From patchwork Thu Nov 7 23:24:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dionna Amalie Glaze X-Patchwork-Id: 13867285 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2DA0F2194B2 for ; Thu, 7 Nov 2024 23:28:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022126; cv=none; b=Bm+IbHMZN5h6eAVSrELmp4vz5hBNjRdjuEATX1srJdme5dw589yLDjvIFIqor+Jn6qc+2ZhKDTLzgA1TBJb6OYPrJy1RQVSp5kgH7PgpTue7hSNuF9HSnxCI2Qz9ujFbfmlUOKbLP41K/YT+OJOoMLGFmM1hibWpTANhmbYLNTc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022126; c=relaxed/simple; bh=Jb7bsAHuq1g+F+AyFt83enXaiVLr1zlWcNhrBiuDpbE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=NNHUvvuNhbw4r94gPf2+X6lZH9yqq+JzaMnfmUhGE7douCsRu0YiQPc4/UMgMTEtzfu6uh3O1Cc6KkaUezsyTf6M+i9BItXOkmFIGfBx6FqUvXG8hucyvEV7zfZzIbBzo5U0YTxS7+kPUas/FYxTo91Sp/3VVnATELxqhlwje64= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=lHTcfKDz; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="lHTcfKDz" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-20e5df3e834so14474285ad.0 for ; Thu, 07 Nov 2024 15:28:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731022124; x=1731626924; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=te/cfPXpVlK1XxYIx1bZceEtuwPH7dTOHve13FO/vjw=; b=lHTcfKDzqh+LKNhPiVqUBJaLQjkfYZhAWmZpW/0zdlAQqlrdMTo8B34CGgksaMGUS8 iJMImm7838FMv+E133DwEChNc3nqr8/XXLjM8mltjYJwMjVNrJpj88mowOktnfEn0Ogc 2zLKTH1DT6UI4EhC905Do2OjsYJ/s4yo7xgUj3ocRKZjVSoEhr5yFgXOMU8EgLj/i3Wb Gyks7eA7CHqrZmuw4YtwLC8meW7o+yTeIuD+7F47aOTtCcWPt/r590Dgwo7ndtB7eDJT LByAukzGceCom1avHaY9Sp7zbMJdKnMKOsP+k6jH21oK6d9+oZah+hTaiLqkGfVvs7zx KHLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731022124; x=1731626924; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=te/cfPXpVlK1XxYIx1bZceEtuwPH7dTOHve13FO/vjw=; b=HcgvCH5kxWJqyozI/sOGM1iuPoMs7oifHhrOUQlWyi86LXC4JkPwLI8AlLBVmLZHnx zjuMjB3kkHPGobyVW1r3BeGeJN6Wnhv+YhRN4BgqVAMg4a1XJ62B8O4TDXhiWVU11AqI i1Hh3nGlq+8Vzh1HKPdGNfilM3cybbCahva8sI8ffLtak+r9mQrC8fRIWM11UBS4Wjur g5gBRnkJBCGCj5d1U4Y/11mOEnEDd7f38MeGpup9r6P8hxqeZrzG7zMuLHkEdhTXiTHV BMHEGH7kuseo4aklXpWinavcMHJiQJFBdLHVh/URNUSFeViLHbJ7G+XBWKxND7OC2fOY i/kg== X-Forwarded-Encrypted: i=1; AJvYcCWoHX2Ukz5ofSiuBDyTRRpnB1cndYv4UUwLfz1IePeOjl2cxpanLF2tp6YAUZSxdH48PSQ=@vger.kernel.org X-Gm-Message-State: AOJu0YzAYoLExt5Vo3gNGc7uQALlvsa20BV1e/oLgv+gU6oi5l29nEHE XLvQYt1TNG1ILP1tDKL9A+icvE48AT9a29ZXMiIKV+Aog2o/aNUBjLG2nJ1IbnpITo944vhlqIn RbnMUcfH/GBTW9ctQQEQLog== X-Google-Smtp-Source: AGHT+IHFPAiltfAOVNolJAl2h+HhOSP1M/MZxsyy6Dv9FYk8AEUT5WM30aZEucZ6W0XBVDTeoqUU8aas5mUiHtIsXw== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a17:902:8a87:b0:20b:bc4b:2bc4 with SMTP id d9443c01a7336-2118359a483mr25935ad.10.1731022124362; Thu, 07 Nov 2024 15:28:44 -0800 (PST) Date: Thu, 7 Nov 2024 23:24:41 +0000 In-Reply-To: <20241107232457.4059785-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241107232457.4059785-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241107232457.4059785-2-dionnaglaze@google.com> Subject: [PATCH v5 01/10] KVM: SVM: Fix gctx page leak on invalid inputs From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Brijesh Singh , Ashish Kalra , Michael Roth Cc: linux-coco@lists.linux.dev, Dionna Glaze , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , Alexey Kardashevskiy , stable@vger.kernel.org, kvm@vger.kernel.org Ensure that snp gctx page allocation is adequately deallocated on failure during snp_launch_start. Fixes: 136d8bc931c8 ("KVM: SEV: Add KVM_SEV_SNP_LAUNCH_START command") CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy CC: stable@vger.kernel.org Signed-off-by: Dionna Glaze Acked-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index c6c8524859001..357906375ec59 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2212,10 +2212,6 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp) if (sev->snp_context) return -EINVAL; - sev->snp_context = snp_context_create(kvm, argp); - if (!sev->snp_context) - return -ENOTTY; - if (params.flags) return -EINVAL; @@ -2230,6 +2226,10 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp) if (params.policy & SNP_POLICY_MASK_SINGLE_SOCKET) return -EINVAL; + sev->snp_context = snp_context_create(kvm, argp); + if (!sev->snp_context) + return -ENOTTY; + start.gctx_paddr = __psp_pa(sev->snp_context); start.policy = params.policy; memcpy(start.gosvw, params.gosvw, sizeof(params.gosvw)); From patchwork Thu Nov 7 23:24:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dionna Amalie Glaze X-Patchwork-Id: 13867286 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6B244219CB1 for ; Thu, 7 Nov 2024 23:28:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022129; cv=none; b=LcsBMbz8ryuPXvq5YTx+eR7/AeShQobQJL6nt8ZaxuNzxj84tKuQHKXjVIgXBDuM1eMAhrsCKTlzsmTjCnPFhmwYPYgJj70Kd7VXgQmO5UN4ENQI3KsO3TqNTr16VjwtBPwKG86zu5hcjksBZaNVSQTonkIqrXHL2YyF3Xz9MjE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022129; c=relaxed/simple; bh=ayby78yQOyjOz6ls+yE5cxTfghhQvc3yyzZlL7gs+bU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=E587HyikrAoz6s8cD9vagVyYDupHhPPqEv+GUfZiLok6xgoJD52d88yYd2lI6fcuI/i3V35P8/9d24oCmu16tC5t2NN5R1Oq2sppxa9WuYYTDVRNJ+SOkOXAa8VVNhEaHGC8W4yLcYX+kbA5O3h+9a3IptaBJjbfOQDQYlPhJP4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=WbGOVIs0; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="WbGOVIs0" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-6ea9618de40so27304357b3.3 for ; Thu, 07 Nov 2024 15:28:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731022126; x=1731626926; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=WmL++hD8fgHMSusvyHDFwqq57StgWysj/njcEHmccMk=; b=WbGOVIs05QBUu/kA+FtWQ6Ah9sHo6mDXK7iTFwS0M04KUafF529xhoIFIdV/STizsN m9BS9V2iO3vsGFT7QdWpMbbf8BVhnFeK4GESfNf4/FLs5B+hArggrfO+0BcdGU79qZ2w zwcmAvBRBnk3hsnTMm+8hWgGFdhClxjIE3idIHM2+Az4ToNihkkGBObgYxIoZte9dQ4J BPPOhXN7nr/RLIeZDPCVjuJ6j5szypZr1QCdkuFnd3Jf1th05otOnOO0X4GynZ3emycH JBkqtXHttdAnsmX13O8R9K3di9vHRch/xN0nF+tvPmWwFslgyvq1uQVw/O1xdNwSvFwR QKnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731022126; x=1731626926; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=WmL++hD8fgHMSusvyHDFwqq57StgWysj/njcEHmccMk=; b=hlDpXt30eD/UbJGYkbpoTdPNKA2qfCvNTujafQnfqgruY53eHwZY0xWhwvuobKafRO cVeb5Y6ymW/na6TIzn+EC9s11kn7OtlzRojnro/2vI/OI1PnOb9OY1pUh1pwmjiR4Vgq npvRC+o4rB1Aek5pxdjgYzsmvXd7ps63k1MSIn5kVsmHB82a8xwaWKdBSdWIQV1hDCWz nT4uGgfKoCb/ScOZx9z6jHzYzpEJI/9RrSaayGL/mdcHMdOXk8ewSVQnrPoEjnscgIs2 J0QB6MU/dXNxIA43YjcLatVh3MTSA0f/VBY6pWs4V0K3HRfBvmmn7/WrMh0gzsBu08kc FN1Q== X-Forwarded-Encrypted: i=1; AJvYcCW1EI5hfiaFNgGmREmIeo8hSQxp5toBFJf5f1MPL/SM3CxPY1gNOVe47PXYcBCanEkSK2Q=@vger.kernel.org X-Gm-Message-State: AOJu0Yx8y8K67NgBZOH4THBShmjetG7as9O0XmAVDC+FTes/gnI/DPOP Iestw7DP0TA0fZz7BqRe5d1CjBsrUoOE98tMso+6XzBgfc2ZxDFSYH0/dLUBwIhR9M/F1m4IWLi WjL8f4SohNN6cVCGiXH2kcw== X-Google-Smtp-Source: AGHT+IHZp/clRKmQZ8fJk7ELtkAKGCrs2CU91VNe+31QXmURSkfx5SINiU/puhbXGTHvPt4yQyv2DjU9QK+SpStkvA== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a05:690c:7307:b0:6ea:3c62:17c1 with SMTP id 00721157ae682-6eaddd75f83mr94917b3.1.1731022126529; Thu, 07 Nov 2024 15:28:46 -0800 (PST) Date: Thu, 7 Nov 2024 23:24:42 +0000 In-Reply-To: <20241107232457.4059785-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241107232457.4059785-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241107232457.4059785-3-dionnaglaze@google.com> Subject: [PATCH v5 02/10] KVM: SVM: Fix snp_context_create error reporting From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Ashish Kalra , Brijesh Singh , Michael Roth Cc: linux-coco@lists.linux.dev, Dionna Glaze , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , Alexey Kardashevskiy , stable@vger.kernel.org, kvm@vger.kernel.org Failure to allocate should not return -ENOTTY. Command failure has multiple possible error modes. Fixes: 136d8bc931c8 ("KVM: SEV: Add KVM_SEV_SNP_LAUNCH_START command") CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy CC: stable@vger.kernel.org Signed-off-by: Dionna Glaze --- arch/x86/kvm/svm/sev.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 357906375ec59..d0e0152aefb32 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2171,7 +2171,7 @@ static void *snp_context_create(struct kvm *kvm, struct kvm_sev_cmd *argp) /* Allocate memory for context page */ context = snp_alloc_firmware_page(GFP_KERNEL_ACCOUNT); if (!context) - return NULL; + return ERR_PTR(-ENOMEM); data.address = __psp_pa(context); rc = __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_GCTX_CREATE, &data, &argp->error); @@ -2179,7 +2179,7 @@ static void *snp_context_create(struct kvm *kvm, struct kvm_sev_cmd *argp) pr_warn("Failed to create SEV-SNP context, rc %d fw_error %d", rc, argp->error); snp_free_firmware_page(context); - return NULL; + return ERR_PTR(rc); } return context; @@ -2227,8 +2227,8 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp) return -EINVAL; sev->snp_context = snp_context_create(kvm, argp); - if (!sev->snp_context) - return -ENOTTY; + if (IS_ERR(sev->snp_context)) + return PTR_ERR(sev->snp_context); start.gctx_paddr = __psp_pa(sev->snp_context); start.policy = params.policy; From patchwork Thu Nov 7 23:24:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dionna Amalie Glaze X-Patchwork-Id: 13867287 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3387321C170 for ; Thu, 7 Nov 2024 23:29:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022142; cv=none; b=gdyZ2JiaHaqtgSjYmthZdrg9Qrm1xUo4y668oeIL7tM/megcLJhvGo+B6Eqqt0GRB+U/u3JJg9BcFWJd2iBrUPnTTzFpeZNtm0wHOO+bR2BL7VaMRJzoIKY9hZMV3Nuiav8bSq2Bo1B8M2Md+i5YQ4H9Q/HyswWFigBl6y26/3M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022142; c=relaxed/simple; bh=6WWSW1vJ35TJDlbJJB5qq6nYTs9fwiNRbSVBdPgx3NQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=t2bncRw7crBGKqjXaxI7u5n14Ger3m9IWm6Papf40Rd++Fwv9LdHhWQ2A94nhHKGcBttL1Ih7WFdCVdgh9TGooLP+2kSxWYk3x6ArqPuRjgQ0KXn2TXrmEGmNS3H++nvHH/T11dTxfB7ObLtliFry8EE5+k3uOCbjB7odx6pD5I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=t9n5jryM; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="t9n5jryM" Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-7202dfaa53fso1842053b3a.0 for ; Thu, 07 Nov 2024 15:29:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731022140; x=1731626940; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Vd/jtJnQGf9IB3+kXNQoV6T2je6UfO6DAehiOVa2s+o=; b=t9n5jryMvuxkkLWzOEvxOf01La2djguOC4Dy8Pi7tlZFHGjTvc3fxMJXG70s6oFVdo LQKfu6pHNNaGvzbwgppBXuvphJU8kBe/+DE+Q3pV27iNIO9NUwxZkprJumGYosp2BELU tB5RZ1YgLlSGRWoXc8CdWsritPKklLh4GMjBpjExxdv33XtSYfv9dzdw0JzQ9AQqD5Qh LaRjJQN8dSeasmH3IIJodo84UiRgM7hQwcf1G08fBQN7HK/A+AbG45BE0sgfBiFKpSus TbXH+dckazAnqosLEulcJKWWVZghweLe+jGQrsm1A492gIV06nkEYJO+/7Qonbjxcysq 5SaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731022140; x=1731626940; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Vd/jtJnQGf9IB3+kXNQoV6T2je6UfO6DAehiOVa2s+o=; b=Lk/Iv1/NnmAK1C9LQIFWGobmLSTSGZhtkG/OrT8uw0FdWopcHoSrtMlDIfc/6bz0st DmR6qjTFxwyVV10D9NHETdKcmd8bZ8O05b9ZlbuTg1WeeSIR0T1H4HOwcSg/4TTmgA0o 9PtZfdrMVLxelmJFY1O5FcgMzIbGQEownabdzki22nIAlfT/RRSOoPSpv1wKmEiVojQY 2BqQpVyOw2kQE0MsGd5W1aCjwe7f7fjr8pLFfXfy0GJwsfigT1dzKin3+2GumWhgYIde 5VXq1uHeX1XQwvYPcXOrkIvqxo5RM5+TQBbpDsu+iOUr4PhjQHdB1yFy3ZX6RKaRxT2X SMhg== X-Forwarded-Encrypted: i=1; AJvYcCWEv39pon1oemzN39qYDcIvtakcaOjGCQPEJvwCDuysDwu5k2Jef3lC1wdIq8FNj6oFYbE=@vger.kernel.org X-Gm-Message-State: AOJu0Yw3K4kDiO9FIZTdZbX7cDj8Th8QpMlcM/MrfzeUzu8fG2xIBvFA PGjJpSUL1xndbmr6KGYtuO5VGH/9KMJSqjXbdC6P+ewz17oU41h0aPWsxctbuQ6vW8N6eYqGXkU pOe3wThoNHQgAXk5R5AWnOA== X-Google-Smtp-Source: AGHT+IG3FN+utE5DtZk1yqn4OdrPXgq7d6fljLLlDC+Gkt63/91sIHkgMPRqozoEz65kcTQskewlqi/wialMoW0yqA== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a62:b401:0:b0:71e:5f55:86f1 with SMTP id d2e1a72fcca58-724133cd470mr5045b3a.5.1731022140524; Thu, 07 Nov 2024 15:29:00 -0800 (PST) Date: Thu, 7 Nov 2024 23:24:48 +0000 In-Reply-To: <20241107232457.4059785-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241107232457.4059785-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241107232457.4059785-9-dionnaglaze@google.com> Subject: [PATCH v5 08/10] KVM: SVM: move sev_issue_cmd_external_user to new API From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" Cc: linux-coco@lists.linux.dev, Dionna Glaze , Michael Roth , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , Alexey Kardashevskiy , kvm@vger.kernel.org, linux-crypto@vger.kernel.org ccp now prefers all calls from external drivers to dominate all calls into the driver on behalf of a user with a successful sev_check_external_user call. CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy Signed-off-by: Dionna Glaze --- arch/x86/kvm/svm/sev.c | 18 +++++++++++++++--- drivers/crypto/ccp/sev-dev.c | 12 ------------ include/linux/psp-sev.h | 27 --------------------------- 3 files changed, 15 insertions(+), 42 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index d0e0152aefb32..cea41b8cdabe4 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -528,21 +528,33 @@ static int sev_bind_asid(struct kvm *kvm, unsigned int handle, int *error) return ret; } -static int __sev_issue_cmd(int fd, int id, void *data, int *error) +static int sev_check_external_user(int fd) { struct fd f; - int ret; + int ret = 0; f = fdget(fd); if (!fd_file(f)) return -EBADF; - ret = sev_issue_cmd_external_user(fd_file(f), id, data, error); + if (!file_is_sev(fd_file(f))) + ret = -EBADF; fdput(f); return ret; } +static int __sev_issue_cmd(int fd, int id, void *data, int *error) +{ + int ret; + + ret = sev_check_external_user(fd); + if (ret) + return ret; + + return sev_do_cmd(id, data, error); +} + static int sev_issue_cmd(struct kvm *kvm, int id, void *data, int *error) { struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index f92e6a222da8a..67f6425b7ed07 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -2493,18 +2493,6 @@ bool file_is_sev(struct file *p) } EXPORT_SYMBOL_GPL(file_is_sev); -int sev_issue_cmd_external_user(struct file *filep, unsigned int cmd, - void *data, int *error) -{ - int rc = file_is_sev(filep) ? 0 : -EBADF; - - if (rc) - return rc; - - return sev_do_cmd(cmd, data, error); -} -EXPORT_SYMBOL_GPL(sev_issue_cmd_external_user); - void sev_pci_init(void) { struct sev_device *sev = psp_master->sev_data; diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index ed85c0cfcfcbe..b4164d3600702 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -860,30 +860,6 @@ int sev_platform_init(struct sev_platform_init_args *args); */ int sev_platform_status(struct sev_user_data_status *status, int *error); -/** - * sev_issue_cmd_external_user - issue SEV command by other driver with a file - * handle. - * - * This function can be used by other drivers to issue a SEV command on - * behalf of userspace. The caller must pass a valid SEV file descriptor - * so that we know that it has access to SEV device. - * - * @filep - SEV device file pointer - * @cmd - command to issue - * @data - command buffer - * @error: SEV command return code - * - * Returns: - * 0 if the SEV successfully processed the command - * -%ENODEV if the SEV device is not available - * -%ENOTSUPP if the SEV does not support SEV - * -%ETIMEDOUT if the SEV command timed out - * -%EIO if the SEV returned a non-zero return code - * -%EBADF if the file pointer is bad or does not grant access - */ -int sev_issue_cmd_external_user(struct file *filep, unsigned int id, - void *data, int *error); - /** * file_is_sev - returns whether a file pointer is for the SEV device * @@ -1043,9 +1019,6 @@ sev_guest_activate(struct sev_data_activate *data, int *error) { return -ENODEV; static inline int sev_guest_df_flush(int *error) { return -ENODEV; } -static inline int -sev_issue_cmd_external_user(struct file *filep, unsigned int id, void *data, int *error) { return -ENODEV; } - static inline bool file_is_sev(struct file *filep) { return false; } static inline void *psp_copy_user_blob(u64 __user uaddr, u32 len) { return ERR_PTR(-EINVAL); } From patchwork Thu Nov 7 23:24:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dionna Amalie Glaze X-Patchwork-Id: 13867288 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 80CB021C189 for ; Thu, 7 Nov 2024 23:29:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022145; cv=none; b=QzV0FbNZpMFPdriCHW8CljCm/MnhzoNXiXMbujDYoumJGBA2Y3r6OhUFd3887yI+fRefrZFlYZP01LHxbNFgFUZ0OXnUwoOs67Zu/X8RhRlUaj21mEZEk4tSyXjDxeVyPE4KkDgOAtz0inmoLOmXk82qzMPcjfEJpSPClKUwA04= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022145; c=relaxed/simple; bh=1I6XFvUtmCom2RZyjUxF7YPvoFnwsK/7UmqVzImMUPU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=S2eYhUJTd5ddp5GfTzZ4dBznXuxG9MgYK1jutqkTGI1/z+ZMkFsLisx7BPFBqbCKB0Rmw6xCIHrMJgkFie+oUGqJ4WI7nSamCn86Splf1uzJ3UZx/Z1F2SDfqzqZmacY+7ysHSuhRfL1kWI6xBJorL9IHMSuD4ECdiOHsUX1aqA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=J4dEhn4k; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="J4dEhn4k" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-20d54663b3fso14810505ad.0 for ; Thu, 07 Nov 2024 15:29:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731022143; x=1731626943; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=6Qcg1fuqFpd6J4LqEu191n3/4PbMXxCo3T2JUFbEGZc=; b=J4dEhn4kNJzn033fZjqurEcfCqnViIII/QHBYnup2gy17ZYz6rrplNX0Ta3LD2auxA UwVkNDqV9W6Jzb96ScgvQMo+CRlO4SO6xVmeDdM+VcHJPYFbZX06WQSqpd0x9aFtFM4s rQWsbQgVPsUXeWqTvc2bBU4LK5McfqrhTkBKXx2crY6KcCoxuEpK5lZKH3vqsqGPm3cu M45F+21ll6fNohFUlZzsqQXyJCeNkfI4jP/Xq3PuY3/TbZObiWYhFpR+9431HFxWOaCg pYZLIca9WF0fHU110n2lzCuG5CPxuUVcSVIc7xrIxS/l//Atazru9zWDnqNdkO542jAw qjVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731022143; x=1731626943; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=6Qcg1fuqFpd6J4LqEu191n3/4PbMXxCo3T2JUFbEGZc=; b=pwoRT5rNw3pqnI2HABOnYXEP2NyvSnsvfRHKZ6b+Pd4ukKGJejHLvKxhvyGmxcXNkx 5wAjXTvcCiKFrOecTwPY77a5JdpPfZ7C5LFM7ohPjEyEXvBCw/4XbHx7cGP5lNzBxX+c SBG9Jf4Ef+z94J7h3ckpiAnSbp6fR7JCwkcRIC2BnvbQf7S2NtmrCTHIgyoSbkrcG6Af 7cIQoyJePNesWmIJZFJIEowtRc8yT8IDYaB72nETYuKvWSlPnGy1q1LD2/aZjBuVl0aI dGjTzBZDMuaThv7DJTpHLygOMjpogBgMh4sCFmm5jaxMLbOOOFgoNVfNKYVkuZidfx1J FDNA== X-Forwarded-Encrypted: i=1; AJvYcCXii8NcCenx0LOCPl1d2IdRd7vG0UNYo6Bqd06o+bnKuxacjbfpy2k/TWhzvH3chLJucs0=@vger.kernel.org X-Gm-Message-State: AOJu0YzTF/CxakDDUxR64tPlsjz4Xf/KDHghdhORkcg4J6XH0ga1GdFO gqWtClonLRKbHs9gcGMhRWqMzY3pa6WVEEr025qdJppk1ydyYxZaVXZh07efaOBsZI7uCT1UF7w AuT1xp/j380ru3jmYfg56OA== X-Google-Smtp-Source: AGHT+IGwHbIEmNZ/RBKktF+iIBZkwlEOgQl3w9w6Ss/EO+FVqyDtTE308o2deCvUylBHP84P1pav03ZGURiZtPBoiw== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a17:902:6b48:b0:211:4a37:bfed with SMTP id d9443c01a7336-211834f5ea4mr13955ad.4.1731022142705; Thu, 07 Nov 2024 15:29:02 -0800 (PST) Date: Thu, 7 Nov 2024 23:24:49 +0000 In-Reply-To: <20241107232457.4059785-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241107232457.4059785-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241107232457.4059785-10-dionnaglaze@google.com> Subject: [PATCH v5 09/10] KVM: SVM: Use new ccp GCTX API From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" Cc: linux-coco@lists.linux.dev, Dionna Glaze , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Michael Roth , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , Alexey Kardashevskiy , kvm@vger.kernel.org Guest context pages should be near 1-to-1 with allocated ASIDs. With the GCTX API, the ccp driver is better able to associate guest context pages with the ASID that is/will be bound to it. This is important to the firmware hotloading implementation to not corrupt any running VM's guest context page before userspace commits a new firmware. CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy Signed-off-by: Dionna Glaze --- arch/x86/kvm/svm/sev.c | 74 ++++++++++++------------------------------ 1 file changed, 20 insertions(+), 54 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index cea41b8cdabe4..d7cef84750b33 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -89,7 +89,7 @@ static unsigned int nr_asids; static unsigned long *sev_asid_bitmap; static unsigned long *sev_reclaim_asid_bitmap; -static int snp_decommission_context(struct kvm *kvm); +static int kvm_decommission_snp_context(struct kvm *kvm); struct enc_region { struct list_head list; @@ -2168,51 +2168,12 @@ int sev_dev_get_attr(u32 group, u64 attr, u64 *val) } } -/* - * The guest context contains all the information, keys and metadata - * associated with the guest that the firmware tracks to implement SEV - * and SNP features. The firmware stores the guest context in hypervisor - * provide page via the SNP_GCTX_CREATE command. - */ -static void *snp_context_create(struct kvm *kvm, struct kvm_sev_cmd *argp) -{ - struct sev_data_snp_addr data = {}; - void *context; - int rc; - - /* Allocate memory for context page */ - context = snp_alloc_firmware_page(GFP_KERNEL_ACCOUNT); - if (!context) - return ERR_PTR(-ENOMEM); - - data.address = __psp_pa(context); - rc = __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_GCTX_CREATE, &data, &argp->error); - if (rc) { - pr_warn("Failed to create SEV-SNP context, rc %d fw_error %d", - rc, argp->error); - snp_free_firmware_page(context); - return ERR_PTR(rc); - } - - return context; -} - -static int snp_bind_asid(struct kvm *kvm, int *error) -{ - struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; - struct sev_data_snp_activate data = {0}; - - data.gctx_paddr = __psp_pa(sev->snp_context); - data.asid = sev_get_asid(kvm); - return sev_issue_cmd(kvm, SEV_CMD_SNP_ACTIVATE, &data, error); -} - static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp) { struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; struct sev_data_snp_launch_start start = {0}; struct kvm_sev_snp_launch_start params; - int rc; + int rc, asid; if (!sev_snp_guest(kvm)) return -ENOTTY; @@ -2238,14 +2199,19 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp) if (params.policy & SNP_POLICY_MASK_SINGLE_SOCKET) return -EINVAL; - sev->snp_context = snp_context_create(kvm, argp); + rc = sev_check_external_user(argp->sev_fd); + if (rc) + return rc; + + asid = sev_get_asid(kvm); + sev->snp_context = sev_snp_create_context(asid, &argp->error); if (IS_ERR(sev->snp_context)) return PTR_ERR(sev->snp_context); start.gctx_paddr = __psp_pa(sev->snp_context); start.policy = params.policy; memcpy(start.gosvw, params.gosvw, sizeof(params.gosvw)); - rc = __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_LAUNCH_START, &start, &argp->error); + rc = sev_do_cmd(SEV_CMD_SNP_LAUNCH_START, &start, &argp->error); if (rc) { pr_debug("%s: SEV_CMD_SNP_LAUNCH_START firmware command failed, rc %d\n", __func__, rc); @@ -2253,7 +2219,7 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp) } sev->fd = argp->sev_fd; - rc = snp_bind_asid(kvm, &argp->error); + rc = sev_snp_activate_asid(asid, &argp->error); if (rc) { pr_debug("%s: Failed to bind ASID to SEV-SNP context, rc %d\n", __func__, rc); @@ -2263,7 +2229,7 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp) return 0; e_free_context: - snp_decommission_context(kvm); + kvm_decommission_snp_context(kvm); return rc; } @@ -2874,26 +2840,26 @@ int sev_vm_copy_enc_context_from(struct kvm *kvm, unsigned int source_fd) return ret; } -static int snp_decommission_context(struct kvm *kvm) +static int kvm_decommission_snp_context(struct kvm *kvm) { struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; - struct sev_data_snp_addr data = {}; - int ret; + int ret, error; /* If context is not created then do nothing */ if (!sev->snp_context) return 0; - /* Do the decommision, which will unbind the ASID from the SNP context */ - data.address = __sme_pa(sev->snp_context); + /* + * Do the decommision, which will unbind the ASID from the SNP context + * and free the context page. + */ down_write(&sev_deactivate_lock); - ret = sev_do_cmd(SEV_CMD_SNP_DECOMMISSION, &data, NULL); + ret = sev_snp_guest_decommission(sev->asid, &error); up_write(&sev_deactivate_lock); - if (WARN_ONCE(ret, "Failed to release guest context, ret %d", ret)) + if (WARN_ONCE(ret, "Failed to release guest context, ret %d fw err %d", ret, error)) return ret; - snp_free_firmware_page(sev->snp_context); sev->snp_context = NULL; return 0; @@ -2947,7 +2913,7 @@ void sev_vm_destroy(struct kvm *kvm) * Decomission handles unbinding of the ASID. If it fails for * some unexpected reason, just leak the ASID. */ - if (snp_decommission_context(kvm)) + if (kvm_decommission_snp_context(kvm)) return; } else { sev_unbind_asid(kvm, sev->handle); From patchwork Thu Nov 7 23:24:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dionna Amalie Glaze X-Patchwork-Id: 13867289 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EC8AC21FD94 for ; Thu, 7 Nov 2024 23:29:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022147; cv=none; b=p9CuIe7gIIrKDvXJe8+xGKpoT1aOnEoi5Tr/UfYWJH72jBsnjAVAYbrSKivrPSiYe02H7fwBbcFrapb2VHPq3cI8d3ftHKZ1tUXiCK+wAZUcr/bYUEGfqZc6KIrmHHNFsdNlCGPvSQLyEMzsFsJVwXz0U5hMrmT1tJvnUHMbTi0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022147; c=relaxed/simple; bh=oDf5npMGctxHpj3CKUaehkTMFi9Hydj7j17liXjYHhE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=JaQKnFeypQyab/mneEqzvSfWUw2EWOuTUYqZtQhnMorqp2gA4LVgAt+C+SmYrZfb/73IGhZ9jg8KTpgAyNDCyttabadpw8Y6daP9MENS5Trj3IUlyITlQdboaIhzjUxPL6KqdQUa97oGsLgrkAp3p5ZsHye7Z+Xnk3K42kHwID4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=lztmseW3; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="lztmseW3" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-e2971589916so2474828276.3 for ; Thu, 07 Nov 2024 15:29:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731022145; x=1731626945; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=F4EqUUsFU0J919p2J42QwMUZuZnKtrumICd6dLkgNZs=; b=lztmseW3v4NV8M40L8TXDId30L5uTXMtKkJTJsPaVGqh0i7hb8DSLwPaKUHhcysbM4 JG8picOmuQZHHYtfNrsm/Izm+xO0Au9dsuWGvMB5omHTtm4JcLQpA+dlGS+4AicwKXK4 3F2zqeYZwaV5IJ+nGem4Hu5H8x71IRWiHOdZop7FJX4SKEi3Jdmglio6SMApLodSIO+S naQlYbB2t4zd6wMUZgwL2qYTITNkdkGCfidmvIACUciqqUqLNI66INETKiV+ifxseT5I xQ9Xy+hOBJxFY0f6M1v3GQIZq5ysp4D0KGXjVWPMaMgTHsy7vrO0z3OPLZs1cd2e+qUP mb8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731022145; x=1731626945; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=F4EqUUsFU0J919p2J42QwMUZuZnKtrumICd6dLkgNZs=; b=kv9XPMU5BIhNje2O5NwV3Be/lLVHpa1Bvx7YkDOXxSJnpSdNLzohq+JM70WLQS9+Qh K850uKTAgAhzq3Q9u5myKcClrPdQs/CsAfq7traMzdpRNxrUluhmeAjY8rO0R2HKGF9V lVBUrfqC0kqexqeMyS6xaKKGn1c14AcdevhjurjMqUfn7j9/jt8RGUGb3GNCh1Fv4lJr OKLrRUQBq6+ju8xxLFD3bdLMrCswORj6VoAuRtUENdSzpy9FuXfuHEwqfiqeM5XwLZsT H9rGujNR1ssVth6hYDpFu43SJw4CJX5HyE/e+PzfJivREjavVZbVot8mgX+0Ni1gZJao NxfA== X-Forwarded-Encrypted: i=1; AJvYcCWA8hTI5pqcbTRPJbrqBUVk8D2A8AG8r2uEe2xM3ZvmdCDJbmrY4BU9wE3qbxIDYrhMsv8=@vger.kernel.org X-Gm-Message-State: AOJu0YzVaMKGBruiI/7/sfnuBDO+Md+UcIQtJT0S2UylxcALLILNuZBY 5CMfOi0O0ihFtOnvKyo5JGSreVWI+5P6PB5H6FPRYQPhbHyGaJJ17HOZHis3SYMOXDyzyw6xNr1 3wRfEk1LV5CBtMumfvWrGUQ== X-Google-Smtp-Source: AGHT+IGrBfMJ43qCU7+eNDzkJD2pCLgwnrrbQ3tGEDXhIoI6iYi0P5BCV+iCp8PyeRrxNd5WKW1AEJAk1vzAol0aBw== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a25:add3:0:b0:e30:c43a:d36b with SMTP id 3f1490d57ef6-e337f8ed8b0mr579276.10.1731022144758; Thu, 07 Nov 2024 15:29:04 -0800 (PST) Date: Thu, 7 Nov 2024 23:24:50 +0000 In-Reply-To: <20241107232457.4059785-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241107232457.4059785-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241107232457.4059785-11-dionnaglaze@google.com> Subject: [PATCH v5 10/10] KVM: SVM: Delay legacy platform initialization on SNP From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" Cc: linux-coco@lists.linux.dev, Dionna Glaze , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Michael Roth , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , Alexey Kardashevskiy , kvm@vger.kernel.org When no SEV or SEV-ES guests are active, then the firmware can be updated while (SEV-SNP) VM guests are active. CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra Reviewed-by: Ashish Kalra Signed-off-by: Dionna Glaze --- arch/x86/kvm/svm/sev.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index d7cef84750b33..0d57a0a6b30fc 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -444,7 +444,11 @@ static int __sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp, if (ret) goto e_no_asid; - init_args.probe = false; + /* + * Probe will skip SEV/SEV-ES platform initialization in order for + * SNP firmware hotloading to be available when SEV-SNP VMs are running. + */ + init_args.probe = vm_type != KVM_X86_SEV_VM && vm_type != KVM_X86_SEV_ES_VM; ret = sev_platform_init(&init_args); if (ret) goto e_free;