From patchwork Fri Mar 29 22:58:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13611185 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8CBFEC6FD1F for ; Fri, 29 Mar 2024 23:01:35 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 24FC36B0089; Fri, 29 Mar 2024 19:01:35 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1D9CC6B009A; Fri, 29 Mar 2024 19:01:35 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0529C8D0002; Fri, 29 Mar 2024 19:01:34 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id DAAB58D0001 for ; Fri, 29 Mar 2024 19:01:34 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 5F53B120611 for ; Fri, 29 Mar 2024 23:01:34 +0000 (UTC) X-FDA: 81951600108.19.2B39FAD Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2082.outbound.protection.outlook.com [40.107.93.82]) by imf29.hostedemail.com (Postfix) with ESMTP id 79F2312000B for ; Fri, 29 Mar 2024 23:01:31 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b="x1pPgZp/"; dmarc=pass (policy=quarantine) header.from=amd.com; arc=pass ("microsoft.com:s=arcselector9901:i=1"); spf=pass (imf29.hostedemail.com: domain of Michael.Roth@amd.com designates 40.107.93.82 as permitted sender) smtp.mailfrom=Michael.Roth@amd.com ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1711753291; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=AwsQ4vWs9kyckXicEHz0E1bw+FLch5Zb2vNPyuP5js0=; b=JWdnHSc0pvtIkqoQmUsvdWyv0qveS1DCtbe7Bonppi7mutRDN3Qjj3mC2b1O2OaYrR4mUA XLPNiHPv4PThC2J2QVCnQY0UhmY4UTVIQ41L76/zrnsEsdf7N6pZkUDlZHay2Exre2vJh5 GqUK+vG4YrTADIiHMtrXFCiPCqIFhBs= ARC-Authentication-Results: i=2; imf29.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b="x1pPgZp/"; dmarc=pass (policy=quarantine) header.from=amd.com; arc=pass ("microsoft.com:s=arcselector9901:i=1"); spf=pass (imf29.hostedemail.com: domain of Michael.Roth@amd.com designates 40.107.93.82 as permitted sender) smtp.mailfrom=Michael.Roth@amd.com ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1711753291; a=rsa-sha256; cv=pass; b=YWU6riTxWFudbIWO6Ru21x6nObRKIn7K1V27zEqqkPFFYsF+Sg2Yfw9+OAtXSWbg20KD9B AbWNPii84Az9uflf9NzAFFYHo8vT7FOX8FjWfwuyo4eHAiNOj7dqWVxTHCB2RH3QV15uv6 5EdxOS/QAYUGxHRUeHXeQ8FCBnXV2Qg= ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jCfx2pxAPcDIhGGCIIXvEZ+QqpYkKPGB2n28Wt/4FGN8LNmDtzrCdiknSaGy5RDfLaQrfY9qCn08xszP1rgPbnn0KlNbm/PImUFTENEgYOVjZ4N350PQmpYjXgbXNpnCKMG1/v8wdhYUYihr9xfzBpW8Rppy71YE/HtLG+POPGeKfip0NIwX7PoaE+XzBt+qNP+MlI/boxUX4aqwNyMyO9ddXDbdHfKI7/Gz2vpilMR8BAWrMEcbLoaaCuNuVtlFtkAS/u7RXuy0bUTfp2jS4K+PMAeRsL7jqFZxF8FTfuHrhCXRbWSI7HiV+bR5ILxoksgPl0szTNoPUgf6nAqTwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AwsQ4vWs9kyckXicEHz0E1bw+FLch5Zb2vNPyuP5js0=; b=FBzy9DOPOcBI/CEWKxYDklTuaBIEaQTPcmz72dBaVzcsozW4M+RTXXeKymqWkCshZaFCwBcQDUoWhLBlquQT/fyXtoQ6jqlKLvOnpnRypnTciDFxM3tDSTlCOIsZYUMHGkbIFNNTpBzSi+nN+aKS/pAEJeP+kR+Jm9jtHHyzyC1B/stH7uAKhtR5D056+SEShaqpgscSqZWZz5zBFNE8d9cW9nkiQUQtkYc/fCdx/8br+0vLefo66Iu4B9jI56bbfjuBr2CmWX3e1Udguva91guuoedq8ITOsTwOzGvMMLymIognyXr5W1UHItv/ppyx+2pudV4DN3nNC7pT/zlN5w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AwsQ4vWs9kyckXicEHz0E1bw+FLch5Zb2vNPyuP5js0=; b=x1pPgZp/rwomW2cu5jI2ejo6v6jaaCWo1ZgdojsKzmXwrP7jla768ayEkojYMShDNcs3du/TE4hgNK6GiweydFOxAjizjRUEdhRJmZXoDW0VjFyq0OacZxfgxX+58IuPUHaIiyHXmbuMUWy6THhF/prrfH2WFIh/ruhgslZ8Ee4= Received: from SJ0PR03CA0021.namprd03.prod.outlook.com (2603:10b6:a03:33a::26) by DS7PR12MB6005.namprd12.prod.outlook.com (2603:10b6:8:7c::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.40; Fri, 29 Mar 2024 23:01:28 +0000 Received: from SJ1PEPF00001CDE.namprd05.prod.outlook.com (2603:10b6:a03:33a:cafe::cf) by SJ0PR03CA0021.outlook.office365.com (2603:10b6:a03:33a::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.40 via Frontend Transport; Fri, 29 Mar 2024 23:01:28 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00001CDE.mail.protection.outlook.com (10.167.242.6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7409.10 via Frontend Transport; Fri, 29 Mar 2024 23:01:28 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Fri, 29 Mar 2024 18:01:27 -0500 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh Subject: [PATCH v12 15/29] KVM: SEV: Add support to handle Page State Change VMGEXIT Date: Fri, 29 Mar 2024 17:58:21 -0500 Message-ID: <20240329225835.400662-16-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240329225835.400662-1-michael.roth@amd.com> References: <20240329225835.400662-1-michael.roth@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00001CDE:EE_|DS7PR12MB6005:EE_ X-MS-Office365-Filtering-Correlation-Id: d3317c0b-19da-4286-a456-08dc50442ab4 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: g2aGuN3u1dfzFksvUQT2M7ocUNjN0bbyE14+lvY6al5Z6FN03fB20cT+zkLqpXFp1xMns/IR/66MM0oHsvm5F6wqdxy16aUt+ZHMWDtembe0QFR5uEzYZOJj2oWH2dVIYMY6ngnmUZDoHtzWflHvKaTizzjiBdxCF/rdj523MZf5YoALBPq/uvBBKa9ncxKb7E4Ew6FVa71bQNzg80CHWGTLLWftjXHO0SbTcoYOFkfe8GNuSYu6LeJINz3k3tbkSmzxt5mukj9afrfjN40oFT2l475UPUGEBmFDkABeZF+Tp2C1DVseN1QQ5gdXyk2zNgHZZhJnOMhygUZbuCHolelU6Td4vqEBu0AjA+bhiNeQwTmuu+850Giwqx1UY0JDrYWsEhblkZa0L5b/dIbxdyXzl2kVhyfHO+j3MCxxY+wu+yhU2xGC9b3RzK5OjN0xsSx3ABlMX+oke/5REbwlHOK5hJN/g3NqW2xqLP8q8kA7WQ2+EdjBEKIlcjVquPmAS2GGzkG0Dptw73Pw8Ny91iTRhq+pV8x7TJGhzoaYYoX+QVfjyn//iMIuIPtENhSqMpVijPpd6VeYNZ0x1mGAIY8KQUhC8rmAdFbrKcr7A7MsGr6f6wPggW6lD9upWtBrLE5jzyMllBl1M7cZf82qxxmsJv+jjIOxSn1ZBf3CKXuHCGCsI/yTg4X9KvuwRFDmjkuqUkmje+FFtL4JL2tGykvGSGualpK8FZDnJV9Mn0NHlx9YhdfWOAhB7P7VtpdE X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(1800799015)(376005)(36860700004)(7416005)(82310400014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Mar 2024 23:01:28.3153 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d3317c0b-19da-4286-a456-08dc50442ab4 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00001CDE.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB6005 X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 79F2312000B X-Stat-Signature: 1o8ctwzhn6t4sspaaf6t8mw3xd8ge8xa X-Rspam-User: X-HE-Tag: 1711753291-416337 X-HE-Meta: U2FsdGVkX18Md54pBi0syXx26dFSRooepDgaPqK8PJEvCvZZWOd5Apy0id7FFtnT6KVJIUVIoP+QCe95qGwRJm4MsLxtkW45A6sEj/FJ28Zt2pUyaOQ/jZcu038G6hlcG5OeRRffTR/MmqNmjqM5pOvkhbLE+m+M9uEXmYN4N3qhPntTllcqt7xw88jIM3ASJMXqhI462QgYdPPQCqC6aMaX+NFLPS3M/bk6o/Q1PGWIsTTa6tdN3nLRA79yWrc1HgsdmVAWqON0qKNMARB6ZG2vKiHgEuNHEkqnX8WB+WYTQkqjxzZs8opxjHXLr40DCPy0P27CiYr5nAe89NjMc4z8cncSXKgyEY1xjVV93bjrCxAjP0V2hFGCqDfpoGVe5L6eJfE1NK3of5UBpQXNxgQgWnwuFSO6lmew317JX7pUEsIRG81UTvntV2NWUEMFMCxve3BTqmoGwvr5kmWI83IqziEh3TAvJFdddS3DfErQgrxnTyvYm08LBbcBZBTJiVTc3QMM8ccFdB+o9Obmx48GjGGMOg/mkJcfzoUhWKD39cMAs5+zzf42TTqv0C2QEFjm09ikEr7ZU+mrbX3vDbeBntfrUvloWfgctddTuEVPAD5CaYbUZAVPYShMmbok7DUWQeescFpPbLHPQUIP2G7u/v0h7QrhCeVH4rZXuiCXwH5kS7KWXapZNf/7FZ74ECc/QcYVf0rtw2Xwxa3nSrfv9rhe1DLQ+nP0w9B1075I/kxizVRgjMzj+aUDOGP0+uTmpVU1O2oQTsOQR3KHL/C4PgzT92WqQvkJTPhXfgAZ3FOiT466jt5VJ5Suue5wfBYCjClAT1uqrU5WHtC4ldM0c4ZMtA1GFkPWsZSIYv0PRAw3c/UpWRiqhyFJZH4j88Hv/MsJU018PPf24Gkrguk220xYj4DePSkDBIrqeyIGesZR5uU3MLcO8UMWZMnQb0S1b3XnPIEqDh+IPsK izF6s/B1 iXa4r+gj8h95hcX8tHY11dQlO9PO8plZw+fu6ZlpZg+rwmFD0nQAPCiIZaINrgPyq5UokZd6+159M5MuovKgrF5GFNlb1h9+fuNYH0leRMuN5TEwcKbTDv7CfPI6xRUwtgskHyMgwS4gmLLrejlYMSpSfnGrRdWP7aaZuzxgJjF9vuWSuMFD0pdVk5LwCCZ/5BuiihgJFMw0wS+HsPnKnAJ056XKVXQm+OgN+dySySwL7EFbG6bBEqLZLNHQOnnsgR1pjW74FHu0zsAdywr5b98GfMbJkUIMJX5sRh1m16spj/VyPgKGeAM9Ia5s3iS2SDdjBFq8r9PIlxPo= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Brijesh Singh SEV-SNP VMs can ask the hypervisor to change the page state in the RMP table to be private or shared using the Page State Change NAE event as defined in the GHCB specification version 2. Forward these requests to userspace as KVM_EXIT_VMGEXITs, similar to how it is done for requests that don't use a GHCB page. Co-developed-by: Michael Roth Signed-off-by: Michael Roth Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- Documentation/virt/kvm/api.rst | 14 ++++++++++++++ arch/x86/kvm/svm/sev.c | 16 ++++++++++++++++ include/uapi/linux/kvm.h | 5 +++++ 3 files changed, 35 insertions(+) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 4a7a2945bc78..85099198a10f 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -7065,6 +7065,7 @@ values in kvm_run even if the corresponding bit in kvm_dirty_regs is not set. /* KVM_EXIT_VMGEXIT */ struct kvm_user_vmgexit { #define KVM_USER_VMGEXIT_PSC_MSR 1 + #define KVM_USER_VMGEXIT_PSC 2 __u32 type; /* KVM_USER_VMGEXIT_* type */ union { struct { @@ -7074,9 +7075,14 @@ values in kvm_run even if the corresponding bit in kvm_dirty_regs is not set. __u8 op; __u32 ret; } psc_msr; + struct { + __u64 shared_gpa; + __u64 ret; + } psc; }; }; + If exit reason is KVM_EXIT_VMGEXIT then it indicates that an SEV-SNP guest has issued a VMGEXIT instruction (as documented by the AMD Architecture Programmer's Manual (APM)) to the hypervisor that needs to be serviced by @@ -7094,6 +7100,14 @@ update the private/shared state of the GPA using the corresponding KVM_SET_MEMORY_ATTRIBUTES ioctl. The 'ret' field is to be set to 0 by userpace on success, or some non-zero value on failure. +For the KVM_USER_VMGEXIT_PSC type, the psc union type is used. The kernel +will supply the GPA of the Page State Structure defined in the GHCB spec. +Userspace will process this structure as defined by the GHCB, and issue +KVM_SET_MEMORY_ATTRIBUTES ioctls to set the GPAs therein to the expected +private/shared state. Userspace will return a value in 'ret' that is in +agreement with the GHCB-defined return values that the guest will expect +in the SW_EXITINFO2 field of the GHCB in response to these requests. + 6. Capabilities that can be enabled on vCPUs ============================================ diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 1464edac2304..c35ed9d91c89 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3208,6 +3208,7 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) case SVM_VMGEXIT_AP_JUMP_TABLE: case SVM_VMGEXIT_UNSUPPORTED_EVENT: case SVM_VMGEXIT_HV_FEATURES: + case SVM_VMGEXIT_PSC: break; default: reason = GHCB_ERR_INVALID_EVENT; @@ -3426,6 +3427,15 @@ static int snp_begin_psc_msr(struct kvm_vcpu *vcpu, u64 ghcb_msr) return 0; /* forward request to userspace */ } +static int snp_complete_psc(struct kvm_vcpu *vcpu) +{ + struct vcpu_svm *svm = to_svm(vcpu); + + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, vcpu->run->vmgexit.psc.ret); + + return 1; /* resume guest */ +} + static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) { struct vmcb_control_area *control = &svm->vmcb->control; @@ -3663,6 +3673,12 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) ret = 1; break; + case SVM_VMGEXIT_PSC: + vcpu->run->exit_reason = KVM_EXIT_VMGEXIT; + vcpu->run->vmgexit.type = KVM_USER_VMGEXIT_PSC; + vcpu->run->vmgexit.psc.shared_gpa = svm->sev_es.sw_scratch; + vcpu->arch.complete_userspace_io = snp_complete_psc; + break; case SVM_VMGEXIT_UNSUPPORTED_EVENT: vcpu_unimpl(vcpu, "vmgexit: unsupported event - exit_info_1=%#llx, exit_info_2=%#llx\n", diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 54b81e46a9fa..e33c48bfbd67 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -137,6 +137,7 @@ struct kvm_xen_exit { struct kvm_user_vmgexit { #define KVM_USER_VMGEXIT_PSC_MSR 1 +#define KVM_USER_VMGEXIT_PSC 2 __u32 type; /* KVM_USER_VMGEXIT_* type */ union { struct { @@ -146,6 +147,10 @@ struct kvm_user_vmgexit { __u8 op; __u32 ret; } psc_msr; + struct { + __u64 shared_gpa; + __u64 ret; + } psc; }; };