From patchwork Thu Apr 18 19:41:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 789989 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam04on2073.outbound.protection.outlook.com [40.107.100.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 485A6180A79; Thu, 18 Apr 2024 19:46:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.100.73 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469610; cv=fail; b=bRXQzGay++clMsvz6GTvBgwMp5unfEykUoeq8G/wjWb06ctg0s45Ru2uu0t8iLX7aBbjKJU3Er/ORLUNvSDWIRqZYU+w1ywA3cTBXOFPgv9eRqTkn89UM0sMJ3O+C8gC95+VVxD8xz/PkTT73iBTwDXOu3kFpUc5Nu5suNfEdi0= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469610; c=relaxed/simple; bh=PP1YMKnmfsyimPkc5yU3oGVQNrCDsOVslUSpGBLjLbo=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=HoXIksLXyE2fKVslnxhXe/cNaHX7Qr7UVKekZKG4w5M5waaDdnXyAddtp5Yx8Vm9LPQG/KrINRk3MMknoYlQrLZr1uN5wf5WFw/Iy83uPfdQLOe+9O004hmRWKOJNe9t1QUfw1ExhMevmf5eOckLf6wwx/jJ7wkX0/PcbaFsxxQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=CkskRf0L; arc=fail smtp.client-ip=40.107.100.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="CkskRf0L" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ny5zjjtY+BlBPQcZHJT98LgiM87zVwDPVkSnvrEFwKrtQ5Br5Mv2OdoE6XzIEknZ6gtyvlZdNDaUrNLb0JE73gIdRil1ne6fZyTmJPsqCns0IfBTR9TObpGWaHru9d6SIJ+9dJuk2i5l13KM9wy4lXIZQsx2w1gY8RqxDmkBcRZTxEEFFw6X88qc3GEmWFdIr4QWC++JAOV3nqf3i42335SiuP4UxMK69abbEpXZ0ATr+y/pSlp/uAd/tS5pQ+pLKWinfi6pBPIM8K1RG9LKAVZpWLfnRvlbJ6SGIv4Secom3S/+bSfhUlP09cpQBk//KwziAT91fkBgT77rjtVSzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2dI+b7G8O4Obt6TT0NSEZZPrWnT1Jca5ybYB27GLl24=; b=kSNd0jEuiHxYR5OKL+2D7oeLunfE0o/qpoTc4pCME0pxIisXlE+hmK/wwR43Os2iDSjB4Bm0sZneq6ZptaLeyB8t7RVfZ7KLzK5F5D6smNvFsW4B0NDXC3uM5krEOn45Xos5sP81cMD6/7UPxt9svrg1Md1iDqgEXc+k1yRe6Gf4+gdUdKAx0/IxXlfQRuUU2MjVro1yIAQt5RuZV3dtXGF65W/HMMcw87Ric2J0st1mfKibyDabNsTiK/p00Ypl46I8G1QgfFpymKOI1Kn48WHXNVTyPrhoXTk6StsldFLKif56YrA4SvXU7hECRz/9t5NYnHVsMZuBrItFV46QXQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2dI+b7G8O4Obt6TT0NSEZZPrWnT1Jca5ybYB27GLl24=; b=CkskRf0LmrS4PyA19ysxmsp8nA5KN3h4y2R75cCuzW2NbO1ZTFpw5syBQYqE2MTb1tVVP1Nd8BZiduUnij8bhwJSkFfpdGCdIpkGSJrYUoNbHNRIL9sR/a6hi0aTlR2Jst/tdAf226zocd3Tgn6nY1C5J/TxaPpe1b58ZdZZ59I= Received: from SN7P222CA0016.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::16) by DS0PR12MB8814.namprd12.prod.outlook.com (2603:10b6:8:14e::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7452.50; Thu, 18 Apr 2024 19:46:46 +0000 Received: from SN1PEPF0002BA4E.namprd03.prod.outlook.com (2603:10b6:806:124:cafe::49) by SN7P222CA0016.outlook.office365.com (2603:10b6:806:124::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7495.24 via Frontend Transport; Thu, 18 Apr 2024 19:46:46 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF0002BA4E.mail.protection.outlook.com (10.167.242.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7452.22 via Frontend Transport; Thu, 18 Apr 2024 19:46:46 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 18 Apr 2024 14:46:44 -0500 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v13 01/26] [TEMP] x86/kvm/Kconfig: Have KVM_AMD_SEV select ARCH_HAS_CC_PLATFORM Date: Thu, 18 Apr 2024 14:41:08 -0500 Message-ID: <20240418194133.1452059-2-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240418194133.1452059-1-michael.roth@amd.com> References: <20240418194133.1452059-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF0002BA4E:EE_|DS0PR12MB8814:EE_ X-MS-Office365-Filtering-Correlation-Id: ccc2a210-ef36-4947-eec0-08dc5fe047c9 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: rUDs9wU2DisUr9ZZRh26V2KzHS7t5oKN49kb1tMTae0YCcmrVZAlC42wcgzbYztsLkpswmS2Zh99Bpwpj4+12d06vYppUdXcwK3dlp+M6DkU50/jU2ngMeadyN2iE0VhEk5qpW0fpW8w1fgyTSZvfWlFFGVRLleHY95KBe1d6Lr1/6KIkT54P/OXkgS+8ketYsR5BZIU5zAJojvWAa+pdOL5WKwRpQJyfFtUOkCQQDKtlKbP4HOgHpSy+f333vzDFqOIn7Na5rM4l0kpJl+5F01SeIj8axBx7TTakMmgAQhjFq4mj5k+eP6UHUKCABJ7VVlSsJJ0JFx4btJ6ZFccxx011zmC3SDy7UiwMqS+77t61e75kjOeXwAeUkPvMxbHvXY3LOayYb7kc0uNRnZwK0JTlQOYG1HW2m9n4h6VFaxkk//tXR3pGjTBowWgnIWf1Ne2xUx8NQ1O2UJjIb+5VU0Sy+/6PWL2U/h6qm3+8PCe8TKiH/+CnhQqe5mHUxNVGGfgSwpX/W33+kCqlltBKfPQej1jV1w5CArna74xU6EYNG1rfQbMurEklGWcDwpItoaxyZi9OcYmqN1VaecfWNI5lvuHSJ2PCGKiR9cv07UYc/m4DpcOTjCtRsOmwY73pFLxTJ8BSJxOMLSc3dOxUk6n5kmm63oqhhn7c2PZvrAhCBIzbcvrVZfHqtqZqfq/eSzXJcAq5RxQw1lrnloGC5YfR2BUO47wN7+nKxA5Hz2w2Ah/hGa9t07kH24PMPzn X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(82310400014)(376005)(7416005)(36860700004)(1800799015); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2024 19:46:46.0715 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ccc2a210-ef36-4947-eec0-08dc5fe047c9 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF0002BA4E.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB8814 From: "Borislav Petkov (AMD)" The functionality to load SEV-SNP guests by the host will soon rely on cc_platform* helpers because the cpu_feature* API with the early patching is insufficient when SNP support needs to be disabled late. Therefore, pull that functionality in. Signed-off-by: Borislav Petkov (AMD) Signed-off-by: Michael Roth --- arch/x86/kvm/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig index 7632fe6e4db9..d64fb2b3eb69 100644 --- a/arch/x86/kvm/Kconfig +++ b/arch/x86/kvm/Kconfig @@ -135,6 +135,7 @@ config KVM_AMD_SEV default y depends on KVM_AMD && X86_64 depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m) + select ARCH_HAS_CC_PLATFORM help Provides support for launching Encrypted VMs (SEV) and Encrypted VMs with Encrypted State (SEV-ES) on AMD processors. From patchwork Thu Apr 18 19:41:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 789985 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2041.outbound.protection.outlook.com [40.107.236.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4525918410C; Thu, 18 Apr 2024 19:49:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.41 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469789; cv=fail; b=hN4E1tTS4hrqd0cMvKWOl/A+/nQWnDhTqbjbJlECOb7o1pT8hNMOwUAqgHpfKMvvTEBSU9SkCUGKuyBmFAMj7IglPWLuGGjId364swjpMfF9I/qw1hc7bHuZ/oLV/NMvLJX/cNVtYzkuhPjZDTbPmGOtl/9qNzJ9nMiiWSDnVgc= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469789; c=relaxed/simple; bh=ddUSwBlfHO+8zTHMgusjbhzIC+bNlw/iilQT/iJeD9M=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=fLrwzfmFQxUMKqIjyO1x0pv4VpAi/qhQ50LDMfAcTO42tZY0WjaaIO7v9YoKmiSWBg9i8sGjY14zwG4xb3CLocmxg2cPOmQQt7/d4vI3GazIAle0YujsBpZ08whRgZn1x5iuMw87+AOd0o782Ig4E+xRqPp0BHSa53Rx+9YMveU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=gzIPSXtj; arc=fail smtp.client-ip=40.107.236.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="gzIPSXtj" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=a6Eenume8AqTmKjn9Nqt0WdiJI/O1xktbv6BY6ymfhCuXtktPK7dsRVYfO7lq8putnPvLMBvM8Li9dza/+roJHllR07wzdS7RAnNuUGPahaZOzQ5erguO0anZLnnbtKAGe6moFd622LC1KN+3PjzAvD4PLYcT8l9kUS3UL9Cd4WcuS6V/fN7R6iKK7XNd7yGwStObgJjq7IxR8nU5cYlIWYC898OQlAVTx9ZxwLzmcfLhWcVKvGxycp3YRwzoWlcxq5xKkk6OJQj7Eg3wNmXQ3UwI2T6bmCg6al490TxiNilMWc6SpdNvFlF8qboSzNG1Q1e6WfoGlA1sU2FoBO+Cg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=e5zEqGM1bhYNGAIK+xd0rpn984OnQ1sfqnbzI9kFBWg=; b=LYyo9CqSBRZKyhVQU8pUTcj+emkMHDlX2jY5AgNiVS6lq9+37+M4pDrJWY2EtRi/IWjjWjJVAQ9+RY/ZS44bUqrUMQaonM/Omf0fvPaSNiORp0hwuUjKJEgxp51rT+O8SCJI8jOzb/tHVim+s0cXOUzfpl2hcIRiGvEYW5sjdiegCEnNlGgaZaL7H/W4/1YrtGeDP1RQm/BqZSzNDWy01FP10HCm0NiIjBAiNaVwSUJF0vantNYKdWbMVER+2be3/6OOqkCiI2SIdDrdU03BWGdwFP8BJYRvnIlPZ4+nc4Ctorn1QNlitzVxg7USmsqWfX8BVFl0KAIjHZyvy8vAqg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=e5zEqGM1bhYNGAIK+xd0rpn984OnQ1sfqnbzI9kFBWg=; b=gzIPSXtjE2pkzk9rncAwCg42Q1Z+0VtKNI6N7FlirLRzzQFx5NnLGw9jhONAmw+VWoJ6C3GGMt2Ba7rxF7uB5L0l/MqaXA2TzrI5e7RoMwe1yq+hYqz2/FCgIU97F8K19VKPbrbDOyL46YPsYWpGBaabvpUFx6jmEK6u1dcSVYI= Received: from SN7PR18CA0030.namprd18.prod.outlook.com (2603:10b6:806:f3::7) by BY5PR12MB4116.namprd12.prod.outlook.com (2603:10b6:a03:210::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.42; Thu, 18 Apr 2024 19:49:42 +0000 Received: from SN1PEPF0002BA51.namprd03.prod.outlook.com (2603:10b6:806:f3:cafe::a2) by SN7PR18CA0030.outlook.office365.com (2603:10b6:806:f3::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7495.26 via Frontend Transport; Thu, 18 Apr 2024 19:49:42 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF0002BA51.mail.protection.outlook.com (10.167.242.74) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7452.22 via Frontend Transport; Thu, 18 Apr 2024 19:49:42 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 18 Apr 2024 14:49:41 -0500 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v13 03/26] [TEMP] x86/CPU/AMD: Track SNP host status with cc_platform_*() Date: Thu, 18 Apr 2024 14:41:10 -0500 Message-ID: <20240418194133.1452059-4-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240418194133.1452059-1-michael.roth@amd.com> References: <20240418194133.1452059-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF0002BA51:EE_|BY5PR12MB4116:EE_ X-MS-Office365-Filtering-Correlation-Id: d5168f74-a41d-4869-0780-08dc5fe0b0cc X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Y+KjFbYPNcH+V86Ht5gVP8tt2wl1UqECapNRF+ZDjNDAjHjyuYfybAnjlnyYTb5tVNxKICTVOAzbaDs3oBDXXKPLm1LhTmu3qjY1Zz2GObcgq/FW9MNDEiNkYkcSfkMI6WbYbODV/mfrciqvm7H4XRo2iFVeFE7OVA4W60mjXrYe7vZ7iFchkilIakYz8S5ZP4a7AuMCaWW2QGtr7uyE+4a0Q1WvpazT3etSINDj+8SafTutHAKLUzWyyYocUgBHNQE6V151bmSX5IsbD9K85A+lkx8MNCCdTBz+vIyAOva/dRWUtY/eSO+I706K96NRAJE0hkXed6hUzJGVPAGf9gBjMW4inQ/XIA7A5x2YfNCuby4OqIukcgJ7xZxw7nOhz2NqpmBK85X/nA7px9+ZQWolPUFCYx1mpnQ7vGr8rxju0xC2FXKtxE54J8SKvusC/Q+WjwfVod2s4wRm4ERO9Vg7p6635miWPNPnay/r2fbfQ8YfJpxxkKpRIrRXU14dcMG4VAWHrLJy16+gzEBd8m++QasiJDYWnBObRA7a6/j2hTyKg+dVx+CfpUbbKwJ+FOhZj99lYQ2Sz3+Q70odpGILNnTmk3pUHIFttgIofx3qeH8B1YMJBYolt74pFbYseQtJYHmbPTnd6ky6GeB87RM03eCZADMdFCCdyMjsEA6NRdkaTQdhwDA47FetqqzI6HpEBHtIh+ZFYXH2D95I6yU53kAna0d3hqKWuk4ZR5oowWY8At/sjeckqKudAfO9 X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(36860700004)(7416005)(1800799015)(376005)(82310400014); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2024 19:49:42.1679 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d5168f74-a41d-4869-0780-08dc5fe0b0cc X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF0002BA51.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB4116 From: "Borislav Petkov (AMD)" The host SNP worthiness can determined later, after alternatives have been patched, in snp_rmptable_init() depending on cmdline options like iommu=pt which is incompatible with SNP, for example. Which means that one cannot use X86_FEATURE_SEV_SNP and will need to have a special flag for that control. Use that newly added CC_ATTR_HOST_SEV_SNP in the appropriate places. Move kdump_sev_callback() to its rightfull place, while at it. Signed-off-by: Borislav Petkov (AMD) Signed-off-by: Michael Roth --- arch/x86/include/asm/sev.h | 4 ++-- arch/x86/kernel/cpu/amd.c | 38 ++++++++++++++++++------------ arch/x86/kernel/cpu/mtrr/generic.c | 2 +- arch/x86/kernel/sev.c | 10 -------- arch/x86/kvm/svm/sev.c | 2 +- arch/x86/virt/svm/sev.c | 26 +++++++++++++------- drivers/crypto/ccp/sev-dev.c | 2 +- drivers/iommu/amd/init.c | 4 +++- 8 files changed, 49 insertions(+), 39 deletions(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 9477b4053bce..780182cda3ab 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -228,7 +228,6 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct sn void snp_accept_memory(phys_addr_t start, phys_addr_t end); u64 snp_get_unsupported_features(u64 status); u64 sev_get_status(void); -void kdump_sev_callback(void); void sev_show_status(void); #else static inline void sev_es_ist_enter(struct pt_regs *regs) { } @@ -258,7 +257,6 @@ static inline int snp_issue_guest_request(u64 exit_code, struct snp_req_data *in static inline void snp_accept_memory(phys_addr_t start, phys_addr_t end) { } static inline u64 snp_get_unsupported_features(u64 status) { return 0; } static inline u64 sev_get_status(void) { return 0; } -static inline void kdump_sev_callback(void) { } static inline void sev_show_status(void) { } #endif @@ -270,6 +268,7 @@ int psmash(u64 pfn); int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, u32 asid, bool immutable); int rmp_make_shared(u64 pfn, enum pg_level level); void snp_leak_pages(u64 pfn, unsigned int npages); +void kdump_sev_callback(void); #else static inline bool snp_probe_rmptable_info(void) { return false; } static inline int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level) { return -ENODEV; } @@ -282,6 +281,7 @@ static inline int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, u32 as } static inline int rmp_make_shared(u64 pfn, enum pg_level level) { return -ENODEV; } static inline void snp_leak_pages(u64 pfn, unsigned int npages) {} +static inline void kdump_sev_callback(void) { } #endif #endif diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index 6d8677e80ddb..9bf17c9c29da 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -345,6 +345,28 @@ static void srat_detect_node(struct cpuinfo_x86 *c) #endif } +static void bsp_determine_snp(struct cpuinfo_x86 *c) +{ +#ifdef CONFIG_ARCH_HAS_CC_PLATFORM + cc_vendor = CC_VENDOR_AMD; + + if (cpu_has(c, X86_FEATURE_SEV_SNP)) { + /* + * RMP table entry format is not architectural and is defined by the + * per-processor PPR. Restrict SNP support on the known CPU models + * for which the RMP table entry format is currently defined for. + */ + if (!cpu_has(c, X86_FEATURE_HYPERVISOR) && + c->x86 >= 0x19 && snp_probe_rmptable_info()) { + cc_platform_set(CC_ATTR_HOST_SEV_SNP); + } else { + setup_clear_cpu_cap(X86_FEATURE_SEV_SNP); + cc_platform_clear(CC_ATTR_HOST_SEV_SNP); + } + } +#endif +} + static void bsp_init_amd(struct cpuinfo_x86 *c) { if (cpu_has(c, X86_FEATURE_CONSTANT_TSC)) { @@ -452,21 +474,7 @@ static void bsp_init_amd(struct cpuinfo_x86 *c) break; } - if (cpu_has(c, X86_FEATURE_SEV_SNP)) { - /* - * RMP table entry format is not architectural and it can vary by processor - * and is defined by the per-processor PPR. Restrict SNP support on the - * known CPU model and family for which the RMP table entry format is - * currently defined for. - */ - if (!boot_cpu_has(X86_FEATURE_ZEN3) && - !boot_cpu_has(X86_FEATURE_ZEN4) && - !boot_cpu_has(X86_FEATURE_ZEN5)) - setup_clear_cpu_cap(X86_FEATURE_SEV_SNP); - else if (!snp_probe_rmptable_info()) - setup_clear_cpu_cap(X86_FEATURE_SEV_SNP); - } - + bsp_determine_snp(c); return; warn: diff --git a/arch/x86/kernel/cpu/mtrr/generic.c b/arch/x86/kernel/cpu/mtrr/generic.c index 422a4ddc2ab7..7b29ebda024f 100644 --- a/arch/x86/kernel/cpu/mtrr/generic.c +++ b/arch/x86/kernel/cpu/mtrr/generic.c @@ -108,7 +108,7 @@ static inline void k8_check_syscfg_dram_mod_en(void) (boot_cpu_data.x86 >= 0x0f))) return; - if (cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + if (cc_platform_has(CC_ATTR_HOST_SEV_SNP)) return; rdmsr(MSR_AMD64_SYSCFG, lo, hi); diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index b59b09c2f284..1e1a3c3bd1e8 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -2287,16 +2287,6 @@ static int __init snp_init_platform_device(void) } device_initcall(snp_init_platform_device); -void kdump_sev_callback(void) -{ - /* - * Do wbinvd() on remote CPUs when SNP is enabled in order to - * safely do SNP_SHUTDOWN on the local CPU. - */ - if (cpu_feature_enabled(X86_FEATURE_SEV_SNP)) - wbinvd(); -} - void sev_show_status(void) { int i; diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 1642d7d49bde..598d78b4107f 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3296,7 +3296,7 @@ struct page *snp_safe_alloc_page(struct kvm_vcpu *vcpu) unsigned long pfn; struct page *p; - if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) return alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); /* diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c index cffe1157a90a..ab0e8448bb6e 100644 --- a/arch/x86/virt/svm/sev.c +++ b/arch/x86/virt/svm/sev.c @@ -77,7 +77,7 @@ static int __mfd_enable(unsigned int cpu) { u64 val; - if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) return 0; rdmsrl(MSR_AMD64_SYSCFG, val); @@ -98,7 +98,7 @@ static int __snp_enable(unsigned int cpu) { u64 val; - if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) return 0; rdmsrl(MSR_AMD64_SYSCFG, val); @@ -174,11 +174,11 @@ static int __init snp_rmptable_init(void) u64 rmptable_size; u64 val; - if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) return 0; if (!amd_iommu_snp_en) - return 0; + goto nosnp; if (!probed_rmp_size) goto nosnp; @@ -225,7 +225,7 @@ static int __init snp_rmptable_init(void) return 0; nosnp: - setup_clear_cpu_cap(X86_FEATURE_SEV_SNP); + cc_platform_clear(CC_ATTR_HOST_SEV_SNP); return -ENOSYS; } @@ -246,7 +246,7 @@ static struct rmpentry *__snp_lookup_rmpentry(u64 pfn, int *level) { struct rmpentry *large_entry, *entry; - if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) return ERR_PTR(-ENODEV); entry = get_rmpentry(pfn); @@ -363,7 +363,7 @@ int psmash(u64 pfn) unsigned long paddr = pfn << PAGE_SHIFT; int ret; - if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) return -ENODEV; if (!pfn_valid(pfn)) @@ -472,7 +472,7 @@ static int rmpupdate(u64 pfn, struct rmp_state *state) unsigned long paddr = pfn << PAGE_SHIFT; int ret, level; - if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) return -ENODEV; level = RMP_TO_PG_LEVEL(state->pagesize); @@ -558,3 +558,13 @@ void snp_leak_pages(u64 pfn, unsigned int npages) spin_unlock(&snp_leaked_pages_list_lock); } EXPORT_SYMBOL_GPL(snp_leak_pages); + +void kdump_sev_callback(void) +{ + /* + * Do wbinvd() on remote CPUs when SNP is enabled in order to + * safely do SNP_SHUTDOWN on the local CPU. + */ + if (cc_platform_has(CC_ATTR_HOST_SEV_SNP)) + wbinvd(); +} diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index f44efbb89c34..2102377f727b 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -1090,7 +1090,7 @@ static int __sev_snp_init_locked(int *error) void *arg = &data; int cmd, rc = 0; - if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) return -ENODEV; sev = psp->sev_data; diff --git a/drivers/iommu/amd/init.c b/drivers/iommu/amd/init.c index e7a44929f0da..33228c1c8980 100644 --- a/drivers/iommu/amd/init.c +++ b/drivers/iommu/amd/init.c @@ -3228,7 +3228,7 @@ static bool __init detect_ivrs(void) static void iommu_snp_enable(void) { #ifdef CONFIG_KVM_AMD_SEV - if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) return; /* * The SNP support requires that IOMMU must be enabled, and is @@ -3236,12 +3236,14 @@ static void iommu_snp_enable(void) */ if (no_iommu || iommu_default_passthrough()) { pr_err("SNP: IOMMU disabled or configured in passthrough mode, SNP cannot be supported.\n"); + cc_platform_clear(CC_ATTR_HOST_SEV_SNP); return; } amd_iommu_snp_en = check_feature(FEATURE_SNP); if (!amd_iommu_snp_en) { pr_err("SNP: IOMMU SNP feature not enabled, SNP cannot be supported.\n"); + cc_platform_clear(CC_ATTR_HOST_SEV_SNP); return; } From patchwork Thu Apr 18 19:41:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 789984 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on2062.outbound.protection.outlook.com [40.107.96.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AA36D194C8B; Thu, 18 Apr 2024 19:50:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.96.62 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469831; cv=fail; b=Av4HqbAwZJYFm/xNNX7C5NppBifSuTkFJAkfPfMchflHimkiv36HMhzNfJ/oZtW1BXkE+8mSonilBS6AFFnscFBMKNZ3vgKPjCSqF9LWD84CRRlyVUwI++6Z+LrsIg7UBOTfO8FxhNd1HhvsRxIh8UhWS2lYYo6XThC4vJNgkXA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469831; c=relaxed/simple; bh=FJCMQvRyfp5Z1IhuXUvGBSE2rK2rAfv2nhEopFQTfmA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=SRBAsAMxnHQz28kN3MWDXWRDYLylKT5iiluJbSsxxm+oVeBU2+EWhPVO9D0l45ogZn+NRzOqUXjKQKilIubYIghfEzM/auUp5yapzdTxz0yNAMSA7lGW2cWYbKAiuPc28N86gdoIUybTmU6/DFpDZ32JLED4xuzj8HHh9hd1l4o= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=x7LG7sKg; arc=fail smtp.client-ip=40.107.96.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="x7LG7sKg" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Yz+mOHeV7cEoxzA4wzXBS3Hyb9TgAmDRnCECWZ1dgwW230j1l/006oyNV84t4pkTD+HJI05EYY8UNwhkAhY4v+N5rOaUVGHJdWJjhWJQRoBBxT+CW/uBqZt1008hC0HZlhCEHss3VOoGquY/HahpsfwCFp+P5GBQCZZnh+VacUnzveYXTiZ5sZXH/AzMaR8kIfYTEZvk8L3BudPqMg66JKcGFLHL4RaJYhWHNQAR57eMi4XCSKslpWEyTZ3HENY67aN96k+X4Ln+ifTywdGJV0V9WSZDPnoEuJ9K/FH35VSV4F1G5ZUu2J+AXJK2JYM1DdGVFVbQmGmojVaD0/FIhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cXRnpadbMHv81jR+cczjNT88FJu0zOLgWChtKNLc+po=; b=HrDrQNTFv1FdsbtyvA8O/VSWZb+S6/Z3FfMSwseKjSXy7+k+KGz42PdOnmYLbtYWgSSDGfh+bGgi30L6bPbNuwgcayOARXFVP6nW+96Gr0o6tBHBVYqcf82MKBq3swmffPBsbBkLwMHf3yMjzo/Kr80XCAtPWcRd8kgvqr++zDRFGasChDD+PZbb3FmN9TV+09VZT+lli4QBqfQj5LL4NZqteWCc0q28o8VbOkvODLChX/HjE7J/6QnFeTPKl7uN8PkLVwSfttS7hK/agK0FJXpr7n8XZxruPsfIl1Yozl1kVrtR9LL25EouxnnMkdfLWvHORtW5Aq+sYw8fWWyR7w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cXRnpadbMHv81jR+cczjNT88FJu0zOLgWChtKNLc+po=; b=x7LG7sKgjsGS2WqMbVchgLVqkh4Pgg75y/z8GDPXihufXyJltSTh7t6s68zFjt2E68Vb2BwCacgSoLzQc3ujFa62nZhuq9ThXWuok3C7DBrHQtogWCPYdueQgnnxQqCJq+9QH/eWlmUIsFHPpMKZe5ikFXLe96s9SGTYfqI/89g= Received: from SN7PR18CA0020.namprd18.prod.outlook.com (2603:10b6:806:f3::14) by SA1PR12MB8120.namprd12.prod.outlook.com (2603:10b6:806:331::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7452.50; Thu, 18 Apr 2024 19:50:26 +0000 Received: from SN1PEPF0002BA51.namprd03.prod.outlook.com (2603:10b6:806:f3:cafe::c7) by SN7PR18CA0020.outlook.office365.com (2603:10b6:806:f3::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7495.29 via Frontend Transport; Thu, 18 Apr 2024 19:50:26 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF0002BA51.mail.protection.outlook.com (10.167.242.74) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7452.22 via Frontend Transport; Thu, 18 Apr 2024 19:50:25 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 18 Apr 2024 14:50:25 -0500 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v13 05/26] KVM: SEV: Select KVM_GENERIC_PRIVATE_MEM when CONFIG_KVM_AMD_SEV=y Date: Thu, 18 Apr 2024 14:41:12 -0500 Message-ID: <20240418194133.1452059-6-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240418194133.1452059-1-michael.roth@amd.com> References: <20240418194133.1452059-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF0002BA51:EE_|SA1PR12MB8120:EE_ X-MS-Office365-Filtering-Correlation-Id: 897adf2a-ee80-4d0a-1011-08dc5fe0cadb X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: OW7aQOfvhoXJmRIv0De1SA9xPgnn5IYqo/Szg8kFVim5ScplZpG/Xjs7SpVYEJYQP6SJpIAm0dbSs+MlpFSn5rOkdI/NtJDAe427Leq29mvjuMrSO8lYTU96+TVYOKkKc779W4Rk3xEzotj+H8udh42o5e4pK/l+cNIeYiW1Sa2IzL16RWbMBH0xGdNU/P6hXYuTck6V+VXMXZdD29lbNygAFu2yG/Xqi6amyFco/xETr4GBTsP3KWrS0uHhNDcTV7vgz34HTYj3mytQT/GveionJxJ+5Vkaplj6WaQPfs0UaLTfVtn9C8bwyZjzBAWFMNL+/XgWozOyC3//NPdOjLFJvraOvZrXZiI/1EBla/cueapYraSbfRDhE1oKe545GO0C6zTGV3wp1anQx6/x+5SO2vhjDBjRzwYaK+yiXgUMWiNB/HCDNvwueKH2YVP6NZ8oZS/MWUY0AQzH8LgfHt8EIborR8HgQXV5DDJbnK6U5yKFvH96ZSHG4XebPWzsjb9zPVdP4KRXjgYbHiNXasnj0eTv4Sg6tE8XcqwzdjvP+YruaD9SHli7OCTry2Zi8ySVs6on47FryYb4mtcBUbtQcm1PBxuPAipdOx4DGZyCzYJm66YDvPV1HshDtm2WcIY1AcHvT/YqoIXJQwNoYekQhTEiBHu9vQp6itwJIKF7bklZzslQ4SscEqJNdF2KcjRqO3WK7AdKx+vPvOMsb35CwvZ6mvuGX0aLoPCtLf1r305n6FE5/m6hFHWWLkj8 X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(7416005)(1800799015)(36860700004)(376005)(82310400014); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2024 19:50:25.9809 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 897adf2a-ee80-4d0a-1011-08dc5fe0cadb X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF0002BA51.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB8120 SEV-SNP relies on private memory support to run guests, so make sure to enable that support via the CONFIG_KVM_GENERIC_PRIVATE_MEM config option. Signed-off-by: Michael Roth --- arch/x86/kvm/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig index d64fb2b3eb69..5e72faca4e8f 100644 --- a/arch/x86/kvm/Kconfig +++ b/arch/x86/kvm/Kconfig @@ -136,6 +136,7 @@ config KVM_AMD_SEV depends on KVM_AMD && X86_64 depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m) select ARCH_HAS_CC_PLATFORM + select KVM_GENERIC_PRIVATE_MEM help Provides support for launching Encrypted VMs (SEV) and Encrypted VMs with Encrypted State (SEV-ES) on AMD processors. From patchwork Thu Apr 18 19:41:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 789983 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2069.outbound.protection.outlook.com [40.107.220.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8FDE3181B83; Thu, 18 Apr 2024 19:51:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.69 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469884; cv=fail; b=eYLxnuEjnMR+PH5MV+JA97LD5C5RY/NM4YlMmxVu0d6fywf/u5/AdPwkDrBLDhwcCC5JOIOW7M3MQZoaqktab52b7qfIWvS3mh0cr6oYTVDWmkEUnt57CpE7mLYNIKUYHXC859sVMnpNqYpKULDVnd2EkgBto0+LtysqQJYDOsw= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469884; c=relaxed/simple; bh=pMKa5IcwzEoMzog/AhhX6W71dGNHZd5Om3r4C1Llpj4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Rc99pjt4uT+7b57V/JjR59Fmi+d4n/N2C8semoiG9MN71BnGrwFVwBQn57m0ZKTv53wfmmErVQdrueImO6EieTa43Vl0EEaM00SeOYUuO9L+NcaU9XeY1Uqi5euL2LoWUWmkMSUOWdYplappkQaKa5Az3+WsB3GdSnISthAlik8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=hDogTjb0; arc=fail smtp.client-ip=40.107.220.69 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="hDogTjb0" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hMRTPctqWgVWvSivLiqkJKycroy+E8Z0/5F4prDNQ5Bc56oLApdTCE0qoP6hhGbrdA9lAs2bkUpNUi34EEQ5asZ8Z2H1Y7CGYt+w0qurFZmXa+xl54rxS5cGQLB8U/ZDGDduqd6JCpuZ/Gg1AaZK8sx0Ca/70bWwneRvFFZqGzL2Jned7ktjhT8kbrdDpdF5aznqocSHLFcMPaEux80zyYWVgBnNc5HvCztzCqv5Frd+5AeY62LdxCrv+N1FGuqZNmLz0Oyfkyfb/V9KCy8DRIZmocFGkrmnp0eQGHumyHG1OLiqbdiMwd1SJfqXWcvL08qHX/8xFeC6fbMIx2p1Uw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fgJgGQzmEQFn3qDjiul4utVDj7Am85Us4DHS4OSv5bE=; b=B3dnVOG/UNjiqgWzkJvkU6k9biN7AqFOl7/eTRPUk6XkIAChcgMD2Y0a7q0B3PQnsVc3gpjcpaLb9ZIic3I/YYWsfe3qz2kOFuZHxuKV4ibkWljX+Qi3v/u3uDwdkT/dwaRyThiP0x+1PENDvhA6+/pXa2yB9gcq8RQbtWUSBvapk0WwoNZHNbX5uLb1IIkcJHBqo7yGTbIteLJC3cSLBOCrKGztVayms9uJN2i98hsW3Luahw1GgRpre5cKhyMXjQfdYupIWi3Xw2nRPJhcCAj5KxFQN04Y+6rYKn200NCfKTaBCSds9NsttECNjTfQ5uYe/RwDgKy6IZaDabLWcg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=temperror (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=temperror action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fgJgGQzmEQFn3qDjiul4utVDj7Am85Us4DHS4OSv5bE=; b=hDogTjb0ne+THYWLgia0Z0VZWrfoIPit4JmAppWiVKdADQmPQZ5j6FVrkhGkVIRLpx7ESAkk1mouP5P+iLk5lNjQMV7iht7lIcLvbaWvH8UmG72igRjPLnBhVCPEP0sZeoUtoO/i/MfMdDpuohUQsB0JIGYXZB72HQTlxz9cFqk= Received: from DS0PR17CA0019.namprd17.prod.outlook.com (2603:10b6:8:191::8) by CY5PR12MB6323.namprd12.prod.outlook.com (2603:10b6:930:20::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.42; Thu, 18 Apr 2024 19:51:19 +0000 Received: from CY4PEPF0000E9D0.namprd03.prod.outlook.com (2603:10b6:8:191:cafe::9d) by DS0PR17CA0019.outlook.office365.com (2603:10b6:8:191::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.33 via Frontend Transport; Thu, 18 Apr 2024 19:51:14 +0000 X-MS-Exchange-Authentication-Results: spf=temperror (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=temperror action=none header.from=amd.com; Received-SPF: TempError (protection.outlook.com: error in processing during lookup of amd.com: DNS Timeout) Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000E9D0.mail.protection.outlook.com (10.167.241.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7452.22 via Frontend Transport; Thu, 18 Apr 2024 19:51:13 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 18 Apr 2024 14:51:09 -0500 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh Subject: [PATCH v13 07/26] KVM: SEV: Add GHCB handling for Hypervisor Feature Support requests Date: Thu, 18 Apr 2024 14:41:14 -0500 Message-ID: <20240418194133.1452059-8-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240418194133.1452059-1-michael.roth@amd.com> References: <20240418194133.1452059-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000E9D0:EE_|CY5PR12MB6323:EE_ X-MS-Office365-Filtering-Correlation-Id: 39a99669-ed62-42ac-23e6-08dc5fe0e6e9 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 4YNuoQaOceV26QYVqgjC1m+cXuqXQmc1V3yqqi2w/W0XpmlnRXIjE97Y/44StPx/BwmWVrk9ZuVe5juyGnhCz4hi8EQq1tA/MpzI1mBganR8l943hScPPl3wrxMr/Ruhe994xveIktg+LiLl+f6hK0gsxqIx4qN9ilmtAv+oBaha4OzfF4l7tiE0rtkpZYkgtqZBt38BKWQOLtcFhQL+PwJid6/Zb7xeewnm5aj/xZJiBok8nyJgP6IX1TOUro7I+fv6DYag4kBqcgnwYyloe7Ix2FB3FzRt7wJVUU2Te4neRb4EJANLj+UaKzy36304q40sTkGxd48ohx9Q1fwHwJAMOY1COK3e5pHJW3cS0HBeKa7YuR4LweLJPnKGwkF7EOuq4XQvVKUqHxs9evX3s3nJqk3OTwGTrBRlfhQC7jyC6WlQ6lh4GBVZTWj+XIQPkLuEnqEYoXyYDgUM3BJsVhyZ+Pd8IYB100089nwUtiLOCCQslznkRXqCpBUDY3rFZX/9lT9yG76LfpjachvVbzpQmA1n5+hNaW2p0wYhVvV/BZ4Q65SyDMQZzf9/w2KRTucvlBzrQCDyd1eALphiTnUWWrVlyMFZZkXGi0etnrCYtkcO9IM9P/jHux+KAUGsqaLznt2j7b3LoBevWw7SRzwmCAR4g22gR4TBIHsf4qdl82xXFw9u+jGecIOuji/OzBNd/WKaCea+sqKBlLQ9sgwVREOL0VojoWvUCx2kUcSaNE8z68XgtQ/oFBDOnbWi X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(36860700004)(82310400014)(1800799015)(7416005)(376005); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2024 19:51:13.0025 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 39a99669-ed62-42ac-23e6-08dc5fe0e6e9 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000E9D0.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR12MB6323 From: Brijesh Singh Version 2 of the GHCB specification introduced advertisement of features that are supported by the Hypervisor. Now that KVM supports version 2 of the GHCB specification, bump the maximum supported protocol version. Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra Signed-off-by: Michael Roth --- arch/x86/include/asm/sev-common.h | 2 ++ arch/x86/kvm/svm/sev.c | 16 +++++++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h index 01261f7054ad..5a8246dd532f 100644 --- a/arch/x86/include/asm/sev-common.h +++ b/arch/x86/include/asm/sev-common.h @@ -101,6 +101,8 @@ enum psc_op { /* GHCB Hypervisor Feature Request/Response */ #define GHCB_MSR_HV_FT_REQ 0x080 #define GHCB_MSR_HV_FT_RESP 0x081 +#define GHCB_MSR_HV_FT_POS 12 +#define GHCB_MSR_HV_FT_MASK GENMASK_ULL(51, 0) #define GHCB_MSR_HV_FT_RESP_VAL(v) \ /* GHCBData[63:12] */ \ (((u64)(v) & GENMASK_ULL(63, 12)) >> 12) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 6e31cb408dd8..1d2264e93afe 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -33,9 +33,11 @@ #include "cpuid.h" #include "trace.h" -#define GHCB_VERSION_MAX 1ULL +#define GHCB_VERSION_MAX 2ULL #define GHCB_VERSION_MIN 1ULL +#define GHCB_HV_FT_SUPPORTED GHCB_HV_FT_SNP + /* enable/disable SEV support */ static bool sev_enabled = true; module_param_named(sev, sev_enabled, bool, 0444); @@ -2701,6 +2703,7 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) case SVM_VMGEXIT_AP_HLT_LOOP: case SVM_VMGEXIT_AP_JUMP_TABLE: case SVM_VMGEXIT_UNSUPPORTED_EVENT: + case SVM_VMGEXIT_HV_FEATURES: break; default: reason = GHCB_ERR_INVALID_EVENT; @@ -2961,6 +2964,12 @@ static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) GHCB_MSR_INFO_MASK, GHCB_MSR_INFO_POS); break; + case GHCB_MSR_HV_FT_REQ: + set_ghcb_msr_bits(svm, GHCB_HV_FT_SUPPORTED, + GHCB_MSR_HV_FT_MASK, GHCB_MSR_HV_FT_POS); + set_ghcb_msr_bits(svm, GHCB_MSR_HV_FT_RESP, + GHCB_MSR_INFO_MASK, GHCB_MSR_INFO_POS); + break; case GHCB_MSR_TERM_REQ: { u64 reason_set, reason_code; @@ -3085,6 +3094,11 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) ret = 1; break; } + case SVM_VMGEXIT_HV_FEATURES: + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, GHCB_HV_FT_SUPPORTED); + + ret = 1; + break; case SVM_VMGEXIT_UNSUPPORTED_EVENT: vcpu_unimpl(vcpu, "vmgexit: unsupported event - exit_info_1=%#llx, exit_info_2=%#llx\n", From patchwork Thu Apr 18 19:41:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 789995 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2062.outbound.protection.outlook.com [40.107.93.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9061917AD72; Thu, 18 Apr 2024 19:42:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.62 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469346; cv=fail; b=h4PnkGR3TtZzxwbpOvj/oBygLWEwDS8svL5lhzS1jsncdZEQNq94VjkUHJtoN4ulcH6jIJS7L38IpaBxrhayaEuv63rntehE7XZM4WHYD8m12vJS38ghhRkRKiv8qh6z+HmSqMDMz38B5DCB13fvksIkN6lTVgJiPJN2LUeQE6Q= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469346; c=relaxed/simple; bh=RJKWEK3dDbWxs/FkNQoIK5dRBnTfv8xJC20wlZQT18k=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=NEaBVFjnI8REWds7blYaNRa/Pq5xTdAJw9haxGZdF20paxC8tHIZgGCMkaCAEYolEjSPR+n2XQJmNDHmF3ju3hxjHgCPfM2nh78a0h/X/WxZHRHQDSvvMeRHTHXOADXMIAnVfaYnyLzMqOousKYs7jlbI4gJNRV5cL6b3Hq3Sgo= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=ByET/fty; arc=fail smtp.client-ip=40.107.93.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="ByET/fty" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CXXzt8QTjR3dILyPoRV9avROE3+sUurCydvbl0+THxzBDWl4F20rsFqodIRGDYmL7agWIGq54Xur/QxUTRYn4tBdJzm/3KszCQhyCJM/csa4G6x0udYOIuZLKT798tNHpRau+BVYXHXNW5P6TSB3AjtggcMAk/oJ49LoeeQMU1ShOVbStGsCgv/zFS0DJSqvSz1+Wx7zrKKjDcnInKegYLzz8rYRcCfiMAtc755sGMOCaKjRiVd0PPi0VBP2G6V5dTxuDS9U9A0ZA0SyQA5AocpDjPhTD06UbTSkgB007fEGFKBxc+6K92j/RjjGzGnUQ0UO0KWAHsz+eIcvjb8/rw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=COQvOCPPz36ySA7UL+Y6YjQSSmYCvpSNn3OqqsJv6Vg=; b=m3Ri7zqMkC0NE956mtVVhfVvF9fn0Hz42LOr1t3K8nFkYatYBclP9rPgZp2JOmDPlwj2+fNxbFbOXkK9um9I8vH36xmRf9LVvJDxSmSrWOk4guZxT4GLPRKk0igxG/51O9tovg4PnIFA9Gcww8ieO6BgMti2fBZ6uBgOnhJmohdwo2cT1mek0yuYXrsrVKVUFot6YARVrHFOBT3ppuEUB62RVdSaeebpU9jTE4Loh4Jhgh4EIUfNgS9aQj0b+xVkM9jA6bU5pY+N7FbPAI83U2jVOt+D/bAh6f2CF+JDb+gqmfAE9IqhBAKCNOjWSYz4g9+Lf94IbLrWFCrfjyTNjA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=COQvOCPPz36ySA7UL+Y6YjQSSmYCvpSNn3OqqsJv6Vg=; b=ByET/ftyQVhqXKSXB7bUAETO2VYfcvyxvJZXsE+SH7RxXu2dcul2eth2jBQrLwssW3Qm1m/et9PLsvRoPE9qkkY8efK7OiXfyR/nwcggC0HL3/TyPxBJ9LJmxiCq6OsxBRnqd3pAvoeeTtA3kedqCP6J/3MgP1T1N1PjmUGJ6W0= Received: from SJ0PR03CA0350.namprd03.prod.outlook.com (2603:10b6:a03:39c::25) by MN6PR12MB8541.namprd12.prod.outlook.com (2603:10b6:208:47a::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.37; Thu, 18 Apr 2024 19:42:20 +0000 Received: from SJ5PEPF000001CE.namprd05.prod.outlook.com (2603:10b6:a03:39c:cafe::f9) by SJ0PR03CA0350.outlook.office365.com (2603:10b6:a03:39c::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.33 via Frontend Transport; Thu, 18 Apr 2024 19:42:20 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ5PEPF000001CE.mail.protection.outlook.com (10.167.242.38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7452.22 via Frontend Transport; Thu, 18 Apr 2024 19:42:19 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 18 Apr 2024 14:42:18 -0500 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh Subject: [PATCH v13 10/26] KVM: SEV: Add KVM_SEV_SNP_LAUNCH_UPDATE command Date: Thu, 18 Apr 2024 14:41:17 -0500 Message-ID: <20240418194133.1452059-11-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240418194133.1452059-1-michael.roth@amd.com> References: <20240418194133.1452059-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001CE:EE_|MN6PR12MB8541:EE_ X-MS-Office365-Filtering-Correlation-Id: e7e935b6-383f-443e-dda9-08dc5fdfa932 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: qyu7FPoupeHtg3kkeAlI3F6nTiCIdEvo5ThsQaiNaFE+yDMrzfCZakb38ml/AZXmZ3PiVnww0jPHZGXKVRU349pzEKd/Xvbs9033m+0BH8tUVj4yJ5QhqJGHtrfAWttx7yvfJlFXSIeCW4zM3NPdWgSn7ZBWvBeyE0pvEALz8qtAGbJt8ouXTuEcU5oZ5nQ7H1XQsYI2TFEq8npqE544crPSt+gYShCieH/FhRSrehE2smH8UKOEaCLXUdjUOk7r1NWy+v8mmlDxeQpUFiKXnjUUZqg0fcOP8dpus9eDgf1VY5DYixju6LVRzP6u+azKV1DU52qzwuE9umiJkLl52MDdtNhfxQrFDnqe1v0iO2MapmGBkYtqUb/+76hU7e0NeivYUzlzZT1nTFktUIX4IDtmh9Q6wAdmOks4U78Fl7iq12HJIGMcW0YzyXgEeG9O4bzzVtAOidZkPi0nx2ZNehLH7nriiHAlXcy5O7a9ariJu4HbLKjaHi5NnVNoY4qVHyUgMzcwarkQDqc3KLfSscML0yc+hVdhc+/Fcc47UhS26pP4N2lybipUjEtYVZCSCzQd7Ro4HqKoPnbmOYKupcVIW/JPQi5s9JfkM4MA7T2GZjcvQ/Ql8VthAMqpzI7wVxX9AoT9jlnGi+tZK575wXcBLgSSptRY5nsvwPqDJfx9s63F9UokunnBMmmMGacfP3LYcn13BYguymgfwTmQO8FyX0d+VHv/D8yztpmhOrzzpLTYEsiy3FYT2NmMIadH X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(36860700004)(376005)(82310400014)(1800799015)(7416005); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2024 19:42:19.9390 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e7e935b6-383f-443e-dda9-08dc5fdfa932 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001CE.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN6PR12MB8541 From: Brijesh Singh A key aspect of a launching an SNP guest is initializing it with a known/measured payload which is then encrypted into guest memory as pre-validated private pages and then measured into the cryptographic launch context created with KVM_SEV_SNP_LAUNCH_START so that the guest can attest itself after booting. Since all private pages are provided by guest_memfd, make use of the kvm_gmem_populate() interface to handle this. The general flow is that guest_memfd will handle allocating the pages associated with the GPA ranges being initialized by each particular call of KVM_SEV_SNP_LAUNCH_UPDATE, copying data from userspace into those pages, and then the post_populate callback will do the work of setting the RMP entries for these pages to private and issuing the SNP firmware calls to encrypt/measure them. For more information see the SEV-SNP specification. Signed-off-by: Brijesh Singh Co-developed-by: Michael Roth Signed-off-by: Michael Roth Signed-off-by: Ashish Kalra --- .../virt/kvm/x86/amd-memory-encryption.rst | 39 ++++ arch/x86/include/uapi/asm/kvm.h | 15 ++ arch/x86/kvm/svm/sev.c | 218 ++++++++++++++++++ 3 files changed, 272 insertions(+) diff --git a/Documentation/virt/kvm/x86/amd-memory-encryption.rst b/Documentation/virt/kvm/x86/amd-memory-encryption.rst index 1b042f827eab..1ee8401de72d 100644 --- a/Documentation/virt/kvm/x86/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/x86/amd-memory-encryption.rst @@ -478,6 +478,45 @@ Returns: 0 on success, -negative on error See the SEV-SNP spec [snp-fw-abi]_ for further detail on the launch input. +19. KVM_SEV_SNP_LAUNCH_UPDATE +----------------------------- + +The KVM_SEV_SNP_LAUNCH_UPDATE command is used for loading userspace-provided +data into a guest GPA range, measuring the contents into the SNP guest context +created by KVM_SEV_SNP_LAUNCH_START, and then encrypting/validating that GPA +range so that it will be immediately readable using the encryption key +associated with the guest context once it is booted, after which point it can +attest the measurement associated with its context before unlocking any +secrets. + +It is required that the GPA ranges initialized by this command have had the +KVM_MEMORY_ATTRIBUTE_PRIVATE attribute set in advance. See the documentation +for KVM_SET_MEMORY_ATTRIBUTES for more details on this aspect. + +Parameters (in): struct kvm_sev_snp_launch_update + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_snp_launch_update { + __u64 gfn_start; /* Guest page number to load/encrypt data into. */ + __u64 uaddr; /* Userspace address of data to be loaded/encrypted. */ + __u32 len; /* 4k-aligned length in bytes to copy into guest memory.*/ + __u8 type; /* The type of the guest pages being initialized. */ + }; + +where the allowed values for page_type are #define'd as:: + + KVM_SEV_SNP_PAGE_TYPE_NORMAL + KVM_SEV_SNP_PAGE_TYPE_ZERO + KVM_SEV_SNP_PAGE_TYPE_UNMEASURED + KVM_SEV_SNP_PAGE_TYPE_SECRETS + KVM_SEV_SNP_PAGE_TYPE_CPUID + +See the SEV-SNP spec [snp-fw-abi]_ for further details on how each page type is +used/measured. + Device attribute API ==================== diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h index bdf8c5461a36..8612aec97f55 100644 --- a/arch/x86/include/uapi/asm/kvm.h +++ b/arch/x86/include/uapi/asm/kvm.h @@ -699,6 +699,7 @@ enum sev_cmd_id { /* SNP-specific commands */ KVM_SEV_SNP_LAUNCH_START = 100, + KVM_SEV_SNP_LAUNCH_UPDATE, KVM_SEV_NR_MAX, }; @@ -830,6 +831,20 @@ struct kvm_sev_snp_launch_start { __u8 gosvw[16]; }; +/* Kept in sync with firmware values for simplicity. */ +#define KVM_SEV_SNP_PAGE_TYPE_NORMAL 0x1 +#define KVM_SEV_SNP_PAGE_TYPE_ZERO 0x3 +#define KVM_SEV_SNP_PAGE_TYPE_UNMEASURED 0x4 +#define KVM_SEV_SNP_PAGE_TYPE_SECRETS 0x5 +#define KVM_SEV_SNP_PAGE_TYPE_CPUID 0x6 + +struct kvm_sev_snp_launch_update { + __u64 gfn_start; + __u64 uaddr; + __u32 len; + __u8 type; +}; + #define KVM_X2APIC_API_USE_32BIT_IDS (1ULL << 0) #define KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK (1ULL << 1) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 4c5abc0e7806..e721152bae00 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -262,6 +262,35 @@ static void sev_decommission(unsigned int handle) sev_guest_decommission(&decommission, NULL); } +static int snp_page_reclaim(u64 pfn) +{ + struct sev_data_snp_page_reclaim data = {0}; + int err, rc; + + data.paddr = __sme_set(pfn << PAGE_SHIFT); + rc = sev_do_cmd(SEV_CMD_SNP_PAGE_RECLAIM, &data, &err); + if (WARN_ON_ONCE(rc)) { + /* + * This shouldn't happen under normal circumstances, but if the + * reclaim failed, then the page is no longer safe to use. + */ + snp_leak_pages(pfn, 1); + } + + return rc; +} + +static int host_rmp_make_shared(u64 pfn, enum pg_level level) +{ + int rc; + + rc = rmp_make_shared(pfn, level); + if (rc) + snp_leak_pages(pfn, page_level_size(level) >> PAGE_SHIFT); + + return rc; +} + static void sev_unbind_asid(struct kvm *kvm, unsigned int handle) { struct sev_data_deactivate deactivate; @@ -2131,6 +2160,192 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp) return rc; } +struct sev_gmem_populate_args { + __u8 type; + int sev_fd; + int fw_error; +}; + +static int sev_gmem_post_populate(struct kvm *kvm, gfn_t gfn_start, kvm_pfn_t pfn, + void __user *src, int order, void *opaque) +{ + struct sev_gmem_populate_args *sev_populate_args = opaque; + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + int n_private = 0, ret, i; + int npages = (1 << order); + gfn_t gfn; + + pr_debug("%s: gfn_start %llx pfn_start %llx npages %d\n", + __func__, gfn_start, pfn, npages); + + for (gfn = gfn_start, i = 0; gfn < gfn_start + npages; gfn++, i++) { + struct sev_data_snp_launch_update fw_args = {0}; + bool assigned; + void *vaddr; + int level; + + if (!kvm_mem_is_private(kvm, gfn)) { + pr_debug("%s: Failed to ensure GFN 0x%llx has private memory attribute set\n", + __func__, gfn); + ret = -EINVAL; + break; + } + + ret = snp_lookup_rmpentry((u64)pfn + i, &assigned, &level); + if (ret || assigned) { + pr_debug("%s: Failed to ensure GFN 0x%llx RMP entry is initial shared state, ret: %d assigned: %d\n", + __func__, gfn, ret, assigned); + ret = -EINVAL; + break; + } + + vaddr = kmap_local_pfn(pfn + i); + ret = copy_from_user(vaddr, src + i * PAGE_SIZE, PAGE_SIZE); + if (ret) { + pr_debug("Failed to copy source page into GFN 0x%llx\n", gfn); + goto out_unmap; + } + + ret = rmp_make_private(pfn + i, gfn << PAGE_SHIFT, PG_LEVEL_4K, + sev_get_asid(kvm), true); + if (ret) { + pr_debug("%s: Failed to convert GFN 0x%llx to private, ret: %d\n", + __func__, gfn, ret); + goto out_unmap; + } + + n_private++; + + fw_args.gctx_paddr = __psp_pa(sev->snp_context); + fw_args.address = __sme_set(pfn_to_hpa(pfn + i)); + fw_args.page_size = PG_LEVEL_TO_RMP(PG_LEVEL_4K); + fw_args.page_type = sev_populate_args->type; + ret = __sev_issue_cmd(sev_populate_args->sev_fd, SEV_CMD_SNP_LAUNCH_UPDATE, + &fw_args, &sev_populate_args->fw_error); + if (ret) { + pr_debug("%s: SEV-SNP launch update failed, ret: 0x%x, fw_error: 0x%x\n", + __func__, ret, sev_populate_args->fw_error); + + if (snp_page_reclaim(pfn + i)) + goto out_unmap; + + /* + * When invalid CPUID function entries are detected, + * firmware writes the expected values into the page and + * leaves it unencrypted so it can be used for debugging + * and error-reporting. + * + * Copy this page back into the source buffer so + * userspace can use this information to provide + * information on which CPUID leaves/fields failed CPUID + * validation. + */ + if (sev_populate_args->type == KVM_SEV_SNP_PAGE_TYPE_CPUID && + sev_populate_args->fw_error == SEV_RET_INVALID_PARAM) { + host_rmp_make_shared(pfn + i, PG_LEVEL_4K); + + if (copy_to_user(src + i * PAGE_SIZE, + vaddr, PAGE_SIZE)) + pr_debug("Failed to write CPUID page back to userspace\n"); + } + } + +out_unmap: + kunmap_local(vaddr); + if (ret) + break; + } + + if (ret) { + pr_debug("%s: exiting with error ret %d, undoing %d populated gmem pages.\n", + __func__, ret, n_private); + for (i = 0; i < n_private; i++) + host_rmp_make_shared(pfn + i, PG_LEVEL_4K); + } + + return ret; +} + +static int snp_launch_update(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_gmem_populate_args sev_populate_args = {0}; + struct kvm_sev_snp_launch_update params; + struct kvm_memory_slot *memslot; + unsigned int npages; + int ret = 0; + + if (!sev_snp_guest(kvm) || !sev->snp_context) + return -EINVAL; + + if (copy_from_user(¶ms, u64_to_user_ptr(argp->data), sizeof(params))) + return -EFAULT; + + if (!IS_ALIGNED(params.len, PAGE_SIZE) || + (params.type != KVM_SEV_SNP_PAGE_TYPE_NORMAL && + params.type != KVM_SEV_SNP_PAGE_TYPE_ZERO && + params.type != KVM_SEV_SNP_PAGE_TYPE_UNMEASURED && + params.type != KVM_SEV_SNP_PAGE_TYPE_SECRETS && + params.type != KVM_SEV_SNP_PAGE_TYPE_CPUID)) + return -EINVAL; + + npages = params.len / PAGE_SIZE; + + pr_debug("%s: GFN range 0x%llx-0x%llx type %d\n", __func__, + params.gfn_start, params.gfn_start + npages, params.type); + + /* + * For each GFN that's being prepared as part of the initial guest + * state, the following pre-conditions are verified: + * + * 1) The backing memslot is a valid private memslot. + * 2) The GFN has been set to private via KVM_SET_MEMORY_ATTRIBUTES + * beforehand. + * 3) The PFN of the guest_memfd has not already been set to private + * in the RMP table. + * + * The KVM MMU relies on kvm->mmu_invalidate_seq to retry nested page + * faults if there's a race between a fault and an attribute update via + * KVM_SET_MEMORY_ATTRIBUTES, and a similar approach could be utilized + * here. However, kvm->slots_lock guards against both this as well as + * concurrent memslot updates occurring while these checks are being + * performed, so use that here to make it easier to reason about the + * initial expected state and better guard against unexpected + * situations. + */ + mutex_lock(&kvm->slots_lock); + + memslot = gfn_to_memslot(kvm, params.gfn_start); + if (!kvm_slot_can_be_private(memslot)) { + ret = -EINVAL; + goto out; + } + + sev_populate_args.sev_fd = argp->sev_fd; + sev_populate_args.type = params.type; + + ret = kvm_gmem_populate(kvm, params.gfn_start, u64_to_user_ptr(params.uaddr), + npages, sev_gmem_post_populate, &sev_populate_args); + if (ret < 0) { + argp->error = sev_populate_args.fw_error; + pr_debug("%s: kvm_gmem_populate failed, ret %d (fw_error %d)\n", + __func__, ret, argp->error); + } else if (ret < npages) { + params.len = ret * PAGE_SIZE; + ret = -EINTR; + } else if (WARN_ONCE(ret > npages, "Completed page count %d exceeds requested amount %d", + ret, npages)) { + ret = -EINVAL; + } else { + ret = 0; + } + +out: + mutex_unlock(&kvm->slots_lock); + + return ret; +} + int sev_mem_enc_ioctl(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -2230,6 +2445,9 @@ int sev_mem_enc_ioctl(struct kvm *kvm, void __user *argp) case KVM_SEV_SNP_LAUNCH_START: r = snp_launch_start(kvm, &sev_cmd); break; + case KVM_SEV_SNP_LAUNCH_UPDATE: + r = snp_launch_update(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; From patchwork Thu Apr 18 19:41:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 789994 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2080.outbound.protection.outlook.com [40.107.223.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EED541802A1; Thu, 18 Apr 2024 19:43:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.80 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469388; cv=fail; b=Fj1JqBN4ku2Rl2W+1vSXKr+KwWpT2eAMrGLrDf5FTnRO01RuNrkQT5Yykq03FURe+0bSFfWR/+RgnjbtwKtPKzfqceZSHLgB3YSSq/qfiMW04xFPFU4YLEIqqUXjj0n2hnprdnqbmsgpjfBLQV8ZzP5utCpxKk+oOtL1/10e42Y= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469388; c=relaxed/simple; bh=Q6cWs2VsGOQGBmLHmT7yPdiwV7ZlVSgYt+ytJL60XN8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=rkHUBxkTtGBhcPoOE0ySLyRrZgjSXVsXLqehw5dnIAezc6ziIWKhLGs8tAq0Q64R9IJFDatiL+sVv/9rPWoA+Kv+Hs0+/eq/D1Fn78RdizqR6eJFm8XSjfFHp61SfUvdV24H2ZhWZFMLgeM5XGvuFen0TZvQQH8x5kGimlyIrxI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=gRz+w7pD; arc=fail smtp.client-ip=40.107.223.80 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="gRz+w7pD" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MMEo8ffD/RcexWMrfcLCnbiqRqKOzj1M+7z5N9mepEzeEidCocoJtlAeNZXdbTbLS6ZlizEb8ph2/CS5W/IAINH3gsWgvy1BFDDfyPRnDC7I8KWfyNz+k1IqL9+Mu61kHq74llWKm2VLeBmtLJPgNiFlYjE647bHmBtfrbD1ZnUBxGu31FLvDU5ScJgHil/GKGfbyBMgpD+gbZJvAm641WrcizEDY1UbV1MFScebBE+V0EZGDEg/Aa1dVURsuYwutV1BTDuE8LaEli+b2jTBbeB7W1TwnOh8lG4JrEH4F+S9Ha6/3S7Te3n1Nf/Z99AXkkKX04o/kjAQmjTsj0lH2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Kuj1lGUvBaBYHpJdgusufrHcacwMwYIxdcX39fXMHgc=; b=CzqYCB7BGjIt/HS2stQhHwWupnWvjSSjaGJLuSvbhOiba8og0Qwuvj9gghxSFbJzEMoDlf5XmBdv997EgJUjZ5OwEMJLfvBrUzLp9FJFS+yCPA8ltbaq1PJESSsOkyihTOFamL+1q2YY32hzpaBIhP1wvtWZXIEhriRj8ZkgBp4RKWXIYR8J2RpRRI6gUFWvmCSkQhpBlrNom+LwGHPaJffM1TU34KS8t37du8VVfSKaF/1xXP1knzB7Ci2YXiR3af5LqYrvEL7eYNYsDa+Rbg6RZDIwUSlsf62OYpQPG0Y+S/fQN9LpURblZzHA/Jv0QE2mp3CymwHKB9sZWSlENg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Kuj1lGUvBaBYHpJdgusufrHcacwMwYIxdcX39fXMHgc=; b=gRz+w7pD5X9+pn3wqUqxZ80fFE0JsWOfSqFwa+dLj94FFBgdYoX2xFDCErcTMpvSFzwjb7OhxpGYOMK+NUuN07GxNKGBm43zQ+OmKqcjFI/G3VUDomTfdU7pQcewQPTnZct/yx3T8P6bQptu3SiP8czHXtja58T/fzJZhWD+wLI= Received: from SJ0PR05CA0171.namprd05.prod.outlook.com (2603:10b6:a03:339::26) by DM4PR12MB5867.namprd12.prod.outlook.com (2603:10b6:8:66::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.40; Thu, 18 Apr 2024 19:43:04 +0000 Received: from SJ5PEPF000001C8.namprd05.prod.outlook.com (2603:10b6:a03:339:cafe::a) by SJ0PR05CA0171.outlook.office365.com (2603:10b6:a03:339::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7495.23 via Frontend Transport; Thu, 18 Apr 2024 19:43:04 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ5PEPF000001C8.mail.protection.outlook.com (10.167.242.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7452.22 via Frontend Transport; Thu, 18 Apr 2024 19:43:04 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 18 Apr 2024 14:43:02 -0500 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh , Harald Hoyer Subject: [PATCH v13 11/26] KVM: SEV: Add KVM_SEV_SNP_LAUNCH_FINISH command Date: Thu, 18 Apr 2024 14:41:18 -0500 Message-ID: <20240418194133.1452059-12-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240418194133.1452059-1-michael.roth@amd.com> References: <20240418194133.1452059-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001C8:EE_|DM4PR12MB5867:EE_ X-MS-Office365-Filtering-Correlation-Id: 1f8a2e6a-6785-4e39-a625-08dc5fdfc37e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: UpjE8AjM/uSDpgbTAKgAA+d0HMX6rJfGrvmllu4aNYSJ8RyLSw2tgtYw0SOHRsb9S5iZajYvmGWjfHHNJQnHAgGZORRZqqYQFqubyA0x20wJdaaezvb9NGrcyUFPjFwecjktkrpzOJBGxh1s2P/pWtvDmouw9q0CL48IXvoDfm4UlrLcyEs05aBA2Zn9+CDDOsuM/WMB057cFWKsRBJqWgI+WuLWXkwb0I8IbM7xbVLzf7d1OsTx9p9Txd0Go972GE0+F9j2WCjD6VVnFnpXKauHqycFMbxNSvjJp2O741+ZzmkLg6JVYT9/SqFu7bXTxSMMgWaMzhDY0/PnzCm+vCO3hEujE6NiRFiLxLm9zoT141AvyD3LZZgyVlMEnQ2rxoW5yvrcfhv6b12K/y33blkcEaDhdFbd9fFfsLgJe09Y7z0CJIv9cOmdqsMA5efy3tVWh+aouJL9dvlRAreZbHh6GHrtG6Sh8g0IRR1gjyi3Fei67UFPE84dvNowvGmRQwI+w2JWlQB5QExmBLmzMCwGN2Fy4vcE638G2y+wbEVG18jY8WWWKQu3aQLJJmqGviH8OAdrqLGrGiIMEl3ok7qPSY9ls5e56M4HCjx5bHPat+3057LX1GZFYfTeaSFunfqc0M/hdKOvPuVcfzb9jKE6MW25zyRlBKp1oXswQG9F6qkn9XgJBMmr0Kar96/L70ODA+uAHuK7dcicRiC6anyBP7urwRInylUb83kvZkhfYH16o1+zBDTE68+Xf4Mn X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(82310400014)(376005)(1800799015)(7416005)(36860700004); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2024 19:43:04.0564 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1f8a2e6a-6785-4e39-a625-08dc5fdfc37e X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001C8.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5867 From: Brijesh Singh Add a KVM_SEV_SNP_LAUNCH_FINISH command to finalize the cryptographic launch digest which stores the measurement of the guest at launch time. Also extend the existing SNP firmware data structures to support disabling the use of Versioned Chip Endorsement Keys (VCEK) by guests as part of this command. While finalizing the launch flow, the code also issues the LAUNCH_UPDATE SNP firmware commands to encrypt/measure the initial VMSA pages for each configured vCPU, which requires setting the RMP entries for those pages to private, so also add handling to clean up the RMP entries for these pages whening freeing vCPUs during shutdown. Signed-off-by: Brijesh Singh Co-developed-by: Michael Roth Signed-off-by: Michael Roth Signed-off-by: Harald Hoyer Signed-off-by: Ashish Kalra --- .../virt/kvm/x86/amd-memory-encryption.rst | 26 ++++ arch/x86/include/uapi/asm/kvm.h | 15 +++ arch/x86/kvm/svm/sev.c | 123 ++++++++++++++++++ include/linux/psp-sev.h | 4 +- 4 files changed, 167 insertions(+), 1 deletion(-) diff --git a/Documentation/virt/kvm/x86/amd-memory-encryption.rst b/Documentation/virt/kvm/x86/amd-memory-encryption.rst index 1ee8401de72d..d2fea9874f68 100644 --- a/Documentation/virt/kvm/x86/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/x86/amd-memory-encryption.rst @@ -517,6 +517,32 @@ where the allowed values for page_type are #define'd as:: See the SEV-SNP spec [snp-fw-abi]_ for further details on how each page type is used/measured. +20. KVM_SEV_SNP_LAUNCH_FINISH +----------------------------- + +After completion of the SNP guest launch flow, the KVM_SEV_SNP_LAUNCH_FINISH +command can be issued to make the guest ready for execution. + +Parameters (in): struct kvm_sev_snp_launch_finish + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_snp_launch_finish { + __u64 id_block_uaddr; + __u64 id_auth_uaddr; + __u8 id_block_en; + __u8 auth_key_en; + __u8 vcek_disabled; + __u8 host_data[32]; + __u8 pad0[5]; + }; + + +See SNP_LAUNCH_FINISH in the SEV-SNP specification [snp-fw-abi]_ for further +details on the input parameters in ``struct kvm_sev_snp_launch_finish``. + Device attribute API ==================== diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h index 8612aec97f55..1d1f149d035e 100644 --- a/arch/x86/include/uapi/asm/kvm.h +++ b/arch/x86/include/uapi/asm/kvm.h @@ -700,6 +700,7 @@ enum sev_cmd_id { /* SNP-specific commands */ KVM_SEV_SNP_LAUNCH_START = 100, KVM_SEV_SNP_LAUNCH_UPDATE, + KVM_SEV_SNP_LAUNCH_FINISH, KVM_SEV_NR_MAX, }; @@ -845,6 +846,20 @@ struct kvm_sev_snp_launch_update { __u8 type; }; +#define KVM_SEV_SNP_ID_BLOCK_SIZE 96 +#define KVM_SEV_SNP_ID_AUTH_SIZE 4096 +#define KVM_SEV_SNP_FINISH_DATA_SIZE 32 + +struct kvm_sev_snp_launch_finish { + __u64 id_block_uaddr; + __u64 id_auth_uaddr; + __u8 id_block_en; + __u8 auth_key_en; + __u8 vcek_disabled; + __u8 host_data[KVM_SEV_SNP_FINISH_DATA_SIZE]; + __u8 pad0[5]; +}; + #define KVM_X2APIC_API_USE_32BIT_IDS (1ULL << 0) #define KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK (1ULL << 1) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index e721152bae00..78412c7c6708 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -78,6 +78,8 @@ static u64 sev_supported_vmsa_features; #define SNP_POLICY_API_MAJOR 1 #define SNP_POLICY_API_MINOR 51 +#define INITIAL_VMSA_GPA 0xFFFFFFFFF000 + static u8 sev_enc_bit; static DECLARE_RWSEM(sev_deactivate_lock); static DEFINE_MUTEX(sev_bitmap_lock); @@ -2346,6 +2348,111 @@ static int snp_launch_update(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int snp_launch_update_vmsa(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_snp_launch_update data = {}; + struct kvm_vcpu *vcpu; + unsigned long i; + int ret; + + data.gctx_paddr = __psp_pa(sev->snp_context); + data.page_type = SNP_PAGE_TYPE_VMSA; + + kvm_for_each_vcpu(i, vcpu, kvm) { + struct vcpu_svm *svm = to_svm(vcpu); + u64 pfn = __pa(svm->sev_es.vmsa) >> PAGE_SHIFT; + + /* Perform some pre-encryption checks against the VMSA */ + ret = sev_es_sync_vmsa(svm); + if (ret) + return ret; + + /* Transition the VMSA page to a firmware state. */ + ret = rmp_make_private(pfn, INITIAL_VMSA_GPA, PG_LEVEL_4K, sev->asid, true); + if (ret) + return ret; + + /* Issue the SNP command to encrypt the VMSA */ + data.address = __sme_pa(svm->sev_es.vmsa); + ret = __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_LAUNCH_UPDATE, + &data, &argp->error); + if (ret) { + snp_page_reclaim(pfn); + return ret; + } + + svm->vcpu.arch.guest_state_protected = true; + } + + return 0; +} + +static int snp_launch_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct kvm_sev_snp_launch_finish params; + struct sev_data_snp_launch_finish *data; + void *id_block = NULL, *id_auth = NULL; + int ret; + + if (!sev_snp_guest(kvm)) + return -ENOTTY; + + if (!sev->snp_context) + return -EINVAL; + + if (copy_from_user(¶ms, u64_to_user_ptr(argp->data), sizeof(params))) + return -EFAULT; + + /* Measure all vCPUs using LAUNCH_UPDATE before finalizing the launch flow. */ + ret = snp_launch_update_vmsa(kvm, argp); + if (ret) + return ret; + + data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT); + if (!data) + return -ENOMEM; + + if (params.id_block_en) { + id_block = psp_copy_user_blob(params.id_block_uaddr, KVM_SEV_SNP_ID_BLOCK_SIZE); + if (IS_ERR(id_block)) { + ret = PTR_ERR(id_block); + goto e_free; + } + + data->id_block_en = 1; + data->id_block_paddr = __sme_pa(id_block); + + id_auth = psp_copy_user_blob(params.id_auth_uaddr, KVM_SEV_SNP_ID_AUTH_SIZE); + if (IS_ERR(id_auth)) { + ret = PTR_ERR(id_auth); + goto e_free_id_block; + } + + data->id_auth_paddr = __sme_pa(id_auth); + + if (params.auth_key_en) + data->auth_key_en = 1; + } + + data->vcek_disabled = params.vcek_disabled; + + memcpy(data->host_data, params.host_data, KVM_SEV_SNP_FINISH_DATA_SIZE); + data->gctx_paddr = __psp_pa(sev->snp_context); + ret = sev_issue_cmd(kvm, SEV_CMD_SNP_LAUNCH_FINISH, data, &argp->error); + + kfree(id_auth); + +e_free_id_block: + kfree(id_block); + +e_free: + kfree(data); + + return ret; +} + int sev_mem_enc_ioctl(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -2448,6 +2555,9 @@ int sev_mem_enc_ioctl(struct kvm *kvm, void __user *argp) case KVM_SEV_SNP_LAUNCH_UPDATE: r = snp_launch_update(kvm, &sev_cmd); break; + case KVM_SEV_SNP_LAUNCH_FINISH: + r = snp_launch_finish(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; @@ -2938,11 +3048,24 @@ void sev_free_vcpu(struct kvm_vcpu *vcpu) svm = to_svm(vcpu); + /* + * If it's an SNP guest, then the VMSA was marked in the RMP table as + * a guest-owned page. Transition the page to hypervisor state before + * releasing it back to the system. + */ + if (sev_snp_guest(vcpu->kvm)) { + u64 pfn = __pa(svm->sev_es.vmsa) >> PAGE_SHIFT; + + if (host_rmp_make_shared(pfn, PG_LEVEL_4K)) + goto skip_vmsa_free; + } + if (vcpu->arch.guest_state_protected) sev_flush_encrypted_page(vcpu, svm->sev_es.vmsa); __free_page(virt_to_page(svm->sev_es.vmsa)); +skip_vmsa_free: if (svm->sev_es.ghcb_sa_free) kvfree(svm->sev_es.ghcb_sa); } diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 3705c2044fc0..903ddfea8585 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -658,6 +658,7 @@ struct sev_data_snp_launch_update { * @id_auth_paddr: system physical address of ID block authentication structure * @id_block_en: indicates whether ID block is present * @auth_key_en: indicates whether author key is present in authentication structure + * @vcek_disabled: indicates whether use of VCEK is allowed for attestation reports * @rsvd: reserved * @host_data: host-supplied data for guest, not interpreted by firmware */ @@ -667,7 +668,8 @@ struct sev_data_snp_launch_finish { u64 id_auth_paddr; u8 id_block_en:1; u8 auth_key_en:1; - u64 rsvd:62; + u8 vcek_disabled:1; + u64 rsvd:61; u8 host_data[32]; } __packed; From patchwork Thu Apr 18 19:41:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 789993 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2065.outbound.protection.outlook.com [40.107.243.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C7928184115; Thu, 18 Apr 2024 19:43:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.65 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469433; cv=fail; b=qYj/yl7s8DPJWJ/mVYba7Ah4BQxOZnC8+Owac72xAnvdxuFxYONNbamtQDNi+PQHvh2XTmp0i0mOKxx+nZposfKQ6wtm5RudbEdVirDewPp8RldAaRRKDId2XlXqG82yeyfHXl9ndrX8T8IkBY102sXBFAGCB4wk2gg2t+ymq6o= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469433; c=relaxed/simple; bh=rLAq34XMEVQv8c0Z/o5+oPhKMFTrzjOcOrsNpb5ISYg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=twuU22AmTTkZXqqcyNUYmYgVsKPnsY3mw8q0C1y0r9kO9Bx440Q/Jzs9++slgHVtOATcHy2KDJM5nGjKU+eFQYtqNf5Zx/qu4gwUQXWvMeyWpvv4AJL0sIpzbqZ9Tmmf/R6yo9aOWhmYG9yBve/TG4xc4/cgcsQn5IAnIfskAK0= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=c790ecvn; arc=fail smtp.client-ip=40.107.243.65 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="c790ecvn" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X1zZ6Cq2hz+Qa/LbONgG/j29dgq/XqJivPydJ/U4ean7tjTmRiHXMcSlOvgNkylkk5pXZtDT1dF+B8lHtVFtwrKcrBY0s03Lf+d1czU/ekZx9IseqxpxKvJBy8YSIJ6EJKgMJ2N8Joltv/F8T8S07Q3D4jtgs7YDVXLPeBd2HHWuTh10tTvU1oQGfDS6WlJGi90sg/ZomI/cjY7CGXSp3ZnXaEXToH80LXKjnggV606vhdt39EcZ7eDsgJHOyq2UJB12szvv1as3f1V+NTonUMRcxB33qudHOyib252qaK+VUocbolb76MEnVPRmq3EFWghx5ubvf7TqXEicRVwcmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=12gx8ZJ/+J9ECH2zomhP0cJOn0P844ugNmMM4dsuM0g=; b=hJ8MpYuelRRT2CnloRTUmxr+P/lB0gLWZw1IhnAITd5OG78QMa/pJAze41bTGbrTeHpjmb0JkjXxzmHSJVYLOJhIkWoIvwNnFu7opYymnrZlHVYCg372hsSJ2B88TTkiz9/BvqN4i7noh6dY687I43iBgp1vABgE+wbm3wPhV2O7Va91uhagedCHivpsR96X3zAINvr9P9p6vIrUrBuXRjP4/KOw9As9mN9HMSYjUnyQh307sncaN+0FM08x1OMPuffnVdHOBBtujfJVrQDxTonMGrfYb7R3bfU6JiWBsFxqSFA7YEmwzvWSzOCchu4D+O5xXrDHempdqpRe+gg1Dg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=12gx8ZJ/+J9ECH2zomhP0cJOn0P844ugNmMM4dsuM0g=; b=c790ecvnJHjlTya/uwjAcYXBjLuVXD97xjTAU60wnE1a47ZsNoL8oy6koDIijOmQhHpOvmI8+UWLmAY2HjtcT1YLIMSfwKjK/wZ1bcbOuyVL3mqHYa+1E0/S4h1mdipy2duwDvehxackE9B6SK6YOiVmMfyMQ26Tmt1rMJdF/tQ= Received: from SJ0PR13CA0100.namprd13.prod.outlook.com (2603:10b6:a03:2c5::15) by SJ2PR12MB7919.namprd12.prod.outlook.com (2603:10b6:a03:4cc::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.39; Thu, 18 Apr 2024 19:43:48 +0000 Received: from SJ5PEPF000001CB.namprd05.prod.outlook.com (2603:10b6:a03:2c5:cafe::ea) by SJ0PR13CA0100.outlook.office365.com (2603:10b6:a03:2c5::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7519.12 via Frontend Transport; Thu, 18 Apr 2024 19:43:48 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ5PEPF000001CB.mail.protection.outlook.com (10.167.242.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7452.22 via Frontend Transport; Thu, 18 Apr 2024 19:43:48 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 18 Apr 2024 14:43:47 -0500 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh Subject: [PATCH v13 13/26] KVM: SEV: Add support to handle MSR based Page State Change VMGEXIT Date: Thu, 18 Apr 2024 14:41:20 -0500 Message-ID: <20240418194133.1452059-14-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240418194133.1452059-1-michael.roth@amd.com> References: <20240418194133.1452059-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001CB:EE_|SJ2PR12MB7919:EE_ X-MS-Office365-Filtering-Correlation-Id: 0b8be7ef-3f76-4bb7-1d0c-08dc5fdfdde2 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: VKcms8zrtwP4cFSxEkBN8aLMjqLu0aDFFJt3dPogWTdfsOEOanSkzNsYJJeU7H0ZYlxo62xq6ljYM+xKrN7hoq3My5yVbGClxZ8lNF7eTSfQhORBzhlzfkY6WAhkbL2tiRH5kaa//rhoZHmLtY5J1yWf05y/mZRxt7H7qbwUxjXHs2Vy9ioh1jid5Ndx1ikyct9KPSUZU3ltcVq+O00PO7218HD59gKD50BEx86RxbErqM4GmeKr2UlplHIm1D519trNdX8vqUuigMIACpgdE/p0zYgMmBYsG+Q0jTn8tEzafvC8x23rGqiFgEm/KZtY55JOk1XRoyaPueaaVLmZu9zpSBS0jguq1ykDJwCnjXEN6OKzqqZBvrTww3qxo0j5JC186sWdj7/Te9K5CKRtB4o/LSwKCkSBq1KoM/lLz9ZipAqr9cUkkYXRFBeFL57kbkqNzjXNg9iuKQ/ShxvdfRBahb9fcwVXl/6Jf5KPlHmOZkF97fYvEC02XMVkxghcFOVuxZeOxAX/GTUR4H065VE2CSHQF6gg0pWsc8bKLAtExQvM3P6SpACLqUThbTfnuLjsqT7CakjQAF97CD5TKTPyEj3EXz7h968q4KGZ4Xk9wkP5J8qL7QheiRJGhnj1MVCKmRng6YrhD+GNqTh+FdKsKV5U0cD7lCjEBQBgUj9wcA+KZg4GRQYVni+DF4EePRlaYXE+zE52eUFa1b9iABuyQstNGAiVtnp/ChppWFWAFEwvihQm/fYRQogxdF+e X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(7416005)(82310400014)(376005)(36860700004)(1800799015); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2024 19:43:48.3446 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0b8be7ef-3f76-4bb7-1d0c-08dc5fdfdde2 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001CB.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR12MB7919 From: Brijesh Singh SEV-SNP VMs can ask the hypervisor to change the page state in the RMP table to be private or shared using the Page State Change MSR protocol as defined in the GHCB specification. When using gmem, private/shared memory is allocated through separate pools, and KVM relies on userspace issuing a KVM_SET_MEMORY_ATTRIBUTES KVM ioctl to tell the KVM MMU whether or not a particular GFN should be backed by private memory or not. Forward these page state change requests to userspace so that it can issue the expected KVM ioctls. The KVM MMU will handle updating the RMP entries when it is ready to map a private page into a guest. Define a new KVM_EXIT_VMGEXIT for exits of this type, and structure it so that it can be extended for other cases where VMGEXITs need some level of handling in userspace. Co-developed-by: Michael Roth Signed-off-by: Michael Roth Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- Documentation/virt/kvm/api.rst | 33 +++++++++++++++++++++++++++++++ arch/x86/include/asm/sev-common.h | 6 ++++++ arch/x86/kvm/svm/sev.c | 33 +++++++++++++++++++++++++++++++ include/uapi/linux/kvm.h | 17 ++++++++++++++++ 4 files changed, 89 insertions(+) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index f0b76ff5030d..4a7a2945bc78 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -7060,6 +7060,39 @@ Please note that the kernel is allowed to use the kvm_run structure as the primary storage for certain register types. Therefore, the kernel may use the values in kvm_run even if the corresponding bit in kvm_dirty_regs is not set. +:: + + /* KVM_EXIT_VMGEXIT */ + struct kvm_user_vmgexit { + #define KVM_USER_VMGEXIT_PSC_MSR 1 + __u32 type; /* KVM_USER_VMGEXIT_* type */ + union { + struct { + __u64 gpa; + #define KVM_USER_VMGEXIT_PSC_MSR_OP_PRIVATE 1 + #define KVM_USER_VMGEXIT_PSC_MSR_OP_SHARED 2 + __u8 op; + __u32 ret; + } psc_msr; + }; + }; + +If exit reason is KVM_EXIT_VMGEXIT then it indicates that an SEV-SNP guest +has issued a VMGEXIT instruction (as documented by the AMD Architecture +Programmer's Manual (APM)) to the hypervisor that needs to be serviced by +userspace. These are generally handled by the host kernel, but in some +cases some aspects handling a VMGEXIT are handled by userspace. + +A kvm_user_vmgexit structure is defined to encapsulate the data to be +sent to or returned by userspace. The type field defines the specific type +of exit that needs to be serviced, and that type is used as a discriminator +to determine which union type should be used for input/output. + +For the KVM_USER_VMGEXIT_PSC_MSR type, the psc_msr union type is used. The +kernel will supply the 'gpa' and 'op' fields, and userspace is expected to +update the private/shared state of the GPA using the corresponding +KVM_SET_MEMORY_ATTRIBUTES ioctl. The 'ret' field is to be set to 0 by +userpace on success, or some non-zero value on failure. 6. Capabilities that can be enabled on vCPUs ============================================ diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h index 1006bfffe07a..6d68db812de1 100644 --- a/arch/x86/include/asm/sev-common.h +++ b/arch/x86/include/asm/sev-common.h @@ -101,11 +101,17 @@ enum psc_op { /* GHCBData[11:0] */ \ GHCB_MSR_PSC_REQ) +#define GHCB_MSR_PSC_REQ_TO_GFN(msr) (((msr) & GENMASK_ULL(51, 12)) >> 12) +#define GHCB_MSR_PSC_REQ_TO_OP(msr) (((msr) & GENMASK_ULL(55, 52)) >> 52) + #define GHCB_MSR_PSC_RESP 0x015 #define GHCB_MSR_PSC_RESP_VAL(val) \ /* GHCBData[63:32] */ \ (((u64)(val) & GENMASK_ULL(63, 32)) >> 32) +/* Set highest bit as a generic error response */ +#define GHCB_MSR_PSC_RESP_ERROR (BIT_ULL(63) | GHCB_MSR_PSC_RESP) + /* GHCB Hypervisor Feature Request/Response */ #define GHCB_MSR_HV_FT_REQ 0x080 #define GHCB_MSR_HV_FT_RESP 0x081 diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index bd7f46c61c64..e982468554cb 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3454,6 +3454,36 @@ static void set_ghcb_msr(struct vcpu_svm *svm, u64 value) svm->vmcb->control.ghcb_gpa = value; } +static int snp_complete_psc_msr(struct kvm_vcpu *vcpu) +{ + struct vcpu_svm *svm = to_svm(vcpu); + u64 vmm_ret = vcpu->run->vmgexit.psc_msr.ret; + + set_ghcb_msr(svm, (vmm_ret << 32) | GHCB_MSR_PSC_RESP); + + return 1; /* resume guest */ +} + +static int snp_begin_psc_msr(struct kvm_vcpu *vcpu, u64 ghcb_msr) +{ + u64 gpa = gfn_to_gpa(GHCB_MSR_PSC_REQ_TO_GFN(ghcb_msr)); + u8 op = GHCB_MSR_PSC_REQ_TO_OP(ghcb_msr); + struct vcpu_svm *svm = to_svm(vcpu); + + if (op != SNP_PAGE_STATE_PRIVATE && op != SNP_PAGE_STATE_SHARED) { + set_ghcb_msr(svm, GHCB_MSR_PSC_RESP_ERROR); + return 1; /* resume guest */ + } + + vcpu->run->exit_reason = KVM_EXIT_VMGEXIT; + vcpu->run->vmgexit.type = KVM_USER_VMGEXIT_PSC_MSR; + vcpu->run->vmgexit.psc_msr.gpa = gpa; + vcpu->run->vmgexit.psc_msr.op = op; + vcpu->arch.complete_userspace_io = snp_complete_psc_msr; + + return 0; /* forward request to userspace */ +} + static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) { struct vmcb_control_area *control = &svm->vmcb->control; @@ -3552,6 +3582,9 @@ static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) GHCB_MSR_INFO_POS); break; } + case GHCB_MSR_PSC_REQ: + ret = snp_begin_psc_msr(vcpu, control->ghcb_gpa); + break; case GHCB_MSR_TERM_REQ: { u64 reason_set, reason_code; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 2190adbe3002..54b81e46a9fa 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -135,6 +135,20 @@ struct kvm_xen_exit { } u; }; +struct kvm_user_vmgexit { +#define KVM_USER_VMGEXIT_PSC_MSR 1 + __u32 type; /* KVM_USER_VMGEXIT_* type */ + union { + struct { + __u64 gpa; +#define KVM_USER_VMGEXIT_PSC_MSR_OP_PRIVATE 1 +#define KVM_USER_VMGEXIT_PSC_MSR_OP_SHARED 2 + __u8 op; + __u32 ret; + } psc_msr; + }; +}; + #define KVM_S390_GET_SKEYS_NONE 1 #define KVM_S390_SKEYS_MAX 1048576 @@ -178,6 +192,7 @@ struct kvm_xen_exit { #define KVM_EXIT_NOTIFY 37 #define KVM_EXIT_LOONGARCH_IOCSR 38 #define KVM_EXIT_MEMORY_FAULT 39 +#define KVM_EXIT_VMGEXIT 40 /* For KVM_EXIT_INTERNAL_ERROR */ /* Emulate instruction failed. */ @@ -433,6 +448,8 @@ struct kvm_run { __u64 gpa; __u64 size; } memory_fault; + /* KVM_EXIT_VMGEXIT */ + struct kvm_user_vmgexit vmgexit; /* Fix the size of the union. */ char padding[256]; }; From patchwork Thu Apr 18 19:41:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 789992 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2062.outbound.protection.outlook.com [40.107.237.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3C3C6180A81; Thu, 18 Apr 2024 19:44:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.62 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469479; cv=fail; b=mm6nfM542+W/moDhTvpcekMoIV8OdZM8CgRKTW132k+X7gkeT5PXqzDHQOIv2/PJbSOnxg/UNRlBg6jlFl9dTvgHkZjd0g6OfGNV0o1kfW2PfZxqW8hP27fgUthvnBIRhssKD0W71ZC3kdS57vtcycvKBJjMe7OmqKQ2cKcLMMs= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469479; c=relaxed/simple; bh=7/Vw1JrDt+IDKHdIl8WDQYifOEiCl89gtqasf23V8/w=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=MvkUsTwOk1svxKJHYrJHC6JRjxuxWdprKsnnN/LugDLMUouekEuVIJ/ywHPQ57rDrT6W1AnI4HiYomMfBSwInjZyPTwQzSW12oyPqJ3UboJlutkqx9EG1VAyBUh0I39GYXX+MfkvxHI0abGKwA5o7bruvdUA4pR+sJnaUUwwP0Q= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=xM0IteZN; arc=fail smtp.client-ip=40.107.237.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="xM0IteZN" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XkJzUIRO5vQa+DgopxAZxvMgtCcazLqVexj4pCmcqwIRB6ZmiNf3DrBXQq7gRwvZvY521YXXPfqeYI057vT+1akU16ZH1ulT55R/mbhLZeHmCU/V6HCd2+2ohH0RecRQkpsVgiBeC1Fip6lS4VlHxhuEe47vkq2DRJw342BqkDLedUz6ct3m31lJ4QVYf2TNlth32LvkAA4XfYV39TtQDvllgkeurbWHvnc6LNqVJ/Sx6M6DWwSkYr6cjsclmzwc52/6AXCwpqbrjYi9LmoyJcQCrqiZlFiUhEnfmSYSzPegLKd8k1cWdh/VHT8qzj5b4yMG9yiXbon1OLjgBJGCqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5o7Hdanqy3xGvVx6/DviHNLXLnSs69rTRbC62GIqPKo=; b=a9fTaEtRw26d+m5+sAywzj1BuXKtvJCzlZz64L0kaB8tFMH7umEe2LLziHLxjz0f/sfWXmhpXEqcWWIyidaPamzdAQB87VptKZXMINohT4DEGaHh8Mecy0AgdxgiQwipuNGmqaPcYWkVN5+5VcAswHwxenH4WjVpAzsLCC8q+oe5e2Ddke2/zut2aVBtv80CipsxDvduQM+l285FFQDirm+XQ7HYEr9CfJBYtuvi5zQ8rpuci9uEc8Q79MSjPQUP9EhLCSEH4loya35dKDOuUtiUpBLbcrWD2UUKCjOKQoWuZl7QslIMQT1YJoeaXaC/O6oVxTzVkN6q0ovLwNXaeA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5o7Hdanqy3xGvVx6/DviHNLXLnSs69rTRbC62GIqPKo=; b=xM0IteZNdawkl5hPe90M6MCoab49gaqTMiaoZuj8bsRaEY5+0+WOFx5S9bGnMjBuxMwh5WEu8yuXDmBtpIX6zJKNLnxh9lNtH0NYJh/Zsqs5DefiqAFeSa37gf3YjMH4L7bH15JIVcqeAyCV7G+jM+AU78aUyFwlrosT0sSwFEA= Received: from BYAPR07CA0013.namprd07.prod.outlook.com (2603:10b6:a02:bc::26) by MW4PR12MB7014.namprd12.prod.outlook.com (2603:10b6:303:218::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.37; Thu, 18 Apr 2024 19:44:32 +0000 Received: from SJ5PEPF000001CF.namprd05.prod.outlook.com (2603:10b6:a02:bc:cafe::7d) by BYAPR07CA0013.outlook.office365.com (2603:10b6:a02:bc::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7495.20 via Frontend Transport; Thu, 18 Apr 2024 19:44:32 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ5PEPF000001CF.mail.protection.outlook.com (10.167.242.43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7452.22 via Frontend Transport; Thu, 18 Apr 2024 19:44:32 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 18 Apr 2024 14:44:31 -0500 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh Subject: [PATCH v13 15/26] KVM: SEV: Add support to handle RMP nested page faults Date: Thu, 18 Apr 2024 14:41:22 -0500 Message-ID: <20240418194133.1452059-16-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240418194133.1452059-1-michael.roth@amd.com> References: <20240418194133.1452059-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001CF:EE_|MW4PR12MB7014:EE_ X-MS-Office365-Filtering-Correlation-Id: 1e829004-537c-454d-d5d0-08dc5fdff840 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: qIvy8U2OrMRB0i7kTeCJYuABEZbSI6bGdgtS/ltq1fgbvKhq7emLhOJ5NLEjWpZRKl6U9OJsFKSEOksz2FzHpto7wwUCJTVcNcEA+wm8iBaA8RCZuIztx3b6VpGKDVataRTL4vDM+hTkjP264jMDwHKBUUfmzNTUtE2qazE9B9O551cQ2suy7sLPTlMD5oUjqsSAEC28HmTjNhYXpQzN2Hkb8dS/J5f3/I+WWBCagv/7CvGMcWsqEhF22RwlNsXQkpUzY3hdEUPM1CMqr+E466wpllHFhlLBxf2M7t1cGyiA/Ug78qcpI4uz/e+DUdRi9rEiLoufLF3UAxro1Utzjdl+B2eYKLQhyr+9JkAAJaLEgReRq0Bf8H1PAXiaE9ccLTkpp/evEGyf9hvcMFJn+C81E+4vTztH02DTETto/6kVpwPywKruKdfvmWZLbSMefxMdvo5YF0k72kWjQAOsTxJfObYJlyv9va+p3881B6OUehBd5YnWvhF59FncQEM42JK4apGhrKS0okafe1V7ce7S6m4vjczHQIlACP3Va3x/nYZ+BVDN05l9tpQclco5euoPZOeEb0c5O8zjmVqyOxXJeTH4u1c0PpTIn6iCpZaH1agV/ObbjfdbWoVwJr/YA1XsjWq4AAXPBLJD/Vkot5sT6+sw6O9hTv5swXaEQ+NA8IOZp7UHq9aZR1cZXefqNaibTw8EsmBpUKy2LuDrlaABY09YVHIor5mF6ho7/R2JR1UEudmWfA2GJMEdYHyO X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(36860700004)(7416005)(82310400014)(376005)(1800799015); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2024 19:44:32.5862 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1e829004-537c-454d-d5d0-08dc5fdff840 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001CF.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR12MB7014 From: Brijesh Singh When SEV-SNP is enabled in the guest, the hardware places restrictions on all memory accesses based on the contents of the RMP table. When hardware encounters RMP check failure caused by the guest memory access it raises the #NPF. The error code contains additional information on the access type. See the APM volume 2 for additional information. When using gmem, RMP faults resulting from mismatches between the state in the RMP table vs. what the guest expects via its page table result in KVM_EXIT_MEMORY_FAULTs being forwarded to userspace to handle. This means the only expected case that needs to be handled in the kernel is when the page size of the entry in the RMP table is larger than the mapping in the nested page table, in which case a PSMASH instruction needs to be issued to split the large RMP entry into individual 4K entries so that subsequent accesses can succeed. Signed-off-by: Brijesh Singh Co-developed-by: Michael Roth Signed-off-by: Michael Roth Signed-off-by: Ashish Kalra --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/asm/sev.h | 3 + arch/x86/kvm/mmu.h | 2 - arch/x86/kvm/mmu/mmu.c | 1 + arch/x86/kvm/svm/sev.c | 109 ++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 21 ++++-- arch/x86/kvm/svm/svm.h | 3 + arch/x86/kvm/trace.h | 31 +++++++++ arch/x86/kvm/x86.c | 1 + 9 files changed, 166 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 744f8c920952..6f03e7649780 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1940,6 +1940,7 @@ void kvm_mmu_slot_leaf_clear_dirty(struct kvm *kvm, const struct kvm_memory_slot *memslot); void kvm_mmu_invalidate_mmio_sptes(struct kvm *kvm, u64 gen); void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned long kvm_nr_mmu_pages); +void kvm_zap_gfn_range(struct kvm *kvm, gfn_t gfn_start, gfn_t gfn_end); int load_pdptrs(struct kvm_vcpu *vcpu, unsigned long cr3); diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 780182cda3ab..234a998e2d2d 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -91,6 +91,9 @@ extern bool handle_vc_boot_ghcb(struct pt_regs *regs); /* RMUPDATE detected 4K page and 2MB page overlap. */ #define RMPUPDATE_FAIL_OVERLAP 4 +/* PSMASH failed due to concurrent access by another CPU */ +#define PSMASH_FAIL_INUSE 3 + /* RMP page size */ #define RMP_PG_SIZE_4K 0 #define RMP_PG_SIZE_2M 1 diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index e8b620a85627..3317711540cd 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -252,8 +252,6 @@ static inline bool kvm_mmu_honors_guest_mtrrs(struct kvm *kvm) return __kvm_mmu_honors_guest_mtrrs(kvm_arch_has_noncoherent_dma(kvm)); } -void kvm_zap_gfn_range(struct kvm *kvm, gfn_t gfn_start, gfn_t gfn_end); - int kvm_arch_write_log_dirty(struct kvm_vcpu *vcpu); int kvm_mmu_post_init_vm(struct kvm *kvm); diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 748b9064567e..03b98c14cee1 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -6744,6 +6744,7 @@ static bool kvm_mmu_zap_collapsible_spte(struct kvm *kvm, return need_tlb_flush; } +EXPORT_SYMBOL_GPL(kvm_zap_gfn_range); static void kvm_rmap_zap_collapsible_sptes(struct kvm *kvm, const struct kvm_memory_slot *slot) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 96e24a1e34e3..0f70b057bfb8 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3455,6 +3455,23 @@ static void set_ghcb_msr(struct vcpu_svm *svm, u64 value) svm->vmcb->control.ghcb_gpa = value; } +static int snp_rmptable_psmash(kvm_pfn_t pfn) +{ + int ret; + + pfn = pfn & ~(KVM_PAGES_PER_HPAGE(PG_LEVEL_2M) - 1); + + /* + * PSMASH_FAIL_INUSE indicates another processor is modifying the + * entry, so retry until that's no longer the case. + */ + do { + ret = psmash(pfn); + } while (ret == PSMASH_FAIL_INUSE); + + return ret; +} + static int snp_complete_psc_msr(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); @@ -4014,3 +4031,95 @@ struct page *snp_safe_alloc_page(struct kvm_vcpu *vcpu) return p; } + +void sev_handle_rmp_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u64 error_code) +{ + struct kvm_memory_slot *slot; + struct kvm *kvm = vcpu->kvm; + int order, rmp_level, ret; + bool assigned; + kvm_pfn_t pfn; + gfn_t gfn; + + gfn = gpa >> PAGE_SHIFT; + + /* + * The only time RMP faults occur for shared pages is when the guest is + * triggering an RMP fault for an implicit page-state change from + * shared->private. Implicit page-state changes are forwarded to + * userspace via KVM_EXIT_MEMORY_FAULT events, however, so RMP faults + * for shared pages should not end up here. + */ + if (!kvm_mem_is_private(kvm, gfn)) { + pr_warn_ratelimited("SEV: Unexpected RMP fault for non-private GPA 0x%llx\n", + gpa); + return; + } + + slot = gfn_to_memslot(kvm, gfn); + if (!kvm_slot_can_be_private(slot)) { + pr_warn_ratelimited("SEV: Unexpected RMP fault, non-private slot for GPA 0x%llx\n", + gpa); + return; + } + + ret = kvm_gmem_get_pfn(kvm, slot, gfn, &pfn, &order); + if (ret) { + pr_warn_ratelimited("SEV: Unexpected RMP fault, no backing page for private GPA 0x%llx\n", + gpa); + return; + } + + ret = snp_lookup_rmpentry(pfn, &assigned, &rmp_level); + if (ret || !assigned) { + pr_warn_ratelimited("SEV: Unexpected RMP fault, no assigned RMP entry found for GPA 0x%llx PFN 0x%llx error %d\n", + gpa, pfn, ret); + goto out_no_trace; + } + + /* + * There are 2 cases where a PSMASH may be needed to resolve an #NPF + * with PFERR_GUEST_RMP_BIT set: + * + * 1) RMPADJUST/PVALIDATE can trigger an #NPF with PFERR_GUEST_SIZEM + * bit set if the guest issues them with a smaller granularity than + * what is indicated by the page-size bit in the 2MB RMP entry for + * the PFN that backs the GPA. + * + * 2) Guest access via NPT can trigger an #NPF if the NPT mapping is + * smaller than what is indicated by the 2MB RMP entry for the PFN + * that backs the GPA. + * + * In both these cases, the corresponding 2M RMP entry needs to + * be PSMASH'd to 512 4K RMP entries. If the RMP entry is already + * split into 4K RMP entries, then this is likely a spurious case which + * can occur when there are concurrent accesses by the guest to a 2MB + * GPA range that is backed by a 2MB-aligned PFN who's RMP entry is in + * the process of being PMASH'd into 4K entries. These cases should + * resolve automatically on subsequent accesses, so just ignore them + * here. + */ + if (rmp_level == PG_LEVEL_4K) + goto out; + + ret = snp_rmptable_psmash(pfn); + if (ret) { + /* + * Look it up again. If it's 4K now then the PSMASH may have + * raced with another process and the issue has already resolved + * itself. + */ + if (!snp_lookup_rmpentry(pfn, &assigned, &rmp_level) && + assigned && rmp_level == PG_LEVEL_4K) + goto out; + + pr_warn_ratelimited("SEV: Unable to split RMP entry for GPA 0x%llx PFN 0x%llx ret %d\n", + gpa, pfn, ret); + } + + kvm_zap_gfn_range(kvm, gfn, gfn + PTRS_PER_PMD); +out: + trace_kvm_rmp_fault(vcpu, gpa, pfn, error_code, rmp_level, ret); +out_no_trace: + put_page(pfn_to_page(pfn)); +} diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index d31404953bf1..1cddf7a2aec1 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2043,6 +2043,7 @@ static int pf_interception(struct kvm_vcpu *vcpu) static int npf_interception(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); + int rc; u64 fault_address = svm->vmcb->control.exit_info_2; u64 error_code = svm->vmcb->control.exit_info_1; @@ -2057,10 +2058,22 @@ static int npf_interception(struct kvm_vcpu *vcpu) error_code &= ~PFERR_SYNTHETIC_MASK; trace_kvm_page_fault(vcpu, fault_address, error_code); - return kvm_mmu_page_fault(vcpu, fault_address, error_code, - static_cpu_has(X86_FEATURE_DECODEASSISTS) ? - svm->vmcb->control.insn_bytes : NULL, - svm->vmcb->control.insn_len); + rc = kvm_mmu_page_fault(vcpu, fault_address, error_code, + static_cpu_has(X86_FEATURE_DECODEASSISTS) ? + svm->vmcb->control.insn_bytes : NULL, + svm->vmcb->control.insn_len); + + /* + * rc == 0 indicates a userspace exit is needed to handle page + * transitions, so do that first before updating the RMP table. + */ + if (error_code & PFERR_GUEST_RMP_MASK) { + if (rc == 0) + return rc; + sev_handle_rmp_fault(vcpu, fault_address, error_code); + } + + return rc; } static int db_interception(struct kvm_vcpu *vcpu) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 730f5ced2a2e..d2b0ec27d4fe 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -722,6 +722,7 @@ void sev_hardware_unsetup(void); int sev_cpu_init(struct svm_cpu_data *sd); int sev_dev_get_attr(u32 group, u64 attr, u64 *val); extern unsigned int max_sev_asid; +void sev_handle_rmp_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u64 error_code); #else static inline struct page *snp_safe_alloc_page(struct kvm_vcpu *vcpu) { return alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); @@ -735,6 +736,8 @@ static inline void sev_hardware_unsetup(void) {} static inline int sev_cpu_init(struct svm_cpu_data *sd) { return 0; } static inline int sev_dev_get_attr(u32 group, u64 attr, u64 *val) { return -ENXIO; } #define max_sev_asid 0 +static inline void sev_handle_rmp_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u64 error_code) {} + #endif /* vmenter.S */ diff --git a/arch/x86/kvm/trace.h b/arch/x86/kvm/trace.h index c6b4b1728006..3531a187d5d9 100644 --- a/arch/x86/kvm/trace.h +++ b/arch/x86/kvm/trace.h @@ -1834,6 +1834,37 @@ TRACE_EVENT(kvm_vmgexit_msr_protocol_exit, __entry->vcpu_id, __entry->ghcb_gpa, __entry->result) ); +/* + * Tracepoint for #NPFs due to RMP faults. + */ +TRACE_EVENT(kvm_rmp_fault, + TP_PROTO(struct kvm_vcpu *vcpu, u64 gpa, u64 pfn, u64 error_code, + int rmp_level, int psmash_ret), + TP_ARGS(vcpu, gpa, pfn, error_code, rmp_level, psmash_ret), + + TP_STRUCT__entry( + __field(unsigned int, vcpu_id) + __field(u64, gpa) + __field(u64, pfn) + __field(u64, error_code) + __field(int, rmp_level) + __field(int, psmash_ret) + ), + + TP_fast_assign( + __entry->vcpu_id = vcpu->vcpu_id; + __entry->gpa = gpa; + __entry->pfn = pfn; + __entry->error_code = error_code; + __entry->rmp_level = rmp_level; + __entry->psmash_ret = psmash_ret; + ), + + TP_printk("vcpu %u gpa %016llx pfn 0x%llx error_code 0x%llx rmp_level %d psmash_ret %d", + __entry->vcpu_id, __entry->gpa, __entry->pfn, + __entry->error_code, __entry->rmp_level, __entry->psmash_ret) +); + #endif /* _TRACE_KVM_H */ #undef TRACE_INCLUDE_PATH diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 9923921904a2..a9d014961d2b 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -13996,6 +13996,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_enter); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_exit); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_msr_protocol_enter); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_msr_protocol_exit); +EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_rmp_fault); static int __init kvm_x86_init(void) { From patchwork Thu Apr 18 19:41:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 789991 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2085.outbound.protection.outlook.com [40.107.92.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AE25A181B8E; Thu, 18 Apr 2024 19:45:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.85 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469521; cv=fail; b=Ro13MladNOHalEYqFDDb2FCow372GxEULoioOd6iOvNrD73pgZH8UTXpDEoXMmKbAJLQBGSlNhi15FHAhnIXMK1nc5yoeeexCWWWY28W+FHIuHTTxrZNFhXE+ZWQ3KcPRj38FzPK/KSCOuJeT5IUlYUZo4Bz349JR0CKmuAtYxw= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469521; c=relaxed/simple; bh=2SfvozIH33u4cXAMBhSOdNQkYC97O43EfE1QKnPd72U=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=OVPWoGRPF7SzJ3ShB5v58/cVvQ1E5ujfneI3RAHjVfPY08aMfu6I1JF6wG+7ZvbIW2KneUZodPag0WaPK3conDDZ2A+YHOMs5OJguqZdERW18MKgcDKfku1Owckb+66z6KrwnuNr4ec7dw+Chiq+FQWX3XhnA6qmeheu/frMidc= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=wLiPkh8c; arc=fail smtp.client-ip=40.107.92.85 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="wLiPkh8c" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mG9auSHwDrYrhO2jpUKjNOHDr/N6eyheXTa+4VfPTqO3TMFND6SMCjVe6EaAFFX3IcSfqZ84o10uHTbLIuDTfDGL2JszbDaFbiNMCKVDO3iDpO3UE3XwZfqyQ1skJkAwJro+VfnNb4dZyKF990obTLpR1VasI1yUE+dr/BuyIwMPYfRwrZOb1Gscq1zbCKGxvvqHvn/F9RxirVd5iYcj1r27s06dbqNPPDM5qAXM9sa3FcPNBXXAkPiapJleXU117E6X7U3BFcwHZWHsCc/mNvJQrKHQ52Ou0jorSAoP0Dz6KGrZ13utWTHBVtm0XI3jlwVHb4KHPLGubaK9JSXKZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Bx+UiV/8mdVOtuDMjYEt0x2o+sh50xZzYMq3LpQNu/k=; b=h0l3uR1En71OA9ip/IyvGSpBEne8AfO+YApp9WbkqQAiq5GP+2F3spfDl/+mf5AvCAS5cku3EZ02RTnGjE9cxEnyWuqJbUHUGTx75lQztcMtzXIHW8zG0hq632c+PdCxhKCT88l/V59vqbprWIbZzlwls4WjhJnQlNUp8hrJwdmPxgxsPN2zEvL3gUFThkUek+FDVcpNLEW2TI0vwAVaxbWnveMREmz5q5W/CiLeRqgd5ziI1nNPUPrUZYSxUAoQRanR6Rjp3RZDHBJwUrviWZDEepIguD2XR+Gq89MS1ohDkp8hVhWe3uB4aX6aEzIfD10wjtVLJMY2Id5HMzI39w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Bx+UiV/8mdVOtuDMjYEt0x2o+sh50xZzYMq3LpQNu/k=; b=wLiPkh8cItOydS7Gq3V4h+R2HAHob+fDLsXP+QsjJJXVxe4cx+6HFQ7WtKoHZ7By4xduhYfNasdHOu+c6ys0w0/ZjIQJefZZWK87KYpvMfcc86GpeeDVoGIjliCwwsHV4YSYUU055ZFTyG++cNbkAe28+9WS5IXos4kQTjbaGlI= Received: from SJ0PR05CA0176.namprd05.prod.outlook.com (2603:10b6:a03:339::31) by PH7PR12MB7377.namprd12.prod.outlook.com (2603:10b6:510:20c::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7452.50; Thu, 18 Apr 2024 19:45:16 +0000 Received: from SJ5PEPF000001C8.namprd05.prod.outlook.com (2603:10b6:a03:339:cafe::12) by SJ0PR05CA0176.outlook.office365.com (2603:10b6:a03:339::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7519.12 via Frontend Transport; Thu, 18 Apr 2024 19:45:16 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ5PEPF000001C8.mail.protection.outlook.com (10.167.242.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7452.22 via Frontend Transport; Thu, 18 Apr 2024 19:45:16 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 18 Apr 2024 14:45:15 -0500 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v13 17/26] KVM: SEV: Add support for GHCB-based termination requests Date: Thu, 18 Apr 2024 14:41:24 -0500 Message-ID: <20240418194133.1452059-18-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240418194133.1452059-1-michael.roth@amd.com> References: <20240418194133.1452059-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001C8:EE_|PH7PR12MB7377:EE_ X-MS-Office365-Filtering-Correlation-Id: 244273cd-9da7-4496-a46d-08dc5fe01278 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: rFuUwldkLH25m03dkf6YY/11rMjS7H7hJru+uOCHHIUZUntJ6ul2L+ATuc/lmpH7cA8m46mogtxk87a4r1uSDozr2DPXIxIq68oacyFNzl/NRcwcIACdT5aH040jX+wrvPbBsqbm05aY5x6ndHf4OdD8pXpmbPv0djxqw2APx5gwdZUt28hpF8ogcX6SurDBFUAhAkcFsNtgngBMP6Cf2A3eg0Tj8TRxDGtJySZJwGzJ6hDealNp2YrWkcHe5iv0JG1XQwHCczttHV0YEnLhlwVbDApVS2WOyzDM7bzm+GOUz3A64Ts+dy4n4/kG1SJEeTouvKacrCMjPzHJH2rW+24iF++/Vyx4nAacz30fBKBrbBtsduA7aGduROkWaaLLAkYqHtNIy1dQhfyJNH7Lt+guV+PEEWHHwBDjAO1ekBCLr4IuEWgA1kZFSHFZDXOcFfdaC+Eza/HwXudvTtdBgZhVzQf542+wJ9MEXz4s/r+GsSaBUuVfadOoZm+vHI9nSdyRE5bM4LeKGe6qylJaZuMFgE5yWEcGq/chNKzsmV8YInQI2UGNCIrIKSyYQLWhfFQK3dJAqYdM2Uk4sxEpfEjUoiD9tMIgzImlRi69G9piwHPWBx9pAYeglRRwHxZBBtFBakyA5nbdfWULAhYZq3i1t7prlOjh28kRoAxbq9utPB6sn8soodQtRpBYbisSIBwr4eS/+oyCE9/yvozjjPvU8jadJnTpBmiGo8d611kSYxkjI5T2T1qpNmZvhnLO X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(7416005)(36860700004)(82310400014)(376005)(1800799015); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2024 19:45:16.5727 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 244273cd-9da7-4496-a46d-08dc5fe01278 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001C8.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB7377 GHCB version 2 adds support for a GHCB-based termination request that a guest can issue when it reaches an error state and wishes to inform the hypervisor that it should be terminated. Implement support for that similarly to GHCB MSR-based termination requests that are already available to SEV-ES guests via earlier versions of the GHCB protocol. See 'Termination Request' in the 'Invoking VMGEXIT' section of the GHCB specification for more details. Signed-off-by: Michael Roth --- arch/x86/kvm/svm/sev.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 2de3006fec65..2e0e825b6436 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3272,6 +3272,7 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) case SVM_VMGEXIT_UNSUPPORTED_EVENT: case SVM_VMGEXIT_HV_FEATURES: case SVM_VMGEXIT_PSC: + case SVM_VMGEXIT_TERM_REQUEST: break; default: reason = GHCB_ERR_INVALID_EVENT; @@ -3967,6 +3968,14 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) ret = 1; break; + case SVM_VMGEXIT_TERM_REQUEST: + pr_info("SEV-ES guest requested termination: reason %#llx info %#llx\n", + control->exit_info_1, control->exit_info_2); + vcpu->run->exit_reason = KVM_EXIT_SYSTEM_EVENT; + vcpu->run->system_event.type = KVM_SYSTEM_EVENT_SEV_TERM; + vcpu->run->system_event.ndata = 1; + vcpu->run->system_event.data[0] = control->ghcb_gpa; + break; case SVM_VMGEXIT_UNSUPPORTED_EVENT: vcpu_unimpl(vcpu, "vmgexit: unsupported event - exit_info_1=%#llx, exit_info_2=%#llx\n", From patchwork Thu Apr 18 19:41:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 789990 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2065.outbound.protection.outlook.com [40.107.243.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C216517AD72; Thu, 18 Apr 2024 19:46:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.65 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469565; cv=fail; b=mIo+5xH7peUEB8++wUqEqo/7d305pLuc/gq8PN3Eu4vX/QVxudbvZnJfquxWKQXVBt1s/EaSbX1XbnVPuZlKAyjbk/KJjjhamlEcE8DiKmn63iloW+WeTauYYp35kc78xsGth+kUkIjkuHzMYcpxtrBz9FrWYUFrFdO6exT+U/U= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469565; c=relaxed/simple; bh=XEreU/KW8d+SnBeNC3vL2Vk1MUDEc4e7mpA0rCnjTZA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=L4YQFYOomCrfeLzmXsJT0ykE7vJ2Mmpk+EekS5AH6Y5BQzxtV/WEDkoPl2LkGk5IU8YBR1YTyHd8OJLkejqM/z8FopSpQuPlTwDL1CNbWiMXQCsJihP5hADVTDABQws8z0jYqjWuxLykNPlbz6EiREGQz8yBSNJWJ31WUlVkzoc= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=EhAD4X5e; arc=fail smtp.client-ip=40.107.243.65 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="EhAD4X5e" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OxJ7UIMdL74KCBD7HpmQ5zgQ1jgQhLkofPqGMoHuHH01Qyyg69BkQqE8F4laDvV2NJ3XPp7k0YC/SWmzWrnNHe/yA27QUln3gaDMXySlaKL1kc1Qu1Obk6iXCPv+ueKg87a4fsc/SRjzEe+/as4SrpR9bZREBD0enCuOTQOFzPIExTFkGhRAw1O/WW8SP4qxEecadSzaYlyDqMLNhAkyBfAUZiT8Q84mkBrfC70XnRsDLLl2Uj3QmORBHYODsDsfHMJ4zWJ6CK3j13m/b7b+ix4RCLSJmZNLhXfxhftDneoADsOPVezhHYkht2pAOzOoKuFq/Kzyfcxam5bnHqKzTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MtJ0CbnPYcoNEBTs7TIJH/j0ZqiCTVlnNUX1frLxFaY=; b=k7TktPOvywX3Bub+ycyMAq0tfqPJGp5pSMg/QH8s2sS3qkZfUnjmx+wppPalThX1ThFtm8oqXHhsaLf18/hFDxnJZiObkH2+XoYsurjCb1JUoA3TK9+j2yGtn7TXhS8ptVjv1YvwnafTU91Jon9/+bXhS7NNjn29Q1+C71yBM4Z/YNFhRcpa4Qc/ymNvoi29/w/gQRrW+fnoy1aZaBjDwgwRDEmiBLyDLkNxBu9whF3s0C9vuQRy9SZ8GFC875KCQlocGAxMGCq45iI69/dy4gjPJA+u0U4sOoWx5WBQpT25FeD4owY6Le563qmjyaDbvSMfyE8UG4ggnJbICAwnvA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MtJ0CbnPYcoNEBTs7TIJH/j0ZqiCTVlnNUX1frLxFaY=; b=EhAD4X5e9U9U++R8b0N1QMKDTbT7+CXlcKcDBCavWJ3wOyqm2p+tqLgAD3Jw8Ys4Q7oRCvCRk5Gb+C1AqpBYSku048ZsaBHq5e05B7Gyp9edF+CrmWAxWnu6vf04/EHxDVDkU+uvIR+9T7C0MzexVXxNjnVzOCx/Icc4hcKqhHo= Received: from BYAPR06CA0043.namprd06.prod.outlook.com (2603:10b6:a03:14b::20) by PH7PR12MB7938.namprd12.prod.outlook.com (2603:10b6:510:276::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7452.50; Thu, 18 Apr 2024 19:46:01 +0000 Received: from SJ5PEPF000001CA.namprd05.prod.outlook.com (2603:10b6:a03:14b:cafe::2e) by BYAPR06CA0043.outlook.office365.com (2603:10b6:a03:14b::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7495.26 via Frontend Transport; Thu, 18 Apr 2024 19:46:01 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ5PEPF000001CA.mail.protection.outlook.com (10.167.242.39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7452.22 via Frontend Transport; Thu, 18 Apr 2024 19:46:01 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 18 Apr 2024 14:45:59 -0500 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v13 19/26] KVM: SEV: Implement gmem hook for invalidating private pages Date: Thu, 18 Apr 2024 14:41:26 -0500 Message-ID: <20240418194133.1452059-20-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240418194133.1452059-1-michael.roth@amd.com> References: <20240418194133.1452059-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001CA:EE_|PH7PR12MB7938:EE_ X-MS-Office365-Filtering-Correlation-Id: 5af138b6-7f59-48bc-13cd-08dc5fe02cf6 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: CIHzGPB4xhk9gRrByuRWgzNy/AmdnvFCVzzz/nbtPk12+Bkep+58cQdUiQIR2DAWzocs2VVn2HwCkv2gKubi0tDFJg5jECAp77IbOgGvtpakbZVe94jztFVZuB0Sz+QJhYv6U0vUzrZEGituq/7dV7JfYf9WsohCqM6K1QAYJtsvm5o3MN41cM8Ooq86ywOFDlgj9QIEsAa8ljIQxR1/PlDEbsbpuJ8Z/K4Z0f1kAwaroqJH5MS5Wy2d1mLxae1QhJwZd1TG2s74xZXYUqv7ZAmw3I2DiDHaaQgXPHm+tRLroXSFR3gleu3Q/I+rxSa5QlfBkmRO1GFwJ0PlEt6E9CG0WF6+hOg8aKPbHBkwvPyh0he/vhiGUSRaKHCcW+TPBrp+5u/tkiSauwGlWumZfen7VMm76tueK3B/iQKzzWMJe94GzArNBaUcNVOXIkNFMk8pcDYsU43YReD4+5Q46PYVQc6nDqi0BKeYB4MXXhITlov5QZGjTB9Ld+dFa25bswcRXwima60UC6aky4jwMltXhmX4uYeC+tgI8mFSb7V89wxCfs5DFUEzXlX3IE00flzVtbFGSZZ3m5ZkR+g7vDF+v7uQwUHoZh0EGxRKHgpIWoXBi5zt/NqPMDSNrN/E9CxVpyq7gc0v2GsmDxP5s3vcAs8JxtV6Wx/SC2b3JAr7GLPgFXVf+LM2eTD7T7ZHAgmZruSdHjGOJER29vgohbk5Dzln4/pKHwuQPqO154o4iwlD2sP96lKeDEjaxEfh X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(7416005)(1800799015)(376005)(82310400014)(36860700004); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2024 19:46:01.0155 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5af138b6-7f59-48bc-13cd-08dc5fe02cf6 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001CA.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB7938 Implement a platform hook to do the work of restoring the direct map entries of gmem-managed pages and transitioning the corresponding RMP table entries back to the default shared/hypervisor-owned state. Signed-off-by: Michael Roth --- arch/x86/kvm/Kconfig | 1 + arch/x86/kvm/svm/sev.c | 64 ++++++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 1 + arch/x86/kvm/svm/svm.h | 2 ++ 4 files changed, 68 insertions(+) diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig index 10768f13b240..2a7f69abcac3 100644 --- a/arch/x86/kvm/Kconfig +++ b/arch/x86/kvm/Kconfig @@ -138,6 +138,7 @@ config KVM_AMD_SEV select ARCH_HAS_CC_PLATFORM select KVM_GENERIC_PRIVATE_MEM select HAVE_KVM_GMEM_PREPARE + select HAVE_KVM_GMEM_INVALIDATE help Provides support for launching Encrypted VMs (SEV) and Encrypted VMs with Encrypted State (SEV-ES) on AMD processors. diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 29f6e8dc29c8..f60bb8291494 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -4455,3 +4455,67 @@ int sev_gmem_prepare(struct kvm *kvm, kvm_pfn_t pfn, gfn_t gfn, int max_order) return 0; } + +void sev_gmem_invalidate(kvm_pfn_t start, kvm_pfn_t end) +{ + kvm_pfn_t pfn; + + pr_debug("%s: PFN start 0x%llx PFN end 0x%llx\n", __func__, start, end); + + for (pfn = start; pfn < end;) { + bool use_2m_update = false; + int rc, rmp_level; + bool assigned; + + rc = snp_lookup_rmpentry(pfn, &assigned, &rmp_level); + if (WARN_ONCE(rc, "SEV: Failed to retrieve RMP entry for PFN 0x%llx error %d\n", + pfn, rc)) + goto next_pfn; + + if (!assigned) + goto next_pfn; + + use_2m_update = IS_ALIGNED(pfn, PTRS_PER_PMD) && + end >= (pfn + PTRS_PER_PMD) && + rmp_level > PG_LEVEL_4K; + + /* + * If an unaligned PFN corresponds to a 2M region assigned as a + * large page in the RMP table, PSMASH the region into individual + * 4K RMP entries before attempting to convert a 4K sub-page. + */ + if (!use_2m_update && rmp_level > PG_LEVEL_4K) { + /* + * This shouldn't fail, but if it does, report it, but + * still try to update RMP entry to shared and pray this + * was a spurious error that can be addressed later. + */ + rc = snp_rmptable_psmash(pfn); + WARN_ONCE(rc, "SEV: Failed to PSMASH RMP entry for PFN 0x%llx error %d\n", + pfn, rc); + } + + rc = rmp_make_shared(pfn, use_2m_update ? PG_LEVEL_2M : PG_LEVEL_4K); + if (WARN_ONCE(rc, "SEV: Failed to update RMP entry for PFN 0x%llx error %d\n", + pfn, rc)) + goto next_pfn; + + /* + * SEV-ES avoids host/guest cache coherency issues through + * WBINVD hooks issued via MMU notifiers during run-time, and + * KVM's VM destroy path at shutdown. Those MMU notifier events + * don't cover gmem since there is no requirement to map pages + * to a HVA in order to use them for a running guest. While the + * shutdown path would still likely cover things for SNP guests, + * userspace may also free gmem pages during run-time via + * hole-punching operations on the guest_memfd, so flush the + * cache entries for these pages before free'ing them back to + * the host. + */ + clflush_cache_range(__va(pfn_to_hpa(pfn)), + use_2m_update ? PMD_SIZE : PAGE_SIZE); +next_pfn: + pfn += use_2m_update ? PTRS_PER_PMD : 1; + cond_resched(); + } +} diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 3e8d0752bf1b..60d121250b0d 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -5082,6 +5082,7 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .alloc_apic_backing_page = svm_alloc_apic_backing_page, .gmem_prepare = sev_gmem_prepare, + .gmem_invalidate = sev_gmem_invalidate, }; /* diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 7712ed90aae8..6721e5c6cf73 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -731,6 +731,7 @@ void sev_handle_rmp_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u64 error_code); void sev_vcpu_unblocking(struct kvm_vcpu *vcpu); void sev_snp_init_protected_guest_state(struct kvm_vcpu *vcpu); int sev_gmem_prepare(struct kvm *kvm, kvm_pfn_t pfn, gfn_t gfn, int max_order); +void sev_gmem_invalidate(kvm_pfn_t start, kvm_pfn_t end); #else static inline struct page *snp_safe_alloc_page(struct kvm_vcpu *vcpu) { return alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); @@ -751,6 +752,7 @@ static inline int sev_gmem_prepare(struct kvm *kvm, kvm_pfn_t pfn, gfn_t gfn, in { return 0; } +static inline void sev_gmem_invalidate(kvm_pfn_t start, kvm_pfn_t end) {} #endif From patchwork Thu Apr 18 19:41:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 789988 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2065.outbound.protection.outlook.com [40.107.93.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C605D17B4FB; Thu, 18 Apr 2024 19:47:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.65 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469656; cv=fail; b=k7jVOupQzXPlL5onddR0SydxnGqE1wPPhM392Ag0Wckw4PB+fmlRZRMtMjTl8vECIFpS6Wj7S9jXi3A1d9ETjc00FpJRTXe/NG1BGnf5wqVQa1JhdtZIhhdyQbZBYu3NwEUN9GspyQjRSo7OPqtHHLTIwVrhN0wEZnOBVv/Yzm8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469656; c=relaxed/simple; bh=g9tHXGN7Gd4ZxowzjJN85wi2+mbrn2r4BlJL8jkwBvg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=AP94+NDNVyhnj7D7e1HbhfuFPPQYZ1TIAhp8swrmUt+CwAbHi7+ie5ro76miPgVxTU89eTeGtB9ccVf5Xy8luvfoHLsnnLDjlxDRfiDXI9PgEUYYdtwvOfyG2SZhn2SUKrSqpLOObn5XTUNKeyGd07uDYNblekD5DAkoxSTYgcU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=bsb+al/+; arc=fail smtp.client-ip=40.107.93.65 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="bsb+al/+" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hHzeVApHM3eBAGnk0zS0FIomV9X0ZYN5tWVDRDHGj4ixBqOx4zgcSOySKt/0C8uTq3q27PqitCiMfvJ39MGDnWJfpju+xQfdsrgBIGffk646TSvamgVuWuKFepbG562cxomybv7ClTAbXDSNXwnJIHLK70LZMng6ademG6VhjKcwmWJ6jTRKhIugw5J8cU13qRML2oKbsH0B6BDedZoqOO+JTHJ2ebN/+k6+uctp74Qnwb30JKjdZRQoVyfShimR0x0V/RAeXm8UvucFVUn/pzWxZ7FJoz2CQ8vRgMbZhb4UNPTg10eHPSOWKTo8fDKaXD0nshRma+mVQjLUJHAHvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+G51mueTV+Sdz0lYR3YMAwLh9NKNaUf/zMQeba424ks=; b=BqNkf/ye2xzurnXRFICMKSd/HPS0DPQFuSrezazL5rZ28uAE9tUI12i5n5mdRx17LpMMNKGKQ6dM4v6lrRKhGPa38Ns20ZraCqi8HIbzvtTYx6JdG37s0piUN8cYXSE/o7ubLqCq9KxN7aia6P3cQgzjEJbMX8Lyvr5iSqJxISl0q2rUiywmf0oL2DH3/c3A6rucAR9s4y7rrrLJu3bWsTjfT1nJ3uKirhnfiKixwW9WIsxVmiXSvqS4IgSgSnv+7J9qUBkeia0NORPwCDyjiJPth6tCl2juMAXbjyd7fs9KtQRWR7hr6lfqrQLh58WoON0v7IGMizR5GLLioc2agA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+G51mueTV+Sdz0lYR3YMAwLh9NKNaUf/zMQeba424ks=; b=bsb+al/+F4BEopdNimTPOHk4iTera7y/a+fqa8S/mezNfUExyaNNej9Zcfpcq35bNr7r1uXPrNB05rV1NBRsGisnBW0v1r7h0tDRSAHwvvZOglMNB6FJYUfiWkybzpdiFa3MVK1ID+9+V+hgLLHQhsMpNJ1lZ4tOj0qq0iDa8fs= Received: from SA9PR13CA0167.namprd13.prod.outlook.com (2603:10b6:806:28::22) by SA3PR12MB7902.namprd12.prod.outlook.com (2603:10b6:806:305::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7452.50; Thu, 18 Apr 2024 19:47:30 +0000 Received: from SN1PEPF0002BA4C.namprd03.prod.outlook.com (2603:10b6:806:28:cafe::fe) by SA9PR13CA0167.outlook.office365.com (2603:10b6:806:28::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7495.30 via Frontend Transport; Thu, 18 Apr 2024 19:47:30 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF0002BA4C.mail.protection.outlook.com (10.167.242.69) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7452.22 via Frontend Transport; Thu, 18 Apr 2024 19:47:29 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 18 Apr 2024 14:47:28 -0500 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh Subject: [PATCH v13 22/26] KVM: SVM: Add module parameter to enable SEV-SNP Date: Thu, 18 Apr 2024 14:41:29 -0500 Message-ID: <20240418194133.1452059-23-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240418194133.1452059-1-michael.roth@amd.com> References: <20240418194133.1452059-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF0002BA4C:EE_|SA3PR12MB7902:EE_ X-MS-Office365-Filtering-Correlation-Id: 7058a6d5-b1e0-4d76-897a-08dc5fe061ef X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: haObDg2x85k+C5Ve+hXk0voAqj9oHsBc3A4T6pGb4rNvxqGbrgtv2h9q6sxzCroX2J1binc6t18HZrt5Qdl1BCr1xYcjLji61S+9+rsHYZX1b0IT7xiRTA25SEnVLYGNvg5YyTWYrsDfRcOIMnt71gnm/IHipQWpUhfAjqy1mGbnQiURFJHxASNxZZ/CV3ABUe7Gx9pUoyO3rA2vtoMEnIYEnpoHBfOJLlzqpz63fnl6OUPJeViyzVhdUHW1kbS87s0ja7QoO19zqDcd4Fjw1p8Ihx5yYGpJBhLIG/6PhKTulIyMtE3VpQMZPEfCMpQne8ElF50JL6A3tX5+TCYcrU6Ug/XxEEaI/uwz2AXNWtVyy30v7Sfnst8V5u0/vurI4K96/Y3W0W5hmsh7ny79wEZ5r3KD7lwZ+Tl4eF51lM6WwNvPb6OQcnfrhxy0Id80lUyM0+4xh0mA0DI2XVhGFQqGRd43K/hxkbALVlac+1PpaJ359lh1+ZZttlRA7CQ7BQPjCiDFBEyuM5lB0Qqxcbl7esDaFmmgl77/wA0FuNj8gHfsqKFiNuvSOHkVLgid55/YHXm42jMKlOTUeeaRZGIllgM/PtJI5cYRlgqO6bJ3f6a1TiT2Uqd37ElHaEYBNcM7rl4GFIWMjCKSjTDZXbFJo6n1k6SwdvPpIXdKZjLWdwoSOwoXKsk3LrYH/+G/+fSnGu66Q1w1MynjghE6ty6Q0SghEDJVpRSOx3rf4Nz+Q+cucwoIUfe0fKk/6vdm X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(7416005)(36860700004)(82310400014)(376005)(1800799015); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2024 19:47:29.9231 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7058a6d5-b1e0-4d76-897a-08dc5fe061ef X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF0002BA4C.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR12MB7902 From: Brijesh Singh Add a module parameter than can be used to enable or disable the SEV-SNP feature. Now that KVM contains the support for the SNP set the GHCB hypervisor feature flag to indicate that SNP is supported. Signed-off-by: Brijesh Singh Reviewed-by: Paolo Bonzini Signed-off-by: Ashish Kalra --- arch/x86/kvm/svm/sev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 03bfb7b9732d..de51c3aa0040 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -48,7 +48,8 @@ static bool sev_es_enabled = true; module_param_named(sev_es, sev_es_enabled, bool, 0444); /* enable/disable SEV-SNP support */ -static bool sev_snp_enabled; +static bool sev_snp_enabled = true; +module_param_named(sev_snp, sev_snp_enabled, bool, 0444); /* enable/disable SEV-ES DebugSwap support */ static bool sev_es_debug_swap_enabled = true; From patchwork Thu Apr 18 19:41:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 789987 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2060.outbound.protection.outlook.com [40.107.244.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DFCA9199EB4; Thu, 18 Apr 2024 19:48:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.60 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469698; cv=fail; b=X7NS0V7tIWiHLgGgD+cP8/2/P5yfw2VPGyb60S5gXoHbWZr+IR472DMgjcTDjbvlraqpLXtXBepMQcyZ+2TE1yPuatGSHBEaHueSTe/nHqJ4Stw/qjqlSq97KZJuWscfT9PcWeSiQXOwD3oeZ05Ro6X2a7vlBIYbA8GyihVi6TU= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469698; c=relaxed/simple; bh=T6pGJVRHlHSyXnXGrojJ2riNnafIVnvK+50POJ+c5gE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=b0GnHb7DTvzAcrjUwsapHLJIox/E3oqigGZlAMLPycXp3v1m68PcXqVq4EDnHzzDXxK4nUV7RIAQzFD7weGPB+bREYDgU7k8ooKLbuRDLzReCufSPB/Mw0r9TbQ/01QC85sE4OcmlQt2rirjs8/tvcLTM7qz42uM3P/THNiSW/4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=150sGLdP; arc=fail smtp.client-ip=40.107.244.60 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="150sGLdP" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gD+WbXrvViLlcWQ5zk524xNAymrGUCYQi/B7Ml9XxbJ6mOvcO7HHRhdb6odIYAVf6qVmJBCJo1SPWaLGgqVFZWxFl0Fl+MKjyyXqzMoiWy5vZPSevwgG/upnWzhtxBOdtBJPeqDkNWNTmr5AZKnzQEubTENUu7VuXvAgEeVwT8gHZqDDAOlODE75c/M0ia4akQaybkeLhUIkzjbvUd4Vk3HuFNTuBN89T81P8sWIxZQZ1xb6d6+csBL3l9qR1jfnJYvXMesB/q7RBtRcCvtDDjYqwfmO6l6u1VmwLBuPJXUrY7PBw+hx7mIY1zNDdwyE+BGp7tKceTjbXO3EBNxwbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BrLx/Gtif4PESh/Cb7f+ZeKvu4HjLI75t/BpaHSyZ/E=; b=aH/TCq3wJVRcv4doMYQC0nKh2W2oHnHgtSCxJvA5oic+OT1/OLqtYSvsP6AICsTNTty1+YftAuuOyegbBGLLEvGeMM/mT9RswLg8QCGyjVsEQu3ICMipFevePCsdMTh+yhtBJMuIhPREeOMnwk83o3vBuWsjrmfutC2JZTCMH4Ikee2um3YXLlBfXVTRmpX7IQwK5BvDZyo0/Wobc7yW9e60kBniQEDEwYLpeiJAr0QYAJ7/1BHN/isK3nruu8zKKfMsgIAS7SNbN9ZauqiHwYiBJvlGJhBEoIS6bZ8aGLfzAE7gE30FEXpB+3Ml5zH0i25adJ17w699iyH49bL82A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BrLx/Gtif4PESh/Cb7f+ZeKvu4HjLI75t/BpaHSyZ/E=; b=150sGLdPv5XFiJDPYI2VZVL8wV9VRibK6Cse/0BgmA2CjqPBbr+bu5Pt7cwYTLf9OyooS4lRr/LvFte3+ABZOhEBOcuwL+xt1iY4eCtlLOsTk4Dpku58KYa0VAu7utAOYRA04e4A0HEtMMnEBquYrrqv24m2F1Yk6arKCruxHZA= Received: from PH7PR17CA0029.namprd17.prod.outlook.com (2603:10b6:510:323::23) by IA0PR12MB9012.namprd12.prod.outlook.com (2603:10b6:208:485::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7452.50; Thu, 18 Apr 2024 19:48:14 +0000 Received: from SN1PEPF0002BA4F.namprd03.prod.outlook.com (2603:10b6:510:323:cafe::2) by PH7PR17CA0029.outlook.office365.com (2603:10b6:510:323::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7495.29 via Frontend Transport; Thu, 18 Apr 2024 19:48:13 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF0002BA4F.mail.protection.outlook.com (10.167.242.72) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7452.22 via Frontend Transport; Thu, 18 Apr 2024 19:48:13 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 18 Apr 2024 14:48:12 -0500 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v13 24/26] crypto: ccp: Add the SNP_VLEK_LOAD command Date: Thu, 18 Apr 2024 14:41:31 -0500 Message-ID: <20240418194133.1452059-25-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240418194133.1452059-1-michael.roth@amd.com> References: <20240418194133.1452059-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF0002BA4F:EE_|IA0PR12MB9012:EE_ X-MS-Office365-Filtering-Correlation-Id: 825a3000-62c0-4f6a-2102-08dc5fe07c05 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 6WBLfDe9c068/zJhGn1Q7+Dj3TRXL2QOkKsOSENcVapTmlchwXVPSXPYtufNksFLJvkkjvTIBl1oMxLEfVtSAH4Gi28Z9cSn3OY8uOyy5jI23cLGQPW61JcWV+eX2kde55gSkoNty1aE2oJwBrlaeiAfWpJh8SlpxSvbpg/4DJqpmGQmXwSX6bjawOKxK+x0WpvX3LxI4BTd7yahTWTUMJwmdXhQ3dKKX7fnlYl/BEFdZmPqgJcu+qN7LeEvA4n8174Fmt9DSPIXKBKOutuk6H14WICTszz1viheL8jEr63mB89xn/zQIeQpavLXfymcnZR9tPtPtequih2JFi7+ROWEcau9IM6qsxatTbVgCN0PTEP5JzwMWsJS7RaOMUbWCpymfiVLP7quUFyQpNAlS8x84Jiv64sUcwIAb71lDK9XHKSBvobAapU3Cx8WDj7EcGwxoqYWgQtmc0JF6ULxhLMC0pgiDbSmy220GYo226KHnYKD5NcR8oWo27+p3L+BZzLFLTVkMLNltYHiqtMyUdGbAJGglh4HVd6gxdqbBpVeBXgUW06oFz+DRUfc9rx0itGk4qkS7gOhVlGFH5kTjMYRz8UO/itCCxZHjRcG1piZnLXaNDhGqvB1NslYeP5vuUrrNZyjcRUtNqS99zc0nOAXS9m0Ub58Vw9otDx5LNt2iPgaw42PudWXJSlNQSHMTf0k2rL+r41Mv6tCNkn+WcSqbzwUIrtPLbeFcTDMcO5EIldCVbQ2r6X5AsKhCA7Y X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(7416005)(36860700004)(1800799015)(376005)(82310400014); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2024 19:48:13.6854 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 825a3000-62c0-4f6a-2102-08dc5fe07c05 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF0002BA4F.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR12MB9012 When requesting an attestation report a guest is able to specify whether it wants SNP firmware to sign the report using either a Versioned Chip Endorsement Key (VCEK), which is derived from chip-unique secrets, or a Versioned Loaded Endorsement Key (VLEK) which is obtained from an AMD Key Derivation Service (KDS) and derived from seeds allocated to enrolled cloud service providers (CSPs). For VLEK keys, an SNP_VLEK_LOAD SNP firmware command is used to load them into the system after obtaining them from the KDS. Add a corresponding userspace interface so to allow the loading of VLEK keys into the system. See SEV-SNP Firmware ABI 1.54, SNP_VLEK_LOAD for more details. Reviewed-by: Tom Lendacky Signed-off-by: Michael Roth --- Documentation/virt/coco/sev-guest.rst | 19 ++++++++++++++ drivers/crypto/ccp/sev-dev.c | 36 +++++++++++++++++++++++++++ include/uapi/linux/psp-sev.h | 27 ++++++++++++++++++++ 3 files changed, 82 insertions(+) diff --git a/Documentation/virt/coco/sev-guest.rst b/Documentation/virt/coco/sev-guest.rst index e1eaf6a830ce..de68d3a4b540 100644 --- a/Documentation/virt/coco/sev-guest.rst +++ b/Documentation/virt/coco/sev-guest.rst @@ -176,6 +176,25 @@ to SNP_CONFIG command defined in the SEV-SNP spec. The current values of the firmware parameters affected by this command can be queried via SNP_PLATFORM_STATUS. +2.7 SNP_VLEK_LOAD +----------------- +:Technology: sev-snp +:Type: hypervisor ioctl cmd +:Parameters (in): struct sev_user_data_snp_vlek_load +:Returns (out): 0 on success, -negative on error + +When requesting an attestation report a guest is able to specify whether +it wants SNP firmware to sign the report using either a Versioned Chip +Endorsement Key (VCEK), which is derived from chip-unique secrets, or a +Versioned Loaded Endorsement Key (VLEK) which is obtained from an AMD +Key Derivation Service (KDS) and derived from seeds allocated to +enrolled cloud service providers. + +In the case of VLEK keys, the SNP_VLEK_LOAD SNP command is used to load +them into the system after obtaining them from the KDS, and corresponds +closely to the SNP_VLEK_LOAD firmware command specified in the SEV-SNP +spec. + 3. SEV-SNP CPUID Enforcement ============================ diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 2102377f727b..97a7959406ee 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -2027,6 +2027,39 @@ static int sev_ioctl_do_snp_set_config(struct sev_issue_cmd *argp, bool writable return __sev_do_cmd_locked(SEV_CMD_SNP_CONFIG, &config, &argp->error); } +static int sev_ioctl_do_snp_vlek_load(struct sev_issue_cmd *argp, bool writable) +{ + struct sev_device *sev = psp_master->sev_data; + struct sev_user_data_snp_vlek_load input; + void *blob; + int ret; + + if (!sev->snp_initialized || !argp->data) + return -EINVAL; + + if (!writable) + return -EPERM; + + if (copy_from_user(&input, u64_to_user_ptr(argp->data), sizeof(input))) + return -EFAULT; + + if (input.len != sizeof(input) || input.vlek_wrapped_version != 0) + return -EINVAL; + + blob = psp_copy_user_blob(input.vlek_wrapped_address, + sizeof(struct sev_user_data_snp_wrapped_vlek_hashstick)); + if (IS_ERR(blob)) + return PTR_ERR(blob); + + input.vlek_wrapped_address = __psp_pa(blob); + + ret = __sev_do_cmd_locked(SEV_CMD_SNP_VLEK_LOAD, &input, &argp->error); + + kfree(blob); + + return ret; +} + static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) { void __user *argp = (void __user *)arg; @@ -2087,6 +2120,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) case SNP_SET_CONFIG: ret = sev_ioctl_do_snp_set_config(&input, writable); break; + case SNP_VLEK_LOAD: + ret = sev_ioctl_do_snp_vlek_load(&input, writable); + break; default: ret = -EINVAL; goto out; diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index b7a2c2ee35b7..2289b7c76c59 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -31,6 +31,7 @@ enum { SNP_PLATFORM_STATUS, SNP_COMMIT, SNP_SET_CONFIG, + SNP_VLEK_LOAD, SEV_MAX, }; @@ -214,6 +215,32 @@ struct sev_user_data_snp_config { __u8 rsvd1[52]; } __packed; +/** + * struct sev_data_snp_vlek_load - SNP_VLEK_LOAD structure + * + * @len: length of the command buffer read by the PSP + * @vlek_wrapped_version: version of wrapped VLEK hashstick (Must be 0h) + * @rsvd: reserved + * @vlek_wrapped_address: address of a wrapped VLEK hashstick + * (struct sev_user_data_snp_wrapped_vlek_hashstick) + */ +struct sev_user_data_snp_vlek_load { + __u32 len; /* In */ + __u8 vlek_wrapped_version; /* In */ + __u8 rsvd[3]; /* In */ + __u64 vlek_wrapped_address; /* In */ +} __packed; + +/** + * struct sev_user_data_snp_vlek_wrapped_vlek_hashstick - Wrapped VLEK data + * + * @data: Opaque data provided by AMD KDS (as described in SEV-SNP Firmware ABI + * 1.54, SNP_VLEK_LOAD) + */ +struct sev_user_data_snp_wrapped_vlek_hashstick { + __u8 data[432]; /* In */ +} __packed; + /** * struct sev_issue_cmd - SEV ioctl parameters * From patchwork Thu Apr 18 19:41:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 789986 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2079.outbound.protection.outlook.com [40.107.93.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 33C86184127; Thu, 18 Apr 2024 19:49:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.79 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469744; cv=fail; b=Efp4kTeCWVFwCs+rcQqHwdGWxarabRW0if0z8BTzcwo3kZIjmoch0kfMnD+ia12ma8dG7LwtoJwdj6s1uOf26W6sUOitbWE1T5xL49QhIBjpQRZZ4QFKVKGElcAdecV+0T94J+Ywfutbc5b14V7nj2aByOilXLyhWs75ctkW3DA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713469744; c=relaxed/simple; bh=TywdgYIs4nzhUrcOYx8QmJwkMBIybxLXfN7cAZwuPGc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=bmBjr20y/L3tlhOk9lhaYoNwECX94jMQk9zXkH5QjM1r2FRWvxkMjejLzamwf5LYsjcFIHwqKCM5ntIPBm6Poy8pWbP0XztjtcWFo/SDWpYEK9VxIu5Iocny6Z1nFyaLNmg3Dii6JdyOGFBR+DK5V2NjxflBkkXN3RjWpO+LyLk= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=b0+dBFW+; arc=fail smtp.client-ip=40.107.93.79 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="b0+dBFW+" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IMoEDIqQYfw291/yF01mkDVXoLBSzF/ibImjNp3z/d84AAiB4S0pPQLfD35Wyb6/fJcXBYrCTZe02BJLgvLsG2ZTAtvCWUEHfG4devi7QkequBoG/Cu79s7OYtBlP8MUDag0fuJ8ThC4L+hVz/JqYMR1+6L32YIdHpG57wBVv+AQN8ieyJVS2LugCsnEudkOIupKZqwnLc67qW2W6bnfpVA4qgL+yFglX9gXd32u1TvEDtlOhv21hCW6lQdSIiMahPeQFQhvsr4X/yQK6+27IUh4/CidzwfZh+MVA28thDHHTyW2Fl4+7R1oceQTZ1HilnE0FIRttShezBE1cyQggw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=odYMF9wN/jQkyJ9bByOpgiL8veyUMzdfUThcHu7U1Dk=; b=KzuYDijxY2gkxt9slmJCGkW2RVhn4EMbMrjVOjfKXR+IRYtQiPHexKXEbj0vch8mbBmaCpXZyCBHSIOT1GwdbS6KXcZMNhWf2dRSzzSUkEFs4eDQJuHzeJiNljqW1CMwKgPJ/Ah94M9+PaH7Thxy3WAlAhdJvg6abkREyPUF1wudg2L0lruS/FnL9RgQqIWFz2bNHppoSUcagQDEeflqLor8OkWkpq2M9VI5JHHsgL5LKQwRrDk7iPhMnD8gB2JrQFeFkMeshgiJ4DWDOqH/m0ywD8WSqYPcRjGuKm/MiAv9+/z4a2Lp2DZ1PvgU7WpBRb6hFi5iBaxUeoLPaLgE4w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=odYMF9wN/jQkyJ9bByOpgiL8veyUMzdfUThcHu7U1Dk=; b=b0+dBFW+W3QcO0F/vx/v8xqRJ9xOI65wRz2HpVqEoBr0rB5GkfBEW4Aeavi3kJTT+CFAJWW3iu6o3ZTc+w9H6VY9dsoAh9aw8HMtFIZPblCwLW6nLfY3nEtbhNN7ZqsXb0kSe885dLyEJ9AamR+qS/o3x35+UBJmuhHaapjtjxA= Received: from SN6PR08CA0010.namprd08.prod.outlook.com (2603:10b6:805:66::23) by SN7PR12MB7227.namprd12.prod.outlook.com (2603:10b6:806:2aa::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7452.50; Thu, 18 Apr 2024 19:48:58 +0000 Received: from SN1PEPF0002BA4E.namprd03.prod.outlook.com (2603:10b6:805:66:cafe::4f) by SN6PR08CA0010.outlook.office365.com (2603:10b6:805:66::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7495.28 via Frontend Transport; Thu, 18 Apr 2024 19:48:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF0002BA4E.mail.protection.outlook.com (10.167.242.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7452.22 via Frontend Transport; Thu, 18 Apr 2024 19:48:57 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 18 Apr 2024 14:48:57 -0500 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v13 26/26] KVM: SEV: Provide support for SNP_EXTENDED_GUEST_REQUEST NAE event Date: Thu, 18 Apr 2024 14:41:33 -0500 Message-ID: <20240418194133.1452059-27-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240418194133.1452059-1-michael.roth@amd.com> References: <20240418194133.1452059-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF0002BA4E:EE_|SN7PR12MB7227:EE_ X-MS-Office365-Filtering-Correlation-Id: 34b4a03a-5cf5-43ec-a3b6-08dc5fe09664 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 3OVYTlmvENaANFfoxB4n1wqPWAUjtqCfG5HFAcLl2vjWTMQXpTMLFpAQfLCUZpXdpjVSyhqYaSzdzaKY6bPupzx/BBUa4qF9X/6PBaS9rO0ImvoGtIyoysu4L5pxx6MINC2NwimjMa45OQUg6p59BnXlNPfKXuqk6LgkNUPNLz/5KaVgQ3cyXtmmp5aoSG2+cNmdSZMyjkOe0nXI+iRenB+sIXBvGfS38Vj8dhwvY0gxymWu16rjdNsGO59bkVF7YDy3kl0KkJ61OhsFIcSA6fahhXvxTdIW2tbTKqrdFlCh8htbQpw6SW2i1r811yvN1kGTa8S13jsWktJsT9VBLaOln11pU0iRhSWPXBayzbleyixVhyQLdNS2KVfU2AddumM84jT/xwdykF29kSAVo/FMNi0L/JWZgQS8f5mVMvbCAgyaRSTjsKlPegcmi9z9JK2ggaD/XYbdrCTE6ubNJkbBEcaVAfeISija0SLDXqkYJyiQCKgXXVullGgJh3wTIT6CzMuEyqDFVJDI8oCQKNh4q2kxIZiOlqiqeX4OgojUfD8dw7M8bETqqsajaBEQj/XinI1PONSHzPratyS4m4d3kaO87zY/DO2aybu7pu2rlPFrmK+cYzN6ILr63xjdvAMMR+Di+AzksTkvjmwKzdPcC0zMtMbMDivnYZwIUW5h3RdgM+g307PYSQEc2HJcMf1DM+DjXnTkcBXNIpRbv3y6/epFVPIyzpa+0e0yXQvrpYcJZTyX+bOctIRAVBjJ X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(36860700004)(1800799015)(82310400014)(376005)(7416005); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2024 19:48:57.9633 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 34b4a03a-5cf5-43ec-a3b6-08dc5fe09664 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF0002BA4E.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB7227 Version 2 of GHCB specification added support for the SNP Extended Guest Request Message NAE event. This event serves a nearly identical purpose to the previously-added SNP_GUEST_REQUEST event, but allows for additional certificate data to be supplied via an additional guest-supplied buffer to be used mainly for verifying the signature of an attestation report as returned by firmware. This certificate data is supplied by userspace, so unlike with SNP_GUEST_REQUEST events, SNP_EXTENDED_GUEST_REQUEST events are first forwarded to userspace via a KVM_EXIT_VMGEXIT exit type, and then the firmware request is made only afterward. Implement handling for these events. Since there is a potential for race conditions where the userspace-supplied certificate data may be out-of-sync relative to the reported TCB or VLEK that firmware will use when signing attestation reports, make use of the synchronization mechanisms wired up to the SNP_{PAUSE,RESUME}_ATTESTATION SEV device ioctls such that the guest will be told to retry the request while attestation has been paused due to an update being underway on the system. Signed-off-by: Michael Roth --- Documentation/virt/kvm/api.rst | 26 +++++++++++ arch/x86/include/asm/sev.h | 6 +++ arch/x86/kvm/svm/sev.c | 82 ++++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.h | 3 ++ arch/x86/virt/svm/sev.c | 37 +++++++++++++++ include/uapi/linux/kvm.h | 6 +++ 6 files changed, 160 insertions(+) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 85099198a10f..6cf186ed8f66 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -7066,6 +7066,7 @@ values in kvm_run even if the corresponding bit in kvm_dirty_regs is not set. struct kvm_user_vmgexit { #define KVM_USER_VMGEXIT_PSC_MSR 1 #define KVM_USER_VMGEXIT_PSC 2 + #define KVM_USER_VMGEXIT_EXT_GUEST_REQ 3 __u32 type; /* KVM_USER_VMGEXIT_* type */ union { struct { @@ -7079,6 +7080,11 @@ values in kvm_run even if the corresponding bit in kvm_dirty_regs is not set. __u64 shared_gpa; __u64 ret; } psc; + struct { + __u64 data_gpa; + __u64 data_npages; + __u32 ret; + } ext_guest_req; }; }; @@ -7108,6 +7114,26 @@ private/shared state. Userspace will return a value in 'ret' that is in agreement with the GHCB-defined return values that the guest will expect in the SW_EXITINFO2 field of the GHCB in response to these requests. +For the KVM_USER_VMGEXIT_EXT_GUEST_REQ type, the ext_guest_req union type +is used. The kernel will supply in 'data_gpa' the value the guest supplies +via the RAX field of the GHCB when issued extended guest requests. +'data_npages' will similarly contain the value the guest supplies in RBX +denoting the number of shared pages available to write the certificate +data into. + + - If the supplied number of pages is sufficient, userspace should write + the certificate data blob (in the format defined by the GHCB spec) in + the address indicated by 'data_gpa' and set 'ret' to 0. + + - If the number of pages supplied is not sufficient, userspace must write + the required number of pages in 'data_npages' and then set 'ret' to 1. + + - If userspace is temporarily unable to handle the request, 'ret' should + be set to 2 to inform the guest to retry later. + + - If some other error occurred, userspace should set 'ret' to a non-zero + value that is distinct from the specific return values mentioned above. + 6. Capabilities that can be enabled on vCPUs ============================================ diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index baf223eb5633..65a012f6bcb4 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -276,6 +276,9 @@ void snp_leak_pages(u64 pfn, unsigned int npages); void kdump_sev_callback(void); int snp_pause_attestation(u64 *transaction_id); void snp_resume_attestation(u64 *transaction_id); +u64 snp_transaction_get_id(void); +bool __snp_transaction_is_stale(u64 transaction_id); +bool snp_transaction_is_stale(u64 transaction_id); #else static inline bool snp_probe_rmptable_info(void) { return false; } static inline int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level) { return -ENODEV; } @@ -291,6 +294,9 @@ static inline void snp_leak_pages(u64 pfn, unsigned int npages) {} static inline void kdump_sev_callback(void) { } static inline int snp_pause_attestation(u64 *transaction_id) { return 0; } static inline void snp_resume_attestation(u64 *transaction_id) {} +static inline u64 snp_transaction_get_id(void) { return 0; } +static inline bool __snp_transaction_is_stale(u64 transaction_id) { return false; } +static inline bool snp_transaction_is_stale(u64 transaction_id) { return false; } #endif #endif diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 953f00ddf31b..8ba29b2b2b0a 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3283,6 +3283,7 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) case SVM_VMGEXIT_PSC: case SVM_VMGEXIT_TERM_REQUEST: case SVM_VMGEXIT_GUEST_REQUEST: + case SVM_VMGEXIT_EXT_GUEST_REQUEST: break; default: reason = GHCB_ERR_INVALID_EVENT; @@ -3803,6 +3804,84 @@ static void snp_handle_guest_req(struct vcpu_svm *svm, gpa_t req_gpa, gpa_t resp ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, SNP_GUEST_ERR(vmm_ret, fw_err)); } +static int snp_complete_ext_guest_req(struct kvm_vcpu *vcpu) +{ + struct vcpu_svm *svm = to_svm(vcpu); + struct vmcb_control_area *control; + struct kvm *kvm = vcpu->kvm; + sev_ret_code fw_err = 0; + int vmm_ret; + + vmm_ret = vcpu->run->vmgexit.ext_guest_req.ret; + if (vmm_ret) { + if (vmm_ret == SNP_GUEST_VMM_ERR_INVALID_LEN) + vcpu->arch.regs[VCPU_REGS_RBX] = + vcpu->run->vmgexit.ext_guest_req.data_npages; + goto abort_request; + } + + control = &svm->vmcb->control; + + /* + * To avoid the message sequence number getting out of sync between the + * actual value seen by firmware verses the value expected by the guest, + * make sure attestations can't get paused on the write-side at this + * point by holding the lock for the entire duration of the firmware + * request so that there is no situation where SNP_GUEST_VMM_ERR_BUSY + * would need to be returned after firmware sees the request. + */ + mutex_lock(&snp_pause_attestation_lock); + + if (__snp_transaction_is_stale(svm->snp_transaction_id)) + vmm_ret = SNP_GUEST_VMM_ERR_BUSY; + else if (!__snp_handle_guest_req(kvm, control->exit_info_1, + control->exit_info_2, &fw_err)) + vmm_ret = SNP_GUEST_VMM_ERR_GENERIC; + + mutex_unlock(&snp_pause_attestation_lock); + +abort_request: + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, SNP_GUEST_ERR(vmm_ret, fw_err)); + + return 1; /* resume guest */ +} + +static int snp_begin_ext_guest_req(struct kvm_vcpu *vcpu) +{ + int vmm_ret = SNP_GUEST_VMM_ERR_GENERIC; + struct vcpu_svm *svm = to_svm(vcpu); + unsigned long data_npages; + sev_ret_code fw_err; + gpa_t data_gpa; + + if (!sev_snp_guest(vcpu->kvm)) + goto abort_request; + + data_gpa = vcpu->arch.regs[VCPU_REGS_RAX]; + data_npages = vcpu->arch.regs[VCPU_REGS_RBX]; + + if (!IS_ALIGNED(data_gpa, PAGE_SIZE)) + goto abort_request; + + svm->snp_transaction_id = snp_transaction_get_id(); + if (snp_transaction_is_stale(svm->snp_transaction_id)) { + vmm_ret = SNP_GUEST_VMM_ERR_BUSY; + goto abort_request; + } + + vcpu->run->exit_reason = KVM_EXIT_VMGEXIT; + vcpu->run->vmgexit.type = KVM_USER_VMGEXIT_EXT_GUEST_REQ; + vcpu->run->vmgexit.ext_guest_req.data_gpa = data_gpa; + vcpu->run->vmgexit.ext_guest_req.data_npages = data_npages; + vcpu->arch.complete_userspace_io = snp_complete_ext_guest_req; + + return 0; /* forward request to userspace */ + +abort_request: + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, SNP_GUEST_ERR(vmm_ret, fw_err)); + return 1; /* resume guest */ +} + static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) { struct vmcb_control_area *control = &svm->vmcb->control; @@ -4067,6 +4146,9 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) snp_handle_guest_req(svm, control->exit_info_1, control->exit_info_2); ret = 1; break; + case SVM_VMGEXIT_EXT_GUEST_REQUEST: + ret = snp_begin_ext_guest_req(vcpu); + break; case SVM_VMGEXIT_UNSUPPORTED_EVENT: vcpu_unimpl(vcpu, "vmgexit: unsupported event - exit_info_1=%#llx, exit_info_2=%#llx\n", diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 8a8ee475ad86..28140bc8af27 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -303,6 +303,9 @@ struct vcpu_svm { /* Guest GIF value, used when vGIF is not enabled */ bool guest_gif; + + /* Transaction ID associated with SNP config updates */ + u64 snp_transaction_id; }; struct svm_cpu_data { diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c index b75f2e7d4012..f1f7486a3dcf 100644 --- a/arch/x86/virt/svm/sev.c +++ b/arch/x86/virt/svm/sev.c @@ -72,6 +72,7 @@ static unsigned long snp_nr_leaked_pages; /* For synchronizing TCB/certificate updates with extended guest requests */ DEFINE_MUTEX(snp_pause_attestation_lock); +EXPORT_SYMBOL_GPL(snp_pause_attestation_lock); static u64 snp_transaction_id; static bool snp_attestation_paused; @@ -611,3 +612,39 @@ void snp_resume_attestation(u64 *transaction_id) mutex_unlock(&snp_pause_attestation_lock); } EXPORT_SYMBOL_GPL(snp_resume_attestation); + +u64 snp_transaction_get_id(void) +{ + u64 id; + + mutex_lock(&snp_pause_attestation_lock); + id = snp_transaction_id; + mutex_unlock(&snp_pause_attestation_lock); + + return id; +} +EXPORT_SYMBOL_GPL(snp_transaction_get_id); + +/* Must be called with snp_pause_attestion_lock held */ +bool __snp_transaction_is_stale(u64 transaction_id) +{ + lockdep_assert_held(&snp_pause_attestation_lock); + + return (snp_attestation_paused || + transaction_id != snp_transaction_id); +} +EXPORT_SYMBOL_GPL(__snp_transaction_is_stale); + +bool snp_transaction_is_stale(u64 transaction_id) +{ + bool stale; + + mutex_lock(&snp_pause_attestation_lock); + + stale = __snp_transaction_is_stale(transaction_id); + + mutex_unlock(&snp_pause_attestation_lock); + + return stale; +} +EXPORT_SYMBOL_GPL(snp_transaction_is_stale); diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index e33c48bfbd67..585de3a2591e 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -138,6 +138,7 @@ struct kvm_xen_exit { struct kvm_user_vmgexit { #define KVM_USER_VMGEXIT_PSC_MSR 1 #define KVM_USER_VMGEXIT_PSC 2 +#define KVM_USER_VMGEXIT_EXT_GUEST_REQ 3 __u32 type; /* KVM_USER_VMGEXIT_* type */ union { struct { @@ -151,6 +152,11 @@ struct kvm_user_vmgexit { __u64 shared_gpa; __u64 ret; } psc; + struct { + __u64 data_gpa; + __u64 data_npages; + __u32 ret; + } ext_guest_req; }; };