From patchwork Thu Feb 4 00:36:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 12065843 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 32333C433E0 for ; Thu, 4 Feb 2021 00:37:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EE43F64F6A for ; Thu, 4 Feb 2021 00:37:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234016AbhBDAhd (ORCPT ); Wed, 3 Feb 2021 19:37:33 -0500 Received: from mail-dm6nam12on2045.outbound.protection.outlook.com ([40.107.243.45]:57185 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S233343AbhBDAhb (ORCPT ); Wed, 3 Feb 2021 19:37:31 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PG6DZUIPfP2TRdYCy8oAe8BEMV9XSizNPN7LRd+7kEryA+p7I6SzyRwDpL+3b5ABAh4JuMzgh55hV5NwrDsyn/BFJ4GCkU0qabiOOtttc5CFuoldwuHzTyLnokUZmIVLv58v17F4L9kU7LttCk3tkg4EnR2g7zXD8rfl3FjjSHp8pA+4ESzASGXSlh+87Z1lKRxfw0d8856ja5A5zufOQclyVK6aYMLrbWLxtFhSniEMkrdVAhiXHajeFeXSkYM+vHr08IdaNFqSXL1bbKkdAMKQvsG2rCgbthZ6i2t+9A6HaRb2bhksKgdmztWbTBUA6qLn07nF7fmkj7knzdTtHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rV4tmI0JPaYZJop2XHUnckbXZPG53Y5sV70d3NFdtGA=; b=gqrzIgA+UQdatomxFzH7sSn6+Rccfc12zIS2rkuLOneEtKOYuNv6ZU1q7XAjahZ9Kz0Hba5Ya2ES6741YiZEcIe0jyNDeUlpmcTj8DrZy8/hWC1StnQUYfULIbRKxYO2wIX68MddSRKFwVugMiJ+A2YsYA4IF4EYi3xi8+TyEbF5xgP0VhxPgRCza5YCr79QqDlgUB5m0xE49RJjDxrFb8woMFwYHt4LAlmpIst+L2J3FXvYR0q+VLibTEG/yonSpvDi+bkSFiesfb6lvFUUO3n6DF0LOQnZI3G4PaIfONZ3PeOfAz5KXlTJDKx+RlpMlZNMcSdZxBWo8wHGNfKZjA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rV4tmI0JPaYZJop2XHUnckbXZPG53Y5sV70d3NFdtGA=; b=jDlu6dDaITZVML39wfUtffxErxEoNAT9UejaVmCxVZPRzARKtmZLWGGY4WWEL14Nq321VBGv5cza0xM5Qri1NLPhTCsDtu0RYZ/VueJ4087EoHi3eQdjL0LNmGTQ2OGCnNe2AODA9UwGVVWsOaHCqkwDLZLF3TS/v9tgtR4JDWM= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.16; Thu, 4 Feb 2021 00:36:37 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e%7]) with mapi id 15.20.3805.028; Thu, 4 Feb 2021 00:36:37 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, seanjc@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v10 01/16] KVM: SVM: Add KVM_SEV SEND_START command Date: Thu, 4 Feb 2021 00:36:28 +0000 Message-Id: <48c18d02e68856fcc667dc95c965132f42080fb3.1612398155.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0071.namprd11.prod.outlook.com (2603:10b6:806:d2::16) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SA0PR11CA0071.namprd11.prod.outlook.com (2603:10b6:806:d2::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.17 via Frontend Transport; Thu, 4 Feb 2021 00:36:37 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: e9a6b339-b1db-4224-8eba-08d8c8a4ee8e X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6108; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ZtNHZNn8ydwiSDhducu4+bgmRccLQ2Wm1u4M4swGFz8mnuGyK5qnIIwIBsO459ZvkrhKydsn1AV0xRw4S1lGG9NySLFzVHPCJb9zfsdOeOHGdu1bouVRbmAVhGS+qvJW7B6r/zKzZ/NSAdANeRhtD3d2Hmx33E0RWa/hMQHsGROfhrvnnq3c2TWaU/B4yOxatsZcNH+SDYeRSkxsJ5EWjM+GdTXqXucLiDvRalakBrW9sW56uOkD4M3sJGa9OrqlaEGfmkrUpPi5iW+KBVtF08LyHMbItXDecvy/2ogxAuyhjs5tYpr0A5AAP7hLZYKeCnSQ0SVOUpWPWMrZkVXhDLcTlJUND0mC7YwgRX0LQ2PSdksXuYXHUderWW/fP7pWM9yb1Dzt9+IkkL2Gc2r873yl9WaEHK2BtIbYFoHpX/jZP6wHz64xynu9VBmU/70CiPOkHHOabzBlU7f9bS+wZPRMXYqZ5f7Hi+K0m0jffr2Fmn8J66etX/gnJSXVdO2xFzZa8caVxS/G435RWOVjnw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39850400004)(366004)(346002)(376002)(396003)(8936002)(4326008)(66556008)(86362001)(6666004)(66476007)(2906002)(186003)(478600001)(26005)(6916009)(6486002)(5660300002)(52116002)(16526019)(36756003)(7696005)(7416002)(66946007)(83380400001)(8676002)(956004)(2616005)(66574015)(316002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?1LZzPy2pH6N1X70235KQT/ti0Bgnrm?= =?utf-8?q?uYL8l9/Kp+c7yvX/Ff/rNwZEE0wjNkEeFN5aT+8+8LksK2XQhJB4UZmrMGrQGIjvl?= =?utf-8?q?at5LvBWxBCxTJf059em8E/uuim+8qygzMTfvWyjD6fSg/lXKfoS4vKCgN/JrMnNvc?= =?utf-8?q?ovw+BFjGdva8zMRXJDiFObhR1DOMRUMdqqRBooGthh7OLPnReILY+h4srJ79BKliJ?= =?utf-8?q?xwr4SbsyYWK9cBHSSQkKpn92lI1GzWTPl8yul1VkiY5M6ZtlGoybxPjUOPa+1lTM5?= =?utf-8?q?zDkNr2z9iwnBfseH9DG9aOyqFEuUW+cYmsNeem9rO/h1rvrGC6GkwuMcNippYayGh?= =?utf-8?q?xfixvMde76Wbl9dbHeVNFFWEonvLRQ/7x2OICMcaQqNQdGiKCiUwKwi/xiuDvPJVE?= =?utf-8?q?olyYRYy7yVfYfrwXezQneHTrJzDL2fLqe9q75gJzPk3/MEIxfVzcrjBxD+d6icHVH?= =?utf-8?q?/EEnRwKo11UHCITmhkhc77903JNVkM75gidLyWhnlwYLnYXlEWRVflC5Iy3kpdntS?= =?utf-8?q?mAeeYuvn1veo83sfpxCgZS7lDN6lfVeh+vlaeFAtKKXwM9cFGC4oYNPg67ML3cIRy?= =?utf-8?q?JTMRyS85q/i8BY84hFPwKkPz3ZKkYSicSLBA+k2HYYMOZacWDzFcYDhF3I+I/1a8g?= =?utf-8?q?xRz1smJ/u8VHyvJeb5CVBiWL64tC0X7VsPOk8ERVg3IwjI7ASWzPSjvqSNxMPXsm+?= =?utf-8?q?SuTB1AlznUhbXw596QfEAjBM0+cOu7qHAgxnFBliRe/josukt6KA6QvX2zisiZcmP?= =?utf-8?q?tgrQtPG57Pz0b+y7av2RU2Ua6x9ElwP4UGAmPeFUnt5v4nkYa4lGHRZ1WhMjHNBCM?= =?utf-8?q?+Q++Sl9XkS7c+o+jESwrCjHjhxzdg7BzTUI1xTqyZTG10Fo5msQ/lvQpElfTgfmfY?= =?utf-8?q?4rFZwOCVhyon0A0i0Qur8YssX92Rhfz+0bHEQlDLyfs/6BMoMaX/EN4YoysqpkwRC?= =?utf-8?q?127y20WEN2Fb4T5V9YJ9HYdL8FsaHhalEssvpKhouiXyrGndcVCF9+hLLr0SB0U/e?= =?utf-8?q?bT1OzDxskWaWoSPpuchefRheZ0wF2uneTn5Uo2kHXihwqByGZjJAwpK0V1W78dy9k?= =?utf-8?q?Zj8CRHEJwetHueYqIkU/USXjhFyDHqqJKPYi7pH/hO+GfbNeq9x8U01yPC0aQkr4B?= =?utf-8?q?PGW0xoIVKgH10R0LhZI6KLtjjB66T93g7XSZFahNrLQyfpBlr2xsllaxiVnS0K2Jh?= =?utf-8?q?BC/TzUYpflrOhF7UgG15gZHQK+ETuEh65YxH0U9eiHQKlBx1YEYGikUbRECXe1wAl?= =?utf-8?q?cjwaqbBAz5QrQt?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: e9a6b339-b1db-4224-8eba-08d8c8a4ee8e X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Feb 2021 00:36:37.7026 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: kdDpSJrbYif1TIZMWpFU9qIsepUEdN9FeqezCZ6jZY8AOed1eTz/6r0oBuGc41h4s83mvsKPYYR8CdFYgkISww== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The command is used to create an outgoing SEV guest encryption context. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Steve Rutherford Reviewed-by: Venu Busireddy Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- .../virt/kvm/amd-memory-encryption.rst | 27 ++++ arch/x86/kvm/svm/sev.c | 125 ++++++++++++++++++ include/linux/psp-sev.h | 8 +- include/uapi/linux/kvm.h | 12 ++ 4 files changed, 168 insertions(+), 4 deletions(-) diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst index 09a8f2a34e39..9f9896b72d36 100644 --- a/Documentation/virt/kvm/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/amd-memory-encryption.rst @@ -263,6 +263,33 @@ Returns: 0 on success, -negative on error __u32 trans_len; }; +10. KVM_SEV_SEND_START +---------------------- + +The KVM_SEV_SEND_START command can be used by the hypervisor to create an +outgoing guest encryption context. + +Parameters (in): struct kvm_sev_send_start + +Returns: 0 on success, -negative on error + +:: + struct kvm_sev_send_start { + __u32 policy; /* guest policy */ + + __u64 pdh_cert_uaddr; /* platform Diffie-Hellman certificate */ + __u32 pdh_cert_len; + + __u64 plat_certs_uaddr; /* platform certificate chain */ + __u32 plat_certs_len; + + __u64 amd_certs_uaddr; /* AMD certificate */ + __u32 amd_certs_len; + + __u64 session_uaddr; /* Guest session information */ + __u32 session_len; + }; + References ========== diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index ac652bc476ae..3026c7fd2ffc 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1039,6 +1039,128 @@ static int sev_launch_secret(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +/* Userspace wants to query session length. */ +static int +__sev_send_start_query_session_length(struct kvm *kvm, struct kvm_sev_cmd *argp, + struct kvm_sev_send_start *params) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_send_start *data; + int ret; + + data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT); + if (data == NULL) + return -ENOMEM; + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_START, data, &argp->error); + + params->session_len = data->session_len; + if (copy_to_user((void __user *)(uintptr_t)argp->data, params, + sizeof(struct kvm_sev_send_start))) + ret = -EFAULT; + + kfree(data); + return ret; +} + +static int sev_send_start(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_send_start *data; + struct kvm_sev_send_start params; + void *amd_certs, *session_data; + void *pdh_cert, *plat_certs; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, + sizeof(struct kvm_sev_send_start))) + return -EFAULT; + + /* if session_len is zero, userspace wants to query the session length */ + if (!params.session_len) + return __sev_send_start_query_session_length(kvm, argp, + ¶ms); + + /* some sanity checks */ + if (!params.pdh_cert_uaddr || !params.pdh_cert_len || + !params.session_uaddr || params.session_len > SEV_FW_BLOB_MAX_SIZE) + return -EINVAL; + + /* allocate the memory to hold the session data blob */ + session_data = kmalloc(params.session_len, GFP_KERNEL_ACCOUNT); + if (!session_data) + return -ENOMEM; + + /* copy the certificate blobs from userspace */ + pdh_cert = psp_copy_user_blob(params.pdh_cert_uaddr, + params.pdh_cert_len); + if (IS_ERR(pdh_cert)) { + ret = PTR_ERR(pdh_cert); + goto e_free_session; + } + + plat_certs = psp_copy_user_blob(params.plat_certs_uaddr, + params.plat_certs_len); + if (IS_ERR(plat_certs)) { + ret = PTR_ERR(plat_certs); + goto e_free_pdh; + } + + amd_certs = psp_copy_user_blob(params.amd_certs_uaddr, + params.amd_certs_len); + if (IS_ERR(amd_certs)) { + ret = PTR_ERR(amd_certs); + goto e_free_plat_cert; + } + + data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT); + if (data == NULL) { + ret = -ENOMEM; + goto e_free_amd_cert; + } + + /* populate the FW SEND_START field with system physical address */ + data->pdh_cert_address = __psp_pa(pdh_cert); + data->pdh_cert_len = params.pdh_cert_len; + data->plat_certs_address = __psp_pa(plat_certs); + data->plat_certs_len = params.plat_certs_len; + data->amd_certs_address = __psp_pa(amd_certs); + data->amd_certs_len = params.amd_certs_len; + data->session_address = __psp_pa(session_data); + data->session_len = params.session_len; + data->handle = sev->handle; + + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_START, data, &argp->error); + + if (!ret && copy_to_user((void __user *)(uintptr_t)params.session_uaddr, + session_data, params.session_len)) { + ret = -EFAULT; + goto e_free; + } + + params.policy = data->policy; + params.session_len = data->session_len; + if (copy_to_user((void __user *)(uintptr_t)argp->data, ¶ms, + sizeof(struct kvm_sev_send_start))) + ret = -EFAULT; + +e_free: + kfree(data); +e_free_amd_cert: + kfree(amd_certs); +e_free_plat_cert: + kfree(plat_certs); +e_free_pdh: + kfree(pdh_cert); +e_free_session: + kfree(session_data); + return ret; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -1089,6 +1211,9 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_LAUNCH_SECRET: r = sev_launch_secret(kvm, &sev_cmd); break; + case KVM_SEV_SEND_START: + r = sev_send_start(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 49d155cd2dfe..454f35904d47 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -325,11 +325,11 @@ struct sev_data_send_start { u64 pdh_cert_address; /* In */ u32 pdh_cert_len; /* In */ u32 reserved1; - u64 plat_cert_address; /* In */ - u32 plat_cert_len; /* In */ + u64 plat_certs_address; /* In */ + u32 plat_certs_len; /* In */ u32 reserved2; - u64 amd_cert_address; /* In */ - u32 amd_cert_len; /* In */ + u64 amd_certs_address; /* In */ + u32 amd_certs_len; /* In */ u32 reserved3; u64 session_address; /* In */ u32 session_len; /* In/Out */ diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 374c67875cdb..8f538fd873f6 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1645,6 +1645,18 @@ struct kvm_sev_dbg { __u32 len; }; +struct kvm_sev_send_start { + __u32 policy; + __u64 pdh_cert_uaddr; + __u32 pdh_cert_len; + __u64 plat_certs_uaddr; + __u32 plat_certs_len; + __u64 amd_certs_uaddr; + __u32 amd_certs_len; + __u64 session_uaddr; + __u32 session_len; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Thu Feb 4 00:36:57 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 12065845 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3CE3DC433E0 for ; Thu, 4 Feb 2021 00:38:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EAF4364F5C for ; Thu, 4 Feb 2021 00:38:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234233AbhBDAiA (ORCPT ); Wed, 3 Feb 2021 19:38:00 -0500 Received: from mail-dm6nam12on2045.outbound.protection.outlook.com ([40.107.243.45]:57185 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S234122AbhBDAhz (ORCPT ); Wed, 3 Feb 2021 19:37:55 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JzX4PJu+OfSvnKYvYMxyvEsam4iQNR4WM6L0UoD9YuOTz+c9iArUOU07Bpymf16Pd8sQiWtyekf+WmB+TMB5gMFx3lhlT8ANQgpmdrVh88jG0PBdpD86Pucg7uieUURvan2jf/lrTRHuvxLZmwjoljiL2CQIShEOZHs7fRfioASOT6W/sjWdrVQpJfFWS+yyrfOSkfbGImlvy50rMVy4ISIYz2SXfrosObJZRXw/YYb3xXib9S+JXdS0lxgCCKJ7hom2hQZ4q8UROFQRio/BuHqQJAJQnkpxJmuo5IsUq8exFuED/7tS22Nyjgadjj0Bg5mOgI2xARPGJxQVh5hRTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bykBY3MiAJo9G5X+vgpvDHuOkhNLZlEh5jPLcGxhGfI=; b=mdvfuu/qJWVuesEsze6oQja/2nzl/EhklETadKZpZR2EzUEN+NnNfqoy2LlMN9nDRG6li+JdukrPchcWA/9UmdGvKUO+JwLs9aNqLSSxG2pFFsd0Qx7VjkDll3Ipa3+jZQK/NZd/fVePZ16/ziDYyJX1kZ6/m57xdmWd+wueZzwTJPEkbVSAI1jkPaE2pJzCfCymQglvaOcmrZBD4ZE+2BNq2D34wNnWAsOdCNN5I4k/ueNkAAQAb91tLgO727FDoPugucIsHRyAvMQgP5kUfB4PW7q+qkzSvme0T00LA63FdfUtqWYewl0dhkIc+wxRrFsc8EcXWzNqjC7BoVVvIw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bykBY3MiAJo9G5X+vgpvDHuOkhNLZlEh5jPLcGxhGfI=; b=DP94ceASXGb0YKLb+7VAZxcvP3KjVD5o74yjIwUH49aVILrSK+7URUf1apVj2OLoZyYs3RxqVZdziKNq3+9+pZIWkx+q5smwk6Sop5IucGsuomKs6TkshluGsdo5EK+RRgzG4l1Taptt0P5ZSH5FA+T7ns5uU5yonHcV20yxH1k= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.16; Thu, 4 Feb 2021 00:37:06 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e%7]) with mapi id 15.20.3805.028; Thu, 4 Feb 2021 00:37:06 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, seanjc@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v10 02/16] KVM: SVM: Add KVM_SEND_UPDATE_DATA command Date: Thu, 4 Feb 2021 00:36:57 +0000 Message-Id: <5d48b40c36d82c8a5ef2a68236a8e5e115e4e275.1612398155.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN6PR05CA0036.namprd05.prod.outlook.com (2603:10b6:805:de::49) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN6PR05CA0036.namprd05.prod.outlook.com (2603:10b6:805:de::49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.15 via Frontend Transport; Thu, 4 Feb 2021 00:37:05 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 73a20b8b-36d7-4f79-da0a-08d8c8a4ff9c X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: MdBZ66tF3KyMe1sMETd1Ul44+k1Q7/94ALHdRVWfQNZiKlZGzL+j8qh8k238YPOkG6h4pADCL/HNDA4yRHFokOzsvTDvqxqEBm2AUJ0vDSw2AH1KkkDiJhiu3RbmekOVbkS7SJcohK5fe4K/ggF5tD5fklquvS0n9e84J1fpfWoSb3Yx2Ds9avtAcdk6ZW0Owefhn9iVHPWBKJUjXE0N0J6Ti5zYAhTUj76PmXrtdqGZKut2jrjHJGJpwJmWpwS1RCjZxcTiSFga+RCLQA5uKEciyx8SaJQVyoGh+s4GlXtP4CuAHAboJKRwuMrZ/x57yXKmfHf6lqJlUnfGo5jmsyz6pInBpqehgmPUUnd6UyUWuVc32lBiJwE+eRqYxkIXmZz2DPKl6f8mJO/wqL/vdN8R4FGuYsi0VdR8O08at3yYwEcC+hzm8YFf7j0W30yNRx9d04OUwUdy7X/M+gUc6G9yQjjXFvFzWI89WaxfFJJ+C9x0GnZ36dj0OyFYw8NNZ59ZvPiAaRAt/Cu9hNKl9w== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39850400004)(366004)(346002)(376002)(396003)(8936002)(4326008)(66556008)(86362001)(6666004)(66476007)(2906002)(186003)(478600001)(26005)(6916009)(6486002)(5660300002)(52116002)(16526019)(36756003)(7696005)(7416002)(66946007)(83380400001)(8676002)(956004)(2616005)(66574015)(316002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?Wp9DaFc9IQyI7Nf3NS8qNXq2w7Kq/7?= =?utf-8?q?NonfyQlxGwf9pS9ruiR4yNqfu9RDMf4i+SfOHQxEEgvm4ugngs4OKqaNOmOH4S5Os?= =?utf-8?q?KOjIzb77ctbHbrvPQ5xPiDbT1wt0buYbzdxH7EBZhFgqgqKdzw91QbhQrTL81CDBU?= =?utf-8?q?F914Whq0nQA4kSpBIVhnjUQQPPMva5l+GRvu9kXsGA0tfppQ9ut/yIKppyVk4gO52?= =?utf-8?q?i4rUfcNC1hNVui11epX0xbvHFCQmgbexvO3Xu2QUYSVoB8gQYjYyZ3zj2tLEUeiZ8?= =?utf-8?q?/Zr4UJOAWrb2UsI+Xv/ljHg/IVUoa0+xhIINE3hRM4gQ+L9hrScdAYR+YZFIV9U2j?= =?utf-8?q?bI5qGmF1fUftyDYCQR0nmQFbxgUO/kZNVoJlqVaw2q6/F0JNN5YgRYfa1P9ew4Xn1?= =?utf-8?q?kZzdcMNWnJ8TLooX6QYkN5WydI5RSVQ1n0OsDzWW5ExARwcJtKN+Z5xVeJaouO7V4?= =?utf-8?q?poP4gy7MypSKeGgly6I/r1l8t6nt7WQ6HDofFpF/LpsQnmxLjPI9YhdyOeRK3Uvra?= =?utf-8?q?PF5R/P40g7Xa4k7ZSUv5OIO3PQRiacOrVBP9z22kmrhsW0MskXQ9zsFT6kxilnMqD?= =?utf-8?q?2P5rT71VE1polljxogPbWCim3wGHtjnSYJAOLRtLu9365NmceytUKjS5Qy233AgD9?= =?utf-8?q?4JY1GBFsprms+e7h11IgQo7avtr8oK/ooix2JrnnaGCVVl8QBAELmVdiJDLesNJfi?= =?utf-8?q?kMW2ovnF/dxMyK9xZ8jOkr2LV1F4NgyN9ngMlJdCUVfYJcy2tM+Tf3qrftKhbwqdy?= =?utf-8?q?nYGUpSFQHwiULAwtss4CO1N8mG6ha8ulTfSZaoqhVlOwT2H5WhTGmNMP1qhX74lk0?= =?utf-8?q?QKPsfjGmft6tM1cbnQgKh4dSgqTYSPUU1FqBXUp2vHldCWLzK3Zilz3y0bQiMM91+?= =?utf-8?q?iqXQfBGjnwUMYZKi0pjhglQ2rVDfp7SSgx2QJYd3oGO1ZDr2Y8QEYC5CIjdvgIo/g?= =?utf-8?q?bccPmkxJtxtGV2Q2VbdasQSHo0Bl8p4ZkgzJK4qI0/MYm3rLWFmDnKTHf7G435bUV?= =?utf-8?q?PFBQaF8UsP3NeuzyfvudmbDfvtdhKtx3YpMNBYmNfFrhKd+uD4Vjxsa3QUwbjoAOO?= =?utf-8?q?5enHV/lvUs+tsNSHkAzjGcYkbYZd8r0xbfjEaOgUK2DgsagtxUAzfTb6ClQHV0f19?= =?utf-8?q?XnBD76+H4kWXYjkoPj9xXqIkEzL2f6wAHMdpuWu8w+WP3NAOW1Uu5kVkFeV+Eh6OV?= =?utf-8?q?WGZe8gpQuXWmH3uYf0nhXAu8CQEcLlvL9QYesVwfFDl1rTSSfraGt8s+DqUgT4oiK?= =?utf-8?q?CUAySxm6bRKKL8?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 73a20b8b-36d7-4f79-da0a-08d8c8a4ff9c X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Feb 2021 00:37:06.3125 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: NwDFtzlaGTwDf/cyJ9lNXxLjTGBZDigp4pbW9DLLj31IPCcxRFcEzih5j8u+44pqibMUdN9iDAjndMze0x1iZg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The command is used for encrypting the guest memory region using the encryption context created with KVM_SEV_SEND_START. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by : Steve Rutherford Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- .../virt/kvm/amd-memory-encryption.rst | 24 ++++ arch/x86/kvm/svm/sev.c | 122 ++++++++++++++++++ include/uapi/linux/kvm.h | 9 ++ 3 files changed, 155 insertions(+) diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst index 9f9896b72d36..8bed1d801558 100644 --- a/Documentation/virt/kvm/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/amd-memory-encryption.rst @@ -290,6 +290,30 @@ Returns: 0 on success, -negative on error __u32 session_len; }; +11. KVM_SEV_SEND_UPDATE_DATA +---------------------------- + +The KVM_SEV_SEND_UPDATE_DATA command can be used by the hypervisor to encrypt the +outgoing guest memory region with the encryption context creating using +KVM_SEV_SEND_START. + +Parameters (in): struct kvm_sev_send_update_data + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_launch_send_update_data { + __u64 hdr_uaddr; /* userspace address containing the packet header */ + __u32 hdr_len; + + __u64 guest_uaddr; /* the source memory region to be encrypted */ + __u32 guest_len; + + __u64 trans_uaddr; /* the destition memory region */ + __u32 trans_len; + }; + References ========== diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 3026c7fd2ffc..98e46ae1cba3 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -33,6 +33,7 @@ static DECLARE_RWSEM(sev_deactivate_lock); static DEFINE_MUTEX(sev_bitmap_lock); unsigned int max_sev_asid; static unsigned int min_sev_asid; +static unsigned long sev_me_mask; static unsigned long *sev_asid_bitmap; static unsigned long *sev_reclaim_asid_bitmap; @@ -1161,6 +1162,123 @@ static int sev_send_start(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +/* Userspace wants to query either header or trans length. */ +static int +__sev_send_update_data_query_lengths(struct kvm *kvm, struct kvm_sev_cmd *argp, + struct kvm_sev_send_update_data *params) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_send_update_data *data; + int ret; + + data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT); + if (!data) + return -ENOMEM; + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_UPDATE_DATA, data, &argp->error); + + params->hdr_len = data->hdr_len; + params->trans_len = data->trans_len; + + if (copy_to_user((void __user *)(uintptr_t)argp->data, params, + sizeof(struct kvm_sev_send_update_data))) + ret = -EFAULT; + + kfree(data); + return ret; +} + +static int sev_send_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_send_update_data *data; + struct kvm_sev_send_update_data params; + void *hdr, *trans_data; + struct page **guest_page; + unsigned long n; + int ret, offset; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, + sizeof(struct kvm_sev_send_update_data))) + return -EFAULT; + + /* userspace wants to query either header or trans length */ + if (!params.trans_len || !params.hdr_len) + return __sev_send_update_data_query_lengths(kvm, argp, ¶ms); + + if (!params.trans_uaddr || !params.guest_uaddr || + !params.guest_len || !params.hdr_uaddr) + return -EINVAL; + + /* Check if we are crossing the page boundary */ + offset = params.guest_uaddr & (PAGE_SIZE - 1); + if ((params.guest_len + offset > PAGE_SIZE)) + return -EINVAL; + + /* Pin guest memory */ + guest_page = sev_pin_memory(kvm, params.guest_uaddr & PAGE_MASK, + PAGE_SIZE, &n, 0); + if (!guest_page) + return -EFAULT; + + /* allocate memory for header and transport buffer */ + ret = -ENOMEM; + hdr = kmalloc(params.hdr_len, GFP_KERNEL_ACCOUNT); + if (!hdr) + goto e_unpin; + + trans_data = kmalloc(params.trans_len, GFP_KERNEL_ACCOUNT); + if (!trans_data) + goto e_free_hdr; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + goto e_free_trans_data; + + data->hdr_address = __psp_pa(hdr); + data->hdr_len = params.hdr_len; + data->trans_address = __psp_pa(trans_data); + data->trans_len = params.trans_len; + + /* The SEND_UPDATE_DATA command requires C-bit to be always set. */ + data->guest_address = (page_to_pfn(guest_page[0]) << PAGE_SHIFT) + + offset; + data->guest_address |= sev_me_mask; + data->guest_len = params.guest_len; + data->handle = sev->handle; + + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_UPDATE_DATA, data, &argp->error); + + if (ret) + goto e_free; + + /* copy transport buffer to user space */ + if (copy_to_user((void __user *)(uintptr_t)params.trans_uaddr, + trans_data, params.trans_len)) { + ret = -EFAULT; + goto e_free; + } + + /* Copy packet header to userspace. */ + ret = copy_to_user((void __user *)(uintptr_t)params.hdr_uaddr, hdr, + params.hdr_len); + +e_free: + kfree(data); +e_free_trans_data: + kfree(trans_data); +e_free_hdr: + kfree(hdr); +e_unpin: + sev_unpin_memory(kvm, guest_page, n); + + return ret; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -1214,6 +1332,9 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_SEND_START: r = sev_send_start(kvm, &sev_cmd); break; + case KVM_SEV_SEND_UPDATE_DATA: + r = sev_send_update_data(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; @@ -1392,6 +1513,7 @@ void __init sev_hardware_setup(void) /* Minimum ASID value that should be used for SEV guest */ min_sev_asid = edx; + sev_me_mask = 1UL << (ebx & 0x3f); /* Initialize SEV ASID bitmaps */ sev_asid_bitmap = bitmap_zalloc(max_sev_asid, GFP_KERNEL); diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 8f538fd873f6..0ff7bed508fc 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1657,6 +1657,15 @@ struct kvm_sev_send_start { __u32 session_len; }; +struct kvm_sev_send_update_data { + __u64 hdr_uaddr; + __u32 hdr_len; + __u64 guest_uaddr; + __u32 guest_len; + __u64 trans_uaddr; + __u32 trans_len; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Thu Feb 4 00:37:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 12065847 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A4C9C433E9 for ; Thu, 4 Feb 2021 00:38:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 761F264F6A for ; Thu, 4 Feb 2021 00:38:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234270AbhBDAiX (ORCPT ); Wed, 3 Feb 2021 19:38:23 -0500 Received: from mail-dm6nam12on2045.outbound.protection.outlook.com ([40.107.243.45]:57185 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S233449AbhBDAiV (ORCPT ); Wed, 3 Feb 2021 19:38:21 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ET0NJZoz4O+e6repibqh5OXo8wNILR1K2wKflbTp0YSHz5adTUB+obffZmZ+q/Hcwz3tUhy/r7wKk7kntWQtcJsj1yZj7j6Is57RwTH3IAlpDuMTpyROn9ugxy6b+IhEukJ8Qjg7mmNNIgourElox4vHzjXTKfcPDhjFPxcD0PdcnqYBfGWNawniXuokW23vjFdS3ILn4sHv6Bm/d9eVYgoM3nF28QtfaXWF2SV5+iSyDAtUtac99OhkGyqzH/+l1gPcyYjDL1mbNNXkwEq/1KNh0zADMeTeLrqMyIaWA+6qNES7I3OXMEjPjWue7vImvfghUUjPhZZxLeMZi1Czlg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=v3IzyGcZBeyczru1sGmwVZ0ZnqAlZ+sLlWaV8Us533k=; b=hHjOz+vL12DxTPLkxQqC7yMZ9Cb1LD+qIEbg4yLH0omv9LwHI+TCRCeyfMHM2wiwKvv4KDSuwTsmg7wvECsy2X0OCCRIPU3OLBv9JgDF4X1zVIZAHVbDZUOs7J6ZQBkK/C+Rc3Wls56CVWr14aUy/xEiG22pFCeY+0COHIFA44gnjKXtaN/rFcBp45dZZ24fwnl+hPhzfEjqR3YvBew4HvuJhwuydk8RKeoLBG4k/Lpljr7nzQcxeecnYatwy7FUcqxAxydtSx6w0Ycfsrls/WX2KU2tb161XBNJ1+D2eKcKQDZtZbwtX5VLPgHQ2WjLIS1FNK+Vz3vD8Nr+X1rVEQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=v3IzyGcZBeyczru1sGmwVZ0ZnqAlZ+sLlWaV8Us533k=; b=DQmxfLkDzmIbjz5CIVHvOg811gL8mRO3MkomFFs3Lpj3sQCqFbPvaLsM/KnyZWPVtERXGIF9g/S4BdCD5vnR6skPbExlHwbl4iGRsn7cm27VABQ72dHdX+473z6IckoxLmZJqmPEl0iWDIhjOE5mkYJqNCCqycctU85IWOIr4ag= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.16; Thu, 4 Feb 2021 00:37:20 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e%7]) with mapi id 15.20.3805.028; Thu, 4 Feb 2021 00:37:20 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, seanjc@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v10 03/16] KVM: SVM: Add KVM_SEV_SEND_FINISH command Date: Thu, 4 Feb 2021 00:37:11 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN6PR16CA0040.namprd16.prod.outlook.com (2603:10b6:805:ca::17) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN6PR16CA0040.namprd16.prod.outlook.com (2603:10b6:805:ca::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.17 via Frontend Transport; Thu, 4 Feb 2021 00:37:20 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 3d9587c9-4d7f-4ce7-fb0a-08d8c8a50848 X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3826; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ER5T1/J+Q3OYD2qEvp+Dgeri5rjONmRbbUx/oXHKY/wM2TsBx67AhAaTtJdoO83gtfwoyoR60cGKPqU+uuq5gI03AcbVJ1LKHeE+p9gpShozv4fW29WB9F8x1JxJrLzxv4ehMPtm0lIfSUM/k2ttXQcLhpd0Wz6boYTQ/LaZNj+DsSucfj8529gaapKlQLhxdGTk911j+my64001EKfmbhAJuP7rOiA9Ov6Xv7Bi76ZomoeeFYIuh9lwFoK3M+WVxWTHXhaBwRtoWGtYDhy9vc/Be2DyppyNiPIehBrGbc/aLvozbr15DMUSH65bXOFnfUbsY3HMmDOq/7aiuBoqno58ij4pdvkjPGe/3xPXFxgLae+KG+ULFPHkqhYfR+tl/ka1k4K2S36fFtiE8ZEF/ibuM6k0+fTyZx7usBgw35R8o5wkmYcJNFD2RBu5ZEyH2yfipGjJc6lx9QIEwD28MLY1iWNg756XquBgqvT6JcKP6NAfGkQh1ePcuk48KwkFSmXqLQz6im0ST9TAACRJng== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39850400004)(366004)(346002)(376002)(396003)(8936002)(4326008)(66556008)(86362001)(6666004)(66476007)(2906002)(186003)(478600001)(26005)(6916009)(6486002)(5660300002)(52116002)(16526019)(36756003)(7696005)(7416002)(66946007)(83380400001)(8676002)(956004)(2616005)(66574015)(316002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?SYsgTb7olTEmoTZGaC8SezVO3llsVI?= =?utf-8?q?fH/akT0KR34dWuS0XCsHjzK5cFJ1+im0K+Ak8/5h/JWoecx2xbJiDB1QFHNsArY8m?= =?utf-8?q?WvH20/mh+dCwppdqoNTEdBgh3rr7QvkdLO+62qRsmGE8X1Nn04ZiQhaSHWoQy4ggV?= =?utf-8?q?BwxPXUcfoQYjWc5KJ/ztHzuNh3QwF+8kqDkghCvAUPvVsj8rOUiZ+U5yc0CFL5yTH?= =?utf-8?q?MVTna2HSQsyjR2hK4SHZrBzYfeQoUx8aYkpX+gz3V2pHVsnqQlDkAWmasdslmVbQC?= =?utf-8?q?an3W42NhkvUx8GcBbaCkI/STadr5ushQoCHssWhtEOEK7i54zk2iGbeG+9SIX8RH5?= =?utf-8?q?hyFD/4zVH2R4UbLG+IDZpVET9kDcYpSNHn81O5SXDFSsqmWycb5cWGka89Uq41HS8?= =?utf-8?q?dYxSc6X58HLw7/vYVNAFr9y4q4oJsbD5JyjVAIJS9kYETCxcfExAqcdY9CbDF9GUG?= =?utf-8?q?FjnY+Pr47LPqpSC5HIYQ1L2xFbjMxqArug86UWXyAUGSklGH8HY8WhhazgWfU71BV?= =?utf-8?q?lUAKfTUlcSjfgkhnvNtIH2wHP+ReOIDhGi0VBytc/2CErXS8UC8+h83OdKY7MCxvf?= =?utf-8?q?z5wv6Ohn/pNu795xBqQngo4gIHHz1bt3a/+ivzjaAa8DTeFB9QcZ/Mja6wZiw/LBg?= =?utf-8?q?DcPxcjtlc1kv6AttYdz7xbqNg8MRFs1sLX+BlhmqDlqFmmK+iVhoER3+9atJyVe1S?= =?utf-8?q?l2DMrOEPVYWz69ayY6azXlr469G8IDEUZv/q6z7cSQFusTUmmYbaWF1Agv6/THYi3?= =?utf-8?q?gkiEMwHj5L69bAVoxpV816FIU3zRGtziXs7bM9WtuVBG0cRLkqrHJFurPrgzw50FK?= =?utf-8?q?tOBZ2FWnQunQ48o7w8te/wmL5j9GFJ6Vdwel1Vp7Nw3sA4Vkt5pppi+qGToRqdC7R?= =?utf-8?q?+w/Vz1MubSZ5UE+SEE6i2sGlKpAHKcKdHF7l7JtNwwc2Y3uPx0bZpYQH4KtiQfDZa?= =?utf-8?q?MShy6EPwboZev2XlSSQAgrMznUV7gVlroBttVNjcY09DY30mkWUzNAHH2ZN0nJs/N?= =?utf-8?q?lWwIMxG8wt7meFVzXbLY6TB7fWFKKffyCEKfsbiUNXUq1z5wTj8bPjbc75N2s4HsW?= =?utf-8?q?itdoNjxudaAY1cVYsfg6QKPKZEHlN8dk2EqX0FbJCEwJC5AhFiyrJZgIJW8RGeZTO?= =?utf-8?q?8OMRf2ic1OWXHw2e43GOZvkGTsPbEs2bDIhXRTZ5lC83xb0sZhjobLnAjPWmHISs6?= =?utf-8?q?1AUSNwSX3saT8Ink6MxdBPSxau7/pR6cdxnMEqV6/JJOmviaBs4bLPl1Eydk0a88D?= =?utf-8?q?6JMA9nMhzrtZBW?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3d9587c9-4d7f-4ce7-fb0a-08d8c8a50848 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Feb 2021 00:37:20.8534 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: L+Wh2q7Pyf3bxbS/6mTpNhdu3QEvgayb4wp6RLxaAEuEFppWcSKolm3C+6lljUamv+H++8dIxg6GMTiyIyeaXA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The command is used to finailize the encryption context created with KVM_SEV_SEND_START command. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- .../virt/kvm/amd-memory-encryption.rst | 8 +++++++ arch/x86/kvm/svm/sev.c | 23 +++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst index 8bed1d801558..0da0c199efa8 100644 --- a/Documentation/virt/kvm/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/amd-memory-encryption.rst @@ -314,6 +314,14 @@ Returns: 0 on success, -negative on error __u32 trans_len; }; +12. KVM_SEV_SEND_FINISH +------------------------ + +After completion of the migration flow, the KVM_SEV_SEND_FINISH command can be +issued by the hypervisor to delete the encryption context. + +Returns: 0 on success, -negative on error + References ========== diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 98e46ae1cba3..0d117b1e6491 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1279,6 +1279,26 @@ static int sev_send_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_send_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_send_finish *data; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_FINISH, data, &argp->error); + + kfree(data); + return ret; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -1335,6 +1355,9 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_SEND_UPDATE_DATA: r = sev_send_update_data(kvm, &sev_cmd); break; + case KVM_SEV_SEND_FINISH: + r = sev_send_finish(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; From patchwork Thu Feb 4 00:37:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 12065849 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E7D2C433E0 for ; Thu, 4 Feb 2021 00:39:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0209E614A5 for ; Thu, 4 Feb 2021 00:39:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233789AbhBDAis (ORCPT ); Wed, 3 Feb 2021 19:38:48 -0500 Received: from mail-dm6nam12on2045.outbound.protection.outlook.com ([40.107.243.45]:57185 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S234122AbhBDAim (ORCPT ); Wed, 3 Feb 2021 19:38:42 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l4hgKWDfV4YL7uPBCuj4Puaog7b8yAjZiZaBN0khxBv2wQKThLs78MrAmIxtekL27916RTWuwy30q2ZdOgC82gtr8LUlelaES0EIYRBRl5gRsNXX00qCEXbdaLrh6bu66eZH6NJmPAXrAMGj7GdHCV3MBSYoA2JnxvU5L3jmsT2G/KEHKpJv3AtMaBR+16oaZfHRHPczj/abhdzrmE3wBpb+SnQ99754OxNhHPqkAT+lEZXTuhDl5uofIunOAQboZZqVrvEAPjUUJveJBH/jhGi3jlrU7KKzffGsz5lsk57Lk4ILDCtN/rA1d8Tpb/hZTLs+lqmuPvWZcXWuXb+tKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=caa+099V3/AL46PMO/Kd15N1J3cf0E9F3xaBsazqjns=; b=eezr7EkbaRlXWWwbCChAk0xr1rl6IF/r7StqYGmDltR6jaiNBseD6bHoeHX/KkySPx47bOpVsGb8DvPkiPfL34WI6q0FzTvuGPt1+dBNOGJROwSpaTZ/4rYZrmF3csouxyXEJaMj/6+n/pOAJUamzaxhEFxCLteVNTSoyEfu9pzu+2XaqwENVZnZYkPA6ePBvDUZpgY2RFee/lqiRgE1ni83lkGzW3H7MTUb7WPfcPWKOyJNzaa6h8NG6j1mwH4DjHc2Hz5XfLMVXACM8lh7wYMEKXZW4AdojXK5xaKkS5BUg/ks9wvXYXKATFzU00BuWUFHmuBdFRKh1Y9ynW0kOA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=caa+099V3/AL46PMO/Kd15N1J3cf0E9F3xaBsazqjns=; b=aAzaEsAb5vFxJskfQoJ9apgC4gx50+xvgZqVq8L0xA6/VNE6EWpt3xQR5YGJkJnuPfIsgWqWqUor2bJ5vM/VP2tdT1BpjaUEonAcqeAeJGKPxVTvUxIbnDnkkRvNZHYVOiApTMXinoEjKggJrHOfXTTGTXZDO64ieo+h7HqEocQ= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.16; Thu, 4 Feb 2021 00:37:39 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e%7]) with mapi id 15.20.3805.028; Thu, 4 Feb 2021 00:37:39 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, seanjc@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v10 04/16] KVM: SVM: Add support for KVM_SEV_RECEIVE_START command Date: Thu, 4 Feb 2021 00:37:30 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0028.namprd12.prod.outlook.com (2603:10b6:806:6f::33) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SA0PR12CA0028.namprd12.prod.outlook.com (2603:10b6:806:6f::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.20 via Frontend Transport; Thu, 4 Feb 2021 00:37:38 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: f8767e1f-1192-4abe-140e-08d8c8a51330 X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2331; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: autB7i8NW+VCQ3MUK7wpimds+RM2Y6ky0prAiMbQiv12W6/yVl7h/uHDmqBr9Ej56VwdnwiyQNpsgzfrjff/5rcdwrIKOwj9G3Vughro6WNGpdMgsNh0Yf12QYcd6adIol94eke2Ysqm+McVnhUX0FfUHdg0Yr/Aw1qdT66tC2qwA0P1b/fQPjyWf6R/RU+4UzH9O01p9xheV3nUk7NhI5szmuvmZOrMjwumOTRHe/qQOrVfx8XYgMmH/Pl+Joq5GWlMseXSmPncht9GrmzBCVAk162IyDfOLXJp02urlYupOnhD9sC1aE4rp3YexHRzMK1gRnlcu/Yg5HJC9G3ifPGfjTLTz02hDtL5BUiEuYSf7QW5I3p0wWlxxRs+OQ4S8gyvo7DkuBbOQ4ngqExH2YQpWtN8s6IjawTUZg8DtyIziG1HKQhNg4TZs5hcHLtx6raks3uz7t+CUoTeJIQ2n35pAnG3Qtbg5qL/d2rZ2rgpD2II/bi/oXIZndvY65ZVaxbt+atK1nFyuFL0HaCVRA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39850400004)(366004)(346002)(376002)(396003)(8936002)(4326008)(66556008)(86362001)(6666004)(66476007)(2906002)(186003)(478600001)(26005)(6916009)(6486002)(5660300002)(52116002)(16526019)(36756003)(7696005)(7416002)(66946007)(83380400001)(8676002)(956004)(2616005)(66574015)(316002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?AyIkV5NNrE7jkq16QmbpcqQbFHnTbt?= =?utf-8?q?fxPpv9lBljAb0nKaIoLkF6zId5BP47kBvgkXgVkCxTpYHBswWNAf+gtJucr3Hmvwx?= =?utf-8?q?qbU3BHB4CNZCfX0EifVNqofeqCUD3vwmku4Zy5kTKFkfs8FHY4Jfodz5eoxW//FsQ?= =?utf-8?q?FrFdkUO/rYrw2F/053AZkHUax+qyR8Rpgs7JmCFUmx+/84YIV9Dbz+/+yibMEn3VT?= =?utf-8?q?prg06lhrIAflCbBEgvCF8Bsak+3x+XV9Acpif/Hd1dg2RpQgGAOjXePgQi72DEJtC?= =?utf-8?q?1go9A6c1aBLekEJRn+Qr1lohNS4JeXAN+ygYjCrzktfCOoJXciyKHesVHnsu66DTC?= =?utf-8?q?A8wnBY19bJgX302F53sDNQSgkbqngPWUeqziI5h1DFN8g6i3NLfD9lvmJoZ22llCt?= =?utf-8?q?LpHd268LMClzAZ5j9cdWtRxmaZWnklW8X2DE4aSwbSu06utNR+zL3cZOrL1gQq/1X?= =?utf-8?q?aywOBUkqGzU+XPwANjmQTwoS/a2oezsw1QHpKqeB2Bheyzq/AeXcc40S6+mfejlel?= =?utf-8?q?gVtT7TWWO84xDTZ+3AnZYnvll9IzYi4wsUiUAR1vvmfiD2WCpPvJj6hzmyjwV08Yf?= =?utf-8?q?hEoYm1ufjMFfzeLiAHZUv+tgz5nutbFYBzQUtUN6Lt8z9SWVnoH31RsT7q5z5ncqY?= =?utf-8?q?kuC7m4nDcQ5lTeILzJy03tgV1Z3KBJ6XhWFt1AmKVGr1ebuXQ3K4I9eBpPRP47ZDH?= =?utf-8?q?P2KwuTV9/2oQ9mS1smQoa90itna9Q3z6t+itetJp1LmNbppH6b1yoUJ+stLJqvBsp?= =?utf-8?q?uci29Mw2+26NlWXeW+xTn2ACcyjMhSDel3/7C265QmXd+EvISADQrfI176ytD1PrY?= =?utf-8?q?wcqdi9tHdgjDRL5d32zi1rvVk85XHzQYgGLeD8XV9bHmf2wWxqLt+b2/H+8Z5TsY9?= =?utf-8?q?e49Js2P/RoNd9b5QRA1Pt1Orsh+OHwsmUY88pqeF7qTjict83xm8cF3Rhfuoze9lc?= =?utf-8?q?L/1H1rRGyADuOibwC2rp9AmKWAbVCNfG8rtLg6nAT17bcOjfmldpgcss2vH++K/nu?= =?utf-8?q?pybaFLVWYM6O3VSE1YjbWMDdyhqTax+FvBlIT9XcuLKDROKsnptudn+C6zrGlhcuQ?= =?utf-8?q?SoZReRrgASQsmOwqCVzex4vjsoDOZr/LHfD93t/SoyTD7sbJx/TxCBRotgY5hAQz8?= =?utf-8?q?ih54hkAW47MYUnS4+lAUqPIoB9LK3HLRJZuBxhhwHcxIg0NAev2vvuDW11AUB8rvf?= =?utf-8?q?8Yquw4V1E0WLEpDmNt7z1Nm3O5OR0wVCbej7n10o2M2NethmnFrb6ksUjtNCBIK8m?= =?utf-8?q?I+BKgP+8uENU9E?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: f8767e1f-1192-4abe-140e-08d8c8a51330 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Feb 2021 00:37:39.1711 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 4TKWoO/beSKB7UK7hUd5p+lfVDe3r9u9HV2PECj45sGmeI+nyy8o5O3wahfDX4ya9u5i2lOpoBqnyW5cdd3NQA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The command is used to create the encryption context for an incoming SEV guest. The encryption context can be later used by the hypervisor to import the incoming data into the SEV guest memory space. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Steve Rutherford Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- .../virt/kvm/amd-memory-encryption.rst | 29 +++++++ arch/x86/kvm/svm/sev.c | 81 +++++++++++++++++++ include/uapi/linux/kvm.h | 9 +++ 3 files changed, 119 insertions(+) diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst index 0da0c199efa8..079ac5ac2459 100644 --- a/Documentation/virt/kvm/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/amd-memory-encryption.rst @@ -322,6 +322,35 @@ issued by the hypervisor to delete the encryption context. Returns: 0 on success, -negative on error +13. KVM_SEV_RECEIVE_START +------------------------ + +The KVM_SEV_RECEIVE_START command is used for creating the memory encryption +context for an incoming SEV guest. To create the encryption context, the user must +provide a guest policy, the platform public Diffie-Hellman (PDH) key and session +information. + +Parameters: struct kvm_sev_receive_start (in/out) + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_receive_start { + __u32 handle; /* if zero then firmware creates a new handle */ + __u32 policy; /* guest's policy */ + + __u64 pdh_uaddr; /* userspace address pointing to the PDH key */ + __u32 pdh_len; + + __u64 session_uaddr; /* userspace address which points to the guest session information */ + __u32 session_len; + }; + +On success, the 'handle' field contains a new handle and on error, a negative value. + +For more details, see SEV spec Section 6.12. + References ========== diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 0d117b1e6491..ec0d573cb09a 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1299,6 +1299,84 @@ static int sev_send_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_receive_start(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_receive_start *start; + struct kvm_sev_receive_start params; + int *error = &argp->error; + void *session_data; + void *pdh_data; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + /* Get parameter from the userspace */ + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, + sizeof(struct kvm_sev_receive_start))) + return -EFAULT; + + /* some sanity checks */ + if (!params.pdh_uaddr || !params.pdh_len || + !params.session_uaddr || !params.session_len) + return -EINVAL; + + pdh_data = psp_copy_user_blob(params.pdh_uaddr, params.pdh_len); + if (IS_ERR(pdh_data)) + return PTR_ERR(pdh_data); + + session_data = psp_copy_user_blob(params.session_uaddr, + params.session_len); + if (IS_ERR(session_data)) { + ret = PTR_ERR(session_data); + goto e_free_pdh; + } + + ret = -ENOMEM; + start = kzalloc(sizeof(*start), GFP_KERNEL); + if (!start) + goto e_free_session; + + start->handle = params.handle; + start->policy = params.policy; + start->pdh_cert_address = __psp_pa(pdh_data); + start->pdh_cert_len = params.pdh_len; + start->session_address = __psp_pa(session_data); + start->session_len = params.session_len; + + /* create memory encryption context */ + ret = __sev_issue_cmd(argp->sev_fd, SEV_CMD_RECEIVE_START, start, + error); + if (ret) + goto e_free; + + /* Bind ASID to this guest */ + ret = sev_bind_asid(kvm, start->handle, error); + if (ret) + goto e_free; + + params.handle = start->handle; + if (copy_to_user((void __user *)(uintptr_t)argp->data, + ¶ms, sizeof(struct kvm_sev_receive_start))) { + ret = -EFAULT; + sev_unbind_asid(kvm, start->handle); + goto e_free; + } + + sev->handle = start->handle; + sev->fd = argp->sev_fd; + +e_free: + kfree(start); +e_free_session: + kfree(session_data); +e_free_pdh: + kfree(pdh_data); + + return ret; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -1358,6 +1436,9 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_SEND_FINISH: r = sev_send_finish(kvm, &sev_cmd); break; + case KVM_SEV_RECEIVE_START: + r = sev_receive_start(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 0ff7bed508fc..d2eea75de8b3 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1666,6 +1666,15 @@ struct kvm_sev_send_update_data { __u32 trans_len; }; +struct kvm_sev_receive_start { + __u32 handle; + __u32 policy; + __u64 pdh_uaddr; + __u32 pdh_len; + __u64 session_uaddr; + __u32 session_len; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Thu Feb 4 00:37:45 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 12065851 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4EE44C433E0 for ; Thu, 4 Feb 2021 00:39:37 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0706C64F68 for ; Thu, 4 Feb 2021 00:39:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234222AbhBDAjR (ORCPT ); Wed, 3 Feb 2021 19:39:17 -0500 Received: from mail-dm6nam12on2045.outbound.protection.outlook.com ([40.107.243.45]:57185 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S234165AbhBDAjG (ORCPT ); Wed, 3 Feb 2021 19:39:06 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nLa/eWtaGirLBGRG4Z2RCqkR8oyXjcQH+Crd/+EiVKN+6GuJyyY/AYY3LZJl6th1zPjNvw+jZxy480YwtqQvCrWWiu0LrzLQim6Ihk6zuhPv8WwQLu5LErIAE3pggR2SDqgU7ZXEY1dj31niroOR65HF1Xaz8Nd9GVXsg7TRYed5U5a9X8cuS6WYJFMh95wSHQShrW33+W/VATqNkXWCvH2+Phfi/agrKS1z4FUrNtpDZ6XJhqgXAFSLrCn2ZQXzb4gsQr+aaNzWrzGjatre2RQgvSEaHgIKKzoEiRmcQtE7UKqYNgH7t6psNjse1XfPY/9wwQd9eZLqHsgzTOHsLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ej6g0rTXxZK5k/hjH4z8jfgZfT1471iiPfThY3ovefM=; b=ezvn/5U5/3yNeQzRj5nDNAyfpRhGFkSsTFc9ZEK+afoSteJ4TzMWZPx8MhQ5mJUwuG4EhV4bQirr2AS044CHgaklCuP05D3iFS0erUrxcQ7T274s9EJ8Hp4nVaZeIY5YN+mNxyFdo5TNa342f8I3XikOHeMUQel3yCEhRJc+/M29e5HiRV4uL36Vp+SHYOts7Vb9ItFspPkq6lkCzsX8Vge8fT7/nrb1fKjmLNwTwcp85SpNYYmQ1DndurrECVJRjyYBYNg9Uu8o7LpvvJNAF/C0GWt1t/3YlU6j0VF2IeGClwY9+tupJrufxQ8LU9RIWfoqrV+l5ekLKVbiNJjE8g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ej6g0rTXxZK5k/hjH4z8jfgZfT1471iiPfThY3ovefM=; b=Gu5lC8Kqm2T9rfH4IKvtOKybKil7zNDwby6qcOi5NIZNQFzMAIE/pqS6AlC6ErUvNhHf3ugBZQzQFGjgUA+oyCQzwNV02YMyQl9z3Q+YXcwLreNV4nLTyqmwNp3w8rGOI4OlILj2eHb1/ypA59fAqqiXI6cLuaYoUTzYaLnt4Ek= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.16; Thu, 4 Feb 2021 00:37:53 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e%7]) with mapi id 15.20.3805.028; Thu, 4 Feb 2021 00:37:53 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, seanjc@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v10 05/16] KVM: SVM: Add KVM_SEV_RECEIVE_UPDATE_DATA command Date: Thu, 4 Feb 2021 00:37:45 +0000 Message-Id: <5e7cf05c927f379de358a6d9df12885558adf7e1.1612398155.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN7PR04CA0067.namprd04.prod.outlook.com (2603:10b6:806:121::12) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN7PR04CA0067.namprd04.prod.outlook.com (2603:10b6:806:121::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.19 via Frontend Transport; Thu, 4 Feb 2021 00:37:53 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: dda980fb-ff6c-4a8d-8ad8-08d8c8a51bea X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6108; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 3ior7J2YgpY0NWXpmI9rRAqCBWntaRlvYpSeTtSY5LVwN3kDOMRlKUsHdUysgjaLz6YLGx76j90D0MFs9R9x8QErMYArc9VUuvC8ataKheEllC4LSNkdVg3sWXvrUGSPQLfBKZ2fKAMgWVLnFIoQY2voc2J9uiFt5/fgFWR+ohnVEbcW0ViRRPJqK6uQ8sbT90InOT+oOke1UTARotH5LO6W4mm3PRi4EIdNJKUH33sQvA9OVqqUMPKnmxeVrBv1R6ce2h6LKKrYLW9R/PcItsdkcuUbT0BpQ9Kli1TAPHa1TjJOl/EfXAQz7FinNicD5EvtrJO+cPTb1pUjoV+iaqWSX7atQBQynENH/W7PIKfp1srmlfwRD4QYvkzxoy5/QLK1pTFup35EfPnTUC0zvdUpx305PNL6GgdNM4G3XPfhS3QTxGrpOb0uu6fkHqJqCpnHnfp8ASAUrJaydzyw+r0o6tSXsnwaeVuRMDkS9fnm6fp6vB8oAwzYdcB3ckdeuhShUA51CiosF+gt1RvdKQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39850400004)(366004)(346002)(376002)(396003)(8936002)(4326008)(66556008)(86362001)(6666004)(66476007)(2906002)(186003)(478600001)(26005)(6916009)(6486002)(5660300002)(52116002)(16526019)(36756003)(7696005)(7416002)(66946007)(83380400001)(8676002)(956004)(2616005)(66574015)(316002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?zOHmj1b4dQpXoZd1oW2im1kQZh3Qo5?= =?utf-8?q?iUC4k5nmxKfvdBiPb7GIFB83Xjnl/WmLD9O0bsk3g8X8Cu9HPFeY1rcyxzHtSjvAr?= =?utf-8?q?uG9hXSFDVGQxnbIkzxwJXE6hgLghZ2ZtSDbtL/MF7o+WNwPvLp/FxiTkcJT2S2fUf?= =?utf-8?q?A5Y4zaS0AkG1I+MOF9fuB1uT0Ldv5Jxkg+YdSgKLOiZtVA4Wmm0bIhrSND0Lqzk8l?= =?utf-8?q?4lbXzrXRtA6reexC5yvP0Fx5norB4sKvYJkii7xQeUtWamFw9Twsb5Zaf3BNqI99X?= =?utf-8?q?Sf45DonDN3SCwJOFxqxQHWbWNdPptrhunV2b6iTc/n/xqGS5tR8e/Q7Ae1wLDaxom?= =?utf-8?q?nNxQnL6sSpFU+OavnDBQyoLPLyOcUcsFS8sGhpwOOv/ZN7crnHn6WGgvmyN6taekl?= =?utf-8?q?cI6LwgS7N6x8pqxtc8VeafZgUfN8gLqpG5R59Iao7LauX4ytvdL0mDRCoeF9jNFVu?= =?utf-8?q?5JeB9St2KODpBDxWlKcJHqUd/4xQR/fPrzDr7u4U5oha6tm4j80gpnmO4YoDEhpFj?= =?utf-8?q?mE6ycAfP8NbxPirnh+t5f9n/3alMqU96r7yIG6RxZdvJafiu6hU6M/PeCFjDHOd4M?= =?utf-8?q?KANLDrqUEGymBTZwLXvxh2jEhzvjd9dZK72LS+1xLfMgrdh1cmmvvXhg7MOZMb/Kh?= =?utf-8?q?E3k2PuP2+izEJXAlOHa3AnrVT8pX9/ebN1fgyIGD8OMVenHYAeD/AY7vU5ZL0ieIy?= =?utf-8?q?80dcvf6Q02zIQxHGF/fbeQXtJ5FS13/7DGjkgazHPs1STgUrOpH4X7LpxKeODOUnp?= =?utf-8?q?pSgJy1VH99P+4VZbC3swKr6OZVyghatyYzJhcw14O2zfzH9h72m3lbTjqozKQjzWO?= =?utf-8?q?IHyUdpNk0FG5Vg2LE+nPwwWRK5MBQb0WkXUwESO1ureEDvG8AEPBnY07LAQOQpesR?= =?utf-8?q?5IbCc0Mb6j/tfHNoXTz7PwQnhjVQ21PMcqD0yfomp9wD1bfwN7UOrLH824WrgWp5F?= =?utf-8?q?i0YOyjv4Dyi3sD1sPDCYWbmCvw5u4Kpgdc2bDxqvfQxtIuW8micjnGjZXe3UZgunR?= =?utf-8?q?bsYjOLOwjc5eiFJ6hpQ8bHxPw5/XZY9b7y2B54DvmGcZUQD0za+BjexrUQrU3ggd8?= =?utf-8?q?Pf78Vqecj0TPHdAyy1HLlQqr6KDjj6jOaiKEWe+Cih146XJx2x5rKU8S6gKZL0yNc?= =?utf-8?q?+ygV+2PXtsruxFbmJXFxEeUVmOlbdUuLqFS0yI4YSKXox1dpP6/RSG/0PyHS9B21j?= =?utf-8?q?vMqZTVajzGTkvGidJI0RebqTQTHa2ODG5SDv7/BsQajlOZu5X7p2N8eQOeOo/yH8n?= =?utf-8?q?l7MNWzAiU53nYQ?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: dda980fb-ff6c-4a8d-8ad8-08d8c8a51bea X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Feb 2021 00:37:53.8618 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: MXFbs+sAcE0Ljkd3hRi6OPyFSG3Ad4EGN5HfuC39YviPEsQXnlwz8Of8sSjeSP2rpeLcb54RNtRNqzNW6/eKJA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The command is used for copying the incoming buffer into the SEV guest memory space. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- .../virt/kvm/amd-memory-encryption.rst | 24 ++++++ arch/x86/kvm/svm/sev.c | 79 +++++++++++++++++++ include/uapi/linux/kvm.h | 9 +++ 3 files changed, 112 insertions(+) diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst index 079ac5ac2459..da40be3d8bc2 100644 --- a/Documentation/virt/kvm/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/amd-memory-encryption.rst @@ -351,6 +351,30 @@ On success, the 'handle' field contains a new handle and on error, a negative va For more details, see SEV spec Section 6.12. +14. KVM_SEV_RECEIVE_UPDATE_DATA +---------------------------- + +The KVM_SEV_RECEIVE_UPDATE_DATA command can be used by the hypervisor to copy +the incoming buffers into the guest memory region with encryption context +created during the KVM_SEV_RECEIVE_START. + +Parameters (in): struct kvm_sev_receive_update_data + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_launch_receive_update_data { + __u64 hdr_uaddr; /* userspace address containing the packet header */ + __u32 hdr_len; + + __u64 guest_uaddr; /* the destination guest memory region */ + __u32 guest_len; + + __u64 trans_uaddr; /* the incoming buffer memory region */ + __u32 trans_len; + }; + References ========== diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index ec0d573cb09a..73d5dbb72a65 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1377,6 +1377,82 @@ static int sev_receive_start(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_receive_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct kvm_sev_receive_update_data params; + struct sev_data_receive_update_data *data; + void *hdr = NULL, *trans = NULL; + struct page **guest_page; + unsigned long n; + int ret, offset; + + if (!sev_guest(kvm)) + return -EINVAL; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, + sizeof(struct kvm_sev_receive_update_data))) + return -EFAULT; + + if (!params.hdr_uaddr || !params.hdr_len || + !params.guest_uaddr || !params.guest_len || + !params.trans_uaddr || !params.trans_len) + return -EINVAL; + + /* Check if we are crossing the page boundary */ + offset = params.guest_uaddr & (PAGE_SIZE - 1); + if ((params.guest_len + offset > PAGE_SIZE)) + return -EINVAL; + + hdr = psp_copy_user_blob(params.hdr_uaddr, params.hdr_len); + if (IS_ERR(hdr)) + return PTR_ERR(hdr); + + trans = psp_copy_user_blob(params.trans_uaddr, params.trans_len); + if (IS_ERR(trans)) { + ret = PTR_ERR(trans); + goto e_free_hdr; + } + + ret = -ENOMEM; + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + goto e_free_trans; + + data->hdr_address = __psp_pa(hdr); + data->hdr_len = params.hdr_len; + data->trans_address = __psp_pa(trans); + data->trans_len = params.trans_len; + + /* Pin guest memory */ + ret = -EFAULT; + guest_page = sev_pin_memory(kvm, params.guest_uaddr & PAGE_MASK, + PAGE_SIZE, &n, 0); + if (!guest_page) + goto e_free; + + /* The RECEIVE_UPDATE_DATA command requires C-bit to be always set. */ + data->guest_address = (page_to_pfn(guest_page[0]) << PAGE_SHIFT) + + offset; + data->guest_address |= sev_me_mask; + data->guest_len = params.guest_len; + data->handle = sev->handle; + + ret = sev_issue_cmd(kvm, SEV_CMD_RECEIVE_UPDATE_DATA, data, + &argp->error); + + sev_unpin_memory(kvm, guest_page, n); + +e_free: + kfree(data); +e_free_trans: + kfree(trans); +e_free_hdr: + kfree(hdr); + + return ret; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -1439,6 +1515,9 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_RECEIVE_START: r = sev_receive_start(kvm, &sev_cmd); break; + case KVM_SEV_RECEIVE_UPDATE_DATA: + r = sev_receive_update_data(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index d2eea75de8b3..c4e195a4220f 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1675,6 +1675,15 @@ struct kvm_sev_receive_start { __u32 session_len; }; +struct kvm_sev_receive_update_data { + __u64 hdr_uaddr; + __u32 hdr_len; + __u64 guest_uaddr; + __u32 guest_len; + __u64 trans_uaddr; + __u32 trans_len; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Thu Feb 4 00:37:59 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 12065853 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1B2C7C433E0 for ; Thu, 4 Feb 2021 00:40:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C6EB964F6A for ; Thu, 4 Feb 2021 00:40:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234296AbhBDAjm (ORCPT ); Wed, 3 Feb 2021 19:39:42 -0500 Received: from mail-dm6nam12on2045.outbound.protection.outlook.com ([40.107.243.45]:57185 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S233506AbhBDAjg (ORCPT ); Wed, 3 Feb 2021 19:39:36 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=T7LzAwSCIP7j69pUcaJRvyAggy2hS+lYCTxDiDi0opOjzfaigOW1V/Dbj2PUw2LOL2CGURZYXpQlZZ2QUkaWObHSwdacLE8R1K3nQMnMi33o54Vq+YsJEWUcjH+E5mYC6iWd+Mr1dddvPnbzmJw2LZSSWO6ov1bwEh9l2b2TTrcPNpv5rE5cOy52jaz+HEUyiZg7b4LWg34ObOr2a7JalzMuoubTbqfCk/0Qn3k789vVOppRBPMk5FQTnX6pmavf1mJfvWFnLtNVKinv0fLAfJwkUmm3nVxH1pl9JafrwX5qNOMUEYaW6AkqgIB4R5LwHNiXTwtOB9XDjdefg7ap9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qzjtUji2VzxxH+gdEoG8gGdPxEp68Hq0QNfhWXxI9hk=; b=BR5gORN137WeBot5lwFkFLHMa0Yg7VfnbGWu85TvvcCsp0ncDUlM/OQn92sv7KmzExhwqXjJ6nBjTbXa8TyzgasD80AuCHjZll7WLv4+3lVHWIoZi6ZmUiRsiCL7t+DfY/t02gNHpTEVuWLezaptJg06evQM94w+ZT6jpmJbG+leHlSoIMK2MmFZIZ9RpIWpXy1KFOxIiyErgdVxNeB2UaHwsOIY9k4sgZ17GRaeHUsZtr9jdrEorKM7WhlM5AgnWHvvQ6DyDOf2bKGYXuOFe5eKbiw+EfBjekx1pF8AzBkz9w5CKe+2NHcFxPZibqN1ze71ro79XlR1+Yt7TAaQZQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qzjtUji2VzxxH+gdEoG8gGdPxEp68Hq0QNfhWXxI9hk=; b=1ys05Bawv/HtmymlYWkBrNHXo11pzz65hz1k+jbc525WNl8qeMlRyzGuWmc3+E2UqCqCRxvmF1ChQWUtDRUoy0KeZt4Wvt0BP8j9PVe9e3qZJhuZEhgKXnLyjJ3tBB3XVaLmgBY/Ob7VvAszmwjpSKaF37GFb9NcZaL1w+QBvH8= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.16; Thu, 4 Feb 2021 00:38:09 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e%7]) with mapi id 15.20.3805.028; Thu, 4 Feb 2021 00:38:09 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, seanjc@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v10 06/16] KVM: SVM: Add KVM_SEV_RECEIVE_FINISH command Date: Thu, 4 Feb 2021 00:37:59 +0000 Message-Id: <262a84c2a8f673a08df1ef296b1d6d2ee9e1c771.1612398155.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN6PR04CA0104.namprd04.prod.outlook.com (2603:10b6:805:f2::45) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN6PR04CA0104.namprd04.prod.outlook.com (2603:10b6:805:f2::45) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.17 via Frontend Transport; Thu, 4 Feb 2021 00:38:08 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: e13c5e8a-a92e-4b21-5855-08d8c8a524e7 X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: S2gFjuhUt1/oAPN/DyeyRLufQrk19HNbQgBBuT0x4X9W790vFgmkz8RZk4ZwkJxv/fFt0QQoD2uRizyR/W5/Rep3st1qaRJEdHgvpDZ25azvQltIaIxq/mEGQL5Ow8VSxT26aBgr0d7Bnnyk4rQgklNLZL6hVq3egOXr0MLc4+AweTIGLZAPW+cBfiC384H9gBPoy2xS7kru5EBHQBFl05RWv+uEWsLUVtAOac6Heub/B1djbDLgPkCO/ewkyetV/bRNTOI3+tn2zE7F1FOrz2pQ1Ftdhfi+nsM6Mm2H5vdsinGiF9yOe0K0XwKla5BLmPabDQpdCCgrj/OY2CeYXM8bIrjbPU/TLcZfSPE8zhwsyNv4M8LMJl+7DQDgJyJe3RPbavE4IqwF5+Y8WbM3TuCdodir5FiwytndCntLdd9JtRszejffg39rkNS6GhNIY41IlgzYbsNbpU26rwrt3bb2qtN/hvtvXETYLZ3d2eK2w8hktMnQYmfO79p+afmnXT8GPGBChEhknpYek64JEg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39850400004)(366004)(346002)(376002)(396003)(8936002)(4326008)(66556008)(86362001)(6666004)(66476007)(2906002)(186003)(478600001)(26005)(6916009)(6486002)(5660300002)(52116002)(16526019)(36756003)(7696005)(7416002)(66946007)(83380400001)(8676002)(956004)(2616005)(66574015)(316002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?jyffKM45oVK/CpcJV00LfHuPFxEHZy?= =?utf-8?q?LNgz5joBaANTHJMPf4wpNlUjqrsJQqYE6uuyT75odCSCARloy5zNwU3EHz8UHSst5?= =?utf-8?q?hdoY6ItVSHk7p/uYS01dLb+GEVmnw8uYpilqvCKVJrtaIfzKdBPwdJK3ZXepAmiM/?= =?utf-8?q?812tDMJN+ogZliGfQWdz3qT/py1+jq0ggiekvCM3rMIUNKvM4YC6M7WeTRCirVZGh?= =?utf-8?q?UkGwH108kdxN7AxVGOGCmi7ew9YW/qlLUxH8P9YntcH4RfRDvCZsgG5Jpkis+kiXj?= =?utf-8?q?MrxFcyvbY0c2kCCJEjiacjFqS1N16kdroIbfQdaZuMb+slcy5h7JJ3yUBy4SojR77?= =?utf-8?q?DYYnWKUkygz7m0RozDYUuZr9A65qrLHfBxclqM9+mqCyQH3tdNMBRJ87RRr7iyKl1?= =?utf-8?q?NbnKMHXzSyIPjkwCDaOyFZokYMGPfBkx143hLQKMCUeQjJDrHmyLLnSrzo9noqkqO?= =?utf-8?q?sC0y+v1Xgp2O1wEPAFkOqBJlnyK0twfXWvkiAJZS0YnK8DNYL3yUE4I27V8+fmz9z?= =?utf-8?q?o6Lw5hOm0kUJ+v+XVGdcgy8h7XDHwVQHaM3AzuttQECn2Oj0sJuxjdGB8ynbzZ/ru?= =?utf-8?q?v/SogPtWKb/6RKdSwmgn1UjSy1Cd8Od/ROl/4W04Wv5I7uozM5YuZpohSgN1+9kBk?= =?utf-8?q?2rjKoZHjOkvznTQgMJR230Q4uvMCuES5xowObeusBXxtP9SL7FhCPsqT3U8t+p5aH?= =?utf-8?q?2gZ1LaBmWpNhl5QM2Km5v+WD+NO7soG6FgqOQxrzZkWYi05zZI32tsYdbkES5UNCW?= =?utf-8?q?8Xc9at1XnXQkL2Kdh7pqLmFztPzAioacBQqfVdntlLA9d80aYldtqQXXERLdjfPMf?= =?utf-8?q?ehBJgLQtoKWvIHKYnZor8uxDbRT/gJtMoaltwabffwkKfYJW2Ei+O6IZPlIuWOGNe?= =?utf-8?q?uD8kIt1emVNukKYvhPWlTNjmM2MxU9edD4sx/b2YMb5hXykwL8jylYJzOLeIpS3kx?= =?utf-8?q?9XJ30/YHNw5LyKDKnDBkoe7a9GI2l+XLBIbgPnprOO1HRKBTkFib8i8EFErhv4XLY?= =?utf-8?q?cWM40OH503vwW/tekNQDnHaS5x4k6qWpGxP0VcasNrm+Oh9l/9pG/xx52RVeAHK5r?= =?utf-8?q?AmyocWikZhdZBTOyODdGujKKeDgGon9oroiNb1kiBP0CPFOa1XyXWe99IxZFTFWMU?= =?utf-8?q?SFX92FB9fvlWmXaK0P4cCjacaAl1VJhDgD9sE+j1RXxg0Qx58dz+AS0CuMCEyB5w+?= =?utf-8?q?Bp9szIln2WG5rqXQCbld6blpAbMg6P5WYD1x2rucOJZx48Mp1hVmxFjISNlzjwCf0?= =?utf-8?q?scZdugL3xywHJ1?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: e13c5e8a-a92e-4b21-5855-08d8c8a524e7 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Feb 2021 00:38:08.8934 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ZdCM8u7A793D29Kp211bidKBOENtDXDASAZKEDVoOK7ehoBlw4rK9vGlX2mNUt7N9QWst+/iBIAeiA9VczwKtQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The command finalize the guest receiving process and make the SEV guest ready for the execution. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Steve Rutherford Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- .../virt/kvm/amd-memory-encryption.rst | 8 +++++++ arch/x86/kvm/svm/sev.c | 23 +++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst index da40be3d8bc2..1f7bbda1f971 100644 --- a/Documentation/virt/kvm/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/amd-memory-encryption.rst @@ -375,6 +375,14 @@ Returns: 0 on success, -negative on error __u32 trans_len; }; +15. KVM_SEV_RECEIVE_FINISH +------------------------ + +After completion of the migration flow, the KVM_SEV_RECEIVE_FINISH command can be +issued by the hypervisor to make the guest ready for execution. + +Returns: 0 on success, -negative on error + References ========== diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 73d5dbb72a65..25eaf35ba51d 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1453,6 +1453,26 @@ static int sev_receive_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_receive_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_receive_finish *data; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_RECEIVE_FINISH, data, &argp->error); + + kfree(data); + return ret; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -1518,6 +1538,9 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_RECEIVE_UPDATE_DATA: r = sev_receive_update_data(kvm, &sev_cmd); break; + case KVM_SEV_RECEIVE_FINISH: + r = sev_receive_finish(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; From patchwork Thu Feb 4 00:38:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 12065855 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7AB69C433E0 for ; Thu, 4 Feb 2021 00:40:19 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3F174614A5 for ; Thu, 4 Feb 2021 00:40:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234195AbhBDAkB (ORCPT ); Wed, 3 Feb 2021 19:40:01 -0500 Received: from mail-dm6nam12on2045.outbound.protection.outlook.com ([40.107.243.45]:57185 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S234252AbhBDAj6 (ORCPT ); Wed, 3 Feb 2021 19:39:58 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HB8CL+FIYg/wDuhjh5OXfEhI4/UFkLN5/m5KWkloxlLfztg09pajx1QkFoRB0juLmIL/N3s8uRZciRm/O1XNGkhJgMY0vAskjVRr5YD3zvTfpgWFn3duo0JWvySarx2kvLTVRIhHd6NSVNg+t6VAxagCddAs0HtKd33KBDl0vLsLmjMSZhL7pa8HicPmlmCW/pRDhouCQVnrQfi+lrUFjp/pG6WtgHv5SyojaFCRXAa0Kpt6Zk/uYJO+yZmZy+CvYPi+017lCobnzPXZZyOOkwKnP/gaTxX0duRTeIFk9PiGIHQF72G94Ak/gJ2kZ4YB3KiOEXhEG0A+SHbaO4zCQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=djYOIZIAe+UUpzeBZtr/RMxOzG5cL+NruPXwZsscQuI=; b=jbcqmAsnNh29xv1pJUl0UqTUwjdLtlpmcilJWCtwrbIWLRJ4rRsb0bsEqH+DTTIeOfLDghYMHblZ4mKwlARNve7sph6kU8cg/kEuQMq74TwxZMZ6G2VKbMNfvQ2Wxb2eg2c3J+0HXcZJvS0+L7bL+LnCt/oxisMMH9Nn/c2kH7nUomeDbzqt/t5orzVjxEWfiaoeHvZspEpUvY0IVzXxlNba2ALQuGrdyxnFTJRd9mjCvnsbX0XZUvZkv9vpF2Y7FtABvkuN9uPZrWZTKfjRBGGQjSIG2Xeg27/rt07JRP2vi9j154KlToqnPq0FdHeAorEhEKcK97vPRpnjmxenOA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=djYOIZIAe+UUpzeBZtr/RMxOzG5cL+NruPXwZsscQuI=; b=htxEpn/S1dZYX+HHeBJg/NBMjwOSxNxfIOFrgjYXTDbwut85OxLQXuUY74UI9+FBa3OG79tWmUIA1mXlKdsJNIbgtskUNQUbigGZMdvgMhCwyS4faauoIrndZ2Wxh+tUswfqj304sLITwLTlGSRtWTnjajlHc18jMfrrQiDAFQQ= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.16; Thu, 4 Feb 2021 00:38:24 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e%7]) with mapi id 15.20.3805.028; Thu, 4 Feb 2021 00:38:24 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, seanjc@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v10 07/16] KVM: x86: Add AMD SEV specific Hypercall3 Date: Thu, 4 Feb 2021 00:38:14 +0000 Message-Id: <9be9ee177f7e033f387fe067aed0aa484bf658fb.1612398155.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR13CA0046.namprd13.prod.outlook.com (2603:10b6:806:22::21) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SA9PR13CA0046.namprd13.prod.outlook.com (2603:10b6:806:22::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.13 via Frontend Transport; Thu, 4 Feb 2021 00:38:23 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 4cf49e64-f12e-4260-5c12-08d8c8a52dc3 X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3513; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: qPTAopNxbirV7obizxjuA81nHSfEZM4ylENcsT82DLjbsqyX6w7fhNDY9CKeRvKqPTrTPyT215Oprh7N67rMm/rKrk9UHWQa3dDioTOGA9RlAI/9Eg9aARwSJ81VnPesvr455otO4HTTkxif4BR0bQ4sNO2Fzl8dtdk0Wlz/X8IR5mcCpil9cyOA5aFLiYWV6kPMEKX/PltpOLl1+dx3zY0EH3GX7/xDug5tSQpR/BZT98IO6dH6MkwIVoyYjnCc+/cD3++we2OfbFZRDr2PZzDuaDaBeYfR+oh9Prd8NNW3LmImDGnQvFKksJUDiJdxnRYnqs7nFEKPrgDWiBOGKWaG3p7mF4LtyoRLW1AlZ0OkGPXpp2BU40xLM/8ujSYYX0zKvC6eIrE7/x1sw1NQzKbqQhEmkH/HT4A4e2uTQpmoieqAT/wqC21MeFsr8Vti4riK67N3RLGckfov4rZHsSLhiEIhmWRGwNHyxX6VUxoWrkMcIcIu9i7gGn9O6NwH/i62knMrPTyg5025OzwvxA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39850400004)(366004)(346002)(376002)(396003)(8936002)(4326008)(66556008)(86362001)(6666004)(66476007)(2906002)(186003)(478600001)(26005)(6916009)(6486002)(5660300002)(52116002)(16526019)(36756003)(7696005)(7416002)(66946007)(8676002)(956004)(2616005)(316002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?lqmhLMlBGGtcANr/Nh8zgur6/6N3gM?= =?utf-8?q?7R8/1NkplctgghUXo2PUS+8b4v73tIakGSo0tOFHHMJcK6hJVBlRnmYjq5yvJkEuc?= =?utf-8?q?PuUR/POiHS7GI5MXs5JfrJYjRmt+ACGN3O+WjxniGtFWpJoVmvZcjweOL2xSGtewz?= =?utf-8?q?HjNCnVenx1S82fm7i6uE15T3nzjGeCpch2F1QS//N6EYCCxmEJiGd+Z/M4xiZmeLn?= =?utf-8?q?39NpSP68NVLejDQvvQuYaXAi8OnEwd5lSlfqqXiKlaTfntvvwsVumSFuRXrmdFcz8?= =?utf-8?q?mbutjZxSk6CjQ+TNcTxkAyKvzkqmK6+7Dejlg/ybx8okRuUy7VpslPFDimVXx9EOd?= =?utf-8?q?PHL/2Ztn2a2u9VbeOwDDWZEEfaE3A8BTa6cO6Rtq8ED6EjgPROuzABFIZqjvaBkDN?= =?utf-8?q?asrAA2ASJUw53kZi5FkRHZBjnv35oe51V9LmrVz+61da2QXycOtGSOoBiuLbsRv9j?= =?utf-8?q?ICjopH8YYek19vEG/vtfxkJMi/MYkh4MAabhVzgG0+O7IdetbYPgg3LVSTqdKgjcI?= =?utf-8?q?Lt5oGDDEjzypHs+THuK+OGgNJ1vhh6vhgo4ZoFoAVtpeITH3qH0MBjJK+K6yjJzL/?= =?utf-8?q?2NkNQ0rkTYa1oaGzfx4P3MY3fMteM/ANoPReYDqfIdoyax2y1k1rnncwObAychnz3?= =?utf-8?q?nsUwSTpjhCyK6MofTNZ3aH3IoZIY/fS2Gc9Asl/4RYEn8/V2cyfE5rZ4l96NYXSof?= =?utf-8?q?UtsGXQesNqrIy2jjSg8shzo8IGOoLq4I3C3smqxhnu8DA19xy7Xanb8MF6Lkpmgkp?= =?utf-8?q?+wnUEvcs4l1N6VnM2b9klNkdCgrDxBMTgsgGPBAcjmxWwx4OQtVnrj1jl/7Uij5Rq?= =?utf-8?q?6T8gabBrILz6kEUis5ZX7IR7j6Dfxjv5/P3it6CzBDhlmbPMIcyCkDJzB5WMcqnWv?= =?utf-8?q?thzgqF1KW8l7oe0bzZLrWZubEwrQn9KblKFDZj/V2eBuzjHB5hf1d+ZaUtLvlIihk?= =?utf-8?q?Manbg9uoRG65/mian/6PIYYs0KSFBdWF5g7b7TBk2E60GUaQyPsQoFMU/8DdvmUTJ?= =?utf-8?q?O6ozFdMh/Ihtg+nuMBJF8CE+cQ/2d82nSvLIgl82AjWluW7Jb6Y39KMdlmpw7t8CK?= =?utf-8?q?nfpZ5HvzPTxlNm1uIC6lHlukTqhIo+2sDXD5zT08j1tM/2JfjBMqapSodVNhaiYRG?= =?utf-8?q?BHCKcWsApjTgOO4EiRDB1vqC6LJ9zZAOEX5NXIeJkt3NY/gGw4tSgIFR9CHX/XBEj?= =?utf-8?q?Qg3hbR3N6/FKKwsLNSaPXaXAm2ZmWSqZC88tjB3AAJgbVrafrMUMz6l32rhQqOZ1B?= =?utf-8?q?ZaStf+cKy72bPv?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4cf49e64-f12e-4260-5c12-08d8c8a52dc3 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Feb 2021 00:38:23.9050 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: aNoRnuQQBQSdbijv1RvVweWtGE+HxcNJEXOozdrJc1/cn5PU38q5tmaOE12LauYEz+hgCy1pF5h/UrT4H2rcnA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh KVM hypercall framework relies on alternative framework to patch the VMCALL -> VMMCALL on AMD platform. If a hypercall is made before apply_alternative() is called then it defaults to VMCALL. The approach works fine on non SEV guest. A VMCALL would causes #UD, and hypervisor will be able to decode the instruction and do the right things. But when SEV is active, guest memory is encrypted with guest key and hypervisor will not be able to decode the instruction bytes. Add SEV specific hypercall3, it unconditionally uses VMMCALL. The hypercall will be used by the SEV guest to notify encrypted pages to the hypervisor. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Steve Rutherford Reviewed-by: Venu Busireddy Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- arch/x86/include/asm/kvm_para.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/arch/x86/include/asm/kvm_para.h b/arch/x86/include/asm/kvm_para.h index 338119852512..bc1b11d057fc 100644 --- a/arch/x86/include/asm/kvm_para.h +++ b/arch/x86/include/asm/kvm_para.h @@ -85,6 +85,18 @@ static inline long kvm_hypercall4(unsigned int nr, unsigned long p1, return ret; } +static inline long kvm_sev_hypercall3(unsigned int nr, unsigned long p1, + unsigned long p2, unsigned long p3) +{ + long ret; + + asm volatile("vmmcall" + : "=a"(ret) + : "a"(nr), "b"(p1), "c"(p2), "d"(p3) + : "memory"); + return ret; +} + #ifdef CONFIG_KVM_GUEST bool kvm_para_available(void); unsigned int kvm_arch_para_features(void); From patchwork Thu Feb 4 00:38:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 12065857 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 82ADFC433DB for ; Thu, 4 Feb 2021 00:40:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3CB41614A5 for ; Thu, 4 Feb 2021 00:40:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234328AbhBDAka (ORCPT ); Wed, 3 Feb 2021 19:40:30 -0500 Received: from mail-dm6nam12on2045.outbound.protection.outlook.com ([40.107.243.45]:57185 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S234329AbhBDAkW (ORCPT ); Wed, 3 Feb 2021 19:40:22 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mhxsxis08BcAwtVYqstkGOIrr190HDuB0rRaXXVYfVIWbcwoDScarXyiwp/UGGjExp8N83pkNtmeTLZ8aS1oSkoLp3oqdqrwN5LG9c/9ZO61/PowSCrExriQbadIHNeqCc8NCLqcpEOUUWAVkKYZASzpxEvbOIDIinHG2eHQ7xrG91OtTpUGyVbW84j1/17RZnHBrVxio24CWGzwupo/qvPZfjDZk9zWOxRa3UNjoWrMnjo3iuybwkVmHPlDoX2np5P+DyQIpkt+pJJADKg5X8+hGfg+bh7JfKo+u05OqHkDX42W9PLreYEyPsqn/m29IY06WT6mJ5Aork5MuBly1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XDn3PuhK32U89JlOnx3WGQyX77N2sIjY5STzuv0EcQo=; b=b4K1fSKmlNzhr9v4r+1IOr+FdFrxoTXB7xZ7GoNS2xzAkDCLV/boS+UEv5/pHoOjpyZ1PUf1Z8MjQpnlvti7EJ5o+hJvV3mKBpUgCEiqUNy/e+Q0xbjtujkQdfkmRk8KJiROhKyJ/QPl6tgHWrCtqY/v0WMihruD4WohJjpW88e/RV33QDxZ14NFjrdnda6KYToM3ryO7CW5y4eC1XG6E4XYbVbCzyzaCiMUei22W2xNi30BEDmbg19svib+evUZ9rAO5QlCeHaoXEEAD5LJLo7Rv3x78mVmAABBBoFrsiU71ChNnRfetLUYA/QQT9M4/6MH5Ukum9HeIQ5BZB1XGg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XDn3PuhK32U89JlOnx3WGQyX77N2sIjY5STzuv0EcQo=; b=FJyc++9YW4LCQO5nGeeLHLMv/SsRLIA7tcrPu3kOA1FIewy5y/Xd+slV1ZeLDE7G0HIHX9Jw6Ts7PUrx8bV2uzp7t/ReV3BRO5qZz2J2DjgNc6N76qnbx71AC1mCI4+V7jrtAQoCVOqNECCHJ5UIqOZuMtTnZZHwBJwrl3Dv1TE= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.16; Thu, 4 Feb 2021 00:38:38 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e%7]) with mapi id 15.20.3805.028; Thu, 4 Feb 2021 00:38:38 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, seanjc@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v10 08/16] KVM: X86: Introduce KVM_HC_PAGE_ENC_STATUS hypercall Date: Thu, 4 Feb 2021 00:38:28 +0000 Message-Id: <245f84cca80417b490e47da17e711432716e2e06.1612398155.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN7PR04CA0039.namprd04.prod.outlook.com (2603:10b6:806:120::14) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN7PR04CA0039.namprd04.prod.outlook.com (2603:10b6:806:120::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.20 via Frontend Transport; Thu, 4 Feb 2021 00:38:37 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: f2ed334a-4df0-4eaa-afdc-08d8c8a53601 X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:389; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: IGExSmTDeypv13y71UPM22fxywDR7VLbT0JTsVv/TPNXZNzJuiqhgOaoo/W1xwXLe5Da856YMZ5mz4oeK+ciZ8tfadjNBel3TkW+ryEcGY1TvMq5PVRQQVp8qoWAwtqBtVPVQRtirmOwFe0TC+cNOZzUl+vFeH8r7SziKBFH4KYKvsCHcuzBkfF2m6O6rX/5oo4nSi2DfxEIuIq2bq2zmKZgIE+SG8lcDyQ6psahecUV5krdAdnIFPWqfSkKDQQZQTY0+rw5WbG1HF2/KjiHV9yuN/syDFJgKZCdPIcxr9lzIq3JA1Pfn7xtypWcjCp73pWsbfUPQxAGjrNwyqtN56ipgyKsp0hNmYiQ6CrUUG96cUEopuP2i2X5t6Qo/1wT06/KtkHsfLjNjHZxuMlwOdrhGv9iO6DYT8vAHhbnbcwbHXtTs3yI9E5ELo/GPzrcLGqq1ouPgz3AtsdkBmEGUQ9ZkKB7z6YVP0V5kfv8vAslzVn/H5P7ZNB/O9R5kFm2FwJuG/7XXW8wBcDG0VY2cg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39850400004)(366004)(346002)(376002)(396003)(8936002)(4326008)(66556008)(86362001)(6666004)(66476007)(2906002)(186003)(478600001)(26005)(6916009)(6486002)(5660300002)(52116002)(16526019)(36756003)(7696005)(7416002)(66946007)(83380400001)(8676002)(956004)(2616005)(66574015)(316002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?gcLrWeaS1JM+xCI+EJyjDy8QUGTpYJ?= =?utf-8?q?hMgZIuxyXJYZyA/kSk14k0TqfteeSotCLNV92kJiFTPGxXOjpn178ACYUE5XUlNvM?= =?utf-8?q?KKRzjEaZLB3StQpeTV0uQyNsvatlpm3+xspA51Difw58O/i4Yzg9gsbP1agDF+50P?= =?utf-8?q?gVEiu84+Wnsq+zKttN2sHvCius540rEI6OnvfFvmTqzQlUbOaOe8vG+a9FxwmSTsw?= =?utf-8?q?EpsBbWg58CXnigcglpE/wYKzpjpuOspbq+a+cjKgRWJz8wIc6XJbdWyquEM2jwF1S?= =?utf-8?q?egEfqQwEiJSaVMrSkS5Bd0UeRcCQ9Q91yPQuHjFhxZ2ylvWGE7z1sgQCaLRy7SdiL?= =?utf-8?q?QbuoGdji8Kp+eD8m3wTTKgXu8UEuUfNKEzIW7bsXFS7ReRKFX8BQ+ijZCPmAxndNK?= =?utf-8?q?ZHPowZ6kRsJZfBRwey72ARuXo2mUj66bbgEWbp0hM+4fcFtf4HGqoIgrRM4zs9J3j?= =?utf-8?q?fyymRlkhcdqrEn+nwzhbJ0eojT5N3bmBfOeffuIvgP3sHbOjzjig1XD45guwXTguN?= =?utf-8?q?i7cyoF1AiTvwyzA6OdZ1yV7YdHpJ1cc9toDYWBFNCA3GaulptsyzJhZnSDXDeDPfy?= =?utf-8?q?WntYBX1sHAOt9JhmfaDTm0STWJEBF0V5PUDrYwtoPE6wGzE02rD9uwAeM0KWSmf6K?= =?utf-8?q?/lhlcecO8AMcmqc6FywsOEL21vIG7JaL/hrRR23VAiMXbC3Lo9T6ehJrZL6RebeBV?= =?utf-8?q?7ZX/T0AuGgBVCQwdnX8xtl+m4PAbFGnFh7HhSZscqtIpcIJBl3dSixgr9CM8H+Xer?= =?utf-8?q?Q7pzVkPqzVSZpfpEt43DEUkj83uzYailPXDGlfgeyBSn2t8p6tatFUm4zNhC5jgY2?= =?utf-8?q?veQE6McjCAPCbOqvxxmAXo2z+PjiwC2Mf3ElQC74D/mf2xHsbiwV7sYpKOrDMLtVg?= =?utf-8?q?dEC1NxOh6vwKKsmnWIi1TtxvtKvrsaT6aa2twyl3l+Oxi13VdnpynEoeHFZuvPd3V?= =?utf-8?q?Y0KoVuYjEd7X/a81JtJUL+2GMWdM/60ZQdRi9Gc78QYClJXz4Yz138eKel48HmbmR?= =?utf-8?q?4ATRKEjqyxn6IROeJOYKQ3YiC+Syq7AUTMnl+1C+DIfocs8FiR9f2XtNMgjzId8zu?= =?utf-8?q?zZtdJTL+fVCB5bMv8UfAtaZn3no7iOwD4hUMOJd68UpcvhwdnE8i/yadYgkgwjcl/?= =?utf-8?q?SIPmljA86rfn2WS8PkE7h12eqneOG4m6nJKKLTzexUSXShybymiG1dB7DZMYBTRM1?= =?utf-8?q?OcGmI/7qvwei2oD35wn2K2D9ObEDRF2HPCJM/NKe/1i2GflHYu0eV+Y1iL7GMDC0e?= =?utf-8?q?KrKnBMGoElc0Jm?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: f2ed334a-4df0-4eaa-afdc-08d8c8a53601 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Feb 2021 00:38:38.2219 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: BY0t+5r5+AvFZa9OkvwQMUH5cHQSrnGJ7C5+DaIOZ7XWK9mwFUTpGlgSknvn/AGGmB4UyErJvQ8pnj2akqF0wA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh This hypercall is used by the SEV guest to notify a change in the page encryption status to the hypervisor. The hypercall should be invoked only when the encryption attribute is changed from encrypted -> decrypted and vice versa. By default all guest pages are considered encrypted. The patch introduces a new shared pages list implemented as a sorted linked list to track the shared/unencrypted regions marked by the guest hypercall. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra --- Documentation/virt/kvm/hypercalls.rst | 15 +++ arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kvm/svm/sev.c | 150 ++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 2 + arch/x86/kvm/svm/svm.h | 5 + arch/x86/kvm/vmx/vmx.c | 1 + arch/x86/kvm/x86.c | 6 ++ include/uapi/linux/kvm_para.h | 1 + 8 files changed, 182 insertions(+) diff --git a/Documentation/virt/kvm/hypercalls.rst b/Documentation/virt/kvm/hypercalls.rst index ed4fddd364ea..7aff0cebab7c 100644 --- a/Documentation/virt/kvm/hypercalls.rst +++ b/Documentation/virt/kvm/hypercalls.rst @@ -169,3 +169,18 @@ a0: destination APIC ID :Usage example: When sending a call-function IPI-many to vCPUs, yield if any of the IPI target vCPUs was preempted. + + +8. KVM_HC_PAGE_ENC_STATUS +------------------------- +:Architecture: x86 +:Status: active +:Purpose: Notify the encryption status changes in guest page table (SEV guest) + +a0: the guest physical address of the start page +a1: the number of pages +a2: encryption attribute + + Where: + * 1: Encryption attribute is set + * 0: Encryption attribute is cleared diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 3d6616f6f6ef..2da5f5e2a10e 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1301,6 +1301,8 @@ struct kvm_x86_ops { int (*complete_emulated_msr)(struct kvm_vcpu *vcpu, int err); void (*vcpu_deliver_sipi_vector)(struct kvm_vcpu *vcpu, u8 vector); + int (*page_enc_status_hc)(struct kvm *kvm, unsigned long gpa, + unsigned long sz, unsigned long mode); }; struct kvm_x86_nested_ops { diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 25eaf35ba51d..55c628df5155 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -45,6 +45,11 @@ struct enc_region { unsigned long size; }; +struct shared_region { + struct list_head list; + unsigned long gfn_start, gfn_end; +}; + static int sev_flush_asids(void) { int ret, error = 0; @@ -196,6 +201,8 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) sev->active = true; sev->asid = asid; INIT_LIST_HEAD(&sev->regions_list); + INIT_LIST_HEAD(&sev->shared_pages_list); + sev->shared_pages_list_count = 0; return 0; @@ -1473,6 +1480,148 @@ static int sev_receive_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int remove_shared_region(unsigned long start, unsigned long end, + struct list_head *head) +{ + struct shared_region *pos; + + list_for_each_entry(pos, head, list) { + if (pos->gfn_start == start && + pos->gfn_end == end) { + list_del(&pos->list); + kfree(pos); + return -1; + } else if (start >= pos->gfn_start && end <= pos->gfn_end) { + if (start == pos->gfn_start) + pos->gfn_start = end + 1; + else if (end == pos->gfn_end) + pos->gfn_end = start - 1; + else { + /* Do a de-merge -- split linked list nodes */ + unsigned long tmp; + struct shared_region *shrd_region; + + tmp = pos->gfn_end; + pos->gfn_end = start-1; + shrd_region = kzalloc(sizeof(*shrd_region), GFP_KERNEL_ACCOUNT); + if (!shrd_region) + return -ENOMEM; + shrd_region->gfn_start = end + 1; + shrd_region->gfn_end = tmp; + list_add(&shrd_region->list, &pos->list); + return 1; + } + return 0; + } + } + return 0; +} + +static int add_shared_region(unsigned long start, unsigned long end, + struct list_head *shared_pages_list) +{ + struct list_head *head = shared_pages_list; + struct shared_region *shrd_region; + struct shared_region *pos; + + if (list_empty(head)) { + shrd_region = kzalloc(sizeof(*shrd_region), GFP_KERNEL_ACCOUNT); + if (!shrd_region) + return -ENOMEM; + shrd_region->gfn_start = start; + shrd_region->gfn_end = end; + list_add_tail(&shrd_region->list, head); + return 1; + } + + /* + * Shared pages list is a sorted list in ascending order of + * guest PA's and also merges consecutive range of guest PA's + */ + list_for_each_entry(pos, head, list) { + if (pos->gfn_end < start) + continue; + /* merge consecutive guest PA(s) */ + if (pos->gfn_start <= start && pos->gfn_end >= start) { + pos->gfn_end = end; + return 0; + } + break; + } + /* + * Add a new node, allocate nodes using GFP_KERNEL_ACCOUNT so that + * kernel memory can be tracked/throttled in case a + * malicious guest makes infinite number of hypercalls to + * exhaust host kernel memory and cause a DOS attack. + */ + shrd_region = kzalloc(sizeof(*shrd_region), GFP_KERNEL_ACCOUNT); + if (!shrd_region) + return -ENOMEM; + shrd_region->gfn_start = start; + shrd_region->gfn_end = end; + list_add_tail(&shrd_region->list, &pos->list); + return 1; +} + +int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, + unsigned long npages, unsigned long enc) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + kvm_pfn_t pfn_start, pfn_end; + gfn_t gfn_start, gfn_end; + int ret = 0; + + if (!sev_guest(kvm)) + return -EINVAL; + + if (!npages) + return 0; + + gfn_start = gpa_to_gfn(gpa); + gfn_end = gfn_start + npages; + + /* out of bound access error check */ + if (gfn_end <= gfn_start) + return -EINVAL; + + /* lets make sure that gpa exist in our memslot */ + pfn_start = gfn_to_pfn(kvm, gfn_start); + pfn_end = gfn_to_pfn(kvm, gfn_end); + + if (is_error_noslot_pfn(pfn_start) && !is_noslot_pfn(pfn_start)) { + /* + * Allow guest MMIO range(s) to be added + * to the shared pages list. + */ + return -EINVAL; + } + + if (is_error_noslot_pfn(pfn_end) && !is_noslot_pfn(pfn_end)) { + /* + * Allow guest MMIO range(s) to be added + * to the shared pages list. + */ + return -EINVAL; + } + + mutex_lock(&kvm->lock); + + if (enc) { + ret = remove_shared_region(gfn_start, gfn_end, + &sev->shared_pages_list); + if (ret != -ENOMEM) + sev->shared_pages_list_count += ret; + } else { + ret = add_shared_region(gfn_start, gfn_end, + &sev->shared_pages_list); + if (ret > 0) + sev->shared_pages_list_count++; + } + + mutex_unlock(&kvm->lock); + return ret; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -1693,6 +1842,7 @@ void sev_vm_destroy(struct kvm *kvm) sev_unbind_asid(kvm, sev->handle); sev_asid_free(sev->asid); + sev->shared_pages_list_count = 0; } void __init sev_hardware_setup(void) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index f923e14e87df..bb249ec625fc 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4536,6 +4536,8 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .complete_emulated_msr = svm_complete_emulated_msr, .vcpu_deliver_sipi_vector = svm_vcpu_deliver_sipi_vector, + + .page_enc_status_hc = svm_page_enc_status_hc, }; static struct kvm_x86_init_ops svm_init_ops __initdata = { diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 0fe874ae5498..6437c1fa1f24 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -79,6 +79,9 @@ struct kvm_sev_info { unsigned long pages_locked; /* Number of pages locked */ struct list_head regions_list; /* List of registered regions */ u64 ap_jump_table; /* SEV-ES AP Jump Table address */ + /* List and count of shared pages */ + int shared_pages_list_count; + struct list_head shared_pages_list; }; struct kvm_svm { @@ -472,6 +475,8 @@ int nested_svm_check_exception(struct vcpu_svm *svm, unsigned nr, bool has_error_code, u32 error_code); int nested_svm_exit_special(struct vcpu_svm *svm); void sync_nested_vmcb_control(struct vcpu_svm *svm); +int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, + unsigned long npages, unsigned long enc); extern struct kvm_x86_nested_ops svm_nested_ops; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index cc60b1fc3ee7..bcbf53851612 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7705,6 +7705,7 @@ static struct kvm_x86_ops vmx_x86_ops __initdata = { .can_emulate_instruction = vmx_can_emulate_instruction, .apic_init_signal_blocked = vmx_apic_init_signal_blocked, .migrate_timers = vmx_migrate_timers, + .page_enc_status_hc = NULL, .msr_filter_changed = vmx_msr_filter_changed, .complete_emulated_msr = kvm_complete_insn_gp, diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 76bce832cade..2f17f0f9ace7 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -8162,6 +8162,12 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu) kvm_sched_yield(vcpu->kvm, a0); ret = 0; break; + case KVM_HC_PAGE_ENC_STATUS: + ret = -KVM_ENOSYS; + if (kvm_x86_ops.page_enc_status_hc) + ret = kvm_x86_ops.page_enc_status_hc(vcpu->kvm, + a0, a1, a2); + break; default: ret = -KVM_ENOSYS; break; diff --git a/include/uapi/linux/kvm_para.h b/include/uapi/linux/kvm_para.h index 8b86609849b9..847b83b75dc8 100644 --- a/include/uapi/linux/kvm_para.h +++ b/include/uapi/linux/kvm_para.h @@ -29,6 +29,7 @@ #define KVM_HC_CLOCK_PAIRING 9 #define KVM_HC_SEND_IPI 10 #define KVM_HC_SCHED_YIELD 11 +#define KVM_HC_PAGE_ENC_STATUS 12 /* * hypercalls use architecture specific From patchwork Thu Feb 4 00:39:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 12065877 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1A0B2C433DB for ; Thu, 4 Feb 2021 00:44:26 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C443064F65 for ; Thu, 4 Feb 2021 00:44:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233480AbhBDAoR (ORCPT ); Wed, 3 Feb 2021 19:44:17 -0500 Received: from mail-bn7nam10on2057.outbound.protection.outlook.com ([40.107.92.57]:26369 "EHLO NAM10-BN7-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S234397AbhBDAnn (ORCPT ); Wed, 3 Feb 2021 19:43:43 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=j+Yze3vkaza5NHiZAZ0SZh6f+5Fq2vfcVsCXEjQwO7/qcaIjKfeXORXNY612IrliLB93HQShJkOYEZ54GBmx2SB7Q2j1jiimYJ+JCqFt4TUD1T1LFTTnwZmU6oXH5h1Pz+PtkaT0m44Zze5jpLTz9Sfy4rcdUOweOA7BAuNCi86oq/Fk22fc9OBuhKXYiQIxi8kmjSVqVSpHW+dOQOhaTESP4Mop9lsLKXeZ8I2TyszY6YvVcjzBnOi/YBrhZuebwE2xHJtt55Q1JCvqB3R9LHFZWhgmJ0be3d0oNJzH9nokMmm5MPPyyrDVGQgzwCnoOhYVvMii2fcQhz9dESu/eA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VYTRVC+NdwDsMrIAb8kXUlNawYxLjr7S0rWuSm3vygY=; b=KRaVQJxhJI/DCzWjLneIZlHZEJo1lHjH0oqzZXAoja9yEAmfYHoDdNMgcjsCkbwcgKBF/FYusJOplaYiR1cyrztjxeWx67tnqaaad7OgoV6+MLASA4qMFPJLDM43JHjBgX/sEXQkcnPCIZaX+30ABk7UlHAsJ6m9zAsT9aQU1J0rzdGzRCbcPcRTbQqD4+BZNEUbycfn80MzFfpw0MiMOANa8e32SykmVsQFTeldE6ziu2ZT6ZcrCmdSM2MI1iNgepiui6vBy1DoVVSGKZ1yoPi1OxmVux+WBGQLXAv5bBKbCbkOdOLqFArpH8K48k0suXxeEHcgY0QYDnSK77bR4Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VYTRVC+NdwDsMrIAb8kXUlNawYxLjr7S0rWuSm3vygY=; b=CgU2HnesCJa2vMCzuFhdcnhEdTsZ9Pu1euXxEG2V1GAxWdmcp28UyXuvNxJL65pLLYj9E4n0Tae5FtxXencFFfGNepEklOcVjiLKNfX4UNbFM+l+SRm467iLZWk8HwaIH4+X2jYUwWHHRcx5qKxE8exFOC2LD69AvDgyVW+kxaw= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.16; Thu, 4 Feb 2021 00:39:09 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e%7]) with mapi id 15.20.3805.028; Thu, 4 Feb 2021 00:39:09 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, seanjc@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v10 09/16] mm: x86: Invoke hypercall when page encryption status is changed Date: Thu, 4 Feb 2021 00:39:00 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0145.namprd11.prod.outlook.com (2603:10b6:806:131::30) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SA0PR11CA0145.namprd11.prod.outlook.com (2603:10b6:806:131::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.20 via Frontend Transport; Thu, 4 Feb 2021 00:39:08 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 394b8b67-f6e0-4e32-95fd-08d8c8a548e8 X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5516; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: zwtIG6ASS+v0yGGfr5Oh7SiZDGJCoyWrMsK1is4qhnVS5GtQpoBopXcOxAggv+cwhPHaWFbbz1q1r2sY5ysIB3413frydXQKccO3RvX7nmrQfRp/TSxzAxRE8JGlfZsyDutWaZmsvKnVy9jjG5vAo3lmNvMhoD8MR4JV8l0+XDeXiCijUkWlUiX6YYICdh1At2SkPqMuONCuyMzWeBf0Kv3D5T1gTw7xfm+58VWJcdv4eZ01VELslg5Ck/RA5hCKs8x+deNcBn78IYIk3qGJY9psvb1AvaNWrxMOs0SfFW4LkzdnKf7hjknPwPAK62OymVUHAEA7fHMYfkDQKpR1vdEyn0Nnd0WgB/JAacKssneReKTE523JD8jELeWzuzKHBAUEK7DLYFPmcgPcSlHS93g6kbFCNti0r+NdapDOxtVmMSGmyiKTypqO8xj6UWxmRBru/fXCXsYY5gHoyzNBAybVNeVmI62D7t/o21mzvm5E5JroGhUL72aU58+BimNlBSjOgERGzhNTi0Ktgodwew== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39850400004)(366004)(346002)(376002)(396003)(8936002)(4326008)(66556008)(86362001)(6666004)(66476007)(2906002)(186003)(478600001)(26005)(6916009)(6486002)(5660300002)(52116002)(16526019)(36756003)(7696005)(7416002)(66946007)(83380400001)(8676002)(956004)(2616005)(66574015)(316002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?dY8x8Tcgo/pLTMJuSixElHqgB0Dcs2?= =?utf-8?q?hFOcJvYI9esHWUxdiG/JqDrLwZ1Gpm/r0JY8DUNOGQ+5luVNNeWKKMuXeW72jZ0nZ?= =?utf-8?q?IKotVQyEJd4fL3qA1UZV2HxV+zLYkmUay2zWNIB8QJ6lI5Vr+8/7I2s+c2nziA/Wc?= =?utf-8?q?kDPVRKOJazYOs2glLrwmnUA5hRE59iplRdo7A8zGz9IMgfFrfgU2znuG7OJczwiMN?= =?utf-8?q?iVdwX8uSxR7+OKDPrhfBdhZpMDpUCzs8BO7QJlNq+VzJ8QVEu4PC7WaUcJ8DeOY05?= =?utf-8?q?mz6AsNikQz94z+RS0/f7lS3B13gXRJwHloYQqNxORyRF2g89HiyEuT18AwFILppMB?= =?utf-8?q?+23hNHGjj+3VV1iVeUV1FZACZOKbm5S/IXmUc1ySUwR0l+a79N7b6hdYrjiP8SNfl?= =?utf-8?q?Z47x0anu1ENTDpRjxo2ZHpn/Y1ucWtTGG2X6/9MvTlAemhDJjTrtVOQ6aTcYhJIfs?= =?utf-8?q?ga/4kPyig4+7Bn2+8Wf91C4Zmy48mgx7N+3D37XTM30ph0afGOqXz2rkIMoCQ1rWL?= =?utf-8?q?8gvN+cW5zX0047SkluCCVfRLW7uqezQlWFbzqbB9uyBhZ9mNve07aCF5W/jBbVAQD?= =?utf-8?q?QupzZi1Fy9mRoQb1ojlftKTObcicw4nxcf1io1Pa4nfY4xeJmRNvaAzVcboSBQJnV?= =?utf-8?q?mjMI2KAETDRZaUUAPPl7hll8brA2RmAamCt/8K7OM0iGbOtEf13ejWE/BmmAEt7BO?= =?utf-8?q?1nrYdHwhMSVF0Ie03sv/QdaE29S5rFflMeUx5MXG/M6WUU3LFIK2H51JulVA3IiF/?= =?utf-8?q?57gqKz2XLxdweKsnLuosq8wk+V97BYa+Uujw+eNNL8fJyGoLZinmX9BZx/4Uc1ox9?= =?utf-8?q?o4H3J5OR1Udnvh8DveB8/NCgnaB3SF74MzzNO99UXFymXgFVbSTvDUoTeaCXvCGgJ?= =?utf-8?q?pGe1L3POY4y0Vxif6pBZH/Goa/yaMe/9qUoNU1hZI8D6xjiMVPgG6mpEnOkfg8C/4?= =?utf-8?q?miTrENE2VzABmN2p2HniiZBATWQiQqQL/pXHLqOBr/3f3Oy/NFMF6+951xyQwNMxO?= =?utf-8?q?H+1ZXn+Iww1prCZxNo+wDFkHqJ0XLescoU4nElIxWh9AyTbd9+BT59RMoJJFPgydh?= =?utf-8?q?089QcZ/R+Bhvduq3jrJAdI+o68VWHdMGLnAZCrt944092efIsayMtUIkaRKuTJyqv?= =?utf-8?q?BYuUkH2PC2JTKDMZUro7kRHP/V3DcbKblqwwjwq+Mag1t8j1H/rkkLittT20RctpA?= =?utf-8?q?889PPTG23MR8ZB9/DFD5WrXqD9dqutodQ3YmMM5XOrSwJrvs9rL6kQKvyzmvWROHU?= =?utf-8?q?4kTYTIZpYVAmeG?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 394b8b67-f6e0-4e32-95fd-08d8c8a548e8 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Feb 2021 00:39:09.2835 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: jMZcDv3rSlP29H3EiBeDHznRLJc1yyxRWQ0Dwm9IYk4L1Cvzixe2BS0kclnebHjU0AJ3P+Q6iemmGyUAExtdBA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh Invoke a hypercall when a memory region is changed from encrypted -> decrypted and vice versa. Hypervisor needs to know the page encryption status during the guest migration. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Venu Busireddy Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- arch/x86/include/asm/paravirt.h | 10 +++++ arch/x86/include/asm/paravirt_types.h | 2 + arch/x86/kernel/paravirt.c | 1 + arch/x86/mm/mem_encrypt.c | 57 ++++++++++++++++++++++++++- arch/x86/mm/pat/set_memory.c | 7 ++++ 5 files changed, 76 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h index f8dce11d2bc1..1265e1f5db5f 100644 --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h @@ -84,6 +84,12 @@ static inline void paravirt_arch_exit_mmap(struct mm_struct *mm) PVOP_VCALL1(mmu.exit_mmap, mm); } +static inline void page_encryption_changed(unsigned long vaddr, int npages, + bool enc) +{ + PVOP_VCALL3(mmu.page_encryption_changed, vaddr, npages, enc); +} + #ifdef CONFIG_PARAVIRT_XXL static inline void load_sp0(unsigned long sp0) { @@ -829,6 +835,10 @@ static inline void paravirt_arch_dup_mmap(struct mm_struct *oldmm, static inline void paravirt_arch_exit_mmap(struct mm_struct *mm) { } + +static inline void page_encryption_changed(unsigned long vaddr, int npages, bool enc) +{ +} #endif #endif /* __ASSEMBLY__ */ #endif /* _ASM_X86_PARAVIRT_H */ diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h index b6b02b7c19cc..6a83821cf758 100644 --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h @@ -208,6 +208,8 @@ struct pv_mmu_ops { /* Hook for intercepting the destruction of an mm_struct. */ void (*exit_mmap)(struct mm_struct *mm); + void (*page_encryption_changed)(unsigned long vaddr, int npages, + bool enc); #ifdef CONFIG_PARAVIRT_XXL struct paravirt_callee_save read_cr2; diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c index 6c3407ba6ee9..52913356b6fa 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -340,6 +340,7 @@ struct paravirt_patch_template pv_ops = { (void (*)(struct mmu_gather *, void *))tlb_remove_page, .mmu.exit_mmap = paravirt_nop, + .mmu.page_encryption_changed = paravirt_nop, #ifdef CONFIG_PARAVIRT_XXL .mmu.read_cr2 = __PV_IS_CALLEE_SAVE(native_read_cr2), diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index c79e5736ab2b..dc17d14f9bcd 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include @@ -29,6 +30,7 @@ #include #include #include +#include #include "mm_internal.h" @@ -229,6 +231,47 @@ void __init sev_setup_arch(void) swiotlb_adjust_size(size); } +static void set_memory_enc_dec_hypercall(unsigned long vaddr, int npages, + bool enc) +{ + unsigned long sz = npages << PAGE_SHIFT; + unsigned long vaddr_end, vaddr_next; + + vaddr_end = vaddr + sz; + + for (; vaddr < vaddr_end; vaddr = vaddr_next) { + int psize, pmask, level; + unsigned long pfn; + pte_t *kpte; + + kpte = lookup_address(vaddr, &level); + if (!kpte || pte_none(*kpte)) + return; + + switch (level) { + case PG_LEVEL_4K: + pfn = pte_pfn(*kpte); + break; + case PG_LEVEL_2M: + pfn = pmd_pfn(*(pmd_t *)kpte); + break; + case PG_LEVEL_1G: + pfn = pud_pfn(*(pud_t *)kpte); + break; + default: + return; + } + + psize = page_level_size(level); + pmask = page_level_mask(level); + + kvm_sev_hypercall3(KVM_HC_PAGE_ENC_STATUS, + pfn << PAGE_SHIFT, psize >> PAGE_SHIFT, enc); + + vaddr_next = (vaddr & pmask) + psize; + } +} + static void __init __set_clr_pte_enc(pte_t *kpte, int level, bool enc) { pgprot_t old_prot, new_prot; @@ -286,12 +329,13 @@ static void __init __set_clr_pte_enc(pte_t *kpte, int level, bool enc) static int __init early_set_memory_enc_dec(unsigned long vaddr, unsigned long size, bool enc) { - unsigned long vaddr_end, vaddr_next; + unsigned long vaddr_end, vaddr_next, start; unsigned long psize, pmask; int split_page_size_mask; int level, ret; pte_t *kpte; + start = vaddr; vaddr_next = vaddr; vaddr_end = vaddr + size; @@ -346,6 +390,8 @@ static int __init early_set_memory_enc_dec(unsigned long vaddr, ret = 0; + set_memory_enc_dec_hypercall(start, PAGE_ALIGN(size) >> PAGE_SHIFT, + enc); out: __flush_tlb_all(); return ret; @@ -479,6 +525,15 @@ void __init mem_encrypt_init(void) if (sev_active()) static_branch_enable(&sev_enable_key); +#ifdef CONFIG_PARAVIRT + /* + * With SEV, we need to make a hypercall when page encryption state is + * changed. + */ + if (sev_active()) + pv_ops.mmu.page_encryption_changed = set_memory_enc_dec_hypercall; +#endif + print_mem_encrypt_feature_info(); } diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c index 16f878c26667..3576b583ac65 100644 --- a/arch/x86/mm/pat/set_memory.c +++ b/arch/x86/mm/pat/set_memory.c @@ -27,6 +27,7 @@ #include #include #include +#include #include "../mm_internal.h" @@ -2012,6 +2013,12 @@ static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc) */ cpa_flush(&cpa, 0); + /* Notify hypervisor that a given memory range is mapped encrypted + * or decrypted. The hypervisor will use this information during the + * VM migration. + */ + page_encryption_changed(addr, numpages, enc); + return ret; } From patchwork Thu Feb 4 00:39:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 12065859 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3B21AC433DB for ; Thu, 4 Feb 2021 00:41:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id F25B864F5C for ; Thu, 4 Feb 2021 00:41:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234377AbhBDAlB (ORCPT ); Wed, 3 Feb 2021 19:41:01 -0500 Received: from mail-dm6nam12on2045.outbound.protection.outlook.com ([40.107.243.45]:57185 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S234081AbhBDAkq (ORCPT ); Wed, 3 Feb 2021 19:40:46 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BRj5U2tf5uWPQLC+aYD7OvnU8P2KENIdrfjs7ojsKpuPBnAUmCFBj/mtlM+6xOHjRIoRFKDXL+19wbQ/f+4V0R2yHy7q1J6DHAZt08UUbNthr/XBZG4j9UHbcTsc4LhLztdD9kwdbxeNMfhNimdDkjuP/7IQICSaS4N+v5Px3MLIryQIhcCdP1i83vylZj0aftZuMDda4+1IGIca+keHY7ibDE4a4HdDlN35yyqLdVWZFsL1dyel2Kgs8yrTZqSSvwIKzY4Pk+CGfAqxSqOacrZZWzMnNrzD+MojNq3nT2YsixODwU0wznVKWYmiFtmsIXhHoDHzPhCKQG4ry33Jlw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AUfjzHBwzYVvSY8IBpI/TL3Y/V2zMRo9Pydf9XurvVQ=; b=ciKf6DeEKzyl8VzMYHUPAzyJb8gG0RTfrRafhgaoeaW5DVsLUu+2yC0V/kfbNQpC1+PGrJnYA0rKoXBGuQtqQJ0+q3ZtHtOB1nPKg2/fszQdbDPKioq2eUniO+cHwwem/HKUZeN6w0hD9Rg1h5VYcfcANTCpkNS8oVJw6N/ezrzLw7ZFKOMBreAJoo6uyj4Cdr0/Zf1VAPzWY/b7Orl2XX/ylQW9LsVk6cIrZJxcyZgZ6N+qp3QxJlZNjMP5BSLC+p+Ko9c/Fp3S/4olioR9iZd2LewDpywf5bP4dStK65nMgl58zaCVeDvBjLUWCrbFGQCSO8YQo5vP0hWOZgsbjg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AUfjzHBwzYVvSY8IBpI/TL3Y/V2zMRo9Pydf9XurvVQ=; b=480F44rSJ8jqgfUCspIFrm+TSxS3Eqowiyr/LlMyuT88aOaUaJjXjpJo+Xc6rO7c0o7/0+kz6qHU8pJ/gMx4WVKV6l1pr+NHcSFD8Md8EsS4m7Igi9snP5MjUfAj9Hi81+hQL4vf3Bw6ZM5kWuaPGgjRUIik3MprBl2SPEqcl7s= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.16; Thu, 4 Feb 2021 00:39:25 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e%7]) with mapi id 15.20.3805.028; Thu, 4 Feb 2021 00:39:25 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, seanjc@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl Date: Thu, 4 Feb 2021 00:39:16 +0000 Message-Id: <7266edd714add8ec9d7f63eddfc9bbd4d789c213.1612398155.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN7PR04CA0067.namprd04.prod.outlook.com (2603:10b6:806:121::12) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN7PR04CA0067.namprd04.prod.outlook.com (2603:10b6:806:121::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.19 via Frontend Transport; Thu, 4 Feb 2021 00:39:25 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 386e6716-db70-423a-e23f-08d8c8a55298 X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3513; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: XAsIZ6khAeA3yw+qepFf4DMMRGkuEEBVvFFOBUrIdEhsjUyGgSwe3uFHp7PDfCCMubkYzEQ0IS4SQypgsNqhXZZpJEIOcSX0wARgFJUgHcY0YXJTAaXT4nPQpNc2wJ4ZF68VQryRoJFCk3rX8UwwYbnJgJcpZGGXipp767B9WxHKiDqz9Uj/C/G6uPEhVkQfr/yXpOBk2g9VU18R/GKHxtnN0CcFm/bsdn4BcUoYPWDpHzc9EnhOrGDe7RnJiS/c8Fl7S+CIj/MSDekMBdkBuHD3nD5EYiiXjBmlTHM24cPbe1kWJ3BJHpt5jy+AZJNCM1tWETTfgZEsRbM8SyCWyOf1ZBsIWJ1lHNA6WX44vhrO/0qNBWsrYfLxj+7ugNJvVajcP2XN8VQlxt2/3LxlpZwFNm/5UA19EwHUohTYkIQXwmsARw+vwIfbNMgVwT5jsqQ1h+mQT96vCVFdM+Hd/o9ZAWdpivriyCcfmn8QwN/nNVVTvp7bl23+sA0Dff7Tn69kYRrphwPRSsIiFQEaKw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39850400004)(366004)(346002)(376002)(396003)(8936002)(4326008)(66556008)(86362001)(6666004)(66476007)(2906002)(186003)(478600001)(26005)(6916009)(6486002)(5660300002)(52116002)(16526019)(36756003)(7696005)(7416002)(66946007)(83380400001)(8676002)(956004)(2616005)(66574015)(316002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?hrMIkFkXmISetm/n0gnywX24sWFdgJ?= =?utf-8?q?7de/ndRypQfm8aoXH0rA+Kmi+JiC/TQzJz8jng/Gof+fmyyWjTcP/1930RgGa8dV6?= =?utf-8?q?s931eOsXBRZONesoNwYt1XUOB7wtIqXA893tZJf3XEJQTQVOwGQ8NcTt9RmmtPyWT?= =?utf-8?q?y5lDPqRZEewYSJfwwDnnbAslI031mhtMUH3kjp6DL9MnpXlsYDS4yTKZi4u7jOs5B?= =?utf-8?q?KoGnxk6upiLnbOUDJVapzrgPOg9K7IFsiuICqjq7VqGqnuLp9zsqzPO1JEZiD2c8M?= =?utf-8?q?avEOYzwqJQ8VgDzsbZGbH9Pvn6JR7O/G7Fn4hEUUp13gp9VRq2qFvyqzyHRTVUbnD?= =?utf-8?q?147OvYE+N3ccTL/dFR5j/lP7l/kD4qVkz8GSUnvQpX4D86Z5O2iUyWRwQO0pnovwd?= =?utf-8?q?4nu6qyOP5uUkY1E7MiBztP7wJalalQgh60JD/TN2XFxdDsf/qoUZo7/pdxLIfz3YW?= =?utf-8?q?kUjERCkoQqOl2nqjdgPcWH1Gy53zeZ4QItQc4aWTF56+fcmksF9gselQeEaIDlpOG?= =?utf-8?q?wAbHDyM7+6UQ2VmOOYuL0XNW14e+Gfe3wox98TIFXiX6uf9ANayfzVF6UPN4BrzsV?= =?utf-8?q?V+xWfisGK9yT31wUhynlsEEKACo6omfsymJ8+jm6/FN8LDHPNuzWTk9SDmQAH3Ypy?= =?utf-8?q?tt1eXZXVeuVUqzk73X0pIN/4abZmEzblr+/iztA0WJ5i0oyu+JzY0tqessUsmzHeX?= =?utf-8?q?bFj05ZHyJCjcYf6gX6rHhIAtTFc9IEHmM3sKqIvWYxTc3OpFECXQnB1yliNUncU1K?= =?utf-8?q?r0jP2R+CP01hPnBd570JuDJNAhDMCAFDTiIs1+tCDwYJqnM6Gy14vQ1WVbD/BFv8C?= =?utf-8?q?IPeTyUU4HFcZwLMpDcrRVaosJiM8tGfRMgIx6fOhOFYpOnajn1cmX2+YRILOnsjnQ?= =?utf-8?q?zW7Q1Cw+1FWu9RV0lM56IOv485Txow/ehhhYItpFVwb2j9MW5E+MWhdEiun9WpOnw?= =?utf-8?q?0OxB+qga1wAbXbpovJpneOPwaTL47PXluoJbA8cuYs/t/bfSMzooQRnYOtoXmrLWt?= =?utf-8?q?abkD4bSQzU5cVbARLzvBygtxy8EvQsaXqBzgaE7owy1nlY5Py3cGDc1ATL04a728b?= =?utf-8?q?XASKzraGaGGEu7c/2JjJ7klqD5iHVr5+jQ4sJcYcQ2pCIlKzYgTtk9ZNVCniQrkOt?= =?utf-8?q?i93/8F8A/TI5wzpbJK3PHnLiGTdiqtOxVtj9Xx4skjray0m74sILd0LwuVTCTNiv6?= =?utf-8?q?6ihZPDji3JB0/h2zkZgx+YOiYobPG4Gwo0O6dvV+uH/G0UbbfrUNCkaYV20mqVgCa?= =?utf-8?q?60I8u9nukgDEHl?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 386e6716-db70-423a-e23f-08d8c8a55298 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Feb 2021 00:39:25.5294 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: HZxX/YVrygetXM6iLSMOdIOlf08XgwqooJkmcq0eT7v+O1taHIQDzNFEx8/aywcuPWQ9tqc9QOHqG8H/U11rXQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The ioctl is used to retrieve a guest's shared pages list. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra --- Documentation/virt/kvm/api.rst | 24 ++++++++++++++++ arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/svm/sev.c | 49 +++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 1 + arch/x86/kvm/svm/svm.h | 1 + arch/x86/kvm/x86.c | 12 ++++++++ include/uapi/linux/kvm.h | 9 ++++++ 7 files changed, 98 insertions(+) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 99ceb978c8b0..59ef537c0cdd 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -4677,6 +4677,30 @@ This ioctl resets VCPU registers and control structures according to the clear cpu reset definition in the POP. However, the cpu is not put into ESA mode. This reset is a superset of the initial reset. +4.125 KVM_GET_SHARED_PAGES_LIST (vm ioctl) +--------------------------------------- + +:Capability: basic +:Architectures: x86 +:Type: vm ioctl +:Parameters: struct kvm_shared_pages_list (in/out) +:Returns: 0 on success, -1 on error + +/* for KVM_GET_SHARED_PAGES_LIST */ +struct kvm_shared_pages_list { + int __user *pnents; + void __user *buffer; + __u32 size; +}; + +The encrypted VMs have the concept of private and shared pages. The private +pages are encrypted with the guest-specific key, while the shared pages may +be encrypted with the hypervisor key. The KVM_GET_SHARED_PAGES_LIST can +be used to get guest's shared/unencrypted memory regions list. +This list can be used during the guest migration. If the page +is private then the userspace need to use SEV migration commands to transmit +the page. + 4.125 KVM_S390_PV_COMMAND ------------------------- diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 2da5f5e2a10e..cd354d830e13 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1303,6 +1303,8 @@ struct kvm_x86_ops { void (*vcpu_deliver_sipi_vector)(struct kvm_vcpu *vcpu, u8 vector); int (*page_enc_status_hc)(struct kvm *kvm, unsigned long gpa, unsigned long sz, unsigned long mode); + int (*get_shared_pages_list)(struct kvm *kvm, + struct kvm_shared_pages_list *list); }; struct kvm_x86_nested_ops { diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 55c628df5155..701d74c8b15b 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -50,6 +50,11 @@ struct shared_region { unsigned long gfn_start, gfn_end; }; +struct shared_region_array_entry { + unsigned long gfn_start; + unsigned long gfn_end; +}; + static int sev_flush_asids(void) { int ret, error = 0; @@ -1622,6 +1627,50 @@ int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, return ret; } +int svm_get_shared_pages_list(struct kvm *kvm, + struct kvm_shared_pages_list *list) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct shared_region_array_entry *array; + struct shared_region *pos; + int ret, nents = 0; + unsigned long sz; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (!list->size) + return -EINVAL; + + if (!sev->shared_pages_list_count) + return put_user(0, list->pnents); + + sz = sev->shared_pages_list_count * sizeof(struct shared_region_array_entry); + if (sz > list->size) + return -E2BIG; + + array = kmalloc(sz, GFP_KERNEL); + if (!array) + return -ENOMEM; + + mutex_lock(&kvm->lock); + list_for_each_entry(pos, &sev->shared_pages_list, list) { + array[nents].gfn_start = pos->gfn_start; + array[nents++].gfn_end = pos->gfn_end; + } + mutex_unlock(&kvm->lock); + + ret = -EFAULT; + if (copy_to_user(list->buffer, array, sz)) + goto out; + if (put_user(nents, list->pnents)) + goto out; + ret = 0; +out: + kfree(array); + return ret; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index bb249ec625fc..533ce47ff158 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4538,6 +4538,7 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .vcpu_deliver_sipi_vector = svm_vcpu_deliver_sipi_vector, .page_enc_status_hc = svm_page_enc_status_hc, + .get_shared_pages_list = svm_get_shared_pages_list, }; static struct kvm_x86_init_ops svm_init_ops __initdata = { diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 6437c1fa1f24..6a777c61373c 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -477,6 +477,7 @@ int nested_svm_exit_special(struct vcpu_svm *svm); void sync_nested_vmcb_control(struct vcpu_svm *svm); int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, unsigned long npages, unsigned long enc); +int svm_get_shared_pages_list(struct kvm *kvm, struct kvm_shared_pages_list *list); extern struct kvm_x86_nested_ops svm_nested_ops; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 2f17f0f9ace7..acfec2ae1402 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -5719,6 +5719,18 @@ long kvm_arch_vm_ioctl(struct file *filp, case KVM_X86_SET_MSR_FILTER: r = kvm_vm_ioctl_set_msr_filter(kvm, argp); break; + case KVM_GET_SHARED_PAGES_LIST: { + struct kvm_shared_pages_list list; + + r = -EFAULT; + if (copy_from_user(&list, argp, sizeof(list))) + goto out; + + r = -ENOTTY; + if (kvm_x86_ops.get_shared_pages_list) + r = kvm_x86_ops.get_shared_pages_list(kvm, &list); + break; + } default: r = -ENOTTY; } diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index c4e195a4220f..0529ba80498a 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -544,6 +544,13 @@ struct kvm_clear_dirty_log { }; }; +/* for KVM_GET_SHARED_PAGES_LIST */ +struct kvm_shared_pages_list { + int __user *pnents; + void __user *buffer; + __u32 size; +}; + /* for KVM_SET_SIGNAL_MASK */ struct kvm_signal_mask { __u32 len; @@ -1565,6 +1572,8 @@ struct kvm_pv_cmd { /* Available with KVM_CAP_DIRTY_LOG_RING */ #define KVM_RESET_DIRTY_RINGS _IO(KVMIO, 0xc7) +#define KVM_GET_SHARED_PAGES_LIST _IOW(KVMIO, 0xc8, struct kvm_shared_pages_list) + /* Secure Encrypted Virtualization command */ enum sev_cmd_id { /* Guest initialization commands */ From patchwork Thu Feb 4 00:39:32 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 12065871 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 33901C433E0 for ; Thu, 4 Feb 2021 00:42:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D569564DF0 for ; Thu, 4 Feb 2021 00:42:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234415AbhBDAmL (ORCPT ); Wed, 3 Feb 2021 19:42:11 -0500 Received: from mail-bn7nam10on2071.outbound.protection.outlook.com ([40.107.92.71]:5024 "EHLO NAM10-BN7-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S234410AbhBDAls (ORCPT ); Wed, 3 Feb 2021 19:41:48 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F/pDofn1WLrFMUWrQpudKmDGm7q661pBuDnPswX+8p4+TKl+aT5OGv4NBKFoafL6fdJZQhPuYOa4AGVuDZef17ZUmqP1yR9JXXADGGbqtT2C67pioNVrGYc0FXLMPOTQhrXkR7aR8vPEd/DpKbUrLesilEnlMigjyPJkD64aHEqBHpGXgoex4aaZrK595QFxQ3adQ2SRlGVKoyAYBw8woY9MrlzRhJsv+1fgkFAYKJNGb8pFV10MNIs2Vittmq2l7V/sIKjFvF+RJbq5+A0kLGm8x3Kp+I61Zj0i6f6Ke9Zg08vPwAXxKkHWY7agcFWeMFWY0EO2F2CkQ05vye/3Ng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WGONI3/EKRdB5D1A0wwvnXAIPORbbYPpLkd82kLuqi0=; b=dixA2A7RJ+36pkc/rlWr3JOg8l0yiaannVhcQisWhhzVS7udoQjuQ9t/fge5PsRLzc2h1LAyQsl4uAS76kxmQKtcqDine40FCjBuwlk7wC/QZg03dJlUnvdykCDqrW6W0Rc5jIRzG4sbmcR9F+58qR8etg4X/YdXXIAa6UzZDB2InxCHspQpw38PLuTof8is64/ohZG1E1nRsVkawJmNLdaIUzs7sGXmtlHTSmnx4X+NjhAvAGbGl1BZlBf3BdU2otVgKeN4JM8tBWV0uYResjlOxhHNXR3SD4iB8r12VfEV/aHhpHBBfUhZXBZnV7bbEuBSdPTHqb9Jos+eIBv43Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WGONI3/EKRdB5D1A0wwvnXAIPORbbYPpLkd82kLuqi0=; b=ygyhzQG9vG8miKY2wWpHm7ob3EBABD7DfGRJXLTJfVo4PnM7whhWaEEw3Omq9nPYTWfvNeWHYFHzvCq9D+AaoqiViHiPKh/kXCRk9mJus3qDiXJzYJ/8AT61jSpehk2piwN4d1Dze00BzbFzmD3GsivAbcxw6KIfm0LYMj5xJiQ= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.16; Thu, 4 Feb 2021 00:39:42 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e%7]) with mapi id 15.20.3805.028; Thu, 4 Feb 2021 00:39:42 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, seanjc@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v10 11/16] KVM: x86: Introduce KVM_SET_SHARED_PAGES_LIST ioctl Date: Thu, 4 Feb 2021 00:39:32 +0000 Message-Id: <89a3e3218f3b08be562f68a9c0d736030fff9b1b.1612398155.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR13CA0106.namprd13.prod.outlook.com (2603:10b6:806:24::21) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SA9PR13CA0106.namprd13.prod.outlook.com (2603:10b6:806:24::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.15 via Frontend Transport; Thu, 4 Feb 2021 00:39:41 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: cbe3a24a-8c76-46b2-2118-08d8c8a55c4f X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5516; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: w0LbrfngPNiu4lhaYRMeNbS6GapLIsC72qB5+hC/KbDeW62MQ9/fGDGtI12FsHhKWjFowApHMqsVWlMTVuSRLjpEjv9TULOhJTZ5yexWItGUnEJIvb7n/3dfTdat7jae9axjRmYD/iaIBjfn9Gs8sQs2GwpIezw6i3FkOTVdmW/dQBJpfq+bvq3QjoC/S2H37+B93a7nU365FZadlg1GdMNuZ6eCudR8mbUIPwY/0I04hCQ4nfrdl1UK7nj0GFx4g+dB3DcxAY/oKo7rNO0vjbvEvhPJYCe+8lpL2S1hb+o2Z8aSLJrJjHcQWUvZyQfVg4Z1Qtt2iKEXNSi0MM2ErPwJtXJpu2bUN7zu3NEQOPiIGRbqrgEh0SP1bGuVLlsMCXPlstQ8AIKjcfwZN9DpSUQzpn78jMmr7hUf6nVENRS6MMB4MVx7H2NviOe1ZwtEZlCmBMLKZdT2Wa+oMGAPMF8AccS3VYzOEV4PVkYEb/hquwyAK87PzYHdhX2xYHOSGjvYzRR69mIYa2+I4bxDKw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39850400004)(366004)(346002)(376002)(396003)(8936002)(4326008)(66556008)(86362001)(6666004)(66476007)(2906002)(186003)(478600001)(26005)(6916009)(6486002)(5660300002)(52116002)(16526019)(36756003)(7696005)(7416002)(66946007)(83380400001)(8676002)(956004)(2616005)(66574015)(316002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?XV0Gxo9XCbu9whXG9jTQMK2X7Vb5Xs?= =?utf-8?q?GZPWg8vmfGH7RgoSNFmiCrlLcb51Jw9hLW4jXnE5dweRAXJVk34MlvzG3aqLr5T4e?= =?utf-8?q?LzaDbIXbv7e+x/cu1PRCXbiL1qoSU6x3QzBVwN8fB2EBrFk57uQ3GTotun0Auvkgq?= =?utf-8?q?kl1x0eZlKP58H2o3XXES4h87nWiea3j5+MhaIpYhkQw++jTzLEBofBpxhxFjH/ca1?= =?utf-8?q?PNpW0XOSXKJaivTW/cF54H2ujtPwtEs+Y2cgRUWgjguInAIfwmKdAp10ji9nhF/9P?= =?utf-8?q?oIEHjgVfSI2Yj0NxPYTf9wVxBXLFX+F0VOjnQc+q+s+9STTlkkU3BkggTnZ8/g8jD?= =?utf-8?q?dGcuMZf/c9pGX1yZknVCY1HZ4wJ6GoSumYrLiscPpamHoYZuM4LH0agWlqv1MxWhq?= =?utf-8?q?lGMc9OAj6a70/78Ap0LWHhBqPi1FyYfzGSgBf4mcfDBQf4qI7sAAAYUJla13cSjyd?= =?utf-8?q?stRYZvPvJJjytC3nozX09tOYuFwGsYD43dl8NmLCC1aoaKMM85bHlKeyRXPYU3OIx?= =?utf-8?q?FyXt3tzM7WT3HfEJIP0WvfgEznjWOyoePpiRVi7wQ4vfO2+5q3s5lnDxlUuT5Ou97?= =?utf-8?q?TwlHGVXZLHwHBing0v97QaNE6v3ZhktKBXM8gbBerIWEYt9o+KgCz4YEdyBlzmpFf?= =?utf-8?q?Rakznq7PAeZwMn47+yIAhvGTwUcppy5pPyNoyyCPgyjawLmXG44EkaMKdXTMZnRnY?= =?utf-8?q?pF/6MgJvKYW2hW20GhTv+68oQDMdxmUdr76Q9qNFxg8O28PbzyKb0BwzJZRqh7QCD?= =?utf-8?q?Qkdi0vk6vv1CW/Xl15AYdlm7DJYYumq7Ni2Uq9phAsGnX/v/jCiLJONZeY51bZtq0?= =?utf-8?q?7tsvVIR8OobWA3Rl0lxONpPfWhIv3q7PJFcml4BitDuRWktOW68rVRMc65Z5/cVTt?= =?utf-8?q?0z+Z/Ecct5jVUqgI43LHukar48H1uwth9vPFJ43DIVXFf8dqDd/4QfYQo59NAqbtf?= =?utf-8?q?oCrFncRyPBsUCaV79RzknvrDDYz9K4xfrx8V/XpLEoJpWdeIMBpodC5lDKF/X4Vdi?= =?utf-8?q?s8b4XVjdPaCUzvQKWcgHYw7gOYvP+//IQvFaqiOVgUv1ec7E7iWevuThRAwLg7c9a?= =?utf-8?q?s1LMEFDTy0a/61/wfsoU8ZIRMa+/95MaHN/VeTgqLoOLULSs4QE9mADHU8jJOEHrH?= =?utf-8?q?gT0cdhqup7IgdGMSG5at8D9YiUE5Y6iHXeR+c8vyfS6WYi5kb5FmTMepAUMsqQ6dn?= =?utf-8?q?IhDh4G9KYxNxB5Ev5Aj24F4FnjH32JClbD9W8cg6ypJQX1zH2abHvvAK+6YQfhFjt?= =?utf-8?q?uXVyPz8L2r6UzS?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: cbe3a24a-8c76-46b2-2118-08d8c8a55c4f X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Feb 2021 00:39:42.1351 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: yLu3i6H1jmvyu2LwAzX/Q+QTEMffhhPjQg4nFiXO4dxG8veqzcZSyULmQuHS46K8z1ohBT69vCmKGh8iTVZt0A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The ioctl is used to setup the shared pages list for an incoming guest. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra --- Documentation/virt/kvm/api.rst | 20 +++++++++- arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kvm/svm/sev.c | 70 +++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 1 + arch/x86/kvm/svm/svm.h | 1 + arch/x86/kvm/x86.c | 12 ++++++ include/uapi/linux/kvm.h | 1 + 7 files changed, 106 insertions(+), 1 deletion(-) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 59ef537c0cdd..efb4720733b4 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -4701,6 +4701,25 @@ This list can be used during the guest migration. If the page is private then the userspace need to use SEV migration commands to transmit the page. +4.126 KVM_SET_SHARED_PAGES_LIST (vm ioctl) +--------------------------------------- + +:Capability: basic +:Architectures: x86 +:Type: vm ioctl +:Parameters: struct kvm_shared_pages_list (in/out) +:Returns: 0 on success, -1 on error + +/* for KVM_SET_SHARED_PAGES_LIST */ +struct kvm_shared_pages_list { + int __user *pnents; + void __user *buffer; + __u32 size; +}; + +During the guest live migration the outgoing guest exports its unencrypted +memory regions list, the KVM_SET_SHARED_PAGES_LIST can be used to build the +shared/unencrypted regions list for an incoming guest. 4.125 KVM_S390_PV_COMMAND ------------------------- @@ -4855,7 +4874,6 @@ into user space. If a vCPU is in running state while this ioctl is invoked, the vCPU may experience inconsistent filtering behavior on MSR accesses. - 5. The kvm_run structure ======================== diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index cd354d830e13..f05b812b69bd 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1305,6 +1305,8 @@ struct kvm_x86_ops { unsigned long sz, unsigned long mode); int (*get_shared_pages_list)(struct kvm *kvm, struct kvm_shared_pages_list *list); + int (*set_shared_pages_list)(struct kvm *kvm, + struct kvm_shared_pages_list *list); }; struct kvm_x86_nested_ops { diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 701d74c8b15b..b0d324aed515 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1671,6 +1671,76 @@ int svm_get_shared_pages_list(struct kvm *kvm, return ret; } +int svm_set_shared_pages_list(struct kvm *kvm, + struct kvm_shared_pages_list *list) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct shared_region_array_entry *array; + struct shared_region *shrd_region; + int ret, nents, i; + unsigned long sz; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (get_user(nents, list->pnents)) + return -EFAULT; + + /* special case of resetting the shared pages list */ + if (!list->buffer || !nents) { + struct shared_region *pos; + + mutex_lock(&kvm->lock); + list_for_each_entry(pos, &sev->shared_pages_list, list) + kfree(pos); + sev->shared_pages_list_count = 0; + mutex_unlock(&kvm->lock); + + return 0; + } + + sz = nents * sizeof(struct shared_region_array_entry); + array = kmalloc(sz, GFP_KERNEL); + if (!array) + return -ENOMEM; + + ret = -EFAULT; + if (copy_from_user(array, list->buffer, sz)) + goto out; + + ret = 0; + mutex_lock(&kvm->lock); + for (i = 0; i < nents; i++) { + shrd_region = kzalloc(sizeof(*shrd_region), GFP_KERNEL_ACCOUNT); + if (!shrd_region) { + struct shared_region *pos; + + /* Freeing previously allocated entries */ + list_for_each_entry(pos, + &sev->shared_pages_list, + list) { + kfree(pos); + } + + mutex_unlock(&kvm->lock); + ret = -ENOMEM; + goto out; + } + + shrd_region->gfn_start = array[i].gfn_start; + shrd_region->gfn_end = array[i].gfn_end; + list_add_tail(&shrd_region->list, + &sev->shared_pages_list); + } + sev->shared_pages_list_count = nents; + mutex_unlock(&kvm->lock); + +out: + kfree(array); + + return ret; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 533ce47ff158..58f89f83caab 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4539,6 +4539,7 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .page_enc_status_hc = svm_page_enc_status_hc, .get_shared_pages_list = svm_get_shared_pages_list, + .set_shared_pages_list = svm_set_shared_pages_list, }; static struct kvm_x86_init_ops svm_init_ops __initdata = { diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 6a777c61373c..066ca2a9f1e6 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -478,6 +478,7 @@ void sync_nested_vmcb_control(struct vcpu_svm *svm); int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, unsigned long npages, unsigned long enc); int svm_get_shared_pages_list(struct kvm *kvm, struct kvm_shared_pages_list *list); +int svm_set_shared_pages_list(struct kvm *kvm, struct kvm_shared_pages_list *list); extern struct kvm_x86_nested_ops svm_nested_ops; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index acfec2ae1402..c119715c1034 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -5731,6 +5731,18 @@ long kvm_arch_vm_ioctl(struct file *filp, r = kvm_x86_ops.get_shared_pages_list(kvm, &list); break; } + case KVM_SET_SHARED_PAGES_LIST: { + struct kvm_shared_pages_list list; + + r = -EFAULT; + if (copy_from_user(&list, argp, sizeof(list))) + goto out; + + r = -ENOTTY; + if (kvm_x86_ops.set_shared_pages_list) + r = kvm_x86_ops.set_shared_pages_list(kvm, &list); + break; + } default: r = -ENOTTY; } diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 0529ba80498a..f704b08c97f2 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1573,6 +1573,7 @@ struct kvm_pv_cmd { #define KVM_RESET_DIRTY_RINGS _IO(KVMIO, 0xc7) #define KVM_GET_SHARED_PAGES_LIST _IOW(KVMIO, 0xc8, struct kvm_shared_pages_list) +#define KVM_SET_SHARED_PAGES_LIST _IOW(KVMIO, 0xc9, struct kvm_shared_pages_list) /* Secure Encrypted Virtualization command */ enum sev_cmd_id { From patchwork Thu Feb 4 00:39:47 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 12065903 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A936AC433E6 for ; Thu, 4 Feb 2021 00:49:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 76FA664F58 for ; Thu, 4 Feb 2021 00:49:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234443AbhBDAtd (ORCPT ); Wed, 3 Feb 2021 19:49:33 -0500 Received: from mail-dm6nam12on2045.outbound.protection.outlook.com ([40.107.243.45]:57185 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S234376AbhBDAnz (ORCPT ); Wed, 3 Feb 2021 19:43:55 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oUsk03q8cGcj5bX9RTqxYzg7a9x75wUm59aGmulg4w4T1VskuICWmStA/N2XUq0995FQX8PHwXsWUsiUoO4Tyt00z/a2IlNS/7IPJKR8PHeg9LFOnS8f0qvWPW9cHtlSFhf478HXn2EV7eOETj93ogCP3rAS2nWFWwJp9k0qIqFR7vP0f6xxuJJVuMP48OxHEMD7JsQGHs/KYLuifl/2QhaNl3qjj5Vw04X/KsPkQjLdILiqZBwA85RBhfP55YbYjyxy1skjjcKN5oCYe0DrlmT6WgTEBMvypLeMUPkH+BPyuy5GusD4RyPyiSzS0hxIsiKoQiO7mJ9MMTIYAm7dmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=I/41AGRjX/t++aDIDKX4dzoQAPqMoBrcSZ8cmr48u0c=; b=ggHYXduQr9k5zuIuietugR2r0tX+5fdgsJYCAoIpT3fTbGl5iU3mT4SPF2IT0CmHJzvYkl0HCWmjNbZ55ca916pgjPzcJPV3xHHoafOI/I7v4/oGM+vQv7IcpCtOOH3Ge4z+rAgcor0ZVGxBA7ccU3NLzf7YUB8XhQybrDnDcgsh8B6LWq31Vb8KEa5xS7VShqjkyw46zfr/w9Klk0aKsdOXNyi5qc8CPcoYBgBOH3eJh4BuQBjlOJO9hF4WXPaJdfrgeOgpnr4VohXqGifw6Xf8vsC2AAYm0RdG00cBI6gkGg3pq0JHENbmpFWhUgfIsRbEh8967acFCTY0mAUlOw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=I/41AGRjX/t++aDIDKX4dzoQAPqMoBrcSZ8cmr48u0c=; b=22361wu3+pHjX50E5zWC2qjQJAyBZ1wGzY0mFMVZ/J8Vmcu0ce9peg6dXvoXltLduz4edLHWZjoKatcDq50kMUbCbypddrw5oMLup7Fmgq8Gi1kqOR3kiLuMidwyAkOAv36kRTa7rmFsY8/YOcXJkN3pvDiylL1o9+VgFmjrtrY= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.16; Thu, 4 Feb 2021 00:39:56 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e%7]) with mapi id 15.20.3805.028; Thu, 4 Feb 2021 00:39:56 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, seanjc@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v10 12/16] KVM: x86: Introduce new KVM_FEATURE_SEV_LIVE_MIGRATION feature & Custom MSR. Date: Thu, 4 Feb 2021 00:39:47 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN7PR04CA0237.namprd04.prod.outlook.com (2603:10b6:806:127::32) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN7PR04CA0237.namprd04.prod.outlook.com (2603:10b6:806:127::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.17 via Frontend Transport; Thu, 4 Feb 2021 00:39:55 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 4b6f055e-76db-4e3f-bd7f-08d8c8a564de X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: +yk3lyNd1RzeaM5LMMw1VIsYI99eZ4vsEDGv/gi311b+ixqw+Ko7GlbK/bPEkxnH8WUNx7okC3lAk82mtPYox+JVQCkj47XcIriyvs206hYkejuN1zGXwnDOyWi7zOVX8akSA3deJPmNhwkhyojDUel6JlRxbiimRD8DNpXQHXUEhv57kG95tNRgQJeegz7zRMSS5C+gxnKy17A16jun0VZ+5rPXjrhqNstcv5DKrK545bUnw9urRIOcZBdhqs9vrzLpU+lT80r+muqnZKHg0O5WBK5s3QHG3IxLz8XitnAA/aeR1n+wJcV29ktvsBqb95k3o+KCaggQ+LkaRA3PRO5JXIkmhwOmngR/HbantnEd/mL21gDon/xC4ry4u1PB1fpufoMLV8fMxkklWMMJWz1IahEyg1zQTH/JGBNFrd6Z08f8GWlCASZV66hBSHTyJaxT1N5iv1d5E9h/gG4StfeQHRrqG3hYAhmetZPb1iGhjk2+j0G+hbUeHseIdeb/RYUHMfaCLjflvA3nXVJKsw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39850400004)(366004)(346002)(376002)(396003)(8936002)(4326008)(66556008)(86362001)(6666004)(66476007)(2906002)(186003)(478600001)(26005)(6916009)(6486002)(5660300002)(52116002)(16526019)(36756003)(7696005)(7416002)(66946007)(83380400001)(8676002)(956004)(2616005)(316002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: 9wpyFRrVTUlhkm+JLVfioJ9RizywRnyzH3nEyP55t/hXRpV0d2EM1K2ImcJyuIbRzGa5xWbEtyFfJbHHFy8LQkklI0xFhd6cz5T/OTUJduoXq7C69BmKj/A2xpvDZJSCZPpqwtk1Vi+8b3Vg2JzLxrWHow5dcCTFkLKC/vIPdFGSg2oPneO0PiYfMtfKMBxOP/zG47fyf1qrOMKN92DgwAEqmiJCY0IxmyDE8mwX7QJZP9PV98XVbfnC3ER5rVL6ktwVsdx7kqPFLLxkyI3xyn4UgI1all5M2Fr4ikdsxab2V9p9HUYLmQrzkQAowo+kBOgNsGFCHGFTLJKgwuXGLcjUp9E55Taruf7D13RY2RIkFGYnLxaQJp8x3pl82nUFkGeAFDMfLyojg0nePLcvBq5l4mcSaLSWhCPNUpHelll1LGJ+89lGC22dAIxnrCw8erI4Qen23SScDXXSdJQphusNZhHp+NvrAzcpZrS6TUdwsOdtz5uIj3x3mdylmljVWE8qtR+hjP8xhj1OdFGagEYHesmLjGdf0itovy79rbqaGPXRSytKQob4j9gdaEhN1kBrmi+loH9F/r/zQ3wyF4JTpcUArtCuwnElTWNkE4HBWmqTE8SQXZRAwq5XN07bgJ3dOZmcjBA47SBQDLGrJnMw+lEFw81Oj1U+JQ8ZyXqrPMP5v7OBoge9d1pWJOMjsfkp3Qu8WKN58tGYXe5CzGmNG5BtJwStiDRgv6w6ZPlq5TvV7yEo+1DUODQlggVUDmvif01sHyTIHBaeMSoARIwq+6lYI13w0HxUjWQCRzOVmhxMCYMGPf4kCYk4tj/cQVSvEoT7WZchXGWSHNd1rmUTqO9RD0Bg8QfgTpnEGCWE45YKkXqBMSZBg7fMU+GsGfOWAJTozbbcZvm4pP+XpbUAUZTRpg/uIPMB59/jHZ7l+mJjqdk2mr070eprNR3LfxjsRXIqMAd+bopXvgcy0jM9TW18CWV8/cqO16VgJinl/2jSSGhKXV6KdhsVQu949TaI4ieDJEJ8+ZeJg2hwk+fZnBXXQ/yw3dIvS7CPEYVz5jnjR3tzQUywiLj6Mpzvy3yEhJtvS+2Yuc4S7bckN1cJbso2Eyx/H/TkDYe6DmTQ90kHTEu5iJWP8uOPE1hGfg7IzcTiMxet3tlVy86uENXaeH4MqwjlmXfDck8J6oA1wosiaViGIlfSVitfF7zfC1HjhoCyhgwDYy6hEgMZ7HnbifCAC044wKYTx03XSaGu24C+LvhK23k09chty5VJB/ihBLlIrBVhsKMQ1wNvoK/oiFB5u/SNpVlkQ05HJLnlH/OidE0KzTfwkJbkwQDO X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4b6f055e-76db-4e3f-bd7f-08d8c8a564de X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Feb 2021 00:39:56.2212 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 4RPPWWb89S9UBIyKj4uzjuBPo609X/ZdPMnZr6dd/1werDhGuucxqd/1h51shp98ULRYLDTu97+7KOxN1QXIXA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Ashish Kalra Add new KVM_FEATURE_SEV_LIVE_MIGRATION feature for guest to check for host-side support for SEV live migration. Also add a new custom MSR_KVM_SEV_LIVE_MIGRATION for guest to enable the SEV live migration feature. Signed-off-by: Ashish Kalra --- Documentation/virt/kvm/cpuid.rst | 5 +++++ Documentation/virt/kvm/msr.rst | 12 ++++++++++++ arch/x86/include/uapi/asm/kvm_para.h | 4 ++++ arch/x86/kvm/svm/sev.c | 13 +++++++++++++ arch/x86/kvm/svm/svm.c | 16 ++++++++++++++++ arch/x86/kvm/svm/svm.h | 2 ++ 6 files changed, 52 insertions(+) diff --git a/Documentation/virt/kvm/cpuid.rst b/Documentation/virt/kvm/cpuid.rst index cf62162d4be2..0bdb6cdb12d3 100644 --- a/Documentation/virt/kvm/cpuid.rst +++ b/Documentation/virt/kvm/cpuid.rst @@ -96,6 +96,11 @@ KVM_FEATURE_MSI_EXT_DEST_ID 15 guest checks this feature bit before using extended destination ID bits in MSI address bits 11-5. +KVM_FEATURE_SEV_LIVE_MIGRATION 16 guest checks this feature bit before + using the page encryption state + hypercall to notify the page state + change + KVM_FEATURE_CLOCKSOURCE_STABLE_BIT 24 host will warn if no guest-side per-cpu warps are expected in kvmclock diff --git a/Documentation/virt/kvm/msr.rst b/Documentation/virt/kvm/msr.rst index e37a14c323d2..020245d16087 100644 --- a/Documentation/virt/kvm/msr.rst +++ b/Documentation/virt/kvm/msr.rst @@ -376,3 +376,15 @@ data: write '1' to bit 0 of the MSR, this causes the host to re-scan its queue and check if there are more notifications pending. The MSR is available if KVM_FEATURE_ASYNC_PF_INT is present in CPUID. + +MSR_KVM_SEV_LIVE_MIGRATION: + 0x4b564d08 + + Control SEV Live Migration features. + +data: + Bit 0 enables (1) or disables (0) host-side SEV Live Migration feature, + in other words, this is guest->host communication that it's properly + handling the shared pages list. + + All other bits are reserved. diff --git a/arch/x86/include/uapi/asm/kvm_para.h b/arch/x86/include/uapi/asm/kvm_para.h index 950afebfba88..f6bfa138874f 100644 --- a/arch/x86/include/uapi/asm/kvm_para.h +++ b/arch/x86/include/uapi/asm/kvm_para.h @@ -33,6 +33,7 @@ #define KVM_FEATURE_PV_SCHED_YIELD 13 #define KVM_FEATURE_ASYNC_PF_INT 14 #define KVM_FEATURE_MSI_EXT_DEST_ID 15 +#define KVM_FEATURE_SEV_LIVE_MIGRATION 16 #define KVM_HINTS_REALTIME 0 @@ -54,6 +55,7 @@ #define MSR_KVM_POLL_CONTROL 0x4b564d05 #define MSR_KVM_ASYNC_PF_INT 0x4b564d06 #define MSR_KVM_ASYNC_PF_ACK 0x4b564d07 +#define MSR_KVM_SEV_LIVE_MIGRATION 0x4b564d08 struct kvm_steal_time { __u64 steal; @@ -136,4 +138,6 @@ struct kvm_vcpu_pv_apf_data { #define KVM_PV_EOI_ENABLED KVM_PV_EOI_MASK #define KVM_PV_EOI_DISABLED 0x0 +#define KVM_SEV_LIVE_MIGRATION_ENABLED BIT_ULL(0) + #endif /* _UAPI_ASM_X86_KVM_PARA_H */ diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index b0d324aed515..93f42b3d3e33 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1627,6 +1627,16 @@ int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, return ret; } +void sev_update_migration_flags(struct kvm *kvm, u64 data) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + + if (!sev_guest(kvm)) + return; + + sev->live_migration_enabled = !!(data & KVM_SEV_LIVE_MIGRATION_ENABLED); +} + int svm_get_shared_pages_list(struct kvm *kvm, struct kvm_shared_pages_list *list) { @@ -1639,6 +1649,9 @@ int svm_get_shared_pages_list(struct kvm *kvm, if (!sev_guest(kvm)) return -ENOTTY; + if (!sev->live_migration_enabled) + return -EINVAL; + if (!list->size) return -EINVAL; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 58f89f83caab..43ea5061926f 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2903,6 +2903,9 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) svm->msr_decfg = data; break; } + case MSR_KVM_SEV_LIVE_MIGRATION: + sev_update_migration_flags(vcpu->kvm, data); + break; case MSR_IA32_APICBASE: if (kvm_vcpu_apicv_active(vcpu)) avic_update_vapic_bar(to_svm(vcpu), data); @@ -3976,6 +3979,19 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) vcpu->arch.cr3_lm_rsvd_bits &= ~(1UL << (best->ebx & 0x3f)); } + /* + * If SEV guest then enable the Live migration feature. + */ + if (sev_guest(vcpu->kvm)) { + struct kvm_cpuid_entry2 *best; + + best = kvm_find_cpuid_entry(vcpu, KVM_CPUID_FEATURES, 0); + if (!best) + return; + + best->eax |= (1 << KVM_FEATURE_SEV_LIVE_MIGRATION); + } + if (!kvm_vcpu_apicv_active(vcpu)) return; diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 066ca2a9f1e6..e1bffc11e425 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -79,6 +79,7 @@ struct kvm_sev_info { unsigned long pages_locked; /* Number of pages locked */ struct list_head regions_list; /* List of registered regions */ u64 ap_jump_table; /* SEV-ES AP Jump Table address */ + bool live_migration_enabled; /* List and count of shared pages */ int shared_pages_list_count; struct list_head shared_pages_list; @@ -592,6 +593,7 @@ int svm_unregister_enc_region(struct kvm *kvm, void pre_sev_run(struct vcpu_svm *svm, int cpu); void __init sev_hardware_setup(void); void sev_hardware_teardown(void); +void sev_update_migration_flags(struct kvm *kvm, u64 data); void sev_free_vcpu(struct kvm_vcpu *vcpu); int sev_handle_vmgexit(struct vcpu_svm *svm); int sev_es_string_io(struct vcpu_svm *svm, int size, unsigned int port, int in); From patchwork Thu Feb 4 00:40:01 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 12065873 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91077C433DB for ; Thu, 4 Feb 2021 00:43:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3CD0264F4C for ; Thu, 4 Feb 2021 00:43:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234081AbhBDAmf (ORCPT ); Wed, 3 Feb 2021 19:42:35 -0500 Received: from mail-bn8nam11on2056.outbound.protection.outlook.com ([40.107.236.56]:27937 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S234027AbhBDAmX (ORCPT ); Wed, 3 Feb 2021 19:42:23 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JiW3NY5Mmk+PnOMHKNdt7aRWtgeiJbKBOf1i6YmdTUH3hK+blW7Av3cs3thc74GILHxFvRyYRXnqKYL2nxEuteu3TybrnqPTkPchzS7fEEQG8LOHIAiRhzLJZqJNGMT6ErG5ANRNj9sDKFobt7IicXWE9aIuc2O9bKcH73iCVPdYMOwL+hhnUE4sVIMDUg9dvvaTK3be54kwF3Mr6oaUzWlMkyIA7PBBtNR9KvIfNjVKo6EQ5r7VJeoeCd2rTWwVDKukhwjsxqSsHtVuPlGHGYaRoEmV3q6VvKeKHxOhPhEIM50j66qqlFaA8gsxgztSNknNb4cvG/j+28DHxajM1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/wNiae25896FC3ky56yNZqP3Nc4wJpOPwOMmsz4Acfs=; b=grrBNz4p9O3sXeb8QlQ+Afl4qTWZQWV7Z92cyJmTUtOCmq7ssXeyCKn0hq3D8QuVEbeiBgjFNwcpE1NV8ORLluduWvrLwNEPPIOVxDHC9OTxkNYEE5wWrThsPEzizKNV8LW/+Iw/QHRtans9gu7AB79P2nK8k866VCQMCOTdlVknYPLrbBlDkUwngIMcvUNad6d3OHlGonJl5luKh7HapUneVON6zXex1HWnIgRGDPh44KfJ7bP2YUN76XkybJvfbEQLwhtWDsdt29JyX/EKNCCgNwIewJYbI6Z9r9WUOXIuXoDon173+mo6DvHj6bLhsFSMbONRJDKIOvgrE4TwbQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/wNiae25896FC3ky56yNZqP3Nc4wJpOPwOMmsz4Acfs=; b=e9dnlrwAc6ldcostrg5iENwKtd2Ws6ko2RUVZdWhcNIzgFHp7O0tqbqTFJmyBJq+hM3XFPTWo68UVmNOltYzEb84Plu9C1wAh2byNYRXwgwi5GtkFV5K57o1MHTRL45IX3bAdqjGMGrIoY+0VpAknjVhHinDc89Z7LKoJwlMfLI= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.16; Thu, 4 Feb 2021 00:40:11 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e%7]) with mapi id 15.20.3805.028; Thu, 4 Feb 2021 00:40:11 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, seanjc@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v10 13/16] EFI: Introduce the new AMD Memory Encryption GUID. Date: Thu, 4 Feb 2021 00:40:01 +0000 Message-Id: <301a3078f4604e23d8c2c5a2e1d4804a3b15dffa.1612398155.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN7PR04CA0197.namprd04.prod.outlook.com (2603:10b6:806:126::22) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN7PR04CA0197.namprd04.prod.outlook.com (2603:10b6:806:126::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.19 via Frontend Transport; Thu, 4 Feb 2021 00:40:10 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: b0cb4362-fdbb-4faa-2001-08d8c8a56dc5 X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4941; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Qx9J3SBLGR/MIX/nk42gL7uCd4SkzEzrh9bkeKGPHY4NeZ1Wy+W66X+6NDpGUbqE6hY8bDz/vX1uHAe1TEWe9N9Ofgx0dTfJaX7Y9b5hTrl3UQMniXaj6Cssw/MvRC1MKFc4qlDIv9TPMp3k8BnS3rYovGOGsa1IydoUVu0zBkIDUgJNDK3podREdu2Ee4+DsTRp/LnvyjkmiG/7NExwU4Bz2jCaRaO/ICbWU+Kr7SWAoFZ/iCuuoHmpVVORPUD82v++WAExQQEBz4T+KbnKXL1awzKu53Niz1v0WhXAeVgyXYN+NOj1fFErziVG1TK076xzenmHL4479EaEIfk+55LmxGl7SWvRVsy89UnsiIiMqbl+EeZM1flbG2WkvExIseC8mofl6tNPqeYJle1HzyjcM5Rh754KSoV2ruFcAILdRFpr8LxLQonqBmhZFbvhOBRAuVuO236Mzquz7cAjJGJ8etvUcxVTS1qdRQGSldAbVPMf0B/vfW9evQ0OBQIvT3b+ReudGzewC82BUfPquA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39850400004)(366004)(346002)(376002)(396003)(8936002)(4326008)(66556008)(86362001)(6666004)(66476007)(2906002)(186003)(478600001)(26005)(6916009)(6486002)(5660300002)(52116002)(16526019)(36756003)(7696005)(7416002)(66946007)(83380400001)(8676002)(956004)(2616005)(316002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: ptIbAP4G/ZmBvZA/cESVPncAGd8U8E9jS4JE9wfEkvNB2O1GTz+TZYxTETcfSJXQ49nm/MSsQ0Gjk+VgdOH/vX+RS+CsUg6yVecacOvJj21rxypRwiSm63D7y0xdNOUIS4+7TILkIsls4JCsTdHs2ILQynPdv8g8TEfC+xToN9WIpdjUc8GYPVHVe4M3v/RbcAglK0OHgYrB+mniaxQJqiGp1WmZonYfax0lieTnvn1MxcBeOfA+sxp/VmaSFEi1LTSV2gcdoi3tygQqlyJR/qaZJD5lMyH4sqvF5QJBrnZ6omUbcLDBfG5Bo35moFDoRyP3XpF6ps8dIXE8fNveHVjPRcNTpkFxaFEu0GHHjcmUlnNg3QQkjxm3jdAqXz1mslMm9w+ylLHxJKuq7mNSjQ1j5vflv4eQMXsQJLjLsHrhIk+whmzKD1DhAIN22r5RrYznUpirilgVsmCHY2NZCtgnfa+duUc0QQDvc1h6d2wR19qLn96uqiTv2qHNeJK3rmHxzIV8EfWhBKESa/oIIhduR1lAJWoHneOP4eM8N7T5aiBNPHor1t7QeKVv9+AsnJbCTfpkUMK7iRjlK9KHzFbACsNPU1oESDREhuIMocOlC8TEyTLu3G6WreFS8yujCv8rqWojQ9aarV9foyUDb1Q4JQj2JpJ1ObxJtkRW/Hw+lzKVUwrqQ5GgrSFLKy+0N94WeQKVMgZGbs/zpJZEYDMiPf8yhSxfNJgI4NBUIPflFXQ3xNtr06fLGLJ5PJChJi3/0jwbREql1pXE09roF0biHSgsHyj1qXwEIrMXyi3+XB7QXz43GlBb52iwqzsie/mzq2QGs+rBiWmiJT7Bju9H69bX4SYryrIT6Msn+sNhLKdKpzwaOGMaYAnFGUixES2WH+Y4k9wY+GnyhXG/sM5jXiOoPpHO0uclLJ7yELdfUKq8mzUsZI5iSuN5Qio3fKj7sXrX0JH18HHnsQesNjIQ9ShI3vKGUCnwfHJKOEGKuqQptr/CLRDytQZQXZgcQ7PEbhUS+mQnc6S6WjTLOL5YN0RvlVuJRfcetDq403ylkIF4nuw/dTytmYpi5ySgzvWGMjtLmH+rQt281V25YTgwETfAG4KeY/9OsjgUz/nA0t8o+H6Mw1A8OyomRGmxyR307Qx7DueHVcAu7WsaPq6wPZewh0deJYlffc142nCUt/YNBzxgIB1cU+DNynJHooI7uj46j3fTAURmRCVfdbVh0JE7a39SjiCL1RUVNlXP9PkvbtMdj96amvDLc53hXKnk9uAyS3nh9rWeY8PWoxCjvf6f+a8sVAMjzSQp5ZCuZ//FcDUai3vWGPDie3LE X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: b0cb4362-fdbb-4faa-2001-08d8c8a56dc5 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Feb 2021 00:40:11.1248 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: gtLGCJkQSgFD9OaNQo7W4S55sEBtwjwNrVZKYQHva5rkZO8fAdgOtuCKcj0eMZ5ozsm/UJSJc4I6GxGjA/5Ycg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Ashish Kalra Introduce a new AMD Memory Encryption GUID which is currently used for defining a new UEFI environment variable which indicates UEFI/OVMF support for the SEV live migration feature. This variable is setup when UEFI/OVMF detects host/hypervisor support for SEV live migration and later this variable is read by the kernel using EFI runtime services to verify if OVMF supports the live migration feature. Signed-off-by: Ashish Kalra --- include/linux/efi.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/linux/efi.h b/include/linux/efi.h index 763b816ba19c..ae47db882bee 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -362,6 +362,7 @@ void efi_native_runtime_setup(void); /* OEM GUIDs */ #define DELLEMC_EFI_RCI2_TABLE_GUID EFI_GUID(0x2d9f28a2, 0xa886, 0x456a, 0x97, 0xa8, 0xf1, 0x1e, 0xf2, 0x4f, 0xf4, 0x55) +#define MEM_ENCRYPT_GUID EFI_GUID(0x0cf29b71, 0x9e51, 0x433a, 0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75) typedef struct { efi_guid_t guid; From patchwork Thu Feb 4 00:40:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 12065875 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5C478C433E0 for ; Thu, 4 Feb 2021 00:43:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0C6C564DE7 for ; Thu, 4 Feb 2021 00:43:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234339AbhBDAmg (ORCPT ); Wed, 3 Feb 2021 19:42:36 -0500 Received: from mail-bn7nam10on2071.outbound.protection.outlook.com ([40.107.92.71]:5024 "EHLO NAM10-BN7-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S234299AbhBDAmT (ORCPT ); Wed, 3 Feb 2021 19:42:19 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=D8mpQKaVHUVxQWSYORqm8nMgSAnbe6ww64/2mJdb7fUXRCG774wp4FQ+IqZVYi1N7YkNfNaLFakvs9Ama2nRXVWfkpEsg7H7DqjAybQYS28Te6oKgrJGUyeC1o2cN3jVDqpWiRxGqQK1Pwft8ZLqr9uuQR4JuIr1J0Y8JSJVHfKolGaN7L1DpoVGXVdO2C1TUTxNGHVx5mXhghxIkosECDsQNJn2x66UOTbKBuVw0MGC8zrmwa2gW2juvi2H5A4+bI2w6ETMHgiIlYlw2EvEDrx/gfUZ/nTBH4NbGwT18I4+se2s4OzE0gZcxJ1pvNovng8nj0QPmHSjM+0nItID+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=x+rF+xeXGr1/+CN9i2OFc7aIQLhAIM62nwSzrCJXsWo=; b=KFyZvfqwcUhuZm7ZpQMwTWXPgJIdSWFUv98djdWHuR1xnnMZciYJ8xCdNPWuiDxN8iVje6qdR6ptcYtzGz+N3cm7+gv8M8jGZDw/IUDiqvOSCy9Mqt5cFP9vjyFx9J5I6x0m7ohOTOmt76Q4kw/9Rfb7VNocjxjB/RSdB2jWYb12wjoRSPkpRBTeIDDbIVBXv3ve2vJVAkAqxY8WZmoat5VxBuQcnyHlMrk7/Wr0l4faWAcjqoZkOX8SD5pXbEVx399f+hLG+KX3kGurnI7G7y+DxtOBsiY5yzGxx8M/OULA8SRAI4/Bxctb09NfBf5K08hCELr8fyUdELat8C9vfw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=x+rF+xeXGr1/+CN9i2OFc7aIQLhAIM62nwSzrCJXsWo=; b=QUvb0y6SsYpjM5fSP5KlfpNQv4NrOMlwfxeaNELyMUIOX2CkGifg7oyFHBtN3XYVmZtN62aurvEmtd2ZNWoSxstPvLCtZjBvsvgRS4HLzXpzH7CAK8eS0Zh6m1S6RFDi6OwIBmU+Eu3IDr69P5RnT4XR+uX4YeQq0uPsIWH2ARg= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.16; Thu, 4 Feb 2021 00:40:27 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e%7]) with mapi id 15.20.3805.028; Thu, 4 Feb 2021 00:40:27 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, seanjc@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v10 14/16] KVM: x86: Add guest support for detecting and enabling SEV Live Migration feature. Date: Thu, 4 Feb 2021 00:40:18 +0000 Message-Id: <6daa898789dc8de02072b1ee6e6390088dbbc5a4.1612398155.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0174.namprd11.prod.outlook.com (2603:10b6:806:1bb::29) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SA0PR11CA0174.namprd11.prod.outlook.com (2603:10b6:806:1bb::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.17 via Frontend Transport; Thu, 4 Feb 2021 00:40:26 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: c9f80e8e-92c2-411e-37cf-08d8c8a5777b X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:257; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 2OECr+9fT4FMFU+CiHhc9eUMlBxJV/4UG+ogbA0OnnC53LKjcJPnfN3TCPwKOEI7pC86n6JTXjxmLyxvJbFu33+iDsWjS/1cMSMyvQ/9LHg2TcBGNRYPtwIeaH5YAotcyPsQ9I2XYVXggx+5zXQtkuLnmpHKP91M4e4CHW9ylvIFwgRRoBGnSo+/7O3RMXSg6QuzObeMGJ8T72dWSNyU039ESeKYt+0BTOzsVlK8CkCyQ/DcfkyHTlFXTnsXy/Lgd/OOg5h41hv4jfTsYsuokAmzGvrh8nOBFQwRdjRVjFJtiCAHUejvdOJwKAavk43RH9dDcksT0lPnMVjOTKoAcTK5VMCb7TTBI7sbZQ11y6PvxlztPOCAIfQ0lX5vWwL8ZxnZ+7NLFwNBtdQCHk7mLDL/335cux7S0U0wFBi+C8NedGujAkM6QuI2aZy2XucNiNebJTUinHUJASb13OEV1DpYnIwQ8VL+jXuqLRc3Quxy/kYwGqjBdh/rncn9NYJvxNO6dXAZgv1y64QiGtYPgw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39850400004)(366004)(346002)(376002)(396003)(8936002)(4326008)(66556008)(86362001)(6666004)(66476007)(2906002)(186003)(478600001)(26005)(6916009)(6486002)(5660300002)(52116002)(16526019)(36756003)(7696005)(7416002)(66946007)(83380400001)(8676002)(956004)(2616005)(316002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: kHqTk7H6sEVrJWDCnCnLZgmwoaRG9mSM1MfQ9GUKxzGUaSPN54nyGmZJge+5EZP1fdaha5Y/bwbRfOYeZNBp18ROnt4VSxOHsZw2TnkPeSDaiJGOdWMVsWIsI4julPLzpeTnbs1UL8Ur8MyziUhW/XBwZ7cHUt9IswY30u7XSz4XprWq5U9ZbVprK9PwMGneaCtKK27ptVXHvyxlH867/XukZkX1IiLwQcDvwj41ysnvZ7cBslOqIFP5dOW2UUrWRA/mu2L9wjyTafcS0oIeDAEkIpztf04KZWkePJJBFcTppTznAuNerc8aOR3poNofu8+pzt877LCeeAoHAHnPBorXa/2c2XjBmuKZ8e/N6LRvPUKmKpufpyltRvLbuZsBJGGgeIHAVmzuXEe6PcVfc8rcvUsneRmkomdws/P5JlkRZRq1TXWKlvEUq8f4jnYUW/oFMUqrWCd4l+aaF74akK8WcTCPOCwTepM88R6peManI9RoUzu563JxeAp5O4wptfZ91vnERgxLaCLXBEK9yUg5hB/B67lFGX5zg4xPYfAjr6ZvzRU0W/LlBcDRo1dsCfNb+y6ZZgNAZ3Pj0rX703De4uUw6Kfo81TXA6Lfl87sehejlxxYp+zjWwip0NqsF6aXs6UwDcc1Ffjhs6GIUYrEgKCOvIbseOSjyLOZ7S7OcDqseqMZCFn1jOkiOPKgfzo2jsVLq/cUsp1DRhKXpj/9iW5V33ddzCuvgH77WMelLP+5y0vPjqb3mflmQn6xbNFglYDGFlWxIimRPajSnp/4atya1el1qtIs1I20E2GRPgVY39HbYhWmoKwRFvoVB21BCbJobaSFHI4193W44hBwEW0PF5kSLTV/s0qz5+0GNaOpsTwecgTVxBAto0eCVXyU9V+zPBwTCra0qQkxjwmsxP2sBG+pjPDVq5iWqK8tD0Cqup8BAIaaMVrNUE0tQe/EVUn3JY7YQDGthYQ8KUwDCQl+3UaajP5EZFHLhTAXJYfivQ6rSrZmBr5zuSVxiYs5hjaU2osB3hsI2AsJvaHJTqa4irnpQtoWmC97wxu/D6Im3V/8MWm2Lyb8q0aOB1CRHOrtru9K1kvjhjR20tb+4ppR/D/fmzL4pW8bSvpaJEmKzT3ybXGtA4Q61tz2EOLuMUaJFqadE11AJVjAlgEBwE3c0BKDL2Y34iUWsFSabbB2j2yquBZElfl3i4RM4MAp2El5DEc/KeWwz1gl8EV8PB6mOCpcJ+RLEdr761uOG+uEW/lU1n2Cceq5hCN8HpXKcqKkVnmY3ckRMntkgeaTI8x2eSxrOnPPsto5ntiyoca6efBBtoKN+/QucW/I X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c9f80e8e-92c2-411e-37cf-08d8c8a5777b X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Feb 2021 00:40:27.3917 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: vuqyDnvIlBuWiGKBQN0wX/S4nYEUjbDKmWnNRZ5CG4F68hcdrblepj8EW2oL1+HhL3pmfARnA/xp7IcQi5meZg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Ashish Kalra The guest support for detecting and enabling SEV Live migration feature uses the following logic : - kvm_init_plaform() invokes check_kvm_sev_migration() which checks if its booted under the EFI - If not EFI, i) check for the KVM_FEATURE_CPUID ii) if CPUID reports that migration is supported, issue a wrmsrl() to enable the SEV live migration support - If EFI, i) check for the KVM_FEATURE_CPUID ii) If CPUID reports that migration is supported, read the UEFI variable which indicates OVMF support for live migration iii) the variable indicates live migration is supported, issue a wrmsrl() to enable the SEV live migration support The EFI live migration check is done using a late_initcall() callback. Also, ensure that _bss_decrypted section is marked as decrypted in the shared pages list. Signed-off-by: Ashish Kalra --- arch/x86/include/asm/mem_encrypt.h | 8 +++++ arch/x86/kernel/kvm.c | 52 ++++++++++++++++++++++++++++++ arch/x86/mm/mem_encrypt.c | 41 +++++++++++++++++++++++ 3 files changed, 101 insertions(+) diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h index 31c4df123aa0..19b77f3a62dc 100644 --- a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -21,6 +21,7 @@ extern u64 sme_me_mask; extern u64 sev_status; extern bool sev_enabled; +extern bool sev_live_migration_enabled; void sme_encrypt_execute(unsigned long encrypted_kernel_vaddr, unsigned long decrypted_kernel_vaddr, @@ -44,8 +45,11 @@ void __init sme_enable(struct boot_params *bp); int __init early_set_memory_decrypted(unsigned long vaddr, unsigned long size); int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size); +void __init early_set_mem_enc_dec_hypercall(unsigned long vaddr, int npages, + bool enc); void __init mem_encrypt_free_decrypted_mem(void); +void __init check_kvm_sev_migration(void); /* Architecture __weak replacement functions */ void __init mem_encrypt_init(void); @@ -60,6 +64,7 @@ bool sev_es_active(void); #else /* !CONFIG_AMD_MEM_ENCRYPT */ #define sme_me_mask 0ULL +#define sev_live_migration_enabled false static inline void __init sme_early_encrypt(resource_size_t paddr, unsigned long size) { } @@ -84,8 +89,11 @@ static inline int __init early_set_memory_decrypted(unsigned long vaddr, unsigned long size) { return 0; } static inline int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size) { return 0; } +static inline void __init +early_set_mem_enc_dec_hypercall(unsigned long vaddr, int npages, bool enc) {} static inline void mem_encrypt_free_decrypted_mem(void) { } +static inline void check_kvm_sev_migration(void) { } #define __bss_decrypted diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c index 5e78e01ca3b4..c4b8029c1442 100644 --- a/arch/x86/kernel/kvm.c +++ b/arch/x86/kernel/kvm.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -429,6 +430,56 @@ static inline void __set_percpu_decrypted(void *ptr, unsigned long size) early_set_memory_decrypted((unsigned long) ptr, size); } +static int __init setup_kvm_sev_migration(void) +{ + efi_char16_t efi_sev_live_migration_enabled[] = L"SevLiveMigrationEnabled"; + efi_guid_t efi_variable_guid = MEM_ENCRYPT_GUID; + efi_status_t status; + unsigned long size; + bool enabled; + + /* + * check_kvm_sev_migration() invoked via kvm_init_platform() before + * this callback would have setup the indicator that live migration + * feature is supported/enabled. + */ + if (!sev_live_migration_enabled) + return 0; + + if (!efi_enabled(EFI_RUNTIME_SERVICES)) { + pr_info("%s : EFI runtime services are not enabled\n", __func__); + return 0; + } + + size = sizeof(enabled); + + /* Get variable contents into buffer */ + status = efi.get_variable(efi_sev_live_migration_enabled, + &efi_variable_guid, NULL, &size, &enabled); + + if (status == EFI_NOT_FOUND) { + pr_info("%s : EFI live migration variable not found\n", __func__); + return 0; + } + + if (status != EFI_SUCCESS) { + pr_info("%s : EFI variable retrieval failed\n", __func__); + return 0; + } + + if (enabled == 0) { + pr_info("%s: live migration disabled in EFI\n", __func__); + return 0; + } + + pr_info("%s : live migration enabled in EFI\n", __func__); + wrmsrl(MSR_KVM_SEV_LIVE_MIGRATION, KVM_SEV_LIVE_MIGRATION_ENABLED); + + return true; +} + +late_initcall(setup_kvm_sev_migration); + /* * Iterate through all possible CPUs and map the memory region pointed * by apf_reason, steal_time and kvm_apic_eoi as decrypted at once. @@ -747,6 +798,7 @@ static bool __init kvm_msi_ext_dest_id(void) static void __init kvm_init_platform(void) { + check_kvm_sev_migration(); kvmclock_init(); x86_platform.apic_post_init = kvm_apic_init; } diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index dc17d14f9bcd..f80d2aee3938 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include @@ -48,6 +49,8 @@ EXPORT_SYMBOL_GPL(sev_enable_key); bool sev_enabled __section(".data"); +bool sev_live_migration_enabled __section(".data"); + /* Buffer used for early in-place encryption by BSP, no locking needed */ static char sme_early_buffer[PAGE_SIZE] __initdata __aligned(PAGE_SIZE); @@ -237,6 +240,9 @@ static void set_memory_enc_dec_hypercall(unsigned long vaddr, int npages, unsigned long sz = npages << PAGE_SHIFT; unsigned long vaddr_end, vaddr_next; + if (!sev_live_migration_enabled) + return; + vaddr_end = vaddr + sz; for (; vaddr < vaddr_end; vaddr = vaddr_next) { @@ -407,6 +413,12 @@ int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size) return early_set_memory_enc_dec(vaddr, size, true); } +void __init early_set_mem_enc_dec_hypercall(unsigned long vaddr, int npages, + bool enc) +{ + set_memory_enc_dec_hypercall(vaddr, npages, enc); +} + /* * SME and SEV are very similar but they are not the same, so there are * times that the kernel will need to distinguish between SME and SEV. The @@ -461,6 +473,35 @@ bool force_dma_unencrypted(struct device *dev) return false; } +void __init check_kvm_sev_migration(void) +{ + if (sev_active() && + kvm_para_has_feature(KVM_FEATURE_SEV_LIVE_MIGRATION)) { + unsigned long nr_pages; + + pr_info("KVM enable live migration\n"); + sev_live_migration_enabled = true; + + /* + * Ensure that _bss_decrypted section is marked as decrypted in the + * shared pages list. + */ + nr_pages = DIV_ROUND_UP(__end_bss_decrypted - __start_bss_decrypted, + PAGE_SIZE); + early_set_mem_enc_dec_hypercall((unsigned long)__start_bss_decrypted, + nr_pages, 0); + + /* + * If not booted using EFI, enable Live migration support. + */ + if (!efi_enabled(EFI_BOOT)) + wrmsrl(MSR_KVM_SEV_LIVE_MIGRATION, + KVM_SEV_LIVE_MIGRATION_ENABLED); + } else { + pr_info("KVM enable live migration feature unsupported\n"); + } +} + void __init mem_encrypt_free_decrypted_mem(void) { unsigned long vaddr, vaddr_end, npages; From patchwork Thu Feb 4 00:40:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 12065907 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C22CFC43381 for ; Thu, 4 Feb 2021 00:51:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8697364E0F for ; Thu, 4 Feb 2021 00:51:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234434AbhBDAm6 (ORCPT ); Wed, 3 Feb 2021 19:42:58 -0500 Received: from mail-bn7nam10on2071.outbound.protection.outlook.com ([40.107.92.71]:5024 "EHLO NAM10-BN7-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S234292AbhBDAms (ORCPT ); Wed, 3 Feb 2021 19:42:48 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hZadKX8P/igw2ZHvJIMZ5u7MqvcscncOsAaI2RXAB358PdNijjx7F7VUgp/D2xEe5c3nF++2xMlgRR8tm7YxoQHbWSxIC67/MRx6hMKV62FOs97CxQ1m0HCNuMicrgA35P5kNK9S6IyiEljUKtmY/v0k8bs3GUnXwcJQZf1kEZgemYlP+UWwGwPCV3GRprlQ+t2tAB+jdKgOORjUQPLscWB2AXiuPFRvef7z0IrrXDjbZw8y0Rz7QHk9ajxn0MAcHBJ3QgML/xc9jQ47IMVsr4iwvgb361pBQUoiBCLaAo4uVOGoK8Nf25iwB2DHbDHy0uIJ+1G9ZlA9IUrF5Xzz3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NVsZ6f30A6ym2d3RuBlKkyWNYJE4Ap9qCyiyezbM+18=; b=eLYP8LSLt7jog0ZEkxIb8656AkBu81XHQRu2bUH2whYRU7XtDZczOyYnKSZGjB0hbQk0WJ9H6AQkjgAvbyiO7tLkxlncYpB29QNGFzvw6/cmAa3BaDuPr4K/Q2l6cz3u2RWi5zltwBZO81TE8hcZujbX902zss/UnE/DelCuVLZ4p2/1vbi6cstdZXVaTGWW4M6w5HaHqwozv88f0BuJN0VUcodcKid3YTPZjz0DeBSFzPv86Cd4Snd7eiMLt90mj9sDkq6ewjgbXGtZODbngLT/hNnohI6OUXyWBOVEf8zrKniT8JVt3rOdaJpC7gnxdIhCf2EzcJKWhLIR91uiLQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NVsZ6f30A6ym2d3RuBlKkyWNYJE4Ap9qCyiyezbM+18=; b=hlZd4nCru+jA2FM+jvdR3JdSZqv4Xi0Us5V2K6ypld3BrEtOJjvXEOnO+mH1NqTRG3TW2uoIvSK7+XjeAG+Gqv0msty4sHYvSUcb4C7s/K7VVA3BXXUjhkWD7KcD0hq3CRGKFwLR7UWpvJVXDKiFx/Fhi3QmuebdvarXIPIwgTM= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.16; Thu, 4 Feb 2021 00:40:43 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e%7]) with mapi id 15.20.3805.028; Thu, 4 Feb 2021 00:40:43 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, seanjc@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v10 15/16] KVM: x86: Add kexec support for SEV Live Migration. Date: Thu, 4 Feb 2021 00:40:33 +0000 Message-Id: <11de0243f7991ebe2b6a2acd4992cd7dcc5afb61.1612398155.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN7PR04CA0296.namprd04.prod.outlook.com (2603:10b6:806:123::31) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN7PR04CA0296.namprd04.prod.outlook.com (2603:10b6:806:123::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.21 via Frontend Transport; Thu, 4 Feb 2021 00:40:41 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 4fad794d-243f-47d5-b733-08d8c8a58077 X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3383; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 44rV3XQjWoeSahV5L3/l2PjNuQ04ZgkevkN+kUywZgs9ZNM154GvXyZHvqBN4r947WvYi6uQRQaeLqL88YnHR0VtMHa9oELFM9bFE/ZfU0dOcMmnNPDj/0u0Aqwxgzu0Cv1T3bNyLQq4a0cTt9j1WbqRJh77+d8aCneIcQmcTSaCDKGh+9mcRBD02hxY5816lGcRCN8q32cqKGFB7Qm9M2Bl2dJk/KKEH2wU/Ww8SWxwLrOWm8+bOMC/roHybmaeHiiIYvOnxpDDNuVG0bNkGPrY/AJFSDlniOKg9umZlVjBeOgoyab/hU1h+nLoS+pCsDIBqFEiKUCBhYJG8Sq55uWUNttVY4658kAfsa3Menc6MO/w2XISUrs9xd2+tRzqMe8FhWwASfmdiT6id9SYkrbogI3CdbZmsGvcu/yvtAiRvd6kqF6UV2YijTeGczW259Jr4SyhelwOWNr+4xDu6g8a4uWw/cVuz/26pBwwHj8yOog/Jj81JiQCtlhpqLos5SZ5YQ2/i048sPtKq0Dngg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39850400004)(366004)(346002)(376002)(396003)(8936002)(4326008)(66556008)(86362001)(6666004)(66476007)(2906002)(186003)(478600001)(26005)(6916009)(6486002)(5660300002)(52116002)(16526019)(36756003)(7696005)(7416002)(66946007)(8676002)(956004)(2616005)(316002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: cKcC+FpQLQbevJTBZtnsN4Cd40MPxjOMEK8kt03k9kvsVLwZ/Ec+5Daqhb2p5U6vxL2mVavr1u1HZRCh5C+I7btoVgZO4Gf0LWje/CBQOojBFDMIX1cXHef9TuhWQmakq0f9/Mh4lJE1yj0QfnkKRzAgxpTFzfWwrZsDB213uJ9Yw98Vn9Ko/utrNKbg3mIjE/bbQvUaAN+Hlvg5GpzgQwU575maQmjGXstzQ5TDXJqox/A5WZHDTWYKIzk4/chAVsTX03vEOB8cwUAg5qBksy1vfWie5fcIF4mFemQ+oluNzz4ivExUGSSyKqpzRzBWSqOcd+yI4HOn89FMUlxk5suttdQLTARJ0EUcww6Dv8clufuh4CfQKO/qUjy7nbNUtsVXp+YzR5xMmutuFDjq9QEPbKYEagobGoKrP0MELy8O1xs485fgET44oWXpWgAibI+lsUG6hte82hfX/6OG+W4JacDgIPp1WAySXy2IBn3veFpoctdmziMbu8NXLalXD/rO/8OXynl5VdpnJzHt0NqJ8TQVX9GAWSrZTD52IM0hkM2w1VkhLYx9/kWc+JnGXhQ2UHnEzlSirCYpA+cSYd9r2p6MoTOobzeQUhieQmyqecKy6lvm2NfQ8wz+xTHhnFB8sL87LDRbFH7hV0tWVd2qhc7oHgEyPBj9p/n3lEhH0W5TZd+l4jDihnrGeg5w+G9SqH0nPObvU1B41OHDLrhgSqKHudPW1fmSnC9bX2HlPgxvlgNE/RvkpvuJVkPZ3i5hlZUd6vSKjI8Jw3PjS0oJfsp4fHHnXsd/i8l/5wIk/TBwtlDJYeF1ipU75DDz/qaeYqp6VUkm536LVXAzjVpPQVGtGZeyz/UeGEGRY3UiyuE5ZH3vEryugt4hizV3zLubSMcHY9wCWwqlOeyqfo6k7yBmVA9qX6f+DvqpNIs3xaSy3RelQ92AorbmRKik1ZBonOt6luwlE3ziiQhyOamk7yZfjtY10pObaZAsyuZ5rSfe4Fp6fjh96II69TNkXcyBXEkmVTv845F5Jj8rRcgwrCE2/ivBbi3ji97thnblhtSySj9H/HyocFMAWVUqosq7ROnNJh4dSSW89I8lkz4461ddEtG/60wcj+Xq2nMqcV/KnV+4W05jOFjF0WvdCmn4z8pYfSHI/fP496EKb8tos6IjTg7oPu0PzQfRm9ZC+ehp2q7ODbwD0SBVMy6FK6nsvk0eZsG4OLF6gD4fyZvMyaArBIzMtEiGpCIKLmcDOOi+DKVewCgi08SfwTEOdL4TbpI5pmHonwli6QMnYMEGso/KQAvD+WEEMaKfV5NoeF6OH+Wl+HRw0XbYQgeU X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4fad794d-243f-47d5-b733-08d8c8a58077 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Feb 2021 00:40:43.0249 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: cCTcsq2PBGdiJmUWnKH1ipQtZ0pgP4WApxDMr4H/RsM7j3mCIWOST/67bjk6IuRfaPaMTkANHrS1wFZLrz+ehg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Ashish Kalra Reset the host's shared pages list related to kernel specific page encryption status settings before we load a new kernel by kexec. We cannot reset the complete shared pages list here as we need to retain the UEFI/OVMF firmware specific settings. The host's shared pages list is maintained for the guest to keep track of all unencrypted guest memory regions, therefore we need to explicitly mark all shared pages as encrypted again before rebooting into the new guest kernel. Signed-off-by: Ashish Kalra Reported-by: kernel test robot --- arch/x86/kernel/kvm.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c index c4b8029c1442..d61156db7797 100644 --- a/arch/x86/kernel/kvm.c +++ b/arch/x86/kernel/kvm.c @@ -39,6 +39,7 @@ #include #include #include +#include DEFINE_STATIC_KEY_FALSE(kvm_async_pf_enabled); @@ -384,6 +385,33 @@ static void kvm_pv_guest_cpu_reboot(void *unused) */ if (kvm_para_has_feature(KVM_FEATURE_PV_EOI)) wrmsrl(MSR_KVM_PV_EOI_EN, 0); + /* + * Reset the host's shared pages list related to kernel + * specific page encryption status settings before we load a + * new kernel by kexec. NOTE: We cannot reset the complete + * shared pages list here as we need to retain the + * UEFI/OVMF firmware specific settings. + */ + if (sev_live_migration_enabled & (smp_processor_id() == 0)) { + int i; + unsigned long nr_pages; + + for (i = 0; i < e820_table->nr_entries; i++) { + struct e820_entry *entry = &e820_table->entries[i]; + unsigned long start_pfn; + unsigned long end_pfn; + + if (entry->type != E820_TYPE_RAM) + continue; + + start_pfn = entry->addr >> PAGE_SHIFT; + end_pfn = (entry->addr + entry->size) >> PAGE_SHIFT; + nr_pages = DIV_ROUND_UP(entry->size, PAGE_SIZE); + + kvm_sev_hypercall3(KVM_HC_PAGE_ENC_STATUS, + entry->addr, nr_pages, 1); + } + } kvm_pv_disable_apf(); kvm_disable_steal_time(); } From patchwork Thu Feb 4 00:40:48 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 12065905 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 62E4AC433DB for ; Thu, 4 Feb 2021 00:51:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0D61564E0F for ; Thu, 4 Feb 2021 00:51:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234457AbhBDAnD (ORCPT ); Wed, 3 Feb 2021 19:43:03 -0500 Received: from mail-bn8nam11on2056.outbound.protection.outlook.com ([40.107.236.56]:27937 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S234421AbhBDAmu (ORCPT ); Wed, 3 Feb 2021 19:42:50 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nccAklR1hLYr2GIPzXx+BO6Q7ViWuhgOrKUs36ysBWGDvypOF1412E/I7p5kIpDSrHkwvvDo7MFHsNTArr3to/30ASWIYoGdvBZpMX3gLJ8w5jNEHCt+g7Rs8ZshwLKHdN34mOzeUSFSLAAjPZDZe9mZzjOCWe2WppZWa6CmmgDoN8zO04ovJSQqN+grgfX1NVqjfN053zD+ivq71UgX9ob72Kdf7vxnh1WHYUhL9CDhJET1WnNcjSqwTGfaEzFesJO7jmMLPTA0X5XR0fXQymTz63tRv3dMjTRGFu44mYbjyCRwSYiwY2+RtH+XBWd0IWNNvKRa4SXnEgXQQXb4iw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wsbWATYAuUJOtwXtqdwT1Doc7+IdQyBsZs/DW0YScAQ=; b=g9GH8Y+iMzLKFh7LfTDgYbNKnpiysZryug2YefA6cRD4U31MpGNSBvyYpdcI3nkn8yDszXoskP46IDSm6KWdQUje5m63RFPoL+MElZUB7dyvp6sUPXR9sNOB2oYI0gkuaynry1gStnYVANz5YrZxdi6Mw2JDVRg25vEZ6n8pTs7z9vPfYhy0Y2/SFUN5/uJBZ5dzpcw1/dtoiCKAxEBcHKfBjfk5vcNyr+HV05LFOOwtroYro3AasKII2KvBYraa1yIFzp/jNG+802yYctFmaJvXQdkYjE8+y+V0xdwpONo8vhbEMNZJyXWYZxxwawjKhCvZ/Nt9szTIRG3UTAkgFQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wsbWATYAuUJOtwXtqdwT1Doc7+IdQyBsZs/DW0YScAQ=; b=KsFEsJBUeg4IBiFFQX//Rwzqx4/xdbKpkDGUJ/p30PsdoBbBUIRNQYVzVb7ChFQ97qCxrjMhHq7D5XLU9aCHRWZJo7d2JTwYGl/srQ1JafrLeNeqkTWmECcHMD1IDNULmsDbo/lRDw0AuE6xhyS9pobOhjdBsx1DbT733Yol+8k= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.16; Thu, 4 Feb 2021 00:40:57 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::24bb:3e53:c95e:cb8e%7]) with mapi id 15.20.3805.028; Thu, 4 Feb 2021 00:40:57 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, seanjc@google.com, venu.busireddy@oracle.com, brijesh.singh@amd.com Subject: [PATCH v10 16/16] KVM: SVM: Bypass DBG_DECRYPT API calls for unencrypted guest memory. Date: Thu, 4 Feb 2021 00:40:48 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR11CA0015.namprd11.prod.outlook.com (2603:10b6:806:6e::20) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SA9PR11CA0015.namprd11.prod.outlook.com (2603:10b6:806:6e::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.17 via Frontend Transport; Thu, 4 Feb 2021 00:40:56 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 05259c3a-881b-4a0a-d49d-08d8c8a58959 X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:369; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: wKjtkb7Z6q5qfXSWQtWlCYiJJFRP+Lm8Ie57JU1sX8IuHOKCBQBPn2dFllz6dpnmLCspVaVvDjmmTG2TiguPfURiWzEesij5GX73ruD3O6wA/QTjEbx247xIJBz1Ut5qQibKQ4SrcAFNcBp9VPEbofH/1A6klRDNPJsyOHMQ+zMo5iJdhCE8UxH7PIDmDfcRSwc1Q5BgpctIyx3eCs4jJ9WHdWWiE0n+wTFiuTfm/rKdVeAga2tIeEUEBopQQdsuISnvUD265ig1Py2w+mDifSAwssJWzsUpbPo/CKdmban0HBlT4pLWg17cNn8HMHC9PDXrGRoTjhrf5BqHKkT3E/Q+KKfZ8fqDL7rYyPvhJ9ZfZDkXgkS+4C9prN0eb/fxuxsvJhoX8X8ZA5mN9ZiCvtcM3r76ib/aVdZH2ZJK1TnIpH9eRk+OXSExcXVBFozjl77galFPN23yrKIsIWM5vHYnSBIDxPokfhuMqfzZuZnps6ORrP2U2rHjsO0uf924BCyQXTi9bK2co53zlNrqug== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39850400004)(366004)(346002)(376002)(396003)(8936002)(4326008)(66556008)(86362001)(6666004)(66476007)(2906002)(186003)(478600001)(26005)(6916009)(6486002)(5660300002)(52116002)(16526019)(36756003)(7696005)(7416002)(66946007)(83380400001)(8676002)(956004)(2616005)(316002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: reCgN7b0FcgEBoMsWLSCo+aLM5209+563UqFPbqrTlP9kQuP9t5eVYKUY2s9KLb8bp4s0TGEh+/WkMzcDMOMArXKUzMC+14jBesPUEymL4OBiaCLvEX8eHTWmL4tDyy79nfL3WlB3NuqvriZmJoLtVxmqCYECSgInRWSmcZbWS1r7wwDWfULDx35+8hR9rs21atOl8h+E8TCxH6+MNEEJepb0bgxijtSQjhO1H9JPLEkCrQfMh7zHUR3O+4HY5YJV4fRGYs/3omyleCpe/0kKL1sDpkOAADZMcVBedFpq6SjWPANRVBlbEKYGwrBISBrqI6A7L+P8F6YDDogaTagE6pIChnZZ9sKjp60xs4j1OCXCmGsboyIDj/JjBgCnwuiuE6U3s3hL98C0MiBEwOPaQg7+Z8DwS0bxtwocz2hq9IO8u61KNBKsLO0Rw8U0ZtTlRVTPxCDld7m8f/X9ssH41JXjGDj7FgtS1bPEmzl+OoHyfHC+f0ObKh5wZrCxMIOFwXbNGXxatxE8fbubu9xYuRllIXrS/6fsM/jdEQH8xG6jps+o2KyY1KIbGrWFLkL3l2tA4HalLEAt+VZdJPA3HQvVmhcvjEw4hqcXEZXvKYgcgBIiaHGDowh+vubBf7bRLWY/Jk+EON1Qb2gQ/KFyuC+BARMVqnd46PBi4qSMRpHAQJ4Hnd9vHq4cxNhzYyKc5IPMD41eKYBEr83MbYG9XD8o5mjbHJimUHaFP1bvD7F/2hk/8xxcZ+Ur2fapku0O6YLiZU5eNdEwA51zIpLt1O9qCDwPTwwBC/VISYI6lm8TulvLaOXQmMMtwaFGEbSBgbCYAqKNSN5h1yJ5SOj7lNtv7nX9Gua2Ib4MfFH8spjNHcMbeDOcRnIVT3G4B+zdP7YgRAcX8WPjfIH5tpULUpxxEuTUGLgln9a+z2uc2TMsC8gL1IzX8+eOxI7pWDRa3dkFFSYaXEdsu6b0SjJAq4cjWUwQ4BbJsGYwKw7UNXOhE+XJVN0zJ6LGGjL/4K921tAKW+c+xg5HVUVQBMzm5EU407vrDhs4FjeAFXX690VxDACQPdshRFQpDFeli0Ersi1WJ8AwJg5KNCjJBnHzMPxq64TS4aS9mgB6N9B9wZkcRa6NCMErGS+t3GEGioo7bhT0D7Gkv0CEgdp2sPoIBb6txIBfuXKnhew/cNr38henm4vnxD0f05a7g4GSoWOBgNce7s6FPK96jyFXN3ye/VYX8sz+BYBCrEz3RK7B40g3q7l5TiI0xPqBrA9v/ghPU3FqXJ9tmaZWk9AoWcjR0O6lUi4qzC8BCfW/LeiuwCTH+ZTNdNnEYyUyNOhEWDY X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 05259c3a-881b-4a0a-d49d-08d8c8a58959 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Feb 2021 00:40:57.3979 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: r3PXMQSebXh99vBwT/FOwQAl5BCAA2ukym2Uyw8vP1aGd6IeeUqmppNyuOzhZmAQrkktX8sIeZ3Z81napUD9BQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Ashish Kalra For all unencrypted guest memory regions such as S/W IOTLB bounce buffers and for guest regions marked as "__bss_decrypted", ensure that DBG_DECRYPT API calls are bypassed. The guest memory regions encryption status is referenced using the shared pages list. Signed-off-by: Ashish Kalra Reported-by: kernel test robot --- arch/x86/kvm/svm/sev.c | 126 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 126 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 93f42b3d3e33..fa3fbbb73b33 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -888,6 +888,117 @@ static int __sev_dbg_encrypt_user(struct kvm *kvm, unsigned long paddr, return ret; } +static struct kvm_memory_slot *hva_to_memslot(struct kvm *kvm, + unsigned long hva) +{ + struct kvm_memslots *slots = kvm_memslots(kvm); + struct kvm_memory_slot *memslot; + + kvm_for_each_memslot(memslot, slots) { + if (hva >= memslot->userspace_addr && + hva < memslot->userspace_addr + + (memslot->npages << PAGE_SHIFT)) + return memslot; + } + + return NULL; +} + +static bool hva_to_gfn(struct kvm *kvm, unsigned long hva, gfn_t *gfn) +{ + struct kvm_memory_slot *memslot; + gpa_t gpa_offset; + + memslot = hva_to_memslot(kvm, hva); + if (!memslot) + return false; + + gpa_offset = hva - memslot->userspace_addr; + *gfn = ((memslot->base_gfn << PAGE_SHIFT) + gpa_offset) >> PAGE_SHIFT; + + return true; +} + +static bool is_unencrypted_region(gfn_t gfn_start, gfn_t gfn_end, + struct list_head *head) +{ + struct shared_region *pos; + + list_for_each_entry(pos, head, list) + if (gfn_start >= pos->gfn_start && + gfn_end <= pos->gfn_end) + return true; + + return false; +} + +static int handle_unencrypted_region(struct kvm *kvm, + unsigned long vaddr, + unsigned long vaddr_end, + unsigned long dst_vaddr, + unsigned int size, + bool *is_decrypted) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct page *page = NULL; + gfn_t gfn_start, gfn_end; + int len, s_off, d_off; + int srcu_idx; + int ret = 0; + + /* ensure hva_to_gfn translations remain valid */ + srcu_idx = srcu_read_lock(&kvm->srcu); + + if (!hva_to_gfn(kvm, vaddr, &gfn_start)) { + srcu_read_unlock(&kvm->srcu, srcu_idx); + return -EINVAL; + } + + if (!hva_to_gfn(kvm, vaddr_end, &gfn_end)) { + srcu_read_unlock(&kvm->srcu, srcu_idx); + return -EINVAL; + } + + if (sev->shared_pages_list_count) { + if (is_unencrypted_region(gfn_start, gfn_end, + &sev->shared_pages_list)) { + page = alloc_page(GFP_KERNEL); + if (!page) { + srcu_read_unlock(&kvm->srcu, srcu_idx); + return -ENOMEM; + } + + /* + * Since user buffer may not be page aligned, calculate the + * offset within the page. + */ + s_off = vaddr & ~PAGE_MASK; + d_off = dst_vaddr & ~PAGE_MASK; + len = min_t(size_t, (PAGE_SIZE - s_off), size); + + if (copy_from_user(page_address(page), + (void __user *)(uintptr_t)vaddr, len)) { + __free_page(page); + srcu_read_unlock(&kvm->srcu, srcu_idx); + return -EFAULT; + } + + if (copy_to_user((void __user *)(uintptr_t)dst_vaddr, + page_address(page), len)) { + ret = -EFAULT; + } + + __free_page(page); + srcu_read_unlock(&kvm->srcu, srcu_idx); + *is_decrypted = true; + return ret; + } + } + srcu_read_unlock(&kvm->srcu, srcu_idx); + *is_decrypted = false; + return ret; +} + static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec) { unsigned long vaddr, vaddr_end, next_vaddr; @@ -917,6 +1028,20 @@ static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec) for (; vaddr < vaddr_end; vaddr = next_vaddr) { int len, s_off, d_off; + if (dec) { + bool is_already_decrypted; + + ret = handle_unencrypted_region(kvm, + vaddr, + vaddr_end, + dst_vaddr, + size, + &is_already_decrypted); + + if (ret || is_already_decrypted) + goto already_decrypted; + } + /* lock userspace source and destination page */ src_p = sev_pin_memory(kvm, vaddr & PAGE_MASK, PAGE_SIZE, &n, 0); if (IS_ERR(src_p)) @@ -961,6 +1086,7 @@ static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec) sev_unpin_memory(kvm, src_p, n); sev_unpin_memory(kvm, dst_p, n); +already_decrypted: if (ret) goto err;