From patchwork Fri Jan 26 04:11:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766958 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2049.outbound.protection.outlook.com [40.107.220.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 47AF513AF0; Fri, 26 Jan 2024 04:45:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.49 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244306; cv=fail; b=QrL9czxUIXUGo+M3d/v5SlViQdboKX7IKRPB8xTdwVRq0RiYQDf9qyT9UA5RESd0alIe/cVIB+pn7F1lQRrz8fr64rfsVsJQC9R8hj7ncPyNZ8A6DNlUb8ABTOZ11yEDYvav4+ReEmqhwEbE/r7HnSKCWpZoIW7XW8F3GJzkxSI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244306; c=relaxed/simple; bh=76BTXg4sALymSfPCL0b04xry2EXH4Znpc+QY3WSWfeY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=JNfRQOiVB4PDY2umqx3amVohIxZouE7+xSDdzW0TJbXdx383OeBv3NG243eF6yHKF35q2p3l3PLorvHPq2jVPiglkPPJgDv8iT/m9+4s0J2WNRWLUUuJ/scKAWZaIJuvpnl5iBhoPaYFE/3a0wN/Dxf+C7bV7JLBhFcaF3dbj3o= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=TFrl5xVk; arc=fail smtp.client-ip=40.107.220.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="TFrl5xVk" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NORmJmUq3hewCRKzFyyxWUYGy181Yq8fpWCoEtHsennHv4epf324Y8riNOB3LU9ZNn45GTseD7Zryh3VxbUdWIERUBiy9qZ3cCGj5l0miNaR+Q/WnRhVq8Boc5/hRGimEv4Umrywio/krRR4gGcwhZtJHUbCQLi05JJsApBvKbYfUfbV8P6PFeNbfikxeFsvPdn1JOBtuBHqJ82jax3+aprGW2jw9CqQyo7WiN6S5cNEw83BWNJjHvCq5RjEZTS/eN2/rCTa0ZZ5q3VOdDqwewmiA8ynhQ6mGOVHHs77bBQ7ZRiDV4gizylkbt9So915UTrTBhLR5xGwLYI7B61WNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZrwuA+myy/OhKqqUcE+jpu3j4mlNa0YdB31jV4lASGo=; b=K+rj3c7t03BUAfAcIcXSI0tCMtbVUS8c1MKFlBzs2YojsrU2VCbcMajD8Lv73Ze/EGO4GXaWFb06Kl1TlJmuhkHwmfcOv1zV9UEb4plTiDRTuMmyh7+jP6OJpy7I/etEy+EHEVXDNm8AkGbhaBsenQFtY9m4la3SEz4Dm9XxU657rCy6TSpsXmaskgMYpqJC0sdKnmmZ00m1nKFIeuSfla5Yr5j+lpSuUcGJUx2KV3nRwh+NgM6fV7ejXOdMBuDyZKquJaqFzyT5p8Kl+M9FS8t06Xe707jwZ48TPpH/QHv52PyYceglRRCLGdxKwufNyzSxADNB/p8qB21RNIWHrA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZrwuA+myy/OhKqqUcE+jpu3j4mlNa0YdB31jV4lASGo=; b=TFrl5xVk28GpKG7SBiKvyf5FUcIFy7LLlN+f7WhNBuZVPWXflzykkEKEBvtNs5GcvYP9k10Ia99BFYVQH8dMF6qVn723ULxjQdgc0TAGoIfp9ePRET3t2dJFPqqvF9HxvSHYVQH5QhdkyJeYhhslN2hTiTMGgFYwwQgkQU0DuhQ= Received: from MW4PR04CA0216.namprd04.prod.outlook.com (2603:10b6:303:87::11) by IA1PR12MB7517.namprd12.prod.outlook.com (2603:10b6:208:41a::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.26; Fri, 26 Jan 2024 04:45:00 +0000 Received: from MWH0EPF000971E2.namprd02.prod.outlook.com (2603:10b6:303:87:cafe::42) by MW4PR04CA0216.outlook.office365.com (2603:10b6:303:87::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.26 via Frontend Transport; Fri, 26 Jan 2024 04:45:00 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000971E2.mail.protection.outlook.com (10.167.243.69) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:45:00 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:44:59 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh , Jarkko Sakkinen , Ashish Kalra Subject: [PATCH v2 01/25] x86/cpufeatures: Add SEV-SNP CPU feature Date: Thu, 25 Jan 2024 22:11:01 -0600 Message-ID: <20240126041126.1927228-2-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000971E2:EE_|IA1PR12MB7517:EE_ X-MS-Office365-Filtering-Correlation-Id: 927a4435-6866-4501-2d90-08dc1e298de7 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: z14I7UH0O9zJcJLtj9u6+VPOuiymI6TtN+U49b4OsPyNha/EU6UHwXGGrlmJmevM8A62piUIw/446E1+tuvDWMAxGN5E2Ji0jBFXnJwfbk9yf8zupv61R7N91MKi9IxLZBIS6k7EdgwpgoTcibGDVGcNavJzKWDcjpWIEXd8GAv+avX++pOY/7sW2EyPPWb/LFhIL4nh7728QEnX8UiKRthRCsVetIkIY+WFTQCShLiVytesSownful9bTRAPGbDABZJWct5l9SPh7kUts9UayjTt77SsQUCVQEH9oJfJcpgGg+d4fptjV9ByzixchVrlWUTeVO48YOe0ueizAJ5m4Lhi+Juwi3v76+3FhImY6+e9wkhKc4k5Q3D3LOY4QNs/21CJ+vWFQmeRt7TGJXLro34QJw6SAapcJY/YW44/dmbZrVWAalyzeAR7UOCFtCSy77Tlq+2gUaNjgPbI+o9RUTpkk1u+dNbzgvRdYcxNcMf0GpBNHVX4heEVK4mQ0wubXuXRxxBIcJnRH+He3uy0i6JaNIMbMPBa7sj1mJj5DsDsEsNnIXyWjsARf/g7yvWlEyLaEE2fOrsemXy+I00IolHCCgNlYejkqbhO0wkt7ZQ5MeznZk7nvaT2sBDDrQrhS0QGxP4xkGalbNR2TIMssJ7E13+j1ZoVzjpZag1fS//0MuMp4Q78ti5kq5aelL3mSA2IZL2UdJtATYvIs8gpMu+WCqViay5aQKcKivpP21ZIaErWJCqhPivdvrT6c4+v1riFbyRYbxPJUz3QEnEFA== X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(396003)(376002)(346002)(136003)(39860400002)(230922051799003)(1800799012)(186009)(82310400011)(64100799003)(451199024)(46966006)(36840700001)(40470700004)(40480700001)(40460700003)(5660300002)(426003)(336012)(26005)(16526019)(70206006)(70586007)(54906003)(6916009)(2906002)(7406005)(7416002)(83380400001)(6666004)(316002)(478600001)(8676002)(44832011)(4326008)(1076003)(2616005)(8936002)(82740400003)(81166007)(356005)(47076005)(86362001)(36860700001)(41300700001)(36756003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:45:00.1435 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 927a4435-6866-4501-2d90-08dc1e298de7 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000971E2.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB7517 From: Brijesh Singh Add CPU feature detection for Secure Encrypted Virtualization with Secure Nested Paging. This feature adds a strong memory integrity protection to help prevent malicious hypervisor-based attacks like data replay, memory re-mapping, and more. Since enabling the SNP CPU feature imposes a number of additional requirements on host initialization and handling legacy firmware APIs for SEV/SEV-ES guests, only introduce the CPU feature bit so that the relevant handling can be added, but leave it disabled via a disabled-features mask. Once all the necessary changes needed to maintain legacy SEV/SEV-ES support are introduced in subsequent patches, the SNP feature bit will be unmasked/enabled. Signed-off-by: Brijesh Singh Signed-off-by: Jarkko Sakkinen Signed-off-by: Ashish Kalra Signed-off-by: Michael Roth --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/disabled-features.h | 4 +++- arch/x86/kernel/cpu/amd.c | 5 +++-- tools/arch/x86/include/asm/cpufeatures.h | 1 + 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index fdf723b6f6d0..0fa702673e73 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -440,6 +440,7 @@ #define X86_FEATURE_SEV (19*32+ 1) /* AMD Secure Encrypted Virtualization */ #define X86_FEATURE_VM_PAGE_FLUSH (19*32+ 2) /* "" VM Page Flush MSR is supported */ #define X86_FEATURE_SEV_ES (19*32+ 3) /* AMD Secure Encrypted Virtualization - Encrypted State */ +#define X86_FEATURE_SEV_SNP (19*32+ 4) /* AMD Secure Encrypted Virtualization - Secure Nested Paging */ #define X86_FEATURE_V_TSC_AUX (19*32+ 9) /* "" Virtual TSC_AUX */ #define X86_FEATURE_SME_COHERENT (19*32+10) /* "" AMD hardware-enforced cache coherency */ #define X86_FEATURE_DEBUG_SWAP (19*32+14) /* AMD SEV-ES full debug state swap support */ diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h index 36d0c1e05e60..1ea64d4e7021 100644 --- a/arch/x86/include/asm/disabled-features.h +++ b/arch/x86/include/asm/disabled-features.h @@ -117,6 +117,8 @@ #define DISABLE_IBT (1 << (X86_FEATURE_IBT & 31)) #endif +#define DISABLE_SEV_SNP (1 << (X86_FEATURE_SEV_SNP & 31)) + /* * Make sure to add features to the correct mask */ @@ -141,7 +143,7 @@ DISABLE_ENQCMD) #define DISABLED_MASK17 0 #define DISABLED_MASK18 (DISABLE_IBT) -#define DISABLED_MASK19 0 +#define DISABLED_MASK19 (DISABLE_SEV_SNP) #define DISABLED_MASK20 0 #define DISABLED_MASK_CHECK BUILD_BUG_ON_ZERO(NCAPINTS != 21) diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index 34e5c2cb8042..79153e9b92b5 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -602,8 +602,8 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c) * SME feature (set in scattered.c). * If the kernel has not enabled SME via any means then * don't advertise the SME feature. - * For SEV: If BIOS has not enabled SEV then don't advertise the - * SEV and SEV_ES feature (set in scattered.c). + * For SEV: If BIOS has not enabled SEV then don't advertise SEV and + * any additional functionality based on it. * * In all cases, since support for SME and SEV requires long mode, * don't advertise the feature under CONFIG_X86_32. @@ -638,6 +638,7 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c) clear_sev: setup_clear_cpu_cap(X86_FEATURE_SEV); setup_clear_cpu_cap(X86_FEATURE_SEV_ES); + setup_clear_cpu_cap(X86_FEATURE_SEV_SNP); } } diff --git a/tools/arch/x86/include/asm/cpufeatures.h b/tools/arch/x86/include/asm/cpufeatures.h index f4542d2718f4..e58bd69356ee 100644 --- a/tools/arch/x86/include/asm/cpufeatures.h +++ b/tools/arch/x86/include/asm/cpufeatures.h @@ -437,6 +437,7 @@ #define X86_FEATURE_SEV (19*32+ 1) /* AMD Secure Encrypted Virtualization */ #define X86_FEATURE_VM_PAGE_FLUSH (19*32+ 2) /* "" VM Page Flush MSR is supported */ #define X86_FEATURE_SEV_ES (19*32+ 3) /* AMD Secure Encrypted Virtualization - Encrypted State */ +#define X86_FEATURE_SEV_SNP (19*32+ 4) /* AMD Secure Encrypted Virtualization - Secure Nested Paging */ #define X86_FEATURE_V_TSC_AUX (19*32+ 9) /* "" Virtual TSC_AUX */ #define X86_FEATURE_SME_COHERENT (19*32+10) /* "" AMD hardware-enforced cache coherency */ #define X86_FEATURE_DEBUG_SWAP (19*32+14) /* AMD SEV-ES full debug state swap support */ From patchwork Fri Jan 26 04:11:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766955 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2054.outbound.protection.outlook.com [40.107.93.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3A30914271; Fri, 26 Jan 2024 04:47:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.54 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244429; cv=fail; b=Y5oxP8cJVQ+9XRGqexrKjENNOTIksfKKxwySd2FdZ5++27PPCn/TOo22Xr7BJubI0UZ5chHhgM5+yRXsyAT75uNDe9RdBlPT/RPlRNJVDZUtZk4bJkfsL5OFBo/2TM4oGM+6eghz9d2BgJTVP1Nkwcfla0S4n71DsPwpkOa/hdg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244429; c=relaxed/simple; bh=PNdzzfGx9ahSVL9ujRxHwj9+OpHXi2TWOg5j8N6Fcyo=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=V0II68Bi70u0N186YLVSf/LKqaoztp1cffbGipgp/+V6hhz2e2RaxdwkqeUWaqB6NZxGixponA1j95Iqk1POp/zCDRhF9dI2XywSsRkEyZWXsGwxCyuiXdDUDOQ/Px/tHrH0EBkUINVm4HiHfRo1N5Ttx8h76nnb/lO3fF7zyU8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=g7M43fZ2; arc=fail smtp.client-ip=40.107.93.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="g7M43fZ2" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=S1DTrrrnFBhNV5pH5i1/g1svc2pOWwA6mbno5u1u6jQoIR6X0OEXQcIq4q8qHppLbdtP4qBVIDCkRf7pd+/6thOxS01jXqfIiseR9qWTRUuR/hBS46Lwgwjf1BjTBhAbLmbf2ZyMy+TX4Io/FNJEo0lQAitTEvnFytN88LDv9ezeLMvwOQ50FCQLreCHl16wT22YYGTAoJBmltEdqICt4pc00thAsF7rJDPQ7CSBhordYox9tsYc3S3bnjdWeRYDYm3y9OvVK2fF0VueFPlDFUCFO9SIpJPrG/f+fk/qtqSgdEQCFYhBfhypzcwvT7m8IquQYRlf9othIKxD+MxONw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=42bfQ6FeSVGZCam3Ke+AMjdPhfDYAoqjZO55LNOmw0E=; b=FHx2D6PZoZd8AXxyflBKlaH7SoO74ERApwJRBbmy9goF9e58cFXg2Ro1GEFeto1b6o4j7ibgiJU//CLQi6EwYImXRozUXK6Cx0YTVOkagw4UToeOMnYLVzbeI3TQVXjl/q614SqMTuR6cfq3dosla2rCBm7xHpcyoU0WAldsNE5UtjC49qikHUaKNrSdHsjZQzJQF19rf+K0LNbIYwgnqBNOoXiEqw+OkQwPdH7DmyFJj5IOHKv5yCHFhro0eM9lMqXUHfDE86H4kyljz5jcnrIv2p8QbvYJwmILa/szwTpbco9oz1I0EoCGfwvlHOcpV7Wdi11Mfo8qtV9sVhwPAQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=42bfQ6FeSVGZCam3Ke+AMjdPhfDYAoqjZO55LNOmw0E=; b=g7M43fZ2184zswG+joUmgvnGGK+5ZAgKnlNvpuK+a/RFJa3hn88deiXQ9UJ71uZt69heDVoc2Q7Np5FCKsG7XmfhEeX8KX/Vh5BZG71VgMAswvMI0L0rJ/2xGTSEKTsegaPrZburUjZwUvs6hyKzrdZd6Ll3j8WaS5gX36mme3I= Received: from CH0PR08CA0025.namprd08.prod.outlook.com (2603:10b6:610:33::30) by BL1PR12MB5995.namprd12.prod.outlook.com (2603:10b6:208:39b::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27; Fri, 26 Jan 2024 04:47:05 +0000 Received: from DS2PEPF0000343C.namprd02.prod.outlook.com (2603:10b6:610:33:cafe::93) by CH0PR08CA0025.outlook.office365.com (2603:10b6:610:33::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.26 via Frontend Transport; Fri, 26 Jan 2024 04:47:05 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343C.mail.protection.outlook.com (10.167.18.39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:47:04 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:47:04 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Kim Phillips , Dave Hansen Subject: [PATCH v2 02/25] x86/speculation: Do not enable Automatic IBRS if SEV SNP is enabled Date: Thu, 25 Jan 2024 22:11:02 -0600 Message-ID: <20240126041126.1927228-3-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343C:EE_|BL1PR12MB5995:EE_ X-MS-Office365-Filtering-Correlation-Id: 75451af7-cfca-47bc-91bb-08dc1e29d834 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: PPYG51viIBgn3zzeikdi6PnXSoSYJYqYcUwGNM7bWLs/PMAfI/4RLnOjnw99COLAewhy6+XExTVpGi8jLR/fTeZyEVz05bKCIxAr56XQkzqWzk0NF9hWNYDOHxagxJNde3EBpy+SE991JzXL3qAlwJBtTgniP0NSwhhX5HJCT6F2PLCYnc7a3hzy9fn/BRuZihVqgt2fUVivFY5jM8SIOqR/LkmQyDDGXks/2VfUG9RNl4YpCOxDeLzff5+08VlmhfrON3/FV09Hl1SQLHliPVfnCrMq0BArPOjtrWS10EfG6MU/Fe8D/WPvRSHFNomxSedKlFNyS7qPEx7mecZmCkyzrZQE48Pc38kc+a2Mc+NHsT/tPKQgMcJYDnOh3+M28c7kBW4iVb7BraGGQKeVyV3uOyA11EjNdiuVYvfcfkNvA8/0kqc0dHX1YdvBNxNYfYoFZ1L//6vYY8VziGN9ebNOviIT08MaNG6mRdGvnIJHw6OyNIpi6rByr6K8PR5CWjIVZhkoNDBo67NnsAsED1iZTTqtfjyHeBK8QSxTfmaotsXXF5tum6c4LOrIc48dNLLzKIxWY+3Gsydq2pUl+ggB3su84F6UslVfJwuf30DX2E9rAnMXKONaXpN8gJidQvj0W/vdvtQJg/mXg1U947M6g/n2DrUMbOPhwET66tQ4qsA8b4eynvtca8OtndfBXrnS9XdvNrM9HvMyCwPRchDgDVAtdz5K0c5Tc1NfNMSPIVxOW5qGQR0bfh66CEFD3UIb4z+/A9RpV+F91kaBLw== X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(396003)(376002)(136003)(39860400002)(346002)(230922051799003)(186009)(64100799003)(451199024)(82310400011)(1800799012)(40470700004)(46966006)(36840700001)(8676002)(7406005)(7416002)(8936002)(4326008)(2906002)(316002)(70206006)(44832011)(5660300002)(86362001)(70586007)(6916009)(36860700001)(36756003)(47076005)(54906003)(356005)(82740400003)(478600001)(81166007)(2616005)(1076003)(426003)(336012)(41300700001)(40480700001)(26005)(40460700003)(16526019)(83380400001)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:47:04.8802 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 75451af7-cfca-47bc-91bb-08dc1e29d834 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343C.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR12MB5995 From: Kim Phillips Without SEV-SNP, Automatic IBRS protects only the kernel. But when SEV-SNP is enabled, the Automatic IBRS protection umbrella widens to all host-side code, including userspace. This protection comes at a cost: reduced userspace indirect branch performance. To avoid this performance loss, don't use Automatic IBRS on SEV-SNP hosts. Fall back to retpolines instead. Signed-off-by: Kim Phillips Acked-by: Dave Hansen [mdr: squash in changes from review discussion] Signed-off-by: Michael Roth --- arch/x86/kernel/cpu/common.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 8f367d376520..6b253440ea72 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1355,8 +1355,13 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) /* * AMD's AutoIBRS is equivalent to Intel's eIBRS - use the Intel feature * flag and protect from vendor-specific bugs via the whitelist. + * + * Don't use AutoIBRS when SNP is enabled because it degrades host + * userspace indirect branch performance. */ - if ((ia32_cap & ARCH_CAP_IBRS_ALL) || cpu_has(c, X86_FEATURE_AUTOIBRS)) { + if ((ia32_cap & ARCH_CAP_IBRS_ALL) || + (cpu_has(c, X86_FEATURE_AUTOIBRS) && + !cpu_feature_enabled(X86_FEATURE_SEV_SNP))) { setup_force_cpu_cap(X86_FEATURE_IBRS_ENHANCED); if (!cpu_matches(cpu_vuln_whitelist, NO_EIBRS_PBRSB) && !(ia32_cap & ARCH_CAP_PBRSB_NO)) From patchwork Fri Jan 26 04:11:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766554 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2075.outbound.protection.outlook.com [40.107.237.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0F3CA14286; Fri, 26 Jan 2024 04:47:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.75 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244449; cv=fail; b=h7GBuG2Hfrqen79u9drT6TjYph7w+//tR8cWTH3kWqqI413kS8PV0/ptV4bS/aob9Ro5UqbtfTQg5FFVU1UwbHu9+JFsl1YJnsOTwVY1DoPQ04KqgwZuSGM4SfFXysHR6QwexWwEiB8kASw2xOUc6Xdj+GTguWJu4GFGUgrtZbs= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244449; c=relaxed/simple; bh=FEBkCvDTVqpmwe28vX81GS+793UVHWDFXoV3nW49ObI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=REXUIGdYL+Qb3FJF41tknTSm5yVDpbVn6DNhATmI+m5SE8vtdi5MwA59sgY77vbBfVgIf2mFqi01PZPkqISSbHrW1am2Zvkq4Sa3TOnVT3ONQU3uUXhcrRS2e8OOjEe+REO0rJHajhSETjJzNWeINZB4JabUtGhQzU8ezkz++NA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=tT6aYyvF; arc=fail smtp.client-ip=40.107.237.75 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="tT6aYyvF" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ceoRQrq+IgLVVDpLxXpGqbP2qWiAqQJZRjBXkcDuGHZIsbbOwTQe5oQ5lsgLYMUaiMhmC3zbalTmLmfXJ6p36kW5GGhC42LPOrXBmKDDP4SqHOWIuddiwBbGgjQY3UpIE0tiA84noJSpTA+a6wgXCR89zWEAnrH2YWbE9uxxIHJws097AIVCwIprjE0yc6ROTeLAvn7BPw5hMWp+AWMHx2uuYOKU1hUtYL7Dz9242SgsOKT+qhpvNyatQfSrA8YxB9gOxQ1xAX+IdP7kdqD8kQTnKQ3eyhiu6jTeV7xhVLGtVCOTg18nucC9CV3tZSSwT6U7k41b+BqrXsBaM7lzig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NBek176QqoHkHFTnqUlqsPM+BztDxiraqcjGfbpN8I0=; b=e9FqhDffu3LV9vRMBDFdI+FCKQPPaHIrTSgfOQDiLEm8azQgTsSWUnR29rlnZ9KJNfvN3uTd3g2MjMg2obMjDMCy7aRF9TdRAuluKw28wwDdaCv1cXQzE5D0CWc9BfVJMxz11spbbFl8YMWRq5VInYAmah1VWah3dzVshIV+L4wNkh5XfGC6gvkh5ANJLMvpcRJReyKlFljRQ9CK9O//+xIuu0f0RLBqT6AEeTDECMzaVBfwM7tQZcTsQxArlK6Qiqz1gdy23huxz2ZabHkuXQggvUTn1hCkPJvnMOjzDR89ODEmk2S2CQ9fUAd02V/FUUYvkkM6OqaJfgUa2uH8ZA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NBek176QqoHkHFTnqUlqsPM+BztDxiraqcjGfbpN8I0=; b=tT6aYyvFZIPmWVEX7yoNV/udFFop7tAqdIBEj7/rDOQQ1GYu62/md7mXYdgxL5c0m8P5G549nA4AS1cOrfCrWm75ZQHFdjE1mOJN3ZkcdNbxKRBZjloqZD3Upk4w8B//zKo5we/TvsiRCrvj0ceODnv5k3SC5glC62qThXT7YM4= Received: from DM6PR02CA0145.namprd02.prod.outlook.com (2603:10b6:5:332::12) by CH3PR12MB8852.namprd12.prod.outlook.com (2603:10b6:610:17d::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27; Fri, 26 Jan 2024 04:47:25 +0000 Received: from DS2PEPF0000343E.namprd02.prod.outlook.com (2603:10b6:5:332:cafe::7a) by DM6PR02CA0145.outlook.office365.com (2603:10b6:5:332::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27 via Frontend Transport; Fri, 26 Jan 2024 04:47:25 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343E.mail.protection.outlook.com (10.167.18.41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:47:25 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:47:24 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v2 03/25] iommu/amd: Don't rely on external callers to enable IOMMU SNP support Date: Thu, 25 Jan 2024 22:11:03 -0600 Message-ID: <20240126041126.1927228-4-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343E:EE_|CH3PR12MB8852:EE_ X-MS-Office365-Filtering-Correlation-Id: 07423e29-4b92-4799-7cb8-08dc1e29e47f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: l9wmNHlYa0mNiXk1c/w2oBNPwghxyOcOYuUY/vTjt4cDvVZtaDMtbHcbk8k+ZlAT+jb1fLkw20kMbY5/PWQz9YsqA40108eDRRficOq2Wh7TEi0H1fg5JvBThKAp+8KUzaPZh2Pd6mVl/FZQlHDXRxIr3/wRqgATuw4yMPvUew8w72PQowGjLyfnQjYq0D6F8aFrFl7eEsrGxrZS9qMYTqT7rsNT6w1FH9siXejLGhQee3qma/i0AdLPjm3bhu5p3PYFOG1VCwi0W0etmeQe/sPSYY54czCLtF8V1Q5+p9tg7sB97L1TWxSoubR8pyDBe89mZMALk9xz1OH9IVwloVSePkQdn+OvMLRoRakxqgunBbn3AjkHM0acxCAixoBzphUxeYjJ1Ce/BWc/gff4vtmcNAUlVELUhstAtzhAm4z7nQ0ms0QqDKajb9a9gf2VBfuZbfHE2Bg29k1hTruxpS3WPzJAI+UqvXKgwhlAPQBSp/aa28eyHUDPZzZ14FvCUwmdCZYJReknACfYY5gEg/62/YyYjuSFmFAmqWBEzADWCbBzzp6CxlIjd4hlw8qDiE0vfuLFwHu9T6M2FKNSYVh8OTtwWUbqb4TPz7tN8YX0von70WiF6wJprGV6G6Ja1vqnlhYjcS3PdQK3LqWi995vQLafJxfzMrI/wn2N+JFbw7LJYB6luY029n0VnNDgVApgxO6tF1OTXwSik30YV+xzBVC1d3xr1pJSlWT4qd1bn7lZcBvTOJQeCLMEdPiVQS3atMc5bSTjfufAfHUNjA== X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(346002)(396003)(376002)(136003)(39860400002)(230922051799003)(82310400011)(451199024)(186009)(1800799012)(64100799003)(36840700001)(46966006)(40470700004)(40460700003)(40480700001)(41300700001)(83380400001)(86362001)(36756003)(82740400003)(356005)(81166007)(36860700001)(44832011)(47076005)(1076003)(26005)(2616005)(16526019)(426003)(336012)(2906002)(478600001)(70206006)(6666004)(6916009)(70586007)(316002)(54906003)(4326008)(5660300002)(8676002)(7416002)(8936002)(7406005)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:47:25.5039 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 07423e29-4b92-4799-7cb8-08dc1e29e47f X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343E.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB8852 From: Ashish Kalra Currently the expectation is that the kernel will call amd_iommu_snp_enable() to perform various checks and set the amd_iommu_snp_en flag that the IOMMU uses to adjust its setup routines to account for additional requirements on hosts where SNP is enabled. This is somewhat fragile as it relies on this call being done prior to IOMMU setup. It is more robust to just do this automatically as part of IOMMU initialization, so rework the code accordingly. There is still a need to export information about whether or not the IOMMU is configured in a manner compatible with SNP, so relocate the existing amd_iommu_snp_en flag so it can be used to convey that information in place of the return code that was previously provided by calls to amd_iommu_snp_enable(). While here, also adjust the kernel messages related to IOMMU SNP enablement for consistency/grammar/clarity. Suggested-by: Borislav Petkov (AMD) Signed-off-by: Ashish Kalra Acked-by: Joerg Roedel Co-developed-by: Michael Roth Signed-off-by: Michael Roth --- arch/x86/include/asm/iommu.h | 1 + drivers/iommu/amd/amd_iommu.h | 1 - drivers/iommu/amd/init.c | 69 ++++++++++++++++------------------- include/linux/amd-iommu.h | 4 -- 4 files changed, 32 insertions(+), 43 deletions(-) diff --git a/arch/x86/include/asm/iommu.h b/arch/x86/include/asm/iommu.h index 2fd52b65deac..3be2451e7bc8 100644 --- a/arch/x86/include/asm/iommu.h +++ b/arch/x86/include/asm/iommu.h @@ -10,6 +10,7 @@ extern int force_iommu, no_iommu; extern int iommu_detected; extern int iommu_merge; extern int panic_on_overflow; +extern bool amd_iommu_snp_en; #ifdef CONFIG_SWIOTLB extern bool x86_swiotlb_enable; diff --git a/drivers/iommu/amd/amd_iommu.h b/drivers/iommu/amd/amd_iommu.h index 8b3601f285fd..c970eae2313d 100644 --- a/drivers/iommu/amd/amd_iommu.h +++ b/drivers/iommu/amd/amd_iommu.h @@ -164,5 +164,4 @@ void amd_iommu_domain_set_pgtable(struct protection_domain *domain, u64 *root, int mode); struct dev_table_entry *get_dev_table(struct amd_iommu *iommu); -extern bool amd_iommu_snp_en; #endif diff --git a/drivers/iommu/amd/init.c b/drivers/iommu/amd/init.c index c83bd0c2a1c9..3a4eeb26d515 100644 --- a/drivers/iommu/amd/init.c +++ b/drivers/iommu/amd/init.c @@ -3221,6 +3221,36 @@ static bool __init detect_ivrs(void) return true; } +static void iommu_snp_enable(void) +{ +#ifdef CONFIG_KVM_AMD_SEV + if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + return; + /* + * The SNP support requires that IOMMU must be enabled, and is + * not configured in the passthrough mode. + */ + if (no_iommu || iommu_default_passthrough()) { + pr_err("SNP: IOMMU disabled or configured in passthrough mode, SNP cannot be supported.\n"); + return; + } + + amd_iommu_snp_en = check_feature(FEATURE_SNP); + if (!amd_iommu_snp_en) { + pr_err("SNP: IOMMU SNP feature not enabled, SNP cannot be supported.\n"); + return; + } + + pr_info("IOMMU SNP support enabled.\n"); + + /* Enforce IOMMU v1 pagetable when SNP is enabled. */ + if (amd_iommu_pgtable != AMD_IOMMU_V1) { + pr_warn("Forcing use of AMD IOMMU v1 page table due to SNP.\n"); + amd_iommu_pgtable = AMD_IOMMU_V1; + } +#endif +} + /**************************************************************************** * * AMD IOMMU Initialization State Machine @@ -3256,6 +3286,7 @@ static int __init state_next(void) break; case IOMMU_ENABLED: register_syscore_ops(&amd_iommu_syscore_ops); + iommu_snp_enable(); ret = amd_iommu_init_pci(); init_state = ret ? IOMMU_INIT_ERROR : IOMMU_PCI_INIT; break; @@ -3766,41 +3797,3 @@ int amd_iommu_pc_set_reg(struct amd_iommu *iommu, u8 bank, u8 cntr, u8 fxn, u64 return iommu_pc_get_set_reg(iommu, bank, cntr, fxn, value, true); } - -#ifdef CONFIG_AMD_MEM_ENCRYPT -int amd_iommu_snp_enable(void) -{ - /* - * The SNP support requires that IOMMU must be enabled, and is - * not configured in the passthrough mode. - */ - if (no_iommu || iommu_default_passthrough()) { - pr_err("SNP: IOMMU is disabled or configured in passthrough mode, SNP cannot be supported"); - return -EINVAL; - } - - /* - * Prevent enabling SNP after IOMMU_ENABLED state because this process - * affect how IOMMU driver sets up data structures and configures - * IOMMU hardware. - */ - if (init_state > IOMMU_ENABLED) { - pr_err("SNP: Too late to enable SNP for IOMMU.\n"); - return -EINVAL; - } - - amd_iommu_snp_en = check_feature(FEATURE_SNP); - if (!amd_iommu_snp_en) - return -EINVAL; - - pr_info("SNP enabled\n"); - - /* Enforce IOMMU v1 pagetable when SNP is enabled. */ - if (amd_iommu_pgtable != AMD_IOMMU_V1) { - pr_warn("Force to using AMD IOMMU v1 page table due to SNP\n"); - amd_iommu_pgtable = AMD_IOMMU_V1; - } - - return 0; -} -#endif diff --git a/include/linux/amd-iommu.h b/include/linux/amd-iommu.h index dc7ed2f46886..7365be00a795 100644 --- a/include/linux/amd-iommu.h +++ b/include/linux/amd-iommu.h @@ -85,8 +85,4 @@ int amd_iommu_pc_get_reg(struct amd_iommu *iommu, u8 bank, u8 cntr, u8 fxn, u64 *value); struct amd_iommu *get_amd_iommu(unsigned int idx); -#ifdef CONFIG_AMD_MEM_ENCRYPT -int amd_iommu_snp_enable(void); -#endif - #endif /* _ASM_X86_AMD_IOMMU_H */ From patchwork Fri Jan 26 04:11:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766954 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2054.outbound.protection.outlook.com [40.107.237.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 616EF14A81; Fri, 26 Jan 2024 04:47:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.54 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244475; cv=fail; b=Jap1LBkyOEM8Ny/J5/oYvJ0/UoYWTO7ZvM0jYYt44sayG3hu5Tg0YKtyllxHzT6J4PrGrJys+C27BzKcWMRgUXrxDrqc4QT7rvEj3vrkuIxZ82KXj3bjTR4jVFqVCoM+hdpo+fM0rc99Qtx4rwqVCLAdB8Bo3ZQ2mZ3IWjIMJHc= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244475; c=relaxed/simple; bh=Q8YGlkH8jrvgXayRuAMNwbZ33Oikj0SxcYLhtYmXvOo=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=bu5ogl2ecPUL5CBQANkxraBm7Lx9CG5t0tdUzTjRmdAaxubkESigmHvUReKKoWeVLSvQsqYGyA1scB6ti4g0wr1o99Y1+MT7V4oxM4eHvctFtG1rcweRGHsY4DH/dVUrd9iy/FWw7Td4+noNm8NgGNxNfgQwOu3dFQ9cQcHdcvY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=VDIeUJNs; arc=fail smtp.client-ip=40.107.237.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="VDIeUJNs" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RHMe/JkGzdHxP8twb6fChAw8gQvajWedazTVciiRwC7JoH+3kPUb0b/69oMRsc/Lo9DDapZioz3kkoHydWxXwl3VatvHZ+wOX3P/fG2QkGkod0DVhvtCcPBrdqcC//eFsX1JY0m1sHbHAaoBsQUdsWcea9rIktBrIDp3sGsIElVYQuJE2TjcAJ/JpHjzsiQzQDQxbvoc0ySoIELb9T8Owsq+B1SUIjeDFChJDX/Px1Q+nmXiWuZTqH24WeoDWLcha2MFoXOWrhxdnbyBvz1uXQ4JHJy6NUj8ZzSp9JMBqBh/HLvS5Xn0oxQ3fAybgc5pjpku8zE5Z0c3Ehp2ye965g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GBxBpWLLh4SxtbEWcLpyIsbUIEYmQcgwhc3PL61stys=; b=M7lxUyruAbxOfEaRbm3wWqTdmKcjVUUKrXCBz1mriPp4SjhKcP3nvJs9C6t0IVKQ2kZOEsaMb66rdRJfeEwLAVPHjUMgG4SP+Lq94B7Lrf7enqbop20nUnrPakajh0oKUrbCIw1T4mZgGmPkjKT0MgTXC5FHPHUqoplLZesXXtVYLhyr9hyOnq/M6E6BhstAVhdy6rMfWjFCazCoK0HTZAFJnmGm+7eKDUFPQN2b2zmmXyZmQ/4GRf5MfwC/UARsREQU9MMi14bFvmP4Jx4T4+e1DBOa4M+szX+foemUTfI0G8hprKLlj1vYD+0fZ+xnVltkWc6fvba6FfGq7QEwJQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GBxBpWLLh4SxtbEWcLpyIsbUIEYmQcgwhc3PL61stys=; b=VDIeUJNsV+jYIZ0DOYtyphKyRTSxGDpZtRiyrjA44hqdiketwB+3ZJ7fY0KxIwmXwaaMbZQb/W4Lw12+NKdgiT/5yjaTcRLeTRHMgCo1ElFCISGrkQu4xGiseZLBXdCB3Gn1QwZTJ3aRjHAf0ZzkTXDRuFX5vizBOGL7MOF1yTg= Received: from DM6PR08CA0035.namprd08.prod.outlook.com (2603:10b6:5:80::48) by PH7PR12MB6906.namprd12.prod.outlook.com (2603:10b6:510:1b8::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7202.32; Fri, 26 Jan 2024 04:47:47 +0000 Received: from DS2PEPF00003439.namprd02.prod.outlook.com (2603:10b6:5:80:cafe::44) by DM6PR08CA0035.outlook.office365.com (2603:10b6:5:80::48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.22 via Frontend Transport; Fri, 26 Jan 2024 04:47:47 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF00003439.mail.protection.outlook.com (10.167.18.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:47:47 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:47:45 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh Subject: [PATCH v2 04/25] x86/sev: Add the host SEV-SNP initialization support Date: Thu, 25 Jan 2024 22:11:04 -0600 Message-ID: <20240126041126.1927228-5-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF00003439:EE_|PH7PR12MB6906:EE_ X-MS-Office365-Filtering-Correlation-Id: 2eabc104-c699-4330-dead-08dc1e29f180 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: M5cjxA2CEZ+fq5KJEv3P05gNOK2/idubEfRpL6we+PfGzsmg3gdlygs+7l3tBA85ObKR+VN20csw6tMEdIpoEJ4YhlXSESuUuFERtTfuG0S1y5OHo/lHJXh7z//nvaTyg6RuChctiIH98RrOPvez7gMV/LtxNenFp/fMQaSbORpbGPrZcXQOktYjAegaHt3zjXb4yPLtOJXGPdvNwdNkVdAeTDh9IfX4G03VvmFswx+SkVtQCV3Wgfa5I2HWVnXkIBVDcDqylZvRz/BAhcQT3kyu5E7pA9qNxgByf0m04XJSME+la6vlmmq3SSx4eTCK8Xn9RWWFi4Zbkn84Kjo6tlxrYPgE/P3HSj61jb7A2rT+OHHglrz0HxWMhC19/72u9JDxGxZQANG9Xq3yo7VNVo08G+l8xcYORuvaL7ENyF3Znr5MOOVv5zNqVJQVG0bBZFYNQeys3+1cj87Lxxu/fZ4afJYme/0NFZXmj9J/IFe6LBCFvP2pgh72S31nUaTGrxmNwtP/qVW+D07B+fikFBSuCXCvsAU0rnl0RNvZj2nMsuIgG176IeYP5wqI4MZHnq8s059d5Pprf/9m4g0Br4qwfgRobOPPMnSFzam9mJGD/b0dHEteT3RQ/51S9C6QnWJqIug99eNdDOg9IFlUbGDLusHhuSHn/oab0NjPfByV5bqVMveCVbIlaX6hpe5SVsKGDucHR2Vxo9GgeBU1CNGKbr2H6Rc5+7q5ceod5963H6YxNydPstlb0vshHLRaJOuGtL+cJ4rI82TYTDlFBg== X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(396003)(136003)(39860400002)(346002)(376002)(230922051799003)(1800799012)(64100799003)(82310400011)(451199024)(186009)(46966006)(36840700001)(40470700004)(30864003)(40480700001)(82740400003)(40460700003)(6666004)(36860700001)(478600001)(356005)(7416002)(2906002)(5660300002)(7406005)(81166007)(86362001)(1076003)(8676002)(2616005)(41300700001)(6916009)(316002)(44832011)(47076005)(54906003)(70586007)(26005)(16526019)(426003)(4326008)(36756003)(336012)(83380400001)(8936002)(70206006)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:47:47.3233 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2eabc104-c699-4330-dead-08dc1e29f180 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF00003439.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB6906 From: Brijesh Singh The memory integrity guarantees of SEV-SNP are enforced through a new structure called the Reverse Map Table (RMP). The RMP is a single data structure shared across the system that contains one entry for every 4K page of DRAM that may be used by SEV-SNP VMs. The APM Volume 2 section on Secure Nested Paging (SEV-SNP) details a number of steps needed to detect/enable SEV-SNP and RMP table support on the host: - Detect SEV-SNP support based on CPUID bit - Initialize the RMP table memory reported by the RMP base/end MSR registers and configure IOMMU to be compatible with RMP access restrictions - Set the MtrrFixDramModEn bit in SYSCFG MSR - Set the SecureNestedPagingEn and VMPLEn bits in the SYSCFG MSR - Configure IOMMU RMP table entry format is non-architectural and it can vary by processor. It is defined by the PPR document for each respective CPU family. Restrict SNP support to CPU models/families which are compatible with the current RMP table entry format to guard against any undefined behavior when running on other system types. Future models/support will handle this through an architectural mechanism to allow for broader compatibility. SNP host code depends on CONFIG_KVM_AMD_SEV config flag which may be enabled even when CONFIG_AMD_MEM_ENCRYPT isn't set, so update the SNP-specific IOMMU helpers used here to rely on CONFIG_KVM_AMD_SEV instead of CONFIG_AMD_MEM_ENCRYPT. Signed-off-by: Brijesh Singh Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra Co-developed-by: Tom Lendacky Signed-off-by: Tom Lendacky Co-developed-by: Borislav Petkov (AMD) Signed-off-by: Borislav Petkov (AMD) Co-developed-by: Michael Roth Signed-off-by: Michael Roth --- arch/x86/Kbuild | 2 + arch/x86/include/asm/msr-index.h | 11 +- arch/x86/include/asm/sev.h | 6 + arch/x86/kernel/cpu/amd.c | 16 +++ arch/x86/virt/svm/Makefile | 3 + arch/x86/virt/svm/sev.c | 216 +++++++++++++++++++++++++++++++ 6 files changed, 253 insertions(+), 1 deletion(-) create mode 100644 arch/x86/virt/svm/Makefile create mode 100644 arch/x86/virt/svm/sev.c diff --git a/arch/x86/Kbuild b/arch/x86/Kbuild index 5a83da703e87..6a1f36df6a18 100644 --- a/arch/x86/Kbuild +++ b/arch/x86/Kbuild @@ -28,5 +28,7 @@ obj-y += net/ obj-$(CONFIG_KEXEC_FILE) += purgatory/ +obj-y += virt/svm/ + # for cleaning subdir- += boot tools diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index f1bd7b91b3c6..f482bc6a5ae7 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -599,6 +599,8 @@ #define MSR_AMD64_SEV_ENABLED BIT_ULL(MSR_AMD64_SEV_ENABLED_BIT) #define MSR_AMD64_SEV_ES_ENABLED BIT_ULL(MSR_AMD64_SEV_ES_ENABLED_BIT) #define MSR_AMD64_SEV_SNP_ENABLED BIT_ULL(MSR_AMD64_SEV_SNP_ENABLED_BIT) +#define MSR_AMD64_RMP_BASE 0xc0010132 +#define MSR_AMD64_RMP_END 0xc0010133 /* SNP feature bits enabled by the hypervisor */ #define MSR_AMD64_SNP_VTOM BIT_ULL(3) @@ -708,8 +710,15 @@ #define MSR_K8_TOP_MEM1 0xc001001a #define MSR_K8_TOP_MEM2 0xc001001d #define MSR_AMD64_SYSCFG 0xc0010010 -#define MSR_AMD64_SYSCFG_MEM_ENCRYPT_BIT 23 +#define MSR_AMD64_SYSCFG_MEM_ENCRYPT_BIT 23 #define MSR_AMD64_SYSCFG_MEM_ENCRYPT BIT_ULL(MSR_AMD64_SYSCFG_MEM_ENCRYPT_BIT) +#define MSR_AMD64_SYSCFG_SNP_EN_BIT 24 +#define MSR_AMD64_SYSCFG_SNP_EN BIT_ULL(MSR_AMD64_SYSCFG_SNP_EN_BIT) +#define MSR_AMD64_SYSCFG_SNP_VMPL_EN_BIT 25 +#define MSR_AMD64_SYSCFG_SNP_VMPL_EN BIT_ULL(MSR_AMD64_SYSCFG_SNP_VMPL_EN_BIT) +#define MSR_AMD64_SYSCFG_MFDM_BIT 19 +#define MSR_AMD64_SYSCFG_MFDM BIT_ULL(MSR_AMD64_SYSCFG_MFDM_BIT) + #define MSR_K8_INT_PENDING_MSG 0xc0010055 /* C1E active bits in int pending message */ #define K8_INTP_C1E_ACTIVE_MASK 0x18000000 diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 5b4a1ce3d368..1f59d8ba9776 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -243,4 +243,10 @@ static inline u64 snp_get_unsupported_features(u64 status) { return 0; } static inline u64 sev_get_status(void) { return 0; } #endif +#ifdef CONFIG_KVM_AMD_SEV +bool snp_probe_rmptable_info(void); +#else +static inline bool snp_probe_rmptable_info(void) { return false; } +#endif + #endif diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index 79153e9b92b5..f48c51640c65 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -20,6 +20,7 @@ #include #include #include +#include #ifdef CONFIG_X86_64 # include @@ -584,6 +585,21 @@ static void bsp_init_amd(struct cpuinfo_x86 *c) break; } + if (cpu_has(c, X86_FEATURE_SEV_SNP)) { + /* + * RMP table entry format is not architectural and it can vary by processor + * and is defined by the per-processor PPR. Restrict SNP support on the + * known CPU model and family for which the RMP table entry format is + * currently defined for. + */ + if (!boot_cpu_has(X86_FEATURE_ZEN3) && + !boot_cpu_has(X86_FEATURE_ZEN4) && + !boot_cpu_has(X86_FEATURE_ZEN5)) + setup_clear_cpu_cap(X86_FEATURE_SEV_SNP); + else if (!snp_probe_rmptable_info()) + setup_clear_cpu_cap(X86_FEATURE_SEV_SNP); + } + return; warn: diff --git a/arch/x86/virt/svm/Makefile b/arch/x86/virt/svm/Makefile new file mode 100644 index 000000000000..ef2a31bdcc70 --- /dev/null +++ b/arch/x86/virt/svm/Makefile @@ -0,0 +1,3 @@ +# SPDX-License-Identifier: GPL-2.0 + +obj-$(CONFIG_KVM_AMD_SEV) += sev.o diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c new file mode 100644 index 000000000000..575a9ff046cb --- /dev/null +++ b/arch/x86/virt/svm/sev.c @@ -0,0 +1,216 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * AMD SVM-SEV Host Support. + * + * Copyright (C) 2023 Advanced Micro Devices, Inc. + * + * Author: Ashish Kalra + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* + * The RMP entry format is not architectural. The format is defined in PPR + * Family 19h Model 01h, Rev B1 processor. + */ +struct rmpentry { + u64 assigned : 1, + pagesize : 1, + immutable : 1, + rsvd1 : 9, + gpa : 39, + asid : 10, + vmsa : 1, + validated : 1, + rsvd2 : 1; + u64 rsvd3; +} __packed; + +/* + * The first 16KB from the RMP_BASE is used by the processor for the + * bookkeeping, the range needs to be added during the RMP entry lookup. + */ +#define RMPTABLE_CPU_BOOKKEEPING_SZ 0x4000 + +static u64 probed_rmp_base, probed_rmp_size; +static struct rmpentry *rmptable __ro_after_init; +static u64 rmptable_max_pfn __ro_after_init; + +#undef pr_fmt +#define pr_fmt(fmt) "SEV-SNP: " fmt + +static int __mfd_enable(unsigned int cpu) +{ + u64 val; + + if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + return 0; + + rdmsrl(MSR_AMD64_SYSCFG, val); + + val |= MSR_AMD64_SYSCFG_MFDM; + + wrmsrl(MSR_AMD64_SYSCFG, val); + + return 0; +} + +static __init void mfd_enable(void *arg) +{ + __mfd_enable(smp_processor_id()); +} + +static int __snp_enable(unsigned int cpu) +{ + u64 val; + + if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + return 0; + + rdmsrl(MSR_AMD64_SYSCFG, val); + + val |= MSR_AMD64_SYSCFG_SNP_EN; + val |= MSR_AMD64_SYSCFG_SNP_VMPL_EN; + + wrmsrl(MSR_AMD64_SYSCFG, val); + + return 0; +} + +static __init void snp_enable(void *arg) +{ + __snp_enable(smp_processor_id()); +} + +#define RMP_ADDR_MASK GENMASK_ULL(51, 13) + +bool snp_probe_rmptable_info(void) +{ + u64 max_rmp_pfn, calc_rmp_sz, rmp_sz, rmp_base, rmp_end; + + rdmsrl(MSR_AMD64_RMP_BASE, rmp_base); + rdmsrl(MSR_AMD64_RMP_END, rmp_end); + + if (!(rmp_base & RMP_ADDR_MASK) || !(rmp_end & RMP_ADDR_MASK)) { + pr_err("Memory for the RMP table has not been reserved by BIOS\n"); + return false; + } + + if (rmp_base > rmp_end) { + pr_err("RMP configuration not valid: base=%#llx, end=%#llx\n", rmp_base, rmp_end); + return false; + } + + rmp_sz = rmp_end - rmp_base + 1; + + /* + * Calculate the amount the memory that must be reserved by the BIOS to + * address the whole RAM, including the bookkeeping area. The RMP itself + * must also be covered. + */ + max_rmp_pfn = max_pfn; + if (PHYS_PFN(rmp_end) > max_pfn) + max_rmp_pfn = PHYS_PFN(rmp_end); + + calc_rmp_sz = (max_rmp_pfn << 4) + RMPTABLE_CPU_BOOKKEEPING_SZ; + + if (calc_rmp_sz > rmp_sz) { + pr_err("Memory reserved for the RMP table does not cover full system RAM (expected 0x%llx got 0x%llx)\n", + calc_rmp_sz, rmp_sz); + return false; + } + + probed_rmp_base = rmp_base; + probed_rmp_size = rmp_sz; + + pr_info("RMP table physical range [0x%016llx - 0x%016llx]\n", + probed_rmp_base, probed_rmp_base + probed_rmp_size - 1); + + return true; +} + +/* + * Do the necessary preparations which are verified by the firmware as + * described in the SNP_INIT_EX firmware command description in the SNP + * firmware ABI spec. + */ +static int __init snp_rmptable_init(void) +{ + void *rmptable_start; + u64 rmptable_size; + u64 val; + + if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + return 0; + + if (!amd_iommu_snp_en) + return 0; + + if (!probed_rmp_size) + goto nosnp; + + rmptable_start = memremap(probed_rmp_base, probed_rmp_size, MEMREMAP_WB); + if (!rmptable_start) { + pr_err("Failed to map RMP table\n"); + return 1; + } + + /* + * Check if SEV-SNP is already enabled, this can happen in case of + * kexec boot. + */ + rdmsrl(MSR_AMD64_SYSCFG, val); + if (val & MSR_AMD64_SYSCFG_SNP_EN) + goto skip_enable; + + memset(rmptable_start, 0, probed_rmp_size); + + /* Flush the caches to ensure that data is written before SNP is enabled. */ + wbinvd_on_all_cpus(); + + /* MtrrFixDramModEn must be enabled on all the CPUs prior to enabling SNP. */ + on_each_cpu(mfd_enable, NULL, 1); + + on_each_cpu(snp_enable, NULL, 1); + +skip_enable: + rmptable_start += RMPTABLE_CPU_BOOKKEEPING_SZ; + rmptable_size = probed_rmp_size - RMPTABLE_CPU_BOOKKEEPING_SZ; + + rmptable = (struct rmpentry *)rmptable_start; + rmptable_max_pfn = rmptable_size / sizeof(struct rmpentry) - 1; + + cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "x86/rmptable_init:online", __snp_enable, NULL); + + return 0; + +nosnp: + setup_clear_cpu_cap(X86_FEATURE_SEV_SNP); + return -ENOSYS; +} + +/* + * This must be called after the IOMMU has been initialized. + */ +device_initcall(snp_rmptable_init); From patchwork Fri Jan 26 04:11:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766553 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2056.outbound.protection.outlook.com [40.107.220.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9FB409473; Fri, 26 Jan 2024 04:48:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.56 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244493; cv=fail; b=UH56BirDQ4VUTHaqRrPn0bXrOKAep+DmPB6tREEMmKygIjzBvnxiCtw0nfCKXAysFfBq17/r1xbZKRj2YkBqc8C0UZU0Zdgh0plhNf8Cpm06tQinln96jrSpLRZtbrWCnPpwmFEOaCnVn053EpUVFSeaY8CZzP0lVC3Jmtcbldc= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244493; c=relaxed/simple; bh=P5jpzUJLafbdnOaZ/RgRnbGNlccCFLWaNk39lLnmVcg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=gSUSanZFOE5DbHZzRIVTQG5UKaUNfhj3Y5u4Z5qCw/RT151JBTabOTxZA23By0Im5WUIUw18Alzf2WhBq9GfM83A02ffz6jWyvuF4n+CZTU12GgXzM9oq4Oztw485Fl/buTeypELgHNsxXoZWZCsmmXgPe1ihonl5sYPgWtvugc= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=GGH8dCyR; arc=fail smtp.client-ip=40.107.220.56 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="GGH8dCyR" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=G64ZnOrSQROppcr6lqYkGKhzr0wev46JbWZseHfCdyix2mJeMj48ppMvN3gQwpG2ySfhxteo5r3lWjkGBTVpb37FQPejRXF/lp0X3uWGYZL8db50lyOrJnLXM7lGuUSMmyQsyCCviIVUAv/PduReYq3BCWAIAjKpZnf6a6iM1t8kzX6LAqxkb3WPuz/KCtszWYB64lp8k4PPe84C/bejCUqY59fmum6CGHG+61esfd+MGgKXrIwJtFTJvaIWddbdbkGPK9kbjqXT92X2QKRii1kjrDIosQdw4l2l5go6mp0DnNZBw05jJEsokD6CxFyNmRO2ZVxd+v8jhdfkN6nGJA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tvsYf0n2GxElwqDzXGtfzBBHQRJyP8zKv4HrR1SkNBs=; b=Ggf88ZlPHV2fsrYYhg61blL9Cq7WdJNZfAAbpe1Zigzdim7+t6CLekvRXuMVguxe3TtQIQlc688bLmGGw0R130GgGekz8vG7vczIuY1SXjuU8llc3zY+vO8WRUEP6yb9fQ16zCU6GmkO9JPIbt+cwYxgj2b5Gz8e/QvyOY5T5H7NfuhBrE1ZXd1QiiW3B2D8za7o0+PDbw31Vvrbom2ZLHfP6wDz9QbLnmqF87GnLeV99pvnMvMnS9Sdenx5WD6lzZpHtaiDMqsWpo71Oex4zIcdeul8xV9TlPjKVPCsMt4FHmseB2KErcsvDhIBywrhbakqxyjudabtPv7DEjkVOw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tvsYf0n2GxElwqDzXGtfzBBHQRJyP8zKv4HrR1SkNBs=; b=GGH8dCyRDU6+gR1YN3f3N6MrlqPL3NNTs8JFYvJBRl3RcmBZi1QYjrOtbjx/8z7Fa+fKLfm8Rx8j9e3OXjqaULiXaabX77d3iajLbxcPkzh4S6swk2NBdHBHFDyeZAwnAT4QBKChrwhlxy1DemcYtQSC2ItdSHLMAV96fa0Yooo= Received: from DS7PR05CA0020.namprd05.prod.outlook.com (2603:10b6:5:3b9::25) by IA1PR12MB8517.namprd12.prod.outlook.com (2603:10b6:208:449::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.26; Fri, 26 Jan 2024 04:48:08 +0000 Received: from DS2PEPF0000343F.namprd02.prod.outlook.com (2603:10b6:5:3b9:cafe::c6) by DS7PR05CA0020.outlook.office365.com (2603:10b6:5:3b9::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.10 via Frontend Transport; Fri, 26 Jan 2024 04:48:08 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343F.mail.protection.outlook.com (10.167.18.42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:48:07 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:48:07 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Jeremi Piotrowski Subject: [PATCH v2 05/25] x86/mtrr: Don't print errors if MtrrFixDramModEn is set when SNP enabled Date: Thu, 25 Jan 2024 22:11:05 -0600 Message-ID: <20240126041126.1927228-6-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343F:EE_|IA1PR12MB8517:EE_ X-MS-Office365-Filtering-Correlation-Id: 5e26abfa-c292-41dc-b97e-08dc1e29fdd0 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: qENmzQTe6sSqX1jQlR889VffXysS4HfjmVtEL7fThyLTV3e+6vQiG2wkT2Z+YIe5Q25rIsklg+mB4Kr2w+V4BCwsg6QJFv9WVMzXTl1zjVUjqev9ixpV6Z5jbYXonv972TJ01QOrPO9vLdcSLeZIv5z2NxfnZRYGgy4LiElCCoG7PZc5f0svx8dTyUlm1zv5lwNOlWVkwJOeJRmLiq19XK5zUzVYOqKLG/ZqUrI+WZPEJE8sV54dcg5lArc9HE18VtFRVQz3XkDeUm37jga9PGMlH8YTT8nJP1aYX6G/HAyvDkI1xFaZbNyYH8ldhUbXK5s5A/nqjc2KTS4SFE0vPBac3KVUXGT9y6lYXWfAkX9thKDhRbnTn9WxhL72aT8uHcjQvCGl8YtgwL4HGeBIbaLBx7LE1+7ETshDZ4BBRAcH+696iEfwC9TXMMUWtkg+pFa0TgVjq6NqFROmLIXZJ1wY0CKBSNoQQgzeulde8rre1Ll4DBEKiHDD2ktdqgxdgt9fTlhRMeGZvWBiioeuVFeBlH7gdJ19xG8KuwUCrsiaI2gzcXKXt4jjPrlst8uEIOi5LWCy8U3OQjQl+sfMxW0/JqLU7bjX7XTx1A9RGDx8XRLqczsWF4uJhbUGKftWbRJ2BLqKdiwYkCJCYLQluh6VATdPhd8tr93zqT4pYPrtMV54v3dxc99iVsADB2yEARCGcdiFxq0F0FZfC5NjcfbOzlmzK14dRk5xXWiOivyityNFkSquf5V0ntvmIVwfzVpMClifTwwMg5ZwWnjeKg== X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(136003)(346002)(376002)(39860400002)(396003)(230922051799003)(1800799012)(186009)(64100799003)(451199024)(82310400011)(36840700001)(46966006)(40470700004)(41300700001)(83380400001)(47076005)(16526019)(2616005)(426003)(336012)(26005)(1076003)(36860700001)(81166007)(4326008)(5660300002)(8676002)(7406005)(7416002)(2906002)(478600001)(8936002)(966005)(356005)(82740400003)(54906003)(44832011)(6916009)(70586007)(316002)(70206006)(86362001)(36756003)(40480700001)(40460700003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:48:07.9793 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5e26abfa-c292-41dc-b97e-08dc1e29fdd0 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343F.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB8517 From: Ashish Kalra SNP enabled platforms require the MtrrFixDramModeEn bit to be set across all CPUs when SNP is enabled. Therefore, don't print error messages when MtrrFixDramModeEn is set when bringing CPUs online. Reported-by: Jeremi Piotrowski Closes: https://lore.kernel.org/kvm/68b2d6bf-bce7-47f9-bebb-2652cc923ff9@linux.microsoft.com/ Signed-off-by: Ashish Kalra Signed-off-by: Michael Roth --- arch/x86/kernel/cpu/mtrr/generic.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kernel/cpu/mtrr/generic.c b/arch/x86/kernel/cpu/mtrr/generic.c index d3524778a545..422a4ddc2ab7 100644 --- a/arch/x86/kernel/cpu/mtrr/generic.c +++ b/arch/x86/kernel/cpu/mtrr/generic.c @@ -108,6 +108,9 @@ static inline void k8_check_syscfg_dram_mod_en(void) (boot_cpu_data.x86 >= 0x0f))) return; + if (cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + return; + rdmsr(MSR_AMD64_SYSCFG, lo, hi); if (lo & K8_MTRRFIXRANGE_DRAM_MODIFY) { pr_err(FW_WARN "MTRR: CPU %u: SYSCFG[MtrrFixDramModEn]" From patchwork Fri Jan 26 04:11:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766953 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2079.outbound.protection.outlook.com [40.107.244.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 66A159473; Fri, 26 Jan 2024 04:48:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.79 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244513; cv=fail; b=hrwEomA54ntNZvKN1yADtUwn4x+f5Rz4NoEz2YQWDikLxaOtRAnopV6yw/+OylFl3AOVQSM1W/AyjxykMHxDiED1kj64YbWvhBw5mD9sSrHRJXekbynlpE08IoaEvacz6douCQsIUKLmQoYT1wLQlOP8LP9gUcyt/MlZ7hh+9Lc= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244513; c=relaxed/simple; bh=l/IbKFSeRnsQmscad2gyqnPdcznbC47bJ1JMuvdP1Cs=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=TMHWf1Shoqb7OEx+JFRx2V2YgrzFuqt6N7JPFFckbFAcnvJErGWyVL+dTCsK9FqK9w4P0g0srjjHIybSlsikHH39wzrg8z2VavhCacRphf5fCZa5UrITiiTkQgt5RVWbkjn1jFB1b0fTZto6zpQqXYRzAH1GZadbtcqYeJGvpQk= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=F62Oz/Lm; arc=fail smtp.client-ip=40.107.244.79 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="F62Oz/Lm" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KJoKw6rhuXmJuUwVqt5/5wDop+qAHhnejFnBwOAp75+7vK0ll7t1gtxrkFo2UrTpMgwPVOBk0FI3hNP4cCbSCJ/V1IBWgHjaGmS233Q7sNSLqYP3j3bDvnoncbKKvOKSlsLMeY+Iz0g7gpv/YE018Ndne44hd3I3ooXBdqKZjU/p3T1zP38THaLVwXyaBNP+g9mn1KUx8W34jFHeJwGC8W0+5VZlld14H8k/BFLnGQJrA8iZh0+TnYsoBvgf2xepNYmGEVQe8d535YpTdzOUUud1gjHcdE6QkJZFhmIv6obbJwRAbLiF3VsZN5V5ExD1Eg5uxRMNUFLDkQ4itYeT3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3YVWcXzm+jfjuUhzMCYYR4/BYYox6gPlIYPWdG/TcLU=; b=MpapJ8nr231R0e31PMYJyNuWsMCzoU2Pl7e8OMIWk3JT/QwwY23iQSxLxmF7AD9vablVQFW5gmeP6Ze/Oz1uCIqfp+UOCkZzhfitKW6/rL/SvRSmlHUeMGh2exokyFw0nl96noJ2l1PDhcuzlLgpXihMHRRpi1VMqsxE6omnPJ25j+BDNOWIvlaqnHDa5FIasJZstWI2jipgtm61DvNpAXqLgluj3cT09Q2CjAKUO4iLEjIcaR3LahW0KFgHOODwyh/ne/wtgKf87UMFD00RlgU35cSzCdE/KcJWh7fuGRGvnsOIp9W9eJ4tt3h84fZa4IZiMLOkacRvUHqnjOwwyw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3YVWcXzm+jfjuUhzMCYYR4/BYYox6gPlIYPWdG/TcLU=; b=F62Oz/LmNGvjnxumsssaQ3zEm10Vkm8eXwXuGEncMPDM9tsZXbwfiOYa6WRYwjhxiFXI/XC477ziE+Lcp2pNe81ica4rJNO/2LCw+gwDSoH+YfeLQFmf6Xv3+cGvInohGjERSLvVcdsoiHg4H//g/FQgCi0iF/AsoU6aIvf9jaE= Received: from CH0PR08CA0012.namprd08.prod.outlook.com (2603:10b6:610:33::17) by DM6PR12MB4925.namprd12.prod.outlook.com (2603:10b6:5:1b7::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.26; Fri, 26 Jan 2024 04:48:28 +0000 Received: from DS2PEPF0000343C.namprd02.prod.outlook.com (2603:10b6:610:33:cafe::e5) by CH0PR08CA0012.outlook.office365.com (2603:10b6:610:33::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.26 via Frontend Transport; Fri, 26 Jan 2024 04:48:28 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343C.mail.protection.outlook.com (10.167.18.39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:48:28 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:48:28 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh Subject: [PATCH v2 06/25] x86/sev: Add RMP entry lookup helpers Date: Thu, 25 Jan 2024 22:11:06 -0600 Message-ID: <20240126041126.1927228-7-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343C:EE_|DM6PR12MB4925:EE_ X-MS-Office365-Filtering-Correlation-Id: a81e195e-16cf-4947-e7ae-08dc1e2a0a32 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: OEtPTSsE7CU9mO1D/RCzrp+9NQFIwleRRdOKv+/shvDy4Rz7x6u0M4Lt598UE5fLL/7FB/aiTChVpZcLFvWBXsfukuPiRkN55//nOfhm3yCT5AABLwFkEWWc57u9qB2Yqmo7gYjRoMLJu/3a1gOfiBxomcZfRAUmI45+QQBU/SZ+8bXF/9T5jZclzYebXLyAmVrQlJzgqXjBK5mMu+EABoaomq8F4V4NJpYma81ONQ8DTTk1pYy/WsBtKIlyiqkkDWSIMOkBhUyfpl+/ZwEAa3nbXhlCMyqDTlSXssLzrVL3GM3wtJuWM3weysXIlei3zSDXeqVLJbixajkN9yhv7pnxyfSe2RKyyJ6uQIpfdjGLF9JciE/Rh5rd4u2roqLpPchE1LC80IZs0rRNsrighzwKm0h8WGuGEUA4m8Yutt9O024/20DT1bOF8vmae0nfOqgSqWi/ZUWyNn9FBda19j7FDD5uWjvGRoMdAPzJO3Sa/G1ZcAEhtQ+bB4MQisPFV1VA/o8mQBit+2Llbk/jBRGEtx/FYLy+7mLEPfYg18GGt+4XyMaeuWywoLBj8KD+Fh+lUUSh9TYU/JIiurtl13uck0Otef80Nsbgo9xOUJMAydF7T5D0VQFnNulnW/8FjX2TWJTg9lIcPlPmSNavU9ntLJIpyIo6eo5RWyUjN3Bj/uC4Z1M3w+N3R7WY74mdgZu0NYfK/3dI2XYT0/Oa9nwnr+DP4MYFROuHo6TKLA0xw+rB0MHUr2g4TSG4ho0eNDRQQuZVhdXtyKMXRMzU65n0OuH5yhlsTC2YpX71AtQ= X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(346002)(376002)(39860400002)(136003)(396003)(230922051799003)(1800799012)(186009)(451199024)(64100799003)(82310400011)(46966006)(36840700001)(40470700004)(83380400001)(47076005)(1076003)(2616005)(26005)(36860700001)(316002)(4326008)(82740400003)(426003)(336012)(70586007)(5660300002)(44832011)(8936002)(8676002)(41300700001)(70206006)(7406005)(7416002)(478600001)(6666004)(6916009)(2906002)(54906003)(36756003)(86362001)(356005)(81166007)(16526019)(40460700003)(40480700001)(36900700001)(309714004); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:48:28.7554 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a81e195e-16cf-4947-e7ae-08dc1e2a0a32 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343C.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4925 From: Brijesh Singh Add a helper that can be used to access information contained in the RMP entry corresponding to a particular PFN. This will be needed to make decisions on how to handle setting up mappings in the NPT in response to guest page-faults and handling things like cleaning up pages and setting them back to the default hypervisor-owned state when they are no longer being used for private data. Signed-off-by: Brijesh Singh Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra [mdr: separate 'assigned' indicator from return code, and simplify function signatures for various helpers] Signed-off-by: Michael Roth --- arch/x86/include/asm/sev.h | 3 +++ arch/x86/virt/svm/sev.c | 49 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 1f59d8ba9776..01ce61b283a3 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -90,6 +90,7 @@ extern bool handle_vc_boot_ghcb(struct pt_regs *regs); /* RMP page size */ #define RMP_PG_SIZE_4K 0 #define RMP_PG_SIZE_2M 1 +#define RMP_TO_PG_LEVEL(level) (((level) == RMP_PG_SIZE_4K) ? PG_LEVEL_4K : PG_LEVEL_2M) #define RMPADJUST_VMSA_PAGE_BIT BIT(16) @@ -245,8 +246,10 @@ static inline u64 sev_get_status(void) { return 0; } #ifdef CONFIG_KVM_AMD_SEV bool snp_probe_rmptable_info(void); +int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level); #else static inline bool snp_probe_rmptable_info(void) { return false; } +static inline int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level) { return -ENODEV; } #endif #endif diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c index 575a9ff046cb..7669b2ff0ec7 100644 --- a/arch/x86/virt/svm/sev.c +++ b/arch/x86/virt/svm/sev.c @@ -53,6 +53,9 @@ struct rmpentry { */ #define RMPTABLE_CPU_BOOKKEEPING_SZ 0x4000 +/* Mask to apply to a PFN to get the first PFN of a 2MB page */ +#define PFN_PMD_MASK GENMASK_ULL(63, PMD_SHIFT - PAGE_SHIFT) + static u64 probed_rmp_base, probed_rmp_size; static struct rmpentry *rmptable __ro_after_init; static u64 rmptable_max_pfn __ro_after_init; @@ -214,3 +217,49 @@ static int __init snp_rmptable_init(void) * This must be called after the IOMMU has been initialized. */ device_initcall(snp_rmptable_init); + +static struct rmpentry *get_rmpentry(u64 pfn) +{ + if (WARN_ON_ONCE(pfn > rmptable_max_pfn)) + return ERR_PTR(-EFAULT); + + return &rmptable[pfn]; +} + +static struct rmpentry *__snp_lookup_rmpentry(u64 pfn, int *level) +{ + struct rmpentry *large_entry, *entry; + + if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + return ERR_PTR(-ENODEV); + + entry = get_rmpentry(pfn); + if (IS_ERR(entry)) + return entry; + + /* + * Find the authoritative RMP entry for a PFN. This can be either a 4K + * RMP entry or a special large RMP entry that is authoritative for a + * whole 2M area. + */ + large_entry = get_rmpentry(pfn & PFN_PMD_MASK); + if (IS_ERR(large_entry)) + return large_entry; + + *level = RMP_TO_PG_LEVEL(large_entry->pagesize); + + return entry; +} + +int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level) +{ + struct rmpentry *e; + + e = __snp_lookup_rmpentry(pfn, level); + if (IS_ERR(e)) + return PTR_ERR(e); + + *assigned = !!e->assigned; + return 0; +} +EXPORT_SYMBOL_GPL(snp_lookup_rmpentry); From patchwork Fri Jan 26 04:11:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766552 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2057.outbound.protection.outlook.com [40.107.212.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 89456171A2; Fri, 26 Jan 2024 04:48:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.212.57 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244534; cv=fail; b=enyxh4+J20Y+YX/mC91JVKS6UT8awR8bGI72Tl7mQZi8zL6h4kFqVs5geSAvAVHht8MnUXEFNSSgNoqyihUDXRMSiHJBIYVJ9ZlH5RI4eowpyOhoANCUUTKTGkPDiR1rPZZMkwVLQbmT2jCZd26K1hOWYGHbYXigygLK8mqWpg0= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244534; c=relaxed/simple; bh=s73tXNHFGjiNoi3Sfb/3fLEBfGhP4aCl+Gx507YJ8Lw=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=NlU/QmkL5xL6vx6cMcift5pVHDgDFHt0RlJQCan2lhu/BoZpLJBCBH5Eu+kU5TptSelWOjf3uR7QzrlmBTKjrv72nGCKv5E3WVklFE09BE20ea+ULU3Pj67f+kU99UDaYa5PA7IlAvPVNG5N6vsAMDMVNbCN9PdnnyRYeX3SgD4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=uNwkMi+D; arc=fail smtp.client-ip=40.107.212.57 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="uNwkMi+D" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=S1POwzsHhno8drn/FXjHLl/L1T8OGoe/kifWwnR0ukQW5glBGDYM0PI9wwMhsnIcq1DMg4gcL2oF1M3Lxvedmg+UMqOwelOBvnsN0DM6tf5AjnUO45y1vaIs/HGlDAYaGgXM1xbCvKr5yflAnQ4E9Zg2uHV/mwZoHYH/ly6VgMu/YI42RDGZBYb6+YcAJEPb3tnx2rs4AykLXjNVEECWVgJiH2LLxZZT1h9oVkdtkgyfCpcvaQu1WL0f/JmZ1F9NBwLx3Ej0CiRNOHFDCBfP+WWHMusn1HWj1Bb2vylaD8s/JVHdQZL/JoHpo4sMmUQxzlurBGSKNmYDiDQFDzPvwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JBK8P9DZYAHFE8/v3KeAVGaPleccg4tTZLLxJ7l1gD4=; b=jXAnAzKGqVZJhRryPN9cIk/zpXjKnpVmjiW89M2gtl8zbOBGxVWtuDb9AbpnayrbLqWlw/9LXxbT1f9fBMFOTFBd235T58FhuL7vf//ZVHcG8ER7O1UVKa6jHuF979mJ5cslV5m6wgCdNy768/0lJ1MJlP4B47oJi2SA1HvAxUAskZDOg75XK+zwuRGL2KFmA3KMA4TXusWJBSIJ7TvUkbNITvxpXf924Xb4miGzNT+uKKywiijq4YHfS9MW3coPIRc1gm1UBEa7j+g43iyhA4yrzSsu0WaVo2LWoNc+k0a2DOIfUjpX74UCTNFmBmGoleklF+Jqhtj1cUOqfKieHA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JBK8P9DZYAHFE8/v3KeAVGaPleccg4tTZLLxJ7l1gD4=; b=uNwkMi+DNNYTdvwFhNah8LpkcYzH/hWieIOF+elUJ0Q43LNhVQZKwlb+VQst+iuYT6Kfkeg1lu6rqJcrQGID26ozzZM3got1VA1pP/38GGq/pKSimruSox2nU4tY/3uvTg3R1j42eeB1TDlNgvjMFwri82mWC3/qXnlsnllEcr4= Received: from DM6PR03CA0031.namprd03.prod.outlook.com (2603:10b6:5:40::44) by IA0PR12MB8422.namprd12.prod.outlook.com (2603:10b6:208:3de::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.24; Fri, 26 Jan 2024 04:48:49 +0000 Received: from DS2PEPF0000343B.namprd02.prod.outlook.com (2603:10b6:5:40:cafe::c) by DM6PR03CA0031.outlook.office365.com (2603:10b6:5:40::44) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7202.33 via Frontend Transport; Fri, 26 Jan 2024 04:48:49 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343B.mail.protection.outlook.com (10.167.18.38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:48:49 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:48:48 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh Subject: [PATCH v2 07/25] x86/fault: Add helper for dumping RMP entries Date: Thu, 25 Jan 2024 22:11:07 -0600 Message-ID: <20240126041126.1927228-8-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343B:EE_|IA0PR12MB8422:EE_ X-MS-Office365-Filtering-Correlation-Id: 6a74fbb3-cc10-4ac6-f082-08dc1e2a1683 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 77W5NKw1K0s0M5MPCewhZZDELukIR19/JflObok4Q5xcHZjZH1lkLShKSY0btuNA//uGplIpW0V6zuVNmFiPb0C6cfAHqlg525V4W1GkwMPX/xI5lV+Ylc9f0XNSdGxhSwEwxFnByHlMaJWxu+UoHkedcdmTACCJmICbTJJiu4EcdfnN7Lp5/z4OjRqSlFBzNK0QJtJIEJUz5+flKlX4neSS6UIsmm3QzCyYEF5l1dsv7isFvM/2DQngw+K/VIBeK7SBeD8Sk0zbHMOePmdayGxYxAeCaWKPduHijshvQ4b3QbLJJthYVr5TrTxmg4dq0HQlRHxu1/1naKYxldVaJqrstxbNv0b/89n54MiH0D+cgw+ntxwbneAdET14GvU5gUpJa+pLXimQgh47yuIVu39lBMTvYz+7TJa8/Cg5jh9kxeoT3UaAWwRRDcydNZebnE3Xss+9De4aj70EV8ayHLICHtbzbNbUrRINbW7j8FykNaWtFZSfyaZtR/W8fK0CVK9Aoy/bC+S6cZ/YTps7IBFE/wOTRahmcW+olAPVrflInuKiNOdRbVs37geQck/2Ry54UqMVtOT0fmA+nO9dzeOF0uK/Jx/jksl5HDExwnBnuJXRw01Nq2hxmmG8sBcCg8qqIY83TbFtpFGS98ZA2yhkuLx/XI8HoOrHdMAPlpa2+nR4ZQbeo8vl1qGLHhkJaj27NkOwds7a5cC/exwcSXTIm3mmHVDGhmBpl3zHfayMDE7uuQ38qK3tEXaNCLkGJ4YY+21CBc7grB+FfaPBtQ== X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(376002)(346002)(396003)(39860400002)(136003)(230922051799003)(451199024)(1800799012)(82310400011)(186009)(64100799003)(36840700001)(40470700004)(46966006)(41300700001)(83380400001)(336012)(426003)(26005)(1076003)(16526019)(8676002)(2616005)(82740400003)(36860700001)(81166007)(356005)(7406005)(4326008)(44832011)(8936002)(5660300002)(47076005)(316002)(478600001)(2906002)(6666004)(54906003)(7416002)(70206006)(6916009)(70586007)(36756003)(86362001)(40460700003)(40480700001)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:48:49.4191 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6a74fbb3-cc10-4ac6-f082-08dc1e2a1683 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343B.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR12MB8422 From: Brijesh Singh This information will be useful for debugging things like page faults due to RMP access violations and RMPUPDATE failures. Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra [mdr: move helper to standalone patch, rework dump logic as suggested by Boris ] Signed-off-by: Michael Roth --- arch/x86/include/asm/sev.h | 2 + arch/x86/virt/svm/sev.c | 99 ++++++++++++++++++++++++++++++++++---- 2 files changed, 91 insertions(+), 10 deletions(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 01ce61b283a3..2c53e3de0b71 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -247,9 +247,11 @@ static inline u64 sev_get_status(void) { return 0; } #ifdef CONFIG_KVM_AMD_SEV bool snp_probe_rmptable_info(void); int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level); +void snp_dump_hva_rmpentry(unsigned long address); #else static inline bool snp_probe_rmptable_info(void) { return false; } static inline int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level) { return -ENODEV; } +static inline void snp_dump_hva_rmpentry(unsigned long address) {} #endif #endif diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c index 7669b2ff0ec7..c74266e039b2 100644 --- a/arch/x86/virt/svm/sev.c +++ b/arch/x86/virt/svm/sev.c @@ -35,16 +35,21 @@ * Family 19h Model 01h, Rev B1 processor. */ struct rmpentry { - u64 assigned : 1, - pagesize : 1, - immutable : 1, - rsvd1 : 9, - gpa : 39, - asid : 10, - vmsa : 1, - validated : 1, - rsvd2 : 1; - u64 rsvd3; + union { + struct { + u64 assigned : 1, + pagesize : 1, + immutable : 1, + rsvd1 : 9, + gpa : 39, + asid : 10, + vmsa : 1, + validated : 1, + rsvd2 : 1; + }; + u64 lo; + }; + u64 hi; } __packed; /* @@ -263,3 +268,77 @@ int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level) return 0; } EXPORT_SYMBOL_GPL(snp_lookup_rmpentry); + +/* + * Dump the raw RMP entry for a particular PFN. These bits are documented in the + * PPR for a particular CPU model and provide useful information about how a + * particular PFN is being utilized by the kernel/firmware at the time certain + * unexpected events occur, such as RMP faults. + */ +static void dump_rmpentry(u64 pfn) +{ + u64 pfn_i, pfn_end; + struct rmpentry *e; + int level; + + e = __snp_lookup_rmpentry(pfn, &level); + if (IS_ERR(e)) { + pr_err("Failed to read RMP entry for PFN 0x%llx, error %ld\n", + pfn, PTR_ERR(e)); + return; + } + + if (e->assigned) { + pr_info("PFN 0x%llx, RMP entry: [0x%016llx - 0x%016llx]\n", + pfn, e->lo, e->hi); + return; + } + + /* + * If the RMP entry for a particular PFN is not in an assigned state, + * then it is sometimes useful to get an idea of whether or not any RMP + * entries for other PFNs within the same 2MB region are assigned, since + * those too can affect the ability to access a particular PFN in + * certain situations, such as when the PFN is being accessed via a 2MB + * mapping in the host page table. + */ + pfn_i = ALIGN_DOWN(pfn, PTRS_PER_PMD); + pfn_end = pfn_i + PTRS_PER_PMD; + + pr_info("PFN 0x%llx unassigned, dumping non-zero entries in 2M PFN region: [0x%llx - 0x%llx]\n", + pfn, pfn_i, pfn_end); + + while (pfn_i < pfn_end) { + e = __snp_lookup_rmpentry(pfn_i, &level); + if (IS_ERR(e)) { + pr_err("Error %ld reading RMP entry for PFN 0x%llx\n", + PTR_ERR(e), pfn_i); + pfn_i++; + continue; + } + + if (e->lo || e->hi) + pr_info("PFN: 0x%llx, [0x%016llx - 0x%016llx]\n", pfn_i, e->lo, e->hi); + pfn_i++; + } +} + +void snp_dump_hva_rmpentry(unsigned long hva) +{ + unsigned long paddr; + unsigned int level; + pgd_t *pgd; + pte_t *pte; + + pgd = __va(read_cr3_pa()); + pgd += pgd_index(hva); + pte = lookup_address_in_pgd(pgd, hva, &level); + + if (!pte) { + pr_err("Can't dump RMP entry for HVA %lx: no PTE/PFN found\n", hva); + return; + } + + paddr = PFN_PHYS(pte_pfn(*pte)) | (hva & ~page_level_mask(level)); + dump_rmpentry(PHYS_PFN(paddr)); +} From patchwork Fri Jan 26 04:11:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766952 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2056.outbound.protection.outlook.com [40.107.244.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9259E134B5; Fri, 26 Jan 2024 04:49:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.56 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244565; cv=fail; b=OGcj0zdE/j9UlTiiHWPzLy0evQRst9UdRLSGaP5tEjxq0mj8JNZcjAEnWsRpcmTbES0etFmBHTrIQpsSS5psWwJnfCbvUTwYQDApmwQ9Oo+w3nSa8tkzoxuszuxTRQlOiUmST+5DQpypW1VovLhbgVX1jKwpNg4uHPlabyXheL8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244565; c=relaxed/simple; bh=qmd0HiFjl6AgJdoM8m7Xoo3YL2eJ2Q7Q9E5NaKQQn8E=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=FsLQ4ajUEj2H1j4O12WvcSKGkybuLltZXrEGvvAKZYbq4cG4ws89zTWkz9qMGXe5ap0x/f1kbowvVd6SVVBCfivbMyTyKjenKy7iv/5/5rWp9BqO7/AHVRz24cod5aZPaTsuRtZHT/HYVfqyS03KxRRkHs07im1o638hdu6E9sE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=tkqtAq22; arc=fail smtp.client-ip=40.107.244.56 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="tkqtAq22" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=as2DK2Bfajk95Lg0jcbXcWM8yXeMmXNwYy5xj9qcrO07OWxS9uHMcZdgboZHY/QiEMjnUUXSVMk3SsuxubPGXT4ikoWuhXNzL52WHLQCy+i+QAI6lNx6jJMK/+d1iLogM0h2YVTPxIjmC1TH2jpxLJ2lREvwLIhq59lU0Xiw1QvJvmltZwXsSrbSLOXFp98/Q6tv6QajGH2mN0Z13NEhPKHgp7RevsYTv6JsDupXqrtTQNotoSFQAE85yWXp9T2YWyWUjP5ogo9A6lMqdYuoMRQAUg1bB+KaNIo82KE2Bp2sqdWhaqei7rrSm2XKfH2bVVvoZ5CBE0IjsU9olsp57A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3U3JEpITMWrdJUCfljL+TeerAiuU7ufrDQlHJ3pkGqI=; b=jlsDZ89QTE3Ca71M7pcDugcg3MOYVtUJELp3u687xd+XAqROX3J6V7B8juFc2ztutc/dcInvZiSbtk6Rbi6ymgDQvZud4+QynlOJ08m2Q0fNQ5odXnjo6q2edYvYH1DxyRVTUebdPGwmZZcAZX7mQk/FGZxIlQyS0/GsJU6jTxaR1zn5O9ca+31U3vaLig6vI8MohgYeJhAqmGWQhW9xZHsC/EMc2Vsw14iAghgJpqQiFLrUEftJ3vkonrHBhLSuyJGwbL7WoGyVl3nF4eSqUj4A1xURGSoFXaiLn5yVwONxnlP+s2v/HKVuY21T6OXtOngIiiYoHgpj0I6pVk03uw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3U3JEpITMWrdJUCfljL+TeerAiuU7ufrDQlHJ3pkGqI=; b=tkqtAq22rRfxOOf6dhvzdxc4kK1pXOStAtMkFGUfvf7XU2rfJxvcPcJu0ldQKTeElET5IhHc0T9mzyoGmPvEXfzLovU+rZB6tjDwUwhcIXhtnLbuoP1or1YqVPR+K1mArVqFGNwFcc7oPrTk0ZRREHKHYhdyBjDTrqZqkXahaKs= Received: from CH5PR02CA0001.namprd02.prod.outlook.com (2603:10b6:610:1ed::17) by DM4PR12MB5152.namprd12.prod.outlook.com (2603:10b6:5:393::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27; Fri, 26 Jan 2024 04:49:18 +0000 Received: from DS2PEPF00003440.namprd02.prod.outlook.com (2603:10b6:610:1ed:cafe::c9) by CH5PR02CA0001.outlook.office365.com (2603:10b6:610:1ed::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27 via Frontend Transport; Fri, 26 Jan 2024 04:49:18 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF00003440.mail.protection.outlook.com (10.167.18.43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:49:18 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:49:14 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh , Dave Hansen Subject: [PATCH v2 08/25] x86/traps: Define RMP violation #PF error code Date: Thu, 25 Jan 2024 22:11:08 -0600 Message-ID: <20240126041126.1927228-9-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF00003440:EE_|DM4PR12MB5152:EE_ X-MS-Office365-Filtering-Correlation-Id: 6473a4cb-ba7d-4781-7266-08dc1e2a27b6 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: EMlA1XpWP772hJ+SIi8tdaA8NpZT4Q/4+zomJ+PnNHgCfBRXcb5myQ/MfxYziLCilGju1KYixxBhtl1yBxFWwj50ToqUSDXXkVxlyPbk2pUU8zU5C23T8Uq5Xm8H++HHRJz8jw/7RkKpvH24KqYpFkPLttLM/bikHVm1v7x58CWJPy3JZtUTlyYRpagWlYuvahPqQnboHKpr62kCikhRx90BVZ5pl03TSYjku83faJOE9L0QJsJ5Zcmky/qA0h0M9JY28PPOOJcoQFLW73Hixo93nWPQDs5R+BFiygCBe0chwXIXH5BiBb63I8040HzusKahKKAudQZurGl8b6IiHzhWIY9Wvdr5+TrXNPFWk/zG0rxhRDlMmd+cc73TkBZd0dH1A46ISsB7/kvD3YWOk5zOW8FHpVe00jvAEUZzvSNTCm/urPKZ0BZNFdWbI6V/yIdYHmFrfBapcOTDbKd1kp8mkFXd8H1RzN5aGPdzZqANV+saMNwZ9JO5kqLfKxiOdErnUDL+pKRPUouLeEfTXCWwv0rylqGQo2YeoYqohfckfTI8ddSmSZQXnWg1WVbPGx0iKLZY49fg4QVGm8VeBZO6uFE8HQK63yLMtS+pbbfBF4N2I7/5HJPA3dgwrKKC2OAUVmp0+PVXgWTID3jDWk5H3QB3XLkR/m+KMkzzv62zkYpoWieCyI0Dci2a5yTX/0xl9OEtgyS1Yzwa54cQAPtMzlQ1ecFJYq45GZMyiSQ8PCUkuTQynuqFF+vrf5N081Nqo9qa12pUZ6PaMLt9tA== X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(376002)(346002)(136003)(39860400002)(396003)(230922051799003)(1800799012)(186009)(64100799003)(451199024)(82310400011)(36840700001)(40470700004)(46966006)(26005)(16526019)(2616005)(1076003)(6666004)(83380400001)(336012)(426003)(8936002)(8676002)(4326008)(44832011)(5660300002)(478600001)(6916009)(54906003)(316002)(70206006)(70586007)(86362001)(356005)(36860700001)(82740400003)(81166007)(47076005)(41300700001)(7416002)(40480700001)(40460700003)(36756003)(2906002)(7406005)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:49:18.2714 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6473a4cb-ba7d-4781-7266-08dc1e2a27b6 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF00003440.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5152 From: Brijesh Singh Bit 31 in the page fault-error bit will be set when processor encounters an RMP violation. While at it, use the BIT() macro. Signed-off-by: Brijesh Singh Signed-off by: Ashish Kalra Acked-by: Dave Hansen Signed-off-by: Michael Roth --- arch/x86/include/asm/trap_pf.h | 20 ++++++++++++-------- arch/x86/mm/fault.c | 1 + 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/arch/x86/include/asm/trap_pf.h b/arch/x86/include/asm/trap_pf.h index afa524325e55..7fc4db774dd6 100644 --- a/arch/x86/include/asm/trap_pf.h +++ b/arch/x86/include/asm/trap_pf.h @@ -2,6 +2,8 @@ #ifndef _ASM_X86_TRAP_PF_H #define _ASM_X86_TRAP_PF_H +#include /* BIT() macro */ + /* * Page fault error code bits: * @@ -13,16 +15,18 @@ * bit 5 == 1: protection keys block access * bit 6 == 1: shadow stack access fault * bit 15 == 1: SGX MMU page-fault + * bit 31 == 1: fault was due to RMP violation */ enum x86_pf_error_code { - X86_PF_PROT = 1 << 0, - X86_PF_WRITE = 1 << 1, - X86_PF_USER = 1 << 2, - X86_PF_RSVD = 1 << 3, - X86_PF_INSTR = 1 << 4, - X86_PF_PK = 1 << 5, - X86_PF_SHSTK = 1 << 6, - X86_PF_SGX = 1 << 15, + X86_PF_PROT = BIT(0), + X86_PF_WRITE = BIT(1), + X86_PF_USER = BIT(2), + X86_PF_RSVD = BIT(3), + X86_PF_INSTR = BIT(4), + X86_PF_PK = BIT(5), + X86_PF_SHSTK = BIT(6), + X86_PF_SGX = BIT(15), + X86_PF_RMP = BIT(31), }; #endif /* _ASM_X86_TRAP_PF_H */ diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c index 679b09cfe241..8805e2e20df6 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -547,6 +547,7 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code, unsigned long ad !(error_code & X86_PF_PROT) ? "not-present page" : (error_code & X86_PF_RSVD) ? "reserved bit violation" : (error_code & X86_PF_PK) ? "protection keys violation" : + (error_code & X86_PF_RMP) ? "RMP violation" : "permissions violation"); if (!(error_code & X86_PF_USER) && user_mode(regs)) { From patchwork Fri Jan 26 04:11:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766564 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2067.outbound.protection.outlook.com [40.107.244.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7406A6AD6; Fri, 26 Jan 2024 04:40:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.67 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244032; cv=fail; b=c3XI2Gf509BjeyaiBthFaCuofi2GLHPm6hkhO+ohp/v78OtHAig/su1+DBEyAwlOTEJn8ZqND0sgt0KPhLua2c6MrC8V4/kyFJ6nbeROoBblM2DSN4Xzs5sBfi+5XDiK9+R7SGKMqedfZaxO8J+wmPEEMu1A00jTiEEt8QeF66g= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244032; c=relaxed/simple; bh=kUA3x6YCqyzcVC3O6doY3zntXDSczh3Rc0wLLtMb2fc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Uq+Jvs4kWqGaTZCUyersG/MHwjI5XJaaDWkinNEpOEyjpXX8y1V/+qTGBJXcrxPDYla5YqEkENsKjxKvWeVSvkbdN1f+y007miH8m2DmWVM/jjLXFcroVstPvPEhaZ7Erc8HOAzQ/ewzIOq55HtEDJvIbq1ZsaGhjsZAtdx1KkI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=UnTD0ec+; arc=fail smtp.client-ip=40.107.244.67 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="UnTD0ec+" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oBqmHv6Evhm163A2xVGw51jnDKJk7oBcDZaIQl9U5YSYmuYfTF9L0O0wsxOuRA/IzhIWk3EbRbLoUWnJZazz79AaOvr94maFNm1IpHLz7u8PCfYieG0+hzIqXUvSJLU2o5FS3GYE4++RlWM1wWM3pNr0+ycomj/n3DDc+sMEpHJVsNlcS3EI2jBDqAzLbqZn1gD03H4WX9GlVJPCI+GVwnhANfxcV0dlL28pNCD9FWJiq+2U284vfQbNXmEjf8g8j7kL9mE+65BoIg/HcmnYRIehljjzlgKSyd3Do9c1VcOrdJekgdMcWYi4lGwrYmbT5HWGHaOqhJuhT2yQaXffcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=K9Q0YgQlJrDtGCtegnCZIrYCnCzwv6QRWqtQLd+3r9M=; b=Z4EfU93VeA/O/Xi05eRTU98/IJ8dtcrDGNaG+E/vcMULC0SQbX6mPej5mDseJ/dckNH8rl1wn7dtBlMv4RYeeMyFUs8+QVanPfZpUWf4PMLS9pqq/lsgHDDDd+OPmBNYmeDyzCh5DeRBU5cqDkq9284MQEbX2K8hHBDrfEvy10LklQWGAC+/hGCxC9eGDAu2Mp+vekT6WwRZmJT0NPnLwGzBCklnLgki8TGdZFBbPjE9q4hPJ2iwM+a7wLZPLM2OrvTy1JMPxVlIK29dOOxgbk62Rsqga6TcnshE/4C43eszTAzZoPlS7OS2M9X9OsA5wI1NH1HtxuNYjOsP7odbaw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K9Q0YgQlJrDtGCtegnCZIrYCnCzwv6QRWqtQLd+3r9M=; b=UnTD0ec+zrLSbweX3i1tEktgdOf7oPNPtl8fOyr3q13qqxe+k/ovVGTEMfI2HdMnU+pD7RjE2xcHqSigzGXvd4BjeTQMwOBkpR0oKcHzw9TMvOCbf52We7+9/MuvqTBVzqxiJ6PxshXelpv113QFDBZLQ2jvFsHDXd6n8YhcTmg= Received: from PH8PR07CA0033.namprd07.prod.outlook.com (2603:10b6:510:2cf::20) by DM4PR12MB5277.namprd12.prod.outlook.com (2603:10b6:5:390::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.26; Fri, 26 Jan 2024 04:40:26 +0000 Received: from SN1PEPF000252A0.namprd05.prod.outlook.com (2603:10b6:510:2cf:cafe::8a) by PH8PR07CA0033.outlook.office365.com (2603:10b6:510:2cf::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.26 via Frontend Transport; Fri, 26 Jan 2024 04:40:26 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF000252A0.mail.protection.outlook.com (10.167.242.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:40:25 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:40:23 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v2 09/25] x86/fault: Dump RMP table information when RMP page faults occur Date: Thu, 25 Jan 2024 22:11:09 -0600 Message-ID: <20240126041126.1927228-10-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF000252A0:EE_|DM4PR12MB5277:EE_ X-MS-Office365-Filtering-Correlation-Id: 63cd7b46-ef6d-4ba9-bb9e-08dc1e28ea4d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 5Nx1Cy9Ebf2u7ipr6PQVd3Hk4Vt9DgDqJ4l5zQAD7nViLYOd2ejLcTdz7T5HDw0WDjG7DGBvqPavv8CqB/VO5Hd2CAo24i3v8GIecOkcpRj3GTeprjV5l47B31OPaHzpRmiaS63vG9DF93icgPpYC/6Z8UOfiwgkCfthfrOQZ3y8f1P1xAVHggKQr/h8KXXxNXTcQCWL/cI9KD7SDFMkZjGh1+GV8041TVPC20RsPNGaSLS2yh1lFSp4XxexqFztWKgi0XefwUvRlI9YNoBfFCwvjzz5b9edIeXZytYcX0tM07FwVkp33r9b1DxDEAOa0rMjsFmb7nKhKtBn8h4HhE1N0nAJjYiAo61DZ2GL9zFMP6VxW6xYvWfVN/xVlvTlHSR7dNodWfZSGrKPSr9856jSVu+GtwPKXmESlZapTEdfzDOM8x49mTjfUhT4Jmw+p00ugezzMIPbFEnLJzf9Xc7T3ccMxFE4CRWxTbYeWt0W8ABJQhY2ddVGs0ymQ7celxIwCjLd477zftipvHs8vdledlYJ1fwcbKhqywqhzSmSIjT5TYov6mTr8HA9mALbAMLUSc6pUTYQVMpYnPxIroNM3wsT+l4QLexnqfTDlIrsmmpgmqsEzaOz9D06QHMTUxAAJRU4EVEYRlfsVV5R3Y3jmMwPokBvmfQuwYkEf7CQFO4ZXZ3LC4WdrA2du3wP9p6JSjJUKtruli2Sn0hzLcIAmdL3oJ9MkVNzHYMtX2f88uqbl66JoBnCKYl6+wYCPWX9lOKakRMWpAZq4KVduA== X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(396003)(346002)(376002)(136003)(39860400002)(230922051799003)(1800799012)(451199024)(82310400011)(64100799003)(186009)(40470700004)(36840700001)(46966006)(36756003)(426003)(1076003)(26005)(16526019)(2616005)(6666004)(336012)(5660300002)(7406005)(7416002)(47076005)(2906002)(44832011)(8676002)(316002)(41300700001)(478600001)(6916009)(54906003)(70206006)(36860700001)(8936002)(70586007)(4326008)(82740400003)(86362001)(81166007)(356005)(40460700003)(40480700001)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:40:25.7630 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 63cd7b46-ef6d-4ba9-bb9e-08dc1e28ea4d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF000252A0.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5277 RMP faults on kernel addresses are fatal and should never happen in practice. They indicate a bug in the host kernel somewhere. Userspace RMP faults shouldn't occur either, since even for VMs the memory used for private pages is handled by guest_memfd and by design is not mappable by userspace. Dump RMP table information about the PFN corresponding to the faulting HVA to help diagnose any issues of this sort when show_fault_oops() is triggered by an RMP fault. Signed-off-by: Michael Roth --- arch/x86/mm/fault.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c index 8805e2e20df6..859adcd123c9 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -34,6 +34,7 @@ #include /* kvm_handle_async_pf */ #include /* fixup_vdso_exception() */ #include +#include /* snp_dump_hva_rmpentry() */ #define CREATE_TRACE_POINTS #include @@ -580,6 +581,9 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code, unsigned long ad } dump_pagetable(address); + + if (error_code & X86_PF_RMP) + snp_dump_hva_rmpentry(address); } static noinline void From patchwork Fri Jan 26 04:11:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766964 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2087.outbound.protection.outlook.com [40.107.237.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0B404D510; Fri, 26 Jan 2024 04:40:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.87 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244049; cv=fail; b=g6lx3oMgCXqcKAC+FtB5C5pqIN5GtWXskoxl9ITFscwwfVNFxZTHgfSLPea21kvHUG8/NyUGBSw5P3+j5MHPXE6Otb1MHnpinnh9K0zpN+su1o7iVAupY/Ija82UhSPna/tgkgk3Zkxi18yVG3ItkJySZ+0bSGKEsJ7BSgl7M+A= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244049; c=relaxed/simple; bh=xOyI4cQWpozeRQAinbpiJ/P+FjZu5fdOtIOMxMa4fDY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=gD3y9/gEkgnGG5MnUlXWAzVzgn7WjqNKmj15agk5sCzVivLpSf82FK8JLLpyq2BmGWAwIQnnEjF2VoBq6tOkCLITmB87cDRpebyP1+lfkGtrfVJl5tDtegqsGhI+QKz77NqWUfYZ9kijq1V5rC56fG0OC8IACJyg5M2ZDV5VQfY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=moVU9MZI; arc=fail smtp.client-ip=40.107.237.87 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="moVU9MZI" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VeZrnm2e1PW48zb3oGKYqTbeBzD2zCTHbKb8kXo/mxBgEFow+yQP2g47MZ/oIEyooLTIKtITkjLsBVc2TCfpa4nSOZK1VoIH4Ayc/GUksMD0IINfR1GQnnPHcghUrWBSK46cGABSAzZwixYy4ShKWbcPqpYiH6TdcWdDGpmqehs0cg/Eowe/zSJaExRbipgQTi8QJjx+5Wd82USyTnEquxhh6qP/LP/3i8Wkgged0mO+btFOvJSfSgS19ZlfTo2ykvdVnWJYQ9rv1VwmSc0hCsHmhf48fGxaPGKRVsVusFe0l9T300Xq7Hw6pwZsvYUqqClnsq1DHkZUytCqYS6J/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5kiZwN/er7VREe8gy2nnlht7qc4XPTgKknA5h/Y9v8k=; b=ZpHer7G8Ruaqy39EaHpBXUeXNcW3FDIdM3Dk3A2I9gyoL8n2KpOHdQ+Hcw5zN5qfV+AmJm9z5vqdNpZzKMFHcLnpW5WV8qE3Nd7o7Rs0artCeRBVIUEw6GR5LPnG8z+SkytTQW5opnggBOGBl3l8fFJ6lhEyzJAEJIiHSLbvVnnYPqMxYT8eMpnV01CKEBA4KNUTzZ2spASBhfpJkHETolci40Adk3cMUO/Zaq2p/ubyezgmsMf5DdUGrieiH5+3EPyk+oo29jRpzAWOuPv6FXeR83MILhgLFaT2bZLpsnG3axmryE0hyw3o2nKlwE4A/MzrKPs+S/x8VT5oEtM+lg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5kiZwN/er7VREe8gy2nnlht7qc4XPTgKknA5h/Y9v8k=; b=moVU9MZIEPloTUJXqQONJrCUv+0Cw36CAG6mHvA8kOjihXtLloY+2jKWiNQfskwrcPbk70qMG0lfM5rCCJLmgPWHDeBqM0NTlOeJKBxFpHcp+2o9CBVCiu/9CVDiblkeXaYYjCooYxaqUequUqg0WgutiAOJQdwL6MBeqnG7tGU= Received: from BYAPR07CA0032.namprd07.prod.outlook.com (2603:10b6:a02:bc::45) by DM4PR12MB5344.namprd12.prod.outlook.com (2603:10b6:5:39a::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.26; Fri, 26 Jan 2024 04:40:45 +0000 Received: from MWH0EPF000971E6.namprd02.prod.outlook.com (2603:10b6:a02:bc:cafe::46) by BYAPR07CA0032.outlook.office365.com (2603:10b6:a02:bc::45) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7202.37 via Frontend Transport; Fri, 26 Jan 2024 04:40:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000971E6.mail.protection.outlook.com (10.167.243.74) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:40:44 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:40:43 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh Subject: [PATCH v2 10/25] x86/sev: Add helper functions for RMPUPDATE and PSMASH instruction Date: Thu, 25 Jan 2024 22:11:10 -0600 Message-ID: <20240126041126.1927228-11-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000971E6:EE_|DM4PR12MB5344:EE_ X-MS-Office365-Filtering-Correlation-Id: fa54b2f0-6fe3-4570-8bbf-08dc1e28f5ab X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: WfJ1hAzRyglTd9I7ruhZxVOS5k4L25u9zbwuRLnd6NkdjdukB5XeeCayEROD8I3+6wLXMHRtP5MnM3lAZZoM58zVrVtg635HeR2k9flfOP005GgxjksLL3ObpbhJFYiPfMgmcpl3f93ooJ+F6B+tbtd70VjVvTW692/zaZdlAkmnqiVg5xl5KtUmZHpDmELpqeuHLsEUovauqfFakQsylFfmg9YLud8YV0XtwfW2l/sIsfTdDziQa1QbE7H7v40+398BOVAMTezVsVMJHDw4lEjcu4AF0wo9+/DvN38NEplgN9CDb/qyaPuVTx/E5Pifn5s+tESmKKyBMaAV0iT//WGvHALm0QVeuPwv9KWYubBmc2fM9nmdywMR4vUv+JrXl3vych13xqFBqi96rGZ0T9XRtf2CzcjPnzeLHYD1mB1NmX8rtc54m6rcsnYtrzMFOcCcZbNVTK8vyjF1KUYZKbgnXE2XCS/MgkbPPlo9rs+/iUe+h/w9zqVzmVGIOYREYziiKZ3fHxzYlpOZihVrRZaUsq5u6LOBCJix7NkRGr8fiflfsAbr5PbHsaA57AZI7yOUQN5+fqu9/DKBmdkwA0WUWBcztqpiTbVesQn526Dj+PnGYCkH8g0GQRBevDmkkmIBp6stCKSciDMco2al1f6GAYvtLtnjzTDQwiyZxPVTEGhnGHc9/jZXcBGEqCRhb6Nil0i+1ucQNtoP5fxp79Y9opwWiv4Gh7Yu2YjKT92FtUWhemGbGt8EAAJOdZPmVmVQneLWcpZGpDbGFJuxeQ== X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(39860400002)(396003)(376002)(136003)(346002)(230922051799003)(64100799003)(186009)(451199024)(82310400011)(1800799012)(40470700004)(36840700001)(46966006)(47076005)(36860700001)(16526019)(8936002)(336012)(426003)(41300700001)(5660300002)(36756003)(83380400001)(478600001)(8676002)(4326008)(26005)(86362001)(70586007)(70206006)(44832011)(6916009)(54906003)(316002)(1076003)(2616005)(7406005)(2906002)(7416002)(6666004)(40460700003)(40480700001)(356005)(81166007)(82740400003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:40:44.7547 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fa54b2f0-6fe3-4570-8bbf-08dc1e28f5ab X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000971E6.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5344 From: Brijesh Singh The RMPUPDATE instruction updates the access restrictions for a page via its corresponding entry in the RMP Table. The hypervisor will use the instruction to enforce various access restrictions on pages used for confidential guests and other specialized functionality. See APM3 for details on the instruction operations. The PSMASH instruction expands a 2MB RMP entry in the RMP table into a corresponding set of contiguous 4KB RMP entries while retaining the state of the validated bit from the original 2MB RMP entry. The hypervisor will use this instruction in cases where it needs to re-map a page as 4K rather than 2MB in a guest's nested page table. Add helpers to make use of these instructions. Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra [mdr: add RMPUPDATE retry logic for transient FAIL_OVERLAP errors] Signed-off-by: Michael Roth Reviewed-by: Liam Merwick --- arch/x86/include/asm/sev.h | 23 ++++++++++ arch/x86/virt/svm/sev.c | 92 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 115 insertions(+) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 2c53e3de0b71..d3ccb7a0c7e9 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -87,10 +87,23 @@ extern bool handle_vc_boot_ghcb(struct pt_regs *regs); /* Software defined (when rFlags.CF = 1) */ #define PVALIDATE_FAIL_NOUPDATE 255 +/* RMUPDATE detected 4K page and 2MB page overlap. */ +#define RMPUPDATE_FAIL_OVERLAP 4 + /* RMP page size */ #define RMP_PG_SIZE_4K 0 #define RMP_PG_SIZE_2M 1 #define RMP_TO_PG_LEVEL(level) (((level) == RMP_PG_SIZE_4K) ? PG_LEVEL_4K : PG_LEVEL_2M) +#define PG_LEVEL_TO_RMP(level) (((level) == PG_LEVEL_4K) ? RMP_PG_SIZE_4K : RMP_PG_SIZE_2M) + +struct rmp_state { + u64 gpa; + u8 assigned; + u8 pagesize; + u8 immutable; + u8 rsvd; + u32 asid; +} __packed; #define RMPADJUST_VMSA_PAGE_BIT BIT(16) @@ -248,10 +261,20 @@ static inline u64 sev_get_status(void) { return 0; } bool snp_probe_rmptable_info(void); int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level); void snp_dump_hva_rmpentry(unsigned long address); +int psmash(u64 pfn); +int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, int asid, bool immutable); +int rmp_make_shared(u64 pfn, enum pg_level level); #else static inline bool snp_probe_rmptable_info(void) { return false; } static inline int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level) { return -ENODEV; } static inline void snp_dump_hva_rmpentry(unsigned long address) {} +static inline int psmash(u64 pfn) { return -ENODEV; } +static inline int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, int asid, + bool immutable) +{ + return -ENODEV; +} +static inline int rmp_make_shared(u64 pfn, enum pg_level level) { return -ENODEV; } #endif #endif diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c index c74266e039b2..16b3d8139649 100644 --- a/arch/x86/virt/svm/sev.c +++ b/arch/x86/virt/svm/sev.c @@ -342,3 +342,95 @@ void snp_dump_hva_rmpentry(unsigned long hva) paddr = PFN_PHYS(pte_pfn(*pte)) | (hva & ~page_level_mask(level)); dump_rmpentry(PHYS_PFN(paddr)); } + +/* + * PSMASH a 2MB aligned page into 4K pages in the RMP table while preserving the + * Validated bit. + */ +int psmash(u64 pfn) +{ + unsigned long paddr = pfn << PAGE_SHIFT; + int ret; + + if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + return -ENODEV; + + if (!pfn_valid(pfn)) + return -EINVAL; + + /* Binutils version 2.36 supports the PSMASH mnemonic. */ + asm volatile(".byte 0xF3, 0x0F, 0x01, 0xFF" + : "=a" (ret) + : "a" (paddr) + : "memory", "cc"); + + return ret; +} +EXPORT_SYMBOL_GPL(psmash); + +/* + * It is expected that those operations are seldom enough so that no mutual + * exclusion of updaters is needed and thus the overlap error condition below + * should happen very seldomly and would get resolved relatively quickly by + * the firmware. + * + * If not, one could consider introducing a mutex or so here to sync concurrent + * RMP updates and thus diminish the amount of cases where firmware needs to + * lock 2M ranges to protect against concurrent updates. + * + * The optimal solution would be range locking to avoid locking disjoint + * regions unnecessarily but there's no support for that yet. + */ +static int rmpupdate(u64 pfn, struct rmp_state *state) +{ + unsigned long paddr = pfn << PAGE_SHIFT; + int ret; + + if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + return -ENODEV; + + do { + /* Binutils version 2.36 supports the RMPUPDATE mnemonic. */ + asm volatile(".byte 0xF2, 0x0F, 0x01, 0xFE" + : "=a" (ret) + : "a" (paddr), "c" ((unsigned long)state) + : "memory", "cc"); + } while (ret == RMPUPDATE_FAIL_OVERLAP); + + if (ret) { + pr_err("RMPUPDATE failed for PFN %llx, ret: %d\n", pfn, ret); + dump_rmpentry(pfn); + dump_stack(); + return -EFAULT; + } + + return 0; +} + +/* Transition a page to guest-owned/private state in the RMP table. */ +int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, int asid, bool immutable) +{ + struct rmp_state state; + + memset(&state, 0, sizeof(state)); + state.assigned = 1; + state.asid = asid; + state.immutable = immutable; + state.gpa = gpa; + state.pagesize = PG_LEVEL_TO_RMP(level); + + return rmpupdate(pfn, &state); +} +EXPORT_SYMBOL_GPL(rmp_make_private); + +/* Transition a page to hypervisor-owned/shared state in the RMP table. */ +int rmp_make_shared(u64 pfn, enum pg_level level) +{ + struct rmp_state state; + + memset(&state, 0, sizeof(state)); + state.pagesize = PG_LEVEL_TO_RMP(level); + + return rmpupdate(pfn, &state); +} +EXPORT_SYMBOL_GPL(rmp_make_shared); From patchwork Fri Jan 26 04:11:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766963 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2070.outbound.protection.outlook.com [40.107.212.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9F6D911701; Fri, 26 Jan 2024 04:41:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.212.70 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244100; cv=fail; b=OphD8OxLeuo3Ciz77PHfk+J3SRa2Nb1VU6NsK0YDBipC471GSwqtXda9hXTBMNGOQUtjD30PmvrlvpchHBJJxVEBNk31afYw/vV2GVCW1QwX5C58GEJwkc7prTdKje/W+PN2dh8p7Gg+/xp74tY8qf30hhz9OxP7AiuLwLdHW9Y= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244100; c=relaxed/simple; bh=oMhffWMH4gBDKpXTOEQua4Uit8ORyMhn4p8Xg1w3Dp4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=TQQ83IxGD2OnzCkBU7cXeo4Cx8BVGRyCjhysexdy+cnrRbMxFrv1CECXToW45iFNzrvA0c9kOOy94gpIwyl/TdFDUyUU/9HKPtDM1lYOjWQ7pRmXU40aqb1RIQqwETi3LSZzMbuopAuIik0BxSPnZuSdglVzHTyBkw7TJxNM9Ko= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=S1OFy/N+; arc=fail smtp.client-ip=40.107.212.70 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="S1OFy/N+" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fO4d3+LsIpzF4A9aewJtDNAS5cz80Tm76FCsb7V1BeCa49AF+Aw1GXEVxAGWHVBXn27eRY7V+JwGddDd9L3TFqKT0WLQBuc8qzjQcjycCzbpzrB7ljaPuwTa1ZX1VkdRXQIiT3Cnohq5Ri4RcJum84zweRieqU/z4VBx/0VXqNFCHSG6GfB8Xa0JfBC53VTzNfB4fLPvHJ2eVAv4m65IcJjzW1FcARR7aEPAPrRPEmZmuL1yo21qubGeHodG+FAyH9s/nfXbvMcTMdMHfZw25COQrdhDtQ9sley+9eeg4iSvPrD4hhe/0hp8tl0K0vmi/q+/HjUfujWA5RJb/buWVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ieXJvlkx0ARe4Dlb1EX+7YF5/vwoMHH96EazENT13Fs=; b=P5YTGBuosp3dA87a1NT+FIDR5RfnSqRMfDivs543Ih7nktM7cx9vhekEnWAyI4cT2z7KDSXhmhr0j3yenQf/UOy/fo58nDdB9CYW3ygI26IsajKpcZDuhYLD0+HgpZuBUzG9kcN9e554Cvl9E4sGgHWQSpF6mrWAf6DiYg8ylZ75mW6WWFynZg/R2s6P3XwFy+pVoT+dbkGiNiHJu9ebfQiaqdnKfvcznaErTNL9WhuqtJRuywdxtM5rsOGvG9C9My6N4OKqp5LlHY0J1wsJx9dD3jut6eLzNnyXWAkSPQV7o/cu1YjZzTYstKAYiSUQxwurbyARb7eE/gQLhx/nJA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ieXJvlkx0ARe4Dlb1EX+7YF5/vwoMHH96EazENT13Fs=; b=S1OFy/N+fIm6BHMIkkW3Npopu4kla6Oix4WQ7HWEgZDSlzhvUQYXCveRWUssMnQHlHGJlRWny6A+ahf0Aixk8z6O7VvJIBNDEophXv7xt1kGjH40ZR08wric2965EnVtVwcqzaiU2fzy7EpMjg/cjXnblq+eYHC7A9cqTyUMkm8= Received: from MW4PR03CA0279.namprd03.prod.outlook.com (2603:10b6:303:b5::14) by IA1PR12MB6233.namprd12.prod.outlook.com (2603:10b6:208:3e7::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.24; Fri, 26 Jan 2024 04:41:35 +0000 Received: from MWH0EPF000971E4.namprd02.prod.outlook.com (2603:10b6:303:b5:cafe::10) by MW4PR03CA0279.outlook.office365.com (2603:10b6:303:b5::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.26 via Frontend Transport; Fri, 26 Jan 2024 04:41:34 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000971E4.mail.protection.outlook.com (10.167.243.72) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:41:34 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:41:32 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v2 11/25] x86/sev: Adjust directmap to avoid inadvertant RMP faults Date: Thu, 25 Jan 2024 22:11:11 -0600 Message-ID: <20240126041126.1927228-12-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000971E4:EE_|IA1PR12MB6233:EE_ X-MS-Office365-Filtering-Correlation-Id: 443f62dd-9e6a-4b06-a1b7-08dc1e291371 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: lqKkq3OIPj0YoZqJN8zaR/lu25NFzon3JReU10qoBWHzdU8K92JplpoQV2Z/f4FbpwraHSTbGQuPByj7elzh+QeitFwCwO4oXaR84MiO85vX5WZyfneIdnQOd3mpZWCVV/AG7UztY8TkV+ofmZcDGt3ETU5fyRFyHw8WMmP+M049LwEgG/gcOpLVLd/ZeA70WkSZ4xLDyF0HFux3LEdu+MhgEkEwhRDxqXtDWSSgeoqKdGG4338NjFn8gsAjBn4nc7zFZ2hBImfh73bAGfxKZllDBqRTFwLno4WJy1q4lGD+1EcYjHddGX4xei44/uqxjzksJ72ErRPe7iW/VQGV1yDBosaXyOYxY4m7H02hMGszex3cbb8v3dCU2QBvjMmuamJ1/vwtdSMUnWc0HTPDAqlQSma/pZwW6L378u9RxDKTYMnJSqGLAkbG0K0tJWNA1gzulDiuOx6fssgNLjiziOHVwtvtQvJg88ppm8lgeFBtirn2Uqcm6mJj1Y1A7gqGX30AOxMMFhrEcm4Mg2aYE94iMlm/HkjNFU5o9F7NZ+OkwzMrK19F8lj8tzSEWGFkOF57apaF5vBhosnKm025XLdkCwrHXkYXRX8SiRpj+JlxkVtfPSCj8LaWe2ulnYh14q9fnVzYaQBOs/KPANa0ZfpfMhB6oz8a09ZUIslfu4pLtSBLulnqi2n24J7d59LJjg3NqN4lvvIQKWKT7OlXijiE3CBqX0hu1Yxb6nUjqhvvNkxmPhG6fUtCQMsJwkVjmg13CZZKe+1MP9F1DT7Mmg== X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(346002)(376002)(396003)(39860400002)(136003)(230922051799003)(64100799003)(186009)(1800799012)(82310400011)(451199024)(40470700004)(46966006)(36840700001)(40460700003)(40480700001)(83380400001)(47076005)(41300700001)(356005)(86362001)(81166007)(36756003)(82740400003)(426003)(1076003)(5660300002)(36860700001)(2616005)(26005)(16526019)(336012)(70206006)(54906003)(70586007)(478600001)(6666004)(316002)(6916009)(2906002)(4326008)(44832011)(7406005)(7416002)(8676002)(8936002)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:41:34.6911 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 443f62dd-9e6a-4b06-a1b7-08dc1e291371 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000971E4.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB6233 If the kernel uses a 2MB or larger directmap mapping to write to an address, and that mapping contains any 4KB pages that are set to private in the RMP table, an RMP #PF will trigger and cause a host crash. SNP-aware code that owns the private PFNs will never attempt such a write, but other kernel tasks writing to other PFNs in the range may trigger these checks inadvertantly due to writing to those other PFNs via a large directmap mapping that happens to also map a private PFN. Prevent this by splitting any 2MB+ mappings that might end up containing a mix of private/shared PFNs as a result of a subsequent RMPUPDATE for the PFN/rmp_level passed in. Another way to handle this would be to limit the directmap to 4K mappings in the case of hosts that support SNP, but there is potential risk for performance regressions of certain host workloads. Handling it as-needed results in the directmap being slowly split over time, which lessens the risk of a performance regression since the more the directmap gets split as a result of running SNP guests, the more likely the host is being used primarily to run SNP guests, where a mostly-split directmap is actually beneficial since there is less chance of TLB flushing and cpa_lock contention being needed to perform these splits. Cases where a host knows in advance it wants to primarily run SNP guests and wishes to pre-split the directmap can be handled by adding a tuneable in the future, but preliminary testing has shown this to not provide a signficant benefit in the common case of guests that are backed primarily by 2MB THPs, so it does not seem to be warranted currently and can be added later if a need arises in the future. Signed-off-by: Michael Roth --- arch/x86/virt/svm/sev.c | 75 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 73 insertions(+), 2 deletions(-) diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c index 16b3d8139649..1a13eff78c9d 100644 --- a/arch/x86/virt/svm/sev.c +++ b/arch/x86/virt/svm/sev.c @@ -368,6 +368,71 @@ int psmash(u64 pfn) } EXPORT_SYMBOL_GPL(psmash); +/* + * If the kernel uses a 2MB or larger directmap mapping to write to an address, + * and that mapping contains any 4KB pages that are set to private in the RMP + * table, an RMP #PF will trigger and cause a host crash. Hypervisor code that + * owns the PFNs being transitioned will never attempt such a write, but other + * kernel tasks writing to other PFNs in the range may trigger these checks + * inadvertantly due a large directmap mapping that happens to overlap such a + * PFN. + * + * Prevent this by splitting any 2MB+ mappings that might end up containing a + * mix of private/shared PFNs as a result of a subsequent RMPUPDATE for the + * PFN/rmp_level passed in. + * + * Note that there is no attempt here to scan all the RMP entries for the 2MB + * physical range, since it would only be worthwhile in determining if a + * subsequent RMPUPDATE for a 4KB PFN would result in all the entries being of + * the same shared/private state, thus avoiding the need to split the mapping. + * But that would mean the entries are currently in a mixed state, and so the + * mapping would have already been split as a result of prior transitions. + * And since the 4K split is only done if the mapping is 2MB+, and there isn't + * currently a mechanism in place to restore 2MB+ mappings, such a check would + * not provide any usable benefit. + * + * More specifics on how these checks are carried out can be found in APM + * Volume 2, "RMP and VMPL Access Checks". + */ +static int adjust_direct_map(u64 pfn, int rmp_level) +{ + unsigned long vaddr = (unsigned long)pfn_to_kaddr(pfn); + unsigned int level; + int npages, ret; + pte_t *pte; + + /* Only 4KB/2MB RMP entries are supported by current hardware. */ + if (WARN_ON_ONCE(rmp_level > PG_LEVEL_2M)) + return -EINVAL; + + if (WARN_ON_ONCE(rmp_level == PG_LEVEL_2M && !IS_ALIGNED(pfn, PTRS_PER_PMD))) + return -EINVAL; + + /* + * If an entire 2MB physical range is being transitioned, then there is + * no risk of RMP #PFs due to write accesses from overlapping mappings, + * since even accesses from 1GB mappings will be treated as 2MB accesses + * as far as RMP table checks are concerned. + */ + if (rmp_level == PG_LEVEL_2M) + return 0; + + pte = lookup_address(vaddr, &level); + if (!pte || pte_none(*pte)) + return 0; + + if (level == PG_LEVEL_4K) + return 0; + + npages = page_level_size(rmp_level) / PAGE_SIZE; + ret = set_memory_4k(vaddr, npages); + if (ret) + pr_warn("Failed to split direct map for PFN 0x%llx, ret: %d\n", + pfn, ret); + + return ret; +} + /* * It is expected that those operations are seldom enough so that no mutual * exclusion of updaters is needed and thus the overlap error condition below @@ -384,11 +449,16 @@ EXPORT_SYMBOL_GPL(psmash); static int rmpupdate(u64 pfn, struct rmp_state *state) { unsigned long paddr = pfn << PAGE_SHIFT; - int ret; + int ret, level; if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) return -ENODEV; + level = RMP_TO_PG_LEVEL(state->pagesize); + + if (adjust_direct_map(pfn, level)) + return -EFAULT; + do { /* Binutils version 2.36 supports the RMPUPDATE mnemonic. */ asm volatile(".byte 0xF2, 0x0F, 0x01, 0xFE" @@ -398,7 +468,8 @@ static int rmpupdate(u64 pfn, struct rmp_state *state) } while (ret == RMPUPDATE_FAIL_OVERLAP); if (ret) { - pr_err("RMPUPDATE failed for PFN %llx, ret: %d\n", pfn, ret); + pr_err("RMPUPDATE failed for PFN %llx, pg_level: %d, ret: %d\n", + pfn, level, ret); dump_rmpentry(pfn); dump_stack(); return -EFAULT; From patchwork Fri Jan 26 04:11:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766562 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2069.outbound.protection.outlook.com [40.107.243.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BE09511185; Fri, 26 Jan 2024 04:41:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.69 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244120; cv=fail; b=qhr8l3bYJDVtrwcTxX3UiOMWJRqR4uth2L3bLNe2Rjt+6dOWx7EtO6gHAoMMSQRJZRe8yWfgpsj6T1pBC7fG5xy7yzk1LsI8XNmrf5SFKKngZMmU+64kc8gL15grIsCl45tgr0d2QQ7es8VsfHJSlHU3CL+VN6Fp9W4JezgxybM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244120; c=relaxed/simple; bh=aOy2/olMr0teb3g3T30dDY1SNksUSnENCO97rOG7yuU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=TDJzWGNf4Ml3aPnxdfVeem87oXx99zux4e6JWjwd6NeoAEwmg1hHgcZrd7C1erpkFqEFDhR7dH4AdDosU2QPise75AocFmjsZAtmqoz7rpHQA0uVfynEkDPKEkvI0j1fzGei0mWESu/xenyb4abQOsWo+RRoW1of4uXqdLRK5As= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=UBqDzf6H; arc=fail smtp.client-ip=40.107.243.69 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="UBqDzf6H" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Iwgkqbrk6TJ7N+k5EExU4f6blUeAM3R4Q9tOU8I5s0zNGvYrUOyJM+VRQ+YQPKh4F50C1kLc4QmcLz7m2x6NI2pjYN/h6JK2fqynzpYfqdiVrM/nccVvJdo2/VLm+FGPk65yVqWYP2JqyHtExq8iIT4NaGpU7RKFBJFildkyZXNXo8nm39KYhYpxnAP9Gc1SAU2BLHf6gquce6dlrdfHTnXTieuXjsPu1luIQlVD7bY+F6TSJLf4b+EA0PxJGD96sUguTZ5yydU2un99SGNffzgT49xoXl6x89yfAiBsbilBqgfh4yOsWqGzqMF18JUMIeTCKCrNR1GdxEfdwJC1Ow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JMQff3xMrtTAk9jHUzlJLddFasX2fCuSYJJ9cnssB5s=; b=Hsko0JEoJkmgV/NRFaOLekBgZ1V1TgWHh0EHMayVPGcTBPCnxGiESB9C+G/+LWux4ucSNlEQb04unoOg28HjlalP4LekRdnuirMIKagBU6/yFB3ZndWBAxQMqW8URTtBzJFEOak0sym+mftjSOkuFJNhNF8RKprke2cveoBvfFoYBxC89vO0yjXpovPxEYylVxTf4+aOi5eYVyRjLRpxeCPYtyNjiiXLlAYnrZp/d2BJyU/wH2cMxfgQmcjY2yzw9K4k2AbhrN4YhKd7tOKu5qT9I+a6vVHGlf5VenzJclq/jjjWZTPmy6XGQB4MidGzC4m58KdplqUSJfeFjEuy+w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JMQff3xMrtTAk9jHUzlJLddFasX2fCuSYJJ9cnssB5s=; b=UBqDzf6Hi29E3U8MWsqVYWhcQ2v2kUoyFukIbY4n8lsn1pxkH+OLeC71npOXmdyd6mYNjWBTpTBrh7lY6n2RHQXFiSt0rAfS1pE9dLdPXbAk45+Le4K7MkZ1aw3v0qmtJCgc08HAYOyKVcPtNaBkSfT7kCCwSAGD+Glwsh9UuNQ= Received: from MW4PR02CA0009.namprd02.prod.outlook.com (2603:10b6:303:16d::20) by DM4PR12MB7765.namprd12.prod.outlook.com (2603:10b6:8:113::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.22; Fri, 26 Jan 2024 04:41:54 +0000 Received: from MWH0EPF000971E8.namprd02.prod.outlook.com (2603:10b6:303:16d:cafe::69) by MW4PR02CA0009.outlook.office365.com (2603:10b6:303:16d::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27 via Frontend Transport; Fri, 26 Jan 2024 04:41:54 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000971E8.mail.protection.outlook.com (10.167.243.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:41:53 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:41:52 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh Subject: [PATCH v2 12/25] crypto: ccp: Define the SEV-SNP commands Date: Thu, 25 Jan 2024 22:11:12 -0600 Message-ID: <20240126041126.1927228-13-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000971E8:EE_|DM4PR12MB7765:EE_ X-MS-Office365-Filtering-Correlation-Id: 7f09d903-e00e-4fd8-187b-08dc1e291edf X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: stQ6lE2yg+RufQX99qT6q2Hl70WebvoleNAoZLUCmy45c9TP8k0s89T+BFImcyr3EvpmUJKGYhiYEgCToiOx52qevUx2F/d0XWkCFDyaxlT5dHdqeqRmCxztv8yUEb7e79K4T+CcSk3vCVHUqNt2KNMpghaOsr/v/sqgGbNwjfz85r72xWv0gLxSSBMR3nhNNjoxokTG/IoQsCy5AlcyPhnNXp8sh2bDEwG1O4Cz7kZTKZKLNBLZ+/V0EJEmfrn7esr2KExH7FOOtlF5aGflhTeRHlmiE8RVY64EXJZ9+VVqeLv8WsIFqrTaLTp3Gm2MY3HPOLQq8XN0ba4TCBWJ+t7fvi7M4H5dcFvGKgoM6YNqGEjnY8n/s6bV005S93zTShYDLGyZ1UU+0046jubhHVMuDPeI3G0a20S7oFxJd6vjxA7D8z1ASN8QYfi0zis6FdC+g/aUKIxRcAk4zAMfKEXDo3g3JrxJZCU3/JquR1NgmVugSe7S/UIPaCpgMiFfpBCUuzql7+Hiqc4VO/6pbLbrlMU8mSQxFC3RwMfXMpEWqQrMSVbMHq7JfVcwBYcmRt4opakcv9q6IYbxaH8uUZD4gtiF5asJCbuJuKkyGbBY/5NnowPJRtceFPi/AAQ3TyOsWJMlRQqkuSMEByo9+W9h8y+X7FDKFQ17bxszgYROdV8cGUCfQd1s02pgTN1nG2owuqpA6wOt5JvhiufF9LzfYtA0Bn3CXcVto+48tWsePXhC73ZOrXUdXAAJR7KV/5AOiBoPi5gBDaxkEm+buA== X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(39860400002)(346002)(376002)(396003)(136003)(230922051799003)(64100799003)(82310400011)(1800799012)(186009)(451199024)(46966006)(36840700001)(40470700004)(40480700001)(40460700003)(84970400001)(83380400001)(336012)(41300700001)(356005)(86362001)(36756003)(426003)(82740400003)(81166007)(2616005)(26005)(1076003)(30864003)(47076005)(36860700001)(8676002)(16526019)(70206006)(6666004)(6916009)(54906003)(7406005)(2906002)(316002)(478600001)(70586007)(44832011)(8936002)(5660300002)(7416002)(4326008)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:41:53.8791 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7f09d903-e00e-4fd8-187b-08dc1e291edf X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000971E8.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB7765 From: Brijesh Singh AMD introduced the next generation of SEV called SEV-SNP (Secure Nested Paging). SEV-SNP builds upon existing SEV and SEV-ES functionality while adding new hardware security protection. Define the commands and structures used to communicate with the AMD-SP when creating and managing the SEV-SNP guests. The SEV-SNP firmware spec is available at developer.amd.com/sev. Signed-off-by: Brijesh Singh Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra [mdr: update SNP command list and SNP status struct based on current spec, use C99 flexible arrays, fix kernel-doc issues] Signed-off-by: Michael Roth --- drivers/crypto/ccp/sev-dev.c | 16 +++ include/linux/psp-sev.h | 265 +++++++++++++++++++++++++++++++++++ include/uapi/linux/psp-sev.h | 56 ++++++++ 3 files changed, 337 insertions(+) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index e4d3f45242f6..e38986d39b63 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -130,6 +130,8 @@ static int sev_cmd_buffer_len(int cmd) switch (cmd) { case SEV_CMD_INIT: return sizeof(struct sev_data_init); case SEV_CMD_INIT_EX: return sizeof(struct sev_data_init_ex); + case SEV_CMD_SNP_SHUTDOWN_EX: return sizeof(struct sev_data_snp_shutdown_ex); + case SEV_CMD_SNP_INIT_EX: return sizeof(struct sev_data_snp_init_ex); case SEV_CMD_PLATFORM_STATUS: return sizeof(struct sev_user_data_status); case SEV_CMD_PEK_CSR: return sizeof(struct sev_data_pek_csr); case SEV_CMD_PEK_CERT_IMPORT: return sizeof(struct sev_data_pek_cert_import); @@ -158,6 +160,20 @@ static int sev_cmd_buffer_len(int cmd) case SEV_CMD_GET_ID: return sizeof(struct sev_data_get_id); case SEV_CMD_ATTESTATION_REPORT: return sizeof(struct sev_data_attestation_report); case SEV_CMD_SEND_CANCEL: return sizeof(struct sev_data_send_cancel); + case SEV_CMD_SNP_GCTX_CREATE: return sizeof(struct sev_data_snp_addr); + case SEV_CMD_SNP_LAUNCH_START: return sizeof(struct sev_data_snp_launch_start); + case SEV_CMD_SNP_LAUNCH_UPDATE: return sizeof(struct sev_data_snp_launch_update); + case SEV_CMD_SNP_ACTIVATE: return sizeof(struct sev_data_snp_activate); + case SEV_CMD_SNP_DECOMMISSION: return sizeof(struct sev_data_snp_addr); + case SEV_CMD_SNP_PAGE_RECLAIM: return sizeof(struct sev_data_snp_page_reclaim); + case SEV_CMD_SNP_GUEST_STATUS: return sizeof(struct sev_data_snp_guest_status); + case SEV_CMD_SNP_LAUNCH_FINISH: return sizeof(struct sev_data_snp_launch_finish); + case SEV_CMD_SNP_DBG_DECRYPT: return sizeof(struct sev_data_snp_dbg); + case SEV_CMD_SNP_DBG_ENCRYPT: return sizeof(struct sev_data_snp_dbg); + case SEV_CMD_SNP_PAGE_UNSMASH: return sizeof(struct sev_data_snp_page_unsmash); + case SEV_CMD_SNP_PLATFORM_STATUS: return sizeof(struct sev_data_snp_addr); + case SEV_CMD_SNP_GUEST_REQUEST: return sizeof(struct sev_data_snp_guest_request); + case SEV_CMD_SNP_CONFIG: return sizeof(struct sev_user_data_snp_config); default: return 0; } diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 7fd17e82bab4..006e4cdbeb78 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -78,6 +78,36 @@ enum sev_cmd { SEV_CMD_DBG_DECRYPT = 0x060, SEV_CMD_DBG_ENCRYPT = 0x061, + /* SNP specific commands */ + SEV_CMD_SNP_INIT = 0x081, + SEV_CMD_SNP_SHUTDOWN = 0x082, + SEV_CMD_SNP_PLATFORM_STATUS = 0x083, + SEV_CMD_SNP_DF_FLUSH = 0x084, + SEV_CMD_SNP_INIT_EX = 0x085, + SEV_CMD_SNP_SHUTDOWN_EX = 0x086, + SEV_CMD_SNP_DECOMMISSION = 0x090, + SEV_CMD_SNP_ACTIVATE = 0x091, + SEV_CMD_SNP_GUEST_STATUS = 0x092, + SEV_CMD_SNP_GCTX_CREATE = 0x093, + SEV_CMD_SNP_GUEST_REQUEST = 0x094, + SEV_CMD_SNP_ACTIVATE_EX = 0x095, + SEV_CMD_SNP_LAUNCH_START = 0x0A0, + SEV_CMD_SNP_LAUNCH_UPDATE = 0x0A1, + SEV_CMD_SNP_LAUNCH_FINISH = 0x0A2, + SEV_CMD_SNP_DBG_DECRYPT = 0x0B0, + SEV_CMD_SNP_DBG_ENCRYPT = 0x0B1, + SEV_CMD_SNP_PAGE_SWAP_OUT = 0x0C0, + SEV_CMD_SNP_PAGE_SWAP_IN = 0x0C1, + SEV_CMD_SNP_PAGE_MOVE = 0x0C2, + SEV_CMD_SNP_PAGE_MD_INIT = 0x0C3, + SEV_CMD_SNP_PAGE_SET_STATE = 0x0C6, + SEV_CMD_SNP_PAGE_RECLAIM = 0x0C7, + SEV_CMD_SNP_PAGE_UNSMASH = 0x0C8, + SEV_CMD_SNP_CONFIG = 0x0C9, + SEV_CMD_SNP_DOWNLOAD_FIRMWARE_EX = 0x0CA, + SEV_CMD_SNP_COMMIT = 0x0CB, + SEV_CMD_SNP_VLEK_LOAD = 0x0CD, + SEV_CMD_MAX, }; @@ -523,6 +553,241 @@ struct sev_data_attestation_report { u32 len; /* In/Out */ } __packed; +/** + * struct sev_data_snp_download_firmware - SNP_DOWNLOAD_FIRMWARE command params + * + * @address: physical address of firmware image + * @len: length of the firmware image + */ +struct sev_data_snp_download_firmware { + u64 address; /* In */ + u32 len; /* In */ +} __packed; + +/** + * struct sev_data_snp_activate - SNP_ACTIVATE command params + * + * @gctx_paddr: system physical address guest context page + * @asid: ASID to bind to the guest + */ +struct sev_data_snp_activate { + u64 gctx_paddr; /* In */ + u32 asid; /* In */ +} __packed; + +/** + * struct sev_data_snp_addr - generic SNP command params + * + * @address: physical address of generic data param + */ +struct sev_data_snp_addr { + u64 address; /* In/Out */ +} __packed; + +/** + * struct sev_data_snp_launch_start - SNP_LAUNCH_START command params + * + * @gctx_paddr: system physical address of guest context page + * @policy: guest policy + * @ma_gctx_paddr: system physical address of migration agent + * @ma_en: the guest is associated with a migration agent + * @imi_en: launch flow is launching an IMI (Incoming Migration Image) for the + * purpose of guest-assisted migration. + * @rsvd: reserved + * @gosvw: guest OS-visible workarounds, as defined by hypervisor + */ +struct sev_data_snp_launch_start { + u64 gctx_paddr; /* In */ + u64 policy; /* In */ + u64 ma_gctx_paddr; /* In */ + u32 ma_en:1; /* In */ + u32 imi_en:1; /* In */ + u32 rsvd:30; + u8 gosvw[16]; /* In */ +} __packed; + +/* SNP support page type */ +enum { + SNP_PAGE_TYPE_NORMAL = 0x1, + SNP_PAGE_TYPE_VMSA = 0x2, + SNP_PAGE_TYPE_ZERO = 0x3, + SNP_PAGE_TYPE_UNMEASURED = 0x4, + SNP_PAGE_TYPE_SECRET = 0x5, + SNP_PAGE_TYPE_CPUID = 0x6, + + SNP_PAGE_TYPE_MAX +}; + +/** + * struct sev_data_snp_launch_update - SNP_LAUNCH_UPDATE command params + * + * @gctx_paddr: system physical address of guest context page + * @page_size: page size 0 indicates 4K and 1 indicates 2MB page + * @page_type: encoded page type + * @imi_page: indicates that this page is part of the IMI (Incoming Migration + * Image) of the guest + * @rsvd: reserved + * @rsvd2: reserved + * @address: system physical address of destination page to encrypt + * @rsvd3: reserved + * @vmpl1_perms: VMPL permission mask for VMPL1 + * @vmpl2_perms: VMPL permission mask for VMPL2 + * @vmpl3_perms: VMPL permission mask for VMPL3 + * @rsvd4: reserved + */ +struct sev_data_snp_launch_update { + u64 gctx_paddr; /* In */ + u32 page_size:1; /* In */ + u32 page_type:3; /* In */ + u32 imi_page:1; /* In */ + u32 rsvd:27; + u32 rsvd2; + u64 address; /* In */ + u32 rsvd3:8; + u32 vmpl1_perms:8; /* In */ + u32 vmpl2_perms:8; /* In */ + u32 vmpl3_perms:8; /* In */ + u32 rsvd4; +} __packed; + +/** + * struct sev_data_snp_launch_finish - SNP_LAUNCH_FINISH command params + * + * @gctx_paddr: system physical address of guest context page + * @id_block_paddr: system physical address of ID block + * @id_auth_paddr: system physical address of ID block authentication structure + * @id_block_en: indicates whether ID block is present + * @auth_key_en: indicates whether author key is present in authentication structure + * @rsvd: reserved + * @host_data: host-supplied data for guest, not interpreted by firmware + */ +struct sev_data_snp_launch_finish { + u64 gctx_paddr; + u64 id_block_paddr; + u64 id_auth_paddr; + u8 id_block_en:1; + u8 auth_key_en:1; + u64 rsvd:62; + u8 host_data[32]; +} __packed; + +/** + * struct sev_data_snp_guest_status - SNP_GUEST_STATUS command params + * + * @gctx_paddr: system physical address of guest context page + * @address: system physical address of guest status page + */ +struct sev_data_snp_guest_status { + u64 gctx_paddr; + u64 address; +} __packed; + +/** + * struct sev_data_snp_page_reclaim - SNP_PAGE_RECLAIM command params + * + * @paddr: system physical address of page to be claimed. The 0th bit in the + * address indicates the page size. 0h indicates 4KB and 1h indicates + * 2MB page. + */ +struct sev_data_snp_page_reclaim { + u64 paddr; +} __packed; + +/** + * struct sev_data_snp_page_unsmash - SNP_PAGE_UNSMASH command params + * + * @paddr: system physical address of page to be unsmashed. The 0th bit in the + * address indicates the page size. 0h indicates 4 KB and 1h indicates + * 2 MB page. + */ +struct sev_data_snp_page_unsmash { + u64 paddr; +} __packed; + +/** + * struct sev_data_snp_dbg - DBG_ENCRYPT/DBG_DECRYPT command parameters + * + * @gctx_paddr: system physical address of guest context page + * @src_addr: source address of data to operate on + * @dst_addr: destination address of data to operate on + */ +struct sev_data_snp_dbg { + u64 gctx_paddr; /* In */ + u64 src_addr; /* In */ + u64 dst_addr; /* In */ +} __packed; + +/** + * struct sev_data_snp_guest_request - SNP_GUEST_REQUEST command params + * + * @gctx_paddr: system physical address of guest context page + * @req_paddr: system physical address of request page + * @res_paddr: system physical address of response page + */ +struct sev_data_snp_guest_request { + u64 gctx_paddr; /* In */ + u64 req_paddr; /* In */ + u64 res_paddr; /* In */ +} __packed; + +/** + * struct sev_data_snp_init_ex - SNP_INIT_EX structure + * + * @init_rmp: indicate that the RMP should be initialized. + * @list_paddr_en: indicate that list_paddr is valid + * @rsvd: reserved + * @rsvd1: reserved + * @list_paddr: system physical address of range list + * @rsvd2: reserved + */ +struct sev_data_snp_init_ex { + u32 init_rmp:1; + u32 list_paddr_en:1; + u32 rsvd:30; + u32 rsvd1; + u64 list_paddr; + u8 rsvd2[48]; +} __packed; + +/** + * struct sev_data_range - RANGE structure + * + * @base: system physical address of first byte of range + * @page_count: number of 4KB pages in this range + * @rsvd: reserved + */ +struct sev_data_range { + u64 base; + u32 page_count; + u32 rsvd; +} __packed; + +/** + * struct sev_data_range_list - RANGE_LIST structure + * + * @num_elements: number of elements in RANGE_ARRAY + * @rsvd: reserved + * @ranges: array of num_elements of type RANGE + */ +struct sev_data_range_list { + u32 num_elements; + u32 rsvd; + struct sev_data_range ranges[]; +} __packed; + +/** + * struct sev_data_snp_shutdown_ex - SNP_SHUTDOWN_EX structure + * + * @len: length of the command buffer read by the PSP + * @iommu_snp_shutdown: Disable enforcement of SNP in the IOMMU + * @rsvd1: reserved + */ +struct sev_data_snp_shutdown_ex { + u32 len; + u32 iommu_snp_shutdown:1; + u32 rsvd1:31; +} __packed; + #ifdef CONFIG_CRYPTO_DEV_SP_PSP /** diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index b44ba7dcdefc..207e34217528 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -69,6 +69,12 @@ typedef enum { SEV_RET_RESOURCE_LIMIT, SEV_RET_SECURE_DATA_INVALID, SEV_RET_INVALID_KEY = 0x27, + SEV_RET_INVALID_PAGE_SIZE, + SEV_RET_INVALID_PAGE_STATE, + SEV_RET_INVALID_MDATA_ENTRY, + SEV_RET_INVALID_PAGE_OWNER, + SEV_RET_INVALID_PAGE_AEAD_OFLOW, + SEV_RET_RMP_INIT_REQUIRED, SEV_RET_MAX, } sev_ret_code; @@ -155,6 +161,56 @@ struct sev_user_data_get_id2 { __u32 length; /* In/Out */ } __packed; +/** + * struct sev_user_data_snp_status - SNP status + * + * @api_major: API major version + * @api_minor: API minor version + * @state: current platform state + * @is_rmp_initialized: whether RMP is initialized or not + * @rsvd: reserved + * @build_id: firmware build id for the API version + * @mask_chip_id: whether chip id is present in attestation reports or not + * @mask_chip_key: whether attestation reports are signed or not + * @vlek_en: VLEK (Version Loaded Endorsement Key) hashstick is loaded + * @rsvd1: reserved + * @guest_count: the number of guest currently managed by the firmware + * @current_tcb_version: current TCB version + * @reported_tcb_version: reported TCB version + */ +struct sev_user_data_snp_status { + __u8 api_major; /* Out */ + __u8 api_minor; /* Out */ + __u8 state; /* Out */ + __u8 is_rmp_initialized:1; /* Out */ + __u8 rsvd:7; + __u32 build_id; /* Out */ + __u32 mask_chip_id:1; /* Out */ + __u32 mask_chip_key:1; /* Out */ + __u32 vlek_en:1; /* Out */ + __u32 rsvd1:29; + __u32 guest_count; /* Out */ + __u64 current_tcb_version; /* Out */ + __u64 reported_tcb_version; /* Out */ +} __packed; + +/** + * struct sev_user_data_snp_config - system wide configuration value for SNP. + * + * @reported_tcb: the TCB version to report in the guest attestation report. + * @mask_chip_id: whether chip id is present in attestation reports or not + * @mask_chip_key: whether attestation reports are signed or not + * @rsvd: reserved + * @rsvd1: reserved + */ +struct sev_user_data_snp_config { + __u64 reported_tcb ; /* In */ + __u32 mask_chip_id:1; /* In */ + __u32 mask_chip_key:1; /* In */ + __u32 rsvd:30; /* In */ + __u8 rsvd1[52]; +} __packed; + /** * struct sev_issue_cmd - SEV ioctl parameters * From patchwork Fri Jan 26 04:11:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766962 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2075.outbound.protection.outlook.com [40.107.94.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 939AFBA4B; Fri, 26 Jan 2024 04:42:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.75 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244142; cv=fail; b=k8sS76cElr62cJpDvDbnJuD3vzFBdKgpAX5fwhECei9TaejdaGkbOOWQEvkABXSFALKQ4joXZS7wVejQA2cnh2aGJcPay1dp+I/fYMsJacQm9D9AFxXQSy4TYMqQb5vMyfKaFGDbKLq7/MRWleiLbrGibTYX7H8xklHmGyCcATU= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244142; c=relaxed/simple; bh=y2XPVuLLC1MeaebVNDAKeoSQyz71QbiEpYKufb+Grs4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=r8UhdVxXVxCAA1hW/ry1pekoR3SjCC46aaWwkZ7mqPUL8p2BqSRenJqxDQFqxf4njCcttoRkTdJ1Kjck7IBkwuozRXigrRSN0wcjO2XP+1UZfBgnO9AfxmKGHkMSiN1hUmgx+4RFD5wKM7dxR0pswSFLB6TtSiOOZ/Asp05eACo= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=otDMFbTD; arc=fail smtp.client-ip=40.107.94.75 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="otDMFbTD" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aBDMH+F79fJBm978/vc7QQBZpS8nPWIw3cNxQYtHtQ1uxWCjk4/BRJuDSOsG82mQF9MQAUPRNwoO4mytX2fGTNaChzd4uvXwRq29WDLNPy/skh1x1Py8hMCIiPIZ0SYgmyMhHeJWuXVdJgFYNsqRfkYZbYb68s3cJqb3rprjBEIFE8L7B+p/osUFMtNLSa/d+2Qjs4SlXihYp35Ja0O+g4rptEX1BRQivn7Ec0k15DvA2A4bDjVxgkD3cFlFRl0xKlvxxUhuPR8uC48ZB//jsxTVe8Tf40UNDXuoyh8pjzz3y2N3hSw5b6NNVfLTmGb+eWyM37uGv6odnzFpDMnT6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=If6ijxmQzNWdB92SQLJNvgxfRipsuZht06xFAygzb5c=; b=EV8OdSZELE2Tf8oDHvSWsoyFeovssWJpeZzMhQ0iyvbBr9EUosVVOeAbFjht9tskkadehYnmpmlf6Xp87rF21qWab6wQHttfZMou0zKMYo98AKG9i5aB5Y2XLErWIo8c9/BF6QMwcVWMQYIVYm+L1HXlQIKTzJsT1wh204RoWRhNHFSsL7dFOxjLvvhAbnvjK66KCAJaTlXl78dSpeb9M3PSgBX1Ie9axEZ+GOAnd2MUDGOdnyRaY7bo0T5P6XMDdcbZ/xDHd3h6dkHT3zbDqw5C+KbJD8dLlU87uzcHQ5wt0sJYVlkpZ+Ds5iSa9UIpfVjMv5unrV8bZLweRSyvsw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=If6ijxmQzNWdB92SQLJNvgxfRipsuZht06xFAygzb5c=; b=otDMFbTDaYv5zh0cB9L2TpeFJFkTzsGiHhG0stcuL43SaeowGn53vEjqKESgkGGPBST3ZMMuF8D3NAZu1pfvmqb1H/hdaQItDwDO8TVvaIMRHyzG/ObbThZqaoZ8vcPb/MbKszN+z/Svd4d5O/84arN1ApgXrBNimmaSA39LCX8= Received: from BY5PR16CA0023.namprd16.prod.outlook.com (2603:10b6:a03:1a0::36) by PH8PR12MB6892.namprd12.prod.outlook.com (2603:10b6:510:1bc::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.22; Fri, 26 Jan 2024 04:42:15 +0000 Received: from MWH0EPF000971E3.namprd02.prod.outlook.com (2603:10b6:a03:1a0:cafe::c7) by BY5PR16CA0023.outlook.office365.com (2603:10b6:a03:1a0::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27 via Frontend Transport; Fri, 26 Jan 2024 04:42:14 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000971E3.mail.protection.outlook.com (10.167.243.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:42:14 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:42:13 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh , Jarkko Sakkinen Subject: [PATCH v2 13/25] crypto: ccp: Add support to initialize the AMD-SP for SEV-SNP Date: Thu, 25 Jan 2024 22:11:13 -0600 Message-ID: <20240126041126.1927228-14-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000971E3:EE_|PH8PR12MB6892:EE_ X-MS-Office365-Filtering-Correlation-Id: f6043c41-90da-4fee-3ffe-08dc1e292b39 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: DMJNtwqlUkw4SSC1gL1CdNPf9vmKI883sRTd3eCPiFCzhv9ATdCA0fznJZI4CN3kiPrQHeW/2g8eF+DjtBXAQbs/or3zs6uo98jqnKQRdVSIxD2W2r6ov0gtQD3soXJTBC4fAAvuZfkkhpjQs0K5vV7NgEgbjvWpfZZIPVYv2XifV1wkmNAzmybwigPKbOb354wH4ZFVrHunTYz2OrUAuYCRby10vfs5fEIVRSRru4uD83LKpLsxsW7zHJPacgKAC3KBle9VC5kFt+pbqBok1AgoX0PHl5diePGnzmkyOWBRpd5X2YjRMozpqv+KLjTRPBc41ToZD7QuavblxiM6ncxwNk14LQO4/mrPNMomMCrHaELqfqdcE+WwRqL84tYQC4d9tygDoVc3rTcTnd+PvG7yvmPmogjU4kqGNfZaH09iQSrqreMMDvRU2QXVRd8tPPoDQdFAPW/MNvbZ2h53MrBlqVmRknCwfWENMwpKOsOBtMF9debNfmEPhKX1o8prrtrHFsBZ/Mq7V7Q2vfLYCkE2G2BYZsQXdJ6S25v68lGL/LwvG1rBEvMgZLIrpzOkew7RgnrrzbBvwC6aFu8z5x50oWxSnc0QI8Rj8/janPD9Y9HQ75LW0GbFM8awFWuMxriT7coYok/LZt7UGzb9zDYEqGZxH8014h7fzbISLsbnswn/eGXH1+YPUovlL4/dZW9ymLMIg3qW6eSCYJYbyl4FTiHBqFb+GD7vTw37b04y1WGhi7EwSxJEDuCeP+0w/IQJWb/utuGx2b+FobSYCJsauxA/UaliDF+NL8i0UqOk44XFrp/5XMIoVMjfUsDyiPbqku5xFOZoI70gU9n12w== X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(396003)(376002)(346002)(136003)(39860400002)(230173577357003)(230922051799003)(230273577357003)(1800799012)(186009)(82310400011)(64100799003)(451199024)(36840700001)(46966006)(40470700004)(40480700001)(40460700003)(41300700001)(4326008)(36860700001)(426003)(81166007)(82740400003)(356005)(336012)(2616005)(6916009)(70586007)(54906003)(83380400001)(316002)(1076003)(70206006)(86362001)(2906002)(36756003)(30864003)(26005)(16526019)(44832011)(8676002)(8936002)(7416002)(7406005)(5660300002)(478600001)(47076005)(36900700001)(134885004); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:42:14.5869 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f6043c41-90da-4fee-3ffe-08dc1e292b39 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000971E3.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR12MB6892 From: Brijesh Singh Before SNP VMs can be launched, the platform must be appropriately configured and initialized. Platform initialization is accomplished via the SNP_INIT command. During the execution of SNP_INIT command, the firmware configures and enables SNP security policy enforcement in many system components. Some system components write to regions of memory reserved by early x86 firmware (e.g. UEFI). Other system components write to regions provided by the operation system, hypervisor, or x86 firmware. Such system components can only write to HV-fixed pages or Default pages. They will error when attempting to write to pages in other page states after SNP_INIT enables their SNP enforcement. Starting in SNP firmware v1.52, the SNP_INIT_EX command takes a list of system physical address ranges to convert into the HV-fixed page states during the RMP initialization. If INIT_RMP is 1, hypervisors should provide all system physical address ranges that the hypervisor will never assign to a guest until the next RMP re-initialization. For instance, the memory that UEFI reserves should be included in the range list. This allows system components that occasionally write to memory (e.g. logging to UEFI reserved regions) to not fail due to RMP initialization and SNP enablement. Note that SNP_INIT(_EX) must not be executed while non-SEV guests are executing, otherwise it is possible that the system could reset or hang. The psp_init_on_probe module parameter was added for SEV/SEV-ES support and the init_ex_path module parameter to allow for time for the necessary file system to be mounted/available. SNP_INIT(_EX) does not use the file associated with init_ex_path. So, to avoid running into issues where SNP_INIT(_EX) is called while there are other running guests, issue it during module probe regardless of the psp_init_on_probe setting, but maintain the previous deferrable handling for SEV/SEV-ES initialization. Signed-off-by: Brijesh Singh Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra Co-developed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen Signed-off-by: Tom Lendacky [mdr: squash in psp_init_on_probe changes from Tom, reduce proliferation of 'probe' function parameter where possible] Signed-off-by: Michael Roth --- arch/x86/kvm/svm/sev.c | 5 +- drivers/crypto/ccp/sev-dev.c | 280 ++++++++++++++++++++++++++++++++--- drivers/crypto/ccp/sev-dev.h | 2 + include/linux/psp-sev.h | 17 ++- 4 files changed, 281 insertions(+), 23 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index f760106c31f8..564091f386f7 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -246,6 +246,7 @@ static void sev_unbind_asid(struct kvm *kvm, unsigned int handle) static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) { struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_platform_init_args init_args = {0}; int asid, ret; if (kvm->created_vcpus) @@ -262,7 +263,8 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) goto e_no_asid; sev->asid = asid; - ret = sev_platform_init(&argp->error); + init_args.probe = false; + ret = sev_platform_init(&init_args); if (ret) goto e_free; @@ -274,6 +276,7 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) return 0; e_free: + argp->error = init_args.error; sev_asid_free(sev); sev->asid = 0; e_no_asid: diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index e38986d39b63..712964469612 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -29,6 +29,7 @@ #include #include +#include #include "psp-dev.h" #include "sev-dev.h" @@ -37,6 +38,10 @@ #define SEV_FW_FILE "amd/sev.fw" #define SEV_FW_NAME_SIZE 64 +/* Minimum firmware version required for the SEV-SNP support */ +#define SNP_MIN_API_MAJOR 1 +#define SNP_MIN_API_MINOR 51 + static DEFINE_MUTEX(sev_cmd_mutex); static struct sev_misc_dev *misc_dev; @@ -80,6 +85,13 @@ static void *sev_es_tmr; #define NV_LENGTH (32 * 1024) static void *sev_init_ex_buffer; +/* + * SEV_DATA_RANGE_LIST: + * Array containing range of pages that firmware transitions to HV-fixed + * page state. + */ +struct sev_data_range_list *snp_range_list; + static inline bool sev_version_greater_or_equal(u8 maj, u8 min) { struct sev_device *sev = psp_master->sev_data; @@ -480,20 +492,163 @@ static inline int __sev_do_init_locked(int *psp_ret) return __sev_init_locked(psp_ret); } -static int __sev_platform_init_locked(int *error) +static void snp_set_hsave_pa(void *arg) +{ + wrmsrl(MSR_VM_HSAVE_PA, 0); +} + +static int snp_filter_reserved_mem_regions(struct resource *rs, void *arg) +{ + struct sev_data_range_list *range_list = arg; + struct sev_data_range *range = &range_list->ranges[range_list->num_elements]; + size_t size; + + /* + * Ensure the list of HV_FIXED pages that will be passed to firmware + * do not exceed the page-sized argument buffer. + */ + if ((range_list->num_elements * sizeof(struct sev_data_range) + + sizeof(struct sev_data_range_list)) > PAGE_SIZE) + return -E2BIG; + + switch (rs->desc) { + case E820_TYPE_RESERVED: + case E820_TYPE_PMEM: + case E820_TYPE_ACPI: + range->base = rs->start & PAGE_MASK; + size = PAGE_ALIGN((rs->end + 1) - rs->start); + range->page_count = size >> PAGE_SHIFT; + range_list->num_elements++; + break; + default: + break; + } + + return 0; +} + +static int __sev_snp_init_locked(int *error) { - int rc = 0, psp_ret = SEV_RET_NO_FW_CALL; struct psp_device *psp = psp_master; + struct sev_data_snp_init_ex data; struct sev_device *sev; + void *arg = &data; + int cmd, rc = 0; - if (!psp || !psp->sev_data) + if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) return -ENODEV; sev = psp->sev_data; + if (sev->snp_initialized) + return 0; + + if (!sev_version_greater_or_equal(SNP_MIN_API_MAJOR, SNP_MIN_API_MINOR)) { + dev_dbg(sev->dev, "SEV-SNP support requires firmware version >= %d:%d\n", + SNP_MIN_API_MAJOR, SNP_MIN_API_MINOR); + return 0; + } + + /* SNP_INIT requires MSR_VM_HSAVE_PA to be cleared on all CPUs. */ + on_each_cpu(snp_set_hsave_pa, NULL, 1); + + /* + * Starting in SNP firmware v1.52, the SNP_INIT_EX command takes a list + * of system physical address ranges to convert into HV-fixed page + * states during the RMP initialization. For instance, the memory that + * UEFI reserves should be included in the that list. This allows system + * components that occasionally write to memory (e.g. logging to UEFI + * reserved regions) to not fail due to RMP initialization and SNP + * enablement. + * + */ + if (sev_version_greater_or_equal(SNP_MIN_API_MAJOR, 52)) { + /* + * Firmware checks that the pages containing the ranges enumerated + * in the RANGES structure are either in the default page state or in the + * firmware page state. + */ + snp_range_list = kzalloc(PAGE_SIZE, GFP_KERNEL); + if (!snp_range_list) { + dev_err(sev->dev, + "SEV: SNP_INIT_EX range list memory allocation failed\n"); + return -ENOMEM; + } + + /* + * Retrieve all reserved memory regions from the e820 memory map + * to be setup as HV-fixed pages. + */ + rc = walk_iomem_res_desc(IORES_DESC_NONE, IORESOURCE_MEM, 0, ~0, + snp_range_list, snp_filter_reserved_mem_regions); + if (rc) { + dev_err(sev->dev, + "SEV: SNP_INIT_EX walk_iomem_res_desc failed rc = %d\n", rc); + return rc; + } + + memset(&data, 0, sizeof(data)); + data.init_rmp = 1; + data.list_paddr_en = 1; + data.list_paddr = __psp_pa(snp_range_list); + cmd = SEV_CMD_SNP_INIT_EX; + } else { + cmd = SEV_CMD_SNP_INIT; + arg = NULL; + } + + /* + * The following sequence must be issued before launching the first SNP + * guest to ensure all dirty cache lines are flushed, including from + * updates to the RMP table itself via the RMPUPDATE instruction: + * + * - WBINVD on all running CPUs + * - SEV_CMD_SNP_INIT[_EX] firmware command + * - WBINVD on all running CPUs + * - SEV_CMD_SNP_DF_FLUSH firmware command + */ + wbinvd_on_all_cpus(); + + rc = __sev_do_cmd_locked(cmd, arg, error); + if (rc) + return rc; + + /* Prepare for first SNP guest launch after INIT. */ + wbinvd_on_all_cpus(); + rc = __sev_do_cmd_locked(SEV_CMD_SNP_DF_FLUSH, NULL, error); + if (rc) + return rc; + + sev->snp_initialized = true; + dev_dbg(sev->dev, "SEV-SNP firmware initialized\n"); + + return rc; +} + +static int __sev_platform_init_locked(int *error) +{ + int rc, psp_ret = SEV_RET_NO_FW_CALL; + struct sev_device *sev; + + if (!psp_master || !psp_master->sev_data) + return -ENODEV; + + sev = psp_master->sev_data; + if (sev->state == SEV_STATE_INIT) return 0; + if (!sev_es_tmr) { + /* Obtain the TMR memory area for SEV-ES use */ + sev_es_tmr = sev_fw_alloc(SEV_ES_TMR_SIZE); + if (sev_es_tmr) + /* Must flush the cache before giving it to the firmware */ + clflush_cache_range(sev_es_tmr, SEV_ES_TMR_SIZE); + else + dev_warn(sev->dev, + "SEV: TMR allocation failed, SEV-ES support unavailable\n"); + } + if (sev_init_ex_buffer) { rc = sev_read_init_ex_file(); if (rc) @@ -536,12 +691,46 @@ static int __sev_platform_init_locked(int *error) return 0; } -int sev_platform_init(int *error) +static int _sev_platform_init_locked(struct sev_platform_init_args *args) +{ + struct sev_device *sev; + int rc; + + if (!psp_master || !psp_master->sev_data) + return -ENODEV; + + sev = psp_master->sev_data; + + if (sev->state == SEV_STATE_INIT) + return 0; + + /* + * Legacy guests cannot be running while SNP_INIT(_EX) is executing, + * so perform SEV-SNP initialization at probe time. + */ + rc = __sev_snp_init_locked(&args->error); + if (rc && rc != -ENODEV) { + /* + * Don't abort the probe if SNP INIT failed, + * continue to initialize the legacy SEV firmware. + */ + dev_err(sev->dev, "SEV-SNP: failed to INIT rc %d, error %#x\n", + rc, args->error); + } + + /* Defer legacy SEV/SEV-ES support if allowed by caller/module. */ + if (args->probe && !psp_init_on_probe) + return 0; + + return __sev_platform_init_locked(&args->error); +} + +int sev_platform_init(struct sev_platform_init_args *args) { int rc; mutex_lock(&sev_cmd_mutex); - rc = __sev_platform_init_locked(error); + rc = _sev_platform_init_locked(args); mutex_unlock(&sev_cmd_mutex); return rc; @@ -852,6 +1041,55 @@ static int sev_update_firmware(struct device *dev) return ret; } +static int __sev_snp_shutdown_locked(int *error) +{ + struct sev_device *sev = psp_master->sev_data; + struct sev_data_snp_shutdown_ex data; + int ret; + + if (!sev->snp_initialized) + return 0; + + memset(&data, 0, sizeof(data)); + data.len = sizeof(data); + data.iommu_snp_shutdown = 1; + + wbinvd_on_all_cpus(); + + ret = __sev_do_cmd_locked(SEV_CMD_SNP_SHUTDOWN_EX, &data, error); + /* SHUTDOWN may require DF_FLUSH */ + if (*error == SEV_RET_DFFLUSH_REQUIRED) { + ret = __sev_do_cmd_locked(SEV_CMD_SNP_DF_FLUSH, NULL, NULL); + if (ret) { + dev_err(sev->dev, "SEV-SNP DF_FLUSH failed\n"); + return ret; + } + /* reissue the shutdown command */ + ret = __sev_do_cmd_locked(SEV_CMD_SNP_SHUTDOWN_EX, &data, + error); + } + if (ret) { + dev_err(sev->dev, "SEV-SNP firmware shutdown failed\n"); + return ret; + } + + sev->snp_initialized = false; + dev_dbg(sev->dev, "SEV-SNP firmware shutdown\n"); + + return ret; +} + +static int sev_snp_shutdown(int *error) +{ + int rc; + + mutex_lock(&sev_cmd_mutex); + rc = __sev_snp_shutdown_locked(error); + mutex_unlock(&sev_cmd_mutex); + + return rc; +} + static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp, bool writable) { struct sev_device *sev = psp_master->sev_data; @@ -1299,6 +1537,8 @@ int sev_dev_init(struct psp_device *psp) static void sev_firmware_shutdown(struct sev_device *sev) { + int error; + sev_platform_shutdown(NULL); if (sev_es_tmr) { @@ -1315,6 +1555,13 @@ static void sev_firmware_shutdown(struct sev_device *sev) get_order(NV_LENGTH)); sev_init_ex_buffer = NULL; } + + if (snp_range_list) { + kfree(snp_range_list); + snp_range_list = NULL; + } + + sev_snp_shutdown(&error); } void sev_dev_destroy(struct psp_device *psp) @@ -1345,7 +1592,8 @@ EXPORT_SYMBOL_GPL(sev_issue_cmd_external_user); void sev_pci_init(void) { struct sev_device *sev = psp_master->sev_data; - int error, rc; + struct sev_platform_init_args args = {0}; + int rc; if (!sev) return; @@ -1370,23 +1618,15 @@ void sev_pci_init(void) } } - /* Obtain the TMR memory area for SEV-ES use */ - sev_es_tmr = sev_fw_alloc(SEV_ES_TMR_SIZE); - if (sev_es_tmr) - /* Must flush the cache before giving it to the firmware */ - clflush_cache_range(sev_es_tmr, SEV_ES_TMR_SIZE); - else - dev_warn(sev->dev, - "SEV: TMR allocation failed, SEV-ES support unavailable\n"); - - if (!psp_init_on_probe) - return; - /* Initialize the platform */ - rc = sev_platform_init(&error); + args.probe = true; + rc = sev_platform_init(&args); if (rc) dev_err(sev->dev, "SEV: failed to INIT error %#x, rc %d\n", - error, rc); + args.error, rc); + + dev_info(sev->dev, "SEV%s API:%d.%d build:%d\n", sev->snp_initialized ? + "-SNP" : "", sev->api_major, sev->api_minor, sev->build); return; diff --git a/drivers/crypto/ccp/sev-dev.h b/drivers/crypto/ccp/sev-dev.h index 778c95155e74..85506325051a 100644 --- a/drivers/crypto/ccp/sev-dev.h +++ b/drivers/crypto/ccp/sev-dev.h @@ -52,6 +52,8 @@ struct sev_device { u8 build; void *cmd_buf; + + bool snp_initialized; }; int sev_dev_init(struct psp_device *psp); diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 006e4cdbeb78..8128de17f0f4 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -790,10 +790,23 @@ struct sev_data_snp_shutdown_ex { #ifdef CONFIG_CRYPTO_DEV_SP_PSP +/** + * struct sev_platform_init_args + * + * @error: SEV firmware error code + * @probe: True if this is being called as part of CCP module probe, which + * will defer SEV_INIT/SEV_INIT_EX firmware initialization until needed + * unless psp_init_on_probe module param is set + */ +struct sev_platform_init_args { + int error; + bool probe; +}; + /** * sev_platform_init - perform SEV INIT command * - * @error: SEV command return code + * @args: struct sev_platform_init_args to pass in arguments * * Returns: * 0 if the SEV successfully processed the command @@ -802,7 +815,7 @@ struct sev_data_snp_shutdown_ex { * -%ETIMEDOUT if the SEV command timed out * -%EIO if the SEV returned a non-zero return code */ -int sev_platform_init(int *error); +int sev_platform_init(struct sev_platform_init_args *args); /** * sev_platform_status - perform SEV PLATFORM_STATUS command From patchwork Fri Jan 26 04:11:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766561 Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam04on2045.outbound.protection.outlook.com [40.107.102.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 283CE125AB; Fri, 26 Jan 2024 04:42:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.102.45 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244159; cv=fail; b=Fd8JiE5cUAqIM4UNw/BKn0SHW+DG4er6t+B/kV2jCkpvOXjmgsZa7YlkX6+mk3IeuItTHmJd6AQfucfZinpUw1Is2iPULh72L0YSbTafPYNtoUkth5/ruOKbCWTpxe9FTCpe5FXBKWW2I12ksOfXHiXDNtaGv2rChMtAB0QtVWE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244159; c=relaxed/simple; bh=Yi8Ze1jMGIjJoGfwM5iMmb3itmZ4fHEDmJ1LwxDmkYs=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=AjgtOKeHT0D0IshJAYI6DtlIF/yG29y/BFGMQhXSYJ92z9nALtcbzaK7H0dAjJIHBBw7KKZMFOMXrn7VxVRbMRVe2XD9r8F1dowD+EuvJrUW9Ea0GsIqEk+kHkSQ0Mv9PEMLlLoxTxl2uT1dxBoVBCWTrDpUFW9f/7kLLuI3JEY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=KhZVpj0s; arc=fail smtp.client-ip=40.107.102.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="KhZVpj0s" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZWiyBsvkaStF8zJ0Kh+IHwLKdq7Gre2oAlu9F1h8h0d8FQNP5hF8M5qyDtO8sOZ5Mo+cxzZYyeWVBwASWx3qdu7sJYmxD3TK0d/xSKzNtXuEc9KSNw7Aj+qA1gQA+0Bn6mVzXBV1NhUB1kXC27PTI41kTgUfxgTsJ3CA4Tl8dijdxUOQ/taDC3m4Ri/ws8OAGQC4MLhsf8Ipw7ru3XKTzFord9vSc/O2E0wIkRJdAKdXAkRTodviF9pDWSr63JugDIiyslQMXyE4Vhtm/tQehNhAj5CDurH42S1sO3WmjTz2Mkb8OWSMtc3pAax1BvZHsjAgcdqVu80oquKf4JOaKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gIRT4X+BHmhFMwKgtoHtLtgItgyKgjXL4IM1rRR5oe0=; b=CjG3dUY/lL8i21jrBBNVB9SaURWGdeCSEU/Lw13UFclVDuKZGtEFzDC+PXcmtyDt+UaDN9lRabC5ZY4HpPcr2Dt+zgio5ILjkRe+CuGl3wqkkwkDTGU1wF40HLqAxdUOItiiiiG5ibmIafjBIMO0C8L5Z8Z4ZA/T4J5usp1wnKymlAZpyhVykEksVFYy4I+Ybki5ePWbh01K5Hb9ZvowPFNXbZ4E1dTuzk4wz+R7EPNY50dvBcN+HWP8LCUCTcJ6F7/4chfPRIaROatug92My27NZoivN563/bXYAMwHPIehNHBjoPEcl51xluavLZOBjO+Ab0j5PVY8p2Qm8TzSFg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gIRT4X+BHmhFMwKgtoHtLtgItgyKgjXL4IM1rRR5oe0=; b=KhZVpj0skMvlZJBljCeQCjzHpn3N/Pz81st6X4r8JOKFSaIZFtqbe6+z4zPxA2Rlw6PNk4XdlsuMs43xBe/3b7ZzhdvFE4JMxKaPSU+Cu6sMDQ0FqCnj4yGwv5bUxFwBRt3oruaOow4JC2CWvw/qU6o7VanLoopUdyHAtlQgg/8= Received: from MW4PR03CA0287.namprd03.prod.outlook.com (2603:10b6:303:b5::22) by SN7PR12MB7833.namprd12.prod.outlook.com (2603:10b6:806:344::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.26; Fri, 26 Jan 2024 04:42:35 +0000 Received: from MWH0EPF000971E4.namprd02.prod.outlook.com (2603:10b6:303:b5:cafe::dd) by MW4PR03CA0287.outlook.office365.com (2603:10b6:303:b5::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.26 via Frontend Transport; Fri, 26 Jan 2024 04:42:35 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000971E4.mail.protection.outlook.com (10.167.243.72) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:42:35 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:42:34 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh Subject: [PATCH v2 14/25] crypto: ccp: Provide API to issue SEV and SNP commands Date: Thu, 25 Jan 2024 22:11:14 -0600 Message-ID: <20240126041126.1927228-15-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000971E4:EE_|SN7PR12MB7833:EE_ X-MS-Office365-Filtering-Correlation-Id: 9ee5e0df-eb93-40b6-caff-08dc1e29378a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: uZkSYZdwzoWmMd6bEqa0pFnR+a8nQeMRW79xJMbALVR61dmbwhviDXxuxduFv1Tsvpk8zELywWoonGZFoOu/9ixzsMVWEXKh6sI6xWXsmAsUSz4QN6tdOU5zByE3IV/ayV0L0/wBSuxIfFOj3eHEs/GeeKi8Sa2d6O24J/EEQSb+kE2RhbFdPJkOaKm+a4NFq0+3/pUr16Hc+l+e3oigLwkqAFNEHnE+wcDUEQC6JsSbb/CXXwLz+5jvv9F3kxV4bts7OWBjpHkMj2wUY6XKo0T7vN2MMuzxep2bp9KU2/eiQV4QhIGTrA0/7+Gk4kMguOGVw/2opJTSlo6HjaStDtS33SMPiKZVtEAIg5xcZgg8l28KAeGw8rCfaCgMe8dPTmWQHg+eGSDZG21jQiOTTYiRe6UztT90+2y44GQbkwTDmKNm9iZZUlvbFmVvQ3O6K39gYJxASnv3lqU3tDEMO9QsRPbDIqNg1Pp05ovthqCGvpm2f3QZyVd9gkvqvMxF/Gpz8LOsrCDLne9GreIbRrcCSANn1Lcla4mqSzama2f7ZCUc7kA6p/jBLmY7ZrJCLy7oQbXn/7kDQIrJIF7crwDIW956RB8J5e70E+2cz5CCt0JDj1//9awKfyGBSHz1QKT1KG5sZvCPz+/igA5hV6OHVleMYCOiul1BeZxsNfz4A9cGZmrxcnz7HHKKmN1hzM8JxTCqOu2bF2MCSZ+S7bGxarlnU1hQKCqKN30ICs/b4DQzEJ/Boxf5F0CsDXZXE2WlJwTDY/smrW6F4kwzUiP2mgYnjEq7xphM3yxG0VU= X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(136003)(376002)(39860400002)(346002)(396003)(230922051799003)(64100799003)(82310400011)(186009)(451199024)(1800799012)(40470700004)(46966006)(36840700001)(36860700001)(47076005)(86362001)(2906002)(36756003)(41300700001)(81166007)(82740400003)(356005)(54906003)(478600001)(6916009)(70206006)(2616005)(70586007)(5660300002)(426003)(7406005)(6666004)(336012)(44832011)(7416002)(8676002)(26005)(1076003)(8936002)(316002)(83380400001)(16526019)(4326008)(40460700003)(40480700001)(36900700001)(134885004); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:42:35.2540 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9ee5e0df-eb93-40b6-caff-08dc1e29378a X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000971E4.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB7833 From: Brijesh Singh Export sev_do_cmd() as a generic API for the hypervisor to issue commands to manage an SEV and SNP guest. The commands for SEV and SNP are defined in the SEV and SEV-SNP firmware specifications. Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra [mdr: kernel-doc fixups] Signed-off-by: Michael Roth --- drivers/crypto/ccp/sev-dev.c | 3 ++- include/linux/psp-sev.h | 19 +++++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 712964469612..abee1a68d609 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -431,7 +431,7 @@ static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret) return ret; } -static int sev_do_cmd(int cmd, void *data, int *psp_ret) +int sev_do_cmd(int cmd, void *data, int *psp_ret) { int rc; @@ -441,6 +441,7 @@ static int sev_do_cmd(int cmd, void *data, int *psp_ret) return rc; } +EXPORT_SYMBOL_GPL(sev_do_cmd); static int __sev_init_locked(int *error) { diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 8128de17f0f4..c7dd6ff9f36b 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -915,6 +915,22 @@ int sev_guest_df_flush(int *error); */ int sev_guest_decommission(struct sev_data_decommission *data, int *error); +/** + * sev_do_cmd - issue an SEV or an SEV-SNP command + * + * @cmd: SEV or SEV-SNP firmware command to issue + * @data: arguments for firmware command + * @psp_ret: SEV command return code + * + * Returns: + * 0 if the SEV device successfully processed the command + * -%ENODEV if the PSP device is not available + * -%ENOTSUPP if PSP device does not support SEV + * -%ETIMEDOUT if the SEV command timed out + * -%EIO if PSP device returned a non-zero return code + */ +int sev_do_cmd(int cmd, void *data, int *psp_ret); + void *psp_copy_user_blob(u64 uaddr, u32 len); #else /* !CONFIG_CRYPTO_DEV_SP_PSP */ @@ -930,6 +946,9 @@ sev_guest_deactivate(struct sev_data_deactivate *data, int *error) { return -ENO static inline int sev_guest_decommission(struct sev_data_decommission *data, int *error) { return -ENODEV; } +static inline int +sev_do_cmd(int cmd, void *data, int *psp_ret) { return -ENODEV; } + static inline int sev_guest_activate(struct sev_data_activate *data, int *error) { return -ENODEV; } From patchwork Fri Jan 26 04:11:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766961 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2057.outbound.protection.outlook.com [40.107.220.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4CFEC125BD; Fri, 26 Jan 2024 04:42:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.57 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244179; cv=fail; b=j0kcOrCaUw8IXd0C+0pPRpfQiMiZ6LgbXdv6S/G1iwJ0LktQgaq/JnI01I/4oYKMVNweEKcPtdzcFeA35UC7P8+POj9LIlsCSmNEfcDwW1QaUJ5T/yIf8tMYeYtMN2nrs6YzZmSHNZ0fHRu340VPxPhi6zLNbFwQ2MFcvjPDW10= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244179; c=relaxed/simple; bh=8WG9mvX+ER3kj3ktqQI1hihoyCWprSHX96lyN1TI3PY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Hs4S0S+R8QAU1GbbzNjl0AfBLN3siTS7F8zGD8JUVYGLZFyXqfa+0rGVQ3W1oLRcMGiWk+zLqwlhA7V/eTvgV3h5AYiFfDORx2NXsWnFCaltSihoteNplqlT7MkFlWFe5EYeyoEWQ4XHg4iqoUQAfBouA1R7YfrlDm1laSReKqQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=v8hHeC2Z; arc=fail smtp.client-ip=40.107.220.57 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="v8hHeC2Z" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K3KHWAjOLss0WZGMPcO93hZBx4wMrFIl5x6c8R4VZDaeZKvg7sM6WTI1Y1RhuGD4yx8W2U2gb6pm95jGsj4Ck0StcIj9nlNCcIGT3yh/KTToi21eJpgumttIvTG5sj4AuroS+2l9zufe8p2ArdGAi+rX2zFte1KWp7gQH7hvHFFIq4I0uLJL9M8CYALuA+TBxLAXPlztFfyd4QBOFeVkhvDsx+nmRNMfg9Y2rsN2U81Pnhn+2CeS33nnP36vfpNq5WNTyaidrrdxiNJ5WRtnKQq9R2t7HAABa9dT9/0AfZ3nCpGz3teXthMEJIV1HnV5ISXrIn5lRHLcC4h8Kq/fqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=szaFyuq6iYA2lOSQBax06TCzQzV99C7hyp/FnL8i7Hc=; b=Syb6hp+01eXb9Kf8lTtpasYkhYeUv+BkC5eUJKc/KRODblm2lYxyoerlh6HEk1R2OAXQXN2qBKdtE6grnlMbdTplkT1jSJZGGLK4entwZ2Y4suxYOFJbOEtM2xVB5JbULKtZQ/MXk3Edsnc+7+6bWTwuzBgsDWhTSUYmJsbdnFAh1xCmYo/YDv8xEuCK39GxYh1nBz3k8DMpxjDdWpDVRAmP20J6bB4f+8dM1vjXqEP0IIeyr5ewTrCpk/FDHI1Qb5YEGoEKKryHh+f6QU17aMMq68s0Tc8ZXVVUtASsx/R7LTv0x0eQbr9/kaqPgRBNP/jtfOYS4hCGO6krVcjuZA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=szaFyuq6iYA2lOSQBax06TCzQzV99C7hyp/FnL8i7Hc=; b=v8hHeC2ZdIIanohNyWdlhUZjGeSkSMI5qQZ7fV/BdYDTMknwJ0ZeTPUplf68QasTPI+cyEB9FpjCD4JYsw5Bftu+Xhl9xR+iJRpNKaKX6dzA6Z2ABvX8uANb32EUz/3st4lUNINQg/cu4Ks+dVwckXBUKWBtgCljiK2RNwNLkoQ= Received: from MW4PR02CA0028.namprd02.prod.outlook.com (2603:10b6:303:16d::7) by SA0PR12MB4543.namprd12.prod.outlook.com (2603:10b6:806:9d::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7202.33; Fri, 26 Jan 2024 04:42:56 +0000 Received: from MWH0EPF000971E8.namprd02.prod.outlook.com (2603:10b6:303:16d:cafe::9) by MW4PR02CA0028.outlook.office365.com (2603:10b6:303:16d::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.26 via Frontend Transport; Fri, 26 Jan 2024 04:42:55 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000971E8.mail.protection.outlook.com (10.167.243.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:42:55 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:42:54 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v2 15/25] x86/sev: Introduce snp leaked pages list Date: Thu, 25 Jan 2024 22:11:15 -0600 Message-ID: <20240126041126.1927228-16-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000971E8:EE_|SA0PR12MB4543:EE_ X-MS-Office365-Filtering-Correlation-Id: b8048db2-57b5-4e12-66fd-08dc1e2943cc X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: hr7bMntL6Ht3VXhxEwbcLo8pEpeNGsPsvPPPpQJXzNGfYzxT0+SECARMwBUcFeGQ95bjUlnIGg4VQJo6GoAaG1qmQv+SKnrQ92zKzGAK7ND2qIutYu1D7dtgWTlBzfKbs+W+75EYumDz1vFrGntvjKTj/nkIcGf9+DDZEVkZELSUQ21Vqygh7Z2yxcXqKqHaQSs+O/zZmcRvnzP7j3/XBHt/HxX9WGDZzQYADL0zmQj4gLeDlPVVLgRnL9y66QPvyT6wrL37+IxoWcGShg0I3u7zqrO71xe1j2HUqzQ+U4aZBIuq4AP8Mv1qSKUO8lpfCWBMy0LO7fNFCCKTeno4hyKGX17YOnJI5DHsRA9Yn385qWXhdQn4O4trVT0/+MiTtGHMdt1zleltjwnSUYBJnKJRmnMRzfkIuJFOmbNDnDvnz6mupgFs8uw1Wb72+yncGfH54hB31TVQ49NI8N+CPPqy7vEic6wodPdjzl1ZmHxrU/Ns9bSCK78XNwJZtolMchgKt/7g3ug5kCN4gwxzt1PoBofW/UDS39B7cSY2j2KYnv8lK0ws2Qcwki5NS7OiZH+2yvcoDVjHBDC5hpHPH2STzWtI5zWw8QHSo/sf+vxHHrehp1EgEnphhYWldqE9UD9dO9qfN474SzAzyLbPvnLqtBUs8aQrzlg+80U7IYI6K0XxHQktZBUkexho/PzyhoUagOJeexZKciE9ITY0GEliXVrzsx8d7cUqO6l2QJHF6Rmt6VdiSA/0LWSIWMQT76BR2N40K/RlU573Pnv+4w== X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(376002)(136003)(39860400002)(346002)(396003)(230922051799003)(82310400011)(64100799003)(451199024)(1800799012)(186009)(46966006)(40470700004)(36840700001)(356005)(81166007)(82740400003)(1076003)(41300700001)(2906002)(36756003)(6666004)(4326008)(40480700001)(336012)(40460700003)(426003)(8936002)(8676002)(83380400001)(26005)(86362001)(2616005)(70586007)(70206006)(54906003)(316002)(7416002)(16526019)(6916009)(47076005)(5660300002)(7406005)(478600001)(44832011)(36860700001)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:42:55.8323 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b8048db2-57b5-4e12-66fd-08dc1e2943cc X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000971E8.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4543 From: Ashish Kalra Pages are unsafe to be released back to the page-allocator, if they have been transitioned to firmware/guest state and can't be reclaimed or transitioned back to hypervisor/shared state. In this case add them to an internal leaked pages list to ensure that they are not freed or touched/accessed to cause fatal page faults. Suggested-by: Vlastimil Babka Signed-off-by: Ashish Kalra [mdr: relocate to arch/x86/virt/svm/sev.c] Signed-off-by: Michael Roth Reviewed-by: Vlastimil Babka --- arch/x86/include/asm/sev.h | 2 ++ arch/x86/virt/svm/sev.c | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index d3ccb7a0c7e9..435ba9bc4510 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -264,6 +264,7 @@ void snp_dump_hva_rmpentry(unsigned long address); int psmash(u64 pfn); int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, int asid, bool immutable); int rmp_make_shared(u64 pfn, enum pg_level level); +void snp_leak_pages(u64 pfn, unsigned int npages); #else static inline bool snp_probe_rmptable_info(void) { return false; } static inline int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level) { return -ENODEV; } @@ -275,6 +276,7 @@ static inline int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, int as return -ENODEV; } static inline int rmp_make_shared(u64 pfn, enum pg_level level) { return -ENODEV; } +static inline void snp_leak_pages(u64 pfn, unsigned int npages) {} #endif #endif diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c index 1a13eff78c9d..649ac1bb6b0e 100644 --- a/arch/x86/virt/svm/sev.c +++ b/arch/x86/virt/svm/sev.c @@ -65,6 +65,11 @@ static u64 probed_rmp_base, probed_rmp_size; static struct rmpentry *rmptable __ro_after_init; static u64 rmptable_max_pfn __ro_after_init; +static LIST_HEAD(snp_leaked_pages_list); +static DEFINE_SPINLOCK(snp_leaked_pages_list_lock); + +static unsigned long snp_nr_leaked_pages; + #undef pr_fmt #define pr_fmt(fmt) "SEV-SNP: " fmt @@ -505,3 +510,32 @@ int rmp_make_shared(u64 pfn, enum pg_level level) return rmpupdate(pfn, &state); } EXPORT_SYMBOL_GPL(rmp_make_shared); + +void snp_leak_pages(u64 pfn, unsigned int npages) +{ + struct page *page = pfn_to_page(pfn); + + pr_warn("Leaking PFN range 0x%llx-0x%llx\n", pfn, pfn + npages); + + spin_lock(&snp_leaked_pages_list_lock); + while (npages--) { + /* + * Reuse the page's buddy list for chaining into the leaked + * pages list. This page should not be on a free list currently + * and is also unsafe to be added to a free list. + */ + if (likely(!PageCompound(page)) || + (PageHead(page) && compound_nr(page) <= npages)) + /* + * Skip inserting tail pages of compound page as + * page->buddy_list of tail pages is not usable. + */ + list_add_tail(&page->buddy_list, &snp_leaked_pages_list); + dump_rmpentry(pfn); + snp_nr_leaked_pages++; + pfn++; + page++; + } + spin_unlock(&snp_leaked_pages_list_lock); +} +EXPORT_SYMBOL_GPL(snp_leak_pages); From patchwork Fri Jan 26 04:11:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766560 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2075.outbound.protection.outlook.com [40.107.237.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CA22EB642; Fri, 26 Jan 2024 04:43:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.75 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244201; cv=fail; b=OSsGAJbVgv/zfBvgSA2FSMv/68iwoKtzjCwSYpEzZc/enioDRjPUTBTD0oOqBkfDxls5HCRhJeZJsLhPS1vC+J09+XybPZjHl+WmJlOEa2A+asPyMX0CtDwfrzJeFbQGqHKbv7o0+DMgYDTYlDLhRGdU5GxB+GsO9vbJ7d5OTUs= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244201; c=relaxed/simple; bh=THtOTMsCk7OoTVKoGILJvoGFQaBuoYZmNjLHENdYkh8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=rgFZU+4qGiMK1VJ7X90oUN35XZ6gw9Nfim1CiilbY9MjxqcSidGOAPrD1Wf0l286QREG09BVrJ6pP+ntOsvgkx1s7PZRjJRZmJMtyx7EAuh1E5/ILiBwHz5BMP26kivrTx1CLS1l0PejJ+hbSaJb4DWa+lzj2J6lbTPRjGIHBkE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Q0ioCkGN; arc=fail smtp.client-ip=40.107.237.75 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Q0ioCkGN" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ktlalzZaaFMKPnrIDo2+4ycTg/ir+fPk2IKQmzOscq6tGCyrsZdubT9JxUtYlppFKVOfaZkLRx3KP4lITgUEsMaOkwDW+9sCZ+VQzeEMHSwDsvNh++BI4ATRXpzkMOtyiTE5gy/7c/EeWFeiuneB4rEDWgh2h351LpIuxUS03j+ATJuElF3WAdDSU1jWQ7FQofK31ONqLy/iMYGE/Ki1qerXoFDhbW7LHhikgRyNgXxaoJd3GnBBQOjsDKTCB6b0nOdVBjbXS/1drivMFL8NinE7W9YjhpoMX9696rYmcgFoiAneNDhVNlo8n7GnCOwlKqEg5bNXEfewTcHLFr5kEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iS9xr7kd5bHfaLb97IAWDyOpOz+WLSM7PA7ZyGIuU6I=; b=fq1u/nIcDLnlRZ/NHZsecIARNMwakibvqcJ+udgeJxlRR8YbXDLAVyWc/ekctQqMDrGnPu1Z+/kRnN1yOGap2cVaS5dFDsR4JKefAU3S7EF7Vquf9Rixf/nISlUD2cebFS7+xkQsClwXLqex3Ist2FSd5bMKqO+S9vM/o2Yd7PICOexVd1TDb6OqXZVx4vncpHcLJS4s+go2/EPrYffR640YfMBWK07LzDsSdF6RUakOlf0GBklN2FHW29oDcPgW6X4svQStJv54q7TP8PpAhwtTl+T+r9zaq+/hd/mkHLEsnGd7szgy46UqOG+woP1DtZyZ7mrtuAAwub9tYaOUVQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iS9xr7kd5bHfaLb97IAWDyOpOz+WLSM7PA7ZyGIuU6I=; b=Q0ioCkGNuh4lvAJYjIJveQtG4DL6S7RY4yygdo0o17ezlCEyYFQrf8w2sdP3nH310ORzLH2Ibq3fs9U/iXUXaUTqf1C4fVmKSGqUkqeIgXBoBqqeToaQLhsjh6S0O9qT7J1G+PYoEeaAsbVzpNSWdQ77plK/RA2y8gZFLMXUCgU= Received: from BY5PR16CA0005.namprd16.prod.outlook.com (2603:10b6:a03:1a0::18) by LV2PR12MB5966.namprd12.prod.outlook.com (2603:10b6:408:171::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27; Fri, 26 Jan 2024 04:43:17 +0000 Received: from MWH0EPF000971E3.namprd02.prod.outlook.com (2603:10b6:a03:1a0:cafe::38) by BY5PR16CA0005.outlook.office365.com (2603:10b6:a03:1a0::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.22 via Frontend Transport; Fri, 26 Jan 2024 04:43:16 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000971E3.mail.protection.outlook.com (10.167.243.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:43:16 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:43:15 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh Subject: [PATCH v2 16/25] crypto: ccp: Handle the legacy TMR allocation when SNP is enabled Date: Thu, 25 Jan 2024 22:11:16 -0600 Message-ID: <20240126041126.1927228-17-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000971E3:EE_|LV2PR12MB5966:EE_ X-MS-Office365-Filtering-Correlation-Id: aa9438fe-1114-4aad-8e0f-08dc1e295045 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: EXiB764r70Q7yvKppidWUfIR//0CNm7vhe5JI4DrekcjAdcrj12HA4Qz+JDOLGmCuoCndRHtkSmonr5V41wpAGzvN5qW0u5U05nx1SV+9kBnvpT9Z04Dtam9nQOA6p/+FOhUcfzAf+Z9tzdeiKMlo7vZ8FnGa18mB7rNwPS7RE/qRFOEcCvuphssom/fpgcnOXbHus4b2ufgJEcD8l2XaJjHzYe7BntBqftjadNW0G9eJUI/7itECRFwc33bk7zuBEvaK7MDBsBqrelwanfcqtwyxf5jo6JFBzuEI5M68EwnnvQPrYc440+5rjaF6mMn/votdZaRdsi0hWltP/RjZ43AzXYEsGi1ldIVG+XPa1l6kwZyFXSJ/Jb02UyHgkbXpVsh5mkFblADVmpR5xWjnLJQv3Ol3iUCwY+nHD/io8lp9mh7/N/dg4yVqJp62CarXZE27A6ChIrRdxcnEeb3Oj3XRRuRT160/o9K38CND0SXA/lkjNHkW5bpcNPnrcJ6VaoJBDR3VypLk1Od8vezr+Nebv1M1nw/LzTJzBJxNQ83hp0AI1HWf27E1wlaKwaqhzdqviJAKrgYhg6pvz5hIyyeJjAuaoPdpBTwQjy0qLeTx0RDX2aTGif1q2pzUypu2QRfGP82RWI+n20RKkDQkalKIULfMLReCZZb1dtj/uPo5C6OXYDxoOq2g6Os37aoYTAxvWuUJEE2/22AJ5NJFxbna5T4niEGa2jMBlDDQPZZkp709KXTun6yznm2XXPDWary9Y2DNowcuJsMul7BrjJYSQWo632HTSJIoNgQL8pXKzmXOmX/tjN7WjSPG3Vc X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(346002)(396003)(136003)(39860400002)(376002)(230273577357003)(230173577357003)(230922051799003)(1800799012)(451199024)(64100799003)(82310400011)(186009)(36840700001)(46966006)(40470700004)(47076005)(36860700001)(83380400001)(8676002)(8936002)(478600001)(5660300002)(44832011)(4326008)(70586007)(54906003)(86362001)(6916009)(70206006)(316002)(26005)(426003)(7416002)(16526019)(36756003)(2616005)(1076003)(336012)(7406005)(2906002)(41300700001)(356005)(40460700003)(81166007)(40480700001)(82740400003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:43:16.7589 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: aa9438fe-1114-4aad-8e0f-08dc1e295045 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000971E3.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV2PR12MB5966 From: Brijesh Singh The behavior and requirement for the SEV-legacy command is altered when the SNP firmware is in the INIT state. See SEV-SNP firmware ABI specification for more details. Allocate the Trusted Memory Region (TMR) as a 2MB-sized/aligned region when SNP is enabled to satisfy new requirements for SNP. Continue allocating a 1MB-sized region for !SNP configuration. Signed-off-by: Brijesh Singh Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra [mdr: use struct sev_data_snp_page_reclaim instead of passing paddr directly to SEV_CMD_SNP_PAGE_RECLAIM] Signed-off-by: Michael Roth --- drivers/crypto/ccp/sev-dev.c | 176 +++++++++++++++++++++++++++++++---- include/linux/psp-sev.h | 9 ++ 2 files changed, 165 insertions(+), 20 deletions(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index abee1a68d609..fa992ce57ffe 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -30,6 +30,7 @@ #include #include #include +#include #include "psp-dev.h" #include "sev-dev.h" @@ -73,9 +74,14 @@ static int psp_timeout; * The TMR is a 1MB area that must be 1MB aligned. Use the page allocator * to allocate the memory, which will return aligned memory for the specified * allocation order. + * + * When SEV-SNP is enabled the TMR needs to be 2MB aligned and 2MB sized. */ -#define SEV_ES_TMR_SIZE (1024 * 1024) +#define SEV_TMR_SIZE (1024 * 1024) +#define SNP_TMR_SIZE (2 * 1024 * 1024) + static void *sev_es_tmr; +static size_t sev_es_tmr_size = SEV_TMR_SIZE; /* INIT_EX NV Storage: * The NV Storage is a 32Kb area and must be 4Kb page aligned. Use the page @@ -192,17 +198,6 @@ static int sev_cmd_buffer_len(int cmd) return 0; } -static void *sev_fw_alloc(unsigned long len) -{ - struct page *page; - - page = alloc_pages(GFP_KERNEL, get_order(len)); - if (!page) - return NULL; - - return page_address(page); -} - static struct file *open_file_as_root(const char *filename, int flags, umode_t mode) { struct file *fp; @@ -333,6 +328,142 @@ static int sev_write_init_ex_file_if_required(int cmd_id) return sev_write_init_ex_file(); } +/* + * snp_reclaim_pages() needs __sev_do_cmd_locked(), and __sev_do_cmd_locked() + * needs snp_reclaim_pages(), so a forward declaration is needed. + */ +static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret); + +static int snp_reclaim_pages(unsigned long paddr, unsigned int npages, bool locked) +{ + int ret, err, i; + + paddr = __sme_clr(ALIGN_DOWN(paddr, PAGE_SIZE)); + + for (i = 0; i < npages; i++, paddr += PAGE_SIZE) { + struct sev_data_snp_page_reclaim data = {0}; + + data.paddr = paddr; + + if (locked) + ret = __sev_do_cmd_locked(SEV_CMD_SNP_PAGE_RECLAIM, &data, &err); + else + ret = sev_do_cmd(SEV_CMD_SNP_PAGE_RECLAIM, &data, &err); + + if (ret) + goto cleanup; + + ret = rmp_make_shared(__phys_to_pfn(paddr), PG_LEVEL_4K); + if (ret) + goto cleanup; + } + + return 0; + +cleanup: + /* + * If there was a failure reclaiming the page then it is no longer safe + * to release it back to the system; leak it instead. + */ + snp_leak_pages(__phys_to_pfn(paddr), npages - i); + return ret; +} + +static int rmp_mark_pages_firmware(unsigned long paddr, unsigned int npages, bool locked) +{ + unsigned long pfn = __sme_clr(paddr) >> PAGE_SHIFT; + int rc, i; + + for (i = 0; i < npages; i++, pfn++) { + rc = rmp_make_private(pfn, 0, PG_LEVEL_4K, 0, true); + if (rc) + goto cleanup; + } + + return 0; + +cleanup: + /* + * Try unrolling the firmware state changes by + * reclaiming the pages which were already changed to the + * firmware state. + */ + snp_reclaim_pages(paddr, i, locked); + + return rc; +} + +static struct page *__snp_alloc_firmware_pages(gfp_t gfp_mask, int order) +{ + unsigned long npages = 1ul << order, paddr; + struct sev_device *sev; + struct page *page; + + if (!psp_master || !psp_master->sev_data) + return NULL; + + page = alloc_pages(gfp_mask, order); + if (!page) + return NULL; + + /* If SEV-SNP is initialized then add the page in RMP table. */ + sev = psp_master->sev_data; + if (!sev->snp_initialized) + return page; + + paddr = __pa((unsigned long)page_address(page)); + if (rmp_mark_pages_firmware(paddr, npages, false)) + return NULL; + + return page; +} + +void *snp_alloc_firmware_page(gfp_t gfp_mask) +{ + struct page *page; + + page = __snp_alloc_firmware_pages(gfp_mask, 0); + + return page ? page_address(page) : NULL; +} +EXPORT_SYMBOL_GPL(snp_alloc_firmware_page); + +static void __snp_free_firmware_pages(struct page *page, int order, bool locked) +{ + struct sev_device *sev = psp_master->sev_data; + unsigned long paddr, npages = 1ul << order; + + if (!page) + return; + + paddr = __pa((unsigned long)page_address(page)); + if (sev->snp_initialized && + snp_reclaim_pages(paddr, npages, locked)) + return; + + __free_pages(page, order); +} + +void snp_free_firmware_page(void *addr) +{ + if (!addr) + return; + + __snp_free_firmware_pages(virt_to_page(addr), 0, false); +} +EXPORT_SYMBOL_GPL(snp_free_firmware_page); + +static void *sev_fw_alloc(unsigned long len) +{ + struct page *page; + + page = __snp_alloc_firmware_pages(GFP_KERNEL, get_order(len)); + if (!page) + return NULL; + + return page_address(page); +} + static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret) { struct psp_device *psp = psp_master; @@ -456,7 +587,7 @@ static int __sev_init_locked(int *error) data.tmr_address = __pa(sev_es_tmr); data.flags |= SEV_INIT_FLAGS_SEV_ES; - data.tmr_len = SEV_ES_TMR_SIZE; + data.tmr_len = sev_es_tmr_size; } return __sev_do_cmd_locked(SEV_CMD_INIT, &data, error); @@ -479,7 +610,7 @@ static int __sev_init_ex_locked(int *error) data.tmr_address = __pa(sev_es_tmr); data.flags |= SEV_INIT_FLAGS_SEV_ES; - data.tmr_len = SEV_ES_TMR_SIZE; + data.tmr_len = sev_es_tmr_size; } return __sev_do_cmd_locked(SEV_CMD_INIT_EX, &data, error); @@ -623,6 +754,8 @@ static int __sev_snp_init_locked(int *error) sev->snp_initialized = true; dev_dbg(sev->dev, "SEV-SNP firmware initialized\n"); + sev_es_tmr_size = SNP_TMR_SIZE; + return rc; } @@ -641,14 +774,16 @@ static int __sev_platform_init_locked(int *error) if (!sev_es_tmr) { /* Obtain the TMR memory area for SEV-ES use */ - sev_es_tmr = sev_fw_alloc(SEV_ES_TMR_SIZE); - if (sev_es_tmr) + sev_es_tmr = sev_fw_alloc(sev_es_tmr_size); + if (sev_es_tmr) { /* Must flush the cache before giving it to the firmware */ - clflush_cache_range(sev_es_tmr, SEV_ES_TMR_SIZE); - else + if (!sev->snp_initialized) + clflush_cache_range(sev_es_tmr, sev_es_tmr_size); + } else { dev_warn(sev->dev, "SEV: TMR allocation failed, SEV-ES support unavailable\n"); } + } if (sev_init_ex_buffer) { rc = sev_read_init_ex_file(); @@ -1546,8 +1681,9 @@ static void sev_firmware_shutdown(struct sev_device *sev) /* The TMR area was encrypted, flush it from the cache */ wbinvd_on_all_cpus(); - free_pages((unsigned long)sev_es_tmr, - get_order(SEV_ES_TMR_SIZE)); + __snp_free_firmware_pages(virt_to_page(sev_es_tmr), + get_order(sev_es_tmr_size), + false); sev_es_tmr = NULL; } diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index c7dd6ff9f36b..7f9bc1979018 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -932,6 +932,8 @@ int sev_guest_decommission(struct sev_data_decommission *data, int *error); int sev_do_cmd(int cmd, void *data, int *psp_ret); void *psp_copy_user_blob(u64 uaddr, u32 len); +void *snp_alloc_firmware_page(gfp_t mask); +void snp_free_firmware_page(void *addr); #else /* !CONFIG_CRYPTO_DEV_SP_PSP */ @@ -959,6 +961,13 @@ sev_issue_cmd_external_user(struct file *filep, unsigned int id, void *data, int static inline void *psp_copy_user_blob(u64 __user uaddr, u32 len) { return ERR_PTR(-EINVAL); } +static inline void *snp_alloc_firmware_page(gfp_t mask) +{ + return NULL; +} + +static inline void snp_free_firmware_page(void *addr) { } + #endif /* CONFIG_CRYPTO_DEV_SP_PSP */ #endif /* __PSP_SEV_H__ */ From patchwork Fri Jan 26 04:11:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766960 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2047.outbound.protection.outlook.com [40.107.220.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AD1F412E57; Fri, 26 Jan 2024 04:43:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.47 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244221; cv=fail; b=StVNFYx/wrtusTCMX7ViJH9bjhyFQgVI+iBx5aYseax9GeSOUNMO48a1hGnn91VUgrC+8wL9W55JYIhHXEfXfUSmpC3QvVAw6gIiiBr+uZ5OeD3rZquRP/i5nVnmX2e+gXudptdDhRA/QWXTDVgfE4EzFouU8LW/FTPoBphR4MA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244221; c=relaxed/simple; bh=saMGE6bdug/PGW0w0Emy6Su9nen7L9YcnAD/sElEGkQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ElWUXG/hmKwPqDuEFAjdcNUmZ2z9aBX1/laNQtnWE3ZXrzOhBGa/N+TEiCfxWjjDA+t7ov6Qr8Z1tgofMTh1u8O6jT7ckeA1ZUxyNcLUsDPAkhU9f1Lif7wssFHYPYCHq37ZOHHEN9nSbtPs/ewDgtZ5TRnxxGYTO/6iaq0gvBs= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=OKvSFvVn; arc=fail smtp.client-ip=40.107.220.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="OKvSFvVn" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bZju9EyRpQlWkrbNPzthYSmTDyDjjKPgkKhok7b3UV565n/SW6gCyBicC+dJZ79t6sBHF1r3+1qhvIwr2Lwvx9zc2rx5X9k6jGFPAv8jEhU4Y3PyW2SNDV5nY8A4oCZFqT162fBTXJ0NZED7PjYjb5SV0KI+sRjxxxwtFYZftA3LV9/n5cOQ2YVb5j8bI/FuxGOSrsKLDdoclxUkmGys63f5BT1lfHhH8jycXyu3hGDtPeS2aL/Sr5R8wlyAfqakmUIgT7qJCctNypS18LL+rId+60cj/1cSUWc8Mr1FV8TJ/ulSfkosXKBJNf5tU4HfeFITRFHbMOBcTZbA8UE/SQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=12SpdQ0B6iDjFBVE/dIRbaDpCG3fJ02n914HbZOKUFs=; b=LejprowJvt7gKKRUb1VEfrSx9M7r4F6C0M1tAR3Awrjf+dw4ay3p3hNVH9pn7rFdfODZp0+sAQbXJ/XRd3SrJtiXOnYP6cMuv16cLopI+2w1d1Rro8oK0HD9afcqdNu90tvQ9Z5nhuMJYa2H132ihNZ7a3iTUC0w1RsFRY/sHPedWnt6o9Nd5Vrqx0PGQPYCnwqc9HwRUSPVYswpnWz5a/kq8qWKkEWvtJQOiU4f4HJr5qr2YlN4T2fenCb3r8i7tL9xVv08OK+VJ7ZSmeNdAuNxZFvCgo1n2f0P3Rh7tKukjRRGy5klnNARz4/LIEna57gsPSPuzuDxhylVzLz6SQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=12SpdQ0B6iDjFBVE/dIRbaDpCG3fJ02n914HbZOKUFs=; b=OKvSFvVnwjxw6+V3be4CFPOnxvkhKaQXYCw9nR2SOUVavQrbFNt7rPl6bhjLyW1ni4W149pRThOGPAXEMC9UXQ65WfU7ROQ0XQUpF8551vF2G2bWAl5jJW2ku+MHk88qbWzOwCTc1MP9nPA+al9h3/ZxR7QdEvX3X/ShPuof8WU= Received: from BY5PR16CA0005.namprd16.prod.outlook.com (2603:10b6:a03:1a0::18) by MW4PR12MB6850.namprd12.prod.outlook.com (2603:10b6:303:1ed::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7202.28; Fri, 26 Jan 2024 04:43:37 +0000 Received: from MWH0EPF000971E7.namprd02.prod.outlook.com (2603:10b6:a03:1a0:cafe::a5) by BY5PR16CA0005.outlook.office365.com (2603:10b6:a03:1a0::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.22 via Frontend Transport; Fri, 26 Jan 2024 04:43:37 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000971E7.mail.protection.outlook.com (10.167.243.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:43:37 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:43:36 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v2 17/25] crypto: ccp: Handle non-volatile INIT_EX data when SNP is enabled Date: Thu, 25 Jan 2024 22:11:17 -0600 Message-ID: <20240126041126.1927228-18-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000971E7:EE_|MW4PR12MB6850:EE_ X-MS-Office365-Filtering-Correlation-Id: bee9c4d1-4669-46f6-7291-08dc1e295c76 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: mppbisoawNh0OTtF/pO//rH5L6WWYGjlUeRh17RS7ZByZqvooUaRwMyl5dn8StYTadrOcX9s0F38DUuxrNzZ1Mt0u+L88qAjaVtBggll/xnZdoOmKZnCTkPdy6GphDpf85Fypj9vREM2OaIDtIPWJy0US976A2Bc4EXF3qYAJgE5aE/iSBjgNCHEMOvZQG9NH8s9xW51hL4zw63c9KXnVlA2I49yR2UshjtDXE41NMlRNhr/Je664CAPGRgxXvJGdqDI8b72SVxXVicvWOFH5tyHdWo6IrjOm1TqWm7qqQ51ijAfNjGk6wtMEkehBlR8p34QXL40Basj4qCaatcADu4IaQx+TH2GyFUCrZYe6x0GzRvpCcaVN7g3fIlXCPLEM4Q6uzJlPLxQG9j1j7VqH8IrK3x+oPubX7kosZoJlqDQ8rK2HnNsd/W08DZSWs64lof9VxB62svVFg+oSdXR2a84VXLqtJfLfW2EzOekFGmP6x0UlQT+mx4CwsTidvfvgB1sx6Mr46BbA4XLR5Bgiksqz2TVayD+13uXBREJ3FE17WCx+ayyfdeQa0JObUcaUeikPwsb5/PZ68puHl8X29kz1oJb7nHQDoCI1+TXR3ATctG9kn9N9an6YO5/A1U2zKg1A4Bn+nh1V6sbYd6/qY24A9y8pv0wnYnMxOrjh+Cr7rBAkgRkTHvsB0mDsOxfYIVFn3lao+nG6lAsdFGLPF7xapnrvvJnwa0gciUNROdTIvIilXNlnaQXkNC+qXHJDZYJq6lNVc11q7syvemHvw== X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(376002)(396003)(346002)(39860400002)(136003)(230922051799003)(64100799003)(1800799012)(82310400011)(451199024)(186009)(40470700004)(46966006)(36840700001)(336012)(426003)(41300700001)(40460700003)(40480700001)(16526019)(26005)(6916009)(1076003)(4326008)(36860700001)(36756003)(82740400003)(83380400001)(47076005)(6666004)(356005)(478600001)(81166007)(2616005)(2906002)(7416002)(8676002)(70586007)(70206006)(316002)(44832011)(54906003)(5660300002)(8936002)(86362001)(7406005)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:43:37.2120 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bee9c4d1-4669-46f6-7291-08dc1e295c76 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000971E7.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR12MB6850 From: Tom Lendacky For SEV/SEV-ES, a buffer can be used to access non-volatile data so it can be initialized from a file specified by the init_ex_path CCP module parameter instead of relying on the SPI bus for NV storage, and afterward the buffer can be read from to sync new data back to the file. When SNP is enabled, the pages comprising this buffer need to be set to firmware-owned in the RMP table before they can be accessed by firmware for subsequent updates to the initial contents. Implement that handling here. Signed-off-by: Tom Lendacky Co-developed-by: Michael Roth Signed-off-by: Michael Roth --- drivers/crypto/ccp/sev-dev.c | 47 ++++++++++++++++++++++++------------ 1 file changed, 32 insertions(+), 15 deletions(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index fa992ce57ffe..97fdd98e958c 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -785,10 +785,38 @@ static int __sev_platform_init_locked(int *error) } } - if (sev_init_ex_buffer) { + /* + * If an init_ex_path is provided allocate a buffer for the file and + * read in the contents. Additionally, if SNP is initialized, convert + * the buffer pages to firmware pages. + */ + if (init_ex_path && !sev_init_ex_buffer) { + struct page *page; + + page = alloc_pages(GFP_KERNEL, get_order(NV_LENGTH)); + if (!page) { + dev_err(sev->dev, "SEV: INIT_EX NV memory allocation failed\n"); + return -ENOMEM; + } + + sev_init_ex_buffer = page_address(page); + rc = sev_read_init_ex_file(); if (rc) return rc; + + /* If SEV-SNP is initialized, transition to firmware page. */ + if (sev->snp_initialized) { + unsigned long npages; + + npages = 1UL << get_order(NV_LENGTH); + if (rmp_mark_pages_firmware(__pa(sev_init_ex_buffer), + npages, false)) { + dev_err(sev->dev, + "SEV: INIT_EX NV memory page state change failed.\n"); + return -ENOMEM; + } + } } rc = __sev_do_init_locked(&psp_ret); @@ -1688,8 +1716,9 @@ static void sev_firmware_shutdown(struct sev_device *sev) } if (sev_init_ex_buffer) { - free_pages((unsigned long)sev_init_ex_buffer, - get_order(NV_LENGTH)); + __snp_free_firmware_pages(virt_to_page(sev_init_ex_buffer), + get_order(NV_LENGTH), + true); sev_init_ex_buffer = NULL; } @@ -1743,18 +1772,6 @@ void sev_pci_init(void) if (sev_update_firmware(sev->dev) == 0) sev_get_api_version(); - /* If an init_ex_path is provided rely on INIT_EX for PSP initialization - * instead of INIT. - */ - if (init_ex_path) { - sev_init_ex_buffer = sev_fw_alloc(NV_LENGTH); - if (!sev_init_ex_buffer) { - dev_err(sev->dev, - "SEV: INIT_EX NV memory allocation failed\n"); - goto err; - } - } - /* Initialize the platform */ args.probe = true; rc = sev_platform_init(&args); From patchwork Fri Jan 26 04:11:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766559 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2040.outbound.protection.outlook.com [40.107.236.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E9941125AF; Fri, 26 Jan 2024 04:44:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.40 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244245; cv=fail; b=cPOx2o37AqNXkMf8FzsOgVqZt+kPDmFJH69Ud50mu29/WY0Ln+8I88BCzDi5LZGpBdBHMiGfVVtuDdgwkrlzlSBgr7iIbB5+J+nRShIBdOLpmdyPZRK7SHvdim0mVzl592tOL2xpxAArHMNmP8Ctp6p1tmSVPhp2TTJWdS9i1kI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244245; c=relaxed/simple; bh=MFNwkHtFOsGkkAwJeNakjxcSENK1x4y870jas+dk3EQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=GoT279P1JsdKs6Gv7mlj18ukbFh4IMC/OE8oqRhHFJQu0Y3NrfyMuwbRLCK49kl07cduBJa3B06XVPwEFblWUypadJJRfm8HXn4fILKysuYYo2xBY1uL9QJ3gTY/W3TA0emKR4W3vKkjPSTMHbmk3OYqgc/7jnvI/HVL+kYOl+M= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=gJS8x26s; arc=fail smtp.client-ip=40.107.236.40 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="gJS8x26s" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ILZaLjMchTI4RU+CNcquYEGomM1hzg8UDagr18HflWSdwQ8u3BU0CkosiZxJBp55G+pJZ8IGIFZ72i42/GgrCxQ4inKL6xgnBTlth9+3Rfjg0v94HP9vBumZ9zjqrSSyIHbBgrJ1QBJKwL+xoLcOjvneiNXhnNoybPvYMQ+9bIrMSMGPU+2XRzh2yt5Lf7rLYANHIjkhKg2QQYmWg1sqpX6vqPqOii+A1AUVWlHi1p+VGL2JA9hNWd9v1076waRwOoWyZ4o3vbxig3s4K0m+Au+EbxVsNHXdZlmOT40S0S747u4WBXc0DbeNC1hAd5rsm/8L8KGt4D6YM84wsdYvtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NI0TXxna9Q4A+0oib7Nh9hyRMric/3e/+cYBycjs+J8=; b=Lj4YyTJgLMbA3OLUsMzSMydsGRDg27NlvHFEM8ecKe6MzMz+2p2gL2qg8nUy78e6qvV/5mal5waTyC5wQX4PW2UMFAx7PcuuOa7gwBSskrLhFEmtU0iajGEJBJk8fHOPua7nx63nTT+keWFwH46iAhQCxK/IrCVWmKJm0mJV3AbuExmAqtieMUQhmoK58v1hvISXkNstgkD13XWgYZi9r+9gTM8m+3K0aRqAqGN8OHkuL6tlQNSlPRGl7yGkw9EsbkXUVYbG8AtDNhP5xxSuNsgmOpZk8laOZJb8ehp7Qq1vqnqkdT3Xfu9WnC4GEnORqMDlvwbaszxvTYRjMRKYMQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NI0TXxna9Q4A+0oib7Nh9hyRMric/3e/+cYBycjs+J8=; b=gJS8x26s9J7pwrb6LmqOZs2eARcyToUMVmMTDhLCk4LrIiNtnNEOMjaDdBPUZX4LuF2dPtg9L07e6AmMJvQ3PETt43yvl1owzDxkWObcojee3Be3ClUCAMxndpLKxLcHrRNRtvHwXGEEgiCAXf1eKK05dP20fuyijulDU1yYFBA= Received: from MW4PR02CA0024.namprd02.prod.outlook.com (2603:10b6:303:16d::9) by BN9PR12MB5306.namprd12.prod.outlook.com (2603:10b6:408:103::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27; Fri, 26 Jan 2024 04:43:58 +0000 Received: from MWH0EPF000971E8.namprd02.prod.outlook.com (2603:10b6:303:16d:cafe::cf) by MW4PR02CA0024.outlook.office365.com (2603:10b6:303:16d::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.26 via Frontend Transport; Fri, 26 Jan 2024 04:43:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000971E8.mail.protection.outlook.com (10.167.243.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:43:58 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:43:57 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh Subject: [PATCH v2 18/25] crypto: ccp: Handle legacy SEV commands when SNP is enabled Date: Thu, 25 Jan 2024 22:11:18 -0600 Message-ID: <20240126041126.1927228-19-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000971E8:EE_|BN9PR12MB5306:EE_ X-MS-Office365-Filtering-Correlation-Id: 591a442d-f3bc-45b1-16ae-08dc1e2968db X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: XOOHhdoKjm65vCjo8+hUgclOITHjxUG3Zaf4q796Jy2+fWKqEbtT9v/a3qoGt7GMaZGdCALyeOqEB0Zg1DKT5C/KEn4cgalsQMCUUg5SONT1hAo0vfvIfw9BO4kEwObNPR4PCHPpFBzfwmNlcA+H+AcurW6ziGfhqwDjA8AYKNBdg/w7ugtK1fsNC23ZjbDnuYdVxNw7QMfANnaiFCX4ZTygRs6+ZCNWIJLdtSxDZ9yMYouWKtmC3NKBEvu7aHfOykEQVQbepCzk1D0qVqxaUpZ2e8tnL80X7LRb+d1P4hJbPWy+P6rKY/7oOsaFATqWFf51o5gEIARnt1SLgYcTKOOfn4LJnfUkzlZ5qdTfuAGW69eWrSZJP1WvhLn1KS+WV3t7ut3xRQzf0rUvMQtYd5HoV976wuun4x9nPjTi963+XanHuO70vydnzraZej3tZgMsIfhuyUWgf8x42Vd5XcEEgvbEu/OyExYSqYw3Pvjv408lJNBeXwx083U2DxfKBpXoMK3mxCkIQH8Wz/SnC9DxYc9JqQYxmVAMNg/2ycpHtlGU+yLg5SDRhc9Lr5SDo0dgoav9333mwYe5IQLfbOS7TOJNMDBYqugLwuta8Cgaldgo768kL6uO1gjQnpgQ+U0QbpSDjcbDwkr1hAlL3qj3tH9sMQJZ/DnUAFOX+eBdPE2DV5+lBLurBYS4xAxs176yiwib5VOjbZto26jjsPEnnophGanEcjQ9+CuQKGoJiXHmxXHRBhBhxxHmDvV5SOeHuCFxvdEMe6A/LxzTag== X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(136003)(39860400002)(346002)(376002)(396003)(230922051799003)(64100799003)(451199024)(1800799012)(82310400011)(186009)(40470700004)(36840700001)(46966006)(82740400003)(7406005)(356005)(81166007)(30864003)(2906002)(7416002)(36860700001)(5660300002)(44832011)(41300700001)(36756003)(86362001)(336012)(426003)(26005)(16526019)(478600001)(1076003)(2616005)(6666004)(8936002)(8676002)(4326008)(47076005)(83380400001)(54906003)(70206006)(316002)(6916009)(70586007)(40460700003)(40480700001)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:43:58.0042 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 591a442d-f3bc-45b1-16ae-08dc1e2968db X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000971E8.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN9PR12MB5306 From: Brijesh Singh The behavior of legacy SEV commands is altered when the firmware is initialized for SNP support. In that case, all command buffer memory that may get written to by legacy SEV commands must be marked as firmware-owned in the RMP table prior to issuing the command. Additionally, when a command buffer contains a system physical address that points to additional buffers that firmware may write to, special handling is needed depending on whether: 1) the system physical address points to guest memory 2) the system physical address points to host memory To handle case #1, the pages of these buffers are changed to firmware-owned in the RMP table before issuing the command, and restored to hypervisor-owned after the command completes. For case #2, a bounce buffer is used instead of the original address. Signed-off-by: Brijesh Singh Co-developed-by: Michael Roth Signed-off-by: Michael Roth Signed-off-by: Ashish Kalra --- drivers/crypto/ccp/sev-dev.c | 418 ++++++++++++++++++++++++++++++++++- drivers/crypto/ccp/sev-dev.h | 3 + 2 files changed, 411 insertions(+), 10 deletions(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 97fdd98e958c..b2ad41ce5f77 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -43,6 +43,15 @@ #define SNP_MIN_API_MAJOR 1 #define SNP_MIN_API_MINOR 51 +/* + * Maximum number of firmware-writable buffers that might be specified + * in the parameters of a legacy SEV command buffer. + */ +#define CMD_BUF_FW_WRITABLE_MAX 2 + +/* Leave room in the descriptor array for an end-of-list indicator. */ +#define CMD_BUF_DESC_MAX (CMD_BUF_FW_WRITABLE_MAX + 1) + static DEFINE_MUTEX(sev_cmd_mutex); static struct sev_misc_dev *misc_dev; @@ -464,13 +473,344 @@ static void *sev_fw_alloc(unsigned long len) return page_address(page); } +/** + * struct cmd_buf_desc - descriptors for managing legacy SEV command address + * parameters corresponding to buffers that may be written to by firmware. + * + * @paddr_ptr: pointer the address parameter in the command buffer, which may + * need to be saved/restored depending on whether a bounce buffer is + * used. Must be NULL if this descriptor is only an end-of-list + * indicator. + * @paddr_orig: storage for the original address parameter, which can be used to + * restore the original value in @paddr_ptr in cases where it is + * replaced with the address of a bounce buffer. + * @len: length of buffer located at the address originally stored at @paddr_ptr + * @guest_owned: true if the address corresponds to guest-owned pages, in which + * case bounce buffers are not needed. + */ +struct cmd_buf_desc { + u64 *paddr_ptr; + u64 paddr_orig; + u32 len; + bool guest_owned; +}; + +/* + * If a legacy SEV command parameter is a memory address, those pages in + * turn need to be transitioned to/from firmware-owned before/after + * executing the firmware command. + * + * Additionally, in cases where those pages are not guest-owned, a bounce + * buffer is needed in place of the original memory address parameter. + * + * A set of descriptors are used to keep track of this handling, and + * initialized here based on the specific commands being executed. + */ +static void snp_populate_cmd_buf_desc_list(int cmd, void *cmd_buf, + struct cmd_buf_desc *desc_list) +{ + switch (cmd) { + case SEV_CMD_PDH_CERT_EXPORT: { + struct sev_data_pdh_cert_export *data = cmd_buf; + + desc_list[0].paddr_ptr = &data->pdh_cert_address; + desc_list[0].len = data->pdh_cert_len; + desc_list[1].paddr_ptr = &data->cert_chain_address; + desc_list[1].len = data->cert_chain_len; + break; + } + case SEV_CMD_GET_ID: { + struct sev_data_get_id *data = cmd_buf; + + desc_list[0].paddr_ptr = &data->address; + desc_list[0].len = data->len; + break; + } + case SEV_CMD_PEK_CSR: { + struct sev_data_pek_csr *data = cmd_buf; + + desc_list[0].paddr_ptr = &data->address; + desc_list[0].len = data->len; + break; + } + case SEV_CMD_LAUNCH_UPDATE_DATA: { + struct sev_data_launch_update_data *data = cmd_buf; + + desc_list[0].paddr_ptr = &data->address; + desc_list[0].len = data->len; + desc_list[0].guest_owned = true; + break; + } + case SEV_CMD_LAUNCH_UPDATE_VMSA: { + struct sev_data_launch_update_vmsa *data = cmd_buf; + + desc_list[0].paddr_ptr = &data->address; + desc_list[0].len = data->len; + desc_list[0].guest_owned = true; + break; + } + case SEV_CMD_LAUNCH_MEASURE: { + struct sev_data_launch_measure *data = cmd_buf; + + desc_list[0].paddr_ptr = &data->address; + desc_list[0].len = data->len; + break; + } + case SEV_CMD_LAUNCH_UPDATE_SECRET: { + struct sev_data_launch_secret *data = cmd_buf; + + desc_list[0].paddr_ptr = &data->guest_address; + desc_list[0].len = data->guest_len; + desc_list[0].guest_owned = true; + break; + } + case SEV_CMD_DBG_DECRYPT: { + struct sev_data_dbg *data = cmd_buf; + + desc_list[0].paddr_ptr = &data->dst_addr; + desc_list[0].len = data->len; + desc_list[0].guest_owned = true; + break; + } + case SEV_CMD_DBG_ENCRYPT: { + struct sev_data_dbg *data = cmd_buf; + + desc_list[0].paddr_ptr = &data->dst_addr; + desc_list[0].len = data->len; + desc_list[0].guest_owned = true; + break; + } + case SEV_CMD_ATTESTATION_REPORT: { + struct sev_data_attestation_report *data = cmd_buf; + + desc_list[0].paddr_ptr = &data->address; + desc_list[0].len = data->len; + break; + } + case SEV_CMD_SEND_START: { + struct sev_data_send_start *data = cmd_buf; + + desc_list[0].paddr_ptr = &data->session_address; + desc_list[0].len = data->session_len; + break; + } + case SEV_CMD_SEND_UPDATE_DATA: { + struct sev_data_send_update_data *data = cmd_buf; + + desc_list[0].paddr_ptr = &data->hdr_address; + desc_list[0].len = data->hdr_len; + desc_list[1].paddr_ptr = &data->trans_address; + desc_list[1].len = data->trans_len; + break; + } + case SEV_CMD_SEND_UPDATE_VMSA: { + struct sev_data_send_update_vmsa *data = cmd_buf; + + desc_list[0].paddr_ptr = &data->hdr_address; + desc_list[0].len = data->hdr_len; + desc_list[1].paddr_ptr = &data->trans_address; + desc_list[1].len = data->trans_len; + break; + } + case SEV_CMD_RECEIVE_UPDATE_DATA: { + struct sev_data_receive_update_data *data = cmd_buf; + + desc_list[0].paddr_ptr = &data->guest_address; + desc_list[0].len = data->guest_len; + desc_list[0].guest_owned = true; + break; + } + case SEV_CMD_RECEIVE_UPDATE_VMSA: { + struct sev_data_receive_update_vmsa *data = cmd_buf; + + desc_list[0].paddr_ptr = &data->guest_address; + desc_list[0].len = data->guest_len; + desc_list[0].guest_owned = true; + break; + } + default: + break; + } +} + +static int snp_map_cmd_buf_desc(struct cmd_buf_desc *desc) +{ + unsigned int npages; + + if (!desc->len) + return 0; + + /* Allocate a bounce buffer if this isn't a guest owned page. */ + if (!desc->guest_owned) { + struct page *page; + + page = alloc_pages(GFP_KERNEL_ACCOUNT, get_order(desc->len)); + if (!page) { + pr_warn("Failed to allocate bounce buffer for SEV legacy command.\n"); + return -ENOMEM; + } + + desc->paddr_orig = *desc->paddr_ptr; + *desc->paddr_ptr = __psp_pa(page_to_virt(page)); + } + + npages = PAGE_ALIGN(desc->len) >> PAGE_SHIFT; + + /* Transition the buffer to firmware-owned. */ + if (rmp_mark_pages_firmware(*desc->paddr_ptr, npages, true)) { + pr_warn("Error moving pages to firmware-owned state for SEV legacy command.\n"); + return -EFAULT; + } + + return 0; +} + +static int snp_unmap_cmd_buf_desc(struct cmd_buf_desc *desc) +{ + unsigned int npages; + + if (!desc->len) + return 0; + + npages = PAGE_ALIGN(desc->len) >> PAGE_SHIFT; + + /* Transition the buffers back to hypervisor-owned. */ + if (snp_reclaim_pages(*desc->paddr_ptr, npages, true)) { + pr_warn("Failed to reclaim firmware-owned pages while issuing SEV legacy command.\n"); + return -EFAULT; + } + + /* Copy data from bounce buffer and then free it. */ + if (!desc->guest_owned) { + void *bounce_buf = __va(__sme_clr(*desc->paddr_ptr)); + void *dst_buf = __va(__sme_clr(desc->paddr_orig)); + + memcpy(dst_buf, bounce_buf, desc->len); + __free_pages(virt_to_page(bounce_buf), get_order(desc->len)); + + /* Restore the original address in the command buffer. */ + *desc->paddr_ptr = desc->paddr_orig; + } + + return 0; +} + +static int snp_map_cmd_buf_desc_list(int cmd, void *cmd_buf, struct cmd_buf_desc *desc_list) +{ + int i; + + snp_populate_cmd_buf_desc_list(cmd, cmd_buf, desc_list); + + for (i = 0; i < CMD_BUF_DESC_MAX; i++) { + struct cmd_buf_desc *desc = &desc_list[i]; + + if (!desc->paddr_ptr) + break; + + if (snp_map_cmd_buf_desc(desc)) + goto err_unmap; + } + + return 0; + +err_unmap: + for (i--; i >= 0; i--) + snp_unmap_cmd_buf_desc(&desc_list[i]); + + return -EFAULT; +} + +static int snp_unmap_cmd_buf_desc_list(struct cmd_buf_desc *desc_list) +{ + int i, ret = 0; + + for (i = 0; i < CMD_BUF_DESC_MAX; i++) { + struct cmd_buf_desc *desc = &desc_list[i]; + + if (!desc->paddr_ptr) + break; + + if (snp_unmap_cmd_buf_desc(&desc_list[i])) + ret = -EFAULT; + } + + return ret; +} + +static bool sev_cmd_buf_writable(int cmd) +{ + switch (cmd) { + case SEV_CMD_PLATFORM_STATUS: + case SEV_CMD_GUEST_STATUS: + case SEV_CMD_LAUNCH_START: + case SEV_CMD_RECEIVE_START: + case SEV_CMD_LAUNCH_MEASURE: + case SEV_CMD_SEND_START: + case SEV_CMD_SEND_UPDATE_DATA: + case SEV_CMD_SEND_UPDATE_VMSA: + case SEV_CMD_PEK_CSR: + case SEV_CMD_PDH_CERT_EXPORT: + case SEV_CMD_GET_ID: + case SEV_CMD_ATTESTATION_REPORT: + return true; + default: + return false; + } +} + +/* After SNP is INIT'ed, the behavior of legacy SEV commands is changed. */ +static bool snp_legacy_handling_needed(int cmd) +{ + struct sev_device *sev = psp_master->sev_data; + + return cmd < SEV_CMD_SNP_INIT && sev->snp_initialized; +} + +static int snp_prep_cmd_buf(int cmd, void *cmd_buf, struct cmd_buf_desc *desc_list) +{ + if (!snp_legacy_handling_needed(cmd)) + return 0; + + if (snp_map_cmd_buf_desc_list(cmd, cmd_buf, desc_list)) + return -EFAULT; + + /* + * Before command execution, the command buffer needs to be put into + * the firmware-owned state. + */ + if (sev_cmd_buf_writable(cmd)) { + if (rmp_mark_pages_firmware(__pa(cmd_buf), 1, true)) + return -EFAULT; + } + + return 0; +} + +static int snp_reclaim_cmd_buf(int cmd, void *cmd_buf) +{ + if (!snp_legacy_handling_needed(cmd)) + return 0; + + /* + * After command completion, the command buffer needs to be put back + * into the hypervisor-owned state. + */ + if (sev_cmd_buf_writable(cmd)) + if (snp_reclaim_pages(__pa(cmd_buf), 1, true)) + return -EFAULT; + + return 0; +} + static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret) { + struct cmd_buf_desc desc_list[CMD_BUF_DESC_MAX] = {0}; struct psp_device *psp = psp_master; struct sev_device *sev; unsigned int cmdbuff_hi, cmdbuff_lo; unsigned int phys_lsb, phys_msb; unsigned int reg, ret = 0; + void *cmd_buf; int buf_len; if (!psp || !psp->sev_data) @@ -490,12 +830,47 @@ static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret) * work for some memory, e.g. vmalloc'd addresses, and @data may not be * physically contiguous. */ - if (data) - memcpy(sev->cmd_buf, data, buf_len); + if (data) { + /* + * Commands are generally issued one at a time and require the + * sev_cmd_mutex, but there could be recursive firmware requests + * due to SEV_CMD_SNP_PAGE_RECLAIM needing to be issued while + * preparing buffers for another command. This is the only known + * case of nesting in the current code, so exactly one + * additional command buffer is available for that purpose. + */ + if (!sev->cmd_buf_active) { + cmd_buf = sev->cmd_buf; + sev->cmd_buf_active = true; + } else if (!sev->cmd_buf_backup_active) { + cmd_buf = sev->cmd_buf_backup; + sev->cmd_buf_backup_active = true; + } else { + dev_err(sev->dev, + "SEV: too many firmware commands in progress, no command buffers available.\n"); + return -EBUSY; + } + + memcpy(cmd_buf, data, buf_len); + + /* + * The behavior of the SEV-legacy commands is altered when the + * SNP firmware is in the INIT state. + */ + ret = snp_prep_cmd_buf(cmd, cmd_buf, desc_list); + if (ret) { + dev_err(sev->dev, + "SEV: failed to prepare buffer for legacy command 0x%x. Error: %d\n", + cmd, ret); + return ret; + } + } else { + cmd_buf = sev->cmd_buf; + } /* Get the physical address of the command buffer */ - phys_lsb = data ? lower_32_bits(__psp_pa(sev->cmd_buf)) : 0; - phys_msb = data ? upper_32_bits(__psp_pa(sev->cmd_buf)) : 0; + phys_lsb = data ? lower_32_bits(__psp_pa(cmd_buf)) : 0; + phys_msb = data ? upper_32_bits(__psp_pa(cmd_buf)) : 0; dev_dbg(sev->dev, "sev command id %#x buffer 0x%08x%08x timeout %us\n", cmd, phys_msb, phys_lsb, psp_timeout); @@ -549,15 +924,36 @@ static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret) ret = sev_write_init_ex_file_if_required(cmd); } - print_hex_dump_debug("(out): ", DUMP_PREFIX_OFFSET, 16, 2, data, - buf_len, false); - /* * Copy potential output from the PSP back to data. Do this even on * failure in case the caller wants to glean something from the error. */ - if (data) - memcpy(data, sev->cmd_buf, buf_len); + if (data) { + int ret_reclaim; + /* + * Restore the page state after the command completes. + */ + ret_reclaim = snp_reclaim_cmd_buf(cmd, cmd_buf); + if (ret_reclaim) { + dev_err(sev->dev, + "SEV: failed to reclaim buffer for legacy command %#x. Error: %d\n", + cmd, ret_reclaim); + return ret_reclaim; + } + + memcpy(data, cmd_buf, buf_len); + + if (sev->cmd_buf_backup_active) + sev->cmd_buf_backup_active = false; + else + sev->cmd_buf_active = false; + + if (snp_unmap_cmd_buf_desc_list(desc_list)) + return -EFAULT; + } + + print_hex_dump_debug("(out): ", DUMP_PREFIX_OFFSET, 16, 2, data, + buf_len, false); return ret; } @@ -1657,10 +2053,12 @@ int sev_dev_init(struct psp_device *psp) if (!sev) goto e_err; - sev->cmd_buf = (void *)devm_get_free_pages(dev, GFP_KERNEL, 0); + sev->cmd_buf = (void *)devm_get_free_pages(dev, GFP_KERNEL, 1); if (!sev->cmd_buf) goto e_sev; + sev->cmd_buf_backup = (uint8_t *)sev->cmd_buf + PAGE_SIZE; + psp->sev_data = sev; sev->dev = dev; diff --git a/drivers/crypto/ccp/sev-dev.h b/drivers/crypto/ccp/sev-dev.h index 85506325051a..3e4e5574e88a 100644 --- a/drivers/crypto/ccp/sev-dev.h +++ b/drivers/crypto/ccp/sev-dev.h @@ -52,6 +52,9 @@ struct sev_device { u8 build; void *cmd_buf; + void *cmd_buf_backup; + bool cmd_buf_active; + bool cmd_buf_backup_active; bool snp_initialized; }; From patchwork Fri Jan 26 04:11:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766959 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2042.outbound.protection.outlook.com [40.107.237.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A62D012B84; Fri, 26 Jan 2024 04:44:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.42 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244264; cv=fail; b=Pf29fdsp+dGH8VPHHPeJmFRgkRe/4jkXIViPY2c39isUymvsSlGgvETZLCEJiHYtdG+WMYxJRkkWlnJScZX176jCaHUzgRlxzeagEpvl+eQZAlwmpP9xfB6vwFvRlFnyPW+swf/I2cgrOfHeGmSywu3fn+s5Dm7uKyo2z6uKh8I= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244264; c=relaxed/simple; bh=rFQHte2t4t3G1/OOE02HGpFuvyVgpIu9vJi2P9nJRZg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=YuQnMDCAMIcv+laK0wWcT25jgm5M0vPFBlB8je4Oje0pgaiYtp41PMjNwfoesOpEllvHoLAVmBT7c8od+fcTmMJyixeAF/mlbiX5CrmdcSBQ8LlpWFOcMfrFGzqfIMZRsTwzN/jSEFHBE8y2u60i9BGEU/IJO+v7WG5VVivZYbo= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=iCYTuyQX; arc=fail smtp.client-ip=40.107.237.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="iCYTuyQX" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=arIXtEDaW2ZrrZdfdRWg6FDXMREgjXCopdMb673d6b1hgWTbFIaygcXcjdQhCYkVPrvQg4K6c1DGFGIXIuI+HFYF2huxYmXpAgGmLcgn2hrwPDlXk7YoEaDAq9vSs8KDXd2wJYP0OwajB5zO2YtJSNxgMSug9LMj1vbtkiyxMNdYviRS2n9UP2jqGqWoXihINzN0CltLIqhTIAHZaDig9obn0LtqGOWfGN1j/aqhXrNKgviPJcHLvOYETZmtbRuNgjjxbWKDKJFR0kBuuRmNl+5RB30JSuHFijjlT4tQUsT4cq3QYsS1YoKMpYvtOvMKpYqv4qa0O6X/9iPiQ70sMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+qG75r4WHkgWbMzwHKr0H1I3Mb70xWCu5pDmxLxzbm0=; b=FCFdqCGWmi9ZHUZhSUNMEAniKR0J4+9hEWV5TIvnFfAEyw2ovdLPQlzGc1UGKHcRTBL8Gup3dGViUtSFQ3GHs68YLM9VrE2iSU8FccSrczg2zS/9lOdDYtzDxjpZQczclxX0xO2XEHg5wffx93rQ992u4adBo1c1yoiARtym1X1ehdyme7AKoLl5qgZAxu+Y8p66QkTYwq3R5VK4I6Xg1doW6GjOw/1KBXU0pNwoOD57VhQMaTbYUvAD3SwdNVTfv+Xhv0axY7z1ry0up1GAxwFYvrWwJdZaip1nxREQbatowbQLEOCpynRDY5Y8zrhk4SxMBSLuFdZ9SN4HmzohpQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+qG75r4WHkgWbMzwHKr0H1I3Mb70xWCu5pDmxLxzbm0=; b=iCYTuyQXK9QqQXk+8+TeDi6mI7k8g7wYKx3vfgFNIrFc+qzXjbgYbkYDcBfVQYQ+WuNKK+vhigzeVCWu7tYAT27fmcf078+Cvej+O0HQNA9wj/l6of5CSXpVtAtkz7AoVEz13sdxk+qVKKoQ+I3TGC4uRgZLLQw3btH2z+XK5yg= Received: from BY5PR16CA0027.namprd16.prod.outlook.com (2603:10b6:a03:1a0::40) by IA1PR12MB6555.namprd12.prod.outlook.com (2603:10b6:208:3a1::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27; Fri, 26 Jan 2024 04:44:19 +0000 Received: from MWH0EPF000971E7.namprd02.prod.outlook.com (2603:10b6:a03:1a0:cafe::a5) by BY5PR16CA0027.outlook.office365.com (2603:10b6:a03:1a0::40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.26 via Frontend Transport; Fri, 26 Jan 2024 04:44:18 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000971E7.mail.protection.outlook.com (10.167.243.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:44:18 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:44:17 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v2 19/25] iommu/amd: Clean up RMP entries for IOMMU pages during SNP shutdown Date: Thu, 25 Jan 2024 22:11:19 -0600 Message-ID: <20240126041126.1927228-20-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000971E7:EE_|IA1PR12MB6555:EE_ X-MS-Office365-Filtering-Correlation-Id: ce8654d0-eb09-4f90-6a13-08dc1e29753c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: c1/N+NOdlDEYkL8nup6ZrqkbaTUwNTx4w1tb1kYLBF2ZsRUeoE/t4rCcWjHvSbOskC3cZ3B/D1Z4m4Dj9X31dfu/fKaKzwuoqfGO+iO0wqy6dTi/W1e2g3vLPSmO6K5ShdywZCLi+EPavjm3W8nicVnWvVQMUTNB0yiuYpdifelJd2jrgFT5O9X9JSzpK9ZcQbXmkabI92VThui4MTF0YR1TW8j97jWjVUVuLQwrLAMBk5zrHYbyVe0SUSbTF3qWMwisNZLJUEdVaI+7r+3qubvVtKWwK4bavN6LPixo4hEZ/T8LlYo8a4Y6KT1K7GDjAQHOTOhUvPnNukiY4oMVoyLOfXCSIKBsG6XyljAE7mPr+YlrAavs18G8K3LfmkCzRSaEUEMbXPifsR3F0mMHoOQ37KFWu8xj+diXpGq/iE0pQBKVwDxVVNsgJZ+YfpzkiyMbcT89heNQ8IAsmtgPYO6MMVnKDJbeM4lFmrtC5/08d2YmUjIMXLPk5x/H101OZRw4TAn6yc6Io4VucyT1P9kkFTsXKhgyCXufEA27X4R7F3P/9617yVnYS8Oaw/V3JMrRVUyyT5hI4MpNm0VncYs9RWAEnZo9q6xtE0TUh9ERq8HP6JPgdwLhUg2clR/l9BTwCnLQArCW7rQsp8Usgtq2ls+qV/Rk69kB6rk1HizZkvwx7pNbs3oUDudfPGW0rswQZ3XSu9kPTn56lnby1PisRRKjomyNU27UiemNwbazxDGQZxi4oPrxY5yn3JcBTToQ9fGqY9qtxXOX3oiSpA== X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(396003)(136003)(376002)(39860400002)(346002)(230922051799003)(186009)(1800799012)(82310400011)(64100799003)(451199024)(36840700001)(40470700004)(46966006)(8936002)(8676002)(4326008)(36860700001)(5660300002)(82740400003)(7406005)(7416002)(2616005)(1076003)(70586007)(70206006)(54906003)(83380400001)(44832011)(47076005)(6916009)(316002)(36756003)(356005)(81166007)(40460700003)(40480700001)(2906002)(336012)(426003)(478600001)(26005)(16526019)(86362001)(41300700001)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:44:18.7591 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ce8654d0-eb09-4f90-6a13-08dc1e29753c X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000971E7.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB6555 From: Ashish Kalra Add a new IOMMU API interface amd_iommu_snp_disable() to transition IOMMU pages to Hypervisor state from Reclaim state after SNP_SHUTDOWN_EX command. Invoke this API from the CCP driver after SNP_SHUTDOWN_EX command. Signed-off-by: Ashish Kalra Signed-off-by: Michael Roth --- drivers/crypto/ccp/sev-dev.c | 20 +++++++++ drivers/iommu/amd/init.c | 79 ++++++++++++++++++++++++++++++++++++ include/linux/amd-iommu.h | 6 +++ 3 files changed, 105 insertions(+) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index b2ad41ce5f77..d26bff55ec93 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include @@ -1633,6 +1634,25 @@ static int __sev_snp_shutdown_locked(int *error) return ret; } + /* + * SNP_SHUTDOWN_EX with IOMMU_SNP_SHUTDOWN set to 1 disables SNP + * enforcement by the IOMMU and also transitions all pages + * associated with the IOMMU to the Reclaim state. + * Firmware was transitioning the IOMMU pages to Hypervisor state + * before version 1.53. But, accounting for the number of assigned + * 4kB pages in a 2M page was done incorrectly by not transitioning + * to the Reclaim state. This resulted in RMP #PF when later accessing + * the 2M page containing those pages during kexec boot. Hence, the + * firmware now transitions these pages to Reclaim state and hypervisor + * needs to transition these pages to shared state. SNP Firmware + * version 1.53 and above are needed for kexec boot. + */ + ret = amd_iommu_snp_disable(); + if (ret) { + dev_err(sev->dev, "SNP IOMMU shutdown failed\n"); + return ret; + } + sev->snp_initialized = false; dev_dbg(sev->dev, "SEV-SNP firmware shutdown\n"); diff --git a/drivers/iommu/amd/init.c b/drivers/iommu/amd/init.c index 3a4eeb26d515..88bb08ae39b2 100644 --- a/drivers/iommu/amd/init.c +++ b/drivers/iommu/amd/init.c @@ -30,6 +30,7 @@ #include #include #include +#include #include @@ -3797,3 +3798,81 @@ int amd_iommu_pc_set_reg(struct amd_iommu *iommu, u8 bank, u8 cntr, u8 fxn, u64 return iommu_pc_get_set_reg(iommu, bank, cntr, fxn, value, true); } + +#ifdef CONFIG_KVM_AMD_SEV +static int iommu_page_make_shared(void *page) +{ + unsigned long paddr, pfn; + + paddr = iommu_virt_to_phys(page); + /* Cbit maybe set in the paddr */ + pfn = __sme_clr(paddr) >> PAGE_SHIFT; + + if (!(pfn % PTRS_PER_PMD)) { + int ret, level; + bool assigned; + + ret = snp_lookup_rmpentry(pfn, &assigned, &level); + if (ret) + pr_warn("IOMMU PFN %lx RMP lookup failed, ret %d\n", + pfn, ret); + + if (!assigned) + pr_warn("IOMMU PFN %lx not assigned in RMP table\n", + pfn); + + if (level > PG_LEVEL_4K) { + ret = psmash(pfn); + if (ret) { + pr_warn("IOMMU PFN %lx had a huge RMP entry, but attempted psmash failed, ret: %d, level: %d\n", + pfn, ret, level); + } + } + } + + return rmp_make_shared(pfn, PG_LEVEL_4K); +} + +static int iommu_make_shared(void *va, size_t size) +{ + void *page; + int ret; + + if (!va) + return 0; + + for (page = va; page < (va + size); page += PAGE_SIZE) { + ret = iommu_page_make_shared(page); + if (ret) + return ret; + } + + return 0; +} + +int amd_iommu_snp_disable(void) +{ + struct amd_iommu *iommu; + int ret; + + if (!amd_iommu_snp_en) + return 0; + + for_each_iommu(iommu) { + ret = iommu_make_shared(iommu->evt_buf, EVT_BUFFER_SIZE); + if (ret) + return ret; + + ret = iommu_make_shared(iommu->ppr_log, PPR_LOG_SIZE); + if (ret) + return ret; + + ret = iommu_make_shared((void *)iommu->cmd_sem, PAGE_SIZE); + if (ret) + return ret; + } + + return 0; +} +EXPORT_SYMBOL_GPL(amd_iommu_snp_disable); +#endif diff --git a/include/linux/amd-iommu.h b/include/linux/amd-iommu.h index 7365be00a795..2b90c48a6a87 100644 --- a/include/linux/amd-iommu.h +++ b/include/linux/amd-iommu.h @@ -85,4 +85,10 @@ int amd_iommu_pc_get_reg(struct amd_iommu *iommu, u8 bank, u8 cntr, u8 fxn, u64 *value); struct amd_iommu *get_amd_iommu(unsigned int idx); +#ifdef CONFIG_KVM_AMD_SEV +int amd_iommu_snp_disable(void); +#else +static inline int amd_iommu_snp_disable(void) { return 0; } +#endif + #endif /* _ASM_X86_AMD_IOMMU_H */ From patchwork Fri Jan 26 04:11:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766558 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2052.outbound.protection.outlook.com [40.107.94.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2612F134B5; Fri, 26 Jan 2024 04:44:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.52 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244285; cv=fail; b=Pndh525IlrLrYSlWv10/WTyewTWfXv0n/3k/A6n3Zptro1eDCiF7BZreAZqss57yV/q0ZsT3Xbf669Bjb7Ugx2oOQcKtxD4ElZp4t4s4XOGDYUu/tEIOQ0K9rVGK/0x9GzXESVPRRGqf/pRP5NDJ8KVGmqsEP9kRedPJ/Kh1OrA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244285; c=relaxed/simple; bh=DNaPTWPXOLR6CYzR6MhHZPYTeW764AWSsqFWVyJJHgQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=S2SZzmaIvvsLnJKWou1MAjncNny0RIajgeP+ma+b4RIvgr1m/3fyUt8iFSHsukUtCXNRTMqb0Gy73y5LseOg1xQVkB3v8QpNFFsybRV9jto0zcpal1utj1ejJGCJPZrU00QGHWyrjaa38yYvMLniQbVcxWcQOqFoutEajkisg1M= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=JDR7d7tf; arc=fail smtp.client-ip=40.107.94.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="JDR7d7tf" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VNuLO09Y2Icd6tQwSLgqg2yFGdKF7CJMhHrKbvt5AgX6G1IzxKO0TiY9plBWBpgv1tmnD6Y++fFy+PjRt4TTE2EbbIfVG/EeQbVxcSIZvwKi1zHBVYKIJvod+rq+ssXJTCV8wp/wYYiRLOM4132Dg6Ryif5hX/LyNBGh1+q6KB34xK2Lxl2prPbCxIPVBtxzqrH86WRYaBFCTsX4Q6ASWZ4tl2pioHHzbthFNsYusbq5eEYm982mUvhgSAO2ALPXzAuAGO7UUZyGq2rK1s0nMDjjD88MfHlizgvRoofgfNsDTasD12fUrABlGfKCUha75ukK51775Nva/GoRoqwGdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=N0OvJ4iyrN4T9ToYeFsQcclgTHr6U+nK7L/b28IQX5s=; b=mJ9GgXBkyxLc4KN5Pv3qcNEfzTxk9oVM3N8PrDoED4bClgy9/PCOvNMCXbwu56Lw8wpLZ1G6SLgVjhFNAUZkHdIb8917TZRNbCgyHWn5Obdu0GMtahZu3+7wlnu4vL70j/AmJpo1jZ7rYDZ0B6FDg7J2slMtBPUzKYCYQmGkoPAhTV/nIH7BtdOOxeFNYbFJRPuiQMYUsnkVyMCafbx7042vUAUVnqdxO5WYWjEk06t9aJYRtzp09DFeAum8PCnctgvcZzEf4e1CvnkAUhgsqTHq9l+x9XQwnzoQs8ZVK9o5sWSYTqeAsyYY32GpBrvBhEAdJo87dgKGAQR8nOMuoQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=N0OvJ4iyrN4T9ToYeFsQcclgTHr6U+nK7L/b28IQX5s=; b=JDR7d7tf58xjzq7Adjtt5YxfCwGHfT3k5/oQpvPbrHeCL67VLXUD4NfsXcZXbiOW9VSLAGqY649IBS29AeN5IFjtyUJ8dEeE6O1CRC2BBV7BaCAThN+9pSRUk/Li7ZRYGxF7myWzJ9OyxIxc1FNtJHIenYeakTonvRw+OyOuzKs= Received: from MW4PR04CA0221.namprd04.prod.outlook.com (2603:10b6:303:87::16) by DS0PR12MB7533.namprd12.prod.outlook.com (2603:10b6:8:132::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27; Fri, 26 Jan 2024 04:44:39 +0000 Received: from MWH0EPF000971E2.namprd02.prod.outlook.com (2603:10b6:303:87:cafe::bb) by MW4PR04CA0221.outlook.office365.com (2603:10b6:303:87::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.26 via Frontend Transport; Fri, 26 Jan 2024 04:44:39 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000971E2.mail.protection.outlook.com (10.167.243.69) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:44:39 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:44:38 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v2 20/25] crypto: ccp: Add panic notifier for SEV/SNP firmware shutdown on kdump Date: Thu, 25 Jan 2024 22:11:20 -0600 Message-ID: <20240126041126.1927228-21-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000971E2:EE_|DS0PR12MB7533:EE_ X-MS-Office365-Filtering-Correlation-Id: 57beac15-2d24-4074-f700-08dc1e298188 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: dll6qedUGuxpLhR2GpHWFEKBugV8wZtIQxRVVEXp/qatYdgTkkJBnLnXMARvEmvAaj2X0ehLQHBrGOuggTMgd+5iHkd9k1vIGPDDOMsjp+p6nPhm2hAQjg9WRVYCz9X2Wqe7k76j2iVObM6B9JKFjMZR/73ljfcbzvtQ4omXHF17+Ujcu0ddDUknmaTHBkUACJEs2FysbpE4XC8+oRVqY6XyhwYeJLnLLIrZ/kp1VSefudV4BNyblArsTBKwJAoSGrW7J7rQNRqc4xKW08HOrNB9WhJFvYqln5Rwv8zEh1lusdq6TCs/d5v1gekbqsfKXF9LOsdDSa/4rWWMcu2nFUggSkqjtMMl4TC+QOscYUfI0XZMvWXpRTFwOHHfAOGuVK+Gcs4mKzb3HjccWSnGQyBgPrPWSJSBkYFee8mKJJTvtj2fHhXVJLdd4cRMtZf89nK1HqZWfeXqzSnFmYTQtNQuyqrJQTDsSS3dJmuhTn/qM8bZqIFwc6c0bM5qMMYrRL2JSGZco4wPvaht72/8yIByD2B+JepIooNLATq18CxAXwNDgxcK8MtJFq6HQgsY55Og1pRy38/FoUiDKjHOG5D5bR52l810R7llMV60nNqm7YcZRrKeEG3QnOIzMc2K3lnBcbEG5k0rdyjEiQf1KApAHzePafLSZqD1SZJKb47HU1SalqfNmIc3+V+hHpzPu0+y3crTZkJQ0HRp24VbGs1D6byoLqFl9iI7rH31/F4Ybgp1A7fyOVDlsYAvaNiVubpHWPh/s1S8i43p8bRBnnGsc+D1FG06BWZsp0RRIVXWcsInQv+Z20g7ZjA+bYR1 X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(376002)(39860400002)(136003)(346002)(396003)(230273577357003)(230922051799003)(230173577357003)(64100799003)(82310400011)(186009)(1800799012)(451199024)(40470700004)(46966006)(36840700001)(36860700001)(47076005)(36756003)(2906002)(86362001)(41300700001)(356005)(82740400003)(81166007)(6916009)(54906003)(316002)(70586007)(70206006)(478600001)(6666004)(336012)(426003)(5660300002)(4326008)(44832011)(2616005)(8676002)(7416002)(16526019)(1076003)(26005)(8936002)(7406005)(83380400001)(40480700001)(40460700003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:44:39.3778 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 57beac15-2d24-4074-f700-08dc1e298188 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000971E2.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB7533 From: Ashish Kalra Add a kdump safe version of sev_firmware_shutdown() and register it as a crash_kexec_post_notifier so it will be invoked during panic/crash to do SEV/SNP shutdown. This is required for transitioning all IOMMU pages to reclaim/hypervisor state, otherwise re-init of IOMMU pages during crashdump kernel boot fails and panics the crashdump kernel. This panic notifier runs in atomic context, hence it ensures not to acquire any locks/mutexes and polls for PSP command completion instead of depending on PSP command completion interrupt. Signed-off-by: Ashish Kalra [mdr: remove use of "we" in comments] Signed-off-by: Michael Roth --- arch/x86/include/asm/sev.h | 2 + arch/x86/kernel/crash.c | 3 + arch/x86/kernel/sev.c | 10 ++++ arch/x86/virt/svm/sev.c | 6 ++ drivers/crypto/ccp/sev-dev.c | 111 +++++++++++++++++++++++++---------- 5 files changed, 102 insertions(+), 30 deletions(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 435ba9bc4510..b3ba32c6fc9f 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -227,6 +227,7 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct sn void snp_accept_memory(phys_addr_t start, phys_addr_t end); u64 snp_get_unsupported_features(u64 status); u64 sev_get_status(void); +void kdump_sev_callback(void); #else static inline void sev_es_ist_enter(struct pt_regs *regs) { } static inline void sev_es_ist_exit(void) { } @@ -255,6 +256,7 @@ static inline int snp_issue_guest_request(u64 exit_code, struct snp_req_data *in static inline void snp_accept_memory(phys_addr_t start, phys_addr_t end) { } static inline u64 snp_get_unsupported_features(u64 status) { return 0; } static inline u64 sev_get_status(void) { return 0; } +static inline void kdump_sev_callback(void) { } #endif #ifdef CONFIG_KVM_AMD_SEV diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c index b6b044356f1b..d184c29398db 100644 --- a/arch/x86/kernel/crash.c +++ b/arch/x86/kernel/crash.c @@ -40,6 +40,7 @@ #include #include #include +#include /* Used while preparing memory map entries for second kernel */ struct crash_memmap_data { @@ -59,6 +60,8 @@ static void kdump_nmi_callback(int cpu, struct pt_regs *regs) */ cpu_emergency_stop_pt(); + kdump_sev_callback(); + disable_local_APIC(); } diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index 1ec753331524..002af6c30601 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -2265,3 +2265,13 @@ static int __init snp_init_platform_device(void) return 0; } device_initcall(snp_init_platform_device); + +void kdump_sev_callback(void) +{ + /* + * Do wbinvd() on remote CPUs when SNP is enabled in order to + * safely do SNP_SHUTDOWN on the local CPU. + */ + if (cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + wbinvd(); +} diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c index 649ac1bb6b0e..3d33b75b4606 100644 --- a/arch/x86/virt/svm/sev.c +++ b/arch/x86/virt/svm/sev.c @@ -216,6 +216,12 @@ static int __init snp_rmptable_init(void) cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "x86/rmptable_init:online", __snp_enable, NULL); + /* + * Setting crash_kexec_post_notifiers to 'true' to ensure that SNP panic + * notifier is invoked to do SNP IOMMU shutdown before kdump. + */ + crash_kexec_post_notifiers = true; + return 0; nosnp: diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index d26bff55ec93..9a395f0f9b10 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #include #include @@ -143,6 +144,25 @@ static int sev_wait_cmd_ioc(struct sev_device *sev, { int ret; + /* + * If invoked during panic handling, local interrupts are disabled, + * so the PSP command completion interrupt can't be used. Poll for + * PSP command completion instead. + */ + if (irqs_disabled()) { + unsigned long timeout_usecs = (timeout * USEC_PER_SEC) / 10; + + /* Poll for SEV command completion: */ + while (timeout_usecs--) { + *reg = ioread32(sev->io_regs + sev->vdata->cmdresp_reg); + if (*reg & PSP_CMDRESP_RESP) + return 0; + + udelay(10); + } + return -ETIMEDOUT; + } + ret = wait_event_timeout(sev->int_queue, sev->int_rcvd, timeout * HZ); if (!ret) @@ -1316,17 +1336,6 @@ static int __sev_platform_shutdown_locked(int *error) return ret; } -static int sev_platform_shutdown(int *error) -{ - int rc; - - mutex_lock(&sev_cmd_mutex); - rc = __sev_platform_shutdown_locked(NULL); - mutex_unlock(&sev_cmd_mutex); - - return rc; -} - static int sev_get_platform_state(int *state, int *error) { struct sev_user_data_status data; @@ -1602,7 +1611,7 @@ static int sev_update_firmware(struct device *dev) return ret; } -static int __sev_snp_shutdown_locked(int *error) +static int __sev_snp_shutdown_locked(int *error, bool panic) { struct sev_device *sev = psp_master->sev_data; struct sev_data_snp_shutdown_ex data; @@ -1615,7 +1624,16 @@ static int __sev_snp_shutdown_locked(int *error) data.len = sizeof(data); data.iommu_snp_shutdown = 1; - wbinvd_on_all_cpus(); + /* + * If invoked during panic handling, local interrupts are disabled + * and all CPUs are stopped, so wbinvd_on_all_cpus() can't be called. + * In that case, a wbinvd() is done on remote CPUs via the NMI + * callback, so only a local wbinvd() is needed here. + */ + if (!panic) + wbinvd_on_all_cpus(); + else + wbinvd(); ret = __sev_do_cmd_locked(SEV_CMD_SNP_SHUTDOWN_EX, &data, error); /* SHUTDOWN may require DF_FLUSH */ @@ -1659,17 +1677,6 @@ static int __sev_snp_shutdown_locked(int *error) return ret; } -static int sev_snp_shutdown(int *error) -{ - int rc; - - mutex_lock(&sev_cmd_mutex); - rc = __sev_snp_shutdown_locked(error); - mutex_unlock(&sev_cmd_mutex); - - return rc; -} - static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp, bool writable) { struct sev_device *sev = psp_master->sev_data; @@ -2117,19 +2124,28 @@ int sev_dev_init(struct psp_device *psp) return ret; } -static void sev_firmware_shutdown(struct sev_device *sev) +static void __sev_firmware_shutdown(struct sev_device *sev, bool panic) { int error; - sev_platform_shutdown(NULL); + __sev_platform_shutdown_locked(NULL); if (sev_es_tmr) { - /* The TMR area was encrypted, flush it from the cache */ - wbinvd_on_all_cpus(); + /* + * The TMR area was encrypted, flush it from the cache + * + * If invoked during panic handling, local interrupts are + * disabled and all CPUs are stopped, so wbinvd_on_all_cpus() + * can't be used. In that case, wbinvd() is done on remote CPUs + * via the NMI callback, and done for this CPU later during + * SNP shutdown, so wbinvd_on_all_cpus() can be skipped. + */ + if (!panic) + wbinvd_on_all_cpus(); __snp_free_firmware_pages(virt_to_page(sev_es_tmr), get_order(sev_es_tmr_size), - false); + true); sev_es_tmr = NULL; } @@ -2145,7 +2161,14 @@ static void sev_firmware_shutdown(struct sev_device *sev) snp_range_list = NULL; } - sev_snp_shutdown(&error); + __sev_snp_shutdown_locked(&error, panic); +} + +static void sev_firmware_shutdown(struct sev_device *sev) +{ + mutex_lock(&sev_cmd_mutex); + __sev_firmware_shutdown(sev, false); + mutex_unlock(&sev_cmd_mutex); } void sev_dev_destroy(struct psp_device *psp) @@ -2163,6 +2186,29 @@ void sev_dev_destroy(struct psp_device *psp) psp_clear_sev_irq_handler(psp); } +static int snp_shutdown_on_panic(struct notifier_block *nb, + unsigned long reason, void *arg) +{ + struct sev_device *sev = psp_master->sev_data; + + /* + * If sev_cmd_mutex is already acquired, then it's likely + * another PSP command is in flight and issuing a shutdown + * would fail in unexpected ways. Rather than create even + * more confusion during a panic, just bail out here. + */ + if (mutex_is_locked(&sev_cmd_mutex)) + return NOTIFY_DONE; + + __sev_firmware_shutdown(sev, true); + + return NOTIFY_DONE; +} + +static struct notifier_block snp_panic_notifier = { + .notifier_call = snp_shutdown_on_panic, +}; + int sev_issue_cmd_external_user(struct file *filep, unsigned int cmd, void *data, int *error) { @@ -2200,6 +2246,8 @@ void sev_pci_init(void) dev_info(sev->dev, "SEV%s API:%d.%d build:%d\n", sev->snp_initialized ? "-SNP" : "", sev->api_major, sev->api_minor, sev->build); + atomic_notifier_chain_register(&panic_notifier_list, + &snp_panic_notifier); return; err: @@ -2214,4 +2262,7 @@ void sev_pci_exit(void) return; sev_firmware_shutdown(sev); + + atomic_notifier_chain_unregister(&panic_notifier_list, + &snp_panic_notifier); } From patchwork Fri Jan 26 04:11:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766557 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2041.outbound.protection.outlook.com [40.107.236.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B2A1513FE4; Fri, 26 Jan 2024 04:45:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.41 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244347; cv=fail; b=AlT58ZNYTNU8kwiToto6EEB3tpZj/MIa/hMNz7AJnUqjMDrsLzfG37+/aRR60hJBJcZUY9Pe5v45vjXK/xMCgHTZE5umfLLHb013HTPqviTQjnRE2BouySYgrJh1Y4p1O7jtMc9xAEcdmoTO2HquHreFsY9FmuyJITfIv53OjKU= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244347; c=relaxed/simple; bh=InY5dwA03BhVFVqv+Z6ShNccNA8kOZvYoL6P9/6iS6A=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=eCu5fDx6gH8UW+2YaO0IYTZ9h/No4pEdNFQghPYeahqUugxt8/WbX9nheJQ9/0crei0yz+0MyXYqRakuq6ga8OGnsfTvFOlk13Wg7LepbTV2a2Tp8O2BbDUNVxcCESb/vNXaOjOBqg4dWWD6v6As8bYrCQ48VJxph4gOyJvgiO0= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=26LcK3hw; arc=fail smtp.client-ip=40.107.236.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="26LcK3hw" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VDPAFUKtRofZIhx2Rnecs1yuorc8mimYqsMxgyLxMtXWty3g/bNWhjJoOhMqhsb+qEnXu+h0EsBQ1oOW3QAnfZkIlSDA/mn+Bd44r4ouMwMlZzGIOaf7vIy0evxx04fxZUnYbALeEEO6qeQcFt6m6/WKcCZSRYiaqxAHYTA06ByemZEWju8UKW3kyGpJiSuR60EakiAq1d+2sYJghJRA3FHJLx+xzhtzozZfVS6gRhCysv/FPArfWgxxqd+Oe2CA/a2mIc0mzbTALfCTLPA3QHf+cbUm1BCE+Jl3NDCulFkqSDnSWyEibg7b5AIjaN5qBRpH0PEh5VN+/P2/OBsq8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vOqbJt4AWqrFUm6TwvKdJ4cOhGB1Q4xIXK8repYmn8Q=; b=duE3Y6hLNbmsayEXZuq0V+NFG5ij4QtNM2L4oGyWL4wfd+tAxmI1BT67d+lWGe8SUoaynCfLpS4jNqm1NIWsMRnoPXUjMGKDbw/7JB5pgsfuSoazFnJPOHyWmEzpjKDYKteWPLo60OMfIquXNI7eZl06G8NvDokrpSPJg3kckVpfKTWNUWthJp/SW3BT0M0XGmmc7QEiG/2kULzjUSFqWYu0fx30dU6ohT51+ZwmgxcLIRfESu2NEVE49GwB86yYCZgR+G7gzqA0h0SoZnoxAIRgbrAKLf5SosKmN9FDPFDyQ+IMN8nP6PxbHIoxsF+q8TN97p+7zyAa4FzHADdLvQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vOqbJt4AWqrFUm6TwvKdJ4cOhGB1Q4xIXK8repYmn8Q=; b=26LcK3hwjochdB05JbxrZNmz/4y9l6UEwizxNuY/Rfk6BtoT2pjl+LE2Tl9VPZkxEttXN5iBABoWnyyxrnIRiiv+Jgm3zyCjgD7z+G17DdSYPcrIh7WifnCBrlKx93wbrUVqivWfCgOo+6QXlzbgVtd6NGbYyNetfVpkNbTM/ew= Received: from DM6PR08CA0011.namprd08.prod.outlook.com (2603:10b6:5:80::24) by DM4PR12MB8521.namprd12.prod.outlook.com (2603:10b6:8:17e::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.26; Fri, 26 Jan 2024 04:45:43 +0000 Received: from DS2PEPF00003439.namprd02.prod.outlook.com (2603:10b6:5:80:cafe::86) by DM6PR08CA0011.outlook.office365.com (2603:10b6:5:80::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7202.38 via Frontend Transport; Fri, 26 Jan 2024 04:45:43 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF00003439.mail.protection.outlook.com (10.167.18.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:45:42 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:45:19 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh , Marc Orr Subject: [PATCH v2 21/25] KVM: SEV: Make AVIC backing, VMSA and VMCB memory allocation SNP safe Date: Thu, 25 Jan 2024 22:11:21 -0600 Message-ID: <20240126041126.1927228-22-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF00003439:EE_|DM4PR12MB8521:EE_ X-MS-Office365-Filtering-Correlation-Id: ce326697-6c1f-45c3-fa13-08dc1e29a752 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: TRaHYen1j3hWp/i4+RwYnPQSVdKEkvEzZlJDTP+R5EIPr+SvHcQJWNvx6S4G7rX9rDx32AwyEAWWDFWAGmBEwKrA1kVfibCh660wxDiuKf96l7DNSDQiRekbLAJXbmf1Ak0ALxpj+GAtYe04Dxp6/yYhHxUOS5PqNNtsy2ZyoIevk+JjWBYv0C0I4epG26dQzhdIZ8DKMOKAubaeUj85tgfnhlCqY56RhpOrTQLDvR6KXQ63f+f/LBj5mQ5mMAq5sG6TzETh3MUkexqyYwXrkOfLJi2as1AqtXDqCHVTqsptp5ab3JBNDHdp4zFmYWjTDXhOeCyHAHEReR6aYGTGHZqCUe1K+duN9bJMTf9WOQ1KEidRCbrY+ZJ2za8O2iuwCClM8SIm2wQEpg1m/ieHwtEG27GGB6oDVMwEDZYqXe0r8OwFZOPapqysAf/86P1QXKqvItAoMo3NJoIomTchKORj1W+fcwao5sn+wYbHvBVbJvHWlfzsy9MwkI5llv+iSHrN18GTrpKDw4iJZ42fM6qdEHh/9s9XW6PR3hNUAs7a+cj83g+xCulH8z4JEbK5EM5H1vzSzhLUgLvXxPIv+b0xfkBcfeFiB8fI+OuOHzt2UAx07NDLD0sAjvqTRX4IP5nzRf39cXVhhEaata2tLE3//SgaquzI0tMr0iMu/CA7VLNfkz4sddz4CMexnCAnwXG9cLMRKxdCry3eDExeYOnhbto0JYB6E/gr1XsFcO7ghTiacp5wtt+AlViTjNMN9qDiy7NmahyTdUlCkJEeXg== X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(376002)(346002)(136003)(396003)(39860400002)(230922051799003)(64100799003)(451199024)(1800799012)(186009)(82310400011)(36840700001)(40470700004)(46966006)(336012)(426003)(1076003)(26005)(16526019)(36860700001)(2616005)(356005)(6666004)(7406005)(5660300002)(83380400001)(7416002)(47076005)(2906002)(44832011)(41300700001)(478600001)(316002)(8676002)(70206006)(70586007)(6916009)(54906003)(8936002)(4326008)(36756003)(81166007)(86362001)(82740400003)(40460700003)(40480700001)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:45:42.8555 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ce326697-6c1f-45c3-fa13-08dc1e29a752 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF00003439.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB8521 From: Brijesh Singh Implement a workaround for an SNP erratum where the CPU will incorrectly signal an RMP violation #PF if a hugepage (2MB or 1GB) collides with the RMP entry of a VMCB, VMSA or AVIC backing page. When SEV-SNP is globally enabled, the CPU marks the VMCB, VMSA, and AVIC backing pages as "in-use" via a reserved bit in the corresponding RMP entry after a successful VMRUN. This is done for _all_ VMs, not just SNP-Active VMs. If the hypervisor accesses an in-use page through a writable translation, the CPU will throw an RMP violation #PF. On early SNP hardware, if an in-use page is 2MB-aligned and software accesses any part of the associated 2MB region with a hugepage, the CPU will incorrectly treat the entire 2MB region as in-use and signal a an RMP violation #PF. To avoid this, the recommendation is to not use a 2MB-aligned page for the VMCB, VMSA or AVIC pages. Add a generic allocator that will ensure that the page returned is not 2MB-aligned and is safe to be used when SEV-SNP is enabled. Also implement similar handling for the VMCB/VMSA pages of nested guests. Signed-off-by: Brijesh Singh Co-developed-by: Marc Orr Signed-off-by: Marc Orr Reported-by: Alper Gun # for nested VMSA case Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra Acked-by: Vlastimil Babka [mdr: squash in nested guest handling from Ashish, commit msg fixups] Signed-off-by: Michael Roth --- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/lapic.c | 5 ++++- arch/x86/kvm/svm/nested.c | 2 +- arch/x86/kvm/svm/sev.c | 32 ++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 17 +++++++++++++--- arch/x86/kvm/svm/svm.h | 1 + 7 files changed, 54 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h index 378ed944b849..ab24ce207988 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -138,6 +138,7 @@ KVM_X86_OP(complete_emulated_msr) KVM_X86_OP(vcpu_deliver_sipi_vector) KVM_X86_OP_OPTIONAL_RET0(vcpu_get_apicv_inhibit_reasons); KVM_X86_OP_OPTIONAL(get_untagged_addr) +KVM_X86_OP_OPTIONAL(alloc_apic_backing_page) #undef KVM_X86_OP #undef KVM_X86_OP_OPTIONAL diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index b5b2d0fde579..5c12af29fd9b 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1794,6 +1794,7 @@ struct kvm_x86_ops { unsigned long (*vcpu_get_apicv_inhibit_reasons)(struct kvm_vcpu *vcpu); gva_t (*get_untagged_addr)(struct kvm_vcpu *vcpu, gva_t gva, unsigned int flags); + void *(*alloc_apic_backing_page)(struct kvm_vcpu *vcpu); }; struct kvm_x86_nested_ops { diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 3242f3da2457..1edf93ee3395 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -2815,7 +2815,10 @@ int kvm_create_lapic(struct kvm_vcpu *vcpu, int timer_advance_ns) vcpu->arch.apic = apic; - apic->regs = (void *)get_zeroed_page(GFP_KERNEL_ACCOUNT); + if (kvm_x86_ops.alloc_apic_backing_page) + apic->regs = static_call(kvm_x86_alloc_apic_backing_page)(vcpu); + else + apic->regs = (void *)get_zeroed_page(GFP_KERNEL_ACCOUNT); if (!apic->regs) { printk(KERN_ERR "malloc apic regs error for vcpu %x\n", vcpu->vcpu_id); diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index dee62362a360..55b9a6d96bcf 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -1181,7 +1181,7 @@ int svm_allocate_nested(struct vcpu_svm *svm) if (svm->nested.initialized) return 0; - vmcb02_page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); + vmcb02_page = snp_safe_alloc_page(&svm->vcpu); if (!vmcb02_page) return -ENOMEM; svm->nested.vmcb02.ptr = page_address(vmcb02_page); diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 564091f386f7..f99435b6648f 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3163,3 +3163,35 @@ void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, 1); } + +struct page *snp_safe_alloc_page(struct kvm_vcpu *vcpu) +{ + unsigned long pfn; + struct page *p; + + if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + return alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); + + /* + * Allocate an SNP-safe page to workaround the SNP erratum where + * the CPU will incorrectly signal an RMP violation #PF if a + * hugepage (2MB or 1GB) collides with the RMP entry of a + * 2MB-aligned VMCB, VMSA, or AVIC backing page. + * + * Allocate one extra page, choose a page which is not + * 2MB-aligned, and free the other. + */ + p = alloc_pages(GFP_KERNEL_ACCOUNT | __GFP_ZERO, 1); + if (!p) + return NULL; + + split_page(p, 1); + + pfn = page_to_pfn(p); + if (IS_ALIGNED(pfn, PTRS_PER_PMD)) + __free_page(p++); + else + __free_page(p + 1); + + return p; +} diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 61f2bdc9f4f8..272d5ed37ce7 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -703,7 +703,7 @@ static int svm_cpu_init(int cpu) int ret = -ENOMEM; memset(sd, 0, sizeof(struct svm_cpu_data)); - sd->save_area = alloc_page(GFP_KERNEL | __GFP_ZERO); + sd->save_area = snp_safe_alloc_page(NULL); if (!sd->save_area) return ret; @@ -1421,7 +1421,7 @@ static int svm_vcpu_create(struct kvm_vcpu *vcpu) svm = to_svm(vcpu); err = -ENOMEM; - vmcb01_page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); + vmcb01_page = snp_safe_alloc_page(vcpu); if (!vmcb01_page) goto out; @@ -1430,7 +1430,7 @@ static int svm_vcpu_create(struct kvm_vcpu *vcpu) * SEV-ES guests require a separate VMSA page used to contain * the encrypted register state of the guest. */ - vmsa_page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); + vmsa_page = snp_safe_alloc_page(vcpu); if (!vmsa_page) goto error_free_vmcb_page; @@ -4900,6 +4900,16 @@ static int svm_vm_init(struct kvm *kvm) return 0; } +static void *svm_alloc_apic_backing_page(struct kvm_vcpu *vcpu) +{ + struct page *page = snp_safe_alloc_page(vcpu); + + if (!page) + return NULL; + + return page_address(page); +} + static struct kvm_x86_ops svm_x86_ops __initdata = { .name = KBUILD_MODNAME, @@ -5031,6 +5041,7 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .vcpu_deliver_sipi_vector = svm_vcpu_deliver_sipi_vector, .vcpu_get_apicv_inhibit_reasons = avic_vcpu_get_apicv_inhibit_reasons, + .alloc_apic_backing_page = svm_alloc_apic_backing_page, }; /* diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 8ef95139cd24..7f1fbd874c45 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -694,6 +694,7 @@ void sev_es_vcpu_reset(struct vcpu_svm *svm); void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector); void sev_es_prepare_switch_to_guest(struct sev_es_save_area *hostsa); void sev_es_unmap_ghcb(struct vcpu_svm *svm); +struct page *snp_safe_alloc_page(struct kvm_vcpu *vcpu); /* vmenter.S */ From patchwork Fri Jan 26 04:11:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766957 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2078.outbound.protection.outlook.com [40.107.92.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4CC3713FED; Fri, 26 Jan 2024 04:45:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.78 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244348; cv=fail; b=dDEN5gprWHudcWtw7HRPG1BEaxlKDL55FBvHwpqRPoHENrgsDJgMTNP98YLFKrpqF94JgvKqPgfbSa9ZPTUAIVYZh0N9IWm+HRjQ1DgiC32E/wFqSBrl/wwFLo9fPA1eE9V++zR1rqV/4Hoh/ZzZouxeBeuN+Hhgu3l2COvIfhY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244348; c=relaxed/simple; bh=2sIUYBbXkdCzEf1ZEnDU2qwuN3+Kmyq3ApGKZF72kEM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=OqjCxn+QaJ9GKirWd6cb8pq44Tt80sty53w1wV+XpmRQDM4GY1Q3F1BODDgDlsPhgXyUmwbA4mmAxVCHCS5m7OpPvNV/ay/P1d1OPEZJIzrowyLpWPJfH2xadC/x8No0/hGikZNpKeYUEwE5LDNotzE9OLc9gr6F5IVLaOHOXGI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=VRpfg1eR; arc=fail smtp.client-ip=40.107.92.78 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="VRpfg1eR" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=J6wjTveJHPX6U+uUvmKwgGtIa8NA12O44etpuwPmlmOPIHinAZ3BP3+PK/SF7N5pXWzz2EHx8HwsGguJWrOpg7V5+o0CTVTBiI2YH8mX1KKG2VIfN4WmQN7RTknrY8f8YimYopZaRHx/JTfjDSju4lSKG29GSPoSjAx+m/+uqBVRx188JYaBKVWERrZN88ap8lKe2OT+5iM9/rQlSN7LfD57Hfn9Ia4Cgse56CBQ7kts34FAZVBOillzS0l/DfVuGozqQKXVJOtcsNIaW8chQkb9O1tAHqNcDKw+hICra6+AQrMZ+hVEHEXdE9Sa4AXBlRaWxOGi+DE5W9l39pAKqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9AMGVMMWRfpMi4iyhUnQz528Hz/O4DZ5uaxI+sp5psM=; b=oPkgfGwNW1mjAOS64BqG8Lro1NE76vwvXzlIz6HTtyhtMmDzLe4L+ktAdcY1TFKTi068upOlsV4evEDTLIu8/xoNx43fe1GUQ4ASVQ8I9KzN64R9Zo4cffJnBZb8W3eS5G9Z7/pRz7Io9msWgce0rNCAQN0bxbEA58EHykYQT7yZImlWd2GKq0IIZPA7K1Ub+N+7aUDsjDvk2DdziF0uhnFETvpdqrmclpnDA2zUho4tunYsKB8mvJsBPXBg3s4/j1qUq5itNk56wIK040teyXgIFPZOXOvUEw4ShwAJP0PK7k8F0OY5esQqDOyolP6tBUqX+X+2FjOkFwBNR1kq5g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9AMGVMMWRfpMi4iyhUnQz528Hz/O4DZ5uaxI+sp5psM=; b=VRpfg1eRJBgaFp0qlb4QLS86yagyUuSMiUh32zHu8+WMev2gdIuma23xhcZ5cj1jf/CNZ1E8RFefCyRxhTmiINmzIkICwuOP0FeNaUvDqRH/jgP01QhxHJk+utzUOM9J9sMh3Be059ZhIIYR+lvZR3z6/Atk8gm0zA+xm1NOVik= Received: from DM6PR08CA0011.namprd08.prod.outlook.com (2603:10b6:5:80::24) by BL0PR12MB4915.namprd12.prod.outlook.com (2603:10b6:208:1c9::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27; Fri, 26 Jan 2024 04:45:44 +0000 Received: from DS2PEPF00003439.namprd02.prod.outlook.com (2603:10b6:5:80:cafe::69) by DM6PR08CA0011.outlook.office365.com (2603:10b6:5:80::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7202.38 via Frontend Transport; Fri, 26 Jan 2024 04:45:44 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF00003439.mail.protection.outlook.com (10.167.18.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:45:44 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:45:41 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v2 22/25] x86/cpufeatures: Enable/unmask SEV-SNP CPU feature Date: Thu, 25 Jan 2024 22:11:22 -0600 Message-ID: <20240126041126.1927228-23-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF00003439:EE_|BL0PR12MB4915:EE_ X-MS-Office365-Filtering-Correlation-Id: 100c4706-a2ee-4b33-17f6-08dc1e29a814 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: rHP180opXMHn+HCrZQ0/PpXNBbJB3JxvKE7k+OpmZnHQ+LzBKxp7gRHVQQlmPosLwWL++N8oxZ0cEbPepgnvyeoN65rhJD3kV+P+3McVQ4Yy8lKrgyy+pUKyCyqayu91rZ0/pmwN2PsWSDg06ZeGVpMPKNYA0fi2RGHDGJJhP4WL/CqictxAXG2PVWqTsE78+i7Uv8SUzxm4VM7v+X4Yg43X5nckjA2+mlYNa1w0jY892ofL/LsvoLMNfKsvBXVePYzbjoNKUGWLYmhxoJAjbqA8pxrYNIDpnE8GQN6h9/IFecUHkDdOu5efRSN/dbWIgaEnQNrF/QPl5nY/O94f5qXiuBBPtA4tdSZxcS6/PLIg/1fAoWt3YrofpWrZtIyV6CtgQOOjiYD1Yj5Cn9QMrtcgVk8hB7fiRHZ++yQI4ivVp9GckmuMjiE8L0eAFk87Md0MBkJHcvxE/NrI6Rx4LM60WOSoWVO5MHTZycc/9+BiMSPOGX2SCt1CvBzp9GgpcPr92XiJGCOwj/ntiYOy2LbAq5qYWGEiW3iaNuBYggEgcD2/bF9CZrBzsKssQFq85WuPGcZJeEiMZPMYtpjwyojzaa7w36Cop09OA/LK05/h5toLF24mK3gCUSH9K3ZB19nu6qb8m2Aqa40AVgkHI1lx/9Qz/Sqpv2h4xj5NouAHa96PCFhvZ746MtgSIOa/oz69mjxpYVH1ArG9kb6JniBLxmVEd1G/KzKBQkwK0VRoSKJWda3bpMNZOEFHg4KxmrolhMZUlsEJvVbzpQ/PuA== X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(396003)(136003)(376002)(39860400002)(346002)(230922051799003)(64100799003)(186009)(82310400011)(451199024)(1800799012)(36840700001)(40470700004)(46966006)(40480700001)(40460700003)(83380400001)(47076005)(36756003)(356005)(81166007)(86362001)(36860700001)(44832011)(8936002)(8676002)(4326008)(5660300002)(426003)(336012)(26005)(16526019)(2616005)(1076003)(82740400003)(70206006)(316002)(54906003)(6916009)(70586007)(7416002)(7406005)(4744005)(2906002)(41300700001)(6666004)(478600001)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:45:44.1211 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 100c4706-a2ee-4b33-17f6-08dc1e29a814 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF00003439.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR12MB4915 With all the required host changes in place, it should now be possible to initialize SNP-related MSR bits, set up RMP table enforcement, and initialize SNP support in firmware while maintaining legacy support for SEV/SEV-ES guests. Go ahead and enable the SNP feature now. Signed-off-by: Michael Roth --- arch/x86/include/asm/disabled-features.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h index 1ea64d4e7021..85a7b5ce96c9 100644 --- a/arch/x86/include/asm/disabled-features.h +++ b/arch/x86/include/asm/disabled-features.h @@ -117,7 +117,11 @@ #define DISABLE_IBT (1 << (X86_FEATURE_IBT & 31)) #endif +#ifdef CONFIG_KVM_AMD_SEV +#define DISABLE_SEV_SNP 0 +#else #define DISABLE_SEV_SNP (1 << (X86_FEATURE_SEV_SNP & 31)) +#endif /* * Make sure to add features to the correct mask From patchwork Fri Jan 26 04:11:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766556 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2055.outbound.protection.outlook.com [40.107.95.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CFA2714008; Fri, 26 Jan 2024 04:46:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.95.55 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244367; cv=fail; b=I6T5cWid3QvQHtR/H3NHlVnlYi0TktnDlAQLCYtZl8bA+nb9t4qGW5eSi6SbhRDXemip15qnjpimQAHL3TdWp6gOVMBzj4V/3l8/RrM0h5LL0/DLlqvOk/Ek4taModwnzQavcNZZIwDF84Nu4z3AFXxicSpn00OutC6+FzLNrx8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244367; c=relaxed/simple; bh=QrUPs3kaQ9AWLVT4OpRpS5jvj5xXKkaI6mDQqf2c4/M=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=h9ni1wwnjVMAHA8JtkmD4A2gUT2m1ooceGSTQMlTP0Jz6H7kFTpoqPwtxUSJ5svyNOMOPBc3i0Nmz72zsr5gVBZ4v1j4umz+B/2C+ECjnCyaHg1YzCgy90b501pSJaO7Jc6wqi+SroZaQxv5fsi2yYI9RAEqlqjtkLBR3M+n8Ig= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=P3us/8Oa; arc=fail smtp.client-ip=40.107.95.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="P3us/8Oa" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KSB9w4dLGJxZ7b4ItNCX7ZA2t/8x7/Xk9xCQk/azdaj5ghsNBqNDwITrZUvGSCguEiqfEizxE3taY76BnSAgnanj11EwlXVXRsvPzTRVv3V2vHLopkKIvR8MtkPNsykYj8EElxXgmtbWL0sQHAWv3KdV/iSQdPDps9ily8usYQSJQ8p3JYt5IOk6fiudmRJ/lD/HlKkbXTNthMmKzPSqeGwAfxMzBQe2xkzf3/RZvBx+7CZTpYyqi92GMTD85y/mp4DB6JFDxQgi5idlsHDZQa2GV32+NVbf8QpEVkdgPcUjnDlCBF5o0Jeu9mfQQZhDA+pqhIjBhAUu1DpDo/g7wg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=P24ey68QgkCCklEFwnPZMKuFWRudOfuqK8Rb9REQ1Dc=; b=Huy7oOmrkC79hDZeFQWEOyXXGJ07zdYp44xxqFdq36hZyQLiPe83S5mdQ9cy4RqXrHo83oHugMCAdLu9PB7JEVtBbUf9ao0w+zYS97ecTupgZkG/oDYp3qZLwxjJO9XUzeBjfFGCqtb0BHd52CV1VfqKKDs+/1tPTaliPddVS2UL9rWfPvEPrlB5nLDMc6wfwlWDiWoM2V/9sO5ZhvWuPAz4fDmUz6ZLI/xM7nMIwchyNid+EYojK+8j1ctnAap69LWmhejZccQE8JBgtmjahab7UciAzUgxDAfZNKTgSrAKr28O7LoNFI3nXVYNAuNSJNq63khMGmH8GUplofcGRQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=P24ey68QgkCCklEFwnPZMKuFWRudOfuqK8Rb9REQ1Dc=; b=P3us/8OakS9/enVf+ULHDxHhuWks7ZCBbZuZZhMtuRaGtkR5OBklfWb7ipcRu/sxo+Wgi/ts3mputIy67fBfpxa+hrF55SyzjGimd5jcx7yCzR3TqMhJDakjYw/DO2RhARyfCz7k6+5VrvH4kfKDIy07BCrKrm4Bb4VERaaPP8E= Received: from DM6PR03CA0031.namprd03.prod.outlook.com (2603:10b6:5:40::44) by DM4PR12MB5987.namprd12.prod.outlook.com (2603:10b6:8:6a::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.24; Fri, 26 Jan 2024 04:46:03 +0000 Received: from DS2PEPF0000343B.namprd02.prod.outlook.com (2603:10b6:5:40:cafe::fc) by DM6PR03CA0031.outlook.office365.com (2603:10b6:5:40::44) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7202.33 via Frontend Transport; Fri, 26 Jan 2024 04:46:03 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343B.mail.protection.outlook.com (10.167.18.38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:46:03 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:46:02 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh Subject: [PATCH v2 23/25] crypto: ccp: Add the SNP_PLATFORM_STATUS command Date: Thu, 25 Jan 2024 22:11:23 -0600 Message-ID: <20240126041126.1927228-24-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343B:EE_|DM4PR12MB5987:EE_ X-MS-Office365-Filtering-Correlation-Id: 2faef846-fc4b-4963-0a82-08dc1e29b35e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 8P4HI7ieC8Fz2YbYt0FRTzbArB2pJb/HO7caRJZ+Vt5dYOqIAeBTap/ThKzFTa5Idr77OhCfWk1Eixza4rp3RQOL69RsPDrpALV8L6YH4vRNOYS5j5yOSglEP+cB7WNlRW40q37yqSFeyy8a91+BEbHozTST/CVFdLncAUGOR+MR9cxeJenxkVmit+qi+SJ5GEFBFF8KvUHH5yxvx9HFLSQtINJIVOYWO4f0HpyRATLnDaInWMT/Du8sS1G73XGRjJREABMdqNln/GHAkX7eFZn1D8tHSaXP/0Jd5v7AVYnzhLXy9zATRzircYlf3SQnBUF2IUIpSYIsoppaBWObSxQGx2KA+odrmmoErT+8wTa3f54pYWcAPEXUKFGV7X6i8ydeVg5PIMHOGMZDEkSkkdvdB4acAq1WlGZ/tD56VNQ8YeWRfJupUD25LANy3zAZmuhFVTZImbx1E6FlCIX43GmRqAd3bYMx7Vm4I49ggx3DaeS0PX8jdXIsslTBHfuhP0TX+5eSVB57iZVyv8lYiFWhfqH1GjqRTng/3pio3ZEagMbnkMDoo6wb2VvysBHyXz5eVsym+k4RH9kBbohJqd6ZONKiYZ02j8QK4Vki9gIhnhD4uCOiUNYiV//wFKsnWmgq8botFq+UoT9D7gyvkNVJxJO4M8UYALXrP6r9swgLE6+iorGF4fo1ZApn11HuoBpzgyOqaTo0Kn60Ou7P+rAGryagQhuSgUaNa0tCPIRLwh+Tr49rSJlBX7PTx3cty6CuShjyolsmPVrr6Yji2A== X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(346002)(376002)(39860400002)(136003)(396003)(230922051799003)(451199024)(64100799003)(82310400011)(1800799012)(186009)(40470700004)(36840700001)(46966006)(40460700003)(40480700001)(70206006)(26005)(70586007)(5660300002)(36860700001)(54906003)(7416002)(316002)(4326008)(16526019)(336012)(8676002)(8936002)(426003)(6666004)(7406005)(1076003)(2906002)(47076005)(6916009)(83380400001)(44832011)(81166007)(356005)(86362001)(478600001)(36756003)(41300700001)(2616005)(82740400003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:46:03.0763 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2faef846-fc4b-4963-0a82-08dc1e29b35e X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343B.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5987 From: Brijesh Singh This command is used to query the SNP platform status. See the SEV-SNP spec for more details. Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra Signed-off-by: Michael Roth --- Documentation/virt/coco/sev-guest.rst | 27 ++++++++++++++ drivers/crypto/ccp/sev-dev.c | 52 +++++++++++++++++++++++++++ include/uapi/linux/psp-sev.h | 1 + 3 files changed, 80 insertions(+) diff --git a/Documentation/virt/coco/sev-guest.rst b/Documentation/virt/coco/sev-guest.rst index 68b0d2363af8..6d3d5d336e5f 100644 --- a/Documentation/virt/coco/sev-guest.rst +++ b/Documentation/virt/coco/sev-guest.rst @@ -67,6 +67,22 @@ counter (e.g. counter overflow), then -EIO will be returned. }; }; +The host ioctls are issued to a file descriptor of the /dev/sev device. +The ioctl accepts the command ID/input structure documented below. + +:: + struct sev_issue_cmd { + /* Command ID */ + __u32 cmd; + + /* Command request structure */ + __u64 data; + + /* Firmware error code on failure (see psp-sev.h) */ + __u32 error; + }; + + 2.1 SNP_GET_REPORT ------------------ @@ -124,6 +140,17 @@ be updated with the expected value. See GHCB specification for further detail on how to parse the certificate blob. +2.4 SNP_PLATFORM_STATUS +----------------------- +:Technology: sev-snp +:Type: hypervisor ioctl cmd +:Parameters (out): struct sev_user_data_snp_status +:Returns (out): 0 on success, -negative on error + +The SNP_PLATFORM_STATUS command is used to query the SNP platform status. The +status includes API major, minor version and more. See the SEV-SNP +specification for further details. + 3. SEV-SNP CPUID Enforcement ============================ diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 9a395f0f9b10..9f6ee0d24781 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -1919,6 +1919,55 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable) return ret; } +static int sev_ioctl_do_snp_platform_status(struct sev_issue_cmd *argp) +{ + struct sev_device *sev = psp_master->sev_data; + struct sev_data_snp_addr buf; + struct page *status_page; + void *data; + int ret; + + if (!sev->snp_initialized || !argp->data) + return -EINVAL; + + status_page = alloc_page(GFP_KERNEL_ACCOUNT); + if (!status_page) + return -ENOMEM; + + data = page_address(status_page); + + /* + * Firmware expects status page to be in firmware-owned state, otherwise + * it will report firmware error code INVALID_PAGE_STATE (0x1A). + */ + if (rmp_mark_pages_firmware(__pa(data), 1, true)) { + ret = -EFAULT; + goto cleanup; + } + + buf.address = __psp_pa(data); + ret = __sev_do_cmd_locked(SEV_CMD_SNP_PLATFORM_STATUS, &buf, &argp->error); + + /* + * Status page will be transitioned to Reclaim state upon success, or + * left in Firmware state in failure. Use snp_reclaim_pages() to + * transition either case back to Hypervisor-owned state. + */ + if (snp_reclaim_pages(__pa(data), 1, true)) + return -EFAULT; + + if (ret) + goto cleanup; + + if (copy_to_user((void __user *)argp->data, data, + sizeof(struct sev_user_data_snp_status))) + ret = -EFAULT; + +cleanup: + __free_pages(status_page, 0); + return ret; +} + static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) { void __user *argp = (void __user *)arg; @@ -1970,6 +2019,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) case SEV_GET_ID2: ret = sev_ioctl_do_get_id2(&input); break; + case SNP_PLATFORM_STATUS: + ret = sev_ioctl_do_snp_platform_status(&input); + break; default: ret = -EINVAL; goto out; diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index 207e34217528..f1e2c55a92b4 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -28,6 +28,7 @@ enum { SEV_PEK_CERT_IMPORT, SEV_GET_ID, /* This command is deprecated, use SEV_GET_ID2 */ SEV_GET_ID2, + SNP_PLATFORM_STATUS, SEV_MAX, }; From patchwork Fri Jan 26 04:11:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766956 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2088.outbound.protection.outlook.com [40.107.237.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 86E79C2FE; Fri, 26 Jan 2024 04:46:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.88 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244390; cv=fail; b=jMZ/sCx97zyf7QygvFyGQFe2EHvVdbSZeHuDmW9dhH7MaiGuyW291jKbxfePgoZYkclUcnN/nJALFEDAy2x83q4PpessDi7iEMMFjMoj2IyHUZS7cuTZlN4LxUlrS0LWXpnQC+MP6+4Qs4n+R8yD2V8FpChN43fR6p+eHjNJ95U= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244390; c=relaxed/simple; bh=nsqAmjMDpFI7POL03oJKlspAd8clB11tHX4Cd62+CA8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=MbES20uYJGQIlrlqafImkr2VOwyOMoeh6wSmyss6+UvDVs7BlwH7aGVf9h0KViwTeh7DOVhyoXZah8i296NRsDmvyV1z6ZQ2otmqXTF5fQI6tkROIR62T6pt1nsOOBI+c/YwggFHxYoEA027vq7phtOWps1OyxV9FGYJHPsnNrg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=GytQ8apd; arc=fail smtp.client-ip=40.107.237.88 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="GytQ8apd" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kxfMNnaM7qw8N1rfbjsJ5zhXRMD57BGXeNmaMHAdFAhgQ1VSGMZ+VZsJ5D7NBGAu+O6z9fSzGAon6VkbYQeEsP8AHjsmeXn9e7nsAkGP7htkVE8C/UK8O4bUDNe3K/8Z/vWSRcRLMuylaj0asRmKM622ktOlR/7oUHnUEJpGz/lhEHi8/Nndrixj2QLCbSgqa/e/JzuHM3qxZL0EiZeJhdFLOYVENfatRSJZPwoPo0i4z5X4JQDwpRvFBhSleb3CxMDeGN3Gvmjy3Fv3UBhu6mc9tKnIyo9mCGxhbcVlVjPyi3Cecc5o7/cqDph5P/pzKzDWOvkVGykrm02EP+sFjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UU3BHFRlkhMspS3Gn0J+D66WgUTsZEWbGuYOYJ2bfmM=; b=kPlzX1veup/YkDDfqKcNObGXy+sXg6K8Whx7jF4jitMhKo6yUT0+sjjaA4ufwO23+ilTZddyGtTXqZo7yK0vLA0tJsLhagUL25WXMYeldZrd7x9lNAZzNQDyeA79xt5w2vsAF1mhzgXdrvXCvCsV92TtX/lbViAtoi/W3l5JQqQD+LJrcI/CjBAq707Dq5gNumkPt5nsGfEYiQCL/3tnh9ntKrkqkNFfOd3axZlV2PinTWeSRcAIILsymtQ1fTf9nH/IWc+wbz3vaE8ReevfRIqkRCPAXn3xRfwp4lcRBCzreeTz3TKGrRixnEUtCbhqZjsjOEtPj2gxkpjnf0shBw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UU3BHFRlkhMspS3Gn0J+D66WgUTsZEWbGuYOYJ2bfmM=; b=GytQ8apduQsxhzzccJeUkUh25wh9JHkyGp46O8LjRZID+yMbuYVx6VDg8u6wyKpHNbkUxn5hilYR9veCbVWC0ANH/Vfb2SDvjA1lcx9BQm3KCFpXunZZauSSO7OLSi1PqLaNzJzLyaYULYhs+rzllqd7LuIs3nit/31DnmErFz0= Received: from DM6PR02CA0166.namprd02.prod.outlook.com (2603:10b6:5:332::33) by MW4PR12MB7467.namprd12.prod.outlook.com (2603:10b6:303:212::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27; Fri, 26 Jan 2024 04:46:24 +0000 Received: from DS2PEPF0000343E.namprd02.prod.outlook.com (2603:10b6:5:332:cafe::fd) by DM6PR02CA0166.outlook.office365.com (2603:10b6:5:332::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27 via Frontend Transport; Fri, 26 Jan 2024 04:46:23 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343E.mail.protection.outlook.com (10.167.18.41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:46:23 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:46:22 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v2 24/25] crypto: ccp: Add the SNP_COMMIT command Date: Thu, 25 Jan 2024 22:11:24 -0600 Message-ID: <20240126041126.1927228-25-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343E:EE_|MW4PR12MB7467:EE_ X-MS-Office365-Filtering-Correlation-Id: 7864d932-96d5-41e2-b8bd-08dc1e29bf8f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: VKQb21dAilhTE1lfdCFY/CEwt2l2RaTvjiYFvU+Hj0/IPAEgG/9axsuY3xxe8uvvJ5j/b8sRw1T7O7qcyAupl30W4iGL2QNf7iPoVSKqnz72rznp1TPjT/a3g8rGppnpsi6MejcwPq/tsLy10RrRjaCla9m1AVNb2zbb9aNOftUWefRlLUMwo9nzD3M9P+OjWlnKcgSqJA5ulk8N7Dkko0Vs0xTsmZbxgg0LU9FsZKSR1jThC91TpYRqPzea2kY1TZo69aEM4f+YSYZtEt1DEYaZ4soAqhW8d39PL4/aIBrpx3rzx5JOzxsbidmeRsOuQYoHSa8b00IqKRyDncRs79vkMGimF2mcTvZ5DGr1DTfPsIiMS1W890LKtPxLNrNiHZECO8XnxsMP2AbswZFXXvv/kx0iujKJbKg2Jby1rX9+ODZ5ELNoRKACNqPsN/f3WZPBw7pb0NMoFpkxm5T2lSp6SSHICfkYpAG+4+GTDOTmoZWJ+fhUHb8MzgNE5vYuHM2odGFw26AkM38nt94HDa/O+aGmuHfolpzFhxbgBilVzfAobolLnt/EEx+ad38/uXt7op0BmS9+CtsPXhwBnJXtrXVpGk+BnQPQOL3x90NG6F8CMk864j6Nx0bhwep8JQRi4lwXiSC9b1qEOQFu4JgpTKCyHU01780l+UviB2qYTFgpUkKd7oJjg2dkiROhjQx7+5EgNH3rAS3ZhYOXAVhNxIWAl9rFXstE9rMAHHv66BL0EsbhWY2wRkP29gMcMkQZHUQJN3RhDHhQ9b/J2g== X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(136003)(396003)(346002)(376002)(39860400002)(230922051799003)(451199024)(186009)(82310400011)(64100799003)(1800799012)(46966006)(36840700001)(40470700004)(47076005)(83380400001)(1076003)(2616005)(16526019)(426003)(336012)(26005)(82740400003)(36860700001)(4326008)(5660300002)(8676002)(8936002)(44832011)(41300700001)(2906002)(7406005)(7416002)(478600001)(54906003)(6916009)(316002)(70206006)(70586007)(36756003)(81166007)(356005)(86362001)(40480700001)(40460700003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:46:23.5346 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7864d932-96d5-41e2-b8bd-08dc1e29bf8f X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343E.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR12MB7467 From: Tom Lendacky The SNP_COMMIT command is used to commit the currently installed version of the SEV firmware. Once committed, the firmware cannot be replaced with a previous firmware version (cannot be rolled back). This command will also update the reported TCB to match that of the currently installed firmware. Signed-off-by: Tom Lendacky [mdr: note the reported TCB update in the documentation/commit] Signed-off-by: Michael Roth --- Documentation/virt/coco/sev-guest.rst | 11 +++++++++++ drivers/crypto/ccp/sev-dev.c | 17 +++++++++++++++++ include/linux/psp-sev.h | 9 +++++++++ include/uapi/linux/psp-sev.h | 1 + 4 files changed, 38 insertions(+) diff --git a/Documentation/virt/coco/sev-guest.rst b/Documentation/virt/coco/sev-guest.rst index 6d3d5d336e5f..007ae828aa2a 100644 --- a/Documentation/virt/coco/sev-guest.rst +++ b/Documentation/virt/coco/sev-guest.rst @@ -151,6 +151,17 @@ The SNP_PLATFORM_STATUS command is used to query the SNP platform status. The status includes API major, minor version and more. See the SEV-SNP specification for further details. +2.5 SNP_COMMIT +-------------- +:Technology: sev-snp +:Type: hypervisor ioctl cmd +:Returns (out): 0 on success, -negative on error + +SNP_COMMIT is used to commit the currently installed firmware using the +SEV-SNP firmware SNP_COMMIT command. This prevents roll-back to a previously +committed firmware version. This will also update the reported TCB to match +that of the currently installed firmware. + 3. SEV-SNP CPUID Enforcement ============================ diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 9f6ee0d24781..73ace4064e5a 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -222,6 +222,7 @@ static int sev_cmd_buffer_len(int cmd) case SEV_CMD_SNP_PLATFORM_STATUS: return sizeof(struct sev_data_snp_addr); case SEV_CMD_SNP_GUEST_REQUEST: return sizeof(struct sev_data_snp_guest_request); case SEV_CMD_SNP_CONFIG: return sizeof(struct sev_user_data_snp_config); + case SEV_CMD_SNP_COMMIT: return sizeof(struct sev_data_snp_commit); default: return 0; } @@ -1968,6 +1969,19 @@ static int sev_ioctl_do_snp_platform_status(struct sev_issue_cmd *argp) return ret; } +static int sev_ioctl_do_snp_commit(struct sev_issue_cmd *argp) +{ + struct sev_device *sev = psp_master->sev_data; + struct sev_data_snp_commit buf; + + if (!sev->snp_initialized) + return -EINVAL; + + buf.len = sizeof(buf); + + return __sev_do_cmd_locked(SEV_CMD_SNP_COMMIT, &buf, &argp->error); +} + static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) { void __user *argp = (void __user *)arg; @@ -2022,6 +2036,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) case SNP_PLATFORM_STATUS: ret = sev_ioctl_do_snp_platform_status(&input); break; + case SNP_COMMIT: + ret = sev_ioctl_do_snp_commit(&input); + break; default: ret = -EINVAL; goto out; diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 7f9bc1979018..beba10d6b39c 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -788,6 +788,15 @@ struct sev_data_snp_shutdown_ex { u32 rsvd1:31; } __packed; +/** + * struct sev_data_snp_commit - SNP_COMMIT structure + * + * @len: length of the command buffer read by the PSP + */ +struct sev_data_snp_commit { + u32 len; +} __packed; + #ifdef CONFIG_CRYPTO_DEV_SP_PSP /** diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index f1e2c55a92b4..35c207664e95 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -29,6 +29,7 @@ enum { SEV_GET_ID, /* This command is deprecated, use SEV_GET_ID2 */ SEV_GET_ID2, SNP_PLATFORM_STATUS, + SNP_COMMIT, SEV_MAX, }; From patchwork Fri Jan 26 04:11:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 766555 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2054.outbound.protection.outlook.com [40.107.93.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E210E14271; Fri, 26 Jan 2024 04:46:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.54 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244412; cv=fail; b=XgCYqAwir+rmuLhjhS74be4gEBZ9rasGXyFcdJx2+snMqVXllDlIIOfD8SwJBaDRvh81EsoFjkuPCypuGMygnD4Xw6uLKSQdHIuM88zENuqe2OSM1hBl9QyPBQeBSIPpahc368jBQ6PZlzwqaQDaRdNLwrs8COnmr3RFjuP5fas= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706244412; c=relaxed/simple; bh=VU24DfSeAgjL9+DHk5qcdoEQmTL4bXdHyHSZfDKxPRU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=kNvzUpY8gCwrsSwBJsMmGL2jXJTmc4P7YFPdFcWIPsmOEaNkTdp65PbDvD6zq4KZ428lUwI1pdqqppCQ8YESQTwvm3GvdSVphJop7m2OaWDz0q5BZ6+z+PejVy8/4g8vRkzDsylfa8odLr2h5aKTtMp5HOl22rhTBsvE03XKs5E= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=eWPMk9It; arc=fail smtp.client-ip=40.107.93.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="eWPMk9It" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=C7TaOS+T6xv4IAh7SPObQbVcd9elXaUW7IQFoDXlEe+v9TBQARTepxRKpbsc+pndrcp3vvZEZtiT/9EykVbto/E8wamWzFmgZ/585snUMIXQ6iFgiBP0QUNT6B/8PcqpT0MU02fpuD5NI5PzqHKaFprqph8u5miqoMoa8GQBGjnMXT7dKRyN8dzSXX3tCP82eE+SPWtenB5IDY0Mjq5kDfG1htL3xLEVpUaqhTGxFtDoVF5ezrqmUOfcuMS+YXMdUxIyOcT8ywyngEzVt0QeNfXR3uDJcfDqR/aTukSk3XIRvEsPHMIr+VgsOWZmMPcgEzKRXYm0vNa2wExtm5SCLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=aDeqv0Rd+NQEOVYZuoLg7AnInMZUEU9WR2h7GI/0rZw=; b=eLkiNoctUIsw/hJPkI2fmS6mYF+G2UFx/O9oG4FBZOSeyAj2Re8pem/U1kn0bL9aHmGHiYTaQuI64b4G+JczHoC5RQcgMT/RItsPyTi3SOot2kBmb+7QHFJlUoytR9Lif3am10Cbeb+2IPlgsTqfyHjvGMUSsL/s2BNg8laxsbZw5Vql8BqMFjt1P3EnhaVxqeqyjT517516URug6g0WL+C0swA5AeAfq1OXuczDiClB8cfZjD3DvP4ehj+ZaWp7N4IF0AfPOBdLS+vkZ+3kT8/+wBh5hpGPqQ4+6r/qtst9BdSJOQWvro8lQ3Nq87VQnmnmQ3DdvpmOjUhSwRbUxw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aDeqv0Rd+NQEOVYZuoLg7AnInMZUEU9WR2h7GI/0rZw=; b=eWPMk9ItwDqFSwJb3jUb6+LgwVjQw3GJBqSzw7C37mQzf5cFfhT0BEOmVJTKxLFgRQQa3VF+ylzbSbThlrqUkTFZrdir1tIuyCB6Aim9/npxvF494ip/+yWsdHjFz3XiGzjej5V3/q87J2QvsTAO+rOXGM0YQ7h0jtVQfSsYQdg= Received: from CH5PR02CA0017.namprd02.prod.outlook.com (2603:10b6:610:1ed::19) by BY5PR12MB4869.namprd12.prod.outlook.com (2603:10b6:a03:1d9::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27; Fri, 26 Jan 2024 04:46:44 +0000 Received: from DS2PEPF00003440.namprd02.prod.outlook.com (2603:10b6:610:1ed:cafe::7a) by CH5PR02CA0017.outlook.office365.com (2603:10b6:610:1ed::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27 via Frontend Transport; Fri, 26 Jan 2024 04:46:44 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF00003440.mail.protection.outlook.com (10.167.18.43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:46:44 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan 2024 22:46:43 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh , Alexey Kardashevskiy , Dionna Glaze Subject: [PATCH v2 25/25] crypto: ccp: Add the SNP_SET_CONFIG command Date: Thu, 25 Jan 2024 22:11:25 -0600 Message-ID: <20240126041126.1927228-26-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com> References: <20240126041126.1927228-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF00003440:EE_|BY5PR12MB4869:EE_ X-MS-Office365-Filtering-Correlation-Id: 6f7e2305-fbb1-427c-3cff-08dc1e29cbe7 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: aqDsBcSb6NdQLynCq/UCIeCeSzRx6k0iglwucgxYu3q5U+ZjM/2IC9biXlr2W4l2hoxIn1+6GoNzOud2aritAeAmA9A/ZIp8Nf1oI7LKwlss3YvIkqls/+suAnc6nry4/9nc6NteXOcfMJRLFBVN9t/IlNPHZueu8UAOUdA2TpOy1Lll3ibu5rx3UdTZozYRrqJbr9t83Q6GSyRGNEIGdmx/M3qJB+TzNvE/Ff732vMkkdGb5WkwTK3gt10bIfKdiID7OpBSNFLWxqjw8lNrfdHo7aVuPsTCgc45BhBIAYrEIvSNpJyUxKv9yVjeoiJ6faOovaw0tjzO/B2XwAhyHXDY5KtxxnfKfhOlXp40NVcYI7SI0v6Q0nVuLOFtKWlxBQBJpWwPRQDg5f+KHLxoTmxDCmgam49qCzwuRWRJMK40guZgpmQ89aFPHGaETiCG6F9i1aQchJAi6tzOy05WfqznMha/a1XHVB5aahYF5Hitw9qj4vxAyA3Vzkm5vRqZ5EW6wVpQYJJaGIJBrWuqqdOCnmyTgwCUYqlbM3fA5TsJVshoj+1O9aOVrxt2OGhs72HcZP7j6/OmutAlUWQI7Q1o79vWghBOjpxbXB2EbxmgOt6/thTATIA93R4pUzmWNWr5iZv40h+vMDWWf0rzAbLofTAmLCs+4AGq1xNknEwxdJWI/X0yaWA8lPThLg6IvUaByyOWq2b644x69SO0QmXSwadGKO9t2nEy9kiHX8BqrMUE15lkerf5wGmYFbfoxsnFt0iH1Exs0wiUqUfg+A== X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(376002)(136003)(39860400002)(396003)(346002)(230922051799003)(1800799012)(82310400011)(64100799003)(186009)(451199024)(46966006)(36840700001)(40470700004)(82740400003)(81166007)(2906002)(36860700001)(5660300002)(44832011)(7406005)(36756003)(7416002)(356005)(86362001)(426003)(4326008)(2616005)(336012)(26005)(16526019)(478600001)(1076003)(6666004)(41300700001)(47076005)(8676002)(8936002)(70586007)(54906003)(83380400001)(70206006)(316002)(6916009)(40480700001)(40460700003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:46:44.2252 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6f7e2305-fbb1-427c-3cff-08dc1e29cbe7 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF00003440.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB4869 From: Brijesh Singh The SEV-SNP firmware provides the SNP_CONFIG command used to set various system-wide configuration values for SNP guests, such as the reported TCB version used when signing guest attestation reports. Add an interface to set this via userspace. Signed-off-by: Brijesh Singh Co-developed-by: Alexey Kardashevskiy Signed-off-by: Alexey Kardashevskiy Co-developed-by: Dionna Glaze Signed-off-by: Dionna Glaze Signed-off-by: Ashish Kalra [mdr: squash in doc patch from Dionna, drop extended request/certificate handling and simplify this to a simple wrapper around SNP_CONFIG fw cmd] Signed-off-by: Michael Roth Reviewed-by: Liam Merwick --- Documentation/virt/coco/sev-guest.rst | 13 +++++++++++++ drivers/crypto/ccp/sev-dev.c | 20 ++++++++++++++++++++ include/uapi/linux/psp-sev.h | 1 + 3 files changed, 34 insertions(+) diff --git a/Documentation/virt/coco/sev-guest.rst b/Documentation/virt/coco/sev-guest.rst index 007ae828aa2a..14c9de997b7d 100644 --- a/Documentation/virt/coco/sev-guest.rst +++ b/Documentation/virt/coco/sev-guest.rst @@ -162,6 +162,19 @@ SEV-SNP firmware SNP_COMMIT command. This prevents roll-back to a previously committed firmware version. This will also update the reported TCB to match that of the currently installed firmware. +2.6 SNP_SET_CONFIG +------------------ +:Technology: sev-snp +:Type: hypervisor ioctl cmd +:Parameters (in): struct sev_user_data_snp_config +:Returns (out): 0 on success, -negative on error + +SNP_SET_CONFIG is used to set the system-wide configuration such as +reported TCB version in the attestation report. The command is similar +to SNP_CONFIG command defined in the SEV-SNP spec. The current values of +the firmware parameters affected by this command can be queried via +SNP_PLATFORM_STATUS. + 3. SEV-SNP CPUID Enforcement ============================ diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 73ace4064e5a..398ae932aa0b 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -1982,6 +1982,23 @@ static int sev_ioctl_do_snp_commit(struct sev_issue_cmd *argp) return __sev_do_cmd_locked(SEV_CMD_SNP_COMMIT, &buf, &argp->error); } +static int sev_ioctl_do_snp_set_config(struct sev_issue_cmd *argp, bool writable) +{ + struct sev_device *sev = psp_master->sev_data; + struct sev_user_data_snp_config config; + + if (!sev->snp_initialized || !argp->data) + return -EINVAL; + + if (!writable) + return -EPERM; + + if (copy_from_user(&config, (void __user *)argp->data, sizeof(config))) + return -EFAULT; + + return __sev_do_cmd_locked(SEV_CMD_SNP_CONFIG, &config, &argp->error); +} + static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) { void __user *argp = (void __user *)arg; @@ -2039,6 +2056,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) case SNP_COMMIT: ret = sev_ioctl_do_snp_commit(&input); break; + case SNP_SET_CONFIG: + ret = sev_ioctl_do_snp_set_config(&input, writable); + break; default: ret = -EINVAL; goto out; diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index 35c207664e95..b7a2c2ee35b7 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -30,6 +30,7 @@ enum { SEV_GET_ID2, SNP_PLATFORM_STATUS, SNP_COMMIT, + SNP_SET_CONFIG, SEV_MAX, };