From patchwork Thu Feb 13 01:14:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11379539 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4FD6B109A for ; Thu, 13 Feb 2020 01:15:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 1C4DF2173E for ; Thu, 13 Feb 2020 01:15:07 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="mmrHyqcQ" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729417AbgBMBPD (ORCPT ); Wed, 12 Feb 2020 20:15:03 -0500 Received: from mail-eopbgr690075.outbound.protection.outlook.com ([40.107.69.75]:63054 "EHLO NAM04-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729285AbgBMBPD (ORCPT ); Wed, 12 Feb 2020 20:15:03 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kcpltUeDtnAvrIdo7xSyO4w2h7i0n01TAKC4TO0f/iw8cLv0vDgDmvhlVM1b3tv6Y/jNu/BkvP+ZAe+FKU4ZPBTK5N8A4ZaZWAlQrZPg8Nmm6AmGv9dwX/AjO/4WASW6ne4En0qsUqmgkXgxjY8CK3oWWiap05mUWuNSFWofBQIQV73KmDzi8K8wDCMwZH791SrhwERsY/qPvgg+V13WIAmtD9WOE0Fj10WxDVqFEawvWIm/7axxWYgZ9YhNfWvEaXgTcVZagxGi3j1sNmeMIU/9JoxwVtZ3WFNIWcu2lLfOUY7R6ECU4/o3QerALKbw1fzHyAoP+iNgDdwR1DVQlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=C9MwzSGFXQFgULl0SwpZg1Q23Bj647eOcOP5OeTq8nY=; b=UEFozcrJ7SB8iDqaRgVU8JfXWxYk180m1DcE+SkQVn9yXvUU3h6txV6FOB0p4KC9vclhGz4rwbB2C7iY4rYLQ9LAU9n+pArIZ4aaiadhurtuPxYARA/+AXS72e3aEv5eofWCwoBSPIrfMFIRPeNHmlWrl88Zmum5n3mR7llAdDsFU9kY5kXRvdto8MwJJkA+Op4XgUAjfd3FU2dxWZ5XMgm5SmgZPazKzeT+xwJhXi2UNE77yRxyhgQeYAnLYFC0HiJg6lBGyDpexJYcUS+UjVPjsTOGMpezzgSMEpHOFnFX0Oos6meQHdI655+MCLn0fVP609LYHgNLhx8/STglJw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=C9MwzSGFXQFgULl0SwpZg1Q23Bj647eOcOP5OeTq8nY=; b=mmrHyqcQszAA5yzEOmB9x+Q3usPitKc1SuZ4z095Me/Ofxbk2BL2IeSz8KK5qtgLcpt5PViGWJtnG9T7NyTcB0Xre3q0JiyinBDhPtP0qZEk0FLUdIgdYdxsQE6Iprnx8o+dkiDe8Iu6EM/NX77dUna7lhvX1Z+tdtDdbF4Y1J0= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Ashish.Kalra@amd.com; Received: from SN1PR12MB2528.namprd12.prod.outlook.com (52.132.196.33) by SN1PR12MB2366.namprd12.prod.outlook.com (52.132.194.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.22; Thu, 13 Feb 2020 01:14:59 +0000 Received: from SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1]) by SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1%7]) with mapi id 15.20.2707.030; Thu, 13 Feb 2020 01:14:59 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, rientjes@google.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 01/12] KVM: SVM: Add KVM_SEV SEND_START command Date: Thu, 13 Feb 2020 01:14:49 +0000 Message-Id: <59ca3ae4ac03c43751ce4af5119ede548bb9e8e4.1581555616.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: DM3PR14CA0137.namprd14.prod.outlook.com (2603:10b6:0:53::21) To SN1PR12MB2528.namprd12.prod.outlook.com (2603:10b6:802:28::33) MIME-Version: 1.0 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by DM3PR14CA0137.namprd14.prod.outlook.com (2603:10b6:0:53::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.23 via Frontend Transport; Thu, 13 Feb 2020 01:14:58 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [165.204.77.1] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: bebbe53a-c55d-4a57-d7ed-08d7b0222504 X-MS-TrafficTypeDiagnostic: SN1PR12MB2366:|SN1PR12MB2366: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6108; X-Forefront-PRVS: 031257FE13 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4636009)(346002)(136003)(366004)(376002)(39860400002)(396003)(199004)(189003)(8936002)(5660300002)(66946007)(66476007)(66556008)(7416002)(2906002)(6916009)(6666004)(4326008)(7696005)(52116002)(316002)(36756003)(66574012)(6486002)(86362001)(956004)(2616005)(81156014)(478600001)(8676002)(81166006)(26005)(16526019)(186003);DIR:OUT;SFP:1101;SCL:1;SRVR:SN1PR12MB2366;H:SN1PR12MB2528.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: fHskUn41KKlic13cRFifhDEds/BufzdH+8S0BCy4PNqr0tSy/o+xLuSYzYnqOmwKXqWPdwuiJN9z+0+RCJ1CWP8nMeE032kvmGReXgKrxHdox9D/cbMzz5MnceDEjagzgUa7KIsUq8tZm648HKqWbDynHZ8DJuL60NMIXbzJe+bXmyD05LergEHzVzPgcFzc2pyWIcUUV84u3pK1rJvm8Z+cJtsGYtLF3FrDIICr3ixT/N51DyDsHJZdzv3Q4v/9DS2LLVtvLyNIoxo72nHFA/Q7fRO3vTs0711hyR9ltjArudmAQkkWf+hxzA/DnJTjahfUOrR50REhPtmOwWPY39bH9R93M/LsvMlDG/hapD5zcDNbtIvL6Jlj5Lm+9U/IH/GMV+HmonMpZo9VEGEm7+AsSk1DxAER2FNATwM5p3+H5hE9DzKnF0u2vJhgIMCn X-MS-Exchange-AntiSpam-MessageData: htupNgdSrfHjwPlgmtb9XpUU1/ubnLA1oOHLt1fJrQplvqNGumezQVMiOOv85qZPMyOWrLg/QRINkhxYtdPMRbY6sDfsPv4dmNYILtkap0LlJqQ6aBmkReM5/uXBYh80BrKj97ydFds9nZprXO3ZrQ== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: bebbe53a-c55d-4a57-d7ed-08d7b0222504 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Feb 2020 01:14:59.4144 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 5Izgexz4yfQVg/sgTFVBhkE7KW+WmkgHBo/GqS3JwvRKvAivGGSQZvWm0840SPubH3U8W9VRKiih5ZXAP2wcsQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2366 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The command is used to create an outgoing SEV guest encryption context. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- .../virt/kvm/amd-memory-encryption.rst | 27 ++++ arch/x86/kvm/svm.c | 125 ++++++++++++++++++ include/linux/psp-sev.h | 8 +- include/uapi/linux/kvm.h | 12 ++ 4 files changed, 168 insertions(+), 4 deletions(-) diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst index d18c97b4e140..826911f41f3b 100644 --- a/Documentation/virt/kvm/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/amd-memory-encryption.rst @@ -238,6 +238,33 @@ Returns: 0 on success, -negative on error __u32 trans_len; }; +10. KVM_SEV_SEND_START +---------------------- + +The KVM_SEV_SEND_START command can be used by the hypervisor to create an +outgoing guest encryption context. + +Parameters (in): struct kvm_sev_send_start + +Returns: 0 on success, -negative on error + +:: + struct kvm_sev_send_start { + __u32 policy; /* guest policy */ + + __u64 pdh_cert_uaddr; /* platform Diffie-Hellman certificate */ + __u32 pdh_cert_len; + + __u64 plat_certs_uadr; /* platform certificate chain */ + __u32 plat_certs_len; + + __u64 amd_certs_uaddr; /* AMD certificate */ + __u32 amd_cert_len; + + __u64 session_uaddr; /* Guest session information */ + __u32 session_len; + }; + References ========== diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index a3e32d61d60c..3a7e2cac51de 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -7140,6 +7140,128 @@ static int sev_launch_secret(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +/* Userspace wants to query session length. */ +static int +__sev_send_start_query_session_length(struct kvm *kvm, struct kvm_sev_cmd *argp, + struct kvm_sev_send_start *params) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_send_start *data; + int ret; + + data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT); + if (data == NULL) + return -ENOMEM; + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_START, data, &argp->error); + + params->session_len = data->session_len; + if (copy_to_user((void __user *)(uintptr_t)argp->data, params, + sizeof(struct kvm_sev_send_start))) + ret = -EFAULT; + + kfree(data); + return ret; +} + +static int sev_send_start(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_send_start *data; + struct kvm_sev_send_start params; + void *amd_certs, *session_data; + void *pdh_cert, *plat_certs; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, + sizeof(struct kvm_sev_send_start))) + return -EFAULT; + + /* if session_len is zero, userspace wants t query the session length */ + if (!params.session_len) + return __sev_send_start_query_session_length(kvm, argp, + ¶ms); + + /* some sanity checks */ + if (!params.pdh_cert_uaddr || !params.pdh_cert_len || + !params.session_uaddr || params.session_len > SEV_FW_BLOB_MAX_SIZE) + return -EINVAL; + + /* allocate the memory to hold the session data blob */ + session_data = kmalloc(params.session_len, GFP_KERNEL_ACCOUNT); + if (!session_data) + return -ENOMEM; + + /* copy the certificate blobs from userspace */ + pdh_cert = psp_copy_user_blob(params.pdh_cert_uaddr, + params.pdh_cert_len); + if (IS_ERR(pdh_cert)) { + ret = PTR_ERR(pdh_cert); + goto e_free_session; + } + + plat_certs = psp_copy_user_blob(params.plat_certs_uaddr, + params.plat_certs_len); + if (IS_ERR(plat_certs)) { + ret = PTR_ERR(plat_certs); + goto e_free_pdh; + } + + amd_certs = psp_copy_user_blob(params.amd_certs_uaddr, + params.amd_certs_len); + if (IS_ERR(amd_certs)) { + ret = PTR_ERR(amd_certs); + goto e_free_plat_cert; + } + + data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT); + if (data == NULL) { + ret = -ENOMEM; + goto e_free_amd_cert; + } + + /* populate the FW SEND_START field with system physical address */ + data->pdh_cert_address = __psp_pa(pdh_cert); + data->pdh_cert_len = params.pdh_cert_len; + data->plat_certs_address = __psp_pa(plat_certs); + data->plat_certs_len = params.plat_certs_len; + data->amd_certs_address = __psp_pa(amd_certs); + data->amd_certs_len = params.amd_certs_len; + data->session_address = __psp_pa(session_data); + data->session_len = params.session_len; + data->handle = sev->handle; + + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_START, data, &argp->error); + + if (copy_to_user((void __user *)(uintptr_t) params.session_uaddr, + session_data, params.session_len)) { + ret = -EFAULT; + goto e_free; + } + + params.policy = data->policy; + params.session_len = data->session_len; + if (copy_to_user((void __user *)(uintptr_t)argp->data, ¶ms, + sizeof(struct kvm_sev_send_start))) + ret = -EFAULT; + +e_free: + kfree(data); +e_free_amd_cert: + kfree(amd_certs); +e_free_plat_cert: + kfree(plat_certs); +e_free_pdh: + kfree(pdh_cert); +e_free_session: + kfree(session_data); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -7181,6 +7303,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_LAUNCH_SECRET: r = sev_launch_secret(kvm, &sev_cmd); break; + case KVM_SEV_SEND_START: + r = sev_send_start(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 5167bf2bfc75..9f63b9d48b63 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -323,11 +323,11 @@ struct sev_data_send_start { u64 pdh_cert_address; /* In */ u32 pdh_cert_len; /* In */ u32 reserved1; - u64 plat_cert_address; /* In */ - u32 plat_cert_len; /* In */ + u64 plat_certs_address; /* In */ + u32 plat_certs_len; /* In */ u32 reserved2; - u64 amd_cert_address; /* In */ - u32 amd_cert_len; /* In */ + u64 amd_certs_address; /* In */ + u32 amd_certs_len; /* In */ u32 reserved3; u64 session_address; /* In */ u32 session_len; /* In/Out */ diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 4b95f9a31a2f..17bef4c245e1 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1558,6 +1558,18 @@ struct kvm_sev_dbg { __u32 len; }; +struct kvm_sev_send_start { + __u32 policy; + __u64 pdh_cert_uaddr; + __u32 pdh_cert_len; + __u64 plat_certs_uaddr; + __u32 plat_certs_len; + __u64 amd_certs_uaddr; + __u32 amd_certs_len; + __u64 session_uaddr; + __u32 session_len; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Thu Feb 13 01:15:05 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11379541 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 07FF4921 for ; Thu, 13 Feb 2020 01:15:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id C9F1B217F4 for ; Thu, 13 Feb 2020 01:15:58 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="rMlJn6cA" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729434AbgBMBPz (ORCPT ); Wed, 12 Feb 2020 20:15:55 -0500 Received: from mail-eopbgr680044.outbound.protection.outlook.com ([40.107.68.44]:21095 "EHLO NAM04-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729185AbgBMBPz (ORCPT ); Wed, 12 Feb 2020 20:15:55 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=leUMku1qsFpo/Pprh/ZEomCwoVpZSW9ZAw5V4O6sQTno9AgBfA/Rs9wiEKaOSLjoozkocNgL+p2MPlyAUv1Zj3I0Zxk8TnfrSy9oON9GUxdGoxN+bW3C2aOGSnrWbUGB44a8T1JIGhI1Vt58TzMYxJcCE+0+tlDdMZkC0RPAqlvq2TCEpcBJpr/N09fSOxUXU7VctQBCWSI/vwqLLSC/4g9YUvHDVJHG4doVvhnGhzYeZuyppbZx4EmYq2u9aRmJcjpMz/JYfH7xD9afgjBklIMYEoWkxIBxdEjZV9HroaUQ12KgDRU7GDY+yj2x9gUHug0Cbg57TCQJtKtt0UDGyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Nrym0sEFW64/G6dy2+AJxTR9qj4a+Y07l3XpAS56eBQ=; b=QIaTmM56Rs3pCdmsLUg4VZ+ywwWP4gkj9f66YHd1Q4XRqy9Jb/Yh9smoMmU7DUExKOj6jAcPYT975tlWalFQm2vHmVcy+5u3+rdj0NiNxLQHzivpXgUB+FKOZKTnhcmrAYaCVwwQ8BEyx80glgXt36D3kLbgAyR+c+si1/jPCLK2WuHXOSb8oraYC1wUuR2fq7OxYu6IAVbcBqWV/OC4vWSp4aDXYuEyxgiV8X5mueopnKvV/p2IJgFJbFpdTYqiwO8LE8o2iVZL6jN20r1TtSAvH9TMpNMKaQHrNXIXfr77W8g72znXUinbUIAY3gEwCTWzf2WwnQYIQp8nbCEfIw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Nrym0sEFW64/G6dy2+AJxTR9qj4a+Y07l3XpAS56eBQ=; b=rMlJn6cAeCUtn5bxohnDAv7JSobe8dBjIxjioCJTmafKoyZAYI1wjIaIhFd3ntjstfYwUy7HYQADx5L7HxZxCgTuMCRblWpXX5oMTyNbbV+L/54TnvDNuseKMqYy2RW79UDqI746V5cusEg/vwQsyrICJ92WoAUROhrXvXa2fqg= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Ashish.Kalra@amd.com; Received: from SN1PR12MB2528.namprd12.prod.outlook.com (52.132.196.33) by SN1PR12MB2366.namprd12.prod.outlook.com (52.132.194.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.22; Thu, 13 Feb 2020 01:15:47 +0000 Received: from SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1]) by SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1%7]) with mapi id 15.20.2707.030; Thu, 13 Feb 2020 01:15:47 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, rientjes@google.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 02/12] KVM: SVM: Add KVM_SEND_UPDATE_DATA command Date: Thu, 13 Feb 2020 01:15:05 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: DM6PR03CA0039.namprd03.prod.outlook.com (2603:10b6:5:100::16) To SN1PR12MB2528.namprd12.prod.outlook.com (2603:10b6:802:28::33) MIME-Version: 1.0 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by DM6PR03CA0039.namprd03.prod.outlook.com (2603:10b6:5:100::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.22 via Frontend Transport; Thu, 13 Feb 2020 01:15:46 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [165.204.77.1] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 2ec9011f-ff9f-4feb-4dcb-08d7b0224187 X-MS-TrafficTypeDiagnostic: SN1PR12MB2366:|SN1PR12MB2366: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-Forefront-PRVS: 031257FE13 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4636009)(346002)(136003)(366004)(376002)(39860400002)(396003)(199004)(189003)(8936002)(5660300002)(66946007)(66476007)(66556008)(7416002)(2906002)(6916009)(6666004)(4326008)(7696005)(52116002)(316002)(36756003)(66574012)(6486002)(86362001)(956004)(2616005)(81156014)(478600001)(8676002)(81166006)(26005)(16526019)(186003);DIR:OUT;SFP:1101;SCL:1;SRVR:SN1PR12MB2366;H:SN1PR12MB2528.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Fq8yNeViGMpGV8hjA/dTnwb8PXyFW5gKwRIWqQSBB7ys4NK65JdAbA0Gkn5P32O1tVtwt0bCSgTegG2u5qGqQ3nLN72aRkZTEl1O6hA0tTYmsDf+A37ovbEvRC0FUjBjQ3gvkvYr+/G8WZcErwL6kze9p7AFtloah/XejIApKsE37aZaqatlj5p6/60tDGtnHx3KOIz0nyB3QqpHmfe/bQ2+uFP/MHLMZTJr3Lbo5z6is6IxJKRdV/R5imnfzYmwTfGW62+NcnasI0Qy7sT8juvk8tUQctO5kQi7Ldgh/8jlKHA7/jUL/SIxGsUVYnV5yDqWEbEfIUyPVwqR+EcUraQSqkvqYSoG1I9y1NedNpoxscptgIywwjtR3SJSIDPQaOmL5yQfTlg2CjtRh4zK3dRN2pqtInkBP0JDnlSa/xgD/ndoPmfMEi06jwY4ayDP X-MS-Exchange-AntiSpam-MessageData: mTZq2hnyXJ14nKEkAIkxmSOI0LtimRckVZ0n1ctaQXnQ+/aOcuj9WZ24NYxqEQ8yyFXtLb4VaroHS+k2Ui1iAfInKgEzu/5qcgk0xacGRc/uuhs3eifPoUYT8ba363/tAgVbpU0qRIG407Ln2g44pA== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2ec9011f-ff9f-4feb-4dcb-08d7b0224187 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Feb 2020 01:15:47.5085 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Z57NhLaaI5a7Bs3qgRT9r+2nqnOiqs8T6fhUT1SeNKGKF1Y/0YHwSXkUr1hS6pDS/WdDWHnPvM/n0nuFzXGUvQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2366 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The command is used for encrypting the guest memory region using the encryption context created with KVM_SEV_SEND_START. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- .../virt/kvm/amd-memory-encryption.rst | 24 ++++ arch/x86/kvm/svm.c | 136 +++++++++++++++++- include/uapi/linux/kvm.h | 9 ++ 3 files changed, 165 insertions(+), 4 deletions(-) diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst index 826911f41f3b..0f1c3860360f 100644 --- a/Documentation/virt/kvm/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/amd-memory-encryption.rst @@ -265,6 +265,30 @@ Returns: 0 on success, -negative on error __u32 session_len; }; +11. KVM_SEV_SEND_UPDATE_DATA +---------------------------- + +The KVM_SEV_SEND_UPDATE_DATA command can be used by the hypervisor to encrypt the +outgoing guest memory region with the encryption context creating using +KVM_SEV_SEND_START. + +Parameters (in): struct kvm_sev_send_update_data + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_launch_send_update_data { + __u64 hdr_uaddr; /* userspace address containing the packet header */ + __u32 hdr_len; + + __u64 guest_uaddr; /* the source memory region to be encrypted */ + __u32 guest_len; + + __u64 trans_uaddr; /* the destition memory region */ + __u32 trans_len; + }; + References ========== diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 3a7e2cac51de..ae97f774e979 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -426,6 +426,7 @@ static DECLARE_RWSEM(sev_deactivate_lock); static DEFINE_MUTEX(sev_bitmap_lock); static unsigned int max_sev_asid; static unsigned int min_sev_asid; +static unsigned long sev_me_mask; static unsigned long *sev_asid_bitmap; static unsigned long *sev_reclaim_asid_bitmap; #define __sme_page_pa(x) __sme_set(page_to_pfn(x) << PAGE_SHIFT) @@ -1231,16 +1232,22 @@ static int avic_ga_log_notifier(u32 ga_tag) static __init int sev_hardware_setup(void) { struct sev_user_data_status *status; + int eax, ebx; int rc; - /* Maximum number of encrypted guests supported simultaneously */ - max_sev_asid = cpuid_ecx(0x8000001F); + /* + * Query the memory encryption information. + * EBX: Bit 0:5 Pagetable bit position used to indicate encryption + * (aka Cbit). + * ECX: Maximum number of encrypted guests supported simultaneously. + * EDX: Minimum ASID value that should be used for SEV guest. + */ + cpuid(0x8000001f, &eax, &ebx, &max_sev_asid, &min_sev_asid); if (!max_sev_asid) return 1; - /* Minimum ASID value that should be used for SEV guest */ - min_sev_asid = cpuid_edx(0x8000001F); + sev_me_mask = 1UL << (ebx & 0x3f); /* Initialize SEV ASID bitmaps */ sev_asid_bitmap = bitmap_zalloc(max_sev_asid, GFP_KERNEL); @@ -7262,6 +7269,124 @@ static int sev_send_start(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +/* Userspace wants to query either header or trans length. */ +static int +__sev_send_update_data_query_lengths(struct kvm *kvm, struct kvm_sev_cmd *argp, + struct kvm_sev_send_update_data *params) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_send_update_data *data; + int ret; + + data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT); + if (!data) + return -ENOMEM; + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_UPDATE_DATA, data, &argp->error); + + params->hdr_len = data->hdr_len; + params->trans_len = data->trans_len; + + if (copy_to_user((void __user *)(uintptr_t)argp->data, params, + sizeof(struct kvm_sev_send_update_data))) + ret = -EFAULT; + + kfree(data); + return ret; +} + +static int sev_send_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_send_update_data *data; + struct kvm_sev_send_update_data params; + void *hdr, *trans_data; + struct page **guest_page; + unsigned long n; + int ret, offset; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, + sizeof(struct kvm_sev_send_update_data))) + return -EFAULT; + + /* userspace wants to query either header or trans length */ + if (!params.trans_len || !params.hdr_len) + return __sev_send_update_data_query_lengths(kvm, argp, ¶ms); + + if (!params.trans_uaddr || !params.guest_uaddr || + !params.guest_len || !params.hdr_uaddr) + return -EINVAL; + + + /* Check if we are crossing the page boundary */ + offset = params.guest_uaddr & (PAGE_SIZE - 1); + if ((params.guest_len + offset > PAGE_SIZE)) + return -EINVAL; + + /* Pin guest memory */ + guest_page = sev_pin_memory(kvm, params.guest_uaddr & PAGE_MASK, + PAGE_SIZE, &n, 0); + if (!guest_page) + return -EFAULT; + + /* allocate memory for header and transport buffer */ + ret = -ENOMEM; + hdr = kmalloc(params.hdr_len, GFP_KERNEL_ACCOUNT); + if (!hdr) + goto e_unpin; + + trans_data = kmalloc(params.trans_len, GFP_KERNEL_ACCOUNT); + if (!trans_data) + goto e_free_hdr; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + goto e_free_trans_data; + + data->hdr_address = __psp_pa(hdr); + data->hdr_len = params.hdr_len; + data->trans_address = __psp_pa(trans_data); + data->trans_len = params.trans_len; + + /* The SEND_UPDATE_DATA command requires C-bit to be always set. */ + data->guest_address = (page_to_pfn(guest_page[0]) << PAGE_SHIFT) + + offset; + data->guest_address |= sev_me_mask; + data->guest_len = params.guest_len; + data->handle = sev->handle; + + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_UPDATE_DATA, data, &argp->error); + + if (ret) + goto e_free; + + /* copy transport buffer to user space */ + if (copy_to_user((void __user *)(uintptr_t)params.trans_uaddr, + trans_data, params.trans_len)) { + ret = -EFAULT; + goto e_unpin; + } + + /* Copy packet header to userspace. */ + ret = copy_to_user((void __user *)(uintptr_t)params.hdr_uaddr, hdr, + params.hdr_len); + +e_free: + kfree(data); +e_free_trans_data: + kfree(trans_data); +e_free_hdr: + kfree(hdr); +e_unpin: + sev_unpin_memory(kvm, guest_page, n); + + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -7306,6 +7431,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_SEND_START: r = sev_send_start(kvm, &sev_cmd); break; + case KVM_SEV_SEND_UPDATE_DATA: + r = sev_send_update_data(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 17bef4c245e1..d9dc81bb9c55 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1570,6 +1570,15 @@ struct kvm_sev_send_start { __u32 session_len; }; +struct kvm_sev_send_update_data { + __u64 hdr_uaddr; + __u32 hdr_len; + __u64 guest_uaddr; + __u32 guest_len; + __u64 trans_uaddr; + __u32 trans_len; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Thu Feb 13 01:16:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11379543 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B04B1921 for ; Thu, 13 Feb 2020 01:16:30 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 852562173E for ; Thu, 13 Feb 2020 01:16:30 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="cy26+rZW" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729394AbgBMBQ0 (ORCPT ); Wed, 12 Feb 2020 20:16:26 -0500 Received: from mail-eopbgr690041.outbound.protection.outlook.com ([40.107.69.41]:40833 "EHLO NAM04-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729276AbgBMBQ0 (ORCPT ); Wed, 12 Feb 2020 20:16:26 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Glyrr63PTZuEOXHNWTdT255rD+S4toV/1FUA88Xw0Da2QwXOpjsyPp8YuhAsMLY9oTzmJ5SyGjFqC3RNGrmDtRNf5iEueEIWs6BJYpxYxwKqYeRmbuv0GacCpqiVvFOta81h3duKiff1lc3mSRCk8OQaICS0Y54M4KbtgBQ5ik3ghEsKuds8Mn6qKQzGbQNsVjctvOPuZQZMkdUJX6qny2EDm3diHhILycUsFKNfHCL3gwbpfa6ezN6CeFYKYgh3aQRnVx+cLvSUnDnnz4Njfc0FWKw0I2Wkj1Ga82qxE32GV6EefQpifeiSralWzF/T21h1/kllnWN8fjo7lon2kQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=swqFPurofpMDZYrmVIIjPRTcqalWc2cHXs8EPG4/xeU=; b=h6F45IdOTG+MSVEVGMe/Axf9ifenMMNZZxNolHhk1a6NQZIDmfYFSsG7KRSrhrUcwExQgZuF5Mv47ZdB82xyZqXKxhzf8TQc3Z7oy1ioz/sPt3qo2T29zxt1EH4QmeyzHpEwsxLuQ4tFvLbNfoJ8zW/rrdcFJnsnfVxoKq12FhCgwZjJz6fD0nWljXC3z9xADajX/dGQa0KgNDeMQb0Mw8ShoOKMwWSKH7ZBy61fjMErrSOTQ7wbdmHZq6XLhI3Uys1SgQncrpRfG5iHfxHtk/8Zis6fBkhXeVqgOVK8fzToplruQ27HW3WfS8J9gItYIysrcrUobP+8SpP3lmbk+g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=swqFPurofpMDZYrmVIIjPRTcqalWc2cHXs8EPG4/xeU=; b=cy26+rZWeQxzKhbqIRFB4CKanB3Qc/cwJ9rsiDdoSPQqWwvx02+Mf257FHtTj2ILLCvHSHicRrSwS2ppZzNKvIpzxoSL3ysLPktgJkRNS827pOljQ50tFLKYJj2WDluuLOEZGYrXsvaQ1u2V+YkpHiVi5kwwH6AVx6MyNEYiV+c= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Ashish.Kalra@amd.com; Received: from SN1PR12MB2528.namprd12.prod.outlook.com (52.132.196.33) by SN1PR12MB2366.namprd12.prod.outlook.com (52.132.194.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.22; Thu, 13 Feb 2020 01:16:21 +0000 Received: from SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1]) by SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1%7]) with mapi id 15.20.2707.030; Thu, 13 Feb 2020 01:16:21 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, rientjes@google.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 03/12] KVM: SVM: Add KVM_SEV_SEND_FINISH command Date: Thu, 13 Feb 2020 01:16:11 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: DM6PR03CA0068.namprd03.prod.outlook.com (2603:10b6:5:100::45) To SN1PR12MB2528.namprd12.prod.outlook.com (2603:10b6:802:28::33) MIME-Version: 1.0 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by DM6PR03CA0068.namprd03.prod.outlook.com (2603:10b6:5:100::45) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.23 via Frontend Transport; Thu, 13 Feb 2020 01:16:20 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [165.204.77.1] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 8bc916cd-a590-4558-c71c-08d7b022562c X-MS-TrafficTypeDiagnostic: SN1PR12MB2366:|SN1PR12MB2366: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3826; X-Forefront-PRVS: 031257FE13 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4636009)(346002)(136003)(366004)(376002)(39860400002)(396003)(199004)(189003)(8936002)(5660300002)(66946007)(66476007)(66556008)(7416002)(2906002)(6916009)(6666004)(4326008)(7696005)(52116002)(316002)(36756003)(66574012)(6486002)(86362001)(956004)(2616005)(81156014)(478600001)(8676002)(81166006)(26005)(16526019)(186003);DIR:OUT;SFP:1101;SCL:1;SRVR:SN1PR12MB2366;H:SN1PR12MB2528.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: PbonPrQhB3AI6NAjssE/BKyePT6RiPtooWD0xNHV6F7WO/TekM92CgsGRUM8htG7IvdmpE3Ya/Jt+34uUSZPpPc5/zYGXdvraEoltub/AOEKrqO+4JkgUJ2NSaXH6/dgDlFmk9uANTAgHdie2OtRNTI2u/dCCo+h+h1REvml/m9O3vbyEq/ebHvsbxTsfx+l+Uk1icq/xLxZHR25h35YtXc2FOyDm9fYzwSenUkFXjGmwr1rN2hL7+aF+GAGhGkl+3mpjVVNHHug7P4G+8YILWgAQI0DsjrG6/nmtDuUJvswIjtrGGma692fgIl46fY77UFmfuE3hLlkwidCPWxDfBll8LM7q7aKg6JoxcwSjzsZl0/mNqEyInpU/EGx/3MQs6w4Ve8kza5T/R9tnNyyNXyvpk3dxPfvBlx9xLy3CdCVDSHmmo94fGm6WCrhcTU7 X-MS-Exchange-AntiSpam-MessageData: h3UegRnFAMfbOC0XTkiG24Nvu+76EqxcshPhEQmY8lwcrzoAcmHRRO1iUkIjSAkjqHT4Xu0Vx8uMvE2KKdq99hQIU0iSIjusYJo0aoZJnfGq/qt+Vp/kJY4Uwg54M5cdEKniJ/O3v0KkKjSFR4gJ0w== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8bc916cd-a590-4558-c71c-08d7b022562c X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Feb 2020 01:16:21.8675 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 7OjgE5PqGeZz2F2UxO0Pg9ty5xfy3Hdw6XRmWOl9LqOW2QbFb5Rw1Lev0RuqFjavUjyQxfP5MGjyvfCqumB+zQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2366 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The command is used to finailize the encryption context created with KVM_SEV_SEND_START command. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra Reviewed-by: Steve Rutherford --- .../virt/kvm/amd-memory-encryption.rst | 8 +++++++ arch/x86/kvm/svm.c | 23 +++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst index 0f1c3860360f..f22f09ad72bd 100644 --- a/Documentation/virt/kvm/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/amd-memory-encryption.rst @@ -289,6 +289,14 @@ Returns: 0 on success, -negative on error __u32 trans_len; }; +12. KVM_SEV_SEND_FINISH +------------------------ + +After completion of the migration flow, the KVM_SEV_SEND_FINISH command can be +issued by the hypervisor to delete the encryption context. + +Returns: 0 on success, -negative on error + References ========== diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index ae97f774e979..c55c1865f9e0 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -7387,6 +7387,26 @@ static int sev_send_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_send_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_send_finish *data; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_FINISH, data, &argp->error); + + kfree(data); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -7434,6 +7454,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_SEND_UPDATE_DATA: r = sev_send_update_data(kvm, &sev_cmd); break; + case KVM_SEV_SEND_FINISH: + r = sev_send_finish(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; From patchwork Thu Feb 13 01:16:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11379545 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7ADFE921 for ; Thu, 13 Feb 2020 01:16:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 45EB521734 for ; Thu, 13 Feb 2020 01:16:46 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="jTQ3iCFJ" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729458AbgBMBQn (ORCPT ); Wed, 12 Feb 2020 20:16:43 -0500 Received: from mail-eopbgr690085.outbound.protection.outlook.com ([40.107.69.85]:33413 "EHLO NAM04-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729185AbgBMBQn (ORCPT ); Wed, 12 Feb 2020 20:16:43 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dcxqys0eiphBBpII7LQVRZ5rKyMKznKAKtPM23QcB9CMktmqPB8VbWgevJ/uPyf3CVzr/0E8+28SQOaG+Bj4edwW734Zxnk8i3bRVR+4FrV6flo6ckswQD4lLiZhp3Xr7cRcSpw7HB/tLNeDUh1N2iuotfY9dSZzLbph9y4tRSlxnGHLidxm5zYDCdGrrY7MsI5bC2Oo7ui8HJfoNHnDXVBKacklC1Q6SIe/nH7k/KE1i1GkSog4/TjkneUhmOsTSwA73tzsbwwWttQzzPbU0CefgaV2GfBPVeBcA1m25Z20Vg7zkGptnmRf9knPQQIlIIBPxBs2PPD3Uhl/LUFqIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EdhPnYXL7XrsMehKNBFgkWdN2ch3x9dIwK63Ttaigh4=; b=XEibVfaOOik/HJBtuB9xhUEK3UfvPinajZtrUc5XhZVxVP58l+Q/D5B40k2gizOfc8d3d3jRdeDA65VTgvuXYljWV3RTR6dDSr78IzUj6SEEbLwn4s6Am6SlFu8PynbWNQH/98J7KFUUtDGknP3Rkev9j6xO6RH4imYavrbSp8DGw9ON71PrBcyKPfIA+hIosaLMrrZ8UnVrfrTQnzG5rQMsO9yUJrK+1G7Orgnt53T3rYNTZ1X9ABK2m6KZvfletjhcqb3seuu7yKiaY1omIxP5ntV+hpPLKwAh4gUNEIV40aD74rxvFyJHmEr9VvLuL3Ra4LF0X/qgr4liH0HO+A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EdhPnYXL7XrsMehKNBFgkWdN2ch3x9dIwK63Ttaigh4=; b=jTQ3iCFJwpzhQyHRfzQllBTpzVrEIghDodWnxxhZxjSkiLsKc9akUUD9bvVPOyeTvZxVieTnKEuP1wK/+AC1aQIGuTTDKWC3wxVp4uLZGyI++XAoay6NacEQsf4WwcKmutTTE5YXh8hFVHzCgpRS5htSy7OFw29rBi7BG3YpiUo= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Ashish.Kalra@amd.com; Received: from SN1PR12MB2528.namprd12.prod.outlook.com (52.132.196.33) by SN1PR12MB2366.namprd12.prod.outlook.com (52.132.194.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.22; Thu, 13 Feb 2020 01:16:37 +0000 Received: from SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1]) by SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1%7]) with mapi id 15.20.2707.030; Thu, 13 Feb 2020 01:16:37 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, rientjes@google.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 04/12] KVM: SVM: Add support for KVM_SEV_RECEIVE_START command Date: Thu, 13 Feb 2020 01:16:27 +0000 Message-Id: <0a0b3815e03dcee47ca0fbf4813821877b4c2ea0.1581555616.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: DM5PR21CA0059.namprd21.prod.outlook.com (2603:10b6:3:129::21) To SN1PR12MB2528.namprd12.prod.outlook.com (2603:10b6:802:28::33) MIME-Version: 1.0 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by DM5PR21CA0059.namprd21.prod.outlook.com (2603:10b6:3:129::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2750.5 via Frontend Transport; Thu, 13 Feb 2020 01:16:36 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [165.204.77.1] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 7fd0ae01-1bdd-44a9-37d4-08d7b0225f56 X-MS-TrafficTypeDiagnostic: SN1PR12MB2366:|SN1PR12MB2366: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2331; X-Forefront-PRVS: 031257FE13 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4636009)(346002)(136003)(366004)(376002)(39860400002)(396003)(199004)(189003)(8936002)(5660300002)(66946007)(66476007)(66556008)(7416002)(2906002)(6916009)(6666004)(4326008)(7696005)(52116002)(316002)(36756003)(66574012)(6486002)(86362001)(956004)(2616005)(81156014)(478600001)(8676002)(81166006)(26005)(16526019)(186003);DIR:OUT;SFP:1101;SCL:1;SRVR:SN1PR12MB2366;H:SN1PR12MB2528.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: LL/XF5jaj30TZhUs7xFguUYAzHoInLj5XQZflcCXb0YmzZcjK5tGjD4i1e2l4kXXyb53GolH9H27eXtQ+GBA2nHfzdCJA4ovtCne4ByeK1kokHHydIwmN7ZjE3HrGGZa/Ovxs2NfJiyCRtTaN6vUKV6yjd5uycZRTk3UMtzdZ5qZbSBxE2Gs2KpTafbggbgOOgDvQerFOOfNIxIdAf6cFsuSJH9kov+qmjbYpj0y6oUEfoUddSWqccHhPKvtcpmnC4qzz6DD9bzOAlmhF9qlg/trAAisEpDkODMYZDRh5N51PuVNhNDPjQATRzW2hrwNXP4OVu4SQ2vyc6Qm4N0sWMGDx3sMea2dgarroGIdIV1GkEv+jbxMDmXsXPCQ2nwJpXWqRqi4nDhfyNr802Nz+n0Vo2tAHaqsP4yPOyf2/Wb3Zpswtc6u67vB8U/ZYDbP X-MS-Exchange-AntiSpam-MessageData: s/f/67pW+wGWdUTskbagEEgUqsVWckjkQzshuyfzHTgp7PsoN1p81p/eZBu5MRu9PRGPWi878BkkbrrucowcX8/wXC5Qr/Rtd1g8CFaBzDyKwfAILIVQqEXAYrFXzlfLx1BPxonItaApK0eXuoTJfQ== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7fd0ae01-1bdd-44a9-37d4-08d7b0225f56 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Feb 2020 01:16:37.2286 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: bxl4iPI8Ak2XeQViZ7oqshCbjLcgRPzoq6vA+IopSMzkQHvhzHBwIZhC2QiVTGObr91EUQxcqZwuFk99KAhq/A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2366 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The command is used to create the encryption context for an incoming SEV guest. The encryption context can be later used by the hypervisor to import the incoming data into the SEV guest memory space. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra Reviewed-by: Steve Rutherford --- .../virt/kvm/amd-memory-encryption.rst | 29 +++++++ arch/x86/kvm/svm.c | 81 +++++++++++++++++++ include/uapi/linux/kvm.h | 9 +++ 3 files changed, 119 insertions(+) diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst index f22f09ad72bd..4b882fb681fa 100644 --- a/Documentation/virt/kvm/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/amd-memory-encryption.rst @@ -297,6 +297,35 @@ issued by the hypervisor to delete the encryption context. Returns: 0 on success, -negative on error +13. KVM_SEV_RECEIVE_START +------------------------ + +The KVM_SEV_RECEIVE_START command is used for creating the memory encryption +context for an incoming SEV guest. To create the encryption context, the user must +provide a guest policy, the platform public Diffie-Hellman (PDH) key and session +information. + +Parameters: struct kvm_sev_receive_start (in/out) + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_receive_start { + __u32 handle; /* if zero then firmware creates a new handle */ + __u32 policy; /* guest's policy */ + + __u64 pdh_uaddr; /* userspace address pointing to the PDH key */ + __u32 dh_len; + + __u64 session_addr; /* userspace address which points to the guest session information */ + __u32 session_len; + }; + +On success, the 'handle' field contains a new handle and on error, a negative value. + +For more details, see SEV spec Section 6.12. + References ========== diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index c55c1865f9e0..3b766f386c84 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -7407,6 +7407,84 @@ static int sev_send_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_receive_start(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_receive_start *start; + struct kvm_sev_receive_start params; + int *error = &argp->error; + void *session_data; + void *pdh_data; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + /* Get parameter from the userspace */ + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, + sizeof(struct kvm_sev_receive_start))) + return -EFAULT; + + /* some sanity checks */ + if (!params.pdh_uaddr || !params.pdh_len || + !params.session_uaddr || !params.session_len) + return -EINVAL; + + pdh_data = psp_copy_user_blob(params.pdh_uaddr, params.pdh_len); + if (IS_ERR(pdh_data)) + return PTR_ERR(pdh_data); + + session_data = psp_copy_user_blob(params.session_uaddr, + params.session_len); + if (IS_ERR(session_data)) { + ret = PTR_ERR(session_data); + goto e_free_pdh; + } + + ret = -ENOMEM; + start = kzalloc(sizeof(*start), GFP_KERNEL); + if (!start) + goto e_free_session; + + start->handle = params.handle; + start->policy = params.policy; + start->pdh_cert_address = __psp_pa(pdh_data); + start->pdh_cert_len = params.pdh_len; + start->session_address = __psp_pa(session_data); + start->session_len = params.session_len; + + /* create memory encryption context */ + ret = __sev_issue_cmd(argp->sev_fd, SEV_CMD_RECEIVE_START, start, + error); + if (ret) + goto e_free; + + /* Bind ASID to this guest */ + ret = sev_bind_asid(kvm, start->handle, error); + if (ret) + goto e_free; + + params.handle = start->handle; + if (copy_to_user((void __user *)(uintptr_t)argp->data, + ¶ms, sizeof(struct kvm_sev_receive_start))) { + ret = -EFAULT; + sev_unbind_asid(kvm, start->handle); + goto e_free; + } + + sev->handle = start->handle; + sev->fd = argp->sev_fd; + +e_free: + kfree(start); +e_free_session: + kfree(session_data); +e_free_pdh: + kfree(pdh_data); + + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -7457,6 +7535,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_SEND_FINISH: r = sev_send_finish(kvm, &sev_cmd); break; + case KVM_SEV_RECEIVE_START: + r = sev_receive_start(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index d9dc81bb9c55..74764b9db5fa 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1579,6 +1579,15 @@ struct kvm_sev_send_update_data { __u32 trans_len; }; +struct kvm_sev_receive_start { + __u32 handle; + __u32 policy; + __u64 pdh_uaddr; + __u32 pdh_len; + __u64 session_uaddr; + __u32 session_len; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Thu Feb 13 01:16:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11379547 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D630F921 for ; Thu, 13 Feb 2020 01:16:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id A2F6421734 for ; Thu, 13 Feb 2020 01:16:59 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="axWO7rAO" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729474AbgBMBQ4 (ORCPT ); Wed, 12 Feb 2020 20:16:56 -0500 Received: from mail-eopbgr690076.outbound.protection.outlook.com ([40.107.69.76]:33177 "EHLO NAM04-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729471AbgBMBQz (ORCPT ); Wed, 12 Feb 2020 20:16:55 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PA5C5m0Gl9+6iJ1g3oM+hpPgbq1H4htRO0zV8cqis/F36/R9CaZrGEx6x4qtprJdlXC60J9iRU79ZLHuqV+6wd+/lyXN9otTjthSXwX/SRVnX5R6wap7lg3qailFQiRyHPh33K8JvlFVRak4YInbfgL5f3YZ8Ci9t8/Uh3sDiGltPJ2FMdyOj4nGNYEtt96g3rzyx3nFbDSaW/Rvpr2mzmEA1V/pE2LfSLwYRxQ8G4e99wg6M3qumLwfO/4wojsI9JtTLMFYec4YBhpehMrKWn1QajJh1fYOaK6Xuxef3S+TIs/8huXZv9/6j3SB2zBeFbR6WZ/MiT6SPgVvu22OQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6j3ax/5Nr5Um6CDjrC6SKBk9X2dyMEERxprdBaAS7n8=; b=VazKbDQ561uSmTZmg6u+TscGEpJUms+b7IPpmK6S7w/qLayJJc9o5qTBaVjLLJO+ixr+i3eeVfjiadSIUUrEOUTQD82k3qqYIqIpHHvBsVl6orxEmAoyMRPCE9b/7BGVMQ5Q3LFFwuSl/z/JJRUgYrEVI6FjKXiDhGLAkJ8wwMVnU9f3YamQWaTbxhGE/GU1PNWUHn1BUcYWQzU8V7E0Ubxr2tlHNNlc/MEKOlrsfd434n+X+/Olzy1JFJHrCwk/oo+yqCBhUrXhWVqyIqMpbhs9vngXgQqd32N+ffIprInbYyqhZ+ZQo/CKRczRmSCOMCFizsrJlRUk7AlFYVzNcQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6j3ax/5Nr5Um6CDjrC6SKBk9X2dyMEERxprdBaAS7n8=; b=axWO7rAO5fQJtemrd+k+SW2QifwkoZWJScUtN2K2GfatOM9qR59VdSNUNC10k1LP1G6d1q5yJDOc10bLlLnNiXIT6+f5DkAkBI+3FMd2PiWS3ISSPxFSDi9LviRLvSyLmIn7c7GaVKrwVE1rITOKLadkj8mORWHAA4Z6vXgC3jw= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Ashish.Kalra@amd.com; Received: from SN1PR12MB2528.namprd12.prod.outlook.com (52.132.196.33) by SN1PR12MB2366.namprd12.prod.outlook.com (52.132.194.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.22; Thu, 13 Feb 2020 01:16:53 +0000 Received: from SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1]) by SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1%7]) with mapi id 15.20.2707.030; Thu, 13 Feb 2020 01:16:53 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, rientjes@google.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 05/12] KVM: SVM: Add KVM_SEV_RECEIVE_UPDATE_DATA command Date: Thu, 13 Feb 2020 01:16:43 +0000 Message-Id: <9d9166c94a1202285d674f4c5ae6be2b7cdc27e7.1581555616.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: DM6PR07CA0048.namprd07.prod.outlook.com (2603:10b6:5:74::25) To SN1PR12MB2528.namprd12.prod.outlook.com (2603:10b6:802:28::33) MIME-Version: 1.0 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by DM6PR07CA0048.namprd07.prod.outlook.com (2603:10b6:5:74::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.22 via Frontend Transport; Thu, 13 Feb 2020 01:16:51 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [165.204.77.1] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 92e1e255-81c2-4e76-f40c-08d7b02268e0 X-MS-TrafficTypeDiagnostic: SN1PR12MB2366:|SN1PR12MB2366: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6108; X-Forefront-PRVS: 031257FE13 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4636009)(346002)(136003)(366004)(376002)(39860400002)(396003)(199004)(189003)(8936002)(5660300002)(66946007)(66476007)(66556008)(7416002)(2906002)(6916009)(6666004)(4326008)(7696005)(52116002)(316002)(36756003)(66574012)(6486002)(86362001)(956004)(2616005)(81156014)(478600001)(8676002)(81166006)(26005)(16526019)(186003);DIR:OUT;SFP:1101;SCL:1;SRVR:SN1PR12MB2366;H:SN1PR12MB2528.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: npSP0d4OWxhMRHMvqE+dXwNzX0bemqvbLGUSFqskl3/GTW2GiI0HI4rEDFvG30NFItTbxq1L11ck3doM70+tN0krv1FsFrAjSACuOWS+cmxUYyd7UUPovkeRAp5JsCsSCqqmxeY3yUoJLsQkiAIq5HJYfavdd6oetFzz8+jPtv/YK3Z5nE6Q/euoUMnc0tU3IBU3FZQRdEI6oizqqr2njIs7n7n87FAVs+KNv+SaKGvQ41tLUeETY2sOIHe2+8pY7faTv8vjug2O6t+hbJtHiTp3+dnfSpWKHiXm/TEonxYTkLu+KvMDNZWcFttQfsQLgeAL2SAdLUWG7iExvN3Z0K7uCxj3O4rxAPiA/kY5bqEn8EzRvcLB2NWcbEFt4mx5MolfGSkzAFAQ3HQycbQbmtMw/EVPQ6ZdDbYVB04XOh4rLjGoKb/edITP2Prpm9n4 X-MS-Exchange-AntiSpam-MessageData: 2zKk16UjEdBXRSlLOoqO8A4Y2anc5GIQ1mROtLk+UaKAeHt8j2Ux0/SAcw7LdWKiLHYmnJ21ObITKuGc8YZh1Ovc6sSlQkLPH73uaLD2DU6wcu8x4VasWFR2wuh5WmKILqTrqU1lWqcUt/neJwgmiw== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 92e1e255-81c2-4e76-f40c-08d7b02268e0 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Feb 2020 01:16:53.2313 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: mMGhzlyvYk8IkUs/XfaMSdLzXqIrtig5c7TfXzc0QdJySrBzEKpD/cOBKvGjyS6GEKYhyfWgq0WO1Z942E40xQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2366 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The command is used for copying the incoming buffer into the SEV guest memory space. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- .../virt/kvm/amd-memory-encryption.rst | 24 ++++++ arch/x86/kvm/svm.c | 79 +++++++++++++++++++ include/uapi/linux/kvm.h | 9 +++ 3 files changed, 112 insertions(+) diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst index 4b882fb681fa..52fca9e258dc 100644 --- a/Documentation/virt/kvm/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/amd-memory-encryption.rst @@ -326,6 +326,30 @@ On success, the 'handle' field contains a new handle and on error, a negative va For more details, see SEV spec Section 6.12. +14. KVM_SEV_RECEIVE_UPDATE_DATA +---------------------------- + +The KVM_SEV_RECEIVE_UPDATE_DATA command can be used by the hypervisor to copy +the incoming buffers into the guest memory region with encryption context +created during the KVM_SEV_RECEIVE_START. + +Parameters (in): struct kvm_sev_receive_update_data + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_launch_receive_update_data { + __u64 hdr_uaddr; /* userspace address containing the packet header */ + __u32 hdr_len; + + __u64 guest_uaddr; /* the destination guest memory region */ + __u32 guest_len; + + __u64 trans_uaddr; /* the incoming buffer memory region */ + __u32 trans_len; + }; + References ========== diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 3b766f386c84..907c59ca74ad 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -7485,6 +7485,82 @@ static int sev_receive_start(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_receive_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct kvm_sev_receive_update_data params; + struct sev_data_receive_update_data *data; + void *hdr = NULL, *trans = NULL; + struct page **guest_page; + unsigned long n; + int ret, offset; + + if (!sev_guest(kvm)) + return -EINVAL; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, + sizeof(struct kvm_sev_receive_update_data))) + return -EFAULT; + + if (!params.hdr_uaddr || !params.hdr_len || + !params.guest_uaddr || !params.guest_len || + !params.trans_uaddr || !params.trans_len) + return -EINVAL; + + /* Check if we are crossing the page boundary */ + offset = params.guest_uaddr & (PAGE_SIZE - 1); + if ((params.guest_len + offset > PAGE_SIZE)) + return -EINVAL; + + hdr = psp_copy_user_blob(params.hdr_uaddr, params.hdr_len); + if (IS_ERR(hdr)) + return PTR_ERR(hdr); + + trans = psp_copy_user_blob(params.trans_uaddr, params.trans_len); + if (IS_ERR(trans)) { + ret = PTR_ERR(trans); + goto e_free_hdr; + } + + ret = -ENOMEM; + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + goto e_free_trans; + + data->hdr_address = __psp_pa(hdr); + data->hdr_len = params.hdr_len; + data->trans_address = __psp_pa(trans); + data->trans_len = params.trans_len; + + /* Pin guest memory */ + ret = -EFAULT; + guest_page = sev_pin_memory(kvm, params.guest_uaddr & PAGE_MASK, + PAGE_SIZE, &n, 0); + if (!guest_page) + goto e_free; + + /* The RECEIVE_UPDATE_DATA command requires C-bit to be always set. */ + data->guest_address = (page_to_pfn(guest_page[0]) << PAGE_SHIFT) + + offset; + data->guest_address |= sev_me_mask; + data->guest_len = params.guest_len; + data->handle = sev->handle; + + ret = sev_issue_cmd(kvm, SEV_CMD_RECEIVE_UPDATE_DATA, data, + &argp->error); + + sev_unpin_memory(kvm, guest_page, n); + +e_free: + kfree(data); +e_free_trans: + kfree(trans); +e_free_hdr: + kfree(hdr); + + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -7538,6 +7614,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_RECEIVE_START: r = sev_receive_start(kvm, &sev_cmd); break; + case KVM_SEV_RECEIVE_UPDATE_DATA: + r = sev_receive_update_data(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 74764b9db5fa..4e80c57a3182 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1588,6 +1588,15 @@ struct kvm_sev_receive_start { __u32 session_len; }; +struct kvm_sev_receive_update_data { + __u64 hdr_uaddr; + __u32 hdr_len; + __u64 guest_uaddr; + __u32 guest_len; + __u64 trans_uaddr; + __u32 trans_len; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Thu Feb 13 01:16:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11379549 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0C8D5109A for ; Thu, 13 Feb 2020 01:17:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id D4C3B218AC for ; Thu, 13 Feb 2020 01:17:14 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="n1GeDOCz" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729489AbgBMBRL (ORCPT ); Wed, 12 Feb 2020 20:17:11 -0500 Received: from mail-eopbgr690049.outbound.protection.outlook.com ([40.107.69.49]:47846 "EHLO NAM04-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729185AbgBMBRK (ORCPT ); Wed, 12 Feb 2020 20:17:10 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IxKasMmEYdX7XTpZb0P3NufS1sODA31uYLuyibp2lfRpPyMw6ELwVTCtubi2eBjTHTF4auMcXEVixIP551PSdYZWQPcoGlHrPNrO6EdibEiYxAOYm+VHyiN+KFa8zui9j+vgezNmU6bSmIMYigT1Y3zHTEEPBoeA9Og2HbSfdb1mlUxDcsZFPkzzEtz8+75dU2NVRLbEKK3gkgjl/ByCSt2vo7rzUEhsw5YOegcTf6E0ICh0qHcnnOAv1t0bGIPkInl+qp/hwdcXM/dI9Fz8bSWUaFIDRW0ghPVSIzhUkr5yiXH+I1oepBsRkwQR/8N4xY/K4SaRi5pcDJkDTbP5vw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XLGxKasy2SOaySnf14fAj6lUB58iq+T7ZQDgXfxzQtU=; b=a2Tr9wqwu4Y5k0HfjCE5cD36UqpYyP0MiXGOSdYfoxO+xe05fmqvmFza7JmBuFGQyQrOodNzPTSev1DLUk7Qj50QcTiNPM7mbqbqZttfe8fxfOiKqeraXRZxSYDywE+UYKwv9An82yV4FYWmUudKFDZ/I1sdqUTbWIJVBiPLox6NjEodY93TaMG814d4479d8x83GOmO2et5HTey0Me2esUjqJLMPBGpEyy6SxcOvbW3WjTrr68x1IQAooUHTEVaS3HzBeXBPtwDEYCu7kfXLECjhzl+PevQpR45nUT3vZ4PTX5M9myjmzgL86nmN5D9ZbtoP1Csk5wdrR5bTBmujQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XLGxKasy2SOaySnf14fAj6lUB58iq+T7ZQDgXfxzQtU=; b=n1GeDOCzPE5ZbpznVdJwFTYEn7+s6rWC/dkXxxioNLLbKrE/mvDFI1XF9ACrxkkte9AZ4QQvGdQTUnvHUzrirWL8JCm1A6q96ZMu3Tf4CPZn8P0QSy2LDsMdcRzU9ibVPmH8cbVcqDoZTitdkWiDXw3+U0hrV42PgUU0ntbxM+4= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Ashish.Kalra@amd.com; Received: from SN1PR12MB2528.namprd12.prod.outlook.com (52.132.196.33) by SN1PR12MB2366.namprd12.prod.outlook.com (52.132.194.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.22; Thu, 13 Feb 2020 01:17:08 +0000 Received: from SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1]) by SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1%7]) with mapi id 15.20.2707.030; Thu, 13 Feb 2020 01:17:08 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, rientjes@google.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 06/12] KVM: SVM: Add KVM_SEV_RECEIVE_FINISH command Date: Thu, 13 Feb 2020 01:16:59 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: DM6PR07CA0045.namprd07.prod.outlook.com (2603:10b6:5:74::22) To SN1PR12MB2528.namprd12.prod.outlook.com (2603:10b6:802:28::33) MIME-Version: 1.0 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by DM6PR07CA0045.namprd07.prod.outlook.com (2603:10b6:5:74::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.22 via Frontend Transport; Thu, 13 Feb 2020 01:17:07 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [165.204.77.1] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 4521a4dc-75f3-4619-d507-08d7b02271d8 X-MS-TrafficTypeDiagnostic: SN1PR12MB2366:|SN1PR12MB2366: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-Forefront-PRVS: 031257FE13 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4636009)(346002)(136003)(366004)(376002)(39860400002)(396003)(199004)(189003)(8936002)(5660300002)(66946007)(66476007)(66556008)(7416002)(2906002)(6916009)(6666004)(4326008)(7696005)(52116002)(316002)(36756003)(66574012)(6486002)(86362001)(956004)(2616005)(81156014)(478600001)(8676002)(81166006)(26005)(16526019)(186003);DIR:OUT;SFP:1101;SCL:1;SRVR:SN1PR12MB2366;H:SN1PR12MB2528.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: gwK2ebjaCpt1kV7hIOK+l3dSti4MHGYHHpcDoaJV2rl3smpvx/cTZm1dv6ySt62D1+wHMfJqDBlm2I0323lYmynffhe72i68gwN7NxxrDkCqReudFTKMTkf2pKfVxI4dSiHKaFdWwFpo1AjLsxV3LvOM4Hij1fpCt/Gc1IRhU6oXLUi1WtL5cPncNZBSP1B1cb8xfLCfNSqVZ5EFT+jNtAUBsVN5IZAjaOOMYGUZk+fYaOuFNi6rMFxyZWjqMbvgfr/MkTmPls6Aji9b7PqYFQ9DPCdcbhDsHa9otOB886HCt34rSHRqXJxN4jVowm5VGGVZ1PuohDDI1UNmGbTx7yJfDoCrTZqElK3kpQs6VTUytbxuTK1Ui5XVEST6aregyOmFmtRPW0qCEw1iVnl2n+ClCcMg+eAtUFzw1UWxS42gBAdRbmMuwWKfh7EHVxDm X-MS-Exchange-AntiSpam-MessageData: JKESBtvcfmty/894+v+jMlPTTuzILMF8ep+vHtYqgDSvIcHW5CD4of+Bu6pPQPsgiXJjmPEu8GkHnE7zpkXkgfKB0l7JGNpdCobymffGFyoodu9DZCXZ03PpLtbTKThs81f8CTAmbzWW9kpVftcisw== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4521a4dc-75f3-4619-d507-08d7b02271d8 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Feb 2020 01:17:08.2736 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 3A2xj6J1Sl3wXUfI6EBcw1JkC+wOmZDXnMBVV5PzAmi9odKkjiPoNvneJPJCeznyLK8hEZJd4diRz99PInQtnA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2366 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The command finalize the guest receiving process and make the SEV guest ready for the execution. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- .../virt/kvm/amd-memory-encryption.rst | 8 +++++++ arch/x86/kvm/svm.c | 23 +++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst index 52fca9e258dc..4dbcb22bcd55 100644 --- a/Documentation/virt/kvm/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/amd-memory-encryption.rst @@ -350,6 +350,14 @@ Returns: 0 on success, -negative on error __u32 trans_len; }; +15. KVM_SEV_RECEIVE_FINISH +------------------------ + +After completion of the migration flow, the KVM_SEV_RECEIVE_FINISH command can be +issued by the hypervisor to make the guest ready for execution. + +Returns: 0 on success, -negative on error + References ========== diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 907c59ca74ad..d86b02bece3a 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -7561,6 +7561,26 @@ static int sev_receive_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_receive_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_receive_finish *data; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_RECEIVE_FINISH, data, &argp->error); + + kfree(data); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -7617,6 +7637,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_RECEIVE_UPDATE_DATA: r = sev_receive_update_data(kvm, &sev_cmd); break; + case KVM_SEV_RECEIVE_FINISH: + r = sev_receive_finish(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; From patchwork Thu Feb 13 01:17:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11379551 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E98E2109A for ; Thu, 13 Feb 2020 01:17:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id BE654218AC for ; Thu, 13 Feb 2020 01:17:28 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="OCtPmtJU" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729438AbgBMBR0 (ORCPT ); Wed, 12 Feb 2020 20:17:26 -0500 Received: from mail-eopbgr690085.outbound.protection.outlook.com ([40.107.69.85]:13123 "EHLO NAM04-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729185AbgBMBR0 (ORCPT ); Wed, 12 Feb 2020 20:17:26 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VHmJIBSJqBOyialXDCUgKawhWOUIkHljemhLa5p0J5uvaPNQoe9ENWB0A/IRszCOSvZSOrNVgfUAqqAY3HxHvt1g6DadV66VpJoQBFauwxY7PZhWy/7F3jLOJ2tye7l8XM8tTdwdpL+/vlCN/cakxnRy8bJFHlvz1EIY8NHB/O+nFpYnsDBcVQmeCa4ichjygYDKwq5Q6XpM7+zIyL4S9ArJ4gb8VAPt8slXRqDEgk9aVxQ08/viNy9HOZBKJ583qeZ0nWoq39XzDCNQyPNxMp0u90yLtKr10mzMFtQM7Ny5E2s8Co3WyOiiPt+r+RLEgWkE0Aztj1xi8dXn0qrcjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=X+Iu2xmsUxsKWhuGI4SOjsMMel0pkApSe2TKFMkFuD0=; b=I9wFq2yHJXIrNvv/okv6GJbODXnA2zZVaJitzQ8BhN78a+7YZ1f/s8XMf0DQA7hBIEf9HMSx5bIkP1ZSBEUqW/LZqVahYyb45WUkRdgj09OvQw9FhqQUQfG696P3JM9BqCvuUwBfuEfx4qp8Q+4+Ve99UbS+SDqXIQFB2bV1vYD9V1izL6Nu6oEU1fEYaFySr9L7zj1CJm35P4yA244Kn6idAYaSPDmHy9wiVXn3G93xZ50GL+XKbe7wGTh29d6oythu/OFY8Yw2UhiKRAu9CTsi14Xvm8+dxlqYU20bSL5v/JMbj2m8rs9MeFziCZZUws5QUSOyp+29AechCht9YA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=X+Iu2xmsUxsKWhuGI4SOjsMMel0pkApSe2TKFMkFuD0=; b=OCtPmtJUNW8DTYRjrNWyn9aWo4f4QoP8ByUWBpqdlDtm995pGsfqzti0IhupRnBDrgyMMRt/dXn1QAkSPpzRqgwx5gj1KeETQPxKop8B3UV1UVxd38QHnftWlqx5tyA6JyTcg4OMO+TMmS0ELh+JLhBxGhBNBP/yRw61omskF3M= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Ashish.Kalra@amd.com; Received: from SN1PR12MB2528.namprd12.prod.outlook.com (52.132.196.33) by SN1PR12MB2366.namprd12.prod.outlook.com (52.132.194.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.22; Thu, 13 Feb 2020 01:17:23 +0000 Received: from SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1]) by SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1%7]) with mapi id 15.20.2707.030; Thu, 13 Feb 2020 01:17:23 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, rientjes@google.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 07/12] KVM: x86: Add AMD SEV specific Hypercall3 Date: Thu, 13 Feb 2020 01:17:13 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: DM6PR11CA0064.namprd11.prod.outlook.com (2603:10b6:5:14c::41) To SN1PR12MB2528.namprd12.prod.outlook.com (2603:10b6:802:28::33) MIME-Version: 1.0 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by DM6PR11CA0064.namprd11.prod.outlook.com (2603:10b6:5:14c::41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.23 via Frontend Transport; Thu, 13 Feb 2020 01:17:22 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [165.204.77.1] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 48ee5015-988a-4d3b-be5c-08d7b0227b12 X-MS-TrafficTypeDiagnostic: SN1PR12MB2366:|SN1PR12MB2366: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3513; X-Forefront-PRVS: 031257FE13 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4636009)(346002)(136003)(366004)(376002)(39860400002)(396003)(199004)(189003)(8936002)(5660300002)(66946007)(66476007)(66556008)(7416002)(2906002)(6916009)(6666004)(4326008)(7696005)(52116002)(316002)(36756003)(6486002)(86362001)(956004)(2616005)(81156014)(478600001)(8676002)(81166006)(26005)(16526019)(186003);DIR:OUT;SFP:1101;SCL:1;SRVR:SN1PR12MB2366;H:SN1PR12MB2528.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: +MOnGHb5X09+LQNXc5SnbMAjvp/kaOaoEEkv2CbzOxMxqbQaI0kAtewLFbjm06iieu3/whamauXR6bryB4xLZaOlwsd2ukmPqIoWaKrAIaop78GwsWaO6vju18WkuQYsL5oecVeE9a4KGlthttGDxl0EmwjGYCHJVMN/8+0a9LX+dzHJNj5OHKUnrY50F+kzzfuIQIFxnXXj3RBFDr/xoD+QXvkqqCqnURY46x3o4Gh8rQodqNX1eVarpA3Z4EBYfjYnfWuYTogzrtill00IkIHI+VdSup+KEqd+vHXwLK3kCYKJkoWipmbqoTY34g8pdfzuPFsfhBBL2Ez6hJG3S3MHzRbqkBAlvYO0qxQRiKdrKW3BUUG4CUKN4XFRjWsMgE40MAj2r+RitlCGB6AGNiVprNsWMkof1yejizhtWHvfSGtsi2BXCZal7HRFzwKj X-MS-Exchange-AntiSpam-MessageData: EYJCmYunl9xubg5LOdgzsnzgzKhDyHMiJ11E4kjq7l6NbkoOvSVpowqjFXmr3m+b+kUO3TWVcKXI3GJT/Go3ExNCPmO7Pp7XCPlV859wWzFwVVORWKR3fMF/FSMKWxy4fcZVvi2wuYw3n2RVQvUzLA== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 48ee5015-988a-4d3b-be5c-08d7b0227b12 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Feb 2020 01:17:23.7606 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: FaMAZnfsEHS+/z9hXFyxLiymz8CmXmbJYbpUe6c39f/lftCNCsU/Qtx921NIMK25f9RknIq2S5S3WURQNz8eJQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2366 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh KVM hypercall framework relies on alternative framework to patch the VMCALL -> VMMCALL on AMD platform. If a hypercall is made before apply_alternative() is called then it defaults to VMCALL. The approach works fine on non SEV guest. A VMCALL would causes #UD, and hypervisor will be able to decode the instruction and do the right things. But when SEV is active, guest memory is encrypted with guest key and hypervisor will not be able to decode the instruction bytes. Add SEV specific hypercall3, it unconditionally uses VMMCALL. The hypercall will be used by the SEV guest to notify encrypted pages to the hypervisor. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- arch/x86/include/asm/kvm_para.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/arch/x86/include/asm/kvm_para.h b/arch/x86/include/asm/kvm_para.h index 9b4df6eaa11a..6c09255633a4 100644 --- a/arch/x86/include/asm/kvm_para.h +++ b/arch/x86/include/asm/kvm_para.h @@ -84,6 +84,18 @@ static inline long kvm_hypercall4(unsigned int nr, unsigned long p1, return ret; } +static inline long kvm_sev_hypercall3(unsigned int nr, unsigned long p1, + unsigned long p2, unsigned long p3) +{ + long ret; + + asm volatile("vmmcall" + : "=a"(ret) + : "a"(nr), "b"(p1), "c"(p2), "d"(p3) + : "memory"); + return ret; +} + #ifdef CONFIG_KVM_GUEST bool kvm_para_available(void); unsigned int kvm_arch_para_features(void); From patchwork Thu Feb 13 01:17:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11379553 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 22AB5921 for ; Thu, 13 Feb 2020 01:17:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id E1A21217F4 for ; Thu, 13 Feb 2020 01:17:46 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="h2M7rZ9t" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729404AbgBMBRn (ORCPT ); Wed, 12 Feb 2020 20:17:43 -0500 Received: from mail-eopbgr680062.outbound.protection.outlook.com ([40.107.68.62]:29957 "EHLO NAM04-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729285AbgBMBRn (ORCPT ); Wed, 12 Feb 2020 20:17:43 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F1EEGwl6RXl+/HC+XOPlqeUSNci6zbQM447QDTWzFO/7Dva8KBOQqoL0jZisNVrwGPmEEubJqRsE/epw07DNn1VKKlL2ML3IFlDnKf4F7raQ6qFXp7jlZhy2dpJ61IF3MgB/b49f9HAS/NBK6ZFi4A1hpa1X6VbiCyj8UXOmptGQEBhNPbOox9sGwmf2M+JofDYSQiwu7jsTDU+IXmxz0jj9zNlYmOQX9aLAlx3+Wp5q3c0iwf8Mgmjs8x4XCD4A/OnYlRhOdWmTzvvqosAnjn9yIxVfqcDDoFti8YrIq7K9S/3didrCHxAvEGoYRX6ePATcd13ApC+qCeru/sTi9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9hg4VVmNf/f9F05KEgjZ0Vg7G8pbRgtMtRuDuAXi9XE=; b=dQrHa5Qg4DGXtd7L3S4dYe35Zm5I/MZlNpMfQDeS71PQos6jv4H/39Cjjdp7PCJlzt6nkKY22MsLjGc5uprIF75bor1gMksgxy9ersXeiCPMvulmT8Fg+pT7Pe+3CXajHArO3qNO/rZ6Qj0ZJ6CcXRljgfr/JDRvkmSVSBqs0k+fjVVK5Dtjoe3Iobiem2dWU4YsI4ExOkjGdLxomHCXU8IJHNL42BXsdJHD4/rFThncyU0Yq2CSZOxZbRHJnEl4h6DFa6PNdJl3Wp1JnesahLXbDh06l249zlWxfz/sk3cNOZW5sikXr4uhztzUzKuyjVqVTC+y/VVmeRTmvVwX/g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9hg4VVmNf/f9F05KEgjZ0Vg7G8pbRgtMtRuDuAXi9XE=; b=h2M7rZ9tkbjlh9IOkfikJe033qF8EZSXdt4G+iftc/d7h2L7LKKPYJY7NxSX9/GMj81TeoiP3xBXIJgHy0JO1DQ/iQYG+j2TIqjoja+UlkxYXzoobGAkq6TIS9eJtllJJlCGYRXkY45fqBDZx6Z14QyVhrTJa+seh8PNc6xSoKU= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Ashish.Kalra@amd.com; Received: from SN1PR12MB2528.namprd12.prod.outlook.com (52.132.196.33) by SN1PR12MB2366.namprd12.prod.outlook.com (52.132.194.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.22; Thu, 13 Feb 2020 01:17:39 +0000 Received: from SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1]) by SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1%7]) with mapi id 15.20.2707.030; Thu, 13 Feb 2020 01:17:39 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, rientjes@google.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 08/12] KVM: X86: Introduce KVM_HC_PAGE_ENC_STATUS hypercall Date: Thu, 13 Feb 2020 01:17:29 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: DM6PR11CA0067.namprd11.prod.outlook.com (2603:10b6:5:14c::44) To SN1PR12MB2528.namprd12.prod.outlook.com (2603:10b6:802:28::33) MIME-Version: 1.0 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by DM6PR11CA0067.namprd11.prod.outlook.com (2603:10b6:5:14c::44) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.22 via Frontend Transport; Thu, 13 Feb 2020 01:17:38 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [165.204.77.1] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: d971251c-1855-4793-e0b0-08d7b0228481 X-MS-TrafficTypeDiagnostic: SN1PR12MB2366:|SN1PR12MB2366: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:323; X-Forefront-PRVS: 031257FE13 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4636009)(346002)(136003)(366004)(376002)(39860400002)(396003)(199004)(189003)(8936002)(5660300002)(66946007)(66476007)(66556008)(7416002)(2906002)(6916009)(6666004)(4326008)(7696005)(52116002)(316002)(36756003)(66574012)(6486002)(86362001)(956004)(2616005)(81156014)(478600001)(8676002)(81166006)(26005)(16526019)(186003);DIR:OUT;SFP:1101;SCL:1;SRVR:SN1PR12MB2366;H:SN1PR12MB2528.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: eArWVNBPKeN2n9HIZTuk3aG2GRIKJx+bdFSyKj+rLkqz0rRsHeiKpwo5ofj8FsavKVJxRVfjmpUS6UP0Iv3nFZ12SUPzK77HPapeyjy6r1pEpm4/MFiIE0Z3fQfm3dEWRzs32XqoU46G1whsvH5Xj5wBjpEEFkMWIU1C0xQqW1t7043zCTQ1lICAYK6nQsK5REtDpxqz2QAy6XmOaZo+P9SCP0IuJddig/I7SBB6XL+sQcy2+oSL7w6imD3m312wrvNPNtdf4bwwIVAiu4RaAvWQanAyB56WLroRYV1xHUgeY0i8VlX/jr1WtkTuMyBrNt3v8UsNbvsVoi4ZTHAVoYov6coH67VCjRPzxKm9RoP8+EvszNAsdlVWoInsDAM6CsYuqNuPWyOLCXkLjio7KWH06xbZW5kFJGvrK/yfYmFK1pCyb8Fv7BDZrmGsI+sg X-MS-Exchange-AntiSpam-MessageData: yWGV9dKkglVUyLrqXgazT28+GrwWk+43Mzfr1IiDbJqKAWRr5OVaZ1oSfvlWH+nYyXaY4OXFvO2b7Gm99zQOsKlYiPAXQ9+hctHhd0fZWmOlH0WNp+4juLytMKCTQVzkQuoZ3lcB+1JtYbuMrtsHXg== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: d971251c-1855-4793-e0b0-08d7b0228481 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Feb 2020 01:17:39.5914 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: IiPm7I14DsX60em4xSOsKD75Jf5ch0a0jUeoUp7OyUVEVoP5RRVw3m/nsC5l61k3jF+yZZ3gIQOtl6YAvlF8Xg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2366 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh This hypercall is used by the SEV guest to notify a change in the page encryption status to the hypervisor. The hypercall should be invoked only when the encryption attribute is changed from encrypted -> decrypted and vice versa. By default all guest pages are considered encrypted. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- Documentation/virt/kvm/hypercalls.txt | 14 ++++ arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kvm/svm.c | 94 +++++++++++++++++++++++++++ arch/x86/kvm/vmx/vmx.c | 1 + arch/x86/kvm/x86.c | 6 ++ include/uapi/linux/kvm_para.h | 1 + 6 files changed, 118 insertions(+) diff --git a/Documentation/virt/kvm/hypercalls.txt b/Documentation/virt/kvm/hypercalls.txt index 5f6d291bd004..8ff0e4adcb13 100644 --- a/Documentation/virt/kvm/hypercalls.txt +++ b/Documentation/virt/kvm/hypercalls.txt @@ -152,3 +152,17 @@ a0: destination APIC ID Usage example: When sending a call-function IPI-many to vCPUs, yield if any of the IPI target vCPUs was preempted. + +8. KVM_HC_PAGE_ENC_STATUS +------------------------- +Architecture: x86 +Status: active +Purpose: Notify the encryption status changes in guest page table (SEV guest) + +a0: the guest physical address of the start page +a1: the number of pages +a2: encryption attribute + + Where: + * 1: Encryption attribute is set + * 0: Encryption attribute is cleared diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 4dffbc10d3f8..4ae7293033b2 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1256,6 +1256,8 @@ struct kvm_x86_ops { bool (*apic_init_signal_blocked)(struct kvm_vcpu *vcpu); int (*enable_direct_tlbflush)(struct kvm_vcpu *vcpu); + int (*page_enc_status_hc)(struct kvm *kvm, unsigned long gpa, + unsigned long sz, unsigned long mode); }; struct kvm_arch_async_pf { diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index d86b02bece3a..f09791109075 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -134,6 +134,8 @@ struct kvm_sev_info { int fd; /* SEV device fd */ unsigned long pages_locked; /* Number of pages locked */ struct list_head regions_list; /* List of registered regions */ + unsigned long *page_enc_bmap; + unsigned long page_enc_bmap_size; }; struct kvm_svm { @@ -1992,6 +1994,9 @@ static void sev_vm_destroy(struct kvm *kvm) sev_unbind_asid(kvm, sev->handle); sev_asid_free(sev->asid); + + kvfree(sev->page_enc_bmap); + sev->page_enc_bmap = NULL; } static void avic_vm_destroy(struct kvm *kvm) @@ -7581,6 +7586,93 @@ static int sev_receive_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_resize_page_enc_bitmap(struct kvm *kvm, unsigned long new_size) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + unsigned long *map; + unsigned long sz; + + if (sev->page_enc_bmap_size >= new_size) + return 0; + + sz = ALIGN(new_size, BITS_PER_LONG) / 8; + + map = vmalloc(sz); + if (!map) { + pr_err_once("Failed to allocate encrypted bitmap size %lx\n", + sz); + return -ENOMEM; + } + + /* mark the page encrypted (by default) */ + memset(map, 0xff, sz); + + bitmap_copy(map, sev->page_enc_bmap, sev->page_enc_bmap_size); + kvfree(sev->page_enc_bmap); + + sev->page_enc_bmap = map; + sev->page_enc_bmap_size = new_size; + + return 0; +} + +static int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, + unsigned long npages, unsigned long enc) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + gfn_t gfn_start, gfn_end; + int ret; + + if (!sev_guest(kvm)) + return -EINVAL; + + if (!npages) + return 0; + + gfn_start = gpa_to_gfn(gpa); + gfn_end = gfn_start + npages; + + /* out of bound access error check */ + if (gfn_end <= gfn_start) + return -EINVAL; + + /* lets make sure that gpa exist in our memslot */ + pfn_start = gfn_to_pfn(kvm, gfn_start); + pfn_end = gfn_to_pfn(kvm, gfn_end); + + if (is_error_noslot_pfn(pfn_start) && !is_noslot_pfn(pfn_start)) { + /* + * Allow guest MMIO range(s) to be added + * to the page encryption bitmap. + */ + return -EINVAL; + } + + if (is_error_noslot_pfn(pfn_end) && !is_noslot_pfn(pfn_end)) { + /* + * Allow guest MMIO range(s) to be added + * to the page encryption bitmap. + */ + return -EINVAL; + } + + mutex_lock(&kvm->lock); + ret = sev_resize_page_enc_bitmap(kvm, gfn_end); + if (ret) + goto unlock; + + if (enc) + __bitmap_set(sev->page_enc_bmap, gfn_start, + gfn_end - gfn_start); + else + __bitmap_clear(sev->page_enc_bmap, gfn_start, + gfn_end - gfn_start); + +unlock: + mutex_unlock(&kvm->lock); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -7972,6 +8064,8 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = { .need_emulation_on_page_fault = svm_need_emulation_on_page_fault, .apic_init_signal_blocked = svm_apic_init_signal_blocked, + + .page_enc_status_hc = svm_page_enc_status_hc, }; static int __init svm_init(void) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 9a6664886f2e..7963f2979fdf 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7879,6 +7879,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = { .nested_get_evmcs_version = NULL, .need_emulation_on_page_fault = vmx_need_emulation_on_page_fault, .apic_init_signal_blocked = vmx_apic_init_signal_blocked, + .page_enc_status_hc = NULL, }; static void vmx_cleanup_l1d_flush(void) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index fbabb2f06273..298627fa3d39 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -7547,6 +7547,12 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu) kvm_sched_yield(vcpu->kvm, a0); ret = 0; break; + case KVM_HC_PAGE_ENC_STATUS: + ret = -KVM_ENOSYS; + if (kvm_x86_ops->page_enc_status_hc) + ret = kvm_x86_ops->page_enc_status_hc(vcpu->kvm, + a0, a1, a2); + break; default: ret = -KVM_ENOSYS; break; diff --git a/include/uapi/linux/kvm_para.h b/include/uapi/linux/kvm_para.h index 8b86609849b9..847b83b75dc8 100644 --- a/include/uapi/linux/kvm_para.h +++ b/include/uapi/linux/kvm_para.h @@ -29,6 +29,7 @@ #define KVM_HC_CLOCK_PAIRING 9 #define KVM_HC_SEND_IPI 10 #define KVM_HC_SCHED_YIELD 11 +#define KVM_HC_PAGE_ENC_STATUS 12 /* * hypercalls use architecture specific From patchwork Thu Feb 13 01:17:45 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11379557 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 39739921 for ; Thu, 13 Feb 2020 01:18:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 05C76217F4 for ; Thu, 13 Feb 2020 01:18:01 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="tRNKSoZh" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729515AbgBMBR6 (ORCPT ); Wed, 12 Feb 2020 20:17:58 -0500 Received: from mail-eopbgr690088.outbound.protection.outlook.com ([40.107.69.88]:17888 "EHLO NAM04-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729413AbgBMBR5 (ORCPT ); Wed, 12 Feb 2020 20:17:57 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cybsCZ1xxSLKFs5hNZoeOvGh/AfEXOnZffdW4mPOFXCvDZrIjR9IGuwPLjcmGvHvlBBgHRQyvew25QVeHxmPTHTN0Q6d3Ty96/wT0ePwi5viZTVRIFcu16uoWt2E5EB6iwQWzqcMxnn82y3NvMSWesu0sZ8DACVvjgSZbnHQ3VDhBE/3JGZ4T4kEHTXhS9/n6ITy5nl6Ds0z1A/6GmPgUpx1q3/jxa45gkgu3TucIpK1ebPSJ1vEzPHT9NlfWys3Ev8ZS+RTFRThD/naKw1Vj29Jl+xen0T4AZFKaQW5GVjpjlRiwPUoMHh0lBuzc2dhNwSiscgyApk9M0pScZmWrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qHxnM+bs6KpDAU/8+Q5i66FL7s4ujhpIJyoT7p2lz4U=; b=Z1wjN6qwEYFwURHEe8B8H/V05Kko5J5SPdK3az87ip7ZEOrhDwl+OVTdvkcmZXyjzAVrYwdVdAqHTxxsYveUWkd7WTud0PnPeOq9lIXZQ/yDSwEKp3CbMjcOhylIWZ4++50HV8XOe1wckhDOV2tBhv4WR6ld1zyNaJRQfTJbHiVWQqn0Yh+L6//agQPYBxw2EFGWMYd662dGreOR8bOkC+kYctgucB2KcCPJnpNmBpY9wKGngeyNgVpixfOG8csi+udBiCAmDYGkwp1AUJu9vjkZhwtuehCScxWNXr3V2UkbKTO9Uh2zPanp9Zyw5rr9Pjo262UYCMfqIvwis61Ztg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qHxnM+bs6KpDAU/8+Q5i66FL7s4ujhpIJyoT7p2lz4U=; b=tRNKSoZhIo05JrccClSypCmuvw2T6AnQokx9psnz6Gq+yhW3XKuF5WNH2nKdJMVEjLBKH7j9racTBYjgbisi238oPQOP0bdN3i9l/VlLhxnuXRWP17Iur0Ib378Y69oyCI31sBJtIPBeRdoI1gScDDFUiM++EftapLv1kCc4WYU= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Ashish.Kalra@amd.com; Received: from SN1PR12MB2528.namprd12.prod.outlook.com (52.132.196.33) by SN1PR12MB2366.namprd12.prod.outlook.com (52.132.194.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.22; Thu, 13 Feb 2020 01:17:55 +0000 Received: from SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1]) by SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1%7]) with mapi id 15.20.2707.030; Thu, 13 Feb 2020 01:17:54 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, rientjes@google.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 09/12] KVM: x86: Introduce KVM_GET_PAGE_ENC_BITMAP ioctl Date: Thu, 13 Feb 2020 01:17:45 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: DM6PR11CA0071.namprd11.prod.outlook.com (2603:10b6:5:14c::48) To SN1PR12MB2528.namprd12.prod.outlook.com (2603:10b6:802:28::33) MIME-Version: 1.0 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by DM6PR11CA0071.namprd11.prod.outlook.com (2603:10b6:5:14c::48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.22 via Frontend Transport; Thu, 13 Feb 2020 01:17:53 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [165.204.77.1] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 0756dadc-175b-4c8d-1eb8-08d7b0228d9f X-MS-TrafficTypeDiagnostic: SN1PR12MB2366:|SN1PR12MB2366: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2582; X-Forefront-PRVS: 031257FE13 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4636009)(346002)(136003)(366004)(376002)(39860400002)(396003)(199004)(189003)(8936002)(5660300002)(66946007)(66476007)(66556008)(7416002)(2906002)(6916009)(6666004)(4326008)(7696005)(52116002)(316002)(36756003)(66574012)(6486002)(86362001)(956004)(2616005)(81156014)(478600001)(8676002)(81166006)(26005)(16526019)(186003);DIR:OUT;SFP:1101;SCL:1;SRVR:SN1PR12MB2366;H:SN1PR12MB2528.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: N0pq7GkVxtzVbLa3T5JO62mmqItNzCiYGG8KMlmr8N5jhr2Kosv09otNH1ycmSZBkXJYRzym+7/YNgBPuwyyryocnrmRQMvISgKBB5LsLG4hyw5XsAWvoiuP/7hdsnPCY/wBgI0tHZGnmiBlOHzFaE5rwn5pxsjKUlWrxZuJm3+pkfitmAw9TvAf6ntcR7qN4H+eG+TXP422sBDDs8uRUQdWmN8zFsgxul4xNy5VMCivLzC8FEpN3Qs7z/YuQG5sx8IzRe0uqt3BzvDydQI956D3lmJBao1ryN5aGwhdm/1LDwpPd5nLDq8fAczRjwHOpyEtRlEySMvsPQi/BRoNcMsmOSxC8T1K9fr8t9rbEjhc0d8xqYigaXSX9c8xfnx+qf/KQpnaXNjfvcZSrtnvovbV4aW72KKlBlW6th7zhSkkFEc8iesnr76Ka2d7B4Zl X-MS-Exchange-AntiSpam-MessageData: MV8cacVMqtdXyVfnevQYgscbLu9CqusvEv/CQPnb3HeLWGy+6ofYZNmjrKA8NjD1o0JYU6IZYKdt9o/ZPV2FwGPiSN2tOwRh4Ii/dqZ+U1opGjK5uL4F8VOgvKYNoDv5RkCHPjekz1z7GgX3QejgkA== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0756dadc-175b-4c8d-1eb8-08d7b0228d9f X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Feb 2020 01:17:54.8786 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: egt25R6PkDAgHu2h9nWgtMBIJEdtthG+FoPwwGI+9c7i39mckYEEvIy8QB8i/3NfthwGouD9wquLosOU6juBhQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2366 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The ioctl can be used to retrieve page encryption bitmap for a given gfn range. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- Documentation/virt/kvm/api.txt | 27 +++++++++++++++++++++ arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/svm.c | 43 +++++++++++++++++++++++++++++++++ arch/x86/kvm/x86.c | 12 +++++++++ include/uapi/linux/kvm.h | 12 +++++++++ 5 files changed, 96 insertions(+) diff --git a/Documentation/virt/kvm/api.txt b/Documentation/virt/kvm/api.txt index c6e1ce5d40de..053aecfabe74 100644 --- a/Documentation/virt/kvm/api.txt +++ b/Documentation/virt/kvm/api.txt @@ -4213,6 +4213,33 @@ the clear cpu reset definition in the POP. However, the cpu is not put into ESA mode. This reset is a superset of the initial reset. +4.120 KVM_GET_PAGE_ENC_BITMAP (vm ioctl) + +Capability: basic +Architectures: x86 +Type: vm ioctl +Parameters: struct kvm_page_enc_bitmap (in/out) +Returns: 0 on success, -1 on error + +/* for KVM_GET_PAGE_ENC_BITMAP */ +struct kvm_page_enc_bitmap { + __u64 start_gfn; + __u64 num_pages; + union { + void __user *enc_bitmap; /* one bit per page */ + __u64 padding2; + }; +}; + +The encrypted VMs have concept of private and shared pages. The private +page is encrypted with the guest-specific key, while shared page may +be encrypted with the hypervisor key. The KVM_GET_PAGE_ENC_BITMAP can +be used to get the bitmap indicating whether the guest page is private +or shared. The bitmap can be used during the guest migration, if the page +is private then userspace need to use SEV migration commands to transmit +the page. + + 5. The kvm_run structure ------------------------ diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 4ae7293033b2..a6882c5214b4 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1258,6 +1258,8 @@ struct kvm_x86_ops { int (*enable_direct_tlbflush)(struct kvm_vcpu *vcpu); int (*page_enc_status_hc)(struct kvm *kvm, unsigned long gpa, unsigned long sz, unsigned long mode); + int (*get_page_enc_bitmap)(struct kvm *kvm, + struct kvm_page_enc_bitmap *bmap); }; struct kvm_arch_async_pf { diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index f09791109075..f1c8806a97c6 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -7673,6 +7673,48 @@ static int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, return ret; } +static int svm_get_page_enc_bitmap(struct kvm *kvm, + struct kvm_page_enc_bitmap *bmap) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + unsigned long gfn_start, gfn_end; + unsigned long *bitmap; + unsigned long sz, i; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + gfn_start = bmap->start_gfn; + gfn_end = gfn_start + bmap->num_pages; + + sz = ALIGN(bmap->num_pages, BITS_PER_LONG) / 8; + bitmap = kmalloc(sz, GFP_KERNEL); + if (!bitmap) + return -ENOMEM; + + /* by default all pages are marked encrypted */ + memset(bitmap, 0xff, sz); + + mutex_lock(&kvm->lock); + if (sev->page_enc_bmap) { + i = gfn_start; + for_each_clear_bit_from(i, sev->page_enc_bmap, + min(sev->page_enc_bmap_size, gfn_end)) + clear_bit(i - gfn_start, bitmap); + } + mutex_unlock(&kvm->lock); + + ret = -EFAULT; + if (copy_to_user(bmap->enc_bitmap, bitmap, sz)) + goto out; + + ret = 0; +out: + kfree(bitmap); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -8066,6 +8108,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = { .apic_init_signal_blocked = svm_apic_init_signal_blocked, .page_enc_status_hc = svm_page_enc_status_hc, + .get_page_enc_bitmap = svm_get_page_enc_bitmap, }; static int __init svm_init(void) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 298627fa3d39..e955f886ee17 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -5213,6 +5213,18 @@ long kvm_arch_vm_ioctl(struct file *filp, case KVM_SET_PMU_EVENT_FILTER: r = kvm_vm_ioctl_set_pmu_event_filter(kvm, argp); break; + case KVM_GET_PAGE_ENC_BITMAP: { + struct kvm_page_enc_bitmap bitmap; + + r = -EFAULT; + if (copy_from_user(&bitmap, argp, sizeof(bitmap))) + goto out; + + r = -ENOTTY; + if (kvm_x86_ops->get_page_enc_bitmap) + r = kvm_x86_ops->get_page_enc_bitmap(kvm, &bitmap); + break; + } default: r = -ENOTTY; } diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 4e80c57a3182..9377b26c5f4e 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -500,6 +500,16 @@ struct kvm_dirty_log { }; }; +/* for KVM_GET_PAGE_ENC_BITMAP */ +struct kvm_page_enc_bitmap { + __u64 start_gfn; + __u64 num_pages; + union { + void __user *enc_bitmap; /* one bit per page */ + __u64 padding2; + }; +}; + /* for KVM_CLEAR_DIRTY_LOG */ struct kvm_clear_dirty_log { __u32 slot; @@ -1478,6 +1488,8 @@ struct kvm_enc_region { #define KVM_S390_NORMAL_RESET _IO(KVMIO, 0xc3) #define KVM_S390_CLEAR_RESET _IO(KVMIO, 0xc4) +#define KVM_GET_PAGE_ENC_BITMAP _IOW(KVMIO, 0xc2, struct kvm_page_enc_bitmap) + /* Secure Encrypted Virtualization command */ enum sev_cmd_id { /* Guest initialization commands */ From patchwork Thu Feb 13 01:18:01 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11379559 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 169F7921 for ; Thu, 13 Feb 2020 01:18:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id D356E218AC for ; Thu, 13 Feb 2020 01:18:16 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="a6iJUOjB" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729448AbgBMBSN (ORCPT ); Wed, 12 Feb 2020 20:18:13 -0500 Received: from mail-eopbgr690062.outbound.protection.outlook.com ([40.107.69.62]:33346 "EHLO NAM04-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729406AbgBMBSN (ORCPT ); Wed, 12 Feb 2020 20:18:13 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NR7McuTm2X0SXr7mnuDDIIKfSoAQq2cPGINJrVgvNvI+0joc/aHMIL3WbsdstiSuCdVsvEkSJD5RSKjutAKE+ZGFf5zam/un+SjPK7PGR5/tN36KgndBDgXbIdTD6HD+iWpsaCsNoDZpFcNR0PBv8FYzuETX/VopmHwBts0E5NYlx62qj4aO4TeG8PBedjgoVwLisTURWda7E7ReqOy5YFHdCPNFzwZwGGKZRobrl3vL/DlW7v+ux0I0W6ENkl/FdxY2R6ADYoo9YcZDQG6BAACVQ6Ayh1pGNQptcx7aUVfu11BSpL46G9SC5C3q143JjAH/r04jTOD+xyfdD9Qgmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GPMvzJiqgsSpBBGiQ6apc66YyDCF3wZx6csWONfJg4I=; b=cCT6CKvwt/dcCq2hSdLkqRBhQDoZiq2qkbmMtZNwf+MsbfVrpTaWGXvQ+meDnGsIRSlJccnU8u8EE/s6yaBuEw+PG4iBuk2ZykdvcIBfxCj7K7/rRfW3nzCELBg1+9HaaFxAl7E731CRPnLGlcfunvqnbv9QD8fWYDG/e5mDw/XAOLiMipZXDIllZYYV2asiAWntLId/SWL9CmsWUS+JbMp/bGsqkSapQ4ML2JbOWs7DyJ7/p6Ful4/Nf0QoJhTRqnL3wb+hjquniay9ebz4hvvBU138XOwXoUkEG9dtEe/PR4GwkuajnP8rM30JxTPcSuC93cFqhA1OS4TkfVr0WQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GPMvzJiqgsSpBBGiQ6apc66YyDCF3wZx6csWONfJg4I=; b=a6iJUOjBZyPT0Wesq32bgjZdpWqMrEghmEegYRhGY9uE6qDkaCoNfL3AvvjPqBkPS/p9/0ypMSI7+PfOpoE5CgqHtJzpvgZl390dxI+iYJ7u1crnVmjOhKXQHGN65hNupcrTT/wCxV9UBTYH+2YBKcp412Ll2XHiDxa2efxowd0= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Ashish.Kalra@amd.com; Received: from SN1PR12MB2528.namprd12.prod.outlook.com (52.132.196.33) by SN1PR12MB2366.namprd12.prod.outlook.com (52.132.194.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.22; Thu, 13 Feb 2020 01:18:09 +0000 Received: from SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1]) by SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1%7]) with mapi id 15.20.2707.030; Thu, 13 Feb 2020 01:18:09 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, rientjes@google.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 10/12] mm: x86: Invoke hypercall when page encryption status is changed Date: Thu, 13 Feb 2020 01:18:01 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SN2PR01CA0082.prod.exchangelabs.com (2603:10b6:800::50) To SN1PR12MB2528.namprd12.prod.outlook.com (2603:10b6:802:28::33) MIME-Version: 1.0 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN2PR01CA0082.prod.exchangelabs.com (2603:10b6:800::50) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.22 via Frontend Transport; Thu, 13 Feb 2020 01:18:09 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [165.204.77.1] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: cac6df95-43dc-4f0a-00be-08d7b0229651 X-MS-TrafficTypeDiagnostic: SN1PR12MB2366:|SN1PR12MB2366: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5516; X-Forefront-PRVS: 031257FE13 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4636009)(346002)(136003)(366004)(376002)(39860400002)(396003)(199004)(189003)(8936002)(5660300002)(66946007)(66476007)(66556008)(7416002)(2906002)(6916009)(6666004)(4326008)(7696005)(52116002)(316002)(36756003)(66574012)(6486002)(86362001)(956004)(2616005)(81156014)(478600001)(8676002)(81166006)(26005)(16526019)(186003);DIR:OUT;SFP:1101;SCL:1;SRVR:SN1PR12MB2366;H:SN1PR12MB2528.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: mKBPl7exwvR5ly9urIVeteEX8P5qtpJWDcElMZRL6kqAh2RIdIGNC8hPCwRsa4HIgQX7ZXRFKLopNjH6tBYMRN4H0JoiJZ0hjZQ8mvgfq1XowhnW9Rs6PxaYcYSg8wVXievizH0UjbRRQfPceLj1jEcjkOJNLEdpAr7kchpJB5INNuOHGcRU1iitwyJwe7c+9xH5Hq8WQ70cY05WrGSMlTDLP3ZTfMLBVFJk7X5KJaRBNtXM4i7fttV38u6BO16UXxw890v/b3ZjaIo8vHs3JV/K5WJ9345VFetIv4PN7b29yADM8wjCwPdUqhlFsYpGUkCIioHEB9gAPje55YxurfPs4Zd3EVxz3AStgHh+3TC7y9tpNzLNLawWO47hcwKqhSVSOD+WLxrmi+znC8X0I/Dn6/cdi8OwZ44/2/hPE59xIK4E1U1fTcAh5Jo4Tj5l X-MS-Exchange-AntiSpam-MessageData: LiwdKbKxy98PzOkq3uURo4MSkrfYVLUbip6KBG1ZvF/mNdaa6uOZs+PIfBczogj4hVstwba0Dv7+3XVdgzGpQa/6X+iLzu/5zffihZnx3V6pyokItOU8TnJOG4NaZjUaqboCPdZWh5kTra0wdsIetQ== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: cac6df95-43dc-4f0a-00be-08d7b0229651 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Feb 2020 01:18:09.4501 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: L/JV5hXaZGsupNgTuN/h1cGqj+T7Y0VJYlp9lgegmYvLC8yE+S+jKa8aXXoWpYavPc0e8bDgTy9iTzQs71/xBg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2366 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh Invoke a hypercall when a memory region is changed from encrypted -> decrypted and vice versa. Hypervisor need to know the page encryption status during the guest migration. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- arch/x86/include/asm/paravirt.h | 6 +++ arch/x86/include/asm/paravirt_types.h | 2 + arch/x86/kernel/paravirt.c | 1 + arch/x86/mm/mem_encrypt.c | 57 ++++++++++++++++++++++++++- arch/x86/mm/pat/set_memory.c | 7 ++++ 5 files changed, 72 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h index 86e7317eb31f..407104613b06 100644 --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h @@ -78,6 +78,12 @@ static inline void paravirt_arch_exit_mmap(struct mm_struct *mm) PVOP_VCALL1(mmu.exit_mmap, mm); } +static inline void page_encryption_changed(unsigned long vaddr, int npages, + bool enc) +{ + PVOP_VCALL3(mmu.page_encryption_changed, vaddr, npages, enc); +} + #ifdef CONFIG_PARAVIRT_XXL static inline void load_sp0(unsigned long sp0) { diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h index 84812964d3dd..5ff03ac9a5f8 100644 --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h @@ -211,6 +211,8 @@ struct pv_mmu_ops { /* Hook for intercepting the destruction of an mm_struct. */ void (*exit_mmap)(struct mm_struct *mm); + void (*page_encryption_changed)(unsigned long vaddr, int npages, + bool enc); #ifdef CONFIG_PARAVIRT_XXL struct paravirt_callee_save read_cr2; diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c index 789f5e4f89de..8953447f327c 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -362,6 +362,7 @@ struct paravirt_patch_template pv_ops = { (void (*)(struct mmu_gather *, void *))tlb_remove_page, .mmu.exit_mmap = paravirt_nop, + .mmu.page_encryption_changed = paravirt_nop, #ifdef CONFIG_PARAVIRT_XXL .mmu.read_cr2 = __PV_IS_CALLEE_SAVE(native_read_cr2), diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index f4bd4b431ba1..c9800fa811f6 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include @@ -29,6 +30,7 @@ #include #include #include +#include #include "mm_internal.h" @@ -196,6 +198,47 @@ void __init sme_early_init(void) swiotlb_force = SWIOTLB_FORCE; } +static void set_memory_enc_dec_hypercall(unsigned long vaddr, int npages, + bool enc) +{ + unsigned long sz = npages << PAGE_SHIFT; + unsigned long vaddr_end, vaddr_next; + + vaddr_end = vaddr + sz; + + for (; vaddr < vaddr_end; vaddr = vaddr_next) { + int psize, pmask, level; + unsigned long pfn; + pte_t *kpte; + + kpte = lookup_address(vaddr, &level); + if (!kpte || pte_none(*kpte)) + return; + + switch (level) { + case PG_LEVEL_4K: + pfn = pte_pfn(*kpte); + break; + case PG_LEVEL_2M: + pfn = pmd_pfn(*(pmd_t *)kpte); + break; + case PG_LEVEL_1G: + pfn = pud_pfn(*(pud_t *)kpte); + break; + default: + return; + } + + psize = page_level_size(level); + pmask = page_level_mask(level); + + kvm_sev_hypercall3(KVM_HC_PAGE_ENC_STATUS, + pfn << PAGE_SHIFT, psize >> PAGE_SHIFT, enc); + + vaddr_next = (vaddr & pmask) + psize; + } +} + static void __init __set_clr_pte_enc(pte_t *kpte, int level, bool enc) { pgprot_t old_prot, new_prot; @@ -253,12 +296,13 @@ static void __init __set_clr_pte_enc(pte_t *kpte, int level, bool enc) static int __init early_set_memory_enc_dec(unsigned long vaddr, unsigned long size, bool enc) { - unsigned long vaddr_end, vaddr_next; + unsigned long vaddr_end, vaddr_next, start; unsigned long psize, pmask; int split_page_size_mask; int level, ret; pte_t *kpte; + start = vaddr; vaddr_next = vaddr; vaddr_end = vaddr + size; @@ -313,6 +357,8 @@ static int __init early_set_memory_enc_dec(unsigned long vaddr, ret = 0; + set_memory_enc_dec_hypercall(start, PAGE_ALIGN(size) >> PAGE_SHIFT, + enc); out: __flush_tlb_all(); return ret; @@ -451,6 +497,15 @@ void __init mem_encrypt_init(void) if (sev_active()) static_branch_enable(&sev_enable_key); +#ifdef CONFIG_PARAVIRT + /* + * With SEV, we need to make a hypercall when page encryption state is + * changed. + */ + if (sev_active()) + pv_ops.mmu.page_encryption_changed = set_memory_enc_dec_hypercall; +#endif + pr_info("AMD %s active\n", sev_active() ? "Secure Encrypted Virtualization (SEV)" : "Secure Memory Encryption (SME)"); diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c index c4aedd00c1ba..86b7804129fc 100644 --- a/arch/x86/mm/pat/set_memory.c +++ b/arch/x86/mm/pat/set_memory.c @@ -26,6 +26,7 @@ #include #include #include +#include #include "../mm_internal.h" @@ -1987,6 +1988,12 @@ static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc) */ cpa_flush(&cpa, 0); + /* Notify hypervisor that a given memory range is mapped encrypted + * or decrypted. The hypervisor will use this information during the + * VM migration. + */ + page_encryption_changed(addr, numpages, enc); + return ret; } From patchwork Thu Feb 13 01:18:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11379561 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C488C921 for ; Thu, 13 Feb 2020 01:18:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 90A4621734 for ; Thu, 13 Feb 2020 01:18:31 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="lHihTi/+" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729407AbgBMBS1 (ORCPT ); Wed, 12 Feb 2020 20:18:27 -0500 Received: from mail-eopbgr680063.outbound.protection.outlook.com ([40.107.68.63]:21351 "EHLO NAM04-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729406AbgBMBS1 (ORCPT ); Wed, 12 Feb 2020 20:18:27 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hCKkN7i+eHbuAMFXnZRxgam0yHvYdX68fpGnGiq4wwAKFgOK6hx1FILlhbaaiI+QgxcLXCG+BLnH74q1nuf+piiNAEVl4PGTw5JKGjhEox7H8te3EWHWKj1AEpddkbGkAoGphjK2N0nuj/dIa8glosb/VNf+D3GVt+N3SLXdqjsc9EtZX2zQmSNxnxsgwpuSPjzhJ0rvD2d8gyO25VqUehlARs4M3B97EPcwZ9xOAWcwyH5vSw5YoRh/YKhgY7G9asFCR40PKlFTVDN2h4hXeGdlXKQ/UsdkpC4yJ2IrIrcHVNqDL9Iu9BsYpc3bT7eTB5C3SI2i40au2G1a+3tMdA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0e2OOOGS4uzuP8PKCCU9X70EtGN1XdBeQMH/uQys93g=; b=lx2mPAqU/GqbVchQ0EGd2vD9bySp3x+s1LVdzyF8MXesnD7AgGsKa61ZT6dMNvBZYuRbti6Ik3bYiRzaIOxTYPnrCn9fxMFul7aBnsszQil6GXs4wF/81/aH6EwDDhXIzMI/xuOHsLtYXlrUKnX29SrymXC+MeOptTbkZU6+mgFT7YE3zyha1l7bfIPvnZsI/HrxgzIcoUAdtHs+k7l/RJvfBrrGlfj0ET/OQJC9bBiyPcVRCVhy2W6HNiXKcstaKcU4qVZwetqTC5SGLh4n8x8AH0B8pdZt05014W/AEshBGnTIwb0LMM24b9qL1nTUQA3P+yPlZwWEsUVby/7mDg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0e2OOOGS4uzuP8PKCCU9X70EtGN1XdBeQMH/uQys93g=; b=lHihTi/+Z1dLtsVBUCHO8cDORRXWjUm3Wnoh2+yYeqltusNr9UignlBVpxFxbfHjRJDVbJq1W0J4kptQQ1nLT+w/KSeqwd+l2gxJHmdB+HIh05m9lNgxJ5cT1RswzwgyxploMaO9rCbW/0ggkBdSvqkSMGlLZSI1hcrzfebTedQ= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Ashish.Kalra@amd.com; Received: from SN1PR12MB2528.namprd12.prod.outlook.com (52.132.196.33) by SN1PR12MB2366.namprd12.prod.outlook.com (52.132.194.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.22; Thu, 13 Feb 2020 01:18:23 +0000 Received: from SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1]) by SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1%7]) with mapi id 15.20.2707.030; Thu, 13 Feb 2020 01:18:23 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, rientjes@google.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 11/12] KVM: x86: Introduce KVM_SET_PAGE_ENC_BITMAP ioctl Date: Thu, 13 Feb 2020 01:18:14 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SN2PR01CA0043.prod.exchangelabs.com (2603:10b6:800::11) To SN1PR12MB2528.namprd12.prod.outlook.com (2603:10b6:802:28::33) MIME-Version: 1.0 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN2PR01CA0043.prod.exchangelabs.com (2603:10b6:800::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.22 via Frontend Transport; Thu, 13 Feb 2020 01:18:23 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [165.204.77.1] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 10b2c5d4-3c29-4b73-fdc7-08d7b0229eb9 X-MS-TrafficTypeDiagnostic: SN1PR12MB2366:|SN1PR12MB2366: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4303; X-Forefront-PRVS: 031257FE13 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4636009)(346002)(136003)(366004)(376002)(39860400002)(396003)(199004)(189003)(8936002)(5660300002)(66946007)(66476007)(66556008)(7416002)(2906002)(6916009)(6666004)(4326008)(7696005)(52116002)(316002)(36756003)(66574012)(6486002)(86362001)(956004)(2616005)(81156014)(478600001)(8676002)(81166006)(26005)(16526019)(186003);DIR:OUT;SFP:1101;SCL:1;SRVR:SN1PR12MB2366;H:SN1PR12MB2528.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: WexVBGfk0rWNX9zMqYe1BR7vj1hcB5+c2kCWRpuIp202NwkNYdFI/4yJYKYRSuunaorhL5kV2W3H851XfZU3I8P8Gu9/kFir7HX3HHtYv1f2BIGLfX/3MVsxug0Xh7RW2qyrhXLQvEDQNcvn2wICWw/MGHB3+JELWs4fNo6kIqp6CQTN8lZyT54FKQrV7C0hb0rKo7Kdz5RHyCK0fo30fEA21IqgWWzGv3M9or9Vnk6r3QGIjB2KV9zclvW3VHOiVowkWUzfSut5uzt8KYtqY5JJ0xnFFpqGTUjDd1sYVawYfz1F7AfUlfCMFMyxPPmhMh9nYwDbO2YnRlQ2dWcSsu5FLgIDufSaNFEHyxNJ/bNItaJSuGwcpNRWHQ16y//b5e3HAWOcusqJYrDZi2jPuW1cU/FmTKI885tdiYN9jDtgWYiHaINRY25ZOAvEop4x X-MS-Exchange-AntiSpam-MessageData: 0nW57U/TV3rFVhgmjP6dIMa0mypnXk7r47gVKwSx4Q5KGHS1I1Wp5ETkXrl8bw8LLunBe+IRslaMzG5QZ7wktuw17JnG2pqAV1TpQUWXWszPCa0fyUvFyxZqyqZFpIVlvpgu3KUMLQ/MGxfladJg6Q== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 10b2c5d4-3c29-4b73-fdc7-08d7b0229eb9 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Feb 2020 01:18:23.5679 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: A2mcun8SdJECEFSM8tyAMrC4C4/VJO9gjKs3ppyJgdSJTPHdrjBoqJJVfv3nm5GvNF1uhRUvTdSzi8zdsjHLBQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2366 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Brijesh Singh The ioctl can be used to set page encryption bitmap for an incoming guest. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- Documentation/virt/kvm/api.txt | 21 +++++++++++++++++ arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/svm.c | 42 +++++++++++++++++++++++++++++++++ arch/x86/kvm/x86.c | 12 ++++++++++ include/uapi/linux/kvm.h | 1 + 5 files changed, 78 insertions(+) diff --git a/Documentation/virt/kvm/api.txt b/Documentation/virt/kvm/api.txt index 053aecfabe74..d4e29a457e80 100644 --- a/Documentation/virt/kvm/api.txt +++ b/Documentation/virt/kvm/api.txt @@ -4239,6 +4239,27 @@ or shared. The bitmap can be used during the guest migration, if the page is private then userspace need to use SEV migration commands to transmit the page. +4.121 KVM_SET_PAGE_ENC_BITMAP (vm ioctl) + +Capability: basic +Architectures: x86 +Type: vm ioctl +Parameters: struct kvm_page_enc_bitmap (in/out) +Returns: 0 on success, -1 on error + +/* for KVM_SET_PAGE_ENC_BITMAP */ +struct kvm_page_enc_bitmap { + __u64 start_gfn; + __u64 num_pages; + union { + void __user *enc_bitmap; /* one bit per page */ + __u64 padding2; + }; +}; + +During the guest live migration the outgoing guest exports its page encryption +bitmap, the KVM_SET_PAGE_ENC_BITMAP can be used to build the page encryption +bitmap for an incoming guest. 5. The kvm_run structure ------------------------ diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index a6882c5214b4..698ea92290af 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1260,6 +1260,8 @@ struct kvm_x86_ops { unsigned long sz, unsigned long mode); int (*get_page_enc_bitmap)(struct kvm *kvm, struct kvm_page_enc_bitmap *bmap); + int (*set_page_enc_bitmap)(struct kvm *kvm, + struct kvm_page_enc_bitmap *bmap); }; struct kvm_arch_async_pf { diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index f1c8806a97c6..a710a6a2d18c 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -7715,6 +7715,47 @@ static int svm_get_page_enc_bitmap(struct kvm *kvm, return ret; } +static int svm_set_page_enc_bitmap(struct kvm *kvm, + struct kvm_page_enc_bitmap *bmap) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + unsigned long gfn_start, gfn_end; + unsigned long *bitmap; + unsigned long sz, i; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + gfn_start = bmap->start_gfn; + gfn_end = gfn_start + bmap->num_pages; + + sz = ALIGN(bmap->num_pages, BITS_PER_LONG) / 8; + bitmap = kmalloc(sz, GFP_KERNEL); + if (!bitmap) + return -ENOMEM; + + ret = -EFAULT; + if (copy_from_user(bitmap, bmap->enc_bitmap, sz)) + goto out; + + mutex_lock(&kvm->lock); + ret = sev_resize_page_enc_bitmap(kvm, gfn_end); + if (ret) + goto unlock; + + i = gfn_start; + for_each_clear_bit_from(i, bitmap, (gfn_end - gfn_start)) + clear_bit(i + gfn_start, sev->page_enc_bmap); + + ret = 0; +unlock: + mutex_unlock(&kvm->lock); +out: + kfree(bitmap); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -8109,6 +8150,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = { .page_enc_status_hc = svm_page_enc_status_hc, .get_page_enc_bitmap = svm_get_page_enc_bitmap, + .set_page_enc_bitmap = svm_set_page_enc_bitmap, }; static int __init svm_init(void) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index e955f886ee17..a1ac5b8c5cd7 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -5225,6 +5225,18 @@ long kvm_arch_vm_ioctl(struct file *filp, r = kvm_x86_ops->get_page_enc_bitmap(kvm, &bitmap); break; } + case KVM_SET_PAGE_ENC_BITMAP: { + struct kvm_page_enc_bitmap bitmap; + + r = -EFAULT; + if (copy_from_user(&bitmap, argp, sizeof(bitmap))) + goto out; + + r = -ENOTTY; + if (kvm_x86_ops->set_page_enc_bitmap) + r = kvm_x86_ops->set_page_enc_bitmap(kvm, &bitmap); + break; + } default: r = -ENOTTY; } diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 9377b26c5f4e..2f36afd11e0e 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1489,6 +1489,7 @@ struct kvm_enc_region { #define KVM_S390_CLEAR_RESET _IO(KVMIO, 0xc4) #define KVM_GET_PAGE_ENC_BITMAP _IOW(KVMIO, 0xc2, struct kvm_page_enc_bitmap) +#define KVM_SET_PAGE_ENC_BITMAP _IOW(KVMIO, 0xc3, struct kvm_page_enc_bitmap) /* Secure Encrypted Virtualization command */ enum sev_cmd_id { From patchwork Thu Feb 13 01:18:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 11379563 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CB0BE109A for ; Thu, 13 Feb 2020 01:18:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 9E803217F4 for ; Thu, 13 Feb 2020 01:18:46 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="EpRekUDN" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729472AbgBMBSm (ORCPT ); Wed, 12 Feb 2020 20:18:42 -0500 Received: from mail-eopbgr680058.outbound.protection.outlook.com ([40.107.68.58]:29926 "EHLO NAM04-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729401AbgBMBSm (ORCPT ); Wed, 12 Feb 2020 20:18:42 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BR2b2USINx5PTmdLQ38a7TGuUZTs3qa6DUfclG7LaH8zdUvwMDiuhRmTRCVVnZMdwAHYiXnLqvxON0t/+UEc/dHrCzRpYKlcoTAMcGGIudpa9DBPhgCIl4lVhmzi8y/giixI1MwS7NeQoZ7RKFMNNA9hWfSuhxBqxm8DLtLHeCJ3Urgq0bVlj+BZUT+ln32Z7AjJxsTfm/9HTetVpKZJ0e2h1dMUMBmiN06+/7xo8/sYbv3Kp1pYOwmxrwxi8uc13j/l8CmO4rOYIi5ustfiGxNZ36l8U2MoMfR1F0X2ln+c4FV9c1mGCJac+lHMp3pAMV1v+ShQn66GrJ41QXG2eA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ED3x3T23R/2IY5Yo8F/wTx+qVvyPpmSMS5bdCyjSBvg=; b=ff5Et+BR9RUMGuTlZByawgGPZB166+qRyVDhOkPbNUJ0uSn2fgSmrVrt3x09OF3lvsToV+7ANdfHcUweyAXVdX9GnPjmpUQTMzyp+wnIcHVGQuUU5boBUt53VII3muGD4cfC0Sg2BtzeosEP6eUx4jbXLKCCznnFrd8oc4CTBZx6vSJYL2DS7MWXa+wmy+M29cIFXjooIdAtQV4DJ7K42x/oOU9cZTyKQ1s6ohUz2imVI1GD8nD10tln0qn+R1pYwEf0NXssgc87xn+1+wzDIhbizP5CEETri+xWiQPLVdSxi2Ky5nl+V4r5ze67C61lEJae4czsnXySTgaJyh8atw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ED3x3T23R/2IY5Yo8F/wTx+qVvyPpmSMS5bdCyjSBvg=; b=EpRekUDNc+4wJ5KsEchlmpmuxUdQlNqX6gLBhLk4/ioi3ypFzaEa8VTukaKh9b5xQPpVKoDX7nLLzEgQrjZ9+NXH6qfy95WX8OrOjaDgvxmnHki5zlCOwjYzI87jtDdrunnnUyF/rKTisZawLCotcy6m8Wq5xHAbhdkfNH0nLw8= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Ashish.Kalra@amd.com; Received: from SN1PR12MB2528.namprd12.prod.outlook.com (52.132.196.33) by SN1PR12MB2366.namprd12.prod.outlook.com (52.132.194.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.22; Thu, 13 Feb 2020 01:18:38 +0000 Received: from SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1]) by SN1PR12MB2528.namprd12.prod.outlook.com ([fe80::fd48:9921:dd63:c6e1%7]) with mapi id 15.20.2707.030; Thu, 13 Feb 2020 01:18:38 +0000 From: Ashish Kalra To: pbonzini@redhat.com Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, rientjes@google.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 12/12] KVM: x86: Introduce KVM_PAGE_ENC_BITMAP_RESET ioctl Date: Thu, 13 Feb 2020 01:18:29 +0000 Message-Id: <042534206aa0800f9eeb038176e22c3ab39df11c.1581555616.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SN2PR01CA0065.prod.exchangelabs.com (2603:10b6:800::33) To SN1PR12MB2528.namprd12.prod.outlook.com (2603:10b6:802:28::33) MIME-Version: 1.0 Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN2PR01CA0065.prod.exchangelabs.com (2603:10b6:800::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.23 via Frontend Transport; Thu, 13 Feb 2020 01:18:38 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [165.204.77.1] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: cb14941d-6858-4d18-3fe2-08d7b022a7a1 X-MS-TrafficTypeDiagnostic: SN1PR12MB2366:|SN1PR12MB2366: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6108; X-Forefront-PRVS: 031257FE13 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4636009)(366004)(199004)(189003)(8936002)(5660300002)(66946007)(66476007)(66556008)(7416002)(2906002)(6916009)(6666004)(4326008)(7696005)(52116002)(36756003)(6486002)(86362001)(956004)(2616005)(81156014)(498600001)(8676002)(81166006)(26005)(16526019)(186003);DIR:OUT;SFP:1101;SCL:1;SRVR:SN1PR12MB2366;H:SN1PR12MB2528.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: JlMNLUb/toR0kEPg+34wa/RyTDGvy74e7YaH0UKP3L6OBKqorYx1gesTEk5VvdAbplkWRM4iGWP4AI9g8YpaRujgOug2RpUS2yCObHQqyvBug7BzyYGjZbWfs591GDuVqEIsG0OVQWtAPk1mZbOQ8rlTu8MlYtW2r1lbg6dwXg25K0ffje3Iepe1L9ymHl4RZ5kAxrLQX1fM7Iv6g+vXOJXn7/bcZmL40s2SXuRcVgyLx4GrnXIEgWiezqEvw7uKhf9zj4YwuVH9mf75JjbA6WxmI7dQmcBoRE1wiLaiOQkp3/91QNGnzi+PK1CGc/T2fDO1JB1O27/VXkhlancH22Xhdv49dBqTgs5EiF7dznSoYIg2R5HI/ySRpumi6jlW0FORi6fhdl4fJHemwXjxON0Tn7uHzRZZ/X/Bai8UZH3k8Lea1KzIFooRYQpcNhWl X-MS-Exchange-AntiSpam-MessageData: rjM3+VzRbhbkiPivU4YSJ5wsf1ZXkeDNYMNLcXtv0x9Y5MTGS9//oNfe4WfTcXFbV8zx8Do4v+PU32dcQVphmsDMJFF37+mj2nU3rmnaPE9kstlz0DtarHgZiMUUEk7HWl5nmAHx8pReqD4qRfqa4Q== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: cb14941d-6858-4d18-3fe2-08d7b022a7a1 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Feb 2020 01:18:38.5073 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: PIAAhvcXl08rdGfU8zEtEuNgKYRN0xidUv1rVLf3W7h/BU7GKpgxi4BsLndtt+kVr3BkZzRHdqdKFiCqhTYKzQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2366 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Ashish Kalra This ioctl can be used by the application to reset the page encryption bitmap managed by the KVM driver. A typical usage for this ioctl is on VM reboot, on reboot, we must reinitialize the bitmap. Signed-off-by: Ashish Kalra --- Documentation/virt/kvm/api.txt | 11 +++++++++++ arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm.c | 16 ++++++++++++++++ arch/x86/kvm/x86.c | 6 ++++++ include/uapi/linux/kvm.h | 1 + 5 files changed, 35 insertions(+) diff --git a/Documentation/virt/kvm/api.txt b/Documentation/virt/kvm/api.txt index d4e29a457e80..bf0fd3c2ea07 100644 --- a/Documentation/virt/kvm/api.txt +++ b/Documentation/virt/kvm/api.txt @@ -4261,6 +4261,17 @@ During the guest live migration the outgoing guest exports its page encryption bitmap, the KVM_SET_PAGE_ENC_BITMAP can be used to build the page encryption bitmap for an incoming guest. +4.122 KVM_PAGE_ENC_BITMAP_RESET (vm ioctl) + +Capability: basic +Architectures: x86 +Type: vm ioctl +Parameters: none +Returns: 0 on success, -1 on error + +The KVM_PAGE_ENC_BITMAP_RESET is used to reset the guest's page encryption +bitmap during guest reboot and this is only done on the guest's boot vCPU. + 5. The kvm_run structure ------------------------ diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 698ea92290af..746c9c84d14a 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1262,6 +1262,7 @@ struct kvm_x86_ops { struct kvm_page_enc_bitmap *bmap); int (*set_page_enc_bitmap)(struct kvm *kvm, struct kvm_page_enc_bitmap *bmap); + int (*reset_page_enc_bitmap)(struct kvm *kvm); }; struct kvm_arch_async_pf { diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index a710a6a2d18c..1659539b1873 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -7756,6 +7756,21 @@ static int svm_set_page_enc_bitmap(struct kvm *kvm, return ret; } +static int svm_reset_page_enc_bitmap(struct kvm *kvm) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + + if (!sev_guest(kvm)) + return -ENOTTY; + + mutex_lock(&kvm->lock); + /* by default all pages should be marked encrypted */ + if (sev->page_enc_bmap_size) + bitmap_fill(sev->page_enc_bmap, sev->page_enc_bmap_size); + mutex_unlock(&kvm->lock); + return 0; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -8151,6 +8166,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = { .page_enc_status_hc = svm_page_enc_status_hc, .get_page_enc_bitmap = svm_get_page_enc_bitmap, .set_page_enc_bitmap = svm_set_page_enc_bitmap, + .reset_page_enc_bitmap = svm_reset_page_enc_bitmap, }; static int __init svm_init(void) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index a1ac5b8c5cd7..eeb2a3dfeb02 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -5237,6 +5237,12 @@ long kvm_arch_vm_ioctl(struct file *filp, r = kvm_x86_ops->set_page_enc_bitmap(kvm, &bitmap); break; } + case KVM_PAGE_ENC_BITMAP_RESET: { + r = -ENOTTY; + if (kvm_x86_ops->reset_page_enc_bitmap) + r = kvm_x86_ops->reset_page_enc_bitmap(kvm); + break; + } default: r = -ENOTTY; } diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 2f36afd11e0e..4001c22cb36b 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1490,6 +1490,7 @@ struct kvm_enc_region { #define KVM_GET_PAGE_ENC_BITMAP _IOW(KVMIO, 0xc2, struct kvm_page_enc_bitmap) #define KVM_SET_PAGE_ENC_BITMAP _IOW(KVMIO, 0xc3, struct kvm_page_enc_bitmap) +#define KVM_PAGE_ENC_BITMAP_RESET _IO(KVMIO, 0xc4) /* Secure Encrypted Virtualization command */ enum sev_cmd_id {