From patchwork Wed Mar 20 08:38:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597496 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2040.outbound.protection.outlook.com [40.107.236.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B978E38DE8 for ; Wed, 20 Mar 2024 08:45:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.40 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924347; cv=fail; b=gUjeXfZ7WWJnxxZRO2HMPqCfAIwCV8mGortcX/bOAQjaX+2S7fSNtnIlnpDm8lO4kSz/8eG9qcBroylWCFn8tEJAq+gKv5Rjhmy8S2EENenECsFcWwt275BvQHOYBb3TsfcWbZb1cQXmLdd+I75F3y8+1Iu7wTgNnDw6nsh1T0g= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924347; c=relaxed/simple; bh=9BxA3WFUw61dHtL4+8qVwV3krjXmSmbRE5pX9saEwI0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=edIDJPDZn9EcgZ0E8CkpMny5+dKCTk0et4ZjcB3H5lBYc31NlMurDVKkkBV8cEA9+G92NiYsEF+yLeULRoBMR2d50sZaVToe3WXf9G86//r5Ns0YVuI51yqfMPLZHvwg1mb+7pByU4peu2MUChm5rMWAPh4JKH9eg38eTpnqiVc= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=FdoiOHtQ; arc=fail smtp.client-ip=40.107.236.40 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="FdoiOHtQ" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OyqcTASDmTOY4hkTbHNP1NbfV4Zv6g1Dei62zVAaXOf/6AfAId5iY1OR+u7txAzzHZ6Yvu7r48420DyVE730eOMNRrAzE2fLuU1RsU2idCd167cCupoOkjKBa2YqZP8NjLtSNj362X1tR36ovzDO9pGpoQGhoUY5nWj34IZXTGHaNcR9o5v8u7NwYtCGpUbg4F1Z/glj8LngW3cHzAp4H7x0SQ2Y5xi23yv+uXV5mkNHt6u/iv9HklGOyZqHkQ6HjeP+DEBv56asPKqrtWRmew/IOwXKB6a7WBINpL7+U7t4yQi+e+Omx0LhdDrB6zBinIM7/fjhBM3oF8wdzZZDBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hgqQeEk4/yxOnObN4oS7g1WBS8gHjZbQRquku8TOVwE=; b=nFlLxVJj4lAl3qXIHkMluT3h+2T2d7nJGjaNEGENY6SJY1QE7owhhh4aPxS7HSeD+NSCR7sGP1ELoPhv03f1syBRgs11r6Z6vpXygEG3mJ+4J1p43tUm3UqkAcv/PTWVXo6GM8RIIc4wz5CkBDQfq1+2Bej6hUWsFL5IH11QkFJ23yH3UE1EYD9XcTfRH7yD4LfsBF+g2VxMSG5gSMKPf4FhXWwtvOq2FGwE9xD7UyUVlUzw6R2tk8z2xV2L/Dpb09I8E2vvoOUyT/p35O45onfp6OsKQEQqM8WapVVnbUNfW6c/23L2ZEKdRxyaiixAU+wwmrzVpKiB/lA1LwueTQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hgqQeEk4/yxOnObN4oS7g1WBS8gHjZbQRquku8TOVwE=; b=FdoiOHtQpVhZ+3rv2dyhfoPPS8w3aUXBqKcx8oRhGo2cIL9PChQKW6im75qODpJLm6uLoDfT+qtaUA1sFfyoiJk6WxHmNW9wfm8bSNh4R4c5Tdwq/eJccgj1AZUboKFHT0ol939exUx7G5+uBWK8lFkyWAgqddluQ7AVS2YLVuw= Received: from MW4PR03CA0289.namprd03.prod.outlook.com (2603:10b6:303:b5::24) by SJ2PR12MB8737.namprd12.prod.outlook.com (2603:10b6:a03:545::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.34; Wed, 20 Mar 2024 08:45:42 +0000 Received: from MWH0EPF000A672F.namprd04.prod.outlook.com (2603:10b6:303:b5:cafe::57) by MW4PR03CA0289.outlook.office365.com (2603:10b6:303:b5::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.26 via Frontend Transport; Wed, 20 Mar 2024 08:45:41 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A672F.mail.protection.outlook.com (10.167.249.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:45:41 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:45:40 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 01/49] Revert "linux-headers hack" from sevinit2 base tree Date: Wed, 20 Mar 2024 03:38:57 -0500 Message-ID: <20240320083945.991426-2-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A672F:EE_|SJ2PR12MB8737:EE_ X-MS-Office365-Filtering-Correlation-Id: 34965a5c-78c1-4656-a00d-08dc48ba2009 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: nljCWTAUP942QdTqIU7DPmGgTGf0yTFFURTiG1bfK2oVFoc2Bls0+UC19aVQUjeL8eB02KHLIkV8leBqTJJ4e026IM9LZO5SHaqTxjTF7mw0U0ZvNARuUlp7aDGOSnyFhwcqHNB3XFrs3gFQC65QYx2zQvoN6G93Mgz3WRHfkkSi2snZ1/Mv0ZExG31lV2YvdtrfkZzuoXYUuZvzPjFSskH1zuQzi9N6xZAZqbXdOweAgKM28f6CGSbGoaoO6UGNPCFllAkBpt4LzIXfLIzKnLsFU+HlPe+0/1HnM69c4miy2jX/HC63wRiYx3XUVakeYn5mlQhj//Kd/PwBDOiCK/3uS6lko6wNwZMXfX17jqNtX2/AP38nWY32mQvDZAK5MWqfd5XOQvGAukeQofNPDVfA/lWM3TCIecONFyKGlf4Ja7IjMMuSl514Eqy14uKgYSrheDneRVpxuNxTTZ0hHIXZHJ/fSm+ax3V0wm4dBVSgaUKlIuAO6VnF/QGepfcKWcb3Ps52Y1Aao+qz26PM5sz9pqDkI86EM1gSwjos2JX0/BtceNN7OzguLNd0xZWZfyKDpFeKJ+TF46XUfhZ+zwQu0dyAo+ixVMso8kmZaTu8fHoDrZ8F00/gtwwIil7XVS4TSxEwIwWCMrE5mroFZ39pzaQle2kaUn0sGXoqtpYksNUxChSx0VJwTXMrmnGimpiOnp/kSTScRqPEuftsb1aSSPAL1ywHNgpsYkCJIPlVshWtArPOawAajCG8JsxD X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004)(376005)(82310400014)(1800799015);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:45:41.6823 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 34965a5c-78c1-4656-a00d-08dc48ba2009 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A672F.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR12MB8737 TODO: Either apply this in advance of sevinit2 patches, or drop this in favor of a separate preceeding sync of 6.8 kvm-next. A separate standalone linux-headers sync will be used instead. Signed-off-by: Michael Roth --- linux-headers/asm-x86/kvm.h | 8 -------- linux-headers/linux/kvm.h | 2 -- 2 files changed, 10 deletions(-) diff --git a/linux-headers/asm-x86/kvm.h b/linux-headers/asm-x86/kvm.h index 8f58c32d37..003fb74534 100644 --- a/linux-headers/asm-x86/kvm.h +++ b/linux-headers/asm-x86/kvm.h @@ -562,13 +562,5 @@ struct kvm_pmu_event_filter { #define KVM_X86_DEFAULT_VM 0 #define KVM_X86_SW_PROTECTED_VM 1 -#define KVM_X86_SEV_VM 2 -#define KVM_X86_SEV_ES_VM 3 - -struct kvm_sev_init { - __u64 vmsa_features; - __u32 flags; - __u32 pad[9]; -}; #endif /* _ASM_X86_KVM_H */ diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h index 5fd84fd7d0..17839229b2 100644 --- a/linux-headers/linux/kvm.h +++ b/linux-headers/linux/kvm.h @@ -1865,8 +1865,6 @@ enum sev_cmd_id { /* Guest Migration Extension */ KVM_SEV_SEND_CANCEL, - KVM_SEV_INIT2, - KVM_SEV_NR_MAX, }; From patchwork Wed Mar 20 08:38:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597545 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2048.outbound.protection.outlook.com [40.107.244.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 299A43FB8C for ; Wed, 20 Mar 2024 08:49:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.48 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924576; cv=fail; b=uG3tOotQcdACkDEdtqt1NhG9j8EwNrTGTCWslvfANyZj1TtBJex2Nb4K/Pq6wJMpwfonDiEfIHFiYDP+gvSgmj5//3Ma85IH/vQVXR/SCOJG8RH5h698So2X7sW5dQfHlRblyUOsdpMx1bNWZesR7agkV5xv94GvJqNwQ82Rr5Q= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924576; c=relaxed/simple; bh=JbKIZNCFji6bUoY1Bplz+Ud2PiZ2uUfUoe3/UlARVY4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Fu/TRL0x7w6leoJyTsCvB9ICupGXfWlfHkYcBEfHzMcZphmha8DGUMajizDsSncjp3Zf8dl7qVfw77oGOFNQdBIFGIiG7HhR2KjMKqneYPCJPP6fWR7z/0C6UvyziYNscAqDmAo8dVzVodUaiL2fF6tfbvgwA4FGGIuomt6ODmg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=o/3GESvW; arc=fail smtp.client-ip=40.107.244.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="o/3GESvW" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VVWEhtm4m5nCSSeXafvrAChoIc1uFxtMkrJhL0GNww2ngsnqEnZUCeskJsun1HXBOoKKLb+mwjcz3myWw7HyakBXGC5Mmg6DBj5Gp6JrflCaTElydr1O8Gu7TSalgiEV1UbVEU/nuFGlbTlH8twRMpZRVRB9Jb3xbr+H9U56H5So+omtYEj9x8fwT+upzu93a1pukVINhn2ZgIY8TJf4S7yPsX9jp9A/k4kSNtFjjjj3juYxPz1fUEWiIMhhJkRE4XwwQbMfZh0S1+HX72NLO11aJw+g2bZV3tTil6ez38qzSo8axehv8jVAOnIytEmJpHRCfJNmNiEZriSua5Cw9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=b08MNWU7OrrmNusRruYlxEmAMS6k924e9RrUDzPgRzk=; b=IBvGn8dJZU2GYnZ5xPneCFbdRQXfjo4zTY/4nDnvWdP3wER40UzBigoX4S4pLWcV3VYp1+tPZkQ8xEsl31OVzWEsw97TucO2s/MZhLU8b9otVblO6+S+FBuInctfpsPZhUpv5v2fhYqn/gllCzWt3Bsz/FEN4Ivuo8HcsqTraq2J0++gnKAJl9YxsMJ8xUCuj6+RpP1I38uGkcDs4ICrf3zH7H0E72LhPRbztUfLqdxmcygdhHW/lj+Cdrec8Nl0eZPz6L4Fi44FHkRq/Sos8HPoOUCmLrIdX++oK8KpWvCKf3oE0npdfCmPsuNE7cWy/i4JHSPhdYfPiSBdv9iHRg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=b08MNWU7OrrmNusRruYlxEmAMS6k924e9RrUDzPgRzk=; b=o/3GESvWmUckWn2rdw4b4QUmnGFBMqYMc8teLMemCyGRK4OunBfoN4h+O8LNd1T0Qu1+cI/urqXdXBPeGEfHL2vOoP+xOC7xPrE0yYGQ+RyfxLO290Isdfad/6JN6lDDKbydQiFseVkECbP8Sj0nFLikrzvbL6CrQ4C9FycyxYA= Received: from BN8PR12CA0009.namprd12.prod.outlook.com (2603:10b6:408:60::22) by SA3PR12MB7973.namprd12.prod.outlook.com (2603:10b6:806:305::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27; Wed, 20 Mar 2024 08:49:32 +0000 Received: from BN1PEPF00004681.namprd03.prod.outlook.com (2603:10b6:408:60:cafe::df) by BN8PR12CA0009.outlook.office365.com (2603:10b6:408:60::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27 via Frontend Transport; Wed, 20 Mar 2024 08:49:31 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN1PEPF00004681.mail.protection.outlook.com (10.167.243.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:49:31 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:49:31 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 02/49] scripts/update-linux-headers: Add setup_data.h to import list Date: Wed, 20 Mar 2024 03:38:58 -0500 Message-ID: <20240320083945.991426-3-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN1PEPF00004681:EE_|SA3PR12MB7973:EE_ X-MS-Office365-Filtering-Correlation-Id: e10b0ae5-ccb6-4927-bc4b-08dc48baa90f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: MFTH7275d6c3qTC3ZT0MXxx6mFC0dpLLak0mD6uuR3r6Bp5ELDLENSTtdOR2w7+Ikc6FB2UywP3u5+tSXBP6vcmg9Jnq4UxIvu6SU3i/4ZKgKIxu6Zt5VAbqOFFouO0RgH0614SzsqVtWJh0ind07QTaZMskCX0YhrRtkOI+cSASSxQbWJW3OwFDdL0+DP2f/Yngeu5FCNWEZuDZkLWSYTYRCfteMYKXFObADiBl2ssEOyW1dk3f25QXW8rnTPten4/b7XouenDNweP5sMQISPpGCWE95/RlKrFLCi+vAWFCCTnjE31ofpzRHoiQ48yvNorSxxZMmooGCJHhqkp61a87ojEGJXo/F7oQaQQTJ2VBzvgu431kMigwHtGXcFKZtG8b6Erah9KhFJY6S5kABfx0Iqk+TnEKw8RxxcMjtNrcXJ3OzROEwEnk94FnvHvVoLs0v+N6tQPHR7rz1OtxTw8L/s4friNJ/rrCdwwKFjs1gC93AjLWM+rHnuWFokP/If2yC1sewaEvB6mwORx6bWX7tXIJ2ojXCcon7TGIsJTPwU8FH8nwdynrbfix63oeOwe3V7i3mR6BCsAM92zWZmTEHqYK6avDlmc2dAbp/jgD1/C2NdN2DuD6tmUN5WG5aAVLGwP/jAdtPVKKHFA6Hg8TDhTH0LHjuFNstrII1CqSYeFxkycPRnu1DObb5LK1u3RBtzkak7InvZxZxJZ17czPhGbNMebvGGRW4SRRXG/wFmqj45ztm3Pdd65Y1YR4 X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004)(1800799015)(376005)(82310400014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:49:31.6796 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e10b0ae5-ccb6-4927-bc4b-08dc48baa90f X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN1PEPF00004681.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR12MB7973 Data structures like struct setup_data have been moved to a separate setup_data.h header which bootparam.h relies on. Add setup_data.h to the cp_portable() list and sync it along with the other header files. Note that currently struct setup_data is stripped away as part of generating bootparam.h, but that handling is no currently needed for setup_data.h since it doesn't pull in many external headers/dependencies. However, QEMU currently redefines struct setup_data in hw/i386/x86.c, so that will need to be removed as part of any header update that pulls in the new setup_data.h to avoid build bisect breakage. Signed-off-by: Michael Roth --- scripts/update-linux-headers.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers.sh index a0006eec6f..579b03dc82 100755 --- a/scripts/update-linux-headers.sh +++ b/scripts/update-linux-headers.sh @@ -62,6 +62,7 @@ cp_portable() { -e 'linux/kernel' \ -e 'linux/sysinfo' \ -e 'asm-generic/kvm_para' \ + -e 'asm/setup_data.h' \ > /dev/null then echo "Unexpected #include in input file $f". @@ -155,6 +156,8 @@ for arch in $ARCHLIST; do "$tmpdir/include/asm/bootparam.h" > "$tmpdir/bootparam.h" cp_portable "$tmpdir/bootparam.h" \ "$output/include/standard-headers/asm-$arch" + cp_portable "$tmpdir/include/asm/setup_data.h" \ + "$output/linux-headers/asm-x86" fi if [ $arch = riscv ]; then cp "$tmpdir/include/asm/ptrace.h" "$output/linux-headers/asm-riscv/" From patchwork Wed Mar 20 08:38:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597578 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2062.outbound.protection.outlook.com [40.107.220.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EF10039AEC for ; Wed, 20 Mar 2024 08:53:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.62 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924806; cv=fail; b=X7RYYBpxSOsZ2bMxzopk3+uBTXjvgX4osM8F3yUoltTdok/KnGAjZauJ9Ib5csYuU51C5UPqDSDtk0uBuI82/QibWPSZ0rNcJIyQgEUwuCOqn99vFM1O2Q++R3vGKT6XTI4jlLV3iX28T3Bn+dl/4A/FyhTp+HkDX2cenjWCYpw= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924806; c=relaxed/simple; bh=oVo2FriQkKkPdSuDkhA2U4aLnLaOyecxG9J0ZOEF7d8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=EVIB3su2QGdhHVH+Y+scwwB3LYuBEhsvUqnMMfEEGG/mks2JCIblurmpFXm7xGOwvpECXgp9YTMUeiO+j/tOzcg+3VQuiNcPU/LqIIbZfI3oi5XH/XYMhnKXcM1DqOemyPcUTHl6xaBLNMKTp1SjJxxXw7SUcrVFdOL5TagmJ7g= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=AX9R+dty; arc=fail smtp.client-ip=40.107.220.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="AX9R+dty" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CWNa5P+xgyzreRDexI8xtN+Q0pK+tNWL1UUo+HXRYWSpvfhyJ3YMYG3hiLhN8q/MsN8vX2ewdMHdKOX3twFU9SATSKfDs4RkQOiMrBsVbTTgoJyscGxh7ZhaUFl65HoLVGCHnavmvmsuEFr6/fVfRFQbaoP5UKbm/q07p2fvBNH2jOWJzi1Et8xiUY+dTuYAQuvYRAoVyIiM3ldvSvqCYMtghVZNxQMImfQD4uw2gU88A8o74MflQ+ctFy/XZJIT5jljaZbmPuIrScdUig0drTHrd7KeuLjmIIHSlNlca/o9i7MT28bdHrykwmie/DWAUv1+Q2vlHKn8x6IQhsK73w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5HPNI8nosuhp2hAjQ29ghlD9VELMdvXFv27zQ4Doglc=; b=ZP6qz8O1mOa7Oz7pTCwqpvtGzUnDHHqvvFYZ9g5NIT0XBj32ua8xBKssnweBMzVABTo4DgsK9dsJw+DadUU0+onWmiILTw3l9mVtclCSycq/cJhvBxAyBoMumcPz8S1OeP98k4wkMtVWLMEo8dzpcpjC+N/u2oJGAZMHU1rlHvJbZZkIAVqObhjFC6l2FzvAC7ZVk4zycMZTnYt/GASpQmvJcXWPqmZfk+7HIzHiR+DRRusuOO/0n9RUl5bDryqpdU/y8LlyYDPgovOb7yPYoGOwytoTGHWuN2yKIKfE13lM2nIdFUU7O5UxQ5EWYD+ZIclODu62pzufDhvgHOxmLw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5HPNI8nosuhp2hAjQ29ghlD9VELMdvXFv27zQ4Doglc=; b=AX9R+dtymPCRZwExMyV8waZyRUEZEQidDCAFBC9rEX+ITCnX3d2Eex19Hw4WcD8+XfQlntoF4h1TYWibT6b4Ukiz/Su/adw+rdDjDDTR5FRNi4qdEm/5tjmisJBbabqjWS98mV4D6J44CCxk5RiB6KPvfocdpRfYq8ilMFifYKM= Received: from BN8PR12CA0021.namprd12.prod.outlook.com (2603:10b6:408:60::34) by DM4PR12MB7647.namprd12.prod.outlook.com (2603:10b6:8:105::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.29; Wed, 20 Mar 2024 08:53:22 +0000 Received: from BN1PEPF00004681.namprd03.prod.outlook.com (2603:10b6:408:60:cafe::78) by BN8PR12CA0021.outlook.office365.com (2603:10b6:408:60::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27 via Frontend Transport; Wed, 20 Mar 2024 08:53:22 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN1PEPF00004681.mail.protection.outlook.com (10.167.243.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:53:22 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:53:21 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 03/49] scripts/update-linux-headers: Add bits.h to file imports Date: Wed, 20 Mar 2024 03:38:59 -0500 Message-ID: <20240320083945.991426-4-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN1PEPF00004681:EE_|DM4PR12MB7647:EE_ X-MS-Office365-Filtering-Correlation-Id: 15931be1-fd01-416d-2b45-08dc48bb32b8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: cSAWIcRwGZpNB6zHiLxxaggeaqJq8pY8j3uPHHW5SOTmjueHNrE8WVp7gS6XAESEcoon3QLMrpZzq0CPuvtf7Kyh3eveAQN0bq5kGg/tL4yVcwWEddc/oCtpAOVR5fNNniPoLt9DDLxMnjCU7XmZ2zk5HL8np2c9y81Jf3KgDVC2wnMHlh0G+H8/Y1BSHFCY288A2qNismpUjV74U+AKoVcoQLu9KJEhFrC4SP5jQanKLkUkkuPBAQ2SlQCD1+MB4GixhidNtvH00cT998zEk1F5UwRXFD3nbSIaI5de31DjMP+2eA5q5/etMBqfh9D4QMKDxVjMWCY7eIH1Sz3k5bVwg2WYTlfGvXs7WSRrtWvyFfGjzWmBRwwNgM2VBdlagURpTiJSonzO1GBx6KM1Wh0Fno9b3WLdXRoKiLzX/b1ogBzGTiNVuqVsvbje6LbuTpnXnaHNwcGI+VtASNZPLG3DKxsreJieGF/M6+z3m4nOrPX5Hue7IRVme1M6v/K9E5bnaDag1jmJrvO2IYB2fRhUAvqV6y83UN4I+ghDmQsKDJCj8eBQeozJAszOyXOYCPRXHeZSGzOlQsZ7WBgsmgtDZqJA3JzAcNFvmC24qrF8jfv33Za0eulXHaWman8R7TfktC0hs0ONDj1ysZvGRf001SBr75FRULLQ6HMBHKOd6/A9NKAtuj6q754QKUX++67U+ythvcFizqcT8ILBqadXvwXl0Qz8LGEgw2RJ7eNf6ieuvedWXUAQZmSbpz7j X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(376005)(82310400014)(36860700004);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:53:22.6313 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 15931be1-fd01-416d-2b45-08dc48bb32b8 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN1PEPF00004681.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB7647 Signed-off-by: Michael Roth --- scripts/update-linux-headers.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers.sh index 579b03dc82..b992ed7b15 100755 --- a/scripts/update-linux-headers.sh +++ b/scripts/update-linux-headers.sh @@ -168,7 +168,7 @@ rm -rf "$output/linux-headers/linux" mkdir -p "$output/linux-headers/linux" for header in const.h stddef.h kvm.h vfio.h vfio_ccw.h vfio_zdev.h vhost.h \ psci.h psp-sev.h userfaultfd.h memfd.h mman.h nvme_ioctl.h \ - vduse.h iommufd.h; do + vduse.h iommufd.h bits.h; do cp "$tmpdir/include/linux/$header" "$output/linux-headers/linux" done From patchwork Wed Mar 20 08:39:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597606 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2049.outbound.protection.outlook.com [40.107.223.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8E23638F82 for ; Wed, 20 Mar 2024 08:56:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.49 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710925020; cv=fail; b=gETGh0l/tIObsiBdrnZ7dTK9z4S1yVBGLfPf4iRWMaWie9XBbp2+pR0uo4lxwEzLxyzONbteSYq3L/63BgvBKvmzpXn5ln0R/k57jpZxniapqi3wlchTQeTga6GsqQz7x2VYPZy8A+noq2tP5nckhJvbe6eld1JM4rzpjLQ/2nY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710925020; c=relaxed/simple; bh=t1+PSIHP5e/2fCb88+ZJx1C0vmwCO7pgbrCG4TX5KtQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=OGrGaPnsHXWnSlgQx63H06oCKHhJ1yz3Eh8VBi8u8cjKyCs5Scw132R633YE9+8JxB1lyhB8JXsuUo/1uX2g97BoQs6YgzUJYQUE3hmdatubFmlbg134LYElbp92vaRXek39F1ZCYobo2CuLbj+0ozsHQOkd1bKC9iEdCpFp/b8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=FSTxg1KV; arc=fail smtp.client-ip=40.107.223.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="FSTxg1KV" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gnxhpxtIWIhzonTXp2uHXUQo7tzviplZZxBYTylYbW7z9n2RKdBdyQcRwgGP/MP6MKqzfBxSAQqWoPiTVbq3Cg358w4q4KDWx1xRF3BejfcWFzC8Sn5TEajHUjmKhmmdGEMuWvqlroOeKqDC+y3qYQo4sjCecWjuBdayrrYacnpQIGqiRgW1EuAKwDrf3Tc93D7n2BM7CPYIGvC+ZhT6k42x8ZUIyvDOAI319ioA9BsZX6DfQimZSaL6PNA9fHje125lAJVna9WRWDZEtej+sPMhtkCDWjj50YmTEOXsNAjeL5+Fd8MDMnRYeX5dTxqAlY8UaDonBrQPF9rXG8Opzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/B5elOnbVpvwQHGxxBOGT20cWiVHAeQi4ai/PJUx8KY=; b=Wv+uEkUdsAOmkyKE8yIRz6qzqYUzeCxv2nfK2lLwHa3qlX8AODuyI2Cn2lYNFGXwjUt6eUzcPZpJEysH2FvoGZRKQTY6F2SjTGTwKIgmgQCc5V9XSGx+wDl6psg68Cuy3F3lB1lfvYDlb0Oq718FkM8q9mRvuBhw983Ga7Dh1yHqbQjW1qdW6SOMTSHrdlwA810l9ZaOp2mIUs/GNrbWnViOvR/xMNKbER2t5LJYnYiKc1skkNQapGInENTToklAsUyXAxV9M5PxSy+u8tKinDGAYcRdgVGguC6WKuAsVz7V09hDxE/Rd6n0M2lCyfxaK5YHg/x0m3HSLCynFC9bjw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/B5elOnbVpvwQHGxxBOGT20cWiVHAeQi4ai/PJUx8KY=; b=FSTxg1KVClOLC9sPeJNfQT4rlJAaFH+sCHh3iTDdniZXJCFs8mrG21gxGvGyasld6dUz3kejebWD+heT0gVNVUHp2HJh2SBrupBHkKxNzK9glfvqCkAujO+ILTAPLnoEpO6qXj9EIXEkWr2WqeCVBM9/CFWY49mNvKu15TOKZcA= Received: from SJ0PR05CA0130.namprd05.prod.outlook.com (2603:10b6:a03:33d::15) by CH3PR12MB8912.namprd12.prod.outlook.com (2603:10b6:610:169::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.31; Wed, 20 Mar 2024 08:56:53 +0000 Received: from CO1PEPF000044F1.namprd05.prod.outlook.com (2603:10b6:a03:33d:cafe::55) by SJ0PR05CA0130.outlook.office365.com (2603:10b6:a03:33d::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.11 via Frontend Transport; Wed, 20 Mar 2024 08:56:52 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CO1PEPF000044F1.mail.protection.outlook.com (10.167.241.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:56:52 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:56:51 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 04/49] [HACK] linux-headers: Update headers for 6.8 + kvm-coco-queue + SNP Date: Wed, 20 Mar 2024 03:39:00 -0500 Message-ID: <20240320083945.991426-5-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000044F1:EE_|CH3PR12MB8912:EE_ X-MS-Office365-Filtering-Correlation-Id: 964e2a3e-8361-41c9-a36b-08dc48bbb004 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 6hv0+iBsXSZbBAVVjUd8gN5s+LgZID5exlBk4KMcEonuO3iyfvpNcx8M+RIY6mpezkOJctwkFf2j1SFilJfibBDmw8DAi6V+IscnhyHhOHxsGDhRUf+WnXab4TSrKX3XMHQfsl+O/XFuee58kN0aIZq0OFMdDz3uh4yWSsuWNsV/Z8HoChBlqfmE0w2oMBt5R4cuECbjuhEhz82oFJBXy1hmEh7JupLN7BJGN7rw0uStThR+JoyLz12Kyq1C7EgNzhXLG+71dR7ktnL0aWxVPBf15WET2GZuxsMwEWpDQJU48MFhCpK1DF6UgXFIlzXYoqRiqhrkXNzssBlNVFdRcdQG9deSlIpWlvKS6ZDxmLdxXoVpI2hiZ4sZxfKPj1FXG7zFjPGc2ilG67DEPboq5iRWb/uMs2ExQulBuutNv7udE0+utyZwe0tHLz2DKfajQH8ns+iOOP1Qen4t7B5v3jjln9yLB4a86TyI78VXkr+5uReAusnBRxVcXJBEa4VtcuskdXH0TPKVWfQaXktWiNvqOs2L2YWKy0toBbgny9uGiwb8N4chowBooZthOcqBk8h79LhDU7Xcn/5bZgG973PQBr6bpgqODT/riS34S+frojacPp57xUejl+/F/PhwGlZOe5516xpJMSuRtuaDP8wM434cRdCQ3nP5sOXlH7+y+lGbSLTfDH8LSK0BU4OJBUwRN3IK0Q/Q/ayENuKCDBhPL1mC2HJPWobIu9kO1eLrCaG5Pp2iuwQFr6hJmmzy X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(82310400014)(1800799015)(36860700004)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:56:52.7383 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 964e2a3e-8361-41c9-a36b-08dc48bbb004 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000044F1.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB8912 Pull in 6.8 kvm-next + kvm-coco-queue + SNP headers. Be careful to omit removing the following virtio_pci.h definitions which are no longer present upstream, since QEMU still relies on them: #define LM_LOGGING_CTRL 0 #define LM_BASE_ADDR_LOW 4 #define LM_BASE_ADDR_HIGH 8 #define LM_END_ADDR_LOW 12 #define LM_END_ADDR_HIGH 16 #define LM_VRING_STATE_OFFSET 0x20 Signed-off-by: Michael Roth --- include/standard-headers/asm-x86/bootparam.h | 17 +- include/standard-headers/asm-x86/kvm_para.h | 3 +- include/standard-headers/linux/ethtool.h | 48 ++ include/standard-headers/linux/fuse.h | 39 +- .../linux/input-event-codes.h | 1 + include/standard-headers/linux/virtio_gpu.h | 2 + include/standard-headers/linux/virtio_snd.h | 154 ++++ linux-headers/asm-arm64/kvm.h | 15 +- linux-headers/asm-arm64/sve_context.h | 11 + linux-headers/asm-generic/bitsperlong.h | 4 + linux-headers/asm-loongarch/kvm.h | 2 - linux-headers/asm-mips/kvm.h | 2 - linux-headers/asm-powerpc/kvm.h | 45 +- linux-headers/asm-riscv/kvm.h | 3 +- linux-headers/asm-s390/kvm.h | 315 +++++++- linux-headers/asm-x86/kvm.h | 364 ++++++++- linux-headers/asm-x86/setup_data.h | 83 ++ linux-headers/linux/bits.h | 15 + linux-headers/linux/kvm.h | 717 +----------------- linux-headers/linux/psp-sev.h | 71 ++ 20 files changed, 1186 insertions(+), 725 deletions(-) create mode 100644 linux-headers/asm-x86/setup_data.h create mode 100644 linux-headers/linux/bits.h diff --git a/include/standard-headers/asm-x86/bootparam.h b/include/standard-headers/asm-x86/bootparam.h index 0b06d2bff1..62e4cd5390 100644 --- a/include/standard-headers/asm-x86/bootparam.h +++ b/include/standard-headers/asm-x86/bootparam.h @@ -2,21 +2,7 @@ #ifndef _ASM_X86_BOOTPARAM_H #define _ASM_X86_BOOTPARAM_H -/* setup_data/setup_indirect types */ -#define SETUP_NONE 0 -#define SETUP_E820_EXT 1 -#define SETUP_DTB 2 -#define SETUP_PCI 3 -#define SETUP_EFI 4 -#define SETUP_APPLE_PROPERTIES 5 -#define SETUP_JAILHOUSE 6 -#define SETUP_CC_BLOB 7 -#define SETUP_IMA 8 -#define SETUP_RNG_SEED 9 -#define SETUP_ENUM_MAX SETUP_RNG_SEED - -#define SETUP_INDIRECT (1<<31) -#define SETUP_TYPE_MAX (SETUP_ENUM_MAX | SETUP_INDIRECT) +#include /* ram_size flags */ #define RAMDISK_IMAGE_START_MASK 0x07FF @@ -38,6 +24,7 @@ #define XLF_EFI_KEXEC (1<<4) #define XLF_5LEVEL (1<<5) #define XLF_5LEVEL_ENABLED (1<<6) +#define XLF_MEM_ENCRYPTION (1<<7) #endif /* _ASM_X86_BOOTPARAM_H */ diff --git a/include/standard-headers/asm-x86/kvm_para.h b/include/standard-headers/asm-x86/kvm_para.h index f0235e58a1..9a011d20f0 100644 --- a/include/standard-headers/asm-x86/kvm_para.h +++ b/include/standard-headers/asm-x86/kvm_para.h @@ -92,7 +92,7 @@ struct kvm_clock_pairing { #define KVM_ASYNC_PF_DELIVERY_AS_INT (1 << 3) /* MSR_KVM_ASYNC_PF_INT */ -#define KVM_ASYNC_PF_VEC_MASK GENMASK(7, 0) +#define KVM_ASYNC_PF_VEC_MASK __GENMASK(7, 0) /* MSR_KVM_MIGRATION_CONTROL */ #define KVM_MIGRATION_READY (1 << 0) @@ -142,7 +142,6 @@ struct kvm_vcpu_pv_apf_data { uint32_t token; uint8_t pad[56]; - uint32_t enabled; }; #define KVM_PV_EOI_BIT 0 diff --git a/include/standard-headers/linux/ethtool.h b/include/standard-headers/linux/ethtool.h index dfb54eff6f..01503784d2 100644 --- a/include/standard-headers/linux/ethtool.h +++ b/include/standard-headers/linux/ethtool.h @@ -2023,6 +2023,53 @@ static inline int ethtool_validate_duplex(uint8_t duplex) #define IPV4_FLOW 0x10 /* hash only */ #define IPV6_FLOW 0x11 /* hash only */ #define ETHER_FLOW 0x12 /* spec only (ether_spec) */ + +/* Used for GTP-U IPv4 and IPv6. + * The format of GTP packets only includes + * elements such as TEID and GTP version. + * It is primarily intended for data communication of the UE. + */ +#define GTPU_V4_FLOW 0x13 /* hash only */ +#define GTPU_V6_FLOW 0x14 /* hash only */ + +/* Use for GTP-C IPv4 and v6. + * The format of these GTP packets does not include TEID. + * Primarily expected to be used for communication + * to create sessions for UE data communication, + * commonly referred to as CSR (Create Session Request). + */ +#define GTPC_V4_FLOW 0x15 /* hash only */ +#define GTPC_V6_FLOW 0x16 /* hash only */ + +/* Use for GTP-C IPv4 and v6. + * Unlike GTPC_V4_FLOW, the format of these GTP packets includes TEID. + * After session creation, it becomes this packet. + * This is mainly used for requests to realize UE handover. + */ +#define GTPC_TEID_V4_FLOW 0x17 /* hash only */ +#define GTPC_TEID_V6_FLOW 0x18 /* hash only */ + +/* Use for GTP-U and extended headers for the PSC (PDU Session Container). + * The format of these GTP packets includes TEID and QFI. + * In 5G communication using UPF (User Plane Function), + * data communication with this extended header is performed. + */ +#define GTPU_EH_V4_FLOW 0x19 /* hash only */ +#define GTPU_EH_V6_FLOW 0x1a /* hash only */ + +/* Use for GTP-U IPv4 and v6 PSC (PDU Session Container) extended headers. + * This differs from GTPU_EH_V(4|6)_FLOW in that it is distinguished by + * UL/DL included in the PSC. + * There are differences in the data included based on Downlink/Uplink, + * and can be used to distinguish packets. + * The functions described so far are useful when you want to + * handle communication from the mobile network in UPF, PGW, etc. + */ +#define GTPU_UL_V4_FLOW 0x1b /* hash only */ +#define GTPU_UL_V6_FLOW 0x1c /* hash only */ +#define GTPU_DL_V4_FLOW 0x1d /* hash only */ +#define GTPU_DL_V6_FLOW 0x1e /* hash only */ + /* Flag to enable additional fields in struct ethtool_rx_flow_spec */ #define FLOW_EXT 0x80000000 #define FLOW_MAC_EXT 0x40000000 @@ -2037,6 +2084,7 @@ static inline int ethtool_validate_duplex(uint8_t duplex) #define RXH_IP_DST (1 << 5) #define RXH_L4_B_0_1 (1 << 6) /* src port in case of TCP/UDP/SCTP */ #define RXH_L4_B_2_3 (1 << 7) /* dst port in case of TCP/UDP/SCTP */ +#define RXH_GTP_TEID (1 << 8) /* teid in case of GTP */ #define RXH_DISCARD (1 << 31) #define RX_CLS_FLOW_DISC 0xffffffffffffffffULL diff --git a/include/standard-headers/linux/fuse.h b/include/standard-headers/linux/fuse.h index fc0dcd10ae..bac9dbc49f 100644 --- a/include/standard-headers/linux/fuse.h +++ b/include/standard-headers/linux/fuse.h @@ -211,6 +211,12 @@ * 7.39 * - add FUSE_DIRECT_IO_ALLOW_MMAP * - add FUSE_STATX and related structures + * + * 7.40 + * - add max_stack_depth to fuse_init_out, add FUSE_PASSTHROUGH init flag + * - add backing_id to fuse_open_out, add FOPEN_PASSTHROUGH open flag + * - add FUSE_NO_EXPORT_SUPPORT init flag + * - add FUSE_NOTIFY_RESEND, add FUSE_HAS_RESEND init flag */ #ifndef _LINUX_FUSE_H @@ -242,7 +248,7 @@ #define FUSE_KERNEL_VERSION 7 /** Minor version number of this interface */ -#define FUSE_KERNEL_MINOR_VERSION 39 +#define FUSE_KERNEL_MINOR_VERSION 40 /** The node ID of the root inode */ #define FUSE_ROOT_ID 1 @@ -349,6 +355,7 @@ struct fuse_file_lock { * FOPEN_STREAM: the file is stream-like (no file position at all) * FOPEN_NOFLUSH: don't flush data cache on close (unless FUSE_WRITEBACK_CACHE) * FOPEN_PARALLEL_DIRECT_WRITES: Allow concurrent direct writes on the same inode + * FOPEN_PASSTHROUGH: passthrough read/write io for this open file */ #define FOPEN_DIRECT_IO (1 << 0) #define FOPEN_KEEP_CACHE (1 << 1) @@ -357,6 +364,7 @@ struct fuse_file_lock { #define FOPEN_STREAM (1 << 4) #define FOPEN_NOFLUSH (1 << 5) #define FOPEN_PARALLEL_DIRECT_WRITES (1 << 6) +#define FOPEN_PASSTHROUGH (1 << 7) /** * INIT request/reply flags @@ -406,6 +414,9 @@ struct fuse_file_lock { * symlink and mknod (single group that matches parent) * FUSE_HAS_EXPIRE_ONLY: kernel supports expiry-only entry invalidation * FUSE_DIRECT_IO_ALLOW_MMAP: allow shared mmap in FOPEN_DIRECT_IO mode. + * FUSE_NO_EXPORT_SUPPORT: explicitly disable export support + * FUSE_HAS_RESEND: kernel supports resending pending requests, and the high bit + * of the request ID indicates resend requests */ #define FUSE_ASYNC_READ (1 << 0) #define FUSE_POSIX_LOCKS (1 << 1) @@ -445,6 +456,9 @@ struct fuse_file_lock { #define FUSE_CREATE_SUPP_GROUP (1ULL << 34) #define FUSE_HAS_EXPIRE_ONLY (1ULL << 35) #define FUSE_DIRECT_IO_ALLOW_MMAP (1ULL << 36) +#define FUSE_PASSTHROUGH (1ULL << 37) +#define FUSE_NO_EXPORT_SUPPORT (1ULL << 38) +#define FUSE_HAS_RESEND (1ULL << 39) /* Obsolete alias for FUSE_DIRECT_IO_ALLOW_MMAP */ #define FUSE_DIRECT_IO_RELAX FUSE_DIRECT_IO_ALLOW_MMAP @@ -631,6 +645,7 @@ enum fuse_notify_code { FUSE_NOTIFY_STORE = 4, FUSE_NOTIFY_RETRIEVE = 5, FUSE_NOTIFY_DELETE = 6, + FUSE_NOTIFY_RESEND = 7, FUSE_NOTIFY_CODE_MAX, }; @@ -757,7 +772,7 @@ struct fuse_create_in { struct fuse_open_out { uint64_t fh; uint32_t open_flags; - uint32_t padding; + int32_t backing_id; }; struct fuse_release_in { @@ -873,7 +888,8 @@ struct fuse_init_out { uint16_t max_pages; uint16_t map_alignment; uint32_t flags2; - uint32_t unused[7]; + uint32_t max_stack_depth; + uint32_t unused[6]; }; #define CUSE_INIT_INFO_MAX 4096 @@ -956,6 +972,14 @@ struct fuse_fallocate_in { uint32_t padding; }; +/** + * FUSE request unique ID flag + * + * Indicates whether this is a resend request. The receiver should handle this + * request accordingly. + */ +#define FUSE_UNIQUE_RESEND (1ULL << 63) + struct fuse_in_header { uint32_t len; uint32_t opcode; @@ -1045,9 +1069,18 @@ struct fuse_notify_retrieve_in { uint64_t dummy4; }; +struct fuse_backing_map { + int32_t fd; + uint32_t flags; + uint64_t padding; +}; + /* Device ioctls: */ #define FUSE_DEV_IOC_MAGIC 229 #define FUSE_DEV_IOC_CLONE _IOR(FUSE_DEV_IOC_MAGIC, 0, uint32_t) +#define FUSE_DEV_IOC_BACKING_OPEN _IOW(FUSE_DEV_IOC_MAGIC, 1, \ + struct fuse_backing_map) +#define FUSE_DEV_IOC_BACKING_CLOSE _IOW(FUSE_DEV_IOC_MAGIC, 2, uint32_t) struct fuse_lseek_in { uint64_t fh; diff --git a/include/standard-headers/linux/input-event-codes.h b/include/standard-headers/linux/input-event-codes.h index f6bab08540..2221b0c383 100644 --- a/include/standard-headers/linux/input-event-codes.h +++ b/include/standard-headers/linux/input-event-codes.h @@ -602,6 +602,7 @@ #define KEY_ALS_TOGGLE 0x230 /* Ambient light sensor */ #define KEY_ROTATE_LOCK_TOGGLE 0x231 /* Display rotation lock */ +#define KEY_REFRESH_RATE_TOGGLE 0x232 /* Display refresh rate toggle */ #define KEY_BUTTONCONFIG 0x240 /* AL Button Configuration */ #define KEY_TASKMANAGER 0x241 /* AL Task/Project Manager */ diff --git a/include/standard-headers/linux/virtio_gpu.h b/include/standard-headers/linux/virtio_gpu.h index 2da48d3d4c..2db643ed8f 100644 --- a/include/standard-headers/linux/virtio_gpu.h +++ b/include/standard-headers/linux/virtio_gpu.h @@ -309,6 +309,8 @@ struct virtio_gpu_cmd_submit { #define VIRTIO_GPU_CAPSET_VIRGL 1 #define VIRTIO_GPU_CAPSET_VIRGL2 2 +/* 3 is reserved for gfxstream */ +#define VIRTIO_GPU_CAPSET_VENUS 4 /* VIRTIO_GPU_CMD_GET_CAPSET_INFO */ struct virtio_gpu_get_capset_info { diff --git a/include/standard-headers/linux/virtio_snd.h b/include/standard-headers/linux/virtio_snd.h index 1af96b9fc6..860f12e0a4 100644 --- a/include/standard-headers/linux/virtio_snd.h +++ b/include/standard-headers/linux/virtio_snd.h @@ -7,6 +7,14 @@ #include "standard-headers/linux/virtio_types.h" +/******************************************************************************* + * FEATURE BITS + */ +enum { + /* device supports control elements */ + VIRTIO_SND_F_CTLS = 0 +}; + /******************************************************************************* * CONFIGURATION SPACE */ @@ -17,6 +25,8 @@ struct virtio_snd_config { uint32_t streams; /* # of available channel maps */ uint32_t chmaps; + /* # of available control elements */ + uint32_t controls; }; enum { @@ -55,6 +65,15 @@ enum { /* channel map control request types */ VIRTIO_SND_R_CHMAP_INFO = 0x0200, + /* control element request types */ + VIRTIO_SND_R_CTL_INFO = 0x0300, + VIRTIO_SND_R_CTL_ENUM_ITEMS, + VIRTIO_SND_R_CTL_READ, + VIRTIO_SND_R_CTL_WRITE, + VIRTIO_SND_R_CTL_TLV_READ, + VIRTIO_SND_R_CTL_TLV_WRITE, + VIRTIO_SND_R_CTL_TLV_COMMAND, + /* jack event types */ VIRTIO_SND_EVT_JACK_CONNECTED = 0x1000, VIRTIO_SND_EVT_JACK_DISCONNECTED, @@ -63,6 +82,9 @@ enum { VIRTIO_SND_EVT_PCM_PERIOD_ELAPSED = 0x1100, VIRTIO_SND_EVT_PCM_XRUN, + /* control element event types */ + VIRTIO_SND_EVT_CTL_NOTIFY = 0x1200, + /* common status codes */ VIRTIO_SND_S_OK = 0x8000, VIRTIO_SND_S_BAD_MSG, @@ -331,4 +353,136 @@ struct virtio_snd_chmap_info { uint8_t positions[VIRTIO_SND_CHMAP_MAX_SIZE]; }; +/******************************************************************************* + * CONTROL ELEMENTS MESSAGES + */ +struct virtio_snd_ctl_hdr { + /* VIRTIO_SND_R_CTL_XXX */ + struct virtio_snd_hdr hdr; + /* 0 ... virtio_snd_config::controls - 1 */ + uint32_t control_id; +}; + +/* supported roles for control elements */ +enum { + VIRTIO_SND_CTL_ROLE_UNDEFINED = 0, + VIRTIO_SND_CTL_ROLE_VOLUME, + VIRTIO_SND_CTL_ROLE_MUTE, + VIRTIO_SND_CTL_ROLE_GAIN +}; + +/* supported value types for control elements */ +enum { + VIRTIO_SND_CTL_TYPE_BOOLEAN = 0, + VIRTIO_SND_CTL_TYPE_INTEGER, + VIRTIO_SND_CTL_TYPE_INTEGER64, + VIRTIO_SND_CTL_TYPE_ENUMERATED, + VIRTIO_SND_CTL_TYPE_BYTES, + VIRTIO_SND_CTL_TYPE_IEC958 +}; + +/* supported access rights for control elements */ +enum { + VIRTIO_SND_CTL_ACCESS_READ = 0, + VIRTIO_SND_CTL_ACCESS_WRITE, + VIRTIO_SND_CTL_ACCESS_VOLATILE, + VIRTIO_SND_CTL_ACCESS_INACTIVE, + VIRTIO_SND_CTL_ACCESS_TLV_READ, + VIRTIO_SND_CTL_ACCESS_TLV_WRITE, + VIRTIO_SND_CTL_ACCESS_TLV_COMMAND +}; + +struct virtio_snd_ctl_info { + /* common header */ + struct virtio_snd_info hdr; + /* element role (VIRTIO_SND_CTL_ROLE_XXX) */ + uint32_t role; + /* element value type (VIRTIO_SND_CTL_TYPE_XXX) */ + uint32_t type; + /* element access right bit map (1 << VIRTIO_SND_CTL_ACCESS_XXX) */ + uint32_t access; + /* # of members in the element value */ + uint32_t count; + /* index for an element with a non-unique name */ + uint32_t index; + /* name identifier string for the element */ + uint8_t name[44]; + /* additional information about the element's value */ + union { + /* VIRTIO_SND_CTL_TYPE_INTEGER */ + struct { + /* minimum supported value */ + uint32_t min; + /* maximum supported value */ + uint32_t max; + /* fixed step size for value (0 = variable size) */ + uint32_t step; + } integer; + /* VIRTIO_SND_CTL_TYPE_INTEGER64 */ + struct { + /* minimum supported value */ + uint64_t min; + /* maximum supported value */ + uint64_t max; + /* fixed step size for value (0 = variable size) */ + uint64_t step; + } integer64; + /* VIRTIO_SND_CTL_TYPE_ENUMERATED */ + struct { + /* # of options supported for value */ + uint32_t items; + } enumerated; + } value; +}; + +struct virtio_snd_ctl_enum_item { + /* option name */ + uint8_t item[64]; +}; + +struct virtio_snd_ctl_iec958 { + /* AES/IEC958 channel status bits */ + uint8_t status[24]; + /* AES/IEC958 subcode bits */ + uint8_t subcode[147]; + /* nothing */ + uint8_t pad; + /* AES/IEC958 subframe bits */ + uint8_t dig_subframe[4]; +}; + +struct virtio_snd_ctl_value { + union { + /* VIRTIO_SND_CTL_TYPE_BOOLEAN|INTEGER value */ + uint32_t integer[128]; + /* VIRTIO_SND_CTL_TYPE_INTEGER64 value */ + uint64_t integer64[64]; + /* VIRTIO_SND_CTL_TYPE_ENUMERATED value (option indexes) */ + uint32_t enumerated[128]; + /* VIRTIO_SND_CTL_TYPE_BYTES value */ + uint8_t bytes[512]; + /* VIRTIO_SND_CTL_TYPE_IEC958 value */ + struct virtio_snd_ctl_iec958 iec958; + } value; +}; + +/* supported event reason types */ +enum { + /* element's value has changed */ + VIRTIO_SND_CTL_EVT_MASK_VALUE = 0, + /* element's information has changed */ + VIRTIO_SND_CTL_EVT_MASK_INFO, + /* element's metadata has changed */ + VIRTIO_SND_CTL_EVT_MASK_TLV +}; + +struct virtio_snd_ctl_event { + /* VIRTIO_SND_EVT_CTL_NOTIFY */ + struct virtio_snd_hdr hdr; + /* 0 ... virtio_snd_config::controls - 1 */ + uint16_t control_id; + /* event reason bit map (1 << VIRTIO_SND_CTL_EVT_MASK_XXX) */ + uint16_t mask; +}; + #endif /* VIRTIO_SND_IF_H */ diff --git a/linux-headers/asm-arm64/kvm.h b/linux-headers/asm-arm64/kvm.h index c59ea55cd8..2af9931ae9 100644 --- a/linux-headers/asm-arm64/kvm.h +++ b/linux-headers/asm-arm64/kvm.h @@ -37,9 +37,7 @@ #include #include -#define __KVM_HAVE_GUEST_DEBUG #define __KVM_HAVE_IRQ_LINE -#define __KVM_HAVE_READONLY_MEM #define __KVM_HAVE_VCPU_EVENTS #define KVM_COALESCED_MMIO_PAGE_OFFSET 1 @@ -76,11 +74,11 @@ struct kvm_regs { /* KVM_ARM_SET_DEVICE_ADDR ioctl id encoding */ #define KVM_ARM_DEVICE_TYPE_SHIFT 0 -#define KVM_ARM_DEVICE_TYPE_MASK GENMASK(KVM_ARM_DEVICE_TYPE_SHIFT + 15, \ - KVM_ARM_DEVICE_TYPE_SHIFT) +#define KVM_ARM_DEVICE_TYPE_MASK __GENMASK(KVM_ARM_DEVICE_TYPE_SHIFT + 15, \ + KVM_ARM_DEVICE_TYPE_SHIFT) #define KVM_ARM_DEVICE_ID_SHIFT 16 -#define KVM_ARM_DEVICE_ID_MASK GENMASK(KVM_ARM_DEVICE_ID_SHIFT + 15, \ - KVM_ARM_DEVICE_ID_SHIFT) +#define KVM_ARM_DEVICE_ID_MASK __GENMASK(KVM_ARM_DEVICE_ID_SHIFT + 15, \ + KVM_ARM_DEVICE_ID_SHIFT) /* Supported device IDs */ #define KVM_ARM_DEVICE_VGIC_V2 0 @@ -162,6 +160,11 @@ struct kvm_sync_regs { __u64 device_irq_level; }; +/* Bits for run->s.regs.device_irq_level */ +#define KVM_ARM_DEV_EL1_VTIMER (1 << 0) +#define KVM_ARM_DEV_EL1_PTIMER (1 << 1) +#define KVM_ARM_DEV_PMU (1 << 2) + /* * PMU filter structure. Describe a range of events with a particular * action. To be used with KVM_ARM_VCPU_PMU_V3_FILTER. diff --git a/linux-headers/asm-arm64/sve_context.h b/linux-headers/asm-arm64/sve_context.h index 1d0e3e1d09..d1b1ec8cb1 100644 --- a/linux-headers/asm-arm64/sve_context.h +++ b/linux-headers/asm-arm64/sve_context.h @@ -13,6 +13,17 @@ #define __SVE_VQ_BYTES 16 /* number of bytes per quadword */ +/* + * Yes, __SVE_VQ_MAX is 512 QUADWORDS. + * + * To help ensure forward portability, this is much larger than the + * current maximum value defined by the SVE architecture. While arrays + * or static allocations can be sized based on this value, watch out! + * It will waste a surprisingly large amount of memory. + * + * Dynamic sizing based on the actual runtime vector length is likely to + * be preferable for most purposes. + */ #define __SVE_VQ_MIN 1 #define __SVE_VQ_MAX 512 diff --git a/linux-headers/asm-generic/bitsperlong.h b/linux-headers/asm-generic/bitsperlong.h index 75f320fa91..1fb4f0c9f2 100644 --- a/linux-headers/asm-generic/bitsperlong.h +++ b/linux-headers/asm-generic/bitsperlong.h @@ -24,4 +24,8 @@ #endif #endif +#ifndef __BITS_PER_LONG_LONG +#define __BITS_PER_LONG_LONG 64 +#endif + #endif /* __ASM_GENERIC_BITS_PER_LONG */ diff --git a/linux-headers/asm-loongarch/kvm.h b/linux-headers/asm-loongarch/kvm.h index 923d0bd382..109785922c 100644 --- a/linux-headers/asm-loongarch/kvm.h +++ b/linux-headers/asm-loongarch/kvm.h @@ -14,8 +14,6 @@ * Some parts derived from the x86 version of this file. */ -#define __KVM_HAVE_READONLY_MEM - #define KVM_COALESCED_MMIO_PAGE_OFFSET 1 #define KVM_DIRTY_LOG_PAGE_OFFSET 64 diff --git a/linux-headers/asm-mips/kvm.h b/linux-headers/asm-mips/kvm.h index edcf717c43..9673dc9cb3 100644 --- a/linux-headers/asm-mips/kvm.h +++ b/linux-headers/asm-mips/kvm.h @@ -20,8 +20,6 @@ * Some parts derived from the x86 version of this file. */ -#define __KVM_HAVE_READONLY_MEM - #define KVM_COALESCED_MMIO_PAGE_OFFSET 1 /* diff --git a/linux-headers/asm-powerpc/kvm.h b/linux-headers/asm-powerpc/kvm.h index 9f18fa090f..1691297a76 100644 --- a/linux-headers/asm-powerpc/kvm.h +++ b/linux-headers/asm-powerpc/kvm.h @@ -28,7 +28,6 @@ #define __KVM_HAVE_PPC_SMT #define __KVM_HAVE_IRQCHIP #define __KVM_HAVE_IRQ_LINE -#define __KVM_HAVE_GUEST_DEBUG /* Not always available, but if it is, this is the correct offset. */ #define KVM_COALESCED_MMIO_PAGE_OFFSET 1 @@ -733,4 +732,48 @@ struct kvm_ppc_xive_eq { #define KVM_XIVE_TIMA_PAGE_OFFSET 0 #define KVM_XIVE_ESB_PAGE_OFFSET 4 +/* for KVM_PPC_GET_PVINFO */ + +#define KVM_PPC_PVINFO_FLAGS_EV_IDLE (1<<0) + +struct kvm_ppc_pvinfo { + /* out */ + __u32 flags; + __u32 hcall[4]; + __u8 pad[108]; +}; + +/* for KVM_PPC_GET_SMMU_INFO */ +#define KVM_PPC_PAGE_SIZES_MAX_SZ 8 + +struct kvm_ppc_one_page_size { + __u32 page_shift; /* Page shift (or 0) */ + __u32 pte_enc; /* Encoding in the HPTE (>>12) */ +}; + +struct kvm_ppc_one_seg_page_size { + __u32 page_shift; /* Base page shift of segment (or 0) */ + __u32 slb_enc; /* SLB encoding for BookS */ + struct kvm_ppc_one_page_size enc[KVM_PPC_PAGE_SIZES_MAX_SZ]; +}; + +#define KVM_PPC_PAGE_SIZES_REAL 0x00000001 +#define KVM_PPC_1T_SEGMENTS 0x00000002 +#define KVM_PPC_NO_HASH 0x00000004 + +struct kvm_ppc_smmu_info { + __u64 flags; + __u32 slb_size; + __u16 data_keys; /* # storage keys supported for data */ + __u16 instr_keys; /* # storage keys supported for instructions */ + struct kvm_ppc_one_seg_page_size sps[KVM_PPC_PAGE_SIZES_MAX_SZ]; +}; + +/* for KVM_PPC_RESIZE_HPT_{PREPARE,COMMIT} */ +struct kvm_ppc_resize_hpt { + __u64 flags; + __u32 shift; + __u32 pad; +}; + #endif /* __LINUX_KVM_POWERPC_H */ diff --git a/linux-headers/asm-riscv/kvm.h b/linux-headers/asm-riscv/kvm.h index 7499e88a94..b1c503c295 100644 --- a/linux-headers/asm-riscv/kvm.h +++ b/linux-headers/asm-riscv/kvm.h @@ -16,7 +16,6 @@ #include #define __KVM_HAVE_IRQ_LINE -#define __KVM_HAVE_READONLY_MEM #define KVM_COALESCED_MMIO_PAGE_OFFSET 1 @@ -166,6 +165,8 @@ enum KVM_RISCV_ISA_EXT_ID { KVM_RISCV_ISA_EXT_ZVFH, KVM_RISCV_ISA_EXT_ZVFHMIN, KVM_RISCV_ISA_EXT_ZFA, + KVM_RISCV_ISA_EXT_ZTSO, + KVM_RISCV_ISA_EXT_ZACAS, KVM_RISCV_ISA_EXT_MAX, }; diff --git a/linux-headers/asm-s390/kvm.h b/linux-headers/asm-s390/kvm.h index 023a2763a9..684c4e1205 100644 --- a/linux-headers/asm-s390/kvm.h +++ b/linux-headers/asm-s390/kvm.h @@ -12,7 +12,320 @@ #include #define __KVM_S390 -#define __KVM_HAVE_GUEST_DEBUG + +struct kvm_s390_skeys { + __u64 start_gfn; + __u64 count; + __u64 skeydata_addr; + __u32 flags; + __u32 reserved[9]; +}; + +#define KVM_S390_CMMA_PEEK (1 << 0) + +/** + * kvm_s390_cmma_log - Used for CMMA migration. + * + * Used both for input and output. + * + * @start_gfn: Guest page number to start from. + * @count: Size of the result buffer. + * @flags: Control operation mode via KVM_S390_CMMA_* flags + * @remaining: Used with KVM_S390_GET_CMMA_BITS. Indicates how many dirty + * pages are still remaining. + * @mask: Used with KVM_S390_SET_CMMA_BITS. Bitmap of bits to actually set + * in the PGSTE. + * @values: Pointer to the values buffer. + * + * Used in KVM_S390_{G,S}ET_CMMA_BITS ioctls. + */ +struct kvm_s390_cmma_log { + __u64 start_gfn; + __u32 count; + __u32 flags; + union { + __u64 remaining; + __u64 mask; + }; + __u64 values; +}; + +#define KVM_S390_RESET_POR 1 +#define KVM_S390_RESET_CLEAR 2 +#define KVM_S390_RESET_SUBSYSTEM 4 +#define KVM_S390_RESET_CPU_INIT 8 +#define KVM_S390_RESET_IPL 16 + +/* for KVM_S390_MEM_OP */ +struct kvm_s390_mem_op { + /* in */ + __u64 gaddr; /* the guest address */ + __u64 flags; /* flags */ + __u32 size; /* amount of bytes */ + __u32 op; /* type of operation */ + __u64 buf; /* buffer in userspace */ + union { + struct { + __u8 ar; /* the access register number */ + __u8 key; /* access key, ignored if flag unset */ + __u8 pad1[6]; /* ignored */ + __u64 old_addr; /* ignored if cmpxchg flag unset */ + }; + __u32 sida_offset; /* offset into the sida */ + __u8 reserved[32]; /* ignored */ + }; +}; +/* types for kvm_s390_mem_op->op */ +#define KVM_S390_MEMOP_LOGICAL_READ 0 +#define KVM_S390_MEMOP_LOGICAL_WRITE 1 +#define KVM_S390_MEMOP_SIDA_READ 2 +#define KVM_S390_MEMOP_SIDA_WRITE 3 +#define KVM_S390_MEMOP_ABSOLUTE_READ 4 +#define KVM_S390_MEMOP_ABSOLUTE_WRITE 5 +#define KVM_S390_MEMOP_ABSOLUTE_CMPXCHG 6 + +/* flags for kvm_s390_mem_op->flags */ +#define KVM_S390_MEMOP_F_CHECK_ONLY (1ULL << 0) +#define KVM_S390_MEMOP_F_INJECT_EXCEPTION (1ULL << 1) +#define KVM_S390_MEMOP_F_SKEY_PROTECTION (1ULL << 2) + +/* flags specifying extension support via KVM_CAP_S390_MEM_OP_EXTENSION */ +#define KVM_S390_MEMOP_EXTENSION_CAP_BASE (1 << 0) +#define KVM_S390_MEMOP_EXTENSION_CAP_CMPXCHG (1 << 1) + +struct kvm_s390_psw { + __u64 mask; + __u64 addr; +}; + +/* valid values for type in kvm_s390_interrupt */ +#define KVM_S390_SIGP_STOP 0xfffe0000u +#define KVM_S390_PROGRAM_INT 0xfffe0001u +#define KVM_S390_SIGP_SET_PREFIX 0xfffe0002u +#define KVM_S390_RESTART 0xfffe0003u +#define KVM_S390_INT_PFAULT_INIT 0xfffe0004u +#define KVM_S390_INT_PFAULT_DONE 0xfffe0005u +#define KVM_S390_MCHK 0xfffe1000u +#define KVM_S390_INT_CLOCK_COMP 0xffff1004u +#define KVM_S390_INT_CPU_TIMER 0xffff1005u +#define KVM_S390_INT_VIRTIO 0xffff2603u +#define KVM_S390_INT_SERVICE 0xffff2401u +#define KVM_S390_INT_EMERGENCY 0xffff1201u +#define KVM_S390_INT_EXTERNAL_CALL 0xffff1202u +/* Anything below 0xfffe0000u is taken by INT_IO */ +#define KVM_S390_INT_IO(ai,cssid,ssid,schid) \ + (((schid)) | \ + ((ssid) << 16) | \ + ((cssid) << 18) | \ + ((ai) << 26)) +#define KVM_S390_INT_IO_MIN 0x00000000u +#define KVM_S390_INT_IO_MAX 0xfffdffffu +#define KVM_S390_INT_IO_AI_MASK 0x04000000u + + +struct kvm_s390_interrupt { + __u32 type; + __u32 parm; + __u64 parm64; +}; + +struct kvm_s390_io_info { + __u16 subchannel_id; + __u16 subchannel_nr; + __u32 io_int_parm; + __u32 io_int_word; +}; + +struct kvm_s390_ext_info { + __u32 ext_params; + __u32 pad; + __u64 ext_params2; +}; + +struct kvm_s390_pgm_info { + __u64 trans_exc_code; + __u64 mon_code; + __u64 per_address; + __u32 data_exc_code; + __u16 code; + __u16 mon_class_nr; + __u8 per_code; + __u8 per_atmid; + __u8 exc_access_id; + __u8 per_access_id; + __u8 op_access_id; +#define KVM_S390_PGM_FLAGS_ILC_VALID 0x01 +#define KVM_S390_PGM_FLAGS_ILC_0 0x02 +#define KVM_S390_PGM_FLAGS_ILC_1 0x04 +#define KVM_S390_PGM_FLAGS_ILC_MASK 0x06 +#define KVM_S390_PGM_FLAGS_NO_REWIND 0x08 + __u8 flags; + __u8 pad[2]; +}; + +struct kvm_s390_prefix_info { + __u32 address; +}; + +struct kvm_s390_extcall_info { + __u16 code; +}; + +struct kvm_s390_emerg_info { + __u16 code; +}; + +#define KVM_S390_STOP_FLAG_STORE_STATUS 0x01 +struct kvm_s390_stop_info { + __u32 flags; +}; + +struct kvm_s390_mchk_info { + __u64 cr14; + __u64 mcic; + __u64 failing_storage_address; + __u32 ext_damage_code; + __u32 pad; + __u8 fixed_logout[16]; +}; + +struct kvm_s390_irq { + __u64 type; + union { + struct kvm_s390_io_info io; + struct kvm_s390_ext_info ext; + struct kvm_s390_pgm_info pgm; + struct kvm_s390_emerg_info emerg; + struct kvm_s390_extcall_info extcall; + struct kvm_s390_prefix_info prefix; + struct kvm_s390_stop_info stop; + struct kvm_s390_mchk_info mchk; + char reserved[64]; + } u; +}; + +struct kvm_s390_irq_state { + __u64 buf; + __u32 flags; /* will stay unused for compatibility reasons */ + __u32 len; + __u32 reserved[4]; /* will stay unused for compatibility reasons */ +}; + +struct kvm_s390_ucas_mapping { + __u64 user_addr; + __u64 vcpu_addr; + __u64 length; +}; + +struct kvm_s390_pv_sec_parm { + __u64 origin; + __u64 length; +}; + +struct kvm_s390_pv_unp { + __u64 addr; + __u64 size; + __u64 tweak; +}; + +enum pv_cmd_dmp_id { + KVM_PV_DUMP_INIT, + KVM_PV_DUMP_CONFIG_STOR_STATE, + KVM_PV_DUMP_COMPLETE, + KVM_PV_DUMP_CPU, +}; + +struct kvm_s390_pv_dmp { + __u64 subcmd; + __u64 buff_addr; + __u64 buff_len; + __u64 gaddr; /* For dump storage state */ + __u64 reserved[4]; +}; + +enum pv_cmd_info_id { + KVM_PV_INFO_VM, + KVM_PV_INFO_DUMP, +}; + +struct kvm_s390_pv_info_dump { + __u64 dump_cpu_buffer_len; + __u64 dump_config_mem_buffer_per_1m; + __u64 dump_config_finalize_len; +}; + +struct kvm_s390_pv_info_vm { + __u64 inst_calls_list[4]; + __u64 max_cpus; + __u64 max_guests; + __u64 max_guest_addr; + __u64 feature_indication; +}; + +struct kvm_s390_pv_info_header { + __u32 id; + __u32 len_max; + __u32 len_written; + __u32 reserved; +}; + +struct kvm_s390_pv_info { + struct kvm_s390_pv_info_header header; + union { + struct kvm_s390_pv_info_dump dump; + struct kvm_s390_pv_info_vm vm; + }; +}; + +enum pv_cmd_id { + KVM_PV_ENABLE, + KVM_PV_DISABLE, + KVM_PV_SET_SEC_PARMS, + KVM_PV_UNPACK, + KVM_PV_VERIFY, + KVM_PV_PREP_RESET, + KVM_PV_UNSHARE_ALL, + KVM_PV_INFO, + KVM_PV_DUMP, + KVM_PV_ASYNC_CLEANUP_PREPARE, + KVM_PV_ASYNC_CLEANUP_PERFORM, +}; + +struct kvm_pv_cmd { + __u32 cmd; /* Command to be executed */ + __u16 rc; /* Ultravisor return code */ + __u16 rrc; /* Ultravisor return reason code */ + __u64 data; /* Data or address */ + __u32 flags; /* flags for future extensions. Must be 0 for now */ + __u32 reserved[3]; +}; + +struct kvm_s390_zpci_op { + /* in */ + __u32 fh; /* target device */ + __u8 op; /* operation to perform */ + __u8 pad[3]; + union { + /* for KVM_S390_ZPCIOP_REG_AEN */ + struct { + __u64 ibv; /* Guest addr of interrupt bit vector */ + __u64 sb; /* Guest addr of summary bit */ + __u32 flags; + __u32 noi; /* Number of interrupts */ + __u8 isc; /* Guest interrupt subclass */ + __u8 sbo; /* Offset of guest summary bit vector */ + __u16 pad; + } reg_aen; + __u64 reserved[8]; + } u; +}; + +/* types for kvm_s390_zpci_op->op */ +#define KVM_S390_ZPCIOP_REG_AEN 0 +#define KVM_S390_ZPCIOP_DEREG_AEN 1 + +/* flags for kvm_s390_zpci_op->u.reg_aen.flags */ +#define KVM_S390_ZPCIOP_REGAEN_HOST (1 << 0) /* Device control API: s390-specific devices */ #define KVM_DEV_FLIC_GET_ALL_IRQS 1 diff --git a/linux-headers/asm-x86/kvm.h b/linux-headers/asm-x86/kvm.h index 003fb74534..a551e44b1c 100644 --- a/linux-headers/asm-x86/kvm.h +++ b/linux-headers/asm-x86/kvm.h @@ -7,6 +7,8 @@ * */ +#include +#include #include #include #include @@ -40,7 +42,6 @@ #define __KVM_HAVE_IRQ_LINE #define __KVM_HAVE_MSI #define __KVM_HAVE_USER_NMI -#define __KVM_HAVE_GUEST_DEBUG #define __KVM_HAVE_MSIX #define __KVM_HAVE_MCE #define __KVM_HAVE_PIT_STATE2 @@ -49,7 +50,6 @@ #define __KVM_HAVE_DEBUGREGS #define __KVM_HAVE_XSAVE #define __KVM_HAVE_XCRS -#define __KVM_HAVE_READONLY_MEM /* Architectural interrupt line count. */ #define KVM_NR_INTERRUPTS 256 @@ -457,6 +457,7 @@ struct kvm_sync_regs { /* attributes for system fd (group 0) */ #define KVM_X86_XCOMP_GUEST_SUPP 0 +#define KVM_X86_SEV_VMSA_FEATURES 1 struct kvm_vmx_nested_state_data { __u8 vmcs12[KVM_STATE_NESTED_VMX_VMCS_SIZE]; @@ -524,9 +525,353 @@ struct kvm_pmu_event_filter { #define KVM_PMU_EVENT_ALLOW 0 #define KVM_PMU_EVENT_DENY 1 -#define KVM_PMU_EVENT_FLAG_MASKED_EVENTS BIT(0) +#define KVM_PMU_EVENT_FLAG_MASKED_EVENTS _BITUL(0) #define KVM_PMU_EVENT_FLAGS_VALID_MASK (KVM_PMU_EVENT_FLAG_MASKED_EVENTS) +/* for KVM_CAP_MCE */ +struct kvm_x86_mce { + __u64 status; + __u64 addr; + __u64 misc; + __u64 mcg_status; + __u8 bank; + __u8 pad1[7]; + __u64 pad2[3]; +}; + +/* for KVM_CAP_XEN_HVM */ +#define KVM_XEN_HVM_CONFIG_HYPERCALL_MSR (1 << 0) +#define KVM_XEN_HVM_CONFIG_INTERCEPT_HCALL (1 << 1) +#define KVM_XEN_HVM_CONFIG_SHARED_INFO (1 << 2) +#define KVM_XEN_HVM_CONFIG_RUNSTATE (1 << 3) +#define KVM_XEN_HVM_CONFIG_EVTCHN_2LEVEL (1 << 4) +#define KVM_XEN_HVM_CONFIG_EVTCHN_SEND (1 << 5) +#define KVM_XEN_HVM_CONFIG_RUNSTATE_UPDATE_FLAG (1 << 6) +#define KVM_XEN_HVM_CONFIG_PVCLOCK_TSC_UNSTABLE (1 << 7) +#define KVM_XEN_HVM_CONFIG_SHARED_INFO_HVA (1 << 8) + +struct kvm_xen_hvm_config { + __u32 flags; + __u32 msr; + __u64 blob_addr_32; + __u64 blob_addr_64; + __u8 blob_size_32; + __u8 blob_size_64; + __u8 pad2[30]; +}; + +struct kvm_xen_hvm_attr { + __u16 type; + __u16 pad[3]; + union { + __u8 long_mode; + __u8 vector; + __u8 runstate_update_flag; + union { + __u64 gfn; +#define KVM_XEN_INVALID_GFN ((__u64)-1) + __u64 hva; + } shared_info; + struct { + __u32 send_port; + __u32 type; /* EVTCHNSTAT_ipi / EVTCHNSTAT_interdomain */ + __u32 flags; +#define KVM_XEN_EVTCHN_DEASSIGN (1 << 0) +#define KVM_XEN_EVTCHN_UPDATE (1 << 1) +#define KVM_XEN_EVTCHN_RESET (1 << 2) + /* + * Events sent by the guest are either looped back to + * the guest itself (potentially on a different port#) + * or signalled via an eventfd. + */ + union { + struct { + __u32 port; + __u32 vcpu; + __u32 priority; + } port; + struct { + __u32 port; /* Zero for eventfd */ + __s32 fd; + } eventfd; + __u32 padding[4]; + } deliver; + } evtchn; + __u32 xen_version; + __u64 pad[8]; + } u; +}; + + +/* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_SHARED_INFO */ +#define KVM_XEN_ATTR_TYPE_LONG_MODE 0x0 +#define KVM_XEN_ATTR_TYPE_SHARED_INFO 0x1 +#define KVM_XEN_ATTR_TYPE_UPCALL_VECTOR 0x2 +/* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_EVTCHN_SEND */ +#define KVM_XEN_ATTR_TYPE_EVTCHN 0x3 +#define KVM_XEN_ATTR_TYPE_XEN_VERSION 0x4 +/* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_RUNSTATE_UPDATE_FLAG */ +#define KVM_XEN_ATTR_TYPE_RUNSTATE_UPDATE_FLAG 0x5 +/* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_SHARED_INFO_HVA */ +#define KVM_XEN_ATTR_TYPE_SHARED_INFO_HVA 0x6 + +struct kvm_xen_vcpu_attr { + __u16 type; + __u16 pad[3]; + union { + __u64 gpa; +#define KVM_XEN_INVALID_GPA ((__u64)-1) + __u64 hva; + __u64 pad[8]; + struct { + __u64 state; + __u64 state_entry_time; + __u64 time_running; + __u64 time_runnable; + __u64 time_blocked; + __u64 time_offline; + } runstate; + __u32 vcpu_id; + struct { + __u32 port; + __u32 priority; + __u64 expires_ns; + } timer; + __u8 vector; + } u; +}; + +/* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_SHARED_INFO */ +#define KVM_XEN_VCPU_ATTR_TYPE_VCPU_INFO 0x0 +#define KVM_XEN_VCPU_ATTR_TYPE_VCPU_TIME_INFO 0x1 +#define KVM_XEN_VCPU_ATTR_TYPE_RUNSTATE_ADDR 0x2 +#define KVM_XEN_VCPU_ATTR_TYPE_RUNSTATE_CURRENT 0x3 +#define KVM_XEN_VCPU_ATTR_TYPE_RUNSTATE_DATA 0x4 +#define KVM_XEN_VCPU_ATTR_TYPE_RUNSTATE_ADJUST 0x5 +/* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_EVTCHN_SEND */ +#define KVM_XEN_VCPU_ATTR_TYPE_VCPU_ID 0x6 +#define KVM_XEN_VCPU_ATTR_TYPE_TIMER 0x7 +#define KVM_XEN_VCPU_ATTR_TYPE_UPCALL_VECTOR 0x8 +/* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_SHARED_INFO_HVA */ +#define KVM_XEN_VCPU_ATTR_TYPE_VCPU_INFO_HVA 0x9 + +/* Secure Encrypted Virtualization command */ +enum sev_cmd_id { + /* Guest initialization commands */ + KVM_SEV_INIT = 0, + KVM_SEV_ES_INIT, + /* Guest launch commands */ + KVM_SEV_LAUNCH_START, + KVM_SEV_LAUNCH_UPDATE_DATA, + KVM_SEV_LAUNCH_UPDATE_VMSA, + KVM_SEV_LAUNCH_SECRET, + KVM_SEV_LAUNCH_MEASURE, + KVM_SEV_LAUNCH_FINISH, + /* Guest migration commands (outgoing) */ + KVM_SEV_SEND_START, + KVM_SEV_SEND_UPDATE_DATA, + KVM_SEV_SEND_UPDATE_VMSA, + KVM_SEV_SEND_FINISH, + /* Guest migration commands (incoming) */ + KVM_SEV_RECEIVE_START, + KVM_SEV_RECEIVE_UPDATE_DATA, + KVM_SEV_RECEIVE_UPDATE_VMSA, + KVM_SEV_RECEIVE_FINISH, + /* Guest status and debug commands */ + KVM_SEV_GUEST_STATUS, + KVM_SEV_DBG_DECRYPT, + KVM_SEV_DBG_ENCRYPT, + /* Guest certificates commands */ + KVM_SEV_CERT_EXPORT, + /* Attestation report */ + KVM_SEV_GET_ATTESTATION_REPORT, + /* Guest Migration Extension */ + KVM_SEV_SEND_CANCEL, + + /* Second time is the charm; improved versions of the above ioctls. */ + KVM_SEV_INIT2, + + /* SNP-specific commands */ + KVM_SEV_SNP_INIT, + KVM_SEV_SNP_LAUNCH_START, + KVM_SEV_SNP_LAUNCH_UPDATE, + KVM_SEV_SNP_LAUNCH_FINISH, + + KVM_SEV_NR_MAX, +}; + +struct kvm_sev_cmd { + __u32 id; + __u32 pad0; + __u64 data; + __u32 error; + __u32 sev_fd; +}; + +struct kvm_sev_init { + __u64 vmsa_features; + __u32 flags; + __u32 pad[9]; +}; + +struct kvm_sev_launch_start { + __u32 handle; + __u32 policy; + __u64 dh_uaddr; + __u32 dh_len; + __u32 pad0; + __u64 session_uaddr; + __u32 session_len; + __u32 pad1; +}; + +struct kvm_sev_launch_update_data { + __u64 uaddr; + __u32 len; + __u32 pad0; +}; + + +struct kvm_sev_launch_secret { + __u64 hdr_uaddr; + __u32 hdr_len; + __u32 pad0; + __u64 guest_uaddr; + __u32 guest_len; + __u32 pad1; + __u64 trans_uaddr; + __u32 trans_len; + __u32 pad2; +}; + +struct kvm_sev_launch_measure { + __u64 uaddr; + __u32 len; + __u32 pad0; +}; + +struct kvm_sev_guest_status { + __u32 handle; + __u32 policy; + __u32 state; +}; + +struct kvm_sev_dbg { + __u64 src_uaddr; + __u64 dst_uaddr; + __u32 len; + __u32 pad0; +}; + +struct kvm_sev_attestation_report { + __u8 mnonce[16]; + __u64 uaddr; + __u32 len; + __u32 pad0; +}; + +struct kvm_sev_send_start { + __u32 policy; + __u32 pad0; + __u64 pdh_cert_uaddr; + __u32 pdh_cert_len; + __u32 pad1; + __u64 plat_certs_uaddr; + __u32 plat_certs_len; + __u32 pad2; + __u64 amd_certs_uaddr; + __u32 amd_certs_len; + __u32 pad3; + __u64 session_uaddr; + __u32 session_len; + __u32 pad4; +}; + +struct kvm_sev_send_update_data { + __u64 hdr_uaddr; + __u32 hdr_len; + __u32 pad0; + __u64 guest_uaddr; + __u32 guest_len; + __u32 pad1; + __u64 trans_uaddr; + __u32 trans_len; + __u32 pad2; +}; + +struct kvm_sev_receive_start { + __u32 handle; + __u32 policy; + __u64 pdh_uaddr; + __u32 pdh_len; + __u32 pad0; + __u64 session_uaddr; + __u32 session_len; + __u32 pad1; +}; + +struct kvm_sev_receive_update_data { + __u64 hdr_uaddr; + __u32 hdr_len; + __u32 pad0; + __u64 guest_uaddr; + __u32 guest_len; + __u32 pad1; + __u64 trans_uaddr; + __u32 trans_len; + __u32 pad2; +}; + +/* TODO: use a common struct via KVM_SEV_INIT2 */ +struct kvm_snp_init { + __u64 flags; +}; + +struct kvm_sev_snp_launch_start { + __u64 policy; + __u8 gosvw[16]; +}; + +/* Kept in sync with firmware values for simplicity. */ +#define KVM_SEV_SNP_PAGE_TYPE_NORMAL 0x1 +#define KVM_SEV_SNP_PAGE_TYPE_ZERO 0x3 +#define KVM_SEV_SNP_PAGE_TYPE_UNMEASURED 0x4 +#define KVM_SEV_SNP_PAGE_TYPE_SECRETS 0x5 +#define KVM_SEV_SNP_PAGE_TYPE_CPUID 0x6 + +struct kvm_sev_snp_launch_update { + __u64 gfn_start; + __u64 uaddr; + __u32 len; + __u8 type; +}; + +#define KVM_SEV_SNP_ID_BLOCK_SIZE 96 +#define KVM_SEV_SNP_ID_AUTH_SIZE 4096 +#define KVM_SEV_SNP_FINISH_DATA_SIZE 32 + +struct kvm_sev_snp_launch_finish { + __u64 id_block_uaddr; + __u64 id_auth_uaddr; + __u8 id_block_en; + __u8 auth_key_en; + __u8 host_data[KVM_SEV_SNP_FINISH_DATA_SIZE]; + __u8 pad[6]; +}; + +#define KVM_X2APIC_API_USE_32BIT_IDS (1ULL << 0) +#define KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK (1ULL << 1) + +struct kvm_hyperv_eventfd { + __u32 conn_id; + __s32 fd; + __u32 flags; + __u32 padding[3]; +}; + +#define KVM_HYPERV_CONN_ID_MASK 0x00ffffff +#define KVM_HYPERV_EVENTFD_DEASSIGN (1 << 0) + /* * Masked event layout. * Bits Description @@ -547,10 +892,10 @@ struct kvm_pmu_event_filter { ((__u64)(!!(exclude)) << 55)) #define KVM_PMU_MASKED_ENTRY_EVENT_SELECT \ - (GENMASK_ULL(7, 0) | GENMASK_ULL(35, 32)) -#define KVM_PMU_MASKED_ENTRY_UMASK_MASK (GENMASK_ULL(63, 56)) -#define KVM_PMU_MASKED_ENTRY_UMASK_MATCH (GENMASK_ULL(15, 8)) -#define KVM_PMU_MASKED_ENTRY_EXCLUDE (BIT_ULL(55)) + (__GENMASK_ULL(7, 0) | __GENMASK_ULL(35, 32)) +#define KVM_PMU_MASKED_ENTRY_UMASK_MASK (__GENMASK_ULL(63, 56)) +#define KVM_PMU_MASKED_ENTRY_UMASK_MATCH (__GENMASK_ULL(15, 8)) +#define KVM_PMU_MASKED_ENTRY_EXCLUDE (_BITULL(55)) #define KVM_PMU_MASKED_ENTRY_UMASK_MASK_SHIFT (56) /* for KVM_{GET,SET,HAS}_DEVICE_ATTR */ @@ -558,9 +903,12 @@ struct kvm_pmu_event_filter { #define KVM_VCPU_TSC_OFFSET 0 /* attribute for the TSC offset */ /* x86-specific KVM_EXIT_HYPERCALL flags. */ -#define KVM_EXIT_HYPERCALL_LONG_MODE BIT(0) +#define KVM_EXIT_HYPERCALL_LONG_MODE _BITULL(0) #define KVM_X86_DEFAULT_VM 0 #define KVM_X86_SW_PROTECTED_VM 1 +#define KVM_X86_SEV_VM 2 +#define KVM_X86_SEV_ES_VM 3 +#define KVM_X86_SNP_VM 4 #endif /* _ASM_X86_KVM_H */ diff --git a/linux-headers/asm-x86/setup_data.h b/linux-headers/asm-x86/setup_data.h new file mode 100644 index 0000000000..09355f54c5 --- /dev/null +++ b/linux-headers/asm-x86/setup_data.h @@ -0,0 +1,83 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +#ifndef _ASM_X86_SETUP_DATA_H +#define _ASM_X86_SETUP_DATA_H + +/* setup_data/setup_indirect types */ +#define SETUP_NONE 0 +#define SETUP_E820_EXT 1 +#define SETUP_DTB 2 +#define SETUP_PCI 3 +#define SETUP_EFI 4 +#define SETUP_APPLE_PROPERTIES 5 +#define SETUP_JAILHOUSE 6 +#define SETUP_CC_BLOB 7 +#define SETUP_IMA 8 +#define SETUP_RNG_SEED 9 +#define SETUP_ENUM_MAX SETUP_RNG_SEED + +#define SETUP_INDIRECT (1<<31) +#define SETUP_TYPE_MAX (SETUP_ENUM_MAX | SETUP_INDIRECT) + +#ifndef __ASSEMBLY__ + +#include "standard-headers/linux/types.h" + +/* extensible setup data list node */ +struct setup_data { + uint64_t next; + uint32_t type; + uint32_t len; + uint8_t data[]; +}; + +/* extensible setup indirect data node */ +struct setup_indirect { + uint32_t type; + uint32_t reserved; /* Reserved, must be set to zero. */ + uint64_t len; + uint64_t addr; +}; + +/* + * The E820 memory region entry of the boot protocol ABI: + */ +struct boot_e820_entry { + uint64_t addr; + uint64_t size; + uint32_t type; +} QEMU_PACKED; + +/* + * The boot loader is passing platform information via this Jailhouse-specific + * setup data structure. + */ +struct jailhouse_setup_data { + struct { + uint16_t version; + uint16_t compatible_version; + } QEMU_PACKED hdr; + struct { + uint16_t pm_timer_address; + uint16_t num_cpus; + uint64_t pci_mmconfig_base; + uint32_t tsc_khz; + uint32_t apic_khz; + uint8_t standard_ioapic; + uint8_t cpu_ids[255]; + } QEMU_PACKED v1; + struct { + uint32_t flags; + } QEMU_PACKED v2; +} QEMU_PACKED; + +/* + * IMA buffer setup data information from the previous kernel during kexec + */ +struct ima_setup_data { + uint64_t addr; + uint64_t size; +} QEMU_PACKED; + +#endif /* __ASSEMBLY__ */ + +#endif /* _ASM_X86_SETUP_DATA_H */ diff --git a/linux-headers/linux/bits.h b/linux-headers/linux/bits.h new file mode 100644 index 0000000000..d9897771be --- /dev/null +++ b/linux-headers/linux/bits.h @@ -0,0 +1,15 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +/* bits.h: Macros for dealing with bitmasks. */ + +#ifndef _LINUX_BITS_H +#define _LINUX_BITS_H + +#define __GENMASK(h, l) \ + (((~_UL(0)) - (_UL(1) << (l)) + 1) & \ + (~_UL(0) >> (__BITS_PER_LONG - 1 - (h)))) + +#define __GENMASK_ULL(h, l) \ + (((~_ULL(0)) - (_ULL(1) << (l)) + 1) & \ + (~_ULL(0) >> (__BITS_PER_LONG_LONG - 1 - (h)))) + +#endif /* _LINUX_BITS_H */ diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h index 17839229b2..629a015e4e 100644 --- a/linux-headers/linux/kvm.h +++ b/linux-headers/linux/kvm.h @@ -16,6 +16,11 @@ #define KVM_API_VERSION 12 +/* + * Backwards-compatible definitions. + */ +#define __KVM_HAVE_GUEST_DEBUG + /* for KVM_SET_USER_MEMORY_REGION */ struct kvm_userspace_memory_region { __u32 slot; @@ -85,43 +90,6 @@ struct kvm_pit_config { #define KVM_PIT_SPEAKER_DUMMY 1 -struct kvm_s390_skeys { - __u64 start_gfn; - __u64 count; - __u64 skeydata_addr; - __u32 flags; - __u32 reserved[9]; -}; - -#define KVM_S390_CMMA_PEEK (1 << 0) - -/** - * kvm_s390_cmma_log - Used for CMMA migration. - * - * Used both for input and output. - * - * @start_gfn: Guest page number to start from. - * @count: Size of the result buffer. - * @flags: Control operation mode via KVM_S390_CMMA_* flags - * @remaining: Used with KVM_S390_GET_CMMA_BITS. Indicates how many dirty - * pages are still remaining. - * @mask: Used with KVM_S390_SET_CMMA_BITS. Bitmap of bits to actually set - * in the PGSTE. - * @values: Pointer to the values buffer. - * - * Used in KVM_S390_{G,S}ET_CMMA_BITS ioctls. - */ -struct kvm_s390_cmma_log { - __u64 start_gfn; - __u32 count; - __u32 flags; - union { - __u64 remaining; - __u64 mask; - }; - __u64 values; -}; - struct kvm_hyperv_exit { #define KVM_EXIT_HYPERV_SYNIC 1 #define KVM_EXIT_HYPERV_HCALL 2 @@ -167,6 +135,31 @@ struct kvm_xen_exit { } u; }; +struct kvm_user_vmgexit { +#define KVM_USER_VMGEXIT_PSC_MSR 1 +#define KVM_USER_VMGEXIT_PSC 2 +#define KVM_USER_VMGEXIT_EXT_GUEST_REQ 3 + __u32 type; /* KVM_USER_VMGEXIT_* type */ + union { + struct { + __u64 gpa; +#define KVM_USER_VMGEXIT_PSC_MSR_OP_PRIVATE 1 +#define KVM_USER_VMGEXIT_PSC_MSR_OP_SHARED 2 + __u8 op; + __u32 ret; + } psc_msr; + struct { + __u64 shared_gpa; + __u64 ret; + } psc; + struct { + __u64 data_gpa; + __u64 data_npages; + __u32 ret; + } ext_guest_req; + }; +}; + #define KVM_S390_GET_SKEYS_NONE 1 #define KVM_S390_SKEYS_MAX 1048576 @@ -210,6 +203,7 @@ struct kvm_xen_exit { #define KVM_EXIT_NOTIFY 37 #define KVM_EXIT_LOONGARCH_IOCSR 38 #define KVM_EXIT_MEMORY_FAULT 39 +#define KVM_EXIT_VMGEXIT 40 /* For KVM_EXIT_INTERNAL_ERROR */ /* Emulate instruction failed. */ @@ -313,11 +307,6 @@ struct kvm_run { __u32 ipb; } s390_sieic; /* KVM_EXIT_S390_RESET */ -#define KVM_S390_RESET_POR 1 -#define KVM_S390_RESET_CLEAR 2 -#define KVM_S390_RESET_SUBSYSTEM 4 -#define KVM_S390_RESET_CPU_INIT 8 -#define KVM_S390_RESET_IPL 16 __u64 s390_reset_flags; /* KVM_EXIT_S390_UCONTROL */ struct { @@ -466,6 +455,8 @@ struct kvm_run { __u64 gpa; __u64 size; } memory_fault; + /* KVM_EXIT_VMGEXIT */ + struct kvm_user_vmgexit vmgexit; /* Fix the size of the union. */ char padding[256]; }; @@ -532,43 +523,6 @@ struct kvm_translation { __u8 pad[5]; }; -/* for KVM_S390_MEM_OP */ -struct kvm_s390_mem_op { - /* in */ - __u64 gaddr; /* the guest address */ - __u64 flags; /* flags */ - __u32 size; /* amount of bytes */ - __u32 op; /* type of operation */ - __u64 buf; /* buffer in userspace */ - union { - struct { - __u8 ar; /* the access register number */ - __u8 key; /* access key, ignored if flag unset */ - __u8 pad1[6]; /* ignored */ - __u64 old_addr; /* ignored if cmpxchg flag unset */ - }; - __u32 sida_offset; /* offset into the sida */ - __u8 reserved[32]; /* ignored */ - }; -}; -/* types for kvm_s390_mem_op->op */ -#define KVM_S390_MEMOP_LOGICAL_READ 0 -#define KVM_S390_MEMOP_LOGICAL_WRITE 1 -#define KVM_S390_MEMOP_SIDA_READ 2 -#define KVM_S390_MEMOP_SIDA_WRITE 3 -#define KVM_S390_MEMOP_ABSOLUTE_READ 4 -#define KVM_S390_MEMOP_ABSOLUTE_WRITE 5 -#define KVM_S390_MEMOP_ABSOLUTE_CMPXCHG 6 - -/* flags for kvm_s390_mem_op->flags */ -#define KVM_S390_MEMOP_F_CHECK_ONLY (1ULL << 0) -#define KVM_S390_MEMOP_F_INJECT_EXCEPTION (1ULL << 1) -#define KVM_S390_MEMOP_F_SKEY_PROTECTION (1ULL << 2) - -/* flags specifying extension support via KVM_CAP_S390_MEM_OP_EXTENSION */ -#define KVM_S390_MEMOP_EXTENSION_CAP_BASE (1 << 0) -#define KVM_S390_MEMOP_EXTENSION_CAP_CMPXCHG (1 << 1) - /* for KVM_INTERRUPT */ struct kvm_interrupt { /* in */ @@ -633,124 +587,6 @@ struct kvm_mp_state { __u32 mp_state; }; -struct kvm_s390_psw { - __u64 mask; - __u64 addr; -}; - -/* valid values for type in kvm_s390_interrupt */ -#define KVM_S390_SIGP_STOP 0xfffe0000u -#define KVM_S390_PROGRAM_INT 0xfffe0001u -#define KVM_S390_SIGP_SET_PREFIX 0xfffe0002u -#define KVM_S390_RESTART 0xfffe0003u -#define KVM_S390_INT_PFAULT_INIT 0xfffe0004u -#define KVM_S390_INT_PFAULT_DONE 0xfffe0005u -#define KVM_S390_MCHK 0xfffe1000u -#define KVM_S390_INT_CLOCK_COMP 0xffff1004u -#define KVM_S390_INT_CPU_TIMER 0xffff1005u -#define KVM_S390_INT_VIRTIO 0xffff2603u -#define KVM_S390_INT_SERVICE 0xffff2401u -#define KVM_S390_INT_EMERGENCY 0xffff1201u -#define KVM_S390_INT_EXTERNAL_CALL 0xffff1202u -/* Anything below 0xfffe0000u is taken by INT_IO */ -#define KVM_S390_INT_IO(ai,cssid,ssid,schid) \ - (((schid)) | \ - ((ssid) << 16) | \ - ((cssid) << 18) | \ - ((ai) << 26)) -#define KVM_S390_INT_IO_MIN 0x00000000u -#define KVM_S390_INT_IO_MAX 0xfffdffffu -#define KVM_S390_INT_IO_AI_MASK 0x04000000u - - -struct kvm_s390_interrupt { - __u32 type; - __u32 parm; - __u64 parm64; -}; - -struct kvm_s390_io_info { - __u16 subchannel_id; - __u16 subchannel_nr; - __u32 io_int_parm; - __u32 io_int_word; -}; - -struct kvm_s390_ext_info { - __u32 ext_params; - __u32 pad; - __u64 ext_params2; -}; - -struct kvm_s390_pgm_info { - __u64 trans_exc_code; - __u64 mon_code; - __u64 per_address; - __u32 data_exc_code; - __u16 code; - __u16 mon_class_nr; - __u8 per_code; - __u8 per_atmid; - __u8 exc_access_id; - __u8 per_access_id; - __u8 op_access_id; -#define KVM_S390_PGM_FLAGS_ILC_VALID 0x01 -#define KVM_S390_PGM_FLAGS_ILC_0 0x02 -#define KVM_S390_PGM_FLAGS_ILC_1 0x04 -#define KVM_S390_PGM_FLAGS_ILC_MASK 0x06 -#define KVM_S390_PGM_FLAGS_NO_REWIND 0x08 - __u8 flags; - __u8 pad[2]; -}; - -struct kvm_s390_prefix_info { - __u32 address; -}; - -struct kvm_s390_extcall_info { - __u16 code; -}; - -struct kvm_s390_emerg_info { - __u16 code; -}; - -#define KVM_S390_STOP_FLAG_STORE_STATUS 0x01 -struct kvm_s390_stop_info { - __u32 flags; -}; - -struct kvm_s390_mchk_info { - __u64 cr14; - __u64 mcic; - __u64 failing_storage_address; - __u32 ext_damage_code; - __u32 pad; - __u8 fixed_logout[16]; -}; - -struct kvm_s390_irq { - __u64 type; - union { - struct kvm_s390_io_info io; - struct kvm_s390_ext_info ext; - struct kvm_s390_pgm_info pgm; - struct kvm_s390_emerg_info emerg; - struct kvm_s390_extcall_info extcall; - struct kvm_s390_prefix_info prefix; - struct kvm_s390_stop_info stop; - struct kvm_s390_mchk_info mchk; - char reserved[64]; - } u; -}; - -struct kvm_s390_irq_state { - __u64 buf; - __u32 flags; /* will stay unused for compatibility reasons */ - __u32 len; - __u32 reserved[4]; /* will stay unused for compatibility reasons */ -}; - /* for KVM_SET_GUEST_DEBUG */ #define KVM_GUESTDBG_ENABLE 0x00000001 @@ -806,50 +642,6 @@ struct kvm_enable_cap { __u8 pad[64]; }; -/* for KVM_PPC_GET_PVINFO */ - -#define KVM_PPC_PVINFO_FLAGS_EV_IDLE (1<<0) - -struct kvm_ppc_pvinfo { - /* out */ - __u32 flags; - __u32 hcall[4]; - __u8 pad[108]; -}; - -/* for KVM_PPC_GET_SMMU_INFO */ -#define KVM_PPC_PAGE_SIZES_MAX_SZ 8 - -struct kvm_ppc_one_page_size { - __u32 page_shift; /* Page shift (or 0) */ - __u32 pte_enc; /* Encoding in the HPTE (>>12) */ -}; - -struct kvm_ppc_one_seg_page_size { - __u32 page_shift; /* Base page shift of segment (or 0) */ - __u32 slb_enc; /* SLB encoding for BookS */ - struct kvm_ppc_one_page_size enc[KVM_PPC_PAGE_SIZES_MAX_SZ]; -}; - -#define KVM_PPC_PAGE_SIZES_REAL 0x00000001 -#define KVM_PPC_1T_SEGMENTS 0x00000002 -#define KVM_PPC_NO_HASH 0x00000004 - -struct kvm_ppc_smmu_info { - __u64 flags; - __u32 slb_size; - __u16 data_keys; /* # storage keys supported for data */ - __u16 instr_keys; /* # storage keys supported for instructions */ - struct kvm_ppc_one_seg_page_size sps[KVM_PPC_PAGE_SIZES_MAX_SZ]; -}; - -/* for KVM_PPC_RESIZE_HPT_{PREPARE,COMMIT} */ -struct kvm_ppc_resize_hpt { - __u64 flags; - __u32 shift; - __u32 pad; -}; - #define KVMIO 0xAE /* machine type bits, to be used as argument to KVM_CREATE_VM */ @@ -919,9 +711,7 @@ struct kvm_ppc_resize_hpt { /* Bug in KVM_SET_USER_MEMORY_REGION fixed: */ #define KVM_CAP_DESTROY_MEMORY_REGION_WORKS 21 #define KVM_CAP_USER_NMI 22 -#ifdef __KVM_HAVE_GUEST_DEBUG #define KVM_CAP_SET_GUEST_DEBUG 23 -#endif #ifdef __KVM_HAVE_PIT #define KVM_CAP_REINJECT_CONTROL 24 #endif @@ -1152,8 +942,6 @@ struct kvm_ppc_resize_hpt { #define KVM_CAP_GUEST_MEMFD 234 #define KVM_CAP_VM_TYPES 235 -#ifdef KVM_CAP_IRQ_ROUTING - struct kvm_irq_routing_irqchip { __u32 irqchip; __u32 pin; @@ -1218,42 +1006,6 @@ struct kvm_irq_routing { struct kvm_irq_routing_entry entries[]; }; -#endif - -#ifdef KVM_CAP_MCE -/* x86 MCE */ -struct kvm_x86_mce { - __u64 status; - __u64 addr; - __u64 misc; - __u64 mcg_status; - __u8 bank; - __u8 pad1[7]; - __u64 pad2[3]; -}; -#endif - -#ifdef KVM_CAP_XEN_HVM -#define KVM_XEN_HVM_CONFIG_HYPERCALL_MSR (1 << 0) -#define KVM_XEN_HVM_CONFIG_INTERCEPT_HCALL (1 << 1) -#define KVM_XEN_HVM_CONFIG_SHARED_INFO (1 << 2) -#define KVM_XEN_HVM_CONFIG_RUNSTATE (1 << 3) -#define KVM_XEN_HVM_CONFIG_EVTCHN_2LEVEL (1 << 4) -#define KVM_XEN_HVM_CONFIG_EVTCHN_SEND (1 << 5) -#define KVM_XEN_HVM_CONFIG_RUNSTATE_UPDATE_FLAG (1 << 6) -#define KVM_XEN_HVM_CONFIG_PVCLOCK_TSC_UNSTABLE (1 << 7) - -struct kvm_xen_hvm_config { - __u32 flags; - __u32 msr; - __u64 blob_addr_32; - __u64 blob_addr_64; - __u8 blob_size_32; - __u8 blob_size_64; - __u8 pad2[30]; -}; -#endif - #define KVM_IRQFD_FLAG_DEASSIGN (1 << 0) /* * Available with KVM_CAP_IRQFD_RESAMPLE @@ -1438,11 +1190,6 @@ struct kvm_vfio_spapr_tce { struct kvm_userspace_memory_region2) /* enable ucontrol for s390 */ -struct kvm_s390_ucas_mapping { - __u64 user_addr; - __u64 vcpu_addr; - __u64 length; -}; #define KVM_S390_UCAS_MAP _IOW(KVMIO, 0x50, struct kvm_s390_ucas_mapping) #define KVM_S390_UCAS_UNMAP _IOW(KVMIO, 0x51, struct kvm_s390_ucas_mapping) #define KVM_S390_VCPU_FAULT _IOW(KVMIO, 0x52, unsigned long) @@ -1637,89 +1384,6 @@ struct kvm_enc_region { #define KVM_S390_NORMAL_RESET _IO(KVMIO, 0xc3) #define KVM_S390_CLEAR_RESET _IO(KVMIO, 0xc4) -struct kvm_s390_pv_sec_parm { - __u64 origin; - __u64 length; -}; - -struct kvm_s390_pv_unp { - __u64 addr; - __u64 size; - __u64 tweak; -}; - -enum pv_cmd_dmp_id { - KVM_PV_DUMP_INIT, - KVM_PV_DUMP_CONFIG_STOR_STATE, - KVM_PV_DUMP_COMPLETE, - KVM_PV_DUMP_CPU, -}; - -struct kvm_s390_pv_dmp { - __u64 subcmd; - __u64 buff_addr; - __u64 buff_len; - __u64 gaddr; /* For dump storage state */ - __u64 reserved[4]; -}; - -enum pv_cmd_info_id { - KVM_PV_INFO_VM, - KVM_PV_INFO_DUMP, -}; - -struct kvm_s390_pv_info_dump { - __u64 dump_cpu_buffer_len; - __u64 dump_config_mem_buffer_per_1m; - __u64 dump_config_finalize_len; -}; - -struct kvm_s390_pv_info_vm { - __u64 inst_calls_list[4]; - __u64 max_cpus; - __u64 max_guests; - __u64 max_guest_addr; - __u64 feature_indication; -}; - -struct kvm_s390_pv_info_header { - __u32 id; - __u32 len_max; - __u32 len_written; - __u32 reserved; -}; - -struct kvm_s390_pv_info { - struct kvm_s390_pv_info_header header; - union { - struct kvm_s390_pv_info_dump dump; - struct kvm_s390_pv_info_vm vm; - }; -}; - -enum pv_cmd_id { - KVM_PV_ENABLE, - KVM_PV_DISABLE, - KVM_PV_SET_SEC_PARMS, - KVM_PV_UNPACK, - KVM_PV_VERIFY, - KVM_PV_PREP_RESET, - KVM_PV_UNSHARE_ALL, - KVM_PV_INFO, - KVM_PV_DUMP, - KVM_PV_ASYNC_CLEANUP_PREPARE, - KVM_PV_ASYNC_CLEANUP_PERFORM, -}; - -struct kvm_pv_cmd { - __u32 cmd; /* Command to be executed */ - __u16 rc; /* Ultravisor return code */ - __u16 rrc; /* Ultravisor return reason code */ - __u64 data; /* Data or address */ - __u32 flags; /* flags for future extensions. Must be 0 for now */ - __u32 reserved[3]; -}; - /* Available with KVM_CAP_S390_PROTECTED */ #define KVM_S390_PV_COMMAND _IOWR(KVMIO, 0xc5, struct kvm_pv_cmd) @@ -1733,58 +1397,6 @@ struct kvm_pv_cmd { #define KVM_XEN_HVM_GET_ATTR _IOWR(KVMIO, 0xc8, struct kvm_xen_hvm_attr) #define KVM_XEN_HVM_SET_ATTR _IOW(KVMIO, 0xc9, struct kvm_xen_hvm_attr) -struct kvm_xen_hvm_attr { - __u16 type; - __u16 pad[3]; - union { - __u8 long_mode; - __u8 vector; - __u8 runstate_update_flag; - struct { - __u64 gfn; -#define KVM_XEN_INVALID_GFN ((__u64)-1) - } shared_info; - struct { - __u32 send_port; - __u32 type; /* EVTCHNSTAT_ipi / EVTCHNSTAT_interdomain */ - __u32 flags; -#define KVM_XEN_EVTCHN_DEASSIGN (1 << 0) -#define KVM_XEN_EVTCHN_UPDATE (1 << 1) -#define KVM_XEN_EVTCHN_RESET (1 << 2) - /* - * Events sent by the guest are either looped back to - * the guest itself (potentially on a different port#) - * or signalled via an eventfd. - */ - union { - struct { - __u32 port; - __u32 vcpu; - __u32 priority; - } port; - struct { - __u32 port; /* Zero for eventfd */ - __s32 fd; - } eventfd; - __u32 padding[4]; - } deliver; - } evtchn; - __u32 xen_version; - __u64 pad[8]; - } u; -}; - - -/* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_SHARED_INFO */ -#define KVM_XEN_ATTR_TYPE_LONG_MODE 0x0 -#define KVM_XEN_ATTR_TYPE_SHARED_INFO 0x1 -#define KVM_XEN_ATTR_TYPE_UPCALL_VECTOR 0x2 -/* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_EVTCHN_SEND */ -#define KVM_XEN_ATTR_TYPE_EVTCHN 0x3 -#define KVM_XEN_ATTR_TYPE_XEN_VERSION 0x4 -/* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_RUNSTATE_UPDATE_FLAG */ -#define KVM_XEN_ATTR_TYPE_RUNSTATE_UPDATE_FLAG 0x5 - /* Per-vCPU Xen attributes */ #define KVM_XEN_VCPU_GET_ATTR _IOWR(KVMIO, 0xca, struct kvm_xen_vcpu_attr) #define KVM_XEN_VCPU_SET_ATTR _IOW(KVMIO, 0xcb, struct kvm_xen_vcpu_attr) @@ -1795,242 +1407,6 @@ struct kvm_xen_hvm_attr { #define KVM_GET_SREGS2 _IOR(KVMIO, 0xcc, struct kvm_sregs2) #define KVM_SET_SREGS2 _IOW(KVMIO, 0xcd, struct kvm_sregs2) -struct kvm_xen_vcpu_attr { - __u16 type; - __u16 pad[3]; - union { - __u64 gpa; -#define KVM_XEN_INVALID_GPA ((__u64)-1) - __u64 pad[8]; - struct { - __u64 state; - __u64 state_entry_time; - __u64 time_running; - __u64 time_runnable; - __u64 time_blocked; - __u64 time_offline; - } runstate; - __u32 vcpu_id; - struct { - __u32 port; - __u32 priority; - __u64 expires_ns; - } timer; - __u8 vector; - } u; -}; - -/* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_SHARED_INFO */ -#define KVM_XEN_VCPU_ATTR_TYPE_VCPU_INFO 0x0 -#define KVM_XEN_VCPU_ATTR_TYPE_VCPU_TIME_INFO 0x1 -#define KVM_XEN_VCPU_ATTR_TYPE_RUNSTATE_ADDR 0x2 -#define KVM_XEN_VCPU_ATTR_TYPE_RUNSTATE_CURRENT 0x3 -#define KVM_XEN_VCPU_ATTR_TYPE_RUNSTATE_DATA 0x4 -#define KVM_XEN_VCPU_ATTR_TYPE_RUNSTATE_ADJUST 0x5 -/* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_EVTCHN_SEND */ -#define KVM_XEN_VCPU_ATTR_TYPE_VCPU_ID 0x6 -#define KVM_XEN_VCPU_ATTR_TYPE_TIMER 0x7 -#define KVM_XEN_VCPU_ATTR_TYPE_UPCALL_VECTOR 0x8 - -/* Secure Encrypted Virtualization command */ -enum sev_cmd_id { - /* Guest initialization commands */ - KVM_SEV_INIT = 0, - KVM_SEV_ES_INIT, - /* Guest launch commands */ - KVM_SEV_LAUNCH_START, - KVM_SEV_LAUNCH_UPDATE_DATA, - KVM_SEV_LAUNCH_UPDATE_VMSA, - KVM_SEV_LAUNCH_SECRET, - KVM_SEV_LAUNCH_MEASURE, - KVM_SEV_LAUNCH_FINISH, - /* Guest migration commands (outgoing) */ - KVM_SEV_SEND_START, - KVM_SEV_SEND_UPDATE_DATA, - KVM_SEV_SEND_UPDATE_VMSA, - KVM_SEV_SEND_FINISH, - /* Guest migration commands (incoming) */ - KVM_SEV_RECEIVE_START, - KVM_SEV_RECEIVE_UPDATE_DATA, - KVM_SEV_RECEIVE_UPDATE_VMSA, - KVM_SEV_RECEIVE_FINISH, - /* Guest status and debug commands */ - KVM_SEV_GUEST_STATUS, - KVM_SEV_DBG_DECRYPT, - KVM_SEV_DBG_ENCRYPT, - /* Guest certificates commands */ - KVM_SEV_CERT_EXPORT, - /* Attestation report */ - KVM_SEV_GET_ATTESTATION_REPORT, - /* Guest Migration Extension */ - KVM_SEV_SEND_CANCEL, - - KVM_SEV_NR_MAX, -}; - -struct kvm_sev_cmd { - __u32 id; - __u64 data; - __u32 error; - __u32 sev_fd; -}; - -struct kvm_sev_launch_start { - __u32 handle; - __u32 policy; - __u64 dh_uaddr; - __u32 dh_len; - __u64 session_uaddr; - __u32 session_len; -}; - -struct kvm_sev_launch_update_data { - __u64 uaddr; - __u32 len; -}; - - -struct kvm_sev_launch_secret { - __u64 hdr_uaddr; - __u32 hdr_len; - __u64 guest_uaddr; - __u32 guest_len; - __u64 trans_uaddr; - __u32 trans_len; -}; - -struct kvm_sev_launch_measure { - __u64 uaddr; - __u32 len; -}; - -struct kvm_sev_guest_status { - __u32 handle; - __u32 policy; - __u32 state; -}; - -struct kvm_sev_dbg { - __u64 src_uaddr; - __u64 dst_uaddr; - __u32 len; -}; - -struct kvm_sev_attestation_report { - __u8 mnonce[16]; - __u64 uaddr; - __u32 len; -}; - -struct kvm_sev_send_start { - __u32 policy; - __u64 pdh_cert_uaddr; - __u32 pdh_cert_len; - __u64 plat_certs_uaddr; - __u32 plat_certs_len; - __u64 amd_certs_uaddr; - __u32 amd_certs_len; - __u64 session_uaddr; - __u32 session_len; -}; - -struct kvm_sev_send_update_data { - __u64 hdr_uaddr; - __u32 hdr_len; - __u64 guest_uaddr; - __u32 guest_len; - __u64 trans_uaddr; - __u32 trans_len; -}; - -struct kvm_sev_receive_start { - __u32 handle; - __u32 policy; - __u64 pdh_uaddr; - __u32 pdh_len; - __u64 session_uaddr; - __u32 session_len; -}; - -struct kvm_sev_receive_update_data { - __u64 hdr_uaddr; - __u32 hdr_len; - __u64 guest_uaddr; - __u32 guest_len; - __u64 trans_uaddr; - __u32 trans_len; -}; - -#define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) -#define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) -#define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) - -struct kvm_assigned_pci_dev { - __u32 assigned_dev_id; - __u32 busnr; - __u32 devfn; - __u32 flags; - __u32 segnr; - union { - __u32 reserved[11]; - }; -}; - -#define KVM_DEV_IRQ_HOST_INTX (1 << 0) -#define KVM_DEV_IRQ_HOST_MSI (1 << 1) -#define KVM_DEV_IRQ_HOST_MSIX (1 << 2) - -#define KVM_DEV_IRQ_GUEST_INTX (1 << 8) -#define KVM_DEV_IRQ_GUEST_MSI (1 << 9) -#define KVM_DEV_IRQ_GUEST_MSIX (1 << 10) - -#define KVM_DEV_IRQ_HOST_MASK 0x00ff -#define KVM_DEV_IRQ_GUEST_MASK 0xff00 - -struct kvm_assigned_irq { - __u32 assigned_dev_id; - __u32 host_irq; /* ignored (legacy field) */ - __u32 guest_irq; - __u32 flags; - union { - __u32 reserved[12]; - }; -}; - -struct kvm_assigned_msix_nr { - __u32 assigned_dev_id; - __u16 entry_nr; - __u16 padding; -}; - -#define KVM_MAX_MSIX_PER_DEV 256 -struct kvm_assigned_msix_entry { - __u32 assigned_dev_id; - __u32 gsi; - __u16 entry; /* The index of entry in the MSI-X table */ - __u16 padding[3]; -}; - -#define KVM_X2APIC_API_USE_32BIT_IDS (1ULL << 0) -#define KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK (1ULL << 1) - -/* Available with KVM_CAP_ARM_USER_IRQ */ - -/* Bits for run->s.regs.device_irq_level */ -#define KVM_ARM_DEV_EL1_VTIMER (1 << 0) -#define KVM_ARM_DEV_EL1_PTIMER (1 << 1) -#define KVM_ARM_DEV_PMU (1 << 2) - -struct kvm_hyperv_eventfd { - __u32 conn_id; - __s32 fd; - __u32 flags; - __u32 padding[3]; -}; - -#define KVM_HYPERV_CONN_ID_MASK 0x00ffffff -#define KVM_HYPERV_EVENTFD_DEASSIGN (1 << 0) - #define KVM_DIRTY_LOG_MANUAL_PROTECT_ENABLE (1 << 0) #define KVM_DIRTY_LOG_INITIALLY_SET (1 << 1) @@ -2176,33 +1552,6 @@ struct kvm_stats_desc { /* Available with KVM_CAP_S390_ZPCI_OP */ #define KVM_S390_ZPCI_OP _IOW(KVMIO, 0xd1, struct kvm_s390_zpci_op) -struct kvm_s390_zpci_op { - /* in */ - __u32 fh; /* target device */ - __u8 op; /* operation to perform */ - __u8 pad[3]; - union { - /* for KVM_S390_ZPCIOP_REG_AEN */ - struct { - __u64 ibv; /* Guest addr of interrupt bit vector */ - __u64 sb; /* Guest addr of summary bit */ - __u32 flags; - __u32 noi; /* Number of interrupts */ - __u8 isc; /* Guest interrupt subclass */ - __u8 sbo; /* Offset of guest summary bit vector */ - __u16 pad; - } reg_aen; - __u64 reserved[8]; - } u; -}; - -/* types for kvm_s390_zpci_op->op */ -#define KVM_S390_ZPCIOP_REG_AEN 0 -#define KVM_S390_ZPCIOP_DEREG_AEN 1 - -/* flags for kvm_s390_zpci_op->u.reg_aen.flags */ -#define KVM_S390_ZPCIOP_REGAEN_HOST (1 << 0) - /* Available with KVM_CAP_MEMORY_ATTRIBUTES */ #define KVM_SET_MEMORY_ATTRIBUTES _IOW(KVMIO, 0xd2, struct kvm_memory_attributes) diff --git a/linux-headers/linux/psp-sev.h b/linux-headers/linux/psp-sev.h index bcb21339ee..3095af51e5 100644 --- a/linux-headers/linux/psp-sev.h +++ b/linux-headers/linux/psp-sev.h @@ -28,6 +28,11 @@ enum { SEV_PEK_CERT_IMPORT, SEV_GET_ID, /* This command is deprecated, use SEV_GET_ID2 */ SEV_GET_ID2, + SNP_PLATFORM_STATUS, + SNP_COMMIT, + SNP_SET_CONFIG, + SNP_SET_CONFIG_START, + SNP_SET_CONFIG_END, SEV_MAX, }; @@ -69,6 +74,12 @@ typedef enum { SEV_RET_RESOURCE_LIMIT, SEV_RET_SECURE_DATA_INVALID, SEV_RET_INVALID_KEY = 0x27, + SEV_RET_INVALID_PAGE_SIZE, + SEV_RET_INVALID_PAGE_STATE, + SEV_RET_INVALID_MDATA_ENTRY, + SEV_RET_INVALID_PAGE_OWNER, + SEV_RET_INVALID_PAGE_AEAD_OFLOW, + SEV_RET_RMP_INIT_REQUIRED, SEV_RET_MAX, } sev_ret_code; @@ -155,6 +166,66 @@ struct sev_user_data_get_id2 { __u32 length; /* In/Out */ } __attribute__((packed)); +/** + * struct sev_user_data_snp_status - SNP status + * + * @api_major: API major version + * @api_minor: API minor version + * @state: current platform state + * @is_rmp_initialized: whether RMP is initialized or not + * @rsvd: reserved + * @build_id: firmware build id for the API version + * @mask_chip_id: whether chip id is present in attestation reports or not + * @mask_chip_key: whether attestation reports are signed or not + * @vlek_en: VLEK (Version Loaded Endorsement Key) hashstick is loaded + * @rsvd1: reserved + * @guest_count: the number of guest currently managed by the firmware + * @current_tcb_version: current TCB version + * @reported_tcb_version: reported TCB version + */ +struct sev_user_data_snp_status { + __u8 api_major; /* Out */ + __u8 api_minor; /* Out */ + __u8 state; /* Out */ + __u8 is_rmp_initialized:1; /* Out */ + __u8 rsvd:7; + __u32 build_id; /* Out */ + __u32 mask_chip_id:1; /* Out */ + __u32 mask_chip_key:1; /* Out */ + __u32 vlek_en:1; /* Out */ + __u32 rsvd1:29; + __u32 guest_count; /* Out */ + __u64 current_tcb_version; /* Out */ + __u64 reported_tcb_version; /* Out */ +} __attribute__((packed)); + +/** + * struct sev_user_data_snp_config - system wide configuration value for SNP. + * + * @reported_tcb: the TCB version to report in the guest attestation report. + * @mask_chip_id: whether chip id is present in attestation reports or not + * @mask_chip_key: whether attestation reports are signed or not + * @rsvd: reserved + * @rsvd1: reserved + */ +struct sev_user_data_snp_config { + __u64 reported_tcb ; /* In */ + __u32 mask_chip_id:1; /* In */ + __u32 mask_chip_key:1; /* In */ + __u32 rsvd:30; /* In */ + __u8 rsvd1[52]; +} __attribute__((packed)); + +/** + * struct sev_user_data_snp_config_transaction - metadata for config transactions + * + * @id: the ID of the transaction started/ended by a call to SNP_SET_CONFIG_START + * or SNP_SET_CONFIG_END, respectively. + */ +struct sev_user_data_snp_config_transaction { + __u64 id; /* Out */ +} __attribute__((packed)); + /** * struct sev_issue_cmd - SEV ioctl parameters * From patchwork Wed Mar 20 08:39:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597607 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2044.outbound.protection.outlook.com [40.107.237.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B09B511720 for ; Wed, 20 Mar 2024 08:57:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.44 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710925041; cv=fail; b=m+1ROm6MqEuT3Gj0zH6pcxlGvJOkndN+KStYy7q2zd0wyYshHeErLzHWhP4vD6DWykOPW0dly9CnDqhZIWBo2w/CeizSzJBKv1fwFm3PS+t1mrWQP9I/NwgZwXSzdem+KuIxSXuohqcm/2hVdSTasEIKYwBIbQ2tAW2nWiEUdzM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710925041; c=relaxed/simple; bh=rGbxOApkKNRkqDN1dLGcMuX1OiUE1nlpQR+8QaSU+9o=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=E0lkmgJKjbiGLNHMGT5NC2TPVo186IxjD7CzqZQmGC1DdLRkB06KhbVikId/rP7ckOKkeIcBx6wJh15WNwFPlnFophhw5T+MAJFb0kuGuMZxMuU+lWqLFl+gTAPtCHxuiMszHAQ9V95tYpoU2DW7DzcF9/w8MsbqKLJEoc+54Ug= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=H0b1MM2i; arc=fail smtp.client-ip=40.107.237.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="H0b1MM2i" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KFF+D6N4Fa+YL52gzdMGOM1rlPKEVNCqT3gVufsKrMpsGyE4B7TwJ2OIIZ8Ew+/X40m23WDAn1Ne5RAxrM4zBZNP78wPJHnHBMXDa2Y0K4y28id2Ff7GKmAKFrpVSQo9hcLRHjj6t0Rq7XVsVfP+aH2DcXReC9ZWvbKNVahOwV9QDZgdbUCsWVvSqJFGnB4oFDMv1BlFmbxuXMgHhQbHrbNg1Mc55jJ8+25IxdqNnio4E0JyfpmhsQhFDf3qRnAug6KFoDILIUS03da0ubFGA0jE2J/YWtO34WFPBmcXD3rzXZTKoxcdlMA7+BG8lBwJltfkrB9Dk19mwv1XbF3PFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xeQHQNX4ESsynKfd1VItjvo9w0VkudnViDwXsXm7N64=; b=NNbc+oBPenTWLphVC29e45uN0wqyLNWJIrHWDTJaeVhA/BFtTvPy5FtX3ydyQcBa5IRUmgLe4934YXa6zd3pVsP/YXJuzE4JEL/guroMev9DESZNVnA6vCKURa9boJA2ch3myxG+ME61v7Y9R7ID2GihjhjiHyrlDAxqM5bE/1ZngymBPLWLh4D9q8ZWfV/ZfkjtDWzPYDhmCtut6eysv2cVE93o4PCTa+q3GlXzoM+nPuZQOKXXewvQbACYJi1v0QQZR2PJdme7ojwmeWuJTbz5k/iUWtozroYhByd1+DDvFKlvQhbXx/uk2uxDcnzpFRfiQLFItggiBYRBv4wwjA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xeQHQNX4ESsynKfd1VItjvo9w0VkudnViDwXsXm7N64=; b=H0b1MM2i1h/uGWcManH/GHan7jL1CbgJesaS4TEClhAnYrbO/lXERNDtd9xd+XtjWAiPaq7sph2yXAFjir+CcqZKXzznEAvDi8yCy2qJ2HSPL5jdVKiSo7y/Am42DZSPkogRp6+hfLVbw8pj8u0EiFGqyiu51Q3YVah+htWe2XM= Received: from BYAPR07CA0040.namprd07.prod.outlook.com (2603:10b6:a03:60::17) by SJ2PR12MB8978.namprd12.prod.outlook.com (2603:10b6:a03:545::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.34; Wed, 20 Mar 2024 08:57:17 +0000 Received: from CO1PEPF000044F3.namprd05.prod.outlook.com (2603:10b6:a03:60:cafe::1c) by BYAPR07CA0040.outlook.office365.com (2603:10b6:a03:60::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27 via Frontend Transport; Wed, 20 Mar 2024 08:57:17 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CO1PEPF000044F3.mail.protection.outlook.com (10.167.241.73) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:57:16 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:57:12 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 05/49] [TEMP] hw/i386: Remove redeclaration of struct setup_data Date: Wed, 20 Mar 2024 03:39:01 -0500 Message-ID: <20240320083945.991426-6-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000044F3:EE_|SJ2PR12MB8978:EE_ X-MS-Office365-Filtering-Correlation-Id: e919ae73-7d6b-459a-bcf5-08dc48bbbe67 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Aw9n/6Y14j5OohTFLUV52M5k9bpA5dPsi7mAQPC8NNU+WOCUKjjM7G+7gaDxRhpZX+PHDXstsPN7J1SkAZOuxT+Vq3Kty4Wy+x6+5R/9aevvG9RfcqWd2nCMKy+WZyjp8sokYwS7JC/kM3SOlYsRRqX2OUpROp0yGLfdIiLWGe63e+xHiucIeTtvm98Xenj1NqUo3pBF2cFy//6K1xJSOjXIFHzos9mvn1EEms/p6Y7hRPEDvn6Ji44LDfzthUZ4h6+S+Uwoaf1zA0JvQvKoFbqIdEy6xsEWwykZEB/7rE85/pUfjc7oH5B9xvSDyFDHvOJ+IMBj0MjI1eUkjPjfB6EZy1DCo5HBVjrIeaflpQcsi9j4TSwZwVZYB6QFrgM+hqVEWmh/+RidB3Y1/LkS3APnt5YSuhFieKmfpmMkyFx59+LcFKICp+PBmzuvjk8PMn5X4LhLzPa60syvBg5boidqXMwQpRHCkqkCpkOv60bJbtjXH5fL3ajnzrlo6HmDqGCPjo5Knmlwzzga7wqxQPB0vRghPT4vnhslbZr95SCHMRZgvd/DsWi/EwV+cYJzoRO0Q+I0F5rkpH1/9KIzY0nFR2dyOq/WZFrMBEnkxrGfoNSEkgS4lXB/XkIkVZ1G5FgiZdD9hwosGVtuIvmjAi7phFf2h8zNwZeT/RXRJtzPjWsdSU7jBp4Ogdr2zaUAduZZ6/lgb0kjjuDEMbMHcV/JQw6A26goFAgY0oNj6d8NVJnIW8yzzb0DMmonSxxF X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(376005)(82310400014)(36860700004);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:57:16.8759 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e919ae73-7d6b-459a-bcf5-08dc48bbbe67 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000044F3.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR12MB8978 TODO: this needs to be done as part of header update to avoid temporary build bisect breakage. Keeping it separate for reference. It is now provided by kernel headers. Signed-off-by: Michael Roth --- hw/i386/x86.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/hw/i386/x86.c b/hw/i386/x86.c index 2d4b148cd2..825dc4c735 100644 --- a/hw/i386/x86.c +++ b/hw/i386/x86.c @@ -679,14 +679,6 @@ DeviceState *ioapic_init_secondary(GSIState *gsi_state) return dev; } -struct setup_data { - uint64_t next; - uint32_t type; - uint32_t len; - uint8_t data[]; -} __attribute__((packed)); - - /* * The entry point into the kernel for PVH boot is different from * the native entry point. The PVH entry is defined by the x86/HVM From patchwork Wed Mar 20 08:39:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597608 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2083.outbound.protection.outlook.com [40.107.92.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD49F747F for ; Wed, 20 Mar 2024 08:57:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.83 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710925060; cv=fail; b=Gce2XacdibNfCDI5fptrncbZ/J9Cp2cskquAhnyCL+e/3Fn3Epvvwce4kUEAurYowsbizQYLlKlXrA3jPivYdi37TRvqham9DTJ77CtOQwBsQlqjTxsjcng9hIqdNPfAl+0zpYMAPN9iel5qrnh4Pmj84At67rCUpa/vahiF7vM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710925060; c=relaxed/simple; bh=vIgAeyeBjI2azD7g2QOnnEDu0508QUr29U56a7cvXKo=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=tYOXtsMrbn0q2eSuKFdJpyMtWvcZKGf8v2XxZya18VdtdS1y+t8aVaLiJKqUkre67cFbcz/K2QfM1ozOgD5+GZppJs4qirSYM9yegnI2SVHH93vf8NEF6gDIxieG2zzx58Xg4OJflZa+iqm5+SgsemwQJaB/g6A7z5PF5xQn0eY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=ugODw2v1; arc=fail smtp.client-ip=40.107.92.83 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="ugODw2v1" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gY671L3qKzRm8TL7+AwwH5/RmzSr2GMjYrAZJiY2YIOkSjyeMCRn3juAS91tmJQ8Gyztk1emLvuXgBGJ8P9CM4SGoZJplVLprXUTznFO7fI/isBfQWwiPE5/PrlWNz+mPjZziDAGWlVwbt0cYTvERWaqi69j0jxqjmccYeeVfv1ZcZZ+jxk7F+NWk66GddT56svrTu5yxRf10QRm0ijN5+lYBLnGVw59EZqwffofeKTY3TH/AAzEWE/EyVMJfm5sYA+Vv0d/ba5tvG06Ekgxa5PH5rN6pH6HJcdGQerGmzUK6/01PStwEwRV3cswgii20qNiDhw2A69FzMb67ieCXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fN67WG8ZcQxLNNP+yKcr0fqs8Rqg6oQGwkEMqqug9o4=; b=nyLUbyuSUKqlIKzh4/e1hmpl3KGZ7Ims8ioTu+fTmStLoiVss99dCxmxdnys/GSzvHJWQ+OASk67Rk6aChBm+8k+yGJHeqGDIyiebcojk66zLeB8YbfD2T+iUlSAptUfLJN3HhGrAuMcdoo2IMOjyJ59aezl+ox4Rr1yJiWBNmg8Hws9+WzIjBwMfD5YxHXZc6vJ2wALBCuflGC/0P0dmS+5Ouo0kP7M5uHcVv2YfCtL+JUHlitGPfIjuqSflGW4qHfchypfqQ8ju247ORtaW+V2yiNiJVr2KwIIQdCvWXLMeCvOzEaFSFNm1xaTtjfXm5BUONWeLAIQErD4CJ9uaA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fN67WG8ZcQxLNNP+yKcr0fqs8Rqg6oQGwkEMqqug9o4=; b=ugODw2v1haDasc2xNc9qQFlI3ibluF4GTHCS/6kmVLT8KRZvPbyZ8jjTuFhhS28wa1Km+l6ofd03/N2/5lDbZQ+khF4m/edydq0MMR6NPfGSlJ7lM8zuXcOkuNKocl3EoPuqs8jVa329waAVi6CO+ZqvnZf5U+cwQmAV+AqawF4= Received: from BYAPR07CA0005.namprd07.prod.outlook.com (2603:10b6:a02:bc::18) by PH7PR12MB6443.namprd12.prod.outlook.com (2603:10b6:510:1f9::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27; Wed, 20 Mar 2024 08:57:34 +0000 Received: from CO1PEPF000044F2.namprd05.prod.outlook.com (2603:10b6:a02:bc:cafe::be) by BYAPR07CA0005.outlook.office365.com (2603:10b6:a02:bc::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27 via Frontend Transport; Wed, 20 Mar 2024 08:57:34 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CO1PEPF000044F2.mail.protection.outlook.com (10.167.241.72) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:57:33 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:57:33 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata , David Hildenbrand Subject: [PATCH v3 06/49] RAMBlock: Add support of KVM private guest memfd Date: Wed, 20 Mar 2024 03:39:02 -0500 Message-ID: <20240320083945.991426-7-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000044F2:EE_|PH7PR12MB6443:EE_ X-MS-Office365-Filtering-Correlation-Id: a616c3df-a313-4e71-7833-08dc48bbc899 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: TRljJLKJI+Fn7HLG/hrSDyp2wQmEtxnDxsUu/pcEx8blLA2OYlM8ULyZHW6GOO71h+cB6uTUbaQtkFSt8hEAedNUQhMdv2Rdp59VHKeyk4WKc8gcsuto9uM1xXuHyQ4oe3NVeK36PAYGVnLhtsgdKw9XTB3HEHJKwetscV/6Krmufm1FfOys9QJaAN0YhM5R8gKAwa5foKeBHARYBydwfxB+zsD5dVlamOAYewUTLA+20M/fQFjLFcvcLn81gqi5UuBaRTMTM3GoQZC0ymcLjdzMidqWtpuU9WRcMohCxXSaWiTG2JW+Odf9aYYb7dw/WHPzJQOJ5slhlwbvgSoJdcUwXi6tVWaae6K6gRdeMfzj0mrxzRWKr71RvwifzYXcJFIpzlYE1SCzojCSSiBQHcVp/mcB7tOI0ep9+hlA58dM2qlIj160/rr5hGA4XurUJYloeZywhfTlHl4ez79la/0XCFPJwqZb6LwXWiIbrousVI2EV8AoDk0/2oKeBG/LqKQwKPRpujFhH8G66SMp4xJGQ6v7C6GOjPRjMNeekXweAS9Cqy2abyhDMYw06UnDI1p2RlFJzDfUa/m3o2MN575nBZzguMMFe0jvM5cdsJmou/Vqw4mHFYxrnKWttrE82ZoqP0OknsnbeNeWiBdgdaf04gDG4ORnfDh7vWypXj1/zS6zTp90BPlk9OYxiHmfxBEy7MuUg3MnxqlGggqXgJBAzFQhBSkSS5J6q7XHTDEjQ0aR/mt8/6M3ohQBc4sS X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(82310400014)(36860700004)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:57:33.9790 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a616c3df-a313-4e71-7833-08dc48bbc899 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000044F2.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB6443 Add KVM guest_memfd support to RAMBlock so both normal hva based memory and kvm guest memfd based private memory can be associated in one RAMBlock. Introduce new flag RAM_GUEST_MEMFD. When it's set, it calls KVM ioctl to create private guest_memfd during RAMBlock setup. Allocating a new RAM_GUEST_MEMFD flag to instruct the setup of guest memfd is more flexible and extensible than simply relying on the VM type because in the future we may have the case that not all the memory of a VM need guest memfd. As a benefit, it also avoid getting MachineState in memory subsystem. Note, RAM_GUEST_MEMFD is supposed to be set for memory backends of confidential guests, such as TDX VM. How and when to set it for memory backends will be implemented in the following patches. Introduce memory_region_has_guest_memfd() to query if the MemoryRegion has KVM guest_memfd allocated. Signed-off-by: Xiaoyao Li Reviewed-by: David Hildenbrand --- Changes in v5: - Use assert(new_block->guest_memfd < 0) instead of condition check; - Collect Reviewed-by tag from David; Changes in v4: - Add clarification of RAM_GUEST_MEMFD in commit message; (David Hildenbrand) - refine the return value and error message; (Daniel P. Berrangé) - remove flags in ram_block_add(); (David Hildenbrand) Changes in v3: - rename gmem to guest_memfd; - close(guest_memfd) when RAMBlock is released; (Daniel P. Berrangé) - Suqash the patch that introduces memory_region_has_guest_memfd(). Signed-off-by: Michael Roth --- accel/kvm/kvm-all.c | 25 +++++++++++++++++++++++++ accel/stubs/kvm-stub.c | 5 +++++ include/exec/memory.h | 20 +++++++++++++++++--- include/exec/ram_addr.h | 2 +- include/exec/ramblock.h | 1 + include/sysemu/kvm.h | 2 ++ system/memory.c | 5 +++++ system/physmem.c | 24 +++++++++++++++++++++--- 8 files changed, 77 insertions(+), 7 deletions(-) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index a05dea2313..132ab65df5 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -91,6 +91,7 @@ bool kvm_msi_use_devid; static bool kvm_has_guest_debug; static int kvm_sstep_flags; static bool kvm_immediate_exit; +static bool kvm_guest_memfd_supported; static hwaddr kvm_max_slot_size = ~0; static const KVMCapabilityInfo kvm_required_capabilites[] = { @@ -2395,6 +2396,8 @@ static int kvm_init(MachineState *ms) } s->as = g_new0(struct KVMAs, s->nr_as); + kvm_guest_memfd_supported = kvm_check_extension(s, KVM_CAP_GUEST_MEMFD); + if (object_property_find(OBJECT(current_machine), "kvm-type")) { g_autofree char *kvm_type = object_property_get_str(OBJECT(current_machine), "kvm-type", @@ -4099,3 +4102,25 @@ void kvm_mark_guest_state_protected(void) { kvm_state->guest_state_protected = true; } + +int kvm_create_guest_memfd(uint64_t size, uint64_t flags, Error **errp) +{ + int fd; + struct kvm_create_guest_memfd guest_memfd = { + .size = size, + .flags = flags, + }; + + if (!kvm_guest_memfd_supported) { + error_setg(errp, "KVM doesn't support guest memfd\n"); + return -1; + } + + fd = kvm_vm_ioctl(kvm_state, KVM_CREATE_GUEST_MEMFD, &guest_memfd); + if (fd < 0) { + error_setg_errno(errp, errno, "Error creating kvm guest memfd"); + return -1; + } + + return fd; +} diff --git a/accel/stubs/kvm-stub.c b/accel/stubs/kvm-stub.c index ca38172884..8e0eb22e61 100644 --- a/accel/stubs/kvm-stub.c +++ b/accel/stubs/kvm-stub.c @@ -129,3 +129,8 @@ bool kvm_hwpoisoned_mem(void) { return false; } + +int kvm_create_guest_memfd(uint64_t size, uint64_t flags, Error **errp) +{ + return -ENOSYS; +} diff --git a/include/exec/memory.h b/include/exec/memory.h index 8626a355b3..679a847685 100644 --- a/include/exec/memory.h +++ b/include/exec/memory.h @@ -243,6 +243,9 @@ typedef struct IOMMUTLBEvent { /* RAM FD is opened read-only */ #define RAM_READONLY_FD (1 << 11) +/* RAM can be private that has kvm guest memfd backend */ +#define RAM_GUEST_MEMFD (1 << 12) + static inline void iommu_notifier_init(IOMMUNotifier *n, IOMMUNotify fn, IOMMUNotifierFlag flags, hwaddr start, hwaddr end, @@ -1307,7 +1310,8 @@ bool memory_region_init_ram_nomigrate(MemoryRegion *mr, * @name: Region name, becomes part of RAMBlock name used in migration stream * must be unique within any device * @size: size of the region. - * @ram_flags: RamBlock flags. Supported flags: RAM_SHARED, RAM_NORESERVE. + * @ram_flags: RamBlock flags. Supported flags: RAM_SHARED, RAM_NORESERVE, + * RAM_GUEST_MEMFD. * @errp: pointer to Error*, to store an error if it happens. * * Note that this function does not do anything to cause the data in the @@ -1369,7 +1373,7 @@ bool memory_region_init_resizeable_ram(MemoryRegion *mr, * (getpagesize()) will be used. * @ram_flags: RamBlock flags. Supported flags: RAM_SHARED, RAM_PMEM, * RAM_NORESERVE, RAM_PROTECTED, RAM_NAMED_FILE, RAM_READONLY, - * RAM_READONLY_FD + * RAM_READONLY_FD, RAM_GUEST_MEMFD * @path: the path in which to allocate the RAM. * @offset: offset within the file referenced by path * @errp: pointer to Error*, to store an error if it happens. @@ -1399,7 +1403,7 @@ bool memory_region_init_ram_from_file(MemoryRegion *mr, * @size: size of the region. * @ram_flags: RamBlock flags. Supported flags: RAM_SHARED, RAM_PMEM, * RAM_NORESERVE, RAM_PROTECTED, RAM_NAMED_FILE, RAM_READONLY, - * RAM_READONLY_FD + * RAM_READONLY_FD, RAM_GUEST_MEMFD * @fd: the fd to mmap. * @offset: offset within the file referenced by fd * @errp: pointer to Error*, to store an error if it happens. @@ -1722,6 +1726,16 @@ static inline bool memory_region_is_romd(MemoryRegion *mr) */ bool memory_region_is_protected(MemoryRegion *mr); +/** + * memory_region_has_guest_memfd: check whether a memory region has guest_memfd + * associated + * + * Returns %true if a memory region's ram_block has valid guest_memfd assigned. + * + * @mr: the memory region being queried + */ +bool memory_region_has_guest_memfd(MemoryRegion *mr); + /** * memory_region_get_iommu: check whether a memory region is an iommu * diff --git a/include/exec/ram_addr.h b/include/exec/ram_addr.h index 90676093f5..4ebd9ded5e 100644 --- a/include/exec/ram_addr.h +++ b/include/exec/ram_addr.h @@ -109,7 +109,7 @@ long qemu_maxrampagesize(void); * @mr: the memory region where the ram block is * @ram_flags: RamBlock flags. Supported flags: RAM_SHARED, RAM_PMEM, * RAM_NORESERVE, RAM_PROTECTED, RAM_NAMED_FILE, RAM_READONLY, - * RAM_READONLY_FD + * RAM_READONLY_FD, RAM_GUEST_MEMFD * @mem_path or @fd: specify the backing file or device * @offset: Offset into target file * @errp: pointer to Error*, to store an error if it happens diff --git a/include/exec/ramblock.h b/include/exec/ramblock.h index 848915ea5b..459c8917de 100644 --- a/include/exec/ramblock.h +++ b/include/exec/ramblock.h @@ -41,6 +41,7 @@ struct RAMBlock { QLIST_HEAD(, RAMBlockNotifier) ramblock_notifiers; int fd; uint64_t fd_offset; + int guest_memfd; size_t page_size; /* dirty bitmap used during migration */ unsigned long *bmap; diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h index 54f4d83a37..b4913281e2 100644 --- a/include/sysemu/kvm.h +++ b/include/sysemu/kvm.h @@ -536,4 +536,6 @@ void kvm_mark_guest_state_protected(void); * reported for the VM. */ bool kvm_hwpoisoned_mem(void); + +int kvm_create_guest_memfd(uint64_t size, uint64_t flags, Error **errp); #endif diff --git a/system/memory.c b/system/memory.c index a229a79988..c756950c0c 100644 --- a/system/memory.c +++ b/system/memory.c @@ -1850,6 +1850,11 @@ bool memory_region_is_protected(MemoryRegion *mr) return mr->ram && (mr->ram_block->flags & RAM_PROTECTED); } +bool memory_region_has_guest_memfd(MemoryRegion *mr) +{ + return mr->ram_block && mr->ram_block->guest_memfd >= 0; +} + uint8_t memory_region_get_dirty_log_mask(MemoryRegion *mr) { uint8_t mask = mr->dirty_log_mask; diff --git a/system/physmem.c b/system/physmem.c index 6cfb7a80ab..3a4a3f10d5 100644 --- a/system/physmem.c +++ b/system/physmem.c @@ -1842,6 +1842,17 @@ static void ram_block_add(RAMBlock *new_block, Error **errp) } } + if (kvm_enabled() && (new_block->flags & RAM_GUEST_MEMFD)) { + assert(new_block->guest_memfd < 0); + + new_block->guest_memfd = kvm_create_guest_memfd(new_block->max_length, + 0, errp); + if (new_block->guest_memfd < 0) { + qemu_mutex_unlock_ramlist(); + return; + } + } + new_ram_size = MAX(old_ram_size, (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS); if (new_ram_size > old_ram_size) { @@ -1904,7 +1915,7 @@ RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr, /* Just support these ram flags by now. */ assert((ram_flags & ~(RAM_SHARED | RAM_PMEM | RAM_NORESERVE | RAM_PROTECTED | RAM_NAMED_FILE | RAM_READONLY | - RAM_READONLY_FD)) == 0); + RAM_READONLY_FD | RAM_GUEST_MEMFD)) == 0); if (xen_enabled()) { error_setg(errp, "-mem-path not supported with Xen"); @@ -1941,6 +1952,7 @@ RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr, new_block->used_length = size; new_block->max_length = size; new_block->flags = ram_flags; + new_block->guest_memfd = -1; new_block->host = file_ram_alloc(new_block, size, fd, !file_size, offset, errp); if (!new_block->host) { @@ -2020,7 +2032,7 @@ RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size, int align; assert((ram_flags & ~(RAM_SHARED | RAM_RESIZEABLE | RAM_PREALLOC | - RAM_NORESERVE)) == 0); + RAM_NORESERVE| RAM_GUEST_MEMFD)) == 0); assert(!host ^ (ram_flags & RAM_PREALLOC)); align = qemu_real_host_page_size(); @@ -2035,6 +2047,7 @@ RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size, new_block->max_length = max_size; assert(max_size >= size); new_block->fd = -1; + new_block->guest_memfd = -1; new_block->page_size = qemu_real_host_page_size(); new_block->host = host; new_block->flags = ram_flags; @@ -2057,7 +2070,7 @@ RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host, RAMBlock *qemu_ram_alloc(ram_addr_t size, uint32_t ram_flags, MemoryRegion *mr, Error **errp) { - assert((ram_flags & ~(RAM_SHARED | RAM_NORESERVE)) == 0); + assert((ram_flags & ~(RAM_SHARED | RAM_NORESERVE | RAM_GUEST_MEMFD)) == 0); return qemu_ram_alloc_internal(size, size, NULL, NULL, ram_flags, mr, errp); } @@ -2085,6 +2098,11 @@ static void reclaim_ramblock(RAMBlock *block) } else { qemu_anon_ram_free(block->host, block->max_length); } + + if (block->guest_memfd >= 0) { + close(block->guest_memfd); + } + g_free(block); } From patchwork Wed Mar 20 08:39:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597609 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2065.outbound.protection.outlook.com [40.107.93.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D7F193CF65 for ; Wed, 20 Mar 2024 08:57:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.65 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710925079; cv=fail; b=Aftl0MVZa3yjuwYpvO5ybqa88RnsFEeZCBXQ0Ea56Ric96wRiTcYRP5TXDcYstTRX76KoYlfRvnRyCpEVzxveqeaYpmDhOtNqrlR6277MonIDycUPHuLJU67qVo9gPO1fkUPZiOyH4bQyNLfYlxBeJxpcEf3j0luoSSUiTB14Jg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710925079; c=relaxed/simple; bh=gphDwyVFjnBmP4TEN10xCHoK7fKYDJ3uBh5l5rYex64=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=modVM87IZrL65IEgy5QgmYaAkcg3ZTW3/yCpb3plkjrnl6Qe3IiLoVmfDeR93N3lKfi640fkBUa/ufMlmAVIRd+Uly5aAS/Eqx6gG2g2JHv9XX3AL3QfwVRK5kx3S1vonblUchFFgg7DQm1vzmNmfHHYkio0kHbtj2S00swQRS8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=gsauBePy; arc=fail smtp.client-ip=40.107.93.65 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="gsauBePy" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YPnRA/tFE+2CWt/uDAbomN70SFdn3xIviy4ZkKcmCiiSwocOwnVklidWHuAEVk8h+FGj1oTeP/7pyedbPB9nlBMi6XlzfHEFvKvaEsDWiNSaWeo6DDhrTvAj+squX4RutvFCy3FJ+RisM50aUTmYwKYCGqfzusDe1fU9MmoK7cJiiLOar2bA5YcYbp9NqsvfxonP+3Q4Vc0voXgsrJQQcxMeJyZEdRNV9UCluipLNtyc+oWbvyxSlyNMqTi3VWdY77WFP9GPkpSKfTZBKhb0EWirq9gtW7TEfzNjH+uKFY8ELCi470nfqs6h/MnWAVQBpzZKDXb9I26qB3bg4ELz5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fXrSi7n4QUdmX4kfC5CFibSP4rf6lZBrf1DZTp6Qlz4=; b=iTu0s7N4+oOLKlgUGn7ouB0qBhIX39JD/hXvZIPN3E17lGNz4man/wXHE9U6bqGS2eq4IkwnLN03hCmYYpGaWbQImXJuWckl0wD1MFaig2+HzvNLzP7Cyu1+xFF+aJyrudzicsZdnd1rFjp3bRDvkfTeWFwI5cyeIK7FVjrMOB8fHbhhM0objSKkFm9DJ5lB/u5RUXuso0XN477N0uCqZnON2g6KbSssS5uduD/xxZS8o6FlWX3dEKkuqCAlyFmzYZILN/lKeI11tllbDBFISvxHwz+uSXqMUDCpChYvUwI/B2VAzmHYN1Z2I/ru9wXduLiXmBlqfMn8qRbUP3WpcQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fXrSi7n4QUdmX4kfC5CFibSP4rf6lZBrf1DZTp6Qlz4=; b=gsauBePy2sU+kPZAhvKNmG77oMrr0MnsgMo5h+SRqUS/lRr2rqP9Padi1kfWSjIs+RvmFbhCAX6yuHNjO0DaExk6ECfNsnh308RJsDYE0vK/OVNtrCC+tuEHrCOyQ3ihkFgKDikhsrElt6LpBv2NZ8Jghz1R+X1MUsne/3HPruA= Received: from SJ0PR05CA0128.namprd05.prod.outlook.com (2603:10b6:a03:33d::13) by SJ1PR12MB6121.namprd12.prod.outlook.com (2603:10b6:a03:45c::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.30; Wed, 20 Mar 2024 08:57:55 +0000 Received: from CO1PEPF000044F1.namprd05.prod.outlook.com (2603:10b6:a03:33d:cafe::cf) by SJ0PR05CA0128.outlook.office365.com (2603:10b6:a03:33d::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.12 via Frontend Transport; Wed, 20 Mar 2024 08:57:55 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CO1PEPF000044F1.mail.protection.outlook.com (10.167.241.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:57:54 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:57:54 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata , David Hildenbrand Subject: [PATCH v3 07/49] HostMem: Add mechanism to opt in kvm guest memfd via MachineState Date: Wed, 20 Mar 2024 03:39:03 -0500 Message-ID: <20240320083945.991426-8-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000044F1:EE_|SJ1PR12MB6121:EE_ X-MS-Office365-Filtering-Correlation-Id: f3696f69-5a2e-4aed-b7a2-08dc48bbd528 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 2rCvsHQOGWi8udxrmbRKgPNYHfHz4N1uh9m4UYQ35wqh1Fw7oA7yEnoECW4EwlR/Flxrz4UtdKgN92gUWDrsrz/Xi6zMOufhgIMbvJu4kD9xPAVEKP8hgb5SA12FV+NP5lZZa3ahnS51udG7BEnTECSuwJX/pDlKdCAiTtOz3vJusfn5JC//2gML0xvsiog/fFz5ivIcrJVafyY5kpF0bQYVZEOgtVJfQfqv+56fIdQs7OloLZmTe9GxqsLtyVQvTiJo39qzdoY2vQzroy0BmgNCckbOmP5Y2t0TDd8vQ+7N+f4pjcG42lLoc9fAkG1XtOi+BlJ+igtS1NKJ/z1lO/P25CSih1ufMEZ/PwA+CxYy+K77X+1mr6KYek5k8746BHP4tN79T+fip+TNt28KLqA7KwiDeuFvgp4mm42ty86UtRLF7nTDNWI9jdFjELb5333WxiCZdKnSu6giwYaxhTBcnj9lkgOZS1JYV6vsG0UYYsAJMSD7Euh6Hvdz8UMmQYOEQe9ArwjYm/vf/h9dC2nyYutoYEAwwkj8CRmvlGCZ6YccC1j7zM7q2PYkeBI2T4YWKb1mVQTsVcRylY6vFNyNOtTISlvU8z/yHwD5ouqZIvTo+hOgKOr+qRLiL2477chMTP3DkxnM5cFIf+X/5LFLDLSnCVTX0iECQlxIRVOQlx37aMANyPiJi9akGWfVYUSiXoz4g40P6mJsf7BEopja2+Xb7N5ea2lkbxAQNJFR11OnQW5xDkFzhZT26ONB X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(376005)(36860700004)(1800799015)(82310400014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:57:54.9723 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f3696f69-5a2e-4aed-b7a2-08dc48bbd528 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000044F1.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR12MB6121 From: Xiaoyao Li Add a new member "guest_memfd" to memory backends. When it's set to true, it enables RAM_GUEST_MEMFD in ram_flags, thus private kvm guest_memfd will be allocated during RAMBlock allocation. Memory backend's @guest_memfd is wired with @require_guest_memfd field of MachineState. It avoid looking up the machine in phymem.c. MachineState::require_guest_memfd is supposed to be set by any VMs that requires KVM guest memfd as private memory, e.g., TDX VM. Signed-off-by: Xiaoyao Li Reviewed-by: David Hildenbrand --- Changes in v4: - rename "require_guest_memfd" to "guest_memfd" in struct HostMemoryBackend; (David Hildenbrand) Signed-off-by: Michael Roth --- backends/hostmem-file.c | 1 + backends/hostmem-memfd.c | 1 + backends/hostmem-ram.c | 1 + backends/hostmem.c | 1 + hw/core/machine.c | 5 +++++ include/hw/boards.h | 2 ++ include/sysemu/hostmem.h | 1 + 7 files changed, 12 insertions(+) diff --git a/backends/hostmem-file.c b/backends/hostmem-file.c index ac3e433cbd..3c69db7946 100644 --- a/backends/hostmem-file.c +++ b/backends/hostmem-file.c @@ -85,6 +85,7 @@ file_backend_memory_alloc(HostMemoryBackend *backend, Error **errp) ram_flags |= fb->readonly ? RAM_READONLY_FD : 0; ram_flags |= fb->rom == ON_OFF_AUTO_ON ? RAM_READONLY : 0; ram_flags |= backend->reserve ? 0 : RAM_NORESERVE; + ram_flags |= backend->guest_memfd ? RAM_GUEST_MEMFD : 0; ram_flags |= fb->is_pmem ? RAM_PMEM : 0; ram_flags |= RAM_NAMED_FILE; return memory_region_init_ram_from_file(&backend->mr, OBJECT(backend), name, diff --git a/backends/hostmem-memfd.c b/backends/hostmem-memfd.c index 3923ea9364..745ead0034 100644 --- a/backends/hostmem-memfd.c +++ b/backends/hostmem-memfd.c @@ -55,6 +55,7 @@ memfd_backend_memory_alloc(HostMemoryBackend *backend, Error **errp) name = host_memory_backend_get_name(backend); ram_flags = backend->share ? RAM_SHARED : 0; ram_flags |= backend->reserve ? 0 : RAM_NORESERVE; + ram_flags |= backend->guest_memfd ? RAM_GUEST_MEMFD : 0; return memory_region_init_ram_from_fd(&backend->mr, OBJECT(backend), name, backend->size, ram_flags, fd, 0, errp); } diff --git a/backends/hostmem-ram.c b/backends/hostmem-ram.c index d121249f0f..f7d81af783 100644 --- a/backends/hostmem-ram.c +++ b/backends/hostmem-ram.c @@ -30,6 +30,7 @@ ram_backend_memory_alloc(HostMemoryBackend *backend, Error **errp) name = host_memory_backend_get_name(backend); ram_flags = backend->share ? RAM_SHARED : 0; ram_flags |= backend->reserve ? 0 : RAM_NORESERVE; + ram_flags |= backend->guest_memfd ? RAM_GUEST_MEMFD : 0; return memory_region_init_ram_flags_nomigrate(&backend->mr, OBJECT(backend), name, backend->size, ram_flags, errp); diff --git a/backends/hostmem.c b/backends/hostmem.c index 81a72ce40b..eb9682b4a8 100644 --- a/backends/hostmem.c +++ b/backends/hostmem.c @@ -277,6 +277,7 @@ static void host_memory_backend_init(Object *obj) /* TODO: convert access to globals to compat properties */ backend->merge = machine_mem_merge(machine); backend->dump = machine_dump_guest_core(machine); + backend->guest_memfd = machine_require_guest_memfd(machine); backend->reserve = true; backend->prealloc_threads = machine->smp.cpus; } diff --git a/hw/core/machine.c b/hw/core/machine.c index 37ede0e7d4..73ce9da835 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -1198,6 +1198,11 @@ bool machine_mem_merge(MachineState *machine) return machine->mem_merge; } +bool machine_require_guest_memfd(MachineState *machine) +{ + return machine->require_guest_memfd; +} + static char *cpu_slot_to_string(const CPUArchId *cpu) { GString *s = g_string_new(NULL); diff --git a/include/hw/boards.h b/include/hw/boards.h index 8b8f6d5c00..44c2a4e1ec 100644 --- a/include/hw/boards.h +++ b/include/hw/boards.h @@ -36,6 +36,7 @@ bool machine_usb(MachineState *machine); int machine_phandle_start(MachineState *machine); bool machine_dump_guest_core(MachineState *machine); bool machine_mem_merge(MachineState *machine); +bool machine_require_guest_memfd(MachineState *machine); HotpluggableCPUList *machine_query_hotpluggable_cpus(MachineState *machine); void machine_set_cpu_numa_node(MachineState *machine, const CpuInstanceProperties *props, @@ -370,6 +371,7 @@ struct MachineState { char *dt_compatible; bool dump_guest_core; bool mem_merge; + bool require_guest_memfd; bool usb; bool usb_disabled; char *firmware; diff --git a/include/sysemu/hostmem.h b/include/sysemu/hostmem.h index 0e411aaa29..04b884bf42 100644 --- a/include/sysemu/hostmem.h +++ b/include/sysemu/hostmem.h @@ -74,6 +74,7 @@ struct HostMemoryBackend { uint64_t size; bool merge, dump, use_canonical_path; bool prealloc, is_mapped, share, reserve; + bool guest_memfd; uint32_t prealloc_threads; ThreadContext *prealloc_context; DECLARE_BITMAP(host_nodes, MAX_NODES + 1); From patchwork Wed Mar 20 08:39:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597610 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2053.outbound.protection.outlook.com [40.107.223.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 517CA11720 for ; Wed, 20 Mar 2024 08:58:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.53 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710925100; cv=fail; b=ltuVjx6h7b+ocVfYwUKFIARFb7ll3Iyaq1aElkpDlSNZeeFOXe7Zrd2M86CBP8j8lWS3ZVk2AClin9f2Qimn1mwHl3TioLPOZP6w9wRIk/4auzPiwrzhWdWDQKiLuhN/0CjPjEnM+uMLZLrsvUMDiBZVPyA3nvS6Eb4iW9Fke7M= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710925100; c=relaxed/simple; bh=dMrJwPUQb8Ia6khauH6BUakxNziFFkA2ncHLW61YFSE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Pk/n17bEqxGcrUHR9Et47DFmxMkuTLEmf5+5JpZ7tEUvt2/wAtmfmpCwSLpLJ6qo838sz3K7OOnPcsI8bbc2OV5EWcI2GyimzqPW/TR1jyTnkfkq0lzzh0oaTChK7SiWQ9LomgBBr0d2YxLsf90lFeTr0Cmlu2YqRH+1lGPjAA8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=jIMOAdsV; arc=fail smtp.client-ip=40.107.223.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="jIMOAdsV" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oOVzZhCMNdeJv0l6pEQ5HT+YrrQt+ngfptQPPXtW78G0lJKO4SW9Z82nb22i/zZTtfesjvFUelYSN+WFvLMcDvsnifZafJuzGlmaxUEgc0iRxK55BLIbIIIgDUGOC1ibdOlobt4BeCfFefqcj6dl6nTIiu8ENWn2vbDQD3+IKYzIjM8mFjdwAfGNjaQlSS8QwM0WBtkttaFanQpy5Kwv13lQDVnTPFUwdF2nL/3cOhjKdno774P6vfFO3rXUBuvlhxoAkXcH/chMUm4JmD6tD93+5cfieKnVuXg0/JvGlRnMhUoSRT1WSSjGtwUYKQMdMVwE74yrw3w3mNo4ijlC8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XyC8UNRWo9Trf6WIFCzcD+w1cyVM/VMsHML0mDc3vZE=; b=Vcj5/GAbNG9/spm1f6PaMoUcNh9M2eu4ZFdI42BS7kmW4yeDDnrExAjb8rH/cGo7WeEx0hwEW09hnNEYqEWFuIlK9RX9MmNEUawKap9t/6memgz8QJHvsRfziJ5J2xDvekV6VWzU+SEeZDXWmiAj/pvF1A7InQmkyfzSMTYZZYfjjtlSspCiCxJwEWT30WPpP+/KDJcWW11UkdJCXdA6qK6QWfdfpCiIKBnDVSPEjJol1b1VZebt0AmudaCS41s2x1GY2yajHggNZc/rAVD0IPerBkyeSBhXiRplv0jxPEJsP++l3shm1J0jsG1PnYLsphQ0WwVIZMi9YZq8zusUZg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XyC8UNRWo9Trf6WIFCzcD+w1cyVM/VMsHML0mDc3vZE=; b=jIMOAdsVI8Ztn/92VAC9+ZY6X3gZtbR+D2PoZMV3eQ31pHIfUE59PBmRKvx7Nfe7ojv34IL0n5jAj9yB3KiVijehKf4WjReIowaJcHB5f2imkMTwBZJfrdClqcky09mlFPbTzK2/QKWXE7TOrtVlH4Xj4n/WwBLGae2/1AxUj3I= Received: from SJ0PR05CA0129.namprd05.prod.outlook.com (2603:10b6:a03:33d::14) by MW5PR12MB5682.namprd12.prod.outlook.com (2603:10b6:303:19f::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27; Wed, 20 Mar 2024 08:58:17 +0000 Received: from CO1PEPF000044F1.namprd05.prod.outlook.com (2603:10b6:a03:33d:cafe::ce) by SJ0PR05CA0129.outlook.office365.com (2603:10b6:a03:33d::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.11 via Frontend Transport; Wed, 20 Mar 2024 08:58:17 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CO1PEPF000044F1.mail.protection.outlook.com (10.167.241.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:58:16 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:58:15 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 08/49] trace/kvm: Split address space and slot id in trace_kvm_set_user_memory() Date: Wed, 20 Mar 2024 03:39:04 -0500 Message-ID: <20240320083945.991426-9-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000044F1:EE_|MW5PR12MB5682:EE_ X-MS-Office365-Filtering-Correlation-Id: ed068838-dda3-4314-7c12-08dc48bbe21f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 00BFDDhe18etKv++dIwucK3RJ7IgpfftOz8ksSG5S4Oija4AFX0MycCrqt1aEaN0D9pa2rxCCemvSQK62kzWVPE5H/WDxx+SpT9ucx2tSbD9S3LsrRtn7oz+BlfuPPBpbEu3usxjEJLFgKWGBLpqYqDHg43R3Ccx9zT031SmuVx8QRBZzR8SuaEaUeu9G3g1QrRD71wn4snco5ME/TUOb2HopheIR5do2TUAWUgeVrLkmXm9/ibmToZd2695nl978uQ1pwJltVW6Qpx2sI38JQf9tgaYTmveFLIw/18Bzl4CLQGcdqrP0oDT5kQPI4WCx0g+eTf48wkMDwkxeambNZ5iyukdkwLcFnmrWdFYqOxt2f9XbTrPbb0y9YUE6KXbpr+U134L540T3pYbnxWBCiX9t7oSdG8csiVd0/GQiyNwp2Bj/7ncd+dW9chy4imWvXI8UjAX9+pnLsLyh1mLWEdG0JXIr6Neinqd1kcLs3TxJ0b59b+XbyogakD08L12TcfYl3fcDB51KM/Rdcdz9XdTS/AnYUZXbFgzgdCJ30dUL7StdVoQJfSfqWIiglGqxdMxq1E27OBskkFghCHLnGBSiWeoQQ1kgdGcz0qyu9Z+unGyP5YbVHK4h3UvDOxv/8WMJlHSTghEks+qk5TynlSRQia03OXnPzXWdh1IYKmRa+4NJXrvcJQp/EeKF+zPwaociMNteC9Cu4IquHyBY3A+So1wuwYcJ6aig491lPmWfWMa3cqmtSU0q7VdfeZH X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(36860700004)(376005)(82310400014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:58:16.3941 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ed068838-dda3-4314-7c12-08dc48bbe21f X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000044F1.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW5PR12MB5682 From: Xiaoyao Li The upper 16 bits of kvm_userspace_memory_region::slot are address space id. Parse it separately in trace_kvm_set_user_memory(). Signed-off-by: Xiaoyao Li Signed-off-by: Michael Roth --- accel/kvm/kvm-all.c | 5 +++-- accel/kvm/trace-events | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 132ab65df5..d2856dd736 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -304,8 +304,9 @@ static int kvm_set_user_memory_region(KVMMemoryListener *kml, KVMSlot *slot, boo ret = kvm_vm_ioctl(s, KVM_SET_USER_MEMORY_REGION, &mem); slot->old_flags = mem.flags; err: - trace_kvm_set_user_memory(mem.slot, mem.flags, mem.guest_phys_addr, - mem.memory_size, mem.userspace_addr, ret); + trace_kvm_set_user_memory(mem.slot >> 16, (uint16_t)mem.slot, mem.flags, + mem.guest_phys_addr, mem.memory_size, + mem.userspace_addr, ret); if (ret < 0) { error_report("%s: KVM_SET_USER_MEMORY_REGION failed, slot=%d," " start=0x%" PRIx64 ", size=0x%" PRIx64 ": %s", diff --git a/accel/kvm/trace-events b/accel/kvm/trace-events index a25902597b..9f599abc17 100644 --- a/accel/kvm/trace-events +++ b/accel/kvm/trace-events @@ -15,7 +15,7 @@ kvm_irqchip_update_msi_route(int virq) "Updating MSI route virq=%d" kvm_irqchip_release_virq(int virq) "virq %d" kvm_set_ioeventfd_mmio(int fd, uint64_t addr, uint32_t val, bool assign, uint32_t size, bool datamatch) "fd: %d @0x%" PRIx64 " val=0x%x assign: %d size: %d match: %d" kvm_set_ioeventfd_pio(int fd, uint16_t addr, uint32_t val, bool assign, uint32_t size, bool datamatch) "fd: %d @0x%x val=0x%x assign: %d size: %d match: %d" -kvm_set_user_memory(uint32_t slot, uint32_t flags, uint64_t guest_phys_addr, uint64_t memory_size, uint64_t userspace_addr, int ret) "Slot#%d flags=0x%x gpa=0x%"PRIx64 " size=0x%"PRIx64 " ua=0x%"PRIx64 " ret=%d" +kvm_set_user_memory(uint16_t as, uint16_t slot, uint32_t flags, uint64_t guest_phys_addr, uint64_t memory_size, uint64_t userspace_addr, int ret) "AddrSpace#%d Slot#%d flags=0x%x gpa=0x%"PRIx64 " size=0x%"PRIx64 " ua=0x%"PRIx64 " ret=%d" kvm_clear_dirty_log(uint32_t slot, uint64_t start, uint32_t size) "slot#%"PRId32" start 0x%"PRIx64" size 0x%"PRIx32 kvm_resample_fd_notify(int gsi) "gsi %d" kvm_dirty_ring_full(int id) "vcpu %d" From patchwork Wed Mar 20 08:39:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597483 Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2077.outbound.protection.outlook.com [40.107.101.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CD00736AE7 for ; Wed, 20 Mar 2024 08:41:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.101.77 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924073; cv=fail; b=edGVG/qrSOEudF4r/MioSibg7kASiHWXDUFyeQciXoImLubqAfJ1IcWM6W7E4f88IaXIsKqquOKMcTf94ua3cGxf9Qmix2MbRkUeHZ2CwJdzNKMnlVgtccakWBG0hSDAY8TJrYfnQLkV2mgENjecf3ZuJ6WUqd4uhr7Bfkqudjg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924073; c=relaxed/simple; bh=UjJc5Y2iwVGNE8ZEjRS5c7iQZO/3t+gMmR0WwIxggwM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=hXa79oC3q8EH3BWeyffPEJZlh+9L4dJXNMattf6e5GoCALe7MXI4a+kx3XcZMdBn0FkicQTVTv87mYOObmy4YoMrF4yhC88Y1vNbCarJ+wq+S5hpA2E1RWIT+mo0ErBDlx/9TPj7oDWCjKrnYSAHMGeBV+jxXE7A/c321jzHx3M= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Is9h6fj3; arc=fail smtp.client-ip=40.107.101.77 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Is9h6fj3" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=P7dBKi3CbtRM711N57e4pHOkdwH6UL1JQisLWZNyg8AYP+smlkPfajueElirGKaJs7AzznmAQJ/INFSy+1W8sy4AcVS5T39JU/ADArfPEetH2eE3pKm78sQELvX4n335sBgiVZygQhpmnSiHRDcIEntmHy3nFowf6r3/IuFmGFle1BdlKyprro3dFce7jkBcm1i2Fy/ILanPqws6/LV6QWZPP7d8EP/b+Pkq71YQrdprEAyU7XQpii971n9TYbRAHD+Vq5lrsHP2UhtRrotAogkC2IQ1uFYzA+p1rr/dSMKNQ2mlwR3ZVL4iS1nVlAJ60mELBsn9C7yG8GMv1XJE8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dCoeIDeRPyiwXA+J+KvIQp99uEJ+gmdpzx7A7PhKWWI=; b=Co0Ig1c7kqQqYyknFtLhiK+i2KHo0+1Q2IVYFMQgGjJhbQsFq4tgqs1VlDgbsAGnY71Ru9RNfIZRm2a9aQ1YEndbn8UIYdFhDIyxH+KWm6boagNrMkW3hnR+7lGh682+DIWcWuKgA1fwn3NZ2YlEPKHWC0fuOHtdYE6geEDbrXxObh7hIuPJ2nYifflGk8fNQwvrzHzGUryv7x5vEcP+H9D4PXNEyhaRJL2OmX1D1DMy3Uxq24XGE0hf+aPVjkRO+cGxEVoQ0VvDW9FouC8gGXSqsvuHMfMHlmI1q3NGu7KT1c3PvvKf5vaA0hOXv0lGKfKemBQwOVQ6NuHRgHHWqA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dCoeIDeRPyiwXA+J+KvIQp99uEJ+gmdpzx7A7PhKWWI=; b=Is9h6fj3M9gr9SB0hufmu67GOWvJhE5VseFJgUkcIoHpmkho9BFF3gRiSzMVl7wLzG1IJNMnCXG9/memQmZxHssBUmY5RjRnMIFZ0Umy3n3hQV+xrG0fsEw5n1mMYo4AnPk/2eVu4beTpR3+jBa3BijxtZrKqQHMeNXKpgLY/70= Received: from SN4PR0501CA0118.namprd05.prod.outlook.com (2603:10b6:803:42::35) by DM4PR12MB5748.namprd12.prod.outlook.com (2603:10b6:8:5f::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.31; Wed, 20 Mar 2024 08:41:08 +0000 Received: from SN1PEPF0002529F.namprd05.prod.outlook.com (2603:10b6:803:42:cafe::5a) by SN4PR0501CA0118.outlook.office365.com (2603:10b6:803:42::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.12 via Frontend Transport; Wed, 20 Mar 2024 08:41:08 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF0002529F.mail.protection.outlook.com (10.167.242.6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:41:08 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:41:07 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata , Chao Peng Subject: [PATCH v3 09/49] kvm: Enable KVM_SET_USER_MEMORY_REGION2 for memslot Date: Wed, 20 Mar 2024 03:39:05 -0500 Message-ID: <20240320083945.991426-10-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF0002529F:EE_|DM4PR12MB5748:EE_ X-MS-Office365-Filtering-Correlation-Id: 8aea8d22-b182-4d35-52dd-08dc48b97cfc X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: oUw4nXhYM/Xg6ew5jJg+ZgtGgLKieRBxVPv5nHaAXLqTkXo/AKWeif5WABC7k869UT45bxmqXeNLiu1f4cy79yjKc4T8kcEjrIWlrE7o1RES2zUGywwlF64+c5RSsOXy7FePv7vfXU7twUjjwD5+paVWnsMLAcMW+6lFjrEkiFhXY6xqDh5bVV0BDML9i3dcP70aZynSM6ST/Olr3d2+8G1Z/Snjs0sh/XU2TQxzvYVbrD5iVhqX24CSGji/p13RcAnhtpPs04pw/dL2YA/K/KFNMU/dHSlnuCTeNSHFR9h256pADR3+yqgH9zzhlbLtxQs8MAQSZUDrOQDW+/eX20fA/rATIqsPluTXnysP1ftRBSiKpGTtU93immpBx/zRa8W0T0G2zqkKAxuSAbITcQ+/BC5C/AlQn2/fRil9ggzkfdarbH2QqdpZxRzqDktukfVfvmVuIuR1ttw44ppWPajJOfgRmH4Q6L2P4zCRafKz5Hv6d4fMzJBzTYs/2qjpH6M4jYwPcIZdL3bwLV0MtGY6PHVzxJ88TaJ+/r9RkOP2C+sACIMOQHYEjmdLpaxFp9VUsZfve8v9ecyjfeWTXsxYgXrsVV+f6QxsGuY9mVYE1mI6AId7jm6AyUSH9Y8cfojTGj0aU+S9dR3uGY23xGtn/23eyMHvZ4B44oYzUm55yz2M2xNykpfS6+cyMn2fRzkjcuNAATck6t1S/y4gE7lmkr6bSoiuUB6OLyvEJ/lGj+ut9wXvyOezPEZXnVhg X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(376005)(36860700004)(82310400014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:41:08.2203 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8aea8d22-b182-4d35-52dd-08dc48b97cfc X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF0002529F.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5748 From: Chao Peng Switch to KVM_SET_USER_MEMORY_REGION2 when supported by KVM. With KVM_SET_USER_MEMORY_REGION2, QEMU can set up memory region that backend'ed both by hva-based shared memory and guest memfd based private memory. Signed-off-by: Chao Peng Co-developed-by: Xiaoyao Li Signed-off-by: Xiaoyao Li --- Changes in v4: - update KVM_MEM_PRIVATE to KVM_MEM_GUEST_MEMFD; (Isaku) Signed-off-by: Michael Roth --- accel/kvm/kvm-all.c | 56 ++++++++++++++++++++++++++++++++++------ accel/kvm/trace-events | 2 +- include/sysemu/kvm_int.h | 2 ++ 3 files changed, 51 insertions(+), 9 deletions(-) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index d2856dd736..e83429b31e 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -283,35 +283,69 @@ int kvm_physical_memory_addr_from_host(KVMState *s, void *ram, static int kvm_set_user_memory_region(KVMMemoryListener *kml, KVMSlot *slot, bool new) { KVMState *s = kvm_state; - struct kvm_userspace_memory_region mem; + struct kvm_userspace_memory_region2 mem; + static int cap_user_memory2 = -1; int ret; + if (cap_user_memory2 == -1) { + cap_user_memory2 = kvm_check_extension(s, KVM_CAP_USER_MEMORY2); + } + + if (!cap_user_memory2 && slot->guest_memfd >= 0) { + error_report("%s, KVM doesn't support KVM_CAP_USER_MEMORY2," + " which is required by guest memfd!", __func__); + exit(1); + } + mem.slot = slot->slot | (kml->as_id << 16); mem.guest_phys_addr = slot->start_addr; mem.userspace_addr = (unsigned long)slot->ram; mem.flags = slot->flags; + mem.guest_memfd = slot->guest_memfd; + mem.guest_memfd_offset = slot->guest_memfd_offset; if (slot->memory_size && !new && (mem.flags ^ slot->old_flags) & KVM_MEM_READONLY) { /* Set the slot size to 0 before setting the slot to the desired * value. This is needed based on KVM commit 75d61fbc. */ mem.memory_size = 0; - ret = kvm_vm_ioctl(s, KVM_SET_USER_MEMORY_REGION, &mem); + + if (cap_user_memory2) { + ret = kvm_vm_ioctl(s, KVM_SET_USER_MEMORY_REGION2, &mem); + } else { + ret = kvm_vm_ioctl(s, KVM_SET_USER_MEMORY_REGION, &mem); + } if (ret < 0) { goto err; } } mem.memory_size = slot->memory_size; - ret = kvm_vm_ioctl(s, KVM_SET_USER_MEMORY_REGION, &mem); + if (cap_user_memory2) { + ret = kvm_vm_ioctl(s, KVM_SET_USER_MEMORY_REGION2, &mem); + } else { + ret = kvm_vm_ioctl(s, KVM_SET_USER_MEMORY_REGION, &mem); + } slot->old_flags = mem.flags; err: trace_kvm_set_user_memory(mem.slot >> 16, (uint16_t)mem.slot, mem.flags, mem.guest_phys_addr, mem.memory_size, - mem.userspace_addr, ret); + mem.userspace_addr, mem.guest_memfd, + mem.guest_memfd_offset, ret); if (ret < 0) { - error_report("%s: KVM_SET_USER_MEMORY_REGION failed, slot=%d," - " start=0x%" PRIx64 ", size=0x%" PRIx64 ": %s", - __func__, mem.slot, slot->start_addr, - (uint64_t)mem.memory_size, strerror(errno)); + if (cap_user_memory2) { + error_report("%s: KVM_SET_USER_MEMORY_REGION2 failed, slot=%d," + " start=0x%" PRIx64 ", size=0x%" PRIx64 "," + " flags=0x%" PRIx32 ", guest_memfd=%" PRId32 "," + " guest_memfd_offset=0x%" PRIx64 ": %s", + __func__, mem.slot, slot->start_addr, + (uint64_t)mem.memory_size, mem.flags, + mem.guest_memfd, (uint64_t)mem.guest_memfd_offset, + strerror(errno)); + } else { + error_report("%s: KVM_SET_USER_MEMORY_REGION failed, slot=%d," + " start=0x%" PRIx64 ", size=0x%" PRIx64 ": %s", + __func__, mem.slot, slot->start_addr, + (uint64_t)mem.memory_size, strerror(errno)); + } } return ret; } @@ -466,6 +500,9 @@ static int kvm_mem_flags(MemoryRegion *mr) if (readonly && kvm_readonly_mem_allowed) { flags |= KVM_MEM_READONLY; } + if (memory_region_has_guest_memfd(mr)) { + flags |= KVM_MEM_GUEST_MEMFD; + } return flags; } @@ -1363,6 +1400,9 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml, mem->ram_start_offset = ram_start_offset; mem->ram = ram; mem->flags = kvm_mem_flags(mr); + mem->guest_memfd = mr->ram_block->guest_memfd; + mem->guest_memfd_offset = (uint8_t*)ram - mr->ram_block->host; + kvm_slot_init_dirty_bitmap(mem); err = kvm_set_user_memory_region(kml, mem, true); if (err) { diff --git a/accel/kvm/trace-events b/accel/kvm/trace-events index 9f599abc17..e8c52cb9e7 100644 --- a/accel/kvm/trace-events +++ b/accel/kvm/trace-events @@ -15,7 +15,7 @@ kvm_irqchip_update_msi_route(int virq) "Updating MSI route virq=%d" kvm_irqchip_release_virq(int virq) "virq %d" kvm_set_ioeventfd_mmio(int fd, uint64_t addr, uint32_t val, bool assign, uint32_t size, bool datamatch) "fd: %d @0x%" PRIx64 " val=0x%x assign: %d size: %d match: %d" kvm_set_ioeventfd_pio(int fd, uint16_t addr, uint32_t val, bool assign, uint32_t size, bool datamatch) "fd: %d @0x%x val=0x%x assign: %d size: %d match: %d" -kvm_set_user_memory(uint16_t as, uint16_t slot, uint32_t flags, uint64_t guest_phys_addr, uint64_t memory_size, uint64_t userspace_addr, int ret) "AddrSpace#%d Slot#%d flags=0x%x gpa=0x%"PRIx64 " size=0x%"PRIx64 " ua=0x%"PRIx64 " ret=%d" +kvm_set_user_memory(uint16_t as, uint16_t slot, uint32_t flags, uint64_t guest_phys_addr, uint64_t memory_size, uint64_t userspace_addr, uint32_t fd, uint64_t fd_offset, int ret) "AddrSpace#%d Slot#%d flags=0x%x gpa=0x%"PRIx64 " size=0x%"PRIx64 " ua=0x%"PRIx64 " guest_memfd=%d" " guest_memfd_offset=0x%" PRIx64 " ret=%d" kvm_clear_dirty_log(uint32_t slot, uint64_t start, uint32_t size) "slot#%"PRId32" start 0x%"PRIx64" size 0x%"PRIx32 kvm_resample_fd_notify(int gsi) "gsi %d" kvm_dirty_ring_full(int id) "vcpu %d" diff --git a/include/sysemu/kvm_int.h b/include/sysemu/kvm_int.h index 3496be7997..a5a3fee411 100644 --- a/include/sysemu/kvm_int.h +++ b/include/sysemu/kvm_int.h @@ -30,6 +30,8 @@ typedef struct KVMSlot int as_id; /* Cache of the offset in ram address space */ ram_addr_t ram_start_offset; + int guest_memfd; + hwaddr guest_memfd_offset; } KVMSlot; typedef struct KVMMemoryUpdate { From patchwork Wed Mar 20 08:39:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597484 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2079.outbound.protection.outlook.com [40.107.237.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 945FC22079 for ; Wed, 20 Mar 2024 08:41:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.79 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924094; cv=fail; b=bYLaVfN4E5yDJbiE915Y4ok/4RSNmc85eH/JHOSwOlIEYv4c/sk6XJwNJqwhsRFLt+8fqvv81KbcWekeNeBJrKGnLsIjRYYw/RouVYZde7hKTF8+KxwoNeQ2R2yjm0DMVflmQjMJ/ckRf1qyNZcTYr07Gbuz4/L1ymACobUDgQY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924094; c=relaxed/simple; bh=DtF/yOfQ5gWkXYix/40+KWfGIDDbVj4/Sij4PsMr0E4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=X37cbniTqtdwl22/1Xa7bhk1SD1tj93CcntHtQjn4r0JMsWSRaFeWT/djTEf7+qw9TF8lqRJF1p5WRFZxz2kJF9kefsmSi2Bo/Cje/vujcMm8LmED++dI8TcArc1dvhAFPc/p3i40oMkJL6ViET4vwefhpRyO8V9GWaIiuqByFY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=16Jo6+Kr; arc=fail smtp.client-ip=40.107.237.79 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="16Jo6+Kr" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nydfsR9nHYnLp9EV8UmoqiDHBVVKRCQ69K3o2UgkShHFBvelK4Z87F2gCFIvpCJSQ420INB/WmpZr+/13QULUmvip/dhUM4t+n6O1GEHGxpcGGSjhLlhTpQ0qpnJdgx/K6rIWzSjB6bi8YmMQTeZFPp06WKdLpee0nThKizzQ9WOeXfRagxIufA9CvPQtkevoUnpTtypivcKMJKKJNpTWbIAdzstbzA6g2mA9TQn7H1cZ21s0s0Nup3eLvaohRXoRm1Y+bG5dM3/FQnZ1NVPFyo+BO4qxw8wyRpglaBH3AaEUNJE5bFmgi5uD0geFDmHnGSsVmp8bN447wy8PCpsTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wQuSWpKvcj4+ThgJHs6oUIdcE/w2mjZN6UvE7iEMxHA=; b=NcHBAWmORP3wRIHave7BpxQ/++zsLaIbAqFLVfTaQv25euT1S1HAPG1ETgHY8PBWlRfB/G5CR7PlxUEA2qx5Yoqnhej2IBigp0GBI4kgudItirRS/k1VW8/FVx1PiHGFnus2LBTY832dmpS77lk/g3gayo5UxcuVDQIU7w3TJj1aVn6gE8aRd3Js/dPgw/yAiMM7z6qNnWd9LiajI7gX/lh/pUAuk+Zrh0C8o4CcAMiGXotyfJ2b6Eqi4y0WgBeBumx7u854lCCPmza/AsUBBExy8/FPePKt3yPzxbvoeD/pYkNcgOhi84tFQKazT2jT6x7udqp4fF+SWAd++/3ATA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wQuSWpKvcj4+ThgJHs6oUIdcE/w2mjZN6UvE7iEMxHA=; b=16Jo6+Kr0DMskBhsROQKFF/an4MMQiHuY+ZrpjPT7W7xd+6vJhGxW7rsTLp38GUDbRbroIGyCBynhf54MZHPKTl+kvTolLAC8pgaZxBM87+DDN5Pr1P/VLjGDbwsjepNI1DcMnbPT1+Uf3f5kwB+fC4XsEruK4XjhdVYBC2zqzg= Received: from SA1PR02CA0022.namprd02.prod.outlook.com (2603:10b6:806:2cf::29) by LV8PR12MB9133.namprd12.prod.outlook.com (2603:10b6:408:188::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.28; Wed, 20 Mar 2024 08:41:30 +0000 Received: from SN1PEPF000252A4.namprd05.prod.outlook.com (2603:10b6:806:2cf:cafe::b3) by SA1PR02CA0022.outlook.office365.com (2603:10b6:806:2cf::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.28 via Frontend Transport; Wed, 20 Mar 2024 08:41:29 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF000252A4.mail.protection.outlook.com (10.167.242.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:41:29 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:41:28 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 10/49] kvm: Introduce support for memory_attributes Date: Wed, 20 Mar 2024 03:39:06 -0500 Message-ID: <20240320083945.991426-11-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF000252A4:EE_|LV8PR12MB9133:EE_ X-MS-Office365-Filtering-Correlation-Id: 1a896c60-b326-4287-707b-08dc48b989a9 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: vCEhPJuIetAjTxcR0qlVNHmEFwvu4yY63xa40DbpgSNvGc2dyoN/0oBCGEsERq7U7S3F8er90K0A1PQ7y4rKSgol61DD0ZAwrNfXhBG1Eta1PmrsQFDeXz7saw6vn5qi8ZcvRSdDP9s94CO004ARsI0e0fgySZ2GUVc90gKeOAW0AUrZ3Y3GHi6AqOcBrT4ILnywCnnYLPgHkLAMO5EwCGAvv0shS6eDxzVJI+hrtOD3KYPTVjCpnU8twmuZ8U8pDZHTXR3IZiG3rryxODPj0GB5dMPQ+cidWSbf05eydXGaSnJBsZkRYjZWPiHF3vSJMT1IgbsgpHKpZqpaIIqPqd8dNgosndQxWILNRWZ56+eD2PfcnGy8KoB6VM2OMO4tKnNNqmZM6a+Vo8hQ9sAfny8Yvb1oVZFw+0q9l7SREmDen2GRzr6APeksraH8jy8mhwP+JGuE5vNHmlaqdjtL1OEWvn2fSua5ggmD+xu2xk/CwEqU9I5V8VsbQRSaVxKv4Y62WCyrvH3bCebyNXtd5AEAwWaAeFru05/ICp0PLT/pJBuNIDuRuMp4RDrfArtAhO1RI+eG217j2fuVG1fSOll3hOEhNhVVeNPh5tgOxRzqScAfrnZ4j1mcoAZinHiobNQh6lmPHIKhyKWFTClqMRBBiejnjPWOJB+u8I9OhdEuxwlPQYn8W9cZcLTLjpzO4BYGBBOS6R41S5uEtNA091boZPBHdpg2l1RrBvKKTy85/1w7+4u8dbV2iV48NyNy X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(376005)(36860700004)(82310400014)(1800799015);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:41:29.4719 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1a896c60-b326-4287-707b-08dc48b989a9 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF000252A4.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV8PR12MB9133 From: Xiaoyao Li Introduce the helper functions to set the attributes of a range of memory to private or shared. This is necessary to notify KVM the private/shared attribute of each gpa range. KVM needs the information to decide the GPA needs to be mapped at hva-based shared memory or guest_memfd based private memory. Signed-off-by: Xiaoyao Li --- Changes in v4: - move the check of kvm_supported_memory_attributes to the common kvm_set_memory_attributes(); (Wang Wei) - change warn_report() to error_report() in kvm_set_memory_attributes() and drop the __func__; (Daniel) Signed-off-by: Michael Roth --- accel/kvm/kvm-all.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ include/sysemu/kvm.h | 3 +++ 2 files changed, 47 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index e83429b31e..df7a32735a 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -92,6 +92,7 @@ static bool kvm_has_guest_debug; static int kvm_sstep_flags; static bool kvm_immediate_exit; static bool kvm_guest_memfd_supported; +static uint64_t kvm_supported_memory_attributes; static hwaddr kvm_max_slot_size = ~0; static const KVMCapabilityInfo kvm_required_capabilites[] = { @@ -1304,6 +1305,46 @@ void kvm_set_max_memslot_size(hwaddr max_slot_size) kvm_max_slot_size = max_slot_size; } +static int kvm_set_memory_attributes(hwaddr start, hwaddr size, uint64_t attr) +{ + struct kvm_memory_attributes attrs; + int r; + + if (kvm_supported_memory_attributes == 0) { + error_report("No memory attribute supported by KVM\n"); + return -EINVAL; + } + + if ((attr & kvm_supported_memory_attributes) != attr) { + error_report("memory attribute 0x%lx not supported by KVM," + " supported bits are 0x%lx\n", + attr, kvm_supported_memory_attributes); + return -EINVAL; + } + + attrs.attributes = attr; + attrs.address = start; + attrs.size = size; + attrs.flags = 0; + + r = kvm_vm_ioctl(kvm_state, KVM_SET_MEMORY_ATTRIBUTES, &attrs); + if (r) { + error_report("failed to set memory (0x%lx+%#zx) with attr 0x%lx error '%s'", + start, size, attr, strerror(errno)); + } + return r; +} + +int kvm_set_memory_attributes_private(hwaddr start, hwaddr size) +{ + return kvm_set_memory_attributes(start, size, KVM_MEMORY_ATTRIBUTE_PRIVATE); +} + +int kvm_set_memory_attributes_shared(hwaddr start, hwaddr size) +{ + return kvm_set_memory_attributes(start, size, 0); +} + /* Called with KVMMemoryListener.slots_lock held */ static void kvm_set_phys_mem(KVMMemoryListener *kml, MemoryRegionSection *section, bool add) @@ -2439,6 +2480,9 @@ static int kvm_init(MachineState *ms) kvm_guest_memfd_supported = kvm_check_extension(s, KVM_CAP_GUEST_MEMFD); + ret = kvm_check_extension(s, KVM_CAP_MEMORY_ATTRIBUTES); + kvm_supported_memory_attributes = ret > 0 ? ret : 0; + if (object_property_find(OBJECT(current_machine), "kvm-type")) { g_autofree char *kvm_type = object_property_get_str(OBJECT(current_machine), "kvm-type", diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h index b4913281e2..2cb3192509 100644 --- a/include/sysemu/kvm.h +++ b/include/sysemu/kvm.h @@ -538,4 +538,7 @@ void kvm_mark_guest_state_protected(void); bool kvm_hwpoisoned_mem(void); int kvm_create_guest_memfd(uint64_t size, uint64_t flags, Error **errp); + +int kvm_set_memory_attributes_private(hwaddr start, hwaddr size); +int kvm_set_memory_attributes_shared(hwaddr start, hwaddr size); #endif From patchwork Wed Mar 20 08:39:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597486 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2077.outbound.protection.outlook.com [40.107.93.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 723D638DC0 for ; Wed, 20 Mar 2024 08:42:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.77 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924139; cv=fail; b=fdEaXBAWiL5gRPgra3075M1ACnkSvZwfhAEtRF+qM008tftLWQABRFJM9dYSlJFdDlQNus+hjvxudUO5qKH75rjwBQ8HYeQmLA/HP++h9e060TpXeAmjbpn3e0KnPowSaP6wxUy14hlTpgQ6jtYQohhywqsggTSc3l97OzoWpcw= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924139; c=relaxed/simple; bh=cbhZv7YRZSPl/gMvLiudJfeteDV0kg3dAT7g5BFUzh0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=g3K82UjbVyo6zmZrD39IluTSOlYd81V8xl2c9clKfaye6a8rT//MumO7WO6y76xa1GgUjE5YtI5u99U4ORczBUuw/jqiTXB3yS/uW0sYekEnklZwRFn+0VVXpGw4IMPTHCCFVkmitxpbyZ58Hz9wPBf1Mn/y7hm0COmb4ncbd80= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=EF6CpeQ8; arc=fail smtp.client-ip=40.107.93.77 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="EF6CpeQ8" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Zs7bFV8hc6uuicIA7e8/OGoqoUHwGGsU6cxkabjS5OdhOzqywtZsnCaD0mKlgl16LzpNl2MxEh0v9wJ/Q1o8d1Vzf3dU6+s7NI2iZbsi++uE6oDW6aQnq93IrSJB5ww1DBJlnwv5nqIPE2USt/TwD28anHUmvvQ/ngGvQuGUZdjIBbTcTndFlg77ZbUhAk+alNJhDrSlpGYHvkPpNtLH0/Q8moGthgh+FE+3CkL2NMM9T9a2LVxNlzNppDoB61MQ8Uyems+JU3WsaN5uhsitjwe3eRY2yzIe2y9kglJdmOwiqxP3oEQfwVZKqh7s3K3JgtnnjmIVWzKACxBp7+XNQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Nb5xn8wWzGmLkl9z1YSLuY3GvBtE0Frzq/FHmDOAUrA=; b=nXRI0sXwF21y1p0k6SvYsR3j+9+sUeahoMcFZQ+1qejxDiF1UjpDMHLlK9Z3Qdz5pTNXTFrUfvNy0wgUS0zaR0ie3W6U95QdfydYIVAlNr4nISjC3a+bl34ht2PQWy0alk4DCSB08tHPrAFeA0iuK6uiywGNx07QIVTkfCvUwzMUb2Ziq7hnLbEyHaI5M9hQBDfxNa8WoaOcZnZJ74SDEXNiEYoU0k1+hbWLecFmTBvleECuXKye5+l7Cracl9bhS7hw8DtvxMsFPrgr2xoVuLZxsexLsxgK2jFkrNV6pKEz8Hn7ho9dmM7BuFtzH8ifwv5qNZLrTQZ1gzwaG2KHMg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Nb5xn8wWzGmLkl9z1YSLuY3GvBtE0Frzq/FHmDOAUrA=; b=EF6CpeQ8gW0fMgC4FfjU2NE/ZWe9I+UWcvaRNAf/gDbE5blyCQRqV8OgVCZ5EOrmK9hd7ejVM0wFnOxhuO6Kh0/CJWOWl8abXgwCdz7/XnJ7rKLSEMxi+TyXaJOC6Dmrro7lemgwTvfcsKdNV4MMsDmOHTmi2NPzMHjmkcGYorc= Received: from SA1PR02CA0013.namprd02.prod.outlook.com (2603:10b6:806:2cf::11) by CYYPR12MB8922.namprd12.prod.outlook.com (2603:10b6:930:b8::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.28; Wed, 20 Mar 2024 08:42:15 +0000 Received: from SN1PEPF000252A4.namprd05.prod.outlook.com (2603:10b6:806:2cf:cafe::73) by SA1PR02CA0013.outlook.office365.com (2603:10b6:806:2cf::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.28 via Frontend Transport; Wed, 20 Mar 2024 08:42:15 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF000252A4.mail.protection.outlook.com (10.167.242.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:42:15 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:42:10 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata , David Hildenbrand Subject: [PATCH v3 11/49] physmem: Introduce ram_block_discard_guest_memfd_range() Date: Wed, 20 Mar 2024 03:39:07 -0500 Message-ID: <20240320083945.991426-12-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF000252A4:EE_|CYYPR12MB8922:EE_ X-MS-Office365-Filtering-Correlation-Id: 1d58d843-0fe7-4a5b-a42c-08dc48b9a4dd X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: oXd3BXwSVsKOooEJTZz2EmA76bwt3Yqb2YCWeK8kF4FexrdCVxGl90rEsMxBzxxDdT65AIbfraBgB2SzLEbX7K6N+0VdBNBGFB95NQYJLx9vwaes4v/K7cutnpZiLdKfTItNep9h7B7fohcJHwWI9R1oJH3BnztdJ864Bj8pzx6Q1EN544ipeh7vySRWQ+xhkqoMd2RdkQLF+zd+8SxdmwF1oYUx18p0qzTb8cc+kgXDhPVzdcbYMTPswLxoIsLW3QF/JcZW8dW/inuas9HzTloiiGaDIktUq5dTwkokStK1MSuUu6tvowp5Yp05FExHcp1YUjd2BsQh0PBAV3hUqFZ9eE57Y3jWSmuG/2TK1e/x1iTA9JLEEE7P6yySvLqDj2mut1faRbQpbQEew+35p4r4ftVCN/nkVkg9ksOpoeU6TixJ12ZnWLvL9pml+LAgT8x+fUkf9GpbiuFR6pZD/gEAkwbReIJk6pOhGUZSbrYX1UWYqsMYuqFEK5QMi5tsBptkRS9nv2UDas2oLsqvo2wCUMGSPhYbmjWfalWfENS+S4YBEezM7Yv2XK05YqI0s/1ZUCC/aCuusSFJ+FV1XRjNXKhUuYsua3/+znM8hmeVe7rOTTFkjTDf4KDguai1a4EILmIABQttW35PNqjV31KUh/XddvZvlLG/CVCUJA9jXxRJB3SeLz2UZyZMUcEbEXGsEEL4xkbg/TxXj76hObk6NTqUsxXJs6mpVt9gTlZQef2ZpftsdFBHO472PiGg X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(82310400014)(36860700004)(1800799015)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:42:15.1125 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1d58d843-0fe7-4a5b-a42c-08dc48b9a4dd X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF000252A4.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CYYPR12MB8922 From: Xiaoyao Li When memory page is converted from private to shared, the original private memory is back'ed by guest_memfd. Introduce ram_block_discard_guest_memfd_range() for discarding memory in guest_memfd. Originally-from: Isaku Yamahata Codeveloped-by: Xiaoyao Li Signed-off-by: Xiaoyao Li Reviewed-by: David Hildenbrand --- Changes in v5: - Collect Reviewed-by from David; Changes in in v4: - Drop ram_block_convert_range() and open code its implementation in the next Patch. Signed-off-by: Michael Roth --- include/exec/cpu-common.h | 2 ++ system/physmem.c | 23 +++++++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/include/exec/cpu-common.h b/include/exec/cpu-common.h index 6346df17ce..6d5318895a 100644 --- a/include/exec/cpu-common.h +++ b/include/exec/cpu-common.h @@ -159,6 +159,8 @@ typedef int (RAMBlockIterFunc)(RAMBlock *rb, void *opaque); int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque); int ram_block_discard_range(RAMBlock *rb, uint64_t start, size_t length); +int ram_block_discard_guest_memfd_range(RAMBlock *rb, uint64_t start, + size_t length); #endif diff --git a/system/physmem.c b/system/physmem.c index 3a4a3f10d5..8be8053cf7 100644 --- a/system/physmem.c +++ b/system/physmem.c @@ -3705,6 +3705,29 @@ err: return ret; } +int ram_block_discard_guest_memfd_range(RAMBlock *rb, uint64_t start, + size_t length) +{ + int ret = -1; + +#ifdef CONFIG_FALLOCATE_PUNCH_HOLE + ret = fallocate(rb->guest_memfd, FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE, + start, length); + + if (ret) { + ret = -errno; + error_report("%s: Failed to fallocate %s:%" PRIx64 " +%zx (%d)", + __func__, rb->idstr, start, length, ret); + } +#else + ret = -ENOSYS; + error_report("%s: fallocate not available %s:%" PRIx64 " +%zx (%d)", + __func__, rb->idstr, start, length, ret); +#endif + + return ret; +} + bool ramblock_is_pmem(RAMBlock *rb) { return rb->flags & RAM_PMEM; From patchwork Wed Mar 20 08:39:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597487 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam04on2043.outbound.protection.outlook.com [40.107.100.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 375A2381A1 for ; Wed, 20 Mar 2024 08:42:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.100.43 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924158; cv=fail; b=mGEsAzr7AOgBMXwnkKonpDTpj06At3h2Oswlu2A+SzGD99IbX5yWG3sBsJAeQR34FiWKFQ+7M08OA3gtpYcAH+/z6+Mw60Ukn6EEQBTv1doDFHI4W12C0lgPO/jialXJj8O1aJKGEDHcdeMnnTORbWuM8AqpaQeJrZUJ/NvlhmQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924158; c=relaxed/simple; bh=aP3UaHVpkBm3YRjHs7W2DFFxEBB4CF6IEY16Q3DLgPc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=agsDsbQu6tfc7RPW7J7ky1A/PHGCplw3duHqgWbBhoHwy2jYk5vg3rclyvFJIRJIoLu7IdtGHei+HRyw/O+RUowlyKqR3TrpiC4C/UiZxcYk2WNprzuPwH4HgyiBn3zlynTEp5saOB9bD9UMRNbn6Y9afqGr8uf/+aZ2ULMPzOc= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=KGrw9UUG; arc=fail smtp.client-ip=40.107.100.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="KGrw9UUG" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=clukpr9QPfVdJs7VRjaBhrmTkBnmuiOEefI0NeZXg1HaW7zLI3VXRUp/3y0Z0+0j8S3ALW8kBQuYUU2uyCdF28IcDbPO3D5bKank/J5Ys3LAUSFVOi7cQucIioBzO3cgAY7Bvb8NwME840lJK2UzfY+WjVbNVfd3wwdFCeObJJMwqyZcLbxZJLgB5n/5Vss9tvBzhXfl7ZZ8cN6F0saq7mcIILZ/xANokoDflsLjPkPfCN0y6ZWqcp5fM+PIxiLmW+vZe6fzJvBEJngBMsRkkwnkJmPAdeI+B4/V1Za19e9vzdoXJDgEKVPsQMTajlh/8gD1BuQP/8/Ua4qjq94l5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tTpe5ac0xxwwCms3B+uA7aQK3XRQ5Pf70MDJoVTSbKM=; b=bEgHDPdHqU3NVmI9N46dj4brlHNy5yIOxc6X3YXeWJZAUe3BE0EMDDd70fYwsAi6A3GLxOzgNUystIgtTg1BjnklbuzotlYBh32vLF+dHiqk9Zu2nx1qu/w1RBLXVWFutMDaS/EsTORpy8hX+KEqs3Bx7sYsoQEPTGBS02CiigyuTEljhLW8vjae/umqANHefKlr2SRtI1fUFixr7Jy3VWrEJMNlXRlZYMrxNG3//ACvWi3T+gXMY3AXa7cM15vluP0d4QX82UJxr01IWnuYGfDy/DPo2grORWh91WnzPR+PTVCWPlCXDF/m5ZInWdPKUDmGwHCOkLNkD+QAN/ehjQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tTpe5ac0xxwwCms3B+uA7aQK3XRQ5Pf70MDJoVTSbKM=; b=KGrw9UUGfsA8gQhFed8VEBcdtI4Otw5a8lNQML9ri/17QPvr+LfwrrsowWAkQQTEnlSe5J9k2tClSYnmo50ulhVXSwk3YbVn8/VsHBCHKcGSnmPdlWTxmJ6CjOXEa/LSTUXroSewBCR9NyePh7HLUR9VYu+02O0f4yG0ua9vJo8= Received: from SA0PR11CA0138.namprd11.prod.outlook.com (2603:10b6:806:131::23) by DS7PR12MB6238.namprd12.prod.outlook.com (2603:10b6:8:96::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.31; Wed, 20 Mar 2024 08:42:33 +0000 Received: from SN1PEPF000252A2.namprd05.prod.outlook.com (2603:10b6:806:131:cafe::34) by SA0PR11CA0138.outlook.office365.com (2603:10b6:806:131::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.28 via Frontend Transport; Wed, 20 Mar 2024 08:42:32 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF000252A2.mail.protection.outlook.com (10.167.242.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:42:32 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:42:31 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata , Chao Peng Subject: [PATCH v3 12/49] kvm: handle KVM_EXIT_MEMORY_FAULT Date: Wed, 20 Mar 2024 03:39:08 -0500 Message-ID: <20240320083945.991426-13-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF000252A2:EE_|DS7PR12MB6238:EE_ X-MS-Office365-Filtering-Correlation-Id: bf6f8b1a-6483-4b9a-1aa0-08dc48b9af54 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 0ytq9e16lXy4cjnOK6ENCxxrmbSuzALnL8dSt+k2jtrW++GrSaG+YzZMrWEcxkm7QYkVhw+gE0qM5cy6pFpS7jfOYHtD/FvU4xgJpyt3PD0Nd/xn3bpcjttbRR2xdeAVDtV/3qSDBQuD8Gx5XLnQPyxiJqFcuk+Hx3BIBZ3F04V/VXrZ+3UgH2ILVi3sk6KeVyr1peVtNBbLSgI62lrEKaVW4/Vw/wUoELqEpgAi0pATnH7QzbJp7wciPXmLu1YnOMp85AfGVau5Pq1e+FJX5userVXm7cgNIAbeq8xRb2M50di/TfGwyqo7zGwB+o6SsN9oKYM0nzFbZCqXEWTnySzmWBv91kDIP3BMEgSH8o3ueyUZiSl3ptaV69oWXhC+G5nXtgHYPSCADk3290SBHYDFxsYsnTNMML1w6eIt35w+hR1X9osVVvxaeEQIgchLNN9lgtHAW212TWMUNYobrGnYF1cpsmT+OQzYIetgNiI/yVy43o3wqMZ3J1vCji55gjfhuG9Lem/ve9QMj2yTJSyg0lr5lm+dbN5w/CshDVXaXGzoqi0wP2eip4k5bYt60ImcJ7KwkCNKJp682Zu/UFApve8NoPsDymwqN/ZshZwhCd1yJ1tUzs5vVrbXp32NPjLpiAq9gH5s53NJ9J9Hfcej/dE8KEn+7kFRG90q6Z3F9ZO/+T7ckxZ4rrY4r7xPbUVnNG6QisDrzgq9u2Nfksre75GlVvfa2CFqu6MWjC9BWOpgxjw+ydB0iknDpVec X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(82310400014)(36860700004)(1800799015)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:42:32.6817 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bf6f8b1a-6483-4b9a-1aa0-08dc48b9af54 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF000252A2.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB6238 From: Chao Peng When geeting KVM_EXIT_MEMORY_FAULT exit, it indicates userspace needs to do the memory conversion on the RAMBlock to turn the memory into desired attribute, i.e., private/shared. Currently only KVM_MEMORY_EXIT_FLAG_PRIVATE in flags is valid when KVM_EXIT_MEMORY_FAULT happens. Note, KVM_EXIT_MEMORY_FAULT makes sense only when the RAMBlock has guest_memfd memory backend. Note, KVM_EXIT_MEMORY_FAULT returns with -EFAULT, so special handling is added. When page is converted from shared to private, the original shared memory can be discarded via ram_block_discard_range(). Note, shared memory can be discarded only when it's not back'ed by hugetlb because hugetlb is supposed to be pre-allocated and no need for discarding. Signed-off-by: Chao Peng Co-developed-by: Xiaoyao Li Signed-off-by: Xiaoyao Li --- Changes in v4: - open-coded ram_block_discard logic; - change warn_report() to error_report(); (Daniel) Signed-off-by: Michael Roth --- accel/kvm/kvm-all.c | 94 ++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 84 insertions(+), 10 deletions(-) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index df7a32735a..2fdc07a472 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -2903,6 +2903,68 @@ static void kvm_eat_signals(CPUState *cpu) } while (sigismember(&chkset, SIG_IPI)); } +static int kvm_convert_memory(hwaddr start, hwaddr size, bool to_private) +{ + MemoryRegionSection section; + ram_addr_t offset; + MemoryRegion *mr; + RAMBlock *rb; + void *addr; + int ret = -1; + + if (!QEMU_PTR_IS_ALIGNED(start, qemu_host_page_size) || + !QEMU_PTR_IS_ALIGNED(size, qemu_host_page_size)) { + return -1; + } + + if (!size) { + return -1; + } + + section = memory_region_find(get_system_memory(), start, size); + mr = section.mr; + if (!mr) { + return -1; + } + + if (memory_region_has_guest_memfd(mr)) { + if (to_private) { + ret = kvm_set_memory_attributes_private(start, size); + } else { + ret = kvm_set_memory_attributes_shared(start, size); + } + + if (ret) { + memory_region_unref(section.mr); + return ret; + } + + addr = memory_region_get_ram_ptr(mr) + section.offset_within_region; + rb = qemu_ram_block_from_host(addr, false, &offset); + + if (to_private) { + if (rb->page_size != qemu_host_page_size) { + /* + * shared memory is back'ed by hugetlb, which is supposed to be + * pre-allocated and doesn't need to be discarded + */ + return 0; + } else { + ret = ram_block_discard_range(rb, offset, size); + } + } else { + ret = ram_block_discard_guest_memfd_range(rb, offset, size); + } + } else { + error_report("Convert non guest_memfd backed memory region " + "(0x%"HWADDR_PRIx" ,+ 0x%"HWADDR_PRIx") to %s", + start, size, to_private ? "private" : "shared"); + } + + memory_region_unref(section.mr); + return ret; +} + int kvm_cpu_exec(CPUState *cpu) { struct kvm_run *run = cpu->kvm_run; @@ -2970,18 +3032,20 @@ int kvm_cpu_exec(CPUState *cpu) ret = EXCP_INTERRUPT; break; } - fprintf(stderr, "error: kvm run failed %s\n", - strerror(-run_ret)); + if (!(run_ret == -EFAULT && run->exit_reason == KVM_EXIT_MEMORY_FAULT)) { + fprintf(stderr, "error: kvm run failed %s\n", + strerror(-run_ret)); #ifdef TARGET_PPC - if (run_ret == -EBUSY) { - fprintf(stderr, - "This is probably because your SMT is enabled.\n" - "VCPU can only run on primary threads with all " - "secondary threads offline.\n"); - } + if (run_ret == -EBUSY) { + fprintf(stderr, + "This is probably because your SMT is enabled.\n" + "VCPU can only run on primary threads with all " + "secondary threads offline.\n"); + } #endif - ret = -1; - break; + ret = -1; + break; + } } trace_kvm_run_exit(cpu->cpu_index, run->exit_reason); @@ -3064,6 +3128,16 @@ int kvm_cpu_exec(CPUState *cpu) break; } break; + case KVM_EXIT_MEMORY_FAULT: + if (run->memory_fault.flags & ~KVM_MEMORY_EXIT_FLAG_PRIVATE) { + error_report("KVM_EXIT_MEMORY_FAULT: Unknown flag 0x%" PRIx64, + (uint64_t)run->memory_fault.flags); + ret = -1; + break; + } + ret = kvm_convert_memory(run->memory_fault.gpa, run->memory_fault.size, + run->memory_fault.flags & KVM_MEMORY_EXIT_FLAG_PRIVATE); + break; default: ret = kvm_arch_handle_exit(cpu, run); break; From patchwork Wed Mar 20 08:39:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597488 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2041.outbound.protection.outlook.com [40.107.243.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 57DFA381AC for ; Wed, 20 Mar 2024 08:42:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.41 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924177; cv=fail; b=lWTiJg+ua+wvH5mdwwuzHd2eQi0ZqSCk1g13ej5nDYSTjZB2gH/axl7tKxO/OkOOJ4x7eL2NS9ZBxRLZ1ep3AA+J6TgwcndbWETjaXna/glJFI+Gqe4eXgRX5ODqw9ZRGQ0/wwi2TriInPBAMesCAjYDW3usYv+W2ca9HdQkZEo= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924177; c=relaxed/simple; bh=jQKqFnu+XYAHgCZkdYwpkcD4qdlkbUvBvsDNryXsPDY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Ez1AuX33z7IibpyM94k67siKt0IGubEmlywLdueGCC48vQzwV5M1bI2bh89GBopNj/3SKCtBZMqaMN4egdZwTk0t7muViMt6v1vgamix2ZyTbOHGfvLJFd8cIPr1BgB2zjRF/cYlhXfMf/f0CefwUzgohiaCUKicP2eD8AkUSHU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=IT1y4LLi; arc=fail smtp.client-ip=40.107.243.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="IT1y4LLi" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X31F+fhXMSab3s8rapvM+tGMnBWe8F+fBvZyBfVm7zLtvE7wap48zw/DTVHjAiC8ha154Oh+H6jRemYtdVNVEBpa13U5oRYo1Y8MOo7VCmSZTLIJ0G6OoIxmkYwjhrqB4mLpS5TJtZehy6v3T6uF4XfiHTw36U7zfda/pDJCKl/swBHZsYWMdvxQdMCMxCClQaNZiZKWILfj9aTXGe6RfObQTyaRs/hFQu02s85X3XS7h83/axmW3Rrnz70poQ7Pylfyufr4Cmi0jyS1EqG88rgBtteshhpuoHWtiN9Xkls7soAQeh4Iweaxp7N0Caj5DkNJsYqR1O6BoSDHZY0bNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/n5MP0Hwjr8JvwXkWYuZYjiKDtDbq37GHEbSfFGNOkw=; b=PHxi33vsrw8R59ut3FGYWLTcBGFCrDsBQSHG+o/FhypOjnWctHOKdCJQtIFw27qhkoB2yPyNaPj396zuYDAfpLyoqWAu3i7gVZ9qwGaivVJcnvj09cZYH6TEwSrXs/iPyh5y4y4hupvyTFY/KNFi8QH0BMJm63hHDKRVLQSjds2y/Xa1EGHK7+u4PSaUtGj4QK0E9G8WyrQQ1qQKVn+sbCqvNw6Vnl8M5rDFxUGDKM0S5Xwzzzw1l57Eguff8IvbCPpTTPsKzO//czxYfAj6FvCkYOflEHmD9lygXYIA8sruprY/rFpfsvcBkxvUrU6T5dF+dH/xJ8vbnTEENPKXEg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/n5MP0Hwjr8JvwXkWYuZYjiKDtDbq37GHEbSfFGNOkw=; b=IT1y4LLiq9F34sh0Zn1kBSz8mYGG3RL7Zz71S1gaf3Jq7k+SSRuZbApd6QZ46MIQT1hy83+Le48G9FCcaRWkCCaoAOxc/nhQ0SbwTOxxN/nkD8QSuGy3EbrpPvuLpKwsRi4j+C9xd+h/YudBwCy8BjYEYCf1zER/w+p703/x6+Y= Received: from SA1PR02CA0003.namprd02.prod.outlook.com (2603:10b6:806:2cf::9) by SN7PR12MB7449.namprd12.prod.outlook.com (2603:10b6:806:299::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.31; Wed, 20 Mar 2024 08:42:53 +0000 Received: from SN1PEPF000252A4.namprd05.prod.outlook.com (2603:10b6:806:2cf:cafe::6a) by SA1PR02CA0003.outlook.office365.com (2603:10b6:806:2cf::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.28 via Frontend Transport; Wed, 20 Mar 2024 08:42:53 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF000252A4.mail.protection.outlook.com (10.167.242.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:42:53 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:42:52 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 13/49] [FIXUP] "kvm: handle KVM_EXIT_MEMORY_FAULT": drop qemu_host_page_size Date: Wed, 20 Mar 2024 03:39:09 -0500 Message-ID: <20240320083945.991426-14-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF000252A4:EE_|SN7PR12MB7449:EE_ X-MS-Office365-Filtering-Correlation-Id: af3cfb24-c77d-4b43-4845-08dc48b9bb92 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: vNcKNic03ixGx+QiTuD3tD+T8XhVPE5oTRXuwvNrl26krf9BFTHA51VSGtgXRXln8lnclCBJg36RxjGxSJA+28yQR8pabbPut0yo4/54Yv6Ka9Hbm2PTwFgjFyNSN6Z7AAURvRhLmSLskPr9TaJKPBjBtH18NV/u6mG8tOXR2sEHnxMEjtU0Okzr0EypkCNllJEVDVaHkxy/tkLs1FWR6s1X/a9wZPdee4zZYovbgrMHpVt9aIV3gNUDFDRXKZ9k+cgV+cLaThx/rBRtZGY1v8o5oIatS2T6y1pkVva66BMDkAQMLQpGo6F30qTB2qGyDktye6PbwyGqZSl8m5sdssIAbTCGYwbp/trNzHj0qDSKKlSksx501hnQzwQUlknrRI1DJBp37fQ/KoBlMa4tq7zlA85mbSUvZd9LF5Siuktzyf6D+C6KkWGVF/kopBVHKmlqb+Tsg3Na10z+qNGlEz1GhmwmalhmOOEVnvvp1WSVURzibGHvtuLE/AQkO2B6NkB0oylEgR8PXP4sDzEMb9pEIJDw3tl22oqPZtUKVQ6g4XXWzBSuGySNSQrlXjH7z5DEnL3urNZgbpVkHtbZkvW5uelVkvS17VDVrqbRya8mv5clu+kT8olsLIJNHvaGgJTFV70s859vV/ukS7FfAS4JN+vj9qnWIG2YZBwtPHI4GjbHGD/xP1ylBgLLO4jlV2PQ17sA8nRXnxuzpJI76Vu8fJlrILXsPpHNKO+E4ISlCN5q8zCjQCx4TXmw8Y74 X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004)(376005)(82310400014)(1800799015);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:42:53.2218 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: af3cfb24-c77d-4b43-4845-08dc48b9bb92 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF000252A4.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB7449 TODO: squash into "kvm: handle KVM_EXIT_MEMORY_FAULT" qemu_host_page_size has been superseded by qemu_real_host_page_size() in newer QEMU, so update the patch accordingly. Signed-off-by: Michael Roth --- accel/kvm/kvm-all.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 2fdc07a472..a9c19ab9a1 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -2912,8 +2912,8 @@ static int kvm_convert_memory(hwaddr start, hwaddr size, bool to_private) void *addr; int ret = -1; - if (!QEMU_PTR_IS_ALIGNED(start, qemu_host_page_size) || - !QEMU_PTR_IS_ALIGNED(size, qemu_host_page_size)) { + if (!QEMU_PTR_IS_ALIGNED(start, qemu_real_host_page_size()) || + !QEMU_PTR_IS_ALIGNED(size, qemu_real_host_page_size())) { return -1; } @@ -2943,7 +2943,7 @@ static int kvm_convert_memory(hwaddr start, hwaddr size, bool to_private) rb = qemu_ram_block_from_host(addr, false, &offset); if (to_private) { - if (rb->page_size != qemu_host_page_size) { + if (rb->page_size != qemu_real_host_page_size()) { /* * shared memory is back'ed by hugetlb, which is supposed to be * pre-allocated and doesn't need to be discarded From patchwork Wed Mar 20 08:39:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597489 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2040.outbound.protection.outlook.com [40.107.236.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D02483A1A8 for ; Wed, 20 Mar 2024 08:43:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.40 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924198; cv=fail; b=tQHBPHPawonRS1fDx/j0SOajca5EUfyrQfORx5mUKxToWqPrHhWjMdGDYso6gzCLnrcxv7tz50Y1IpXsYPvzUmQmEJs+00lI/NlGQP4V1CijqBFKyyt+YLOPTOjDqz3se9jIyX15IDxQ2iaHrWG5GS7Z6G4InNMYvUtMFFTwarw= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924198; c=relaxed/simple; bh=M48Lwcv5WU2ZfjPSlmvEaodp+qxbrakLdvj4+Y70mmU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=gcSgXEeDYhdJ3+DhmIHIFy5H09IhEEEbRAUyMdlhnyV2aQ8PnQdlmUB1qb5pRPNHl7K5ehBc7w9DR9tKO5jSBLHM2sBxGal8eewLh7BivydzTU+aKUbR1vg1cjZZZRX5MBV54HK+jS0rNakPvs82un9HHvAqINraDkKOJz3eHc4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Oop3WKfu; arc=fail smtp.client-ip=40.107.236.40 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Oop3WKfu" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YaPPnXpwCK7yrlwkGxsi1C/6KyndIEUHTTfavS/cWIr56AzUoKJlj/YEj8/sCIWNRZ5YJVR4yOO1/J1kW/8OTGF2xADG0LswV0myedNrjR/Syj0tPcLKb1aeNy5JICeVBj/pK+UeyWpO4nrR8FDZ0Dajcp7I5yxiv6D5LMDA8UFYQlbeLtI3tcqz199OD71oqmpFqMfrhNENUdyftGgF6yxG+7dGkd/NrJNEcdcqeCxVjpHzIdNLGJolHDdcDSXkRZTB5tKVG2kK69OOLsNR0YjvFXWTmNNNXFikrKB+k4u22u9upJ2hUvQ7qjZBITuS+1nc4sQwVYa0FXKRcKGerA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qdJsnf8ZjFxuG5rUxrazZZnUDr2yfAdTa1Prf4P+9Gg=; b=Jxk+H1/gPg7F7sHiTaFPwNr7ZZO0xO/rgA5iWjNvV0ow/ONKAezeZvn+3DR0pIAUevlRXI+dvxmSzYyeCGcQzAdaq/A0XEMhJrZ/i4PeC6paP66nvshD4LNEA+XNAjuTzL1nlmxceMtnSelzAcozsWN4q3GGSCIDiQuIagbGAZLkhMcBjrX67mZ198mr6Ly3Wg18i1tRSXo5mRYF92dhcE0No2/tP6xRXm1QXry6kEbMLvlzwd32b1gserptZMo8qN/dEkADpTBoLvFQ5uCCvF0sHss1V2ZIC4wde6ud/9/+j86Xw4N06WygREif1PL/yZWmoyvYYytREimjc2JnsQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qdJsnf8ZjFxuG5rUxrazZZnUDr2yfAdTa1Prf4P+9Gg=; b=Oop3WKfukIYlPMtY5I8hPWFuHCKQhIaksxL6QcpIdU4RN3bKGrP2T2gSdgVV/BFFSnu/PIMpEP6wUM7p5PH12CFa+XJxWEqawpT542C03buR1fAinzp+jmLpQK85UeLQGrnNoQA5SzTKClZpHe+JOGRj5UmIBPIB6r0kgueFOu8= Received: from SA1P222CA0092.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:35e::12) by CY8PR12MB7755.namprd12.prod.outlook.com (2603:10b6:930:87::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.34; Wed, 20 Mar 2024 08:43:14 +0000 Received: from SN1PEPF000252A1.namprd05.prod.outlook.com (2603:10b6:806:35e:cafe::98) by SA1P222CA0092.outlook.office365.com (2603:10b6:806:35e::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.28 via Frontend Transport; Wed, 20 Mar 2024 08:43:14 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF000252A1.mail.protection.outlook.com (10.167.242.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:43:14 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:43:13 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata , Isaku Yamahata Subject: [PATCH v3 14/49] trace/kvm: Add trace for page convertion between shared and private Date: Wed, 20 Mar 2024 03:39:10 -0500 Message-ID: <20240320083945.991426-15-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF000252A1:EE_|CY8PR12MB7755:EE_ X-MS-Office365-Filtering-Correlation-Id: 96f3b1ab-6373-4b43-5f58-08dc48b9c81c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: YBKiUQj36+hnlOG+liDVdzEv/eRgIjJSCysWLn4gVLBHaBldBGFRuBSjob4b75FGZSbZyYVhPOt/O8DXsUyj/zHdq9+LmS0MklHOBTmSPQBomCxFcT+gd2hdZjSS6MH+gIR3kSbDZx8dPgjEDGROTzRppbar43avi0cqfFQO6F+dNhxmk/EG7rqMP5Obk9I+9nztN9TLuyOC4yDUMGu2bXXdpc9N0Hj1J1ue6Be2R/2DOspE6+HXU1Rd8uM/+lbQMM8Z7cii99tRcvteqYr0ribV6tCOCh2IveyfXsLN2gEQ8Ge6SOwAKds1185Iq/7ykKpV7BBW17VRH0j/2a+NQN6QaP3/wTwyhnH1jyJuWMkX6HeQRdSQCJdXPSDaAhqU3uuSIjryteQsy5DhPweiEMvGqezT/Iqzt4+0Pyp/CT4rU0SDo3GLhQQUVLX65w5pG7PWKY7DyxXNaPPfsv6p++vJcIP6Cn6K2p4Hx5z6NOkFjBP293sgoN/90O9yhAGvTlAY0Dzdm4JxPflOx2Lb0hunQwx8KeAtuRJ+kWgHwbfHH7JdOABiK1f+W05309S5QleViQmzexOdwmu/MehI4Cy+jC27JQiiGE2GN7qBv+oTXlodd7pmMp/WiPNqlkLu7Zpj5z6OM7sKFxfFJKqzX3mVvbWZf5LG0Iogn8/6Tg9z3zLBRTMxlmHbD0zaCJOjPp6v0Mc6GCgQCHuAHiIUAfF/zplB0b4lwq4QFi4DJhXca3fg9e+8Lfb9rfFbL5+N X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(376005)(82310400014)(36860700004)(1800799015);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:43:14.2438 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 96f3b1ab-6373-4b43-5f58-08dc48b9c81c X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF000252A1.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR12MB7755 Signed-off-by: Isaku Yamahata Signed-off-by: Xiaoyao Li Signed-off-by: Michael Roth --- accel/kvm/kvm-all.c | 2 ++ accel/kvm/trace-events | 1 + 2 files changed, 3 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index a9c19ab9a1..9a8b365a69 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -2912,6 +2912,8 @@ static int kvm_convert_memory(hwaddr start, hwaddr size, bool to_private) void *addr; int ret = -1; + trace_kvm_convert_memory(start, size, to_private ? "shared_to_private" : "private_to_shared"); + if (!QEMU_PTR_IS_ALIGNED(start, qemu_real_host_page_size()) || !QEMU_PTR_IS_ALIGNED(size, qemu_real_host_page_size())) { return -1; diff --git a/accel/kvm/trace-events b/accel/kvm/trace-events index e8c52cb9e7..31175fed97 100644 --- a/accel/kvm/trace-events +++ b/accel/kvm/trace-events @@ -31,3 +31,4 @@ kvm_cpu_exec(void) "" kvm_interrupt_exit_request(void) "" kvm_io_window_exit(void) "" kvm_run_exit_system_event(int cpu_index, uint32_t event_type) "cpu_index %d, system_even_type %"PRIu32 +kvm_convert_memory(uint64_t start, uint64_t size, const char *msg) "start 0x%" PRIx64 " size 0x%" PRIx64 " %s" From patchwork Wed Mar 20 08:39:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597490 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2062.outbound.protection.outlook.com [40.107.94.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 157C6747F for ; Wed, 20 Mar 2024 08:43:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.62 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924219; cv=fail; b=qAHBFxfL/UTQwUVFzCaQCBsEtJAPnJBFnuyzL3JkRAvLhIySflAd9jsfGByrVVIivKvLGPlQI6OI94tZb14zmIXnptUskN+StEnOk/X9zPvPWB7jazWXp1IeNPIJLrsNt9jw9YeKhyVMAyB7DucCKYwiCPyt9OpjDsfYvx01j5M= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924219; c=relaxed/simple; bh=vC31M/yatuQeXhRCUeo914IlXCem4W5xMaiHkvUFSUA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=DloH1skiKP7OKrLqCzatBKgLBUZTnYxGoJlF+Kfq7BDeOhv0zZKaLkhLQwlkoS7TjK2aQrdr/3dGwOPVYKBjs9CCB/DBSwFlNTvBDKhKUwWCB3xaybWbZflgkezPtcPYzOuff8zQioPNIqYTImdywgDNwwEGwkOtsmxGISBTOyI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=mO5aasD6; arc=fail smtp.client-ip=40.107.94.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="mO5aasD6" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BIVcXwEY6KI1YTNOVA7QpmPqov9Xe0SV6+UXp1TDSZO8n2DflpVpk3FZgH9C/q0k29xejpC3InRgdwkdq5xA5AQkbfYZj5ClQxtyZzIm3fSWZncGp/s0rghtOVVbWpZczoUuxOzq9G+w1UiRrxvcKDWLEgl8+j6aBdLfmZ3FWEK32vVdS5fIO4DesNypC1aJ1GOtOuxo5ib3QyZzqd48HQZWLBUCjvrtuXy9nv8lP3fBpAbwT96dvGo5P/gXElKm4rEf7OGWIvorm88aCSzl+nD6NsmJ4hBQqHSeuHgOKjfl+vWCivjE8UOhOCxoJQ5IXlzLV/ejTAQK5LSzKAdKww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fTqtcVZjp5Czz38jYigxgL9NCDNjryBgjRqYPmRRX3g=; b=Qx4ebsWwJZM3c1/jFRay9haLEub0zUB0cfqVZ6NmHsMhkzLQLNTylOYnYfakvGg0IvyURvadt+hRzqGquwXPn/InHCukCffdIwx28onhlwFCK0ijL+qO65xqPOvuABT5CFMq0QNIpAhUtN1a/kwZP9FJTBDS6/Cfa+F4V65EKP07oJdOVAjepzMRLtvUIJRvySfY2pHSe2C7yGnk1vDGjUPzOECg+xonX8I8SKK5UFbnrU+lBIyXNLZ75T3B3D62/mgzU5jiHIFe2WtxqmfL8+H4qoymAwpgRRxaiidEpO2p/ls0mX+u9w6S035hhwDYXRYr1HLW2qDgRD5SZVYIfw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fTqtcVZjp5Czz38jYigxgL9NCDNjryBgjRqYPmRRX3g=; b=mO5aasD6was/9ZE+WbLpwwdf5gYSKJDY9oJNqNiy17j8e+CDOstuDLuOZtSRp8zBXhwP32LUtwqow/+BpSiRokKytCcAPHknP9Ls1Xa1eRqRB4ljOE1fr5VgMbdttA+qjYu4QC/T9nHq3aW4rmXXInJxPVIBYrOD6BPPyuGgVRU= Received: from PR0P264CA0083.FRAP264.PROD.OUTLOOK.COM (2603:10a6:100:18::23) by SN7PR12MB7324.namprd12.prod.outlook.com (2603:10b6:806:29b::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27; Wed, 20 Mar 2024 08:43:36 +0000 Received: from SN1PEPF0002529D.namprd05.prod.outlook.com (2603:10a6:100:18:cafe::aa) by PR0P264CA0083.outlook.office365.com (2603:10a6:100:18::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.28 via Frontend Transport; Wed, 20 Mar 2024 08:43:35 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF0002529D.mail.protection.outlook.com (10.167.242.4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:43:35 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:43:34 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 15/49] kvm/memory: Make memory type private by default if it has guest memfd backend Date: Wed, 20 Mar 2024 03:39:11 -0500 Message-ID: <20240320083945.991426-16-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF0002529D:EE_|SN7PR12MB7324:EE_ X-MS-Office365-Filtering-Correlation-Id: 14b6ec9d-d6af-44d8-81b2-08dc48b9d4a0 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: miuzvejBctE+hSNFvabJuddQsm7nnWVcz2cLwsqJeGPcvG6/geias7G1NM0sbUvxumsuJcmyh4xFxFOdEsrs9cLiqfSpn0Z7ZFDsEfOc3Fjycr8y9JBUIuS+esPOiKuhu54LhtIlZdvVJd3SKXjwaHMDKoWAHawz128lBsTab1TaT1csvqC7TOPZbcKf+isIvr+hg2zwY47dKh9js5C59lvSbu/V7l95Jc99hku8nWgtyTY7hJvTBjUgpm2E/JsMobTqfZcOm+ifhjX/GsJ/Zm8V92lxec61M6FotCmNdKk8eY5uqind45x/zn6vcI7ztTwg/Z3o9oROZLQ672MXqlzsoDzU8wiKQkBQc8Oe4TEUNVst+KsF9ZDhKUb8VkeBPhbCv158J9WY3PWl7gafBfv5Wqxk1eTSGNJf0QvnTscFdSH0l1eOODvwtTpD4J8uGRxMCaKWGv/HCR1kmFIj+8R1AMU4guBPGbHeAYDNHBQYfe7tznT7qxI5Atlv7K2H69ieYc4jvIRTZ+Rk/Nubl3xG80gkPS3FuaLpqUtqo3xzaniYJf/84vA3oD1kjfGLxP7dcY9TlN+JwkxTujYh8bz8h4cKSewHXnRrq4k7K+7GFya97m8RJtvquJ/Jnx8jiNPGqJiWeJb2N9nHfL0I73qoKXETsWi++7dFzhyZ0W2n0jPu/D9fCRuLVWEtJRqXfBm59SxWw3cXMXULj3ba5yjfQCWEFzxPpupwZDA3hMnkzy+0vXD5DUFDBwg9FHE9 X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(82310400014)(376005)(36860700004);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:43:35.2581 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 14b6ec9d-d6af-44d8-81b2-08dc48b9d4a0 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF0002529D.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB7324 From: Xiaoyao Li KVM side leaves the memory to shared by default, while may incur the overhead of paging conversion on the first visit of each page. Because the expectation is that page is likely to private for the VMs that require private memory (has guest memfd). Explicitly set the memory to private when memory region has valid guest memfd backend. Signed-off-by: Xiaoyao Li Signed-off-by: Michael Roth --- accel/kvm/kvm-all.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 9a8b365a69..53ce4f091e 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -1451,6 +1451,16 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml, strerror(-err)); abort(); } + + if (memory_region_has_guest_memfd(mr)) { + err = kvm_set_memory_attributes_private(start_addr, slot_size); + if (err) { + error_report("%s: failed to set memory attribute private: %s\n", + __func__, strerror(-err)); + exit(1); + } + } + start_addr += slot_size; ram_start_offset += slot_size; ram += slot_size; From patchwork Wed Mar 20 08:39:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597491 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2070.outbound.protection.outlook.com [40.107.243.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0F88938DC0 for ; Wed, 20 Mar 2024 08:44:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.70 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924242; cv=fail; b=eUKPMu9r7o5p9IAT+6sFzj5NzFYhhb62455BGL5RB7ynpyO+kcvA2oJ6s8s+ToLb6f2yI/nZiNr+cyOd/o8NdyABYxLJ567RYPNVBz80EjR/zjcxROJgEJWltKV3MVgu3MGT1/p6PgRMgiqt9axTKTB3YL/T5Ngte5ux+5bhp/8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924242; c=relaxed/simple; bh=HswgvmCLAMIxave67B1PL5ZnO/+xvJf8lMmQ0cff+BY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=nrNbRgJxZWcu8430MidjOt2FjA8bpXXOMK916dwtPCHCcBoux5xGJG5e/CKempISe3mdVYH/xvvCiVZXDsNxbVpVAUYpwoJQ7zpJ1snLBRZysar0FQ2TtbsdUECFrHiWgMjn5HmVRpntmhFKS1RoC7MSYpSHz4FRWljIPICTBEY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=tFPWASVd; arc=fail smtp.client-ip=40.107.243.70 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="tFPWASVd" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Rz8v6XJsQk9kW9CVHcCuPQIQp2E0h5nk59CI8mmUgbGXr7yoiAlSepc+Dpg7wk6/H0bQW7xlldCGXtLQjaKK3k1vUJ5IDVlkPZq3WHu2uFmv0eN5LWAUGUt6qA31u1XZvHdAB6Ulxs89+Gd4MLnJ+gxvHP188k0YxmNq72HEcZP04bKj6gUNeg6jnhrSqLWT3oFhG9dLslyXtmO+C4pRjdpx960KC5LJXRX7D8CnJEM2I5jX/UQBAMwC3OvI4QOkRh4oC1AJjPUOS/pyjzoBPscBJvKv9O9prmQSL/+la5PnqAceBTvk8qK+3qstYwCTRzfvz48bOr2vPsAyw8PC4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dSrmrJQbHUAMRL8clL1jsbrz1sxVZn/0yeZ/G0uTirA=; b=SOHMYBuG5LtqFK+aFTSMLO44QIxWQtLGnZTaWI/fjNmn+XPieuR0sTX3jEH2FqDW1sLnQl4JTTvUspPqFNpyQx4xeMB5dzFq8syyJuX3FNsUQ9U9KoLyiGBeGDcooHzSm0lgok9o7/VjvDNwePfPG8Zx2LHi4eV4/mGBqg1QTLFIpfUhfR0hxXpfQPCNx3Ef3l38/7DKB0NKT81VKzz41FHuBaXuyYJtR6/jgM/A2DtCsFNhA4gf+V20XsnwNV7eYWRFtQXoQpeg1ExUwLBBhIGYgIqwjtC31x2VSOV0Ie6No563fG/fhUh69EfCHdbVbQh2FjtqMa7rzRr0P9CIng== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dSrmrJQbHUAMRL8clL1jsbrz1sxVZn/0yeZ/G0uTirA=; b=tFPWASVdcMGSrZGZrq0wzeP1lZA/oDqGdnQn5ysKry2u+XpD02xghojbA7D3w6X9DxkLl7pQd0lkR2NpiI1oWnyFt2QCXS59dolXIHduMO6G77RCrdy3Yuhi/3JDsJrcuPjhRMsbgGlX1/4vsbeTILAayZFUwBpjPf2mO00XYl8= Received: from PR0P264CA0093.FRAP264.PROD.OUTLOOK.COM (2603:10a6:100:18::33) by CY5PR12MB6345.namprd12.prod.outlook.com (2603:10b6:930:22::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27; Wed, 20 Mar 2024 08:43:58 +0000 Received: from SN1PEPF0002529D.namprd05.prod.outlook.com (2603:10a6:100:18:cafe::4e) by PR0P264CA0093.outlook.office365.com (2603:10a6:100:18::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.29 via Frontend Transport; Wed, 20 Mar 2024 08:43:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF0002529D.mail.protection.outlook.com (10.167.242.4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:43:57 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:43:55 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 16/49] memory: Introduce memory_region_init_ram_guest_memfd() Date: Wed, 20 Mar 2024 03:39:12 -0500 Message-ID: <20240320083945.991426-17-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF0002529D:EE_|CY5PR12MB6345:EE_ X-MS-Office365-Filtering-Correlation-Id: 70e605d4-8ac9-46e9-7353-08dc48b9e19e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: f/W8UtLvqFlkTugE9YUplWeyQBakIaTLYh56iS68VPf9BUgWng9wFwnSLAizsESXGLHZiwIzJUaaFBzRGJDtSlXsFhF3oWL4n0iriXev544Jmnx3l2Is7z30+KorCBTVb53LkyG1jkVNkk/3xoGf0wDTYdKuyu21ofQ00DjN2ChSXMqoxphPWd284qRJqpy/G+3vns1kBbL2arN3p45C4LbCp/WUAAR2wwF0UeB6QAclwPUpFEzqiI1JZV5J4fFO8gZeB5bBHQRpLOqyI/wvoBD0GNuJrXn0sbBdnVh1o+s7lcV0ZurbGqWuFCFaSTPG0VIKAVtbJB3ko1lqiHpbpLbgD8Brz3eYHYOBVcwfkqhQMV5XY4U8irKNMPWS9TXBOosj8M6isGtDKX/7HjneEpx/znFCXhQ2O9T6gBAV72IAGNxUiSSxSb/FDNbwj4e6UsSkAGf9HOJVwtRhLq8mzgLiWVGm1dEnL2LKZckEki25QwGIR3uODn+g8+sXUZ+nOnMe7W5py3Phw0d98wlQk6AnHOM4aQamjQNHYEElu8KW0lU3ZDXFm1i1Yvqps5wezpZCHZJ+OTEKRndteCw2mr7LP0IP683fkF+JfRpVpWq2La+lxINd1zsMYCiM+/YlfpNIveSxuaRiribFA+bEbpLCtpi8Kre/z+0b1cFuR2jqKkIs4UTcUpsedBTgYMjn0AhndokzKwaE5csKxM6b5AQrs3gqNnF+js0QWPmVANWJtAeCx8clXJVCFNEtbIJh X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(36860700004)(376005)(82310400014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:43:57.0706 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 70e605d4-8ac9-46e9-7353-08dc48b9e19e X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF0002529D.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR12MB6345 From: Xiaoyao Li Introduce memory_region_init_ram_guest_memfd() to allocate private guset memfd on the MemoryRegion initialization. It's for the use case of TDVF, which must be private on TDX case. Signed-off-by: Xiaoyao Li --- Changes in v5: - drop memory_region_set_default_private() because this function is dropped in this v5 series; Signed-off-by: Michael Roth --- include/exec/memory.h | 6 ++++++ system/memory.c | 25 +++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/include/exec/memory.h b/include/exec/memory.h index 679a847685..1e351f6fc8 100644 --- a/include/exec/memory.h +++ b/include/exec/memory.h @@ -1603,6 +1603,12 @@ bool memory_region_init_ram(MemoryRegion *mr, uint64_t size, Error **errp); +bool memory_region_init_ram_guest_memfd(MemoryRegion *mr, + Object *owner, + const char *name, + uint64_t size, + Error **errp); + /** * memory_region_init_rom: Initialize a ROM memory region. * diff --git a/system/memory.c b/system/memory.c index c756950c0c..85a22408e9 100644 --- a/system/memory.c +++ b/system/memory.c @@ -3606,6 +3606,31 @@ bool memory_region_init_ram(MemoryRegion *mr, return true; } +bool memory_region_init_ram_guest_memfd(MemoryRegion *mr, + Object *owner, + const char *name, + uint64_t size, + Error **errp) +{ + DeviceState *owner_dev; + + if (!memory_region_init_ram_flags_nomigrate(mr, owner, name, size, + RAM_GUEST_MEMFD, errp)) { + return false; + } + + /* This will assert if owner is neither NULL nor a DeviceState. + * We only want the owner here for the purposes of defining a + * unique name for migration. TODO: Ideally we should implement + * a naming scheme for Objects which are not DeviceStates, in + * which case we can relax this restriction. + */ + owner_dev = DEVICE(owner); + vmstate_register_ram(mr, owner_dev); + + return true; +} + bool memory_region_init_rom(MemoryRegion *mr, Object *owner, const char *name, From patchwork Wed Mar 20 08:39:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597492 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2046.outbound.protection.outlook.com [40.107.94.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CEE0D38F84 for ; Wed, 20 Mar 2024 08:44:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.46 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924262; cv=fail; b=hQo2b0UDPvjhA3vKSsKACivTKdxOeuKPfoyX03iQ5nm11cPM6yVhxUDJsSvKyRV1XouB3QlgToQN5BUAedty3t61ouamtNZfSoAMGhahBZKPLFiNZyBYJqdcauXJXWzI/pizZECvMKl6wn3pEbxxZ4MUBeIzA7yK/CVPdPRAAQY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924262; c=relaxed/simple; bh=2YLRqvUunWTeR5+spAsAeWaRnSoKsi0ToHZERijOkGA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=a4vvYXKniiEM6trh2jnLJosDxRU7u9gfBJqzKp03gt6jyJi1IO9QHm6lo2d7xm98EnP66YW6A5IAGcv/JnQzr+Aq3/3KHcK+HiCa0lt22uKQqV1hfu8j2pfw8eczWkPg/WMEkZubBMkzGQ7Xa1LYCLiuapod5GX7G5tR5Pkitb8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=DMW+MTms; arc=fail smtp.client-ip=40.107.94.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="DMW+MTms" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CengPR3DbByT0r33AT8ribI9wVhrOtyyp3i4a3t6xJeRKU0TEcmaT/e2rDk8Iv64Rt7E9GqOyQ6cW964ivTfE9M3yzHNBjMRzbyqDQwtV6rBzRWyDIfdEkZwqvXOoZG35Py/2QjQHUKusNrrv8oRejslCTLj3ipqC7xveasYw48ECDr0Ltj2FDmFrBZHESDWebGRPlQM/FlP90m5K/Ao35BPEufefHwymK6mvt41/vwsaqAKaCHiGrmx6Do0nt/T5AR+bBLVbpBeZPspVtlKtHGKa7DZlgCE37CyizQ2MNU0l+05SI8dNGIAGQ8JKYyUH/mzfKxKfzMUE3ni8woNgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HILu8zKv5gIRtw1eQPy3a+lxRUBPKHDNxM2VhGKvB2s=; b=cp/u9IDO38bvo2aThGmUg3vayXnEkw+4mlRFaO1bPlc8bx0j399shAN55q+hQJWRT8MWNbivCmAOQmqLuwQAmv+mnw3vljvdGTJAL8Z6ow2Bv2tYjyUsjsWccb4CR7h9DRydnE+Z9IouMv5aM3io94tmjMgGVG1Ng6Q8q3MG9wup2+zOYhhLbj32sdvP4E5yUfRsuPZe5iwQG0liQfVzbGltOHvMNeqsOdJbgtyAsQ0Zi8Hs/MUg5WvlfJ2NEefMldBdMA3oCgx4AAvYa7BWcqj+HPoyXj3Vceghth7OVX9iluxeU650e7ZK1IHSqag+hzJ6RMBCzR4ntwRCHi6aYw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HILu8zKv5gIRtw1eQPy3a+lxRUBPKHDNxM2VhGKvB2s=; b=DMW+MTmsuqqW35N5i7HLoVcRdOpaCUiG2mEStvEsGF7ONtP4UkaJGVYUpTbAVHcSsGTz8+U2qzK1dcArhFSwpcior0+0MMolKMglhqkN31jTGGqb07f2neNA1jWnn8k/8eILZQUy+R6Q7k4tXL3iVVqo4ZDfAMQqTdBZjL7e1g4= Received: from MW4PR03CA0293.namprd03.prod.outlook.com (2603:10b6:303:b5::28) by IA1PR12MB6652.namprd12.prod.outlook.com (2603:10b6:208:38a::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.30; Wed, 20 Mar 2024 08:44:18 +0000 Received: from MWH0EPF000A672F.namprd04.prod.outlook.com (2603:10b6:303:b5:cafe::d7) by MW4PR03CA0293.outlook.office365.com (2603:10b6:303:b5::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27 via Frontend Transport; Wed, 20 Mar 2024 08:44:17 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A672F.mail.protection.outlook.com (10.167.249.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:44:17 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:44:16 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata , Isaku Yamahata Subject: [PATCH v3 17/49] pci-host/q35: Move PAM initialization above SMRAM initialization Date: Wed, 20 Mar 2024 03:39:13 -0500 Message-ID: <20240320083945.991426-18-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A672F:EE_|IA1PR12MB6652:EE_ X-MS-Office365-Filtering-Correlation-Id: 5d020731-a33f-4ebe-839d-08dc48b9edd4 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 0mulvIQFUeiAC5TB9TJ6UmuVGUBqGZFYpELY6CY5kiW/tkw6VHqqTEEPzZQE+2U1KN+n/+K6/7zT11XNpTdVxokk0gBOyva+OH0VhHGszRVAoWaFUpVCBTUJx5cPuaenZui8qV2pSVrIJL/c0phRH62K9wn45UIXkyLDp2v5W/nAvCZbstFSgGfEstCUk7YgL06hX/MztzQsDHzbA9lT8tAhe+EiM0YfXRMhP/S0UZltgNgNqKnR21aaxSDGfowmgBeh83QyF4pUP1ChEHjHee8hnaxZbaDLHf4Jwxf4MfXVARAdHAqU3cg9jTB/nxy3nhiuXBEE5HuVbJpvtotQGKEmgLs1pc3lcdkEpIA+9RVNKqENyZfZbMFFU2g45Cr76SPEGFZuMx8tcPObwwgtUNCqkFVycZolIu20Qw0eUk1Lda4S8zQTq1IajYvNKvZ1dzCI5uatwvPjLY7g/nYhTD1BIaeRDwuf0D9aTRH8sPJ3fMI4g30rtQRyUGbUpBhJtHZwyf9h8WgPjD68ZwDGNwh+6lxJZB7ZyGEQGJZI3XT2SviO6RE76gq7P5585NuyBxLFRA+fqG29HTWoVm576BIqb42Xs6fwIIjNGxyBUxGQRLEJz3xOhm8DfAjielvc2H30jRr03arAOCXc0RQHM/pDr+ZG/cT+Tq1vCJA1sM1aGnB0U2Fm2rXY1emh5aw6IxRJnHzZS8AqTnMCE8TVzZh/tpPSbc1URaQQWUaOylZebDsPnBWdgXExtM/qCyNV X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(82310400014)(36860700004)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:44:17.4482 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5d020731-a33f-4ebe-839d-08dc48b9edd4 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A672F.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB6652 From: Isaku Yamahata In mch_realize(), process PAM initialization before SMRAM initialization so that later patch can skill all the SMRAM related with a single check. Signed-off-by: Isaku Yamahata Signed-off-by: Xiaoyao Li Signed-off-by: Michael Roth --- hw/pci-host/q35.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/hw/pci-host/q35.c b/hw/pci-host/q35.c index 0d7d4e3f08..98d4a7c253 100644 --- a/hw/pci-host/q35.c +++ b/hw/pci-host/q35.c @@ -568,6 +568,16 @@ static void mch_realize(PCIDevice *d, Error **errp) /* setup pci memory mapping */ pc_pci_as_mapping_init(mch->system_memory, mch->pci_address_space); + /* PAM */ + init_pam(&mch->pam_regions[0], OBJECT(mch), mch->ram_memory, + mch->system_memory, mch->pci_address_space, + PAM_BIOS_BASE, PAM_BIOS_SIZE); + for (i = 0; i < ARRAY_SIZE(mch->pam_regions) - 1; ++i) { + init_pam(&mch->pam_regions[i + 1], OBJECT(mch), mch->ram_memory, + mch->system_memory, mch->pci_address_space, + PAM_EXPAN_BASE + i * PAM_EXPAN_SIZE, PAM_EXPAN_SIZE); + } + /* if *disabled* show SMRAM to all CPUs */ memory_region_init_alias(&mch->smram_region, OBJECT(mch), "smram-region", mch->pci_address_space, MCH_HOST_BRIDGE_SMRAM_C_BASE, @@ -634,15 +644,6 @@ static void mch_realize(PCIDevice *d, Error **errp) object_property_add_const_link(qdev_get_machine(), "smram", OBJECT(&mch->smram)); - - init_pam(&mch->pam_regions[0], OBJECT(mch), mch->ram_memory, - mch->system_memory, mch->pci_address_space, - PAM_BIOS_BASE, PAM_BIOS_SIZE); - for (i = 0; i < ARRAY_SIZE(mch->pam_regions) - 1; ++i) { - init_pam(&mch->pam_regions[i + 1], OBJECT(mch), mch->ram_memory, - mch->system_memory, mch->pci_address_space, - PAM_EXPAN_BASE + i * PAM_EXPAN_SIZE, PAM_EXPAN_SIZE); - } } uint64_t mch_mcfg_base(void) From patchwork Wed Mar 20 08:39:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597493 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2076.outbound.protection.outlook.com [40.107.220.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DC4E239AC1 for ; Wed, 20 Mar 2024 08:44:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.76 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924284; cv=fail; b=mU8qumf746YOPFGHl3MKx3Q0Fxc6NVMXcbtH52EoD7nw5YWH23j8vbel4TSNcJ3rmvf4qkiJPUm/20O8mcxtowS8TTViprB9PdN8v08cOoCEtbE/JO4fs73P/OCeIDQuyx5bsyGTrrJ6WcgrFqW2AHLVrts3PjBnIYDJgB27aVU= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924284; c=relaxed/simple; bh=roe1nM4cjdK4el2l6lJi60m8B/DeDfIe/it2tR/t97M=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=CEQRpbzynh5NZHm2ISJlH3iaE8hCap6Sb/zhnnRV3osX9Gnz5gtkusU2ZXuN5Fqx9FaF5H/clDVyc6X0g7LTqVZVpA1fVF3w/IPBvSbNJPxMJE0Ior2ZBqLcQ0gzIIa+w+f5pcdf3wYSEx+Lr24VKCl4ERsXjCdql6cj1V+4Lvk= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Eim9g7n3; arc=fail smtp.client-ip=40.107.220.76 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Eim9g7n3" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Vk9xaW5e+eprpioY6hFO1ODy46mNy7+Mg9PB7LXB6g3UcseSJf8mxWwwkEcEmvYygPSUFmYH6u/iiAtqNlTGAvdisQiyLZ7yJBgJHokbZo++bnCtBCLY/X22IuBnviIVQqgyUhuYu0Hq+5nH3kJBFu79cnlrVnMLCu59vSGCVilT8VF+Z4APas6WL8MSrVt32vnESddpL9idM+q3TEoSnH0eQ9RCA0H/J4UGokO0L09yWe/NcI+hfQyxktegLCEQbruUMZpiqFhQc97giIuaD/xNe5dnads3LhUqi5XHMdUT/5oCG/IJqT9X/1I88nVUuVj2WyTO3326YsJzGw/GCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PZXSYLqzazsjQqsL8guAe/PDsMZiZI6uZP4O0rA8/oQ=; b=OaqkRBLA9pfEH9b5hSl/+WFNGxLvLveV+sFnglv090wCR8uW7N6bmUx/lR+vP7eCihh9/DNKs//KUIRvNpPrW4q/ZUs36khIS5Go9akfEOYJdowQca0Wlk5vu6AlLV2OVUl7fySaa0lI81wEEiX5RuoY5DfEEqNZjdB7XwDuwO3EVkpRol/1bXgCX3csW4WJVmSyfWY48WTQx/9aIdmBJd38hKUqHXWwrZlFXm7z0C3RJ7U/P/hUAslXjz3jFO1Ydyoz82As1U6/skB0H1DrzT1wBqsG2FHtECj+75K6ZFFNtqugoIxdsfFN8mcvtfXL1MkcUzGFWJc62GbGh3lQFQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PZXSYLqzazsjQqsL8guAe/PDsMZiZI6uZP4O0rA8/oQ=; b=Eim9g7n3wxzF9hILrND5BHzQmPME1rrSwHvQ0AJniBiiXpIrhKuICAaJyCXtnByvj5fPzg09UZFs2bU3OicWLd7BOsemKVH83rF/9chIvDbKc9c8OYSC+/6uwFTgixjeQhL1KMFkxB6DeH7xytNvfTiRmSAmVcsGw9FM36yTmD0= Received: from BYAPR11CA0086.namprd11.prod.outlook.com (2603:10b6:a03:f4::27) by PH0PR12MB8822.namprd12.prod.outlook.com (2603:10b6:510:28d::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.30; Wed, 20 Mar 2024 08:44:38 +0000 Received: from MWH0EPF000A6731.namprd04.prod.outlook.com (2603:10b6:a03:f4:cafe::74) by BYAPR11CA0086.outlook.office365.com (2603:10b6:a03:f4::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27 via Frontend Transport; Wed, 20 Mar 2024 08:44:38 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A6731.mail.protection.outlook.com (10.167.249.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:44:38 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:44:37 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata , Sean Christopherson Subject: [PATCH v3 18/49] q35: Introduce smm_ranges property for q35-pci-host Date: Wed, 20 Mar 2024 03:39:14 -0500 Message-ID: <20240320083945.991426-19-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A6731:EE_|PH0PR12MB8822:EE_ X-MS-Office365-Filtering-Correlation-Id: 937a9cd3-f0d6-4054-c2d3-08dc48b9fa54 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: PJCHAwcp46/2I8twpNQvSwBRMx6RSNGPv6Ho0R9Yj39j/8zj7ErnxOgBqgdksdNidKyF6jqTUpehCPUPtarrQskguowwP30aMwXjBJ3KfiR5iaWbdbYYWc/3GwBBORgkc0swW4cuGXi5sIPOYQDP/HSMlaQ2tNDSY7CjyUrdUuXRJUo6De2EmZxZpj6pb9QebvZQHFx20t7x8p/VAtU+KrXJvg0SBqFoxn1daZm2BvFzzMKmSeAyt0ZnvMZIovMZ8jN7OjXQo7gl2PpAZSuXHwx4t/L+etgA/aKpyBbrfG2b+U8teRh1Bo+zHs129na/sAK4ns3Hpuw+CxiDcYadIeTZqTRcYKzi+R7+RNvoJ6zkAYxxWGXm3bp4LrlCK+pvW8stu0qBqA5AfVQSJEC0T1lOmndz5uzBok+0LwVg4UibslLLyszBr+HEAq7Jv3iy4A1z9vl7BS3I5ru3mFsmC66FhTjBqfkeP+ZFp11h+KMdlg/wPhX5Eq7ENVXjXWo4Oc6F+88iqq9xaV0CPtanV2n/jb9vY4l9htRp4ADn9sVyaN1M66QicKrso3T3KBYLXARUiOAoF2Yi5Xn6SVE8cIO4PSGNtFBiFK4rQssMQkcpUbXxOa63o+kjw7gCmlWDLz8ks96LvKjzQPWmOXNwISkdBUm72h59WmXcPS0RJUoB9sHRy9gueRG0n0y9n96sSu7cpde9yL/KebU4Szd76dqlGAeHTxgwhnSnI2uMUzZoug3KK5wlwwqJrkBwA4IX X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(376005)(36860700004)(82310400014)(1800799015);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:44:38.4213 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 937a9cd3-f0d6-4054-c2d3-08dc48b9fa54 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A6731.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR12MB8822 From: Isaku Yamahata Add a q35 property to check whether or not SMM ranges, e.g. SMRAM, TSEG, etc... exist for the target platform. TDX doesn't support SMM and doesn't play nice with QEMU modifying related guest memory ranges. Signed-off-by: Isaku Yamahata Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Xiaoyao Li Signed-off-by: Michael Roth --- hw/i386/pc_q35.c | 2 ++ hw/pci-host/q35.c | 42 +++++++++++++++++++++++++++------------ include/hw/i386/pc.h | 1 + include/hw/pci-host/q35.h | 1 + 4 files changed, 33 insertions(+), 13 deletions(-) diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c index 8a427c4647..42324448d7 100644 --- a/hw/i386/pc_q35.c +++ b/hw/i386/pc_q35.c @@ -219,6 +219,8 @@ static void pc_q35_init(MachineState *machine) x86ms->above_4g_mem_size, NULL); object_property_set_bool(phb, PCI_HOST_BYPASS_IOMMU, pcms->default_bus_bypass_iommu, NULL); + object_property_set_bool(phb, PCI_HOST_PROP_SMM_RANGES, + x86_machine_is_smm_enabled(x86ms), NULL); sysbus_realize_and_unref(SYS_BUS_DEVICE(phb), &error_fatal); /* pci */ diff --git a/hw/pci-host/q35.c b/hw/pci-host/q35.c index 98d4a7c253..0b6cbaed7e 100644 --- a/hw/pci-host/q35.c +++ b/hw/pci-host/q35.c @@ -179,6 +179,8 @@ static Property q35_host_props[] = { mch.below_4g_mem_size, 0), DEFINE_PROP_SIZE(PCI_HOST_ABOVE_4G_MEM_SIZE, Q35PCIHost, mch.above_4g_mem_size, 0), + DEFINE_PROP_BOOL(PCI_HOST_PROP_SMM_RANGES, Q35PCIHost, + mch.has_smm_ranges, true), DEFINE_PROP_BOOL("x-pci-hole64-fix", Q35PCIHost, pci_hole64_fix, true), DEFINE_PROP_END_OF_LIST(), }; @@ -214,6 +216,7 @@ static void q35_host_initfn(Object *obj) /* mch's object_initialize resets the default value, set it again */ qdev_prop_set_uint64(DEVICE(s), PCI_HOST_PROP_PCI_HOLE64_SIZE, Q35_PCI_HOST_HOLE64_SIZE_DEFAULT); + object_property_add(obj, PCI_HOST_PROP_PCI_HOLE_START, "uint32", q35_host_get_pci_hole_start, NULL, NULL, NULL); @@ -476,6 +479,10 @@ static void mch_write_config(PCIDevice *d, mch_update_pciexbar(mch); } + if (!mch->has_smm_ranges) { + return; + } + if (ranges_overlap(address, len, MCH_HOST_BRIDGE_SMRAM, MCH_HOST_BRIDGE_SMRAM_SIZE)) { mch_update_smram(mch); @@ -494,10 +501,13 @@ static void mch_write_config(PCIDevice *d, static void mch_update(MCHPCIState *mch) { mch_update_pciexbar(mch); + mch_update_pam(mch); - mch_update_smram(mch); - mch_update_ext_tseg_mbytes(mch); - mch_update_smbase_smram(mch); + if (mch->has_smm_ranges) { + mch_update_smram(mch); + mch_update_ext_tseg_mbytes(mch); + mch_update_smbase_smram(mch); + } /* * pci hole goes from end-of-low-ram to io-apic. @@ -538,18 +548,20 @@ static void mch_reset(DeviceState *qdev) pci_set_quad(d->config + MCH_HOST_BRIDGE_PCIEXBAR, MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT); - d->config[MCH_HOST_BRIDGE_SMRAM] = MCH_HOST_BRIDGE_SMRAM_DEFAULT; - d->config[MCH_HOST_BRIDGE_ESMRAMC] = MCH_HOST_BRIDGE_ESMRAMC_DEFAULT; - d->wmask[MCH_HOST_BRIDGE_SMRAM] = MCH_HOST_BRIDGE_SMRAM_WMASK; - d->wmask[MCH_HOST_BRIDGE_ESMRAMC] = MCH_HOST_BRIDGE_ESMRAMC_WMASK; + if (mch->has_smm_ranges) { + d->config[MCH_HOST_BRIDGE_SMRAM] = MCH_HOST_BRIDGE_SMRAM_DEFAULT; + d->config[MCH_HOST_BRIDGE_ESMRAMC] = MCH_HOST_BRIDGE_ESMRAMC_DEFAULT; + d->wmask[MCH_HOST_BRIDGE_SMRAM] = MCH_HOST_BRIDGE_SMRAM_WMASK; + d->wmask[MCH_HOST_BRIDGE_ESMRAMC] = MCH_HOST_BRIDGE_ESMRAMC_WMASK; - if (mch->ext_tseg_mbytes > 0) { - pci_set_word(d->config + MCH_HOST_BRIDGE_EXT_TSEG_MBYTES, - MCH_HOST_BRIDGE_EXT_TSEG_MBYTES_QUERY); - } + if (mch->ext_tseg_mbytes > 0) { + pci_set_word(d->config + MCH_HOST_BRIDGE_EXT_TSEG_MBYTES, + MCH_HOST_BRIDGE_EXT_TSEG_MBYTES_QUERY); + } - d->config[MCH_HOST_BRIDGE_F_SMBASE] = 0; - d->wmask[MCH_HOST_BRIDGE_F_SMBASE] = 0xff; + d->config[MCH_HOST_BRIDGE_F_SMBASE] = 0; + d->wmask[MCH_HOST_BRIDGE_F_SMBASE] = 0xff; + } mch_update(mch); } @@ -578,6 +590,10 @@ static void mch_realize(PCIDevice *d, Error **errp) PAM_EXPAN_BASE + i * PAM_EXPAN_SIZE, PAM_EXPAN_SIZE); } + if (!mch->has_smm_ranges) { + return; + } + /* if *disabled* show SMRAM to all CPUs */ memory_region_init_alias(&mch->smram_region, OBJECT(mch), "smram-region", mch->pci_address_space, MCH_HOST_BRIDGE_SMRAM_C_BASE, diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h index 27a68071d7..fb1d4106e5 100644 --- a/include/hw/i386/pc.h +++ b/include/hw/i386/pc.h @@ -161,6 +161,7 @@ void pc_acpi_smi_interrupt(void *opaque, int irq, int level); #define PCI_HOST_PROP_PCI_HOLE64_SIZE "pci-hole64-size" #define PCI_HOST_BELOW_4G_MEM_SIZE "below-4g-mem-size" #define PCI_HOST_ABOVE_4G_MEM_SIZE "above-4g-mem-size" +#define PCI_HOST_PROP_SMM_RANGES "smm-ranges" void pc_pci_as_mapping_init(MemoryRegion *system_memory, diff --git a/include/hw/pci-host/q35.h b/include/hw/pci-host/q35.h index bafcbe6752..22fadfa3ed 100644 --- a/include/hw/pci-host/q35.h +++ b/include/hw/pci-host/q35.h @@ -50,6 +50,7 @@ struct MCHPCIState { MemoryRegion tseg_blackhole, tseg_window; MemoryRegion smbase_blackhole, smbase_window; bool has_smram_at_smbase; + bool has_smm_ranges; Range pci_hole; uint64_t below_4g_mem_size; uint64_t above_4g_mem_size; From patchwork Wed Mar 20 08:39:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597494 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2084.outbound.protection.outlook.com [40.107.243.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BEF6E364D4 for ; Wed, 20 Mar 2024 08:45:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.84 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924303; cv=fail; b=WcYrHA/qwwg1a0rfpJkr5ipfw0Fgg84dB11K6XkBudNkAvZvZ4J9u+0jEZWn+KcK8rnkwpbAl+4MLMyVjl9p9DX7BXIbF6CZlrGtkgsngb8iP2JeXC7A5n5YrQoG2X25ftkL8ywgFeLRFVgErehBA629xHjd5zfr1tna3GjdZqU= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924303; c=relaxed/simple; bh=KDTnfeophUzFWXCGgm3ynfxcj1RCR2IIHE5JrvBoM58=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=tlTgYFKFDYycf7x+Hbff6hJ8tgl4iLxyQWJ21dFHZ4NFRZg4Joq40iZ3DnM9X2AywFTdWS843qlBljdSRqxmV/8AGkSAfutKIY08P6dtjeYuaVs5CZLOCgDQjO6CDy6UobjnYSMsk+DaoV012hRd9WD5V6MtI+wP0KobsK0Br8A= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=tPW2cThE; arc=fail smtp.client-ip=40.107.243.84 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="tPW2cThE" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hJESJWdGMq/esKu3BGmh2jUktOOffKW4lzL9l9WFoz8Wu7CuFQiTXqmFnFL7hnf53pcU0BysIguLwr7qWnqFYcg5wPwzHn/vNhma/Z5yOb0oDEiVuF5ufjUcCAJDqa+HHS+7EYupThxgiStnXvUdNNAfBftj0YB+HbUG8cCl0fJlXYxyOW8Hy7siNzgh2/k3yD37tIRxVtyIX+vGKxNGYYBrmGGAH29Gmkvjp0rjsJycN9fv78+ETpHTRrNxj0Vhz7Nu6vUd+R86kWfAZEHPzWU3t+dK9uICSS/QpC/qYJdV93a5ZS1m+iW3o45dTW0ozPHJix3bGPz055sMj2Vd4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BpZ+SqVKQVLU/VQrnrSoqvpAcIU0Juoe+lQqz7DfMFI=; b=Or+tfC3zbUfDEy/p+O3vqA8tAG5E/ER89onh26VVHGd2kfWn6q4AyNRPjl8eq9/83fOJCh3W71osgaitjQKStkNXkFenuWZAkl/minZyrjLFanf0eCYP7XWPdHzdetQnfwqHxLWgSNg1pvmFIn00ZSwniu4IRIfcst+iI44hyQaQgk67pSrfnGUE/LudKSRABGLcN92TjMKLy/k2k7k1rw1wwO06sl1Ngh8XsplvLfwV3a9GDYWdSL3xI+XVEqLDrtOQ/it4PZMfpaigP6Yde3vc+ukmY1IhLoaEw3JMcAMD5eoI/bWHCEyoAjonC8ldDsicRqkAioyTPTXGfWhGpQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BpZ+SqVKQVLU/VQrnrSoqvpAcIU0Juoe+lQqz7DfMFI=; b=tPW2cThE8+K6BPat/aEEA8ubqWD2lIZqyFGRWM6HBBotfbC1CrwRziZX1wDXlL67qk79BGSyvvzjFa80pyvAL3wG06EevB7QFv33oEjrxL07yRfFLXBqY0yQBP0ygDliWSuZI1E/g4TVqbeQxSzmuVrLuV+NZ1hkyeQaHhB5E9k= Received: from MW4PR04CA0059.namprd04.prod.outlook.com (2603:10b6:303:6a::34) by SA1PR12MB8161.namprd12.prod.outlook.com (2603:10b6:806:330::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27; Wed, 20 Mar 2024 08:44:59 +0000 Received: from MWH0EPF000A672E.namprd04.prod.outlook.com (2603:10b6:303:6a:cafe::a) by MW4PR04CA0059.outlook.office365.com (2603:10b6:303:6a::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.28 via Frontend Transport; Wed, 20 Mar 2024 08:44:59 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A672E.mail.protection.outlook.com (10.167.249.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:44:59 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:44:58 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 19/49] kvm: Make kvm_convert_memory() obey ram_block_discard_is_enabled() Date: Wed, 20 Mar 2024 03:39:15 -0500 Message-ID: <20240320083945.991426-20-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A672E:EE_|SA1PR12MB8161:EE_ X-MS-Office365-Filtering-Correlation-Id: 1af5f33d-1b74-4826-a053-08dc48ba06c2 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: KShVnZL+BhTW3k38A/fuHCan76XqbbIFxYYGcF2y3udhKw+eVFQ8ZuSFveUqRSrvC1AmFc0Tb1JdF7EImmd/vOKMukr5HL5d7LmVWIj39zlu97P+OodwOyHpv0Ucl9lu2Tb4fQeAlfL8SrTtpQnLM0D1I5Ut8z6/U0QK0A+iaC5zCDrAHqk+Lo4BCtIdGgIrCrOtlDOxjAvTjBiPfaqkTi1Qhfbtf5JRM6PqehX/UKr73iYksB3ubmgooay6nr/1LQaI5chL6UPyXvv9MgQuIx9Iu1vApCGxltyoqiOseVCMRW7uI4AIyMH7MmSuFQV58GIPycj5Nk+CA1YORlnAwBO2aPdoa6p7Idwv6XP3kDfuC+Ht8eCWKXvXIx5Prj310Ti/Zv/1L6vbuSUBxNlbCnxpmkxdCJk4jFFcWnaFEmJ4mbtV97Iv/wuNR37ZiQGxpCeXMZRQerdzARCKa4FyxQVlgvldeEhFCuIIAmgHwhyRgqEWJL/7G24/m1yOxaAJ2+xtKi7O5LkML339xdjweNNgPajX9y/DsyIRxZMLDOsMo9XtW7/Ozqrmqazrj0+hC2aFKP0bMKtLKKiPuKKo0mNvbeWMjiKe/Uixa6UACJe54JB6qaPA3aRd8kuCHEzkKllCnLS1fVXwdlWNvc6S/E4tN6XMmzp5X8xJIzQ2bdB7VEmcxx4GSDz2sxLYveukjQ/MkX31CiPgLXIAYq7rLPwXOhME6tLSbITVliIkIlw8xJbQ2DOSpA1Lcoyn9hlG X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(36860700004)(376005)(82310400014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:44:59.2740 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1af5f33d-1b74-4826-a053-08dc48ba06c2 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A672E.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB8161 Some subsystems like VFIO might disable ram block discard for uncoordinated cases. Since kvm_convert_memory()/guest_memfd don't implement a RamDiscardManager handler to convey discard operations to various listeners like VFIO. Because of this, sequences like the following can result due to stale IOMMU mappings: - convert page shared->private - discard shared page - convert page private->shared - new page is allocated - issue DMA operations against that shared page Address this by taking ram_block_discard_is_enabled() into account when deciding whether or not to discard pages. Signed-off-by: Michael Roth --- accel/kvm/kvm-all.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 53ce4f091e..6ae03c880f 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -2962,10 +2962,14 @@ static int kvm_convert_memory(hwaddr start, hwaddr size, bool to_private) */ return 0; } else { - ret = ram_block_discard_range(rb, offset, size); + ret = ram_block_discard_is_disabled() + ? ram_block_discard_range(rb, offset, size) + : 0; } } else { - ret = ram_block_discard_guest_memfd_range(rb, offset, size); + ret = ram_block_discard_is_disabled() + ? ram_block_discard_guest_memfd_range(rb, offset, size) + : 0; } } else { error_report("Convert non guest_memfd backed memory region " From patchwork Wed Mar 20 08:39:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597495 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2070.outbound.protection.outlook.com [40.107.220.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A4DA2374C3 for ; Wed, 20 Mar 2024 08:45:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.70 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924326; cv=fail; b=t3Gmlv5cryUWuocc+kxV8OZA8nC/Izr8TVbR3fps+ta4+MMVdd7Xbmx99jnmRIkl0gNKsUR5d3pFn8CLnZNTSuoLKuFs/K/6gEOebXyN0pmthldtIiCo6pfHYlCxRM9LcHdq1GuHRkoQff7HLfUU8kgT3Qvu/E1/K/LPeuKPefY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924326; c=relaxed/simple; bh=FMTZw1QcmGt6JXWVAddgkcUb//DkPZsz3QfjviWP0Q0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=NQW5UyHegJCcyL3Vrgp/iVQDvuPpc/xR0iT+WgQLg5x/qB+8GTktf9reBhYOg4J1F5Vyk03h7t4GffiN0j/fsTN22kveDwFbhb11aY4SnnVORgudk0t5IaPlHSNPA2lNAJ9j5fTVvbUFIjOxvsV1ZiVP+AsuXbtAPb0tsYERiHk= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=xmOXEMb7; arc=fail smtp.client-ip=40.107.220.70 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="xmOXEMb7" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=J11K8/FYWFcjaa8DWWxykkw7maywhNRDTvcIEt0TP+HWe5uaV00MZ3b3xxedYLOrtBDE+hJ8CH1+Vcuo6YIUIo64ZkGyfgG+Nw4UwZdkU2QKD+EJipg2rUhf1Q5bjKM3T6tkGXaeL4oJm3+Kog6b5jrmK2A5BUX1lHyen9JWSBAIC/n/4rlSQb3o6+Re1Pn7xpzW0pQhe9PJdNzYgReyNtuH851wtdCJ9qN1bCGXqshRAc8wX7Lp+S3DP4TEjl0xOfuurAZ/PRg3Osq1SsANyQ6VI3K7wJ2NBq1ndRBbSRHu8e2iJYqy4s1Ac4EMrL1AOBogpL0HIgZTVHNK6IbGNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SxUlZfCZKFxzZ51lHY8et/IBOA6GjxRKwAqzIFVFHmw=; b=GFO9/cB6yKf2Tuo99Uyyfk9U0+URilzrrvf7F109grbFnfR7J7CWWgKNpvPEgTTAfh4AI3+/UtHAWO0w+geRLDI+ZiM9Nc+obr8QC9Q6ASjkEr1AbNpdeWQA8Bb330ra4JSFoW7ypiXh9PVdN7eu3pD/vVROg2l79jEH3PiIazSZJZEx9W0ZcY/wn+2lDht+d0uTHe2pSV3/nLbY8xlH5c4q7kICz4G0A/LNs0R9x3lLsNFonKsAFkpgv2XKfYtchbNaoS1RQVyzR+XCajMuwVxVf3N9zKbmAwKzby7Oe/BWRz2cUEhOUD/toaJ52H7xfbQ0OveUi+VqCVPfcuhISQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SxUlZfCZKFxzZ51lHY8et/IBOA6GjxRKwAqzIFVFHmw=; b=xmOXEMb7HW7vdGQopYJUtVx2ojDOfHTI74spD7lLL0tPfOIfo1T4ik5fO4A7qmwv7ck9h0sz/2wvS5DhMeN5XI7e6elB6e6qoUvSJRlCuz9G+o9yY6t/VkWD6oyLR6lldnCF0cdaoTCymjEaxfr21nEVHlx+bdV1u5zP3EwaYDc= Received: from BY3PR05CA0056.namprd05.prod.outlook.com (2603:10b6:a03:39b::31) by SA0PR12MB7464.namprd12.prod.outlook.com (2603:10b6:806:24b::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.28; Wed, 20 Mar 2024 08:45:21 +0000 Received: from MWH0EPF000A6730.namprd04.prod.outlook.com (2603:10b6:a03:39b:cafe::a6) by BY3PR05CA0056.outlook.office365.com (2603:10b6:a03:39b::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.12 via Frontend Transport; Wed, 20 Mar 2024 08:45:21 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A6730.mail.protection.outlook.com (10.167.249.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:45:21 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:45:19 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 20/49] trace/kvm: Add trace for KVM_EXIT_MEMORY_FAULT Date: Wed, 20 Mar 2024 03:39:16 -0500 Message-ID: <20240320083945.991426-21-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A6730:EE_|SA0PR12MB7464:EE_ X-MS-Office365-Filtering-Correlation-Id: aaab97b4-14ac-4150-5487-08dc48ba13c4 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: r7/iU8P5DmtqFbofk+jDMUWSk7tzJOLjQsMwOOYTBxL+rNd4/hjs1QFoiQJQKLISDY+2hiB9JqTtQdy7y4aYTUR3RnaxusETrHiSd7D5oN6/xMXKWBfJ18VZKoAtsc72ki7tgr4rYHoyPaNvgr9YRZrFMSUbafFT3BCSWvqexxkf0z4ObODScs5XHm/B1038cArQh45rwA7H/22EggyTNkaG9IucjEewsfAs9DS4kbhxUemUA8jENcyM2WPCQyeiazqSEq8orBGgx4Gdv595YNvpJsv1agFz5L+ugRRv0tt8yS6zXXvaBuIirIm5281dd8VJ7SR9xXqj6Hguw1rZ3SrgZDycOAC96DiPRmubVjClBeXi43sOJmBcBl8LtoA2IPT+Q6Yq5nwKcmuHK4IBoeA3vYfnEof/KSAWh3X3t44aRdAmF8C96io9YC3RjTvZfu6SG6ZShA5fFw3U7MdaeIgq7/+h3pK+QS7eYuxc7rTyGmbcKUxsaSIjxS3n1kRFyytdlTDrZaJKeYc1wwlmZwo5oWL2WwMJbvuhVsH/h5FNswLje1ue6LnaZYB94JtJolfWI9uf+ieS6x89tf+2suSjrNhilX48RtHElMya07DaCFHQM1VdetlQX1sU281ww79I/WWZEJUkiyvQUfqvfaChtqOPBpXPZCOlsgLuVVCllNCkY06OYBhACjxC63lEkk9i/6P+rHlROADia7S/eRQ/wtCM1uI0J78IMTLAlBvpEdXYeePDVLS9b1m72S0W X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(82310400014)(376005)(36860700004)(1800799015);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:45:21.0956 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: aaab97b4-14ac-4150-5487-08dc48ba13c4 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A6730.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB7464 Signed-off-by: Michael Roth --- accel/kvm/kvm-all.c | 3 +++ accel/kvm/trace-events | 1 + 2 files changed, 4 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 6ae03c880f..b5872fdc07 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -3145,6 +3145,9 @@ int kvm_cpu_exec(CPUState *cpu) } break; case KVM_EXIT_MEMORY_FAULT: + trace_kvm_memory_fault(run->memory_fault.gpa, + run->memory_fault.size, + run->memory_fault.flags); if (run->memory_fault.flags & ~KVM_MEMORY_EXIT_FLAG_PRIVATE) { error_report("KVM_EXIT_MEMORY_FAULT: Unknown flag 0x%" PRIx64, (uint64_t)run->memory_fault.flags); diff --git a/accel/kvm/trace-events b/accel/kvm/trace-events index 31175fed97..681ccb667d 100644 --- a/accel/kvm/trace-events +++ b/accel/kvm/trace-events @@ -32,3 +32,4 @@ kvm_interrupt_exit_request(void) "" kvm_io_window_exit(void) "" kvm_run_exit_system_event(int cpu_index, uint32_t event_type) "cpu_index %d, system_even_type %"PRIu32 kvm_convert_memory(uint64_t start, uint64_t size, const char *msg) "start 0x%" PRIx64 " size 0x%" PRIx64 " %s" +kvm_memory_fault(uint64_t start, uint64_t size, uint64_t flags) "start 0x%" PRIx64 " size 0x%" PRIx64 " flags 0x%" PRIx64 From patchwork Wed Mar 20 08:39:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597497 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2063.outbound.protection.outlook.com [40.107.92.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6EA2A38DE5 for ; Wed, 20 Mar 2024 08:46:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.63 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924368; cv=fail; b=SYKis9LzVAlwepjr1O7rtSdlzV03pvo3lGlk5z7peXoKQWoIHb+kTjWDgFGxM3o9X+mxdH5Nd0J7xMXY5PCObiBQ0ioLr+ZTR6n49lFZjV/KHxW1UjMn/TkCFbO2e3eJ/G1kC2pDiAnc4Hbjw8pBNzXwSedPKORi9DLk8avZcM4= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924368; c=relaxed/simple; bh=2otGYn1OBsulKlSd+nuR7CaCz60pziEmc+mcFm6p6H4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=nX2WpC9eKuuKPsp3KIeEXCiMiRfkrY4UaLsc6saNrnu4wXcJ4rEG8kuch+B3hn6yt1BVCsyc5nSPwztFz3J/OXPMzWKLuI+htjNBOxsGJvAnyW9D5eWCDfd30qTWOsFIp0LNnjKsGcYjSMRvkw2jN2N8BwV9LpK7AVk4EKsBP7E= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=r0IAJplK; arc=fail smtp.client-ip=40.107.92.63 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="r0IAJplK" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RKBbO0CaEhuTxCJXfv5scGZ7R1aKOKP84OZU1haI/uLUYLvB9nS0U3Xqf+qjk3OW4f/hR3kxJDJl51nDIQ/TpP2RNDlL67XkYs64NmDhiWiEQdr5YdOTEXeDjLB3odnRsn1xe2lWfWahC/Y3zn0aV2ppmAGO3wyolP3Z66X+DUhTlvFPmbHchs/iRG99NmH+WOsZW428fCaxS2blmmWy9eLhGfET9GmmJui5t9SXgYLADERtRUAq8Dsr09CTTqPZa2SdnkdTFNLAmIpeqrOYjJy1QJo6bL/dNg4O5IHJJLbRmtEiEWnnWwP/PXNYq6912Izd6rjDcQJWlRUwcNQfcQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Nabb/ZLx53NOJVnViJd0UclO546NdwaLnwg/o8wtWdk=; b=fNq8sPtDF1f+Off4dYGGCWe9fSst9RPGi9AXEcggpkx5rZxMsK6waVwaUdeRlqtD/ykMLSlgoHJq08BtE9t9K5cis0uVSU1Wk6LFSAr4EPAc2RcU8Dn5IBhij9SVAnM1y1eoBI+JAmZgGwhVfnWBevcE7x3El/m641g4OsLURr1eqwKhQf7ldjtnJn0ItAS1LsNHz5+lRoIhMW3X99InoNmNq+4BSsh6ZSvy2Bj/cS8LHmLfDRXUA8WM8l9vy8fg/OuqVinv7Gp4wLC7TlEfU8oJ1IYJ4lpVpKIW3zF8MnntPj6n+vM/kbt8BK2F3n62ALLmOsYmxtm8eHdrTUZgpA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Nabb/ZLx53NOJVnViJd0UclO546NdwaLnwg/o8wtWdk=; b=r0IAJplKY5pn5RAIyatyXWoHMRZABPkiEyy8t5wv4w0ZDnjBMTQA9pHikHe8DDwH+Vd21b43ENoxmjMuelfMDSmgkxznPpQEU/xV47IiivsXsGqqTRMSyzOV6EV2Wuf0/sA+XLP4Z8POCBLn4grOjMo3qSj0qQNEFQQDPmhCFM0= Received: from MW4PR03CA0239.namprd03.prod.outlook.com (2603:10b6:303:b9::34) by MW4PR12MB7360.namprd12.prod.outlook.com (2603:10b6:303:21a::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27; Wed, 20 Mar 2024 08:46:02 +0000 Received: from MWH0EPF000A6734.namprd04.prod.outlook.com (2603:10b6:303:b9:cafe::a) by MW4PR03CA0239.outlook.office365.com (2603:10b6:303:b9::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.28 via Frontend Transport; Wed, 20 Mar 2024 08:46:02 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A6734.mail.protection.outlook.com (10.167.249.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:46:02 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:46:01 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 21/49] i386/sev: Introduce "sev-common" type to encapsulate common SEV state Date: Wed, 20 Mar 2024 03:39:17 -0500 Message-ID: <20240320083945.991426-22-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A6734:EE_|MW4PR12MB7360:EE_ X-MS-Office365-Filtering-Correlation-Id: d4244442-135b-4a37-0801-08dc48ba2c63 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: jp6Qf+XRkjYfcTKRknvwQbeCHAGGxfKeFht2AwnAO2dmXY68uWg0xjZpjWF0Uw03d5uDwcSuCKVpgIIUNYWb+yVvunAL5xvdFcBXtKtaImrJbRO+VMDcJlMEt5MzjDzEu/ZZXaDJAtar4HxkIESTVKv8Baw8JqJOcyv7Op8qpHYtiYmSjFGRHitMsBcQo1mZSdRIIvKo92fo4cTC18EbwVm1mzqjSvbUmABPvH7Ze6WA7PxrAzh51btxE7QFS4yc2bbOqmFTzNIAnHV4uhf+HgWPFn3Om0Bx6eMpKUKlI5NhNotHNzcLO1eGrAFjvfyfD2Tk59eJ3dHDHIbeyVsaildB4GuGu3jhpcoi6rdCX2djigYRkuxupZ2hzWAAAq5QVKfbimhmXSEerf2pNkEW7jz05UPsdZZc0MHIbysulwhN0ZEC2lcHUUZKGNwR4v9ddutLQ6cm8uHKU4RHKitMZ9xiMb9/zHW75KwcWkn+LkGPQ0W3kDFjwLIa+3kR/0wdZDzwqjEf2oydXVh6/1LISF71MljxL7nyhqP92wB3le5qRQpGkYOulT1w63xXpoDT0EFs/IDm7pKcgb+uLgrhgXvPQgKJPaGm+pmECgF1ATO3alqdQZW0bA9krAsYZH7bzlxnAfS99jj7o03geTKDIWRk60npTP2lQt5VrGGRXStyJZeTWanxR/yJ0irZF64OfZsOF8VdFupzq3AxAWA3IizVKfujEMw9TnYdu3crSAI2SyN1uL4+rQDIZlmgETJw X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(36860700004)(82310400014)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:46:02.4009 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d4244442-135b-4a37-0801-08dc48ba2c63 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A6734.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR12MB7360 Currently all SEV/SEV-ES functionality is managed through a single 'sev-guest' QOM type. With upcoming support for SEV-SNP, taking this same approach won't work well since some of the properties/state managed by 'sev-guest' is not applicable to SEV-SNP, which will instead rely on a new QOM type with its own set of properties/state. To prepare for this, this patch moves common state into an abstract 'sev-common' parent type to encapsulate properties/state that are common to both SEV/SEV-ES and SEV-SNP, leaving only SEV/SEV-ES-specific properties/state in the current 'sev-guest' type. This should not affect current behavior or command-line options. As part of this patch, some related changes are also made: - a static 'sev_guest' variable is currently used to keep track of the 'sev-guest' instance. SEV-SNP would similarly introduce an 'sev_snp_guest' static variable. But these instances are now available via qdev_get_machine()->cgs, so switch to using that instead and drop the static variable. - 'sev_guest' is currently used as the name for the static variable holding a pointer to the 'sev-guest' instance. Re-purpose the name as a local variable referring the 'sev-guest' instance, and use that consistently throughout the code so it can be easily distinguished from sev-common/sev-snp-guest instances. - 'sev' is generally used as the name for local variables holding a pointer to the 'sev-guest' instance. In cases where that now points to common state, use the name 'sev_common'; in cases where that now points to state specific to 'sev-guest' instance, use the name 'sev_guest' Signed-off-by: Michael Roth Acked-by: Markus Armbruster --- qapi/qom.json | 32 ++-- target/i386/sev.c | 457 ++++++++++++++++++++++++++-------------------- target/i386/sev.h | 3 + 3 files changed, 281 insertions(+), 211 deletions(-) diff --git a/qapi/qom.json b/qapi/qom.json index baae3a183f..66b5781ca6 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -875,12 +875,29 @@ 'data': { '*filename': 'str' } } ## -# @SevGuestProperties: +# @SevCommonProperties: # -# Properties for sev-guest objects. +# Properties common to objects that are derivatives of sev-common. # # @sev-device: SEV device to use (default: "/dev/sev") # +# @cbitpos: C-bit location in page table entry (default: 0) +# +# @reduced-phys-bits: number of bits in physical addresses that become +# unavailable when SEV is enabled +# +# Since: 2.12 +## +{ 'struct': 'SevCommonProperties', + 'data': { '*sev-device': 'str', + '*cbitpos': 'uint32', + 'reduced-phys-bits': 'uint32' } } + +## +# @SevGuestProperties: +# +# Properties for sev-guest objects. +# # @dh-cert-file: guest owners DH certificate (encoded with base64) # # @session-file: guest owners session parameters (encoded with base64) @@ -889,11 +906,6 @@ # # @handle: SEV firmware handle (default: 0) # -# @cbitpos: C-bit location in page table entry (default: 0) -# -# @reduced-phys-bits: number of bits in physical addresses that become -# unavailable when SEV is enabled -# # @kernel-hashes: if true, add hashes of kernel/initrd/cmdline to a # designated guest firmware page for measured boot with -kernel # (default: false) (since 6.2) @@ -901,13 +913,11 @@ # Since: 2.12 ## { 'struct': 'SevGuestProperties', - 'data': { '*sev-device': 'str', - '*dh-cert-file': 'str', + 'base': 'SevCommonProperties', + 'data': { '*dh-cert-file': 'str', '*session-file': 'str', '*policy': 'uint32', '*handle': 'uint32', - '*cbitpos': 'uint32', - 'reduced-phys-bits': 'uint32', '*kernel-hashes': 'bool' } } ## diff --git a/target/i386/sev.c b/target/i386/sev.c index 9dab4060b8..63a220de5e 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -40,48 +40,53 @@ #include "hw/i386/pc.h" #include "exec/address-spaces.h" -#define TYPE_SEV_GUEST "sev-guest" +OBJECT_DECLARE_SIMPLE_TYPE(SevCommonState, SEV_COMMON) OBJECT_DECLARE_SIMPLE_TYPE(SevGuestState, SEV_GUEST) - -/** - * SevGuestState: - * - * The SevGuestState object is used for creating and managing a SEV - * guest. - * - * # $QEMU \ - * -object sev-guest,id=sev0 \ - * -machine ...,memory-encryption=sev0 - */ -struct SevGuestState { +struct SevCommonState { X86ConfidentialGuest parent_obj; int kvm_type; /* configuration parameters */ char *sev_device; - uint32_t policy; - char *dh_cert_file; - char *session_file; uint32_t cbitpos; uint32_t reduced_phys_bits; - bool kernel_hashes; /* runtime state */ - uint32_t handle; uint8_t api_major; uint8_t api_minor; uint8_t build_id; int sev_fd; SevState state; - gchar *measurement; uint32_t reset_cs; uint32_t reset_ip; bool reset_data_valid; }; +/** + * SevGuestState: + * + * The SevGuestState object is used for creating and managing a SEV + * guest. + * + * # $QEMU \ + * -object sev-guest,id=sev0 \ + * -machine ...,memory-encryption=sev0 + */ +struct SevGuestState { + SevCommonState sev_common; + gchar *measurement; + + /* configuration parameters */ + uint32_t handle; + uint32_t policy; + char *dh_cert_file; + char *session_file; + bool kernel_hashes; +}; + #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ #define DEFAULT_SEV_DEVICE "/dev/sev" @@ -127,7 +132,6 @@ typedef struct QEMU_PACKED PaddedSevHashTable { QEMU_BUILD_BUG_ON(sizeof(PaddedSevHashTable) % 16 != 0); -static SevGuestState *sev_guest; static Error *sev_mig_blocker; static const char *const sev_fw_errlist[] = { @@ -208,21 +212,21 @@ fw_error_to_str(int code) } static bool -sev_check_state(const SevGuestState *sev, SevState state) +sev_check_state(const SevCommonState *sev_common, SevState state) { - assert(sev); - return sev->state == state ? true : false; + assert(sev_common); + return sev_common->state == state ? true : false; } static void -sev_set_guest_state(SevGuestState *sev, SevState new_state) +sev_set_guest_state(SevCommonState *sev_common, SevState new_state) { assert(new_state < SEV_STATE__MAX); - assert(sev); + assert(sev_common); - trace_kvm_sev_change_state(SevState_str(sev->state), + trace_kvm_sev_change_state(SevState_str(sev_common->state), SevState_str(new_state)); - sev->state = new_state; + sev_common->state = new_state; } static void @@ -289,111 +293,61 @@ static struct RAMBlockNotifier sev_ram_notifier = { .ram_block_removed = sev_ram_block_removed, }; -static void -sev_guest_finalize(Object *obj) -{ -} - -static char * -sev_guest_get_session_file(Object *obj, Error **errp) -{ - SevGuestState *s = SEV_GUEST(obj); - - return s->session_file ? g_strdup(s->session_file) : NULL; -} - -static void -sev_guest_set_session_file(Object *obj, const char *value, Error **errp) -{ - SevGuestState *s = SEV_GUEST(obj); - - s->session_file = g_strdup(value); -} - -static char * -sev_guest_get_dh_cert_file(Object *obj, Error **errp) -{ - SevGuestState *s = SEV_GUEST(obj); - - return g_strdup(s->dh_cert_file); -} - -static void -sev_guest_set_dh_cert_file(Object *obj, const char *value, Error **errp) -{ - SevGuestState *s = SEV_GUEST(obj); - - s->dh_cert_file = g_strdup(value); -} - -static char * -sev_guest_get_sev_device(Object *obj, Error **errp) -{ - SevGuestState *sev = SEV_GUEST(obj); - - return g_strdup(sev->sev_device); -} - -static void -sev_guest_set_sev_device(Object *obj, const char *value, Error **errp) -{ - SevGuestState *sev = SEV_GUEST(obj); - - sev->sev_device = g_strdup(value); -} - -static bool sev_guest_get_kernel_hashes(Object *obj, Error **errp) -{ - SevGuestState *sev = SEV_GUEST(obj); - - return sev->kernel_hashes; -} - -static void sev_guest_set_kernel_hashes(Object *obj, bool value, Error **errp) -{ - SevGuestState *sev = SEV_GUEST(obj); - - sev->kernel_hashes = value; -} - bool sev_enabled(void) { - return !!sev_guest; + ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; + + return !!object_dynamic_cast(OBJECT(cgs), TYPE_SEV_COMMON); } bool sev_es_enabled(void) { - return sev_enabled() && (sev_guest->policy & SEV_POLICY_ES); + ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; + + return sev_enabled() && (SEV_GUEST(cgs)->policy & SEV_POLICY_ES); } uint32_t sev_get_cbit_position(void) { - return sev_guest ? sev_guest->cbitpos : 0; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + + return sev_common ? sev_common->cbitpos : 0; } uint32_t sev_get_reduced_phys_bits(void) { - return sev_guest ? sev_guest->reduced_phys_bits : 0; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + + return sev_common ? sev_common->reduced_phys_bits : 0; } static SevInfo *sev_get_info(void) { SevInfo *info; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + SevGuestState *sev_guest = + (SevGuestState *)object_dynamic_cast(OBJECT(sev_common), + TYPE_SEV_GUEST); info = g_new0(SevInfo, 1); info->enabled = sev_enabled(); if (info->enabled) { - info->api_major = sev_guest->api_major; - info->api_minor = sev_guest->api_minor; - info->build_id = sev_guest->build_id; - info->policy = sev_guest->policy; - info->state = sev_guest->state; - info->handle = sev_guest->handle; + if (sev_guest) { + info->handle = sev_guest->handle; + } + info->api_major = sev_common->api_major; + info->api_minor = sev_common->api_minor; + info->build_id = sev_common->build_id; + info->state = sev_common->state; + /* we only report the lower 32-bits of policy for SNP, ok for now... */ + info->policy = + (uint32_t)object_property_get_uint(OBJECT(sev_common), + "policy", NULL); } return info; @@ -519,6 +473,8 @@ static SevCapability *sev_get_capabilities(Error **errp) size_t pdh_len = 0, cert_chain_len = 0, cpu0_id_len = 0; uint32_t ebx; int fd; + SevCommonState *sev_common; + char *sev_device; if (!kvm_enabled()) { error_setg(errp, "KVM not enabled"); @@ -529,12 +485,21 @@ static SevCapability *sev_get_capabilities(Error **errp) return NULL; } - fd = open(DEFAULT_SEV_DEVICE, O_RDWR); + sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + if (!sev_common) { + error_setg(errp, "SEV is not configured"); + } + + sev_device = object_property_get_str(OBJECT(sev_common), "sev-device", + &error_abort); + fd = open(sev_device, O_RDWR); if (fd < 0) { error_setg_errno(errp, errno, "SEV: Failed to open %s", DEFAULT_SEV_DEVICE); + g_free(sev_device); return NULL; } + g_free(sev_device); if (sev_get_pdh_info(fd, &pdh_data, &pdh_len, &cert_chain_data, &cert_chain_len, errp)) { @@ -577,7 +542,7 @@ static SevAttestationReport *sev_get_attestation_report(const char *mnonce, { struct kvm_sev_attestation_report input = {}; SevAttestationReport *report = NULL; - SevGuestState *sev = sev_guest; + SevCommonState *sev_common; g_autofree guchar *data = NULL; g_autofree guchar *buf = NULL; gsize len; @@ -602,8 +567,10 @@ static SevAttestationReport *sev_get_attestation_report(const char *mnonce, return NULL; } + sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + /* Query the report length */ - ret = sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT, &input, &err); if (ret < 0) { if (err != SEV_RET_INVALID_LEN) { @@ -619,7 +586,7 @@ static SevAttestationReport *sev_get_attestation_report(const char *mnonce, memcpy(input.mnonce, buf, sizeof(input.mnonce)); /* Query the report */ - ret = sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT, &input, &err); if (ret) { error_setg_errno(errp, errno, "SEV: Failed to get attestation report" @@ -659,26 +626,27 @@ sev_read_file_base64(const char *filename, guchar **data, gsize *len) } static int -sev_launch_start(SevGuestState *sev) +sev_launch_start(SevGuestState *sev_guest) { gsize sz; int ret = 1; int fw_error, rc; struct kvm_sev_launch_start start = { - .handle = sev->handle, .policy = sev->policy + .handle = sev_guest->handle, .policy = sev_guest->policy }; guchar *session = NULL, *dh_cert = NULL; + SevCommonState *sev_common = SEV_COMMON(sev_guest); - if (sev->session_file) { - if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) { + if (sev_guest->session_file) { + if (sev_read_file_base64(sev_guest->session_file, &session, &sz) < 0) { goto out; } start.session_uaddr = (unsigned long)session; start.session_len = sz; } - if (sev->dh_cert_file) { - if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) { + if (sev_guest->dh_cert_file) { + if (sev_read_file_base64(sev_guest->dh_cert_file, &dh_cert, &sz) < 0) { goto out; } start.dh_uaddr = (unsigned long)dh_cert; @@ -686,15 +654,15 @@ sev_launch_start(SevGuestState *sev) } trace_kvm_sev_launch_start(start.policy, session, dh_cert); - rc = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_START, &start, &fw_error); + rc = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_START, &start, &fw_error); if (rc < 0) { error_report("%s: LAUNCH_START ret=%d fw_error=%d '%s'", __func__, ret, fw_error, fw_error_to_str(fw_error)); goto out; } - sev_set_guest_state(sev, SEV_STATE_LAUNCH_UPDATE); - sev->handle = start.handle; + sev_set_guest_state(sev_common, SEV_STATE_LAUNCH_UPDATE); + sev_guest->handle = start.handle; ret = 0; out: @@ -704,7 +672,7 @@ out: } static int -sev_launch_update_data(SevGuestState *sev, uint8_t *addr, uint64_t len) +sev_launch_update_data(SevGuestState *sev_guest, uint8_t *addr, uint64_t len) { int ret, fw_error; struct kvm_sev_launch_update_data update; @@ -716,7 +684,7 @@ sev_launch_update_data(SevGuestState *sev, uint8_t *addr, uint64_t len) update.uaddr = (uintptr_t)addr; update.len = len; trace_kvm_sev_launch_update_data(addr, len); - ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA, + ret = sev_ioctl(SEV_COMMON(sev_guest)->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA, &update, &fw_error); if (ret) { error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'", @@ -727,11 +695,12 @@ sev_launch_update_data(SevGuestState *sev, uint8_t *addr, uint64_t len) } static int -sev_launch_update_vmsa(SevGuestState *sev) +sev_launch_update_vmsa(SevGuestState *sev_guest) { int ret, fw_error; - ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL, &fw_error); + ret = sev_ioctl(SEV_COMMON(sev_guest)->sev_fd, KVM_SEV_LAUNCH_UPDATE_VMSA, + NULL, &fw_error); if (ret) { error_report("%s: LAUNCH_UPDATE_VMSA ret=%d fw_error=%d '%s'", __func__, ret, fw_error, fw_error_to_str(fw_error)); @@ -743,18 +712,19 @@ sev_launch_update_vmsa(SevGuestState *sev) static void sev_launch_get_measure(Notifier *notifier, void *unused) { - SevGuestState *sev = sev_guest; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + SevGuestState *sev_guest = SEV_GUEST(sev_common); int ret, error; g_autofree guchar *data = NULL; struct kvm_sev_launch_measure measurement = {}; - if (!sev_check_state(sev, SEV_STATE_LAUNCH_UPDATE)) { + if (!sev_check_state(sev_common, SEV_STATE_LAUNCH_UPDATE)) { return; } if (sev_es_enabled()) { /* measure all the VM save areas before getting launch_measure */ - ret = sev_launch_update_vmsa(sev); + ret = sev_launch_update_vmsa(sev_guest); if (ret) { exit(1); } @@ -762,7 +732,7 @@ sev_launch_get_measure(Notifier *notifier, void *unused) } /* query the measurement blob length */ - ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_MEASURE, &measurement, &error); if (!measurement.len) { error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'", @@ -774,7 +744,7 @@ sev_launch_get_measure(Notifier *notifier, void *unused) measurement.uaddr = (unsigned long)data; /* get the measurement blob */ - ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_MEASURE, &measurement, &error); if (ret) { error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'", @@ -782,17 +752,19 @@ sev_launch_get_measure(Notifier *notifier, void *unused) return; } - sev_set_guest_state(sev, SEV_STATE_LAUNCH_SECRET); + sev_set_guest_state(sev_common, SEV_STATE_LAUNCH_SECRET); /* encode the measurement value and emit the event */ - sev->measurement = g_base64_encode(data, measurement.len); - trace_kvm_sev_launch_measurement(sev->measurement); + sev_guest->measurement = g_base64_encode(data, measurement.len); + trace_kvm_sev_launch_measurement(sev_guest->measurement); } static char *sev_get_launch_measurement(void) { + SevGuestState *sev_guest = SEV_GUEST(MACHINE(qdev_get_machine())->cgs); + if (sev_guest && - sev_guest->state >= SEV_STATE_LAUNCH_SECRET) { + SEV_COMMON(sev_guest)->state >= SEV_STATE_LAUNCH_SECRET) { return g_strdup(sev_guest->measurement); } @@ -821,19 +793,20 @@ static Notifier sev_machine_done_notify = { }; static void -sev_launch_finish(SevGuestState *sev) +sev_launch_finish(SevGuestState *sev_guest) { int ret, error; trace_kvm_sev_launch_finish(); - ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, &error); + ret = sev_ioctl(SEV_COMMON(sev_guest)->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, + &error); if (ret) { error_report("%s: LAUNCH_FINISH ret=%d fw_error=%d '%s'", __func__, ret, error, fw_error_to_str(error)); exit(1); } - sev_set_guest_state(sev, SEV_STATE_RUNNING); + sev_set_guest_state(SEV_COMMON(sev_guest), SEV_STATE_RUNNING); /* add migration blocker */ error_setg(&sev_mig_blocker, @@ -844,38 +817,39 @@ sev_launch_finish(SevGuestState *sev) static void sev_vm_state_change(void *opaque, bool running, RunState state) { - SevGuestState *sev = opaque; + SevCommonState *sev_common = opaque; if (running) { - if (!sev_check_state(sev, SEV_STATE_RUNNING)) { - sev_launch_finish(sev); + if (!sev_check_state(sev_common, SEV_STATE_RUNNING)) { + sev_launch_finish(SEV_GUEST(sev_common)); } } } static int sev_kvm_type(X86ConfidentialGuest *cg) { - SevGuestState *sev = SEV_GUEST(cg); + SevCommonState *sev_common = SEV_COMMON(cg); + SevGuestState *sev_guest = SEV_GUEST(sev_common); int kvm_type; - if (sev->kvm_type != -1) { + if (sev_common->kvm_type != -1) { goto out; } - kvm_type = (sev->policy & SEV_POLICY_ES) ? KVM_X86_SEV_ES_VM : KVM_X86_SEV_VM; + kvm_type = (sev_guest->policy & SEV_POLICY_ES) ? KVM_X86_SEV_ES_VM : KVM_X86_SEV_VM; if (kvm_is_vm_type_supported(kvm_type)) { - sev->kvm_type = kvm_type; + sev_common->kvm_type = kvm_type; } else { - sev->kvm_type = KVM_X86_DEFAULT_VM; + sev_common->kvm_type = KVM_X86_DEFAULT_VM; } out: - return sev->kvm_type; + return sev_common->kvm_type; } static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { - SevGuestState *sev = SEV_GUEST(cgs); + SevCommonState *sev_common = SEV_COMMON(cgs); char *devname; int ret, fw_error, cmd; uint32_t ebx; @@ -888,8 +862,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) return -1; } - sev_guest = sev; - sev->state = SEV_STATE_UNINIT; + sev_common->state = SEV_STATE_UNINIT; host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); host_cbitpos = ebx & 0x3f; @@ -899,9 +872,9 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) * register of CPUID 0x8000001F. No need to verify the range as the * comparison against the host value accomplishes that. */ - if (host_cbitpos != sev->cbitpos) { + if (host_cbitpos != sev_common->cbitpos) { error_setg(errp, "%s: cbitpos check failed, host '%d' requested '%d'", - __func__, host_cbitpos, sev->cbitpos); + __func__, host_cbitpos, sev_common->cbitpos); goto err; } @@ -910,16 +883,16 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) * the EBX register of CPUID 0x8000001F, so verify the supplied value * is in the range of 1 to 63. */ - if (sev->reduced_phys_bits < 1 || sev->reduced_phys_bits > 63) { + if (sev_common->reduced_phys_bits < 1 || sev_common->reduced_phys_bits > 63) { error_setg(errp, "%s: reduced_phys_bits check failed," " it should be in the range of 1 to 63, requested '%d'", - __func__, sev->reduced_phys_bits); + __func__, sev_common->reduced_phys_bits); goto err; } - devname = object_property_get_str(OBJECT(sev), "sev-device", NULL); - sev->sev_fd = open(devname, O_RDWR); - if (sev->sev_fd < 0) { + devname = object_property_get_str(OBJECT(sev_common), "sev-device", NULL); + sev_common->sev_fd = open(devname, O_RDWR); + if (sev_common->sev_fd < 0) { error_setg(errp, "%s: Failed to open %s '%s'", __func__, devname, strerror(errno)); g_free(devname); @@ -927,7 +900,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) } g_free(devname); - ret = sev_platform_ioctl(sev->sev_fd, SEV_PLATFORM_STATUS, &status, + ret = sev_platform_ioctl(sev_common->sev_fd, SEV_PLATFORM_STATUS, &status, &fw_error); if (ret) { error_setg(errp, "%s: failed to get platform status ret=%d " @@ -935,9 +908,9 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) fw_error_to_str(fw_error)); goto err; } - sev->build_id = status.build; - sev->api_major = status.api_major; - sev->api_minor = status.api_minor; + sev_common->build_id = status.build; + sev_common->api_major = status.api_major; + sev_common->api_minor = status.api_minor; if (sev_es_enabled()) { if (!kvm_kernel_irqchip_allowed()) { @@ -955,14 +928,14 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) } trace_kvm_sev_init(); - if (sev_kvm_type(X86_CONFIDENTIAL_GUEST(sev)) == KVM_X86_DEFAULT_VM) { + if (sev_kvm_type(X86_CONFIDENTIAL_GUEST(sev_common)) == KVM_X86_DEFAULT_VM) { cmd = sev_es_enabled() ? KVM_SEV_ES_INIT : KVM_SEV_INIT; - ret = sev_ioctl(sev->sev_fd, cmd, NULL, &fw_error); + ret = sev_ioctl(sev_common->sev_fd, cmd, NULL, &fw_error); } else { struct kvm_sev_init args = { 0 }; - ret = sev_ioctl(sev->sev_fd, KVM_SEV_INIT2, &args, &fw_error); + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_INIT2, &args, &fw_error); } if (ret) { @@ -971,7 +944,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) goto err; } - ret = sev_launch_start(sev); + ret = sev_launch_start(SEV_GUEST(sev_common)); if (ret) { error_setg(errp, "%s: failed to create encryption context", __func__); goto err; @@ -979,13 +952,12 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) ram_block_notifier_add(&sev_ram_notifier); qemu_add_machine_init_done_notifier(&sev_machine_done_notify); - qemu_add_vm_change_state_handler(sev_vm_state_change, sev); + qemu_add_vm_change_state_handler(sev_vm_state_change, sev_common); cgs->ready = true; return 0; err: - sev_guest = NULL; ram_block_discard_disable(false); return -1; } @@ -993,13 +965,15 @@ err: int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) { - if (!sev_guest) { + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + + if (!sev_common) { return 0; } /* if SEV is in update state then encrypt the data else do nothing */ - if (sev_check_state(sev_guest, SEV_STATE_LAUNCH_UPDATE)) { - int ret = sev_launch_update_data(sev_guest, ptr, len); + if (sev_check_state(sev_common, SEV_STATE_LAUNCH_UPDATE)) { + int ret = sev_launch_update_data(SEV_GUEST(sev_common), ptr, len); if (ret < 0) { error_setg(errp, "SEV: Failed to encrypt pflash rom"); return ret; @@ -1019,16 +993,17 @@ int sev_inject_launch_secret(const char *packet_hdr, const char *secret, void *hva; gsize hdr_sz = 0, data_sz = 0; MemoryRegion *mr = NULL; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); - if (!sev_guest) { + if (!sev_common) { error_setg(errp, "SEV not enabled for guest"); return 1; } /* secret can be injected only in this state */ - if (!sev_check_state(sev_guest, SEV_STATE_LAUNCH_SECRET)) { + if (!sev_check_state(sev_common, SEV_STATE_LAUNCH_SECRET)) { error_setg(errp, "SEV: Not in correct state. (LSECRET) %x", - sev_guest->state); + sev_common->state); return 1; } @@ -1062,7 +1037,7 @@ int sev_inject_launch_secret(const char *packet_hdr, const char *secret, trace_kvm_sev_launch_secret(gpa, input.guest_uaddr, input.trans_uaddr, input.trans_len); - ret = sev_ioctl(sev_guest->sev_fd, KVM_SEV_LAUNCH_SECRET, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_SECRET, &input, &error); if (ret) { error_setg(errp, "SEV: failed to inject secret ret=%d fw_error=%d '%s'", @@ -1169,9 +1144,10 @@ void sev_es_set_reset_vector(CPUState *cpu) { X86CPU *x86; CPUX86State *env; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); /* Only update if we have valid reset information */ - if (!sev_guest || !sev_guest->reset_data_valid) { + if (!sev_common || !sev_common->reset_data_valid) { return; } @@ -1183,11 +1159,11 @@ void sev_es_set_reset_vector(CPUState *cpu) x86 = X86_CPU(cpu); env = &x86->env; - cpu_x86_load_seg_cache(env, R_CS, 0xf000, sev_guest->reset_cs, 0xffff, + cpu_x86_load_seg_cache(env, R_CS, 0xf000, sev_common->reset_cs, 0xffff, DESC_P_MASK | DESC_S_MASK | DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK); - env->eip = sev_guest->reset_ip; + env->eip = sev_common->reset_ip; } int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size) @@ -1195,6 +1171,7 @@ int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size) CPUState *cpu; uint32_t addr; int ret; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); if (!sev_es_enabled()) { return 0; @@ -1208,9 +1185,9 @@ int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size) } if (addr) { - sev_guest->reset_cs = addr & 0xffff0000; - sev_guest->reset_ip = addr & 0x0000ffff; - sev_guest->reset_data_valid = true; + sev_common->reset_cs = addr & 0xffff0000; + sev_common->reset_ip = addr & 0x0000ffff; + sev_common->reset_data_valid = true; CPU_FOREACH(cpu) { sev_es_set_reset_vector(cpu); @@ -1256,12 +1233,17 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) hwaddr mapped_len = sizeof(*padded_ht); MemTxAttrs attrs = { 0 }; bool ret = true; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + SevGuestState *sev_guest = + (SevGuestState *)object_dynamic_cast(OBJECT(sev_common), + TYPE_SEV_GUEST); /* * Only add the kernel hashes if the sev-guest configuration explicitly - * stated kernel-hashes=on. + * stated kernel-hashes=on. Currently only enabled for SEV/SEV-ES guests, + * so check for TYPE_SEV_GUEST as well. */ - if (!sev_guest->kernel_hashes) { + if (sev_guest && !sev_guest->kernel_hashes) { return false; } @@ -1352,8 +1334,20 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) return ret; } +static char * +sev_common_get_sev_device(Object *obj, Error **errp) +{ + return g_strdup(SEV_COMMON(obj)->sev_device); +} + static void -sev_guest_class_init(ObjectClass *oc, void *data) +sev_common_set_sev_device(Object *obj, const char *value, Error **errp) +{ + SEV_COMMON(obj)->sev_device = g_strdup(value); +} + +static void +sev_common_class_init(ObjectClass *oc, void *data) { ConfidentialGuestSupportClass *klass = CONFIDENTIAL_GUEST_SUPPORT_CLASS(oc); X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); @@ -1362,10 +1356,85 @@ sev_guest_class_init(ObjectClass *oc, void *data) x86_klass->kvm_type = sev_kvm_type; object_class_property_add_str(oc, "sev-device", - sev_guest_get_sev_device, - sev_guest_set_sev_device); + sev_common_get_sev_device, + sev_common_set_sev_device); object_class_property_set_description(oc, "sev-device", "SEV device to use"); +} + +static void +sev_common_instance_init(Object *obj) +{ + SevCommonState *sev_common = SEV_COMMON(obj); + + sev_common->kvm_type = -1; + + sev_common->sev_device = g_strdup(DEFAULT_SEV_DEVICE); + + object_property_add_uint32_ptr(obj, "cbitpos", &sev_common->cbitpos, + OBJ_PROP_FLAG_READWRITE); + object_property_add_uint32_ptr(obj, "reduced-phys-bits", + &sev_common->reduced_phys_bits, + OBJ_PROP_FLAG_READWRITE); +} + +/* sev guest info common to sev/sev-es/sev-snp */ +static const TypeInfo sev_common_info = { + .parent = TYPE_X86_CONFIDENTIAL_GUEST, + .name = TYPE_SEV_COMMON, + .instance_size = sizeof(SevCommonState), + .class_init = sev_common_class_init, + .instance_init = sev_common_instance_init, + .abstract = true, + .interfaces = (InterfaceInfo[]) { + { TYPE_USER_CREATABLE }, + { } + } +}; + +static char * +sev_guest_get_dh_cert_file(Object *obj, Error **errp) +{ + return g_strdup(SEV_GUEST(obj)->dh_cert_file); +} + +static void +sev_guest_set_dh_cert_file(Object *obj, const char *value, Error **errp) +{ + SEV_GUEST(obj)->dh_cert_file = g_strdup(value); +} + +static char * +sev_guest_get_session_file(Object *obj, Error **errp) +{ + SevGuestState *sev_guest = SEV_GUEST(obj); + + return sev_guest->session_file ? g_strdup(sev_guest->session_file) : NULL; +} + +static void +sev_guest_set_session_file(Object *obj, const char *value, Error **errp) +{ + SEV_GUEST(obj)->session_file = g_strdup(value); +} + +static bool sev_guest_get_kernel_hashes(Object *obj, Error **errp) +{ + SevGuestState *sev_guest = SEV_GUEST(obj); + + return sev_guest->kernel_hashes; +} + +static void sev_guest_set_kernel_hashes(Object *obj, bool value, Error **errp) +{ + SevGuestState *sev = SEV_GUEST(obj); + + sev->kernel_hashes = value; +} + +static void +sev_guest_class_init(ObjectClass *oc, void *data) +{ object_class_property_add_str(oc, "dh-cert-file", sev_guest_get_dh_cert_file, sev_guest_set_dh_cert_file); @@ -1386,40 +1455,28 @@ sev_guest_class_init(ObjectClass *oc, void *data) static void sev_guest_instance_init(Object *obj) { - SevGuestState *sev = SEV_GUEST(obj); + SevGuestState *sev_guest = SEV_GUEST(obj); - sev->kvm_type = -1; - - sev->sev_device = g_strdup(DEFAULT_SEV_DEVICE); - sev->policy = DEFAULT_GUEST_POLICY; - object_property_add_uint32_ptr(obj, "policy", &sev->policy, - OBJ_PROP_FLAG_READWRITE); - object_property_add_uint32_ptr(obj, "handle", &sev->handle, - OBJ_PROP_FLAG_READWRITE); - object_property_add_uint32_ptr(obj, "cbitpos", &sev->cbitpos, + sev_guest->policy = DEFAULT_GUEST_POLICY; + object_property_add_uint32_ptr(obj, "handle", &sev_guest->handle, OBJ_PROP_FLAG_READWRITE); - object_property_add_uint32_ptr(obj, "reduced-phys-bits", - &sev->reduced_phys_bits, + object_property_add_uint32_ptr(obj, "policy", &sev_guest->policy, OBJ_PROP_FLAG_READWRITE); } -/* sev guest info */ +/* guest info specific sev/sev-es */ static const TypeInfo sev_guest_info = { - .parent = TYPE_X86_CONFIDENTIAL_GUEST, + .parent = TYPE_SEV_COMMON, .name = TYPE_SEV_GUEST, .instance_size = sizeof(SevGuestState), - .instance_finalize = sev_guest_finalize, - .class_init = sev_guest_class_init, .instance_init = sev_guest_instance_init, - .interfaces = (InterfaceInfo[]) { - { TYPE_USER_CREATABLE }, - { } - } + .class_init = sev_guest_class_init, }; static void sev_register_types(void) { + type_register_static(&sev_common_info); type_register_static(&sev_guest_info); } diff --git a/target/i386/sev.h b/target/i386/sev.h index 9e10d09539..668374eef3 100644 --- a/target/i386/sev.h +++ b/target/i386/sev.h @@ -20,6 +20,9 @@ #include "exec/confidential-guest-support.h" +#define TYPE_SEV_COMMON "sev-common" +#define TYPE_SEV_GUEST "sev-guest" + #define SEV_POLICY_NODBG 0x1 #define SEV_POLICY_NOKS 0x2 #define SEV_POLICY_ES 0x4 From patchwork Wed Mar 20 08:39:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597498 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2047.outbound.protection.outlook.com [40.107.220.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 70655374C3 for ; Wed, 20 Mar 2024 08:46:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.47 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924388; cv=fail; b=piKH9eUr0EeO+BQMesUAA3HPlD9HDqZyS/lKSFwxC3i1hiJet4ozJt/6EIBN6h1nNsbBHFA0S/RKVTMhfH2AJCViaiMDPbVmjBF4qTl365QvIaKZM/d5k5h3CJOc7n7DrLKtLJdIbKStXeaWrbl1ofIxcjvNs9eGxmHuNb1NRzE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924388; c=relaxed/simple; bh=QGlInYhHqaGsCojxB797NOspOtFxvpCA+Mf97xMjNb0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=HsY3QrgdhjHjKnru3Ym1vdSweZvTFDiVrd3JwhwhmFJgYvYO6prHUogI+KZhzhSJokN91VM0qKkvzWmfydFd8Z4J7SIDCjLHAnTjxI/kHdF/+b1uoOT/cAIo79h2LSRW4BrWzs8Zkywp0uC+XOdP8qN1cKvTzLVncDjC7HwtIPo= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=HWEe7NY3; arc=fail smtp.client-ip=40.107.220.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="HWEe7NY3" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fz2ug7+qrWkRcIY4L4czPnlJkR1SsIVHiukyDUdEiaX6adK8eAskx/l5NzCY1QK5Epud5X/1ChWmh5Se41k9X/tXwjguVLFmHOH2ITo+6+9Tn1caqxu51zs+Ra9qr+5UaAkxcRtlASrmy//AFJxUuLmhHea/uSFCn2eJCxjpQOPs8H8eQ3dF13NhdEd1P4JpfHu3k5YuojxoLk0iEh96L9PTAY/sBckpJ4+1abp2SfUS7khCbvb6+5HfH/xMmer6f1uw5VEqdoPAXN9qnmyJv4Oj75JIOlrKGXf2rtPK6CpUCgVEMI2B4Ay+6q1QzqQwsjEBIzxMcJHt2Htv1ZnSLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Gehi5mbMRnwlaPpR38+1auwvPqqhEjZFuH/Zj2vP/Fg=; b=EU8kzYPAHL/41N7iLQrBZlUKKsJ5VJEwG9Cd1gXHWqWz/mJY+b6BVEVl9UpTz/EdkTHpllbAD0wWTYAI0/BJHLUZG7cBcvUGuAFFGx4q0hay/LlMkgvijRhiYEw/4MLFTSgx10ZGQWVZv3cV/kKEkiU7YyD0Nol+J0iz3ZclslnXAmYDVmcAGz4CS2UtlHIglZA8FBvg4RErpV1g6SG98PlmReiRWNFfAGO/9Zlo+GgjcRpS8oo+Oq2Id+4tXtMbhYFhB2JUQVm+/4oZJFQ9qiE51JGPMy1NFEfZ7BYgDjzTXctkRBl4Ow+tf8J+n4AjCmS8AAUycj67bDpB48dAKg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Gehi5mbMRnwlaPpR38+1auwvPqqhEjZFuH/Zj2vP/Fg=; b=HWEe7NY3Og5ETAxh0Abq9eYwgwlxljsp43DSTERuTh0KPZ8S03KOpB0ABp+Z1V6xbKwavWLzvn6Nd+YdZsZkoHwm4qp0jstT/JWHDKucGpXTZ+6pXLavNngk8+OtWfDj37635Ffgu7I0CVE5hjS/vwG9Ba+kJ7J1GZdWIPwDW/s= Received: from MW4PR03CA0285.namprd03.prod.outlook.com (2603:10b6:303:b5::20) by LV2PR12MB5728.namprd12.prod.outlook.com (2603:10b6:408:17c::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.30; Wed, 20 Mar 2024 08:46:23 +0000 Received: from MWH0EPF000A672F.namprd04.prod.outlook.com (2603:10b6:303:b5:cafe::4f) by MW4PR03CA0285.outlook.office365.com (2603:10b6:303:b5::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.28 via Frontend Transport; Wed, 20 Mar 2024 08:46:23 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A672F.mail.protection.outlook.com (10.167.249.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:46:23 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:46:22 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata , Brijesh Singh Subject: [PATCH v3 22/49] i386/sev: Introduce 'sev-snp-guest' object Date: Wed, 20 Mar 2024 03:39:18 -0500 Message-ID: <20240320083945.991426-23-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A672F:EE_|LV2PR12MB5728:EE_ X-MS-Office365-Filtering-Correlation-Id: b43a353e-9e38-4ea7-3b64-08dc48ba38e0 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Jja47tWWSdv4sFz7EWQTcBA3xzjFFiIgRDyifsFKQ5e5M2CIIhhMxeMuX7xngHt+sXzDZxTmUV0QevvJuEpMxhZzvbDA7/mM8SOKzvl8imLS3bOk/SnEHHWLIpRx0EXTQRKzY+xJDwqIss2TXQP69uLROlNO3wUhff/Ets0gs/zHnsgI6i0CWGLv8jrKO3111Z7ZByWCnBfJbSIhBccj5eMs0YOW6IRlrnHgvpNi0RXJhlsDZ4GXc83S6Kcv8kkRb6ftAISWhoANoCRgGW5QabJ+xZ1Ssd1H69vPGsR28JB2qSE/q4Nmn9URspwid21X761l12X2q8pEza33YfVqBOG4e4HtFI13OTbi/Hm0NtmKUioOlMW5GI2hFasLV8KoFNYG97AW7yxeRyJsk/83uSndapqHwWf4w3OQzrRNK/Fuw7CBi4f8ZdyplREzFj44TSIrHllTxpHeZ0b8uDc6xrS0ktbhygZXYdUmQpLBG2E0vrDoB1j/K1kiVY1irV+c8DZ4PBhdg4cBisISdY3o1RAoY6cXHZft54VR0H/H2OXb+9pizrTxg3hCXSUYBeHbicCBLhKSP0Vnkg7wSaMGD1lECH2Ql03kRt9rYQ68cyfaW+5f3yq4+LmJqR/yJS61eV+kSN2BY/tVvRXDPTg/nx7YAtFtYSbi6keyyZgHRXNt2IbGEK49s1VoJ9GaU243fOReRpjz7+zeyKssK9ad+G+KcKat9+BTskDs763an5djuCB1KClzZ+KGUGOA/IFD X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(82310400014)(36860700004)(376005)(1800799015);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:46:23.3541 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b43a353e-9e38-4ea7-3b64-08dc48ba38e0 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A672F.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV2PR12MB5728 From: Brijesh Singh SEV-SNP support relies on a different set of properties/state than the existing 'sev-guest' object. This patch introduces the 'sev-snp-guest' object, which can be used to configure an SEV-SNP guest. For example, a default-configured SEV-SNP guest with no additional information passed in for use with attestation: -object sev-snp-guest,id=sev0 or a fully-specified SEV-SNP guest where all spec-defined binary blobs are passed in as base64-encoded strings: -object sev-snp-guest,id=sev0, \ policy=0x30000, \ init-flags=0, \ id-block=YWFhYWFhYWFhYWFhYWFhCg==, \ id-auth=CxHK/OKLkXGn/KpAC7Wl1FSiisWDbGTEKz..., \ auth-key-enabled=on, \ host-data=LNkCWBRC5CcdGXirbNUV1OrsR28s..., \ guest-visible-workarounds=AA==, \ See the QAPI schema updates included in this patch for more usage details. In some cases these blobs may be up to 4096 characters, but this is generally well below the default limit for linux hosts where command-line sizes are defined by the sysconf-configurable ARG_MAX value, which defaults to 2097152 characters for Ubuntu hosts, for example. Signed-off-by: Brijesh Singh Co-developed-by: Michael Roth Acked-by: Markus Armbruster (for QAPI schema) Signed-off-by: Michael Roth --- docs/system/i386/amd-memory-encryption.rst | 78 ++++++- qapi/qom.json | 51 +++++ target/i386/sev.c | 241 +++++++++++++++++++++ target/i386/sev.h | 1 + 4 files changed, 369 insertions(+), 2 deletions(-) diff --git a/docs/system/i386/amd-memory-encryption.rst b/docs/system/i386/amd-memory-encryption.rst index e9bc142bc1..9d6b63acd9 100644 --- a/docs/system/i386/amd-memory-encryption.rst +++ b/docs/system/i386/amd-memory-encryption.rst @@ -25,8 +25,8 @@ support for notifying a guest's operating system when certain types of VMEXITs are about to occur. This allows the guest to selectively share information with the hypervisor to satisfy the requested function. -Launching ---------- +Launching (SEV and SEV-ES) +-------------------------- Boot images (such as bios) must be encrypted before a guest can be booted. The ``MEMORY_ENCRYPT_OP`` ioctl provides commands to encrypt the images: ``LAUNCH_START``, @@ -161,6 +161,80 @@ The value of GCTX.LD is If kernel hashes are not used, or SEV-ES is disabled, use empty blobs for ``kernel_hashes_blob`` and ``vmsas_blob`` as needed. +Launching (SEV-SNP) +------------------- +Boot images (such as bios) must be encrypted before a guest can be booted. The +``MEMORY_ENCRYPT_OP`` ioctl provides commands to encrypt the images: +``KVM_SNP_INIT``, ``SNP_LAUNCH_START``, ``SNP_LAUNCH_UPDATE``, and +``SNP_LAUNCH_FINISH``. These four commands together generate a fresh memory +encryption key for the VM, encrypt the boot images for a successful launch. + +KVM_SNP_INIT is called first to initialize the SEV-SNP firmware and SNP +features in the KVM. The feature flags value can be provided through the +init-flags property of the sev-snp-guest object. + ++------------+-------+----------+---------------------------------+ +| key | type | default | meaning | ++------------+-------+----------+---------------------------------+ +| init_flags | hex | 0 | SNP feature flags | ++-----------------------------------------------------------------+ + +Note: currently the init_flags must be zero. + +``SNP_LAUNCH_START`` is called first to create a cryptographic launch context +within the firmware. To create this context, guest owner must provide a guest +policy and other parameters as described in the SEV-SNP firmware +specification. The launch parameters should be specified as described in the +QAPI schema for the sev-snp-guest object. + +The ``SNP_LAUNCH_START`` uses the following parameters (see the SEV-SNP +specification for more details): + ++--------+-------+----------+----------------------------------------------+ +| key | type | default | meaning | ++--------+-------+----------+----------------------------------------------+ +| policy | hex | 0x30000 | a 64-bit guest policy | +| imi_en | bool | 0 | 1 when IMI is enabled | +| ma_end | bool | 0 | 1 when migration agent is used | +| gosvw | string| 0 | 16-byte base64 encoded string for the guest | +| | | | OS visible workaround. | ++--------+-------+----------+----------------------------------------------+ + +``SNP_LAUNCH_UPDATE`` encrypts the memory region using the cryptographic context +created via the ``SNP_LAUNCH_START`` command. If required, this command can be +called multiple times to encrypt different memory regions. The command also +calculates the measurement of the memory contents as it encrypts. + +``SNP_LAUNCH_FINISH`` finalizes the guest launch flow. Optionally, while +finalizing the launch the firmware can perform checks on the launch digest +computing through the ``SNP_LAUNCH_UPDATE``. To perform the check the user must +supply the id block, authentication blob and host data that should be included +in the attestation report. See the SEV-SNP spec for further details. + +The ``SNP_LAUNCH_FINISH`` uses the following parameters, which can be configured +by the corresponding parameters documented in the QAPI schema for the +'sev-snp-guest' object. + ++------------+-------+----------+----------------------------------------------+ +| key | type | default | meaning | ++------------+-------+----------+----------------------------------------------+ +| id_block | string| none | base64 encoded ID block | ++------------+-------+----------+----------------------------------------------+ +| id_auth | string| none | base64 encoded authentication information | ++------------+-------+----------+----------------------------------------------+ +| auth_key_en| bool | 0 | auth block contains author key | ++------------+-------+----------+----------------------------------------------+ +| host_data | string| none | host provided data | ++------------+-------+----------+----------------------------------------------+ + +To launch a SEV-SNP guest (additional parameters are documented in the QAPI +schema for the 'sev-snp-guest' object):: + + # ${QEMU} \ + -machine ...,confidential-guest-support=sev0 \ + -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1 + + Debugging --------- diff --git a/qapi/qom.json b/qapi/qom.json index 66b5781ca6..b25a3043da 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -920,6 +920,55 @@ '*handle': 'uint32', '*kernel-hashes': 'bool' } } +## +# @SevSnpGuestProperties: +# +# Properties for sev-snp-guest objects. Most of these are direct arguments +# for the KVM_SNP_* interfaces documented in the linux kernel source +# under Documentation/virt/kvm/amd-memory-encryption.rst, which are in +# turn closely coupled with the SNP_INIT/SNP_LAUNCH_* firmware commands +# documented in the SEV-SNP Firmware ABI Specification (Rev 0.9). +# +# More usage information is also available in the QEMU source tree under +# docs/amd-memory-encryption. +# +# @policy: the 'POLICY' parameter to the SNP_LAUNCH_START command, as +# defined in the SEV-SNP firmware ABI (default: 0x30000) +# +# @guest-visible-workarounds: 16-byte, base64-encoded blob to report +# hypervisor-defined workarounds, corresponding +# to the 'GOSVW' parameter of the +# SNP_LAUNCH_START command defined in the +# SEV-SNP firmware ABI (default: all-zero) +# +# @id-block: 96-byte, base64-encoded blob to provide the 'ID Block' +# structure for the SNP_LAUNCH_FINISH command defined in the +# SEV-SNP firmware ABI (default: all-zero) +# +# @id-auth: 4096-byte, base64-encoded blob to provide the 'ID Authentication +# Information Structure' for the SNP_LAUNCH_FINISH command defined +# in the SEV-SNP firmware ABI (default: all-zero) +# +# @auth-key-enabled: true if 'id-auth' blob contains the 'AUTHOR_KEY' field +# defined SEV-SNP firmware ABI (default: false) +# +# @host-data: 32-byte, base64-encoded, user-defined blob to provide to the +# guest, as documented for the 'HOST_DATA' parameter of the +# SNP_LAUNCH_FINISH command in the SEV-SNP firmware ABI +# (default: all-zero) +# +# Since: 7.2 +## +{ 'struct': 'SevSnpGuestProperties', + 'base': 'SevCommonProperties', + 'data': { + '*policy': 'uint64', + '*guest-visible-workarounds': 'str', + '*id-block': 'str', + '*id-auth': 'str', + '*auth-key-enabled': 'bool', + '*host-data': 'str' } } + ## # @ThreadContextProperties: # @@ -998,6 +1047,7 @@ { 'name': 'secret_keyring', 'if': 'CONFIG_SECRET_KEYRING' }, 'sev-guest', + 'sev-snp-guest', 'thread-context', 's390-pv-guest', 'throttle-group', @@ -1068,6 +1118,7 @@ 'secret_keyring': { 'type': 'SecretKeyringProperties', 'if': 'CONFIG_SECRET_KEYRING' }, 'sev-guest': 'SevGuestProperties', + 'sev-snp-guest': 'SevSnpGuestProperties', 'thread-context': 'ThreadContextProperties', 'throttle-group': 'ThrottleGroupProperties', 'tls-creds-anon': 'TlsCredsAnonProperties', diff --git a/target/i386/sev.c b/target/i386/sev.c index 63a220de5e..7e6dab642a 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -42,6 +42,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(SevCommonState, SEV_COMMON) OBJECT_DECLARE_SIMPLE_TYPE(SevGuestState, SEV_GUEST) +OBJECT_DECLARE_SIMPLE_TYPE(SevSnpGuestState, SEV_SNP_GUEST) struct SevCommonState { X86ConfidentialGuest parent_obj; @@ -87,8 +88,22 @@ struct SevGuestState { bool kernel_hashes; }; +struct SevSnpGuestState { + SevCommonState sev_common; + + /* configuration parameters */ + char *guest_visible_workarounds; + char *id_block; + char *id_auth; + char *host_data; + + struct kvm_sev_snp_launch_start kvm_start_conf; + struct kvm_sev_snp_launch_finish kvm_finish_conf; +}; + #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ #define DEFAULT_SEV_DEVICE "/dev/sev" +#define DEFAULT_SEV_SNP_POLICY 0x30000 #define SEV_INFO_BLOCK_GUID "00f771de-1a7e-4fcb-890e-68c77e2fb44e" typedef struct __attribute__((__packed__)) SevInfoBlock { @@ -1473,11 +1488,237 @@ static const TypeInfo sev_guest_info = { .class_init = sev_guest_class_init, }; +static void +sev_snp_guest_get_policy(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + visit_type_uint64(v, name, + (uint64_t *)&SEV_SNP_GUEST(obj)->kvm_start_conf.policy, + errp); +} + +static void +sev_snp_guest_set_policy(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + visit_type_uint64(v, name, + (uint64_t *)&SEV_SNP_GUEST(obj)->kvm_start_conf.policy, + errp); +} + +static char * +sev_snp_guest_get_guest_visible_workarounds(Object *obj, Error **errp) +{ + return g_strdup(SEV_SNP_GUEST(obj)->guest_visible_workarounds); +} + +static void +sev_snp_guest_set_guest_visible_workarounds(Object *obj, const char *value, + Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + struct kvm_sev_snp_launch_start *start = &sev_snp_guest->kvm_start_conf; + g_autofree guchar *blob; + gsize len; + + if (sev_snp_guest->guest_visible_workarounds) { + g_free(sev_snp_guest->guest_visible_workarounds); + } + + /* store the base64 str so we don't need to re-encode in getter */ + sev_snp_guest->guest_visible_workarounds = g_strdup(value); + + blob = qbase64_decode(sev_snp_guest->guest_visible_workarounds, -1, &len, errp); + if (!blob) { + return; + } + + if (len > sizeof(start->gosvw)) { + error_setg(errp, "parameter length of %lu exceeds max of %lu", + len, sizeof(start->gosvw)); + return; + } + + memcpy(start->gosvw, blob, len); +} + +static char * +sev_snp_guest_get_id_block(Object *obj, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + return g_strdup(sev_snp_guest->id_block); +} + +static void +sev_snp_guest_set_id_block(Object *obj, const char *value, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + struct kvm_sev_snp_launch_finish *finish = &sev_snp_guest->kvm_finish_conf; + gsize len; + + if (sev_snp_guest->id_block) { + g_free(sev_snp_guest->id_block); + g_free((guchar *)finish->id_block_uaddr); + } + + /* store the base64 str so we don't need to re-encode in getter */ + sev_snp_guest->id_block = g_strdup(value); + + finish->id_block_uaddr = + (uint64_t)qbase64_decode(sev_snp_guest->id_block, -1, &len, errp); + + if (!finish->id_block_uaddr) { + return; + } + + if (len > KVM_SEV_SNP_ID_BLOCK_SIZE) { + error_setg(errp, "parameter length of %lu exceeds max of %u", + len, KVM_SEV_SNP_ID_BLOCK_SIZE); + return; + } + + finish->id_block_en = (len) ? 1 : 0; +} + +static char * +sev_snp_guest_get_id_auth(Object *obj, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + return g_strdup(sev_snp_guest->id_auth); +} + +static void +sev_snp_guest_set_id_auth(Object *obj, const char *value, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + struct kvm_sev_snp_launch_finish *finish = &sev_snp_guest->kvm_finish_conf; + gsize len; + + if (sev_snp_guest->id_auth) { + g_free(sev_snp_guest->id_auth); + g_free((guchar *)finish->id_auth_uaddr); + } + + /* store the base64 str so we don't need to re-encode in getter */ + sev_snp_guest->id_auth = g_strdup(value); + + finish->id_auth_uaddr = + (uint64_t)qbase64_decode(sev_snp_guest->id_auth, -1, &len, errp); + + if (!finish->id_auth_uaddr) { + return; + } + + if (len > KVM_SEV_SNP_ID_AUTH_SIZE) { + error_setg(errp, "parameter length of %lu exceeds max of %u", + len, KVM_SEV_SNP_ID_AUTH_SIZE); + return; + } +} + +static bool +sev_snp_guest_get_auth_key_en(Object *obj, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + return !!sev_snp_guest->kvm_finish_conf.auth_key_en; +} + +static void +sev_snp_guest_set_auth_key_en(Object *obj, bool value, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + sev_snp_guest->kvm_finish_conf.auth_key_en = value; +} + +static char * +sev_snp_guest_get_host_data(Object *obj, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + return g_strdup(sev_snp_guest->host_data); +} + +static void +sev_snp_guest_set_host_data(Object *obj, const char *value, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + struct kvm_sev_snp_launch_finish *finish = &sev_snp_guest->kvm_finish_conf; + g_autofree guchar *blob; + gsize len; + + if (sev_snp_guest->host_data) { + g_free(sev_snp_guest->host_data); + } + + /* store the base64 str so we don't need to re-encode in getter */ + sev_snp_guest->host_data = g_strdup(value); + + blob = qbase64_decode(sev_snp_guest->host_data, -1, &len, errp); + + if (!blob) { + return; + } + + if (len > sizeof(finish->host_data)) { + error_setg(errp, "parameter length of %lu exceeds max of %lu", + len, sizeof(finish->host_data)); + return; + } + + memcpy(finish->host_data, blob, len); +} + +static void +sev_snp_guest_class_init(ObjectClass *oc, void *data) +{ + object_class_property_add(oc, "policy", "uint64", + sev_snp_guest_get_policy, + sev_snp_guest_set_policy, NULL, NULL); + object_class_property_add_str(oc, "guest-visible-workarounds", + sev_snp_guest_get_guest_visible_workarounds, + sev_snp_guest_set_guest_visible_workarounds); + object_class_property_add_str(oc, "id-block", + sev_snp_guest_get_id_block, + sev_snp_guest_set_id_block); + object_class_property_add_str(oc, "id-auth", + sev_snp_guest_get_id_auth, + sev_snp_guest_set_id_auth); + object_class_property_add_bool(oc, "auth-key-enabled", + sev_snp_guest_get_auth_key_en, + sev_snp_guest_set_auth_key_en); + object_class_property_add_str(oc, "host-data", + sev_snp_guest_get_host_data, + sev_snp_guest_set_host_data); +} + +static void +sev_snp_guest_instance_init(Object *obj) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + /* default init/start/finish params for kvm */ + sev_snp_guest->kvm_start_conf.policy = DEFAULT_SEV_SNP_POLICY; +} + +/* guest info specific to sev-snp */ +static const TypeInfo sev_snp_guest_info = { + .parent = TYPE_SEV_COMMON, + .name = TYPE_SEV_SNP_GUEST, + .instance_size = sizeof(SevSnpGuestState), + .class_init = sev_snp_guest_class_init, + .instance_init = sev_snp_guest_instance_init, +}; + static void sev_register_types(void) { type_register_static(&sev_common_info); type_register_static(&sev_guest_info); + type_register_static(&sev_snp_guest_info); } type_init(sev_register_types); diff --git a/target/i386/sev.h b/target/i386/sev.h index 668374eef3..bedc667eeb 100644 --- a/target/i386/sev.h +++ b/target/i386/sev.h @@ -22,6 +22,7 @@ #define TYPE_SEV_COMMON "sev-common" #define TYPE_SEV_GUEST "sev-guest" +#define TYPE_SEV_SNP_GUEST "sev-snp-guest" #define SEV_POLICY_NODBG 0x1 #define SEV_POLICY_NOKS 0x2 From patchwork Wed Mar 20 08:39:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597537 Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam04on2073.outbound.protection.outlook.com [40.107.102.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0D8A53FB94 for ; Wed, 20 Mar 2024 08:46:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.102.73 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924410; cv=fail; b=K5D3F1vVlLxXun3yOlmbuNTN1+hMCwIetaAkV4bF2y4/WrvK/CS8XYavxBElwth62KaqOLKTNZyUV7RjLBo7jdLf6xFvt5rT18/kJF3tEXiqD1ixrjisAiwjx4rqiWl7HJwaDf4F8oC1VFF1RZ293qM+Bsw9If/mPovOVYbXQ3A= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924410; c=relaxed/simple; bh=0wd4xwZDEag9DuQE8PTTenHaPdjwYTDUaZHWGLLcj1c=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Vn+9GcSvc9R08sdaAQZaNN4SBqjz2grspxALS6UwQ80LeYRP+Apy3KQ3oKMbKnynzLSHiX5GyGzchlXX196TLX59AHevSbVzxgOMJ7jAy19nh+ggyTFIRaKg067nnZ7t3oIpVSVEB37/QIhxLgzL6u5iDxNfVXOf9rk6UaXa4k4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Eiu/d2tQ; arc=fail smtp.client-ip=40.107.102.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Eiu/d2tQ" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HCZwU/RW8vndEkAiRmYkYBv9DGAztR7DEfn+kIZAgPkaqRJ8TmxPsVHA9u1/qONs95hQH9AN6akJaozxYgBcqsvf7q8fzT1agSbj4rstA/OXxpArvb19Vx+wopHssakbpittWuTGFdbjfENXIHAHIVOVSqvBCzXTCPlXwB3p0h4EXhy/ZW1HL9YTTV9ZNzPIJLWt1WUjwMeWqZB/jm0ohpU91eB50T0os00MhxbwxOOLvS/4Yu3b09Z/wLu4Pn25Ac6DDqcmDknlm/OEF+3TNlcg21jeXNnlInwDNN0ELexuKQR37mQ30E7dM4y85GmnAhB3wgXkeaY3ORQqwSR66Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2QZjs6d4O5agYP3i9hqBVC8aeLTM4t8g8XLSghIdta8=; b=Zrc6bzJ9y8XgH3JTNZYDjnFanOPCXBU1W25pNajhm18/EwqjWi990F6t++xALGcNy3paXi8rsevoAUDrcpxjV/mM8skHRuiCgMRsP8U5jyv1Jb3zyvZgez/0kxKyKn9sdZkEGHarHyZFO6sEw5tODloIa6OqNI/PfnSEgG/Fll/pkkYOX0nSFfxcg19z6VP9+kvpjwazx/hyTwZofgagwumSXM7IiZHDmX6vCGFzEBsqKAXJdjYOdtqdhFwXSM1OtiqsCXzKTc8bCIeYgjm6AE7S4Zighe3jkuOCqbglkZaIzU4+S7AEVQtqS1MkkkLrNDYeowaT88OfKWxUy7NCDQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2QZjs6d4O5agYP3i9hqBVC8aeLTM4t8g8XLSghIdta8=; b=Eiu/d2tQ6/KRd0daDZYOsrtR5cZ0ptNDHxzj3BEl61NKxNyr12nYoUG04pG49MsmuhUFgoIrLYBLzSyMOaWHckZ5FNiLNu34imc0QMboHeagvHLh4cqkjHHrXOhsX1iqggmLPfucjGO7JbnRE/o7/P7SYgFPl7HdtAQAyMbuAsM= Received: from BYAPR05CA0019.namprd05.prod.outlook.com (2603:10b6:a03:c0::32) by PH7PR12MB6763.namprd12.prod.outlook.com (2603:10b6:510:1ad::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27; Wed, 20 Mar 2024 08:46:44 +0000 Received: from MWH0EPF000A6730.namprd04.prod.outlook.com (2603:10b6:a03:c0:cafe::3b) by BYAPR05CA0019.outlook.office365.com (2603:10b6:a03:c0::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.12 via Frontend Transport; Wed, 20 Mar 2024 08:46:44 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A6730.mail.protection.outlook.com (10.167.249.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:46:44 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:46:43 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 23/49] i386/sev: Add a sev_snp_enabled() helper Date: Wed, 20 Mar 2024 03:39:19 -0500 Message-ID: <20240320083945.991426-24-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A6730:EE_|PH7PR12MB6763:EE_ X-MS-Office365-Filtering-Correlation-Id: ae25f0f3-f6cf-45e0-1bc1-08dc48ba455c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: STKm4Qdd3lR2sfLvorcL6K1sV4EjME7VqyQGKxsJlUSe0MWuApgLfeY/kLezOn/14quUhK4y50Bfc6g1L9MGyjZ3iU+1BpKG8QOFrooUcv9s6Y/pCeiJvo4iYCQoF4AHxHxPr9NoCYx3FoN2tu/PSkLXhb5clzcQdjfwFvlGqo3c+CKTP6iD0NMUVGe2xtDs5F+drj7t4b5T48cO2iKW4mV7rQi40ODdk3CQFPjhnByK50Z0KRvmaYfHzF9xYenCsgTrXxA4l/4BiKP//fhTn9dy9kcRKwT0VhpioznSgPztBy/gwCaQFWBE5C1k+VtW7IVlpn9aod96xYjpqQg4IeJ3LQ23MlAL4YYiF+T7Ml9vyOigCBx2AlHqS+ycvlXjzKogWBx5v7/aEutYic+MJeSeqDS7HJDZw0Zo0nxda50I54DXIPSOyObDg/pL/fuVVm9NiRJw5KaGlkGlaFHJJjPU5C+p3nFWF61lJHL738FhbOJH7SNVgsOV4v0P/nMymqeDcz3E1dO0afPovaHtbc4kCxx1FAWqvxxsSZJVMTyjQkasMXgj0R9VfUB60DAcbJAe1IOotMBAvdhg2KtIAgV4HOIhhnGkPNcoNbHc0zM52vaOQZknrEk0mnLqLJwizo8WAmr+pNUHk0bzNePc8Nq4QmAnuqrOglauMlpwCgf1taZq+EyauBnDnCow2G/IvGnodznJkaQjbt45weFGM36M+sbf4fZH9YVIrSsE0FSMiqfeiqLr832Ex9f24BAE X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004)(376005)(82310400014)(1800799015);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:46:44.3142 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ae25f0f3-f6cf-45e0-1bc1-08dc48ba455c X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A6730.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB6763 Add a simple helper to check if the current guest type is SNP. Also have SNP-enabled imply that SEV-ES is enabled as well, and fix up any places where the sev_es_enabled() check is expecting a pure/non-SNP guest. Signed-off-by: Michael Roth --- target/i386/sev.c | 13 ++++++++++++- target/i386/sev.h | 2 ++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 7e6dab642a..2eb13ba639 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -316,12 +316,21 @@ sev_enabled(void) return !!object_dynamic_cast(OBJECT(cgs), TYPE_SEV_COMMON); } +bool +sev_snp_enabled(void) +{ + ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; + + return !!object_dynamic_cast(OBJECT(cgs), TYPE_SEV_SNP_GUEST); +} + bool sev_es_enabled(void) { ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; - return sev_enabled() && (SEV_GUEST(cgs)->policy & SEV_POLICY_ES); + return sev_snp_enabled() || + (sev_enabled() && SEV_GUEST(cgs)->policy & SEV_POLICY_ES); } uint32_t @@ -933,7 +942,9 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) __func__); goto err; } + } + if (sev_es_enabled() && !sev_snp_enabled()) { if (!(status.flags & SEV_STATUS_FLAGS_CONFIG_ES)) { error_report("%s: guest policy requires SEV-ES, but " "host SEV-ES support unavailable", diff --git a/target/i386/sev.h b/target/i386/sev.h index bedc667eeb..94295ee74f 100644 --- a/target/i386/sev.h +++ b/target/i386/sev.h @@ -45,9 +45,11 @@ typedef struct SevKernelLoaderContext { #ifdef CONFIG_SEV bool sev_enabled(void); bool sev_es_enabled(void); +bool sev_snp_enabled(void); #else #define sev_enabled() 0 #define sev_es_enabled() 0 +#define sev_snp_enabled() 0 #endif uint32_t sev_get_cbit_position(void); From patchwork Wed Mar 20 08:39:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597538 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2041.outbound.protection.outlook.com [40.107.236.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E714247F53 for ; Wed, 20 Mar 2024 08:47:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.41 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924433; cv=fail; b=HTnn8LNZT1QOvkaPt0KROXgWBMHaQCy8Z0MirmaE9HhyTtoX0kjGJwJ5bEPTlnPTns7KyVX2BrjAfPayltPrBTSjupXtjB4g9eb4jDz+jqmL/z9jFz+nQPO8semippuU4R7Xt50OHdBjKNsgT07ULrLUi1T+9EzkREa8YMzk5FA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924433; c=relaxed/simple; bh=Snaucu+UKqUDZg2I2DX+MuxXOxUTDmhN5YCp52Sw/ag=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=JL1+hxYuVk62OUh8t7ZewTeau3ZnJ3/srroVa8HgyfLamWeiw+NPmfwZj0B3sOtLcQ5kglX2i1cFVUFNceKzXiB7ZYAKpCNCLz5vNS3jlsbnsPm4VNynmoe6YyfMK0SH73X+ie+oBx5n5+3E1zR6zlpPn/2BvyFcUSM8dJ4YnOw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=5MqXzkwU; arc=fail smtp.client-ip=40.107.236.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="5MqXzkwU" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WoxHFZ3nWlrvM6qp3LK12Nhxu7chheLkLcrRzgxdNWkoNebnVynPoDYULars1XLus5C87ikUVXm5XjqdVMnVv9TInXzQbAT04Myk/gMVFSxPvc8XpDcebuUicXYg/xR70WvTD8CZ9hJPQ9+Ce2tczCaBJ3OqLgoA2seeAYOP3YL+G7nb8fwz/5KyMFaR4UQSSlvychNknV5U9ailBEK8Gwt3QnOxaE4nNJgXCL+t0yW425Br5+I5Z8pKGkUtcM0Y8B0TP82lmjonb6kVkiifte6Qoopb/nGdM6hrGb653ra2+OYW+6NCTjhFlDRK5NS7/06GuWbT1mLGAUO6DEEDdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pesdI+jXJDEwkRLY4SLTNkhoIN76qXTPlwOt8rnWz40=; b=F8rqRUDbu6hE/bsDQSfKbqTs5RD9qcFpR/4UpE2rv/0a1c5lpXgf02HUfNQw1h7CvDtD+dyY88pNqIfa2l3/1yCA0dIaY7PC7f7NPduH/2gOMd2l/B90xv1MPDG9P7hY1eOt94ScrEvWVAedvVqaKh+HRaBRE5ZSme9YOl+gWGgRBUI0yDH+YF9SvsngLonuh9hCapUMVibMvFuS9PRFPXakOSz3wSEeRMZlIuCGb7F5fUGce8G7SI8LCddtDaqyyquVgJUCBMGSr6WjTDKkOeuZgYV0sdNRXhbJDD8BTLJtaTZd9L4n5dHxC8P5QZ58ng6tOyUm011+/3xDzB+bvQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pesdI+jXJDEwkRLY4SLTNkhoIN76qXTPlwOt8rnWz40=; b=5MqXzkwUID11cP4zTv/h7yc5ijiPtzXLfjInUsf+LtTfHBWM0KaO7bK5FQtF2hlVz4yDE43QCmYPIR6sxUA6OmsK88BFY/SHbCTS0G61sR9EKmwNR+4z0KHG02TMkroZY97JmhCeMNCn5+mOJGM25uJ9QB7X+8izoIBPlaBhyk0= Received: from MW4PR03CA0256.namprd03.prod.outlook.com (2603:10b6:303:b4::21) by DM4PR12MB8476.namprd12.prod.outlook.com (2603:10b6:8:17e::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.26; Wed, 20 Mar 2024 08:47:09 +0000 Received: from MWH0EPF000A6733.namprd04.prod.outlook.com (2603:10b6:303:b4:cafe::af) by MW4PR03CA0256.outlook.office365.com (2603:10b6:303:b4::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.35 via Frontend Transport; Wed, 20 Mar 2024 08:47:08 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A6733.mail.protection.outlook.com (10.167.249.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:47:08 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:47:04 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 24/49] target/i386: Add handling for KVM_X86_SNP_VM VM type Date: Wed, 20 Mar 2024 03:39:20 -0500 Message-ID: <20240320083945.991426-25-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A6733:EE_|DM4PR12MB8476:EE_ X-MS-Office365-Filtering-Correlation-Id: b673c7bb-8344-41eb-8a7c-08dc48ba53d0 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: P1QUQp+1dU8LQkFpAGhXjMeOu6SmEFJNR52WPgMkDqPLR0KcdcAz4pL1xEaHi7hgXMIIq34ROEdRycBEXtRl8cU198tRsQXrdpE1E3Ixs0DRLvfBunBFeK06BZP3IHhxLqLwLF6VNhOLI7fIe+TVwYHeUeZtFkTjB2SIf3d6mz5Yvc1n3r/AOLsuBSLvM0ktrA3i3KO1RHVKEQU+RKIixLomKXbJO+J1D9BkHh7ZWflvLM2DNgvqjrFzRYnW4BZC9YZMbfhSfzXGKLpRGMF8f+f9mYaF5ZB/NU3aQwKYdM1Z02OHaRIYu8wYvthdIZQ0ZO2q+BoWa5I/yKzJ2hgXL9w7cjRLypLoaGP7vnxWwP2ZI9CX4gdy0+GG9TSWBUVXLwRGb0iOMLnOnZjZ/nZOlPrghR57A89jlCw+5iXRCLngWuQ62lj1/5eu3G0dIrvTRNcVmDvv9PKWaQmNfbt3Kg6O8ahnVcFICVrskpIZtE8xEr8d6i+20VdAekssBl/841z/tOxbM/Jlw8nOqo4GBmMLsUFz7F2PYCNxvEhLFz8XxsWCK387vB1B488DE2yQ4UdJQ9V6Aqsg6U9D5Xo5DdaJyEaRfKFMWJZLAWtks6d00rZKYTE0dJN7c+Sq4N71D+Wv+0Rn/LwFsg4L8y57RtG+s1TCGqcdUYmOX+BMoxRJ3GcmYufZaXleGypzVQsTwP2LsqiC/UTivO0dtX84zQPJNiwzQvhOaBSm7uzh78ddaGm0Rz+mkTlQZCFArtLi X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(376005)(36860700004)(82310400014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:47:08.5654 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b673c7bb-8344-41eb-8a7c-08dc48ba53d0 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A6733.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB8476 An SNP VM requires VM type KVM_X86_SNP_VM to be passed to kvm_ioctl(KVM_CREATE_VM). Add it to the list of supported VM types, and return it appropriately via X86ConfidentialGuestClass->kvm_type(). Signed-off-by: Michael Roth --- target/i386/kvm/kvm.c | 1 + target/i386/sev.c | 10 ++++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index e109648f26..59e9048e61 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -164,6 +164,7 @@ static int kvm_get_one_msr(X86CPU *cpu, int index, uint64_t *value); static const char *vm_type_name[] = { [KVM_X86_DEFAULT_VM] = "default", + [KVM_X86_SNP_VM] = "snp" }; bool kvm_is_vm_type_supported(int type) diff --git a/target/i386/sev.c b/target/i386/sev.c index 2eb13ba639..61af312a11 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -853,14 +853,20 @@ sev_vm_state_change(void *opaque, bool running, RunState state) static int sev_kvm_type(X86ConfidentialGuest *cg) { SevCommonState *sev_common = SEV_COMMON(cg); - SevGuestState *sev_guest = SEV_GUEST(sev_common); int kvm_type; if (sev_common->kvm_type != -1) { goto out; } - kvm_type = (sev_guest->policy & SEV_POLICY_ES) ? KVM_X86_SEV_ES_VM : KVM_X86_SEV_VM; + if (sev_snp_enabled()) { + kvm_type = KVM_X86_SNP_VM; + } else if (sev_es_enabled()) { + kvm_type = KVM_X86_SEV_ES_VM; + } else { + kvm_type = KVM_X86_SEV_VM; + } + if (kvm_is_vm_type_supported(kvm_type)) { sev_common->kvm_type = kvm_type; } else { From patchwork Wed Mar 20 08:39:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597539 Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2049.outbound.protection.outlook.com [40.107.101.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 88FE03BBC2 for ; Wed, 20 Mar 2024 08:47:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.101.49 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924454; cv=fail; b=UWP55wwGNeJk06ji5V6Hb3mrZgBg8YU8K+RFGgdsvD+IbzowmD8DRoe4qoY8L6682rDqyvf82ncl24rEzpR9NKf8K1c+F3dGfFSbNK+i/nziFypqHZaoSmnLzTHdzWxzJ3xdMA38kcgI/nBfsKhvRlznvQS7ByiZqiA1KV21qr8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924454; c=relaxed/simple; bh=5ZjxaqfxpekoScPYT6WQxHEsmAU+OeV0igoCzLJ6mSA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Wj8ea85pnI7dcSJcyAxyjI747fPR0c8gLlFDeIT6AqgJz61H5/Fhy0lL8j0nRsToQL5TQ0yBGPjME24xdPH8YN9lgyIF8uaL893mypfrsO8Bg+lbZdUG4ej06MvVC17eZ/67i6GCojN7YpQl8vhOSuohQuAj4e1wo+w0A08epwQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Ie2ux9WV; arc=fail smtp.client-ip=40.107.101.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Ie2ux9WV" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=a5prRKH0OrKOG/h4k6zSwNGtEKv4dB9NJhep/y4HTYdCwC+2GHR1ENNu8RNeE2H/8wzdJMOC+YS4ZHe0jtid2Hfrc4oWqp6geZtFOcH0Bx6YqK7SCdukQDntGETdgeyUkFRaAlRP5digE7z1n0JbDmt8/VNQOtn0aOTG67kn/nheDqsjqhu3il9lAaLrFB9SgBQRTmQ/nRsfRjMYsd0/3IdS+5j8mHe0aEHaMREFS0zqCfh2P3OTXrjBxZTOpzGSbdQq29BT5XEq1FS4nK8L/fFZ4HiZT/IGVprfIsoArZIwXwkLStEBDvkQ4AzYG+Qa9PCu/N1p7wtTvlVAov5csw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=409eVt8P+OBu2rRFXQ6ZZ6hlrPE6VnzyvWs+OExqOYI=; b=OaBioqeEZ+dYr53KjF9nr09ZEw+BrbtlDzCIzXjjmSM5HKbnUXmt+VR7h8Rq5gol0ByXwEJtPFpKKUr5z0ZdDd8L6UeLYCY/iaRf64My+1RQ4M8MLuPndjVmeQpaPH62fCzyHyyjbB1Q4mPIcWj98cRoNdqqdt9zphDCp5bGyO4VvPYLhKSepLoSS1Rs9eW1WY36ljRTs1hIRoiSokdY0b81RlvzAuzuVLXTXQK7cY0kvgFULqT3fap0JvWRY/FQG7siGDA/F2DKbQ6ot52qXdKGe+R7sQex0a35jaZPwrP8wmPgbsyvY6hAo39DrEDKOGKUwynukycdVBobTChL2Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=409eVt8P+OBu2rRFXQ6ZZ6hlrPE6VnzyvWs+OExqOYI=; b=Ie2ux9WVtkV4aEKU/3alSRm+VAVTE1TKDfZPgy6gDDCxe5y0Y++0kzkFQv4cplOjcxlBgCADAEVtk5l68IZep9QF+qa+jz01YZQmIQymIJPGqNc8mR49MG5nzOhuwcQlJf/P2Vnx/x+jxX7nytEwRwmy8JXMWsW1stfo2WzBcS0= Received: from MW4PR04CA0033.namprd04.prod.outlook.com (2603:10b6:303:6a::8) by PH0PR12MB5630.namprd12.prod.outlook.com (2603:10b6:510:146::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.35; Wed, 20 Mar 2024 08:47:26 +0000 Received: from MWH0EPF000A672E.namprd04.prod.outlook.com (2603:10b6:303:6a:cafe::a9) by MW4PR04CA0033.outlook.office365.com (2603:10b6:303:6a::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.26 via Frontend Transport; Wed, 20 Mar 2024 08:47:26 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A672E.mail.protection.outlook.com (10.167.249.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:47:26 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:47:25 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 25/49] i386/sev: Skip RAMBlock notifiers for SNP Date: Wed, 20 Mar 2024 03:39:21 -0500 Message-ID: <20240320083945.991426-26-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A672E:EE_|PH0PR12MB5630:EE_ X-MS-Office365-Filtering-Correlation-Id: a64caa0c-a721-4255-d145-08dc48ba5e52 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Yyfd9qXk0d6Nb9lNYhvt8KK+rDlHGF/ppH6LsxxNu/6Lh1MSRv1RKyoTyBZS3FB4mV5lGyV0nV5sQCvodtu8xmb66xBWELF9yAYY4N4vcIv+QAnvVOxyH5pgIE1LBd325oqmg0ZChg9HyWiMrDDSR0j2zyuGEqUvYvzfK6NeN3XaTdyk/rXqqmN1spc3EV0qimZelVcOdPdiUBvw3IoRE5HAOE0Nns2pJdx3aBLXFJmGYcdUzBo+XeBrPVxLUsEz9Py9ajqFINgoSjjzv6SD+pkd/ghTD7sF+NszvZEPIJEG5DNVMbZq/wOC2AdveHX2dW41oaXo4TOI/YzUl7fzjWi1MampXEndec49wwFGsLEbUK7q92kJHnoI59aevCvcR0P7DFL70Tk39kFdJx2dJbuPL9ZTPuYm7GVlKtYgb4VTXP2iqRTKM3NmiOY3XKGMByoVA6OYjbDy5LQBHEu6TkjPXg8mUeVyOsJn7XDjXXxvddy9l/5AKFPTjNwB49zgUwFXkoYa5lGn0xkg3f1SlsKXo4uJ/aQpSAHnmkh6ICSm8WdSkQcOYlMlcmtU4Z/b5o7QqRrIhPmltmwGKMfCCMyyUOJogbDFU+tqryYQTd+TlmqtiNVFTdkfC16kx2hHDBDzCnheb9Abv4dn3A55rrZ8rAzqaysmUizYEkWjMNvBAEYAe9KdCGjmP4osHRma3UJX3rRsMHqtddUjovZcAiOkhg7kZtPqF0auXU5T3RXYHQoBsaM3Qgtwf7AXJBoo X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004)(376005)(82310400014)(1800799015);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:47:26.1808 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a64caa0c-a721-4255-d145-08dc48ba5e52 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A672E.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR12MB5630 SEV uses these notifiers to register/pin pages prior to guest use, since they could potentially be used for private memory where page migration is not supported. But SNP only uses guest_memfd-provided pages for private memory, which has its own kernel-internal mechanisms for registering/pinning memory. Signed-off-by: Michael Roth --- target/i386/sev.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 61af312a11..774262d834 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -982,7 +982,15 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) goto err; } - ram_block_notifier_add(&sev_ram_notifier); + if (!sev_snp_enabled()) { + /* + * SEV uses these notifiers to register/pin pages prior to guest use, + * but SNP relies on guest_memfd for private pages, which has it's + * own internal mechanisms for registering/pinning private memory. + */ + ram_block_notifier_add(&sev_ram_notifier); + } + qemu_add_machine_init_done_notifier(&sev_machine_done_notify); qemu_add_vm_change_state_handler(sev_vm_state_change, sev_common); From patchwork Wed Mar 20 08:39:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597540 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2066.outbound.protection.outlook.com [40.107.93.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DED4A481A7 for ; Wed, 20 Mar 2024 08:47:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.66 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924471; cv=fail; b=PRDswKC1vqFZjJyetw8+3mI9G/eFiEBCMg0oTbQI7+duIPuIFhETTmhXmOF8nh05XodpOkIJFv/rldJ+9/k9Wj8aVq9B2zwJYmy6TSzPQJB3w1CRe0YDBTTZiNHzM4B0EcjjxFlOVCI4S450hFwmf7w+MwTW+ZjpySLAOGuAaYw= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924471; c=relaxed/simple; bh=ZHcBR89nSQ85C72giZ/VAYp4pgQX4qjUe/ptPw1Tzo0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=TkYHKvkfFMTIssIm+xugxFcEM21Vv3s7kvaBw2R3NU3nay79wcWHvrjoJxRueX3xnA4T3rZjMzYqVNwRMXOJe0OzdtXFT8Z5TjOkBtc8QevcvjR6Si0MunH5VvsnNzRzCIOSO8SACHb+GiMZIusEPfLdsGsKYtliiNnnS50C7/4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Q0krMyYp; arc=fail smtp.client-ip=40.107.93.66 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Q0krMyYp" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fsHyjXN6/Lo33kpj3Zp6kzdUjzsWhMNAiw/+ArgY0fzxkBwKLfPj7rSZJvzHau3+LSg9Dc+t3ST92pL4X/36Eam8HptTqG9ZVBb5s/UycbHGhKJC/k23cDM4ePMkx8FeDhBJGR4eHNAYDa7rRdEuV9TPNN3C9VBnDfHeHyKpMRVCMCRabXYkv1oOiW65QHhE2bnQXXSNmAvVrPSbJ+yYFLdMV+TbPZtjlANSu5OevMvjarvO2WuTswfR9DkOcBh8lla+sw7I1/wZOdAU43n+d4XX2CC0ft3PXa2F4T52OCabKm7iiknCWrX+9dnuv48xb0qt3sHe7ZYcScdQD8nvfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/yKiAMs6y17O5kmKwFQUlz87KwThdrdL0Q1XulVXP24=; b=AyqdIrANNpG/aILRp1mTtQNadlJOAiakZmRnfosuoHCx8PvyML9twPLuEJKtm9cxSi1fSy9LIL7oV6aiwVXlEjBLtuYkTZ3Ojm0YBUToBZwaShr1Agao8H+65aYajWrBDlHKz/q2EWKK0yIR8USvleT7nBBNljQY1EKDRDkH/uwmCdDatW8ii9Sxe5j6ve+/QCUiUwzvD1OdBYub9QBSAadL83itx55XBvk3G6XxBxWIcwwxuWc265aKaMo5zrrV4UKFbCHbpJ+DyLYNT9pQrNoUnoa4DaZPyeANG7r2oGC/B+zR8Vfim4hz5MlaCDl5q4J4YyyX3/zr67SnmfNFTQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/yKiAMs6y17O5kmKwFQUlz87KwThdrdL0Q1XulVXP24=; b=Q0krMyYpqhmFR6L8iYUVMgCxYRsHPv1UWYdwXexHJ8GaL45D63Tn4l3rIct86BOPO0vH2MagmDsOqCzezcU0vYR+nPBUzAc1HnEsgiditz0yU4dgQb4gbxWxdTmbA6PauTXX1TTiZJa52SkDScEYnGsWsuS7ZkyVCtNJnRhS2Ks= Received: from BYAPR08CA0045.namprd08.prod.outlook.com (2603:10b6:a03:117::22) by PH7PR12MB6539.namprd12.prod.outlook.com (2603:10b6:510:1f0::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.22; Wed, 20 Mar 2024 08:47:47 +0000 Received: from MWH0EPF000A6733.namprd04.prod.outlook.com (2603:10b6:a03:117:cafe::9c) by BYAPR08CA0045.outlook.office365.com (2603:10b6:a03:117::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.26 via Frontend Transport; Wed, 20 Mar 2024 08:47:47 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A6733.mail.protection.outlook.com (10.167.249.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:47:46 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:47:46 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 26/49] i386/sev: Skip machine-init-done notifiers for SNP Date: Wed, 20 Mar 2024 03:39:22 -0500 Message-ID: <20240320083945.991426-27-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A6733:EE_|PH7PR12MB6539:EE_ X-MS-Office365-Filtering-Correlation-Id: 46b603f5-16fd-43eb-dc3c-08dc48ba6ab4 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: b6wCCzyxr8hwsDnAjV1Y5N71P3UWNnP+cnOyTLiJk6S9H4VV5sefrxhTtC2IJ1dv8BFTuKuoc6DqNrYtt1Moz9thSzsZpL/5d55qjMpjkxmJQQyth79nisDZsf5ecIHwcdcHZl5whGV3adhewmEZsd+ifHBGSCfUM2f0Y/L7GQx8pW2sa4F6W9WAMuLi6P7bfjrfC4uWBX/5LidE5hS87egB5l9XrQKWJpKiUd+U0+u4LCsqiQHN89aBZOgH5XslT1hFffE28Yc7eVCuFUzj7fbGieyz3I/7J+ekP6BlNtI6FVqW4Snz/l4x6ceN+nOVzGK5fp/JkEUTlmqsPVHF2ERApIBgrr4uiaSSucgVl4LsOkAfzutYnX0CCAdihwlbfH1eU/8MjfqD8Gb46H53oo5MJ9vhDRkqGB++c4X2ME5DlvjwEWZYGREQ5TJo7SW2CEp954srlHF26FIAARjSu7R5L7XSALIzZ3kBWdrGKzKLSjBcqLY0ewm/HBirfrqwrDucGT4tQpUlVU7w9QnR1zvEanJSyFDe4Ocb4YH+UYQBxQInSrkAycsYj0QdU+HYnxGzw9fJ/LgHf1bKK4PpDfgn4/YNUecf9eh1qOfu/cRYdki6BkKZ4xcUB5zJHKyRk7fySbbkacn2vUx3kcSD/ux/ei3dOuzTxgTgrzb/GWRCy9fExVdfJdismwkRE7wvgpwUYtUsZxRLCtEXVEpGkWCfVOxKLQj9h7R5aWPGLyHziaeKtWe6IpgUYgMcPFv/ X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004)(376005)(82310400014)(1800799015);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:47:46.9403 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 46b603f5-16fd-43eb-dc3c-08dc48ba6ab4 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A6733.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB6539 The machine done notify event is used for SEV guests to get the measurement of the encrypted images. When SEV-SNP is enabled, the measurement is part of the guest attestation process where it can be collected without any reliance on the VMM. So skip registering the notifier for SNP in favor of using guest attestation instead. Signed-off-by: Michael Roth --- target/i386/sev.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 774262d834..e4deb7b41e 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -989,9 +989,17 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) * own internal mechanisms for registering/pinning private memory. */ ram_block_notifier_add(&sev_ram_notifier); + + /* + * The machine done notify event is used for SEV guests to get the + * measurement of the encrypted images. When SEV-SNP is enabled, the + * measurement is part of the guest attestation process where it can + * be collected without any reliance on the VMM. So skip registering + * the notifier for SNP in favor of using guest attestation instead. + */ + qemu_add_machine_init_done_notifier(&sev_machine_done_notify); } - qemu_add_machine_init_done_notifier(&sev_machine_done_notify); qemu_add_vm_change_state_handler(sev_vm_state_change, sev_common); cgs->ready = true; From patchwork Wed Mar 20 08:39:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597541 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2058.outbound.protection.outlook.com [40.107.223.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D2E8439AFE for ; Wed, 20 Mar 2024 08:48:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.58 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924492; cv=fail; b=khaVydxEpIeYvOoLJ2YIIg+18OcxVSwJj5fwzu40Sx1w2rXlImbBzvu0mLY9BCbvD0rASv8MXcl/YiyEVglrh86QlVoHNjMYFwYy3Bto2gm7H2RD+d67l8Fq0vwJ+S4dsPCiXAIxkY5vPxLsKLQknfGrfIPe185tbxqH8jd9n24= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924492; c=relaxed/simple; bh=yXPDRHVdX80LU0Rh4Nx7A7S4x++G014E5kdkXdHy1i4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=mhYuSU2BU1xDjz5avm4XH/Llr7u3Vns+BEqcO1c/qtuvMlfaN4LQXT0pE1Ee9pLCM5wRRgXMxmEpniAWD6sS7HJKlkrn96UlbBNky0tcpH1xL8ufuNjw7rwgvZz+toIX6oc/JsqOI3Cwe7Vs6fjs+PYWlk50e+BgEQmEA94zFlw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=o37/kEG8; arc=fail smtp.client-ip=40.107.223.58 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="o37/kEG8" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MJyfi5ap23Sd5odO27BHm+NzWSlc4tRrBWViCSkGUrsOQIE8pSyMN1CgU6m2+bRHNDCkS4a/CZBEJbOplC5g6rf6ZS4oJyS92MfP4etlHzoh+x456i6xXrqOhAffAtEfoslnt+syrpCr5XsOZoBCOPte+hM8d2ij1grtQywmdvkMi+nV0oBbRxxcA39s1XY9ikH4OC0RD7gkH4o7/MSL+nbwwEI/71326izYKvNMs8SEIJ3DQths30h4PmEz0jsT22BYCBNp4hqSSQkwhzKJRM1Npwv+9n+FIQ76X9Pm596MLmqYxWO1vABhoctDL95wvuBTRantAQCo1vKU/+on+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gAWXeU5FCXZgrtMbCoPGDFMxpIXgXuWjZAR95kDe674=; b=HLqTM6C7e6uiGv4ELrZnZbpfikZaaHmWiS2L805fU/dvamG5XdUFjZT9buLyLXVKZpQa58crOEcC0kHYgYYO0dKBz2pCPe2OkHqp+/yejFyAllVDZrn+EAKsdHZoWZS3TsMmMO1axPLR0KukL8wl6EliHvJ/ADhy/VQElxMkOvHKAyzEhLG4CBurabjkwQ2yAH2xTfHhItrmw+ooGj49qTHznykSqcx0gUQNEH71pV7Zq8swxCUzTCv7HrmTCIID2QfSA2aT2ckETu+EGYGzJjibqxdtnq8TWI3PxMemTB2sDRjEfLhKhfzbHpzUfXUnNKbWCOEQcIBrL0lb2SBLSw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gAWXeU5FCXZgrtMbCoPGDFMxpIXgXuWjZAR95kDe674=; b=o37/kEG8oEKmE7fQ6ot/NzUY/EfnclDUkFTtkgR9uoWfq0ufyzdf1QCUCaVVyG4eZJZNxAKEcADn1nrl+cgudB8i8JOdcZQyCJeWPOSafBz/e9UfFiqhryeUx1kRIuYogrvg38kSVqx4GJ4c7CHxGPmN/7oE+KX0/h81TY6awrc= Received: from MW4PR04CA0065.namprd04.prod.outlook.com (2603:10b6:303:6b::10) by BL1PR12MB5971.namprd12.prod.outlook.com (2603:10b6:208:39a::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.31; Wed, 20 Mar 2024 08:48:08 +0000 Received: from MWH0EPF000A672E.namprd04.prod.outlook.com (2603:10b6:303:6b:cafe::94) by MW4PR04CA0065.outlook.office365.com (2603:10b6:303:6b::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.25 via Frontend Transport; Wed, 20 Mar 2024 08:48:07 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A672E.mail.protection.outlook.com (10.167.249.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:48:07 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:48:07 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 27/49] i386/sev: Set ms->require_guest_memfd for SNP Date: Wed, 20 Mar 2024 03:39:23 -0500 Message-ID: <20240320083945.991426-28-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A672E:EE_|BL1PR12MB5971:EE_ X-MS-Office365-Filtering-Correlation-Id: 9ab5a55b-073c-4680-da0f-08dc48ba770c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: cUoeTVGEkJrCYS6mEpYRwVUF/KO7QQz+Ut7RVBlibtZTuUlqx/uro4bY9YMoh6WmuvLbm1xtESq+IPq/Ke18JoS8X+mOTqaiTZo5XEZgcai6A6rUC20pMcgcZd5N6qk1IUZJHkvhNUOlR+uZ8mTVuNeAcLBgC0XSQgDXzWIFI+pIyqkKS1LpFJdK2GlGdLX45xYIHKedGwZj6rM8jFuylXaxEN5UsLAiPTX7n6Vtnx3eSKrOy+ZVR2qioC2C15BF+O9jxOSfKqV2wLIRCba1nhUOWk4Ya/innLEIDK1tBL2LCVZ/D8OAHeMg2qgaFyeuNiFsfa8vr6qo/WEEITi3LlI31ohb/pk7n/ekE/D+uZColejN71EEfZgQDw9QxsitvgCPV7jMfF6VLxFVRDO0qoh3Vn/kw4x/y1raBICcSMVLyCHZ7PSUHVj2e3TzLqcDiTAg3+sFSD+EWkMvgeVRVGAl5UXowfbJ3u2cQH4CmkfrWQ9wBKxZQVp0JO/qJvSgEtkA3EiuSVVovokW2Y1nZX6hfcbBmFzbJEGkbeJJinelctQbdyT5WtusXz3Pd0BQvDTcyisV3xU6Ses4VkWbbY2vdvvZK6Qej+bAHube0oc6hF5iVHkHTRMpRAlCMmMT+R26FzEbblWYG4irs7qOpsqBHYKocNfU+JZauTc31LlIZhmpWuzfv2ST5VPRGjWg/bJhJXCmCzpUOl/WnUZ3fj7fuG6+02wCuY7gz8RpXCa4kRC1FCkWrUWI0URN+UbP X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004)(376005)(82310400014)(1800799015);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:48:07.6496 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9ab5a55b-073c-4680-da0f-08dc48ba770c X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A672E.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR12MB5971 SNP requires guest_memfd for private guest memory, so enable it so that the appropriate guest_memfd backend will be available for normal RAM regions. Signed-off-by: Michael Roth --- target/i386/sev.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index e4deb7b41e..b06c796aae 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -880,6 +880,7 @@ out: static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { SevCommonState *sev_common = SEV_COMMON(cgs); + MachineState *ms = MACHINE(qdev_get_machine()); char *devname; int ret, fw_error, cmd; uint32_t ebx; @@ -1000,6 +1001,10 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) qemu_add_machine_init_done_notifier(&sev_machine_done_notify); } + if (sev_snp_enabled()) { + ms->require_guest_memfd = true; + } + qemu_add_vm_change_state_handler(sev_vm_state_change, sev_common); cgs->ready = true; From patchwork Wed Mar 20 08:39:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597542 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2083.outbound.protection.outlook.com [40.107.93.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 39AD339850 for ; Wed, 20 Mar 2024 08:48:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.83 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924513; cv=fail; b=WOdMFjgr757PFWLv9oYNIuL0x0hQmtP/XRAZLndaW/hqdzGeq486UR9+MfYRhzNb9p/QySLzRvnO58MBy8pcZAFm+27u5yWxrVwo2hyZUhfBwxDqL2n/CU+EbB2UrnZNNjvwmbkFlGRotemuY3O1eccnI848D1v4DkH9QZllk68= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924513; c=relaxed/simple; bh=yJAIGk2UW7+spx2Dzy6jCBZwjGdE5LGlVS213agiiMc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=WEF8spUmT4ZgxYRT6V8VSQepOMeAATiGsaUk30DjNTmXYtSm31Pw+wZBFQW3lY7oPjVeslvciq53HW+zq4XdWn0lvZDjVHu6AsJQzBlXpygOyE1lbdJhv7ibgxFWlXNLXP4NW5Y5vJVmpGmjskXGeohteKs8k7efLmaFpqmVvvg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=5sYaLpYI; arc=fail smtp.client-ip=40.107.93.83 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="5sYaLpYI" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=P05DoRmQbrZDpvwNzvPXNZ1KWhzKWcLvnmRmEHZY/zfKHpxFbduydRSvjeRGdWLtoMCmLptWESjCMk4vND3Cd54UvFd74g6MxWQZZ/6ZEF01WRz9Zms3lGDI4Huxxy8wzb6gg0f69hunpaCWWp9yTTG3Vt42g0VT3ruJ/IPRRiERjLa3kkzB/SMmwYglLacIypUH5JclAY7VEhlZHaZfQTu4XwKqZi6nNHgN7kZCMe7dNIG5NyFVg9WcEWDpgEkZezOOtdp+smEGQZwg1mvNuxWd5EaI4HX667FFLAZ+bZ3+N4PmGFDoSBgJys0SL38vwplqVeNh4GJSF7vvBj39Sw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mswT1AfKqBx1IghYuuHecyz+d8qtFC452e6jZy/oyFY=; b=H0jJ2nrUOkVTtLrYCncLQFlGsH4gS7vTq9DQWDJ0V4JHdV9dX/b0M7fXAAjxq2NqsIvz0uvy9xnbA+ibOEC0x8xaOwqZXyzibpx++m8DQDiFrToTy+S9Bsh/WdAQOeiXRJ4U2OLitoRVcMnE+14XQIao++kFrqYU3krP+b1ZLdQSAuTQwcH8vEUaiTmOIzsfgxV9HlqV1QPmt4XI7KHRX9PTaeeAq5sZ2ni+wD/Y7/Mz1ELAjVn7u+BnZ1mvVAjTDET4ryB6sFwa/m2Oeh0cI9WwtZErnpQkwATThBEpW5dTUtVyCq1hy5s9SSh5QcvpThNg0YX0dwivbHhgLx1YsA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mswT1AfKqBx1IghYuuHecyz+d8qtFC452e6jZy/oyFY=; b=5sYaLpYI9rvvgmDag9vPr8XHeGd0t2dFtoSo11VWS1vI9odsChF2Y+xvdp+1gaAxYzqniKrertoWxO5NG/G+oVTBNnFwfHgQDN3Rr6DLYM9oVaeHImPoQjxoSPPXtggILswiyVtgjENIcKmuH9kUFxmQHb/RaKybvkV+DXr36zI= Received: from MW4P223CA0012.NAMP223.PROD.OUTLOOK.COM (2603:10b6:303:80::17) by DM4PR12MB7743.namprd12.prod.outlook.com (2603:10b6:8:101::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.30; Wed, 20 Mar 2024 08:48:30 +0000 Received: from MWH0EPF000A6732.namprd04.prod.outlook.com (2603:10b6:303:80:cafe::33) by MW4P223CA0012.outlook.office365.com (2603:10b6:303:80::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27 via Frontend Transport; Wed, 20 Mar 2024 08:48:29 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A6732.mail.protection.outlook.com (10.167.249.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:48:29 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:48:28 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 28/49] i386/sev: Disable SMM for SNP Date: Wed, 20 Mar 2024 03:39:24 -0500 Message-ID: <20240320083945.991426-29-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A6732:EE_|DM4PR12MB7743:EE_ X-MS-Office365-Filtering-Correlation-Id: 7074f910-55a1-42c3-24cf-08dc48ba842a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: M7X3ANZ/hqL5NmMRru7+R0p8KLFmnzwgtkLBfevs+xP/eh1GZro8vJ9paCEpX4aLc25sTi/CoNGkTuoxjesC8jOLKoI1/rZNjnVxPZZkO6QfkdPS+CMk8ewedo8QWpdlAzz5cAM8QBbvo+fWxsq/wDbeHoIF87/ZW5MbQTzJ57kCAp0P1+V1uF4g6TeD8NdcKv8ttzS6jN2bEsdEAnypnSZ9bAsFUUhPf/h2jsXPaFb3KErGNxGDspLdnwRsFTi62feZ7h2XVbsf7+xfS76qdeY9kNofPt/P8Yqji6EBnH7L37aa87OCZ1DK4gzlx0z6ApitzlDnattlBeQEuPszQBlEakl//5JG1YnZVwBTCykHdnvHH2/t18UOLM07NCfKr8eLH+S5rNz2pD0wU/XP43MEKWDlKD3IRp/xDrQdo4hj2Siqr9wXZv4aDtaQR1EJAPoNP2Mb1ZcYB76RsEPSZCPSA6dZexzUVZfNxsQ8O+3DB6co5nmuGpgwnWWi1LbIiU634+Kh7aJ2IfMrpniobPRAsX3OuKhoi8RhpzLjPRYsbasQ0ITDE88R3yj5WLKRWOXeXCt9JdEwviFVXSw4f+2iwqnmHqaTRS5DRAkv92GWkVbLtdIc3CE9eq9jYz80G8jaxEFohQWiCwcbAFCP5q0N13flpN1U0B2fi8CISgkeVwnC9gE2fKrdFh1MJE60TzNXh9+7jge8aKeEhoL7yyxT7NmoUr9wjLrG2KG9bSQMiJw6TpnNOmOuknWyvqsZ X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(376005)(36860700004)(1800799015)(82310400014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:48:29.6676 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7074f910-55a1-42c3-24cf-08dc48ba842a X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A6732.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB7743 SNP does not support SMM. Signed-off-by: Michael Roth --- target/i386/sev.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index b06c796aae..134e8f7c22 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -881,6 +881,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { SevCommonState *sev_common = SEV_COMMON(cgs); MachineState *ms = MACHINE(qdev_get_machine()); + X86MachineState *x86ms = X86_MACHINE(ms); char *devname; int ret, fw_error, cmd; uint32_t ebx; @@ -1003,6 +1004,13 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) if (sev_snp_enabled()) { ms->require_guest_memfd = true; + + if (x86ms->smm == ON_OFF_AUTO_AUTO) { + x86ms->smm = ON_OFF_AUTO_OFF; + } else if (x86ms->smm == ON_OFF_AUTO_ON) { + error_report("SEV-SNP does not support SMM."); + goto err; + } } qemu_add_vm_change_state_handler(sev_vm_state_change, sev_common); From patchwork Wed Mar 20 08:39:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597543 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2043.outbound.protection.outlook.com [40.107.237.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 912353EA76 for ; Wed, 20 Mar 2024 08:48:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.43 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924534; cv=fail; b=S7xkRSaekPAkT0OxQG9ePn3wgfsln00XKl//W9jl1KdMywuHcSGmQovfcrvDbgS1UoRRFkXTi9wJpAnJetvhNVrg+BxmGQhP2XrSOw0Emo6QmPz5FBdyfctyQJSV8mNl9u0sEsCjCB/IekIh7UbushPesKiODVWBl/nufjMBUdc= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924534; c=relaxed/simple; bh=JtbMd4rpOG8frzW/O5iHqKkoRW0yrHJCtQ+ZCV78Rqo=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=IAaL3Pw5nv+04vSdy6v2jPO4jtWJfT4J5Xr7ZtH5Pke9IJGJwdrACoE07tWxV3Ukwn4H50wzytwl6evd0m01HgLNHJ2y3JoF3sg8mXMbA3NIhTDWG3NGoNfXAroR0lsBD2tTXzUcfOjXk54a6dg2lUgxIST8K68In/kOT2o+is8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=XL9SfU1v; arc=fail smtp.client-ip=40.107.237.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="XL9SfU1v" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bBpF8sjA1/x6p8GYIL6ucaJMkgt9Qn/3HmC9CZr51A5MXRLyqQZ9ff3Mst9q5xD/QNK+JbD3J+eqmwn8SJJJsYHg1xNczbiebOZoyFMnX0xXlT3uYFltsgiJhGQszGhxgLk3RlQBlYRrtIOIVrTHOKbQ/KUC6IXUJ+fnR1L5/dg8AprCrgDtqIV5ZzZu7KrbAD6mLeofJNmEThjlzISLXLbTeg4i0O41Tt6Xq8k3+llKeKCE0lh4HBcJFdre+vjBeMt/HmCTMsjZw3lfAILeHDunWxj6sROFhVek7O9McW4u0OE0uFjybm5U2iykhV3VO92hgQAChLq/313e1O8FKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NmlEPPQJRqOq6Z/gGS5LaiJnbCESGk5Pdm6g1pJHzV8=; b=FrVEo2ZbBB7rzGmRaElevRwbtlioNCMf2B5ybcmwvM3l/4wtOH0/7pI0KkM73j9iQKdJJIW6bexbh372nVHGDjhMDD5eBm0ehGPZAJBf2rjxy3Nbk98BegXHAYG6icmqKm4mMiEuyoDBMSQtDIIaunbLbwQ8CEm7q0f/q2t1dIDA8JEkrc6BLPMzbst6yB/qMfSu+gVepGuptgy9OS1YhLYdy1L0iaut2qt2qVgT8CA7dGme+M3FmkcbUiH9ZlQLApqGMtwMoiqeUP6MvOQevGGmU0aA5C/qWIaXOSo3X/3C5gUCPHloKyF3mek4hOQm9UryXCX5i4BsaBq9rwwEKg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NmlEPPQJRqOq6Z/gGS5LaiJnbCESGk5Pdm6g1pJHzV8=; b=XL9SfU1va//tIBlRWTVaiA5kIx50t8Zh4PA4TfCUHvxkGQ50l02joj3kbAXogm0UA+ldaa/S4K5keJU9Sn7EZ6UbdvfFb+9ndbbPUQvD+/MWtnce9tKVEKA/J30de3NSlvippk0jP7mY6yHR9i9T4Z9r1MPLxTmPH9JQTY0L94k= Received: from BYAPR05CA0024.namprd05.prod.outlook.com (2603:10b6:a03:c0::37) by CYYPR12MB8871.namprd12.prod.outlook.com (2603:10b6:930:c2::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27; Wed, 20 Mar 2024 08:48:50 +0000 Received: from MWH0EPF000A6730.namprd04.prod.outlook.com (2603:10b6:a03:c0:cafe::ec) by BYAPR05CA0024.outlook.office365.com (2603:10b6:a03:c0::37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.12 via Frontend Transport; Wed, 20 Mar 2024 08:48:50 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A6730.mail.protection.outlook.com (10.167.249.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:48:49 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:48:49 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 29/49] i386/sev: Don't disable block discarding for SNP Date: Wed, 20 Mar 2024 03:39:25 -0500 Message-ID: <20240320083945.991426-30-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A6730:EE_|CYYPR12MB8871:EE_ X-MS-Office365-Filtering-Correlation-Id: bd038284-1131-4317-2d77-08dc48ba9038 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 5Fz64ZhVuhXBo7MhkvkhAeArfNYU24gch9xQEHb6EN8Abs5krahsCZsidOxyIyFdld5RumreJo1rXfv9B3UvOHL/+Vrg+CZv4x4av/IRhKVH0IFvmEXhpQ6mZGutgvelEbttM6UB52y4prLIUyHYwqLgrpfcmuLs6nsktwK5V8LpT2QNoPygpn5UXCxICEW4i1x9Dk46TFrSRVOvKRk6+OVHbBj5e5wgTJPMDgKJOoaBNWQ2VO+/2pAGtYDGLlRCyyYNVu+ypobeC3CuYxLDSeJ8zBd8NiTeqoSkgp6eYoknCwS0Rh16AaAlLFmARU1L7LPnjRAOq8Gj3q1/FIqQ5x784XH8Brad4EonMkYOZRH31BGVnbq/Hi6vPZOuoElyLRDhvLtX6kjqf4BV6/+sBK1iqxx2BGDx10rD6mOCqsYgjeoAyIK/9zG7tpfh9B5gLdICZwMJ7RCe6EgQCZ9U+CCgvjwFTPyyb1j6K8cLBD/z9o3I/E5U20n9G2+qtd1FofXMgewSzdkW+SfeFSk2MyOpwXPsoVgr6FrVW9CPtRo00z6Sg0uw6mglJFNPjA9aZ1FHV3bvShucN1lzMOoz2YKon0OlDc78LS+hmNilKE9EEAr38e6dbAQeWZiOu3hdi67Ae+7/s7trFTFa1XHd/JI9XNbMIuHRHSE2i0nlMGRVrVXUC5/5zyr2ScVPLKfRIZiH4D9ju50zfGcB6d6ZM70EMHk53rzAZhfe3l2Fdp9q962OTCWp7MQ5ylvdbpXU X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(36860700004)(82310400014)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:48:49.8922 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bd038284-1131-4317-2d77-08dc48ba9038 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A6730.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CYYPR12MB8871 SEV/SEV-ES rely on pinned memory to back guest RAM so discarding isn't actually possible. With SNP, only guest_memfd pages are used for private guest memory, so discarding of shared memory is still possible, so only disable discard for SEV/SEV-ES. Signed-off-by: Michael Roth --- target/i386/sev.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 134e8f7c22..43e6c0172f 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -888,10 +888,18 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) uint32_t host_cbitpos; struct sev_user_data_status status = {}; - ret = ram_block_discard_disable(true); - if (ret) { - error_report("%s: cannot disable RAM discard", __func__); - return -1; + /* + * SEV/SEV-ES rely on pinned memory to back guest RAM so discarding + * isn't actually possible. With SNP, only guest_memfd pages are used + * for private guest memory, so discarding of shared memory is still + * possible.. + */ + if (!sev_snp_enabled()) { + ret = ram_block_discard_disable(true); + if (ret) { + error_report("%s: cannot disable RAM discard", __func__); + return -1; + } } sev_common->state = SEV_STATE_UNINIT; From patchwork Wed Mar 20 08:39:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597544 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2085.outbound.protection.outlook.com [40.107.94.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4B1013FB8C for ; Wed, 20 Mar 2024 08:49:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.85 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924562; cv=fail; b=WK3KoWQbqockDDquiOMzKVgpYJf1BDyiFDVnCWhMYsoe7Zh14JFBOUDH/IEkjKYgv2j5QdidGKQJJxqaVXFLd/gxSfL4oIs1tDUQdwSlNtgVFqiocQUsLv/5NKFJ0koCyuzPA7LfJPXjhtoy8WLMyplkZ/M4mT68rpjAAdy/mpM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924562; c=relaxed/simple; bh=o2e4u0cB96+EpJue2zBbSH9CW59fwSOKvEI685qg9gA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=EZGj4m18LjQ77rZFAlcoBujC8c8+5NVADZ8cCnPf3wXWXEDQb9ghBhrQRq5Mn8rHA3fELF5Nljf+RU9bimpAU5Z4a3Y4sNGJUz0G7JDl+hSz4oN2I9lDalo4pPXAMHlQrJ2QbtyqayWuqKzs/Ybxv0tVreEJa18SyFHilOGEGs8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=vq8luqD9; arc=fail smtp.client-ip=40.107.94.85 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="vq8luqD9" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OgdgrGdmxHlC58XtUZZn91tIBW8ukDEOVhOihBRLopFhvVBcUQs5jhTcS7eyVUsQf4pG0Ze6gxDcBw4ES1GYXKRY+y7qazmKjSby1xiyF+3C8XES4QVgqdf1rsiOYKFQIhG+QJefRZUBw3nEn36ebPmnJTSu0YNZKlygw5QGUfNbD4kQobRbLCxKTAX1yJpwuVYiiZVYl2e4KTvGUP97qzukMaY3MRDatVr3ryJ8A2AujVFt9ij8pqNnECxjl/p9CvPkVVUxf6O3W6TFxcEiG1D/TnklghO7WIZx7S1Xi1QC6adc11svpAthwixFTCjwoB5m5ZOoREe2lFdcg/Isfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jnMw7Oea0EMkYL0wE15+n1cEbuW+y1dR9qORsyxIdj4=; b=AfARDZZRHCW38+mCrLO5zz3zv3Z52KjYogtc5V7TKRFbGvqAR6MjbbSU2a2dSVJV5VrwjSOxfqW7Day1RcovKbyTtY+6TscQ3H9VrlCw8KkzkX51MFYG6/P3OLlh81wh50J1rWc+7W7+xlF4X265KSSC1yiCr4/x184qLENVYrS/eX3U1kQ+Lwp4uGdX8OhlFzFWfsSQdKSG34UgbGTL3Th8XYCVNkdO3gUvN+9ya9szUJy02SX5kFzHCbf25ncKDX/kTOtrC0EkWWlmwKCE0GCGbQvZsKQpYcZx8XuRlIm0kqQ+SOUTF3wdSIi1HlZLvZyM2EzYfNK+vptteDKAOQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jnMw7Oea0EMkYL0wE15+n1cEbuW+y1dR9qORsyxIdj4=; b=vq8luqD9zvjJggzzZIGor+JuZ9VbptosnMDQGEVHZid09pvLtyiXi0UX6+s8ZXdtmb/DotIE2ssJlU1QPuEZYjQdJLvAfR2e048xxceSpf2EzPrr9N5+H8OCIOTzGppHb4VH83qUhEMnjwMrl9yzh3cXC8X4Nq+mTDM78Fc20dg= Received: from BYAPR05CA0018.namprd05.prod.outlook.com (2603:10b6:a03:c0::31) by CH3PR12MB8073.namprd12.prod.outlook.com (2603:10b6:610:126::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.28; Wed, 20 Mar 2024 08:49:19 +0000 Received: from MWH0EPF000A6730.namprd04.prod.outlook.com (2603:10b6:a03:c0:cafe::b1) by BYAPR05CA0018.outlook.office365.com (2603:10b6:a03:c0::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.11 via Frontend Transport; Wed, 20 Mar 2024 08:49:18 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A6730.mail.protection.outlook.com (10.167.249.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:49:18 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:49:10 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 30/49] i386/cpu: Set SEV-SNP CPUID bit when SNP enabled Date: Wed, 20 Mar 2024 03:39:26 -0500 Message-ID: <20240320083945.991426-31-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A6730:EE_|CH3PR12MB8073:EE_ X-MS-Office365-Filtering-Correlation-Id: 2c2a77f3-3efe-402f-c50e-08dc48baa14c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: r0utBL8zQm24tCwVnwi73En871KgeNK/pivl0pocp1TZHRFHyZgibzGcyTsGfICeYRtWTIZ689vyGh9EHOdbxZyfU7R2zc6piJcpiQSmOjXi3BY+3Gzu4qFeoHljPsdJ8YRZ/qslES1DnPvo/faZ8l1ZLlFq5NJIqA2QNPPCXldGGjyfXwL14Xub1+0eU92lSQ6I4bKlMjor1jEW8vFicU3XGCMatXO4IY9BdsEsMiSlu/G5kQnaqFL1j3/z7vna2scKTzJAO31C21ZpssHrcpzeqyKPUscka/iweeK/ZwcsyP+MP8tx5wRUIp0D42Os2CduxxBW6/DC3xjw25EclDakHRHOLKtLcvTluWsIsxhuTfXE29bG+xswIer1aK4EaniZ6lrOufFn4qQyMGNtDRsegU7dsUhEjmN0dAIRW2vp1zkZ5aPYQoVps77GXRw+Vn/+Nd9Bba7PkB8HUE1vk3BhLzRu2EpKTZtUfP2vuwwYA8E9BmivpaHdjQb9l1o6NgD5XxrBoaLZPUex5f3UA/ztm8HEj9Wwd0bGEdb9ffiTyPWk9fwKrN5uf5vPJ6gqJlEpzFt3Z8d47I7bFWQUpYVdYRz3k9eC+lJMgwXrsnrpJpcbBFJoOhEIsvAqgRYJWKfQhg/k6MJ2Ck7PC4YxgTiut/M/lMI/yCuSZNfK/9812JzDHDrwQoj/tIN8277CZf+zvaNBDCCftEXliVUhU/6cn/1yTy3MYOtPiipFi11OzegOT/rC/VDPdcnQD+tG X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(82310400014)(36860700004)(1800799015)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:49:18.5328 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2c2a77f3-3efe-402f-c50e-08dc48baa14c X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A6730.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB8073 SNP guests will rely on this bit to determine certain feature support. Signed-off-by: Michael Roth --- target/i386/cpu.c | 1 + 1 file changed, 1 insertion(+) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 33760a2ee1..3fdaac3472 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -6664,6 +6664,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count, if (sev_enabled()) { *eax = 0x2; *eax |= sev_es_enabled() ? 0x8 : 0; + *eax |= sev_snp_enabled() ? 0x10 : 0; *ebx = sev_get_cbit_position() & 0x3f; /* EBX[5:0] */ *ebx |= (sev_get_reduced_phys_bits() & 0x3f) << 6; /* EBX[11:6] */ } From patchwork Wed Mar 20 08:39:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597546 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2085.outbound.protection.outlook.com [40.107.93.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DF874405CD for ; Wed, 20 Mar 2024 08:49:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.85 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924597; cv=fail; b=BhL7rmMZQ/bF0ZGmOv09S99jdF+TfVqXEQ4evRp8kj4xfyPHgeKqoUgQsdBy24os6MKGvxdS2HIU6spOP6K9aFHYcqYb+1VAmiJVDC1HbVcIfH3sJyZuDjCohDGBnFKygWO0SKfVgPp6rUqiC4nojLLlsWWk5pU//0Q1zt3crLI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924597; c=relaxed/simple; bh=F7l4T6yhIleALrcayESNOVV62fCH54qbarfk53+tn6g=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=o6DVdCM3+Jj2zLCUcZxAxYtyO03bcdbdwPX0WR1veWwHfGO/4aGiglwG6yd0ulZYyixE6v9I9sElgsIHLJvU0/H5pCdxjV4HGNjjpmajtlC1I6To/DDrK7c+7RDaDvQa9lZKoNyTdf9pckgo66+h5EvT8Hay/GIdwt6683ZTQRQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=wL8SnHBb; arc=fail smtp.client-ip=40.107.93.85 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="wL8SnHBb" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lDyYSN/vzWuAnETeAHx0fKUhFj50ueS4ZLd4bE29V7XQENjU9J0hTsO07JXYG62VVUMP4vnL5xSgLqt8W3kxBRexV5PrlgO3SoAeP6M7brqhAOgROTaj63uTh0p5bqIeX89Ky51DISvPt/eZtwYSIFSbELVS2Lix4OvR6V2DazHsPRRX3/Em8bnSK4q2j+xDyXM14uC6XuMxNIzvoszioASpzEzBPwcgUT/INYkWv3NxE0r2bihB/7E232nsNYZKOJQ5hJ6t0ENXAam1cqA+sUgzq4rBL6Wzeaq0Hgpi2AfjpInkd0etCS0rWShbJYPNcYISFa6yCpgzORb111qhmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OHLk61mz3wbuJbwl4cL2T2h5Mpbmdf9D4LvAKsodhi4=; b=TNkRSfZvlAw61Mkz3YvLLra+hlwaaG7bXio83GnQdFklR5dumQv9LpWsxuOFzRaOditiSwbbVK7oJR7XWgZy6W3McOGeqeXZ+IzyQfRDUgGZxyxJmp22+JUjVK0a81vib+brb5nhxPg2vFVoAo4MWZBCkuNDUacXS13ARPYwLlDdpkewIXdJyNz24zKrgTyOA1PoGXietzIENeitkpV3cKURMGTTWfT61GZ9vJ/tv76uyH2lbbTUV7CzAepbQdQdlpmgoAWKju1t4zfieiktnEpScFswv5PBnyKV7sYNdWDNkoSTNppUiSZHVzNe0+PP4BsLMeaABiRmgzPcqxwMYw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OHLk61mz3wbuJbwl4cL2T2h5Mpbmdf9D4LvAKsodhi4=; b=wL8SnHBbvljNwIAIIEE10GL/b8F0yoSSPQPtcicQkeKnRYFyvZRG1zW4c8wh5vH0s2/aSs9DAW9HEtE4t0uBignpSiUZxD6uPOduTs8LbFF+AjCDNEcjuw3XBrxcmEvCHVCNReUW1hV8SYAeTuh6R1MbFAspeOFRX9HC7rbZe18= Received: from BN9PR03CA0205.namprd03.prod.outlook.com (2603:10b6:408:f9::30) by BY5PR12MB4179.namprd12.prod.outlook.com (2603:10b6:a03:211::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.30; Wed, 20 Mar 2024 08:49:53 +0000 Received: from BN1PEPF00004686.namprd03.prod.outlook.com (2603:10b6:408:f9:cafe::fd) by BN9PR03CA0205.outlook.office365.com (2603:10b6:408:f9::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.28 via Frontend Transport; Wed, 20 Mar 2024 08:49:52 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN1PEPF00004686.mail.protection.outlook.com (10.167.243.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:49:52 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:49:52 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 31/49] i386/sev: Update query-sev QAPI format to handle SEV-SNP Date: Wed, 20 Mar 2024 03:39:27 -0500 Message-ID: <20240320083945.991426-32-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN1PEPF00004686:EE_|BY5PR12MB4179:EE_ X-MS-Office365-Filtering-Correlation-Id: 39f4c8ba-00ae-40d9-55de-08dc48bab58e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: cYCUAy1zFQ5Ipu0Ni/xZmMc+pSIO/QPDBG9AunLUNsGAohEx/BpMaYFl1Jj1Rp46Xx28tPsOmra87VWJ9wHbJwGpOjLpJybd39Zl7fD44do/A9TdcRiTAGQ70kOW+oVYw2NPlhTAA1naxekGWMGuvlOUj5j9gctULEQ4F4VNydAsr8Ap/fh2pGExPYTNIuQFnX8ywK+7rrEy+g8nyHKWW2E3PIcfAGEcU3NqglgAUQ0Q69XTIBT+uCM0CAj9l5srTZRx3k+cVfvEPA8kksDBnkU1160SyWKPaQ8xAR91mimHDzuFXcz8VtQFwqsfEpYMxppmAgIJ4D65B62Qn0kggR4LQrCMfUPHA0CjN1PKakdSgF4wn2bMMegimxeZqYi22wSFSwChX9aDVpp8fzmHi8K9FvzKGsG5vMuvTKR9JQMKBcuMhJW90gisVS5C5Kx0Wrw0+cgFYYpF/x13tAHJjxsoQDIarr5nIGkFyR+EwmO9f8G2YSrt4Uu4iD8SvJiUrCNPCQmWbCq3L7rwbR5y/6w3wWUIYBjAbng87QZSNDKvuu/a8yvsRNguvJdFZ28wiwRrQAYF3AWda+/8iMYqhv2fWaNX4G54QvzMmvBw2XT8fzWOm3IEhDxqlcCDGGPzl//KjLC4zzu0btPVlwHyTaAGPWDTMvIICwoFJXDi7HKU5Tqqfw8x1UqjSqjG/Fry8ezwitqUJdZMKSOWZGnO+lhcuk7yM2SLHYfpRPvsjvCS1hBHj8YDKulC6b42oX5P X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(376005)(36860700004)(82310400014)(1800799015);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:49:52.6420 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 39f4c8ba-00ae-40d9-55de-08dc48bab58e X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN1PEPF00004686.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB4179 Most of the current 'query-sev' command is relevant to both legacy SEV/SEV-ES guests and SEV-SNP guests, with 2 exceptions: - 'policy' is a 64-bit field for SEV-SNP, not 32-bit, and the meaning of the bit positions has changed - 'handle' is not relevant to SEV-SNP To address this, this patch adds a new 'sev-type' field that can be used as a discriminator to select between SEV and SEV-SNP-specific fields/formats without breaking compatibility for existing management tools (so long as management tools that add support for launching SEV-SNP guest update their handling of query-sev appropriately). The corresponding HMP command has also been fixed up similarly. Signed-off-by: Michael Roth --- qapi/misc-target.json | 71 ++++++++++++++++++++++++++++++++++--------- target/i386/sev.c | 50 ++++++++++++++++++++---------- target/i386/sev.h | 3 ++ 3 files changed, 94 insertions(+), 30 deletions(-) diff --git a/qapi/misc-target.json b/qapi/misc-target.json index 4e0a6492a9..daceb85d95 100644 --- a/qapi/misc-target.json +++ b/qapi/misc-target.json @@ -47,6 +47,49 @@ 'send-update', 'receive-update' ], 'if': 'TARGET_I386' } +## +# @SevGuestType: +# +# An enumeration indicating the type of SEV guest being run. +# +# @sev: The guest is a legacy SEV or SEV-ES guest. +# @sev-snp: The guest is an SEV-SNP guest. +# +# Since: 6.2 +## +{ 'enum': 'SevGuestType', + 'data': [ 'sev', 'sev-snp' ], + 'if': 'TARGET_I386' } + +## +# @SevGuestInfo: +# +# Information specific to legacy SEV/SEV-ES guests. +# +# @policy: SEV policy value +# +# @handle: SEV firmware handle +# +# Since: 2.12 +## +{ 'struct': 'SevGuestInfo', + 'data': { 'policy': 'uint32', + 'handle': 'uint32' }, + 'if': 'TARGET_I386' } + +## +# @SevSnpGuestInfo: +# +# Information specific to SEV-SNP guests. +# +# @snp-policy: SEV-SNP policy value +# +# Since: 6.2 +## +{ 'struct': 'SevSnpGuestInfo', + 'data': { 'snp-policy': 'uint64' }, + 'if': 'TARGET_I386' } + ## # @SevInfo: # @@ -60,25 +103,25 @@ # # @build-id: SEV FW build id # -# @policy: SEV policy value -# # @state: SEV guest state # -# @handle: SEV firmware handle +# @sev-type: Type of SEV guest being run # # Since: 2.12 ## -{ 'struct': 'SevInfo', - 'data': { 'enabled': 'bool', - 'api-major': 'uint8', - 'api-minor' : 'uint8', - 'build-id' : 'uint8', - 'policy' : 'uint32', - 'state' : 'SevState', - 'handle' : 'uint32' - }, - 'if': 'TARGET_I386' -} +{ 'union': 'SevInfo', + 'base': { 'enabled': 'bool', + 'api-major': 'uint8', + 'api-minor' : 'uint8', + 'build-id' : 'uint8', + 'state' : 'SevState', + 'sev-type' : 'SevGuestType' }, + 'discriminator': 'sev-type', + 'data': { + 'sev': 'SevGuestInfo', + 'sev-snp': 'SevSnpGuestInfo' }, + 'if': 'TARGET_I386' } + ## # @query-sev: diff --git a/target/i386/sev.c b/target/i386/sev.c index 43e6c0172f..b03d70a3d1 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -353,25 +353,27 @@ static SevInfo *sev_get_info(void) { SevInfo *info; SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); - SevGuestState *sev_guest = - (SevGuestState *)object_dynamic_cast(OBJECT(sev_common), - TYPE_SEV_GUEST); info = g_new0(SevInfo, 1); info->enabled = sev_enabled(); if (info->enabled) { - if (sev_guest) { - info->handle = sev_guest->handle; - } info->api_major = sev_common->api_major; info->api_minor = sev_common->api_minor; info->build_id = sev_common->build_id; info->state = sev_common->state; - /* we only report the lower 32-bits of policy for SNP, ok for now... */ - info->policy = - (uint32_t)object_property_get_uint(OBJECT(sev_common), - "policy", NULL); + + if (sev_snp_enabled()) { + info->sev_type = SEV_GUEST_TYPE_SEV_SNP; + info->u.sev_snp.snp_policy = + object_property_get_uint(OBJECT(sev_common), "policy", NULL); + } else { + info->sev_type = SEV_GUEST_TYPE_SEV; + info->u.sev.handle = SEV_GUEST(sev_common)->handle; + info->u.sev.policy = + (uint32_t)object_property_get_uint(OBJECT(sev_common), + "policy", NULL); + } } return info; @@ -394,20 +396,36 @@ void hmp_info_sev(Monitor *mon, const QDict *qdict) { SevInfo *info = sev_get_info(); - if (info && info->enabled) { - monitor_printf(mon, "handle: %d\n", info->handle); + if (!info || !info->enabled) { + monitor_printf(mon, "SEV is not enabled\n"); + goto out; + } + + if (sev_snp_enabled()) { monitor_printf(mon, "state: %s\n", SevState_str(info->state)); monitor_printf(mon, "build: %d\n", info->build_id); monitor_printf(mon, "api version: %d.%d\n", info->api_major, info->api_minor); monitor_printf(mon, "debug: %s\n", - info->policy & SEV_POLICY_NODBG ? "off" : "on"); - monitor_printf(mon, "key-sharing: %s\n", - info->policy & SEV_POLICY_NOKS ? "off" : "on"); + info->u.sev_snp.snp_policy & SEV_SNP_POLICY_DBG ? "on" + : "off"); + monitor_printf(mon, "SMT allowed: %s\n", + info->u.sev_snp.snp_policy & SEV_SNP_POLICY_SMT ? "on" + : "off"); } else { - monitor_printf(mon, "SEV is not enabled\n"); + monitor_printf(mon, "handle: %d\n", info->u.sev.handle); + monitor_printf(mon, "state: %s\n", SevState_str(info->state)); + monitor_printf(mon, "build: %d\n", info->build_id); + monitor_printf(mon, "api version: %d.%d\n", + info->api_major, info->api_minor); + monitor_printf(mon, "debug: %s\n", + info->u.sev.policy & SEV_POLICY_NODBG ? "off" : "on"); + monitor_printf(mon, "key-sharing: %s\n", + info->u.sev.policy & SEV_POLICY_NOKS ? "off" : "on"); } + monitor_printf(mon, "SEV type: %s\n", SevGuestType_str(info->sev_type)); +out: qapi_free_SevInfo(info); } diff --git a/target/i386/sev.h b/target/i386/sev.h index 94295ee74f..5dc4767b1e 100644 --- a/target/i386/sev.h +++ b/target/i386/sev.h @@ -31,6 +31,9 @@ #define SEV_POLICY_DOMAIN 0x10 #define SEV_POLICY_SEV 0x20 +#define SEV_SNP_POLICY_SMT 0x10000 +#define SEV_SNP_POLICY_DBG 0x80000 + typedef struct SevKernelLoaderContext { char *setup_data; size_t setup_size; From patchwork Wed Mar 20 08:39:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597547 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2077.outbound.protection.outlook.com [40.107.93.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5EAF84120C for ; Wed, 20 Mar 2024 08:50:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.77 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924617; cv=fail; b=R2o8lzJg8LH1Unvcoaj1s/36dbLdpWuup5D/BJZMd0bZdXSjb2qTKFS18NzK2GM/7+ZDKzZDzDR1EvIgbM3tMX2xmNhvjVNYweBebtKrywIJm/b3nS/K5JcFIX6mMeYWaP077Y/2aWbrisNNwBbOcBkB45Yqa8NEisVLzndUP4Y= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924617; c=relaxed/simple; bh=vRzv0Av7M/VFfRodQFzQmiX1R3tPCVGLMoAZYd2LEVc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=GrIUBYVayKnYWd1HSJZHAL/R/1foWMEKNk0usRkUOAb4D5EjX2hU73M1PvL1ZCm8qo+pW97RbbriuY03451qabyMpTprA5HKq2GQoIg5QkaHh1GmSN4mzipvdvRKeYGd3dKNeg3SeRHA8zi027UOiENxmbxoBEMSGaX0Fqb/4Eg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=SmwQoXPW; arc=fail smtp.client-ip=40.107.93.77 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="SmwQoXPW" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BkhiWO2i+rQgi/A55Xr/AYStl+SA4qaU7jeK+ayU7hn0oJ8y5nlAA7r3rGD0co4Kn7LfoKmOM0UydOOdr2ej6M70CuZb1F5QbAdjpcOci9wPeML28gFj0CgMgQ0Lfo1phS9plagqTu8uUn1CWYNO9EfKWLkdQ263ALd04j5Hudf5gORlKt8ULJ//9g7ib6aPCEW7k7rAe7iO1duYeoXrfnjgRKoewE95vt13SvGKX0KWYkpg+Y/LmY18OZLRLRBXtUaFAd6H/M3pFKR+MtGFwWgHnLwe1JEQhRRCGANjROU38cQHN4ttvDSUeikrNPsK4+ZyHqlFgltRw6BVbXTujA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=34C1YfoGnIhU/dOBQftedsu20IJfwfyy/w4rgp/Mw1w=; b=MNEjbPMgwDNk88areKeDjiJ0Vu0JNdyxzm2OqYbZP2YKznCp0TX9ss7XuLACl2ppfTGuanAtKmAnQKmkYF8HygTgtPBRKALDA0xmhyJVUW/7wjf+SDfa7EEMgvWKPRJC3zK6VSVMTod4rVKnv+58tCwu3OBKAOLJh7fNP/lWMwnhyRqNdWo5QK80OR6BQwY3eSPOg+soZx5XAj2QbcRtUtKeORESedoYyd+W+gIC58DjRadnrQpWGtVEE9QiSVaAeKEpHT6le+YNIq7aW9dF/+W5QbCdVVUVvruBXQQYXB1WR0iHe9oCKpfKoq//gNnMPS8PcxZB/Vkn/hmW7gbXWw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=34C1YfoGnIhU/dOBQftedsu20IJfwfyy/w4rgp/Mw1w=; b=SmwQoXPW27GgOq+u9RVqCOZ/tyfJvLsnIe0WIRjEIqX5hh1bXHZXHTiqjckUzGJNlGh/p6cmrXvsfTqTVfbnHeWzqT/daFAWgwPU0KB8YjSW4v71R299V+0RvwcSO/rJ+IYrn/QYn8cbSN9P3BWaNDygbUkeQnAEXVOxhZpZtGY= Received: from CH0P220CA0026.NAMP220.PROD.OUTLOOK.COM (2603:10b6:610:ef::22) by CY5PR12MB6599.namprd12.prod.outlook.com (2603:10b6:930:41::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.26; Wed, 20 Mar 2024 08:50:14 +0000 Received: from CH2PEPF00000099.namprd02.prod.outlook.com (2603:10b6:610:ef:cafe::53) by CH0P220CA0026.outlook.office365.com (2603:10b6:610:ef::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.18 via Frontend Transport; Wed, 20 Mar 2024 08:50:13 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH2PEPF00000099.mail.protection.outlook.com (10.167.244.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:50:13 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:50:13 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 32/49] i386/sev: Don't return launch measurements for SEV-SNP guests Date: Wed, 20 Mar 2024 03:39:28 -0500 Message-ID: <20240320083945.991426-33-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH2PEPF00000099:EE_|CY5PR12MB6599:EE_ X-MS-Office365-Filtering-Correlation-Id: d2b2f3b5-324d-4500-9e7c-08dc48bac203 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 1XQ9F871zufoX/qh2H9iDbrDnPRbUXDNOkiIzxA6gRAP6Q0rC2zntrCF3gqssJc0+x4VIw+l4fw2eR1LZuldeh04Am9hN5rCPVTUx5rjzPvrUXyvDHLCFr4t10AYEg53v7K5lIK5TxNaTws3B7mzJDlPHayX2z0mKbjOZQEnUEC5y5zVhEd3XoPAOE9vvj7h1n99PioViRhxbCDMB8p0v/fo/7gupdl1uh31Ui1yiG47NJro2hQK34a6TD6I3267ho5FixkY4hCf/ByRx/Z7ADsH/2qczt0CPoUhMfBDCne0yaUaFr0STpbghZ6q1au2ltZ90a5/jT2tp+A0nwCX+q940IzxfBuG576FJRIwldf92vrGL+7aQ29bc6fldtVCV35bg5VrdGMUnP1FNkh4/VUwuKg4pD+4ubCeTsQ0Y1SpYJ3tOW3Yo1bsrbbD43XD8tQm/kDDurZfCnYgJoCfwOBs+qa+yz4AAmkEGPMZB6LGieoJCi4L4PQP4OK20EAnubt/KoXr+BGOjZ6rGfahTEeBgOHvjLfQjvJkLDxZ7b+5IeI0UePZBNzdhKEjqLDTZaA5Asolf5dRpNW4VqHxmHo1jriyipMrQxamYkssvvtHrV6sH8SaCNgD5ZF5GBehaq800Yl2SzFq9IDrTU1wSYjADQ5xoTm/77tZURXByQkuFxBwFByNhDLP9d71g/6gVWJeIEVHygmmiAQtbMeEB1llkgvzkuDhugLmk4aZL8YqdKbePNyvnuX6Qp39NqVo X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(82310400014)(36860700004)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:50:13.5433 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d2b2f3b5-324d-4500-9e7c-08dc48bac203 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH2PEPF00000099.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR12MB6599 For SEV-SNP guests, launch measurement is queried from within the guest during attestation, so don't attempt to return it as part of query-sev-launch-measure. Signed-off-by: Michael Roth --- target/i386/sev.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index b03d70a3d1..0c8e4bdb4c 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -803,7 +803,9 @@ sev_launch_get_measure(Notifier *notifier, void *unused) static char *sev_get_launch_measurement(void) { - SevGuestState *sev_guest = SEV_GUEST(MACHINE(qdev_get_machine())->cgs); + ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; + SevGuestState *sev_guest = + (SevGuestState *)object_dynamic_cast(OBJECT(cgs), TYPE_SEV_GUEST); if (sev_guest && SEV_COMMON(sev_guest)->state >= SEV_STATE_LAUNCH_SECRET) { From patchwork Wed Mar 20 08:39:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597548 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam04on2085.outbound.protection.outlook.com [40.107.100.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 056E339FEF for ; Wed, 20 Mar 2024 08:50:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.100.85 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924638; cv=fail; b=Id6mt04BUivxFn/L4NecjnjRFoxZNQ/eX6C1DN/N/Jp2NJh7q6R+hhLlmeGvu7GIbGVJLqbH795sjrhuYPrGbOmQD4ce6t5YdQZs9hcGttWO2yGM/5gii7v4p3hyZDLCshfKJlbTrZz6TJlmsi+hIhgVb4DRGLd22n1V9YTYXf0= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924638; c=relaxed/simple; bh=x4emDrRrA8cQkb5mCUgydTh8NN7ngn9Cm3pic1Ex/5g=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=j+g6fRMfmbC2Hw+r41Hz0ZxDfHx/FJIrfVffVk4iIZdVPx/IpXtdy0JdVXQ1LtcNqcu/FsTAq9fPCWiOKqTsbk/QGUP0x/amLkb2RP2AiJCU0ljJKBmBQR76BKRDNYa+5AKhZmXheVqMi5wVjEtckbXOGZCKcOWzCy21S0Bis7Y= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Mm7281rM; arc=fail smtp.client-ip=40.107.100.85 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Mm7281rM" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cXABgHA+P+X71X5YjMzYJs39/qkfmDvhiSCWRkSJUf0+HAksZPSWyk30bwY4uvldNIRqW7RuPL+CS0Lvn2Obncw43GqgaZZ6BhL5bav2VoC+kIRpC0SLc/25gGjWoLxh2977uLqLYGM22wFoVy7HgR0cuu4H0gcF7E3fWkIBJZ7HVZqChjYyoqK2L/tyfYx96EMAPKAwTIFCdgPuZDm35QfCs/0BVUcJ0HEcHgx1zOaBxFWoGwa0frKhqE61sIAg0d4JWa2PxdIpIzoH5gjRreHzcUtyShRvTvH5PBrM6t1tft7nwPYiluZdFL5nVS7rE2axBVH8S5zH0rlR2t7DyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/SiwnHA5evDZT3y+GXVRjpBBKLhqfvbXO3fPYwyUjQU=; b=CDkDTtmqa73iV8ajp9IesoVhmLy7up+7PuaF4UCrY5wwD/LlFN8ZDq8orEonFfl+9q3JA8p67H6PFwdm2Iw38BC1uXTcUqAOisHuohadwhnYibDEhIu0CPw2uFbDiBCGe+0siW1dKY9zoYxJebNspRHwd+dNYzRLcrXB3+m3lp2JSfLYzMPq8InhtjlKCBFyeyCj2VRsIDLqk6mzxrhMFV22PXLfhPAlgbdzn9hYWW0zL7yJ/tc5X9Z/fSlWuGceyhWJJhDj7DoUkL+ncG/JNcHzhoPZ/HTtWu6sqNBpbknNAhXvkyVYTX59P6Kw/cf13Dki0bg0aJIR0hXixvak8w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/SiwnHA5evDZT3y+GXVRjpBBKLhqfvbXO3fPYwyUjQU=; b=Mm7281rMQRkXP1a5OLPRwynPgKhqRAK5WmpCOZmlQ7TH9CddPWtsr/4GprnVFC1qSMfJHK3k5WIvHYwNea7+RrK+gCUd70Pn1hriODCIlnd7qs3rJDj6arWQD5ntZT/xONrq1G5K8ExKyBlxbcpy4BgUlb7hZLp7DHDO4xptL2M= Received: from BN9PR03CA0186.namprd03.prod.outlook.com (2603:10b6:408:f9::11) by SN7PR12MB8436.namprd12.prod.outlook.com (2603:10b6:806:2e3::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27; Wed, 20 Mar 2024 08:50:34 +0000 Received: from BN1PEPF00004686.namprd03.prod.outlook.com (2603:10b6:408:f9:cafe::46) by BN9PR03CA0186.outlook.office365.com (2603:10b6:408:f9::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.28 via Frontend Transport; Wed, 20 Mar 2024 08:50:34 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN1PEPF00004686.mail.protection.outlook.com (10.167.243.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:50:34 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:50:34 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 33/49] kvm: Make kvm_convert_memory() non-static Date: Wed, 20 Mar 2024 03:39:29 -0500 Message-ID: <20240320083945.991426-34-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN1PEPF00004686:EE_|SN7PR12MB8436:EE_ X-MS-Office365-Filtering-Correlation-Id: e1a2d5b7-f6ea-4ac9-2cee-08dc48bace7f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 5WOE+XT1FFh1P87IzQMY1FfMxPxzDnck2nmm28j1+W8ZOlcC3HVCnrhBLMr3MQmumzyoTmEs4lldkzBeaj7KX0AiRjGmkYcgXX3AN8QwYiykHuHEGBnFdLKffI67o0WNATo7gCJ5QyT+GrsLVMn6NBZzqVLFBrZTC6e12e32F4/D/TgGhjkAV6NW/taFX4W/TjL5ph7w3TiUYLNmkuLmCB0dtS5/fwPE94KJB1mwKYmrozgG7SAHG2n2e1S3L7MPnjrpwpBmByQFBWSgGrP9y2UM4Q5ZH0pWYmp01VT4YFI+8mshtRKEHORzdQVCtzr4Q1+bDya8JmhO6BlQ8sEc2mgPezXi3mINVBGhaf3gJYabl0tJkmMXUqpkfv5y5GFiGJyHNSi1uREmvk4DNqrjQZbBMRL0Cc26RdlbyR85v6WGcCF3xfL3XqLwDHe7E3P3kYmXyKeun5FUCugFR4Nprp3lYEDHrMXHLXtFOD2usfqjIkYeDcx9803rGIZimj54Jz/o+dnCPf4K9OSA4PCTuLQb9dDbZ+HSrdYdXi/jX4XttU78FsPSzN/HLDiuRJI0fCS62YQnsjIkEsSsDwTN0c3t4c5G5ODe7SZGGMYBqYgT8R2EWztz+bjsulNdLTh20wdo4dTQFsaoZi3E0sKbcEMxoyQ6BEJWHgbQ527XQyOdbZpse44EIFG9+0lHdMreOs7QkTONx9LnEK4w0vVmZGZJ1fvJoyySnLV4pE42ouDV0Tiubr7alIB4hm0JBjsF X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(82310400014)(36860700004)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:50:34.4857 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e1a2d5b7-f6ea-4ac9-2cee-08dc48bace7f X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN1PEPF00004686.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB8436 Signed-off-by: Michael Roth --- accel/kvm/kvm-all.c | 2 +- include/sysemu/kvm.h | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index b5872fdc07..bf0ae0c8ad 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -2913,7 +2913,7 @@ static void kvm_eat_signals(CPUState *cpu) } while (sigismember(&chkset, SIG_IPI)); } -static int kvm_convert_memory(hwaddr start, hwaddr size, bool to_private) +int kvm_convert_memory(hwaddr start, hwaddr size, bool to_private) { MemoryRegionSection section; ram_addr_t offset; diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h index 2cb3192509..698f1640fe 100644 --- a/include/sysemu/kvm.h +++ b/include/sysemu/kvm.h @@ -541,4 +541,6 @@ int kvm_create_guest_memfd(uint64_t size, uint64_t flags, Error **errp); int kvm_set_memory_attributes_private(hwaddr start, hwaddr size); int kvm_set_memory_attributes_shared(hwaddr start, hwaddr size); + +int kvm_convert_memory(hwaddr start, hwaddr size, bool to_private); #endif From patchwork Wed Mar 20 08:39:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597549 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2073.outbound.protection.outlook.com [40.107.212.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5F1B83B78E for ; Wed, 20 Mar 2024 08:50:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.212.73 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924660; cv=fail; b=VLpOMx55I3jRRTPeRAXZ8cZZaygmYt1ZtCJOkTA3wm+0MbxD7bI0Mijlv6cePzpPhXPYJQmT5XiblPE4SLh2W3A+Tm2x50dUqzdnNgLfYm6aBXubLcqqZSBMGCZUlmTKPJSibktBBvXRnkD22UOtd7aKWOpezWQQ6fRzqTFW6GE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924660; c=relaxed/simple; bh=TvPXxJXqge5i+DVj3F4tCO80v970DtXvZXHzdFE/Z+s=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=G7OrzcuEs+YVvDfmc591qgvtkzkkSWIPYFDBkcOxSbWdwguQ8yHJR9hDrE/AmaHSAYbaETxTr0zJWAc5YkcIRbfprxFOgOjw4NmIhIpujRAGoxspeKj4okouV4Ije7UyfuuYQoPGiylffMMGsgEc9Hz23GyDOz0SCOtvhlfDEAA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=ERPUC+XM; arc=fail smtp.client-ip=40.107.212.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="ERPUC+XM" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GIGoYE25qyBi4tBSQEXOTgKpUEVOzaumQKlZyplu7qgKGJkmSvJO6ybnJy/nzGt1ra/DKGUbs20bVY3tQf66jBnprTOpm3325SlN6koXEMEnQXM8mRqI/6Cex0ZGX+D5Z6cH3AQ2Rlf7IbiLHB0GUhkGNF3i7IankG8sjx7Y82aU9o6YzCeTPTahVNtmyj71cBydNaTAXC3TOm87OEDqh9axz6+UvdeS3n3UW+N3vmgt5o6mKKhi+9BHvuXq89IAE7bZLEfHupZmO1dAf6E2/rgkcurLQsOsbMN6PXdHU+uJl80VAeUiV5rFtaBfmOxGYkIeG6ip4CPU6jsFxV8/Ew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KlIQYJOoXidCNOb2sQQuAUDRz0tgA6k+4/7j+Dhpo8g=; b=AqYzzdLgrNSZlJ0ZXHMwDGY9dwBrEOVv36Ju04zMhiRmmfhaLiyyZGcqVYmYABPYyciyx73FJ0okOFJxq2Qd8g3lhWLau6tIlMUzV//i/Ut0a4IACgDmNV+AvNQxP2FuYSmMORPyJbFivTr+RZKO+RqGlc5RFRywxbFFEsIBLm/arNo6K7WruMSdCpLr4Al5UBxNTGlsA5L3YWE5r4r1J1Ed7aQM/MBgUmKKiRUIDj47qejZ5TBQVmSIaPJ59hxElZr6BP8O+Gdc5mH3W/slPOOy8dSmZp/TA2ZiKTyw+VZ1YTol6Hf78mqs4Y8KWj0kBf0CFLqiWGSn3r9TetC6og== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KlIQYJOoXidCNOb2sQQuAUDRz0tgA6k+4/7j+Dhpo8g=; b=ERPUC+XMTB2/+jHaSj4MRwrs3b0K3rxfHEt3zNVh7hW8vSUrGFFs64vpILMyQTmT8zCcpuTpRBTvEPH5/6FGrbFkL3GDuJ/7kQmAWvfyXt+3LWW1DASGU0KN9x/CQiflyTx4xFS+2b6uOp/gNkJtkfDWi6ZAoadlSBfUDvp1gkY= Received: from BN9PR03CA0190.namprd03.prod.outlook.com (2603:10b6:408:f9::15) by DM6PR12MB4122.namprd12.prod.outlook.com (2603:10b6:5:214::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.30; Wed, 20 Mar 2024 08:50:55 +0000 Received: from BN1PEPF00004686.namprd03.prod.outlook.com (2603:10b6:408:f9:cafe::90) by BN9PR03CA0190.outlook.office365.com (2603:10b6:408:f9::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.28 via Frontend Transport; Wed, 20 Mar 2024 08:50:55 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN1PEPF00004686.mail.protection.outlook.com (10.167.243.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:50:55 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:50:55 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 34/49] i386/sev: Add KVM_EXIT_VMGEXIT handling for Page State Changes Date: Wed, 20 Mar 2024 03:39:30 -0500 Message-ID: <20240320083945.991426-35-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN1PEPF00004686:EE_|DM6PR12MB4122:EE_ X-MS-Office365-Filtering-Correlation-Id: f72474fd-e66c-4137-be23-08dc48badb1d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: KK+hkd5ByJq+uBPGh89DD/HSNhbda70+eTtoVdCgKMdc+6d/a/ys6VloxAOFH5Nqf9yqWbUKpfxrIzW27heAaT/Qwvq3MiGI8CZ+UmBx8Ib9v+iwz9PxxEiBh+do0r+C+tiGbaHYslP549tW48vOUMZ0mhgxMuXcJa67Y0XxHPJxVlGR46IWIYwcxP6hmAqs3bImQUoHGDto48vI5TRw70cqHRhCPz+Mmo+ZVFgGNe5nstlIH1cLzf5tt2J+WTvlBMC+cI2WznIOr0mUf12GkndD5sa+6C94viNg+a5NPYYsKkJG8W5w2k7z151k7zQQVSKlWPwbNn0PnEiaZG0okBVkZct5eaZuYc4aRDqApGfTJ7TL/qFknTPksUDntSnRSGHAlCxl1h2GLlpSzjyjKr9b04LmOihYUFqL7jLBMErRooYjtIG9FyUSJH5XxhPy8OPNtUOsWjmXMLtVGo3SK1REm+dEzgEwEN9KH3N8nzVrSMuwy9qlvWHCuIZmOjs7zsgo+1s1nDWQ3TFUUQsQsbACtiKnHAE2bHmUTp5J5IZEBFZ1L41Oec3aoPUpBikg6AbC40vsbkgR24GckCxlWDiKKBcE+P0IDAC0lZzfD2cRJyDts5v//XKnk0uuGof+Fxri578dlU/M0jpWV0klokMEhizTdPWNS9MOwCGRNlCHbrdhy4NAFa/C8PQzS1BLzvniMi2shOTG7mXi1bLOxA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(376005)(36860700004)(82310400014)(1800799015);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:50:55.6575 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f72474fd-e66c-4137-be23-08dc48badb1d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN1PEPF00004686.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4122 When running SEV-SNP guests, the kernel may forward some subset of VMGEXIT-based guest hypercalls to userspace. One of these is for Page State Change requests, as documented by the GHCB specification[1]. Userspace does not directly have control over the SNP RMP table to actually satisfy these requests, but will instead make use of the kvm_convert_memory() interface, which makes use of the KVM_SET_MEMORY_ATTRIBUTES ioctl to instruct KVM to map these these GPAs using private/shared memory and make the appropriate RMP changes via the associated kernel hooks. Add the basic infrastructure for handling KVM_EXIT_VMGEXIT events, and then implement handling for Page State Change requests on top of that. [1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf Signed-off-by: Michael Roth --- target/i386/kvm/kvm.c | 3 + target/i386/sev.c | 152 ++++++++++++++++++++++++++++++++++++++++++ target/i386/sev.h | 2 + 3 files changed, 157 insertions(+) diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 59e9048e61..22eb21a2f3 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -5409,6 +5409,9 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run) ret = kvm_xen_handle_exit(cpu, &run->xen); break; #endif + case KVM_EXIT_VMGEXIT: + ret = kvm_handle_vmgexit(run); + break; default: fprintf(stderr, "KVM: unknown exit reason %d\n", run->exit_reason); ret = -1; diff --git a/target/i386/sev.c b/target/i386/sev.c index 0c8e4bdb4c..0c6a253138 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -1423,6 +1423,158 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) return ret; } +typedef struct __attribute__((__packed__)) PscHdr { + uint16_t cur_entry; + uint16_t end_entry; + uint32_t reserved; +} PscHdr; + +typedef struct __attribute__((__packed__)) PscEntry { + uint64_t cur_page : 12, + gfn : 40, + operation : 4, + pagesize : 1, + reserved : 7; +} PscEntry; + +#define VMGEXIT_PSC_MAX_ENTRY 253 + +typedef struct __attribute__((__packed__)) SnpPscDesc { + PscHdr hdr; + PscEntry entries[VMGEXIT_PSC_MAX_ENTRY]; +} SnpPscDesc; + +static int next_contig_gpa_range(SnpPscDesc *desc, uint16_t *entries_processed, + hwaddr *gfn_base, int *gfn_count, + bool *range_to_private) +{ + int i; + + *entries_processed = 0; + *gfn_base = 0; + *gfn_count = 0; + *range_to_private = false; + + for (i = desc->hdr.cur_entry; i <= desc->hdr.end_entry; i++) { + PscEntry *entry = &desc->entries[i]; + bool to_private = entry->operation == 1; + int page_count = entry->pagesize ? 512 : 1; + + if (!*gfn_count) { + *range_to_private = to_private; + *gfn_base = entry->gfn; + } + + /* When first non-adjacent entry is seen, report the previous range */ + if (entry->gfn != *gfn_base + *gfn_count || (to_private != *range_to_private)) { + return 0; + } + + *gfn_count += page_count; + + /* + * Currently entry-specific PSC_ERROR_INVALID_ENTRY errors are not + * returned. Instead only the more general GENERIC/INVALID_HDR + * errors are returned. If support for PSC_ERROR_INVALID_ENTRY errors + * are added, this logic will need to be re-worked to either not + * increment entries_processed until the request is issued + * successfully, or to rewind it after failure. Guests don't + * currently do anything useful with entry-specific errors so vs. + * the other errors types so this is unlikely to be an issue in the + * meantime. + */ + entry->cur_page = page_count; + *entries_processed += 1; + } + + return *gfn_count ? 0 : -ENOENT; +} + +#define GHCB_SHARED_BUF_SIZE 0x7f0 +#define PSC_ERROR_GENERIC (0x100UL << 32) +#define PSC_ERROR_INVALID_HDR ((0x1UL << 32) | 1) +#define PSC_ERROR_INVALID_ENTRY ((0x1UL << 32) | 2) +#define PSC_ENTRY_COUNT_MAX 253 + +static int kvm_handle_vmgexit_psc(__u64 shared_gpa, __u64 *psc_ret) +{ + hwaddr len = GHCB_SHARED_BUF_SIZE; + MemTxAttrs attrs = { 0 }; + SnpPscDesc *desc; + void *ghcb_shared_buf; + uint8_t shared_buf[GHCB_SHARED_BUF_SIZE]; + uint16_t entries_processed; + hwaddr gfn_base = 0; + int gfn_count = 0; + bool range_to_private; + + *psc_ret = 0; + ghcb_shared_buf = address_space_map(&address_space_memory, shared_gpa, + &len, true, attrs); + if (len < GHCB_SHARED_BUF_SIZE) { + g_warning("unable to map entire shared GHCB buffer, mapped size %ld (expected %d)", + len, GHCB_SHARED_BUF_SIZE); + *psc_ret = PSC_ERROR_GENERIC; + goto out_unmap; + } + memcpy(shared_buf, ghcb_shared_buf, GHCB_SHARED_BUF_SIZE); + address_space_unmap(&address_space_memory, ghcb_shared_buf, len, true, len); + + desc = (SnpPscDesc *)shared_buf; + + if (desc->hdr.end_entry >= PSC_ENTRY_COUNT_MAX) { + *psc_ret = PSC_ERROR_INVALID_HDR; + goto out_unmap; + } + + /* No more entries left to process. */ + if (desc->hdr.cur_entry > desc->hdr.end_entry) { + goto out_unmap; + } + + while (!next_contig_gpa_range(desc, &entries_processed, + &gfn_base, &gfn_count, &range_to_private)) { + int ret = kvm_convert_memory(gfn_base * 0x1000, gfn_count * 0x1000, + range_to_private); + if (ret) { + *psc_ret = 0x100ULL << 32; /* Indicate interrupted processing */ + g_warning("error doing memory conversion: %d", ret); + break; + } + + desc->hdr.cur_entry += entries_processed; + } + + ghcb_shared_buf = address_space_map(&address_space_memory, shared_gpa, + &len, true, attrs); + if (len < GHCB_SHARED_BUF_SIZE) { + g_warning("unable to map entire shared GHCB buffer, mapped size %ld (expected %d)", + len, GHCB_SHARED_BUF_SIZE); + *psc_ret = PSC_ERROR_GENERIC; + goto out_unmap; + } + memcpy(ghcb_shared_buf, shared_buf, GHCB_SHARED_BUF_SIZE); +out_unmap: + address_space_unmap(&address_space_memory, ghcb_shared_buf, len, true, len); + + return 0; +} + +int kvm_handle_vmgexit(struct kvm_run *run) +{ + int ret; + + if (run->vmgexit.type == KVM_USER_VMGEXIT_PSC) { + ret = kvm_handle_vmgexit_psc(run->vmgexit.psc.shared_gpa, + &run->vmgexit.psc.ret); + } else { + warn_report("KVM: unknown vmgexit type: %d", run->vmgexit.type); + ret = -1; + } + + return ret; +} + static char * sev_common_get_sev_device(Object *obj, Error **errp) { diff --git a/target/i386/sev.h b/target/i386/sev.h index 5dc4767b1e..5cbfc3365b 100644 --- a/target/i386/sev.h +++ b/target/i386/sev.h @@ -66,4 +66,6 @@ int sev_inject_launch_secret(const char *hdr, const char *secret, int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size); void sev_es_set_reset_vector(CPUState *cpu); +int kvm_handle_vmgexit(struct kvm_run *run); + #endif From patchwork Wed Mar 20 08:39:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597550 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2081.outbound.protection.outlook.com [40.107.220.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0126638394 for ; Wed, 20 Mar 2024 08:51:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.81 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924682; cv=fail; b=QeXl78jq+tlO24PnKsgRt2orXg3bY8v0Yn683RUZSVRVZINXhqs/IOZ2ggLyGrhcvtm4gTtBdeTf3vUbRrcI/lB9bonsg8N+oX4QM3mMJ7ViTE2SmtcW5xSJWvcwkYjosJrskuEr27j16xeStRsOWl2DHfzVs/yWy/5h19fEQpk= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924682; c=relaxed/simple; bh=6Hi3B7ZgbqfAFa0xSNKL3vNji/ZSusGwTlFEeaJV59I=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=XlQAQ6K/5irunicT6IFcvxW8rOeHpH4QRoacrMc9qh3HJ54eBiAd+pWGgGWFUmnRH4TYCOILBmnmg1Plcx8qTpfG6+bztuNbD00cVh3OHFVN9nMclUO14q8xnDzULR2oKao/QA1ivwF8iBexYQBCVAB2wM8hoyPOUKLw2+zBHOo= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Xy/Pa4CD; arc=fail smtp.client-ip=40.107.220.81 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Xy/Pa4CD" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oQtp4xyMnO0tbdc7ql4kb7fyMEXijqvRRkz7zvbg8lFoqCgGMGPJgZcCekKqu30rssXGSkQE9AatypENfMhIeAiZTbsB1WhPeKuNRqu3JhAHZppzRvDPyDqYu9FAx9RXtExzwHrz24Z0CaWGf9NttcLXsDv3TgmDds8nm99GoTf8Gj1KiYR7MLvys+/lnWVO8Q4fPnbOogUav2qRa0UrG2KbDwsWCmzpFnCAD9Rk/JNgqZFY/CZzXCE0kgDbPW8GZSOnTRw1KNFiW51pQas0+EIHevtc3e5QTgHzDUQPC89z4HJQLfYxhS3eGn4QDBu4JoBJUPO9K7g6LBTYHvaIvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rGRYDkRxuhjt7XwOcdG8t4p65Q79QnZet15tqh210vk=; b=E9xdp2PXlKRT3yhfLHEsKzWK0qyrn1F0fHQTMx+IQf7/EWDor5T0cq/jJ02cml/8dJHmf+9p3g21Vt4rsTTc7j/hNTgfGoodNrl8W+IIF0H1Eco3N6sQh1pCA6qynz1e0lARnLUdHWK8NJzZ72Ip0Gv7ZVPzIoWVmfA5FbAfrRCD+HQ2HSdV8nmidCYuhg4uE/bMV3w3uc//qx36Cy0FyvfJzW/j2WxZ+m1toepJ/ruGf5SzUlTvWMrMaHRe3tL4vfj0hu2cMjCySgfihk49OakKsyIr7YOOtEOA6mv7cd9vI9k97m4oZ7dW2fIrQ1XNut5igMfnqmt4Jg2SXYvA1A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rGRYDkRxuhjt7XwOcdG8t4p65Q79QnZet15tqh210vk=; b=Xy/Pa4CDSxZD39yDNTVr+a29E5U3sTZaEmTJUEKPqXRjcVgliMvlTkr89TFVEmw3WkGJcxbVtOOCOfY0hKsCDdXhNbyEbX/9vkON7QSzztmULCdWR+9tBofRaDfN9dZuD2ZFG/Ov7AWAEmYKCrx/jhmJeyiHkcmO6jfo8qjI1RQ= Received: from BN8PR15CA0023.namprd15.prod.outlook.com (2603:10b6:408:c0::36) by DM4PR12MB6494.namprd12.prod.outlook.com (2603:10b6:8:ba::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.34; Wed, 20 Mar 2024 08:51:17 +0000 Received: from BN1PEPF00004685.namprd03.prod.outlook.com (2603:10b6:408:c0:cafe::a2) by BN8PR15CA0023.outlook.office365.com (2603:10b6:408:c0::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27 via Frontend Transport; Wed, 20 Mar 2024 08:51:16 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN1PEPF00004685.mail.protection.outlook.com (10.167.243.86) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:51:16 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:51:16 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 35/49] i386/sev: Add KVM_EXIT_VMGEXIT handling for Page State Changes (MSR-based) Date: Wed, 20 Mar 2024 03:39:31 -0500 Message-ID: <20240320083945.991426-36-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN1PEPF00004685:EE_|DM4PR12MB6494:EE_ X-MS-Office365-Filtering-Correlation-Id: d22e9a2c-ef91-44fb-8f59-08dc48bae7a9 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: MSuBxKsViFHt1D/KCXEz+5Uvcnv1KjV2rbD82UPaON+tC8orzp515uwXvMDmLnKYlXF/EtPAz1u+sXP5s+z1FjxBJ4WLG6yLoeuGR3Xo7s2yk9U9NSjZf1arBBgG74jCt7X3KHJ7/32+zFiUXEJmFZigEeIaK0Tar3elfRyW1WpWmKf1WZNqxjxFVUJx+dLQKC/P346D1aqPqtbS+zYp2ll3oBKwoiB+1YVsMug8WLMk/4zkZWeMirXhtgVNCkWe64L9iAhTyZhvmGqpEfx11uCJT3jnRo7FLY9gB2iaWlILTZANGpwX9AwMQ9oDhFJvWcMVWkmxB1NRbEq8x3D2OynvajhT0dO/u92thb0d1nqr7C2lhCxJVtYiciGeK1OW+d6FASJk6K8ildgcKAeV/Uzabxfiu7lmOeTKs/jAiioQqNU/c+gGk376hnskletSmI00gHkriqWwe9AaZc3zuTwjGxI2yUT8LO4O6ePPWWnjq/fsekSdD7/4K71BdQbw0ohGc3IIVIpm3P4nXTwe8OpWkUVoE+Dw7AMyBMUS6YdGMrQmcPDErUdFg/FX0Z6TnSl8tR3TZ3gkJEZS0zN95P320Rmsm8F5lt3euqNvlg8Y+0UYNCWG08102brYBV/KihB4yxzRevKl1Myzk2B15vBo94nqPdDtzy4zjUC8ZYukERBVlU2PIqqgeb9hYHmS1XokyLWOyxQ8AWNfqyu/yNS/ox3qIiT595Tmob9VzxoKHJ8n1DIwd6+3Oedf62fL X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(82310400014)(36860700004)(376005)(1800799015);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:51:16.7066 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d22e9a2c-ef91-44fb-8f59-08dc48bae7a9 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN1PEPF00004685.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB6494 SEV-SNP guests might issue MSR-based Page State Changes for situations like early boot where it might not be easily able to make use of a GHCB page to issue the request. Just as with GHCB-based Page State Changes, these are forwarded to userspace as KVM_EXIT_VMGEXITs. Add handling for these. Signed-off-by: Michael Roth --- target/i386/sev.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index 0c6a253138..b54422b28e 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -1560,6 +1560,18 @@ out_unmap: return 0; } +static int kvm_handle_vmgexit_psc_msr_protocol(__u64 gpa, __u8 op, __u32 *psc_ret) +{ + int ret; + + ret = kvm_convert_memory(gpa, TARGET_PAGE_SIZE, + op == KVM_USER_VMGEXIT_PSC_MSR_OP_PRIVATE); + + *psc_ret = ret; + + return ret; +} + int kvm_handle_vmgexit(struct kvm_run *run) { int ret; @@ -1567,6 +1579,10 @@ int kvm_handle_vmgexit(struct kvm_run *run) if (run->vmgexit.type == KVM_USER_VMGEXIT_PSC) { ret = kvm_handle_vmgexit_psc(run->vmgexit.psc.shared_gpa, &run->vmgexit.psc.ret); + } else if (run->vmgexit.type == KVM_USER_VMGEXIT_PSC_MSR) { + ret = kvm_handle_vmgexit_psc_msr_protocol(run->vmgexit.psc_msr.gpa, + run->vmgexit.psc_msr.op, + &run->vmgexit.psc_msr.ret); } else { warn_report("KVM: unknown vmgexit type: %d", run->vmgexit.type); ret = -1; From patchwork Wed Mar 20 08:39:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597551 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2054.outbound.protection.outlook.com [40.107.243.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 164A23C060 for ; Wed, 20 Mar 2024 08:51:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.54 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924702; cv=fail; b=Ru1B2MAWP+/6OSyQSRCfI3kvbihufMp+kOs/Z7ufMgZT569woxeDdAwMFBDBJnBJg+4cJ1BqaLlV3i9rg1RdHpr09S5aFhUrhIt5my4CjZAj3dr97YxHVnCzLFb2HtqstgH6WfoRERgCHXoLOv4Qg3WhWH4klk2wybAnuW6ViJk= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924702; c=relaxed/simple; bh=jLAO6yjWqvd58K+SZNmZQ5V2POAIiO66JscXRRsOxvc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=VDZr3WrKYGf48bK+K4RRaMyrAzq4cXN0p9entYJEJddzrg739dHlPeiUshX2uNhO7+qWK6bqCCRW6vyMhSurZc3LdvqZO+W588a1SO3dg53kFnEPZEHw9IeS+jDJBeuU1tDjHJlbQHPwxEFy0kGfYbdzQ0XJE4DL0gwDmpV50JU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=AbGtM8td; arc=fail smtp.client-ip=40.107.243.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="AbGtM8td" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UMZ/RsEm7x4ckPUIdxvK2UblRe9KamxRW51XtpV9vhRRaXm7Z+kqrT84Pkbryxn82rCOQCMtxA7QLhM+SZ8b4sFIf2Udf6mfg3ZYCkXO5jNMnKGj3Tzf8BwBs+vGbzFFnR+y25wEEJrwqv845fe9HL8s+or9JzKLM1zfMRIxytzyuuDA6u9f0tjI200Y1C/+u/jaNrwGZILWLefZtvm6GyAJ+T2oA1xo/ZLNdPUwnWfn9GEunxunxenwSdJCp27gAGmd0frB4Ug8tAIMOdMgeenlpcxMRNNge4nYAotIlRgu9xL0uQt65ldLe62vxH08f5GZb8XiUmPYvnbcim1pxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=s6kmfHzK2uXH+lMgmIVS/y1u7KlHISwpecg5xaxKAvw=; b=jJQF7+ho8UNMHWLF63eDmXX0SXat4Gbowh/HnO3GKzjONZj4idM6etAlctwPOv8AqTxyvQESJeVrhjEOLYGykrxZbSsNaBj/D45aqaJoEaoNz1LOh94LBJzXsQLzRAmckttQ3SIdnzWW2PS+YiJr3Ba8y5SfhokBnvAoNEn5fVdyMo+8CMN/wZMm3BcDwwTWuHHqqVkJGoSts1DGe8enjfnDgGjSppwTHmnBUsw7jNBKhZXQnCySQQatzle3gBGN3xf1DZLogj8lybVa+akrI2MXVratw0yMF2Vd/QVHcZ96VU7098HjYhJwQa4kL5tSLApooYQLDOUrFHM+3dTUYg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s6kmfHzK2uXH+lMgmIVS/y1u7KlHISwpecg5xaxKAvw=; b=AbGtM8tda+w0Yzef6mQKo2efebfBf+PkqJE7c7tg7t364bubpm66ZyWt5FDsFhONTY6sYtiig9hGlDsLCAkTB6avshQHh0Sv8cwLkcGOp+8/GNLHBu6RQvnASmUcIlc0t9yVe2TOnzxC+aE60r2UIF7jgCwrG+UWpzUbYbljUC8= Received: from BN9PR03CA0958.namprd03.prod.outlook.com (2603:10b6:408:108::33) by MN0PR12MB5834.namprd12.prod.outlook.com (2603:10b6:208:379::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.34; Wed, 20 Mar 2024 08:51:37 +0000 Received: from BN1PEPF00004680.namprd03.prod.outlook.com (2603:10b6:408:108:cafe::1f) by BN9PR03CA0958.outlook.office365.com (2603:10b6:408:108::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.18 via Frontend Transport; Wed, 20 Mar 2024 08:51:37 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN1PEPF00004680.mail.protection.outlook.com (10.167.243.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:51:37 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:51:37 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 36/49] i386/sev: Add KVM_EXIT_VMGEXIT handling for Extended Guest Requests Date: Wed, 20 Mar 2024 03:39:32 -0500 Message-ID: <20240320083945.991426-37-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN1PEPF00004680:EE_|MN0PR12MB5834:EE_ X-MS-Office365-Filtering-Correlation-Id: 3673a406-fefb-4e6e-d940-08dc48baf42a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: MPvyO/R0o94/OS0kiqrz3hX1dZVkLRFi1/ZRb92ohZ2LRtELTRsvGUEk2fBYkNEmDNF3kyfVSwNiV/HNSlJGmNoLI7DJ4JbnTctJFgfNPcHGitNpBmJ4o54LM/PGJhtYckmoFS0eJJ9i4/AZ3skEAVD+XivS9S6IkSs/vz9HieeX7odEp8/zi3XCX4/Tz2dFBbUdqAyjLlwZTDGGoWRiTvYgtafETsaho7a9KU9uhJhINqAZJ4Ph2El+w1dzn6PrKi606d6aILZLom86zpsVj1W9CIdGCRDY6cV+W/8hIvQAlo26ptwwcRge6H/Ly9d7Rz7991+f3CxRGnyQDy+XYjh8/YBpwaAU+8aP5NRyubuGNZ754n7Izy8Isrou2VrUt816IfjtZBA8ELLX54MMdTyKKDfTj0UnDmuvwTOIZHB4pMOBjyoFGrbttfbgAV7tdyMAqwMyy5ZRp+raqLWBMCqosRoWCsV5jPkIG2N9yRzHVuGuUj2ot/v8Bl/PCy0w/U0qxKjGdhPW3EifSOhn9fVUddxQ6vYcwwaNblLW5ye7f8m39FZqfNUPGookgiI2XNWaeOqQHChrVO8FGyH7LPCbqr9yDCoz3bwKbhvNbjavROWuEtlhXseoPE5/xTdFhRoExY8frr0tkngLPNQl1dLcqUVIwk0WLMTDkW8+ljpAB40fRmQYVTEtnJLlLSemCejfGxilLlxDrNWjB8xL387CI7fCJYabe986t0gHte1ZN1EdRET85KrPvJ6P+KUf X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(82310400014)(36860700004)(1800799015)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:51:37.7021 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3673a406-fefb-4e6e-d940-08dc48baf42a X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN1PEPF00004680.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR12MB5834 The GHCB specification[1] defines a VMGEXIT-based Guest Request hypercall to allow an SNP guest to issue encrypted requests directly to SNP firmware to do things like query the attestation report for the guest. These are generally handled purely in the kernel. In some some cases, it's useful for the host to be able to additionally supply the certificate chain for the signing key that SNP firmware uses to sign these attestation reports. To allow for, the GHCB specification defines an Extended Guest Request where this certificate data can be provided in a special format described in the GHCB spec. This certificate data may be global or guest-specific depending on how the guest was configured. Rather than providing interfaces to manage these within the kernel, KVM handles this by forward the Extended Guest Requests on to userspace so the certificate data can be provided in the expected format. Add a certs-path parameter to the sev-snp-guest object so that it can be used to inject any certificate data into these Extended Guest Requests. Signed-off-by: Michael Roth --- qapi/qom.json | 7 +++- target/i386/sev.c | 85 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 91 insertions(+), 1 deletion(-) diff --git a/qapi/qom.json b/qapi/qom.json index b25a3043da..7ba778af91 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -957,6 +957,10 @@ # SNP_LAUNCH_FINISH command in the SEV-SNP firmware ABI # (default: all-zero) # +# @certs-path: path to certificate data that can be passed to guests via +# SNP Extended Guest Requests. File should be in the format +# described in the GHCB specification. (default: none) +# # Since: 7.2 ## { 'struct': 'SevSnpGuestProperties', @@ -967,7 +971,8 @@ '*id-block': 'str', '*id-auth': 'str', '*auth-key-enabled': 'bool', - '*host-data': 'str' } } + '*host-data': 'str', + '*certs-path': 'str' } } ## # @ThreadContextProperties: diff --git a/target/i386/sev.c b/target/i386/sev.c index b54422b28e..3b4dbc63b1 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -96,6 +96,7 @@ struct SevSnpGuestState { char *id_block; char *id_auth; char *host_data; + char *certs_path; struct kvm_sev_snp_launch_start kvm_start_conf; struct kvm_sev_snp_launch_finish kvm_finish_conf; @@ -1572,6 +1573,63 @@ static int kvm_handle_vmgexit_psc_msr_protocol(__u64 gpa, __u8 op, __u32 *psc_re return ret; } +#define SNP_EXT_REQ_ERROR_INVALID_LEN 1 +#define SNP_EXT_REQ_ERROR_BUSY 2 +#define SNP_EXT_REQ_ERROR_GENERIC (1 << 31) + +static int kvm_handle_vmgexit_ext_req(__u64 gpa, __u64 *npages, __u32 *vmm_ret) +{ + SevSnpGuestState *sev_snp_guest; + MemTxAttrs attrs = { 0 }; + void *guest_buf; + hwaddr buf_sz; + gsize sz; + g_autofree gchar *contents = NULL; + GError *error = NULL; + + *vmm_ret = SNP_EXT_REQ_ERROR_GENERIC; + + if (!sev_snp_enabled()) { + return 0; + } + + sev_snp_guest = SEV_SNP_GUEST(MACHINE(qdev_get_machine())->cgs); + + if (!sev_snp_guest->certs_path) { + *vmm_ret = 0; + return 0; + } + + if (!g_file_get_contents(sev_snp_guest->certs_path, &contents, &sz, &error)) { + error_report("SEV: Failed to read '%s' (%s)", sev_snp_guest->certs_path, error->message); + g_error_free(error); + return 0; + } + + buf_sz = *npages * TARGET_PAGE_SIZE; + + if (buf_sz < sz) { + *vmm_ret = SNP_EXT_REQ_ERROR_INVALID_LEN; + *npages = (sz + TARGET_PAGE_SIZE) / TARGET_PAGE_SIZE; + return 0; + } + + guest_buf = address_space_map(&address_space_memory, gpa, &buf_sz, true, attrs); + if (buf_sz < sz) { + g_warning("unable to map entire shared buffer, mapped size %ld (expected %d)", + buf_sz, GHCB_SHARED_BUF_SIZE); + goto out_unmap; + } + + memcpy(guest_buf, contents, buf_sz); + *vmm_ret = 0; + +out_unmap: + address_space_unmap(&address_space_memory, guest_buf, buf_sz, true, buf_sz); + + return 0; +} + int kvm_handle_vmgexit(struct kvm_run *run) { int ret; @@ -1583,6 +1641,10 @@ int kvm_handle_vmgexit(struct kvm_run *run) ret = kvm_handle_vmgexit_psc_msr_protocol(run->vmgexit.psc_msr.gpa, run->vmgexit.psc_msr.op, &run->vmgexit.psc_msr.ret); + } else if (run->vmgexit.type == KVM_USER_VMGEXIT_EXT_GUEST_REQ) { + ret = kvm_handle_vmgexit_ext_req(run->vmgexit.ext_guest_req.data_gpa, + &run->vmgexit.ext_guest_req.data_npages, + &run->vmgexit.ext_guest_req.ret); } else { warn_report("KVM: unknown vmgexit type: %d", run->vmgexit.type); ret = -1; @@ -1914,6 +1976,26 @@ sev_snp_guest_set_host_data(Object *obj, const char *value, Error **errp) memcpy(finish->host_data, blob, len); } +static char * +sev_snp_guest_get_certs_path(Object *obj, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + return g_strdup(sev_snp_guest->certs_path); +} + +static void +sev_snp_guest_set_certs_path(Object *obj, const char *value, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + if (sev_snp_guest->host_data) { + g_free(sev_snp_guest->host_data); + } + + sev_snp_guest->certs_path = value ? g_strdup(value) : NULL; +} + static void sev_snp_guest_class_init(ObjectClass *oc, void *data) { @@ -1935,6 +2017,9 @@ sev_snp_guest_class_init(ObjectClass *oc, void *data) object_class_property_add_str(oc, "host-data", sev_snp_guest_get_host_data, sev_snp_guest_set_host_data); + object_class_property_add_str(oc, "certs-path", + sev_snp_guest_get_certs_path, + sev_snp_guest_set_certs_path); } static void From patchwork Wed Mar 20 08:39:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597574 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2042.outbound.protection.outlook.com [40.107.93.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2BDAC747F for ; Wed, 20 Mar 2024 08:52:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.42 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924722; cv=fail; b=qjys9wjN02Y96r6FHYz2RIM2Vm2l+saxt+82Sn0IOWe0ENlPCEKPpBHCsYrYXSaVm+LN3mI08zu5C5G3XILQAFaqq5EheJA0Yao673flTW3lixMTfBc6ll1Uqz0cfQF9HOGmqHFG8IeBoRhPUmkUIgO3waqAxMMgFoDswjgwNpk= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924722; c=relaxed/simple; bh=ZmizZF/F1RCLcfziCb8fSMiIBnwU1f6if/d1LlgTyJQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=s11eGS6NmqHIdl8HB+gaRWiz3uE4dc70dyEOf9lMuh+Aggbl2nj7VwDWkX5zzGf1gjPt0946gkGCsQqPUf5LtP5hkYNPX6m9qtdWyVQMgOX50NzEPmeAfam/0z6UUWZoSggdHjCai3q9cau5zPxx8K2GWT07FfYXQJIdhOHf1II= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=HtpnWqCR; arc=fail smtp.client-ip=40.107.93.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="HtpnWqCR" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jPZu3Fe4bEIzI33a0mU7dj0SbRu4G01OFcQqa4oeAJcWiLVi5JtAR0xkxGA9OhFMG84NTz56OJevcyIdPYAjFh+KelxepLzbL0vN18nXEH+Q3YaVD+ASl5aBDgrZMwn07gn4dgvMNSHggFp/5njPjjRrDE1oCqjwyyqSg6PnenliIb9531VSbs2i7PqKFFpAmgUxB6R3DFWVPc7JdmzXqkrRtRFe4pKLbLDv1dcvS2CDUo0cCQj2tDZhWqPaVlzHQiARQrcbXYiX1opMCtv/UnAN59oViAKl0sV817Sgg37uPtDam4ZNO54LFyrHRx2IC9CQBo8wAQFa5wDAS7JWEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=J1Dq6f+bQHiqY13Q5dpJjiVh6IW9hb+DlnRG/UECoRs=; b=gA5OhHLMs/XNVdrK6JX6Wo34IsaLhVfKN04iAnsc42N3FSOFndqlCSuT8GodjpTIaysGwSyA7KEGTPmgNlSFBt75gb6sVqASGMq7kRqGJ+/jez+Fprf1UjC6oIVdNt5Bdyt9xs41LuwZJJ1jSNolnf07m7o4LPltOlYdkJfqtbOqk9WTFl8szv2CSETiHPROI1tPT6e4LQFcxe7SjWLbI8yg7S9RhFlTzVaBuXVamxGFTWkDruPmo5AbeMBB7W821i+EWWL5hBI6Wf2uLa4WGlDJxZ17rGKvX5MmHOfKVJmXkSWZ7MY/1uh3ZJ/a38uzod+i81TS7a4BzmiE6U1waQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J1Dq6f+bQHiqY13Q5dpJjiVh6IW9hb+DlnRG/UECoRs=; b=HtpnWqCRsAznmiw1ARkzQaKYsQqVdNj3G0BG1xKfYjvMYeR3tKMaHrfCEC1tW1Hdk8FVV7vrHte9iPGa6twDkDzGlGOzEujYaCp6y9Mz9wWIIXFMJbzbVERMbLqbJa4pRfwcn4NbbeWXs/0oWgm8Mk0D4K//wj7BAxpXF9Y8+r0= Received: from BN8PR12CA0023.namprd12.prod.outlook.com (2603:10b6:408:60::36) by CH3PR12MB8903.namprd12.prod.outlook.com (2603:10b6:610:17a::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.34; Wed, 20 Mar 2024 08:51:59 +0000 Received: from BN1PEPF00004681.namprd03.prod.outlook.com (2603:10b6:408:60:cafe::dc) by BN8PR12CA0023.outlook.office365.com (2603:10b6:408:60::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27 via Frontend Transport; Wed, 20 Mar 2024 08:51:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN1PEPF00004681.mail.protection.outlook.com (10.167.243.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:51:58 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:51:58 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata , Brijesh Singh Subject: [PATCH v3 37/49] i386/sev: Add the SNP launch start context Date: Wed, 20 Mar 2024 03:39:33 -0500 Message-ID: <20240320083945.991426-38-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN1PEPF00004681:EE_|CH3PR12MB8903:EE_ X-MS-Office365-Filtering-Correlation-Id: dd92cd76-dea4-493e-f058-08dc48bb00b9 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: /3D6aqgqhTU7+Uaqc+IUDWoiA4zZ/AlEmz+Kzg+Ps+d8qzDWS1YrW1k0gt0nmq/MOM6xESm6HxUdi4ONkx0QPqi8pa7FL0uZk/YF6haHV61B2yQTeA7qM6NgcBkmfQu9s3LfNn0kIu6dABNPTCKp2xkW7vJT5TrykIY5UfpvRvkXUU23Ih4tUTtj3vnzjq3v6YduTA7o/lgoXWOs6tNTaGuXKcHUEP+5GbRDnVdH2VCgNHxnkSuuFHr6GTeJ/T600FptP4FEHAW1O9lgyvbbpkiEMW/brc+30IhKOUQ0nuYcVVRRy/Kg55eenw/1MW740CPHqnWu7nAaF9DkepWkNxO32QvU/kW7CFrR9/bN/xn3jcVquyWl9cUhCx0fkCYYit3D/lho193LhYe/enyuqyK0HlO26S4I1telnRnVCSxDN8KsnUYab0w+As6g6tPulQEp4OBBR2GSa8glNk/VTgCZCeBeZhCBJkgUOcoJkOVpw13cxx6lIbUXweuOumW08ntnOWYzYg/gPr+hUDeRC0hiPrRXKB8E/UCrFKkUNtkkepbPwyOip/n+Yv5lED9eK0o8sWVfqnvxG2V7LFYMuPJwh1ZWQCKMin1b6MKo1n2zgLv8HHGQEcYVNm7v8yzwt4NCRYzG1SH5AwWvOoU5ahtF8GY+I52p190fvi3GOcW6A7bhsckkT5/++cloirTDzQRADR0734H2BRQbV/S9CaV9fzbD9eQc8dqxhD8Kz+m3mK4GSxPjKUxLyhTuU7rN X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(376005)(82310400014)(36860700004)(1800799015);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:51:58.7568 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: dd92cd76-dea4-493e-f058-08dc48bb00b9 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN1PEPF00004681.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB8903 From: Brijesh Singh The SNP_LAUNCH_START is called first to create a cryptographic launch context within the firmware. Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth --- target/i386/sev.c | 42 +++++++++++++++++++++++++++++++++++++++- target/i386/trace-events | 1 + 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 3b4dbc63b1..9f63a41f08 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -39,6 +39,7 @@ #include "confidential-guest.h" #include "hw/i386/pc.h" #include "exec/address-spaces.h" +#include "qemu/queue.h" OBJECT_DECLARE_SIMPLE_TYPE(SevCommonState, SEV_COMMON) OBJECT_DECLARE_SIMPLE_TYPE(SevGuestState, SEV_GUEST) @@ -106,6 +107,16 @@ struct SevSnpGuestState { #define DEFAULT_SEV_DEVICE "/dev/sev" #define DEFAULT_SEV_SNP_POLICY 0x30000 +typedef struct SevLaunchUpdateData { + QTAILQ_ENTRY(SevLaunchUpdateData) next; + hwaddr gpa; + void *hva; + uint64_t len; + int type; +} SevLaunchUpdateData; + +static QTAILQ_HEAD(, SevLaunchUpdateData) launch_update; + #define SEV_INFO_BLOCK_GUID "00f771de-1a7e-4fcb-890e-68c77e2fb44e" typedef struct __attribute__((__packed__)) SevInfoBlock { /* SEV-ES Reset Vector Address */ @@ -668,6 +679,30 @@ sev_read_file_base64(const char *filename, guchar **data, gsize *len) return 0; } +static int +sev_snp_launch_start(SevSnpGuestState *sev_snp_guest) +{ + int fw_error, rc; + SevCommonState *sev_common = SEV_COMMON(sev_snp_guest); + struct kvm_sev_snp_launch_start *start = &sev_snp_guest->kvm_start_conf; + + trace_kvm_sev_snp_launch_start(start->policy, sev_snp_guest->guest_visible_workarounds); + + rc = sev_ioctl(sev_common->sev_fd, KVM_SEV_SNP_LAUNCH_START, + start, &fw_error); + if (rc < 0) { + error_report("%s: SNP_LAUNCH_START ret=%d fw_error=%d '%s'", + __func__, rc, fw_error, fw_error_to_str(fw_error)); + return 1; + } + + QTAILQ_INIT(&launch_update); + + sev_set_guest_state(sev_common, SEV_STATE_LAUNCH_UPDATE); + + return 0; +} + static int sev_launch_start(SevGuestState *sev_guest) { @@ -1007,7 +1042,12 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) goto err; } - ret = sev_launch_start(SEV_GUEST(sev_common)); + if (sev_snp_enabled()) { + ret = sev_snp_launch_start(SEV_SNP_GUEST(sev_common)); + } else { + ret = sev_launch_start(SEV_GUEST(sev_common)); + } + if (ret) { error_setg(errp, "%s: failed to create encryption context", __func__); goto err; diff --git a/target/i386/trace-events b/target/i386/trace-events index 2cd8726eeb..cb26d8a925 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -11,3 +11,4 @@ kvm_sev_launch_measurement(const char *value) "data %s" kvm_sev_launch_finish(void) "" kvm_sev_launch_secret(uint64_t hpa, uint64_t hva, uint64_t secret, int len) "hpa 0x%" PRIx64 " hva 0x%" PRIx64 " data 0x%" PRIx64 " len %d" kvm_sev_attestation_report(const char *mnonce, const char *data) "mnonce %s data %s" +kvm_sev_snp_launch_start(uint64_t policy, char *gosvw) "policy 0x%" PRIx64 " gosvw %s" From patchwork Wed Mar 20 08:39:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597575 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2060.outbound.protection.outlook.com [40.107.244.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 20022383A1 for ; Wed, 20 Mar 2024 08:52:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.60 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924745; cv=fail; b=jCt3B/GXIXiOhug2Gta16U8qNHQ7p5KxHHuxrdpR2Zc9caBW5/kj1BWhomvivbYIkbbXlQppLyfcMy+Ire7FC8M0HBDFSkQW8fv/b8O1S9fsntdHGTJqzt9ZHgWqMpx+WyNJFC/F5SxywR3O7vdYwzA1ZcDZCGq3kz+h/RUmCoo= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924745; c=relaxed/simple; bh=zvr/8JK0BS3eb79DDxy8iah6qZGlamD96S0dZGGKNps=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=GT539rpnDCmttmtw/sy6+KXPhUDHosCQcXh8k9V+92NkKThvUecm5X6jMIOOsVL47JX5c34+jojQRFD53Khb6RuqKaCTIA9ZkPMOzA5FkTQ8/SfMlCBguASJ4+BuzFwhiy7aWguxMs7Pj4V8ZqsJm8iX2M1bL6Txm1ygZqbpock= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=ndiMq817; arc=fail smtp.client-ip=40.107.244.60 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="ndiMq817" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EW3HBslc4j2E5z/fx3D23W8Ijr0qSVx3tysjAXFHDtfip8E/eqmE1OzAjZtIhbbRoIbR9I+JBU/X9MwXCRjpbEFxo5zwcER8TdsPydsiJTXz4oUuAHen1BYppYq26Anq1Ql5DIAX14P6Sx/8kBi+QrbqUeo9g+zDdAfLslmOF7gZdWHmY0Dl2VT5BAJOLuBvHgP1Nv3wPYWGW5tbMvEtr4sCPLlgJTuGBppdyqhjrmI6Z1i260YbOWNVdhU0+0izMo06SWLGX7q92TmQurUDbZbqBJ8pic64A2xBp2JHnnvcFYb1f53DvOY1+SBr/5gThtguZwetoCNXuRSexFT2FQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KwBNLpC10iIZqso/FBBl09k+neRt1a0bI6jyVG9sOFY=; b=H+6v5hQEPuWOx35h0sUqwdq3hXY+EVYgiyPaOhhTAtAOd4MEHHgB3LmEwiWOMoTfZA1PPPu5REabBD4RNuBjS7E9G8cg6GAGt9SvbLhfEwsAWeDrM+e9DXvTcMsZ4WMBcQ43izTugKPQARJSJXt6MRaazRvh06ThEw5z+ftUFPsfvZraTrX4MCQ0HiA6OSBLtTVFhX8pTPHT/xNOfPcMb0kK4Ggy5i6xHTNwj5zkt2fEGxNwQqmVpc+h4SdULHV/aSx7NTqSozLpd84bmNdwaPsBFKjzY1G8uaFQoaGqJFTbZDQETp5DzYo4UqIdpWVIc4jMIxicooCwz7285KkhMA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KwBNLpC10iIZqso/FBBl09k+neRt1a0bI6jyVG9sOFY=; b=ndiMq817gP+e4iqHxH2GQYB/cAOWJH6e/2Hdy7WMIqh/ME/se/h2b+MPDREzESDnkBgFEMLnmSAiCTQabkcqsTPB4s61Vt5emjGS6GoFAM5DMDvEFONH8mJ3EVEYFYzGaH9lIGKbDU8hjiTtNZx9iI5zub4v9VmnCW8sePYA1Ns= Received: from BN9PR03CA0189.namprd03.prod.outlook.com (2603:10b6:408:f9::14) by DS0PR12MB9345.namprd12.prod.outlook.com (2603:10b6:8:1a9::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27; Wed, 20 Mar 2024 08:52:21 +0000 Received: from BN1PEPF00004686.namprd03.prod.outlook.com (2603:10b6:408:f9:cafe::3a) by BN9PR03CA0189.outlook.office365.com (2603:10b6:408:f9::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27 via Frontend Transport; Wed, 20 Mar 2024 08:52:20 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN1PEPF00004686.mail.protection.outlook.com (10.167.243.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:52:20 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:52:19 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata , Brijesh Singh Subject: [PATCH v3 38/49] i386/sev: Add handling to encrypt/finalize guest launch data Date: Wed, 20 Mar 2024 03:39:34 -0500 Message-ID: <20240320083945.991426-39-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN1PEPF00004686:EE_|DS0PR12MB9345:EE_ X-MS-Office365-Filtering-Correlation-Id: 8b3325e0-033c-4bae-3b26-08dc48bb0dd1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: h6rnSrFlFGECxaqRDDAor1cHZfp5kNmmqarh9IciAVtW8MZ2YHzje+Ro3aPlcuiSqH0hklBRSLrlPFLrQzcYNMKveTVVJHnOUZymnIcRQlio721FDNJwZa9IDVOWsSpD32o4EGLKk4U/Zg0sZPVWvNDWFGaIkBvjEi/5p+OmWCHW8nOLELy4db0j84vephEbTe9f1+MLmDHRQbadClWV3oOYb36imElv0btYxXvHdP2wX8U/eKHlgBkuyZRoD2b++IYz29mDiLWNyPKaVQCLCpP4bOOMh16iou6FN9dvdaRaiD23yZgDtipdPtn+pnOIWY1J9wjR9lg0zlqNwOoc/4kWxNVO8YJBQ082Po/FIGWJHN13lQDHD8twch0Zj74EDWQEsw013v4Te853Oqh9h85EB3oYzwOA0f28ODzpJwod1wOYco51DRImvKe6hVRgkXZ25uyluZ9aDMUQN57L8JVs4drJsyuCmJr5hmVPMy/v1HpwEEfy+DmxI7yZ94Pb1yDxcOxPgIs+I8YWWE89nd247HuOmirtv1vqDDfooTSd9zsTy47emfYmf3/ezPrCSPld0Foq8M6eGNzZShrI8FYODeH5ajHFl07VPOr15NoeV0MmghKW7KRQbkbFDxUoRQLuRNCZPrDbBdlqi31D7t7ULboB6yoYGb16AddfZbFmRmMT3NMs3qHiem1ajJf3NPPwe8sQ2GRZ8IjkPgRAb6leQz00gYjeMevN17uW7PJ9b4UKqPkYgRQDMvhpmSkv X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(36860700004)(82310400014)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:52:20.7355 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8b3325e0-033c-4bae-3b26-08dc48bb0dd1 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN1PEPF00004686.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB9345 From: Brijesh Singh Process any queued up launch data and encrypt/measure it into the SNP guest instance prior to initial guest launch. Signed-off-by: Brijesh Singh Co-authored-by: Michael Roth Signed-off-by: Michael Roth --- target/i386/sev.c | 101 ++++++++++++++++++++++++++++++++++++++- target/i386/trace-events | 2 + 2 files changed, 102 insertions(+), 1 deletion(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 9f63a41f08..4155342e72 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -749,6 +749,61 @@ out: return ret; } +static const char * +snp_page_type_to_str(int type) +{ + switch (type) { + case KVM_SEV_SNP_PAGE_TYPE_NORMAL: return "Normal"; + case KVM_SEV_SNP_PAGE_TYPE_ZERO: return "Zero"; + case KVM_SEV_SNP_PAGE_TYPE_UNMEASURED: return "Unmeasured"; + case KVM_SEV_SNP_PAGE_TYPE_SECRETS: return "Secrets"; + case KVM_SEV_SNP_PAGE_TYPE_CPUID: return "Cpuid"; + default: return "unknown"; + } +} + +static int +sev_snp_launch_update(SevSnpGuestState *sev_snp_guest, SevLaunchUpdateData *data) +{ + int ret, fw_error; + struct kvm_sev_snp_launch_update update = {0}; + + if (!data->hva || !data->len) { + error_report("SNP_LAUNCH_UPDATE called with invalid address / length: %p / %lx", + data->hva, data->len); + return 1; + } + + update.uaddr = (__u64)(unsigned long)data->hva; + update.gfn_start = data->gpa >> TARGET_PAGE_BITS; + update.len = data->len; + update.type = data->type; + + trace_kvm_sev_snp_launch_update(data->hva, data->gpa, data->len, + snp_page_type_to_str(data->type)); + + /* + * KVM_SEV_SNP_LAUNCH_UPDATE requires that GPA ranges have the private + * memory attribute set in advance. + */ + ret = kvm_set_memory_attributes_private(data->gpa, data->len); + if (ret) { + error_report("SEV-SNP: failed to configure initial private guest memory"); + goto out; + } + + ret = sev_ioctl(SEV_COMMON(sev_snp_guest)->sev_fd, + KVM_SEV_SNP_LAUNCH_UPDATE, + &update, &fw_error); + if (ret) { + error_report("SNP_LAUNCH_UPDATE ret=%d fw_error=%d '%s'", + ret, fw_error, fw_error_to_str(fw_error)); + } + +out: + return ret; +} + static int sev_launch_update_data(SevGuestState *sev_guest, uint8_t *addr, uint64_t len) { @@ -894,6 +949,46 @@ sev_launch_finish(SevGuestState *sev_guest) migrate_add_blocker(&sev_mig_blocker, &error_fatal); } +static void +sev_snp_launch_finish(SevSnpGuestState *sev_snp) +{ + int ret, error; + Error *local_err = NULL; + OvmfSevMetadata *metadata; + SevLaunchUpdateData *data; + struct kvm_sev_snp_launch_finish *finish = &sev_snp->kvm_finish_conf; + + QTAILQ_FOREACH(data, &launch_update, next) { + ret = sev_snp_launch_update(sev_snp, data); + if (ret) { + exit(1); + } + } + + trace_kvm_sev_snp_launch_finish(sev_snp->id_block, sev_snp->id_auth, + sev_snp->host_data); + ret = sev_ioctl(SEV_COMMON(sev_snp)->sev_fd, KVM_SEV_SNP_LAUNCH_FINISH, + finish, &error); + if (ret) { + error_report("SNP_LAUNCH_FINISH ret=%d fw_error=%d '%s'", + ret, error, fw_error_to_str(error)); + exit(1); + } + + sev_set_guest_state(SEV_COMMON(sev_snp), SEV_STATE_RUNNING); + + /* add migration blocker */ + error_setg(&sev_mig_blocker, + "SEV-SNP: Migration is not implemented"); + ret = migrate_add_blocker(&sev_mig_blocker, &local_err); + if (local_err) { + error_report_err(local_err); + error_free(sev_mig_blocker); + exit(1); + } +} + + static void sev_vm_state_change(void *opaque, bool running, RunState state) { @@ -901,7 +996,11 @@ sev_vm_state_change(void *opaque, bool running, RunState state) if (running) { if (!sev_check_state(sev_common, SEV_STATE_RUNNING)) { - sev_launch_finish(SEV_GUEST(sev_common)); + if (sev_snp_enabled()) { + sev_snp_launch_finish(SEV_SNP_GUEST(sev_common)); + } else { + sev_launch_finish(SEV_GUEST(sev_common)); + } } } } diff --git a/target/i386/trace-events b/target/i386/trace-events index cb26d8a925..873a7e424e 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -12,3 +12,5 @@ kvm_sev_launch_finish(void) "" kvm_sev_launch_secret(uint64_t hpa, uint64_t hva, uint64_t secret, int len) "hpa 0x%" PRIx64 " hva 0x%" PRIx64 " data 0x%" PRIx64 " len %d" kvm_sev_attestation_report(const char *mnonce, const char *data) "mnonce %s data %s" kvm_sev_snp_launch_start(uint64_t policy, char *gosvw) "policy 0x%" PRIx64 " gosvw %s" +kvm_sev_snp_launch_update(void *addr, uint32_t gpa, uint64_t len, const char *type) "addr %p gpa 0x%x len 0x%" PRIx64 " (%s page)" +kvm_sev_snp_launch_finish(char *id_block, char *id_auth, char *host_data) "id_block %s id_auth %s host_data %s" From patchwork Wed Mar 20 08:39:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597576 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2052.outbound.protection.outlook.com [40.107.223.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 26FD83D3A5 for ; Wed, 20 Mar 2024 08:52:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.52 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924765; cv=fail; b=JnL60fs8AEbnn7Uj9g8mwcUuSMHYIao24ZX5B4TQQhK4AHfj0A7Vw6VSGnDzVXmTt655n99ndUe2WwccE0lQw724CcqgqTqzc7UgVq0yODvKD8hH5jOYNtFiTfAn61Dny3YaQkTcs9aWdK1NXGoLyJzHtsAdBpIEYYik90uYMhg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924765; c=relaxed/simple; bh=pRCsLvxNivUJgkW27cPMphdcSs8wLQDJaTTMKpk5OhM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Lt7VpzAgDAT+uKMr2AX9AN8QqYryhCDB8mnrHjDXZiR7eMZBcPwSp4GAAg9NrdW3jkjg4ot98Q7iADzpbID9szdXtLqQJo//WGwmTbBKz5cGjuIl3dfCh0fvjTGBwIirJw+gcLC89QKptMabI0Feknd6vyM3mNjaUr2XqK4V8Gk= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=i5IbIviP; arc=fail smtp.client-ip=40.107.223.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="i5IbIviP" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=f+fjLeXVVV8jEnz+Y1Q/OMNNzffmtQTRk6G6BJbO8zU3T+gvQAilqRtxJN845MfWqZt+k7al/NA6/u+qUy6ovupzN034AEKaTMTeaA0X3yPRg05eSVbGrRSB7Qoq3sp9iTUpQpSZW9QGJpdJ4Lf4T6F3cL/3NIT6s8bHvWlVHLtYGUnDgG+okTjwf9T0HHqi/tdvMoqmKNk9lK6o2esHD15RRWuHEHJxe0y7mxP5ctJMZ++Iy+FKLj0ksMeKHOGE0tQ6i7KfcmXJstfaHgMRkuizGXLaD1JRYtV2WhYKi7JMve6uW7/0Ce48Exa7YS06Vlj7fW1yzbY2ZL/f+2uQEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=V5sFgg2keTwg82pvAJk1aZ1yzKgIfDd8vGO2ZlrZ5EU=; b=dzO8PA1snGXuFWpELC1fAf8MRijgetrI4bMLQhg4khfuun18GduLHl8cCHA4w7dUe+APt9H8hl7OUPi1uOwgiHfZZterrdQrXJfUlKSaCAExrDB1F4ev0gBghyuIWoFcVVcMYQtnv++EgeERLY320YsW93denpvqFu+HU18AnVOpr+nRizSXO1IdcJgzYbXZ6RE0X+00klI2PY2h6n/2djc4zZUbntKmGk4jih+snvoQmBOD2566iw9eiDGkXmLu1q9szWMQSFS/uJGZ3Rsmeeq2lSZyQ2SJvhDo5syCA19AduZFkwdta5nnoAeHBP3ypfYIGGYacqTvzNaci9+sbQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=V5sFgg2keTwg82pvAJk1aZ1yzKgIfDd8vGO2ZlrZ5EU=; b=i5IbIviPMDfNN2PcWndpn4u/NIt0aOBBQZcWykKjIC+Imd9bq0zEwLZp5myqFgPtt7hsTjM8ZlDzmeZhSEIhAzJochJ19DupvMOpJ4t6gBALGRQ64ktIu+mV22amMFqoru0T2U4CD4atqXW9AXv4RYD02TTbdbf2egD+abjsk98= Received: from BN8PR12CA0028.namprd12.prod.outlook.com (2603:10b6:408:60::41) by MN0PR12MB5858.namprd12.prod.outlook.com (2603:10b6:208:379::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.31; Wed, 20 Mar 2024 08:52:41 +0000 Received: from BN1PEPF00004681.namprd03.prod.outlook.com (2603:10b6:408:60:cafe::40) by BN8PR12CA0028.outlook.office365.com (2603:10b6:408:60::41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27 via Frontend Transport; Wed, 20 Mar 2024 08:52:41 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN1PEPF00004681.mail.protection.outlook.com (10.167.243.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:52:41 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:52:40 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 39/49] i386/sev: Set CPU state to protected once SNP guest payload is finalized Date: Wed, 20 Mar 2024 03:39:35 -0500 Message-ID: <20240320083945.991426-40-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN1PEPF00004681:EE_|MN0PR12MB5858:EE_ X-MS-Office365-Filtering-Correlation-Id: 667dd3d2-0b93-4e37-f67f-08dc48bb1a02 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: n4Wuq03sN4zKfmofXU9eEMpqz1oPHQYXDBc/ZWe2+LyruV6YEWaxHi3o/L/Wj1DrRNPJGTOWDLpXi1WRvBRlKKTG0nvZHBtGBe/RD2el7Jro3sfM65B+EiNR5kfCrffbfYUcngAI67qYyAMaUUPCjwPyzDhkhftt+MLPA/UuMpRXJ5rqFH1IqMunpjp53B2tmVQhe6Z0mtQuR4AwHAhWrhS7WCQHD/OPiTj7TzvcQqHQmCE45BLDyWHq3WXU9/m0WXW/QHGYgINVDO8evKN18P51hx5PGtLIk5U1ML7fm4zR+Z8tYRlyQimb3U8/L7hj8DgfK4qLtw9rY5bAJkuv8mzApII7nNVkX3PtarYj+BeUDHJaGYRetMl8BpwvAcInlhQZM9ugBKa0qMMZcnvFIFdRxFkKE3n18wmBw8FKA8YLZjC9eYOORJ4fpjZbugwtzDrewoqXmKkBUnaCgxrou+M7clQxVEYroYtlSEzeHH26AeijrJmM6/HD0fdr+C0Njme3EUH0meA71mPkQc2gLeOxw++R2S1iFapd0VlxIztlZgJPGypK8WNDnyxekO2lSoMXs8o+tlTbvyJOMK7OhtikaO53ghYJElsGGWi8XM1N+9d5qFlpl5Wp70aUzHMzoSd88WIzHu9ZUO1NPkKWBKn8Siy2ypgoU/LQVhZJBnbSKJj4+1wMCrw4i1tG2mPR/snmvgvhYKQoPe/LZvPZnsDGzocfbo1HuDaFCJTNovoVN8Eh8jA5x6bvsSvV+W3b X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(82310400014)(1800799015)(36860700004)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:52:41.1785 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 667dd3d2-0b93-4e37-f67f-08dc48bb1a02 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN1PEPF00004681.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR12MB5858 Once KVM_SNP_LAUNCH_FINISH is called the vCPU state is copied into the vCPU's VMSA page and measured/encrypted. Any attempt to read/write CPU state afterward will only be acting on the initial data and so are effectively no-ops. Set the vCPU state to protected at this point so that QEMU don't continue trying to re-sync vCPU data during guest runtime. Signed-off-by: Michael Roth --- target/i386/sev.c | 1 + 1 file changed, 1 insertion(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index 4155342e72..4d862eef78 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -975,6 +975,7 @@ sev_snp_launch_finish(SevSnpGuestState *sev_snp) exit(1); } + kvm_mark_guest_state_protected(); sev_set_guest_state(SEV_COMMON(sev_snp), SEV_STATE_RUNNING); /* add migration blocker */ From patchwork Wed Mar 20 08:39:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597577 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2057.outbound.protection.outlook.com [40.107.95.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9E02538DE8 for ; Wed, 20 Mar 2024 08:53:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.95.57 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924787; cv=fail; b=AHxnA+SfzrPKJ0yV5lCK8z4Qdy+tjire1AnCTE5vCYKbytYyw8RzTaFdzjPkUddQesZ+JwHDSphTrEM7dWLv5iLX9gHeIyj/7Vk03wJKVsqKv8Ar0y6WvSHe5gtid/nZyNXXD4NqZSfpB41bm/q/5oBGRnIKtYAvmRFUIkJh4x4= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924787; c=relaxed/simple; bh=Wz0SOvEeij66MiyoINbiM2lNIdqf0dCZ2xCLS+Noucg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=qDLc11Lm0x257ojSzo13+u7yQBOucOLFDyMHPpNmE5+akyKCE06rhIxwLylEBGWK9gbJiWCUv9qleGWmKJZBRZND6z7homL8L64nZ1q/GlBA/9/AGtlYhbURM24ECgItx5AoggwHxCElUocDg+JYjHMKVDr7KpKeDI5Ehz8UiYQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=UJnbGJl6; arc=fail smtp.client-ip=40.107.95.57 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="UJnbGJl6" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MQ6cEHvME7YGx7bYkJeWp9uDOYd/FRldMgrb1Pk/BtO73PsWdh2Iged2j/+7CI1iLUuHEAsMbTkAMX/YIAt0rEd492azOrwevsA/d5TIgGF7kQALH0iiJ/T9Kbo1fxZzHKbv+pFv1p579K5DnlJSqDTfhfYlpynRyYE+lrululWu/gnPqYQaSWaxzgn9dhk/KpKejLFeoXH8dUOU3dBz+mjGkiXbRI4M/r7brsYdIsrobSxGBQUd67yefgSWKeJvmLK1o2zNagLQTAGpReMRVsZdzrNcxTBrzKfVxqniqgUasXoHcMyLTjr/CJdF4JoKMPl+Fxz9CqFysFxAGZ57RQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DXZ6Vcykvow/rJgShLM+EiS1n8t73FPvxJCq+B8NpqY=; b=cS62bmGVH+KxdayzDzRWhrymYNte2YgTVh+yuR2JprwEAWisROVoUBolj3gErBFXNf/NstROkvA2FYxP0mf39cuQBdu3ccUyiLQQoKQHP/u91P7hnDQVqxmtNfPjLujTvJVNEl60C1xEQRLeBieAH7XFXa071reBtqCrh36wvghDgNJTLpDh5YhhxEbKji0dbfU8OTaUWu8uxRgb9rx0Y5dv9JNsxeHtd76z8EzlOR4cZXnWyJiRg7tjWVvH/Rnkybhf2czLWuT6mOiSw7aogX3B/0/ow8K88a7vihLfphaqA6OwgDpf+EJIAzFP8Ce0XTTDGJqDzUSRhwyaIrdrfg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DXZ6Vcykvow/rJgShLM+EiS1n8t73FPvxJCq+B8NpqY=; b=UJnbGJl6xvJn43o5tU+BPI9oAdkM0Oc9sHXab0n/M4n42HlRrbdepTGQDOnLoIkt6Rzfu/bwexPbRu4dVkd4GRKsdvHVJx8aDXISB6kamdmZS69ze+t5IsY7P0226Bf+8Il9PhXddUgacqOeeJ9Agq9XgZypgcbHV+dQkiMDZJU= Received: from BN9PR03CA0056.namprd03.prod.outlook.com (2603:10b6:408:fb::31) by DM3PR12MB9349.namprd12.prod.outlook.com (2603:10b6:0:49::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.34; Wed, 20 Mar 2024 08:53:03 +0000 Received: from BN1PEPF0000467F.namprd03.prod.outlook.com (2603:10b6:408:fb:cafe::15) by BN9PR03CA0056.outlook.office365.com (2603:10b6:408:fb::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.28 via Frontend Transport; Wed, 20 Mar 2024 08:53:03 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN1PEPF0000467F.mail.protection.outlook.com (10.167.243.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:53:03 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:53:01 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata , Brijesh Singh Subject: [PATCH v3 40/49] hw/i386/sev: Add function to get SEV metadata from OVMF header Date: Wed, 20 Mar 2024 03:39:36 -0500 Message-ID: <20240320083945.991426-41-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN1PEPF0000467F:EE_|DM3PR12MB9349:EE_ X-MS-Office365-Filtering-Correlation-Id: 3f738c6a-27d5-4b54-234c-08dc48bb2753 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 7ybF6KMqkplJlSZF9pvUfyMEK64ijM8mGTDyMnRKkckrS/xc6jc5MJ4e+iDHU4h65XMAlej9NciI6ZMwW+TAAzEXvFVvzXJLJZw0OgpXnONxEDnmzmtsjLpLfYOLbLrhRcqgc3MVK52pveBIdBnsCi/1bzRjzpbRXOZ5i+BnzDyGRoKX7o0/aATnM1px4XY0DGms1fe0AVAqzIT8O8XWsH+oficjHeFQPm4xxhdIXCDl4HFNwif7v+JYhwxXG0Jky+gnVAj4qsuEP7lMVxBAd4rygNj/70sLeIe+FVoMEVz714VFzSRlW6TShGeRYgmwLunEKd2myzx66biOt7nKGyUxvV49H3kwhR1H4b7f4la5LWTL6wPemwqYbA+i9MQs7nsQ/WzrAu+takHOWv9N2juG+4z5ff6golcn05wjWjyECIMVv2HqSnV1jofZI7A+0+5dYCe5E1YlGNPMODNd/Sbj7Vpeq6fEeTyU7nuhOdwoe9sZqsSCRN+IoGwMjXYv706EDn/3mgo0aAjemtji19SwphhScMKRO7mTBRrZnmW9H3QaDfcnulnoiQW1KzKFMm8TwgjaHKt70mqpTU1RR3fwJI491F/5vVAOVYOxmcXg+Ynz0Y95dhtV/NTxJEnQmBudKdyiHo1c/m/vK0yiXhl1wMQkuEyyAD5mcvHPn8UNrS5hDEx/ghao6x9jxJ8LkAFjpg+grPTQF2SJdEIv9xszYovpdgmwqfti/LbVEhBOngx3Zd0fYFLMSr/sE4jZ X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(82310400014)(36860700004)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:53:03.5143 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3f738c6a-27d5-4b54-234c-08dc48bb2753 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN1PEPF0000467F.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM3PR12MB9349 From: Brijesh Singh A recent version of OVMF expanded the reset vector GUID list to add SEV-specific metadata GUID. The SEV metadata describes the reserved memory regions such as the secrets and CPUID page used during the SEV-SNP guest launch. The pc_system_get_ovmf_sev_metadata_ptr() is used to retieve the SEV metadata pointer from the OVMF GUID list. Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth --- hw/i386/pc_sysfw_ovmf.c | 33 +++++++++++++++++++++++++++++++++ include/hw/i386/pc.h | 26 ++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) diff --git a/hw/i386/pc_sysfw_ovmf.c b/hw/i386/pc_sysfw_ovmf.c index 07a4c267fa..32efa34614 100644 --- a/hw/i386/pc_sysfw_ovmf.c +++ b/hw/i386/pc_sysfw_ovmf.c @@ -35,6 +35,31 @@ static const int bytes_after_table_footer = 32; static bool ovmf_flash_parsed; static uint8_t *ovmf_table; static int ovmf_table_len; +static OvmfSevMetadata *ovmf_sev_metadata_table; + +#define OVMF_SEV_META_DATA_GUID "dc886566-984a-4798-A75e-5585a7bf67cc" +typedef struct __attribute__((__packed__)) OvmfSevMetadataOffset { + uint32_t offset; +} OvmfSevMetadataOffset; + +static void pc_system_parse_sev_metadata(uint8_t *flash_ptr, size_t flash_size) +{ + OvmfSevMetadata *metadata; + OvmfSevMetadataOffset *data; + + if (!pc_system_ovmf_table_find(OVMF_SEV_META_DATA_GUID, (uint8_t **)&data, + NULL)) { + return; + } + + metadata = (OvmfSevMetadata *)(flash_ptr + flash_size - data->offset); + if (memcmp(metadata->signature, "ASEV", 4) != 0) { + return; + } + + ovmf_sev_metadata_table = g_malloc(metadata->len); + memcpy(ovmf_sev_metadata_table, metadata, metadata->len); +} void pc_system_parse_ovmf_flash(uint8_t *flash_ptr, size_t flash_size) { @@ -90,6 +115,9 @@ void pc_system_parse_ovmf_flash(uint8_t *flash_ptr, size_t flash_size) */ memcpy(ovmf_table, ptr - tot_len, tot_len); ovmf_table += tot_len; + + /* Copy the SEV metadata table (if exist) */ + pc_system_parse_sev_metadata(flash_ptr, flash_size); } /** @@ -159,3 +187,8 @@ bool pc_system_ovmf_table_find(const char *entry, uint8_t **data, } return false; } + +OvmfSevMetadata *pc_system_get_ovmf_sev_metadata_ptr(void) +{ + return ovmf_sev_metadata_table; +} diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h index fb1d4106e5..df9a61540d 100644 --- a/include/hw/i386/pc.h +++ b/include/hw/i386/pc.h @@ -163,6 +163,32 @@ void pc_acpi_smi_interrupt(void *opaque, int irq, int level); #define PCI_HOST_ABOVE_4G_MEM_SIZE "above-4g-mem-size" #define PCI_HOST_PROP_SMM_RANGES "smm-ranges" +typedef enum { + SEV_DESC_TYPE_UNDEF, + /* The section contains the region that must be validated by the VMM. */ + SEV_DESC_TYPE_SNP_SEC_MEM, + /* The section contains the SNP secrets page */ + SEV_DESC_TYPE_SNP_SECRETS, + /* The section contains address that can be used as a CPUID page */ + SEV_DESC_TYPE_CPUID, + +} ovmf_sev_metadata_desc_type; + +typedef struct __attribute__((__packed__)) OvmfSevMetadataDesc { + uint32_t base; + uint32_t len; + ovmf_sev_metadata_desc_type type; +} OvmfSevMetadataDesc; + +typedef struct __attribute__((__packed__)) OvmfSevMetadata { + uint8_t signature[4]; + uint32_t len; + uint32_t version; + uint32_t num_desc; + OvmfSevMetadataDesc descs[]; +} OvmfSevMetadata; + +OvmfSevMetadata *pc_system_get_ovmf_sev_metadata_ptr(void); void pc_pci_as_mapping_init(MemoryRegion *system_memory, MemoryRegion *pci_address_space); From patchwork Wed Mar 20 08:39:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597579 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2074.outbound.protection.outlook.com [40.107.94.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B92713BB29 for ; Wed, 20 Mar 2024 08:53:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.74 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924829; cv=fail; b=ZCpE/kvcI8JLCkR7o0TBb53nL4jTdjfcLj0IDBC108iO/l1p4N0lKOAkMVMEPaHJKl3LH5c7iMLKRMSTA8uOV/5Mq5yhJI21yyvSxUYTX0WnY6qHX3JEGU45/91Mv9CWbr3+1Qg9UmKlRzoPwQY/j4lA4DACbZA3MDwe+P8HLmM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924829; c=relaxed/simple; bh=WwF8zIfnZxEP1Pa8q1yjrnN++F8Iwom4YchB2heSMPQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=FgaIoP7xGcsGhb2csOVIww7Fv9wJbqLGRxJbgw8hIwiNg93FBulwSZYMQ2ddkYwESlWXNAAJYRvEJD2yYxoRn6NfdlYuO9XumOqs9tjSsdqt0IuRCsbj1Zsc8UybDJJ/DJ/QpTjulH0yJcE5NThh49K12OINqhojE3vtOpgGTzc= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=tx+Y4hbt; arc=fail smtp.client-ip=40.107.94.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="tx+Y4hbt" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RL61Kf3hIv5765WCfjCioYH/bQ+OVIfL2FgDaQsOQiIL6GOd6q0Vg7D6OPVrTh3o7aJ0S6Hh/i5TM365mftp7QDYebgXZ6W81LAC08IQ38LAqQQS9MsoXUbuoJhgVMkNC4mf+jQd0ijNioBPMFMybyOTj9uEbdDOnY8VinyeCTVYekiQm+Nf2iGZo+3v6aqU9m4RJ4BYuUR20aB8bvBTmKdzk0czqJVn4kveHcv++vWmiUXPkTGhSnDyVD2/qVy+lOYC3vzRrt/qITIQSEyvXXWt/Zs6++WJoTEGF0+98bjxH5ElzH1Tj8PHq1LQ7R1M61Cr1ku9YOOtZgJdY2l56A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZnTjo2V+1LHsI1rt+5gOeerFr+ojKCKSZXbbVpHBn8M=; b=n2Ga9b4H2g47XJcC5UvAqmylYGMxg6mq8ugOstDrarcrzpl1rcQuxMqJX4ggM7zvuzC8Fe2zG0wTaJ6EO/0ETUE3618CFRehDtraZlV5Cp/h/FMakQ0zhlesEGlc7FSE8bHbpo42XtYdo+qU05MJTUYHJvemahvqy/mmO3qZ4+sLuzuF/ZsfpJBzFJzvgyvJzpX3xJDBZdSOVHVVQKNLTab4SYgHer1Uy409mL0fUdSN6Bp/wDY9d0m6P45OfdVqcZ//hdgMonHJl0mVjZ7XMaXI3pLg9NKeDbrP6I1TX1t+VR/2Tv4PMytE4ziI+MEd+5DVzLn96eHLQi5B5dkdYg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZnTjo2V+1LHsI1rt+5gOeerFr+ojKCKSZXbbVpHBn8M=; b=tx+Y4hbtYePp6or0mSpkcIB0DkoRp8nUd6Yy8pK0+tkPAU/qRynuUorpbFyHFuoGrQlVyRgXloIsdHF7QIfoXJ9tdLZX3pxKgpXjTFPoW07mY28/csqnjHsFy+mpDyAm0juUhxnw8DuQWKKp4noMwHeQ6YR3CkxvqP3/+oNDIxI= Received: from BN9PR03CA0207.namprd03.prod.outlook.com (2603:10b6:408:f9::32) by DS0PR12MB7898.namprd12.prod.outlook.com (2603:10b6:8:14c::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.30; Wed, 20 Mar 2024 08:53:43 +0000 Received: from BN1PEPF00004686.namprd03.prod.outlook.com (2603:10b6:408:f9:cafe::c3) by BN9PR03CA0207.outlook.office365.com (2603:10b6:408:f9::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.25 via Frontend Transport; Wed, 20 Mar 2024 08:53:43 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN1PEPF00004686.mail.protection.outlook.com (10.167.243.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:53:43 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:53:42 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata , Brijesh Singh Subject: [PATCH v3 41/49] i386/sev: Add support for populating OVMF metadata pages Date: Wed, 20 Mar 2024 03:39:37 -0500 Message-ID: <20240320083945.991426-42-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN1PEPF00004686:EE_|DS0PR12MB7898:EE_ X-MS-Office365-Filtering-Correlation-Id: fc741a56-c424-4c3f-f0c8-08dc48bb3f17 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: fOBNrZJ5dZt4KsZPlb2gXooAcSQTLaXmNtKh14a1NK6VzzUHAQL5kF9Hi4sGwgwb7YtKaYEeX7kSq/9kVcMsiZ8pJ9FQobO1SmaAlPqLLZk1nvhL6l+QlpgqnkSr+GFbj4JhaW/gq5dOMA9pX3xHu+honn2kzAwhLeZFnHqc9ZQhkj7ulZe/EHP47fd0B/tb3L7b7Dg5KIKM2DhXbJOhYCr8S2f9agErfyvINSpAp1v9yjKg+ehl7n2KM69oOHNrR2Z+KHKv8bXHoq5sYSic3wv4HMpvTzCR9vWKjezTM0ci9a73WLGpF8IeIXwuSEHyt7UKXNJ2msh9PMMiCC0O5X4aHEheZYw8fk1/Z4b7L0lGIRV+LbeFcnfqVUkvqm4LpQyKxe5al0GmBGDXna7WR15t2hK7D+zZCvFwOHwQ8kuvvIsaPTgGtVHfKD6Wzbt5yt4plOR7duLYWX7W6ncSdNujgJlzvaeJaTeUoktDAcxuz7vlwEI1+dqUehXOqpIqFrtoepapj6+o3cJL4Bh68IiEsRmJWg92f6+RHqdc8qeB9R8ZwMbIJnEGSg+cm+kI/dZahxaroHoFWH4jEWcNRId8AurnpUuyzGuGUJEDCp9c1frmLwZzgH6j+Kh8t9/JzQpdT5SFiTOnpQflYU/OhUkVbHuXwlQzJIhShNH3FTtxnjb3QWS+GB5beKn1yQyKrbJ94HO6OlZMKKkP56KYRB2hz7Hzyx5qduq6agBMXAySXclAYLa18Md14zSw8V3u X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(82310400014)(36860700004)(1800799015)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:53:43.3916 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fc741a56-c424-4c3f-f0c8-08dc48bb3f17 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN1PEPF00004686.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB7898 From: Brijesh Singh OVMF reserves various pages so they can be pre-initialized/validated prior to launching the guest. Add support for populating these pages with the expected content. Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth --- target/i386/sev.c | 75 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index 4d862eef78..6c5166c729 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -949,6 +949,67 @@ sev_launch_finish(SevGuestState *sev_guest) migrate_add_blocker(&sev_mig_blocker, &error_fatal); } +static int +snp_launch_update_data(uint64_t gpa, void *hva, uint32_t len, int type) +{ + SevLaunchUpdateData *data; + + data = g_new0(SevLaunchUpdateData, 1); + data->gpa = gpa; + data->hva = hva; + data->len = len; + data->type = type; + + QTAILQ_INSERT_TAIL(&launch_update, data, next); + + return 0; +} + +static int +snp_metadata_desc_to_page_type(int desc_type) +{ + switch(desc_type) { + /* Add the umeasured prevalidated pages as a zero page */ + case SEV_DESC_TYPE_SNP_SEC_MEM: return KVM_SEV_SNP_PAGE_TYPE_ZERO; + case SEV_DESC_TYPE_SNP_SECRETS: return KVM_SEV_SNP_PAGE_TYPE_SECRETS; + case SEV_DESC_TYPE_CPUID: return KVM_SEV_SNP_PAGE_TYPE_CPUID; + default: return -1; + } +} + +static void +snp_populate_metadata_pages(SevSnpGuestState *sev_snp, OvmfSevMetadata *metadata) +{ + OvmfSevMetadataDesc *desc; + int type, ret, i; + void *hva; + MemoryRegion *mr = NULL; + + for (i = 0; i < metadata->num_desc; i++) { + desc = &metadata->descs[i]; + + type = snp_metadata_desc_to_page_type(desc->type); + if (type < 0) { + error_report("%s: Invalid memory type '%d'\n", __func__, desc->type); + exit(1); + } + + hva = gpa2hva(&mr, desc->base, desc->len, NULL); + if (!hva) { + error_report("%s: Failed to get HVA for GPA 0x%x sz 0x%x\n", + __func__, desc->base, desc->len); + exit(1); + } + + ret = snp_launch_update_data(desc->base, hva, desc->len, type); + if (ret) { + error_report("%s: Failed to add metadata page gpa 0x%x+%x type %d\n", + __func__, desc->base, desc->len, desc->type); + exit(1); + } + } +} + static void sev_snp_launch_finish(SevSnpGuestState *sev_snp) { @@ -958,6 +1019,20 @@ sev_snp_launch_finish(SevSnpGuestState *sev_snp) SevLaunchUpdateData *data; struct kvm_sev_snp_launch_finish *finish = &sev_snp->kvm_finish_conf; + /* + * To boot the SNP guest, the hypervisor is required to populate the CPUID + * and Secrets page before finalizing the launch flow. The location of + * the secrets and CPUID page is available through the OVMF metadata GUID. + */ + metadata = pc_system_get_ovmf_sev_metadata_ptr(); + if (metadata == NULL) { + error_report("%s: Failed to locate SEV metadata header\n", __func__); + exit(1); + } + + /* Populate all the metadata pages */ + snp_populate_metadata_pages(sev_snp, metadata); + QTAILQ_FOREACH(data, &launch_update, next) { ret = sev_snp_launch_update(sev_snp, data); if (ret) { From patchwork Wed Mar 20 08:39:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597580 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2065.outbound.protection.outlook.com [40.107.94.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C88E939AF2 for ; Wed, 20 Mar 2024 08:54:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.65 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924851; cv=fail; b=lkAKvaVCbv1ve/tf4RLVscUFAFpT1H+tl4d5tCguEPn85iyvk6YtLTtNrQJ4AwBWbyGKdpOQqZhaADPex4wvbP9PEWdt2lAgQrILaCfY5kIqSMHoM0B2NI6lLRUyl11bTpZ1a/UAAx4hjeOfAIyH9SzgA3rDOqbw0tmjH0LStns= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924851; c=relaxed/simple; bh=lb4GWtIr8IzJRVaErzWC4+W67sMnNbSx8qdiIq725zY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=J/HFsyWpcdV5qXWlaabzdeAdNF/pMs7jkOW1YFOZFN62jWk/NwLVm1HGi+9k1wfS2gaEJGg8T6HmsOqjHcJ0YRJDqJjlF1/dTLYhD/qS0NmhS/4S9xPBqxEuhVOpOsn1lNWVOWE8m4MTt9uRTJTsQGUEtXzRS4G3WyMdDNmLG0c= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Dnjbqh2i; arc=fail smtp.client-ip=40.107.94.65 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Dnjbqh2i" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IvdUX1X9Sk+l9AmzX+dgav5yA2eQn8hpKnOBiKHiJo5b70JRBei4Xy8266pwflKp20MgRZpeWsp5EOKp/VUBHa8JJHZdWZzRUVBK5mHCOIWymuRyk2Zc8WzgQ2xs8cOVJS2VhiuVHGvfQZmxcPL9mbtRRVZ55oQgc4GhOcVYpVB/IJEoPh4t4M2V3O6qslIPEMFTtddGY5jX+wR3IvMhCHVS1spqisyUm/sJHhOzx8bzMHFM+JyfINel8DrzfuwhmRvn2UoBiN8+kG+Hfv2zeWiInj7T6v6kgGrr3BYpJnBzVyXaeIcbnB0zazi3tk0kwdWe4f6u9XLKVlxoIfrIYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MvxwD5kwhSj5IdGp8kKYpvsxTiNI/x8OnjdWm8PBU3s=; b=h1Cxbigz2Imu5syq3wki2nN/EH/lY6VQLfFrjpxtluYAM1FCikGjkOrUUxQ/8Upxflyh6Y/Zd2/ogopLmKOR0UD51tXLXG/H5Z31Owbo7y4F8SwKCefZjQn1lMdlq4eiBPnSHVlnNM1RY9JuHZYkVu0kOpKN+dun+dtvuGRvkcJRM5+iYOuAkSWXN24aF9QJXOA8EOX1izpSJnhfzO+/aSs3MsEORy/7vUP6YbLx7QzBsA9ltQxcgNdX0bYZ8RwljvITlxEAz9daNYxiR95oVzEV1gCYMEpMoBVauYvV19kuMLk8HPA5oaSd6Ig/OiG07GyfyA9Gby9VKw28ObMa/g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MvxwD5kwhSj5IdGp8kKYpvsxTiNI/x8OnjdWm8PBU3s=; b=Dnjbqh2ivkPAfCCjM4y1fYpOg60ng0SAOpDOkxeXOuOO1TVm8Z3RZpOTcMNkFlmw6ltN4EbdF4zlZwjJO2VU8i0VJwCbBdiaE3FWTq33jhE68WSlba/4jvxeTAMwhZxMQlyj8bWzj58ZaQtawAwEhMgpxZMXpMKvdTYf731hezo= Received: from BN9PR03CA0799.namprd03.prod.outlook.com (2603:10b6:408:13f::24) by PH8PR12MB7160.namprd12.prod.outlook.com (2603:10b6:510:228::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27; Wed, 20 Mar 2024 08:54:04 +0000 Received: from BN1PEPF00004681.namprd03.prod.outlook.com (2603:10b6:408:13f:cafe::aa) by BN9PR03CA0799.outlook.office365.com (2603:10b6:408:13f::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.37 via Frontend Transport; Wed, 20 Mar 2024 08:54:04 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN1PEPF00004681.mail.protection.outlook.com (10.167.243.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:54:04 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:54:03 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 42/49] i386/sev: Add support for SNP CPUID validation Date: Wed, 20 Mar 2024 03:39:38 -0500 Message-ID: <20240320083945.991426-43-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN1PEPF00004681:EE_|PH8PR12MB7160:EE_ X-MS-Office365-Filtering-Correlation-Id: 3f7ce8e1-d022-498b-e829-08dc48bb4b95 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: cu+CuNi3mjP7xT1WKkZ3gPcmNhJ6ov6icitFitxov1kFlZTFiCUmnFPWNFR3ZreDnoyvfc4UEYVf8pEaN+LmWxFzph36unYkNVtHtgwCikvUgzzUh4AFFgnfJ5gERgLIPWCJUa6gl6oF5Nm5L/ZB3tH0FMibOx0wBrb4Wo4FDmde3bRw13CMhkO0X6fdzCikn0a7YMHF3JVGiBgG//qmyDaCFBLIKUkHgrIz9Xq4SkQK+TwDBNbMwNnNSQTHtG0vTXMuVf3Fdh95nJfrAN3MBzX7ZKVG1ev52eNxYJ0Gdb9RJb8SOBjFyqPN7DMQ5SKeTHitJSfjSOeLV0BKxVdLEsNhi8xrXOWzWfhsHSoGkrUuKRW3azRDx21u0Lpmb0INN2rPstQMMwpCB0jcf+Iy6hlVUi/gbgrGNw3yYx/j4vqG16YG60mfyOJgwqQ5hU88SM7hxOybmDc/4BTja/B2rJ6UkVY7ODMxa0immPgTloRMI8hWDWNErZeHKAXlwYWXsXf803iTbXYRcKxMALH9M+bmAN/sb8VA0inRiggSaAwnqPDnwHoR+zjShhXOJkoOaVsyrJXxalr+tcTXdC8vr3f6p/ZIBxtChmIeV9M1YwzorScxy+fCB8dPeiLj/C9z9IC+qirCQQYML6F9J5mgijJPQzggqa5ho4MnbFLcBKLdr4U42PGe7+/oSGvBBr7k6I0RT/V4vYQQhVoUPk21bawe6oWWmBDx/3aKAZOzo971yt3O/Mr5zXK3gd01krPg X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(376005)(82310400014)(36860700004);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:54:04.3498 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3f7ce8e1-d022-498b-e829-08dc48bb4b95 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN1PEPF00004681.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR12MB7160 SEV-SNP firmware allows a special guest page to be populated with a table of guest CPUID values so that they can be validated through firmware before being loaded into encrypted guest memory where they can be used in place of hypervisor-provided values[1]. As part of SEV-SNP guest initialization, use this interface to validate the CPUID entries reported by KVM_GET_CPUID2 prior to initial guest start and populate the CPUID page reserved by OVMF with the resulting encrypted data. [1] SEV SNP Firmware ABI Specification, Rev. 0.8, 8.13.2.6 Signed-off-by: Michael Roth --- target/i386/sev.c | 159 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 158 insertions(+), 1 deletion(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 6c5166c729..db888afb53 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -191,6 +191,36 @@ static const char *const sev_fw_errlist[] = { #define SEV_FW_MAX_ERROR ARRAY_SIZE(sev_fw_errlist) +/* doesn't expose this, so re-use the max from kvm.c */ +#define KVM_MAX_CPUID_ENTRIES 100 + +typedef struct KvmCpuidInfo { + struct kvm_cpuid2 cpuid; + struct kvm_cpuid_entry2 entries[KVM_MAX_CPUID_ENTRIES]; +} KvmCpuidInfo; + +#define SNP_CPUID_FUNCTION_MAXCOUNT 64 +#define SNP_CPUID_FUNCTION_UNKNOWN 0xFFFFFFFF + +typedef struct { + uint32_t eax_in; + uint32_t ecx_in; + uint64_t xcr0_in; + uint64_t xss_in; + uint32_t eax; + uint32_t ebx; + uint32_t ecx; + uint32_t edx; + uint64_t reserved; +} __attribute__((packed)) SnpCpuidFunc; + +typedef struct { + uint32_t count; + uint32_t reserved1; + uint64_t reserved2; + SnpCpuidFunc entries[SNP_CPUID_FUNCTION_MAXCOUNT]; +} __attribute__((packed)) SnpCpuidInfo; + static int sev_ioctl(int fd, int cmd, void *data, int *error) { @@ -749,6 +779,34 @@ out: return ret; } +static void +sev_snp_cpuid_report_mismatches(SnpCpuidInfo *old, + SnpCpuidInfo *new) +{ + size_t i; + + if (old->count != new->count) { + error_report("SEV-SNP: CPUID validation failed due to count mismatch, provided: %d, expected: %d", + old->count, new->count); + } + + for (i = 0; i < old->count; i++) { + SnpCpuidFunc *old_func, *new_func; + + old_func = &old->entries[i]; + new_func = &new->entries[i]; + + if (memcmp(old_func, new_func, sizeof(SnpCpuidFunc))) { + error_report("SEV-SNP: CPUID validation failed for function 0x%x, index: 0x%x.\n" + "provided: eax:0x%08x, ebx: 0x%08x, ecx: 0x%08x, edx: 0x%08x\n" + "expected: eax:0x%08x, ebx: 0x%08x, ecx: 0x%08x, edx: 0x%08x", + old_func->eax_in, old_func->ecx_in, + old_func->eax, old_func->ebx, old_func->ecx, old_func->edx, + new_func->eax, new_func->ebx, new_func->ecx, new_func->edx); + } + } +} + static const char * snp_page_type_to_str(int type) { @@ -766,6 +824,7 @@ static int sev_snp_launch_update(SevSnpGuestState *sev_snp_guest, SevLaunchUpdateData *data) { int ret, fw_error; + SnpCpuidInfo snp_cpuid_info; struct kvm_sev_snp_launch_update update = {0}; if (!data->hva || !data->len) { @@ -774,6 +833,11 @@ sev_snp_launch_update(SevSnpGuestState *sev_snp_guest, SevLaunchUpdateData *data return 1; } + if (data->type == KVM_SEV_SNP_PAGE_TYPE_CPUID) { + /* Save a copy for comparison in case the LAUNCH_UPDATE fails */ + memcpy(&snp_cpuid_info, data->hva, sizeof(snp_cpuid_info)); + } + update.uaddr = (__u64)(unsigned long)data->hva; update.gfn_start = data->gpa >> TARGET_PAGE_BITS; update.len = data->len; @@ -798,6 +862,11 @@ sev_snp_launch_update(SevSnpGuestState *sev_snp_guest, SevLaunchUpdateData *data if (ret) { error_report("SNP_LAUNCH_UPDATE ret=%d fw_error=%d '%s'", ret, fw_error, fw_error_to_str(fw_error)); + + if (data->type == KVM_SEV_SNP_PAGE_TYPE_CPUID) { + sev_snp_cpuid_report_mismatches(&snp_cpuid_info, data->hva); + error_report("SEV-SNP: failed update CPUID page"); + } } out: @@ -965,6 +1034,89 @@ snp_launch_update_data(uint64_t gpa, void *hva, uint32_t len, int type) return 0; } +static int +sev_snp_cpuid_info_fill(SnpCpuidInfo *snp_cpuid_info, + const KvmCpuidInfo *kvm_cpuid_info) +{ + size_t i; + + if (kvm_cpuid_info->cpuid.nent > SNP_CPUID_FUNCTION_MAXCOUNT) { + error_report("SEV-SNP: CPUID entry count (%d) exceeds max (%d)", + kvm_cpuid_info->cpuid.nent, SNP_CPUID_FUNCTION_MAXCOUNT); + return -1; + } + + memset(snp_cpuid_info, 0, sizeof(*snp_cpuid_info)); + + for (i = 0; i < kvm_cpuid_info->cpuid.nent; i++) { + const struct kvm_cpuid_entry2 *kvm_cpuid_entry; + SnpCpuidFunc *snp_cpuid_entry; + + kvm_cpuid_entry = &kvm_cpuid_info->entries[i]; + snp_cpuid_entry = &snp_cpuid_info->entries[i]; + + snp_cpuid_entry->eax_in = kvm_cpuid_entry->function; + if (kvm_cpuid_entry->flags == KVM_CPUID_FLAG_SIGNIFCANT_INDEX) { + snp_cpuid_entry->ecx_in = kvm_cpuid_entry->index; + } + snp_cpuid_entry->eax = kvm_cpuid_entry->eax; + snp_cpuid_entry->ebx = kvm_cpuid_entry->ebx; + snp_cpuid_entry->ecx = kvm_cpuid_entry->ecx; + snp_cpuid_entry->edx = kvm_cpuid_entry->edx; + + /* + * Guest kernels will calculate EBX themselves using the 0xD + * subfunctions corresponding to the individual XSAVE areas, so only + * encode the base XSAVE size in the initial leaves, corresponding + * to the initial XCR0=1 state. + */ + if (snp_cpuid_entry->eax_in == 0xD && + (snp_cpuid_entry->ecx_in == 0x0 || snp_cpuid_entry->ecx_in == 0x1)) { + snp_cpuid_entry->ebx = 0x240; + snp_cpuid_entry->xcr0_in = 1; + snp_cpuid_entry->xss_in = 0; + } + } + + snp_cpuid_info->count = i; + + return 0; +} + +static int +snp_launch_update_cpuid(uint32_t cpuid_addr, void *hva, uint32_t cpuid_len) +{ + KvmCpuidInfo kvm_cpuid_info = {0}; + SnpCpuidInfo snp_cpuid_info; + CPUState *cs = first_cpu; + int ret; + uint32_t i = 0; + + assert(sizeof(snp_cpuid_info) <= cpuid_len); + + /* get the cpuid list from KVM */ + do { + kvm_cpuid_info.cpuid.nent = ++i; + ret = kvm_vcpu_ioctl(cs, KVM_GET_CPUID2, &kvm_cpuid_info); + } while (ret == -E2BIG); + + if (ret) { + error_report("SEV-SNP: unable to query CPUID values for CPU: '%s'", + strerror(-ret)); + return 1; + } + + ret = sev_snp_cpuid_info_fill(&snp_cpuid_info, &kvm_cpuid_info); + if (ret) { + error_report("SEV-SNP: failed to generate CPUID table information"); + return 1; + } + + memcpy(hva, &snp_cpuid_info, sizeof(snp_cpuid_info)); + + return snp_launch_update_data(cpuid_addr, hva, cpuid_len, KVM_SEV_SNP_PAGE_TYPE_CPUID); +} + static int snp_metadata_desc_to_page_type(int desc_type) { @@ -1001,7 +1153,12 @@ snp_populate_metadata_pages(SevSnpGuestState *sev_snp, OvmfSevMetadata *metadata exit(1); } - ret = snp_launch_update_data(desc->base, hva, desc->len, type); + if (type == KVM_SEV_SNP_PAGE_TYPE_CPUID) { + ret = snp_launch_update_cpuid(desc->base, hva, desc->len); + } else { + ret = snp_launch_update_data(desc->base, hva, desc->len, type); + } + if (ret) { error_report("%s: Failed to add metadata page gpa 0x%x+%x type %d\n", __func__, desc->base, desc->len, desc->type); From patchwork Wed Mar 20 08:39:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597581 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2054.outbound.protection.outlook.com [40.107.244.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2E9963BBDD for ; Wed, 20 Mar 2024 08:54:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.54 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924875; cv=fail; b=XbQnzV2fKfe6G+ahWV4/8zksl03l35Vg8+eu/ERaFZQ+w3pxg1rJCAf8hjBbVZfXZ7O0ocUTnlJqfoa1rhiYaOo9Pc5y1bWcBGSZD5QdBDXWMESW32rRvtoNij7knr2973yqiAdl2PoI6SaLG6UTsDiTM/xS+WSLDvt7lzEALS8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924875; c=relaxed/simple; bh=KO8/dvZTtls1HKti5f2Etl8pDSJZyJ8nKw2VntqoRwM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=phx5s2sEpAo59FqI9uZTBBLzWEJM69j2na8EUSnuRXh5sEfdLW3UF97IgD7v81Du985LYf+JH7NCzEN9GmgDMKfelrmFZKljO3ohHRKvGH8zAU25sWfKkl1MppNMMrd+kRsL8zFNYDOFOWs8ftmUAEWwk9g0JMcU+tbuUIQOQLY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=bmGrQo43; arc=fail smtp.client-ip=40.107.244.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="bmGrQo43" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HsR9AWqVBYq5IFCwrq5S25hEttgBSBwjExY1EfPBQaqxzuTKgI+7YwYRBuNbRMRkQsvj5ipgU0X41kbbWYykG3308/V38cXHp/zS5lDSs+F3K3gEnfUNC0ikTGb+Z6mgo6ypMr9SI+wTRqrGUIsEu3MgHIMPbl8Uk1zHkMoNwL14jhg2DEOUEkO/oE+MfiUp43hL5Bn6O45sVxTv0mM3SuCqB/pQgm/ABgANnZXPKa6CZRmgGZAHaF073eDBiPUhVZlXzU33X/jtRyBx1si+D2l81oE7xGaRzpXBn5g1v7R5DkMQutV5M72zIpCgOgq2PoGQEvmVJzu6a0A+imR5iw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=46Y1YUFzn4ag32XDe16B1pD4yA1plw2W8p/d0aiXcY0=; b=h1ikS38qMtdIQrckqg5ehOYisv7Mikx0R723eT1iJRwMQ7kNSNFYRX78x4hxEJACkVph7AIxBkqnFKC/sMy8DJTLCg0gKMQEEQFCmGCitEOjiBujHk/FaK82I0eRxao3+lspcxosDcH/DC1zvoq537MOk1p5TrrZG6Q7kKiW3EPNsjIeAgk9I+mFUmiTfWds+qZDo0rOhvYNSp7Z/3MlLib0TnlAMQ+LMWStFg3W1ezfGFnKNbn989fmmPDhlFkldiY7Eqb/XPJEqWOFgt6Ewqeoog+nTLs2HcXjNVybeCJW8YPwVQF50u4UySV67l/tJkS3gygHbDwMdqjHDVydPQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=46Y1YUFzn4ag32XDe16B1pD4yA1plw2W8p/d0aiXcY0=; b=bmGrQo43wJeSZRlpNfSNYuBU5ly8j+FJNUd+6nadC1LR/b9S3uSG3YIUF1bKa6Mc/nE7xuJGs8ffDZl4o2sMuVdrBLPPc04OhmrrlH8u2yiSX5EKxicC+UPiUYzg3WmFCRtNuAKKUsj4hLPH/U78s/38nip/F0gCPtISt+rkuAg= Received: from SJ0PR05CA0042.namprd05.prod.outlook.com (2603:10b6:a03:33f::17) by PH7PR12MB6442.namprd12.prod.outlook.com (2603:10b6:510:1fa::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.34; Wed, 20 Mar 2024 08:54:27 +0000 Received: from CO1PEPF000044F5.namprd05.prod.outlook.com (2603:10b6:a03:33f:cafe::66) by SJ0PR05CA0042.outlook.office365.com (2603:10b6:a03:33f::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.12 via Frontend Transport; Wed, 20 Mar 2024 08:54:27 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CO1PEPF000044F5.mail.protection.outlook.com (10.167.241.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:54:27 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:54:24 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata , Dov Murik Subject: [PATCH v3 43/49] qapi, i386: Move kernel-hashes to SevCommonProperties Date: Wed, 20 Mar 2024 03:39:39 -0500 Message-ID: <20240320083945.991426-44-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000044F5:EE_|PH7PR12MB6442:EE_ X-MS-Office365-Filtering-Correlation-Id: 76ebdcf3-3a7d-419c-c57d-08dc48bb593d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: AhFU7LT1aypHTXClsR+Gk7dUa3WwySkRKT1gpusJc5QZtlw6gZ2DkZH/lCmfbFMhdc689D96od1ghp8DfYAe4CKMRchYBB4vmzwtfU3QmOmnVc93fQf7uanLUR9Ub1tlJpS/zejwbjDc5qza7shajr74ES+vpf+SSrDVx4PPREGlmu0cLt+CUbje302e0XzSEPZqG8Rc2CEiT/L+stYoQ2ZuBxiK0gWy899WIOafQhRabxTWDjY7OmOK8oTb9Nln5cStNhFjFwasjWx9Z4ekG5irUUYsF6lLitJ9b8Su5q0ey9TEUAXadOuUYG+Hd8hRIhJixGRLrTbYP4y/E/dcw+gPqF0ku5+1LXDPL6iCoBSicDDkHu9G4fSisnwC3uEv3kqhS2ymIfFov8WzsQ5cCNc0edrAD1GPdvAbuIBPYdAOiQa5jpMA1JdmftK79A3rTCnS86nnMW5IeRcogLuyPQP7CDMamXGjMypRZdvYiyebBvUvf8ckzwLUDRKS0q2CU1Z/IgwFCf7cIerA+AKKOZCw7XFB1ycAdigmmJhWM8y/OdNAq9gESvCD/Y3uuuC2ca3QssZGF+iWbsO/sbMz5wiECHw60tK8AGxTOxM5eGNJ7Y/h+64hhiNDlAPSCGfiFRn38QaIBcr9Qv0cezfnC6OcLvlXE1mteEgF5zw7Pfb6pAqUsg8ShxZQa45hHjbU5y0w+vUF0oTcWaOnZnV0osBst7FEMvn63TyWcyYjkKNxBNQJHpBcHWmv7Ymxau3m X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(376005)(36860700004)(82310400014)(1800799015);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:54:27.1509 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 76ebdcf3-3a7d-419c-c57d-08dc48bb593d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000044F5.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB6442 From: Dov Murik In order to enable kernel-hashes for SNP, pull it from SevGuestProperties to its parent SevCommonProperties so it will be available for both SEV and SNP. Signed-off-by: Dov Murik Signed-off-by: Michael Roth --- qapi/qom.json | 14 +++++++------- target/i386/sev.c | 44 ++++++++++++++++++-------------------------- 2 files changed, 25 insertions(+), 33 deletions(-) diff --git a/qapi/qom.json b/qapi/qom.json index 7ba778af91..ea8832a8c3 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -886,12 +886,17 @@ # @reduced-phys-bits: number of bits in physical addresses that become # unavailable when SEV is enabled # +# @kernel-hashes: if true, add hashes of kernel/initrd/cmdline to a +# designated guest firmware page for measured boot with -kernel +# (default: false) (since 6.2) +# # Since: 2.12 ## { 'struct': 'SevCommonProperties', 'data': { '*sev-device': 'str', '*cbitpos': 'uint32', - 'reduced-phys-bits': 'uint32' } } + 'reduced-phys-bits': 'uint32', + '*kernel-hashes': 'bool' } } ## # @SevGuestProperties: @@ -906,10 +911,6 @@ # # @handle: SEV firmware handle (default: 0) # -# @kernel-hashes: if true, add hashes of kernel/initrd/cmdline to a -# designated guest firmware page for measured boot with -kernel -# (default: false) (since 6.2) -# # Since: 2.12 ## { 'struct': 'SevGuestProperties', @@ -917,8 +918,7 @@ 'data': { '*dh-cert-file': 'str', '*session-file': 'str', '*policy': 'uint32', - '*handle': 'uint32', - '*kernel-hashes': 'bool' } } + '*handle': 'uint32' } } ## # @SevSnpGuestProperties: diff --git a/target/i386/sev.c b/target/i386/sev.c index db888afb53..3187b3dee8 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -54,6 +54,7 @@ struct SevCommonState { char *sev_device; uint32_t cbitpos; uint32_t reduced_phys_bits; + bool kernel_hashes; /* runtime state */ uint8_t api_major; @@ -86,7 +87,6 @@ struct SevGuestState { uint32_t policy; char *dh_cert_file; char *session_file; - bool kernel_hashes; }; struct SevSnpGuestState { @@ -1696,16 +1696,12 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) MemTxAttrs attrs = { 0 }; bool ret = true; SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); - SevGuestState *sev_guest = - (SevGuestState *)object_dynamic_cast(OBJECT(sev_common), - TYPE_SEV_GUEST); /* * Only add the kernel hashes if the sev-guest configuration explicitly - * stated kernel-hashes=on. Currently only enabled for SEV/SEV-ES guests, - * so check for TYPE_SEV_GUEST as well. + * stated kernel-hashes=on. */ - if (sev_guest && !sev_guest->kernel_hashes) { + if (!sev_common->kernel_hashes) { return false; } @@ -2037,6 +2033,16 @@ sev_common_set_sev_device(Object *obj, const char *value, Error **errp) SEV_COMMON(obj)->sev_device = g_strdup(value); } +static bool sev_common_get_kernel_hashes(Object *obj, Error **errp) +{ + return SEV_COMMON(obj)->kernel_hashes; +} + +static void sev_common_set_kernel_hashes(Object *obj, bool value, Error **errp) +{ + SEV_COMMON(obj)->kernel_hashes = value; +} + static void sev_common_class_init(ObjectClass *oc, void *data) { @@ -2051,6 +2057,11 @@ sev_common_class_init(ObjectClass *oc, void *data) sev_common_set_sev_device); object_class_property_set_description(oc, "sev-device", "SEV device to use"); + object_class_property_add_bool(oc, "kernel-hashes", + sev_common_get_kernel_hashes, + sev_common_set_kernel_hashes); + object_class_property_set_description(oc, "kernel-hashes", + "add kernel hashes to guest firmware for measured Linux boot"); } static void @@ -2109,20 +2120,6 @@ sev_guest_set_session_file(Object *obj, const char *value, Error **errp) SEV_GUEST(obj)->session_file = g_strdup(value); } -static bool sev_guest_get_kernel_hashes(Object *obj, Error **errp) -{ - SevGuestState *sev_guest = SEV_GUEST(obj); - - return sev_guest->kernel_hashes; -} - -static void sev_guest_set_kernel_hashes(Object *obj, bool value, Error **errp) -{ - SevGuestState *sev = SEV_GUEST(obj); - - sev->kernel_hashes = value; -} - static void sev_guest_class_init(ObjectClass *oc, void *data) { @@ -2136,11 +2133,6 @@ sev_guest_class_init(ObjectClass *oc, void *data) sev_guest_set_session_file); object_class_property_set_description(oc, "session-file", "guest owners session parameters (encoded with base64)"); - object_class_property_add_bool(oc, "kernel-hashes", - sev_guest_get_kernel_hashes, - sev_guest_set_kernel_hashes); - object_class_property_set_description(oc, "kernel-hashes", - "add kernel hashes to guest firmware for measured Linux boot"); } static void From patchwork Wed Mar 20 08:39:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597582 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2040.outbound.protection.outlook.com [40.107.94.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4BB353C460 for ; Wed, 20 Mar 2024 08:54:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.40 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924891; cv=fail; b=PWZq+zWQNYlKFRR4aqDdcXYszssi8EsyyN3xE5i+03vuQsWUgbqvFNsd8KqwKs3nf2YJ8JGzXyr8wdNP3UYFDWup0KYEgBu88WcECACPvBVCAWyZAaZMtT0FKCdUozDMMMkzH72WmcOh7rYVYYjSaonfNIBof7Mom0c1lOEGKtg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924891; c=relaxed/simple; bh=/fFGFE/uGJLThJ/8j0kjAVbPnrEebcnx16qgWjYnzHI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Upi2kNiMBSh78iM0fXqryvdMFoEmcdZumy7hJjuDo7YI96IeyUujpILZ+Ny+zHHaEPHaQ6cWAlKBZ2JMYJ/TWGFoIYGXJVzdS1NcK3x+0r8cfQTP59AD9+TK1ikjp63pHfbhKIgDAowSTc1IrEHAkbI/NGWY1Bdml8cMpWjnxjM= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=C3yzA0sI; arc=fail smtp.client-ip=40.107.94.40 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="C3yzA0sI" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nLLVw4uSm732kTkwb2uHPsa1eImQ3zxqugy0mqA5VKvVGHxywgd+C6mrBbFuaBVWTpTQ89QQ55k3Ru0o5/S2Vrn8lEWRVgWq5sTaIY+LVrrqeC4SDug2mvzoBIAAFyToIPKErYXQ1OuAoP4G6tArhQicGVdylYMgt1udxGL2PJWu5FC6s97PHVmtCc68jKJla7gNX538JyFwGQBaAhdGNvPmfN5kHd6jwZdZmZVpWOOR6Dh+jLb8DgDSsVytx1PMaQbxFF7nHpC9+eyquE2JsSRbLr25SHpQI1YVH01ItvViYF9pIGEOaLGtT7MYW0UQNkKEcBLU7HqIwZoLZTtQvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PbbD+3bbhQXC4I9P2lv+uXkLWrYjKykmwVYs67iFU0w=; b=bQK5pRqNMLIqdlVTBtu3PMjfzj0auBK1Lzs6JFffg1TJEttAOVBzZc9UfAhQzSgZYgTUCB8zxikE81U6DfOewbg/KRhONsh1r0Rzwwy5emd6CeFL0/PfhBT3liOJ8o3/YEol/3JwchkFb/aTTiZz0uD9vwuXDWh/J6LW//JKsoGgYaBda+hmZ4xM0GKKdikZphXKhzAdLDoG3vT124cHydn0CxESpE4QklRpOi6AuTzSMXzDNjM1NMhiaXtmKJG9PVZELxv9W/Xm1THtJOFkdxWW9Ot9WFl0MCBTX9BYLDE3c3EUG5LCAqHpk0lSlNwegZZiowOmLqTbFpmPztcBhA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PbbD+3bbhQXC4I9P2lv+uXkLWrYjKykmwVYs67iFU0w=; b=C3yzA0sIPv4mKOF9TIb8PURGiRRykKqDD0VVsn2YhnD5Kb+4kgcKs21/KbGTB+MJ0nPmcjl8Ki4wWrben/skrC6Tonc6XswovdtkcqcxPaLcSLl41Xyx4xdkULSEL3W1GPMoeK1LsHjnn5LHV2S7/eZmhDhEGGcIfBJll5eGqc0= Received: from BY5PR17CA0029.namprd17.prod.outlook.com (2603:10b6:a03:1b8::42) by PH8PR12MB6747.namprd12.prod.outlook.com (2603:10b6:510:1c3::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.31; Wed, 20 Mar 2024 08:54:47 +0000 Received: from CO1PEPF000044F0.namprd05.prod.outlook.com (2603:10b6:a03:1b8:cafe::e) by BY5PR17CA0029.outlook.office365.com (2603:10b6:a03:1b8::42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27 via Frontend Transport; Wed, 20 Mar 2024 08:54:47 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CO1PEPF000044F0.mail.protection.outlook.com (10.167.241.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:54:46 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:54:45 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata , Dov Murik Subject: [PATCH v3 44/49] i386/sev: Extract build_kernel_loader_hashes Date: Wed, 20 Mar 2024 03:39:40 -0500 Message-ID: <20240320083945.991426-45-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000044F0:EE_|PH8PR12MB6747:EE_ X-MS-Office365-Filtering-Correlation-Id: d44691ba-d049-451f-261d-08dc48bb64f7 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: PD4k8L6dX4+8Zz472yqEPVtXueWPRQyXkyCxaPFyR1PFWEv4nAPt7FdZP3GmAfv/5hCp+HfoLu2GvlFJsp5WscpxxmDSKHKE7KOh6aTr+Z1hVl8AXY+adEozIFQHAX9T3s22ACzQp6dcBdRHrkDI1jIFkfLP5okhNcWFYGCpX0nc91pg28ZPr231mvH23VU717+7BRDg8+zCAvEDit0dgGC5K1pbExgyJLTD0K37KAwa6/PTeaG0UAtJgFcR09ra+zYhfd9LTdeA8i3DsmbVfM2vK7sG3QfgFwAvUZFWf669ruxoeIXllLOYmwlAB/Ae41dxQ3lENafH3CdAFjU6TE/uiPa8RXoHw2EDy8gEZ3L5QIepuAJR0Mi0dSXFomRmi2wJeFBBBmJxN1Yb8+DSsBoGKeluiA74Hh0Sn236elpb8UnzhJ/MG4YVbQIrtZKyostjOXn4gbZANcT3WS2aQRQOocLrk5/eVWiT/P2MyqzLJjTOBRENW8YmsJOSLTGxjuoIMB/SjGdYrz1r3zcya3H+oxjxt49B7lxRnWLXCf9vGJ0UxdYWWqa5pIqaIXEtj91pMgkIzUUXTukDhO96acNAedEW0vcing59pSl0/Jr4nLfljIig1tjcN/++/LoAzSBn3BH5subFLBX+9ukz/HYnNY7/t+aDDhP0PxZYrSrI2vkQbfYAP1pdGlXwrDfE6SyF1OpxZYgN1pJ+yKbwlv/tOEdsCUD3kQ/Hrxi9bB2qOzIHoBU9W1CKR8FOmUFi X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(376005)(82310400014)(36860700004)(1800799015);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:54:46.8052 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d44691ba-d049-451f-261d-08dc48bb64f7 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000044F0.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR12MB6747 From: Dov Murik Extract the building of the kernel hashes table out from sev_add_kernel_loader_hashes() to allow building it in other memory areas (for SNP support). No functional change intended. Signed-off-by: Dov Murik Signed-off-by: Michael Roth --- target/i386/sev.c | 101 ++++++++++++++++++++++++++-------------------- 1 file changed, 58 insertions(+), 43 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 3187b3dee8..0913cb7fed 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -1677,45 +1677,16 @@ static const QemuUUID sev_cmdline_entry_guid = { 0x4d, 0x36, 0xab, 0x2a) }; -/* - * Add the hashes of the linux kernel/initrd/cmdline to an encrypted guest page - * which is included in SEV's initial memory measurement. - */ -bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) +static bool build_kernel_loader_hashes(PaddedSevHashTable *padded_ht, + SevKernelLoaderContext *ctx, + Error **errp) { - uint8_t *data; - SevHashTableDescriptor *area; SevHashTable *ht; - PaddedSevHashTable *padded_ht; uint8_t cmdline_hash[HASH_SIZE]; uint8_t initrd_hash[HASH_SIZE]; uint8_t kernel_hash[HASH_SIZE]; uint8_t *hashp; size_t hash_len = HASH_SIZE; - hwaddr mapped_len = sizeof(*padded_ht); - MemTxAttrs attrs = { 0 }; - bool ret = true; - SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); - - /* - * Only add the kernel hashes if the sev-guest configuration explicitly - * stated kernel-hashes=on. - */ - if (!sev_common->kernel_hashes) { - return false; - } - - if (!pc_system_ovmf_table_find(SEV_HASH_TABLE_RV_GUID, &data, NULL)) { - error_setg(errp, "SEV: kernel specified but guest firmware " - "has no hashes table GUID"); - return false; - } - area = (SevHashTableDescriptor *)data; - if (!area->base || area->size < sizeof(PaddedSevHashTable)) { - error_setg(errp, "SEV: guest firmware hashes table area is invalid " - "(base=0x%x size=0x%x)", area->base, area->size); - return false; - } /* * Calculate hash of kernel command-line with the terminating null byte. If @@ -1752,16 +1723,6 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) } assert(hash_len == HASH_SIZE); - /* - * Populate the hashes table in the guest's memory at the OVMF-designated - * area for the SEV hashes table - */ - padded_ht = address_space_map(&address_space_memory, area->base, - &mapped_len, true, attrs); - if (!padded_ht || mapped_len != sizeof(*padded_ht)) { - error_setg(errp, "SEV: cannot map hashes table guest memory area"); - return false; - } ht = &padded_ht->ht; ht->guid = sev_hash_table_header_guid; @@ -1782,7 +1743,61 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) /* zero the excess data so the measurement can be reliably calculated */ memset(padded_ht->padding, 0, sizeof(padded_ht->padding)); - if (sev_encrypt_flash((uint8_t *)padded_ht, sizeof(*padded_ht), errp) < 0) { + return true; +} + +/* + * Add the hashes of the linux kernel/initrd/cmdline to an encrypted guest page + * which is included in SEV's initial memory measurement. + */ +bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) +{ + uint8_t *data; + SevHashTableDescriptor *area; + PaddedSevHashTable *padded_ht; + hwaddr mapped_len = sizeof(*padded_ht); + MemTxAttrs attrs = { 0 }; + bool ret = true; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + + /* + * Only add the kernel hashes if the sev-guest configuration explicitly + * stated kernel-hashes=on. + */ + if (!sev_common->kernel_hashes) { + return false; + } + + if (!pc_system_ovmf_table_find(SEV_HASH_TABLE_RV_GUID, &data, NULL)) { + error_setg(errp, "SEV: kernel specified but guest firmware " + "has no hashes table GUID"); + return false; + } + + area = (SevHashTableDescriptor *)data; + if (!area->base || area->size < sizeof(PaddedSevHashTable)) { + error_setg(errp, "SEV: guest firmware hashes table area is invalid " + "(base=0x%x size=0x%x)", area->base, area->size); + return false; + } + + /* + * Populate the hashes table in the guest's memory at the OVMF-designated + * area for the SEV hashes table + */ + padded_ht = address_space_map(&address_space_memory, area->base, + &mapped_len, true, attrs); + if (!padded_ht || mapped_len != sizeof(*padded_ht)) { + error_setg(errp, "SEV: cannot map hashes table guest memory area"); + return false; + } + + if (build_kernel_loader_hashes(padded_ht, ctx, errp)) { + if (sev_encrypt_flash((uint8_t *)padded_ht, sizeof(*padded_ht), + errp) < 0) { + ret = false; + } + } else { ret = false; } From patchwork Wed Mar 20 08:39:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597583 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2059.outbound.protection.outlook.com [40.107.244.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3A46A3C68C for ; Wed, 20 Mar 2024 08:55:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.59 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924911; cv=fail; b=rXpRNmYva29SgCvluUwLzbKtgkFLuo4AudFzM/Ew30OOzzQR0ngpAP0GmCQ+a09IvRFsBxpFToMxZMkqrXTerMXcyual+MB3cJSnyCkZWAtKi25OYR+Ec4ixC7pFzC5vPaU07jETPkTVgzxFbxIr0qO+K3Kxar+7GtDgGclfjdk= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924911; c=relaxed/simple; bh=W0f6dqUj7ulnEpKN4MTZf0dwoFoQQ0jeMNMsWtGbtAM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=uDyjtTDAs4+rkyVZ/TcqrFFkeG7LJXkj4AN6QzMKu6YOvcCzDsffpFtKOg2pbmnfFKMZEN1BWOcD6x7FO2uJQX3j6RVE0cZJpeJozAP26hCRTQw0MMcXsjWCEUOU8UtyCHvjnq1eYJ6xI5BHanWTFYtFHlOHL11ZIDMxZdNrCfw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=DpaeRCEi; arc=fail smtp.client-ip=40.107.244.59 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="DpaeRCEi" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MYfDGdp8lthSlUuwQbQANPKw6SeZ1Lap+iEYx/3zOSv43DziHzK0HOP8URgwBkWn7MzCT7Zs4dzSaF3QDLkgvb0VhcJ44GdLD5M0GjvrFjKOgkS9vNl2bm6Rgh9Ugk2OCz83GpM4NR/jU7Kyje4J7B7YodoIv1wKMHqV6itBwYLi5MngUW8xTlvr+zoHM/koUmL/+V8VgIxY1WYc8V4UVYLjyIEMxLdurd/b3zVcRJx8GWUQGSFHzoqLuYoGbM80bF2fbQHON3C5J7pxCy4P1YItOucy0y9EXJm6po6RzzBMl0DFgBIgD2agCUKaYSGS8hZ49zS0LBMirCf0Hu75Ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=i6KoxQqYq+wpjnsKhlkfim38Whq3Vk1QO/1DYSyXHLw=; b=SAGXZoV2HUDfA6Nz8TqoC97EPzx4Od2M1DTSF3w+JeUOhiUaiIV2XE0jg7KLwQ1/8/7/v7EvJwQqUaXd9M358vB0oJvGdW+oe8ybAg+rcJkp9pDhEuCYS4KVK1VaxzXbMdc6l7GU2e4xWpmDWbzQW7b53TdSI3RecBr4rNhmCH8z8+h8uYn5Pf4+GAf13iJ4Fh6XWVQLjFvrP9LspnHp3m8nvYj3fzGoM2vXi1g705V+Jl2FUSHPFRy6ZvPGSpUjs6qAJvrGwtTEUlnNoVt+Vt9JWnSJrA58xqt9rHcSy+uT4lfmLNM5ATGhuU2QWSYU5oIuv8/2n49GmxxtsRN5Gg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i6KoxQqYq+wpjnsKhlkfim38Whq3Vk1QO/1DYSyXHLw=; b=DpaeRCEioA2TL7DGLK3f7Yvzma6XrdolyC/iEqGLd2JcUFUoim7MyNY6XRmcdsNA5Z2S+EPefD/Da/nMWjp2k28qrLUFB35KlPUvxjsZSO5geGFftJ/7ooPFIH0gqfvn+JJPuWdH96onyo8fYx6/A+Hv24Xjv8W5zVKSJ2crdYc= Received: from SJ0PR13CA0231.namprd13.prod.outlook.com (2603:10b6:a03:2c1::26) by DM6PR12MB4355.namprd12.prod.outlook.com (2603:10b6:5:2a3::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.34; Wed, 20 Mar 2024 08:55:08 +0000 Received: from CO1PEPF000044EF.namprd05.prod.outlook.com (2603:10b6:a03:2c1:cafe::24) by SJ0PR13CA0231.outlook.office365.com (2603:10b6:a03:2c1::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.11 via Frontend Transport; Wed, 20 Mar 2024 08:55:07 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CO1PEPF000044EF.mail.protection.outlook.com (10.167.241.69) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:55:07 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:55:06 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata , Dov Murik Subject: [PATCH v3 45/49] i386/sev: Reorder struct declarations Date: Wed, 20 Mar 2024 03:39:41 -0500 Message-ID: <20240320083945.991426-46-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000044EF:EE_|DM6PR12MB4355:EE_ X-MS-Office365-Filtering-Correlation-Id: bd86d91d-fc20-4f38-342d-08dc48bb7162 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: NmnL58QzagbRXtqBA7UPMDy71LmWPm2oVkni8QXIeNh36SagQ2w4x1FLDmnfLHkRetGdMTyycMMiCD2eA7W6oS3GhUrStERq4gn7ImVnJRR7zy2vtut2TJQYwQWBFFvxU40MyS3HNVw0VNNUDehtG2JVoe/DONur3/S81aRGnI0D153WGkpa+zu+/2PNDUqtsvD3QjtahkfoPc7QNvIlnhzK6p3XxaqxMgh/6TzNpqFXzWQ9BhiVt6dy1jv9ccGhahjQTp9U5b4O0oBAXuOn0TYo/IytCfrYdzQrCXQzJ8EytjKJ2WFDCbHFSx/se2ZvDklkQ9UeF77I7l3CNZwm+Hv7cESKFg0VTTaj/Qa0rlAluWbKjbkav+ETmpPqCwzgjFpUJbKzpeiAs4kPY2Gy0uoyUfjwox/DG53wCeVSGwtLkAEUNRWOIEz/e9yfHqDcVI2soz0pOtenAMd7WW4ndeyo4abTRW1k9EjD1CT2PV1X0OC9U45Ty5eO86LaIp4+RbAbPfj4n5Hyw0h+egBAGrWpdoyZ0YN+q0S23ywlgcASjsbo4HJLSP7c+Odfpk4Bqz4lJpOEuP/ta3+0MGdYV5B9f/nXM8qOtgGrcmuo3L8BOpipcynhvv9lKsRUCbyNB1gYHpshZt92YyCbSMV4/4QxJBXBosdavoxFldFR1XglWOqMEOqpWaML2/fVpQF5TM57AyB9V/PWQYnitg9i51BMD85Fe7k4i0j8ddrVNXPr9eQgQPMIePwb5FBqQIbM X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(82310400014)(36860700004)(1800799015)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:55:07.6707 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bd86d91d-fc20-4f38-342d-08dc48bb7162 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000044EF.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4355 From: Dov Murik Move the declaration of PaddedSevHashTable before SevSnpGuest so we can add a new such field to the latter. No functional change intended. Signed-off-by: Dov Murik Signed-off-by: Michael Roth --- target/i386/sev.c | 56 +++++++++++++++++++++++------------------------ 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 0913cb7fed..4bc6004037 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -41,6 +41,34 @@ #include "exec/address-spaces.h" #include "qemu/queue.h" +/* hard code sha256 digest size */ +#define HASH_SIZE 32 + +typedef struct QEMU_PACKED SevHashTableEntry { + QemuUUID guid; + uint16_t len; + uint8_t hash[HASH_SIZE]; +} SevHashTableEntry; + +typedef struct QEMU_PACKED SevHashTable { + QemuUUID guid; + uint16_t len; + SevHashTableEntry cmdline; + SevHashTableEntry initrd; + SevHashTableEntry kernel; +} SevHashTable; + +/* + * Data encrypted by sev_encrypt_flash() must be padded to a multiple of + * 16 bytes. + */ +typedef struct QEMU_PACKED PaddedSevHashTable { + SevHashTable ht; + uint8_t padding[ROUND_UP(sizeof(SevHashTable), 16) - sizeof(SevHashTable)]; +} PaddedSevHashTable; + +QEMU_BUILD_BUG_ON(sizeof(PaddedSevHashTable) % 16 != 0); + OBJECT_DECLARE_SIMPLE_TYPE(SevCommonState, SEV_COMMON) OBJECT_DECLARE_SIMPLE_TYPE(SevGuestState, SEV_GUEST) OBJECT_DECLARE_SIMPLE_TYPE(SevSnpGuestState, SEV_SNP_GUEST) @@ -131,34 +159,6 @@ typedef struct QEMU_PACKED SevHashTableDescriptor { uint32_t size; } SevHashTableDescriptor; -/* hard code sha256 digest size */ -#define HASH_SIZE 32 - -typedef struct QEMU_PACKED SevHashTableEntry { - QemuUUID guid; - uint16_t len; - uint8_t hash[HASH_SIZE]; -} SevHashTableEntry; - -typedef struct QEMU_PACKED SevHashTable { - QemuUUID guid; - uint16_t len; - SevHashTableEntry cmdline; - SevHashTableEntry initrd; - SevHashTableEntry kernel; -} SevHashTable; - -/* - * Data encrypted by sev_encrypt_flash() must be padded to a multiple of - * 16 bytes. - */ -typedef struct QEMU_PACKED PaddedSevHashTable { - SevHashTable ht; - uint8_t padding[ROUND_UP(sizeof(SevHashTable), 16) - sizeof(SevHashTable)]; -} PaddedSevHashTable; - -QEMU_BUILD_BUG_ON(sizeof(PaddedSevHashTable) % 16 != 0); - static Error *sev_mig_blocker; static const char *const sev_fw_errlist[] = { From patchwork Wed Mar 20 08:39:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597584 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2054.outbound.protection.outlook.com [40.107.243.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EA0981B5A4 for ; Wed, 20 Mar 2024 08:55:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.54 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924934; cv=fail; b=a1fKuangxE0zKdZxiN7EJhJTCXOt7izeIL1lNPFokkkXbsdphltqfDyZJTJBQWHx46u8vXnzpi7q4WQpClCprYoELLDWSEK+rQMpzixAtctHYaJ0Oua0z80zZX/X6mpUnxpy9YowlFWXHuKFVCLUI3Ztui1ZXihIhOXzuuT7wU0= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924934; c=relaxed/simple; bh=CBAhJguajUwrhIjZJ1qYZwolusw+2g7rmydv0cijDQs=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=mS5iN+FoP1poLQJO+CXu/ivscHd78s0sn4ssYkBLDQeF+EE29sA/u3kiiKYd12dLdL4OTdxc+Kz44wdtKnz0c7vl6/yaJfp1krGpIzO1QaLB+7sm0eYLvDCB9aNyxF0oZ7HuA9K5ix/kXpmUUjJGE6jFSGW94OK+mXChKkD7yRI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=ExKzrtIU; arc=fail smtp.client-ip=40.107.243.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="ExKzrtIU" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hba/c/kxHH0UJA1s2cnBQ+iXxH1BtZF1qxtq7GfmPCnBztlmgamNRZ4Zc9KDY+IT3b/r95zGmy2//pr3XKkn4lJRlWoe849cM9eTHhQ6eyDzK1TYoCj/RH/7LPVS0eNdYFb1vyEKyYAORbeZyFoJGdmBKcN+Oz7glRzSm6SbNz0PeKCLzxPGzYI76F3nvAwpnQASel6dWEqqYjSoJAd3RtncXxcCBRd8aCqh6nnlvjmXtiDFJZ58bDRZVZYno4nxy+E7oeY4MsOtX9K8JacLiqptLCHeCnRzwVnYCTn9dg6VqP/AED7n0JJLuXONMRKKHT/frrhKhIaudFmFUMuJaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=m1GjgWN+0ziFXpiGnyC60nIhOfw2pfPyQgo0dSBqZxc=; b=D8BNlB2gRRtR/qtlQRWtqAGJCkWMHL96hgcMI+tw4Qpq7aerlJFsp73u+qraXlwMDeADvEMgT2eGXfwFR9jGIiZoD5QUv14+4uyUJ1EGMNkL5Q53I5G3proOL2h46Z+tVslM0xApOWbyWFHUQXcxOKtVmp2aFg2i8dFOCO8hxkCktiJxnngWHonEJhjeikaW2pE5unOfJYtWZsuhX/6zErWP8bWe+ZOmfp1O0iQS+SN5Xe3DPa2SHK/g8V2+IvScja5ZQcKuf1rIZZRr9+BN9zQGKY5HmgK0RYKnODztuH23Lz5jAbzQgF/e7+9HTg9cSDUrBSdL5zlF5kAwRlBjFw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=m1GjgWN+0ziFXpiGnyC60nIhOfw2pfPyQgo0dSBqZxc=; b=ExKzrtIU1NZAx/qJUzXZ+yoHiZG0Pf8jBAyvQgxIFYUe0QwRyZXwlorymNBLYzr/g4wq6mj0l47Ztlmir/Kb4iOrtNzCshH1YJfSnif2ZI17wDr5LKK9FcAnVaI32rYxgtLUYnetvWRo2T8Ji4k1w/5tN5bxZjG0CAtTqGaCzKs= Received: from SJ0PR03CA0109.namprd03.prod.outlook.com (2603:10b6:a03:333::24) by PH7PR12MB7212.namprd12.prod.outlook.com (2603:10b6:510:207::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.28; Wed, 20 Mar 2024 08:55:29 +0000 Received: from CO1PEPF000044EE.namprd05.prod.outlook.com (2603:10b6:a03:333:cafe::20) by SJ0PR03CA0109.outlook.office365.com (2603:10b6:a03:333::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.26 via Frontend Transport; Wed, 20 Mar 2024 08:55:28 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CO1PEPF000044EE.mail.protection.outlook.com (10.167.241.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:55:28 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:55:27 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata , Dov Murik Subject: [PATCH v3 46/49] i386/sev: Allow measured direct kernel boot on SNP Date: Wed, 20 Mar 2024 03:39:42 -0500 Message-ID: <20240320083945.991426-47-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000044EE:EE_|PH7PR12MB7212:EE_ X-MS-Office365-Filtering-Correlation-Id: 304193d4-6a46-4e3d-36f1-08dc48bb7de2 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 0Cn7DEeqqq4bdIdg+9PdBq8R0mOFr1mZ+WvICaNoIxSVdEEU+Hh5VsgJpE1DzS2qSAFG2QKP4Y5QFUzxg8VVIMXH6b3eoNsrxXf6MQQrU1ay2BXhcDSkE5oKRlPQ65fD0KPQmRN4Cds0VS/iJDuz8BfyGXRcsQfcwvPZ2kTAqp5Wu+wp9IQixiuSTPUkrdVD86PREmL7vNaghXK+GH4Xjyc4Elr0Tw5ClMWCyapUbQOLM/Sp1ZkPa0AReOP69qSUpCtarIG0JHQ68I+/PPK79UlfZxEnCSpmL0sHLv+bmfav/uKcELlpcz9LOOvbMYn1h3ov3+CT23g+CDqH8WFApU0bF25p1rQ6J0a3Kgj8Kqb3ZABpdS6w9LWJY+9KPx+04cxWj9nc2MZSjU2YlehoyZql6+ntgByjEHbe1zii2BJKB+NtnekXpFEcPayDAciabFlOMU5TASwBWi1TLQn1f3JqAA2HH6INiNJHUbJh1ceepH8QPyt7t3iHAOs7byi7PAJozv11NWzS7fynmEtPzo/MdMrrJp77RAi1m3FbWODrCzU+p1N5o1jfzvkC86BDI38IlkkkOEFpID7SSTnfh3Rfqz2ggG3eq/PTfaImR7bBNR651CJgWR2jCH0BWpnTfdyTMg2WXW0x8NqN0vnomOzLFCADqsoWjPjrCUABF3RdzhsxZFU/LhM22xnoHV4xchn3BWQsg0HdZE2jxywOtRbzucBL/+0dWkNoutvBiNIVTvrRVIwAu366TokRLPvO X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(376005)(36860700004)(82310400014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:55:28.6266 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 304193d4-6a46-4e3d-36f1-08dc48bb7de2 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000044EE.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB7212 From: Dov Murik In SNP, the hashes page designated with a specific metadata entry published in AmdSev OVMF. Therefore, if the user enabled kernel hashes (for measured direct boot), QEMU should prepare the content of hashes table, and during the processing of the metadata entry it copy the content into the designated page and encrypt it. Note that in SNP (unlike SEV and SEV-ES) the measurements is done in whole 4KB pages. Therefore QEMU zeros the whole page that includes the hashes table, and fills in the kernel hashes area in that page, and then encrypts the whole page. The rest of the page is reserved for SEV launch secrets which are not usable anyway on SNP. If the user disabled kernel hashes, QEMU pre-validates the kernel hashes page as a zero page. Signed-off-by: Dov Murik Signed-off-by: Michael Roth --- include/hw/i386/pc.h | 2 ++ target/i386/sev.c | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h index df9a61540d..d9d3a5b5b8 100644 --- a/include/hw/i386/pc.h +++ b/include/hw/i386/pc.h @@ -171,6 +171,8 @@ typedef enum { SEV_DESC_TYPE_SNP_SECRETS, /* The section contains address that can be used as a CPUID page */ SEV_DESC_TYPE_CPUID, + /* The section contains the region for kernel hashes for measured direct boot */ + SEV_DESC_TYPE_SNP_KERNEL_HASHES = 0x10, } ovmf_sev_metadata_desc_type; diff --git a/target/i386/sev.c b/target/i386/sev.c index 4bc6004037..e2506f74da 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -129,6 +129,9 @@ struct SevSnpGuestState { struct kvm_sev_snp_launch_start kvm_start_conf; struct kvm_sev_snp_launch_finish kvm_finish_conf; + + uint32_t kernel_hashes_offset; + PaddedSevHashTable *kernel_hashes_data; }; #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ @@ -1117,6 +1120,23 @@ snp_launch_update_cpuid(uint32_t cpuid_addr, void *hva, uint32_t cpuid_len) return snp_launch_update_data(cpuid_addr, hva, cpuid_len, KVM_SEV_SNP_PAGE_TYPE_CPUID); } +static int +snp_launch_update_kernel_hashes(SevSnpGuestState *sev_snp, uint32_t addr, + void *hva, uint32_t len) +{ + int type = KVM_SEV_SNP_PAGE_TYPE_ZERO; + if (sev_snp->sev_common.kernel_hashes) { + assert(sev_snp->kernel_hashes_data); + assert((sev_snp->kernel_hashes_offset + + sizeof(*sev_snp->kernel_hashes_data)) <= len); + memset(hva, 0, len); + memcpy(hva + sev_snp->kernel_hashes_offset, sev_snp->kernel_hashes_data, + sizeof(*sev_snp->kernel_hashes_data)); + type = KVM_SEV_SNP_PAGE_TYPE_NORMAL; + } + return snp_launch_update_data(addr, hva, len, type); +} + static int snp_metadata_desc_to_page_type(int desc_type) { @@ -1125,6 +1145,7 @@ snp_metadata_desc_to_page_type(int desc_type) case SEV_DESC_TYPE_SNP_SEC_MEM: return KVM_SEV_SNP_PAGE_TYPE_ZERO; case SEV_DESC_TYPE_SNP_SECRETS: return KVM_SEV_SNP_PAGE_TYPE_SECRETS; case SEV_DESC_TYPE_CPUID: return KVM_SEV_SNP_PAGE_TYPE_CPUID; + case SEV_DESC_TYPE_SNP_KERNEL_HASHES: return KVM_SEV_SNP_PAGE_TYPE_NORMAL; default: return -1; } } @@ -1155,6 +1176,9 @@ snp_populate_metadata_pages(SevSnpGuestState *sev_snp, OvmfSevMetadata *metadata if (type == KVM_SEV_SNP_PAGE_TYPE_CPUID) { ret = snp_launch_update_cpuid(desc->base, hva, desc->len); + } else if (desc->type == SEV_DESC_TYPE_SNP_KERNEL_HASHES) { + ret = snp_launch_update_kernel_hashes(sev_snp, desc->base, hva, + desc->len); } else { ret = snp_launch_update_data(desc->base, hva, desc->len, type); } @@ -1781,6 +1805,18 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) return false; } + if (sev_snp_enabled()) { + /* + * SNP: Populate the hashes table in an area that later in + * snp_launch_update_kernel_hashes() will be copied to the guest memory + * and encrypted. + */ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(sev_common); + sev_snp_guest->kernel_hashes_offset = area->base & ~TARGET_PAGE_MASK; + sev_snp_guest->kernel_hashes_data = g_new0(PaddedSevHashTable, 1); + return build_kernel_loader_hashes(sev_snp_guest->kernel_hashes_data, ctx, errp); + } + /* * Populate the hashes table in the guest's memory at the OVMF-designated * area for the SEV hashes table From patchwork Wed Mar 20 08:39:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597585 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2055.outbound.protection.outlook.com [40.107.244.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DE1363B791 for ; Wed, 20 Mar 2024 08:55:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.55 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924953; cv=fail; b=D2w5BSvRNbwD7bgO9IWMF/hAUHbVMTmmMQIhono6TmI0HliA2ScD9lxw88tSelFJnypxCGCW0hp0zGE5+h06J3pkONy9RpJwgGHRc/RZjBspDY/CICh4zDWFCGnaD+87CBQk+ujSWf8lftIAK6t7dyu/9asCccRUfLZe2533RA0= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924953; c=relaxed/simple; bh=BBCmmMiLbqnIhDpW+4Z4NRWl2vuX/NIBBlIcdqY8maU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=aupR3h5OvqpeAiJAvuQttfP4EJNcebjwEC2KDYmf/y2gGS/mn1q7qvQFQ9Eyhx85BCLcUXVohvpqtaFBSNwoZ3gAwJtqUlWNfr2uOay52TYeF1m2a5DUUlhez54OxMMJBzf61zYsM4W1RiTwwPnryj1HEWh5HW4sm/u4Z3owrck= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=QfXfgAzK; arc=fail smtp.client-ip=40.107.244.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="QfXfgAzK" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WCxlwSCgiU4nC3r8sMLAXL/sBtFGzjajO3VVSAEgB7uF9AWTHU2ipxNEM5eCV/uQ2DPm+QRziPZiSBdaoSG8bmVZBDZcU6ssu4sFSA/UWSNJ1aM9JdDrGj7mRM0sjEHPRx30LlBx1pljJWds3qYzMRP3+iPY+VQrt6CW4M+4M4Twc7wVUEHCwCgBG3/B1jyEGViTBugooyCGbKRPv5PX3WKV8nztQO3Hh1GWJTZUGwQMWI/G9Qls4n1z1mQEbqYFodTfa4xOcYEzXiSSN43ZJGvgbKvmgaS3TEYnqG3gC9RHDJrmFEVg8nNpDCMLqTVB0bRd1ZzqlrNUjMFIrnJkqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BQPDiZM6u49YLOOuOVH8cA/W1WwHxBkgenoMkfrl3jc=; b=a5E+kLAv7dd5qEDHUTpUyMoEpCLIsyLgMCkYbhWYMt4IXqMrgFiOoUIZJXmHilM/bf4u3ha+QB1YroDzyP7u+cs/R7fi2P9TWYjxz9GbbYIyTMpFRuUpqJZxle27GvlxBiKfTI9oJ2SNUDh5EEd6wWI/Sbl8Ji7RPYi9x4MNy88T3GGz1lytPdLsYkmz7vW5SCuNI8T+SjW9vl9rK+DDvArzn+tOnPpqA0ZTGL1P12T10wYLVM3TpaNgpcPyZSeltzqBw8+44baKD9vnwNldPgWncs9XoPyoJQxKsG5K3I5XSQZb8aVhHf3ay6gWivlzOW9ER1qEWPJKc4VBlwYGJA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BQPDiZM6u49YLOOuOVH8cA/W1WwHxBkgenoMkfrl3jc=; b=QfXfgAzKMVpH7zqdeNODwBSNyyLeWnh3b8nkWuHD7ggwQFXrHtgSqkQbljgBBeZyJYGkpp7SiUTCqTFF0K8x1M1j+4M67U6DhtAhyNDHch5wVV9QCcHtYxEa/jVCMkhQrW4dw0aDO7ckdofHOZmJq28UBIChdM0IfwQLhB2u7U0= Received: from BYAPR07CA0057.namprd07.prod.outlook.com (2603:10b6:a03:60::34) by PH8PR12MB6842.namprd12.prod.outlook.com (2603:10b6:510:1c9::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.28; Wed, 20 Mar 2024 08:55:49 +0000 Received: from CO1PEPF000044F3.namprd05.prod.outlook.com (2603:10b6:a03:60:cafe::ea) by BYAPR07CA0057.outlook.office365.com (2603:10b6:a03:60::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.26 via Frontend Transport; Wed, 20 Mar 2024 08:55:49 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CO1PEPF000044F3.mail.protection.outlook.com (10.167.241.73) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:55:49 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:55:48 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 47/49] hw/i386/sev: Add support to encrypt BIOS when SEV-SNP is enabled Date: Wed, 20 Mar 2024 03:39:43 -0500 Message-ID: <20240320083945.991426-48-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000044F3:EE_|PH8PR12MB6842:EE_ X-MS-Office365-Filtering-Correlation-Id: 3d2c1fe5-34e8-4cf4-1997-08dc48bb8a58 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: uIVsm6e9Qzjx/69NnJo/+kjClghbATXQ1L1VUYIBZ7EicO9hWZpFqWjI+S1jG+QGJH+dhzwYm0ZnjO6wDy1t6+bskaxvm0DxfztNSMylniHHwN99rGYzZqVObm0rG4z8mmAchtHfqrmRC/2aBcUk1vrkpP2aumg0hlg717/scVGzlb1pq9m2hDYjkY9fJjkyVTTovEIMDd2oXmFg5C2y6TMrWyWUSY7cHYXulbXCdqJugJ0o9KfwZl3Nmi9CKAEdfqngGw6KoIvWw96GcLArvyb9k3x+qo4pOf7537TTonRDB9UfzXSzVhzRmR+Ew8WJRUQAKKGcnwIPe2NGGKDR29deHohqGMvpRchz2qunRAmScc0X690LBEUCJZlPIP4gfFxJMEgQ/AwGtQKxHVmEmUF5qH0PkRq8ZuJ6/meCbIXvI3ZjKMzHz1PlrlPfHLxVhuUWAtKWpDkV6WarhEvTT6u3u5GoP/xegcxcnsFzPn+1YeIkHOwFcdwoR6XebovGEujQeLmM0g0JRyzPpQnbJWgdFSMSkGEuzTcuXFj5DGsDfdGTDA3eBEWXEkIMezMLt5T/m6Rn5K33yS5cXQxAwM/tyrrHuoOrrUWu9VUgtCvTGeYtJD4tmJv8MnVKYIktk6RmUi6VddI0e7NSQdW/rZ/WAh0leflfSaLk9a4TrZGFErHQsQe9IZTi8VOFGnWoXQlT3XnbI+Sli8NTg0A7MLvOsZ4BbiV4GKYrFu/8uN4GEPz9JtA580G/G1eQOOLR X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(376005)(36860700004)(1800799015)(82310400014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:55:49.5162 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3d2c1fe5-34e8-4cf4-1997-08dc48bb8a58 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000044F3.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR12MB6842 TODO: Brijesh as author, me as co-author (vice-versa depending) drop flash handling? we only support BIOS now Signed-off-by: Michael Roth --- hw/i386/pc_sysfw.c | 12 +++++++----- hw/i386/x86.c | 2 +- include/hw/i386/x86.h | 2 +- target/i386/sev-sysemu-stub.c | 2 +- target/i386/sev.c | 15 +++++++++++---- target/i386/sev.h | 2 +- 6 files changed, 22 insertions(+), 13 deletions(-) diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c index 3efabbbab2..9dbb3f7337 100644 --- a/hw/i386/pc_sysfw.c +++ b/hw/i386/pc_sysfw.c @@ -149,6 +149,8 @@ static void pc_system_flash_map(PCMachineState *pcms, assert(PC_MACHINE_GET_CLASS(pcms)->pci_enabled); for (i = 0; i < ARRAY_SIZE(pcms->flash); i++) { + hwaddr gpa; + system_flash = pcms->flash[i]; blk = pflash_cfi01_get_blk(system_flash); if (!blk) { @@ -178,11 +180,11 @@ static void pc_system_flash_map(PCMachineState *pcms, } total_size += size; + gpa = 0x100000000ULL - total_size; /* where the flash is mapped */ qdev_prop_set_uint32(DEVICE(system_flash), "num-blocks", size / FLASH_SECTOR_SIZE); sysbus_realize_and_unref(SYS_BUS_DEVICE(system_flash), &error_fatal); - sysbus_mmio_map(SYS_BUS_DEVICE(system_flash), 0, - 0x100000000ULL - total_size); + sysbus_mmio_map(SYS_BUS_DEVICE(system_flash), 0, gpa); if (i == 0) { flash_mem = pflash_cfi01_get_memory(system_flash); @@ -192,7 +194,7 @@ static void pc_system_flash_map(PCMachineState *pcms, if (sev_enabled()) { flash_ptr = memory_region_get_ram_ptr(flash_mem); flash_size = memory_region_size(flash_mem); - x86_firmware_configure(flash_ptr, flash_size); + x86_firmware_configure(gpa, flash_ptr, flash_size); } } } @@ -245,7 +247,7 @@ void pc_system_firmware_init(PCMachineState *pcms, pc_system_flash_cleanup_unused(pcms); } -void x86_firmware_configure(void *ptr, int size) +void x86_firmware_configure(hwaddr gpa, void *ptr, int size) { int ret; @@ -262,6 +264,6 @@ void x86_firmware_configure(void *ptr, int size) exit(1); } - sev_encrypt_flash(ptr, size, &error_fatal); + sev_encrypt_flash(gpa, ptr, size, &error_fatal); } } diff --git a/hw/i386/x86.c b/hw/i386/x86.c index 825dc4c735..e3ddc39133 100644 --- a/hw/i386/x86.c +++ b/hw/i386/x86.c @@ -1161,7 +1161,7 @@ void x86_bios_rom_init(MachineState *ms, const char *default_firmware, */ void *ptr = memory_region_get_ram_ptr(bios); load_image_size(filename, ptr, bios_size); - x86_firmware_configure(ptr, bios_size); + x86_firmware_configure(0x100000000ULL - bios_size, ptr, bios_size); } else { if (!isapc_ram_fw) { memory_region_set_readonly(bios, true); diff --git a/include/hw/i386/x86.h b/include/hw/i386/x86.h index 4dc30dcb4d..53dfd95cb2 100644 --- a/include/hw/i386/x86.h +++ b/include/hw/i386/x86.h @@ -143,6 +143,6 @@ void ioapic_init_gsi(GSIState *gsi_state, Object *parent); DeviceState *ioapic_init_secondary(GSIState *gsi_state); /* pc_sysfw.c */ -void x86_firmware_configure(void *ptr, int size); +void x86_firmware_configure(hwaddr gpa, void *ptr, int size); #endif diff --git a/target/i386/sev-sysemu-stub.c b/target/i386/sev-sysemu-stub.c index 96e1c15cc3..6af643e3a1 100644 --- a/target/i386/sev-sysemu-stub.c +++ b/target/i386/sev-sysemu-stub.c @@ -42,7 +42,7 @@ void qmp_sev_inject_launch_secret(const char *packet_header, const char *secret, error_setg(errp, "SEV is not available in this QEMU"); } -int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) +int sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp) { g_assert_not_reached(); } diff --git a/target/i386/sev.c b/target/i386/sev.c index e2506f74da..d8e6aba67c 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -1449,7 +1449,7 @@ err: } int -sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) +sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp) { SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); @@ -1459,7 +1459,14 @@ sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) /* if SEV is in update state then encrypt the data else do nothing */ if (sev_check_state(sev_common, SEV_STATE_LAUNCH_UPDATE)) { - int ret = sev_launch_update_data(SEV_GUEST(sev_common), ptr, len); + int ret; + + if (sev_snp_enabled()) { + ret = snp_launch_update_data(gpa, ptr, len, + KVM_SEV_SNP_PAGE_TYPE_NORMAL); + } else { + ret = sev_launch_update_data(SEV_GUEST(sev_common), ptr, len); + } if (ret < 0) { error_setg(errp, "SEV: Failed to encrypt pflash rom"); return ret; @@ -1829,8 +1836,8 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) } if (build_kernel_loader_hashes(padded_ht, ctx, errp)) { - if (sev_encrypt_flash((uint8_t *)padded_ht, sizeof(*padded_ht), - errp) < 0) { + if (sev_encrypt_flash(area->base, (uint8_t *)padded_ht, + sizeof(*padded_ht), errp) < 0) { ret = false; } } else { diff --git a/target/i386/sev.h b/target/i386/sev.h index 5cbfc3365b..d570777769 100644 --- a/target/i386/sev.h +++ b/target/i386/sev.h @@ -59,7 +59,7 @@ uint32_t sev_get_cbit_position(void); uint32_t sev_get_reduced_phys_bits(void); bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp); -int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp); +int sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp); int sev_inject_launch_secret(const char *hdr, const char *secret, uint64_t gpa, Error **errp); From patchwork Wed Mar 20 08:39:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597586 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2042.outbound.protection.outlook.com [40.107.223.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E827E39AC1 for ; Wed, 20 Mar 2024 08:56:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.42 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924976; cv=fail; b=FgX4zAXbXrTtH7ooHG+ePHa2BwzRv6d4wX1CiGKnuiJncpQR2irjVjZRQeK6geGHNCD6DlA3NNtMjcS9yVuVfs7rrFrf+1GMMlmWj+X4Ni9cPB74hJRJuOV0I17VIjg2VIVANx/Y6oyZKMMPfGn4BGwlPzKVhwM7Ozey/HUJcIM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924976; c=relaxed/simple; bh=9s6dVFxYHMwgvp09hx/VMFYPjtM6jvtgjx9PzvEleMg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=OyYXGPoed5Ng2ii32glzjyzy4CWITS3uECnrb+gLu7FcRnZMmE3v24eIw/lqmX5OSCl7hYukuOQ0INupJ1M7gBIvCnDMr7YhoppTOWRthEh1Jx/ycSTghpckXXQz6SoV9NoK9bqJehlG4gHZbdydrl+nOX7guw8VWw3M1IH3Oa4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=ALp8rBgC; arc=fail smtp.client-ip=40.107.223.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="ALp8rBgC" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PeBlpNlXQxuvWvoIP0Lezk8qMm07hVp9Xomsrz22eHkeI+Jw/ncn46iPF8Z69L7uaK6vmQJs9X9hHO2o8Z9cku58s9GCCH/mFWzbV8Y4UfvBdKM8NOYvzb2D354nY+CRHQEclX9IWbnF2z2hA1mn9lmakCctCY8VOhH+rfn66a1ustPu0UvuDbbMVuo5zp0DT8/9Kw3x8xvKaeYZCLAyQgISuX7hg4Wwu5J4IOg9DeejBkfmxXNmrBhISDziaIPr/1lfV71MV6Ege8HD8sy5YlH1j16eHCJoh1C5G4O8Sp22zRPijrm6ADob9fRLjy6xobY/2Erkpco3RKPTT/alKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0E/Kfm7FjVTHJdrRiizkTs8U/YQj6h39yD41y1O7YEY=; b=MonyoSvxha17UvF9fZoijSG9k9Hqsgd3sFj+8FaCmFxZ1qbNCHVxaO8bG/PnuIncfuySSIEWugr3WpehMa3LtX/0eDKqmfc6TFKu4dY1xsdfsYSub/Q8JaZKlsfRoW54JMr+/RtXy+GlYQ1vzA5CD76YFe0EuW3067p1sm3nNDnE44Q1VLDeemnZ+QUJzJILGlvnzDaPV1e/uMO5DKTgNUvRzlDQYf1hs2VlyRv/eLpPpFfxBYu+IwxSSfbBaEdYXiEMbFo96h4078ZiOAsJlLm+WDpBbXel6WR5xMrDOrgn6Q5bYpxPBPhfneKj+lO7zY8ueS0N2SZd2eCQ70YgYg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0E/Kfm7FjVTHJdrRiizkTs8U/YQj6h39yD41y1O7YEY=; b=ALp8rBgC4zxEExXM2cKfpIJj1CX9AMpZkUw5hN3BYedy7uPRWkKM5fT/s+43wQdfKBvNSS+lya+RTy/nYTfgrjWb+jEIaYw6/pWHbVnvGtd3r9Cl+NUnQ0zWGP284rrQyvMI5gfhscf4ChoPTl/8UQ4fuNlDiqr0RZtX+ZuJGlc= Received: from BYAPR07CA0032.namprd07.prod.outlook.com (2603:10b6:a02:bc::45) by MW6PR12MB7085.namprd12.prod.outlook.com (2603:10b6:303:238::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.31; Wed, 20 Mar 2024 08:56:12 +0000 Received: from CO1PEPF000044F2.namprd05.prod.outlook.com (2603:10b6:a02:bc:cafe::47) by BYAPR07CA0032.outlook.office365.com (2603:10b6:a02:bc::45) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.27 via Frontend Transport; Wed, 20 Mar 2024 08:56:12 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CO1PEPF000044F2.mail.protection.outlook.com (10.167.241.72) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:56:11 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:56:09 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 48/49] hw/i386/sev: Use guest_memfd for legacy ROMs Date: Wed, 20 Mar 2024 03:39:44 -0500 Message-ID: <20240320083945.991426-49-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000044F2:EE_|MW6PR12MB7085:EE_ X-MS-Office365-Filtering-Correlation-Id: a6bbff3f-3dc2-47bf-2ea7-08dc48bb97a1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: oP1IYz3RRSF70OF0Wt1opqwX+IbO53yRvmllQP8V6FOufCgL07I3iwo6iB+IPzw2/Q5gpIlpf2hNkAeLz8fJtzBUD7q2DRbvl47VUFzYDUODT7AGEiv+h+NcYI2RiJ9pz4KAAyke77QsYqpll8ISFBv8mM95um/S01gI+CTUTrsFSdfXiDI0h9QwLSPogwXeg1Gv4aXFP9wRCEov42oo/13i+3sXK8yZ9klHitUOBGnb1kuZ7RUbMLo7SfZLLRMkbpyneV+WBa5OqDoRDQuZMeQ8S+/LAwpsSyrq0Oxj04wY4eYb2H8lS8OfP5EMitlHqWEoqXdk2dOFPeWkv2BFbhvuzUD41dqh787CNDYu24ZlABqypyudNyD6JizAXX83rpx4cFoZGDWkzUDDRgYBIKFvB3qwBaAzelBlMq3EAKQmwO30CdxZAilXJr9VcG83axsTdlXBOmjdVLNvtvywFFA8sqaJi6yTQ6mP5sGrUN4/bEwbMCykwr34Aooa9z5rNrFLMBnetAAAQt7XASkf6MCrjoTx8AOjlzd+3pzkWDPGOYUg/zWRaYtmYOPSXHpR384wGzCPjuduQrZBit+bFQGLOafg39AaDg2rOi4Nc5SdFm/X+p5Uh03dlvLhApgyjTCmQTeBK79D96O5YPQtmKnj1rO25/C4mL6MpiupTtmHHzJzxmlFGfxsV24zJbHDmCzaQGKQbH5eqxZ5tia/66CClmE0R9sFuWyWCyee4LOILrHNjubjI1/NcXGk+wRc X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(82310400014)(36860700004)(1800799015)(376005);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:56:11.7274 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a6bbff3f-3dc2-47bf-2ea7-08dc48bb97a1 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000044F2.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW6PR12MB7085 TODO: make this SNP-specific if TDX disables legacy ROMs in general Current SNP guest kernels will attempt to access these regions with with C-bit set, so guest_memfd is needed to handle that. Otherwise, kvm_convert_memory() will fail when the guest kernel tries to access it and QEMU attempts to call KVM_SET_MEMORY_ATTRIBUTES to set these ranges to private. Whether guests should actually try to access ROM regions in this way (or need to deal with legacy ROM regions at all), is a separate issue to be addressed on kernel side, but current SNP guest kernels will exhibit this behavior and so this handling is needed to allow QEMU to continue running existing SNP guest kernels. Signed-off-by: Michael Roth --- hw/i386/pc.c | 13 +++++++++---- hw/i386/pc_sysfw.c | 13 ++++++++++--- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/hw/i386/pc.c b/hw/i386/pc.c index feb7a93083..5feaeb43ee 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -1011,10 +1011,15 @@ void pc_memory_init(PCMachineState *pcms, pc_system_firmware_init(pcms, rom_memory); option_rom_mr = g_malloc(sizeof(*option_rom_mr)); - memory_region_init_ram(option_rom_mr, NULL, "pc.rom", PC_ROM_SIZE, - &error_fatal); - if (pcmc->pci_enabled) { - memory_region_set_readonly(option_rom_mr, true); + if (machine_require_guest_memfd(machine)) { + memory_region_init_ram_guest_memfd(option_rom_mr, NULL, "pc.rom", + PC_ROM_SIZE, &error_fatal); + } else { + memory_region_init_ram(option_rom_mr, NULL, "pc.rom", PC_ROM_SIZE, + &error_fatal); + if (pcmc->pci_enabled) { + memory_region_set_readonly(option_rom_mr, true); + } } memory_region_add_subregion_overlap(rom_memory, PC_ROM_MIN_VGA, diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c index 9dbb3f7337..850f86edd4 100644 --- a/hw/i386/pc_sysfw.c +++ b/hw/i386/pc_sysfw.c @@ -54,8 +54,13 @@ static void pc_isa_bios_init(MemoryRegion *rom_memory, /* map the last 128KB of the BIOS in ISA space */ isa_bios_size = MIN(flash_size, 128 * KiB); isa_bios = g_malloc(sizeof(*isa_bios)); - memory_region_init_ram(isa_bios, NULL, "isa-bios", isa_bios_size, - &error_fatal); + if (machine_require_guest_memfd(current_machine)) { + memory_region_init_ram_guest_memfd(isa_bios, NULL, "isa-bios", + isa_bios_size, &error_fatal); + } else { + memory_region_init_ram(isa_bios, NULL, "isa-bios", isa_bios_size, + &error_fatal); + } memory_region_add_subregion_overlap(rom_memory, 0x100000 - isa_bios_size, isa_bios, @@ -68,7 +73,9 @@ static void pc_isa_bios_init(MemoryRegion *rom_memory, ((uint8_t*)flash_ptr) + (flash_size - isa_bios_size), isa_bios_size); - memory_region_set_readonly(isa_bios, true); + if (!machine_require_guest_memfd(current_machine)) { + memory_region_set_readonly(isa_bios, true); + } } static PFlashCFI01 *pc_pflash_create(PCMachineState *pcms, From patchwork Wed Mar 20 08:39:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13597587 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2047.outbound.protection.outlook.com [40.107.94.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9064D747F for ; Wed, 20 Mar 2024 08:56:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.47 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924996; cv=fail; b=RLRarqOpkEMJaD+ECf7KEFHiMqWcJ31zOUO1H9Vl7rTACvlsJtqbjJlm2jurHqg/vB9z2tilS3LkrdC3NIbjrcA+6jYE2VdZ95lLeuxHAg4I1ESeU+5+ZMPLK9IKlkK2BYo4oRlBNEcTewo+mZyHwdrUZm5OWOoj0oSkFRqIO1g= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710924996; c=relaxed/simple; bh=+efubz3DzoeXoMpujvuKFCKFVtflLIcmbL4V9d3x4WM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=K8aKNigOMJ7BnCMTsRhOTZlEXEyOe3YRMaeSsrRQVng/67s+F/lc2NNDCs7OCWWav5gurS9PmPjfoFnUfnLUAa+UI3iEB8Vr2Ec1bcJ2on5tE2tCyYokZgXLrsDWotr4ji5QjgtV5beufqoOhoBubeR9iNM+LyIlEHn48H17AVg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=w2jnqHXw; arc=fail smtp.client-ip=40.107.94.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="w2jnqHXw" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ERUPASCW6PMt6/5/HkAc9uaW682IecIoXTOsZeL55Aq2u+CIK8ECYZz+IQOc0QNTkhw49JCDCNGup3IiekeSlFBfdtsX3pq8h/f59rYI0eUVAfNb1b8aMwekCQXMTWfHk8I+Mb689jd1f3TCAd670HWOjmolWBTJ4VZODd8vIuQK+VX01EqibPlAzyQPEx6aByI4Jp7+w37CCguiCbWBE91Gg/THWl+JMdvhG8VFI17lDQodm1GsHgSaGcaP0WXbQ/z0am0J2YaV1xtbmK+5eshhAP0oAjkRTxKlmSUjziNVj7BQcG3wA7IUf2QIuSG1SdIXDGwsonVtuOEUr7RloA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=B0Ga6hkIq4PMlehO1h4QdPsKNE+e6tDuLWJwPmSvLCE=; b=eNfkIB5LwsBqxY9IJcy8uLLs+Gn5+SfwgbpgW1x/YLS9Euc0uexYj5xKvvWdoMmkBJWTNJwWJEtfxaDY78BclfdsSNiramNIj+8S0iPtsr5T/9E4iVWO3JjQyw2OBljjH+hWuy+HRpWW0RFPUO8vaN/kdK+5htmnGlVZ9k7d0yzSlq853PS9ByqxBqRMEGODbDVLx6o73lS90sPviGj9oxTITZAFqr9i63n6E4gq720VFDQzZDDL2u17oK10MaSaPirXukh0f+MdtOLKSBPYpPF350NaqanAn0iB1xrIXtwGZG0RPvHwyPTqEPTCI5Dyjwd4msxglxXshINcYbB4xg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=B0Ga6hkIq4PMlehO1h4QdPsKNE+e6tDuLWJwPmSvLCE=; b=w2jnqHXwNlYrzQTqQNt73DSQwf7WRqUf/h7wsZOUurep7ddWZvmQSFpBHYClE8HuaxwXFuxXpBODy6UiEhQlCt8H4rKUDEbxNo5dx3mSYhTJFM1iiNGFGC3J3YIS+zYCU4gl+ZTrk3PirR3n7QR2+jnegbbrbZiwB5lKqj39o0k= Received: from BYAPR07CA0045.namprd07.prod.outlook.com (2603:10b6:a03:60::22) by DM4PR12MB9072.namprd12.prod.outlook.com (2603:10b6:8:be::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.28; Wed, 20 Mar 2024 08:56:31 +0000 Received: from CO1PEPF000044F3.namprd05.prod.outlook.com (2603:10b6:a03:60:cafe::3c) by BYAPR07CA0045.outlook.office365.com (2603:10b6:a03:60::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.26 via Frontend Transport; Wed, 20 Mar 2024 08:56:31 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CO1PEPF000044F3.mail.protection.outlook.com (10.167.241.73) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Wed, 20 Mar 2024 08:56:31 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 20 Mar 2024 03:56:30 -0500 From: Michael Roth To: CC: , Tom Lendacky , "Paolo Bonzini" , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Pankaj Gupta , Xiaoyao Li , Isaku Yamahata Subject: [PATCH v3 49/49] hw/i386: Add support for loading BIOS using guest_memfd Date: Wed, 20 Mar 2024 03:39:45 -0500 Message-ID: <20240320083945.991426-50-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000044F3:EE_|DM4PR12MB9072:EE_ X-MS-Office365-Filtering-Correlation-Id: 17a210e5-dd6a-4b73-0ab1-08dc48bba35c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: lud8KTiiKCE/PkaJr7NuWRmzXft5G6zDAx+WQKgbC9yxAO6mP5FjVoJSdry30VmDcsq0U4hgDr6KTNeNsBmkKOCNblwPij3dO229DmUFAHyJ1vZeGzc+k5jnITHlDreFVqvtSpDRi3c08wlTv4E2Ql70Z/eqWJ9328mkwPG3erGGBfKQQ9pCxPk8MO7ZHQjb7AC2BVbl/wl65MABhPi2+6MYfMIZ60+z+ZLgZZ2y3wxaxbHwv8Nzs2euTHmUU5EkP3PY8LpHCqYpO/rSgK22nVpB2keVbBbSdDJPH1QUUn38tnEcohph8LS7kyTCD23p/uhvFd+CkSywzFIFcqJoIlRGzDpkxrsX3Ikv8WsvQ/51o+wUraSkc7GjciW0hXmzAnU8+nWuYnyIbRAp001+qIXH6d9M3BeWiGr+iwLm246Xs6Z/oGZbg+ml1EDV8QeWAdKb0giK5gAztFGwKgH+WQNELBR7Y+Q2rH3Tiyt2v0cJoV0Guyk6RMP1LnHubk1Q2t2rimJetPPIjgIyJ+E15BiYcs3jglRIFgim373BZsmsyTRQkUfdXUVIfoiHhWFU8PofW3CNatj/L1vUxZ7Q5/KVXTIFC7YQ74E+BhQT1BtqgwW4yo8YhdBmwUEVbDIea9dmnh7fsVQEj+ZHaNlLjnkZDiqGS2z0nYcpcVMPwH0OPghUY9sNjZwgTWg/zx7K2zH8GESL46JUNkOcXevUBtQMoQeQ7gDRnXIXYv0UK+az4pUdE383eF9v6unPABO3 X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(376005)(36860700004)(82310400014)(1800799015);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:56:31.4851 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 17a210e5-dd6a-4b73-0ab1-08dc48bba35c X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000044F3.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB9072 TODO: - Add proper handling for non-64K-aligned BIOS images. - Add proper handling for BIOS pflash area which should be initially mapped as shared, resulting in unecessary KVM_EXIT_MEMORY_FAULTs When guest_memfd is enabled, the BIOS is generally part of the initial encrypted guest image and will be accessed as private guest memory. Add the necessary changes to set up the associated RAM region with a guest_memfd backend to allow for this. Current support centers around using -bios to load the BIOS data. Support for loading the BIOS via pflash requires additional enablement since those interfaces rely on the use of ROM memory regions which make use of the KVM_MEM_READONLY memslot flag, which is not supported for guest_memfd-backed memslots. Signed-off-by: Michael Roth --- hw/i386/x86.c | 36 +++++++++++++++++++++++------------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/hw/i386/x86.c b/hw/i386/x86.c index e3ddc39133..ea2d03cc02 100644 --- a/hw/i386/x86.c +++ b/hw/i386/x86.c @@ -1147,10 +1147,18 @@ void x86_bios_rom_init(MachineState *ms, const char *default_firmware, } if (bios_size <= 0 || (bios_size % 65536) != 0) { - goto bios_error; + g_warning("%s: Unaligned BIOS size %d", __func__, bios_size); + if (!machine_require_guest_memfd(ms)) { + goto bios_error; + } } bios = g_malloc(sizeof(*bios)); - memory_region_init_ram(bios, NULL, "pc.bios", bios_size, &error_fatal); + if (machine_require_guest_memfd(ms)) { + memory_region_init_ram_guest_memfd(bios, NULL, "pc.bios", bios_size, + &error_fatal); + } else { + memory_region_init_ram(bios, NULL, "pc.bios", bios_size, &error_fatal); + } if (sev_enabled()) { /* * The concept of a "reset" simply doesn't exist for @@ -1173,17 +1181,19 @@ void x86_bios_rom_init(MachineState *ms, const char *default_firmware, } g_free(filename); - /* map the last 128KB of the BIOS in ISA space */ - isa_bios_size = MIN(bios_size, 128 * KiB); - isa_bios = g_malloc(sizeof(*isa_bios)); - memory_region_init_alias(isa_bios, NULL, "isa-bios", bios, - bios_size - isa_bios_size, isa_bios_size); - memory_region_add_subregion_overlap(rom_memory, - 0x100000 - isa_bios_size, - isa_bios, - 1); - if (!isapc_ram_fw) { - memory_region_set_readonly(isa_bios, true); + if (!machine_require_guest_memfd(ms)) { + /* map the last 128KB of the BIOS in ISA space */ + isa_bios_size = MIN(bios_size, 128 * KiB); + isa_bios = g_malloc(sizeof(*isa_bios)); + memory_region_init_alias(isa_bios, NULL, "isa-bios", bios, + bios_size - isa_bios_size, isa_bios_size); + memory_region_add_subregion_overlap(rom_memory, + 0x100000 - isa_bios_size, + isa_bios, + 1); + if (!isapc_ram_fw) { + memory_region_set_readonly(isa_bios, true); + } } /* map all the bios at the top of memory */