From patchwork Fri Aug 20 15:58:34 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449771 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF19AC432BE for ; Fri, 20 Aug 2021 16:00:00 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 745B961102 for ; Fri, 20 Aug 2021 16:00:00 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 745B961102 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 535A28D0003; Fri, 20 Aug 2021 11:59:59 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4E4CB8D0001; Fri, 20 Aug 2021 11:59:59 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3AB5A8D0003; Fri, 20 Aug 2021 11:59:59 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0181.hostedemail.com [216.40.44.181]) by kanga.kvack.org (Postfix) with ESMTP id 1E6358D0001 for ; Fri, 20 Aug 2021 11:59:59 -0400 (EDT) Received: from smtpin19.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id C155E1801C372 for ; Fri, 20 Aug 2021 15:59:58 +0000 (UTC) X-FDA: 78495920076.19.82285C9 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2087.outbound.protection.outlook.com [40.107.220.87]) by imf10.hostedemail.com (Postfix) with ESMTP id 3779D6001986 for ; Fri, 20 Aug 2021 15:59:58 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=W7diiwstASe75qgoTNSRcAwb9c6Ml2VgnmOnJbyiK8tMpifR5eTsDephieMtRc7FSPdbcPa6SzHT4Rc55WWYPMi01YuvIV7PymoY5ET/HPJzFBpB8/SlE5zKaAfPAogaE0zllRKseLFcBofXa1UiRWPO62f+yYEqfp0cQufVbFe7vVjBU+1Ggfg3WmMj+caZyZTYjY8uxF14ybbyAQDTxXNMcH48375VBjUQPxUXBtkYtHc8Lz8VIPJF96d9U4SvbLh/c04AoGyOBxBoV8a8obW/MvWkDTJwYwiEUuPnBFgZ2Na9M+opPPuDS3C0Zr5cINjDvqXfin6Y9sXZQRFnrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AD60n1Z9tX4RqoI9EAsyTRZUjD0EWMR8X/oIhpw0B2Q=; b=aiyLfgmdYD8cUrHCxOnMNKMo6ycNeRTuO98mqdXZQVPylu6/jmvzC3JTstRY8VgLC42pstGSAMZv46CZnyDLqlUHsyTYldYr/CwZKUdHLiXh2BXyYbVvBFVSZ7OdhIRHmwqfvbml8b7e/cuUGpZM1b9OJAvoqV8/Sa1bUATKGCzwRIJtlcq3RO9nsw0+LHNSumMvC7zejf4GSW48i6RSmXxE/w18K/OF0eHb+dpV2teJDWNY/+/4e4Qyla3OSyC6sONSHBKQsBR3e1f1ygeBRB2XA3yKp7x8UodMPufwiDIC+Zu/U4w/enSTRd1lb+xyA70bLc9l2wvQRsut0M1Dog== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AD60n1Z9tX4RqoI9EAsyTRZUjD0EWMR8X/oIhpw0B2Q=; b=Z1J4KllzIen0O/9fp+Ku8RTaRYwCtvX5vaddJ183RgE3slgxe0UyX4E2eg7aZjAossDY7NCM2O9Ee74qRnO3P+k0Jam9RSKOQZyIbikcUXjNg/rOC9yUGGZXRf7Hkg/vBK3Q8o3V8pLE2pQxiG8Jdz+imGxTuo2Q3JARgs1250M= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2685.namprd12.prod.outlook.com (2603:10b6:805:67::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.21; Fri, 20 Aug 2021 15:59:55 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 15:59:55 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 01/45] x86/cpufeatures: Add SEV-SNP CPU feature Date: Fri, 20 Aug 2021 10:58:34 -0500 Message-Id: <20210820155918.7518-2-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 15:59:53 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a4809fd9-6392-4bd1-9a96-08d963f38d35 X-MS-TrafficTypeDiagnostic: SN6PR12MB2685: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4941; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: +VnpIn9OWiD6aOHXohaBi7hcODJxEqvQKKh9bkjv3aBw6KqRIrqFfEshK0iE03PmAF5s1ygcjDzqp3tYPQJGeZTOcLpweQk5GYUdN7/NuVIF1uOV8g9+8ZH59BSVhJhl/r5pIjk3ERR9t8O/b3ss5YLJgLYkkCH05JtwggduYaFg38tef0OjvAeIAgKvVigXnbPb050MwN86rcYPOjRLKm8st3edKRhrm6iJyd9NgB2fdH0LshM82vO6YELR1Vra9LITI0eUuYz58NWJIIyTp4ghALqKxr5W7Ml1Hw6K7BYnBM3px6iS7+40G3riUSWI/W1tWHObjqe84ivE3Vkw47Ql+qKJFMoZb80Kdj6tVgluSqM4izVTdGpsH26wTzmnxYlMkvQ/6C9f+8E29oBviwn1BlO0KJLx4q6u+Zj++0m3HutwW0GAfD7JU1Va+YArFuAELUWLoc5C6nEtdJ6q8f3JKqfxJHHphWPC2jAMO1M+6xGoq2hefAiMSYKmyI0D7s368X9zw9EyNSWhVR1IpAZWEiet0Xp9p0ckaJ/r5RkVEgce6xlpIt7UFug7p3RBK656Le0gWf22ixRKbmQ3jKthg10I1gEpjr25KXccowiLljG677H4ksSkW5Mfj/203gohq0jzN76gsaTikHnYBmHvLo+4Yqn9/lKq3TXXwZPBpSHY6nLLfZoheH3rPwnnpmnehO9WbjpEW7mzc4ol8w== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(376002)(396003)(366004)(136003)(39860400002)(8676002)(316002)(54906003)(5660300002)(8936002)(1076003)(2906002)(478600001)(36756003)(4326008)(38100700002)(38350700002)(86362001)(6486002)(26005)(83380400001)(186003)(956004)(2616005)(44832011)(7696005)(66946007)(52116002)(66556008)(66476007)(7406005)(7416002)(6666004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 5cDaGrkOPpvDqjK1+kJ9W4RKqCGBP/5qfh7jGBGaKofuXzCvk21Q7iU+Xd6Bah2RQJnkj6pGRnBiJbx6m9XfVOwoXiPl9Sk3Y1K06Tey+QPJXZ3HX/uMPEJsUDJXHW/+OeCufc1QvfqN0hYFoF6paxeX3Rbun9JLRpWkjXNak4Y9X9LxTISWGtsswut5UZGL06sk4eI5z0DaQ9Hpc/foV8cJh2TzlvI4JjRAtNansZfFcWL2wxXSursExwHM0+Fn99elUYz1ONHfuI2fL59Via4YCt6yt8RFMRCCT4knqkyyqW4hTJEwU3waWIuurIkC4mOpAFR2dahuF3MMJNT+OruhB2pg30waXtLDH0a7fmYXBSi9wPZX2i5LuJPh97TwttuduejeY9ktvTJnQAgLfjRWr/Z382T9WRNXGVQ/oqdgfy/8ZfcSCdCI39NPV4uNi4am6niwIuEAAAacTGHbgT92EknMQwZ+xMOKoSWWkWd2JXhkNxXRtiFuvHy3RXKjKKaqtJ9x1F0KyNEuv1/SF/WydGIMvG2epi0MD1v8hFjhV0Xdp9gwlSqiOSx5PKokHrp07/e4MlVSi0TioBU3wZ0RG5LEUZlyXgY7fteGkBx0FgrypJKC5Y63oAwsOtVU2wRGDIzXKa65Qeq4z+ScUA4o1SqebpnL8NMMiEa7lBo5okLYxZPxUi0m+fV8SaELZTZhw6UIuWj9ku0WoeDxonMtZb5Dey5+mtmw5aedmg3JUiH9tZSdWxVmzh/jAefT7CNdpa6QOHKkmC9AIxyabW/REyKVCFzGom6NAu9r/SWWGY67hEQB+NhUZiws8KPkNfv+4LqxxNR0BNusxXWFw8wkTbk0LFpfWhvye//f9EwK1bIJNb99QDzA2YeNnitq+EC1NNMscdxYSKJZ7NIjPmPbMLe2jCmoPkEJMDcpuOQ1B75okPZNBCPLDcpP6CuRYU8NO2IS/TYASg+Z6FpKU8UtMiJ1dzF08l4gdlYc/HkHPdUXEFwYlMCzXUs0P2dEsg1P1SIqhMJpEhhdde63biKLJMvaLJ+8PLkx3JRCZqbjorPyGwj1E2gL//Nonyoy3L6cfSo3bh+3XkpBzv9QwvDM//2pcI0etGN+7Q+JjsQjovZ7PRcFFC+v6e4enoDcWFqt2i9tTjjPNKpJnUQbqiZJdCx1W3Ag7r28lO01N8BSirXtAIyUkHz4/BAK1UppkeU1l825Dgct5erZFEzITcBldNGKoim4EYy07n9G3cJu5vNooD07QFgeomB9P4DfFc1I/rCYLTGh8jBzh3gVHg8I/1ptIccgVlcXd2XEu15hJZh0E9oOAjPtL/edKlXj X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: a4809fd9-6392-4bd1-9a96-08d963f38d35 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 15:59:54.8777 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: QejYfc3VNo6yArmcth1hxichd1vqrBAhGggedSVEDbfdFNDoMV3utlb4n44ONIWufPiX5JDEtG1ibIhLE12LaQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2685 Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=Z1J4Kllz; spf=pass (imf10.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.220.87 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com; dmarc=pass (policy=quarantine) header.from=amd.com X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 3779D6001986 X-Stat-Signature: r37d59gb5n54xewowt4waw1eyo31xdi9 X-HE-Tag: 1629475198-925740 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add CPU feature detection for Secure Encrypted Virtualization with Secure Nested Paging. This feature adds a strong memory integrity protection to help prevent malicious hypervisor-based attacks like data replay, memory re-mapping, and more. Signed-off-by: Brijesh Singh --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/kernel/cpu/amd.c | 3 ++- tools/arch/x86/include/asm/cpufeatures.h | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index d0ce5cfd3ac1..62f458680772 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -398,6 +398,7 @@ #define X86_FEATURE_SEV (19*32+ 1) /* AMD Secure Encrypted Virtualization */ #define X86_FEATURE_VM_PAGE_FLUSH (19*32+ 2) /* "" VM Page Flush MSR is supported */ #define X86_FEATURE_SEV_ES (19*32+ 3) /* AMD Secure Encrypted Virtualization - Encrypted State */ +#define X86_FEATURE_SEV_SNP (19*32+4) /* AMD Secure Encrypted Virtualization - Secure Nested Paging */ #define X86_FEATURE_SME_COHERENT (19*32+10) /* "" AMD hardware-enforced cache coherency */ /* diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index b7c003013d41..3e6a586fb589 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -586,7 +586,7 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c) * If BIOS has not enabled SME then don't advertise the * SME feature (set in scattered.c). * For SEV: If BIOS has not enabled SEV then don't advertise the - * SEV and SEV_ES feature (set in scattered.c). + * SEV, SEV_ES and SEV_SNP feature. * * In all cases, since support for SME and SEV requires long mode, * don't advertise the feature under CONFIG_X86_32. @@ -618,6 +618,7 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c) clear_sev: setup_clear_cpu_cap(X86_FEATURE_SEV); setup_clear_cpu_cap(X86_FEATURE_SEV_ES); + setup_clear_cpu_cap(X86_FEATURE_SEV_SNP); } } diff --git a/tools/arch/x86/include/asm/cpufeatures.h b/tools/arch/x86/include/asm/cpufeatures.h index d0ce5cfd3ac1..62f458680772 100644 --- a/tools/arch/x86/include/asm/cpufeatures.h +++ b/tools/arch/x86/include/asm/cpufeatures.h @@ -398,6 +398,7 @@ #define X86_FEATURE_SEV (19*32+ 1) /* AMD Secure Encrypted Virtualization */ #define X86_FEATURE_VM_PAGE_FLUSH (19*32+ 2) /* "" VM Page Flush MSR is supported */ #define X86_FEATURE_SEV_ES (19*32+ 3) /* AMD Secure Encrypted Virtualization - Encrypted State */ +#define X86_FEATURE_SEV_SNP (19*32+4) /* AMD Secure Encrypted Virtualization - Secure Nested Paging */ #define X86_FEATURE_SME_COHERENT (19*32+10) /* "" AMD hardware-enforced cache coherency */ /* From patchwork Fri Aug 20 15:58:35 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449773 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7A4F0C4320A for ; Fri, 20 Aug 2021 16:00:03 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 117ED6113D for ; Fri, 20 Aug 2021 16:00:03 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 117ED6113D Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 583D68D0005; Fri, 20 Aug 2021 12:00:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 50DF78D0001; Fri, 20 Aug 2021 12:00:01 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 35F288D0005; Fri, 20 Aug 2021 12:00:01 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0061.hostedemail.com [216.40.44.61]) by kanga.kvack.org (Postfix) with ESMTP id 19FFD8D0001 for ; Fri, 20 Aug 2021 12:00:01 -0400 (EDT) Received: from smtpin01.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id BAE4A181AEF1A for ; Fri, 20 Aug 2021 16:00:00 +0000 (UTC) X-FDA: 78495920160.01.8612B40 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam08on2058.outbound.protection.outlook.com [40.107.100.58]) by imf01.hostedemail.com (Postfix) with ESMTP id 5174D505CA52 for ; Fri, 20 Aug 2021 16:00:00 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fF6Iv7P2QvyGyqWmhXOr5P9v4T+rEvw2UNLG50A9fxEqFrfQS7PN+I+ubMu0ngLs6dnlH+pc74PkEZ1aPOKHxyW0Vp7AFYyZyJlL7uYk3RtevQZSv+M+abBd3V6PU1rMddQXUUW2BOlAb0K1BYi5N51KQKX8DBooEmOs8g6/AD63vPqkWCufSoTD7F6GPd20MLI3UNbABKVbQDl9j0sLJBfehwQ1RsPvRyRP0TEJGOFa/sgKgRtFDNUcMN3I3NMCLM83+mOfxgzuGu8bmmrT4nwZQ90bPvBpUtq4v3vqmDBT2bUydlftgdLsqzPpgyBJcO2VJZt3jtYyzZgL9jYZBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qPb0Krkmp5g+egnTw4zbXxw+YrNaWXAd4naJ69WHSYU=; b=JjSaIkz4EJ04paViG2/fZDMxPPNd+9zWIdHfekcH/yZvkk8BIztej8RFag328gkH3u8Y7e54ejy0IqoNiKlmZhnDGfjojuW5q9beE2FyvtMm431TL/gohM6zF5gFLDkfmpCWT0Rtzqg+dKP9f7Ldgx+t+4vz9BxjbB1sfnQtds4lEji4saKt6mgCdM0qzauaX5nDnTdZUuoPcwLDJlCPHrjDGZq/YaV5vDHVCh6SdDgVnC9ja7sIt/HK6dMAuPV/4htGWX/R4I1ClGNvQ2z4EKBhTaVZ0MZjU8drnzDHy44yWw+MjQzAJ8ecL4zsYHkR8hunu/hfHs2bBk8FeRM5Zw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qPb0Krkmp5g+egnTw4zbXxw+YrNaWXAd4naJ69WHSYU=; b=iO3DBuWpxDra4HGOe7RdQZ1CO+jvc+tx3TqRjrsiIWqjBPFh9f8JULjnSuMMlHf+A0rTbwUiBbCF7/QS9rF9UejdWkG4ITTDi9JprzW+5hNMdEDDkT7nT593IRCmodXdoQKb0t1LxkLQQiKOsSF64i9hcayIL6dnLh6C24B2Fjc= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 15:59:56 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 15:59:56 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 02/45] iommu/amd: Introduce function to check SEV-SNP support Date: Fri, 20 Aug 2021 10:58:35 -0500 Message-Id: <20210820155918.7518-3-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 15:59:55 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 640aa177-0f1d-46be-f1bf-08d963f38de8 X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: EyRCeDlMOPKzGSuUzwJD/ZXT7XDQknk5mfqKak/IK718ErPQraVIKhNtRbVfkbM4xmJ021O9lYI16QnI3rOUqDZuzEfPdoI+bSl2jk5hdC8fVAKyHo0VriLezDNi24CmZaJMcNyDXkIIZVN7c0hW8wJkBIvPLva4QqHpdqCRZL2qtcV1NG3AAAzXmjROdn+rxIdznPvUn5x/FxzEI8go14TAre6fvJhAjYg9r9sX7Kba0XCaqQQ9uhhnyTsR0o5xlSnTDyI6MEbLUSL91/ex9tPLTjjCAAAu1wtYBjG3Ynq1ai399k3cgboT0hBwYNSanL8LxR8wRZHuYtlMZ/IsVa+s+q5ohlgAlFX3u7R5yD7Ckc9L9igZEBip01yTN6YjqZpKpntzpR1URUFd/1dsRxN+pEXcJc+39Mf/K0tfIDLtuijdo0kgvoXLybtUAvEnE7Kyb4DUrk4ngad1XLl5XLgQaQljoPLtkMQRyF4GYKECwu2JP0SFbPBegVT3s4V8O89UitNj6ZjxwjiuM2Q4O2Vtl+jCoN1H3IqlXAJwpNRWZCErKE4y9iOcUIGUEeaSWng9AjZZBPnJ7G+9AeiNvu6T6PUI8k/AxSpG9IhsIJGxx5N5WMbX+kiKPSAaiHp2rttB20biOxBZwWsXUGXKLmJrCIOl4rdZZKjDfPaqif7tT5Cdi5Lj4eXxULIuwp34/mf08d7b1VzihvH/zLl15w== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(39860400002)(396003)(366004)(346002)(136003)(5660300002)(6666004)(52116002)(66946007)(44832011)(36756003)(7416002)(66476007)(7406005)(6486002)(956004)(8936002)(316002)(2906002)(186003)(4326008)(478600001)(86362001)(26005)(54906003)(38100700002)(38350700002)(7696005)(1076003)(8676002)(83380400001)(2616005)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: i6T83T4twIh4+dUtC8zzxOkltYfaaUDxxNFzwtwng/AVa6YThvTwYW+GvvLPj5/Aol0TBhGHxcGB5auyjFAw2q7EH3KbZDPI3f0qIBvzg8bA/VVWEHacb/Z3Uc3RCD51p2XIc896gEf70nRH36PrHj9AxLPX3MBEqzxsw9a4+rGruhsSZydrUoaam4UFnuGdW1ZS0XaAWWayE6c/Ys+71p2KVAZqY88SZAEAAclZBjfv96J2M6vx/ha/V0MMltRrLyH76aywj9z2stXaoSacldFIpt/IOYj0Jn2PRjHisWQBB6tv5qalpyeX6ZqRoox0sJP9n+PgSy7e5SaJoYsnUxhJSB7toihLa/yZrhi35wK43wGOt6W6ffW1AeZFxK5b6BfOJE88Jm31nAzS+nNwtTdCkqEhwPnsM2yOYtyyoTwfUWaIiciH0GnRm6DrEYpkIUjqTYOJnasB6pRTkRp5Uj2tupqWGzHcgS8cS7c149ukziP/PAw+8oUx/nXO6cBPUgocqlD5/xvyY4iZl8Z1U44dvbiaeqkn29NczKMI1j75J/v/m0U7upMzdQ/+105g89o+Uy+UTrPl7emIyi6x6B5+II+/UhG8naa826SgMHuHeQE7UXrArUl1ovLkf2jvwsf01uSHyJLarNzkNYpTkhv1YChEMS8LN6TucMMi0DtOTcCL24Bp8g40WASPiWuP8RRrDJDcYr3sNxQIigS/ujNCqp1aRj5dX8GBNEvVdSkqFkK83IV5Y3aKjTF3DMd429SsuX1zSZcXdQxewpFOwsprLQ1YKOErSSwEvh9rfSvIzV/C3nFzGrNID7kTgDs6cugoTLWHYQV/ZKkiBj77AVOgS5npZT1tBF1xoKORjCZb1ZnfYqc2arsEdpGaUmx7JRAXRd767GYyxCcVS/bVb4dktrXHKW2To6NjN3EWU1AcsP9EjEtTcVWdqUkjUdUIQNpLVvWs3ApGO/tPJc2NPfxD9bdLeH1d1tHAkjGZs8u7XTsHmEvBX1g23pZrG1Od874UoQHjnrCh7eupEb4kxacWFenJxq7jV+nwPl0NOVnKzAPZxOXibAXhoH8GXA76WzkZCy/eUoMCXmM7pXcawF6fptGVMiK9GyCgWFbONMCQc1fMUGZ5MbOCQsMm2Ddz+RZOomM4R5PhWzWykW/Ln1Owrs4gOOaqMwIA8njH5z/seMhMnp+omB6L8Uhi7c5BaoLMuWc61en8XXPPvfWct883tuiaOPcGlPc9OkcPj4c5P7PbMX4xbGQqpaTncC8TEY7yhT6Y1qD3ZvVqqKzgqkWtOGntB8Pca0rbfPfl+Bx7CuWp3mN30hCkKxKpjiAt X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 640aa177-0f1d-46be-f1bf-08d963f38de8 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 15:59:56.0571 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: qBpA0sNwA4uZNg1MdEcSCylMWiE6cgUkRQ7T3uNrH3nqtSnIRglYwdc6XBj3Yi1AfFvDFvhWp5iG3W8fqHWF6A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=iO3DBuWp; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf01.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.100.58 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Stat-Signature: 8h6x49t6i875so4yapgbdmrr3zbkhcoo X-Rspamd-Queue-Id: 5174D505CA52 X-Rspamd-Server: rspam05 X-HE-Tag: 1629475200-566865 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The SEV-SNP support requires that IOMMU must to enabled, see the IOMMU spec section 2.12 for further details. If IOMMU is not enabled or the SNPSup extended feature register is not set then the SNP_INIT command (used for initializing firmware) will fail. The iommu_sev_snp_supported() can be used to check if IOMMU supports the SEV-SNP feature. Signed-off-by: Brijesh Singh --- drivers/iommu/amd/init.c | 30 ++++++++++++++++++++++++++++++ include/linux/iommu.h | 9 +++++++++ 2 files changed, 39 insertions(+) diff --git a/drivers/iommu/amd/init.c b/drivers/iommu/amd/init.c index 46280e6e1535..bd420fb71126 100644 --- a/drivers/iommu/amd/init.c +++ b/drivers/iommu/amd/init.c @@ -3320,3 +3320,33 @@ int amd_iommu_pc_set_reg(struct amd_iommu *iommu, u8 bank, u8 cntr, u8 fxn, u64 return iommu_pc_get_set_reg(iommu, bank, cntr, fxn, value, true); } + +bool iommu_sev_snp_supported(void) +{ + struct amd_iommu *iommu; + + /* + * The SEV-SNP support requires that IOMMU must be enabled, and is + * not configured in the passthrough mode. + */ + if (no_iommu || iommu_default_passthrough()) { + pr_err("SEV-SNP: IOMMU is either disabled or configured in passthrough mode.\n"); + return false; + } + + /* + * Iterate through all the IOMMUs and verify the SNPSup feature is + * enabled. + */ + for_each_iommu(iommu) { + if (!iommu_feature(iommu, FEATURE_SNP)) { + pr_err("SNPSup is disabled (devid: %02x:%02x.%x)\n", + PCI_BUS_NUM(iommu->devid), PCI_SLOT(iommu->devid), + PCI_FUNC(iommu->devid)); + return false; + } + } + + return true; +} +EXPORT_SYMBOL_GPL(iommu_sev_snp_supported); diff --git a/include/linux/iommu.h b/include/linux/iommu.h index 32d448050bf7..269abc17b2c3 100644 --- a/include/linux/iommu.h +++ b/include/linux/iommu.h @@ -604,6 +604,12 @@ struct iommu_sva *iommu_sva_bind_device(struct device *dev, void iommu_sva_unbind_device(struct iommu_sva *handle); u32 iommu_sva_get_pasid(struct iommu_sva *handle); +#ifdef CONFIG_AMD_MEM_ENCRYPT +bool iommu_sev_snp_supported(void); +#else +static inline bool iommu_sev_snp_supported(void) { return false; } +#endif + #else /* CONFIG_IOMMU_API */ struct iommu_ops {}; @@ -999,6 +1005,9 @@ static inline struct iommu_fwspec *dev_iommu_fwspec_get(struct device *dev) { return NULL; } + +static inline bool iommu_sev_snp_supported(void) { return false; } + #endif /* CONFIG_IOMMU_API */ /** From patchwork Fri Aug 20 15:58:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449775 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5C87AC4338F for ; Fri, 20 Aug 2021 16:00:06 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id DC2FB61155 for ; Fri, 20 Aug 2021 16:00:05 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org DC2FB61155 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id DE6648D0006; Fri, 20 Aug 2021 12:00:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D6F778D0001; Fri, 20 Aug 2021 12:00:01 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B9B8A8D0006; Fri, 20 Aug 2021 12:00:01 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0113.hostedemail.com [216.40.44.113]) by kanga.kvack.org (Postfix) with ESMTP id 9C1BD8D0001 for ; Fri, 20 Aug 2021 12:00:01 -0400 (EDT) Received: from smtpin12.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 4553622C08 for ; Fri, 20 Aug 2021 16:00:01 +0000 (UTC) X-FDA: 78495920202.12.5C4E99F Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam08on2058.outbound.protection.outlook.com [40.107.100.58]) by imf01.hostedemail.com (Postfix) with ESMTP id BF59F505A9F2 for ; Fri, 20 Aug 2021 16:00:00 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hDgGUmDryUQCuxiP0M7yfUVZscWT2IMVjA4ay5zN9H+PwvB0bstspA9lIf1dh0p9hyxghv/WooHg0UlgzEblkmdTix5g0UZRS59L4mKHTG0TCQ/JjKXp7HtjmE4Ni3RYUMliR/0wGcfnev9bqo7/gPG1at773sapqyoYhrIt6yCfPSof6uLcP0nrklU4G2OtFvsuU3pvfViRKFLHeWFJc5n0E7wdjrnmIEJyZAZuRx1irxrfnYnl8Z1zRXsenhrNBNZ69TWs9Wsw9DDyY02SJ3DIG6cc0hmTScLgR5u0rk2BXErxc7sSTeHbhv+UjO1EtQGIlrAd/w9S2nuyjx8pwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hcFCHp/eiooGuqjKNQM4tnoilimf6OF8kp60GXnjlQs=; b=BzU4oNfVqPpB094xGI4TMIbukdv1kSQdsiHM1uarxMl/0ZHo29pebwqOBiN9+xNbPZKlzzsDjNHty7U2bbr9PhF7t7Ku08IYJeFtjQkAegIENJnTMU7naqtb83gT54ZRHFO2YIsUDwuMminwRTdx66E1J0s5EoOjisql5XtlhTapOZ4y+4Ah3WUZEeMmdzyO/16uEtJ85m+b2K8N/0dOHqNCRzKhhw9MBUoBob4gpQalKXuLgKdtLpg0s1ImW4I7I7kKgLAvTYeKBtam+UnRrdUG2aHvU3UqOsUUmTgi7LwVOthxoFd0uMUHP5eNLgmGXt1Dd4OyjaMiy7/EiO+6YQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hcFCHp/eiooGuqjKNQM4tnoilimf6OF8kp60GXnjlQs=; b=mG70e11I+9pV1BmOOpdV+LLuEnzIvNm4HrjSDQvRtUK+hRuw2tgJZ1avHuOhPJfK0p4r/IKOEOBtcmDvbE2Tzu+o+gw7/RMHIY/CUIBhBI6gQBQ5HtrzOibbTRFmN9UUoY0iWhKwpI/dqHWilrlO1w6ldketNO4tv5iar+ysiPM= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 15:59:57 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 15:59:57 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 03/45] x86/sev: Add the host SEV-SNP initialization support Date: Fri, 20 Aug 2021 10:58:36 -0500 Message-Id: <20210820155918.7518-4-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 15:59:56 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7cbc6c72-c261-43f5-5a2f-08d963f38e9d X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Z8S7/Bc29zTAYmQWGBXb+cUj/Jea7+pyOxAbwt8NJN8vs73qPn+mIWX38VfMqeJWbSwSgqhr6Pswsma1/NsuDANJ0lXmwaGwaeB9Oi6TOTQtqzLCK4YL/o3mQWfsXkX8QBsguxbEGG+Owv+5WU/2PCr3bbtZ8AYGxhymrXZ8XukGjV5IzyB0nyqGHWSOzelekUYJRcNH3ky4nOeS4VLcU0wkvPIX00XpYabdDzuWeiPdxLL3uL649iSo23Zw5s3Fe2o/AUXIJwD2unH88XTtcc+82Y0+OD32JgNM+DEl7Oqmp3vKZP6n1UnXL0Hofw4TGy71hKdxHyc5CQYK+FbvkEqnVlXcFH+K0umBFahhjcdA/Pu7JtPa1w3EqZHndVqEObzIWJfWmfGe3qSMTZ1MeDZzbVk+ceSzcuev4wii2hiCzBZgdTz3rxc40OxRY9O/iO6yVMlULKUvwGlVfWDcaxThaP4WNcLEcQeSjb6BNPFwu4d/9N8P9DhxSszcAPWEnfrD2ppV4o9Sp+fSiCVL7rP7PYe2CjEwqEguX5zyf4bSXIarG38WyoVGj1+iLZdfVvT/PBoxYSWOPGNb4Wxuw8mHwmd5D5YrxbgDaVnE8QU9+vfSrOQKIADdqZwtbgMFv+SzPdjPL91q04h7c1PG8hZPgtjAXi+QkUuzfp5t45efWHi0uZcW41Zmc7acUYctS4yJdW6oV5hLXw8Ml1mRDg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(39860400002)(396003)(366004)(346002)(136003)(5660300002)(6666004)(52116002)(66946007)(44832011)(36756003)(7416002)(66476007)(7406005)(6486002)(956004)(8936002)(316002)(2906002)(186003)(4326008)(478600001)(86362001)(26005)(54906003)(38100700002)(38350700002)(7696005)(1076003)(8676002)(83380400001)(2616005)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: cP7CTp4ofF6NiPoquGlGZZXk0/BGNhTvjuYEm0Fri+fmgLI22Pq95xkcG/Z3zNE3YobTUAStP35D6zKFCVRj0xmJk4mlnuqIeRdIC1ts2bQxDjbePkfrZKhXrGqQP1aGBVITRf+g/gXHs9CXiGs/+o5bvAo0BNwnZki7BOKsxdTa9B27maYR7DXRfOxLUI7kBQ12PlqWF2Rx7+FAjPvOJfev4snnGXyqG4QcYUohbfxBHCJkMqcBaVojrQUYMCn3h2XUf/QgoPjrdUwMOVEEFBYiozf9HGdiPVuNJV+9DOGOwZMc8qgiS/+GjIki+idcJG1EJTLUw+VBa45gn70lR8pwbC76BJ+pBGZXBhtqDfRxd52qVorBwkAmUktgqM5438+Qog0lKFEncJjbUgHRtSryALYZMWL5uLMGmq9TstO0ZpvBHgjO+1FTbHAJlgzKeu/mRBr0focD5ax8lmZNYiztvfVfrzW1MqJAWmIN5qDAO/4pQeOV/PkahrAw5gl9X4bCEqw+fvAvGPRPsZjJhqadcbonhmHBsreZI4IeKR03yFcMnwBDJH4UHE661oIz2ooznmB7iZde+J2pneAfihsvAr4axEwxhHbS3zpzWBqJiysB8Oass0ki3EBnXXTZ1+S2mwL3meBvi//ukxdn7nXZAfOL2VfXtEEyWDgeKDwQ130pE5j2MEJZZ2Ivw4N+IK8F5LCQzEeC5mAkv0+jbn3vj+QnV1ZlvA96WWqbhoQuzBUs0gSY1CocIsPYNBZieHBVIbItBeJqqXPwe45qtPwZjfOxWuK1BCb5vFohX5f3Dhme6pS+ifmdfZRJTraN2StPmzU6mwhWGKERrw3+Ifazxwio/OPK1sqsPyCw/XVi5/dYhWv1FR7oTqyQ+o0paWo2qrIVYf1AxhM4mATEGpIPTqdf92RKAK4BdFxjORo6gMPQrZd1fBTicZkE+tcwoikU4FASsmJ01OnhsE93Zag8gAVvTyx7nMi5/TAQu+FLIhS39ZavffU33iP4cKEXUgE3cTNQDMKCIrvIvgWgGUiRaOFWsTGvyeEBf9Y1lAar8ebExjJ2j7BEAFtaq0r7zDA+TaFGcXli9hZLf8LKwWGcnR8BYwgCFY1wxVWA5rFSmq3nbi63a02H2daG86LvLVjOUgzacBa3JXhBbJDk5MUf78q8PFsDEY3zMeSOg9D7DQjQe8PJTvVty6j5mj3UgyZuOq1fPr9nPeSO7eEWErJd4mVYpKAcU0I3MOLAnLA33dQZSVUOZ1WM4adfypnt5xprZae68Qc+qQzv7yvfAFfDU4n+wtK5hJdMEolgNyypF2hDnmZLRjZbuSoaRa4j X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7cbc6c72-c261-43f5-5a2f-08d963f38e9d X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 15:59:57.2554 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wBWKzx6AdGnewRPjMsABhjRXeSYKGVT9yM4gQMd/i1A4SbGDzuTb9WHZxeAxHtqNYx9U4PGSppDKv1xM7t1U1Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=mG70e11I; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf01.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.100.58 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Stat-Signature: i9mpxcxk7ou9xa7rrr1m514oic5ok4qr X-Rspamd-Queue-Id: BF59F505A9F2 X-Rspamd-Server: rspam05 X-HE-Tag: 1629475200-661300 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The memory integrity guarantees of SEV-SNP are enforced through a new structure called the Reverse Map Table (RMP). The RMP is a single data structure shared across the system that contains one entry for every 4K page of DRAM that may be used by SEV-SNP VMs. The goal of RMP is to track the owner of each page of memory. Pages of memory can be owned by the hypervisor, owned by a specific VM or owned by the AMD-SP. See APM2 section 15.36.3 for more detail on RMP. The RMP table is used to enforce access control to memory. The table itself is not directly writable by the software. New CPU instructions (RMPUPDATE, PVALIDATE, RMPADJUST) are used to manipulate the RMP entries. Based on the platform configuration, the BIOS reserves the memory used for the RMP table. The start and end address of the RMP table must be queried by reading the RMP_BASE and RMP_END MSRs. If the RMP_BASE and RMP_END are not set then disable the SEV-SNP feature. The SEV-SNP feature is enabled only after the RMP table is successfully initialized. Signed-off-by: Brijesh Singh --- arch/x86/include/asm/disabled-features.h | 8 +- arch/x86/include/asm/msr-index.h | 6 + arch/x86/kernel/sev.c | 144 +++++++++++++++++++++++ 3 files changed, 157 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h index 8f28fafa98b3..30a760e19c35 100644 --- a/arch/x86/include/asm/disabled-features.h +++ b/arch/x86/include/asm/disabled-features.h @@ -65,6 +65,12 @@ # define DISABLE_SGX (1 << (X86_FEATURE_SGX & 31)) #endif +#ifdef CONFIG_AMD_MEM_ENCRYPT +# define DISABLE_SEV_SNP 0 +#else +# define DISABLE_SEV_SNP (1 << (X86_FEATURE_SEV_SNP & 31)) +#endif + /* * Make sure to add features to the correct mask */ @@ -88,7 +94,7 @@ DISABLE_ENQCMD) #define DISABLED_MASK17 0 #define DISABLED_MASK18 0 -#define DISABLED_MASK19 0 +#define DISABLED_MASK19 (DISABLE_SEV_SNP) #define DISABLED_MASK_CHECK BUILD_BUG_ON_ZERO(NCAPINTS != 20) #endif /* _ASM_X86_DISABLED_FEATURES_H */ diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index 37589da0282e..410359a9512c 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -485,6 +485,8 @@ #define MSR_AMD64_SEV_ENABLED BIT_ULL(MSR_AMD64_SEV_ENABLED_BIT) #define MSR_AMD64_SEV_ES_ENABLED BIT_ULL(MSR_AMD64_SEV_ES_ENABLED_BIT) #define MSR_AMD64_SEV_SNP_ENABLED BIT_ULL(MSR_AMD64_SEV_SNP_ENABLED_BIT) +#define MSR_AMD64_RMP_BASE 0xc0010132 +#define MSR_AMD64_RMP_END 0xc0010133 #define MSR_AMD64_VIRT_SPEC_CTRL 0xc001011f @@ -542,6 +544,10 @@ #define MSR_AMD64_SYSCFG 0xc0010010 #define MSR_AMD64_SYSCFG_MEM_ENCRYPT_BIT 23 #define MSR_AMD64_SYSCFG_MEM_ENCRYPT BIT_ULL(MSR_AMD64_SYSCFG_MEM_ENCRYPT_BIT) +#define MSR_AMD64_SYSCFG_SNP_EN_BIT 24 +#define MSR_AMD64_SYSCFG_SNP_EN BIT_ULL(MSR_AMD64_SYSCFG_SNP_EN_BIT) +#define MSR_AMD64_SYSCFG_SNP_VMPL_EN_BIT 25 +#define MSR_AMD64_SYSCFG_SNP_VMPL_EN BIT_ULL(MSR_AMD64_SYSCFG_SNP_VMPL_EN_BIT) #define MSR_K8_INT_PENDING_MSG 0xc0010055 /* C1E active bits in int pending message */ #define K8_INTP_C1E_ACTIVE_MASK 0x18000000 diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index ab17c93634e9..7936c8139c74 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -24,6 +24,8 @@ #include #include #include +#include +#include #include #include @@ -40,11 +42,19 @@ #include #include #include +#include +#include #include "sev-internal.h" #define DR7_RESET_VALUE 0x400 +/* + * The first 16KB from the RMP_BASE is used by the processor for the + * bookkeeping, the range need to be added during the RMP entry lookup. + */ +#define RMPTABLE_CPU_BOOKKEEPING_SZ 0x4000 + /* For early boot hypervisor communication in SEV-ES enabled guests */ static struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE); @@ -56,6 +66,9 @@ static struct ghcb __initdata *boot_ghcb; static u64 snp_secrets_phys; +static unsigned long rmptable_start __ro_after_init; +static unsigned long rmptable_end __ro_after_init; + /* #VC handler runtime per-CPU data */ struct sev_es_runtime_data { struct ghcb ghcb_page; @@ -2232,3 +2245,134 @@ static int __init add_snp_guest_request(void) return 0; } device_initcall(add_snp_guest_request); + +#undef pr_fmt +#define pr_fmt(fmt) "SEV-SNP: " fmt + +static int __snp_enable(unsigned int cpu) +{ + u64 val; + + if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + return 0; + + rdmsrl(MSR_AMD64_SYSCFG, val); + + val |= MSR_AMD64_SYSCFG_SNP_EN; + val |= MSR_AMD64_SYSCFG_SNP_VMPL_EN; + + wrmsrl(MSR_AMD64_SYSCFG, val); + + return 0; +} + +static __init void snp_enable(void *arg) +{ + __snp_enable(smp_processor_id()); +} + +static bool get_rmptable_info(u64 *start, u64 *len) +{ + u64 calc_rmp_sz, rmp_sz, rmp_base, rmp_end, nr_pages; + + rdmsrl(MSR_AMD64_RMP_BASE, rmp_base); + rdmsrl(MSR_AMD64_RMP_END, rmp_end); + + if (!rmp_base || !rmp_end) { + pr_info("Memory for the RMP table has not been reserved by BIOS\n"); + return false; + } + + rmp_sz = rmp_end - rmp_base + 1; + + /* + * Calculate the amount the memory that must be reserved by the BIOS to + * address the full system RAM. The reserved memory should also cover the + * RMP table itself. + * + * See PPR Family 19h Model 01h, Revision B1 section 2.1.5.2 for more + * information on memory requirement. + */ + nr_pages = totalram_pages(); + calc_rmp_sz = (((rmp_sz >> PAGE_SHIFT) + nr_pages) << 4) + RMPTABLE_CPU_BOOKKEEPING_SZ; + + if (calc_rmp_sz > rmp_sz) { + pr_info("Memory reserved for the RMP table does not cover full system RAM (expected 0x%llx got 0x%llx)\n", + calc_rmp_sz, rmp_sz); + return false; + } + + *start = rmp_base; + *len = rmp_sz; + + pr_info("RMP table physical address 0x%016llx - 0x%016llx\n", rmp_base, rmp_end); + + return true; +} + +static __init int __snp_rmptable_init(void) +{ + u64 rmp_base, sz; + void *start; + u64 val; + + if (!get_rmptable_info(&rmp_base, &sz)) + return 1; + + start = memremap(rmp_base, sz, MEMREMAP_WB); + if (!start) { + pr_err("Failed to map RMP table 0x%llx+0x%llx\n", rmp_base, sz); + return 1; + } + + /* + * Check if SEV-SNP is already enabled, this can happen if we are coming from + * kexec boot. + */ + rdmsrl(MSR_AMD64_SYSCFG, val); + if (val & MSR_AMD64_SYSCFG_SNP_EN) + goto skip_enable; + + /* Initialize the RMP table to zero */ + memset(start, 0, sz); + + /* Flush the caches to ensure that data is written before SNP is enabled. */ + wbinvd_on_all_cpus(); + + /* Enable SNP on all CPUs. */ + on_each_cpu(snp_enable, NULL, 1); + +skip_enable: + rmptable_start = (unsigned long)start; + rmptable_end = rmptable_start + sz; + + return 0; +} + +static int __init snp_rmptable_init(void) +{ + if (!boot_cpu_has(X86_FEATURE_SEV_SNP)) + return 0; + + if (!iommu_sev_snp_supported()) + goto nosnp; + + if (__snp_rmptable_init()) + goto nosnp; + + cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "x86/rmptable_init:online", __snp_enable, NULL); + + return 0; + +nosnp: + setup_clear_cpu_cap(X86_FEATURE_SEV_SNP); + return 1; +} + +/* + * This must be called after the PCI subsystem. This is because before enabling + * the SNP feature we need to ensure that IOMMU supports the SEV-SNP feature. + * The iommu_sev_snp_support() is used for checking the feature, and it is + * available after subsys_initcall(). + */ +fs_initcall(snp_rmptable_init); From patchwork Fri Aug 20 15:58:37 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449777 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD975C4338F for ; Fri, 20 Aug 2021 16:00:09 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 4D4536113D for ; Fri, 20 Aug 2021 16:00:09 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 4D4536113D Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 843D68D0007; Fri, 20 Aug 2021 12:00:02 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7CCB38D0001; Fri, 20 Aug 2021 12:00:02 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 57FA58D0007; Fri, 20 Aug 2021 12:00:02 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0152.hostedemail.com [216.40.44.152]) by kanga.kvack.org (Postfix) with ESMTP id 3EFE58D0001 for ; Fri, 20 Aug 2021 12:00:02 -0400 (EDT) Received: from smtpin35.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id C851522C08 for ; Fri, 20 Aug 2021 16:00:01 +0000 (UTC) X-FDA: 78495920202.35.D818084 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam08on2058.outbound.protection.outlook.com [40.107.100.58]) by imf01.hostedemail.com (Postfix) with ESMTP id 4F947505CA52 for ; Fri, 20 Aug 2021 16:00:01 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M44ckCnfqqwmeXcBMZ5joEPo1iouJAoPQusMj3G5UbsT0PaRKg0TxMMPAfxOsgp3nkj2pink1uSA93s5aEVc6NdxoY7ZcOtje9+XD97hunQjCuQ2VaEQPlJcIGF/gNR63ACz4kOhfcNs2uwRGzW4h7yA4kbtgqCitXlcq+ZS8GmTkpRvwMpE3bOWkh/yh1f0049ZF73qUjH4w21N9ufj/cBa8Ku31FdE7cyGfIUazWke2/IMFH3/QtHXjwRLJ+HQJ4OYZ+RdkgluTzHlqecbpoKKbRGrUSEDfjdKSyf5C+kB3/GNcCsXA4EQKfQ3EbGzSwMb9w7n7VXYHDZNrTYGxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eDuty8fciVTbuT4DbrWGCzSi8qFkUopmznZZW0S9Zgs=; b=Bo/AScl1Uu8Zvoa3Ere4e98o0H9VD1RY9J19QOPHNs2LONEKSopS88dGwWL/BVtDdUSmn1k+gDjb7ydnkkJhrzSC4OhmeOUIuWyxQEwqVl5quYNtQAxxK1vlAnO8RTMJogENyVOU9dsh31h+9hwGkTiYLoxTbZd9+UU3gpa4YTLbiifZFXlFeXmzG7RENBiauOE8sdt5tlgWg8EmmAA4FxiP+LwqQ7+LFj2t3IL5lpUImahSyP400hh1W/niEP0BnwzTyP+pMlTeEcOY+SycWcjcn/JxTVS9kagrUd+1c4s5fpydZcpjI3A9rWMRcj3/KvW7O2s77cQ25/wYQLH0xg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eDuty8fciVTbuT4DbrWGCzSi8qFkUopmznZZW0S9Zgs=; b=iz7B3sVeloUlN4iDS56YSsLCL2ZXLmsDDSiB6vVLDBFWLFXNdy48qdd2Vz+ntwXXj48breu6MZwYRBNYmld9wTWXnE7aAXGsgxQ73wEsEsFce2IIGlo7CWGbP0k8sLn2q+8NZ9iIRTeBWWfV5rKyFCYdoeQmGibCKrvIAzOduSY= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 15:59:58 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 15:59:58 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 04/45] x86/sev: Add RMP entry lookup helpers Date: Fri, 20 Aug 2021 10:58:37 -0500 Message-Id: <20210820155918.7518-5-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 15:59:57 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a97f0a64-29df-4304-1e25-08d963f38f4c X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: JtFV/Fw6dGyH/GUi5p3J1DTFJ/+PKLi/fOE6jiXLvrTyW1qEzW66YIZuxyEzlCj0udto7zBGQdk3W/XwWUTip3PyGdRSsUqMhIWpgso5PzACZ/V5ABJzySGdBA5Z4rZfYmQHSuqQisLS9gQamzZ3f2RTpgK6S4MbcKzJvhfT0G829LrDy1y/KtaAALlD9qZTtmlrJyiCYmgqSlobn7ZU/XkGXy+E01ohyqfwbCPkuz/ye36UdomEBdWQ2I7uOIHnDibUoXnESKztktT7mE2Kw9+oYjF3/LdRHjcKajoUALseuYihVhPYdigqOMFDTW20ZBVybmgl+Kz8otuQXR7hQ9e313Rs2+HK7G+Maung4QgJvG5UbRH27I/uYHTG4KxYlE4gZNR+13Yk3mxR/kvgEXbtUzKx57sbWkBL5spSwP0lZp+copk8dwKgdeq5xD4Ee8ByR/mPCLMQR4+D/XBDMc3epafsNDVTvuabqg0et7M7ClyhZQna+o4hi0ULWqmjxFZvBFYuVww2uY8uQEbAgZDijWDoHJGcuWI5Am8MAhsz8xYbRE4cRGrPNpgzhdSbEemDY+eMOkczZRsVOe6JZnVwzhUMGE1OKhALDXE0zZrtPxloBxQwaQIjC6D8p4KvgnJ/Pj1B4U0ky42co5up7U3y9iZPpWtyUAw4TriYweHOC6P6P2lWhYPO3tmuQUNKmlI1WFHOQ0ZNaSngzzPyiHVP528AktqmthXG4SifwW7TpBY+WFJck4LL4Ip6kVX3HlUJBu8PrQWBWTSFK8J9V5avX3BPmr2s9p7/Avv5U4RrfZd2lxWfJA9hiFtc5ZHm X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(39860400002)(396003)(366004)(346002)(136003)(5660300002)(6666004)(52116002)(66946007)(44832011)(36756003)(7416002)(66476007)(966005)(7406005)(6486002)(956004)(8936002)(316002)(2906002)(186003)(4326008)(478600001)(86362001)(26005)(54906003)(38100700002)(38350700002)(7696005)(1076003)(8676002)(83380400001)(2616005)(66556008)(309714004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: R2XygyW1OzSyFvSYUmCoxRhtuo4YxgFXa9+1r8x+nJzdYPSVjKMDJbPzmbG5/LJoCq1TGk53iRmq/4onT1Hm7VDPONkbZPiJh57abYD7dANLdnsEZJSVXJEzox5KK5pyeXMq1lD+CmH+kDVteW9+jMAj8chWY3dBL86hlfllrFnhXc8vmzF0DJJP8fe3qBnEBtXxYKd5zVE1GMIz2Y1yg005bOezyN65qNI31z2B42pOju8db2cMYqqGpmQ4vq9CMAKiziHsibYinEiPK4okt7R4UazChuklu/+xDBTjA66gZ06FByY4Apeb5Coqex6ms90hD6c3h3RPIcpU8pj6oQB+3ptL+LDhXVKEdQa89NI0Uo1QyUNYE0bHnZdQJzH+NlX4j+MU9iHuj+cRmlr8SDBtfXMkjg5BsSA2AJ4nQ3+wSpYyWvh21M9bjbldx6jks5rNwIrBRYFKC3+yQO2lQ1mTGrJNHDJ+rDwtnEZHlDV5IIfldAwUBf5rgxwJtlIdyNYDfVwmItv/QQbzbUnsn+TPc2y8VpIQxs/qrdVia0RV6AHVnZdgeFy3ANpRW+YtpM2CR7tQfxDj8wiCV7bfuIzTcBCPvA95aL7fGj+vu+lVN2fKToNTCBXWhsdERDwQDzOGs38H2bXih8Qs/V+LaIMZzeXAa8DE6CMFPIjzhHYDd6seZE1cWCpowAi4beZRJQ+ckvmBARTzA8J6kiEOlmvdWAdoZQm8B1qkLvLHMs5T9Zr+Jj0ZcZgLw4A9zWTAOckOEoNTCOpt7ZxNE7wc6Wq7YVkTGul1Ujz8EW7mkCVSRg8sgdoqRoqPdnHq4AB0SYEUxzD9Zv9UiGjK5ML8RRBDwqES5X8Bw9MQ97e/LW53rVs2zeUn45fcW8/u6RCv9GGDibYhOy/Cm/v6JUDMfadXBnPJXoxBF1WUx800+wDN394XIRfYoSBTE1Uu7P1Gv0lEUnAppRfLli3/1gD3oKrZCLXsLzRP+t8BOArvX52VIfD6qBACDgoQiWk08guJTl2BL6BOHLD09vNtPhGYLzg/NxK2Ka3wbdgjbgTBBcu6Lw5GYwVYnS5fLnlKW2v5jrqukV0d4jXuw/cXFRbBHg2B3rncpNZbukzgoACHird/7Z6raIfgUh55YDVeHw/P2Zignbf9Mh3x49a4mpVKUqygmB8gvFhXaFJwhmmL7oRUEBKpP3rqLyyyQcUVGO5+FN7JLtRzCno4XQIc7Xo/Yk29pIlf0X7ClDzGikFw+SrvB27MJg53FJpIQD/7G0sfATTlvvZzWaFYEPRgxIW7Mhe3gKzWeTfHSlDfAYB5L/wswy1Fv1LnCb3WaAGrkRew X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: a97f0a64-29df-4304-1e25-08d963f38f4c X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 15:59:58.4027 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: XRjpqYnwyQ11HUPAv9jzc2vFGzn+ZKF4/KJm6Wzbpx1ReLPorgH2Yxs7NyMq8yG6a8YNJ3yRHl+W7DsjnUKrWQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=iz7B3sVe; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf01.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.100.58 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Stat-Signature: 1gcbyxouu6nm5am4e371pbcimqsafxxa X-Rspamd-Queue-Id: 4F947505CA52 X-Rspamd-Server: rspam05 X-HE-Tag: 1629475201-438002 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The snp_lookup_page_in_rmptable() can be used by the host to read the RMP entry for a given page. The RMP entry format is documented in AMD PPR, see https://bugzilla.kernel.org/attachment.cgi?id=296015. Signed-off-by: Brijesh Singh --- arch/x86/include/asm/sev.h | 27 ++++++++++++++++++++++++ arch/x86/kernel/sev.c | 43 ++++++++++++++++++++++++++++++++++++++ include/linux/sev.h | 30 ++++++++++++++++++++++++++ 3 files changed, 100 insertions(+) create mode 100644 include/linux/sev.h diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index a5f0a1c3ccbe..5b1a6a075c47 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -9,6 +9,7 @@ #define __ASM_ENCRYPTED_STATE_H #include +#include #include #include #include @@ -77,6 +78,32 @@ extern bool handle_vc_boot_ghcb(struct pt_regs *regs); /* RMP page size */ #define RMP_PG_SIZE_4K 0 +#define RMP_TO_X86_PG_LEVEL(level) (((level) == RMP_PG_SIZE_4K) ? PG_LEVEL_4K : PG_LEVEL_2M) + +/* + * The RMP entry format is not architectural. The format is defined in PPR + * Family 19h Model 01h, Rev B1 processor. + */ +struct __packed rmpentry { + union { + struct { + u64 assigned : 1, + pagesize : 1, + immutable : 1, + rsvd1 : 9, + gpa : 39, + asid : 10, + vmsa : 1, + validated : 1, + rsvd2 : 1; + } info; + u64 low; + }; + u64 high; +}; + +#define rmpentry_assigned(x) ((x)->info.assigned) +#define rmpentry_pagesize(x) ((x)->info.pagesize) #define RMPADJUST_VMSA_PAGE_BIT BIT(16) diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index 7936c8139c74..f383d2a89263 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -54,6 +54,8 @@ * bookkeeping, the range need to be added during the RMP entry lookup. */ #define RMPTABLE_CPU_BOOKKEEPING_SZ 0x4000 +#define RMPENTRY_SHIFT 8 +#define rmptable_page_offset(x) (RMPTABLE_CPU_BOOKKEEPING_SZ + (((unsigned long)x) >> RMPENTRY_SHIFT)) /* For early boot hypervisor communication in SEV-ES enabled guests */ static struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE); @@ -2376,3 +2378,44 @@ static int __init snp_rmptable_init(void) * available after subsys_initcall(). */ fs_initcall(snp_rmptable_init); + +static struct rmpentry *__snp_lookup_rmpentry(u64 pfn, int *level) +{ + unsigned long vaddr, paddr = pfn << PAGE_SHIFT; + struct rmpentry *entry, *large_entry; + + if (!pfn_valid(pfn)) + return ERR_PTR(-EINVAL); + + if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + return ERR_PTR(-ENXIO); + + vaddr = rmptable_start + rmptable_page_offset(paddr); + if (unlikely(vaddr > rmptable_end)) + return ERR_PTR(-ENXIO); + + entry = (struct rmpentry *)vaddr; + + /* Read a large RMP entry to get the correct page level used in RMP entry. */ + vaddr = rmptable_start + rmptable_page_offset(paddr & PMD_MASK); + large_entry = (struct rmpentry *)vaddr; + *level = RMP_TO_X86_PG_LEVEL(rmpentry_pagesize(large_entry)); + + return entry; +} + +/* + * Return 1 if the RMP entry is assigned, 0 if it exists but is not assigned, + * and -errno if there is no corresponding RMP entry. + */ +int snp_lookup_rmpentry(u64 pfn, int *level) +{ + struct rmpentry *e; + + e = __snp_lookup_rmpentry(pfn, level); + if (IS_ERR(e)) + return PTR_ERR(e); + + return !!rmpentry_assigned(e); +} +EXPORT_SYMBOL_GPL(snp_lookup_rmpentry); diff --git a/include/linux/sev.h b/include/linux/sev.h new file mode 100644 index 000000000000..1a68842789e1 --- /dev/null +++ b/include/linux/sev.h @@ -0,0 +1,30 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * AMD Secure Encrypted Virtualization + * + * Author: Brijesh Singh + */ + +#ifndef __LINUX_SEV_H +#define __LINUX_SEV_H + +/* RMUPDATE detected 4K page and 2MB page overlap. */ +#define RMPUPDATE_FAIL_OVERLAP 7 + +#ifdef CONFIG_AMD_MEM_ENCRYPT +int snp_lookup_rmpentry(u64 pfn, int *level); +int psmash(u64 pfn); +int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, int asid, bool immutable); +int rmp_make_shared(u64 pfn, enum pg_level level); +#else +static inline int snp_lookup_rmpentry(u64 pfn, int *level) { return 0; } +static inline int psmash(u64 pfn) { return -ENXIO; } +static inline int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, int asid, + bool immutable) +{ + return -ENODEV; +} +static inline int rmp_make_shared(u64 pfn, enum pg_level level) { return -ENODEV; } + +#endif /* CONFIG_AMD_MEM_ENCRYPT */ +#endif /* __LINUX_SEV_H */ From patchwork Fri Aug 20 15:58:38 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449779 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 104A5C4320A for ; Fri, 20 Aug 2021 16:00:13 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id AFA7A61184 for ; Fri, 20 Aug 2021 16:00:12 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org AFA7A61184 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id D99728D0008; Fri, 20 Aug 2021 12:00:02 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D48518D0001; Fri, 20 Aug 2021 12:00:02 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BC2C48D0008; Fri, 20 Aug 2021 12:00:02 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0172.hostedemail.com [216.40.44.172]) by kanga.kvack.org (Postfix) with ESMTP id 9FBDC8D0001 for ; Fri, 20 Aug 2021 12:00:02 -0400 (EDT) Received: from smtpin08.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 4087F80AE201 for ; Fri, 20 Aug 2021 16:00:02 +0000 (UTC) X-FDA: 78495920244.08.F0E2E2F Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam08on2058.outbound.protection.outlook.com [40.107.100.58]) by imf01.hostedemail.com (Postfix) with ESMTP id D262E505CA52 for ; Fri, 20 Aug 2021 16:00:01 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Djd1ffdiRXr7bcIQezuqe641Er/tTol8jeDLRV9CHJah5DGGbtXdBh1UpF2mhohkeBlutIFdNqj6P0RrdWWkWn3aSbTU6KtO5M2rXyeogFKHD9HeLdvXv7hgmseMwYMGLSdFe3MfQtjc7qDE5Pya3WDY9/emX7Ch0IxURrQaLpYe79f8roFmpEKL2lCVVRioRUHfhs+zcb5pFvbfLmFDRcSq4zbdIeoZL+8au+7usFZnHfzHCG7ApDOBLS2EfERtRh5/eDfXs4eQLDTEIGploZD0IBSzfQnfA9o1k3uiyLeialvwsdG6i3qHHdsQ0i5BSVlD1TGDJEps2xEyDsKkpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VIfZlMpWwv9SLwtCUiTd7tb4jwVzws6SFSRmlPVJSwY=; b=L98BVKNmTcf5ghpDbu2gJPaWOOZyDCR/WbcE38G6egAaGmbAaJEjwkLaG50VFFM8/GKXKtQsi9vKMViA3+feGDvPWog8PQ7I6zpEIW4Af8tJr+3MICTLPrFTssQU+Q+wCJXt9rMe5sT15DZL4KOVW0qAMzU1Lg0fC2epnP6M6jvb/9Nkkl0l9O/9dzAN2IGZPfWM5acKj34Sqaedx/cGPKQakdOFiMywTP/XydGktlBVKnCLaAphB3G3JiO9TlAULXaCBRHepo/pL0zvd3KU/m0vfjEI7QPHU6SdL5WDiJY21KqeeswW3VdnBJVpGr6I7r09mlloPlgyuzEBoq/ITg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VIfZlMpWwv9SLwtCUiTd7tb4jwVzws6SFSRmlPVJSwY=; b=LUk6tzK6q50Mjcz0hy99r97KfQxpb/di5pEmKfSbUSxhCN+p1bhQb7pCXAXsqUE7p7Qi/mT1TRozpUpgch5oAFV2yRIQ1TKi+bHCEUmkUIdlwbGl2HtJbeGvstcoOuB5Pz19tRUy1O7pSvtVBBKiLTsmER5QnPRqXjVjy9tSTfQ= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 15:59:59 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 15:59:59 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 05/45] x86/sev: Add helper functions for RMPUPDATE and PSMASH instruction Date: Fri, 20 Aug 2021 10:58:38 -0500 Message-Id: <20210820155918.7518-6-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 15:59:58 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 83e37bef-251a-4609-0402-08d963f39006 X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: z83hTp1WRXnNnveHEjRvnCeW3VQ1mKt6FMg4KtbCAgUkcHZxiaEwiQA2+f3+OARMycVMrRjTRpescYjhS1vpJHhYq6JtGS0hMvo/E2pQ7OW2ZDeBJbQeWxJghuFWJkRDx1VdMMul4kW67ZLx3vE3EqeYgee3HmjDWequOKPKLqcO6IE2cTh7gojYD5ZBI28d+xodZLwDzeLdCBHbU/M4msqa7LbvO2c0YokHl99gRjiYAL4lhu+8rvCvte8f2EKHj4rTXairj5TweEys9pzrjQWKvqCRXxPOruuKsK5dlN2fqYicJsSoSMMp5MfLf0HM3wIQUR+wQNwzjg/KPfihgF43idNQDAihr0VsUPcRiU0Br/7XqIlVmi9uXhds2OcuX75TiEge+GVVeWploQGis3Q3wFMboLMeYLrYM1pxprQCtoW4ZzgSYLmVyvmoaOA0EDxYADD9zu3MSOHy7RLoDu1fEhRw3vjB77LLEogcxirG7nuxqAV3ijDpyWzl7TRS/M8xSoipnRGiQt1nyq7ju9T54pCzghXfeX6mqGdnR8Ya4fi1Y+f9UjWHi5gDORfYnY+vmXaT1+3fw8qhxdTxVvs/pTHIAey05ag4j83PC6JfGGO4v7yMchXZa05Gs5wZUvG1viQQHeLv8ctUgWPH/UiR87nlD9Pir7uGblcABYb12c4oVG9G9HDv8WZVuEwp7iSWtg+cpwd+1wxHDwvBRjN48u4EOylXBXs1m8m70Ps= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(39860400002)(396003)(366004)(346002)(136003)(5660300002)(6666004)(52116002)(66946007)(44832011)(36756003)(7416002)(66476007)(7406005)(6486002)(956004)(8936002)(316002)(2906002)(186003)(4326008)(478600001)(86362001)(26005)(54906003)(38100700002)(38350700002)(7696005)(1076003)(8676002)(83380400001)(2616005)(66556008)(309714004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 4T2SB+cG4C9xQ0qS/BmH2BJebtWNAoCeDjj7GK2knHKFjJkUVjeHo6tjgUROtNwws/a1mMUiX70sldgld2LtyzNlpjm68IN4IGSF2MNlNxG+8fuGvXiJkqpCjPDfYuhtENtJr/dM/sr9y6a6PjZzyzvbxIYcYFrhWdIfDFdJJQoMERNLy861+Js1EJN8MmgbXoexV1DYlPag/5SWCf0ANbatvsu8WVDkmFZ6Y8xIJ8sHcPLYQiOtVPv8Q7jfgB5eXe/sXzfHkTJwzgtlDBTpkZ0+y81xR1qfPsRBOKnWGZL0tk2T95T89L4/zBrYVqO344RuVc8yvxiOsH8YDfu01BKKMQ0A0kCZ+bkL9wdfSiZIYA4GKXX7ysLkVgXM/aiKQh7ixFw3emBdCMc/gVSUrDYcQ/DPML/Sbr3IpZam/5QIxzibiBlVeS/O4lqoIL94VWu2l02a/k4xC4U94zsTEvo+eDRADmVb4xyJtvpnAVQd0TP26e5ElxwxC37u9ghPg+yZ+8CRrUgwYbYRVeggIpP48+/hF5wPbBDVEPaZQ1Cy/qP7Ou7aduSYVkr0mQucbjs7UKmK6WHOIxU9sK8Xun6Sqt9B/TfxCEQZ+ZpW05xSExBz3Icqug7zuRmEgiAfMY1sCiksMusZhG9cP73MGiUSfnCYDUN/H88KtGvHIM67ltBrZ/JrkD/OvTy2JjGUuM4mwUvClnBQZ6OysCwdA3OTN4UD/WbRlYoOSF7g66xjyWSnhHNPf/ig89CpyZxs0Co8nuiOV/21o7k3nBtr7ggIkF9Ck0MVHbNQhoSLUA0bNnJMgkxIMbRAz39o6g4v4X2PBHEbDBRIHtOzIOKzYSRkX6gG1UYiDDcW94B1NL/4Jeqq3lPZUNILKiwt36MLMbdKUwR+JZ4XuMj3Oq798yiq80lRnl5TKk+3yj513KbpDhcKuOr4J4aEd1wy0VJMJC0h3Y/PJhl66aT1d087WGnYummPG77G1TcHh57BEKHb4DFoel72+uZqxsCfJNKfDX+p5Hkft+U35PXFX84qKyuV6RBxAvZoqhIfO/amu/G+UOXZnW44jvd4oJpYm+onOxzZetOW4KdeLHqk8TOxAfYVUkpiMr0SfwTiSw7qcLhVY8qG3uz8zbZGzNy/TPdoaeSuirIRp84pIGjEZh9vek/ELr2GrEqx0BG7m9Y8NkRVUnxU8MvVSrqMqtLDgKqUK0Im9l/iPJ0TF0JKK6buI3pkSWY9xd99Arp6ZxPx6C+wn3wx1jwbHHFC2JuXYjNzMGUcz2KpskftZA+WWpAoEGbgp9sG0akRsN9VSqlKPBH67CKQN+0zQV2HU9pGZ1IN X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 83e37bef-251a-4609-0402-08d963f39006 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 15:59:59.6150 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: CoqLtGWVE0Ox52UFir9Z2au8qsGAcnEtcrzkgvYaDdZtjUlF3ORzV8oQMSUXEHENCY4TWJ/dOxeB980RLJfUxQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=LUk6tzK6; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf01.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.100.58 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Stat-Signature: ctffcjt1g1th4x6rjos3b8kgdd3kkwau X-Rspamd-Queue-Id: D262E505CA52 X-Rspamd-Server: rspam05 X-HE-Tag: 1629475201-347453 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The RMPUPDATE instruction writes a new RMP entry in the RMP Table. The hypervisor will use the instruction to add pages to the RMP table. See APM3 for details on the instruction operations. The PSMASH instruction expands a 2MB RMP entry into a corresponding set of contiguous 4KB-Page RMP entries. The hypervisor will use this instruction to adjust the RMP entry without invalidating the previous RMP entry. Signed-off-by: Brijesh Singh --- arch/x86/include/asm/sev.h | 11 ++++++ arch/x86/kernel/sev.c | 72 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 83 insertions(+) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 5b1a6a075c47..92ced9626e95 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -78,7 +78,9 @@ extern bool handle_vc_boot_ghcb(struct pt_regs *regs); /* RMP page size */ #define RMP_PG_SIZE_4K 0 +#define RMP_PG_SIZE_2M 1 #define RMP_TO_X86_PG_LEVEL(level) (((level) == RMP_PG_SIZE_4K) ? PG_LEVEL_4K : PG_LEVEL_2M) +#define X86_TO_RMP_PG_LEVEL(level) (((level) == PG_LEVEL_4K) ? RMP_PG_SIZE_4K : RMP_PG_SIZE_2M) /* * The RMP entry format is not architectural. The format is defined in PPR @@ -107,6 +109,15 @@ struct __packed rmpentry { #define RMPADJUST_VMSA_PAGE_BIT BIT(16) +struct rmpupdate { + u64 gpa; + u8 assigned; + u8 pagesize; + u8 immutable; + u8 rsvd; + u32 asid; +} __packed; + #ifdef CONFIG_AMD_MEM_ENCRYPT extern struct static_key_false sev_es_enable_key; extern void __sev_es_ist_enter(struct pt_regs *regs); diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index f383d2a89263..8627c49666c9 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -2419,3 +2419,75 @@ int snp_lookup_rmpentry(u64 pfn, int *level) return !!rmpentry_assigned(e); } EXPORT_SYMBOL_GPL(snp_lookup_rmpentry); + +int psmash(u64 pfn) +{ + unsigned long paddr = pfn << PAGE_SHIFT; + int ret; + + if (!pfn_valid(pfn)) + return -EINVAL; + + if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + return -ENXIO; + + /* Binutils version 2.36 supports the PSMASH mnemonic. */ + asm volatile(".byte 0xF3, 0x0F, 0x01, 0xFF" + : "=a"(ret) + : "a"(paddr) + : "memory", "cc"); + + return ret; +} +EXPORT_SYMBOL_GPL(psmash); + +static int rmpupdate(u64 pfn, struct rmpupdate *val) +{ + unsigned long paddr = pfn << PAGE_SHIFT; + int ret; + + if (!pfn_valid(pfn)) + return -EINVAL; + + if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + return -ENXIO; + + /* Binutils version 2.36 supports the RMPUPDATE mnemonic. */ + asm volatile(".byte 0xF2, 0x0F, 0x01, 0xFE" + : "=a"(ret) + : "a"(paddr), "c"((unsigned long)val) + : "memory", "cc"); + return ret; +} + +int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, int asid, bool immutable) +{ + struct rmpupdate val; + + if (!pfn_valid(pfn)) + return -EINVAL; + + memset(&val, 0, sizeof(val)); + val.assigned = 1; + val.asid = asid; + val.immutable = immutable; + val.gpa = gpa; + val.pagesize = X86_TO_RMP_PG_LEVEL(level); + + return rmpupdate(pfn, &val); +} +EXPORT_SYMBOL_GPL(rmp_make_private); + +int rmp_make_shared(u64 pfn, enum pg_level level) +{ + struct rmpupdate val; + + if (!pfn_valid(pfn)) + return -EINVAL; + + memset(&val, 0, sizeof(val)); + val.pagesize = X86_TO_RMP_PG_LEVEL(level); + + return rmpupdate(pfn, &val); +} +EXPORT_SYMBOL_GPL(rmp_make_shared); From patchwork Fri Aug 20 15:58:39 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449831 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id F2BF5C432BE for ; Fri, 20 Aug 2021 16:01:42 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 984F561251 for ; Fri, 20 Aug 2021 16:01:42 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 984F561251 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id CFBD08D0003; Fri, 20 Aug 2021 12:01:04 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CD4368D0002; Fri, 20 Aug 2021 12:01:04 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AB2568D0003; Fri, 20 Aug 2021 12:01:04 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0141.hostedemail.com [216.40.44.141]) by kanga.kvack.org (Postfix) with ESMTP id 8F1E98D0002 for ; Fri, 20 Aug 2021 12:01:04 -0400 (EDT) Received: from smtpin02.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 524B92D4BF for ; Fri, 20 Aug 2021 16:01:04 +0000 (UTC) X-FDA: 78495922848.02.7948FEF Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam08on2070.outbound.protection.outlook.com [40.107.100.70]) by imf28.hostedemail.com (Postfix) with ESMTP id AE99290000A2 for ; Fri, 20 Aug 2021 16:00:03 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VFOr+4Wo1wkk7o+vltwygUNXB/r6MYOCrKvd93o3gcA4TLe+lFncfvRL76k8r1peGHFinz5kfivSlbmsKApLK7NGw/80EEJ5VniRFukN6QgQ7QMGEBITvrvs69Fdz8D5CD8hSgOEKvT7VIpFic5rad95m6+TvUhspprh7icUN90Ao6O3hHFK3Mis571I0wXa6GCUxQbJ2NdVr7vZHcf2v7X04pakaFroyjYiCo0anNmD8gxWfDloIe7AucBdvBAANeFRAMiBhuA515NLbaGGqiYvfpJ557WQXOmIlTi7F5N5Szzlj5AQdlA2SC0eb/G7guzwC02+CHdlyG+WmYimSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IJrrzVCkQVOXzXVT/Ya7UFXdwNx89qrDzohEsUIxUCA=; b=ZK2q0k8G2bg/clGTbSXl3ZW8nWQsHdylW7VpRDFBo0SAjuRLa8nCUy61VuIIHfmJ0B+UCfHn43eeUFs/g2PPIthhNS38nz9HHu/o8cMCvYkpUzdaluqee4mi5d3nRNCEXZelHhgmoWbO5IzQkPWXy8LPFyth/EwMda0g8kg1gAeGvzttEBiA/vvZEP7LGS1HekCm0mUt6AGkc0Wu6u0WsqOwOMYacqTeFJmQP+vCWUReAR8M91MSCwXVIIHpB3YG8JdGazjz/MnNoYruq00h6JsmNg0R4sNyy746aSbllrOUqeZMtCD5+JHMng8Of5njGwhRDsKgrCTvR80M4uPmOQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IJrrzVCkQVOXzXVT/Ya7UFXdwNx89qrDzohEsUIxUCA=; b=utHhDfyW93VOQmHziTvbs5JbrsnzCtNpOl/1U3BHZgtuHpfFLCJVDieXajulEQ7tVLi/IAbP4BI7dxpY+HWoZtefq0j1e16g0j+0wqx249LlUeNRLW+JgRMfpAbssS24BU5Hphwyd4wzDkWqKGlvwy4b39OiUOm173FlN9sUE6U= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:00:01 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:01 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 06/45] x86/sev: Invalid pages from direct map when adding it to RMP table Date: Fri, 20 Aug 2021 10:58:39 -0500 Message-Id: <20210820155918.7518-7-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 15:59:59 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7d4ea761-e2f1-4a5b-1fb9-08d963f39122 X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6790; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 854yK61wcPQkSmFZ0uargEhAZ56Ohqnnvoqs4EdFMBkRzN1nhzr37ND1xoNFN8TR+O4/TL3SXXAHdZauIWumSwSH4ZK3YlXsIq2kxuWUDBanhUYsMK6ZFU2/l2FAuaBmW0ZoMQHCPPJQ3TgnSzRq0os2q50veNnWmetHEF9RkfnsHCv7BGem1lGqhHdga1Y+44yoSTnqgiQ80by3XTlSzGN4uxxeLA9wc3W4hZf/CBiDpAb7cmkBbm+KvI8x2oFC2FcgjvvC3782rUypXKw+yOKZZVqXp3/Nxt7XWzSmilen2Bjo7YoVTEGB3zhgV2Wqg15cOxDvHa+CnL0g1GaKQ48WW3USGrRkG7rpGEwHvf+aNT2uFBvkZbmusScx8quA3s5oh4VQvxZbhGpzARKZLDMqXsqjww0clbTSw9dGjm8pOFmzKLgo+QiPGV693q2fDBbxVEeMooW7w/gqISBjRxEZA2ZdtcL3y4vl5eu6+7bN6+9ufPApbXiOFtpIOFCBjxJ88Ib1yFGswIH2+y14uX30KtU2DjiAQ8dLtTm+Grbu/Px6Lh5kz2V8TvBD25fcbVmJ8ZtfLQdok/iAPuEP3CFIQ2qIxJ1p+/DemgR5jIgsD53sEJcbQ6CfWNyxicHJ7jhJL0kEI4quoF9KBOjdoLI08ZHefHLFJb/5heiyoAhvtDq3dvhCCI9kQ0YDojt6TARPa979xML+ETjCidV1WQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(39860400002)(396003)(366004)(346002)(136003)(5660300002)(6666004)(52116002)(66946007)(44832011)(36756003)(7416002)(66476007)(7406005)(6486002)(956004)(8936002)(316002)(2906002)(186003)(4326008)(478600001)(86362001)(26005)(54906003)(38100700002)(38350700002)(7696005)(1076003)(8676002)(83380400001)(2616005)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: dcC4wpN8TNay8mUrluDHmBnJtPU0yqYhslgy8fZFeaDNMZK8YR5a4NNH1j9xG9YOm+hHQ2dRpL778vb3JJ/VD1PyZ8W5TFUpqH8mojVh9N4O+zpVIgQwLGqgffcbPgToOQQ49GGwJUaL18caHKJZSGriYuqQ+el5wjypQovJBz2Pbllp9IF7TfvW0nYsoxZdatVBf79KSeYim1Tf5a07eQJGMyDoQm0xRVNwcIYICB8fnp9H/TmMcsQv8EiKEnJFPqEQ0QvukbOyq7gBvOhC5tvb8JOlO2pnlr1Ebuc+xWWdo7v5tssY1FwEpJsem1W6YLGOy/0h+xj7HBwChNXss7eD4xRy3eFxsQaoR49okx75ohvS19KsTCtzZQUCbzmn3v2cAyUkAAcMRUw+9jpIiYzyXp4yHqkvzIzsEFbki+LuzEdkAdmBSB55NxX2rw/QCCcGEOb3ygU0xYbBun2LiIclXFPDLHvGPz4cQ7VNngpjnOLQS3mX0rc0nDG7QlwZDx/Nkq9lnBcLzQdMogvRXBO2NhZZrQy6+yykfBC29gZKfOcQm6hYe/d7omlv2caOu6qlAwUOu/1XYdCg7TRdgLXZ7JckOURyxnUAcX2ScKIGKuzKeTcd//HIYE9F3sxWgqrYMqXj57VXrbjaEIrr0l2n6AtXnS4B05Os0tzSilFultXdSnxhFdV1MSNafiGg0MoYMj7vNzmUIJ1zavjk0XyIr0JgxtYXlc2mIiS/9FSZgdVSl7eCbazPrWjQcZmh10I9FaHcYioFtTc12rpd0paZhmU+jiipL2L07ZGkBTGIwZR6LVjOJ33JDxENNCFKEUgOM8sQ4n8EeGtiy5SmcaCteWJf0rcdEK3Xz8oyyd1Djbq/p/j8NDwbpWNKNUzIWrOaPh4HzCKtrn46z2txK4VNR5x/8bBNLKXD1mlnnE1uCevgWj4WUOVOMPHncpzOOLMW3MZsvKsewkLgXekCj01bZ4bmgrtPvebTJ3cZeTryrb3PofNLzKQPC2ftIszSLHEmk/1MX8/Y2oRPar5M7Ci5yVxUl+z9R1YKPWOR/ykaX6VftsyDBiaS009JwyCmid8C5oa+MlRkX83NMbikKHTg1WxcCUH1e3OwB5Yp1mAA2pMz4Nn4PhjDRmTlqXPbgJEemnPRy1ZgxQYS91D9J6XfvGN9Qx6f3wUwZW9WfPrqetPTpQb9OyA3t2li0o0GcIOUhoP8A+mMg2MucSeKyl980TPmyDLjmtNmgHzyUa4MndSmGLzN37LLlapBQfYJ2Aoy70alwnMVfIyCDxg5eFG2FxrR1v74wlPUiEOFX1yGjVnPkID7MbhZMdOtmDsR X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7d4ea761-e2f1-4a5b-1fb9-08d963f39122 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:01.5069 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: J8m9Auk9ybXVFCd98YPnnwUCFjTK1WtfUAPthg1tq7QO0xYblXGvS1NceMIKRX7tPWW8WvRLcIYXtfvBcvSemg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: AE99290000A2 X-Stat-Signature: g5mim6o6syy4ioiawoenbmqm69ps7hk1 Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=utHhDfyW; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf28.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.100.70 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-HE-Tag: 1629475203-938708 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The integrity guarantee of SEV-SNP is enforced through the RMP table. The RMP is used with standard x86 and IOMMU page tables to enforce memory restrictions and page access rights. The RMP check is enforced as soon as SEV-SNP is enabled globally in the system. When hardware encounters an RMP checks failure, it raises a page-fault exception. The rmp_make_private() and rmp_make_shared() helpers are used to add or remove the pages from the RMP table. Improve the rmp_make_private() to invalid state so that pages cannot be used in the direct-map after its added in the RMP table, and restore to its default valid permission after the pages are removed from the RMP table. Signed-off-by: Brijesh Singh --- arch/x86/kernel/sev.c | 61 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 60 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index 8627c49666c9..bad41deb8335 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -2441,10 +2441,42 @@ int psmash(u64 pfn) } EXPORT_SYMBOL_GPL(psmash); +static int restore_direct_map(u64 pfn, int npages) +{ + int i, ret = 0; + + for (i = 0; i < npages; i++) { + ret = set_direct_map_default_noflush(pfn_to_page(pfn + i)); + if (ret) + goto cleanup; + } + +cleanup: + WARN(ret > 0, "Failed to restore direct map for pfn 0x%llx\n", pfn + i); + return ret; +} + +static int invalid_direct_map(unsigned long pfn, int npages) +{ + int i, ret = 0; + + for (i = 0; i < npages; i++) { + ret = set_direct_map_invalid_noflush(pfn_to_page(pfn + i)); + if (ret) + goto cleanup; + } + + return 0; + +cleanup: + restore_direct_map(pfn, i); + return ret; +} + static int rmpupdate(u64 pfn, struct rmpupdate *val) { unsigned long paddr = pfn << PAGE_SHIFT; - int ret; + int ret, level, npages; if (!pfn_valid(pfn)) return -EINVAL; @@ -2452,11 +2484,38 @@ static int rmpupdate(u64 pfn, struct rmpupdate *val) if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) return -ENXIO; + level = RMP_TO_X86_PG_LEVEL(val->pagesize); + npages = page_level_size(level) / PAGE_SIZE; + + /* + * If page is getting assigned in the RMP table then unmap it from the + * direct map. + */ + if (val->assigned) { + if (invalid_direct_map(pfn, npages)) { + pr_err("Failed to unmap pfn 0x%llx pages %d from direct_map\n", + pfn, npages); + return -EFAULT; + } + } + /* Binutils version 2.36 supports the RMPUPDATE mnemonic. */ asm volatile(".byte 0xF2, 0x0F, 0x01, 0xFE" : "=a"(ret) : "a"(paddr), "c"((unsigned long)val) : "memory", "cc"); + + /* + * Restore the direct map after the page is removed from the RMP table. + */ + if (!ret && !val->assigned) { + if (restore_direct_map(pfn, npages)) { + pr_err("Failed to map pfn 0x%llx pages %d in direct_map\n", + pfn, npages); + return -EFAULT; + } + } + return ret; } From patchwork Fri Aug 20 15:58:40 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449781 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id F3004C4338F for ; Fri, 20 Aug 2021 16:00:15 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 91C3361175 for ; Fri, 20 Aug 2021 16:00:15 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 91C3361175 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id D4A7D8D0009; Fri, 20 Aug 2021 12:00:13 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CFBE98D0001; Fri, 20 Aug 2021 12:00:13 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B4D368D0009; Fri, 20 Aug 2021 12:00:13 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0141.hostedemail.com [216.40.44.141]) by kanga.kvack.org (Postfix) with ESMTP id 978168D0001 for ; Fri, 20 Aug 2021 12:00:13 -0400 (EDT) Received: from smtpin05.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 4248A1847969B for ; Fri, 20 Aug 2021 16:00:13 +0000 (UTC) X-FDA: 78495920706.05.0C022E2 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam08on2049.outbound.protection.outlook.com [40.107.100.49]) by imf29.hostedemail.com (Postfix) with ESMTP id A03839000271 for ; Fri, 20 Aug 2021 16:00:12 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jLqHzP087BDQrtf9rWlI7LBp9MDH0w+7UkI2OUyuLaH39XCkXxc5C4rM2HKgOfPpi5OEtHWdy/wSpfkQmbfnWfiAa6w8KUjrmNUCNTJ+CDYj6PD1NVdYHfPKiEkxzwPxn4/0S9D+3FNm8OlfiCUqnjHhidqyBW/9kNL+PKZmHW0f7Qem33P8X6XB704/hgKT0OPm5f3Ovn5G4vw1HcvFNrd/we5pZkSTY4GFwMXX2ZgvQfujA7tdxVKWczoWcS+ilovLVJ9b7XwsMzSxY2Ub7UWFCOQVghB06G7O/h3Ep0XzxJf4byQeuzbA4iiEm1xPCwXYnnD/zKnt33+ZVVSfkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KJ91SxYunShGipyH8ojFfTywvFt1eW8pSHUNA9OcTyU=; b=g+kjTcJ8Cs3HPFWCVL/nyDMfrB4wfhXeKVlrrfQt4QDzScgNKCwPYGxiAUTfbkXl9Lhh8ds5EUrAr0AEu0fQr7b/oBVLPVUw3AhlXOMAVuw7BdoEXfnCDHE/dPu+vcOkJ9//meN6TlsDrEKrTGDn2ZUuq5tFBX6svWAdqJhWhxlbkLQoG5HoqDm0fT92LlfidF5W8A1XEcNgYdCXRf3rI1p4M47+X0nImtyVbLfDERKPrmHhbuRcwOh6XPoTvJjnkOBuHx3F/2SC98Cr85eTn10gsXRQYCfIAex2Q3jaw8lPulV/7lGybo4Jt6VrIW2MZTePiylMkKKZ35Yg2HWqBQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KJ91SxYunShGipyH8ojFfTywvFt1eW8pSHUNA9OcTyU=; b=Xa6DfJHdc76qizNi/43ag2qCWvUphvg+AiQzZ3pC/Vv5wsVbnwfgdVZjfgeucnvq13nsMLSQMHkBQVEFywE8APrhDoemvwFHxd6eML2sWgupeq1jfgaIXzqpQXO+VO0U07UenMV3PrporyGaupRVNHcysF1OMFXvVl+zdQOpEq0= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:00:02 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:02 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 07/45] x86/traps: Define RMP violation #PF error code Date: Fri, 20 Aug 2021 10:58:40 -0500 Message-Id: <20210820155918.7518-8-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:01 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7e272240-cc77-4113-46e1-08d963f391d9 X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 0ZO5oeXtsEpQofUD3aS2P+0doDZLxIPBufyh1IvPihnXHFCttNriHiFFM/4kE2sS9J3W/AzHOv87K6Fd06TbNWAi4BFIsaRY+6o5OeE3Q3fM01jc/p2HpR5w2QxefaMtphd599c2IZ9zUv47OkYjAFQZfKXIutUzJtx7D8Q+fplaVz+HYMBh+RCYIvaev8gcEv7WmEw7M+NCJXQRvpCR/SvWqTcgcaEvcCjLwez3Wqo7U4/WHfXdALta3+8uI7XF6CHfnlru2aV3KxwA93D9ycOaWXlfsWy3PHzeb3HAdSubOY7FOJmKg+QY0YY0y6F5ITuoYnEwEMox+nKNJVk4E1fDv7ULu3epZp59mQhEtu2fyrElvs8VlUxtlsZG/t5oghyXr4Q2Ntc9oDalfDMLR2dp1p64cwk97vLL4AfPTVAWHKFRw/1QBMmTPd6UQ+8XcNssOV3Kd01YJtfB6f7YjQvezi1qsvlb/V/pBaX7WAv9CTUWen76RIN7x3teBh6PvLbJLpIb6XVVdxS3+2vjXdQKu4ibpnVw4rZEfjyZqZ9gtjK/TilYQGQno+Q0lWR8PpApIUmpAzsKIhNj3FKUGvffHGbwAst/Ajsyq6Y2dYtDxw6CXsrzVd5Y+AEqCFsIxpiiCfnTzEcG8AcO7AGXPInhVlBO6c8EjLzJYt4a08TJUjDDdqeKg7KgFF7C5ccl X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(39860400002)(396003)(366004)(346002)(136003)(5660300002)(6666004)(52116002)(66946007)(44832011)(36756003)(7416002)(66476007)(7406005)(6486002)(956004)(8936002)(316002)(2906002)(186003)(4326008)(478600001)(86362001)(26005)(54906003)(38100700002)(38350700002)(7696005)(1076003)(8676002)(83380400001)(2616005)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 4MhuWrLcLHwqpklrgBxNx9uSU+xdYVIX9JN3/xKBsQAQlNr3t3PsnwEyqa2hALQR8Lohn/VrSC3VNiLZkzf2vhYQuL8ddPvidtRWrJllqMcz0BNinHCIkQM/boWHLOmDekCXDrWJOvmEnLy7Ro3JSAYWzC402SRWtUnyMapS5+Ifn7Y6dWfDUg/0m50twoB/BghhfvOQSwtmiNOjnhEI8fFCMXyMX1gx1eiXMJvDYe0NPA2EYRtVXchhd6Z+mJkfGjs1hHqB7rX+Ucwz9ng10voJTtmVN8aQAABedKCH4sWFkbz1ELEZv+e4YPoLjKd9rrgm3FsM8nohIyWLefBLbqBa+14ZZf9aGQVwkKfbkMATRdSTJgF8w/gJJzwU1jRZubqY48WIwDeZYuwCMAZPeRdeDe1cqQkKeMLDseM8f9dsd6iDAehxO1AQm1EaTmC22qSV71At6lt7IKU0sZpPlpw+ZyOyJXm5Sk9LdU4cfH+zk7BysmUDOBoTtht+yo2VvLnbfG6JcW5s4hoywweUepyY8mykpYZ6wpwXdkPyXPd1RsHmH5Z8mSAufu2VEipOCgjjpVWFt/cm7WZpnPj9cmtaHk4DvBDylvK1Qk7+Ma0LhkLmUQ7xGxmwK4UXOuAWUgqsRaMD7MepTINgISs8Omnew6n3lziAJyWxgt6lElu/rrMU5VAZxMHjDPYpLPqj87ZdLYCuq2EBZS7hehmhN/Hu/REU3Ds6Z5aByAk6ujckgLaU/IQcd7+iF5Zs6UHjN6NgICOMW+CkrU6dlI7U8YfVKnsAJG6xf1z7T8YDIdJdlYLriwfMbw6qMWTZoAmqz6miOlk1CLvYPOIKgW7aiJYDIl3u8A11vxZ/88zbUliXrr0l++wIUxv/A5O04AcSexi2B8vk9jxw3RXvofjd8cf/q1tVrUBr2GTinFCSuqi+tKwAlYAoXhAyF63pt5qfQmC8FGUXDeZ5fNQ0FZ0V6Rw7SuN9XwBLeX3wRnEZgPbyikbI82ILFrLhnxFy4PR95FkUpzEXkrW0l2dky9Xq5RE5/JRO0PfF8WIvcSu7AjH6zPfUwOOh0v/oC0MMgQK91AAJykdctYIFHJRLKpy9eM6dh1UujCMQBgoB8ntQ24JJQTFSlnd07vf0kY+RFxqn38eSKgDIHBwiZNWTU0o4SslZ8bUF25BrYvAVXNlXmi07CPBQ+E/Ae4FSUL3fkWpqjaqesOZRdQiXz0mt3UOXFjNCDY0GdS8RHS6zsyMbC/sLj5UF5gT3fE6DjpWGAamb+aRjsJ3H7imD9hiR+coOfQyhLPtINl4lW8LQ+OWf5ZnsEO6FC9Jbty+xHDFMSsZh X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7e272240-cc77-4113-46e1-08d963f391d9 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:02.6573 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: XjqvCw5B5RvKKLBZQd1NRnFasipj21dMaujDTyb7v8PuwFD+rc6KyGsz1YygJffOfx3g5TCG9f2BUTo8h/pj8g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: A03839000271 X-Stat-Signature: zxi6btntp49ybrxd9moxz8gw94o4114y Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=Xa6DfJHd; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf29.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.100.49 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-HE-Tag: 1629475212-245402 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Bit 31 in the page fault-error bit will be set when processor encounters an RMP violation. While at it, use the BIT_ULL() macro. Signed-off-by: Brijesh Singh --- arch/x86/include/asm/trap_pf.h | 18 +++++++++++------- arch/x86/mm/fault.c | 1 + 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/arch/x86/include/asm/trap_pf.h b/arch/x86/include/asm/trap_pf.h index 10b1de500ab1..89b705114b3f 100644 --- a/arch/x86/include/asm/trap_pf.h +++ b/arch/x86/include/asm/trap_pf.h @@ -2,6 +2,8 @@ #ifndef _ASM_X86_TRAP_PF_H #define _ASM_X86_TRAP_PF_H +#include /* BIT() macro */ + /* * Page fault error code bits: * @@ -12,15 +14,17 @@ * bit 4 == 1: fault was an instruction fetch * bit 5 == 1: protection keys block access * bit 15 == 1: SGX MMU page-fault + * bit 31 == 1: fault was due to RMP violation */ enum x86_pf_error_code { - X86_PF_PROT = 1 << 0, - X86_PF_WRITE = 1 << 1, - X86_PF_USER = 1 << 2, - X86_PF_RSVD = 1 << 3, - X86_PF_INSTR = 1 << 4, - X86_PF_PK = 1 << 5, - X86_PF_SGX = 1 << 15, + X86_PF_PROT = BIT_ULL(0), + X86_PF_WRITE = BIT_ULL(1), + X86_PF_USER = BIT_ULL(2), + X86_PF_RSVD = BIT_ULL(3), + X86_PF_INSTR = BIT_ULL(4), + X86_PF_PK = BIT_ULL(5), + X86_PF_SGX = BIT_ULL(15), + X86_PF_RMP = BIT_ULL(31), }; #endif /* _ASM_X86_TRAP_PF_H */ diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c index b2eefdefc108..8b7a5757440e 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -545,6 +545,7 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code, unsigned long ad !(error_code & X86_PF_PROT) ? "not-present page" : (error_code & X86_PF_RSVD) ? "reserved bit violation" : (error_code & X86_PF_PK) ? "protection keys violation" : + (error_code & X86_PF_RMP) ? "RMP violation" : "permissions violation"); if (!(error_code & X86_PF_USER) && user_mode(regs)) { From patchwork Fri Aug 20 15:58:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449785 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5F1A6C4338F for ; Fri, 20 Aug 2021 16:00:22 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 03822611C4 for ; Fri, 20 Aug 2021 16:00:21 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 03822611C4 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 5D1EE8D000D; Fri, 20 Aug 2021 12:00:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 535B98D000B; Fri, 20 Aug 2021 12:00:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 367B58D000D; Fri, 20 Aug 2021 12:00:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0102.hostedemail.com [216.40.44.102]) by kanga.kvack.org (Postfix) with ESMTP id 129648D000B for ; Fri, 20 Aug 2021 12:00:15 -0400 (EDT) Received: from smtpin19.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id BCAC780BF4C2 for ; Fri, 20 Aug 2021 16:00:13 +0000 (UTC) X-FDA: 78495920706.19.393AD83 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam08on2049.outbound.protection.outlook.com [40.107.100.49]) by imf29.hostedemail.com (Postfix) with ESMTP id 3A1EE9000270 for ; Fri, 20 Aug 2021 16:00:13 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LZ/3ERwvsg0aSCmcI4O5AiyIYyulCq4niK59itZ1phre7EnpovRyBqk8Xb4yaFqbcg7+H3/XITXLyOEwFUfrt2ropL9I6fQWP9kEtQX+RFvtr+yt78nZl+aFa9yg2AFACPsJMcrrkQck3aajjwtYcEHEYNWxx8Si4nk8x2zb1JCuDLyKhajmxaWuiaUUglgBsJ4RHC7b/Aot1/5RSOg7WciN8XH5B2F52M2vebPFNuEO345vIcZzkL4BEfdmX3+DMcr6dymYtzVAEkfLZOInSNQ/XoNycAJIjeqe6y1bj4UkwvgaVutQaE70+N9BhQoNFRI3XvFczhSNHNrP5Z9+uQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=98DtS9JM1I+DiexvI/B1gLAoM8L/pKgfG2QGPzZbbGU=; b=gscNaqUFJLiosyg5sA4Q83OnBihENS0NSrL+nP2qEgHBji0oGzZ8MlTIf1Sff4aA/B6EXoopsk8WqZ78IXlDkGhfIz2rjmmTU6WDKSz5jOVbBPBmUE7L+Fpoe6vsrHC/8+JChHkuds6Sp7zcv7cUaagQOlRr6u3vWO04RL6hQ/sB+YKRqEy38C2gy+vYvlLboSmU/Ch9sdjgC4EibH4nJP9GdrNLLqzVYpyrhP+ft+q5S0StjSzvFyxcoMaaveoRav8kuoDbzy6KISYRaDoR51adUggdCVMKkGoyY9sw1LieOSy3kVzqIwEhBoqBvWd8MB2epvaanAU+Br6ZXrC29g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=98DtS9JM1I+DiexvI/B1gLAoM8L/pKgfG2QGPzZbbGU=; b=qnap4gN5fuJvko/t8b1FiFMrFhn6RY6xHLTVyIJFuYPHACw38QeUpWj0TggUWf526AiDAOZMZadstwidPLvdfh8k4evv28siLAucom8vh41E+TL8sf5VK5Zc/fXPYdaB+6xtMt820hsTC7lYo4v9uMH5R7jcNhwPl6CXlOo5ws8= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:00:04 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:04 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 08/45] x86/fault: Add support to handle the RMP fault for user address Date: Fri, 20 Aug 2021 10:58:41 -0500 Message-Id: <20210820155918.7518-9-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:03 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 0a325673-4258-4d4c-63ca-08d963f392a6 X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 5L0oN+z4mf2JRn7y/PVPMEKNmK0jHW8TqA0uX0x+/ZOMteWvwt2PSeFY8Ae88vB1Yt7KPShxzwGXN8/Jv92vHoeOYpkSiH9R5GKtxxPA3Tub8xUAjevur2ucomsxcVn5h4ouPDDliKPAwECEpLwfQgTgLXQ/WnoQSDVWdLD15bTOdjPGMnczwAc74E2KuqEi+ScqZv4vK0IT5O0r30WW7sET+Qqt/emSEL1DmzoJJbazHlTvl592a/0821Sj1n3TbO7R590KuaZ6j5x9Tl6LvyAbKvttNAT6ZOxcKr5xTYXm7u+fccqsvRgY41MvYXx3M3GWKRsayAu0MsL56NrA4+kiv3JIEnHUYNQveAMw4ofKy3cTkjF+7ZPtkJPrXTorardvNMQUAcuJR6EOdbV6fxvNQfZZyguZzef3tM5cbEzrut1oTfxcK5k3Ndc6rrfUlNPIj1ShkbCE3kJJuJSH3yoCsudR9vT/j8itNGpdOi+GxDdAmzvneh0ieU0OHfdYnnbuKc/6rruudRzaBIl2SLzUIYuOZX7bdtP3MW+s0tNneRaxozwzt1o0dzI7if6Yhpu0zT0zhSWEaEMEv7aAbEHLy/PLZxaKHURFKshMjsOyCCCbUB9+lHHnnsc7n/3aqgGnA4/7qETsScQnuSQa2tVMM6j/CHnlX5iWitIa8W7amEdcV2viJx7fZFeGNrJH14GYiWhxDXKt27OuYHerVw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(39860400002)(396003)(366004)(346002)(136003)(5660300002)(6666004)(52116002)(66946007)(44832011)(36756003)(7416002)(66476007)(7406005)(6486002)(956004)(8936002)(316002)(2906002)(186003)(4326008)(478600001)(86362001)(26005)(54906003)(38100700002)(38350700002)(7696005)(1076003)(8676002)(83380400001)(2616005)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 4mVsba6kmmTIbCmbFKDwBpHzwv5kjapO5sc7C+KvZIL+sY8V66ErgXAmYM9vYSscWW20w0QztqLCZnYh5UafcjAQCW0PNEAQwvmi2Q1sgLinu/5M8Dth4x5wZfwFr7EfN2UjvsRDJKaOzozcmXqh0ABoA4F7756Db1nJ07pV0esl6inI8KMUUpCdxvRmGyLk2WiQarpibLseZMxt+WiHGZydl4ZsH5n2OC+LvkWdst4bsO71DCHp64RcoFqwqR/f2PnkPYDs8k/FmNdaqzfrhBv6efnDE7HyUTH8mcAJuVWmph6gFxgrdqKxa78mspncMB/ZxdddczNn/wpv4aX0mudZZkyVm2JqoYu+cFtWlaj9tXAkFnbyjD0fdqABE2jycRfZZevwVmvYma2YiIgrXFlylHzSpW4V7bKNcOqs3lYcR+qCl+qNEHim4+iazGqRaJebFdPYiR2MPA+0B7GidPhiHWAQhsQBWYpqbnGmPw4hca7R0uQyQ1v4JNlJFbBRskD/qIFFGVctExQCn+FrSUUWgky9pw+y9WB3iuXjcfPRzj2FntD2++M9DENW78RtdqGY4d061rVZKxlVgdGqhBkqduFLKB2vEg5WONPRvHqntcVBRYdPZD/GlA33wK78ZJOBNqc+0yXuAxtC+4go8g6ONXvA4A26Xli/xuK/T1sU4XXjMiQecq88iUh1EW1/34IesDKDoYAlS2KUlDirHnLA1LFplTGChD1igCyUsuK4ulUQsaobdUic3lp3kjc8ZN73AmA2TL5vL24QwD6VawsXvOCNanc6T8XQbapQBJnb2dpOFXHx1j2uRzXMLAFw85FDr/hbf7QX7OvB6tQ2AOx5IWW3D2GZ5wXIpXpqtlbcIs2LnOAUjTt24FpyXK2LoVoVOtqjAYad97I5uk4gd8AgVbzAZRJa9wLRG6eNR4Pe4nfz2XAespf+xtBqcrlLaxvpaRVl7p4uEgtP7KDPVW07xvyDSaFtJSr/elJT34owUH67A5Orw+cfSGYCz9IbbHpiZbG1ZPERxjXTEyGmg4Qi4B2n7TG3FSSCCo2Bemv+7BPFZRBIODpXKgUYOTL6IOy18Jz2cQ74qWs3Bw/++/MxJucdBmpFAyasvhe0S9ybDou/gP8W3um5aibEbsSlfz1pf5qJ6uFGv0DTN4pGomsBlfFwsIUNVyZQQOfK98YeBqdogalGpsM1pVxOI+NzCC18AqSMfwnooWpM2EU7honXl8f6oG3jQOXy0J989NbnCk7hkaAIfE/DUPqJQth3rX6e58omVDpO9DyU7FbcRVqRNR+HSGPEHKTbnrfQ7dtjYnT+67+YkURG7jJqouCp X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0a325673-4258-4d4c-63ca-08d963f392a6 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:04.0165 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: KY3jmId+8kpDY5Eb+Qq/sFL0hgQAlfWT1ArWI4KPKR2JWC4OGxU0FmEgf0y/9IGGaVRij+cakpzRi3XIeMz+UA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 3A1EE9000270 X-Stat-Signature: f8ion691tdkyjd1q6mi1ss5xnz6rfoa4 Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=qnap4gN5; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf29.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.100.49 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-HE-Tag: 1629475213-247201 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: When SEV-SNP is enabled globally, a write from the host goes through the RMP check. When the host writes to pages, hardware checks the following conditions at the end of page walk: 1. Assigned bit in the RMP table is zero (i.e page is shared). 2. If the page table entry that gives the sPA indicates that the target page size is a large page, then all RMP entries for the 4KB constituting pages of the target must have the assigned bit 0. 3. Immutable bit in the RMP table is not zero. The hardware will raise page fault if one of the above conditions is not met. Try resolving the fault instead of taking fault again and again. If the host attempts to write to the guest private memory then send the SIGBUS signal to kill the process. If the page level between the host and RMP entry does not match, then split the address to keep the RMP and host page levels in sync. Signed-off-by: Brijesh Singh --- arch/x86/mm/fault.c | 66 +++++++++++++++++++++++++++++++++++++++++++++ include/linux/mm.h | 6 ++++- mm/memory.c | 13 +++++++++ 3 files changed, 84 insertions(+), 1 deletion(-) diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c index 8b7a5757440e..f2d543b92f43 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -19,6 +19,7 @@ #include /* faulthandler_disabled() */ #include /* efi_crash_gracefully_on_page_fault()*/ #include +#include /* snp_lookup_rmpentry() */ #include /* boot_cpu_has, ... */ #include /* dotraplinkage, ... */ @@ -1202,6 +1203,60 @@ do_kern_addr_fault(struct pt_regs *regs, unsigned long hw_error_code, } NOKPROBE_SYMBOL(do_kern_addr_fault); +static inline size_t pages_per_hpage(int level) +{ + return page_level_size(level) / PAGE_SIZE; +} + +/* + * Return 1 if the caller need to retry, 0 if it the address need to be split + * in order to resolve the fault. + */ +static int handle_user_rmp_page_fault(struct pt_regs *regs, unsigned long error_code, + unsigned long address) +{ + int rmp_level, level; + pte_t *pte; + u64 pfn; + + pte = lookup_address_in_mm(current->mm, address, &level); + + /* + * It can happen if there was a race between an unmap event and + * the RMP fault delivery. + */ + if (!pte || !pte_present(*pte)) + return 1; + + pfn = pte_pfn(*pte); + + /* If its large page then calculte the fault pfn */ + if (level > PG_LEVEL_4K) { + unsigned long mask; + + mask = pages_per_hpage(level) - pages_per_hpage(level - 1); + pfn |= (address >> PAGE_SHIFT) & mask; + } + + /* + * If its a guest private page, then the fault cannot be resolved. + * Send a SIGBUS to terminate the process. + */ + if (snp_lookup_rmpentry(pfn, &rmp_level)) { + do_sigbus(regs, error_code, address, VM_FAULT_SIGBUS); + return 1; + } + + /* + * The backing page level is higher than the RMP page level, request + * to split the page. + */ + if (level > rmp_level) + return 0; + + return 1; +} + /* * Handle faults in the user portion of the address space. Nothing in here * should check X86_PF_USER without a specific justification: for almost @@ -1299,6 +1354,17 @@ void do_user_addr_fault(struct pt_regs *regs, if (error_code & X86_PF_INSTR) flags |= FAULT_FLAG_INSTRUCTION; + /* + * If its an RMP violation, try resolving it. + */ + if (error_code & X86_PF_RMP) { + if (handle_user_rmp_page_fault(regs, error_code, address)) + return; + + /* Ask to split the page */ + flags |= FAULT_FLAG_PAGE_SPLIT; + } + #ifdef CONFIG_X86_64 /* * Faults in the vsyscall page might need emulation. The diff --git a/include/linux/mm.h b/include/linux/mm.h index 7ca22e6e694a..74a53c146365 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -447,6 +447,8 @@ extern pgprot_t protection_map[16]; * @FAULT_FLAG_REMOTE: The fault is not for current task/mm. * @FAULT_FLAG_INSTRUCTION: The fault was during an instruction fetch. * @FAULT_FLAG_INTERRUPTIBLE: The fault can be interrupted by non-fatal signals. + * @FAULT_FLAG_PAGE_SPLIT: The fault was due page size mismatch, split the + * region to smaller page size and retry. * * About @FAULT_FLAG_ALLOW_RETRY and @FAULT_FLAG_TRIED: we can specify * whether we would allow page faults to retry by specifying these two @@ -478,6 +480,7 @@ enum fault_flag { FAULT_FLAG_REMOTE = 1 << 7, FAULT_FLAG_INSTRUCTION = 1 << 8, FAULT_FLAG_INTERRUPTIBLE = 1 << 9, + FAULT_FLAG_PAGE_SPLIT = 1 << 10, }; /* @@ -517,7 +520,8 @@ static inline bool fault_flag_allow_retry_first(enum fault_flag flags) { FAULT_FLAG_USER, "USER" }, \ { FAULT_FLAG_REMOTE, "REMOTE" }, \ { FAULT_FLAG_INSTRUCTION, "INSTRUCTION" }, \ - { FAULT_FLAG_INTERRUPTIBLE, "INTERRUPTIBLE" } + { FAULT_FLAG_INTERRUPTIBLE, "INTERRUPTIBLE" }, \ + { FAULT_FLAG_PAGE_SPLIT, "PAGESPLIT" } /* * vm_fault is filled by the pagefault handler and passed to the vma's diff --git a/mm/memory.c b/mm/memory.c index 747a01d495f2..27e6ccec3fc1 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -4589,6 +4589,15 @@ static vm_fault_t handle_pte_fault(struct vm_fault *vmf) return 0; } +static int handle_split_page_fault(struct vm_fault *vmf) +{ + if (!IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) + return VM_FAULT_SIGBUS; + + __split_huge_pmd(vmf->vma, vmf->pmd, vmf->address, false, NULL); + return 0; +} + /* * By the time we get here, we already hold the mm semaphore * @@ -4666,6 +4675,10 @@ static vm_fault_t __handle_mm_fault(struct vm_area_struct *vma, pmd_migration_entry_wait(mm, vmf.pmd); return 0; } + + if (flags & FAULT_FLAG_PAGE_SPLIT) + return handle_split_page_fault(&vmf); + if (pmd_trans_huge(vmf.orig_pmd) || pmd_devmap(vmf.orig_pmd)) { if (pmd_protnone(vmf.orig_pmd) && vma_is_accessible(vma)) return do_huge_pmd_numa_page(&vmf); From patchwork Fri Aug 20 15:58:42 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449787 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CA1EBC4338F for ; Fri, 20 Aug 2021 16:00:25 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 69B91611ED for ; Fri, 20 Aug 2021 16:00:25 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 69B91611ED Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 89BD48D0001; Fri, 20 Aug 2021 12:00:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7D2458D000E; Fri, 20 Aug 2021 12:00:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5D1AD8D0001; Fri, 20 Aug 2021 12:00:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0099.hostedemail.com [216.40.44.99]) by kanga.kvack.org (Postfix) with ESMTP id 2B2668D0001 for ; Fri, 20 Aug 2021 12:00:15 -0400 (EDT) Received: from smtpin29.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 56BFA181CEEB8 for ; Fri, 20 Aug 2021 16:00:14 +0000 (UTC) X-FDA: 78495920748.29.4E3B5D8 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam08on2049.outbound.protection.outlook.com [40.107.100.49]) by imf29.hostedemail.com (Postfix) with ESMTP id C7ACA9000271 for ; Fri, 20 Aug 2021 16:00:13 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=P/VtGql/d9gSetz+WSrHUWHi+aDf8qzXNslKgj7nUgy6UvTtzg01wiQ8HIR4Qmqk/c0s7KhO7Iy9qIcFWu6Lc7RqJNMceypf716PoVI8ZFUNFdyLSSV415HEDn/VSr126ivMTDq6YLkkEMnRfu+5ETDhz1+LIAXTgaQE7RiP76X9rGpYuMjEVjKw7ExGq+jccb33DPB3R+8HnSJ0prtgz9/VKHt0x/4UTjwtC5ViiGrRA2HpeMOj6sYodoYbHvg/f+DOlzEKqoSyZXd0TXSeoejVGYVB4lLZt5WcSvtdy/27mv9Je/OQiZC9uYIXx6jRALOKtBYrYJHtH7U+NYo9RQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p5hkMrseCkrHwlr4op5/3GK81xCGz8iZGUNbsaNcbeg=; b=BG5vDBGQ6+HmYwm/j/ntnVWmmV1zsFFm0kwu+eiVsVBuU3vf6Vae/TlrYUItmaSlNFsNvWp8VgeeziW9QY/GdH5ndy7wf1iwPKby5tQyFCupEmJ8W15ViTBONjMHZZrXzpLDHqMSUdxkmRg1aNfTn7o+GvAk0Lnofs5UMu3WhCjEUXIwnbrBlCJH1upgwgSR9NeB281kkceJnPfbYAdQqgqeLtM2Pw69qqRqPVjPy3funhmFOvdmzrBQdVYCZUwQmtRTPw3uN3e4sFKpMlAJRLWj/iMDyz3GUukCDT9+JvOy9N8PraSl1D7VPi10J6L5RTWorx4bG+Y/Y1PH77NOxQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p5hkMrseCkrHwlr4op5/3GK81xCGz8iZGUNbsaNcbeg=; b=FEzIedaQELaY8lntGfVDI+CwmHw9pCGjtMJpj/Mf+7gC193yLpMvTaX/IYH2WsKMjrRrPzjH1rY9bsWpf5UpN+m/jXVaZEnxHOhjgATyQ40ikQNHgBhRoegdMHPlKG+ZHpLRvH+7yvHj0X0Co2Uz49cBqBcWyqHUfezdv8Gjt44= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:00:05 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:05 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 09/45] x86/fault: Add support to dump RMP entry on fault Date: Fri, 20 Aug 2021 10:58:42 -0500 Message-Id: <20210820155918.7518-10-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:04 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: d66e3f31-5d24-46e7-fb9a-08d963f3935f X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: HDnaRj0857IJaxC5yHHOI47zAAtvZjehMlQB25NU5PzCZkEa/nOgTWQQ2g6y310WXuqU1LX9DIaNcnr8vOU3g9ElMxwvUeuj8EO9EDWWWXdyYfqQ9Tp44Ir8NSVCtJg7f5giAnYbfgb0d8zJYLoF/NPwqVlqyWMYFfN+pQZfcMsJtx2G7H1oF47ufgrJFsXhQ9JrR6XTKMpXO7B20rV+08JgAxeZqxvmVGnc131qp/MiThBDlmQ6xqibqnu+YsmHXlIvlWKlCbHvwwD7KTlU3rfCH4ooSXuxqoZgSNgWa0P3GSThFDnTJ5nVZfNuScu26yay+rVqk1c41aiiEnY9MlAP2Ol765srkGEu/iPYYl2it4gr+9DVH8r+6+tGnTLBrwEsTVDfQd133Zlzj1UvGKzrkXnlzs0RyAMZ+YSb/t8NqTPF4+VuenIbKqqXW6J7Ra7TFUE2Sx9VYfidbYFVF0ed13YglX9Yu8uKbdOfdl39ZNSSZJr13YPNsNwCQ/f058iTHpAvC3/QHUmfkbGad2N4HktGrCQv42joILraWH112EPsAyKU8VA08TfePQXYycaQWbRu/68BYNLkT3hBMGOysjp5JY+pESGMZzu+4kR5QFLp4/SMu0IZ05nQuFcGwDSff0ob4pOFI4RiYDqykmw3s7yj/Q8i5qbFXlw8Ie7N9tR6dBEAjVtxyyKDvPqqRs/Mv0FpC8sEkyItvmACgw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(39860400002)(396003)(366004)(346002)(136003)(5660300002)(6666004)(52116002)(66946007)(44832011)(36756003)(7416002)(66476007)(7406005)(6486002)(956004)(8936002)(316002)(2906002)(186003)(4326008)(478600001)(86362001)(26005)(54906003)(38100700002)(38350700002)(7696005)(1076003)(8676002)(83380400001)(2616005)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: j3J+28U8OUaQoiAxShATLDmg6AsToNQufppiGXPqy99AptNS+bPWW7iCKQSprObLv9fbhR6tA3BT/AgCKk5eeofqf3KkGrSlCDSIUU6BnIwSOoEV2F+qZbM1oPpKVEJCjooStYNpn4hgFahgj0LFtkYN76V/o8Cs2sHqni+uXggaBkhklXR4A1PbwDglUTZaMhiijW36i0HPzrANZdGup6NLCPqEPQ6JOlR7082nhG2SCRVJC3w5a97DciBAfyejYEWnJCnH1RZVAIZOWBZcUUAJn3/GRcI6R2P85J7aL1DMRYT8JPN46kCTJn4/NkPjXa9NsUeVg5vm1FfQOjyTsEEfCUPTg/O0fcQJZ9CFcKqlBzYqQf5NtpiTqC/m43QCU2ovRltVpBtn5h34hNoFphIWP6z+C8kB+8vXD49Fmm6MT2nmf7duh5eSmGDRl9NhFZWjALrYFbtsLLHln+36n30XmcvEHgN0WWB9y6TkvtsSIgxFj3/vDpU8A35+Q00p/VvlUfIdIOTfr68UpV4QSU7fY6M9h0aKIU6MATM0NrqsUh76IDB56DEq4T6a/q44Azra8YmWHVPGRIHXO3Mce1Iwm7DBSlftHXcuVOP6MJdyijuNc56QvjRfJrG+GfN6riDVSGoIneNJvsjLkUI34v72Z0CjAkFwnU632OPTWyLbmbliG5Y+6isONDGnxM/CnywxYIwozVtuMdJ5VXW12GUFox0hvbHBeMF9oGyAjJVemVEqmGfCwjZmwtFXASLhtt3FZIwyFxTeQvrNWtKmap5vXyZNZvfW8Y525pAoS7vwkslhqvyIay6h55N5C9lGFFDMtpJPA4DsR5nCfC3W3TL2YPRPUNNgwDKd7fMQ4lZpL+KqhLYzRd02awUTmnEwZWjkT78M0p0wHPyi+9cWLc64XYWpYpAkGU2ybdMS/qrPZTqpD+xPN4kQUyJ3fb8GHRftAliBGYV6Z/aCdF3Sts1SrynPpS/mHv0AY6VvK0nlVi8kPQ0tEJyFzC8uIikt8A8huzRp9hL+QBT73eXUTqNuqo3f9kvZ/e+Hy7HX09kY0iS3QDcFxPNt6uKvChufSujECC5yKbRP5c7riwMP4ZxDx1k/nwEnmpjB22tlZ8YQ2GddEhqPlwc1vzRTFt5BrspFTH9C3vftbiWkD/Tax2yoIkpUUZYuP1eXlGSLgRwUdoC+eQtwoGlaFIcZfXRPsF/qEMNfHBM1svtNPk35sm+YEZdjMZhT6Ng10Ro5bN477jhs/I5k1OAv33ZUn2/xQ5QYXeLRb3nY68Wo6oahQdv9ZQTnFJl2lknI4p1c86Wb+9VmKH5K7WCb2jJjTsD3 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: d66e3f31-5d24-46e7-fb9a-08d963f3935f X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:05.2248 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wa2tiBjyPa/1DFQvBvuRPfPdoOp1OwngpcBdLfPafpjMFYhUPflfqVMwftTPngQuD0gzt7eR2MmpR+U9l044kA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: C7ACA9000271 X-Stat-Signature: jzu4e3p35dxt4afnwtix6b5eo1m3f4gp Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=FEzIedaQ; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf29.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.100.49 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-HE-Tag: 1629475213-733326 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: When SEV-SNP is enabled globally, a write from the host goes through the RMP check. If the hardware encounters the check failure, then it raises the #PF (with RMP set). Dump the RMP entry at the faulting pfn to help the debug. Signed-off-by: Brijesh Singh --- arch/x86/include/asm/sev.h | 7 +++++++ arch/x86/kernel/sev.c | 43 ++++++++++++++++++++++++++++++++++++++ arch/x86/mm/fault.c | 17 +++++++++++---- include/linux/sev.h | 2 ++ 4 files changed, 65 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 92ced9626e95..569294f687e6 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -106,6 +106,11 @@ struct __packed rmpentry { #define rmpentry_assigned(x) ((x)->info.assigned) #define rmpentry_pagesize(x) ((x)->info.pagesize) +#define rmpentry_vmsa(x) ((x)->info.vmsa) +#define rmpentry_asid(x) ((x)->info.asid) +#define rmpentry_validated(x) ((x)->info.validated) +#define rmpentry_gpa(x) ((unsigned long)(x)->info.gpa) +#define rmpentry_immutable(x) ((x)->info.immutable) #define RMPADJUST_VMSA_PAGE_BIT BIT(16) @@ -165,6 +170,7 @@ void __init snp_prep_memory(unsigned long paddr, unsigned int sz, enum psc_op op void snp_set_memory_shared(unsigned long vaddr, unsigned int npages); void snp_set_memory_private(unsigned long vaddr, unsigned int npages); void snp_set_wakeup_secondary_cpu(void); +void dump_rmpentry(u64 pfn); #ifdef __BOOT_COMPRESSED bool sev_snp_enabled(void); #else @@ -188,6 +194,7 @@ static inline void snp_set_memory_shared(unsigned long vaddr, unsigned int npage static inline void snp_set_memory_private(unsigned long vaddr, unsigned int npages) { } static inline void snp_set_wakeup_secondary_cpu(void) { } static inline void sev_snp_cpuid_init(struct boot_params *bp) { } +static inline void dump_rmpentry(u64 pfn) {} #ifdef __BOOT_COMPRESSED static inline bool sev_snp_enabled { return false; } #else diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index bad41deb8335..8b3e83e50468 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -2404,6 +2404,49 @@ static struct rmpentry *__snp_lookup_rmpentry(u64 pfn, int *level) return entry; } +void dump_rmpentry(u64 pfn) +{ + unsigned long pfn_end; + struct rmpentry *e; + int level; + + e = __snp_lookup_rmpentry(pfn, &level); + if (!e) { + pr_alert("failed to read RMP entry pfn 0x%llx\n", pfn); + return; + } + + if (rmpentry_assigned(e)) { + pr_alert("RMPEntry paddr 0x%llx [assigned=%d immutable=%d pagesize=%d gpa=0x%lx" + " asid=%d vmsa=%d validated=%d]\n", pfn << PAGE_SHIFT, + rmpentry_assigned(e), rmpentry_immutable(e), rmpentry_pagesize(e), + rmpentry_gpa(e), rmpentry_asid(e), rmpentry_vmsa(e), + rmpentry_validated(e)); + return; + } + + /* + * If the RMP entry at the faulting pfn was not assigned, then we do not + * know what caused the RMP violation. To get some useful debug information, + * let iterate through the entire 2MB region, and dump the RMP entries if + * one of the bit in the RMP entry is set. + */ + pfn = pfn & ~(PTRS_PER_PMD - 1); + pfn_end = pfn + PTRS_PER_PMD; + + while (pfn < pfn_end) { + e = __snp_lookup_rmpentry(pfn, &level); + if (!e) + return; + + if (e->low || e->high) + pr_alert("RMPEntry paddr 0x%llx: [high=0x%016llx low=0x%016llx]\n", + pfn << PAGE_SHIFT, e->high, e->low); + pfn++; + } +} +EXPORT_SYMBOL_GPL(dump_rmpentry); + /* * Return 1 if the RMP entry is assigned, 0 if it exists but is not assigned, * and -errno if there is no corresponding RMP entry. diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c index f2d543b92f43..9cd33169dfb5 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -33,6 +33,7 @@ #include /* VMALLOC_START, ... */ #include /* kvm_handle_async_pf */ #include /* fixup_vdso_exception() */ +#include /* dump_rmpentry() */ #define CREATE_TRACE_POINTS #include @@ -289,7 +290,7 @@ static bool low_pfn(unsigned long pfn) return pfn < max_low_pfn; } -static void dump_pagetable(unsigned long address) +static void dump_pagetable(unsigned long address, bool show_rmpentry) { pgd_t *base = __va(read_cr3_pa()); pgd_t *pgd = &base[pgd_index(address)]; @@ -345,10 +346,11 @@ static int bad_address(void *p) return get_kernel_nofault(dummy, (unsigned long *)p); } -static void dump_pagetable(unsigned long address) +static void dump_pagetable(unsigned long address, bool show_rmpentry) { pgd_t *base = __va(read_cr3_pa()); pgd_t *pgd = base + pgd_index(address); + unsigned long pfn; p4d_t *p4d; pud_t *pud; pmd_t *pmd; @@ -366,6 +368,7 @@ static void dump_pagetable(unsigned long address) if (bad_address(p4d)) goto bad; + pfn = p4d_pfn(*p4d); pr_cont("P4D %lx ", p4d_val(*p4d)); if (!p4d_present(*p4d) || p4d_large(*p4d)) goto out; @@ -374,6 +377,7 @@ static void dump_pagetable(unsigned long address) if (bad_address(pud)) goto bad; + pfn = pud_pfn(*pud); pr_cont("PUD %lx ", pud_val(*pud)); if (!pud_present(*pud) || pud_large(*pud)) goto out; @@ -382,6 +386,7 @@ static void dump_pagetable(unsigned long address) if (bad_address(pmd)) goto bad; + pfn = pmd_pfn(*pmd); pr_cont("PMD %lx ", pmd_val(*pmd)); if (!pmd_present(*pmd) || pmd_large(*pmd)) goto out; @@ -390,9 +395,13 @@ static void dump_pagetable(unsigned long address) if (bad_address(pte)) goto bad; + pfn = pte_pfn(*pte); pr_cont("PTE %lx", pte_val(*pte)); out: pr_cont("\n"); + + if (show_rmpentry) + dump_rmpentry(pfn); return; bad: pr_info("BAD\n"); @@ -578,7 +587,7 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code, unsigned long ad show_ldttss(&gdt, "TR", tr); } - dump_pagetable(address); + dump_pagetable(address, error_code & X86_PF_RMP); } static noinline void @@ -595,7 +604,7 @@ pgtable_bad(struct pt_regs *regs, unsigned long error_code, printk(KERN_ALERT "%s: Corrupted page table at address %lx\n", tsk->comm, address); - dump_pagetable(address); + dump_pagetable(address, false); if (__die("Bad pagetable", regs, error_code)) sig = 0; diff --git a/include/linux/sev.h b/include/linux/sev.h index 1a68842789e1..734b13a69c54 100644 --- a/include/linux/sev.h +++ b/include/linux/sev.h @@ -16,6 +16,7 @@ int snp_lookup_rmpentry(u64 pfn, int *level); int psmash(u64 pfn); int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, int asid, bool immutable); int rmp_make_shared(u64 pfn, enum pg_level level); +void dump_rmpentry(u64 pfn); #else static inline int snp_lookup_rmpentry(u64 pfn, int *level) { return 0; } static inline int psmash(u64 pfn) { return -ENXIO; } @@ -25,6 +26,7 @@ static inline int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, int as return -ENODEV; } static inline int rmp_make_shared(u64 pfn, enum pg_level level) { return -ENODEV; } +static inline void dump_rmpentry(u64 pfn) { } #endif /* CONFIG_AMD_MEM_ENCRYPT */ #endif /* __LINUX_SEV_H */ From patchwork Fri Aug 20 15:58:43 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449789 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8CE1AC4338F for ; Fri, 20 Aug 2021 16:00:29 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 3BD4F611C2 for ; Fri, 20 Aug 2021 16:00:29 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 3BD4F611C2 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id B73238D000E; Fri, 20 Aug 2021 12:00:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9C9E78D000B; Fri, 20 Aug 2021 12:00:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 643F18D000C; Fri, 20 Aug 2021 12:00:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0183.hostedemail.com [216.40.44.183]) by kanga.kvack.org (Postfix) with ESMTP id 2E2E88D000C for ; Fri, 20 Aug 2021 12:00:15 -0400 (EDT) Received: from smtpin03.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id CFFAF18495FF1 for ; Fri, 20 Aug 2021 16:00:14 +0000 (UTC) X-FDA: 78495920748.03.AFA9230 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam08on2049.outbound.protection.outlook.com [40.107.100.49]) by imf29.hostedemail.com (Postfix) with ESMTP id 5ADEF900025D for ; Fri, 20 Aug 2021 16:00:14 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lsIZCD+/VQzzW8rwM6mXLoPVBKHNNLpNhX2yPumLw0HOo513y/irzDpHu/IH1TvMl8WeUt7wkxf2ntqOoabwlXy7n/hsa0D6uYky4yoSl379WUleVGV/gB6oIN1R2ueMhKudN2qIGl6XZXOzEqyo83US2UjLo8/fXdpM/qJWFo6r7BLVzWhdKAk7dyN5hKi5QNxnFGa/cw8VyEnFC9CVwDkklzJFCFUuJykuXptG90tJeSdQW4nZovkyR/piINXvO6Tse8neUPnUQ8CU89aYFWS4U1pfSPNKAmRlI13B3nyiLGBByieXhwohhEV6eNfgfEtxZhmVdYPAYqAXDYfHNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=L79AFbhiQ6X5AVDBIlBu3i93dO9GaVj+jpDJ+sw1X8E=; b=HGGcH2tiPwTi5wouoaisUbGaxmoiKOCvQo1fIna7bzfFw/loBp/gp2xJ70G32MG5fgo5Ew9yiyCHNWgLQpnJd3CFxMJj/us191eocK5QKYPiWcd8gdXK2BxpanrffWsPXW8k38onfCDvgXF9nu2FpTJq8cdYQFhV9UUukZyd0p3++42U5GlhusktPxr8I3QW62lOT1GeBxcMB8MF9QO0chleY+P4VHKSkvLWHK8UKrBxWLAcF+ujXjaLPAMIteLQlTOtZvSlna2CwWwHMRd+ilc/qnuu+e4Z0/dhguxqNXl1aoRKqKPdaQWVoI/tFKiKRP5stxD0xqQmas+Y0HbDDw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=L79AFbhiQ6X5AVDBIlBu3i93dO9GaVj+jpDJ+sw1X8E=; b=WYcaEJmOiEHcJKmtO6zIEjuanib0m4pbaFwo6QUlQmZKdlC2xk31mrfrNv1pSqElm63+mQGoWx35HcIeLgBkVVWuHp2WzuJJAiRvUQGlSBrP2n+mqRdYji7eJIM1z/25LlomWiY2Sb892zGI6Rly7XRh5jhR+Q6Le43I6R/0AtQ= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:00:06 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:06 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh , stable@kernel.org, Herbert Xu Subject: [PATCH Part2 v5 10/45] crypto: ccp: shutdown SEV firmware on kexec Date: Fri, 20 Aug 2021 10:58:43 -0500 Message-Id: <20210820155918.7518-11-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:05 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c7011ff5-dcaa-4f15-5553-08d963f3942c X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:586; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: dmLKuSul7jRFTiltDfV3sUjM42pSiAoRlXXafnA0uejri1pmGhbQ69Sf/b8NF2CVi7hXP9e3zIiu0eTMBY1PWqhy1AtmT7huJSdejQpoWOC7Z8ktGrN47QE2i8xdsQQi4oFuV+0SM4dfygIOW4RL7huQMSL58jrcifpU8NUro9Lo+kKorFPs5tqNc+LweXsvBwsG4lu9Tq5lk4cFIholklCM1ec4rXYgwtaBxJd5Cl9OVM7bzV8iKxwNksug8HLnwUxmTB0p83mF/OXN3E/woHlGNsgFVCypjNUVqGlz5uPeGC+PLY7MNzcRtBDkdhOkyx1peRu6oAGDjH84AbSHQIWz/uSiTOVxqHQXlh8ekxdGWGEtUi3kLaPvZsazHfd7tFluVMD1T+qo/HVX+jTClm2pSk+HALHGj63AfWgSyVC0Kb6HMGDRrnBLkbGUcZRBLgwEMZo7hHXtZVCTfJDH75cQptQrjO1lSVB3ORkoTieAs/RePOgfEwN3a5+/DTrxmwJhGfg/K+DButwFMtOoaxtfRMZPGWESWTUg63eLR9N3EZrCsaQTRb+VvijJc2UathHDpF/XvKSneWlbAyhdePcbLLCk/Yswx9APE8qNPHCWePWNb5yNe92+nc31XSptUQXtDVfKFPXDSof6jMFPEm928BKEcuWNyg3H0OfOl32IA6E0aBWlhCc8GGG0/SfdOHNuY/xkVSSbltNPt1BcPA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(39860400002)(396003)(366004)(346002)(136003)(5660300002)(6666004)(52116002)(66946007)(44832011)(36756003)(7416002)(66476007)(7406005)(6486002)(956004)(8936002)(316002)(2906002)(186003)(4326008)(478600001)(86362001)(26005)(54906003)(38100700002)(38350700002)(7696005)(1076003)(8676002)(83380400001)(2616005)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 9ow0L+vVsnFP50AztoHFCMDxC4zLfK7jsmTxhKUJTIY80rl/vzVRxHOGzeMDyZpIN5XEcqUDZamH7t0HBE3UhP/+dlF9IV50nz5+Lf53LtUT9db2TD6Gck3S47reGo/2zbUk5B2HQw9ByoUfE5r76QpOZGYTXSUNI5USSIQxZ3nKtkDisqGWrq70kRcXQOg5rQGi3XWTMeNI11zyRRqMSL/zENyD5bKDOzQcNKpz6Vpiyd9HCAfbG35dUo4DdtmbwK5lTbh2TXEUhd1qtghdOMo4BGej0+OLfKT4ra396K7X6GmN7klQUBMBy7oXfexo2BT+tAL65XMTNkranYTH9X5Zd6M6XdOg8fLhR7CZ2fXXtyhNCywbXXOnEgTt9k47ksXY7Z0xk9iMoKXpGTKZAK9Epl38VOGplP64/QwB6ZiFRfCCLH8tnUj+btRfzvvIUh8O8OtQuh2+Ej6OHMZ/sC/q147DXEnSegRTUC3PnL+2/URBmdRoYvJWaUfK9NS+daxLm6XCWUVDf+66SA9xU+lzYRLs04jhrtR9+gGNRV9HEl156TpQ2XVWy1bnxcHQ2DSvWj2903xcmHrzefeuGviy/4Tyn4c+PK/YxLAXmMfgZTjVhgb++YgDbzN9AW6xn70ncOdMWVJYmueLW25iTlJxnSY582Ku/W9nJR3BA6P6EIfYEht5tsfgqQD7rVTWAx2SFwukbLp16w/ehiCAe7NzW80bFcfFqDKAtKFTg9Jfv11+v6hvMC/WDaypxeqxtam/btDqN96hqB67l3nnJxSQx9Vhz/CSU12MAIZz9MnRMtCvzsCZ3g60o8rONfMua7nMfDSqR+dB02xVPC2NYJi31f5WXBRWaxH9mUTbT/W4b9nGm1wCModaC+ANAmkUd1mP9KFAcc1Vd08Y+zst/fMKBADZJ8eDTkiLrh+XFVabpu93Zp3y7w3rm5JdhsxR8oAchOxtiZcvj4gGcvwAyGQUldERYdH4P9G1LjtLx8TxGoOBxQA+S7KDDP53Z5pl12VdW3xa9JkDqpjapugmhKqv6WI9RhSS94DZ4hoVeCCY+HZ2T/9tqVF+bd8YSK35NjCkm2P9HEHSTw9vaeqYX7DLBBGBJK1zDZH/eYcSN+fwVvGE/kaAXgTvDZA850czZUBXpQJ4oFnPYtTPS5d9DrYLplsMcd8TKKA+nIZQ9ypQeHVIFIxp8B/ueGvhNGgSPaR6o87nNHy5LWtCObI7hChdLX8tg7Tf7oM4ktRBm2N2z94p+nJ6KaPo+ngxo/nwoEFDAjbE6H2I1DHcztAouZtl6y9aPk5w9ZyLjkvXtX41+CEb5+qI1t4ErcmbwLL/ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c7011ff5-dcaa-4f15-5553-08d963f3942c X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:06.6280 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: QrQFT4yYjht3O/V3VpGXYU3Ue0d8yTa9FZgqKn+trBLfsnxQ6uCP8VATAQbvIqYh94CPlDGsxafHOvU01RpDSw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 5ADEF900025D X-Stat-Signature: n8zmi8a848f3d71a7zii3wounjppp6w9 Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=WYcaEJmO; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf29.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.100.49 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-HE-Tag: 1629475214-642952 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The commit 97f9ac3db6612 ("crypto: ccp - Add support for SEV-ES to the PSP driver") added support to allocate Trusted Memory Region (TMR) used during the SEV-ES firmware initialization. The TMR gets locked during the firmware initialization and unlocked during the shutdown. While the TMR is locked, access to it is disallowed. Currently, the CCP driver does not shutdown the firmware during the kexec reboot, leaving the TMR memory locked. Register a callback to shutdown the SEV firmware on the kexec boot. Fixes: 97f9ac3db6612 ("crypto: ccp - Add support for SEV-ES to the PSP driver") Reported-by: Lucas Nussbaum Tested-by: Lucas Nussbaum Cc: Cc: Tom Lendacky Cc: Joerg Roedel Cc: Herbert Xu Cc: David Rientjes Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/sev-dev.c | 49 +++++++++++++++++------------------- drivers/crypto/ccp/sp-pci.c | 12 +++++++++ 2 files changed, 35 insertions(+), 26 deletions(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 91808402e0bf..2ecb0e1f65d8 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -300,6 +300,9 @@ static int __sev_platform_shutdown_locked(int *error) struct sev_device *sev = psp_master->sev_data; int ret; + if (sev->state == SEV_STATE_UNINIT) + return 0; + ret = __sev_do_cmd_locked(SEV_CMD_SHUTDOWN, NULL, error); if (ret) return ret; @@ -1019,6 +1022,20 @@ int sev_dev_init(struct psp_device *psp) return ret; } +static void sev_firmware_shutdown(struct sev_device *sev) +{ + sev_platform_shutdown(NULL); + + if (sev_es_tmr) { + /* The TMR area was encrypted, flush it from the cache */ + wbinvd_on_all_cpus(); + + free_pages((unsigned long)sev_es_tmr, + get_order(SEV_ES_TMR_SIZE)); + sev_es_tmr = NULL; + } +} + void sev_dev_destroy(struct psp_device *psp) { struct sev_device *sev = psp->sev_data; @@ -1026,6 +1043,8 @@ void sev_dev_destroy(struct psp_device *psp) if (!sev) return; + sev_firmware_shutdown(sev); + if (sev->misc) kref_put(&misc_dev->refcount, sev_exit); @@ -1056,21 +1075,6 @@ void sev_pci_init(void) if (sev_get_api_version()) goto err; - /* - * If platform is not in UNINIT state then firmware upgrade and/or - * platform INIT command will fail. These command require UNINIT state. - * - * In a normal boot we should never run into case where the firmware - * is not in UNINIT state on boot. But in case of kexec boot, a reboot - * may not go through a typical shutdown sequence and may leave the - * firmware in INIT or WORKING state. - */ - - if (sev->state != SEV_STATE_UNINIT) { - sev_platform_shutdown(NULL); - sev->state = SEV_STATE_UNINIT; - } - if (sev_version_greater_or_equal(0, 15) && sev_update_firmware(sev->dev) == 0) sev_get_api_version(); @@ -1115,17 +1119,10 @@ void sev_pci_init(void) void sev_pci_exit(void) { - if (!psp_master->sev_data) - return; - - sev_platform_shutdown(NULL); + struct sev_device *sev = psp_master->sev_data; - if (sev_es_tmr) { - /* The TMR area was encrypted, flush it from the cache */ - wbinvd_on_all_cpus(); + if (!sev) + return; - free_pages((unsigned long)sev_es_tmr, - get_order(SEV_ES_TMR_SIZE)); - sev_es_tmr = NULL; - } + sev_firmware_shutdown(sev); } diff --git a/drivers/crypto/ccp/sp-pci.c b/drivers/crypto/ccp/sp-pci.c index 6fb6ba35f89d..9bcc1884c06a 100644 --- a/drivers/crypto/ccp/sp-pci.c +++ b/drivers/crypto/ccp/sp-pci.c @@ -241,6 +241,17 @@ static int sp_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id) return ret; } +static void sp_pci_shutdown(struct pci_dev *pdev) +{ + struct device *dev = &pdev->dev; + struct sp_device *sp = dev_get_drvdata(dev); + + if (!sp) + return; + + sp_destroy(sp); +} + static void sp_pci_remove(struct pci_dev *pdev) { struct device *dev = &pdev->dev; @@ -371,6 +382,7 @@ static struct pci_driver sp_pci_driver = { .id_table = sp_pci_table, .probe = sp_pci_probe, .remove = sp_pci_remove, + .shutdown = sp_pci_shutdown, .driver.pm = &sp_pci_pm_ops, }; From patchwork Fri Aug 20 15:58:44 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449791 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B352FC432BE for ; Fri, 20 Aug 2021 16:00:33 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 5494F61205 for ; Fri, 20 Aug 2021 16:00:33 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 5494F61205 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id EA9E88D000C; Fri, 20 Aug 2021 12:00:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E59E38D000B; Fri, 20 Aug 2021 12:00:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AD8398D000C; Fri, 20 Aug 2021 12:00:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0207.hostedemail.com [216.40.44.207]) by kanga.kvack.org (Postfix) with ESMTP id 824368D000F for ; Fri, 20 Aug 2021 12:00:15 -0400 (EDT) Received: from smtpin30.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 3260A22885 for ; Fri, 20 Aug 2021 16:00:15 +0000 (UTC) X-FDA: 78495920790.30.A3A0DFD Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam08on2049.outbound.protection.outlook.com [40.107.100.49]) by imf29.hostedemail.com (Postfix) with ESMTP id D3E80900025D for ; Fri, 20 Aug 2021 16:00:14 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=i+HwDnuLFWSORVGIMwuDcS2nXf8k5tFoCGpDY/oWy1bQRF60uKq+M5qZSxpWu9xKUuA447EzgVZPY9hBoMBxi9Jp50Zbq1yoRTWGGy86vyTQ626K79v95BHzpubt4Kpb5KUz5g3H+zmgFO9gvRB435zqSTC2SjUHaMQXNcjhzpkKHl+VELxGkJkCj2VqSEv2Puh1fZR5L9c3MbSxREKUongKTUgOQEXT6wH4T/lVu359onoGMSgctf0uSW5f6dfnFWw011f9u75Zih6entqE51ip6zlAdVZUR0hWdvfzDFR+0g84q+G6ep+iafu/9r26rRboPzqYv2e4oEGJxEfxtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vTbkg7spk/38cp+YsnSOOdsDNuDgieMFCl3/tLiiFiA=; b=j3YOIuOo5SZnqTv9nk2Ion2eyQdkw0qW/eMysYeKXrNWZjTe+hT7jyj+JP1E+pB/Nj5+eX/weDnX/MiwPxRUiOErPhLks2X2yzrj/w6R0OPx2tIXmF9vbqHYYwseqwysSG+AA26hEtYIBqoTzUwx4Ix/wX+/BfqnGGyWJwIKJjbW+jSGHXw1IOG3qkI+LhEzN5dkkW9my7Fjebmxb8GTuhprT2AYFRNWOuid4QXFLEhT3eBrqe7+mRFRmSAkr/i/ByhkFy/yYxFzAaXOgnts8EI6AE6kMNOrYATMQyd+h2xlpSiGpfjWwaCmzgbs1m25J37FIKi8uUGGFvO0c0sjAQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vTbkg7spk/38cp+YsnSOOdsDNuDgieMFCl3/tLiiFiA=; b=h2YAJHy/zjPxnpZYeIWpR+oa34Z5DkkpHELqv70J98/3VWvSsuA8wYs1I13p+0c0uAUL3eLNyEfgjQohF4PdYumS3pbFVPHOpl2eZm96ZJQuf6XpYTGtCRMgpO6LqgNDGHEGK/CU/LhgB/7T0EXnemjh3ob/ChNi53KrxZTEG7w= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:00:08 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:08 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 11/45] crypto:ccp: Define the SEV-SNP commands Date: Fri, 20 Aug 2021 10:58:44 -0500 Message-Id: <20210820155918.7518-12-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:06 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 482d3a8a-2ea6-47fb-b75c-08d963f394fd X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: nevrfL91G7ZQ3v/UEZRP0gSfTlysyvbli4yF9vHpPzfjNKpfSv+V5onY0dUW0HRDmCi4pti2O3Fw72ABJWYMOMJJPQbWmico1nEesFVff/IOgV1MFf4zi/yGNfJfd8FWmHF7Cb+db9aIUb/H9R4ImmBOySXI34yOaovLbY9XhkatJTDhXN3jeKa7NqVwD+rrwMD3kwqzMnd1EvsFaAX1Ou+zGFQWfqaBuDoS7qzfK+5p3GsZmeqmf/iw4UvdzKQampyj0kSTgmm4c5S7aw/kQUqbk+C3aYubSrtDp87j/arI8l9zxF1nOWwCGeEY3MT1tIfuA5hvNq7hGUSppGOyx6WTi6SY/TU/md0DMiD5wjfqO/vKJqI3cwm8tTbskjNLjwH6EekWQrA80DjpaysRASxcg+quDzTwYdBdVGrlh6VmgZDdVp1wGUe3GIo+4XcFbTLzdoy7+6ie1xp/8vvkVLjLCq6uIW8bozgesKys2BT9gwlur27vI19ZPiImSDgofNA7H9fOWlP1HvLKelYpNrK6HmQGV2EwfErki3zi1577pGgF4F5TFX46kb2G1q0h5NDyEOnPTyhnRTHKDt6tvquZgDUS2+0RalNkUIVK4Vz0zfk6fNyVbHLjhtDuLcciZ18bqOZMUIObiSjfv8KcAF0yuFz96ygVgb7Qbkhmv0rINfW1emd8HFrMP/GyeQ3KMIkjZ6y5GqUf+YqpkWUausvJ0gJtoi/i53yoFWPEhnI3M4A9p0t3Zg/67RGkkyIRrqMK7ArUPvSXecATERx0FL28M5uLOAB0hqcuXU3SCNs= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(39860400002)(396003)(366004)(346002)(136003)(5660300002)(6666004)(52116002)(66946007)(44832011)(36756003)(7416002)(66476007)(7406005)(6486002)(956004)(8936002)(316002)(2906002)(186003)(4326008)(478600001)(86362001)(26005)(54906003)(38100700002)(38350700002)(7696005)(1076003)(8676002)(83380400001)(2616005)(30864003)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: +mY0ZNc3bGs2RLAf9j0rzLqbmYQ6h8eaAKR08ukRH/iYwdlbX4pqDv2/2QtYOujT4ZVjvOMo2v6c1VhgEqvDzQ8kIfuqTVzrW2+poV/zqRngHL6VcL1s0k4Re/VBWiAWBBKN0jsubTpPQVSAF+RDcbUVmGyNlXeO5LEIq2BETdL3yMwe3rPowB+yoL4Wy2L3d3m84ruWazzwDRqgEWmXOagiB8C9LcE1xEi8CutfVt/U/kSYI4XGacc+LMHMtfcMe0Qj/GDbpFB76jhSR8iKTEhK5IiEiWMBHCKKuQI1YB6uK0mdl+dozXyT/lA6ERjytluKTfvloLBThbFkQAU+ObU4MmZNgs6LAA76AEIZjnqIscK8P2y1SBCcUqCWzyAFbOmVYxMjh1wL7o7GlrtfIaad0zWELgi0243dH97VFZqCJGRQVFY9fFW/ozsxgIBKh69yoiCDz1NNRKD/rcOE8ZkUAFACtnbjJ0Bvf0jnV//4cmoo9zxCIgO3RxphKsTqvUo8GTFKx0Qgs0GOZVoMfaxMzJZGJZW2eiSAsTzmsKzz80Z1y9jZCN8Rmcuxy+nTlqYF7f/y/PJ+Jah0LrkN+XBm8/465gXKuJ7FiFRPCAhhK4gpY1F1p+mZvGl8/NhpGtZxcxhSSznssUaDEVCw/lsYUzuZvX6eaI6NTa2kL/VJ45SZi8i+z3RM2ISyMej8AIO/IW96pos0jA18TfSfXUEr8nY4q2MN3rvc7Cp+P4JWU+ybsEWZGhxIBjKp8rsklKVf5wbHWEpmS+A/h+o+Isi3x174rgYv4D7oBLyd+6ktKQFLnxYwVgsP2MniKBuVPsE31g4NTROxj5D6PpZ/L5qzrOSdDhSHZZCB8SM1JOwLdkSc3Mesxr5X1UDaGAk900MG9YLR+LJ6UZgrZyJQ+ed1I0622dxbFuxD5SukSrHpL+lUlk7p9SPz3SBXz0tYg1zBoaE7Cr+pfDvTUntZLJkn3v2/LpqNisiQ8wQ4LRdlKw0k3YsFWpub6nEBcYMUiFjcT+AGVkhUOXA4ENyoq9f0MMebzLXnSylT+n5f9WqU0RfWG+nM/KwZRDSu+FFD28m+7cGw5kyn9Zztod9OB42ZPiZWMCVEJHTsgmrNi5wIB1WnTWbOH7LMbGWQfiUDxrNVTAwkOKBfkr+L6WrKNVgYXGYw4wqiNPHf44oqJx7HfXTtfXHRRm8qIg4Fbz8K9HRYetR5J0goWL/9eAqeZ1u+l4QoicMijRdU+rQN9rs0xvyWkIhPt1O66PALPAegLAHyGFlTPT68hrgUKc5W5STamWkMPL2trb3gIkcixzoG/1F+wW+XHHyP9Io/viOY X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 482d3a8a-2ea6-47fb-b75c-08d963f394fd X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:07.9133 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Gbyst2Zn1fI3H2Z0o4eEV5rdJkvtpYXelwL/XZQ6hLWu+kP7u5wjLA82w1zp7zcYfZ5TVRop4WmUZdUCn91bow== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: D3E80900025D X-Stat-Signature: 1renz76hn4cpoby65is6zf7wxnt1dg5m Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b="h2YAJHy/"; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf29.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.100.49 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-HE-Tag: 1629475214-843021 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: AMD introduced the next generation of SEV called SEV-SNP (Secure Nested Paging). SEV-SNP builds upon existing SEV and SEV-ES functionality while adding new hardware security protection. Define the commands and structures used to communicate with the AMD-SP when creating and managing the SEV-SNP guests. The SEV-SNP firmware spec is available at developer.amd.com/sev. Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/sev-dev.c | 16 ++- include/linux/psp-sev.h | 222 +++++++++++++++++++++++++++++++++++ include/uapi/linux/psp-sev.h | 42 +++++++ 3 files changed, 279 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 2ecb0e1f65d8..f5dbadba82ff 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -134,7 +134,21 @@ static int sev_cmd_buffer_len(int cmd) case SEV_CMD_DOWNLOAD_FIRMWARE: return sizeof(struct sev_data_download_firmware); case SEV_CMD_GET_ID: return sizeof(struct sev_data_get_id); case SEV_CMD_ATTESTATION_REPORT: return sizeof(struct sev_data_attestation_report); - case SEV_CMD_SEND_CANCEL: return sizeof(struct sev_data_send_cancel); + case SEV_CMD_SEND_CANCEL: return sizeof(struct sev_data_send_cancel); + case SEV_CMD_SNP_GCTX_CREATE: return sizeof(struct sev_data_snp_gctx_create); + case SEV_CMD_SNP_LAUNCH_START: return sizeof(struct sev_data_snp_launch_start); + case SEV_CMD_SNP_LAUNCH_UPDATE: return sizeof(struct sev_data_snp_launch_update); + case SEV_CMD_SNP_ACTIVATE: return sizeof(struct sev_data_snp_activate); + case SEV_CMD_SNP_DECOMMISSION: return sizeof(struct sev_data_snp_decommission); + case SEV_CMD_SNP_PAGE_RECLAIM: return sizeof(struct sev_data_snp_page_reclaim); + case SEV_CMD_SNP_GUEST_STATUS: return sizeof(struct sev_data_snp_guest_status); + case SEV_CMD_SNP_LAUNCH_FINISH: return sizeof(struct sev_data_snp_launch_finish); + case SEV_CMD_SNP_DBG_DECRYPT: return sizeof(struct sev_data_snp_dbg); + case SEV_CMD_SNP_DBG_ENCRYPT: return sizeof(struct sev_data_snp_dbg); + case SEV_CMD_SNP_PAGE_UNSMASH: return sizeof(struct sev_data_snp_page_unsmash); + case SEV_CMD_SNP_PLATFORM_STATUS: return sizeof(struct sev_data_snp_platform_status_buf); + case SEV_CMD_SNP_GUEST_REQUEST: return sizeof(struct sev_data_snp_guest_request); + case SEV_CMD_SNP_CONFIG: return sizeof(struct sev_user_data_snp_config); default: return 0; } diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index d48a7192e881..c3755099ab55 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -85,6 +85,34 @@ enum sev_cmd { SEV_CMD_DBG_DECRYPT = 0x060, SEV_CMD_DBG_ENCRYPT = 0x061, + /* SNP specific commands */ + SEV_CMD_SNP_INIT = 0x81, + SEV_CMD_SNP_SHUTDOWN = 0x82, + SEV_CMD_SNP_PLATFORM_STATUS = 0x83, + SEV_CMD_SNP_DF_FLUSH = 0x84, + SEV_CMD_SNP_INIT_EX = 0x85, + SEV_CMD_SNP_DECOMMISSION = 0x90, + SEV_CMD_SNP_ACTIVATE = 0x91, + SEV_CMD_SNP_GUEST_STATUS = 0x92, + SEV_CMD_SNP_GCTX_CREATE = 0x93, + SEV_CMD_SNP_GUEST_REQUEST = 0x94, + SEV_CMD_SNP_ACTIVATE_EX = 0x95, + SEV_CMD_SNP_LAUNCH_START = 0xA0, + SEV_CMD_SNP_LAUNCH_UPDATE = 0xA1, + SEV_CMD_SNP_LAUNCH_FINISH = 0xA2, + SEV_CMD_SNP_DBG_DECRYPT = 0xB0, + SEV_CMD_SNP_DBG_ENCRYPT = 0xB1, + SEV_CMD_SNP_PAGE_SWAP_OUT = 0xC0, + SEV_CMD_SNP_PAGE_SWAP_IN = 0xC1, + SEV_CMD_SNP_PAGE_MOVE = 0xC2, + SEV_CMD_SNP_PAGE_MD_INIT = 0xC3, + SEV_CMD_SNP_PAGE_MD_RECLAIM = 0xC4, + SEV_CMD_SNP_PAGE_RO_RECLAIM = 0xC5, + SEV_CMD_SNP_PAGE_RO_RESTORE = 0xC6, + SEV_CMD_SNP_PAGE_RECLAIM = 0xC7, + SEV_CMD_SNP_PAGE_UNSMASH = 0xC8, + SEV_CMD_SNP_CONFIG = 0xC9, + SEV_CMD_MAX, }; @@ -510,6 +538,200 @@ struct sev_data_attestation_report { u32 len; /* In/Out */ } __packed; +/** + * struct sev_data_snp_platform_status_buf - SNP_PLATFORM_STATUS command params + * + * @address: physical address where the status should be copied + */ +struct sev_data_snp_platform_status_buf { + u64 status_paddr; /* In */ +} __packed; + +/** + * struct sev_data_snp_download_firmware - SNP_DOWNLOAD_FIRMWARE command params + * + * @address: physical address of firmware image + * @len: len of the firmware image + */ +struct sev_data_snp_download_firmware { + u64 address; /* In */ + u32 len; /* In */ +} __packed; + +/** + * struct sev_data_snp_gctx_create - SNP_GCTX_CREATE command params + * + * @gctx_paddr: system physical address of the page donated to firmware by + * the hypervisor to contain the guest context. + */ +struct sev_data_snp_gctx_create { + u64 gctx_paddr; /* In */ +} __packed; + +/** + * struct sev_data_snp_activate - SNP_ACTIVATE command params + * + * @gctx_paddr: system physical address guest context page + * @asid: ASID to bind to the guest + */ +struct sev_data_snp_activate { + u64 gctx_paddr; /* In */ + u32 asid; /* In */ +} __packed; + +/** + * struct sev_data_snp_decommission - SNP_DECOMMISSION command params + * + * @address: system physical address guest context page + */ +struct sev_data_snp_decommission { + u64 gctx_paddr; /* In */ +} __packed; + +/** + * struct sev_data_snp_launch_start - SNP_LAUNCH_START command params + * + * @gctx_addr: system physical address of guest context page + * @policy: guest policy + * @ma_gctx_addr: system physical address of migration agent + * @imi_en: launch flow is launching an IMI for the purpose of + * guest-assisted migration. + * @ma_en: the guest is associated with a migration agent + */ +struct sev_data_snp_launch_start { + u64 gctx_paddr; /* In */ + u64 policy; /* In */ + u64 ma_gctx_paddr; /* In */ + u32 ma_en:1; /* In */ + u32 imi_en:1; /* In */ + u32 rsvd:30; + u8 gosvw[16]; /* In */ +} __packed; + +/* SNP support page type */ +enum { + SNP_PAGE_TYPE_NORMAL = 0x1, + SNP_PAGE_TYPE_VMSA = 0x2, + SNP_PAGE_TYPE_ZERO = 0x3, + SNP_PAGE_TYPE_UNMEASURED = 0x4, + SNP_PAGE_TYPE_SECRET = 0x5, + SNP_PAGE_TYPE_CPUID = 0x6, + + SNP_PAGE_TYPE_MAX +}; + +/** + * struct sev_data_snp_launch_update - SNP_LAUNCH_UPDATE command params + * + * @gctx_addr: system physical address of guest context page + * @imi_page: indicates that this page is part of the IMI of the guest + * @page_type: encoded page type + * @page_size: page size 0 indicates 4K and 1 indicates 2MB page + * @address: system physical address of destination page to encrypt + * @vmpl3_perms: VMPL permission mask for VMPL3 + * @vmpl2_perms: VMPL permission mask for VMPL2 + * @vmpl1_perms: VMPL permission mask for VMPL1 + */ +struct sev_data_snp_launch_update { + u64 gctx_paddr; /* In */ + u32 page_size:1; /* In */ + u32 page_type:3; /* In */ + u32 imi_page:1; /* In */ + u32 rsvd:27; + u32 rsvd2; + u64 address; /* In */ + u32 rsvd3:8; + u32 vmpl3_perms:8; /* In */ + u32 vmpl2_perms:8; /* In */ + u32 vmpl1_perms:8; /* In */ + u32 rsvd4; +} __packed; + +/** + * struct sev_data_snp_launch_finish - SNP_LAUNCH_FINISH command params + * + * @gctx_addr: system pphysical address of guest context page + */ +struct sev_data_snp_launch_finish { + u64 gctx_paddr; + u64 id_block_paddr; + u64 id_auth_paddr; + u8 id_block_en:1; + u8 auth_key_en:1; + u64 rsvd:62; + u8 host_data[32]; +} __packed; + +/** + * struct sev_data_snp_guest_status - SNP_GUEST_STATUS command params + * + * @gctx_paddr: system physical address of guest context page + * @address: system physical address of guest status page + */ +struct sev_data_snp_guest_status { + u64 gctx_paddr; + u64 address; +} __packed; + +/** + * struct sev_data_snp_page_reclaim - SNP_PAGE_RECLAIM command params + * + * @paddr: system physical address of page to be claimed. The BIT0 indicate + * the page size. 0h indicates 4 kB and 1h indicates 2 MB page. + */ +struct sev_data_snp_page_reclaim { + u64 paddr; +} __packed; + +/** + * struct sev_data_snp_page_unsmash - SNP_PAGE_UNMASH command params + * + * @paddr: system physical address of page to be unmashed. The BIT0 indicate + * the page size. 0h indicates 4 kB and 1h indicates 2 MB page. + */ +struct sev_data_snp_page_unsmash { + u64 paddr; +} __packed; + +/** + * struct sev_data_dbg - DBG_ENCRYPT/DBG_DECRYPT command parameters + * + * @handle: handle of the VM to perform debug operation + * @src_addr: source address of data to operate on + * @dst_addr: destination address of data to operate on + * @len: len of data to operate on + */ +struct sev_data_snp_dbg { + u64 gctx_paddr; /* In */ + u64 src_addr; /* In */ + u64 dst_addr; /* In */ + u32 len; /* In */ +} __packed; + +/** + * struct sev_snp_guest_request - SNP_GUEST_REQUEST command params + * + * @gctx_paddr: system physical address of guest context page + * @req_paddr: system physical address of request page + * @res_paddr: system physical address of response page + */ +struct sev_data_snp_guest_request { + u64 gctx_paddr; /* In */ + u64 req_paddr; /* In */ + u64 res_paddr; /* In */ +} __packed; + +/** + * struuct sev_data_snp_init - SNP_INIT_EX structure + * + * @init_rmp: indicate that the RMP should be initialized. + */ +struct sev_data_snp_init_ex { + u32 init_rmp:1; + u32 rsvd:31; + u8 rsvd1[60]; +} __packed; + #ifdef CONFIG_CRYPTO_DEV_SP_PSP /** diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index 91b4c63d5cbf..bed65a891223 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -61,6 +61,13 @@ typedef enum { SEV_RET_INVALID_PARAM, SEV_RET_RESOURCE_LIMIT, SEV_RET_SECURE_DATA_INVALID, + SEV_RET_INVALID_PAGE_SIZE, + SEV_RET_INVALID_PAGE_STATE, + SEV_RET_INVALID_MDATA_ENTRY, + SEV_RET_INVALID_PAGE_OWNER, + SEV_RET_INVALID_PAGE_AEAD_OFLOW, + SEV_RET_RMP_INIT_REQUIRED, + SEV_RET_MAX, } sev_ret_code; @@ -147,6 +154,41 @@ struct sev_user_data_get_id2 { __u32 length; /* In/Out */ } __packed; +/** + * struct sev_user_data_snp_status - SNP status + * + * @major: API major version + * @minor: API minor version + * @state: current platform state + * @build: firmware build id for the API version + * @guest_count: the number of guest currently managed by the firmware + * @tcb_version: current TCB version + */ +struct sev_user_data_snp_status { + __u8 api_major; /* Out */ + __u8 api_minor; /* Out */ + __u8 state; /* Out */ + __u8 rsvd; + __u32 build_id; /* Out */ + __u32 rsvd1; + __u32 guest_count; /* Out */ + __u64 tcb_version; /* Out */ + __u64 rsvd2; +} __packed; + +/* + * struct sev_user_data_snp_config - system wide configuration value for SNP. + * + * @reported_tcb: The TCB version to report in the guest attestation report. + * @mask_chip_id: Indicates that the CHID_ID field in the attestation report + * will always be zero. + */ +struct sev_user_data_snp_config { + __u64 reported_tcb; /* In */ + __u32 mask_chip_id; /* In */ + __u8 rsvd[52]; +} __packed; + /** * struct sev_issue_cmd - SEV ioctl parameters * From patchwork Fri Aug 20 15:58:45 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449793 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 11CE5C432BE for ; Fri, 20 Aug 2021 16:00:38 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id AB4FA61247 for ; Fri, 20 Aug 2021 16:00:37 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org AB4FA61247 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 6E2318D0010; Fri, 20 Aug 2021 12:00:16 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 669E78D000F; Fri, 20 Aug 2021 12:00:16 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 46FD38D0010; Fri, 20 Aug 2021 12:00:16 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0051.hostedemail.com [216.40.44.51]) by kanga.kvack.org (Postfix) with ESMTP id 28B778D000B for ; Fri, 20 Aug 2021 12:00:16 -0400 (EDT) Received: from smtpin39.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id CE14A18238841 for ; Fri, 20 Aug 2021 16:00:15 +0000 (UTC) X-FDA: 78495920790.39.4246470 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam08on2049.outbound.protection.outlook.com [40.107.100.49]) by imf29.hostedemail.com (Postfix) with ESMTP id 40567900025D for ; Fri, 20 Aug 2021 16:00:15 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Vi8yQUMocoZZEWXkCN3mBToS2YYUoPmELCVT9z/Yj6zwUfk1r8KDBfwjCnZ65yG2tb2OYaVCCRk5ZgCYymptCtjV7xOzsfsdEVNCR+PdgPxEl5uNbdvbXbCB/iiWUoy1V4JuU+8YiPot0k+jRAH22kr25VXR+NCPlgk7XHx/pi0779H1Tz6hlt0Q4eyl+9DJDvOFx9xwup0wSwaUVaSaViaon88nLwIetM6jspjz1IZqL2mZc8Ti75AXFAqed0lieN76m8tN9lL523VgkCRVPS4gS+YHtwpIre9iQLX4ufu9oVs+oxK5L/jPE5OVMIdgWqS6qr133qjEJFeSo7agVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YMkse73w5tkrzdj6pQpvphgcrT0KVFGyNiLZybif57c=; b=H9sH4FPiimoMYKorTlLOyO6Xu90PZbOUbuFvjl0+9l9P8wiqvaOpYYxoRJAmJzMHLg7WI0sJD1GflwVby8zTvTs3NxUwOQD2epLp36HOx7jr8V3nuu9/l2I26mYRXUF6NcOOuzV7MtK83aY4HcDrcqqNJkL7CM66Qlu22sZ2XFD6jzr+WW4vR1YhGqNrmXO0OvGzj9QfF4INfXnWenjhEvSeQLzVJPt4f4BPf3Xc9HcpqtYg2EZMHRrRzMNVe3kWFsrB7kgApXXq9c8oNn5GCpk7U81USCseN8CuQ5IHvClV+2LPF1MBWN4xMIifaBci4NRwO2WfLUWHttonu40C1g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YMkse73w5tkrzdj6pQpvphgcrT0KVFGyNiLZybif57c=; b=noBzu8q0+X+tnH5qzgThLvjgpysmcrKuuXa4YLqdchtLOzbyqty0t9L/jz5HEW11Ug1HQYY4vrRuknZ3i93AUnibknbu2FQ4TlRAkpqPhvNIUFuqKSTWhMEjUIU2OV0dJK7WZECt8yC7rY6H10RIdxvW4jSOJYqVJ5AsgS/a0b4= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:00:09 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:09 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 12/45] crypto: ccp: Add support to initialize the AMD-SP for SEV-SNP Date: Fri, 20 Aug 2021 10:58:45 -0500 Message-Id: <20210820155918.7518-13-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:08 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 270ec9a8-c7f7-464b-c08e-08d963f395b0 X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4941; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Y/IlW31MjNaFoU1JexA1GoeMjJs/c6SxsziG3zx1EZqdBhLX+fC1XaI+9KsFClIveumzAxHVuHTL4G+q/vial8WzUFUx01kreUPn9vm8EdRaRAhxc9CtNywA4kYRQx+Iv3VAsffYp2Ns5w7yWLfVJqn4Ur3ZZagOBF9nw9NFtx0NQnDokH3B6Y5zl8R2J6HA2acaII3aF6I5S9xLelI8P00hbJR7xKTJSXt11BEiknLXZXHsJE3f+ikLb1iL4lGtdMo+J3OC5q2hdUPyeYfgTpoDNQ1VtdLUGa9ef0WKzQvRM7XDZhAf5mOkw7SCr2A1r0za+RmNemdxZ4MchzrboAGcN9IEW4tj4K7e3RIsHwU3JOvQmqyYHCvEICYIMymber1zkDjv3IRqQAqXMeugx2Zwls4PxWPfoIBXlDNotIbJxLCtBkOBIbOjCxuFi2EXTLQk9kTPoGE83JiZXvuDcYlsNJhNM8O3uk62iHW6m4clgS4HRNZxLSbvn7c/yn4/7dJKAOVhQgQeT5KMuLD6o+OQFCpTuUwR1ud02rUWd8Rlyj1ZOw/n5qHz4FEX8EEFbrcVhHSLSUUYOZpdY2gPPFSVxZmPw8EZMZXtVZVxrwzhowQsAtpnqcPtR+pXpfxJ47+LvSGRtgMaXS19wRHA8Nm8u7G7JVG4l+ULBNkQMxB6037eFbvwV6mZGhueEQ8NecEA8hxEOCvCj1z7A2Er3MulWxdScQmuDnmDQNKoQfM= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(39860400002)(396003)(366004)(346002)(136003)(5660300002)(6666004)(52116002)(66946007)(44832011)(36756003)(7416002)(66476007)(7406005)(6486002)(956004)(8936002)(316002)(2906002)(186003)(4326008)(478600001)(86362001)(26005)(54906003)(38100700002)(38350700002)(7696005)(1076003)(8676002)(83380400001)(2616005)(66556008)(134885004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 5Fg254qmYiqXqdF9sAfE5/gsb18pl2arLxPXo3Xgh5kfKUjNJJTHIHgsFCzZRZONoF2aAB9sq6vfJbmGzbqG/a4EneuoaQODwV3pdzBxYppw/UKhiJFM2DrpH9U/WdIDiO+h4a/ccBRQAw5z006DPefbil8N3Td8uRRsOem8xXoxba127EA3mLRu3dbCvqVL1iL3FzeDmBp4e0fz1FBKJCfpLIUPoIyFC66yK9raKuSR7MiOdJ5/OxbyBx/PHjrTvDTiC5QDjgZewnL0Ga2Vj0rU9c5+ld4PKogcot0Aeo0lnoMaGGGES1F6OVg8re4NnUSWOtb2G4KK6UEe2ldn2xrYDfsvP7qiy7C2RIxjUouE51SRAAciAu/L2X44TuwZ1YFfLDgotHcGaFQbeP6c9T/DgQgMoKAP39Ond8F+OLsW5tE9JvvSV0fK9Yqkj3tizQKrsa9mkk8TlKp4HrlsPZCZ3A8ZJ2tW1aWUu8grMmeVD84ug/qH5kngUmrWhlK199yqqLFsk7yAdCD+WNK7+cXa0IFlSh+YeKYyl5mPpEdGjEt7lIIfD/lR2eRu6s0IAm1D0rrj0ActZAiGibcDioRV4COBy0/w1o7QMyrcpcPr6SFQDdShrDl/UnkTHTVnd4FhHFFXowUIhNnp9vgECE465wV/+iHjclUepzaf0LYRTY4Ir7VU/PtmtLKL50MwwlZiLXiFQ/QjCV2OWpZotIiz7gr3PdC+Vvp+dLlaqeN/FH+araooWM5pv7PstSWhStUYjGa5e5N3o631oUUqMPsAjomNiRaVqycU2ESeb03YpUDJT1zMXHGAwO/m57V9lBsyQ3vbQW7VG4SqGbmfydvKp4m1JFOFffG7m81CVyzA/+T1Em4CKgOIkUIo6FbM8ifPzWUiai51e2B3hx+q/BmPe6EssfJXB2hVAOjp+rOcsDK6VXIr+FjDlsL3Pfa+hfFqYPfZyue0ugzzh7dCrGQWRLEtUgCRiZjp9uzXdb4VzCEsULRX0mV3V7UIzqRegGKl6KCGS8GTQ7Ibja+3IGsjfWH1EWTrn9DTv1l4Ro5HST1T1Ed/4AyyEowrenokXKq0lEwZkv8z18JM1XQEmdZeHIO+n5pJK2VGpn63LfG6JJOIccb3Q+ao5mly47W0BrbB8SNi5QmfReAiyRN25hEk5WvXrB6w9TtWOR35mv9nu3QsqZlJKsKnzd99ebTvhuffWBsYGuDsP8f2ncazjkmc1yA3fU02399UuwZWF4HRwls0yYm0x/lJx9rEWvp3gIGK+TU6kgZe5b+EELeNYXEvEQOnX7pRtJNaLcIpAfQQjqKapTVxBq6XRuIgoVwU X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 270ec9a8-c7f7-464b-c08e-08d963f395b0 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:09.1436 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 5qul4Q+SJoYs6cYAq7NNApadBumCcSx4L7lTLL/kw6459FwaisjDLj8KShRB9Lerdi8925fFKy72YU8UirdUXg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 40567900025D X-Stat-Signature: hffdcs3bkoyjembbkd58fb55uj5f4iz1 Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=noBzu8q0; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf29.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.100.49 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-HE-Tag: 1629475215-64470 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Before SNP VMs can be launched, the platform must be appropriately configured and initialized. Platform initialization is accomplished via the SNP_INIT command. Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/sev-dev.c | 123 +++++++++++++++++++++++++++++++++-- drivers/crypto/ccp/sev-dev.h | 2 + include/linux/psp-sev.h | 16 +++++ 3 files changed, 136 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index f5dbadba82ff..1321f6fb07c5 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -32,6 +32,10 @@ #define SEV_FW_FILE "amd/sev.fw" #define SEV_FW_NAME_SIZE 64 +/* Minimum firmware version required for the SEV-SNP support */ +#define SNP_MIN_API_MAJOR 1 +#define SNP_MIN_API_MINOR 30 + static DEFINE_MUTEX(sev_cmd_mutex); static struct sev_misc_dev *misc_dev; @@ -598,6 +602,95 @@ static int sev_update_firmware(struct device *dev) return ret; } +static void snp_set_hsave_pa(void *arg) +{ + wrmsrl(MSR_VM_HSAVE_PA, 0); +} + +static int __sev_snp_init_locked(int *error) +{ + struct psp_device *psp = psp_master; + struct sev_device *sev; + int rc = 0; + + if (!psp || !psp->sev_data) + return -ENODEV; + + sev = psp->sev_data; + + if (sev->snp_inited) + return 0; + + /* + * The SNP_INIT requires the MSR_VM_HSAVE_PA must be set to 0h + * across all cores. + */ + on_each_cpu(snp_set_hsave_pa, NULL, 1); + + /* Prepare for first SEV guest launch after INIT */ + wbinvd_on_all_cpus(); + + /* Issue the SNP_INIT firmware command. */ + rc = __sev_do_cmd_locked(SEV_CMD_SNP_INIT, NULL, error); + if (rc) + return rc; + + sev->snp_inited = true; + dev_dbg(sev->dev, "SEV-SNP firmware initialized\n"); + + return rc; +} + +int sev_snp_init(int *error) +{ + int rc; + + if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + return -ENODEV; + + mutex_lock(&sev_cmd_mutex); + rc = __sev_snp_init_locked(error); + mutex_unlock(&sev_cmd_mutex); + + return rc; +} +EXPORT_SYMBOL_GPL(sev_snp_init); + +static int __sev_snp_shutdown_locked(int *error) +{ + struct sev_device *sev = psp_master->sev_data; + int ret; + + if (!sev->snp_inited) + return 0; + + /* SHUTDOWN requires the DF_FLUSH */ + wbinvd_on_all_cpus(); + __sev_do_cmd_locked(SEV_CMD_SNP_DF_FLUSH, NULL, NULL); + + ret = __sev_do_cmd_locked(SEV_CMD_SNP_SHUTDOWN, NULL, error); + if (ret) { + dev_err(sev->dev, "SEV-SNP firmware shutdown failed\n"); + return ret; + } + + sev->snp_inited = false; + dev_dbg(sev->dev, "SEV-SNP firmware shutdown\n"); + + return ret; +} + +static int sev_snp_shutdown(int *error) +{ + int rc; + + mutex_lock(&sev_cmd_mutex); + rc = __sev_snp_shutdown_locked(NULL); + mutex_unlock(&sev_cmd_mutex); + + return rc; +} + static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp, bool writable) { struct sev_device *sev = psp_master->sev_data; @@ -1048,6 +1141,8 @@ static void sev_firmware_shutdown(struct sev_device *sev) get_order(SEV_ES_TMR_SIZE)); sev_es_tmr = NULL; } + + sev_snp_shutdown(NULL); } void sev_dev_destroy(struct psp_device *psp) @@ -1093,6 +1188,26 @@ void sev_pci_init(void) sev_update_firmware(sev->dev) == 0) sev_get_api_version(); + /* + * If boot CPU supports the SNP, then first attempt to initialize + * the SNP firmware. + */ + if (cpu_feature_enabled(X86_FEATURE_SEV_SNP)) { + if (!sev_version_greater_or_equal(SNP_MIN_API_MAJOR, SNP_MIN_API_MINOR)) { + dev_err(sev->dev, "SEV-SNP support requires firmware version >= %d:%d\n", + SNP_MIN_API_MAJOR, SNP_MIN_API_MINOR); + } else { + rc = sev_snp_init(&error); + if (rc) { + /* + * If we failed to INIT SNP then don't abort the probe. + * Continue to initialize the legacy SEV firmware. + */ + dev_err(sev->dev, "SEV-SNP: failed to INIT error %#x\n", error); + } + } + } + /* Obtain the TMR memory area for SEV-ES use */ tmr_page = alloc_pages(GFP_KERNEL, get_order(SEV_ES_TMR_SIZE)); if (tmr_page) { @@ -1117,13 +1232,11 @@ void sev_pci_init(void) rc = sev_platform_init(&error); } - if (rc) { + if (rc) dev_err(sev->dev, "SEV: failed to INIT error %#x\n", error); - return; - } - dev_info(sev->dev, "SEV API:%d.%d build:%d\n", sev->api_major, - sev->api_minor, sev->build); + dev_info(sev->dev, "SEV%s API:%d.%d build:%d\n", sev->snp_inited ? + "-SNP" : "", sev->api_major, sev->api_minor, sev->build); return; diff --git a/drivers/crypto/ccp/sev-dev.h b/drivers/crypto/ccp/sev-dev.h index 666c21eb81ab..186ad20cbd24 100644 --- a/drivers/crypto/ccp/sev-dev.h +++ b/drivers/crypto/ccp/sev-dev.h @@ -52,6 +52,8 @@ struct sev_device { u8 build; void *cmd_buf; + + bool snp_inited; }; int sev_dev_init(struct psp_device *psp); diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index c3755099ab55..1b53e8782250 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -748,6 +748,20 @@ struct sev_data_snp_init_ex { */ int sev_platform_init(int *error); +/** + * sev_snp_init - perform SEV SNP_INIT command + * + * @error: SEV command return code + * + * Returns: + * 0 if the SEV successfully processed the command + * -%ENODEV if the SEV device is not available + * -%ENOTSUPP if the SEV does not support SEV + * -%ETIMEDOUT if the SEV command timed out + * -%EIO if the SEV returned a non-zero return code + */ +int sev_snp_init(int *error); + /** * sev_platform_status - perform SEV PLATFORM_STATUS command * @@ -855,6 +869,8 @@ sev_platform_status(struct sev_user_data_status *status, int *error) { return -E static inline int sev_platform_init(int *error) { return -ENODEV; } +static inline int sev_snp_init(int *error) { return -ENODEV; } + static inline int sev_guest_deactivate(struct sev_data_deactivate *data, int *error) { return -ENODEV; } From patchwork Fri Aug 20 15:58:46 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449783 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23CA9C4338F for ; Fri, 20 Aug 2021 16:00:19 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id C5ABB61186 for ; Fri, 20 Aug 2021 16:00:18 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org C5ABB61186 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id EF84F8D000A; Fri, 20 Aug 2021 12:00:14 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id ECF068D0001; Fri, 20 Aug 2021 12:00:14 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CFA5C8D000A; Fri, 20 Aug 2021 12:00:14 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0254.hostedemail.com [216.40.44.254]) by kanga.kvack.org (Postfix) with ESMTP id B41278D0001 for ; Fri, 20 Aug 2021 12:00:14 -0400 (EDT) Received: from smtpin30.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 639E01847969B for ; Fri, 20 Aug 2021 16:00:14 +0000 (UTC) X-FDA: 78495920748.30.9C58B5C Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam08on2070.outbound.protection.outlook.com [40.107.100.70]) by imf20.hostedemail.com (Postfix) with ESMTP id C9AAFD000642 for ; Fri, 20 Aug 2021 16:00:13 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gMubDJesj0tg7c0QigaYpNrT6Y13jyXcnz4TMcLqW5ROsJ+4JUo2KvTel3kH3VUH38/XTNAe5jsFh2DEsjzuxVanrp+RAXB54BnOCn+J3SkkuHF2raAMad2qBdve0Tb2q8jp3ItFfGUEpocN33gDHPYJwD9z/72LlIB1zi/5KGBt+UMQ4lN38AiwJkJrjt6+8eklr9Y8k1jgHFlLEkfpCvWKuFpCkxRH0fJ+i+C3u6wyg1057HMBL0rmlHVMX4KO/Odbto+Frkm2moV3UDDh0vLtFXhrnyjfSol92t7tgngvzxltyr8pC/WzAdqhNTflF5aCJsFRdHdLmsHXcaQdoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=78KF/t3jq7p1Lwx88XKLitLKd3zgpV3gMZXCE/Db9D8=; b=RocWkUDe5EPJ28H1Ic5MmpFMfL+PEa7PNkakyfKU2usc3TSPIx7Fj0QJv7djFLT0xnsu8N1qCAblsn8QNFPPuQRNrBsg4tDFeopDEUSn5Pee2uo7p4Alf1Jrrq4dp1DHaHjTxyDfzqZpEVfUvavjiSc1y9W/uP5Fo0dElKcEFlqH/Viq1+/jqBwXwjPZKJby4avfqgXVkNBRnPgcs1z/xriurLbJG/2FpbXdxEfDWRYiEfrsAYOIfG3QMDn7NTMrKnCPXugRily+G0ztII9hKoPwNUiSvyQiGwErp6630AtrEonwQhS28QLrXvMqUfFDrsZUeORhfTYjg+L1NusZgQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=78KF/t3jq7p1Lwx88XKLitLKd3zgpV3gMZXCE/Db9D8=; b=1CLUx507q75/6TuOjWMuoYQXinPalAJ5RO/dj+HlC09nZcwNmGbTFf8rlC5mWyTHIrfSgthQd7U72LSTQMxEItME5k6hgKGt+1tSf4+S8j5dCpJ/NhaLAsICQM1PlLIddpRrf625h0qhfu6xqeslFYrofB0s7nh9V5OHF0ukdo8= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2685.namprd12.prod.outlook.com (2603:10b6:805:67::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.21; Fri, 20 Aug 2021 16:00:10 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:10 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 13/45] crypto:ccp: Provide APIs to issue SEV-SNP commands Date: Fri, 20 Aug 2021 10:58:46 -0500 Message-Id: <20210820155918.7518-14-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:09 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 05338dcc-03f2-4d8b-ea33-08d963f39680 X-MS-TrafficTypeDiagnostic: SN6PR12MB2685: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6790; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: dGvk5O5fGQQuvwa7BgqBe613cCbZzaVphVjtA+xAwMrzveQOpAfi34RtajRwTKv0eKYP6bgdPgbgQTmuCIiTzqhuLunDMPc9YiQ467GjPMqtz3vBISFJEHKH9SLZtodselcowZ0dZTPuT4f80pOre0W4nJVybcF0/odlxXaWCogQoWfBVkTAuXLEp9TMEWG2aOc2SVRV6XdG94HSYWSa3NVbvoJUyHCgVYsubZym5pzf6zHKAzsd99xQxjdtMvtXBD4Rf4plETpXqMXwpG+YJbnVrQKklIhpUYm4FV6LFK5/1RqlojdHNQlebjt/fmF+y7FXl7MhTdwJuEccXdpxOvFcJ+uar2ElT80wuD2m4hb0G7IhNrAzBO8yn8TOiKu5j4XiDMGJdr11pgujKSPHztpiczu3z/HrV5MfcmR4/ZtfpvaURtb/2Cp8f0yVJGcqnwMws1y34JRe2X/PSP4rGZ3NZFKp9+SPn3bvzmtPQBpci9XWZ+6gNfv5b6ngVEdD6dXE4TiWOSKjCKP5MTpmIyNlMJ+jA0cN/uz5U5deTyTPGYYyEP7pBkkAKHnBdzhi2EwKJsBsz49Y8oPPD6ze8z3LnuZpIoRRjhL8taQ20aa9hNx9qUp9QauSX82MZUS1G3gZKUanffOMMleGQyMRZ52b80+bAD0OmEu5667jXILicTPQsff1gI2E7UZm9+7+MyxiEhp5qzyYF6JqmVNccT3OGNVv3GP3vPfjG1kStGE= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(136003)(396003)(376002)(346002)(366004)(956004)(186003)(44832011)(2616005)(26005)(66946007)(52116002)(66556008)(66476007)(7696005)(7406005)(6666004)(7416002)(1076003)(2906002)(478600001)(36756003)(316002)(54906003)(8676002)(8936002)(5660300002)(6486002)(38350700002)(4326008)(38100700002)(86362001)(134885004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: mIj0wdvCwGElx/gilnxjwCAdADU+z1L9Fbps+FP8DD18apVFcJLq/viPs7o9SSl7qTxPu5eMGDy8iqWcDt8fUWy3Ngozz3mfkAmLMEXbmkkOXzTp6bSjz2KGZtKo5S3oljN//4Be00mhYZDtS0+rCAgjiVit7+/D0RRtdtNj3InrHwIubaSp9sFaeMjzca1GXxVRSnXcAzH6zD9cKuGHgJtJEHP+YrwmJbQf8pwem4WIFYRVtVsK4DVF3BWXDaujmHQsDIXIZNYKgoGKzLHIZ3xy2J4UWxezQ1+l+Uwon7FoZVdGoP0bWwAcl0OOGsPVEO3+kro1vxQAH5eVmz0q8gQjNA6D50IqBESYOBJJWuHag0gIDbMpPtjmOVR8GSyKrzc947j91QgQSAz0S7TjWef0znNj8a+dQub4RGms55slk8R4GnGpeLP3mE3jBq1KeAYMN7xdUSnlN5RSxuxqlevfrQMkf4IwPYppVbdzUXsE7P+eJcHSwbdWcpQQ7I09nhrR/jQqoZ3xbU7F0PW7kBy8nu/rOCJ/Lpj3eSdFR5MsVXkaxAUrB74C2R6oU1ZV5uLdW726Y4IcnHDHL6EeTyz4Q+1FDFXcc4ja4PWEBnMkRQfPcGoi+oF63kZHFPEU6nVvx2WkrC+jM2AiWKKbhtB+HwWGeQy/A7Ei6tEH+p+43WeNgXXP1Dw2GKC2CM2kiryuXKJgM7RiRFw1PXo+TTQ28GfPfYzWa4WLCnbdzaG2XiUuboK1YL91gTgFhLeIKXIfA5cSPrXofFcT9Vri1K+by8fi46AYEioHJxV8qZDNymNHNjIXKxRuFU4MyHLQ3wlXBZKG6JnUh1/JgQKUfy2v+JSe7ROgO8+BvYGG2ILjvQZ9j72QwtRL7OJLfyUDk5aFuKw+lsc5/dpEHfJH8v73lzH13GkCIByH5egFPmFaouAxtbHocZ1gBmlm3s3W/wAIAaVppJo2wi4uQRxDQert/+b2EwP0cg8jF+6U0Vn4C6j0Sfv7UUFBC8ceoFrNZJJCMqiTQRkImRFSCLp/AAhSXqMWDRrVNgekbJdlAZNIPSF04dXkS8xiigrBL7xD0rvfQQG4q1PGwXkKDxLk2gu8gjJLdn5rre2Q0XV/N0FsFHu7q6QpMRCGUH0BqYI7Qn+uXbubXyjDguzmuUubkEumi2kju1EgwXTyCUlA8G4HGSFApZf/kpDsRXm8T2Klw4B2iv+RZOD99j5UgxRZUiDr2OR2UvT67YJHbWBpYdgNzCI22pOC5Kq3+uNYq71ai90y0jXwFCOQ+FAeO3ylgQUDdb32PimyK0npm1bQ5X+mGWMgjTAb9tGt2m5ghVJD X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 05338dcc-03f2-4d8b-ea33-08d963f39680 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:10.5128 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: UaheF4JB4EeTuHSm24FLGfIgIIVhA0Rkj8bhZ2RgkYhB4rewC7D9jJvA21cLLOjE529EiYJ5V/y0c6gI4LoCiA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2685 Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=1CLUx507; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf20.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.100.70 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Stat-Signature: qc6f3bs8i5gkiisyw337t9bxj4kjf956 X-Rspamd-Queue-Id: C9AAFD000642 X-Rspamd-Server: rspam01 X-HE-Tag: 1629475213-500930 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Provide the APIs for the hypervisor to manage an SEV-SNP guest. The commands for SEV-SNP is defined in the SEV-SNP firmware specification. Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/sev-dev.c | 24 ++++++++++++ include/linux/psp-sev.h | 73 ++++++++++++++++++++++++++++++++++++ 2 files changed, 97 insertions(+) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 1321f6fb07c5..01edad9116f2 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -1025,6 +1025,30 @@ int sev_guest_df_flush(int *error) } EXPORT_SYMBOL_GPL(sev_guest_df_flush); +int snp_guest_decommission(struct sev_data_snp_decommission *data, int *error) +{ + return sev_do_cmd(SEV_CMD_SNP_DECOMMISSION, data, error); +} +EXPORT_SYMBOL_GPL(snp_guest_decommission); + +int snp_guest_df_flush(int *error) +{ + return sev_do_cmd(SEV_CMD_SNP_DF_FLUSH, NULL, error); +} +EXPORT_SYMBOL_GPL(snp_guest_df_flush); + +int snp_guest_page_reclaim(struct sev_data_snp_page_reclaim *data, int *error) +{ + return sev_do_cmd(SEV_CMD_SNP_PAGE_RECLAIM, data, error); +} +EXPORT_SYMBOL_GPL(snp_guest_page_reclaim); + +int snp_guest_dbg_decrypt(struct sev_data_snp_dbg *data, int *error) +{ + return sev_do_cmd(SEV_CMD_SNP_DBG_DECRYPT, data, error); +} +EXPORT_SYMBOL_GPL(snp_guest_dbg_decrypt); + static void sev_exit(struct kref *ref) { misc_deregister(&misc_dev->misc); diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 1b53e8782250..f2105a8755f9 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -860,6 +860,64 @@ int sev_guest_df_flush(int *error); */ int sev_guest_decommission(struct sev_data_decommission *data, int *error); +/** + * snp_guest_df_flush - perform SNP DF_FLUSH command + * + * @sev_ret: sev command return code + * + * Returns: + * 0 if the sev successfully processed the command + * -%ENODEV if the sev device is not available + * -%ENOTSUPP if the sev does not support SEV + * -%ETIMEDOUT if the sev command timed out + * -%EIO if the sev returned a non-zero return code + */ +int snp_guest_df_flush(int *error); + +/** + * snp_guest_decommission - perform SNP_DECOMMISSION command + * + * @decommission: sev_data_decommission structure to be processed + * @sev_ret: sev command return code + * + * Returns: + * 0 if the sev successfully processed the command + * -%ENODEV if the sev device is not available + * -%ENOTSUPP if the sev does not support SEV + * -%ETIMEDOUT if the sev command timed out + * -%EIO if the sev returned a non-zero return code + */ +int snp_guest_decommission(struct sev_data_snp_decommission *data, int *error); + +/** + * snp_guest_page_reclaim - perform SNP_PAGE_RECLAIM command + * + * @decommission: sev_snp_page_reclaim structure to be processed + * @sev_ret: sev command return code + * + * Returns: + * 0 if the sev successfully processed the command + * -%ENODEV if the sev device is not available + * -%ENOTSUPP if the sev does not support SEV + * -%ETIMEDOUT if the sev command timed out + * -%EIO if the sev returned a non-zero return code + */ +int snp_guest_page_reclaim(struct sev_data_snp_page_reclaim *data, int *error); + +/** + * snp_guest_dbg_decrypt - perform SEV SNP_DBG_DECRYPT command + * + * @sev_ret: sev command return code + * + * Returns: + * 0 if the sev successfully processed the command + * -%ENODEV if the sev device is not available + * -%ENOTSUPP if the sev does not support SEV + * -%ETIMEDOUT if the sev command timed out + * -%EIO if the sev returned a non-zero return code + */ +int snp_guest_dbg_decrypt(struct sev_data_snp_dbg *data, int *error); + void *psp_copy_user_blob(u64 uaddr, u32 len); #else /* !CONFIG_CRYPTO_DEV_SP_PSP */ @@ -887,6 +945,21 @@ sev_issue_cmd_external_user(struct file *filep, unsigned int id, void *data, int static inline void *psp_copy_user_blob(u64 __user uaddr, u32 len) { return ERR_PTR(-EINVAL); } +static inline int +snp_guest_decommission(struct sev_data_snp_decommission *data, int *error) { return -ENODEV; } + +static inline int snp_guest_df_flush(int *error) { return -ENODEV; } + +static inline int snp_guest_page_reclaim(struct sev_data_snp_page_reclaim *data, int *error) +{ + return -ENODEV; +} + +static inline int snp_guest_dbg_decrypt(struct sev_data_snp_dbg *data, int *error) +{ + return -ENODEV; +} + #endif /* CONFIG_CRYPTO_DEV_SP_PSP */ #endif /* __PSP_SEV_H__ */ From patchwork Fri Aug 20 15:58:47 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449795 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7893DC4338F for ; Fri, 20 Aug 2021 16:00:42 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 167BD61221 for ; Fri, 20 Aug 2021 16:00:42 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 167BD61221 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 984838D000B; Fri, 20 Aug 2021 12:00:16 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 81A028D0011; Fri, 20 Aug 2021 12:00:16 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 533898D000B; Fri, 20 Aug 2021 12:00:16 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0042.hostedemail.com [216.40.44.42]) by kanga.kvack.org (Postfix) with ESMTP id 2C8C38D000F for ; Fri, 20 Aug 2021 12:00:16 -0400 (EDT) Received: from smtpin24.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id C5FF427035 for ; Fri, 20 Aug 2021 16:00:15 +0000 (UTC) X-FDA: 78495920790.24.3FF2A96 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2070.outbound.protection.outlook.com [40.107.220.70]) by imf23.hostedemail.com (Postfix) with ESMTP id 27CD290000AF for ; Fri, 20 Aug 2021 16:00:15 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lYcGzeqcU44SexcCi/wDxIfzbGDyE9XTxbvp1l76+g9u0DwJIJPpP1J0XZZk+tWxlhNCjXYZadjv0t+ZzCXl7JCXOW4O00Hjr/aWIJgTD17C82RUwqKCUC6+X7Swspb3s9JZhqIXcsi1y01TlCDz9/Bks8s0qflGu196XhF8tXFek6dl4G21RNHCktZ8s8H42OHtW5Jcead+MgbcY1uIZAqBnZz2eLIqfiG9SVtC8kXVzOtmWK1LVwhU1aQKgC8C/iXcsMLlFbOIw2JUQDVPNdVUKfF+rgehWT7fWNbNRqVltm/t/B+XU5mlV9Neq/xT2CpsFuaWGBriw3iZIl7kHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WxM8REmDVI1BmWY/+ZQiY0oAx762oxcfQUDoGBZr1pg=; b=hGBSdLlUJ9hAojQ0CuB6Fv7F/0qr5KrXDiT5qtlsCvbeWL7Dj1IUw8oyULBEZTdefSVDdGM0VRlUiyhf54q1+Naz+dshwYZyvl+Va/jsODkncsVA7YxoVMJQKofDll/xXh6OSbBVRQGIozgJHB5h8NmVEuRJfGCLu1j21Cf+a7wS/JwylPIGsLpo0F8aDmNVAeU7hDwIukBbICE+Fg2hjeZsJeNsYUQozfo/vVow23p81mCHlX0SlTUXkXyVt6xchtJ7wmYq2B3azjbJaWfTFEvdSWM6e5tx26K8/giqq3wZRDZipTLzP6aFj3iiQ6Fr09gxfI7cPYzG+KBlKi1k1Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WxM8REmDVI1BmWY/+ZQiY0oAx762oxcfQUDoGBZr1pg=; b=gGRn7NpKVYmQrCubCdVm+gJfpo7NmCCoCo+WzGg4AJ54mN1jLIKyqxMNe2PvZ9NQ4xZ0qDn5PZlPpCJkism6qsu/EhfEvZOq5CV2an9brGusJPM2465U54r2AAP9pqX7UFRNp6yAbiYmgqLsASjqxJls2GWAV7gBU8Iz5NZOrpY= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4574.namprd12.prod.outlook.com (2603:10b6:806:94::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:00:11 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:11 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 14/45] crypto: ccp: Handle the legacy TMR allocation when SNP is enabled Date: Fri, 20 Aug 2021 10:58:47 -0500 Message-Id: <20210820155918.7518-15-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:10 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 65c05a95-cc38-442d-7488-08d963f39740 X-MS-TrafficTypeDiagnostic: SA0PR12MB4574: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: PDMPstfEGxkp/hmSKcouzB1Fj12KWxc/HK229AIwJv2WvgiIMi7+7+XlOatR6dwTCjc+hv5jwn3prZ4Y+9huE8JKeo3agz85Ht/Q3pkOupm12s0BM0baImuGvr8xIHVTX0aRVYgg0kSE1F4+252/mBxOXv8bU2QkWavmexiVatjLzlQwMpOMrHL9vvF63RckRf5tRqQ7Jq/WdNZw5rRX3L9s8m1HxRQm9jnn8208a9A3XTLz6A8stL2hBOEbIQ7oTgb361AtiWy6rtMI6/r3fBMQnT2sCyk0U5tpbdjLb1fuONm1FqD2esrIdJEb3/peJgdPmEr0G9KHMKAj4gt2elVaBLDKdcZceB9gGsW2/5rZWYMURn4FrVSWcLj5+ERUJi/WlfYf1U5S0+SEPMXb6TB1UYE38GPx8xeKViYP7lg1VNgpK9dt0xeJYohglSd+cL205bI8NgQxzMNCfrGdbpiQqRjynJBm9hsfHNtm6uY+6G3JTyGYVnNG4kjqf5POn+iWlvw8VcwQNwEgNAIz/FRCpbO4uFo8RcD9WEqGzOXozQs5PlO1p1c6egTA95cWgFgyDC1+3hKAKdJexPoeo3X+gS3M+L497efLs7FbnEDrscbWKkhuvaVWcVozJwr29h4gJ8jUZNqE9pmNp3mqVW1vSjCltYnVALkOdonxNQJXzOWfsN8wek/YbHs/hXtyRu9AnkK6JnubvqQLXW3OwQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(376002)(396003)(346002)(366004)(39860400002)(1076003)(38100700002)(316002)(38350700002)(5660300002)(26005)(44832011)(4326008)(66556008)(54906003)(7416002)(7406005)(8676002)(66476007)(86362001)(66946007)(6666004)(2616005)(956004)(8936002)(2906002)(36756003)(83380400001)(478600001)(6486002)(7696005)(52116002)(186003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: Wg6w0FtZSkYdcjSvKupmQOA/19aQ4P+WP0gAfMa5PkeSE7IDJ7wBRlhQglaEnZMI1Nova9W3VRSg6G7J3bg2IHJW0JmTxERU1okNU6i+2SsZifjjXVqySU/H4JdEPk/SpThJwugcf2cwpXYuX1lyhoF/EwwkpwxndjEdPo9br1p00P3ctuI8kvWJNlpYyCCFzCUgE495D4BW9fjrnC97IF0RCYB9IlpA8tdemQqPRFYT7z2nrdS+7lomjxGnfHi6T7X0ET8f0s+88jDSG+bZqKXN4nYoO9/ukRbz9w5hBxxtq36k3Ws9IWkYZLVvF+f/tn9OcEVxDBbPROXiInL5wCFDnXm8F27YfEcBUXvQQU5UJdyjr6fVHrQiLYwgzzNmoYvOOq+yPc5b/T/5FFNPbmZFxzqAt3BrWo7pGCxTaNQZrIy5cYRAdj+M2PevF3o7SKeJrzD75jOAL43fisv3CafDpYbJsyUJGBONcTNnfQyQpzRF+HOgiwrNzHYxWPALMnl3HIDQUhcADdFEsBClQHdc25hfMOt/SpRa1THq+D4Lwe90X7XYLMKReZXcPTQuw0cHUv6vdls5PzEh4HwjJEvGJhqOB870sRkezCtEnAc1ZxeTPRnoOFlbzz09Y+joe6aZQOK03drgP5u6tnDRJjbFOLb9/OP1E76nJNCjzK/lWb5QJvAI5hCoB8ELkhPBXZ6qlSmeucSwtDS2A67gpYrYw+ey1uPI6oIuJ6it3MJEQGZDJTZE2SRk9z9exh7IAQGknGKBve0wV44kphRSV4YmnSZe+I5Vope/1tbl8Xga8O8sXiu5WuAPHI3QMglLLpfZyfUnDnLg/cuHW1lBIJs4FD8ebhDa3ZWJeNGfYJAN8GdyOc0zQh5TlAtIhwQGYxI+bPC9xb5stxi74UhRb9MrJc6LD6HnbAAIr9euBSKxb1rkudkEotbXWKuINVDzYfqL2F1v9Lp4rvEtN8ykVzmIZCjmmLgdkxURhXKyIXXxs/4eBR8gDg3RNYekDeJSmSW+FXI6rXgAWGYRgp2EC4oKIuojVrbH9rGmg5g3kY26iXNOrXolgR6Q3aqYc1ALFamkVamZqvgDhHSRlC3Ij3RD28UMO2Csi3sXCazQBBVM8HCBDysIShtzGHX9RaZXga0pxFMBCIvmT6ggYG2lprdst1SeoP3f4A2cR+j7OMVmlGxGab68WLPMECmnBPQYgZNJW0NarssV22GgNf2r5H9Co2pLdlEUP997FH96SDsaEfc+ClEty7iwHmWRP2ppWU8A7XPhxh0MtkL+MJBtxDgmcJJyXSXLy4fcEH9nKs8bpr310yvyTMcH5gO/RPd1 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 65c05a95-cc38-442d-7488-08d963f39740 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:11.7571 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: MnbwHWsGmRUzQ8Yzr/hqOnnU9TS3xXCVYA+0d5t9k3G4QYAIO7JdZajdZlwfe81VCzen/PkXhRHAsPXbYV1P1Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4574 Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=gGRn7NpK; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf23.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.220.70 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Stat-Signature: f6uziz9t11yijea739gxorwr3uxkfcdn X-Rspamd-Queue-Id: 27CD290000AF X-Rspamd-Server: rspam01 X-HE-Tag: 1629475215-368912 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The behavior and requirement for the SEV-legacy command is altered when the SNP firmware is in the INIT state. See SEV-SNP firmware specification for more details. Allocate the Trusted Memory Region (TMR) as a 2mb sized/aligned region when SNP is enabled to satify new requirements for the SNP. Continue allocating a 1mb region for !SNP configuration. While at it, provide API that can be used by others to allocate a page that can be used by the firmware. The immediate user for this API will be the KVM driver. The KVM driver to need to allocate a firmware context page during the guest creation. The context page need to be updated by the firmware. See the SEV-SNP specification for further details. Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/sev-dev.c | 169 ++++++++++++++++++++++++++++++++++- include/linux/psp-sev.h | 11 +++ 2 files changed, 176 insertions(+), 4 deletions(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 01edad9116f2..34dc358b13b9 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -62,6 +62,14 @@ static int psp_timeout; #define SEV_ES_TMR_SIZE (1024 * 1024) static void *sev_es_tmr; +/* When SEV-SNP is enabled the TMR needs to be 2MB aligned and 2MB size. */ +#define SEV_SNP_ES_TMR_SIZE (2 * 1024 * 1024) + +static size_t sev_es_tmr_size = SEV_ES_TMR_SIZE; + +static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret); +static int sev_do_cmd(int cmd, void *data, int *psp_ret); + static inline bool sev_version_greater_or_equal(u8 maj, u8 min) { struct sev_device *sev = psp_master->sev_data; @@ -159,6 +167,156 @@ static int sev_cmd_buffer_len(int cmd) return 0; } +static void snp_leak_pages(unsigned long pfn, unsigned int npages) +{ + WARN(1, "psc failed, pfn 0x%lx pages %d (leaking)\n", pfn, npages); + while (npages--) { + memory_failure(pfn, 0); + dump_rmpentry(pfn); + pfn++; + } +} + +static int snp_reclaim_pages(unsigned long pfn, unsigned int npages, bool locked) +{ + struct sev_data_snp_page_reclaim data; + int ret, err, i, n = 0; + + for (i = 0; i < npages; i++) { + memset(&data, 0, sizeof(data)); + data.paddr = pfn << PAGE_SHIFT; + + if (locked) + ret = __sev_do_cmd_locked(SEV_CMD_SNP_PAGE_RECLAIM, &data, &err); + else + ret = sev_do_cmd(SEV_CMD_SNP_PAGE_RECLAIM, &data, &err); + if (ret) + goto cleanup; + + ret = rmp_make_shared(pfn, PG_LEVEL_4K); + if (ret) + goto cleanup; + + pfn++; + n++; + } + + return 0; + +cleanup: + /* + * If failed to reclaim the page then page is no longer safe to + * be released, leak it. + */ + snp_leak_pages(pfn, npages - n); + return ret; +} + +static inline int rmp_make_firmware(unsigned long pfn, int level) +{ + return rmp_make_private(pfn, 0, level, 0, true); +} + +static int snp_set_rmp_state(unsigned long paddr, unsigned int npages, bool to_fw, bool locked, + bool need_reclaim) +{ + unsigned long pfn = __sme_clr(paddr) >> PAGE_SHIFT; /* Cbit maybe set in the paddr */ + int rc, n = 0, i; + + for (i = 0; i < npages; i++) { + if (to_fw) + rc = rmp_make_firmware(pfn, PG_LEVEL_4K); + else + rc = need_reclaim ? snp_reclaim_pages(pfn, 1, locked) : + rmp_make_shared(pfn, PG_LEVEL_4K); + if (rc) + goto cleanup; + + pfn++; + n++; + } + + return 0; + +cleanup: + /* Try unrolling the firmware state changes */ + if (to_fw) { + /* + * Reclaim the pages which were already changed to the + * firmware state. + */ + snp_reclaim_pages(paddr >> PAGE_SHIFT, n, locked); + + return rc; + } + + /* + * If failed to change the page state to shared, then its not safe + * to release the page back to the system, leak it. + */ + snp_leak_pages(pfn, npages - n); + + return rc; +} + +static struct page *__snp_alloc_firmware_pages(gfp_t gfp_mask, int order, bool locked) +{ + unsigned long npages = 1ul << order, paddr; + struct sev_device *sev; + struct page *page; + + if (!psp_master || !psp_master->sev_data) + return ERR_PTR(-EINVAL); + + page = alloc_pages(gfp_mask, order); + if (!page) + return NULL; + + /* If SEV-SNP is initialized then add the page in RMP table. */ + sev = psp_master->sev_data; + if (!sev->snp_inited) + return page; + + paddr = __pa((unsigned long)page_address(page)); + if (snp_set_rmp_state(paddr, npages, true, locked, false)) + return NULL; + + return page; +} + +void *snp_alloc_firmware_page(gfp_t gfp_mask) +{ + struct page *page; + + page = __snp_alloc_firmware_pages(gfp_mask, 0, false); + + return page ? page_address(page) : NULL; +} +EXPORT_SYMBOL_GPL(snp_alloc_firmware_page); + +static void __snp_free_firmware_pages(struct page *page, int order, bool locked) +{ + unsigned long paddr, npages = 1ul << order; + + if (!page) + return; + + paddr = __pa((unsigned long)page_address(page)); + if (snp_set_rmp_state(paddr, npages, false, locked, true)) + return; + + __free_pages(page, order); +} + +void snp_free_firmware_page(void *addr) +{ + if (!addr) + return; + + __snp_free_firmware_pages(virt_to_page(addr), 0, false); +} +EXPORT_SYMBOL(snp_free_firmware_page); + static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret) { struct psp_device *psp = psp_master; @@ -281,7 +439,7 @@ static int __sev_platform_init_locked(int *error) data.flags |= SEV_INIT_FLAGS_SEV_ES; data.tmr_address = tmr_pa; - data.tmr_len = SEV_ES_TMR_SIZE; + data.tmr_len = sev_es_tmr_size; } rc = __sev_do_cmd_locked(SEV_CMD_INIT, &data, error); @@ -638,6 +796,8 @@ static int __sev_snp_init_locked(int *error) sev->snp_inited = true; dev_dbg(sev->dev, "SEV-SNP firmware initialized\n"); + sev_es_tmr_size = SEV_SNP_ES_TMR_SIZE; + return rc; } @@ -1161,8 +1321,9 @@ static void sev_firmware_shutdown(struct sev_device *sev) /* The TMR area was encrypted, flush it from the cache */ wbinvd_on_all_cpus(); - free_pages((unsigned long)sev_es_tmr, - get_order(SEV_ES_TMR_SIZE)); + __snp_free_firmware_pages(virt_to_page(sev_es_tmr), + get_order(sev_es_tmr_size), + false); sev_es_tmr = NULL; } @@ -1233,7 +1394,7 @@ void sev_pci_init(void) } /* Obtain the TMR memory area for SEV-ES use */ - tmr_page = alloc_pages(GFP_KERNEL, get_order(SEV_ES_TMR_SIZE)); + tmr_page = __snp_alloc_firmware_pages(GFP_KERNEL, get_order(sev_es_tmr_size), false); if (tmr_page) { sev_es_tmr = page_address(tmr_page); } else { diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index f2105a8755f9..00bd684dc094 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -12,6 +12,8 @@ #ifndef __PSP_SEV_H__ #define __PSP_SEV_H__ +#include + #include #ifdef CONFIG_X86 @@ -919,6 +921,8 @@ int snp_guest_page_reclaim(struct sev_data_snp_page_reclaim *data, int *error); int snp_guest_dbg_decrypt(struct sev_data_snp_dbg *data, int *error); void *psp_copy_user_blob(u64 uaddr, u32 len); +void *snp_alloc_firmware_page(gfp_t mask); +void snp_free_firmware_page(void *addr); #else /* !CONFIG_CRYPTO_DEV_SP_PSP */ @@ -960,6 +964,13 @@ static inline int snp_guest_dbg_decrypt(struct sev_data_snp_dbg *data, int *erro return -ENODEV; } +static inline void *snp_alloc_firmware_page(gfp_t mask) +{ + return NULL; +} + +static inline void snp_free_firmware_page(void *addr) { } + #endif /* CONFIG_CRYPTO_DEV_SP_PSP */ #endif /* __PSP_SEV_H__ */ From patchwork Fri Aug 20 15:58:48 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449797 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E570FC4338F for ; Fri, 20 Aug 2021 16:00:45 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 84EE3611AF for ; Fri, 20 Aug 2021 16:00:45 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 84EE3611AF Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id F1EFD8D0011; Fri, 20 Aug 2021 12:00:16 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id EA94D8D000F; Fri, 20 Aug 2021 12:00:16 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CD2658D0011; Fri, 20 Aug 2021 12:00:16 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0009.hostedemail.com [216.40.44.9]) by kanga.kvack.org (Postfix) with ESMTP id AE8BC8D000F for ; Fri, 20 Aug 2021 12:00:16 -0400 (EDT) Received: from smtpin21.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 59262184B592E for ; Fri, 20 Aug 2021 16:00:16 +0000 (UTC) X-FDA: 78495920832.21.3C536F3 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam08on2077.outbound.protection.outlook.com [40.107.100.77]) by imf28.hostedemail.com (Postfix) with ESMTP id B7C0690000A1 for ; Fri, 20 Aug 2021 16:00:15 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cRqgvuHrzEtR7+9c/qeHA4d14QnAvoM7qzeZByMfyZZiUwyIgN/fXgej35I2sPZ7iaC8Gy/4toSExgvEcBf9DRKvbiFk26vdfTOyecxyL6BBJeGL2rK4D3rFcIjb86U9Ykk/jErewkrWvPmxUhDyXdXPFd00iXo4v4d+xEBbDhmuPcqwFltCzQC0p6LR1ABkQKxavqhq2nDrbKi5on7q9Cjc78ANm7ZuVV19yx9buB0UQy9sum7UEnm7++tH5qcqRTK4Mp4f0DJf7m8O8VcmtSK7yZAclsJQUueIUz8cfMs/r9T+7mePOX/kFXJWznHla67aWMcv+1yv+fs8/j5xKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gfgv3CKnF22LFRG+HYod/AUmZAue0aT/1a/kHGMOP/s=; b=n4Te3Z7PqV9PTqf6ecDDjnDFc0Z2WIs3cPr1WRN2FMXQsTC75Jp/uqZ31+nju+dHG8T+pXGhlKxktU8U98SfYvhuewLGlaglR9vlcMhqgiapT+ieXhJGq6989OgZcA6j6hojaQT9OZWDxxyzNwB0EKY0tVE3smtDTDM6o2JjjVLM3l7tHfd58y60HgwDIhFVXeLKMQKXoCYHef2fIjaRMwUe568LpW9Mamx4IvkhTB4LHTujsGoF6uBx4D2mPrvO/WNc+f7dquNvyN1pe1jD11TM/gG1soCLERV71yu3ntVWsegzQMWb3RlrXUx4Oq4edmjA+SZjKdnizZFYwCDXSg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gfgv3CKnF22LFRG+HYod/AUmZAue0aT/1a/kHGMOP/s=; b=cl6sUMib9T6CLU+b+8I7bjJZVis/VyusR5C1QhjNc9bJc4uTD1L9nnpV01fxunHn+wnRyaACsL8XBEQkUDq9yr1ntJvrouf4Mlf5ltpdx+ApCPwfch872fGd62Ig5ZCZFAUjGTMQ8pxyBO604nQ+bRBpWsjAewYFOZnD4qItWCI= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2685.namprd12.prod.outlook.com (2603:10b6:805:67::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.21; Fri, 20 Aug 2021 16:00:13 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:13 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 15/45] crypto: ccp: Handle the legacy SEV command when SNP is enabled Date: Fri, 20 Aug 2021 10:58:48 -0500 Message-Id: <20210820155918.7518-16-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:12 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: d3efcc56-24c8-4585-1c55-08d963f3980d X-MS-TrafficTypeDiagnostic: SN6PR12MB2685: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2150; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: sprdmUCy4CoPA5V4jriMCmNNPPksJTD7UkmD2SKeE3rr+O5oS+y3teEmFBz5XndOgsqSDX7GWBGR9aTGwB+2gl1jdb5BM2FwV5Tv+d8hoyreagTdj1c1EaSyCYsgx/oxN7tXmXwKkIBVide8zZV5zVNF7xjEGLtxz19mzYfwUTDyxvddnnB6cIGeVoeVVEKbWnXCcJ86xhy1Rwh9wlZ4MMzGOhCQa14z5XXSW5fBb2h5R3okqnO0herIrSvurziRxZiQxt78J0rCyDPTlNpUlsiE7IkOWhZ7Xt0HvUhrky4p7oTgY2RSgLKGxtscsuYK9ybynOEFcLlEqtnpyB3w4AsqBm5/RS2puA+zZMGjG0nUSd0CXBX0L4vgo4brZpyyIgO66niKfO7IMV2PbLKJZEtzHnylXNDNEi3L+5vkUfq6grLgu+MhdB3oZb6ePheG6y2CP99a0Br/x6iAjjLb0zARxgzMbFrjbwtO30FI4DVIE/fMt/do7j/dFE/1DeOXvqGnCVpm3ZfWSWBAHJPc+VHKmYllUpVYLJ9Zinc5XkjznXkzVCGeVfH1lCU2AJ3ixzhhgGddU0DTcGOBIVUKXMM/YwTHXnTCaSHIbZMLgh8+NlEV1SMAPdj8nvGgCrlin3kRitYxM1o92dJmmeeJlzSbuyIHsKdRTxjuPSu3+4hUG6Y8ZYzYBWEIrc91cVQyXACAZ9Fe6XSxU1f0Kbc13A== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(136003)(396003)(376002)(346002)(366004)(956004)(186003)(44832011)(2616005)(26005)(83380400001)(66946007)(52116002)(66556008)(66476007)(7696005)(7406005)(6666004)(7416002)(1076003)(2906002)(478600001)(36756003)(316002)(54906003)(8676002)(8936002)(30864003)(5660300002)(6486002)(38350700002)(4326008)(38100700002)(86362001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: sg8W4tvWMAV5yg0/ehaTSK1chWvq1681el0B250sLOaFKUuLHcYuOAomJiU4FTHnmMdl196V03pEbHMv3pPByirN34IIMkqkkDFsadnw0rFxuGAfiag4mg47gb4SHd19Ae0p9F3xRXnTd98gP74vT8Gzs5GnjZjSM1GaUKqgflWKwn1Pw/XcrFfcfB29jQP+TkQExqe2V4+UzWJPvnTStAX8nR3f0H3JHnlytv9TDEysxzFTerz+TImvlJMmU0Dlpb6NkV07nlSyWIZLoLvpH17QjSvL/ZBcHqyu7yF3yxCev0jtwfUlA+OevBTktWBHHpTu/HKuRLHtE+IN0XbAPhKfJNky90+wyKlVz21gJCQJFeENW8Y9envRTzAc/cEX6vobH4RUfKU0J0WTZt5a69uRbgecBm4gNOP1CltIviPjvbZqYPfOjje6zDsfeEB9OCnn6nPIwlxKZ72RDQoOJ/xP6fQgA3JtmvvnlOb8IKpajbIqd2Gju0MZU6iYlgTe16Jwlox+5xIZ/RKcUa2uDwZaydU3knmSFxlqKejhnCI85mFBh6Ww4YHvRMz8In9r+dTORoDwR5leU/EnM/9pPKQIiWKgeYOvg8j2LD9IjigOGvw2DdSxsDL2FZiCNm7WOrhECgjT/Yo5rJ2TUWIrFmqaNQlppeoINe4tutvh/9KBjZAAPP84YjhRKmirOb0rb2ny2iFIo07M6nSn83wZv3cIVd3byj30lPZ7KtHDJPEgPhl7jIKf0/oj7x4FwS0AhurshCmWNAEb4kvGIEUk03NOBJ9xXEX0rWl6G4UXsbbWyKJL6es8CfpKzoX4p+TKGbdqmJ6Cpb9nuPH6tOweN7tRCdBfUAbgW0x3Nnympsx7oH2gCE1rTi5UnigZk7YnCo0Fwr+OXX8qZz0E7bdwqE8RCkybhBDdbas852IIJujXLpBEcrP00G7juXLt+/813rlYMbFWNCPbri0oxFCUFHeG+4FeYUeokKn1Ivhi7PbgSoYADyrCxwTYFtCrKZoGbnjAUMJBosZ4kkPM89aN7J9+E1Jcf8APnTr3zXXa7dc6Iw3ghVI79Vu1xEdGBhVNE2748CYYmH5yn46+ViwsqIU3xX4DuzaMGb264S105LUZ/5jdBbXy3/fapdZyzrdaWza5mxTL8ymUkBbcxzkLi6lhRpOmn9S/u0LFpNsJKx8LAPKP1f7EX6BSUVB6BjAF3nQ5SeJOzT9ONkxLEpcSWZcITsuMlg3pAd7jUWUo1TXT3HxKPGrISP/jLhCICYgi6GauCpR80/392rZPVy1C6hRbEiC5P/U2tgHEiPimntNJMw1XbvoVFbxYpc5uaFBH X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: d3efcc56-24c8-4585-1c55-08d963f3980d X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:13.1263 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: LHNxGbMKhgmFLR88Up3duYb+eqM284XuqEofjb3BIs2+2Kz32Qo0EeB+BCFTHHvrfI/htaKgEKz4xHE7F5GLrw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2685 X-Rspamd-Queue-Id: B7C0690000A1 Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=cl6sUMib; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf28.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.100.77 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Rspamd-Server: rspam04 X-Stat-Signature: y51ehysmpwyhf7736ndgd38nz7pwrpux X-HE-Tag: 1629475215-808228 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The behavior of the SEV-legacy commands is altered when the SNP firmware is in the INIT state. When SNP is in INIT state, all the SEV-legacy commands that cause the firmware to write to memory must be in the firmware state before issuing the command.. A command buffer may contains a system physical address that the firmware may write to. There are two cases that need to be handled: 1) system physical address points to a guest memory 2) system physical address points to a host memory To handle the case #1, change the page state to the firmware in the RMP table before issuing the command and restore the state to shared after the command completes. For the case #2, use a bounce buffer to complete the request. Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/sev-dev.c | 346 ++++++++++++++++++++++++++++++++++- drivers/crypto/ccp/sev-dev.h | 12 ++ 2 files changed, 348 insertions(+), 10 deletions(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 34dc358b13b9..4cd7d803a624 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -317,12 +317,295 @@ void snp_free_firmware_page(void *addr) } EXPORT_SYMBOL(snp_free_firmware_page); +static int alloc_snp_host_map(struct sev_device *sev) +{ + struct page *page; + int i; + + for (i = 0; i < MAX_SNP_HOST_MAP_BUFS; i++) { + struct snp_host_map *map = &sev->snp_host_map[i]; + + memset(map, 0, sizeof(*map)); + + page = alloc_pages(GFP_KERNEL_ACCOUNT, get_order(SEV_FW_BLOB_MAX_SIZE)); + if (!page) + return -ENOMEM; + + map->host = page_address(page); + } + + return 0; +} + +static void free_snp_host_map(struct sev_device *sev) +{ + int i; + + for (i = 0; i < MAX_SNP_HOST_MAP_BUFS; i++) { + struct snp_host_map *map = &sev->snp_host_map[i]; + + if (map->host) { + __free_pages(virt_to_page(map->host), get_order(SEV_FW_BLOB_MAX_SIZE)); + memset(map, 0, sizeof(*map)); + } + } +} + +static int map_firmware_writeable(u64 *paddr, u32 len, bool guest, struct snp_host_map *map) +{ + unsigned int npages = PAGE_ALIGN(len) >> PAGE_SHIFT; + + map->active = false; + + if (!paddr || !len) + return 0; + + map->paddr = *paddr; + map->len = len; + + /* If paddr points to a guest memory then change the page state to firmwware. */ + if (guest) { + if (snp_set_rmp_state(*paddr, npages, true, true, false)) + return -EFAULT; + + goto done; + } + + if (!map->host) + return -ENOMEM; + + /* Check if the pre-allocated buffer can be used to fullfil the request. */ + if (len > SEV_FW_BLOB_MAX_SIZE) + return -EINVAL; + + /* Transition the pre-allocated buffer to the firmware state. */ + if (snp_set_rmp_state(__pa(map->host), npages, true, true, false)) + return -EFAULT; + + /* Set the paddr to use pre-allocated firmware buffer */ + *paddr = __psp_pa(map->host); + +done: + map->active = true; + return 0; +} + +static int unmap_firmware_writeable(u64 *paddr, u32 len, bool guest, struct snp_host_map *map) +{ + unsigned int npages = PAGE_ALIGN(len) >> PAGE_SHIFT; + + if (!map->active) + return 0; + + /* If paddr points to a guest memory then restore the page state to hypervisor. */ + if (guest) { + if (snp_set_rmp_state(*paddr, npages, false, true, true)) + return -EFAULT; + + goto done; + } + + /* + * Transition the pre-allocated buffer to hypervisor state before the access. + * + * This is because while changing the page state to firmware, the kernel unmaps + * the pages from the direct map, and to restore the direct map we must + * transition the pages to shared state. + */ + if (snp_set_rmp_state(__pa(map->host), npages, false, true, true)) + return -EFAULT; + + /* Copy the response data firmware buffer to the callers buffer. */ + memcpy(__va(__sme_clr(map->paddr)), map->host, min_t(size_t, len, map->len)); + *paddr = map->paddr; + +done: + map->active = false; + return 0; +} + +static bool sev_legacy_cmd_buf_writable(int cmd) +{ + switch (cmd) { + case SEV_CMD_PLATFORM_STATUS: + case SEV_CMD_GUEST_STATUS: + case SEV_CMD_LAUNCH_START: + case SEV_CMD_RECEIVE_START: + case SEV_CMD_LAUNCH_MEASURE: + case SEV_CMD_SEND_START: + case SEV_CMD_SEND_UPDATE_DATA: + case SEV_CMD_SEND_UPDATE_VMSA: + case SEV_CMD_PEK_CSR: + case SEV_CMD_PDH_CERT_EXPORT: + case SEV_CMD_GET_ID: + case SEV_CMD_ATTESTATION_REPORT: + return true; + default: + return false; + } +} + +#define prep_buffer(name, addr, len, guest, map) \ + func(&((typeof(name *))cmd_buf)->addr, ((typeof(name *))cmd_buf)->len, guest, map) + +static int __snp_cmd_buf_copy(int cmd, void *cmd_buf, bool to_fw, int fw_err) +{ + int (*func)(u64 *paddr, u32 len, bool guest, struct snp_host_map *map); + struct sev_device *sev = psp_master->sev_data; + bool from_fw = !to_fw; + + /* + * After the command is completed, change the command buffer memory to + * hypervisor state. + * + * The immutable bit is automatically cleared by the firmware, so + * no not need to reclaim the page. + */ + if (from_fw && sev_legacy_cmd_buf_writable(cmd)) { + if (snp_set_rmp_state(__pa(cmd_buf), 1, false, true, false)) + return -EFAULT; + + /* No need to go further if firmware failed to execute command. */ + if (fw_err) + return 0; + } + + if (to_fw) + func = map_firmware_writeable; + else + func = unmap_firmware_writeable; + + /* + * A command buffer may contains a system physical address. If the address + * points to a host memory then use an intermediate firmware page otherwise + * change the page state in the RMP table. + */ + switch (cmd) { + case SEV_CMD_PDH_CERT_EXPORT: + if (prep_buffer(struct sev_data_pdh_cert_export, pdh_cert_address, + pdh_cert_len, false, &sev->snp_host_map[0])) + goto err; + if (prep_buffer(struct sev_data_pdh_cert_export, cert_chain_address, + cert_chain_len, false, &sev->snp_host_map[1])) + goto err; + break; + case SEV_CMD_GET_ID: + if (prep_buffer(struct sev_data_get_id, address, len, + false, &sev->snp_host_map[0])) + goto err; + break; + case SEV_CMD_PEK_CSR: + if (prep_buffer(struct sev_data_pek_csr, address, len, + false, &sev->snp_host_map[0])) + goto err; + break; + case SEV_CMD_LAUNCH_UPDATE_DATA: + if (prep_buffer(struct sev_data_launch_update_data, address, len, + true, &sev->snp_host_map[0])) + goto err; + break; + case SEV_CMD_LAUNCH_UPDATE_VMSA: + if (prep_buffer(struct sev_data_launch_update_vmsa, address, len, + true, &sev->snp_host_map[0])) + goto err; + break; + case SEV_CMD_LAUNCH_MEASURE: + if (prep_buffer(struct sev_data_launch_measure, address, len, + false, &sev->snp_host_map[0])) + goto err; + break; + case SEV_CMD_LAUNCH_UPDATE_SECRET: + if (prep_buffer(struct sev_data_launch_secret, guest_address, guest_len, + true, &sev->snp_host_map[0])) + goto err; + break; + case SEV_CMD_DBG_DECRYPT: + if (prep_buffer(struct sev_data_dbg, dst_addr, len, false, + &sev->snp_host_map[0])) + goto err; + break; + case SEV_CMD_DBG_ENCRYPT: + if (prep_buffer(struct sev_data_dbg, dst_addr, len, true, + &sev->snp_host_map[0])) + goto err; + break; + case SEV_CMD_ATTESTATION_REPORT: + if (prep_buffer(struct sev_data_attestation_report, address, len, + false, &sev->snp_host_map[0])) + goto err; + break; + case SEV_CMD_SEND_START: + if (prep_buffer(struct sev_data_send_start, session_address, + session_len, false, &sev->snp_host_map[0])) + goto err; + break; + case SEV_CMD_SEND_UPDATE_DATA: + if (prep_buffer(struct sev_data_send_update_data, hdr_address, hdr_len, + false, &sev->snp_host_map[0])) + goto err; + if (prep_buffer(struct sev_data_send_update_data, trans_address, + trans_len, false, &sev->snp_host_map[1])) + goto err; + break; + case SEV_CMD_SEND_UPDATE_VMSA: + if (prep_buffer(struct sev_data_send_update_vmsa, hdr_address, hdr_len, + false, &sev->snp_host_map[0])) + goto err; + if (prep_buffer(struct sev_data_send_update_vmsa, trans_address, + trans_len, false, &sev->snp_host_map[1])) + goto err; + break; + case SEV_CMD_RECEIVE_UPDATE_DATA: + if (prep_buffer(struct sev_data_receive_update_data, guest_address, + guest_len, true, &sev->snp_host_map[0])) + goto err; + break; + case SEV_CMD_RECEIVE_UPDATE_VMSA: + if (prep_buffer(struct sev_data_receive_update_vmsa, guest_address, + guest_len, true, &sev->snp_host_map[0])) + goto err; + break; + default: + break; + } + + /* The command buffer need to be in the firmware state. */ + if (to_fw && sev_legacy_cmd_buf_writable(cmd)) { + if (snp_set_rmp_state(__pa(cmd_buf), 1, true, true, false)) + return -EFAULT; + } + + return 0; + +err: + return -EINVAL; +} + +static inline bool need_firmware_copy(int cmd) +{ + struct sev_device *sev = psp_master->sev_data; + + /* After SNP is INIT'ed, the behavior of legacy SEV command is changed. */ + return ((cmd < SEV_CMD_SNP_INIT) && sev->snp_inited) ? true : false; +} + +static int snp_aware_copy_to_firmware(int cmd, void *data) +{ + return __snp_cmd_buf_copy(cmd, data, true, 0); +} + +static int snp_aware_copy_from_firmware(int cmd, void *data, int fw_err) +{ + return __snp_cmd_buf_copy(cmd, data, false, fw_err); +} + static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret) { struct psp_device *psp = psp_master; struct sev_device *sev; unsigned int phys_lsb, phys_msb; unsigned int reg, ret = 0; + void *cmd_buf; int buf_len; if (!psp || !psp->sev_data) @@ -342,12 +625,28 @@ static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret) * work for some memory, e.g. vmalloc'd addresses, and @data may not be * physically contiguous. */ - if (data) - memcpy(sev->cmd_buf, data, buf_len); + if (data) { + if (sev->cmd_buf_active > 2) + return -EBUSY; + + cmd_buf = sev->cmd_buf_active ? sev->cmd_buf_backup : sev->cmd_buf; + + memcpy(cmd_buf, data, buf_len); + sev->cmd_buf_active++; + + /* + * The behavior of the SEV-legacy commands is altered when the + * SNP firmware is in the INIT state. + */ + if (need_firmware_copy(cmd) && snp_aware_copy_to_firmware(cmd, sev->cmd_buf)) + return -EFAULT; + } else { + cmd_buf = sev->cmd_buf; + } /* Get the physical address of the command buffer */ - phys_lsb = data ? lower_32_bits(__psp_pa(sev->cmd_buf)) : 0; - phys_msb = data ? upper_32_bits(__psp_pa(sev->cmd_buf)) : 0; + phys_lsb = data ? lower_32_bits(__psp_pa(cmd_buf)) : 0; + phys_msb = data ? upper_32_bits(__psp_pa(cmd_buf)) : 0; dev_dbg(sev->dev, "sev command id %#x buffer 0x%08x%08x timeout %us\n", cmd, phys_msb, phys_lsb, psp_timeout); @@ -388,15 +687,24 @@ static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret) ret = -EIO; } - print_hex_dump_debug("(out): ", DUMP_PREFIX_OFFSET, 16, 2, data, - buf_len, false); - /* * Copy potential output from the PSP back to data. Do this even on * failure in case the caller wants to glean something from the error. */ - if (data) - memcpy(data, sev->cmd_buf, buf_len); + if (data) { + /* + * Restore the page state after the command completes. + */ + if (need_firmware_copy(cmd) && + snp_aware_copy_from_firmware(cmd, cmd_buf, ret)) + return -EFAULT; + + memcpy(data, cmd_buf, buf_len); + sev->cmd_buf_active--; + } + + print_hex_dump_debug("(out): ", DUMP_PREFIX_OFFSET, 16, 2, data, + buf_len, false); return ret; } @@ -1271,10 +1579,12 @@ int sev_dev_init(struct psp_device *psp) if (!sev) goto e_err; - sev->cmd_buf = (void *)devm_get_free_pages(dev, GFP_KERNEL, 0); + sev->cmd_buf = (void *)devm_get_free_pages(dev, GFP_KERNEL, 1); if (!sev->cmd_buf) goto e_sev; + sev->cmd_buf_backup = (uint8_t *)sev->cmd_buf + PAGE_SIZE; + psp->sev_data = sev; sev->dev = dev; @@ -1327,6 +1637,12 @@ static void sev_firmware_shutdown(struct sev_device *sev) sev_es_tmr = NULL; } + /* + * The host map need to clear the immutable bit so it must be free'd before the + * SNP firmware shutdown. + */ + free_snp_host_map(sev); + sev_snp_shutdown(NULL); } @@ -1391,6 +1707,14 @@ void sev_pci_init(void) dev_err(sev->dev, "SEV-SNP: failed to INIT error %#x\n", error); } } + + /* + * Allocate the intermediate buffers used for the legacy command handling. + */ + if (alloc_snp_host_map(sev)) { + dev_notice(sev->dev, "Failed to alloc host map (disabling legacy SEV)\n"); + goto skip_legacy; + } } /* Obtain the TMR memory area for SEV-ES use */ @@ -1420,12 +1744,14 @@ void sev_pci_init(void) if (rc) dev_err(sev->dev, "SEV: failed to INIT error %#x\n", error); +skip_legacy: dev_info(sev->dev, "SEV%s API:%d.%d build:%d\n", sev->snp_inited ? "-SNP" : "", sev->api_major, sev->api_minor, sev->build); return; err: + free_snp_host_map(sev); psp_master->sev_data = NULL; } diff --git a/drivers/crypto/ccp/sev-dev.h b/drivers/crypto/ccp/sev-dev.h index 186ad20cbd24..fe5d7a3ebace 100644 --- a/drivers/crypto/ccp/sev-dev.h +++ b/drivers/crypto/ccp/sev-dev.h @@ -29,11 +29,20 @@ #define SEV_CMDRESP_CMD_SHIFT 16 #define SEV_CMDRESP_IOC BIT(0) +#define MAX_SNP_HOST_MAP_BUFS 2 + struct sev_misc_dev { struct kref refcount; struct miscdevice misc; }; +struct snp_host_map { + u64 paddr; + u32 len; + void *host; + bool active; +}; + struct sev_device { struct device *dev; struct psp_device *psp; @@ -52,8 +61,11 @@ struct sev_device { u8 build; void *cmd_buf; + void *cmd_buf_backup; + int cmd_buf_active; bool snp_inited; + struct snp_host_map snp_host_map[MAX_SNP_HOST_MAP_BUFS]; }; int sev_dev_init(struct psp_device *psp); From patchwork Fri Aug 20 15:58:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449799 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 162BDC4338F for ; Fri, 20 Aug 2021 16:00:49 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id B36B261247 for ; Fri, 20 Aug 2021 16:00:48 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org B36B261247 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id D72608D0012; Fri, 20 Aug 2021 12:00:18 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D21B78D000F; Fri, 20 Aug 2021 12:00:18 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B73748D0012; Fri, 20 Aug 2021 12:00:18 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0220.hostedemail.com [216.40.44.220]) by kanga.kvack.org (Postfix) with ESMTP id 975E98D000F for ; Fri, 20 Aug 2021 12:00:18 -0400 (EDT) Received: from smtpin17.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 4B28429E13 for ; Fri, 20 Aug 2021 16:00:18 +0000 (UTC) X-FDA: 78495920916.17.C18FECD Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2056.outbound.protection.outlook.com [40.107.220.56]) by imf19.hostedemail.com (Postfix) with ESMTP id A1A93B000093 for ; Fri, 20 Aug 2021 16:00:17 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=I20tG+bPSMAZDABkHoyDnvWkcUgRWyY7V0ZeMvuYPK0Ji+MKcLeYDqaoT5LD9LkIWcXKjqpwekNPehWAdHdNWxdHQLJFBAl9r7PrQ9EMhCg94FP1abEj+ECu54JPI3dvFGyytekwOe53Qb97MBimhIBdmA2ig96TgY4Ub2EajzX+Jp4xorzyFtv+CLHEaxJRYNcHKz0WdkhFAhKs5OP7PkZ7Zu5g3Lpnoy4Ba1j4doqt1m8HBj2tzgGu0zR6SjD3GVPHBbfOJ/msBKfwf667LHr7JoZ5ErqGc8z/51UtHNysGFBitmvNzY04dBomdnBsuAhBWdQoAfXpzhaHGTmyAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ts5ts4ARhpDGyvhlzDfFHTvYw+BPLNST5kgGTYzF4lY=; b=UC6cz5kRGYT6PAudDZbPvbesd+luQKTSZPb6FOa6KwisXvR9Nlgur6DFC8jifnmYxpQVJUkriMkJtHisSpGRLe05kFA+w69razkteERrVbM4jqMLIzCZGDLdqhYQUaD8RNGaexbsQ/9vKQx9p3I0Xz2WQazy3VPVlPKDssTe8klmN1ydrr6BkX9nOIF8ny8NvcIQTaCNLkDMk9VCzdwRFsTS0HifUv8lQkkztB3E2fZ1l3BAq1YtqRrK7s00bceVJMXKa2HMBVn2QfwQ7XCXmsflHcKWpTI7EbR0snbfggTNu30QxN2xJ10KlZMcUGBqN1pThunfyEf0cSRZ6osd1A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ts5ts4ARhpDGyvhlzDfFHTvYw+BPLNST5kgGTYzF4lY=; b=QoYN3mb0TF5ql0KGJVfrB8VGX9yvOQa2Stwjes8AfiJ+ZI5oQCKI7sf61WD5pTwqjqD5XJyWtJX274k0vq1rZHEVO6NCYVuZ6v1H1BhHJ8On9sCkSiMA5wIyO2vK0U/2NCpO/bvKFhPQeCfa4vcuOZDf8IuzHgXWvL0pwXIhLIE= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2685.namprd12.prod.outlook.com (2603:10b6:805:67::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.21; Fri, 20 Aug 2021 16:00:14 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:14 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 16/45] crypto: ccp: Add the SNP_PLATFORM_STATUS command Date: Fri, 20 Aug 2021 10:58:49 -0500 Message-Id: <20210820155918.7518-17-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:13 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7834603a-bf8a-4306-423e-08d963f398d6 X-MS-TrafficTypeDiagnostic: SN6PR12MB2685: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5516; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: hsHCxtvKXZQEfhTOQfpGQ3mCcFOH2+nr9xyZSjqlN3jpBdzX1x1oY3p9gJoZK8iqqmCShKW9LWFu01CIUDM1zLYxJT3vtx7HidDAVMCJNSrZKHAQeBETMN5aU0jGYvj2jq4UIwzB0wbLoxG+tPYdUfJ2HWT3ZLmQd4FStvgyKgUps70bBwvi0XCPBlH35HDuqpKqeUb7i7OWT7GXaBKTYYxIjmQY1jYMHGW3zpoJ26ljlGOijx1hmOhdNoTarX8IDhMeiTifiLOBDIHEIyCjg/TrBhqcc875z+JQ8c0gYqjltwoERqo8g1CFix+fJ6rkkdkOeGuoeUncvm31myW2qU3PpFMi165PGGIIKzmVop2zO7oUxwPGt5QXKkvP3VWXmkpCvjuQv0/MsbZI1lppXTMeaSP/IoCwX8A2XtJLjlg4m+s71sf6nNyPf4Ew6nyg4xAYaN2vcAQt44W4kIVebgemDbqrfOAT2nt94wPqHVdV5TmNELOopScPtttlCWmoEeuaQo8m405rQUtCmRxV3TylRh4XuvGFKItls95+BYKUP/RrHS1MJJSYSlUQbDUDAfASCjcECaD2emwEdX6M2/oguvVXD4DPQoe8m33FXEVxQzbNmf4zVGxiciFOmZfo+GsGD2FiUkzysiDRj7wHA02SKz32r52jh9ku7yW0tmcRWuh7gneA37lGX5EW0MhxxDOX8WTjfn3vV8Wl2huYeg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(136003)(396003)(376002)(346002)(366004)(956004)(186003)(44832011)(2616005)(26005)(83380400001)(66946007)(52116002)(66556008)(66476007)(7696005)(7406005)(6666004)(7416002)(1076003)(2906002)(478600001)(36756003)(316002)(54906003)(8676002)(8936002)(5660300002)(6486002)(38350700002)(4326008)(38100700002)(86362001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: AGAi0wusnI5fTUx+merz3UsP0I8LpoTJsjxyOJILBNI2iz7mqfxUs5ha2puDoYCspu1YauCyAj522Ryp9wUxn7MZb7//o+Kladih+QQClJW5zthxnt5RYehMrngHQj2SEoWfGl3+GTF1tmBv7suQvpXe//ruRc95qWlMVvfzwxSLO4Vc7Rv0OhVz6FrqKir1qXF6gZLONWvWCyqowwUAzmbT00SC+A3IBwrKdmtjG/wv5ZZqOrZuHHEEFsSfKgEzP6BpF75CQ+5bMxTMeRqzKhGwHnDofP+HFd/ijMDYELO35MK4G93mNnh8IetDUdES7yPPSt1WIRcpZ2dczsv6Rr0sacZx1nNisj2EXAU8I9F+McYRM0dlfDRApRU5YMlsTOtN6IhhnMCDw8nxg6tP6g5ITm1ut6dCmA0uchXAjLakhvLDCawniZEmJxYS/sRS88r6VkwU/7frfMiTsi7PBoFFjp6eGooLUSTe+rpwFQFqimoeEFoM67PztkzOb1Sj0Uim6YqZ96n/Or5Z9D0/6yhxxzFjeyqhDoqJ63k9OOdJpd5vXcEZvSqHQK7g8BCaazWLY8E1Jpz6lxyNiSN8p7d4hZf5Mtn9d5dAUnP7lQOb7jLN8jJkabx95hAXdJzh6DiPJnnneLtqGEq8lT+cwGkW/Vdyb+y3fnVfJWDStE709mW0PCqHC3wuPZT0OYWx5Di9BKIEoa5lCX32NsakYTXZ9S4VbCRTTaDdjAg02yZRXyDwA2ct2NVAqTVbHM0jkbm89a0WHaRKvXaNzeJ7rlGDkWv82SKfahDq/F7V7oyur07h66H6cA/+VPv3d5Z+hbIRv8cMsAHCo32H/rSjh0Rcb0xFss4rB4DYv/R6QHxdM+21FG4hosO/VcUr4rswjUgAaidY1+DYsD+x08y7B4yUgw6yZjhtXdl40DFU6ChrU1uicQwyXaArtG1Q3vOaozT3ZA/4/qxtc5rNPg+5h7+PaTpzUNE35PcgL4ytLnHli4uuXMQIT/yxgGKiBZsIqhLtFX4a9DG3Q1dDGgA2RkrkcYpHW4tvpPD5yTYkeOyrlXIYOg+XDjSPNnUbcQUSWQGabQnLwnOOC0G890JLuPrH9MeXh6/arZzSdNJXXzRpIQBYlRRr6//vAzu2KKdTQToQnv/n9kl5Xp8KmVHtkVGvxLze/MpLGhlDtA0z1OyfudJYPqQZDvc3gNAMxizxp1L0y5fZ+tNxDAymndqrsR1v4M0iwqdyIHK3maVT4R3EuOMNkPxvV4s3XmFjKSuLAVJc+VCZxDJ0jIo/j3uPTe7oylh0W64zN6dEfBm9oV3iVlf1BvxDWD7j9R7tKIcm X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7834603a-bf8a-4306-423e-08d963f398d6 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:14.4045 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 8SUpFbttGsLJmJ8xFNxC3ZG3GATF6FbKSK/wD5pyri7CD//Buwiz6EIO26F3fJYBfiBLkQ/CGh4SFlZyJz1rbQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2685 X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: A1A93B000093 X-Stat-Signature: d59bcfrd8zukhspz6j5s69jrux1a9iq9 Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=QoYN3mb0; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf19.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.220.56 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-HE-Tag: 1629475217-538715 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The command can be used by the userspace to query the SNP platform status report. See the SEV-SNP spec for more details. Signed-off-by: Brijesh Singh --- Documentation/virt/coco/sevguest.rst | 27 +++++++++++++++++ drivers/crypto/ccp/sev-dev.c | 45 ++++++++++++++++++++++++++++ include/uapi/linux/psp-sev.h | 1 + 3 files changed, 73 insertions(+) diff --git a/Documentation/virt/coco/sevguest.rst b/Documentation/virt/coco/sevguest.rst index 7acb8696fca4..7c51da010039 100644 --- a/Documentation/virt/coco/sevguest.rst +++ b/Documentation/virt/coco/sevguest.rst @@ -52,6 +52,22 @@ to execute due to the firmware error, then fw_err code will be set. __u64 fw_err; }; +The host ioctl should be called to /dev/sev device. The ioctl accepts command +id and command input structure. + +:: + struct sev_issue_cmd { + /* Command ID */ + __u32 cmd; + + /* Command request structure */ + __u64 data; + + /* firmware error code on failure (see psp-sev.h) */ + __u32 error; + }; + + 2.1 SNP_GET_REPORT ------------------ @@ -107,3 +123,14 @@ length of the blob is lesser than expected then snp_ext_report_req.certs_len wil be updated with the expected value. See GHCB specification for further detail on how to parse the certificate blob. + +2.3 SNP_PLATFORM_STATUS +----------------------- +:Technology: sev-snp +:Type: hypervisor ioctl cmd +:Parameters (in): struct sev_data_snp_platform_status +:Returns (out): 0 on success, -negative on error + +The SNP_PLATFORM_STATUS command is used to query the SNP platform status. The +status includes API major, minor version and more. See the SEV-SNP +specification for further details. diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 4cd7d803a624..16c6df5d412c 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -1394,6 +1394,48 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable) return ret; } +static int sev_ioctl_snp_platform_status(struct sev_issue_cmd *argp) +{ + struct sev_device *sev = psp_master->sev_data; + struct sev_data_snp_platform_status_buf buf; + struct page *status_page; + void *data; + int ret; + + if (!sev->snp_inited || !argp->data) + return -EINVAL; + + status_page = alloc_page(GFP_KERNEL_ACCOUNT); + if (!status_page) + return -ENOMEM; + + data = page_address(status_page); + if (snp_set_rmp_state(__pa(data), 1, true, true, false)) { + __free_pages(status_page, 0); + return -EFAULT; + } + + buf.status_paddr = __psp_pa(data); + ret = __sev_do_cmd_locked(SEV_CMD_SNP_PLATFORM_STATUS, &buf, &argp->error); + + /* Change the page state before accessing it */ + if (snp_set_rmp_state(__pa(data), 1, false, true, true)) { + snp_leak_pages(__pa(data) >> PAGE_SHIFT, 1); + return -EFAULT; + } + + if (ret) + goto cleanup; + + if (copy_to_user((void __user *)argp->data, data, + sizeof(struct sev_user_data_snp_status))) + ret = -EFAULT; + +cleanup: + __free_pages(status_page, 0); + return ret; +} + static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) { void __user *argp = (void __user *)arg; @@ -1445,6 +1487,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) case SEV_GET_ID2: ret = sev_ioctl_do_get_id2(&input); break; + case SNP_PLATFORM_STATUS: + ret = sev_ioctl_snp_platform_status(&input); + break; default: ret = -EINVAL; goto out; diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index bed65a891223..ffd60e8b0a31 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -28,6 +28,7 @@ enum { SEV_PEK_CERT_IMPORT, SEV_GET_ID, /* This command is deprecated, use SEV_GET_ID2 */ SEV_GET_ID2, + SNP_PLATFORM_STATUS, SEV_MAX, }; From patchwork Fri Aug 20 15:58:50 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449801 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1AEE5C4338F for ; Fri, 20 Aug 2021 16:00:52 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id AD2E8611C0 for ; Fri, 20 Aug 2021 16:00:51 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org AD2E8611C0 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 756DC8D0013; Fri, 20 Aug 2021 12:00:19 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6B86F8D000F; Fri, 20 Aug 2021 12:00:19 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4BCB08D0013; Fri, 20 Aug 2021 12:00:19 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0051.hostedemail.com [216.40.44.51]) by kanga.kvack.org (Postfix) with ESMTP id 310128D000F for ; Fri, 20 Aug 2021 12:00:19 -0400 (EDT) Received: from smtpin02.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id DD2EB29E13 for ; Fri, 20 Aug 2021 16:00:18 +0000 (UTC) X-FDA: 78495920916.02.131546D Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2056.outbound.protection.outlook.com [40.107.220.56]) by imf19.hostedemail.com (Postfix) with ESMTP id 4BCFFB0000AC for ; Fri, 20 Aug 2021 16:00:18 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AyJoLW5O1aLGP88kD3Zynk6hgwyRrVINSSHA/dgCdfrrhciCsKjlRpnxnY3Nz1MRQm53Oj8K2AKzWeUxILD5sReqnGyNBoPlWNafaYzoX0fR4a4b42IBBUsttsJMJa11lu9xx6bUvoJ8/54pGP0dUiZilDWzjKi0Ody0vjIu9QZNhmtOHSVQE+CeukFy2V+oPN2vEzTE4YYoIq4qLXKpaGnqz+IwXksEFotKgBlVGRdHVhsswu6Pt0vmv5e8disILZ6Qz+nQVemOX/zEPSe1Bzr0gHSZaOReaTS5qholcTF+IxCg6n+7g2mNDiPkIeyVYHlQ9KHFLaONEqCh2Hjaag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xPryMDZPhO3hrlwHpI7SXBuaBntaQGIugY6Hne+e64k=; b=CHcgYCwVteMFmjdbiwLJMF58YCp+tLqEgvOhnH7+SkETvvCEG6gR+dBaF58VmGsCbCIN8lohxV9Yd+Rs3CxD0PHLap05tLXnCjHnMwNapXkNTBXE4R+C3sp2+qygWXAIU5F1LzwI4ZgZ4o48xjhLpcy7hPwOpINGvbEAQMScsNCQXEiCV2gYzCu0R3jIO/gh64Im/8Fz+CKGfPEz3rGA2CpnSv0CdYrPBQ7lkjhonBbazRjXvf0PAqI84+9Zuepzxip0sqaglImzwfwYMTBxEApG2ibCVDaseaL40LW0fs7IfpWSzKAJ08PpR329N1Fg6yaBXblHhIOUqxIp9EH9Xw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xPryMDZPhO3hrlwHpI7SXBuaBntaQGIugY6Hne+e64k=; b=2Z222RL77BnhH2MsEN9inZ5VRoXu+qB0WLvXOBGEevKZHIkUCGIU/B/+CTx887J8QYt4iE/MiNsRAS3M3WhTWmm9zszBHNBs3jWb3SBJu9qcUVJUlI5zZ5+whb8XcI26NL4cbr6v14nES1bjNk4Louj2XbNdXha4tknAb/OntGE= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2685.namprd12.prod.outlook.com (2603:10b6:805:67::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.21; Fri, 20 Aug 2021 16:00:15 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:15 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 17/45] crypto: ccp: Add the SNP_{SET,GET}_EXT_CONFIG command Date: Fri, 20 Aug 2021 10:58:50 -0500 Message-Id: <20210820155918.7518-18-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:14 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 6f4e2e4a-cb99-447f-3ddb-08d963f3998f X-MS-TrafficTypeDiagnostic: SN6PR12MB2685: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: DK4nXC/nrczRpi2HIgXAbdsX9yu4edu7SVcED1tgp1LNHQ0/7oYAOaeYBeIGt9/msqCuuhPQoakxlbMOsbDZ+R2IIEj5CwqzZiVSlnEhr69r7uV2Ego90u56GpVKnkWr6rVEszxMm6J4X5wIDtH9ly7woCZYGyrIpJqfPpsdr8I911WEzLPnf4OcAjAP+pYDJrmXmg/L9BbGwiKm/ARAgvmpnGNVpTZeHPO6ww+HIjECDSLZRMjgqbOLD7EqbBKWsbqtSf2ldX5ytREHNHPjCOrtUUV5Rss6Sif0NOqb/UUWEO6v2SBHiJ7sEsXIDaJFIw+UUrGZ7rfSO5pOjrg4/DIZVNNNbHSk713Cmp1jJeRfElY1qjmm8OLQP0XQm5hcfEqygZjnUWi4uG6ns4CMOAW2yt1KdwebsO66Uf2uWGAv/H7X2DaKUKdtao1lNgEQ8bnnHoCLWO1RZITvAcWCiIF9hPg4mH8Yppxi11lb+u1DfqKa5oQAzL12AU5ELBFJOgmplpTyOEX5IBlSV35rQLX0xcmZL4qB90qS0ZUeNrgqikvDlaxTGWn5rFamj9eqqgFtHqX53FWhyBmAP9pnmcvvFs8Hl5uErVvzeEthBY27OmIbQqGZGc185czn+otVCIuVXwnwvYXA3SiKuWoZJdtRbFCzReMZeFbhnjVjtrgQg/sGTh9JwYDLZJksj+DOjKWEJ6C1GbEZBMt8fuwmAw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(136003)(396003)(376002)(346002)(366004)(956004)(186003)(44832011)(2616005)(26005)(83380400001)(66946007)(52116002)(66556008)(66476007)(7696005)(7406005)(6666004)(7416002)(1076003)(2906002)(478600001)(36756003)(316002)(54906003)(8676002)(8936002)(5660300002)(6486002)(38350700002)(4326008)(38100700002)(86362001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 2mPR26Q76+y6D+T1Gngm7zAdWpRTu8NbLl6hSK6me/YmXHaDbKvDa8X74N4T0T08kfke5OzdaO3NZ6PIlbydKwGsU8Ct4z8KvjVp9g5Vo00stkVP5EbRjzCqWLgsEJL4Dc0swJBglaUtLyjZAmi4ZC5yQkeXPaefii/QnwuE/FXFSz05lV63PgnLViZxzyF6yDZ9Def2dA0A9o17+vzKdBE0rVwqmXd2dSrN4Vp6+Tu16aVHkyP9cdOf314qWprcNcf4+MuWbPKpZAbX3myFs8BDVOhkEjyqPUtOeZLSi7w8VT5LaM/7Ad0lbh5TQBHtAQWzSncZvNAmR4eJ6nSIywBBE4R+PXkQaB9ksRFuOZ+Z5zz21OGbJfjqnS009rPFh9LClfC0g87JehQZndqF4C29NzYbFBJVnM6ODiwIMYyl2dEdXLSpuVR+DBZQ/s2xMAh8YHX28uDZI4b34MqvnaCo+8Od26Cm2soeCU7fImYryHzxVn32clq+gW08TxP95v3vEktFPFHD4/eagfky1OEhCuo9+dD0OPlDI1Wj1lCKNHkBO7yEqfh0GK9bIC+nB7A7b/1wGx/1Ges5dT4fXxaT5ZQzWEjBFy1eYkMXomuZsRQ/M0r191K5qnOZuEvYa1a90TFMV1UAPFLI88RM4fDjWRkAoTMD94gsG8hjtS7fk3D7mgSsGRyRtrRiFmg2EVRzBxPeHRUOgbhh4O3VmLIcyD5Sux/EERG7k1tjyq0d5ScrrxnEWbKkjnwYkYw7m8BU1d81wwzifDclAm3LOKYf9liWgpvhwmbzgFbwRlmA9xnKNAIAeJBCqNdvDlD1rbItc7knt62KgBUT1jJG1PjosBN+Yv1Ed2d2fMK/apkwojdrv4D1UssR4j8FFgD0Wz49XbDQuO7/bFi8/MgK3ChKjSKo29gS/GUfI5F5zyX4TblAGFypH0j/Y2Q6ujGVNsZmEaunPScfHuLK7t9Dl4DsScRBDtzijOKnFlEWprCmJ73Nl4AJtJWHoP4NfyBq6jAO8donKdJgZqMSXhyTI07jQf7GEfDwWDbaGtzk+3Lpr3MKYKEYHNKs5vd0ICLuklLkR81XpCQ1BruT66tM7/MrdGjNI7yDknGTL8Sh4CgkOn/AeCFQTSFfLmkuyTCHlV2ag5N1cSuFNkR4C4Cy4mSwI3u8cCgsIuRpAiJM7pa/DfEp2Fi+x5HDlehJY+9LGgQqyn/IDyj0DHk0Likwmxun0G1AnUq7r058Tz3DTBr868VLBJrjcpj5ZpjWw+1Dz998z57eh5vR83FuyNIzHmwLkA2SDuLzKkIXz3IuiV/jgMp+sj4p8tM1AjZSTcSB X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6f4e2e4a-cb99-447f-3ddb-08d963f3998f X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:15.6338 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: hPVCjv9uBVpLnfjXPV2x6AIjA2LiVHnCCYC8furGCRDVYydPKJzyIirCBHzZ++1pIf2tsW8usbF+XnMpASuf8A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2685 X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 4BCFFB0000AC X-Stat-Signature: mt5bbcuc65gukhz3nmy4qsakwa4ib7bk Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=2Z222RL7; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf19.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.220.56 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-HE-Tag: 1629475218-227363 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The SEV-SNP firmware provides the SNP_CONFIG command used to set the system-wide configuration value for SNP guests. The information includes the TCB version string to be reported in guest attestation reports. Version 2 of the GHCB specification adds an NAE (SNP extended guest request) that a guest can use to query the reports that include additional certificates. In both cases, userspace provided additional data is included in the attestation reports. The userspace will use the SNP_SET_EXT_CONFIG command to give the certificate blob and the reported TCB version string at once. Note that the specification defines certificate blob with a specific GUID format; the userspace is responsible for building the proper certificate blob. The ioctl treats it an opaque blob. While it is not defined in the spec, but let's add SNP_GET_EXT_CONFIG command that can be used to obtain the data programmed through the SNP_SET_EXT_CONFIG. Signed-off-by: Brijesh Singh --- Documentation/virt/coco/sevguest.rst | 28 +++++++ drivers/crypto/ccp/sev-dev.c | 115 +++++++++++++++++++++++++++ drivers/crypto/ccp/sev-dev.h | 3 + include/uapi/linux/psp-sev.h | 17 ++++ 4 files changed, 163 insertions(+) diff --git a/Documentation/virt/coco/sevguest.rst b/Documentation/virt/coco/sevguest.rst index 7c51da010039..64a1b5167b33 100644 --- a/Documentation/virt/coco/sevguest.rst +++ b/Documentation/virt/coco/sevguest.rst @@ -134,3 +134,31 @@ See GHCB specification for further detail on how to parse the certificate blob. The SNP_PLATFORM_STATUS command is used to query the SNP platform status. The status includes API major, minor version and more. See the SEV-SNP specification for further details. + +2.4 SNP_SET_EXT_CONFIG +---------------------- +:Technology: sev-snp +:Type: hypervisor ioctl cmd +:Parameters (in): struct sev_data_snp_ext_config +:Returns (out): 0 on success, -negative on error + +The SNP_SET_EXT_CONFIG is used to set the system-wide configuration such as +reported TCB version in the attestation report. The command is similar to +SNP_CONFIG command defined in the SEV-SNP spec. The main difference is the +command also accepts an additional certificate blob defined in the GHCB +specification. + +If the certs_address is zero, then previous certificate blob will deleted. +For more information on the certificate blob layout, see the GHCB spec +(extended guest request message). + + +2.4 SNP_GET_EXT_CONFIG +---------------------- +:Technology: sev-snp +:Type: hypervisor ioctl cmd +:Parameters (in): struct sev_data_snp_ext_config +:Returns (out): 0 on success, -negative on error + +The SNP_SET_EXT_CONFIG is used to query the system-wide configuration set +through the SNP_SET_EXT_CONFIG. diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 16c6df5d412c..9ba194acbe85 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -1132,6 +1132,10 @@ static int __sev_snp_shutdown_locked(int *error) if (!sev->snp_inited) return 0; + /* Free the memory used for caching the certificate data */ + kfree(sev->snp_certs_data); + sev->snp_certs_data = NULL; + /* SHUTDOWN requires the DF_FLUSH */ wbinvd_on_all_cpus(); __sev_do_cmd_locked(SEV_CMD_SNP_DF_FLUSH, NULL, NULL); @@ -1436,6 +1440,111 @@ static int sev_ioctl_snp_platform_status(struct sev_issue_cmd *argp) return ret; } +static int sev_ioctl_snp_get_config(struct sev_issue_cmd *argp) +{ + struct sev_device *sev = psp_master->sev_data; + struct sev_user_data_ext_snp_config input; + int ret; + + if (!sev->snp_inited || !argp->data) + return -EINVAL; + + if (copy_from_user(&input, (void __user *)argp->data, sizeof(input))) + return -EFAULT; + + /* Copy the TCB version programmed through the SET_CONFIG to userspace */ + if (input.config_address) { + if (copy_to_user((void * __user)input.config_address, + &sev->snp_config, sizeof(struct sev_user_data_snp_config))) + return -EFAULT; + } + + /* Copy the extended certs programmed through the SNP_SET_CONFIG */ + if (input.certs_address && sev->snp_certs_data) { + if (input.certs_len < sev->snp_certs_len) { + /* Return the certs length to userspace */ + input.certs_len = sev->snp_certs_len; + + ret = -ENOSR; + goto e_done; + } + + if (copy_to_user((void * __user)input.certs_address, + sev->snp_certs_data, sev->snp_certs_len)) + return -EFAULT; + } + + ret = 0; + +e_done: + if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) + ret = -EFAULT; + + return ret; +} + +static int sev_ioctl_snp_set_config(struct sev_issue_cmd *argp, bool writable) +{ + struct sev_device *sev = psp_master->sev_data; + struct sev_user_data_ext_snp_config input; + struct sev_user_data_snp_config config; + void *certs = NULL; + int ret = 0; + + if (!sev->snp_inited || !argp->data) + return -EINVAL; + + if (!writable) + return -EPERM; + + if (copy_from_user(&input, (void __user *)argp->data, sizeof(input))) + return -EFAULT; + + /* Copy the certs from userspace */ + if (input.certs_address) { + if (!input.certs_len || !IS_ALIGNED(input.certs_len, PAGE_SIZE)) + return -EINVAL; + + certs = psp_copy_user_blob(input.certs_address, input.certs_len); + if (IS_ERR(certs)) + return PTR_ERR(certs); + } + + /* Issue the PSP command to update the TCB version using the SNP_CONFIG. */ + if (input.config_address) { + if (copy_from_user(&config, + (void __user *)input.config_address, sizeof(config))) { + ret = -EFAULT; + goto e_free; + } + + ret = __sev_do_cmd_locked(SEV_CMD_SNP_CONFIG, &config, &argp->error); + if (ret) + goto e_free; + + memcpy(&sev->snp_config, &config, sizeof(config)); + } + + /* + * If the new certs are passed then cache it else free the old certs. + */ + if (certs) { + kfree(sev->snp_certs_data); + sev->snp_certs_data = certs; + sev->snp_certs_len = input.certs_len; + } else { + kfree(sev->snp_certs_data); + sev->snp_certs_data = NULL; + sev->snp_certs_len = 0; + } + + return 0; + +e_free: + kfree(certs); + return ret; +} + static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) { void __user *argp = (void __user *)arg; @@ -1490,6 +1599,12 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) case SNP_PLATFORM_STATUS: ret = sev_ioctl_snp_platform_status(&input); break; + case SNP_SET_EXT_CONFIG: + ret = sev_ioctl_snp_set_config(&input, writable); + break; + case SNP_GET_EXT_CONFIG: + ret = sev_ioctl_snp_get_config(&input); + break; default: ret = -EINVAL; goto out; diff --git a/drivers/crypto/ccp/sev-dev.h b/drivers/crypto/ccp/sev-dev.h index fe5d7a3ebace..d2fe1706311a 100644 --- a/drivers/crypto/ccp/sev-dev.h +++ b/drivers/crypto/ccp/sev-dev.h @@ -66,6 +66,9 @@ struct sev_device { bool snp_inited; struct snp_host_map snp_host_map[MAX_SNP_HOST_MAP_BUFS]; + void *snp_certs_data; + u32 snp_certs_len; + struct sev_user_data_snp_config snp_config; }; int sev_dev_init(struct psp_device *psp); diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index ffd60e8b0a31..60e7a8d1a18e 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -29,6 +29,8 @@ enum { SEV_GET_ID, /* This command is deprecated, use SEV_GET_ID2 */ SEV_GET_ID2, SNP_PLATFORM_STATUS, + SNP_SET_EXT_CONFIG, + SNP_GET_EXT_CONFIG, SEV_MAX, }; @@ -190,6 +192,21 @@ struct sev_user_data_snp_config { __u8 rsvd[52]; } __packed; +/** + * struct sev_data_snp_ext_config - system wide configuration value for SNP. + * + * @config_address: address of the struct sev_user_data_snp_config or 0 when + * reported_tcb does not need to be updated. + * @certs_address: address of extended guest request certificate chain or + * 0 when previous certificate should be removed on SNP_SET_EXT_CONFIG. + * @certs_len: length of the certs + */ +struct sev_user_data_ext_snp_config { + __u64 config_address; /* In */ + __u64 certs_address; /* In */ + __u32 certs_len; /* In */ +}; + /** * struct sev_issue_cmd - SEV ioctl parameters * From patchwork Fri Aug 20 15:58:51 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449803 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 708CCC4320A for ; Fri, 20 Aug 2021 16:00:55 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 1F018611C0 for ; Fri, 20 Aug 2021 16:00:55 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 1F018611C0 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 1B1848D0014; Fri, 20 Aug 2021 12:00:20 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 139E48D000F; Fri, 20 Aug 2021 12:00:20 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EF5098D0014; Fri, 20 Aug 2021 12:00:19 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0179.hostedemail.com [216.40.44.179]) by kanga.kvack.org (Postfix) with ESMTP id D4D4B8D000F for ; Fri, 20 Aug 2021 12:00:19 -0400 (EDT) Received: from smtpin01.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 7B5E2181D75A9 for ; Fri, 20 Aug 2021 16:00:19 +0000 (UTC) X-FDA: 78495920958.01.7574518 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2056.outbound.protection.outlook.com [40.107.220.56]) by imf19.hostedemail.com (Postfix) with ESMTP id EB32AB0000A5 for ; Fri, 20 Aug 2021 16:00:18 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CbdQw+gcVbpacfCFut6S7TwBXREGtyTP4T0b+4RhNYh4YuJA6GYUTDT+Oi4aH9MYnFts9HFQVJJpkNiKjoGMShTZD6xTptdcg/zArYgmun78nH9hzLBZtpbZ4LuSx1aSaHvDz2jJsvYQDrf2CPUNcDs52WTg3JqaQHFkkKnz7B1M1JQECD9CxvFKaUHIXqvzndcp+oMy+X8VqmkgXBfYKL+EGgm6pNv59f4rUM7lin2OR5yqQijIbzIHM1XQr0E8iABc9o9SiR+1ySfV96cQTRsFfm37lngPtzsH8q81RO1y5flrW9sSqhnWxXjlkza13j+HNoz4GzaPzCyxJS8hpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=I5Hu5DkJ7LdKmBWY1fO8ipCCK/p6x+o4WD5oR1GhaHc=; b=HK/4kGXbrpluRyCbPyqSvDW8vLDO9kkuNJQUoUrnGh8izuntPSxiwdIoB7gDsCWKyFeGQ1QfvzN5g28D/mFbJJ4crPJO1CT9w7PFTH85FycPlW14WgMqaEK3yxznbdHPa0wKVtYvbjsDsUhP9HpYkuofFwiVUAvBJjvutuW+nw/P4vHjZJ03651tRpbBJdhpT/epDMSsk1vQR9zHaBiCIni65/Hbyogr8LeEyVK/1atB1Ve1L1sSIzCi2vMMu9p4wopYr9eYdlurrZ0/HGByOYJBnLCkG1peD47HNvgOFjtGIIxkIV4KYicBr0XYJ3ZAntN3d7gYVhD/udeQmSAZUg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=I5Hu5DkJ7LdKmBWY1fO8ipCCK/p6x+o4WD5oR1GhaHc=; b=bKO4LLYuufMpgiiPmvE8jmbEZN5tpzDJpeiLEdCjvd3+mrsA8oPVVu6NqsGheCwpS+pfOprBmUBxH6Ep2wArOCZKZ2wtahrlK0IcTIUuQnm3qgW6t8E/KO9VYifKoY6PYz0KJTlXZyRh3tWRRT5urTA8WQUB7JQTROAttyTMGaU= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2685.namprd12.prod.outlook.com (2603:10b6:805:67::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.21; Fri, 20 Aug 2021 16:00:17 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:17 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 18/45] crypto: ccp: Provide APIs to query extended attestation report Date: Fri, 20 Aug 2021 10:58:51 -0500 Message-Id: <20210820155918.7518-19-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:15 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b98a94fc-dade-4d1c-8796-08d963f39a48 X-MS-TrafficTypeDiagnostic: SN6PR12MB2685: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 8GSUqxIbPmNYsLg+ayXhyKo7b9h2Vb0x5BBuo7/25RQxTd3orTetMJhh5BxNU/W8bZCyvg0tCkFSxmceAEhZKEHp9zzxq5yGQHXP+FjAikvivMmNlOmTSG/9pgq1quvNfYIGIO5JJaecFalhcdRnngkkFN2SaD6XJHrprnZb5vGblkT4oiCQjfVG14/h7VwNQqNsTMgRSIUa7ii60Kt8VJho8DLEuh4E5JrECKBP0gFocxyg5gkWsZa+c+MkFUZ8VH0vcQs3h6LJL00vEUTrSTARj2RFAaTFfzQ+VdKBsb1PStayaB/JqL+JZZd1bax0SyfjA6HFzdjJj19dIYPMfq6S5TAiytLys8xLtkZenGaETYRbJOAQyyB+fUKwIiUQ22hmpk0jtoQucwGE1PRAaZuGWMBlRbJBnfZsekK1OBICTrXuYF367lm3tt/MBrbyPZhpXXenpJJIP0wjskwHnxjCcab4Fi4RZ4mAXR9z66oOp7TpQCNxi+VvCivW9h03B7ccuV7HEuUagWUCRrUPJFiFk/ldnPgLS57LUpeAsfv+z6gajUDZIdDqt2Th0bQneJKKogVeciwggJjpvwu7sHePLg730FoObLW6+zAfaY037PxIqAy7xMCMZJiTgOgOyx8UW6NACPGj8r4IAx9ptkgJx6/Hnxa5A0yoZ4jyVa1XO0DhY/B79WwCS5FVZW0B9aQqdYvJB3bu0ML8BU/Iwg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(136003)(396003)(376002)(346002)(366004)(956004)(186003)(44832011)(2616005)(26005)(83380400001)(66946007)(52116002)(66556008)(66476007)(7696005)(7406005)(6666004)(7416002)(1076003)(2906002)(478600001)(36756003)(316002)(54906003)(8676002)(8936002)(5660300002)(6486002)(38350700002)(4326008)(38100700002)(86362001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: k2AZqOYymyEpagRax8lcWz0rQmrOCg5dQML3ZhpQXCza0v8tB9FasWlBjZ2/OioVhWqjCyKJZ6XiRkLuIht7Sjue20fxnJX6kIo2qE6zUBBsMD+ajbBWs41vRW7vQV9qPJIcPFuXCTLYy3pzWpM7Q94LNjQr9SuUgX2Qhg7lvdFM600vWV2LIKWsXPfcsq4+MQjdrPcK8/EPyni75Q+1oAXUcX1pPqHb37GixACqAb7+6IjZekvcrAkhcuPN5cBPvYO+aMiiigpS9Cqgw14TC17c3gep+PYh2tKfILqQNkolWg5jFFsJvUF8TNWOwBSrtvw9+73HmB+Lpbk+qdmK8BrU7ZMl27XCe0xzTW5Sw8JM/DeIVvp76uDlE0M6KbPfRDD8JiSzPkoNgiAOj/x7ySM9ppfDaroaNVK1kccyI6f5wSpQuVRm9qB4EfZcT+4AKPOeluGOzFk0fJCbqHgxC+2jkyUkebAzpZ/bGglk2RQvUVVHckOw2bg/XeRYZzrHrcmCBVsKGtFgsiLtG/lvFn4Ia/Sm9n5rH36hkuRrafMtPYYkTiAYsFnOYv0X5r0dXztE2FY8quUorNm3BwlPVaDiE58xzIFHa57Nbisoe8U39UGtx2TOgFqCRQPFIzTTyanvgdXz4nbpJ+rwzo5qZUErSylXtZndmcuUVFSMcOBRllWYWDorOFmDVvN9aTPsJH04lQvDDPGtN0M1LiuRDuevEi12eN5pf0ZY9r0IbK+yWvIYwR9tNSVC2usAH5z+v9qxT8TtGBEdBlmlL36MHQYzKIYICVAE+bbN2uLK0F4py/HQue7S3DCRw2g+P+lzIxXCSi1S3Q+TYHHFCj4fP6h8ImXfMWpZa/x2SmvsZn8Gq6mKDrooTxdhJLJGx8X/3dKwJQROg528ZEyrZuaesrqYtZgsbQmVDYKqeofCLCeY5lRI8/RugX0Mh+hMW8R8kLVWx8XL4HRJhQKsFtynByipENMCfHxo8XFgRy3PrJ1P8QP7uVmfpR3z/C3bl8bko33sdjWANWFjk35v6xuBdDerW0F/4vHo1chItph3nMHdB+3zalIwyUhzmeoHZgtVum/PJdE58mv77W2xAuLSbrjIVBCP3gUiaFqT+WUj5zjP4QCYnYE68Nqa+kqbg8MzdDNi6d4vu8aiJTYv2/HUM49WEKVqZhZ39tfKOM0MOgUozo+mtzdtY6yKI8vvCg45VhFWqsmvPoArDfqIZsSqOFHJuUfxu9CrHhL6FGSQtQFeqgCTbEL6L3EUmyUgfnZPVmN48PWnZl4GvXlhXdhvy38dcqqMDVzooq00rtUMpqPqF4mlu3am4U5J186iIkgY X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: b98a94fc-dade-4d1c-8796-08d963f39a48 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:16.8242 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: fyFyc5GabL48U6WmtRJTGhOlCKGbpSSiT8DT57hspA5m2mSw5q58RnPcrsTRrNe7wxBMDB1U9s/wgJkyUocj7g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2685 X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: EB32AB0000A5 X-Stat-Signature: a9yj1darj49gsymfyw57k1y769gw6twy Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=bKO4LLYu; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf19.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.220.56 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-HE-Tag: 1629475218-913984 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Version 2 of the GHCB specification defines VMGEXIT that is used to get the extended attestation report. The extended attestation report includes the certificate blobs provided through the SNP_SET_EXT_CONFIG. The snp_guest_ext_guest_request() will be used by the hypervisor to get the extended attestation report. See the GHCB specification for more details. Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/sev-dev.c | 43 ++++++++++++++++++++++++++++++++++++ include/linux/psp-sev.h | 24 ++++++++++++++++++++ 2 files changed, 67 insertions(+) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 9ba194acbe85..e2650c3d0d0a 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -22,6 +22,7 @@ #include #include #include +#include #include @@ -1677,6 +1678,48 @@ int snp_guest_dbg_decrypt(struct sev_data_snp_dbg *data, int *error) } EXPORT_SYMBOL_GPL(snp_guest_dbg_decrypt); +int snp_guest_ext_guest_request(struct sev_data_snp_guest_request *data, + unsigned long vaddr, unsigned long *npages, unsigned long *fw_err) +{ + unsigned long expected_npages; + struct sev_device *sev; + int rc; + + if (!psp_master || !psp_master->sev_data) + return -ENODEV; + + sev = psp_master->sev_data; + + if (!sev->snp_inited) + return -EINVAL; + + /* + * Check if there is enough space to copy the certificate chain. Otherwise + * return ERROR code defined in the GHCB specification. + */ + expected_npages = sev->snp_certs_len >> PAGE_SHIFT; + if (*npages < expected_npages) { + *npages = expected_npages; + *fw_err = SNP_GUEST_REQ_INVALID_LEN; + return -EINVAL; + } + + rc = sev_do_cmd(SEV_CMD_SNP_GUEST_REQUEST, data, (int *)&fw_err); + if (rc) + return rc; + + /* Copy the certificate blob */ + if (sev->snp_certs_data) { + *npages = expected_npages; + memcpy((void *)vaddr, sev->snp_certs_data, *npages << PAGE_SHIFT); + } else { + *npages = 0; + } + + return rc; +} +EXPORT_SYMBOL_GPL(snp_guest_ext_guest_request); + static void sev_exit(struct kref *ref) { misc_deregister(&misc_dev->misc); diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 00bd684dc094..ea94ce4d834a 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -924,6 +924,23 @@ void *psp_copy_user_blob(u64 uaddr, u32 len); void *snp_alloc_firmware_page(gfp_t mask); void snp_free_firmware_page(void *addr); +/** + * snp_guest_ext_guest_request - perform the SNP extended guest request command + * defined in the GHCB specification. + * + * @data: the input guest request structure + * @vaddr: address where the certificate blob need to be copied. + * @npages: number of pages for the certificate blob. + * If the specified page count is less than the certificate blob size, then the + * required page count is returned with error code defined in the GHCB spec. + * If the specified page count is more than the certificate blob size, then + * page count is updated to reflect the amount of valid data copied in the + * vaddr. + */ +int snp_guest_ext_guest_request(struct sev_data_snp_guest_request *data, + unsigned long vaddr, unsigned long *npages, + unsigned long *error); + #else /* !CONFIG_CRYPTO_DEV_SP_PSP */ static inline int @@ -971,6 +988,13 @@ static inline void *snp_alloc_firmware_page(gfp_t mask) static inline void snp_free_firmware_page(void *addr) { } +static inline int snp_guest_ext_guest_request(struct sev_data_snp_guest_request *data, + unsigned long vaddr, unsigned long *n, + unsigned long *error) +{ + return -ENODEV; +} + #endif /* CONFIG_CRYPTO_DEV_SP_PSP */ #endif /* __PSP_SEV_H__ */ From patchwork Fri Aug 20 15:58:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449805 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7B0FFC4320A for ; Fri, 20 Aug 2021 16:00:58 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 2B1CC611AF for ; Fri, 20 Aug 2021 16:00:58 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 2B1CC611AF Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 92DCB8D0015; Fri, 20 Aug 2021 12:00:23 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8B6C88D000F; Fri, 20 Aug 2021 12:00:23 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 72FE98D0015; Fri, 20 Aug 2021 12:00:23 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0174.hostedemail.com [216.40.44.174]) by kanga.kvack.org (Postfix) with ESMTP id 56B2E8D000F for ; Fri, 20 Aug 2021 12:00:23 -0400 (EDT) Received: from smtpin25.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 06ED82C685 for ; Fri, 20 Aug 2021 16:00:23 +0000 (UTC) X-FDA: 78495921126.25.83C59BF Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2084.outbound.protection.outlook.com [40.107.220.84]) by imf14.hostedemail.com (Postfix) with ESMTP id 8A1A560019BF for ; Fri, 20 Aug 2021 16:00:22 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nQG5HK5vJo/hz7s++BX7T6i6uBnLgLkx/IR/Z7ozJolfzoMuFxisGv0VWoIxbvFtIIQsyzZysETCcXnrwwirPqF+cTn5BIpJAIbejC0Q3YGuxdS0iyM1fr3VIBmmbsYk70gRoax1te97fOi5jrylUPduYa6nCtF9vGfm2Yhq8WTLGB+O5PDcqEnYaUSVoFebz9IaK1+4bN4bNgpmEKPiM0YFle0SL0GXZxWyVEvbfwP27/wO4tLxSa+dhiDxblv6XdQOjDk9meSk6PYGg7VR4ZbbfyLryi+2kjOwjiuRExZU6oyHD5Q+RKCTeXK5ZL0ssOSlYtKI8Pr6tLjzUQ6GRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Fdd2TDJlrrGVf/MpQ4O8wx2GWeP+/z1Qw8sLPALjGpY=; b=eVY3Fps5pLDQcqPF9qx7HF6OfE0U/OYCJWVLc2iFSUYDC4tAsUGxbgoX2kuirWV4AyoqnzstNekRD7US4UZAACmTAmzMd6d+FGNRevKJw4zet0qqOeFRS6AMH8Gl+vfDFPGJaOkkl0/7TnprZXPgfqmHLxD0+aH5RbViGg7YAjYUCRaKPhB32xvwnUd6uJ7c1bw0EIInO13+NG1PmEfRqjsg1iRCGS+N2PQc6AEpq86OaBE0pJJexcNFtUWwoSTRPV+SjXLsFNqwBuswGKiHHuxBbf7m5Fwnh21enZeHp5WuKySjAE+gqqkxBC/sfu+R3796UrYTm8nXMcGhI7l74A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Fdd2TDJlrrGVf/MpQ4O8wx2GWeP+/z1Qw8sLPALjGpY=; b=lmMEEuOb4iCDwsgTqOb+2VSC2IJVejxGycQFwUnrIlMWwNIAwOzjCPQNN1zRcn7QUV37PDThViBxuG1zjUCN+BaPX5OB7wh4vLnqMMWDP3oBWDLVcIsr9/fqXg7RoYTk5f8Q8xQkEV1vVpRC9D0VxZpnfAAMSAB/O8UXx2VBe5I= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2685.namprd12.prod.outlook.com (2603:10b6:805:67::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.21; Fri, 20 Aug 2021 16:00:18 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:18 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 19/45] KVM: SVM: Add support to handle AP reset MSR protocol Date: Fri, 20 Aug 2021 10:58:52 -0500 Message-Id: <20210820155918.7518-20-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:17 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 757d54a3-7da1-4b45-6f77-08d963f39b61 X-MS-TrafficTypeDiagnostic: SN6PR12MB2685: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: hjbw5IK5uM3esxFr/xxHR03hZtMkSD7vVNELm9kB9rtStMmy5eeFKVR7WRGUoika3I0eOaCP4rg4RnfZd09LBEyW7OvqRyDz7OrzaONG9RmyH5RiJEcaQLM6EBLCgqvFqcKx21pGNmtSX3aAAWh1a6ZPoA3SadcrKTiAx2ejNiMoixU/BCzpiC8NgYDF6cqWevTR5bQayxOkeH4rYWO+UkZDfs8eZGS+1p3mt5JZIwQNxaVMtYoZM/HmMfjkUValM89ZYiMT6wbQJvXoxu2DGCWgLF9LR3XN8ClMu7yuezucJKjpddNu3Y7fBzqRYHOlvyjWBBiC73R8parv46mHFpW2pD/dSisyfZdOvpvU6/A2O9gmG3FGqNz0tKutMsRW+Pcobn30s0KGdp9ewSdoL3YTIuu0UVBm2ltqvE5DhzJDx8nvUw+EOj1FtX2aFMFQLkzcaQ9y2yQTtnjFI03AwcnWE2bwDqhOYYLJ8+rsvAROlWzZWJ09qgYveBaLmP8jDcPnuV1ej4a++ZtpLYheKLN7cqng2Ag1xL/NbWoxexsB3SF7WZ+vlMPkwA/4sHUGni/X8IqN0JRvodBjTz9rSgNTOdGGVLsUm61sO0vFC+yxkhoHxL1AoenVW5Ca+EmWCTLpxqrFlgC1UevU1IDaAV2SeGxtZ/w+mCOkJdjXIsyxOPRzOYohsucVLvafXglVc521gjJu0V95fxnUzZbVAA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(136003)(396003)(376002)(346002)(366004)(956004)(186003)(44832011)(2616005)(26005)(83380400001)(66946007)(52116002)(66556008)(66476007)(7696005)(7406005)(6666004)(7416002)(1076003)(2906002)(478600001)(36756003)(316002)(54906003)(8676002)(8936002)(5660300002)(6486002)(38350700002)(4326008)(38100700002)(86362001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: sa5QY3JG6HjzlvAjlNrL/dqrK3jrsAXJBrOmf5c0l4ZO2QLPjep25yixqvOWCYz3D3EpbpYSb9r/P5IGysL437jvPX2MRS7sAZCZg/TbyB2DauNBJxrk6/JQBLNXzLXMqvPRB0jPsE22JAx+yYIeTW6Suw9jzBSKSZjflezwE/tk/Pi6gS5B6jwj+pYviVyjgBFX7RRTXRyoLstQNB4gnZ/2LBokLXzcU6hl1SsbFsSzb4V6R4PIYoN8uta8yJAcKZnn2JJsqYyGaAe6FXdrVzOWy6F1jgCmDiz7ZyxjtXO3MD9qrOMcVfW+YEHYmBspLQbhISpIY/hLfy/l9Jamnh94Ox25NHIm9CZiVvg3GKL8fLa/9m0tHN/V7zzka5s8f7BUlpec9Rk8yCMnxiwOK60Y7SfAYEHlwsLycC4OVq4iXdBvmQ8J2MzEuOw6LVVxRYsI/EERR+iv3dgIGC/c7VUO/mfsJqdz9NnZzKtlpRm/1AwJOdkRUAZ1T3sBY1RIygllr3Xw0OJH9lFJD+XYzDex9sWmnk14BYEesnFBJ5tm9U2seWiKoRjpSuRt3mD7d0dCwfg+VNmcRqnyPsRjk5kMUhrQFYR1xucjAA5Vj19wh6v733IV+u9JAdyfDJbiRxjukC2WElypohA2hxU1r0WdRcWJwnJAKQTq2NVIypOPM5UZjZ7xcy5oTg3pWSGepcjXu4EMRjPj0HEo03QnprgHCMs5iYdYE7L0BiNV4bSJtstbQYy+7+1AhX9TZb1ifGzPZ4XTBNMfYT9hG3ZXZ4p8JgPPxNtpRcU7jMBIk6qsLdMn6fsYJ+kc2dh16kK1jrXxgOn/qzM6FIAqBm26JXBxZqWo4PQyB1qUbfCcfTwsXVVzCuB63cgm5o21aMlpJk6c4HEf8Ts3h5Ew7rVmSjUAQV3PpzZ1WFpELxFM4ql7T7M8y8TdyV9DK7ezcsn/9AVEWPYlLMzYJTXXs8A2ST21yCbIg8AG+V7lYzum2TSbsZvh/HP2TL0yir3eTqZ1Ner9jI3WfdNmDpo8R44YvpHlBypC8qA2ZILygD9QFcrjVOjLTMkSSERUarMXFWkNgx2ZcnSH8XAJpHCKtBxJQ+U7ZOS4dizZNiyx1gkSPVpsAPWdx3NonOfZmU9WsmXbPeNXff6mJT6jMFl9SCcr4DVHxWnJ+TeL6jCmy3zffzi+hyOd9TJJkmYVNsmVPH6OJroHQb67xMDTTWTK0sfhbxxH1b9EKxYhVoaTYl8IWCcdtWB0GG3I2Ts3AXmqhhPd9g2yJARmyUocDCVbcVIhNbMQgnNjMt8C2+ivH9VS4yiQay8i3PCq+V9eJHD2+7Wu X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 757d54a3-7da1-4b45-6f77-08d963f39b61 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:18.6271 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: PD7hZA4QbXVPAR1TUayaVkOsGZ/EBxdCXt/EZOIeMAt9a15/mJZHClU95qsJtk78qmjnmy8DxZKNVAUNFHfQbg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2685 X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 8A1A560019BF X-Stat-Signature: uwpfanybfg841gza43qzimx5wti8t15g Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=lmMEEuOb; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf14.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.220.84 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-HE-Tag: 1629475222-893497 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Tom Lendacky Add support for AP Reset Hold being invoked using the GHCB MSR protocol, available in version 2 of the GHCB specification. Signed-off-by: Tom Lendacky Signed-off-by: Brijesh Singh --- arch/x86/include/asm/sev-common.h | 2 ++ arch/x86/kvm/svm/sev.c | 56 ++++++++++++++++++++++++++----- arch/x86/kvm/svm/svm.h | 1 + 3 files changed, 51 insertions(+), 8 deletions(-) diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h index 5f134c172dbf..d70a19000953 100644 --- a/arch/x86/include/asm/sev-common.h +++ b/arch/x86/include/asm/sev-common.h @@ -56,6 +56,8 @@ /* AP Reset Hold */ #define GHCB_MSR_AP_RESET_HOLD_REQ 0x006 #define GHCB_MSR_AP_RESET_HOLD_RESP 0x007 +#define GHCB_MSR_AP_RESET_HOLD_RESULT_POS 12 +#define GHCB_MSR_AP_RESET_HOLD_RESULT_MASK GENMASK_ULL(51, 0) /* GHCB GPA Register */ #define GHCB_MSR_REG_GPA_REQ 0x012 diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 6ce9bafe768c..0ca5b5b9aeef 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -58,6 +58,10 @@ module_param_named(sev_es, sev_es_enabled, bool, 0444); #define sev_es_enabled false #endif /* CONFIG_KVM_AMD_SEV */ +#define AP_RESET_HOLD_NONE 0 +#define AP_RESET_HOLD_NAE_EVENT 1 +#define AP_RESET_HOLD_MSR_PROTO 2 + static u8 sev_enc_bit; static DECLARE_RWSEM(sev_deactivate_lock); static DEFINE_MUTEX(sev_bitmap_lock); @@ -2210,6 +2214,9 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) void sev_es_unmap_ghcb(struct vcpu_svm *svm) { + /* Clear any indication that the vCPU is in a type of AP Reset Hold */ + svm->ap_reset_hold_type = AP_RESET_HOLD_NONE; + if (!svm->ghcb) return; @@ -2415,6 +2422,22 @@ static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) GHCB_MSR_INFO_POS); break; } + case GHCB_MSR_AP_RESET_HOLD_REQ: + svm->ap_reset_hold_type = AP_RESET_HOLD_MSR_PROTO; + ret = kvm_emulate_ap_reset_hold(&svm->vcpu); + + /* + * Preset the result to a non-SIPI return and then only set + * the result to non-zero when delivering a SIPI. + */ + set_ghcb_msr_bits(svm, 0, + GHCB_MSR_AP_RESET_HOLD_RESULT_MASK, + GHCB_MSR_AP_RESET_HOLD_RESULT_POS); + + set_ghcb_msr_bits(svm, GHCB_MSR_AP_RESET_HOLD_RESP, + GHCB_MSR_INFO_MASK, + GHCB_MSR_INFO_POS); + break; case GHCB_MSR_TERM_REQ: { u64 reason_set, reason_code; @@ -2502,6 +2525,7 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) ret = svm_invoke_exit_handler(vcpu, SVM_EXIT_IRET); break; case SVM_VMGEXIT_AP_HLT_LOOP: + svm->ap_reset_hold_type = AP_RESET_HOLD_NAE_EVENT; ret = kvm_emulate_ap_reset_hold(vcpu); break; case SVM_VMGEXIT_AP_JUMP_TABLE: { @@ -2639,13 +2663,29 @@ void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) return; } - /* - * Subsequent SIPI: Return from an AP Reset Hold VMGEXIT, where - * the guest will set the CS and RIP. Set SW_EXIT_INFO_2 to a - * non-zero value. - */ - if (!svm->ghcb) - return; + /* Subsequent SIPI */ + switch (svm->ap_reset_hold_type) { + case AP_RESET_HOLD_NAE_EVENT: + /* + * Return from an AP Reset Hold VMGEXIT, where the guest will + * set the CS and RIP. Set SW_EXIT_INFO_2 to a non-zero value. + */ + ghcb_set_sw_exit_info_2(svm->ghcb, 1); + break; + case AP_RESET_HOLD_MSR_PROTO: + /* + * Return from an AP Reset Hold VMGEXIT, where the guest will + * set the CS and RIP. Set GHCB data field to a non-zero value. + */ + set_ghcb_msr_bits(svm, 1, + GHCB_MSR_AP_RESET_HOLD_RESULT_MASK, + GHCB_MSR_AP_RESET_HOLD_RESULT_POS); - ghcb_set_sw_exit_info_2(svm->ghcb, 1); + set_ghcb_msr_bits(svm, GHCB_MSR_AP_RESET_HOLD_RESP, + GHCB_MSR_INFO_MASK, + GHCB_MSR_INFO_POS); + break; + default: + break; + } } diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 8f4cdb98d8ee..5b8d9dec8028 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -188,6 +188,7 @@ struct vcpu_svm { struct ghcb *ghcb; struct kvm_host_map ghcb_map; bool received_first_sipi; + unsigned int ap_reset_hold_type; /* SEV-ES scratch area support */ void *ghcb_sa; From patchwork Fri Aug 20 15:58:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449807 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A584DC432BE for ; Fri, 20 Aug 2021 16:01:01 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 4DA5B60FE6 for ; Fri, 20 Aug 2021 16:01:01 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 4DA5B60FE6 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 35E798D0016; Fri, 20 Aug 2021 12:00:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 30F5F8D000F; Fri, 20 Aug 2021 12:00:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 188878D0016; Fri, 20 Aug 2021 12:00:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0219.hostedemail.com [216.40.44.219]) by kanga.kvack.org (Postfix) with ESMTP id EBA8B8D000F for ; Fri, 20 Aug 2021 12:00:23 -0400 (EDT) Received: from smtpin36.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id A2F622BC08 for ; Fri, 20 Aug 2021 16:00:23 +0000 (UTC) X-FDA: 78495921126.36.CA899C1 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2084.outbound.protection.outlook.com [40.107.220.84]) by imf14.hostedemail.com (Postfix) with ESMTP id 1C57260019BF for ; Fri, 20 Aug 2021 16:00:23 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ArV77KibKTduxMpFBcPohCQxOzDVfJicE4xBsqWEHOH1q1JJWyeJSXsRvYujojqXfkXck8XNlnfrzh1B7g7xmlgV+ievL7y7QXkegpeoz7giDLDRgzPE5PJXDv9MOKu1NYUDE4T5645gey6EsLQw8XsgmBqlk68weBcGQgZtZPPy3xIqnPmIXICnw4Yv3xFqVZoEbJ6CSoG8r8H/fuWZOdFemegBqVM6k1RJD2ks8H/N5ArLn8cpXc7D7jAcqccei8K704Rwv/a3IZbSu9LHqdGiLxhl+nc3OZGI/WhxfuzTCBkaskeJgn1J40WX3WSChA9oTtj4tsLMUNGBz4iKrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9CP8qfEvGIazB1gj0yyE4zHcuE1pL+F4XTy/w3EoGe0=; b=UUtlzAN94wAgXDAmHL8cjm1GODNEwXURq8kS/KEm+RtOw9I3kg0ChKjXW2mT65lFdmyYQM++F4A/LnfLaWu3OMnsYOcLU89e3yvsnZSA1pOSjphmFFcZPju2uEewKdilWHSrJYVBjPPbYNMIzOjaA36RAwJdJkgCe+7lj54X7Vy7r6PxJIjiW3SoByuqN+veUdDWfrw5zNnfTr1sM/yqEnEIGzAZ0TVt5iQnmQQrz5+hV6H6GXNIy1Tf21Kaya/Vc81RuXnlN8ngBumP9YskAuVqzAwLx6iNt80zWbqo+hSvypNs+9keKPjduMjEr9TwGqz+2uK9OgzXJv75jk8RVA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9CP8qfEvGIazB1gj0yyE4zHcuE1pL+F4XTy/w3EoGe0=; b=yUI4jy3GHP5Z2bcBs4FyMYyW8TNucXJU2psuF9jemqjY9iM20nZCTaIBXFolEJMVV0gO/hydpAscxuWSgrcq2YzklQyXd+TYmUHBRYSRlLpbjrLe0Jm97+hn1tcuYS6DwRoHROtzgE41c3q1Ya5Bph56pffoe8Esz5Lbmn/oxNk= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2685.namprd12.prod.outlook.com (2603:10b6:805:67::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.21; Fri, 20 Aug 2021 16:00:20 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:20 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 20/45] KVM: SVM: Provide the Hypervisor Feature support VMGEXIT Date: Fri, 20 Aug 2021 10:58:53 -0500 Message-Id: <20210820155918.7518-21-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:18 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7ffd8ed9-d4f7-4a90-50e0-08d963f39c1d X-MS-TrafficTypeDiagnostic: SN6PR12MB2685: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3968; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: oH4LqYNcXHsrSfRphfGhOobjmIVej5zzEdq3bk9zMJpCWLLwMqDcobBMti2QcvsxJ+uqOXFjY2GrR7IxQKwNla5N2WQjay62bsLq7YYSxGxCC00GYTJBBynpKTf3Nh6T9BWGm5PCKh7A1rbwpRqJWUIWXWbyStHhNRHV6/gElrGtc8DjMmUeuczlNYCA3FHizhCCm33I8bYkyIIpldcUftMu5n3mZwZ2XPdigyQI9IbV6LFxwtvfq62AsZDZriyl4JCAa0WnXC9RVLiaf8asidoKdHmYVGwsLUOD09UamzpaNN+qkMzyIn7i9ACvje55bk5ZhEbqmCfEtUJtV0pAzptpaOBvVS4qg4Wvnml76q9rpN6gpyvsYYFLplCbAfS3pqY9BorqDfFblXy8uKEJP1zB+3dS8AavCPeLDj2yWXKKtYvgEKs1U7i3zBOvN1dzkWd96+Gnwrn1YfqpDabThsKtnV0Oq18v9oBveVhP+xNgkuiGjmmsErrlUuj9Q0qKmL0S3klOWXUTT1hG+QkV+joHu2BiM6tJF9DgmmBLaxXZnGJUmxNbZ5O5UjOj4OZe3W99GpfKlUQUZkGezvrFn52IGzoouwda60lhlvDrFHcpgB9BZbhve08MXuvlHYwYCHBHksjBFbbhQI8Z+GkISTMpPiNW/+XCXkCCuWAH2ZQHmGn+0vyHXaZVG2iCTFC6 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(136003)(396003)(376002)(346002)(366004)(956004)(186003)(44832011)(2616005)(26005)(83380400001)(66946007)(52116002)(66556008)(66476007)(7696005)(7406005)(6666004)(7416002)(1076003)(2906002)(478600001)(36756003)(316002)(54906003)(8676002)(8936002)(5660300002)(6486002)(38350700002)(4326008)(38100700002)(86362001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: rqt9EYIcgPJrYt81HRwD+VfK01Qk5jhENkN/lH8iE4I3CXrdm2rfkDQxMespUApmTmgjURn2vEMO1XEyfDGZ2ewFLMzj6vE1tn2SH83A1D6LqC8hmWZBKVSM/cgqfuHgw7hLhm4QEmw9qJEcY1atAeFfx3eBCMVjR5ozcy2n/39yjSv/g2CR0W02qJKR+56m2NWUOw9WqZAIOAXDcScQo9SK/fXV9+n+Pp13YTjOZ1iKTBfuO7aAO/gbhvEBnPO3yYigo2w7Aw6lJ37GWkRlo3srTuDSauIB8JaVgUz7wsoqnexknThnoSwtcxMrLnVz+B/iYR+Y8tJb6Z/48MIKepzPN3te3Yrv7BEd9MGHofIOn/tFWNvkdC7MnnNG1McwuEUjdS3lDjJO+cToVwRMBSVZxkbPeq2f0VzDbi+CR+SisCIBDpCqT1mdjKThHrFBf2JCEOuMsw07YM1gUEkiv3MoISUFc9P0lCBRGI8ImjX+xoSyh1JuZYI8N+toCaCi1IgJW1sqPxJ4W9uvl9+xZd4TwkqbFimOKojCeM4OXraO5ms+SZMrzht8Gzb3yiA9NDj1C3/7hIuaYnuwYdbK68QLi7RT+A7KSle3nXmCYzJl6h9U97Nx7m60dxYiMKCjryWt3WYf9cmPvOM15AwzNN4r7gD1aqS1Zy338RYoI6LJM5edtnsjV8GkoHyW657Zth5kp1wbkrNBEZwlXdN9eO6RsVE66s4fAfYbWyzpmKSjVzoOgvuFGe953b76WvQR9WyATUIoxoN+K+A9whqFCNXwfXyGsAhbh6EceJN7/83V6Bu/R2bmtwuNomZanrrjvgBmumUyjXCOGOpRKZtPtdyadtFT+wIMN72W/Jda61n0NFwl72gsOVAOCkDxymbHwd4BRur4B6clxKf7IdjGMx+oWYNXathHC1SEsdiUsilLEwKd/M9k76PMX9OV9GLR2DjMMq81MIQ959FTgY2gQs+D/NE3XzhVcusWfQe+oe0jb62KkGbDh+vHk3Gs5IPt1NU8z+IrKNE63jLJ/YdHEnCD6fNZm1cqgEoQwWw9autEXFOpa/lr9UmXwKsGLeeUR2r5MPkmQEoG71Yw+qGu5HCOBzrypaQnpVHK+U7dqjbxZCupTTO/JBsRRRCnAYB7m7vxEHrU1aV5mWJP7SYQY8unnpSxd9KEo/2LXWhvXUlD+tZYRWfA1LJKY1+fhEtN2fYmRJEz49c3s/8qGwhubSLD0oCkWOW7ICxlnt87oxH1PQn6o8Dk+DJZQCyWJsr6BR7Iag+E5wdn/oNgqAU3sCsxi7T/tR82n8Q6K38D+kjTT6ez+zvUKzL3RHoLNzrU X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7ffd8ed9-d4f7-4a90-50e0-08d963f39c1d X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:19.8724 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: H7AWxP+L7UbtkmKgI1jxmYKrYvuhP0iDXOIWmIOa3WYKSrzpc30UfJ3NSgg+q/k4Fe/4D4NVnlJwxRpfchv5hA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2685 X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 1C57260019BF X-Stat-Signature: spa88yftkkj34wf593n8cybnjsnec5qt Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=yUI4jy3G; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf14.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.220.84 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-HE-Tag: 1629475223-461616 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Version 2 of the GHCB specification introduced advertisement of features that are supported by the Hypervisor. Now that KVM supports version 2 of the GHCB specification, bump the maximum supported protocol version. Signed-off-by: Brijesh Singh --- arch/x86/include/asm/sev-common.h | 2 ++ arch/x86/kvm/svm/sev.c | 14 ++++++++++++++ arch/x86/kvm/svm/svm.h | 3 ++- 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h index d70a19000953..779c7e8f836c 100644 --- a/arch/x86/include/asm/sev-common.h +++ b/arch/x86/include/asm/sev-common.h @@ -97,6 +97,8 @@ enum psc_op { /* GHCB Hypervisor Feature Request/Response */ #define GHCB_MSR_HV_FT_REQ 0x080 #define GHCB_MSR_HV_FT_RESP 0x081 +#define GHCB_MSR_HV_FT_POS 12 +#define GHCB_MSR_HV_FT_MASK GENMASK_ULL(51, 0) #define GHCB_MSR_HV_FT_RESP_VAL(v) \ /* GHCBData[63:12] */ \ (((u64)(v) & GENMASK_ULL(63, 12)) >> 12) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 0ca5b5b9aeef..1644da5fc93f 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2184,6 +2184,7 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) case SVM_VMGEXIT_AP_HLT_LOOP: case SVM_VMGEXIT_AP_JUMP_TABLE: case SVM_VMGEXIT_UNSUPPORTED_EVENT: + case SVM_VMGEXIT_HV_FEATURES: break; default: goto vmgexit_err; @@ -2438,6 +2439,13 @@ static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) GHCB_MSR_INFO_MASK, GHCB_MSR_INFO_POS); break; + case GHCB_MSR_HV_FT_REQ: { + set_ghcb_msr_bits(svm, GHCB_HV_FT_SUPPORTED, + GHCB_MSR_HV_FT_MASK, GHCB_MSR_HV_FT_POS); + set_ghcb_msr_bits(svm, GHCB_MSR_HV_FT_RESP, + GHCB_MSR_INFO_MASK, GHCB_MSR_INFO_POS); + break; + } case GHCB_MSR_TERM_REQ: { u64 reason_set, reason_code; @@ -2553,6 +2561,12 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) ret = 1; break; } + case SVM_VMGEXIT_HV_FEATURES: { + ghcb_set_sw_exit_info_2(ghcb, GHCB_HV_FT_SUPPORTED); + + ret = 1; + break; + } case SVM_VMGEXIT_UNSUPPORTED_EVENT: vcpu_unimpl(vcpu, "vmgexit: unsupported event - exit_info_1=%#llx, exit_info_2=%#llx\n", diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 5b8d9dec8028..d1f1512a4b47 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -548,9 +548,10 @@ void svm_vcpu_unblocking(struct kvm_vcpu *vcpu); /* sev.c */ -#define GHCB_VERSION_MAX 1ULL +#define GHCB_VERSION_MAX 2ULL #define GHCB_VERSION_MIN 1ULL +#define GHCB_HV_FT_SUPPORTED 0 extern unsigned int max_sev_asid; From patchwork Fri Aug 20 15:58:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449809 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 27D59C4320A for ; Fri, 20 Aug 2021 16:01:05 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id B734B6127A for ; Fri, 20 Aug 2021 16:01:04 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org B734B6127A Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id DE76A8D0017; Fri, 20 Aug 2021 12:00:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DA33E8D000F; Fri, 20 Aug 2021 12:00:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B99608D0017; Fri, 20 Aug 2021 12:00:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0169.hostedemail.com [216.40.44.169]) by kanga.kvack.org (Postfix) with ESMTP id 9DB2D8D000F for ; Fri, 20 Aug 2021 12:00:24 -0400 (EDT) Received: from smtpin34.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 53599837817B for ; Fri, 20 Aug 2021 16:00:24 +0000 (UTC) X-FDA: 78495921168.34.7CE2EF0 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2084.outbound.protection.outlook.com [40.107.220.84]) by imf14.hostedemail.com (Postfix) with ESMTP id C02ED60019A2 for ; Fri, 20 Aug 2021 16:00:23 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YDoty7w2zn73USSy1wH1YoREHasVASB5kov1YzD2deqM0QJd0VSXASLPBjRSmZ0NGmE7yiW2NqP9cWOSLGTDoC6VUrXTU0E3qj+qrtWYu2qwi85vjPfgI8FhFQNeHofL88AoH7p+IPxCaQZmCQm96IYrEjZQ9ETdy1ch9a0EWb0FSe1NEKOKcN6jvYnnIQCCoGj3GbPydyS6Ctv0fCMJOmv9Mah8l543DCzLCPWP+eTOxJpYqLqbblOlfc0PcftRotpx6AyHjO7HbGl7xF91KYt/6OJD4bq7qnO6A6MPB3SwCjzZFpjDbY8OduTGjdZB85zqCGhg48Fo13Lt/opMgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=74NFmsxSTXe6Sl6AIr89lhYMjfTp3eeb5C0yLTnVHYA=; b=JgkIKd5w/VpA54LlVfegyC1mcjdzkIG2GjEUMZ68PGK1XRjgUkYXmQnp11ZMT+pbG7H9E+Tr5da45klQDp+7HHarzEzOQXBW3Q0W98/06TsgrDwHfVk1bArC9UwrYUC6WRLdBQDnzm1+nUzA0xmyxGoW5R19JjDceYLZjpRGiH8NiTOabGMvGsYIKJUfyS/kKVXijv9zdr1ebQdygyLQQj18hDwfVBY40JzPS9N+AGKbfTAEhDFK8FQuLL140RtsNja9HKCZOJ9kM/v73mQj6+GHlx3HKG1H68t+x6RxStYDqp3cSkKKmMQK8hqZPDlD09gOG2ks7DUNuQ3G3bPdYw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=74NFmsxSTXe6Sl6AIr89lhYMjfTp3eeb5C0yLTnVHYA=; b=xmwH0mIZDY43YuwkFo3R3ZWTv+UEduMaSaKMrI8VWPGzV3Y9YpQpmz19/SHsXeyOmm7zMGaW6D3sn13azw7dI553aH7IgfdJFLpdhCCpEMgwWvcHG1QpKflH+4tM0JrgxlNfPt8OJ/DVdgBZRHJxnZNDKSsUgNnFRTxB46dPfE0= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2685.namprd12.prod.outlook.com (2603:10b6:805:67::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.21; Fri, 20 Aug 2021 16:00:21 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:21 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 21/45] KVM: SVM: Make AVIC backing, VMSA and VMCB memory allocation SNP safe Date: Fri, 20 Aug 2021 10:58:54 -0500 Message-Id: <20210820155918.7518-22-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:20 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ca41755b-49e8-48d5-bd23-08d963f39cd8 X-MS-TrafficTypeDiagnostic: SN6PR12MB2685: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6790; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: DXYMjrVd8P2lHAYu4R6pWa+IZ1Q7ncmqWwYEBu1Weg83/yITAJW0DcsPA29W5HJeXOEJMmViiikKW323RHVLv5WupwWSMyfSJnsxsf5EUyv7ntp5L/6lw/rJxxEP0WrfhmFpEl9V2hhRtSZXLweeIfeyqgPhg5Rs3JtqZU2TPZSaQOnVEmFEkhC4OQsJmrWEqWw/u8+Dqh0HoOjwOlZhsEeFREXJ1g9/JDD3mNuo+ZIgYzsG/9bqlW6vfycA9gp+qID8M/QLCUW9xdH2iKmAdK7Pk48E4G4uNLqotbFj8qu3knEI/Wg2EYDEdj0JREEz+1NrnE0h1Djy0pipJNlGjeXIAEF6co34sz3q4BkwLjiEuRY/DwskPgTkSjefqgxLnceCxsZi0KzfcjbkbKVlIWfKrMBnvCvdV8sV5n0HFmW4gWd0rNDNV2gn+WIH63rugdQntr/qqDdN+Yk1EVT+8H1GgDUVwgVUz2jKbo0hboNydFOz6d6KoFgP0tpY7HpWdRq4ZJDEwq1l1bBY4/s4wqgTXW0A6Q1JPDrL5smGmWEllOkeWT8CnK5QHIddhvyr0lUYmsAxWtYp6DpMwy36QSeFrlumXIUZlMgYE78WI1N28Af8/hO3TqOgiXtmEz7n6Ao0hO0lxHZIW84z6zPkTQHAVYxbjle+3ODqSKDjg/6LPO/SWFWNmtFV7dkLa0Nh X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(136003)(396003)(376002)(346002)(366004)(956004)(186003)(44832011)(2616005)(26005)(83380400001)(66946007)(52116002)(66556008)(66476007)(7696005)(7406005)(6666004)(7416002)(1076003)(2906002)(478600001)(36756003)(316002)(54906003)(8676002)(8936002)(5660300002)(6486002)(38350700002)(4326008)(38100700002)(86362001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: jG4cjGcDeQpvHJeQkAjvc6h1ijve2Wn3reFIGiy62EbCzsP9ZgnLJBJYekYZ9/pnHF40kA65HY6wlLxB+RTzrHQwmN7nogXjfY1qalNKwamtFIyhd25RAs1oC5+B0Jun24DtHLT5jlCThfU0Qa88kwfkJSNENLgAtE1YNmusSU7lA+Uza4p4wKQ8VFeXAm3vKYX+jswubqtXS16n8COyfQhQIVR+fKzAd61GnosbZgUcMBrQHZKW9dE3zIU1fKlOnuPs+azS37cBbnwlTKOSox3DH0jzkGNY4RShI0wXwdnEFzWsfx3pa7pJOTfAEO9+5IcC6DZV59yFriGEuQ/ne5XdaQaRTPdnFn2YF7uK2l0sdiQPWed6Hv96PKZQ/09QuEoq5iEwAEuBG8TKnaIC27O22X/oR8fgzN5EjB/99HA+k0vRBCKqX/ccRd4v7zOBq9tzIhK+lic9xMXUdcJ5jTvEdoc33HsDvi5LmydYAjIZ2QQPCCLR7dzzpvRm1lrzGoujm+kGU3xDS2sLAlvrIgsjz+AdssxftFfLsv/L7jQAuf7RT/O+lOOIHedyEneCiBpZpFZ6YeXQz3e4qq5ee8XD2SH1cVpbLuRsgVwHnQdAc26Meg1fSUwMZUcIybOjkaSk/PUqskaR550KYMGFnNBhaQkTdmlDytfvYQzxCcRPUqKnbN4NcWvdrOTupcGfysHM/4WkCKP4gDhAiQITtNCKZ/mLGcPDgaA+qhrlBD0aVsuXSH4FYP0qnrxvXhVq3MZ7TIMJC1TLWCjwmc7aXFnzTWgrZZeclHxQhlencNorHW3IORHuvGZW5IgeLygAVYq8THQMjAyv5nYBS7mxAMBY2H3SEiBNXL5DVNZkAEltvpCNFGfw0r+kRBa3ZGtbfRVTOKwozdNLPC53I7Ov1EoM4bKkL4vMIwuCCXeGyt/XGZoJgayqL/mNIiSgNleTxd1j/OiRF+9f+6zC1k/NO3ydw7wtM8D5KFx1Y/I+dI4hUsik7sbL35QLUC8/27sHG5/d4nUmqYvtaoAcXNI89zZSxtdaOXRfVpmvs8f+rywUEgDtO/EtQDNKi1eJz1y6dgtp2LJmizUZgNIdnxOOtu49mwYKp1ANlo0nb2OJvMyC0jtZgo7LY9AbtrlKWJbIBvCr+BkE92bc3xIoz5XisdpjctQCrmiViq2f9Yml6g115X+ZYG25M3OUENPTJ7ttWKokrf88CwWq5hWB1aMu46KoXpo1iyedtOE3Ok93spEdGI/U4xTin1MSjKbotKVL9xnBCEd3YwXZBCsFF/IuLpZBqh7NAhHV/2PuQ8wWCFFM3MI37WZkKdpGdmaOHCYl X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ca41755b-49e8-48d5-bd23-08d963f39cd8 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:21.1227 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: VZWehYxMbM+craAQdxSqx0sEj/TKAxaoOeU6eVQVkXQ7GYRe/amTflM2FN8FyuRg06psaecHOS5tHGi1WMuXzA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2685 X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: C02ED60019A2 X-Stat-Signature: 71c3cqx61ew9wdujhywucrctkecuzp6c Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=xmwH0mIZ; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf14.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.220.84 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-HE-Tag: 1629475223-564726 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Implement a workaround for an SNP erratum where the CPU will incorrectly signal an RMP violation #PF if a hugepage (2mb or 1gb) collides with the RMP entry of a VMCB, VMSA or AVIC backing page. When SEV-SNP is globally enabled, the CPU marks the VMCB, VMSA, and AVIC backing pages as "in-use" in the RMP after a successful VMRUN. This is done for _all_ VMs, not just SNP-Active VMs. If the hypervisor accesses an in-use page through a writable translation, the CPU will throw an RMP violation #PF. On early SNP hardware, if an in-use page is 2mb aligned and software accesses any part of the associated 2mb region with a hupage, the CPU will incorrectly treat the entire 2mb region as in-use and signal a spurious RMP violation #PF. The recommended is to not use the hugepage for the VMCB, VMSA or AVIC backing page. Add a generic allocator that will ensure that the page returns is not hugepage (2mb or 1gb) and is safe to be used when SEV-SNP is enabled. Co-developed-by: Marc Orr Signed-off-by: Marc Orr Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/lapic.c | 5 ++++- arch/x86/kvm/svm/sev.c | 35 ++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 16 ++++++++++++-- arch/x86/kvm/svm/svm.h | 1 + 6 files changed, 56 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h index a12a4987154e..36a9c23a4b27 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -122,6 +122,7 @@ KVM_X86_OP_NULL(enable_direct_tlbflush) KVM_X86_OP_NULL(migrate_timers) KVM_X86_OP(msr_filter_changed) KVM_X86_OP_NULL(complete_emulated_msr) +KVM_X86_OP(alloc_apic_backing_page) #undef KVM_X86_OP #undef KVM_X86_OP_NULL diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 974cbfb1eefe..5ad6255ff5d5 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1453,6 +1453,7 @@ struct kvm_x86_ops { int (*complete_emulated_msr)(struct kvm_vcpu *vcpu, int err); void (*vcpu_deliver_sipi_vector)(struct kvm_vcpu *vcpu, u8 vector); + void *(*alloc_apic_backing_page)(struct kvm_vcpu *vcpu); }; struct kvm_x86_nested_ops { diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index ba5a27879f1d..05b45747b20b 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -2457,7 +2457,10 @@ int kvm_create_lapic(struct kvm_vcpu *vcpu, int timer_advance_ns) vcpu->arch.apic = apic; - apic->regs = (void *)get_zeroed_page(GFP_KERNEL_ACCOUNT); + if (kvm_x86_ops.alloc_apic_backing_page) + apic->regs = static_call(kvm_x86_alloc_apic_backing_page)(vcpu); + else + apic->regs = (void *)get_zeroed_page(GFP_KERNEL_ACCOUNT); if (!apic->regs) { printk(KERN_ERR "malloc apic regs error for vcpu %x\n", vcpu->vcpu_id); diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 1644da5fc93f..8771b878193f 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2703,3 +2703,38 @@ void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) break; } } + +struct page *snp_safe_alloc_page(struct kvm_vcpu *vcpu) +{ + unsigned long pfn; + struct page *p; + + if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + return alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); + + /* + * Allocate an SNP safe page to workaround the SNP erratum where + * the CPU will incorrectly signal an RMP violation #PF if a + * hugepage (2mb or 1gb) collides with the RMP entry of VMCB, VMSA + * or AVIC backing page. The recommeded workaround is to not use the + * hugepage. + * + * Allocate one extra page, use a page which is not 2mb aligned + * and free the other. + */ + p = alloc_pages(GFP_KERNEL_ACCOUNT | __GFP_ZERO, 1); + if (!p) + return NULL; + + split_page(p, 1); + + pfn = page_to_pfn(p); + if (IS_ALIGNED(__pfn_to_phys(pfn), PMD_SIZE)) { + pfn++; + __free_page(p); + } else { + __free_page(pfn_to_page(pfn + 1)); + } + + return pfn_to_page(pfn); +} diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 25773bf72158..058eea8353c9 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1368,7 +1368,7 @@ static int svm_create_vcpu(struct kvm_vcpu *vcpu) svm = to_svm(vcpu); err = -ENOMEM; - vmcb01_page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); + vmcb01_page = snp_safe_alloc_page(vcpu); if (!vmcb01_page) goto out; @@ -1377,7 +1377,7 @@ static int svm_create_vcpu(struct kvm_vcpu *vcpu) * SEV-ES guests require a separate VMSA page used to contain * the encrypted register state of the guest. */ - vmsa_page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); + vmsa_page = snp_safe_alloc_page(vcpu); if (!vmsa_page) goto error_free_vmcb_page; @@ -4539,6 +4539,16 @@ static int svm_vm_init(struct kvm *kvm) return 0; } +static void *svm_alloc_apic_backing_page(struct kvm_vcpu *vcpu) +{ + struct page *page = snp_safe_alloc_page(vcpu); + + if (!page) + return NULL; + + return page_address(page); +} + static struct kvm_x86_ops svm_x86_ops __initdata = { .hardware_unsetup = svm_hardware_teardown, .hardware_enable = svm_hardware_enable, @@ -4667,6 +4677,8 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .complete_emulated_msr = svm_complete_emulated_msr, .vcpu_deliver_sipi_vector = svm_vcpu_deliver_sipi_vector, + + .alloc_apic_backing_page = svm_alloc_apic_backing_page, }; static struct kvm_x86_init_ops svm_init_ops __initdata = { diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index d1f1512a4b47..e40800e9c998 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -575,6 +575,7 @@ void sev_es_create_vcpu(struct vcpu_svm *svm); void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector); void sev_es_prepare_guest_switch(struct vcpu_svm *svm, unsigned int cpu); void sev_es_unmap_ghcb(struct vcpu_svm *svm); +struct page *snp_safe_alloc_page(struct kvm_vcpu *vcpu); /* vmenter.S */ From patchwork Fri Aug 20 15:58:55 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449811 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70F65C00143 for ; Fri, 20 Aug 2021 16:01:08 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 1E03E60ED3 for ; Fri, 20 Aug 2021 16:01:08 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 1E03E60ED3 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 92B868D0018; Fri, 20 Aug 2021 12:00:25 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 902138D000F; Fri, 20 Aug 2021 12:00:25 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 72D4C8D0018; Fri, 20 Aug 2021 12:00:25 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0101.hostedemail.com [216.40.44.101]) by kanga.kvack.org (Postfix) with ESMTP id 57E4E8D000F for ; Fri, 20 Aug 2021 12:00:25 -0400 (EDT) Received: from smtpin18.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 0407E2CFF0 for ; Fri, 20 Aug 2021 16:00:25 +0000 (UTC) X-FDA: 78495921210.18.C249CAD Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2084.outbound.protection.outlook.com [40.107.220.84]) by imf14.hostedemail.com (Postfix) with ESMTP id 6C1586001AA6 for ; Fri, 20 Aug 2021 16:00:24 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PUPxAhhaMWHzmLHVWraN41kLp0+4wsegbmDJvSBcPMuwFHgyGh0Y1UgYQQ+8H9qrhsGdBRRSp4YoukJsyTArQJmVTW78pg6cBGcrcSW3rmy3CTG3SXxNRyrp9sxgm3i2mnyY6p2fHFSjI6RsexiWn6Y3ZUSgCU/MgaFHiaiFH1Zj+oRQVmYBoX1a6mtgstKi8/MclL4B3pNobG4UdjQ5ymZ6TwBGlEe4yptlmePQwQA7bvKHAE79g/mcOa0VXZyS+TALm6zSkybITKi5JAhIs4z/EfdlmisXFmLqXysBzFV7z1XIHmWYb2Md+Rs18lhzTPD+ijKEYcL5ezQAObPwAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZekUPhhoSKgdDUh9PZTD4TSQ/T7uPzlK2HoQ6XScw8k=; b=h/U60qUnrg7YHXYlBJMYPFs0m+T+GpQXfnFxqJrydndM15GWetSoVkxrMa0puFrLRGa2ZH6Ol7UHGTaBcqat2735ytes8ksFBcLnSXDG37PLTU2KKs+8LjkYEN255lcNf1s/oOaduGI2pD/97BVgmhGSj8HiLBDIezbDYAu/xoEDl9HrqIYEsI7MNDVt5OWXhCOJ49UmXFwxF3qRXK9DrKCrbJpIk9xqNaedLJmpX3ftiuKw91j9NseFLDa1N3/GYHG6nLZEFUUNc2aB0IAixA+6WpJ0sE7jRPAs1yExCFMQxtVDjkyZW8th9wRllYteCuiO7Mbgbd117n2UwOVDDQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZekUPhhoSKgdDUh9PZTD4TSQ/T7uPzlK2HoQ6XScw8k=; b=n+aV0i/LFdkUcCONy8QFuVWv2JpK1qrKnhb+PULnsxJCD3rMAPTTxqnIsJ711z2mvFx99R8IUGmLRo6kdRgZbfQlGflW8XUUa1vHYyyV0zB+JHjLfTMFcHI4C5HJs1fA3u5L+5hGby41eGd9ML4ERUcBq5NXaQg5iIKsacQ4xLQ= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2685.namprd12.prod.outlook.com (2603:10b6:805:67::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.21; Fri, 20 Aug 2021 16:00:22 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:22 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 22/45] KVM: SVM: Add initial SEV-SNP support Date: Fri, 20 Aug 2021 10:58:55 -0500 Message-Id: <20210820155918.7518-23-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:21 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 08c6d96b-2cab-44e0-d77e-08d963f39d8c X-MS-TrafficTypeDiagnostic: SN6PR12MB2685: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2399; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: vXnWS1BXu904MvBq0iyeivaV/ILSTF7HSTKK7WoDdoumuFpbfJ9WcShUEgg4X36F+AFCj86iSrU37pyjd9nN7p7rghSPAC0wFaP8kCiya11DPhSdcYjsbPbQW+a2ngpIf6DgaeTKrrvcoMI8GFIKxQWlmrmnGvNoXnbCMq0c8wZdxXVDWNyROayKU3DBhgVNYh1TBK6rhAoxm60rQKHjqM+boaLApT+d2kNNjMSnj8I/e6FOeiCkgV/kNBOIz6/R9+sAI05PFXVzC0ZOPYXa5DlP5OmouxZcCD5OgOdoF/5E/jAAVjdJt6DysQuhRSq6ncKrqO3p6DonwoFLlIPkLOcOZHxmkGZr2MAiTR4II631/VbUYCgDKOFR4+NXqjwX910r6dbVriaTTPwXSDiZngw+79SAPwPyjoKEGx85tnE3LGS/trbv8P8iTMnuJnkXfj/6iCyIrgun0x4U+EJViX3eZYXWLDZepf5cwRzU4YM6hCKK17pZTptXYEuWc5qQXwcabl35RqIgT6EQudcIizhhGheULIp5LIGQ1fOgCsjLYSPMjqPrlxJ8aNppStRNqnn8AkKy/cuJEJ7Gsb1KNCdp+/yMngxbm2Xoz9zNzt05PnYDzP2uCB7WrGt3HMadj/FiPBNqOCvrXxbMGUCUzMbdv3YPZ15fIV46SptrbwdebCezDdCJS7wd5sVTQRYIZvxnv2qcqcgJuX/0H8AYag== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(136003)(396003)(376002)(346002)(366004)(956004)(186003)(44832011)(2616005)(26005)(83380400001)(66946007)(52116002)(66556008)(66476007)(7696005)(7406005)(6666004)(7416002)(1076003)(2906002)(478600001)(36756003)(316002)(54906003)(8676002)(8936002)(5660300002)(6486002)(38350700002)(4326008)(38100700002)(86362001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: AYWgZFVDOsy4VSRU2o81jCcRCISnnHwn31w2ViROJjMCVvi54VgFnuXXFlTAWRBANEllxEAaAI/A7i4Lb843KksGjWIDs9hVdyCKiK4cTArnfReGlr6oqt0oMG0J0jqGMP7BKh+J5tHtLHRcTg6BbaSSOwO30PxLsRn64SfHsrcbFWOnC+gFl3lm41+hkxGITjnfX4t1XtfJhkeK8Dntf9ObCS+Wf+Cont4RMr/JQkOz5OE1vBWURvAe7/gksFlJ/9dLjdgZuPTdxXhLu76dGBI0oBlTzEU4CSCV5k5vqczOgk1H98QnxM0zOdntlXXU6z3u47BWFgirR7geHqE0beiLX8Ub4Of97voY+st/FoOE1snwVcixi5i9D1MoGjWHxdztRSEbvTMOTguYD4gW9R+jW6A+q+5mK+3AkP2eg0Wj2qXQGf/zaRp7NIlZna+GWqZtiZp6dD//6W69AOQmPcS5AG8seF53B9bVk+yasAu9cQ+/K8CfqieXubW22u1wrXoD2aTvfz+itZoo2+hvH0sHRcMhwVDbQ18Mj+o+wIDAq1qa3DKlEhdS9aBGZehRQhyWUz/cTnsSuiuhuqiLfnct6EOd3ne3lW4bjJTvg7pe8ZJgoH0KvguG15SuJ6b/VIHVbjkbbNxmSKlJNKvsyd3w14mtn3J9xIL1Duspzac5qmXyaVbw+5OdgOOL2NX1olkmLoyg0KRIV20UBy4/RrgX/p0sY68Xq+5yimaYIREznCPqDqfsrr3PjZdVab/mX1E6xB3oZKRbDNh/jkyl+R8jPWiPuhrfVSTYiRCj1iuwCk7s0Y2pbbAUE38QGZPN3UaXzQ1v0jMLDRUAuuZy7f0XEKBArhTQ0p8ugVdv1qv3voMBEQIa5R7m/zbiHn7AJWRDTEfnDP9brVYbZjViZgIVDccwJUZzWhJ7Bsj+ydQPjTMIkBDODuHii0KTnX8LjlxrDr2AhPrLQBioZbjh0EGXSE+B4eEYHboSS92OZwjQ7nloZqItpH+PNfItezAqnBlvn/+VQzD57TX+ZS87oMS3kbuzDf3VZeLy2S0kmtmg94XDKd/KsUBYIzr3uwzyaJhZMBQQdS15XgEpUyEshuwP0ZFIpXi2or4JTueW6XC1uYgQILgS12as4e6TqOAui6zz/FvAcEciumA8kvUqT9YZNmCGkZxy12ekXfTVptbUkg9jVv8IQp9ZtR21KZd+SSidUOi9cPvvrebfnWs5NyQRRbYP/NjWwiJr82CDGgwSIN6yIqMuncHg0mO7pritTVobIbsJCtaDtNa7frzGStStPAbWo6vGjCzy1N2BAvzW+6J94pylLFwVoURkGBBY X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 08c6d96b-2cab-44e0-d77e-08d963f39d8c X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:22.2990 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: +vX8aG3Z6zxgFNoEiJ3SiyXLMUYx3Fqh4AVfEXXCs+x4cAtShItVYGo2Z2FVxywdXSjq6xdg+xVBgeZ23zzjLQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2685 X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 6C1586001AA6 X-Stat-Signature: 1e1zmexym3qqe8bhdxf6hhujfahaz4tc Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b="n+aV0i/L"; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf14.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.220.84 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-HE-Tag: 1629475224-631888 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The next generation of SEV is called SEV-SNP (Secure Nested Paging). SEV-SNP builds upon existing SEV and SEV-ES functionality while adding new hardware based security protection. SEV-SNP adds strong memory encryption integrity protection to help prevent malicious hypervisor-based attacks such as data replay, memory re-mapping, and more, to create an isolated execution environment. The SNP feature is added incrementally, the later patches adds a new module parameters that can be used to enabled SEV-SNP in the KVM. Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm/sev.c | 10 +++++++++- arch/x86/kvm/svm/svm.h | 8 ++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 8771b878193f..50fddbe56981 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -58,6 +58,9 @@ module_param_named(sev_es, sev_es_enabled, bool, 0444); #define sev_es_enabled false #endif /* CONFIG_KVM_AMD_SEV */ +/* enable/disable SEV-SNP support */ +static bool sev_snp_enabled; + #define AP_RESET_HOLD_NONE 0 #define AP_RESET_HOLD_NAE_EVENT 1 #define AP_RESET_HOLD_MSR_PROTO 2 @@ -1836,6 +1839,7 @@ void __init sev_hardware_setup(void) { #ifdef CONFIG_KVM_AMD_SEV unsigned int eax, ebx, ecx, edx, sev_asid_count, sev_es_asid_count; + bool sev_snp_supported = false; bool sev_es_supported = false; bool sev_supported = false; @@ -1896,12 +1900,16 @@ void __init sev_hardware_setup(void) if (misc_cg_set_capacity(MISC_CG_RES_SEV_ES, sev_es_asid_count)) goto out; - pr_info("SEV-ES supported: %u ASIDs\n", sev_es_asid_count); sev_es_supported = true; + sev_snp_supported = sev_snp_enabled && cpu_feature_enabled(X86_FEATURE_SEV_SNP); + + pr_info("SEV-ES %ssupported: %u ASIDs\n", + sev_snp_supported ? "and SEV-SNP " : "", sev_es_asid_count); out: sev_enabled = sev_supported; sev_es_enabled = sev_es_supported; + sev_snp_enabled = sev_snp_supported; #endif } diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index e40800e9c998..01953522097d 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -72,6 +72,7 @@ enum { struct kvm_sev_info { bool active; /* SEV enabled guest */ bool es_active; /* SEV-ES enabled guest */ + bool snp_active; /* SEV-SNP enabled guest */ unsigned int asid; /* ASID used for this guest */ unsigned int handle; /* SEV firmware handle */ int fd; /* SEV device fd */ @@ -246,6 +247,13 @@ static inline bool sev_es_guest(struct kvm *kvm) #endif } +static inline bool sev_snp_guest(struct kvm *kvm) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + + return sev_es_guest(kvm) && sev->snp_active; +} + static inline void vmcb_mark_all_dirty(struct vmcb *vmcb) { vmcb->control.clean = 0; From patchwork Fri Aug 20 15:58:56 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449813 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 26B1CC43214 for ; Fri, 20 Aug 2021 16:01:12 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id BC6B960ED3 for ; Fri, 20 Aug 2021 16:01:11 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org BC6B960ED3 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 0EEEF8D0019; Fri, 20 Aug 2021 12:00:30 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 04FD78D000F; Fri, 20 Aug 2021 12:00:29 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D4A3C8D0019; Fri, 20 Aug 2021 12:00:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0127.hostedemail.com [216.40.44.127]) by kanga.kvack.org (Postfix) with ESMTP id B57E48D000F for ; Fri, 20 Aug 2021 12:00:29 -0400 (EDT) Received: from smtpin27.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 6BD42184C0758 for ; Fri, 20 Aug 2021 16:00:29 +0000 (UTC) X-FDA: 78495921378.27.7FCD5EE Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2054.outbound.protection.outlook.com [40.107.220.54]) by imf18.hostedemail.com (Postfix) with ESMTP id C488040020A8 for ; Fri, 20 Aug 2021 16:00:28 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Rcs3yvXKOOY5krGLR52eEpURns+525y5rn7duXllN9NF0Y6vTpIh9qCLb76tDdNpBhItGdLCX66CvBYLjTX2mPzkVNmCSPkPU3i3zRWKrmOxybopcV5/4PXczpvjlViAtVVtUGkRKsxhbBh+NxbJyZvD3daO4teV0rGlQ+Gad4FcnrSGKfbGtJD8V9X8DheTJWUmQhlwWccZmrbH9TIa1cEfMMQkpNhJLjRnCtXtresZxuX4CwoVa9dUzPQJPoX8kVbSmJ8cadoqRjgsnWM93PmJmQSJ960FI0RruCCbHbUo0BA0adlAyXwUmnr5n3YzI321CeBEtT0dHdNCI5Sd4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jlJcvYVaiMD/JLeTyfBRvK66K4Ki94b7fyfP1H7TJ80=; b=TI07HdjO0JpM+IWilWOFb3XH4x4HNbvGwWLG9fGuPndjMr1h92G5cs+q1Y3X42pfSG4jzWJm45tRLDiALnN8iTkzHIdotLWVN6YRGNJZITwiZh4cUiItRABkD9fxej5VQZyFVA3HKdDEuWaBx/NjPxq2saNNPYIA1/Clwc2Ivq5mMluvVHxYfq4kTvK+l2c2TMsCXJ5vOn+WNnGw4svyLHWzHpwoZl2EvroUB/UF4yRk3kd5M90rjvcoGzR4yqMmrWIJJnINwsEVTJwtpaKW9Ifnzw6G7RZDo09hP2rlnV+YD45BK4BYWVn38mWADy3otkqpLVHAXSSF5Hjg83qySQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jlJcvYVaiMD/JLeTyfBRvK66K4Ki94b7fyfP1H7TJ80=; b=CNJGhwg3tuF4YZKuatKfRqRYX1VqHXIfqqt5AdMrFOaKnolWljgaVDKNEqiC1ImBSeLuxcc/KRDISC+vjkxnJ8AEEPg3Uf6TPuUs6yaogu+l8Uwm42SUEneXrAGrNJURMZZU5zrq8o+1wT8zXPtyM0rqsyWnAyJuzBH8en7vzJE= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4574.namprd12.prod.outlook.com (2603:10b6:806:94::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:00:23 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:23 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh , Pavan Kumar Paluri Subject: [PATCH Part2 v5 23/45] KVM: SVM: Add KVM_SNP_INIT command Date: Fri, 20 Aug 2021 10:58:56 -0500 Message-Id: <20210820155918.7518-24-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:22 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ace43b19-b5a6-4fb5-7841-08d963f39e42 X-MS-TrafficTypeDiagnostic: SA0PR12MB4574: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: dO7eQHXX0LddXgVsYWJiF/dpQ8bHvbQJ0nMe0jiQROkDQ203ndzvo7jIL8yiD4u/Z8EbbVqIUkOzB0nz6FTK7HPMYf4nHmavPY6NkSqZFFxxPxThwLGVURWFOLfkCJLWeH31SbgdwTFhM+VBEjXJ2gQJSz3RxmYxsUN4M6s+PdwvfAK4CUlwuJk1ZPQlFhkO4QJKlAiAb03yaJ9QUldOATMHtnmhuqiOOgMbUHBEopNv7UVLcxpGojTTcGh2TF+kuwYBpKcL6ojAQVbj5yauDL59yFV9SgG8lKo3S6lF6EutEL3IeYk10gdqaQ3cTRkAnSA/wyPYVkeCJyrYyidPbSOu6mbKbjwHL8iXoQp1tVPw8VQm3vs5ZV+Ry/GNKD49s2E7tfECPxRqcQJON/snojnqBb+PmZtxaOEavhQgSnM8OEizcqYXgYjkEBtWIUFE81hkt10BwUS5nLqYdbM2sNYxOm8aYSaAFhLZkG80SMuDFs533YZ4ONOB0ejARXCspKZJ/CO8sE6FInGaLGfS3wFdHDiCvUKsJ60ThiYv2F4UXA0jDrMOe4yr4QJB4ZX81y1yBBYPv+EWIfS/QTqoTI1UBK+zBaNhvhD7MUEAiegU++SWEUZvM4j40gy8dKa79Gss4LIPkWKNMLfyuj6EAzfKDlP9qmco8f5wyrWnfBe93NVigbEySciaJ5/TQxjzbwivFrtaQYFRa6uddIgi5w== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(376002)(396003)(346002)(366004)(39860400002)(1076003)(38100700002)(316002)(38350700002)(5660300002)(26005)(44832011)(4326008)(66556008)(54906003)(7416002)(7406005)(8676002)(66476007)(86362001)(66946007)(6666004)(2616005)(956004)(8936002)(2906002)(36756003)(83380400001)(478600001)(6486002)(7696005)(52116002)(186003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: CxNfI7jw3+8E0wtzJ6Z8chBIBcpqhLr4Joko9WESYCkWIFSn/m7TiycEkl4OjTcfNoc2h3XVZPJM1fQ4T0gVIROlmbqnHGCix2qqf3102/QNrRUxPfdpzi7QUFXLPpnv/Grwan6sLq9fSce4kF1yHKhBpDEInrRsgdY8ZN31Uoms/p++AvFmssU1790n3ENuLKjgJhJD+8rVGiUOoTNglOULO7Qn/IYjKvlPubeb9v0S/LZm43r9WXb1fhSPf6u+0FhLEbUeGMJVCqXVVq4xbbkKfQwTuvH89H3Wu4I2Jnv68SBvumUNpIPrbF9OX/YLkKiG1GYwB/gFp08Oy+9MfS4RzdyjKYy4ygOnOXZmtoNhRF3O360ASX2vBs4rHe5aJLLbJKtjY+DakK7wrrS7otRoyWhS8Ayv7hMlFlcLa0Vf5lgsnphJih31lPalbkaiqB7XOVKMdM+usFg2DDEGxksljK9TPd6pcIDk+m70EGBV9oYydchAdO0wsbn/Ns68lTSIA1pmNxR0Vr8L4hIRfbbyLRAIptySRC11zVjuqUllYHNkkAwhUMTlBwt6nkJKAdCbkgfzUtq4NIwPA3HuiCE61W9HiuoHtdwPep01mDenhbX/pXHZgE7TQSDvAFo/0FKI1gRSzE0f7UWijotaZkdrvHhTpVpjgzdnWARM5zTWbLcN7zwoDbZvM201PrhPCvJu5RX1TPejy+M7HufGCa801y7LEwxhOJzOUkv7nybPplPpEelMjSfKaRXXJdyJWy2hOq22auLeCgxBGPkBXOqCFz6aWHv7UTpwSsiHoTdPvgrkX8RohpxIEcPfurCzLhmLyUYytCz1J5hNLiH0b6vO5LhTQQ8zX7yMaUBZzY7Z02CT6H9t+mn9vmcNNPMl/jYAtL0aOmDGa1Qhksdt0vmUjEFolhO95i9iF6LRBE9jZ/UFHpUksYULbVL8H2qwZIr+UITW8FT+UWkGHhtfIH01wHSCNJfVOXKz+85jo9f2CfCWqNbrvTHXE0w84ZDoMTLZSbnwVOuycVqt7q5+iHj/KhuwLag/LhQRqiC8zRMlYWHB8JnVuTBU01Lz3xLv8AS9JA7HqpoNBevqcAbuImBICU9bc9Z7+RxBLPXGnTLWnMxiF4t1rc6oRt4yywkyQ1ttwgyN4il2qpfJDLHtXLBdZGUHu1TLINTKS6DKC4chgA76EneK43yotIT/F8ilJpi6qWMHrpwyW0FRBlGpEHrmfpwlxGoxRUrJngQybGrq+pxxQttjRDf3mEoiDMJan8suJhSpIOf8EsC6kpeNu/XfWpS5cz9rzn7pTFwJttiXqZZuyq7BzrsvYZKea7k1 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ace43b19-b5a6-4fb5-7841-08d963f39e42 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:23.4673 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 85iCzkdOEsgf1rp90/pRtHM0KYsHScXuJYU7oL9ES7cHNIoX+nhyY2o6fe1KvQtbJRzUH2Zcg+nXCNiEEkkh9g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4574 Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=CNJGhwg3; spf=pass (imf18.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.220.54 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com; dmarc=pass (policy=quarantine) header.from=amd.com X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: C488040020A8 X-Stat-Signature: crbnz8qc4o1gwni9n7k5doe9rbmjyo45 X-HE-Tag: 1629475228-552630 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The KVM_SNP_INIT command is used by the hypervisor to initialize the SEV-SNP platform context. In a typical workflow, this command should be the first command issued. When creating SEV-SNP guest, the VMM must use this command instead of the KVM_SEV_INIT or KVM_SEV_ES_INIT. The flags value must be zero, it will be extended in future SNP support to communicate the optional features (such as restricted INT injection etc). Co-developed-by: Pavan Kumar Paluri Signed-off-by: Pavan Kumar Paluri Signed-off-by: Brijesh Singh --- .../virt/kvm/amd-memory-encryption.rst | 27 ++++++++++++ arch/x86/include/asm/svm.h | 2 + arch/x86/kvm/svm/sev.c | 44 ++++++++++++++++++- arch/x86/kvm/svm/svm.h | 4 ++ include/uapi/linux/kvm.h | 13 ++++++ 5 files changed, 88 insertions(+), 2 deletions(-) diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst index 5c081c8c7164..7b1d32fb99a8 100644 --- a/Documentation/virt/kvm/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/amd-memory-encryption.rst @@ -427,6 +427,33 @@ issued by the hypervisor to make the guest ready for execution. Returns: 0 on success, -negative on error +18. KVM_SNP_INIT +---------------- + +The KVM_SNP_INIT command can be used by the hypervisor to initialize SEV-SNP +context. In a typical workflow, this command should be the first command issued. + +Parameters (in/out): struct kvm_snp_init + +Returns: 0 on success, -negative on error + +:: + + struct kvm_snp_init { + __u64 flags; + }; + +The flags bitmap is defined as:: + + /* enable the restricted injection */ + #define KVM_SEV_SNP_RESTRICTED_INJET (1<<0) + + /* enable the restricted injection timer */ + #define KVM_SEV_SNP_RESTRICTED_TIMER_INJET (1<<1) + +If the specified flags is not supported then return -EOPNOTSUPP, and the supported +flags are returned. + References ========== diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 44a3f920f886..a39e31845a33 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -218,6 +218,8 @@ struct __attribute__ ((__packed__)) vmcb_control_area { #define SVM_NESTED_CTL_SEV_ENABLE BIT(1) #define SVM_NESTED_CTL_SEV_ES_ENABLE BIT(2) +#define SVM_SEV_FEAT_SNP_ACTIVE BIT(0) + struct vmcb_seg { u16 selector; u16 attrib; diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 50fddbe56981..93da463545ef 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -235,10 +235,30 @@ static void sev_unbind_asid(struct kvm *kvm, unsigned int handle) sev_decommission(handle); } +static int verify_snp_init_flags(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_snp_init params; + int ret = 0; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, sizeof(params))) + return -EFAULT; + + if (params.flags & ~SEV_SNP_SUPPORTED_FLAGS) + ret = -EOPNOTSUPP; + + params.flags = SEV_SNP_SUPPORTED_FLAGS; + + if (copy_to_user((void __user *)(uintptr_t)argp->data, ¶ms, sizeof(params))) + ret = -EFAULT; + + return ret; +} + static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) { + bool es_active = (argp->id == KVM_SEV_ES_INIT || argp->id == KVM_SEV_SNP_INIT); struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; - bool es_active = argp->id == KVM_SEV_ES_INIT; + bool snp_active = argp->id == KVM_SEV_SNP_INIT; int asid, ret; if (kvm->created_vcpus) @@ -249,12 +269,22 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; sev->es_active = es_active; + sev->snp_active = snp_active; asid = sev_asid_new(sev); if (asid < 0) goto e_no_asid; sev->asid = asid; - ret = sev_platform_init(&argp->error); + if (snp_active) { + ret = verify_snp_init_flags(kvm, argp); + if (ret) + goto e_free; + + ret = sev_snp_init(&argp->error); + } else { + ret = sev_platform_init(&argp->error); + } + if (ret) goto e_free; @@ -600,6 +630,10 @@ static int sev_es_sync_vmsa(struct vcpu_svm *svm) save->pkru = svm->vcpu.arch.pkru; save->xss = svm->vcpu.arch.ia32_xss; + /* Enable the SEV-SNP feature */ + if (sev_snp_guest(svm->vcpu.kvm)) + save->sev_features |= SVM_SEV_FEAT_SNP_ACTIVE; + return 0; } @@ -1532,6 +1566,12 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp) } switch (sev_cmd.id) { + case KVM_SEV_SNP_INIT: + if (!sev_snp_enabled) { + r = -ENOTTY; + goto out; + } + fallthrough; case KVM_SEV_ES_INIT: if (!sev_es_enabled) { r = -ENOTTY; diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 01953522097d..57c3c404b0b3 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -69,6 +69,9 @@ enum { /* TPR and CR2 are always written before VMRUN */ #define VMCB_ALWAYS_DIRTY_MASK ((1U << VMCB_INTR) | (1U << VMCB_CR2)) +/* Supported init feature flags */ +#define SEV_SNP_SUPPORTED_FLAGS 0x0 + struct kvm_sev_info { bool active; /* SEV enabled guest */ bool es_active; /* SEV-ES enabled guest */ @@ -81,6 +84,7 @@ struct kvm_sev_info { u64 ap_jump_table; /* SEV-ES AP Jump Table address */ struct kvm *enc_context_owner; /* Owner of copied encryption context */ struct misc_cg *misc_cg; /* For misc cgroup accounting */ + u64 snp_init_flags; }; struct kvm_svm { diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index d9e4aabcb31a..944e2bf601fe 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1712,6 +1712,9 @@ enum sev_cmd_id { /* Guest Migration Extension */ KVM_SEV_SEND_CANCEL, + /* SNP specific commands */ + KVM_SEV_SNP_INIT, + KVM_SEV_NR_MAX, }; @@ -1808,6 +1811,16 @@ struct kvm_sev_receive_update_data { __u32 trans_len; }; +/* enable the restricted injection */ +#define KVM_SEV_SNP_RESTRICTED_INJET (1 << 0) + +/* enable the restricted injection timer */ +#define KVM_SEV_SNP_RESTRICTED_TIMER_INJET (1 << 1) + +struct kvm_snp_init { + __u64 flags; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Fri Aug 20 15:58:57 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449815 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0AB75C4338F for ; Fri, 20 Aug 2021 16:01:17 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 9A7DC61288 for ; Fri, 20 Aug 2021 16:01:15 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 9A7DC61288 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 693A78D001A; Fri, 20 Aug 2021 12:00:32 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 61C9C8D000F; Fri, 20 Aug 2021 12:00:32 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 446F48D001A; Fri, 20 Aug 2021 12:00:32 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0189.hostedemail.com [216.40.44.189]) by kanga.kvack.org (Postfix) with ESMTP id 230E68D000F for ; Fri, 20 Aug 2021 12:00:32 -0400 (EDT) Received: from smtpin22.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id C66BE289F1 for ; Fri, 20 Aug 2021 16:00:31 +0000 (UTC) X-FDA: 78495921462.22.F9F203B Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2051.outbound.protection.outlook.com [40.107.220.51]) by imf03.hostedemail.com (Postfix) with ESMTP id 384DF3001E00 for ; Fri, 20 Aug 2021 16:00:31 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Uz1+nCk3CYcM19427Br6DD9a4NHvbQTZtONY+C3d3ETFidSBNstLd6h9RgKvGn2RAtKDNYpnYi4KEDk7VXQ5N6MiTFvcbwHKEO4Tr3nZ0nSOQuMgywS1+XBzZBpWxIakEwlUzrp186CqacoB2hFODpj4RVwUaKnnSecIf1hVL9FWhrM9wevcFaNnUeTrnNsNGJh8K9EjehRtZjp7Qanq349xgvbJpvuqlJgdg2qUGyEEPJNFtOOho7IltVbLwbVgNeMUiXAftgBoVSnK0CI9YxzxD16D/3PokdzHK9zNCJWiGQWaub5EWTUeIqF07r46BvnphRC3rUJ0SxenC1+Feg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iqaEi1VL7oW9ugkrxVDLVhl/9Js0PWrpstIMbzNj2aA=; b=OzSfvAtnUj3dNY/+uOzbvxu6sElAiIDYoF7mgppaf1XQC/3cCiyuqFdzX2SQYZ4RUkhC65shAiNYfYE+EvZi2sI/zZfn9AuC2O6gKuOMhoax5w6G+S/pYucKnndL8mMmcbi0CoMd9AXASAPRxu/ZxIDwcbdB9S6U0evmmo2jmuLwXy2c4umSlYlMROr7od4Vdu8Ovdv2QgxTizNm4ggTSS5z9/L3IJ5hRv+cKImU6D/pSyQKI6xmGRS2VbNfaq4rrac/kXVGLmTheoRzuAFSx+TMilxvUmDidpls5L3+hfU1TrFZH01pzqSPsx/FCRTbVpGFwbrF3EGVKuj+sQThmw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iqaEi1VL7oW9ugkrxVDLVhl/9Js0PWrpstIMbzNj2aA=; b=ZBUbmWjfO5r+Z2gn0NVXyFGhZplOR71jkyO+ytd+o3d/o0D9UnBlpK9yE0YUVaxEnHpE43WaYpotLIl7B+oXMaBj8FDnVK0X/z4R+1uNwTm8nxnN9EAoHP4rY2+iD9MWXd35XZOlsdsI0fzQfLgJPT+Zbe57MDzfILX0D8sNptI= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4574.namprd12.prod.outlook.com (2603:10b6:806:94::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:00:24 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:24 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 24/45] KVM: SVM: Add KVM_SEV_SNP_LAUNCH_START command Date: Fri, 20 Aug 2021 10:58:57 -0500 Message-Id: <20210820155918.7518-25-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:23 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8b6e502b-377d-49c6-3b8f-08d963f39efa X-MS-TrafficTypeDiagnostic: SA0PR12MB4574: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Ch5BBSy7fo13I5NJjvudWq29T1+VGzPhk1Q31lh0H1Cf01yAhRxnIIHIHnaKVjptm+9UvoGr5G/tEYiMPJt2v70C7IZ59z8y3myFTs4bjTyMJ/jAPTs2sYyEPqLBHvYyMVT/T4UHTyPGyNwMOOfpEvZnNyLrHs/cNVZT5HFhI4J2+AHYWPKtBrHfYu1SIm2CQ5HTct3CCS25Yq5WdQWeBIR+G18l/gbjHZ9QqEcapL7ujM/I6eVylA79KDpYL2nVzSGB3JH6csT7Bo5PMjSaZGMEW82pDxu9TdxAn2OEmLrytDUBYVdQyGSMiyzkxJX2u0eyciYWFZlg5DSNTSUsgLWDjgqS7gMSs3/wl+UFRYwdfpeC6AEyh2KPoLPRLpbtAgEwiWrxVx9syKbI5EkKdmkdU2BRllsKkx8VTdU/jr0fY5iPbwn5dSn+p7Wdl8qmQoMPdaV3YQxWYVCEW4v/fzWLsguOQL+OSwzQGGu3jrT0rJaOhyjRTRi15AbecrT5HQK0UFNrSMKWwr6xvIL/OaE4xccZRkCSbDvYrK+KteWG8fskosv8/Ql3G3K2iyu1tWbdVk1UKMsv/IaR9XxuglZBsBquHVWMvIaKPeudDUtMia68+yxykrKEiLff1emBy/gN10pj9+WJK0kgLpcgYLgp1cU+wLTQyM+Bf1qVUUnVp8QsJDLxzooJSvxWAyvte5jZ5rAdyiTHIUYas789OA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(376002)(396003)(346002)(366004)(39860400002)(1076003)(38100700002)(316002)(38350700002)(5660300002)(26005)(44832011)(4326008)(66556008)(54906003)(7416002)(7406005)(8676002)(66476007)(86362001)(66946007)(6666004)(2616005)(956004)(8936002)(2906002)(36756003)(83380400001)(478600001)(6486002)(7696005)(52116002)(186003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: nttLCe0wJi38nC6ZdpqBSazkURpdkqqc+JvR85o/Wvxpok4WZaEekPQsdFjQF7Oljg56SAoWWUykxzQ84oevNy5kO0zWKxEqKQthADTCfvDBJHe2vnGv3YPKfCF1KEpHoqeJRIbre1jHUNmm0kkK8duKnRZ3U0Fk8OIgUQoH0re2RupNNuSsdf/u8789FqvqExw9V7UMLzz/Hx5hoS38VNde4bakIMJPQZ4TCNJlyih1TaTwEd8GMIFg/nl+p2UIrnigKPknfx0aWUkHdm7LYvF6h2WrbWpj34dxi/3qyP0nx9UjQWpSzJn5KIfkw8K5FhAlH5/E3YUmGJE904fQcMpZtVgNuSRqytd4CQMn8KoE4q/IBBpH3F2ICESTaPCMi+5B+vfsw8jfRUdX3lD0mw2cRc5eN5wJCzMC+sGyY+Pyggeyi/0HH56+dhn5Uo3GOZy/lzMUE0UX0cFeFXkD2OiBz4Pv+f8kwnW327kXgH3P1p5YVMeVsVbTf8stHYyeEFeUsCp0QtlHG6eqSLhyFVCAgRATBRyP7GKk9u9GpaxpGv5fOssN0O4KhDkkQ9xZEwIeg6BawRABH2wuUGtEeFr39z/n3NI5zDFnRSV+eNy50IU9uRRB22GV3QQJMkQp480jWbHXoJCIIrbwfl34uCreaGnUmhypY8VCyVvGxO9wz1nVqpLthyq5aTHEPGmb3A/PkyYlUmdcx5V98tvlJTRx8xx+oYRx/QExUquaPA8FK0l+8pVnvt+NCat3CodtBk8aOGhLvnQalRDI5M4IH17+hJBxktLbcw5rvAU5H7hd4i83v+Y4fX/I0d87f9sJw+DNP9YQwLOv+ZHKaith2ZW69kV95gf0HNJmRFebwK8f3ZYGxxminRJjKOez5O9fBPdqNQpMLNfSierZY/pzCY544EpsYjRciO1RYab0sUjRbM8bH7IeUhzdoazdTBLuRXUcraPlFaZMkPP/sqqAu2BmLWHhbgj1tkbQH15f8nY9REDQz3mDn2iFk5aVqBtbSCdgxuWr34EHtSE0OJY4+FOezy/YMmH8r414EhK4WRjBArYvGt3ix1BevvImB21uJNBumfNVCuVPxHHwk5VqVw9AqO0cNPUluFJmhlX+Cd4B6KAp2TT2wXPC6ybI9CMyjdukSSvR4xF9Ji/SlWelnerDd6TgFg44pgH1CAwdk4vCXaXZl6ev74joN/1I7RhoWTWBCmYAENgOGOyym1D+1FmC/dWOssGrA0jBbPaeRoNPsYUH18vxwtzCLIYN+c9sHL38inFmw062k0jJoHLFbsNQjrwKB9CV7n3woQOWZXhxVhGiY4h9iO+F0rPjKaMl X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8b6e502b-377d-49c6-3b8f-08d963f39efa X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:24.7156 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: MSC6WgVQack+LsZKlfnwwYEvlBjknLtFlE1kahTRYvgLVgHtPmky3aiatyJYX/igK30W+pz3P+GnVcIIFy6Lsg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4574 Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=ZBUbmWjf; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf03.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.220.51 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Stat-Signature: hjnt8o8sti15spkm6ht1ki9p5edrww98 X-Rspamd-Queue-Id: 384DF3001E00 X-Rspamd-Server: rspam01 X-HE-Tag: 1629475231-155763 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: KVM_SEV_SNP_LAUNCH_START begins the launch process for an SEV-SNP guest. The command initializes a cryptographic digest context used to construct the measurement of the guest. If the guest is expected to be migrated, the command also binds a migration agent (MA) to the guest. For more information see the SEV-SNP specification. Signed-off-by: Brijesh Singh --- .../virt/kvm/amd-memory-encryption.rst | 24 ++++ arch/x86/kvm/svm/sev.c | 116 +++++++++++++++++- arch/x86/kvm/svm/svm.h | 1 + include/uapi/linux/kvm.h | 10 ++ 4 files changed, 148 insertions(+), 3 deletions(-) diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst index 7b1d32fb99a8..937af3447954 100644 --- a/Documentation/virt/kvm/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/amd-memory-encryption.rst @@ -454,6 +454,30 @@ The flags bitmap is defined as:: If the specified flags is not supported then return -EOPNOTSUPP, and the supported flags are returned. +19. KVM_SNP_LAUNCH_START +------------------------ + +The KVM_SNP_LAUNCH_START command is used for creating the memory encryption +context for the SEV-SNP guest. To create the encryption context, user must +provide a guest policy, migration agent (if any) and guest OS visible +workarounds value as defined SEV-SNP specification. + +Parameters (in): struct kvm_snp_launch_start + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_snp_launch_start { + __u64 policy; /* Guest policy to use. */ + __u64 ma_uaddr; /* userspace address of migration agent */ + __u8 ma_en; /* 1 if the migtation agent is enabled */ + __u8 imi_en; /* set IMI to 1. */ + __u8 gosvw[16]; /* guest OS visible workarounds */ + }; + +See the SEV-SNP specification for further detail on the launch input. + References ========== diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 93da463545ef..dbf04a52b23d 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -21,6 +21,7 @@ #include #include +#include #include "x86.h" #include "svm.h" @@ -74,6 +75,8 @@ static unsigned long sev_me_mask; static unsigned long *sev_asid_bitmap; static unsigned long *sev_reclaim_asid_bitmap; +static int snp_decommission_context(struct kvm *kvm); + struct enc_region { struct list_head list; unsigned long npages; @@ -85,7 +88,7 @@ struct enc_region { /* Called with the sev_bitmap_lock held, or on shutdown */ static int sev_flush_asids(int min_asid, int max_asid) { - int ret, pos, error = 0; + int ret, pos, error = 0, ret_snp = 0, error_snp = 0; /* Check if there are any ASIDs to reclaim before performing a flush */ pos = find_next_bit(sev_reclaim_asid_bitmap, max_asid, min_asid); @@ -101,12 +104,18 @@ static int sev_flush_asids(int min_asid, int max_asid) wbinvd_on_all_cpus(); ret = sev_guest_df_flush(&error); + if (sev_snp_enabled) + ret_snp = snp_guest_df_flush(&error_snp); + up_write(&sev_deactivate_lock); if (ret) pr_err("SEV: DF_FLUSH failed, ret=%d, error=%#x\n", ret, error); - return ret; + if (ret_snp) + pr_err("SEV: SNP_DF_FLUSH failed, ret=%d, error=%#x\n", ret_snp, error_snp); + + return ret || ret_snp; } static inline bool is_mirroring_enc_context(struct kvm *kvm) @@ -1543,6 +1552,74 @@ static int sev_receive_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) return sev_issue_cmd(kvm, SEV_CMD_RECEIVE_FINISH, &data, &argp->error); } +static void *snp_context_create(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct sev_data_snp_gctx_create data = {}; + void *context; + int rc; + + /* Allocate memory for context page */ + context = snp_alloc_firmware_page(GFP_KERNEL_ACCOUNT); + if (!context) + return NULL; + + data.gctx_paddr = __psp_pa(context); + rc = __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_GCTX_CREATE, &data, &argp->error); + if (rc) { + snp_free_firmware_page(context); + return NULL; + } + + return context; +} + +static int snp_bind_asid(struct kvm *kvm, int *error) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_snp_activate data = {0}; + + data.gctx_paddr = __psp_pa(sev->snp_context); + data.asid = sev_get_asid(kvm); + return sev_issue_cmd(kvm, SEV_CMD_SNP_ACTIVATE, &data, error); +} + +static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_snp_launch_start start = {0}; + struct kvm_sev_snp_launch_start params; + int rc; + + if (!sev_snp_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, sizeof(params))) + return -EFAULT; + + sev->snp_context = snp_context_create(kvm, argp); + if (!sev->snp_context) + return -ENOTTY; + + start.gctx_paddr = __psp_pa(sev->snp_context); + start.policy = params.policy; + memcpy(start.gosvw, params.gosvw, sizeof(params.gosvw)); + rc = __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_LAUNCH_START, &start, &argp->error); + if (rc) + goto e_free_context; + + sev->fd = argp->sev_fd; + rc = snp_bind_asid(kvm, &argp->error); + if (rc) + goto e_free_context; + + return 0; + +e_free_context: + snp_decommission_context(kvm); + + return rc; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -1632,6 +1709,9 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_RECEIVE_FINISH: r = sev_receive_finish(kvm, &sev_cmd); break; + case KVM_SEV_SNP_LAUNCH_START: + r = snp_launch_start(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; @@ -1825,6 +1905,28 @@ int svm_vm_copy_asid_from(struct kvm *kvm, unsigned int source_fd) return ret; } +static int snp_decommission_context(struct kvm *kvm) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_snp_decommission data = {}; + int ret; + + /* If context is not created then do nothing */ + if (!sev->snp_context) + return 0; + + data.gctx_paddr = __sme_pa(sev->snp_context); + ret = snp_guest_decommission(&data, NULL); + if (WARN_ONCE(ret, "failed to release guest context")) + return ret; + + /* free the context page now */ + snp_free_firmware_page(sev->snp_context); + sev->snp_context = NULL; + + return 0; +} + void sev_vm_destroy(struct kvm *kvm) { struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; @@ -1863,7 +1965,15 @@ void sev_vm_destroy(struct kvm *kvm) mutex_unlock(&kvm->lock); - sev_unbind_asid(kvm, sev->handle); + if (sev_snp_guest(kvm)) { + if (snp_decommission_context(kvm)) { + WARN_ONCE(1, "Failed to free SNP guest context, leaking asid!\n"); + return; + } + } else { + sev_unbind_asid(kvm, sev->handle); + } + sev_asid_free(sev); } diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 57c3c404b0b3..85417c44812d 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -85,6 +85,7 @@ struct kvm_sev_info { struct kvm *enc_context_owner; /* Owner of copied encryption context */ struct misc_cg *misc_cg; /* For misc cgroup accounting */ u64 snp_init_flags; + void *snp_context; /* SNP guest context page */ }; struct kvm_svm { diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 944e2bf601fe..e6416e58cd9a 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1714,6 +1714,7 @@ enum sev_cmd_id { /* SNP specific commands */ KVM_SEV_SNP_INIT, + KVM_SEV_SNP_LAUNCH_START, KVM_SEV_NR_MAX, }; @@ -1821,6 +1822,15 @@ struct kvm_snp_init { __u64 flags; }; +struct kvm_sev_snp_launch_start { + __u64 policy; + __u64 ma_uaddr; + __u8 ma_en; + __u8 imi_en; + __u8 gosvw[16]; + __u8 pad[6]; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Fri Aug 20 15:58:58 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449817 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5461AC4338F for ; Fri, 20 Aug 2021 16:01:19 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id EADDE60ED3 for ; Fri, 20 Aug 2021 16:01:18 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org EADDE60ED3 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id E5B398D001C; Fri, 20 Aug 2021 12:00:32 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E0AF88D001B; Fri, 20 Aug 2021 12:00:32 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C857C8D001C; Fri, 20 Aug 2021 12:00:32 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0241.hostedemail.com [216.40.44.241]) by kanga.kvack.org (Postfix) with ESMTP id A35688D000F for ; Fri, 20 Aug 2021 12:00:32 -0400 (EDT) Received: from smtpin20.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 5AA9E289F1 for ; Fri, 20 Aug 2021 16:00:32 +0000 (UTC) X-FDA: 78495921504.20.E2F9BCE Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2051.outbound.protection.outlook.com [40.107.220.51]) by imf03.hostedemail.com (Postfix) with ESMTP id DDCC33001E00 for ; Fri, 20 Aug 2021 16:00:31 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OVWA22obn2+/nu1CmudXVUNyhRbbOxJ6C+BPkKheP7iDFruWFe3zTfFCtoHgm6+mAupWlDJ0KL1zbsVh3sKzQ/xZrOGnot5Qo/u+XIZQ+bXYLXwa4/XNOUkKEm4olTVlj+FK7bXYuy2qAaek/+EfLXXoEYt6B0KPS5EZDP9mhX9Sg2CeFkv5Nu2gSBE4Zyx0IMumpjCTRbYOwVDxB/cmKs8gNKyK5Kv499MBHovarJIgC16D61dTt59jvHTlQoMy64O9DUfASu1jdk3MCyhAgxdblhtCgodrcKiJx5CIpYc4ou41EgqpEQLPQV1ZWR5sVbkr31lFj3jKjQcuP7fhNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZKtzTgCwBcMrEh+41fiavNBlg3Ad7ktpHyNHUcdRJqk=; b=Grqk/1O3JEUlIya0lkymrXZpCap08Kcyv6mQOmMb2bL0Vc1HdhIhbIASLzzO0hTFgZBQzXbZeJAr1W0vGiQjNdyoTwWQde7N4zsopIRE8rtrVF8jsyFaTgnSelRNni52FM8qeoUXpx5Ck1p6xDES4reI4147G2vcPcawZIm7MfvfBv6pblLF/W35EKFYVLf0hoBLMTXL97v4fL8Ogdf3jmVKg1iazA/MCj0o16k8Dp2+H3Kb+wl8sGMaDtPxCj3tHm8TAjAGJiOGeHq6L1yv3APDq6S/l7M4AWRYDboMJ0LQkZyIIP+W7emQd97m8qfM3DBJeSXDX2o0ThuQONaInA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZKtzTgCwBcMrEh+41fiavNBlg3Ad7ktpHyNHUcdRJqk=; b=SdZK7DBa6IukiCvLRSZRTGRiN0O/P1XybpCzInfGHsIaclXOMkEvDIHIChP3ykhQ8GZQJZ5nsL5Kp1uLVoRFORxI9gDRFPrvWPG6jdSPpoY2uk+u/8kbiX2HdKBrH1xWPuXwsr1VzYQBG0pUX1d5cr/R7muWBKReUWJGmi3HTjM= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4574.namprd12.prod.outlook.com (2603:10b6:806:94::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:00:28 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:26 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 25/45] KVM: SVM: Add KVM_SEV_SNP_LAUNCH_UPDATE command Date: Fri, 20 Aug 2021 10:58:58 -0500 Message-Id: <20210820155918.7518-26-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:25 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 5b887704-238c-4bc7-3f98-08d963f39ff5 X-MS-TrafficTypeDiagnostic: SA0PR12MB4574: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6430; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 0fEwu5MC68ssAYIH9kMwrBItIjaSxrJRzeTXhRGRWvA2b2ZrkEqmk04mpqEcprAPv6kTfNjmQJ/iXSzFLmXXe3RAi2sFzFEYKTyPqVTu9yqs6qD+fkbczWrOylqssmGrNgTxUSvjKqwC7oMqLwRp7MXgIdQRPgN7HsykGJrBqvnsAMuvogW6jUIf+u7CdkG9YcK1XGglEmVuEm4d0ylIzrriRuCSdJYJ1v1BFGXqtLLr2FxoFuOH2RALzFBYceJQT0X8frR90C5l3ufhNo9SvEVOq3HUdXrdbJMgrstmEdlW/oBfe4EDYfr6Q8Inm+KZMnpO+vAwyBf4WxnYeiRPQSOLCQZHufMqnGDgddKL5tKqvuBF/R0XZ3rNfQRDgl7Wvkp5aIyWgowpa8fxdoVqxRNU/SEZS1YbrmfZdIuCvcc4DW3tmB1ssvvp/GtHbU9YO3JGjybIoPLYjN+ocPn5G5caMd+QTlMVWidPwl6KTBrTezB95kpcw1x6/w9dFGP3mU+nmEIJTNybJxIuuaXO4cawLW1TDwhs1yiTwodp5eerJv1Vef7ysR3a/5BbjOYQA8hDuG6N4zZvkvN06vOJgiVXoVjmhaIZS2tz9b7bkJHh94lhkj4w9twl4b7OcAKK/GI24cbExWRXXOIHiFBzxfG4nrjAQ/qgaCi8hYN0H4nrd15IZW3DE9lyi8Sao47tCd7J5M1rxfGVh9QdWpY6Sw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(376002)(396003)(346002)(366004)(39860400002)(1076003)(38100700002)(316002)(38350700002)(5660300002)(26005)(44832011)(4326008)(66556008)(54906003)(7416002)(7406005)(8676002)(66476007)(86362001)(66946007)(6666004)(2616005)(956004)(8936002)(2906002)(36756003)(83380400001)(478600001)(6486002)(7696005)(52116002)(186003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: ohJGmdiU6S++lLUteSgUjkBfPNxNT7a6yWLi30kG3nhaDknDYNI4adCwVd9SzdjZGsur25G8R+lSt2ODKSn6TuA/Rb4T9nJYui3HdYUTrlh5cWDncEKEalCU8z16rf+rxtIk+jA33G+SJIebDr3qWw8lTIJfPNhEvjY57jI59x6YBPklYfUJ9lbyudcJcFO3u1QCgzJP/7yxNWCeo2u17o62UFWgizxe73d3tYr603NcTownNIMqRMumgn1jm9TNm7XpqAFrluMzRP+kwggV36eGn2WXsc07vcRE/cygwhMs5M01t7tG+bQc6LrWT6WHeUDsXmrRxt6N0TNHHzoo4yL+du+Y7iUjN9h6aaZH7ZH2ujZFA4EWUcFKpfRPBVutcatrixaXLxEX3QWG1vU+ZUJ5MrBKZCuoSMSmQwq2PaAMJQr5Qh0/fWJ8kwgcgAICnYXv2mTNu+qvrVP7VAStGEaVCwXhxbJevxZx7v5qYSLvN5YaOyhme2t7SpBpa0WKkRGIsgz0pVVIZuP9FqdLXDumv4A5dIU1kFzHVg2vA9Lkn8CnSRNy5X8Ng8OLF3NrXtlajyXQxx6FV769UNk81v5Wnf5yVfJM+FsSsyycZRfQQmwNhxgFiXQZzzL6SWvudxR6juX/GLyeQRKcvf1X8v0+YpLHK7cjnILEjUJ7nu3yXRUb7PO9Yq1ECHZuciDUSOo7rdaZaUUuIPRoXO2Stl/mUXuCokZSn7Xv2rsesjvnHYJflXMt/XBh6ftSLecVI3MRVIFWl0TIKQPSdgQeule9fDdlS0qXbYXo51/zsoqUrIQwqd+Jed+Hr4KUiuuIzvf7rvV0hu5ZOfy6gy8ALcvbPAnUoEwfUF5rsJlhieKwrZ9jTNmKpQmq7in3yRYSq6ws48YhIUtLXQ/oy6yL/cCngsJURzHvzkkuUFquvaQxc2H6xK9XIuTO2f+B4D14oKrrvUSUH6Z1p4UdIWN5NPVg7G1WrtBd4Pb+Jlz6bFTU9mIHFNq6IVd9wQCGc6OVgYNEhZyE7Q27xnSMecNzmgwVVfDzlD9PAEOGYxNFjNuzyhiLHBJyaIXgXwDM5sQKCwURK/eNqbiPUOSMu/FV8QSgd7QUc9B7PAcZOXaeyB2X2tGn5nLctr1UqNrK5+8Hm070WnJteiT/dz/lwczlxTl8Bfdvnje3+wSuk1KG8GrcxvIVr5z94DnMlOfGp1FywXKMCib4GrNDaf5ABGWYBHEQiCaHTlS4dZm3snkcw0ajNfy+zZwjhu+dECBC+wjKnt/4sm6539o8NYGjjuNUO9MZ958q+J3vx4U8NKjCRZb+A8AYcMzsIqlPOBbAfP4M X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5b887704-238c-4bc7-3f98-08d963f39ff5 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:26.3667 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 6/LWPlBXTLswztQUDFurUbFUNfonmnBClZSnOpLmH1ZWDHNNvXDoq8JGkdsW1CFgwZFRjrSZ7D/qOphcqsV5kg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4574 Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=SdZK7DBa; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf03.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.220.51 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Stat-Signature: 5d5hgtckckh1zu3yetqh1f4q3xu4ba7j X-Rspamd-Queue-Id: DDCC33001E00 X-Rspamd-Server: rspam01 X-HE-Tag: 1629475231-674079 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The KVM_SEV_SNP_LAUNCH_UPDATE command can be used to insert data into the guest's memory. The data is encrypted with the cryptographic context created with the KVM_SEV_SNP_LAUNCH_START. In addition to the inserting data, it can insert a two special pages into the guests memory: the secrets page and the CPUID page. While terminating the guest, reclaim the guest pages added in the RMP table. If the reclaim fails, then the page is no longer safe to be released back to the system and leak them. For more information see the SEV-SNP specification. Signed-off-by: Brijesh Singh --- .../virt/kvm/amd-memory-encryption.rst | 29 +++ arch/x86/kvm/svm/sev.c | 187 ++++++++++++++++++ include/uapi/linux/kvm.h | 19 ++ 3 files changed, 235 insertions(+) diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst index 937af3447954..ddcd94e9ffed 100644 --- a/Documentation/virt/kvm/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/amd-memory-encryption.rst @@ -478,6 +478,35 @@ Returns: 0 on success, -negative on error See the SEV-SNP specification for further detail on the launch input. +20. KVM_SNP_LAUNCH_UPDATE +------------------------- + +The KVM_SNP_LAUNCH_UPDATE is used for encrypting a memory region. It also +calculates a measurement of the memory contents. The measurement is a signature +of the memory contents that can be sent to the guest owner as an attestation +that the memory was encrypted correctly by the firmware. + +Parameters (in): struct kvm_snp_launch_update + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_snp_launch_update { + __u64 start_gfn; /* Guest page number to start from. */ + __u64 uaddr; /* userspace address need to be encrypted */ + __u32 len; /* length of memory region */ + __u8 imi_page; /* 1 if memory is part of the IMI */ + __u8 page_type; /* page type */ + __u8 vmpl3_perms; /* VMPL3 permission mask */ + __u8 vmpl2_perms; /* VMPL2 permission mask */ + __u8 vmpl1_perms; /* VMPL1 permission mask */ + }; + +See the SEV-SNP spec for further details on how to build the VMPL permission +mask and page type. + + References ========== diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index dbf04a52b23d..4b126598b7aa 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include @@ -227,6 +228,49 @@ static void sev_decommission(unsigned int handle) sev_guest_decommission(&decommission, NULL); } +static inline void snp_leak_pages(u64 pfn, enum pg_level level) +{ + unsigned int npages = page_level_size(level) >> PAGE_SHIFT; + + WARN(1, "psc failed pfn 0x%llx pages %d (leaking)\n", pfn, npages); + + while (npages) { + memory_failure(pfn, 0); + dump_rmpentry(pfn); + npages--; + pfn++; + } +} + +static int snp_page_reclaim(u64 pfn) +{ + struct sev_data_snp_page_reclaim data = {0}; + int err, rc; + + data.paddr = __sme_set(pfn << PAGE_SHIFT); + rc = snp_guest_page_reclaim(&data, &err); + if (rc) { + /* + * If the reclaim failed, then page is no longer safe + * to use. + */ + snp_leak_pages(pfn, PG_LEVEL_4K); + } + + return rc; +} + +static int host_rmp_make_shared(u64 pfn, enum pg_level level, bool leak) +{ + int rc; + + rc = rmp_make_shared(pfn, level); + if (rc && leak) + snp_leak_pages(pfn, level); + + return rc; +} + static void sev_unbind_asid(struct kvm *kvm, unsigned int handle) { struct sev_data_deactivate deactivate; @@ -1620,6 +1664,123 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp) return rc; } +static bool is_hva_registered(struct kvm *kvm, hva_t hva, size_t len) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct list_head *head = &sev->regions_list; + struct enc_region *i; + + lockdep_assert_held(&kvm->lock); + + list_for_each_entry(i, head, list) { + u64 start = i->uaddr; + u64 end = start + i->size; + + if (start <= hva && end >= (hva + len)) + return true; + } + + return false; +} + +static int snp_launch_update(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_snp_launch_update data = {0}; + struct kvm_sev_snp_launch_update params; + unsigned long npages, pfn, n = 0; + int *error = &argp->error; + struct page **inpages; + int ret, i, level; + u64 gfn; + + if (!sev_snp_guest(kvm)) + return -ENOTTY; + + if (!sev->snp_context) + return -EINVAL; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, sizeof(params))) + return -EFAULT; + + /* Verify that the specified address range is registered. */ + if (!is_hva_registered(kvm, params.uaddr, params.len)) + return -EINVAL; + + /* + * The userspace memory is already locked so technically we don't + * need to lock it again. Later part of the function needs to know + * pfn so call the sev_pin_memory() so that we can get the list of + * pages to iterate through. + */ + inpages = sev_pin_memory(kvm, params.uaddr, params.len, &npages, 1); + if (!inpages) + return -ENOMEM; + + /* + * Verify that all the pages are marked shared in the RMP table before + * going further. This is avoid the cases where the userspace may try + * updating the same page twice. + */ + for (i = 0; i < npages; i++) { + if (snp_lookup_rmpentry(page_to_pfn(inpages[i]), &level) != 0) { + sev_unpin_memory(kvm, inpages, npages); + return -EFAULT; + } + } + + gfn = params.start_gfn; + level = PG_LEVEL_4K; + data.gctx_paddr = __psp_pa(sev->snp_context); + + for (i = 0; i < npages; i++) { + pfn = page_to_pfn(inpages[i]); + + ret = rmp_make_private(pfn, gfn << PAGE_SHIFT, level, sev_get_asid(kvm), true); + if (ret) { + ret = -EFAULT; + goto e_unpin; + } + + n++; + data.address = __sme_page_pa(inpages[i]); + data.page_size = X86_TO_RMP_PG_LEVEL(level); + data.page_type = params.page_type; + data.vmpl3_perms = params.vmpl3_perms; + data.vmpl2_perms = params.vmpl2_perms; + data.vmpl1_perms = params.vmpl1_perms; + ret = __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_LAUNCH_UPDATE, &data, error); + if (ret) { + /* + * If the command failed then need to reclaim the page. + */ + snp_page_reclaim(pfn); + goto e_unpin; + } + + gfn++; + } + +e_unpin: + /* Content of memory is updated, mark pages dirty */ + for (i = 0; i < n; i++) { + set_page_dirty_lock(inpages[i]); + mark_page_accessed(inpages[i]); + + /* + * If its an error, then update RMP entry to change page ownership + * to the hypervisor. + */ + if (ret) + host_rmp_make_shared(pfn, level, true); + } + + /* Unlock the user pages */ + sev_unpin_memory(kvm, inpages, npages); + + return ret; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -1712,6 +1873,9 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_SNP_LAUNCH_START: r = snp_launch_start(kvm, &sev_cmd); break; + case KVM_SEV_SNP_LAUNCH_UPDATE: + r = snp_launch_update(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; @@ -1794,6 +1958,29 @@ find_enc_region(struct kvm *kvm, struct kvm_enc_region *range) static void __unregister_enc_region_locked(struct kvm *kvm, struct enc_region *region) { + unsigned long i, pfn; + int level; + + /* + * The guest memory pages are assigned in the RMP table. Unassign it + * before releasing the memory. + */ + if (sev_snp_guest(kvm)) { + for (i = 0; i < region->npages; i++) { + pfn = page_to_pfn(region->pages[i]); + + if (!snp_lookup_rmpentry(pfn, &level)) + continue; + + cond_resched(); + + if (level > PG_LEVEL_4K) + pfn &= ~(KVM_PAGES_PER_HPAGE(PG_LEVEL_2M) - 1); + + host_rmp_make_shared(pfn, level, true); + } + } + sev_unpin_memory(kvm, region->pages, region->npages); list_del(®ion->list); kfree(region); diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index e6416e58cd9a..0681be4bdfdf 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1715,6 +1715,7 @@ enum sev_cmd_id { /* SNP specific commands */ KVM_SEV_SNP_INIT, KVM_SEV_SNP_LAUNCH_START, + KVM_SEV_SNP_LAUNCH_UPDATE, KVM_SEV_NR_MAX, }; @@ -1831,6 +1832,24 @@ struct kvm_sev_snp_launch_start { __u8 pad[6]; }; +#define KVM_SEV_SNP_PAGE_TYPE_NORMAL 0x1 +#define KVM_SEV_SNP_PAGE_TYPE_VMSA 0x2 +#define KVM_SEV_SNP_PAGE_TYPE_ZERO 0x3 +#define KVM_SEV_SNP_PAGE_TYPE_UNMEASURED 0x4 +#define KVM_SEV_SNP_PAGE_TYPE_SECRETS 0x5 +#define KVM_SEV_SNP_PAGE_TYPE_CPUID 0x6 + +struct kvm_sev_snp_launch_update { + __u64 start_gfn; + __u64 uaddr; + __u32 len; + __u8 imi_page; + __u8 page_type; + __u8 vmpl3_perms; + __u8 vmpl2_perms; + __u8 vmpl1_perms; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Fri Aug 20 15:58:59 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449821 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A30C6C4320A for ; Fri, 20 Aug 2021 16:01:25 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 5202160ED3 for ; Fri, 20 Aug 2021 16:01:25 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 5202160ED3 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 904AF8D001D; Fri, 20 Aug 2021 12:00:33 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8DD408D001B; Fri, 20 Aug 2021 12:00:33 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 72D298D001D; Fri, 20 Aug 2021 12:00:33 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0168.hostedemail.com [216.40.44.168]) by kanga.kvack.org (Postfix) with ESMTP id 57C7D8D001B for ; Fri, 20 Aug 2021 12:00:33 -0400 (EDT) Received: from smtpin02.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 05ED3184C052A for ; Fri, 20 Aug 2021 16:00:33 +0000 (UTC) X-FDA: 78495921546.02.33A9D3C Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2051.outbound.protection.outlook.com [40.107.220.51]) by imf03.hostedemail.com (Postfix) with ESMTP id 6E2FA30000AB for ; Fri, 20 Aug 2021 16:00:32 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IAH6GotQA2X0s3BRJosN4Hj1Nk/0CBTX1xAboJuFKmb62Og62d1AErT8HbkjyJJ37VUxYaCKMxb+WuTMfMBLigEDnQ3vm7/cerZr7rpQj2S6LRRVz5I56ggmNkIDnrT2jKEqlNVsSaoBCBeR+6QbXBhbylQHbRknPzqKxUbWfDbYgeWh6kvsqJdpppp0kkfGyHTDnODzVz1IbrFsy4GCi1/Et3Bg4bmYzKTY/4sH5c/slg3NmSkfqx3sii+VuojZqSxsU+ShYFHrhToX7r0J60tzJ7trjNY+cSBCgFDoqs5s3g247+v4PoUAkA0Qt8hwO7khMhTN+2rqrUWNV7LH2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/GoMsrfjUi/kgw9wBv8ov2FQ/Bd44cHkwYsWl4zlNzU=; b=D7lmnQlVFlNa7jYR45czEW0wNR4AR5AJuQRokImPaxpitdIt8v56BFfu0kLECXQmaz6CgNvmmVURPw0mNEFCrLMZFu2faW89PXslq433978VKTbSx50aYWcg5dc4QEPUoTh+/veQHYBaHTORkIn+86oHi5vo1T51e6XlJCBAP0zIJxOYbUUjhiLIBVjElc5fyEDvxSjkqvduhsD6U/UanbK0Tw2JhEyuR/lOgKWXJLVijwFi9OH+VMb0JedPiuOUObvDxhdWW8xdyug8J7huUtS71nSQJVhsCf6tLqw9UDv+StwPPTT1LgcjcHTcyu7iTxQH2vy/i323lCGmUb+Qnw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/GoMsrfjUi/kgw9wBv8ov2FQ/Bd44cHkwYsWl4zlNzU=; b=lpm5PvVBQKPnTzCQhI79i+Io2tmjyIPzzAOQ8FHeHvxSvvvqYZQEtWzTOsgcE0yhoF+Cu1tIeX3KW5FtAQgWZaDGE951vKAGIx39fjFy8MXWkNeBRflKNr18m5bPcchaFoEg3NJVCqE2axWWdFUH3jNzLHtyMCMw4+p+i/j7z5w= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4574.namprd12.prod.outlook.com (2603:10b6:806:94::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:00:29 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:29 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 26/45] KVM: SVM: Mark the private vma unmerable for SEV-SNP guests Date: Fri, 20 Aug 2021 10:58:59 -0500 Message-Id: <20210820155918.7518-27-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:26 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8b7c2830-a8e1-496e-0fbc-08d963f3a0b0 X-MS-TrafficTypeDiagnostic: SA0PR12MB4574: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: MpYWWrgN/v9MlCNoOVvy+F9aIfktA2AcgSfCbC+KI+XfMrWxnnNm39R7OhJzyMtEjQPh73mIHC4qh/fvlnwP70e/rJkZP97ULcsiY3jKS0rGlkeQlAVKQxauSbtwPkUBOKITQ7OGXMwj2CpUIYXnZHZR4/rxgwFJdfS9x0oxogydUNhdWxe1uBCtizIMMmKS8auaRsZ+rVN229ghvBpHBzRGjRlMJiyLYOAtR9ZI/9eBMBeIFVOVdb/op1xvUrFkqfnPk9QuIqNxf2rxqHGuWjmrcUUHma2fHbPHAFEJS7LqvS1hYv/mY1t+xjr9GfeCiq8h3FmzzpRvi1FPyxBZoXreMC+8raJyNZNruaRt0BAUbOIOA2q3te7k3BInMCoQx9JKCJ1us3BrjHW0gx8UCEAQB6km+NFPyi6oQGm306tkiQssOfEJrIAXv3s7ZnkbW+DnK2EjJicGLDM8cTU8FeAAXxttCXGw599oZCRgK2HBCgAKqtUPuIiRQSQQmZFaqbS/7/6H1VNNFjng59HMaE0qp/sC/eo05qBnCTjsBjEUlZ0Ktzk8D7LW1Zjm43KZ1XwgpYen0wrUUtvFwItrPB5XitkpuwN2YSZau1ZxkzfFOOrVjJmYexFYzl3mXTW2r6Wpgob1cX5ocAQXk+O5iGlbF3pN9oZoapqW65dyTrP0MevENV74s5+ixQVWQ29J7lyc9kbFbwqiUv0NWh/d4A== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(376002)(396003)(346002)(366004)(39860400002)(1076003)(38100700002)(316002)(38350700002)(5660300002)(26005)(44832011)(4326008)(66556008)(54906003)(7416002)(7406005)(8676002)(66476007)(86362001)(66946007)(6666004)(2616005)(956004)(8936002)(2906002)(36756003)(83380400001)(478600001)(6486002)(7696005)(52116002)(186003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: QQ7EcEs8emAgmSzQwJNDG34pxP/sn38AZyB+hM6ltOF1cWhwpWCsSWmK4HiLi6Yz9sGyBmMBAoZGF6rjuJS6TBo6p9NMqw8nXXLJG0vgo8pCrfh9Q2++abK2oHfiMWz6mxHcWIUBPj9M5/F7RMMqrZcynPvHUu3GJ6fh/m3pD1tkHQN+5pbH6bd7469kDx5vDNZUUUP/BNDZ5eu2PQpw+ZeDFdRGySj/VqY124X7GvKkU53fqMegfmtHtNJ4xlogpPSCDu17OdLnQBDdEnikOQc8KMWYKtBy/JAk5Zdr3d6CuSrkwWG7zJQjD5/Xq2BY/VvKvArYaK6q7esKb+57/ft4bZe/46Od53m4eBvekrVNfJVh0uigHY8rHRd8qLN/hBlofcF+nlYGA4Y3mXhzzQ+zNf87qWuNj5/+2LnrcaqWrTmeBZeLD9GjE05qW8U58VJiENldMUXdU2laz2123J2qOFXNe/XFIUuAERt/FrzSmFybygB2NjQMd10ozf5UPfy/LXEx4E3Ao2O3drxymhvTUvL/9eAAIJvA/eYagBvzXxJPmXCEv2OXH03x1LlsxzDwzX45mEbIrjUw8Szpy0t25mDkJdAXr8o/5fu9+iukeHBJPMA6TD3xgAYher6VuFeabhRCgOj9Ogha0c3V6aae1Viw2RyZxQqBp9jNpv+elzOfzBKizAPW1Qr77W+HPAHb6dvStpRNmjEXEEMXP9JPYBV3HQCqHfIt0OeVFXgZDN7lB2DPPX+oPCfAcuJ++PE3rTXa6If0RAay0sde12uchr5OFsg28YH+IAxwg7WMGJ/ni1P7wWwRs54kpGSO5mkmHIFOoapzqtR5QVOh6GXjq4okwz2JUuDNkq46BLk8KssYlfrfHLAVhaGtB/dL9vK/2M425IVZZDaJXv13Wl9eJkVQ3P9AYv27RE+prAXvX3bt1gFWGOX586ANPeGvmpjov6TREpnNpdUXTsTmxtQ7WU8veKGkKq9gVWaFnQyRd/E0ES0sQt4mHECs0KOpOcZGC7lxDk81/FNVajEEGRPsd1J4et4k06ruOBMtlKi8VHcPq83lIf1A82YHu1GSOTRDhWrpKlynjbNd8Oh8EMtk/Lol3uzw9yefGP9iqqFSQcJqHkhbEga7VnLTpfaMqygo04g7kEH4ULwOFT4YUngyfYB2hC4KE5s43vog3VnckQ3QN3r5tCa24PxaWE+gvZVKIzi1dai9ChsqhOVpo3nLZRCGt2h+1XZhN0f2prJFOjku3SNGwE/MxCk/uKXlI1Uv4Nudd8gtC86ccnm9Q/nT3PCMU8u4+TobDDNaIyzR1tMX3FhoNLTKwXcqGY2b X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8b7c2830-a8e1-496e-0fbc-08d963f3a0b0 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:27.5520 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: oXr/N3c8IHYiypjjkiTU9twYvdaumofKq4gNqouF9E3rJYHRvseA46OoPkMahIFVaMGjYve384tDNDXDyR6gPg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4574 Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=lpm5PvVB; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf03.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.220.51 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Stat-Signature: 54wnahk9qp4ag58zn9ymg6znc87cjurm X-Rspamd-Queue-Id: 6E2FA30000AB X-Rspamd-Server: rspam01 X-HE-Tag: 1629475232-989612 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: When SEV-SNP is enabled, the guest private pages are added in the RMP table; while adding the pages, the rmp_make_private() unmaps the pages from the direct map. If KSM attempts to access those unmapped pages then it will trigger #PF (page-not-present). Encrypted guest pages cannot be shared between the process, so an userspace should not mark the region mergeable but to be safe, mark the process vma unmerable before adding the pages in the RMP table. Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm/sev.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 4b126598b7aa..dcef0ae5f8e4 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -18,11 +18,13 @@ #include #include #include +#include #include #include #include #include +#include #include "x86.h" #include "svm.h" @@ -1683,6 +1685,30 @@ static bool is_hva_registered(struct kvm *kvm, hva_t hva, size_t len) return false; } +static int snp_mark_unmergable(struct kvm *kvm, u64 start, u64 size) +{ + struct vm_area_struct *vma; + u64 end = start + size; + int ret; + + do { + vma = find_vma_intersection(kvm->mm, start, end); + if (!vma) { + ret = -EINVAL; + break; + } + + ret = ksm_madvise(vma, vma->vm_start, vma->vm_end, + MADV_UNMERGEABLE, &vma->vm_flags); + if (ret) + break; + + start = vma->vm_end; + } while (end > vma->vm_end); + + return ret; +} + static int snp_launch_update(struct kvm *kvm, struct kvm_sev_cmd *argp) { struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; @@ -1707,6 +1733,12 @@ static int snp_launch_update(struct kvm *kvm, struct kvm_sev_cmd *argp) if (!is_hva_registered(kvm, params.uaddr, params.len)) return -EINVAL; + mmap_write_lock(kvm->mm); + ret = snp_mark_unmergable(kvm, params.uaddr, params.len); + mmap_write_unlock(kvm->mm); + if (ret) + return -EFAULT; + /* * The userspace memory is already locked so technically we don't * need to lock it again. Later part of the function needs to know From patchwork Fri Aug 20 15:59:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449819 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 69376C4338F for ; Fri, 20 Aug 2021 16:01:22 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 05F7960ED3 for ; Fri, 20 Aug 2021 16:01:22 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 05F7960ED3 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 2015C8D000F; Fri, 20 Aug 2021 12:00:33 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1D6EB8D001B; Fri, 20 Aug 2021 12:00:33 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CF94F8D000F; Fri, 20 Aug 2021 12:00:32 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0206.hostedemail.com [216.40.44.206]) by kanga.kvack.org (Postfix) with ESMTP id B28318D001B for ; Fri, 20 Aug 2021 12:00:32 -0400 (EDT) Received: from smtpin27.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 5AE97184C0758 for ; Fri, 20 Aug 2021 16:00:32 +0000 (UTC) X-FDA: 78495921504.27.54C2BD5 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2066.outbound.protection.outlook.com [40.107.220.66]) by imf08.hostedemail.com (Postfix) with ESMTP id B79E03000248 for ; Fri, 20 Aug 2021 16:00:31 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ibd2WDtCRT+pfBCk0XCtpTW81JXyCSfdLfuxPaU5/ootYRkdj4yGfbEl3nRBc9AMs7nmfsKidoo440FSDBVbs28dDmlfyTEIGzgo9tC390b27Tuyne8OYccyFq1ULtSU2mAlem1HBkXXZtXZQC3j+m0bq2tlmR2XpnQyfz551fsMZ94vUAEd7DtxclTSCgRgvYGL/NFfNGeKXWEm75bHFqVqWC2gjmEQtrCf4NQNBKM/xAsgPFJ1AiOZYq/ggsKFNFdzOe8CjIGGETXSUcRFaXDT+L190pyh1w9puoMVErKfWz1KebW1XQcwq1z0cmWnwlF6Jo7/FzAxJeU4cM+viA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=S1kExqUKrSBpmRMqIbVKR/f0u79+2cblIBKLs+KKFWs=; b=eU6gm817DPJqb/uBCCxr4NuygDD+MdMs0sOoaCuJSN4Pm76fJj2sICEMGCxZFN93gkM3tO8dT2neZnDVJxYEUWzug6CIhUmqVrVvAhJ5JJ2L6EtkflsfOo6TugSBkrd4xcAv0vBHJrVWZiWz/aMyATh4ujEkBArlpSkq5pTNiq+liadAgSgK+G2tQzlQPAHtvJunItjczn3GnZVh8d4hDTwpDB0ghxSAVP5tk7BKxp4YyG8jdM/bwD+swBgS1w7Q3T+yM7RsVKma8ej8FsRxXG5xC3+Q2hqmwYPQ9LSOejw1QKPkgcmPxIxBYdJ22fhCIeAnNPyntLnl1g20tM7syA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=S1kExqUKrSBpmRMqIbVKR/f0u79+2cblIBKLs+KKFWs=; b=3xrKVqIoHptjdd6ooTFsRWN3izP3gFyVMYz1OkuckoUDhOxHJKeqciEDWhanpwYemPrHIyqe6L9yAgaujfq/zLwegQAQC2BvcyHr8dx5qaFpAGfxdNk3SY6Y0Uxyyuxt36xCWq2pGJhbLXP6CnjpISzbCyoeyChcSsuO64bNknU= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2685.namprd12.prod.outlook.com (2603:10b6:805:67::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.21; Fri, 20 Aug 2021 16:00:29 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:29 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 27/45] KVM: SVM: Add KVM_SEV_SNP_LAUNCH_FINISH command Date: Fri, 20 Aug 2021 10:59:00 -0500 Message-Id: <20210820155918.7518-28-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:27 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 5b0e8582-e614-4873-a3a4-08d963f3a162 X-MS-TrafficTypeDiagnostic: SN6PR12MB2685: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: SD1UmCO5HHk0PW88odzlT2bdDqmodqHG9p6ecXxxvtxwdHmQ3KyPt0Hp1FjTk1eMVxVDFBK7l5lPh8AHTKQqyPlomLCQ0/heDfBg9zEU4Up53mxdNx8jV11t7dth08cWhdPfYeiSTZEuYo7SlKjQgIjOZjWKNAwCRZ2+b8X7uWi2A24mnD9Pi4+hBp6WdT2sQbQfjAZSyEZdXPMNtHWIfK7BmqucFF2GkLBcGHizSkX1s5//Lj26DH9yHoYb7R0pA5BSRraOBGCM31GazcKzrMCVBw7jieszpXz0/5yP93PQ4gsMVRRgumVYAMEpABJot+jWdojBlFkAsMRDVJbVXAAz6UhoCSvvUpasiJ5KP3aOXLx7flRayAs8yTsCTPlSP4vfKw5DZVXpwwEFnK4HFHATM04m0pNYTxmGZPuixL7nt8TKNWX/V3JE5g4bgGnx//CY10igUbYhqe0oiZos3jtGIHq0nHf3P64EAcS+bbkZp1uShzMi9UgQt/3X3yeJ8AEf0p1tPb/FmahHrJ/LQhqS+20Rs4UjV1NjYiCLjOADnMRj8TDwPtxb1Xluk1tNt2amRmMzU5pkuGqP5N3HIWSqgAhPM+OsGFI4ft0yBq85hEBBT/v+0ftBEh01OPu0pIhTQW0RinJeJwP2FRkWofuCFxOhD7SyDe2dCFghC1ExPkMdVMI6BfZSsOdukmJs X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(136003)(396003)(376002)(346002)(366004)(956004)(186003)(44832011)(2616005)(26005)(83380400001)(66946007)(52116002)(66556008)(66476007)(7696005)(7406005)(6666004)(7416002)(1076003)(2906002)(478600001)(36756003)(316002)(54906003)(8676002)(8936002)(5660300002)(6486002)(38350700002)(4326008)(38100700002)(86362001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: fopCZQghCp/c0lUhyI2NXxEQhM6z+bWiWgsuND83dvsY1F9/D8XiFtk2tL2mR9PVU6kF3kZHLscrTubwv3XH/cwhxkvasL8jvrksCKFeXjAHw5NNNSphunpJzd0EGuGTvDZL0A31C7bipfMy8+UzeBFKc2C8RkEqKxk/JTFLOTTDlXlFlIW0KZJwY3epYlKJxsqYv7DnfbRXblGzsN0Bxle4FiMvc+85unNVNSYzoiIV9yqKIZDPRa6pVutAy9VoZ8m1Rlfl1KFu2mWRE0fsP2iyF1S8IW+SC1uGsijr8qyAB7g2Dj4c8r25GxMulDtPt0RcT3Jq56D7ZO5QFlTf/YvmtmyHrNBXv/kTOh3sxCEVTfSl7heRQI+PTtE1iwKEDD2LR6zdNL9c6PB2GjKjAiARzrWiRxNPKEG+ZToa8jdpoZ2rKKKrHkJIYAWnTg78bo9vNQFg9YWVLr0aWkV4ACE+qWDuGhY7Svdku88FtVyzJh9BhYwPqzfqTp0IyZU4J46oW0xVGOzZ1Fol6lsFlSzhPl+FDzYsXOSCXB6himPKltk793Zs/C/dpH18rtjkv0g5GOeUaMwysruU7UmR/I8nh99Uyg+v9ld2XF1uuxBoIas+I0d3gRs1Wvyo/vHB5P1+WjVB9TEgJf0ZMhoWOwr24KAW0joglzo6z5Q03QrHSI7XPgAQh66mubeFNfvRQf4mtlYrqNFtb5YpFB7SoPKkdGaKYrmOuiW2QaIoLlV+vzirweeD5+qQ+gz8NQ85BwdxNutCrgekOtuK3jZDkHRAcKJMn48QLhQMzZeJohxsMOXYzFW7wYdxhydDMgf3g8fMrgAM1Y6fsbyf4vJvzXGlmNmjmpDsFX58LQW8RHhB+RJAOH25YPLMGFnxRw1KeMcaMaG3k4TGG5zgB+xQE2rl82Ubx/SnQXZggQIhY1P5ZzF2brz2SKIQqXuqSo/fHCZ9LZJTBejVnjJHlBpabSjVys8RWmlbNxEv5yJsA36AhZv5WnzTxDCdEslv9I2pP7mnC5Mai7QOc9Ouuh8eZU8U1EmRjvX2TJ35HmYOoUO3Na2HaQXOO6+gP/LUy5Tbs09EgluTaJNYt5sAu3mmaXcGOEY4cz8cSHcHXA8yMqw0pCFVnaxOPj6OinyKKvB9SUuF3mUIS59GlokUh8LDYFH3zq0AVj/Cbr4H4U0Z0yhu7ri7Rdbmzv5uiY1OB87nGRc7XTUiesk2Tezn+OKLv59jyGtZ04Pk4G93nhS2NpC1RCE2f4g1ZMFTvYpuJ9i0O1RgPaBEMMZRmAYOucTM9kqwOwyOYJM+YPUNgXsNs9b8znPXm3dU9otHLoDSRjwg X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5b0e8582-e614-4873-a3a4-08d963f3a162 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:28.7613 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 4aygKcmDRNQOjsbvf164n05L0Z24LSvo2HQMNjq3ogRizTc+xRpNCRAz3TczKmCuAAwLAWzvTY7/Gytops2ruw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2685 X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: B79E03000248 X-Stat-Signature: 5dg75rxee4e8ark87jepztfw8ppc6j5i Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=3xrKVqIo; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf08.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.220.66 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-HE-Tag: 1629475231-79803 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The KVM_SEV_SNP_LAUNCH_FINISH finalize the cryptographic digest and stores it as the measurement of the guest at launch. While finalizing the launch flow, it also issues the LAUNCH_UPDATE command to encrypt the VMSA pages. Signed-off-by: Brijesh Singh --- .../virt/kvm/amd-memory-encryption.rst | 22 ++++ arch/x86/kvm/svm/sev.c | 116 ++++++++++++++++++ include/uapi/linux/kvm.h | 14 +++ 3 files changed, 152 insertions(+) diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst index ddcd94e9ffed..c7332e0e0baa 100644 --- a/Documentation/virt/kvm/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/amd-memory-encryption.rst @@ -506,6 +506,28 @@ Returns: 0 on success, -negative on error See the SEV-SNP spec for further details on how to build the VMPL permission mask and page type. +21. KVM_SNP_LAUNCH_FINISH +------------------------- + +After completion of the SNP guest launch flow, the KVM_SNP_LAUNCH_FINISH command can be +issued to make the guest ready for the execution. + +Parameters (in): struct kvm_sev_snp_launch_finish + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_snp_launch_finish { + __u64 id_block_uaddr; + __u64 id_auth_uaddr; + __u8 id_block_en; + __u8 auth_key_en; + __u8 host_data[32]; + }; + + +See SEV-SNP specification for further details on launch finish input parameters. References ========== diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index dcef0ae5f8e4..248096a5c307 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1813,6 +1813,106 @@ static int snp_launch_update(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int snp_launch_update_vmsa(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_snp_launch_update data = {}; + int i, ret; + + data.gctx_paddr = __psp_pa(sev->snp_context); + data.page_type = SNP_PAGE_TYPE_VMSA; + + for (i = 0; i < kvm->created_vcpus; i++) { + struct vcpu_svm *svm = to_svm(kvm->vcpus[i]); + u64 pfn = __pa(svm->vmsa) >> PAGE_SHIFT; + + /* Perform some pre-encryption checks against the VMSA */ + ret = sev_es_sync_vmsa(svm); + if (ret) + return ret; + + /* Transition the VMSA page to a firmware state. */ + ret = rmp_make_private(pfn, -1, PG_LEVEL_4K, sev->asid, true); + if (ret) + return ret; + + /* Issue the SNP command to encrypt the VMSA */ + data.address = __sme_pa(svm->vmsa); + ret = __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_LAUNCH_UPDATE, + &data, &argp->error); + if (ret) { + snp_page_reclaim(pfn); + return ret; + } + + svm->vcpu.arch.guest_state_protected = true; + } + + return 0; +} + +static int snp_launch_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_snp_launch_finish *data; + void *id_block = NULL, *id_auth = NULL; + struct kvm_sev_snp_launch_finish params; + int ret; + + if (!sev_snp_guest(kvm)) + return -ENOTTY; + + if (!sev->snp_context) + return -EINVAL; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, sizeof(params))) + return -EFAULT; + + /* Measure all vCPUs using LAUNCH_UPDATE before we finalize the launch flow. */ + ret = snp_launch_update_vmsa(kvm, argp); + if (ret) + return ret; + + data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT); + if (!data) + return -ENOMEM; + + if (params.id_block_en) { + id_block = psp_copy_user_blob(params.id_block_uaddr, KVM_SEV_SNP_ID_BLOCK_SIZE); + if (IS_ERR(id_block)) { + ret = PTR_ERR(id_block); + goto e_free; + } + + data->id_block_en = 1; + data->id_block_paddr = __sme_pa(id_block); + } + + if (params.auth_key_en) { + id_auth = psp_copy_user_blob(params.id_auth_uaddr, KVM_SEV_SNP_ID_AUTH_SIZE); + if (IS_ERR(id_auth)) { + ret = PTR_ERR(id_auth); + goto e_free_id_block; + } + + data->auth_key_en = 1; + data->id_auth_paddr = __sme_pa(id_auth); + } + + data->gctx_paddr = __psp_pa(sev->snp_context); + ret = sev_issue_cmd(kvm, SEV_CMD_SNP_LAUNCH_FINISH, data, &argp->error); + + kfree(id_auth); + +e_free_id_block: + kfree(id_block); + +e_free: + kfree(data); + + return ret; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -1908,6 +2008,9 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_SNP_LAUNCH_UPDATE: r = snp_launch_update(kvm, &sev_cmd); break; + case KVM_SEV_SNP_LAUNCH_FINISH: + r = snp_launch_finish(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; @@ -2364,16 +2467,29 @@ static void sev_flush_guest_memory(struct vcpu_svm *svm, void *va, void sev_free_vcpu(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm; + u64 pfn; if (!sev_es_guest(vcpu->kvm)) return; svm = to_svm(vcpu); + pfn = __pa(svm->vmsa) >> PAGE_SHIFT; if (vcpu->arch.guest_state_protected) sev_flush_guest_memory(svm, svm->vmsa, PAGE_SIZE); + + /* + * If its an SNP guest, then VMSA was added in the RMP entry as + * a guest owned page. Transition the page to hyperivosr state + * before releasing it back to the system. + */ + if (sev_snp_guest(vcpu->kvm) && + host_rmp_make_shared(pfn, PG_LEVEL_4K, false)) + goto skip_vmsa_free; + __free_page(virt_to_page(svm->vmsa)); +skip_vmsa_free: if (svm->ghcb_sa_free) kfree(svm->ghcb_sa); } diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 0681be4bdfdf..ab9b1c82b0ee 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1716,6 +1716,7 @@ enum sev_cmd_id { KVM_SEV_SNP_INIT, KVM_SEV_SNP_LAUNCH_START, KVM_SEV_SNP_LAUNCH_UPDATE, + KVM_SEV_SNP_LAUNCH_FINISH, KVM_SEV_NR_MAX, }; @@ -1850,6 +1851,19 @@ struct kvm_sev_snp_launch_update { __u8 vmpl1_perms; }; +#define KVM_SEV_SNP_ID_BLOCK_SIZE 96 +#define KVM_SEV_SNP_ID_AUTH_SIZE 4096 +#define KVM_SEV_SNP_FINISH_DATA_SIZE 32 + +struct kvm_sev_snp_launch_finish { + __u64 id_block_uaddr; + __u64 id_auth_uaddr; + __u8 id_block_en; + __u8 auth_key_en; + __u8 host_data[KVM_SEV_SNP_FINISH_DATA_SIZE]; + __u8 pad[6]; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Fri Aug 20 15:59:01 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449833 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1C727C4320E for ; Fri, 20 Aug 2021 16:01:46 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id BDA4E61221 for ; Fri, 20 Aug 2021 16:01:45 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org BDA4E61221 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 533A38D001B; Fri, 20 Aug 2021 12:01:05 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 509F88D0002; Fri, 20 Aug 2021 12:01:05 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3385F8D001B; Fri, 20 Aug 2021 12:01:05 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0059.hostedemail.com [216.40.44.59]) by kanga.kvack.org (Postfix) with ESMTP id 11BB68D0002 for ; Fri, 20 Aug 2021 12:01:05 -0400 (EDT) Received: from smtpin14.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id BA52680DD976 for ; Fri, 20 Aug 2021 16:01:04 +0000 (UTC) X-FDA: 78495922848.14.5CE3E4B Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam08on2071.outbound.protection.outlook.com [40.107.100.71]) by imf25.hostedemail.com (Postfix) with ESMTP id 21020B000182 for ; Fri, 20 Aug 2021 16:01:04 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HC6aPrrb3JyPu7irSddVzRFkeW50Z/sQ61pU6iQcpHfLfNmTepBEon8Gz0UCZenxk0ng9ox3Ytuxgcnfj+bwQf4nmBUt0TCXe65A9P97daO/FO0Y6pgXOtXnnsTNuTE6Ism/JJ9fjrnaWzACfFi6HS+T3tvnhNmXoK7mFmCdJBtp2kUnZUEePc41RcABZsYW2KTgmphBGTasFbSPWEIeGnJ4HiIslVjx+ZtrSjB2JvCy1Vu00DEWZHIG+hEW2sWLlXFhqgJRu/PQfbYLTFufwCs60lkQAVh4VrnpIjZn44+RLvyVck+nLeGQIvaBf7pN6BEZLBgVMe1MpcXHEAAxiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=c0LA2fTvBV5lJO5cJhgyEBV8r+bvc0RhNYF71X66yHg=; b=Vee6dkotNpr2jSGBpssCDs3mpfJjyEuPLrbjH3TSJCbu8wSixU1tBVFaQtl8LvkbrDkZp5yzez+HVY1Wf0h8MtRqUoFveM9RqRkPfCL6IhxYQYcD2HBtKUz5n53yOTFXvH1rhwLzoQQYDMTY0EYyhwI5LUrda5QKWml0GcobaTZm8egBA4NLT3SXdEkrUxP1ap1eiuh+frHOmcCOHvx6EXh3LkWRIvBmNjeEmE1eCjJzv2xGAzQpKa0e6Tbv1pBk7S/Yg4l7cHUI200g57Txp/w9V7hbHHdVkL3jIpEocuXAX9+9hSU/WJvdxY4MJud0OehIkNybM565koC18pLc/w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=c0LA2fTvBV5lJO5cJhgyEBV8r+bvc0RhNYF71X66yHg=; b=BTHD4UDbk48YfG8TQ8PQ4mvMZmtJRp8UJJq2FDkrHFYR+jp9w4+IKLRZyInqzLLt79uHQKYfZAvXV31eLyugV8fh2G7WloAqFPrx+7JyMMX4Q2QYJKFt/NN9hd+50e4YojKXxQSgXYH/7UG3NjtDGuSipRr59XxygmmzUqDIKKI= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:00:30 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:30 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 28/45] KVM: X86: Keep the NPT and RMP page level in sync Date: Fri, 20 Aug 2021 10:59:01 -0500 Message-Id: <20210820155918.7518-29-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:28 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 256706e5-aa1d-4430-fa36-08d963f3a21e X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: iyl7F6iwQsklCSPA1agI5pZFelWgRk97icHaaU3TJqCyemDhZf1/8/3tD7LRUG1ZsNUESIuUVXjRlbRqu71rJU8D7s13CmzFW4uWWFAdKdujXe1ckWr+qq/Tno77h4rm3QVbc4LShj81Gepxtzf5sxKjb77n9exjYWSw8SZNDSRXiiU8/1PKT27krXUyhEzdXSbsGwA7k1UDMrYAvmLKz40IVDR5V/JjCbRYLknUCFov2pe1BsUlgMEhVCTM+X6sZPUCuF2UPd4Tg7A9lOJraEOTeQIjQhms0nlLZsGkzVQpMJN/SdqOL/ZFeXF2VS+nyLyL29DB2YdpYK5r827tc2ojPk1RWuGQw7d4LW9t7q6yo5SI6753IqAwh5QKqTTI4cdGA/OIPLQoN5AHUQr/O1UPzP9oGhC2IcytQBsLHq66yjMkxIaMqljREFnLnexriS6n9bYkCijlY3qfYKhow6d2Iy5Krm1GA1N0kekG+Xh0gCUyVyuZUMPIRKyF8j7AeOyub+xtQ9EB2uguaUH0D+9r+Yf2LAFUqbdHvLRuK7NecC0qfG7rsN8gjIgrGZ6qTwj+s1vcB+hvnUvVq7U7w6O8YQGmMkB9vNYJRahXNBMApQcM3uMQvMqiYulqpN7OfnYhbdkqf9uQmX/nD+2j5Flg8o5TIPAdLbzLY4qRh4JiV+0kDfoD3J2b9/TodyaC X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(39860400002)(396003)(366004)(346002)(136003)(5660300002)(6666004)(52116002)(66946007)(44832011)(36756003)(7416002)(66476007)(7406005)(6486002)(956004)(8936002)(316002)(2906002)(186003)(4326008)(478600001)(86362001)(26005)(54906003)(38100700002)(38350700002)(7696005)(1076003)(8676002)(83380400001)(2616005)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 8kHMEeO7hWpbyTpKgazKpKSOBTz65M5gvf5YOJZyzpaMdh42SNWhQFqniW9PWrjfUShEO68wJalOKfYf714obe0dlqhEAWgae88R5oxapyZGozuqvZaD0khTVIlYaDgdBUaxqSqR3Kls888/pqAFrYfxIwGQsT6lASYZYN2/ngzHZvRfwiuIPe72FNDB8V7zQO3oL0WvFpIejKWgCU6ZGXoA3obRx114qFnRWmuM81bd9fLjNPOjjDOHBTcYSK4B8XLnwQCpjSXYIjTcGQwLMjvwMSXoW0vqTJ7hu0CtGblDNdb8wsP4pxOR19OpyBGEPRUgDMjNyGH2dX8xbj/FrxYp6dACGzAChkjg1aLXlEohn7kpq74o1WskO7uFd24KP5FmvHbv6roMuacEyCjz28wKTzNMAGTRkHA3fR0ZphGaKbxCn6URSYIqhm5OA5OerJjv74Qq0WQjA1a/klolrbT/UPug2L8OhzrcbSyrSG4Pk2hgZgcmT/OXda4zwPnT6SR8L1h4oxeOCPAFMM12bTJDsh8fxp8JyvzepP6NOy8jWr08M2bXkgxHZntK+mcz9dZvvZfl1IHcXjMuCjqhKY6rj0aQw0Z7vDhoP6rhtsIgTXhVHpsJ6y3Xlv5aHCpVuik1Xayi9yIttKWYmQiHVyTuvy21gaNKV/clhWuQmEzw03BhEUae4KjpGIq4vowY2ehc6WjYmEDAQujjvJFA3yE2rc0trJ6IvA3zzVxOFmYThJDmB1ZTmN1zCL3NuYcU5zftzymD461NegZ7quU8d2HQfoc6ixx8oPkAQDlx9J8KIRPFNel5ywfiJ11SJ3eQFZTKgFYJGkvyN45oto+jMRsSROE+whSJQ7Z6B1b8EXSrYzBl7BhVGU6ud7g4NusPwyxKhR9r2e5q+NPi5A8v9cvsLxSINu6NFXnPV1p4Z6HgzZVRy/xA5nHj8XtK3NCR234Uvk3fd7iecvtanCObMEgpDco9V9mERU5QmYM7m09/QD3AtDgKZauIrHrli/yKtjqRxync1QXvtA9uuCneiy8KzmzrRc1mmuNqn/Ze/+dQ5g0s+sppSCVk2CsTOz9Tq8O2kspUwDGILFbIXBZPVEdkov3z31zTYUS/pjjqE5qKktGCrUhx3aD36yZ59Hy4JkleM2l7lZ6PAgB/Mnk8K2vBEu6hj5syXq2HzoO1HB+jwEalUhlhE9UucUARsyI19AK3B8npchpNi/4JHxthPkDUupbT97NemgQvTupWCBMTDUANbdKwbn+mNHjyN97kHcteYZ7b2wIVk+zCcYF6+AxShoN0ctMVVQw24E+PXvSLo0y1XVMJZT0hfWNp9gtc X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 256706e5-aa1d-4430-fa36-08d963f3a21e X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:29.9406 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 7zqA5MZ2dJF38A1IPTll5+Z7WE9LnsdF7zr2CqfvOUpzH8+zHt8dt9uxUcY2eMV+3JFBq1uBGIqzG7yg8eVwjw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 X-Rspamd-Queue-Id: 21020B000182 Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=BTHD4UDb; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf25.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.100.71 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Rspamd-Server: rspam04 X-Stat-Signature: j9qsrpsiin8cir9jrkwc9mbei3eh75rf X-HE-Tag: 1629475264-669171 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: When running an SEV-SNP VM, the sPA used to index the RMP entry is obtained through the NPT translation (gva->gpa->spa). The NPT page level is checked against the page level programmed in the RMP entry. If the page level does not match, then it will cause a nested page fault with the RMP bit set to indicate the RMP violation. Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/mmu/mmu.c | 5 ++++ arch/x86/kvm/svm/sev.c | 46 ++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 1 + arch/x86/kvm/svm/svm.h | 1 + 6 files changed, 56 insertions(+) diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h index 36a9c23a4b27..371756c7f8f4 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -123,6 +123,7 @@ KVM_X86_OP_NULL(migrate_timers) KVM_X86_OP(msr_filter_changed) KVM_X86_OP_NULL(complete_emulated_msr) KVM_X86_OP(alloc_apic_backing_page) +KVM_X86_OP_NULL(rmp_page_level_adjust) #undef KVM_X86_OP #undef KVM_X86_OP_NULL diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 5ad6255ff5d5..109e80167f11 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1453,7 +1453,9 @@ struct kvm_x86_ops { int (*complete_emulated_msr)(struct kvm_vcpu *vcpu, int err); void (*vcpu_deliver_sipi_vector)(struct kvm_vcpu *vcpu, u8 vector); + void *(*alloc_apic_backing_page)(struct kvm_vcpu *vcpu); + void (*rmp_page_level_adjust)(struct kvm *kvm, kvm_pfn_t pfn, int *level); }; struct kvm_x86_nested_ops { diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 66f7f5bc3482..f9aaf6e1e51e 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -43,6 +43,7 @@ #include #include #include +#include #include #include @@ -2818,6 +2819,10 @@ static int host_pfn_mapping_level(struct kvm *kvm, gfn_t gfn, kvm_pfn_t pfn, if (unlikely(!pte)) return PG_LEVEL_4K; + /* Adjust the page level based on the SEV-SNP RMP page level. */ + if (kvm_x86_ops.rmp_page_level_adjust) + static_call(kvm_x86_rmp_page_level_adjust)(kvm, pfn, &level); + return level; } diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 248096a5c307..2ad186d7e7b0 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3231,3 +3231,49 @@ struct page *snp_safe_alloc_page(struct kvm_vcpu *vcpu) return pfn_to_page(pfn); } + +static bool is_pfn_range_shared(kvm_pfn_t start, kvm_pfn_t end) +{ + int level; + + while (end > start) { + if (snp_lookup_rmpentry(start, &level) != 0) + return false; + start++; + } + + return true; +} + +void sev_rmp_page_level_adjust(struct kvm *kvm, kvm_pfn_t pfn, int *level) +{ + int rmp_level, assigned; + + if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + return; + + assigned = snp_lookup_rmpentry(pfn, &rmp_level); + if (unlikely(assigned < 0)) + return; + + if (!assigned) { + /* + * If all the pages are shared then no need to keep the RMP + * and NPT in sync. + */ + pfn = pfn & ~(PTRS_PER_PMD - 1); + if (is_pfn_range_shared(pfn, pfn + PTRS_PER_PMD)) + return; + } + + /* + * The hardware installs 2MB TLB entries to access to 1GB pages, + * therefore allow NPT to use 1GB pages when pfn was added as 2MB + * in the RMP table. + */ + if (rmp_level == PG_LEVEL_2M && (*level == PG_LEVEL_1G)) + return; + + /* Adjust the level to keep the NPT and RMP in sync */ + *level = min_t(size_t, *level, rmp_level); +} diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 058eea8353c9..0c8510ad63f1 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4679,6 +4679,7 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .vcpu_deliver_sipi_vector = svm_vcpu_deliver_sipi_vector, .alloc_apic_backing_page = svm_alloc_apic_backing_page, + .rmp_page_level_adjust = sev_rmp_page_level_adjust, }; static struct kvm_x86_init_ops svm_init_ops __initdata = { diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 85417c44812d..27c0c7b265b8 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -589,6 +589,7 @@ void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector); void sev_es_prepare_guest_switch(struct vcpu_svm *svm, unsigned int cpu); void sev_es_unmap_ghcb(struct vcpu_svm *svm); struct page *snp_safe_alloc_page(struct kvm_vcpu *vcpu); +void sev_rmp_page_level_adjust(struct kvm *kvm, kvm_pfn_t pfn, int *level); /* vmenter.S */ From patchwork Fri Aug 20 15:59:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449823 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.9 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,UNWANTED_LANGUAGE_BODY,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DE348C432BE for ; Fri, 20 Aug 2021 16:01:28 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 8E6F861261 for ; Fri, 20 Aug 2021 16:01:28 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 8E6F861261 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 225EA8D001E; Fri, 20 Aug 2021 12:00:34 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1D7498D001B; Fri, 20 Aug 2021 12:00:34 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F1C828D001E; Fri, 20 Aug 2021 12:00:33 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0076.hostedemail.com [216.40.44.76]) by kanga.kvack.org (Postfix) with ESMTP id D4C5F8D001B for ; Fri, 20 Aug 2021 12:00:33 -0400 (EDT) Received: from smtpin06.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 8AD5F180DC69D for ; Fri, 20 Aug 2021 16:00:33 +0000 (UTC) X-FDA: 78495921546.06.261A267 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2051.outbound.protection.outlook.com [40.107.220.51]) by imf03.hostedemail.com (Postfix) with ESMTP id 158EF30000AB for ; Fri, 20 Aug 2021 16:00:33 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bI8vRySsxJBhFDn7y4R4lHOWXV/x4+it1C4NgwIGMXSGEnr8X18pntHFaphumfTJTkC9zH8L/XSTg6y8rk8DK65oyLVPNaZPL35WvmoOXRZO3aKdSUEZRuYzWXqRRMAmqTdfpeR951gvyTrur8mv79zmxnaUDy8GdgYltqzcuHMeABAfWQnGsRk3LI6rLqprZehfOnnBJRBms5lw2kfeGahmuaVeraFpywMqenYHvogltTr+HzMSOxJIb6XsucX2x6JJnhpy6GBQOd+WR/DLf0EKKYUG2KSuKjNJWPxv3Krm/IjK7Aw/+akFpWVR3B9UE9tFiXnTMJ2Ex1dulFwjEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Jm4K16BACsEOPk7/e6IatfOFpVEUQZsSmG7us2qKtHo=; b=mCABOKVjE5Ibh4XJ489xBatBEAkI20oWMh/SvsNY581/eMfNyJyFJfECP1fXMmQuWbt0cParB6dLW5/eZkP7ZYp8UF70NOIvu3zgNg1mw0qy40ScNR59QjdaTkCdm1SOxrRCz0JP6AeALrF5Nbe930vBj44G87wgKEbfYJ4MydQwEusUskkAIgn++4ymw/GbpCjJEBMxx+CROuXv1NE3gHdb36HA5drB0S5Jqq/H5Aw0Ym9vR7C91gJwJeotsJlVVjYYQoQmw1hmQLufcsToJh2UT2wGpcsR6V1QmDGLhWpYxSWMuL1c0v5aqk5dfIH9HZEf6WSLm801V5nvwqmXUA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Jm4K16BACsEOPk7/e6IatfOFpVEUQZsSmG7us2qKtHo=; b=UhaCnaa0br+YE0jLPtsSd2asue4dJRTqK/NCFmJLPrpuKYeVBI+ThQfvWwn8d7uviL27tUzzxU05lSLdjgjlpU8rReoeG6N/LXDJ24qSiskZEJF34oQq22xG3KJbt8Rfn4ip0WbanSVq3Dv0LizSAgxZrcV08d56gbnAlG8t9C0= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4574.namprd12.prod.outlook.com (2603:10b6:806:94::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:00:31 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:31 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Sean Christopherson , Isaku Yamahata , Brijesh Singh Subject: [PATCH Part2 v5 29/45] KVM: x86/mmu: Move 'pfn' variable to caller of direct_page_fault() Date: Fri, 20 Aug 2021 10:59:02 -0500 Message-Id: <20210820155918.7518-30-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:30 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: bcce6a3b-6040-41ec-dc34-08d963f3a2d1 X-MS-TrafficTypeDiagnostic: SA0PR12MB4574: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: M9att/wIobPuR7DMZCp5wjc2+dPxDsq79PFLFu3tPKHQVDqT7HcpkiovzC7ufhPukshDAC0tC7dMnSpji/fOvLrfgAF7mBgoOUAUYTBUXlGmcExlHRnWyDTdHba4TPJlWj6wF8nizQyK3qBKvLC9pQU6LmeMnYyANwM2A3k9e7AZPCNhEM+wUVdsHi/0dctrloCY236I7jMeevi9bZ+wIP1G1tvAGlqkPaypOnCdCSZsA8p0n5GWH+Y6SBRIIeUJ8r3+rgROcQZ4BaF5TSHj5I3woLem9xgWkykf40lZ7KWCK07fBJ8a4sLOGqgxr72mJ+3mzw/qO64Ae0NhojP/2w5qrLpxjErCutJingRIK6ZuFy0DYv2Msvuva/WGelb5LFQMRfVi/pwQbCGKqIzD3ua5nAFHaQQEXNJ5146D+/Xshe+ldwa5SYxC42GwXZm7dGAbO9wjS/DpminESaKaIbj2jtuD1tLLGtAYn0bauXCT9cV5c8temRGP95zXHTrOECczBrF6dWxlBmvqFBJvxU9y9b8DLdpkq7JqwUJQy8ffRaeVbOfLqVhChTMVQjZfvjrE09+OxhpmGQrSskN1l6MqnuqAzJFWqgGfywqnqK2LPJqGA0gyrHKDzCOvqXzX5lEbLDSL4Tfen60WpKUC8IhIeq3sB+RiPh7WcO3OQ5rlKLG9RrIQ3mBGsEWOKjpW X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(376002)(396003)(346002)(366004)(39860400002)(1076003)(38100700002)(316002)(38350700002)(5660300002)(26005)(44832011)(4326008)(66556008)(54906003)(7416002)(7406005)(8676002)(66476007)(86362001)(66946007)(6666004)(2616005)(956004)(8936002)(2906002)(36756003)(83380400001)(478600001)(6486002)(7696005)(52116002)(186003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: cIGayO6VQWZMGOSwyEpX5qYlxiBNC/LsUkdz+oa5sbNJQQIBXLl1vvAUxVE9S1VamTYxHf/4GUOLZ6lGbjxs8WajPWcwR6sFyEbpI4QP34FBrAJ/1eF1wgiv+wZBDFv4Q0qRA1IT5Mtd7lm2lw2CIkhRMD94t9qS70fNEOWjUBi6x8+B8vpYr5VBQxtQmHgnC5+DswhvUXzVkZOXzj6f1zA6zM78JDfF1KOlPCYBU2X+ZQmOSvKxO6TNPw/IE4w+brZOmWeSTaYGRBq4iFvrVx0r5YTgljbW0yCMFHJFh4R+6jg2SUWXtONGXMD+i8uRBHaWSAR8dILohqkDT4cBbMJ2KIBGGDmwJTiOY2LLppss22vbTYU2lK0e7bx1YwfuIZXboLHrNh2ZUrOdwjAmOf2eOwWBbjeZj+4qSVdqezlA3F4OzR0hWS2j5JmplpwAj/tw4EgaCVj07fz5g4+WYmd2Qw9wcj877K5vD1JTuEysc9x8iVCwFsi5hESMby+XHI0d2/nc22LBz9n/+sboQ9plQuYt8jKnvWp4EHXubUmO4wtfC8VAjophWEpru040gZo5B/MxEpf0LStFchsmooLiCeMXFS85qSgriWM8PvfhcgXaTCNXQFp7JfCBqfqOD3CpHZLYRvR+AO9EBM1O+bHNeACWoZbVEhQMarL4OMFtqXIRkVC4xhfVKsvGRtVOZL9+8PK1cUPbCi2eIX/hWefa2aSaqc+q/ty6l95twcrDlo/yTcc4OpKcGkPNBYZqvTnHqiRejJxury3qFBSKOAzO0ibS/OMIFisIfw1QY1bjDOcubK+kxgYJdaplGGnQVj0cx2o8Brdztu8bPjVjj+4/Bt3j3TczQXVr6eUMMxKUhJ89fOQ1jva3qks5RsknW8rtHbS94wTQX06B4y+i3SH8SWrVGRsTXKRhxGRdR6awl2GR4YsNvWpNAVTQ6peKAvxviyFxlOee7fqVshzEjnZg+Kl9ZIGaXu/4vtIOzCy7+azP5AafAiHUznmxwN/kKeSWLvj/8ZXm2p244d1sfxnccUGVqCBroYW54dT4R+BsTeObbfAgFBC83GqRoKZdbURZXCPxhha60c2FNee4WH03U7I5swzOo9UgLhNBf4+9Uts3NftkRmz18TSlQqtF72Dxw2QbI+kw9woTIz9F9S/aqxTNANN6arMYmbM+Nxv6SkDWvXp06UQWBrv44hFtoHJe5wZDQ4/nn8iP1owD/JgzHA4mk2TM/StlIbld3cGn4iF1XlMQS3XMOFTMMkgSOnWXbND9spc+YGrkindCq2PJXH7Vf0dyvO9kwRT2g4UT6bWhjgmPsB4Fqacoj2pv X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: bcce6a3b-6040-41ec-dc34-08d963f3a2d1 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:31.1349 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: trFu30FXbzrDJcFnyVcV320V8F4Hd0w0VWgyD4CfuopFLhhbv0GmPQgZRiIK+lzKTTo9cScAQztgHcJakPK0Vw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4574 Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=UhaCnaa0; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf03.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.220.51 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Stat-Signature: ci3i5smpytoamrxp4tcstp6jmbomot3m X-Rspamd-Queue-Id: 158EF30000AB X-Rspamd-Server: rspam01 X-HE-Tag: 1629475233-603072 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Sean Christopherson When adding pages prior to boot, TDX will need the resulting host pfn so that it can be passed to TDADDPAGE (TDX-SEAM always works with physical addresses as it has its own page tables). Start plumbing pfn back up the page fault stack. Signed-off-by: Sean Christopherson Signed-off-by: Isaku Yamahata Signed-off-by: Brijesh Singh --- arch/x86/kvm/mmu/mmu.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index f9aaf6e1e51e..5cbcbedcaaa6 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -3818,7 +3818,8 @@ static bool try_async_pf(struct kvm_vcpu *vcpu, bool prefault, gfn_t gfn, } static int direct_page_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u32 error_code, - bool prefault, int max_level, bool is_tdp) + bool prefault, int max_level, bool is_tdp, + kvm_pfn_t *pfn) { bool is_tdp_mmu_fault = is_tdp_mmu(vcpu->arch.mmu); bool write = error_code & PFERR_WRITE_MASK; @@ -3826,7 +3827,6 @@ static int direct_page_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u32 error_code, gfn_t gfn = gpa >> PAGE_SHIFT; unsigned long mmu_seq; - kvm_pfn_t pfn; hva_t hva; int r; @@ -3846,11 +3846,11 @@ static int direct_page_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u32 error_code, mmu_seq = vcpu->kvm->mmu_notifier_seq; smp_rmb(); - if (try_async_pf(vcpu, prefault, gfn, gpa, &pfn, &hva, + if (try_async_pf(vcpu, prefault, gfn, gpa, pfn, &hva, write, &map_writable)) return RET_PF_RETRY; - if (handle_abnormal_pfn(vcpu, is_tdp ? 0 : gpa, gfn, pfn, ACC_ALL, &r)) + if (handle_abnormal_pfn(vcpu, is_tdp ? 0 : gpa, gfn, *pfn, ACC_ALL, &r)) return r; r = RET_PF_RETRY; @@ -3860,7 +3860,8 @@ static int direct_page_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u32 error_code, else write_lock(&vcpu->kvm->mmu_lock); - if (!is_noslot_pfn(pfn) && mmu_notifier_retry_hva(vcpu->kvm, mmu_seq, hva)) + if (!is_noslot_pfn(*pfn) && + mmu_notifier_retry_hva(vcpu->kvm, mmu_seq, hva)) goto out_unlock; r = make_mmu_pages_available(vcpu); if (r) @@ -3868,9 +3869,9 @@ static int direct_page_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u32 error_code, if (is_tdp_mmu_fault) r = kvm_tdp_mmu_map(vcpu, gpa, error_code, map_writable, max_level, - pfn, prefault); + *pfn, prefault); else - r = __direct_map(vcpu, gpa, error_code, map_writable, max_level, pfn, + r = __direct_map(vcpu, gpa, error_code, map_writable, max_level, *pfn, prefault, is_tdp); out_unlock: @@ -3878,18 +3879,20 @@ static int direct_page_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u32 error_code, read_unlock(&vcpu->kvm->mmu_lock); else write_unlock(&vcpu->kvm->mmu_lock); - kvm_release_pfn_clean(pfn); + kvm_release_pfn_clean(*pfn); return r; } static int nonpaging_page_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u32 error_code, bool prefault) { + kvm_pfn_t pfn; + pgprintk("%s: gva %lx error %x\n", __func__, gpa, error_code); /* This path builds a PAE pagetable, we can map 2mb pages at maximum. */ return direct_page_fault(vcpu, gpa & PAGE_MASK, error_code, prefault, - PG_LEVEL_2M, false); + PG_LEVEL_2M, false, &pfn); } int kvm_handle_page_fault(struct kvm_vcpu *vcpu, u64 error_code, @@ -3928,6 +3931,7 @@ EXPORT_SYMBOL_GPL(kvm_handle_page_fault); int kvm_tdp_page_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u32 error_code, bool prefault) { + kvm_pfn_t pfn; int max_level; for (max_level = KVM_MAX_HUGEPAGE_LEVEL; @@ -3941,7 +3945,7 @@ int kvm_tdp_page_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u32 error_code, } return direct_page_fault(vcpu, gpa, error_code, prefault, - max_level, true); + max_level, true, &pfn); } static void nonpaging_init_context(struct kvm_mmu *context) From patchwork Fri Aug 20 15:59:03 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449825 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4C869C4338F for ; Fri, 20 Aug 2021 16:01:32 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id F1C5561221 for ; Fri, 20 Aug 2021 16:01:31 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org F1C5561221 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 078DC8D001F; Fri, 20 Aug 2021 12:00:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 001238D001B; Fri, 20 Aug 2021 12:00:35 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DBD598D001F; Fri, 20 Aug 2021 12:00:35 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0007.hostedemail.com [216.40.44.7]) by kanga.kvack.org (Postfix) with ESMTP id BECB28D001B for ; Fri, 20 Aug 2021 12:00:35 -0400 (EDT) Received: from smtpin30.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 77C682BFAE for ; Fri, 20 Aug 2021 16:00:35 +0000 (UTC) X-FDA: 78495921630.30.F5E4083 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2070.outbound.protection.outlook.com [40.107.220.70]) by imf10.hostedemail.com (Postfix) with ESMTP id 0442B6001A98 for ; Fri, 20 Aug 2021 16:00:34 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FjAxHnGTbRuqdIp8z8+3xvWUNgJxMroeaw5EUmoguIkGguPKsVZiwU1bg5M9IRthh18cHpk5ue/aT62w7uFPSE/wDorHnZ8zMNoRDhh7IhdJB3JlFZWIOhJLFB0PuxZ+1Nmlxis/O8Rl+vI+o3tpinl3aQvjGzc6Cwzy/tbHsh29MW/bBqVYSXBn3/esxA3roBRB/uh3F7DLzEwM8W5/DTyoN+EAClLSuyEoKrqKeFnYbZwgyHrv/uJiAh7G5T1MPCFRODW13cNujcVt+qjwugKZEABOs/Eqt++ZRG+iiikxhpLz7078uBoDkkNAe2b+SV33U8mM/TnIZz8nPgI42w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CP94SxoFqNd03EOGlUpc51w62BGvCOVTDriTneq6T60=; b=SYVb7Hgc+n6x4q898sbLmdFrXr0cxkS0ikDB5ZIMBJd7yYaC1GqY2uE1HeV3Tjb7CDzbXk8PuDLizQwgmfW3QH14/D6ea1YYQsh4D9XROm5dt8pTN4iQmDT8mp160c8bRnN40TSUkjIUra6t94E2BLMVz9rO9ccF3iseepvqOSaaN2F0ssLcttJAmJujSPVhUwZ8qW/uWfWzpPAaBIuyJPR0jNdPWB9sRBdkbPDjZadUkCcG+B7lWNOHWeC3gvSvF+5PydeYlQ0MeOmdKqXlXrds5xwS6d7aZRFp1zBTqc/+LBOBSpk0zYtYwGXV/qCKY/HnCskosbBFbmhDSHrCxw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CP94SxoFqNd03EOGlUpc51w62BGvCOVTDriTneq6T60=; b=18DYd1PhqoqETwZqHWw874E5wVC+4XIOFOiUMDv151QhlDCq18AmHkxSTLnZF9HkHYDP7Z0d8Si+ndaMLV+8PZYB2Pjd22ah0a/sWhB1BlHu11jSmBRSe7HY3Rg4ahr+FQUi38LGMcHBCN0hTHoHKk/FxlYG/Sxu5QVr7X6LaOM= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4574.namprd12.prod.outlook.com (2603:10b6:806:94::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:00:32 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:32 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Sean Christopherson , Isaku Yamahata , Brijesh Singh Subject: [PATCH Part2 v5 30/45] KVM: x86/mmu: Introduce kvm_mmu_map_tdp_page() for use by TDX and SNP Date: Fri, 20 Aug 2021 10:59:03 -0500 Message-Id: <20210820155918.7518-31-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:31 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b8dbf6f4-3a72-4302-b926-08d963f3a38f X-MS-TrafficTypeDiagnostic: SA0PR12MB4574: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: nwknKwWUD+Qm7ORkJMQAPR7pB41RMj6/GZZdcc68dB7Dx8QiVGrRMFQi/Wmb7dz6/Eqlp05INYW1UIAjj24ywzhHO0wqiLjCT9cmT+xUETghVQEjYWpONqRJadcyif2iG+MA/GTA47Z7Dh/tnX4+NJJjK74YT8igmyVeWBb9WTgYFJYtgSidrFXibLl2OG7iTByMlLBu+MeQuOL3jIAdUl8R9OEanGm/roU69AU+6N1mW/a4YvL0OY5nEK0DXNi/bO8K6DJJgYsk3beMdimbNA+fRhrS33CyZMvsGsrHYjVHkpFhLm06G4bYoi7xo43nUunlxjJbl/NX6n1Uq58ZJjMUllG1OXEs54aW5W4FwUOOFqQjNz72BFY53DeZwTjPAS/Wlg0qp10zgrpzCsEeyFUr5B5XZIs7rBZk1Y5inkJoKMR1mo+SoXl1o+capy1KNZWibB3XsJkPBTHtpohR31bh4QWYUbdG/TzQ1up0VAAI2+pZmBW1hHzk8R+NUBU42R/IyNTURgv526r/PEkdkh/4Tvw4j7yJ0AoFUapOdpepwubWWfIrQ+cchFZ0YfRPbT9DLfa/At9l82sf+LhEnwP2bwD1w2z98vR5+WS9BSaAli7FpSSErJUJ/OcVWe4UFFOkXhJQh/Qdtg7cLG6bVZZEPAJM79fmELApWYpbjQYUhQ1Vte09iKay13qhBST8 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(376002)(396003)(346002)(366004)(39860400002)(1076003)(38100700002)(316002)(38350700002)(5660300002)(26005)(44832011)(4326008)(66556008)(54906003)(7416002)(7406005)(8676002)(66476007)(86362001)(66946007)(6666004)(2616005)(956004)(8936002)(2906002)(36756003)(83380400001)(478600001)(6486002)(7696005)(52116002)(186003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: gS+QGQgUkGRkpD19SDZu97B+ec7ahnWTmr07kZBdmXfMRMz0d8S5Mp35JmUOLglgcHRY3Adj8pjErDkKvSYzRF7yaL0E6lWEAPb6/RC1e/ju5aZumlGvQiHfNkIfaPxh0iRNJkAl6ydpXdqg7DIdBdV6mzkaIkcAXXmPbwP60fM+C60ejKON8VuqynrchXWME9HZ5zbsCscj6vk3SXIoWpi1J1R+Nxq3EIB+uyU7qmVUJ33tj9mexDg4wAMEq9dL3J2ohRfNRSoCPs1o0NNFgAH7OqHpC7xTw0yPq5UR/jpq5rfaJQKcDtWT0E+D/QBACbVJWXYOu0fbI/5yMGxexcws9Ynnp3TU+jio6JMQIs5QSHA1tV0TFXPY6QEy/XdOv95Awz2K3w4ZyTpOQlK/tvfgcLFzvTmwZwbBYDID6IW5rueBGw+FBRkPuNx6VBOn+1hj3GC1oGSlDly+1pGxtlj66RbEc7nTduMy6kKHrcoKYIFmmcUdMILP7V1nSWzk5bvgWg4xRmWDuOrzr/B2APxvl1HOFlAAU+kuo9uCdVB2CiS2cDcXjBhPWJe8umvVSLMnxGw0Stx+O/vMT0LhAibhEZh6tcettXLgio7jlOmAvKhNMuUZUjSOvX9N9ebeCh+5/FhDk16473CApgsl0yzdD7Cy27Yom8wWNSv+VNFXpYgcVXMnbrNFO/V21x5OwYJkefsfky/+0/tngqxDPjLyTM/mc2KgC6p+oVsCLU2pt7NYRm72DZ45d79LnBRWozUTqUme7qj8W7fRDkKM8DBlNDfzl6K+Bj0GV6MmKwHvLh2YrhBCfu8Pn8ES3Z+b4UkBONw0t7WEW/o/K1xJPAbdtnJahnyUd4eyM2SHzGwoJIXG0UHmTMnGF6Zwlkmav1sShkj6ZEy5645oOzwLXqLTRhE2Ot/64840td4qhCELv7RWH+6lt4nhRQ1JeLnaX05TqmqYnuS+RQ8+7jX1nT17DMqxFfPBDTIMNtIxoIwagQNVpslwKJ5H8g9xFsbm9V2wVruxEeZW+bEDWDFbZTzLiHt/zKZAyzW4KzZNfqLu0kAZ7UMpAa+0LkRb2U61oRXYxnM9AkZi6YfNxoi/gu57o7uN8uNDQhFFLyG0Eyfz5LQbhcqsxuZyowkoJrMyHKIOlNCtp/8mrycAU9MQezti8SP2wroprOrfglMIJvo5jUXrcLaaIJb0vkAxm/Dg7lLMaAwIkYXCis67xOm8/Qp+eVgC1jIqMNVdSUjBP46MLOqUwoDnmlby0xDH3w1x+wmt1WDDqOFM1Cdw9r3W4qDEg8n4dUhwmoQ91Yr6ai5bZPq2z38/aRzfbXId96ok X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: b8dbf6f4-3a72-4302-b926-08d963f3a38f X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:32.3812 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: WLGAgpLfZZQ+NkEpiLzARwIpRrD9NjD1WZFmN0pWd/HL/VDuKER6bW1ptPelwIGIAJXMCkquMzmKKC3GdVo+Kg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4574 X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 0442B6001A98 X-Stat-Signature: 1ngg4fxk31xpkaxrwt8sigibqwzhf5sa Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=18DYd1Ph; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf10.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.220.70 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-HE-Tag: 1629475234-932512 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Sean Christopherson Introduce a helper to directly (pun intended) fault-in a TDP page without having to go through the full page fault path. This allows TDX to get the resulting pfn and also allows the RET_PF_* enums to stay in mmu.c where they belong. Signed-off-by: Sean Christopherson Signed-off-by: Isaku Yamahata Signed-off-by: Brijesh Singh --- arch/x86/kvm/mmu.h | 3 +++ arch/x86/kvm/mmu/mmu.c | 25 +++++++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index 83e6c6965f1e..af063188d073 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -127,6 +127,9 @@ static inline int kvm_mmu_do_page_fault(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, return vcpu->arch.mmu->page_fault(vcpu, cr2_or_gpa, err, prefault); } +kvm_pfn_t kvm_mmu_map_tdp_page(struct kvm_vcpu *vcpu, gpa_t gpa, + u32 error_code, int max_level); + /* * Currently, we have two sorts of write-protection, a) the first one * write-protects guest page to sync the guest modification, b) another one is diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 5cbcbedcaaa6..a21e64ec048b 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -3948,6 +3948,31 @@ int kvm_tdp_page_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u32 error_code, max_level, true, &pfn); } +kvm_pfn_t kvm_mmu_map_tdp_page(struct kvm_vcpu *vcpu, gpa_t gpa, + u32 error_code, int max_level) +{ + kvm_pfn_t pfn; + int r; + + if (mmu_topup_memory_caches(vcpu, false)) + return KVM_PFN_ERR_FAULT; + + /* + * Loop on the page fault path to handle the case where an mmu_notifier + * invalidation triggers RET_PF_RETRY. In the normal page fault path, + * KVM needs to resume the guest in case the invalidation changed any + * of the page fault properties, i.e. the gpa or error code. For this + * path, the gpa and error code are fixed by the caller, and the caller + * expects failure if and only if the page fault can't be fixed. + */ + do { + r = direct_page_fault(vcpu, gpa, error_code, false, max_level, + true, &pfn); + } while (r == RET_PF_RETRY && !is_error_noslot_pfn(pfn)); + return pfn; +} +EXPORT_SYMBOL_GPL(kvm_mmu_map_tdp_page); + static void nonpaging_init_context(struct kvm_mmu *context) { context->page_fault = nonpaging_page_fault; From patchwork Fri Aug 20 15:59:04 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449827 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D0D9CC4338F for ; Fri, 20 Aug 2021 16:01:35 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 7E4AD61279 for ; Fri, 20 Aug 2021 16:01:35 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 7E4AD61279 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id E33CE8D0020; Fri, 20 Aug 2021 12:00:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DE4428D001B; Fri, 20 Aug 2021 12:00:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C36648D0020; Fri, 20 Aug 2021 12:00:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0226.hostedemail.com [216.40.44.226]) by kanga.kvack.org (Postfix) with ESMTP id A1AF98D001B for ; Fri, 20 Aug 2021 12:00:36 -0400 (EDT) Received: from smtpin02.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 53E7180607B5 for ; Fri, 20 Aug 2021 16:00:36 +0000 (UTC) X-FDA: 78495921672.02.4B54AC9 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2055.outbound.protection.outlook.com [40.107.237.55]) by imf06.hostedemail.com (Postfix) with ESMTP id DE697801AB25 for ; Fri, 20 Aug 2021 16:00:35 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XYUFuOJjvMncr1EHrqP0Vo3cBubDyAr9ugv0BUVKtdn+JSR6wh5rip71rHCzCSsHnf6IlnEV4xN9NGeZ8F5Lr7X07GBrF+EQ0gusPDQfiA6mSkRZsOpgDOPROpRS8jlx41GdFSNsS2dK+APBbfZNVpJI41ZCFzvTL8uovqvW/B7zJTX8LsDEzKLGzDxVGNRL2UqWqCgl9UmdKI7V9Vt9/EnwsYhNVwaEzrIDrp5iQN172lwErljB3JMGDoEZGCSMh3z0CsQLMXtKMwfJBvnqIPoQ8LSJpgTg2p2sx6tw4iLksBlbqzSUyam+L65ZsOyKY6ejQFgh+zsbJbGVvhJe6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ea5eJngmO5Yeqnd+tUYrFGA2H052zw3MY6v1zatEhIw=; b=TmEN+W0JhQKOt4Kz+0HUbrefGax8Y8w6qNWwCzci1sL1DFG4WDHzwgxOaKURuGc9noZpKIgU/psCg+AfaqriqEoK7NLNm9Cz7ylvYT0WxjbYQ7VYwvOy2T+jQCJzKBxcepRjhClo8Smn07h8CEsz9z23JMwEVSqGFL+zyoQWnZQjqOfzR1WT8GLyQ1fR2Fb02XTtP4R0J4LdrxaqaK+iQTLqjI/xxKq3BN/jC7UY0lbSBl309AtWNkF+KehmsWq75Ct+SGafHzgH+GGrauH2yWV46RcEzTTGLKIaa6AZN7uKSTf+RLngwtahYLFt5oaFiu6fuKfTYSDH358bCfPeeQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ea5eJngmO5Yeqnd+tUYrFGA2H052zw3MY6v1zatEhIw=; b=fhbeUGGMy7KnXA+ichr0pGAy/RGIrl9Tj8h1DPQ10hxFzUPdgXihkeTfFiqfimR2ZxKGZ39Vim4jpx5UjanbvF4KYFTAOBuenGif7Z+cHi1ss1a7roJgVRDxj3IfGqNyQWlmHUog2Y+ChEE4ysANStQDFmLCp+rES3eUYE7a7gY= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4509.namprd12.prod.outlook.com (2603:10b6:806:9e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:00:33 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:33 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 31/45] KVM: x86: Introduce kvm_mmu_get_tdp_walk() for SEV-SNP use Date: Fri, 20 Aug 2021 10:59:04 -0500 Message-Id: <20210820155918.7518-32-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:32 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 812e28ae-ca6f-47f3-0bcc-08d963f3a445 X-MS-TrafficTypeDiagnostic: SA0PR12MB4509: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: gAbkoZkHogV90QO8HqzvgrBufmux7cLSjhD3Rk/x7qTbiL+urpFu5C6ArSt1+1neJQR1y0fnNylrkeWeQ2P6ogDJPLkIpN42bT5KlztNCIblaPVMq6fbW9KhkNld3zeLU6WN2JPt7M0KTzskktyV49o+FU40ZMZGvWCncZ+O4ZkMibPqkZxZ/b3WGV7iYPQs8jxHBcMIfpN5TxfNu+NB2se/IZGWW/7nZlK7qd9GLNAlmMwZwpe6qJkLQAUEzPTiDCYEiqu5kovhjnYXLS6WtmoYv8hMR+PC3x+3qWLMNRRSSN3Ki9iqhgFcCVuvM6F7en9yJscGpDM6qQ1zsjbTKB1YgYBXlFC9lnaiW2tIkiKqg19caGKnEXOMsS+520Qg0neAfh8n4rmcc1pC6S7h2ZHh9PsqgQ0p8R/VwcyCCO5q5GcIxoEoJgPz5YDRFzKX2r3lEz8r0TcQIaCUH3325gYW7+oIR0mHdyWlWu185Ixy8+4rnBkxLvoqgFR+iW03lb7/D5B/aau6CbH8yLc/dyglj5CDH0eoCuJhWmghI4hvZJQ7nBUOuEHA3DOZMCgZeO6zIc/kSItgPGuuGpLtTLrBM8Cl1SJh/VPCvbYez7hA50VWrx4zl5QWzhE/Muu8Cmoj9SZCRr0IHo9qtvsZRlarTPmMLK05UkbfpZZJHPC0P9PU1XkTmkfigPt94n1i X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(508600001)(4326008)(36756003)(7416002)(44832011)(54906003)(316002)(66946007)(66556008)(66476007)(86362001)(7406005)(956004)(6486002)(2616005)(2906002)(83380400001)(38350700002)(38100700002)(186003)(5660300002)(8936002)(52116002)(1076003)(7696005)(8676002)(26005)(6666004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: Q1sPQKmOqX3QtWm8jNyMPc0vmp1relXGEXkLeQND/FQQk3cgMQgI4oCwl8oz2jIOEkhDR2+HWHfm9wEneID9/uP8853bbGdpjmS+hdaD7j+KbgJn+vYlxo//aafduStC4DLjLVCrB8F1LL2JjzNJXoniHmSQKFg2ko4loAHpTgHU13BrMt9cKfysAZS8V66Cc6SSKMEXx9+3yVNRh9vxF8LPEufEVt/LX45pc7lYLoNjsXtNfDSyWYgtCO36i9Q4VKMJDg3nVROZh37m8Wt9JrlWVU3iBY6JEi305xKgZE4ho5OdmHS4m15zmpl1112OpypUuEoGB94QeSJDCNc/mi7oF1neJjdI8J3jxP2vaMo8dpq4pW5GEV/ksvFHgo1HXxNPUCuYW/Yt8QyvUO6z84bQULoLQYinGjl/J9UTeVU5tPMaknxQ4nqTqcDJxL//2tTYW7iPu2LIbjpUjf72CN31thk4OsQ8tuzmhcS3eembewKFQEOkMVf+6TDn7hYW2dwjmieqW42klwlZAKsLOK+DxtK034NUDBoiGaOWset+l5xbwcXNnTSmE/e5bygdfdJYmdBlDgkZ2FfbAc3kDw6j5HCVvbEJcANCrwZ+gcAJychK1+Xd5i27KYG6FbGg6gKOCbBy7XDX5xsFjunW8+SJYqJDYfv2CrafmqoTggTw7UWssja2uFnYDcIipkCCSlB5JBOyxpkXbhWACXw6RW4aoBqgvljrgJ8VFxzAoEX9cXmtuxCWnzjD51QH3AfZFLs0u9QYuLRzWra4KpYcQ75EMGPin4a9L2nSofbhFgXcGSQmKiH5BKgNu4IDOGLTqWm1Baw3eT3uLji2pCqiGbK9K+wQAK2vEa0QZYqXXqjzKITdQviRFuJWrRs7WHRz0+YdOMKMAGG0gdgCEj6lsvIYveHsmyIcrx+DZNwRgf7hKd23xmY8WWcHJiVO79FeBxkiSwVvLXeSZ7/Ep5tvV8uT5ww6rUC+bPGRvj6E79jnt8uZ10WeJxCF7dSAhAC+HeZppYP0kR1hP/W8EWfHNNG+PkUHgwGPQ96AgsW5In48oG9yoBi2OUfDwzbOJoCE+l1D2TiMRZB7FtiNLRqbFiOTKa8Tld+Sq+IJAy3+HjkaFexB/Ou+84RNKM0l0FFOhBVmVwdDHBrO3iN+KUOhvQGq84lazmUSJmkrvdbC3oUcuI1u8bK8CmXcg6cwh48SGWB9fU8yDilQfR+vXuw5JUzTGjzQ3itlUaCVvJ0C5kjs93vT3cwcrzYkuhDSCb5xt5vmGVV0+EVKraeBDrwt70nBdPdaBSgY/DMCMzz9ETgANycHoDFYGFB3LgfBp9bY X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 812e28ae-ca6f-47f3-0bcc-08d963f3a445 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:33.5376 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ED2anUndPzkA8up0BEA4hGoSKBbLWWxpmHSE0nLUOMoGQaZqjt2NS5Td0No28RoLPZ7DsOZwaM8EGlZYpwk+CA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4509 X-Rspamd-Queue-Id: DE697801AB25 Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=fhbeUGGM; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf06.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.237.55 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Rspamd-Server: rspam04 X-Stat-Signature: eb5fnyexgk4i6zacmfzner6ufycxidqs X-HE-Tag: 1629475235-471876 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The SEV-SNP VMs may call the page state change VMGEXIT to add the GPA as private or shared in the RMP table. The page state change VMGEXIT will contain the RMP page level to be used in the RMP entry. If the page level between the TDP and RMP does not match then, it will result in nested-page-fault (RMP violation). The SEV-SNP VMGEXIT handler will use the kvm_mmu_get_tdp_walk() to get the current page-level in the TDP for the given GPA and calculate a workable page level. If a GPA is mapped as a 4K-page in the TDP, but the guest requested to add the GPA as a 2M in the RMP entry then the 2M request will be broken into 4K-pages to keep the RMP and TDP page-levels in sync. Signed-off-by: Brijesh Singh --- arch/x86/kvm/mmu.h | 2 ++ arch/x86/kvm/mmu/mmu.c | 29 +++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index af063188d073..7c4fac53183d 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -117,6 +117,8 @@ static inline void kvm_mmu_load_pgd(struct kvm_vcpu *vcpu) int kvm_tdp_page_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u32 error_code, bool prefault); +bool kvm_mmu_get_tdp_walk(struct kvm_vcpu *vcpu, gpa_t gpa, kvm_pfn_t *pfn, int *level); + static inline int kvm_mmu_do_page_fault(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, u32 err, bool prefault) { diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index a21e64ec048b..e660d832e235 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -3973,6 +3973,35 @@ kvm_pfn_t kvm_mmu_map_tdp_page(struct kvm_vcpu *vcpu, gpa_t gpa, } EXPORT_SYMBOL_GPL(kvm_mmu_map_tdp_page); +bool kvm_mmu_get_tdp_walk(struct kvm_vcpu *vcpu, gpa_t gpa, kvm_pfn_t *pfn, int *level) +{ + u64 sptes[PT64_ROOT_MAX_LEVEL + 1]; + int leaf, root; + + if (is_tdp_mmu(vcpu->arch.mmu)) + leaf = kvm_tdp_mmu_get_walk(vcpu, gpa, sptes, &root); + else + leaf = get_walk(vcpu, gpa, sptes, &root); + + if (unlikely(leaf < 0)) + return false; + + /* Check if the leaf SPTE is present */ + if (!is_shadow_present_pte(sptes[leaf])) + return false; + + *pfn = spte_to_pfn(sptes[leaf]); + if (leaf > PG_LEVEL_4K) { + u64 page_mask = KVM_PAGES_PER_HPAGE(leaf) - KVM_PAGES_PER_HPAGE(leaf - 1); + *pfn |= (gpa_to_gfn(gpa) & page_mask); + } + + *level = leaf; + + return true; +} +EXPORT_SYMBOL_GPL(kvm_mmu_get_tdp_walk); + static void nonpaging_init_context(struct kvm_mmu *context) { context->page_fault = nonpaging_page_fault; From patchwork Fri Aug 20 15:59:05 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449829 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F69AC432BE for ; Fri, 20 Aug 2021 16:01:39 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 2D8E161221 for ; Fri, 20 Aug 2021 16:01:39 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 2D8E161221 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 7F2E78D0021; Fri, 20 Aug 2021 12:00:37 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7A41B8D001B; Fri, 20 Aug 2021 12:00:37 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 61C078D0021; Fri, 20 Aug 2021 12:00:37 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0029.hostedemail.com [216.40.44.29]) by kanga.kvack.org (Postfix) with ESMTP id 4377E8D001B for ; Fri, 20 Aug 2021 12:00:37 -0400 (EDT) Received: from smtpin16.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id DE70E2CBC8 for ; Fri, 20 Aug 2021 16:00:36 +0000 (UTC) X-FDA: 78495921672.16.89C1A62 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2055.outbound.protection.outlook.com [40.107.237.55]) by imf06.hostedemail.com (Postfix) with ESMTP id 60C2A801A88D for ; Fri, 20 Aug 2021 16:00:36 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mIDro/KC6Y3I/JQaptr/pLOpoqEhVnP9YmFZ7IIcGY+cGniJwRxVck6hVTQ26CDXQpFppxVySq4k3C4UOoeQ1IfKfA85EsHeBF4vtnp75FUBNm7a7mykrIEMY6xvr/enFXX7hs1PJ4OXZB0pLYBG8JZNsAszuwq1G7tSwgW4bTMcwW2sP2RRCZ1by2FKExLb02uKGdlTS9coSY3yEigxX2iZLLR2WRJ8ncL99bXNa0044fkRRYDjznNei+I2cHSH6y4PplBoxKIdvogQnguMMEUEbMufwJycnBJDszMm4plfXdJdAhZxKD9P1mFnOMMUk+tqLGC4x//2XiVW0cOCTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ss4ZiIEv6xO6y05eHHgwn5Z4J27VjjFqzE1gAjS/mN8=; b=VMahWh3Se0ntzw+FiGZeW6AwHdP86K6WDH0T2j6wKb6h/du2MWnlQ4/7B3rbmfwiADH7JmHewU7ub4V9H+EnaPl+KY3KQmWAcN1qMOsB7ENRx4KRK/B9NExI5OXS5Ojjy3UEyIXQ3F8g2JAdUYJXcXHq3f5H7XRkzTaTHwcFSiYXNwEgZpU1LP/cye9gitj+u+sDuF7sHSc777uUZ4JGgMAKF2YKQNTtn9/ytj9Cr400yRZYTI5BS9mKN3UyQ1SjKHqG9VECjKR71IM+waXm1AWxLm+gRX/+zylkjlIIrqWimBTPA2piKHEl1ZBrslzmGJCG/fNb81HLSbJBQHrXiA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ss4ZiIEv6xO6y05eHHgwn5Z4J27VjjFqzE1gAjS/mN8=; b=3kvJSLMa5dWlD+w4YxnVmZWFxRZUXROJL9lirB06mHp7m769imv0lbNbu80fk35g/xH/uWcCIkSzf1N1ScjCrUh3BeWK5hyTHc/QPpbANzaidCZqZ4oalpklpDqrB/cfGbHcbrusQubOG8EYhvFqoviWWgT4IAmQl+TVxpSVbOQ= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4509.namprd12.prod.outlook.com (2603:10b6:806:9e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:00:34 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:00:34 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 32/45] KVM: x86: Define RMP page fault error bits for #NPF Date: Fri, 20 Aug 2021 10:59:05 -0500 Message-Id: <20210820155918.7518-33-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:33 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 63b48cce-01a7-4dfd-5e7d-08d963f3a4fa X-MS-TrafficTypeDiagnostic: SA0PR12MB4509: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3513; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: L4h4VLMAnN1R8i6hRQFGUp+kA3raKp05IyCIzA0QSLCwLVgOqg7Q2M9Oib+PxOo256irCJdq6d4oCU0TpDAokaKi6EbUoC9zu2wtFzU5vHFnLeylJfBjYoxlvzZShxrEioK6dYFt+2sQZdWua5hgazG2ephSHEdssUKleXf02SDBh1NFkEXTmeoCzdXCX4tMZCHOc7lSeudfKmQNadx1Xoa6vCIQKkLnozfU1GdrgV+My/Z/eGIHp1BqL0mAD0jf1uzyBNFxXWln3oQ7ct6RjE8DKPPj7YjKBwGo2zJZB48DrEmlNP2o78OqYbBnwIVRely5zYeGk9NcnA791Yy+7CimmmXopahddn+O3oVXn515mwTJbecYerKKkEKQaTENzpFW91hTTfjqz23LMc2QQ2UJuXoTkuiK5ivDk2qk1AXuMRCCvJ/okGhsE+cHeB0kq/3yT3u5th9pDuWP47mSNUgoTL2GKo6FGkaWlHPd3FLmehwJY1PMU21pbPS1tNUpm1Sh4TrIJbe/7V7i/1u56/eTJudQ8TJKBOl0lv6PKtEQura7jFTiJ5D3eq8ePVsMn2i3ZdDZi3IGtXFch88HmtDgNATW3aQ49nskkIvuz/LP7dDFWiNRo+J7hoGkKBRfl5zSbr4X8FicMZihDawXNi6RVOSwMjkCSTC+7XRCtV4q/NhCwX1eluqGuKWTtM7c0HsA05FCdXHuk4+uJMjKcw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(508600001)(4326008)(36756003)(7416002)(44832011)(54906003)(316002)(66946007)(66556008)(66476007)(86362001)(7406005)(956004)(6486002)(2616005)(2906002)(83380400001)(38350700002)(38100700002)(186003)(5660300002)(8936002)(52116002)(1076003)(7696005)(8676002)(26005)(6666004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: Bp38a1QRVIFgwtw/QCWoWYQ9TrwPHvF5V77xalo1QWurAPjLWvPY/aGb4eFbh/Upi17Cvi9f+PtiSX61ctLcYidtUbocrrkHFXeoyOaqaccKmLVtYiOJo3eGRZINEi3lFjzmZTjAncC0IGw3xQN/zPWvXHPzwmGO8611mFQw+Ajl+QHmj/La+qd+s1spgLzzbACoeorJkJ0v2nNlkBpnlDhOZ1BUqJS/aWol6WPo9FThkSEHEYeN9edu31ltcDlLGjXVIc9tw8BjosUXKeU+oEbCvS2MbOhnBS0RQxkk3mkbaiee4hODmG19Jocb9APqzpifkEbWxVy0gyODdt5qPDzYQfwvPLsAuxKnqplnnQQFu+0hoYeGgjNChFQ0FggvfQAzgQaLb86cV0OshWQ+mE8Q6vnJaDTsN/Sjzr2sJGkanNuIW44b7o7H7HiVVNwUgpVqnj6KzTDitIBwwE7JVjGKkvosYrkLAweKJlEUtRZW9VCYcdi5A+J6I6ImNi/jLsgD6Rmn67fPGNkbdB/zAmchPnc9NaiYLZyLBTrAfoSFt2tW45PMlMoUB0JhCjOa15OF7bdVxDn8ooVH1odsOofPOSIJzjiaF06VdAsG2gDIt+Pj7S4uMOOwx5ymbR+VmIRuNAkWaHl53OUii+Xod/LzoL9iQGvIwoCjU9oBhFAeX5HXkjMZE82uzSrhBhVHGE75bCW9Z9vejvm48iCIM/rv0bBxvunUDrrbh+W7iXKk6nLvCdWJjIZvXhaxgsO9l6UXTSFp1O60IhZkVMZX3thIoonulIhIcHqNuWgZl7Pj19nf5kJqGMzfc/jEnh/zv9MUa4c3qePnytQHmu5YrsiN2lsuzHVXf9ZN/Gd3H2E0c3PEo/aNEhRre+Tru3dQR60ZelRGV1HHe49PzKijvL90i/z3LjsHM2OPF4pDgoUMDQl2CDW+pHRtXhsj1CvirU84PygyTYtR+X9vDZEvaQCZ45hbPOWg7PY9lMbpMtiLrLvhyDRj5M3gWWhJoNRVSrMcQzaH4+Mfifxy0QVTmlGrBmsaU4xB7VQAzG+WZtmiBy0xffxnylfFdMo+Kcx2I3iLal0zQZHNRFBzntBMfsqeaqvFFXGu3NNZNpS8H/eFF4IGxX9w8bbFJhtKdwDYxShAEcXCMy9MNWglOc/iIckelcoeu2IhEct5eKLNC7QQhfZWyDUupcwF2GIBMIw11p5Tq8rcn2PpcFBV0Xi4ZCHHNuHSimkWC1Xrpk7yphjcSx9rEarJ47YHjX1LN76KCx8k1WdXmlxuZ6Y7CuWxcwL1fVhhEWx66PMArkRbGAZ2EtFNBfPUXv5VoqGDZtZQ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 63b48cce-01a7-4dfd-5e7d-08d963f3a4fa X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:34.7649 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: btxH0VHaj8Q58SnThL7T13Hbwt/OV0WynbwEjegM5Cx1j2altdCCAOib6dnhtsqvRM9ClfzJwdAG0kKkOFGgXQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4509 X-Rspamd-Queue-Id: 60C2A801A88D Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=3kvJSLMa; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf06.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.237.55 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Rspamd-Server: rspam04 X-Stat-Signature: w16q5gspokejjyzgakrj89ky7nx7rtps X-HE-Tag: 1629475236-863364 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: When SEV-SNP is enabled globally, the hardware places restrictions on all memory accesses based on the RMP entry, whether the hypervisor or a VM, performs the accesses. When hardware encounters an RMP access violation during a guest access, it will cause a #VMEXIT(NPF). See APM2 section 16.36.10 for more details. Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm_host.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 109e80167f11..a6e764458f3e 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -239,8 +239,12 @@ enum x86_intercept_stage; #define PFERR_FETCH_BIT 4 #define PFERR_PK_BIT 5 #define PFERR_SGX_BIT 15 +#define PFERR_GUEST_RMP_BIT 31 #define PFERR_GUEST_FINAL_BIT 32 #define PFERR_GUEST_PAGE_BIT 33 +#define PFERR_GUEST_ENC_BIT 34 +#define PFERR_GUEST_SIZEM_BIT 35 +#define PFERR_GUEST_VMPL_BIT 36 #define PFERR_PRESENT_MASK (1U << PFERR_PRESENT_BIT) #define PFERR_WRITE_MASK (1U << PFERR_WRITE_BIT) @@ -251,6 +255,10 @@ enum x86_intercept_stage; #define PFERR_SGX_MASK (1U << PFERR_SGX_BIT) #define PFERR_GUEST_FINAL_MASK (1ULL << PFERR_GUEST_FINAL_BIT) #define PFERR_GUEST_PAGE_MASK (1ULL << PFERR_GUEST_PAGE_BIT) +#define PFERR_GUEST_RMP_MASK (1ULL << PFERR_GUEST_RMP_BIT) +#define PFERR_GUEST_ENC_MASK (1ULL << PFERR_GUEST_ENC_BIT) +#define PFERR_GUEST_SIZEM_MASK (1ULL << PFERR_GUEST_SIZEM_BIT) +#define PFERR_GUEST_VMPL_MASK (1ULL << PFERR_GUEST_VMPL_BIT) #define PFERR_NESTED_GUEST_PAGE (PFERR_GUEST_PAGE_MASK | \ PFERR_WRITE_MASK | \ From patchwork Fri Aug 20 15:59:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449859 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 727FAC4338F for ; Fri, 20 Aug 2021 16:02:34 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 2286961221 for ; Fri, 20 Aug 2021 16:02:34 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 2286961221 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 9020D8D000A; Fri, 20 Aug 2021 12:02:10 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8B1EB8D0007; Fri, 20 Aug 2021 12:02:10 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 72BDD8D000A; Fri, 20 Aug 2021 12:02:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0252.hostedemail.com [216.40.44.252]) by kanga.kvack.org (Postfix) with ESMTP id 555628D0007 for ; Fri, 20 Aug 2021 12:02:10 -0400 (EDT) Received: from smtpin29.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 057E881BCDA7 for ; Fri, 20 Aug 2021 16:02:10 +0000 (UTC) X-FDA: 78495925620.29.8C65DFB Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2075.outbound.protection.outlook.com [40.107.220.75]) by imf01.hostedemail.com (Postfix) with ESMTP id 71E61506A0B3 for ; Fri, 20 Aug 2021 16:01:09 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=H2D5jJV0XfJnW2hUKCAtzO3iNZBV0tz0X4qqbEEWxFqvyDIaoejLsiYrNcFh7i73rvLrfRLnmaM67zWOEw7VGTqtn5IgB/IHe/26sUdPqIEF37H24AgGUKYrIuxa2Ce1bGfPc64ZNdeqcnWUu+nWWoxUq91pmdlj1KsPiGKU1fBmWRvSWgVhSJVEaATbeW+aJewBeSv/0T69ojKAlLbeo1ihd1lK9agH3KfmVqF9CWEsyj3tFOccty9f2pM0fWVm/tvCIvwZMBhicfRZpTkn+hswtuobhWT89Z3ykubQR4FjNfvxdstmKg/w2zuHbR+RD7HMKqFivHuGl7SnzeEdVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=R/fFbM3lIaVTOTAHNz7wMPxSLIXzCNn48RusN+8ZPqg=; b=XPdkbwA1kg0LvVBRBkG+2JChj//qgfZ2Oh7hce0WKIabfYa23kQ50q2ZlSIKv7+q8EKJBNe9rjGlDz3s9H2sUI7hW+6C/uU0Bh+/1xADGF/N0+Xu8IW3fQXkKGFLg+B3UcQ3b/PtGqt8GWQLTYSCchSQ/1fXaBEnAGDAQZg3/U2nxE9Z/P83SZqOH/nkqljQyqXTYUmsuVTJvwX7ZBRYd1g3M0vv6HbiODr3/84hzxez8K2aGXDa2D0ZZKpvCya6Q5T00HgyDVSYfJiE9sMAGvvvymURixu5Q7+3Fxf07woldL1mQLjR7/P48RgLzD9mmMe2hUVHd9h5jYFSO3SWEw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=R/fFbM3lIaVTOTAHNz7wMPxSLIXzCNn48RusN+8ZPqg=; b=FVkRl2Oewe4FdB7xRTKSK5Vkzf1GCoFwfY6bjoD/jWGhtgk46KvSm+Zrc6o4OigjcuwvWL8IDDFn9XOm+/RbM6tT8JiSWOC9aQK2vU0qkI0S5uZdH/ve04pAqY04/VEnB5tOPuUW+KL+3tSj/D5Kg2zi/JVEpzxOoAyUYIkcmRU= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4574.namprd12.prod.outlook.com (2603:10b6:806:94::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:01:06 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:01:06 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh , stable@kernel.org Subject: [PATCH Part2 v5 33/45] KVM: x86: Update page-fault trace to log full 64-bit error code Date: Fri, 20 Aug 2021 10:59:06 -0500 Message-Id: <20210820155918.7518-34-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:35 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ba326c64-17b1-4318-2848-08d963f3a60f X-MS-TrafficTypeDiagnostic: SA0PR12MB4574: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5797; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: NJRtYz/dy54Q4jlkRByeXcyCEo46dg4AhhaAA68gmuaZnjVcuIl+ZzcqHm7lWmlk7HSwvSkgWfNwUZDY3Kgiv0huS2FT4K+yC9sLINA25+GIVvRZpKHIY4LUs7PE6nhfISLw1RAvWtPK56ryPOKk+kd3ujnEyUUJwp1D0qJ/1cpQPHt993hnMztkToNJINskqnYe2mtyJHQGH27ho+eq5E+CTW9vwCrSmgWpG3jYhm2CAIHU6ueKm6/EBN0Hm33JvseBaIn8kfLAsiz8lOH77gC7MJ1wa7JGKeEfLX5zR2hQKLIykZqOZnrbcZPMsOjjI0KnQwHirDufqREXZQ9rUxguxMmuKn8Jy0J+9w+IaWut512SmVQq4NSe3+7g98AycDg1I2reLbCszioHeAgbRc0t3PH4vz5qE8an/S6AkIbhoKIWWM7AjKI7QJWT2ZH1IbUzRkzLK+RkdbNG+PFpFGrFSYpTP9RAz0qASJD24gV9Is2QDScywhVu7uqmzNfyuhPjy76N044qq699wtwSyb4FPZf4ByaMtCMyDDmi1AYbIQz4H25airBKbiWFQlrTwJYWKc59eowfSN34LJItR+Yw6YdJ5IrXxrGHyNI+QxoEbb9bAX9ByHbLSqpKb6k+ef/NA1mKiu0N1K+kWaz0ose8pHPrAJ4YTSt3kBG+srD6C2WSBx8ujegKOxZdY65e X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(376002)(396003)(346002)(366004)(39860400002)(1076003)(38100700002)(316002)(38350700002)(5660300002)(26005)(44832011)(4326008)(66556008)(54906003)(7416002)(7406005)(8676002)(66476007)(86362001)(66946007)(6666004)(2616005)(956004)(8936002)(2906002)(36756003)(83380400001)(478600001)(6486002)(7696005)(52116002)(186003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: +U2Qoqbucw9sDGzsC5hwkgxV7KGlAeuugYPsnI9n5K015JncuF3lv0VYywRF4RmHNYUiYnWtQZcmgKeGnvUhMh5OE3fYUAiC/7eXEaT9g9MtU+jW1VJb1PJ8VP9dBeM3AhJ0pHsjqMiDRQSkF3bxHLZV4tK9+RTNqWsRHPtOnf3VIYEf1W5d5WGiDzcKRTPx9e9WP41WBqFaAnmA99k4GZLkYSYw/LT7IWMFWkrH8o/gUDGLBlTvxKksv223d9UDKGP5KWALPMfeCkpmSa0EKa0zKcLqoQo3oWdixhritMhOBFnL0CMgt8ss6Lu9sioJml8D6JVPc+u0PHq5bZtx9h2M17VeiFh5zIk3w+lVjP8+1tJnnkeQWQvG4x6ST6WNzA3BJHpr6ZIfa53P3M/u5Gi+Vv0nPpKA5mc1J6cnSyZVXkCJKyyeOBbgxtPh6Sw+yJHw8DFkf0uiOIlh7hVeVHB9p8LaMdK6XuTqnERfIXv2JL45giGHI1H3OzCPGw3yTsCGG7WsOTyldXdgKYgFg8Ymb89FLjG9kfiSYRBXO2aAC8SSabf727/BU4D2eUNo3mNj/rphDYGKHujKllIu+2DL4KQiisiqWi2fut2U9hZKw+rcxLAaGrLpVwNO4sIY//f4C/Tbx/jH44MrFCAMFQDH488xvHgRkKYMvmk21XQBqb81klZVsAupM+vVP/XXb2dhWQQSUrd819nptlAmQLoS3ljN5KBYPKRbx/Whc7aFdBrO/fiIJ3+BLzMfYml3juwwKdV26hB0mQNJsvt7EgDyIjesH2I3gwDsHA4q8ElE3ZtxNye1D0nncDKPE0peVf+P8Jf6EC6AuRt9Uh1FXjomufYinaB4tkwHPbG1nHIQ4i2Saa9h8LGA3bY31IIyri6z/7kcq/vZzlrpBrzzAKTQksb4yL+s+qs7tF7+y+uW3q/2Kwj+GTIKDmSF/UpAnUOHoLG+w3ARbO7Xoe6BRDDVkp2wNSTVJethk3IfK/gUzYII1YFp3q9N2ek3/CaGYOcXQZZ+LmYVzVWWqWO4KMiMoT5WPXOXt3OM0sl9kxe2T1uGEpGTAQKPs1Io2dU80ygr8lRGZmB0U/kM2K/U1VMLWb6iEurbDN5w71TS52CYG9OviuGy8xzafh6yOyEU7j/5Rh8SZ+clcET5jc8HOeqPEsatrG3E/jxaw+0Y2eekQs1hYDGlXnNwGWf3lrjY6xg4mvyx7rO7Ux+pRESG7EsLdAywirRLvtBu3KFA8JS4qOgMkm3eGMYCMX3InYjbGmPIYdQ8JgBkXUXw1KZFw+lqBsBZXruSAy4zEK2ipI/YpKZK0pRYedzhzPoVA9kR X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ba326c64-17b1-4318-2848-08d963f3a60f X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:36.5598 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: KK1MWpH5kUGTr+AGIJ4zXOY3l3ysLSa34wFUCAGZPaHxnq8NB2ET8t33lP/mJSh/zOwMhM4KOaj/8JfN2RXZrA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4574 Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=FVkRl2Oe; spf=pass (imf01.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.220.75 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com; dmarc=pass (policy=quarantine) header.from=amd.com X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 71E61506A0B3 X-Stat-Signature: uja97cq1iwmwgaih57ddjjd1s1nbzgzf X-HE-Tag: 1629475269-453006 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The #NPT error code is a 64-bit value but the trace prints only the lower 32-bits. Some of the fault error code (e.g PFERR_GUEST_FINAL_MASK) are available in the upper 32-bits. Cc: Signed-off-by: Brijesh Singh Reviewed-by: Sean Christopherson --- arch/x86/kvm/trace.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/trace.h b/arch/x86/kvm/trace.h index b484141ea15b..1c360e07856f 100644 --- a/arch/x86/kvm/trace.h +++ b/arch/x86/kvm/trace.h @@ -365,12 +365,12 @@ TRACE_EVENT(kvm_inj_exception, * Tracepoint for page fault. */ TRACE_EVENT(kvm_page_fault, - TP_PROTO(unsigned long fault_address, unsigned int error_code), + TP_PROTO(unsigned long fault_address, u64 error_code), TP_ARGS(fault_address, error_code), TP_STRUCT__entry( __field( unsigned long, fault_address ) - __field( unsigned int, error_code ) + __field( u64, error_code ) ), TP_fast_assign( @@ -378,7 +378,7 @@ TRACE_EVENT(kvm_page_fault, __entry->error_code = error_code; ), - TP_printk("address %lx error_code %x", + TP_printk("address %lx error_code %llx", __entry->fault_address, __entry->error_code) ); From patchwork Fri Aug 20 15:59:07 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449857 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D1A74C4338F for ; Fri, 20 Aug 2021 16:02:30 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 8386E61221 for ; Fri, 20 Aug 2021 16:02:30 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 8386E61221 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id BEA5A8D002A; Fri, 20 Aug 2021 12:01:41 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id BC0A28D002B; Fri, 20 Aug 2021 12:01:41 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 928B38D002A; Fri, 20 Aug 2021 12:01:41 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0003.hostedemail.com [216.40.44.3]) by kanga.kvack.org (Postfix) with ESMTP id 71E8C8D0007 for ; Fri, 20 Aug 2021 12:01:41 -0400 (EDT) Received: from smtpin19.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 1F236818B84E for ; Fri, 20 Aug 2021 16:01:41 +0000 (UTC) X-FDA: 78495924402.19.F3A4022 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2053.outbound.protection.outlook.com [40.107.220.53]) by imf06.hostedemail.com (Postfix) with ESMTP id 9A49C801AB00 for ; Fri, 20 Aug 2021 16:01:40 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lgzhvb4ad6SfD84S8+DidqMk2d97JqJ7f14CEmAi5V9D0twVNPiGvye4506swYhQ2rXfpaJvdsLDd9wJxg1ZRkTXUbHRPnkW57sbHAfvwzBexEhMuUW3I96cNJkFNcQY6Ir10ct8tw0aDsx7KXmaDD1mk2wT7c066A4iGX96LLoHikmxwmVN5o6stM0KSWO4tJWTaXAHV7yWRZosFzmxV1ZQZaHnQ4tLFHUTsbRc/2UKrTpvYkf/kz7lX2WnFCw+VkDFWviSWxpSuzb+HnjpaxFoNedNWMQDGNUkAPCOihpCzf/lb2K0vjGv1Bk5GUbFwb0PtwMSw1EjsNX0hvo9PA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SskhzyDvqfaIYDs2SMy1p2yCg2F/EtAhJWXlasHkM5E=; b=ALzdBaX4viNV4LGZf1S6j9OsvQz1aKXHl5bWMltLvzmJuOivMtvEuV4kNL4nqzSKOG2wYUxTVOfzONvzt0dXvCDWvxZluYdmgHSMjoM8/KlnRqExj1rH27+s6hLmSw5psqs3JcnELmBjhnuMFhfFXH59qICJGtD6l7s2KAn9scr2CFgHUQiYe982I+wI7PTRTCcqiJP+I+UM96CMIq5lz9K6o5tfFv5d88wP5ucn3rN6GVq1OAZI4pS03kCalr5GtL4zmeMpW6G9MtnLwqz+jJS5vvHEZ7e2rynWL3V6MaRRoML2vJFkBhQRwUhE0CwNr5R6B46tSVI8cqvGMr3hjA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SskhzyDvqfaIYDs2SMy1p2yCg2F/EtAhJWXlasHkM5E=; b=3HD8TXMHIbyZZvjvunI0nMwjSVPVQqhLIni6HIUxM80KyD0Dfk+8bk93cNX3rGo/uhbSgkLgJHdaU3dMT86Y2OX9XwIudD0ZoLALyexCcSpzl/K8GkLYRc8QiX1vCNGCzFR7XN43gpl6E8bPuMA1rLCo1mgEzoHpK/CFOXdzpjE= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4574.namprd12.prod.outlook.com (2603:10b6:806:94::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:01:07 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:01:07 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 34/45] KVM: SVM: Do not use long-lived GHCB map while setting scratch area Date: Fri, 20 Aug 2021 10:59:07 -0500 Message-Id: <20210820155918.7518-35-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:36 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: e04094e7-dc0d-4c42-45d8-08d963f3a6d3 X-MS-TrafficTypeDiagnostic: SA0PR12MB4574: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: HAK3Wh9CyLFkNg2OcLyp92LszmoVnaZDYR6yIoLt3Wjjm8nJ9sUuCn1R9DuR7O5KUF/WjRe04IHvRd7/JJMNTVTeQOXKohvzCuFHjmits0bIe8/aGH9DsjvaPk5ZD2+OWuDMzdzfgiXjc+pD4k+czTZEBxPSmFkRxgLB9lNRNFeL9k5y89nFTm1Vo7FWB3ZehgTUlDG5s/TIjT3bKWaYhPGKebe/UCarMT2LPQaSK09tdm9WwKU7kampmU8mAsYQOAnL/R9A4ySHopRHv1PQjj6KHMEkhWq2GU0V+etPuI7QzTsFWPP/4c76nd4IguNeYUBJi7jOl3tSVE/XJC0duNe9Cl2oEyzEii5wp8qVhdkzgGNI7AYjeUacrABRwkmn3kxk2hx0oVQUHwVNcT18IPt1SzbVffPEqgnmPb4d11bndNtE+fqKjkClB3VlKjt0+9t8GhMtOlH+oCnbBrJlYcLhJ531x4aA3NidcfYwo2ZkQ9OzjIQDJpaK3o197GAhbk3rBaoNfjXI9eqMvkD/xQ5tvM40KVq6cD1zaC/QavKS58UxxqiQCjvQzI6oocCPrzM95BYx7FRe8faBmDKmjlwu4/0bX/osGfIXEXb7y4ivodRPklM+Ozf0Zz50bd2U4LMNhkOKHAyznqk1SVzWb0JRrAEsGi0oUa603Up+qE16fhVGijxeUCE0sBGMpwwMFpASmcYysl7CP1fGBFd42g== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(376002)(396003)(346002)(366004)(39860400002)(1076003)(38100700002)(316002)(38350700002)(5660300002)(26005)(44832011)(4326008)(66556008)(54906003)(7416002)(7406005)(8676002)(66476007)(86362001)(66946007)(6666004)(2616005)(956004)(8936002)(2906002)(36756003)(83380400001)(478600001)(6486002)(7696005)(52116002)(186003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: GyfbZWUdMaCD1XIxGLxOLk1dgU12r4eux1dhKe6r1cfWbH7nfR2NeBS4DNZVnIUZ3xP3uh2i0t1VaqLYqKtd++TR3ondBnRPAdgE/MxCIMuI3/u0mQxfywqnGdTTP8Ixw5vrBHQPhYEhMZYQSWgA354v24snDUjCb3dioWaJ2ASYmZtPSnyiQNTzkX9+JouYdtvjdvRGZ5Pdgod/SrMTK0K9lZG95LOfNvZmdgFJpULt0P4vfiR0nMmuVQc8ak9v/HAdPMgG+ANQS8e5TSg7XDtmPMwkYUvQqqNy/vUuSiEr+pH52uEFkkLgFh5jmmUCxl5fnLClR7cLOhY07HdgjKyOlkMUW5HLOnvi7sRwJGWFhI0nO0OqBldMV+VwlzNKq8SbgPIL90dDboRAxbv94Zw6CsXyIr6nJeCOLQxQGFgjNjbzDi17QQgwQ+gM/6dBM7LUbgfSGD1anONrPbUdIZ5spOyZbldsCk34JvpYb2+hlcT9XsiKouUjzdXTL9PCMXiO3T33shhg4ZG2tzz7shzrPF6KJQVx32Pze5uQdcozr8ULhZYc8qbLEyuFq0bwhOUQwhzat9dE0itT7kGpjUhkut6WuinVuqNwjbhI1bd62lAgGxGglJTdejjWAx9o0AnwTfoXKTUz7nC2OP39s/t/Mf7fEB5lexwinfG8q3nTy71rX/pS0kXn89UCaNAUkcGAorO8JRreFjlNOppU3pwmI5XcguMJorNFooFzF/rnrKVt4rc9WUw7dhHoq6z8enuzra6Kptrprm1vttrZB9GilNUVcD2SRYmN3RyOiWKJ4Caa4P58H7bVvRJHF5XNLFSO89ie3S3TMym4Km7m17Wq4kXhnOoMmrLDFg+CvP7pzXn8A97zhR0HgcKiMZuitJ9QtpLctuCI/e0ByY5kbdPmqrCzmah7TeewOQv73AuljtBqXXYO1Klih5RPrslazqsnX7nLft+EVXpD9giGRgnHw3gZc0PaNL+6BF5XdfSP6wgQ+ww/BeBzrcfQheb5xEiZ36FiS6gvsA9z80LuT2ZbHJ/EbFVs7thRB4S6eTTCWKW5YLCiuHGytI+YoeMhag6kXbvVD8PZJpRwr+f4JqO1LE1snqDxG+wd3lPTmkLM/vgcaYZoTjp8YDwvBCk/CBC6e9l3dNlr6eF0hOheanlkovZyPb/4KKR7vFSyh81eFe5V9WcZAWml2A0arbwaDRbaomeqj6SWulE5dxLbOcOAvw9f4Fz/n+mboUY1mBdL05aryUg0jzc6vEX2Om8hrpLYcXhUoqD328/jrmCqtlrRx6ZH886EEmxu0vyVYLMNlt50Jv/GEPVSdyJyDMuH X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: e04094e7-dc0d-4c42-45d8-08d963f3a6d3 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:37.9111 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: rYSjqFPtjRaWkddVj1OoeIavjoj4JGQ05QO22ifMEnIDJJfYnpkgLdikh/1zXMUTGG8tIbAK6r2gN6HOgY/Hrw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4574 Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=3HD8TXMH; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf06.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.220.53 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Stat-Signature: ktnh6cox55ejp3qgpcowto8hs3copwiy X-Rspamd-Queue-Id: 9A49C801AB00 X-Rspamd-Server: rspam01 X-HE-Tag: 1629475300-50813 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The setup_vmgexit_scratch() function may rely on a long-lived GHCB mapping if the GHCB shared buffer area was used for the scratch area. In preparation for eliminating the long-lived GHCB mapping, always allocate a buffer for the scratch area so it can be accessed without the GHCB mapping. Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm/sev.c | 70 +++++++++++++++++++----------------------- arch/x86/kvm/svm/svm.h | 3 +- 2 files changed, 34 insertions(+), 39 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 2ad186d7e7b0..7dfb68e06334 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2490,8 +2490,7 @@ void sev_free_vcpu(struct kvm_vcpu *vcpu) __free_page(virt_to_page(svm->vmsa)); skip_vmsa_free: - if (svm->ghcb_sa_free) - kfree(svm->ghcb_sa); + kfree(svm->ghcb_sa); } static void dump_ghcb(struct vcpu_svm *svm) @@ -2579,6 +2578,9 @@ static void sev_es_sync_from_ghcb(struct vcpu_svm *svm) control->exit_info_1 = ghcb_get_sw_exit_info_1(ghcb); control->exit_info_2 = ghcb_get_sw_exit_info_2(ghcb); + /* Copy the GHCB scratch area GPA */ + svm->ghcb_sa_gpa = ghcb_get_sw_scratch(ghcb); + /* Clear the valid entries fields */ memset(ghcb->save.valid_bitmap, 0, sizeof(ghcb->save.valid_bitmap)); } @@ -2714,22 +2716,12 @@ void sev_es_unmap_ghcb(struct vcpu_svm *svm) if (!svm->ghcb) return; - if (svm->ghcb_sa_free) { - /* - * The scratch area lives outside the GHCB, so there is a - * buffer that, depending on the operation performed, may - * need to be synced, then freed. - */ - if (svm->ghcb_sa_sync) { - kvm_write_guest(svm->vcpu.kvm, - ghcb_get_sw_scratch(svm->ghcb), - svm->ghcb_sa, svm->ghcb_sa_len); - svm->ghcb_sa_sync = false; - } - - kfree(svm->ghcb_sa); - svm->ghcb_sa = NULL; - svm->ghcb_sa_free = false; + /* Sync the scratch buffer area. */ + if (svm->ghcb_sa_sync) { + kvm_write_guest(svm->vcpu.kvm, + ghcb_get_sw_scratch(svm->ghcb), + svm->ghcb_sa, svm->ghcb_sa_len); + svm->ghcb_sa_sync = false; } trace_kvm_vmgexit_exit(svm->vcpu.vcpu_id, svm->ghcb); @@ -2767,12 +2759,11 @@ void pre_sev_run(struct vcpu_svm *svm, int cpu) static bool setup_vmgexit_scratch(struct vcpu_svm *svm, bool sync, u64 len) { struct vmcb_control_area *control = &svm->vmcb->control; - struct ghcb *ghcb = svm->ghcb; u64 ghcb_scratch_beg, ghcb_scratch_end; u64 scratch_gpa_beg, scratch_gpa_end; void *scratch_va; - scratch_gpa_beg = ghcb_get_sw_scratch(ghcb); + scratch_gpa_beg = svm->ghcb_sa_gpa; if (!scratch_gpa_beg) { pr_err("vmgexit: scratch gpa not provided\n"); return false; @@ -2802,9 +2793,6 @@ static bool setup_vmgexit_scratch(struct vcpu_svm *svm, bool sync, u64 len) scratch_gpa_beg, scratch_gpa_end); return false; } - - scratch_va = (void *)svm->ghcb; - scratch_va += (scratch_gpa_beg - control->ghcb_gpa); } else { /* * The guest memory must be read into a kernel buffer, so @@ -2815,29 +2803,35 @@ static bool setup_vmgexit_scratch(struct vcpu_svm *svm, bool sync, u64 len) len, GHCB_SCRATCH_AREA_LIMIT); return false; } + } + + if (svm->ghcb_sa_alloc_len < len) { scratch_va = kzalloc(len, GFP_KERNEL_ACCOUNT); if (!scratch_va) return false; - if (kvm_read_guest(svm->vcpu.kvm, scratch_gpa_beg, scratch_va, len)) { - /* Unable to copy scratch area from guest */ - pr_err("vmgexit: kvm_read_guest for scratch area failed\n"); - - kfree(scratch_va); - return false; - } - /* - * The scratch area is outside the GHCB. The operation will - * dictate whether the buffer needs to be synced before running - * the vCPU next time (i.e. a read was requested so the data - * must be written back to the guest memory). + * Free the old scratch area and switch to using newly + * allocated. */ - svm->ghcb_sa_sync = sync; - svm->ghcb_sa_free = true; + kfree(svm->ghcb_sa); + + svm->ghcb_sa_alloc_len = len; + svm->ghcb_sa = scratch_va; } - svm->ghcb_sa = scratch_va; + if (kvm_read_guest(svm->vcpu.kvm, scratch_gpa_beg, svm->ghcb_sa, len)) { + /* Unable to copy scratch area from guest */ + pr_err("vmgexit: kvm_read_guest for scratch area failed\n"); + return false; + } + + /* + * The operation will dictate whether the buffer needs to be synced + * before running the vCPU next time (i.e. a read was requested so + * the data must be written back to the guest memory). + */ + svm->ghcb_sa_sync = sync; svm->ghcb_sa_len = len; return true; diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 27c0c7b265b8..85c852bb548a 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -199,8 +199,9 @@ struct vcpu_svm { /* SEV-ES scratch area support */ void *ghcb_sa; u64 ghcb_sa_len; + u64 ghcb_sa_gpa; + u32 ghcb_sa_alloc_len; bool ghcb_sa_sync; - bool ghcb_sa_free; bool guest_state_loaded; }; From patchwork Fri Aug 20 15:59:08 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449835 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A627DC432BE for ; Fri, 20 Aug 2021 16:01:49 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 48B4061264 for ; Fri, 20 Aug 2021 16:01:49 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 48B4061264 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id E5C5E8D0005; Fri, 20 Aug 2021 12:01:10 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DE3498D0002; Fri, 20 Aug 2021 12:01:10 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C0EF38D0005; Fri, 20 Aug 2021 12:01:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0147.hostedemail.com [216.40.44.147]) by kanga.kvack.org (Postfix) with ESMTP id A140F8D0002 for ; Fri, 20 Aug 2021 12:01:10 -0400 (EDT) Received: from smtpin01.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 5658D2D23F for ; Fri, 20 Aug 2021 16:01:10 +0000 (UTC) X-FDA: 78495923100.01.D0095FF Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2051.outbound.protection.outlook.com [40.107.237.51]) by imf10.hostedemail.com (Postfix) with ESMTP id C45C360019A1 for ; Fri, 20 Aug 2021 16:01:09 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=R7MeuaxEDqeEie6Net+P8VydbpzST7iBDgAHoOWJiJGcMU95YgEsvRobLD4rlbP2XgUvxRyIZPiZb4yD7IyTCTC1esTTYMF9RSVWpnlYIpFFhfl6vqU2CQWOlTdaffusksSPnXmrt42lzuURsjwJsGP4MF51aREiaf+Sc7NnFOnLw2Dgmg4xDYOzUWmqw2UrJ2mOJeZAGrFXug86EEXZeJ9yvrPhsigyT2zEFEworX4BgC2E5M87azC/CMf5WnowckmKAE3/caUTJu/iTJOPExguEPxSF86XA1RAj5wyJikDb4i5Ik0RZbU9e2ZWNOt1iY7c2RNH0w1PqCmQX2u3Hg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y7oYclA2ctLaqK+het86Nyg5zcVcsGgO+5/BrXDlfzg=; b=BiShOt8GLVFNglv6Ns7DTNsKQKRDXiT2NHnyFFdiu+mRDSEfJrijHzsGb4zUQElz7F85asFcHfAeezT8OqGuV7MoM7iarOODqsyQkV1jl1VzXIMIZCHOC2egedvLE9Lu7II2JPd1hnhxDE7h1M/OHUxQ8lUezlxaiVHYrfcXgyUj0iF5pkvUMsKPlLjANOjhD3F0jU1ZsVDhWs2aLkpKxxkLSVMtRhU+yCm1SHyRerN6L+JATqE8C/sbCjGnNW4vJVM2gfcFcjmwft/suZy49sNrWq/QzLdP4CdwjSPSU9OGyLUS2ebLR+T9l9pBckjU1zQZn/PnYmw2rGsu8+McAQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y7oYclA2ctLaqK+het86Nyg5zcVcsGgO+5/BrXDlfzg=; b=ybVpQxgwtTLPCjIoHJS8g8qbXBTlePSdDd2Rtu26xZgAvedEYhCnd2A1vqctVuc97kl2pjyR03Juk23TvxkfvZ4/qB8O+dVQjEt0IPp9YvuJ3p0aasYwUdszpersZUTuZ29cD0z4uzLGWYX/TJ67N7xslFv/hnDjzco6MLWbhi8= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4509.namprd12.prod.outlook.com (2603:10b6:806:9e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:01:07 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:01:07 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 35/45] KVM: SVM: Remove the long-lived GHCB host map Date: Fri, 20 Aug 2021 10:59:08 -0500 Message-Id: <20210820155918.7518-36-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:38 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c8eca29c-80dd-4e5c-b5fb-08d963f3a795 X-MS-TrafficTypeDiagnostic: SA0PR12MB4509: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: nhszm+EdJiZ4kn26QSMREa0LF5fERPrKtr7t/rxCWG6dqVdgARVX6nRR3U84wtun8rLnzrodcCkep590MxGCmpJi0zlphKuDDlYMUL+zwBmg7LyO8S2+B4bHL7kHn4jYSWdPbsXx52xa/Eeviscx2IXYo3LVErl2Vt42G6uNbu9n9i76/SmNcXi2e7wwGkYweQOzEeBjzZaqA4FUYyyoNkCADrKNm7aFj6o0XnXDGixaEtnNwpUivBWAq2Zo5+Te6Igd3R6PElPWxoNwCozc2h8/rKEiSybHISZKm1B+eKIZaHShE9L3JI8OPvcE5+yH376FT5wyTy1qdhKAospWcUHM3zsMszdpedHeYSxqUoDlCHJ8R+wOZuTcFD4l1b687dDkBc1JXcW1pgZJCb5PC8xIm84cac02kEVlvNjbcfhvugOuyjF3LM01wkV5FGz9HgZCyfrZWEFw6izdizYjETy4IXQ4NHKriqKfxK2nO83EslKlmLpiQUVaiqbyW481K9eqHYwh+Yn7Fr3iN5p3CFL9ObZx7GSFra1vcj8FyzQb/blc+ic24x6fu+6PHRVsAiFn8jEh+wncr3jsgwfDYz7frXDTcP+SgKdABAgsfonQmG/R7EklfGZm4SeMXuTDvuZk0nqW9WvfLx8ysT8gciQfaV9MOtcWVXa6CJHzbYe6PgQTf7nxmtwaj6VQIYCyGecRuUaZ+LGT1EslfOQPfGssgdu03nzh776imnGxyeA= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(508600001)(4326008)(36756003)(7416002)(44832011)(54906003)(316002)(66946007)(66556008)(66476007)(86362001)(7406005)(956004)(6486002)(2616005)(2906002)(83380400001)(38350700002)(38100700002)(186003)(30864003)(5660300002)(8936002)(52116002)(1076003)(7696005)(8676002)(26005)(6666004)(21314003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: ERCKBAmvVuIVmhCd8Y2HtOgoddJ9kv+Sj72rIavFJe2ObHwO47ecfT0yNT+P8R6aGHpYQalarTZAgx/zk2Gmswse9PYpBYduc6aHsYjD7092x0U1qhiJDfYUqWdsWGi93iSloug6KWY4MbKwzwgdN75mn4WI6PkY9BOIAXBH2lycJQ9rgBqIvJKICY3yJR1SQ4C+GFUvYcI+NPzFBCsfiZIzYn/FMalvxphsiKcNpq/V+3GJ5B+YtdbiV3JOhUwLkUR9Ql2U2P9HODHJc94MyJh+Q+Pxe8TN93wGmz3rZVMOzabhZcN0NzOLFJ1D1Yt49PnM8ZLenOwKOd8H0/bsNS37UcogP2q8sr0mUQULLnO0/Pi89NvwWHXlgAuW+SCMUESS6In2Ie5qmuUTZDH3vNNSnua03hrdEDtKVomNROjsuVVBvQNio5Lrth59D5N7XrmRUd/DHLhAfdf+O26cKi+Mjn5BaRvxd1++Km0+icgtfBPt0+gb3+x+cfCj3o0oU2oPJ9wQwDPua8nbFLIacfNiHOa1Lg9SUWiWq6LuJ4yJV8b67q1uid8xvE3oaIq6vGpi1gFCuSpG1xHXTbyiFZWrwbYKPgiHwIoMSSdDnQXy4r7E/KdH4wlG3U6ZjrWb/tAwFKthlKsBC51AbaML5QWyr5nRYAxuZK92TBNvRg7V8shVEASbzm4yFcDdrF/rbYlEAklv6ifkgiwN42rJgzMbAegOJ90Pwm+VH3JuemwUlnRqtk0S2nn2u2+7tjunkISZ1aakBmnkpsadaAl5L0kCcF/QF2GnHMGNNVVZJpbvQ83bXZCjzXKiMn4Wp4L9r5INX/mroA6pI/X3IwU+RW2Mv36+JBTvqvkCJNb/1+gq10DZMFFLh2hHyEa2Mhgc6FxcK7h1PuZ6lDbOFIewiv1nDctIEaaykcKOj3LycfZM2q0AAVhRkuQuItVUtG33QGW4qEJJ/2E60ohSGEEaYR0mBQhpcV0EImzSUmunHGeFgalY7IhFYaOj9whOYzbQ568MDt1+YqloHFtS+dusJuXrEHrM6Mc/D+mLSJd2xeN7BoipvMMX8rDj2B3EU4wZaW0eOUYCw1QCflCbtdzVqEN5e9owCsAQP3uVUoVFQV8wKUltHup0Z0f8G6HdYroJ/6smgrlT8sMtFSG33/EVz/P1OwGnpR9xpf4MRrPPPviL8yoQyOrwlZxP2u5IbJl9mRqYnzEOzSiVdmnvS6guBBGUA+VerNip99okpASu4un3mvw4FhCkbI2KYC8CvLPWc3rj/Nn3A8NG8cbxLtMiKfo8Dc5W/0GjGT/YHIRWJ2qIf1X+FwZe3bp4zfnPWo1M X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c8eca29c-80dd-4e5c-b5fb-08d963f3a795 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:39.1783 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 0ZtnoJYBU2173INyRTJ803L3k8/UvTf8r/uf5xNF9Z7WSQijukHw1x3oy2sXbTQ+kGAbWEIw1URwU7o7Nv3Q6g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4509 Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=ybVpQxgw; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf10.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.237.51 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Stat-Signature: ssyawhh8q5awwipaaq7jdx3z4z4f4fic X-Rspamd-Queue-Id: C45C360019A1 X-Rspamd-Server: rspam05 X-HE-Tag: 1629475269-880133 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On VMGEXIT, sev_handle_vmgexit() creates a host mapping for the GHCB GPA, and unmaps it just before VM-entry. This long-lived GHCB map is used by the VMGEXIT handler through accessors such as ghcb_{set_get}_xxx(). A long-lived GHCB map can cause issue when SEV-SNP is enabled. When SEV-SNP is enabled the mapped GPA needs to be protected against a page state change. To eliminate the long-lived GHCB mapping, update the GHCB sync operations to explicitly map the GHCB before access and unmap it after access is complete. This requires that the setting of the GHCBs sw_exit_info_{1,2} fields be done during sev_es_sync_to_ghcb(), so create two new fields in the vcpu_svm struct to hold these values when required to be set outside of the GHCB mapping. Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm/sev.c | 129 ++++++++++++++++++++++++++--------------- arch/x86/kvm/svm/svm.c | 12 ++-- arch/x86/kvm/svm/svm.h | 24 +++++++- 3 files changed, 111 insertions(+), 54 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 7dfb68e06334..c41d972dadc3 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2493,15 +2493,40 @@ void sev_free_vcpu(struct kvm_vcpu *vcpu) kfree(svm->ghcb_sa); } +static inline int svm_map_ghcb(struct vcpu_svm *svm, struct kvm_host_map *map) +{ + struct vmcb_control_area *control = &svm->vmcb->control; + u64 gfn = gpa_to_gfn(control->ghcb_gpa); + + if (kvm_vcpu_map(&svm->vcpu, gfn, map)) { + /* Unable to map GHCB from guest */ + pr_err("error mapping GHCB GFN [%#llx] from guest\n", gfn); + return -EFAULT; + } + + return 0; +} + +static inline void svm_unmap_ghcb(struct vcpu_svm *svm, struct kvm_host_map *map) +{ + kvm_vcpu_unmap(&svm->vcpu, map, true); +} + static void dump_ghcb(struct vcpu_svm *svm) { - struct ghcb *ghcb = svm->ghcb; + struct kvm_host_map map; unsigned int nbits; + struct ghcb *ghcb; + + if (svm_map_ghcb(svm, &map)) + return; + + ghcb = map.hva; /* Re-use the dump_invalid_vmcb module parameter */ if (!dump_invalid_vmcb) { pr_warn_ratelimited("set kvm_amd.dump_invalid_vmcb=1 to dump internal KVM state.\n"); - return; + goto e_unmap; } nbits = sizeof(ghcb->save.valid_bitmap) * 8; @@ -2516,12 +2541,21 @@ static void dump_ghcb(struct vcpu_svm *svm) pr_err("%-20s%016llx is_valid: %u\n", "sw_scratch", ghcb->save.sw_scratch, ghcb_sw_scratch_is_valid(ghcb)); pr_err("%-20s%*pb\n", "valid_bitmap", nbits, ghcb->save.valid_bitmap); + +e_unmap: + svm_unmap_ghcb(svm, &map); } -static void sev_es_sync_to_ghcb(struct vcpu_svm *svm) +static bool sev_es_sync_to_ghcb(struct vcpu_svm *svm) { struct kvm_vcpu *vcpu = &svm->vcpu; - struct ghcb *ghcb = svm->ghcb; + struct kvm_host_map map; + struct ghcb *ghcb; + + if (svm_map_ghcb(svm, &map)) + return false; + + ghcb = map.hva; /* * The GHCB protocol so far allows for the following data @@ -2535,13 +2569,24 @@ static void sev_es_sync_to_ghcb(struct vcpu_svm *svm) ghcb_set_rbx(ghcb, vcpu->arch.regs[VCPU_REGS_RBX]); ghcb_set_rcx(ghcb, vcpu->arch.regs[VCPU_REGS_RCX]); ghcb_set_rdx(ghcb, vcpu->arch.regs[VCPU_REGS_RDX]); + + /* + * Copy the return values from the exit_info_{1,2}. + */ + ghcb_set_sw_exit_info_1(ghcb, svm->ghcb_sw_exit_info_1); + ghcb_set_sw_exit_info_2(ghcb, svm->ghcb_sw_exit_info_2); + + trace_kvm_vmgexit_exit(svm->vcpu.vcpu_id, ghcb); + + svm_unmap_ghcb(svm, &map); + + return true; } -static void sev_es_sync_from_ghcb(struct vcpu_svm *svm) +static void sev_es_sync_from_ghcb(struct vcpu_svm *svm, struct ghcb *ghcb) { struct vmcb_control_area *control = &svm->vmcb->control; struct kvm_vcpu *vcpu = &svm->vcpu; - struct ghcb *ghcb = svm->ghcb; u64 exit_code; /* @@ -2585,13 +2630,18 @@ static void sev_es_sync_from_ghcb(struct vcpu_svm *svm) memset(ghcb->save.valid_bitmap, 0, sizeof(ghcb->save.valid_bitmap)); } -static int sev_es_validate_vmgexit(struct vcpu_svm *svm) +static int sev_es_validate_vmgexit(struct vcpu_svm *svm, u64 *exit_code) { - struct kvm_vcpu *vcpu; + struct kvm_vcpu *vcpu = &svm->vcpu; + struct kvm_host_map map; struct ghcb *ghcb; - u64 exit_code = 0; - ghcb = svm->ghcb; + if (svm_map_ghcb(svm, &map)) + return -EFAULT; + + ghcb = map.hva; + + trace_kvm_vmgexit_enter(vcpu->vcpu_id, ghcb); /* Only GHCB Usage code 0 is supported */ if (ghcb->ghcb_usage) @@ -2601,7 +2651,7 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) * Retrieve the exit code now even though is may not be marked valid * as it could help with debugging. */ - exit_code = ghcb_get_sw_exit_code(ghcb); + *exit_code = ghcb_get_sw_exit_code(ghcb); if (!ghcb_sw_exit_code_is_valid(ghcb) || !ghcb_sw_exit_info_1_is_valid(ghcb) || @@ -2685,6 +2735,9 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) goto vmgexit_err; } + sev_es_sync_from_ghcb(svm, ghcb); + + svm_unmap_ghcb(svm, &map); return 0; vmgexit_err: @@ -2695,16 +2748,17 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) ghcb->ghcb_usage); } else { vcpu_unimpl(vcpu, "vmgexit: exit reason %#llx is not valid\n", - exit_code); + *exit_code); dump_ghcb(svm); } vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_UNEXPECTED_EXIT_REASON; vcpu->run->internal.ndata = 2; - vcpu->run->internal.data[0] = exit_code; + vcpu->run->internal.data[0] = *exit_code; vcpu->run->internal.data[1] = vcpu->arch.last_vmentry_cpu; + svm_unmap_ghcb(svm, &map); return -EINVAL; } @@ -2713,23 +2767,20 @@ void sev_es_unmap_ghcb(struct vcpu_svm *svm) /* Clear any indication that the vCPU is in a type of AP Reset Hold */ svm->ap_reset_hold_type = AP_RESET_HOLD_NONE; - if (!svm->ghcb) + if (!svm->ghcb_in_use) return; /* Sync the scratch buffer area. */ if (svm->ghcb_sa_sync) { kvm_write_guest(svm->vcpu.kvm, - ghcb_get_sw_scratch(svm->ghcb), + svm->ghcb_sa_gpa, svm->ghcb_sa, svm->ghcb_sa_len); svm->ghcb_sa_sync = false; } - trace_kvm_vmgexit_exit(svm->vcpu.vcpu_id, svm->ghcb); - sev_es_sync_to_ghcb(svm); - kvm_vcpu_unmap(&svm->vcpu, &svm->ghcb_map, true); - svm->ghcb = NULL; + svm->ghcb_in_use = false; } void pre_sev_run(struct vcpu_svm *svm, int cpu) @@ -2961,7 +3012,6 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) struct vcpu_svm *svm = to_svm(vcpu); struct vmcb_control_area *control = &svm->vmcb->control; u64 ghcb_gpa, exit_code; - struct ghcb *ghcb; int ret; /* Validate the GHCB */ @@ -2974,27 +3024,14 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) return -EINVAL; } - if (kvm_vcpu_map(vcpu, ghcb_gpa >> PAGE_SHIFT, &svm->ghcb_map)) { - /* Unable to map GHCB from guest */ - vcpu_unimpl(vcpu, "vmgexit: error mapping GHCB [%#llx] from guest\n", - ghcb_gpa); - return -EINVAL; - } - - svm->ghcb = svm->ghcb_map.hva; - ghcb = svm->ghcb_map.hva; - - trace_kvm_vmgexit_enter(vcpu->vcpu_id, ghcb); - - exit_code = ghcb_get_sw_exit_code(ghcb); - - ret = sev_es_validate_vmgexit(svm); + ret = sev_es_validate_vmgexit(svm, &exit_code); if (ret) return ret; - sev_es_sync_from_ghcb(svm); - ghcb_set_sw_exit_info_1(ghcb, 0); - ghcb_set_sw_exit_info_2(ghcb, 0); + svm->ghcb_in_use = true; + + svm_set_ghcb_sw_exit_info_1(vcpu, 0); + svm_set_ghcb_sw_exit_info_2(vcpu, 0); ret = -EINVAL; switch (exit_code) { @@ -3033,23 +3070,23 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) break; case 1: /* Get AP jump table address */ - ghcb_set_sw_exit_info_2(ghcb, sev->ap_jump_table); + svm_set_ghcb_sw_exit_info_2(vcpu, sev->ap_jump_table); break; default: pr_err("svm: vmgexit: unsupported AP jump table request - exit_info_1=%#llx\n", control->exit_info_1); - ghcb_set_sw_exit_info_1(ghcb, 1); - ghcb_set_sw_exit_info_2(ghcb, - X86_TRAP_UD | - SVM_EVTINJ_TYPE_EXEPT | - SVM_EVTINJ_VALID); + svm_set_ghcb_sw_exit_info_1(vcpu, 1); + svm_set_ghcb_sw_exit_info_2(vcpu, + X86_TRAP_UD | + SVM_EVTINJ_TYPE_EXEPT | + SVM_EVTINJ_VALID); } ret = 1; break; } case SVM_VMGEXIT_HV_FEATURES: { - ghcb_set_sw_exit_info_2(ghcb, GHCB_HV_FT_SUPPORTED); + svm_set_ghcb_sw_exit_info_2(vcpu, GHCB_HV_FT_SUPPORTED); ret = 1; break; @@ -3171,7 +3208,7 @@ void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) * Return from an AP Reset Hold VMGEXIT, where the guest will * set the CS and RIP. Set SW_EXIT_INFO_2 to a non-zero value. */ - ghcb_set_sw_exit_info_2(svm->ghcb, 1); + svm_set_ghcb_sw_exit_info_2(vcpu, 1); break; case AP_RESET_HOLD_MSR_PROTO: /* diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 0c8510ad63f1..5f73f21a37a1 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2786,14 +2786,14 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) static int svm_complete_emulated_msr(struct kvm_vcpu *vcpu, int err) { struct vcpu_svm *svm = to_svm(vcpu); - if (!err || !sev_es_guest(vcpu->kvm) || WARN_ON_ONCE(!svm->ghcb)) + if (!err || !sev_es_guest(vcpu->kvm) || WARN_ON_ONCE(!svm->ghcb_in_use)) return kvm_complete_insn_gp(vcpu, err); - ghcb_set_sw_exit_info_1(svm->ghcb, 1); - ghcb_set_sw_exit_info_2(svm->ghcb, - X86_TRAP_GP | - SVM_EVTINJ_TYPE_EXEPT | - SVM_EVTINJ_VALID); + svm_set_ghcb_sw_exit_info_1(vcpu, 1); + svm_set_ghcb_sw_exit_info_2(vcpu, + X86_TRAP_GP | + SVM_EVTINJ_TYPE_EXEPT | + SVM_EVTINJ_VALID); return 1; } diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 85c852bb548a..22c01d958898 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -191,8 +191,7 @@ struct vcpu_svm { /* SEV-ES support */ struct sev_es_save_area *vmsa; - struct ghcb *ghcb; - struct kvm_host_map ghcb_map; + bool ghcb_in_use; bool received_first_sipi; unsigned int ap_reset_hold_type; @@ -204,6 +203,13 @@ struct vcpu_svm { bool ghcb_sa_sync; bool guest_state_loaded; + + /* + * SEV-ES support to hold the sw_exit_info return values to be + * sync'ed to the GHCB when mapped. + */ + u64 ghcb_sw_exit_info_1; + u64 ghcb_sw_exit_info_2; }; struct svm_cpu_data { @@ -503,6 +509,20 @@ void nested_sync_control_from_vmcb02(struct vcpu_svm *svm); void nested_vmcb02_compute_g_pat(struct vcpu_svm *svm); void svm_switch_vmcb(struct vcpu_svm *svm, struct kvm_vmcb_info *target_vmcb); +static inline void svm_set_ghcb_sw_exit_info_1(struct kvm_vcpu *vcpu, u64 val) +{ + struct vcpu_svm *svm = to_svm(vcpu); + + svm->ghcb_sw_exit_info_1 = val; +} + +static inline void svm_set_ghcb_sw_exit_info_2(struct kvm_vcpu *vcpu, u64 val) +{ + struct vcpu_svm *svm = to_svm(vcpu); + + svm->ghcb_sw_exit_info_2 = val; +} + extern struct kvm_x86_nested_ops svm_nested_ops; /* avic.c */ From patchwork Fri Aug 20 15:59:09 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449837 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23415C4338F for ; Fri, 20 Aug 2021 16:01:53 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id C73F861221 for ; Fri, 20 Aug 2021 16:01:52 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org C73F861221 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 77CD98D0006; Fri, 20 Aug 2021 12:01:11 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 72D0C8D0002; Fri, 20 Aug 2021 12:01:11 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5CD478D0006; Fri, 20 Aug 2021 12:01:11 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0158.hostedemail.com [216.40.44.158]) by kanga.kvack.org (Postfix) with ESMTP id 4068A8D0002 for ; Fri, 20 Aug 2021 12:01:11 -0400 (EDT) Received: from smtpin17.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id E17FE2D23F for ; Fri, 20 Aug 2021 16:01:10 +0000 (UTC) X-FDA: 78495923100.17.C763AD8 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2051.outbound.protection.outlook.com [40.107.237.51]) by imf10.hostedemail.com (Postfix) with ESMTP id 578226001E6F for ; Fri, 20 Aug 2021 16:01:10 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iy+zRGmubVwS3Z3u+Jgr+y/TOvuCh+Z58zEGc3al4UdsXZXuE4qZ8XaWdEUakazd1TTmVVlRDz0KlCmyLtaMqxE8naqAS3/CGpsrJs0xX/hDskuVkG9xkFMbLYHuewOYu+lDAcyHbiSeS0THYTSi04Qesi0GDZKM0SQMpsce8IhC6RHY9N68wkqyHyHCH1QUlmd8Fh/tWO94LCdGbuxDqHcRhxokPTIZSwkIfC7hF1vti28puTqkw20ITHWPIK26rSkInVDfgsyLqQv5Lk40lgmTOFSOqg6W77w3V9eNYBWpXcx9pWvWs9ZhN+KRZ8YiXHjSXkGMXkPMAnpvLONBmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KXSm6e6oosM2NMY04WCBckiuTh6x9wVDLcgHy+Qt0lQ=; b=Z+utim6V287fr1sm7Xhn50MyXMSez7jBg7nS1Dxv4vpKst+N3uWucq1xl43Y/Fagbdmm7Tld1pjtKtpJ+/c3ZArEbAeZWbYArI4K9u8QHwoZK+nqASmpGARpbahfgmeNA8cRQxWFfhG7kvJaG9BPBPW2794kj+XD5D66HBO9XBdfY1tqW8EeXnxookAj++vhnN6IbKZhHJgQvl1rnvqHqrH+6HnEnBQpumVGOoiTzRmq3+u3ttoSFhBgJzisf43XARy2TFJJ54fX2DLcR1MXwyT2R6JB3OfvVj9MvOvmXo3V+fZysQEcs2Ea049fcTRFRJk5umDN1pfUGQXocRLAbA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KXSm6e6oosM2NMY04WCBckiuTh6x9wVDLcgHy+Qt0lQ=; b=Q8UYi/E1NvL3Dmf1sddrBWYQgBxt2tduUnwOsE56856Ipj4MP2jnh17dYy7JOM7ghYroXZSmFIqw7SCnTP+G7LeTpgqYI+szqcZ57CbO4mRPo3rw7Cm6yeQKmyZ6NNsQ8I0u3dB5D4+pozT/CZCfxFGEu1UyjGxxLreqi0w1xYw= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4509.namprd12.prod.outlook.com (2603:10b6:806:9e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:01:07 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:01:07 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 36/45] KVM: SVM: Add support to handle GHCB GPA register VMGEXIT Date: Fri, 20 Aug 2021 10:59:09 -0500 Message-Id: <20210820155918.7518-37-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:39 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a83fd2bc-f7cc-4f9a-2240-08d963f3a851 X-MS-TrafficTypeDiagnostic: SA0PR12MB4509: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: kp0OKlwfVPQv9BNYI9RB7i/5v/uOKYOsEslpr2qD3dp8RZd7eRYIwEeC39A5PZ2fkz0iAo8oEocRrNQ5+EEgtxbFn32BmBJNW+Z685N5dNHNU6RUb1K1NA7xd3HtCS0miea6UV9JB49xIpWG0czhcKbzu7WQSC1qD4LenY1N+5G4vDY6V8voHUb69a8TEOh+JFfgRRp9zbDnuBQtgnazNoUABVGCOhboq7zXkIbqYJsfe5bHhmZUWIywCEKKYp+GY757kl3XIQhlbYTQya4c2f1T+rctyqGGnvjaHHzoZiWueTL+lsEK+EWo0Zf2hi3yKyWJwOqEC5+8kMJcLNTbx0em62WahWdKJN5hksyOfEsPy5qoq+O3ZFVkkjNWOS7h6b6Ev2H9E7m5jP7rV6S7Ar4pweSjxw21YjPurZ4gan14VAlj3jKpOm7fs2ZQOsEiZR4kEjdOO3cVUQK7N5iMS7i0hEJWu4YeIdKrXicOlXoINdoW1i5DEA7igwVftQz5t3PmtRmGKghEVrQjxID7VfpIoEj0ERjJ+C+zdjUaf8P7aCeateigiGB6djLvySBqTIl2FRFo8Coyk1utIvkge7nJ+4tB1mmRCWalrEkPcbMGBokophS36Mf8bCj7oKv50lpECw80fY3gtIgpC8kQRAD5E0uR1DlfqkpJta6a/T0mHr/BxerUps92O5Ae5Hp5rGS9cpCk/JpytaOtYcsNQg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(508600001)(4326008)(36756003)(7416002)(44832011)(54906003)(316002)(66946007)(66556008)(66476007)(86362001)(7406005)(956004)(6486002)(2616005)(2906002)(83380400001)(38350700002)(38100700002)(186003)(5660300002)(8936002)(52116002)(1076003)(7696005)(8676002)(26005)(6666004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: s6O2rpQW6tw15+yW6UvvqlYpoeJo/FzqO3WIqWPm6hcwIgRS6IJFBctXi9aEM1pPDq60pSWisjTkoSoC3wwM9h2S4fa+M3STdCE1RlLNrUoKTqhFZhuPUN8LujBS/B2eHbr1DKu3M4gbtQgkA/f8+GZUI5TKh7UtUm1iJCfe9LTwIpIOeV/K2V78Wn1pzgq/jdrl3fVLUguluAFC/EeGbWpsuDt5rGR7uvw+HtpM+jSXnEppqTZApqERglOjlQcUmh4GJepgRNGDyEHC3s8huVnWoHGZy/jcKtTQpvSWImpKrZ4IelfuLJUg/FzjM9GtwKnHG2UHJL1Zd1TSsYtZsBHmvEtQ54HsSna+QtCno4aSE93YQ49H6zZ7E4WrFEBSQv8Dhh4jyCjVMcp3mzmNcyrqt+ybsPWqQbrEHy5x1WXTbFmNIirlovrW6+yVbotegkX9O/GsH7XCIfLozvTSLFzAmca9kQDXZuqMEyYec9WbAaY6u8eXgRln/eqeMKiXgAoL8E00/Opie4rxFybcBkArNQfIZPH2mSGhAjy432rRG20kyke5Bo9PUaDijySDX86prD4cISLORj7KRZ5vh4IsavPUZo7WTFexODFMrxkObNKPtOn86ht3kQWQ3PAM7M420r4o0pa2n8kxirLblrVzHWAsURtP9M+B4P4Os80SvTz8WjTaUhCqpTUD4N5+OVlXa5pKM/c+pPRhShvH9GAXJ1cCrdPXuW6ZNovSKV5944LJzXDuepWFvPiy6HO0qNr/F5/Mj62nnxl6TOasekDjlLqMDiwiXSYt9fXglGsA2M3KpdsjQvJ2zF2AQX7eZtWy6116JUGJ/Iba7NUwBjLpStop6dzjdUXdwTQhDOydQKd0Tqn3jU1E1jJyZGhk+Lhqy3Fe4bOAhW7mjAwWfVBNF8IiPtZDO+Sg9LVwjgyMlgsG3ddGJtf90oJD3ZNTiL3Wgz3IbZjYAAQcbb58aZtfyQxf5NzWJ1ugmmRgSnXeI8I3sHEekAl5QUavRzzAA8O7RHUYp7xeLjeo37a10yxMDYd1aqkS0+kxwc7+0SOrOOUWfNdaOAfQAqUyDpjqW1w58mMK+nIIurqoW/7Nmq/uu4zuOzAOEfzZiny3gGWGCq23V/MZhEIp6CPAMZXtKwWj1rtkuLiHxSaQiE48rr3MshUzSVqOiD9QeGva0sS9CxdMQ44xQRpclHbwZEeFI5kNlIHkZr245V+02b/yf4kc0b7A+88SqmbYzOvUy07HrfUdNHJNNjjnnjoLM1PtCJE2KlrQMAjj4BoK1QUJQLjnPugde/PmRQG4jYuqgMbNy0qYNM/x/VU6J2Rj7osT X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: a83fd2bc-f7cc-4f9a-2240-08d963f3a851 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:40.3467 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: S38IT6auAVIxYmKP4XcpDXZRt2XgfzpCLty4l3lMu17QtOwl+4K1fSzDbueTt9lJPEYIOPk7EVmCGpXsd3aNhA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4509 Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b="Q8UYi/E1"; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf10.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.237.51 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Stat-Signature: djbs7kh4f95pya6ccafpyk4xtc581ado X-Rspamd-Queue-Id: 578226001E6F X-Rspamd-Server: rspam05 X-HE-Tag: 1629475270-771153 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: SEV-SNP guests are required to perform a GHCB GPA registration. Before using a GHCB GPA for a vCPU the first time, a guest must register the vCPU GHCB GPA. If hypervisor can work with the guest requested GPA then it must respond back with the same GPA otherwise return -1. On VMEXIT, Verify that GHCB GPA matches with the registered value. If a mismatch is detected then abort the guest. Signed-off-by: Brijesh Singh --- arch/x86/include/asm/sev-common.h | 8 ++++++++ arch/x86/kvm/svm/sev.c | 27 +++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.h | 7 +++++++ 3 files changed, 42 insertions(+) diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h index 779c7e8f836c..91089967ab09 100644 --- a/arch/x86/include/asm/sev-common.h +++ b/arch/x86/include/asm/sev-common.h @@ -59,6 +59,14 @@ #define GHCB_MSR_AP_RESET_HOLD_RESULT_POS 12 #define GHCB_MSR_AP_RESET_HOLD_RESULT_MASK GENMASK_ULL(51, 0) +/* Preferred GHCB GPA Request */ +#define GHCB_MSR_PREF_GPA_REQ 0x010 +#define GHCB_MSR_GPA_VALUE_POS 12 +#define GHCB_MSR_GPA_VALUE_MASK GENMASK_ULL(51, 0) + +#define GHCB_MSR_PREF_GPA_RESP 0x011 +#define GHCB_MSR_PREF_GPA_NONE 0xfffffffffffff + /* GHCB GPA Register */ #define GHCB_MSR_REG_GPA_REQ 0x012 #define GHCB_MSR_REG_GPA_REQ_VAL(v) \ diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index c41d972dadc3..991b8c996fc1 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2984,6 +2984,27 @@ static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) GHCB_MSR_INFO_MASK, GHCB_MSR_INFO_POS); break; } + case GHCB_MSR_PREF_GPA_REQ: { + set_ghcb_msr_bits(svm, GHCB_MSR_PREF_GPA_NONE, GHCB_MSR_GPA_VALUE_MASK, + GHCB_MSR_GPA_VALUE_POS); + set_ghcb_msr_bits(svm, GHCB_MSR_PREF_GPA_RESP, GHCB_MSR_INFO_MASK, + GHCB_MSR_INFO_POS); + break; + } + case GHCB_MSR_REG_GPA_REQ: { + u64 gfn; + + gfn = get_ghcb_msr_bits(svm, GHCB_MSR_GPA_VALUE_MASK, + GHCB_MSR_GPA_VALUE_POS); + + svm->ghcb_registered_gpa = gfn_to_gpa(gfn); + + set_ghcb_msr_bits(svm, gfn, GHCB_MSR_GPA_VALUE_MASK, + GHCB_MSR_GPA_VALUE_POS); + set_ghcb_msr_bits(svm, GHCB_MSR_REG_GPA_RESP, GHCB_MSR_INFO_MASK, + GHCB_MSR_INFO_POS); + break; + } case GHCB_MSR_TERM_REQ: { u64 reason_set, reason_code; @@ -3024,6 +3045,12 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) return -EINVAL; } + /* SEV-SNP guest requires that the GHCB GPA must be registered */ + if (sev_snp_guest(svm->vcpu.kvm) && !ghcb_gpa_is_registered(svm, ghcb_gpa)) { + vcpu_unimpl(&svm->vcpu, "vmgexit: GHCB GPA [%#llx] is not registered.\n", ghcb_gpa); + return -EINVAL; + } + ret = sev_es_validate_vmgexit(svm, &exit_code); if (ret) return ret; diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 22c01d958898..d10f7166b39d 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -210,6 +210,8 @@ struct vcpu_svm { */ u64 ghcb_sw_exit_info_1; u64 ghcb_sw_exit_info_2; + + u64 ghcb_registered_gpa; }; struct svm_cpu_data { @@ -266,6 +268,11 @@ static inline bool sev_snp_guest(struct kvm *kvm) return sev_es_guest(kvm) && sev->snp_active; } +static inline bool ghcb_gpa_is_registered(struct vcpu_svm *svm, u64 val) +{ + return svm->ghcb_registered_gpa == val; +} + static inline void vmcb_mark_all_dirty(struct vmcb *vmcb) { vmcb->control.clean = 0; From patchwork Fri Aug 20 15:59:10 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449839 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BFB1FC4338F for ; Fri, 20 Aug 2021 16:01:56 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 6544D61221 for ; Fri, 20 Aug 2021 16:01:56 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 6544D61221 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 1143E8D0022; Fri, 20 Aug 2021 12:01:12 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0C5F88D0002; Fri, 20 Aug 2021 12:01:12 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D94AB8D0022; Fri, 20 Aug 2021 12:01:11 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0067.hostedemail.com [216.40.44.67]) by kanga.kvack.org (Postfix) with ESMTP id B60738D0002 for ; Fri, 20 Aug 2021 12:01:11 -0400 (EDT) Received: from smtpin30.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 69F8618485056 for ; Fri, 20 Aug 2021 16:01:11 +0000 (UTC) X-FDA: 78495923142.30.8493BE5 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2051.outbound.protection.outlook.com [40.107.237.51]) by imf10.hostedemail.com (Postfix) with ESMTP id C9F286001994 for ; Fri, 20 Aug 2021 16:01:10 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VsPfhv/KYH1As0RZPtT3bNIVszE3CwY18WUgc23fZa3vImBzUQdORUTDQU11QyuFzQVw4t5IyOk4DVRZIqPdZcyG09PZU/Hslh6l0UlzRPSX5lT0xg44VYsbDB/LcWyhpDIdu4j2Khx3iSCUam2zvHXy1W7cSU6VeHx3lgTSWt3AwcXesh4+04gHQvwI432hil+AhkqDHc4K3/TkWaXgk+F1APtMwcHEGla5UsueYu9D23XnxAsgbsJwydLoC7u/sNWT/1xi+4hXJGxLEV4knzOdgRCCIgL5TTi7uv2qVZyHESHaQIhDWUnpMBnFGOtAOgZyR75zP1ELgneLL3K1yg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IlUYeTGJpskcVXFwShMkiZufrtGyx+SVAJgfuVhYqKE=; b=Zcx/4oHAsPfSjwd3HuHjmRZUSru8bWCLcF/M04Ko0IKF1YPmDn63S7RgHTrkDM/yLA2+uUght4wVmpuTak9Op2U+SuEzv8Juilrn7lP9C7Fh8t1nLIjIeHfaQom94gKhRyW7wP2O92MSXtrB3tAtWUKlgP4JvbL6+TUZaVkoO+4d0xyD1i1FuPzF9ms0/oE52s+citv6ZiR00tE9fRlaoTrY5F4AfZ1VkAfN90ps37RumxCTQ19M6vJjc+j91OBIaGiwPbblAzwM89q5cuEYbwhjSHwswk8KzT93vXyDmHnLIS5hoE7JhJBjIjfMroyN8xQkbYxkjkKieyMxHO70mQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IlUYeTGJpskcVXFwShMkiZufrtGyx+SVAJgfuVhYqKE=; b=JNQEBXL3BRBaJkQJEysIbnJ21v8L2nvPOfmk1K5F1jBG0oWyOOVtwy/PLotfgbVBwcCozoYXFZocpjDe6qEbnl8oLs9aPU4H4PxswdKxi6uFZWnlSne/L9tFJu+qHF2SVwDnS6kD1UUTsLDUr2snmI1MctnHMVgVeNJBB1y1eQM= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4509.namprd12.prod.outlook.com (2603:10b6:806:9e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:01:08 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:01:08 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 37/45] KVM: SVM: Add support to handle MSR based Page State Change VMGEXIT Date: Fri, 20 Aug 2021 10:59:10 -0500 Message-Id: <20210820155918.7518-38-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:40 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 0e4103c1-2c14-4b89-8ab0-08d963f3a905 X-MS-TrafficTypeDiagnostic: SA0PR12MB4509: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: EnYs1BUsevUHbQchg7ZnRY3z0OuwbniyF2neBNS/MZBVoTukgkjytgnxc9IJEc3bMnkoWGJBkvc9+vTMf9yFo1da5PGJkU3GDqmGpQrjsN2elNaU0QKAPK4PMK+Aj49hve3Q9iBQp0JS7VBYwjwLXKtmuwG0XkvHAiBsVXJmhvtqIJusOj+a1Oq+KFiwSzfltzbhP5SVjooWrrvFC0HbJSpyaOZHnSbkiUGRcIqpwVdcLVU2Vx8APmCBGz1He2+HpgYENqJEqDdAGNydFa1xlAGwWmj6Ql9BMfSdKxBQCtueZyObzNrGehcDkDiPe7hXrJGLnUZy+eZAxczU1kGnyFccBJeDazdJnBnrTBhataHOkXyniMvoPLHrxwROTVVVd4FP0GSiLgAjlvdmTsTOORvZ21irQZmSP1KVaK491CpWun2GjcnGxIOgr3rQrYf7HZDKjt7GgcvLOqST5KbAPdyxf8j9mYVvmvy8K96J3iL5++azW2XUp8etGTHgz1jIV3dPP5w/A3FTvauyIhqv05Eggli3iTx4dLA8Te1ZxhwuK3+1v9AFe7TOIh/9NmkR0zkfK5MoIZRTCEA8PflY8JYrsN3TWvZpyq8ORKdH1XXmh2Ap3KRCPYWj//TlrbSTaVfVzk9T78kvgSGEYk06ZnYtK4HtXnR9sEzJqaW7WN3qKIBdtXAHvGk7XCuSJj3chYcXnpvVL3tXSiC/mayzeA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(508600001)(4326008)(36756003)(7416002)(44832011)(54906003)(316002)(66946007)(66556008)(66476007)(86362001)(7406005)(956004)(6486002)(2616005)(2906002)(83380400001)(38350700002)(38100700002)(186003)(5660300002)(8936002)(52116002)(1076003)(7696005)(8676002)(26005)(6666004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: vcs00I7Bo7HmhXL7q5vDu+tR+GIbLbe598ixMsrXUNoKjFziGCiQy2UhQdUdJtwj5Jst4OVK2SJ3+Pjs2LRRDN1KcNUL+PrLNfCTvm9Seb+G95/AUAsCVV4/fRa/bD39r3MMb/o+Es7GgQoyboUOnZ1yOc9CnvihfXGYzf9J/2lFlyRHm27q54ui8UHFgZiWlMvVDEnLDemToRyjLmgBfakOPc4sHEzmTFDxIm+COTQkqufzNM2t2Gg2GBHGBhdz1zjVtQ2tGXvaFR7OOmRYjG8DPAaj1biQ/dNykAK7k7KOzt6SoLGN9tCFHfNnQ+JtFhsFtqh88zH8skPGi+6aM3Y/EG20DKt8qsYoGMJPGSfpnVQeJ6QQNg7B9xDP+/OmwFvTmvqUBujwFYqjpBmu9RLLcRZrHvJmkHfmXLI4CcnfRKjTD20nMN+8kO8a8Nr+NqZnPeEaX6yxZgpMsuq/EsAF6o6XRojDXjS0PowavBp053pgLN2bEL/5r4101jOKiTGV9wdLNWHEZzBGNfVV/isvLRhjM6q1NKil0CmYCYh9mv8STUdd2H1A4Fk72ZLTkI/253XBSdq+80BUp3Ye2viV5xQorewzhWJrPvnk9oQz0HBHg3idZNml3thH3JNKhc/UkWmLUxJbxLhg2Zu1rrmNCjU+hfi8qIsKM1zGzM9ic9qboXJx+WegQAlB+JpDJZNYmEYOrpOztOZrOYCSKv/fK9+1GiwMiqNmjOa/I9OtDdm9vo9XdYhMwsu1/tX92e1wJLfPt5Vk7lYrER/gF4MuoGo6Y12zYJTXuB/zdvsq6qSGrwJL8ZsLZzZF1IGU6CZVLp+dMu4dgpjMyNhsNDX7QpcZV0tM4N+BipeerzKVWgUdTai90JIVQjjRa1NM0JEYdjhkW5hgF3BoJmRLP/RnHNPki5n8w7SK5735VKWhv+c53xSWGDWKo6mcwPMY0ttFJvS8oDaB+nXRBNlgAlUIE6CpH5s7MODtZEoIVpfWVEzYBmlDNew0dqE1dqrZEAWbS2HYpY6bvv/rw0YTmfxDB02X0Nqn7mXCk4T7dRi6DNpAeCNV9TR/cCoDBZohfORUHV9gDe3IBTeuGRoEyPLRiYctLVoDhyTe+G5vw76kBg89kEmeANV2PCYTWOqNdIOSJYKAZbsy+EZsuU1BKO5GytQ4LzOxSUEGHJe5ewSfZ2iwm+xSrFW5RtStaCLVubMNhBFbZusooc1ISe8k7lBDMf186i9OPY8j2s5gpbQiBs1fPdXKJTR+6InOwcbkkdLjDYuvNJpbib0rZ7YyGCX8hzdWVEpc/sWiAbaIXjmkCAvurwADJ54mhjKPaLxn X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0e4103c1-2c14-4b89-8ab0-08d963f3a905 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:41.5270 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: WSuKLYwnb1ElP4h288vA3uplOQzckKR/6vdtuThiD0bCDmO+Naaoljh9oDaMCTVD06BKFUP34/G6dUsnlzZBag== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4509 Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=JNQEBXL3; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf10.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.237.51 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Stat-Signature: 41ky7rbh5dmsqxdbrkx5b8uai11q5baw X-Rspamd-Queue-Id: C9F286001994 X-Rspamd-Server: rspam05 X-HE-Tag: 1629475270-427428 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: SEV-SNP VMs can ask the hypervisor to change the page state in the RMP table to be private or shared using the Page State Change MSR protocol as defined in the GHCB specification. Before changing the page state in the RMP entry, lookup the page in the NPT to make sure that there is a valid mapping for it. If the mapping exist then try to find a workable page level between the NPT and RMP for the page. If the page is not mapped in the NPT, then create a fault such that it gets mapped before we change the page state in the RMP entry. Signed-off-by: Brijesh Singh --- arch/x86/include/asm/sev-common.h | 9 ++ arch/x86/kvm/svm/sev.c | 197 ++++++++++++++++++++++++++++++ arch/x86/kvm/trace.h | 34 ++++++ arch/x86/kvm/x86.c | 1 + 4 files changed, 241 insertions(+) diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h index 91089967ab09..4980f77aa1d5 100644 --- a/arch/x86/include/asm/sev-common.h +++ b/arch/x86/include/asm/sev-common.h @@ -89,6 +89,10 @@ enum psc_op { }; #define GHCB_MSR_PSC_REQ 0x014 +#define GHCB_MSR_PSC_GFN_POS 12 +#define GHCB_MSR_PSC_GFN_MASK GENMASK_ULL(39, 0) +#define GHCB_MSR_PSC_OP_POS 52 +#define GHCB_MSR_PSC_OP_MASK 0xf #define GHCB_MSR_PSC_REQ_GFN(gfn, op) \ /* GHCBData[55:52] */ \ (((u64)((op) & 0xf) << 52) | \ @@ -98,6 +102,11 @@ enum psc_op { GHCB_MSR_PSC_REQ) #define GHCB_MSR_PSC_RESP 0x015 +#define GHCB_MSR_PSC_ERROR_POS 32 +#define GHCB_MSR_PSC_ERROR_MASK GENMASK_ULL(31, 0) +#define GHCB_MSR_PSC_ERROR GENMASK_ULL(31, 0) +#define GHCB_MSR_PSC_RSVD_POS 12 +#define GHCB_MSR_PSC_RSVD_MASK GENMASK_ULL(19, 0) #define GHCB_MSR_PSC_RESP_VAL(val) \ /* GHCBData[63:32] */ \ (((u64)(val) & GENMASK_ULL(63, 32)) >> 32) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 991b8c996fc1..6d9483ec91ab 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -31,6 +31,7 @@ #include "svm_ops.h" #include "cpuid.h" #include "trace.h" +#include "mmu.h" #define __ex(x) __kvm_handle_fault_on_reboot(x) @@ -2905,6 +2906,181 @@ static void set_ghcb_msr(struct vcpu_svm *svm, u64 value) svm->vmcb->control.ghcb_gpa = value; } +static int snp_rmptable_psmash(struct kvm *kvm, kvm_pfn_t pfn) +{ + pfn = pfn & ~(KVM_PAGES_PER_HPAGE(PG_LEVEL_2M) - 1); + + return psmash(pfn); +} + +static int snp_make_page_shared(struct kvm *kvm, gpa_t gpa, kvm_pfn_t pfn, int level) +{ + int rc, rmp_level; + + rc = snp_lookup_rmpentry(pfn, &rmp_level); + if (rc < 0) + return -EINVAL; + + /* If page is not assigned then do nothing */ + if (!rc) + return 0; + + /* + * Is the page part of an existing 2MB RMP entry ? Split the 2MB into + * multiple of 4K-page before making the memory shared. + */ + if (level == PG_LEVEL_4K && rmp_level == PG_LEVEL_2M) { + rc = snp_rmptable_psmash(kvm, pfn); + if (rc) + return rc; + } + + return rmp_make_shared(pfn, level); +} + +static int snp_check_and_build_npt(struct kvm_vcpu *vcpu, gpa_t gpa, int level) +{ + struct kvm *kvm = vcpu->kvm; + int rc, npt_level; + kvm_pfn_t pfn; + + /* + * Get the pfn and level for the gpa from the nested page table. + * + * If the tdp walk fails, then its safe to say that there is no + * valid mapping for this gpa. Create a fault to build the map. + */ + write_lock(&kvm->mmu_lock); + rc = kvm_mmu_get_tdp_walk(vcpu, gpa, &pfn, &npt_level); + write_unlock(&kvm->mmu_lock); + if (!rc) { + pfn = kvm_mmu_map_tdp_page(vcpu, gpa, PFERR_USER_MASK, level); + if (is_error_noslot_pfn(pfn)) + return -EINVAL; + } + + return 0; +} + +static int snp_gpa_to_hva(struct kvm *kvm, gpa_t gpa, hva_t *hva) +{ + struct kvm_memory_slot *slot; + gfn_t gfn = gpa_to_gfn(gpa); + int idx; + + idx = srcu_read_lock(&kvm->srcu); + slot = gfn_to_memslot(kvm, gfn); + if (!slot) { + srcu_read_unlock(&kvm->srcu, idx); + return -EINVAL; + } + + /* + * Note, using the __gfn_to_hva_memslot() is not solely for performance, + * it's also necessary to avoid the "writable" check in __gfn_to_hva_many(), + * which will always fail on read-only memslots due to gfn_to_hva() assuming + * writes. + */ + *hva = __gfn_to_hva_memslot(slot, gfn); + srcu_read_unlock(&kvm->srcu, idx); + + return 0; +} + +static int __snp_handle_page_state_change(struct kvm_vcpu *vcpu, enum psc_op op, gpa_t gpa, + int level) +{ + struct kvm_sev_info *sev = &to_kvm_svm(vcpu->kvm)->sev_info; + struct kvm *kvm = vcpu->kvm; + int rc, npt_level; + kvm_pfn_t pfn; + gpa_t gpa_end; + + gpa_end = gpa + page_level_size(level); + + while (gpa < gpa_end) { + /* + * If the gpa is not present in the NPT then build the NPT. + */ + rc = snp_check_and_build_npt(vcpu, gpa, level); + if (rc) + return -EINVAL; + + if (op == SNP_PAGE_STATE_PRIVATE) { + hva_t hva; + + if (snp_gpa_to_hva(kvm, gpa, &hva)) + return -EINVAL; + + /* + * Verify that the hva range is registered. This enforcement is + * required to avoid the cases where a page is marked private + * in the RMP table but never gets cleanup during the VM + * termination path. + */ + mutex_lock(&kvm->lock); + rc = is_hva_registered(kvm, hva, page_level_size(level)); + mutex_unlock(&kvm->lock); + if (!rc) + return -EINVAL; + + /* + * Mark the userspace range unmerable before adding the pages + * in the RMP table. + */ + mmap_write_lock(kvm->mm); + rc = snp_mark_unmergable(kvm, hva, page_level_size(level)); + mmap_write_unlock(kvm->mm); + if (rc) + return -EINVAL; + } + + write_lock(&kvm->mmu_lock); + + rc = kvm_mmu_get_tdp_walk(vcpu, gpa, &pfn, &npt_level); + if (!rc) { + /* + * This may happen if another vCPU unmapped the page + * before we acquire the lock. Retry the PSC. + */ + write_unlock(&kvm->mmu_lock); + return 0; + } + + /* + * Adjust the level so that we don't go higher than the backing + * page level. + */ + level = min_t(size_t, level, npt_level); + + trace_kvm_snp_psc(vcpu->vcpu_id, pfn, gpa, op, level); + + switch (op) { + case SNP_PAGE_STATE_SHARED: + rc = snp_make_page_shared(kvm, gpa, pfn, level); + break; + case SNP_PAGE_STATE_PRIVATE: + rc = rmp_make_private(pfn, gpa, level, sev->asid, false); + break; + default: + rc = -EINVAL; + break; + } + + write_unlock(&kvm->mmu_lock); + + if (rc) { + pr_err_ratelimited("Error op %d gpa %llx pfn %llx level %d rc %d\n", + op, gpa, pfn, level, rc); + return rc; + } + + gpa = gpa + page_level_size(level); + } + + return 0; +} + static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) { struct vmcb_control_area *control = &svm->vmcb->control; @@ -3005,6 +3181,27 @@ static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) GHCB_MSR_INFO_POS); break; } + case GHCB_MSR_PSC_REQ: { + gfn_t gfn; + int ret; + enum psc_op op; + + gfn = get_ghcb_msr_bits(svm, GHCB_MSR_PSC_GFN_MASK, GHCB_MSR_PSC_GFN_POS); + op = get_ghcb_msr_bits(svm, GHCB_MSR_PSC_OP_MASK, GHCB_MSR_PSC_OP_POS); + + ret = __snp_handle_page_state_change(vcpu, op, gfn_to_gpa(gfn), PG_LEVEL_4K); + + if (ret) + set_ghcb_msr_bits(svm, GHCB_MSR_PSC_ERROR, + GHCB_MSR_PSC_ERROR_MASK, GHCB_MSR_PSC_ERROR_POS); + else + set_ghcb_msr_bits(svm, 0, + GHCB_MSR_PSC_ERROR_MASK, GHCB_MSR_PSC_ERROR_POS); + + set_ghcb_msr_bits(svm, 0, GHCB_MSR_PSC_RSVD_MASK, GHCB_MSR_PSC_RSVD_POS); + set_ghcb_msr_bits(svm, GHCB_MSR_PSC_RESP, GHCB_MSR_INFO_MASK, GHCB_MSR_INFO_POS); + break; + } case GHCB_MSR_TERM_REQ: { u64 reason_set, reason_code; diff --git a/arch/x86/kvm/trace.h b/arch/x86/kvm/trace.h index 1c360e07856f..35ca1cf8440a 100644 --- a/arch/x86/kvm/trace.h +++ b/arch/x86/kvm/trace.h @@ -7,6 +7,7 @@ #include #include #include +#include #undef TRACE_SYSTEM #define TRACE_SYSTEM kvm @@ -1711,6 +1712,39 @@ TRACE_EVENT(kvm_vmgexit_msr_protocol_exit, __entry->vcpu_id, __entry->ghcb_gpa, __entry->result) ); +/* + * Tracepoint for the SEV-SNP page state change processing + */ +#define psc_operation \ + {SNP_PAGE_STATE_PRIVATE, "private"}, \ + {SNP_PAGE_STATE_SHARED, "shared"} \ + +TRACE_EVENT(kvm_snp_psc, + TP_PROTO(unsigned int vcpu_id, u64 pfn, u64 gpa, u8 op, int level), + TP_ARGS(vcpu_id, pfn, gpa, op, level), + + TP_STRUCT__entry( + __field(int, vcpu_id) + __field(u64, pfn) + __field(u64, gpa) + __field(u8, op) + __field(int, level) + ), + + TP_fast_assign( + __entry->vcpu_id = vcpu_id; + __entry->pfn = pfn; + __entry->gpa = gpa; + __entry->op = op; + __entry->level = level; + ), + + TP_printk("vcpu %u, pfn %llx, gpa %llx, op %s, level %d", + __entry->vcpu_id, __entry->pfn, __entry->gpa, + __print_symbolic(__entry->op, psc_operation), + __entry->level) +); + #endif /* _TRACE_KVM_H */ #undef TRACE_INCLUDE_PATH diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index e5d5c5ed7dd4..afcdc75a99f2 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -12371,3 +12371,4 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_enter); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_exit); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_msr_protocol_enter); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_msr_protocol_exit); +EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_snp_psc); From patchwork Fri Aug 20 15:59:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449841 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4A7F6C432BE for ; Fri, 20 Aug 2021 16:02:00 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id E985C61221 for ; Fri, 20 Aug 2021 16:01:59 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org E985C61221 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 6E1D28D0002; Fri, 20 Aug 2021 12:01:12 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6B7ED8D0023; Fri, 20 Aug 2021 12:01:12 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 508C58D0002; Fri, 20 Aug 2021 12:01:12 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0098.hostedemail.com [216.40.44.98]) by kanga.kvack.org (Postfix) with ESMTP id 342FE8D0023 for ; Fri, 20 Aug 2021 12:01:12 -0400 (EDT) Received: from smtpin11.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id D72B7824C43E for ; Fri, 20 Aug 2021 16:01:11 +0000 (UTC) X-FDA: 78495923142.11.0486164 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2051.outbound.protection.outlook.com [40.107.237.51]) by imf10.hostedemail.com (Postfix) with ESMTP id 559C36001987 for ; Fri, 20 Aug 2021 16:01:11 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fQEffHwOEfJXe3Ct9qXrtiswzDlIw8nvYocXaKheU8VOb/nD/nroQu6Gp/6HTv5zygnmgabInn7AcfdgMgujPdckZvyO+6CFfLcXv2aIQrDGVcfc9ZbqmtVeYiIo0CWMZo/g5retS5Gt3gceq+Miuj+11X53szM6cRWC+q7UMQiQL7O6hpEcdeUxqsslEYPfT4RPVCxBfEtCC2xUNWkQO6+HP513v2/a46Ljwvy7zqR1Mmth+vakTtLYbBpTRRxg55ulpl6l4T51Ps8wQkx/rIsD/Ejtz1v0WNt98lSFKg+jENoT2yMvN3/27U83N3eN1m+WJyzRVOMz66CRkPMQrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RKqVjfxJwfOckUs4khLKJnX2F948fdlcNswk7S6UPNM=; b=fA69D8CqR4Ak1vz4UwcGqEmhpmgfS6MuxT3IXGl0sWCSRa09f4A78dWQhurgfpFbF1X/rixqcx5OTQezrAbumv6SHkrjnlOR6lM1VGNFIOEwLx88EYoTPh9Mx0wRFzSDjDiNvZQ6j7GUs+wKGwljFWpQQTcLm0lPjNsaSw0Yav1m3Ql31k/98vj3NjsZldRj4602MT7vc88DYStw4h5tuNyMYD0VkdNHLOysXHeBa3Svqy9ioSgLfcUskU/pLP7ZLPYSEL0SHJZoNLsA6OBAS9Ahm6/BYqhQPtWca9RoiHkRKiZv8zNVFqZ4fyD8hVYXQmrCPwuFeJQBnx++eiZG5w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RKqVjfxJwfOckUs4khLKJnX2F948fdlcNswk7S6UPNM=; b=5K1yoKnvRFhHgpfgZZ9bbKk6CUO7R1ZFZZfKpeFZuHWfwF68VfGKpCENlvikGnyuZg/VL8LLAcFmdQ78Rpycxp1XqD4F1JoVZHlM4hm77mGoPm7si27Jqk3wCQcbisAH/EBkxl4wNvi2HoHszrZ9TDdWcN76ZQO+Wa++ecVdy1Q= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4509.namprd12.prod.outlook.com (2603:10b6:806:9e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:01:08 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:01:08 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 38/45] KVM: SVM: Add support to handle Page State Change VMGEXIT Date: Fri, 20 Aug 2021 10:59:11 -0500 Message-Id: <20210820155918.7518-39-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:41 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: e62dcf92-fe45-40fc-7e05-08d963f3a9b9 X-MS-TrafficTypeDiagnostic: SA0PR12MB4509: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6430; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: EKwXIJnjKzVKz2BIRqhf2v+ZkITCFmpQZZ0jtwfG2+ECZo/xp65UNVA3K7sWYHDNTjMI8C3bHAsjRW7TVL3rVhU8ZLGEkBUwXBqcOr8gnzqEQYZx4s56PQQ3hLeJ8boInlm1lnSSRU/6dIrz5pGVsS1oatsaN2UhxNN2Uda6yjSu7RvBrB1ZVpfCzI08VctbMUvLHZC/b8BuRjApmfn5oFG44o7uQOB/QS75Rz/zsSFTv2xXf6Z4blrukdjk5gp1fd+vb9IJqAXwmuatOpY/y83h6THS3w+mxIykLBGXNG+caNWLX32Fk0npanpXuJYtb7Y2OARg/3hRxvBR/YPqW1nx1kek1oEzbN+Sw3PyfEhI2cWgH2gEIeGQJe0X7BoZKETdDE/4RPW+yrrfhmWNRnYAp3OiD1SKAmoxl1QfOQh+6qmAq35z20xDG3TrfFtPKKjGK1B81Yl/iVvBB9nrXRQAlPGC78fmBGyCFCvC81TJ7uUrVELcnRutAZ1pqkCqpbe98gmGAFdci3K9l0AsV1UuVL1Ac0VuU6DJWqZnZKiuG1dXBBFncTRYWAERbW/tUBdr2eoBZalNb/oq0kjKHA2wEw7ABEhzKnNB7gZTuJRcTxzLO8GfT7hxukOs7TK54GF7gwZNfxNIu2qSJ77+BEm4b7eTfVb9YNKnMr0gFtIJcQ4y3viO/mwi4u0wIsD2lZDJ8pCBN4ZHGhGO5IQKwA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(508600001)(4326008)(36756003)(7416002)(44832011)(54906003)(316002)(66946007)(66556008)(66476007)(86362001)(7406005)(956004)(6486002)(2616005)(2906002)(83380400001)(38350700002)(38100700002)(186003)(5660300002)(8936002)(52116002)(1076003)(7696005)(8676002)(26005)(6666004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: rjlfMhIPXa+DTQgIUGb6trSvmM1cAdXYxlJdCzD/CeWdjOGXqnj1btcJKjFBj3wiq4ik6Sb6gKmHn6mYAlM7EvySqpd7BglcjreJFDylXZ6NA3kL206CdzN1ZdEt1U3YwOwyIaBdnicDmNYJNwxnIc9aSNcWzVftVFAmR1ELYbyLGFPqsEvSaSBTj2sjsjm9QomQMbEu3zgxJHFCSOr1UD1ZaEFBbBLoLqVHQWgSD6zevTeYkWrkWoGpVnZIG9pPU1DGuvVZMzJ1e+M0rKfXewfynR3NVEgHpYaXtDaV3ZEXPDCaz2nUMxTOfn4DKBgKhuW8usCOpFrLXq8ZJ0c5RgwZl+bjYSj1x0QEZ1qXwTVittFktJfZg2S15rG2G32Y/gipG2urmWkQ+gQATTMADw1klBR+TXqqjqlGJgFRf1vp+ubXTm5rEGZnFlQoFbHvFXDkOg51Lzv9C4kT9LjO1hvTAWvt3aRywpITmnwUrV3Hpmqt/uDgSJi98bBpJtPUdDryAOz8oZA5SL7820PXLZwj8W0QW/E1kl6kSxZDV77V40oeAiES9U0bTUJiPHIEq/oLGnVyMDt3FovA8w//jVQao9gZ7B23Ll9NP8BQ6229N9ozsk7W1ovZJbfL0bbkMDT74K6OY9l+TgwKlHN3xDJM34ZEhA/n0PQ1ILZtinmkvvDP7UcrulUoLsXrB2qOS7F4Xprq/nPKH0X/5V6mj53upOKxtAqNXaklUoLGqfCyrW/j+yU9IOhf6fz6Wcy1YVU6d8hfMq5ENEO00NWSLgZyOcj76pDJ7BlyoPCHRHhqu4lhGyla6xnCn3cMUprjt7d5bZ+rx+CLk4kDewspfTCKUL2fmYBNK6S/fpUmBTFuBnO+hDITWuCG8ydcon1zvFlRJabmGR+ws99LWRI63uB5gCwwsChh5nEnGU9XGqdX5zvKBnwYBX6JS0QlUJZF9JfQMIDf18hjiKkHFROzbqS3THDIs0cGTPGG8V1tEcxfXu/FBV8nkgXlc/e7G2OjlifhXPEoQJBw1gMFYXSSm45YNXJMbzdfmDuax8I+VZFvw+n5+LHXV3Zf13wRNuy+BDbcgMG2h1vv7J6cZVS+y8lm3p52m+PyM1Fu+Icx8StAJFcX+lJgLSYV/Ug2Ajjs9q5yw4uDhjaEGgpDDo/OnvAfZUrlZXAf3+p4IqdOhaBtdtRvZMV5Y/nG/ULuZO+mM37J0aCCZDAoR0GbfC0AXXHNQ33XnwGoXcZDMcYQnTx7B2Tyxe8ki4MIeIZswzfbXcIf3Am8hrzyYHRYu7Nyqztmxjx3s+tiHIw94g4aLcKznLGggTKtwMmcScRjV5GE X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: e62dcf92-fe45-40fc-7e05-08d963f3a9b9 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:42.7113 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Rvk5ds+fS47zaWT837BcOlwYkyXp2vJ8AaieqY+gk7nzlfpMQY2j8hZTW4s6cc7tR76Y8hUaTlFxwU82I9sp6A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4509 Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=5K1yoKnv; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf10.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.237.51 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Stat-Signature: hnaftrstyzoebh4bat7ar98mdf5gf7zr X-Rspamd-Queue-Id: 559C36001987 X-Rspamd-Server: rspam05 X-HE-Tag: 1629475271-686825 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: SEV-SNP VMs can ask the hypervisor to change the page state in the RMP table to be private or shared using the Page State Change NAE event as defined in the GHCB specification version 2. Signed-off-by: Brijesh Singh --- arch/x86/include/asm/sev-common.h | 7 +++ arch/x86/kvm/svm/sev.c | 82 +++++++++++++++++++++++++++++-- 2 files changed, 84 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h index 4980f77aa1d5..5ee30bb2cdb8 100644 --- a/arch/x86/include/asm/sev-common.h +++ b/arch/x86/include/asm/sev-common.h @@ -126,6 +126,13 @@ enum psc_op { /* SNP Page State Change NAE event */ #define VMGEXIT_PSC_MAX_ENTRY 253 +/* The page state change hdr structure in not valid */ +#define PSC_INVALID_HDR 1 +/* The hdr.cur_entry or hdr.end_entry is not valid */ +#define PSC_INVALID_ENTRY 2 +/* Page state change encountered undefined error */ +#define PSC_UNDEF_ERR 3 + struct psc_hdr { u16 cur_entry; u16 end_entry; diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 6d9483ec91ab..0de85ed63e9b 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2731,6 +2731,7 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm, u64 *exit_code) case SVM_VMGEXIT_AP_JUMP_TABLE: case SVM_VMGEXIT_UNSUPPORTED_EVENT: case SVM_VMGEXIT_HV_FEATURES: + case SVM_VMGEXIT_PSC: break; default: goto vmgexit_err; @@ -3004,13 +3005,13 @@ static int __snp_handle_page_state_change(struct kvm_vcpu *vcpu, enum psc_op op, */ rc = snp_check_and_build_npt(vcpu, gpa, level); if (rc) - return -EINVAL; + return PSC_UNDEF_ERR; if (op == SNP_PAGE_STATE_PRIVATE) { hva_t hva; if (snp_gpa_to_hva(kvm, gpa, &hva)) - return -EINVAL; + return PSC_UNDEF_ERR; /* * Verify that the hva range is registered. This enforcement is @@ -3022,7 +3023,7 @@ static int __snp_handle_page_state_change(struct kvm_vcpu *vcpu, enum psc_op op, rc = is_hva_registered(kvm, hva, page_level_size(level)); mutex_unlock(&kvm->lock); if (!rc) - return -EINVAL; + return PSC_UNDEF_ERR; /* * Mark the userspace range unmerable before adding the pages @@ -3032,7 +3033,7 @@ static int __snp_handle_page_state_change(struct kvm_vcpu *vcpu, enum psc_op op, rc = snp_mark_unmergable(kvm, hva, page_level_size(level)); mmap_write_unlock(kvm->mm); if (rc) - return -EINVAL; + return PSC_UNDEF_ERR; } write_lock(&kvm->mmu_lock); @@ -3062,8 +3063,11 @@ static int __snp_handle_page_state_change(struct kvm_vcpu *vcpu, enum psc_op op, case SNP_PAGE_STATE_PRIVATE: rc = rmp_make_private(pfn, gpa, level, sev->asid, false); break; + case SNP_PAGE_STATE_PSMASH: + case SNP_PAGE_STATE_UNSMASH: + /* TODO: Add support to handle it */ default: - rc = -EINVAL; + rc = PSC_INVALID_ENTRY; break; } @@ -3081,6 +3085,65 @@ static int __snp_handle_page_state_change(struct kvm_vcpu *vcpu, enum psc_op op, return 0; } +static inline unsigned long map_to_psc_vmgexit_code(int rc) +{ + switch (rc) { + case PSC_INVALID_HDR: + return ((1ul << 32) | 1); + case PSC_INVALID_ENTRY: + return ((1ul << 32) | 2); + case RMPUPDATE_FAIL_OVERLAP: + return ((3ul << 32) | 2); + default: return (4ul << 32); + } +} + +static unsigned long snp_handle_page_state_change(struct vcpu_svm *svm) +{ + struct kvm_vcpu *vcpu = &svm->vcpu; + int level, op, rc = PSC_UNDEF_ERR; + struct snp_psc_desc *info; + struct psc_entry *entry; + u16 cur, end; + gpa_t gpa; + + if (!sev_snp_guest(vcpu->kvm)) + return PSC_INVALID_HDR; + + if (!setup_vmgexit_scratch(svm, true, sizeof(*info))) { + pr_err("vmgexit: scratch area is not setup.\n"); + return PSC_INVALID_HDR; + } + + info = (struct snp_psc_desc *)svm->ghcb_sa; + cur = info->hdr.cur_entry; + end = info->hdr.end_entry; + + if (cur >= VMGEXIT_PSC_MAX_ENTRY || + end >= VMGEXIT_PSC_MAX_ENTRY || cur > end) + return PSC_INVALID_ENTRY; + + for (; cur <= end; cur++) { + entry = &info->entries[cur]; + gpa = gfn_to_gpa(entry->gfn); + level = RMP_TO_X86_PG_LEVEL(entry->pagesize); + op = entry->operation; + + if (!IS_ALIGNED(gpa, page_level_size(level))) { + rc = PSC_INVALID_ENTRY; + goto out; + } + + rc = __snp_handle_page_state_change(vcpu, op, gpa, level); + if (rc) + goto out; + } + +out: + info->hdr.cur_entry = cur; + return rc ? map_to_psc_vmgexit_code(rc) : 0; +} + static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) { struct vmcb_control_area *control = &svm->vmcb->control; @@ -3315,6 +3378,15 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) ret = 1; break; } + case SVM_VMGEXIT_PSC: { + unsigned long rc; + + ret = 1; + + rc = snp_handle_page_state_change(svm); + svm_set_ghcb_sw_exit_info_2(vcpu, rc); + break; + } case SVM_VMGEXIT_UNSUPPORTED_EVENT: vcpu_unimpl(vcpu, "vmgexit: unsupported event - exit_info_1=%#llx, exit_info_2=%#llx\n", From patchwork Fri Aug 20 15:59:12 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449843 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D50C3C432BE for ; Fri, 20 Aug 2021 16:02:03 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 783C161221 for ; Fri, 20 Aug 2021 16:02:03 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 783C161221 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 24CF58D0024; Fri, 20 Aug 2021 12:01:13 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1FE888D0025; Fri, 20 Aug 2021 12:01:13 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F1B628D0024; Fri, 20 Aug 2021 12:01:12 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0064.hostedemail.com [216.40.44.64]) by kanga.kvack.org (Postfix) with ESMTP id D27498D0023 for ; Fri, 20 Aug 2021 12:01:12 -0400 (EDT) Received: from smtpin20.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 7ED942D4C4 for ; Fri, 20 Aug 2021 16:01:12 +0000 (UTC) X-FDA: 78495923184.20.1B491A6 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2051.outbound.protection.outlook.com [40.107.237.51]) by imf10.hostedemail.com (Postfix) with ESMTP id E023B600198E for ; Fri, 20 Aug 2021 16:01:11 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JC2NnvQUfzdzuvdpvW3AWvskmIon5SBMXg7vQTOy6vvenG0jEmRU+IyIjpvNqA3hCfGFcC17NkR3SAVCXaDuALSOxI6p1A6xEoScQA6h+yWXheuwq8/pyAFaWfs98BfXP16g9dKj5VDmKIrYtoStzdQMKaSOHqJ/QaVLV2rIaR2+vEWETLpX0YPFSYtqW+6YlbkAhEu/gJ1bke/HQ9/g3IuotOJWzoBd8J72K7ScJDnzaxwcQLUnmA4dd8h5OoUaFnkew8Ba7UufuPdgHHZFwFPdHxyQ86arocmfMgrSGX4M5rwgUeMghwvfthTmMrD3sXsNGqa1I52XNsy04fNTIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OwdgEaPmKyxwoGNdGmt5BLL68r7SDTmY/rgZpxhckmE=; b=etzkRr09vtAnsLnE7KJ0ZBX16YZ697xYKekrrj104ESorfhHJ81sXWoMztVte/aVPJZ/+xQ0VOIcn7EyA1oXieqc285x8KAYMSupkUOZIpsKyhEYeDI3li//rZPKAS0fZVSI+95OHapDqXShHM1Inj+HAtoQiS41Hyo9K+VBYYnwnwiGreWETxtGuSGOVkwE32/nQIpZgfS+8teIwtgC9Hc7NWwZkcpPR/xWQ2gtfy13hjyywwSQmq/qEVLfDI+yST/gujNbuhuuzn5quNeQSmY6a8f4It4qzgm3BHymDptkVWwTUkAwdzPkSuNgkDOnHidzLOdzsRXL4KhBgEWMzw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OwdgEaPmKyxwoGNdGmt5BLL68r7SDTmY/rgZpxhckmE=; b=vwOz6unwEXY0PXoRsJbUWjILi8W4teSm1Kr+zXKKe3xTU57QnkHJBMk2MUk/dD+hraM3ZGNWpzDYVCdUFe2wh2MSupsMPiJZodahvUqNk0N3V0GYEPpUF9xQWPIoN3ZAq6p2ZbVF+EA+ds6IlQZ8MXzQEMVBWM8HX358aDY0ev4= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4509.namprd12.prod.outlook.com (2603:10b6:806:9e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:01:08 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:01:08 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 39/45] KVM: SVM: Introduce ops for the post gfn map and unmap Date: Fri, 20 Aug 2021 10:59:12 -0500 Message-Id: <20210820155918.7518-40-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:42 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: dd062faa-06fd-48f7-5340-08d963f3aa69 X-MS-TrafficTypeDiagnostic: SA0PR12MB4509: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5516; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ly00cJWLaWxy2BCRy7RUuzBo8TQXhVINA386Mlr2v7U5rTrx8k26n3kvwpTLXcePtSaZDLOTIF+q/MD+zxgWeM1cn+iI6GzSWAUpmqCcOfuW/XzO4DqQo+orP341mBFZTsT39YDDY5eHmQLb0sym1NSJu+Py9GMjJNFimLHE+25vj4uMvRyRmhN0WXOcd6LxZwT71G5A86hn0Oalxy90k2zXhHKdNtqBWduMYmmzsytEpBV9NQvXLm+Em1RbbUw30xZQT7WivZJEUQS+mmKkhpRgdmugYkVZpK6r4/MLDEncI1M4fHVRs4ytWdvRTHEDT+iYEh5BLHJ/uurvwpdnVKyoe2rYGoD+a529TkFs4iSvwAGy3iyFesEgn2yXSG41b8d15+zNw2DHzIhBz6y+nxhTdnwjLclPONgNv3b3bAZrGcAqTN60+sTqBI6vNxXy70ZJqUtUNOFklJmFx6OOdsVH/WvCfPJv8s4ZiV52b73bMjYHkKQc/LZKp76ZLidiWK6/esC2BGTXpdlLIO3MuSpAeSfQLCQOIuQmy0TnA3sUs39ejBeSRnpDwl+/UA6wvdnMwyzqL3WEwb3jPdw+VE8eHupw5ZHY/gjEDO3hIV2wuNafE3/QKIRukRT4BkXfQJWbGM4YrQ2tHhhIt8Ly+cjp6VKqeQqoCL8IM8okkMNNaj4XKRAkJn6OgYyMxJwTjtjbCbXcDH4xZ84GYHAgVQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(508600001)(4326008)(36756003)(7416002)(44832011)(54906003)(316002)(66946007)(66556008)(66476007)(86362001)(7406005)(956004)(6486002)(2616005)(2906002)(83380400001)(38350700002)(38100700002)(186003)(30864003)(5660300002)(8936002)(52116002)(1076003)(7696005)(8676002)(26005)(6666004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: woOLjS+XF8yNGlLgkSZB+5xoCW42xrqvfgJaOVMQmGAFKd0c3HBHXZg4MAzGaGUDAAexIkWgv7QJcGmVNcrBRuvx0qeqAlwOg3gYGNrSwofeQZrHuirDJUnreJhICm80tLvK/QXQAqMvmcYd/KdHwslxMQ9+eSETJuY4H/v/LEtBQY16c/Aw63dBW9RCdDB0sQRNWL3+61vcVYWn90XM7oCRfLAxmoMGOapdqBE2OBVmB4gVWJKI2/UdoTD3aDx1T9lADWROSp5YXueMK/ZEIrfLK05OckhGbmc4dlRcGm53n1MIvAdR6DPHT4FMKU9Fq4+yGSQfk2mKem1gN83nwRhPso8uI/l5UjVVrV1S+8jJgv4tJ+/wOeCjNsSKA+OQao8Y9hndLp3mUWx3Td2PsUgk0ojtUrq8RfHx3c9DL0OUgepKrlruNsVqP9RTPjOndFCnBT7+TCXFV+EIOWpRACTTwyuGIPpMoIn0Q8Ar86d7nx69SkeDK2zwYra8nBlzetvNBJV1cLdtgVWg5ACaUbIzUobPCc6AsO0PZJ1pFyvKI08auS/KJYktwGMNzj1idFNd/EVDxb0hYK7n3vLA2TT4f5qSI/ht17Z12yuFkEhACHr+Yz2izAFj5mEEyKQ0bKP4RtGeLWYBus5ej+oI8vKdijNKgAbQd5vNuitgpKUzMnhUHSVIU0g42JOlgKQOZB9KrDeb50OH68RH42h+J41e5tdX6XaLOd3eC8IQLOt/JFecct1BCELGcFXY3qJ/AAz5FUiReSGWis8V2G8pbSzoiLaogJpO17YYtD+wxoLPydaIoEUnZXlsuzZuB7JMLsnGwS4fVq5+421lmQUrOJxBMrXF7sISfZoAqjIG7aWs3oVEGb6+47umku/EsxDxB4n7U+HarBPsyd89S4CI5MlT3R0rjoNHKeS9B2aTaAI+SW09kFBDxBDiPNMZh3JXzxop5583vtTF4VwGwlIuseo1Q+WK1/qZYV6kHtsqLyDKthaTg9tFnEwZ8VTk/lZVcnj4sgUWqJzqH0UefibAoV9c55LbWwqeelFHNDccC8JeLhXnIbN13PY1/wiCb5dBOPiiY/AamBxcVx34kx2Bq2x1yjKRrvsTRRDPQyPL9JZTskZ4v0Z+wUlx1l95u18kNj70fayQel2ofhdB/hA6AMbIr1ZJ92/4eXh5+EViJLGSU0fyVXDv6iAV6nQeRyOkcqyjNAHQmZgrbDURGsWSYklb8OmLKeeAkPRyfmT/Yx1UvB5IVeoTmH+SKWWH2p6V09VnyJHqzoyCrJhUi7FXY/RFXsUkWORqsOEolkE/vdxs84W5IQK1oU1hFc+VKTwy X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: dd062faa-06fd-48f7-5340-08d963f3aa69 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:43.9216 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wRX/wIHf4rTRznryyLKto9ardUDI2nV53f1dFJ/Xfit32EC42OjhiGn4Q483d67+TCDofbQb7yiryKq/jXMAbA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4509 Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=vwOz6unw; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf10.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.237.51 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Stat-Signature: uy7xqqyg5dxx3whctoipc7jhfgtqj8n3 X-Rspamd-Queue-Id: E023B600198E X-Rspamd-Server: rspam05 X-HE-Tag: 1629475271-408572 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: When SEV-SNP is enabled in the guest VM, the guest memory pages can either be a private or shared. A write from the hypervisor goes through the RMP checks. If hardware sees that hypervisor is attempting to write to a guest private page, then it triggers an RMP violation #PF. To avoid the RMP violation, add post_{map,unmap}_gfn() ops that can be used to verify that its safe to map a given guest page. Use the SRCU to protect against the page state change for existing mapped pages. Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm-x86-ops.h | 2 + arch/x86/include/asm/kvm_host.h | 4 ++ arch/x86/kvm/svm/sev.c | 69 +++++++++++++++++++++----- arch/x86/kvm/svm/svm.c | 4 ++ arch/x86/kvm/svm/svm.h | 8 +++ arch/x86/kvm/x86.c | 78 +++++++++++++++++++++++++++--- 6 files changed, 146 insertions(+), 19 deletions(-) diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h index 371756c7f8f4..c09bd40e0160 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -124,6 +124,8 @@ KVM_X86_OP(msr_filter_changed) KVM_X86_OP_NULL(complete_emulated_msr) KVM_X86_OP(alloc_apic_backing_page) KVM_X86_OP_NULL(rmp_page_level_adjust) +KVM_X86_OP(post_map_gfn) +KVM_X86_OP(post_unmap_gfn) #undef KVM_X86_OP #undef KVM_X86_OP_NULL diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index a6e764458f3e..5ac1ff097e8c 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1463,7 +1463,11 @@ struct kvm_x86_ops { void (*vcpu_deliver_sipi_vector)(struct kvm_vcpu *vcpu, u8 vector); void *(*alloc_apic_backing_page)(struct kvm_vcpu *vcpu); + void (*rmp_page_level_adjust)(struct kvm *kvm, kvm_pfn_t pfn, int *level); + + int (*post_map_gfn)(struct kvm *kvm, gfn_t gfn, kvm_pfn_t pfn, int *token); + void (*post_unmap_gfn)(struct kvm *kvm, gfn_t gfn, kvm_pfn_t pfn, int token); }; struct kvm_x86_nested_ops { diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 0de85ed63e9b..65b578463271 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -336,6 +336,7 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) if (ret) goto e_free; + init_srcu_struct(&sev->psc_srcu); ret = sev_snp_init(&argp->error); } else { ret = sev_platform_init(&argp->error); @@ -2293,6 +2294,7 @@ void sev_vm_destroy(struct kvm *kvm) WARN_ONCE(1, "Failed to free SNP guest context, leaking asid!\n"); return; } + cleanup_srcu_struct(&sev->psc_srcu); } else { sev_unbind_asid(kvm, sev->handle); } @@ -2494,23 +2496,32 @@ void sev_free_vcpu(struct kvm_vcpu *vcpu) kfree(svm->ghcb_sa); } -static inline int svm_map_ghcb(struct vcpu_svm *svm, struct kvm_host_map *map) +static inline int svm_map_ghcb(struct vcpu_svm *svm, struct kvm_host_map *map, int *token) { struct vmcb_control_area *control = &svm->vmcb->control; u64 gfn = gpa_to_gfn(control->ghcb_gpa); + struct kvm_vcpu *vcpu = &svm->vcpu; - if (kvm_vcpu_map(&svm->vcpu, gfn, map)) { + if (kvm_vcpu_map(vcpu, gfn, map)) { /* Unable to map GHCB from guest */ pr_err("error mapping GHCB GFN [%#llx] from guest\n", gfn); return -EFAULT; } + if (sev_post_map_gfn(vcpu->kvm, map->gfn, map->pfn, token)) { + kvm_vcpu_unmap(vcpu, map, false); + return -EBUSY; + } + return 0; } -static inline void svm_unmap_ghcb(struct vcpu_svm *svm, struct kvm_host_map *map) +static inline void svm_unmap_ghcb(struct vcpu_svm *svm, struct kvm_host_map *map, int token) { - kvm_vcpu_unmap(&svm->vcpu, map, true); + struct kvm_vcpu *vcpu = &svm->vcpu; + + kvm_vcpu_unmap(vcpu, map, true); + sev_post_unmap_gfn(vcpu->kvm, map->gfn, map->pfn, token); } static void dump_ghcb(struct vcpu_svm *svm) @@ -2518,8 +2529,9 @@ static void dump_ghcb(struct vcpu_svm *svm) struct kvm_host_map map; unsigned int nbits; struct ghcb *ghcb; + int token; - if (svm_map_ghcb(svm, &map)) + if (svm_map_ghcb(svm, &map, &token)) return; ghcb = map.hva; @@ -2544,7 +2556,7 @@ static void dump_ghcb(struct vcpu_svm *svm) pr_err("%-20s%*pb\n", "valid_bitmap", nbits, ghcb->save.valid_bitmap); e_unmap: - svm_unmap_ghcb(svm, &map); + svm_unmap_ghcb(svm, &map, token); } static bool sev_es_sync_to_ghcb(struct vcpu_svm *svm) @@ -2552,8 +2564,9 @@ static bool sev_es_sync_to_ghcb(struct vcpu_svm *svm) struct kvm_vcpu *vcpu = &svm->vcpu; struct kvm_host_map map; struct ghcb *ghcb; + int token; - if (svm_map_ghcb(svm, &map)) + if (svm_map_ghcb(svm, &map, &token)) return false; ghcb = map.hva; @@ -2579,7 +2592,7 @@ static bool sev_es_sync_to_ghcb(struct vcpu_svm *svm) trace_kvm_vmgexit_exit(svm->vcpu.vcpu_id, ghcb); - svm_unmap_ghcb(svm, &map); + svm_unmap_ghcb(svm, &map, token); return true; } @@ -2636,8 +2649,9 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm, u64 *exit_code) struct kvm_vcpu *vcpu = &svm->vcpu; struct kvm_host_map map; struct ghcb *ghcb; + int token; - if (svm_map_ghcb(svm, &map)) + if (svm_map_ghcb(svm, &map, &token)) return -EFAULT; ghcb = map.hva; @@ -2739,7 +2753,7 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm, u64 *exit_code) sev_es_sync_from_ghcb(svm, ghcb); - svm_unmap_ghcb(svm, &map); + svm_unmap_ghcb(svm, &map, token); return 0; vmgexit_err: @@ -2760,7 +2774,7 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm, u64 *exit_code) vcpu->run->internal.data[0] = *exit_code; vcpu->run->internal.data[1] = vcpu->arch.last_vmentry_cpu; - svm_unmap_ghcb(svm, &map); + svm_unmap_ghcb(svm, &map, token); return -EINVAL; } @@ -3036,6 +3050,9 @@ static int __snp_handle_page_state_change(struct kvm_vcpu *vcpu, enum psc_op op, return PSC_UNDEF_ERR; } + /* Wait for all the existing mapped gfn to unmap */ + synchronize_srcu_expedited(&sev->psc_srcu); + write_lock(&kvm->mmu_lock); rc = kvm_mmu_get_tdp_walk(vcpu, gpa, &pfn, &npt_level); @@ -3604,3 +3621,33 @@ void sev_rmp_page_level_adjust(struct kvm *kvm, kvm_pfn_t pfn, int *level) /* Adjust the level to keep the NPT and RMP in sync */ *level = min_t(size_t, *level, rmp_level); } + +int sev_post_map_gfn(struct kvm *kvm, gfn_t gfn, kvm_pfn_t pfn, int *token) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + int level; + + if (!sev_snp_guest(kvm)) + return 0; + + *token = srcu_read_lock(&sev->psc_srcu); + + /* If pfn is not added as private then fail */ + if (snp_lookup_rmpentry(pfn, &level) == 1) { + srcu_read_unlock(&sev->psc_srcu, *token); + pr_err_ratelimited("failed to map private gfn 0x%llx pfn 0x%llx\n", gfn, pfn); + return -EBUSY; + } + + return 0; +} + +void sev_post_unmap_gfn(struct kvm *kvm, gfn_t gfn, kvm_pfn_t pfn, int token) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + + if (!sev_snp_guest(kvm)) + return; + + srcu_read_unlock(&sev->psc_srcu, token); +} diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 5f73f21a37a1..3784d389247b 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4679,7 +4679,11 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .vcpu_deliver_sipi_vector = svm_vcpu_deliver_sipi_vector, .alloc_apic_backing_page = svm_alloc_apic_backing_page, + .rmp_page_level_adjust = sev_rmp_page_level_adjust, + + .post_map_gfn = sev_post_map_gfn, + .post_unmap_gfn = sev_post_unmap_gfn, }; static struct kvm_x86_init_ops svm_init_ops __initdata = { diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index d10f7166b39d..ff91184f9b4a 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -76,16 +76,22 @@ struct kvm_sev_info { bool active; /* SEV enabled guest */ bool es_active; /* SEV-ES enabled guest */ bool snp_active; /* SEV-SNP enabled guest */ + unsigned int asid; /* ASID used for this guest */ unsigned int handle; /* SEV firmware handle */ int fd; /* SEV device fd */ + unsigned long pages_locked; /* Number of pages locked */ struct list_head regions_list; /* List of registered regions */ + u64 ap_jump_table; /* SEV-ES AP Jump Table address */ + struct kvm *enc_context_owner; /* Owner of copied encryption context */ struct misc_cg *misc_cg; /* For misc cgroup accounting */ + u64 snp_init_flags; void *snp_context; /* SNP guest context page */ + struct srcu_struct psc_srcu; }; struct kvm_svm { @@ -618,6 +624,8 @@ void sev_es_prepare_guest_switch(struct vcpu_svm *svm, unsigned int cpu); void sev_es_unmap_ghcb(struct vcpu_svm *svm); struct page *snp_safe_alloc_page(struct kvm_vcpu *vcpu); void sev_rmp_page_level_adjust(struct kvm *kvm, kvm_pfn_t pfn, int *level); +int sev_post_map_gfn(struct kvm *kvm, gfn_t gfn, kvm_pfn_t pfn, int *token); +void sev_post_unmap_gfn(struct kvm *kvm, gfn_t gfn, kvm_pfn_t pfn, int token); /* vmenter.S */ diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index afcdc75a99f2..bf4389ffc88f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -3095,6 +3095,65 @@ static inline bool kvm_pv_async_pf_enabled(struct kvm_vcpu *vcpu) return (vcpu->arch.apf.msr_en_val & mask) == mask; } +static int kvm_map_gfn_protected(struct kvm_vcpu *vcpu, gfn_t gfn, struct kvm_host_map *map, + struct gfn_to_pfn_cache *cache, bool atomic, int *token) +{ + int ret; + + ret = kvm_map_gfn(vcpu, gfn, map, cache, atomic); + if (ret) + return ret; + + if (kvm_x86_ops.post_map_gfn) { + ret = static_call(kvm_x86_post_map_gfn)(vcpu->kvm, map->gfn, map->pfn, token); + if (ret) + kvm_unmap_gfn(vcpu, map, cache, false, atomic); + } + + return ret; +} + +static int kvm_unmap_gfn_protected(struct kvm_vcpu *vcpu, struct kvm_host_map *map, + struct gfn_to_pfn_cache *cache, bool dirty, + bool atomic, int token) +{ + int ret; + + ret = kvm_unmap_gfn(vcpu, map, cache, dirty, atomic); + + if (kvm_x86_ops.post_unmap_gfn) + static_call(kvm_x86_post_unmap_gfn)(vcpu->kvm, map->gfn, map->pfn, token); + + return ret; +} + +static int kvm_vcpu_map_protected(struct kvm_vcpu *vcpu, gpa_t gpa, struct kvm_host_map *map, + int *token) +{ + int ret; + + ret = kvm_vcpu_map(vcpu, gpa, map); + if (ret) + return ret; + + if (kvm_x86_ops.post_map_gfn) { + ret = static_call(kvm_x86_post_map_gfn)(vcpu->kvm, map->gfn, map->pfn, token); + if (ret) + kvm_vcpu_unmap(vcpu, map, false); + } + + return ret; +} + +static void kvm_vcpu_unmap_protected(struct kvm_vcpu *vcpu, struct kvm_host_map *map, + bool dirty, int token) +{ + kvm_vcpu_unmap(vcpu, map, dirty); + + if (kvm_x86_ops.post_unmap_gfn) + static_call(kvm_x86_post_unmap_gfn)(vcpu->kvm, map->gfn, map->pfn, token); +} + static int kvm_pv_enable_async_pf(struct kvm_vcpu *vcpu, u64 data) { gpa_t gpa = data & ~0x3f; @@ -3185,6 +3244,7 @@ static void record_steal_time(struct kvm_vcpu *vcpu) { struct kvm_host_map map; struct kvm_steal_time *st; + int token; if (kvm_xen_msr_enabled(vcpu->kvm)) { kvm_xen_runstate_set_running(vcpu); @@ -3195,8 +3255,8 @@ static void record_steal_time(struct kvm_vcpu *vcpu) return; /* -EAGAIN is returned in atomic context so we can just return. */ - if (kvm_map_gfn(vcpu, vcpu->arch.st.msr_val >> PAGE_SHIFT, - &map, &vcpu->arch.st.cache, false)) + if (kvm_map_gfn_protected(vcpu, vcpu->arch.st.msr_val >> PAGE_SHIFT, + &map, &vcpu->arch.st.cache, false, &token)) return; st = map.hva + @@ -3234,7 +3294,7 @@ static void record_steal_time(struct kvm_vcpu *vcpu) st->version += 1; - kvm_unmap_gfn(vcpu, &map, &vcpu->arch.st.cache, true, false); + kvm_unmap_gfn_protected(vcpu, &map, &vcpu->arch.st.cache, true, false, token); } int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) @@ -4271,6 +4331,7 @@ static void kvm_steal_time_set_preempted(struct kvm_vcpu *vcpu) { struct kvm_host_map map; struct kvm_steal_time *st; + int token; if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED)) return; @@ -4278,8 +4339,8 @@ static void kvm_steal_time_set_preempted(struct kvm_vcpu *vcpu) if (vcpu->arch.st.preempted) return; - if (kvm_map_gfn(vcpu, vcpu->arch.st.msr_val >> PAGE_SHIFT, &map, - &vcpu->arch.st.cache, true)) + if (kvm_map_gfn_protected(vcpu, vcpu->arch.st.msr_val >> PAGE_SHIFT, + &map, &vcpu->arch.st.cache, true, &token)) return; st = map.hva + @@ -4287,7 +4348,7 @@ static void kvm_steal_time_set_preempted(struct kvm_vcpu *vcpu) st->preempted = vcpu->arch.st.preempted = KVM_VCPU_PREEMPTED; - kvm_unmap_gfn(vcpu, &map, &vcpu->arch.st.cache, true, true); + kvm_unmap_gfn_protected(vcpu, &map, &vcpu->arch.st.cache, true, true, token); } void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu) @@ -6816,6 +6877,7 @@ static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt, gpa_t gpa; char *kaddr; bool exchanged; + int token; /* guests cmpxchg8b have to be emulated atomically */ if (bytes > 8 || (bytes & (bytes - 1))) @@ -6839,7 +6901,7 @@ static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt, if (((gpa + bytes - 1) & page_line_mask) != (gpa & page_line_mask)) goto emul_write; - if (kvm_vcpu_map(vcpu, gpa_to_gfn(gpa), &map)) + if (kvm_vcpu_map_protected(vcpu, gpa_to_gfn(gpa), &map, &token)) goto emul_write; kaddr = map.hva + offset_in_page(gpa); @@ -6861,7 +6923,7 @@ static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt, BUG(); } - kvm_vcpu_unmap(vcpu, &map, true); + kvm_vcpu_unmap_protected(vcpu, &map, true, token); if (!exchanged) return X86EMUL_CMPXCHG_FAILED; From patchwork Fri Aug 20 15:59:13 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449845 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5B8A6C4338F for ; Fri, 20 Aug 2021 16:02:08 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 0A93361250 for ; Fri, 20 Aug 2021 16:02:08 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 0A93361250 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 6B9A48D0023; Fri, 20 Aug 2021 12:01:13 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 668DA8D0007; Fri, 20 Aug 2021 12:01:13 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4449D8D0026; Fri, 20 Aug 2021 12:01:13 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0133.hostedemail.com [216.40.44.133]) by kanga.kvack.org (Postfix) with ESMTP id 14AB48D0023 for ; Fri, 20 Aug 2021 12:01:13 -0400 (EDT) Received: from smtpin39.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id BF333184413FF for ; Fri, 20 Aug 2021 16:01:12 +0000 (UTC) X-FDA: 78495923184.39.99A0350 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2051.outbound.protection.outlook.com [40.107.237.51]) by imf10.hostedemail.com (Postfix) with ESMTP id 652846001994 for ; Fri, 20 Aug 2021 16:01:12 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=diXJCqWeYf6JU6CrVUB8n4de1eJtdzec1MOvIZk3LhnDt5HaZ+A9ow2Ov18UkNjIt2uOycc9nh56ioIHJqm2JDGJgV1YIdcYtAxPLtJThSu/GD8V1NUgjXKBK2UwNXbt5OgUbBAq+xM+fDuc3caZMspTufaTqJHEQeKLDnX0t0qd6kMsCdYRSMCXOlOe8awsI0NuAHCavANG0ATyePJEJW2XNUTRSfRQFAQ2sJZCsEHHOU4akXU/hPNIen62vJE+EI9Me090qJbJ4KLR3mXmAskGhRztl3cVO/O9JcuPsscZ+oMt93wa3mAHn1ZNuGA9w/zYj/M1h3Y9dA3r7dZwXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FToI2YrXRrehyRiPEdYSZHUhoues+OdXNzpg7Ok4jrc=; b=FlRabT9Bu9fDrxRIbBnL7zYoszeOmhHvv4ZcZOxWxvNVgh5mG9KSkalnK8SwNPvjnVQ8uDlWA1fJE78lLaBhJz8EVQ7rHdGI4zjTdNH+1LTblc6AG8KOTW1B8/WhRZQupXnyCqaO8lRskKv2xOa2slgXFdCEx+WaJzTBpWB06lW2cGqxd0fJwduhKgk9mvYpH6z1kacoLgIAnCp7ZMwd19o22brVE7XQbwo2JZ0iWfGmSQvmU1ZoLhuYM7PKGqdGwAYUfk7J0Bqx2eqSXMuMz1EBZIdejuv8UAzLm7vvOmPEQjzuRfREWP6wKC8JZI7veuY17akgFAkfMnXz+dV4Hg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FToI2YrXRrehyRiPEdYSZHUhoues+OdXNzpg7Ok4jrc=; b=NOlmfZ0uv9xSPFw8gLmpvpVL9EKtG1xrN2ZE8sLohE/gQJoOTzUJpjXRsHqpI6vkpjJQOQj7jF4etjS4w45uQ4uQdzo+vzHlx91RcbYuk2ZaSV6xGPgLasm/EWeUP7brza7DWjtVJtuzYfmjlFzcta0SMw0LnvSy1azxbDhCa/0= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4509.namprd12.prod.outlook.com (2603:10b6:806:9e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:01:09 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:01:09 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 40/45] KVM: x86: Export the kvm_zap_gfn_range() for the SNP use Date: Fri, 20 Aug 2021 10:59:13 -0500 Message-Id: <20210820155918.7518-41-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:44 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 0d91976f-9d26-412c-7ee1-08d963f3ab1e X-MS-TrafficTypeDiagnostic: SA0PR12MB4509: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4303; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Yt0Cwl9qoESg5yBc37cTqii/arJMEH3ZDkQt17und2KHZFV0y5X0eGG1WiWLUGlYEyDcLk4k9UkXpz8rO3Vq6k7kxQ4aTZoMw704YD2zZdB7578I4rN+RN0Q4WEtBIs7O/o4+kHiTAvhHlpbD3nx2J3Ef3nqRKbJCJRPqC1rw3G8OD8zcET4hcCC2Kjc8W0l3t2MiizzlgHk5gzFQQYx5y1tb1GnnNH6VhdsyMr65FPmzWLqPMp7qST0fyjKpoipWDmHgOIQXTx8zjIzVPX5b5xBQDD/0Rx5izVg/VvHPhLZbvD7/Qpfz2mHvdFAizOxiArisVfGC+d7uxsTIGliQcbLEkRMYxxMwPM6M9Q4r2it+VAswEMGThiZbQVJ3Xf4u3zYJEnRzz4Nwqu/0c/39fefijKCUv9TgJjhgZwWK8JK6MrbK/htrBKYsYvUiyEj5r95Sw62aiAjdozqlh5b3gcIMwL4ho/9N4xMe5jq+P4gpLwHwOLd4DXiHfGy5NiacPDETDrjqjOuMUYzCC923t4iAJt7ofFBU/2U2aD1578l2mU+9dU0khx+J3Zmqv3rXEyoSPOTsKUNAPOM1JP9G69zmcW/ph6Noao9vSKelkTAUibk04tYLXZdkQb7kio2+eiGDkRelAYmnMg9HUCIeIiXlDaKYBAW829KxUQx0UIZFe0mnAPhYYKivhuvm4q7 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(508600001)(4326008)(36756003)(7416002)(44832011)(54906003)(316002)(66946007)(66556008)(66476007)(86362001)(7406005)(956004)(6486002)(2616005)(2906002)(83380400001)(38350700002)(38100700002)(186003)(5660300002)(8936002)(52116002)(1076003)(7696005)(8676002)(26005)(6666004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 9Nk3IgFQoM+gLCTEJzmI5sH9N1lVHBw2VmzYOvwcireX2eGCT96Gtwht5HOHQ0pE91u5QaiDl8RlzFXhRodzBZbVoriwFhXwACZmT5M57kk9iwhgtfduYWI30vQlvtc11/kC/j5gaX+436waDotoXSFxd1YuvRKB6jRNbCoUXq6G5jXzhCnPyQaGXl9Aw+v7rGb0OmvM6xIFrY/xOx7zhNwFr+FoW9frPuHlUrFyCl7eJwTDJsCqAV8cG+wVKMeQaTUIVZ5BUMqnZ7V4I9FLOnY1rlohRz4cpW+G5kDX3ryApdD3AjzObgkR4fsGczbaIWczGLc+O6H8zekfB43jiF9ZeqTOi7TPN2EuqG5hLQbzNYiJnrY6Bn8Kvpb7BzKOZJONgYD7S9NklG6r4JUJZCkw5ng3AxwC2UZp5L/ecl3cmsIoaciXYfmTaNUOnkOwMD+9mItBZo3A/K4XLv7T/HY9yfOED7uBpedItCwWwUQY45eIUFdNKGeaDXaJEM1uuAulQnzdRfPaZfF4zANWwIAwyRY+hu2TwmYJ7w6kZoL9cSlyLw4ukHmUR+GIJmy7oQ05W2WmC8CG25JWUCt6uH7bTDGBLqQzLS4M4plDR1fl9iMe15SvS2gvIPEESNUUrG4A/K31g80Jmk9A6OMCp3t1+FCGLg2eEUUstrqEpNFefEtRCPwW/YCEl9ZI7ZRiCO2wTa+Z6YFwHvwZP4ixTVFIskwju4Om0bganUDpGcOXoue3k0eKbPxGsOoCU1ZiFXvlRc5ZKpSNh2BGf7kTcgwcijsdRBU+WSnrmyZ9zaZxL/U2LCsTxeNa9uQVbLWOgKvJmw/TemibU4EMESfVmuGQNQSKp1UcIWHi1Ikf9AvcwiHoZILajiDfPFQDgZHk25WmLsjorkQbONkmkna2IFqUjkpP089pi9UJYugCJoZPL8VeCFZWG/tRXOEg6VVTM/1o6Y0TIi/Lw74S+c8/aQjWe57AtLkuMk6XL7EuDzoAGmZo2sIQTb+vS02jBROuQ7jLwZ2UA+ORX1yeeTORxd1FiuKsWdcpH4BPEYGQLO3AubJBvZZwjSGf+Z7BtkQkcV5OjJn1HcX7D6txTiPbDzToTlr6eyPybIXpNAn1EGWzb9wNjBNHoyhtshUENB1Kxo5NOFw2I8U0++O+sEiAsaF9+eGbQyH0qdcqbDPsDndxxe0K4W9lu6OL3bzv3kWCgzBj9Y/beV4PReVW6Vm0DwgyN+VrI7LiN5XQXMraf09ChYRYuqzTrXsSkCaFzvowXMuUcJcd/6eTFo4uerigSZwd3TP2JH41jF+Cm5TZTCRhijE33kMPvCrTLrQhU0uq X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0d91976f-9d26-412c-7ee1-08d963f3ab1e X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:45.0789 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: HPtRTYy3pv+LMFUQXqA/ILyuKmc8QzAbLrv2wP5rziatRIYtOMlnAq/z4yS+hUb0uFyuaw+RePCIrTMf6Vi0JQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4509 Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=NOlmfZ0u; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf10.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.237.51 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Stat-Signature: fapgijurtrjmfduo4o5c8ky6peeiprkj X-Rspamd-Queue-Id: 652846001994 X-Rspamd-Server: rspam05 X-HE-Tag: 1629475272-568569 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: While resolving the RMP page fault, we may run into cases where the page level between the RMP entry and TDP does not match and the 2M RMP entry must be split into 4K RMP entries. Or a 2M TDP page need to be broken into multiple of 4K pages. To keep the RMP and TDP page level in sync, we will zap the gfn range after splitting the pages in the RMP entry. The zap should force the TDP to gets rebuilt with the new page level. Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/mmu.h | 2 -- arch/x86/kvm/mmu/mmu.c | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 5ac1ff097e8c..8773c1f9e45e 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1561,6 +1561,8 @@ void kvm_mmu_zap_all(struct kvm *kvm); void kvm_mmu_invalidate_mmio_sptes(struct kvm *kvm, u64 gen); unsigned long kvm_mmu_calculate_default_mmu_pages(struct kvm *kvm); void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned long kvm_nr_mmu_pages); +void kvm_zap_gfn_range(struct kvm *kvm, gfn_t gfn_start, gfn_t gfn_end); + int load_pdptrs(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, unsigned long cr3); diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index 7c4fac53183d..f767a52f9178 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -228,8 +228,6 @@ static inline u8 permission_fault(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, return -(u32)fault & errcode; } -void kvm_zap_gfn_range(struct kvm *kvm, gfn_t gfn_start, gfn_t gfn_end); - int kvm_arch_write_log_dirty(struct kvm_vcpu *vcpu); int kvm_mmu_post_init_vm(struct kvm *kvm); diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index e660d832e235..56a7da49092d 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -5748,6 +5748,7 @@ static bool kvm_mmu_zap_collapsible_spte(struct kvm *kvm, return need_tlb_flush; } +EXPORT_SYMBOL_GPL(kvm_zap_gfn_range); void kvm_mmu_zap_collapsible_sptes(struct kvm *kvm, const struct kvm_memory_slot *memslot) From patchwork Fri Aug 20 15:59:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449847 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1DC52C4338F for ; Fri, 20 Aug 2021 16:02:12 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id B29B461250 for ; Fri, 20 Aug 2021 16:02:11 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org B29B461250 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id E33A98D0025; Fri, 20 Aug 2021 12:01:13 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DBBFC8D0007; Fri, 20 Aug 2021 12:01:13 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C35FF8D0025; Fri, 20 Aug 2021 12:01:13 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0107.hostedemail.com [216.40.44.107]) by kanga.kvack.org (Postfix) with ESMTP id A722A8D0007 for ; Fri, 20 Aug 2021 12:01:13 -0400 (EDT) Received: from smtpin01.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 4D39E1848227E for ; Fri, 20 Aug 2021 16:01:13 +0000 (UTC) X-FDA: 78495923226.01.AA7C018 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2051.outbound.protection.outlook.com [40.107.237.51]) by imf10.hostedemail.com (Postfix) with ESMTP id CDDB0600198C for ; Fri, 20 Aug 2021 16:01:12 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZeyREFdj2y/Gz7rNNpyMgvE05Q8zDnzLdsg0V7jOzO5JGoYl7fyXwj+gOAk8woCC0584fEv0zzPLV4knYyCMumVe97syxbRkv3he9iYOJLYjAu/5dCRp8S41CJj5/y8L2WQD8pY+n9owYOivMNGnXlMzZ6g5tlNxEgetLEef6CM3Lq7FKqlWRqYMhGMVD19EVjXeBMzk9Tgs84VQA6w3aOWtiMYeM67hKl+4OLFrSptu2SqlmVG31zEeNicVNW75bKVch8ihcZEqjokhbbPijsdoTu2Fz+qGP/6i/5+NW3oCqGYUNEQW89/RudkI4MUukjBtzd8Y28u8cn9Whr2owA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oZFq/dGo+kLu7NVgIMt7qlWNCwQLMd7WTut81kZQR7w=; b=MwbNoSzmX41k8xalB3sOs1/8x63obdtQfZyHKEOJxMK92OrH8oYuyZVCPC13mWUWlcqY8cPL11HwDTzJlSwhBSsNt0mAgdNsGj6vigPr85ZlCzPaYOXOvY5EN0YK1MYmlylVCy+TR22hEiMMO9wVTX1g5fxrqGSKqsd0tArv3pi4lRaOy27CQ+Q4+sA5aLThSFzinHO4zWO+8+WTEO0LNAqvKKn73XjFeXVq3+iG2tF5tPUgKikdcyOIcQMpHJHhYxOoQEyK2vsQQttWW42BeAaM8XEKxc/Nyb9qc9gW/jV6uxliHn/dLfoVvs4HNyJK8kpx3VUF1j6MZ7l7B5G7hA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oZFq/dGo+kLu7NVgIMt7qlWNCwQLMd7WTut81kZQR7w=; b=Qr8o+WFa+4tFiZBghHCrVEePlq+2XqSP/a7KFXlj0amIUMjNNMSnX7WLaOdHoB9UrFUJjV4G9WxayBGfYTQbfF9PnhXABqaDdXu4BYhlRiYNSxoJf/Z0vGu0TSVwx8P0j2LQojAIwBOmilIeEhSN4v2Kzhp6bh35jPc0KcVT51A= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4509.namprd12.prod.outlook.com (2603:10b6:806:9e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:01:09 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:01:09 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 41/45] KVM: SVM: Add support to handle the RMP nested page fault Date: Fri, 20 Aug 2021 10:59:14 -0500 Message-Id: <20210820155918.7518-42-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:45 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 4b031cdf-5472-4765-09de-08d963f3abd5 X-MS-TrafficTypeDiagnostic: SA0PR12MB4509: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: q1oNDHqMARHmr9v1JhMNmxaypVk3nPte6KbcUb1Tnk6Qi+DE0Z0Zhqn9d/Q0PDpIKDcvhSYRDcBJUASO4fq3xwi19hBeIvFFNjC1+z1VDSOUpeIRJcHwb7fnl1Y3Snnfko5VlCzOCgQLDkOT2JyfynIaxMTzsAGzs5OelyxHtc089R+wbplEir/ZHin1ZPpvjEsFRHYlX9rexHKDww3Md0rOJql2jLreAEF+seROnvLDkjYOvoZsy6LTi1GZWXLsB0L9BU5aSpOEFRlMmFcrI5fXOnEUeWhN8Q9ud539IEn66C2jC9sMGm70FOqDs8AvI7nfEPD5CO0DPg1Bw1YSa+zUc35UdE47X3AysAZtSylVV2cHdqHiZ5iFazgBC01GpPXNm8/4S/cV7WG3o9VsGL2ZKsYg5/s14cPHfXCtLAEdbhVHe//GBonct3bWG1q+qm5rmpzRv7kiSLQmvYod7YwDOP8HcMGiGu8BqlyvzYH9PVo1p7Al1xIwLTUzmi/POnqulcpcBjAHHXLWIH86GiiTzSUdKk6Pog6Mt2xpiaOxYBKs9L1d0OmwcdSUsf1yITDzjq16zU14bnCNEZuOmJnTo2H4Eh8+lOc4rIti54g4XVHGzvZqwU6HVBz1/qqvVPnlhd+KKIjPWejnebQtwCCU4NFHRXnNUKvTadxMG38tiGrjUW0n9zLW5Kmlw+rxitVA6IFGoDo0CERTiLX8zA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(508600001)(4326008)(36756003)(7416002)(44832011)(54906003)(316002)(66946007)(66556008)(66476007)(86362001)(7406005)(956004)(6486002)(2616005)(2906002)(83380400001)(38350700002)(38100700002)(186003)(5660300002)(8936002)(52116002)(1076003)(7696005)(8676002)(26005)(6666004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: Qws1+R0TtTyy8+w6UO72Dc6C1ISyqL7UTPb8QVRbiJiKgOJZZIIqk3qaSW2bD6EeX7/wtm1GxOWptLX6MkHfSRkwz8rF5IdGHUoKhJpLVqmHAA8fTdSiLT7msX7mS746vW5scqt5e9Raa1GS4W1O7DPRLZEALzwCyO2WYCdCHzdMR0Bem8A7Mpt0dX4js/1dBXasqquajvlJ5jc1P9jfnCPDMQpYwPzFmT6ss7e9RfhWWk3QWBfimlrri/8NVz5Dbylg0L5G8hywIrHghgz0hePB8M1CwdKrJvJQ/BhciXraJkbb/hKBUX1y7XiAkLMyNjtk+JqjEAudQiLLSzlbLBw6QyAedLXjSYPnl+pCbMOegCwKS360EGi9Z+pR3RvemPj1RRf2iYbc4zHxYGZLEXU9Kc+x/M0+zrqWqQLhZ2ZvZhLmvxdf1CRSomwE2mmQXxMjVkGlAg0KCCXXwM/SXvA8/k3BHFSu3SfuGn/7DquZy6rYf1OHMjUv992edC8fU0PTgHM4YG1ndrKXhc52nXD1gbIfg/ChuAOGnzJe1GmngCXm21whcUAmq7evwl4WrNd7EVmYhLw68j5vr07oabejBtRDQnoZtOyEyy+D0aianCTq9X9ZPp8JcFeTYnvCUV3f2FLVET9G+jv3AMW0BJ56cv3lwpp66Cqy3RB9R7h7jrVLh2wF6rUi/JzwxEk4Cd+Dv1jJ0qsc0i1BEibT7qUJq2YX7gxshmeEnX4Mpb91CSaZHeUPNCG9ITNNlNX4vARH3dSRPPUed1WWgf2THlsjdF/PNCWlKLobtAWWk6JgssJdr3qm4xpICMwI1JJrvF+o2Ucpb9Fpso13zUW1Kzdn9S+Lh13crpwYBZmCd8N0+Xr8W1BkBg/e/my9nvg3TSBkABSzDkruh1SuG2lauK2W4W9JkLIvK6Eu/rYT5Bf70cZpV7hnbd4x0+r4g8ApbsF+9BvhF1rhKQ2acf18QrTB72XbMjLDEL+Gy7d6UTMkAzZoQC+7t+tFe+/lH05gNIJMK4eykLSSn6g10/8Jx3iigrju2zkIK1j3YIPeiqRDyjM4TduKfWgLDf8qS7JmhhCBUjHx5ZAGqUUbupDRJl9XDQrCO1IYAaS1ppZ/6czfE49vwPHgnW85sXgLzzS36abvg8CPyB+anEWTC7y3zhrOFBhkHYx6Q0yz9s3W2u+GoQUzxoaTewqK4vQUV+awdspnFoaBcAluFokjFq0b0ZxLwZzBsSALTps1eM+YBOtxrh2l2slVucrL2jSGiIPmkFelzZ5Tsr3caTZ5OTwBDbdJh65qj2J/NJqkHZsY2pv2ugfsTKoA54mwZkD5vpST X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4b031cdf-5472-4765-09de-08d963f3abd5 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:46.2922 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: hM3NJoOXNQQ6jh/SS7wW53veguG+0idHwKBoz378JLu91HmmHWD04UPNp1qQgDt/0vnaagD+qG3Xiaj6MQ8e6A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4509 Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=Qr8o+WFa; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf10.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.237.51 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Stat-Signature: i71krkpjrbsdbx4tc1sod6j8g7txhsc3 X-Rspamd-Queue-Id: CDDB0600198C X-Rspamd-Server: rspam05 X-HE-Tag: 1629475272-361322 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: When SEV-SNP is enabled in the guest, the hardware places restrictions on all memory accesses based on the contents of the RMP table. When hardware encounters RMP check failure caused by the guest memory access it raises the #NPF. The error code contains additional information on the access type. See the APM volume 2 for additional information. Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm/sev.c | 76 ++++++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 14 +++++--- arch/x86/kvm/svm/svm.h | 1 + 3 files changed, 87 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 65b578463271..712e8907bc39 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3651,3 +3651,79 @@ void sev_post_unmap_gfn(struct kvm *kvm, gfn_t gfn, kvm_pfn_t pfn, int token) srcu_read_unlock(&sev->psc_srcu, token); } + +void handle_rmp_page_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u64 error_code) +{ + int rmp_level, npt_level, rc, assigned; + struct kvm *kvm = vcpu->kvm; + gfn_t gfn = gpa_to_gfn(gpa); + bool need_psc = false; + enum psc_op psc_op; + kvm_pfn_t pfn; + bool private; + + write_lock(&kvm->mmu_lock); + + if (unlikely(!kvm_mmu_get_tdp_walk(vcpu, gpa, &pfn, &npt_level))) + goto unlock; + + assigned = snp_lookup_rmpentry(pfn, &rmp_level); + if (unlikely(assigned < 0)) + goto unlock; + + private = !!(error_code & PFERR_GUEST_ENC_MASK); + + /* + * If the fault was due to size mismatch, or NPT and RMP page level's + * are not in sync, then use PSMASH to split the RMP entry into 4K. + */ + if ((error_code & PFERR_GUEST_SIZEM_MASK) || + (npt_level == PG_LEVEL_4K && rmp_level == PG_LEVEL_2M && private)) { + rc = snp_rmptable_psmash(kvm, pfn); + if (rc) + pr_err_ratelimited("psmash failed, gpa 0x%llx pfn 0x%llx rc %d\n", + gpa, pfn, rc); + goto out; + } + + /* + * If it's a private access, and the page is not assigned in the + * RMP table, create a new private RMP entry. This can happen if + * guest did not use the PSC VMGEXIT to transition the page state + * before the access. + */ + if (!assigned && private) { + need_psc = 1; + psc_op = SNP_PAGE_STATE_PRIVATE; + goto out; + } + + /* + * If it's a shared access, but the page is private in the RMP table + * then make the page shared in the RMP table. This can happen if + * the guest did not use the PSC VMGEXIT to transition the page + * state before the access. + */ + if (assigned && !private) { + need_psc = 1; + psc_op = SNP_PAGE_STATE_SHARED; + } + +out: + write_unlock(&kvm->mmu_lock); + + if (need_psc) + rc = __snp_handle_page_state_change(vcpu, psc_op, gpa, PG_LEVEL_4K); + + /* + * The fault handler has updated the RMP pagesize, zap the existing + * rmaps for large entry ranges so that nested page table gets rebuilt + * with the updated RMP pagesize. + */ + gfn = gpa_to_gfn(gpa) & ~(KVM_PAGES_PER_HPAGE(PG_LEVEL_2M) - 1); + kvm_zap_gfn_range(kvm, gfn, gfn + PTRS_PER_PMD); + return; + +unlock: + write_unlock(&kvm->mmu_lock); +} diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 3784d389247b..3ba62f21b113 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1933,15 +1933,21 @@ static int pf_interception(struct kvm_vcpu *vcpu) static int npf_interception(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); + int rc; u64 fault_address = svm->vmcb->control.exit_info_2; u64 error_code = svm->vmcb->control.exit_info_1; trace_kvm_page_fault(fault_address, error_code); - return kvm_mmu_page_fault(vcpu, fault_address, error_code, - static_cpu_has(X86_FEATURE_DECODEASSISTS) ? - svm->vmcb->control.insn_bytes : NULL, - svm->vmcb->control.insn_len); + rc = kvm_mmu_page_fault(vcpu, fault_address, error_code, + static_cpu_has(X86_FEATURE_DECODEASSISTS) ? + svm->vmcb->control.insn_bytes : NULL, + svm->vmcb->control.insn_len); + + if (error_code & PFERR_GUEST_RMP_MASK) + handle_rmp_page_fault(vcpu, fault_address, error_code); + + return rc; } static int db_interception(struct kvm_vcpu *vcpu) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index ff91184f9b4a..280072995306 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -626,6 +626,7 @@ struct page *snp_safe_alloc_page(struct kvm_vcpu *vcpu); void sev_rmp_page_level_adjust(struct kvm *kvm, kvm_pfn_t pfn, int *level); int sev_post_map_gfn(struct kvm *kvm, gfn_t gfn, kvm_pfn_t pfn, int *token); void sev_post_unmap_gfn(struct kvm *kvm, gfn_t gfn, kvm_pfn_t pfn, int token); +void handle_rmp_page_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u64 error_code); /* vmenter.S */ From patchwork Fri Aug 20 15:59:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449849 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D643FC4338F for ; Fri, 20 Aug 2021 16:02:15 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 75BAD61250 for ; Fri, 20 Aug 2021 16:02:15 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 75BAD61250 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 6B9958D0026; Fri, 20 Aug 2021 12:01:14 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 66E578D0007; Fri, 20 Aug 2021 12:01:14 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 41EDF8D0026; Fri, 20 Aug 2021 12:01:14 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0172.hostedemail.com [216.40.44.172]) by kanga.kvack.org (Postfix) with ESMTP id 27F458D0007 for ; Fri, 20 Aug 2021 12:01:14 -0400 (EDT) Received: from smtpin39.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id D87411848227E for ; Fri, 20 Aug 2021 16:01:13 +0000 (UTC) X-FDA: 78495923226.39.88A76BE Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2051.outbound.protection.outlook.com [40.107.237.51]) by imf10.hostedemail.com (Postfix) with ESMTP id 60095600198C for ; Fri, 20 Aug 2021 16:01:13 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GNtdheegf3wE8JuydpaXyJQlBXYPveC1kxvhNo/OKpSYl5mYK3C4FObg1NNl2X4ZFit50waj2xc/ScLeaPXYJhI+bHt1FMmWLOaoN+O7JJckvb+Ihqw6GVNPpiQfiMJyx61fK6206/Idn1kcIwGTnd5mBl96zE0BR0Yh2GA+2ObIynXdr+yJPztcX38RsFBT939Og9RW0SznO/780eDN3sT+AODwC3qJgxpPJyZCwLRdAkv/3OxM5dWQntzzS6iuuISWlhji1NFlmWbd/YJs5PIGt8RnlX9AviuuNzhqI6CrC9CSLO3OuGXVlVpKvSgqX6sK0YJNw34J7G1LtVydBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uRGZKPT1LVLFSeaxpWyDmwYuCh+rzJbFgCIU4mfQB4Y=; b=LquB5KyJ1WMUFCp0qsVKDRaOFdhJ2PIRPS9KsHFZqaozV58MnF18ov5I6obWxFLegl2MkQEtP8KDjJ9FXbBy4GGZAhJoypvntL/n1O6jO/HznM7zgsMKh3iCk+fc6ZIsFggNf1sksP4hdunb5PkHhMRrLYJOctfz2igEQbjn3KecGl//7wKT9nkYA9N4apv7zkfkpXMzdtqr1GpE2YHZYiakxcgXZTOwcb0GCtDGMh3u/pFSOYfH1rgkSk36fNBnBoWH4oXYAjF98sHyeeABIZdcf30i1FjoOtr2MKA4K1B4nRi8IfwbN+FjsSe0sHQLE+Z+WX56am/hAVXWQ26kZg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uRGZKPT1LVLFSeaxpWyDmwYuCh+rzJbFgCIU4mfQB4Y=; b=cPzd20Pyovu0wokBLv8pyZKTV0vv+sAoh5gb4LmxwVyTEipfCI93HCes/a1zLSPUjJr+5LAQwl72l8Aymoi6srNI7+jn8IRq6n5u1ya1N4x3t7Jtyv8wn32iWNEE1xv/qhB8c0Fu02uSIrvn4aSgFaeWaIsdTAjX5ijTVVgYi5k= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4509.namprd12.prod.outlook.com (2603:10b6:806:9e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:01:09 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:01:09 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 42/45] KVM: SVM: Provide support for SNP_GUEST_REQUEST NAE event Date: Fri, 20 Aug 2021 10:59:15 -0500 Message-Id: <20210820155918.7518-43-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:46 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 406c1495-5cc7-41d9-610b-08d963f3ac88 X-MS-TrafficTypeDiagnostic: SA0PR12MB4509: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: dvnNlOFTrRWQhAwV8djxWjZ6Pf4Jtqx1alO6EzvA1hL7R8dA6iPHDs3qjF2IM0JrHVU+sR5bnNOkG6X5wxvrcgh1Cyz3thHaciL486SRkWjAg6Ygccl30bheSV0jUJdV4iyafGZs6TZDE2yrV8ywVw1yEsSKIZAqjKMWIDP5g9TvD5bdhUPOiz2kPtffUf2uIzGUEqPw/IrO+PgL3Fg2cMwUG+6zQkkii9m6D7TqrKRCRsyilUVQRW1GPQcj9yz57LrARQpD3oTSwE1tP114ArViB4UWyWuXLfJQnC6p89BkA6G6pAoxRTM5mNJzI0Z03aVWALoWhTp8OYDAQkAX98CGnSLrZvQ5Uahg3jLea9BFgwFt5a6dODXwE0Txp6S3JM6ant2G2wW93GDvLntsykKwuyeMbX3B8Ogc38Cw9ky/qQh47LcP0Fnprp8lq67VGhfy3zccIYqsFENSUlbvqvfq0y9vvlMK5exEjsgybb0qj5kUDHLmUfGn8u79od2P/utzFaHbEOpB+395K771AcEfJtABYKaykPeATrXhNmEmflmEgTPHlVH/eho459tFpZce2kdyy1VzaVjik0tFwUfs5at+zgHiUosIEm2yHaGFM51jOYvy/RTG+iTiZHItPEspZsrT0FwUlWbvird54mcifFE23h71q8WDL0LgDq4oIrpHFHusfW6RUOUYPO17vN/DK7R0f9DAyMZxIfpaIA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(508600001)(4326008)(36756003)(7416002)(44832011)(54906003)(316002)(66946007)(66556008)(66476007)(86362001)(7406005)(956004)(6486002)(2616005)(2906002)(83380400001)(38350700002)(38100700002)(186003)(5660300002)(8936002)(52116002)(1076003)(7696005)(8676002)(26005)(6666004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 6mNYwgZj45QQINxcyWOuqq1LJwpWWMypdUD2NS9wc2Vi73Yrnx8gw14ul9fipoKXjB2kfXCDX8yGuTczQ5eCES5IQFtxyukbhYq0roWyDU2Kf1rT/q6x5Ka56ih9Df2aBQqb8BA9r4k5LWwEqYRFn0NSJ0Bc88gn13mMfyUElT/4j2gFY+KnB0kChleNYu7K2nX+k9x14A5xpt7sUdEzn+yT3CX6js1YXNvSoTnhlRILtgwIn+e+ss01rbP3BaB/A2zrW0SEzAPtaxs+PLZ9yvGRlewujTwg3q28RLfPctPPd3fZYX9KJQmmCaC+4I31+oz+RNcnF04GPX9jqFOWNnTfNNWxd2arpAeA0P8KiC9anyfuIYQSJbZhvrjrNn9I5E7EEWaDOorEn0W5B7VimAb+HvhnO7rr+T9g7MBJ8EiYvLqHAkHxlZwlfNohbgIkx6P7fa67RhYJjmLDjrm1I3/01WdWENsuU5D7KSu/2vqrKPgVQnjm6DQOMBRKkVujhukc8imkHB/ZR4iYhjOaE+yxBYvKsI5cx33lYgjBCMnfTx8+6HxmegqfSfA2pmVxPa81FSeAvaLl4ieD5MGo3mnNvjjcLm1TPJdZ+S2Az0W/w6feTAIWLqDLf66Cbta0N8WqylloV0qmlePND9zHxgOMGVENKzLBKckIZdPiCLU+ESS0S5gZy0RNgZ46SLG4LaH2IVdlflKSWDTmftWb1wChL4WXlBkC/ouixzdpNp86mCgyfnH4Jmk756+2YGnJsfuc5kzkWb3sOCtOGaGlq7dr3BTwwe/7dDgGwUmx1anP2xeD19emgaqtbqOpe6v/M1BEzuub+HJijMxaEgLldFwSVBfATeqrnUlyLnHFoZ7P8YRS5I/5fuZnSbcS5ZiPOQSUYZahifD6dFUDWtQCtaTM2q3nxWSbSa2iTvF2dGdSSduaDWMzY9B3KG3bgcuL0io/tp0GUJvB/X1H+un7O4xXDqkYSfwSbnn45RxahpySW3PrjWpZs1hXdD+VjZyMLSCH8ly0L7lppj+It9PL+uqmEpMuG2Hjxjgoq0cA3JkpSn2PutzKe/LgMPLaZl4zZxthI+sFsbAvGsVzkyDsUxcoEcSGDuSeEwXuc+WkXj0tPE2rYqqiC4puHUMuo9CD3cvJsYuJXee08zJShf/S3aJM7Qk1F1sZzcRDXau6EHMtT2Da8VxeUlMRVHLMHKdyivGphZCVDzKZY0GZ0LtLM610ymNCwbYjsASK0cB6npUJUQmXFILzh0/gblCnQpbvrJwAoOogRANUoSqRTp9QNvcneItU39L9M+AKPcFkFkKwohWlGt36pPYl8Y4WVsW+ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 406c1495-5cc7-41d9-610b-08d963f3ac88 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:47.4446 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: jC1DdN1CVYrJYeoE8fY4sl/8d4eR5JYPRyyPRCGaYTyc+emDIMVOxrYj0HgkI89rqwpCEHI1SkIfNoKP9jBQPw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4509 Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=cPzd20Py; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf10.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.237.51 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Stat-Signature: e1y7syqfajnojx7zu9zswnsnpu88sgee X-Rspamd-Queue-Id: 60095600198C X-Rspamd-Server: rspam05 X-HE-Tag: 1629475273-355740 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Version 2 of GHCB specification added the support for two SNP Guest Request Message NAE events. The events allows for an SEV-SNP guest to make request to the SEV-SNP firmware through hypervisor using the SNP_GUEST_REQUEST API define in the SEV-SNP firmware specification. The SNP_EXT_GUEST_REQUEST is similar to SNP_GUEST_REQUEST with the difference of an additional certificate blob that can be passed through the SNP_SET_CONFIG ioctl defined in the CCP driver. The CCP driver provides snp_guest_ext_guest_request() that is used by the KVM to get both the report and certificate data at once. Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm/sev.c | 197 +++++++++++++++++++++++++++++++++++++++-- arch/x86/kvm/svm/svm.h | 2 + 2 files changed, 193 insertions(+), 6 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 712e8907bc39..81ccad412e55 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include @@ -338,6 +339,7 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) init_srcu_struct(&sev->psc_srcu); ret = sev_snp_init(&argp->error); + mutex_init(&sev->guest_req_lock); } else { ret = sev_platform_init(&argp->error); } @@ -1602,23 +1604,39 @@ static int sev_receive_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) static void *snp_context_create(struct kvm *kvm, struct kvm_sev_cmd *argp) { + void *context = NULL, *certs_data = NULL, *resp_page = NULL; + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; struct sev_data_snp_gctx_create data = {}; - void *context; int rc; + /* Allocate memory used for the certs data in SNP guest request */ + certs_data = kmalloc(SEV_FW_BLOB_MAX_SIZE, GFP_KERNEL_ACCOUNT); + if (!certs_data) + return NULL; + /* Allocate memory for context page */ context = snp_alloc_firmware_page(GFP_KERNEL_ACCOUNT); if (!context) - return NULL; + goto e_free; + + /* Allocate a firmware buffer used during the guest command handling. */ + resp_page = snp_alloc_firmware_page(GFP_KERNEL_ACCOUNT); + if (!resp_page) + goto e_free; data.gctx_paddr = __psp_pa(context); rc = __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_GCTX_CREATE, &data, &argp->error); - if (rc) { - snp_free_firmware_page(context); - return NULL; - } + if (rc) + goto e_free; + + sev->snp_certs_data = certs_data; return context; + +e_free: + snp_free_firmware_page(context); + kfree(certs_data); + return NULL; } static int snp_bind_asid(struct kvm *kvm, int *error) @@ -2248,6 +2266,8 @@ static int snp_decommission_context(struct kvm *kvm) snp_free_firmware_page(sev->snp_context); sev->snp_context = NULL; + kfree(sev->snp_certs_data); + return 0; } @@ -2746,6 +2766,8 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm, u64 *exit_code) case SVM_VMGEXIT_UNSUPPORTED_EVENT: case SVM_VMGEXIT_HV_FEATURES: case SVM_VMGEXIT_PSC: + case SVM_VMGEXIT_GUEST_REQUEST: + case SVM_VMGEXIT_EXT_GUEST_REQUEST: break; default: goto vmgexit_err; @@ -3161,6 +3183,155 @@ static unsigned long snp_handle_page_state_change(struct vcpu_svm *svm) return rc ? map_to_psc_vmgexit_code(rc) : 0; } +static unsigned long snp_setup_guest_buf(struct vcpu_svm *svm, + struct sev_data_snp_guest_request *data, + gpa_t req_gpa, gpa_t resp_gpa) +{ + struct kvm_vcpu *vcpu = &svm->vcpu; + struct kvm *kvm = vcpu->kvm; + kvm_pfn_t req_pfn, resp_pfn; + struct kvm_sev_info *sev; + + sev = &to_kvm_svm(kvm)->sev_info; + + if (!IS_ALIGNED(req_gpa, PAGE_SIZE) || !IS_ALIGNED(resp_gpa, PAGE_SIZE)) + return SEV_RET_INVALID_PARAM; + + req_pfn = gfn_to_pfn(kvm, gpa_to_gfn(req_gpa)); + if (is_error_noslot_pfn(req_pfn)) + return SEV_RET_INVALID_ADDRESS; + + resp_pfn = gfn_to_pfn(kvm, gpa_to_gfn(resp_gpa)); + if (is_error_noslot_pfn(resp_pfn)) + return SEV_RET_INVALID_ADDRESS; + + if (rmp_make_private(resp_pfn, 0, PG_LEVEL_4K, 0, true)) + return SEV_RET_INVALID_ADDRESS; + + data->gctx_paddr = __psp_pa(sev->snp_context); + data->req_paddr = __sme_set(req_pfn << PAGE_SHIFT); + data->res_paddr = __sme_set(resp_pfn << PAGE_SHIFT); + + return 0; +} + +static void snp_cleanup_guest_buf(struct sev_data_snp_guest_request *data, unsigned long *rc) +{ + u64 pfn = __sme_clr(data->res_paddr) >> PAGE_SHIFT; + int ret; + + ret = snp_page_reclaim(pfn); + if (ret) + *rc = SEV_RET_INVALID_ADDRESS; + + ret = rmp_make_shared(pfn, PG_LEVEL_4K); + if (ret) + *rc = SEV_RET_INVALID_ADDRESS; +} + +static void snp_handle_guest_request(struct vcpu_svm *svm, gpa_t req_gpa, gpa_t resp_gpa) +{ + struct sev_data_snp_guest_request data = {0}; + struct kvm_vcpu *vcpu = &svm->vcpu; + struct kvm *kvm = vcpu->kvm; + struct kvm_sev_info *sev; + unsigned long rc; + int err; + + if (!sev_snp_guest(vcpu->kvm)) { + rc = SEV_RET_INVALID_GUEST; + goto e_fail; + } + + sev = &to_kvm_svm(kvm)->sev_info; + + mutex_lock(&sev->guest_req_lock); + + rc = snp_setup_guest_buf(svm, &data, req_gpa, resp_gpa); + if (rc) + goto unlock; + + rc = sev_issue_cmd(kvm, SEV_CMD_SNP_GUEST_REQUEST, &data, &err); + if (rc) + /* use the firmware error code */ + rc = err; + + snp_cleanup_guest_buf(&data, &rc); + +unlock: + mutex_unlock(&sev->guest_req_lock); + +e_fail: + svm_set_ghcb_sw_exit_info_2(vcpu, rc); +} + +static void snp_handle_ext_guest_request(struct vcpu_svm *svm, gpa_t req_gpa, gpa_t resp_gpa) +{ + struct sev_data_snp_guest_request req = {0}; + struct kvm_vcpu *vcpu = &svm->vcpu; + struct kvm *kvm = vcpu->kvm; + unsigned long data_npages; + struct kvm_sev_info *sev; + unsigned long rc, err; + u64 data_gpa; + + if (!sev_snp_guest(vcpu->kvm)) { + rc = SEV_RET_INVALID_GUEST; + goto e_fail; + } + + sev = &to_kvm_svm(kvm)->sev_info; + + data_gpa = vcpu->arch.regs[VCPU_REGS_RAX]; + data_npages = vcpu->arch.regs[VCPU_REGS_RBX]; + + if (!IS_ALIGNED(data_gpa, PAGE_SIZE)) { + rc = SEV_RET_INVALID_ADDRESS; + goto e_fail; + } + + /* Verify that requested blob will fit in certificate buffer */ + if ((data_npages << PAGE_SHIFT) > SEV_FW_BLOB_MAX_SIZE) { + rc = SEV_RET_INVALID_PARAM; + goto e_fail; + } + + mutex_lock(&sev->guest_req_lock); + + rc = snp_setup_guest_buf(svm, &req, req_gpa, resp_gpa); + if (rc) + goto unlock; + + rc = snp_guest_ext_guest_request(&req, (unsigned long)sev->snp_certs_data, + &data_npages, &err); + if (rc) { + /* + * If buffer length is small then return the expected + * length in rbx. + */ + if (err == SNP_GUEST_REQ_INVALID_LEN) + vcpu->arch.regs[VCPU_REGS_RBX] = data_npages; + + /* pass the firmware error code */ + rc = err; + goto cleanup; + } + + /* Copy the certificate blob in the guest memory */ + if (data_npages && + kvm_write_guest(kvm, data_gpa, sev->snp_certs_data, data_npages << PAGE_SHIFT)) + rc = SEV_RET_INVALID_ADDRESS; + +cleanup: + snp_cleanup_guest_buf(&req, &rc); + +unlock: + mutex_unlock(&sev->guest_req_lock); + +e_fail: + svm_set_ghcb_sw_exit_info_2(vcpu, rc); +} + static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) { struct vmcb_control_area *control = &svm->vmcb->control; @@ -3404,6 +3575,20 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) svm_set_ghcb_sw_exit_info_2(vcpu, rc); break; } + case SVM_VMGEXIT_GUEST_REQUEST: { + snp_handle_guest_request(svm, control->exit_info_1, control->exit_info_2); + + ret = 1; + break; + } + case SVM_VMGEXIT_EXT_GUEST_REQUEST: { + snp_handle_ext_guest_request(svm, + control->exit_info_1, + control->exit_info_2); + + ret = 1; + break; + } case SVM_VMGEXIT_UNSUPPORTED_EVENT: vcpu_unimpl(vcpu, "vmgexit: unsupported event - exit_info_1=%#llx, exit_info_2=%#llx\n", diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 280072995306..71fe46a778f3 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -92,6 +92,8 @@ struct kvm_sev_info { u64 snp_init_flags; void *snp_context; /* SNP guest context page */ struct srcu_struct psc_srcu; + void *snp_certs_data; + struct mutex guest_req_lock; }; struct kvm_svm { From patchwork Fri Aug 20 15:59:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449851 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7903C4338F for ; Fri, 20 Aug 2021 16:02:19 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 7191861221 for ; Fri, 20 Aug 2021 16:02:19 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 7191861221 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id CFBF68D0027; Fri, 20 Aug 2021 12:01:14 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CAB088D0007; Fri, 20 Aug 2021 12:01:14 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AFC518D0027; Fri, 20 Aug 2021 12:01:14 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0059.hostedemail.com [216.40.44.59]) by kanga.kvack.org (Postfix) with ESMTP id 93BCA8D0007 for ; Fri, 20 Aug 2021 12:01:14 -0400 (EDT) Received: from smtpin38.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 502F61848227E for ; Fri, 20 Aug 2021 16:01:14 +0000 (UTC) X-FDA: 78495923268.38.25F84CD Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2051.outbound.protection.outlook.com [40.107.237.51]) by imf10.hostedemail.com (Postfix) with ESMTP id E1B15600198C for ; Fri, 20 Aug 2021 16:01:13 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=P4e4I4WQlD056UUR+LDDow/+cjcoO9crrtoA7KQxA/RT/uu1vpDQqPcs+fw6DmBvtXHuEEZe/Bjg4a+mOl7V3AD0ZPsTopaBA2U5eCbnkMFTKs3dUWWFzoAM1Pjo3sk5jb0N2SKPbFBiUWuyBT9OEiECMt7IN4b1rFUmy/M6MGlZOJAUumTbWckak7kcp/S4HL2pqzcOof/75E/dGp/ZBXA0Z09fUCaOW4GByCP7VuAFx1PYTzSN7z1/TPyfqB4sE2/e4jCWF6jCZ2GaKl3VCXrJSgdJhgto2bhUWizpl+i33yZthQWGUTZ6a3OwRu8Ocsn9QTz2IHdzU+fpSJUE8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jgGy54dnJkrivIr9eJV5SEJ/kD8j1HP7vpZl/8sU0RA=; b=ZA6fmE8B0z+pSqvVB/UC2GdVhG0NO9dLgDblIHycuMZddqSb98amAeJBf3pKgONUWVFlu/pNtnYHTN2YX2jIPE0gNejn3R7SdDdNcBvdWb3oSl0JuqcL4onndbXRMOkORu/47JNIjqGiUpAy8IDtZNuGDTtJylNwmboyMCJM6boK97vme0hYBgYOQM29Gw8s8DAXqBCif244tx89As12/ZWcuGzVMDey3n57CQlgDjhqq6y6+rI4tx68yhTczdbhhqsH7qraLPfqXWgBZn67OYgMTzaz6+P3+hWd0vEF3wRLYH0BaYvPRE6Vu2hxGlUYVrETgXotfle5dKP7tp0Kbw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jgGy54dnJkrivIr9eJV5SEJ/kD8j1HP7vpZl/8sU0RA=; b=EVRX/8qCGaI14kUNdhV4IKIUAM+WBHbRSbEfdULq42NicloGRfmB70CJVzaj0A99XIVyh5d+OnZf1v9XBHwaYRgEFXvjpeO1gID3PZt3SzKOE7Wgnb3vTyZ+YDTaIBb/IbowFc9NPpXV6noztkWfgQKEP7Ft/91UPU3YH+zNvkA= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4509.namprd12.prod.outlook.com (2603:10b6:806:9e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:01:10 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:01:10 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com Subject: [PATCH Part2 v5 43/45] KVM: SVM: Use a VMSA physical address variable for populating VMCB Date: Fri, 20 Aug 2021 10:59:16 -0500 Message-Id: <20210820155918.7518-44-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:47 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 1bde20be-330a-48cb-7b6b-08d963f3ad3c X-MS-TrafficTypeDiagnostic: SA0PR12MB4509: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: jGx/slJKI788K8bBwDS3vhaYyv+Y9cv0cE13gSgkNjfh6lUbuvlOmFWV0Ja235VnQ2tbqYFykDY8hlWa+MEQmih3bocDKPiHBe+LLcIP9lGm17YTPW64NRe/Aj/SiM1Uy6Yc+CYl1XkSqHau3Oai1wTKt2AHneJtUd0b2pZ3GOkvx2yJNsuHHiR7Dhb+Gyhdrg3oWgjFBgYa6GkX8FrrEXCWUPTgXiPdlY8ZoADzlzZsuHGuUKMMx49g2kHCGlGBF4i8xdecf08oXHyCXA3q3tdaIvUTMWHB7bHfB7e7OGfiGZJtJJEdtf0nMm4+H//OL2xct1XFFU8sn8Db+0Pe09CxD0PNiW75pO07j3YySLGhZ414qsb7xRSF9cdetZDL+0HPU99RYdOAtmTfYqL46Kh0aGQns7xLwLIS/LGNIRrgL2D9bdYiXJ65HkNHWr12EHg6qDP/2BmVHDK0hhbAniFu60v5vAhYUQCm4f08E0w3Z1bPP1cgd+5XHrKHoO9gwXrLJhrraBYH1gVj8qdyewvKGMlM65RlbPiSatFnR9z9GG0KyXF3x+F+veocIa4qKofOnLOAfD7Jq6txzSgqxVR95TmTdNqPzXarcXBlWyUAfhwnSXbGjDpIN/H02JUIYbcT2neuJlQLckCShsCLeUilHmZ0YVOU7KoxL/kiT+PkruwlLG7WCTcJrEmyXUp9wXSmxauOgMFqvzs9Jgt3EQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(508600001)(4326008)(36756003)(7416002)(44832011)(54906003)(316002)(66946007)(66556008)(66476007)(86362001)(7406005)(956004)(6486002)(2616005)(2906002)(83380400001)(38350700002)(38100700002)(186003)(5660300002)(8936002)(52116002)(1076003)(7696005)(8676002)(26005)(6666004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 4JtmKJWKk6l0BlUGxidwA87nFdQ++XUtG8DhXe/J4vSVP0OkR7T3LuhtibVUjUCqW9/TGzTP/d8ckJQtrWMLPdVShQxCXCBqi9EQ+qGUcQBSXkCXTbC+rpt8OOby9q7+n7VNQZDpu64w+nJNz8XvzY1nWWKXldVrHoK+fUGsuzEF+oZSmkd1OXR7xOsjRpqLZJ+QfqFHG5RqHhn8cjhuE51C71S7jcCfzVs2b/DZXzXgaB5V8+j4TdshecaA94duvjWDM3943uLAHBnIGY+X4xNBZ308yboQr5wCOVHD27yaQFJtiKZq+JuixI+R4nIAAM6HXZQQzRF/C5ve1mHoHfwkXmqX18m80ajqzaIkigi+8XUhM70NjF72YEXeRaIqbcpLvvNXSGupDrU0b7Jv4Cw8/pBb/AndeO4q22fd0fWxi0wK9pwydDEVfspmSCeHzqqtOcNe7Kec8ZisRxyKeilVMiaWGFSEgxG1tiPljYbEDtitaFCDcpKYvIU6+3eX/v+LcC0Sk1Fzn2ov1H7enLNoh9SGDOO3peAsjCFoks5i81WyHzZ/m6m5Tx/P2C1+BHIMxrIanLeR7160IVXUIQtF3wwK2U2gkqi9V6mNE8hzo2RU9n03PfAcf0sbHSA1QqndOsgKPGeBnsU8Es4ngkmP6/jYSgtkd4C68Es7ut60F6Pvb7s6WoAq4QdMu7oQGqJIVdobtJXGtP2O7dB7kuHpdrAY1ZjPvTzx/6gZ0zgY/dJyYelwSsDhmBb5Eud/z+Hkowf8peHRPW0UWQELeNJddT40lL5zAhQ9tlLW2hxgn/8ERRP2T8TkSyNhG69PwWW5Ou2D9T60ksTfBjbgZoyMxrE+TbOsFmcqQQeITL6p6IeibamF1Nfj2psCaG/Kslwohk0AlppuXQr4LdDnwhCcWEzHlkJrn5lL0kXYTV55T80NBJjLR+MBefrQwbKa/dvx/bb57uj9ILVfVImIbtVPpJ5/2aoQO1Gx1El8W0TBEa00G7lRjII1OI/qThGM5KFy+u4DdbYrO16z0i5QVJv7uwyOquD2OvCkqaDeXobsBlBKtlZeYjUz6kiWoPKgbGGEYSXyluOJaupDoRfAiHJWktP+gPpiVbeKhpQTpZ5LMLkrsfiPFGYZT+pnnljHFfT4STa4qOt/qeDPR5zubUKwOQUkAM41ARizPQwDc+lFiHlh9qLZfgqshgzaa+tTAuJP8fgRjB78D98SjSU7T/u9pgpkyYkAxnSkCov5iZ4oAWmj8HSbon5KHqPFzBbLoGqhO8nUFDgUtDPIcWVzBHJpJMvSVCBUeBWRvxPh3X9WnR8lGNYh4Uk0Mb2kxteB X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1bde20be-330a-48cb-7b6b-08d963f3ad3c X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:48.5969 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: uxkdFAa+z3sW9ePyL7RVdF00vj7kXWpz66ufjoJb2UviR56CXNznBXbO6Q5TeafIivNANRNf71K5sMiT7LwxUg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4509 Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b="EVRX/8qC"; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf10.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.237.51 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Stat-Signature: xyzjsmhd9dsft1h1p4p5kq89aatbsper X-Rspamd-Queue-Id: E1B15600198C X-Rspamd-Server: rspam05 X-HE-Tag: 1629475273-165657 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Tom Lendacky In preparation to support SEV-SNP AP Creation, use a variable that holds the VMSA physical address rather than converting the virtual address. This will allow SEV-SNP AP Creation to set the new physical address that will be used should the vCPU reset path be taken. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 5 ++--- arch/x86/kvm/svm/svm.c | 9 ++++++++- arch/x86/kvm/svm/svm.h | 1 + 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 81ccad412e55..05f795c30816 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3619,10 +3619,9 @@ void sev_es_init_vmcb(struct vcpu_svm *svm) /* * An SEV-ES guest requires a VMSA area that is a separate from the - * VMCB page. Do not include the encryption mask on the VMSA physical - * address since hardware will access it using the guest key. + * VMCB page. */ - svm->vmcb->control.vmsa_pa = __pa(svm->vmsa); + svm->vmcb->control.vmsa_pa = svm->vmsa_pa; /* Can't intercept CR register access, HV can't modify CR registers */ svm_clr_intercept(svm, INTERCEPT_CR0_READ); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 3ba62f21b113..be820eb999fb 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1409,9 +1409,16 @@ static int svm_create_vcpu(struct kvm_vcpu *vcpu) svm->vmcb01.ptr = page_address(vmcb01_page); svm->vmcb01.pa = __sme_set(page_to_pfn(vmcb01_page) << PAGE_SHIFT); - if (vmsa_page) + if (vmsa_page) { svm->vmsa = page_address(vmsa_page); + /* + * Do not include the encryption mask on the VMSA physical + * address since hardware will access it using the guest key. + */ + svm->vmsa_pa = __pa(svm->vmsa); + } + svm->guest_state_loaded = false; svm_switch_vmcb(svm, &svm->vmcb01); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 71fe46a778f3..9bf6404142dd 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -199,6 +199,7 @@ struct vcpu_svm { /* SEV-ES support */ struct sev_es_save_area *vmsa; + hpa_t vmsa_pa; bool ghcb_in_use; bool received_first_sipi; unsigned int ap_reset_hold_type; From patchwork Fri Aug 20 15:59:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449855 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 29D14C432BE for ; Fri, 20 Aug 2021 16:02:27 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id BDBC261221 for ; Fri, 20 Aug 2021 16:02:26 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org BDBC261221 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 24C758D0029; Fri, 20 Aug 2021 12:01:16 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1D62F8D0007; Fri, 20 Aug 2021 12:01:16 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F22108D0029; Fri, 20 Aug 2021 12:01:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0171.hostedemail.com [216.40.44.171]) by kanga.kvack.org (Postfix) with ESMTP id D2E208D0007 for ; Fri, 20 Aug 2021 12:01:15 -0400 (EDT) Received: from smtpin03.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 81A22824C43E for ; Fri, 20 Aug 2021 16:01:15 +0000 (UTC) X-FDA: 78495923310.03.73A9828 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2051.outbound.protection.outlook.com [40.107.237.51]) by imf10.hostedemail.com (Postfix) with ESMTP id DDA18600198E for ; Fri, 20 Aug 2021 16:01:14 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZoTh3DZBhIpDQJ+SRWuDp3x6IZYpP885RrHAfS5lZWlieqmfhFRw+vILK61e/Ua8iuCMXfJ5GnpS3MXOm8n6ZpB+2GP3Jke1n8qsSjiE4lCZc26AZ4cxJ6FtJXdxj7bEP5/Thy7e3bLUYbzRWv/Fl6DAm3JU7bUkjB0gQs81WiJtBr5B7pbqCNr9jtjjPzW2nY5d7mnSK7QVt9Rvc9gBH852OhahRkAVk85Izfxzlot3afbtG+7zgE3P6mTfQeQteBNJNE7Wov6IJwVsq6Vzp1j6g9OEdhpg5sMYjYSpqEXx1eGMGdhX7x5mK+AzDT1/BVgVc2OhZ/uUrVro9EQ5IA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9Jnc8826SaxneZ/hmGLQnqlgePBBme6Gmk5hvvmG1oY=; b=lzXSxGWmOeXFn6k4vFynHyyTvImFLgLe5XxCvxxcmJjR4EFkPmMT514REuERwXtiCOrQuLZx4hp3YhfDpoKnFDwaIGOLNb+WNUZKjSsk5GWThbVc3EExY8+9h2BGvmnt8rIj25lBghFSTLa3Svkolu+Qmy4eYSIpIwc88VO9+v+sdKK+ahJG96NzWok0BRG4aVHz3ahJRscukskVtLT8mrG/0r610dSG3rkrUFrJN+FwTIwivTJDxDR5eirOp8/G5MA8V0f7KDayNjaZyZpJJH83QNHwsd7ElUVq3kYwXf8QhwwSsdHrJbzt5aacD7FWBPUYYvl6lYjOauytkxVNIg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9Jnc8826SaxneZ/hmGLQnqlgePBBme6Gmk5hvvmG1oY=; b=MOG1GqpZYlxC/jeI6OL4jfrFP8OHeUYI84bgPAxrx03igkh4bPps/Y0zIU2XmjJFD10YtRvfnFriJAT+h1DkXt/j2Wks8f2l+CU+cQKAqYAAJ925EcNwbD3VesSx/ZL5IH6zrzt5md4wj9yPDVWrhDLgOau6pMiMEfZRDBLkYlM= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4509.namprd12.prod.outlook.com (2603:10b6:806:9e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:01:10 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:01:10 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 44/45] KVM: SVM: Support SEV-SNP AP Creation NAE event Date: Fri, 20 Aug 2021 10:59:17 -0500 Message-Id: <20210820155918.7518-45-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:48 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 91c65fce-b0ec-4dd4-7331-08d963f3adee X-MS-TrafficTypeDiagnostic: SA0PR12MB4509: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4303; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: XsOSIq+8r9p5+QIK/wih3iblcZQLB+fuBVPAmqYXyfBcBTyqW64jnUH/na6GvdZWb7u1o6SL8C5PJpJhxI6Yu+EOF8mxfcEEyqATlpw30mwHOlsyWAk7Gt1j85ChTiHzaTCswrOmN4KAvpSeahOZSFauSV1/wu22GX/EMM02qlZpD49DknF03gOZoSIHg5lkgDLbgqAsCrNTXlfJNPqrXdykQYh5TJWLrjtUj8RcyLSJ3EhimAT7uTJ/+38JVJmnwpxFRZ7+j9EkTTGcH4rgHCut2GZpFGgPJH5JCIfUwv94a6JWkpA+nuNLOP0QgTYRdnygu6hJDbv6SkVNHTNn+ymlsmmvlEJrhhEbQ6weaAJSkyjwI9c15wG93HpXMawxDhRRJB7v4+HuUBmdUQfo2dBXeGF6DI5Qz90IXVWS5vnAmaP/lozYXvd0LMQjgX26fLt1ayaPJw9AVuK9Q+KYH6GJsD/7jhwiqqBkBV/UXjbON7eblNuI0yAeWdGNd+xcU+q9DAVtidMIN6ZMiv5pC+nE6oPJzsVFyLbvr80KksDBOAbA2VlgLDZDXzmiN3i1W9e/+lX+000244LTjMKebsjOqqFrGhnwHAinDASUan7xmSL7X0HDT5URZWakgYe8f7W/CAMmw/P6rI56spI/YCV2V4vGL5FCMuyBwtuH9pwOxKq65ERNQHac42uM931rvNTIdc5RDVsA8BH/26u+3g== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(508600001)(4326008)(36756003)(7416002)(44832011)(54906003)(316002)(66946007)(66556008)(66476007)(86362001)(7406005)(956004)(6486002)(2616005)(2906002)(83380400001)(38350700002)(38100700002)(186003)(30864003)(5660300002)(8936002)(52116002)(1076003)(7696005)(8676002)(26005)(6666004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: Jbla7kgeCUO6bqShGA0ej3wnNav72xN3PHbnI4us75ozlCCEIfBzdo3ZpG4kRio8XXdvTbeFWoMSg6Go11Y04hPkbainygYMcLyql1d2jAC4ECeUIHPQHLnIH5OSnDukVA0fsH/EUcQR4Mblyz3UHEPRPuf4Zmt7ul2kXnUtdFlRh7X5ctyBisqRMA7T5vzaw9WhBG/m7+mL8L1rRLCFdcGdcYvd4lKfjOhCN83oom3b7DuNAhJo/j4U7THnpWQNj5RoAWdmT+fnZgJmSGGa0k63qWmZX3nyIwiObmHxjVxhza10bJZchdONE04tHRmNdPqW3S0BiuWMODbEjY4m65QnJTvhq6T6iUPpMkvkxlDUQdvP+XKnA/qbV2DmSboUOllhwLbSiAodygYym2TQwTaRjYeMWQwSbcoYy2Ufei8IL3eb4IXUxLpPn4+zKZ2YjSlZW2Rw3Ibg/D4gwQ+4+9ZyZNtHz6iqmTpY2PoXXWjI9Vmo0Dt/TgJjjLpClOtUbogxjbzbrRZqTZL9Md8OoqWOCHgKXp9LXZxD0yp0uY5jXNqIrVORiFvi/boWaEW6R//BY9pgnN8924osMsdzaflbZ5Sg71EK2WiElCEKWrty1jSNIScsDDK8P3KOip2kxPRSErjx8P5QeMGIP5Foqrx6N2m0V2gB9Ca9aRno6ijOlnFzcfeRyW22iVZd5HlwbDwo29zykyJ1sq/I2u2Hg6IRvLAApFqdJe4tP3BS2zVuVo27nhGjXDQk1Fy98lW4W+Bo32JHxpZmQdC/evKAfKyIkJtMdc06LRHUz+TU5+/XyhENuvFlCx9BfDmyMfjc7zh5WUw/PeSvjRvlGgJ7zeqypcUPM41pd2m5adNU5jCvNlpYxB/eWjXtLYecFBwDAlMsorEjYgKDmjGgd68xy9TqJBRBtoxaiR35RSCPTVwuB18XhlWFzyzGJHtL8+/zf2regEC2X/HVpTRixDsZZN1QhQftcsedbXFiihs9jZPtB8I306KZGb3dsWHBWP0yABTGyJk7YMQSanSvnyhdfiFEwtT/yThqV7xJ4BEz29FNZO7XCR/5+o8RDYYE+sKvlRBY8Q7LE6isZSJ59dXgc5IVE6kuNrytM69lKuJowbPiP+QyTTb1l/yX1lViaI4h3lGiUyzxTgwDjWHULdlsM1ev8bR8jrMfU1tRhkbv1STNdbw/ciBKQHkgN89PjAGhfv1ZBDE0PbLMb0esvIJw8Xq88j0NTUxYwyGIuL+NuB/QWgfF3v/CYJQZoN+6buv3teBWqnavDQWSRw0ClJG5KIpwE2gb0VEwvx6rd5iMCPuZlfH+f9URC8DUH37zlQrE X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 91c65fce-b0ec-4dd4-7331-08d963f3adee X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:49.7543 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: CTPvbpP83Yhpxuynx4gC/DIlBVHIZojjCVF+URJ80HiS4N6pKwTL/3D2mi9sv8EQ809FE1TlMvXKM3IYSGqhsg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4509 Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=MOG1GqpZ; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf10.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.237.51 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Stat-Signature: rzrqwzcjrt6hjojm5mebcdxsr5ajhsb9 X-Rspamd-Queue-Id: DDA18600198E X-Rspamd-Server: rspam05 X-HE-Tag: 1629475274-383282 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Tom Lendacky Add support for the SEV-SNP AP Creation NAE event. This allows SEV-SNP guests to alter the register state of the APs on their own. This allows the guest a way of simulating INIT-SIPI. A new event, KVM_REQ_UPDATE_PROTECTED_GUEST_STATE, is created and used so as to avoid updating the VMSA pointer while the vCPU is running. For CREATE The guest supplies the GPA of the VMSA to be used for the vCPU with the specified APIC ID. The GPA is saved in the svm struct of the target vCPU, the KVM_REQ_UPDATE_PROTECTED_GUEST_STATE event is added to the vCPU and then the vCPU is kicked. For CREATE_ON_INIT: The guest supplies the GPA of the VMSA to be used for the vCPU with the specified APIC ID the next time an INIT is performed. The GPA is saved in the svm struct of the target vCPU. For DESTROY: The guest indicates it wishes to stop the vCPU. The GPA is cleared from the svm struct, the KVM_REQ_UPDATE_PROTECTED_GUEST_STATE event is added to vCPU and then the vCPU is kicked. The KVM_REQ_UPDATE_PROTECTED_GUEST_STATE event handler will be invoked as a result of the event or as a result of an INIT. The handler sets the vCPU to the KVM_MP_STATE_UNINITIALIZED state, so that any errors will leave the vCPU as not runnable. Any previous VMSA pages that were installed as part of an SEV-SNP AP Creation NAE event are un-pinned. If a new VMSA is to be installed, the VMSA guest page is pinned and set as the VMSA in the vCPU VMCB and the vCPU state is set to KVM_MP_STATE_RUNNABLE. If a new VMSA is not to be installed, the VMSA is cleared in the vCPU VMCB and the vCPU state is left as KVM_MP_STATE_UNINITIALIZED to prevent it from being run. Signed-off-by: Tom Lendacky Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 3 + arch/x86/include/asm/svm.h | 7 +- arch/x86/kvm/svm/sev.c | 211 +++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 6 +- arch/x86/kvm/svm/svm.h | 9 ++ arch/x86/kvm/x86.c | 13 +- 7 files changed, 247 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h index c09bd40e0160..01f31957bd7d 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -126,6 +126,7 @@ KVM_X86_OP(alloc_apic_backing_page) KVM_X86_OP_NULL(rmp_page_level_adjust) KVM_X86_OP(post_map_gfn) KVM_X86_OP(post_unmap_gfn) +KVM_X86_OP(update_protected_guest_state) #undef KVM_X86_OP #undef KVM_X86_OP_NULL diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 8773c1f9e45e..11ce66fe1656 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -91,6 +91,7 @@ #define KVM_REQ_MSR_FILTER_CHANGED KVM_ARCH_REQ(29) #define KVM_REQ_UPDATE_CPU_DIRTY_LOGGING \ KVM_ARCH_REQ_FLAGS(30, KVM_REQUEST_WAIT | KVM_REQUEST_NO_WAKEUP) +#define KVM_REQ_UPDATE_PROTECTED_GUEST_STATE KVM_ARCH_REQ(31) #define CR0_RESERVED_BITS \ (~(unsigned long)(X86_CR0_PE | X86_CR0_MP | X86_CR0_EM | X86_CR0_TS \ @@ -1468,6 +1469,8 @@ struct kvm_x86_ops { int (*post_map_gfn)(struct kvm *kvm, gfn_t gfn, kvm_pfn_t pfn, int *token); void (*post_unmap_gfn)(struct kvm *kvm, gfn_t gfn, kvm_pfn_t pfn, int token); + + int (*update_protected_guest_state)(struct kvm_vcpu *vcpu); }; struct kvm_x86_nested_ops { diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index a39e31845a33..cf7c88a0d60a 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -218,7 +218,12 @@ struct __attribute__ ((__packed__)) vmcb_control_area { #define SVM_NESTED_CTL_SEV_ENABLE BIT(1) #define SVM_NESTED_CTL_SEV_ES_ENABLE BIT(2) -#define SVM_SEV_FEAT_SNP_ACTIVE BIT(0) +#define SVM_SEV_FEAT_SNP_ACTIVE BIT(0) +#define SVM_SEV_FEAT_RESTRICTED_INJECTION BIT(3) +#define SVM_SEV_FEAT_ALTERNATE_INJECTION BIT(4) +#define SVM_SEV_FEAT_INT_INJ_MODES \ + (SVM_SEV_FEAT_RESTRICTED_INJECTION | \ + SVM_SEV_FEAT_ALTERNATE_INJECTION) struct vmcb_seg { u16 selector; diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 05f795c30816..151747ec0809 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -649,6 +649,7 @@ static int sev_launch_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) static int sev_es_sync_vmsa(struct vcpu_svm *svm) { + struct kvm_sev_info *sev = &to_kvm_svm(svm->vcpu.kvm)->sev_info; struct sev_es_save_area *save = svm->vmsa; /* Check some debug related fields before encrypting the VMSA */ @@ -693,6 +694,12 @@ static int sev_es_sync_vmsa(struct vcpu_svm *svm) if (sev_snp_guest(svm->vcpu.kvm)) save->sev_features |= SVM_SEV_FEAT_SNP_ACTIVE; + /* + * Save the VMSA synced SEV features. For now, they are the same for + * all vCPUs, so just save each time. + */ + sev->sev_features = save->sev_features; + return 0; } @@ -2760,6 +2767,10 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm, u64 *exit_code) if (!ghcb_sw_scratch_is_valid(ghcb)) goto vmgexit_err; break; + case SVM_VMGEXIT_AP_CREATION: + if (!ghcb_rax_is_valid(ghcb)) + goto vmgexit_err; + break; case SVM_VMGEXIT_NMI_COMPLETE: case SVM_VMGEXIT_AP_HLT_LOOP: case SVM_VMGEXIT_AP_JUMP_TABLE: @@ -3332,6 +3343,191 @@ static void snp_handle_ext_guest_request(struct vcpu_svm *svm, gpa_t req_gpa, gp svm_set_ghcb_sw_exit_info_2(vcpu, rc); } +static int __sev_snp_update_protected_guest_state(struct kvm_vcpu *vcpu) +{ + struct vcpu_svm *svm = to_svm(vcpu); + kvm_pfn_t pfn; + + WARN_ON(!mutex_is_locked(&svm->snp_vmsa_mutex)); + + /* Mark the vCPU as offline and not runnable */ + vcpu->arch.pv.pv_unhalted = false; + vcpu->arch.mp_state = KVM_MP_STATE_STOPPED; + + /* Clear use of the VMSA in the sev_es_init_vmcb() path */ + svm->vmsa_pa = INVALID_PAGE; + + /* Clear use of the VMSA from the VMCB */ + svm->vmcb->control.vmsa_pa = INVALID_PAGE; + + if (VALID_PAGE(svm->snp_vmsa_pfn)) { + /* + * The snp_vmsa_pfn fields holds the hypervisor physical address + * of the about to be replaced VMSA which will no longer be used + * or referenced, so un-pin it. + */ + kvm_release_pfn_dirty(svm->snp_vmsa_pfn); + svm->snp_vmsa_pfn = INVALID_PAGE; + } + + if (VALID_PAGE(svm->snp_vmsa_gpa)) { + /* + * The VMSA is referenced by the hypervisor physical address, + * so retrieve the PFN and pin it. + */ + pfn = gfn_to_pfn(vcpu->kvm, gpa_to_gfn(svm->snp_vmsa_gpa)); + if (is_error_pfn(pfn)) + return -EINVAL; + + svm->snp_vmsa_pfn = pfn; + + /* Use the new VMSA in the sev_es_init_vmcb() path */ + svm->vmsa_pa = pfn_to_hpa(pfn); + svm->vmcb->control.vmsa_pa = svm->vmsa_pa; + + /* Mark the vCPU as runnable */ + vcpu->arch.pv.pv_unhalted = false; + vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE; + } + + return 0; +} + +/* + * Invoked as part of vcpu_enter_guest() event processing. + * Expected return values are: + * 0 - exit to userspace + * 1 - continue vcpu_run() execution loop + */ +int sev_snp_update_protected_guest_state(struct kvm_vcpu *vcpu) +{ + struct vcpu_svm *svm = to_svm(vcpu); + int ret; + + mutex_lock(&svm->snp_vmsa_mutex); + + ret = __sev_snp_update_protected_guest_state(vcpu); + if (ret) + vcpu_unimpl(vcpu, "snp: AP state update failed\n"); + + mutex_unlock(&svm->snp_vmsa_mutex); + + return ret ? 0 : 1; +} + +/* + * Invoked as part of svm_vcpu_reset() processing of an init event. + */ +void sev_snp_init_protected_guest_state(struct kvm_vcpu *vcpu) +{ + struct vcpu_svm *svm = to_svm(vcpu); + int ret; + + if (!sev_snp_guest(vcpu->kvm)) + return; + + mutex_lock(&svm->snp_vmsa_mutex); + + if (!svm->snp_vmsa_update_on_init) + goto unlock; + + svm->snp_vmsa_update_on_init = false; + + ret = __sev_snp_update_protected_guest_state(vcpu); + if (ret) + vcpu_unimpl(vcpu, "snp: AP state update on init failed\n"); + +unlock: + mutex_unlock(&svm->snp_vmsa_mutex); +} + +static int sev_snp_ap_creation(struct vcpu_svm *svm) +{ + struct kvm_sev_info *sev = &to_kvm_svm(svm->vcpu.kvm)->sev_info; + struct kvm_vcpu *vcpu = &svm->vcpu; + struct kvm_vcpu *target_vcpu; + struct vcpu_svm *target_svm; + unsigned int request; + unsigned int apic_id; + bool kick; + int ret; + + request = lower_32_bits(svm->vmcb->control.exit_info_1); + apic_id = upper_32_bits(svm->vmcb->control.exit_info_1); + + /* Validate the APIC ID */ + target_vcpu = kvm_get_vcpu_by_id(vcpu->kvm, apic_id); + if (!target_vcpu) { + vcpu_unimpl(vcpu, "vmgexit: invalid AP APIC ID [%#x] from guest\n", + apic_id); + return -EINVAL; + } + + ret = 0; + + target_svm = to_svm(target_vcpu); + + /* + * We have a valid target vCPU, so the vCPU will be kicked unless the + * request is for CREATE_ON_INIT. For any errors at this stage, the + * kick will place the vCPU in an non-runnable state. + */ + kick = true; + + mutex_lock(&target_svm->snp_vmsa_mutex); + + target_svm->snp_vmsa_gpa = INVALID_PAGE; + target_svm->snp_vmsa_update_on_init = false; + + /* Interrupt injection mode shouldn't change for AP creation */ + if (request < SVM_VMGEXIT_AP_DESTROY) { + u64 sev_features; + + sev_features = vcpu->arch.regs[VCPU_REGS_RAX]; + sev_features ^= sev->sev_features; + if (sev_features & SVM_SEV_FEAT_INT_INJ_MODES) { + vcpu_unimpl(vcpu, "vmgexit: invalid AP injection mode [%#lx] from guest\n", + vcpu->arch.regs[VCPU_REGS_RAX]); + ret = -EINVAL; + goto out; + } + } + + switch (request) { + case SVM_VMGEXIT_AP_CREATE_ON_INIT: + kick = false; + target_svm->snp_vmsa_update_on_init = true; + fallthrough; + case SVM_VMGEXIT_AP_CREATE: + if (!page_address_valid(vcpu, svm->vmcb->control.exit_info_2)) { + vcpu_unimpl(vcpu, "vmgexit: invalid AP VMSA address [%#llx] from guest\n", + svm->vmcb->control.exit_info_2); + ret = -EINVAL; + goto out; + } + + target_svm->snp_vmsa_gpa = svm->vmcb->control.exit_info_2; + break; + case SVM_VMGEXIT_AP_DESTROY: + break; + default: + vcpu_unimpl(vcpu, "vmgexit: invalid AP creation request [%#x] from guest\n", + request); + ret = -EINVAL; + break; + } + +out: + mutex_unlock(&target_svm->snp_vmsa_mutex); + + if (kick) { + kvm_make_request(KVM_REQ_UPDATE_PROTECTED_GUEST_STATE, target_vcpu); + kvm_vcpu_kick(target_vcpu); + } + + return ret; +} + static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) { struct vmcb_control_area *control = &svm->vmcb->control; @@ -3589,6 +3785,18 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) ret = 1; break; } + case SVM_VMGEXIT_AP_CREATION: + ret = sev_snp_ap_creation(svm); + if (ret) { + svm_set_ghcb_sw_exit_info_1(vcpu, 1); + svm_set_ghcb_sw_exit_info_2(vcpu, + X86_TRAP_GP | + SVM_EVTINJ_TYPE_EXEPT | + SVM_EVTINJ_VALID); + } + + ret = 1; + break; case SVM_VMGEXIT_UNSUPPORTED_EVENT: vcpu_unimpl(vcpu, "vmgexit: unsupported event - exit_info_1=%#llx, exit_info_2=%#llx\n", @@ -3663,6 +3871,9 @@ void sev_es_create_vcpu(struct vcpu_svm *svm) set_ghcb_msr(svm, GHCB_MSR_SEV_INFO(GHCB_VERSION_MAX, GHCB_VERSION_MIN, sev_enc_bit)); + + mutex_init(&svm->snp_vmsa_mutex); + svm->snp_vmsa_pfn = INVALID_PAGE; } void sev_es_prepare_guest_switch(struct vcpu_svm *svm, unsigned int cpu) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index be820eb999fb..29e7666a710b 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1336,7 +1336,9 @@ static void svm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) svm->spec_ctrl = 0; svm->virt_spec_ctrl = 0; - if (!init_event) { + if (init_event) { + sev_snp_init_protected_guest_state(vcpu); + } else { vcpu->arch.apic_base = APIC_DEFAULT_PHYS_BASE | MSR_IA32_APICBASE_ENABLE; if (kvm_vcpu_is_reset_bsp(vcpu)) @@ -4697,6 +4699,8 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .post_map_gfn = sev_post_map_gfn, .post_unmap_gfn = sev_post_unmap_gfn, + + .update_protected_guest_state = sev_snp_update_protected_guest_state, }; static struct kvm_x86_init_ops svm_init_ops __initdata = { diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 9bf6404142dd..59044b3a7c7a 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -94,6 +94,8 @@ struct kvm_sev_info { struct srcu_struct psc_srcu; void *snp_certs_data; struct mutex guest_req_lock; + + u64 sev_features; /* Features set at VMSA creation */ }; struct kvm_svm { @@ -221,6 +223,11 @@ struct vcpu_svm { u64 ghcb_sw_exit_info_2; u64 ghcb_registered_gpa; + + struct mutex snp_vmsa_mutex; + gpa_t snp_vmsa_gpa; + kvm_pfn_t snp_vmsa_pfn; + bool snp_vmsa_update_on_init; /* SEV-SNP AP Creation on INIT-SIPI */ }; struct svm_cpu_data { @@ -630,6 +637,8 @@ void sev_rmp_page_level_adjust(struct kvm *kvm, kvm_pfn_t pfn, int *level); int sev_post_map_gfn(struct kvm *kvm, gfn_t gfn, kvm_pfn_t pfn, int *token); void sev_post_unmap_gfn(struct kvm *kvm, gfn_t gfn, kvm_pfn_t pfn, int token); void handle_rmp_page_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u64 error_code); +void sev_snp_init_protected_guest_state(struct kvm_vcpu *vcpu); +int sev_snp_update_protected_guest_state(struct kvm_vcpu *vcpu); /* vmenter.S */ diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index bf4389ffc88f..dbb8362cc576 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -9576,6 +9576,16 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) if (kvm_check_request(KVM_REQ_UPDATE_CPU_DIRTY_LOGGING, vcpu)) static_call(kvm_x86_update_cpu_dirty_logging)(vcpu); + + if (kvm_check_request(KVM_REQ_UPDATE_PROTECTED_GUEST_STATE, vcpu)) { + r = static_call(kvm_x86_update_protected_guest_state)(vcpu); + if (!r) { + vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; + goto out; + } else if (vcpu->arch.mp_state != KVM_MP_STATE_RUNNABLE) { + goto out; + } + } } if (kvm_check_request(KVM_REQ_EVENT, vcpu) || req_int_win || @@ -11656,7 +11666,8 @@ static inline bool kvm_vcpu_has_events(struct kvm_vcpu *vcpu) if (!list_empty_careful(&vcpu->async_pf.done)) return true; - if (kvm_apic_has_events(vcpu)) + if (kvm_apic_has_events(vcpu) || + kvm_test_request(KVM_REQ_UPDATE_PROTECTED_GUEST_STATE, vcpu)) return true; if (vcpu->arch.pv.pv_unhalted) From patchwork Fri Aug 20 15:59:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 12449853 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6786CC432BE for ; Fri, 20 Aug 2021 16:02:23 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 1BA1861221 for ; Fri, 20 Aug 2021 16:02:23 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 1BA1861221 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 61D9B8D0028; Fri, 20 Aug 2021 12:01:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5CCC58D0007; Fri, 20 Aug 2021 12:01:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 41F448D0028; Fri, 20 Aug 2021 12:01:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0077.hostedemail.com [216.40.44.77]) by kanga.kvack.org (Postfix) with ESMTP id 2349B8D0007 for ; Fri, 20 Aug 2021 12:01:15 -0400 (EDT) Received: from smtpin17.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id C98D41BCA8 for ; Fri, 20 Aug 2021 16:01:14 +0000 (UTC) X-FDA: 78495923268.17.7D1FBA6 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2051.outbound.protection.outlook.com [40.107.237.51]) by imf10.hostedemail.com (Postfix) with ESMTP id 6C8596001981 for ; Fri, 20 Aug 2021 16:01:14 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hwXKuvmY58bwTogxvAxV8YSvQGnrXdInFQ1g1xodGPB3xkMW724t0rlciyxP+VOR0WYTX8dVK/23DN9tuW4ntARFeSn7HyqtWoygD4pnayKr/8Yi4RehiTvz+eJo56YkOQD7rajIfyk6VL2MQxFCmEq7WfNddAGwOdeL34qH973tVr9aoVr1F/H7K4U8tRynxPpkuvRWK8L7zMttJcK8rvw10iLkasOW2ZgZ78DigF9g2kNLVcne8txooiaCmeLnyLkbh7KBKehww3wqnbiZTslmEw/Cxn3mbEFWlVo/DrrdSJfIhfDbOHjjcCp79s0EeXxC2ErGYqifyxats4/xGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pNxh+iPFc7gj7fjVPpyPybIIus+xmeFB09nTxgEXS4M=; b=Y3+oSAtDGOlwSPb00L7YHiJ4B6OWPbw+aeLmqepqEBqedS7Aebsxd3khgcvyxDZWtXRKcSBQwzbh0gh/IBcscHPrtdBg55ROiYgXJ5tj/X+rkPGCJ4XrYlQgApymFs3DSBqe+rYwUU1qlF+7iycwmr0+n8Ud6rCVKVIx+Mqhv69WdG1k+VLxgfizV8RK2BCbMpzHPVG9I5LFV+kA/6FTDz923zSnGlD/XfJbPmIDzGLaQpMz4iTGrSr2xLKifXEb9chqOIqy2EX11vIpQI8wCXBQJTZ7psIp34ZqfpjFjqpeo+vj+d/rzb5/UxRfhzhyBQtWPD5Y+AIdE3AfhIDo2A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pNxh+iPFc7gj7fjVPpyPybIIus+xmeFB09nTxgEXS4M=; b=pMtrgCBlDIh7WeOiDqcuO17PlFCi5eQb0z/ffQuV60agO1QlAkVek1gNkCCBxGjKrHBD1EjhU3mOkyuUiNmw5XTndCbyLRfBtncQJ+cF5Z6c8eUbBuYwcNKGE8/DyA/Udj4ew5NuxiN4gY+vqNXz7C5eAiCIAgtiF/Pzcx7uwoI= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4509.namprd12.prod.outlook.com (2603:10b6:806:9e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 16:01:11 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4436.019; Fri, 20 Aug 2021 16:01:11 +0000 From: Brijesh Singh To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, Brijesh Singh Subject: [PATCH Part2 v5 45/45] KVM: SVM: Add module parameter to enable the SEV-SNP Date: Fri, 20 Aug 2021 10:59:18 -0500 Message-Id: <20210820155918.7518-46-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210820155918.7518-1-brijesh.singh@amd.com> References: <20210820155918.7518-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Fri, 20 Aug 2021 16:00:49 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a6b9b0f6-6fac-40ad-672b-08d963f3ae99 X-MS-TrafficTypeDiagnostic: SA0PR12MB4509: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5797; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 2V5HZHsADss/CtDzuwParXtu4Njee156SYo3atFQcEuIllRtvF27AOLXlduRr6Kp7a+itH61EF8b2NvlXSlrgKzmEwgq4sdPuJ7lBBzTHOYRqCeQvJGGykkBkeVS3pdz4EJc6MIB663Jqh6SXSfC/d/mZVhAWZe3o3AcgocL1KoZ70AXQQkyEBsTmFlJ9ZxXVh5Tr4cOVMBsBLSfnff5KqUWFvngJ4QvuM2w4z/YG2kLC1ghC9ynN5HZNcKll1QVCZ7Xl1K3jLezvseSNSeZ09Wv/0Q08gUQqQdKqLc6gMuzhtJy5Ar95R4dqYmokHBWZUrjMrY4qcapvWnpszg6PKZWz1XoSALGGdc0N8XwzQjRNrMqa4L0+NUdNL+n9dtEvBXdYtarsdXxM6Dd1JJTzqsJZm1lF7tyougqDgkdAS3ecl2NKT7xzM5CNRKAmhteA4igmNT58mhSSMooGimoZCBvnbJKoTvlz9zrjbfpQk2Abu9pr3HXfUqm5zI8X2B6SCichJmHovs5tQSBogY0Itjq8dOQhKF2DKOsWOUNjdxfyfTmv6hqitUN5osqrfr6qJq+Z0YrqaeXuvrDzZ4Wj4VssfVTf3k0PUkieWDsvzWMlJq19Ommg5aEkQgRPBzgFW4de1pzA+DneXAocf1S1ozZ+Cbx3ewchtIFv5wN+niPz8nkJ117tFQQcTBI/PlwKmdEfxQvHgNncIBbh1eKXw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(508600001)(4326008)(36756003)(7416002)(44832011)(54906003)(316002)(66946007)(66556008)(66476007)(86362001)(7406005)(956004)(6486002)(2616005)(2906002)(83380400001)(38350700002)(38100700002)(186003)(5660300002)(8936002)(52116002)(1076003)(7696005)(8676002)(26005)(6666004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: tVGClb7fi0ufWF6CVKpJ/q7AaishPnuj+lu8Tuwhuz5h8UTOBLl9PBDdNOnW+h5jhHXjqUmF9W4WYvHe3eqSXGz0wB2eJpCPleKn8VfrRdjouSoNdVF9N3NawWWieuAtRk45c2N8bbUAj/UV3SEa1nKiN+lZrk4k3CjnMgJYVrP/7Ug1VWVcaLK+wk+rebXS9zxcmUjoVC0v5KU6LYx6G0ZE/JeroqfAesPDJxp1CM+wibcnvVYUp3mIg5QP8Fg7CCKn+ktoco8rpGazDWjhAOJxNIFSHFTSBX4A8qSAgpYU5j3urtx1lJWkosCWZzSDG0FmY0UK3s48/ZeogeOpSQDqO7f4nY4kd6370nIHaXVt47C879y9dm5fJSfi8bsU3lBcPL0h6h151CkUhUsNZTZjfIdPK9EWysqCGKWg8gv6x8canjgTWIllBq7JmYQGg4LaX6H8D0z1UgjhaFANJEyr/v7yT1VMuItG2Olcxs11rHvi6BixYe0NqVeoHBH+69qQAKiTzRmVQahmAgQjjAA5w020RgujRkTjyHVTnaXjjjwczA/pqrnAMPOYu1yumncyHVgdVduZAQCWeHT2nVqb7Lmq8OzgSK6lbDYBW6Z+iQ7rHa3AqdXNwQLwUHQnDE2euYSb2FpXog2s5RZp3b2S8oa7gph46/U+vknHnBOZwt5STZWv1WGm9d8fRmNGlT/yBfucXc9SKLOxfwsj2EH6cii0eUFxZ7PF4C/1qi7zPvm5LTDX+LewCnG/SW2N5ziP3Z/XaB/jrqvMsSA6t/m9um7+/kcqOZHpKiJK6vhgYzSxDE4INB2KynnZQJk8rtdqFCuDAZRpp2Wiu6faplcljv96vCZkXsmfiXOpdGTuKm5DBpN7AtJQlcq5+2wBd2GNybVfxtczwzVtKcowRfBPZXgWLeiDJgOkwPjD+xcf8xIvbXNsmRKrujo7H1TFoNEIqjuKMcyflnJedgedmdVYfvXe/2fPTPkEA8+UnfDAmz54otQKrXrR880lbjETULXYARtsEXlc8ywaOJrWvuRlI1wdSbuIq86A4oMdyg++7CIqUPHhYqWWHqunby40/jQQvXapsJDImflaxxwVLvIzzqycmeP5FPn0zi8dghYF9BAJTyxmu7O6SC3yO9L6rgdzP+vC6nG+tto8leRnBb2u/uvG907xeDUW6qVJeAV4ScvSHCyxMgEikZ7vdeUXYp3+CEsNkj8zxUiOVe6R3xNZKC4jYWEXRLYpSh6wCngshTDatuiR+v1A+eIroyM3zZ1AhKsRRw0qp5OsJ7sRy7+/cdcrqSgQ4qbLbEGKpNfd+uFGYSycuzLHWUf1ZSTa X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: a6b9b0f6-6fac-40ad-672b-08d963f3ae99 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 16:00:50.8956 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ISmLP5CVBlVwdJssJYG77YIYuAI0jrytQsWay2HGyE8Fiy5HLU8bbk44onWX+5LWbjhUKD3XmoC/THCMh1nWxQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4509 Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=pMtrgCBl; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf10.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.237.51 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com X-Stat-Signature: 3atpei56qr8nifmj6ut6wtqzi4hc6b9e X-Rspamd-Queue-Id: 6C8596001981 X-Rspamd-Server: rspam05 X-HE-Tag: 1629475274-799861 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add a module parameter than can be used to enable or disable the SEV-SNP feature. Now that KVM contains the support for the SNP set the GHCB hypervisor feature flag to indicate that SNP is supported. Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm/sev.c | 7 ++++--- arch/x86/kvm/svm/svm.h | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 151747ec0809..0c834df3f63c 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -59,14 +59,15 @@ module_param_named(sev, sev_enabled, bool, 0444); /* enable/disable SEV-ES support */ static bool sev_es_enabled = true; module_param_named(sev_es, sev_es_enabled, bool, 0444); + +/* enable/disable SEV-SNP support */ +static bool sev_snp_enabled = true; +module_param_named(sev_snp, sev_snp_enabled, bool, 0444); #else #define sev_enabled false #define sev_es_enabled false #endif /* CONFIG_KVM_AMD_SEV */ -/* enable/disable SEV-SNP support */ -static bool sev_snp_enabled; - #define AP_RESET_HOLD_NONE 0 #define AP_RESET_HOLD_NAE_EVENT 1 #define AP_RESET_HOLD_MSR_PROTO 2 diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 59044b3a7c7a..9d6c51e92a79 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -608,7 +608,7 @@ void svm_vcpu_unblocking(struct kvm_vcpu *vcpu); #define GHCB_VERSION_MAX 2ULL #define GHCB_VERSION_MIN 1ULL -#define GHCB_HV_FT_SUPPORTED 0 +#define GHCB_HV_FT_SUPPORTED (GHCB_HV_FT_SNP | GHCB_HV_FT_SNP_AP_CREATION) extern unsigned int max_sev_asid;