From patchwork Tue Nov 12 23:22:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dionna Amalie Glaze X-Patchwork-Id: 13873036 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0841021E13A for ; Tue, 12 Nov 2024 23:23:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731453802; cv=none; b=txrCETwCShByGGXcBVxOu3b4bVcSgjE9o4TLyARpWYjXrb7WT5bSgvOVI5Otj12/tzGo3vptxMBcFNO5M+SoHvYyibjWx0QrMhJ9b6/Fmapq1ouiOsRssFvwCqNzGOqYzsJl5IQKw/4bygX/DnJclzO7OYHmNVkHrVE2nvQ5UO4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731453802; c=relaxed/simple; bh=nrQ932Y51OSd35PUGLLbau3Ik/xAjs0b/JpSV31X09E=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=qhULOHxoO4hbbFNvuiHdWTTOGVY3WOUC/faECXcB9JMnOG1KhhevQy4RMfOlsP70/2X8DPTW7fdrocuuedbNoss2nuvR8acG4wWOb+o8S4Im9OranX0vq4WnQFOW2snXMbO7MQ79+kjKPWO9OPVih9c836c3MurUqAset+pwiQ0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=BKHle7PT; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="BKHle7PT" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-e02fff66a83so9836509276.0 for ; Tue, 12 Nov 2024 15:23:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731453800; x=1732058600; darn=lists.linux.dev; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Bt+/i8WOI79fmEsLhJLm2DSvIqfPWJS+0C7yUqoIIto=; b=BKHle7PTlIC6vwj6r1hTwukOKj6mRt2rpIcWDLiSXX1qakXb5TvKel6ilTrkZzUy5F rJ+Y6ZoTwwchzzk3Riz1plY4hp4MoA5Jg27DHCrFayx4FHgMEhDyC6pEIxoB8KLn9upn LNKjymPVwv7SvDEyPGoq5FU3n4L6NPISb3CVxBsbsq5psRoGXT50SwB5SdBk37uPO0Zk x9cJBjjMZX9CicYWgyhmWJLN28cveQyd+VGYAkyK2GTO01NI2F6T2Zj1Uq4y2V5GIj3S NCENEesELJcgcPVP8IfnVgRiunlS7BDrYMh+5woqYq3gHSI7UOZBpU6uTVOHbjT4O+/5 IwBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731453800; x=1732058600; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Bt+/i8WOI79fmEsLhJLm2DSvIqfPWJS+0C7yUqoIIto=; b=D29okn9hvDNlSzdUuHNifQ4EerjTRzOtzgCwL5E0Jfjhgh4P//8AMfMsRQ/CZS6WJX ELjc+O5KFzAfFStcVKX+u/epfcRaF/bJ59SnHoZP1lcrWsiqA06reslqvW6Qc7tQbgOE pTNjubW8fs0A5zHiv9Gp/BIceDfPKRra8Z8zFowx5tdhIN5GWsdjT6VdoeU4Gytc/eC6 VYYV/PRT3K6wihD+LuOthWpN/ajuPJsXSTTtE8GV4y58e5k9H+lcI9DuJVpN81NWB4eb mjvkFPwmhH5HJ2QDcG9ioOrOxd7eJv6lhkNhxLsqTE4c4QWYZgLOgBlVCRqQkm94Z9V8 UeOg== X-Gm-Message-State: AOJu0YyykFDGV0dk0SUWw2wh3VAR1ij40/x26hxTiu/RnBTnuZmQg5Ej nhd8JWwJ1HTBWEMNguVZU+DUV0N3g5xGukQdrpSqf/Js4hoB6WVGIetDVkLhPzJClBXUXBRENVB 1YEd+lxcjtqaO6M2yFUDqIw== X-Google-Smtp-Source: AGHT+IFdlks+cHVJJN0Pm1E8tmmOb+T06jth8P3+F/l88/NwWk3D7aE601eTKR+ZXuZ8P7m48FGAuSVd9gtK10Y6+A== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a05:6902:1342:b0:e2b:da82:f695 with SMTP id 3f1490d57ef6-e35ed2520d6mr631276.6.1731453799997; Tue, 12 Nov 2024 15:23:19 -0800 (PST) Date: Tue, 12 Nov 2024 23:22:46 +0000 In-Reply-To: <20241112232253.3379178-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-coco@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241112232253.3379178-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241112232253.3379178-8-dionnaglaze@google.com> Subject: [PATCH v6 7/8] KVM: SVM: Use new ccp GCTX API From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" Cc: linux-coco@lists.linux.dev, Dionna Glaze , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Michael Roth , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , Alexey Kardashevskiy , kvm@vger.kernel.org Guest context pages should be near 1-to-1 with allocated ASIDs. With the GCTX API, the ccp driver is better able to associate guest context pages with the ASID that is/will be bound to it. This is important to the firmware hotloading implementation to not corrupt any running VM's guest context page before userspace commits a new firmware. CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy Signed-off-by: Dionna Glaze --- arch/x86/kvm/svm/sev.c | 60 ++++++++---------------------------------- 1 file changed, 11 insertions(+), 49 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index d0e0152aefb32..5e6d1f1c14dfd 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2156,51 +2156,12 @@ int sev_dev_get_attr(u32 group, u64 attr, u64 *val) } } -/* - * The guest context contains all the information, keys and metadata - * associated with the guest that the firmware tracks to implement SEV - * and SNP features. The firmware stores the guest context in hypervisor - * provide page via the SNP_GCTX_CREATE command. - */ -static void *snp_context_create(struct kvm *kvm, struct kvm_sev_cmd *argp) -{ - struct sev_data_snp_addr data = {}; - void *context; - int rc; - - /* Allocate memory for context page */ - context = snp_alloc_firmware_page(GFP_KERNEL_ACCOUNT); - if (!context) - return ERR_PTR(-ENOMEM); - - data.address = __psp_pa(context); - rc = __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_GCTX_CREATE, &data, &argp->error); - if (rc) { - pr_warn("Failed to create SEV-SNP context, rc %d fw_error %d", - rc, argp->error); - snp_free_firmware_page(context); - return ERR_PTR(rc); - } - - return context; -} - -static int snp_bind_asid(struct kvm *kvm, int *error) -{ - struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; - struct sev_data_snp_activate data = {0}; - - data.gctx_paddr = __psp_pa(sev->snp_context); - data.asid = sev_get_asid(kvm); - return sev_issue_cmd(kvm, SEV_CMD_SNP_ACTIVATE, &data, error); -} - static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp) { struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; struct sev_data_snp_launch_start start = {0}; struct kvm_sev_snp_launch_start params; - int rc; + int rc, asid; if (!sev_snp_guest(kvm)) return -ENOTTY; @@ -2226,7 +2187,8 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp) if (params.policy & SNP_POLICY_MASK_SINGLE_SOCKET) return -EINVAL; - sev->snp_context = snp_context_create(kvm, argp); + asid = sev_get_asid(kvm); + sev->snp_context = sev_snp_create_context(argp->sev_fd, asid, &argp->error); if (IS_ERR(sev->snp_context)) return PTR_ERR(sev->snp_context); @@ -2241,7 +2203,7 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp) } sev->fd = argp->sev_fd; - rc = snp_bind_asid(kvm, &argp->error); + rc = sev_snp_activate_asid(sev->fd, asid, &argp->error); if (rc) { pr_debug("%s: Failed to bind ASID to SEV-SNP context, rc %d\n", __func__, rc); @@ -2865,23 +2827,23 @@ int sev_vm_copy_enc_context_from(struct kvm *kvm, unsigned int source_fd) static int snp_decommission_context(struct kvm *kvm) { struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; - struct sev_data_snp_addr data = {}; - int ret; + int ret, error; /* If context is not created then do nothing */ if (!sev->snp_context) return 0; - /* Do the decommision, which will unbind the ASID from the SNP context */ - data.address = __sme_pa(sev->snp_context); + /* + * Do the decommision, which will unbind the ASID from the SNP context + * and free the context page. + */ down_write(&sev_deactivate_lock); - ret = sev_do_cmd(SEV_CMD_SNP_DECOMMISSION, &data, NULL); + ret = sev_snp_guest_decommission(sev->fd, sev->asid, &error); up_write(&sev_deactivate_lock); - if (WARN_ONCE(ret, "Failed to release guest context, ret %d", ret)) + if (WARN_ONCE(ret, "Failed to release guest context, ret %d fw err %d", ret, error)) return ret; - snp_free_firmware_page(sev->snp_context); sev->snp_context = NULL; return 0;