From patchwork Fri Jan 27 02:52:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 13118137 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 20587C54EAA for ; Fri, 27 Jan 2023 02:52:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233569AbjA0Cwz (ORCPT ); Thu, 26 Jan 2023 21:52:55 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60852 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233082AbjA0Cwx (ORCPT ); Thu, 26 Jan 2023 21:52:53 -0500 Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E931E1207F for ; Thu, 26 Jan 2023 18:52:48 -0800 (PST) Received: by mail-ej1-x633.google.com with SMTP id tz11so10374165ejc.0 for ; Thu, 26 Jan 2023 18:52:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=profian-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=IvDB910gEnDe36r/d/OlU/tDXP9cfG+XamOvClg0hhM=; b=BzSw5d6UEYdPaSMNL7TRDHRg+ZiCgJhM58Jauidl5iIaudeSgClPDXxx846FiEkusi k/9e4Ovl0cC2wEel4w44fQzwZaTO1P+Cm9ceYmOPGj03Zru3OuNZ9RoYAbqURRXt3xuB yzvpdv6WE6a1KiwnKep0F2tB7jwUwAg/RE/EK707Mxc0TqfXsE251OjEGdpMdoni1sPR J7HzYf81LXJhDwM/5QypcRYkpA5JlXwP3PZ2Gyf2cyRUNw2x5q5pmlQXjy/oTIks+qh+ AWCTCnJhGP6LLtDorft9W+u7/V0EmZRUZckUUKBbiSu7MCr0eoUu/BC8JaT+eEuppzNO jL5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IvDB910gEnDe36r/d/OlU/tDXP9cfG+XamOvClg0hhM=; b=0zjbyA0NApx9C/cMGVVF32WOEDoDVhOUc2TT5zULbSiIpMCZfyhsRaNiD3Eb72yvWP W0WJ1hTd+i3UoqqVUg+ShAFSMEfNfXOflEwDNKCtY5mIpJVy/4pp/qghrWAZRlSFT422 KDLSZpAAfxsg+ysda/ptYWyNbZoyyHFo7x8Pxb05UhXCKD5O5zsgQRbC4FDpRw3cBQt6 uZGCj6HZeqqxbVQwumiNw5MZ1dxw0Q4uoIFjC9bQyx5hMlj/NPsNr05Vq/oQJSJz+vs5 aqKfAyfjLnP0EslMckYZAWtSV7m3nge2Vegw9+Ym5i+c7R+UipZXwRf/lAtFum+dxiwb Rhcw== X-Gm-Message-State: AFqh2kr+hr9ViIQsx8iw0V4sO0QBABKPwMtnsq5ZJUJMFdnLUMH+o4M1 gN+G/zxiqV7nKEmAlqleM/San0VLwZRRfNGEHg2BiA== X-Google-Smtp-Source: AMrXdXsspIeDg5UBSefPlJ9BA3aTdIjSp6b+qGoQ7eX8kyEz4T9uIsYKYt+oGstAiBvvqnlrjFh5og== X-Received: by 2002:a17:907:7248:b0:872:b1d7:8028 with SMTP id ds8-20020a170907724800b00872b1d78028mr53553920ejc.3.1674787967402; Thu, 26 Jan 2023 18:52:47 -0800 (PST) Received: from localhost (88-113-101-73.elisa-laajakaista.fi. [88.113.101.73]) by smtp.gmail.com with ESMTPSA id fp35-20020a1709069e2300b00878683acac3sm1448899ejc.112.2023.01.26.18.52.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Jan 2023 18:52:47 -0800 (PST) From: Jarkko Sakkinen To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" Cc: Harald Hoyer , Tom Dohrmann , Ashish Kalra , Michael Roth , Tom Lendacky , Jarkko Sakkinen , kvm@vger.kernel.org (open list:KERNEL VIRTUAL MACHINE FOR X86 (KVM/x86)), linux-kernel@vger.kernel.org (open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)) Subject: [PATCH RFC 1/8] KVM: SVM: fix: calculate end instead of passing size Date: Fri, 27 Jan 2023 02:52:30 +0000 Message-Id: <20230127025237.269680-2-jarkko@profian.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230127025237.269680-1-jarkko@profian.com> References: <20230127025237.269680-1-jarkko@profian.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Dohrmann The third parameter of `kvm_vm_do_hva_range_op` doesn't take the size of the range, but the end of the range. Signed-off-by: Tom Dohrmann Link: https://lore.kernel.org/lkml/Y6Sgwp%2FBofzCUrQe@notebook/ Signed-off-by: Jarkko Sakkinen --- arch/x86/kvm/svm/sev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 855f5e702240..d3468d1533bd 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -500,7 +500,7 @@ static int sev_get_memfile_pfn(struct kvm *kvm, unsigned long addr, unsigned long size, unsigned long npages, struct page **pages) { - return kvm_vm_do_hva_range_op(kvm, addr, size, + return kvm_vm_do_hva_range_op(kvm, addr, addr + size, sev_get_memfile_pfn_handler, pages); } From patchwork Fri Jan 27 02:52:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 13118138 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C0530C61DA4 for ; Fri, 27 Jan 2023 02:52:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233616AbjA0Cw5 (ORCPT ); Thu, 26 Jan 2023 21:52:57 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60868 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233117AbjA0Cwy (ORCPT ); Thu, 26 Jan 2023 21:52:54 -0500 Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [IPv6:2a00:1450:4864:20::630]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 67494196BA for ; Thu, 26 Jan 2023 18:52:50 -0800 (PST) Received: by mail-ej1-x630.google.com with SMTP id k4so4719835eje.1 for ; Thu, 26 Jan 2023 18:52:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=profian-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Ndi8r0k5qmI5H0mD72hydSKAWjCqri28uGHpAKNsfwI=; b=J+MEjZcEMAozPoJMzOMGFuLh/rXFwKnSkJCp7M6wYzV1qCJ411aGKRONcTDWmZnpQt 60GCM69y32AM+8403zNk7TEwhFLcnZy+uTOYTZ1csLL8Fazp3sJQ5I7pPU6hL+Ma0CoL XooGUzX2iRIgrCoeTjE/d35TENVosv26T/K+nOae75Yw6bkPgRzg2pEemK9qr7oQ8DTK pWncSuCGRMmjNPAdPHAo+UypK/FBOhv2CuKtDMpKEIi9jjJqnfewmFdXlqd0s/H2lIGT 4dzc6RYV6rxqX7ECkEfB/AjYfGeLoIQrLco7rH3EKPXErc10gO2zX0k4r4GFrQwq698Q ZSdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ndi8r0k5qmI5H0mD72hydSKAWjCqri28uGHpAKNsfwI=; b=zJQOZk2i9wIYfEN5hKXgeOwD+kl8EufQgNU3DZlMh23MxKl5q692NyWq7SGhWr95jk Q780MiV02I+A/D6FVXjcdqboZHjRPOt2GyllhUV/Pjx4pdb6gkZaqo6s16M4lstgxB9D wEzbXU7j3sSe0xzhfWcBCreMFmIkVjmUYZtZWGFYsks2TsRJY5/dfitc5RQ6RX9Y1zS+ 61exog5MmIEXEO7/cx6IjQrXpeMZgDlmWWFX4eUVbbxyYzKnYhWK/5cIUQ4detNOf6La bj/JosY9ZCs7wQGhzew/YY/yeDjH7PT7q5Nwh+IPHY2yqMWi6HAndaXN0JTLsyzf8WjF NDjA== X-Gm-Message-State: AFqh2krCiZ/GlCugXpnLgyAwGJdvgGrRSVlecX02WLagZOtdvQtf259B a1GosjO9CU9TULA6D8NJaU4zzA== X-Google-Smtp-Source: AMrXdXu57VRGjXM7FMcpSFGz84LKNvBjg3pMXc2fVdX3CF8xPg1MMVN07PY+9CCaJ4FuB43Vd0BIVA== X-Received: by 2002:a17:907:8c14:b0:84c:e9c4:5751 with SMTP id ta20-20020a1709078c1400b0084ce9c45751mr41792387ejc.74.1674787968997; Thu, 26 Jan 2023 18:52:48 -0800 (PST) Received: from localhost (88-113-101-73.elisa-laajakaista.fi. [88.113.101.73]) by smtp.gmail.com with ESMTPSA id z16-20020a170906945000b0084d46461852sm1432144ejx.126.2023.01.26.18.52.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Jan 2023 18:52:48 -0800 (PST) From: Jarkko Sakkinen To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" Cc: Harald Hoyer , Tom Dohrmann , Ashish Kalra , Michael Roth , Tom Lendacky , Jarkko Sakkinen , kvm@vger.kernel.org (open list:KERNEL VIRTUAL MACHINE FOR X86 (KVM/x86)), linux-kernel@vger.kernel.org (open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)) Subject: [PATCH RFC 2/8] KVM: SVM: fix: initialize `npinned` Date: Fri, 27 Jan 2023 02:52:31 +0000 Message-Id: <20230127025237.269680-3-jarkko@profian.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230127025237.269680-1-jarkko@profian.com> References: <20230127025237.269680-1-jarkko@profian.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Dohrmann If UPM is enabled and getting the PFN fails, `npinned` is never set, but is read for the call to `unpin_user_pages`. Link: https://lore.kernel.org/lkml/Y6Sgwp%2FBofzCUrQe@notebook/ Signed-off-by: Tom Dohrmann Signed-off-by: Jarkko Sakkinen --- arch/x86/kvm/svm/sev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index d3468d1533bd..6d3162853c33 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -510,7 +510,7 @@ static struct page **sev_pin_memory(struct kvm *kvm, unsigned long uaddr, { struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; unsigned long npages, size; - int npinned; + int npinned = 0; unsigned long locked, lock_limit; struct page **pages; unsigned long first, last; From patchwork Fri Jan 27 02:52:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 13118139 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A8D74C61DA7 for ; Fri, 27 Jan 2023 02:53:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233626AbjA0Cw7 (ORCPT ); Thu, 26 Jan 2023 21:52:59 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60888 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233236AbjA0Cwz (ORCPT ); Thu, 26 Jan 2023 21:52:55 -0500 Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 009D924117 for ; Thu, 26 Jan 2023 18:52:51 -0800 (PST) Received: by mail-ed1-x529.google.com with SMTP id u21so3618948edv.3 for ; Thu, 26 Jan 2023 18:52:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=profian-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ytT3Q0695m5Y9Xvmkrg+w4EmcEmCVa0jLjn4WfE//S8=; b=KJ38u2Xmat3lo0fPE4H3YTxidKGLp15TIOWnYppX3OUcz/f7hOQYnF8lPZWfoGQLDt KoPrbu4E1t2dc/rpiABw6JqFH9d5DSX3OtvP+z1nPVa/6MG1pzxfxGGM2yAEae3XAnbJ oK8RexGFhpDzXdvPxwPnRiz8BBZUXtC/luz+uiW2DOq9oLRg5yWw0xGWWjhMRnl1vV65 WqjLRXn8bNUcPjioT4VcoVBhLED24zwc/Njr8K+/i4UkIcYsY1c4hCud+a3BAb5gT8Cc a82U8FqFvx/WMGw10WGey9tl98iidA/qis1WbV2Z/d3Xy273+jvhYjmaLuwYW2qxoikR gRtg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ytT3Q0695m5Y9Xvmkrg+w4EmcEmCVa0jLjn4WfE//S8=; b=SNco5D5Ai60HYlmhV6C5UbK1kHlyvhsKmpUYSTiE11RnucdoKGefEBLFliKfKaJFMK m4ibt0DFk0cBUQX+nmIiqJtIKmbOUuPLVPaHC8KPeRxE5dtC9XcgfUKwTLCCTldX8BjP F6FGCopSd8VMCeauweWDFCsNLClau78RAapT9TuvBmXoPXTn0RLGkdX700QdwCKXhsnd BcGYIjx2UM6UIyVllG1q82jOCAvhUx1xmRfyeEZOF1NxEnNrMoWtsor2JPr00zTGr/wP EtXJ0e/lXeqXEDlBkx3NP611jYKOJlJtlblpLT+8i6hn2/+sMl/eX2sPJ5nJke9rWrap H68g== X-Gm-Message-State: AO0yUKXYLxKqPR6xBcoaCTfaiKVkJDz+3aRqO9vjl9ppzQz9TKRAFfOS 098WecGUPZEjRDYnF4AnrcXImg== X-Google-Smtp-Source: AK7set+nkhdtXFrQNgkvDYB8ZERdEObgycOgQtX+MVNSxiQIRYslKQ+vrTeV6GnYBIvkirdHfAsx7g== X-Received: by 2002:a50:9eef:0:b0:4a0:8fc4:6be8 with SMTP id a102-20020a509eef000000b004a08fc46be8mr11338521edf.26.1674787970574; Thu, 26 Jan 2023 18:52:50 -0800 (PST) Received: from localhost (88-113-101-73.elisa-laajakaista.fi. [88.113.101.73]) by smtp.gmail.com with ESMTPSA id s13-20020a05640217cd00b0049c2b02bad4sm1059790edy.88.2023.01.26.18.52.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Jan 2023 18:52:50 -0800 (PST) From: Jarkko Sakkinen To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" Cc: Harald Hoyer , Tom Dohrmann , Ashish Kalra , Michael Roth , Tom Lendacky , Jarkko Sakkinen , kvm@vger.kernel.org (open list:KERNEL VIRTUAL MACHINE FOR X86 (KVM/x86)), linux-kernel@vger.kernel.org (open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)) Subject: [PATCH RFC 3/8] KVM: SVM: write back corrected CPUID page Date: Fri, 27 Jan 2023 02:52:32 +0000 Message-Id: <20230127025237.269680-4-jarkko@profian.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230127025237.269680-1-jarkko@profian.com> References: <20230127025237.269680-1-jarkko@profian.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Dohrmann When doing a launch update for a CPUID page the firmware checks that the values conform to the policy laid out in the processor programming manual. If the values don't conform, the firmware will return SEV_RET_INVALID_PARAM. In addition to returning an error the firmware will choose some acceptable values and write them back to the page that was used for the launch update, so that the VMM can inspect the changes and try again with the corrected values. This is specified in section 8.17.2.6 in the SEV-SNP Firmware ABI spec. Because launch updates are always done on the private UPM mappings, the pages are first copied from the shared mappings to the private mappings. When the firmware corrects the values, the corrected values are in the private mappings, inaccessible to userspace. In order to make the corrected values accessible to userspace, the page containing them must be copied from the private mappings back to the shared mappings. [jarkko@profian.com: fixed checkpatch.pl errors] Link: https://lore.kernel.org/lkml/Y76%2FI6Nrh7xEAAwv@notebook/ Signed-off-by: Tom Dohrmann Signed-off-by: Jarkko Sakkinen --- arch/x86/kvm/svm/sev.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 6d3162853c33..4a8e552d8cfe 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2230,6 +2230,23 @@ static int snp_launch_update_gfn_handler(struct kvm *kvm, pr_err("SEV-SNP launch update failed, ret: 0x%x, fw_error: 0x%x\n", ret, *error); snp_page_reclaim(pfns[i]); + + /* + * When invalid CPUID function entries are detected, the firmware + * corrects these entries. In that case write the page back to + * userspace. + */ + if (params.page_type == SNP_PAGE_TYPE_CPUID && + *error == SEV_RET_INVALID_PARAM) { + int ret; + + host_rmp_make_shared(pfns[i], PG_LEVEL_4K, true); + + ret = kvm_write_guest_page(kvm, gfn, kvaddr, 0, PAGE_SIZE); + if (ret) + pr_err("Guest write failed, ret: 0x%x\n", ret); + } + goto e_release; } } From patchwork Fri Jan 27 02:52:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 13118141 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 46538C54EAA for ; Fri, 27 Jan 2023 02:53:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233689AbjA0CxB (ORCPT ); Thu, 26 Jan 2023 21:53:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60900 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233034AbjA0Cw4 (ORCPT ); Thu, 26 Jan 2023 21:52:56 -0500 Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B489230EE for ; Thu, 26 Jan 2023 18:52:53 -0800 (PST) Received: by mail-ej1-x62e.google.com with SMTP id ss4so10141444ejb.11 for ; Thu, 26 Jan 2023 18:52:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=profian-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=CddQErLZQUqzJ4JuQJZGKMscCAWt3xyB51w0UB/F/4Y=; b=kH4oY/ZOQrOobQ3B+Bf8tsG32rmCOtx/7K7LHHHprtnCAiu9QnEy5ayScTxTU9NgQA /7F9kZcxLnZT+DZzpPzOMzdFTTjrGvdED4EoCCa4qfw/xoFeSPg1E0B1nJCgjgd80sLy r5OHm6I+Fs3WXGMxWHpBXdGqkH7JamSjcCFJf/krHryU2s/W9rBfuDQOgvsPLKBzECD5 lCLFoWq/ZsRNve7bStPfCkxTjHBJqMIP4Sl1ZYeo1kMO9KoroYkncuLsLY508VsNUzYX yGSg4vgUv7khqAH9zXxwuGBCyGp37fulsHXbrvUFkxgcbF1GulTzNcr6CVRlww746PsO w80Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CddQErLZQUqzJ4JuQJZGKMscCAWt3xyB51w0UB/F/4Y=; b=tVP81u0TR7/LEmuYePc5rCIbxj8/rxSQhP6yb7Jz3k1Z+Fs19BTBxNOpHc4uz4yjrC oANakeUq1nzpFj+T9lzfB0N9DTw77XomOpJgCw9v734gJ1HGi68qoi+7C6yg1uRZTLjr a+VUgapsST6aisSvjwGcC3R4CY44aAv96uUYpJN/4AKJKi8VqWfjjHObkbl4DXtxFaCD R/Q8V+F8Tlu19VpLnz5tetp/euGq0KaUErpfHC0r2mp88FulcNHQSiENeiTJmD9KMVg9 KHb9TSfwQIv/HhMPwNRPOPRAHLYzNSC4lYU7ruHnmbJdeQ8ySOhl4nOulDqsFsUUDGdD uOpQ== X-Gm-Message-State: AFqh2ko6ZyzUEl1r29vgrXx5rXfK/VleHcj5xUQn5//UREc0EOusuX0e X2vFSFa4BieNc8FEgKgmXLFFog== X-Google-Smtp-Source: AMrXdXuAWQzArAbvAAsLkye6IlD5SsOaf47lxDv75lwS+5kpdSS3xwCz3jSPIgVGsFJ6/mgm8SfYqA== X-Received: by 2002:a17:906:b317:b0:84e:d302:1551 with SMTP id n23-20020a170906b31700b0084ed3021551mr40573780ejz.37.1674787972093; Thu, 26 Jan 2023 18:52:52 -0800 (PST) Received: from localhost (88-113-101-73.elisa-laajakaista.fi. [88.113.101.73]) by smtp.gmail.com with ESMTPSA id kk4-20020a170907766400b0087943d525e1sm619768ejc.215.2023.01.26.18.52.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Jan 2023 18:52:51 -0800 (PST) From: Jarkko Sakkinen To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" Cc: Harald Hoyer , Tom Dohrmann , Ashish Kalra , Michael Roth , Tom Lendacky , Jarkko Sakkinen , kvm@vger.kernel.org (open list:KERNEL VIRTUAL MACHINE FOR X86 (KVM/x86)), linux-kernel@vger.kernel.org (open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)) Subject: [PATCH RFC 4/8] KVM: SVM: fix: add separate error for missing slot Date: Fri, 27 Jan 2023 02:52:33 +0000 Message-Id: <20230127025237.269680-5-jarkko@profian.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230127025237.269680-1-jarkko@profian.com> References: <20230127025237.269680-1-jarkko@profian.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Dohrmann The next error message uses slot assuming that it's not NULL, but that's not always true. A separate error message is used when slot is NULL. This can be triggered by a malicious guest that sends an `SVM_VMGEXIT_AP_CREATE` ap creation event that points to an invalid AP VMSA address (one that isn't mapped). Currently the kernel just copies the values provided by the guest into `snp_vmsa_gpa` (see arch/x86/kvm/svm/sev.c:3930). This value is directly passed into `gfn_to_pfn_restricted` in `__sev_snp_update_protected_guest_state` (see arch/x86/kvm/svm/sev.c:3792). Signed-off-by: Tom Dohrmann Signed-off-by: Jarkko Sakkinen --- arch/x86/kvm/svm/sev.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 4a8e552d8cfe..d76127f1499a 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3745,6 +3745,11 @@ static kvm_pfn_t gfn_to_pfn_restricted(struct kvm *kvm, gfn_t gfn) int order = 0; slot = gfn_to_memslot(kvm, gfn); + if (!slot) { + pr_err("SEV: Failure retrieving memslot for GFN 0x%llx\n", gfn); + return INVALID_PAGE; + } + if (!kvm_slot_can_be_private(slot)) { pr_err("SEV: Failure retrieving restricted memslot for GFN 0x%llx, flags 0x%x, userspace_addr: 0x%lx\n", gfn, slot->flags, slot->userspace_addr); From patchwork Fri Jan 27 02:52:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 13118140 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 306DDC61DA4 for ; Fri, 27 Jan 2023 02:53:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233742AbjA0CxC (ORCPT ); Thu, 26 Jan 2023 21:53:02 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60928 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233629AbjA0Cw6 (ORCPT ); Thu, 26 Jan 2023 21:52:58 -0500 Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6ACD512588 for ; Thu, 26 Jan 2023 18:52:55 -0800 (PST) Received: by mail-ej1-x632.google.com with SMTP id mg12so10199858ejc.5 for ; Thu, 26 Jan 2023 18:52:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=profian-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=StelL4wsO29LR8nB0aGR0Fd/rNc2KxKHeacoJZC3JEA=; b=rJPQ1b6n0TTbKa5oK/yEhAGlz4YH8SVPWpbWnyQ3ZOZ+zg7bHARRXawA87PyJNj8Yy QlezLMi1bWPLnqdnvRqG1xVJRLKrMVQkd8DkzwY1wmLwJGf2SUiRqxctW8Bn/A+Rvz71 T/MPOQGcE4oUcTGpkKa7tNoexZ17HV57voQOykxUUTBFIwKNV1AkG5T3ffe4LGuCyIha g5aEIEE051Id2bzB9KSImREqwJFuwOWMRW1Xr5GCByxoFOBAJuk431jxI+2EJNJKZy+2 1KPFa0p2umXyjVRwvZlQNj8TMOD+7B3vrNRj2JfNMQY/soM1x9VEWyfOWX1V97YNBg6p FXCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=StelL4wsO29LR8nB0aGR0Fd/rNc2KxKHeacoJZC3JEA=; b=GF+l0yC7lNopSKVv0gUTFpCFyKKgA06Z4+B+iOaj64lEQYk3z0hL0mkCZCWeDtieiK MI7l1o5iGVLRHN0qjsohAIK0m4OHWQM6j2aHmWAE1YhYNyUKcW2tajDDI6nug/YStxyV qiO9AAEWNJAKEsojA5O9x36rP7cuhPtl2SDDdlYTOa66sokMxbLQxdBgtsccQN1XoRjx 3mtzsx9g8kq0I5e8JXxbyMq3/6M09xgQbEy/BulOp5f7zR1Mufh5wX7I63IoQBi/hOKD a0Z8zV0mP4CUh0lPkNqcyVTXq0TWk/Ou2XAmE9czXLp9jFQvdk0ud7RoNW0pa0ZR7hyg 6VHw== X-Gm-Message-State: AO0yUKWpiahfqEboc8LwgGQ1+99zAi6eYxuE6YU7H3JCUobb61V+Vmyh g7SGKsPcJU7R/TllkAsAJd5OLw== X-Google-Smtp-Source: AK7set8X1Dv3Pb3VVVFTanpM/yt9cJ2b7ru1LxBQY2X1BhqvYX8iVppND7RNqHfvHs5TfePKFulUeA== X-Received: by 2002:a17:906:6582:b0:878:61d8:d7c2 with SMTP id x2-20020a170906658200b0087861d8d7c2mr4346366ejn.39.1674787973865; Thu, 26 Jan 2023 18:52:53 -0800 (PST) Received: from localhost (88-113-101-73.elisa-laajakaista.fi. [88.113.101.73]) by smtp.gmail.com with ESMTPSA id e6-20020a17090658c600b00878621bd86bsm1452083ejs.164.2023.01.26.18.52.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Jan 2023 18:52:53 -0800 (PST) From: Jarkko Sakkinen To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" Cc: Harald Hoyer , Tom Dohrmann , Ashish Kalra , Michael Roth , Tom Lendacky , Jarkko Sakkinen , kvm@vger.kernel.org (open list:KERNEL VIRTUAL MACHINE FOR X86 (KVM/x86)), linux-kernel@vger.kernel.org (open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)) Subject: [PATCH RFC 5/8] KVM: SVM: fix: Don't return an error for `GHCB_MSR_PSC_REQ` Date: Fri, 27 Jan 2023 02:52:34 +0000 Message-Id: <20230127025237.269680-6-jarkko@profian.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230127025237.269680-1-jarkko@profian.com> References: <20230127025237.269680-1-jarkko@profian.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Dohrmann There's no reason to return an error when encountering an page state change request (PSC request) because that's normal behaviour on the guest's part. Instead 0 should be returned to cause a VM exit so that userspace can handle the page state change request. Link: https://lore.kernel.org/lkml/Y77J7C2E9Xd1QcmZ@notebook/ Signed-off-by: Tom Dohrmann Signed-off-by: Jarkko Sakkinen --- arch/x86/kvm/svm/sev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index d76127f1499a..899c78d03c35 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -4068,7 +4068,7 @@ static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) vcpu->run->vmgexit.ghcb_msr = control->ghcb_gpa; vcpu->arch.complete_userspace_io = snp_complete_psc_msr_protocol; - ret = -1; + ret = 0; break; case GHCB_MSR_TERM_REQ: { u64 reason_set, reason_code; From patchwork Fri Jan 27 02:52:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 13118142 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D7FE2C05027 for ; Fri, 27 Jan 2023 02:53:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233772AbjA0CxF (ORCPT ); Thu, 26 Jan 2023 21:53:05 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60940 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233640AbjA0Cw6 (ORCPT ); Thu, 26 Jan 2023 21:52:58 -0500 Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 344E719F1E for ; Thu, 26 Jan 2023 18:52:57 -0800 (PST) Received: by mail-ej1-x629.google.com with SMTP id mg12so10199962ejc.5 for ; Thu, 26 Jan 2023 18:52:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=profian-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=vFl4aAkNuRJwuV+yijx1mZpq5rU6zcwQKFNa9OgHXqU=; b=YVslWkms7rDncNGrn9vFPojszwgWmGX4ezQ62cWyAu0GeGdu1kvf0HfixbbURIFs31 xQJyzygUqO/JqH93z9MF3fP04u+/xIJnoewATn+ynqUwuXfoSOTBifUMnKH4ckYrvmBg EgtJdvhTLf0OyZ78zsOvevf4W0nSnguRzpKOKQEAQEgsZLOHSwSfDdpE/5cpBxIz3fn1 pWqlBPUALfKnFFz2/rB2GwYgShNW5bzuiVSq12lo0tgRRXw5QzxWq8oqMINV5TWCLcas O2uASy/bTBYyX2IZE/Pqb0J6MBo2gwgxUc+6txoDujQLd1ujJqUV3yx1ZehtXXqug/Gf h07w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vFl4aAkNuRJwuV+yijx1mZpq5rU6zcwQKFNa9OgHXqU=; b=XNWEpfL18m0140DEJyITi+CsWbbXRtXXX+tYKdenXQ0Bu9uIg8/yldDSjRG7+kmtfn yDdryKso1DcQ+Efa4EEM79H6n+/pY5C1HqMnC25GufVTPkJLp1M5SvrIf9aYd4d6xUih egikDHotc+TmSbH9Uzn71f4P1WweyHrKWNoYsScvRv8AuqJ/EhFaFa5biXcZrCLKGRGk bPI5WwXcYgxBhFAIgwJ2M7oLIHjDaGM/gAmLJydAhEkRr33y2zBTENoBcSQXEfig0eV0 9qbRaiBehLU4kS/Le0F+Bf46MsRM/VMfzaIK1XYnaWuemmgDQwrtb5sp6zgxl3nz1tHS gVRA== X-Gm-Message-State: AFqh2koWNvrTi6srUin3gA08CtrqO7tGBVCJhiBWh8vpX/QIojNlaM3b BC1dsnqz3L1q4FKbwsJN84/gnQ== X-Google-Smtp-Source: AMrXdXvv91GgHf2kgTdvEmRCRlFBjbStcdejhB101pcsENlNYr2Z7S+BA+sypZzvO+c3evXCpcEKiw== X-Received: by 2002:a17:907:d15:b0:862:e612:effe with SMTP id gn21-20020a1709070d1500b00862e612effemr57022627ejc.14.1674787975611; Thu, 26 Jan 2023 18:52:55 -0800 (PST) Received: from localhost (88-113-101-73.elisa-laajakaista.fi. [88.113.101.73]) by smtp.gmail.com with ESMTPSA id g14-20020a170906394e00b00779cde476e4sm1446776eje.62.2023.01.26.18.52.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Jan 2023 18:52:55 -0800 (PST) From: Jarkko Sakkinen To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" Cc: Harald Hoyer , Tom Dohrmann , Ashish Kalra , Michael Roth , Tom Lendacky , Jarkko Sakkinen , kvm@vger.kernel.org (open list:KERNEL VIRTUAL MACHINE FOR X86 (KVM/x86)), linux-kernel@vger.kernel.org (open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)) Subject: [PATCH RFC 6/8] KVM: SVM: KVM_SEV_SNP_LAUNCH_RESET_VECTOR Date: Fri, 27 Jan 2023 02:52:35 +0000 Message-Id: <20230127025237.269680-7-jarkko@profian.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230127025237.269680-1-jarkko@profian.com> References: <20230127025237.269680-1-jarkko@profian.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org The attestation of the workload includes the CPU state information. When the workload that was running in the VM exits, the system stores the state in the special area (VMSA). When the workload is started again, it loads the state back. This is a well-defined process and works. However, the *initial state* needs to be better defined. Currently, it is defined by kernel without userspace knowledge or ability to influence. As a result, Enarx does not know the initial state and has to make a guess whenever there is need to offline digest calculation. After all, the core idea of confidential computing that everything can be validated and verified in order to reach trust. The variation could come mainly from either sev_features and vintr_ctrl. Allow to user space to define them when the new KVM_SEV_SNP_RESET_VECTOR init flag is set but at the same time verify that they are set only to those values that kernel is aware of. Link: https://enarx.dev/ Signed-off-by: Jarkko Sakkinen --- arch/x86/include/asm/svm.h | 15 ++++++---- arch/x86/kvm/svm/sev.c | 57 +++++++++++++++++++++++++++++++------- arch/x86/kvm/svm/svm.h | 1 + include/uapi/linux/kvm.h | 5 ++++ 4 files changed, 63 insertions(+), 15 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index e76ad26ba64f..b3b7131a1ce7 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -278,12 +278,17 @@ enum avic_ipi_failure_cause { #define AVIC_HPA_MASK ~((0xFFFULL << 52) | 0xFFF) #define VMCB_AVIC_APIC_BAR_MASK 0xFFFFFFFFFF000ULL -#define SVM_SEV_FEAT_SNP_ACTIVE BIT(0) -#define SVM_SEV_FEAT_RESTRICTED_INJECTION BIT(3) -#define SVM_SEV_FEAT_ALTERNATE_INJECTION BIT(4) -#define SVM_SEV_FEAT_INT_INJ_MODES \ - (SVM_SEV_FEAT_RESTRICTED_INJECTION | \ + +#define SVM_SEV_FEAT_SNP_ACTIVE BIT_ULL(0) +#define SVM_SEV_FEAT_RESTRICTED_INJECTION BIT_ULL(3) +#define SVM_SEV_FEAT_ALTERNATE_INJECTION BIT_ULL(4) +#define SVM_SEV_FEAT_INT_INJ_MODES \ + (SVM_SEV_FEAT_RESTRICTED_INJECTION |\ SVM_SEV_FEAT_ALTERNATE_INJECTION) +#define SVM_SEV_FEAT_UNSUPPORTED_MASK \ + ~(SVM_SEV_FEAT_SNP_ACTIVE |\ + SVM_SEV_FEAT_RESTRICTED_INJECTION |\ + SVM_SEV_FEAT_ALTERNATE_INJECTION) struct vmcb_seg { u16 selector; diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 899c78d03c35..5e4666b79689 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -303,6 +303,11 @@ static int verify_snp_init_flags(struct kvm *kvm, struct kvm_sev_cmd *argp) /* Save the supplied flags value */ sev->snp_init_flags = params.flags; + if (params.flags & KVM_SEV_SNP_RESET_VECTOR) { + sev->sev_features = params.sev_features; + sev->vintr_ctrl = params.vintr_ctrl; + } + /* Return the supported flags value */ params.flags = SEV_SNP_SUPPORTED_FLAGS; @@ -785,6 +790,33 @@ static int sev_es_sync_vmsa(struct vcpu_svm *svm) if (svm->vcpu.guest_debug || (svm->vmcb->save.dr7 & ~DR7_FIXED_1)) return -EINVAL; + /* Validate that the user defined reset vector meets the expectations: */ + if (sev->snp_init_flags & KVM_SEV_SNP_RESET_VECTOR) { + u64 unsupported = sev->sev_features & SVM_SEV_FEAT_UNSUPPORTED_MASK; + + if (sev->sev_features & unsupported) { + pr_debug("sev_features: unsupported flags: 0x%016llx\n", unsupported); + return -EINVAL; + } + + if (!(sev_snp_guest(svm->vcpu.kvm) && + (sev->sev_features & SVM_SEV_FEAT_SNP_ACTIVE))) { + pr_debug("sev_features: SNP_ACTIVE is not set\n"); + return -EINVAL; + } + + if (!((sev->snp_init_flags & KVM_SEV_SNP_RESTRICTED_INJET) && + (sev->sev_features & SVM_SEV_FEAT_RESTRICTED_INJECTION))) { + pr_debug("sev_features: SNP_SEV_FEAT_RESTRICTED_INJECTION is not set\n"); + return -EINVAL; + } + + if (sev->vintr_ctrl) { + pr_debug("vintr_ctrl: unsupported flags: 0x%016llx\n", sev->vintr_ctrl); + return -EINVAL; + } + } + /* * SEV-ES will use a VMSA that is pointed to by the VMCB, not * the traditional VMSA that is part of the VMCB. Copy the @@ -820,18 +852,23 @@ static int sev_es_sync_vmsa(struct vcpu_svm *svm) save->xss = svm->vcpu.arch.ia32_xss; save->dr6 = svm->vcpu.arch.dr6; - /* Enable the SEV-SNP feature */ - if (sev_snp_guest(svm->vcpu.kvm)) - save->sev_features |= SVM_SEV_FEAT_SNP_ACTIVE; + if (sev->snp_init_flags & KVM_SEV_SNP_RESET_VECTOR) { + save->sev_features = sev->sev_features; + save->vintr_ctrl = sev->vintr_ctrl; + } else { + /* Enable the SEV-SNP feature */ + if (sev_snp_guest(svm->vcpu.kvm)) + save->sev_features |= SVM_SEV_FEAT_SNP_ACTIVE; - if (sev->snp_init_flags & KVM_SEV_SNP_RESTRICTED_INJET) - save->sev_features |= SVM_SEV_FEAT_RESTRICTED_INJECTION; + if (sev->snp_init_flags & KVM_SEV_SNP_RESTRICTED_INJET) + save->sev_features |= SVM_SEV_FEAT_RESTRICTED_INJECTION; - /* - * Save the VMSA synced SEV features. For now, they are the same for - * all vCPUs, so just save each time. - */ - sev->sev_features = save->sev_features; + /* + * Save the VMSA synced SEV features. For now, they are the same for + * all vCPUs, so just save each time. + */ + sev->sev_features = save->sev_features; + } pr_debug("Virtual Machine Save Area (VMSA):\n"); print_hex_dump_debug("", DUMP_PREFIX_NONE, 16, 1, save, sizeof(*save), false); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 4dab13084363..5dce17eefd5d 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -106,6 +106,7 @@ struct kvm_sev_info { struct mutex guest_req_lock; u64 sev_features; /* Features set at VMSA creation */ + u64 vintr_ctrl; }; struct kvm_svm { diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 48bcc59cf86b..e176d0ec6c54 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -2054,8 +2054,13 @@ struct kvm_sev_receive_update_data { /* enable the restricted injection timer */ #define KVM_SEV_SNP_RESTRICTED_TIMER_INJET (1 << 1) +/* use the given reset vector for sev_features and vintr_ctrl */ +#define KVM_SEV_SNP_RESET_VECTOR (1 << 2) + struct kvm_snp_init { __u64 flags; + __u64 sev_features; + __u64 vintr_ctrl; }; struct kvm_sev_snp_launch_start { From patchwork Fri Jan 27 02:52:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 13118143 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2FCB5C54EAA for ; Fri, 27 Jan 2023 02:53:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232965AbjA0CxI (ORCPT ); Thu, 26 Jan 2023 21:53:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32894 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233034AbjA0CxC (ORCPT ); Thu, 26 Jan 2023 21:53:02 -0500 Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C5E9C18B08 for ; Thu, 26 Jan 2023 18:52:59 -0800 (PST) Received: by mail-ej1-x636.google.com with SMTP id ss4so10141820ejb.11 for ; Thu, 26 Jan 2023 18:52:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=profian-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kGR72ilt2gtK78L/01GDQFic4BE6v4opXftOgadBZmM=; b=Lf3jMVkLYEooxOFsQ2UBYZ7oTLwkWaXYk4tOLe6s3JsN3C77zcAjpvXAn70onXf8aI pJVXZyluvJ9dCN0OyyMQxZq9gWneQ6KR6XnY/N5nJE7Q3TloRfG17rhl9s4gNf4nCTmb r24GTgiayDnc7Dm0HdQT4rSE5GJd3sclsvUM9mMt9YdNqHxvy5CYiarzSMgkppqwDtWS 1mW9r/B1IL5wW//yCuHE0dOkURdYDtR/+KoeBX9lgBh32gm2HiM0J45bb8BrLQYDwUlT We7kQesXgNwG59l6Ag5eEAO9ZydgPdrSVGgmiY4oLyDg49GLbWLf8ecDvLU9BxLYCJdA 0Cqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kGR72ilt2gtK78L/01GDQFic4BE6v4opXftOgadBZmM=; b=P/LgJpyhY0oxDZ5afh86F662by40YH+iqHi6GPVcw8rvT/iqZECp+9Z6RIxqSehJTb b5AgwGoK+mXKyrCyDoKDKEWKD7E3uBz5y72bLWO+in0lAlB1UJAGaCb3JgdjU+q66rLe g9lg35nZHEO+z5LmUTQWrdWaJcHyM/01bZK0ESa3az+DZGf27c79eAUf5Aj+mRXPrmFq cSf/6P0XywBBCiVjl+dCollL//oAS9egjJQB7YiNfB2vlDOKnEmoFOPvDY5oZe/cNtlI piAUxI2ZamXnrfU90vNtbOHNvCv4yH7wzZeCrXCIMJwKrUKLgNzOtOgaqV7JH5Rgl20N lpHg== X-Gm-Message-State: AFqh2kqFwrjpBhh2k0s5a/bFivIvzSlGsb7rfuhdwmxUL0CGccbpseYK ondxkftTrcsjkmpso2VAFKSj7w== X-Google-Smtp-Source: AMrXdXvH6K2KIVQ57HXDPFWTIupQQmzKHOj9PFBD+BFxcDAyzsbuY15PV1cK4uSsBwYoAKV9ae35sA== X-Received: by 2002:a17:906:744:b0:877:9eab:118c with SMTP id z4-20020a170906074400b008779eab118cmr26664836ejb.68.1674787979362; Thu, 26 Jan 2023 18:52:59 -0800 (PST) Received: from localhost (88-113-101-73.elisa-laajakaista.fi. [88.113.101.73]) by smtp.gmail.com with ESMTPSA id q23-20020a056402041700b0048eb0886b00sm1591026edv.42.2023.01.26.18.52.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Jan 2023 18:52:58 -0800 (PST) From: Jarkko Sakkinen To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Brijesh Singh , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" Cc: Harald Hoyer , Tom Dohrmann , Ashish Kalra , Michael Roth , Jarkko Sakkinen , Dionna Glaze , Jarkko Sakkinen , kvm@vger.kernel.org (open list:KERNEL VIRTUAL MACHINE FOR X86 (KVM/x86)), linux-kernel@vger.kernel.org (open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)), linux-crypto@vger.kernel.org (open list:AMD CRYPTOGRAPHIC COPROCESSOR (CCP) DRIVER - SE...) Subject: [PATCH RFC 8/8] crypto: ccp: Move __sev_snp_init_locked() call inside __sev_platform_init_locked() Date: Fri, 27 Jan 2023 02:52:37 +0000 Message-Id: <20230127025237.269680-9-jarkko@profian.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230127025237.269680-1-jarkko@profian.com> References: <20230127025237.269680-1-jarkko@profian.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org The following functions end up calling sev_platform_init() or __sev_platform_init_locked(): * sev_guest_init() * sev_ioctl_do_pek_csr * sev_ioctl_do_pdh_export() * sev_ioctl_do_pek_import() * sev_ioctl_do_pek_pdh_gen() * sev_pci_init() Only sev_guest_init() and sev_pci_init() also call sev_snp_init(). Address this by calling __sev_snp_init_locked() inside __sev_platform_init_locked() before any other initialization. Signed-off-by: Jarkko Sakkinen --- arch/x86/kvm/svm/sev.c | 4 +-- drivers/crypto/ccp/sev-dev.c | 51 +++++++++++++----------------------- include/linux/psp-sev.h | 15 ----------- 3 files changed, 19 insertions(+), 51 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 5e4666b79689..2dd56f59fc50 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -343,11 +343,9 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) goto e_free; mutex_init(&sev->guest_req_lock); - ret = sev_snp_init(&argp->error, false); - } else { - ret = sev_platform_init(&argp->error); } + ret = sev_platform_init(&argp->error); if (ret) goto e_free; diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 50e73df966ec..be040926f66a 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -102,6 +102,7 @@ struct sev_data_range_list *snp_range_list; static size_t sev_es_tmr_size = SEV_ES_TMR_SIZE; static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret); +static int __sev_snp_init_locked(int *error); static inline bool sev_version_greater_or_equal(u8 maj, u8 min) { @@ -965,7 +966,8 @@ static int __sev_platform_init_locked(int *error) { struct psp_device *psp = psp_master; struct sev_device *sev; - int rc = 0, psp_ret = -1; + int psp_ret = -1; + int rc; int (*init_function)(int *error); if (!psp || !psp->sev_data) @@ -976,6 +978,18 @@ static int __sev_platform_init_locked(int *error) if (sev->state == SEV_STATE_INIT) return 0; + rc = __sev_snp_init_locked(error); + if (rc < 0 && rc != -ENODEV) + return rc; + + if (!sev_es_tmr) { + /* Obtain the TMR memory area for SEV-ES use */ + sev_es_tmr = sev_fw_alloc(sev_es_tmr_size); + if (!sev_es_tmr) + dev_warn(sev->dev, + "SEV: TMR allocation failed, SEV-ES support unavailable\n"); + } + if (sev_init_ex_buffer) { init_function = __sev_init_ex_locked; rc = sev_read_init_ex_file(); @@ -1373,6 +1387,9 @@ static int __sev_snp_init_locked(int *error) struct sev_device *sev; int rc = 0; + if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + return -ENODEV; + if (!psp || !psp->sev_data) return -ENODEV; @@ -1457,24 +1474,6 @@ static int __sev_snp_init_locked(int *error) return rc; } -int sev_snp_init(int *error, bool init_on_probe) -{ - int rc; - - if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) - return -ENODEV; - - if (init_on_probe && !psp_init_on_probe) - return 0; - - mutex_lock(&sev_cmd_mutex); - rc = __sev_snp_init_locked(error); - mutex_unlock(&sev_cmd_mutex); - - return rc; -} -EXPORT_SYMBOL_GPL(sev_snp_init); - static int __sev_snp_shutdown_locked(int *error) { struct sev_device *sev = psp_master->sev_data; @@ -2319,14 +2318,6 @@ void sev_pci_init(void) } } - rc = sev_snp_init(&error, true); - if (rc) - /* - * Don't abort the probe if SNP INIT failed, - * continue to initialize the legacy SEV firmware. - */ - dev_err(sev->dev, "SEV-SNP: failed to INIT error %#x\n", error); - /* * If boot CPU supports SNP, then first attempt to initialize * the SNP firmware. @@ -2341,12 +2332,6 @@ void sev_pci_init(void) } } - /* Obtain the TMR memory area for SEV-ES use */ - sev_es_tmr = sev_fw_alloc(sev_es_tmr_size); - if (!sev_es_tmr) - dev_warn(sev->dev, - "SEV: TMR allocation failed, SEV-ES support unavailable\n"); - if (!psp_init_on_probe) return; diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 970a9de0ed20..ef0c6941a8f4 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -794,21 +794,6 @@ struct sev_data_snp_shutdown_ex { */ int sev_platform_init(int *error); -/** - * sev_snp_init - perform SEV SNP_INIT command - * - * @error: SEV command return code - * @init_on_probe: indicates if called during module probe/init - * - * Returns: - * 0 if the SEV successfully processed the command - * -%ENODEV if the SEV device is not available - * -%ENOTSUPP if the SEV does not support SEV - * -%ETIMEDOUT if the SEV command timed out - * -%EIO if the SEV returned a non-zero return code - */ -int sev_snp_init(int *error, bool init_on_probe); - /** * sev_platform_status - perform SEV PLATFORM_STATUS command *