From patchwork Mon Jun 20 23:13:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 12888505 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1B4ABC43334 for ; Mon, 20 Jun 2022 23:13:20 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id ADE826B0071; Mon, 20 Jun 2022 19:13:19 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A8EA38E0002; Mon, 20 Jun 2022 19:13:19 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9306A8E0001; Mon, 20 Jun 2022 19:13:19 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 8402F6B0071 for ; Mon, 20 Jun 2022 19:13:19 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay13.hostedemail.com (Postfix) with ESMTP id 5F6FA60E1F for ; Mon, 20 Jun 2022 23:13:19 +0000 (UTC) X-FDA: 79600167318.14.542198C Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2064.outbound.protection.outlook.com [40.107.220.64]) by imf12.hostedemail.com (Postfix) with ESMTP id C10F44000B for ; Mon, 20 Jun 2022 23:13:18 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KGLwACDdeZWXZ+XE6TLMs+CBuaUdaKJZLX6saaexEoIF46mrv9mpVS+5NFdkxphu1WesEcwhuoZDfqa8sO2XNRk4Ku5V+/+0rBqeQgs6P7C66F5JsL1Ti2SezHhnGETwc3OxYLwjbQThKsP7YVeOJxqeHo6Ea1RmqxUU+IdgizuUvnFtdoVr5ODZTvg6QL6l3ED0u+9PoNHKOqO81zmqHOLx0TQmrCu07DAa8ipWfxnVLKffyaL0/3Bp+t7QQZS2GYiNeJhxO4myZ5iCsM2XqIos6z3JTCVkeaANEamKKyfU4bO5BLdHEq9RQ2SKwJvQLLn6yKY8VanGs20Z09ooBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Jsm3uott7xgIoS87z1RyCceHURhx/sUib4D69GFXddU=; b=PM/kVgY+l+ofcUtnWagnjdJ2NuKZjvxE8EbbDmLY+Q7lixnsDSjrJDZpNMo11txYl89tQDJFDX2lMsIQFXUAVaI1i3unAccSUGgzaqyT2cnQZ8kej7RoQtZerPC63ARYIfXgLBonkMTBXsiyTD0u1rq1zyo1a5L2+JK56AcO9TkF3SzUv5YMIuGiHNg8j3WzODy49vcL2s+jOLpJ1lHFbI1TaRU/H9zMY9dMr6g0ws7hZre6U+kUgAtUNVSQVrBnFkmgF3GgbGmdMYIAIzCnhTzBq8U/3PEoWvEgE4giHj86S4FLYGYBdZnytoihoDr4BYy5xriXwHQtrr7sbZ47Jg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Jsm3uott7xgIoS87z1RyCceHURhx/sUib4D69GFXddU=; b=oJJ1QQYWIVKdmk6leZMwhcpAPJv61WQMFwAUeVHliFFjohP/zNhAOHm2DNCc3Engvttt242iVBtip+/6oWCmIKaGlufVZyBfKxmSLU+pN/J3kNVVmXYx8AblEnGn0Jek+bDUtuXaYipN8RUxxoy1jVHvpiveI+NNHe0FwLKrILA= Received: from DM6PR17CA0012.namprd17.prod.outlook.com (2603:10b6:5:1b3::25) by DM6PR12MB3195.namprd12.prod.outlook.com (2603:10b6:5:183::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5353.16; Mon, 20 Jun 2022 23:13:15 +0000 Received: from DM6NAM11FT065.eop-nam11.prod.protection.outlook.com (2603:10b6:5:1b3:cafe::7b) by DM6PR17CA0012.outlook.office365.com (2603:10b6:5:1b3::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5353.22 via Frontend Transport; Mon, 20 Jun 2022 23:13:15 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DM6NAM11FT065.mail.protection.outlook.com (10.13.172.109) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5353.14 via Frontend Transport; Mon, 20 Jun 2022 23:13:15 +0000 Received: from ashkalraubuntuserver.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.28; Mon, 20 Jun 2022 18:13:12 -0500 From: Ashish Kalra To: , , , , , CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Subject: [PATCH Part2 v6 41/49] KVM: SVM: Add support to handle the RMP nested page fault Date: Mon, 20 Jun 2022 23:13:03 +0000 Message-ID: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8954586f-09d6-4770-90a4-08da53127495 X-MS-TrafficTypeDiagnostic: DM6PR12MB3195:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: HJ2dqskW40bbszIh8dko8lb2idCHIfqKgl5cLRI++yAXxT9nzErz0kE3j6ucE+U2a1Z0v/mZbkDK4iUU4x4WMIw9corLPKX//7HH2SC6d9yRzMhquXOeUjBOoq6Uzc9aoTOjqzi3qFGfqYn6X1Vir0wmPb1cufLtHqhlvQ3n45cAh/b10QfikbYeOV7E4YKxFg0g3unMdTM1oamBJwTHoCyMToQ6APdP0Cqezfif2ZqQzyl0oBEWQ+L0qFgQ71kDeMiBwMBKf2RsPk8HxJ2DC6ImdjZPklqls8y0wN2Yzqd3jhYz5U5w7/+Aww9eCcHYyqQd3P7FJIuquZdH8Q6o6DukoPjNR0oS7PIGsvoXxXs22cXYlOGLYa6klfEPULTrm5DgE22Nyskleo4fGi5E+oTfRm0C1v/K7ikbrlcxDF5w8/qsF2QVKyunYt6ZL8mC21pKr2Oc+xdaam1oSmo6SHAZphwxLSZYo14vqj9VpPEMud6v9zPzQZbYpJcMLw4TTyBe7rM00jEaiYcxfe2xJ2UIfPonFJ9GJO6TtXypt23QRfzdN4xwjouHIh/Xfeu3dgXpJMd+9VGKJT12V53NW1OJt0xEvUy4UVyW2jFW7BRF7vTJeyvgDpFDyt/QaS2wbY/hYllkjOoh98RgYaQZOl9tSHycvYRVTXuEFb64NsblMElL3edBnhbhfBIKMNpDWBMBMNBYvoU3mJfxw6tRn6syUUy5aa1KxmnCr1BBVPFyuuQgGk4K54ZbB56vMo8mxk6AQwCpmwA6Faob145yZw== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230016)(4636009)(376002)(136003)(346002)(39860400002)(396003)(40470700004)(46966006)(36840700001)(110136005)(7406005)(478600001)(54906003)(6666004)(2616005)(2906002)(70586007)(82310400005)(7416002)(5660300002)(4326008)(40480700001)(70206006)(316002)(8936002)(83380400001)(40460700003)(8676002)(36756003)(86362001)(81166007)(82740400003)(356005)(41300700001)(186003)(47076005)(426003)(336012)(26005)(7696005)(16526019)(36860700001)(2101003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jun 2022 23:13:15.5884 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8954586f-09d6-4770-90a4-08da53127495 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT065.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3195 ARC-Authentication-Results: i=2; imf12.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=oJJ1QQYW; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf12.hostedemail.com: domain of Ashish.Kalra@amd.com designates 40.107.220.64 as permitted sender) smtp.mailfrom=Ashish.Kalra@amd.com; arc=pass ("microsoft.com:s=arcselector9901:i=1") ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1655766799; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Jsm3uott7xgIoS87z1RyCceHURhx/sUib4D69GFXddU=; b=mxWZOUD0H5As37MeCaH2Cu8EfpX3LCzaH9ByjslGANN3COxKku2YpqVL2Sdgr1LTQjJg6e gAk6eia0f3HNGajX95x3KwL2dDqZKZDIWsgluoQb7HfR88uBVhfHGFWdKfb9ZfBbn7vN8P HHM64jC0vEWFsQN46Swo3W0B55b0wUI= ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1655766799; a=rsa-sha256; cv=pass; b=6RmhPw9zE7dCS69TUZBdrMnu31vNYydDwpg/UZqpPyIx0EIBi+8xgPZT2H4xq+/cSCPQkF Uz3zQc+71d996loLxvjqRqRAjVHd4LBvq4cLa5t/29sVS9pAQL60df0fYlntw7MSx2tWQ+ JECR29vxEBBvGIXh4DHDgabrgiNuKRs= X-Stat-Signature: 3wa4qqxn4t677ae5atyfcz8up94j8b4a X-Rspamd-Queue-Id: C10F44000B X-Rspam-User: Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=oJJ1QQYW; dmarc=pass (policy=quarantine) header.from=amd.com; spf=pass (imf12.hostedemail.com: domain of Ashish.Kalra@amd.com designates 40.107.220.64 as permitted sender) smtp.mailfrom=Ashish.Kalra@amd.com; arc=pass ("microsoft.com:s=arcselector9901:i=1") X-Rspamd-Server: rspam10 X-HE-Tag: 1655766798-240421 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Brijesh Singh When SEV-SNP is enabled in the guest, the hardware places restrictions on all memory accesses based on the contents of the RMP table. When hardware encounters RMP check failure caused by the guest memory access it raises the #NPF. The error code contains additional information on the access type. See the APM volume 2 for additional information. Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm/sev.c | 76 ++++++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 14 +++++--- 2 files changed, 86 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 4ed90331bca0..7fc0fad87054 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -4009,3 +4009,79 @@ void sev_post_unmap_gfn(struct kvm *kvm, gfn_t gfn, kvm_pfn_t pfn) spin_unlock(&sev->psc_lock); } + +void handle_rmp_page_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u64 error_code) +{ + int rmp_level, npt_level, rc, assigned; + struct kvm *kvm = vcpu->kvm; + gfn_t gfn = gpa_to_gfn(gpa); + bool need_psc = false; + enum psc_op psc_op; + kvm_pfn_t pfn; + bool private; + + write_lock(&kvm->mmu_lock); + + if (unlikely(!kvm_mmu_get_tdp_walk(vcpu, gpa, &pfn, &npt_level))) + goto unlock; + + assigned = snp_lookup_rmpentry(pfn, &rmp_level); + if (unlikely(assigned < 0)) + goto unlock; + + private = !!(error_code & PFERR_GUEST_ENC_MASK); + + /* + * If the fault was due to size mismatch, or NPT and RMP page level's + * are not in sync, then use PSMASH to split the RMP entry into 4K. + */ + if ((error_code & PFERR_GUEST_SIZEM_MASK) || + (npt_level == PG_LEVEL_4K && rmp_level == PG_LEVEL_2M && private)) { + rc = snp_rmptable_psmash(kvm, pfn); + if (rc) + pr_err_ratelimited("psmash failed, gpa 0x%llx pfn 0x%llx rc %d\n", + gpa, pfn, rc); + goto out; + } + + /* + * If it's a private access, and the page is not assigned in the + * RMP table, create a new private RMP entry. This can happen if + * guest did not use the PSC VMGEXIT to transition the page state + * before the access. + */ + if (!assigned && private) { + need_psc = 1; + psc_op = SNP_PAGE_STATE_PRIVATE; + goto out; + } + + /* + * If it's a shared access, but the page is private in the RMP table + * then make the page shared in the RMP table. This can happen if + * the guest did not use the PSC VMGEXIT to transition the page + * state before the access. + */ + if (assigned && !private) { + need_psc = 1; + psc_op = SNP_PAGE_STATE_SHARED; + } + +out: + write_unlock(&kvm->mmu_lock); + + if (need_psc) + rc = __snp_handle_page_state_change(vcpu, psc_op, gpa, PG_LEVEL_4K); + + /* + * The fault handler has updated the RMP pagesize, zap the existing + * rmaps for large entry ranges so that nested page table gets rebuilt + * with the updated RMP pagesize. + */ + gfn = gpa_to_gfn(gpa) & ~(KVM_PAGES_PER_HPAGE(PG_LEVEL_2M) - 1); + kvm_zap_gfn_range(kvm, gfn, gfn + PTRS_PER_PMD); + return; + +unlock: + write_unlock(&kvm->mmu_lock); +} diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 1c8e035ba011..7742bc986afc 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1866,15 +1866,21 @@ static int pf_interception(struct kvm_vcpu *vcpu) static int npf_interception(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); + int rc; u64 fault_address = svm->vmcb->control.exit_info_2; u64 error_code = svm->vmcb->control.exit_info_1; trace_kvm_page_fault(fault_address, error_code); - return kvm_mmu_page_fault(vcpu, fault_address, error_code, - static_cpu_has(X86_FEATURE_DECODEASSISTS) ? - svm->vmcb->control.insn_bytes : NULL, - svm->vmcb->control.insn_len); + rc = kvm_mmu_page_fault(vcpu, fault_address, error_code, + static_cpu_has(X86_FEATURE_DECODEASSISTS) ? + svm->vmcb->control.insn_bytes : NULL, + svm->vmcb->control.insn_len); + + if (error_code & PFERR_GUEST_RMP_MASK) + handle_rmp_page_fault(vcpu, fault_address, error_code); + + return rc; } static int db_interception(struct kvm_vcpu *vcpu)