else + return false; +#endif +} + static inline bool svm_sev_enabled(void) { return IS_ENABLED(CONFIG_KVM_AMD_SEV) ? max_sev_asid : 0; @@ -496,7 +511,7 @@ int svm_register_enc_region(struct kvm *kvm, int svm_unregister_enc_region(struct kvm *kvm, struct kvm_enc_region *range); void pre_sev_run(struct vcpu_svm *svm, int cpu); -int __init sev_hardware_setup(void); +void __init sev_hardware_setup(void); void sev_hardware_teardown(void); #endif From patchwork Thu Dec 10 17:06:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965755 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D09DAC4361B for ; Thu, 10 Dec 2020 17:20:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9B8CB23DB3 for ; Thu, 10 Dec 2020 17:20:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404227AbgLJRUj (ORCPT ); Thu, 10 Dec 2020 12:20:39 -0500 Received: from mail-bn8nam12on2065.outbound.protection.outlook.com ([40.107.237.65]:7137 "EHLO NAM12-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2390049AbgLJRUY (ORCPT ); Thu, 10 Dec 2020 12:20:24 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WyfzCrqWLrelbbDOGGfWEEKVk0H/SPLV0uZc8n1VF6DBovGFP3BaHhvPsIeFaaBSMV6aGwc/uA62ylcY+HzLg/onCuFd4QO5HFcaK7rJGLQYIocsz3Mq1Kh6VeUzmB86U8Pm/2P76uDG5O7tZBhFXP4jQtKl9hW8GBsL/LlPsad0Ps+IDyf5Mbo3/HF4plHpkiiozzEEpNd+8vCit+37jHozygAcQa7MxKzG3fq9DPLSGH5E8QfUnaUaRSbEMO5pv4Wu4qesJd5vvMgE1118So0ygOeobnsKQIaWXL2LnwpPxNHYAfJUBel1j9vtSS1B8fwXU9XV7jU4v475DCErxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gB2y2HvF8jpTgK1wvNB19tkYSym+XgJS9kDwh7ZQ4PI=; b=RJ1uZuMNAWyscq2p5H8xbQgAayotyZvo6xLfmECg7B42Up94uSxOmXdH5wt1IUaQgjkaO3Kp+bsKbtFxQxBwGParsfaHJtwzQV5sKhsXi7SQB4ZIYoMPLK+X1f5c6hA5T4dJFrncdJrSl2mYWePf5zTxgSJLJqxu3SxsptCf5X9E68G9ta7DR5pelYa2XEsNwTmIBVWus9Xf86h+i+Hi0T3Y6lcU2Lvm5eIyKlYbbqeNPQ7WSCYtOJp/84Cv51YYETFLSuZyMmy56hSmV1E+64RCoyc17F8sDTSuRuBHvuXLqLrRH7A3KbviqRw9wWviMQoyN87UzQrdD0dwgNJ4ig== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gB2y2HvF8jpTgK1wvNB19tkYSym+XgJS9kDwh7ZQ4PI=; b=nMYcIxJTK/3sWhDNpiuco31XyLMH+860vpsrFn1tUE0opJNazzuRPTVyynkoP/tHDjmlYB9Mkx6eXlk6jPWN2yxXhEjSrfYPEpn6gbO7PeX6Ff0afaFLQLDVD4RfuG/AnmXGGvYLAFuXYtIO2PUWuyVbEg08gYpfgqcDJaxEMtM= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR12MB1493.namprd12.prod.outlook.com (2603:10b6:910:11::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:08:10 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:08:10 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 04/34] KVM: SVM: Add GHCB accessor functions for retrieving fields Date: Thu, 10 Dec 2020 11:06:48 -0600 Message-Id: <664172c53a5fb4959914e1a45d88e805649af0ad.1607620037.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR03CA0009.namprd03.prod.outlook.com (2603:10b6:610:59::19) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR03CA0009.namprd03.prod.outlook.com (2603:10b6:610:59::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:08:08 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 5708ae6b-5a5b-449c-c808-08d89d2e2bb4 X-MS-TrafficTypeDiagnostic: CY4PR12MB1493: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4941; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: dlSb/OF9jzxEqucIGYLTvtboqEQJFS8bcZegE5UVcJ/GXnnlHqaXXKfbZzRjzg1A4YwZSFdN/vJv2UFJ6T8eROHd4hHp+sonPEzpsTceafVNkFkiTy8dr2yExCVL0D8vKiWGjMi9T3kBulilT8abNni9P0VInpXRQzFNMrAhS6bcxn97r/p4FC+ZRnX4v6gfirujPZbFo3jDpg6y2/DO0c1G8uh21aHCONoPW3zN9WaK6LyPbgvEAAqPYqDqVDVORNHbS9ux4GRSxzwZFNQYDKfjn2UwOwqEjo8sH4Yjp8guzfUaIEW1Qfp+vIS9KjTRKM/yGkzt35C+X5geF0Ww9hS9w6L6gRakFuUtfAHl0sTqmtT7fst/P7+RIEWgibeu X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(136003)(376002)(346002)(5660300002)(66476007)(186003)(52116002)(8676002)(36756003)(8936002)(4326008)(86362001)(2906002)(66946007)(6666004)(66556008)(26005)(508600001)(34490700003)(7416002)(2616005)(16526019)(54906003)(7696005)(83380400001)(956004)(6486002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: 4+FTlxm7xDD1Op2JbCSJVLK6Mx4JR+4csiz5sKthU6wGsqy8jRBtNsmgauNTF/uCOCq4YnU02t7fDgaXfESraoYuZra2NgVWz9DHvuVQD8EyFygbv96D7nYRQEVtTqNagvOe/8PuEH/QYfGyWZnzXo6R4uXDDPjcZ6DX2uxBbRptM38E86vPY+Lkr/KxTu1CpcoOouKBw7m9vVpx9GuOgJCxBglerlj5qAyY6R9RWH3SN9doQ6A6DpDC1jUTAYQPMVpQKNF1/QVHXeFMFQH0RrCjfi1qANDDhz0wQUoQ1Znnk3g5CyL5bCGTSGjdQkse+tG5UBGJETSlsm2Ctk4YQqwAD63dcUE9kN6hcY0uPhXpjLBT7NgCyBc0Rz/m0lWfrTHdkrkI+sRNkN4B3vuhOd2Hbdm5+cJKBuKWLjR8qg507si4nU3WVvzZ1osuGLwHeWxHVPqOMGCqJN1JfyVSmF01LPEkWmD9HEt4l1M0BcuoQMbc/7gUaNo4a7/AJqkcb+XmZml2UV8vPBB1EMam4+0HYnlcr/l+hX1aGrlX18CPQ7cC+d4tj/JkqcjQyY3ZdLC9B7IBufPOXVTqtdIpQo93fh1aWyUhmIXkFXbLKLpB62l90BQIFqndCp/0GXmvHS+7HPoZg9dnOHve+KMcPniw19KooADzL34ZIcMxtFfaOUUCYYI28AYEUdwsXAtPj7hzUKWAHyrgCg3uUxPO63nsTx+w3em5oMywgBgC9wFM+pGpJnjQWONWtEQOog/ht6tbsmdtjP3oYf1kbXQMBF6TVizR8f+d0j4Tp6wFAAsNHc6l5/MlNb97eHbaO6l+JysJdI59Z+ce9jctbFDRJ2XlMPBTyGUgLnZCv+XzO0zg6pw9uANXQ9YOzqactUew/zXajjFzY1UEjN8izUOTEjqpH/yaRNyCCmcC4STe5D3MTWLlDD89Y8PkpjrQHIR6mWtM2xsfYQ7l5AYX/92PgHO8CDG8dOdAjfIM8WR68iHqnCEZIBwx5ENJ3MuozarG X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:08:09.4692 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 5708ae6b-5a5b-449c-c808-08d89d2e2bb4 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: iapxy8Na1X2sdy2xa91O9Vce3uSinB4gXOygKsJ6f+r5/oHVAtBCKNzRS57U+0OIc7oUvTkLPyrc7XT9hRI22w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1493 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky Update the GHCB accessor functions to add functions for retrieve GHCB fields by name. Update existing code to use the new accessor functions. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/svm.h | 10 ++++++++++ arch/x86/kernel/cpu/vmware.c | 12 ++++++------ 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 71d630bb5e08..1edf24f51b53 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -379,6 +379,16 @@ struct vmcb { (unsigned long *)&ghcb->save.valid_bitmap); \ } \ \ + static inline u64 ghcb_get_##field(struct ghcb *ghcb) \ + { \ + return ghcb->save.field; \ + } \ + \ + static inline u64 ghcb_get_##field##_if_valid(struct ghcb *ghcb) \ + { \ + return ghcb_##field##_is_valid(ghcb) ? ghcb->save.field : 0; \ + } \ + \ static inline void ghcb_set_##field(struct ghcb *ghcb, u64 value) \ { \ __set_bit(GHCB_BITMAP_IDX(field), \ diff --git a/arch/x86/kernel/cpu/vmware.c b/arch/x86/kernel/cpu/vmware.c index 924571fe5864..c6ede3b3d302 100644 --- a/arch/x86/kernel/cpu/vmware.c +++ b/arch/x86/kernel/cpu/vmware.c @@ -501,12 +501,12 @@ static bool vmware_sev_es_hcall_finish(struct ghcb *ghcb, struct pt_regs *regs) ghcb_rbp_is_valid(ghcb))) return false; - regs->bx = ghcb->save.rbx; - regs->cx = ghcb->save.rcx; - regs->dx = ghcb->save.rdx; - regs->si = ghcb->save.rsi; - regs->di = ghcb->save.rdi; - regs->bp = ghcb->save.rbp; + regs->bx = ghcb_get_rbx(ghcb); + regs->cx = ghcb_get_rcx(ghcb); + regs->dx = ghcb_get_rdx(ghcb); + regs->si = ghcb_get_rsi(ghcb); + regs->di = ghcb_get_rdi(ghcb); + regs->bp = ghcb_get_rbp(ghcb); return true; } From patchwork Thu Dec 10 17:06:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965695 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B2403C4361B for ; Thu, 10 Dec 2020 17:10:19 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 72C8023D23 for ; Thu, 10 Dec 2020 17:10:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392517AbgLJRKH (ORCPT ); Thu, 10 Dec 2020 12:10:07 -0500 Received: from mail-bn8nam12on2064.outbound.protection.outlook.com ([40.107.237.64]:38097 "EHLO NAM12-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2392514AbgLJRJl (ORCPT ); Thu, 10 Dec 2020 12:09:41 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BOgsSEstEZone0d8gXxbAKPvD0Hee5QhbcRVRUgGzQM1mRZtCyN3fzVN6QV12ska7ZBnjN/5Je14SF/VTdQxNk7qyUHQ6pNdPRrHuA30GipXTheZ2B7yu0UtjO5JCUyr2PG7ZMRXBMJQXgfM8r+Q/5WwGm4qBOfOJkEqYIRLjtWLinwiHOfTjPLXVkVyZTcG09bjOzdW68nBX8R8N6M4oT+kA8YyipJKNjAjHSbS+8Te2Mlru5aCgn5RBZiI3fdPr1Jn+rrWYD6SU6Iudmw5wIY0Pu5DO5H5JTgHBuFcKeXiWlmSFDJJQIeOTwdQXMFNYXYxKTDG6peBEvcSStoZsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PEtoMDOqwoFYvsVfCzs23UbXbVu8BlXHQGB1s/VyK/A=; b=LwlyyWhUHRvu61RWn3/FICofKAqGbkHttiM4e6Kk9MnhppZhqLUauLuTmgQulqcuIvyGwzt1jYq//GwPcFJO1G6tHf0BwfwPTY/HVEEopUEkpEuC6pHM4CLEGmpKx2/DmdZJ1xmFejqG0/Ib5XS21fJagC77nK4EAM6bRilg2hpD7BiZ4J8XKs6mTj8EiLc7uNACnAjvjC9kMuglAyDtXgiR50NAhwoBLk1bxkzmg1mBATp4Nae9navXG73ohZiXbEDP0AWUQdyB9E0SzYvVGQUlhG5o+xBmubNyC+r4+lyQe3PL3Kla9/9FFLsbaoZAsBhdNvnQTyDpwbTWC1W1cg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PEtoMDOqwoFYvsVfCzs23UbXbVu8BlXHQGB1s/VyK/A=; b=2hox1jhKZ5dg0adD0+Ziaq/l4ySeHPQaJInAVkNhSUd1KtzHL6lcXo/4FL6XATmGxVnl1HW9uXitDpV19s3D7NyNy+XlOmi1JaKcTVv8GEx/Euy+VcXdt7368p/YukwHPjR7NXPuBALQ7rsbsBVMoaIBxLceq0Z/KKnUPbLGd9k= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR12MB1493.namprd12.prod.outlook.com (2603:10b6:910:11::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:08:18 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:08:18 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh , kernel test robot Subject: [PATCH v5 05/34] KVM: SVM: Add support for the SEV-ES VMSA Date: Thu, 10 Dec 2020 11:06:49 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR03CA0011.namprd03.prod.outlook.com (2603:10b6:610:59::21) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR03CA0011.namprd03.prod.outlook.com (2603:10b6:610:59::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:08:16 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: f8f02ee0-0848-477b-8fa9-08d89d2e30b0 X-MS-TrafficTypeDiagnostic: CY4PR12MB1493: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 0F3tIG/RvrRp/r1240PWGuZ+I9LZulAkBDOab5r01uojTIM3VeYUsnh5TE5l8TJmnwNpSPqyqZUfmM6ApGr5qEjWNSmQaMoxU5h7j3yagvwsYQ0ToVT+NMsCKeGeUwgfafvCy5ZoW/b6Yp3UPDRXt22fz9nlsV5iG5UKwt6bxpwFta05T9BJ8apmSSCemn6ata/X7lQH9MYOoh8bt6hNLA0JPLAY1TvsXa4hjrBKXL1kXL5vyQRJRLTAcRndbxDp9+R3i6s86XIG0Ae7XApoeWfhWPIn56QjskcZsx1Lt9h9FibXFV6BJzou7xdwp5eGWBMKmjYO/XO+Si2DRk6PXar57cmHD6VIZAwWa70MaF4vRunxWhxsRxLr8KCB02Ko X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(136003)(376002)(346002)(5660300002)(66476007)(186003)(52116002)(8676002)(36756003)(8936002)(4326008)(86362001)(2906002)(66946007)(6666004)(66556008)(26005)(508600001)(34490700003)(7416002)(2616005)(16526019)(54906003)(7696005)(83380400001)(956004)(6486002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: 6s5YIdu3rfKkIE9zASFKeb1WEwPJuPjyKrdLkuPxocYvIF/i93tXe22xWq/0tiOr999uR/EwQdb/90YiVeuO5SONE6VDh77/yUG1o+Cwhs+/QGkZuhxqtXo9pnGTmiJlxqkKIfWHMI/DxgxEOzvZoqp/ak+CmJGpusLZ+Y6eBDpUkBhkwnwZLyk1f/ypUso+n3wgEDNEE4WJNXl9hZAFnuWghkEvwJAdcCN6NQ4+Zfty9BxjWinwbgWRBDJs9i6k6mK1knegNnQLcW1K9aNXDcF1OUfeUob8Apgh5jG+644dU82cYAnwQLaWblRJXOE8jNwk5G3nSMwRCkF+IC1Yc9Qd0qJxUZAn8Io7PYml7JM3xP2/tclhXcvPisq7whWMHItlgedRgKZBMaZ3UInFVrybwIMFwnU7PNLvrgYUu5T5MuVJdnaKuSOAHe3MBj1cZIh9WmdcTYSXkgumUintADU2qMdeXB8NlWrkxUDFLfwCJmEDgXX0pXnoZ7x1cS28cK2bB7wGj2DChEvinzsg6YzvqcI/KNauYR+wpFJv84NfElEeI5zbpflR22gmwEcf5RAZE/6VGwYgWgOrFJOXUWR0OgrJC61u22FHlq6ZKoUUEfe269+CHMW5mOMP+ytOx66h/izPlOjY+krw1tOL2wYHuSkfs2nOKt1wKHUxkqwJjMGlnYr+H8LfAR7U0jMCeiknGmJaOUMyD6LOwtCmssF3JLJ6nzq9yczvBPiZBdCea1he9u2W6z9BgNvExDFMXmetnT/6Yaan8sV3Ol05hUQDiF9Eb4Pkau/Ln5ay6910q5JsTBBqyZjkczVG86LzXiaqTVK4LCwbqheny0kkK2+xo0A89gEPis1kYu3aEY6MRBTdamx8kb7prjBClS6vGTxdSMk/s9fzjh2VfoRDRZ8d815SAX5YLsUN/oDAbViAhcTWD+2tJBhxrxZsN53boBnU65SpJTH8ATx7gT2hOCYF+GBTtcLn3PKii8SU6d9mU0GP3FxgkyQpJBnzAp7i X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:08:18.2619 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: f8f02ee0-0848-477b-8fa9-08d89d2e30b0 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: C3wSEwErFubusLI8qWeatnNrAKLioWnmNPuwV3FvnNofCUwzxsCM223+pdpWAUGhjho5HAcwpWwPOVXyLkJFjw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1493 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky Allocate a page during vCPU creation to be used as the encrypted VM save area (VMSA) for the SEV-ES guest. Provide a flag in the kvm_vcpu_arch structure that indicates whether the guest state is protected. When freeing a VMSA page that has been encrypted, the cache contents must be flushed using the MSR_AMD64_VM_PAGE_FLUSH before freeing the page. [ i386 build warnings ] Reported-by: kernel test robot Signed-off-by: Tom Lendacky --- arch/x86/include/asm/kvm_host.h | 3 ++ arch/x86/kvm/svm/sev.c | 67 +++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 24 +++++++++++- arch/x86/kvm/svm/svm.h | 5 +++ 4 files changed, 97 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index f002cdb13a0b..8cf6b0493d49 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -805,6 +805,9 @@ struct kvm_vcpu_arch { */ bool enforce; } pv_cpuid; + + /* Protected Guests */ + bool guest_state_protected; }; struct kvm_lpage_info { diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 9bf5e9dadff5..fb4a411f7550 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -14,6 +14,7 @@ #include #include #include +#include #include "x86.h" #include "svm.h" @@ -1190,6 +1191,72 @@ void sev_hardware_teardown(void) sev_flush_asids(); } +/* + * Pages used by hardware to hold guest encrypted state must be flushed before + * returning them to the system. + */ +static void sev_flush_guest_memory(struct vcpu_svm *svm, void *va, + unsigned long len) +{ + /* + * If hardware enforced cache coherency for encrypted mappings of the + * same physical page is supported, nothing to do. + */ + if (boot_cpu_has(X86_FEATURE_SME_COHERENT)) + return; + + /* + * If the VM Page Flush MSR is supported, use it to flush the page + * (using the page virtual address and the guest ASID). + */ + if (boot_cpu_has(X86_FEATURE_VM_PAGE_FLUSH)) { + struct kvm_sev_info *sev; + unsigned long va_start; + u64 start, stop; + + /* Align start and stop to page boundaries. */ + va_start = (unsigned long)va; + start = (u64)va_start & PAGE_MASK; + stop = PAGE_ALIGN((u64)va_start + len); + + if (start < stop) { + sev = &to_kvm_svm(svm->vcpu.kvm)->sev_info; + + while (start < stop) { + wrmsrl(MSR_AMD64_VM_PAGE_FLUSH, + start | sev->asid); + + start += PAGE_SIZE; + } + + return; + } + + WARN(1, "Address overflow, using WBINVD\n"); + } + + /* + * Hardware should always have one of the above features, + * but if not, use WBINVD and issue a warning. + */ + WARN_ONCE(1, "Using WBINVD to flush guest memory\n"); + wbinvd_on_all_cpus(); +} + +void sev_free_vcpu(struct kvm_vcpu *vcpu) +{ + struct vcpu_svm *svm; + + if (!sev_es_guest(vcpu->kvm)) + return; + + svm = to_svm(vcpu); + + if (vcpu->arch.guest_state_protected) + sev_flush_guest_memory(svm, svm->vmsa, PAGE_SIZE); + __free_page(virt_to_page(svm->vmsa)); +} + void pre_sev_run(struct vcpu_svm *svm, int cpu) { struct svm_cpu_data *sd = per_cpu(svm_data, cpu); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index a1ea30c98629..cd4c9884e5a8 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1289,6 +1289,7 @@ static int svm_create_vcpu(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm; struct page *vmcb_page; + struct page *vmsa_page = NULL; int err; BUILD_BUG_ON(offsetof(struct vcpu_svm, vcpu) != 0); @@ -1299,9 +1300,19 @@ static int svm_create_vcpu(struct kvm_vcpu *vcpu) if (!vmcb_page) goto out; + if (sev_es_guest(svm->vcpu.kvm)) { + /* + * SEV-ES guests require a separate VMSA page used to contain + * the encrypted register state of the guest. + */ + vmsa_page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); + if (!vmsa_page) + goto error_free_vmcb_page; + } + err = avic_init_vcpu(svm); if (err) - goto error_free_vmcb_page; + goto error_free_vmsa_page; /* We initialize this flag to true to make sure that the is_running * bit would be set the first time the vcpu is loaded. @@ -1311,12 +1322,16 @@ static int svm_create_vcpu(struct kvm_vcpu *vcpu) svm->msrpm = svm_vcpu_alloc_msrpm(); if (!svm->msrpm) - goto error_free_vmcb_page; + goto error_free_vmsa_page; svm_vcpu_init_msrpm(vcpu, svm->msrpm); svm->vmcb = page_address(vmcb_page); svm->vmcb_pa = __sme_set(page_to_pfn(vmcb_page) << PAGE_SHIFT); + + if (vmsa_page) + svm->vmsa = page_address(vmsa_page); + svm->asid_generation = 0; init_vmcb(svm); @@ -1325,6 +1340,9 @@ static int svm_create_vcpu(struct kvm_vcpu *vcpu) return 0; +error_free_vmsa_page: + if (vmsa_page) + __free_page(vmsa_page); error_free_vmcb_page: __free_page(vmcb_page); out: @@ -1352,6 +1370,8 @@ static void svm_free_vcpu(struct kvm_vcpu *vcpu) svm_free_nested(svm); + sev_free_vcpu(vcpu); + __free_page(pfn_to_page(__sme_clr(svm->vmcb_pa) >> PAGE_SHIFT)); __free_pages(virt_to_page(svm->msrpm), MSRPM_ALLOC_ORDER); } diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 56d950df82e5..80a359f3cf20 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -168,6 +168,10 @@ struct vcpu_svm { DECLARE_BITMAP(read, MAX_DIRECT_ACCESS_MSRS); DECLARE_BITMAP(write, MAX_DIRECT_ACCESS_MSRS); } shadow_msr_intercept; + + /* SEV-ES support */ + struct vmcb_save_area *vmsa; + struct ghcb *ghcb; }; struct svm_cpu_data { @@ -513,5 +517,6 @@ int svm_unregister_enc_region(struct kvm *kvm, void pre_sev_run(struct vcpu_svm *svm, int cpu); void __init sev_hardware_setup(void); void sev_hardware_teardown(void); +void sev_free_vcpu(struct kvm_vcpu *vcpu); #endif From patchwork Thu Dec 10 17:06:50 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965697 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D908BC433FE for ; Thu, 10 Dec 2020 17:10:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 95AD4230FC for ; Thu, 10 Dec 2020 17:10:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392413AbgLJRKS (ORCPT ); Thu, 10 Dec 2020 12:10:18 -0500 Received: from mail-bn8nam12on2064.outbound.protection.outlook.com ([40.107.237.64]:38097 "EHLO NAM12-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2392515AbgLJRKJ (ORCPT ); Thu, 10 Dec 2020 12:10:09 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YOLUI83jK98+u8oKnGe1xakY7dr48KUar5Qur9UHu6Uam/LKvkiUPYkSnB/2JD7XM1wdLGYy/CpnMZv0LHlHmXlmxJSWnWVGANVZVDqqGpPaS6Lra6kq2VVXum1NPvZeXYnQOImqO2q2ZspNoIpHT6QyNsOQyLQy9hMvl2OntVRo10hf1Ti/Stk0DbLO0NpjneySkRZpPA/O8VrZUr1HC34X+TgBHMt0R5bf7OsqduW07CloiTpONGxGgvY3GcCIdZLvHOHV12muwHCrNYt23YPUm1rV7dbZW+DSJAEM74E1hWyVJ8jYc9IjDdBfaM5uNkekrbUhCtRQua3813szQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rNpGrI8E+zoQzAPMKkV6Q6EDhfv6bqXT4aefVvOLq8Y=; b=n0ctL0Q3/AMA/8cdJ/jqWB0qLXhW/RoyLyIJP4pGNTJDG5Y/jVOu40vButhnHiqm4UszmkSTu+3HTthg6Xpa4GB4Vox6Hir+KSsqIexh72Foekgkbgv45ry5PO4otXkMHIJEfcS28y6OEpHIkwzwqK46OQxUNt7MvaMm9tgrUDiNgMDLo4i0Cp7TNpxiD2rG/vGFzwfjZYEZhYKxAm3y05cvjr54luL/F5jKUsNy3TvNNm/afX1NNzRab/Rkljr561trI4vWyeX/qS6urTdu9Y+dgu0+l8lGYtJliIS3ry++/XuDfN8MDfyaAV2zqs4CxQf3pFVnxRbbHUcV19ndFQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rNpGrI8E+zoQzAPMKkV6Q6EDhfv6bqXT4aefVvOLq8Y=; b=0LObXw/Awz0iaGIhwvIQFv+ooweHAHkW/XTmy2mYAvey9Sl8JbWLSOmGmI3OdUBjlLTmFCZVf7KWg/kL7dUT9CafSiFoDccEzaUteXM+7v890Vw42k84xL6/3GSSNLkzav/an+6iVrKhJ5cg38676OVX67UzM3KVcGZG/05hb6Y= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR12MB1493.namprd12.prod.outlook.com (2603:10b6:910:11::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:08:27 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:08:27 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 06/34] KVM: x86: Mark GPRs dirty when written Date: Thu, 10 Dec 2020 11:06:50 -0600 Message-Id: <7ca2a1cdb61456f2fe9c64193e34d601e395c133.1607620037.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR03CA0003.namprd03.prod.outlook.com (2603:10b6:610:59::13) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR03CA0003.namprd03.prod.outlook.com (2603:10b6:610:59::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:08:26 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: e6ecac00-19e0-437c-9aea-08d89d2e362c X-MS-TrafficTypeDiagnostic: CY4PR12MB1493: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3173; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: sUD4NtZ/1+jMHXq972kk4+zo5kAOtwkrKddCpsurTGpfT/TebsZ1FVz+0ob/gEEVYwmdulvwF9N6Vvegl6Fv1tlfyJABHU0+PoZBeZK5QlGwVQAlUaTyghbs7sn0d4GH7QRcSByYane98oEyh2dcaWNys73CDipyFhDzt4J9PssCPkus7pbU4jx4PGyymGWO8lJol/o9Tmb1k1TDZznikwfIxpBVKA5ubW7/2hE9yPFCK9SFDhzrQMABt24n15J+hJyt9nOsDQ1IF9zFb5K+AZtwIrg65CDsXuRVUk0ZFjjypAWCPFxldf8OxasAUDXwb/ow+ii2MqQWPCsuls5MzIaRWTAUiO6wydMOQeuP0UHvH1/KVOU2RfpaONjrVsyYWt6zcXkT5LaBQVvTZd7ZPw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(136003)(376002)(346002)(5660300002)(66476007)(186003)(52116002)(8676002)(36756003)(8936002)(4326008)(86362001)(2906002)(66946007)(6666004)(66556008)(26005)(508600001)(34490700003)(7416002)(2616005)(16526019)(54906003)(7696005)(83380400001)(956004)(6486002)(14143004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: i7IAL47yuFq5kkGQWAdWFv+WRphw8lMLvN2aICliUUlUTKo/ZmqHnk9+31C4jDDSxPVhb98c4gy/rI1Tz3FopcgxaY/MKbRVNzzHyeSZUpXrNVnmnAI/AhO34XszJ0wUWkyPFKNnvwvP6xJc1d1ukb9/EPKaRRG1/dbGSoWKtaQKIruRUejxaLn6bSG1W94kVbSsc+QNvr7sTFjm5hvxOleaE9+XdhOA1L7siufjKxUVsNj4S1yRlwvXHzzCtHozWHjYiBk0PTufk4C/0mYiUA1Z9a2/yXLRRBRcNh+HSAX8NC+aaeQvlInculHizkJDA7nWoECZRryfoEqagEocJyQsiqIGQRok2gD4+a7sV3E5g1yngAwQbCdp1nfovR5dc3cN/dsfqrw7pI2r+LGQdYiR5nSjGtLcdwsYVKaTErvfVVy8utIP3/obVOvkPsZp3cVP2mJ1884IlYiQ+8AlymQEtJNQ8SIsfDNli8PBeLabmVym/Dgp5VBfmU1nP4gvD44TUI1yOrhEhlj1AglQP4b9OgiBVZBPt3aoXBB179CXuDN1db3JqKLSnh8Ma/z7yu3RRipp0pKf2zcNYaDN715fLUsA70ZB6b/UxvbHwm7OFh0JieotzUlW7dXkMSBkIcasIm6jOJFCxsTcc3yKtkv58MSpwGmo4zDQasMePS49OiHlI3BTBdJHI+JWGOm4Yt5z7ZjOBaCp3FLOCC0vsmuIdSEXp2exbK0UNMuKBkbRf5NiiciRJhhaLQS+1Ask2cUQGQ3viWBIqTFM9RHdpy4M4x78jqSPKEX4+FFIrQU9HsLpnSFKU1rZaG+xCBnxrphGINILCbIdIujpeqY9mpIX96Lx9zC4rle87JhdfZqrYDl8ddrOl0adX+xwUXzaedGVxi+pgvPn4lqY/Pi8A53qKY9DTejomJ6frA7OV15ypDRa71IZVxpEDxmtgTgfsdJIOz+ylraGO1tfGJKcP2cBbLGDSiN7TpuVInXRGiC157R2uZlUcXWP+yugV5kU X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:08:27.4895 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: e6ecac00-19e0-437c-9aea-08d89d2e362c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 2CFBPdGDWGeiFNzy3Hgf9c8rjhJNY21sqIHazmLpbAuDpFlJT9BSYPlhtoEa8OCnZcL7LhR1DAW/BbRJmNHmuA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1493 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky When performing VMGEXIT processing for an SEV-ES guest, register values will be synced between KVM and the GHCB. Prepare for detecting when a GPR has been updated (marked dirty) in order to determine whether to sync the register to the GHCB. Signed-off-by: Tom Lendacky --- arch/x86/kvm/kvm_cache_regs.h | 51 ++++++++++++++++++----------------- 1 file changed, 26 insertions(+), 25 deletions(-) diff --git a/arch/x86/kvm/kvm_cache_regs.h b/arch/x86/kvm/kvm_cache_regs.h index a889563ad02d..f15bc16de07c 100644 --- a/arch/x86/kvm/kvm_cache_regs.h +++ b/arch/x86/kvm/kvm_cache_regs.h @@ -9,6 +9,31 @@ (X86_CR4_PVI | X86_CR4_DE | X86_CR4_PCE | X86_CR4_OSFXSR \ | X86_CR4_OSXMMEXCPT | X86_CR4_PGE | X86_CR4_TSD | X86_CR4_FSGSBASE) +static inline bool kvm_register_is_available(struct kvm_vcpu *vcpu, + enum kvm_reg reg) +{ + return test_bit(reg, (unsigned long *)&vcpu->arch.regs_avail); +} + +static inline bool kvm_register_is_dirty(struct kvm_vcpu *vcpu, + enum kvm_reg reg) +{ + return test_bit(reg, (unsigned long *)&vcpu->arch.regs_dirty); +} + +static inline void kvm_register_mark_available(struct kvm_vcpu *vcpu, + enum kvm_reg reg) +{ + __set_bit(reg, (unsigned long *)&vcpu->arch.regs_avail); +} + +static inline void kvm_register_mark_dirty(struct kvm_vcpu *vcpu, + enum kvm_reg reg) +{ + __set_bit(reg, (unsigned long *)&vcpu->arch.regs_avail); + __set_bit(reg, (unsigned long *)&vcpu->arch.regs_dirty); +} + #define BUILD_KVM_GPR_ACCESSORS(lname, uname) \ static __always_inline unsigned long kvm_##lname##_read(struct kvm_vcpu *vcpu)\ { \ @@ -18,6 +43,7 @@ static __always_inline void kvm_##lname##_write(struct kvm_vcpu *vcpu, \ unsigned long val) \ { \ vcpu->arch.regs[VCPU_REGS_##uname] = val; \ + kvm_register_mark_dirty(vcpu, VCPU_REGS_##uname); \ } BUILD_KVM_GPR_ACCESSORS(rax, RAX) BUILD_KVM_GPR_ACCESSORS(rbx, RBX) @@ -37,31 +63,6 @@ BUILD_KVM_GPR_ACCESSORS(r14, R14) BUILD_KVM_GPR_ACCESSORS(r15, R15) #endif -static inline bool kvm_register_is_available(struct kvm_vcpu *vcpu, - enum kvm_reg reg) -{ - return test_bit(reg, (unsigned long *)&vcpu->arch.regs_avail); -} - -static inline bool kvm_register_is_dirty(struct kvm_vcpu *vcpu, - enum kvm_reg reg) -{ - return test_bit(reg, (unsigned long *)&vcpu->arch.regs_dirty); -} - -static inline void kvm_register_mark_available(struct kvm_vcpu *vcpu, - enum kvm_reg reg) -{ - __set_bit(reg, (unsigned long *)&vcpu->arch.regs_avail); -} - -static inline void kvm_register_mark_dirty(struct kvm_vcpu *vcpu, - enum kvm_reg reg) -{ - __set_bit(reg, (unsigned long *)&vcpu->arch.regs_avail); - __set_bit(reg, (unsigned long *)&vcpu->arch.regs_dirty); -} - static inline unsigned long kvm_register_read(struct kvm_vcpu *vcpu, int reg) { if (WARN_ON_ONCE((unsigned int)reg >= NR_VCPU_REGS)) From patchwork Thu Dec 10 17:06:51 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965699 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 64ADCC4167B for ; Thu, 10 Dec 2020 17:10:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1DAB023D23 for ; Thu, 10 Dec 2020 17:10:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392504AbgLJRKe (ORCPT ); Thu, 10 Dec 2020 12:10:34 -0500 Received: from mail-bn8nam11on2074.outbound.protection.outlook.com ([40.107.236.74]:7392 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2392503AbgLJRJd (ORCPT ); Thu, 10 Dec 2020 12:09:33 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CG6qgkUF5XM6MLjf0QmrTnbRq2BKpkRtKokNFyBR34itwCpWry1EO4xe7GSAh+vV4XI4qcQbL4Kk++8mzJQsGsR4118K88TxgXYvkUk8PhN+NfwMeCmbqRO8LCT4ZLLqDeV9iWu8vPrtPnvdDWF48eMim88NrB4s/Bektfro6bilzQS5DdUIo7W5PL9BpviAogIJ2tIhblzABc3xDNpsMQF5a6Ql+K41RSrniMoUAeeEq5ckjn4sZQwKkHBwrOEuYi1DFupULxsA9lcRW5SrwmTFEOByI2YZ8BsyOcn6jY81HJ1Stx2mmM57T1KBXdNYqg2knzTELebT+QvdeJtRug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/x/KtVi8hPGFLO6vKOwtBAPv4dLHZ2GgBJEUvm+W/dI=; b=I8IPdQHP8+ZMRoYNLGrIunsxXX1T3JNRa0SIh4eAP7JK+5zf3YSgzexE7j/rhUcaOifQhvruA1isD5NZtRHYHZsr1XAw77X2KFVifI/HJJYuXMRsAP2PQOWoydkIWXb2INIUMj8HD4gf01Rn/kctQEqEFcksir6oaAThyIqKLldks06xicBBil/5MfRVBw0znLQBqgopbQXCIuVeSUSivbocp5BPo8DPMooKy92g8GbGAZ8YgAKiFq3Nw0hk4MSphgMobOE5085bcSOSBfChLinqTcOd340dLwc3ly8C7EeoaOJ8X7BgorGczOhb2H25vXe2TBRFv0ikP1DbmbTnWQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/x/KtVi8hPGFLO6vKOwtBAPv4dLHZ2GgBJEUvm+W/dI=; b=2igkzp3HPXy4E3TzXKDivRkxa9GjN5QrC8rVIQNzBICKwaoPsI0iFepi/82s7AS4V0vLYcjH8NmZqA19oAbEcN6FRbhaTRn7Op0AO3bCt1qK+Pzklm7qJ2MAMO4OYXErM/9f2GT+9Cq6xzN98A7DhLD9qUv4WSqoYIro1ABZwyk= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR1201MB0168.namprd12.prod.outlook.com (2603:10b6:910:1d::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.22; Thu, 10 Dec 2020 17:08:36 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:08:36 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 07/34] KVM: SVM: Add required changes to support intercepts under SEV-ES Date: Thu, 10 Dec 2020 11:06:51 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH0PR03CA0014.namprd03.prod.outlook.com (2603:10b6:610:b0::19) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH0PR03CA0014.namprd03.prod.outlook.com (2603:10b6:610:b0::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:08:35 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: bb31d6dd-d274-4ec0-110a-08d89d2e3b70 X-MS-TrafficTypeDiagnostic: CY4PR1201MB0168: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: J9OFqTE8kgItiOZyB90pFqI0ST3q7dA5vw0NYlyP8haM8FUtmFiqBDl6WxZJNRKJ0qykFPknIkfHe0o7dH9sjnI8t4Se5RUEdA8R70KVskrezuYrIKboWe1ccD7TVdFnhc66WfgERbn47KO4ITbJGVlfzXdOF8j1+SBpo7phdygJQwZ7AhIE7w8jM73ZzCKBLOoKVjVZH0BS2tnnwSMFzD2ssDgJpGzfPb8ftBaut9IKXcRPtgNTH4U/JuOIyBD206AFH6jLzWdbeBMEo26jF26YeG0CupSBiPWTlQqYt/fmSnn/5nO7TQ5yAK+SpTidadXNUkgUd+U1+SbmmvE220Zn05cQml+aXGwYQ3sddJN0AIu4UE+GbbbWtx0PNClT X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(136003)(346002)(376002)(36756003)(8676002)(6486002)(4326008)(66476007)(86362001)(7416002)(66946007)(7696005)(54906003)(6666004)(26005)(16526019)(34490700003)(66556008)(8936002)(83380400001)(186003)(2906002)(2616005)(52116002)(956004)(508600001)(5660300002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: V8Rkg0tHXgMtXdj3J3owJlwup9o7rlhizGwOAxmcM08qBD7IIhlsX4i8p7RHePIGU2Hw+spGUXTEnq72yt/zrhM/fTpqp+uksu5MOcL7sXRKqTPqQyMx0865gNap04Coe5CEdKbM0jSiWFwA35ONZG4tZhQ8ssJkE2ze3AYuAltG9RmcbZBC041/UfHcpgVqwRLkyInJ7/VlMgYh29R/majTkwpFdKvznVdv9TQHlOiH/PSgclmJKQ4rdaDC3sqPtZ9IR2zoAkioRMIiR8iYLfhJHvCCtZfsHw8TZ3SwdpVhH14pxdhVuJJabSJdrgHUqfdqaI0iH8EqOh5ImGmriQALfZNNE9Nfbb6RLH13cS47pGNAPu7SrMilHrgzIo6fIhThDcYMSkJEPqR3/zN2O6AbIwDbXjmnrTQT5e3lkPKaUpgtA+ZzBJOvmeg23Ldhgo2izktBTLwGlPbhshs4YOmdOdxKZkAL51ycnmqWQQJXTrJEwuXPgOhdWmClpYDs2iao54SziEElpRNUSffD09mU51UFndzGUHrRxUK4FGgGZNE3K1o7d+obJXn6V9YGFgRZXEKynwfGf1ZfhGAz44LxrgEPVGOwo2zUgZyxpkRjjqF9GowGzxIpvkbny6J7nZPIF0NxFPbrQPKX7WEwAYXW1I/MXI+d72IDU3zWHmjQTWPXkAJKknToZReEKliI3Zhzc7IdEmwrV1XHzr4aiLJYfIRYinv53umQ8brkd3F9fS5CfVSM3OEbq73YTxFat/FakYrMt45y6rBWzO8UL8iETgTG+BDahFkzYB4jI1yE6l40dmlAL6phVxHdnfkcHU4pca1DR16bo4JrCrHORKPJLYdGwpS30U/S47sint5D0wis/KPrSYdHdGITvPN6XpFqMhmQUJQehrVfWM8Odh4v9PdnzZRWo6p5F/p4cU98k1YBZx2TAV4u2xn50zDTGk/h9SdgkqD5VKJeB8Zk+j1QTDVxJjuCQeVXaxnQvH8QZ6fnMuWEBjKmXOLafBCG X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:08:36.3332 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: bb31d6dd-d274-4ec0-110a-08d89d2e3b70 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 9GGVshpBG9IfGqMbbHPOYKtf6ZrD3+nJgBICgQOxdYV51+4KdwyJ4htDy1E2nJu+3iHCWQp6MMhDjSzPVIKaIg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB0168 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky When a guest is running under SEV-ES, the hypervisor cannot access the guest register state. There are numerous places in the KVM code where certain registers are accessed that are not allowed to be accessed (e.g. RIP, CR0, etc). Add checks to prevent register accesses and add intercept update support at various points within the KVM code. Also, when handling a VMGEXIT, exceptions are passed back through the GHCB. Since the RDMSR/WRMSR intercepts (may) inject a #GP on error, update the SVM intercepts to handle this for SEV-ES guests. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/svm.h | 3 +- arch/x86/kvm/svm/svm.c | 111 +++++++++++++++++++++++++++++++++---- arch/x86/kvm/x86.c | 6 +- 3 files changed, 107 insertions(+), 13 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 1edf24f51b53..bce28482d63d 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -178,7 +178,8 @@ struct __attribute__ ((__packed__)) vmcb_control_area { #define LBR_CTL_ENABLE_MASK BIT_ULL(0) #define VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK BIT_ULL(1) -#define SVM_INTERRUPT_SHADOW_MASK 1 +#define SVM_INTERRUPT_SHADOW_MASK BIT_ULL(0) +#define SVM_GUEST_INTERRUPT_MASK BIT_ULL(1) #define SVM_IOIO_STR_SHIFT 2 #define SVM_IOIO_REP_SHIFT 3 diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index cd4c9884e5a8..857d0d3f2752 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -36,6 +36,7 @@ #include #include #include +#include #include #include "trace.h" @@ -340,6 +341,13 @@ static int skip_emulated_instruction(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); + /* + * SEV-ES does not expose the next RIP. The RIP update is controlled by + * the type of exit and the #VC handler in the guest. + */ + if (sev_es_guest(vcpu->kvm)) + goto done; + if (nrips && svm->vmcb->control.next_rip != 0) { WARN_ON_ONCE(!static_cpu_has(X86_FEATURE_NRIPS)); svm->next_rip = svm->vmcb->control.next_rip; @@ -351,6 +359,8 @@ static int skip_emulated_instruction(struct kvm_vcpu *vcpu) } else { kvm_rip_write(vcpu, svm->next_rip); } + +done: svm_set_interrupt_shadow(vcpu, 0); return 1; @@ -1652,9 +1662,18 @@ static void svm_set_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt) static void update_cr0_intercept(struct vcpu_svm *svm) { - ulong gcr0 = svm->vcpu.arch.cr0; - u64 *hcr0 = &svm->vmcb->save.cr0; + ulong gcr0; + u64 *hcr0; + + /* + * SEV-ES guests must always keep the CR intercepts cleared. CR + * tracking is done using the CR write traps. + */ + if (sev_es_guest(svm->vcpu.kvm)) + return; + gcr0 = svm->vcpu.arch.cr0; + hcr0 = &svm->vmcb->save.cr0; *hcr0 = (*hcr0 & ~SVM_CR0_SELECTIVE_MASK) | (gcr0 & SVM_CR0_SELECTIVE_MASK); @@ -1674,7 +1693,7 @@ void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0) struct vcpu_svm *svm = to_svm(vcpu); #ifdef CONFIG_X86_64 - if (vcpu->arch.efer & EFER_LME) { + if (vcpu->arch.efer & EFER_LME && !vcpu->arch.guest_state_protected) { if (!is_paging(vcpu) && (cr0 & X86_CR0_PG)) { vcpu->arch.efer |= EFER_LMA; svm->vmcb->save.efer |= EFER_LMA | EFER_LME; @@ -2608,7 +2627,29 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) static int rdmsr_interception(struct vcpu_svm *svm) { - return kvm_emulate_rdmsr(&svm->vcpu); + u32 ecx; + u64 data; + + if (!sev_es_guest(svm->vcpu.kvm)) + return kvm_emulate_rdmsr(&svm->vcpu); + + ecx = kvm_rcx_read(&svm->vcpu); + if (kvm_get_msr(&svm->vcpu, ecx, &data)) { + trace_kvm_msr_read_ex(ecx); + ghcb_set_sw_exit_info_1(svm->ghcb, 1); + ghcb_set_sw_exit_info_2(svm->ghcb, + X86_TRAP_GP | + SVM_EVTINJ_TYPE_EXEPT | + SVM_EVTINJ_VALID); + return 1; + } + + trace_kvm_msr_read(ecx, data); + + kvm_rax_write(&svm->vcpu, data & -1u); + kvm_rdx_write(&svm->vcpu, (data >> 32) & -1u); + + return kvm_skip_emulated_instruction(&svm->vcpu); } static int svm_set_vm_cr(struct kvm_vcpu *vcpu, u64 data) @@ -2797,7 +2838,27 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) static int wrmsr_interception(struct vcpu_svm *svm) { - return kvm_emulate_wrmsr(&svm->vcpu); + u32 ecx; + u64 data; + + if (!sev_es_guest(svm->vcpu.kvm)) + return kvm_emulate_wrmsr(&svm->vcpu); + + ecx = kvm_rcx_read(&svm->vcpu); + data = kvm_read_edx_eax(&svm->vcpu); + if (kvm_set_msr(&svm->vcpu, ecx, data)) { + trace_kvm_msr_write_ex(ecx, data); + ghcb_set_sw_exit_info_1(svm->ghcb, 1); + ghcb_set_sw_exit_info_2(svm->ghcb, + X86_TRAP_GP | + SVM_EVTINJ_TYPE_EXEPT | + SVM_EVTINJ_VALID); + return 1; + } + + trace_kvm_msr_write(ecx, data); + + return kvm_skip_emulated_instruction(&svm->vcpu); } static int msr_interception(struct vcpu_svm *svm) @@ -2827,7 +2888,14 @@ static int interrupt_window_interception(struct vcpu_svm *svm) static int pause_interception(struct vcpu_svm *svm) { struct kvm_vcpu *vcpu = &svm->vcpu; - bool in_kernel = (svm_get_cpl(vcpu) == 0); + bool in_kernel; + + /* + * CPL is not made available for an SEV-ES guest, so just set in_kernel + * to true. + */ + in_kernel = (sev_es_guest(svm->vcpu.kvm)) ? true + : (svm_get_cpl(vcpu) == 0); if (!kvm_pause_in_guest(vcpu->kvm)) grow_ple_window(vcpu); @@ -3090,10 +3158,13 @@ static int handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath) trace_kvm_exit(exit_code, vcpu, KVM_ISA_SVM); - if (!svm_is_intercept(svm, INTERCEPT_CR0_WRITE)) - vcpu->arch.cr0 = svm->vmcb->save.cr0; - if (npt_enabled) - vcpu->arch.cr3 = svm->vmcb->save.cr3; + /* SEV-ES guests must use the CR write traps to track CR registers. */ + if (!sev_es_guest(vcpu->kvm)) { + if (!svm_is_intercept(svm, INTERCEPT_CR0_WRITE)) + vcpu->arch.cr0 = svm->vmcb->save.cr0; + if (npt_enabled) + vcpu->arch.cr3 = svm->vmcb->save.cr3; + } if (is_guest_mode(vcpu)) { int vmexit; @@ -3205,6 +3276,13 @@ static void update_cr8_intercept(struct kvm_vcpu *vcpu, int tpr, int irr) { struct vcpu_svm *svm = to_svm(vcpu); + /* + * SEV-ES guests must always keep the CR intercepts cleared. CR + * tracking is done using the CR write traps. + */ + if (sev_es_guest(vcpu->kvm)) + return; + if (nested_svm_virtualize_tpr(vcpu)) return; @@ -3273,6 +3351,13 @@ bool svm_interrupt_blocked(struct kvm_vcpu *vcpu) struct vcpu_svm *svm = to_svm(vcpu); struct vmcb *vmcb = svm->vmcb; + /* + * SEV-ES guests to not expose RFLAGS. Use the VMCB interrupt mask + * bit to determine the state of the IF flag. + */ + if (sev_es_guest(svm->vcpu.kvm)) + return !(vmcb->control.int_state & SVM_GUEST_INTERRUPT_MASK); + if (!gif_set(svm)) return true; @@ -3458,6 +3543,12 @@ static void svm_complete_interrupts(struct vcpu_svm *svm) svm->vcpu.arch.nmi_injected = true; break; case SVM_EXITINTINFO_TYPE_EXEPT: + /* + * Never re-inject a #VC exception. + */ + if (vector == X86_TRAP_VC) + break; + /* * In case of software exceptions, do not reinject the vector, * but re-execute the instruction instead. Rewind RIP first diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index a3fdc16cfd6f..b6809a2851d2 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4018,7 +4018,7 @@ void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu) { int idx; - if (vcpu->preempted) + if (vcpu->preempted && !vcpu->arch.guest_state_protected) vcpu->arch.preempted_in_kernel = !kvm_x86_ops.get_cpl(vcpu); /* @@ -8161,7 +8161,9 @@ static void post_kvm_run_save(struct kvm_vcpu *vcpu) { struct kvm_run *kvm_run = vcpu->run; - kvm_run->if_flag = (kvm_get_rflags(vcpu) & X86_EFLAGS_IF) != 0; + kvm_run->if_flag = (vcpu->arch.guest_state_protected) + ? kvm_arch_interrupt_allowed(vcpu) + : (kvm_get_rflags(vcpu) & X86_EFLAGS_IF) != 0; kvm_run->flags = is_smm(vcpu) ? KVM_RUN_X86_SMM : 0; kvm_run->cr8 = kvm_get_cr8(vcpu); kvm_run->apic_base = kvm_get_apic_base(vcpu); From patchwork Thu Dec 10 17:09:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965827 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 62BA7C4361B for ; Thu, 10 Dec 2020 17:55:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2AF1C23D57 for ; Thu, 10 Dec 2020 17:55:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392810AbgLJRxB (ORCPT ); Thu, 10 Dec 2020 12:53:01 -0500 Received: from mail-bn8nam11on2055.outbound.protection.outlook.com ([40.107.236.55]:12128 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2404085AbgLJRMx (ORCPT ); Thu, 10 Dec 2020 12:12:53 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fL4xFwSZ07x7dF0WPJJOLo0Gi4Qv+AEYXBz4yNA2EHVTN3q+zMXN8z/h9iCQyiGesx5HZ4t0Ov+rdk3VsDMri+YlJkp7BH2BPbuBJ1ZUQQkax5ecSWorF/sezxWa0m4YlQiHROGolkhHuq/bebR0cGxakk5DkR9hVp27ohdupypmKxCvwUaUQHvHhV5Oe1OidMC5EFHHUMJHMoSpTJ/6OHSX6kDMmsqa/o17BwqDlNLbtUytPvD0+o1RSW4GlvELeJqxhVBKP+TUucBUNP4IBDIZdPk2VBG0K1Saw762QfTPqFL5ZNIKW+cbDq5K5JQsoDcB46Om+k4NJqWj2f6/QQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ManqscXx1DPKr4nXvgMBJE6/JjqscpgS0t1WaoEyDo8=; b=S4ip3XD9EcG2Vp/drM5+HaFmLqIW9laoGvlcMjAMsOBEBW0DKaxbJ80YTrc/QhZRAPuhGnWnQmjAO/ceRcLed5/H35LF6q3cy4RbVazfyrOy+Rmdj8owgZ8pBwan99uP2Niuthfs70Cl/TMIl9OY6EYhdC/9ebY/gCrXNCMZh0uNCLEmzYr2NQW7BEHRRlO2ausVbr0mcdpmgxEXn7uQJlPb5VvKAGxrWkN2GdYU0mp+XeTMi8xGdlDWqGzhzbuaY39JLc7/JD0QAAODSNf2UjyBZ7WIgeGyvcPxY9Ydh6PXEB6rCM8h7w22XdP4w1FexlhMXCRky9m0VI6t2dteBw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ManqscXx1DPKr4nXvgMBJE6/JjqscpgS0t1WaoEyDo8=; b=uj6JSjT3j4Vco87gqL3daa8fPKfJEEoeFeyN8i6LEXckalvoXCrQe9jyMqtbMDzsZiESD4lGjtbm1Qgw4B46Ng9faaS5VHcjCxwjbYxrn+mGtpWCvuqPQPkXnujYpYAX3rAU1GMsctqQln29S5oPSKBk7sda50QCJP1yDKTTpZ4= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR1201MB0149.namprd12.prod.outlook.com (2603:10b6:910:1c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:11:28 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:11:28 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 08/34] KVM: SVM: Prevent debugging under SEV-ES Date: Thu, 10 Dec 2020 11:09:43 -0600 Message-Id: <8db966fa2f9803d6454ce773863025d0e2e7f3cc.1607620209.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR14CA0005.namprd14.prod.outlook.com (2603:10b6:610:60::15) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR14CA0005.namprd14.prod.outlook.com (2603:10b6:610:60::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:11:27 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 435bebe7-0d09-4427-5b6e-08d89d2ea22c X-MS-TrafficTypeDiagnostic: CY4PR1201MB0149: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1002; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: nWnAwNsFNevNikluVCt1SxKAhpd8WcH9RdCXoW3PeDWIhUg3X3fFBDWZJa9lGZKGo1lSumuMGZZamCjrFe4BgeKM+zNTfvpFDmaNbRyFcwkn80DTXsk6qYB7UmYDI45Jz7QyxYuSBJLn7qfWSMR8W389pbdMxJu2SzGIxrMVlQBabLdtDT1RSLyYNLNORIboaJSeMsJ4s9jfNhMNV4XTG/zy7LATdGGKdzFCYhpZjd5eCrZZLwj7yhTLjsKuBwFTt26k0zSMnC8eVELe78T6nlRhi5sESbD5GsMOJ8AblSusOhqdZtpEseusDsRXaR9OgGUi5pjN9vMvCnsVuM0Hu3GEBGJMJRSXBJ0PNNmtxbKDX6txfQkFeCjRnI6XLVVt X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(376002)(366004)(2906002)(5660300002)(6666004)(26005)(52116002)(186003)(83380400001)(16526019)(54906003)(6486002)(956004)(2616005)(8936002)(7696005)(508600001)(66946007)(66476007)(36756003)(8676002)(86362001)(34490700003)(4326008)(7416002)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: p0cSEMo0U8BSlgiGPa/jiCH0wiJ0vdQbdCxVzJBHKqvG8I/M2I3dgK1O2TGHlxdXQ9PmM+MVzPvESrDSXM3jMpOf4JdllnDCZ8ta0C8QBi8yR3547fmHNUD5TjUpQTC9K11cUNFiqk2NJrASqImgFQwFydouP1vE8NBqZJfcLa4Xe2iLMkpR05SZxsy8umhWeNyTXmUP787x8nWK3uz/X6jqnNPvGPsM9qWe88VbG5ZAFyIQ/ayny/Kn3X0Nr08Z9QbhqhcLQp9y3Lg/pVP2f73RQ+vO8p1DuvBpWxNf2HmWJyEInRodAbi68BD1rlkfs8uxX05iDNqSbKf7aFfXlPZUeMH4U0l+/gzlRQgJ27doG9xbes5QnH67+4B9c/WvU4WRhowAGye8rlEte/3LCcYr4l64ZfiE/wNkyDYov+vm06GuAJARmHO7d0B6CGos0Xsf2eJiAPmA+FlndTlCaCVSvycxnGBhqfVS9kIm0F2+L+JahsZOvMiVwP+ZYtOayEzViNYusnWnOdG6V9/s+xURKhbvMyrhm8HV+d8vyJjtTP4NDiJD+0qborIo+TdCtqq2kXSRYfmxGLtdARv4277o4mgyS6wDxN1q8mhqbW6ZRBknHjvDvwikFsEGW3pozSJ1/2CvPGCfNPTbtCK3gY0HCQY4z0CJHTX2eg1lee5sxNGK3C9tldEldTG5kpqjtYquL3+xgdc497aqC5JJ6JYwxlL/o1cVqKEmcnCiecIyEeRcuDv9ulaUulovaBEgDEFRxReY+J8IjDqnF7qMm8cQiDm6584q2XySPXaSwMrC0xxSysEXiZdihfbZPSnsORcPgiaW31y8daca/++iKIYbuIeSD7SKe7NdsjS9iVQxY0oWjfuI8+WXiLa/lpFZ2w6oNYnLF1JRSdrwWTNRU5/p3beV/gK3/y7Up4Tpj85jkSn/OiLNc3LQSnA3LVN9MHjeoain5o0VFYphso9BYreKDggw+I0RrNaTOeX1343FjGr3OfvO0QIBnkJtDkaF X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:11:28.6848 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 435bebe7-0d09-4427-5b6e-08d89d2ea22c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: A4Hvd2oJA4V4LTJRO7nR80Df45/OG0q29rLf2pZxy8rLsVuhx+8SiKGuTyi1PxBe1r9sPrJLaq5YNPOoX3b7rw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB0149 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky Since the guest register state of an SEV-ES guest is encrypted, debugging is not supported. Update the code to prevent guest debugging when the guest has protected state. Additionally, an SEV-ES guest must only and always intercept DR7 reads and writes. Update set_dr_intercepts() and clr_dr_intercepts() to account for this. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/svm.c | 9 +++++ arch/x86/kvm/svm/svm.h | 81 +++++++++++++++++++++++------------------- arch/x86/kvm/x86.c | 3 ++ 3 files changed, 57 insertions(+), 36 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 857d0d3f2752..513cf667dff4 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1806,6 +1806,9 @@ static void svm_set_dr6(struct vcpu_svm *svm, unsigned long value) { struct vmcb *vmcb = svm->vmcb; + if (svm->vcpu.arch.guest_state_protected) + return; + if (unlikely(value != vmcb->save.dr6)) { vmcb->save.dr6 = value; vmcb_mark_dirty(vmcb, VMCB_DR); @@ -1816,6 +1819,9 @@ static void svm_sync_dirty_debug_regs(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); + if (vcpu->arch.guest_state_protected) + return; + get_debugreg(vcpu->arch.db[0], 0); get_debugreg(vcpu->arch.db[1], 1); get_debugreg(vcpu->arch.db[2], 2); @@ -1834,6 +1840,9 @@ static void svm_set_dr7(struct kvm_vcpu *vcpu, unsigned long value) { struct vcpu_svm *svm = to_svm(vcpu); + if (vcpu->arch.guest_state_protected) + return; + svm->vmcb->save.dr7 = value; vmcb_mark_dirty(svm->vmcb, VMCB_DR); } diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 80a359f3cf20..abfe53d6b3dc 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -199,6 +199,28 @@ static inline struct kvm_svm *to_kvm_svm(struct kvm *kvm) return container_of(kvm, struct kvm_svm, kvm); } +static inline bool sev_guest(struct kvm *kvm) +{ +#ifdef CONFIG_KVM_AMD_SEV + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + + return sev->active; +#else + return false; +#endif +} + +static inline bool sev_es_guest(struct kvm *kvm) +{ +#ifdef CONFIG_KVM_AMD_SEV + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + + return sev_guest(kvm) && sev->es_active; +#else + return false; +#endif +} + static inline void vmcb_mark_all_dirty(struct vmcb *vmcb) { vmcb->control.clean = 0; @@ -250,21 +272,24 @@ static inline void set_dr_intercepts(struct vcpu_svm *svm) { struct vmcb *vmcb = get_host_vmcb(svm); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR0_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR1_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR2_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR3_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR4_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR5_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR6_READ); + if (!sev_es_guest(svm->vcpu.kvm)) { + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR0_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR1_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR2_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR3_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR4_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR5_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR6_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR0_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR1_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR2_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR3_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR4_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR5_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR6_WRITE); + } + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR0_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR1_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR2_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR3_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR4_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR5_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR6_WRITE); vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE); recalc_intercepts(svm); @@ -276,6 +301,12 @@ static inline void clr_dr_intercepts(struct vcpu_svm *svm) vmcb->control.intercepts[INTERCEPT_DR] = 0; + /* DR7 access must remain intercepted for an SEV-ES guest */ + if (sev_es_guest(svm->vcpu.kvm)) { + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE); + } + recalc_intercepts(svm); } @@ -481,28 +512,6 @@ void svm_vcpu_unblocking(struct kvm_vcpu *vcpu); extern unsigned int max_sev_asid; -static inline bool sev_guest(struct kvm *kvm) -{ -#ifdef CONFIG_KVM_AMD_SEV - struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; - - return sev->active; -#else - return false; -#endif -} - -static inline bool sev_es_guest(struct kvm *kvm) -{ -#ifdef CONFIG_KVM_AMD_SEV - struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; - - return sev_guest(kvm) && sev->es_active; -#else - return false; -#endif -} - static inline bool svm_sev_enabled(void) { return IS_ENABLED(CONFIG_KVM_AMD_SEV) ? max_sev_asid : 0; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index b6809a2851d2..de0e35083df5 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -9671,6 +9671,9 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu, unsigned long rflags; int i, r; + if (vcpu->arch.guest_state_protected) + return -EINVAL; + vcpu_load(vcpu); if (dbg->control & (KVM_GUESTDBG_INJECT_DB | KVM_GUESTDBG_INJECT_BP)) { From patchwork Thu Dec 10 17:09:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965823 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91022C4361B for ; Thu, 10 Dec 2020 17:53:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3AC5E23D57 for ; Thu, 10 Dec 2020 17:53:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404090AbgLJRNO (ORCPT ); Thu, 10 Dec 2020 12:13:14 -0500 Received: from mail-bn8nam11on2059.outbound.protection.outlook.com ([40.107.236.59]:9021 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2404093AbgLJRNG (ORCPT ); Thu, 10 Dec 2020 12:13:06 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=m/5Pn8swLfl9LCFLE/klrBtTK4WQWZjw+xDCmEcix4nWMOSg9W3++mUwx41jMRNjxA9/5/DyOeIVcg5RauerWdqFogQjS0q0NuhKhP1sRj8MH54v0fvN07AmZHc1foMO599jbVW2slR/xUepFZV/ug9u2q79bwc2uUQBrtzzYBv7GKlEMsjx3vvsI92pqVmefgzuXVleWAgKF7tCqwIL7vic2nAW+cCJ5XezvcfmhCZD2Oz569rCDWSnJiHjy8LcopmlqsyluhLH0v/B9uyZuqlrK0KrASr5MjCjevzrE7hc+mSdZUk0uYGv7Ccln426yi/bmSMup1btvtDWseCZCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mYdbnSKGYQP/x7bKIVwcDc+Rq6fPEQuGozEwPif3lFs=; b=Z0uOPsW9LtTNkF2n59FYeEBbntGBtqElDWV/dEWVPBwps+WFv1MUehcXIahfBTlL8mQyjtNPHsZYe5xZqmBueAp1XryyRFU8kPjzpJqAfU+uMxxsaHktCu+TqR+8u0FwWwxM1w2YHc4jqzEi0vPkE6h498WAEToh9Qn28QjnqRDN/qnCij4oh3Vps5P+ZSyVlBz4e4nEX3UNWnYvg9CqFkgWrgdIS7vagFoOjsxfHxW2ba9MMxWqBsf3y7TSqL1JEjpGtI0pf1akmMxJj35swVDA0Qj/5y9GWNeyN8O+RWBWwWTQOzy2hZs77bqDBgjKh73O8BRgQ7d9SXZCmhycFg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mYdbnSKGYQP/x7bKIVwcDc+Rq6fPEQuGozEwPif3lFs=; b=V+n11VMfUbVvqIUg//EgcZMHkrDFq5MZl/OT6HpOep2fl0QYlyMUj32ypUZQ1WZCtJlutRq8uRCuPu1xi1JziyesB7c70JzG1K6TUznfswI1nJAmuQOnJApEp3ZbPhQynJ0KAYV3aNrQkLOOhEhQCREZPu3gY8NgZKtq2DtmcPY= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR1201MB0149.namprd12.prod.outlook.com (2603:10b6:910:1c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:11:38 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:11:37 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 09/34] KVM: SVM: Do not allow instruction emulation under SEV-ES Date: Thu, 10 Dec 2020 11:09:44 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR14CA0029.namprd14.prod.outlook.com (2603:10b6:610:60::39) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR14CA0029.namprd14.prod.outlook.com (2603:10b6:610:60::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:11:36 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 3713e4f8-eb10-45db-444e-08d89d2ea7a6 X-MS-TrafficTypeDiagnostic: CY4PR1201MB0149: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1360; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: JPanh++fsw6YYe4zob0y7Ql0QXK1/xCE4h7ILMyzzI4Vh+djmb4Ds8wN9T0m2wdKWViEoDzWKqfvGw3Vp52PCPqEoV7AaS3GU9Xw3VM485OZaZ13+VU+e4HIWPnS4SaaOjL8WA4ijVPqfDR32db0YVktweZEiAyMsl24TJotYwyx6Hfhs/VeURLXhda2/bXhYCCf3bDdgHY+xAqFKbH04x34hcDAsRumXWpH7zPmgt0B1LJIhpEzgOwiBQ9cT6V+6HggsKqlPvPxBtC5ktlr9mTMScCuHL3oWSAWTmdHv4B8orhNTl0n87eZ/dup/fS2qZSqGPJHZYdKLZMnroAl4xHwMLAZ6fgTJrkg+HzWwSLkgqvXVanfMjI/PPQWhFp9 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(376002)(366004)(2906002)(5660300002)(6666004)(26005)(52116002)(186003)(83380400001)(16526019)(54906003)(6486002)(956004)(2616005)(8936002)(7696005)(4744005)(508600001)(66946007)(66476007)(36756003)(8676002)(86362001)(34490700003)(4326008)(7416002)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: Hle1YakMHIAX+qfcK74TVqygRdE9n/sP1JqLsIOjNqaYu06KTZs/gVzIdAkEIjc2SycH1jQBl6IIb9iRnHDt6x8UW7GY40vYqY8HUe8YMht3h30tqp/L+38TJnUcrltGB+kESLbtrrDejlUexcuMvt8zTxlvJ7rxTfhnmz3UmtSiXRnrsIpC+4k/0rfNdJ9cej9vu5ju5ObkR/YWzVDkgc/HX4yLLiJ8QPJ+BFmvltapqEESU/dOEiB68rb1TKOLIhB2EpgtY0817YuIp5kT4FrizpShUXbbm82DOD/mXopUT2O7D3cGFQyKNBjwAjtv3h13rUpa5sDUMpSpDCcP/x0j9nXcIpij98RUlr563k1YaORZ3Ndn1opI4E5rbwqEZ0aLz0YEzEWE7CSXHcq/k+nuhssAGnjH7qj+cqkqy5opVrzoSj6kAWn6LYLYmJnj1gofbZdj91eMsQ4MuES21c6uINuQc65hieONJ6fFhpxEobxvQYeQaKjDM+yHC1kmgWGBfzfnG6qK/MgxcShhVLi3KFzwKFWQMsdE1OGSyFsnPAo9s5KqP9SgGHlt7IKrccvmU/KNDvObABWASlLhjYqObNxPR/yzNXk3EtoF/O3gHc7nxRkJeWnsTgDZerpTzz4k92AAuWGjLk9gxUy+B2MJ8ZsQ5dBZSrAQFeM0ozkp1anai8syN/KAzK7hr6u4BQZuF/eiaRRAc9BuzuiUzvxq9HvSCrWF9aA+B1yskgbTfKblRKxQeuWxqBrHxbzPSlqbgf/WvH42PX0npMKLZW7NBNzFB8PKswVUxmFfKPSBSXbt3ltyfefeGxyzCqRWtVE30hSsrXelnAGjyYk9c91LmuZzhOfUVgvk2V8x/yS+SD4uJQ/klYJrx3lCGsil8JmObLL+WDMfFhP98AYTcoW5sFZmqPTxt9jlz610THaa89DKKnF7EJkFHGutQC1ose0oxDsxLljk3xuMxpP7qwAjDKyS7XUA16Jr0BQRujFL0sd6ULAgVitafFfiwxQC X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:11:37.8383 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 3713e4f8-eb10-45db-444e-08d89d2ea7a6 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: eyJ04fmKTt2XrzXkNs3XtyGf+Y1Z86oMgVa1cFFQvGEORYv9rrMx8U0fTqOxWmp7K6djoO9H9BvVlpEwhxvGCA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB0149 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky When a guest is running as an SEV-ES guest, it is not possible to emulate instructions. Add support to prevent instruction emulation. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/svm.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 513cf667dff4..81572899b7ea 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4211,6 +4211,12 @@ static bool svm_can_emulate_instruction(struct kvm_vcpu *vcpu, void *insn, int i bool smep, smap, is_user; unsigned long cr4; + /* + * When the guest is an SEV-ES guest, emulation is not possible. + */ + if (sev_es_guest(vcpu->kvm)) + return false; + /* * Detect and workaround Errata 1096 Fam_17h_00_0Fh. * From patchwork Thu Dec 10 17:09:45 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965723 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BD2AFC433FE for ; Thu, 10 Dec 2020 17:13:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8B69A23D56 for ; Thu, 10 Dec 2020 17:13:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392550AbgLJRNY (ORCPT ); Thu, 10 Dec 2020 12:13:24 -0500 Received: from mail-bn8nam11on2055.outbound.protection.outlook.com ([40.107.236.55]:12128 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2392117AbgLJRNW (ORCPT ); Thu, 10 Dec 2020 12:13:22 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Fw6hfw6lgpIbfnmHMLYHT2G/6/+1fI7baWiFUFAEXTUepPOn2Ro+kCgCm6r9iLzxN0ArGVsGqsw/WWYXaucQ6hgu3WbkhZFJ/Ha5QsECJt4CN1/0u4u9XAM/fdNJRYakW8WQL5men8ak40sZ84zBLvV4dL9CXJvxdkBi8Jd5jEwAoRJQfHQthn5blE7ceJOmb3/SJEc9GuDACyFs6AK7Uw88Ce3viIwL2OjaTSyPqhhm0J1sUA6elZB5h2ZwvA/RIab/lZ6nusDWZJVKJCO3F0F6Dk7e9xPdMQT6yIhLEqxOgqqYHmABjZY3p5XQAy+SJHSrEYMmbTYC9eDBB142ig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HP/5Th62f8/BaTNryP9EmMDjhB5bsdKIYw1YeOXgs90=; b=E34gG3JqZpmlllUpJ7h8gvYnthlhkxLcz0QKyI22xm2uuY6AYLSMzCvypFloZ4ObdJ1uE7wh0L+IejDiGxsq0W18K5IOvA6u7eCNQsPbZCdCXkjWTxf/zSKchWZRz1sIT8pLMj1BWiARumZEpeDECFALQCt6wtbmDgY9AQ6KmJ3hSi7duxGsrhRrLqh/IkTcL7WxmEwyRvHuee1E0VMGmM7//Mtl8aQxX7Tx7wwZf1gCZWU88NuLZatnM84YdoqoEzB4RZF6mSwYkQ3op4CD2+Z0wBTQezNCd5dazxARXwU38mLYTOGVQg2EhekwijgvCuzWDgrwKRmMu6nBNu/3Jg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HP/5Th62f8/BaTNryP9EmMDjhB5bsdKIYw1YeOXgs90=; b=itf0s1V2oyiEMsKrLD9adn6Zu8avhxzvhBpY/qhqcodXIgzB7XAwGRpEbVy81d70BNwjB5XC8jfxpTr4dQrkzC6g7ea261zqB8QHpIfy6sFeJgrn822Dc8sdPxE/7V+4SXZpfe6BiMG5no/8HWujXEE1Jf+u+HjavnrDqmlhgy8= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR1201MB0149.namprd12.prod.outlook.com (2603:10b6:910:1c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:11:46 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:11:46 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 10/34] KVM: SVM: Cannot re-initialize the VMCB after shutdown with SEV-ES Date: Thu, 10 Dec 2020 11:09:45 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR14CA0012.namprd14.prod.outlook.com (2603:10b6:610:60::22) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR14CA0012.namprd14.prod.outlook.com (2603:10b6:610:60::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:11:45 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 20998994-1242-4bde-6c23-08d89d2eacf2 X-MS-TrafficTypeDiagnostic: CY4PR1201MB0149: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4502; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: G3kSDLlmZ5T2zqY8AtivJpUzRHYsIFey0Mq5JUO6rD4m3BlkhrZzYmi4PjPqXbXPTihmwZ66pFER50FfNqatwzqYo1/4O7WastWnhyrAuZImc18LV7i/XeIBU5zNzXk2fClLBfrJigLYtZ1I6WOuOokQMkqRt+7vqep3Qu0o3GvDeYz//CcBR8q/QduRGSA5gMzQqum7ZPf1Ic6qusAVDB++nRDiqX2HKzRl8LSWaKAkewvYlI75lnSpOCNcxoD/CP4WkVTlwgVXygDxs6RK9OeZI0P4perz+5vfNIkhGdMza5CCyc63oURiX0okYmmJ9aw5ZngpRNSCaEJhQerJ8RAZoXdtGHBroTvsVgt+0vfitBrqQPhmi2FU/yvP8anN X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(376002)(366004)(2906002)(5660300002)(26005)(52116002)(186003)(16526019)(54906003)(6486002)(956004)(2616005)(8936002)(7696005)(4744005)(508600001)(66946007)(66476007)(36756003)(8676002)(86362001)(34490700003)(4326008)(7416002)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: WVOS24SFBbkdMb4UiZaEYBMVays56Cwszg7Yc2QqBTAAQbwteMe68Un6l4MaPyYB+BfNZ/2d/UWuWeAutn6bOAptoYyb/OdVev9BDt/QxD0iIbH8aXTzj2CJdFOS0mHVmE+888dGF/l5xABm+ZZ0XnZEgH8+LPUITpKcNDY46WyzfemWP2IqNN22xgq7LBtg856eNP/9zaYwBvhoSWM5W3eCJR/bwZ2U8OW03GbcHHv0JQz/kDJS2j6OPJizIjWrftY6Fn7fNGHKOP2i9rRRcfHSgtntRJ3j+aEniEZtKj/v6grZE6OLzMwJtB11yf1lfs014wKMIk7by/yahWLaF8wSJljpVOXtKOts0I0lgxltYAwOQOx9MIhyF1suA2yuujzRf85GIQ4gwyO9zL/G0clw/gZPkgP9WHSK8SSyR/ETSmeinDHz7+6fSiMO3e/Oekrs4bd30pYd3FzQQjDtP2O3KnFPPACCzm+OogElDJFvjYQxRKZPXLAd7sX8oPV7b5vgD4S5bE0w/CW5Aaych/z7vllRJw/NmPnwuVj7iJZkdPD8KUfhbIx2I+07HzBsji5F06qHVaPNpqeSy/5a2a5lbeZpsux7BWeJxM2dPKm7Tc3qQ4/X9gGnqa8QKC1zTF4YL8Zs/zIrX5s/+Xz+4o+XKEoUN+DrSnwFCUst/uHrwPlAPXAsp/sRn+iYVx+GW0JfI74zz+ItlSCGWoC3OtrqHvnbZJrVQ8VmtaPvhXS4Vf28hR7ztM3d1eXYMMbclBP7biIkJNy19iYVUtHbiR5380NqhzokrrPm4fNbcuGihVups8wSZewSNB5+Wjs7z99Ss/wUHed1ib2sVEnq4Zjv5uldGQWuRImVGMHoQIcL5aKqZzcieDfcVi1WZOnAGA+oLtAATdWtugJ50e9NyQox86CrwjjzcaZ8oq8Vo0dlKb7DFYYypn33LEK2bg2c/9+6YdwMMQaKzVGGfSH0epQA5+wPJfZnPXG/fRYG65/CRiyavl70YeuD31CD5aCG X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:11:46.7330 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 20998994-1242-4bde-6c23-08d89d2eacf2 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: QInn8f+M0exGxK8DnxOzfKAv7AqtLizHnI5D8EokoF2iPRV3BTV0CYe9+zPWP9Tp87hbi8GdXmaZhIWK0JeafA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB0149 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky When a SHUTDOWN VMEXIT is encountered, normally the VMCB is re-initialized so that the guest can be re-launched. But when a guest is running as an SEV-ES guest, the VMSA cannot be re-initialized because it has been encrypted. For now, just return -EINVAL to prevent a possible attempt at a guest reset. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/svm.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 81572899b7ea..3b02620ba9a9 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2030,6 +2030,13 @@ static int shutdown_interception(struct vcpu_svm *svm) { struct kvm_run *kvm_run = svm->vcpu.run; + /* + * The VM save area has already been encrypted so it + * cannot be reinitialized - just terminate. + */ + if (sev_es_guest(svm->vcpu.kvm)) + return -EINVAL; + /* * VMCB is undefined after a SHUTDOWN intercept * so reinitialize it. From patchwork Thu Dec 10 17:09:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965805 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E60C5C4167B for ; Thu, 10 Dec 2020 17:50:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 87DDB23E1D for ; Thu, 10 Dec 2020 17:50:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392555AbgLJRNo (ORCPT ); Thu, 10 Dec 2020 12:13:44 -0500 Received: from mail-bn8nam11on2059.outbound.protection.outlook.com ([40.107.236.59]:9021 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2392489AbgLJRNc (ORCPT ); Thu, 10 Dec 2020 12:13:32 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Qek+XS/7pdg0pgT04Ql7dVDEwxvwxXTu/N0TTR+T4cHrFdDevyjCSx9sh8mTqTeYalUekkc6Wy7B/CMm3iqRvExEorhMTtKbUsWvZjLurtQFLEsxLgm13FERxr4srQZ4t6gepFvJhkUkUd2OHQ/Fli9a0+uSltAevDuY5BDJ5M5MezN+9RINFuve2F6T5w7skL3ovMbuVWqKS9Hm95HiTC4Ue7nOtZmPcsncN9I1LZVbKifHdCMV8iGsvsI9kwtT2uWWhepRJA4sexpWYu+KNVv80vCrtydr7Z4421j6Em+y57LrUrOHwIJsX7tFPaVE1zAgY9AHuZIkf+nS5k1Vqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8CmqtN4gBaYiDKhaGn4hwAyhEc/1DYcFY65MrkQf+5I=; b=g1JHLk3kIe3X4bhAbbEZBiDgJotGjaczhfAGgx1HTXsfkZzoAkhWizTxfyM5kVMxKAWkqfJM1lMOvRIAtKDvdFW+HQTnESdpZd+MetXS40Cpsw6c7OLZRlYaVbA2nEGBGY5QN2E1368n62R5wVMiiPWwcrfSk3dvsiCYjWGOLKYP+gFf/Ah+GK1IYJ0Vyc/34yNh1Rc1F99cfWwIA37F4qc4d4xTW51Qmr6qXalzH4+3aBHyLwM8MEB9oL2W59JpaVa/tzGXUYLmZGeIG+u8YpTlhz9N78pYhTuY5/Lw2NWrRzhom2VMcFVHlPsThct4vrUYGh83JGAwtoqLkpW03w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8CmqtN4gBaYiDKhaGn4hwAyhEc/1DYcFY65MrkQf+5I=; b=g5szKvevR5Aiv06odTccjv6Qs+LLWp9nczMS+mIJUCBIi2Y0/+QhuOF2/N9qCqcAPRIDVLWy1TQjGth/LggFAIaMMxiTqIiNtaUqFN7NG5XvUDaWLGt4qoQBRSgtzw6fH/pl5qzS1Gpkj2hemq7w5IlYTt7enVWASzt3Tp8yaqo= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR1201MB0149.namprd12.prod.outlook.com (2603:10b6:910:1c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:11:55 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:11:55 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 11/34] KVM: SVM: Prepare for SEV-ES exit handling in the sev.c file Date: Thu, 10 Dec 2020 11:09:46 -0600 Message-Id: <5b8b0ffca8137f3e1e257f83df9f5c881c8a96a3.1607620209.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR14CA0009.namprd14.prod.outlook.com (2603:10b6:610:60::19) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR14CA0009.namprd14.prod.outlook.com (2603:10b6:610:60::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:11:54 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 06d0c3e1-0283-4f7f-1676-08d89d2eb239 X-MS-TrafficTypeDiagnostic: CY4PR1201MB0149: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5797; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: D18yWKl2Dv+C0zqpiP7lN7rsLFnYiElCTiuTQ6nq6bfLtc+uWXIGo0KWWOkwY6TKfRq/Qf7kXL39YzQPuEJkuby+3IB4cMG9qS6SSEOpWJif9RNeq7Ae9xgLs69jeMlOGNAohdyb4SvDBjxb+wq6z9Y72PnXM4ukw+LbF1vMUnxsgUSWtDG2+BWtTs1imnTpAfArdb0eVPA609cR1oSRRThnuqejn3/Kxcd/Jh6tj1QOCsbL3yNpWwYTZBdzXQyd+CLLkevyHhHggOakLf+wIRgE/Gu54KBlewYlDaePHoe+j5BrRXfhC0+7iOSm1B5m6CFoxFLhbzQtVk0Axa1pWET+Bs3RkSA8yvEBXm978xLW+vgh1WwGJ5dFw77Y6IXc X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(376002)(366004)(2906002)(5660300002)(6666004)(26005)(52116002)(186003)(83380400001)(16526019)(54906003)(6486002)(956004)(2616005)(8936002)(7696005)(508600001)(66946007)(66476007)(36756003)(8676002)(86362001)(34490700003)(4326008)(7416002)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: 0AnR5bse5+04dFzo4qxxL0/LHzhBmiqYsEkq/pbAkTO6POdjkWOid+EQ+WmGwhjdxWV1diT6kYk/OoEJYB0ml4wY8GnClSi/scQnz7DzJjNBsxIFrSCRLRJfPFiaPr8tzpACACQa7JSqxGVKG9z1oSOao+K8d14meo3hLAwm5nEHhaPbOHwZZLUIxunAPsT56MfX5KvM+LPRKDAqUfpMQZoUPv2lNTtV6xbcBpiLvPJ61VHCp0oc9Zv53mYgfmJp1MDDMSIoFCqbE/0NO4A3UkMoLCYXJvnXyFjYP9i59pMfA8OBhuP+vT4GdFFjW93ItV/ZawfCFbPB80Ww6zlrBTf8ElV2NXUCvOdcH07QcotwgaXNQHgAeNqnZ81D5XCLj6o89THeGEOoz/9xgvSrQjiy7rFeU0OcSdCOlRyJY2AIVHEv/MWXDlmlzvc2ld3BWOtW9eV2epnlaqKdH6oqUqNfM4o2HDd6+NtT/m2qlq/1xxhiczF9zSqwhqZRk2RPO6Oc4tKLc1BWA8jN6gdze3UAhz+b/Qb6k3z0dBOepbU5k/FDdT1ZdfZJARigG2QLEboxspKHRueMzsQTaa8rxUv0xnzcn+VPfB+hXatUAYfWpRUhmsITzYq2x/mm0Xd13vmd4X9UEXJoThXDQ15D0J17rUQu1GIG8i05IulPaZrRw1fbCvTQcawDXcDQ12mCFHVe/KUKJmKZUilaFEBqnULB6dNevywNJ5nzdpeOh5lw/gs/a0TIxltxl/TyQ66ZJQOTAyYQPY/iHpzH2TfJtb7OYhvFL+dXqg6GBx5P6o3DPTrSq5i/Ua3oVkVxVZtsre+XqRrYSyebsO/BAbhaVaiV+0oEZUm61q35aARjSX+bonkaezqHeqyML8y6HfUg7uqPNdNyLSlBXJ+rj63y8dr+qb85iVliiLj81vQj7KUOCtxgQke/jeLSO+qrJaM8iL3DzGiPPcPsyVp2ndUX/glXKiKwKfJN+i1Hsua5yz+QNmt8A24r5+JKNXtYsowu X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:11:55.6017 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 06d0c3e1-0283-4f7f-1676-08d89d2eb239 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: WUeKvcRild/cLPDI8LJg3ZURo9NgsN5RICn22nmtlP8RIL2n18xKjzjxfPd63+cMKEMrhMqfIzvtHFcRGNkegA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB0149 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky This is a pre-patch to consolidate some exit handling code into callable functions. Follow-on patches for SEV-ES exit handling will then be able to use them from the sev.c file. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/svm.c | 64 +++++++++++++++++++++++++----------------- 1 file changed, 38 insertions(+), 26 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 3b02620ba9a9..ce7bcb9cf90c 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3151,6 +3151,43 @@ static void dump_vmcb(struct kvm_vcpu *vcpu) "excp_to:", save->last_excp_to); } +static int svm_handle_invalid_exit(struct kvm_vcpu *vcpu, u64 exit_code) +{ + if (exit_code < ARRAY_SIZE(svm_exit_handlers) && + svm_exit_handlers[exit_code]) + return 0; + + vcpu_unimpl(vcpu, "svm: unexpected exit reason 0x%llx\n", exit_code); + dump_vmcb(vcpu); + vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; + vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_UNEXPECTED_EXIT_REASON; + vcpu->run->internal.ndata = 2; + vcpu->run->internal.data[0] = exit_code; + vcpu->run->internal.data[1] = vcpu->arch.last_vmentry_cpu; + + return -EINVAL; +} + +static int svm_invoke_exit_handler(struct vcpu_svm *svm, u64 exit_code) +{ + if (svm_handle_invalid_exit(&svm->vcpu, exit_code)) + return 0; + +#ifdef CONFIG_RETPOLINE + if (exit_code == SVM_EXIT_MSR) + return msr_interception(svm); + else if (exit_code == SVM_EXIT_VINTR) + return interrupt_window_interception(svm); + else if (exit_code == SVM_EXIT_INTR) + return intr_interception(svm); + else if (exit_code == SVM_EXIT_HLT) + return halt_interception(svm); + else if (exit_code == SVM_EXIT_NPF) + return npf_interception(svm); +#endif + return svm_exit_handlers[exit_code](svm); +} + static void svm_get_exit_info(struct kvm_vcpu *vcpu, u64 *info1, u64 *info2, u32 *intr_info, u32 *error_code) { @@ -3217,32 +3254,7 @@ static int handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath) if (exit_fastpath != EXIT_FASTPATH_NONE) return 1; - if (exit_code >= ARRAY_SIZE(svm_exit_handlers) - || !svm_exit_handlers[exit_code]) { - vcpu_unimpl(vcpu, "svm: unexpected exit reason 0x%x\n", exit_code); - dump_vmcb(vcpu); - vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; - vcpu->run->internal.suberror = - KVM_INTERNAL_ERROR_UNEXPECTED_EXIT_REASON; - vcpu->run->internal.ndata = 2; - vcpu->run->internal.data[0] = exit_code; - vcpu->run->internal.data[1] = vcpu->arch.last_vmentry_cpu; - return 0; - } - -#ifdef CONFIG_RETPOLINE - if (exit_code == SVM_EXIT_MSR) - return msr_interception(svm); - else if (exit_code == SVM_EXIT_VINTR) - return interrupt_window_interception(svm); - else if (exit_code == SVM_EXIT_INTR) - return intr_interception(svm); - else if (exit_code == SVM_EXIT_HLT) - return halt_interception(svm); - else if (exit_code == SVM_EXIT_NPF) - return npf_interception(svm); -#endif - return svm_exit_handlers[exit_code](svm); + return svm_invoke_exit_handler(svm, exit_code); } static void reload_tss(struct kvm_vcpu *vcpu) From patchwork Thu Dec 10 17:09:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965725 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B58B4C433FE for ; Thu, 10 Dec 2020 17:14:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5D25323D98 for ; Thu, 10 Dec 2020 17:14:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389373AbgLJROF (ORCPT ); Thu, 10 Dec 2020 12:14:05 -0500 Received: from mail-bn8nam11on2055.outbound.protection.outlook.com ([40.107.236.55]:12128 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2392569AbgLJRNv (ORCPT ); Thu, 10 Dec 2020 12:13:51 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Rp/5Ag2zNvXIda3Eugo5/QyCA3SC9JiSSQ0JEng9iTDIOgaaW58Z1NCmQ6O/c583n1uKmLd8yNyevjbuiSQXTvyUCWsqhkTexyMu7Khxwl/VSO4xxPKy5k4I9x5GRsa7dyi75y0TD6HW8xXrDUwAantEWjPjxaKyPgOcAomsclMafrWfZmJVaMp+YUGg37rGVTupA9rQeJB8pDnjmQTqu9Q22tVeZurblemB2AW04cYI/rf9d7Y3sD+xzSVWOLTuMf1w6NUYZVkG3p+g36RmQYdAlwR9QKtzEvV7vZzDOpj70wvlaEKiE8OsIlohj4VMi/m+5xWNyy5j9KWFBS6woQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pCUxrJUr64eBqs6C+4VnRSOKpUKEqp7DF+Qa67yAxO4=; b=Bh2f3S0JGFNT1mkNK4pBZIGkZp8EQcPlvX+Hb5Koq7xIUuOvTQToehO0y6PUKtJn48pBcsIX6++6Wm6hW1q9xJcLLBhFDvT7KZIbD5HFZY/wfTq40PI84RyigKO+oIwYjABvLzTpcwjA+rzlTIG33qGHbWmwGlEjxH7gRG5uUxPRs4sZKI3LyUZaTYQUXA+LELK7qTqovjjDpaaWpiXrbqcbi3TU0c9o586NRt3NhBKEtgvZ24pTJXdVLkdLbOYKz7i8JCMuSi4qbWqkGR8th9VBcZSdSQKTfgXO/xmRQmIFr+kic8pQDxHbwQaZt83PYWydkMAMbrV3aqfadlN0Yg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pCUxrJUr64eBqs6C+4VnRSOKpUKEqp7DF+Qa67yAxO4=; b=RAJcFbt8d/jmP8EH+7nnIO2zQ1Xs2hvZyJyefcOvX8Wpnd1+U0Y1IxYhCUatOpL+WlPKJc12+k2MULPoTOcugKHt8430OS+9TcQtSvfsThdt4iNCeP7XeZJIjtjJCpA82r4q2i4/97S5U0rwlHh84D9XvIJ0Lwlz5mr39HTmJsU= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR1201MB0149.namprd12.prod.outlook.com (2603:10b6:910:1c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:12:04 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:12:04 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 12/34] KVM: SVM: Add initial support for a VMGEXIT VMEXIT Date: Thu, 10 Dec 2020 11:09:47 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR14CA0002.namprd14.prod.outlook.com (2603:10b6:610:60::12) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR14CA0002.namprd14.prod.outlook.com (2603:10b6:610:60::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:12:03 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 476feabb-15b3-4fba-9943-08d89d2eb788 X-MS-TrafficTypeDiagnostic: CY4PR1201MB0149: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: mIwWIgHqO/cBifvD9qCrrZ2Ef0qxUSYgs4rIxSeCqlcklmZi9wT/z+rCVeknS+VBxf2++n1eNH0gKWDUqvTuwyOs9M6rHjI/ZPjb1ZfGE1qcZ3h5uNDkzhdzaFPrt9ryeMHJ59Utwg+HKrAjUoPYly9SnbPKqjXv0VUk/HFSFfKpv7w3gEXduvINe1Qj3BcbYcYMYPXIe27El0NwobejwkIu2LQPRiwdNGNczA19sBO8YmCGXzrT7QHAMuJ8qv2TFqa6O69e4FdXxXNUDrFsaPFarWZEsHAR9sxTeZFUIhx3Cx5J4ggwru4ecIp1QCqInBLJ0e80r5o1lO+vPlwKN7IkAipPl3b6/G25gmT+aCIcNd+GB9GsA9dHNWDlFX4M X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(376002)(366004)(2906002)(5660300002)(6666004)(26005)(52116002)(186003)(83380400001)(16526019)(54906003)(6486002)(956004)(2616005)(8936002)(7696005)(508600001)(66946007)(66476007)(36756003)(8676002)(86362001)(34490700003)(4326008)(30864003)(7416002)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: AaKvSOZKP9I0Ds6YSAo/PbuRi/Sf/Ct3IPGHhlz+xEXuZbrmKyZDeryzo3Y5pi4UlKSb2jePvTHTtFP6jB4WVKH3HkCbZPtSHPDbNAFC8JCs7fWjIBjAacsd1CqxAvFZatfs5kmrwhkOLSc4PgTvzik6/KnOLMwiGVmHMeTrYwfe2wd0OyW+OUxv/TtFBEtSq7Wh3yzdjIQB4kVvCGVZE57vfsC1jooYF0zbeGKpR2JI9ks6cX5dG2eS7MvwdoepoY9uQ2QrvbOKFqea0baDGW46EzK/VyOinZyixlxo0QLy28zFO27+bXeHDNEIG3LJC4cdyLsfhDJySjZVgiNrtkz+tK2CZTGDhpfYg5PdkV2dYUSu/RRMMtUEhe/GhKpmwOkMD1XxKE37wth4i2QUvttEU07R/swS2zGpkMQiKBd8LILeWWE45uKQW1T0IQcqhPv5+/duDaG3QZas2LFlhVu5+g/XD9yNDRgBvDjJPhIjqHAiBRlJIPJNjaqRDHX2PdcHLOWjQlIGi3ahleM3DH0vbrUtC6fak/tL1eZRy/4L0enaqmne9I3N0L1d8uwMB/Ebxpac360ZdgLylGWdWbI82UcpOZ2Hrml26fnDkuPjnqA2qCWYMFy3irzFvR2xtF9du0QAgQ/od+AXENnTTUtep9SD8w2uvy+Lp2CWiQ4k7DLqINxCeCOemq4kinWwMPs5Flp0DGF/er+nufzTo3vF1tDO7toJuCEqCBgjjkVwTghj8Jfv+08epop1lEMIvbcGihzK9jRpr6z+6coNbtiwrKCbtBtNywqhxaBqhMrTeq63QbdeO/g7DLi3rjHoaOG8BMM6OY3nbIVdC+Q6bEVqJFB6gkt1xuy30t12jWP4Yvj+M8geXYkmMudT+jnhsl9MmFL41JB7M6tk9zyzqXGZZ6gHftfGKiF01o2V5i8huunbYNbb31R0BlixA/+jdfRjMtwTktM1ShgLvOzX19OxaffjLWz5UUgDQBL12jZj3UH4bvVoWZ9mHGcZgo5l X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:12:04.5244 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 476feabb-15b3-4fba-9943-08d89d2eb788 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: axO6oqk+hqS+qL3yCgXqKLw4+bXxx98+E0vdHXtNrTYnF0O/AKLRLgl44ab+JWr+/ogVbHH5PEKCcfbyrs5r3g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB0149 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky SEV-ES adds a new VMEXIT reason code, VMGEXIT. Initial support for a VMGEXIT includes mapping the GHCB based on the guest GPA, which is obtained from a new VMCB field, and then validating the required inputs for the VMGEXIT exit reason. Since many of the VMGEXIT exit reasons correspond to existing VMEXIT reasons, the information from the GHCB is copied into the VMCB control exit code areas and KVM register areas. The standard exit handlers are invoked, similar to standard VMEXIT processing. Before restarting the vCPU, the GHCB is updated with any registers that have been updated by the hypervisor. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/svm.h | 2 +- arch/x86/include/uapi/asm/svm.h | 7 + arch/x86/kvm/svm/sev.c | 272 ++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 8 +- arch/x86/kvm/svm/svm.h | 8 + 5 files changed, 294 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index bce28482d63d..caa8628f5fba 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -130,7 +130,7 @@ struct __attribute__ ((__packed__)) vmcb_control_area { u32 exit_int_info_err; u64 nested_ctl; u64 avic_vapic_bar; - u8 reserved_4[8]; + u64 ghcb_gpa; u32 event_inj; u32 event_inj_err; u64 nested_cr3; diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h index f1d8307454e0..09f723945425 100644 --- a/arch/x86/include/uapi/asm/svm.h +++ b/arch/x86/include/uapi/asm/svm.h @@ -81,6 +81,7 @@ #define SVM_EXIT_NPF 0x400 #define SVM_EXIT_AVIC_INCOMPLETE_IPI 0x401 #define SVM_EXIT_AVIC_UNACCELERATED_ACCESS 0x402 +#define SVM_EXIT_VMGEXIT 0x403 /* SEV-ES software-defined VMGEXIT events */ #define SVM_VMGEXIT_MMIO_READ 0x80000001 @@ -187,6 +188,12 @@ { SVM_EXIT_NPF, "npf" }, \ { SVM_EXIT_AVIC_INCOMPLETE_IPI, "avic_incomplete_ipi" }, \ { SVM_EXIT_AVIC_UNACCELERATED_ACCESS, "avic_unaccelerated_access" }, \ + { SVM_EXIT_VMGEXIT, "vmgexit" }, \ + { SVM_VMGEXIT_MMIO_READ, "vmgexit_mmio_read" }, \ + { SVM_VMGEXIT_MMIO_WRITE, "vmgexit_mmio_write" }, \ + { SVM_VMGEXIT_NMI_COMPLETE, "vmgexit_nmi_complete" }, \ + { SVM_VMGEXIT_AP_HLT_LOOP, "vmgexit_ap_hlt_loop" }, \ + { SVM_VMGEXIT_AP_JUMP_TABLE, "vmgexit_ap_jump_table" }, \ { SVM_EXIT_ERR, "invalid_guest_state" } diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index fb4a411f7550..54e6894b26d2 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -18,6 +18,7 @@ #include "x86.h" #include "svm.h" +#include "cpuid.h" static int sev_flush_asids(void); static DECLARE_RWSEM(sev_deactivate_lock); @@ -1257,11 +1258,226 @@ void sev_free_vcpu(struct kvm_vcpu *vcpu) __free_page(virt_to_page(svm->vmsa)); } +static void dump_ghcb(struct vcpu_svm *svm) +{ + struct ghcb *ghcb = svm->ghcb; + unsigned int nbits; + + /* Re-use the dump_invalid_vmcb module parameter */ + if (!dump_invalid_vmcb) { + pr_warn_ratelimited("set kvm_amd.dump_invalid_vmcb=1 to dump internal KVM state.\n"); + return; + } + + nbits = sizeof(ghcb->save.valid_bitmap) * 8; + + pr_err("GHCB (GPA=%016llx):\n", svm->vmcb->control.ghcb_gpa); + pr_err("%-20s%016llx is_valid: %u\n", "sw_exit_code", + ghcb->save.sw_exit_code, ghcb_sw_exit_code_is_valid(ghcb)); + pr_err("%-20s%016llx is_valid: %u\n", "sw_exit_info_1", + ghcb->save.sw_exit_info_1, ghcb_sw_exit_info_1_is_valid(ghcb)); + pr_err("%-20s%016llx is_valid: %u\n", "sw_exit_info_2", + ghcb->save.sw_exit_info_2, ghcb_sw_exit_info_2_is_valid(ghcb)); + pr_err("%-20s%016llx is_valid: %u\n", "sw_scratch", + ghcb->save.sw_scratch, ghcb_sw_scratch_is_valid(ghcb)); + pr_err("%-20s%*pb\n", "valid_bitmap", nbits, ghcb->save.valid_bitmap); +} + +static void sev_es_sync_to_ghcb(struct vcpu_svm *svm) +{ + struct kvm_vcpu *vcpu = &svm->vcpu; + struct ghcb *ghcb = svm->ghcb; + + /* + * The GHCB protocol so far allows for the following data + * to be returned: + * GPRs RAX, RBX, RCX, RDX + * + * Copy their values to the GHCB if they are dirty. + */ + if (kvm_register_is_dirty(vcpu, VCPU_REGS_RAX)) + ghcb_set_rax(ghcb, vcpu->arch.regs[VCPU_REGS_RAX]); + if (kvm_register_is_dirty(vcpu, VCPU_REGS_RBX)) + ghcb_set_rbx(ghcb, vcpu->arch.regs[VCPU_REGS_RBX]); + if (kvm_register_is_dirty(vcpu, VCPU_REGS_RCX)) + ghcb_set_rcx(ghcb, vcpu->arch.regs[VCPU_REGS_RCX]); + if (kvm_register_is_dirty(vcpu, VCPU_REGS_RDX)) + ghcb_set_rdx(ghcb, vcpu->arch.regs[VCPU_REGS_RDX]); +} + +static void sev_es_sync_from_ghcb(struct vcpu_svm *svm) +{ + struct vmcb_control_area *control = &svm->vmcb->control; + struct kvm_vcpu *vcpu = &svm->vcpu; + struct ghcb *ghcb = svm->ghcb; + u64 exit_code; + + /* + * The GHCB protocol so far allows for the following data + * to be supplied: + * GPRs RAX, RBX, RCX, RDX + * XCR0 + * CPL + * + * VMMCALL allows the guest to provide extra registers. KVM also + * expects RSI for hypercalls, so include that, too. + * + * Copy their values to the appropriate location if supplied. + */ + memset(vcpu->arch.regs, 0, sizeof(vcpu->arch.regs)); + + vcpu->arch.regs[VCPU_REGS_RAX] = ghcb_get_rax_if_valid(ghcb); + vcpu->arch.regs[VCPU_REGS_RBX] = ghcb_get_rbx_if_valid(ghcb); + vcpu->arch.regs[VCPU_REGS_RCX] = ghcb_get_rcx_if_valid(ghcb); + vcpu->arch.regs[VCPU_REGS_RDX] = ghcb_get_rdx_if_valid(ghcb); + vcpu->arch.regs[VCPU_REGS_RSI] = ghcb_get_rsi_if_valid(ghcb); + + svm->vmcb->save.cpl = ghcb_get_cpl_if_valid(ghcb); + + if (ghcb_xcr0_is_valid(ghcb)) { + vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb); + kvm_update_cpuid_runtime(vcpu); + } + + /* Copy the GHCB exit information into the VMCB fields */ + exit_code = ghcb_get_sw_exit_code(ghcb); + control->exit_code = lower_32_bits(exit_code); + control->exit_code_hi = upper_32_bits(exit_code); + control->exit_info_1 = ghcb_get_sw_exit_info_1(ghcb); + control->exit_info_2 = ghcb_get_sw_exit_info_2(ghcb); + + /* Clear the valid entries fields */ + memset(ghcb->save.valid_bitmap, 0, sizeof(ghcb->save.valid_bitmap)); +} + +static int sev_es_validate_vmgexit(struct vcpu_svm *svm) +{ + struct kvm_vcpu *vcpu; + struct ghcb *ghcb; + u64 exit_code = 0; + + ghcb = svm->ghcb; + + /* Only GHCB Usage code 0 is supported */ + if (ghcb->ghcb_usage) + goto vmgexit_err; + + /* + * Retrieve the exit code now even though is may not be marked valid + * as it could help with debugging. + */ + exit_code = ghcb_get_sw_exit_code(ghcb); + + if (!ghcb_sw_exit_code_is_valid(ghcb) || + !ghcb_sw_exit_info_1_is_valid(ghcb) || + !ghcb_sw_exit_info_2_is_valid(ghcb)) + goto vmgexit_err; + + switch (ghcb_get_sw_exit_code(ghcb)) { + case SVM_EXIT_READ_DR7: + break; + case SVM_EXIT_WRITE_DR7: + if (!ghcb_rax_is_valid(ghcb)) + goto vmgexit_err; + break; + case SVM_EXIT_RDTSC: + break; + case SVM_EXIT_RDPMC: + if (!ghcb_rcx_is_valid(ghcb)) + goto vmgexit_err; + break; + case SVM_EXIT_CPUID: + if (!ghcb_rax_is_valid(ghcb) || + !ghcb_rcx_is_valid(ghcb)) + goto vmgexit_err; + if (ghcb_get_rax(ghcb) == 0xd) + if (!ghcb_xcr0_is_valid(ghcb)) + goto vmgexit_err; + break; + case SVM_EXIT_INVD: + break; + case SVM_EXIT_IOIO: + if (!(ghcb_get_sw_exit_info_1(ghcb) & SVM_IOIO_TYPE_MASK)) + if (!ghcb_rax_is_valid(ghcb)) + goto vmgexit_err; + break; + case SVM_EXIT_MSR: + if (!ghcb_rcx_is_valid(ghcb)) + goto vmgexit_err; + if (ghcb_get_sw_exit_info_1(ghcb)) { + if (!ghcb_rax_is_valid(ghcb) || + !ghcb_rdx_is_valid(ghcb)) + goto vmgexit_err; + } + break; + case SVM_EXIT_VMMCALL: + if (!ghcb_rax_is_valid(ghcb) || + !ghcb_cpl_is_valid(ghcb)) + goto vmgexit_err; + break; + case SVM_EXIT_RDTSCP: + break; + case SVM_EXIT_WBINVD: + break; + case SVM_EXIT_MONITOR: + if (!ghcb_rax_is_valid(ghcb) || + !ghcb_rcx_is_valid(ghcb) || + !ghcb_rdx_is_valid(ghcb)) + goto vmgexit_err; + break; + case SVM_EXIT_MWAIT: + if (!ghcb_rax_is_valid(ghcb) || + !ghcb_rcx_is_valid(ghcb)) + goto vmgexit_err; + break; + case SVM_VMGEXIT_UNSUPPORTED_EVENT: + break; + default: + goto vmgexit_err; + } + + return 0; + +vmgexit_err: + vcpu = &svm->vcpu; + + if (ghcb->ghcb_usage) { + vcpu_unimpl(vcpu, "vmgexit: ghcb usage %#x is not valid\n", + ghcb->ghcb_usage); + } else { + vcpu_unimpl(vcpu, "vmgexit: exit reason %#llx is not valid\n", + exit_code); + dump_ghcb(svm); + } + + vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; + vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_UNEXPECTED_EXIT_REASON; + vcpu->run->internal.ndata = 2; + vcpu->run->internal.data[0] = exit_code; + vcpu->run->internal.data[1] = vcpu->arch.last_vmentry_cpu; + + return -EINVAL; +} + +static void pre_sev_es_run(struct vcpu_svm *svm) +{ + if (!svm->ghcb) + return; + + sev_es_sync_to_ghcb(svm); + + kvm_vcpu_unmap(&svm->vcpu, &svm->ghcb_map, true); + svm->ghcb = NULL; +} + void pre_sev_run(struct vcpu_svm *svm, int cpu) { struct svm_cpu_data *sd = per_cpu(svm_data, cpu); int asid = sev_get_asid(svm->vcpu.kvm); + /* Perform any SEV-ES pre-run actions */ + pre_sev_es_run(svm); + /* Assign the asid allocated with this SEV guest */ svm->vmcb->control.asid = asid; @@ -1279,3 +1495,59 @@ void pre_sev_run(struct vcpu_svm *svm, int cpu) svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ASID; vmcb_mark_dirty(svm->vmcb, VMCB_ASID); } + +static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) +{ + return -EINVAL; +} + +int sev_handle_vmgexit(struct vcpu_svm *svm) +{ + struct vmcb_control_area *control = &svm->vmcb->control; + u64 ghcb_gpa, exit_code; + struct ghcb *ghcb; + int ret; + + /* Validate the GHCB */ + ghcb_gpa = control->ghcb_gpa; + if (ghcb_gpa & GHCB_MSR_INFO_MASK) + return sev_handle_vmgexit_msr_protocol(svm); + + if (!ghcb_gpa) { + vcpu_unimpl(&svm->vcpu, "vmgexit: GHCB gpa is not set\n"); + return -EINVAL; + } + + if (kvm_vcpu_map(&svm->vcpu, ghcb_gpa >> PAGE_SHIFT, &svm->ghcb_map)) { + /* Unable to map GHCB from guest */ + vcpu_unimpl(&svm->vcpu, "vmgexit: error mapping GHCB [%#llx] from guest\n", + ghcb_gpa); + return -EINVAL; + } + + svm->ghcb = svm->ghcb_map.hva; + ghcb = svm->ghcb_map.hva; + + exit_code = ghcb_get_sw_exit_code(ghcb); + + ret = sev_es_validate_vmgexit(svm); + if (ret) + return ret; + + sev_es_sync_from_ghcb(svm); + ghcb_set_sw_exit_info_1(ghcb, 0); + ghcb_set_sw_exit_info_2(ghcb, 0); + + ret = -EINVAL; + switch (exit_code) { + case SVM_VMGEXIT_UNSUPPORTED_EVENT: + vcpu_unimpl(&svm->vcpu, + "vmgexit: unsupported event - exit_info_1=%#llx, exit_info_2=%#llx\n", + control->exit_info_1, control->exit_info_2); + break; + default: + ret = svm_invoke_exit_handler(svm, exit_code); + } + + return ret; +} diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index ce7bcb9cf90c..ad1ec6ad558e 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -195,7 +195,7 @@ module_param(sev, int, 0444); int sev_es = IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT); module_param(sev_es, int, 0444); -static bool __read_mostly dump_invalid_vmcb = 0; +bool __read_mostly dump_invalid_vmcb; module_param(dump_invalid_vmcb, bool, 0644); static u8 rsm_ins_bytes[] = "\x0f\xaa"; @@ -3031,6 +3031,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = { [SVM_EXIT_RSM] = rsm_interception, [SVM_EXIT_AVIC_INCOMPLETE_IPI] = avic_incomplete_ipi_interception, [SVM_EXIT_AVIC_UNACCELERATED_ACCESS] = avic_unaccelerated_access_interception, + [SVM_EXIT_VMGEXIT] = sev_handle_vmgexit, }; static void dump_vmcb(struct kvm_vcpu *vcpu) @@ -3072,6 +3073,7 @@ static void dump_vmcb(struct kvm_vcpu *vcpu) pr_err("%-20s%lld\n", "nested_ctl:", control->nested_ctl); pr_err("%-20s%016llx\n", "nested_cr3:", control->nested_cr3); pr_err("%-20s%016llx\n", "avic_vapic_bar:", control->avic_vapic_bar); + pr_err("%-20s%016llx\n", "ghcb:", control->ghcb_gpa); pr_err("%-20s%08x\n", "event_inj:", control->event_inj); pr_err("%-20s%08x\n", "event_inj_err:", control->event_inj_err); pr_err("%-20s%lld\n", "virt_ext:", control->virt_ext); @@ -3168,7 +3170,7 @@ static int svm_handle_invalid_exit(struct kvm_vcpu *vcpu, u64 exit_code) return -EINVAL; } -static int svm_invoke_exit_handler(struct vcpu_svm *svm, u64 exit_code) +int svm_invoke_exit_handler(struct vcpu_svm *svm, u64 exit_code) { if (svm_handle_invalid_exit(&svm->vcpu, exit_code)) return 0; @@ -3184,6 +3186,8 @@ static int svm_invoke_exit_handler(struct vcpu_svm *svm, u64 exit_code) return halt_interception(svm); else if (exit_code == SVM_EXIT_NPF) return npf_interception(svm); + else if (exit_code == SVM_EXIT_VMGEXIT) + return sev_handle_vmgexit(svm); #endif return svm_exit_handlers[exit_code](svm); } diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index abfe53d6b3dc..89bcb26977e5 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -17,6 +17,7 @@ #include #include +#include #include @@ -172,6 +173,7 @@ struct vcpu_svm { /* SEV-ES support */ struct vmcb_save_area *vmsa; struct ghcb *ghcb; + struct kvm_host_map ghcb_map; }; struct svm_cpu_data { @@ -390,6 +392,7 @@ static inline bool gif_set(struct vcpu_svm *svm) extern int sev; extern int sev_es; +extern bool dump_invalid_vmcb; u32 svm_msrpm_offset(u32 msr); u32 *svm_vcpu_alloc_msrpm(void); @@ -405,6 +408,7 @@ bool svm_smi_blocked(struct kvm_vcpu *vcpu); bool svm_nmi_blocked(struct kvm_vcpu *vcpu); bool svm_interrupt_blocked(struct kvm_vcpu *vcpu); void svm_set_gif(struct vcpu_svm *svm, bool value); +int svm_invoke_exit_handler(struct vcpu_svm *svm, u64 exit_code); /* nested.c */ @@ -510,6 +514,9 @@ void svm_vcpu_unblocking(struct kvm_vcpu *vcpu); /* sev.c */ +#define GHCB_MSR_INFO_POS 0 +#define GHCB_MSR_INFO_MASK (BIT_ULL(12) - 1) + extern unsigned int max_sev_asid; static inline bool svm_sev_enabled(void) @@ -527,5 +534,6 @@ void pre_sev_run(struct vcpu_svm *svm, int cpu); void __init sev_hardware_setup(void); void sev_hardware_teardown(void); void sev_free_vcpu(struct kvm_vcpu *vcpu); +int sev_handle_vmgexit(struct vcpu_svm *svm); #endif From patchwork Thu Dec 10 17:09:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965829 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58B7CC433FE for ; Thu, 10 Dec 2020 17:57:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 14B9523D57 for ; Thu, 10 Dec 2020 17:57:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392643AbgLJRxA (ORCPT ); Thu, 10 Dec 2020 12:53:00 -0500 Received: from mail-dm6nam11on2069.outbound.protection.outlook.com ([40.107.223.69]:37494 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2404084AbgLJRMx (ORCPT ); Thu, 10 Dec 2020 12:12:53 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fmsm0G9ubvaf8KcXhzJlaVp1rYDiFVsjJ/ocn4P+gddb4eWG3EvIEJuVuJfYh9bU3cgSX8WJWMRqP7FMOF/ISdi+IasZi25ZIr+DwWkdf5P/JF84j6DkmMUSTgpFhFHE4qThuE1qL6PWVoY2jN8sKc3jOUbyRAHjUwEZPvykvKnDMDxz4rM5TmuQHnhnE1c8oy4YXDc1jrNNLABcI7e5tI/d/AGpdKWzCobW/UUk/0JUbPeHiNLs0yal7x9Q5Uz8a5g5jk+FAYooBamskpZenIXpz/M7aR6hFHoqz52rgBzEi6OsEaNUOCMW0tMnnfc9/ptXz6d/D+KS7fV7CLt6JA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pQBOjEstY8Di5CYgkGzWr+hnLpGjJq9ZYa0v9l9Zj4o=; b=mIf236rP6gtMiE78b+RoOiGsZbXiF44SuE6WS8GpnsOeDqzABe3b/PqsbxOBLDx9GoKvzbZRhgosVXp1YgNj1k0Nb7QKSIj2amMSSoZwNWG1O9cWiQTAfUGvdYuLPFqbhQfb3eVwlgio2ranGlu6mHAYymJGVzMXQr0IS9yfX/J6vEc9EbnSobCY/Ni+l15x1gUYLyMVf+subco0GfY/D9dHrVvbnVM0CoOItKmPgRTsIQCoKh2mCZpoDoh6MQR9rSqsYdKxnMOBF6IrqYhopds620CUq4ovG/Y6HjmwSENEFTbGL6Fl9lnfzYRxJ5otsOq0/C2wpZsqG6ShhdPEEw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pQBOjEstY8Di5CYgkGzWr+hnLpGjJq9ZYa0v9l9Zj4o=; b=MMZHVfwsv1Lpt/muPHpI/YKb/T8qapF7CDFmuzTIwvNS5r2N6W8womydAmVpZSXLT6t4U3PFSsiYeHwhUj4eVPIJpGWbQ66m9oviC0URJDQQK5ScduEzhy53Y/NqeL347QKWeIclyaZLhyNf/QK1dm8ZtY3Gltr51vJ2Z5aTWkc= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR1201MB0168.namprd12.prod.outlook.com (2603:10b6:910:1d::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.22; Thu, 10 Dec 2020 17:12:13 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:12:13 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 13/34] KVM: SVM: Create trace events for VMGEXIT processing Date: Thu, 10 Dec 2020 11:09:48 -0600 Message-Id: <25357dca49a38372e8f483753fb0c1c2a70a6898.1607620209.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR14CA0008.namprd14.prod.outlook.com (2603:10b6:610:60::18) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR14CA0008.namprd14.prod.outlook.com (2603:10b6:610:60::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:12:12 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 3ad14ba8-81a5-4f04-bdf0-08d89d2ebcbb X-MS-TrafficTypeDiagnostic: CY4PR1201MB0168: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4941; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Zwd+8+WEQQ4kv2hYPDnUNg0k9yKBhPn5Y8AFONS03wZsBnoWwsu6a/ntOfD/Sh4U/UJS1yquwHU4SIvQHL/yTT/KkyAhhSVcn/0IcT9z5raEIjItQAPnKzgl9uBCMaJl4naZXTt0bRFNaMalcAgFT3cUb2axfJuVpu9lXi8xGfnWSqb8QBjNN/efqjRw7IxMVCrSVoKPKqCE7T8mFTeUnadnlKF3y4rEx3FaOgizSqToeOZvkA9cPV1r39954bSjuNqOj7+STlV4RNYwsGdZ/G/1rTKzF410Va65m4tqjnTlBpt76MryncQlaEnzllPvnxUa7wjkg1qqnyq0QqS6l9gdqOXM6XNWsKEyjvRJem5pVGcHaPFL8R9p+KwYvq72 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(136003)(346002)(376002)(36756003)(8676002)(6486002)(4326008)(66476007)(86362001)(7416002)(66946007)(7696005)(54906003)(6666004)(26005)(16526019)(34490700003)(66556008)(8936002)(83380400001)(186003)(2906002)(2616005)(52116002)(956004)(508600001)(5660300002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: b4erJJ9temJs000Gw/blBz6wVZ1SYZOlhHDAIP0L6oq8GZL6CZLqPdY3tN7FwUjgaavFtyr5rnu/HeroXSRRkTUYZY8Qzn7dGsWs/pLJMRvp2KdGR7Gya4+G9bbnsB3uGNH2ipwpcSE6M81+lssPyAUZ7vA1S1LmIYgHyMhRG6OeGHY4pTABmhUi/JOo3if28A5fxXFUOfoBdSkJ+Lsb2NyXZOxgX9z6J8OuwpBwGuuNZJThsryzzeMEOstevW9hI1DGpRDZi8CWOKpmH0nB0kVzvOww52ycSrj6wVmi2u7NHg9hmZYKS7WzHdyOrp5P6KMJa43YCYM2CJ5f5FqwIlfisizpDBwFzdKp9xAuBTni311NqTvCKK7iZrC+LrlnTg+hGLbh4KDsAErDY/Zh+vyMXSz9nqt3yJzL2DYWUp9KVrEEIhh69m1Uc6GnzcZHEfUiLsAarLHsuBcrwAvpuIUwnvjnioZ+6JY03Pn9KEnF0KW6alKC4IZ+bsttfVJQmsxg/1eUnnzC2ekWVeHBrxLfuFrFApVC7UZ9Og45Pq7Stdx1kWElq1ztCMi2a7gcV0qnCfpFuZm0NlnXxdWixe4z4KAkEt9wRL+frL8zjrgKff9QOTWZR4uq3k45msQbLZHbXvYJ12h4u8B1kLjY+x5QuFPr35C4iX4mYZXNyJmFnPh8SUCwAK9H5YCVQrVVeEztAaTx4d5tFNwz9ProMwN+JLT1ar7kHzGP8LlyH7fFwVBXdq7bfmaWQiDrXThGFqKZ8ZXrBkGc+NP+GSsf1rwUmtmNnesmjOr2EssUSBAWnk/es22BfYGYVrzHA3xHEbDdsSDcHwODYUd6CdusfnOq28MPdG5NrHJ6L0xA9GkKyhFWeEIK9aC7MwpgOwj8ZmFsZ2+vSPwV8ax4IJq/J9wr8jkZnm8h13MSpuhYtgql/YW9x96iF2BUk6r4jZBwBqmLJNMu9giv5szOC3A2sIQE0Miucajia8h3zdWE7iXreqqLZmlMD4S/yAD3sZsX X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:12:13.2642 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 3ad14ba8-81a5-4f04-bdf0-08d89d2ebcbb X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: bK9m1S89Nze8BFK1VSE6j01ncVU6DrSOz5kpc6QigWF1wG1OtTNckHOz3yKp3mZSXQDbPCCm8GrTgVKmshbQEA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB0168 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky Add trace events for entry to and exit from VMGEXIT processing. The vCPU id and the exit reason will be common for the trace events. The exit info fields will represent the input and output values for the entry and exit events, respectively. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 6 +++++ arch/x86/kvm/trace.h | 53 ++++++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/x86.c | 2 ++ 3 files changed, 61 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 54e6894b26d2..da473c6b725e 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -15,10 +15,12 @@ #include #include #include +#include #include "x86.h" #include "svm.h" #include "cpuid.h" +#include "trace.h" static int sev_flush_asids(void); static DECLARE_RWSEM(sev_deactivate_lock); @@ -1464,6 +1466,8 @@ static void pre_sev_es_run(struct vcpu_svm *svm) if (!svm->ghcb) return; + trace_kvm_vmgexit_exit(svm->vcpu.vcpu_id, svm->ghcb); + sev_es_sync_to_ghcb(svm); kvm_vcpu_unmap(&svm->vcpu, &svm->ghcb_map, true); @@ -1528,6 +1532,8 @@ int sev_handle_vmgexit(struct vcpu_svm *svm) svm->ghcb = svm->ghcb_map.hva; ghcb = svm->ghcb_map.hva; + trace_kvm_vmgexit_enter(svm->vcpu.vcpu_id, ghcb); + exit_code = ghcb_get_sw_exit_code(ghcb); ret = sev_es_validate_vmgexit(svm); diff --git a/arch/x86/kvm/trace.h b/arch/x86/kvm/trace.h index aef960f90f26..7da931a511c9 100644 --- a/arch/x86/kvm/trace.h +++ b/arch/x86/kvm/trace.h @@ -1578,6 +1578,59 @@ TRACE_EVENT(kvm_hv_syndbg_get_msr, __entry->vcpu_id, __entry->vp_index, __entry->msr, __entry->data) ); + +/* + * Tracepoint for the start of VMGEXIT processing + */ +TRACE_EVENT(kvm_vmgexit_enter, + TP_PROTO(unsigned int vcpu_id, struct ghcb *ghcb), + TP_ARGS(vcpu_id, ghcb), + + TP_STRUCT__entry( + __field(unsigned int, vcpu_id) + __field(u64, exit_reason) + __field(u64, info1) + __field(u64, info2) + ), + + TP_fast_assign( + __entry->vcpu_id = vcpu_id; + __entry->exit_reason = ghcb->save.sw_exit_code; + __entry->info1 = ghcb->save.sw_exit_info_1; + __entry->info2 = ghcb->save.sw_exit_info_2; + ), + + TP_printk("vcpu %u, exit_reason %llx, exit_info1 %llx, exit_info2 %llx", + __entry->vcpu_id, __entry->exit_reason, + __entry->info1, __entry->info2) +); + +/* + * Tracepoint for the end of VMGEXIT processing + */ +TRACE_EVENT(kvm_vmgexit_exit, + TP_PROTO(unsigned int vcpu_id, struct ghcb *ghcb), + TP_ARGS(vcpu_id, ghcb), + + TP_STRUCT__entry( + __field(unsigned int, vcpu_id) + __field(u64, exit_reason) + __field(u64, info1) + __field(u64, info2) + ), + + TP_fast_assign( + __entry->vcpu_id = vcpu_id; + __entry->exit_reason = ghcb->save.sw_exit_code; + __entry->info1 = ghcb->save.sw_exit_info_1; + __entry->info2 = ghcb->save.sw_exit_info_2; + ), + + TP_printk("vcpu %u, exit_reason %llx, exit_info1 %llx, exit_info2 %llx", + __entry->vcpu_id, __entry->exit_reason, + __entry->info1, __entry->info2) +); + #endif /* _TRACE_KVM_H */ #undef TRACE_INCLUDE_PATH diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index de0e35083df5..d89736066b39 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -11321,3 +11321,5 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_avic_unaccelerated_access); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_avic_incomplete_ipi); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_avic_ga_log); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_apicv_update_request); +EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_enter); +EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_exit); From patchwork Thu Dec 10 17:09:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965821 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9E98EC433FE for ; Thu, 10 Dec 2020 17:52:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 470CF23DE3 for ; Thu, 10 Dec 2020 17:52:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392558AbgLJRNd (ORCPT ); Thu, 10 Dec 2020 12:13:33 -0500 Received: from mail-dm6nam11on2069.outbound.protection.outlook.com ([40.107.223.69]:37494 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2390277AbgLJRNU (ORCPT ); Thu, 10 Dec 2020 12:13:20 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IODUTILQkG9egPeE0slIf0/ot4Sf8Nr0qrl+V6zZFQyLdUi4IcrQ6m+mfiedRJqm7d300sugRjwL5pbZAm/Cq/HrEsAQWmNGiiQ0FqKkwFTOaOK3J2W9XzL35rU3HWbGCvPZ1stZFaT+IlJ6a1Z93Vcc2g27v6wYcsVkj2NqAfM3D2ZR94X9D6bT7vi2fZs67uYdaMzIGGtxDHT60UqK82WjX4xRk74kY6d6za5jwyDXCIneMz5w49C+ZMvTu9C6Yz2jxce3hDnisCDB1+NTo2KLFaOHhtk7o2A6Y/+FvIjIuITVcKbiX0NSyV5l96tuzSwk9Xhhgb8pX9XDNVHUmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vMSAUbVqemGru/527gfru/9I+K7McdmSIs5VZm1ec6c=; b=LSiQPOCxs++JYfWy1fmL3L+K/BQllxuobNr9waYv38MmWj3Ck3QwuvtN60tXsvIR9E3F5r/gK/DdvYdB/mh4ihxX4MmxFP0Dk7Kb3zhjgiZzc3DwqFTBLO92ohULbwHAQ7GpmzLc/44OpdMIJwoVwT3Da10gu8AmuM8Y8gqcRAAU4Wzj4YkwEI6+U99u8KT9j58sWUNfU3Cghr38o1VVhG74IoxnxX43fp/zr2Q8ru/A/IKp5SlrWGqkRjV9nlwY462ySaTYGoFSkMNTAJed1rrhfYhGyj7ukv/8k3FMJpghKJJ3kEjDLmnjROO5sBDrtylRmPhDodBO//4imZVypQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vMSAUbVqemGru/527gfru/9I+K7McdmSIs5VZm1ec6c=; b=vONSx/5vBZ974nrqWBfBuv2ie7izTI3mHesv9m2PiUMd/NYAiTz1ETWkRfiHJBG42++5HXJ7H7CJDylmPW6Pdvzq+ojJzKsLPfYma7LYFmoZ/2fGgO9F7DhhpaqLd+B+7jtiBEBfsB1de34XxZ1I3/a8Nde9kpjwPp6EVOJGy6E= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR1201MB0168.namprd12.prod.outlook.com (2603:10b6:910:1d::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.22; Thu, 10 Dec 2020 17:12:22 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:12:22 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 14/34] KVM: SVM: Add support for SEV-ES GHCB MSR protocol function 0x002 Date: Thu, 10 Dec 2020 11:09:49 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR18CA0049.namprd18.prod.outlook.com (2603:10b6:610:55::29) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR18CA0049.namprd18.prod.outlook.com (2603:10b6:610:55::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:12:20 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 07837e1c-c515-43de-74b2-08d89d2ec20e X-MS-TrafficTypeDiagnostic: CY4PR1201MB0168: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: zfRzFQQAyh2/4UoRjxzBDvSDsCBXwX0DIgZg8PXoOXFQQL43vCoFa73e931MjVHoLbRPRxi6W+LIqNsRbqD73H6ViqVNSWLYUOpezY/Bgm8k52NG2KQ6zJJVkkpfx2irjlnuOzcPFanCW2sw84LRN4Y1Dehydo4M4OdZXLm4067cGVHzJp0JJDlsiBtazbKSZy5oec3yFHJA8A/eenfPy4/UGqrfCT8O9wM1oSkNpuFRoSbszR7rPHOzvU3rHrC1823+Jq87+UT1jjktCFjUcCOlqOoo0756Jnt003nSOzCtUULo/JoMEThj5hH+Seqzkv47wvJub2K5V8hzXOi6h7GSXXZod9emDecAzjPfCFLs4wfzufo374QcrqlHfFhH X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(136003)(346002)(376002)(36756003)(8676002)(6486002)(4326008)(66476007)(86362001)(7416002)(66946007)(7696005)(54906003)(6666004)(26005)(16526019)(34490700003)(66556008)(8936002)(83380400001)(186003)(2906002)(2616005)(52116002)(956004)(508600001)(5660300002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: LatfYD3ovN3MPUyFkxxaUOTsLQkAyF3AY8ftPNTWLopeeWYC1GPnVaiF9Ibj6kkm0kUgTlCXoeZKwCZaFNsXGUS5H7mIKs9PnXkWQoZWrO3FjySjluXdnSFjbrHmSZZBHqiTBavWsg7Vuq1PesH2bvpF0YznKOmXMNkedIS9mLyPD1yY8Ge8mhCYVwi0o/Q2iwOcoQ4Py/mhziyRU3GzHEkyw9e5iXmfmLA2W6KHak1mYKaonGijRAc6CXj2WTNoPGONrOAvZCDy5u6DeOSXvb34AvsSYVtavS8KHrWAFpP7vACdqf9iVyXeyNHwrSwMak+0iyMwWHh8aUMCCsQrk0B1t9F3YKToze37LgwdjXuQQc/Z822ZQQXglFdxuJrKvcVqJpNfgqphKF7+FXhU36+JmJ3A4UIewUeHcpoTH/E41Xtlp8/hB4IyYGxzlRRoA2f8u1TJ8q23nLtf1ggn5wdzXEpBZpO2cmGo0mrPmuydps9y47i9BGgI69lzYl0m9yx6Dk7hevsxWzQrVXWp+JFDq+Ka74S5fnnhaEx6LZxeJKTO0N0StgyOGbynvqgmIMuPXTNBKVoJ97TwehtrJTeYxBdB1HbGW87hPgUrgUOS18CmHwD8pQpTTaRByq/2PJoNW4h3uDQyI4Njs9d6I1/J/xTo9lDle7cCtd3C45OeFnxT9jPafWbzEIAM9F6iQOdqzgdkHMVDsnvbDbUBoV5jqFfjiZ2vdnyElcs7bISFQHJVRHYZzLsbhNEsqjTjpuJxeTaNXgWo83kFC5Pr8Xt722K9uuZx9qG/wlSRT0rKjXO2LhVqAmaDPhAGoMZafkbEeFuQ7a0bNIGTtW0lcmLNSPxbx69oiFiPrMzvLPNWqNvcEwAjtB88FFsw80K1WA9zkazmcr4bTTD3l5zWOAxkehA33B20BSbqJ9dJd8xR9QyYNmtpHD75eU78MxJNsjRXIVSxMn64l1x40TbcB3LF3eZEkfT3/4Z0erdon3Ud54heVosgBb4GGdmDNKmu X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:12:22.1309 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 07837e1c-c515-43de-74b2-08d89d2ec20e X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: agQAVBtkRxbqLMxHmHnalu21QDjnOfTHBHSiWjpMLyODDA8q+ER5yyQU0U9lCSjXibNwj/paFRqpNhQ/pjrtWQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB0168 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky The GHCB specification defines a GHCB MSR protocol using the lower 12-bits of the GHCB MSR (in the hypervisor this corresponds to the GHCB GPA field in the VMCB). Function 0x002 is a request to set the GHCB MSR value to the SEV INFO as per the specification via the VMCB GHCB GPA field. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 26 +++++++++++++++++++++++++- arch/x86/kvm/svm/svm.h | 17 +++++++++++++++++ 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index da473c6b725e..58861515d3e3 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -22,6 +22,7 @@ #include "cpuid.h" #include "trace.h" +static u8 sev_enc_bit; static int sev_flush_asids(void); static DECLARE_RWSEM(sev_deactivate_lock); static DEFINE_MUTEX(sev_bitmap_lock); @@ -1142,6 +1143,9 @@ void __init sev_hardware_setup(void) /* Retrieve SEV CPUID information */ cpuid(0x8000001f, &eax, &ebx, &ecx, &edx); + /* Set encryption bit location for SEV-ES guests */ + sev_enc_bit = ebx & 0x3f; + /* Maximum number of encrypted guests supported simultaneously */ max_sev_asid = ecx; @@ -1500,9 +1504,29 @@ void pre_sev_run(struct vcpu_svm *svm, int cpu) vmcb_mark_dirty(svm->vmcb, VMCB_ASID); } +static void set_ghcb_msr(struct vcpu_svm *svm, u64 value) +{ + svm->vmcb->control.ghcb_gpa = value; +} + static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) { - return -EINVAL; + struct vmcb_control_area *control = &svm->vmcb->control; + u64 ghcb_info; + + ghcb_info = control->ghcb_gpa & GHCB_MSR_INFO_MASK; + + switch (ghcb_info) { + case GHCB_MSR_SEV_INFO_REQ: + set_ghcb_msr(svm, GHCB_MSR_SEV_INFO(GHCB_VERSION_MAX, + GHCB_VERSION_MIN, + sev_enc_bit)); + break; + default: + return -EINVAL; + } + + return 1; } int sev_handle_vmgexit(struct vcpu_svm *svm) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 89bcb26977e5..546f8d05e81e 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -514,9 +514,26 @@ void svm_vcpu_unblocking(struct kvm_vcpu *vcpu); /* sev.c */ +#define GHCB_VERSION_MAX 1ULL +#define GHCB_VERSION_MIN 1ULL + #define GHCB_MSR_INFO_POS 0 #define GHCB_MSR_INFO_MASK (BIT_ULL(12) - 1) +#define GHCB_MSR_SEV_INFO_RESP 0x001 +#define GHCB_MSR_SEV_INFO_REQ 0x002 +#define GHCB_MSR_VER_MAX_POS 48 +#define GHCB_MSR_VER_MAX_MASK 0xffff +#define GHCB_MSR_VER_MIN_POS 32 +#define GHCB_MSR_VER_MIN_MASK 0xffff +#define GHCB_MSR_CBIT_POS 24 +#define GHCB_MSR_CBIT_MASK 0xff +#define GHCB_MSR_SEV_INFO(_max, _min, _cbit) \ + ((((_max) & GHCB_MSR_VER_MAX_MASK) << GHCB_MSR_VER_MAX_POS) | \ + (((_min) & GHCB_MSR_VER_MIN_MASK) << GHCB_MSR_VER_MIN_POS) | \ + (((_cbit) & GHCB_MSR_CBIT_MASK) << GHCB_MSR_CBIT_POS) | \ + GHCB_MSR_SEV_INFO_RESP) + extern unsigned int max_sev_asid; static inline bool svm_sev_enabled(void) From patchwork Thu Dec 10 17:09:50 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965809 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 34309C0018C for ; Thu, 10 Dec 2020 17:50:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D4C8423E21 for ; Thu, 10 Dec 2020 17:50:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392961AbgLJRur (ORCPT ); Thu, 10 Dec 2020 12:50:47 -0500 Received: from mail-dm6nam11on2069.outbound.protection.outlook.com ([40.107.223.69]:37494 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2392280AbgLJRNp (ORCPT ); Thu, 10 Dec 2020 12:13:45 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TjRHGjt+1X4rkuxVL8mmhRaCvbfmBkzuGIJqyClHnUr4MYZy98rQZK2OCttMalOSeUf8Cg8jxrvhaer+qgMvw8mYaRCiPcO7NuT95P0a6C9aZkeNZkZo+5VYTEwq2L/FpF0szW5Tu8igFrXxeRHd/SuKQ373CaEXiNdGDnhJ+ve3Vc/A3DyParAZTri3HH8kPdhsie9wjRf7LXwynV1sNrQV2jTHAFE7p+4hCArBO6DsxOOyyna3M5q37H50HWRYgLs6lNrFH4Idm5l0QBxS0JouYrokzsQUwSD2//VQLvpdfLkaUwmLEbjYamUpyRN+GFrxjplQ24offNYyTF07NQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DNKg7hVt9h/LYwnzTCAU1cmq++UR2WpUr1K8Y+oPAns=; b=VuS5MGJoARIAxhy/mY7Q9+b9C/llhLh1I89wk0FqjobWVd9ZDGyHTVpQ7LemTWaXqXCBYrziwIPlLDe8ZpTXguUumtGzuT8L5BWST1s7IjEEQ4NVCJsH74EvRY57Rz6jEpehyvbhTRwSl3jGBxA7NMP3sbZ+Feaox4vNH0gfzWnvPW/x2D+BH27AGkR3PydQvr/87QI5DYiXBW6cOCpCFvnULOuDri09LcR/kMixdpQT6R87jJmfIb8jWsEHCG65toHEg6CBeAM4HgCmzXh/GJHUXbzXqswM7xIllTrJ7XpJCL4Bz+32iWL1n2/zMq4AcKj3SxgqkXjkvTraT1y2LA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DNKg7hVt9h/LYwnzTCAU1cmq++UR2WpUr1K8Y+oPAns=; b=a0ObQkm6MMvspvKtsLlSzb1xC/YBrzc3EFDl8lGwao6hzaBpWPqrPh4Fk1vFD9+TRYONXhp2pQfn9tm6v9nAB8FymY1CP+66vnsc3n4PwAVIEy2xUVMJutAf2SUYAqXNqMomRT9WSPrGVzNzZl5HZAYGLS+I0QGmNkRgwKZdCHA= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR1201MB0168.namprd12.prod.outlook.com (2603:10b6:910:1d::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.22; Thu, 10 Dec 2020 17:12:31 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:12:31 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 15/34] KVM: SVM: Add support for SEV-ES GHCB MSR protocol function 0x004 Date: Thu, 10 Dec 2020 11:09:50 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR10CA0024.namprd10.prod.outlook.com (2603:10b6:610:4c::34) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR10CA0024.namprd10.prod.outlook.com (2603:10b6:610:4c::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:12:30 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 67157776-c80d-4211-f490-08d89d2ec79c X-MS-TrafficTypeDiagnostic: CY4PR1201MB0168: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: SM+03omNLxkTQU5z66Zrl0SRXMF9NgmcPRgiZzXF7FRm7b6Gj8H9BiLmYYfOgPibl1LI72T8DuaIm7vtjuMGzT96PL31+vxhCPNPKsFYKk9XKqb1Q588K0eO+wxiQ1M7ehYg9qIGzCWt64ayhNMW+diFX0aU/OoBfU8m/xtdyj5dZigAcLRkqVNy5xA76/ntyLu656fgvgEGRrzSV6mh1PkHTZFRWq+90WiUsgQTf9FSNj099sqsTnVoq01aKIaI8Fr3vvrrZPSdAtMUDWHoX7ci5W3BcJ0VPe7p6hQSGI2iMOLb5SgOMq040FFy4idalyY4xzA2IwogwpI/GKchAnWHQoXn4ZlzJdWMpOAfifa+2/hfxnWzkxF0srMgvYFK X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(136003)(346002)(376002)(36756003)(8676002)(6486002)(4326008)(66476007)(86362001)(7416002)(66946007)(7696005)(54906003)(6666004)(26005)(16526019)(34490700003)(66556008)(8936002)(83380400001)(186003)(2906002)(2616005)(52116002)(956004)(508600001)(5660300002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: TpaEv75o5LTW+jNETNsMBFpZgpgCg0siob2R7vdxHZU8yNwSPreREM69pcRuLIekcdEFxyQMMcCi7WNJ3fPUDsFbcNV7Fz7qyFZXohhOxhMPWk9TBGeiUfyXVSAA/BLRHOsHPrjWVFPGWZiZpzWZVNctLDurvr7IiOl5q0LzCMTw5KOIybe+P1ytCderNZq0LuqJ5hz8ALVco017iPWdYic6w6h/CLzUdT7ke+Ex3rwadjDrJ+r86J3cVOscnSNy+sYN2MM+3uIYk7orlc5fJ5Gjh0ggSx+WS0DF3mTWp0s4lpKrirXagXvs7iU4GzbSIHRyu4AR+l0zHn3+RaB5pwFbNLElkZdT0ClEAkEJq0/FdqN5kcKBAp/wJFYkNXPN1/lLlbcLV37mSxKGeysqRvMz1HO2iebO0uXZIs2y5x7SmHeySAatUJGDWD2s5BftuuHaW14Bks+oE586llfsOcpl4XqhOSWqQ5Ef4u6Y5z+jPb967MwjIYK+co3LNl4aLNyfxRFMF+W/7EiVT7qD67y1kUkhOgF2RpDAzbl2VbOewuCsWQrtlxszyhLid4SfHxMdMS+a6Bn9KPgku5z2RWJMRKMjk+DBBRymH+HpT+VT0DMEffecX7QQIHkT5NoF4Gj1+AtmV6TF5o6hsunl51Lu10d+URetIIZrJ6Wi762Z7O4pxA03XjGlb2Bi2ci2YkGqJNgoEpKL+6mfolgz5wYozYmC4w65oaVSItwSRxj9WufvTo5bnLj3aZKu0Fcv7gu2eSSPHPmsDMqXDb1De7se8PL+0VH7rlAbQspptIz0MnO5N5IrhtI5ohxkK/3CpXOg/jS+aXTpu4hg12Rw7486A7Xf+VZVIFLlTRouP+vZD+I3mCYrOof4QjvNi/a2WdXjQqppCip/qcTAGGzg2XaZQN9DsvwCRkP3azTxsFle/hHGu8EuQmuwBSNpqc+3EK24N6u1ImLdOCy9sYOuNzwbUiPswwKMQrmLrTxA/Z3TEuVbXAGwq5GZLpERDRcn X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:12:31.5134 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 67157776-c80d-4211-f490-08d89d2ec79c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: PNnO2aztepFVZa2g+is6Tdlb1ak7T2Ha6VuKF7zPQQFaH6557uV+7LEejzc8FZFQbSnbxgUJyA5I6laEPCER+g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB0168 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky The GHCB specification defines a GHCB MSR protocol using the lower 12-bits of the GHCB MSR (in the hypervisor this corresponds to the GHCB GPA field in the VMCB). Function 0x004 is a request for CPUID information. Only a single CPUID result register can be sent per invocation, so the protocol defines the register that is requested. The GHCB MSR value is set to the CPUID register value as per the specification via the VMCB GHCB GPA field. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 56 ++++++++++++++++++++++++++++++++++++++++-- arch/x86/kvm/svm/svm.h | 9 +++++++ 2 files changed, 63 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 58861515d3e3..53bf3ff1d9cc 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1504,6 +1504,18 @@ void pre_sev_run(struct vcpu_svm *svm, int cpu) vmcb_mark_dirty(svm->vmcb, VMCB_ASID); } +static void set_ghcb_msr_bits(struct vcpu_svm *svm, u64 value, u64 mask, + unsigned int pos) +{ + svm->vmcb->control.ghcb_gpa &= ~(mask << pos); + svm->vmcb->control.ghcb_gpa |= (value & mask) << pos; +} + +static u64 get_ghcb_msr_bits(struct vcpu_svm *svm, u64 mask, unsigned int pos) +{ + return (svm->vmcb->control.ghcb_gpa >> pos) & mask; +} + static void set_ghcb_msr(struct vcpu_svm *svm, u64 value) { svm->vmcb->control.ghcb_gpa = value; @@ -1512,7 +1524,9 @@ static void set_ghcb_msr(struct vcpu_svm *svm, u64 value) static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) { struct vmcb_control_area *control = &svm->vmcb->control; + struct kvm_vcpu *vcpu = &svm->vcpu; u64 ghcb_info; + int ret = 1; ghcb_info = control->ghcb_gpa & GHCB_MSR_INFO_MASK; @@ -1522,11 +1536,49 @@ static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) GHCB_VERSION_MIN, sev_enc_bit)); break; + case GHCB_MSR_CPUID_REQ: { + u64 cpuid_fn, cpuid_reg, cpuid_value; + + cpuid_fn = get_ghcb_msr_bits(svm, + GHCB_MSR_CPUID_FUNC_MASK, + GHCB_MSR_CPUID_FUNC_POS); + + /* Initialize the registers needed by the CPUID intercept */ + vcpu->arch.regs[VCPU_REGS_RAX] = cpuid_fn; + vcpu->arch.regs[VCPU_REGS_RCX] = 0; + + ret = svm_invoke_exit_handler(svm, SVM_EXIT_CPUID); + if (!ret) { + ret = -EINVAL; + break; + } + + cpuid_reg = get_ghcb_msr_bits(svm, + GHCB_MSR_CPUID_REG_MASK, + GHCB_MSR_CPUID_REG_POS); + if (cpuid_reg == 0) + cpuid_value = vcpu->arch.regs[VCPU_REGS_RAX]; + else if (cpuid_reg == 1) + cpuid_value = vcpu->arch.regs[VCPU_REGS_RBX]; + else if (cpuid_reg == 2) + cpuid_value = vcpu->arch.regs[VCPU_REGS_RCX]; + else + cpuid_value = vcpu->arch.regs[VCPU_REGS_RDX]; + + set_ghcb_msr_bits(svm, cpuid_value, + GHCB_MSR_CPUID_VALUE_MASK, + GHCB_MSR_CPUID_VALUE_POS); + + set_ghcb_msr_bits(svm, GHCB_MSR_CPUID_RESP, + GHCB_MSR_INFO_MASK, + GHCB_MSR_INFO_POS); + break; + } default: - return -EINVAL; + ret = -EINVAL; } - return 1; + return ret; } int sev_handle_vmgexit(struct vcpu_svm *svm) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 546f8d05e81e..9dd8429f2b27 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -534,6 +534,15 @@ void svm_vcpu_unblocking(struct kvm_vcpu *vcpu); (((_cbit) & GHCB_MSR_CBIT_MASK) << GHCB_MSR_CBIT_POS) | \ GHCB_MSR_SEV_INFO_RESP) +#define GHCB_MSR_CPUID_REQ 0x004 +#define GHCB_MSR_CPUID_RESP 0x005 +#define GHCB_MSR_CPUID_FUNC_POS 32 +#define GHCB_MSR_CPUID_FUNC_MASK 0xffffffff +#define GHCB_MSR_CPUID_VALUE_POS 32 +#define GHCB_MSR_CPUID_VALUE_MASK 0xffffffff +#define GHCB_MSR_CPUID_REG_POS 30 +#define GHCB_MSR_CPUID_REG_MASK 0x3 + extern unsigned int max_sev_asid; static inline bool svm_sev_enabled(void) From patchwork Thu Dec 10 17:09:51 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965807 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 12550C433FE for ; Thu, 10 Dec 2020 17:50:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id AE6DB23E1E for ; Thu, 10 Dec 2020 17:50:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392953AbgLJRuq (ORCPT ); Thu, 10 Dec 2020 12:50:46 -0500 Received: from mail-bn8nam11on2059.outbound.protection.outlook.com ([40.107.236.59]:9021 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2392564AbgLJRNz (ORCPT ); Thu, 10 Dec 2020 12:13:55 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=P58n4UzuYk9QQLLji1HG8vI9DaGqrtPC7CmS2wyw4bZMgSWvHP6zQq8FTCsbzh0V8INE0BPTKLAZU3Tai0Yr7mo+9Qn4kqqoIXBuqSJ5djPrTYFIVAEPesWj1ekn/hDw5MrXy8wSptN/eZR3zNqCbN99NGikVeTcSEfkJxTDH0xUT61REHhhv7gj6/UkTZxC8O0RYWCsS9pVBYuTML40PW/wt7bxM1VZS59rvn3pY9vQ4GFCUkjoNEnQdWaIV04dk4Ao2z478DfkASAhf4IggQIVL0/WHAwsn1UBjs0PUMT3zxYemhTiqkx/k2iC3wTZwr3EW3ObW4xH18NE1xJnOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=65vd2SCR7CxcVYHAZDS/7uCBTD0tZyJR+ANoP2eCmpg=; b=C+rpn0C8L6tg0WF/Ohidg7HAnsvgoCKrLcQMurF0B6l/yHfiS6rF2TrlYG6NciDqcyFEszDeGuVZ0yJXqp+sc5h+O+4IHMnCsWqaWybW1H+lwwCImF5zZEA+87Fbz/HdZTXBrr5jwOVfd8MCRB6YuoovAnMRd4qZnz/+j13e+ji4FZY+dMHICOrtPklQ+0fDjdNeyCyIvD84jUZXe70WaozCLtC94t62YnDJzWTkSVUdEPptlGjC+G/HLJRrCn2oxwBzkb97AYDhu725r+JoRDRrZ4gRmOcJ+SmS5O1iw8A54nuavjTiD/anVAFwY2B2XyTgZnMR5iVgtAGjKtGtSg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=65vd2SCR7CxcVYHAZDS/7uCBTD0tZyJR+ANoP2eCmpg=; b=eS2lGmOIYaXh2HnqkyETsk+t1/QpcJ1dpMz3aznihj16umvyPgJkS/msteFBuLblWjzOxuJqymm2n6bPOImrbFULIphVcAkg+Zwnh6z/md3ZCFTqLo9q7s38AoDeWTB2H/dst5dcmvVpuAMf0nMXPewrxhsBM57Lu35s2B7z4oM= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR1201MB0149.namprd12.prod.outlook.com (2603:10b6:910:1c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:12:40 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:12:40 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 16/34] KVM: SVM: Add support for SEV-ES GHCB MSR protocol function 0x100 Date: Thu, 10 Dec 2020 11:09:51 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR10CA0007.namprd10.prod.outlook.com (2603:10b6:610:4c::17) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR10CA0007.namprd10.prod.outlook.com (2603:10b6:610:4c::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:12:39 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 74adb1e8-5107-4810-16b6-08d89d2ecd06 X-MS-TrafficTypeDiagnostic: CY4PR1201MB0149: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: NPu2FGsHyzbga8D19s/bzNGeQtgUQTDvtZHyW2e7E4Fn8Eh9CC33z6MXD/Tanzh0L+DlQJb4VyvqbB3Ne5Bq/X9YQyhjpc2Q36yJD7+R/pywR9Mw0vv2GE3oNa4vs7DYPm2q1c8LrpTOdZVqSJfbQiT/R0GkGfq22idrssWWODno/QteR4nJV6Cgv5zzsnUvYYpi6JaTvALEjoCk+kxqEIDxRhjTCVk6p9WxnkT0uiAqzRYtL38O4/rIE1V1GPHbAZIhmeb2I1SABS40TTvUivQPkmsKgqBunOQSTywkaEXxhU48Y1CG9Mhmum5ERiC1gcBF8WtFtpkqh/j+S16Fk2n3dpbil8vuHkdoUcrCVMichrTe3WEUxXzS2uoQn47W X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(376002)(366004)(2906002)(5660300002)(6666004)(26005)(52116002)(186003)(83380400001)(16526019)(54906003)(6486002)(956004)(2616005)(8936002)(7696005)(508600001)(66946007)(66476007)(36756003)(8676002)(86362001)(34490700003)(4326008)(7416002)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: eax+bFFcHnWJnIzktXIEvwDTwFHy+1mQPqOmgxqLK5DpPzTyV4oO/9PqIq8H3Pd9DVMVxJpsBNW2C048q2wy0szNnSGVIhEHfUBIYrguKhOMcHhWyPFeqF9regIn7TzVByerQ333sLYyEudgP9HE1pTxAGQq4ACuPsFhJVNLQzodFpMJaN0JfdojnD5UucLyy4MlUTJHo41kYV1vUwLmupVCrGWmBPC8jKLkB+4Skx+NDwhGCdGcJ0l7gFoZtglfdO4BJAOpFRsvl1fpn6tkZqdsdIc7v1W2fqQmdzuP66EdcUK4bZ10rtT1PDSAo4dAYxXJXd64PoDwvRLCto9z5qN2pr0+7M9PT0mwXA/BfUoDy+y/T7bNnj4bJ66kHQw9zUTMlORe1RWGCOP+VSjmtUWIfU3Ll2l/pGzZBNOFS5Obuvc92BWaU2EZvdhago2D4wwxQ4rMilhbhdB3kG1ekCLiWxyGxS9GBcnCmM5caJKSt91q/l3nZ1q1fabZMg255z+r+DKunSI4Enl6RXpYAKE2hJ/t2/QTY0l6kf4so8gjY1S+wKxLAaxeGO+hpa2NZGP9tmvkoncfFZf2njyNt0TAUm631QO3VzT+OLvzAuHCE/8IblA97XesujK7RR5BbgMrxT3l66yhTVadIBOpGOhAw4SMiibvM4acJ/2O+JUuY8u16QflZzjdhSYvhiaiB5PXqFjOc54P596BVDYAf1f0HIsuKO1rQ6EM0x7aH1Ar12K+RUn5jg/xQsPItgW7+5cGNSsk6yEny0KbSC4gbNwsuVaotIbeS1VaJtd/2orM1IwhPcNp49lgrVcllsn3PddhqDbJuBFa/1hFRR60jPIgfZliC+JfyR5g0O7eTRD7vAYB+6hLJhOxTuenz4vArevK3MXCLigvoFLIbPfeI47yuviPnTEIdZ7h6ylr5xtz+KydV7/25uOfE6GDxTvoAFseB4aWn7oeI2PEk4TFpdkDjMHgfwJMP1gA/MZILZxHXRsyLtvlvA/uWC0+ZV/x X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:12:40.5010 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 74adb1e8-5107-4810-16b6-08d89d2ecd06 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: qOKsNkDEYRUGUtJbeO2proyL6Uuk4Vjlb8QqPzA3EZr2CuSU7mf6l3vhrLfhjOHEQ20oSzArZfa0oB+8zsMtnA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB0149 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky The GHCB specification defines a GHCB MSR protocol using the lower 12-bits of the GHCB MSR (in the hypervisor this corresponds to the GHCB GPA field in the VMCB). Function 0x100 is a request for termination of the guest. The guest has encountered some situation for which it has requested to be terminated. The GHCB MSR value contains the reason for the request. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 13 +++++++++++++ arch/x86/kvm/svm/svm.h | 6 ++++++ 2 files changed, 19 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 53bf3ff1d9cc..c2cc38e7400b 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1574,6 +1574,19 @@ static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) GHCB_MSR_INFO_POS); break; } + case GHCB_MSR_TERM_REQ: { + u64 reason_set, reason_code; + + reason_set = get_ghcb_msr_bits(svm, + GHCB_MSR_TERM_REASON_SET_MASK, + GHCB_MSR_TERM_REASON_SET_POS); + reason_code = get_ghcb_msr_bits(svm, + GHCB_MSR_TERM_REASON_MASK, + GHCB_MSR_TERM_REASON_POS); + pr_info("SEV-ES guest requested termination: %#llx:%#llx\n", + reason_set, reason_code); + fallthrough; + } default: ret = -EINVAL; } diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 9dd8429f2b27..fc69bc2e0cad 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -543,6 +543,12 @@ void svm_vcpu_unblocking(struct kvm_vcpu *vcpu); #define GHCB_MSR_CPUID_REG_POS 30 #define GHCB_MSR_CPUID_REG_MASK 0x3 +#define GHCB_MSR_TERM_REQ 0x100 +#define GHCB_MSR_TERM_REASON_SET_POS 12 +#define GHCB_MSR_TERM_REASON_SET_MASK 0xf +#define GHCB_MSR_TERM_REASON_POS 16 +#define GHCB_MSR_TERM_REASON_MASK 0xff + extern unsigned int max_sev_asid; static inline bool svm_sev_enabled(void) From patchwork Thu Dec 10 17:09:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965803 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A01D8C4361B for ; Thu, 10 Dec 2020 17:49:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 487E423E1D for ; Thu, 10 Dec 2020 17:49:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392635AbgLJROa (ORCPT ); Thu, 10 Dec 2020 12:14:30 -0500 Received: from mail-bn8nam11on2055.outbound.protection.outlook.com ([40.107.236.55]:12128 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2392618AbgLJROR (ORCPT ); Thu, 10 Dec 2020 12:14:17 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PoCJc2n18RixN97LKA+h7v+kpmLIHqrb2zA/+GW2GLic4WRVQsP1Uq2C56VpUmxclkQ56hpj7Z7DCoKlMR/2PbbqH56dH6rERO8q8A9JjElxs+WwXBZHqcfbcXrtPLF/uh+2jKi60KC45CmE3kbP/6hgCvGIw82iFBZan0gAodGjO3dbZjIEY7BEdKmEyuEOWpKfXnr9XojkG9mdXS/Gq8ZZL5CpR7kV1nuoYV/DWHO93tyFQg0EmyHIwlQrbXpgXoK0EmN/eeCq6sTkxdu7+aOpCU/LyMtf9rGihk4vTyxgIjlSyrEAItMpMxSUJx78Ut8/w4bf5UnoN/ap0tycLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VyVPVr88IIWm4PKBln0zfj5IfY+l/4IqCXXFghal0Ng=; b=E6xF+cWqk36SaQElySwA33xswRdtYE6SHn1SV/x40wTE9Q8ydxoSCg6Xhfesk04qvjdXiFiP1RXLysbJxUv77dtPcbRmLqN3HTLISlTVnZmkZNOo7xNMcxOVWG9UOdPBNuJjEioDtgEnDvI386nWOb+sEK3/uRfBX8NEQ4uoeTE7XaksIXBqSdP1DSSdD4SzbFs8vZhRH5QsYkDSKbPVIqvxsylDrXveJdznTQF1FEIG45NSGq4Y/R2wxmN4dczbT8VLbJJ70nqhuQ78q4YTpTfgJqujzcjmljsFowz60dg2QGacQ0DU97Yrlfq5Bm+Vwv44ko3ew6MB1L90y0hT4g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VyVPVr88IIWm4PKBln0zfj5IfY+l/4IqCXXFghal0Ng=; b=QgxqgHTEPIR8WSd9FkGniAku4pFGCR+xzVYqm9K+4+m0sdBKgakj0PZnrtckdlt/3Wll5wKLJgUJQyPsUF/dbOL+nLfHi+Q0qnMg/58u2jGSDJ0lM4eqMQNFHWwmNF2k9z5SzFJXLqe55/FA7eMSbs70I3DNZGldRheJs5DqVcM= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR1201MB0149.namprd12.prod.outlook.com (2603:10b6:910:1c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:12:49 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:12:49 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 17/34] KVM: SVM: Create trace events for VMGEXIT MSR protocol processing Date: Thu, 10 Dec 2020 11:09:52 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR18CA0023.namprd18.prod.outlook.com (2603:10b6:610:4f::33) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR18CA0023.namprd18.prod.outlook.com (2603:10b6:610:4f::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:12:48 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 3cffb790-d1b6-4ab6-ab45-08d89d2ed24d X-MS-TrafficTypeDiagnostic: CY4PR1201MB0149: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: M0GZUB6aDp+aK0aiuz479xS6cUNyXnO8YgTpNK7ICZfzRP1DsaxxWZri6uCAq79pjhzUWEONRyTPUvYMjes54OdVwHV0JcFKm3cKfffMx1moRTScHDBfl9xYNCMEtxRxMyUpCL3toCLLB0uzp74jVIICkmOGr8UwWH76+ti0FVURzogkGpi7QTpfWonQ8b7L0PdyuSLv4zRfNfDPEMXWd+dM2uEnkiXSUThxBFzky9fnm3Ug1FUDOV2ZxTipWD++dM/mS3NODP7+C5xUWcSGR3UEJZhmX+1iQFMKcPLqkbgfDlV2UWZUVm+5cqoI952u7LCMB8uWMjYkT9TWD/bahr2aK4rgg+xRWppzOvPp4MOctwWYlYuYd/7lWZvkGU9k X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(376002)(366004)(2906002)(5660300002)(6666004)(26005)(52116002)(186003)(83380400001)(16526019)(54906003)(6486002)(956004)(2616005)(8936002)(7696005)(508600001)(66946007)(66476007)(36756003)(8676002)(86362001)(34490700003)(4326008)(7416002)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: JNIbDF9ptgYYXpN/y32mytQX9b6sRjJ4+GqWQr+QIhzRtZvG9n7ErlkyJ4vkPjPB0YgCPzmnht/L/Dh3tpD88Bw4gprA6iAkU3NavUXaqLENy0K1gzTSTpn9TmlG6hY+nfZQfoP+GRmVpp7/Y9EIc9YPxePiMnc6eOGLDceo5DLAuu/NLIJ2Kh5tBrvCLY6btnTuUIxs8fXHKvhceHdGg9vZB7UqW4iDZZujqEzsd0ka3B397QsuGHLCO0mdz9PIMlUsnP8i4X+8ck9GrD9nPALSs4QcLKe4EAxj2eIgVVEbktKhZTKZP3tiVG1n6D7fFc/a6SNl1TbNTL0kfCU4ee2FqpQ/PRu5qbnyJdEzzgXgA3bsJolNGScsd2CJb32J+wTJ07utqAGbEAFG3JOSQ2POb6Kid1GKfOXntXdGrBAzDYLquyBE2ONdr+iwVSqXDJ0in14sVDrk6wMF0bH7RezNIcBNeSQmhGeIAnILoPHlHqELN1yFu79cvywIAl3Hwkupp1p6kR2fRkj1fYKna7s/xFVpu5xFW9Wtmq0Jh0X5vgavZtekMYEFIihn5XqKF4kx0PbDBoaI37mKTnp1oyUgVOHkKa/u86ubs/0Hnot0pzGhtKAaniFrIG+9gSgR/e0H1Nvc0klov7oK/R13BMAFBXnLuRxgaPtZh+nsBpIPyLWUh7O7WOYhed08m+aFqmiGwcKzWfAuH8DXgnl33CmOcpKkI7pLcoXRwuMaz678BH5EGpRTltsuXULxzzo84OBfVw9zbF6W0lGntF6SR5epEYokHppCwXaacTFang2WCY6TPjpEF3AGjJX/4PE9ORDNMSBm+QoDHxijLuOlqfCXism+92KoHyIk9pTkmhP0od/ZYUqYE60FKvcbiF/Sp0HaRBldAPJlBjqOsf3hkH//yEbDsFiJGuQpi3KRXZKUY+/x8j8thEWOEsih7rxPvQU1AlzYpBrMooh5S+b2xOMyS8WhLBe69gDITVETWVL9XVuTgSA7RXXRsTGWBDwE X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:12:49.4047 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 3cffb790-d1b6-4ab6-ab45-08d89d2ed24d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: SZ8QhLrS1jDO+TdxYS2agGq57EBR7TQN6CYFWWDMxeT7OmwNTtMUr401TKxM3/HTKvca2EKywEQZIBYSuCTn/g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB0149 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky Add trace events for entry to and exit from VMGEXIT MSR protocol processing. The vCPU will be common for the trace events. The MSR protocol processing is guided by the GHCB GPA in the VMCB, so the GHCB GPA will represent the input and output values for the entry and exit events, respectively. Additionally, the exit event will contain the return code for the event. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 6 ++++++ arch/x86/kvm/trace.h | 44 ++++++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/x86.c | 2 ++ 3 files changed, 52 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index c2cc38e7400b..2e2548fa369b 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1530,6 +1530,9 @@ static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) ghcb_info = control->ghcb_gpa & GHCB_MSR_INFO_MASK; + trace_kvm_vmgexit_msr_protocol_enter(svm->vcpu.vcpu_id, + control->ghcb_gpa); + switch (ghcb_info) { case GHCB_MSR_SEV_INFO_REQ: set_ghcb_msr(svm, GHCB_MSR_SEV_INFO(GHCB_VERSION_MAX, @@ -1591,6 +1594,9 @@ static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) ret = -EINVAL; } + trace_kvm_vmgexit_msr_protocol_exit(svm->vcpu.vcpu_id, + control->ghcb_gpa, ret); + return ret; } diff --git a/arch/x86/kvm/trace.h b/arch/x86/kvm/trace.h index 7da931a511c9..2de30c20bc26 100644 --- a/arch/x86/kvm/trace.h +++ b/arch/x86/kvm/trace.h @@ -1631,6 +1631,50 @@ TRACE_EVENT(kvm_vmgexit_exit, __entry->info1, __entry->info2) ); +/* + * Tracepoint for the start of VMGEXIT MSR procotol processing + */ +TRACE_EVENT(kvm_vmgexit_msr_protocol_enter, + TP_PROTO(unsigned int vcpu_id, u64 ghcb_gpa), + TP_ARGS(vcpu_id, ghcb_gpa), + + TP_STRUCT__entry( + __field(unsigned int, vcpu_id) + __field(u64, ghcb_gpa) + ), + + TP_fast_assign( + __entry->vcpu_id = vcpu_id; + __entry->ghcb_gpa = ghcb_gpa; + ), + + TP_printk("vcpu %u, ghcb_gpa %016llx", + __entry->vcpu_id, __entry->ghcb_gpa) +); + +/* + * Tracepoint for the end of VMGEXIT MSR procotol processing + */ +TRACE_EVENT(kvm_vmgexit_msr_protocol_exit, + TP_PROTO(unsigned int vcpu_id, u64 ghcb_gpa, int result), + TP_ARGS(vcpu_id, ghcb_gpa, result), + + TP_STRUCT__entry( + __field(unsigned int, vcpu_id) + __field(u64, ghcb_gpa) + __field(int, result) + ), + + TP_fast_assign( + __entry->vcpu_id = vcpu_id; + __entry->ghcb_gpa = ghcb_gpa; + __entry->result = result; + ), + + TP_printk("vcpu %u, ghcb_gpa %016llx, result %d", + __entry->vcpu_id, __entry->ghcb_gpa, __entry->result) +); + #endif /* _TRACE_KVM_H */ #undef TRACE_INCLUDE_PATH diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index d89736066b39..ba26b62e0262 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -11323,3 +11323,5 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_avic_ga_log); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_apicv_update_request); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_enter); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_exit); +EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_msr_protocol_enter); +EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_msr_protocol_exit); From patchwork Thu Dec 10 17:09:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965727 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3C158C4361B for ; Thu, 10 Dec 2020 17:14:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DBBCD23D67 for ; Thu, 10 Dec 2020 17:14:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392631AbgLJROl (ORCPT ); Thu, 10 Dec 2020 12:14:41 -0500 Received: from mail-bn8nam11on2059.outbound.protection.outlook.com ([40.107.236.59]:9021 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2392625AbgLJROZ (ORCPT ); Thu, 10 Dec 2020 12:14:25 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eDzRuO/b7u1qKBnt9UXBS9n2UZjmkzXZoZmx/JyM/BXKGEYQIqGun7xwFK5L4OBVHuShWPEcnzUB+qU6cyFiMLe+Z3DxRoJXP5pZlr+AeHPnQldqhWGQrzE2iK5mHTqufIWlwvQ7P9yhQfvZWCn5Bg39c6fixkcJELhKUoiyu98gRtX9HSCSd5nKNrtCQE6GilPHRgxw8a7G2vz5nOluhqKACmp8QVxqTBkrDOkZqbMKzl5fzn0RtF8+QZpohPkJSQdBdg4e5N+1ds7wQZ0BjgDXpRvBfWJReHRMyLIPUKETAovN+T2YGTFjMmAXw5jE7P5QsLlJCbr5l7G7NUw/AA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=82V9jjp9v0HIyZGj5zrbsWIzmq2QqzdkrE7DolSJy74=; b=STJMPyZCbqT/FUExIcTjqWuL603shj/oiETO5qIKpCOvjcKGvh9EpVPjPKxOgARUIIaUD/Gy51pf67cFrzaNjrQ0zser1emAfBxt8ATJEdA9f0pSn+n803zFZ+sSuhmV1zCgV3zEdf8UW+Ksytc/dQXNxvw6cgGdRvbzJH7IXg4ZPd3aZeTH26u18TWdZS3JjRPG16NJIpbjLZ3/hwhrI+VA4VIIfqfGxSTyutZ65PJzmF0jRq3NszM5qN0x+oDh3f9UVbvQjGL0HM5RDrczuBqJfFKmvZ1n9uobUZZBESsUtTy9K2YcCD/0sG27tIbQBlijY/d+pGcKkB1l+zCUrA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=82V9jjp9v0HIyZGj5zrbsWIzmq2QqzdkrE7DolSJy74=; b=aUPSWcA0fyDvv2S/vZHABuUlyGyF+4kf9lT0ttMEPTydhw8Dbb8lsuwfWEuCe/1H6zyXONs3kZUjPxmsA7OdZtTJ8aW7Q/DqxgJLpYq16uki984wmh6Hfty/hC/JrNm7PoTB2reUKpdSrn+rdfgnaerC2qS3ATMTUNV80Z7sH5I= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR1201MB0149.namprd12.prod.outlook.com (2603:10b6:910:1c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:12:59 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:12:58 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 18/34] KVM: SVM: Support MMIO for an SEV-ES guest Date: Thu, 10 Dec 2020 11:09:53 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR18CA0012.namprd18.prod.outlook.com (2603:10b6:610:4f::22) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR18CA0012.namprd18.prod.outlook.com (2603:10b6:610:4f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:12:57 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 204a7da3-b1ec-4141-e586-08d89d2ed7e0 X-MS-TrafficTypeDiagnostic: CY4PR1201MB0149: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5236; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: hj3YRX29vYNgm+VqdGV3JEs7owh1ln33dw9VhN35ZHSEEhKUie6YLigYZIPe60kM06lFJd6r2CwiWlwgB+PxgpQbUZd3fgDCoOOUsWUTnOE1ZMUoOqPeaeH0v+oi69sKUmTTEgSpCv9VNvZ6aPHCUgrzJhHpT58nKe3Lnca3FVQcK71b4hsoI5wdG1wjTtq32SkjZ0b6UIXsLPy48dYLKwmx5hmoeeAzG5Lh220JzxOuzw3GBtYLY/Qz/oq8mrPYSainoblVfYYYaHmhP3/07D8J8ELNHgZLjTVjQY7yqBWDEWPc/wNtFM1UtabIBmbukoyZxG/Lyd8DL49LIdhupDjs+IULhrpW6HdqHI3zbFZfSzMAjOv4UeujWAT8l/Xh X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(376002)(366004)(2906002)(5660300002)(6666004)(26005)(52116002)(186003)(83380400001)(16526019)(54906003)(6486002)(956004)(2616005)(8936002)(7696005)(508600001)(66946007)(66476007)(36756003)(8676002)(86362001)(34490700003)(4326008)(7416002)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: 7a72TSjU951I8bzT+YctH7TCcy/Qt7D0uyFQqM7/b/lc5Xp3o85Tz7gKeUnfYiL5nRddgAHul3uZMhdR9unxR5XIboFRwzCmGrxyk5EmhJbffoMAW3at7D9cOoCrwiWrbmPHOWQlYvrw7W0+WomM7WX4a+//SY8+LqiJ7p/12gAydEzDatmU5+eypOYunhsE9pEYhx0nGfV/7wd58w2WqpMW6/XgkgonLEoCJwSnsFI+QZ8L05+W3BBp8J0cYeaQImesFBgDr7aOzJjTSfTJ5p0Owwxnj13Hw7W4oGarwbuHdKrgpgLsgsxZlGVOzUW0DWjrLpzE8sdBnhyXhaXqbuxAB9u3M7y3SO5uvKRo4iFH8zFulg5zRqWNnzSRHlwKwlS4aYjwyyaIjfCaKdNxC95+5JL2w3DQ8ZYJVDN0ISMTpSe1GuCSVvoiV5Okq9MqsEnrpfKac0pItOXTfyjGynOvXKNJUWdjVAuE1y0IHnYms8snPTvGdXA8UI5DQHxRcIrprMrDdBpzvH2tvmsT/F571kxwgAqSukL2CBoAxua6RwnpIMiXdVbOM9l7LTg5sehlwyFS3+BkT4gdxUcZK7PTvCAuNpXQa1Ey1ixLIDTAZIcS8tkLipv4k4CleP6FL4i6jYnOZkjdEn7sHwqbhN1oUpQUCsnO/67wgbuMYjK2LljY5OnKTLYcodRQUkEWIFQsW1W1/eVj6HwruC1oPiRwOn2ljvLEw1L2sm6RS9wArMsasIOtds6HKfzFSHhtj7ePQCW89YpV6GEsOXLD9nMaLHtBchdtkAiIKv3zGtc/UFlhHRM5zsnjVOtLC7aDZWmIQRVHHKhUId0JYMwSG8xAhXFEzCGS7/5JfbXO2t0eiaSVJjA5PIID2DfyxW8Om5nTeLFzdh7xFIG1q0FnhFwtsPlTGrpziyXLsqrAMd7frqb8v1pksZobGRkT3EEt2ood8JKMVnSlKpx0AlBYh4CDfNh7KUUE9B2e5fsVebqZqYKVcoRJtDhg9XyWnHf3 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:12:58.7602 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 204a7da3-b1ec-4141-e586-08d89d2ed7e0 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 2eyxSEww675VM+P04OHGWSlyN8jn5KIw4HwAgTQTC8fJ5OKDQdw2r5fLi8UZIQHsnN8k/knmOJKJaa2yngUVGw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB0149 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky For an SEV-ES guest, MMIO is performed to a shared (un-encrypted) page so that both the hypervisor and guest can read or write to it and each see the contents. The GHCB specification provides software-defined VMGEXIT exit codes to indicate a request for an MMIO read or an MMIO write. Add support to recognize the MMIO requests and invoke SEV-ES specific routines that can complete the MMIO operation. These routines use common KVM support to complete the MMIO operation. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 124 +++++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.h | 6 ++ arch/x86/kvm/x86.c | 123 ++++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/x86.h | 5 ++ 4 files changed, 258 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 2e2548fa369b..63f20be4bc69 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1262,6 +1262,9 @@ void sev_free_vcpu(struct kvm_vcpu *vcpu) if (vcpu->arch.guest_state_protected) sev_flush_guest_memory(svm, svm->vmsa, PAGE_SIZE); __free_page(virt_to_page(svm->vmsa)); + + if (svm->ghcb_sa_free) + kfree(svm->ghcb_sa); } static void dump_ghcb(struct vcpu_svm *svm) @@ -1436,6 +1439,11 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) !ghcb_rcx_is_valid(ghcb)) goto vmgexit_err; break; + case SVM_VMGEXIT_MMIO_READ: + case SVM_VMGEXIT_MMIO_WRITE: + if (!ghcb_sw_scratch_is_valid(ghcb)) + goto vmgexit_err; + break; case SVM_VMGEXIT_UNSUPPORTED_EVENT: break; default: @@ -1470,6 +1478,24 @@ static void pre_sev_es_run(struct vcpu_svm *svm) if (!svm->ghcb) return; + if (svm->ghcb_sa_free) { + /* + * The scratch area lives outside the GHCB, so there is a + * buffer that, depending on the operation performed, may + * need to be synced, then freed. + */ + if (svm->ghcb_sa_sync) { + kvm_write_guest(svm->vcpu.kvm, + ghcb_get_sw_scratch(svm->ghcb), + svm->ghcb_sa, svm->ghcb_sa_len); + svm->ghcb_sa_sync = false; + } + + kfree(svm->ghcb_sa); + svm->ghcb_sa = NULL; + svm->ghcb_sa_free = false; + } + trace_kvm_vmgexit_exit(svm->vcpu.vcpu_id, svm->ghcb); sev_es_sync_to_ghcb(svm); @@ -1504,6 +1530,86 @@ void pre_sev_run(struct vcpu_svm *svm, int cpu) vmcb_mark_dirty(svm->vmcb, VMCB_ASID); } +#define GHCB_SCRATCH_AREA_LIMIT (16ULL * PAGE_SIZE) +static bool setup_vmgexit_scratch(struct vcpu_svm *svm, bool sync, u64 len) +{ + struct vmcb_control_area *control = &svm->vmcb->control; + struct ghcb *ghcb = svm->ghcb; + u64 ghcb_scratch_beg, ghcb_scratch_end; + u64 scratch_gpa_beg, scratch_gpa_end; + void *scratch_va; + + scratch_gpa_beg = ghcb_get_sw_scratch(ghcb); + if (!scratch_gpa_beg) { + pr_err("vmgexit: scratch gpa not provided\n"); + return false; + } + + scratch_gpa_end = scratch_gpa_beg + len; + if (scratch_gpa_end < scratch_gpa_beg) { + pr_err("vmgexit: scratch length (%#llx) not valid for scratch address (%#llx)\n", + len, scratch_gpa_beg); + return false; + } + + if ((scratch_gpa_beg & PAGE_MASK) == control->ghcb_gpa) { + /* Scratch area begins within GHCB */ + ghcb_scratch_beg = control->ghcb_gpa + + offsetof(struct ghcb, shared_buffer); + ghcb_scratch_end = control->ghcb_gpa + + offsetof(struct ghcb, reserved_1); + + /* + * If the scratch area begins within the GHCB, it must be + * completely contained in the GHCB shared buffer area. + */ + if (scratch_gpa_beg < ghcb_scratch_beg || + scratch_gpa_end > ghcb_scratch_end) { + pr_err("vmgexit: scratch area is outside of GHCB shared buffer area (%#llx - %#llx)\n", + scratch_gpa_beg, scratch_gpa_end); + return false; + } + + scratch_va = (void *)svm->ghcb; + scratch_va += (scratch_gpa_beg - control->ghcb_gpa); + } else { + /* + * The guest memory must be read into a kernel buffer, so + * limit the size + */ + if (len > GHCB_SCRATCH_AREA_LIMIT) { + pr_err("vmgexit: scratch area exceeds KVM limits (%#llx requested, %#llx limit)\n", + len, GHCB_SCRATCH_AREA_LIMIT); + return false; + } + scratch_va = kzalloc(len, GFP_KERNEL); + if (!scratch_va) + return false; + + if (kvm_read_guest(svm->vcpu.kvm, scratch_gpa_beg, scratch_va, len)) { + /* Unable to copy scratch area from guest */ + pr_err("vmgexit: kvm_read_guest for scratch area failed\n"); + + kfree(scratch_va); + return false; + } + + /* + * The scratch area is outside the GHCB. The operation will + * dictate whether the buffer needs to be synced before running + * the vCPU next time (i.e. a read was requested so the data + * must be written back to the guest memory). + */ + svm->ghcb_sa_sync = sync; + svm->ghcb_sa_free = true; + } + + svm->ghcb_sa = scratch_va; + svm->ghcb_sa_len = len; + + return true; +} + static void set_ghcb_msr_bits(struct vcpu_svm *svm, u64 value, u64 mask, unsigned int pos) { @@ -1641,6 +1747,24 @@ int sev_handle_vmgexit(struct vcpu_svm *svm) ret = -EINVAL; switch (exit_code) { + case SVM_VMGEXIT_MMIO_READ: + if (!setup_vmgexit_scratch(svm, true, control->exit_info_2)) + break; + + ret = kvm_sev_es_mmio_read(&svm->vcpu, + control->exit_info_1, + control->exit_info_2, + svm->ghcb_sa); + break; + case SVM_VMGEXIT_MMIO_WRITE: + if (!setup_vmgexit_scratch(svm, false, control->exit_info_2)) + break; + + ret = kvm_sev_es_mmio_write(&svm->vcpu, + control->exit_info_1, + control->exit_info_2, + svm->ghcb_sa); + break; case SVM_VMGEXIT_UNSUPPORTED_EVENT: vcpu_unimpl(&svm->vcpu, "vmgexit: unsupported event - exit_info_1=%#llx, exit_info_2=%#llx\n", diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index fc69bc2e0cad..9019ad6a8138 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -174,6 +174,12 @@ struct vcpu_svm { struct vmcb_save_area *vmsa; struct ghcb *ghcb; struct kvm_host_map ghcb_map; + + /* SEV-ES scratch area support */ + void *ghcb_sa; + u64 ghcb_sa_len; + bool ghcb_sa_sync; + bool ghcb_sa_free; }; struct svm_cpu_data { diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index ba26b62e0262..78e8c8b36f9b 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -11299,6 +11299,129 @@ int kvm_handle_invpcid(struct kvm_vcpu *vcpu, unsigned long type, gva_t gva) } EXPORT_SYMBOL_GPL(kvm_handle_invpcid); +static int complete_sev_es_emulated_mmio(struct kvm_vcpu *vcpu) +{ + struct kvm_run *run = vcpu->run; + struct kvm_mmio_fragment *frag; + unsigned int len; + + BUG_ON(!vcpu->mmio_needed); + + /* Complete previous fragment */ + frag = &vcpu->mmio_fragments[vcpu->mmio_cur_fragment]; + len = min(8u, frag->len); + if (!vcpu->mmio_is_write) + memcpy(frag->data, run->mmio.data, len); + + if (frag->len <= 8) { + /* Switch to the next fragment. */ + frag++; + vcpu->mmio_cur_fragment++; + } else { + /* Go forward to the next mmio piece. */ + frag->data += len; + frag->gpa += len; + frag->len -= len; + } + + if (vcpu->mmio_cur_fragment >= vcpu->mmio_nr_fragments) { + vcpu->mmio_needed = 0; + + // VMG change, at this point, we're always done + // RIP has already been advanced + return 1; + } + + // More MMIO is needed + run->mmio.phys_addr = frag->gpa; + run->mmio.len = min(8u, frag->len); + run->mmio.is_write = vcpu->mmio_is_write; + if (run->mmio.is_write) + memcpy(run->mmio.data, frag->data, min(8u, frag->len)); + run->exit_reason = KVM_EXIT_MMIO; + + vcpu->arch.complete_userspace_io = complete_sev_es_emulated_mmio; + + return 0; +} + +int kvm_sev_es_mmio_write(struct kvm_vcpu *vcpu, gpa_t gpa, unsigned int bytes, + void *data) +{ + int handled; + struct kvm_mmio_fragment *frag; + + if (!data) + return -EINVAL; + + handled = write_emultor.read_write_mmio(vcpu, gpa, bytes, data); + if (handled == bytes) + return 1; + + bytes -= handled; + gpa += handled; + data += handled; + + /*TODO: Check if need to increment number of frags */ + frag = vcpu->mmio_fragments; + vcpu->mmio_nr_fragments = 1; + frag->len = bytes; + frag->gpa = gpa; + frag->data = data; + + vcpu->mmio_needed = 1; + vcpu->mmio_cur_fragment = 0; + + vcpu->run->mmio.phys_addr = gpa; + vcpu->run->mmio.len = min(8u, frag->len); + vcpu->run->mmio.is_write = 1; + memcpy(vcpu->run->mmio.data, frag->data, min(8u, frag->len)); + vcpu->run->exit_reason = KVM_EXIT_MMIO; + + vcpu->arch.complete_userspace_io = complete_sev_es_emulated_mmio; + + return 0; +} +EXPORT_SYMBOL_GPL(kvm_sev_es_mmio_write); + +int kvm_sev_es_mmio_read(struct kvm_vcpu *vcpu, gpa_t gpa, unsigned int bytes, + void *data) +{ + int handled; + struct kvm_mmio_fragment *frag; + + if (!data) + return -EINVAL; + + handled = read_emultor.read_write_mmio(vcpu, gpa, bytes, data); + if (handled == bytes) + return 1; + + bytes -= handled; + gpa += handled; + data += handled; + + /*TODO: Check if need to increment number of frags */ + frag = vcpu->mmio_fragments; + vcpu->mmio_nr_fragments = 1; + frag->len = bytes; + frag->gpa = gpa; + frag->data = data; + + vcpu->mmio_needed = 1; + vcpu->mmio_cur_fragment = 0; + + vcpu->run->mmio.phys_addr = gpa; + vcpu->run->mmio.len = min(8u, frag->len); + vcpu->run->mmio.is_write = 0; + vcpu->run->exit_reason = KVM_EXIT_MMIO; + + vcpu->arch.complete_userspace_io = complete_sev_es_emulated_mmio; + + return 0; +} +EXPORT_SYMBOL_GPL(kvm_sev_es_mmio_read); + EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_exit); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_fast_mmio); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_inj_virq); diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index 764c967a1993..804369fe45e3 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -407,4 +407,9 @@ bool kvm_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u32 type); __reserved_bits; \ }) +int kvm_sev_es_mmio_write(struct kvm_vcpu *vcpu, gpa_t src, unsigned int bytes, + void *dst); +int kvm_sev_es_mmio_read(struct kvm_vcpu *vcpu, gpa_t src, unsigned int bytes, + void *dst); + #endif From patchwork Thu Dec 10 17:09:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965801 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D9CDBC1B0E3 for ; Thu, 10 Dec 2020 17:48:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 929CC23A33 for ; Thu, 10 Dec 2020 17:48:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392878AbgLJRsa (ORCPT ); Thu, 10 Dec 2020 12:48:30 -0500 Received: from mail-bn8nam11on2055.outbound.protection.outlook.com ([40.107.236.55]:12128 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2392642AbgLJROr (ORCPT ); Thu, 10 Dec 2020 12:14:47 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NKnVl4o2GvFEYToU8lby56ZscMpLnyncLpHkRCkBUWlAaCcsMp1Vpcu3rllBeoQgzCRvODPofxQjE+esB1B9Yhy65pOiTd5Dknjfqe9VE1XxxIo2HPFMYYwWth0ayJZJoEJsbnrXvjgSjSWzUnvo9Fcd/IICViOEilOzrZ2KvbSB4Jd3mPFgUEfZZqIlS+wW31gVCtGaOmoBJILKGgcgkCRc4lsTkvKz7VhTPR/0oYyel1QVE0a1GkRI5DLSjJMdCXsiESRe1bHJpMOUxJ7rhe8zovuIin6JB+qmIJgbB28gbxvHlRmIymHmX5WrZmHAKR0gs9T3JoBiRfp3A0lmHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tEnZGGj5x+/PnxnEsZAKrM4KM5tnVeiQzhb/gnVASjY=; b=g0mYq3YmQRkaTziUq6t1wI/b/0lFtAgxglFxHuxa/iNp2vjDb+LrEEXIIOKap1VRGxeeEG6kmlOCDclzaZAiuPE+fFTWG4zAWWA4GEMjyyTJm6PLmcaJoAhrQIqfXEG+hUKRR/t8/5JSu+J6UOP3TT+7pAUClI0F8ugNltaBz2W0OFxyaFGyYUHdhsfpdjic3HVU1wfvdjbP4ZO1rLw58qtsE0tlbKCjhBmGA01IUT5JH8RLc4fbIK2QX1pZ8LHqQfm6MW5NE9mxyIo4d2mreH1EFXx+/Jk6SWtTups1Zy3lTO/RPLPWUHL7nSirp9wRya4FuU0Kas69yLJuAYoVGQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tEnZGGj5x+/PnxnEsZAKrM4KM5tnVeiQzhb/gnVASjY=; b=JqoAYMDVyrHxs12bhcCTHYmGkThKv0Dza3nT1dowHRoqqfMxToUIyppOPM5uG6CI19+BpV8bMib2G616WZo+V3LPFw5YrrJ7Adns6wutGo08y5QSQhOOUDOn6GqF6e7bMD6MrWsknE8FCoUo7lZzyQNjeheel4pwrHydHA5O3DY= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR1201MB0149.namprd12.prod.outlook.com (2603:10b6:910:1c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:13:07 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:13:07 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh , kernel test robot Subject: [PATCH v5 19/34] KVM: SVM: Support string IO operations for an SEV-ES guest Date: Thu, 10 Dec 2020 11:09:54 -0600 Message-Id: <9d61daf0ffda496703717218f415cdc8fd487100.1607620209.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR18CA0028.namprd18.prod.outlook.com (2603:10b6:610:4f::38) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR18CA0028.namprd18.prod.outlook.com (2603:10b6:610:4f::38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:13:06 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 85a725bf-a7aa-486e-4705-08d89d2edd13 X-MS-TrafficTypeDiagnostic: CY4PR1201MB0149: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: NP7QiYn0vowqVOWRPJmk77OEw6INRNNaWVkW36+ZIm8taLKMsBYZRkYjwzmlfO9WjjDvs3x3g80M2L1HPc9cgUmorzKkODSTOZt+N/SPccFHP6Q/EHqapOMczgjCdQRajCaPnUpHtRbqMzZ+i3pxHCMMxZBvcs9YVWjiwIPISgdy88wz9EnGIoZSB9bWaSZH5WnFKxz2ej+da1hVYBs8c7ZlI7b1OVMX42xKSup8E9G84A7jG8K2IX9AR4iqfNL+T2zHIolerjrlLf44yFTRXYrcMpfeQ4v3nVffmJ+tf3XrurzJFJz325hYNzDNu1YhUxS8YuQUT3V6oUVky7qAsitD2oquXv9LhYqSHZgwTFltkEewUuEJJ7Io70c+CpO9 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(376002)(366004)(2906002)(5660300002)(6666004)(26005)(52116002)(186003)(83380400001)(16526019)(54906003)(6486002)(956004)(2616005)(8936002)(7696005)(508600001)(66946007)(66476007)(36756003)(8676002)(86362001)(34490700003)(4326008)(7416002)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: 2p0NsodCd5xN+07k069ZyZi+O4f5BpQG2AsNaVQEkUjaxNBtPGyVkV/tn2gy0IkGmGCmZugZn8IH81i/aUCknqt5i8qoVun1L4RYOHkRgtT6rupBWG1gKmXRM8Gcrw/CB32zNA3zpw1faSvWrehSVCa77HAyCWQg71QuMV9UiGMydQx09ni2FmlAIzP+akWfo8NIpcZtR4k7VqTNgKrwdRMoxBHFIItnHqUsBLquc18y+oIUcnQhTPDUdK8yrLS6mM2AuEeBJ7jALX6W3S/IE+yQVaLKGGg6tKZFOizEma4nS4Ia4sNkKDBbTC14LNkvXFmNak5WBPlQ8aY6ht3m8htsrk8tBaVKY1af97HItMaN4d1zO3DorGGLGGUcB9OcyKaS7jOhE8PF9BDcuFwlRlxw3LZaoBi4osSRgisM3M80NPIZC8L3f1RzMHGZdpHTJG6CnkqODSuNd9ILIf+XBmBbnL2CR4THoAbtx9E9cjgcmaG+qq+ZcNcrTkHhAjbs1zUK7UGnvYSrvbBjvjRj29qKuHS4241tfNeEmryOwC8PYTe610vrCD1XcxfhZta2cHy+0sZgg6SsQp5+YgQOz7ML/UtLkKnocQvPo9McKZmnBwDlwNg31Vsd6JpO10pdQIz0y5RSqsJfZWCDlvIDz6zM4xDVewF+s4PjlPQJXbqKRYYfPx0VnjAzjBrO67wLuCxno3aGUpNHevkM0ZYK/yr3dnnIQsC3hsLuNbcsJ/KNKipyuEtoTCVG6sSAE0bxZpqAU7yNzg9QG0ouF7LANzE+WthCDnXqAzk1m1phGl+8vaw3aZVb+7ryDAdy+Ee1rejxPMFXzjwz9iX/CcXa8/M3+qP1OzGfil72vZTcklHhHs/FXfxfTzNaYdy0ipmkzHh23aTWQ5iAJO//a8TNVNdzBlrEs8IIEGRfw5EvyvpragAApMLNIgJH2LRZ7/J2H1nuwsbQlVA6C+BeO5YMV0W49NyCgHausQHC3CNxrK0SwQrvleIZ/c7LYZbNKNRP X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:13:07.5090 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 85a725bf-a7aa-486e-4705-08d89d2edd13 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: CUnBxlbbgyOtcPVZM5ZGxR4tPCktlP22s43MmRkjW47LVe4IXSS9xwh84kE45TgfQmaVXwsGyidXprxi6b20uw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB0149 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky For an SEV-ES guest, string-based port IO is performed to a shared (un-encrypted) page so that both the hypervisor and guest can read or write to it and each see the contents. For string-based port IO operations, invoke SEV-ES specific routines that can complete the operation using common KVM port IO support. [ set but not used variable ] Reported-by: kernel test robot Signed-off-by: Tom Lendacky --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm/sev.c | 18 +++++++++-- arch/x86/kvm/svm/svm.c | 11 +++++-- arch/x86/kvm/svm/svm.h | 1 + arch/x86/kvm/x86.c | 54 +++++++++++++++++++++++++++++++++ arch/x86/kvm/x86.h | 3 ++ 6 files changed, 83 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 8cf6b0493d49..26f937111226 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -614,6 +614,7 @@ struct kvm_vcpu_arch { struct kvm_pio_request pio; void *pio_data; + void *guest_ins_data; u8 event_exit_inst_len; diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 63f20be4bc69..a7531de760b5 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1406,9 +1406,14 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) case SVM_EXIT_INVD: break; case SVM_EXIT_IOIO: - if (!(ghcb_get_sw_exit_info_1(ghcb) & SVM_IOIO_TYPE_MASK)) - if (!ghcb_rax_is_valid(ghcb)) + if (ghcb_get_sw_exit_info_1(ghcb) & SVM_IOIO_STR_MASK) { + if (!ghcb_sw_scratch_is_valid(ghcb)) goto vmgexit_err; + } else { + if (!(ghcb_get_sw_exit_info_1(ghcb) & SVM_IOIO_TYPE_MASK)) + if (!ghcb_rax_is_valid(ghcb)) + goto vmgexit_err; + } break; case SVM_EXIT_MSR: if (!ghcb_rcx_is_valid(ghcb)) @@ -1776,3 +1781,12 @@ int sev_handle_vmgexit(struct vcpu_svm *svm) return ret; } + +int sev_es_string_io(struct vcpu_svm *svm, int size, unsigned int port, int in) +{ + if (!setup_vmgexit_scratch(svm, in, svm->vmcb->control.exit_info_2)) + return -EINVAL; + + return kvm_sev_es_string_io(&svm->vcpu, size, port, + svm->ghcb_sa, svm->ghcb_sa_len, in); +} diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index ad1ec6ad558e..32502c4b091d 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2058,11 +2058,16 @@ static int io_interception(struct vcpu_svm *svm) ++svm->vcpu.stat.io_exits; string = (io_info & SVM_IOIO_STR_MASK) != 0; in = (io_info & SVM_IOIO_TYPE_MASK) != 0; - if (string) - return kvm_emulate_instruction(vcpu, 0); - port = io_info >> 16; size = (io_info & SVM_IOIO_SIZE_MASK) >> SVM_IOIO_SIZE_SHIFT; + + if (string) { + if (sev_es_guest(vcpu->kvm)) + return sev_es_string_io(svm, size, port, in); + else + return kvm_emulate_instruction(vcpu, 0); + } + svm->next_rip = svm->vmcb->control.exit_info_2; return kvm_fast_pio(&svm->vcpu, size, port, in); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 9019ad6a8138..b3f03dede6ac 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -573,5 +573,6 @@ void __init sev_hardware_setup(void); void sev_hardware_teardown(void); void sev_free_vcpu(struct kvm_vcpu *vcpu); int sev_handle_vmgexit(struct vcpu_svm *svm); +int sev_es_string_io(struct vcpu_svm *svm, int size, unsigned int port, int in); #endif diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 78e8c8b36f9b..fcd862f5a2b4 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -10790,6 +10790,10 @@ int kvm_arch_interrupt_allowed(struct kvm_vcpu *vcpu) unsigned long kvm_get_linear_rip(struct kvm_vcpu *vcpu) { + /* Can't read the RIP when guest state is protected, just return 0 */ + if (vcpu->arch.guest_state_protected) + return 0; + if (is_64_bit_mode(vcpu)) return kvm_rip_read(vcpu); return (u32)(get_segment_base(vcpu, VCPU_SREG_CS) + @@ -11422,6 +11426,56 @@ int kvm_sev_es_mmio_read(struct kvm_vcpu *vcpu, gpa_t gpa, unsigned int bytes, } EXPORT_SYMBOL_GPL(kvm_sev_es_mmio_read); +static int complete_sev_es_emulated_ins(struct kvm_vcpu *vcpu) +{ + memcpy(vcpu->arch.guest_ins_data, vcpu->arch.pio_data, + vcpu->arch.pio.count * vcpu->arch.pio.size); + vcpu->arch.pio.count = 0; + + return 1; +} + +static int kvm_sev_es_outs(struct kvm_vcpu *vcpu, unsigned int size, + unsigned int port, void *data, unsigned int count) +{ + int ret; + + ret = emulator_pio_out_emulated(vcpu->arch.emulate_ctxt, size, port, + data, count); + if (ret) + return ret; + + vcpu->arch.pio.count = 0; + + return 0; +} + +static int kvm_sev_es_ins(struct kvm_vcpu *vcpu, unsigned int size, + unsigned int port, void *data, unsigned int count) +{ + int ret; + + ret = emulator_pio_in_emulated(vcpu->arch.emulate_ctxt, size, port, + data, count); + if (ret) { + vcpu->arch.pio.count = 0; + } else { + vcpu->arch.guest_ins_data = data; + vcpu->arch.complete_userspace_io = complete_sev_es_emulated_ins; + } + + return 0; +} + +int kvm_sev_es_string_io(struct kvm_vcpu *vcpu, unsigned int size, + unsigned int port, void *data, unsigned int count, + int in) +{ + return in ? kvm_sev_es_ins(vcpu, size, port, data, count) + : kvm_sev_es_outs(vcpu, size, port, data, count); +} +EXPORT_SYMBOL_GPL(kvm_sev_es_string_io); + EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_exit); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_fast_mmio); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_inj_virq); diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index 804369fe45e3..0e8fe766a4c5 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -411,5 +411,8 @@ int kvm_sev_es_mmio_write(struct kvm_vcpu *vcpu, gpa_t src, unsigned int bytes, void *dst); int kvm_sev_es_mmio_read(struct kvm_vcpu *vcpu, gpa_t src, unsigned int bytes, void *dst); +int kvm_sev_es_string_io(struct kvm_vcpu *vcpu, unsigned int size, + unsigned int port, void *data, unsigned int count, + int in); #endif From patchwork Thu Dec 10 17:09:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965795 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 50CACC4361B for ; Thu, 10 Dec 2020 17:42:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 06F5D23DE3 for ; Thu, 10 Dec 2020 17:42:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392656AbgLJRO5 (ORCPT ); Thu, 10 Dec 2020 12:14:57 -0500 Received: from mail-bn8nam11on2059.outbound.protection.outlook.com ([40.107.236.59]:9021 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2392650AbgLJROt (ORCPT ); Thu, 10 Dec 2020 12:14:49 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Pw+vvqsfaX6hmZQEE7myhfImoHNQW1TOoVVcNWhGNb2DpQ53oQUYm2sCGrXgnu5+uOVKv44hxyi3PmOhY9/czzRyxY+6XX9GgmB5HYKRimpIUaSDGvxk2PZQaFljyifgFJDXeI6YiD6jJWcNLfEzFaqVKv6ChUymzonyUzlZvbBDjLCNEsUPJuEMPTwNrkEeIUcouCu7ZGYb4K0ukDCH3atYiQoxalWXqxjCuJ2B+muwi79+pOeNqmZHL/syrNyCQH32FASe9rosI61/4nY8dXx9ObcbXAl2rSoBVADJK8g+LEJhn6MfqCYXmW6fRJLYRmy9KiQL2LHk1rpdircrqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HpWjgnVppyTK73K7Nycs2y7P0yX7aKr0ek3ZgdmmT1M=; b=dVUua6+GHEfZjb/fUWVzOwRhPOfQONKM/2Z9AjdFuwzgv5HZwUj622xhyFt21NRQpPE48EkC08Ca+w1qMGWDFVZVgvxWo8poNiKFMs36a1SBCnEo/bHt0rEE2We8Mp7dyTJHvpG03h7z0ZBRxtSUMBSkJ7jxtpDM6s8r2ySc5CqynsL7A+H0mhpJ2KlDkv/rcHovfjX0AVTwQxap+UUPLZ5mh6evva/5txxUKEMOBq2QVZfS9H3K9x83O6D9WSRWFxQMM4kkyPfjqLtQlbHCF3TZt5HaCGgNiKwF5zTsNP3+d8BCCGXLBak+o3eWNpFEBuKt/Epn+s72Dadqv99qlA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HpWjgnVppyTK73K7Nycs2y7P0yX7aKr0ek3ZgdmmT1M=; b=D6IYNvuPJzVvZjjVArpQ0JDLZrh97plqzlStKO+jmGW2awOSC1ADxQ/5js1RvwQIfmdOQUCAtp3A/OGnmzf0sUToupHGUjc0XK8AY3YCRsoB/f1ulDmQ35MRCVGo260Il7ZjnBJMFDEIv94w+nXckIfIy+r1Jnv0xigkZVdbzQU= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR1201MB0149.namprd12.prod.outlook.com (2603:10b6:910:1c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:13:16 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:13:16 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 20/34] KVM: SVM: Add support for EFER write traps for an SEV-ES guest Date: Thu, 10 Dec 2020 11:09:55 -0600 Message-Id: <8993149352a3a87cd0625b3b61bfd31ab28977e1.1607620209.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR18CA0018.namprd18.prod.outlook.com (2603:10b6:610:4f::28) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR18CA0018.namprd18.prod.outlook.com (2603:10b6:610:4f::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:13:15 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 61b20c9d-e753-49aa-d90b-08d89d2ee290 X-MS-TrafficTypeDiagnostic: CY4PR1201MB0149: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: b/aY2DS7gavABcw+URaYVGMpdqCc+NNxoWze7ogmIAddD+aDXAJg7tAXw8gM0fB8/KQXtIS0At14Mj5prqd1SuabkoISjArEGEtOlYBtOhfA6uMLGYDeRddHmbwJPxDd67Pt80II4u/A04j4WBPOHlMenWnHocVMKOkn6Omf38TcxhquKxFek7kz7MNDVgtUPwiqrC1M3ASP41WzDtEFPSmVCFRj47i2S5oQRaZeVwPpdJ4h9nwOMUCd7b4bkAFfcTAUKLMJCzqcnK7FYqW4dno2iZd3PRzYd7KBcjG1NQyNw+UvqJocvPXdT5QxGuTHRZ57HADqWqDE1T9J+D8TFaR3mSa1wnOBdgrciK0xb0AG/R5VWugyRJV8DjVc0K80 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(376002)(366004)(2906002)(5660300002)(6666004)(26005)(52116002)(186003)(83380400001)(16526019)(54906003)(6486002)(956004)(2616005)(8936002)(7696005)(508600001)(66946007)(66476007)(36756003)(8676002)(86362001)(34490700003)(4326008)(7416002)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: /bW7VYk7EaYRZ7s04Z2nOlRZKtjV5zN/Q2a33FBuen/g/9wQH5RDD7nhVaUS5LKQCm5QCB4jg+w3YV+CsZzrbe2W9uW0RmZDewvNQgFl/Npab/pOX02BldcJoUHEXvqC2f80b8KNKL2PDG2z9GSo61lsiO18hn2F9/jI3BiL6vIA6dkagdsWT0UwJluD2vhmnK8jacPf7YM8eSLoW24M254pNjr+Ohe6HBZswXWmP0gEdPS1jeYFnJrvBJLIlYToE4KlYz4pnkmocho13I+2Qft8UVGFoWNvJw3zRbMbnZbGf3vPazvey9j7GrCumBiUvK4tkLV/8OtpGvZWzhEeLZrV+i2eebIu2cN2zVyTNgQWoBD63+d3kA4RXrVvDjyYa5jlAGfHrUCxlcTo88jCg5W6W+p5Ns2+Xy8J+gxhjdPg28Qj3EPq05illKZnb6aTrKabdp8Gw8dbRwwQJHRfhRl5DQGt/LKluyKqXyuJ4aKO/XM+5IpjsvkyrZkr7OpwJQgIXxdugfxXxiNzbWeVhKqJbsdaf8OZydoZ5AateUpD2XM7PtJMeb1/mFRL7sAyuJPbffbZeT7YQ++bVUw3VVZrvy0lTkpmn8pETnl8HjcPiQpW+iVlr99ObsFSHlJsCeFpM9eFUzHiZvMJ4SDtROslLQMwA3ayX6bzz6CG3lE0Z31hPzy24UZfYI7x4oUVyVnbp1MI/3SOGpGdTgYcDXP++vkeqJdyCauEXvhhlnrhomDeQrj6ryZugFCB8dyZmOx2LE7jjNZGXqJbbNLTyy2J8FD0XxEsZxhhcKenoa6RB6xkCsfpPn8gnanyQQtpTP7E+jgYuA6X6L6lfPxWXuFJtO3N5pTJbURkWeBsD0mlJXksjF8KmhlGpuec4kjmsLZ/1Z4728o0r08/itTzXhLLK30TBDFG5a03SvZMsyfGb7AL8bcprN049EFv8LTsCpuhkGrBBYEv85pIgitk/HLguC6i53NxFIc8kLHEa54zegnXGsE3SvLnll2gYYl1 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:13:16.6855 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 61b20c9d-e753-49aa-d90b-08d89d2ee290 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 2+lzdrL7cEeFhktKmvte1GaRBvyvwff5TaZPeKHLXam2Q6xZ2ntnUDTsLb5zsEYnXHgxP/dj35d8vKGXJDhJww== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB0149 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky For SEV-ES guests, the interception of EFER write access is not recommended. EFER interception occurs prior to EFER being modified and the hypervisor is unable to modify EFER itself because the register is located in the encrypted register state. SEV-ES support introduces a new EFER write trap. This trap provides intercept support of an EFER write after it has been modified. The new EFER value is provided in the VMCB EXITINFO1 field, allowing the hypervisor to track the setting of the guest EFER. Add support to track the value of the guest EFER value using the EFER write trap so that the hypervisor understands the guest operating mode. Signed-off-by: Tom Lendacky --- arch/x86/include/uapi/asm/svm.h | 2 ++ arch/x86/kvm/svm/svm.c | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h index 09f723945425..6e3f92e17655 100644 --- a/arch/x86/include/uapi/asm/svm.h +++ b/arch/x86/include/uapi/asm/svm.h @@ -77,6 +77,7 @@ #define SVM_EXIT_MWAIT_COND 0x08c #define SVM_EXIT_XSETBV 0x08d #define SVM_EXIT_RDPRU 0x08e +#define SVM_EXIT_EFER_WRITE_TRAP 0x08f #define SVM_EXIT_INVPCID 0x0a2 #define SVM_EXIT_NPF 0x400 #define SVM_EXIT_AVIC_INCOMPLETE_IPI 0x401 @@ -184,6 +185,7 @@ { SVM_EXIT_MONITOR, "monitor" }, \ { SVM_EXIT_MWAIT, "mwait" }, \ { SVM_EXIT_XSETBV, "xsetbv" }, \ + { SVM_EXIT_EFER_WRITE_TRAP, "write_efer_trap" }, \ { SVM_EXIT_INVPCID, "invpcid" }, \ { SVM_EXIT_NPF, "npf" }, \ { SVM_EXIT_AVIC_INCOMPLETE_IPI, "avic_incomplete_ipi" }, \ diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 32502c4b091d..3b61cc088b31 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2523,6 +2523,25 @@ static int cr8_write_interception(struct vcpu_svm *svm) return 0; } +static int efer_trap(struct vcpu_svm *svm) +{ + struct msr_data msr_info; + int ret; + + /* + * Clear the EFER_SVME bit from EFER. The SVM code always sets this + * bit in svm_set_efer(), but __kvm_valid_efer() checks it against + * whether the guest has X86_FEATURE_SVM - this avoids a failure if + * the guest doesn't have X86_FEATURE_SVM. + */ + msr_info.host_initiated = false; + msr_info.index = MSR_EFER; + msr_info.data = svm->vmcb->control.exit_info_1 & ~EFER_SVME; + ret = kvm_set_msr_common(&svm->vcpu, &msr_info); + + return kvm_complete_insn_gp(&svm->vcpu, ret); +} + static int svm_get_msr_feature(struct kvm_msr_entry *msr) { msr->data = 0; @@ -3031,6 +3050,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = { [SVM_EXIT_MWAIT] = mwait_interception, [SVM_EXIT_XSETBV] = xsetbv_interception, [SVM_EXIT_RDPRU] = rdpru_interception, + [SVM_EXIT_EFER_WRITE_TRAP] = efer_trap, [SVM_EXIT_INVPCID] = invpcid_interception, [SVM_EXIT_NPF] = npf_interception, [SVM_EXIT_RSM] = rsm_interception, From patchwork Thu Dec 10 17:09:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965729 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D9DEBC1B0E3 for ; Thu, 10 Dec 2020 17:15:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 92B0823D56 for ; Thu, 10 Dec 2020 17:15:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392691AbgLJRPS (ORCPT ); Thu, 10 Dec 2020 12:15:18 -0500 Received: from mail-bn8nam11on2059.outbound.protection.outlook.com ([40.107.236.59]:9021 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2392680AbgLJRPQ (ORCPT ); Thu, 10 Dec 2020 12:15:16 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Hx7tY/8HbM3vgHYR96OTDLAu5LuvDcx2GtK7cqRjKgw4R/FXxdHQlAl8Luq4nKI4oPr30sI/MlXcRLP2OvZ5bod4OpUcsvr4kFeg7OJt5Bh61Y6cSqqo+DXTRyYpV6vnSuxXy0WlW5DwmjmM/RjYm1a3FzJtpxJ5wzU7LMS6jnz93N4Ub4GhbH0+z+s4nsrg5VICKbFIsMiZ3mXEMbIBzfTT40Xqvw7vG3SqjPTKUXriQgJ6RjqzNHasPCz6YqtedAVMhPSIH7cdNTkAnyGJKmL+BnEmNvnTeD5N+vJelrPeLYmrV1es7bSSEVojMrlZKKyleSsM5zrtizQQ8COwuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7NiQZOHIGuwczuAxMiapS/aYYGmHfME/twUIKSSchI0=; b=hU5vtZjzwT+02yWgJ1i08jGXXVslKQL32XXT5fio9thoNjk7+yPhj5jgce7+cv6+gL3cg4yKYNTGwkU8s6RN4jcJBzRSqDyDB+BbrkjC4jc+wpqgS1GaOEmp6E2ijSPMLK7ruQoUNQK+YsDI7sLg10On6SmhLMuLtpVGNBVwXOoZgcRk+XdTwR15/iNPA4+2VgiobK/NA5kClfeirJFbF5vALydFpcSOjFAIXB7hO9bokL1BCo1jDCwj+o5Po3JRypya7XhLhj3E7Jm2PP7QUFjK4Ck6gAlzMVn5L3nrVuYwG6SdTbAjNuayMovOzx0h2GY023oO7zRSuw8WArTZLw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7NiQZOHIGuwczuAxMiapS/aYYGmHfME/twUIKSSchI0=; b=AWmOikrmAKVlvonCBEq6i1j0KWN8YFddZLf0IRH36QwqI0u55TmB3PteLnfHAwZMJrxDhgg/xUQZvcCzEc8qv6+ykDv8kbIIwRRqKKug4OL4cnan1RTyPfCWFxtgyIZ19qpEvcxb7R0FJFhoi7Aug9iZ3EQDl7QqY+LTH4qE8S4= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR1201MB0149.namprd12.prod.outlook.com (2603:10b6:910:1c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:13:28 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:13:28 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 21/34] KVM: SVM: Add support for CR0 write traps for an SEV-ES guest Date: Thu, 10 Dec 2020 11:09:56 -0600 Message-Id: <182c9baf99df7e40ad9617ff90b84542705ef0d7.1607620209.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR10CA0020.namprd10.prod.outlook.com (2603:10b6:610:4c::30) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR10CA0020.namprd10.prod.outlook.com (2603:10b6:610:4c::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:13:27 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: e4cf9236-f2f2-4dec-b608-08d89d2ee9bf X-MS-TrafficTypeDiagnostic: CY4PR1201MB0149: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: k1uZO0YpphLXIAxjqJHO8hm+j3v2hiKCqeW8nhclUBXXQnNEwS70PwmmbGXTOXFLsbsa9bYDsMuUf7jRk3G5vmRJJHW0qbc0Y4VsDbReC7NqaoSlZsaoepv2jHofFyJ9YJtpEYzh5qbjbPULHcu+T8gDfXL/lihEyac5eXa5fnbHHPzP3xHPoHE/ANC8xZQcGId3nLC9J8LqUx5xxb1cz7u2qBa+v1NhDF9iTO2yU70ti+gf4SBbLIK7v4Yexk2nTEdBe8NSMHw+QinUB17tIch5k7u+HpdpTQLyLEhHVJWJ4fOq7T1m26+rHCstSLZohtpBmGBGas9IUXnUowExixNHrdiiDCGal4bMtr+dAgOL9kgPTd0O3DXhcz7/qCun X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(376002)(366004)(2906002)(5660300002)(6666004)(26005)(52116002)(186003)(83380400001)(16526019)(54906003)(6486002)(956004)(2616005)(8936002)(7696005)(508600001)(66946007)(66476007)(36756003)(8676002)(86362001)(34490700003)(4326008)(7416002)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: tadkcZgujvlKQMtFHDL30XH3wGJcxMYs4ztCBkAPdmMAjmftM1825fiiKMyubsJPNohC6XEw8KIZr4L7NNPc2RIkhMiE8n90xfeY5Ev2JhgPNEPKlGvWG5ONMJ9QBU84U9AFr9SbxqiX60gxg5QSkxONoyTw6pvYGVeDvrbcMX6XsoEHzgxbyFmTuGe3GoxijXyRJ3AgjToRowR2U2hludoRVHyTV3YO2myEd/2VLYTttEw7GGM9LKP5+q6xTmJHlAKwAWZm2uaO2uVRW9+2HtGRbVZACGNCHW41/2oWPYZexwdq5Zc2g1ZZoScOeQ1qA5ewu5FrEOPRYIwtjvCNcKKCNG/CX5UD5d+3PMGJiWH5IN6oxSWOVvjQCDgsfh9Oepksdu6mllbPHuj7WCaJFdtJQFhVD5tc9DiH8zIb9duMTri5KG9UCG2tCJOGbFYbW9vxXl4x3Og+DC6StooikmYQDD9YkkrurjcYfXUwZTVMo2z7Qs1FBNSNeS3Z3Mv/MBZyFPR6qZEaGORQ9cWKcwa3LhksdMv08uZ+xGpMZYBMT8NBPrJbh30AziZqr3ltif5fqWwU7A7NmuUn98AmNoLBTeshw/g6Uic1ikdztTlcHuxJRAXCTm5snHKmzFOIgseY4NrfGN00eqpVVq6i1sjap/cDr6Lxj17C6o5ZNpwrsmCenjRU13mr2OVlVEez4fNnQ+mLIcNIOupzZVTWmQOlXgCDcH/snxPvn39VP27TciujqpM2FD4YEVcwN0LernDgaUaHD7idSzqii+srGlRvu/De/QpQpNSgTyGhPiypYLEShdabwrk8I+gUZwoevhHISsZR+gUPGLVh61yJms29/lvDiLLlXjfyfaGjs1mF4S03NzUWRpLXAC30BIrR+tgNiDzaYraz3/LpKy0Bmn4izrA889DJn0BNiFADL4Elw8C5GbnsI9kL2O55je53KU332kB9Bdzc8Vw8dP4eVu8XjmRM7lBZr4wiNclcRTgTm5nYVe0ApdPal66aA1wF X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:13:28.7557 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: e4cf9236-f2f2-4dec-b608-08d89d2ee9bf X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: iy7i2CCy5l4uNfH9RSs8wg/XAK8RYRgpMRpzTOTKkR4jY9Ob2kpXJ0L7mQBKg0kANN50LV0/sFLobZh5cPnQ/w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB0149 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky For SEV-ES guests, the interception of control register write access is not recommended. Control register interception occurs prior to the control register being modified and the hypervisor is unable to modify the control register itself because the register is located in the encrypted register state. SEV-ES support introduces new control register write traps. These traps provide intercept support of a control register write after the control register has been modified. The new control register value is provided in the VMCB EXITINFO1 field, allowing the hypervisor to track the setting of the guest control registers. Add support to track the value of the guest CR0 register using the control register write trap so that the hypervisor understands the guest operating mode. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/uapi/asm/svm.h | 17 +++++++++++++++++ arch/x86/kvm/svm/svm.c | 26 ++++++++++++++++++++++++++ arch/x86/kvm/x86.c | 33 ++++++++++++++++++++------------- 4 files changed, 64 insertions(+), 13 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 26f937111226..2714ae0adeab 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1476,6 +1476,7 @@ void kvm_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector); int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int idt_index, int reason, bool has_error_code, u32 error_code); +void kvm_post_set_cr0(struct kvm_vcpu *vcpu, unsigned long old_cr0, unsigned long cr0); int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0); int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3); int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4); diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h index 6e3f92e17655..14b0d97b50e2 100644 --- a/arch/x86/include/uapi/asm/svm.h +++ b/arch/x86/include/uapi/asm/svm.h @@ -78,6 +78,22 @@ #define SVM_EXIT_XSETBV 0x08d #define SVM_EXIT_RDPRU 0x08e #define SVM_EXIT_EFER_WRITE_TRAP 0x08f +#define SVM_EXIT_CR0_WRITE_TRAP 0x090 +#define SVM_EXIT_CR1_WRITE_TRAP 0x091 +#define SVM_EXIT_CR2_WRITE_TRAP 0x092 +#define SVM_EXIT_CR3_WRITE_TRAP 0x093 +#define SVM_EXIT_CR4_WRITE_TRAP 0x094 +#define SVM_EXIT_CR5_WRITE_TRAP 0x095 +#define SVM_EXIT_CR6_WRITE_TRAP 0x096 +#define SVM_EXIT_CR7_WRITE_TRAP 0x097 +#define SVM_EXIT_CR8_WRITE_TRAP 0x098 +#define SVM_EXIT_CR9_WRITE_TRAP 0x099 +#define SVM_EXIT_CR10_WRITE_TRAP 0x09a +#define SVM_EXIT_CR11_WRITE_TRAP 0x09b +#define SVM_EXIT_CR12_WRITE_TRAP 0x09c +#define SVM_EXIT_CR13_WRITE_TRAP 0x09d +#define SVM_EXIT_CR14_WRITE_TRAP 0x09e +#define SVM_EXIT_CR15_WRITE_TRAP 0x09f #define SVM_EXIT_INVPCID 0x0a2 #define SVM_EXIT_NPF 0x400 #define SVM_EXIT_AVIC_INCOMPLETE_IPI 0x401 @@ -186,6 +202,7 @@ { SVM_EXIT_MWAIT, "mwait" }, \ { SVM_EXIT_XSETBV, "xsetbv" }, \ { SVM_EXIT_EFER_WRITE_TRAP, "write_efer_trap" }, \ + { SVM_EXIT_CR0_WRITE_TRAP, "write_cr0_trap" }, \ { SVM_EXIT_INVPCID, "invpcid" }, \ { SVM_EXIT_NPF, "npf" }, \ { SVM_EXIT_AVIC_INCOMPLETE_IPI, "avic_incomplete_ipi" }, \ diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 3b61cc088b31..e35050eafe3a 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2470,6 +2470,31 @@ static int cr_interception(struct vcpu_svm *svm) return kvm_complete_insn_gp(&svm->vcpu, err); } +static int cr_trap(struct vcpu_svm *svm) +{ + struct kvm_vcpu *vcpu = &svm->vcpu; + unsigned long old_value, new_value; + unsigned int cr; + + new_value = (unsigned long)svm->vmcb->control.exit_info_1; + + cr = svm->vmcb->control.exit_code - SVM_EXIT_CR0_WRITE_TRAP; + switch (cr) { + case 0: + old_value = kvm_read_cr0(vcpu); + svm_set_cr0(vcpu, new_value); + + kvm_post_set_cr0(vcpu, old_value, new_value); + break; + default: + WARN(1, "unhandled CR%d write trap", cr); + kvm_queue_exception(vcpu, UD_VECTOR); + return 1; + } + + return kvm_complete_insn_gp(vcpu, 0); +} + static int dr_interception(struct vcpu_svm *svm) { int reg, dr; @@ -3051,6 +3076,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = { [SVM_EXIT_XSETBV] = xsetbv_interception, [SVM_EXIT_RDPRU] = rdpru_interception, [SVM_EXIT_EFER_WRITE_TRAP] = efer_trap, + [SVM_EXIT_CR0_WRITE_TRAP] = cr_trap, [SVM_EXIT_INVPCID] = invpcid_interception, [SVM_EXIT_NPF] = npf_interception, [SVM_EXIT_RSM] = rsm_interception, diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index fcd862f5a2b4..1b3f1f326e9c 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -804,11 +804,29 @@ bool pdptrs_changed(struct kvm_vcpu *vcpu) } EXPORT_SYMBOL_GPL(pdptrs_changed); +void kvm_post_set_cr0(struct kvm_vcpu *vcpu, unsigned long old_cr0, unsigned long cr0) +{ + unsigned long update_bits = X86_CR0_PG | X86_CR0_WP; + + if ((cr0 ^ old_cr0) & X86_CR0_PG) { + kvm_clear_async_pf_completion_queue(vcpu); + kvm_async_pf_hash_reset(vcpu); + } + + if ((cr0 ^ old_cr0) & update_bits) + kvm_mmu_reset_context(vcpu); + + if (((cr0 ^ old_cr0) & X86_CR0_CD) && + kvm_arch_has_noncoherent_dma(vcpu->kvm) && + !kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_CD_NW_CLEARED)) + kvm_zap_gfn_range(vcpu->kvm, 0, ~0ULL); +} +EXPORT_SYMBOL_GPL(kvm_post_set_cr0); + int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0) { unsigned long old_cr0 = kvm_read_cr0(vcpu); unsigned long pdptr_bits = X86_CR0_CD | X86_CR0_NW | X86_CR0_PG; - unsigned long update_bits = X86_CR0_PG | X86_CR0_WP; cr0 |= X86_CR0_ET; @@ -847,18 +865,7 @@ int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0) kvm_x86_ops.set_cr0(vcpu, cr0); - if ((cr0 ^ old_cr0) & X86_CR0_PG) { - kvm_clear_async_pf_completion_queue(vcpu); - kvm_async_pf_hash_reset(vcpu); - } - - if ((cr0 ^ old_cr0) & update_bits) - kvm_mmu_reset_context(vcpu); - - if (((cr0 ^ old_cr0) & X86_CR0_CD) && - kvm_arch_has_noncoherent_dma(vcpu->kvm) && - !kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_CD_NW_CLEARED)) - kvm_zap_gfn_range(vcpu->kvm, 0, ~0ULL); + kvm_post_set_cr0(vcpu, old_cr0, cr0); return 0; } From patchwork Thu Dec 10 17:09:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965733 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 75BEEC4167B for ; Thu, 10 Dec 2020 17:16:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2806723D67 for ; Thu, 10 Dec 2020 17:16:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404114AbgLJRPr (ORCPT ); Thu, 10 Dec 2020 12:15:47 -0500 Received: from mail-bn8nam11on2051.outbound.protection.outlook.com ([40.107.236.51]:35297 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2404101AbgLJRPp (ORCPT ); Thu, 10 Dec 2020 12:15:45 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ASnuO89WMMycSLqXgFP7OUoOUrBw34AFUZQYoFLxjSfXR3ProcIPngqXW9oIKqjtqe5+TGMnfsCVBigho6QdrLE3UsjCFtprG7/cABcw3z8bSk2udqwjjpb6c+7oU/tUE3VzloGyPPGZFPsFv5cRC80Hao9WPGPMrZKdTIhm/2PmQLd/K0BABfCPtp99wTZv+hucy7xtEt5ZF13nW+NUyV5FlllJ1smMpdn/Ypd1lNkW+lb7LpTSbeA4Q8NGE6lLI15WTT1wlbu9DOj6kDqURz4dTB+YoKXFMwkTA6ScZ4DlM9dKpPmmLH3u/8CleYx23CL9bQM9ep6MDLmoVbiXtg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=e1Xi7z2RN82oW3MFTL0fZz5ePpILWaOpUbbZLgymsRo=; b=l/Gy3tJGwGQ2FfGQOKkOAOab+ohCsDboE3rfTuCbgzmsUmAEdpV9GX32k8M3rF5wbUkPZdtwlKZim8J9Zdz+Lx3IP7mxk5v5HJYtL3nVMV+V1CX1DGDdFWQPqJzQGliaUCf8sqYXC7wfgcZQh0yDznhH85dcUanFyIvgZLowpGVrhBo2vGHQaMbeabXmW4dV8UwnfrFjgWboktz0GJyErBpV9k4t0aPwbZhySHI/ug7mMLuP96UN70xNpkKYsMY3KU6E0l7V6wwEcwdWRVIehW+tfJQheL35VVtnvgmE4BBD6oIkibGqbqCui2U2qU0pMKFlW012AMqtiDBM3LA3ew== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=e1Xi7z2RN82oW3MFTL0fZz5ePpILWaOpUbbZLgymsRo=; b=UGCLiB3MDvX9o0k0Y552iUBeQ4SzSC/sU9Af0oI2Z4K1QQyxMozxCh6pFeb5TmKdInLixhSJ5YcqscbaGXaA2jgvFzZlkj1Iu60DDSrY+Nm5CdKVv78WnUfYgZkKPa9FQYCDuWQk0JeIBCpIF0iY3DYtO6KpxHrh+HqwCGJogtU= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR1201MB0149.namprd12.prod.outlook.com (2603:10b6:910:1c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:13:37 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:13:37 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 22/34] KVM: SVM: Add support for CR4 write traps for an SEV-ES guest Date: Thu, 10 Dec 2020 11:09:57 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR07CA0011.namprd07.prod.outlook.com (2603:10b6:610:20::24) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR07CA0011.namprd07.prod.outlook.com (2603:10b6:610:20::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:13:36 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: a502b57d-20a8-417e-aa0a-08d89d2eef08 X-MS-TrafficTypeDiagnostic: CY4PR1201MB0149: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: apAP+rd1LCIDO7fr+cSSa//66SmtfbS3TlDRD1cHO9WDJp1F2OmFa+blnrngxA6G5XmTGTzONrPryHJQ98nL0sWcvjlCXfVKfgecFTwZHnMaazrc1M0j2EhsJHfEgcw4m44dfS4VxUU5cH+RkObTXFPQViXNmybawjKEp75ZosYFKqLozZJ1f1yoh2IFWb9MSN0k/AtrtudROwjLbX1iQqdM4hgmtHXvNoCnA2hJOf/sBv0lYSc+asFE6tIJtu0pcGp4KwAWglFyuvsb285oIs8dHF8dAUqMXQ03/i3TgudcDOBeDr3Nsa0JOSKoonqkCnAZomYS9hViS3HfHkvvPrPC+RFRe1asImOq8YeRRqox68NZLCVozQHVPOQkr0R1 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(376002)(366004)(2906002)(5660300002)(6666004)(26005)(52116002)(186003)(83380400001)(16526019)(54906003)(6486002)(956004)(2616005)(8936002)(7696005)(508600001)(66946007)(66476007)(36756003)(8676002)(86362001)(34490700003)(4326008)(7416002)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: oMwSD1mJ/Yk1ht5HdAywHVu0JfMZXz04G3RqR+Xlix6eV4327NMFZo0GYqKn/T4qXtQhtCgJtOW8/OONTm4rZq7UGMzRtgaEOECVZge+Is1CgA6CuhPRe75GKbl4F9827BpjirPbv0PLZ6t9wuEFwMGB6PiTSDDDZpHakje/zO2L/XRYZ8d592d93Y1/Obfi99sejYqBH2ER1ZtGdpB5iAtFROrrM9XN8jewq+b9HMmVhZhNrbZB129cDQtVXFB2JZD0BCjCCOvNdfuaggJYn07/FQ2Vx5M5vXr9/IXA6oIxsmGf5aTP+mdZa6c1nKwgl3UqPqXVGuMucJ0Xizv8n4cPFQEMGuqusIER+KMzO7ir5R69SIg+U6sn2cHFYDN8TW7deDInKiHTNH2je2g9emW30I03ybQvXGsUZG7wYqjvFBQTKRqE5Xpqg0si33XNrqBrRW0ZGrTgbCbM92EtBK0PuNaFQhNOEiza42fwmdmIRrif+a4Z5X5fyZyGj9CkNAKdQQRfVD7uVvnzQ27vt7q2ezmKJoMMDAyGMrd3Hl9qKjT2dXydw6tKTcqA6DxyYlTqRxAUfkswwEsrvLNlc1Xlza2LcyFkUx8CtRDrDacv0oiXEcxDL26UJEsNORVBuqChGJNExJXnTdaG+NOeTjK7pUX5RzQ09Gxxi++21RApwnMDDtR+S0aAsickjxRI5KBEQTawbMz7/+veiO/mwDAuV5KFCxm5EpH4YEe1ByjVhVlIzcVEBcbdwmw3A9tFaYJHNpxU2KB1JHa8jXMD2iVNKVky1gUT+vtr3rsK0vpj+z1Ue5cj7EcZ2HTr2rfrqhJJtXMJppSVTg2PtSLtivXo/K6zyXy2n/5y6IBsAFIq4xa9DPr6VC+CfATuf3jjqUgrdi5VfgD69xuLXdJYfQXYjRcHYTwj/+j8D34XhWKXiRlAiNw31gLh+ZUYaVNhPk8gfVkaEBAL7meuvyrSUxqT9CT9R8ncsQyqdfL1e4G0QjIkQoxZuFxOBJXOXZp+ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:13:37.6694 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: a502b57d-20a8-417e-aa0a-08d89d2eef08 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: BBlNft6WDUQiViZjQQrWXUL603RRP7SwVvKbBS3q7GwclS9+aKiJqRuXSo1Q9Eftoy/SZ1eK43pknV8DqOf21Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB0149 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky For SEV-ES guests, the interception of control register write access is not recommended. Control register interception occurs prior to the control register being modified and the hypervisor is unable to modify the control register itself because the register is located in the encrypted register state. SEV-ES guests introduce new control register write traps. These traps provide intercept support of a control register write after the control register has been modified. The new control register value is provided in the VMCB EXITINFO1 field, allowing the hypervisor to track the setting of the guest control registers. Add support to track the value of the guest CR4 register using the control register write trap so that the hypervisor understands the guest operating mode. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/uapi/asm/svm.h | 1 + arch/x86/kvm/svm/svm.c | 7 +++++++ arch/x86/kvm/x86.c | 16 ++++++++++++---- 4 files changed, 21 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 2714ae0adeab..256869c9f37b 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1477,6 +1477,7 @@ int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int idt_index, int reason, bool has_error_code, u32 error_code); void kvm_post_set_cr0(struct kvm_vcpu *vcpu, unsigned long old_cr0, unsigned long cr0); +void kvm_post_set_cr4(struct kvm_vcpu *vcpu, unsigned long old_cr4, unsigned long cr4); int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0); int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3); int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4); diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h index 14b0d97b50e2..c4152689ea93 100644 --- a/arch/x86/include/uapi/asm/svm.h +++ b/arch/x86/include/uapi/asm/svm.h @@ -203,6 +203,7 @@ { SVM_EXIT_XSETBV, "xsetbv" }, \ { SVM_EXIT_EFER_WRITE_TRAP, "write_efer_trap" }, \ { SVM_EXIT_CR0_WRITE_TRAP, "write_cr0_trap" }, \ + { SVM_EXIT_CR4_WRITE_TRAP, "write_cr4_trap" }, \ { SVM_EXIT_INVPCID, "invpcid" }, \ { SVM_EXIT_NPF, "npf" }, \ { SVM_EXIT_AVIC_INCOMPLETE_IPI, "avic_incomplete_ipi" }, \ diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index e35050eafe3a..e15e9e15defd 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2486,6 +2486,12 @@ static int cr_trap(struct vcpu_svm *svm) kvm_post_set_cr0(vcpu, old_value, new_value); break; + case 4: + old_value = kvm_read_cr4(vcpu); + svm_set_cr4(vcpu, new_value); + + kvm_post_set_cr4(vcpu, old_value, new_value); + break; default: WARN(1, "unhandled CR%d write trap", cr); kvm_queue_exception(vcpu, UD_VECTOR); @@ -3077,6 +3083,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = { [SVM_EXIT_RDPRU] = rdpru_interception, [SVM_EXIT_EFER_WRITE_TRAP] = efer_trap, [SVM_EXIT_CR0_WRITE_TRAP] = cr_trap, + [SVM_EXIT_CR4_WRITE_TRAP] = cr_trap, [SVM_EXIT_INVPCID] = invpcid_interception, [SVM_EXIT_NPF] = npf_interception, [SVM_EXIT_RSM] = rsm_interception, diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 1b3f1f326e9c..c46da0d0f7f2 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -983,12 +983,22 @@ bool kvm_is_valid_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) } EXPORT_SYMBOL_GPL(kvm_is_valid_cr4); +void kvm_post_set_cr4(struct kvm_vcpu *vcpu, unsigned long old_cr4, unsigned long cr4) +{ + unsigned long mmu_role_bits = X86_CR4_PGE | X86_CR4_PSE | X86_CR4_PAE | + X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_PKE; + + if (((cr4 ^ old_cr4) & mmu_role_bits) || + (!(cr4 & X86_CR4_PCIDE) && (old_cr4 & X86_CR4_PCIDE))) + kvm_mmu_reset_context(vcpu); +} +EXPORT_SYMBOL_GPL(kvm_post_set_cr4); + int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) { unsigned long old_cr4 = kvm_read_cr4(vcpu); unsigned long pdptr_bits = X86_CR4_PGE | X86_CR4_PSE | X86_CR4_PAE | X86_CR4_SMEP; - unsigned long mmu_role_bits = pdptr_bits | X86_CR4_SMAP | X86_CR4_PKE; if (!kvm_is_valid_cr4(vcpu, cr4)) return 1; @@ -1015,9 +1025,7 @@ int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) kvm_x86_ops.set_cr4(vcpu, cr4); - if (((cr4 ^ old_cr4) & mmu_role_bits) || - (!(cr4 & X86_CR4_PCIDE) && (old_cr4 & X86_CR4_PCIDE))) - kvm_mmu_reset_context(vcpu); + kvm_post_set_cr4(vcpu, old_cr4, cr4); return 0; } From patchwork Thu Dec 10 17:09:58 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965731 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4952EC433FE for ; Thu, 10 Dec 2020 17:16:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 055E623D56 for ; Thu, 10 Dec 2020 17:16:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404108AbgLJRPr (ORCPT ); Thu, 10 Dec 2020 12:15:47 -0500 Received: from mail-bn8nam11on2059.outbound.protection.outlook.com ([40.107.236.59]:9021 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2392694AbgLJRPi (ORCPT ); Thu, 10 Dec 2020 12:15:38 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dDI+CRpTgLoTSjUcerGNHjPjEEvFsHtNTDpddlbjTv//wV4fGfk/I1dh2lh2jFqiGxaGQQl1DFSc4IL/awcaXmYqiO1RcOEz08bkVsGxxErqsLlmcg2cCD6PBI7NkY5shtm1dgOPf5HOMGPPWXfJvX796cgyv6zilimaspInj6P/1PCqc13AEuw3qLNJl2V0wYJYzsxM+9YxHQmMigPTVpOauqmpD8Bo6ovgVhbRHVbLHX5CMzrhSqZeXpMglHUE7A7szyQS3fiXKnpR3u1UbRX8IVHUPkM9INUyBXT+xacPnHlRSFJZN3acEQJY3/1IxiF+saU1e9EX35TtRVoGGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bnRSpYKoFNKg4HFMIVKxGfw7T/s6eWHUqllcP3uXOr4=; b=SlcPuDiovw/5FKtWdj9gHljso5IsgTwl6FY979v4MklDkEE5N7QPBQfJ8QTbqELkTk8L1VQriGfxD6nlSgqZkJFsW4RwnsPZxSA83MZ/eXgUyFmXj4DAAJ87TmC83CxNnpnnh8PegOc448VW2hmkt51hy6nOT9nAcyz2dV6znQ3GbhZZjQSvAD+h4Gy+V8f6+FIvbXXZX6R0rWCkxV8OVq0MDYOe+M/92WaPoFFcZGSxGDigJ9lXNCY6JjLhbXJ0SLQY1uRyuxIdwlRUeBz7mGRpdYEdyzJl1aEn1PtcsuJy/PnoxRR1pHWa8OFuZjNSTkWtGqTY/kUkSRaxJsRx+g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bnRSpYKoFNKg4HFMIVKxGfw7T/s6eWHUqllcP3uXOr4=; b=pw6G4V1m98XLNqWwCZdT8CIZV9EtXH6zNvKJm+O/tUFYiaYH9OD0yHOPeg6IayRGK8C9EDFLpd2iFEBuJEC55lWSqaQzvHpvhZL3iq5u7zgTUkZpeT7kogBuknJ1CHuHnds/iBVgTyKvjIl9jnFPFCMLLLZEKsW/pe31UQSBJWs= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR1201MB0149.namprd12.prod.outlook.com (2603:10b6:910:1c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:13:46 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:13:46 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 23/34] KVM: SVM: Add support for CR8 write traps for an SEV-ES guest Date: Thu, 10 Dec 2020 11:09:58 -0600 Message-Id: <5a01033f4c8b3106ca9374b7cadf8e33da852df1.1607620209.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR07CA0033.namprd07.prod.outlook.com (2603:10b6:610:20::46) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR07CA0033.namprd07.prod.outlook.com (2603:10b6:610:20::46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:13:45 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: f669bd3b-7f06-4256-e48d-08d89d2ef43a X-MS-TrafficTypeDiagnostic: CY4PR1201MB0149: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6790; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: W77zp/bUK+uuk1fRlOJi5SX2Nef/Es93j1qzIWj77NmWMWnIDFMxFcrwW8bOhEBt3TkXuN0gjH1/ccbWJEVluBEEkKwC3/9YXmeTXACItEUYhpKNUuti6fhRsgyE28VAWF6K845NSNTI+6CgT6dEO4qLJSQpFIxC2vllK8VSbONQkIJJJCOiDJ4xkYYs0uVbVuAcdFEWZuZ2w8rgY8V1Admx28EIhoEeRL8dkvXO2Iqvnf4G3NKaGDzd8dLpd7JZzVXO/ZG1aVmgLheG2olgEkIBvLizEKBFdkn65Z/719T08W5C2YLWpaj6+lhCjWGnzkGojbJlKsHJAjBFNdDUU9kA4Z9/4Xy/fovcAtDvpxCT1BdW3HWj3LAaeiUM+vhL X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(376002)(366004)(2906002)(5660300002)(6666004)(26005)(52116002)(186003)(83380400001)(16526019)(54906003)(6486002)(956004)(2616005)(8936002)(7696005)(508600001)(66946007)(66476007)(36756003)(8676002)(86362001)(34490700003)(4326008)(7416002)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: A/bP3zoIbW4QYU59JhDLli0ex2722GeF0K5cM4fMgVV2S0GfM9yJJZFINtSHSEbPZZPMo7aq5QceX70REWXQTcDszGwpB/B9Jymj0SIDGgqbVxkOazPPqPxBofPYHBr/IA+t0j9xqWLibIjM6UdMXVqNblffTTp6wLGSYWkU+5vYm/yp4PRo2bQaVFvjnj9Z+oysiU1BUg9d1wMVfNUSTolvraBgFJWaSVtfL7TKHRtlT7Y7nf+Es9HxrJpLCWcuENGqGYR7i8iH1dX2uLhKZsnYjP+I8BEh9fiYLX6ZDZGqWJcvR1VkdOxxlt2M0Aql6nqGksj9XFyj2YK1C5EFayTe196FgyR1uO8CzNIdcq7OOxwknD3CTT9GYThS7ewBL2t17Vr/F1R0xkd6wx9PIaVrVk8IRjckKH+EiwShAolPTDihSDj2wFKXIFvs687h61sYwNwkAsPj9tEwerG2JIR2SE3mlMxyoezw7fdT8Zjg+5x5WYopTF6gSQFtby0jJhIAf2CGpNTL2eGGfRTKXo6L0LnT+6KnnMBjV93CTdmt9d5cRlNsJ36putgYPSazTjhnL7anKJgbSfQHXJHDr33QGjBFSfYI4DB/d31DDeXTjveR0/LO1MVwyTHcbk0dcmpqXbFEdX0e+4sOuh2bWW5lwztu4zb0jcCkNBiughlSlN7QizxGTSNrM2kMYGw12N+8vRvYKw0qLX5OXs/xAcYBbdeq6D1wob99QY2eMF42etesilKhAMQ2BJ4cNCgNi6pcH0iz8Tol0I8pppaS33gh/miHoECOC0M9MHMBGRNbUlyqLAfHUZg1d3WbHVzECLX/miADtsZOV8KWWI23Z2hTAIM5MZarnd47mWE4s3MqK6uqW2D2BzLEQaX9//7WZJ3oR/5X6SJQvrBqARaoItzDywJiGrvrfG1lp0RwOFYHxS3UdD6KuLMmjCtiKLxPjH3u3tpy6Rh7ay8i7va/vqLnLDFyyDNKcYyqMzsJqcvzUFRd8rUiIX87zP3Wt03I X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:13:46.2982 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: f669bd3b-7f06-4256-e48d-08d89d2ef43a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: KP0MBNa2w9Lr+CMvI5dr6mJ9RHmMl5B95CC0mBwk6la8OZBC92HzXQw9eVnh5vRWj6hZdhXrtR3rUYz/lS6iPg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB0149 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky For SEV-ES guests, the interception of control register write access is not recommended. Control register interception occurs prior to the control register being modified and the hypervisor is unable to modify the control register itself because the register is located in the encrypted register state. SEV-ES guests introduce new control register write traps. These traps provide intercept support of a control register write after the control register has been modified. The new control register value is provided in the VMCB EXITINFO1 field, allowing the hypervisor to track the setting of the guest control registers. Add support to track the value of the guest CR8 register using the control register write trap so that the hypervisor understands the guest operating mode. Signed-off-by: Tom Lendacky --- arch/x86/include/uapi/asm/svm.h | 1 + arch/x86/kvm/svm/svm.c | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h index c4152689ea93..554f75fe013c 100644 --- a/arch/x86/include/uapi/asm/svm.h +++ b/arch/x86/include/uapi/asm/svm.h @@ -204,6 +204,7 @@ { SVM_EXIT_EFER_WRITE_TRAP, "write_efer_trap" }, \ { SVM_EXIT_CR0_WRITE_TRAP, "write_cr0_trap" }, \ { SVM_EXIT_CR4_WRITE_TRAP, "write_cr4_trap" }, \ + { SVM_EXIT_CR8_WRITE_TRAP, "write_cr8_trap" }, \ { SVM_EXIT_INVPCID, "invpcid" }, \ { SVM_EXIT_NPF, "npf" }, \ { SVM_EXIT_AVIC_INCOMPLETE_IPI, "avic_incomplete_ipi" }, \ diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index e15e9e15defd..3fb1703f32f8 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2475,6 +2475,7 @@ static int cr_trap(struct vcpu_svm *svm) struct kvm_vcpu *vcpu = &svm->vcpu; unsigned long old_value, new_value; unsigned int cr; + int ret = 0; new_value = (unsigned long)svm->vmcb->control.exit_info_1; @@ -2492,13 +2493,16 @@ static int cr_trap(struct vcpu_svm *svm) kvm_post_set_cr4(vcpu, old_value, new_value); break; + case 8: + ret = kvm_set_cr8(&svm->vcpu, new_value); + break; default: WARN(1, "unhandled CR%d write trap", cr); kvm_queue_exception(vcpu, UD_VECTOR); return 1; } - return kvm_complete_insn_gp(vcpu, 0); + return kvm_complete_insn_gp(vcpu, ret); } static int dr_interception(struct vcpu_svm *svm) @@ -3084,6 +3088,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = { [SVM_EXIT_EFER_WRITE_TRAP] = efer_trap, [SVM_EXIT_CR0_WRITE_TRAP] = cr_trap, [SVM_EXIT_CR4_WRITE_TRAP] = cr_trap, + [SVM_EXIT_CR8_WRITE_TRAP] = cr_trap, [SVM_EXIT_INVPCID] = invpcid_interception, [SVM_EXIT_NPF] = npf_interception, [SVM_EXIT_RSM] = rsm_interception, From patchwork Thu Dec 10 17:09:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965747 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E0C50C4361B for ; Thu, 10 Dec 2020 17:16:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A341B23D56 for ; Thu, 10 Dec 2020 17:16:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404151AbgLJRQO (ORCPT ); Thu, 10 Dec 2020 12:16:14 -0500 Received: from mail-bn8nam11on2059.outbound.protection.outlook.com ([40.107.236.59]:9021 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2404130AbgLJRQB (ORCPT ); Thu, 10 Dec 2020 12:16:01 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ooq9BfjHrTc+dQmCPPFQAi4KPPpPigaFsGA1XJVZ0eqGfuUv2/rMcF1xJ6KVnvL6el0RftgjTd03Xfmcsz2mZFG5ncvRa92aaq6rYDl2LCPXA7vAQOjW2DzsPWnox3XJfxHWt/1IuaoDRcf+u47g2SdMRK9BsYm19b7RZ7rOKhW1skDzUu/MSkcXsp6iCmd2Tihk5Xa6P69naoxnEb+E+kq6EmUfkrnmM+JekQDJ2gRcSXqnL6ooFQcZHcSqYge36uFLG3holGFeCA49yomRT/HmSgyl4H2cK6Sq2H+bYV4XoDoLrPJGpjmTmsAmU4ot9gO8OYxnaIZylm9/GBpe0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oZovOgVb0hmJ8DFzpQsLf/kBXrs4YPV44ddXEyTeCt8=; b=aNHFh8ybyQ+b5EV1zOsBv9IgFV5HCatSvju//VWDhn2487ESUioadXeXiVt7w5Vi+RZzglhQ4uR9jPq4K9nSf5Ji9nwL2Bq4Mhx/6+GyQnuKGKDBkNCGFKMFjfMsRwpGW8VU2HZmKJ+NhDGYENupTGp8DINhWUY7lMAP9d5Fkqk4ER7BFBYnwGSRUW8Neh25w2AWVkGZQO6XLaMXOXiHnUfB6C2nA5WOy6KsVtBuN8jdAf7wZyaMxe5RCtpFJAQYsjvbgGwIBSzu3r5Q47+s0Ly0ngDsMv2kABWub30u1kDtQ8vESt3xS6zsJK33fXmVVZMwU7Q3HvsuwRa9CeM/3Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oZovOgVb0hmJ8DFzpQsLf/kBXrs4YPV44ddXEyTeCt8=; b=mH6zRnWFJa7fPvZZOpqjyxZk+5g0SS+GdiAuQwi0R9wi/1Pv6O9rl3MqysaexoRsur3xAia8OfnleJJCp0cWys2AwKi42MirOmrSMSchvPCE7fkzMLvnR1wwyiChdtsp1rT9ACtT9mhSVuXS79tHPjVC8qw0m6Xn7u2COh1lr28= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR1201MB0149.namprd12.prod.outlook.com (2603:10b6:910:1c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:13:55 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:13:55 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 24/34] KVM: x86: Update __get_sregs() / __set_sregs() to support SEV-ES Date: Thu, 10 Dec 2020 11:09:59 -0600 Message-Id: <23051868db76400a9b07a2020525483a1e62dbcf.1607620209.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR07CA0003.namprd07.prod.outlook.com (2603:10b6:610:20::16) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR07CA0003.namprd07.prod.outlook.com (2603:10b6:610:20::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:13:54 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 2322ec50-53af-42e6-f490-08d89d2ef9b4 X-MS-TrafficTypeDiagnostic: CY4PR1201MB0149: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5797; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Bl+EnqDCJSELRssmoXYBlEnI28SipzpCk8ryjOkmiify/RxU/q5SEo1zukBObxG7BnTIzXjuXZNZAJsbcyB8PuvRusq4fNbCVW8ZkoVuQNyafR5EsfH48PjuarutrY2qUZsh6+h6LFvuBKq+k+1NiRHfkSwY4X/wJlI1TQ0pyHYAkbEglbzNOBdkYlxkzoGmMNoiEKT7k4D8h5SxeMSL7KCKGI+cTx44Tk11u9SsrVtjxtMtqrQefexcza0iJy0OPMMKnrIuIj5KZzPagweesUa9hKn7TjtjlpBoVcR1YPL91agOsTVwIukciFCsEg8/0hBlwUgVIvpXoQ76SXDs/VG9EeJlxh9Zd1wKAD9OJhIbjnizovclvNiFX146hDuJ X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(376002)(366004)(15650500001)(2906002)(5660300002)(26005)(52116002)(186003)(83380400001)(16526019)(54906003)(6486002)(956004)(2616005)(8936002)(7696005)(508600001)(66946007)(66476007)(36756003)(8676002)(86362001)(34490700003)(4326008)(7416002)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: zfPyNqIYKRs4UjHdkf3nJ9aAHbAX8o9AnwwyCTRmnAcrGw/rBi0eZqf//fRrQ0sK6NH/XKWAdDoHcsVCiJHkBxKpQUUddCS/cbGZ9mbw7IiZeGKzt/AnPMqiSBBmW4xw70fBY2IO9npFqU7yVBqjDtcduYTLsdfLZWlp7MYD6ED/7bvvzx5qXrQhj1nJSVILYJegpFXFwViCWeHY9AeGlGYNF5J4SMlP17hMF1ZswZHoSeo02dhcLUrGjQnt0Wd4swbDv6rJP/J6ZxDUkBlTVfI1mMdtg8ZCOhhs9hKcNhLOJw+mdXsBe5LPebAj3h5m9Y/MoQqs6JAlI7dRgwBxH5iYlUVZnvLhi3A5+KVxz25sCI+Cqc95FLqjOPZANpsiupWrnq9cxeB/9mEVmIg8mScCdNa6S+RS8+xPy9IgN73JuVM2P7js73EojWvIfI4PYnwxcQElEjddXFQUGwpu3ZT5hdqwQi+U8//S6H6VdKAx3+eQ5u691vDilrR3NmoDeL6S7IdPI9FI2jUnQrHUvgo19XRMRhBSBbLQfQNkoNy+BnLMWoa9aCLre70eUUyb9ngptRqJolqFgH+pYwKmdCh3V4ebU35cWYWSHbkzftwFx6620AhLzT7qIfAsubLeONexALRw54TQJBszyV3ELDaz0W7PyO545gDkOeAw/+1O/GaVwcLvCJ2x0l57oB+ys+lLaf7jTy8cdkMLNytuKEwtIWQYWt8meaRvbtK23RUwQKjnmjGX6NsNIXCH3knYtxIdMkD/ZLL5UHYw1frpx9aq1zAHbcoF66UD3fsd/MGOETgRXz6x9AniDfLqx7A4ymby20Ekm+Er6l6kDiZKoQmQC3daeh8LoWglIQq/kYltCpMLoVxKM01+5cKFOTkdi9S9DwM7+G1y5xeS+HSmVXrqAA7Z2qqS0MBLYKD3J4a83kkxxOAJa0KGfCo+RkwXINrb7dHRHK8soT2o6Iy79PZPGj+mMspwxJbrkhVuKHomY+l9QRWNoiDo6Hwwm24q X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:13:55.5168 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 2322ec50-53af-42e6-f490-08d89d2ef9b4 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: p0SeDCIycQ90Ndz/kS3JlUo8pT1A2/RJe1kBmZLrMXqfXzDfLU5UNuGDnxigrBD+bPZwrWjreSt/maNV4Dab1A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB0149 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky Since many of the registers used by the SEV-ES are encrypted and cannot be read or written, adjust the __get_sregs() / __set_sregs() to take into account whether the VMSA/guest state is encrypted. For __get_sregs(), return the actual value that is in use by the guest for all registers being tracked using the write trap support. For __set_sregs(), skip setting of all guest registers values. Signed-off-by: Tom Lendacky --- arch/x86/kvm/x86.c | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index c46da0d0f7f2..8665e7609040 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -9446,6 +9446,9 @@ static void __get_sregs(struct kvm_vcpu *vcpu, struct kvm_sregs *sregs) { struct desc_ptr dt; + if (vcpu->arch.guest_state_protected) + goto skip_protected_regs; + kvm_get_segment(vcpu, &sregs->cs, VCPU_SREG_CS); kvm_get_segment(vcpu, &sregs->ds, VCPU_SREG_DS); kvm_get_segment(vcpu, &sregs->es, VCPU_SREG_ES); @@ -9463,9 +9466,11 @@ static void __get_sregs(struct kvm_vcpu *vcpu, struct kvm_sregs *sregs) sregs->gdt.limit = dt.size; sregs->gdt.base = dt.address; - sregs->cr0 = kvm_read_cr0(vcpu); sregs->cr2 = vcpu->arch.cr2; sregs->cr3 = kvm_read_cr3(vcpu); + +skip_protected_regs: + sregs->cr0 = kvm_read_cr0(vcpu); sregs->cr4 = kvm_read_cr4(vcpu); sregs->cr8 = kvm_get_cr8(vcpu); sregs->efer = vcpu->arch.efer; @@ -9602,6 +9607,9 @@ static int __set_sregs(struct kvm_vcpu *vcpu, struct kvm_sregs *sregs) if (kvm_set_apic_base(vcpu, &apic_base_msr)) goto out; + if (vcpu->arch.guest_state_protected) + goto skip_protected_regs; + dt.size = sregs->idt.limit; dt.address = sregs->idt.base; kvm_x86_ops.set_idt(vcpu, &dt); @@ -9636,14 +9644,6 @@ static int __set_sregs(struct kvm_vcpu *vcpu, struct kvm_sregs *sregs) if (mmu_reset_needed) kvm_mmu_reset_context(vcpu); - max_bits = KVM_NR_INTERRUPTS; - pending_vec = find_first_bit( - (const unsigned long *)sregs->interrupt_bitmap, max_bits); - if (pending_vec < max_bits) { - kvm_queue_interrupt(vcpu, pending_vec, false); - pr_debug("Set back pending irq %d\n", pending_vec); - } - kvm_set_segment(vcpu, &sregs->cs, VCPU_SREG_CS); kvm_set_segment(vcpu, &sregs->ds, VCPU_SREG_DS); kvm_set_segment(vcpu, &sregs->es, VCPU_SREG_ES); @@ -9662,6 +9662,15 @@ static int __set_sregs(struct kvm_vcpu *vcpu, struct kvm_sregs *sregs) !is_protmode(vcpu)) vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE; +skip_protected_regs: + max_bits = KVM_NR_INTERRUPTS; + pending_vec = find_first_bit( + (const unsigned long *)sregs->interrupt_bitmap, max_bits); + if (pending_vec < max_bits) { + kvm_queue_interrupt(vcpu, pending_vec, false); + pr_debug("Set back pending irq %d\n", pending_vec); + } + kvm_make_request(KVM_REQ_EVENT, vcpu); ret = 0; From patchwork Thu Dec 10 17:10:00 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965765 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E04D1C4361B for ; Thu, 10 Dec 2020 17:28:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A1DBA23770 for ; Thu, 10 Dec 2020 17:28:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404160AbgLJRQc (ORCPT ); Thu, 10 Dec 2020 12:16:32 -0500 Received: from mail-bn8nam11on2051.outbound.protection.outlook.com ([40.107.236.51]:35297 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2404154AbgLJRQT (ORCPT ); Thu, 10 Dec 2020 12:16:19 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EIuersszTkFmVEa5kvtgfihfQ11jfU32vN58lsYcAXojpRjWggdREGjIjJd/GOrbVnabUCW/26W/PqG7LdjHScz5Mo6Nm5C/TVe3mPnWZ6HxS/Kj6ZK9wyExe6AWFelHuO6jsP4ef8cfXbAgmpJdOc+EyE84dL1ORCSl7G9kWyms93BiIGmlt/giAE4w0xIqxq1x34mxduTGXNelbgGbBNOGden02hWd64NgVPnzXt1j4dS2l+GOxv+kLv+XpqNgmezYhlqAtBScxmo2WJGvTiCR+HScv0DpiH5ERQfDRGkurXup8Q4FW2QtzK8PonaL5psTns458TX/lwwE7JGTTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pQYj9pIxI9KKrvbrA368vXkNri8/lTXrB4RGOlHXqEg=; b=hYAo/2Az6DCxKOPk5L7PgYr4p7Q7VL/kbfymyQ6luKUCCjrUh5cco+mO9oHzxfYSxIeU3A3kF4TCHwNXd+VMBPZDOFIlxHJ0z4KcU/Apo0x8GeBSZ33Shla6Yt/7VIXk1soZT8OQ2RlaI5DUNM7pWL70XaBDCU35rtfeCvKnnZfNQd9FrCy7BsBhtk8ForLFIy3s3dELJtuQMXzrX5iidsMS94+yKJvGC1ouedbT5BsxaOjmShRIYusp9OOnh18LnaU+7iPsgCvEB1YxKLwHVeHGaDuXAQdFdxPm5GLRXLHZXJZXK4ZdzpIUQBteSvBET6JVbd4dwJs3frnsuqJiHA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pQYj9pIxI9KKrvbrA368vXkNri8/lTXrB4RGOlHXqEg=; b=bmaC24VVjTllPObHKmKn75vE9Gd/omy8DYRaqIhgZOhEqiWQQ7wt3R1hwl+zavlbK5c9gxSDSWVN/QcuUJjQY2hH3yVksY2Vv34BYkwpwSOm9NzCDS/Uwsm68kIqPRxX5WmjlE/M/y6G5Jvu561NPgxo+/aDj6N8fsdddLtwg8E= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR1201MB0149.namprd12.prod.outlook.com (2603:10b6:910:1c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:14:04 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:14:04 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 25/34] KVM: SVM: Do not report support for SMM for an SEV-ES guest Date: Thu, 10 Dec 2020 11:10:00 -0600 Message-Id: <75de5138e33b945d2fb17f81ae507bda381808e3.1607620209.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR07CA0013.namprd07.prod.outlook.com (2603:10b6:610:20::26) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR07CA0013.namprd07.prod.outlook.com (2603:10b6:610:20::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:14:03 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 72b348f1-5d65-4ca2-2082-08d89d2eff08 X-MS-TrafficTypeDiagnostic: CY4PR1201MB0149: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Fxlr2JHhjgu014mTF+eKlUWTv3un9LMAi1bpPIm1y6oTvQ/e6zkoxdeR4cKww5jVRLc6BsmXyyw1ogrq8kvqN+HL7a7VhrxKUo4QJFY6UwBeVQj2gcZfeVjGjW0NL6Wcy5V5E+jIeNgno5LnUiCEVuTptuA5j4f/keTzDkdLwqw52GVi3OVxgA4PL3VjhV6qQEHaQy7qtrzMaoK054Fj6tCveur768ZZl0vwYnQ321CDpvJ3Nfo6o6pYjhWb7r+FDbkVh7G1UM5RZhgdKOWm1esfto0w0CPtUSou8d/3k5YMvKkQLIQVEerkVwrai5LrbVMhYVh3N4l9YX2dlBnpvwPNu5Xk0sGcVkY0BUZhDgI1EfNmCBFxqiQOSmxDKFmb X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(376002)(366004)(2906002)(5660300002)(26005)(52116002)(186003)(83380400001)(16526019)(54906003)(6486002)(956004)(2616005)(8936002)(7696005)(508600001)(66946007)(66476007)(36756003)(8676002)(86362001)(34490700003)(4326008)(7416002)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: w71rNRJaBBAyDBRo9F4H1DLLbWtYfS6KBpEH6zjOfgD91OWk2yzZQCgB1MbcrsjPJ2P/C+qb74dKykAUchFsryTxXt/GRgUF30mWWIqEgPAL//h7DfawU1BQ/XBwSVSBq59gFmE6q6qwxv8X8WDA7w/FrJ6dQ7/JMpfStm+fUTFYMmISZqvcIJyOjr6ziYleYGXK7c/rZ0pdFOb+7zoi/ccCV30xMa3/OBTCWiDtFtJ0EmHTqKdzaG4pPAZYBFkWSUJRZDpcu9AG8gV3kPdGS5IeD1QuIYR6+RUyp546xboQn4SyG8E8bWg+SlRfBKHMPTn1zly81yGtUBxl8MHElRd6atAWSC/vmpkXKK5gpEW/QPxtg726+E2GltJY1Q6wVGGlmCMV6Koq2KmdXUDljQvowKJEpOiVA9F3YQM33BH+bopL4hM+9ImYfKEPop5PGq0M/2E/hTM/pP3wF92Gcz3BFFc/ayAJfSzjysYFpWRk9EYr8N1omgE2j64rcBKf3x69FTQbNu/ico4j89KCLrw7HYV7pbSCmddxbSZjJZa/4pyvBn0sBC48R4NdkTB40xcX7vigLD01K220tT5yP2+MXkqEGE6EGm54F1Q5VKE/0YM7m1nQ4jUe8aTg+GHFKTjPQkckRZPAtTDUL6qS67yl+I0+1tfa4MbXHpzfBLstihXGOBR7YY+iW1R8oJkkFGk9z5l55VCkKDR3mmUqAfuH/TsUJRl8bcpK7twbONm5qJ8NGCYFWAvWIaEQLoBnT1ra9LmeRkaEvAXpzSZDrb7fYmKrO5Y6Z4QUo6E/e5juTQlAmOi+Jfh5YgxS8JwMpiXIOMiQm0LShj98UFtogsc5WJMkJOvEzUQ65g+248r4LAwEkoh44eYoG08zG+dicB34Sspcnzutlglz5iD9ZhprP3LzDolPjZ0rJPqxfE+m6KCrQgiT/r9RiymXVIs7G4XEqMWWBAgpP1CybdppO8wwIxQeH935Yrd35wDeGbVy2c7w0giMBmQWrZNJuyrU X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:14:04.4165 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 72b348f1-5d65-4ca2-2082-08d89d2eff08 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Sf0kvbvDuLX9TO32ckleoikhbgbCLdK3iKuwflVkQFcq1A1MhNnC4AaCfwcj/KtHHfiSAhjcG4MIGYUFI1CZ2g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB0149 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky SEV-ES guests do not currently support SMM. Update the has_emulated_msr() kvm_x86_ops function to take a struct kvm parameter so that the capability can be reported at a VM level. Since this op is also called during KVM initialization and before a struct kvm instance is available, comments will be added to each implementation of has_emulated_msr() to indicate the kvm parameter can be null. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kvm/svm/svm.c | 11 ++++++++++- arch/x86/kvm/vmx/vmx.c | 6 +++++- arch/x86/kvm/x86.c | 4 ++-- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 256869c9f37b..cecd0eca66c7 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1092,7 +1092,7 @@ struct kvm_x86_ops { void (*hardware_disable)(void); void (*hardware_unsetup)(void); bool (*cpu_has_accelerated_tpr)(void); - bool (*has_emulated_msr)(u32 index); + bool (*has_emulated_msr)(struct kvm *kvm, u32 index); void (*vcpu_after_set_cpuid)(struct kvm_vcpu *vcpu); unsigned int vm_size; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 3fb1703f32f8..3e6d79593b8d 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3934,12 +3934,21 @@ static bool svm_cpu_has_accelerated_tpr(void) return false; } -static bool svm_has_emulated_msr(u32 index) +/* + * The kvm parameter can be NULL (module initialization, or invocation before + * VM creation). Be sure to check the kvm parameter before using it. + */ +static bool svm_has_emulated_msr(struct kvm *kvm, u32 index) { switch (index) { case MSR_IA32_MCG_EXT_CTL: case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC: return false; + case MSR_IA32_SMBASE: + /* SEV-ES guests do not support SMM, so report false */ + if (kvm && sev_es_guest(kvm)) + return false; + break; default: break; } diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index c3441e7e5a87..a1ff4d7a310b 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -6399,7 +6399,11 @@ static void vmx_handle_exit_irqoff(struct kvm_vcpu *vcpu) handle_exception_nmi_irqoff(vmx); } -static bool vmx_has_emulated_msr(u32 index) +/* + * The kvm parameter can be NULL (module initialization, or invocation before + * VM creation). Be sure to check the kvm parameter before using it. + */ +static bool vmx_has_emulated_msr(struct kvm *kvm, u32 index) { switch (index) { case MSR_IA32_SMBASE: diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 8665e7609040..53fe34fd1a7f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -3795,7 +3795,7 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) * fringe case that is not enabled except via specific settings * of the module parameters. */ - r = kvm_x86_ops.has_emulated_msr(MSR_IA32_SMBASE); + r = kvm_x86_ops.has_emulated_msr(kvm, MSR_IA32_SMBASE); break; case KVM_CAP_VAPIC: r = !kvm_x86_ops.cpu_has_accelerated_tpr(); @@ -5794,7 +5794,7 @@ static void kvm_init_msr_list(void) } for (i = 0; i < ARRAY_SIZE(emulated_msrs_all); i++) { - if (!kvm_x86_ops.has_emulated_msr(emulated_msrs_all[i])) + if (!kvm_x86_ops.has_emulated_msr(NULL, emulated_msrs_all[i])) continue; emulated_msrs[num_emulated_msrs++] = emulated_msrs_all[i]; From patchwork Thu Dec 10 17:10:01 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965763 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A434C0018C for ; Thu, 10 Dec 2020 17:28:30 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6AF9E2333B for ; Thu, 10 Dec 2020 17:28:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404173AbgLJRQd (ORCPT ); Thu, 10 Dec 2020 12:16:33 -0500 Received: from mail-bn8nam11on2059.outbound.protection.outlook.com ([40.107.236.59]:9021 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2404165AbgLJRQb (ORCPT ); Thu, 10 Dec 2020 12:16:31 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Uz9jRXyz6nSO4sQqVazj3YIa60thpyVE+Pxl/vJtj2uzesdeD4vsZRZSVsrAbWxjJGi4pAPTCOkB1VEzjACfCeefoZ1L1eK7tDKFiw6tBtzcg/YaUi942EWHuoJwD8xMghsayI4o9kLy0LEodceNpyzdBK8o1jEwTSGJC5dkNmgQq551/7V5CK7bKR/3aQPL/lgE/IFcYXYYHlpU0NMRtXHtStbMstbV1efGH0682IeBVO0nYGsvLVw/oXUu+3ace+qSZo8c2FvGUcEv8PSFL4qkJulQnS9avV7aqxLM15hUzBiX2sTqYGQZ8NO0HowbhC3QmpSvjoJUg/o77JGuIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=axStllGh4c/BRI24N5KHMZrDmw3Zg+lxIF1p5Oijng8=; b=Uf9mJXVaXoGLGi1827eA7N8/EekgqpLVzMo8ipctC2Pcu2H9Ti9JUtKlVkrVz7gZ9hPY+Y8Xgd7tFK0s9LuOY6TsgEsHxVG26GXRnsCToBAb5RaXARfzfQWdfs2Oer+HxtxUTk6iDe1Kpt+oOHTHRhYE06TYP9sE/R4jmKVw1feSi83hAgQQ8GMmQT9OpKXxwB4vG3JgWpoiLSnYUb1MSI72EljwJM8zqIVu8nPk6XC8Fq9pYQdnEERrdDUjVv432AQVyPsj7TKqzoW5laL9IT15IreF3eSR4dVfJHuRLNtHkMNbqNLI6ngHU+CQoS4y0te/P5Gdp1CnEQ03w5ac9Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=axStllGh4c/BRI24N5KHMZrDmw3Zg+lxIF1p5Oijng8=; b=4So3U/r9URcxtN2LGFXE7kDpZrwWkfQFZZ5dOuRbJztSD4Ij0eQvWth2dYtbWh6bGdK0u+5WhluekPta5DNtbE6kUeQThkjoS/ZB67Cskpjpu8uJOrKMt3/JHRurwKJWMd+s0ITmgQNje11gmaCTNuw5YuOOQmmPyuR8vCD7RtM= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR1201MB0149.namprd12.prod.outlook.com (2603:10b6:910:1c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:14:13 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:14:13 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 26/34] KVM: SVM: Guest FPU state save/restore not needed for SEV-ES guest Date: Thu, 10 Dec 2020 11:10:01 -0600 Message-Id: <173e429b4d0d962c6a443c4553ffdaf31b7665a4.1607620209.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR07CA0026.namprd07.prod.outlook.com (2603:10b6:610:20::39) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR07CA0026.namprd07.prod.outlook.com (2603:10b6:610:20::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:14:12 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: e3cb60ed-c9ce-4c35-0260-08d89d2f0462 X-MS-TrafficTypeDiagnostic: CY4PR1201MB0149: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1850; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: v/HAlJUWhTDRwFHe7EiQv49LyAEFkK5QgPnnBOSdAftRAzBgoyl7L5A1MN+4QAfbl5xF9v+AjfQyvmi7v82OGj4Ubw3c+Qwbw1oJALEDOul54Yucbghwx4hyM1JicGcXmCublgi9T7KRsLHWU7ky3Vhim1sy9wv42e8nsPK9mrJMIA6GjKaQgyrhsqXIzNWdVwM5rUrchVhkMQ5YrWB4JQYn2Ct3dJnGo1cv5O+sgkGOGQ2exOUdJgPGDDJGa2NW2SDKlckYJfb6byklmNYO4oXJreVbWny7RRDeM1xJhyees/5NBYO3AhQBafyvGipel4Jgi1EyiSgbcJQSAa4ylbcH7hXIEmsp1wYZYd/GzQSskSgdxfiRK/C9XkhcJfmc X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(376002)(366004)(2906002)(5660300002)(6666004)(26005)(52116002)(186003)(83380400001)(16526019)(54906003)(6486002)(956004)(2616005)(8936002)(7696005)(508600001)(66946007)(66476007)(36756003)(8676002)(86362001)(34490700003)(4326008)(7416002)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: vkCxZ96X3fgyuA36O5njn1e55Xg0XDJHxCJuDHG+3VxLYHu/N+1i2T2mBNDVHeK/TQZQLqzMoQf4m19v1KhO/1BOFHMZNqmmvL1dLNqxEUaxPiV+mX7qUfkQgERuOFpnhRQQvPxOfG1cj8B4hz2VoqIZ5c9b7tOwRV6Uav75F0Vk0omaZT2WLcd5nxgLTJS81wV/RG73eqmBlceg3lDZQuTqtEmtSDXNDsnPNS9r5TdI4fMHW3TTCvo46e61dMGLTrr/99y3mNT6iaGkkccS2qGfz1+OQ1CVB/RSN6F4cCN3EpPMC+ZOhb99+Ntcy9/xdm6Ic0bWlE91OZIupaRQ13VutMhe2g03j1++y41SenTdyAHv1RYtZHWYjARIUF/kqouFzkjOL4zfRQi/u9ySya4nfXVe4dqcwXxwYBzoprsT90I+TQI5fbTrvb9aE3chZvRsTdB0XOS3ZU0IqwBj0me+/K9440WLm/BXpv4dh+clhgOvTIH6qf0Xy/n0n2YIu/dQaoJcUlT/g/0WcxX5Qq6fB7a+VaRHNO2CuFJApb7XwOX+1Bougj/RMclVkEvpnLMXLPj0xEWZvgs1mJ5pMYLKLZl19pq4Zn/9XJ8X0NR3MDb1KEn4hXq9lXU9ioRxAwpnDq9ASDnU46zL3IhYUHmQvqTF/FIt6/k31J6seeUjJV8BJ4G0YnQf2JyLj+afgF1EDWCp22xmnUqduYKqjUgjor6iDpQ/+/GJJ2Je161uDESyQiVS96wUZdzhYHzuIL5CuZ+33k6xQlW28kohfZdzsFwBV48xomlu722LwAV7hXd2pfTcT6dcknHh8NZZnu11zI0XnwxFio01w8zTxcRs5DH7Y/X15upcRhak6Cei1Qirjq9562v19ApiKx0WG0kAYLwGCsN2V2YJLjBRaLylwIaZsI+Iu6QiCBVJtJyw+ARPv8J7dDtu1zdaCGpbSf3OGNh0gJVnMx94JRcafT6OO9DJbgmDUj0s6tOhqOXp3chJC7bgWJzhdqTtaDwo X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:14:13.4041 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: e3cb60ed-c9ce-4c35-0260-08d89d2f0462 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 3jV3yTyQknM3eYeeGtmNBwOytTKYsyU451aqjpoKKRMIjhgzy471shu3Kbb52+ioxG9Z31iaTuHSlG0JZFYz/w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB0149 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky The guest FPU state is automatically restored on VMRUN and saved on VMEXIT by the hardware, so there is no reason to do this in KVM. Eliminate the allocation of the guest_fpu save area and key off that to skip operations related to the guest FPU state. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/svm/svm.c | 8 +++++ arch/x86/kvm/x86.c | 56 +++++++++++++++++++++++++++------ 3 files changed, 56 insertions(+), 10 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index cecd0eca66c7..048b08437c33 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1476,6 +1476,8 @@ void kvm_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector); int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int idt_index, int reason, bool has_error_code, u32 error_code); +void kvm_free_guest_fpu(struct kvm_vcpu *vcpu); + void kvm_post_set_cr0(struct kvm_vcpu *vcpu, unsigned long old_cr0, unsigned long cr0); void kvm_post_set_cr4(struct kvm_vcpu *vcpu, unsigned long old_cr4, unsigned long cr4); int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 3e6d79593b8d..8d22ae25a0f8 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1318,6 +1318,14 @@ static int svm_create_vcpu(struct kvm_vcpu *vcpu) vmsa_page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); if (!vmsa_page) goto error_free_vmcb_page; + + /* + * SEV-ES guests maintain an encrypted version of their FPU + * state which is restored and saved on VMRUN and VMEXIT. + * Free the fpu structure to prevent KVM from attempting to + * access the FPU state. + */ + kvm_free_guest_fpu(vcpu); } err = avic_init_vcpu(svm); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 53fe34fd1a7f..ddd614a76744 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4515,6 +4515,9 @@ static void load_xsave(struct kvm_vcpu *vcpu, u8 *src) static void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu, struct kvm_xsave *guest_xsave) { + if (!vcpu->arch.guest_fpu) + return; + if (boot_cpu_has(X86_FEATURE_XSAVE)) { memset(guest_xsave, 0, sizeof(struct kvm_xsave)); fill_xsave((u8 *) guest_xsave->region, vcpu); @@ -4532,9 +4535,14 @@ static void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu, static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu, struct kvm_xsave *guest_xsave) { - u64 xstate_bv = - *(u64 *)&guest_xsave->region[XSAVE_HDR_OFFSET / sizeof(u32)]; - u32 mxcsr = *(u32 *)&guest_xsave->region[XSAVE_MXCSR_OFFSET / sizeof(u32)]; + u64 xstate_bv; + u32 mxcsr; + + if (!vcpu->arch.guest_fpu) + return 0; + + xstate_bv = *(u64 *)&guest_xsave->region[XSAVE_HDR_OFFSET / sizeof(u32)]; + mxcsr = *(u32 *)&guest_xsave->region[XSAVE_MXCSR_OFFSET / sizeof(u32)]; if (boot_cpu_has(X86_FEATURE_XSAVE)) { /* @@ -9252,9 +9260,14 @@ static void kvm_load_guest_fpu(struct kvm_vcpu *vcpu) kvm_save_current_fpu(vcpu->arch.user_fpu); - /* PKRU is separately restored in kvm_x86_ops.run. */ - __copy_kernel_to_fpregs(&vcpu->arch.guest_fpu->state, - ~XFEATURE_MASK_PKRU); + /* + * Guests with protected state can't have it set by the hypervisor, + * so skip trying to set it. + */ + if (vcpu->arch.guest_fpu) + /* PKRU is separately restored in kvm_x86_ops.run. */ + __copy_kernel_to_fpregs(&vcpu->arch.guest_fpu->state, + ~XFEATURE_MASK_PKRU); fpregs_mark_activate(); fpregs_unlock(); @@ -9267,7 +9280,12 @@ static void kvm_put_guest_fpu(struct kvm_vcpu *vcpu) { fpregs_lock(); - kvm_save_current_fpu(vcpu->arch.guest_fpu); + /* + * Guests with protected state can't have it read by the hypervisor, + * so skip trying to save it. + */ + if (vcpu->arch.guest_fpu) + kvm_save_current_fpu(vcpu->arch.guest_fpu); copy_kernel_to_fpregs(&vcpu->arch.user_fpu->state); @@ -9777,6 +9795,9 @@ int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu) { struct fxregs_state *fxsave; + if (!vcpu->arch.guest_fpu) + return 0; + vcpu_load(vcpu); fxsave = &vcpu->arch.guest_fpu->state.fxsave; @@ -9797,6 +9818,9 @@ int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu) { struct fxregs_state *fxsave; + if (!vcpu->arch.guest_fpu) + return 0; + vcpu_load(vcpu); fxsave = &vcpu->arch.guest_fpu->state.fxsave; @@ -9855,6 +9879,9 @@ static int sync_regs(struct kvm_vcpu *vcpu) static void fx_init(struct kvm_vcpu *vcpu) { + if (!vcpu->arch.guest_fpu) + return; + fpstate_init(&vcpu->arch.guest_fpu->state); if (boot_cpu_has(X86_FEATURE_XSAVES)) vcpu->arch.guest_fpu->state.xsave.header.xcomp_bv = @@ -9868,6 +9895,15 @@ static void fx_init(struct kvm_vcpu *vcpu) vcpu->arch.cr0 |= X86_CR0_ET; } +void kvm_free_guest_fpu(struct kvm_vcpu *vcpu) +{ + if (vcpu->arch.guest_fpu) { + kmem_cache_free(x86_fpu_cache, vcpu->arch.guest_fpu); + vcpu->arch.guest_fpu = NULL; + } +} +EXPORT_SYMBOL_GPL(kvm_free_guest_fpu); + int kvm_arch_vcpu_precreate(struct kvm *kvm, unsigned int id) { if (kvm_check_tsc_unstable() && atomic_read(&kvm->online_vcpus) != 0) @@ -9963,7 +9999,7 @@ int kvm_arch_vcpu_create(struct kvm_vcpu *vcpu) return 0; free_guest_fpu: - kmem_cache_free(x86_fpu_cache, vcpu->arch.guest_fpu); + kvm_free_guest_fpu(vcpu); free_user_fpu: kmem_cache_free(x86_fpu_cache, vcpu->arch.user_fpu); free_emulate_ctxt: @@ -10017,7 +10053,7 @@ void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu) kmem_cache_free(x86_emulator_cache, vcpu->arch.emulate_ctxt); free_cpumask_var(vcpu->arch.wbinvd_dirty_mask); kmem_cache_free(x86_fpu_cache, vcpu->arch.user_fpu); - kmem_cache_free(x86_fpu_cache, vcpu->arch.guest_fpu); + kvm_free_guest_fpu(vcpu); kvm_hv_vcpu_uninit(vcpu); kvm_pmu_destroy(vcpu); @@ -10065,7 +10101,7 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) kvm_async_pf_hash_reset(vcpu); vcpu->arch.apf.halted = false; - if (kvm_mpx_supported()) { + if (vcpu->arch.guest_fpu && kvm_mpx_supported()) { void *mpx_state_buffer; /* From patchwork Thu Dec 10 17:10:02 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965789 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BD404C433FE for ; Thu, 10 Dec 2020 17:41:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4E43423DE3 for ; Thu, 10 Dec 2020 17:41:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391737AbgLJRke (ORCPT ); Thu, 10 Dec 2020 12:40:34 -0500 Received: from mail-bn7nam10on2082.outbound.protection.outlook.com ([40.107.92.82]:61760 "EHLO NAM10-BN7-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2392684AbgLJRPU (ORCPT ); Thu, 10 Dec 2020 12:15:20 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mSvGHQdXf11mzhSFu9eOwZHFurJ+TbTuoLIc6ymo6DJsxbvpU+QH9g/wEKFVI3wcCBX1AeQ6dwl7B6yH9x4ThTAVGoG541TMrNuo26rzvaR5tNekgNiU1bXqHoM+MhSP9bU1NTVDPN3xkClQY4ocWesDnW+yiNM0Yok+wgg4XMTS/t9Yvw4/FpOxJH/tt08EMvVvYY1zWWzlggbYwEzyY6xKAgqlJzjbVS6/26zVqeg9F4D2XnCwiJiRrkmqPZpalrnBMQ3TDj3z27s8Rfk2pY6FAoqs5FyEfbSXGAmoyY7in6kUhMf+YYkGbI0T1Y5AQiAqvlZ6vlyEmM11Th9Qng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=br5gfulTOY3qEg58chI1Fq0V2tXF6FBvIRk4dbr0uWs=; b=j1dwePftNFb9ra9qAmOOM0eAwgE5NAGowOot3RwE50Rr5qXHhfVIb/q2/iMcvllAwSWWFBFSh079WJ7s8lCPc3HGLIXiM4KKhkPjJNvhL2ah09vhOpclyZG1cctm1zoGzByASbsHYknH3Kelab+0OqgCuvegL527Um8WD6ux72hRUgWbmnbv5hwvNRXY2oM2wg8xXtpwpesVsVLQ1rYFsCHT4FsX7pYgzF8BvvqiqYYZ6Y/xeJ2n6+UbqOLrIm2gQEzj07WMvvrKoj7bEUmktu9CMO11iZU1G8sNe5sC7tXrhyQH/PQz45u/cSs9dzeZFhn+UATegR1MJfBzbkkJKg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=br5gfulTOY3qEg58chI1Fq0V2tXF6FBvIRk4dbr0uWs=; b=QpzQNoB/toIoQnzLE1PSU2L1JSvduj4UmpNon8T8bf3Fv+pCBJO2PAwj3QYZsZBOUOnxNXPpJqlOZB7KO04HROFWmHVPp+59C+THHDX+gNVpE7NHaWZ6O/RYxvQYE4rOcBbvHymVuY6JPfe3tcLMyARs6Vfe1IV2GmrLuRkPazs= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR12MB1350.namprd12.prod.outlook.com (2603:10b6:903:41::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.20; Thu, 10 Dec 2020 17:14:22 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:14:22 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 27/34] KVM: SVM: Add support for booting APs for an SEV-ES guest Date: Thu, 10 Dec 2020 11:10:02 -0600 Message-Id: <47d11ed1c1a48ab71858fc3cde766bf67a4612d1.1607620209.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR07CA0020.namprd07.prod.outlook.com (2603:10b6:610:20::33) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR07CA0020.namprd07.prod.outlook.com (2603:10b6:610:20::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:14:21 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 7ba0c636-eabb-48a4-e43b-08d89d2f09bb X-MS-TrafficTypeDiagnostic: CY4PR12MB1350: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3631; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: htcJcJsaZPG8R3d3tHmF3+MEXDy6xIjZONxvlmHBmzfh8FaAmEXA9Mr+UiusGAzLXmDLQMcQkdJJw5pxIpj8sNI2sg0NOnoMyJumb/CMoJUFVS07NXmSOsy4r+DcBXE51EsBPviENLZl+W+dq8OUJUnKmyu47NRRr9Itc5ppM+oFMCv6xk/kvGYX2GmaufOoqdiPUU1JY+ZNJgvNmh6SRXvVPAkrh1SP1a8huyFDwWT8kOrpgeanp+NsfvT2cDx09CqZe7bLArFAbMUtquIwXkH6LVEir9zMdWcjnZIEY7mquSMecF5R8As0X5ZFVfCfWHRn2Y6YZ4PFz7oBDvPkbR/s758gu5vXVn5iHOEf6LzOx/xHN12J/TPBk3YQSQz2 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(366004)(346002)(136003)(6486002)(8936002)(16526019)(2906002)(2616005)(54906003)(508600001)(86362001)(52116002)(66946007)(36756003)(6666004)(8676002)(7696005)(83380400001)(4326008)(34490700003)(956004)(26005)(66556008)(66476007)(7416002)(5660300002)(186003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: pnY4zq4l46aeNVIom8tX2uMufVfapS1PjPL9V1nWRs74R1YtW11AbnvFuMn9x/wUBnaReVqtPMaXGIgeDIVaye4xUq7pWgaTXIxi5Be/OxFjCwhMi4DF/bSvrxKXYq7YeDgogjL7A4aHKH5WDg7rEv6Nu1JUSdRIoRTcaB+2iYG2hY2AXtoY9RaYjaAhWU7iwfqBvsQgMsEbGAV0GXSbxZQdunudLaeK/LxyQNUo3k44qhEgu00aAmkh3jIWNTWkqchwAZJesEi/7tRHgGY8SpraTiO0DF2eG5A02J6/aoU4naAmHu5Npx+s1Q42XjKQptQ2xjXirthfN44DA7MwFUK6h/Yv9vTCyOMJyQtZG5EV6HjOckydGXrBK4xaPfxdeKmfvGYsU8od2upMxMph0jtapk5YZ+GEBdBCQOtQeJV2xQNPIfqf3GcSwFJwiwbj5zWjPXdYYoR5awcDTEW4xoNh+Ry1J/4yJdbm8G4pym2P3p4OOtTiL/Behrc9KBpTpqVXPKG4o4nJciBa8mX9hVfv6Rq9lORr8AfJUnZbSFTIFRH/bzH6d4DN3lsjFtar5e2sEE82H/vV3btufZQ3Ry3oqjlS0lliJmiGdB3FUflNbx//0IcZQejBOoFm+TXH2DwMuTdd2G4MtkrmQ4neZ3HX0DT/UCYxr3gkwLzEbCYoS5zyv3Fe4sorczCMz6e6YzqJlO6RAHRT/BZpEihO/fFPvi0rWAiNx1hlTgYtEnN3rfzxmWRcUgmhDgJpTqUwO5f5jd8WYr4MXoJnziZzuAqAl6TlD7sf/vus7C7KZOvxBlgmR5JJh8dxchiQr7CuqkMJ6qExNYo8R3F9Fz9fLiegnB1GIEUtkM3K1uNpzVmEXibgFyFc5gQgSECCWj9Woyw+aPqzMEfYkgDvlY6jUA3hK6PyyG6aJ2yY/CAEeiUWHTwkbp2WnQ8HnRrR7mhYxLjBbyOP1XoEugsO4dFE68cS4vFkEaw0H6or4LMypz+hR6GSNDcXHxDZkqqDEyH7 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:14:22.3568 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 7ba0c636-eabb-48a4-e43b-08d89d2f09bb X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: MO+H5fu0xcK4Pm7Q4cwhbfcjf+lHyCoSrdjRLS2UlnsxdTu8uEq4v/XlLYpnXMXWNdcedG1SeHHKffZEWxAN8Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1350 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky Typically under KVM, an AP is booted using the INIT-SIPI-SIPI sequence, where the guest vCPU register state is updated and then the vCPU is VMRUN to begin execution of the AP. For an SEV-ES guest, this won't work because the guest register state is encrypted. Following the GHCB specification, the hypervisor must not alter the guest register state, so KVM must track an AP/vCPU boot. Should the guest want to park the AP, it must use the AP Reset Hold exit event in place of, for example, a HLT loop. First AP boot (first INIT-SIPI-SIPI sequence): Execute the AP (vCPU) as it was initialized and measured by the SEV-ES support. It is up to the guest to transfer control of the AP to the proper location. Subsequent AP boot: KVM will expect to receive an AP Reset Hold exit event indicating that the vCPU is being parked and will require an INIT-SIPI-SIPI sequence to awaken it. When the AP Reset Hold exit event is received, KVM will place the vCPU into a simulated HLT mode. Upon receiving the INIT-SIPI-SIPI sequence, KVM will make the vCPU runnable. It is again up to the guest to then transfer control of the AP to the proper location. The GHCB specification also requires the hypervisor to save the address of an AP Jump Table so that, for example, vCPUs that have been parked by UEFI can be started by the OS. Provide support for the AP Jump Table set/get exit code. Signed-off-by: Tom Lendacky Signed-off-by: Tom Lendacky --- arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/svm/sev.c | 50 +++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 7 +++++ arch/x86/kvm/svm/svm.h | 3 ++ arch/x86/kvm/x86.c | 9 ++++++ 5 files changed, 71 insertions(+) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 048b08437c33..60a3b9d33407 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1286,6 +1286,8 @@ struct kvm_x86_ops { void (*migrate_timers)(struct kvm_vcpu *vcpu); void (*msr_filter_changed)(struct kvm_vcpu *vcpu); + + void (*vcpu_deliver_sipi_vector)(struct kvm_vcpu *vcpu, u8 vector); }; struct kvm_x86_nested_ops { diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index a7531de760b5..b47285384b1f 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -17,6 +17,8 @@ #include #include +#include + #include "x86.h" #include "svm.h" #include "cpuid.h" @@ -1449,6 +1451,8 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) if (!ghcb_sw_scratch_is_valid(ghcb)) goto vmgexit_err; break; + case SVM_VMGEXIT_AP_HLT_LOOP: + case SVM_VMGEXIT_AP_JUMP_TABLE: case SVM_VMGEXIT_UNSUPPORTED_EVENT: break; default: @@ -1770,6 +1774,35 @@ int sev_handle_vmgexit(struct vcpu_svm *svm) control->exit_info_2, svm->ghcb_sa); break; + case SVM_VMGEXIT_AP_HLT_LOOP: + svm->ap_hlt_loop = true; + ret = kvm_emulate_halt(&svm->vcpu); + break; + case SVM_VMGEXIT_AP_JUMP_TABLE: { + struct kvm_sev_info *sev = &to_kvm_svm(svm->vcpu.kvm)->sev_info; + + switch (control->exit_info_1) { + case 0: + /* Set AP jump table address */ + sev->ap_jump_table = control->exit_info_2; + break; + case 1: + /* Get AP jump table address */ + ghcb_set_sw_exit_info_2(ghcb, sev->ap_jump_table); + break; + default: + pr_err("svm: vmgexit: unsupported AP jump table request - exit_info_1=%#llx\n", + control->exit_info_1); + ghcb_set_sw_exit_info_1(ghcb, 1); + ghcb_set_sw_exit_info_2(ghcb, + X86_TRAP_UD | + SVM_EVTINJ_TYPE_EXEPT | + SVM_EVTINJ_VALID); + } + + ret = 1; + break; + } case SVM_VMGEXIT_UNSUPPORTED_EVENT: vcpu_unimpl(&svm->vcpu, "vmgexit: unsupported event - exit_info_1=%#llx, exit_info_2=%#llx\n", @@ -1790,3 +1823,20 @@ int sev_es_string_io(struct vcpu_svm *svm, int size, unsigned int port, int in) return kvm_sev_es_string_io(&svm->vcpu, size, port, svm->ghcb_sa, svm->ghcb_sa_len, in); } + +void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) +{ + struct vcpu_svm *svm = to_svm(vcpu); + + /* First SIPI: Use the values as initially set by the VMM */ + if (!svm->ap_hlt_loop) + return; + + /* + * Subsequent SIPI: Return from an AP Reset Hold VMGEXIT, where + * the guest will set the CS and RIP. Set SW_EXIT_INFO_2 to a + * non-zero value. + */ + ghcb_set_sw_exit_info_2(svm->ghcb, 1); + svm->ap_hlt_loop = false; +} diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 8d22ae25a0f8..2dbc20701ef5 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4400,6 +4400,11 @@ static bool svm_apic_init_signal_blocked(struct kvm_vcpu *vcpu) (vmcb_is_intercept(&svm->vmcb->control, INTERCEPT_INIT)); } +static void svm_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) +{ + sev_vcpu_deliver_sipi_vector(vcpu, vector); +} + static void svm_vm_destroy(struct kvm *kvm) { avic_vm_destroy(kvm); @@ -4541,6 +4546,8 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .apic_init_signal_blocked = svm_apic_init_signal_blocked, .msr_filter_changed = svm_msr_filter_changed, + + .vcpu_deliver_sipi_vector = svm_vcpu_deliver_sipi_vector, }; static struct kvm_x86_init_ops svm_init_ops __initdata = { diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index b3f03dede6ac..5d570d5a6a2c 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -68,6 +68,7 @@ struct kvm_sev_info { int fd; /* SEV device fd */ unsigned long pages_locked; /* Number of pages locked */ struct list_head regions_list; /* List of registered regions */ + u64 ap_jump_table; /* SEV-ES AP Jump Table address */ }; struct kvm_svm { @@ -174,6 +175,7 @@ struct vcpu_svm { struct vmcb_save_area *vmsa; struct ghcb *ghcb; struct kvm_host_map ghcb_map; + bool ap_hlt_loop; /* SEV-ES scratch area support */ void *ghcb_sa; @@ -574,5 +576,6 @@ void sev_hardware_teardown(void); void sev_free_vcpu(struct kvm_vcpu *vcpu); int sev_handle_vmgexit(struct vcpu_svm *svm); int sev_es_string_io(struct vcpu_svm *svm, int size, unsigned int port, int in); +void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector); #endif diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index ddd614a76744..4fd216b61a89 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -10144,6 +10144,15 @@ void kvm_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) { struct kvm_segment cs; + /* + * Guests with protected state can't have their state altered by KVM, + * call the vcpu_deliver_sipi_vector() x86 op for processing. + */ + if (vcpu->arch.guest_state_protected) { + kvm_x86_ops.vcpu_deliver_sipi_vector(vcpu, vector); + return; + } + kvm_get_segment(vcpu, &cs, VCPU_SREG_CS); cs.selector = vector << 8; cs.base = vector << 12; From patchwork Thu Dec 10 17:10:03 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965745 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CBB80C433FE for ; Thu, 10 Dec 2020 17:16:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 76122230FA for ; Thu, 10 Dec 2020 17:16:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404143AbgLJRQN (ORCPT ); Thu, 10 Dec 2020 12:16:13 -0500 Received: from mail-bn7nam10on2081.outbound.protection.outlook.com ([40.107.92.81]:2432 "EHLO NAM10-BN7-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2404128AbgLJRP6 (ORCPT ); Thu, 10 Dec 2020 12:15:58 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RXrBVS6RuvkmtxVN/Z8Ogs4s8n7Z0DnOWzTGEOy35vUz4/f9UPO47hZ1EJNr0YZ5K3mOKFGRGjSiRN05g1v423JpvjhRBCUerz8u9p4PnMNz6Jn0mUCltVujYQlfdsUMIWciquu7t40wqpF5LEogL8nHjZZC50UEcC7Lj63dmAuRjugI2NtwjoN7dWAz65aBKBT7nXXwOAh4BZYXq/hgXq2bzeZ+PVaNkUX+RuL//1rXenVHWXujtI088hSL6udGGaQChKYqGJhKJRC4qeSn59sYitGITNwXCR8bj4+xOpz9tN6kdpxTulTpT49Qc9E0GLJ6eRard8fE9/2FtLlVhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xXzQoFSOQMpQvKvzC90bc8sGkyAdEthpRNS3+UsXO60=; b=TG3nARHiJDKdjjZI7v0W3MciCqYpkLRFBJ4OF3YOgJQjKbKDiP93YUWiU809llVHNDIrJpzVz8qzY0kh2ln3+tU6L14TcSjexk525ydVv1Jr/yqAcn+cQQFBRm2DZ3sG9JjFpsZFkqeguJzi6zhWcHn9NRUr4zN4a5CZBorfS45eVTWot4Lz2AdXdxsN8KT20kUOMZGO0QsvHM27dazV0WbAzQAl83q2WeQmOcT1UcL0N3yHpoAEMZpoi22nvZBZOKTfISgAc/8d58DGH9r34r7a89bfArEyu4ZTXz3MOwd+8apozh1+WH3rYVWirNs0lQYCZhSJd7qGnP3ViFUFJw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xXzQoFSOQMpQvKvzC90bc8sGkyAdEthpRNS3+UsXO60=; b=cuN3t8boccR3G9CZcKl1Kw2dCh08ez7aQhflWJqpgi4Cmk0fpyN7UvwSYMZFBSUjaLMkckgY0RWmI7Hh6UezPpistsN0UtfA/jbfg+ztv3lWMN/xCn+719P7tqsLe4tCOgSW0Zid2mE9T486YmaoBPBecmKY2JbxMlSuHYZ963w= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR12MB1350.namprd12.prod.outlook.com (2603:10b6:903:41::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.20; Thu, 10 Dec 2020 17:14:31 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:14:31 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 28/34] KVM: SVM: Add NMI support for an SEV-ES guest Date: Thu, 10 Dec 2020 11:10:03 -0600 Message-Id: <5ea3dd69b8d4396cefdc9048ebc1ab7caa70a847.1607620209.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR05CA0050.namprd05.prod.outlook.com (2603:10b6:610:38::27) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR05CA0050.namprd05.prod.outlook.com (2603:10b6:610:38::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.7 via Frontend Transport; Thu, 10 Dec 2020 17:14:30 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 452879d0-2e22-4365-4fab-08d89d2f0f30 X-MS-TrafficTypeDiagnostic: CY4PR12MB1350: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: sGvzZ9MyI+Gje0mDEbSPqSKfCJujOY7X0rLrfSZ90DXcfgDgW25n3qlT30Ot2w+VoqBLgHj2rOhN41elpkIIT8nSSBGi9bDtMEd+dPmgLkCDULhMvxsKVP1kv8Prbs6gYE+Okk1V4E4gnqnx9+o7qau0J0wEj6u6h0Vm6qoNHEOPjKPKqTb3TloFUyQsgFdGTqrbzj4ejg8WC3TEEgzB4PX234O2PirQ2SPiMOokAmH8hFLG0lQK1W0maCWIUlkrAM8GejUetQcakM/LLFWo4hbwGHIb5PYGlwdkYGOzIyQJJRaqBCT3eqNKr6ZIQ8u7GTha0CLmMvA5OWOCR55Si/Hwg/xNEL3mWgx8egRkJ3Qk5k20nD7eG9FuVOmAMS9Y X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(366004)(346002)(136003)(6486002)(8936002)(16526019)(2906002)(2616005)(54906003)(508600001)(86362001)(52116002)(66946007)(36756003)(6666004)(8676002)(7696005)(83380400001)(4326008)(34490700003)(956004)(26005)(66556008)(66476007)(7416002)(5660300002)(186003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: GUPnFtLU4n8Ucdxk/PoGg1tC3vhnEpUFVAurFGEIIQkuZO8j3GWKUV70quCpBkVjiXSI2wSimwHXib+84vbzmZRi5w0akJ70LBGxtRj0tMm8sqdGuNiTN4NRwdTECy0pwk+3VE/CMW7Q5lP58Q6DjNcofvdVKjbjqdnIlXwQ679LFJUfr9DlT5MB+61O+VVIfP8vFY1pbnOvxJNZEwIy+SoAk7YJPHoMMHMfskLfo8gYIMQ3WChsqpP19ckH+bA2+R4MUmlWtlXAWkyAIq36wNB6mqo8X66qN7Qfn/BDbbU1g4J6wnSYJMTr72WkbGytVfCd+/GqNythkTLO2cACXhE9LlgiyuwgZwtTTkCPPXWQ1SDjBJppgOY6U59DXX564KA4wllPaZecSaRmU5tyRY7T9dUYYrxTpWGEfISBAdVHGgtPlBa0XajSrtH8DEYhhh8OvXb91mvEflRE9NNno9n63c7rKoG/gHM/r1ENuvOCGFzt61WoefpJ/K0DsMDVk3156RZk41aewDohAtyzJ+pKOOFrwXIzxAx6OzUoC73X7L5/zAhTJ59RWCayiKAeb6NpFEnBCMmZWhiqARGucKeI9/tGKdpq8ZRJA123Ll2PkltDe25T8sFWl0mjZR6c0LBGjoWk6rDIgJBMvfKXtpY5ZOG/UHtKHjSa9Rxt6uljFb1ukxUjDC+4qmB75xWU76PRoH4kNxkMRoP+lE3HuP6iKgutFGXjNIKq82BgtPZhMBWyFQGfa9sZcfYtsSftH8tL+KfN2bugjhxXZAt0DBPYycjcubtTQU4T886n/Imejg4y0ujiRbxvhM5Mc3C66AcG72WqEi04McG+q7OjyMAvmsP7RzmPALKgYlC8uGrsCuyvGnuWXmgl3e7pf0d0/RLkxglyzu5jIb5XAki2+2/NTYqxyY4XobgFQTeksI3izcYy79v4Qhx8+3wQT7hRl0zSN1wEReSsfPBdNO0rqOmsX34FD+37Kq+EUDCOedCUInjgFegc8CDkbCSKJ2b9 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:14:31.5214 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 452879d0-2e22-4365-4fab-08d89d2f0f30 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Rgr14FFHzmMV0E8rlvpyEVgH5ouCT6E9wYZAcGfBEgVVkJl2MIM4gTE+Q6M6WjoBY3X4lVK8yzIIta1W1L0yJg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1350 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky The GHCB specification defines how NMIs are to be handled for an SEV-ES guest. To detect the completion of an NMI the hypervisor must not intercept the IRET instruction (because a #VC while running the NMI will issue an IRET) and, instead, must receive an NMI Complete exit event from the guest. Update the KVM support for detecting the completion of NMIs in the guest to follow the GHCB specification. When an SEV-ES guest is active, the IRET instruction will no longer be intercepted. Now, when the NMI Complete exit event is received, the iret_interception() function will be called to simulate the completion of the NMI. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 4 ++++ arch/x86/kvm/svm/svm.c | 20 +++++++++++++------- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index b47285384b1f..486c5609fa25 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1451,6 +1451,7 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) if (!ghcb_sw_scratch_is_valid(ghcb)) goto vmgexit_err; break; + case SVM_VMGEXIT_NMI_COMPLETE: case SVM_VMGEXIT_AP_HLT_LOOP: case SVM_VMGEXIT_AP_JUMP_TABLE: case SVM_VMGEXIT_UNSUPPORTED_EVENT: @@ -1774,6 +1775,9 @@ int sev_handle_vmgexit(struct vcpu_svm *svm) control->exit_info_2, svm->ghcb_sa); break; + case SVM_VMGEXIT_NMI_COMPLETE: + ret = svm_invoke_exit_handler(svm, SVM_EXIT_IRET); + break; case SVM_VMGEXIT_AP_HLT_LOOP: svm->ap_hlt_loop = true; ret = kvm_emulate_halt(&svm->vcpu); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 2dbc20701ef5..16746bc6a1fa 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2339,9 +2339,11 @@ static int cpuid_interception(struct vcpu_svm *svm) static int iret_interception(struct vcpu_svm *svm) { ++svm->vcpu.stat.nmi_window_exits; - svm_clr_intercept(svm, INTERCEPT_IRET); svm->vcpu.arch.hflags |= HF_IRET_MASK; - svm->nmi_iret_rip = kvm_rip_read(&svm->vcpu); + if (!sev_es_guest(svm->vcpu.kvm)) { + svm_clr_intercept(svm, INTERCEPT_IRET); + svm->nmi_iret_rip = kvm_rip_read(&svm->vcpu); + } kvm_make_request(KVM_REQ_EVENT, &svm->vcpu); return 1; } @@ -3358,7 +3360,8 @@ static void svm_inject_nmi(struct kvm_vcpu *vcpu) svm->vmcb->control.event_inj = SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_NMI; vcpu->arch.hflags |= HF_NMI_MASK; - svm_set_intercept(svm, INTERCEPT_IRET); + if (!sev_es_guest(svm->vcpu.kvm)) + svm_set_intercept(svm, INTERCEPT_IRET); ++vcpu->stat.nmi_injections; } @@ -3442,10 +3445,12 @@ static void svm_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked) if (masked) { svm->vcpu.arch.hflags |= HF_NMI_MASK; - svm_set_intercept(svm, INTERCEPT_IRET); + if (!sev_es_guest(svm->vcpu.kvm)) + svm_set_intercept(svm, INTERCEPT_IRET); } else { svm->vcpu.arch.hflags &= ~HF_NMI_MASK; - svm_clr_intercept(svm, INTERCEPT_IRET); + if (!sev_es_guest(svm->vcpu.kvm)) + svm_clr_intercept(svm, INTERCEPT_IRET); } } @@ -3623,8 +3628,9 @@ static void svm_complete_interrupts(struct vcpu_svm *svm) * If we've made progress since setting HF_IRET_MASK, we've * executed an IRET and can allow NMI injection. */ - if ((svm->vcpu.arch.hflags & HF_IRET_MASK) - && kvm_rip_read(&svm->vcpu) != svm->nmi_iret_rip) { + if ((svm->vcpu.arch.hflags & HF_IRET_MASK) && + (sev_es_guest(svm->vcpu.kvm) || + kvm_rip_read(&svm->vcpu) != svm->nmi_iret_rip)) { svm->vcpu.arch.hflags &= ~(HF_NMI_MASK | HF_IRET_MASK); kvm_make_request(KVM_REQ_EVENT, &svm->vcpu); } From patchwork Thu Dec 10 17:10:04 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965787 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id F32C1C0018C for ; Thu, 10 Dec 2020 17:39:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id AD43F23E51 for ; Thu, 10 Dec 2020 17:39:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392842AbgLJRgK (ORCPT ); Thu, 10 Dec 2020 12:36:10 -0500 Received: from mail-bn7nam10on2082.outbound.protection.outlook.com ([40.107.92.82]:61760 "EHLO NAM10-BN7-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2404102AbgLJRPq (ORCPT ); Thu, 10 Dec 2020 12:15:46 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WXExcYyE0UQW6+9bw45q/oFkdf4H17l/IB7CXEiZbYNYuQiXBpfOzCs6LMwF5E1BBwNRZjqufwZSuoKuXvI38xtOgR1/MTBZi+tz1x+xttYroKmbIMaNI9IbSw3s9xJaLahnjI8rN2dsZeTGi8fFOmeXBcfx4rc6J3UJCauL6Uj+fE5k3xY6t1/fBq+p+ZvA4AHWYa6SuTypkBypojDJvoWD0Sa82JDrfu8pWdgTSp7Pd7fARu7T4XPwePuGu8T1V52Z+Kyh7PNrWsypHRaLnmYW/LtHEyXyFcYoJhpfwBTI4BeEHaiNeCl/oesNAAi8aWN4z/Ox/ZlrDocCvgg5yA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+00cw+QMyVxnB5QrqLlEnbzUtHpRkANbvDvwE4cRFzo=; b=UkLXrU3KONesxB5rirNtjCOIKOflpkoNM5SNCXPVEBwDryhIHp68aYnDPkUNY9HyBxCp2tSQzn+wF7F26qXYlkRcIkY+MPRec1b8n7YAuY0oC/m8X1KaSM6Eljrh+AzVIqOVunHun1WwvapUbUofiqMBj/prO70wy+x45eDW7aAEhA+L2Sn+obBeOknBCJxodtubqxkyoF1SFE9lO3zIfRVC3jVf33Eax7qwWsM03FHSPUjpEQilSaYEL4GDQX3QlL9eZQoyn7VpOXeoSsQMxoxAurfEg2Snj7ypMJs1ThPXsV1TrJ85eSdkx7aI7sjgpJgtNJUbpgUaq/mNXQcWVw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+00cw+QMyVxnB5QrqLlEnbzUtHpRkANbvDvwE4cRFzo=; b=NN/3tJys8q8LzLfApX7bSxw9deW0PgvzUmk0O7GuVxNu058ZyXUuKd2HFoREOBqrnh8NiFI1jEqPmeE2hgQvUgUUEi0Orp+7d2ZR6JvAQRduQNrbreyUzleko+RCERvBHVWi7pLOW0hMlo0HKdTvzvj6NsOYEpy79wEcMDlF8nM= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR12MB1350.namprd12.prod.outlook.com (2603:10b6:903:41::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.20; Thu, 10 Dec 2020 17:14:40 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:14:40 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 29/34] KVM: SVM: Set the encryption mask for the SVM host save area Date: Thu, 10 Dec 2020 11:10:04 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR05CA0049.namprd05.prod.outlook.com (2603:10b6:610:38::26) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR05CA0049.namprd05.prod.outlook.com (2603:10b6:610:38::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.7 via Frontend Transport; Thu, 10 Dec 2020 17:14:39 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: f58d56bd-a3e4-4919-fa0a-08d89d2f1476 X-MS-TrafficTypeDiagnostic: CY4PR12MB1350: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1091; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: LWi1LrvGja/gOFMVSHQRAvjSnIZ1enzgQ5DlOk5j6bFHKF0yeGUFt+SiTQdlyXVwdHTY/0LWYiiazHs2uHTHP1i9Jltd9FFpHtw1rytuGue370f4jPNay44hBdXAWFgd0yEfIO629LYcnGRJssompNNfSHHhK3kdidIbLHVT10IXzh9z0C7o00iaVcES8XfX5PAEfC0yNBPjVEfyXyONIk8TGEz08AkWHIGpOZVSvO9q28vRG61S0MA7WVWROdwjoyUC7gG1nhWrxagS1PRG5I9Gjyl48KkhJrUIOppkq946JtKb5xQ4mdmRCaG6FH54tcU+I8IaXXktaClO5yVywmMZQPhtWOqvJEYG0UYHdwGC9zU3OAtNB6mNXEXxEuWA X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(366004)(346002)(136003)(6486002)(8936002)(16526019)(2906002)(2616005)(54906003)(508600001)(86362001)(52116002)(66946007)(36756003)(6666004)(8676002)(7696005)(83380400001)(4326008)(34490700003)(956004)(26005)(66556008)(66476007)(7416002)(5660300002)(186003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: wSsC15pZMY3fwB76Vb15yeygVkw/MViI1FxCO/2Y55bOib1MYQq3rdTEnJsgIeVjCu35ovaXkIu5aW2ede3it2ZFjauEa0DRUL5px0WDKneoo7x/rCPIM98j5b+NVOAlKf/nIvu7V11L3qhFq2UGrjlpWuGwON6Ji2abLs95jVLqL8DmCu87NTMa3r95iLsn9p9Dsh3wsO3WwFG74gQaOuBU5I+ShFAN92JZxazpcnPDSj6fFTdu4dHI5fzjcrOzvyxn6+p51m7VzriYcCY+Asi0qweVvznvlz7oARIG+KqqJA7nnP4/1hkPDXdMoTSND5saEKVj9NdL3DA1TxSfj8EOWgq9XJZKYJo1q/pVgEsrnCfDuc/4xOsOR8QJvSqF8pZ1pDoHUsZYtJP6jtsa1wW8ifJIKY+CjHha6awa6er8ZSf3CKhtQnCMeZmUs3H85YpDbX/jAW1fJUMW7pCEzGNOn2cwde3r56Xm+XF5xkt3sirvrCqcMw8Wvk2lAHfiWVI8Yw3zQbIQFFzhVGN9xqzi1ELTE3n6OHyMzHYkfjaP0BukCrK+pqw24mNKiO1/GEgPaMMrD+a7Q2Qka7YhX2N7TlyRgELH3vebr4fMWLrKiG6+68RlzN5f5HAYUlXQYj9ZCP4sJhjDUUyyuBBB0pPMTv7UrUzGZ2KSYInvgTJM0k24dnOvitNxrfJy3zUmYxdO7Qov9+6lia28gRRXvGgNNU1qKBcOa3kYa4Jb3D+seL7a8dvt7iTI7of8rQGHizVJlaQ2w0cEFPyKc1INWK1B32tkmY3qERixyXfPDQIvLdrn6y0uS2AmLKAdswWkBHOR4jhDHLxUjInhEpqYldX1fV4Hs0Nt631oWfLbDLqyJ0t2bXZCgl6HIhVs10kOryQoCKgpMMqDMznO3poMnpatb0mwjm+r1IDMgwh9O0Zy149+tZBsZPZEdTOx9Rw1kvTpSmDc2fJaJa79meIeIePYCzS3PdRpLcwUD931I30Czfr8j49ZShKTZEDEFX2N X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:14:40.4101 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: f58d56bd-a3e4-4919-fa0a-08d89d2f1476 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: oUDqBFBtIPjfy2XB5qbyl0H6TOBymT9cyRpOHE/0OIW4ZZAZ0aF/Pv7dIu/MZp5BJPtWLovt2X5vCdiVcX5w4w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1350 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky The SVM host save area is used to restore some host state on VMEXIT of an SEV-ES guest. After allocating the save area, clear it and add the encryption mask to the SVM host save area physical address that is programmed into the VM_HSAVE_PA MSR. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 1 - arch/x86/kvm/svm/svm.c | 3 ++- arch/x86/kvm/svm/svm.h | 2 ++ 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 486c5609fa25..4797a6768eaf 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -32,7 +32,6 @@ unsigned int max_sev_asid; static unsigned int min_sev_asid; static unsigned long *sev_asid_bitmap; static unsigned long *sev_reclaim_asid_bitmap; -#define __sme_page_pa(x) __sme_set(page_to_pfn(x) << PAGE_SHIFT) struct enc_region { struct list_head list; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 16746bc6a1fa..d8217ba6791f 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -498,7 +498,7 @@ static int svm_hardware_enable(void) wrmsrl(MSR_EFER, efer | EFER_SVME); - wrmsrl(MSR_VM_HSAVE_PA, page_to_pfn(sd->save_area) << PAGE_SHIFT); + wrmsrl(MSR_VM_HSAVE_PA, __sme_page_pa(sd->save_area)); if (static_cpu_has(X86_FEATURE_TSCRATEMSR)) { wrmsrl(MSR_AMD64_TSC_RATIO, TSC_RATIO_DEFAULT); @@ -566,6 +566,7 @@ static int svm_cpu_init(int cpu) sd->save_area = alloc_page(GFP_KERNEL); if (!sd->save_area) goto free_cpu_data; + clear_page(page_address(sd->save_area)); if (svm_sev_enabled()) { sd->sev_vmcbs = kmalloc_array(max_sev_asid + 1, diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 5d570d5a6a2c..313cfb733f7e 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -21,6 +21,8 @@ #include +#define __sme_page_pa(x) __sme_set(page_to_pfn(x) << PAGE_SHIFT) + static const u32 host_save_user_msrs[] = { #ifdef CONFIG_X86_64 MSR_STAR, MSR_LSTAR, MSR_CSTAR, MSR_SYSCALL_MASK, MSR_KERNEL_GS_BASE, From patchwork Thu Dec 10 17:10:05 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965767 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 50E7CC4361B for ; Thu, 10 Dec 2020 17:30:12 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E7FD923770 for ; Thu, 10 Dec 2020 17:30:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392531AbgLJR34 (ORCPT ); Thu, 10 Dec 2020 12:29:56 -0500 Received: from mail-bn7nam10on2082.outbound.protection.outlook.com ([40.107.92.82]:61760 "EHLO NAM10-BN7-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2404135AbgLJRQH (ORCPT ); Thu, 10 Dec 2020 12:16:07 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZnAS2i/5FjP9//XOAWQhco90/gcyjowJMJO5LulC4t+uII40nlUMhUc61ZlJLsv92kxbnuC9a61iJ3qoCd3POK4BsTDb/TcMV5ORlvbH3/LUm8+LlPKwglOGw3z7IBN4bAvDl5DWq/VPvtnd+BQYMK5fy9BR+3JtYZwe96RyoCf+o26s2iDXeoK5DCeCOQdNlR/s1aWgbEg2LbHd/O1jZfhMXrRD/f6W63/putMY9Y90v0GB8nsoMF/mZ24doWuzqyXejHcIARg3ORLnF7Cad5DCowEHrabK6oD95XUKdhCGDDMRxTfF85b1dtnB6XCBnzTZiC7N1A09M7iVBKDb3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Rdrg9xdmCo1Mi+20Ub/bjG9z6mIYPEDGliwugujXITg=; b=Se19AMLYJFp9pjIR21wpX/DOrtND/AfjTxnH6GfAfNNG7Dzf7XjOR3yQ6/WQn5BSE2KDg409w74QxJWOkLAaQEJyiIEWvZs8c8XINy2eGa2XaEYFS4KL1nDN2FF9pTfmbpai+Uq9Rt9DjyOo4Wd3Q6qYa03t/zxQXK+Td5iJWuuMJKijdTl9A8Jzysx+kTIjebmxpQz0VbXAKwbiJwiQso2BtRWkfgWCgUEyfrO4vqRUN0tN2hBHYj6DJ/8rH/r+bkn73VNv1VRkVu5lHB/T8IUYTYx6sXraxLeqjitRDSxSj3Rm4wHbcFQritr6LhmXQRizEHxYhmjACi/Pt1i93Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Rdrg9xdmCo1Mi+20Ub/bjG9z6mIYPEDGliwugujXITg=; b=TwGOrA3a9F4pBzd4sqAeJ31Mizi6j3RziARWVB2EUKsIn/PrKAVNImZRyHbkFNTAoXHnrC/IoVaUJz3YHQTc2ozD5YtLOILqabuuwXVgH2x4ZKLckiburaHGuIJRy6Op/OuI+ZpLX/Jpn37JBXF8xVzWBxauLRAoQXVC1YBBWfs= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR12MB1350.namprd12.prod.outlook.com (2603:10b6:903:41::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.20; Thu, 10 Dec 2020 17:14:49 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:14:49 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 30/34] KVM: SVM: Update ASID allocation to support SEV-ES guests Date: Thu, 10 Dec 2020 11:10:05 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR05CA0042.namprd05.prod.outlook.com (2603:10b6:610:38::19) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR05CA0042.namprd05.prod.outlook.com (2603:10b6:610:38::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.5 via Frontend Transport; Thu, 10 Dec 2020 17:14:48 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 1030eceb-cbe8-4d4e-7480-08d89d2f19c1 X-MS-TrafficTypeDiagnostic: CY4PR12MB1350: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: eSTRoIAhqVc5sE600OVW/eKO/YCFlzxpUFO6+eitTx8fytW+MQ3bu+xUpDMzjYl7xTSkTt/b69QQH9awEaaTSy3iMaUJ9t6GMDB+9q1U/G3j7KJlHS2CpcMq0qtIc0Du5qw7J79r9fPPkqL0nbP3fdSsdxqC/J0gm2DAymOPdK5m8FKiwobpO4bs3qWSt1AWFAaAF95Du6MY6KH5uW680KlfuhRPym09HCDMIoei+oDbgdeZtyGn61tUGswjofrrc/RNi9S0AGZPfGYnd6SaHyla0ImhNSoU/EiwniMOaeNjvwmwqEahrjNR4ZqXP+W+Yo/oA+sHZkpjfd4vg0GXePx+vyWFjWds7je4V3YK9/uwQzVY81gKlwtVVrht8Qeo X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(366004)(346002)(136003)(6486002)(8936002)(16526019)(2906002)(2616005)(54906003)(508600001)(86362001)(52116002)(66946007)(36756003)(6666004)(8676002)(7696005)(83380400001)(4326008)(34490700003)(956004)(26005)(66556008)(66476007)(15650500001)(7416002)(5660300002)(186003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: cMmuDGrrsSArjkVyl8CWHguCUYGCjejYcBu9of07oVudWpKdU6PO2+jpYJVzv/E7BpDheGzWjfBDeWXgeq4GNO2k2DlDzzMtX8YiAqT57NcnqHk5mN+Q6mdsugfCCnDmClr+MVTugzU9fW+r3eKpNLyHc+6u37grQZOOnYGOmJn557YH7O36LzXSbUSkQTf1VJCz4DmNGinkBlPwHk+umiuyRG3qgHvfTj7o/6VBRvX3rSondP9BxcKIWa7nMW9lE7MqfNKaq7APw9glZzytRzu5KHDzI7QdeVU/sRyMuHaNdhJ2amXstZ6dZFowu2rXlLD54KBtSM50bqXbhe+93d58ahRgS729h7owcBK4Bv5WIaDyW80I0ydjqU7Zn78Z+dJipqwGSlSwLpzO18mr5HyD97DuRqp9VPcZGeE+VI3i2ChsZCRVc+NYHxx+I04xymrVy3qdIkY7AvXBTos4wM+LvHovwQ2FiECGKFwNyWxOQfSXU3XinqOYGsOAxgt/xj0o+IxCKJMAE7q0kpF4CBgWcgiH6QLcBcQ2IIeVKqbMKVaTkVX77hpxtsrEwwY1q6bLiqHJcBOeibaRYeyWCdxyOmtLgTxYY3PcUD+OIAJwxFZ/9aLniP5pvQ+r8jI2d1Yv3M3OK6+csn0waGpt9XMwJ1+skJvHz+VVKdsgHYQah+3rU6VLfsh37b7fYNMrKx7yQY+6qEd2oTrEUUqZfBwq7yhhQgEqwz7fyaymkgEQcu/yWmgbwK1eZ6duInxUy/DnRwhMSqCAcT6TWzzgzLsLnduBc11VWGK2UqAfDDL4AuagQ/VbtqBX1H72tzSLDx9FkLmADOesSTphd/vDtVpZ554xTbCBALTDATq5NWnvu8bmFiwV+tL8TXv3629NmQJP+QMvLstEvXiz+HNK/7YLG9WZy0oKyZeQchnO29Zk9yf0YAammhUvfJ34crJx07e9R/ziZRkqhHuZmd9nKfpWL/d85gWxNK5bXfXZ8hc23FpOBDYtN7ZKHo/5BP4f X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:14:49.3257 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 1030eceb-cbe8-4d4e-7480-08d89d2f19c1 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 8d2YMUdpVnwL/GB8YIzeS6ob0fRZB2obEKfauDshwuFbVzHbhVWmgs5vXqZxkpOTLWImwZCFcLPrS8VYImq5YA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1350 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky SEV and SEV-ES guests each have dedicated ASID ranges. Update the ASID allocation routine to return an ASID in the respective range. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 4797a6768eaf..bb6f069464cf 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -63,19 +63,19 @@ static int sev_flush_asids(void) } /* Must be called with the sev_bitmap_lock held */ -static bool __sev_recycle_asids(void) +static bool __sev_recycle_asids(int min_asid, int max_asid) { int pos; /* Check if there are any ASIDs to reclaim before performing a flush */ - pos = find_next_bit(sev_reclaim_asid_bitmap, - max_sev_asid, min_sev_asid - 1); - if (pos >= max_sev_asid) + pos = find_next_bit(sev_reclaim_asid_bitmap, max_sev_asid, min_asid); + if (pos >= max_asid) return false; if (sev_flush_asids()) return false; + /* The flush process will flush all reclaimable SEV and SEV-ES ASIDs */ bitmap_xor(sev_asid_bitmap, sev_asid_bitmap, sev_reclaim_asid_bitmap, max_sev_asid); bitmap_zero(sev_reclaim_asid_bitmap, max_sev_asid); @@ -83,20 +83,23 @@ static bool __sev_recycle_asids(void) return true; } -static int sev_asid_new(void) +static int sev_asid_new(struct kvm_sev_info *sev) { + int pos, min_asid, max_asid; bool retry = true; - int pos; mutex_lock(&sev_bitmap_lock); /* - * SEV-enabled guest must use asid from min_sev_asid to max_sev_asid. + * SEV-enabled guests must use asid from min_sev_asid to max_sev_asid. + * SEV-ES-enabled guest can use from 1 to min_sev_asid - 1. */ + min_asid = sev->es_active ? 0 : min_sev_asid - 1; + max_asid = sev->es_active ? min_sev_asid - 1 : max_sev_asid; again: - pos = find_next_zero_bit(sev_asid_bitmap, max_sev_asid, min_sev_asid - 1); - if (pos >= max_sev_asid) { - if (retry && __sev_recycle_asids()) { + pos = find_next_zero_bit(sev_asid_bitmap, max_sev_asid, min_asid); + if (pos >= max_asid) { + if (retry && __sev_recycle_asids(min_asid, max_asid)) { retry = false; goto again; } @@ -178,7 +181,7 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) if (unlikely(sev->active)) return ret; - asid = sev_asid_new(); + asid = sev_asid_new(sev); if (asid < 0) return ret; From patchwork Thu Dec 10 17:10:06 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965753 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 50BB1C4167B for ; Thu, 10 Dec 2020 17:17:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0192823D9D for ; Thu, 10 Dec 2020 17:17:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392730AbgLJRRQ (ORCPT ); Thu, 10 Dec 2020 12:17:16 -0500 Received: from mail-bn8nam11on2051.outbound.protection.outlook.com ([40.107.236.51]:35297 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2392486AbgLJRQo (ORCPT ); Thu, 10 Dec 2020 12:16:44 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QDY+ECo3wPufLkiTklev4mXbC4ldefT37OJDAl8qoqfR9Ie9bdmN2uVqVFNOGa3FRtOLHHQfolTscerwC9S3YDYnuAPohk9Y5Wz5Nwm98t+eagl62rtA1uf5Tw84K7lgTLhtMSwgN+0EyTu6HE98SSTtxyqwDzIF3wHxXoF5G6jf27y0IBTueU9VyZCkAtxYUfVJ3539bokkrWSP4ohZ9X6oPkdwvx16xhWeZhhbh2k1U3uu70LxY5W/O9o2RALSGMrvSMhZ1IrF6p+a6pywjfQYDclu5WfPzsO5SQMLsI1kd035HANHhh1jCZYIgkdMHIupO4YFPsLygmYAm2HBmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nZnZbX2UjGEaf+QUg9KWvWPv1eIzAdubdeLS3eSvEEU=; b=e+UbLZQn3tTaC32srNYUe8neRwxkye11SKLzFOGs5axXtPGJoNrc6wOdJtHk6k90lp+AFuP90OgWukdnk7q49D+WeMYOZIfcgzndLgFmyZM2jmMUtCzWm6Xkyaw5vAFKdUsV207o/Ddly5wciMiC3QbfxhjZAZ2b1CMLXcg21Cic568HQ04I2DZ6KktlxUaaqrCxwP6XIZxY0gBOKsAdJ5ZpN0W+ef6nxDfb6GOhT1R5spMgdyes5sLK+d2OXlGmmIBKhZrg8Qulns+Wj23by63oEpJyuOh7u5deCx72e1HcR9uIavrpNdqnVSzG4HN4+BMRNu8Cjg59jCXwSg5H3w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nZnZbX2UjGEaf+QUg9KWvWPv1eIzAdubdeLS3eSvEEU=; b=PDM3Fh5SkHVT4pmxdE8e9LRFIJ3aQjINWHvB2RrJD+OuhkgI0Z0ceDk6SivcGdtory1JTHsUb9BbJgiHmEsuN+Db1WkhB4x0GzHbtYUfRSbSUrKNp48W/jTAJ28OtweGi8JF9WQkRIktMuWKc2OrpBgVsVxyxYBocSZgCjMc3HQ= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR1201MB0149.namprd12.prod.outlook.com (2603:10b6:910:1c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:14:58 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:14:58 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 31/34] KVM: SVM: Provide support for SEV-ES vCPU creation/loading Date: Thu, 10 Dec 2020 11:10:06 -0600 Message-Id: <3a8aef366416eddd5556dfa3fdc212aafa1ad0a2.1607620209.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR05CA0071.namprd05.prod.outlook.com (2603:10b6:610:38::48) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR05CA0071.namprd05.prod.outlook.com (2603:10b6:610:38::48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.7 via Frontend Transport; Thu, 10 Dec 2020 17:14:56 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: a5caff8c-0ebb-4bc4-b236-08d89d2f1f0c X-MS-TrafficTypeDiagnostic: CY4PR1201MB0149: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: JjhYrCbjDbEUUgPBs5uiSxTPYQPPMT68UfPR4XTw98uaO272N3UtlaJciQiGSKcjWcaiYu1Qb0eAoz+qBlgSIqZdbb/YB02BRPWxKBvaA2+pjALQ/mmtLx3cQFLFcaL+HNr0CC/jX/gmaY7QVvvH8DpHfOiTAdoNls9ZxTcDpDPOOmw19cKKloU9wJUG57eMnjJek7KaEvtiV/nsb0PjdPKWzVr+rJ8V4WRvvMwmD1x0Jz29Em19aXu0RcYXaPMFQlEAAocZKkY1XKbbhz5o+xnac7eFrkgfG+K5pESFzcnZ/R5N6bmfgf10V9S73AiUaDxiRrqz4z3svoumbjqdWZKG7ly1llSeeGt1vlAAMvy4m2SDNFgddo8sLdEdFU3s X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(376002)(366004)(2906002)(5660300002)(6666004)(26005)(52116002)(186003)(83380400001)(16526019)(54906003)(6486002)(956004)(2616005)(8936002)(7696005)(508600001)(66946007)(66476007)(36756003)(8676002)(86362001)(34490700003)(4326008)(7416002)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: ozQ4sf6AUN/fiLLHWnCd26RKaqPTD9XPbsPu/zvpUt4KtjvrLtGEEFjkDIkrzOT0F5ReNYvwpZ/cdKEG0ErHW5lKanKrkWQIkce2PFBQioeQQ5XG3Kzk3nnUa7IVslhPLaCYD+8yFA3dUDoJ3SeL1B+eugdVv+w00hORHo/cTj8BdYpOeUAW+/Hw0jP6sgob0Ycgx728geut+DzRNcwsatBjKDcb5o3g/4RW39QS57mhrMLDGSkDSnThBl0FLsyChHUMOL1ZFJSEVeBN8ntohsHEqaS9yetwiaF8RpU7nnbnszk1gO8DeZ85imYXj8KUj1XVdxIDqMWUGmJjxPeI+6nHb/LPJP0SIAmJkQHosCf0yWBeXNS+utSda+e1cfesBQaE0UUZF0TyRKmsBXU3CvG28/Wu+7RPYs5IZnYARc1rtiHzJkjABfhYmFwz6gAbqMfJHIJVw1AJWdatrI5D5JvsvuUXIRVccRFg3gh/4WVIa63gCUhdG9doqpp6L6pwTtEhg0ByK5iWVIGe5dd4YQP2s3znBEZJ7lWM5BEBpMWKardjJHCZGquU/m6JUGYaUTjT2AzPMhTYoWMr5SW6XzVmjdP+fzpxkq4QqeBlTYJHEHU9dl+8rklssHwyybxI1/YtdDJww3djYrxHR5bicCBUnQ+puAXYTevkT6BipXb03I2u0i9/XDoejqY4vV8rER5f98O0bPYNDH7tJIfjQbNxCA4jbER2hXh9CTw40F1ZLyfmGg+o3q3jX29YG3zXaM0x+iUjmuKKjD9ItuyEkShW+dZ9BEtL2TR/Gcak5L/GS+laJpuOakzSm5MVBe8YeyzLqFxX887xlXl4Cv6fBo41RAsHCk2vnfgKLSknRCjsppqM1sHeglRuethC3y4U3oEAI4AuJ6M+3LHwHZtgc/aAxv6pbcZfwY+edBpQctsY2tLm7AO9ooejRTWdlNfVoV+3lyRldnN8MgbUVNWU9za1OswUHqN4J+zeC6wQiJa3CMZ3PMd9ceCAAhRL8qcD X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:14:58.1525 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: a5caff8c-0ebb-4bc4-b236-08d89d2f1f0c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: KB3BBIxDkDnhFmpO3FnWeqn085lunN8vGicQCp6p6q4eaisqj2/g90QQayP53EK0++5ysFco8FZZ4tKTgAEHfQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB0149 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky An SEV-ES vCPU requires additional VMCB initialization requirements for vCPU creation and vCPU load/put requirements. This includes: General VMCB initialization changes: - Set a VMCB control bit to enable SEV-ES support on the vCPU. - Set the VMCB encrypted VM save area address. - CRx registers are part of the encrypted register state and cannot be updated. Remove the CRx register read and write intercepts and replace them with CRx register write traps to track the CRx register values. - Certain MSR values are part of the encrypted register state and cannot be updated. Remove certain MSR intercepts (EFER, CR_PAT, etc.). - Remove the #GP intercept (no support for "enable_vmware_backdoor"). - Remove the XSETBV intercept since the hypervisor cannot modify XCR0. General vCPU creation changes: - Set the initial GHCB gpa value as per the GHCB specification. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/svm.h | 15 +++++++++- arch/x86/kvm/svm/sev.c | 56 ++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 20 ++++++++++++-- arch/x86/kvm/svm/svm.h | 6 +++- 4 files changed, 92 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index caa8628f5fba..a57331de59e2 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -98,6 +98,16 @@ enum { INTERCEPT_MWAIT_COND, INTERCEPT_XSETBV, INTERCEPT_RDPRU, + TRAP_EFER_WRITE, + TRAP_CR0_WRITE, + TRAP_CR1_WRITE, + TRAP_CR2_WRITE, + TRAP_CR3_WRITE, + TRAP_CR4_WRITE, + TRAP_CR5_WRITE, + TRAP_CR6_WRITE, + TRAP_CR7_WRITE, + TRAP_CR8_WRITE, /* Byte offset 014h (word 5) */ INTERCEPT_INVLPGB = 160, INTERCEPT_INVLPGB_ILLEGAL, @@ -144,6 +154,8 @@ struct __attribute__ ((__packed__)) vmcb_control_area { u8 reserved_6[8]; /* Offset 0xe8 */ u64 avic_logical_id; /* Offset 0xf0 */ u64 avic_physical_id; /* Offset 0xf8 */ + u8 reserved_7[8]; + u64 vmsa_pa; /* Used for an SEV-ES guest */ }; @@ -198,6 +210,7 @@ struct __attribute__ ((__packed__)) vmcb_control_area { #define SVM_NESTED_CTL_NP_ENABLE BIT(0) #define SVM_NESTED_CTL_SEV_ENABLE BIT(1) +#define SVM_NESTED_CTL_SEV_ES_ENABLE BIT(2) struct vmcb_seg { u16 selector; @@ -295,7 +308,7 @@ struct ghcb { #define EXPECTED_VMCB_SAVE_AREA_SIZE 1032 -#define EXPECTED_VMCB_CONTROL_AREA_SIZE 256 +#define EXPECTED_VMCB_CONTROL_AREA_SIZE 272 #define EXPECTED_GHCB_SIZE PAGE_SIZE static inline void __unused_size_checks(void) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index bb6f069464cf..e34d3a6dba80 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1846,3 +1846,59 @@ void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) ghcb_set_sw_exit_info_2(svm->ghcb, 1); svm->ap_hlt_loop = false; } + +void sev_es_init_vmcb(struct vcpu_svm *svm) +{ + struct kvm_vcpu *vcpu = &svm->vcpu; + + svm->vmcb->control.nested_ctl |= SVM_NESTED_CTL_SEV_ES_ENABLE; + svm->vmcb->control.virt_ext |= LBR_CTL_ENABLE_MASK; + + /* + * An SEV-ES guest requires a VMSA area that is a separate from the + * VMCB page. Do not include the encryption mask on the VMSA physical + * address since hardware will access it using the guest key. + */ + svm->vmcb->control.vmsa_pa = __pa(svm->vmsa); + + /* Can't intercept CR register access, HV can't modify CR registers */ + svm_clr_intercept(svm, INTERCEPT_CR0_READ); + svm_clr_intercept(svm, INTERCEPT_CR4_READ); + svm_clr_intercept(svm, INTERCEPT_CR8_READ); + svm_clr_intercept(svm, INTERCEPT_CR0_WRITE); + svm_clr_intercept(svm, INTERCEPT_CR4_WRITE); + svm_clr_intercept(svm, INTERCEPT_CR8_WRITE); + + svm_clr_intercept(svm, INTERCEPT_SELECTIVE_CR0); + + /* Track EFER/CR register changes */ + svm_set_intercept(svm, TRAP_EFER_WRITE); + svm_set_intercept(svm, TRAP_CR0_WRITE); + svm_set_intercept(svm, TRAP_CR4_WRITE); + svm_set_intercept(svm, TRAP_CR8_WRITE); + + /* No support for enable_vmware_backdoor */ + clr_exception_intercept(svm, GP_VECTOR); + + /* Can't intercept XSETBV, HV can't modify XCR0 directly */ + svm_clr_intercept(svm, INTERCEPT_XSETBV); + + /* Clear intercepts on selected MSRs */ + set_msr_interception(vcpu, svm->msrpm, MSR_EFER, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_CR_PAT, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHFROMIP, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHTOIP, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTFROMIP, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTTOIP, 1, 1); +} + +void sev_es_create_vcpu(struct vcpu_svm *svm) +{ + /* + * Set the GHCB MSR value as per the GHCB specification when creating + * a vCPU for an SEV-ES guest. + */ + set_ghcb_msr(svm, GHCB_MSR_SEV_INFO(GHCB_VERSION_MAX, + GHCB_VERSION_MIN, + sev_enc_bit)); +} diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index d8217ba6791f..46dd28cd1ea6 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -91,7 +91,7 @@ static DEFINE_PER_CPU(u64, current_tsc_ratio); static const struct svm_direct_access_msrs { u32 index; /* Index of the MSR */ - bool always; /* True if intercept is always on */ + bool always; /* True if intercept is initially cleared */ } direct_access_msrs[MAX_DIRECT_ACCESS_MSRS] = { { .index = MSR_STAR, .always = true }, { .index = MSR_IA32_SYSENTER_CS, .always = true }, @@ -109,6 +109,9 @@ static const struct svm_direct_access_msrs { { .index = MSR_IA32_LASTBRANCHTOIP, .always = false }, { .index = MSR_IA32_LASTINTFROMIP, .always = false }, { .index = MSR_IA32_LASTINTTOIP, .always = false }, + { .index = MSR_EFER, .always = false }, + { .index = MSR_IA32_CR_PAT, .always = false }, + { .index = MSR_AMD64_SEV_ES_GHCB, .always = true }, { .index = MSR_INVALID, .always = false }, }; @@ -677,8 +680,8 @@ static void set_msr_interception_bitmap(struct kvm_vcpu *vcpu, u32 *msrpm, msrpm[offset] = tmp; } -static void set_msr_interception(struct kvm_vcpu *vcpu, u32 *msrpm, u32 msr, - int read, int write) +void set_msr_interception(struct kvm_vcpu *vcpu, u32 *msrpm, u32 msr, + int read, int write) { set_shadow_msr_intercept(vcpu, msr, read, write); set_msr_interception_bitmap(vcpu, msrpm, msr, read, write); @@ -1264,6 +1267,11 @@ static void init_vmcb(struct vcpu_svm *svm) if (sev_guest(svm->vcpu.kvm)) { svm->vmcb->control.nested_ctl |= SVM_NESTED_CTL_SEV_ENABLE; clr_exception_intercept(svm, UD_VECTOR); + + if (sev_es_guest(svm->vcpu.kvm)) { + /* Perform SEV-ES specific VMCB updates */ + sev_es_init_vmcb(svm); + } } vmcb_mark_all_dirty(svm->vmcb); @@ -1357,6 +1365,10 @@ static int svm_create_vcpu(struct kvm_vcpu *vcpu) svm_init_osvw(vcpu); vcpu->arch.microcode_version = 0x01000065; + if (sev_es_guest(svm->vcpu.kvm)) + /* Perform SEV-ES specific VMCB creation updates */ + sev_es_create_vcpu(svm); + return 0; error_free_vmsa_page: @@ -1452,6 +1464,7 @@ static void svm_vcpu_put(struct kvm_vcpu *vcpu) loadsegment(gs, svm->host.gs); #endif #endif + for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++) wrmsrl(host_save_user_msrs[i], svm->host_user_msrs[i]); } @@ -3155,6 +3168,7 @@ static void dump_vmcb(struct kvm_vcpu *vcpu) pr_err("%-20s%016llx\n", "avic_backing_page:", control->avic_backing_page); pr_err("%-20s%016llx\n", "avic_logical_id:", control->avic_logical_id); pr_err("%-20s%016llx\n", "avic_physical_id:", control->avic_physical_id); + pr_err("%-20s%016llx\n", "vmsa_pa:", control->vmsa_pa); pr_err("VMCB State Save Area:\n"); pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n", "es:", diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 313cfb733f7e..1cf959cfcbc8 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -34,7 +34,7 @@ static const u32 host_save_user_msrs[] = { #define NR_HOST_SAVE_USER_MSRS ARRAY_SIZE(host_save_user_msrs) -#define MAX_DIRECT_ACCESS_MSRS 15 +#define MAX_DIRECT_ACCESS_MSRS 18 #define MSRPM_OFFSETS 16 extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly; extern bool npt_enabled; @@ -419,6 +419,8 @@ bool svm_nmi_blocked(struct kvm_vcpu *vcpu); bool svm_interrupt_blocked(struct kvm_vcpu *vcpu); void svm_set_gif(struct vcpu_svm *svm, bool value); int svm_invoke_exit_handler(struct vcpu_svm *svm, u64 exit_code); +void set_msr_interception(struct kvm_vcpu *vcpu, u32 *msrpm, u32 msr, + int read, int write); /* nested.c */ @@ -579,5 +581,7 @@ void sev_free_vcpu(struct kvm_vcpu *vcpu); int sev_handle_vmgexit(struct vcpu_svm *svm); int sev_es_string_io(struct vcpu_svm *svm, int size, unsigned int port, int in); void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector); +void sev_es_init_vmcb(struct vcpu_svm *svm); +void sev_es_create_vcpu(struct vcpu_svm *svm); #endif From patchwork Thu Dec 10 17:10:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965761 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A150C433FE for ; Thu, 10 Dec 2020 17:27:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 49B6E22D02 for ; Thu, 10 Dec 2020 17:27:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392734AbgLJRRQ (ORCPT ); Thu, 10 Dec 2020 12:17:16 -0500 Received: from mail-bn8nam11on2059.outbound.protection.outlook.com ([40.107.236.59]:9021 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2404188AbgLJRQ4 (ORCPT ); Thu, 10 Dec 2020 12:16:56 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=C3H/h4Ax1ppyNKHnwATzOMAUqoZYS97yLX0fvkQFsvRNjbmGzeWGHDpKk0iMBGen6xC66WHrXK0p48+iW0TcBWC9vzO+uFLjkS8mX7dgf97ZL/cNIx9WKTIuNsSU25Uub8VaUhfey/3tmIcD7bfpR6JGeRNwlFicWohdPkeMLxv9Ih23W6ebCasjtgC2Web5dBIA66Fvao3r6F1Lvc6pMBXjDAQnYSFJD4xm+bxKtQbtrcwxsMiqJn495PL0Sks+zWQ/beIg5GwSyUOwbFboqNIZNcY3V0QYnfVpgspQwCPBwMqSPj1siGwmyS3W+4iYcyn0gOosY0zr0kTgWd1k7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RQDRfolcVPwK1nwkdjfimQCgZDOGufsJf0149gwdgcU=; b=CbRLfheWkGt3phahT7zhGRT1U3f7GrPYml0LGpnIoxWOr3BNOD4cKldgiJ2seMTC3a2KyARlMItw1/FyafsC2D8MlET5H96BPh/Ymw+4GsEQp59mJo8CS+j/Nm3AJu0kXWWQU1+fPnBpR6hLFFJLrobgAWmPP+WBTEwUxi/G2TwUfhFoFCqGSZl5uLPDnk+c78My2B7aIWoU/QR3dfI9G1ykJuaw5BlwRZSdXfoTCKdzVMYqOG15Yy1QtNBP9szyR8VNOMNFr+/awlBT4XiqyqdyyjlMmQiMVLOJodYC/n/TT8f0m9EHsGRJjC2UJ0fU9K5g6jti6QX3kLsWJaEjMg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RQDRfolcVPwK1nwkdjfimQCgZDOGufsJf0149gwdgcU=; b=x2c34iuhzy1vAm0KAWxlSXYkEvjxD5st1WjkBwfMvSxU2k+FgU5mDlowBLHLUUJxfQEyOFsUC1Ly7n9TTzGxZiU/wLywPSN1tcj9KNfecNIFa8jtXStaPjUawpWmewIoUMTC9LI6ZlXGPJMJ5iFWR0b727IC9q7ZtR0xeOq07hU= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR1201MB0149.namprd12.prod.outlook.com (2603:10b6:910:1c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Thu, 10 Dec 2020 17:15:07 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:15:06 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 32/34] KVM: SVM: Provide support for SEV-ES vCPU loading Date: Thu, 10 Dec 2020 11:10:07 -0600 Message-Id: <019390e9cb5e93cd73014fa5a040c17d42588733.1607620209.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR05CA0038.namprd05.prod.outlook.com (2603:10b6:610:38::15) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR05CA0038.namprd05.prod.outlook.com (2603:10b6:610:38::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.5 via Frontend Transport; Thu, 10 Dec 2020 17:15:05 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 28c59cef-20c4-4aa8-0fc8-08d89d2f2438 X-MS-TrafficTypeDiagnostic: CY4PR1201MB0149: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6108; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: TOE9RDPW7D0BifOcYltHpTQKRBjgkR9fT+shZNyCnK+0m7Kx8YDHCyZdQRriT2RbdZOYr6GBd1l/pa+1V0h16mLwCYr7aeGntd2B7Wb1erv5Ng+XIZ+pEgkWMHQzhMCWRAcxfAyTW/Et+UNCI2+/Q1QfgJ5V9/Fau1JNqOM8+CtVy90ph8MEAOkrNLhrgjTvqz7dXdXmoFicgySdcFexwy72ugDsSEvYmbRWt6kPGBGD0JHbPx/1NvKRNyvVvgll9W+oQBZa1H2JCRuaeBPx7w9yG5AH+d+W9X4v2Wb4RvOAkY7xzmAD8mQdyozFRNQa/VIEw9NJnFmdj9oCe4XuwydK/XRM26bBJshCdgzPWkY5uNJMu7D2MNwk8larwBOf X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(376002)(366004)(2906002)(5660300002)(26005)(52116002)(186003)(83380400001)(16526019)(54906003)(6486002)(956004)(2616005)(8936002)(7696005)(508600001)(66946007)(66476007)(36756003)(8676002)(86362001)(34490700003)(4326008)(7416002)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: HgCFU3HRQeOm/WSK434AVAhJCQQPV9PlHKohk2JfJj1Dud66j0DiIP3xZvXgQKrcvbfmUOw2tvFBBnNdg1OPtAvcx4hnGC3A11iSd9FfmOEzV28+Sp/EyKZw2HLCbK7XROlu3u2r2zI1lRQ50w8FQ0qUfWLKu2UiPEKSCdI1KXCGiNTDoL4yXA7D3aOKHjIUQBUrn64rh3s/yRmE5BohHvCTvFM1HWIY+DD7HEOPqILj/Bmt7aRMZaQ+mR9D5KAK+gBGiSEAe5SznhK1N+HV1MS763gsoTmNVXq4hXuLF7puIQsmm0PfKvgmJNmD6Djapn5xGufnJ2bG0ZYJhcOMobeClgG7jQ/1H4Ef7PTtZ4TfnnjOFDXVrrfYFKmoXoQqGD8bWp4WWJOYdNU4sabOW+YKOrAqn2MvfR2iqwumZkmcWQBm0sT2nBPF1KOICQGR7bgh4TpByZpTSCikLf1cWwPy38B62zcT3fmXRGvQ1SbjzR7QaTi9OJopPGdRxXdIZwPeQucfC1h62jtGIFFsG9F4apYXSVZxEGsjKKomMHIyPA+b4M8Y1a7Q365kQJoQJPWteQtTI2TMg5ydIDtZ4F7kzEyPrDXEgr2Kis0zR4DF8DSoM7gD5d7LnqztvZK2k9gDDoBT3dkL7voj0POrHwZAMvDZmRRi2hPTHOe9l9NkhwBcUJH27fCizZmR878t5skXP5/R05GFhk9cW10Uf0J1N6ChQwlSeuhtzJfBGQJAgc9346lEOBkBpfVfBtcKcyWZbsUGG/qHhUWWuRe0/h8ksBL61yKLeqHMrNM5L2/xFCMNOEVayVMwCNEyg2aKsu6nhMWvqMSEIQM2fsE7ya4brtlT/txf2T7++0lYJtXVo8DgheyS04RhtwwgjlwE+n62/d/bFblxAQCIM8k33RqQ4166xfrQNFzp+ELY6T7MeDDz+g3N5X3TfQQ5Xrzs4SEZZdtpMl0FRtkN4Vh6/g5mHCjlwuXB+dlW/P4QPylrN+3YQ7g5XrBqG40qjAan X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:15:06.7913 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 28c59cef-20c4-4aa8-0fc8-08d89d2f2438 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 5vQFNENh+Xw/XGfJ5UUdwAGxCFFvfIHeF7sKKxoRAQlmpWsdg/Snrp6+ORwOL9X83pNXyaewoKhksOvAEsXG+g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB0149 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky An SEV-ES vCPU requires additional VMCB vCPU load/put requirements. SEV-ES hardware will restore certain registers on VMEXIT, but not save them on VMRUN (see Table B-3 and Table B-4 of the AMD64 APM Volume 2), so make the following changes: General vCPU load changes: - During vCPU loading, perform a VMSAVE to the per-CPU SVM save area and save the current values of XCR0, XSS and PKRU to the per-CPU SVM save area as these registers will be restored on VMEXIT. General vCPU put changes: - Do not attempt to restore registers that SEV-ES hardware has already restored on VMEXIT. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/svm.h | 10 ++++--- arch/x86/kvm/svm/sev.c | 54 ++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 36 ++++++++++++++++--------- arch/x86/kvm/svm/svm.h | 22 +++++++++++----- arch/x86/kvm/x86.c | 3 ++- arch/x86/kvm/x86.h | 1 + 6 files changed, 103 insertions(+), 23 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index a57331de59e2..1c561945b426 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -234,7 +234,8 @@ struct vmcb_save_area { u8 cpl; u8 reserved_2[4]; u64 efer; - u8 reserved_3[112]; + u8 reserved_3[104]; + u64 xss; /* Valid for SEV-ES only */ u64 cr4; u64 cr3; u64 cr0; @@ -265,9 +266,12 @@ struct vmcb_save_area { /* * The following part of the save area is valid only for - * SEV-ES guests when referenced through the GHCB. + * SEV-ES guests when referenced through the GHCB or for + * saving to the host save area. */ - u8 reserved_7[104]; + u8 reserved_7[80]; + u32 pkru; + u8 reserved_7a[20]; u64 reserved_8; /* rax already available at 0x01f8 */ u64 rcx; u64 rdx; diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index e34d3a6dba80..225f18dbf522 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -18,12 +18,15 @@ #include #include +#include #include "x86.h" #include "svm.h" #include "cpuid.h" #include "trace.h" +#define __ex(x) __kvm_handle_fault_on_reboot(x) + static u8 sev_enc_bit; static int sev_flush_asids(void); static DECLARE_RWSEM(sev_deactivate_lock); @@ -1902,3 +1905,54 @@ void sev_es_create_vcpu(struct vcpu_svm *svm) GHCB_VERSION_MIN, sev_enc_bit)); } + +void sev_es_vcpu_load(struct vcpu_svm *svm, int cpu) +{ + struct svm_cpu_data *sd = per_cpu(svm_data, cpu); + struct vmcb_save_area *hostsa; + unsigned int i; + + /* + * As an SEV-ES guest, hardware will restore the host state on VMEXIT, + * of which one step is to perform a VMLOAD. Since hardware does not + * perform a VMSAVE on VMRUN, the host savearea must be updated. + */ + asm volatile(__ex("vmsave") : : "a" (__sme_page_pa(sd->save_area)) : "memory"); + + /* + * Certain MSRs are restored on VMEXIT, only save ones that aren't + * restored. + */ + for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++) { + if (host_save_user_msrs[i].sev_es_restored) + continue; + + rdmsrl(host_save_user_msrs[i].index, svm->host_user_msrs[i]); + } + + /* XCR0 is restored on VMEXIT, save the current host value */ + hostsa = (struct vmcb_save_area *)(page_address(sd->save_area) + 0x400); + hostsa->xcr0 = xgetbv(XCR_XFEATURE_ENABLED_MASK); + + /* PKRU is restored on VMEXIT, save the curent host value */ + hostsa->pkru = read_pkru(); + + /* MSR_IA32_XSS is restored on VMEXIT, save the currnet host value */ + hostsa->xss = host_xss; +} + +void sev_es_vcpu_put(struct vcpu_svm *svm) +{ + unsigned int i; + + /* + * Certain MSRs are restored on VMEXIT and were saved with vmsave in + * sev_es_vcpu_load() above. Only restore ones that weren't. + */ + for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++) { + if (host_save_user_msrs[i].sev_es_restored) + continue; + + wrmsrl(host_save_user_msrs[i].index, svm->host_user_msrs[i]); + } +} diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 46dd28cd1ea6..8fcee4cf4a62 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1418,15 +1418,20 @@ static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu) vmcb_mark_all_dirty(svm->vmcb); } + if (sev_es_guest(svm->vcpu.kvm)) { + sev_es_vcpu_load(svm, cpu); + } else { #ifdef CONFIG_X86_64 - rdmsrl(MSR_GS_BASE, to_svm(vcpu)->host.gs_base); + rdmsrl(MSR_GS_BASE, to_svm(vcpu)->host.gs_base); #endif - savesegment(fs, svm->host.fs); - savesegment(gs, svm->host.gs); - svm->host.ldt = kvm_read_ldt(); + savesegment(fs, svm->host.fs); + savesegment(gs, svm->host.gs); + svm->host.ldt = kvm_read_ldt(); - for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++) - rdmsrl(host_save_user_msrs[i], svm->host_user_msrs[i]); + for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++) + rdmsrl(host_save_user_msrs[i].index, + svm->host_user_msrs[i]); + } if (static_cpu_has(X86_FEATURE_TSCRATEMSR)) { u64 tsc_ratio = vcpu->arch.tsc_scaling_ratio; @@ -1454,19 +1459,24 @@ static void svm_vcpu_put(struct kvm_vcpu *vcpu) avic_vcpu_put(vcpu); ++vcpu->stat.host_state_reload; - kvm_load_ldt(svm->host.ldt); + if (sev_es_guest(svm->vcpu.kvm)) { + sev_es_vcpu_put(svm); + } else { + kvm_load_ldt(svm->host.ldt); #ifdef CONFIG_X86_64 - loadsegment(fs, svm->host.fs); - wrmsrl(MSR_KERNEL_GS_BASE, current->thread.gsbase); - load_gs_index(svm->host.gs); + loadsegment(fs, svm->host.fs); + wrmsrl(MSR_KERNEL_GS_BASE, current->thread.gsbase); + load_gs_index(svm->host.gs); #else #ifdef CONFIG_X86_32_LAZY_GS - loadsegment(gs, svm->host.gs); + loadsegment(gs, svm->host.gs); #endif #endif - for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++) - wrmsrl(host_save_user_msrs[i], svm->host_user_msrs[i]); + for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++) + wrmsrl(host_save_user_msrs[i].index, + svm->host_user_msrs[i]); + } } static unsigned long svm_get_rflags(struct kvm_vcpu *vcpu) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 1cf959cfcbc8..657a4fc0e41f 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -23,15 +23,23 @@ #define __sme_page_pa(x) __sme_set(page_to_pfn(x) << PAGE_SHIFT) -static const u32 host_save_user_msrs[] = { +static const struct svm_host_save_msrs { + u32 index; /* Index of the MSR */ + bool sev_es_restored; /* True if MSR is restored on SEV-ES VMEXIT */ +} host_save_user_msrs[] = { #ifdef CONFIG_X86_64 - MSR_STAR, MSR_LSTAR, MSR_CSTAR, MSR_SYSCALL_MASK, MSR_KERNEL_GS_BASE, - MSR_FS_BASE, + { .index = MSR_STAR, .sev_es_restored = true }, + { .index = MSR_LSTAR, .sev_es_restored = true }, + { .index = MSR_CSTAR, .sev_es_restored = true }, + { .index = MSR_SYSCALL_MASK, .sev_es_restored = true }, + { .index = MSR_KERNEL_GS_BASE, .sev_es_restored = true }, + { .index = MSR_FS_BASE, .sev_es_restored = true }, #endif - MSR_IA32_SYSENTER_CS, MSR_IA32_SYSENTER_ESP, MSR_IA32_SYSENTER_EIP, - MSR_TSC_AUX, + { .index = MSR_IA32_SYSENTER_CS, .sev_es_restored = true }, + { .index = MSR_IA32_SYSENTER_ESP, .sev_es_restored = true }, + { .index = MSR_IA32_SYSENTER_EIP, .sev_es_restored = true }, + { .index = MSR_TSC_AUX, .sev_es_restored = false }, }; - #define NR_HOST_SAVE_USER_MSRS ARRAY_SIZE(host_save_user_msrs) #define MAX_DIRECT_ACCESS_MSRS 18 @@ -583,5 +591,7 @@ int sev_es_string_io(struct vcpu_svm *svm, int size, unsigned int port, int in); void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector); void sev_es_init_vmcb(struct vcpu_svm *svm); void sev_es_create_vcpu(struct vcpu_svm *svm); +void sev_es_vcpu_load(struct vcpu_svm *svm, int cpu); +void sev_es_vcpu_put(struct vcpu_svm *svm); #endif diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 4fd216b61a89..47cb63a2d079 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -197,7 +197,8 @@ EXPORT_SYMBOL_GPL(host_efer); bool __read_mostly allow_smaller_maxphyaddr = 0; EXPORT_SYMBOL_GPL(allow_smaller_maxphyaddr); -static u64 __read_mostly host_xss; +u64 __read_mostly host_xss; +EXPORT_SYMBOL_GPL(host_xss); u64 __read_mostly supported_xss; EXPORT_SYMBOL_GPL(supported_xss); diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index 0e8fe766a4c5..c5d737a0a828 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -278,6 +278,7 @@ fastpath_t handle_fastpath_set_msr_irqoff(struct kvm_vcpu *vcpu); extern u64 host_xcr0; extern u64 supported_xcr0; +extern u64 host_xss; extern u64 supported_xss; static inline bool kvm_mpx_supported(void) From patchwork Thu Dec 10 17:10:08 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965749 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D6D90C433FE for ; Thu, 10 Dec 2020 17:16:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 877E1230FA for ; Thu, 10 Dec 2020 17:16:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404128AbgLJRQd (ORCPT ); Thu, 10 Dec 2020 12:16:33 -0500 Received: from mail-bn7nam10on2081.outbound.protection.outlook.com ([40.107.92.81]:2432 "EHLO NAM10-BN7-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2404159AbgLJRQX (ORCPT ); Thu, 10 Dec 2020 12:16:23 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Hvn6pESUUmBNb9yw2yl4c11fleOfQA2X9BiLeVMAjBbowXvYTLbZYHxajRyz2ERs+xGCeONmVY5jw91BNJr4PKP8ngQN4Y0GB0kVfDB2BDzGigDFS+i0e5VQwo02Q3SRIX+S75+4CZR87R5osJQsdBCZpzbV3GbQ7XSMmasDKEN2pD0bdZSzoMC335mRZ25kjUMSfiZQoOPk4Byi1sH2DgEXEn6OCz3yk9Whn+z6X3SZQvqPhjwBxT6YarMENYJsVFoRYA2dZrUErHvZILzTAWfFhPlsU0A/Mta9veD8qk7J/CpSKBdo/jTF7L6dQT3IdNNBZiFMeMPL+DgQ3JBWBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZQqyfhHhncnDjQhZ7BxnrkhjdxuaF4ucYyRVDrwOPuM=; b=g7s73Kysmgh8qrXhbzdn6ozQhjZvNdjAIYvbl3WvxqFCFeJLg2lkWkT6eYJ9XJdbp6XuaUeUxQauB/rod+K9S4nNBLf7ZSLXp8Vz7ZFuvWeDqUsiohFLA7fnYvUzL46igNmgqXM8naXSD0vp4PzfGz6Ppw7SZeoa7p2iAgBQB5o6mS6jnMOJlKlQOYxcRXcySn8WJC5fE2YELr2t/hJAfZLJUo9oRD81gsioTKsVGOdt6lXxwP6L1C+tkVCt3DP9hLl6a9rsibuxm+y96DbwcKK+8F8pO+UdSMr905HaC+CkKcvYa0bkRtWa6vq0j0g2jrrPcZGBwyUKQLES9SJzmA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZQqyfhHhncnDjQhZ7BxnrkhjdxuaF4ucYyRVDrwOPuM=; b=fSku9234FESBIFVkGQ8Nqw5jlSW4aCDnl+mGVjtybFBZUZjIKpHq5w4lgvnTaaXMdoM+nXWJncvQ3NOROcwtu2C2h6cIDZXx6lg8ZEFJ8WfR7JUVcFPVI5Z4bkM49GTTegY/eCzu54a3Baf8HB2pQLRdMDY2hgyw5xeEj5QQH/k= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR12MB1350.namprd12.prod.outlook.com (2603:10b6:903:41::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.20; Thu, 10 Dec 2020 17:15:15 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:15:15 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 33/34] KVM: SVM: Provide an updated VMRUN invocation for SEV-ES guests Date: Thu, 10 Dec 2020 11:10:08 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR05CA0066.namprd05.prod.outlook.com (2603:10b6:610:38::43) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR05CA0066.namprd05.prod.outlook.com (2603:10b6:610:38::43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.5 via Frontend Transport; Thu, 10 Dec 2020 17:15:14 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 70858637-4614-4b6a-90d2-08d89d2f2953 X-MS-TrafficTypeDiagnostic: CY4PR12MB1350: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 1DC4X2+XOc6nFb7EjTchVLrBI692ml/QQTwoZnNoyerCo7s86O4yywSWjku9txVHx7KUq8rtwKWK98SgyIUXt/sTpVzIYJUXge9ywnEO80Jj+BNZ/nEPuqs5r0Ar4KqRTk7nE4NxFjP9ep0e0fLgDAY8dlLJ2k3glgR0rKDOVOcoCsw1mogKnHLQyC4mb8NQk+UDGlRZJ59UwqVkh1TBReGlM+xvk/QA9EXSCcrzZoDmeAWc7MTVyq+0ltHRTGzLdWQ/i3ER0d0eoN+j5jvSfW0ESlpSYyQqDdH8vuDfvMAItSTw1HSlmdkcVxcD2NmkQUuxCdg0b7o6XLxAchufHnV5ww7C6gMfdqCRiNwi7C3HttnoU681E5R0Q/FCNWew X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(366004)(346002)(136003)(6486002)(8936002)(16526019)(2906002)(2616005)(54906003)(508600001)(86362001)(52116002)(66946007)(36756003)(6666004)(8676002)(7696005)(83380400001)(4326008)(34490700003)(956004)(26005)(66556008)(66476007)(15650500001)(7416002)(5660300002)(186003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: DN6r20NYZHj/Q2KrA1fvTe6E3yKKa/0yZoyfrgVKZYKuDK+r6IzeLJILVmS/n4KQs1qIKQ6TeAIod+NEkgf5+U4+6H9qXF4Dyd0nZyqYZCpol9VAzALoLzGQ+J08YjnHzxeLdfcIo+ymZoCxb7XBZTSlrrpmeUcHp1Qkpj3Y7vR2MKhdWcH49ZAmStd7I3ljRioIa4ZEHsPU4Fp1MIzx3r457RVnnMX96u/852LjIxPLu8NTSpq2HjcEo58pPyGhxKrpUQ+cIA48+3AhYJd/YBTnYHTMz6SkbkEudq4eR6IDJHP1kEfoG6VXpFKjf22GbAKCJhb+qBv1T4VOfCu0HItk3jgToXKqoU6efrVThTcUGcHgwb4R3EL9Uyv9/VycIQZajrQydj4pbv9fWgaI61gRDeXY90/458y3lPKM6dOOz5aiPAWu44He2q5HZk7Q/5cHJBLlPpTL970yuTDrICpaMy1qmI6CyDJzVGylg6Bc1k/OUAX5djBZmc4Bg1zvf2RrepInEEsrOymAXplOBNKPhjUKx6c0vqaq5b/WbS0YEPE2MxcIxZeGzg9f+EyaS4/pMlFpB3v5OO+f6+/aVk9U/AzKTgnMQOccthuP1pw8S7BkDUN0MwoyH+eAmuu+OhaGKxBwfQQNow1TMr281C+lT6wD29bzZLU7rtOgdchaTjFgAqpIB+4XiH2YeaLpIOql7x+zOn5HYrCYeCbG0NWkd5UmlFERpGAQGkpVN0242H2JD38G2+rqWnDfqi+obCN4LhOdqu26YN3gjB1TDzefrVLUJmxVHlfBmH/FCaVpJ4SCh/5152Ur29GTCFAkMak6BlnJGsOOSV3OiuhG2fAjMoL4fCurSXDn7GhPDcsmTw/hZRTKv8znodR6dbasQOoKTDaPj3JPt310GhRNQChFc4jquVkX73ai9CcJ7/w94S3bJnY+qlEeoMNiJQ9ptAoTEVjZ1zvgDzy/lHBzBvDRa4eWgxHGg5wkKXplKn/BrUSFqgUIM4krnRpQfs3V X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:15:15.4051 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 70858637-4614-4b6a-90d2-08d89d2f2953 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: zFrWVtxUEQlqgd1v5nhTG+q0jHr7Q7Fg8fLQpeQ3Kly4t05QeMH1L64wGJP1lJuobUE5qb2TIz7lx8iEC3g2fw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1350 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky The run sequence is different for an SEV-ES guest compared to a legacy or even an SEV guest. The guest vCPU register state of an SEV-ES guest will be restored on VMRUN and saved on VMEXIT. There is no need to restore the guest registers directly and through VMLOAD before VMRUN and no need to save the guest registers directly and through VMSAVE on VMEXIT. Update the svm_vcpu_run() function to skip register state saving and restoring and provide an alternative function for running an SEV-ES guest in vmenter.S Additionally, certain host state is restored across an SEV-ES VMRUN. As a result certain register states are not required to be restored upon VMEXIT (e.g. FS, GS, etc.), so only do that if the guest is not an SEV-ES guest. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/svm.c | 25 ++++++++++++------- arch/x86/kvm/svm/svm.h | 5 ++++ arch/x86/kvm/svm/vmenter.S | 50 ++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/x86.c | 6 +++++ 4 files changed, 77 insertions(+), 9 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 8fcee4cf4a62..e5a4e9032732 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3756,16 +3756,20 @@ static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu, guest_enter_irqoff(); lockdep_hardirqs_on(CALLER_ADDR0); - __svm_vcpu_run(svm->vmcb_pa, (unsigned long *)&svm->vcpu.arch.regs); + if (sev_es_guest(svm->vcpu.kvm)) { + __svm_sev_es_vcpu_run(svm->vmcb_pa); + } else { + __svm_vcpu_run(svm->vmcb_pa, (unsigned long *)&svm->vcpu.arch.regs); #ifdef CONFIG_X86_64 - native_wrmsrl(MSR_GS_BASE, svm->host.gs_base); + native_wrmsrl(MSR_GS_BASE, svm->host.gs_base); #else - loadsegment(fs, svm->host.fs); + loadsegment(fs, svm->host.fs); #ifndef CONFIG_X86_32_LAZY_GS - loadsegment(gs, svm->host.gs); + loadsegment(gs, svm->host.gs); #endif #endif + } /* * VMEXIT disables interrupts (host state), but tracing and lockdep @@ -3863,14 +3867,17 @@ static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu) if (unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL))) svm->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL); - reload_tss(vcpu); + if (!sev_es_guest(svm->vcpu.kvm)) + reload_tss(vcpu); x86_spec_ctrl_restore_host(svm->spec_ctrl, svm->virt_spec_ctrl); - vcpu->arch.cr2 = svm->vmcb->save.cr2; - vcpu->arch.regs[VCPU_REGS_RAX] = svm->vmcb->save.rax; - vcpu->arch.regs[VCPU_REGS_RSP] = svm->vmcb->save.rsp; - vcpu->arch.regs[VCPU_REGS_RIP] = svm->vmcb->save.rip; + if (!sev_es_guest(svm->vcpu.kvm)) { + vcpu->arch.cr2 = svm->vmcb->save.cr2; + vcpu->arch.regs[VCPU_REGS_RAX] = svm->vmcb->save.rax; + vcpu->arch.regs[VCPU_REGS_RSP] = svm->vmcb->save.rsp; + vcpu->arch.regs[VCPU_REGS_RIP] = svm->vmcb->save.rip; + } if (unlikely(svm->vmcb->control.exit_code == SVM_EXIT_NMI)) kvm_before_interrupt(&svm->vcpu); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 657a4fc0e41f..868d30d7b6bf 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -594,4 +594,9 @@ void sev_es_create_vcpu(struct vcpu_svm *svm); void sev_es_vcpu_load(struct vcpu_svm *svm, int cpu); void sev_es_vcpu_put(struct vcpu_svm *svm); +/* vmenter.S */ + +void __svm_sev_es_vcpu_run(unsigned long vmcb_pa); +void __svm_vcpu_run(unsigned long vmcb_pa, unsigned long *regs); + #endif diff --git a/arch/x86/kvm/svm/vmenter.S b/arch/x86/kvm/svm/vmenter.S index 1ec1ac40e328..6feb8c08f45a 100644 --- a/arch/x86/kvm/svm/vmenter.S +++ b/arch/x86/kvm/svm/vmenter.S @@ -168,3 +168,53 @@ SYM_FUNC_START(__svm_vcpu_run) pop %_ASM_BP ret SYM_FUNC_END(__svm_vcpu_run) + +/** + * __svm_sev_es_vcpu_run - Run a SEV-ES vCPU via a transition to SVM guest mode + * @vmcb_pa: unsigned long + */ +SYM_FUNC_START(__svm_sev_es_vcpu_run) + push %_ASM_BP +#ifdef CONFIG_X86_64 + push %r15 + push %r14 + push %r13 + push %r12 +#else + push %edi + push %esi +#endif + push %_ASM_BX + + /* Enter guest mode */ + mov %_ASM_ARG1, %_ASM_AX + sti + +1: vmrun %_ASM_AX + jmp 3f +2: cmpb $0, kvm_rebooting + jne 3f + ud2 + _ASM_EXTABLE(1b, 2b) + +3: cli + +#ifdef CONFIG_RETPOLINE + /* IMPORTANT: Stuff the RSB immediately after VM-Exit, before RET! */ + FILL_RETURN_BUFFER %_ASM_AX, RSB_CLEAR_LOOPS, X86_FEATURE_RETPOLINE +#endif + + pop %_ASM_BX + +#ifdef CONFIG_X86_64 + pop %r12 + pop %r13 + pop %r14 + pop %r15 +#else + pop %esi + pop %edi +#endif + pop %_ASM_BP + ret +SYM_FUNC_END(__svm_sev_es_vcpu_run) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 47cb63a2d079..7cbdca29e39e 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -880,6 +880,9 @@ EXPORT_SYMBOL_GPL(kvm_lmsw); void kvm_load_guest_xsave_state(struct kvm_vcpu *vcpu) { + if (vcpu->arch.guest_state_protected) + return; + if (kvm_read_cr4_bits(vcpu, X86_CR4_OSXSAVE)) { if (vcpu->arch.xcr0 != host_xcr0) @@ -900,6 +903,9 @@ EXPORT_SYMBOL_GPL(kvm_load_guest_xsave_state); void kvm_load_host_xsave_state(struct kvm_vcpu *vcpu) { + if (vcpu->arch.guest_state_protected) + return; + if (static_cpu_has(X86_FEATURE_PKU) && (kvm_read_cr4_bits(vcpu, X86_CR4_PKE) || (vcpu->arch.xcr0 & XFEATURE_MASK_PKRU))) { From patchwork Thu Dec 10 17:10:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11965751 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0C2FCC4361B for ; Thu, 10 Dec 2020 17:17:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9CE6B23D56 for ; Thu, 10 Dec 2020 17:17:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392707AbgLJRRB (ORCPT ); Thu, 10 Dec 2020 12:17:01 -0500 Received: from mail-bn7nam10on2082.outbound.protection.outlook.com ([40.107.92.82]:61760 "EHLO NAM10-BN7-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2404156AbgLJRQf (ORCPT ); Thu, 10 Dec 2020 12:16:35 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lhoNZPZEXYoNZTcyxVV4m9KDcNKz0JlVUEQXCjR/1/YKo7i5N/lEUAbzEcG4OUYsTGwEVhnCaT7fStJboZPszFEP84saaQDKWWoHVwGmxw9RfVbwTsVLM4J9swdC6q6DcwEjDdfs93EHj2Wb6fpSqzNfHrGvinLDAWJ3v1YY4pRXqo+WgOJfiJPYtxHRiwozRsYsMILEcpEbJL2RPXoD4vuGFww21T3ZvSJdh/cm5q7kTIHaqHtviKZHZ9/lBmr5Vd9l395MphVSubLNg/eNqLqrpMkl4iplwMOktxFJ7MQA4+W/7hI4dVeRCKhnoRUXwPun/xt2y4a60MBU213gUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l/VswT3pXWCkvWU8IrE4vGOPu7VEZmb7FZDaWOIngMQ=; b=VSKtuuk72Bm7xDSvxeKNycQg/dPQsyudVExHmh4SOjYW2rcYfJO8a5aF58jfZDYG7BedcyQsVVPggKa3dVrv6UWxAu4hfl07l38iArjmJ1bB3podYY67YId7udwW9heDoeJVVDWl+72vQDeyQ/xjaM3cDy9Tn6QEXNAFyYk94zczIsDzO58rcCEIkt/+JdB4VwZ8xWufe5tW9VARQ4URFEQozDE2ZTRJmuGWA0Q9l/TLpdvuePHt7nsJ4wDDp0wLQK85K7AId0l9seM+R2codZh2l3MEqn+2Fd9jtGE60FC/hsPhWMKNqlLDG7UzxgbruMPYHg449Ulrw6fd/ZKPOw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l/VswT3pXWCkvWU8IrE4vGOPu7VEZmb7FZDaWOIngMQ=; b=OlcDKDcmKOaHSPuWSRvhxtDpszr7yl6u8i03gLQS/nqJ8I/nLusxmwD+vdAoamoud4UjADp5263Ly/GulYdeEegD+4oHtOswRby3eBWevDC3kFr6mglchFvzymJ56CPpPhPqDCCZBh5W7LhC1E+TULC9aRWhbUnBuiA4cbcQlio= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) by CY4PR12MB1350.namprd12.prod.outlook.com (2603:10b6:903:41::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.20; Thu, 10 Dec 2020 17:15:24 +0000 Received: from CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d]) by CY4PR12MB1352.namprd12.prod.outlook.com ([fe80::a10a:295e:908d:550d%8]) with mapi id 15.20.3632.021; Thu, 10 Dec 2020 17:15:24 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v5 34/34] KVM: SVM: Provide support to launch and run an SEV-ES guest Date: Thu, 10 Dec 2020 11:10:09 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CH2PR14CA0031.namprd14.prod.outlook.com (2603:10b6:610:56::11) To CY4PR12MB1352.namprd12.prod.outlook.com (2603:10b6:903:3a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by CH2PR14CA0031.namprd14.prod.outlook.com (2603:10b6:610:56::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Thu, 10 Dec 2020 17:15:22 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 60e466f3-1337-4804-86f9-08d89d2f2e6f X-MS-TrafficTypeDiagnostic: CY4PR12MB1350: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: tgC2ExQdKhEBX4Pr8N/cWZkXxq4ydnR+SN+H2czMWTXhoqa/5WhAUcju9aYZ5gsIIuV6qB43VDF5XkLJ6I9wSbVR0pNckeZLAvch6q6Xs9/N6P7Jc0m6T1KhkaEWMeOonav4FESgTtbOoIpbZHwihy5HNOF+4L0+VRipFKPp7WNIJj+roP6UO3OxSZm2nu8Ev4VOiAsmbDWKhUv2yQ9Z9AZkw0JKcjf4KR1uOEy1oxbTlxDtul5AjpY/xNDcuhFylHiJMCknrOmXrUHb9LyGoIekoRiWnw9dceOY2yYg7OeGS62FNjZd9de6E1f8Fo/rlM4HGFiLrrNp54GH+GyOOwZTsjVCNHTUKHqM+u1GFCZ1Sjl5c9l4hhqdns8kxtrv X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR12MB1352.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(366004)(346002)(136003)(6486002)(8936002)(16526019)(2906002)(2616005)(54906003)(508600001)(86362001)(52116002)(66946007)(36756003)(6666004)(8676002)(7696005)(83380400001)(4326008)(34490700003)(956004)(26005)(66556008)(66476007)(7416002)(5660300002)(186003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: ilUfpCBUk+HrcmoedlK9PB/UPG7wdNDKs3oY6/2pc9SxHAwHXWSdTsnpc0wuTXWxPL3jtrsk0IZq0c1ydoDHWuETS7DdM0jClIgg9bluG8JLwoNH3yPDF9XcpCWttafC4BEkfCP00y3Z/9uztXv1oEeR9Oj/zHns8sP3ycq84yomh+qoJFkatcKHC2+y0sIxrS7eSsGUimmwtYWJKlAaUhE5gKFWOCPTs3rljXk5kKmRS5W7SqKdCMP34lFXdIk9GXPK65P2MMQCgcntI6Bl3+tK1OB/f2IHtcmjq8emT7usPgmqeQ1l6NYpYeM45XNrZREJwy5fV7UVVo5pj1I8wIqUi6A/mdRZuAso4Y5aluogtOgcmus3pXvzecMOnP3W8yl+jQCuCqA9DCWQKTK3v+5ypGJ6EcmXAVsgl1Z0g0HEL0bZxI3K+cKX4JeOd/RWqLYtQASVKIbHUHfuTikEEFOiNoBqY3i/UygRp//YSE417hDbnNQ4Vist4JNvCXtk1MSjiV8U3YDvZ96QqEOCVwx75BmHXpBHkmr+ML6xhWimHbXqGOiVKcD8DBLQe+4QeODy570U+AFZm0v59gocHWE1OapgiDGYnrEePS65YpCfdBr16Igv5fMRVEziP0672L37fPgbnEw4pjN/lrs9pdKzNfRIyo+UdEct01dFzGMfaUnN3MTifP3yIqwwV3wXONeW5pG2FLLvYXU6wN1NViD9m+kLaABSTzL7W1HTY1tvAKUz2UdClxygipAlWe+Vnq+7oMu7uyFBRoAYDMdhadwmAhgOWtGgT/5on/nF/NTxymhVCJM3ypjyTnUdVAX6Ia5O9kK+3xe4CV/oZ9KC2kC8bj2RdgJ8PJEI3Ub8MONPkkRuo/43AJN+XyaPccVSwOahbc3o5R5JaYU6Ejb6CWzVstVAR+j/W4Xnag5esCCBff65grLYkSPhAVAynh8k/gKbW5rRI5pF/CmytZMm3cIhqf+7KB/pDLUp0/uKsMrHR9pf7LOooxznArH8shf1 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: CY4PR12MB1352.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 17:15:23.9760 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 60e466f3-1337-4804-86f9-08d89d2f2e6f X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: /2xXVz8+p+Sx7oPp3EDVPM7jkk3Pkjb63hQiWStexxUNkGRYJc5saHMkvCaUJha3I7vSzA0Ku25Frsw4CJoy7Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1350 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky An SEV-ES guest is started by invoking a new SEV initialization ioctl, KVM_SEV_ES_INIT. This identifies the guest as an SEV-ES guest, which is used to drive the appropriate ASID allocation, VMSA encryption, etc. Before being able to run an SEV-ES vCPU, the vCPU VMSA must be encrypted and measured. This is done using the LAUNCH_UPDATE_VMSA command after all calls to LAUNCH_UPDATE_DATA have been performed, but before LAUNCH_MEASURE has been performed. In order to establish the encrypted VMSA, the current (traditional) VMSA and the GPRs are synced to the page that will hold the encrypted VMSA and then LAUNCH_UPDATE_VMSA is invoked. The vCPU is then marked as having protected guest state. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 104 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 225f18dbf522..89f6fe4468c5 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -203,6 +203,16 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_es_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + if (!sev_es) + return -ENOTTY; + + to_kvm_svm(kvm)->sev_info.es_active = true; + + return sev_guest_init(kvm, argp); +} + static int sev_bind_asid(struct kvm *kvm, unsigned int handle, int *error) { struct sev_data_activate *data; @@ -502,6 +512,94 @@ static int sev_launch_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_es_sync_vmsa(struct vcpu_svm *svm) +{ + struct vmcb_save_area *save = &svm->vmcb->save; + + /* Check some debug related fields before encrypting the VMSA */ + if (svm->vcpu.guest_debug || (save->dr7 & ~DR7_FIXED_1)) + return -EINVAL; + + /* Sync registgers */ + save->rax = svm->vcpu.arch.regs[VCPU_REGS_RAX]; + save->rbx = svm->vcpu.arch.regs[VCPU_REGS_RBX]; + save->rcx = svm->vcpu.arch.regs[VCPU_REGS_RCX]; + save->rdx = svm->vcpu.arch.regs[VCPU_REGS_RDX]; + save->rsp = svm->vcpu.arch.regs[VCPU_REGS_RSP]; + save->rbp = svm->vcpu.arch.regs[VCPU_REGS_RBP]; + save->rsi = svm->vcpu.arch.regs[VCPU_REGS_RSI]; + save->rdi = svm->vcpu.arch.regs[VCPU_REGS_RDI]; + save->r8 = svm->vcpu.arch.regs[VCPU_REGS_R8]; + save->r9 = svm->vcpu.arch.regs[VCPU_REGS_R9]; + save->r10 = svm->vcpu.arch.regs[VCPU_REGS_R10]; + save->r11 = svm->vcpu.arch.regs[VCPU_REGS_R11]; + save->r12 = svm->vcpu.arch.regs[VCPU_REGS_R12]; + save->r13 = svm->vcpu.arch.regs[VCPU_REGS_R13]; + save->r14 = svm->vcpu.arch.regs[VCPU_REGS_R14]; + save->r15 = svm->vcpu.arch.regs[VCPU_REGS_R15]; + save->rip = svm->vcpu.arch.regs[VCPU_REGS_RIP]; + + /* Sync some non-GPR registers before encrypting */ + save->xcr0 = svm->vcpu.arch.xcr0; + save->pkru = svm->vcpu.arch.pkru; + save->xss = svm->vcpu.arch.ia32_xss; + + /* + * SEV-ES will use a VMSA that is pointed to by the VMCB, not + * the traditional VMSA that is part of the VMCB. Copy the + * traditional VMSA as it has been built so far (in prep + * for LAUNCH_UPDATE_VMSA) to be the initial SEV-ES state. + */ + memcpy(svm->vmsa, save, sizeof(*save)); + + return 0; +} + +static int sev_launch_update_vmsa(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_launch_update_vmsa *vmsa; + int i, ret; + + if (!sev_es_guest(kvm)) + return -ENOTTY; + + vmsa = kzalloc(sizeof(*vmsa), GFP_KERNEL); + if (!vmsa) + return -ENOMEM; + + for (i = 0; i < kvm->created_vcpus; i++) { + struct vcpu_svm *svm = to_svm(kvm->vcpus[i]); + + /* Perform some pre-encryption checks against the VMSA */ + ret = sev_es_sync_vmsa(svm); + if (ret) + goto e_free; + + /* + * The LAUNCH_UPDATE_VMSA command will perform in-place + * encryption of the VMSA memory content (i.e it will write + * the same memory region with the guest's key), so invalidate + * it first. + */ + clflush_cache_range(svm->vmsa, PAGE_SIZE); + + vmsa->handle = sev->handle; + vmsa->address = __sme_pa(svm->vmsa); + vmsa->len = PAGE_SIZE; + ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_UPDATE_VMSA, vmsa, + &argp->error); + if (ret) + goto e_free; + + svm->vcpu.arch.guest_state_protected = true; + } + +e_free: + kfree(vmsa); + return ret; +} + static int sev_launch_measure(struct kvm *kvm, struct kvm_sev_cmd *argp) { void __user *measure = (void __user *)(uintptr_t)argp->data; @@ -959,12 +1057,18 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_INIT: r = sev_guest_init(kvm, &sev_cmd); break; + case KVM_SEV_ES_INIT: + r = sev_es_guest_init(kvm, &sev_cmd); + break; case KVM_SEV_LAUNCH_START: r = sev_launch_start(kvm, &sev_cmd); break; case KVM_SEV_LAUNCH_UPDATE_DATA: r = sev_launch_update_data(kvm, &sev_cmd); break; + case KVM_SEV_LAUNCH_UPDATE_VMSA: + r = sev_launch_update_vmsa(kvm, &sev_cmd); + break; case KVM_SEV_LAUNCH_MEASURE: r = sev_launch_measure(kvm, &sev_cmd); break;