From patchwork Mon Jan 6 12:46:21 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13927388 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2067.outbound.protection.outlook.com [40.107.236.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E2F60524F; Mon, 6 Jan 2025 12:47:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.67 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167637; cv=fail; b=IhqqBBlPgCPWyh5e1D7qbPjT5PbA7dhAlmOrZdPGzWKtLfe5GDfQtE9uexwW6yGXdOb6C5SJrDyTRbLW0FQDbYPz9njMlQnciLQU8SHM2Xp6j0QLyFDY8XEMChFw47OmaLZYXiMPk7WK52GSztENWgD7Oa5s55OYvmOauoYNMho= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167637; c=relaxed/simple; bh=tBbe5Ql2xsYAQyh2i9G7IOX4cl9l5ObRbbFHhcjvsTM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=FOH1QrEGDGmGThWcnx12wbMAi8qN/UVgfy7uXaf3dhjmvJBJsDOkZn/6oa3bC/kOD7WJ6uxbLzTNuURjzOsoy7QOa7NmoM4y1K+2qMXn90ipAtiNnAV6MaNH5JffrNryWI4gh1+B5AqnhwRXs38S609DjT9COh/sUBAkvc7ikBI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=LG9mKTXI; arc=fail smtp.client-ip=40.107.236.67 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="LG9mKTXI" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=aMlODoy7yqjJ9r1XxZihTrZ2IoJCTfEJPqh55M1FqOubWJnTKNaiK+wTR/Ulrl6ELBuFmHq48EAkM3NuS7TfBbbcQA+GBTrsnrJeVaw1AvhFXu1VQS4qahOdLcTUEpzqNKRHyOM9ODmwfKRxWKonwFgxnZE5P/XBh7MJNmPJURudZpFwqlqXk/dWIpFf9q73mYnRAuImParKzfLwYJ6V/tVXAZUc8AX29oak57EDMlstdUYRwr+M2y04/ePp7utCbULFSRCFUsAsQFkQr15OveuasGV/2dOCdWt7oUOTGBYu41o7h8Yt9pAMIvfWQUf4X6jfWvY/YF4uucrqnB2iEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BU6FsDHfqlYHB99GM2i0SepixtliORC0TggV153a7Ro=; b=hWiKQqOcXVfFGUr01Pt78wf/HR6xT9mIjFFY/TtGiE3LIWkEIWz3KA3wS/ZypNDxHRhVQKZh0HFqLxEEWgw+Agrtt0DpG9kP7pG0Zpqzk3dGCgrhQHPOeBictkfWiwFfYP12N8R+b3s1rj3mftScB7yiDA5DrhncnzgedUwL1Z3qHiA92HRQuHMR6onx4/iclzaNKjIqs6kYlQZ4TuYH/nDNAHwPP/jkohTgcowhydQEq1voZI6FgR7H2JaZVVaHGvw2n7IQEIHbWPj5bIXgOUm8uFS2J21Q4fGoeX7S8XAJyZcf6peX9gGstXzV5aZkeTpoPQ4nYH3lvVAF897nbw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BU6FsDHfqlYHB99GM2i0SepixtliORC0TggV153a7Ro=; b=LG9mKTXIA9DqgF+MXShfAlonqLey+/MUgicVeImTMW7pb6iRYu67V6TJCZN9Elm92yuFolr5KLhJsJqGQv/kXqnpJLDe6B6e0AMnb4iMuYdNPDIN6JCW9lo6mUAW5sSjN83DvMOY/+iH8WbDVhHqSdEv3aBuwq3VxeR90ARYhAI= Received: from PH7P221CA0013.NAMP221.PROD.OUTLOOK.COM (2603:10b6:510:32a::9) by IA0PR12MB8894.namprd12.prod.outlook.com (2603:10b6:208:483::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.18; Mon, 6 Jan 2025 12:47:03 +0000 Received: from CY4PEPF0000EDD6.namprd03.prod.outlook.com (2603:10b6:510:32a:cafe::1c) by PH7P221CA0013.outlook.office365.com (2603:10b6:510:32a::9) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8314.17 via Frontend Transport; Mon, 6 Jan 2025 12:47:03 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EDD6.mail.protection.outlook.com (10.167.241.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Mon, 6 Jan 2025 12:47:03 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 6 Jan 2025 06:46:57 -0600 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v16 01/13] virt: sev-guest: Remove is_vmpck_empty() helper Date: Mon, 6 Jan 2025 18:16:21 +0530 Message-ID: <20250106124633.1418972-2-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250106124633.1418972-1-nikunj@amd.com> References: <20250106124633.1418972-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EDD6:EE_|IA0PR12MB8894:EE_ X-MS-Office365-Filtering-Correlation-Id: 138d52c6-b09e-4163-d436-08dd2e50384d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|36860700013|7416014|376014|1800799024; X-Microsoft-Antispam-Message-Info: urotcq0NZXIQn38J2m8Z2Viqty5d05wZDMYz+cyG5IRymeUAQARDD8+GsCgMCoLXXcs0NKk/s2eyH43csV/w2cau+xWYJUgejQ4U+DlWO0Y+U1zXSdzsyCJnnOeHn/e4Nio1ojvzxh/PKSGLiRJGsMRFY6FGG6rJiz/Ye1MM1H5kywewoJ+WYgD+iovJ03I1SqgDBU9zq2hbu/ylXIYkaJGoRvvnkZNpvCK5Co9FqtpyYSl49pkyMkTd7w2woZP6h0GDkynACZG4u9T2etAov21q93K1ZKfMRwOH/p2xIRErpJOaomV3bnfWy2nEGz0huL6RwlHiZNugV0e/hZj2T5KkLQCqphYGMUd/jNBw4y4b5RA1eL+7gBvRQ1tWYFdyNPuLZsPKqS8PKfGDVDGO69A36T1VEmRfeED2cLiLGOqSuskca5HMIgjoiZL7T6Uav6paFtMmYLgd0vOidrDxPTZzKfj+7mxvCoACNV1yXUX7NNzFDqzrm9A7gZcXTP+4XqfHbkvCaZznmFa8w8shLejnRUcmbt6OapQk6LBFr2IzgekzKHRKxDYORXpVphh1QbS0qch14BrOj+jArAm8gt5dohQuz8TuQ9oKZgxR7tXW+flAy0MfgD7jG8h5BsKoJaKJTpcONHi8yy5HP1oBfbU8annIIpnUUidtuldijPQ6y2QnuAw59CboXOyDh7gHhBHBO0655Rae6GwOwNXjMJwLQiGs2KWV8iWQmb4DUTn50pi3wDmhEG7eriEURacj/x0/fFDuv/ib6HYPKYpQNNyKAXcQ4tj9sC5ixPQIvaGB5aZQ8W2bxz1MDBzc7xvwmJjkWu8aPv4+Qq40KP30fjjI/f8Yh3WELe7TKWfeKibi/MMQdeVMRQp5puzC/wUlz1D2/eEkQ+ve7hHF1E7i3kBRloHmP5UJXNDWpF9ZAHKUZE2YQGmkeobRSUmEILqIv3bY0Bwrbt6+O3/qTID9T556/NYu2DymsZSTsSjPZXmxTNhPjvlFCv71KMvBF4WRm+YkRV9ZgzJxkFJzwujLZRWxCFvAhjPoG5+CZk/6zzYqupvYEsSvKEGDI4Pk/T3xHCk5j+LS+rjblhvmADzMJLfLG+AJUyu/Te3nUp9jfk4WdQFxzgHlQan6p/twzlTUBIqfZz3BtUFCATUopCW34LH1jRvHOSiZQKV+fjscF6luhG4aSXPsbzZzQh4lRNoO7OGtYlrlEURc0kvkUq9IKUMgzOB7IIK0qFnoaafGAcitGpnEfdB73smDzSUBhFeCTm00Aczd2HEg3NOqsLj6A5yBpBPrxZHWk2d8bjiWFHnGWS9cEJRLegCeFxRMZqa+4IKbrNzYaQ4oHKNF2GM3SssDFp2lmNNCORsBGcsaXhDS4PH/MJiZKTTx8prKJtmU+xIZEK7nEcIfRZi6N8fUe4Dl4bMAGIIs5/aGpKfV4EUnetpEhA98ABHu/RSjN1NJGzMN2u3px3+U+gEDkeh+mNkIxOi99R5Avk8E/lHgH/g= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(7416014)(376014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jan 2025 12:47:03.1645 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 138d52c6-b09e-4163-d436-08dd2e50384d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EDD6.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR12MB8894 Remove the is_vmpck_empty() helper function, which uses a local array allocation to check if the VMPCK is empty. Replace it with memchr_inv() to directly determine if the VMPCK is empty without additional memory allocation. Suggested-by: Borislav Petkov Signed-off-by: Nikunj A Dadhania Reviewed-by: Tom Lendacky --- drivers/virt/coco/sev-guest/sev-guest.c | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index b699771be029..62328d0b2cb6 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -63,16 +63,6 @@ MODULE_PARM_DESC(vmpck_id, "The VMPCK ID to use when communicating with the PSP. /* Mutex to serialize the shared buffer access and command handling. */ static DEFINE_MUTEX(snp_cmd_mutex); -static bool is_vmpck_empty(struct snp_msg_desc *mdesc) -{ - char zero_key[VMPCK_KEY_LEN] = {0}; - - if (mdesc->vmpck) - return !memcmp(mdesc->vmpck, zero_key, VMPCK_KEY_LEN); - - return true; -} - /* * If an error is received from the host or AMD Secure Processor (ASP) there * are two options. Either retry the exact same encrypted request or discontinue @@ -335,7 +325,7 @@ static int snp_send_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_r guard(mutex)(&snp_cmd_mutex); /* Check if the VMPCK is not empty */ - if (is_vmpck_empty(mdesc)) { + if (!mdesc->vmpck || !memchr_inv(mdesc->vmpck, 0, VMPCK_KEY_LEN)) { pr_err_ratelimited("VMPCK is disabled\n"); return -ENOTTY; } @@ -1024,7 +1014,7 @@ static int __init sev_guest_probe(struct platform_device *pdev) } /* Verify that VMPCK is not zero. */ - if (is_vmpck_empty(mdesc)) { + if (!memchr_inv(mdesc->vmpck, 0, VMPCK_KEY_LEN)) { dev_err(dev, "Empty VMPCK%d communication key\n", vmpck_id); goto e_unmap; } From patchwork Mon Jan 6 12:46:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13927389 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2050.outbound.protection.outlook.com [40.107.92.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8376D433CE; Mon, 6 Jan 2025 12:47:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.50 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167638; cv=fail; b=Iw51dfGWuJFttPkTpR265wI6cpAnbDpK0FqNie+JF0rvgogW2hqgi7ZC7AFUmjMFB2F7xkufY9CFAzvUd+/SdnRV1LQLSoOu7XvyRLPTQoC62S0mUBDG7SPRQPgBpIijr5vxj1HNxXJccPjByIfg1ybbrfkV3cXXA/SjyWKH240= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167638; c=relaxed/simple; bh=wSpfOPouoAVLQNxP9qQMcZ4Haxg+JPzmTVvdZw7mpWs=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=KocNQNbxQiRg4BGB9+dyUMwgq/fAK+25wXr2ibwR4ZtDwrtqRnFGjgJh66L1uUXRFnnvG2PnQaCb3SwgBuioK2udtOGubzOxSBd5bhdYJItkOngo12mPVFem7LK9BrMAIpSgn0sOtYBFZM9TVWDdJEMnYDbZr6x2TmIxEo8Ock0= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=C9Um787f; arc=fail smtp.client-ip=40.107.92.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="C9Um787f" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=KpzPHT7veucDezz/xQ3VqIGGPfYLfMQ8or6T8GPX8Zymot0ZmyOHmidu01GxwAV1IU8Nc/g+JGWjsEFT50h04VBgceMHyz05UOmuJLcfyE2Ei6SJ/czb2Teg/XyYDoeRupN5I4j/13W5FUbLg3JPtSzjOJSR9UHjPOjpK2GUEDBoBTpl+vMVqoPKPQw7nYInggjEsEMBfmaKKg9xU835YtO/QXOj3A1XcSbTElTNPLji8yDkGOMC0Gt6Y75+YoCqlEgqWvUyl4FHExcj01S4FxhS6jnM5h6265xWOHmp8fCKLZ2b8whap3VddD3hSOVbXOIn+kIEvVrvvekB3h/hpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DJJ6SZxjWvhd1AZdXMTE1H5k5Lwu+wz58viTHpu7vdk=; b=mq/UoV4X3zcuTnj25abcvCFWeN7oPNfRgmF2PHKUjpHBZOxNDQpOSksDGzF7I5TiOhir6YPXeFkGfOZCISw+p+a+aod4Tve8e4Mz9VZiRtlXLmffnM5ewmXCwWeFzcgQVMapf0PVGtbLhBoDtd2osrk6RG1yAmq1w2PD0UmRojooIRcTFuGPUiXrgKMZ0vmmB+2Q4Sa6V+Tl6rHKpsqHnbsKVqMMC2IL8RmIC1sUwShGKQMy7e1GTWWfgyu5u6mzyRkWw7zBkKILb+KzWJ6HdbKbvav3lDAfhLFUVg7lcTRag04OjujF4jysyQE1wjYWcWL4jfGaJ0+UJ0UWpVneig== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DJJ6SZxjWvhd1AZdXMTE1H5k5Lwu+wz58viTHpu7vdk=; b=C9Um787fj1ZslNou6s1hGG0OEqbxlzLZQEy1h0M7Vke80FsqonULStm5oAcbVa62rJlKYBdq398E6DLc780E2zQvyf5NyIK5xzhEp9SFNXVZeGleUlkullFpMA5yTLtQJ/RVDn9VE+SgbfSdDGFxsXD67fvREeP2+TYSpR0Wizg= Received: from PH7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:510:33a::34) by CY5PR12MB6298.namprd12.prod.outlook.com (2603:10b6:930:21::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.17; Mon, 6 Jan 2025 12:47:06 +0000 Received: from CY4PEPF0000EDD7.namprd03.prod.outlook.com (2603:10b6:510:33a:cafe::10) by PH7P222CA0013.outlook.office365.com (2603:10b6:510:33a::34) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8314.18 via Frontend Transport; Mon, 6 Jan 2025 12:47:06 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EDD7.mail.protection.outlook.com (10.167.241.203) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Mon, 6 Jan 2025 12:47:05 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 6 Jan 2025 06:47:01 -0600 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v16 02/13] virt: sev-guest: Replace GFP_KERNEL_ACCOUNT with GFP_KERNEL Date: Mon, 6 Jan 2025 18:16:22 +0530 Message-ID: <20250106124633.1418972-3-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250106124633.1418972-1-nikunj@amd.com> References: <20250106124633.1418972-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EDD7:EE_|CY5PR12MB6298:EE_ X-MS-Office365-Filtering-Correlation-Id: 4f158e3a-fe0d-4be9-c38b-08dd2e5039e2 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|376014|82310400026|36860700013; X-Microsoft-Antispam-Message-Info: GjOpV7LEBwuYScuGGuSdnIaAquWu+cl3hBR6I2j1xMB+ZcFJaDXVptbyVJmJGFA5Y95ygNJ/n/WvNQ4kyD6RTNPC37vwSEEYIWSRVpjMhNdVPNJwEfHz8imrIhAB04hrpb64I8XMkDpm5Yh7Pc1iE/vh0gGU9bcDn18NpBoOBl30UAa7dZnyVIFRlLoyD+UWOcRlwBc4FtfqHkTlwXTsDK+BqETQGcB9tPGCLKOvvBDXrbzUrSJxVOcX7jSxt7OUqD+AiMsiiyDwo9IGqhO5f3/A+XwbRitwZ7C6kVDD6isoyX6x9kvipBcc/tw5hyYU+4HNz3urVzOtK5NCp1AUbJqIJUYreYOeuvCZ/jgU+VO9+SwaeLWDvszlEswtrspsfpmGg7k8QnV1jcuFiB9VlmsyclVIncKyJZObsWo5om2oZDQy9INg3hGeYwxxxXALUiPLcQc/HgCJQKAALHG9GQaf+kR5hg1A1xMMz0Cpbg7HgWPgQwSjdw26sX5Zo2khIhhTUUwnQvBT5LJWTOtkorIYh4UYQYtquiKzM7/awMlqtUgMnhHWC20sHt1yFHlNESYC5qSfCxpAWThzsWJlt63u/w0wsmxmJQJAiMLg0j7bAxHcVqR9thYt+Fy6cdR1lkjiQ/Am1BoxJjt+vor7QxdSbDyQRMZdOGUCJ4bup9r8GI5Jvr8flfT2P/wQEJ2HKIYAvQm5TN20ODad0z6HOH1FMi53acLV83ORhj86YACGJludBhpxmmSvPCoD7fo7UNMI3TwcPCxsfFyUQu9db7+iRBqxb/GRbC9Cy/HfxmWANM3AT4vdf0JRmI7Z9OFbqKocWOfTTdHFHFnARDDrQVHOgZMyvEWPM6xojx1SmWa1VwbKdCibD7Vsb826vEbVJDmlmtVsePLAkJTQ4opKLVuwurDov8PxaXocUA0AFtUh5nPwWQ841ML5sm8CeRdbbJNsHlD3b4DRClEQRR4EBRdsLunNy0O9kCIK405ig0322+UH0ua6ejKOA0iIjEVgWOX5zcfKLjVPfeMTu9vhusewVpDWXBQU1rx4RcOMc/Tnei2F1nfY2tByEqs7+87PUV4pWyJlah1Ztp2r9YC0dz8SOmKppUfeji4qoQpn/R+P4EYfBFzDaPhzOXA/seklrRLEIa8DAofmSVuKSx+b0KbOiZNFkeMCZnoP/9Nqi3onV2vm61pjFvcLo3A9OMc3upjNnxUaLkTQGi0gWO7jc/3mDA5gDW79RiuMSr1Jv4YGgZyYb/mvruwY19I2W2Agtisq+kOqCtO8xpoBBf0q/BqsHseSMsTkL6GkRMmcI9nIydedyaBsUqU5L+J8KXBJW4s94xYgAN6xEeU+mknfu72V2yNMoWv/9kY+SlVRhiOdL3JEsW3eg4yI+zDvWg1HQkFBBB7lbQLhGIQPvcml5LluUel4oYUnl+daArQv0DthO+VugJqIBDijK2vw/FNdlIdvCjIYDQeULgDTFi0aDUnNHqw+5alLLuyinYlpU+g= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(376014)(82310400026)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jan 2025 12:47:05.8183 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4f158e3a-fe0d-4be9-c38b-08dd2e5039e2 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EDD7.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR12MB6298 Replace GFP_KERNEL_ACCOUNT with GFP_KERNEL in the sev-guest driver code. GFP_KERNEL_ACCOUNT is typically used for accounting untrusted userspace allocations. After auditing the sev-guest code, the following changes are necessary: * snp_init_crypto(): Use GFP_KERNEL as this is a trusted device probe path. Retain GFP_KERNEL_ACCOUNT in the following cases for robustness and specific path requirements: * alloc_shared_pages(): Although all allocations are limited, retain GFP_KERNEL_ACCOUNT for future robustness. * get_report() and get_ext_report(): These functions are on the unlocked ioctl path and should continue using GFP_KERNEL_ACCOUNT. Suggested-by: Borislav Petkov Signed-off-by: Nikunj A Dadhania Reviewed-by: Tom Lendacky --- drivers/virt/coco/sev-guest/sev-guest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 62328d0b2cb6..250ce92d816b 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -141,7 +141,7 @@ static struct aesgcm_ctx *snp_init_crypto(u8 *key, size_t keylen) { struct aesgcm_ctx *ctx; - ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT); + ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); if (!ctx) return NULL; From patchwork Mon Jan 6 12:46:23 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13927390 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2068.outbound.protection.outlook.com [40.107.223.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BE7593F9FB; Mon, 6 Jan 2025 12:47:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.68 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167642; cv=fail; b=qVRRIf+msRbom61UDdrTCh8DKfBevGfz8dFcL52QS7g3UU11y9sNLIN05lNDupWWEqoM6xAJuHGgsF6VngGwKqbauEBg2qcROoddXJnSG7QoITBbs4HWunY0Vg/8WOZCeMvKaZ3WNGbXBmAQaKo3gK9YNpTSl3SawLHbvCgV1R4= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167642; c=relaxed/simple; bh=MLUdooG10KvklRczGgsqsq42+OPuunc7LXIpxnOWMaE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=eXoejcS4FuY8s4WkDJphazHQVLWjS4mNr1GQ+OnF5Qgj4UZMQHrr2jj9m+L+LKL4OHP/dWz8tW8/b0Xa/IG/TY4RbuKIgBlRjNQHi+OYqKnH9pbACESz2QZNjCfOcM9xnje2llbqIJTAAiDNPfLp+X46FpClN3vEq2mMAfrtiyE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Mjc0gNXT; arc=fail smtp.client-ip=40.107.223.68 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Mjc0gNXT" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=lIYYTFyE0JMOGUKHYbyhTFN2/zjKx8awBEQD4BHnKYaB36weD8NZ6hPeAUdHIf7pk6ZOKqTfgrISMwQkQEcqLoL/hdUYN8PzCj+gBIuWVh7VeT6AbHq6WvixBeUrYcvIQeljCaV8ePaCBoeYfEen4jFg6gBYZIUsotJXDpy+mF9EiIEIf0AJwTUimE1PmaWlALTRjammnhoehu0P/ZFfcQYMyEMCSAVagPUv37j9xL3F6vDW8UfLG+qqUPDAWzIX/wzJyngTSsYFYNjFfnoXmKT6J7bPpvG0r8FYNDa4f0syCNVmrWuHwWFa6sHxeCtdDbazTUpbsq0DpiSndvq/OQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XESR3Jt0ZjK6zT3yKzmiAXPTpuEXQ8FsaxRuL87e6rY=; b=ZAVKRsJH6d9voxW6WQKep65PmGJM9q6uciUshQLPzj2/mdNjrgQt0YnA9cvMbx6Aj4/Cbya6GDrNUq4+EkvHwFoPv+cxisNj/IFrZg9HQZrjGy6xV73SArPZhVIPixi+h/s1P2iwLIY+KeYL7K6xfM4zQI6EaSiJLkasUeeJhGvcyZSkfpnXMzJOwicCV23ZjbNaAN5bEbSM8jZ6xP7TlgdSuGEiq2sQL8VfW6krdjVHpGgqN3Iy/dAG/ZjhNi6GakhiqjGzLwIpTTpgi9t7xStfpBvNiWU2l1zfM56CRrkBESPHN5iFFTVToL/rOMkGgyFBlWK3SFicLzKlXiSIrg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XESR3Jt0ZjK6zT3yKzmiAXPTpuEXQ8FsaxRuL87e6rY=; b=Mjc0gNXT8xu4qZpTcCr9EzOxrquNi1G2chrvhRlU4+teoqEfE6QTMf4urIOLmVaL0T9ZhvooiJ2jPJZVAoVppzb2Hm9tgET6haqRyiV8PchXQ37TEMg3/hfjtwxssrHKi3PG9p1jX5F25Wuy8Z8oKnR2pLmTwsPKiRh3dGkV9qQ= Received: from PH7P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:510:33a::34) by CY8PR12MB8364.namprd12.prod.outlook.com (2603:10b6:930:7f::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.17; Mon, 6 Jan 2025 12:47:10 +0000 Received: from CY4PEPF0000EDD7.namprd03.prod.outlook.com (2603:10b6:510:33a:cafe::10) by PH7P222CA0013.outlook.office365.com (2603:10b6:510:33a::34) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8314.18 via Frontend Transport; Mon, 6 Jan 2025 12:47:10 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EDD7.mail.protection.outlook.com (10.167.241.203) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Mon, 6 Jan 2025 12:47:10 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 6 Jan 2025 06:47:05 -0600 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v16 03/13] x86/sev: Carve out and export SNP guest messaging init routines Date: Mon, 6 Jan 2025 18:16:23 +0530 Message-ID: <20250106124633.1418972-4-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250106124633.1418972-1-nikunj@amd.com> References: <20250106124633.1418972-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EDD7:EE_|CY8PR12MB8364:EE_ X-MS-Office365-Filtering-Correlation-Id: 2ab8236a-e80f-42a7-a6ab-08dd2e503c6d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|1800799024|376014|7416014|82310400026; X-Microsoft-Antispam-Message-Info: zxJOA89hy2bahoHJqfalwMIGN4Lz17WfkhKqK9BKG9W8W8dXgTi8is2cltoqpsqKty8AGoElLsXktC48rj0rTve12l2H4vnsic/oG+MVShpvQTidNtcj6lkbcFBi5sMIvZEq+tyPV/KXQVmUolqFFjOVn2nFRosyeEJuY9bBnTYcieiJdJZdafdDk8unDJ5XyKfsORB2I4SSQ6bVYOe2V9FzO2NfVHMIQbmExnCSWVbWnpo/SLuWj3DA8VKIQ6LpHcgJ1XHU5+nIZMcqyBVWx7AHdJ2nF7FxaDkno+8Rcg4w8MSlnFRfW8Ikv3lDIfLe8v3HvuVDgH/2cJrZScdwVsUPvU2pz7yxqdcRj3mlzC2gKh8rUJzRyCMed+erndSZcyu53A0MZLd9yblEYygkUl4Nt6XmVkClyhL0JUHbrpufrm9FvOHIJ4e+OrFVFmJAVJti8lmoQ/UapGI7bJD/OdrvIROFPtsJK9grHOjZzCO6JpJe1uWsK1nmB8BIs7AXKuEfBuoQElKintQ4x11gTfhVj9uxdvSOEWyHiAVCVxfHTdh5doOdq5j4DEzupBRA5BiEBiUBn54qRgmodBbkuEMrhHOdKsSkpiX4crzV3RczYngfJ93RTVxX3LVdOxWRBcYfPMlDC1JBtjwc0sH91o2+qbLRqJQnrngJM/zrGvpOo2xOW4fw/EC40ldDVOEOCn72gXBQfjn7z6xPPNptd8h+3VDE4jgQRZktYKF7pS0X8IH+bXIvgiCFsGQb13TvRku5w7MhH/qee2P5+wJbnlUrXYEXkP+dBxwOer2sBl5noFplpFGBi+gcNOHHp3PAQH2RkHuM7uclGyA/IDGKGvl/tdLXqQ5NpcV/S62tgvnqHKOGkk6q9ihRglKJ0GohjeBaJlQQheYLvedSSDAdFz5u5wyVS4/m3gn3HLZCL6HWmqfPdgZy2Cx2pIlISs0dmJfuAvHIkUm2852dXNng6s5smNLMEGxbAwAFhnmeZVdREsTLswgobhbM84skEkHpjobrLnO2NL90CC5FwP1LMYsbNuP9nLplpXO3uDbWv/2Ml8k7JGmwiEU4RfJeGMTFwfPjMt0b1JOaCOTAok0C5ECfmFJrk3w99Z6y/Qh/67/lJD2dyPz95vLzF2eBOqJZq0pLRKZd2RcrtDDSu7+tXWLglcsMqAEG1D8pPMgzQ5fTaHd5BUskuWGta82dtgQFy8qCaAJenpd+MAJtUw9rkctyXnDAWFLRfcJ+grz7bReqVccc4Ux6StfKttRFb0gmTLZJFmr65/Dza34DgxFmCGIDEKMkVdoAeIgGaTj4GZO65M2/vc7fVGMk0BKQaKuaspcMukCwXLZs+1RoGm6+IdRQguCCwII5oT/za99qsoVS5VxhtP+SVptD2xhApKGlzQEHPgQCzTfo2a6PSZZ5LT5BxGEHz7YF71zMslO0eYDcfaI7KjFHYOdOZ7uJ+5Qe+t0EOWJBrT2R/sRR64wPLZ4Mk7RCM645HuokJbChxD4= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(376014)(7416014)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jan 2025 12:47:10.0840 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2ab8236a-e80f-42a7-a6ab-08dd2e503c6d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EDD7.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR12MB8364 Currently, the sev-guest driver is the only user of SNP guest messaging. All routines for initializing SNP guest messaging are implemented within the sev-guest driver and are not available during early boot. In preparation for adding Secure TSC guest support, carve out APIs to allocate and initialize the guest messaging descriptor context and make it part of coco/sev/core.c. As there is no user of sev_guest_platform_data anymore, remove the structure. Signed-off-by: Nikunj A Dadhania Reviewed-by: Tom Lendacky --- arch/x86/include/asm/sev.h | 13 +- arch/x86/coco/sev/core.c | 183 ++++++++++++++++++++++- drivers/virt/coco/sev-guest/sev-guest.c | 185 +++--------------------- arch/x86/Kconfig | 1 + drivers/virt/coco/sev-guest/Kconfig | 1 - 5 files changed, 208 insertions(+), 175 deletions(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 91f08af31078..db08d0ac90be 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -14,6 +14,7 @@ #include #include #include +#include #define GHCB_PROTOCOL_MIN 1ULL #define GHCB_PROTOCOL_MAX 2ULL @@ -170,10 +171,6 @@ struct snp_guest_msg { u8 payload[PAGE_SIZE - sizeof(struct snp_guest_msg_hdr)]; } __packed; -struct sev_guest_platform_data { - u64 secrets_gpa; -}; - struct snp_guest_req { void *req_buf; size_t req_sz; @@ -253,6 +250,7 @@ struct snp_msg_desc { u32 *os_area_msg_seqno; u8 *vmpck; + int vmpck_id; }; /* @@ -458,6 +456,10 @@ void set_pte_enc_mask(pte_t *kpte, unsigned long pfn, pgprot_t new_prot); void snp_kexec_finish(void); void snp_kexec_begin(void); +int snp_msg_init(struct snp_msg_desc *mdesc, int vmpck_id); +struct snp_msg_desc *snp_msg_alloc(void); +void snp_msg_free(struct snp_msg_desc *mdesc); + #else /* !CONFIG_AMD_MEM_ENCRYPT */ #define snp_vmpl 0 @@ -498,6 +500,9 @@ static inline int prepare_pte_enc(struct pte_enc_desc *d) { return 0; } static inline void set_pte_enc_mask(pte_t *kpte, unsigned long pfn, pgprot_t new_prot) { } static inline void snp_kexec_finish(void) { } static inline void snp_kexec_begin(void) { } +static inline int snp_msg_init(struct snp_msg_desc *mdesc, int vmpck_id) { return -1; } +static inline struct snp_msg_desc *snp_msg_alloc(void) { return NULL; } +static inline void snp_msg_free(struct snp_msg_desc *mdesc) { } #endif /* CONFIG_AMD_MEM_ENCRYPT */ diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 499b41953e3c..93627a21945d 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include @@ -2575,15 +2576,9 @@ static struct platform_device sev_guest_device = { static int __init snp_init_platform_device(void) { - struct sev_guest_platform_data data; - if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) return -ENODEV; - data.secrets_gpa = secrets_pa; - if (platform_device_add_data(&sev_guest_device, &data, sizeof(data))) - return -ENODEV; - if (platform_device_register(&sev_guest_device)) return -ENODEV; @@ -2662,3 +2657,179 @@ static int __init sev_sysfs_init(void) } arch_initcall(sev_sysfs_init); #endif // CONFIG_SYSFS + +static void free_shared_pages(void *buf, size_t sz) +{ + unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; + int ret; + + if (!buf) + return; + + ret = set_memory_encrypted((unsigned long)buf, npages); + if (ret) { + WARN_ONCE(ret, "failed to restore encryption mask (leak it)\n"); + return; + } + + __free_pages(virt_to_page(buf), get_order(sz)); +} + +static void *alloc_shared_pages(size_t sz) +{ + unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; + struct page *page; + int ret; + + page = alloc_pages(GFP_KERNEL_ACCOUNT, get_order(sz)); + if (!page) + return NULL; + + ret = set_memory_decrypted((unsigned long)page_address(page), npages); + if (ret) { + pr_err("failed to mark page shared, ret=%d\n", ret); + __free_pages(page, get_order(sz)); + return NULL; + } + + return page_address(page); +} + +static u8 *get_vmpck(int id, struct snp_secrets_page *secrets, u32 **seqno) +{ + u8 *key = NULL; + + switch (id) { + case 0: + *seqno = &secrets->os_area.msg_seqno_0; + key = secrets->vmpck0; + break; + case 1: + *seqno = &secrets->os_area.msg_seqno_1; + key = secrets->vmpck1; + break; + case 2: + *seqno = &secrets->os_area.msg_seqno_2; + key = secrets->vmpck2; + break; + case 3: + *seqno = &secrets->os_area.msg_seqno_3; + key = secrets->vmpck3; + break; + default: + break; + } + + return key; +} + +static struct aesgcm_ctx *snp_init_crypto(u8 *key, size_t keylen) +{ + struct aesgcm_ctx *ctx; + + ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); + if (!ctx) + return NULL; + + if (aesgcm_expandkey(ctx, key, keylen, AUTHTAG_LEN)) { + pr_err("Crypto context initialization failed\n"); + kfree(ctx); + return NULL; + } + + return ctx; +} + +int snp_msg_init(struct snp_msg_desc *mdesc, int vmpck_id) +{ + /* Adjust the default VMPCK key based on the executing VMPL level */ + if (vmpck_id == -1) + vmpck_id = snp_vmpl; + + mdesc->vmpck = get_vmpck(vmpck_id, mdesc->secrets, &mdesc->os_area_msg_seqno); + if (!mdesc->vmpck) { + pr_err("Invalid VMPCK%d communication key\n", vmpck_id); + return -EINVAL; + } + + /* Verify that VMPCK is not zero. */ + if (!memchr_inv(mdesc->vmpck, 0, VMPCK_KEY_LEN)) { + pr_err("Empty VMPCK%d communication key\n", vmpck_id); + return -EINVAL; + } + + mdesc->vmpck_id = vmpck_id; + + mdesc->ctx = snp_init_crypto(mdesc->vmpck, VMPCK_KEY_LEN); + if (!mdesc->ctx) + return -ENOMEM; + + return 0; +} +EXPORT_SYMBOL_GPL(snp_msg_init); + +struct snp_msg_desc *snp_msg_alloc(void) +{ + struct snp_msg_desc *mdesc; + void __iomem *mem; + + BUILD_BUG_ON(sizeof(struct snp_guest_msg) > PAGE_SIZE); + + mdesc = kzalloc(sizeof(struct snp_msg_desc), GFP_KERNEL); + if (!mdesc) + return ERR_PTR(-ENOMEM); + + mem = ioremap_encrypted(secrets_pa, PAGE_SIZE); + if (!mem) + goto e_free_mdesc; + + mdesc->secrets = (__force struct snp_secrets_page *)mem; + + /* Allocate the shared page used for the request and response message. */ + mdesc->request = alloc_shared_pages(sizeof(struct snp_guest_msg)); + if (!mdesc->request) + goto e_unmap; + + mdesc->response = alloc_shared_pages(sizeof(struct snp_guest_msg)); + if (!mdesc->response) + goto e_free_request; + + mdesc->certs_data = alloc_shared_pages(SEV_FW_BLOB_MAX_SIZE); + if (!mdesc->certs_data) + goto e_free_response; + + /* initial the input address for guest request */ + mdesc->input.req_gpa = __pa(mdesc->request); + mdesc->input.resp_gpa = __pa(mdesc->response); + mdesc->input.data_gpa = __pa(mdesc->certs_data); + + return mdesc; + +e_free_response: + free_shared_pages(mdesc->response, sizeof(struct snp_guest_msg)); +e_free_request: + free_shared_pages(mdesc->request, sizeof(struct snp_guest_msg)); +e_unmap: + iounmap(mem); +e_free_mdesc: + kfree(mdesc); + + return ERR_PTR(-ENOMEM); +} +EXPORT_SYMBOL_GPL(snp_msg_alloc); + +void snp_msg_free(struct snp_msg_desc *mdesc) +{ + if (!mdesc) + return; + + kfree(mdesc->ctx); + free_shared_pages(mdesc->response, sizeof(struct snp_guest_msg)); + free_shared_pages(mdesc->request, sizeof(struct snp_guest_msg)); + free_shared_pages(mdesc->certs_data, SEV_FW_BLOB_MAX_SIZE); + iounmap((__force void __iomem *)mdesc->secrets); + + memset(mdesc, 0, sizeof(*mdesc)); + kfree(mdesc); +} +EXPORT_SYMBOL_GPL(snp_msg_free); diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 250ce92d816b..d0f7233b1430 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -83,7 +83,7 @@ static DEFINE_MUTEX(snp_cmd_mutex); static void snp_disable_vmpck(struct snp_msg_desc *mdesc) { pr_alert("Disabling VMPCK%d communication key to prevent IV reuse.\n", - vmpck_id); + mdesc->vmpck_id); memzero_explicit(mdesc->vmpck, VMPCK_KEY_LEN); mdesc->vmpck = NULL; } @@ -137,23 +137,6 @@ static inline struct snp_guest_dev *to_snp_dev(struct file *file) return container_of(dev, struct snp_guest_dev, misc); } -static struct aesgcm_ctx *snp_init_crypto(u8 *key, size_t keylen) -{ - struct aesgcm_ctx *ctx; - - ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); - if (!ctx) - return NULL; - - if (aesgcm_expandkey(ctx, key, keylen, AUTHTAG_LEN)) { - pr_err("Crypto context initialization failed\n"); - kfree(ctx); - return NULL; - } - - return ctx; -} - static int verify_and_dec_payload(struct snp_msg_desc *mdesc, struct snp_guest_req *req) { struct snp_guest_msg *resp_msg = &mdesc->secret_response; @@ -404,7 +387,7 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io req.msg_version = arg->msg_version; req.msg_type = SNP_MSG_REPORT_REQ; - req.vmpck_id = vmpck_id; + req.vmpck_id = mdesc->vmpck_id; req.req_buf = report_req; req.req_sz = sizeof(*report_req); req.resp_buf = report_resp->data; @@ -451,7 +434,7 @@ static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_reque req.msg_version = arg->msg_version; req.msg_type = SNP_MSG_KEY_REQ; - req.vmpck_id = vmpck_id; + req.vmpck_id = mdesc->vmpck_id; req.req_buf = derived_key_req; req.req_sz = sizeof(*derived_key_req); req.resp_buf = buf; @@ -529,7 +512,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques req.msg_version = arg->msg_version; req.msg_type = SNP_MSG_REPORT_REQ; - req.vmpck_id = vmpck_id; + req.vmpck_id = mdesc->vmpck_id; req.req_buf = &report_req->data; req.req_sz = sizeof(report_req->data); req.resp_buf = report_resp->data; @@ -606,76 +589,11 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long return ret; } -static void free_shared_pages(void *buf, size_t sz) -{ - unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; - int ret; - - if (!buf) - return; - - ret = set_memory_encrypted((unsigned long)buf, npages); - if (ret) { - WARN_ONCE(ret, "failed to restore encryption mask (leak it)\n"); - return; - } - - __free_pages(virt_to_page(buf), get_order(sz)); -} - -static void *alloc_shared_pages(struct device *dev, size_t sz) -{ - unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; - struct page *page; - int ret; - - page = alloc_pages(GFP_KERNEL_ACCOUNT, get_order(sz)); - if (!page) - return NULL; - - ret = set_memory_decrypted((unsigned long)page_address(page), npages); - if (ret) { - dev_err(dev, "failed to mark page shared, ret=%d\n", ret); - __free_pages(page, get_order(sz)); - return NULL; - } - - return page_address(page); -} - static const struct file_operations snp_guest_fops = { .owner = THIS_MODULE, .unlocked_ioctl = snp_guest_ioctl, }; -static u8 *get_vmpck(int id, struct snp_secrets_page *secrets, u32 **seqno) -{ - u8 *key = NULL; - - switch (id) { - case 0: - *seqno = &secrets->os_area.msg_seqno_0; - key = secrets->vmpck0; - break; - case 1: - *seqno = &secrets->os_area.msg_seqno_1; - key = secrets->vmpck1; - break; - case 2: - *seqno = &secrets->os_area.msg_seqno_2; - key = secrets->vmpck2; - break; - case 3: - *seqno = &secrets->os_area.msg_seqno_3; - key = secrets->vmpck3; - break; - default: - break; - } - - return key; -} - struct snp_msg_report_resp_hdr { u32 status; u32 report_size; @@ -969,13 +887,10 @@ static void unregister_sev_tsm(void *data) static int __init sev_guest_probe(struct platform_device *pdev) { - struct sev_guest_platform_data *data; - struct snp_secrets_page *secrets; struct device *dev = &pdev->dev; struct snp_guest_dev *snp_dev; struct snp_msg_desc *mdesc; struct miscdevice *misc; - void __iomem *mapping; int ret; BUILD_BUG_ON(sizeof(struct snp_guest_msg) > PAGE_SIZE); @@ -983,115 +898,57 @@ static int __init sev_guest_probe(struct platform_device *pdev) if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) return -ENODEV; - if (!dev->platform_data) - return -ENODEV; - - data = (struct sev_guest_platform_data *)dev->platform_data; - mapping = ioremap_encrypted(data->secrets_gpa, PAGE_SIZE); - if (!mapping) - return -ENODEV; - - secrets = (__force void *)mapping; - - ret = -ENOMEM; snp_dev = devm_kzalloc(&pdev->dev, sizeof(struct snp_guest_dev), GFP_KERNEL); if (!snp_dev) - goto e_unmap; - - mdesc = devm_kzalloc(&pdev->dev, sizeof(struct snp_msg_desc), GFP_KERNEL); - if (!mdesc) - goto e_unmap; - - /* Adjust the default VMPCK key based on the executing VMPL level */ - if (vmpck_id == -1) - vmpck_id = snp_vmpl; + return -ENOMEM; - ret = -EINVAL; - mdesc->vmpck = get_vmpck(vmpck_id, secrets, &mdesc->os_area_msg_seqno); - if (!mdesc->vmpck) { - dev_err(dev, "Invalid VMPCK%d communication key\n", vmpck_id); - goto e_unmap; - } + mdesc = snp_msg_alloc(); + if (IS_ERR_OR_NULL(mdesc)) + return -ENOMEM; - /* Verify that VMPCK is not zero. */ - if (!memchr_inv(mdesc->vmpck, 0, VMPCK_KEY_LEN)) { - dev_err(dev, "Empty VMPCK%d communication key\n", vmpck_id); - goto e_unmap; - } + ret = snp_msg_init(mdesc, vmpck_id); + if (ret) + goto e_msg_init; platform_set_drvdata(pdev, snp_dev); snp_dev->dev = dev; - mdesc->secrets = secrets; - - /* Allocate the shared page used for the request and response message. */ - mdesc->request = alloc_shared_pages(dev, sizeof(struct snp_guest_msg)); - if (!mdesc->request) - goto e_unmap; - - mdesc->response = alloc_shared_pages(dev, sizeof(struct snp_guest_msg)); - if (!mdesc->response) - goto e_free_request; - - mdesc->certs_data = alloc_shared_pages(dev, SEV_FW_BLOB_MAX_SIZE); - if (!mdesc->certs_data) - goto e_free_response; - - ret = -EIO; - mdesc->ctx = snp_init_crypto(mdesc->vmpck, VMPCK_KEY_LEN); - if (!mdesc->ctx) - goto e_free_cert_data; misc = &snp_dev->misc; misc->minor = MISC_DYNAMIC_MINOR; misc->name = DEVICE_NAME; misc->fops = &snp_guest_fops; - /* Initialize the input addresses for guest request */ - mdesc->input.req_gpa = __pa(mdesc->request); - mdesc->input.resp_gpa = __pa(mdesc->response); - mdesc->input.data_gpa = __pa(mdesc->certs_data); - /* Set the privlevel_floor attribute based on the vmpck_id */ - sev_tsm_ops.privlevel_floor = vmpck_id; + sev_tsm_ops.privlevel_floor = mdesc->vmpck_id; ret = tsm_register(&sev_tsm_ops, snp_dev); if (ret) - goto e_free_cert_data; + goto e_msg_init; ret = devm_add_action_or_reset(&pdev->dev, unregister_sev_tsm, NULL); if (ret) - goto e_free_cert_data; + goto e_msg_init; ret = misc_register(misc); if (ret) - goto e_free_ctx; + goto e_msg_init; snp_dev->msg_desc = mdesc; - dev_info(dev, "Initialized SEV guest driver (using VMPCK%d communication key)\n", vmpck_id); + dev_info(dev, "Initialized SEV guest driver (using VMPCK%d communication key)\n", + mdesc->vmpck_id); return 0; -e_free_ctx: - kfree(mdesc->ctx); -e_free_cert_data: - free_shared_pages(mdesc->certs_data, SEV_FW_BLOB_MAX_SIZE); -e_free_response: - free_shared_pages(mdesc->response, sizeof(struct snp_guest_msg)); -e_free_request: - free_shared_pages(mdesc->request, sizeof(struct snp_guest_msg)); -e_unmap: - iounmap(mapping); +e_msg_init: + snp_msg_free(mdesc); + return ret; } static void __exit sev_guest_remove(struct platform_device *pdev) { struct snp_guest_dev *snp_dev = platform_get_drvdata(pdev); - struct snp_msg_desc *mdesc = snp_dev->msg_desc; - free_shared_pages(mdesc->certs_data, SEV_FW_BLOB_MAX_SIZE); - free_shared_pages(mdesc->response, sizeof(struct snp_guest_msg)); - free_shared_pages(mdesc->request, sizeof(struct snp_guest_msg)); - kfree(mdesc->ctx); + snp_msg_free(snp_dev->msg_desc); misc_deregister(&snp_dev->misc); } diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index e4e27d44dc2b..ba2ac635c2fc 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1559,6 +1559,7 @@ config AMD_MEM_ENCRYPT select ARCH_HAS_CC_PLATFORM select X86_MEM_ENCRYPT select UNACCEPTED_MEMORY + select CRYPTO_LIB_AESGCM help Say yes to enable support for the encryption of system memory. This requires an AMD processor that supports Secure Memory diff --git a/drivers/virt/coco/sev-guest/Kconfig b/drivers/virt/coco/sev-guest/Kconfig index 0b772bd921d8..a6405ab6c2c3 100644 --- a/drivers/virt/coco/sev-guest/Kconfig +++ b/drivers/virt/coco/sev-guest/Kconfig @@ -2,7 +2,6 @@ config SEV_GUEST tristate "AMD SEV Guest driver" default m depends on AMD_MEM_ENCRYPT - select CRYPTO_LIB_AESGCM select TSM_REPORTS help SEV-SNP firmware provides the guest a mechanism to communicate with From patchwork Mon Jan 6 12:46:24 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13927391 Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2079.outbound.protection.outlook.com [40.107.101.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2DFD31DE4D0; Mon, 6 Jan 2025 12:47:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.101.79 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167647; cv=fail; b=NdVKT3bd+2CG+S6Ty8NRNDxgJnxGb/oCrFZcgnKMTNlCWebnXPT4cvZQTsO1trnVFiREzHxeFyBsPL4N/PgyZC2no6Yvl8G8Ua7X3we9uHFa27xbiKW0TAIF5g2YXIDAncSeCMm/oSAQmwnyd/LO2ej0ja41ZdHPTgKaaXueu0M= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167647; c=relaxed/simple; bh=/TCZKXkVqWHMDsD8vC5M602TUzxcI7VKpepTo5p/Xj8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=qbjWlVI1Eelfmt+dsazA6ZTleOR09g1PoMYSnbDZurTG6ZdLmc6TJX+N6eqJ1Zj9kybptFqnKloGTreciUMv3blJimWWiozgRONO+2nz7z7Tlvjd+2YO3ZcW9dv+xo5ve0OtD9QUFOSqhPpKBdEFnzyjcBIO22rvera1KVEeWOg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=y+mljzDM; arc=fail smtp.client-ip=40.107.101.79 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="y+mljzDM" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=i2Gv5NsSevAXXkuSCSmnD3CYwLd6m0OlvN4DYGGhcI2v8MmKY1g+tHHD0tYhEyHrCFsrmcLfdYtLUOUICXY4kg6xovAnOABPORJVAxPRBtDA21Keju0J1XrFP3CULL1rlrlSa/mRZskyTKyMrgqwbIgBfLVjeduJsfUwcua6r6YxO8ASmZoVx3QL6sZklI57fYD0THYdtKdLCwgRpSNYVkc5YSEb6aLIlfLaBGzgbi8qBM+I5Nzorvw6GdK+ra+Tax+pKwu8VRSaxDHjKhqoy78pcyBxm6RNBaXtSf6TmA/OU76rNy1f+ZHNyFcieaQEvhBsd9gfYaNK7VtbMkj2KQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Oukpiw/NkamBItzy4a410XKJOQCNes4kqui0akUT6dg=; b=rzHyTlLEDGkmLE2rtDHLULHb3BBe9JNCFHtJoyyJLscYC1me/MC6W35M1ui6yCf/0BN19pshLkXWryBZHiFC0kfFOy7Jw3jfdlHyvSP8nM5x2ywafkER2jQtvzF+xihTNua+fHeoXsrpwH3BIfKC+I//yle/ldPDsXcJvzAWiiMs4FbVCqfncDWJFF/D9x5QupZ6DSF+0S7bq5ZFdM+TVfaCGWAA2V3f46ICT67lr9k+gV240qlUF8K5wggLbU5jW8XH3e4usGdk1WMoPHXLnh77LiEhDgmRoDTRAh9IKnACIS2mQs0WI18BSWX3KYPxdOjafQ2EG3U7Yj6ec6Zv6Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Oukpiw/NkamBItzy4a410XKJOQCNes4kqui0akUT6dg=; b=y+mljzDMAwi18DNincl41CDbUstMdz6VEnkKCHLxdaCAhpMEUEvgUkpTDpokJDm1tBz30eQFMLUZyu6yuRcG1RvTqBYwBplwrT5lVW8k+0d62cEjBH+G708yD0RyQVFKs4W0lX5r9sitjDqj+f3mbwfTxiFAVyUUPIYLlhiWq80= Received: from PH7P221CA0030.NAMP221.PROD.OUTLOOK.COM (2603:10b6:510:32a::35) by PH0PR12MB7078.namprd12.prod.outlook.com (2603:10b6:510:21d::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.18; Mon, 6 Jan 2025 12:47:16 +0000 Received: from CY4PEPF0000EDD2.namprd03.prod.outlook.com (2603:10b6:510:32a:cafe::51) by PH7P221CA0030.outlook.office365.com (2603:10b6:510:32a::35) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8314.17 via Frontend Transport; Mon, 6 Jan 2025 12:47:16 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EDD2.mail.protection.outlook.com (10.167.241.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Mon, 6 Jan 2025 12:47:16 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 6 Jan 2025 06:47:09 -0600 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v16 04/13] x86/sev: Relocate SNP guest messaging routines to common code Date: Mon, 6 Jan 2025 18:16:24 +0530 Message-ID: <20250106124633.1418972-5-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250106124633.1418972-1-nikunj@amd.com> References: <20250106124633.1418972-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EDD2:EE_|PH0PR12MB7078:EE_ X-MS-Office365-Filtering-Correlation-Id: fc4363ef-792d-4f2e-91ba-08dd2e504038 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|36860700013|7416014|82310400026|376014; X-Microsoft-Antispam-Message-Info: f/2nx5xTshh+RrBdk6Pf6BAeWz1Rjj8wcZVz9lGWmaCCh3zDlC4xfmBWBQRsZRlKvnnCmN9Oa9MdOxJEjSW5ICfRV+p5cL+QOc/EzMmSDEmUStSpzNEwMq3fXjQTt7tCyLypmTEV+PzqHz+iLf0g730HtPVQfLIg47Ob5MYGZjC0ypymvXDcW1ci6JFsEKoFW07f7ut6Gem8p5e0Abi1W+SjPd2lwUrEeWKw6tbCiHvopVBDf8fsqw00WnZeVTpQft4NTgqAKrllmLBHU3UBQuthdRJIOk9ivsojoPZ2/ZzpNv86s4WdW20t3k+hyQ2GOpXxXpiHQ9BFOLlnJ5TCLbm30odZB4GgvD4rWLSedUYFJYhEnxtutVA9ycdlOVjZaxoCqaLea6KZH/yRsh6hqxDcKI8WpRKCnK2QpVVHW8ufVCjmHVNFl2njsfiRFb6WjA5p8vw8xhll2Basc1ZByh/h9ptuyxZruO4c2jcyzCiIXOrJGWZ7b28w5AV+tE7XAj+f0UrddJEWWU63HiITEcpurwgfzG55RSx0rYrVFvTVeTZ2vp+QKkSCRbR0s9ai4Ti0EKQPXbcEBa++KFnf5ATx/c19wpRiLSejKXSNYA+Npg2kqr+eilM43YJeM+V2WHikVkJW3kGcOpFlYXv3qoQlhXUJkMLkMg7I2TrFwlCdBvDEvmBs9mRQx+1UrjKTfrvIzGrSPZNTPHZNDPS/kJ61zKKNVofx/UMgTnEKU84tzK4b0mQwBJfKKzjVKumovll7QpAB2PlBYwVET86NyodH8HRpTgAdwysPyQBE4cGtwmmS6be5IalbuQQw+eg4GFhlwsgCcB4QBOq6DyIcwq+nOcD2YR/+X1uY+UN19DvSECQbb+Cc7WWPhhAirXleIybpIbuM7LCKpNDJXWD4yg3GM8WtP7uJfeDSVINhSVfOCGmHLIGPV98ri4WjjnDfQdnQPKg7k5usKVRbh8XANcPE9hi3F5Wy+eIOAJmwu3FUvnHMsqWKLbpJ3PAAILAvFExXSgqxJJdayE9NyN7qSUc5Ep0Mbp9xS9eBGBXBLgdpHu/HHlgEm3VZ9FyoOPz8Xui8z3Mc7rmC57i8KI4nfcZuh48jV82eaPnhzZboKyDi83CVRkjroK5tB00t7AAi5AEWBRqiBtLLM7G5NPqOEG3eIrdCgVhgzq/50WYZB3yZguRr84WfBtQa6H5GS3RQgR76V6kHMT/Ok4epgBHf9/+thEter52zprfvsMxCjbbMVGpXwScmKuOeQz3KRLjpXRzcJw/qnXElJla15JB1Psr4GPFfBBbwqUAYXpI7SE217EYD3t/Q2Xlrvclcz1mGnzcJLUqrL5LIgiYY+YixMyJXB+w+YYq9MDH5rii1n8UH8E5xu+SbAYxjgoGDj5hVx3CeUn2YS0fAIqFAUDiATBgZ8yFAljQ3a2IePtEyjVbVDxySy+un+kc7kvjyT+OZZ1rCwvm2BPteF8rqIXVZqxHNW2Al8xb/fIBhi9XcsIo= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(36860700013)(7416014)(82310400026)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jan 2025 12:47:16.4470 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fc4363ef-792d-4f2e-91ba-08dd2e504038 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EDD2.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR12MB7078 At present, the SEV guest driver exclusively handles SNP guest messaging. All routines for sending guest messages are embedded within the guest driver. To support Secure TSC, SEV-SNP guests must communicate with the AMD Security Processor during early boot. However, these guest messaging functions are not accessible during early boot since they are currently part of the guest driver. Hence, relocate the core SNP guest messaging functions to SEV common code and provide an API for sending SNP guest messages. No functional change, but just an export symbol added for snp_send_guest_request() and dropped the export symbol on snp_issue_guest_request() and made it static. Signed-off-by: Nikunj A Dadhania Reviewed-by: Tom Lendacky --- arch/x86/include/asm/sev.h | 14 +- arch/x86/coco/sev/core.c | 294 +++++++++++++++++++++++- drivers/virt/coco/sev-guest/sev-guest.c | 292 ----------------------- 3 files changed, 298 insertions(+), 302 deletions(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index db08d0ac90be..0937ac7a96db 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -125,6 +125,9 @@ struct snp_req_data { #define AAD_LEN 48 #define MSG_HDR_VER 1 +#define SNP_REQ_MAX_RETRY_DURATION (60*HZ) +#define SNP_REQ_RETRY_DELAY (2*HZ) + /* See SNP spec SNP_GUEST_REQUEST section for the structure */ enum msg_type { SNP_MSG_TYPE_INVALID = 0, @@ -443,8 +446,6 @@ void snp_set_wakeup_secondary_cpu(void); bool snp_init(struct boot_params *bp); void __noreturn snp_abort(void); void snp_dmi_setup(void); -int snp_issue_guest_request(struct snp_guest_req *req, struct snp_req_data *input, - struct snp_guest_request_ioctl *rio); int snp_issue_svsm_attest_req(u64 call_id, struct svsm_call *call, struct svsm_attest_call *input); void snp_accept_memory(phys_addr_t start, phys_addr_t end); u64 snp_get_unsupported_features(u64 status); @@ -459,6 +460,8 @@ void snp_kexec_begin(void); int snp_msg_init(struct snp_msg_desc *mdesc, int vmpck_id); struct snp_msg_desc *snp_msg_alloc(void); void snp_msg_free(struct snp_msg_desc *mdesc); +int snp_send_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_req *req, + struct snp_guest_request_ioctl *rio); #else /* !CONFIG_AMD_MEM_ENCRYPT */ @@ -482,11 +485,6 @@ static inline void snp_set_wakeup_secondary_cpu(void) { } static inline bool snp_init(struct boot_params *bp) { return false; } static inline void snp_abort(void) { } static inline void snp_dmi_setup(void) { } -static inline int snp_issue_guest_request(struct snp_guest_req *req, struct snp_req_data *input, - struct snp_guest_request_ioctl *rio) -{ - return -ENOTTY; -} static inline int snp_issue_svsm_attest_req(u64 call_id, struct svsm_call *call, struct svsm_attest_call *input) { return -ENOTTY; @@ -503,6 +501,8 @@ static inline void snp_kexec_begin(void) { } static inline int snp_msg_init(struct snp_msg_desc *mdesc, int vmpck_id) { return -1; } static inline struct snp_msg_desc *snp_msg_alloc(void) { return NULL; } static inline void snp_msg_free(struct snp_msg_desc *mdesc) { } +static inline int snp_send_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_req *req, + struct snp_guest_request_ioctl *rio) { return -ENODEV; } #endif /* CONFIG_AMD_MEM_ENCRYPT */ diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 93627a21945d..feb145df6bf7 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -2504,8 +2504,8 @@ int snp_issue_svsm_attest_req(u64 call_id, struct svsm_call *call, } EXPORT_SYMBOL_GPL(snp_issue_svsm_attest_req); -int snp_issue_guest_request(struct snp_guest_req *req, struct snp_req_data *input, - struct snp_guest_request_ioctl *rio) +static int snp_issue_guest_request(struct snp_guest_req *req, struct snp_req_data *input, + struct snp_guest_request_ioctl *rio) { struct ghcb_state state; struct es_em_ctxt ctxt; @@ -2567,7 +2567,6 @@ int snp_issue_guest_request(struct snp_guest_req *req, struct snp_req_data *inpu return ret; } -EXPORT_SYMBOL_GPL(snp_issue_guest_request); static struct platform_device sev_guest_device = { .name = "sev-guest", @@ -2833,3 +2832,292 @@ void snp_msg_free(struct snp_msg_desc *mdesc) kfree(mdesc); } EXPORT_SYMBOL_GPL(snp_msg_free); + +/* Mutex to serialize the shared buffer access and command handling. */ +static DEFINE_MUTEX(snp_cmd_mutex); + +/* + * If an error is received from the host or AMD Secure Processor (ASP) there + * are two options. Either retry the exact same encrypted request or discontinue + * using the VMPCK. + * + * This is because in the current encryption scheme GHCB v2 uses AES-GCM to + * encrypt the requests. The IV for this scheme is the sequence number. GCM + * cannot tolerate IV reuse. + * + * The ASP FW v1.51 only increments the sequence numbers on a successful + * guest<->ASP back and forth and only accepts messages at its exact sequence + * number. + * + * So if the sequence number were to be reused the encryption scheme is + * vulnerable. If the sequence number were incremented for a fresh IV the ASP + * will reject the request. + */ +static void snp_disable_vmpck(struct snp_msg_desc *mdesc) +{ + pr_alert("Disabling VMPCK%d communication key to prevent IV reuse.\n", + mdesc->vmpck_id); + memzero_explicit(mdesc->vmpck, VMPCK_KEY_LEN); + mdesc->vmpck = NULL; +} + +static inline u64 __snp_get_msg_seqno(struct snp_msg_desc *mdesc) +{ + u64 count; + + lockdep_assert_held(&snp_cmd_mutex); + + /* Read the current message sequence counter from secrets pages */ + count = *mdesc->os_area_msg_seqno; + + return count + 1; +} + +/* Return a non-zero on success */ +static u64 snp_get_msg_seqno(struct snp_msg_desc *mdesc) +{ + u64 count = __snp_get_msg_seqno(mdesc); + + /* + * The message sequence counter for the SNP guest request is a 64-bit + * value but the version 2 of GHCB specification defines a 32-bit storage + * for it. If the counter exceeds the 32-bit value then return zero. + * The caller should check the return value, but if the caller happens to + * not check the value and use it, then the firmware treats zero as an + * invalid number and will fail the message request. + */ + if (count >= UINT_MAX) { + pr_err("request message sequence counter overflow\n"); + return 0; + } + + return count; +} + +static void snp_inc_msg_seqno(struct snp_msg_desc *mdesc) +{ + /* + * The counter is also incremented by the PSP, so increment it by 2 + * and save in secrets page. + */ + *mdesc->os_area_msg_seqno += 2; +} + +static int verify_and_dec_payload(struct snp_msg_desc *mdesc, struct snp_guest_req *req) +{ + struct snp_guest_msg *resp_msg = &mdesc->secret_response; + struct snp_guest_msg *req_msg = &mdesc->secret_request; + struct snp_guest_msg_hdr *req_msg_hdr = &req_msg->hdr; + struct snp_guest_msg_hdr *resp_msg_hdr = &resp_msg->hdr; + struct aesgcm_ctx *ctx = mdesc->ctx; + u8 iv[GCM_AES_IV_SIZE] = {}; + + pr_debug("response [seqno %lld type %d version %d sz %d]\n", + resp_msg_hdr->msg_seqno, resp_msg_hdr->msg_type, resp_msg_hdr->msg_version, + resp_msg_hdr->msg_sz); + + /* Copy response from shared memory to encrypted memory. */ + memcpy(resp_msg, mdesc->response, sizeof(*resp_msg)); + + /* Verify that the sequence counter is incremented by 1 */ + if (unlikely(resp_msg_hdr->msg_seqno != (req_msg_hdr->msg_seqno + 1))) + return -EBADMSG; + + /* Verify response message type and version number. */ + if (resp_msg_hdr->msg_type != (req_msg_hdr->msg_type + 1) || + resp_msg_hdr->msg_version != req_msg_hdr->msg_version) + return -EBADMSG; + + /* + * If the message size is greater than our buffer length then return + * an error. + */ + if (unlikely((resp_msg_hdr->msg_sz + ctx->authsize) > req->resp_sz)) + return -EBADMSG; + + /* Decrypt the payload */ + memcpy(iv, &resp_msg_hdr->msg_seqno, min(sizeof(iv), sizeof(resp_msg_hdr->msg_seqno))); + if (!aesgcm_decrypt(ctx, req->resp_buf, resp_msg->payload, resp_msg_hdr->msg_sz, + &resp_msg_hdr->algo, AAD_LEN, iv, resp_msg_hdr->authtag)) + return -EBADMSG; + + return 0; +} + +static int enc_payload(struct snp_msg_desc *mdesc, u64 seqno, struct snp_guest_req *req) +{ + struct snp_guest_msg *msg = &mdesc->secret_request; + struct snp_guest_msg_hdr *hdr = &msg->hdr; + struct aesgcm_ctx *ctx = mdesc->ctx; + u8 iv[GCM_AES_IV_SIZE] = {}; + + memset(msg, 0, sizeof(*msg)); + + hdr->algo = SNP_AEAD_AES_256_GCM; + hdr->hdr_version = MSG_HDR_VER; + hdr->hdr_sz = sizeof(*hdr); + hdr->msg_type = req->msg_type; + hdr->msg_version = req->msg_version; + hdr->msg_seqno = seqno; + hdr->msg_vmpck = req->vmpck_id; + hdr->msg_sz = req->req_sz; + + /* Verify the sequence number is non-zero */ + if (!hdr->msg_seqno) + return -ENOSR; + + pr_debug("request [seqno %lld type %d version %d sz %d]\n", + hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz); + + if (WARN_ON((req->req_sz + ctx->authsize) > sizeof(msg->payload))) + return -EBADMSG; + + memcpy(iv, &hdr->msg_seqno, min(sizeof(iv), sizeof(hdr->msg_seqno))); + aesgcm_encrypt(ctx, msg->payload, req->req_buf, req->req_sz, &hdr->algo, + AAD_LEN, iv, hdr->authtag); + + return 0; +} + +static int __handle_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_req *req, + struct snp_guest_request_ioctl *rio) +{ + unsigned long req_start = jiffies; + unsigned int override_npages = 0; + u64 override_err = 0; + int rc; + +retry_request: + /* + * Call firmware to process the request. In this function the encrypted + * message enters shared memory with the host. So after this call the + * sequence number must be incremented or the VMPCK must be deleted to + * prevent reuse of the IV. + */ + rc = snp_issue_guest_request(req, &mdesc->input, rio); + switch (rc) { + case -ENOSPC: + /* + * If the extended guest request fails due to having too + * small of a certificate data buffer, retry the same + * guest request without the extended data request in + * order to increment the sequence number and thus avoid + * IV reuse. + */ + override_npages = mdesc->input.data_npages; + req->exit_code = SVM_VMGEXIT_GUEST_REQUEST; + + /* + * Override the error to inform callers the given extended + * request buffer size was too small and give the caller the + * required buffer size. + */ + override_err = SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN); + + /* + * If this call to the firmware succeeds, the sequence number can + * be incremented allowing for continued use of the VMPCK. If + * there is an error reflected in the return value, this value + * is checked further down and the result will be the deletion + * of the VMPCK and the error code being propagated back to the + * user as an ioctl() return code. + */ + goto retry_request; + + /* + * The host may return SNP_GUEST_VMM_ERR_BUSY if the request has been + * throttled. Retry in the driver to avoid returning and reusing the + * message sequence number on a different message. + */ + case -EAGAIN: + if (jiffies - req_start > SNP_REQ_MAX_RETRY_DURATION) { + rc = -ETIMEDOUT; + break; + } + schedule_timeout_killable(SNP_REQ_RETRY_DELAY); + goto retry_request; + } + + /* + * Increment the message sequence number. There is no harm in doing + * this now because decryption uses the value stored in the response + * structure and any failure will wipe the VMPCK, preventing further + * use anyway. + */ + snp_inc_msg_seqno(mdesc); + + if (override_err) { + rio->exitinfo2 = override_err; + + /* + * If an extended guest request was issued and the supplied certificate + * buffer was not large enough, a standard guest request was issued to + * prevent IV reuse. If the standard request was successful, return -EIO + * back to the caller as would have originally been returned. + */ + if (!rc && override_err == SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN)) + rc = -EIO; + } + + if (override_npages) + mdesc->input.data_npages = override_npages; + + return rc; +} + +int snp_send_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_req *req, + struct snp_guest_request_ioctl *rio) +{ + u64 seqno; + int rc; + + guard(mutex)(&snp_cmd_mutex); + + /* Check if the VMPCK is not empty */ + if (!mdesc->vmpck || !memchr_inv(mdesc->vmpck, 0, VMPCK_KEY_LEN)) { + pr_err_ratelimited("VMPCK is disabled\n"); + return -ENOTTY; + } + + /* Get message sequence and verify that its a non-zero */ + seqno = snp_get_msg_seqno(mdesc); + if (!seqno) + return -EIO; + + /* Clear shared memory's response for the host to populate. */ + memset(mdesc->response, 0, sizeof(struct snp_guest_msg)); + + /* Encrypt the userspace provided payload in mdesc->secret_request. */ + rc = enc_payload(mdesc, seqno, req); + if (rc) + return rc; + + /* + * Write the fully encrypted request to the shared unencrypted + * request page. + */ + memcpy(mdesc->request, &mdesc->secret_request, sizeof(mdesc->secret_request)); + + rc = __handle_guest_request(mdesc, req, rio); + if (rc) { + if (rc == -EIO && + rio->exitinfo2 == SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN)) + return rc; + + pr_alert("Detected error from ASP request. rc: %d, exitinfo2: 0x%llx\n", + rc, rio->exitinfo2); + + snp_disable_vmpck(mdesc); + return rc; + } + + rc = verify_and_dec_payload(mdesc, req); + if (rc) { + pr_alert("Detected unexpected decode failure from ASP. rc: %d\n", rc); + snp_disable_vmpck(mdesc); + return rc; + } + + return 0; +} +EXPORT_SYMBOL_GPL(snp_send_guest_request); diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index d0f7233b1430..264b6523fe52 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -31,9 +31,6 @@ #define DEVICE_NAME "sev-guest" -#define SNP_REQ_MAX_RETRY_DURATION (60*HZ) -#define SNP_REQ_RETRY_DELAY (2*HZ) - #define SVSM_MAX_RETRIES 3 struct snp_guest_dev { @@ -60,76 +57,6 @@ static int vmpck_id = -1; module_param(vmpck_id, int, 0444); MODULE_PARM_DESC(vmpck_id, "The VMPCK ID to use when communicating with the PSP."); -/* Mutex to serialize the shared buffer access and command handling. */ -static DEFINE_MUTEX(snp_cmd_mutex); - -/* - * If an error is received from the host or AMD Secure Processor (ASP) there - * are two options. Either retry the exact same encrypted request or discontinue - * using the VMPCK. - * - * This is because in the current encryption scheme GHCB v2 uses AES-GCM to - * encrypt the requests. The IV for this scheme is the sequence number. GCM - * cannot tolerate IV reuse. - * - * The ASP FW v1.51 only increments the sequence numbers on a successful - * guest<->ASP back and forth and only accepts messages at its exact sequence - * number. - * - * So if the sequence number were to be reused the encryption scheme is - * vulnerable. If the sequence number were incremented for a fresh IV the ASP - * will reject the request. - */ -static void snp_disable_vmpck(struct snp_msg_desc *mdesc) -{ - pr_alert("Disabling VMPCK%d communication key to prevent IV reuse.\n", - mdesc->vmpck_id); - memzero_explicit(mdesc->vmpck, VMPCK_KEY_LEN); - mdesc->vmpck = NULL; -} - -static inline u64 __snp_get_msg_seqno(struct snp_msg_desc *mdesc) -{ - u64 count; - - lockdep_assert_held(&snp_cmd_mutex); - - /* Read the current message sequence counter from secrets pages */ - count = *mdesc->os_area_msg_seqno; - - return count + 1; -} - -/* Return a non-zero on success */ -static u64 snp_get_msg_seqno(struct snp_msg_desc *mdesc) -{ - u64 count = __snp_get_msg_seqno(mdesc); - - /* - * The message sequence counter for the SNP guest request is a 64-bit - * value but the version 2 of GHCB specification defines a 32-bit storage - * for it. If the counter exceeds the 32-bit value then return zero. - * The caller should check the return value, but if the caller happens to - * not check the value and use it, then the firmware treats zero as an - * invalid number and will fail the message request. - */ - if (count >= UINT_MAX) { - pr_err("request message sequence counter overflow\n"); - return 0; - } - - return count; -} - -static void snp_inc_msg_seqno(struct snp_msg_desc *mdesc) -{ - /* - * The counter is also incremented by the PSP, so increment it by 2 - * and save in secrets page. - */ - *mdesc->os_area_msg_seqno += 2; -} - static inline struct snp_guest_dev *to_snp_dev(struct file *file) { struct miscdevice *dev = file->private_data; @@ -137,225 +64,6 @@ static inline struct snp_guest_dev *to_snp_dev(struct file *file) return container_of(dev, struct snp_guest_dev, misc); } -static int verify_and_dec_payload(struct snp_msg_desc *mdesc, struct snp_guest_req *req) -{ - struct snp_guest_msg *resp_msg = &mdesc->secret_response; - struct snp_guest_msg *req_msg = &mdesc->secret_request; - struct snp_guest_msg_hdr *req_msg_hdr = &req_msg->hdr; - struct snp_guest_msg_hdr *resp_msg_hdr = &resp_msg->hdr; - struct aesgcm_ctx *ctx = mdesc->ctx; - u8 iv[GCM_AES_IV_SIZE] = {}; - - pr_debug("response [seqno %lld type %d version %d sz %d]\n", - resp_msg_hdr->msg_seqno, resp_msg_hdr->msg_type, resp_msg_hdr->msg_version, - resp_msg_hdr->msg_sz); - - /* Copy response from shared memory to encrypted memory. */ - memcpy(resp_msg, mdesc->response, sizeof(*resp_msg)); - - /* Verify that the sequence counter is incremented by 1 */ - if (unlikely(resp_msg_hdr->msg_seqno != (req_msg_hdr->msg_seqno + 1))) - return -EBADMSG; - - /* Verify response message type and version number. */ - if (resp_msg_hdr->msg_type != (req_msg_hdr->msg_type + 1) || - resp_msg_hdr->msg_version != req_msg_hdr->msg_version) - return -EBADMSG; - - /* - * If the message size is greater than our buffer length then return - * an error. - */ - if (unlikely((resp_msg_hdr->msg_sz + ctx->authsize) > req->resp_sz)) - return -EBADMSG; - - /* Decrypt the payload */ - memcpy(iv, &resp_msg_hdr->msg_seqno, min(sizeof(iv), sizeof(resp_msg_hdr->msg_seqno))); - if (!aesgcm_decrypt(ctx, req->resp_buf, resp_msg->payload, resp_msg_hdr->msg_sz, - &resp_msg_hdr->algo, AAD_LEN, iv, resp_msg_hdr->authtag)) - return -EBADMSG; - - return 0; -} - -static int enc_payload(struct snp_msg_desc *mdesc, u64 seqno, struct snp_guest_req *req) -{ - struct snp_guest_msg *msg = &mdesc->secret_request; - struct snp_guest_msg_hdr *hdr = &msg->hdr; - struct aesgcm_ctx *ctx = mdesc->ctx; - u8 iv[GCM_AES_IV_SIZE] = {}; - - memset(msg, 0, sizeof(*msg)); - - hdr->algo = SNP_AEAD_AES_256_GCM; - hdr->hdr_version = MSG_HDR_VER; - hdr->hdr_sz = sizeof(*hdr); - hdr->msg_type = req->msg_type; - hdr->msg_version = req->msg_version; - hdr->msg_seqno = seqno; - hdr->msg_vmpck = req->vmpck_id; - hdr->msg_sz = req->req_sz; - - /* Verify the sequence number is non-zero */ - if (!hdr->msg_seqno) - return -ENOSR; - - pr_debug("request [seqno %lld type %d version %d sz %d]\n", - hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz); - - if (WARN_ON((req->req_sz + ctx->authsize) > sizeof(msg->payload))) - return -EBADMSG; - - memcpy(iv, &hdr->msg_seqno, min(sizeof(iv), sizeof(hdr->msg_seqno))); - aesgcm_encrypt(ctx, msg->payload, req->req_buf, req->req_sz, &hdr->algo, - AAD_LEN, iv, hdr->authtag); - - return 0; -} - -static int __handle_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_req *req, - struct snp_guest_request_ioctl *rio) -{ - unsigned long req_start = jiffies; - unsigned int override_npages = 0; - u64 override_err = 0; - int rc; - -retry_request: - /* - * Call firmware to process the request. In this function the encrypted - * message enters shared memory with the host. So after this call the - * sequence number must be incremented or the VMPCK must be deleted to - * prevent reuse of the IV. - */ - rc = snp_issue_guest_request(req, &mdesc->input, rio); - switch (rc) { - case -ENOSPC: - /* - * If the extended guest request fails due to having too - * small of a certificate data buffer, retry the same - * guest request without the extended data request in - * order to increment the sequence number and thus avoid - * IV reuse. - */ - override_npages = mdesc->input.data_npages; - req->exit_code = SVM_VMGEXIT_GUEST_REQUEST; - - /* - * Override the error to inform callers the given extended - * request buffer size was too small and give the caller the - * required buffer size. - */ - override_err = SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN); - - /* - * If this call to the firmware succeeds, the sequence number can - * be incremented allowing for continued use of the VMPCK. If - * there is an error reflected in the return value, this value - * is checked further down and the result will be the deletion - * of the VMPCK and the error code being propagated back to the - * user as an ioctl() return code. - */ - goto retry_request; - - /* - * The host may return SNP_GUEST_VMM_ERR_BUSY if the request has been - * throttled. Retry in the driver to avoid returning and reusing the - * message sequence number on a different message. - */ - case -EAGAIN: - if (jiffies - req_start > SNP_REQ_MAX_RETRY_DURATION) { - rc = -ETIMEDOUT; - break; - } - schedule_timeout_killable(SNP_REQ_RETRY_DELAY); - goto retry_request; - } - - /* - * Increment the message sequence number. There is no harm in doing - * this now because decryption uses the value stored in the response - * structure and any failure will wipe the VMPCK, preventing further - * use anyway. - */ - snp_inc_msg_seqno(mdesc); - - if (override_err) { - rio->exitinfo2 = override_err; - - /* - * If an extended guest request was issued and the supplied certificate - * buffer was not large enough, a standard guest request was issued to - * prevent IV reuse. If the standard request was successful, return -EIO - * back to the caller as would have originally been returned. - */ - if (!rc && override_err == SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN)) - rc = -EIO; - } - - if (override_npages) - mdesc->input.data_npages = override_npages; - - return rc; -} - -static int snp_send_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_req *req, - struct snp_guest_request_ioctl *rio) -{ - u64 seqno; - int rc; - - guard(mutex)(&snp_cmd_mutex); - - /* Check if the VMPCK is not empty */ - if (!mdesc->vmpck || !memchr_inv(mdesc->vmpck, 0, VMPCK_KEY_LEN)) { - pr_err_ratelimited("VMPCK is disabled\n"); - return -ENOTTY; - } - - /* Get message sequence and verify that its a non-zero */ - seqno = snp_get_msg_seqno(mdesc); - if (!seqno) - return -EIO; - - /* Clear shared memory's response for the host to populate. */ - memset(mdesc->response, 0, sizeof(struct snp_guest_msg)); - - /* Encrypt the userspace provided payload in mdesc->secret_request. */ - rc = enc_payload(mdesc, seqno, req); - if (rc) - return rc; - - /* - * Write the fully encrypted request to the shared unencrypted - * request page. - */ - memcpy(mdesc->request, &mdesc->secret_request, - sizeof(mdesc->secret_request)); - - rc = __handle_guest_request(mdesc, req, rio); - if (rc) { - if (rc == -EIO && - rio->exitinfo2 == SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN)) - return rc; - - pr_alert("Detected error from ASP request. rc: %d, exitinfo2: 0x%llx\n", - rc, rio->exitinfo2); - - snp_disable_vmpck(mdesc); - return rc; - } - - rc = verify_and_dec_payload(mdesc, req); - if (rc) { - pr_alert("Detected unexpected decode failure from ASP. rc: %d\n", rc); - snp_disable_vmpck(mdesc); - return rc; - } - - return 0; -} - struct snp_req_resp { sockptr_t req_data; sockptr_t resp_data; From patchwork Mon Jan 6 12:46:25 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13927392 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2067.outbound.protection.outlook.com [40.107.93.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 909301DAC92; Mon, 6 Jan 2025 12:47:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.67 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167651; cv=fail; b=OBT8MzAagK7f5okGR07e0eoj7VTWu7x+CV2SpF1dCj0/OTjCPBF+hoU47DLaGawwZ0dtwF1La3PncP2yir9w9oJtDmjeRcdfJtE8TDSGBsYGDOvIfdZ8BT1OZPLFAAMogu/V2twKZ/Zi2utgT85JtY6AO/ir/mU93fYWDWUTge4= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167651; c=relaxed/simple; bh=2+Z2A6q3X8ztQKcHUIib/4PdtFd3FqfSByLAG5HUSZU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=TznoweNwRwAJWpT6RQlTkAuaRXNW65H7cZTk8CC2IsZNIEE9djeN/gC9hDP47cKcjhzw8lFrELYTHxlOzRHNVq8SRt9WSl7hfprogoe8rdbHijO5yS8cBqxFDfUycqepC1T6N14Q4SinbdFQh2nH27FYTDmTFdw63NchAUNKUn8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=rNSxlEVb; arc=fail smtp.client-ip=40.107.93.67 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="rNSxlEVb" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=qHIjTTEMpB2UXBGsdJ+8sw7+kXx4vuzaCuh9rh5VY21fm2ydgf/SQXAxEBdxnBfVjFKpERBPiRjC3dK1E1EiIa8QOWlmrnufJvXa6LJ9wL87KFFGrDNE/kUQ+1LrpzlG1xAK9s3DAumJND99kyRtPCX4zf1ZwY8Itlkj9ZK7wUMhKwHRz4KKLuI2eIlsv70ji2VQUfWS8IZIgmIfGDCk0Nm9APY5HwFJcrqZzX7sbIYNvrCCBHJkdF0CpebczdBnZJiSWBPj+cnP3/OsosD5hvM3DjorGbjqUAoJuOjeVZPAhRzasj02yr1dI6QRH9Z0vqp6o0ZqCoMpO9bDUfRWTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AZ1yNYiV3cgC7Od5vge15wj9ydZFwz9HGRXqSrsd7Xg=; b=NlCbnsz8INUETKYDC/Uw5vaG4/YsRXn4S+8BBsgjZmauEF9B5pbxWPvZBrk+mZ+yMMS51xTnnadea4bcGmJKXfZkE8kZfBqPUyNiTaWUAwDH4MxZgGj1YB1gOvoqpdEeBeGF+BfMyNySJZHZn8np/6J5hohDHXPQWR8K9iye2x4D/z0ZUkwp9wXsuYxDfFysPjQ7mjtKQFqbwiGVsGco8Oq1F+n4xfKP+Mnjq8MYRRcpGrZmtABhuIBXIq9j1Mgoy8lHCwBg4nAuUbM5jygTrVlXVH29UAgFkZ5sGCdgR6lPKXyDB97IUUBj0XixP8C98xCy3kwScApM8/F7Y4r16A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AZ1yNYiV3cgC7Od5vge15wj9ydZFwz9HGRXqSrsd7Xg=; b=rNSxlEVbNF2wS56d50jQbkNT/uBFXFG+zs0YpeuYleQiGp/QXkwyUax9Ah+wMYFNCauNsoeOxConAejkSg4uhq6KxsKvyxsy5kQD055o1/7ee1UDf8a8K5CaQvImtkFC0pUXdvz5BazJKSLfZ4TSUriL8U5soRmF7o90K6xCHf4= Received: from PH7P221CA0017.NAMP221.PROD.OUTLOOK.COM (2603:10b6:510:32a::32) by DS7PR12MB8292.namprd12.prod.outlook.com (2603:10b6:8:e2::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.17; Mon, 6 Jan 2025 12:47:19 +0000 Received: from CY4PEPF0000EDD2.namprd03.prod.outlook.com (2603:10b6:510:32a:cafe::85) by PH7P221CA0017.outlook.office365.com (2603:10b6:510:32a::32) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8314.17 via Frontend Transport; Mon, 6 Jan 2025 12:47:19 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EDD2.mail.protection.outlook.com (10.167.241.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Mon, 6 Jan 2025 12:47:19 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 6 Jan 2025 06:47:13 -0600 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v16 05/13] x86/sev: Add Secure TSC support for SNP guests Date: Mon, 6 Jan 2025 18:16:25 +0530 Message-ID: <20250106124633.1418972-6-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250106124633.1418972-1-nikunj@amd.com> References: <20250106124633.1418972-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EDD2:EE_|DS7PR12MB8292:EE_ X-MS-Office365-Filtering-Correlation-Id: ea285610-13aa-4992-192d-08dd2e504207 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|36860700013|7416014|376014|1800799024; X-Microsoft-Antispam-Message-Info: KVnHlGlWWrgtnyC7wOMCL/Y/oLUe/pH/VfjUGOmaeXFi5d8+W7/as0M9o6PGbx7PMpbFtnDyiNlMnKojnCyVaTPyztWulZgUBRqeV7JW1AQK7v3tCzlR+7z0KrJmAsanAr5V8jr5tNyJZckc89oDkBfg54BWai8loLl+ZiQzoCc6H4GwFqRyVyOftnwaghpv0JJWuucusx57Ll/upZM/wnMoENRV1LIW1iE5MxdOsYS4uqsbtGFcYAVhtNjVrkJn/Uo+dYdcWZs6WSf5qRlYkdddsNEpxm/9yhHRAXFFsQOP2NkFs5HPY4SHeX9i84pNc2Oq7jS9Hg7rgU1H5twAGQzxLM8rxyKrJ5BUMVhdlAf+2/XqAr4kX1n54vPAlIuJ2NT7cCA2KNV4JuKqR0Vf0RFF4G5QE5W/+J0JIFb47CAK8c+gtMTktEHM2Cc7fu6oeAY5AEbxh4uOQKdFeuuiQLWYf7drTVk2VjFJJR2+UoNuSx6BfiIk8rm18kUS25Rh/tmmsKADITNysuFpTalhrQIn+pPCDLkGXTalOosc+6cS/DkillVrTT7CR4HWDxkcFyigP1qbTVVeMtKTCFD2EZa/k7JHfiFG89Trw5qwtNB9du6JdCeAOiiyb6HsSCc8gRgpsyVGnN0bIxlu5Zc0np7dZ+ry8OCVLZOjXmFmGU4LlvkHCNPjVyTdnLCkPAfPTZDbJmbO2OVCUMiZj+kdSKjk72hyj7/XiIrmu62FFdQ6IhXbm4s4MtKL2DvyrJj706jyMKKJlkUSU8JM1o/C2xQsUAoYC1W9+4Zw+GCROhwqz/mfUR00dYRjhEOnZdAfc5rZW168G+3O7fukhzBE0oLNAcu51x8roirgJZDMwSOWbM3hZJxdO8ir+ntO9Yc2IKSU6Xes30OGGTb6oLEEG9kOcPO0uLcB7nJG16AhhaJLeC0SSsTWxRC1NJmdI3g7xuUEcc41iPgT53arHiyTKZ/7aiQawqMc+phPqmk/TRKGnedcBTi2vHXMkotP+lfo75DAmcJ91mjuvBYVFvrWw4vfto3P+phSL8+xi8IVY9cEvttqdqbMyDlApOvUynMdv0UkQcUUuIwYAcpV4PEO0X+VsHlp3Ljs96g+ndG3VIBdBHaBkvbxVdSUfKt1+GUFHZjXPYGvwMEgOyomfUHlpuW2D+0Sy2T1TmAa8GMTZon7YWpBKmi0UKw/FTliStAiVhAzRdmJ+rovm2xpxCk5NZgNdIQs3FDmObiiBQHM/L7hvN3R83KxHysM+gHapWOqT3/fr1lSKXkMQMBAC+9DAyz08fHxud30tYiLbxMPwpVoZtASpRRwrNHVBEsGew99NDTOUeW8ED7zQmEnNA3wXJFe54zJuUJwB77vTSas2/ZI9S5A9DGWqkQW9xg+d40SC2I/4gEHyr/iyPTw3ZXshAXbRJ+mx/periItBKxirsjoLpMN3FNVVP+M4nkRMYXLdlNTGcNaMfwlMnir6/1SFQeRP3rK+KRQyuLsvaIsoYc= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(7416014)(376014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jan 2025 12:47:19.4782 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ea285610-13aa-4992-192d-08dd2e504207 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EDD2.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB8292 Add support for Secure TSC in SNP-enabled guests. Secure TSC allows guests to securely use RDTSC/RDTSCP instructions, ensuring that the parameters used cannot be altered by the hypervisor once the guest is launched. Secure TSC-enabled guests need to query TSC information from the AMD Security Processor. This communication channel is encrypted between the AMD Security Processor and the guest, with the hypervisor acting merely as a conduit to deliver the guest messages to the AMD Security Processor. Each message is protected with AEAD (AES-256 GCM). Signed-off-by: Nikunj A Dadhania Reviewed-by: Tom Lendacky --- arch/x86/include/asm/sev-common.h | 1 + arch/x86/include/asm/sev.h | 21 ++++++ arch/x86/include/asm/svm.h | 6 +- include/linux/cc_platform.h | 8 +++ arch/x86/coco/core.c | 4 ++ arch/x86/coco/sev/core.c | 107 ++++++++++++++++++++++++++++++ arch/x86/mm/mem_encrypt.c | 2 + 7 files changed, 147 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h index 50f5666938c0..6ef92432a5ce 100644 --- a/arch/x86/include/asm/sev-common.h +++ b/arch/x86/include/asm/sev-common.h @@ -206,6 +206,7 @@ struct snp_psc_desc { #define GHCB_TERM_NO_SVSM 7 /* SVSM is not advertised in the secrets page */ #define GHCB_TERM_SVSM_VMPL0 8 /* SVSM is present but has set VMPL to 0 */ #define GHCB_TERM_SVSM_CAA 9 /* SVSM is present but CAA is not page aligned */ +#define GHCB_TERM_SECURE_TSC 10 /* Secure TSC initialization failed */ #define GHCB_RESP_CODE(v) ((v) & GHCB_MSR_INFO_MASK) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 0937ac7a96db..bdcdaac4df1c 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -146,6 +146,9 @@ enum msg_type { SNP_MSG_VMRK_REQ, SNP_MSG_VMRK_RSP, + SNP_MSG_TSC_INFO_REQ = 17, + SNP_MSG_TSC_INFO_RSP, + SNP_MSG_TYPE_MAX }; @@ -174,6 +177,21 @@ struct snp_guest_msg { u8 payload[PAGE_SIZE - sizeof(struct snp_guest_msg_hdr)]; } __packed; +#define SNP_TSC_INFO_REQ_SZ 128 + +struct snp_tsc_info_req { + u8 rsvd[SNP_TSC_INFO_REQ_SZ]; +} __packed; + +struct snp_tsc_info_resp { + u32 status; + u32 rsvd1; + u64 tsc_scale; + u64 tsc_offset; + u32 tsc_factor; + u8 rsvd2[100]; +} __packed; + struct snp_guest_req { void *req_buf; size_t req_sz; @@ -463,6 +481,8 @@ void snp_msg_free(struct snp_msg_desc *mdesc); int snp_send_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_req *req, struct snp_guest_request_ioctl *rio); +void __init snp_secure_tsc_prepare(void); + #else /* !CONFIG_AMD_MEM_ENCRYPT */ #define snp_vmpl 0 @@ -503,6 +523,7 @@ static inline struct snp_msg_desc *snp_msg_alloc(void) { return NULL; } static inline void snp_msg_free(struct snp_msg_desc *mdesc) { } static inline int snp_send_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_req *req, struct snp_guest_request_ioctl *rio) { return -ENODEV; } +static inline void __init snp_secure_tsc_prepare(void) { } #endif /* CONFIG_AMD_MEM_ENCRYPT */ diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 2b59b9951c90..92e18798f197 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -417,7 +417,9 @@ struct sev_es_save_area { u8 reserved_0x298[80]; u32 pkru; u32 tsc_aux; - u8 reserved_0x2f0[24]; + u64 tsc_scale; + u64 tsc_offset; + u8 reserved_0x300[8]; u64 rcx; u64 rdx; u64 rbx; @@ -564,7 +566,7 @@ static inline void __unused_size_checks(void) BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x1c0); BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x248); BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x298); - BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x2f0); + BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x300); BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x320); BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x380); BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x3f0); diff --git a/include/linux/cc_platform.h b/include/linux/cc_platform.h index caa4b4430634..0bf7d33a1048 100644 --- a/include/linux/cc_platform.h +++ b/include/linux/cc_platform.h @@ -81,6 +81,14 @@ enum cc_attr { */ CC_ATTR_GUEST_SEV_SNP, + /** + * @CC_ATTR_GUEST_SNP_SECURE_TSC: SNP Secure TSC is active. + * + * The platform/OS is running as a guest/virtual machine and actively + * using AMD SEV-SNP Secure TSC feature. + */ + CC_ATTR_GUEST_SNP_SECURE_TSC, + /** * @CC_ATTR_HOST_SEV_SNP: AMD SNP enabled on the host. * diff --git a/arch/x86/coco/core.c b/arch/x86/coco/core.c index 0f81f70aca82..715c2c09582f 100644 --- a/arch/x86/coco/core.c +++ b/arch/x86/coco/core.c @@ -97,6 +97,10 @@ static bool noinstr amd_cc_platform_has(enum cc_attr attr) case CC_ATTR_GUEST_SEV_SNP: return sev_status & MSR_AMD64_SEV_SNP_ENABLED; + case CC_ATTR_GUEST_SNP_SECURE_TSC: + return (sev_status & MSR_AMD64_SEV_SNP_ENABLED) && + (sev_status & MSR_AMD64_SNP_SECURE_TSC); + case CC_ATTR_HOST_SEV_SNP: return cc_flags.host_sev_snp; diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index feb145df6bf7..00a0ac3baab7 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -96,6 +96,14 @@ static u64 sev_hv_features __ro_after_init; /* Secrets page physical address from the CC blob */ static u64 secrets_pa __ro_after_init; +/* + * For Secure TSC guests, the BSP fetches TSC_INFO using SNP guest messaging and + * initializes snp_tsc_scale and snp_tsc_offset. These values are replicated + * across the APs VMSA fields (TSC_SCALE and TSC_OFFSET). + */ +static u64 snp_tsc_scale __ro_after_init; +static u64 snp_tsc_offset __ro_after_init; + /* #VC handler runtime per-CPU data */ struct sev_es_runtime_data { struct ghcb ghcb_page; @@ -1272,6 +1280,12 @@ static int wakeup_cpu_via_vmgexit(u32 apic_id, unsigned long start_ip) vmsa->vmpl = snp_vmpl; vmsa->sev_features = sev_status >> 2; + /* Populate AP's TSC scale/offset to get accurate TSC values. */ + if (cc_platform_has(CC_ATTR_GUEST_SNP_SECURE_TSC)) { + vmsa->tsc_scale = snp_tsc_scale; + vmsa->tsc_offset = snp_tsc_offset; + } + /* Switch the page over to a VMSA page now that it is initialized */ ret = snp_set_vmsa(vmsa, caa, apic_id, true); if (ret) { @@ -3121,3 +3135,96 @@ int snp_send_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_req *req return 0; } EXPORT_SYMBOL_GPL(snp_send_guest_request); + +static int __init snp_get_tsc_info(void) +{ + struct snp_guest_request_ioctl *rio; + struct snp_tsc_info_resp *tsc_resp; + struct snp_tsc_info_req *tsc_req; + struct snp_msg_desc *mdesc; + struct snp_guest_req *req; + int rc = -ENOMEM; + + tsc_req = kzalloc(sizeof(*tsc_req), GFP_KERNEL); + if (!tsc_req) + return rc; + + /* + * The intermediate response buffer is used while decrypting the + * response payload. Make sure that it has enough space to cover + * the authtag. + */ + tsc_resp = kzalloc(sizeof(*tsc_resp) + AUTHTAG_LEN, GFP_KERNEL); + if (!tsc_resp) + goto e_free_tsc_req; + + req = kzalloc(sizeof(*req), GFP_KERNEL); + if (!req) + goto e_free_tsc_resp; + + rio = kzalloc(sizeof(*rio), GFP_KERNEL); + if (!rio) + goto e_free_req; + + mdesc = snp_msg_alloc(); + if (IS_ERR_OR_NULL(mdesc)) + goto e_free_rio; + + rc = snp_msg_init(mdesc, snp_vmpl); + if (rc) + goto e_free_mdesc; + + req->msg_version = MSG_HDR_VER; + req->msg_type = SNP_MSG_TSC_INFO_REQ; + req->vmpck_id = snp_vmpl; + req->req_buf = tsc_req; + req->req_sz = sizeof(*tsc_req); + req->resp_buf = (void *)tsc_resp; + req->resp_sz = sizeof(*tsc_resp) + AUTHTAG_LEN; + req->exit_code = SVM_VMGEXIT_GUEST_REQUEST; + + rc = snp_send_guest_request(mdesc, req, rio); + if (rc) + goto e_request; + + pr_debug("%s: response status 0x%x scale 0x%llx offset 0x%llx factor 0x%x\n", + __func__, tsc_resp->status, tsc_resp->tsc_scale, tsc_resp->tsc_offset, + tsc_resp->tsc_factor); + + if (!tsc_resp->status) { + snp_tsc_scale = tsc_resp->tsc_scale; + snp_tsc_offset = tsc_resp->tsc_offset; + } else { + pr_err("Failed to get TSC info, response status 0x%x\n", tsc_resp->status); + rc = -EIO; + } + +e_request: + /* The response buffer contains sensitive data, explicitly clear it. */ + memzero_explicit(tsc_resp, sizeof(*tsc_resp) + AUTHTAG_LEN); +e_free_mdesc: + snp_msg_free(mdesc); +e_free_rio: + kfree(rio); +e_free_req: + kfree(req); + e_free_tsc_resp: + kfree(tsc_resp); +e_free_tsc_req: + kfree(tsc_req); + + return rc; +} + +void __init snp_secure_tsc_prepare(void) +{ + if (!cc_platform_has(CC_ATTR_GUEST_SNP_SECURE_TSC)) + return; + + if (snp_get_tsc_info()) { + pr_alert("Unable to retrieve Secure TSC info from ASP\n"); + sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_SECURE_TSC); + } + + pr_debug("SecureTSC enabled"); +} diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index 0a120d85d7bb..95bae74fdab2 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -94,6 +94,8 @@ void __init mem_encrypt_init(void) /* Call into SWIOTLB to update the SWIOTLB DMA buffers */ swiotlb_update_mem_attributes(); + snp_secure_tsc_prepare(); + print_mem_encrypt_feature_info(); } From patchwork Mon Jan 6 12:46:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13927393 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam04on2065.outbound.protection.outlook.com [40.107.100.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 67A4F1DD885; Mon, 6 Jan 2025 12:47:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.100.65 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167654; cv=fail; b=HqUkohaUQNSHHj/s0Cwk8ftGqrWiiqBxYV+amxlHGygcgUfix9GtWMMSs/B0oQl6F62hyaggV5bp9NunqDQTMapcwvTH3vxO/92S/BlP/AZ39b0QdJ1OYThRBQTKIeNK3zA36y7M7WOYWyN8NCy3icS6l561PZz4nc1PlkuDceQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167654; c=relaxed/simple; bh=+Mt4Xo4gq8YF5s5PTqxV7Wv8SJjh8nDI0ios4yKNSgY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=M49vI8AsHpFtefhhXoNxATqQtoRphECtTthszmwS30tivdP770k2Zn6Wq+j6M4mkcgg0F0P1A+IX5NdKuYdcQ6wkTa6aOIU6tHb1Ete7mxDrcu4LJiUU6bbbixBxXy72fuNCc6XKpHPE27u/EM894k/dKmgf72zhfyHyjsxM/so= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=1/8GSJUm; arc=fail smtp.client-ip=40.107.100.65 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="1/8GSJUm" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=EwUf8VA95M6SrsIUL9sGwrVYzPTwatZK//qA02syxytYsmPIQ+oaJJKpraCx9f8SubDN348nqtA7xe/eKHUQp+458QdX0TEj1bwau3lTPWJ7uholhaBzNLB5LMFsSeNBB93g0FjAa+JQZGYHk/OBdskXBFqKkWO5geWb4HmfmWH4D8Yy5enGyMY20mbW6oyVqbHRBXqljVeeO4NErLOUq/YIXTCf2tviHGXjiPMk/lmRyz4SCp5p7rb78wPTWNVU3fHfWoSY8qibgxY6CrhkuDiJ0Z+QeXMJxldv16t7/td9Aaco1NP5+oelV4H2Ahj7j87CyyjVyLLbNij89CKOqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4pqoswnoX0/qe+gUbJAMNlCMH29+ydjopKLUifvQLc8=; b=vg0AP5n22mUrdwYp8W6fFv865SdJbM+QxRxkHPsLvrDdneaIHPnXjXnzDxUVRhBsH+9tzgg+J2sdVkIuWYQQu5EfFgPjjYoq3xlmC+qFybQNhJydy/QZZcfGhmux038fnPr+t0Xl3AXS3qNX+PO31i3FBrdaKbsAMsn/j73WxPHsUaKVM0/Hcff9PFnVD7vYaMSNIdMSIkQr5R9XnEmp9mnvjlC9MMl3VjtNxiG3NmWq52sp274wruBpBZviXu+YDxbVT8BItFrKmcWkbbDErZbhhTvYlj2UfYRHMOlySmTy7rwm7XaPUxrDiJyKl1ZsHSv52GEWi7ziOD/b2V6Q9Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4pqoswnoX0/qe+gUbJAMNlCMH29+ydjopKLUifvQLc8=; b=1/8GSJUmf9E2e1IdVQ2nClQUk3GrYISeaXTmLwVBrAPpEyeRjTc24jNttV9hDK7uqSZIuKCOP180ITmlupgT4fHdcqSnqJxEduWiNLNNgOdufc2e8Yba6Cw3+H2mYQcv3mTYYNFmv+pLRSZcBIebE0Xo0syE138lLV6leklAtvc= Received: from PH7P221CA0001.NAMP221.PROD.OUTLOOK.COM (2603:10b6:510:32a::7) by PH0PR12MB7837.namprd12.prod.outlook.com (2603:10b6:510:282::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.16; Mon, 6 Jan 2025 12:47:22 +0000 Received: from CY4PEPF0000EDD6.namprd03.prod.outlook.com (2603:10b6:510:32a:cafe::3f) by PH7P221CA0001.outlook.office365.com (2603:10b6:510:32a::7) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8314.17 via Frontend Transport; Mon, 6 Jan 2025 12:47:22 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EDD6.mail.protection.outlook.com (10.167.241.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Mon, 6 Jan 2025 12:47:22 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 6 Jan 2025 06:47:17 -0600 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v16 06/13] x86/sev: Change TSC MSR behavior for Secure TSC enabled guests Date: Mon, 6 Jan 2025 18:16:26 +0530 Message-ID: <20250106124633.1418972-7-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250106124633.1418972-1-nikunj@amd.com> References: <20250106124633.1418972-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EDD6:EE_|PH0PR12MB7837:EE_ X-MS-Office365-Filtering-Correlation-Id: 2cc5a2e8-e4fe-4a34-15b4-08dd2e5043d3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|7416014|1800799024|376014|82310400026; X-Microsoft-Antispam-Message-Info: 5142mRJq4/A1mQ45XovChaIg1/kzKoqMPeqTf9ffv5S4cwS4VdZVvIkfmJaOF+WOYUFXUMM7IKyTxqg51MoS2vEXvforSpGOC2hzy+xGgkKwvqydfv7U+R3gA5CdYD1+/yaFtN6mMP38d9sFSaxbPh7/u5LjJEtxMfkbIxDknHt4pAtQqL827MZQ71PlUA8U7C0w0TeqHF6dSIZugM8SPdZsQ6h/OXPuApZfzgHuS5c2neYXpjoqnYJyzVppDKHtEIg6Yp84PQnBx10Vm5Q+bBfxSkpUNBc7qdqWB4fj34myc2n3NtWlfUtRT52vqz+agEzXgI7batH7Qz6gS8/F4CvrzZNhzZfKEi/5nk+jQTwAgRgxCtT4VBYhz2I0l9wKPG0U84YQ3EvpKaKxCyxZYlVzJrY2MSkgQDlLenJx3KVS9I7+b8Yjcfq/wQmUg4y6frY3NDDUoFtjhQbFK5Kxkip74S9RJY8rHOp4min4dsdd16ebPCWZsfQXHUxeFuHsAuQ8ZVshuhrwlVIV3otlZSprYA32gl8ImHaNGwagyb4GkPJMYcN4DAM1l6oYB7lG85yny+xBIDGyxyG1wN32tZpDG8wJw7Cw8Xit1ChHngiGqEU+C/qbCtM7vNVyNrNJyP0KV0HMToIP8BUCYFsrYkH+574ap1vxgSpfWf7uYkcAToFlkwDCI5yFxfprYwRqyCq6SFmUXgI8B7PH3pRU5BcWCmJlflkzGzG0UmxYJr8YlSLMUK9v/pjASC1j5s4ZQHtyEaJFdq65tP44RdtgGnR9Z27EZACc5TivGsi3KJ18tJf1cxFVJ/y7Qn/giKx98h1z+FUoo/8zA2d+ooYEqPqah/GNGJ32eeAyIc1KjupBFmg9RYwF+grkAyhj1k80jWUAoWa+W5CaQ7fERi3eo2ckiDecThYw1cptPT9QsH7OaP7nvczLi6pRis16m6ER31i+CHy29oSRugCbwPOYvYRoSgiABY4QbEjUVR6nkd5iJFZ59jZXv6AC7Hr4E6yvGoYEBFZ8+PpRdnn7o/08AMHOCuZ93+PSQ453dNME81n1blVytbzm6hnPOnO1YR3exDM1+EmtX5/tBWw14hAX0aflQ7xYoAqNHYwvsNv2wlmgiI1YnAXT7evNju/zQ05TMTU1NTQvZouAamxPMk36OdXrc+dBJsmvSoT9aVNhuMT0kgvwwrhFC6edV/CyrORjY3JnZAAOxb8FpVdl78bRSaSazeozNGkoI0ThEiaguZWP2Td0h5Fc0idMoCfWGfrxBHZLtRqY4esDg6/bLk23xf+P0UiwyJINUAirvb+eUaKBI+IE7RCNDcIgsUaq+8J5gkYAzlD1U6tPTOHwS6pnAEQQIPieR5h+0v2iezpNcw2w9BU27ONLAEsFh+eJS6JpL1p4sfcoeFv5JofsItx8OZb4VacgMXO0FqnVRBC0EaVe/smUcUGrALCu0nPRfvwQqD5wLOdvt31vJe2ViDRD6+J6HhsRiYtXhP4/HsAEhkg= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(7416014)(1800799024)(376014)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jan 2025 12:47:22.4928 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2cc5a2e8-e4fe-4a34-15b4-08dd2e5043d3 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EDD6.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR12MB7837 Secure TSC enabled guests should not write to the MSR_IA32_TSC(10H) register as the subsequent TSC value reads are undefined. For AMD platform, MSR_IA32_TSC is intercepted by the hypervisor. MSR_IA32_TSC read/write accesses should not exit to the hypervisor for such guests. Accesses to MSR_IA32_TSC needs special handling in the #VC handler for the guests with Secure TSC enabled. Writes to MSR_IA32_TSC should be ignored and flagged once with a warning, and reads of MSR_IA32_TSC should return the result of the RDTSC instruction. Signed-off-by: Nikunj A Dadhania Reviewed-by: Tom Lendacky --- arch/x86/coco/sev/core.c | 39 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 00a0ac3baab7..f49d3e97e170 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1428,6 +1428,34 @@ static enum es_result __vc_handle_msr_caa(struct pt_regs *regs, bool write) return ES_OK; } +/* + * TSC related accesses should not exit to the hypervisor when a guest is + * executing with Secure TSC enabled, so special handling is required for + * accesses of MSR_IA32_TSC. + */ +static enum es_result __vc_handle_secure_tsc_msrs(struct pt_regs *regs, bool write) +{ + u64 tsc; + + /* + * Writes: Writing to MSR_IA32_TSC can cause subsequent reads of the TSC + * to return undefined values, so ignore all writes. + * + * Reads: Reads of MSR_IA32_TSC should return the current TSC value, use + * the value returned by rdtsc_ordered(). + */ + if (write) { + WARN_ONCE(1, "TSC MSR writes are verboten!\n"); + return ES_OK; + } + + tsc = rdtsc_ordered(); + regs->ax = lower_32_bits(tsc); + regs->dx = upper_32_bits(tsc); + + return ES_OK; +} + static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt) { struct pt_regs *regs = ctxt->regs; @@ -1437,8 +1465,17 @@ static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt) /* Is it a WRMSR? */ write = ctxt->insn.opcode.bytes[1] == 0x30; - if (regs->cx == MSR_SVSM_CAA) + switch (regs->cx) { + case MSR_SVSM_CAA: return __vc_handle_msr_caa(regs, write); + case MSR_IA32_TSC: + if (sev_status & MSR_AMD64_SNP_SECURE_TSC) + return __vc_handle_secure_tsc_msrs(regs, write); + else + break; + default: + break; + } ghcb_set_rcx(ghcb, regs->cx); if (write) { From patchwork Mon Jan 6 12:46:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13927394 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2066.outbound.protection.outlook.com [40.107.212.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0934F1DED58; Mon, 6 Jan 2025 12:47:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.212.66 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167658; cv=fail; b=sFPnaR99UyQ5NmtSP4Mr1QZBSK57pI+Jpop0JxHAwxDWASsRf87FmRrc+esE6jEpC58faG44aeAmIABeOMpw5GsqBgtPHRNADuBL5s31c693UYgPuTe7rOVVj4yYwZZbVhxSnznuGmtgBN4+P+3bB6uxhqbFdmH77TDxfvKykrw= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167658; c=relaxed/simple; bh=kcAVba4kClpBYhKhpRXE6mm7wgwJ3ChrH34if8g6p+I=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=QbbbkccHXu99ELVyQm84P6S13orQAQPK10llhSDTIcKpLUdixnFw1mLz1aphl7LuF/2pVUutNQPCDtuydzpUcCX3sehRNx9NUf93TXDJaTPprTKecJTyvhfxMEsU9lcwJq3RHhDRC6bsvWttjdVYLOXLFB5CkRPQlcYQQ6xWn7M= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=kuG1orKj; arc=fail smtp.client-ip=40.107.212.66 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="kuG1orKj" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=J61xh2ll/k3XOj2mVosER592nGu8yVc0ct1NdOT9uf0J/xxTR95ES1ReMLEYv3imYL1phIIm4y///CI6gsM9WRoEayYi0ZzXcypNfMkvV3c8CfBDeWDB0awgX9pyQZIv4T6GzYUM5czOM8qSz0nHbz/aGs7TtgBdUiF+ia7Nxi1ByIBZQywrp1aN8z4iunhfeAandrh+4XrO6Ykwwr8hnqh4xxAL7B8yUoRhGTVtXeie2TIqNEXUKbv0GH+3dBPPGDKQUOyPn5RmVSwOty+LIoFjU2QHkL2Q14h6M4zjpu0F7cQIhEOOJ7RbkuC+HV73a+Upuh4PW/FVqXn652vlqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=d40jDv2EoA8qkjBQnhMpVkyini3Wdb/Qul8jAxhT3Dk=; b=mOJ0V3pcNILeqhJktIj8JpNofQHaoxj6O7j4wliPRUDLo+SdEa5PiuviU0/cPDlK6K6e5hiPQVQYCFTmDtCmzNaViLlA8n8wSOLiGnxu7AliirV9sWQn4Ut0aB6dFAF4rYHJwVnKXhJGn6L/7lGO07n32u4ikLu6TaVeGCyFnKf7bxD1gJ0BCkRYEUEz3APQy12Zfu8yYiZBZCmGWgmr1agouoJP7oFiWRkIOWUrKPOyUj2pQbeFgR2oQ4rQFS5c09AoNFMss61vDi2hMecsosl+iS1ZhuxTWFjTitfCM0smIQO61QDuChn+uIUN6yPyZ4jfVPYfQ/0FO8tFHBn+ag== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=d40jDv2EoA8qkjBQnhMpVkyini3Wdb/Qul8jAxhT3Dk=; b=kuG1orKjD8ZGyQpC0brZZ2H3/06KE5OB4V7jIOIEGYMJO046J0+owQJfjAgvEKtd1lJTc1HSf9T6YUOb9yCLN6KkO5Y7XX2Z7AOnSFPu/6fsGy6PqC+FDnTtvyshW4O3WH8+43V4l+MtKYbTryL/TUv8dk5gBwwiKEcqzVu0mDM= Received: from CY5PR22CA0009.namprd22.prod.outlook.com (2603:10b6:930:16::20) by DM4PR12MB6496.namprd12.prod.outlook.com (2603:10b6:8:bd::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.17; Mon, 6 Jan 2025 12:47:26 +0000 Received: from CY4PEPF0000EDD3.namprd03.prod.outlook.com (2603:10b6:930:16:cafe::c3) by CY5PR22CA0009.outlook.office365.com (2603:10b6:930:16::20) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8314.17 via Frontend Transport; Mon, 6 Jan 2025 12:47:26 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EDD3.mail.protection.outlook.com (10.167.241.199) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Mon, 6 Jan 2025 12:47:26 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 6 Jan 2025 06:47:21 -0600 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v16 07/13] x86/sev: Prevent GUEST_TSC_FREQ MSR interception for Secure TSC enabled guests Date: Mon, 6 Jan 2025 18:16:27 +0530 Message-ID: <20250106124633.1418972-8-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250106124633.1418972-1-nikunj@amd.com> References: <20250106124633.1418972-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EDD3:EE_|DM4PR12MB6496:EE_ X-MS-Office365-Filtering-Correlation-Id: c3f27baa-d910-48ba-310c-08dd2e504639 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|376014|82310400026|36860700013; X-Microsoft-Antispam-Message-Info: R7jDx+2GJ/DhjYRr6KEoi4B0FvCrZMPEgAhpKaxIjhnFKP5v3+02S8JCPaUcVFi5uSISwt0kCXSdckXBs6h5kQl0mZns/49cPE4XDVwTB+bK3nkt4OaCYNURquLRzl8RaFSJjo+rbSxzkFztcezZgiqON/O10v7JbiUcVLIL8hamQPLOLKLEWEhNbsiBxHbpNafkt7O4baX/k0JW/ZQycqZYpjiKUE7IqV+3rQx3TnoiXLjUV22gVoElIv13chzn8NonPAlLRIj6SDDR17BZTLBmNSBz7FJ5j25dNPWnBBSJF80POQm6Jm88d1lcpvaYrA7oq3wMq/zHpcS8WABO4B6/7fy/DBrkB1wWNYklJx6RuWHE2Sm1xfUP4JdmCmWg4gAMvqtnDaCgcOzx+crACsmhsRD1k9Wrsrv/6Iq0q+STSCapCFCZKFlGRUB6CFglc/zsLdePZDc409nEmOsSQtVavuRphy77Qy6XXoZWqwf7IIVGgyuMNL8gkxVlr7djL3of9lDcYAL+J7d+Sz5nU+1fQLfJtuEifP8qODSFLB+9rCuV2gx/EoxRB7VAebowno1SmEAhTe8xuUA6PtPX00kecMDwkp/ir/XTgo/RMQeebTjKB0lKe6CToagqR1T0I6FCuy/ENShXciI6Wqsm6gMisgLrWKEy9S9dcu2Vqese3oVWu6cgv9ez3W2TfWAi9v1aVhTlM9iR2D58worYyam36d16Q3BbSi/c4ZlVNAtr7/0JuCpYCncPiEith+kxzezV3fzxpvQq4VzMABQhpe7RYx1I6+aFAKd0wCRk3x+OzyqaS2twqch5ohg6JYeBdrWSfOIaVRfLnHwdebh6jm6A+VkzhmArKn+i3FQuzHUF//otllX/QF/sTNuvIfcAR/H1mxI7PxrIRuBewMUyIV1tWX/FzqH7U+b8oagpd+2UxK3jjGczUB5Ba6wzgO2KDVVwtQcYfaO6IBMxDgaFMyRhb5Dv57Pe0t8z9VXsT2wamNG1nBgoGCdzvtQupgOe1ILXAs8fBUoBSe9gnWpz/qcNZJxVTc2cXdw5VmzzWof+uMdpkIqdLGHMlAac2L5AV6T9pnGUhDwiq1EvD1tsRTKlqi/4TfaCoT5560OXf444rwbDgQ4Ula3yfErwm6Egi0EWQbNe9BubS/zYXNmLpiSkIyTjwZMlCm69vVRNA5l6tBx5z2oqdFlnXiNEMzQrohZp5Y6kLRZzkn6wJrm09QGqtfFZj1/JhtBPqBiUuoyM3DZ7TIQB0mm4VU3AqU/lMIWu6B3S8RH1Xxonh6BjGNNIM0kc6eaCYLN2t/EE3jA0W0r0ejPFCJKNDb2Ak0ilFmftzzRxm+kEwXl+ZZRXhmn70Wji7mVaqbLbEkjJpcS3YpEBkYjWCOyE1+p1r4byaIaAgDS5611Esofx4DCm+kF59oZAag5pVtIY4ntBUKbijJ3pyGSfjZMGEsVrIfquzKzuRDP6Hwgo3B+AJH5bGUnf5MdmyYe3oAQJhn7ReJE= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(376014)(82310400026)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jan 2025 12:47:26.5174 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c3f27baa-d910-48ba-310c-08dd2e504639 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EDD3.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB6496 The hypervisor should not be intercepting GUEST_TSC_FREQ MSR(0xcOO10134) when Secure TSC is enabled. A #VC exception will be generated if the GUEST_TSC_FREQ MSR is being intercepted. If this should occur and Secure TSC is enabled, terminate guest execution. Signed-off-by: Nikunj A Dadhania Reviewed-by: Tom Lendacky --- arch/x86/include/asm/msr-index.h | 1 + arch/x86/coco/sev/core.c | 10 +++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index 3f3e2bc99162..9a71880eec07 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -608,6 +608,7 @@ #define MSR_AMD_PERF_CTL 0xc0010062 #define MSR_AMD_PERF_STATUS 0xc0010063 #define MSR_AMD_PSTATE_DEF_BASE 0xc0010064 +#define MSR_AMD64_GUEST_TSC_FREQ 0xc0010134 #define MSR_AMD64_OSVW_ID_LENGTH 0xc0010140 #define MSR_AMD64_OSVW_STATUS 0xc0010141 #define MSR_AMD_PPIN_CTL 0xc00102f0 diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index f49d3e97e170..dbf4531c6271 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1431,12 +1431,19 @@ static enum es_result __vc_handle_msr_caa(struct pt_regs *regs, bool write) /* * TSC related accesses should not exit to the hypervisor when a guest is * executing with Secure TSC enabled, so special handling is required for - * accesses of MSR_IA32_TSC. + * accesses of MSR_IA32_TSC and MSR_AMD64_GUEST_TSC_FREQ. */ static enum es_result __vc_handle_secure_tsc_msrs(struct pt_regs *regs, bool write) { u64 tsc; + /* + * GUEST_TSC_FREQ should not be intercepted when Secure TSC is enabled. + * Terminate the SNP guest when the interception is enabled. + */ + if (regs->cx == MSR_AMD64_GUEST_TSC_FREQ) + return ES_VMM_ERROR; + /* * Writes: Writing to MSR_IA32_TSC can cause subsequent reads of the TSC * to return undefined values, so ignore all writes. @@ -1469,6 +1476,7 @@ static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt) case MSR_SVSM_CAA: return __vc_handle_msr_caa(regs, write); case MSR_IA32_TSC: + case MSR_AMD64_GUEST_TSC_FREQ: if (sev_status & MSR_AMD64_SNP_SECURE_TSC) return __vc_handle_secure_tsc_msrs(regs, write); else From patchwork Mon Jan 6 12:46:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13927395 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2046.outbound.protection.outlook.com [40.107.237.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1D7AA1DEFDA; Mon, 6 Jan 2025 12:47:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.46 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167662; cv=fail; b=f6ApMZuOM6hxHscum8TpulSIq7SVlGGV2uZSI1ea3M2UddiqwQjUQmpqiGZDZ02HRAS5Y3y071QMhlOX9+/vO5PlUodZjagilw4XzG3AVqgoxxO/2eap0Ws5ePNE1c2IwwHJWudf68ATp7bCJFNLtWIKH2PNOSQh5+9nCqptoNY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167662; c=relaxed/simple; bh=Y08Mu2rxlE+w2qUVyI5VmnUDD1tgpq5fPwD3FWr/WFE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=h2352qiaf+CCA932JXLJroHhAEaxj+tRGZkXbPs5szsjC7a7ywd5JvElb0G9piq61H9DKHwBwKfi3tCQx5k0M8rQh11IHqRPCtOT1LS7/sMHi0TpD5STfgnt1FsnEdF3HAOXXZwVHg4HrAC67h4HsrQaoAftUaeb9B7iaDsuDU4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=fmY9FcuB; arc=fail smtp.client-ip=40.107.237.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="fmY9FcuB" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Fk/2XwtQ+snmh85UzNwD/ZnmQYqP0IGGjDgMwUgfhk9A8yywoHD57YdFxV2ps5lRdVlS6buMehaaucVj5M1DHHu7izAzfLCN+UvptbZNYtjy2mIscHm5ZlCewrOucSp/l2gEvpxYaPaOqZj78tzK9c0zzwj2Gc3WKeKiNV4vv12pHXzfAaYLcBYP1L9/MICq/5J3RhQiwBj5fi8qaz1JQq14P6x3cLYEeRD3daT6kN4d5FgO4ws988kP12r4fthtO70wbK9fXc431jBKcyLk5X44h4eJXj1Cn10u76PY1RjUY3avBcNdYUstisNwyPPe4Hg010MpsP6fBlQXECR4Ew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=aPI0daLjHC8yM9LM7zp/ewVc6T0Wd+VLl1TtTKp8Frk=; b=SHxtn2pe65DsQ9lmSIVdiRovNlXWt08y9PyefwSzeq+a1uCl9WCqjBPGCDvaFESEZypBvvDFabBI6BvjLcrd1LPvtRMD9pf3iZAt4TaPBLjP0gptKJsdU85b/OVksuQ+qJrIa/uhAgG0QPWOgDgOsMFGtvPrhHS06tt4T8IKS5BYfRXO9x/jAlc7ch2BXeyASoM27Je4G7uqARgS6idSwIV9sz0vO76s2LMdKhJq3E6iq1Ds9xMkps+vS3ozuiKUhqmZSbya4qA617UXc8+OXyuNqLtPhbsxk8x6G7DhcxhaaHKN1zHmZ0M1DezcymaItTsNP8cLnjyB21ERErC8xQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aPI0daLjHC8yM9LM7zp/ewVc6T0Wd+VLl1TtTKp8Frk=; b=fmY9FcuBD1+U7SqJgezSID87E/l/g7CGW82DYtjGVPG9G3XZ/Jq7fwzdczEcGg5WKBs+HasPaOJjOqjNKUA+Dt7CpndC+evYMwP3z2DDhZOrCWF/km+VqGr4ShTmKu8DEF0+3oqMePPVBoLLEBzcRgAy1BmHWGmSv/M+VyJpPB0= Received: from PH7P221CA0061.NAMP221.PROD.OUTLOOK.COM (2603:10b6:510:328::15) by MN2PR12MB4062.namprd12.prod.outlook.com (2603:10b6:208:1d0::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.14; Mon, 6 Jan 2025 12:47:32 +0000 Received: from CY4PEPF0000EDD1.namprd03.prod.outlook.com (2603:10b6:510:328:cafe::e1) by PH7P221CA0061.outlook.office365.com (2603:10b6:510:328::15) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8314.17 via Frontend Transport; Mon, 6 Jan 2025 12:47:32 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EDD1.mail.protection.outlook.com (10.167.241.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Mon, 6 Jan 2025 12:47:31 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 6 Jan 2025 06:47:26 -0600 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v16 08/13] x86/sev: Prevent RDTSC/RDTSCP interception for Secure TSC enabled guests Date: Mon, 6 Jan 2025 18:16:28 +0530 Message-ID: <20250106124633.1418972-9-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250106124633.1418972-1-nikunj@amd.com> References: <20250106124633.1418972-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EDD1:EE_|MN2PR12MB4062:EE_ X-MS-Office365-Filtering-Correlation-Id: 641947a1-75ef-4b30-8077-08dd2e504921 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|1800799024|82310400026|7416014|376014; X-Microsoft-Antispam-Message-Info: VfTiny8/UaLLZaX/svKFeZ8bC3azUku+YkJn1dYeeSQfrRAUHx/HAsVEOr40imi/cwLce5lIxMiFK6l5LiTUV5blvuQe9eJH7bNj1tPXEOrzy3Y77rrVa6j57LgepXQgVDp5Hm/SkeI8DJyfJP3jMC/xZ+ODcxc8xDzJBfud9zja1GzSeSoLQRY4cxDx9zgwIgtlV3sxNZ6BW7JvY/dLdYAET60nJR1yx7CjZVfVbYjvYfUl63+I3ii6UGTax2PWBNtJ46cILTrSRUQK5mMg9pYK4yF8CCD8LhP/rehP4+lZOeiLDs2FYhqs2lB77uEcxq1+HpGriGw9xLMWt+F/XbTyj1o0ES88Zh8PoE82L6Sw1AqKcucypIhThRQLyqu6aThdum9JykrFpHnMAfWNJMLevoKzCLqxlEYtL+PP2os89+Pbgw029SrVGSyTVLUtMCD9Zs4n3spVtIawT+oK4invp0kXGXKPR5+SZqJYVNlx0U3FPIC3TBDWRQwBKfgyIUeBuuM8LRyFPdhIRhV7g1yqpFgQDicxmkppc7YHUQqCu5ohbq7tKwavV8WwOKFB1PDsMC6Bp5APuMYIKFVxaHQ6df3jKzCc8jztRYwY43MsjMkYiqoi5O+9Q+gkd6aLQB82+KKZeIyjOXVYy7JZ6i+Ytqt/RGPHD6VvWkyb42VDDtDq2sQH9JCbGKkfLLg87K2F4nA2L9EHykDLVTCtUNLHGAyXFXoC7R9oW4U7AMcwZS/Jh65atmsyXfvWJU8kSb12DXP83zmIOoawcjWmxd8IYb85AGsgqIS+tNKBfTP8/Vpi3LMI/cbIGYw5mUUSpS8tqdLAUOAVTysg117Bo9LnS5dImBo9yQTA5u0odX4FKLqtM9XOcz3d1h3VwOFAS+C8YlU7kxOnQoH5a2mGn2lBPJbziHXOnSo4a7ItSD47zGxUaIR2qoKT5DCUnsiTSP2dAojRzgD4LbJXu+cjTY5in2/uF72ZTiRSltvwF2O+Oxje6BqEkqYk6gyLrzwGjCeuGac6+GyJ+jp+Ryr2eUxUHbmcakw/22gkPlytJBZ0gGtnVP6hqWVZIMK668c/J84ufZYZkuTdOgfISdC9JgHoIzOnv+BszWozgPN5xKhb9qS5ssJUSP/niE4WuxPHBFPykItfwZEk+JalrZON3oplJ0t7xVhVEYEttCAmr9TAOIV5wJfsn8h86+8aYXztSFtJXqKG9gzRwp0EOv/imCUuDFjxmU1z/wekLgbQYFDEgBzyyK2HmIGJEg3hK5/hHFBxVpXJTlD4RI1z3BDChmyLBEOkqqw9WJdL6Mh2H58OM5oNKP6IZE51LaSoUQQOIgZLEbR4IgY98qgNfK9mVUVoHIVbE6JtPBypjnTwog6gXj/+1AgGexSKZxahtPOq0E0t5JZ3EJuUTr9oL4djvHoihAvZtlLe4Ew1LWuy8tqh5FfvoNIkbVB1neuY7wxk2ZIpwiNxwR2i9eAMp90kHjo5qpCG/FHXDZt/9Z3yQFg= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(82310400026)(7416014)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jan 2025 12:47:31.3953 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 641947a1-75ef-4b30-8077-08dd2e504921 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EDD1.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4062 The hypervisor should not be intercepting RDTSC/RDTSCP when Secure TSC is enabled. A #VC exception will be generated if the RDTSC/RDTSCP instructions are being intercepted. If this should occur and Secure TSC is enabled, guest execution should be terminated as the guest cannot rely on the TSC value provided by the hypervisor. Signed-off-by: Nikunj A Dadhania Tested-by: Peter Gonda Reviewed-by: Tom Lendacky --- arch/x86/coco/sev/shared.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/arch/x86/coco/sev/shared.c b/arch/x86/coco/sev/shared.c index 96023bd978cc..2e4122f8aa6b 100644 --- a/arch/x86/coco/sev/shared.c +++ b/arch/x86/coco/sev/shared.c @@ -1141,6 +1141,16 @@ static enum es_result vc_handle_rdtsc(struct ghcb *ghcb, bool rdtscp = (exit_code == SVM_EXIT_RDTSCP); enum es_result ret; + /* + * The hypervisor should not be intercepting RDTSC/RDTSCP when Secure + * TSC is enabled. A #VC exception will be generated if the RDTSC/RDTSCP + * instructions are being intercepted. If this should occur and Secure + * TSC is enabled, guest execution should be terminated as the guest + * cannot rely on the TSC value provided by the hypervisor. + */ + if (sev_status & MSR_AMD64_SNP_SECURE_TSC) + return ES_VMM_ERROR; + ret = sev_es_ghcb_hv_call(ghcb, ctxt, exit_code, 0, 0); if (ret != ES_OK) return ret; From patchwork Mon Jan 6 12:46:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13927396 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2074.outbound.protection.outlook.com [40.107.220.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EEEB41DEFF7; Mon, 6 Jan 2025 12:47:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.74 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167664; cv=fail; b=RlFx2Zi2Kwmyv3RGXcuI6QQDiHj1b35YTg2WsBiR++BwcaoTBlVVC1PBwkH+5GkRZRFY8p8aIAZ3FZmfI7nP+G34Pl/0s+18LgPz761G2F81zRvcj4x3gHgG6sJjva13FP4A1cEFMZHwGoL1lXxXXvXPJubD3IKpMoKZaRUQb7o= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167664; c=relaxed/simple; bh=w4JF1BsypmiAtMx5rcJ0oEC9BR9U5wlldptjLU+7VdM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=r0Hzox0W3UXPsihrmmQFncDtPSr2CZnXLiMthg6PnL/pJzTW9P8TS19NA11y17MQb0X+n7qkcpVlg8PeJOoTXI/eYaBOET/N4qCkgf96CS7cKQzqB5lr/sTAL4PxilHhOuQuljhtYxeZe38MvEx6/SaD/jJiznbr7qgfBTqfjkM= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=WKZDskFg; arc=fail smtp.client-ip=40.107.220.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="WKZDskFg" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=QDV+X76h+KoGzSavG6SMlmtKFwxI1EslKD8wR2ifjMLR48sWbt6sm6URfRz0j6ZRMhcWCnlqtpF1lEcEdAZv26ZskJCgw/PrlsZm3yZ1jiScJ1Gw2eLaKpEqSD/bFLW9hB02Z7hec+275ZLLzV2R16wdkVPmlP/uARcMzgGtv3pibP50t35/inVeHEulDNTDScsSmt0eY3Ff91S1JLilupQSQKqkh49aJY6yoFneRIAHYSX3FV722RGM6OieMIXBRQ2ASbeD0qhCRHD9yC9CNMYIEIUhwlu74B26cyBDhWBFjqxujTfdtf3CWXc5fYllG5lyz2vgnbxx51npCII67A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Am8CZG0IEztf4DaYRJD9YIDRhI1BpmSNVZb7FO6xBc4=; b=uVaWsxPx1eGDUUKf6hr3ZF5ihJDxg3n+86VAcnXaxc3R4AMjr9b+HqoBCcdwqkYfWPvaKBg0DyCHUqGnkoPyI3y2G8YIj4cWFxVaVTATT2Rhyc2rN0yw+5qNA1uLavqfCC9dmiW2jUus7fkMnaY3Z6LfPPrnXKMSVWon8AAjbCII+XOik0eKr9mE/pfWsCX2s/z759dewjmkA6I6dJpMWhbXWsqBk0z+Iy4VE5O91WCs7kcQN3fDY+Xrd2T4hZuOh1ppcPRoDtv2Q8rJ3BNNrOY0Lkp0kRy0FBpf6SetsqO/A85CyeNcG3/x3fDMsjJubFAqMgWa7pth0xmkqrJgpw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Am8CZG0IEztf4DaYRJD9YIDRhI1BpmSNVZb7FO6xBc4=; b=WKZDskFgNVMXDA2sdnIrqHqP017U1XE8xVn5CqlHtYTPXXP6teiw0aEwE7DiP05bU+a5zCgCbQ2O9ZPTe9KA3osiwY4qOq70lbvlInBg0s4o/qmYBRTXSrE29X18wBF2FHLd2jZjQVtFXmWFMPqsGUb0YkYID+XCnzwU2gZ7oKc= Received: from PH7P221CA0008.NAMP221.PROD.OUTLOOK.COM (2603:10b6:510:32a::26) by IA1PR12MB8189.namprd12.prod.outlook.com (2603:10b6:208:3f0::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.16; Mon, 6 Jan 2025 12:47:35 +0000 Received: from CY4PEPF0000EDD2.namprd03.prod.outlook.com (2603:10b6:510:32a:cafe::15) by PH7P221CA0008.outlook.office365.com (2603:10b6:510:32a::26) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8314.17 via Frontend Transport; Mon, 6 Jan 2025 12:47:34 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EDD2.mail.protection.outlook.com (10.167.241.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Mon, 6 Jan 2025 12:47:34 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 6 Jan 2025 06:47:30 -0600 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v16 09/13] x86/sev: Mark Secure TSC as reliable clocksource Date: Mon, 6 Jan 2025 18:16:29 +0530 Message-ID: <20250106124633.1418972-10-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250106124633.1418972-1-nikunj@amd.com> References: <20250106124633.1418972-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EDD2:EE_|IA1PR12MB8189:EE_ X-MS-Office365-Filtering-Correlation-Id: 02c04b73-bdde-44f0-471c-08dd2e504b19 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|376014|7416014|1800799024; X-Microsoft-Antispam-Message-Info: J6Xxxzw7x8rnHwOLvBqz00i/HqYKr5B/vZAEMAh5dnYSLCksJWwOVJKk5OSLXky+ygX+9dzICE1WCBW8SnmFQepm7cpu80/NFW6lHZC7sBnwAgVKz27R1WR9CgXIIMQ92cYs9uSrh7HsYPrPNyeyj6V5oVfHMRozcsbgW9YjMNMAt0HlcXG7Na8g9H0ukngXg6Xhs1pxDwija8R/9pZGIzkye3+qA3hsqtJNXnsN7jaVNjtuqr4gZyqf9ZfsKpPwPUqcSQK6IVwc+gtDA77mh3BbcSRK6aAJXQA+cd1c3SQzec4P7wN0c/YXAYPFrBZaiLN0Q2tG+jLRNmAZpZKhrQh/x4xQVWT+vNJTcWLFGUON+Dk9ZQeC0ARRkJOy/uD22UN+dV4goc0v1+o/yRy/TH98pBsIzNrxv90XGtiXSlPcAthrXNeR85FpTjOfWw0PdwZRBOFSvY9MA/Y4nklC+l42VYrj0HduOrMDcdL3FpqfB4X4HMBykUrC1hTzZCtyGEX77FbWkqZjADTSRfhTyNfB1t+x2UmVzIksuvzfKFEErHlLSwE9+jEHlLes+stEk69KBVzDiMejyNyiwmezjpEvSMgztHPhmm+wQaAx5EzMLtcg1zIekkuC0375k3r6Og0rc3dDGCSjgop/RWZls1poNq4jPvz1beIpSLq8Wngr4bfKXiZ4/VxMPqDUKkT/DnGHnMe0q3l+s5Uh2cgWBm5YxVlgadQDx6ZP1Qy8elDpbwYOpBcD6BSIRQKKqpa7SQ5c8QMo0tEg4Vv95UunzAPEu3dyfFDHLU3wuIx6mLUfyN0xE7ONu6ZBTWHe9M/0ei+Hmmtn8/LhcE+Tc0KsVDGgqEff6uNrxnsElo+EB0YICCM3EaZTesjn4+8WvbqdksOii/rn1qdg/OiTz8mzGk6+SuvHGZuZ9yLphygEQJH6wZXI9OvkL8X9xWKiy5bym5fmyUVvoHTLwRu00LQi3WYzhkRO0Q0TFKfhD0Ww02upMGO5nsCR8+YmMfdcEcBYwQMupo9CDBjJZT5QMPxIzidTxJtalJn08a74aY7iQOahmyoCZGLOh19IN36Su5orumUBhLAq4/VESXq/naADMxj5NcauvwPUW8TAUc3C1n8By7pK6qhctNYfECwOHNWoqhim13aTpLip/CX7UnLN3RGLZ2lgUTxY5a304ely5uzAIQ4AtlnvdgUbogOwWY94xmeN7bZSrr3t9ZJ01SuOc5ywU2G8A9YNTB75mDiTQGi8+z1BVNdxkxqqsb3DiiVSMMQxgdXgWE+2y0wJDV+5xYXBoF/3IovjC7/bzd5aT9/05zkmH4LE7fFoYVxihXVv2Xe/6QKc9wjpwzy5x6pUY2z7+vv5ZfGkHCz3CJYg3j7VKAVJLJdzWMsNbR+A23B1JVAiKRM/jPT3FlXpvEYSqNg6ArULfHXprGJWhQvyLPfxQ4eJcV0Q6V510ZmQsv5t9SpIhuVl8K1cDzm7UwmAUVS6mJmuNkkqSxy9tXCBAAw= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(376014)(7416014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jan 2025 12:47:34.6968 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 02c04b73-bdde-44f0-471c-08dd2e504b19 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EDD2.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB8189 In SNP guest environment with Secure TSC enabled, unlike other clock sources (such as HPET, ACPI timer, APIC, etc), the RDTSC instruction is handled without causing a VM exit, resulting in minimal overhead and jitters. Even when the host CPU's TSC is tampered with, the Secure TSC enabled guest keeps on ticking forward. Hence, mark Secure TSC as the only reliable clock source, bypassing unstable calibration. Signed-off-by: Nikunj A Dadhania Tested-by: Peter Gonda Reviewed-by: Tom Lendacky --- arch/x86/mm/mem_encrypt_amd.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c index 774f9677458f..fa0bc52ef707 100644 --- a/arch/x86/mm/mem_encrypt_amd.c +++ b/arch/x86/mm/mem_encrypt_amd.c @@ -541,6 +541,10 @@ void __init sme_early_init(void) * kernel mapped. */ snp_update_svsm_ca(); + + /* Mark the TSC as reliable when Secure TSC is enabled */ + if (sev_status & MSR_AMD64_SNP_SECURE_TSC) + setup_force_cpu_cap(X86_FEATURE_TSC_RELIABLE); } void __init mem_encrypt_free_decrypted_mem(void) From patchwork Mon Jan 6 12:46:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13927397 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2040.outbound.protection.outlook.com [40.107.237.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BE18F1DE2DC; Mon, 6 Jan 2025 12:47:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.40 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167669; cv=fail; b=XTESLKsFCRf97RmNLOgVf7+e9wjQG/V48KfsiEKJ/2fkFsZj9Koh96iOsoUB1y2nsDDni/OFs3OarEXr17tgciVcAUqR+7lHF1EKtoXwpoMdTkqd9+NZGaa5mmxAkoJK6RurHxr/QyvZe2jzBrQfxAV6I+Np+jxQN8FMnE8fxMQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167669; c=relaxed/simple; bh=wi7Uv4BEsuelueC0YmslEb5C445DaXbBz8R4gK4Aed8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=mk3/p2dsJaQgT2rfO+vc+3oOh7Abyi/sxs5n6CnD7Io3OQ3RQ3ciX9BCio+634HP7rLlECmsOX7gMdaqADXK5MYotXcentIcnh/QVt91YABdttHHKnuglrPD7u8yXcMjZ0DdiydSZ9NhlUikwlYUumCWhAvmXTHBE6NJHVIy/Hw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=O/mlrA1m; arc=fail smtp.client-ip=40.107.237.40 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="O/mlrA1m" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=q/HTV/N1vTnxdHIBxfY7d6dC5qk4Sw05aE011szzhalGcsnVkwCgfbKWnGZ2kjz440PXhOmlAE3+yylsW92IzWpYgJpwmy5oNM3qArSfHHS9Cq+baBKHTJ7YVXkprRPhtlmB++7LFph/yMSQs7bz2SI5x/vP6m3FtwwX2bt/6DWXO0tDKqm34O3nLsYItObXHy3p6BZbDQBRJ/rhl1manlQYC0Y3Dn9BArwRN56DalBmKjsVOHiO8RjQ3R0meYWV6hQoofi4otVIN4Ezp67D4tFaaR/NuRGAovaVSR7OBuRJvtNzLKlvK2rAghDkqPu9nHFGE9nw8gMCWLqjkSf3yg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=12bt6AUK1z28BMFXiBFUdsddjh3wX2+NzHdvwB8afJs=; b=B/JZml8ULsU6IJIadS8TXbVWNYWY5/bUGQ5H7NQdkMR7rDY3s1ABVlIsOJQUvomPWuofJtT4OW+SSoSmWGYwF8rDJdHE/bAU3lCxwzpxgN4DuIPGa41P0XKGLEDBJNkhIB4bm6BQvt0yOIqqSeGtC4zYr3/c6mUdmlt7MdADWl6XAnBO6bseluXQ4daUnkIqlBhLjUjzRQdwh44nL3fRXzSKKCTUDOEzJTLaqka3frLEeo8/7gQ7m+C2IfXEj0YhndTatKwS8ISBXWQiUVJKhWN3diWzpn0mLTnlEwvNfeQKxFue+8/7elx0WNWtoszONI3lgkwqNKc6qbkBAdKRzQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=12bt6AUK1z28BMFXiBFUdsddjh3wX2+NzHdvwB8afJs=; b=O/mlrA1mahwB3rNvwaWyjyFFyKYikK17YMKm8dsEhrID+cxau/RT9oowTOK5B4QwL45Fy6CDrvqjtLnx7kZg5/EamMrCBke+zVkUKb31WyMP/ImYf1n41ce1AsrAdoyFyjq2jzKfSOBB8YyGqPCXAR9WzNrhj7w+Ak+PhMkS7yI= Received: from PH8PR07CA0008.namprd07.prod.outlook.com (2603:10b6:510:2cd::16) by DM4PR12MB6088.namprd12.prod.outlook.com (2603:10b6:8:af::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.17; Mon, 6 Jan 2025 12:47:39 +0000 Received: from CY4PEPF0000EDD5.namprd03.prod.outlook.com (2603:10b6:510:2cd:cafe::40) by PH8PR07CA0008.outlook.office365.com (2603:10b6:510:2cd::16) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8314.17 via Frontend Transport; Mon, 6 Jan 2025 12:47:39 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EDD5.mail.protection.outlook.com (10.167.241.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Mon, 6 Jan 2025 12:47:38 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 6 Jan 2025 06:47:34 -0600 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v16 10/13] x86/tsc: Switch Secure TSC guests away from kvm-clock Date: Mon, 6 Jan 2025 18:16:30 +0530 Message-ID: <20250106124633.1418972-11-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250106124633.1418972-1-nikunj@amd.com> References: <20250106124633.1418972-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EDD5:EE_|DM4PR12MB6088:EE_ X-MS-Office365-Filtering-Correlation-Id: 72a3d367-80e7-499b-2cd3-08dd2e504d96 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|7416014|36860700013|82310400026; X-Microsoft-Antispam-Message-Info: rIy7rVGE9NgxRinEUExjIEdKkWLDIHZMWlkZyw9z45KD140WQqEWs4NbIOMtjvGawa+Zd8nDVmmpO6zfT4+g1JLoWLUEs8rVC5ABa5ku5uSb4x8vhDK/0kO4gL+nuJojG0xkXag+lLpwPFXjGABLbxcg4coWFw2pwFuUfQl1p5wJMu9OhS+rNpp8GhXAwNxypJp+3RJ3Yu5eiw+3zeXGzkm/9gY6uBLEZCh7I7gvOMckZqnr4imBf3aBXA/KNDhDwCgE0yxVBPXiEDHkIFiCvRo/O8i/ZA3dEVYpXSfFrKH3n7CgFA+HeJrpZjYAE4rFxJHXnylGj/4Bj3kLMRSM+8OAG+3Ss1O6BI1qG1rok/uGasjEJcXAqR4CZxxbHFHiXREYCdstBmvXPWoUi4++2uS93b1jmvjEuM0bKRefzTJOrwtHRJHCbIZxozEdWO+tnbTDkipq/LLkOYsTcznrRLE9F4wHeDXIaJknqIBMBCnnPfXK6LV254uvq9p+kwhopIzorNrByKHUIVH/MsPs/2wlSww+gXyZM+XcXyFa7njjlMCo8qhGJQPJV7A287u1VvOiRwJkanpOoIQej4PNWS6xCRPddJB7RuC25PKHr0NcfaEbErtwuvT955zLktPNLNR2GlGgn2C1ec0NWu6/tKNvWJDQ/KkuINn6ZMUdmUYdTQiWWCl1SNxdTwjPCskPt6iX0mrWsU722IvyY+r1aigFDQn+7JAvYY9Sy/226ImGfp9/NV9+MWAk3gJGnW6jPq8Coujg0qIg+LQo0BKZAv9bcVO14MpYNRr+aHvwemf0zt4INcmr6bH7MDLmcrnJ0WEU0wp90vdomWbnAyEOJtK299wNoawcSB6JkzL6D1PZPsb2UCPELuDgDLl/T/yzUj+BGSWVRYD5n/1aJUZrokfo8BbPUdfhuopeVXhci8HozRohqJqW8bJz++zfrD/mLky47mRbBibW3q1V0woq9icZqBR8faQU+q8fPA2WkLApmpoUVpF1rlAF3vcZgrFHIfcwvOy9Ig+BfXUPhB7XG6IVjgWIfp8Z5rFMwsAWxFJvC3jgJmhaNuUx5HwGoZOcbrnahOajiWapEbf6+itH2KyPHhBKJiBReEGDuxv2Wb8aJoiQ9WXyNtnPgFY4qnUrHn9XpQN7ptZD+UyeX6kUKGJEA8cd8J8pvOnz0T08sdi8YsxXZAcX8emQjZ5UPWOZ6o5UFzEE4HozRE1Vd32VLhz3Jo7MkIHMg9x2WBPD35EsbeFX9ecAQ85iOgkvKI/3NLuNYvJiaMDwmutgn+DynYKxcTfx6c58WdG/64F68Z+8LMBDw3CUpN9WkuPmX5CHMfpOADhsnHU56PG7/yDZHi+6XN5vvp66AWsiD3Q9Yn72zASXHXEyAi64YrUTZvk7gHMMgpxvMyKy8C+GPSUDlwoYBIKQ8U0c/BACJVsyVi27fj7/UzGd3n6hVI4/jhXd0S4yBWSQJgRfsIhhDOBElMvEU/1HLgIYDwvUh14d00E= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(376014)(7416014)(36860700013)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jan 2025 12:47:38.8708 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 72a3d367-80e7-499b-2cd3-08dd2e504d96 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EDD5.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB6088 Although the kernel switches over to a stable TSC clocksource instead of kvm-clock, TSC frequency calibration still relies on the kvm-clock based frequency calibration. This is due to kvmclock_init() unconditionally updating the x86_platform's CPU and TSC callbacks. For Secure TSC enabled guests, use the GUEST_TSC_FREQ MSR to discover the TSC frequency instead of relying on kvm-clock based frequency calibration. Override both CPU and TSC frequency calibration callbacks with securetsc_get_tsc_khz(). Since the difference between CPU base and TSC frequency does not apply in this case, the same callback is being used. Additionally, warn users when kvm-clock is selected as the clocksource for Secure TSC enabled guests. Users can change the clocksource to kvm-clock using the sysfs interface while running on a Secure TSC enabled guest. Switching to the hypervisor-controlled kvm-clock can lead to potential security issues. Taint the kernel and issue a warning to the user when the clocksource switches to kvm-clock, ensuring they are aware of the change and its implications. Signed-off-by: Nikunj A Dadhania --- arch/x86/include/asm/sev.h | 2 ++ arch/x86/coco/sev/core.c | 21 +++++++++++++++++++++ arch/x86/kernel/kvmclock.c | 11 +++++++++++ arch/x86/kernel/tsc.c | 4 ++++ 4 files changed, 38 insertions(+) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index bdcdaac4df1c..5d9685f92e5c 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -482,6 +482,7 @@ int snp_send_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_req *req struct snp_guest_request_ioctl *rio); void __init snp_secure_tsc_prepare(void); +void __init snp_secure_tsc_init(void); #else /* !CONFIG_AMD_MEM_ENCRYPT */ @@ -524,6 +525,7 @@ static inline void snp_msg_free(struct snp_msg_desc *mdesc) { } static inline int snp_send_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_req *req, struct snp_guest_request_ioctl *rio) { return -ENODEV; } static inline void __init snp_secure_tsc_prepare(void) { } +static inline void __init snp_secure_tsc_init(void) { } #endif /* CONFIG_AMD_MEM_ENCRYPT */ diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index dbf4531c6271..9c971637e56b 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -103,6 +103,7 @@ static u64 secrets_pa __ro_after_init; */ static u64 snp_tsc_scale __ro_after_init; static u64 snp_tsc_offset __ro_after_init; +static u64 snp_tsc_freq_khz __ro_after_init; /* #VC handler runtime per-CPU data */ struct sev_es_runtime_data { @@ -3273,3 +3274,23 @@ void __init snp_secure_tsc_prepare(void) pr_debug("SecureTSC enabled"); } + +static unsigned long securetsc_get_tsc_khz(void) +{ + return snp_tsc_freq_khz; +} + +void __init snp_secure_tsc_init(void) +{ + unsigned long long tsc_freq_mhz; + + if (!cc_platform_has(CC_ATTR_GUEST_SNP_SECURE_TSC)) + return; + + setup_force_cpu_cap(X86_FEATURE_TSC_KNOWN_FREQ); + rdmsrl(MSR_AMD64_GUEST_TSC_FREQ, tsc_freq_mhz); + snp_tsc_freq_khz = (unsigned long)(tsc_freq_mhz * 1000); + + x86_platform.calibrate_cpu = securetsc_get_tsc_khz; + x86_platform.calibrate_tsc = securetsc_get_tsc_khz; +} diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c index 5b2c15214a6b..960260a8d884 100644 --- a/arch/x86/kernel/kvmclock.c +++ b/arch/x86/kernel/kvmclock.c @@ -21,6 +21,7 @@ #include #include #include +#include static int kvmclock __initdata = 1; static int kvmclock_vsyscall __initdata = 1; @@ -150,6 +151,16 @@ bool kvm_check_and_clear_guest_paused(void) static int kvm_cs_enable(struct clocksource *cs) { + /* + * TSC clocksource should be used for a guest with Secure TSC enabled, + * taint the kernel and warn when the user changes the clocksource to + * kvm-clock. + */ + if (cc_platform_has(CC_ATTR_GUEST_SNP_SECURE_TSC)) { + add_taint(TAINT_WARN, LOCKDEP_STILL_OK); + WARN_ONCE(1, "For Secure TSC guest, changing the clocksource is not allowed!\n"); + } + vclocks_set_used(VDSO_CLOCKMODE_PVCLOCK); return 0; } diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c index a85594644e13..34dec0b72ea8 100644 --- a/arch/x86/kernel/tsc.c +++ b/arch/x86/kernel/tsc.c @@ -31,6 +31,7 @@ #include #include #include +#include unsigned int __read_mostly cpu_khz; /* TSC clocks / usec, not used here */ EXPORT_SYMBOL(cpu_khz); @@ -1514,6 +1515,9 @@ void __init tsc_early_init(void) /* Don't change UV TSC multi-chassis synchronization */ if (is_early_uv_system()) return; + + snp_secure_tsc_init(); + if (!determine_cpu_tsc_frequencies(true)) return; tsc_enable_sched_clock(); From patchwork Mon Jan 6 12:46:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13927398 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2051.outbound.protection.outlook.com [40.107.92.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 14A3D1DE3B1; Mon, 6 Jan 2025 12:47:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.51 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167675; cv=fail; b=mPQl7yskpY1Jfb8cD5iGhdTgW5IeVFG0mwiWklSSqr45PHJnM58BleM80qeZZBUF6UbHcF5KdPtNv3XFKuBeDDK6znyVcP2Af8BbQgGRC07OJRWqGhbqGhIGksUS0ZHp8k1IiusL5xU55ALy/s/lBeHrhClz8bDOewKwvoesCMw= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167675; c=relaxed/simple; bh=YszAZMvBlOXvasG8UDojCvsCYO8MNSbd8WrkgfdmzaU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=mqpAyHia8YOCUHQQWHUABd3es/4b32AxrfuVB7CtaYa/NjiMd1kzWJkwISNhSdLpj9kJ+exGxsN64LQA2/l+AfjBi1BEMrFHxQbym9ApX6Lmaj+WF4aLTnjbrRxaWN4viExP70hvK95eGMAnWDcRGfyzF2yWPylpkn9Rf2IAf1s= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=mxfD57op; arc=fail smtp.client-ip=40.107.92.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="mxfD57op" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=hG/dHGMM7EqTpJpM5ctswkTrmOG+G4bdJTfbksdlUnP6kCgnTIHZaWw6xgRsSHWFdSm1GVDZBy3OjN6f7BwYPo3/PHrZT4XEKxHADgxfHsnyRjhmssHO+8G69AJDmwGYwriMsbDJj/M2MVnXJdhC0E64GwqgYmX6BPn5wVrF4b7NJQTL9AyX813UI0BRRviKXctSyvaJfxTYPrv7r+oXJiPJScEUlhUo+GhwteKj8sWhRGlcGQZWw49IF9CHNKsYL0Q8S3Sma2xXjKQaHskYGYQOyP+HO1Y3FNzPjAqRR3gns/VmhsTjZbGCvIJ0knNOFtJB2TpaT4q3HA802s82TA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Y6y+B9tGmnsxansPvzLyIMVM3tbGm63q2nr5j1JATqQ=; b=hqjNNYMmv5vSjGrvxPpDVAjEnDcr+GVZAwctZDkXknJaQIRQsD24MYXBnvoBHnGVik8bM82I4yNNdegInRWMlNtwvDqBQGsRSf0vGTSbteLw+NqDUuRQceBUlA8s6svr/JvGBKsjNfdRPdCf8fglCaeKYYAfVZf5ZzsDa26sfXzAZGyZmswifsR5nM7kLzOYA66rnjq57fJfcdTQAL0QjCg13QQjNB1aCe8vWdEVlyQDrNxpLi5/5/dCSPAU1l0TLah9eLSIFSG8m+39esBUa46e1c29q724Pwhho6yGY97EwtMDKrLRAPbRkqjsJPDL6Qvtd+x5WJYC5RdGqbJr8A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y6y+B9tGmnsxansPvzLyIMVM3tbGm63q2nr5j1JATqQ=; b=mxfD57op5tqjRceGiGP9cUoAEb4PnU55y9uxjWCto5l73LyP70PkfOR9IOxG55pkembrgEmXe1jmRLokm+Ijphi/k75n28n0RLvxwrxfG75PsiqjXQig6rl6qQsCp1CWoMuAlN6DubKcRTHMb1VRjQJnhC0ymQehiSnBNhBbHBw= Received: from DM5PR07CA0069.namprd07.prod.outlook.com (2603:10b6:4:ad::34) by CY5PR12MB6408.namprd12.prod.outlook.com (2603:10b6:930:3b::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.17; Mon, 6 Jan 2025 12:47:44 +0000 Received: from CY4PEPF0000EDD4.namprd03.prod.outlook.com (2603:10b6:4:ad:cafe::e6) by DM5PR07CA0069.outlook.office365.com (2603:10b6:4:ad::34) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8314.17 via Frontend Transport; Mon, 6 Jan 2025 12:47:44 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EDD4.mail.protection.outlook.com (10.167.241.200) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Mon, 6 Jan 2025 12:47:44 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 6 Jan 2025 06:47:38 -0600 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , , Alexey Makhalov , Juergen Gross , Boris Ostrovsky Subject: [PATCH v16 11/13] x86/tsc: Upgrade TSC clocksource rating for guests Date: Mon, 6 Jan 2025 18:16:31 +0530 Message-ID: <20250106124633.1418972-12-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250106124633.1418972-1-nikunj@amd.com> References: <20250106124633.1418972-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EDD4:EE_|CY5PR12MB6408:EE_ X-MS-Office365-Filtering-Correlation-Id: 3ce75f8e-e942-4dcd-eb1d-08dd2e5050d6 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|376014|1800799024|7416014|36860700013; X-Microsoft-Antispam-Message-Info: iAp1yU+TcoB2kpOojp9Az6SQTNUf0yEvWWxz3wy1LJB641Dxgo86vVNPSCAzdhaSEmPgjfgOQlMUAOkpkGRmycgkk3Ax1g82zFHYGVbcN8wTigFFoZQXfN1KPsgtU2pNa7Lukq8OTUlFOC9qnvpYqyq53AE0vf8ZtJ8GhBiud4woIxudM+5flliVfKOT3XD9+HB4phOdnRQsm6JPqtoFoZvpjFLHQvzyucQcNfHfMs10coSlEiN7ShfxWTZxh2xL8EUlvLjOR7syBcPKM13BIXPTKcFA5oECNdxyn1lBiAiIoPdb6zTzwHKTckht07Se/d8VRGx4cSWfLspXfMVJV31CBPmptFO8tNHlZCk25SYokRhraDMqJ9AXFMzmoHK5Vwv3m8q+Vz+DKdeJLjPUPE+2eQR/9nNECY5Wr7masAK+/DSecc/OaAUMvd8/0zd97ymTheI3ZNsDnirwgddQ96XzUTPP9iZ/fJGu1anfHmtVTiX8oPZ+wUX1O/JuIvd2LjLTrum+1RwCWSIBGtv2mG8+ELCwvi4zru/gY0vnAARdDtewFF9fX9t8Wx8JxuZAXFtlU1lcScVqVde2rTtkKOdLn7UtxVTCr9ipe1aMtIVUxptIdLHjxeyuSJQhZSF/9Q9qPbetQRXQGud54MhcsJQJ1UmgefFZfS/734cE+urYOKLiwYGVye4Q8b7fbqoijiJoJUSqVGff1Ga4mLRnzsH4wzztLFPbtlA/EpjzVzwaSkkK17nwQQaaokSDawkmdC7i1D3QauPjwQZaRv5IdsA+LkzD74lfY4bO5BwIlVCN1E3HA0snCMcPrlBG1op4z5KWVqAz+v0/RE4kORipOBmQt61wiTaOe+I8niULUSDGwVJONqujZk0ep51HR88TmZvCXEgrVjQU5c4sGmcZbJc7L/Jf3znmDhlQJjcTn1ke+f7iqHRF5Jp6XcON9p7TgOpcsVCqySNJDfdOc5qPtwPiVMETMsE2Ly9IKrt0/0gRw9sUXWgIb5e/sRpCr/tMsZa3ogqKuZWSetPhXDETDsJO4oWuFE3pmYzi+Bw0IMpj+bJ9H1OsrDpbV6EH9Yt4eJqxWMaGbfB99wNZHXSk3hGqvna5smhJ3/KAKSZUnBDfn0f2kOpp1gHNwwk6qqboN3ilSS8MBnvleZV9BGCo7OR5PpD1ubhCwom0l2lBxJImX/Aq14eNfoxTMxuNXfte1am1GsdL9JiUZfuMqfRNAv58lqVURdhTrDG78wFtGkuaMDzmrWc5JbTGZKcNpDvw3RnUI5PgXENqxIM7DUb40LhhK6EGzvsvY0Dyzc/nPLOSaMJ01JHyMw87cvf7dyyBV1b3ylixuL9b08/bpMnO71gPzITy4kRoLI4Dxr1bW6NBE0rFeYoF1xu6z8pqNdXWddNw6XXuHMNTTVD7wNuFVb7ANGRc03Q+V2OXkuAYfLtX/IceOnceF3gYxyDqTzjqT0aeXKG/H/L0BViDiUio9Q== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(376014)(1800799024)(7416014)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jan 2025 12:47:44.3283 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3ce75f8e-e942-4dcd-eb1d-08dd2e5050d6 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EDD4.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR12MB6408 Hypervisor platform setup (x86_hyper_init::init_platform) routines register their own PV clock sources (KVM, HyperV, and Xen) at different clock ratings, resulting in PV clocksource being selected even when a stable TSC clocksource is available. Upgrade the clock rating of the TSC early and regular clocksource to prefer TSC over PV clock sources when TSC is invariant, non-stop, and stable Cc: Alexey Makhalov Cc: Juergen Gross Cc: Boris Ostrovsky Suggested-by: Thomas Gleixner Signed-off-by: Nikunj A Dadhania --- arch/x86/kernel/tsc.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c index 34dec0b72ea8..88d8bfceea04 100644 --- a/arch/x86/kernel/tsc.c +++ b/arch/x86/kernel/tsc.c @@ -274,10 +274,29 @@ bool using_native_sched_clock(void) { return static_call_query(pv_sched_clock) == native_sched_clock; } + +/* + * Upgrade the clock rating for TSC early and regular clocksource when the + * underlying platform provides non-stop, invariant, and stable TSC. TSC + * early/regular clocksource will be preferred over other PV clock sources. + */ +static void __init upgrade_clock_rating(struct clocksource *tsc_early, + struct clocksource *tsc) +{ + if (cpu_feature_enabled(X86_FEATURE_HYPERVISOR) && + cpu_feature_enabled(X86_FEATURE_CONSTANT_TSC) && + cpu_feature_enabled(X86_FEATURE_NONSTOP_TSC) && + !tsc_unstable) { + tsc_early->rating = 449; + tsc->rating = 450; + } +} #else u64 sched_clock_noinstr(void) __attribute__((alias("native_sched_clock"))); bool using_native_sched_clock(void) { return true; } + +static void __init upgrade_clock_rating(struct clocksource *tsc_early, struct clocksource *tsc) { } #endif notrace u64 sched_clock(void) @@ -1564,6 +1583,8 @@ void __init tsc_init(void) if (tsc_clocksource_reliable || no_tsc_watchdog) tsc_disable_clocksource_watchdog(); + upgrade_clock_rating(&clocksource_tsc_early, &clocksource_tsc); + clocksource_register_khz(&clocksource_tsc_early, tsc_khz); detect_art(); } From patchwork Mon Jan 6 12:46:32 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13927399 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2049.outbound.protection.outlook.com [40.107.220.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 802521DF737; Mon, 6 Jan 2025 12:47:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.49 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167677; cv=fail; b=oGT6F8g3JuNSopYdQIFsYl9V8m/wyFpJUPxLZtLoqKmq1x+xoTSXONshzNF3QGrakQJygizhqNmixd0Me4TWeZwZ/jO4nIUmWfwZdz5LY7UB45x+R9u1iD/D2eORP60j1KIyDB9TCNKBFRcsNm/oHy6FZtd3+txN7io44zWdkaI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167677; c=relaxed/simple; bh=rfwLFXSxAks3mBuumk9So9/kwBkSoaxEgUOqP0q/Sl4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ClO1LPkShs05FT2oL5Nn+P4MSUlevManLyB7TqBgIEMNYKygZqD7vWNwxp1nMms/ru8ZpaN1KN1jgIgXHAYRx9dzdLM+W6C5uPW8FAlIc9Sj874OCaE0Az9uURfTCByx8MT7rGmo7Axr2XjYawo0ltdDEnic5oWx2YwCuJVw6GI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=XpACFrIq; arc=fail smtp.client-ip=40.107.220.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="XpACFrIq" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=wgtpbMxH7ROMdwXu220RqCk1zv6hhaaAALOYkCl9ecJsB8EJ/0fJvPx5VQded9WmKzetJdPqeK+19qz+eLLMzxb22Eu4FaOMLV2vcrluns/1B+a+zg/15mHXT8ieHTEjpiX6vXHZi4tOqZbPLSpUh0NB95r9rEf/EEi6Q24zF/LojpScMlx2oAkyiPNwyDedUoxX7gAGaGOs420w+INcbH0MrT1TA7pmUtixaJDv7UOAVo8203t+31iTkowBgtjKrKbcLT0+YzWCfQ3LXyCpLXrvIpt0z14OcYUjfFBLc04wYwAxeAukosFvOgfIq927xZVZKxMokT8qYmHYzICr9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=m0gXkxfMwYtmdZNyZQPON4xBjcGWk27qC1ATBlY0Mlc=; b=rpb6cd402OZ95U4FF5+CWJrLafSOo7jAM/oyVjsquuR5kTEU4B8T4lm+XukKYsYH9tW8FkQseZV5gOahfpuLge1AlveCTeemQ9QBCARDYPkyCACeitGfQSVyNFeDvg6sZdgLcD7MX1Az4/4dTmAsuQUupjfj1tR7ZeSMdEwYvfy26zx883hfibIrHGORgO4iX6ChNklKa7xoOQ5PoOHK2BVTJLR+B/A5QCGB5V5u6R2/ChPqlLsAAjRYOeyFnfT6iWwk5ww2EZv14ahPrNs70TkTfGT7tEE5mTA7oIkATqUjoKtYVq+y1bKFCQwTTK93DfJy+W78hgDqWgkY78epNw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=m0gXkxfMwYtmdZNyZQPON4xBjcGWk27qC1ATBlY0Mlc=; b=XpACFrIqpAaEmnDlcgkzW8JyD/lBWIGEvzBMCb1zEhf8AMInLS66TzGPUUbHCakLZ47EpE0WhYm4PoZT6GshVtoTc41AfH6GBsvfKFe924xT6bHIqNjEAFs2IBqVfnl+wZ1tspFYVVBf6Jx4m+KIS+op3zU2jewQMw6FkTOzVv4= Received: from PH7P221CA0004.NAMP221.PROD.OUTLOOK.COM (2603:10b6:510:32a::14) by CYYPR12MB8869.namprd12.prod.outlook.com (2603:10b6:930:bf::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.17; Mon, 6 Jan 2025 12:47:49 +0000 Received: from CY4PEPF0000EDD2.namprd03.prod.outlook.com (2603:10b6:510:32a:cafe::d5) by PH7P221CA0004.outlook.office365.com (2603:10b6:510:32a::14) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8314.17 via Frontend Transport; Mon, 6 Jan 2025 12:47:48 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EDD2.mail.protection.outlook.com (10.167.241.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Mon, 6 Jan 2025 12:47:48 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 6 Jan 2025 06:47:43 -0600 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , , Alexey Makhalov , Juergen Gross , Boris Ostrovsky Subject: [PATCH v16 12/13] x86/tsc: Switch to native sched clock Date: Mon, 6 Jan 2025 18:16:32 +0530 Message-ID: <20250106124633.1418972-13-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250106124633.1418972-1-nikunj@amd.com> References: <20250106124633.1418972-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EDD2:EE_|CYYPR12MB8869:EE_ X-MS-Office365-Filtering-Correlation-Id: 1b5cc946-52a9-4804-e3b7-08dd2e505335 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|36860700013|7416014|376014|1800799024; X-Microsoft-Antispam-Message-Info: 3LO4QOoakH9x/eNoKoVoO9CJUIwksBQGOQVrv8iTaesRAili77+3fUbOq1wKqRg9DBB0WynyS7FLXNQ5UIRwqzvgp3sKalnNLpfPo/+fxt8CFAbc2M9JD/YxBhd5Kfdr71LVN11uwj/a/MKgzfvvV0A564YYDOopnY0kIfOgac6t+J73mQKDg1qBOn7frKhUT1pYee7hxJQKAulIwhzq2RVHys3XoedTQ3G1g0GbXC1XeQgnQZ56+OExXRv1n+TlKsQHShahT+IP4aYLmxB2HTxEt1MtbsApLTSKr8HV0bmeKQFR2pOyUzNCi4TnPywNtXMR0vDSy0HV/QsL4WNOXyEL0NDrJFAqJZaqtSO/b2+GnEx8SKyvl+KbjO3D2Sip7yz0EVbc0w0VdnSKfVAlXyv35DiWneFDkj9CuXKzE2WA4aZKIUl6/RtANQy+hueZNiod/g4VYpMIyjhAg0xa0gV/1JVT/QzrYvpm8nBsHB+OpvrqF0+h0vOyYeUH0/gj1S2eItj7gcEv0cuqK6fluYjMFcHYr/oroI4XEwkpk5eihQpQxottBvSdfXg4fTlQj+IirhUMnSYDXR+zcDE0OPZG7xCZx86TA7W2DjjR84Y+twEl3rHWCUK4jp3CDztDV9UNCzK7bQCOEatoaZFZfebLExx82QjuHAxEffiBGduz0zVGHOuHa6IaGRCKzJVDFzviOWG30Q/MbGA2qmek9T3MMHnOtoWMTKNrj3GRmYwAyB3pbiaKg4ZUIT1WrM+CFOFIFKKazw+RuZsm2nyTKPzeu8sUV3iK9N6UbY9Vb+Hwc6lqdZPHDCY7UqfWqS9kmRFMjfU8bqmFj5cB4K3zWga8mKRq/r/fTJVTdeN4YJoXNfV2glXDDQpuaIU9Ienlq+QkDoumCOjLa5bYAGwTSlUS+qAUgWQgnLR0h3tJtI6So78RAT8p7QH2snQzhi65qIQ+TO4UIBiNolPtsWOnLnACXRs7NehleRE5fENHSZGEyWtf75VWAl8AclIYY2zQxi/S/QeUNKvaUbYBQnEj9kVGJOU/aQUghkdp5adownS5v+Z1DW9ZDe4w1RSza/mmN36X0S+HFXFPMvf+th4TW+cXum3E2/h7T3NebhDVfWP8DoJe1g0n0Mx2NUaJnvNDoH2Mnox5cvbw189fGtfzRUiRXgX/Yznir5+JaTzP8efVdieZsa3AzPZFUSeBPOHIX9AMLTOuAoVYrjgqTxgsI4ZLe8vQmDAsSxXoMkYDi1bbUBJ3kpufE9w9xVGV9EFjq76hiOI639I+uzYMEYM0KeU38xoQ2Y1H8wSY6tCrWK/Hh+uu73Eht4yjNNzmCtq9s4K8wrBiCecttL4oC3k2hwm4/HvjDYIdeI6d2pGyivzYiz969EKlVy1U7j63eF3Hpt9mH28xL34+H1cV2P5XKCsdiSpLUN9iMyvRAu4/3mof9n1jetW8QHnUbtZ1wkkZQnijzaJe8TA/XGx6B6WiWgxZb7DjrKEMdC2lCTX/1dI= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(7416014)(376014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jan 2025 12:47:48.3061 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1b5cc946-52a9-4804-e3b7-08dd2e505335 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EDD2.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CYYPR12MB8869 Although the kernel switches over to stable TSC clocksource instead of PV clocksource, the scheduler still keeps on using PV clocks as the sched clock source. This is because KVM, Xen and VMWare, switch the paravirt sched clock handler in their init routines. HyperV is the only PV clock source that checks if the platform provides an invariant TSC and does not switch to PV sched clock. When switching back to stable TSC, restore the scheduler clock to native_sched_clock(). As the clock selection happens in the stop machine context, schedule delayed work to update the static_call() Cc: Alexey Makhalov Cc: Juergen Gross Cc: Boris Ostrovsky Signed-off-by: Nikunj A Dadhania Signed-off-by: Nikunj A Dadhania --- arch/x86/kernel/tsc.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c index 88d8bfceea04..fe7a0b1b7cfd 100644 --- a/arch/x86/kernel/tsc.c +++ b/arch/x86/kernel/tsc.c @@ -291,12 +291,26 @@ static void __init upgrade_clock_rating(struct clocksource *tsc_early, tsc->rating = 450; } } + +static void enable_native_sc_work(struct work_struct *work) +{ + pr_info("Using native sched clock\n"); + paravirt_set_sched_clock(native_sched_clock); +} +static DECLARE_DELAYED_WORK(enable_native_sc, enable_native_sc_work); + +static void enable_native_sched_clock(void) +{ + if (!using_native_sched_clock()) + schedule_delayed_work(&enable_native_sc, 0); +} #else u64 sched_clock_noinstr(void) __attribute__((alias("native_sched_clock"))); bool using_native_sched_clock(void) { return true; } static void __init upgrade_clock_rating(struct clocksource *tsc_early, struct clocksource *tsc) { } +static void enable_native_sched_clock(void) { } #endif notrace u64 sched_clock(void) @@ -1176,6 +1190,10 @@ static void tsc_cs_tick_stable(struct clocksource *cs) static int tsc_cs_enable(struct clocksource *cs) { vclocks_set_used(VDSO_CLOCKMODE_TSC); + + /* Restore native_sched_clock() when switching to TSC */ + enable_native_sched_clock(); + return 0; } From patchwork Mon Jan 6 12:46:33 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13927400 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2062.outbound.protection.outlook.com [40.107.223.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6FAF11DF98E; Mon, 6 Jan 2025 12:48:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.62 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167682; cv=fail; b=liR1i94cbleEsLdEMEEKY+ADIbCr8heykgXjTS6aBqbi7JAIyAxZDwhD62pTuSIiBu31V5gms3C4VfayPSc8pAAQwSamcaMl40YLFRESVuhwC2UdCdBQ7iyacog9nHUbNmMqFcJqE3dhS/J0FarJN5F5JMgwcRXI0XO1rV2/HWQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736167682; c=relaxed/simple; bh=J7ITyZv4fTZN+ZfiudI2wlQZ6XlSSdAR/6O3kPxxatE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=IYCIBUKjOoXIuoirX9X+bF6M1SHfNCN4jylpsY3SfbUdFZVTjV5OqW8Vy3IE56Ml2U0VvyTXXE2DByjtXMK/uPHjq6KBMRysVhiMijcXub7DkKSXCbLzHsi4zvZkowO5v3ZmUMpI92pJShZCPcqKKxg2aJZUyfDoolZii9z0sD0= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=CrC/IkZ9; arc=fail smtp.client-ip=40.107.223.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="CrC/IkZ9" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=GFoE4+ELcgTz7IopSlV73Jmb1F+PQOPGdo0sgvmV/9JWRTnR80S9tT8SoDvHgoWNA9JecMsAi/nn2wVTMTgu+j23KioeNGi/8W189vXG+kOv4PP8izLZQLTOhmYFqL33bcNa9ru2z/DSUUsC7/ETdTWbQPTTGtMX78Lyx3C7Vak2SJar2IxOdz5dVa1cXkp9oetIvRCJMDbJDzRXsJgy/hl44p/mRYxKb03zx96aorAQj7biJMG9rlO1eovsIpaOuROhB/lscxXp2ZlUwFkppfBG8GtFJ+QW6Glgj5o9Qap1SwqBd4E/o4obFuZeIK0EDLhEk3O8euhiXGlJUxDImA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=atjBLt16IpratFsJbg/6ZonMoxx3kjKCKv65wzEaGEI=; b=sOv1NFFkCxxj/N2HUdAEkb7qnqGNsMwk4LgiKpTszpPLM0pDmjTSpKbM5Z9YDlhR3Wrq4fBzDqv6CCFj2R7Z1Ls0tHqkRpUmPvYM1KvN72Gi1NRn/IIwOKRv3sSiIXA5Hh12jLO3bhNbi8HaZft6mCPtDR8gtmav1bZ6pTAphwO54uvG1OaoApNx2iliCaXHDtUCjV8jTK/VaVi2ziBCE+ShvHQoFY3pfr4tKXmYbxRXDQVRjoIykWFh1kHRe6aEOdVCiGn6wzF7wVtVgPsR/w2rWNTRn9E/+HTuzjNKMSEiHjTpI0D7R6PA3p69IieBokgtregCYE+llGLMNF+Gdg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=atjBLt16IpratFsJbg/6ZonMoxx3kjKCKv65wzEaGEI=; b=CrC/IkZ9ZHdH4LrAqpAiQ+n/CWNI21jI2ooRzw3it0T/gfEYFo+mUKzf6brmaFj9Fy3qRGVfLrgj6Im6sLoRkMyeUZGBhzPDYlHqiyb8Sd/tdhvj6J513+7who3MuU+sm5QRiT3PECdNaAws4rRPFnCnKCZMma23QNpDuFjMTPY= Received: from PH8PR07CA0012.namprd07.prod.outlook.com (2603:10b6:510:2cd::6) by SN7PR12MB6767.namprd12.prod.outlook.com (2603:10b6:806:269::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.16; Mon, 6 Jan 2025 12:47:53 +0000 Received: from CY4PEPF0000EDD5.namprd03.prod.outlook.com (2603:10b6:510:2cd:cafe::2c) by PH8PR07CA0012.outlook.office365.com (2603:10b6:510:2cd::6) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8314.17 via Frontend Transport; Mon, 6 Jan 2025 12:47:52 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EDD5.mail.protection.outlook.com (10.167.241.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Mon, 6 Jan 2025 12:47:52 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 6 Jan 2025 06:47:47 -0600 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v16 13/13] x86/sev: Allow Secure TSC feature for SNP guests Date: Mon, 6 Jan 2025 18:16:33 +0530 Message-ID: <20250106124633.1418972-14-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250106124633.1418972-1-nikunj@amd.com> References: <20250106124633.1418972-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EDD5:EE_|SN7PR12MB6767:EE_ X-MS-Office365-Filtering-Correlation-Id: e638cc60-045a-4c5c-8028-08dd2e5055a4 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|7416014|36860700013|82310400026; X-Microsoft-Antispam-Message-Info: XImYx4pgoEyASgGNg2Cv59P0a9JiN+QANNNKedNisxeP4QWJxmRRdWXcYbGvSJSabK1xAC/xXdX4o7DUtpfITaCNPkyIR1U7DM470o7J1k4QKbQPlXtfucKjuBxUgkonF01HqySrJp/IVaiyZDyizr/5HozlbNsiKA1c5xynXEPEDYzCCJFbLheZujIqRizwYZtUnzBHW1N29QxynL25nsgHqnjIsgY4i+L88jYwa0EQkiRenOjuayt/1YnktIOP5kgUuI0FYpReGqFcuHSTUtIqLmh2BA+aARICBtUyyXUSaU3QgIZrxwXZ2mvmUDZQdf56SMCDuLOy7zwT/n0Pf58HFs85dlxB6jKk0jXkbXGW3LUBmox0lmIRHDbu15OVkBCMGfPP8V3hSIC3KJX/+U+qFPes5OxCgaZ2cNJdwC6V9BRYM59jvk5qd6BMTqrjdajcC63PMaxMtcjm/b3yEBx0QcYhZf/+9LEBI+wial6DSO1jd8xF641iyRYN0MxpTCo5j+snobbWkwg6dqKfWGpPA3cSA6gXJVxS854E4QfFmDkl/ig2rLCI/Cr+EDu99z2MQm6OS+dKYASm0xgxLFzs5t1naotGdZa9kYZyRWfByoUA2EZi2M6t0WwpFRRPB/j09UN/iUAGkPcRAU65vQ5ZQ8tKv2Ud4foi8JDFKzdztVEM1fBwgCEuGdWbpR+YX1o4eT213G1KOl/lxAXz9ti7DtWukXcd6FVAFL+3wP+WVKfyxwt4rHu07D9AFq3E6qjKrKmhQwdXiWdu1i48VCQFd/R42l+TfR5VYv/2FuofogesJnuUbNP3EqkkuldrB8BJs/jhkYWiacCmua4gMiJj2H2Qnb3EbmaENX/iw5zdlp9Cexg+XT4r4PQT4NMEYm70Ab3WVRGbDEz7191bAGWSBy4OWbX9Ne1xQTEIWccIoejE2xXvvdm9m9mdIh0Oc0rz/szYuVMtHoXMXEqSDlWyaPwauSHAAEdHQMGjD/WEdsE5XI+IywE4N4rcKhNqLEPSGdYWe1m2pFWpn/mF1E+1eGnC4H6h94xY5EmHCzOzjKo+0lbPIzOwcoGNp7JITT5inIbdo9RszTsQB2JKHV83nyQ0nMSYlF7Anzvd0WeDnzZGE9hhCzoaxllfwzv7e5AFCfpEA71O20rj5zxAb+CtIDR2qdQVUBVykoANL4yIMB7xLPQwgaV6CMJFT0X/POxANElOdTc/e6m2j9p609ax4VBKM0chgCGQMjuBqa/LTpd7uWoFOzpxosOU0jtCyDDeuqwxMGa9PUn2sPgZWe20sYrtQG0oU5y0y//tcX1sU4R1K4cwRAEpnvT3SEvMNZMv6/6Z747xgl2vLOWXJ0EdFfbSwlbW2xwDL4pwDzw0Ow7NFX06xtfjqx2Dd27hwKj30MLqbXjatWS5RI+TqsUx9V6PFjqrliyrdZTAaeO/zG4x6izd4IledUvrjQTRSJ7FnKt+BmngtYss5DISgJmqfilCQpQ5pzPnOf2MHX0= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(376014)(7416014)(36860700013)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jan 2025 12:47:52.3865 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e638cc60-045a-4c5c-8028-08dd2e5055a4 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EDD5.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB6767 Now that all the required plumbing is done for enabling SNP Secure TSC feature, add Secure TSC to SNP features present list. Signed-off-by: Nikunj A Dadhania Tested-by: Peter Gonda Reviewed-by: Tom Lendacky --- arch/x86/boot/compressed/sev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index cd44e120fe53..bb55934c1cee 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -401,7 +401,8 @@ void do_boot_stage2_vc(struct pt_regs *regs, unsigned long exit_code) * by the guest kernel. As and when a new feature is implemented in the * guest kernel, a corresponding bit should be added to the mask. */ -#define SNP_FEATURES_PRESENT MSR_AMD64_SNP_DEBUG_SWAP +#define SNP_FEATURES_PRESENT (MSR_AMD64_SNP_DEBUG_SWAP | \ + MSR_AMD64_SNP_SECURE_TSC) u64 snp_get_unsupported_features(u64 status) {