From patchwork Tue Nov 17 17:07:04 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912955 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C99B9C56202 for ; Tue, 17 Nov 2020 17:08:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6DE7924248 for ; Tue, 17 Nov 2020 17:08:36 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="QZ2RagTC" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728624AbgKQRIF (ORCPT ); Tue, 17 Nov 2020 12:08:05 -0500 Received: from mail-dm6nam12on2082.outbound.protection.outlook.com ([40.107.243.82]:43254 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726196AbgKQRIF (ORCPT ); Tue, 17 Nov 2020 12:08:05 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=P0XTVk+chRmekHfOT8VNr6ozY5bn/RB1u5K4Bzyp+bnu6Hb4fi5gs/IDkjNzDZIRHmcunpFgk9XwO2n0SD/0ApETZY8/2IuYIUuWseMtMvtIE3k9wIAZ+DwVHpdySsk3Vm4q77XmHFSylp2H05CbejKfrPEDOV7BZthj3GyRD6RWZuIAPFb8iVYxUkfclLd1rwV0ZqDgPDtsOuRWmoRH3bJIaZsJNbv9beRYSzdZWZimrgwrnF3G+o1ibVrj+EX/SFfgkdgtUKzggGZ1EXmq4miJcue5XU3t+r9HDFNyiq5QOV++P5LYdEJSw49LCtUGBQ++Fe27DcLtscKqiLU9AA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jIDSQVwBhceTkXrKGCJrfTL5U9e5STc9iqm9UuU3694=; b=KbRxlNP2Sa6UBphIlYhrvqLKxT5VOH5ri95/vPn9Q9Dxk5WcnVpCMlG9EzQd+WdpSC+hCO5L9JM/aFSuNm4sHKhhReX4j25wSHWibzgoQQZGJmakEbX6eFgG4jt5FZwOX2V9ODjEqjWUjMAYEMreoCVu5GRYCDlKX86OX+HXOz9MgDqveBZA67xKXItP4g9veVcXsC67KMdUI1nLmZhIRYaRaBp1or85t+oUOcGAOOqYonxQid7ETSYd+uyr3GgT0/QtQLCPhsdRTpp/dxNCf5mg8WDYubWYcbDqUsifwqEzpj2WdkgaZ/Ugx63QX3YpneEgvGj1zZQsRp4L5z12+A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jIDSQVwBhceTkXrKGCJrfTL5U9e5STc9iqm9UuU3694=; b=QZ2RagTC4XgzAUJvQMYEDr+chGyyCqYyHm5yCh+5DD0CyAV/EkZJf4VOJMTQcYJQXQv5u89ksjUB2TvDDmsvqpxW8cg8tL9d1B+rD/NSENbolUabIglnHXP2wcc3y1s/dQGhUch8qseBuOZOa/cbsZLS4sVDR2G/TK9YCfRjr50= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:07:58 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:07:58 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 01/34] x86/cpu: Add VM page flush MSR availablility as a CPUID feature Date: Tue, 17 Nov 2020 11:07:04 -0600 Message-Id: <4c43715b4efc7a4c8c120b4246198a069f81bce7.1605632857.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM5PR22CA0010.namprd22.prod.outlook.com (2603:10b6:3:101::20) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by DM5PR22CA0010.namprd22.prod.outlook.com (2603:10b6:3:101::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.28 via Frontend Transport; Tue, 17 Nov 2020 17:07:57 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: a72ca651-735b-488c-0167-08d88b1b5511 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: sjx40CJlBI5mH8sJZ0eQxUnK+pbe6Re0Eob6X6SFBZc/RZhl4hGWLMMYPqJgqzCCsTqXDZAnhhqn1AaM3i6OunDf21CqXjKw4GWVYd1+rAY3tbdmRrGRk93PB2Ww8lamLh1KH07LzzNuJAl0H2s40jSrGOLYVjjkWxuQGjKlWj3nd+/7Q6D4zFjR8j3Y/Ywc7TUbJJ3kriVHeSrSCvb/dcd6UFT4zfXQYZPRCbh4L7uKyrzGVScq6RD0pQaJ1KVJP4oe+oEz+sDFD+sA0xXyYlQVEGU8MEN/65jJAGOC+xie7Zv2dg5aDX8KzwjYhQoCwaHbI2qJJyWhoUBowkhVyw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: hpfKuoa34hW1hfcngx35eKIGmt6/R4LaFjm4sPkWaZWH+KjrEj58UnMghm81IH+M6y/WZBqT6uvUU3JexnR6cHVVKySGQDnGS0C3cxd28avN8Fmrrb97HFbUGcw+2pOl0nwyfC2/YtVlmknYWxvkg1lo2tfx35gVdiZCVAJZTvZHJtu5oD2kkmxnd2hRFu9KYn/x6Da1I9bJPGe4nXnkcCiRRXvwV8hdzYrf36t7t2P2vIWx5SHtQQdXUdcmy5vIUSR+D8ehYyznNDtXjVqyX30GNxCPnj79Fj/SfiMwhyP3T7JfA2AjxAUuvjxpemogZEhMcs/V3yZ3kz1Wi/tRNJ7DxJAQoTECjoCT/vAqriP/cke75vyUUVPYwGHmiXC05o261a4nBwmruYBu9gnZDXxqxdJK/BpNjr7plGd36veuCRpeOF0tqwJBtIxXjkGWBfMvXASC/G88J4qsNoIVyIvA8yFW4pc6wbhXLREYqfLNJbpAvfpdUnyYJ38Jfbo5br0LWTq6TRKx4DWQ6Nv2Y4ir7ar2P5tB68orr9p8M1w3sXzd3AS5kUTCBhjnSHATnzPz676SiM40eviVGSJa8LNqic5jjQoljrMzdY9lWOkdaK0rDbmv0ghpM+hFqcp2QItKtkrts9+xC7TuJIjMzw== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: a72ca651-735b-488c-0167-08d88b1b5511 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:07:58.2879 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 5czkLKAL+VvhidbT6o8ra+/k9Si7iOs9bVBvAfDE4vD/8vTXnJkH0zIcfBj0FwZykZt+qpUSAJBCjjTLV+c4Jg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky On systems that do not have hardware enforced cache coherency between encrypted and unencrypted mappings of the same physical page, the hypervisor can use the VM page flush MSR (0xc001011e) to flush the cache contents of an SEV guest page. When a small number of pages are being flushed, this can be used in place of issuing a WBINVD across all CPUs. CPUID 0x8000001f_eax[2] is used to determine if the VM page flush MSR is available. Add a CPUID feature to indicate it is supported and define the MSR. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/msr-index.h | 1 + arch/x86/kernel/cpu/scattered.c | 1 + 3 files changed, 3 insertions(+) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index dad350d42ecf..54df367b3180 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -237,6 +237,7 @@ #define X86_FEATURE_VMCALL ( 8*32+18) /* "" Hypervisor supports the VMCALL instruction */ #define X86_FEATURE_VMW_VMMCALL ( 8*32+19) /* "" VMware prefers VMMCALL hypercall instruction */ #define X86_FEATURE_SEV_ES ( 8*32+20) /* AMD Secure Encrypted Virtualization - Encrypted State */ +#define X86_FEATURE_VM_PAGE_FLUSH ( 8*32+21) /* "" VM Page Flush MSR is supported */ /* Intel-defined CPU features, CPUID level 0x00000007:0 (EBX), word 9 */ #define X86_FEATURE_FSGSBASE ( 9*32+ 0) /* RDFSBASE, WRFSBASE, RDGSBASE, WRGSBASE instructions*/ diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index 972a34d93505..abfc9b0fbd8d 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -470,6 +470,7 @@ #define MSR_AMD64_ICIBSEXTDCTL 0xc001103c #define MSR_AMD64_IBSOPDATA4 0xc001103d #define MSR_AMD64_IBS_REG_COUNT_MAX 8 /* includes MSR_AMD64_IBSBRTARGET */ +#define MSR_AMD64_VM_PAGE_FLUSH 0xc001011e #define MSR_AMD64_SEV_ES_GHCB 0xc0010130 #define MSR_AMD64_SEV 0xc0010131 #define MSR_AMD64_SEV_ENABLED_BIT 0 diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c index 866c9a9bcdee..236924930bf0 100644 --- a/arch/x86/kernel/cpu/scattered.c +++ b/arch/x86/kernel/cpu/scattered.c @@ -44,6 +44,7 @@ static const struct cpuid_bit cpuid_bits[] = { { X86_FEATURE_SEV, CPUID_EAX, 1, 0x8000001f, 0 }, { X86_FEATURE_SEV_ES, CPUID_EAX, 3, 0x8000001f, 0 }, { X86_FEATURE_SME_COHERENT, CPUID_EAX, 10, 0x8000001f, 0 }, + { X86_FEATURE_VM_PAGE_FLUSH, CPUID_EAX, 2, 0x8000001f, 0 }, { 0, 0, 0, 0, 0 } }; From patchwork Tue Nov 17 17:07:05 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912959 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 399FDC63798 for ; Tue, 17 Nov 2020 17:08:37 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E32AB24248 for ; Tue, 17 Nov 2020 17:08:36 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="fQkQScjJ" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728662AbgKQRIL (ORCPT ); Tue, 17 Nov 2020 12:08:11 -0500 Received: from mail-dm6nam12on2074.outbound.protection.outlook.com ([40.107.243.74]:57312 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726196AbgKQRIK (ORCPT ); Tue, 17 Nov 2020 12:08:10 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dTWDSfCjTJTG3O7ueSuireRb0XPcA1jwUiQqE5q9wb+st8HzMAJjVTBUeS8bYyKdp753FvhXfJTZGEQqN4Yu0Tn5SLCaGPA+qCwFDj4Os07WrOU2L3kR5C5KEH6PeUwloxenMetdVM5F0EpdzxBQWYnDK/rzjxQ8yMsj2Pl7e1G/bWUi1dkRKFd0dyWxSgvavZvN68wNiXtP+l0e/9PWtBX890lTjS4PEqtJdIuZm/Ha43HXy4/d0rBdimOdgzUe5Ut5tD23Afr2S27LK/Dydnsy0CYT6CVOzXIVa+YgAWEZAS+YXKCoE4CHbP8aGGXnHxYADhXlLqIm3Zkv/qJCmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dezrM75SgkRzYWh4Ln72KARkco3Iwy+sJTmsje+sres=; b=e1+SlwinsCbu4HnakV5ouecDs6I2PIuj5T8FJytN+oWRWRotlwm/4bcoyImMVhIJsslt+U2Q1IpTZvj/mDPJElA1xZo1LbaFOEfIHxMfyz0kBIRRDw2VZfJkc7rkyOr6JwH782HPAlTz1k6kxBf63PPDgwRrzAf/GxqN5VWGlrl08gv09tlzNQkcsOiMSKZcXIoOFB7Z9cHbSqoqikxRS/Uc6ohokjQJg753FY4hVcumo1jxoGjBqPzhl08qmxzPf1Y1aSzBG0suAbLtasCrkjL18Xc2qEnKvfvodDRYZ/+4zaNgdAruIRzOJNZYeFjBImOXmVJmOh39MNmyfzQK5w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dezrM75SgkRzYWh4Ln72KARkco3Iwy+sJTmsje+sres=; b=fQkQScjJUWstfJoHQn/EsI+zlKpMqlJ16UlXqTVGOLvBkAYn6ZsuWlgU2nvoNzRxienSJmoJNSFQXKi8kKFpEynW6Hz10r0C7wKWAsc2IxfarwDEdZ+XQhihdJXvZCHtJ4OcOVJuEXzTi6DSfSqcVJO+nMn0s0Yh3vO9FDRkiO0= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:08:05 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:08:05 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 02/34] KVM: SVM: Remove the call to sev_platform_status() during setup Date: Tue, 17 Nov 2020 11:07:05 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM5PR18CA0083.namprd18.prod.outlook.com (2603:10b6:3:3::21) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by DM5PR18CA0083.namprd18.prod.outlook.com (2603:10b6:3:3::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.20 via Frontend Transport; Tue, 17 Nov 2020 17:08:05 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 15646a3f-d746-44c2-7979-08d88b1b5996 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: tf+Vtf4g6KXn4vnDo6ISj1nF3F08vPjsFENzgPFMW5N6yrq/kRcHBDKJvlTBMg+4DsnuhMsLjamtwZ7QzbQFsOkjNPELnV0J8g+QMrw9gIv3I1skUvyg7aThjxeQzmB0HlYLcE72x9Ct7S4wscoEQLXJmAvLnCARP8hh19+VoZFigEg9qHzlfEKS+E0nkoD+7z34Z7/eJtNxseIBT+0O6i06GAAB+ey+jl7mBmdsKBnFyOcZYhprVbntKVYgNbOB7QIbDlOc4uO7GDirag+NXk8FI5RdAXJTyK4B00xT2da1u6zQ4T1uk5KnMAquJmw+3gfg47CeNs8hwG1IGKNfWg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: ck5U+geNcfi/FcxFqV7XVoEdA8fT4Ou6c0K5wDuOTpACRI9I3yV9S8DLT6Y44xI/S6lA2oPHFc7j+WI+NqeZ7GOGT7GG2YTti/pWPMZLawDkXj2QRrY2xBjDSUESzoZPBvNNu6OK63pUXdwBU9LP/t9VTqxWeSwLt+cvh6gGFnvBcXaL4r4oVxoCtyP1fgtZxzf3le+qam9DfF+pHnpqR5+4/NXD3SwOXJHMrUlZiGMkvB2vEd5D5h9jyfXW43dLFlx+ohluBeRrli6JPLO7X6zxAzzp1khY82Gjy+Z3aZqfRjcLvHW5dS+UsGgulKo9THaVoYuT4eMTDckHFr1nK08Vu9939hRDkZ4+uE1+1s8mFVeNJzMj9eTd3iHeARvriTBzoTmLO0/vowabc1syL1q6G/BAAQ0pBq6tUBJhPp3SOmxnWS01phGCZDRO3uHMztkeYKXwSBpQ5dweseJzXLc37skYx73QnA2ElzLl2poCVmQP6theSAa1w1+vQVenzqn0mmsJ13qciCFzdbg3+TUGoMx/S/dHVwIxBKy20kdE0vQdcDJPl5LlfvfQnYAZOJ2ovL3f+rXCls7A74RG1VrxgYVV0qPmfcXRbneIJ+tZsKC//WKOLriyi+MnT06DSk1h3gzIhjvgKYlwU9RA1Q== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 15646a3f-d746-44c2-7979-08d88b1b5996 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:08:05.8055 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 388/I6aYdWq3mV4Bnogt6iwf4h3kIFavzEPdWmPKpPfsVDHJnzC0nEOmX9TVtAUB4+sSRCSWSG6iKq27jVANGw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky When both KVM support and the CCP driver are built into the kernel instead of as modules, KVM initialization can happen before CCP initialization. As a result, sev_platform_status() will return a failure when it is called from sev_hardware_setup(), when this isn't really an error condition. Since sev_platform_status() doesn't need to be called at this time anyway, remove the invocation from sev_hardware_setup(). Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 22 +--------------------- 1 file changed, 1 insertion(+), 21 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index c0b14106258a..a4ba5476bf42 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1127,9 +1127,6 @@ void sev_vm_destroy(struct kvm *kvm) int __init sev_hardware_setup(void) { - struct sev_user_data_status *status; - int rc; - /* Maximum number of encrypted guests supported simultaneously */ max_sev_asid = cpuid_ecx(0x8000001F); @@ -1148,26 +1145,9 @@ int __init sev_hardware_setup(void) if (!sev_reclaim_asid_bitmap) return 1; - status = kmalloc(sizeof(*status), GFP_KERNEL); - if (!status) - return 1; - - /* - * Check SEV platform status. - * - * PLATFORM_STATUS can be called in any state, if we failed to query - * the PLATFORM status then either PSP firmware does not support SEV - * feature or SEV firmware is dead. - */ - rc = sev_platform_status(status, NULL); - if (rc) - goto err; - pr_info("SEV supported\n"); -err: - kfree(status); - return rc; + return 0; } void sev_hardware_teardown(void) From patchwork Tue Nov 17 17:07:06 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912957 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9FF5C6379F for ; Tue, 17 Nov 2020 17:08:37 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5C89224248 for ; Tue, 17 Nov 2020 17:08:37 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="lkTdJJcE" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728706AbgKQRIV (ORCPT ); Tue, 17 Nov 2020 12:08:21 -0500 Received: from mail-dm6nam12on2080.outbound.protection.outlook.com ([40.107.243.80]:32640 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726196AbgKQRIV (ORCPT ); Tue, 17 Nov 2020 12:08:21 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WdzAgio92YoIfQL5JCpP9i/3wioEPlNUhaxOxRhotwiKk/UYUDbG4fLRsP9NlMNbn6XYpEHL2OBpCgY6bxzHyLIA6KKkeYgeD4fBTm6gIH551CQcipW5h6sVyvI9LUHbCi56fwlrJGWjcqaElFP1cB9dokwA9QnGvJrZkxHmZlqquF7a/i/5XHuO/JhcDBIDyLZBRYcVWjdAbCamV4xFoPINhHpQb3sOt1KMoG0bYeS03wF5RFr3jCqDcaYaADTcMVnNQrz3J8O81FHrdKgxp2TtDL70mT/WO1mh6ajWIDLkKI+FfJ7Awff3ojr22drr/tcTurLrWDAq6ZLpJwWosA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=d8/XXGp8GPG0NCypmst5UHYMdJrRQzuAfnGIvQLwv6c=; b=P2V9oEMeIOBMlXz60FShb7W2oQ9rk1TthhmmtT1Wcx0p07ztZbPaVWD1cRvUBVm+fA8nBJadGqc/BLGltp2WS8SmzW2IBiiQlL9Gj5KnbBoeRgDhOP8wyyo+JtW0xntpL6fbIEnBT51eF2XDDw6eblwpX0VpgE0Q+6KB2gUkA+dmQiEvOKM5Aus7aa0ElxjKywrrO70oFirSUCXqkXqD4ANql60s5cX0MuNXwEwtwpLfNQfoZz3vVFqLnPIDF2/oGHNMmDVTuKhMYOmQ5y0fokWV5ZmQEjIVsA4+8rlJTOvoDYaiJ2hJ+H1OW5LLwOhoRioxxWlO5iqQfFgtG5mNqQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=d8/XXGp8GPG0NCypmst5UHYMdJrRQzuAfnGIvQLwv6c=; b=lkTdJJcEljBPDA4j3JGegjjDOR197HoZdnZrOrvz/FXQUI+GTCg6K+5ShbWgWRJhuQOBuhtzF+6vbjaxmgfgJcVBXguX9nwmRCK4RyaIG8ZYouejyW2ZvfMv5BRYjF2XDaToAyufteryqc4uNZx1odW8rWgJRgDJngIJdYKrNO0= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:08:13 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:08:13 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 03/34] KVM: SVM: Add support for SEV-ES capability in KVM Date: Tue, 17 Nov 2020 11:07:06 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM5PR18CA0076.namprd18.prod.outlook.com (2603:10b6:3:3::14) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by DM5PR18CA0076.namprd18.prod.outlook.com (2603:10b6:3:3::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.28 via Frontend Transport; Tue, 17 Nov 2020 17:08:12 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 0f757081-d688-41e4-7dec-08d88b1b5df7 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2958; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 9kqyu8j/FAM1sXWfqtjYY4PDR1aIuV6YMOucfw8Jy3/Vnzl1J8Q6vIngKrI8E5LnfzUrRxoiiy7jOkVboXsP6487g/f9s5O2lvSaYRtNvUzk6EGmGpsuacZOGTQ558sYX7FuxdUVIZtPcwXGdfsr+QO+rEy1C8aEe2ePDFpH532soawnDGjOqw0/v8Io7aBWLqhqxfg/nbMtCGZTwcSCrpluY3qHrg6K6Msd2DydnDfCjYv+Dgz4AnlimA6IdqQF328MhQCgOeJWw/gWwd858xfTtYfXWmFUb1YfG+uJbZLMzBt0HA65UNSZ5+bOt61w8sAtE9nKxcFTwA3HygNThg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: Uf5g8ifcPAOGvBaNX3NHCoNr1NSr6WzsB1mIRenrajQ+q6VwpLGefnJ8J+KUDVXQn3vsImkU5DIbQM2OoD/++0qcwH51hzJGS+LdI816bMfKGmGo6RElNQJWvU8gAJBDzww84tlFyAT9lD1oLrJk6k0+LCxWReUi0j2ntSUDj7dxBMw1LeaQLFlDU5mb82WIKAl79+ON9acx3koEIXdUd19q3oF3JXKmMdhUw/pJjXLmGDwOtVxv7zVc4CucnLlD7MsJlXy1cj0BvTwDS1pbKsYl8f5mMumjRWhxe/7cwRFNUz+cWyRMmF8tTrGmmlnomPZEUn6jNHhtsFnQZu8j9FKL6FEBig1krA0p/TEpf0GaLakgKxhv0LZFyFWsE3+ONloRVoObV2K8rh5LeKLfmkor5G6RjSQg1H1GJxMCBLvReet9ml9EXus/wObuGceycIXdp3N2RurubasbZDmBO0++PX6VpNeWKdKsT/atNktJzokpQX4EcaA72kWY/SrLDvlHqw4NmetpHt8soPxp4i1s2PWxIQbPnED3tbn/njbBIvuVsvZ857TkEzhvE75cBa/grW2djM2DXyknt1WULUdVC/kLcIibl6rVZjA/n/urVWClfyRyUVsir3UmWvP7mDGvjk2fSwTjPhSomeQhHQ== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0f757081-d688-41e4-7dec-08d88b1b5df7 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:08:13.1902 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: KhHZ8Myp7l3q16X9Nz3wR781FYUTNP2vxZE4b/1o+MQ4lKDC96WuqMsXmA3rEG2iGHGfzjx1eziBzwNYErbNjg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky Add support to KVM for determining if a system is capable of supporting SEV-ES as well as determining if a guest is an SEV-ES guest. Signed-off-by: Tom Lendacky --- arch/x86/kvm/Kconfig | 3 ++- arch/x86/kvm/svm/sev.c | 47 ++++++++++++++++++++++++++++++++++-------- arch/x86/kvm/svm/svm.c | 20 +++++++++--------- arch/x86/kvm/svm/svm.h | 17 ++++++++++++++- 4 files changed, 66 insertions(+), 21 deletions(-) diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig index f92dfd8ef10d..7ac592664c52 100644 --- a/arch/x86/kvm/Kconfig +++ b/arch/x86/kvm/Kconfig @@ -100,7 +100,8 @@ config KVM_AMD_SEV depends on KVM_AMD && X86_64 depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m) help - Provides support for launching Encrypted VMs on AMD processors. + Provides support for launching Encrypted VMs (SEV) and Encrypted VMs + with Encrypted State (SEV-ES) on AMD processors. config KVM_MMU_AUDIT bool "Audit KVM MMU" diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index a4ba5476bf42..9bf5e9dadff5 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -932,7 +932,7 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp) struct kvm_sev_cmd sev_cmd; int r; - if (!svm_sev_enabled()) + if (!svm_sev_enabled() || !sev) return -ENOTTY; if (!argp) @@ -1125,29 +1125,58 @@ void sev_vm_destroy(struct kvm *kvm) sev_asid_free(sev->asid); } -int __init sev_hardware_setup(void) +void __init sev_hardware_setup(void) { + unsigned int eax, ebx, ecx, edx; + bool sev_es_supported = false; + bool sev_supported = false; + + /* Does the CPU support SEV? */ + if (!boot_cpu_has(X86_FEATURE_SEV)) + goto out; + + /* Retrieve SEV CPUID information */ + cpuid(0x8000001f, &eax, &ebx, &ecx, &edx); + /* Maximum number of encrypted guests supported simultaneously */ - max_sev_asid = cpuid_ecx(0x8000001F); + max_sev_asid = ecx; if (!svm_sev_enabled()) - return 1; + goto out; /* Minimum ASID value that should be used for SEV guest */ - min_sev_asid = cpuid_edx(0x8000001F); + min_sev_asid = edx; /* Initialize SEV ASID bitmaps */ sev_asid_bitmap = bitmap_zalloc(max_sev_asid, GFP_KERNEL); if (!sev_asid_bitmap) - return 1; + goto out; sev_reclaim_asid_bitmap = bitmap_zalloc(max_sev_asid, GFP_KERNEL); if (!sev_reclaim_asid_bitmap) - return 1; + goto out; - pr_info("SEV supported\n"); + pr_info("SEV supported: %u ASIDs\n", max_sev_asid - min_sev_asid + 1); + sev_supported = true; - return 0; + /* SEV-ES support requested? */ + if (!sev_es) + goto out; + + /* Does the CPU support SEV-ES? */ + if (!boot_cpu_has(X86_FEATURE_SEV_ES)) + goto out; + + /* Has the system been allocated ASIDs for SEV-ES? */ + if (min_sev_asid == 1) + goto out; + + pr_info("SEV-ES supported: %u ASIDs\n", min_sev_asid - 1); + sev_es_supported = true; + +out: + sev = sev_supported; + sev_es = sev_es_supported; } void sev_hardware_teardown(void) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 2f32fd09e259..a3198b65f431 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -187,9 +187,13 @@ static int vgif = true; module_param(vgif, int, 0444); /* enable/disable SEV support */ -static int sev = IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT); +int sev = IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT); module_param(sev, int, 0444); +/* enable/disable SEV-ES support */ +int sev_es = IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT); +module_param(sev_es, int, 0444); + static bool __read_mostly dump_invalid_vmcb = 0; module_param(dump_invalid_vmcb, bool, 0644); @@ -959,15 +963,11 @@ static __init int svm_hardware_setup(void) kvm_enable_efer_bits(EFER_SVME | EFER_LMSLE); } - if (sev) { - if (boot_cpu_has(X86_FEATURE_SEV) && - IS_ENABLED(CONFIG_KVM_AMD_SEV)) { - r = sev_hardware_setup(); - if (r) - sev = false; - } else { - sev = false; - } + if (IS_ENABLED(CONFIG_KVM_AMD_SEV) && sev) { + sev_hardware_setup(); + } else { + sev = false; + sev_es = false; } svm_adjust_mmio_mask(); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 1d853fe4c778..af9e5910817c 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -61,6 +61,7 @@ enum { struct kvm_sev_info { bool active; /* SEV enabled guest */ + bool es_active; /* SEV-ES enabled guest */ unsigned int asid; /* ASID used for this guest */ unsigned int handle; /* SEV firmware handle */ int fd; /* SEV device fd */ @@ -351,6 +352,9 @@ static inline bool gif_set(struct vcpu_svm *svm) #define MSR_CR3_LONG_MBZ_MASK 0xfff0000000000000U #define MSR_INVALID 0xffffffffU +extern int sev; +extern int sev_es; + u32 svm_msrpm_offset(u32 msr); u32 *svm_vcpu_alloc_msrpm(void); void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu, u32 *msrpm); @@ -483,6 +487,17 @@ static inline bool sev_guest(struct kvm *kvm) #endif } +static inline bool sev_es_guest(struct kvm *kvm) +{ +#ifdef CONFIG_KVM_AMD_SEV + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + + return sev_guest(kvm) && sev->es_active; +#else + return false; +#endif +} + static inline bool svm_sev_enabled(void) { return IS_ENABLED(CONFIG_KVM_AMD_SEV) ? max_sev_asid : 0; @@ -495,7 +510,7 @@ int svm_register_enc_region(struct kvm *kvm, int svm_unregister_enc_region(struct kvm *kvm, struct kvm_enc_region *range); void pre_sev_run(struct vcpu_svm *svm, int cpu); -int __init sev_hardware_setup(void); +void __init sev_hardware_setup(void); void sev_hardware_teardown(void); #endif From patchwork Tue Nov 17 17:07:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912961 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56B7EC64E75 for ; Tue, 17 Nov 2020 17:08:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D25FD24248 for ; Tue, 17 Nov 2020 17:08:37 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="FBS8NBPi" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728730AbgKQRI0 (ORCPT ); Tue, 17 Nov 2020 12:08:26 -0500 Received: from mail-dm6nam12on2077.outbound.protection.outlook.com ([40.107.243.77]:28257 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726196AbgKQRIZ (ORCPT ); Tue, 17 Nov 2020 12:08:25 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ikf14yj13scfpLikvWtaUUndAczl9zTZQiGLSlm66/v2otEArNaJqZFd50wFDL0s+B4ugK31KaS/HwdxLcCCU2Ov6IT00f0yfr2e3PSJgxz1P6eNu6bj4arugARNAm/Om0gyXRCqksk5GscPFxteAUg2joPAj3RrNQhYvZThzd+Ez87fqJxwro0eye4C5Me2vvldjuFJK7CxGWV8nuU76VNcSfh+0vuQU5yDeka8KpMyIg4AAXCyeO3IaSMW+Eky2/xK0IxPyI04eRg1CuT+4CHxcm+rbSmVMopKbmRW/YWv9Js4iszfBMkQKxnXO8LAynC3eFiDXeR17gjI85LGPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gB2y2HvF8jpTgK1wvNB19tkYSym+XgJS9kDwh7ZQ4PI=; b=O/X8Mdtj/2jboZGvF2CiEt/zuo7JwRHJFv8TnWk2pAMw1Qdpvu3JromtgljNyjJJ55HfImOnEq9kKroJW8yua+wNBSZ4GLJFGOmMPoXBuYMfwZMKnsjeH0hDiJums7C5FXyGHkuzW4bJh0AQS2Sj0ZciKNd6lkwxjtNtZ2VTMJxR0ql879/cJFMDYzBg3VOtKP0BTo96sRwsAl6zVCRGrbVgCy0aa6TbmspQ2Io8gct/k/J83/JLke3mMFcHm/B2Wqu+EG5LFOUsT39QYJSdBB/OFnXAXjqSWYtFMp4s5Hw23wUJbbg1uVGUBXaWj6Z0gF0dy820UpwuCRKtXD0+tw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gB2y2HvF8jpTgK1wvNB19tkYSym+XgJS9kDwh7ZQ4PI=; b=FBS8NBPi8zGpQO6+IjJ6qbW/K6mebyexXQKD0DrdFM91Lzd2kOD+6ukmZz9PitKVqfOOIaDyVGjiMsrGDHSVKXy8XMa6kV22a7p7frWNRt6y2cfo++06og0LUqJhkCVRSaFyCrGBTzLfkRgaYydztzrFXjn8z4EJls/1E52YESQ= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:08:20 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:08:20 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 04/34] KVM: SVM: Add GHCB accessor functions for retrieving fields Date: Tue, 17 Nov 2020 11:07:07 -0600 Message-Id: <6d2750b2be616619297324ac857824a64ca824b0.1605632857.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM6PR07CA0062.namprd07.prod.outlook.com (2603:10b6:5:74::39) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by DM6PR07CA0062.namprd07.prod.outlook.com (2603:10b6:5:74::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.25 via Frontend Transport; Tue, 17 Nov 2020 17:08:20 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: a6d91edf-4cc7-47e4-e110-08d88b1b626b X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4941; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: gM0Mlkvn2T3EZaIL6iCpfCD50Qfvi4AB3I1/1g3KXR/M4vZBx3w02CNXNfV1JRcVlHXhuUx93Z2XbXYj5Dv4cpFhyNUopPbtjCVq9v2TNPJyUdyxkuIwf6A5OmB/YR+LnU2XPmYiysuO9BCtmspJ9plFCUSOmPUPJXBZPcI1XAJbuCdM0/vScLuxw+/l+6eu0U5Ha6I7yY526Ks4eMjr3/TeeJbPpPQfUziqUo3v7SmdYOTDMT7oIeKN2FL/92VA7k8c6V8Ia1/3/8uykAGYKAu3O2631sumrpw7HljZdN17icNqZj62+er4mZaXca29SuLvwzlIuRXxwrJ7WT0VwA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: oT4Y4a8aHv4Ax7PTrXPCCR8GE1Zf2TOiuYuIKQIaUqD0HBBiEB9Bj8eavbKNTKiVKpYFHUrdsaWnZVejHHBIZ1Ob8ncQzQwEhIjg8PhcQZoJCcWlBVX2Hq1L5xm7/0/2/ELCuVM/MJ7Qa4sXIJosTaUNVVVKMov2zU2AOK3IWskCg82CDHBnWXSe4HGEr33mKJVbzLljsDvWOmpDOag/TZQTQn700JzExXFu8rTNKgpPFjpJ4EzRQS/VIX3AP3oycrGVUSldrhuF48LVE/17QJrRyvNSmGQOyByKpBMCV0Gt1PazlqChPCQoNs8CakWYmWBGapYXkzMoxttt46GUFgaHJiVk6UtWjHxBpdVcsb9WZIKDWKZK1/OJJbNLBB/CXJmw+vxGP5gQ3xvIBmLOTZclZsEjUAHvce580LWrLFVURhItgOHTqJRDAOqjoO5YS5zcxbP5b/OMjTTvxHJjUdY8jUfSx9TNBBpg05yfP4C2GarYRzzHJLe+bBUUEHfQKCLJFZUYGCzSe8Gj6uuIbv9y5Q9QLFxS8j3UGTySJnXfFrDSLzh6628llZO5b5CxjMaehKRppcncUPzEcqg07pnics12xzr0tgN5DpTZ7wn5MEwVqj3dVMoEhDym23drSa6vZvI9CzXuaxGGi/GA+A== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: a6d91edf-4cc7-47e4-e110-08d88b1b626b X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:08:20.6279 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Wl4x/oAkg7TyedZYAXb8gF0UTzm+/RsblmrJsL1NzlnhSLeZItt+dzMkf66rAMHuAaYjljqUMIVSzRRbV+FKLQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky Update the GHCB accessor functions to add functions for retrieve GHCB fields by name. Update existing code to use the new accessor functions. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/svm.h | 10 ++++++++++ arch/x86/kernel/cpu/vmware.c | 12 ++++++------ 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 71d630bb5e08..1edf24f51b53 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -379,6 +379,16 @@ struct vmcb { (unsigned long *)&ghcb->save.valid_bitmap); \ } \ \ + static inline u64 ghcb_get_##field(struct ghcb *ghcb) \ + { \ + return ghcb->save.field; \ + } \ + \ + static inline u64 ghcb_get_##field##_if_valid(struct ghcb *ghcb) \ + { \ + return ghcb_##field##_is_valid(ghcb) ? ghcb->save.field : 0; \ + } \ + \ static inline void ghcb_set_##field(struct ghcb *ghcb, u64 value) \ { \ __set_bit(GHCB_BITMAP_IDX(field), \ diff --git a/arch/x86/kernel/cpu/vmware.c b/arch/x86/kernel/cpu/vmware.c index 924571fe5864..c6ede3b3d302 100644 --- a/arch/x86/kernel/cpu/vmware.c +++ b/arch/x86/kernel/cpu/vmware.c @@ -501,12 +501,12 @@ static bool vmware_sev_es_hcall_finish(struct ghcb *ghcb, struct pt_regs *regs) ghcb_rbp_is_valid(ghcb))) return false; - regs->bx = ghcb->save.rbx; - regs->cx = ghcb->save.rcx; - regs->dx = ghcb->save.rdx; - regs->si = ghcb->save.rsi; - regs->di = ghcb->save.rdi; - regs->bp = ghcb->save.rbp; + regs->bx = ghcb_get_rbx(ghcb); + regs->cx = ghcb_get_rcx(ghcb); + regs->dx = ghcb_get_rdx(ghcb); + regs->si = ghcb_get_rsi(ghcb); + regs->di = ghcb_get_rdi(ghcb); + regs->bp = ghcb_get_rbp(ghcb); return true; } From patchwork Tue Nov 17 17:07:08 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912951 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E075C2D0E4 for ; Tue, 17 Nov 2020 17:09:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DEC1F22447 for ; Tue, 17 Nov 2020 17:09:19 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="HS1xKkbU" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728804AbgKQRIh (ORCPT ); Tue, 17 Nov 2020 12:08:37 -0500 Received: from mail-dm6nam12on2079.outbound.protection.outlook.com ([40.107.243.79]:33056 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728757AbgKQRIg (ORCPT ); Tue, 17 Nov 2020 12:08:36 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hlWQsssCb/5goir5Lf22gTNVJXYQSwTuIGnlh6/g5I5NQM6wFRDNAJBUXbez9F2gQj2HuxK7KtqHsOOqKdsvppmQkitwMe6mtOEbYa8T8WPXDdTPZ4Uk5yrwf6+MyD7Y1TDzg5YgoPVBYq2GsAKD4roItgSdgoBouAT7XCDB/7yg1Gyw7LBUeFZ2rkNIEwyPo5CzU+N9aK4gZ9Tj30NLI6CAaRjwdDxcxZEZ91qMyCxaIJjyjDc6v0zP4K522V8TaaR7SJ9ibPx9k5s4iyqqsXYNO1Yq2BXFF1jx9JETeOBKG2S968jr9G9cYXpl8kVDq4xyCha3hGUVEM/lmSx1vQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+cVWWZ+Zsb7dFNaDJwSWsv0iGJTAQ9J7NMOzwDEhREc=; b=WQzFa43gKcb01ayiNRQfnLl7PxqZvSqVPDzMX9id1UAsJ0B5Ax4A6K929AAYcwMtVMdV+Vx2y4hldNfEJiCRa2qLXvSaITjEOK9H9kWl1GoLRvRjvIkMBXtWw2xqkyqR4LvYXHL5Pv+yMRJ03FxYvMdbAU2VxII6VJLIEZBIulLBi7WpUbT7ICuiFHJxT/SyQVqOkQuNadnbfDYTubUCM94FrCnv+bSJuLL8nldwNgxvd71lB4u/cGJIMdEFAowCTty4WvLaTnyv9+vMMFl5SjSnw++/BOelmbcsRkCySo89ErdeQMMVfRB2xxfKUPovnptcwLYlMIdFm3twRqN0eg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+cVWWZ+Zsb7dFNaDJwSWsv0iGJTAQ9J7NMOzwDEhREc=; b=HS1xKkbUI2AOXFw1TR9KJmBtkQz64VzcbL9m/hTi/ERuEDaHj/+og5whoUt0MhFyIQMLnhOr4Naks39RCLNA5GcQGBarSZh6cSty1TbP7c+Ikb7euk2HSIkWD/T4tHFgk0kEytJTDwP+213vIjmKyzNqRvDdiClF3qoCQBgY1Q0= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:08:28 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:08:28 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh , kernel test robot Subject: [PATCH v4 05/34] KVM: SVM: Add support for the SEV-ES VMSA Date: Tue, 17 Nov 2020 11:07:08 -0600 Message-Id: <80990beb49ac45f15153d2278755c1c50ce5ba7f.1605632857.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM5PR2001CA0022.namprd20.prod.outlook.com (2603:10b6:4:16::32) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by DM5PR2001CA0022.namprd20.prod.outlook.com (2603:10b6:4:16::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.28 via Frontend Transport; Tue, 17 Nov 2020 17:08:27 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 4f5ae0f9-4077-4a3d-057a-08d88b1b6717 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ZRAsOvBr2JCk3EOcYHbfrY0CCfLKmt0k3+EZ+kF5HjKQrboxumgDg/HxKDknGhMQsA+xW7QFV8jNnl3hzRtO+iR8zlKoFEwySuuZyfw4cdR5LdpaYR3nNwMq71B3rrpUYa9ZB8SAlMpDpbVsbCOygM/qTkbLOp3FssHPatQpFKt1EwHZGLXtcgPV4Lo6GbgzAwK/ZY1dwf0GDd4fn/H8EccD9VxUqa8IyR3LyCIuCsA5iH6iHk9wy+DxDoxxOK3uZL3RSNbBLXOm+KVXLNnKMnW17c9N6WsqP1bPfWNWumVcK8bR5U0XHOkB/CP9mbS6IqzilcbXdESQiL18I70TxQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: 813u53sHo7F3whlsx1090X1HPzKGHHoI4Mus5vIXMiLYpDdzn96P2gXQa3ZZzUzIRqujA3bybvK96Ccrc1vhtG/aOImP5J+j6zaxqX12LpOB4QVcLFvLElc6WHXtduSJ8P0PXWrHA+q16mEJvcEua8zXIIALIV8b443gjWdgkGcWOGXzHiH/fqWtPozM6XSf6w616d8F0fC96gxyb5KvevqAoKYtroUqFIoaWMfonDAF5jq9PhEOUTQ6XoRLNSkR+ZIqtsCgjlVJFaqbv1WxKKQyAiMiF2DwPnpEmmMP4tvNgLAFxVVYZJ+3GvluuyKi/vHDn7LYZuqtRtrRVhjqVuacWomNgYaqmZIDLrrcKTdpXz/uaSMsWqGvt1Tu38W2Wc4dVpSNp4pBumTnoKCtNeKoPSMvMijp4qOuJNvSCIOd41Ku3SqbrhMLb0IT52a1avwPzo8CRVNqZ9XMoVKvdk4uUfHU4sxNl7lyzHTVTfWi5XBhh6BSBrqPIXNl1Rb5FxoFf0Zyal9fR6+AuH+xng1BUElyJjaaZfGEJ2K68kiXSuOYnPJGVboxUF4IYbE9gJZaAgcN41FTlCECKHDeSmY22ydpjuQxZhME7+Dk37vc77j5VsFL8QTkHLmzBkeuNwewf5J8JIFt/1nqTT8Bsg== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4f5ae0f9-4077-4a3d-057a-08d88b1b6717 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:08:28.4594 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 9L2rjoOD1cHKlw6Zno5b8Pkc9m+5FkEdtR31CsRaCRAq8XzBsOi8TQvHFuIt7HBpi5A54df6at+1zE7n26XYhQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky Allocate a page during vCPU creation to be used as the encrypted VM save area (VMSA) for the SEV-ES guest. Provide a flag in the kvm_vcpu_arch structure that indicates whether the guest state is protected. When freeing a VMSA page that has been encrypted, the cache contents must be flushed using the MSR_AMD64_VM_PAGE_FLUSH before freeing the page. [ i386 build warnings ] Reported-by: kernel test robot Signed-off-by: Tom Lendacky --- arch/x86/include/asm/kvm_host.h | 3 ++ arch/x86/kvm/svm/sev.c | 67 +++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 24 +++++++++++- arch/x86/kvm/svm/svm.h | 5 +++ 4 files changed, 97 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index d44858b69353..7776bb18e29d 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -804,6 +804,9 @@ struct kvm_vcpu_arch { */ bool enforce; } pv_cpuid; + + /* Protected Guests */ + bool guest_state_protected; }; struct kvm_lpage_info { diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 9bf5e9dadff5..fb4a411f7550 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -14,6 +14,7 @@ #include #include #include +#include #include "x86.h" #include "svm.h" @@ -1190,6 +1191,72 @@ void sev_hardware_teardown(void) sev_flush_asids(); } +/* + * Pages used by hardware to hold guest encrypted state must be flushed before + * returning them to the system. + */ +static void sev_flush_guest_memory(struct vcpu_svm *svm, void *va, + unsigned long len) +{ + /* + * If hardware enforced cache coherency for encrypted mappings of the + * same physical page is supported, nothing to do. + */ + if (boot_cpu_has(X86_FEATURE_SME_COHERENT)) + return; + + /* + * If the VM Page Flush MSR is supported, use it to flush the page + * (using the page virtual address and the guest ASID). + */ + if (boot_cpu_has(X86_FEATURE_VM_PAGE_FLUSH)) { + struct kvm_sev_info *sev; + unsigned long va_start; + u64 start, stop; + + /* Align start and stop to page boundaries. */ + va_start = (unsigned long)va; + start = (u64)va_start & PAGE_MASK; + stop = PAGE_ALIGN((u64)va_start + len); + + if (start < stop) { + sev = &to_kvm_svm(svm->vcpu.kvm)->sev_info; + + while (start < stop) { + wrmsrl(MSR_AMD64_VM_PAGE_FLUSH, + start | sev->asid); + + start += PAGE_SIZE; + } + + return; + } + + WARN(1, "Address overflow, using WBINVD\n"); + } + + /* + * Hardware should always have one of the above features, + * but if not, use WBINVD and issue a warning. + */ + WARN_ONCE(1, "Using WBINVD to flush guest memory\n"); + wbinvd_on_all_cpus(); +} + +void sev_free_vcpu(struct kvm_vcpu *vcpu) +{ + struct vcpu_svm *svm; + + if (!sev_es_guest(vcpu->kvm)) + return; + + svm = to_svm(vcpu); + + if (vcpu->arch.guest_state_protected) + sev_flush_guest_memory(svm, svm->vmsa, PAGE_SIZE); + __free_page(virt_to_page(svm->vmsa)); +} + void pre_sev_run(struct vcpu_svm *svm, int cpu) { struct svm_cpu_data *sd = per_cpu(svm_data, cpu); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index a3198b65f431..d45b2dc5cabe 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1288,6 +1288,7 @@ static int svm_create_vcpu(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm; struct page *vmcb_page; + struct page *vmsa_page = NULL; int err; BUILD_BUG_ON(offsetof(struct vcpu_svm, vcpu) != 0); @@ -1298,9 +1299,19 @@ static int svm_create_vcpu(struct kvm_vcpu *vcpu) if (!vmcb_page) goto out; + if (sev_es_guest(svm->vcpu.kvm)) { + /* + * SEV-ES guests require a separate VMSA page used to contain + * the encrypted register state of the guest. + */ + vmsa_page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); + if (!vmsa_page) + goto error_free_vmcb_page; + } + err = avic_init_vcpu(svm); if (err) - goto error_free_vmcb_page; + goto error_free_vmsa_page; /* We initialize this flag to true to make sure that the is_running * bit would be set the first time the vcpu is loaded. @@ -1310,12 +1321,16 @@ static int svm_create_vcpu(struct kvm_vcpu *vcpu) svm->msrpm = svm_vcpu_alloc_msrpm(); if (!svm->msrpm) - goto error_free_vmcb_page; + goto error_free_vmsa_page; svm_vcpu_init_msrpm(vcpu, svm->msrpm); svm->vmcb = page_address(vmcb_page); svm->vmcb_pa = __sme_set(page_to_pfn(vmcb_page) << PAGE_SHIFT); + + if (vmsa_page) + svm->vmsa = page_address(vmsa_page); + svm->asid_generation = 0; init_vmcb(svm); @@ -1324,6 +1339,9 @@ static int svm_create_vcpu(struct kvm_vcpu *vcpu) return 0; +error_free_vmsa_page: + if (vmsa_page) + __free_page(vmsa_page); error_free_vmcb_page: __free_page(vmcb_page); out: @@ -1351,6 +1369,8 @@ static void svm_free_vcpu(struct kvm_vcpu *vcpu) svm_free_nested(svm); + sev_free_vcpu(vcpu); + __free_page(pfn_to_page(__sme_clr(svm->vmcb_pa) >> PAGE_SHIFT)); __free_pages(virt_to_page(svm->msrpm), MSRPM_ALLOC_ORDER); } diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index af9e5910817c..8f0a3ed0d790 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -167,6 +167,10 @@ struct vcpu_svm { DECLARE_BITMAP(read, MAX_DIRECT_ACCESS_MSRS); DECLARE_BITMAP(write, MAX_DIRECT_ACCESS_MSRS); } shadow_msr_intercept; + + /* SEV-ES support */ + struct vmcb_save_area *vmsa; + struct ghcb *ghcb; }; struct svm_cpu_data { @@ -512,5 +516,6 @@ int svm_unregister_enc_region(struct kvm *kvm, void pre_sev_run(struct vcpu_svm *svm, int cpu); void __init sev_hardware_setup(void); void sev_hardware_teardown(void); +void sev_free_vcpu(struct kvm_vcpu *vcpu); #endif From patchwork Tue Nov 17 17:07:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912963 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CD408C2D0E4 for ; Tue, 17 Nov 2020 17:09:22 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 759D722447 for ; Tue, 17 Nov 2020 17:09:20 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="F5mDKM80" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728400AbgKQRIn (ORCPT ); Tue, 17 Nov 2020 12:08:43 -0500 Received: from mail-dm6nam12on2057.outbound.protection.outlook.com ([40.107.243.57]:23521 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728754AbgKQRIm (ORCPT ); Tue, 17 Nov 2020 12:08:42 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=latRbGd3lgdUdOMzszcueMjvKUztLbSQTFjBBAV7qBeHIRveHoyoVgzwcCN76rCAfHtTPYG7cuLZFkgVSE6elh1sixW0hV6QBBC/JW+BCWtNaKnGv3MfEKJaO+IL+QQ8jI2CP+Yn5+ztVsSijjspmfGVfHFJwesZjWqTD5E2k1daIce2eajufoLfEAYK4aM0z7lglRR31Nr4KaZ09mrodWz8MQ6gV2jSGgrd+/agYQspiOUADmMlaCZxf4zeFsGRVB1ZJxW0y/9vIS/8FLrPv0jBalsMxlftFPCCFrZ7T3wMMgKYA2d+qvpLWpl7yLpyORNvp+5WlHxK4C6ElCG/TQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rNpGrI8E+zoQzAPMKkV6Q6EDhfv6bqXT4aefVvOLq8Y=; b=PWNKRONfyRf8ZPox8zxLVmKZVmMtq2pMzmT+TFyQl7hHVq2Y+NbFM2yz6IYxo4cTXo+jTRRXE/slCJKhYHJi0jI+BTnBhoDxspj4U4Mjq1/GxVXzh6d6l0oInkgdbHKG2z1YptTUD/jIV7AcssvazTEQVlIfRvumXVZfE1jXXwjAZAa1yX5Bfy0tvjd4hd/N70J+X+3OaHRY3TepmUbleiFD6zZgmCxGlLm3Qh+ERuTPkd1p0G6EmAvo/8BAI03MlMKKtilGcX4opYWqtuyqyXbwM3MJ660eL2h0O6VfV9fupBRPL7gzvt+BDTJZ4B4Nj4wPtHVZOEZR+8jUNGPu/g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rNpGrI8E+zoQzAPMKkV6Q6EDhfv6bqXT4aefVvOLq8Y=; b=F5mDKM80c8SG9+D/U50l356u08UNdJCFkqjpDKxJW5ZRrnqRZtgdGPpBWweG2I0dn8uTVyrRwg2j4TgW8HihE1/CkIuh07KIxN7tI1pdtNP8Mq82xaGvV1+6ohqXRR7NNBOIacUvL4tfjtq38dSMoJ+bj9uh+R1OJXoJso/1Y7Y= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:08:36 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:08:36 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 06/34] KVM: x86: Mark GPRs dirty when written Date: Tue, 17 Nov 2020 11:07:09 -0600 Message-Id: <19e72c9b1a02ca43aef7a359e296646ba8130809.1605632857.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM6PR13CA0022.namprd13.prod.outlook.com (2603:10b6:5:bc::35) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by DM6PR13CA0022.namprd13.prod.outlook.com (2603:10b6:5:bc::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.15 via Frontend Transport; Tue, 17 Nov 2020 17:08:35 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 4b9249ee-7f77-4dae-b732-08d88b1b6b82 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3173; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: nz2LFaKgg+z5NlsXz7rIbVpYH0wLr24Y0aq0VvJqRKWSgwHC2Srfc+RYtz+HKh1rkB9KNnnJKlxtKBQvsiwKt3KLUj3COivwXIaw/Rv17M9aMc9XINAoWMDvURha2/ja0IDnTLABi7gWu04xI0sG8Rm2w1/8I6unX010WgYdY4imGRmZPok9av8+DQejgioQGDC3A7Ca4tBblQdge4ybqadNWojhUxSmP2xvcfppik2z0g6vyhrj5NGRS88e7S8/Fggno4nx+lPK0/BZHmIJYGF5k1vblT4U4bsXMAVcu/uRCc0mIuihxWhN1W3WE1h0d+CB3KRPeb0GgCNAMK/dQWTQQ/zcvxThbIqPemjsG8di6GaQsXqX+r9L1JFSpTPq X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002)(14143004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: aks/LRHLG3V1z6c6KjblZUvgQuGnhdu/FMEbn7ckDezyCpWBwws2U78xD5IZfB4+1W9lzsmxdbsa03mxfp8lnmiLqtCvV//iBUiUAuq+mXcU5tsxt6gzMr9oZeqMdYuBtGkCjzsgcF1+wTsGgA1f/bPsKqVYYc4BsqwRr6q0ejYalo+8GgDIQrr04+3Et9jDstXM+Rdui01wITzCbVkGW5gqR9oMucOMEU1H5vdJgATLrxgluYYSvhe0ds0Cw9vfSRigNd41nRWyLfuTJ79IK7noGqkR+zipkbbWqwupeKUGTPPMBUz3C0pRoGyuCi2euMjJuVaYt9iTztvKI7lenCzUcqJiYzKZfsnoKtT/gEnOLhpQNXcc7ycnz7HnzHXvMj5GdudiCRY8yt8iTFHXmchp7PCUsMgOhF4/SXceC9uSiNAs0inJMzQMm+lhsoWNKV3gISuIh7+rL3axGvWXwG6ljo+Rve/6lJsmD+C82UBvy2Xun5ldYWtGhja0cr9XEAOjiV0mSyQ7CRcooASKEikk1Sc69T5ZTjZ7pt3P8Dzhdw+t/XGPWPMYaNAkLtXc2/2oJe1JfGUhTsx9k0ZJzAbLGne+kxHxuO1MR6TXl5XEde0PgLYiJU17ohsdh89vXaNc7v4fV+nzs54eudTI6Q== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4b9249ee-7f77-4dae-b732-08d88b1b6b82 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:08:35.9571 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: n7PV+iDp8QXe1n3GVSdU4HVxv6sm+zfyz/I9kGkeAqJO9Xe3wjtEHckZX8WRBY7XgGPLhFCo42yBKUH4HEMy+g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky When performing VMGEXIT processing for an SEV-ES guest, register values will be synced between KVM and the GHCB. Prepare for detecting when a GPR has been updated (marked dirty) in order to determine whether to sync the register to the GHCB. Signed-off-by: Tom Lendacky --- arch/x86/kvm/kvm_cache_regs.h | 51 ++++++++++++++++++----------------- 1 file changed, 26 insertions(+), 25 deletions(-) diff --git a/arch/x86/kvm/kvm_cache_regs.h b/arch/x86/kvm/kvm_cache_regs.h index a889563ad02d..f15bc16de07c 100644 --- a/arch/x86/kvm/kvm_cache_regs.h +++ b/arch/x86/kvm/kvm_cache_regs.h @@ -9,6 +9,31 @@ (X86_CR4_PVI | X86_CR4_DE | X86_CR4_PCE | X86_CR4_OSFXSR \ | X86_CR4_OSXMMEXCPT | X86_CR4_PGE | X86_CR4_TSD | X86_CR4_FSGSBASE) +static inline bool kvm_register_is_available(struct kvm_vcpu *vcpu, + enum kvm_reg reg) +{ + return test_bit(reg, (unsigned long *)&vcpu->arch.regs_avail); +} + +static inline bool kvm_register_is_dirty(struct kvm_vcpu *vcpu, + enum kvm_reg reg) +{ + return test_bit(reg, (unsigned long *)&vcpu->arch.regs_dirty); +} + +static inline void kvm_register_mark_available(struct kvm_vcpu *vcpu, + enum kvm_reg reg) +{ + __set_bit(reg, (unsigned long *)&vcpu->arch.regs_avail); +} + +static inline void kvm_register_mark_dirty(struct kvm_vcpu *vcpu, + enum kvm_reg reg) +{ + __set_bit(reg, (unsigned long *)&vcpu->arch.regs_avail); + __set_bit(reg, (unsigned long *)&vcpu->arch.regs_dirty); +} + #define BUILD_KVM_GPR_ACCESSORS(lname, uname) \ static __always_inline unsigned long kvm_##lname##_read(struct kvm_vcpu *vcpu)\ { \ @@ -18,6 +43,7 @@ static __always_inline void kvm_##lname##_write(struct kvm_vcpu *vcpu, \ unsigned long val) \ { \ vcpu->arch.regs[VCPU_REGS_##uname] = val; \ + kvm_register_mark_dirty(vcpu, VCPU_REGS_##uname); \ } BUILD_KVM_GPR_ACCESSORS(rax, RAX) BUILD_KVM_GPR_ACCESSORS(rbx, RBX) @@ -37,31 +63,6 @@ BUILD_KVM_GPR_ACCESSORS(r14, R14) BUILD_KVM_GPR_ACCESSORS(r15, R15) #endif -static inline bool kvm_register_is_available(struct kvm_vcpu *vcpu, - enum kvm_reg reg) -{ - return test_bit(reg, (unsigned long *)&vcpu->arch.regs_avail); -} - -static inline bool kvm_register_is_dirty(struct kvm_vcpu *vcpu, - enum kvm_reg reg) -{ - return test_bit(reg, (unsigned long *)&vcpu->arch.regs_dirty); -} - -static inline void kvm_register_mark_available(struct kvm_vcpu *vcpu, - enum kvm_reg reg) -{ - __set_bit(reg, (unsigned long *)&vcpu->arch.regs_avail); -} - -static inline void kvm_register_mark_dirty(struct kvm_vcpu *vcpu, - enum kvm_reg reg) -{ - __set_bit(reg, (unsigned long *)&vcpu->arch.regs_avail); - __set_bit(reg, (unsigned long *)&vcpu->arch.regs_dirty); -} - static inline unsigned long kvm_register_read(struct kvm_vcpu *vcpu, int reg) { if (WARN_ON_ONCE((unsigned int)reg >= NR_VCPU_REGS)) From patchwork Tue Nov 17 17:07:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912969 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0E442C63697 for ; Tue, 17 Nov 2020 17:09:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id AC9EB24654 for ; Tue, 17 Nov 2020 17:09:22 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="lGXqpotZ" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728440AbgKQRIw (ORCPT ); Tue, 17 Nov 2020 12:08:52 -0500 Received: from mail-dm6nam11on2068.outbound.protection.outlook.com ([40.107.223.68]:24897 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727413AbgKQRIv (ORCPT ); Tue, 17 Nov 2020 12:08:51 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hutrcnryru7O6H6/zNqlx+LNI3WXXRm4fruAEaNQM0g3fTDsG6NrZvEFUav7HwIY+J00bdb76Hs6Q0fTsyRKcfJxNYO6JDcPuMfqOuTSaKQqOCNFPq1jKlupTcxoWGgy9J37M7BuwPy/9PudbpNN13f/tDHt5y/IOtiU5eIVlgDNbwzPpVWeQ8MhZUZ0JJ864iqI+uC6V/zWDVCIGJVqmz75o9J6VBz0iDDwbH8vjGM9Z/ufbiyxTgqg/zCN+SN7xVqU1PnAj7r6sWxRopc7nFJCy3+L7k/uRj1rEg3N/EN7e9YM/wQYIZEZbedNKdZSvWyGWfS+GImeTKlEDEnOIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9LYxUv95Wv7fCTQWpSrdTT6dtuinvzUijgNCJCuTA/w=; b=Wm1bwyixckfqllSmoL9KL/yTHDO3pHI4TimSpxJvm2QgOB5WGp8kTuJHVDRIGXRG/3MrzDJ85nL0VCl0Kpx6lyLAMh5tpFILXWC9CvcpL/VxOlBfUAVQhoWN9d4lTVF4A4HoF34rv262fhNK4wqSQZhQ+SrAxkzyhi45DX/YfX1gYFriA7LXfN4qTDV0c4kzte1KrSNERYLTFS7foGEVxoaAre7CSe3hd6ARNyO7l6MQyZv2XraF6zApyQT/evDPGW8xA1lLdV5AM+2e5EAILLJhwDhwx7iEqJh3oRn8mSLHzQpewt8F/qezucAd3W1Q6wlNCEA/gUQxTLwBpHdAFQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9LYxUv95Wv7fCTQWpSrdTT6dtuinvzUijgNCJCuTA/w=; b=lGXqpotZvHgxmRLEdJY+r0tlPkD5nlFZHwv/ZNcwW+zMUf+mWl2z7Xytxz42zz7txiWMIEtX0LPK6lXkNyoADf4+IWnKD9F9pSToTUUzkPhp2XVkcSy+lWz8RqL099TcWKjs0XfPeKfQURe6HZkyrLH21jDIP3VEyrNGdivhFYo= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:08:43 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:08:43 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 07/34] KVM: SVM: Add required changes to support intercepts under SEV-ES Date: Tue, 17 Nov 2020 11:07:10 -0600 Message-Id: <562864056654085dd1e12ebb07f513e7d12f8ce0.1605632857.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM5PR19CA0006.namprd19.prod.outlook.com (2603:10b6:3:151::16) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by DM5PR19CA0006.namprd19.prod.outlook.com (2603:10b6:3:151::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.20 via Frontend Transport; Tue, 17 Nov 2020 17:08:42 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 09ff8999-4d3e-44eb-a0aa-08d88b1b7001 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: U5EmcRTB5zhzrjm8OprJ9IU1mlLAXSHZE591Fsr8vLdcJoV34Bdn4613aDEb286u0ycYCE8fg84Q3Tw1tRPvMXvyuFGijKDHNxt4N2Ga+hSHJN9xDTHbRKxfp91juAFehKOUVg8DoIpYCTp+FAV20armr7L4DaUbTgSBcvYXfz1nb1MgsVJA4WBoObgZe2wljBG10XZoHTqbP7ngxsOGnpLz/i55RKY+FW+KVUNE4uYzeNtqIpozTIoV0ZM7keVkdhQUMyFLDSgymKo+oVtrNufsW07Brqf/uMxVNmQyB6pDoeKi8pR87FKHAkgpkk1QIjLv9ey9pP74Xc9U7pQ9Lw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: ekE0CSuL0Xju2+3BXQCcM84rp1E4kXHa3leRtbaLO0KcddbH1gf6FgznqoicmEMxFfUxczAp8L/3cHvntXaUIzelFXkdrMZXLtChfXcPGpO9jkL63cYVVDH0H0s7MX3PBFEYEXbF98+OwS1f11nb+NaNrYflAuoTV8/JGBZdBYhIfEdTWvYJHKInVoWnEd735RrQ7DYRyxsc7D6LZ9hR1wIA9cE00Jb78EW2tUiVqlNszKvk6stvLPrBRrDZ6ny0CtaiFMU2FZpXDLzXQhDKYXiorPahyHnWZDDVFx675KKGt76MjCXCa1P2Y0KKbySTD4lVnFhoLff9Liab/5fMPy98iJxlP6rvlIwBkUNqvklBy3Xy9WQtRiQD2xeOF+7NQC7k22/nwiU3flls9QPmS96/Rl4XKmA5DU6/2uRkxX37WmvYxEnoU4MpsKYr+zKApLg38OFCxbh6bH7t9ALJdn+fXid0n18xQQreLwU2xDXC0R0qqNs8TMMirM/wK4Fq2TS7oPZsCwuY89VK+asVWifHtjFIWLY8xFwk+znJxmqlDUK3HTbNsU9I8U7dBAa+/jv8pQVByIRr5IFui7yGJ4c/TrNH5xkL8m2EEjlpoxomg9MAeSG+GgsCXoB5ri/79X2D14VQR6guEhAPBYbpeg== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 09ff8999-4d3e-44eb-a0aa-08d88b1b7001 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:08:43.5776 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: D31D43sWcoqkm3c/9LOW1ssoS4LiklRDhujPSd8s2Tq9kww1/JPFssZL7oTPr0ksIMPnUG6ydFMkJbC4KkQl9A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky When a guest is running under SEV-ES, the hypervisor cannot access the guest register state. There are numerous places in the KVM code where certain registers are accessed that are not allowed to be accessed (e.g. RIP, CR0, etc). Add checks to prevent register accesses and add intercept update support at various points within the KVM code. Also, when handling a VMGEXIT, exceptions are passed back through the GHCB. Since the RDMSR/WRMSR intercepts (may) inject a #GP on error, update the SVM intercepts to handle this for SEV-ES guests. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/svm.h | 3 +- arch/x86/kvm/svm/svm.c | 111 +++++++++++++++++++++++++++++++++---- arch/x86/kvm/x86.c | 6 +- 3 files changed, 107 insertions(+), 13 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 1edf24f51b53..bce28482d63d 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -178,7 +178,8 @@ struct __attribute__ ((__packed__)) vmcb_control_area { #define LBR_CTL_ENABLE_MASK BIT_ULL(0) #define VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK BIT_ULL(1) -#define SVM_INTERRUPT_SHADOW_MASK 1 +#define SVM_INTERRUPT_SHADOW_MASK BIT_ULL(0) +#define SVM_GUEST_INTERRUPT_MASK BIT_ULL(1) #define SVM_IOIO_STR_SHIFT 2 #define SVM_IOIO_REP_SHIFT 3 diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index d45b2dc5cabe..9a3d57ed997f 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -36,6 +36,7 @@ #include #include #include +#include #include #include "trace.h" @@ -340,6 +341,13 @@ static int skip_emulated_instruction(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); + /* + * SEV-ES does not expose the next RIP. The RIP update is controlled by + * the type of exit and the #VC handler in the guest. + */ + if (sev_es_guest(vcpu->kvm)) + goto done; + if (nrips && svm->vmcb->control.next_rip != 0) { WARN_ON_ONCE(!static_cpu_has(X86_FEATURE_NRIPS)); svm->next_rip = svm->vmcb->control.next_rip; @@ -351,6 +359,8 @@ static int skip_emulated_instruction(struct kvm_vcpu *vcpu) } else { kvm_rip_write(vcpu, svm->next_rip); } + +done: svm_set_interrupt_shadow(vcpu, 0); return 1; @@ -1651,9 +1661,18 @@ static void svm_set_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt) static void update_cr0_intercept(struct vcpu_svm *svm) { - ulong gcr0 = svm->vcpu.arch.cr0; - u64 *hcr0 = &svm->vmcb->save.cr0; + ulong gcr0; + u64 *hcr0; + + /* + * SEV-ES guests must always keep the CR intercepts cleared. CR + * tracking is done using the CR write traps. + */ + if (sev_es_guest(svm->vcpu.kvm)) + return; + gcr0 = svm->vcpu.arch.cr0; + hcr0 = &svm->vmcb->save.cr0; *hcr0 = (*hcr0 & ~SVM_CR0_SELECTIVE_MASK) | (gcr0 & SVM_CR0_SELECTIVE_MASK); @@ -1673,7 +1692,7 @@ void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0) struct vcpu_svm *svm = to_svm(vcpu); #ifdef CONFIG_X86_64 - if (vcpu->arch.efer & EFER_LME) { + if (vcpu->arch.efer & EFER_LME && !vcpu->arch.guest_state_protected) { if (!is_paging(vcpu) && (cr0 & X86_CR0_PG)) { vcpu->arch.efer |= EFER_LMA; svm->vmcb->save.efer |= EFER_LMA | EFER_LME; @@ -2604,7 +2623,29 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) static int rdmsr_interception(struct vcpu_svm *svm) { - return kvm_emulate_rdmsr(&svm->vcpu); + u32 ecx; + u64 data; + + if (!sev_es_guest(svm->vcpu.kvm)) + return kvm_emulate_rdmsr(&svm->vcpu); + + ecx = kvm_rcx_read(&svm->vcpu); + if (kvm_get_msr(&svm->vcpu, ecx, &data)) { + trace_kvm_msr_read_ex(ecx); + ghcb_set_sw_exit_info_1(svm->ghcb, 1); + ghcb_set_sw_exit_info_2(svm->ghcb, + X86_TRAP_GP | + SVM_EVTINJ_TYPE_EXEPT | + SVM_EVTINJ_VALID); + return 1; + } + + trace_kvm_msr_read(ecx, data); + + kvm_rax_write(&svm->vcpu, data & -1u); + kvm_rdx_write(&svm->vcpu, (data >> 32) & -1u); + + return kvm_skip_emulated_instruction(&svm->vcpu); } static int svm_set_vm_cr(struct kvm_vcpu *vcpu, u64 data) @@ -2793,7 +2834,27 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) static int wrmsr_interception(struct vcpu_svm *svm) { - return kvm_emulate_wrmsr(&svm->vcpu); + u32 ecx; + u64 data; + + if (!sev_es_guest(svm->vcpu.kvm)) + return kvm_emulate_wrmsr(&svm->vcpu); + + ecx = kvm_rcx_read(&svm->vcpu); + data = kvm_read_edx_eax(&svm->vcpu); + if (kvm_set_msr(&svm->vcpu, ecx, data)) { + trace_kvm_msr_write_ex(ecx, data); + ghcb_set_sw_exit_info_1(svm->ghcb, 1); + ghcb_set_sw_exit_info_2(svm->ghcb, + X86_TRAP_GP | + SVM_EVTINJ_TYPE_EXEPT | + SVM_EVTINJ_VALID); + return 1; + } + + trace_kvm_msr_write(ecx, data); + + return kvm_skip_emulated_instruction(&svm->vcpu); } static int msr_interception(struct vcpu_svm *svm) @@ -2823,7 +2884,14 @@ static int interrupt_window_interception(struct vcpu_svm *svm) static int pause_interception(struct vcpu_svm *svm) { struct kvm_vcpu *vcpu = &svm->vcpu; - bool in_kernel = (svm_get_cpl(vcpu) == 0); + bool in_kernel; + + /* + * CPL is not made available for an SEV-ES guest, so just set in_kernel + * to true. + */ + in_kernel = (sev_es_guest(svm->vcpu.kvm)) ? true + : (svm_get_cpl(vcpu) == 0); if (!kvm_pause_in_guest(vcpu->kvm)) grow_ple_window(vcpu); @@ -3086,10 +3154,13 @@ static int handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath) trace_kvm_exit(exit_code, vcpu, KVM_ISA_SVM); - if (!svm_is_intercept(svm, INTERCEPT_CR0_WRITE)) - vcpu->arch.cr0 = svm->vmcb->save.cr0; - if (npt_enabled) - vcpu->arch.cr3 = svm->vmcb->save.cr3; + /* SEV-ES guests must use the CR write traps to track CR registers. */ + if (!sev_es_guest(vcpu->kvm)) { + if (!svm_is_intercept(svm, INTERCEPT_CR0_WRITE)) + vcpu->arch.cr0 = svm->vmcb->save.cr0; + if (npt_enabled) + vcpu->arch.cr3 = svm->vmcb->save.cr3; + } if (is_guest_mode(vcpu)) { int vmexit; @@ -3201,6 +3272,13 @@ static void update_cr8_intercept(struct kvm_vcpu *vcpu, int tpr, int irr) { struct vcpu_svm *svm = to_svm(vcpu); + /* + * SEV-ES guests must always keep the CR intercepts cleared. CR + * tracking is done using the CR write traps. + */ + if (sev_es_guest(vcpu->kvm)) + return; + if (nested_svm_virtualize_tpr(vcpu)) return; @@ -3269,6 +3347,13 @@ bool svm_interrupt_blocked(struct kvm_vcpu *vcpu) struct vcpu_svm *svm = to_svm(vcpu); struct vmcb *vmcb = svm->vmcb; + /* + * SEV-ES guests to not expose RFLAGS. Use the VMCB interrupt mask + * bit to determine the state of the IF flag. + */ + if (sev_es_guest(svm->vcpu.kvm)) + return !(vmcb->control.int_state & SVM_GUEST_INTERRUPT_MASK); + if (!gif_set(svm)) return true; @@ -3454,6 +3539,12 @@ static void svm_complete_interrupts(struct vcpu_svm *svm) svm->vcpu.arch.nmi_injected = true; break; case SVM_EXITINTINFO_TYPE_EXEPT: + /* + * Never re-inject a #VC exception. + */ + if (vector == X86_TRAP_VC) + break; + /* * In case of software exceptions, do not reinject the vector, * but re-execute the instruction instead. Rewind RIP first diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 447edc0d1d5a..3aafbd2540be 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -3997,7 +3997,7 @@ void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu) { int idx; - if (vcpu->preempted) + if (vcpu->preempted && !vcpu->arch.guest_state_protected) vcpu->arch.preempted_in_kernel = !kvm_x86_ops.get_cpl(vcpu); /* @@ -8156,7 +8156,9 @@ static void post_kvm_run_save(struct kvm_vcpu *vcpu) { struct kvm_run *kvm_run = vcpu->run; - kvm_run->if_flag = (kvm_get_rflags(vcpu) & X86_EFLAGS_IF) != 0; + kvm_run->if_flag = (vcpu->arch.guest_state_protected) + ? kvm_arch_interrupt_allowed(vcpu) + : (kvm_get_rflags(vcpu) & X86_EFLAGS_IF) != 0; kvm_run->flags = is_smm(vcpu) ? KVM_RUN_X86_SMM : 0; kvm_run->cr8 = kvm_get_cr8(vcpu); kvm_run->apic_base = kvm_get_apic_base(vcpu); From patchwork Tue Nov 17 17:07:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912971 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C8700C6379F for ; Tue, 17 Nov 2020 17:09:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6550D22447 for ; Tue, 17 Nov 2020 17:09:23 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="xVhUOSVO" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728506AbgKQRI5 (ORCPT ); Tue, 17 Nov 2020 12:08:57 -0500 Received: from mail-dm6nam11on2052.outbound.protection.outlook.com ([40.107.223.52]:19136 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728487AbgKQRI4 (ORCPT ); Tue, 17 Nov 2020 12:08:56 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MxWK0M6WK7elXd6ZThcqyTRcI892/PO5uMFQTn1WdnzSNyZJ1J2s2G9dxBwuqUX8LSaXayS3MpL9CGdju36emaoEpodO+A/Fy2W7m9OdbagdcAu3sHm0vFtdp68lmu93bp82OHIB/O/N6Wfs/nw2L69lfadQciO/HzjCIZlN3M2DJL+cibF87NETAZhMsKGjsfdKyBhDGNIKZX6Qfw35vH7Z+59qvcs6M5OHjTNOfWZBpGinjxPrxAtNX214Req70B6OR8Zv/5w0qo1Myr+nd0nyR2wB/6bkXPeiiRWsaqMExGcUSYIRhf65I4VpK60qQ+eSoaJPOS4VQUtaaJ/xAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Pz6XKK5knHG3n+HFC+WTUWLA+DRNa2OYCXiU9WPJ3EU=; b=bGF7M0ohnu3fXX19waYvWCYWMgSABELSLGsLl0Wl8XnY1fU7do6vr3pSPDi08/2vKEd5+QFrP7XPlqXluNjaYVgomUpmutOGryZIhb8w/J4h+8atrACjqxNMZVeYq/dbA4O4rRPQ2lAWSjcjVD2Ur9wGLno7vd02XoARbc4P6n7EbiJpOs6x22pkReAzraBSUSVk1pCf7unFYCTz9C5ifvxnzcsID91+B+l9WFYyg33v6nRN5nbIQiLKHxEwvJpvid7gA7WagFoq6YpUAYvtB/Ws+r0IX3KLFUTZL42mTdZes7sNSTcX8p9go7WfgccQSTEyOLTo/lEofD1t1g0/uA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Pz6XKK5knHG3n+HFC+WTUWLA+DRNa2OYCXiU9WPJ3EU=; b=xVhUOSVOrknXFZGLh6BJLKoS/KXFXZ8kXcw5qtn2ITRZbJeA/jtw4JxqTfG2yXrCanvUP+IxyOlK3li9+nDdEE5dVRTgOhwP9qNYuA0Az8J9Ay5jycG9QFRbk5yRBUHPTosCL0uv/kCqfZdLv9VDEBQltEe0Jkmo3K24hMTX6II= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:08:51 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:08:51 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 08/34] KVM: SVM: Prevent debugging under SEV-ES Date: Tue, 17 Nov 2020 11:07:11 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM6PR14CA0054.namprd14.prod.outlook.com (2603:10b6:5:18f::31) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by DM6PR14CA0054.namprd14.prod.outlook.com (2603:10b6:5:18f::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.20 via Frontend Transport; Tue, 17 Nov 2020 17:08:50 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: de351532-4d12-4cef-3f1d-08d88b1b74a2 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1002; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: nnpHNu1hv9ikOrELYOI8/Z2TXlUXJxr27TW1Joqlem4dAyZu1F7e1DpsMGVkNy6RKtacr62h3wc5IE82ZfNQAhK1oKNQUqQAu8yJVytlLbvKdxdGP5KhLcmuAT0EmMjqn7Z9D+lLtmb21XhXM50PYJxcaQpivv/aItVbE3rixKs5UEztIff9D1RuDsmYOS4widyO4t/xM5G/4sXJNuObsxUW0SmngSrCouJFPy9AYXWTGebP+hn9mCH4DGSJqDUTYdox0Tk+AmPN04+6ABDSdMQDtYKUqMHkX+jdUgyripXBYncFBZif2eQOSPIP6Kq4N10otONpYLb3kZx5BqpRhQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: DZZOSluKAEUJvS/JxzJpWbPZq01JWr0WTjTcq/fOMhyqw1lRCdZeB/OTzTwTrMWx2BQ8zxrk56uZOM7G8MOBeucROnM6pV7vk7Bon+KpzVt2KYgwreIpXSSxf9GyiZMP7qf9uxt0e6+0B2stz59SAlcw/gZBsuOppS+Vr12FNShUraqepGanf11yaVmmenrH/ZX7jcyXmdv8cwVy3YtLYnJc/ODtRtEuN7qdQb8yZYYugQbvWzYWgemNoMtxNKoK9aNM02DHDt0J9J83UXwRrGYAqffiI6bBzAgzT0U67nVW81D0NC20N803OeBL/0k7zF2lEh0sezzuBsGnHtLcjN7kLXk6+ggOYWFK8CvPG2/0OKV1k8ogtchcF4+fRcEXHqJcpHY6x2nd3tvwaRddZ/xG0AE6G2PdqnRXE9bvKa+RQNXg/WcIP+CammlbMLCu3UxCtHaupzN6KX41N6HqcvjVyZFpADsItRqS0QISkHcpXnWJbdDoW7ixX5Tf5TeBAVYbwXMYmcTVEZZRKFX6H60a+rxDbdcTefLysVNZmpTQ7Yhw7KFBTpV+XxEv3+d1Rwf4Cql3UbbIGrqm2vkzVxJmY/eYIUsDSjJ/DSXLQC/sZdzRVA9j8kZxK/QN3ZjrTRGjsBrwRQ+Lk+JlCVUUuw== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: de351532-4d12-4cef-3f1d-08d88b1b74a2 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:08:51.1992 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: UCueKn2sYpsl87ojK4rZxDplu4DLI4wqlXSmeH++u2+bnK+8tvky8bpf+jFm+ySdCJXwoqJ7BIqqe+ZYgZtdsg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky Since the guest register state of an SEV-ES guest is encrypted, debugging is not supported. Update the code to prevent guest debugging when the guest has protected state. Additionally, an SEV-ES guest must only and always intercept DR7 reads and writes. Update set_dr_intercepts() and clr_dr_intercepts() to account for this. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/svm.c | 9 +++++ arch/x86/kvm/svm/svm.h | 81 +++++++++++++++++++++++------------------- arch/x86/kvm/x86.c | 3 ++ 3 files changed, 57 insertions(+), 36 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 9a3d57ed997f..7f805cd5bbe7 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1802,6 +1802,9 @@ static void svm_set_dr6(struct vcpu_svm *svm, unsigned long value) { struct vmcb *vmcb = svm->vmcb; + if (svm->vcpu.arch.guest_state_protected) + return; + if (unlikely(value != vmcb->save.dr6)) { vmcb->save.dr6 = value; vmcb_mark_dirty(vmcb, VMCB_DR); @@ -1812,6 +1815,9 @@ static void svm_sync_dirty_debug_regs(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); + if (vcpu->arch.guest_state_protected) + return; + get_debugreg(vcpu->arch.db[0], 0); get_debugreg(vcpu->arch.db[1], 1); get_debugreg(vcpu->arch.db[2], 2); @@ -1830,6 +1836,9 @@ static void svm_set_dr7(struct kvm_vcpu *vcpu, unsigned long value) { struct vcpu_svm *svm = to_svm(vcpu); + if (vcpu->arch.guest_state_protected) + return; + svm->vmcb->save.dr7 = value; vmcb_mark_dirty(svm->vmcb, VMCB_DR); } diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 8f0a3ed0d790..66ea889f71ed 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -198,6 +198,28 @@ static inline struct kvm_svm *to_kvm_svm(struct kvm *kvm) return container_of(kvm, struct kvm_svm, kvm); } +static inline bool sev_guest(struct kvm *kvm) +{ +#ifdef CONFIG_KVM_AMD_SEV + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + + return sev->active; +#else + return false; +#endif +} + +static inline bool sev_es_guest(struct kvm *kvm) +{ +#ifdef CONFIG_KVM_AMD_SEV + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + + return sev_guest(kvm) && sev->es_active; +#else + return false; +#endif +} + static inline void vmcb_mark_all_dirty(struct vmcb *vmcb) { vmcb->control.clean = 0; @@ -249,21 +271,24 @@ static inline void set_dr_intercepts(struct vcpu_svm *svm) { struct vmcb *vmcb = get_host_vmcb(svm); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR0_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR1_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR2_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR3_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR4_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR5_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR6_READ); + if (!sev_es_guest(svm->vcpu.kvm)) { + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR0_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR1_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR2_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR3_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR4_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR5_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR6_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR0_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR1_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR2_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR3_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR4_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR5_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR6_WRITE); + } + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR0_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR1_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR2_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR3_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR4_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR5_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR6_WRITE); vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE); recalc_intercepts(svm); @@ -275,6 +300,12 @@ static inline void clr_dr_intercepts(struct vcpu_svm *svm) vmcb->control.intercepts[INTERCEPT_DR] = 0; + /* DR7 access must remain intercepted for an SEV-ES guest */ + if (sev_es_guest(svm->vcpu.kvm)) { + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE); + } + recalc_intercepts(svm); } @@ -480,28 +511,6 @@ void svm_vcpu_unblocking(struct kvm_vcpu *vcpu); extern unsigned int max_sev_asid; -static inline bool sev_guest(struct kvm *kvm) -{ -#ifdef CONFIG_KVM_AMD_SEV - struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; - - return sev->active; -#else - return false; -#endif -} - -static inline bool sev_es_guest(struct kvm *kvm) -{ -#ifdef CONFIG_KVM_AMD_SEV - struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; - - return sev_guest(kvm) && sev->es_active; -#else - return false; -#endif -} - static inline bool svm_sev_enabled(void) { return IS_ENABLED(CONFIG_KVM_AMD_SEV) ? max_sev_asid : 0; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 3aafbd2540be..569fbdb4ee87 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -9663,6 +9663,9 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu, unsigned long rflags; int i, r; + if (vcpu->arch.guest_state_protected) + return -EINVAL; + vcpu_load(vcpu); if (dbg->control & (KVM_GUESTDBG_INJECT_DB | KVM_GUESTDBG_INJECT_BP)) { From patchwork Tue Nov 17 17:07:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912967 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1C512C64E69 for ; Tue, 17 Nov 2020 17:09:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DC7F622447 for ; Tue, 17 Nov 2020 17:09:23 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="V6yJqVVh" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728840AbgKQRJD (ORCPT ); Tue, 17 Nov 2020 12:09:03 -0500 Received: from mail-dm6nam11on2047.outbound.protection.outlook.com ([40.107.223.47]:51553 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727618AbgKQRJD (ORCPT ); Tue, 17 Nov 2020 12:09:03 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RSqG2pdHMFyJXNSNILBVi2IsdYhcLdQG61rmAALHf9ivzCegWE8fsM01U3CWODL2iORquET3Gvmb1qiKkwP8GnOV84HKW6toziKgdI3XHn5aPprguU5Zjs3dE0CdiQZhtt3KyaQBI0qwijkNuoXJ9HSbP/9zSnLIdf5kLRN5ywMEc1Fzl2+/EDa7y+74iWbc0QecldqH8vByPXL4qSw0F7coZks4Hsx1Nm2MGA4aGjrRqxzf0AQjK/MR48IOO8y9OH7wu0u0EBNT2wb7+paj/DaaucNh0M/YtyDmcBKbzcoxN55x8wp24cn6dO+yLn2MomFyrNIE7FjPP7tnr4En7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0RhuXIfqSRyztA4U1jk+19FuqBF3k/BPQjzIwfqFKtA=; b=OhwctgCwJaRfF56KgQKuAeX5nDLgtM76remo7WxzujgQIe6zC4BS4YtNAfwElbbeQh9TfdtfHXNdvixvC4aKGJVEDX+N/D7hyqCn/ZL3DF3zerjhG1bVzU3CdmrM6NakCZd69UrXLDx9W8LwS3M4PAfSzNHnw4mlm9IqfuCAqAEULAczsDkYn9g4N6cexlhkB8fGZeljPacAjMmEjnfncJWgeUYSTvl1WsHPvsp9bZ+fSiRmSy0OSkyAOSnGeC1XZKcQtFdZXcnB29/AhL8ghwxa/ikKz56+3CHo6tc2hv6LCHoiInOno7TZ64bEfxZAgYIKTD1RPH6qtFViow4l4g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0RhuXIfqSRyztA4U1jk+19FuqBF3k/BPQjzIwfqFKtA=; b=V6yJqVVhm4U4F75v7QtSsUmvKfGuvpSbx6Ul5mnk+koZlnMmWmhVc5V63G3Z6UIItMFa6g3zzM/CDVgHS8Cl7fUHCFTBpF8r21LwT7/JuhOHX1h76mIrL9VkGu563G+5tocmEvo+vOT8wvY5IgKyw61jAJ+3J3Vcc6ORByK/d9Q= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:08:59 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:08:59 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 09/34] KVM: SVM: Do not allow instruction emulation under SEV-ES Date: Tue, 17 Nov 2020 11:07:12 -0600 Message-Id: <26a132acdbbeaad4dde2a85f6bafad70a307335e.1605632857.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM6PR11CA0036.namprd11.prod.outlook.com (2603:10b6:5:190::49) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by DM6PR11CA0036.namprd11.prod.outlook.com (2603:10b6:5:190::49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.20 via Frontend Transport; Tue, 17 Nov 2020 17:08:58 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 03bfdfb7-f0a9-45e9-2ccb-08d88b1b7928 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1360; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: IUplKpHkc4GDL7mhgJ06oLvmQG0mzEB6WxCC9kXlA5xpdHNedllt9tRb+kMbqvYfOXuRw96cJyO8WFNn+1VRYFBvVP2Jh4WUGmnAcd236BezjVBHffRaEPIfJXju/knNoBE1Tm0EOKtUhlO+gDl6rsv7UMqJ0Tn+6UyyGWXISLxQGxa1szESb3+uU5CMK8jVYaUWJBYybU3u0du9Jzn65E1XtrM041TOh86DbmgFGPNnsPN2RUix2ZkRkw40zuDHyxSg+crfpFT2UY1b9PU3FAS7smUR7UfcyraDwSBExQW/da9Dn+l5VZNX8r/y2xq/LIZxGbYJ8/TO9/ItgqRsOg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(4744005)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: bIKLOTscPz8OZeqWP3jxShM51xcuxAd3QMdaMuY0WYKXyvS/qAVGs+caGT7XUEccpCWJxoU5o43bRuM3UyUEqPXpeSRh+MynKpkAs3hZWdwq1NLMhogDAJ0zRrHBNkCdZSA1tI37vM6+8hULmQMiiCCr+v4S7gnE82aK0mD1Q6zj5/v6BN4zEcmT1nz03NPrASgr1mXpmEY6DuCi4chnpDHygZZYApE3hwmgbhoJnUcl6S/9X0uu8AdkSztY6I4mxVZFvhdy1pCRXb+94GrUO25HOi3CEF9yvIOWh39gunpvfE1MXYVFEGjgko9VrTuq870dRIp7F6jCqCM75GkkEOJprHqkB3JRRSsYR7cAlOJLSK3EYRhpmvmqqBnobkuqg8+zMymRaK+GEfAcxEP4AgxTSlZidSG1d97FS2Q+bfKMsjPgdTS3D9ULLdqYFas9ME/ek+5MuVZw/o27yzq1CLA+JWkknmrwj5/jfzmRcqAc1HWMRa+6RlhVn2jspvuB/FeMnoxL7yrv4WskbHQaw39nBXBPP0inPzEgS1FzmeH0Hjj0cGbOYTnZnRlvatdJnCEWN4myn5QObGBy9vafbPip9o4yCHm1ESYde7lCQs6LX4BA8FzGMq3kMmVgKiGCJMX7DszJd2D63bsYTcz8Cw== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 03bfdfb7-f0a9-45e9-2ccb-08d88b1b7928 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:08:58.8328 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: V8UAuSIJOlhvzYaeaKN1zQR+a84CpQ4zEiqnkpRVaqnBNaDU8g7ZXTBpYK9XpTZsTl+79TLPdcjX7uUVcSDUDw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky When a guest is running as an SEV-ES guest, it is not possible to emulate instructions. Add support to prevent instruction emulation. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/svm.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 7f805cd5bbe7..0e5f83912b56 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4195,6 +4195,12 @@ static bool svm_can_emulate_instruction(struct kvm_vcpu *vcpu, void *insn, int i bool smep, smap, is_user; unsigned long cr4; + /* + * When the guest is an SEV-ES guest, emulation is not possible. + */ + if (sev_es_guest(vcpu->kvm)) + return false; + /* * Detect and workaround Errata 1096 Fam_17h_00_0Fh. * From patchwork Tue Nov 17 17:07:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912965 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A6D2DC64E7A for ; Tue, 17 Nov 2020 17:09:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4D7D722447 for ; Tue, 17 Nov 2020 17:09:24 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="j0JHmuoP" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728859AbgKQRJM (ORCPT ); Tue, 17 Nov 2020 12:09:12 -0500 Received: from mail-dm6nam11on2081.outbound.protection.outlook.com ([40.107.223.81]:9824 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727816AbgKQRJL (ORCPT ); Tue, 17 Nov 2020 12:09:11 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JmhQD7vbP/VB7QRMw+UYnyHWmKNzhbTEMyRAftFTBv7B/AKlXjXHPrhMUrkrWs6N8Rh1kNTdQR9+hXXEo3eNjynYqkaCq7IJ9H/dySPRi1Q2TQ3ROuz9yB0JN71pPoAU7dFUbltwHwcPGUY7x1OCjblBwD19S5cJkrIUdZ6c2mQdl9NAw8jStZ5oYfo6vKHXJev2Z/K8g0pLG074T0vqth0VPy3c5t8EDYwtJlcQrBnrOFfFsB8RJr4a7wmfAfSAZZYgDG/nmYyQ2bo9yleHGbvFiQCjfltIHbAMcpEQvaet4iZ3vd/JZ8aDyPE0Yr18+421QNBZAIu/qNBOfYeqBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xCPd1cemga2nT9Mliq6eEgmXXXeJRbwSStRGkT1lprA=; b=Xo7tKU+COO/yVKdnkGoXNHOi9PeqBe9i0CHL7Q9agUj8i8EkdmIxVCHIYyOkeFZVYTNEoD5fSxDprJfChspsvz1nxZQSwyJ6I8nwwuq+xdqVheueUy8VQwT9uRSmmPPIX92Ax6farsqi6ijKoV/V5c1Ksv0+MdKY6vBIxbvzcWQVvLiMkPmfWxHWVem5XV8N7768s3UOI3qRMAL6eBI50k4ju0qiaP6y2pGGKSsarXqpdyaKXc9KNT6SuFOVsP780gyiTM5ojTiXyFxZr88Otw1yeZAV2aGnZazEVeFpMuhADQ35s5+3lJ+yqIWCFhCkHJNDEDHqPxmTdfosaIPBYA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xCPd1cemga2nT9Mliq6eEgmXXXeJRbwSStRGkT1lprA=; b=j0JHmuoPC9nk12KbbXwewTbfJIQA/kDKXG1mUsGHjQmUb4Z3JinisMC1UkihZAvBppjRBxnFa1PYghDeTDo8deJV+TvjVxv6chF/E6fVPzrKvh4/rCXYNTsB3TV8FBMGGlyr3Dr+sumnvSdgn/8eapGLJ6d5MwuITIMzXG42XnE= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:09:07 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:09:07 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 10/34] KVM: SVM: Cannot re-initialize the VMCB after shutdown with SEV-ES Date: Tue, 17 Nov 2020 11:07:13 -0600 Message-Id: <71596ee517ed3a4eaf16721e7b5fa78fa93be01a.1605632857.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM5PR13CA0015.namprd13.prod.outlook.com (2603:10b6:3:23::25) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by DM5PR13CA0015.namprd13.prod.outlook.com (2603:10b6:3:23::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.15 via Frontend Transport; Tue, 17 Nov 2020 17:09:05 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 00d4eafc-384b-44e4-6db0-08d88b1b7d9a X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4502; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: +9EkJ81nvPmqA8cPFDOO3xsY/skRIuvOv6DYQxCgxU71kpL+1qTgceCC1Ip74eH46fquYl44o+xskuHh1BfRFlw9urTfE/i05CupLxNHel/hLDLmF3sLsMww0/qLpV5dXe3yb8JcVvACqZ+uTD6IxI4LOdBfNZk88qnGv+Lps5jMcfv2DwdWCKfJY/RRk7M1C8LIhLabwqHMaSh1rZSZr3j2061M2ziTdCtpoLHfMCtjrpNiAHeJU4pkLcguD2+AJ+X8Zts+hYyPf5xOW8GtqpaoKcxxBlD6JnxvUXAaO2or9vd9I7l+1wM2+Xhnwj9R X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(4744005)(8936002)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: BXLZi1WUNKXrS6fvbkJV+WYxEIRmbtAWLm+FplkNZYYym8uhX/Wil36ZgYg6fqxhIhd0UxXYgIoA9DSMEdhbVDgtfGo+8edPHpnnle6jtNCbyLMt3q91AIN3nv3sWADS3Ff6H1mOpoH97QU2+d3tG9pOq8dGxeHmQOf5C9vonk0QVtozgooHMFLcyYGlhyBeA3EiCFE1qiNRJC2M+S/t2cF4+4zNJbOtWm+RU8HeKFACXdrOyjgljO6YRnMLkqfqPBTuQV+1SaeRgDgRGwKKZWGOQrbq/lfnbJvuO8dvIEgDdyyX9jQwrNs1IAwjy6Q5RBjnvBfbciFea7KjNu71AxIPYUuq9PMVFN59QPoUUcfybZxRU2QEbqxPm24075dU5P1YzaXwQ+WMiN/rahLQZ5fQTwB8WIKe2OUJaoLHkAcnBJFQdZWfdbwn69i9gtRfxXJQ72QF0nHJEdpEroP+R1HP9IElu7QfFA6occfc/Shb15ePLUZohMu1yb3NPPBLQPs2/wI2QCL7UjVHwDc2GQdGHG1aGNaECWwi9EuLZyiO9TLGZqGW6hSqei8lt/aBFHSlcao3jBXCrkCsw0u/b8eq6XnG+90IlkSNTeXF+Hctoz3UdcgziFmmwgQT24ZzFd8pfms6hlcpu719ZvTgJw== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 00d4eafc-384b-44e4-6db0-08d88b1b7d9a X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:09:07.3080 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: xlOpey34vQ70zt6mhZY/Kfu7K+xl0PeLy2+Ie+pLvkFmFzUBPQisY5eB/jpnjryi+Sn6dVGrNFRLQ3SlV579tQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky When a SHUTDOWN VMEXIT is encountered, normally the VMCB is re-initialized so that the guest can be re-launched. But when a guest is running as an SEV-ES guest, the VMSA cannot be re-initialized because it has been encrypted. For now, just return -EINVAL to prevent a possible attempt at a guest reset. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/svm.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 0e5f83912b56..f353039e54b6 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2026,6 +2026,13 @@ static int shutdown_interception(struct vcpu_svm *svm) { struct kvm_run *kvm_run = svm->vcpu.run; + /* + * The VM save area has already been encrypted so it + * cannot be reinitialized - just terminate. + */ + if (sev_es_guest(svm->vcpu.kvm)) + return -EINVAL; + /* * VMCB is undefined after a SHUTDOWN intercept * so reinitialize it. From patchwork Tue Nov 17 17:07:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912973 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 15FF4C64E7C for ; Tue, 17 Nov 2020 17:09:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BD43E22447 for ; Tue, 17 Nov 2020 17:09:24 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="QWi3o7r0" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728902AbgKQRJU (ORCPT ); Tue, 17 Nov 2020 12:09:20 -0500 Received: from mail-dm6nam11on2085.outbound.protection.outlook.com ([40.107.223.85]:21217 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728873AbgKQRJU (ORCPT ); Tue, 17 Nov 2020 12:09:20 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hzwWFOpvfi1r3p/YLEV18T4HqP4PlikQyqNZIfI9WUSB+NVF0ho/x5q5/t0V+79XOqjAbA6n6Lj9gAPVfJQuIkY+JM/QOkVvN805CGTiT8Q1QAZGadrwWZMXuZOfhffRsxAXzVTRFHNZd7ysawoTis5YaZRJd2RgqzZSiNz2skcXsnqI8G6K01wFU4eO/hK/3ZcTcSW7OVBrYyM1oeXKD+YJaSRyfezf/s2gX1XsGYHY30nXPVv9tsyrYDF8QHPeMKgnTpERDXKctdrhyt6tn492AIVUHy0Cr8PF3Ye2xVk7bryNHSKmtN42/0RonuzZ909GpgaiGNUIWdoTdf0i4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SZabV9guGbxCltEM7dvO9aa9sU1wbTinyLVyTMd9S8M=; b=WWXK6AVIdZCzshBW1KVl25tE/zxLPgVhM9Q2pEOCUUtU/60kgArdkHu5LDTD7rOGPxT6wnbeOgwpAg6/KFsp0EpGmOiw58uL0vLyh9lMI/TXfXvrx+FVKmqQTn+2f4hSeCyjYedq51kWCanabNrS6nJGTNzQ3I7WuNV5/qCmljQgYiB4yPdzVR/kjd2Uty+9tV5Rfb7zb0uFxc528yPnZxODRtogbJkHr/9Bf0ARR43PKuXiVaq6frj41T00nlfFqN9JRa1I+jLTGHAGXiJAzPZuuP6gDcFpr2sSpYvjiiIhCiya+oq1XQzrXSilon3xtMseIjRV2VyzlebmkzLcLw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SZabV9guGbxCltEM7dvO9aa9sU1wbTinyLVyTMd9S8M=; b=QWi3o7r0Mib2enpkXfO2gJOiwcE+D1NwQaWre2NO2HECd22ZtJSln2IPKyRMCYQWqD1xEfhLmu0p0Lr/Bv0+45C1LqyGoVVT0FMT1pZgpxUaS5pQXRTf28iqO1xu22R5f9q9KRufkKUYk7cUxvg03M+B+3TQ6rr9m7a7gIun+jU= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:09:15 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:09:15 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 11/34] KVM: SVM: Prepare for SEV-ES exit handling in the sev.c file Date: Tue, 17 Nov 2020 11:07:14 -0600 Message-Id: <7ba89a377d1fe006091e725dbe731fd530cd4b02.1605632857.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM6PR21CA0024.namprd21.prod.outlook.com (2603:10b6:5:174::34) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by DM6PR21CA0024.namprd21.prod.outlook.com (2603:10b6:5:174::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.4 via Frontend Transport; Tue, 17 Nov 2020 17:09:14 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 7ac5dd4c-1c80-4040-0777-08d88b1b82b9 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5797; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 38Y6Xn6rbVVETNYlDlid8P3DbE37IRoUFZs8AXDZKmmcHYfK7QNW2c/MudmpD244fpAOv30GMpY9dsPljEhOkVGrTEydkMn2V3pXflsSns48zIsfCmmm7iLvO/J4HSaMfAsvqJ56kY/Uwi2M1e3Ugug2NWbfQ/9H0uZc17EDFSJe6kpywtrEsDwYV/XdZfKvEUczLwQ7kdYBmV4CG6GHmOs2A4Od+U3mupFEc3Eti9jeaPzbxJn9kU6kIjTilhnNvxOKx66Cl1cAq77VxV/0RiYmuCPgRcCP7R4zXe9T7XWgjpcfmUr5YIBbJFhojAUVPV4ouifxPSSYj/pgj0cPFA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: rS/jgvTJyN095MjJ2Wa1zU2+Ef7DvlONHFH+0HQ0m6cQ9o1R98sxGCvOp96rIS3i+dHP8KplCDPV9teG1gtTgcSalyLGMDb/rlOb9hMUiCj5jL0zRYRYcJ19sDw0KZ3FQIyLTlEXtgE4prsgVAL60ocZiAYvdRtVH6S42r+x+EgeZ1dfFAsFQAbKbYc/r5gdbXnQ9iRXCiHSUicOotjMKG9R8p9i2j2PnLCqtMCMqPQjnJdVO/Qni4zqhix3KKPiDqRbDJ5zXpDMQJ7Z5vvhxyVbCTe0l+DLH5jxTuRIoPl0n8BBfOCaOGhwDQir9bMIp8EKsCxgYF7qT8K7dBJ4SPox7UqlcrhPrHOC/WkCyP/390s3lA0uWQAUp0tsBbE4nmFQJ1SV0obciHZ9nceQ3OrjML80bPWOlMMQV0d7VK1hZZEzpzKNYgC73VxA7zyXB5kW5VAzJUfjzPCyynOAzxIquUo6BYkZ7CgzmH1vSyqaOoEFt4b42MJX6iKNwVpXMhfHDHM2FR6s1BtiiqGik0JK9VOz14m0T3E/ztsY5bq11cNJSqGFTdbm8D6IyRwgLJCZY1knrWHWl6L5Ldz//1L1+YkpBhcUDpUBBnlqpgdhilOTR0sks6t3gB7gmfGttAfYePtFq8phABhdCAxzFg== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7ac5dd4c-1c80-4040-0777-08d88b1b82b9 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:09:14.8946 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ktowA6krJGnGpCm//CLqQ+LU6zVabsXMmv8P9/3jlC6H0NXC14W9ShgkLsGNg1EoCfckmAfAO8aZSzQKJSgL2A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky This is a pre-patch to consolidate some exit handling code into callable functions. Follow-on patches for SEV-ES exit handling will then be able to use them from the sev.c file. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/svm.c | 64 +++++++++++++++++++++++++----------------- 1 file changed, 38 insertions(+), 26 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index f353039e54b6..602e20f38bdc 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3147,6 +3147,43 @@ static void dump_vmcb(struct kvm_vcpu *vcpu) "excp_to:", save->last_excp_to); } +static int svm_handle_invalid_exit(struct kvm_vcpu *vcpu, u64 exit_code) +{ + if (exit_code < ARRAY_SIZE(svm_exit_handlers) && + svm_exit_handlers[exit_code]) + return 0; + + vcpu_unimpl(vcpu, "svm: unexpected exit reason 0x%llx\n", exit_code); + dump_vmcb(vcpu); + vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; + vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_UNEXPECTED_EXIT_REASON; + vcpu->run->internal.ndata = 2; + vcpu->run->internal.data[0] = exit_code; + vcpu->run->internal.data[1] = vcpu->arch.last_vmentry_cpu; + + return -EINVAL; +} + +static int svm_invoke_exit_handler(struct vcpu_svm *svm, u64 exit_code) +{ + if (svm_handle_invalid_exit(&svm->vcpu, exit_code)) + return 0; + +#ifdef CONFIG_RETPOLINE + if (exit_code == SVM_EXIT_MSR) + return msr_interception(svm); + else if (exit_code == SVM_EXIT_VINTR) + return interrupt_window_interception(svm); + else if (exit_code == SVM_EXIT_INTR) + return intr_interception(svm); + else if (exit_code == SVM_EXIT_HLT) + return halt_interception(svm); + else if (exit_code == SVM_EXIT_NPF) + return npf_interception(svm); +#endif + return svm_exit_handlers[exit_code](svm); +} + static void svm_get_exit_info(struct kvm_vcpu *vcpu, u64 *info1, u64 *info2, u32 *intr_info, u32 *error_code) { @@ -3213,32 +3250,7 @@ static int handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath) if (exit_fastpath != EXIT_FASTPATH_NONE) return 1; - if (exit_code >= ARRAY_SIZE(svm_exit_handlers) - || !svm_exit_handlers[exit_code]) { - vcpu_unimpl(vcpu, "svm: unexpected exit reason 0x%x\n", exit_code); - dump_vmcb(vcpu); - vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; - vcpu->run->internal.suberror = - KVM_INTERNAL_ERROR_UNEXPECTED_EXIT_REASON; - vcpu->run->internal.ndata = 2; - vcpu->run->internal.data[0] = exit_code; - vcpu->run->internal.data[1] = vcpu->arch.last_vmentry_cpu; - return 0; - } - -#ifdef CONFIG_RETPOLINE - if (exit_code == SVM_EXIT_MSR) - return msr_interception(svm); - else if (exit_code == SVM_EXIT_VINTR) - return interrupt_window_interception(svm); - else if (exit_code == SVM_EXIT_INTR) - return intr_interception(svm); - else if (exit_code == SVM_EXIT_HLT) - return halt_interception(svm); - else if (exit_code == SVM_EXIT_NPF) - return npf_interception(svm); -#endif - return svm_exit_handlers[exit_code](svm); + return svm_invoke_exit_handler(svm, exit_code); } static void reload_tss(struct kvm_vcpu *vcpu) From patchwork Tue Nov 17 17:07:15 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912975 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6C9A9C56202 for ; Tue, 17 Nov 2020 17:10:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 12FEC24654 for ; Tue, 17 Nov 2020 17:10:03 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="G7NwwlOq" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728933AbgKQRJl (ORCPT ); Tue, 17 Nov 2020 12:09:41 -0500 Received: from mail-dm6nam11on2086.outbound.protection.outlook.com ([40.107.223.86]:3169 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728923AbgKQRJk (ORCPT ); Tue, 17 Nov 2020 12:09:40 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gmHUEQumjnuB3rIgX10RtmYLVQtlmYYwTc+ExZ8rDQ8PJdJ0QQgaqya+Uf3ge3ZofAAXCwoBptl8GxjTjWenyZN4CLwHGsv4cHY06gN60Zm+gS6VSDVpLJnfmuyhWE3e/qCW0y5vh5F8Dnetfm4jwxv6SeKfy3/pa39GHFzATvqE5kBIf+R/JNt6VlWBdsopSZIccWR7TTINYqkmBTxynO+kzrkQMHs3Wgkp8JJBZFQavr90kmrqXz3OQC3KYKUScFH7Su5UhuIWsk/U8pX1IzwNaHSSw6x4/qfG8Rxo+JnLYhVjOXm+N2jZxYcVu1NrzCTQv/E3PwYqUYvtf2YgQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3uWK4GLo0hoYfTJ4tWodWWtsuHwczfuWSLYrj//v5fc=; b=mtjJ4O4jG5j/Nk0kwu9w/aKqRjAKLTxdQlhNsgjSUg/hedYK8odOJzbP5cGT97ZLYww9wt/6cZGqWfqDet5d+1c4RPmpz7V3Pea2wSk2JrdG1Yl9SoahiWEzR0kJOqI6/K657XIRJ7T/feRrpLDoSUjBaYbrJPSwwtGf9VExSIIdDcC8eR7lyBhJxfjYcx0XsBY4RaT+krTgEDgwCMO0Fe7QneSU+a1BU9lWcBELTSQSJ5o8WLQ0nLfyiaT7d6qR4Dg72ZcebJ8S6kZC5qFaQLqzF+kkAPAt5LJaxJJNr+tHKmP0+Qt55JszBkXFoRjZdZ4nqb/5jbw0Fk758sI8Fg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3uWK4GLo0hoYfTJ4tWodWWtsuHwczfuWSLYrj//v5fc=; b=G7NwwlOqcIYmoEtJQ4kQAVomVlHVX+t19emkOcy+mfPLmgwLCarEiUotZcUSUhPqn2LM++nSEsIScM1fSq9i76n9NUhIMfZnawFp8aeDFoJJ4VUzbO90EWsKWty8q3ZrFyKrPuS0dwMRX7WQh4Ky9uJccQQS6RDGppK7RBGLN3o= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:09:22 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:09:22 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 12/34] KVM: SVM: Add initial support for a VMGEXIT VMEXIT Date: Tue, 17 Nov 2020 11:07:15 -0600 Message-Id: <5cccfae30020886bc36d859ece88999a2e65d061.1605632857.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM5PR08CA0058.namprd08.prod.outlook.com (2603:10b6:4:60::47) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by DM5PR08CA0058.namprd08.prod.outlook.com (2603:10b6:4:60::47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.20 via Frontend Transport; Tue, 17 Nov 2020 17:09:22 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: e5fa3638-2153-4ab9-e2f9-08d88b1b8758 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 9Wv5ljXAvDehfMkK6BivVBFZHvauE8Nf6uHOjPjsfhzsTznTpitjC5pgmy0L7/UXU4S4YRN6Uyaf5Mwxt5myoK0xEe6cGyd2UkgUWDCRIMRQsFuLNUmtlK2mj5iDGkxFnp9jjUCx9kO6EtaC/vzr1HfzhrA85sfLfO4nfpGzbgLma2pK0n4GjwWfk35i/5GScY8P05uz1J9eURcxT3uJfXqh5GYtUKrxKNKPJE8LilWN5Ww6YuWonq9iTodek+3Z/Mm6BlS75XlQ/jv0UIEbgRUIqMqibxHBk1upUo/g2FT+QdKPmrvKp1/ev9zQEe37wN2eIvZrRJT8N+Qqnb9l+g== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(30864003)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: KwLlOvkBLnYbYsaXij5LPB3z0NIH24DBR++erI2mxTgGBjVYgmzj9Nd893dv4L9D93UpGJY7XqA6CDcPa1OeAiVBY/kfZqqRKRTxgmPgu35C8sUtR8XC+QLJwZZ4tOaVubTiom35qPwwcTwBApQus/eXnn3r6nTOvLpUVzgOtw40fBYQZZR9UX8gD+m6GT5YYyjArsD06zBuxEhWRL7kAFNcyOTgWtVbePYCATPPgfID4HIBGr0MYpucfm3ZmZo19lZAdXi7RrWe3EmUi6oScQgN+VTQPU9vf5RmEiS9UnehM77kWSGzIJ+uDl6awPf8DYNifEztbngQTPPQa2tqZOaGv+KJu/JhgZISLZhn/m3wDPtaeeoVCsn1SbiScE/BDYxyWyXauHhL0WZ+I2zdP2YqBaJ197BL1bnyfSCNn9VVYW5SPNQwR3VCARKcNPxvFlJHbd7Oa+s+idcXRlNS+HFAvdEl4e/x7SLuJfCyizKwQAXn6dFG/Hn6pVP2Y2W/nTR5V9EV+sCXThJUK9fpZDu9WJounBtfzdKMtPSoIWYOyvkFhpCz5lpXQ4ijoOvr6v6ZPQyD2TKhiUEkhkOcFoeFO/eloQRAVBZy4FWjH2tyQx4cTwFL8NUKiHFjB/WhDU+HYbr9izYEvjgGQyXLrg== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: e5fa3638-2153-4ab9-e2f9-08d88b1b8758 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:09:22.7790 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: dsEjt4IVOjaSp267Ga+oWTe2oJFH9OBr0ZrdDQg5uRAheanMDotSLdrsYjd9j7knGSaSGHVLdhMIKQdtUlDO4w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky SEV-ES adds a new VMEXIT reason code, VMGEXIT. Initial support for a VMGEXIT includes mapping the GHCB based on the guest GPA, which is obtained from a new VMCB field, and then validating the required inputs for the VMGEXIT exit reason. Since many of the VMGEXIT exit reasons correspond to existing VMEXIT reasons, the information from the GHCB is copied into the VMCB control exit code areas and KVM register areas. The standard exit handlers are invoked, similar to standard VMEXIT processing. Before restarting the vCPU, the GHCB is updated with any registers that have been updated by the hypervisor. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/svm.h | 2 +- arch/x86/include/uapi/asm/svm.h | 7 + arch/x86/kvm/cpuid.c | 1 + arch/x86/kvm/svm/sev.c | 272 ++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 8 +- arch/x86/kvm/svm/svm.h | 8 + 6 files changed, 295 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index bce28482d63d..caa8628f5fba 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -130,7 +130,7 @@ struct __attribute__ ((__packed__)) vmcb_control_area { u32 exit_int_info_err; u64 nested_ctl; u64 avic_vapic_bar; - u8 reserved_4[8]; + u64 ghcb_gpa; u32 event_inj; u32 event_inj_err; u64 nested_cr3; diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h index f1d8307454e0..09f723945425 100644 --- a/arch/x86/include/uapi/asm/svm.h +++ b/arch/x86/include/uapi/asm/svm.h @@ -81,6 +81,7 @@ #define SVM_EXIT_NPF 0x400 #define SVM_EXIT_AVIC_INCOMPLETE_IPI 0x401 #define SVM_EXIT_AVIC_UNACCELERATED_ACCESS 0x402 +#define SVM_EXIT_VMGEXIT 0x403 /* SEV-ES software-defined VMGEXIT events */ #define SVM_VMGEXIT_MMIO_READ 0x80000001 @@ -187,6 +188,12 @@ { SVM_EXIT_NPF, "npf" }, \ { SVM_EXIT_AVIC_INCOMPLETE_IPI, "avic_incomplete_ipi" }, \ { SVM_EXIT_AVIC_UNACCELERATED_ACCESS, "avic_unaccelerated_access" }, \ + { SVM_EXIT_VMGEXIT, "vmgexit" }, \ + { SVM_VMGEXIT_MMIO_READ, "vmgexit_mmio_read" }, \ + { SVM_VMGEXIT_MMIO_WRITE, "vmgexit_mmio_write" }, \ + { SVM_VMGEXIT_NMI_COMPLETE, "vmgexit_nmi_complete" }, \ + { SVM_VMGEXIT_AP_HLT_LOOP, "vmgexit_ap_hlt_loop" }, \ + { SVM_VMGEXIT_AP_JUMP_TABLE, "vmgexit_ap_jump_table" }, \ { SVM_EXIT_ERR, "invalid_guest_state" } diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index d50041f570e8..0f6ecbb5e5b0 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -146,6 +146,7 @@ void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu) MSR_IA32_MISC_ENABLE_MWAIT); } } +EXPORT_SYMBOL_GPL(kvm_update_cpuid_runtime); static void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) { diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index fb4a411f7550..54e6894b26d2 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -18,6 +18,7 @@ #include "x86.h" #include "svm.h" +#include "cpuid.h" static int sev_flush_asids(void); static DECLARE_RWSEM(sev_deactivate_lock); @@ -1257,11 +1258,226 @@ void sev_free_vcpu(struct kvm_vcpu *vcpu) __free_page(virt_to_page(svm->vmsa)); } +static void dump_ghcb(struct vcpu_svm *svm) +{ + struct ghcb *ghcb = svm->ghcb; + unsigned int nbits; + + /* Re-use the dump_invalid_vmcb module parameter */ + if (!dump_invalid_vmcb) { + pr_warn_ratelimited("set kvm_amd.dump_invalid_vmcb=1 to dump internal KVM state.\n"); + return; + } + + nbits = sizeof(ghcb->save.valid_bitmap) * 8; + + pr_err("GHCB (GPA=%016llx):\n", svm->vmcb->control.ghcb_gpa); + pr_err("%-20s%016llx is_valid: %u\n", "sw_exit_code", + ghcb->save.sw_exit_code, ghcb_sw_exit_code_is_valid(ghcb)); + pr_err("%-20s%016llx is_valid: %u\n", "sw_exit_info_1", + ghcb->save.sw_exit_info_1, ghcb_sw_exit_info_1_is_valid(ghcb)); + pr_err("%-20s%016llx is_valid: %u\n", "sw_exit_info_2", + ghcb->save.sw_exit_info_2, ghcb_sw_exit_info_2_is_valid(ghcb)); + pr_err("%-20s%016llx is_valid: %u\n", "sw_scratch", + ghcb->save.sw_scratch, ghcb_sw_scratch_is_valid(ghcb)); + pr_err("%-20s%*pb\n", "valid_bitmap", nbits, ghcb->save.valid_bitmap); +} + +static void sev_es_sync_to_ghcb(struct vcpu_svm *svm) +{ + struct kvm_vcpu *vcpu = &svm->vcpu; + struct ghcb *ghcb = svm->ghcb; + + /* + * The GHCB protocol so far allows for the following data + * to be returned: + * GPRs RAX, RBX, RCX, RDX + * + * Copy their values to the GHCB if they are dirty. + */ + if (kvm_register_is_dirty(vcpu, VCPU_REGS_RAX)) + ghcb_set_rax(ghcb, vcpu->arch.regs[VCPU_REGS_RAX]); + if (kvm_register_is_dirty(vcpu, VCPU_REGS_RBX)) + ghcb_set_rbx(ghcb, vcpu->arch.regs[VCPU_REGS_RBX]); + if (kvm_register_is_dirty(vcpu, VCPU_REGS_RCX)) + ghcb_set_rcx(ghcb, vcpu->arch.regs[VCPU_REGS_RCX]); + if (kvm_register_is_dirty(vcpu, VCPU_REGS_RDX)) + ghcb_set_rdx(ghcb, vcpu->arch.regs[VCPU_REGS_RDX]); +} + +static void sev_es_sync_from_ghcb(struct vcpu_svm *svm) +{ + struct vmcb_control_area *control = &svm->vmcb->control; + struct kvm_vcpu *vcpu = &svm->vcpu; + struct ghcb *ghcb = svm->ghcb; + u64 exit_code; + + /* + * The GHCB protocol so far allows for the following data + * to be supplied: + * GPRs RAX, RBX, RCX, RDX + * XCR0 + * CPL + * + * VMMCALL allows the guest to provide extra registers. KVM also + * expects RSI for hypercalls, so include that, too. + * + * Copy their values to the appropriate location if supplied. + */ + memset(vcpu->arch.regs, 0, sizeof(vcpu->arch.regs)); + + vcpu->arch.regs[VCPU_REGS_RAX] = ghcb_get_rax_if_valid(ghcb); + vcpu->arch.regs[VCPU_REGS_RBX] = ghcb_get_rbx_if_valid(ghcb); + vcpu->arch.regs[VCPU_REGS_RCX] = ghcb_get_rcx_if_valid(ghcb); + vcpu->arch.regs[VCPU_REGS_RDX] = ghcb_get_rdx_if_valid(ghcb); + vcpu->arch.regs[VCPU_REGS_RSI] = ghcb_get_rsi_if_valid(ghcb); + + svm->vmcb->save.cpl = ghcb_get_cpl_if_valid(ghcb); + + if (ghcb_xcr0_is_valid(ghcb)) { + vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb); + kvm_update_cpuid_runtime(vcpu); + } + + /* Copy the GHCB exit information into the VMCB fields */ + exit_code = ghcb_get_sw_exit_code(ghcb); + control->exit_code = lower_32_bits(exit_code); + control->exit_code_hi = upper_32_bits(exit_code); + control->exit_info_1 = ghcb_get_sw_exit_info_1(ghcb); + control->exit_info_2 = ghcb_get_sw_exit_info_2(ghcb); + + /* Clear the valid entries fields */ + memset(ghcb->save.valid_bitmap, 0, sizeof(ghcb->save.valid_bitmap)); +} + +static int sev_es_validate_vmgexit(struct vcpu_svm *svm) +{ + struct kvm_vcpu *vcpu; + struct ghcb *ghcb; + u64 exit_code = 0; + + ghcb = svm->ghcb; + + /* Only GHCB Usage code 0 is supported */ + if (ghcb->ghcb_usage) + goto vmgexit_err; + + /* + * Retrieve the exit code now even though is may not be marked valid + * as it could help with debugging. + */ + exit_code = ghcb_get_sw_exit_code(ghcb); + + if (!ghcb_sw_exit_code_is_valid(ghcb) || + !ghcb_sw_exit_info_1_is_valid(ghcb) || + !ghcb_sw_exit_info_2_is_valid(ghcb)) + goto vmgexit_err; + + switch (ghcb_get_sw_exit_code(ghcb)) { + case SVM_EXIT_READ_DR7: + break; + case SVM_EXIT_WRITE_DR7: + if (!ghcb_rax_is_valid(ghcb)) + goto vmgexit_err; + break; + case SVM_EXIT_RDTSC: + break; + case SVM_EXIT_RDPMC: + if (!ghcb_rcx_is_valid(ghcb)) + goto vmgexit_err; + break; + case SVM_EXIT_CPUID: + if (!ghcb_rax_is_valid(ghcb) || + !ghcb_rcx_is_valid(ghcb)) + goto vmgexit_err; + if (ghcb_get_rax(ghcb) == 0xd) + if (!ghcb_xcr0_is_valid(ghcb)) + goto vmgexit_err; + break; + case SVM_EXIT_INVD: + break; + case SVM_EXIT_IOIO: + if (!(ghcb_get_sw_exit_info_1(ghcb) & SVM_IOIO_TYPE_MASK)) + if (!ghcb_rax_is_valid(ghcb)) + goto vmgexit_err; + break; + case SVM_EXIT_MSR: + if (!ghcb_rcx_is_valid(ghcb)) + goto vmgexit_err; + if (ghcb_get_sw_exit_info_1(ghcb)) { + if (!ghcb_rax_is_valid(ghcb) || + !ghcb_rdx_is_valid(ghcb)) + goto vmgexit_err; + } + break; + case SVM_EXIT_VMMCALL: + if (!ghcb_rax_is_valid(ghcb) || + !ghcb_cpl_is_valid(ghcb)) + goto vmgexit_err; + break; + case SVM_EXIT_RDTSCP: + break; + case SVM_EXIT_WBINVD: + break; + case SVM_EXIT_MONITOR: + if (!ghcb_rax_is_valid(ghcb) || + !ghcb_rcx_is_valid(ghcb) || + !ghcb_rdx_is_valid(ghcb)) + goto vmgexit_err; + break; + case SVM_EXIT_MWAIT: + if (!ghcb_rax_is_valid(ghcb) || + !ghcb_rcx_is_valid(ghcb)) + goto vmgexit_err; + break; + case SVM_VMGEXIT_UNSUPPORTED_EVENT: + break; + default: + goto vmgexit_err; + } + + return 0; + +vmgexit_err: + vcpu = &svm->vcpu; + + if (ghcb->ghcb_usage) { + vcpu_unimpl(vcpu, "vmgexit: ghcb usage %#x is not valid\n", + ghcb->ghcb_usage); + } else { + vcpu_unimpl(vcpu, "vmgexit: exit reason %#llx is not valid\n", + exit_code); + dump_ghcb(svm); + } + + vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; + vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_UNEXPECTED_EXIT_REASON; + vcpu->run->internal.ndata = 2; + vcpu->run->internal.data[0] = exit_code; + vcpu->run->internal.data[1] = vcpu->arch.last_vmentry_cpu; + + return -EINVAL; +} + +static void pre_sev_es_run(struct vcpu_svm *svm) +{ + if (!svm->ghcb) + return; + + sev_es_sync_to_ghcb(svm); + + kvm_vcpu_unmap(&svm->vcpu, &svm->ghcb_map, true); + svm->ghcb = NULL; +} + void pre_sev_run(struct vcpu_svm *svm, int cpu) { struct svm_cpu_data *sd = per_cpu(svm_data, cpu); int asid = sev_get_asid(svm->vcpu.kvm); + /* Perform any SEV-ES pre-run actions */ + pre_sev_es_run(svm); + /* Assign the asid allocated with this SEV guest */ svm->vmcb->control.asid = asid; @@ -1279,3 +1495,59 @@ void pre_sev_run(struct vcpu_svm *svm, int cpu) svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ASID; vmcb_mark_dirty(svm->vmcb, VMCB_ASID); } + +static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) +{ + return -EINVAL; +} + +int sev_handle_vmgexit(struct vcpu_svm *svm) +{ + struct vmcb_control_area *control = &svm->vmcb->control; + u64 ghcb_gpa, exit_code; + struct ghcb *ghcb; + int ret; + + /* Validate the GHCB */ + ghcb_gpa = control->ghcb_gpa; + if (ghcb_gpa & GHCB_MSR_INFO_MASK) + return sev_handle_vmgexit_msr_protocol(svm); + + if (!ghcb_gpa) { + vcpu_unimpl(&svm->vcpu, "vmgexit: GHCB gpa is not set\n"); + return -EINVAL; + } + + if (kvm_vcpu_map(&svm->vcpu, ghcb_gpa >> PAGE_SHIFT, &svm->ghcb_map)) { + /* Unable to map GHCB from guest */ + vcpu_unimpl(&svm->vcpu, "vmgexit: error mapping GHCB [%#llx] from guest\n", + ghcb_gpa); + return -EINVAL; + } + + svm->ghcb = svm->ghcb_map.hva; + ghcb = svm->ghcb_map.hva; + + exit_code = ghcb_get_sw_exit_code(ghcb); + + ret = sev_es_validate_vmgexit(svm); + if (ret) + return ret; + + sev_es_sync_from_ghcb(svm); + ghcb_set_sw_exit_info_1(ghcb, 0); + ghcb_set_sw_exit_info_2(ghcb, 0); + + ret = -EINVAL; + switch (exit_code) { + case SVM_VMGEXIT_UNSUPPORTED_EVENT: + vcpu_unimpl(&svm->vcpu, + "vmgexit: unsupported event - exit_info_1=%#llx, exit_info_2=%#llx\n", + control->exit_info_1, control->exit_info_2); + break; + default: + ret = svm_invoke_exit_handler(svm, exit_code); + } + + return ret; +} diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 602e20f38bdc..6fa36afbbad1 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -195,7 +195,7 @@ module_param(sev, int, 0444); int sev_es = IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT); module_param(sev_es, int, 0444); -static bool __read_mostly dump_invalid_vmcb = 0; +bool __read_mostly dump_invalid_vmcb; module_param(dump_invalid_vmcb, bool, 0644); static u8 rsm_ins_bytes[] = "\x0f\xaa"; @@ -3027,6 +3027,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = { [SVM_EXIT_RSM] = rsm_interception, [SVM_EXIT_AVIC_INCOMPLETE_IPI] = avic_incomplete_ipi_interception, [SVM_EXIT_AVIC_UNACCELERATED_ACCESS] = avic_unaccelerated_access_interception, + [SVM_EXIT_VMGEXIT] = sev_handle_vmgexit, }; static void dump_vmcb(struct kvm_vcpu *vcpu) @@ -3068,6 +3069,7 @@ static void dump_vmcb(struct kvm_vcpu *vcpu) pr_err("%-20s%lld\n", "nested_ctl:", control->nested_ctl); pr_err("%-20s%016llx\n", "nested_cr3:", control->nested_cr3); pr_err("%-20s%016llx\n", "avic_vapic_bar:", control->avic_vapic_bar); + pr_err("%-20s%016llx\n", "ghcb:", control->ghcb_gpa); pr_err("%-20s%08x\n", "event_inj:", control->event_inj); pr_err("%-20s%08x\n", "event_inj_err:", control->event_inj_err); pr_err("%-20s%lld\n", "virt_ext:", control->virt_ext); @@ -3164,7 +3166,7 @@ static int svm_handle_invalid_exit(struct kvm_vcpu *vcpu, u64 exit_code) return -EINVAL; } -static int svm_invoke_exit_handler(struct vcpu_svm *svm, u64 exit_code) +int svm_invoke_exit_handler(struct vcpu_svm *svm, u64 exit_code) { if (svm_handle_invalid_exit(&svm->vcpu, exit_code)) return 0; @@ -3180,6 +3182,8 @@ static int svm_invoke_exit_handler(struct vcpu_svm *svm, u64 exit_code) return halt_interception(svm); else if (exit_code == SVM_EXIT_NPF) return npf_interception(svm); + else if (exit_code == SVM_EXIT_VMGEXIT) + return sev_handle_vmgexit(svm); #endif return svm_exit_handlers[exit_code](svm); } diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 66ea889f71ed..4ee217338d0b 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -17,6 +17,7 @@ #include #include +#include #include @@ -171,6 +172,7 @@ struct vcpu_svm { /* SEV-ES support */ struct vmcb_save_area *vmsa; struct ghcb *ghcb; + struct kvm_host_map ghcb_map; }; struct svm_cpu_data { @@ -389,6 +391,7 @@ static inline bool gif_set(struct vcpu_svm *svm) extern int sev; extern int sev_es; +extern bool dump_invalid_vmcb; u32 svm_msrpm_offset(u32 msr); u32 *svm_vcpu_alloc_msrpm(void); @@ -404,6 +407,7 @@ bool svm_smi_blocked(struct kvm_vcpu *vcpu); bool svm_nmi_blocked(struct kvm_vcpu *vcpu); bool svm_interrupt_blocked(struct kvm_vcpu *vcpu); void svm_set_gif(struct vcpu_svm *svm, bool value); +int svm_invoke_exit_handler(struct vcpu_svm *svm, u64 exit_code); /* nested.c */ @@ -509,6 +513,9 @@ void svm_vcpu_unblocking(struct kvm_vcpu *vcpu); /* sev.c */ +#define GHCB_MSR_INFO_POS 0 +#define GHCB_MSR_INFO_MASK (BIT_ULL(12) - 1) + extern unsigned int max_sev_asid; static inline bool svm_sev_enabled(void) @@ -526,5 +533,6 @@ void pre_sev_run(struct vcpu_svm *svm, int cpu); void __init sev_hardware_setup(void); void sev_hardware_teardown(void); void sev_free_vcpu(struct kvm_vcpu *vcpu); +int sev_handle_vmgexit(struct vcpu_svm *svm); #endif From patchwork Tue Nov 17 17:07:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912981 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AFCA2C64E7A for ; Tue, 17 Nov 2020 17:10:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5D8FA22447 for ; Tue, 17 Nov 2020 17:10:04 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="Fzw1Ghdb" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729001AbgKQRJo (ORCPT ); Tue, 17 Nov 2020 12:09:44 -0500 Received: from mail-dm6nam11on2086.outbound.protection.outlook.com ([40.107.223.86]:3169 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728944AbgKQRJn (ORCPT ); Tue, 17 Nov 2020 12:09:43 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=d9RfLdfIlapbripApAlPCRkOF9PUA7Otk+sy7r3U7Lt6nRo5SfHLNdp7jDkxXIHelut7YGlrvlgJSwPg+Rp6kyd3r6BAGsI/aXzYXisG65PHKYmeb0A/+QiJsco3ZpbSj8StJZm+ehN6HFK90eV5qFR5lYk4pVZoD6ppnDJcWtG92H+DX3iOzg7c555ZYwesYAXbYIdx4lKj0/dkp4Y6GfQr11Aq2bCvJGqlgIn7Jz8KvMkRttnuDzt0MIUSGzqr4EPCszj8Ro/6zgSpsVQ9JdsvUgx7k3Rtk4rd56owyFE+SMxa9UinKBcGfMJFKAbxAxzC5ngffaa73Lkb4GSzNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wpL93RDMVQ5VVJQJRqx9zctExwZjUDVhC3HjdRdbIoE=; b=Nd24bUsyy/IyZo0PYrpthtHWnFc08JBTyg9b5k2mRXh4OWQ/Zfsn1ph18xvxRxCmFizeF4AnYaz+SHeZUbe96lJgvc+2dnJAGYoe0xvyVduVOqGMgJ6ilpj0oTfeLRU870nxsKfsX0b1Q6zFIIgepxsyBzz7bwSphLskHSKmidBi7zn8rMCQudz+1jnMJTd6Y9818sWUtN1CvSmb28ht1/ROR3EBcH53ttkkURjP+Kub9mdMc51LOP3E82ONm6Q12pdR1Cmlu+qmEBv7NjLZrEqivcE5s7pFk/+1n5l/F6IPLx958wDrJfLdqoPT+2QMXgnjqY3ju3qg0hDn8UFUGw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wpL93RDMVQ5VVJQJRqx9zctExwZjUDVhC3HjdRdbIoE=; b=Fzw1Ghdb1zf5vnvhKCcJrHnMUGRF7y7ZDB2aLvqoALyB3qsxUTUjdLfjSXAWqhJpOiyvpteFEQ90dXmMvneQ0fYUmmlfvNzooTKM+VFuwUSSK/PawwW8DgVwUi5tEahHWeO5sg2cyPCjeYn4YfVLYlE1vxg8ZEH8HNUKvLJ/pNk= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:09:30 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:09:30 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 13/34] KVM: SVM: Create trace events for VMGEXIT processing Date: Tue, 17 Nov 2020 11:07:16 -0600 Message-Id: <19bc69ca75a37a7d0ed32f59b56a989674d8a9b9.1605632857.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM6PR17CA0017.namprd17.prod.outlook.com (2603:10b6:5:1b3::30) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by DM6PR17CA0017.namprd17.prod.outlook.com (2603:10b6:5:1b3::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.28 via Frontend Transport; Tue, 17 Nov 2020 17:09:29 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 28cddee8-fa11-4011-ad81-08d88b1b8bee X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4941; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: LyB9ZnjWdc5EjEeWeFH1SsP0UNSCUEpD0nagtUe24iFD+m+TUT+VO/ip3w6iIlcwnHxU8cj3434N/iAxKnmP576V59n923xLX9u48qDENelZMU3EdcXxnkaW/uwMzLXjAtf5wSg4XTN/RKMaSTdTqzvk4GB3xjkIQO7pu34n9Xlz8sOoy2vyAFp/rqoLCgrApv7cKi7o9K40OGjqyoBMB4+zztsyEiQ2YourkOYLQW2QVP5gNwCijG7zC5oHiCqbU1FwZFqi/TFxwuFepVpxjUYJHDnIUgzm1x/1NdQ3ucKQbUH2DKEhFXmAufOid7f0Tz6YMft9bQ6X1Z2UNQ2xrA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: OfsZQoTWeTScdqhe18ESEHRZpUdQhwLTB9APalHwQEx+p2J1g4aJPyn1JZKJnF0Ya9bmKMkmo5ZKJOvdDsOXiTX59VrhWbe/APxQ0Jzsee0L2bXt3J/X0RASHIrVSNxOtfLsoojd/agswlwU7YMfhfiq8I7ZwIiIjUFP0z6d1dqSgmeIiqnkZ0PB06iKRzhlZ7/NSt7o8BOhZQritK4pmN9TgqNMwAF7rzzF3XFNk0jY92GtHGPf8D5s/lHtPcdgMT+VV8HStYoNp29//eBmeTcWPDHfjVwXKuvQgacNqJjXEcgNsyVeUtbGm8IpvuqbOD0pG5+Tovos/W9VSeBkYon5Ln+Q5VIkWO0wrMWqNsx3LUY1rv/1Rn3+zwHdKp1bv0mmgyvo/MsgVU4vMZD4eSxE78n5gUVvphi2uWnVFdArXB8piyage6J35R5TXIHPnYUFQUCmiDi8t7nPp2S2m4IQ+qPkqBQhOFn/MghsrZ6+ROTL+TQah251bTt/p5x5Cy1zXbpAN4m79EVIM7PtFhs51Kj+PuawkIRpBrGjQM2OYSTRYgcvduuSm2/eF8gSTZlNa1wqOqJsxRbC3D+g9crYayIdqrI11Xi4myd5i9p00uAI/MmKpe9N5Qd6oCVqxpgsimhXDeHTjrecbNu0og== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 28cddee8-fa11-4011-ad81-08d88b1b8bee X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:09:30.4526 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: oNy1ltguEvHfVI6wvn1DGCWGYxUxgta0zvCiPrK/mlTDo7MzLCYvjDCH8sAdOsNm5ZgLlg0G5ITrA2Qusu7x4w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky Add trace events for entry to and exit from VMGEXIT processing. The vCPU id and the exit reason will be common for the trace events. The exit info fields will represent the input and output values for the entry and exit events, respectively. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 6 +++++ arch/x86/kvm/trace.h | 53 ++++++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/x86.c | 2 ++ 3 files changed, 61 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 54e6894b26d2..da473c6b725e 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -15,10 +15,12 @@ #include #include #include +#include #include "x86.h" #include "svm.h" #include "cpuid.h" +#include "trace.h" static int sev_flush_asids(void); static DECLARE_RWSEM(sev_deactivate_lock); @@ -1464,6 +1466,8 @@ static void pre_sev_es_run(struct vcpu_svm *svm) if (!svm->ghcb) return; + trace_kvm_vmgexit_exit(svm->vcpu.vcpu_id, svm->ghcb); + sev_es_sync_to_ghcb(svm); kvm_vcpu_unmap(&svm->vcpu, &svm->ghcb_map, true); @@ -1528,6 +1532,8 @@ int sev_handle_vmgexit(struct vcpu_svm *svm) svm->ghcb = svm->ghcb_map.hva; ghcb = svm->ghcb_map.hva; + trace_kvm_vmgexit_enter(svm->vcpu.vcpu_id, ghcb); + exit_code = ghcb_get_sw_exit_code(ghcb); ret = sev_es_validate_vmgexit(svm); diff --git a/arch/x86/kvm/trace.h b/arch/x86/kvm/trace.h index aef960f90f26..7da931a511c9 100644 --- a/arch/x86/kvm/trace.h +++ b/arch/x86/kvm/trace.h @@ -1578,6 +1578,59 @@ TRACE_EVENT(kvm_hv_syndbg_get_msr, __entry->vcpu_id, __entry->vp_index, __entry->msr, __entry->data) ); + +/* + * Tracepoint for the start of VMGEXIT processing + */ +TRACE_EVENT(kvm_vmgexit_enter, + TP_PROTO(unsigned int vcpu_id, struct ghcb *ghcb), + TP_ARGS(vcpu_id, ghcb), + + TP_STRUCT__entry( + __field(unsigned int, vcpu_id) + __field(u64, exit_reason) + __field(u64, info1) + __field(u64, info2) + ), + + TP_fast_assign( + __entry->vcpu_id = vcpu_id; + __entry->exit_reason = ghcb->save.sw_exit_code; + __entry->info1 = ghcb->save.sw_exit_info_1; + __entry->info2 = ghcb->save.sw_exit_info_2; + ), + + TP_printk("vcpu %u, exit_reason %llx, exit_info1 %llx, exit_info2 %llx", + __entry->vcpu_id, __entry->exit_reason, + __entry->info1, __entry->info2) +); + +/* + * Tracepoint for the end of VMGEXIT processing + */ +TRACE_EVENT(kvm_vmgexit_exit, + TP_PROTO(unsigned int vcpu_id, struct ghcb *ghcb), + TP_ARGS(vcpu_id, ghcb), + + TP_STRUCT__entry( + __field(unsigned int, vcpu_id) + __field(u64, exit_reason) + __field(u64, info1) + __field(u64, info2) + ), + + TP_fast_assign( + __entry->vcpu_id = vcpu_id; + __entry->exit_reason = ghcb->save.sw_exit_code; + __entry->info1 = ghcb->save.sw_exit_info_1; + __entry->info2 = ghcb->save.sw_exit_info_2; + ), + + TP_printk("vcpu %u, exit_reason %llx, exit_info1 %llx, exit_info2 %llx", + __entry->vcpu_id, __entry->exit_reason, + __entry->info1, __entry->info2) +); + #endif /* _TRACE_KVM_H */ #undef TRACE_INCLUDE_PATH diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 569fbdb4ee87..1f60e4ffbbda 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -11288,3 +11288,5 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_avic_unaccelerated_access); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_avic_incomplete_ipi); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_avic_ga_log); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_apicv_update_request); +EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_enter); +EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_exit); From patchwork Tue Nov 17 17:07:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912977 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0324BC5519F for ; Tue, 17 Nov 2020 17:10:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id AE4E824655 for ; Tue, 17 Nov 2020 17:10:03 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="wc1xCOml" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729026AbgKQRJq (ORCPT ); Tue, 17 Nov 2020 12:09:46 -0500 Received: from mail-dm6nam11on2086.outbound.protection.outlook.com ([40.107.223.86]:3169 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728921AbgKQRJo (ORCPT ); Tue, 17 Nov 2020 12:09:44 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Bp8U7HXnq67S3WsWJiOxdpu2EYRw8WWczEGdLxnAjeVfgj8a3n+qYtmgUmDuWaOlBB8TueiLzTBMYVmE0cZF2ZYr1KJYPkPaj/chXn6Yz4N1VQVCLUWmmSJdkkiXthF6muz1LxEcNfj88LLS9JmdNxlGv/pcu6QC247MLrYhyEC7q+4gizK+Uxx31+M5YSihYTKeXQmDPecNvGNq90S0GkAaEOpJacZNABjdv1Y4wELw7vIXyuDPgaGGBuEeKAx2KMbio4mCCEjsij1oLKylzx9SPN3RY7vdYgLGXfZBIMGcQGqqMYQvkXAeLx9hKxVhQSyPEDcNCAtA/vChgIJxDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qlmCz+0TYPvPoGssDoHYDYZSJiCRJyCrr3lYvG+FsZc=; b=fyIU+fsYHVQuXNpwk/lyYZE0v8n0341zV7ZKm/LVjB5MhI0ccWWuSAXCg5epSixmFEGLgqofm9B19F0JBB9De5EbniljApqH0MkvNRLIJaOYC7S0ARu5fbqpc1BpeQVklDIY/bePTEh+Ph7CVyz1m0PkBBJPTd+3YudVqhGWHLBmT208OjzqXuI24pY5TTkeXsR05Iyye0zTyOVgldHGpDoy0qDJiYPBORPVLhBkauBT9iTCb5dFBo2vyfpTdE3JN446HnRa/tfN8qhIvcefcfgWBbRcD2D41RDGnFgiMk0F1Ub7GWGi5VH3nSiKtjL0WP39ARO3xilKc2y1QLTQtg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qlmCz+0TYPvPoGssDoHYDYZSJiCRJyCrr3lYvG+FsZc=; b=wc1xCOmlg9NNQeXoNVAp+2CJ7XI+6VsP3gZB3I7JsCS7BmynTd6ChvUiBJCf7HE2gsL+oub36MIC0YaHQqzV5GSUW7tS0RPQ2xlv4rsq3vkDB0Af6+gsUGmXUMOTit2kL6Hjn2dlFZ8w5sBOowIQN4Bt3EoYauLA2cdyT7zjGEo= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:09:38 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:09:38 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 14/34] KVM: SVM: Add support for SEV-ES GHCB MSR protocol function 0x002 Date: Tue, 17 Nov 2020 11:07:17 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM5PR06CA0088.namprd06.prod.outlook.com (2603:10b6:3:4::26) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by DM5PR06CA0088.namprd06.prod.outlook.com (2603:10b6:3:4::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.28 via Frontend Transport; Tue, 17 Nov 2020 17:09:37 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 1ba35444-1eb7-47f3-ca9a-08d88b1b9082 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Sa6vzRVteaM0XVTs3UllQBtsFV4TI4HlG6hZKqAxb8WvBkeBqSOzUVJU3YH4dXljIkslY4trJaARo2nzRkHwRopRZovj7nZ3UQVFdmrdqNGXh0KMBFJA4zLmT3FllqODU8nWiI7m4VWj47rtS22hBWKQ8mEP6Wk4kQeH8KgnpSB6gTMXNivjqhrVotE8ttXhz0GGga63nXNLBdcYtiH5SntWxZI1yQMkj6wssSFfkyqF4ND+NbOgBHRTtd1VWnv8vKt8y7FMkUXXBa2Wrd77nL6RC/giwzMLrGfdZs7LoRdSrnpubFACbdua/aNv3ryGOiIxW9ZrE65q6+16zmTzQw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: LC1B3u6crTt/3xQq0kLOTmdY8ZogEum7D6qf4hZ3Q1wuqzp7Zs4iTzi8/rwWSQGPhJBZkKIE5gXNzTKBTKbBOhkhxhyrtnibKR0DenJwkFvkMOaygC7N1AzIgI3L6qnzRxqhjhgHR5vJvZ6RiFqbR3dXKapUOf9CRwrf2aVMoug8/RFOZEd//CusXs4lQ6FlUBxL1WaLJoKe3kOg8VIaNteQpV4XkUA3yfjU+VJPHqLC+yVQQ83OIo4DqJHUL8dhGTw5xYMsvZ4rmYKIKP6XW6dABe4OQMJxeVJKXsFMOe4YgrvaAK0vF+jBusmdVOeMkgaezfULkMehEJyNMxGYKlHhrQPIG7xVc3M3T1dgiZncnGwgHa8ltDDSEtoxRpG1bMx67HXobPycw/BDXitqi0FM75sdUrY3v4ZA2t/y/O+qGdDbKcps+hB3bLBJupfKnykqIr1HFMmhbQ88+SDllQMGs0uRZoBzNnxwyXxeaogxjYGCLS9I9XweOUSqDQFU5TSz1/nozY+0tHwW4r3JE/UE/sU3KR6xGMnINA3jYoim8iYMle+/ewV7neY+TZsrbGn73OVqSBIRS0liuBBjgB4pRCskr+PWxyOQJ5kXubKEJgmuSDhepJOfKmwqOO7sWgH4jJxmE1W4ON6v63mfRw== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1ba35444-1eb7-47f3-ca9a-08d88b1b9082 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:09:38.0982 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: pE9oUVfsFVIUVTAjdBz/vLQYFFUh/zDD7rDwDHyWABMgyMzYYHGYnNiS3drk+Flhsg8eHKr6W6zjBAORwqs9fA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky The GHCB specification defines a GHCB MSR protocol using the lower 12-bits of the GHCB MSR (in the hypervisor this corresponds to the GHCB GPA field in the VMCB). Function 0x002 is a request to set the GHCB MSR value to the SEV INFO as per the specification via the VMCB GHCB GPA field. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 26 +++++++++++++++++++++++++- arch/x86/kvm/svm/svm.h | 17 +++++++++++++++++ 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index da473c6b725e..58861515d3e3 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -22,6 +22,7 @@ #include "cpuid.h" #include "trace.h" +static u8 sev_enc_bit; static int sev_flush_asids(void); static DECLARE_RWSEM(sev_deactivate_lock); static DEFINE_MUTEX(sev_bitmap_lock); @@ -1142,6 +1143,9 @@ void __init sev_hardware_setup(void) /* Retrieve SEV CPUID information */ cpuid(0x8000001f, &eax, &ebx, &ecx, &edx); + /* Set encryption bit location for SEV-ES guests */ + sev_enc_bit = ebx & 0x3f; + /* Maximum number of encrypted guests supported simultaneously */ max_sev_asid = ecx; @@ -1500,9 +1504,29 @@ void pre_sev_run(struct vcpu_svm *svm, int cpu) vmcb_mark_dirty(svm->vmcb, VMCB_ASID); } +static void set_ghcb_msr(struct vcpu_svm *svm, u64 value) +{ + svm->vmcb->control.ghcb_gpa = value; +} + static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) { - return -EINVAL; + struct vmcb_control_area *control = &svm->vmcb->control; + u64 ghcb_info; + + ghcb_info = control->ghcb_gpa & GHCB_MSR_INFO_MASK; + + switch (ghcb_info) { + case GHCB_MSR_SEV_INFO_REQ: + set_ghcb_msr(svm, GHCB_MSR_SEV_INFO(GHCB_VERSION_MAX, + GHCB_VERSION_MIN, + sev_enc_bit)); + break; + default: + return -EINVAL; + } + + return 1; } int sev_handle_vmgexit(struct vcpu_svm *svm) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 4ee217338d0b..b975c0819819 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -513,9 +513,26 @@ void svm_vcpu_unblocking(struct kvm_vcpu *vcpu); /* sev.c */ +#define GHCB_VERSION_MAX 1ULL +#define GHCB_VERSION_MIN 1ULL + #define GHCB_MSR_INFO_POS 0 #define GHCB_MSR_INFO_MASK (BIT_ULL(12) - 1) +#define GHCB_MSR_SEV_INFO_RESP 0x001 +#define GHCB_MSR_SEV_INFO_REQ 0x002 +#define GHCB_MSR_VER_MAX_POS 48 +#define GHCB_MSR_VER_MAX_MASK 0xffff +#define GHCB_MSR_VER_MIN_POS 32 +#define GHCB_MSR_VER_MIN_MASK 0xffff +#define GHCB_MSR_CBIT_POS 24 +#define GHCB_MSR_CBIT_MASK 0xff +#define GHCB_MSR_SEV_INFO(_max, _min, _cbit) \ + ((((_max) & GHCB_MSR_VER_MAX_MASK) << GHCB_MSR_VER_MAX_POS) | \ + (((_min) & GHCB_MSR_VER_MIN_MASK) << GHCB_MSR_VER_MIN_POS) | \ + (((_cbit) & GHCB_MSR_CBIT_MASK) << GHCB_MSR_CBIT_POS) | \ + GHCB_MSR_SEV_INFO_RESP) + extern unsigned int max_sev_asid; static inline bool svm_sev_enabled(void) From patchwork Tue Nov 17 17:07:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912979 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 795E1C64E69 for ; Tue, 17 Nov 2020 17:10:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2812824654 for ; Tue, 17 Nov 2020 17:10:04 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="tkcJFXP6" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728999AbgKQRJv (ORCPT ); Tue, 17 Nov 2020 12:09:51 -0500 Received: from mail-dm6nam12on2063.outbound.protection.outlook.com ([40.107.243.63]:39456 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728921AbgKQRJu (ORCPT ); Tue, 17 Nov 2020 12:09:50 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hW4SWu3wb+USqt3AEqx1F+J4YuGumqJ/q4RplN8PKqKES/YIq6WRajQGESPhWbSEzInwBpYwgsHxtTuyXGogUlD5fgHExQ2tiNJtgVuGYOPn1Vlw9I96rv2eVtUWFVkLZPcGsR3agj4DCUgw3rb2TntuTZ8/tBPds46k5/mG8FyWpEGLWcGOc9UgLE8QAUFNXKD6cKP8D0tiyWypKGYZJ8jQbxhqIdXubcRK7eFbKaCtF5ALxC5lqEub5e7Me18UCeXKLAiaHsGj/vohYJiYD94ozkHHmWEDZr5D4lnFy1Dzf8G4lTkCTz3ZOzZ/nG4GLSkmt6smBMeyaeT3SxTgng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+hi8BDTTvds8h6wUhMF709e2OGBX5FY+PKxb6AjE0yw=; b=IlWCjFLAKLm4Ul0itQLYRewSnL5pklvEFPKaWc49hVW7lHRWY3ju/eTJq4ir1pjIM+cEgzFnIC2QNPGwPYSGM1cu/wYP8om6/5ED2adnl6Xhw8wn1LWwZ/I+bZ7GjTsmDxa324grP2UnbdLinBTKDGf2igVbb7WlNbo2qrnX9GkQHnV3xZ52odxUP23ZQKq/2PFBw1oGJQso1cs18alq6AF4egce8FbRVhETNcTagZoYDtK5TxB3ZZlZCMuLrTwiM/XlQ2BzJZAOYUEIJ6Y9U/SWbGvE0K7dySOyRUmx/fVezt3Hsx/eFS7dAY2sHcFRNnCP6G/1yvx/q/xfzie/6A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+hi8BDTTvds8h6wUhMF709e2OGBX5FY+PKxb6AjE0yw=; b=tkcJFXP6Z6yaGt7kjQh1emTLAI2nLEi74U4mbVU5BIFwv2sGVeXh5VWatjfeCeMjFGtvZcFBhEBUGFOX+zK14AEYWaInqTlLV8Kefc5RP+gWAE/p1lzkyOphFHyH4E+Neg1Q++g3LTNNUH9whexv8UxTPDhbMDmSa6IOsRdtdJU= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:09:45 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:09:45 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 15/34] KVM: SVM: Add support for SEV-ES GHCB MSR protocol function 0x004 Date: Tue, 17 Nov 2020 11:07:18 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM6PR04CA0007.namprd04.prod.outlook.com (2603:10b6:5:334::12) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by DM6PR04CA0007.namprd04.prod.outlook.com (2603:10b6:5:334::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.25 via Frontend Transport; Tue, 17 Nov 2020 17:09:44 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 0ed0f043-5bda-4c19-06f9-08d88b1b9500 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: QJLc0IsslKbNErjjSG5bYuF0BG761lutDva01wuz6/Pk09sGS5b07iEANg2SRAToDwD2ulUNKImooS5wgUmDhwHsF+1QlyTcMr9wE7Va19QcQXOna05zbdnhLV8qkUZKparIkXsYlYQCh26OaJ+4st5cyQAPARks3WVa850scZ90yOlxM7RwTskn2fy8Lx9ayR3GmOLdjPTNME0Ne6KhsVMHw3QWTUBbGhA/sF2GuLUV3YrvFhTmfbkrMJqUt7GybryVlna63ETq/UsTnBdfq1EzVimYypkxy9x8sOPpp3l72MXaHRxh8HcWd3r1KvhthYxhtD82+8c/UkKCYdbmrA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: FXJQXdEfPZ2eJTgI89sejPi4qTNl2g4rTsgSdVSDLtZ1YLWvoWnn2cJUkj0uVnwXrsE+OioNUPnbTgMaXUiLTm1xaUfExVCdgyztU6B3AqNjxYzKVXD+7Gwfo3rDtEuDF1aFznFpMvPUx80y69lHTvf5MRJVxk7pmEItZfVNGI1xO0kQ4PLKl58sbfNmNKC/eIOHqm6EUEXUkAZyJ0JCGMS+6WAS2N1XRvEguf3E8Fz2I5fzF76Cj79Kv2UYqafgg8e0GPoVdCN1ULGYdwcn1u5kK3y1Xn0mBz//2gFBbeT93EkEcCYJaEWyXMLxlFbVtDzZQxkquQ4aGrXRXsSbnKH50Cy7Aw7KiF1Yg3LFEAtV/wXNI7sDljyWUIc8K+/roQjhkYWwVduWE1deEtIPcxR22hwbbndOpbQUP2b213mzmys1wyL64KhzwJEuwq+xXKnbSk5HnfHFi6e3a9AajLprGUB3YHuHNB2GCJHvcjEvRGHyged4cUdCLxkColZMENLKZtX1MNcUE700sWXTzvuo76qL7/RlRV442gI/kTKthluUgm4g36wjR4DurHtCGgnrUFv26j/vZCaq+RlgTujDIswbftjdVap1HTsLWCPDN8a2kJTV/Vivp9sL9vpukOPdaKIhSws2bzjnPPbiPg== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0ed0f043-5bda-4c19-06f9-08d88b1b9500 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:09:45.4819 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ygURiMbnxKJa85xeTuCgFsRToWBsoeUnu60bHlHaOlvDE5ONRGsz2fFg/gVekhfhB+sEfeAvB7fIfuqfKfyYsg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky The GHCB specification defines a GHCB MSR protocol using the lower 12-bits of the GHCB MSR (in the hypervisor this corresponds to the GHCB GPA field in the VMCB). Function 0x004 is a request for CPUID information. Only a single CPUID result register can be sent per invocation, so the protocol defines the register that is requested. The GHCB MSR value is set to the CPUID register value as per the specification via the VMCB GHCB GPA field. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 56 ++++++++++++++++++++++++++++++++++++++++-- arch/x86/kvm/svm/svm.h | 9 +++++++ 2 files changed, 63 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 58861515d3e3..53bf3ff1d9cc 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1504,6 +1504,18 @@ void pre_sev_run(struct vcpu_svm *svm, int cpu) vmcb_mark_dirty(svm->vmcb, VMCB_ASID); } +static void set_ghcb_msr_bits(struct vcpu_svm *svm, u64 value, u64 mask, + unsigned int pos) +{ + svm->vmcb->control.ghcb_gpa &= ~(mask << pos); + svm->vmcb->control.ghcb_gpa |= (value & mask) << pos; +} + +static u64 get_ghcb_msr_bits(struct vcpu_svm *svm, u64 mask, unsigned int pos) +{ + return (svm->vmcb->control.ghcb_gpa >> pos) & mask; +} + static void set_ghcb_msr(struct vcpu_svm *svm, u64 value) { svm->vmcb->control.ghcb_gpa = value; @@ -1512,7 +1524,9 @@ static void set_ghcb_msr(struct vcpu_svm *svm, u64 value) static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) { struct vmcb_control_area *control = &svm->vmcb->control; + struct kvm_vcpu *vcpu = &svm->vcpu; u64 ghcb_info; + int ret = 1; ghcb_info = control->ghcb_gpa & GHCB_MSR_INFO_MASK; @@ -1522,11 +1536,49 @@ static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) GHCB_VERSION_MIN, sev_enc_bit)); break; + case GHCB_MSR_CPUID_REQ: { + u64 cpuid_fn, cpuid_reg, cpuid_value; + + cpuid_fn = get_ghcb_msr_bits(svm, + GHCB_MSR_CPUID_FUNC_MASK, + GHCB_MSR_CPUID_FUNC_POS); + + /* Initialize the registers needed by the CPUID intercept */ + vcpu->arch.regs[VCPU_REGS_RAX] = cpuid_fn; + vcpu->arch.regs[VCPU_REGS_RCX] = 0; + + ret = svm_invoke_exit_handler(svm, SVM_EXIT_CPUID); + if (!ret) { + ret = -EINVAL; + break; + } + + cpuid_reg = get_ghcb_msr_bits(svm, + GHCB_MSR_CPUID_REG_MASK, + GHCB_MSR_CPUID_REG_POS); + if (cpuid_reg == 0) + cpuid_value = vcpu->arch.regs[VCPU_REGS_RAX]; + else if (cpuid_reg == 1) + cpuid_value = vcpu->arch.regs[VCPU_REGS_RBX]; + else if (cpuid_reg == 2) + cpuid_value = vcpu->arch.regs[VCPU_REGS_RCX]; + else + cpuid_value = vcpu->arch.regs[VCPU_REGS_RDX]; + + set_ghcb_msr_bits(svm, cpuid_value, + GHCB_MSR_CPUID_VALUE_MASK, + GHCB_MSR_CPUID_VALUE_POS); + + set_ghcb_msr_bits(svm, GHCB_MSR_CPUID_RESP, + GHCB_MSR_INFO_MASK, + GHCB_MSR_INFO_POS); + break; + } default: - return -EINVAL; + ret = -EINVAL; } - return 1; + return ret; } int sev_handle_vmgexit(struct vcpu_svm *svm) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index b975c0819819..0df18bdef4ef 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -533,6 +533,15 @@ void svm_vcpu_unblocking(struct kvm_vcpu *vcpu); (((_cbit) & GHCB_MSR_CBIT_MASK) << GHCB_MSR_CBIT_POS) | \ GHCB_MSR_SEV_INFO_RESP) +#define GHCB_MSR_CPUID_REQ 0x004 +#define GHCB_MSR_CPUID_RESP 0x005 +#define GHCB_MSR_CPUID_FUNC_POS 32 +#define GHCB_MSR_CPUID_FUNC_MASK 0xffffffff +#define GHCB_MSR_CPUID_VALUE_POS 32 +#define GHCB_MSR_CPUID_VALUE_MASK 0xffffffff +#define GHCB_MSR_CPUID_REG_POS 30 +#define GHCB_MSR_CPUID_REG_MASK 0x3 + extern unsigned int max_sev_asid; static inline bool svm_sev_enabled(void) From patchwork Tue Nov 17 17:07:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912983 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8B6E2C64E7C for ; Tue, 17 Nov 2020 17:10:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 30E4124654 for ; Tue, 17 Nov 2020 17:10:05 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="LBoZvlv8" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729104AbgKQRJ6 (ORCPT ); Tue, 17 Nov 2020 12:09:58 -0500 Received: from mail-dm6nam12on2085.outbound.protection.outlook.com ([40.107.243.85]:11456 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728926AbgKQRJ5 (ORCPT ); Tue, 17 Nov 2020 12:09:57 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gyrFf2Dae8oRafuZ/sVp6gPmQ8GZ7r+4VjvBvwhW6iV4VZIru0o2hiU8Z/a5/gfe6j3A5ORdG/htMQN1I4p7ISq+IeuBbXMDRSfo6K0JDeZWmWjx53Gwz7kmwYnK3FPw4jGPbiqiLZ/h6TmFuh+yHedejtIE/Hb+5b8wDlerZ+lycH4nzHaIbgT+jctE8dCiQ17AC36pqifT3tT4/y64MMlWFSNFy4BnTC+ZyaNq2P1ghfgCsA/OGDcD2M8AKykijSs/LecuXw/cLxFZYgeY3Y0fp4o1i6ixdu+CLO+mhnTHxLOd9oqfncwvGgvrn0smXig9g0kqfWbqdMp2qMlMIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4qHsvoL1T6pLRCEwBEKf264XZQXlfcgpFLEa8TmBkAI=; b=WjOCNVJIULlN9kP1nKA538OPgrBJGlErXL/frErptCWe3r5fc7QeZX5+hU0UWhRpCrbZN4TahCXnQkGI87M28qPGqmBmwi4EW7DdXzXub9DD/MQNs8uMwpz8NUpF5sWcgCjWhkvyEnlFAKVBshBWwFb3nwcufVybYGrCqfWcNjGn8xUJTVG3zBtWZsyH24C9LHFSVvgued6lqG688syFYzAkAL14JZcFIbWlxbg6aeK7E+fE5LuF02UxXE4OzObQn47ZVxGVjlKSo+EX828RTXKXYnvGcjlki7FYo+HWt+s04q/JF4dZxU2NUDpoWgSj5vjj2VOnCFGNZRVzQxYRIg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4qHsvoL1T6pLRCEwBEKf264XZQXlfcgpFLEa8TmBkAI=; b=LBoZvlv8b0mK0uE4kpG4AaRiARebpdNNMCFE0YmYUAYqJqFoUw8a7jGmONpO5hj866u19zrjemGa2vU7itCbhzaYQQC5oHs/OOpQVQlskreTAoZ+5ox+OsKrea6lsVw4M6BN+xrTKdgpiDPVX7lwEeHpsjgHZfH5JEFq2xXDi/k= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:09:53 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:09:53 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 16/34] KVM: SVM: Add support for SEV-ES GHCB MSR protocol function 0x100 Date: Tue, 17 Nov 2020 11:07:19 -0600 Message-Id: <73021b2cae2341c6cdefdf268f39611e476af0a3.1605632857.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM5PR05CA0002.namprd05.prod.outlook.com (2603:10b6:3:d4::12) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by DM5PR05CA0002.namprd05.prod.outlook.com (2603:10b6:3:d4::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.15 via Frontend Transport; Tue, 17 Nov 2020 17:09:52 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: e749b299-42ce-4efc-e50e-08d88b1b9960 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: iJTy8KvvHAD+6CxC5wvgSvEGrQS2MsAIh2FqvEL0KlDrpzPVOTbkeiPeiUfX7wRei8azuAEbsoV35tgOiLq1WW72tjpzRKqJWXWFx4uDYr0NitltU4wM3unuz23zDR4RLuM/xOoqIyPnc+TB7KHfesMzTFXjTUSyVtEul4Gd6Kqw3BWZZovY9uAIWEeiMIE0RGpgQuabhri7tJ1WvJVgXXDqHHb7ENV0036gyKtooAbxGjD9qNTWR+wo6Tx3ldC+0Vz8utsUdYcbIwnLMdBHePjpuJUXNH8XdIk5hGfZd3kRhqM1Q/KAAyZJI1ndQA7u X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: RHbCQpjR3JhHAXWAr71ObVgiSYO9C9Hc9W34ddM6zpL43UX2xeWpqcSl5NZ/e2DgL5KGXcSsHvZfnieXf17MRse+a1pXKPApF28WArAvOwVlbjhCIpaZGGZtIyE1ey6cOY5bLIzghTLZWtBen6ITTRdpB/U2qW0nWbAF2yfVA63LHxSX2CpodCishX/MJFhstSRuWwGm2hL63X672x2Zm0WHJNZ7y3V7Uji2dTZFK+TGHigQdC3Bc7mndPnsN3vB6fqUfTn4tZWcUcbWeY7KgYfJFtq0sOtHf83aqC6Up4Lq7MSoxePRXgcBQvDVucL7JOVFQ69r9JFltZ6ZPiIIIHSpcY5sEtt9WQBRxuXJjZoFujMV6P9dNFhoEoBlDOuGN78WDABPbKx9XDWUdwthQHUNzwW0KfW5Nt9MSwEbvkvOixP7467pefCrltLNM2EYyAqxB8z1OgsbJm4skDElobhZ/VAdjwfjTICwBH+ulMlPH5+4HTZ2F2vPATUMgJTocd3jNlgOAi8WL1bSoL/0a3RpyibjbpE7tF1Fu9WtbX17M3C9ZxBVd3Tw1Madhqk0ytt6MyXfhrw5gzf+fKIYoCAbJp0R7kDd8FtBIhwJ+afMnk6d8LI/u3z/fiBv8nRASSiz13+Iq70bPOdrurZuVw== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: e749b299-42ce-4efc-e50e-08d88b1b9960 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:09:52.8636 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: tWLteyVfP5PfXCtAYJLIKvv5TtC0S55nXbfJlA8sjNL5oxA/zS6Pl8ojZ7H0t2xEvo/wwnTvhO6seJV4tuJ59g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky The GHCB specification defines a GHCB MSR protocol using the lower 12-bits of the GHCB MSR (in the hypervisor this corresponds to the GHCB GPA field in the VMCB). Function 0x100 is a request for termination of the guest. The guest has encountered some situation for which it has requested to be terminated. The GHCB MSR value contains the reason for the request. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 13 +++++++++++++ arch/x86/kvm/svm/svm.h | 6 ++++++ 2 files changed, 19 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 53bf3ff1d9cc..c2cc38e7400b 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1574,6 +1574,19 @@ static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) GHCB_MSR_INFO_POS); break; } + case GHCB_MSR_TERM_REQ: { + u64 reason_set, reason_code; + + reason_set = get_ghcb_msr_bits(svm, + GHCB_MSR_TERM_REASON_SET_MASK, + GHCB_MSR_TERM_REASON_SET_POS); + reason_code = get_ghcb_msr_bits(svm, + GHCB_MSR_TERM_REASON_MASK, + GHCB_MSR_TERM_REASON_POS); + pr_info("SEV-ES guest requested termination: %#llx:%#llx\n", + reason_set, reason_code); + fallthrough; + } default: ret = -EINVAL; } diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 0df18bdef4ef..7e3f8e3e0722 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -542,6 +542,12 @@ void svm_vcpu_unblocking(struct kvm_vcpu *vcpu); #define GHCB_MSR_CPUID_REG_POS 30 #define GHCB_MSR_CPUID_REG_MASK 0x3 +#define GHCB_MSR_TERM_REQ 0x100 +#define GHCB_MSR_TERM_REASON_SET_POS 12 +#define GHCB_MSR_TERM_REASON_SET_MASK 0xf +#define GHCB_MSR_TERM_REASON_POS 16 +#define GHCB_MSR_TERM_REASON_MASK 0xff + extern unsigned int max_sev_asid; static inline bool svm_sev_enabled(void) From patchwork Tue Nov 17 17:07:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912985 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 54629C2D0E4 for ; Tue, 17 Nov 2020 17:10:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C902822447 for ; Tue, 17 Nov 2020 17:10:40 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="t36stxOa" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728941AbgKQRKK (ORCPT ); Tue, 17 Nov 2020 12:10:10 -0500 Received: from mail-dm6nam12on2083.outbound.protection.outlook.com ([40.107.243.83]:57856 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729114AbgKQRKH (ORCPT ); Tue, 17 Nov 2020 12:10:07 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=I8q615VAgWTY4rCYkuBKi69lFXmzzAjZsykAkiV1IQnEubOqmpY2Jr80v2I5FyLf98NJEX5V0AiIutGmxE9Dh8BM1szhRvYLRYMJ3sAJgPucsu3xBzbgNzyCUJA6WmqoQK47VUz22O58rozec/dpj2qawHynHpq0uqw8+qvaSEKpcItnpZ+41BbKlBE2I99HJpl2z6SkQgd1MWNx4l35rNuGT8IR8ihguDKcd14cwkYHn4IIhtuYaoA7dEehfbCuDeNp6LKj6Pg0GyffQPvSY5qNQHX7lnMeeGxbzMWs+Gyk4LydyOeEFLplt6iaM1VEFZINl1XsiWkOrRxBJz/fPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=N/mPRYtNF6XmgXwz7maagVQNsQ1FVNXGe7IRELi2c0s=; b=DcT5dl3bNhCVAHi82XPWiEbu59tkshTwGE/QPA8NEnTwiwmLMAwxpWQLQS+L+NgaqT1uKA+JvjBf5lxT0/vMEu8c06jJhzzMLe060cKm+zp4NJ37Hr7tUI+khvErblLLmQAo414RTDwDmmt3MLj1RbgIwf8kPtPs7FbfGbE8zgt0y4EIMBOyiKcVf8onL/PNpAi0uVW1FDTZEZXjn1PuKkV7GH1SxHKgrVBYwLKNihn0gUXbZDLOeOSDSO9w621shTHsaYQaMSRpaIg+Ut05z45ZhkxBQ1j/FgqAzgE0DQlUQdwdWOz0c5Wwf8o8fOvhJzVD4hyxF0GpKGTJg9W7FA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=N/mPRYtNF6XmgXwz7maagVQNsQ1FVNXGe7IRELi2c0s=; b=t36stxOazKzsRASlcFuzerWivmOeAo1eyB4TD4ONfQYs1J6g64mBRWd/AKWtv0jLiaCCgRFd+oQynfLWoPejLq5i/R57OM6bQE54/VwVHIYWmCHmRA4shCRUFgNLSvJEEq3gJpBP89//IwFQHqcWHQl7puslXOdROeLptHD8D9E= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:10:01 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:10:01 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 17/34] KVM: SVM: Create trace events for VMGEXIT MSR protocol processing Date: Tue, 17 Nov 2020 11:07:20 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0701CA0027.namprd07.prod.outlook.com (2603:10b6:803:2d::13) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SN4PR0701CA0027.namprd07.prod.outlook.com (2603:10b6:803:2d::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.28 via Frontend Transport; Tue, 17 Nov 2020 17:10:00 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 8463cbc5-c2dc-475e-e462-08d88b1b9e5a X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: wVvtGBZ33dqztn6zuE4s1kxY3Vr57jm3dRXwtDrItZZvzPozmZidcX/vjiuPzWVYzZJpQZZeXhPBdgi6rQKdZFr6CwwzEb6IfcrVUKwP8QIGpsdx/USS4WzxpTM4JeWymTuo0Se+tXBxZw1629b7DK/80Lawc4BcW7vhash4U4NafAiW7nFO9BcAulj5KjcyAWndGsvqFZ+mOPztjAz3cFdR1QyKLiMcSrnv2xT4g34oC7/QSx6tQDm2K3usQEMvh2+/v8sbOUL/sKVza+Snv8YbR1l34bvtj8l52YhvVBmWT9mSHfEMdvXhGK/Muxhq X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: oEAdQCj1ES66olB8Qptf8x36J7tAzhYunBUpfy9kN/ENhauYi4L/TDHShRnyHtHhx1eu3fVKOgsTxSrubYh41g9RbDg0Myg656NLJI2GvnFMDGkoPwKerkUu5wmQdpf8Xkn+tsJidHk/E+TbXMZ75a33nn/NuUJyDwaKdo1NUT5oa2GXBCyZhFVwNvFde0vmP9T5OLePx2iroqQjWafBHl/8tPMhgNOfQ8GjUsNO2Ff/Ik6ng9GJ6B/DfrSWoeI/rVx2loKhrNi1AhuJnGLaVcvZJLbslqAIujGIWho0IIw2lnL+dCHYu8rgxN68TJydtogRqbvI5nz5uAcgEza1GMfYzPuuUBAjpYgiv1Qs7OIckjqqjYehn9Fz1JcIlfStBPFP69cr83iDkxOoW+O98510Hxdsp0kA9zgL54XJKennCH2V6m8sw4UMeS/8mslCcINIQC4qbGHsJrN1o/TY8ckM739S4yutnbZjBCkJG2w3xd6/PZHfk7yvb4NdI9+wpWL373Re+jYLh1yhf/wWZD2NG82c5IkdI7/rJeYLWgk8fF6ry+PML7Ug12gNdJdym2ZA+tNrHqcbbITTqoSSIhGLmPxS72bQxX7SoWJCcBZkjpD/FAF0JUSo2dlxS3UeNaeT6a72P5+MQAEZdi3dfg== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8463cbc5-c2dc-475e-e462-08d88b1b9e5a X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:10:01.3028 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: OdmLjTgjQs/vG+HsUblK301R207BiNgBlgwKZYEVC7yiLxbec9y0vuo2NEXWCmkHJZQ63TMEAWEkMFTI//CbLw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky Add trace events for entry to and exit from VMGEXIT MSR protocol processing. The vCPU will be common for the trace events. The MSR protocol processing is guided by the GHCB GPA in the VMCB, so the GHCB GPA will represent the input and output values for the entry and exit events, respectively. Additionally, the exit event will contain the return code for the event. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 6 ++++++ arch/x86/kvm/trace.h | 44 ++++++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/x86.c | 2 ++ 3 files changed, 52 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index c2cc38e7400b..2e2548fa369b 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1530,6 +1530,9 @@ static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) ghcb_info = control->ghcb_gpa & GHCB_MSR_INFO_MASK; + trace_kvm_vmgexit_msr_protocol_enter(svm->vcpu.vcpu_id, + control->ghcb_gpa); + switch (ghcb_info) { case GHCB_MSR_SEV_INFO_REQ: set_ghcb_msr(svm, GHCB_MSR_SEV_INFO(GHCB_VERSION_MAX, @@ -1591,6 +1594,9 @@ static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) ret = -EINVAL; } + trace_kvm_vmgexit_msr_protocol_exit(svm->vcpu.vcpu_id, + control->ghcb_gpa, ret); + return ret; } diff --git a/arch/x86/kvm/trace.h b/arch/x86/kvm/trace.h index 7da931a511c9..2de30c20bc26 100644 --- a/arch/x86/kvm/trace.h +++ b/arch/x86/kvm/trace.h @@ -1631,6 +1631,50 @@ TRACE_EVENT(kvm_vmgexit_exit, __entry->info1, __entry->info2) ); +/* + * Tracepoint for the start of VMGEXIT MSR procotol processing + */ +TRACE_EVENT(kvm_vmgexit_msr_protocol_enter, + TP_PROTO(unsigned int vcpu_id, u64 ghcb_gpa), + TP_ARGS(vcpu_id, ghcb_gpa), + + TP_STRUCT__entry( + __field(unsigned int, vcpu_id) + __field(u64, ghcb_gpa) + ), + + TP_fast_assign( + __entry->vcpu_id = vcpu_id; + __entry->ghcb_gpa = ghcb_gpa; + ), + + TP_printk("vcpu %u, ghcb_gpa %016llx", + __entry->vcpu_id, __entry->ghcb_gpa) +); + +/* + * Tracepoint for the end of VMGEXIT MSR procotol processing + */ +TRACE_EVENT(kvm_vmgexit_msr_protocol_exit, + TP_PROTO(unsigned int vcpu_id, u64 ghcb_gpa, int result), + TP_ARGS(vcpu_id, ghcb_gpa, result), + + TP_STRUCT__entry( + __field(unsigned int, vcpu_id) + __field(u64, ghcb_gpa) + __field(int, result) + ), + + TP_fast_assign( + __entry->vcpu_id = vcpu_id; + __entry->ghcb_gpa = ghcb_gpa; + __entry->result = result; + ), + + TP_printk("vcpu %u, ghcb_gpa %016llx, result %d", + __entry->vcpu_id, __entry->ghcb_gpa, __entry->result) +); + #endif /* _TRACE_KVM_H */ #undef TRACE_INCLUDE_PATH diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 1f60e4ffbbda..7b707a638438 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -11290,3 +11290,5 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_avic_ga_log); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_apicv_update_request); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_enter); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_exit); +EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_msr_protocol_enter); +EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_msr_protocol_exit); From patchwork Tue Nov 17 17:07:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912987 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E16DDC63697 for ; Tue, 17 Nov 2020 17:10:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9769422447 for ; Tue, 17 Nov 2020 17:10:41 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="LFQSfgiW" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729129AbgKQRKP (ORCPT ); Tue, 17 Nov 2020 12:10:15 -0500 Received: from mail-dm6nam12on2080.outbound.protection.outlook.com ([40.107.243.80]:25763 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729114AbgKQRKO (ORCPT ); Tue, 17 Nov 2020 12:10:14 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PBT4O4fWO0NGTE/AEAco4nz2InI/MK1elTwwLKcdS645WhKAmnx9bJvexHSuT2miywfSAuTtslo0RHEAHJYO5YDrMfq9Tq8ZhkIhLgsuyiiaxq+EJh2KgK/P/V9HEyuzOHUsZlITvzEZAqb22d7Nyd14LRUIUBzqF/bgB0Bry6rryA6dcnQIfOH5TtCbJpubLnbzU/6ScVxw/wU02eRjF5UveYCCz6qBx7ohFCooaA/HCcgp8AhHn6ypk4EpB8CsO4n9bNFROj0MOMk0jqfyzFtCRFO3c+3/x6nF6QwbfI2ULUV873WEP01Sidm9nqnysGfLwBIl1qVtOHa2GGj8zQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kW77TNonRaxeVlW039WYQUNkMJtkF3rpMFgzgMa7uyU=; b=b7m6m441UmN5DPbzZk5uPqm5fcPbUoZeabfczi7UTiuUexHlSDjcYffV0XSJpLXAzceXuAjY/fR0mwpzFhWUyZNrFFE45xHLKY+saJFjgze79Dua6gT9TBrnju1RwT7XbgInvv2FkEvZz29GgcaMH+rRubJldoyMXHWF+3fNaifa+px5v0gi3pKv8LD5p15lHcVNvsARi5jRk4mH6my9pvtzh9bxHsX4K5AHhM2tKDu823A9KtKDrloXMFJeEk5/ISf7wyzudsyofQnPNc9izLC5sm47LWuEPJRbcJkoBtJVmgxvVcyEu/A6YppyVQIgJN+Fk4Mt3JdQaiEp/si1oA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kW77TNonRaxeVlW039WYQUNkMJtkF3rpMFgzgMa7uyU=; b=LFQSfgiWljuPZsq7nMAvk8evsdLVHnBJbPkGIpC1Ncb8lhVqhIFn7OfmrdCd5ItNGjZFoLPdWXSyw5rZ7pMcmynkbZ3Ad7KUlifoY2EUgDTjOhek4tZMJjCvklMG9Y2Yjh/F8cWP1aRz5kvxHx8/YSk5z1OG959pNNuGGfG1xG4= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:10:09 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:10:09 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 18/34] KVM: SVM: Support MMIO for an SEV-ES guest Date: Tue, 17 Nov 2020 11:07:21 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0501CA0151.namprd05.prod.outlook.com (2603:10b6:803:2c::29) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SN4PR0501CA0151.namprd05.prod.outlook.com (2603:10b6:803:2c::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.15 via Frontend Transport; Tue, 17 Nov 2020 17:10:08 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: ca7cfba2-40b9-4053-3335-08d88b1ba331 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5236; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: tipxfxGTyr4KmG3McXw3MaKqGdjMmDDhEyK3ex0QA2sJPxtANjaZ8KAnAZ2ak9R0TYED2UsiEaoNc0Fs82/3oxYB5WoQHNT0y7WbX5DRHW0ahXz0bQQRaxh+UAP5VSYFjThPCMgPsTCBpUebJ9TZP9pr/KWtE+KusGI0ZLIu3PLbEP0Q1ZUPWQz8TyTDUPoNId6nSck004qCw9efTv5RS52RAarbEGHwx4YRO1x1Q0/a2Na3vab0jZXkfWnULROJTUAq8t+TPlzblV61jlTQT119oSXXq+/ZbpzSzY3tc8KJvvORdTtCfBn5wKH06+EHGErwozwiPTcrDBBQVe7A3w== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: S/MDxNK22x9cwfaMUT29JK1wHINkCTMSMeuoZlPwtJteV8WlIl6OXcNQKGSycdmJZebPe82cg11FmUd/TvFqBpXczehKTcWQoH1P8Flz014iweaXLjXiawIQVBYy19GD0RWUqkhCF4ke9DkhiLzMfa/8S4hAyrw9VFnyBnf0SwBjuTN0GXU/afHDQdExklvmUskxz+uLGZDcTlz+en/4mCsEgEW2co/g5/epaPJvtGS2WKctXqAOVJHWrgPvbjQafMhHs1dZbpi8mGZn8iefXFzWMbHn+C/N3fteRvtWHjjol/2fQHFIL0SNxtq1JqyKc8kn7zo7O6grqmtFK6xaBUSUG0gSuQqCP6FotKE2/dT7mAZqIZBXMTEh/Y825aZljtTNS5863sSF+jH4s9fAdlxA1Lud6T+SMkM0qCLwPZHMSIeDtGBiWFCMWc+pkSIwgYCpfTBPlLdfCcI1s+V+e0uYrZwhF70BPr6rHX82JgbH19wo4CR4p5bpcc600Sh+oVR6TXpP8FuZIEMn74l9j9A7OXX0y6JwLRsnIp81ItHeDWtW1LaAFujwaIoTFG9sN+IoT1O9B2L250BNvcNtPb8gee8dXxxHa1yrbkImxhtmU0zwcClA4W0xRt6sagPGK7uH3Fx9oTS27x+wCrtIAw== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ca7cfba2-40b9-4053-3335-08d88b1ba331 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:10:09.3482 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: +e/iYa73f8UMr7DyOBg6M6EyYPkBd+JpEL0+J8bdAVbN5J89MRZP1Sh9yk97XYFBCYaZyw6VrZObCOpIiqGLmg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky For an SEV-ES guest, MMIO is performed to a shared (un-encrypted) page so that both the hypervisor and guest can read or write to it and each see the contents. The GHCB specification provides software-defined VMGEXIT exit codes to indicate a request for an MMIO read or an MMIO write. Add support to recognize the MMIO requests and invoke SEV-ES specific routines that can complete the MMIO operation. These routines use common KVM support to complete the MMIO operation. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 124 +++++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.h | 6 ++ arch/x86/kvm/x86.c | 123 ++++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/x86.h | 5 ++ 4 files changed, 258 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 2e2548fa369b..63f20be4bc69 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1262,6 +1262,9 @@ void sev_free_vcpu(struct kvm_vcpu *vcpu) if (vcpu->arch.guest_state_protected) sev_flush_guest_memory(svm, svm->vmsa, PAGE_SIZE); __free_page(virt_to_page(svm->vmsa)); + + if (svm->ghcb_sa_free) + kfree(svm->ghcb_sa); } static void dump_ghcb(struct vcpu_svm *svm) @@ -1436,6 +1439,11 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) !ghcb_rcx_is_valid(ghcb)) goto vmgexit_err; break; + case SVM_VMGEXIT_MMIO_READ: + case SVM_VMGEXIT_MMIO_WRITE: + if (!ghcb_sw_scratch_is_valid(ghcb)) + goto vmgexit_err; + break; case SVM_VMGEXIT_UNSUPPORTED_EVENT: break; default: @@ -1470,6 +1478,24 @@ static void pre_sev_es_run(struct vcpu_svm *svm) if (!svm->ghcb) return; + if (svm->ghcb_sa_free) { + /* + * The scratch area lives outside the GHCB, so there is a + * buffer that, depending on the operation performed, may + * need to be synced, then freed. + */ + if (svm->ghcb_sa_sync) { + kvm_write_guest(svm->vcpu.kvm, + ghcb_get_sw_scratch(svm->ghcb), + svm->ghcb_sa, svm->ghcb_sa_len); + svm->ghcb_sa_sync = false; + } + + kfree(svm->ghcb_sa); + svm->ghcb_sa = NULL; + svm->ghcb_sa_free = false; + } + trace_kvm_vmgexit_exit(svm->vcpu.vcpu_id, svm->ghcb); sev_es_sync_to_ghcb(svm); @@ -1504,6 +1530,86 @@ void pre_sev_run(struct vcpu_svm *svm, int cpu) vmcb_mark_dirty(svm->vmcb, VMCB_ASID); } +#define GHCB_SCRATCH_AREA_LIMIT (16ULL * PAGE_SIZE) +static bool setup_vmgexit_scratch(struct vcpu_svm *svm, bool sync, u64 len) +{ + struct vmcb_control_area *control = &svm->vmcb->control; + struct ghcb *ghcb = svm->ghcb; + u64 ghcb_scratch_beg, ghcb_scratch_end; + u64 scratch_gpa_beg, scratch_gpa_end; + void *scratch_va; + + scratch_gpa_beg = ghcb_get_sw_scratch(ghcb); + if (!scratch_gpa_beg) { + pr_err("vmgexit: scratch gpa not provided\n"); + return false; + } + + scratch_gpa_end = scratch_gpa_beg + len; + if (scratch_gpa_end < scratch_gpa_beg) { + pr_err("vmgexit: scratch length (%#llx) not valid for scratch address (%#llx)\n", + len, scratch_gpa_beg); + return false; + } + + if ((scratch_gpa_beg & PAGE_MASK) == control->ghcb_gpa) { + /* Scratch area begins within GHCB */ + ghcb_scratch_beg = control->ghcb_gpa + + offsetof(struct ghcb, shared_buffer); + ghcb_scratch_end = control->ghcb_gpa + + offsetof(struct ghcb, reserved_1); + + /* + * If the scratch area begins within the GHCB, it must be + * completely contained in the GHCB shared buffer area. + */ + if (scratch_gpa_beg < ghcb_scratch_beg || + scratch_gpa_end > ghcb_scratch_end) { + pr_err("vmgexit: scratch area is outside of GHCB shared buffer area (%#llx - %#llx)\n", + scratch_gpa_beg, scratch_gpa_end); + return false; + } + + scratch_va = (void *)svm->ghcb; + scratch_va += (scratch_gpa_beg - control->ghcb_gpa); + } else { + /* + * The guest memory must be read into a kernel buffer, so + * limit the size + */ + if (len > GHCB_SCRATCH_AREA_LIMIT) { + pr_err("vmgexit: scratch area exceeds KVM limits (%#llx requested, %#llx limit)\n", + len, GHCB_SCRATCH_AREA_LIMIT); + return false; + } + scratch_va = kzalloc(len, GFP_KERNEL); + if (!scratch_va) + return false; + + if (kvm_read_guest(svm->vcpu.kvm, scratch_gpa_beg, scratch_va, len)) { + /* Unable to copy scratch area from guest */ + pr_err("vmgexit: kvm_read_guest for scratch area failed\n"); + + kfree(scratch_va); + return false; + } + + /* + * The scratch area is outside the GHCB. The operation will + * dictate whether the buffer needs to be synced before running + * the vCPU next time (i.e. a read was requested so the data + * must be written back to the guest memory). + */ + svm->ghcb_sa_sync = sync; + svm->ghcb_sa_free = true; + } + + svm->ghcb_sa = scratch_va; + svm->ghcb_sa_len = len; + + return true; +} + static void set_ghcb_msr_bits(struct vcpu_svm *svm, u64 value, u64 mask, unsigned int pos) { @@ -1641,6 +1747,24 @@ int sev_handle_vmgexit(struct vcpu_svm *svm) ret = -EINVAL; switch (exit_code) { + case SVM_VMGEXIT_MMIO_READ: + if (!setup_vmgexit_scratch(svm, true, control->exit_info_2)) + break; + + ret = kvm_sev_es_mmio_read(&svm->vcpu, + control->exit_info_1, + control->exit_info_2, + svm->ghcb_sa); + break; + case SVM_VMGEXIT_MMIO_WRITE: + if (!setup_vmgexit_scratch(svm, false, control->exit_info_2)) + break; + + ret = kvm_sev_es_mmio_write(&svm->vcpu, + control->exit_info_1, + control->exit_info_2, + svm->ghcb_sa); + break; case SVM_VMGEXIT_UNSUPPORTED_EVENT: vcpu_unimpl(&svm->vcpu, "vmgexit: unsupported event - exit_info_1=%#llx, exit_info_2=%#llx\n", diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 7e3f8e3e0722..f5e5b91e06d3 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -173,6 +173,12 @@ struct vcpu_svm { struct vmcb_save_area *vmsa; struct ghcb *ghcb; struct kvm_host_map ghcb_map; + + /* SEV-ES scratch area support */ + void *ghcb_sa; + u64 ghcb_sa_len; + bool ghcb_sa_sync; + bool ghcb_sa_free; }; struct svm_cpu_data { diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 7b707a638438..fe9064a8139f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -11266,6 +11266,129 @@ int kvm_handle_invpcid(struct kvm_vcpu *vcpu, unsigned long type, gva_t gva) } EXPORT_SYMBOL_GPL(kvm_handle_invpcid); +static int complete_sev_es_emulated_mmio(struct kvm_vcpu *vcpu) +{ + struct kvm_run *run = vcpu->run; + struct kvm_mmio_fragment *frag; + unsigned int len; + + BUG_ON(!vcpu->mmio_needed); + + /* Complete previous fragment */ + frag = &vcpu->mmio_fragments[vcpu->mmio_cur_fragment]; + len = min(8u, frag->len); + if (!vcpu->mmio_is_write) + memcpy(frag->data, run->mmio.data, len); + + if (frag->len <= 8) { + /* Switch to the next fragment. */ + frag++; + vcpu->mmio_cur_fragment++; + } else { + /* Go forward to the next mmio piece. */ + frag->data += len; + frag->gpa += len; + frag->len -= len; + } + + if (vcpu->mmio_cur_fragment >= vcpu->mmio_nr_fragments) { + vcpu->mmio_needed = 0; + + // VMG change, at this point, we're always done + // RIP has already been advanced + return 1; + } + + // More MMIO is needed + run->mmio.phys_addr = frag->gpa; + run->mmio.len = min(8u, frag->len); + run->mmio.is_write = vcpu->mmio_is_write; + if (run->mmio.is_write) + memcpy(run->mmio.data, frag->data, min(8u, frag->len)); + run->exit_reason = KVM_EXIT_MMIO; + + vcpu->arch.complete_userspace_io = complete_sev_es_emulated_mmio; + + return 0; +} + +int kvm_sev_es_mmio_write(struct kvm_vcpu *vcpu, gpa_t gpa, unsigned int bytes, + void *data) +{ + int handled; + struct kvm_mmio_fragment *frag; + + if (!data) + return -EINVAL; + + handled = write_emultor.read_write_mmio(vcpu, gpa, bytes, data); + if (handled == bytes) + return 1; + + bytes -= handled; + gpa += handled; + data += handled; + + /*TODO: Check if need to increment number of frags */ + frag = vcpu->mmio_fragments; + vcpu->mmio_nr_fragments = 1; + frag->len = bytes; + frag->gpa = gpa; + frag->data = data; + + vcpu->mmio_needed = 1; + vcpu->mmio_cur_fragment = 0; + + vcpu->run->mmio.phys_addr = gpa; + vcpu->run->mmio.len = min(8u, frag->len); + vcpu->run->mmio.is_write = 1; + memcpy(vcpu->run->mmio.data, frag->data, min(8u, frag->len)); + vcpu->run->exit_reason = KVM_EXIT_MMIO; + + vcpu->arch.complete_userspace_io = complete_sev_es_emulated_mmio; + + return 0; +} +EXPORT_SYMBOL_GPL(kvm_sev_es_mmio_write); + +int kvm_sev_es_mmio_read(struct kvm_vcpu *vcpu, gpa_t gpa, unsigned int bytes, + void *data) +{ + int handled; + struct kvm_mmio_fragment *frag; + + if (!data) + return -EINVAL; + + handled = read_emultor.read_write_mmio(vcpu, gpa, bytes, data); + if (handled == bytes) + return 1; + + bytes -= handled; + gpa += handled; + data += handled; + + /*TODO: Check if need to increment number of frags */ + frag = vcpu->mmio_fragments; + vcpu->mmio_nr_fragments = 1; + frag->len = bytes; + frag->gpa = gpa; + frag->data = data; + + vcpu->mmio_needed = 1; + vcpu->mmio_cur_fragment = 0; + + vcpu->run->mmio.phys_addr = gpa; + vcpu->run->mmio.len = min(8u, frag->len); + vcpu->run->mmio.is_write = 0; + vcpu->run->exit_reason = KVM_EXIT_MMIO; + + vcpu->arch.complete_userspace_io = complete_sev_es_emulated_mmio; + + return 0; +} +EXPORT_SYMBOL_GPL(kvm_sev_es_mmio_read); + EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_exit); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_fast_mmio); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_inj_virq); diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index e7ca622a468f..4a98b1317cf4 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -407,4 +407,9 @@ bool kvm_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u32 type); __reserved_bits; \ }) +int kvm_sev_es_mmio_write(struct kvm_vcpu *vcpu, gpa_t src, unsigned int bytes, + void *dst); +int kvm_sev_es_mmio_read(struct kvm_vcpu *vcpu, gpa_t src, unsigned int bytes, + void *dst); + #endif From patchwork Tue Nov 17 17:07:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912989 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 93D55C64E75 for ; Tue, 17 Nov 2020 17:10:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5338B24654 for ; Tue, 17 Nov 2020 17:10:42 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="qyPKFvsZ" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729212AbgKQRKY (ORCPT ); Tue, 17 Nov 2020 12:10:24 -0500 Received: from mail-dm6nam11on2062.outbound.protection.outlook.com ([40.107.223.62]:45280 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729215AbgKQRKX (ORCPT ); Tue, 17 Nov 2020 12:10:23 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RqhmuWXc7e99lWqnot8U3ZrojDr6QPVz3KRjxLc02uDCWq/n7nksu1yWr3WXOSIUvM4CKG0Ii7FGlWzxITHQlQEvWqF9r7/gWk2Pcc+eutqfReWu864h6S+S6XnyDo6NuFWoVq4MuOQwSS7fSwyK6+rOeRqx7HDCTn/FtEdJW8jPKjHhVgLIu6lIF3unqkpD2WUA/fq/DUYimSwDwNhmnJ9ksFwPm9emsUyfTukdwQUKnBR3jMUM71R8B9QJ/JQ1DGR4eEBOUXJRlXA4wAEX+nMfR5kr7RQ3zJOP/ldFIL1HAANpzyh9EqhjtLiq4uUrbsnJI3eCUZjCND8/MYlNFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=j8F99g1Y3mUaaZmB47pJOv+GvK/IH+oa1tBsdlw75Wk=; b=cZMRbGOQpn46SrHgoLg5hD3D2AGwNKJB4pW4+gFITHGK5529VY9cz4wvsXK7Ww5yNDjuYJ2GyeEK9MkJJi4I/RBeE9ECOs6EtQFVtj9h/6GOlrwbF6d72WlAXZWnkpAdGd1d7E9UisTwHNjjmLvzAZ5FVd+edxyT/sZtI6mJiYqouD5QcRZwtRyQRptWEFgIKNqUZdbQmPHKuGn0Owvg9S1YugCxKKKEE2Bu32Fq7KSwUxGGHlr0wJBmO1g3P+fjcNXwoiuFeQTstMxjZmm0yPNPMYEzcHdgnf1TgAJvgg2YBY5BEsbtSAsmWJmr+RF8zwUftM6sygp2nRPM+SCD9A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=j8F99g1Y3mUaaZmB47pJOv+GvK/IH+oa1tBsdlw75Wk=; b=qyPKFvsZL+FI2jWQIeT0ZLlMkRVNeileZJrtUv/+Pgmm9bAWd3GbrxSJHqpbLLD1Th/GmPgj1nPCyeWv3o7ZHfDeQtm+jF81G0I/spwFsA1cV/tDsrJ75+puYtBfWRkNEwppjNR8XTEk+VPAo1evUoFo2c88+xk5X6iQQQo24lA= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:10:18 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:10:18 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh , kernel test robot Subject: [PATCH v4 19/34] KVM: SVM: Support string IO operations for an SEV-ES guest Date: Tue, 17 Nov 2020 11:07:22 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN6PR04CA0081.namprd04.prod.outlook.com (2603:10b6:805:f2::22) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SN6PR04CA0081.namprd04.prod.outlook.com (2603:10b6:805:f2::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.28 via Frontend Transport; Tue, 17 Nov 2020 17:10:17 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: ceff8be6-1e9d-4aa5-8272-08d88b1ba871 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 6YPQYvt5iC2OeBQ9WD3Ujvw2yKixBjE/rlfeiBlFGrzTfTcNyOkIwK8JwGQm/q19YNcbA7t2XxUqPU0fJFWrTciEcUf0D6YzzDI5IhDHrcEsr00ZO51HuXJdkV9jQwLl+6Jf0SY//yuiTNJOw6ZHxtPJ1SNXqIAMFSQcZvEZRvaRAlo7BSmlzqfVYFKECCy8oiN0TYO0R+j1ViAbjRW8PITRWpRNJTpxgNJWJqMewTXRmKSxmrq+gxMSx+ZzPxEtx9wRcUL+rGwJOaXH2cQ35fqraKM3qI6meL/g3fAW5sxxc/GRHaqZfQCyawUvfiyl X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: iYUeOhPbQiYfSap7DplVWrzveYKJv6Ds17Om0R8arkHuBpvtrn09h5wT8k18lDaMYlER0apD56lrGA/WHHOmNEgD4pqEwKvHJRC0tEhK12xGpqt8i8m4lVQqR+rnBSxl+baVSFprcVPT07wb5GiL+aJO9xeu9AKjBmdS9QNaFWHMuBdr5Zwt6huGfJ6pjauigalsyOWbhPQFlqGrBHIuHwIfgK0/eVdyyQNDP2P4QXxa8IHfU1S2kXLH1W2cDR/V1M7aV5u0HgOhz/VZx5Z/DF4G41bXJd5d/2MWL1AysBywc7qns3YKw0uraBGd9eQ3XukNbEEieLkwrNmd3d+M217KaWgZymUVsOAYrXpuPy8jkp+WeXY+HuWZT4vxdSpscU2D17pTT3NpdiMpLBwfq+gwdrU+pdc+Pbre1biaQADZYQztcDqcNNxVlRWbtmAtKUsz8O6I9FP2l24Dg8250VHw29XfY8C/NkgLR2Nh8NXXtIRE+t2KJnc/pbb42vuSpu/91wTgISebu8LkjK2h4ygHE0vq5jelDCSQq5KIfd+gvcYusNU1NXUG7/ClJpFpBjOhzuQsHl9pYysGwQFGrj7qoMW05N/cdEiDu4DVSBSisN/WDKhT+miQGBLLFJ5Wy++KYeJSoa/NgV5K3sFKHw== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ceff8be6-1e9d-4aa5-8272-08d88b1ba871 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:10:18.1773 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: lwoG95Hf5UXzrQsbpIb/AINvCIIxRKtZdB2ptHBcT8M7c9zhRqeIdC0GIZAhYhe69SHcS2X3FX07S76qUgJXqw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky For an SEV-ES guest, string-based port IO is performed to a shared (un-encrypted) page so that both the hypervisor and guest can read or write to it and each see the contents. For string-based port IO operations, invoke SEV-ES specific routines that can complete the operation using common KVM port IO support. [ set but not used variable ] Reported-by: kernel test robot Signed-off-by: Tom Lendacky --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm/sev.c | 18 +++++++++-- arch/x86/kvm/svm/svm.c | 11 +++++-- arch/x86/kvm/svm/svm.h | 1 + arch/x86/kvm/x86.c | 54 +++++++++++++++++++++++++++++++++ arch/x86/kvm/x86.h | 3 ++ 6 files changed, 83 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 7776bb18e29d..4fe718e339c9 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -614,6 +614,7 @@ struct kvm_vcpu_arch { struct kvm_pio_request pio; void *pio_data; + void *guest_ins_data; u8 event_exit_inst_len; diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 63f20be4bc69..a7531de760b5 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1406,9 +1406,14 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) case SVM_EXIT_INVD: break; case SVM_EXIT_IOIO: - if (!(ghcb_get_sw_exit_info_1(ghcb) & SVM_IOIO_TYPE_MASK)) - if (!ghcb_rax_is_valid(ghcb)) + if (ghcb_get_sw_exit_info_1(ghcb) & SVM_IOIO_STR_MASK) { + if (!ghcb_sw_scratch_is_valid(ghcb)) goto vmgexit_err; + } else { + if (!(ghcb_get_sw_exit_info_1(ghcb) & SVM_IOIO_TYPE_MASK)) + if (!ghcb_rax_is_valid(ghcb)) + goto vmgexit_err; + } break; case SVM_EXIT_MSR: if (!ghcb_rcx_is_valid(ghcb)) @@ -1776,3 +1781,12 @@ int sev_handle_vmgexit(struct vcpu_svm *svm) return ret; } + +int sev_es_string_io(struct vcpu_svm *svm, int size, unsigned int port, int in) +{ + if (!setup_vmgexit_scratch(svm, in, svm->vmcb->control.exit_info_2)) + return -EINVAL; + + return kvm_sev_es_string_io(&svm->vcpu, size, port, + svm->ghcb_sa, svm->ghcb_sa_len, in); +} diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 6fa36afbbad1..02a8035dd6b2 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2054,11 +2054,16 @@ static int io_interception(struct vcpu_svm *svm) ++svm->vcpu.stat.io_exits; string = (io_info & SVM_IOIO_STR_MASK) != 0; in = (io_info & SVM_IOIO_TYPE_MASK) != 0; - if (string) - return kvm_emulate_instruction(vcpu, 0); - port = io_info >> 16; size = (io_info & SVM_IOIO_SIZE_MASK) >> SVM_IOIO_SIZE_SHIFT; + + if (string) { + if (sev_es_guest(vcpu->kvm)) + return sev_es_string_io(svm, size, port, in); + else + return kvm_emulate_instruction(vcpu, 0); + } + svm->next_rip = svm->vmcb->control.exit_info_2; return kvm_fast_pio(&svm->vcpu, size, port, in); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index f5e5b91e06d3..1c1399b9516a 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -572,5 +572,6 @@ void __init sev_hardware_setup(void); void sev_hardware_teardown(void); void sev_free_vcpu(struct kvm_vcpu *vcpu); int sev_handle_vmgexit(struct vcpu_svm *svm); +int sev_es_string_io(struct vcpu_svm *svm, int size, unsigned int port, int in); #endif diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index fe9064a8139f..46bd83f0dbc3 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -10757,6 +10757,10 @@ int kvm_arch_interrupt_allowed(struct kvm_vcpu *vcpu) unsigned long kvm_get_linear_rip(struct kvm_vcpu *vcpu) { + /* Can't read the RIP when guest state is protected, just return 0 */ + if (vcpu->arch.guest_state_protected) + return 0; + if (is_64_bit_mode(vcpu)) return kvm_rip_read(vcpu); return (u32)(get_segment_base(vcpu, VCPU_SREG_CS) + @@ -11389,6 +11393,56 @@ int kvm_sev_es_mmio_read(struct kvm_vcpu *vcpu, gpa_t gpa, unsigned int bytes, } EXPORT_SYMBOL_GPL(kvm_sev_es_mmio_read); +static int complete_sev_es_emulated_ins(struct kvm_vcpu *vcpu) +{ + memcpy(vcpu->arch.guest_ins_data, vcpu->arch.pio_data, + vcpu->arch.pio.count * vcpu->arch.pio.size); + vcpu->arch.pio.count = 0; + + return 1; +} + +static int kvm_sev_es_outs(struct kvm_vcpu *vcpu, unsigned int size, + unsigned int port, void *data, unsigned int count) +{ + int ret; + + ret = emulator_pio_out_emulated(vcpu->arch.emulate_ctxt, size, port, + data, count); + if (ret) + return ret; + + vcpu->arch.pio.count = 0; + + return 0; +} + +static int kvm_sev_es_ins(struct kvm_vcpu *vcpu, unsigned int size, + unsigned int port, void *data, unsigned int count) +{ + int ret; + + ret = emulator_pio_in_emulated(vcpu->arch.emulate_ctxt, size, port, + data, count); + if (ret) { + vcpu->arch.pio.count = 0; + } else { + vcpu->arch.guest_ins_data = data; + vcpu->arch.complete_userspace_io = complete_sev_es_emulated_ins; + } + + return 0; +} + +int kvm_sev_es_string_io(struct kvm_vcpu *vcpu, unsigned int size, + unsigned int port, void *data, unsigned int count, + int in) +{ + return in ? kvm_sev_es_ins(vcpu, size, port, data, count) + : kvm_sev_es_outs(vcpu, size, port, data, count); +} +EXPORT_SYMBOL_GPL(kvm_sev_es_string_io); + EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_exit); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_fast_mmio); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_inj_virq); diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index 4a98b1317cf4..f46bb286def5 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -411,5 +411,8 @@ int kvm_sev_es_mmio_write(struct kvm_vcpu *vcpu, gpa_t src, unsigned int bytes, void *dst); int kvm_sev_es_mmio_read(struct kvm_vcpu *vcpu, gpa_t src, unsigned int bytes, void *dst); +int kvm_sev_es_string_io(struct kvm_vcpu *vcpu, unsigned int size, + unsigned int port, void *data, unsigned int count, + int in); #endif From patchwork Tue Nov 17 17:07:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912991 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2A20CC64E7A for ; Tue, 17 Nov 2020 17:10:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BF82624654 for ; Tue, 17 Nov 2020 17:10:42 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="1S3bu4+B" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728329AbgKQRKc (ORCPT ); Tue, 17 Nov 2020 12:10:32 -0500 Received: from mail-dm6nam11on2078.outbound.protection.outlook.com ([40.107.223.78]:30208 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728317AbgKQRKb (ORCPT ); Tue, 17 Nov 2020 12:10:31 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TncMZ7/woMKQt6dBzN5bG2SdOZPI/8zY4ArIbNaDTvr0syZ+dhIopCB5SzPUTRMEIcF3hpAchhEPSQ4h4amwHxvpbi8snqaoBx4pg7zMR2nJ7BwVFfCRZUiJO3zgsSmqBikfFIxj4OKEu4UwS78OzXp5qyHudDpPYTvxqtrwgdKZQoNWP5wumgqZT80f2Mf/aJgV/xqacugFn24ky+uPB/zlDKk9XaAUx1hYjU19lWVfEnf+a8sh42CnqOMSM3m9NfPTtEsM4lSz+EkXPrZAWcXTuIQ0+5R5YKzCkviDnBnkMxFc5rftg56EiECA+CUtr32KBvNQgSArsq/c8Ce7hA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TRM8KxiyOg4f05n/z6YN1VjEvXdRbnmsOyCHqV6Y7FI=; b=LhieZeiktoJwnigimqAjh+5nCZsBT1NNkyDD+/TWh7drJrj0ARRjt3/67PBsmbKcuK2XIvmAbtkfQEe+pV14UFdNDV+IYX/QPW9CjHS0Hv3pgLD/5dyzM933pbIKGYisgN7OBGNYMKj1mIEPa5ls4iAJK80bXQsACGkORic6UTwPFY+NYFX+ygpDjt93L4eAOprXAFavnudyhXWKops9xCmkuvGb1JyH3frdj9JzRniaqOwY72V1xGr535mD+5ByGjmbLfMSTZ6IOIDmt5JCLFBUgTVnP9UTmZcan5tAQDdOaZq2fDpGE2vcXFaSnQTyz0KwTAkT5VZT9Tgo3LaVlQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TRM8KxiyOg4f05n/z6YN1VjEvXdRbnmsOyCHqV6Y7FI=; b=1S3bu4+BbvKlMFR7pPUlD3rew1sQAfpFtqLFl/tc4B/zq43rq9obZv6aDxcdYks/q0++GAiJxlfm5YoNM8e+EFSTYHAYnG7QLLkiS3ds+sooqUX1oms9oWayXTqRWED/eonOCYaopRmnDwjXKvS6j4pWRciW2MvlGO/2oZn+5tM= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:10:26 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:10:26 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 20/34] KVM: SVM: Add support for EFER write traps for an SEV-ES guest Date: Tue, 17 Nov 2020 11:07:23 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR10CA0004.namprd10.prod.outlook.com (2603:10b6:806:a7::9) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SA9PR10CA0004.namprd10.prod.outlook.com (2603:10b6:806:a7::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.20 via Frontend Transport; Tue, 17 Nov 2020 17:10:25 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: abc133d6-e57b-4c53-3999-08d88b1bad45 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: nk8UG5dj2Fd3yk6TTs1WgOov9JxUHyyO9cBxMB8Uwic215nTnXu/jMwX2huhdT2c9MQJSeqIsLhydpmHmasemUCvD9eSVSBqsW62OiauXWaUsClwLwdRyXFD3CZiU8544TJrwYRPml2oTB64GZJLNhdwDBcEMAqDSjYXSQ+VdDQOzFdFfbmqx+SOkzNK60jK4wDDP4VCUft0Ilc8ZlOTL+M34Q+rht5Mjn2mESepM7kVdD3u/7u70P/BunZP1375NV8koyb34pDDZK0sl3scoJ/zNUXxEQBBbPuKQ33fUVbtE5MRWZ8LsFySnbb9IUIYj+hCxElX+lsK2wZ2yPFy8A== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: 1d4PXzPbeD0ynm+q3Ftcg949CNDFPr2TH+7KIk706w3yDd90mnfVZZkBbFEA0zyJ4lDZ1EVpBCeeuBL66DqogOxhUXBm7BxqvrWrfRbwt1+7M+LGaQ4Oa+cBex7McpvPVIg6/9SdYitqIpc/S6ZwSBija+13jpPGZtv6QXbWt+7DotiaNXDCYIQnvw+YjyfPx9b44bGIIFLxMy/m/oT3OcDtupIUoii/RRypU0xavmzivO0weq6LdaK581p+3al8g404zpkzc0O+6JD5yrP3oPCZLMBAub9NLU32Cb+j4h2yuC5JKbzWh0KFxGjuD5D3++7YxUmv1ikm6bxbA4QTrX/RUK7zSMxcvgCMciBAg23fdGB3jWVxrrQCx3j29PPbvSAYL1Pmu+KkYmA/p68PmGnHNtaZKQfwuH0wPM5B8DJaeYvBaTXDhBTf67a1lcdrQBgElpx04CX55Eb2Ta7I41uDxPfTAQEI6e8HLrHWVOI5xL4dqfpL4Yw0yZidx7CCcPNm9uQPqCaTMfbjxVKMjwIUUfeYuirY6nmWpAevvFIpKIvu3FS0f4aghPZ4+DHb81Jid6UaU9/rt9aSnARTOc3p3b/wcU1JoNOSjQTNTxAsdv5Zt0cd2wWabwjFpwc8dMhwPZynt88S/eekijo2mg== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: abc133d6-e57b-4c53-3999-08d88b1bad45 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:10:26.2677 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: qWbnOJFyX90E1uBLM5PAokYo9y/ixnG6OhUGkv5mEkXqzDVpVp47Y/QQd4URxrHK/hGdry80VMfhI/GOJnr0gg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky For SEV-ES guests, the interception of EFER write access is not recommended. EFER interception occurs prior to EFER being modified and the hypervisor is unable to modify EFER itself because the register is located in the encrypted register state. SEV-ES support introduces a new EFER write trap. This trap provides intercept support of an EFER write after it has been modified. The new EFER value is provided in the VMCB EXITINFO1 field, allowing the hypervisor to track the setting of the guest EFER. Add support to track the value of the guest EFER value using the EFER write trap so that the hypervisor understands the guest operating mode. Signed-off-by: Tom Lendacky --- arch/x86/include/uapi/asm/svm.h | 2 ++ arch/x86/kvm/svm/svm.c | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h index 09f723945425..6e3f92e17655 100644 --- a/arch/x86/include/uapi/asm/svm.h +++ b/arch/x86/include/uapi/asm/svm.h @@ -77,6 +77,7 @@ #define SVM_EXIT_MWAIT_COND 0x08c #define SVM_EXIT_XSETBV 0x08d #define SVM_EXIT_RDPRU 0x08e +#define SVM_EXIT_EFER_WRITE_TRAP 0x08f #define SVM_EXIT_INVPCID 0x0a2 #define SVM_EXIT_NPF 0x400 #define SVM_EXIT_AVIC_INCOMPLETE_IPI 0x401 @@ -184,6 +185,7 @@ { SVM_EXIT_MONITOR, "monitor" }, \ { SVM_EXIT_MWAIT, "mwait" }, \ { SVM_EXIT_XSETBV, "xsetbv" }, \ + { SVM_EXIT_EFER_WRITE_TRAP, "write_efer_trap" }, \ { SVM_EXIT_INVPCID, "invpcid" }, \ { SVM_EXIT_NPF, "npf" }, \ { SVM_EXIT_AVIC_INCOMPLETE_IPI, "avic_incomplete_ipi" }, \ diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 02a8035dd6b2..f840e3a3ee45 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2519,6 +2519,25 @@ static int cr8_write_interception(struct vcpu_svm *svm) return 0; } +static int efer_trap(struct vcpu_svm *svm) +{ + struct msr_data msr_info; + int ret; + + /* + * Clear the EFER_SVME bit from EFER. The SVM code always sets this + * bit in svm_set_efer(), but __kvm_valid_efer() checks it against + * whether the guest has X86_FEATURE_SVM - this avoids a failure if + * the guest doesn't have X86_FEATURE_SVM. + */ + msr_info.host_initiated = false; + msr_info.index = MSR_EFER; + msr_info.data = svm->vmcb->control.exit_info_1 & ~EFER_SVME; + ret = kvm_set_msr_common(&svm->vcpu, &msr_info); + + return kvm_complete_insn_gp(&svm->vcpu, ret); +} + static int svm_get_msr_feature(struct kvm_msr_entry *msr) { msr->data = 0; @@ -3027,6 +3046,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = { [SVM_EXIT_MWAIT] = mwait_interception, [SVM_EXIT_XSETBV] = xsetbv_interception, [SVM_EXIT_RDPRU] = rdpru_interception, + [SVM_EXIT_EFER_WRITE_TRAP] = efer_trap, [SVM_EXIT_INVPCID] = invpcid_interception, [SVM_EXIT_NPF] = npf_interception, [SVM_EXIT_RSM] = rsm_interception, From patchwork Tue Nov 17 17:07:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912993 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9DA11C2D0E4 for ; Tue, 17 Nov 2020 17:10:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3F2F624654 for ; Tue, 17 Nov 2020 17:10:43 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="ZqQQ7gQm" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729282AbgKQRKj (ORCPT ); Tue, 17 Nov 2020 12:10:39 -0500 Received: from mail-dm6nam12on2077.outbound.protection.outlook.com ([40.107.243.77]:50048 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727922AbgKQRKi (ORCPT ); Tue, 17 Nov 2020 12:10:38 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kN/ceZC7j/ylgygKLlblTkjZ+zq3fKzhAwjupcY4QX059k4X2Gzy7ojEipuIMwH6zSZiG80E47HlRpL8l5Z8xle7O7YA9K2shtZ5uLRe5ezwdBhIsoCnXQtnJ6DON7ouhVKcdlDJsvTg1+Zylb1eBkx7Z9y2qaOWi4pt0vu9A/VTkbh89leazmt4kzrHiHVwufB+ApGfhvVomgKR3PyVvTRYtL6N0dXEXOfH9+bLhhVaXRhJc5XVzfsoctaTJ0n52dmIUNlbIExIYdGTVFAC2hs6BdTSv7z9fQ+u1xpP7uM+1gNOrftYpgFRIjL2EeUNW8hBNGxZSmXuBRFprexw2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4RxZ4prlfsGgcObgXQ6t1PLsXAkp0UgEi4AMr2trksM=; b=UanSteT51/acxCJe9RG4XEbzoW8tMvdS4twN1LxNU+9fWXDm17WRY690URyv16fXVepXckO1WfHAQRlbyf95eWJsfJKXNHYAmSK/6xi1VkDFDXRCRpWsyes/9gky77LC7O6PH3cxh76DDpFvNPJzfkVqEzorvXz3EFHqt1X4Hx4cyfgV0te3aQC4tX0YfhCh6cdCG1Szg3Vp+K7MrV59PZXg8kyMuJa5evQIWWyiPnheyD5E5+eWvZfUd59kYpEBt1FfIlchjfuBCbF/G5VKss5kNTNnFGKQD8yB3wyg8oHOoA0VybLfkZSfs/TFAsY9x6tmGP6DRFnSPeQS2aXI5A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4RxZ4prlfsGgcObgXQ6t1PLsXAkp0UgEi4AMr2trksM=; b=ZqQQ7gQmaPiOiMqV5UStTS+sFtwaQUbRK+iyOGoKA4YJo1cnm4ZUlC8i43ZZrXL2aWpenyMMGcv3d3rXfLGRUXsQ48eKh8QfdKDMgsZjGW0JlTdkX5YbQpWgln4MfvdLgzoQdf+aZ3leWbY3dh9+Nbpa95gCC0IqZDyklDznESk= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:10:34 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:10:34 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 21/34] KVM: SVM: Add support for CR0 write traps for an SEV-ES guest Date: Tue, 17 Nov 2020 11:07:24 -0600 Message-Id: <80b9ee59892f0090f52b124f220fdba46e7c0b65.1605632857.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0501CA0149.namprd05.prod.outlook.com (2603:10b6:803:2c::27) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SN4PR0501CA0149.namprd05.prod.outlook.com (2603:10b6:803:2c::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.15 via Frontend Transport; Tue, 17 Nov 2020 17:10:33 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 55a06a38-a5d4-4381-cccd-08d88b1bb23a X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: wT5Dt/NrV721Oc4MvDe9q1A3xiWduQK/L2vXBr4BD4OJ3fOUCloEJxUetWr5QPJX/n2OW76bJ2zYQNjeGPEkLOMCzIojVVJiXfV8Kvb1OKSjAjPZJC2RUQfSZ1Spf+wdRin4zotlwfF/rQ09wC3LqgM9h1kS2jwld0z5rLAb5jfr+kkocsm4fucUSWG4X+WOxzhFuRTVfbgoSdLkIEcOIYIP+hcOJl1IXUbhzXgLNmIFPRwx9d1OK/0AwimuSRBbNapk7KILRt1KpZy5ByJXbFEGE4e4iyIBnt778BDVvbr8NOZvFxSFcEF01DWPEl+1 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: ITYvT26FbtPccX3K8OLs5eAL8yU1xNzN9ELOd0vTN95j+EaybrG7FOAnwqjligzt+2sTjaAyqi/kTEFekB68y4OSPSUvimQpib7tLlkSZSGnSuugVMOBVx0QHf2htoh5P2kJV2GAzdnZBf/JyPdOFYDm34QDmkxwZAKJC1e2yKZQzugDoR5U4Lc5RjTBXYPDFBTORunl+UFfDLGg3aoa7htOKwD7p7WCIlRXzIc9Wwps0ucpYaTy0Wyn8LxTz6UylZuWzbZ2eVjuSQIvaFybW0qW5efUgEA/76Z59/wtmXcIhK8cRlAaVOetH9ldfZOjbd6zgsWNc03vofvdEpnfFnVKQUfAXT0FDk5GbViTEaPd0gD3qOfkyVuhrjxcRugcQeCfy9gQyPKQUMDpEdsDPOWuRLAtwP2JvwOYRrLUX22qoDWv7xUYY5/dWKM45Dahgd7UOGgLR2ZK7gU+/UsEgCdFhVav5C4tjhYqB0Q0Dru7dYyUzys/3PRu05y4bYJBA2F9o7LiKDoiA0fkFrNfiP/hF3Lpzv64Lip9o7F0DYnsZGWUY0TMKK/JVuGIfIetvFh1sqRzZW6kSSTndzNf80E3v32IcWHMxv+/Y6kT8+QCAKQ/o+eDxSdEAe+ns79RRQyGDRSHH55BZ/HXY8HKfw== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 55a06a38-a5d4-4381-cccd-08d88b1bb23a X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:10:34.5620 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wuXjX3eLxczloxQLGgUBORwTdjVtExKV3J3bAGi8OSpAq//jOCTHgXUn+RZ6KAcyojMMnP23L010oxAiKOGnkQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky For SEV-ES guests, the interception of control register write access is not recommended. Control register interception occurs prior to the control register being modified and the hypervisor is unable to modify the control register itself because the register is located in the encrypted register state. SEV-ES support introduces new control register write traps. These traps provide intercept support of a control register write after the control register has been modified. The new control register value is provided in the VMCB EXITINFO1 field, allowing the hypervisor to track the setting of the guest control registers. Add support to track the value of the guest CR0 register using the control register write trap so that the hypervisor understands the guest operating mode. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/uapi/asm/svm.h | 17 ++++++++++++++ arch/x86/kvm/svm/svm.c | 24 +++++++++++++++++++ arch/x86/kvm/x86.c | 41 +++++++++++++++++++-------------- 4 files changed, 66 insertions(+), 17 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 4fe718e339c9..068853bcbc74 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1473,6 +1473,7 @@ void kvm_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector); int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int idt_index, int reason, bool has_error_code, u32 error_code); +int __kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long old_cr0, unsigned long cr0); int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0); int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3); int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4); diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h index 6e3f92e17655..14b0d97b50e2 100644 --- a/arch/x86/include/uapi/asm/svm.h +++ b/arch/x86/include/uapi/asm/svm.h @@ -78,6 +78,22 @@ #define SVM_EXIT_XSETBV 0x08d #define SVM_EXIT_RDPRU 0x08e #define SVM_EXIT_EFER_WRITE_TRAP 0x08f +#define SVM_EXIT_CR0_WRITE_TRAP 0x090 +#define SVM_EXIT_CR1_WRITE_TRAP 0x091 +#define SVM_EXIT_CR2_WRITE_TRAP 0x092 +#define SVM_EXIT_CR3_WRITE_TRAP 0x093 +#define SVM_EXIT_CR4_WRITE_TRAP 0x094 +#define SVM_EXIT_CR5_WRITE_TRAP 0x095 +#define SVM_EXIT_CR6_WRITE_TRAP 0x096 +#define SVM_EXIT_CR7_WRITE_TRAP 0x097 +#define SVM_EXIT_CR8_WRITE_TRAP 0x098 +#define SVM_EXIT_CR9_WRITE_TRAP 0x099 +#define SVM_EXIT_CR10_WRITE_TRAP 0x09a +#define SVM_EXIT_CR11_WRITE_TRAP 0x09b +#define SVM_EXIT_CR12_WRITE_TRAP 0x09c +#define SVM_EXIT_CR13_WRITE_TRAP 0x09d +#define SVM_EXIT_CR14_WRITE_TRAP 0x09e +#define SVM_EXIT_CR15_WRITE_TRAP 0x09f #define SVM_EXIT_INVPCID 0x0a2 #define SVM_EXIT_NPF 0x400 #define SVM_EXIT_AVIC_INCOMPLETE_IPI 0x401 @@ -186,6 +202,7 @@ { SVM_EXIT_MWAIT, "mwait" }, \ { SVM_EXIT_XSETBV, "xsetbv" }, \ { SVM_EXIT_EFER_WRITE_TRAP, "write_efer_trap" }, \ + { SVM_EXIT_CR0_WRITE_TRAP, "write_cr0_trap" }, \ { SVM_EXIT_INVPCID, "invpcid" }, \ { SVM_EXIT_NPF, "npf" }, \ { SVM_EXIT_AVIC_INCOMPLETE_IPI, "avic_incomplete_ipi" }, \ diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index f840e3a3ee45..b6b16379ae8d 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2466,6 +2466,29 @@ static int cr_interception(struct vcpu_svm *svm) return kvm_complete_insn_gp(&svm->vcpu, err); } +static int cr_trap(struct vcpu_svm *svm) +{ + unsigned long old_value, new_value; + unsigned int cr; + int ret; + + new_value = (unsigned long)svm->vmcb->control.exit_info_1; + + cr = svm->vmcb->control.exit_code - SVM_EXIT_CR0_WRITE_TRAP; + switch (cr) { + case 0: + old_value = kvm_read_cr0(&svm->vcpu); + + ret = __kvm_set_cr0(&svm->vcpu, old_value, new_value); + break; + default: + WARN(1, "unhandled CR%d write trap", cr); + ret = 1; + } + + return kvm_complete_insn_gp(&svm->vcpu, ret); +} + static int dr_interception(struct vcpu_svm *svm) { int reg, dr; @@ -3047,6 +3070,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = { [SVM_EXIT_XSETBV] = xsetbv_interception, [SVM_EXIT_RDPRU] = rdpru_interception, [SVM_EXIT_EFER_WRITE_TRAP] = efer_trap, + [SVM_EXIT_CR0_WRITE_TRAP] = cr_trap, [SVM_EXIT_INVPCID] = invpcid_interception, [SVM_EXIT_NPF] = npf_interception, [SVM_EXIT_RSM] = rsm_interception, diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 46bd83f0dbc3..a25c2bd43de3 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -804,11 +804,33 @@ bool pdptrs_changed(struct kvm_vcpu *vcpu) } EXPORT_SYMBOL_GPL(pdptrs_changed); +int __kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long old_cr0, unsigned long cr0) +{ + unsigned long update_bits = X86_CR0_PG | X86_CR0_WP; + + kvm_x86_ops.set_cr0(vcpu, cr0); + + if ((cr0 ^ old_cr0) & X86_CR0_PG) { + kvm_clear_async_pf_completion_queue(vcpu); + kvm_async_pf_hash_reset(vcpu); + } + + if ((cr0 ^ old_cr0) & update_bits) + kvm_mmu_reset_context(vcpu); + + if (((cr0 ^ old_cr0) & X86_CR0_CD) && + kvm_arch_has_noncoherent_dma(vcpu->kvm) && + !kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_CD_NW_CLEARED)) + kvm_zap_gfn_range(vcpu->kvm, 0, ~0ULL); + + return 0; +} +EXPORT_SYMBOL_GPL(__kvm_set_cr0); + int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0) { unsigned long old_cr0 = kvm_read_cr0(vcpu); unsigned long pdptr_bits = X86_CR0_CD | X86_CR0_NW | X86_CR0_PG; - unsigned long update_bits = X86_CR0_PG | X86_CR0_WP; cr0 |= X86_CR0_ET; @@ -845,22 +867,7 @@ int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0) if (!(cr0 & X86_CR0_PG) && kvm_read_cr4_bits(vcpu, X86_CR4_PCIDE)) return 1; - kvm_x86_ops.set_cr0(vcpu, cr0); - - if ((cr0 ^ old_cr0) & X86_CR0_PG) { - kvm_clear_async_pf_completion_queue(vcpu); - kvm_async_pf_hash_reset(vcpu); - } - - if ((cr0 ^ old_cr0) & update_bits) - kvm_mmu_reset_context(vcpu); - - if (((cr0 ^ old_cr0) & X86_CR0_CD) && - kvm_arch_has_noncoherent_dma(vcpu->kvm) && - !kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_CD_NW_CLEARED)) - kvm_zap_gfn_range(vcpu->kvm, 0, ~0ULL); - - return 0; + return __kvm_set_cr0(vcpu, old_cr0, cr0); } EXPORT_SYMBOL_GPL(kvm_set_cr0); From patchwork Tue Nov 17 17:07:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912995 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 65D81C5519F for ; Tue, 17 Nov 2020 17:11:21 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0E09320656 for ; Tue, 17 Nov 2020 17:11:21 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="EMSK6Jdu" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729347AbgKQRKt (ORCPT ); Tue, 17 Nov 2020 12:10:49 -0500 Received: from mail-dm6nam11on2083.outbound.protection.outlook.com ([40.107.223.83]:34945 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729303AbgKQRKq (ORCPT ); Tue, 17 Nov 2020 12:10:46 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TKDIWTc1/Fia6/vKqz9VkmzgRlAIuI9a1orlHXIMPdrVp0r6DoY0sPDd3D/k9+S1EzKabwHJQhBfoBnpiWU8tnyRNBWhBHoInLOfcx82YRYwZwB3wj0y6Rp8WpjS4h9ingZIgxdjuCDE2A3wRWixac7YHzd+i0DdEwC9aNJfeQcY+h9HDW8kjMnY2TiiQlY7kF1Im7npRSMlk8BC2d2YnmvYUWkqeL9MGFzPVITZk/qaoas0++nOTKUzyUyDVPPvZ/EEXKzTBAtk0TNPptETr4Fc9en1x3mLhE9QDWvJUBuIcuKtzsJdn2DcYzbDydxhmm6hrw9qr28JVUqiK9YxPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Q1B5ANj+qmKjDmJ4qJxIBqF/ZmCBCoYQ0IKKgp4zL+k=; b=guXpox4CB8KMAq/TXTydAEDwQpri/yIJkyVu8Y/F+kVKveY4V0ngThqeodItykTVjq9VDYXahaS13WKOYD2Xf/j2x/x5IbR4CvBy4EJ6xTwEZqpVMpqeOHzn7DEdYaaF4rD936aOuOSwaagcGYts8oAlVMiFj+DoKD6wLd4A8dPLgxe0AYCvEvKYOt8qWOpcbbm+4OsTC0yUJFGyn8vlUO8OJH5R+GlopGD/9xRegu3b2FQMjQHXCVXXlNAwAH735eO95cZxRAMhjSP8USjF2Om3lqAyXD7qjLQfuzGKVPOb5pAx2lxx65cP8qFt5U1HDDCwioOhWpQb5gt95+ioOw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Q1B5ANj+qmKjDmJ4qJxIBqF/ZmCBCoYQ0IKKgp4zL+k=; b=EMSK6Jdu6XHoGT/jvpiH87740YKJaySMtpHrm7z37A/jw7BbhCWvZ0yZA5x86KlamAej2isP020AG4dN67AGqlBy0vUpb+jJXVmSoPKzmhklk5sYg9argrJwKFPZ6/M/X5g6g+5ceoaxbXnJ/O829PSejT+lcF7RqavkCQmAuDk= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:10:42 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:10:42 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 22/34] KVM: SVM: Add support for CR4 write traps for an SEV-ES guest Date: Tue, 17 Nov 2020 11:07:25 -0600 Message-Id: <3407b117f17c5cabceac69a24488602f4b78cf53.1605632857.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR13CA0132.namprd13.prod.outlook.com (2603:10b6:806:27::17) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SA9PR13CA0132.namprd13.prod.outlook.com (2603:10b6:806:27::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.15 via Frontend Transport; Tue, 17 Nov 2020 17:10:41 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: bbcc1287-a72a-43d1-a2fe-08d88b1bb700 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Uwy/zcKf9vh6nikt4X4kMkLl0TNM9sriLfaR+T5Jv6fhMZa3oSAPzD79dfuI11m5pgXAmbTXmjQlOrGkELDHVByTae/NHPfTC7PcGiwJ+PLg8ZSJBAr/9Nad6JwRNihnrPsdochXHxdiJ+gvyiVX5Emlif5tTOLli1n7LoQhyv3jOcabOgy6+tOmyGVgyOxk+k+99B4K4vXY9C6AYc1biKCRw4M767tX9pvaUa5wG50wlJ1oS5mXlvSCJkI+ZPtwjW4a0EzyVGZ8Cpj8BISeyGCsEpfeGy6tIcwCP6akXyzmTL9LZlcnNxYuGcaY+G/P X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: 28f8nHKC3IU0f5wItTlBVjqcvZ120ItIbyjRmL7su9SJ7x/eZ9AMQ3qe+zHK6kylRP7pgHV63q21iA65urw837d0HdVPL3Sb4hKu+NIQTmKRcW2bn0xa4TWlOunu5KEWUkyqBNYKZJ3PG5lKy34+T6kgIMPYeNPxf/ZgCPMV9vJ2Js9SoOSfIOV82mx+8pafnYll1XrJhAiGTOs27h7uzvz0zxZYYGVhPwsn8xrFoFy5n8iB3ap20f9PX6cDOsW73T6l5i+Vyh5tmo6Yr+ph+78Tqn32aJTCvi8YQZY3DHLqSO+Em591Q0WnSMDT2GGm1NVS5J1Adk0WZoFjBjNyjzOeye9eYk4aOF9xbz7dCmbBevoBbKXrDqCt4PnMRpZN/VibVeXjNkqecyLRwyTGadz+dd9QNmLI07fY9iCzNhmwzmKLEWFkCg+knqPMsr5PRhddMUqTTirnA14W4FsEs5gMiz3En8HeNK+WUzYOrXf9X9D/SW+6VB8ZNPh95Y2dc9fQ43ZE12HNZcn6vFFSpAlQqB0e4IiCOKThzDNWfZ7nSiCWjh23ysVsTNBKsdM2wSu6ckjX3hcWScmt7LIxixCLvVPhUewd6jujQds8PGdLJhSR7nn+P9mRthhVUA5JnQaZ2DBOtNjPy+NgM6WI/Q== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: bbcc1287-a72a-43d1-a2fe-08d88b1bb700 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:10:42.5414 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: WgoHQLSKpf27999l68V3x5rFt97XO9XQaBBF84hSpFVB6JlYRVdyySHlLxY+/SGp6UBWYB4qpV80JdZNeMuE3Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky For SEV-ES guests, the interception of control register write access is not recommended. Control register interception occurs prior to the control register being modified and the hypervisor is unable to modify the control register itself because the register is located in the encrypted register state. SEV-ES guests introduce new control register write traps. These traps provide intercept support of a control register write after the control register has been modified. The new control register value is provided in the VMCB EXITINFO1 field, allowing the hypervisor to track the setting of the guest control registers. Add support to track the value of the guest CR4 register using the control register write trap so that the hypervisor understands the guest operating mode. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/uapi/asm/svm.h | 1 + arch/x86/kvm/svm/svm.c | 6 ++++++ arch/x86/kvm/x86.c | 32 ++++++++++++++++++++------------ 4 files changed, 28 insertions(+), 12 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 068853bcbc74..bd7169de7bcb 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1476,6 +1476,7 @@ int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int idt_index, int __kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long old_cr0, unsigned long cr0); int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0); int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3); +int __kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long old_cr4, unsigned long cr4); int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4); int kvm_set_cr8(struct kvm_vcpu *vcpu, unsigned long cr8); int kvm_set_dr(struct kvm_vcpu *vcpu, int dr, unsigned long val); diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h index 14b0d97b50e2..c4152689ea93 100644 --- a/arch/x86/include/uapi/asm/svm.h +++ b/arch/x86/include/uapi/asm/svm.h @@ -203,6 +203,7 @@ { SVM_EXIT_XSETBV, "xsetbv" }, \ { SVM_EXIT_EFER_WRITE_TRAP, "write_efer_trap" }, \ { SVM_EXIT_CR0_WRITE_TRAP, "write_cr0_trap" }, \ + { SVM_EXIT_CR4_WRITE_TRAP, "write_cr4_trap" }, \ { SVM_EXIT_INVPCID, "invpcid" }, \ { SVM_EXIT_NPF, "npf" }, \ { SVM_EXIT_AVIC_INCOMPLETE_IPI, "avic_incomplete_ipi" }, \ diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index b6b16379ae8d..146dbfeb5768 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2481,6 +2481,11 @@ static int cr_trap(struct vcpu_svm *svm) ret = __kvm_set_cr0(&svm->vcpu, old_value, new_value); break; + case 4: + old_value = kvm_read_cr4(&svm->vcpu); + + ret = __kvm_set_cr4(&svm->vcpu, old_value, new_value); + break; default: WARN(1, "unhandled CR%d write trap", cr); ret = 1; @@ -3071,6 +3076,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = { [SVM_EXIT_RDPRU] = rdpru_interception, [SVM_EXIT_EFER_WRITE_TRAP] = efer_trap, [SVM_EXIT_CR0_WRITE_TRAP] = cr_trap, + [SVM_EXIT_CR4_WRITE_TRAP] = cr_trap, [SVM_EXIT_INVPCID] = invpcid_interception, [SVM_EXIT_NPF] = npf_interception, [SVM_EXIT_RSM] = rsm_interception, diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index a25c2bd43de3..0305a97abf28 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -983,12 +983,30 @@ int kvm_valid_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) } EXPORT_SYMBOL_GPL(kvm_valid_cr4); +int __kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long old_cr4, unsigned long cr4) +{ + unsigned long mmu_role_bits = X86_CR4_PGE | X86_CR4_PSE | X86_CR4_PAE | + X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_PKE; + + if (kvm_x86_ops.set_cr4(vcpu, cr4)) + return 1; + + if (((cr4 ^ old_cr4) & mmu_role_bits) || + (!(cr4 & X86_CR4_PCIDE) && (old_cr4 & X86_CR4_PCIDE))) + kvm_mmu_reset_context(vcpu); + + if ((cr4 ^ old_cr4) & (X86_CR4_OSXSAVE | X86_CR4_PKE)) + kvm_update_cpuid_runtime(vcpu); + + return 0; +} +EXPORT_SYMBOL_GPL(__kvm_set_cr4); + int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) { unsigned long old_cr4 = kvm_read_cr4(vcpu); unsigned long pdptr_bits = X86_CR4_PGE | X86_CR4_PSE | X86_CR4_PAE | X86_CR4_SMEP; - unsigned long mmu_role_bits = pdptr_bits | X86_CR4_SMAP | X86_CR4_PKE; if (kvm_valid_cr4(vcpu, cr4)) return 1; @@ -1013,17 +1031,7 @@ int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) return 1; } - if (kvm_x86_ops.set_cr4(vcpu, cr4)) - return 1; - - if (((cr4 ^ old_cr4) & mmu_role_bits) || - (!(cr4 & X86_CR4_PCIDE) && (old_cr4 & X86_CR4_PCIDE))) - kvm_mmu_reset_context(vcpu); - - if ((cr4 ^ old_cr4) & (X86_CR4_OSXSAVE | X86_CR4_PKE)) - kvm_update_cpuid_runtime(vcpu); - - return 0; + return __kvm_set_cr4(vcpu, old_cr4, cr4); } EXPORT_SYMBOL_GPL(kvm_set_cr4); From patchwork Tue Nov 17 17:07:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11913001 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2ED24C64E69 for ; Tue, 17 Nov 2020 17:11:22 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id F09A9206D9 for ; Tue, 17 Nov 2020 17:11:21 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="qlRKjsx/" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729314AbgKQRLL (ORCPT ); Tue, 17 Nov 2020 12:11:11 -0500 Received: from mail-dm6nam11on2077.outbound.protection.outlook.com ([40.107.223.77]:15520 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728724AbgKQRKz (ORCPT ); Tue, 17 Nov 2020 12:10:55 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QnKWFGcuQLhGgCrYjNBEeCw1oIPYcwVod5I6w7h6cqZ69MR9sKEU+IYMDciYaILES1M1a1y4SPr36XUnFt4gVJ1vlJeUFaCGSmWdUAcOz/j7JLSduBtlhqMnJZ7LoIYCZJxRb4uLKx5uA9S1hPC7FvYcSYxZjZytaGhEc0VQAipf46RdQiNgCoF6tbeZzyG0pcaKqqLaVWJNCp1wYIiA55x+HrC+zaMXMlDZJupYl53FoVVyV6gNTcTu9V2Q1VZ75IJuIWbgHsdE4VktjAU23WswPROI/lLUzXMEZJ2PCxDWKV2li8F5xOw38f+yzb6DjSyIbZk3OUIFiRySaFnM6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3hbY8uveVEnyeeOkeJUghCuocXWqo4A8lomyKViLlww=; b=Z2DlMIsBNsBEzerlcJ8FV2xas6IcOBTeOwUa9FLXCzwDnrSNGA6L/7MoI141Ex3OIZNGU74YTyhETHt/RY+sryD0pbh4Jvu2p03HPebO+dnHEa7L2RbkrIDUg2ku0SDrYkotDEYTjOXJCaj5sHWz87ZobgEbHdkPhUEEJVcSZbAaT0FLCOcKzUc9DcmUtF4Yn5J80jJLPlWFQiQgRjFjA61FnpGc55O7Q3W/jMpwQNfk62tG3ke48LTOZbsQSjY7YmMom80ZAwW9wo9XcZel488luQ4p9/Oy57x2DlohVsEle9PisKN2hSnsMiYTQGqYDEWVxK6X0WkyFpPakc1KNA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3hbY8uveVEnyeeOkeJUghCuocXWqo4A8lomyKViLlww=; b=qlRKjsx/kDEjiHYh/LoznAH41GN3Cuc46vZQ0hEpNe2AhqmuVPyBNVSEepcvzXgCGj2xbogw9XGmEz9Qe4sybLUlr+Mi6I+Mv2Ead9td6cpk5jf1D6XsZtLcJLUCWCt4nBjXsuJlWvpu5+/9dxmZW15QUihTZHAqCKH0klNJ2Tg= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:10:50 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:10:50 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 23/34] KVM: SVM: Add support for CR8 write traps for an SEV-ES guest Date: Tue, 17 Nov 2020 11:07:26 -0600 Message-Id: <6e32aac0580cff0da77042b2f0db986af814b6f2.1605632857.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0501CA0146.namprd05.prod.outlook.com (2603:10b6:803:2c::24) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SN4PR0501CA0146.namprd05.prod.outlook.com (2603:10b6:803:2c::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.15 via Frontend Transport; Tue, 17 Nov 2020 17:10:49 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 107fe14b-b4eb-435a-15b2-08d88b1bbbbe X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6790; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: TxvpgK5qtz/QgvWe3/R+LfRFcZ5liFvisLNBVq8w3g/QjdKddC96p3laPTtEFuiCdulG0KY2azToAqvrCTey6SPgNTZaShtxnuBW6VN8rA1kQV0sToZNZHv1fqAlicTkJQsoUgA/SXJmYutSQ3puSfWTgE/Opim6/ymtrYcp/vHNrGZz4U7ljW8KwNsparbBB8aoRLrfBvgAsFM9ZbQ6U1uirbDh2iPUmQdEBJgJil21QugUpaWFFEYWD+urZk+/DWhvcXN4ybtxAvszLiTVBEZeeP1dckbB8XdOYx3tc/C7HGuJkRaUNbnJgzENTN2B X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: fw85rMR0O3r8EWKNhC8ZjZ2rkYCAjC5QVI1hnmFOig9UOHYD0YW0gcdQBOs7NJq/s4UDRuvtMg03wrw+BGXtPhGyHAE/IzpHVBRrU4PXGyy7k7m0wfRhJMGwKlfH2e7uSTv9uEPg+V6dvylOyTR3MZZM+eJpV9XHyNeDNN/aL3k2WgHqa9ISp+o2QTdC9Cx/iPaWbH1LAl4hITrYo1AFc0+5Xv0nNP1fdbXCYwTYuTZXQZlvD32QfsirO+dHt0dCZFIGa0F8t4vcHz6ofQtrS16YnpyNq5+nrcWPg8w9xEdTCsBPTZXmILbtb36jpw8kAZnll+oGlIKeOUw2qFeKwTzgwWZLUcFmFC1xcpRxa/yNK6b+1LgFjN+CWscSidpp/iY2yOsrUvypTkHP9AQx2ZCszCV6CUEiI/bamzYBP33uGKvDQsqgDh2QUtR50HcpLdtJPCQ0GPbGOFeyodODcJhjsno8yKimkqlLsQzT4OMjCXpYLtuOhwcCSI8Ax3eEuh+9BIhATxmuHGAkTDRWq5bTGJUfUAQHtcsCBkPFkBl5UMLHgcQZPpoK+/x6BKIpI1Rd0zA3/pXb4tYL6lPYhnJbk/sYBirMPkscYasPdDRJFdG7EE181/m1gt62rYXmfSBfsGk6gmp4bxCEjtfV4w== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 107fe14b-b4eb-435a-15b2-08d88b1bbbbe X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:10:50.5168 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Mc12I+4lfCVa1ew/UtrF0nQTZUcIPXdQulNfSRiq/7NzrIMAKxvHDQmRx57O7ImagasbVm+fOlktzC4TklbUcg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky For SEV-ES guests, the interception of control register write access is not recommended. Control register interception occurs prior to the control register being modified and the hypervisor is unable to modify the control register itself because the register is located in the encrypted register state. SEV-ES guests introduce new control register write traps. These traps provide intercept support of a control register write after the control register has been modified. The new control register value is provided in the VMCB EXITINFO1 field, allowing the hypervisor to track the setting of the guest control registers. Add support to track the value of the guest CR8 register using the control register write trap so that the hypervisor understands the guest operating mode. Signed-off-by: Tom Lendacky --- arch/x86/include/uapi/asm/svm.h | 1 + arch/x86/kvm/svm/svm.c | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h index c4152689ea93..554f75fe013c 100644 --- a/arch/x86/include/uapi/asm/svm.h +++ b/arch/x86/include/uapi/asm/svm.h @@ -204,6 +204,7 @@ { SVM_EXIT_EFER_WRITE_TRAP, "write_efer_trap" }, \ { SVM_EXIT_CR0_WRITE_TRAP, "write_cr0_trap" }, \ { SVM_EXIT_CR4_WRITE_TRAP, "write_cr4_trap" }, \ + { SVM_EXIT_CR8_WRITE_TRAP, "write_cr8_trap" }, \ { SVM_EXIT_INVPCID, "invpcid" }, \ { SVM_EXIT_NPF, "npf" }, \ { SVM_EXIT_AVIC_INCOMPLETE_IPI, "avic_incomplete_ipi" }, \ diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 146dbfeb5768..f5188919a132 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2486,6 +2486,9 @@ static int cr_trap(struct vcpu_svm *svm) ret = __kvm_set_cr4(&svm->vcpu, old_value, new_value); break; + case 8: + ret = kvm_set_cr8(&svm->vcpu, new_value); + break; default: WARN(1, "unhandled CR%d write trap", cr); ret = 1; @@ -3077,6 +3080,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = { [SVM_EXIT_EFER_WRITE_TRAP] = efer_trap, [SVM_EXIT_CR0_WRITE_TRAP] = cr_trap, [SVM_EXIT_CR4_WRITE_TRAP] = cr_trap, + [SVM_EXIT_CR8_WRITE_TRAP] = cr_trap, [SVM_EXIT_INVPCID] = invpcid_interception, [SVM_EXIT_NPF] = npf_interception, [SVM_EXIT_RSM] = rsm_interception, From patchwork Tue Nov 17 17:07:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912997 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B53D6C2D0E4 for ; Tue, 17 Nov 2020 17:11:21 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 76CA320656 for ; Tue, 17 Nov 2020 17:11:21 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="K/8rhDys" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729351AbgKQRLF (ORCPT ); Tue, 17 Nov 2020 12:11:05 -0500 Received: from mail-dm6nam12on2058.outbound.protection.outlook.com ([40.107.243.58]:33065 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727145AbgKQRLD (ORCPT ); Tue, 17 Nov 2020 12:11:03 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lt6cpvQ1wJITdcjo6fhWYRSgPeGXfE/N2P9mhtLdNEVvXOa0aC0YPqk+JvB7qU3OPcuD8VKeNzTD7C/DSxSXZdYGfDGWbb3vsnDPz+A8UMLWVa+feNbui3XHOco66cF0RDxzEUrtCcTVgq2iUPdy0nAU4FRALj3i+t2zp9jVxByXP4lEDIcur4yLNixgB2XS/4k6eXfQ70W6EqDgvS7b8+kQJC0Nf8Eq+mqoEsEj2tZ96WkmJ/Fs73sRfFyLvOzIF/Gpi0esd0g38K2w0e++45nIy5J1uc0l0h6qeVg2xFrWgo/bUNJyKfFQDo8cqP7sip5iCIWa/dRxOYQX1Oamkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hg4xuD0QJqcjDNbNObSHN9TvGbwkV9TmYhzWzTL9eiM=; b=Z2jGHJVpZAvSUsUkrdP/YjOV7BEDqU90IbHktrZzvATasfa3Dj+x+01n2Ms58VTJ2LkYaKB2S9XKfhuzCJtcUERxQgSMyFoElqVTYm76xqau44YKIea6nCf0nsAaY5Sc10ocFAk3AvrggsNlH+EAwQdNPjwkHnhwcSbt9E7aazln/sN+b3zgaT5+y9YUCuCOxrInsMUV7MeFoTBv8wVAYyLv/EBSqx0e6w7n6hlZ8QK7R33ZVc0FSZ9VqXXPH4fHgNC9ubcRTZ7ywb5tLvaLiuK1fBwqhGlPFiUupsulwGKmqWUAmzi5HOaHN51RVv4hDEqpACRj5TmCppJZ5Q/OYA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hg4xuD0QJqcjDNbNObSHN9TvGbwkV9TmYhzWzTL9eiM=; b=K/8rhDysMqHAObOwk4tHdylnHh6u9+rcCtq0BPZ+XGjcysqqkzYnoc2ZTSsUWQMZ1cWcGrUp1i5PKcIgSRtotOKcUaN7OLK5KiY+FVAKtYWYSknyQeLttwvity56uFfQM7SUJ6wpil1NkE8pxD4XKEkVD0dlrxJhXlmvsjhdNU8= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:10:58 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:10:58 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 24/34] KVM: x86: Update __get_sregs() / __set_sregs() to support SEV-ES Date: Tue, 17 Nov 2020 11:07:27 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0201CA0040.namprd02.prod.outlook.com (2603:10b6:803:2e::26) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SN4PR0201CA0040.namprd02.prod.outlook.com (2603:10b6:803:2e::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.28 via Frontend Transport; Tue, 17 Nov 2020 17:10:57 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 1755dac5-4167-4814-239d-08d88b1bc097 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5797; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: V5ei6dnPTqcElsaqNXUzyHknRsQ/uIkpHJOkeJSyLY3WU+0WyZ1XPCHrgl9BrIAQUvQkQY+02aSUCasqQGT5AJ4lyS7D7ONkvTpmQg7yOsSpPQzmcS6hqPUB7DsUTU4+3n8VgdpdgfWbk62S5CD4pMK0fLBxuDVbMa0HUo0/Elw5aaEhnXbxNGHvG1+HZd15r44dh6P4oAqybtuO1uBkOFnApwdZtKXlgO3vtJqSKwX9GEISEzEJ51z4mJx4ykn6+F7weoA1ZGZuOlhT37Qa0SFVntJkk96vFpY0h8c3KQT+Xk5XnByeKX6Z7FZN7l1x X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(15650500001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: sjEB7aHpF2MlwA9ccUEZ+WwCloh2r1zEFjB16KXOdysMdp6vpgSrWtDkshnluuc8vci3PAn3nsQigBJg3/sztonCwrnzSUz1O+XwOMYPRsSH+05e1LZRMYWhosFZ5ZkTFWmcNFR4lloTRRTNQvZNVrR4NLAZSaNvjGy8c0EzjeixvgrQETenO4xegQv9q6Ltf4PRNfVdTpi1dvVk2A5vvd9HKtGSHdoGiIuuyDj5B/Pg1DHweZr7kX2eJ+kyEGvAC73kxbUMW4QCCNmX2eBZS2OOo1ioHqQJ1o0rUOlyWZ0YQ3Vlhg+f3+rve0V3COWB6rV219SuH22KeIULuvGIEDq5GKoo/Nmapt000TwXei97B8kvIzg1QfY+9N5wG/aMOuyYlbRucc+BanFinUSpLSf55nfIW7ku8KhhMCQAQ2OBh02yqX8i9dYuxIQ69/3dIibhWZTaH/aCMZx8dSRGFjy5T9v1P4n+CEeP/9rRL1XdJFDcKlNfNks0FsbMZNgFe4fIAoZOip5pXHe5iO1aNcb5hmofsn5HPyxXEahlcFCQALMFUDCDFOqM0KGR/Epa6b4CyenWeCVa19jXWpREvthLImM1dZLH6L3ggY+mmilj2Rbek2Or+rYJJDQR3tEcBJfggdS3X8Pn3U0bANKTgg== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1755dac5-4167-4814-239d-08d88b1bc097 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:10:58.7312 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: toCZvQJ5EB4pqkqBkS0lXDZYQZcMqhA8BzjqItJdNPqEJI8n1wgTjeo69ADe8vWkRgMPsjAFt7EIKabG9aX/hQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky Since many of the registers used by the SEV-ES are encrypted and cannot be read or written, adjust the __get_sregs() / __set_sregs() to take into account whether the VMSA/guest state is encrypted. For __get_sregs(), return the actual value that is in use by the guest for all registers being tracked using the write trap support. For __set_sregs(), skip setting of all guest registers values. Signed-off-by: Tom Lendacky --- arch/x86/kvm/x86.c | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 0305a97abf28..e848fa947d1d 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -9432,6 +9432,9 @@ static void __get_sregs(struct kvm_vcpu *vcpu, struct kvm_sregs *sregs) { struct desc_ptr dt; + if (vcpu->arch.guest_state_protected) + goto skip_protected_regs; + kvm_get_segment(vcpu, &sregs->cs, VCPU_SREG_CS); kvm_get_segment(vcpu, &sregs->ds, VCPU_SREG_DS); kvm_get_segment(vcpu, &sregs->es, VCPU_SREG_ES); @@ -9449,9 +9452,11 @@ static void __get_sregs(struct kvm_vcpu *vcpu, struct kvm_sregs *sregs) sregs->gdt.limit = dt.size; sregs->gdt.base = dt.address; - sregs->cr0 = kvm_read_cr0(vcpu); sregs->cr2 = vcpu->arch.cr2; sregs->cr3 = kvm_read_cr3(vcpu); + +skip_protected_regs: + sregs->cr0 = kvm_read_cr0(vcpu); sregs->cr4 = kvm_read_cr4(vcpu); sregs->cr8 = kvm_get_cr8(vcpu); sregs->efer = vcpu->arch.efer; @@ -9590,6 +9595,9 @@ static int __set_sregs(struct kvm_vcpu *vcpu, struct kvm_sregs *sregs) if (kvm_set_apic_base(vcpu, &apic_base_msr)) goto out; + if (vcpu->arch.guest_state_protected) + goto skip_protected_regs; + dt.size = sregs->idt.limit; dt.address = sregs->idt.base; kvm_x86_ops.set_idt(vcpu, &dt); @@ -9628,14 +9636,6 @@ static int __set_sregs(struct kvm_vcpu *vcpu, struct kvm_sregs *sregs) if (mmu_reset_needed) kvm_mmu_reset_context(vcpu); - max_bits = KVM_NR_INTERRUPTS; - pending_vec = find_first_bit( - (const unsigned long *)sregs->interrupt_bitmap, max_bits); - if (pending_vec < max_bits) { - kvm_queue_interrupt(vcpu, pending_vec, false); - pr_debug("Set back pending irq %d\n", pending_vec); - } - kvm_set_segment(vcpu, &sregs->cs, VCPU_SREG_CS); kvm_set_segment(vcpu, &sregs->ds, VCPU_SREG_DS); kvm_set_segment(vcpu, &sregs->es, VCPU_SREG_ES); @@ -9654,6 +9654,15 @@ static int __set_sregs(struct kvm_vcpu *vcpu, struct kvm_sregs *sregs) !is_protmode(vcpu)) vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE; +skip_protected_regs: + max_bits = KVM_NR_INTERRUPTS; + pending_vec = find_first_bit( + (const unsigned long *)sregs->interrupt_bitmap, max_bits); + if (pending_vec < max_bits) { + kvm_queue_interrupt(vcpu, pending_vec, false); + pr_debug("Set back pending irq %d\n", pending_vec); + } + kvm_make_request(KVM_REQ_EVENT, vcpu); ret = 0; From patchwork Tue Nov 17 17:07:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11913003 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DD8D0C63697 for ; Tue, 17 Nov 2020 17:11:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9D92324248 for ; Tue, 17 Nov 2020 17:11:57 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="bibio/Oo" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729476AbgKQRL1 (ORCPT ); Tue, 17 Nov 2020 12:11:27 -0500 Received: from mail-dm6nam12on2041.outbound.protection.outlook.com ([40.107.243.41]:38625 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728195AbgKQRL0 (ORCPT ); Tue, 17 Nov 2020 12:11:26 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Rxuf7vAkDg75XmpFuPhOhS0j6tTR0EmPLNMgjy3Y/H4Cf1zdXABNSJWlbWRX6ImeW+55iasKBfih3l7G5jGCTlrKFL+82gyDoG8UGrixEDpaVmQbA/8/WITLjoNhFXS1HHEYvhBu+swKS5sXfJjOyaElXOFWqwXH+Wh5WusaAOkzeprpfkZG4taK/vUlXZV70Em5d381Q+ue6aleKWW+9X4w6SUIuCPUESsUxBrM1IKNUGh7TyCbhL3NW+cq3cAQnPHPdYsf8gECHGRSesZ/6lqIICBsHI2opQTkxP6W76eRGsEOQE//cYeMwsHyJoFzI0c+/sw/M048nk3SJ8x31Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MFh2yeP11XAYkAP/OeVAP2e6Hbfn5Ae0oSITtuw4T8s=; b=GoNg9acPjsCP07OBPaD/BsXsV0lUlzHivGoPRiPSySWcwmxFlBG8H1ZuWnU6bNABGnbrnKymcStffS+MqGU4nMe5ABgScfz07Rk5U3vSPRrwRUOI1s0J+Zd/CCV3Hnwo2kTvOjJ4IqUUqh0gsFWXg4hrALS+uxx7zc0P2cthus5XUFWf+TjH/ERODlh1Rz1LCk8ZFdmkkXS/xqwZVdBwTHnowVMLzOOYe8J61d04SkvaNHAmKkHL2NTICkIVR6Wy4n/kZlCw9/K2fxBdtxuuptUeI97s72OgL8NsoMa+tCx1+2O3xuJIM0hMjZzBXLTgI/mYxk+cChBkVLamJJ6Iiw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MFh2yeP11XAYkAP/OeVAP2e6Hbfn5Ae0oSITtuw4T8s=; b=bibio/OoTrCMdCEIqvxsFobrIoiLRObOk9uNyYMmjD7hu0Os8rKjgs/J9TZtKnwp08MKNfbKxi3nqUs3yXsdn6tc2hcBOko8NrdtXoCIkU5fHo8hPxVvBVhLV7vbn/zTuRP+6Gs/p3nImIH3vGEEjLv1gElBure5kMtcPJKWBPw= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:11:22 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:11:22 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 25/34] KVM: SVM: Do not report support for SMM for an SEV-ES guest Date: Tue, 17 Nov 2020 11:07:28 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN6PR04CA0099.namprd04.prod.outlook.com (2603:10b6:805:f2::40) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SN6PR04CA0099.namprd04.prod.outlook.com (2603:10b6:805:f2::40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.20 via Frontend Transport; Tue, 17 Nov 2020 17:11:21 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: c73d1828-394c-4ab9-11d3-08d88b1bce95 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: zj14EFvYhynTeU0FQQPStkWWMnA79tBaIYLe7XQcRfL+kUYWbuXw/MeIREjsAEHYer2YlkD0l4tEPuDiV/wZOMNgrR7kRsLthA/SH6kRFuEPKBuosWzTVSaWiBsQgLU+xEVxZvvSCO9wv9cUqcMTIemOS1t7Tyq05fpohCOTk8eUh2P7qRAOsyiYeyAf+nFiJnsLJ1/zEpUKHAyCq9jLl6ys92XZ2qpPyxjKozLUhcDYR3EjI+KB6OFk5MLe2o+k9l8+7mn4BceZXloS2s5EVQDnrjU0nMdTq0C+dD4rv3fkzZu80fE0Vxv2OUJRu9TzmvO17HYfhABIQ+ecBo1PRg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: GQh8tYgU+USCYEDg2oHm0hiZUGUpH2rSEbttiDEE7KYdGh+lYdHDcQER0atBs4BHiBihGGf4HlILq5MClEFtoKNJN4t4MsnWMj3k228xAhxhta1vPyh2RfOE/L0VLUaX2MkYzTFfdgHX9H9RIrLwsr/xG52lJBOqUtCTJ7NSK4Z3+xTaFq83od/XKE0It70e5PuWPwRs0EMorfKAeDYooVWr9rFde6703OyfD3TefXVsxAehjzpHF7kE8H9XBGjnzwaru/n62JCEYSA84C+CeYcr1TIQQSAilgGzkwdFW7+GxVH0ENR/3QqbGmU/qS/N+l9d2SPLuhEUm/R5qqvy+gzng/lfT+ZtvB6RcJRjeUjYIkyH5qTmJi3E+6QiM6oTojoT6lP8vPXX6VqEdkFNHgUsATtp656o+7aIey+M6Sg3XUlDyiYPuwEzp6r3+Takz+yrtNAgvNg7gj7tH3o8nE9CaM4KfjyGKNcjflYcexT+tnrXJ+BEg5Q1ORyGTMfmD/UyDpuqhi9QKNicR0gOL2cAkxrTIdJzeQeG72cJftuByPjVmgStTNn3ENLosma9qRKeAe/ppka/Tz5Sc3MRiCNOuCxLYFr5/v2Cf5krebdCXE6V7t1BYAxkJNCY0hhJ/DzcD0xqF9oYklH9YC2UNw== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c73d1828-394c-4ab9-11d3-08d88b1bce95 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:11:22.1447 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: AJm1kwnWYRPFhYIM+svTHBeg9guMuKpSe31HVwnKEvmzdAxYr9NV604aHTk5KSWgw+CanI4ZtSG87WdvoOXNYg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky SEV-ES guests do not currently support SMM. Update the has_emulated_msr() kvm_x86_ops function to take a struct kvm parameter so that the capability can be reported at a VM level. Since this op is also called during KVM initialization and before a struct kvm instance is available, comments will be added to each implementation of has_emulated_msr() to indicate the kvm parameter can be null. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kvm/svm/svm.c | 11 ++++++++++- arch/x86/kvm/vmx/vmx.c | 6 +++++- arch/x86/kvm/x86.c | 4 ++-- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index bd7169de7bcb..51343c7e69fb 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1091,7 +1091,7 @@ struct kvm_x86_ops { void (*hardware_disable)(void); void (*hardware_unsetup)(void); bool (*cpu_has_accelerated_tpr)(void); - bool (*has_emulated_msr)(u32 index); + bool (*has_emulated_msr)(struct kvm *kvm, u32 index); void (*vcpu_after_set_cpuid)(struct kvm_vcpu *vcpu); unsigned int vm_size; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index f5188919a132..f68e6284c3c6 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3922,12 +3922,21 @@ static bool svm_cpu_has_accelerated_tpr(void) return false; } -static bool svm_has_emulated_msr(u32 index) +/* + * The kvm parameter can be NULL (module initialization, or invocation before + * VM creation). Be sure to check the kvm parameter before using it. + */ +static bool svm_has_emulated_msr(struct kvm *kvm, u32 index) { switch (index) { case MSR_IA32_MCG_EXT_CTL: case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC: return false; + case MSR_IA32_SMBASE: + /* SEV-ES guests do not support SMM, so report false */ + if (kvm && sev_es_guest(kvm)) + return false; + break; default: break; } diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 47b8357b9751..006d91dca695 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -6399,7 +6399,11 @@ static void vmx_handle_exit_irqoff(struct kvm_vcpu *vcpu) handle_exception_nmi_irqoff(vmx); } -static bool vmx_has_emulated_msr(u32 index) +/* + * The kvm parameter can be NULL (module initialization, or invocation before + * VM creation). Be sure to check the kvm parameter before using it. + */ +static bool vmx_has_emulated_msr(struct kvm *kvm, u32 index) { switch (index) { case MSR_IA32_SMBASE: diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index e848fa947d1d..3ac0edecc5f9 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -3777,7 +3777,7 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) * fringe case that is not enabled except via specific settings * of the module parameters. */ - r = kvm_x86_ops.has_emulated_msr(MSR_IA32_SMBASE); + r = kvm_x86_ops.has_emulated_msr(kvm, MSR_IA32_SMBASE); break; case KVM_CAP_VAPIC: r = !kvm_x86_ops.cpu_has_accelerated_tpr(); @@ -5789,7 +5789,7 @@ static void kvm_init_msr_list(void) } for (i = 0; i < ARRAY_SIZE(emulated_msrs_all); i++) { - if (!kvm_x86_ops.has_emulated_msr(emulated_msrs_all[i])) + if (!kvm_x86_ops.has_emulated_msr(NULL, emulated_msrs_all[i])) continue; emulated_msrs[num_emulated_msrs++] = emulated_msrs_all[i]; From patchwork Tue Nov 17 17:07:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11912999 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 79692C64E69 for ; Tue, 17 Nov 2020 17:11:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 23A3C246A5 for ; Tue, 17 Nov 2020 17:11:58 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="C3eXltmY" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729557AbgKQRLh (ORCPT ); Tue, 17 Nov 2020 12:11:37 -0500 Received: from mail-dm6nam12on2050.outbound.protection.outlook.com ([40.107.243.50]:62158 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729507AbgKQRLg (ORCPT ); Tue, 17 Nov 2020 12:11:36 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MChXBBhBH5n87S3D9xt5i+CQ50rjyOK7zeCs6ZjkKwmtFCDRZNffwfP3+Fpubra64tHMuZ4ojFcBNqxuLgBnrj7EB3TaplNsAjyukJjYiJ8/vlnhXtqAIKO33ytC9wROjjiuOi95hgrxe3baXoMqfhIz1NrnnfTxluslArri1BeWcv26AvLMN+f2J8sESARCjBLxALKk72EbnlAcxnnVHbeJKJQlDBkMQG9vEGWXamzGoDL9pU2jmaz7wNU9fyxCeX3S5p6fF7vXDXkJzgU0q/3ki6b6agc2ysfZtm14idOzqJADQMKbRhxSV/j1YYwpP3Cu6wY7+Sc0m6u+J4aLtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3s4gHbxKgncogRlR/VpvQYV14CkmuxR/vPYouEqrkV4=; b=K1VoZ5Yl2UT1zNjKa/3bQUfSx6vzP84FDeDxVz8Wy+zyKDbjyoTY1OnS1NimLhARGunscVTtPCO4ilbAfjUsuiLxYBnCe64gzqr9k4bL3+bCmUds0FJ6BaJo3/yQSfpAeD2P7MdECOXSrs4094nYw4ylTagotbD/7YL7SP7aKmEMTtkazPFh/Hn5+u1DuxtzsV0VA9NxneqofFQVQeNi2Xh1AKbMZ8dfOyipRZl6dJW0wO23vb5HXLCUx0dH9HfK3JhEP2d1BZfpxoDS5Sodo+DA1VuG+1FFolfvVTLPPIp9VPpxJcaQQhIZCklLSa3sHYQZWRml440FWybVnttwyA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3s4gHbxKgncogRlR/VpvQYV14CkmuxR/vPYouEqrkV4=; b=C3eXltmYRlTdn3kXTzKoJ+TO38qEc6YFP+nUZ0p6EC01GdGwE4aAnATFsZ4T95Vi3WJfJo01q42lQHbRh8AXRgiWOFZWm1l3ycTkMkgnvkAVcIKOpWEPrx6i/m5ncY5RbPlviHDPWwYzvpSHjZ8GZFWqyJeBf6upnhYy4waXIHw= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:11:30 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:11:30 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 26/34] KVM: SVM: Guest FPU state save/restore not needed for SEV-ES guest Date: Tue, 17 Nov 2020 11:07:29 -0600 Message-Id: <9e49532e433b61558e53230aaf82495bf22645bd.1605632857.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0801CA0020.namprd08.prod.outlook.com (2603:10b6:803:29::30) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SN4PR0801CA0020.namprd08.prod.outlook.com (2603:10b6:803:29::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.20 via Frontend Transport; Tue, 17 Nov 2020 17:11:29 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 073ff9ec-32e4-42d5-a9b6-08d88b1bd388 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1850; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: //pJ/3f+wn1ko26C9Y2moWSBp+h87Xlre8vI7ddXfDZb0z3MZ7WoMyyvuZrHw9yQNAWWCe/6DuWoBjKotPTOMHsvkpK1SzEdNfNY0i71bQ1a26YVKqa9Jw4SCIwVOFhIQydEgyQvWPU+DT/WHTC8pXy5oB9fWM0wDxXdf/2o+65R1NkYXijGKn1Z6pb94yjCaQETz43yZAGcrmFqeb4N8MwEEHgenrcx+dsyKLeSqr5L+/u2Dx1lQm41AeGHCFcKNNtAHQ9nf3iboN+AxRDyTfruRhJtwvA+leimm2PZ1Qp+lJQyzVby0zoyiWJ80WWLa76tr544nK8nT9/W1hQjiQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: chuo0iEW8anw1FzwZhfV/zBIHxV1UFIyuRlTaD6J6F/obiJwCBdEkYBKrc0kQoWm/jAzucZlQKzWu5Vu48EwNZynBSK1LC3wj4tJIXqqmm5+12K1PYTzkEOwHhSvaFjcox6u+H0F8gmG5P2Whoj7e10glRUBCF+YDTeqioGRvsvHvupT9yOd5YTe4E/VtdeyR99vDvDBtunhwIYcg2ML+zNwroZzOtJWjgK22eAX/6ueoJh6ZttYnVvyOp8e/s7T5DFUD54+wAgxBg7WNItYja5Zfi/ARao5lJzndk9VpD99pU9/8Z1LTlxcNBelZnbVh/6kgMRioP0gQjsrwt8gMCo2QMVEQRd+fQsz9CiPGud/y+nNuCQ7HI8szezT4L1Ae3CFgTQGddDqtRy0lgkFlI0GQqg+/gv2VVamRDQWqsI7x1xTPlz0Lr614Wwmnh+8T8ysUMApGvY7OyyGrN/4KFLipCSMpSRO63sNAiFPXiLHX090AM5TdrVP+/LeY3LCJBYRADD0Uww9N6hvBcwDAZXj55jmAWgczLm29kIEVklKLsRuMldQJHUxD8MOrTzDtNyBbd9UH38v/TpRVz3vZ5e+iEhsuoKPqcC4vkRjsbtPJI/hNipWKooBSKEvXEgpUPlrjvJDo6S7Cbtrn3KWhg== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 073ff9ec-32e4-42d5-a9b6-08d88b1bd388 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:11:30.4061 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: k0o3PSPpAEAQIJXNaX7MXYhE4EYnG4jPGARpVwOfhSGQI9RuQArltTHio9BsueNk8mXftMynjMj1e+FJGsMalw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky The guest FPU state is automatically restored on VMRUN and saved on VMEXIT by the hardware, so there is no reason to do this in KVM. Eliminate the allocation of the guest_fpu save area and key off that to skip operations related to the guest FPU state. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/svm/svm.c | 8 +++++ arch/x86/kvm/x86.c | 56 +++++++++++++++++++++++++++------ 3 files changed, 56 insertions(+), 10 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 51343c7e69fb..3ef63ab71701 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1473,6 +1473,8 @@ void kvm_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector); int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int idt_index, int reason, bool has_error_code, u32 error_code); +void kvm_free_guest_fpu(struct kvm_vcpu *vcpu); + int __kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long old_cr0, unsigned long cr0); int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0); int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index f68e6284c3c6..63a609a8abf6 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1317,6 +1317,14 @@ static int svm_create_vcpu(struct kvm_vcpu *vcpu) vmsa_page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); if (!vmsa_page) goto error_free_vmcb_page; + + /* + * SEV-ES guests maintain an encrypted version of their FPU + * state which is restored and saved on VMRUN and VMEXIT. + * Free the fpu structure to prevent KVM from attempting to + * access the FPU state. + */ + kvm_free_guest_fpu(vcpu); } err = avic_init_vcpu(svm); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 3ac0edecc5f9..27b9243f2f68 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4494,6 +4494,9 @@ static void load_xsave(struct kvm_vcpu *vcpu, u8 *src) static void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu, struct kvm_xsave *guest_xsave) { + if (!vcpu->arch.guest_fpu) + return; + if (boot_cpu_has(X86_FEATURE_XSAVE)) { memset(guest_xsave, 0, sizeof(struct kvm_xsave)); fill_xsave((u8 *) guest_xsave->region, vcpu); @@ -4511,9 +4514,14 @@ static void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu, static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu, struct kvm_xsave *guest_xsave) { - u64 xstate_bv = - *(u64 *)&guest_xsave->region[XSAVE_HDR_OFFSET / sizeof(u32)]; - u32 mxcsr = *(u32 *)&guest_xsave->region[XSAVE_MXCSR_OFFSET / sizeof(u32)]; + u64 xstate_bv; + u32 mxcsr; + + if (!vcpu->arch.guest_fpu) + return 0; + + xstate_bv = *(u64 *)&guest_xsave->region[XSAVE_HDR_OFFSET / sizeof(u32)]; + mxcsr = *(u32 *)&guest_xsave->region[XSAVE_MXCSR_OFFSET / sizeof(u32)]; if (boot_cpu_has(X86_FEATURE_XSAVE)) { /* @@ -9238,9 +9246,14 @@ static void kvm_load_guest_fpu(struct kvm_vcpu *vcpu) kvm_save_current_fpu(vcpu->arch.user_fpu); - /* PKRU is separately restored in kvm_x86_ops.run. */ - __copy_kernel_to_fpregs(&vcpu->arch.guest_fpu->state, - ~XFEATURE_MASK_PKRU); + /* + * Guests with protected state can't have it set by the hypervisor, + * so skip trying to set it. + */ + if (vcpu->arch.guest_fpu) + /* PKRU is separately restored in kvm_x86_ops.run. */ + __copy_kernel_to_fpregs(&vcpu->arch.guest_fpu->state, + ~XFEATURE_MASK_PKRU); fpregs_mark_activate(); fpregs_unlock(); @@ -9253,7 +9266,12 @@ static void kvm_put_guest_fpu(struct kvm_vcpu *vcpu) { fpregs_lock(); - kvm_save_current_fpu(vcpu->arch.guest_fpu); + /* + * Guests with protected state can't have it read by the hypervisor, + * so skip trying to save it. + */ + if (vcpu->arch.guest_fpu) + kvm_save_current_fpu(vcpu->arch.guest_fpu); copy_kernel_to_fpregs(&vcpu->arch.user_fpu->state); @@ -9769,6 +9787,9 @@ int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu) { struct fxregs_state *fxsave; + if (!vcpu->arch.guest_fpu) + return 0; + vcpu_load(vcpu); fxsave = &vcpu->arch.guest_fpu->state.fxsave; @@ -9789,6 +9810,9 @@ int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu) { struct fxregs_state *fxsave; + if (!vcpu->arch.guest_fpu) + return 0; + vcpu_load(vcpu); fxsave = &vcpu->arch.guest_fpu->state.fxsave; @@ -9847,6 +9871,9 @@ static int sync_regs(struct kvm_vcpu *vcpu) static void fx_init(struct kvm_vcpu *vcpu) { + if (!vcpu->arch.guest_fpu) + return; + fpstate_init(&vcpu->arch.guest_fpu->state); if (boot_cpu_has(X86_FEATURE_XSAVES)) vcpu->arch.guest_fpu->state.xsave.header.xcomp_bv = @@ -9860,6 +9887,15 @@ static void fx_init(struct kvm_vcpu *vcpu) vcpu->arch.cr0 |= X86_CR0_ET; } +void kvm_free_guest_fpu(struct kvm_vcpu *vcpu) +{ + if (vcpu->arch.guest_fpu) { + kmem_cache_free(x86_fpu_cache, vcpu->arch.guest_fpu); + vcpu->arch.guest_fpu = NULL; + } +} +EXPORT_SYMBOL_GPL(kvm_free_guest_fpu); + int kvm_arch_vcpu_precreate(struct kvm *kvm, unsigned int id) { if (kvm_check_tsc_unstable() && atomic_read(&kvm->online_vcpus) != 0) @@ -9955,7 +9991,7 @@ int kvm_arch_vcpu_create(struct kvm_vcpu *vcpu) return 0; free_guest_fpu: - kmem_cache_free(x86_fpu_cache, vcpu->arch.guest_fpu); + kvm_free_guest_fpu(vcpu); free_user_fpu: kmem_cache_free(x86_fpu_cache, vcpu->arch.user_fpu); free_emulate_ctxt: @@ -10009,7 +10045,7 @@ void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu) kmem_cache_free(x86_emulator_cache, vcpu->arch.emulate_ctxt); free_cpumask_var(vcpu->arch.wbinvd_dirty_mask); kmem_cache_free(x86_fpu_cache, vcpu->arch.user_fpu); - kmem_cache_free(x86_fpu_cache, vcpu->arch.guest_fpu); + kvm_free_guest_fpu(vcpu); kvm_hv_vcpu_uninit(vcpu); kvm_pmu_destroy(vcpu); @@ -10057,7 +10093,7 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) kvm_async_pf_hash_reset(vcpu); vcpu->arch.apf.halted = false; - if (kvm_mpx_supported()) { + if (vcpu->arch.guest_fpu && kvm_mpx_supported()) { void *mpx_state_buffer; /* From patchwork Tue Nov 17 17:07:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11913007 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DBB7BC64E75 for ; Tue, 17 Nov 2020 17:11:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8FE0B241A5 for ; Tue, 17 Nov 2020 17:11:58 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="sLwzdVcW" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729501AbgKQRLp (ORCPT ); Tue, 17 Nov 2020 12:11:45 -0500 Received: from mail-dm6nam11on2064.outbound.protection.outlook.com ([40.107.223.64]:13792 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728724AbgKQRLo (ORCPT ); Tue, 17 Nov 2020 12:11:44 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KQaseQxkbOsMf46Hg2NaKt4esWEiHNQM8pgz7HmoBeP5Swnjhu13uf5nALFOMYftyFQ12fbXxWi3UGv5poMjGvBQcRo5k9W3EkG4kyxxJo/cZzCD6KmQr+LOaqlrU7cabBEDr7fG0Pfo9xjytuzVBAVdZNsUaNDrrnQR1f7mJrSxbm7smy7EU/xs94cpe7MNOgElBdVFpnH9agPppsjPP8UYnk33F1AZlmj6pdXsAu4CVp4ltThZjJpWVCwyfv2iFEb5vDdxpp+4npHxHb3WkEjL/LTnokFP3NtylG4zxKBp52y8mea11JOe9mWga65fwVc/EbFr7eBOXljA6Y2bnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GnnVXjC2/dvrAuLfnDzNHdYHQWKR4HYj51b3d7TBub4=; b=R6JmkvzzSDzs8tIsVkUj3xueOwK6A55kTFog/EqeeaacYu4qh/TkOb+lMe4TJx6A/57AvfN8hV63YL8JkxXJf3a8zwL4sDSLoa0ucJa8p6vednWHZEJdaM565HA4bOXHZnQSX5UyrQvIgWVrJxpwI8AiLneJcjgLIk2bvPGXC3LO36833+WA7Cr0wLQakLlhxVMUOXBYPiLCWCLXJMdZCspw7vrojsZhpEXtjiaoW5tzSB8oYik0F3TDIXMKhqFodXgIZhmqffmY234FQSWFOo1sqodGYGeInia3FwiGx1TwM4lNhHfan4Vt6Ei+47/a2ygBjSfz7r5PNYwkAhWu5A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GnnVXjC2/dvrAuLfnDzNHdYHQWKR4HYj51b3d7TBub4=; b=sLwzdVcWA+STdZKUXg5o6XzhJNmlsXE6l3ZFsd3tdl3Tk4Q6JtZJRgqAj3e/x0klStzqAV5NQReq/cOGfwoTpOcNKNASzs9dojetX5rkLSgSViGvMRgYE8ph3XW/8rGFz8864+4Cy8dhqa6vPCc2VPq2uxR1f8eJVM0sTXqYXBk= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:11:39 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:11:38 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 27/34] KVM: SVM: Add support for booting APs for an SEV-ES guest Date: Tue, 17 Nov 2020 11:07:30 -0600 Message-Id: <9fb517abf40eb4eb16f0799922d6fcb6a4855c9f.1605632857.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0501CA0153.namprd05.prod.outlook.com (2603:10b6:803:2c::31) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SN4PR0501CA0153.namprd05.prod.outlook.com (2603:10b6:803:2c::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.15 via Frontend Transport; Tue, 17 Nov 2020 17:11:37 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 60d5bd33-feaf-4fcd-fbbd-08d88b1bd889 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3631; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: oa0nUIRFl/d5Zn2AX5AZGJhU4DcYcbJgz4E/xlmNtUBJ1ECMCvq4A8l91g9zi4bgW3+OKXwo6rgDDEaJPoLNAcNIPkjkmn6+ugb67xkIyWaB48ofn8VM7/Mq0ZED8RUva9KUaXt3qnWzL8ZfTkH4vG6oANs2WNuJYtTg6c3FgDSwSHK66Wbg/z2Rl9nLzbStx7lfjv4e9NllyNVdFVCPU/idNZzPWFcLyF5BKisllxuqaXH9eNC52xbGvohdeXLqS9/p6cf60Te2cP+KHnCqeE+HxZRau01Xb0vFOtzCk/GKgKvwPWfPSVA52DSUnfsWsgNbjteTpunu0YlhiJoO5w== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(498600001)(26005)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: ixCQ4ne+6lboTLGhBXVY70aeoozAkEcWMKBqL20umwGtSd0jcCpQWQYRpElpkxIkwz9nWd845a+7ynPDHyHpC6vjikDowbUOE97UWLq/qyW1nz/aD/BZ/BJoJQItE7v2pdx4HSvoNsi8wb7pMIaqZkEpUTWQdzjyUPnNYgSNufw9D5Ec+Wrw413q+ShUoYJU2GrDWVtC/BVBrvhIfPY6x0EZYNZZYrV2yjU66QA6YXOvUkr7umK4Pt0INwkCFlOYzngSIRFymaOcqJKjCv/pTOccaZsWvOFOMiT8kXPMigttWfYYwHoi71vJSqMnRf/ZNsoSBMy6xVRwVcDGv+8kSWy+/h1rf14Sbz7t8eWlj71IJm8YrXEmQuCSO54P5jMu9IIixMVTgCoAk2LqK70igde2i3nKV5CK0oN2iSCOq33j6SnqQwlTGVVkKMwsCQ/pWgP8SIuR3nPmbgIOqBVR1tsUc9+OaHcFdabhQkgTEaf/nX+4RAPK/vB/mR7CvbL71mYeD9ReFdL/2d+6M8IyH4o1UUPdXCctYYV7S6/CfnAf1KJarAqB/SUclQJcbsJl1phsPKpf2gTJklX9v197I749qTtotYQKz0BQ4KQNCyCBBc0uLD8AkJg8YA/DFg2HeoYqrlrsZ+Ro1YOaCr/+LQ== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 60d5bd33-feaf-4fcd-fbbd-08d88b1bd889 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:11:38.8013 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ISSYXK8CRrEN7CFgdynz5ZY6fbCgZcydVgPL1p/7BoamfN96xSP879CwsK57F9AQhbBkT530SQITufNLmJGfgA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky Typically under KVM, an AP is booted using the INIT-SIPI-SIPI sequence, where the guest vCPU register state is updated and then the vCPU is VMRUN to begin execution of the AP. For an SEV-ES guest, this won't work because the guest register state is encrypted. Following the GHCB specification, the hypervisor must not alter the guest register state, so KVM must track an AP/vCPU boot. Should the guest want to park the AP, it must use the AP Reset Hold exit event in place of, for example, a HLT loop. First AP boot (first INIT-SIPI-SIPI sequence): Execute the AP (vCPU) as it was initialized and measured by the SEV-ES support. It is up to the guest to transfer control of the AP to the proper location. Subsequent AP boot: KVM will expect to receive an AP Reset Hold exit event indicating that the vCPU is being parked and will require an INIT-SIPI-SIPI sequence to awaken it. When the AP Reset Hold exit event is received, KVM will place the vCPU into a simulated HLT mode. Upon receiving the INIT-SIPI-SIPI sequence, KVM will make the vCPU runnable. It is again up to the guest to then transfer control of the AP to the proper location. The GHCB specification also requires the hypervisor to save the address of an AP Jump Table so that, for example, vCPUs that have been parked by UEFI can be started by the OS. Provide support for the AP Jump Table set/get exit code. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/svm/sev.c | 50 +++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 7 +++++ arch/x86/kvm/svm/svm.h | 3 ++ arch/x86/kvm/x86.c | 9 ++++++ 5 files changed, 71 insertions(+) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 3ef63ab71701..78b97071e1c2 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1283,6 +1283,8 @@ struct kvm_x86_ops { void (*migrate_timers)(struct kvm_vcpu *vcpu); void (*msr_filter_changed)(struct kvm_vcpu *vcpu); + + void (*vcpu_deliver_sipi_vector)(struct kvm_vcpu *vcpu, u8 vector); }; struct kvm_x86_nested_ops { diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index a7531de760b5..b47285384b1f 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -17,6 +17,8 @@ #include #include +#include + #include "x86.h" #include "svm.h" #include "cpuid.h" @@ -1449,6 +1451,8 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) if (!ghcb_sw_scratch_is_valid(ghcb)) goto vmgexit_err; break; + case SVM_VMGEXIT_AP_HLT_LOOP: + case SVM_VMGEXIT_AP_JUMP_TABLE: case SVM_VMGEXIT_UNSUPPORTED_EVENT: break; default: @@ -1770,6 +1774,35 @@ int sev_handle_vmgexit(struct vcpu_svm *svm) control->exit_info_2, svm->ghcb_sa); break; + case SVM_VMGEXIT_AP_HLT_LOOP: + svm->ap_hlt_loop = true; + ret = kvm_emulate_halt(&svm->vcpu); + break; + case SVM_VMGEXIT_AP_JUMP_TABLE: { + struct kvm_sev_info *sev = &to_kvm_svm(svm->vcpu.kvm)->sev_info; + + switch (control->exit_info_1) { + case 0: + /* Set AP jump table address */ + sev->ap_jump_table = control->exit_info_2; + break; + case 1: + /* Get AP jump table address */ + ghcb_set_sw_exit_info_2(ghcb, sev->ap_jump_table); + break; + default: + pr_err("svm: vmgexit: unsupported AP jump table request - exit_info_1=%#llx\n", + control->exit_info_1); + ghcb_set_sw_exit_info_1(ghcb, 1); + ghcb_set_sw_exit_info_2(ghcb, + X86_TRAP_UD | + SVM_EVTINJ_TYPE_EXEPT | + SVM_EVTINJ_VALID); + } + + ret = 1; + break; + } case SVM_VMGEXIT_UNSUPPORTED_EVENT: vcpu_unimpl(&svm->vcpu, "vmgexit: unsupported event - exit_info_1=%#llx, exit_info_2=%#llx\n", @@ -1790,3 +1823,20 @@ int sev_es_string_io(struct vcpu_svm *svm, int size, unsigned int port, int in) return kvm_sev_es_string_io(&svm->vcpu, size, port, svm->ghcb_sa, svm->ghcb_sa_len, in); } + +void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) +{ + struct vcpu_svm *svm = to_svm(vcpu); + + /* First SIPI: Use the values as initially set by the VMM */ + if (!svm->ap_hlt_loop) + return; + + /* + * Subsequent SIPI: Return from an AP Reset Hold VMGEXIT, where + * the guest will set the CS and RIP. Set SW_EXIT_INFO_2 to a + * non-zero value. + */ + ghcb_set_sw_exit_info_2(svm->ghcb, 1); + svm->ap_hlt_loop = false; +} diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 63a609a8abf6..f4b9501fe0ea 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4380,6 +4380,11 @@ static bool svm_apic_init_signal_blocked(struct kvm_vcpu *vcpu) (vmcb_is_intercept(&svm->vmcb->control, INTERCEPT_INIT)); } +static void svm_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) +{ + sev_vcpu_deliver_sipi_vector(vcpu, vector); +} + static void svm_vm_destroy(struct kvm *kvm) { avic_vm_destroy(kvm); @@ -4520,6 +4525,8 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .apic_init_signal_blocked = svm_apic_init_signal_blocked, .msr_filter_changed = svm_msr_filter_changed, + + .vcpu_deliver_sipi_vector = svm_vcpu_deliver_sipi_vector, }; static struct kvm_x86_init_ops svm_init_ops __initdata = { diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 1c1399b9516a..4529c9487c4a 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -68,6 +68,7 @@ struct kvm_sev_info { int fd; /* SEV device fd */ unsigned long pages_locked; /* Number of pages locked */ struct list_head regions_list; /* List of registered regions */ + u64 ap_jump_table; /* SEV-ES AP Jump Table address */ }; struct kvm_svm { @@ -173,6 +174,7 @@ struct vcpu_svm { struct vmcb_save_area *vmsa; struct ghcb *ghcb; struct kvm_host_map ghcb_map; + bool ap_hlt_loop; /* SEV-ES scratch area support */ void *ghcb_sa; @@ -573,5 +575,6 @@ void sev_hardware_teardown(void); void sev_free_vcpu(struct kvm_vcpu *vcpu); int sev_handle_vmgexit(struct vcpu_svm *svm); int sev_es_string_io(struct vcpu_svm *svm, int size, unsigned int port, int in); +void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector); #endif diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 27b9243f2f68..a0eca41eaa33 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -10136,6 +10136,15 @@ void kvm_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) { struct kvm_segment cs; + /* + * Guests with protected state can't have their state altered by KVM, + * call the vcpu_deliver_sipi_vector() x86 op for processing. + */ + if (vcpu->arch.guest_state_protected) { + kvm_x86_ops.vcpu_deliver_sipi_vector(vcpu, vector); + return; + } + kvm_get_segment(vcpu, &cs, VCPU_SREG_CS); cs.selector = vector << 8; cs.base = vector << 12; From patchwork Tue Nov 17 17:07:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11913005 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 79AE5C64E7C for ; Tue, 17 Nov 2020 17:11:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 204B9241A5 for ; Tue, 17 Nov 2020 17:11:59 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="uMuKtZ5o" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729635AbgKQRLw (ORCPT ); Tue, 17 Nov 2020 12:11:52 -0500 Received: from mail-dm6nam11on2052.outbound.protection.outlook.com ([40.107.223.52]:52853 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728630AbgKQRLv (ORCPT ); Tue, 17 Nov 2020 12:11:51 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=japP5x5K8gtSgQJJQ0qYGKo/TBElPZPFaXDGozmRkiwtCBJ/YZ8FQ3+SBdQl7kHRtOKHbnOJCOavK4CH7Ghntz0rtuQUs09TGjd3JSw/V/REBhAWSKILg/WqyxrCsAACJS7eJu8y6FCYLDzMxTkXs++IYfOYT4/m1zV+ZrTWvcJmN9380EuVXr0m26eoO70wNXbR7vwkM/ccF9VOvgQKCWmVXHDIGEFHocDCzADuq59PpYUznqpGbKBlvKGrweKSDYAI5080v6atzZcwd1pYMVHpLL9TdksQn72UUQImGmG164Ol4Ah/g6uTgHm18qLtlR93mDOjLVd4THSC+Q3Pqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1poqP85zmmUwcjc7dbgs8Xdz21IgQcCeqBkzA9v6IbQ=; b=Nd3/JqqFistUjUA/vf17ytDgNxZik0/nqOaYXB3rkByzfHPQawwuOTKVMoLRzFRp/G5dgJ3WvlnSPiiopCQcUYD1i9DE7ze9bvvhJOIjTDQOPetsQxaGszdcukGo0DTuaq5wLSwXAZVjEo6d1VDCPCHD/rtfm7e6RgUu8/PsQDkLhrBfE0hoewMHVQpc9nXtqdx8V0r2W5Nt3mY9u/t06YK7viYaBhB8wqtHDWLITOzeUvbWEgBlVZTgoCEzmmfeSoY37hr29LdlrsQiEhH6Cliye60mD6v5emzV4Zbk6hRmgiiQFdZQ6JzP1j26gMFhfcG7smAJG0h3C91UMeXO1w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1poqP85zmmUwcjc7dbgs8Xdz21IgQcCeqBkzA9v6IbQ=; b=uMuKtZ5one5O5TLyFtyCz296q6cPMOgS4Ovu0rrAt0cSMkSD4CC/t/vyakSL6+VntIMEwnOxom+9AREuNhKN2t7Jc2Vg3xTC8MOuIl8C9I/zHocxP/bc/ZvSSmS/zvWyG6/kzdnp4W+fHpDOyMSia0ECBzDIfPbRB4Vtvi3Iw3k= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:11:47 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:11:47 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 28/34] KVM: SVM: Add NMI support for an SEV-ES guest Date: Tue, 17 Nov 2020 11:07:31 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN6PR05CA0025.namprd05.prod.outlook.com (2603:10b6:805:de::38) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SN6PR05CA0025.namprd05.prod.outlook.com (2603:10b6:805:de::38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.15 via Frontend Transport; Tue, 17 Nov 2020 17:11:46 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 7b162876-e37a-43b3-280b-08d88b1bdd67 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: f7huTq/PiiuCRKZ1oLivso9b+QWcYwqhfIBxcioUNHAt9YrcNCikB+lCv62BdxOd5yzLQXE8kiHaIxrYkBS6NwqfjJGfmVVvMySUBRMN/+GiAsSlqL8KJc5HfJrDlU4NhNfIr2ByK3aNsgZK5GsWKa7HGM1KWN1H1gfuhtLldXFnyA45xiESiZeQu29cAAvc0T3bNnYBQkFc6DKbtG4MASiSLTmhUEx4RSK9WuQsqKFwqUsZkL6LtW3oVmEwvEy/y+jFSwBWgvkp6LRzm20oqLGMzpxHMP6USQfUY1I7SmuV99p8rEAXEXLVM1E1MD94YvoiKkItPeWayoCGOAhF6w== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: 69XH6MtoInUg4Tj6a3CMfpCcN0pfFhZsffycklklKzKs/xYk2//lmsljjMcB0Tp0hDioic/GQGueCccgUCq/rgP99U+6cGNEPnOUSJmn6azl+0Hg2GlXbw9Y/+QUEe12cNLAu2/JDol9iXQPKkxkT46MnGlis6mpzCKZOhT2dFcrsDyGyH6juWlUeX8ahtwno05GTr+JiUt93ufeZZfG0GUIeN1BMyzUK8PZmGlOud5uGWxR6NWZajnLC3ADC/fft/eRRNcgAJj18QO7pTNT7l+I77HwsZyCPgpZKCpefnGO8jil/dzuskz+F/TWsWTbH0kAROYJjL3pzvxbLukDFjscoaP/K79Xy+wKanD4OE63y1ENmo42MAj1CyA1WyHYZKyVmhVueFcZMzBXzefDiuQIGB1d9PaWAH5zTcAlFeHadl75fAoVnoHV1KxnzEigAZ8G5yjj4btyvpU4tJe9TXJJfyTr6Yp4DFvIJXt/pEo9BBqbJZYDIszUwQbVCnVEmEbTZ8OY7Ce2P1yQK7kuACxRNLLq4mXQZPTwrZacpfIV0Zxz3xjpOELJ98zXZV2wF/3Wu8yaaR5hN6SHcNcYM4ax9mzMY2SLtt5bUy4eQ9ms+w8Wp4QySDnUPbSprBVDRsjOeHhfzwWGshMc+qOrlw== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7b162876-e37a-43b3-280b-08d88b1bdd67 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:11:46.9727 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: qaDlpbhvikHNYNB4uyNHQD1TtmUXaAdzZr6IPW5h/2iiw2BhwthxjeT5358gyrKqEe8hUxTaf4uVTwsBfytmkA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky The GHCB specification defines how NMIs are to be handled for an SEV-ES guest. To detect the completion of an NMI the hypervisor must not intercept the IRET instruction (because a #VC while running the NMI will issue an IRET) and, instead, must receive an NMI Complete exit event from the guest. Update the KVM support for detecting the completion of NMIs in the guest to follow the GHCB specification. When an SEV-ES guest is active, the IRET instruction will no longer be intercepted. Now, when the NMI Complete exit event is received, the iret_interception() function will be called to simulate the completion of the NMI. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 4 ++++ arch/x86/kvm/svm/svm.c | 20 +++++++++++++------- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index b47285384b1f..486c5609fa25 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1451,6 +1451,7 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) if (!ghcb_sw_scratch_is_valid(ghcb)) goto vmgexit_err; break; + case SVM_VMGEXIT_NMI_COMPLETE: case SVM_VMGEXIT_AP_HLT_LOOP: case SVM_VMGEXIT_AP_JUMP_TABLE: case SVM_VMGEXIT_UNSUPPORTED_EVENT: @@ -1774,6 +1775,9 @@ int sev_handle_vmgexit(struct vcpu_svm *svm) control->exit_info_2, svm->ghcb_sa); break; + case SVM_VMGEXIT_NMI_COMPLETE: + ret = svm_invoke_exit_handler(svm, SVM_EXIT_IRET); + break; case SVM_VMGEXIT_AP_HLT_LOOP: svm->ap_hlt_loop = true; ret = kvm_emulate_halt(&svm->vcpu); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index f4b9501fe0ea..bb6b624c0d12 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2335,9 +2335,11 @@ static int cpuid_interception(struct vcpu_svm *svm) static int iret_interception(struct vcpu_svm *svm) { ++svm->vcpu.stat.nmi_window_exits; - svm_clr_intercept(svm, INTERCEPT_IRET); svm->vcpu.arch.hflags |= HF_IRET_MASK; - svm->nmi_iret_rip = kvm_rip_read(&svm->vcpu); + if (!sev_es_guest(svm->vcpu.kvm)) { + svm_clr_intercept(svm, INTERCEPT_IRET); + svm->nmi_iret_rip = kvm_rip_read(&svm->vcpu); + } kvm_make_request(KVM_REQ_EVENT, &svm->vcpu); return 1; } @@ -3350,7 +3352,8 @@ static void svm_inject_nmi(struct kvm_vcpu *vcpu) svm->vmcb->control.event_inj = SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_NMI; vcpu->arch.hflags |= HF_NMI_MASK; - svm_set_intercept(svm, INTERCEPT_IRET); + if (!sev_es_guest(svm->vcpu.kvm)) + svm_set_intercept(svm, INTERCEPT_IRET); ++vcpu->stat.nmi_injections; } @@ -3434,10 +3437,12 @@ static void svm_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked) if (masked) { svm->vcpu.arch.hflags |= HF_NMI_MASK; - svm_set_intercept(svm, INTERCEPT_IRET); + if (!sev_es_guest(svm->vcpu.kvm)) + svm_set_intercept(svm, INTERCEPT_IRET); } else { svm->vcpu.arch.hflags &= ~HF_NMI_MASK; - svm_clr_intercept(svm, INTERCEPT_IRET); + if (!sev_es_guest(svm->vcpu.kvm)) + svm_clr_intercept(svm, INTERCEPT_IRET); } } @@ -3615,8 +3620,9 @@ static void svm_complete_interrupts(struct vcpu_svm *svm) * If we've made progress since setting HF_IRET_MASK, we've * executed an IRET and can allow NMI injection. */ - if ((svm->vcpu.arch.hflags & HF_IRET_MASK) - && kvm_rip_read(&svm->vcpu) != svm->nmi_iret_rip) { + if ((svm->vcpu.arch.hflags & HF_IRET_MASK) && + (sev_es_guest(svm->vcpu.kvm) || + kvm_rip_read(&svm->vcpu) != svm->nmi_iret_rip)) { svm->vcpu.arch.hflags &= ~(HF_NMI_MASK | HF_IRET_MASK); kvm_make_request(KVM_REQ_EVENT, &svm->vcpu); } From patchwork Tue Nov 17 17:07:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11913009 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D65FCC56202 for ; Tue, 17 Nov 2020 17:12:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7AD5424248 for ; Tue, 17 Nov 2020 17:12:56 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="XYJDyhlb" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729681AbgKQRMA (ORCPT ); Tue, 17 Nov 2020 12:12:00 -0500 Received: from mail-dm6nam11on2042.outbound.protection.outlook.com ([40.107.223.42]:28289 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729568AbgKQRL7 (ORCPT ); Tue, 17 Nov 2020 12:11:59 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mD+V/FcZbPUJohSZQpogmbWOUY4JfPOPkDCsp6wtXRHZNyp7hVQoTxXNJpoSt4VQRLrmTpEAXtyYuaMpkG1rEoF8Tq0uH5oOiEtPv4mAuQAlSTSxUPyMjk0Pp9/SwhtBV8G0SsRXJznKgellMeWOxtHoH/PKPDEE9P0FC3bmHFTJFy/IDTeHHcCpOGPlv3iKMdcmWkj2lnNN5ai54cykuEfWYk8buB7IskkCCfT/9vPmceSpNnUbqCpfIHj2Ciou0Klc5eUGx1oVBBY6Ts0avNvsvh+F67gGPWDuVfyJUj1KilqswXuagACQ9NoDQWi5zuPFcEqo38BWrnY6sfMIqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iy1FljenhRMQMsLrSMlg44h32V/5GYmYNRxIrgyuJIs=; b=Efr7RnU83JXluWbmW7Hzm5atW6XTdiQ8N/2B8vqMdlKjbKHGgg4QE896Hqt4tDqxmcx48jqdiU8miedaeUWQoU4xGtD4yzO4ThoP9kY6kWkPh98TeZZw+p3UwamAyU6gotNd24QaS44ndXGLMTCpaCkdRCMfPiXyfP2O5c8Bkxtaoj2KgqHLohWP2AsFLz+waUgwwYZgF6hBZBGP05RTIgTPBliJofsib1AFFRhEeDUNz6Dc3A6UAHhjEFwxzIn/iCSr3NY1UhKRqV0Mr3eOSMz5fiyhUKuWwVbAbBrDXs98TBtA0sqRjyfOLfS0WX3LToJR0UfCCeJGWF4F021SLA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iy1FljenhRMQMsLrSMlg44h32V/5GYmYNRxIrgyuJIs=; b=XYJDyhlbgEQ59tvJb2AJSChg2nH2foSNSJfjU3yBo0dnO0/dTS6nQjgNqduUdzhoSP/3eRKWv/cxUOY+cuFnMm69EI5ihhmRZlOWrnt5DyrkvA0jfTNpRaCFVE/ha549SwuSJM9JDxjCWRv6OtWMeOL5vO0nMGtXd2Xzhi91Vd0= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:11:55 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:11:55 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 29/34] KVM: SVM: Set the encryption mask for the SVM host save area Date: Tue, 17 Nov 2020 11:07:32 -0600 Message-Id: <09faf62d4d84d3ba87e00e83cca70526e88bfe96.1605632857.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0080.namprd11.prod.outlook.com (2603:10b6:806:d2::25) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SA0PR11CA0080.namprd11.prod.outlook.com (2603:10b6:806:d2::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.28 via Frontend Transport; Tue, 17 Nov 2020 17:11:54 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 6a9f8812-afe8-45e9-c112-08d88b1be23f X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1091; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: xXWZZN4gcNkAFgkDnQqmnzwQeu/7AEMn7exCCVprR8pwghfF3pUniWJsBaW1wXxk92NAdh3F9JhS55Bbg8HYruC4B6uJjz01BOGRof3oB8pitc3ZbhX8Urpm4ttnKgii4S1VFywdTBVeifplP8JHAdj8RXgwN5a22muufYMGW+fdluMwZ/XG4Z2Dli/E14q795bYMx297Gj7UZoGs3Mv1qtSeHbr63QuEh/6td/qwiU2LvXInMtBr5JH6V/Ln53YPCdEiuB3NbHgxms0MnHensFMM8t2mWlIuUCvIl68HNiNMPnKkAFEuLrEwmKdfXPJeTR48zojrLMRktUXugLiaw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: Ylx3pngpb/yQTVFpipuXF4kQctOFFNB5+sPNGsD2YxbApaAKDeo6p7Wf/HM76vQwg69YYik9N42arm3npaZWKoyhn5LPbo9SiW4KKbnZ6HE3ryF+2VzwDxt6jjKGfRNpHra6XgwRpPM1oH7N+2coWS2rC9D2l4bp0xlYjcsyLGCNp99jJ7KWbOavBtgXk10qJMrpLBNeVo7HLkPIj54WuIZoWMTDO3nf7m1HN7fVuCxmJsZx8dKKORWLIww4nOmY+SlLQYhb3XeFUnDGF9Hnfi3AOREmEDD5NTwmdAut691p6OFkP/nEXhrmW+okSM/o8hsWYLEV7iJDG5+Gv1XIfq1DNNUnFsgP+WKXtjO889Tf1cMxrECli9ijEl7cxdJHp0c+winlHhuE/GFeHONP/uoIeV6hwxDk1q5MkmCoKoksqm9JXNyVbnZ2DfGLcvJND9BBsPabbksWMaO1bltHBCO4KfjRWm86jdDxoFY47a7y1rlWRq0Q0owWzM6fVFCi3sBNQt6Q/zk5QgcQyey3ibK7nq5T9zR/8O3YupB4+8jGLhBDrgPvn2IMMLn8yqrqTLiC6KGdaxx3RlGV1VOETRPf4axKSm+wyBYTrZdLb6K4fgCmrD2hlX/4MwZMVvQtmvXZrCY6EFhaj1jfTW29Ww== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6a9f8812-afe8-45e9-c112-08d88b1be23f X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:11:55.1550 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: C8mpKTW7ZkOPxL3qqx+loImH20j7uToS+L1Kxahs35uV+4HrhD+YUj0PUotQkrm5G5JsMd7chZ3GSpT4gNcW3Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky The SVM host save area is used to restore some host state on VMEXIT of an SEV-ES guest. After allocating the save area, clear it and add the encryption mask to the SVM host save area physical address that is programmed into the VM_HSAVE_PA MSR. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 1 - arch/x86/kvm/svm/svm.c | 3 ++- arch/x86/kvm/svm/svm.h | 2 ++ 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 486c5609fa25..4797a6768eaf 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -32,7 +32,6 @@ unsigned int max_sev_asid; static unsigned int min_sev_asid; static unsigned long *sev_asid_bitmap; static unsigned long *sev_reclaim_asid_bitmap; -#define __sme_page_pa(x) __sme_set(page_to_pfn(x) << PAGE_SHIFT) struct enc_region { struct list_head list; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index bb6b624c0d12..99869d781b98 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -498,7 +498,7 @@ static int svm_hardware_enable(void) wrmsrl(MSR_EFER, efer | EFER_SVME); - wrmsrl(MSR_VM_HSAVE_PA, page_to_pfn(sd->save_area) << PAGE_SHIFT); + wrmsrl(MSR_VM_HSAVE_PA, __sme_page_pa(sd->save_area)); if (static_cpu_has(X86_FEATURE_TSCRATEMSR)) { wrmsrl(MSR_AMD64_TSC_RATIO, TSC_RATIO_DEFAULT); @@ -566,6 +566,7 @@ static int svm_cpu_init(int cpu) sd->save_area = alloc_page(GFP_KERNEL); if (!sd->save_area) goto free_cpu_data; + clear_page(page_address(sd->save_area)); if (svm_sev_enabled()) { sd->sev_vmcbs = kmalloc_array(max_sev_asid + 1, diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 4529c9487c4a..95be2ba08a01 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -21,6 +21,8 @@ #include +#define __sme_page_pa(x) __sme_set(page_to_pfn(x) << PAGE_SHIFT) + static const u32 host_save_user_msrs[] = { #ifdef CONFIG_X86_64 MSR_STAR, MSR_LSTAR, MSR_CSTAR, MSR_SYSCALL_MASK, MSR_KERNEL_GS_BASE, From patchwork Tue Nov 17 17:07:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11913013 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 20317C63697 for ; Tue, 17 Nov 2020 17:12:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E8B56238E6 for ; Tue, 17 Nov 2020 17:12:56 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="yBFO0b51" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728709AbgKQRMK (ORCPT ); Tue, 17 Nov 2020 12:12:10 -0500 Received: from mail-dm6nam12on2057.outbound.protection.outlook.com ([40.107.243.57]:47201 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728598AbgKQRMI (ORCPT ); Tue, 17 Nov 2020 12:12:08 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Yt9czJ6pqEbjpjbp25EMbmewSIQbkWNareP3JiRnA9sAr398xS4fXb8oqarrgNrIgUsfM17DXIA2CCrA2p5Q9DkcW3YKd/oBvZPgFxV19rGQfqeVLjzhuSilc4N0TLi3T3yi/VjwRShcBrexWaGgvgonslGwRc09ZR09Oa6Xr1Wf6we7eWJVyIhY9wCdMW033W94ff4ldH1IOFLWGhJyrCdFY8/zb7ZdNFZzlsSw8HEmiswOepTwFRn05ATro5MCrlEv1ouOUhoc22K8QMlogc3rgAJpWnN5pnKg6u/1aBR6Aed/QHmQMBB50VYIY336HT7kQIS7ooXpt/nSHO8Qjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Rdrg9xdmCo1Mi+20Ub/bjG9z6mIYPEDGliwugujXITg=; b=iz2FxDOoFN3+Ef0oI3Lk0K3Wk83/EnqHyNAKyBSzgKBMVzfJOLj36ivpi1CYnlXeBtxgD3Fqo5jlAIfmPLt6mlu/Np+jpTGg2tbxnHXvup9dmw9Qyvs9ir9lv7+0Qu1uW93EOQxPcBCitoWMlrSkpZivaceaJB3q5uR1QvlrZKyOrKuS6f6CcuOipATxx6cE1aSOk9UexlO+5gwFJW3JseqxLsVS4krQyhM4vMtuRMJpGUMHjTt/FrXkzy4rGLbpW7Uob4Mx6B1MKi8KG9hOMhyqXSzqqXlKn5YClBIHWF3JQmaRJXPe4xP3msEINyYGD/6wnUjgLC/aRcly6RWJgA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Rdrg9xdmCo1Mi+20Ub/bjG9z6mIYPEDGliwugujXITg=; b=yBFO0b51mKZFJpksdi+4f0zBC3hTPGN8FiStPvZCpPj9CkZg4I09eBQaGby+eEP1WEVJyInb4Ze0cwNBeFpaem2f9U1bRJAaGElXgnGnKoBOEzaWlmrO64k8b4juZ38SrHDOkExhoSo0ri6nLVelKITEDrwjsqNhvgS2ZyLCcnQ= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:12:03 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:12:03 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 30/34] KVM: SVM: Update ASID allocation to support SEV-ES guests Date: Tue, 17 Nov 2020 11:07:33 -0600 Message-Id: <1a7362f8a5fb643689d935f5a252983ad0f482c2.1605632857.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR13CA0134.namprd13.prod.outlook.com (2603:10b6:806:27::19) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SA9PR13CA0134.namprd13.prod.outlook.com (2603:10b6:806:27::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.15 via Frontend Transport; Tue, 17 Nov 2020 17:12:02 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 109d203c-fcf4-4743-969d-08d88b1be720 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: HF2XmdE+ir/2cRPBF3vlPiQUCYqIWG10z0OMDgu+GBahV9xNFUdoGAWXdLtwhOHLuruqlseZoDxZAIMz5OtNvoG2suBuTeHnPdPVl7i8hiOV27jb69WModsuI/ZC6w7q/JG38T5podhBOTjuU7tNdyoCiPe1HUr/vzFGU4GcBrUefTB1C1uEh6Rnz23AuoFrFlZW+deFZvNHszgTc26cisX4uatUzp6njpx3IqLI0xg6Kpwk1+qJQGa+lT9keodAUXjVbxtjk5ecWyWXlIgdOn3ZPASythEcZ6O2FkwOs2Wxd7W2Qn8vWqPwPnUn7B7TiNx0rD33u0NY/M9qYTV2EQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(15650500001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: pxI/BWyDA93rCovbJicpFGSqS3unky8+A/Kx/zF1lx5zp2ef6JtTGlh2teiIe+bxu8VWc2DrHS10bTYv5VCfwYc0+BRX4JSQT34s/gNkVfaZ5klsvLvvuXeWV52uUi7QuJKLKeLPIljiYA70frqWMHYlDNEuPhSxr2ZjC5+xbh9bYwRRinpJJkrdVCnw4LsvqLmxxpSGIX+BsD9Ni9723hxYBC4Eg5ZP579zegiNCPs92rJjypGSMPOxKjYVrcfK/4xY1v+3JNUKZuWib1+yJLiaBdhDy7SvZ6s6oqmZTNqWP3e9RYg91S37y/kjB/3tXnZgxeRm/CMZdfJDSnG+9ufkHMURLIDd3qGqE7qWSF+obqk+V8Ng9/e0OZ4GnW5ZesdX1tfHnJasG93ohUySgmyqPSXc1eZ9E3Mtstd9NEaxkls7kcckbo4pwlQCrBP/EPAETCaPKtxzcXYh8XEMSIYzOsVCw4JKYvEVRToP8QeWsDoRTOXj9j6G5exVLgBLhpBWjZPsB+KYKMMj34wegMulf5+UlpJDc447U3rUe7ItdKnkm3khwJWvERin4iesLk/lsYQyg/v8SaMBnRycAxp7K9ExDZyu/vVb29ZkqB9JPAM3uHQdovhK/sx6qSpV/BnpDe0OoFKIiz/cLztKiw== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 109d203c-fcf4-4743-969d-08d88b1be720 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:12:03.3544 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: A2lrDAK5YuvN0C4JizuvyJlJE1EDU07WSfda3ORpRd588yemz60/r3uUnXJXtLvQbnhnmqnovWBlXUXRmaYBSg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky SEV and SEV-ES guests each have dedicated ASID ranges. Update the ASID allocation routine to return an ASID in the respective range. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 4797a6768eaf..bb6f069464cf 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -63,19 +63,19 @@ static int sev_flush_asids(void) } /* Must be called with the sev_bitmap_lock held */ -static bool __sev_recycle_asids(void) +static bool __sev_recycle_asids(int min_asid, int max_asid) { int pos; /* Check if there are any ASIDs to reclaim before performing a flush */ - pos = find_next_bit(sev_reclaim_asid_bitmap, - max_sev_asid, min_sev_asid - 1); - if (pos >= max_sev_asid) + pos = find_next_bit(sev_reclaim_asid_bitmap, max_sev_asid, min_asid); + if (pos >= max_asid) return false; if (sev_flush_asids()) return false; + /* The flush process will flush all reclaimable SEV and SEV-ES ASIDs */ bitmap_xor(sev_asid_bitmap, sev_asid_bitmap, sev_reclaim_asid_bitmap, max_sev_asid); bitmap_zero(sev_reclaim_asid_bitmap, max_sev_asid); @@ -83,20 +83,23 @@ static bool __sev_recycle_asids(void) return true; } -static int sev_asid_new(void) +static int sev_asid_new(struct kvm_sev_info *sev) { + int pos, min_asid, max_asid; bool retry = true; - int pos; mutex_lock(&sev_bitmap_lock); /* - * SEV-enabled guest must use asid from min_sev_asid to max_sev_asid. + * SEV-enabled guests must use asid from min_sev_asid to max_sev_asid. + * SEV-ES-enabled guest can use from 1 to min_sev_asid - 1. */ + min_asid = sev->es_active ? 0 : min_sev_asid - 1; + max_asid = sev->es_active ? min_sev_asid - 1 : max_sev_asid; again: - pos = find_next_zero_bit(sev_asid_bitmap, max_sev_asid, min_sev_asid - 1); - if (pos >= max_sev_asid) { - if (retry && __sev_recycle_asids()) { + pos = find_next_zero_bit(sev_asid_bitmap, max_sev_asid, min_asid); + if (pos >= max_asid) { + if (retry && __sev_recycle_asids(min_asid, max_asid)) { retry = false; goto again; } @@ -178,7 +181,7 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) if (unlikely(sev->active)) return ret; - asid = sev_asid_new(); + asid = sev_asid_new(sev); if (asid < 0) return ret; From patchwork Tue Nov 17 17:07:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11913015 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9469DC64E7A for ; Tue, 17 Nov 2020 17:12:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6969E24248 for ; Tue, 17 Nov 2020 17:12:57 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="bv2m1mqB" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729568AbgKQRMR (ORCPT ); Tue, 17 Nov 2020 12:12:17 -0500 Received: from mail-dm6nam11on2050.outbound.protection.outlook.com ([40.107.223.50]:35201 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727443AbgKQRMQ (ORCPT ); Tue, 17 Nov 2020 12:12:16 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ACjJGS06Lz8PlQvAaugraQyPdmaGn0eGYH1iHZfJi9zLtvTjjWXBqODkZ0sSgCIEOXfjJd3THPuJTm6DxTJfDvjnv0ao9AUXXCJaY7o+fqdg5dDHhOX+ytCYHzDOUVO5gUv+ls4ZsnRrW5mrWEcVsvhGkbmOVmyRWL8muROyvRWkHnGzIszxEOclVmikv0CMuImvpu2fUqeFtiWAR+uxs+bqkXty0RF2jRORtCL2d88Z3gwxoqiEN1ZJ8oeVB99+h6+mUE6HDscDidzMwEOk2HhRDRn07b36SIcYFq4i+Sx6/XMZh7kjHrV8ZIC3039pnGng78LwquU/Frw2WdogHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AqOwdO5wCfJTS66akcpIhlbl+M89RcyOUi5kfFZ2kiQ=; b=GCwzw8aUkPzqtLEyslKXfnl0pfDDHUNsjGJz5Y4AJA1oGAgo7WJCVHEehmoCcAaQKMl8rKF0ac8yiMC9DBRzqqKss2XDTEZUP3nz3wK9x4MT/i6D/WtvRxpJuOCQVpX6yYPP5pwqY50Sjqa2YpWIxtXBl8hlCu+EbMKmF//iu9iSGdomTtdErSPseh4e7eFMOXCzW5XkrWwZMN2mOI5DokZ8Lkag9MoEjRiaeb/T4BIrTgpdL1DHYOoi3GwOov1zinef4XzzAhcK+egusZvlf8kBtTGk0UfqIw7nYI1LpV7n5BAEA1AWhf3WKO/vjNyZUtLEw+oCHLpHcy4TSymStw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AqOwdO5wCfJTS66akcpIhlbl+M89RcyOUi5kfFZ2kiQ=; b=bv2m1mqB8cIDsrf8IoBHTnFOwlB/Cq4ym4FKsNdSQCA/nxwk+XPRxWnf51cA82/yCJvk4mzEk0RZUUFx4mkxCtNQT/nnOwBbAlpZW8/Xk9QNo4lteP8CBWAx3177k6O5cEsHblR6zPRRSn1l9sByrY6hmjUmXnU0dYPTQekljG0= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:12:11 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:12:11 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 31/34] KVM: SVM: Provide support for SEV-ES vCPU creation/loading Date: Tue, 17 Nov 2020 11:07:34 -0600 Message-Id: <762257fad50ddd295182fa1b761f29ca32839bd0.1605632857.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0501CA0148.namprd05.prod.outlook.com (2603:10b6:803:2c::26) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SN4PR0501CA0148.namprd05.prod.outlook.com (2603:10b6:803:2c::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.14 via Frontend Transport; Tue, 17 Nov 2020 17:12:10 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: dc653856-39fa-4c3d-dd2f-08d88b1bebfa X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 9dnodc4Ix9cJnp/1M7luEma2Voeybrzm/12ah/bFCYCa6OKPieONv/5BPGz55zeyp5esubHpiueICPQ8zRM+qDS9J7EMjxpwXnjAsYmCEnU5/n9YsJc+myTL9jbrB3cFt5QYYhGQBKLail/JWjIIuuyYWGl8VWMt0WHkQIF5syEXnc+GgUjkOz27QTiYvWkOwLVaFiPU9/uCSnc7sj6RY1wo222qdK0IyCTps3l8fy30JtnNxHHkliMp2Z+AAguHqSwfmQLPOvzHtf4fPkW0CKIcqmnJd8Psxi8yo4aD1ItnY2UTdiSd+0VbDdd/eab7qlVpHNAOL6Kjiz8Z2HspxA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: ITjbxf2xKOi+oAoxO0OCLb7831NxX2U5t6A3cJ03I4P1ot/o92vkW3NDfnnMB/ye2mAYlW0In/3WFsJHh+JtRYq3pploMGh1Nn6xyMkKfYh7Xy62OYDT3ExwKteuIOTV63NRAUVVFycLXjLEFfHuw9noOaTQmyfOnjEIoWyIe6bHYx4msJoPIXOcgIJ2cTsixHjPzvecwQr3A7hdjq3DdULBQtFmcF3AKnZ2/BxPf2ZtTinjTboQbaOsSdWSod3EI7+xNwcWSBTqB0NKLNMKh2ww/lNzBmIGQl416KX83QoMiJjltkZCuYPDz4Wps+36RuFMMC+OIN0if+/QXUPszVIqfAJirMjlEukJ3rO9KG8XIolO4E6FSny1pvma+oogqsA4y5jb14iK/hTBhlKgXdy279FAOomlP7G7CPgddu0p1bIRGBDV5Z2WQLwiwCEGX3plGVg9eL+UL9iaGF86yGoYcPw1yYhlXSSawFRWdiups1c6eCgDgLj2NS84wJu3nF41H+Zt4K9pBv4ClK1V4UNovcB8F6VYipTavtyqXXmL/OpmohvvrGAMAhmYUdwET3d9OvsvJkh1aEo06I5eGmaqOZcUKCR0sxxKYHyNgWrPpkWQybxkaey8vunVVd4XkI1FjhLP6mSd4W//FwhHkA== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: dc653856-39fa-4c3d-dd2f-08d88b1bebfa X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:12:11.4398 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: YwsdKcbxEnVIPcvhll03ZPNsgsn3Ty0p6hyUjhiazDrDRE22QkKtxKtrcLHIdWXWAdScZiWWhGHJ1tef+v/wIw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky An SEV-ES vCPU requires additional VMCB initialization requirements for vCPU creation and vCPU load/put requirements. This includes: General VMCB initialization changes: - Set a VMCB control bit to enable SEV-ES support on the vCPU. - Set the VMCB encrypted VM save area address. - CRx registers are part of the encrypted register state and cannot be updated. Remove the CRx register read and write intercepts and replace them with CRx register write traps to track the CRx register values. - Certain MSR values are part of the encrypted register state and cannot be updated. Remove certain MSR intercepts (EFER, CR_PAT, etc.). - Remove the #GP intercept (no support for "enable_vmware_backdoor"). - Remove the XSETBV intercept since the hypervisor cannot modify XCR0. General vCPU creation changes: - Set the initial GHCB gpa value as per the GHCB specification. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/svm.h | 15 +++++++++- arch/x86/kvm/svm/sev.c | 56 ++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 20 ++++++++++++-- arch/x86/kvm/svm/svm.h | 6 +++- 4 files changed, 92 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index caa8628f5fba..a57331de59e2 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -98,6 +98,16 @@ enum { INTERCEPT_MWAIT_COND, INTERCEPT_XSETBV, INTERCEPT_RDPRU, + TRAP_EFER_WRITE, + TRAP_CR0_WRITE, + TRAP_CR1_WRITE, + TRAP_CR2_WRITE, + TRAP_CR3_WRITE, + TRAP_CR4_WRITE, + TRAP_CR5_WRITE, + TRAP_CR6_WRITE, + TRAP_CR7_WRITE, + TRAP_CR8_WRITE, /* Byte offset 014h (word 5) */ INTERCEPT_INVLPGB = 160, INTERCEPT_INVLPGB_ILLEGAL, @@ -144,6 +154,8 @@ struct __attribute__ ((__packed__)) vmcb_control_area { u8 reserved_6[8]; /* Offset 0xe8 */ u64 avic_logical_id; /* Offset 0xf0 */ u64 avic_physical_id; /* Offset 0xf8 */ + u8 reserved_7[8]; + u64 vmsa_pa; /* Used for an SEV-ES guest */ }; @@ -198,6 +210,7 @@ struct __attribute__ ((__packed__)) vmcb_control_area { #define SVM_NESTED_CTL_NP_ENABLE BIT(0) #define SVM_NESTED_CTL_SEV_ENABLE BIT(1) +#define SVM_NESTED_CTL_SEV_ES_ENABLE BIT(2) struct vmcb_seg { u16 selector; @@ -295,7 +308,7 @@ struct ghcb { #define EXPECTED_VMCB_SAVE_AREA_SIZE 1032 -#define EXPECTED_VMCB_CONTROL_AREA_SIZE 256 +#define EXPECTED_VMCB_CONTROL_AREA_SIZE 272 #define EXPECTED_GHCB_SIZE PAGE_SIZE static inline void __unused_size_checks(void) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index bb6f069464cf..e34d3a6dba80 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1846,3 +1846,59 @@ void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) ghcb_set_sw_exit_info_2(svm->ghcb, 1); svm->ap_hlt_loop = false; } + +void sev_es_init_vmcb(struct vcpu_svm *svm) +{ + struct kvm_vcpu *vcpu = &svm->vcpu; + + svm->vmcb->control.nested_ctl |= SVM_NESTED_CTL_SEV_ES_ENABLE; + svm->vmcb->control.virt_ext |= LBR_CTL_ENABLE_MASK; + + /* + * An SEV-ES guest requires a VMSA area that is a separate from the + * VMCB page. Do not include the encryption mask on the VMSA physical + * address since hardware will access it using the guest key. + */ + svm->vmcb->control.vmsa_pa = __pa(svm->vmsa); + + /* Can't intercept CR register access, HV can't modify CR registers */ + svm_clr_intercept(svm, INTERCEPT_CR0_READ); + svm_clr_intercept(svm, INTERCEPT_CR4_READ); + svm_clr_intercept(svm, INTERCEPT_CR8_READ); + svm_clr_intercept(svm, INTERCEPT_CR0_WRITE); + svm_clr_intercept(svm, INTERCEPT_CR4_WRITE); + svm_clr_intercept(svm, INTERCEPT_CR8_WRITE); + + svm_clr_intercept(svm, INTERCEPT_SELECTIVE_CR0); + + /* Track EFER/CR register changes */ + svm_set_intercept(svm, TRAP_EFER_WRITE); + svm_set_intercept(svm, TRAP_CR0_WRITE); + svm_set_intercept(svm, TRAP_CR4_WRITE); + svm_set_intercept(svm, TRAP_CR8_WRITE); + + /* No support for enable_vmware_backdoor */ + clr_exception_intercept(svm, GP_VECTOR); + + /* Can't intercept XSETBV, HV can't modify XCR0 directly */ + svm_clr_intercept(svm, INTERCEPT_XSETBV); + + /* Clear intercepts on selected MSRs */ + set_msr_interception(vcpu, svm->msrpm, MSR_EFER, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_CR_PAT, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHFROMIP, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHTOIP, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTFROMIP, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTTOIP, 1, 1); +} + +void sev_es_create_vcpu(struct vcpu_svm *svm) +{ + /* + * Set the GHCB MSR value as per the GHCB specification when creating + * a vCPU for an SEV-ES guest. + */ + set_ghcb_msr(svm, GHCB_MSR_SEV_INFO(GHCB_VERSION_MAX, + GHCB_VERSION_MIN, + sev_enc_bit)); +} diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 99869d781b98..252e10de0950 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -91,7 +91,7 @@ static DEFINE_PER_CPU(u64, current_tsc_ratio); static const struct svm_direct_access_msrs { u32 index; /* Index of the MSR */ - bool always; /* True if intercept is always on */ + bool always; /* True if intercept is initially cleared */ } direct_access_msrs[MAX_DIRECT_ACCESS_MSRS] = { { .index = MSR_STAR, .always = true }, { .index = MSR_IA32_SYSENTER_CS, .always = true }, @@ -109,6 +109,9 @@ static const struct svm_direct_access_msrs { { .index = MSR_IA32_LASTBRANCHTOIP, .always = false }, { .index = MSR_IA32_LASTINTFROMIP, .always = false }, { .index = MSR_IA32_LASTINTTOIP, .always = false }, + { .index = MSR_EFER, .always = false }, + { .index = MSR_IA32_CR_PAT, .always = false }, + { .index = MSR_AMD64_SEV_ES_GHCB, .always = true }, { .index = MSR_INVALID, .always = false }, }; @@ -677,8 +680,8 @@ static void set_msr_interception_bitmap(struct kvm_vcpu *vcpu, u32 *msrpm, msrpm[offset] = tmp; } -static void set_msr_interception(struct kvm_vcpu *vcpu, u32 *msrpm, u32 msr, - int read, int write) +void set_msr_interception(struct kvm_vcpu *vcpu, u32 *msrpm, u32 msr, + int read, int write) { set_shadow_msr_intercept(vcpu, msr, read, write); set_msr_interception_bitmap(vcpu, msrpm, msr, read, write); @@ -1263,6 +1266,11 @@ static void init_vmcb(struct vcpu_svm *svm) if (sev_guest(svm->vcpu.kvm)) { svm->vmcb->control.nested_ctl |= SVM_NESTED_CTL_SEV_ENABLE; clr_exception_intercept(svm, UD_VECTOR); + + if (sev_es_guest(svm->vcpu.kvm)) { + /* Perform SEV-ES specific VMCB updates */ + sev_es_init_vmcb(svm); + } } vmcb_mark_all_dirty(svm->vmcb); @@ -1356,6 +1364,10 @@ static int svm_create_vcpu(struct kvm_vcpu *vcpu) svm_init_osvw(vcpu); vcpu->arch.microcode_version = 0x01000065; + if (sev_es_guest(svm->vcpu.kvm)) + /* Perform SEV-ES specific VMCB creation updates */ + sev_es_create_vcpu(svm); + return 0; error_free_vmsa_page: @@ -1451,6 +1463,7 @@ static void svm_vcpu_put(struct kvm_vcpu *vcpu) loadsegment(gs, svm->host.gs); #endif #endif + for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++) wrmsrl(host_save_user_msrs[i], svm->host_user_msrs[i]); } @@ -3147,6 +3160,7 @@ static void dump_vmcb(struct kvm_vcpu *vcpu) pr_err("%-20s%016llx\n", "avic_backing_page:", control->avic_backing_page); pr_err("%-20s%016llx\n", "avic_logical_id:", control->avic_logical_id); pr_err("%-20s%016llx\n", "avic_physical_id:", control->avic_physical_id); + pr_err("%-20s%016llx\n", "vmsa_pa:", control->vmsa_pa); pr_err("VMCB State Save Area:\n"); pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n", "es:", diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 95be2ba08a01..48e4cfaf0a69 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -34,7 +34,7 @@ static const u32 host_save_user_msrs[] = { #define NR_HOST_SAVE_USER_MSRS ARRAY_SIZE(host_save_user_msrs) -#define MAX_DIRECT_ACCESS_MSRS 15 +#define MAX_DIRECT_ACCESS_MSRS 18 #define MSRPM_OFFSETS 16 extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly; extern bool npt_enabled; @@ -418,6 +418,8 @@ bool svm_nmi_blocked(struct kvm_vcpu *vcpu); bool svm_interrupt_blocked(struct kvm_vcpu *vcpu); void svm_set_gif(struct vcpu_svm *svm, bool value); int svm_invoke_exit_handler(struct vcpu_svm *svm, u64 exit_code); +void set_msr_interception(struct kvm_vcpu *vcpu, u32 *msrpm, u32 msr, + int read, int write); /* nested.c */ @@ -578,5 +580,7 @@ void sev_free_vcpu(struct kvm_vcpu *vcpu); int sev_handle_vmgexit(struct vcpu_svm *svm); int sev_es_string_io(struct vcpu_svm *svm, int size, unsigned int port, int in); void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector); +void sev_es_init_vmcb(struct vcpu_svm *svm); +void sev_es_create_vcpu(struct vcpu_svm *svm); #endif From patchwork Tue Nov 17 17:07:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11913011 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CC4CEC64E75 for ; Tue, 17 Nov 2020 17:12:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8D8E424654 for ; Tue, 17 Nov 2020 17:12:57 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="N5DzzsTi" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729714AbgKQRM2 (ORCPT ); Tue, 17 Nov 2020 12:12:28 -0500 Received: from mail-dm6nam12on2071.outbound.protection.outlook.com ([40.107.243.71]:24061 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728705AbgKQRM1 (ORCPT ); Tue, 17 Nov 2020 12:12:27 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=C9zwQuKatpYfH8Sag8ufjVfCVo8MIOYk23MZpfKUDv7uXF/TfV2Lcwf9lc9Y2IGi9XBFXv7bSxoa4GXk8ss8G76mYpDkgzCpCE3sMvb8LM6DAn74uPM0ZlYDgd9lDXVVxLfUsjiTXrmCPnPJTzW5B5Hrh2XwICM96RaXIemG7AR3oiz1cVbSZlfWSlfs0HS9MZrPMtFoD6tR+w118vMPLqDS/7bFlFYjBjE8wjnl7ikQce4iB455U0ffvZrFGeh+l1OXJIiCVpTGbtXzDTlBmlvEDqVgzu12yKsHFnLhkvPTt7aZQ1/PhLoix4ngh/lv5s7TjLEXpoODCYu+PVsK1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4ktpBbqBaxlFUbmN0pBId3j2iC2J5+O0rE9ohbalHr4=; b=dLozh+al94WzoOrN0GHI2Guz8hnB671cVHBnzBlIpYSSOfG27j23x+LzQOiSVR55UKPF1sxDvaJfUU4m2Sh98UoCQLz/4jaRxIDlLD193g28c9VW2wYpxuwcYP7zAVgYAYzagRPOIrSYrTQnAALZCEKHZ3qnyTZOJ2IynHriqSWvtcLUEYLMqn3QdD8YXt4fpGD5HzVamiOf+chWEp4LbRF9XaPa5bf7hmhkb9mq34aN0a4Dk+wFZeGP3Xh2D5em9alkFMsVYQ08A3XWTh+SnPPfRWOuY/FLwnWQS1RTUJ4dMOSrqwh34uYc5HBs6pL4Cmzt2Wdh0EClD70K3q69jg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4ktpBbqBaxlFUbmN0pBId3j2iC2J5+O0rE9ohbalHr4=; b=N5DzzsTiny7mv6z7iRc/5w/xlBeHGzWp18w2LK00MuQ1z3AQdfWBGPgu3tbW7kJbLW03/S7E2xO5FGFXK7nSj4eaNQMLHi7tI3VmOrC4AhGpwK0PCje1Yq34KQUkJfuHSXG9mNofpmMdl0GZDIRQ2qAwW9+nF9deR6Eq4ikcXls= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:12:19 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:12:19 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 32/34] KVM: SVM: Provide support for SEV-ES vCPU loading Date: Tue, 17 Nov 2020 11:07:35 -0600 Message-Id: <5e19b1fd4a11ee87261e6dcfa97d1d4250766500.1605632857.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0801CA0014.namprd08.prod.outlook.com (2603:10b6:803:29::24) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SN4PR0801CA0014.namprd08.prod.outlook.com (2603:10b6:803:29::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.28 via Frontend Transport; Tue, 17 Nov 2020 17:12:18 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 0383353c-cf4a-486b-0592-08d88b1bf0d1 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6108; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: F6jP2CiH4ijhZNVoPEz8rVUBhMlAy7EN77kAD8EAIDivPEgzmeCHkMXpBmqUZSGpMUAKqtx/Jfa7GruYm0n3zlC/QY1+KiJvNIkzmkKCA8DFqMEAwZdM5CbDHvPW4FpSE9yI0O+ATeZFyVadLzkTKnVD7Z2If8NBtzOYYcf+UXaubjhS3TE6IZwgbkjemUs/HD6g13FYl61b0uxre4olXqCltcWhu0x07sUeAabEu00NiwBo+6rwCYvzCu5Q4Acp3n6ehfGzf5PwvUyDV3za3HRiRSmHh290ZeYHwZF9eqigLh26g8aVupBXZpeEh4PP X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: ecFGkxecpUkx3fSs0B1vxhkWWVjTUBRu715fnSjGF8gduKqQvePE+VSOaG/IGCHJazdYYZpOn0jqDjQNjA+3Sye8QVb21jZ/yudpxRPJgyc5b+/eP5l0lrvKpVS8Wikeop7FrGDXDO0Fnc36vfqFoIoirhm0e3XmlVfZq+dGOBkP+cdEFrDpyAu7NmhH9ZtVxxwpKK/+MAxLFX8rMSsKjIzK3/k0RjqBcb2IU1Aus3trXnXHhXW1PvwRrNCKMAwoq9LhQfCq64NSE3D2XcgaLS2s1h9FD7USeRUwHUgGXdh4DmezTgDsUsnYLHFC/cRaI88zTaqufLuRblXqF6Q9A9mQwdCZtNfBQTHXh0ngoHYWyvSzNpl8cJQWx+pMVQdGhdDO7D4lmxLIPRwFFUNm3/DqV6RyNcuholpQqUtGBPDH4mB78qIDkAnWxWdI39f3DUmHprtUMXWLJzr8iQSceqjT5b59zjBxetv/9DH4+rudIm5k4BD6hi8fEn0pENDn0JWu6AZ/9oheMkF0e+7Ddglq0k6p7SmVNwIRlIOd9t6H27/uHahzDH7qWjmbe//uyvhI7NiahJuAZC+PeZDnmvzUNWb5CeumnNJ/0WV8dNaokZsnUNq+rB1+wY9ormYj0jlMH0dazaI3/8O2tuS7xA== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0383353c-cf4a-486b-0592-08d88b1bf0d1 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:12:19.6861 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: x63ISA2Kfkg49Bqzbe+QDX8sfn6GogM0U8hh1beZ4FMGdOhbcPjnlN2AxOMI4XUeR58ZSjZ4BIhO1TfuULS4sw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky An SEV-ES vCPU requires additional VMCB vCPU load/put requirements. SEV-ES hardware will restore certain registers on VMEXIT, but not save them on VMRUM (see Table B-3 and Table B-4 of the AMD64 APM Volume 2), so make the following changes: General vCPU load changes: - During vCPU loading, perform a VMSAVE to the per-CPU SVM save area and save the current values of XCR0, XSS and PKRU to the per-CPU SVM save area as these registers will be restored on VMEXIT. General vCPU put changes: - Do not attempt to restore registers that SEV-ES hardware has already restored on VMEXIT. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/svm.h | 10 ++++--- arch/x86/kvm/svm/sev.c | 54 ++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 36 ++++++++++++++++--------- arch/x86/kvm/svm/svm.h | 22 +++++++++++----- arch/x86/kvm/x86.c | 3 ++- arch/x86/kvm/x86.h | 1 + 6 files changed, 103 insertions(+), 23 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index a57331de59e2..1c561945b426 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -234,7 +234,8 @@ struct vmcb_save_area { u8 cpl; u8 reserved_2[4]; u64 efer; - u8 reserved_3[112]; + u8 reserved_3[104]; + u64 xss; /* Valid for SEV-ES only */ u64 cr4; u64 cr3; u64 cr0; @@ -265,9 +266,12 @@ struct vmcb_save_area { /* * The following part of the save area is valid only for - * SEV-ES guests when referenced through the GHCB. + * SEV-ES guests when referenced through the GHCB or for + * saving to the host save area. */ - u8 reserved_7[104]; + u8 reserved_7[80]; + u32 pkru; + u8 reserved_7a[20]; u64 reserved_8; /* rax already available at 0x01f8 */ u64 rcx; u64 rdx; diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index e34d3a6dba80..225f18dbf522 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -18,12 +18,15 @@ #include #include +#include #include "x86.h" #include "svm.h" #include "cpuid.h" #include "trace.h" +#define __ex(x) __kvm_handle_fault_on_reboot(x) + static u8 sev_enc_bit; static int sev_flush_asids(void); static DECLARE_RWSEM(sev_deactivate_lock); @@ -1902,3 +1905,54 @@ void sev_es_create_vcpu(struct vcpu_svm *svm) GHCB_VERSION_MIN, sev_enc_bit)); } + +void sev_es_vcpu_load(struct vcpu_svm *svm, int cpu) +{ + struct svm_cpu_data *sd = per_cpu(svm_data, cpu); + struct vmcb_save_area *hostsa; + unsigned int i; + + /* + * As an SEV-ES guest, hardware will restore the host state on VMEXIT, + * of which one step is to perform a VMLOAD. Since hardware does not + * perform a VMSAVE on VMRUN, the host savearea must be updated. + */ + asm volatile(__ex("vmsave") : : "a" (__sme_page_pa(sd->save_area)) : "memory"); + + /* + * Certain MSRs are restored on VMEXIT, only save ones that aren't + * restored. + */ + for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++) { + if (host_save_user_msrs[i].sev_es_restored) + continue; + + rdmsrl(host_save_user_msrs[i].index, svm->host_user_msrs[i]); + } + + /* XCR0 is restored on VMEXIT, save the current host value */ + hostsa = (struct vmcb_save_area *)(page_address(sd->save_area) + 0x400); + hostsa->xcr0 = xgetbv(XCR_XFEATURE_ENABLED_MASK); + + /* PKRU is restored on VMEXIT, save the curent host value */ + hostsa->pkru = read_pkru(); + + /* MSR_IA32_XSS is restored on VMEXIT, save the currnet host value */ + hostsa->xss = host_xss; +} + +void sev_es_vcpu_put(struct vcpu_svm *svm) +{ + unsigned int i; + + /* + * Certain MSRs are restored on VMEXIT and were saved with vmsave in + * sev_es_vcpu_load() above. Only restore ones that weren't. + */ + for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++) { + if (host_save_user_msrs[i].sev_es_restored) + continue; + + wrmsrl(host_save_user_msrs[i].index, svm->host_user_msrs[i]); + } +} diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 252e10de0950..b9c4d8b28423 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1417,15 +1417,20 @@ static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu) vmcb_mark_all_dirty(svm->vmcb); } + if (sev_es_guest(svm->vcpu.kvm)) { + sev_es_vcpu_load(svm, cpu); + } else { #ifdef CONFIG_X86_64 - rdmsrl(MSR_GS_BASE, to_svm(vcpu)->host.gs_base); + rdmsrl(MSR_GS_BASE, to_svm(vcpu)->host.gs_base); #endif - savesegment(fs, svm->host.fs); - savesegment(gs, svm->host.gs); - svm->host.ldt = kvm_read_ldt(); + savesegment(fs, svm->host.fs); + savesegment(gs, svm->host.gs); + svm->host.ldt = kvm_read_ldt(); - for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++) - rdmsrl(host_save_user_msrs[i], svm->host_user_msrs[i]); + for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++) + rdmsrl(host_save_user_msrs[i].index, + svm->host_user_msrs[i]); + } if (static_cpu_has(X86_FEATURE_TSCRATEMSR)) { u64 tsc_ratio = vcpu->arch.tsc_scaling_ratio; @@ -1453,19 +1458,24 @@ static void svm_vcpu_put(struct kvm_vcpu *vcpu) avic_vcpu_put(vcpu); ++vcpu->stat.host_state_reload; - kvm_load_ldt(svm->host.ldt); + if (sev_es_guest(svm->vcpu.kvm)) { + sev_es_vcpu_put(svm); + } else { + kvm_load_ldt(svm->host.ldt); #ifdef CONFIG_X86_64 - loadsegment(fs, svm->host.fs); - wrmsrl(MSR_KERNEL_GS_BASE, current->thread.gsbase); - load_gs_index(svm->host.gs); + loadsegment(fs, svm->host.fs); + wrmsrl(MSR_KERNEL_GS_BASE, current->thread.gsbase); + load_gs_index(svm->host.gs); #else #ifdef CONFIG_X86_32_LAZY_GS - loadsegment(gs, svm->host.gs); + loadsegment(gs, svm->host.gs); #endif #endif - for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++) - wrmsrl(host_save_user_msrs[i], svm->host_user_msrs[i]); + for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++) + wrmsrl(host_save_user_msrs[i].index, + svm->host_user_msrs[i]); + } } static unsigned long svm_get_rflags(struct kvm_vcpu *vcpu) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 48e4cfaf0a69..5229c5763a30 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -23,15 +23,23 @@ #define __sme_page_pa(x) __sme_set(page_to_pfn(x) << PAGE_SHIFT) -static const u32 host_save_user_msrs[] = { +static const struct svm_host_save_msrs { + u32 index; /* Index of the MSR */ + bool sev_es_restored; /* True if MSR is restored on SEV-ES VMEXIT */ +} host_save_user_msrs[] = { #ifdef CONFIG_X86_64 - MSR_STAR, MSR_LSTAR, MSR_CSTAR, MSR_SYSCALL_MASK, MSR_KERNEL_GS_BASE, - MSR_FS_BASE, + { .index = MSR_STAR, .sev_es_restored = true }, + { .index = MSR_LSTAR, .sev_es_restored = true }, + { .index = MSR_CSTAR, .sev_es_restored = true }, + { .index = MSR_SYSCALL_MASK, .sev_es_restored = true }, + { .index = MSR_KERNEL_GS_BASE, .sev_es_restored = true }, + { .index = MSR_FS_BASE, .sev_es_restored = true }, #endif - MSR_IA32_SYSENTER_CS, MSR_IA32_SYSENTER_ESP, MSR_IA32_SYSENTER_EIP, - MSR_TSC_AUX, + { .index = MSR_IA32_SYSENTER_CS, .sev_es_restored = true }, + { .index = MSR_IA32_SYSENTER_ESP, .sev_es_restored = true }, + { .index = MSR_IA32_SYSENTER_EIP, .sev_es_restored = true }, + { .index = MSR_TSC_AUX, .sev_es_restored = false }, }; - #define NR_HOST_SAVE_USER_MSRS ARRAY_SIZE(host_save_user_msrs) #define MAX_DIRECT_ACCESS_MSRS 18 @@ -582,5 +590,7 @@ int sev_es_string_io(struct vcpu_svm *svm, int size, unsigned int port, int in); void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector); void sev_es_init_vmcb(struct vcpu_svm *svm); void sev_es_create_vcpu(struct vcpu_svm *svm); +void sev_es_vcpu_load(struct vcpu_svm *svm, int cpu); +void sev_es_vcpu_put(struct vcpu_svm *svm); #endif diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index a0eca41eaa33..6e0599ae517f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -197,7 +197,8 @@ EXPORT_SYMBOL_GPL(host_efer); bool __read_mostly allow_smaller_maxphyaddr = 0; EXPORT_SYMBOL_GPL(allow_smaller_maxphyaddr); -static u64 __read_mostly host_xss; +u64 __read_mostly host_xss; +EXPORT_SYMBOL_GPL(host_xss); u64 __read_mostly supported_xss; EXPORT_SYMBOL_GPL(supported_xss); diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index f46bb286def5..a922d950638d 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -278,6 +278,7 @@ fastpath_t handle_fastpath_set_msr_irqoff(struct kvm_vcpu *vcpu); extern u64 host_xcr0; extern u64 supported_xcr0; +extern u64 host_xss; extern u64 supported_xss; static inline bool kvm_mpx_supported(void) From patchwork Tue Nov 17 17:07:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11913017 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7DEB7C64E7D for ; Tue, 17 Nov 2020 17:12:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2C29A238E6 for ; Tue, 17 Nov 2020 17:12:58 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="xWR1kYzN" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728807AbgKQRMf (ORCPT ); Tue, 17 Nov 2020 12:12:35 -0500 Received: from mail-dm6nam12on2059.outbound.protection.outlook.com ([40.107.243.59]:34273 "EHLO NAM12-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728533AbgKQRMd (ORCPT ); Tue, 17 Nov 2020 12:12:33 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RmxzFqJoCOZ5fvlnORuHb05+HwNGJs5iGgjWlwgYyZ/twUzYod20vAEPBPEHahQ5dtpywqsk3QGgDH92qoS2XVKJ2e1CQtTL/WLTeuirHr4v8zQ6YXcQghepjRzheZWXuQe1Wzf5kRZxUzPSKBT9/ZeAlaWmJjVTSDzjN4TG9bJ5LxHZh2wy4Ia6wvjLFIwx3DO+CuYcibM+BE4oVJXYtRcLkNDDOfUDOiTpPECbm4AbyAC8wDW08sKH3qOzhrQ5HUsNezL8uWhDhmrN71/GHZp2qezVcwALF8D7vfut34ww27a8i9zcFd2v39027w7TlKro98/bNLwgo1iIp7Vp5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+ETNEw6agXMIQrVax5xUgVAxxPp8nNJmijgm9Gkm+3k=; b=GBjG8cmcR40ceFBLiHilaBQzlY9zSLrpCS9Y72i6AOnQJA5Eo+8Rf6rPpJ+kbeZVLABGbMfkauRw+9ReR/698PE1sSpYoTxNTtR5Som/pI6IUPxDKTqJYeXMhSZdXy0zutvK+lkX3LICzb+njp0wAl06c1JP/JMQQzE5pd3lYiUltucsW7OILfcyT9EqoerpZW0zoCBHTx02qlt6MwmhLedDUClOxc18mrrwDKEBf5Q97UwfK4SiUN1T21PidVwYivud4ZIMIro2cOH+ig3Pb2+/2p/1da4oJ//b2QQZqBHMYX449V0sMkDPDbQliOwqQ3g6bgASDBmUH60mYdqSIA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+ETNEw6agXMIQrVax5xUgVAxxPp8nNJmijgm9Gkm+3k=; b=xWR1kYzN+KXHxDKPKVRJucgbU1L8oNs8DuInVaaC8iYMU0lfb5rt2b5gf6RrGcd01X9fg/iuHqSoTV5gYJozwI53Hi0sbOjfWLt+0M4Hw1S1jHyk7fisRl6Le191nDU4/3gI0G9O1ot9rcdf+XBxqVjyCrPSYAtT7CgXuesW+qo= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:12:28 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:12:28 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 33/34] KVM: SVM: Provide an updated VMRUN invocation for SEV-ES guests Date: Tue, 17 Nov 2020 11:07:36 -0600 Message-Id: <227e126f0082c0abb16db0dd9ea7ba067e40332b.1605632857.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0501CA0121.namprd05.prod.outlook.com (2603:10b6:803:42::38) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SN4PR0501CA0121.namprd05.prod.outlook.com (2603:10b6:803:42::38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.15 via Frontend Transport; Tue, 17 Nov 2020 17:12:26 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: f2a54583-92c4-46f4-d616-08d88b1bf5c5 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: xXofH6OwOv9QM7iYtyb8IKJ4HWHNMhRSu4NS41VDi+5wY40bDK1kCqN+vt1+xyIIu5a/ZHl5Rsf0flrK+BBkBuNFCV9xWMXeBY0HCnx2/z6tnzs5ujNTvle1QPg75XAufqH9COdTKT7EDOAJu9gGCzCWWEaYqbcEe6yneAOrUksP/D20ITvJpFxWd5whLLSq4cdB+Tuyx/z/UcbRpfirAbLh654jF+5tFNkxeQQmDJ7+yDTrn0z9oNhCQdN2niqBAUB2E+f2zZPuQd7M/2Nh5A2pw9Qu9tDiWrc7jVaObGbUnIuSBHWVK9MtNAy+viZ2xxnDP6UVyrE8tTgX2C3WdQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(6666004)(186003)(36756003)(86362001)(15650500001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: lMdzy8BuvzBWFAbgPS/WV091QuzBmeMbEyGSI672VFjauTFygWiep/qRLfv9M8qKS96kR/VKIH5ufkUyuUYxpQgJ0c4eiwXEHWSgniIdS8pA0xDCKWSRHfHm+NRLns1ZQ0h84Ot1ehpm3siMq6TMWvtkZs97kuP5hgDgi6n2e+bG12vxtVxDgnIX1jsEMA9BUUjSqb0xbMrYyztBerPrp2ix1Y9ssobJdSlcnMMVg1loukrY5h3eDnsVT8uCn8dxBl0drzvq3tEXx+Shu2uu8PkNVG2NYpHvCLz9jpBnEy8sPz6itLNNcQj7n8eixyvQKCN26nvg8vlaeO8cdkixUX9J9LWoBy96iE7KjS+ET9aITIaMq/NEbCjfLCY8ITzadm5rIbNw/lM5frbDrML3Dl98AY6fkvHn6u+5Mt5KjGM25ZxNgqrNLW9LvBRQ4hwEpKKpxej/P35C+4mdTDMT2qacB1iNSXZmSaBhEJ+qCLuaechYrYFWyxc/VJoXfxXJ4ViuEVboqZ/Xt8iVPfKTQ/Y25PDtqYRjd+Z+WenM/HuAQS/TIauxbHg/8A63/yJCQPsyAEq4TcWKJhm7FvVCNmD5Zep0nniWgVZ1HpvnaHqO8ckdgVkJ5xcpzDQXoWKbaA/tUT1QGDhKR4dBnh660A== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: f2a54583-92c4-46f4-d616-08d88b1bf5c5 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:12:27.9645 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: w24y8YOB5GMx5sGHrRxQS7pOXjIEJ5AZWmzVAAgMgbEbn5OnMUhVcn1+HvLVHA765cV7cv+J5nKYG4OjvfuLxA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky The run sequence is different for an SEV-ES guest compared to a legacy or even an SEV guest. The guest vCPU register state of an SEV-ES guest will be restored on VMRUN and saved on VMEXIT. There is no need to restore the guest registers directly and through VMLOAD before VMRUN and no need to save the guest registers directly and through VMSAVE on VMEXIT. Update the svm_vcpu_run() function to skip register state saving and restoring and provide an alternative function for running an SEV-ES guest in vmenter.S Additionally, certain host state is restored across an SEV-ES VMRUN. As a result certain register states are not required to be restored upon VMEXIT (e.g. FS, GS, etc.), so only do that if the guest is not an SEV-ES guest. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/svm.c | 25 ++++++++++++------- arch/x86/kvm/svm/svm.h | 5 ++++ arch/x86/kvm/svm/vmenter.S | 50 ++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/x86.c | 6 +++++ 4 files changed, 77 insertions(+), 9 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index b9c4d8b28423..c4b53e7386a0 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3748,16 +3748,20 @@ static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu, guest_enter_irqoff(); lockdep_hardirqs_on(CALLER_ADDR0); - __svm_vcpu_run(svm->vmcb_pa, (unsigned long *)&svm->vcpu.arch.regs); + if (sev_es_guest(svm->vcpu.kvm)) { + __svm_sev_es_vcpu_run(svm->vmcb_pa); + } else { + __svm_vcpu_run(svm->vmcb_pa, (unsigned long *)&svm->vcpu.arch.regs); #ifdef CONFIG_X86_64 - native_wrmsrl(MSR_GS_BASE, svm->host.gs_base); + native_wrmsrl(MSR_GS_BASE, svm->host.gs_base); #else - loadsegment(fs, svm->host.fs); + loadsegment(fs, svm->host.fs); #ifndef CONFIG_X86_32_LAZY_GS - loadsegment(gs, svm->host.gs); + loadsegment(gs, svm->host.gs); #endif #endif + } /* * VMEXIT disables interrupts (host state), but tracing and lockdep @@ -3851,14 +3855,17 @@ static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu) if (unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL))) svm->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL); - reload_tss(vcpu); + if (!sev_es_guest(svm->vcpu.kvm)) + reload_tss(vcpu); x86_spec_ctrl_restore_host(svm->spec_ctrl, svm->virt_spec_ctrl); - vcpu->arch.cr2 = svm->vmcb->save.cr2; - vcpu->arch.regs[VCPU_REGS_RAX] = svm->vmcb->save.rax; - vcpu->arch.regs[VCPU_REGS_RSP] = svm->vmcb->save.rsp; - vcpu->arch.regs[VCPU_REGS_RIP] = svm->vmcb->save.rip; + if (!sev_es_guest(svm->vcpu.kvm)) { + vcpu->arch.cr2 = svm->vmcb->save.cr2; + vcpu->arch.regs[VCPU_REGS_RAX] = svm->vmcb->save.rax; + vcpu->arch.regs[VCPU_REGS_RSP] = svm->vmcb->save.rsp; + vcpu->arch.regs[VCPU_REGS_RIP] = svm->vmcb->save.rip; + } if (unlikely(svm->vmcb->control.exit_code == SVM_EXIT_NMI)) kvm_before_interrupt(&svm->vcpu); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 5229c5763a30..e93421d59a1b 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -593,4 +593,9 @@ void sev_es_create_vcpu(struct vcpu_svm *svm); void sev_es_vcpu_load(struct vcpu_svm *svm, int cpu); void sev_es_vcpu_put(struct vcpu_svm *svm); +/* vmenter.S */ + +void __svm_sev_es_vcpu_run(unsigned long vmcb_pa); +void __svm_vcpu_run(unsigned long vmcb_pa, unsigned long *regs); + #endif diff --git a/arch/x86/kvm/svm/vmenter.S b/arch/x86/kvm/svm/vmenter.S index 1ec1ac40e328..6feb8c08f45a 100644 --- a/arch/x86/kvm/svm/vmenter.S +++ b/arch/x86/kvm/svm/vmenter.S @@ -168,3 +168,53 @@ SYM_FUNC_START(__svm_vcpu_run) pop %_ASM_BP ret SYM_FUNC_END(__svm_vcpu_run) + +/** + * __svm_sev_es_vcpu_run - Run a SEV-ES vCPU via a transition to SVM guest mode + * @vmcb_pa: unsigned long + */ +SYM_FUNC_START(__svm_sev_es_vcpu_run) + push %_ASM_BP +#ifdef CONFIG_X86_64 + push %r15 + push %r14 + push %r13 + push %r12 +#else + push %edi + push %esi +#endif + push %_ASM_BX + + /* Enter guest mode */ + mov %_ASM_ARG1, %_ASM_AX + sti + +1: vmrun %_ASM_AX + jmp 3f +2: cmpb $0, kvm_rebooting + jne 3f + ud2 + _ASM_EXTABLE(1b, 2b) + +3: cli + +#ifdef CONFIG_RETPOLINE + /* IMPORTANT: Stuff the RSB immediately after VM-Exit, before RET! */ + FILL_RETURN_BUFFER %_ASM_AX, RSB_CLEAR_LOOPS, X86_FEATURE_RETPOLINE +#endif + + pop %_ASM_BX + +#ifdef CONFIG_X86_64 + pop %r12 + pop %r13 + pop %r14 + pop %r15 +#else + pop %esi + pop %edi +#endif + pop %_ASM_BP + ret +SYM_FUNC_END(__svm_sev_es_vcpu_run) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 6e0599ae517f..8695e5bc78c0 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -880,6 +880,9 @@ EXPORT_SYMBOL_GPL(kvm_lmsw); void kvm_load_guest_xsave_state(struct kvm_vcpu *vcpu) { + if (vcpu->arch.guest_state_protected) + return; + if (kvm_read_cr4_bits(vcpu, X86_CR4_OSXSAVE)) { if (vcpu->arch.xcr0 != host_xcr0) @@ -900,6 +903,9 @@ EXPORT_SYMBOL_GPL(kvm_load_guest_xsave_state); void kvm_load_host_xsave_state(struct kvm_vcpu *vcpu) { + if (vcpu->arch.guest_state_protected) + return; + if (static_cpu_has(X86_FEATURE_PKU) && (kvm_read_cr4_bits(vcpu, X86_CR4_PKE) || (vcpu->arch.xcr0 & XFEATURE_MASK_PKRU))) { From patchwork Tue Nov 17 17:07:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 11913019 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C4955C64E8A for ; Tue, 17 Nov 2020 17:12:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 90749238E6 for ; Tue, 17 Nov 2020 17:12:58 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="2rZDly+G" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729786AbgKQRMp (ORCPT ); Tue, 17 Nov 2020 12:12:45 -0500 Received: from mail-mw2nam10on2083.outbound.protection.outlook.com ([40.107.94.83]:62368 "EHLO NAM10-MW2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728775AbgKQRMo (ORCPT ); Tue, 17 Nov 2020 12:12:44 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FGXiO1Sw6yKfqWAdFKaWJk1VGo0XzGKqY38MxxaIuyvKzNTipDCvHXOwoHAuask/paIvedBupb/B4qOaj/UrOU7wqP2yjAjRVGMbujxYhzTPKDEn8kUrV2NL1YiErlgK+k93gnDHhhO4JcwGE1PoaOjpK9BUJ96UyfeCbrILitZyC9hJ8i83SsuVZlyteVQRnrOUX0ZN5khEth113+bdd7rE3PWcSGRpCkUG7osq36Ih6d7p9Os6LSU4cDC0NuXlPj+EgRJ3nshAlxHf6WiPEoJv3l1GCIBLn6qQVd3CgMyyImX/ftPZxDu8nhYb+mKp5kHV+KmSa+NWHRqWG98/TQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l/VswT3pXWCkvWU8IrE4vGOPu7VEZmb7FZDaWOIngMQ=; b=Ja+/xPJsRpvWg9aAqs/uCOlkZerGBn6UKW0sFIHpqtC/OKrLlscmN4XUfe/L7rW3fds2rJwjOpMDo0iDabODvTLmk20C3dxnmPGYuKoKBs6H4WAL1ntsQ9osfGxNEZpbDKleIktdtmePAKHLxhcfwdSl0U0BPiDbQhhJwo0Cz+SjM3Deazg6MrkueEgyUkGz17MbyyB/4aFRvu9tBfABjdgGwwhNfGncQSrNhrDUSy2ZP8gbBcVNxmw/kgWfc8BAPxo3+nzdfeLfl5uHU0g9ir51YOAw9kGynVG3iDpnJHAr3kpcwmIjr9tC++OJMvAmfU2tfBTVxSh5ynEJkbCTzw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l/VswT3pXWCkvWU8IrE4vGOPu7VEZmb7FZDaWOIngMQ=; b=2rZDly+GByqYltbXvlhZWHTERwz8yybPwZHVMgAvCgkxvlpUiomsGkz2aefoVfFyggyBmPZkmKihMz2oeVF9SXLOZ7Bz3J3dkDtVdSTiV0Ilrnmzx4YkJMcE1qHGFyJKmuGG7d+s5ybCPcpLYLcl+GSFppcLHVGZizLHYgp52SI= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.25; Tue, 17 Nov 2020 17:12:36 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::dcda:c3e8:2386:e7fe%12]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 17:12:36 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v4 34/34] KVM: SVM: Provide support to launch and run an SEV-ES guest Date: Tue, 17 Nov 2020 11:07:37 -0600 Message-Id: <55440503952763bef59d653413396cce5e8527da.1605632857.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0201CA0071.namprd02.prod.outlook.com (2603:10b6:803:20::33) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SN4PR0201CA0071.namprd02.prod.outlook.com (2603:10b6:803:20::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.28 via Frontend Transport; Tue, 17 Nov 2020 17:12:35 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: d65409ba-6e7b-4bfa-0a69-08d88b1bfaba X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 6U/xGoNpEOn7lE/9iyB6rSCNyeVfiImo1I+vgmOSYlUJY6lkiLYB73ii9SXKIUXjcVIBW0m9RUXW+negS0NW9Mjrn3G9NVX05scgzZOA1ZAOeD1DKOpBCFWpQ5zumYr1vyXf+oMzvzi28RwPXXb/VUxOJiLq9yBYGJFjmA+3bL0gOPx34L6gUvIxNy/oHKrVuukJ8Hx5fRznIgzHt6CbxiLu/5j5xmFwwfz60OA886jd8Dw2VfhiN2epFJNh1wQXftDkeSzWTRa3q1NjkpbU48qmxrUkwaJ1A7xxeqHxhx+pNz2v2rcX+gbiHKgg0N5lhyOj0+lz7w7llCOJ4J7S0g== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(6486002)(66476007)(66946007)(8936002)(83380400001)(5660300002)(26005)(478600001)(66556008)(16526019)(186003)(36756003)(86362001)(8676002)(316002)(956004)(52116002)(4326008)(54906003)(7696005)(7416002)(2616005)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: qLqQBHxsXoYvSKLN9KmZPYevLclFuATSTnqMy8P7okd9x5xny1otMX9Rmr3b6apXyKdmQgkDXkbxWxF624EqjNRkTH8mTo7YQcX+Ooke4CvSppJkRZzHSKZlYHbFdICCq9ugcTdJoBsOiU6dsux/cMJdF9h+oQ4l+Yp64ykstIGd94FMxsX/AA7ZBNVYjXH89NmHy6ToOEglradM7yd0u1laIVd2z1YaUDIeyEUUNcaX/6aeiQeRFyR/julCKoAOJbWHOqGALRqlmVsWYT8zHzl655wzTBqo+lu/lmLOMhf1mSDNpeelS4BJgXB0bqhv1byB+aPt9xUqBh5t9hJgtyWIEOUcfPoC8Fs6En5v4/MYvNH7K07y+XZTFWywdYw2NXKxVgyoWs63fakqGiLqLo5tBtwmnJzpJvLiA/lWxFeYBGSTWKTB9Y/COOjsHqpPdAZUDINYIcHtl6iFJ8aKPLZeJuwbbAK8fxhCp8akHfbAHCR8nma5h7dD84njr3YdWbIApXX0XaXb3G1Cp5Bd+rRqWiBIRO8fXuBkdXRUKxIhA2TH5spekYOsVDLu0q7SMGqrsHjgygLZiLo2tX4h0gy6POkFgVx3eQGOYtemC226byELdSwyaRRR1kbA6Rcz76oOBOV3ofArqst9cZpuqQ== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: d65409ba-6e7b-4bfa-0a69-08d88b1bfaba X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 17:12:36.4687 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: gxva7Knp91jPSc8f3AukIg8U+H8aa6KvIc6LsXzJBhK9ZwE8kFQ0BOukVHUUguAH+aeKs0Lln4QbGevRGat54Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky An SEV-ES guest is started by invoking a new SEV initialization ioctl, KVM_SEV_ES_INIT. This identifies the guest as an SEV-ES guest, which is used to drive the appropriate ASID allocation, VMSA encryption, etc. Before being able to run an SEV-ES vCPU, the vCPU VMSA must be encrypted and measured. This is done using the LAUNCH_UPDATE_VMSA command after all calls to LAUNCH_UPDATE_DATA have been performed, but before LAUNCH_MEASURE has been performed. In order to establish the encrypted VMSA, the current (traditional) VMSA and the GPRs are synced to the page that will hold the encrypted VMSA and then LAUNCH_UPDATE_VMSA is invoked. The vCPU is then marked as having protected guest state. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 104 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 225f18dbf522..89f6fe4468c5 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -203,6 +203,16 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_es_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + if (!sev_es) + return -ENOTTY; + + to_kvm_svm(kvm)->sev_info.es_active = true; + + return sev_guest_init(kvm, argp); +} + static int sev_bind_asid(struct kvm *kvm, unsigned int handle, int *error) { struct sev_data_activate *data; @@ -502,6 +512,94 @@ static int sev_launch_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_es_sync_vmsa(struct vcpu_svm *svm) +{ + struct vmcb_save_area *save = &svm->vmcb->save; + + /* Check some debug related fields before encrypting the VMSA */ + if (svm->vcpu.guest_debug || (save->dr7 & ~DR7_FIXED_1)) + return -EINVAL; + + /* Sync registgers */ + save->rax = svm->vcpu.arch.regs[VCPU_REGS_RAX]; + save->rbx = svm->vcpu.arch.regs[VCPU_REGS_RBX]; + save->rcx = svm->vcpu.arch.regs[VCPU_REGS_RCX]; + save->rdx = svm->vcpu.arch.regs[VCPU_REGS_RDX]; + save->rsp = svm->vcpu.arch.regs[VCPU_REGS_RSP]; + save->rbp = svm->vcpu.arch.regs[VCPU_REGS_RBP]; + save->rsi = svm->vcpu.arch.regs[VCPU_REGS_RSI]; + save->rdi = svm->vcpu.arch.regs[VCPU_REGS_RDI]; + save->r8 = svm->vcpu.arch.regs[VCPU_REGS_R8]; + save->r9 = svm->vcpu.arch.regs[VCPU_REGS_R9]; + save->r10 = svm->vcpu.arch.regs[VCPU_REGS_R10]; + save->r11 = svm->vcpu.arch.regs[VCPU_REGS_R11]; + save->r12 = svm->vcpu.arch.regs[VCPU_REGS_R12]; + save->r13 = svm->vcpu.arch.regs[VCPU_REGS_R13]; + save->r14 = svm->vcpu.arch.regs[VCPU_REGS_R14]; + save->r15 = svm->vcpu.arch.regs[VCPU_REGS_R15]; + save->rip = svm->vcpu.arch.regs[VCPU_REGS_RIP]; + + /* Sync some non-GPR registers before encrypting */ + save->xcr0 = svm->vcpu.arch.xcr0; + save->pkru = svm->vcpu.arch.pkru; + save->xss = svm->vcpu.arch.ia32_xss; + + /* + * SEV-ES will use a VMSA that is pointed to by the VMCB, not + * the traditional VMSA that is part of the VMCB. Copy the + * traditional VMSA as it has been built so far (in prep + * for LAUNCH_UPDATE_VMSA) to be the initial SEV-ES state. + */ + memcpy(svm->vmsa, save, sizeof(*save)); + + return 0; +} + +static int sev_launch_update_vmsa(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_launch_update_vmsa *vmsa; + int i, ret; + + if (!sev_es_guest(kvm)) + return -ENOTTY; + + vmsa = kzalloc(sizeof(*vmsa), GFP_KERNEL); + if (!vmsa) + return -ENOMEM; + + for (i = 0; i < kvm->created_vcpus; i++) { + struct vcpu_svm *svm = to_svm(kvm->vcpus[i]); + + /* Perform some pre-encryption checks against the VMSA */ + ret = sev_es_sync_vmsa(svm); + if (ret) + goto e_free; + + /* + * The LAUNCH_UPDATE_VMSA command will perform in-place + * encryption of the VMSA memory content (i.e it will write + * the same memory region with the guest's key), so invalidate + * it first. + */ + clflush_cache_range(svm->vmsa, PAGE_SIZE); + + vmsa->handle = sev->handle; + vmsa->address = __sme_pa(svm->vmsa); + vmsa->len = PAGE_SIZE; + ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_UPDATE_VMSA, vmsa, + &argp->error); + if (ret) + goto e_free; + + svm->vcpu.arch.guest_state_protected = true; + } + +e_free: + kfree(vmsa); + return ret; +} + static int sev_launch_measure(struct kvm *kvm, struct kvm_sev_cmd *argp) { void __user *measure = (void __user *)(uintptr_t)argp->data; @@ -959,12 +1057,18 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_INIT: r = sev_guest_init(kvm, &sev_cmd); break; + case KVM_SEV_ES_INIT: + r = sev_es_guest_init(kvm, &sev_cmd); + break; case KVM_SEV_LAUNCH_START: r = sev_launch_start(kvm, &sev_cmd); break; case KVM_SEV_LAUNCH_UPDATE_DATA: r = sev_launch_update_data(kvm, &sev_cmd); break; + case KVM_SEV_LAUNCH_UPDATE_VMSA: + r = sev_launch_update_vmsa(kvm, &sev_cmd); + break; case KVM_SEV_LAUNCH_MEASURE: r = sev_launch_measure(kvm, &sev_cmd); break;