From patchwork Fri Jun 28 18:52:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13716542 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2078.outbound.protection.outlook.com [40.107.237.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F192AD27E; Fri, 28 Jun 2024 19:06:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.78 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1719601614; cv=fail; b=PBvk6aocLz5ZIgrS03v7yl+SKGWlhpaz5LRye+o/jPoA3LN2fghjfHeGLry8DBsAvfvFwPAYCcOV78ahqKV6bxwWbTBrkLo3fuaAKKCjh1SA2mPktn6wrxzest80MEfcfr3w0iUufaygRB6u6sYdBJq+zbWKBGQM+/0dxbtHJcQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1719601614; c=relaxed/simple; bh=dKEsU33jsIjh+XHYLPbWaaJLpPVwZNvyB6frkNuXIeA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=CxprPhBukXKGcQm8ihV3Tjx3p42889jKFsI6q7xQ9SOJoTz/7QfmHZjowLB0faVMiCMJ/MpFklMrYXs/B66A5eOaE8brpV+BPL9UzSQ4akOk8aa+poslJAGuJIiPgKyFHtORZDidogx1jECxqxIbsS32vWzHbN16x73YyoCl8NU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Px/GRSCP; arc=fail smtp.client-ip=40.107.237.78 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Px/GRSCP" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=biaFdhR0W+CzHDsSs2/4BD8a86YqLcHABk3zHCaTqsA8p4jhl88DWxnlljCkJ+ilaOODArO4zMSQ7tNnAGHMsJn7MOvOhnBXtvo4TkyeOAiTPQYXsKjrOvDDC9N36xGOKwU/2eZzN8oBuK9vXkKXGLFoMdtf1kAXzwDRH8jPWxbHWBR8fWMXh8/ilNyeyc8arCC4Y2SBDd0AS0GUqUVPBdqn4zP+RS/kgjyuqIADgu5WdtCxHQG6RNaKCNmqm87yC/DZCzhG9wTGYUdCALgvwkJHpunFXLz4rCLDOEtomF7Y+2tGHIZcWjREryHBm3jpud2Uxcm0zZcDJqFxYJlpLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gFag7PWqpD1WuWWUVdOArPNI+rh/2LhK5MCMPKuga+k=; b=FAytB5V0qk6aBOLFXYhX/42sMcOd+scpy1rMvFCmiT0GggzvMB/tRpEdJ0I1jJEKBBQqmxwWfTO6OwfzkKbcZ2Kt5A/HnB5YRa3OnBy5bXSzrklHYE+nTZsBNKioNnBECdkDjVynzyGa5N+5EyudQ+sfPjBj04fSG0mgJMZo1/OsPm6FUmsjwDevhndB7oQgIu4+b9gZ7/Umg4b6gExhDArYMz8CXhTaU7pxkqkx+c92ZfWwtH68ORmlUS/L327zOupsE/TS/he1uWY0BWrh+LGP8OF4CnG22jPEb2aSDGf98y12ZQeb+JvI8WH9KdhpZuj7j6p+wy63EbZregaPsQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gFag7PWqpD1WuWWUVdOArPNI+rh/2LhK5MCMPKuga+k=; b=Px/GRSCPSXFIMO9WP6WV5t6mmGCnT7dadQjuFIch+KBPYxNR1UDF5k1k1nn/FMczTDVZUOYctJv/P4PAFHc+DG/ehgHqw6Tg+A6aNIzeqrNbKylKYFHxUaVASgQK2RhN03QF1cGU5xC2bA7GeCuUMDM9JpCpxmoA9GXDgW3Ff8A= Received: from CH5PR05CA0003.namprd05.prod.outlook.com (2603:10b6:610:1f0::16) by SA1PR12MB8143.namprd12.prod.outlook.com (2603:10b6:806:333::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7719.28; Fri, 28 Jun 2024 19:06:48 +0000 Received: from CH1PEPF0000AD75.namprd04.prod.outlook.com (2603:10b6:610:1f0:cafe::24) by CH5PR05CA0003.outlook.office365.com (2603:10b6:610:1f0::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.16 via Frontend Transport; Fri, 28 Jun 2024 19:06:48 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH1PEPF0000AD75.mail.protection.outlook.com (10.167.244.54) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 28 Jun 2024 19:06:48 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 28 Jun 2024 14:06:47 -0500 From: Michael Roth To: CC: , , , , , , , , , , , , Brijesh Singh , "Alexey Kardashevskiy" Subject: [PATCH v2 1/3] KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event Date: Fri, 28 Jun 2024 13:52:42 -0500 Message-ID: <20240628185244.3615928-2-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240628185244.3615928-1-michael.roth@amd.com> References: <20240628185244.3615928-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH1PEPF0000AD75:EE_|SA1PR12MB8143:EE_ X-MS-Office365-Filtering-Correlation-Id: 4675ad44-ea11-4c73-6df8-08dc97a575de X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|376014|7416014|1800799024|82310400026; X-Microsoft-Antispam-Message-Info: EmHPGA90QPWUiNtaa5BnanE6HI6lfQ9u5VNkmVISpeLv7Hs6odRrvabPfrZUN6Z+XqXnrayYJbOfdUxpBlVDlmz1xUpo7TWrHkGgy6jDhK2bex/OknTKbzH1OHJLrF22LjYgZYD/swJnl14oDmLpqt+kK5hXf/UukxZo+aIJb4pzitr1uQKmVJfE4mJRFeurGqQQuVAmaWW7oBOTR2GQ//NEfEnZmQkXQVgJy1AJrwjUUzwil2eEBOJeQI2ggvgIaJseuFmfvCDzVf44a+ys1UgnTioEfu0OJ092KgSuoymntqaKWaqyirTBTuxXCNFpnq4Fv8QqLJ5ZtAFmRXqXlfMAZ6qliQ0coPi1dxGtLbHkJWWvR+qATg6AUylS7JaVLfBNd7R8O332VEIM6zEjQGj/BK2AVZASRHjFK+uDwQBYVUr4pNUVH0v1A+bvyMqM7qe7RZuL10PZhW0bxFxQph+upConNvKNPeSW0HYgA28/mtYa1Nf/bJR/YeEOOYAl01SQqQ7agfRg7U2DwXvRvQQjeGUyHDzjM0CE1pm1Xw+Rx0kWLNc58NSkdXw0iIGDbJjtI2Uo591grDu5PtjE4MwN46TVvdcENO7kSazrDXNMLrT+5A/JzoqJLubtYfOt+FHDvLMN1SSjjWGU5sulFyZyTmEstGt/4dWLY71wrwh/a8HOfhdSkHEyjLWpr5pvr6cj49L/nFiDFafrKXrXB1fO3/WDbXzM27ZKkAXPc7yayQF6SiQ+5sDeytrWhUUpcOghYo26o3n59er2wj1PmpxoAQmFDolJ9I0w0OSZHhnN8JCZtFEAw98sKv9f3at/3ZhpmAGtk7yK22a6GnlwbzM0FoWALbjgiaMINK+cnEBPmWsf+vZHj2j2Ws2SOrtGVl236OEjNJLPH9MPUcGyZl5vF7S7p+2Ia59RTiG2cfe4EBpUlcr9zJYnGRIGTlnnqOdZrc8zy6lQhXShUkiiLWz5IX9Hrpv7ueCo6Rk/SiNFmiBHMO5qhHwDejOC+GspOkSHKXJKvba804L0jCgjgNgf60w63tSliQMLwNH+8XFqFnW14NXVt/wmrCMH/Q/vG0vwCek+/Nt42QKHFOpgWSG2/rIvZAU6Zw57yfqKvMhkcVHJg0utidtqTyJcFN90cXMMC4KgQpTZ6ltPLG9r5cT2pIACqHccKRj1OOjeZUyA40tR8gYBnHjDDn4oOmLT8I7SDAl5r/e9g39a65/rOV9lYS7KkymJyc3rfMmGcpaPQy6njglNPkRVQJmKhCQRhTSEZ37TQjZ4UDhE8S1A5Y9bPH87aSz5G06Hwts0rVZbjUgQaqJBjQlzRn+S0rsgTtxByoPJJMQ+jyQhPAW6kRhMXklSOVw2RMs7zdDgQR3oxhTMySw85u6DSKRfq74fy9vn5wMRZRW6oikSrK51eJroh3XhbvqyUtyoqNy9GjklhyC/MGL72NonAP5EIHKS X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(376014)(7416014)(1800799024)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2024 19:06:48.1739 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4675ad44-ea11-4c73-6df8-08dc97a575de X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH1PEPF0000AD75.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB8143 From: Brijesh Singh Version 2 of GHCB specification added support for the SNP Guest Request Message NAE event. The event allows for an SEV-SNP guest to make requests to the SEV-SNP firmware through hypervisor using the SNP_GUEST_REQUEST API defined in the SEV-SNP firmware specification. This is used by guests primarily to request attestation reports from firmware. There are other request types are available as well, but the specifics of what guest requests are being made are opaque to the hypervisor, which only serves as a proxy for the guest requests and firmware responses. Implement handling for these events. When an SNP Guest Request is issued, the guest will provide its own request/response pages, which could in theory be passed along directly to firmware. However, these pages would need special care: - Both pages are from shared guest memory, so they need to be protected from migration/etc. occurring while firmware reads/writes to them. At a minimum, this requires elevating the ref counts and potentially needing an explicit pinning of the memory. This places additional restrictions on what type of memory backends userspace can use for shared guest memory since there would be some reliance on using refcounted pages. - The response page needs to be switched to Firmware-owned state before the firmware can write to it, which can lead to potential host RMP #PFs if the guest is misbehaved and hands the host a guest page that KVM is writing to for other reasons (e.g. virtio buffers). Both of these issues can be avoided completely by using separately-allocated bounce pages for both the request/response pages and passing those to firmware instead. So that's the approach taken here. Signed-off-by: Brijesh Singh Co-developed-by: Alexey Kardashevskiy Signed-off-by: Alexey Kardashevskiy Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra Reviewed-by: Tom Lendacky Reviewed-by: Liam Merwick [mdr: ensure FW command failures are indicated to guest, drop extended request handling to be re-written as separate patch, massage commit] Signed-off-by: Michael Roth --- arch/x86/kvm/svm/sev.c | 131 +++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.h | 3 + include/uapi/linux/sev-guest.h | 3 + 3 files changed, 137 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index df8818759698..e7f5225293ae 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include @@ -326,6 +327,78 @@ static void sev_unbind_asid(struct kvm *kvm, unsigned int handle) sev_decommission(handle); } +/* + * This sets up bounce buffers/firmware pages to handle SNP Guest Request + * messages (e.g. attestation requests). See "SNP Guest Request" in the GHCB + * 2.0 specification for more details. + * + * Technically, when an SNP Guest Request is issued, the guest will provide its + * own request/response pages, which could in theory be passed along directly + * to firmware rather than using bounce pages. However, these pages would need + * special care: + * + * - Both pages are from shared guest memory, so they need to be protected + * from migration/etc. occurring while firmware reads/writes to them. At a + * minimum, this requires elevating the ref counts and potentially needing + * an explicit pinning of the memory. This places additional restrictions + * on what type of memory backends userspace can use for shared guest + * memory since there is some reliance on using refcounted pages. + * + * - The response page needs to be switched to Firmware-owned[1] state + * before the firmware can write to it, which can lead to potential + * host RMP #PFs if the guest is misbehaved and hands the host a + * guest page that KVM might write to for other reasons (e.g. virtio + * buffers/etc.). + * + * Both of these issues can be avoided completely by using separately-allocated + * bounce pages for both the request/response pages and passing those to + * firmware instead. So that's what is being set up here. + * + * Guest requests rely on message sequence numbers to ensure requests are + * issued to firmware in the order the guest issues them, so concurrent guest + * requests generally shouldn't happen. But a misbehaved guest could issue + * concurrent guest requests in theory, so a mutex is used to serialize + * access to the bounce buffers. + * + * [1] See the "Page States" section of the SEV-SNP Firmware ABI for more + * details on Firmware-owned pages, along with "RMP and VMPL Access Checks" + * in the APM for details on the related RMP restrictions. + */ +static int snp_guest_req_init(struct kvm *kvm) +{ + struct kvm_sev_info *sev = to_kvm_sev_info(kvm); + struct page *req_page; + + req_page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); + if (!req_page) + return -ENOMEM; + + sev->guest_resp_buf = snp_alloc_firmware_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); + if (!sev->guest_resp_buf) { + __free_page(req_page); + return -EIO; + } + + sev->guest_req_buf = page_address(req_page); + mutex_init(&sev->guest_req_mutex); + + return 0; +} + +static void snp_guest_req_cleanup(struct kvm *kvm) +{ + struct kvm_sev_info *sev = to_kvm_sev_info(kvm); + + if (sev->guest_resp_buf) + snp_free_firmware_page(sev->guest_resp_buf); + + if (sev->guest_req_buf) + __free_page(virt_to_page(sev->guest_req_buf)); + + sev->guest_req_buf = NULL; + sev->guest_resp_buf = NULL; +} + static int __sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp, struct kvm_sev_init *data, unsigned long vm_type) @@ -376,6 +449,10 @@ static int __sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp, if (ret) goto e_free; + /* This needs to happen after SEV/SNP firmware initialization. */ + if (vm_type == KVM_X86_SNP_VM && snp_guest_req_init(kvm)) + goto e_free; + INIT_LIST_HEAD(&sev->regions_list); INIT_LIST_HEAD(&sev->mirror_vms); sev->need_init = false; @@ -2850,6 +2927,8 @@ void sev_vm_destroy(struct kvm *kvm) } if (sev_snp_guest(kvm)) { + snp_guest_req_cleanup(kvm); + /* * Decomission handles unbinding of the ASID. If it fails for * some unexpected reason, just leak the ASID. @@ -3321,6 +3400,10 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) if (!sev_snp_guest(vcpu->kvm) || !kvm_ghcb_sw_scratch_is_valid(svm)) goto vmgexit_err; break; + case SVM_VMGEXIT_GUEST_REQUEST: + if (!sev_snp_guest(vcpu->kvm)) + goto vmgexit_err; + break; default: reason = GHCB_ERR_INVALID_EVENT; goto vmgexit_err; @@ -3939,6 +4022,51 @@ static int sev_snp_ap_creation(struct vcpu_svm *svm) return ret; } +static int snp_handle_guest_req(struct vcpu_svm *svm, gpa_t req_gpa, gpa_t resp_gpa) +{ + struct sev_data_snp_guest_request data = {0}; + struct kvm *kvm = svm->vcpu.kvm; + struct kvm_sev_info *sev = to_kvm_sev_info(kvm); + sev_ret_code fw_err = 0; + int ret; + + if (!sev_snp_guest(kvm)) + return -EINVAL; + + mutex_lock(&sev->guest_req_mutex); + + if (kvm_read_guest(kvm, req_gpa, sev->guest_req_buf, PAGE_SIZE)) { + ret = -EIO; + goto out_unlock; + } + + data.gctx_paddr = __psp_pa(sev->snp_context); + data.req_paddr = __psp_pa(sev->guest_req_buf); + data.res_paddr = __psp_pa(sev->guest_resp_buf); + + /* + * Firmware failures are propagated on to guest, but any other failure + * condition along the way should be reported to userspace. E.g. if + * the PSP is dead and commands are timing out. + */ + ret = sev_issue_cmd(kvm, SEV_CMD_SNP_GUEST_REQUEST, &data, &fw_err); + if (ret && !fw_err) + goto out_unlock; + + if (kvm_write_guest(kvm, resp_gpa, sev->guest_resp_buf, PAGE_SIZE)) { + ret = -EIO; + goto out_unlock; + } + + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, SNP_GUEST_ERR(0, fw_err)); + + ret = 1; /* resume guest */ + +out_unlock: + mutex_unlock(&sev->guest_req_mutex); + return ret; +} + static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) { struct vmcb_control_area *control = &svm->vmcb->control; @@ -4213,6 +4341,9 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) ret = 1; break; + case SVM_VMGEXIT_GUEST_REQUEST: + ret = snp_handle_guest_req(svm, control->exit_info_1, control->exit_info_2); + break; case SVM_VMGEXIT_UNSUPPORTED_EVENT: vcpu_unimpl(vcpu, "vmgexit: unsupported event - exit_info_1=%#llx, exit_info_2=%#llx\n", diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index d2397b98bbf0..1090068f8f70 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -95,6 +95,9 @@ struct kvm_sev_info { struct misc_cg *misc_cg; /* For misc cgroup accounting */ atomic_t migration_in_progress; void *snp_context; /* SNP guest context page */ + void *guest_req_buf; /* Bounce buffer for SNP Guest Request input */ + void *guest_resp_buf; /* Bounce buffer for SNP Guest Request output */ + struct mutex guest_req_mutex; /* Must acquire before using bounce buffers */ }; struct kvm_svm { diff --git a/include/uapi/linux/sev-guest.h b/include/uapi/linux/sev-guest.h index 154a87a1eca9..fcdfea767fca 100644 --- a/include/uapi/linux/sev-guest.h +++ b/include/uapi/linux/sev-guest.h @@ -89,6 +89,9 @@ struct snp_ext_report_req { #define SNP_GUEST_FW_ERR_MASK GENMASK_ULL(31, 0) #define SNP_GUEST_VMM_ERR_SHIFT 32 #define SNP_GUEST_VMM_ERR(x) (((u64)x) << SNP_GUEST_VMM_ERR_SHIFT) +#define SNP_GUEST_FW_ERR(x) ((x) & SNP_GUEST_FW_ERR_MASK) +#define SNP_GUEST_ERR(vmm_err, fw_err) (SNP_GUEST_VMM_ERR(vmm_err) | \ + SNP_GUEST_FW_ERR(fw_err)) #define SNP_GUEST_VMM_ERR_INVALID_LEN 1 #define SNP_GUEST_VMM_ERR_BUSY 2 From patchwork Fri Jun 28 18:52:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13716543 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2084.outbound.protection.outlook.com [40.107.236.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D21DF7407D; Fri, 28 Jun 2024 19:07:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.84 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1719601635; cv=fail; b=rj2cNdrJ76/RLKwKKIfbeqAvteHRPe4+A08tdRxWFT8aSHuphiNoqMKA1y5YQxEMEMVcuUXOczvQgfq2bh56M08DYYVKop4nw7XLYewzdjVaweIbrPFhVxzfeGg48PUQkp8Z3K4u5iA0nX206Y6r0Lmp/XWlgnz8Ou2cFZxqQS4= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1719601635; c=relaxed/simple; bh=vZFv3KZ6ihnKKNTwhHm2QXa7biBRbfN8WP/JwPgZV0I=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ApS4UMMG21SlIDBoUe+5LdFNh/rodMBPZgx3bRV/c4+HbMc61+llmXncnOXe9lnvoTF2PpdH83WEN9DXHgdlBEunKTavrY4RU6goKTKfQVdpNRDoHVYt3n9cmhqaMxyztmCLRtlusjOqkJKNZtwPWTEGWQE7C2SWEGzZ7gyq3Ic= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=5fPqxj77; arc=fail smtp.client-ip=40.107.236.84 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="5fPqxj77" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZkTEbhvmhJDHuxDxBLyc3Ie+47x3+Dmz594psLNMInehzt5qPvUaB7WZ9xQfnJpatuaI9Z53q8yGHIg2prYLtP3kH47HUD5fL3Lxa5fydAPg5BhLnYMgDWKSszngAl/aIadn0mx3eEnl4bu8XycauRRo0zA8FVkdKhMHrXlB3HZ6rJ7ONREZwMbplGYkxclw5gHbE0lmDidZNTyisvs69srZjMpXeBxFJZ6ptoD4bOdjEA/oF7KqT1aqR/aZdo9DFBBaOgbP2JpWORw0YaFXKYm7rL8jH0c+JDTJZtcreY+tBDHUMTOCSaqrBW0V+rdpcQWaCFhlLn20eteMyN9THw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8pb1E/sJeQuEWq+xtS85vWCPlEeOuQlEq0PYaVOdGhI=; b=K+V7FaO7v0NbbMaA1cGqP33gPpArNA+dl+3+1gK/dadspq/EjIyrvYjQ+riqBeWRAK0xnzcbV8s6eWBoW9VWWLf609deHS50bnf+47zM8tXvwgPQX0jPvzrNnZ4GujbR43a2bLhGrXjXwBaMmyqsYBVP3dmZjRgoqpJfAL4sRWnluFZRnfemEaj8xKR8M/QpswjlR2+3Naj6ewl2gT66YGy6tkl2+LB0A0PbFqbp4rq7GZXIffus32Yv0tQH6cC5CgB1GJ5gcHVrsu2BQ3fIwxrzyVVjSgWdhow2YrUeL8v+IibUJ3no6OlvyUo0POFDsvF+48yDFKa2s7UGaASyXw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8pb1E/sJeQuEWq+xtS85vWCPlEeOuQlEq0PYaVOdGhI=; b=5fPqxj77uj5OwSCdWZeH91bJPWh0JxHdpSyKPxxLoje9YnjM3rj/JT7UfoJsCXC5Dk85OzgUbKsks0X4N4+swQl9b72vHL9hqONBPzbUeqot6JI5tkkbsDQEZ3K3KuZAqtFRa0bpQCIxbkbrKZTjuNraV1nUoZ61VF1Wvm58GnU= Received: from CH0P221CA0030.NAMP221.PROD.OUTLOOK.COM (2603:10b6:610:11d::18) by MN0PR12MB5978.namprd12.prod.outlook.com (2603:10b6:208:37d::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.32; Fri, 28 Jun 2024 19:07:09 +0000 Received: from CH1PEPF0000AD78.namprd04.prod.outlook.com (2603:10b6:610:11d:cafe::2f) by CH0P221CA0030.outlook.office365.com (2603:10b6:610:11d::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7719.28 via Frontend Transport; Fri, 28 Jun 2024 19:07:09 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH1PEPF0000AD78.mail.protection.outlook.com (10.167.244.56) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 28 Jun 2024 19:07:08 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 28 Jun 2024 14:07:08 -0500 From: Michael Roth To: CC: , , , , , , , , , , , Subject: [PATCH v2 2/3] x86/sev: Move sev_guest.h into common SEV header Date: Fri, 28 Jun 2024 13:52:43 -0500 Message-ID: <20240628185244.3615928-3-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240628185244.3615928-1-michael.roth@amd.com> References: <20240628185244.3615928-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH1PEPF0000AD78:EE_|MN0PR12MB5978:EE_ X-MS-Office365-Filtering-Correlation-Id: 4df05f16-5a00-46c9-3b60-08dc97a58238 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|36860700013|376014|1800799024|82310400026; X-Microsoft-Antispam-Message-Info: YHIWuxZ62Sj95EY6a9B3lyqoxypQxdXS9X1xP8ZmjpqzuHur5Dd9Lzd3BZUS5yJCwKl08Y6fSGvoWkZIXRJbki5e72FFWW3HWMM1pMKZPVVJYBBibdoh60u+nQtUHCRG9TbfnINq5xTfEarx5UDEpeyVxmVwVLR3wLZAG0lpEW0D/PKGQuQ45dDbmXcEubuG00KgnShCJoJlAs1jqFBIDt/EYDD2PuN3856ryr6U9+L2dLi4+KA5nEbActEv+rn4cJ/KdJdXt7K4kReHgLsIwoQ0jOrQuhqE7PumzERoH5citxS3k6KW64s1PRNyarZsB9CmVCaM2n2Yt2QhPMMxoLSCJWsdX12fl6sgMtU/jiXmagAg65EV7hcp3NyuyjzmwvqrKlC7e8VoITtcs7GyIscIfDNLRqRn01OGb+e8FJnHcHbhSaiOmxQi6mi49NRt+k5ZZ68XPlwCMajYJrFQ5iXXwYSuV5fx+SsEJpK0i1ozJ/qC9ySp8PGVTVctWe2C57YVdnJF2Uk8vfLqLaAoVigXZoJkBJMX+bPJXJrKKEJnewJwwmCeesE1bpiIgblJ3jaDfkDkSxmKQyfrC4bHcQFh04X5q2xKdBYd9j2K69TLewmRDziFwRN48gmZq1lDsuUnILUQJMoiCQyU2fKek29JGUDwHMHSlQdAZgVvP+Ra6jgCA4FGqBAA87UxjV8ByXCydn96ILrl8IvtGKDBjCEvJFwFEUvUP5D3S2fWFFgATNTDqBFMVRGTakwLgCUSqmXDZtgw/NyGDBpbIHz330DJqPy2bkgttZ9U6ABsgniPzpThccMHP6+eUUqmrcpZjCrJ1POtt83MTYar2j/ozBRnSptsFmhA6/1P1ELZ3IqmA++swuSO5/j6Biwq16M6vADeWncXS65zz+c+bkplIQjWfMiS1EmyHADWzyU1vA7QcOnj9NNNz+5AykhHD+N+YQJOr/frA4Qry4vjEW5pt4kcYE0xElvg2puuSmObiwdDMEh4zkr0nawwd4w7H0vLNFYK584GVj+r3vZZEN25ir5JKQ5nqsmAlxnCcFAy+8nWqAi7/X23HmKx+cN5S4L3pGbd2iPCv6l21fP5GmS0kHwk31s5zdV0VRu4vap56Z0VTNPHZPLfiuc3HdWHIOQbcwYS54b34KbHGFOVICVkkkmIFGInFltF6bfhqaE9Jb317OgwrmR7cstCy78/s4D6H31S/UoWHJNByK8Jiqj2dBkGsabl/vV+mwvb0s8ITneKYevJBGwkN32sMs8k2dBRYa8EmY3tteIKMGFh47RpHcRMvLxNapMkVJf3P7knj4PLYtj+ENIXZbsxW3pyKH3NSUNat0r6CpFq6PTv+RXuhIFkokS3Pxw+z3Gq9/7b/PIjPJ+/6khJ7EGoMUBMf/yhozGxr+MaOK9FUmWjkJuc0w== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(36860700013)(376014)(1800799024)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2024 19:07:08.9107 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4df05f16-5a00-46c9-3b60-08dc97a58238 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH1PEPF0000AD78.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR12MB5978 sev_guest.h currently contains various definitions relating to the format of SNP_GUEST_REQUEST commands to SNP firmware. Currently only the sev-guest driver makes use of them, but when the KVM side of this is implemented there's a need to parse the SNP_GUEST_REQUEST header to determine whether additional information needs to be provided to the guest. Prepare for this by moving those definitions to a common header that's shared by host/guest code so that KVM can also make use of them. Reviewed-by: Tom Lendacky Reviewed-by: Liam Merwick Signed-off-by: Michael Roth --- arch/x86/include/asm/sev.h | 48 +++++++++++++++++++ drivers/virt/coco/sev-guest/sev-guest.c | 2 - drivers/virt/coco/sev-guest/sev-guest.h | 63 ------------------------- 3 files changed, 48 insertions(+), 65 deletions(-) delete mode 100644 drivers/virt/coco/sev-guest/sev-guest.h diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 1936f37e3371..72f9ba3a2fee 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -119,6 +119,54 @@ struct snp_req_data { unsigned int data_npages; }; +#define MAX_AUTHTAG_LEN 32 + +/* See SNP spec SNP_GUEST_REQUEST section for the structure */ +enum msg_type { + SNP_MSG_TYPE_INVALID = 0, + SNP_MSG_CPUID_REQ, + SNP_MSG_CPUID_RSP, + SNP_MSG_KEY_REQ, + SNP_MSG_KEY_RSP, + SNP_MSG_REPORT_REQ, + SNP_MSG_REPORT_RSP, + SNP_MSG_EXPORT_REQ, + SNP_MSG_EXPORT_RSP, + SNP_MSG_IMPORT_REQ, + SNP_MSG_IMPORT_RSP, + SNP_MSG_ABSORB_REQ, + SNP_MSG_ABSORB_RSP, + SNP_MSG_VMRK_REQ, + SNP_MSG_VMRK_RSP, + + SNP_MSG_TYPE_MAX +}; + +enum aead_algo { + SNP_AEAD_INVALID, + SNP_AEAD_AES_256_GCM, +}; + +struct snp_guest_msg_hdr { + u8 authtag[MAX_AUTHTAG_LEN]; + u64 msg_seqno; + u8 rsvd1[8]; + u8 algo; + u8 hdr_version; + u16 hdr_sz; + u8 msg_type; + u8 msg_version; + u16 msg_sz; + u32 rsvd2; + u8 msg_vmpck; + u8 rsvd3[35]; +} __packed; + +struct snp_guest_msg { + struct snp_guest_msg_hdr hdr; + u8 payload[4000]; +} __packed; + struct sev_guest_platform_data { u64 secrets_gpa; }; diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 654290a8e1ba..f0ea26f18cbf 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -29,8 +29,6 @@ #include #include -#include "sev-guest.h" - #define DEVICE_NAME "sev-guest" #define AAD_LEN 48 #define MSG_HDR_VER 1 diff --git a/drivers/virt/coco/sev-guest/sev-guest.h b/drivers/virt/coco/sev-guest/sev-guest.h deleted file mode 100644 index 21bda26fdb95..000000000000 --- a/drivers/virt/coco/sev-guest/sev-guest.h +++ /dev/null @@ -1,63 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0-only */ -/* - * Copyright (C) 2021 Advanced Micro Devices, Inc. - * - * Author: Brijesh Singh - * - * SEV-SNP API spec is available at https://developer.amd.com/sev - */ - -#ifndef __VIRT_SEVGUEST_H__ -#define __VIRT_SEVGUEST_H__ - -#include - -#define MAX_AUTHTAG_LEN 32 - -/* See SNP spec SNP_GUEST_REQUEST section for the structure */ -enum msg_type { - SNP_MSG_TYPE_INVALID = 0, - SNP_MSG_CPUID_REQ, - SNP_MSG_CPUID_RSP, - SNP_MSG_KEY_REQ, - SNP_MSG_KEY_RSP, - SNP_MSG_REPORT_REQ, - SNP_MSG_REPORT_RSP, - SNP_MSG_EXPORT_REQ, - SNP_MSG_EXPORT_RSP, - SNP_MSG_IMPORT_REQ, - SNP_MSG_IMPORT_RSP, - SNP_MSG_ABSORB_REQ, - SNP_MSG_ABSORB_RSP, - SNP_MSG_VMRK_REQ, - SNP_MSG_VMRK_RSP, - - SNP_MSG_TYPE_MAX -}; - -enum aead_algo { - SNP_AEAD_INVALID, - SNP_AEAD_AES_256_GCM, -}; - -struct snp_guest_msg_hdr { - u8 authtag[MAX_AUTHTAG_LEN]; - u64 msg_seqno; - u8 rsvd1[8]; - u8 algo; - u8 hdr_version; - u16 hdr_sz; - u8 msg_type; - u8 msg_version; - u16 msg_sz; - u32 rsvd2; - u8 msg_vmpck; - u8 rsvd3[35]; -} __packed; - -struct snp_guest_msg { - struct snp_guest_msg_hdr hdr; - u8 payload[4000]; -} __packed; - -#endif /* __VIRT_SEVGUEST_H__ */ From patchwork Fri Jun 28 18:52:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13716544 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2083.outbound.protection.outlook.com [40.107.236.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C650B78281; Fri, 28 Jun 2024 19:07:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.83 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1719601655; cv=fail; b=gxLPoSOSqsP+tytSWQiBSxzPy/B3cQeyUJHh3cQKSuiVNABlwyQp5GzJf9mt2cKH+oJUNNV7a/vW58isSsqmgZxevXRxfWjdb+MuucGqBa32yADmXcEirqcsdnKk1mL1RkhpWKOPkSYn45luhHUOsaNmx5xJhFE3f6KcWkwTi8E= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1719601655; c=relaxed/simple; bh=Eeqceq0SeJ37f4GPhUhjTSkCYVo6kcvTjyOHFuPullU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=LRt2EqOG3Xg6HnOhbg7tOJzTn9Ac9NvVqSwQVWO1s3ksrA2tTGXkYEkYbgjLsDBfO/jSOGZlnm/VndcfKboU/8qfJW6UvgRYaUy61TVYRcLv5V2elBnDpHYdwNYafxs/hEPg03TcoqjlhnBEoi/BruNO7d/dbXF0qTtsfiCHGV0= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=DOBm89el; arc=fail smtp.client-ip=40.107.236.83 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="DOBm89el" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jrgNtGMALoPgmaod04t6tvk0Ju54RDiKL2iFX223k7fOCo/QpiayDPe2FjftUV0uKypMMlffwMfKP/H5HI4sSGZ4UQeoOZx49BD/LqNzXGexaS5ataUqqRjuSOCxjEMpdTaCp/4QL3YjThWRiGRvdJ0TxOSNsbpzqasYK42I5PG39Unl5N31BtDEQ1hF0vo21/wbtoD+329bl0/9bWQAUbmfWfsSdkP526JPWW6NBPZKxc2CJehV3DwPvWgaFUI9AZmCZRoMkk1w9Y36kM790NLpUjje2+m28VfbEEbBYaTizwORUXc9sRmo67RQESgQ8ZXaILTFlsw9Fe9Iqa6Dyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+bSey/cRyS7o7nBgiSv/YY3s90CKv+EBiQH1FQvUk8Y=; b=mW/fzs2Jkfi+zVmldIiWm3DW5gr9bifoIvlEojU8/y8/dRXVLyDOyXChdC+YkQwDoXMTyDQn1b5jVYkBu/OH5Eswwn0MjwVCiowbz+LKApnGin6Jza9TSBRHfPaK/TrtchO4QNaGzbjlYhjiRe/A5ycdp0CDBNSi8lABBtm8TlxDrlsP9fB6s7ydAvOlEmtl4NRhxQxiozmTW/rRJUdJn10VSS/x8jXtbPhPD5TEMbQwgIyHEq4Bu9oECd2Cc643A76vlcfFnknyEdjITyD5TTkyZHVYcXRG3QrMqYHv5nQSOE9NfXrpNlVDSSTXa81stROcHP8M+rggiS1lPnh1ig== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+bSey/cRyS7o7nBgiSv/YY3s90CKv+EBiQH1FQvUk8Y=; b=DOBm89elqwM0GjW+3+7jwhNz+4SMLZnEbVJq20shlzH0bwNjsDu9HuzluQ/2dA5nVMy+uXJIZ5/yiqtzBp9bMMTdPqUXCcOpN6xabUum7bxmTvUlnC5vaoDSsghTPObyZ+BhzZfDeUdf2rnL+NqLi1p4y68vy0Gn+eDSfJ7Fq6w= Received: from CH0P221CA0031.NAMP221.PROD.OUTLOOK.COM (2603:10b6:610:11d::13) by SJ2PR12MB8690.namprd12.prod.outlook.com (2603:10b6:a03:540::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.32; Fri, 28 Jun 2024 19:07:30 +0000 Received: from CH1PEPF0000AD78.namprd04.prod.outlook.com (2603:10b6:610:11d:cafe::6d) by CH0P221CA0031.outlook.office365.com (2603:10b6:610:11d::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7719.28 via Frontend Transport; Fri, 28 Jun 2024 19:07:29 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH1PEPF0000AD78.mail.protection.outlook.com (10.167.244.56) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 28 Jun 2024 19:07:29 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 28 Jun 2024 14:07:29 -0500 From: Michael Roth To: CC: , , , , , , , , , , , , Carlos Bilbao Subject: [PATCH v2 3/3] KVM: SEV: Provide support for SNP_EXTENDED_GUEST_REQUEST NAE event Date: Fri, 28 Jun 2024 13:52:44 -0500 Message-ID: <20240628185244.3615928-4-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240628185244.3615928-1-michael.roth@amd.com> References: <20240628185244.3615928-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH1PEPF0000AD78:EE_|SJ2PR12MB8690:EE_ X-MS-Office365-Filtering-Correlation-Id: 413a08bb-6dc9-49da-61f7-08dc97a58ea2 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|36860700013|376014|1800799024|82310400026; X-Microsoft-Antispam-Message-Info: h9WGSrx8EYcZ26tmp6T/i3zEq6bZkbgfasD0BKXWS9/ADrS+uCGxqxz2N+uGPvxxS5ArOXukyJQkVDAmf6nvkc+MXcgu9HGDDNLf7A2dMneXL7rpWEBuDwjJ4l3WjbibFyOs1TjSfrdIJK4WwoWfhqzyj0l3sqBBHmRr0v9XhY/NFfAIsJG7aGvAXtIOBmZ68UjXdiNUNq8xXpYpmnmhgno7VFTRtcsWmggmQS5yG4CKXo4xsI+Ym8Z0XCYAV3CmxGGOzoL0sJcaJWkOOBkRPwev7UM5iZ434SerVLjQlXw8tV7lxE+hWSKC+szYZ8TwF+O/DbiQA2j+q2ak+jAFRJVRN6LFJQcyIb8n/4wDvVbGDXjl/heNjgRjaHYYpXUtOqarguAdCNC8FE7RQBYI6zT0rSIQv7XUaskzNZQjM3+1JKj2LaqH6Zr+nnsDnyTOXXE/97DYJ8Pu5NbmqbBmF8tqWuBXyBP4oSJWfk9Uurg9SCWvbU6RyupyCUHeD+GK1ry67Oz35Ng8D28COtBA4Zktp8XFdd4FgfZC6HKDBOL0bzU5xRPjKy7kycuaDz1IDTUgQX5WcudQ09xnOwpqGc94GplNjMb01OQYWIKXGKO5m59Fla6fCuIpHrIBPSEf/TCZDlj3/0gv8w97TTbePVlIhWnxEZ9zJAyYQNzhbaaYj7bbPtcxVaJzcs7E4aFo+55rTSOSgZNe6RbloJATaxy6oZIsKGzlHJ8NDh5siffDGwHcdD+rpp5+fiLrxBv1LItrjnTlfndiHCYDKa6DDEqxysRm3/ordgDOhzYpqHohdFzWFYwRBwd69j6BnDuwMJFyd/SDe9lcywf/c47dOUgZ4OA5qz8+dJshFfhQJLv5SRpC0SiftDduGp9hvgVkJr/slyCpgmWshaZp5eIVLNAW8nwdTpSfDv5aZQzXL1BIfaRHyL6hlhU6Fbiamgld6cK7iIsLs+Oc8ahD1ac7WVX9txs7tL0XSn+mOVFr45XOk/Wl/aQcqE4a5YBFvaOeN4/bOFM4BEeRc3EGuwTHplt+fkWpZ06myxE990lSUZ404T/p9pkclq7IWbRPcLoHgHbSbah1yGT/j1idxkwFtEor9vbCzqrrHKpT5Aq3JtXXpoxVl5fgqpt6Ib5To49GBRxiFi5trxfLDTSmbhwB/xu/5jiuBiqcvwU+DUtTUyjpxdlEU3bhU7yyyjAvYIwTaP3VxZUDb1C5evzA7LADzBWI9VS/dNGb2S3nDJdKt7t9OPX+cxnoPyirChC3nDK7UOfKfVaAIjmVBFg66jpY5v+fYmSuzm4eBTM1QmE9e7SShY4FmfNX1q8X6gsCUkxiszJKUUlaKcnLv8jpoM3QgB3nc7Blpx+The6HKM54TGUw4mqnroUTNmfm8Enm8A4yHj4xIbHi949ZBUiPSVIOmatze+jkI8+fXYbVCn4ZB2+diymAX//qMF3YPRfkEcu4 X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(36860700013)(376014)(1800799024)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2024 19:07:29.7234 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 413a08bb-6dc9-49da-61f7-08dc97a58ea2 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH1PEPF0000AD78.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR12MB8690 Version 2 of GHCB specification added support for the SNP Extended Guest Request Message NAE event. This event serves a nearly identical purpose to the previously-added SNP_GUEST_REQUEST event, but for certain message types it allows the guest to supply a buffer to be used for additional information in some cases. Currently the GHCB spec only defines extended handling of this sort in the case of attestation requests, where the additional buffer is used to supply a table of certificate data corresponding to the attestion report's signing key. Support for this extended handling will require additional KVM APIs to handle coordinating with userspace. Whether or not the hypervisor opts to provide this certificate data is optional. However, support for processing SNP_EXTENDED_GUEST_REQUEST GHCB requests is required by the GHCB 2.0 specification for SNP guests, so for now implement a stub implementation that provides an empty certificate table to the guest if it supplies an additional buffer, but otherwise behaves identically to SNP_GUEST_REQUEST. Reviewed-by: Carlos Bilbao Reviewed-by: Tom Lendacky Reviewed-by: Liam Merwick Signed-off-by: Michael Roth --- arch/x86/kvm/svm/sev.c | 56 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index e7f5225293ae..a26e5b191d4a 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3401,6 +3401,7 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) goto vmgexit_err; break; case SVM_VMGEXIT_GUEST_REQUEST: + case SVM_VMGEXIT_EXT_GUEST_REQUEST: if (!sev_snp_guest(vcpu->kvm)) goto vmgexit_err; break; @@ -4067,6 +4068,58 @@ static int snp_handle_guest_req(struct vcpu_svm *svm, gpa_t req_gpa, gpa_t resp_ return ret; } +static int snp_handle_ext_guest_req(struct vcpu_svm *svm, gpa_t req_gpa, gpa_t resp_gpa) +{ + struct kvm *kvm = svm->vcpu.kvm; + u8 msg_type; + + if (!sev_snp_guest(kvm)) + return -EINVAL; + + if (kvm_read_guest(kvm, req_gpa + offsetof(struct snp_guest_msg_hdr, msg_type), + &msg_type, 1)) + return -EIO; + + /* + * As per GHCB spec, requests of type MSG_REPORT_REQ also allow for + * additional certificate data to be provided alongside the attestation + * report via the guest-provided data pages indicated by RAX/RBX. The + * certificate data is optional and requires additional KVM enablement + * to provide an interface for userspace to provide it, but KVM still + * needs to be able to handle extended guest requests either way. So + * provide a stub implementation that will always return an empty + * certificate table in the guest-provided data pages. + */ + if (msg_type == SNP_MSG_REPORT_REQ) { + struct kvm_vcpu *vcpu = &svm->vcpu; + u64 data_npages; + gpa_t data_gpa; + + if (!kvm_ghcb_rax_is_valid(svm) || !kvm_ghcb_rbx_is_valid(svm)) + goto request_invalid; + + data_gpa = vcpu->arch.regs[VCPU_REGS_RAX]; + data_npages = vcpu->arch.regs[VCPU_REGS_RBX]; + + if (!PAGE_ALIGNED(data_gpa)) + goto request_invalid; + + /* + * As per GHCB spec (see "SNP Extended Guest Request"), the + * certificate table is terminated by 24-bytes of zeroes. + */ + if (data_npages && kvm_clear_guest(kvm, data_gpa, 24)) + return -EIO; + } + + return snp_handle_guest_req(svm, req_gpa, resp_gpa); + +request_invalid: + ghcb_set_sw_exit_info_1(svm->sev_es.ghcb, 2); + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, GHCB_ERR_INVALID_INPUT); + return 1; /* resume guest */ +} + static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) { struct vmcb_control_area *control = &svm->vmcb->control; @@ -4344,6 +4397,9 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) case SVM_VMGEXIT_GUEST_REQUEST: ret = snp_handle_guest_req(svm, control->exit_info_1, control->exit_info_2); break; + case SVM_VMGEXIT_EXT_GUEST_REQUEST: + ret = snp_handle_ext_guest_req(svm, control->exit_info_1, control->exit_info_2); + break; case SVM_VMGEXIT_UNSUPPORTED_EVENT: vcpu_unimpl(vcpu, "vmgexit: unsupported event - exit_info_1=%#llx, exit_info_2=%#llx\n",