From patchwork Fri Jun 21 13:40:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13707621 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2073.outbound.protection.outlook.com [40.107.94.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 33FB6EEDC; Fri, 21 Jun 2024 13:43:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.73 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718977442; cv=fail; b=lyMs9Dz2kKv1/raCxhdDALuBJloJJs0DeFo/XyvtkXXIeHKk1twV/WdDoooLyYOa5ep/bw6wZouXNkJIHE4zWa+eg8/qyEPQ8We0FenNxJ/l1dv6CCPEXkhjKheika3+kGRWD7sM6RHpGWRFJ8Qcx/n/ufoZlFxMz44Swu8x7Ws= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718977442; c=relaxed/simple; bh=bmnFMGNJQVjQPw7W1CaDu1frGLMTAZ7nfYHgTswjyZI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=bRSxVcGrCMGnz6yxweMMHAqCLTAHG+EM/UDOsbbrNY2Y8N8qjjWXgUkTR8s5yS7BteOSaq7F2DqVlhXPMx8m6Wr1Htggmzad1Eb72rbL37gdM0TuPG8dZAdcNkJ1FBbGER+J725rAae0eaZvW46/lzc8BFbXkPyEKovIP/XU0vM= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=hpCbVHBm; arc=fail smtp.client-ip=40.107.94.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="hpCbVHBm" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Xd2Kx9DsEsPOsdFOObOjb8DFkPHX4uB4Zx3KHH1h8m+dyPFuMuukNudTHokjj50ce0sEfn9y4VvQy0ts9ktn3pp9Fkuy0HKwUf+7usBUW55bWGxJDXNceoYBRV9OCB3ClWZNq4C9jgLDaEzkRFmh8fReh5QEenC8GHvC1gw/F6cW9wlESQcMqoIWazriR+KUwkodEnOQYHSluXzT9Minu+z4qtCLZETtzDTvYAMqZDgTo0scG8Y3fVtd/8S9fmh6+RjZEwgL8/MqOLCYTFlwm+lrgeyZEUzt9n2rEe3qVT1urgcya55Ab1utsF/dJa2AYkZmXc8dDlen6yo3Jt6BKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fw5JP6mVkUJ2A2g82QQ77MPZ9l+2MMau0DOigE3Eptw=; b=kNq9iP6/wWP1IrwhtjVcv047Hyv7PhZZi0TgVK1FxLIS9zoH1SjNTUkL1WRE1yyn2COX1RHhVJbTB8Zb1tdARpgJKkf/77MSX/6eJ2a8LPa1kiHdY4q+HZzgwB5xSnOgMCw9eOYZOIqiiTJymBiOpQIMs68y8wUGRgUw9YEikJTExopkQ+w/POilCs3PoqE61Vd8kyW338W2vOgPW6N9YuTqwcqaTu2J6p0mVbkWlav+19BlstEKcftgx8/aXIRum1rDmlYwpt4JI9h7d7cromkF3i+1BH/4qHS3eBnfwyIbWahXyWIFINmTvpG6xLfopmd3MjTyTiGdj0+e+lve7A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fw5JP6mVkUJ2A2g82QQ77MPZ9l+2MMau0DOigE3Eptw=; b=hpCbVHBmgB0mP9o8X6hyhxg7dcGP6H8cpPVGVwGUE/pRMFYbeibE+pZyBRln3ZLJdomCEI1WTEgc74rpe4xh7qNMnkJoONJtRX+jiDksM+WgfCteyh5NiCoTo//DQsnLpLb5lDYwjNhdvvBp9DTNICu6smrGVubTjYvTMkot7QY= Received: from PH8PR21CA0003.namprd21.prod.outlook.com (2603:10b6:510:2ce::14) by IA1PR12MB6331.namprd12.prod.outlook.com (2603:10b6:208:3e3::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.18; Fri, 21 Jun 2024 13:43:56 +0000 Received: from CY4PEPF0000EE3D.namprd03.prod.outlook.com (2603:10b6:510:2ce:cafe::b9) by PH8PR21CA0003.outlook.office365.com (2603:10b6:510:2ce::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7719.14 via Frontend Transport; Fri, 21 Jun 2024 13:43:56 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EE3D.mail.protection.outlook.com (10.167.242.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 13:43:56 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 08:43:55 -0500 From: Michael Roth To: CC: , , , , , , , , , , , , Brijesh Singh , "Alexey Kardashevskiy" Subject: [PATCH v1 1/5] KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event Date: Fri, 21 Jun 2024 08:40:37 -0500 Message-ID: <20240621134041.3170480-2-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240621134041.3170480-1-michael.roth@amd.com> References: <20240621134041.3170480-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EE3D:EE_|IA1PR12MB6331:EE_ X-MS-Office365-Filtering-Correlation-Id: 26b4d2da-b40e-4d0a-4607-08dc91f83251 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|36860700010|376011|7416011|82310400023|1800799021; X-Microsoft-Antispam-Message-Info: O/zAd+YxLOpqWqHH8p9/EFTt0NTBwgHYKjEwOvjQ9v+6TMdG0QIcaOV5g3rtqMeEJgggkV0EA/h7mTm0ahOZx/xICSFxiacKLkMjuhQMKTvCGYR3mAQ2eJJ18LwAzWzErhtQQYJhPJK0WWtpA+9Ezv3xbXH+Moh0GGsIBFYyK8juIwRB48lUf3qVvtWA0NHTQrb4Jq7Ozn+DYbtCcpWPLb0t3hJm460yr+DnZEmkCHx8wl1MLLXnxRJkWsycwpgbw0lSPdV6fQdV2R/LtKGU9DnNREdabz7TTVsil3Cv2zrhYZQcmXUDDd4hqieKL2GhT/AorM9osCe3dBpTALv81A4qCfAAMZs41tEDJnObrP1ng5x0Vkm/SyYLxcotbUH6GntoqGwEWXzCpSbh7g2iYAAX6XZD34tvmNhpnKmZs+g7g6d32WohHDHoSBzvvJZHv5fn5FJy90Uk3CR+p84Zi1bdPMTOwxgb7qw0G66ZcZcpJk8sa4W03RiL2LkWVTm+kZ/tiRmXrBqqRomQEulfZiFZMw5qf4spCoh99s+z3XfMHNkeRsAztIBPYeXODzLfML0JlsK2xMjMKbQXWpyfwI96D1urBfZjURiwmHTbIgki+7BhVFLqEFLfaXJObqxevPYd362mZUzIsEKnPDNWncZ8KmNqJMH+lc0P8PuOjwydseqqIlKpgvAv3bcfT4/pt5+2Ezn7qG19kWnBvQm753+M7cwKMAYG7CVmoWaZ178gaGynRM7kThEWXLHMylCdwZEcAMAQ2tGDF6BX6CkGrakZ90G3WIrtw47FF4C3sppNeFUQ1UzeCXRkOTJnz66RnH2kYq+Ee6jeHhL66o26KR49NUoADgrRIKoq++dGSPQptpPL6Lc4x3OQWc+uiCVI8sICwNMZXnfqYO77x6SvOd74L6wZl7/qNQZgWK5scNANE6pTB/ymmQHiu0wpMir1c2aSps4f/Szrc94j52Dqq8VHpA6R/h77YY5rht6TXHKnqGK15TZPoVdcSgjnEEYhZyF6KZ/fi3gzhOJfPO+THlPR8EB1xOC/U1kp72T6rNquIl9cbe+kOw3P4zwWOatPq0wnh4O1FzRCJQcAL31fhbqo8/LoBUkIsuMtiDw0GR9kdJ39xe1o3EhUsGWgXReq/ii2EUw1gHWlHqsy7mJJa538gtSf4wvDNYXNfXa3aEWWLvoP3n6hmu3WWl9Sco6qKyB44MYVDsRnaUurIYoZli1NgrlY96oiLoCADs+iCfNqVEKsc7zzXeT3I7boFqljK6kAGetX66QEgtylfkV18qF/Y9oS2OC/CGUDzdMIf6gr8GEAlgkoxl0QsEVz1Hd5na0PX001KnQDyym4Ar62y3yiaZO7nHE9NdaHvXfVsGE9Nk0dRJI4PokHuQDssp6epX+Cm58TqQTwesfIgMtqjg== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(36860700010)(376011)(7416011)(82310400023)(1800799021);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 13:43:56.0621 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 26b4d2da-b40e-4d0a-4607-08dc91f83251 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE3D.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB6331 From: Brijesh Singh Version 2 of GHCB specification added support for the SNP Guest Request Message NAE event. The event allows for an SEV-SNP guest to make requests to the SEV-SNP firmware through hypervisor using the SNP_GUEST_REQUEST API defined in the SEV-SNP firmware specification. This is used by guests primarily to request attestation reports from firmware. There are other request types are available as well, but the specifics of what guest requests are being made are opaque to the hypervisor, which only serves as a proxy for the guest requests and firmware responses. Implement handling for these events. Signed-off-by: Brijesh Singh Co-developed-by: Alexey Kardashevskiy Signed-off-by: Alexey Kardashevskiy Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra Reviewed-by: Tom Lendacky [mdr: ensure FW command failures are indicated to guest, drop extended request handling to be re-written as separate patch, massage commit] Signed-off-by: Michael Roth Message-ID: <20240501085210.2213060-19-michael.roth@amd.com> Signed-off-by: Paolo Bonzini --- arch/x86/kvm/svm/sev.c | 69 ++++++++++++++++++++++++++++++++++ include/uapi/linux/sev-guest.h | 9 +++++ 2 files changed, 78 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index df8818759698..7338b987cadd 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include @@ -3321,6 +3322,10 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) if (!sev_snp_guest(vcpu->kvm) || !kvm_ghcb_sw_scratch_is_valid(svm)) goto vmgexit_err; break; + case SVM_VMGEXIT_GUEST_REQUEST: + if (!sev_snp_guest(vcpu->kvm)) + goto vmgexit_err; + break; default: reason = GHCB_ERR_INVALID_EVENT; goto vmgexit_err; @@ -3939,6 +3944,67 @@ static int sev_snp_ap_creation(struct vcpu_svm *svm) return ret; } +static int snp_handle_guest_req(struct vcpu_svm *svm, gpa_t req_gpa, gpa_t resp_gpa) +{ + struct sev_data_snp_guest_request data = {0}; + struct kvm *kvm = svm->vcpu.kvm; + kvm_pfn_t req_pfn, resp_pfn; + sev_ret_code fw_err = 0; + int ret; + + if (!sev_snp_guest(kvm) || !PAGE_ALIGNED(req_gpa) || !PAGE_ALIGNED(resp_gpa)) + return -EINVAL; + + req_pfn = gfn_to_pfn(kvm, gpa_to_gfn(req_gpa)); + if (is_error_noslot_pfn(req_pfn)) + return -EINVAL; + + resp_pfn = gfn_to_pfn(kvm, gpa_to_gfn(resp_gpa)); + if (is_error_noslot_pfn(resp_pfn)) { + ret = EINVAL; + goto release_req; + } + + if (rmp_make_private(resp_pfn, 0, PG_LEVEL_4K, 0, true)) { + ret = -EINVAL; + kvm_release_pfn_clean(resp_pfn); + goto release_req; + } + + data.gctx_paddr = __psp_pa(to_kvm_sev_info(kvm)->snp_context); + data.req_paddr = __sme_set(req_pfn << PAGE_SHIFT); + data.res_paddr = __sme_set(resp_pfn << PAGE_SHIFT); + + ret = sev_issue_cmd(kvm, SEV_CMD_SNP_GUEST_REQUEST, &data, &fw_err); + if (ret) + return ret; + + /* + * If reclaim fails then there's a good chance the guest will no longer + * be runnable so just let userspace terminate the guest. + */ + if (snp_page_reclaim(kvm, resp_pfn)) { + return -EIO; + goto release_req; + } + + /* + * As per GHCB spec, firmware failures should be communicated back to + * the guest via SW_EXITINFO2 rather than be treated as immediately + * fatal. + */ + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, + SNP_GUEST_ERR(ret ? SNP_GUEST_VMM_ERR_GENERIC : 0, + fw_err)); + + ret = 1; /* resume guest */ + kvm_release_pfn_dirty(resp_pfn); + +release_req: + kvm_release_pfn_clean(req_pfn); + return ret; +} + static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) { struct vmcb_control_area *control = &svm->vmcb->control; @@ -4213,6 +4279,9 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) ret = 1; break; + case SVM_VMGEXIT_GUEST_REQUEST: + ret = snp_handle_guest_req(svm, control->exit_info_1, control->exit_info_2); + break; case SVM_VMGEXIT_UNSUPPORTED_EVENT: vcpu_unimpl(vcpu, "vmgexit: unsupported event - exit_info_1=%#llx, exit_info_2=%#llx\n", diff --git a/include/uapi/linux/sev-guest.h b/include/uapi/linux/sev-guest.h index 154a87a1eca9..7bd78e258569 100644 --- a/include/uapi/linux/sev-guest.h +++ b/include/uapi/linux/sev-guest.h @@ -89,8 +89,17 @@ struct snp_ext_report_req { #define SNP_GUEST_FW_ERR_MASK GENMASK_ULL(31, 0) #define SNP_GUEST_VMM_ERR_SHIFT 32 #define SNP_GUEST_VMM_ERR(x) (((u64)x) << SNP_GUEST_VMM_ERR_SHIFT) +#define SNP_GUEST_FW_ERR(x) ((x) & SNP_GUEST_FW_ERR_MASK) +#define SNP_GUEST_ERR(vmm_err, fw_err) (SNP_GUEST_VMM_ERR(vmm_err) | \ + SNP_GUEST_FW_ERR(fw_err)) +/* + * The GHCB spec only formally defines INVALID_LEN/BUSY VMM errors, but define + * a GENERIC error code such that it won't ever conflict with GHCB-defined + * errors if any get added in the future. + */ #define SNP_GUEST_VMM_ERR_INVALID_LEN 1 #define SNP_GUEST_VMM_ERR_BUSY 2 +#define SNP_GUEST_VMM_ERR_GENERIC BIT(31) #endif /* __UAPI_LINUX_SEV_GUEST_H_ */ From patchwork Fri Jun 21 13:40:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13707622 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2056.outbound.protection.outlook.com [40.107.244.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1B695B65F; Fri, 21 Jun 2024 13:44:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.56 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718977460; cv=fail; b=DP4lYUvOq9zA7VByVk1PWmE1Mf4L+VOAsoQM8L4d2r9fiD7fSOcyVziCKmx5GAXrcem0Fw226ra2zm/iK1DrRbQjIkc+QR5YK3GD451JB38LtsPEGwcDaOfan3WA8WeNhYhanAYLaTsn0KmR6ryZAIUl80iJywPl2vNucpxbm6w= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718977460; c=relaxed/simple; bh=5/QuOL/mBoBOl0NYuu5ig1BADCeZvGxFYPefrhAcYnM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=RVScHObSLOxxyjKNYAS1VVvi4IggA1ybwW5bkk6UsOq7nJ0QCh9g1AoZBN/Gt5Dx1B1okPou7Ayq5gXbYu1w3Z4LZASrj2WRGUIieN9cQ1gYHTUO6Yh3oOBCdRyYVuyzMsbiFwS4f8NZgTqP+AbjrveYltea/4TeM72k1ma8Iak= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=0v/eFTef; arc=fail smtp.client-ip=40.107.244.56 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="0v/eFTef" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TSU3hRqm7Z6LzakdJl6qU2DzB5NjPC8AAMCVCRK/w961213MLjTqMQHvgxFJlpdhD2QgzUVd31H2N/fNZ/tPcU72r/ReeS5Yur5DrTTQQbSaTJhpv3V6LJTz+54BRRAA/XYAVOMZuPUXrSK1GeK/CV2MTIuE/EmcmhHO1j+Br+UyvuFkF2VI2oIPBEZIgwISpLHir2dfEMHehxad0BhBvtJ7cpHYoTBuWybFsVJwzm1lg1ZiKSCRshnETmAmIk8JnRjczbVCY22krjek7FbrToVGYBlgteCxVTJ50S8NkHEbLi9UINkvjMYedTWA7XOFLMAU9IFGH/en0mQtua/D4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lKnujZWp1dTkcUSjKlzlK8Tf2E1xWTdnwbWuZJAxpxo=; b=Nkj+sgaToDdBoRXZN6f9BOCTQ5D69og6T5yG9cnCt+a1uKWtA92PJI4nhN5lFIFPWfFGJRpLXVYnS3KqviS4g/1Ytz2J02rqTpVProeL0pob3oeNGuneD3Mxn7rW/wZAJqe7+jzQrS0llLTL24L6F7nZFtitpeaA6Y5hA99bgSDAitlEkjMJB3f4qX/nxE8tJng2Y7mEgebDWG88boz8Y2ZKEsMm4Sn0nAKh1JZI3VJZo7wtoouyjuMMsSyL4qbKFnBXUPAJUCgcP1b9P5f4KffADzPEsvk6PEBj50HUB9S9hvAYQTMHvejgX6Kbd6bn/9YtUyt6/hGN9719CcPOYA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lKnujZWp1dTkcUSjKlzlK8Tf2E1xWTdnwbWuZJAxpxo=; b=0v/eFTef0+KA7FHoKg5QuIFCt5s7a383DMz/lwfd2LzxlSNIq7tZ2zkY4pRNampK4NMetWmmUHBX5La5jIBGKEmzX6joBA7lUHazBqU8RCOUB8lCo3BNhk8hKve8mKOyv/KiqEG+7ccpuHInD87DH3hsprwCYwSVYLaYzZt/oXg= Received: from CYZPR02CA0004.namprd02.prod.outlook.com (2603:10b6:930:a1::23) by SA0PR12MB4399.namprd12.prod.outlook.com (2603:10b6:806:98::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.25; Fri, 21 Jun 2024 13:44:16 +0000 Received: from CY4PEPF0000EE3F.namprd03.prod.outlook.com (2603:10b6:930:a1:cafe::2f) by CYZPR02CA0004.outlook.office365.com (2603:10b6:930:a1::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.36 via Frontend Transport; Fri, 21 Jun 2024 13:44:16 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EE3F.mail.protection.outlook.com (10.167.242.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 13:44:16 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 08:44:15 -0500 From: Michael Roth To: CC: , , , , , , , , , , , Subject: [PATCH v1 2/5] x86/sev: Move sev_guest.h into common SEV header Date: Fri, 21 Jun 2024 08:40:38 -0500 Message-ID: <20240621134041.3170480-3-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240621134041.3170480-1-michael.roth@amd.com> References: <20240621134041.3170480-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EE3F:EE_|SA0PR12MB4399:EE_ X-MS-Office365-Filtering-Correlation-Id: 5cb1b27c-1760-4c93-53ca-08dc91f83e63 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|7416011|36860700010|376011|1800799021|82310400023; X-Microsoft-Antispam-Message-Info: b6wpLyayd3ST3Q4sKg8LsU/wXmka/GyhQiCML5Ocp57lCGa++24Ypt6TD47obG7a/d3s9I3E4Z7MHAgSgzoSdoGIlNqQe+FGy6alsx5FsOcZqtTzEMUXxT+UV+93ib54QdBWRIV6uSjNCNsxmYGRCOXITPCBa9ZeMDrW5a5/An0Ew7YJ3zGYzg5iqjDTWZQTUdhlNk4YCeLZ8FuYP4ZkaIj7ocSghm/slzUoeeOhgW4YrdEc1o+CHaxsVrMFbS3EdLuzFVSv4dh/pW6EqQ02YwfDFWRHGbnzan46G1WhN/sf3kUSPgzDXCfvww2JOtyv4PktDLWCEd3whe/kiPdnohloklHNT9cJrzWsd9N6kaSElkOf26UNemHf/G0JIVZMT4pD9Ha6wD+kAg+iwnwZhdLt7C9BItjmh0hN7ePOzPVokzV8FXry7V30Dyv2w8WWQxxxDfwYTyyOJE567SnBhh8pkXB+78aRjs+MDW2tKyZvxd91vQH823fLDEyFUlALQKx9O6FYTlijVrv3sNj4FZK7tzweVw4iT45prWEXWVt2Ibfs2Q2/RJMk9TrGmrAkV5LuZULlJM02xaBDk8eDBM70JNLRUbGaztW53RlhnmctIxC0bOe3dH5uT481rLnEodnSMrHUpl4VJtqfnx8rHscnCnqrAQ69nAeapIX5/E5VYikF21XVtLkGzdSe/y6f09bMO7ruLEdmgpruOkIFvI4PYPzrLbFDkeG2723/9vehd+t5MjkPLrxY+aHMI99VgyMqoJE8i2lWuJuuBFKjEdB6A+ucGCU37nFKp1v3IhP+CF+a9NsreW/b6UARZliQkts+h6WjkbBvidsHDwHC/nSpxe3nqDNvHesWvqlvPeyvO6frdi+Faobh88XB9xNPgXVX8t2ojceqJYvWw7n9P13ryKJ6HA2ixPc325xTKZ/7OsMn/YF+MNlnGMSBkVsOtf0SzN8TfG6GVZyk7wkmhQD4r9xDMp/9vqODaAuUehD8ODEDGhV/ytUoAS2mCqsc6VmaL+W98KvaY9R+Dxif27+X/Fcoh2ptLu1bLHgxvGT9VHT/oPaP18EMB8NSU/D4I7li6UccDWrzSJgv472qZAJttMSTe852RKmN9lWhfsq6JBODDjna4Q1l191a9mBkQoZzRlB+GHdrVJ9WgSterp7tf7Q6/37WrcuSW4dARoOQPy8ZJ/yLBbIPpRiLc/oT7wBBiyHWFB+WytiQzOdyx6cc5n4g++3ENvYTmLnVeEZXZ9dAiiBEKsIiDu837MTv6sWYGZ0wlb1de21nYV54hMISX/sjAEp2I/SrF198Devh2ewlZro5caN5BBtMfYW95p6HsqLmXf+MfNsE0S8Up13qhDPot/qRabQpDfoeZ/U= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(7416011)(36860700010)(376011)(1800799021)(82310400023);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 13:44:16.3131 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5cb1b27c-1760-4c93-53ca-08dc91f83e63 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE3F.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4399 sev_guest.h currently contains various definitions relating to the format of SNP_GUEST_REQUEST commands to SNP firmware. Currently only the sev-guest driver makes use of them, but when the KVM side of this is implemented there's a need to parse the SNP_GUEST_REQUEST header to determine whether additional information needs to be provided to the guest. Prepare for this by moving those definitions to a common header that's shared by host/guest code so that KVM can also make use of them. Signed-off-by: Michael Roth Reviewed-by: Liam Merwick Reviewed-by: Tom Lendacky --- arch/x86/include/asm/sev.h | 48 +++++++++++++++++++ drivers/virt/coco/sev-guest/sev-guest.c | 2 - drivers/virt/coco/sev-guest/sev-guest.h | 63 ------------------------- 3 files changed, 48 insertions(+), 65 deletions(-) delete mode 100644 drivers/virt/coco/sev-guest/sev-guest.h diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 1936f37e3371..72f9ba3a2fee 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -119,6 +119,54 @@ struct snp_req_data { unsigned int data_npages; }; +#define MAX_AUTHTAG_LEN 32 + +/* See SNP spec SNP_GUEST_REQUEST section for the structure */ +enum msg_type { + SNP_MSG_TYPE_INVALID = 0, + SNP_MSG_CPUID_REQ, + SNP_MSG_CPUID_RSP, + SNP_MSG_KEY_REQ, + SNP_MSG_KEY_RSP, + SNP_MSG_REPORT_REQ, + SNP_MSG_REPORT_RSP, + SNP_MSG_EXPORT_REQ, + SNP_MSG_EXPORT_RSP, + SNP_MSG_IMPORT_REQ, + SNP_MSG_IMPORT_RSP, + SNP_MSG_ABSORB_REQ, + SNP_MSG_ABSORB_RSP, + SNP_MSG_VMRK_REQ, + SNP_MSG_VMRK_RSP, + + SNP_MSG_TYPE_MAX +}; + +enum aead_algo { + SNP_AEAD_INVALID, + SNP_AEAD_AES_256_GCM, +}; + +struct snp_guest_msg_hdr { + u8 authtag[MAX_AUTHTAG_LEN]; + u64 msg_seqno; + u8 rsvd1[8]; + u8 algo; + u8 hdr_version; + u16 hdr_sz; + u8 msg_type; + u8 msg_version; + u16 msg_sz; + u32 rsvd2; + u8 msg_vmpck; + u8 rsvd3[35]; +} __packed; + +struct snp_guest_msg { + struct snp_guest_msg_hdr hdr; + u8 payload[4000]; +} __packed; + struct sev_guest_platform_data { u64 secrets_gpa; }; diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 654290a8e1ba..f0ea26f18cbf 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -29,8 +29,6 @@ #include #include -#include "sev-guest.h" - #define DEVICE_NAME "sev-guest" #define AAD_LEN 48 #define MSG_HDR_VER 1 diff --git a/drivers/virt/coco/sev-guest/sev-guest.h b/drivers/virt/coco/sev-guest/sev-guest.h deleted file mode 100644 index 21bda26fdb95..000000000000 --- a/drivers/virt/coco/sev-guest/sev-guest.h +++ /dev/null @@ -1,63 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0-only */ -/* - * Copyright (C) 2021 Advanced Micro Devices, Inc. - * - * Author: Brijesh Singh - * - * SEV-SNP API spec is available at https://developer.amd.com/sev - */ - -#ifndef __VIRT_SEVGUEST_H__ -#define __VIRT_SEVGUEST_H__ - -#include - -#define MAX_AUTHTAG_LEN 32 - -/* See SNP spec SNP_GUEST_REQUEST section for the structure */ -enum msg_type { - SNP_MSG_TYPE_INVALID = 0, - SNP_MSG_CPUID_REQ, - SNP_MSG_CPUID_RSP, - SNP_MSG_KEY_REQ, - SNP_MSG_KEY_RSP, - SNP_MSG_REPORT_REQ, - SNP_MSG_REPORT_RSP, - SNP_MSG_EXPORT_REQ, - SNP_MSG_EXPORT_RSP, - SNP_MSG_IMPORT_REQ, - SNP_MSG_IMPORT_RSP, - SNP_MSG_ABSORB_REQ, - SNP_MSG_ABSORB_RSP, - SNP_MSG_VMRK_REQ, - SNP_MSG_VMRK_RSP, - - SNP_MSG_TYPE_MAX -}; - -enum aead_algo { - SNP_AEAD_INVALID, - SNP_AEAD_AES_256_GCM, -}; - -struct snp_guest_msg_hdr { - u8 authtag[MAX_AUTHTAG_LEN]; - u64 msg_seqno; - u8 rsvd1[8]; - u8 algo; - u8 hdr_version; - u16 hdr_sz; - u8 msg_type; - u8 msg_version; - u16 msg_sz; - u32 rsvd2; - u8 msg_vmpck; - u8 rsvd3[35]; -} __packed; - -struct snp_guest_msg { - struct snp_guest_msg_hdr hdr; - u8 payload[4000]; -} __packed; - -#endif /* __VIRT_SEVGUEST_H__ */ From patchwork Fri Jun 21 13:40:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13707623 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2044.outbound.protection.outlook.com [40.107.243.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8E256208C3; Fri, 21 Jun 2024 13:44:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.44 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718977482; cv=fail; b=PrHKlOSZwWzSzisZM9kPudhGQWmXZ3SQGuNRXHiKO9lTgHQ8K4EXHqQ+kWm7O/YcI0Rhl2Ru3Hd2NqLbNfvBJxYEoerPaWEfB/297TujtJb7an72Z4te5wNm8nuo7VSg/UATafP/3p80jaRgZQMUJajVOkV5g9WMx/iC+bxmdwE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718977482; c=relaxed/simple; bh=frz7C35SsL/9qz+5rPDyNWHpYjGZebcqCxbe5Il+JA8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=T9wZN+sd6FApKtfBlRjYjuNYQvLJ3bgv6B1iTxQbG/DQhOQ9RjxYyZvyeoLPLfK7RNpg9o7FVASmQYcN8O+dM1uUcjbMZ8xYATyLl+VhTuf1l+NxSj/gPjxdNV2EbFb/OZFg7u0YNYn4R3uJ2Q4s6NLTTniMGfdsAmOZBATilV4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=i/E02Icw; arc=fail smtp.client-ip=40.107.243.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="i/E02Icw" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kVrJuBvRAMvCQbOXizhIQKlk1j62uyoRvrAo3NZ+NIBMBk6SIrZxEMY+Ep5I4QVYSrzIlP1rXaj1rLaCU/dK5U10FkcQ9w6ZfYAz6Vag6JNgpsO6VEuTUOIyUikNNGfHiDrO7nwDvAcJJxcg83GynYsSrGiYu0rzuHUjwm9+qDuxhfTPQdzjXxdN1iIfF2gc0klfhV70ig+p7uH9qvprZ0E/gWSiOKpvcGmQUnY7e2J9bcTmMM+jfTCgJ+9sNGEYxgAhCy/3jXwUMf4wjOTrfJMODLw3q3iokW0gzxIt2ZP6+0RJeAK4sZn6+ZoXWMoC7/57uvN8M6S6In0DmZlU6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3CssA1f2np/3Tc0sjD6PvMPlUe+dJxpdzAc6K4V37EE=; b=NFFzdLcY4HZpON+KAgcSOLYdO/4MC0aQWMq4VocQyurnucW5kWQIl0sMA9/QyPPNnyCwgYqpe4gsadT0Q+Xi2LhSqI2vyd3ctuwpRh/FZxSZ70EX6wldK1b8E57HKwaiNZpTmgg6WhKDY1Xp50e+iBEC0E5W5npq6InSpwdcTVOvVb21iAi/1tQ8XZAhkieJvKxSCimYHu7rPWCy4Yn6K0E+8rgrdza17N/IRXaMSWIVqGFz/m2mu45cYQ0++JkiHDmE5wPR11rpkuzj0ZoHfygM50EC6jXP2/gLMYTpqPLkX2EAAQOZ+daNftES8E1+y2o8/1t1WUBJxqbcr3S08Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3CssA1f2np/3Tc0sjD6PvMPlUe+dJxpdzAc6K4V37EE=; b=i/E02IcwgpsmdXplmKV9AqvbTM28+BDDQeGAmjCTmKdsXHtJN01lIQLuMhNZaEUAmwlAiwwTYARaG/PrcQ/MFQSRGRL6SEH8t+EspoxB2QgjmgvOmF74+EWw6eYM4NQDwz7vlICNq1MEISuMtFO9YaCwixKX296HkF1m8doZDlQ= Received: from DS0PR17CA0013.namprd17.prod.outlook.com (2603:10b6:8:191::11) by IA1PR12MB7735.namprd12.prod.outlook.com (2603:10b6:208:421::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.19; Fri, 21 Jun 2024 13:44:37 +0000 Received: from CY4PEPF0000EE38.namprd03.prod.outlook.com (2603:10b6:8:191:cafe::a1) by DS0PR17CA0013.outlook.office365.com (2603:10b6:8:191::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.36 via Frontend Transport; Fri, 21 Jun 2024 13:44:37 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EE38.mail.protection.outlook.com (10.167.242.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 13:44:37 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 08:44:36 -0500 From: Michael Roth To: CC: , , , , , , , , , , , Subject: [PATCH v1 3/5] KVM: SEV: Provide support for SNP_EXTENDED_GUEST_REQUEST NAE event Date: Fri, 21 Jun 2024 08:40:39 -0500 Message-ID: <20240621134041.3170480-4-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240621134041.3170480-1-michael.roth@amd.com> References: <20240621134041.3170480-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EE38:EE_|IA1PR12MB7735:EE_ X-MS-Office365-Filtering-Correlation-Id: 1512c487-640a-485e-d666-08dc91f84af2 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|376011|36860700010|7416011|1800799021|82310400023; X-Microsoft-Antispam-Message-Info: wU8PAY9Pju9CT+a0lne2cDEA1mMPmSBSeGXFfnqYrBp1Qqf0u2XabVW+9o+KMZ3qlZ7ggaMrstcpE34+OUtDozOffnODmaktdidesO6z42jStpm6HrxHvCgTitCJgG0hBkLgB2v9m4q8IhLuQVD5FMMiX/8FUxiyaGXcmyJT9YBHXElZtZsYcOoZnlgrwUvzHYaaOHfvYaz9uN213fBf9+ubyJ2VauK8TPmMoZsgY65OsX58Yk4wcVGtiGBdoZrAtFhMbg77X/WqURpJWwgy6tcxzoRZT++T1lW9SvU/geDnOU8nyx51yvky7t045ZYCfI6OguLY1B0bw7XN/dxKuMnQeDbyOzNIGj36EjaRTk5nLmV0lio1Qml5Md5eNV+PQ7fqxzVHGbosjtLR70CMO+3cEkHkHrRwg7aQ/bqDAydcQGuILXeKMt7nrDxI2At+gUNHOQYdzS6MU7NAzONVpzz/rcCRQmatWiW210AzHvxxvBcekAfvdsCCzsd90Gf/w7i7ze50glofsqUBQ0v+7cmaJ0B2Yv09iGi6vesa13SyOGDUT5RULUfsOul23EgF0cq0aupzeQG55CYG8xx/iweDQSAMlEKQ/rR23fWPRAvqVLOpG6q0LWuBL0repijUmIpSCsK7fLEyMlRa+CfmfAeQAJIIMc8/rJnOmt8by6BJu+2MfzuLSzAvWtGQDZMLvzLV6JPP2OAEs32/s1kFzXUXFKIGmH4toZHTYBA9i8g/Z7wSduUhOIVcOTdDG0MD0mZKrUaOmj6xTS62ivEBXAREu/mWECXQ+Z69JMbPwd+GNx71avSdauMbNegc9F06qKR8DK45fsrHQOvCppGh1av4H34mWhfdD9Msrs/4Wh2c4XDp29EtzdFwZCxxL6O/TjwsLI1L/o7R8TStt2Kb+waXLxIuO9mT7qMwiGQEH80IFaKbgu1+srwNdzvzaUNQC/pVwnJ2Qp0b320saQ95SBb2Bl+AaUjUWgjlBcpN8ajERErP1/Kq3iBq2X4OhT5J3q9QLa850MNMu3Vr8I59WOJSRSwsaLzHi6aLFWLUB4gVj6ZXrjdbgJksVeGplprb4qakHrCM2r92Gb6DrJIUE6Du5f3KGzWmpGlLDUyMat5jPkI4iFjDst4KQs9z8+eGxB2QlIXakzz5EV1iIWZzfFTGJShTjCoc1wgsQgYlOsctP8/N2Mlx4Tc8ENB00Hfalzl55x6kRCyfZKe8/x8URPFyfJcBCJds48vRDPWgsg0mRiNF6QK1fDo76xZPifVRxh1jfeKQMboDk3Ck1Cri5sDnpjaZeCOrupsgfHASBy+/Nwh5HeHXx4s8F7IqEX6o/Eny4j7dqGbjpKP5V4vRZ/yqJ/31Y/uzHwtn2QGpZr/lXq4d1JYRPVKSe+SNnDGfZjZy7/+psyTnBnPV2fcY8A== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(376011)(36860700010)(7416011)(1800799021)(82310400023);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 13:44:37.3863 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1512c487-640a-485e-d666-08dc91f84af2 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE38.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB7735 Version 2 of GHCB specification added support for the SNP Extended Guest Request Message NAE event. This event serves a nearly identical purpose to the previously-added SNP_GUEST_REQUEST event, but for certain message types it allows the guest to supply a buffer to be used for additional information in some cases. Currently the GHCB spec only defines extended handling of this sort in the case of attestation requests, where the additional buffer is used to supply a table of certificate data corresponding to the attestion report's signing key. Support for this extended handling will require additional KVM APIs to handle coordinating with userspace. Whether or not the hypervisor opts to provide this certificate data is optional. However, support for processing SNP_EXTENDED_GUEST_REQUEST GHCB requests is required by the GHCB 2.0 specification for SNP guests, so for now implement a stub implementation that provides an empty certificate table to the guest if it supplies an additional buffer, but otherwise behaves identically to SNP_GUEST_REQUEST. Signed-off-by: Michael Roth Reviewed-by: Liam Merwick Reviewed-by: Tom Lendacky Reviewed-by: Carlos Bilbao --- arch/x86/kvm/svm/sev.c | 60 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 7338b987cadd..b5dcf36b50f5 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3323,6 +3323,7 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) goto vmgexit_err; break; case SVM_VMGEXIT_GUEST_REQUEST: + case SVM_VMGEXIT_EXT_GUEST_REQUEST: if (!sev_snp_guest(vcpu->kvm)) goto vmgexit_err; break; @@ -4005,6 +4006,62 @@ static int snp_handle_guest_req(struct vcpu_svm *svm, gpa_t req_gpa, gpa_t resp_ return ret; } +/* + * As per GHCB spec (see "SNP Extended Guest Request"), the certificate table + * is terminated by 24-bytes of zeroes. + */ +static const u8 empty_certs_table[24]; + +static int snp_handle_ext_guest_req(struct vcpu_svm *svm, gpa_t req_gpa, gpa_t resp_gpa) +{ + struct kvm *kvm = svm->vcpu.kvm; + u8 msg_type; + + if (!sev_snp_guest(kvm) || !PAGE_ALIGNED(req_gpa) || !PAGE_ALIGNED(resp_gpa)) + return -EINVAL; + + if (kvm_read_guest(kvm, req_gpa + offsetof(struct snp_guest_msg_hdr, msg_type), + &msg_type, 1)) + goto abort_request; + + /* + * As per GHCB spec, requests of type MSG_REPORT_REQ also allow for + * additional certificate data to be provided alongside the attestation + * report via the guest-provided data pages indicated by RAX/RBX. The + * certificate data is optional and requires additional KVM enablement + * to provide an interface for userspace to provide it, but KVM still + * needs to be able to handle extended guest requests either way. So + * provide a stub implementation that will always return an empty + * certificate table in the guest-provided data pages. + */ + if (msg_type == SNP_MSG_REPORT_REQ) { + struct kvm_vcpu *vcpu = &svm->vcpu; + u64 data_npages; + gpa_t data_gpa; + + if (!kvm_ghcb_rax_is_valid(svm) || !kvm_ghcb_rbx_is_valid(svm)) + goto abort_request; + + data_gpa = vcpu->arch.regs[VCPU_REGS_RAX]; + data_npages = vcpu->arch.regs[VCPU_REGS_RBX]; + + if (!PAGE_ALIGNED(data_gpa)) + goto abort_request; + + if (data_npages && + kvm_write_guest(kvm, data_gpa, empty_certs_table, + sizeof(empty_certs_table))) + goto abort_request; + } + + return snp_handle_guest_req(svm, req_gpa, resp_gpa); + +abort_request: + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, + SNP_GUEST_ERR(SNP_GUEST_VMM_ERR_GENERIC, 0)); + return 1; /* resume guest */ +} + static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) { struct vmcb_control_area *control = &svm->vmcb->control; @@ -4282,6 +4339,9 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) case SVM_VMGEXIT_GUEST_REQUEST: ret = snp_handle_guest_req(svm, control->exit_info_1, control->exit_info_2); break; + case SVM_VMGEXIT_EXT_GUEST_REQUEST: + ret = snp_handle_ext_guest_req(svm, control->exit_info_1, control->exit_info_2); + break; case SVM_VMGEXIT_UNSUPPORTED_EVENT: vcpu_unimpl(vcpu, "vmgexit: unsupported event - exit_info_1=%#llx, exit_info_2=%#llx\n", From patchwork Fri Jun 21 13:40:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13707624 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2055.outbound.protection.outlook.com [40.107.243.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C370C2BB05; Fri, 21 Jun 2024 13:45:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.55 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718977503; cv=fail; b=Y9DYbmSIChYnHGIEJ7QXyMaARg5GM5qoCZOn/kUqpjWWh6gvhEKfbusLBSTwiT9tzPQeIGeG+b1Za3yAh1rIZsBDpgO9rkZymLl0yhdcaYTpwC5O3Y+cXYxLIlLZDEcYCUrvCP7abNU/3XJ2RMTCvDzog/Je8PGsELRiOddT3EA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718977503; c=relaxed/simple; bh=p0Fl43iD/jg4aikoF7FA7LLjLiCdQe1TQOIuHhw9LWE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=KIYPnPVK5++IjC7tYjJa0edhcv8/3WDQhcvv2Bt4X1UiS07qQ4Zx6fSL8extOKY3s+jht/6v+6Tip0ZWzL7q95TqjP2ipp7NLkrQO4DRC1OczacUEWb0levM9nBxvNrc3OmCgIGFZNIXQHoatjatnYofXQp8WOPFWzGQdfJ5MMU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=z9BmFa+i; arc=fail smtp.client-ip=40.107.243.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="z9BmFa+i" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ey1/3ly8LFwKxpNol3rQaG048BZt6qSjdMzIhnBMapXD7l26oYKDw7HIRedU31LW7WArXqH5jD5rQ3Cv56y/bsbu8GJLcXZgqo/wZPtVhq4avKrwqmvjgokIaX0/2MRMQGE4LotrnpL0z05UL+tg6D3FRTXJLAuyR9RACTxOddJEDZkL95i+9uedibyQuTNgCUkALiYjjaKr3zUChPhVyMfxZYukUZ5Qjjiif9CPd2T6Y57cxI2WTHBvgqPjZsracoXyFMraAYCR3wLSP/WveN8HmyEuw56FApguoaxMHGNt2K7BqNEUs1HucLnN+S1EtlT6qxHHiIDQc2VTab8dZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1rFHjJ7FA6xCIfBuTgTQX3oWquuruZMWrjWs98o694E=; b=Ae3+2w5YHFkvr4wCPEabGhgMdhIUAMIZz7q7nkGFy/ez7zOOfKaFYLmX+GmFyeASWWTg4Y+FD7wDZgWGuzBG7G989lxpYlZMx42n+hhoQPeJ+CNKfnZhJFdC6kQWn6FHihaFINLMBpSgpSqngS/xLcSoN7flqpNVktr45EU5/btUZGMCVRTi7NJLFAaE7DLjx/xSiEdjxF/bpHuzf2oSqI81SzoUpHK6/vAAzhk5D+6BtBVTFxy0JuNTfR+Q0dy/j2aqULf3AXmoTDDMoa9UeBnzQKiLL+VPWizBM307YWVKvV4BRjpfIaqSGhIAga3Z8lhOwAfHWLkl5x5Ll49oJg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1rFHjJ7FA6xCIfBuTgTQX3oWquuruZMWrjWs98o694E=; b=z9BmFa+ifGogN9f3P/lxrVIeL3nIGBv/B20gCpkxYzVtBs5E4kBpI4QCo9bPfIYW/1XBkWmk08lOus/b1kcvA7bgyfVemBgxi6s71WO2ldswi42U3r5ykL+aKaaAHMKGxIAWSvKH7SFOrrax5SC126cNR3BFPd7KPykyBGCx8vo= Received: from DS0PR17CA0002.namprd17.prod.outlook.com (2603:10b6:8:191::25) by LV2PR12MB5942.namprd12.prod.outlook.com (2603:10b6:408:171::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.31; Fri, 21 Jun 2024 13:44:58 +0000 Received: from CY4PEPF0000EE38.namprd03.prod.outlook.com (2603:10b6:8:191:cafe::8d) by DS0PR17CA0002.outlook.office365.com (2603:10b6:8:191::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.37 via Frontend Transport; Fri, 21 Jun 2024 13:44:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EE38.mail.protection.outlook.com (10.167.242.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 13:44:58 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 08:44:57 -0500 From: Michael Roth To: CC: , , , , , , , , , , , Subject: [PATCH v1 4/5] KVM: Introduce KVM_EXIT_COCO exit type Date: Fri, 21 Jun 2024 08:40:40 -0500 Message-ID: <20240621134041.3170480-5-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240621134041.3170480-1-michael.roth@amd.com> References: <20240621134041.3170480-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EE38:EE_|LV2PR12MB5942:EE_ X-MS-Office365-Filtering-Correlation-Id: 29723535-fb6f-4043-ab0c-08dc91f8574e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|82310400023|376011|36860700010|1800799021|7416011; X-Microsoft-Antispam-Message-Info: VVClA9Ep78FcsYkE6UvoAwyCh/9+AoPSDfG2gHiZ2Lm/B069Im802/qamTduCdiAEewDKCgLyQNbFFzdwJPLhN4Igyj+hGld3YrKQaLdARWtokdvRQA0yMAbF8UeiZ2/wVtL91RDgH/GPaXdLD0b3/smHrMkrupDNAYtPmYl7M2jvgKv890JLJi2HnmvPaZcRe/G8GvlSQijbBKvK/rt1PmFhz8dQYboNQxE0eH7U/AMiiZIRExPGA0YPlxlNs9IP4fwDQsFS/ZzT6nIiuXdPqggT8cLm+mcWO2X7vgAIvP+C/F+cC7VGYTSOYlFhy7lg+DD5sBJkDoNkkBx/PlKLoLR5RyQ8BIoCX/AbANS0Uth00R6Cbeb6KIChfKi2NgLH1LTZQlCCnk126AI/99mSiK751pVS4PMDgtJXcnpaqEwazere78xB+WC/REIj9+15ec+S/xF31GhbFrWa8kIngljSW24tpUFe1ZXvIZYwZ/JKckGhcSmw4+BwnN2k2jpjXbwKwkauc49hVmhatBhuDAhFDmOrQgQ1hrpFAhEWM0u4M2RmH541F1xhgWJl+m9+Bug6LbUeZ7U3L2oHLAbmGV/i3H5FcSOPjHg6F+SZBvWOe3UBse7hSrhxMkH8HKYb3AaTr6JmbBvyYbJBdqVZg92JRiJ5bv3TjpCbtUxtMMrIh9Z/ea3posgabakmLPIXQRE4rQMPdIMFpPE6adIEH1Hp8ZoYze+1lP2Ir7QCr/1tWx3zT2/QAa32pqNjG5xyj2ANSyiCg8BTL88DLYLU1wsXLCWXQqRiEr3sVfPdKrpb4HfFP71863QY6icAqnK4rwt4sVFqSNO/N2EpKR3ZaeDpfVkMSuPTbI/2Qe4Or+Jr2TDWh4r/Q54jBCRSMcAfRU6V9qId7PfXPIoxlxXHSZT7dLTKu+UTyiZm6+P1oryA3hvP3xvao71X45M0V4lHgo0mKWnAhkzr9+YEVgJ2LG7nAF9UFF+lht03RsIEC262NbyYfuI1wIDnq7mVfxPfWXGXFrC+8lsS1kq2wT4HNqTazHKC54CsOlMLoCjvBTlTgF2Aobz+5jKJoX9cd5fUhR4BH983Fyy400FNiO96plB36AcRZvKKD1uzCx0SNF90DYOWa/nR59df7e39nUwEDk6unAbG5yTcTW+5vbooLevFv4hTJVj8K6uz9yVXG9QuA7Mwywe7s2X6MhJ1i2ZL7O5LJTVFK13yEUJf4/X7De75KzlAXB6rNGxpVnz2OxnZZlxbtVzJH/CMp2pU1+LBKE/8zJcIL5lcySzC+0Dxg4OEIWWZfxXJcc3JCoUBbTbwMJ7Vg4c538PATaL+XTRiQ/xRgjhIdWU3zsqBMEIonBHfS7K92PqdSP4DUpz7H7ODa5K/nTDl9L1KzoEkuz2z6pACxPa1skQ8R6WOE0yTQ== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(82310400023)(376011)(36860700010)(1800799021)(7416011);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 13:44:58.1208 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 29723535-fb6f-4043-ab0c-08dc91f8574e X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE38.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV2PR12MB5942 Confidential VMs have a number of additional requirements on the host side which might involve interactions with userspace. One such case is with SEV-SNP guests, where the host can optionally provide a certificate table to the guest when it issues an attestation request to firmware (see GHCB 2.0 specification regarding "SNP Extended Guest Requests"). This certificate table can then be used to verify the endorsement key used by firmware to sign the attestation report. While it is possible for guests to obtain the certificates through other means, handling it via the host provides more flexibility in being able to keep the certificate data in sync with the endorsement key throughout host-side operations that might resulting in the endorsement key changing. In the case of KVM, userspace will be responsible for fetching the certificate table and keeping it in sync with any modifications to the endorsement key. Define a new KVM_EXIT_* event where userspace is provided with the GPA of the buffer the guest has provided as part of the attestation request so that userspace can write the certificate data into it. Since there is potential for additional CoCo-related events in the future, introduce this in the form of a more general KVM_EXIT_COCO exit type that handles multiple sub-types, similarly to KVM_EXIT_HYPERCALL, and then define a KVM_EXIT_COCO_REQ_CERTS sub-type to handle the actual certificate-fetching mentioned above. Also introduce a KVM_CAP_EXIT_COCO capability to enable/disable individual sub-types, similarly to KVM_CAP_EXIT_HYPERCALL. Since actual support for KVM_EXIT_COCO_REQ_CERTS will be enabled in a subsequent patch, don't yet allow it to be enabled. Signed-off-by: Michael Roth --- Documentation/virt/kvm/api.rst | 109 ++++++++++++++++++++++++++++++++ arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/x86.c | 13 ++++ include/uapi/linux/kvm.h | 20 ++++++ 4 files changed, 143 insertions(+) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index ecfa25b505e7..2eea9828d9aa 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -7122,6 +7122,97 @@ Please note that the kernel is allowed to use the kvm_run structure as the primary storage for certain register types. Therefore, the kernel may use the values in kvm_run even if the corresponding bit in kvm_dirty_regs is not set. +:: + + /* KVM_EXIT_COCO */ + struct kvm_exit_coco { + #define KVM_EXIT_COCO_REQ_CERTS 0 + #define KVM_EXIT_COCO_MAX 1 + __u8 nr; + __u8 pad0[7]; + union { + struct { + __u64 gfn; + __u32 npages; + #define KVM_EXIT_COCO_REQ_CERTS_ERR_INVALID_LEN 1 + #define KVM_EXIT_COCO_REQ_CERTS_ERR_GENERIC (1 << 31) + __u32 ret; + } req_certs; + }; + }; + +KVM_EXIT_COCO events are intended to handle cases where a confidential +VM requires some action on the part of userspace, or cases where userspace +needs to be informed of some activity relating to a confidential VM. + +A `kvm_exit_coco` structure is defined to encapsulate the data to be sent to +or returned by userspace. The `nr` field defines the specific type of event +that needs to be serviced, and that type is used as a discriminator to +determine which union type should be used for input/output. + +The parameters for each of these event/union types are documented below: + + - ``KVM_EXIT_COCO_REQ_CERTS`` + + This event provides a way to request certificate data from userspace and + have it written into guest memory. This is intended primarily to handle + attestation requests made by SEV-SNP guests (using the Extended Guest + Requests GHCB command as defined by the GHCB 2.0 specification for SEV-SNP + guests), where additional certificate data corresponding to the + endorsement key used by firmware to sign an attestation report can be + optionally provided by userspace to pass along to the guest together with + the firmware-provided attestation report. + + In the case of ``KVM_EXIT_COCO_REQ_CERTS`` events, the `req_certs` union + type is used. KVM will supply in `gfn` the non-private guest page that + userspace should use to write the contents of certificate data. In the + case of SEV-SNP, the format of this certificate data is defined in the + GHCB 2.0 specification (see section "SNP Extended Guest Request"). KVM + will also supply in `npages` the number of contiguous pages available + for writing the certificate data into. + + - If the supplied number of pages is sufficient, userspace must write + the certificate table blob (in the format defined by the GHCB spec) + into the address corresponding to `gfn` and set `ret` to 0 to indicate + success. If no certificate data is available, then userspace can + either write an empty certificate table into the address corresponding + to `gfn`, or it can disable ``KVM_EXIT_COCO_REQ_CERTS`` (via + ``KVM_CAP_EXIT_COCO``), in which case KVM will handle returning an + empty certificate table to the guest. + + - If the number of pages supplied is not sufficient, userspace must set + the required number of pages in `npages` and then set `ret` to + ``KVM_EXIT_COCO_REQ_CERTS_ERR_INVALID_LEN``. + + - If some other error occurred, userspace must set `ret` to + ``KVM_EXIT_COCO_REQ_CERTS_ERR_GENERIC``. + + NOTE: In the case of SEV-SNP, the endorsement key used by firmware may + change as a result of management activities like updating SEV-SNP firmware + or loading new endorsement keys, so some care should be taken to keep the + returned certificate data in sync with the actual endorsement key in use by + firmware at the time the attestation request is sent to SNP firmware. The + recommended scheme to do this is: + + - The VMM should obtain a shared or exclusive lock on the path the + certificate blob file resides at before reading it and returning it to + KVM, and continue to hold the lock until the attestation request is + actually sent to firmware. To facilitate this, the VMM can set the + ``immediate_exit`` flag of kvm_run just after supplying the certificate + data, and just before and resuming the vCPU. This will ensure the vCPU + will exit again to userspace with ``-EINTR`` after it finishes fetching + the attestation request from firmware, at which point the VMM can + safely drop the file lock. + + - Tools/libraries that perform updates to SNP firmware TCB values or + endorsement keys (e.g. via /dev/sev interfaces such as ``SNP_COMMIT``, + ``SNP_SET_CONFIG``, or ``SNP_VLEK_LOAD``, see + Documentation/virt/coco/sev-guest.rst for more details) in such a way + that the certificate blob needs to be updated, should similarly take an + exclusive lock on the certificate blob for the duration of any updates + to endorsement keys or the certificate blob contents to ensure that + VMMs using the above scheme will not return certificate blob data that + is out of sync with the endorsement key used by firmware. 6. Capabilities that can be enabled on vCPUs ============================================ @@ -8895,6 +8986,24 @@ Do not use KVM_X86_SW_PROTECTED_VM for "real" VMs, and especially not in production. The behavior and effective ABI for software-protected VMs is unstable. +8.42 KVM_CAP_EXIT_COCO +---------------------- + +:Capability: KVM_CAP_EXIT_COCO +:Architectures: x86 +:Type: vm + +This capability, if enabled, will cause KVM to exit to userspace with +KVM_EXIT_COCO exit reason to process certain events related to confidential +guests. + +Calling KVM_CHECK_EXTENSION for this capability will return a bitmask of +KVM_EXIT_COCO event types that can be configured to exit to userspace. + +The argument to KVM_ENABLE_CAP is also a bitmask, and must be a subset +of the result of KVM_CHECK_EXTENSION. KVM will forward to userspace +the event types whose corresponding bit is in the argument. + 9. Known KVM API problems ========================= diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index cef323c801f2..4b90208f9df0 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1429,6 +1429,7 @@ struct kvm_arch { struct kvm_x86_msr_filter __rcu *msr_filter; u32 hypercall_exit_enabled; + u64 coco_exit_enabled; /* Guest can access the SGX PROVISIONKEY. */ bool sgx_provisioning_allowed; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index a6968eadd418..94c3a82b02c7 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -125,6 +125,8 @@ static u64 __read_mostly cr4_reserved_bits = CR4_RESERVED_BITS; #define KVM_X2APIC_API_VALID_FLAGS (KVM_X2APIC_API_USE_32BIT_IDS | \ KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK) +#define KVM_EXIT_COCO_VALID_MASK 0 + static void update_cr8_intercept(struct kvm_vcpu *vcpu); static void process_nmi(struct kvm_vcpu *vcpu); static void __kvm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags); @@ -4826,6 +4828,9 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) case KVM_CAP_VM_TYPES: r = kvm_caps.supported_vm_types; break; + case KVM_CAP_EXIT_COCO: + r = KVM_EXIT_COCO_VALID_MASK; + break; default: break; } @@ -6748,6 +6753,14 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm, } mutex_unlock(&kvm->lock); break; + case KVM_CAP_EXIT_COCO: + if (cap->args[0] & ~KVM_EXIT_COCO_VALID_MASK) { + r = -EINVAL; + break; + } + kvm->arch.coco_exit_enabled = cap->args[0]; + r = 0; + break; default: r = -EINVAL; break; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index e5af8c692dc0..8a3a76679224 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -135,6 +135,22 @@ struct kvm_xen_exit { } u; }; +struct kvm_exit_coco { +#define KVM_EXIT_COCO_REQ_CERTS 0 +#define KVM_EXIT_COCO_MAX 1 + __u8 nr; + __u8 pad0[7]; + union { + struct { + __u64 gfn; + __u32 npages; +#define KVM_EXIT_COCO_REQ_CERTS_ERR_INVALID_LEN 1 +#define KVM_EXIT_COCO_REQ_CERTS_ERR_GENERIC (1 << 31) + __u32 ret; + } req_certs; + }; +}; + #define KVM_S390_GET_SKEYS_NONE 1 #define KVM_S390_SKEYS_MAX 1048576 @@ -178,6 +194,7 @@ struct kvm_xen_exit { #define KVM_EXIT_NOTIFY 37 #define KVM_EXIT_LOONGARCH_IOCSR 38 #define KVM_EXIT_MEMORY_FAULT 39 +#define KVM_EXIT_COCO 40 /* For KVM_EXIT_INTERNAL_ERROR */ /* Emulate instruction failed. */ @@ -433,6 +450,8 @@ struct kvm_run { __u64 gpa; __u64 size; } memory_fault; + /* KVM_EXIT_COCO */ + struct kvm_exit_coco coco; /* Fix the size of the union. */ char padding[256]; }; @@ -918,6 +937,7 @@ struct kvm_enable_cap { #define KVM_CAP_GUEST_MEMFD 234 #define KVM_CAP_VM_TYPES 235 #define KVM_CAP_PRE_FAULT_MEMORY 236 +#define KVM_CAP_EXIT_COCO 237 struct kvm_irq_routing_irqchip { __u32 irqchip; From patchwork Fri Jun 21 13:40:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 13707625 Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam04on2066.outbound.protection.outlook.com [40.107.102.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 87C71EAE1; Fri, 21 Jun 2024 13:45:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.102.66 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718977526; cv=fail; b=SyDCFO5d12BZJJLRJRw1Z0ceAPCIopXN93w6v9lEfs7Mm0+tK9udQ/S48j5KbLPwfwsrttFVDBJl0Rf3ycBQwQPTnaYr3AyXoTNMd0p2ecu/i6iSacSQW75rXxla9u5njQv3OXGmivEadXjT5C4viSnJCEyYq62jbjGgw4mYTxM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718977526; c=relaxed/simple; bh=3ZrbkPvGoaRf+9JcCXtfdmnAY5rncolct6Jkv60rgQE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=QYgAu7lfITAodn8SbUZpusf5NQGbd8Yvj9nm9lz4lgARbBVsdVvRo3klJpmDJnqDAGzpMtRZKwjbrmm8FT63n5kLVU813M+9ziqYQHFC4Dl+Z6Mvwm1827JiEf78b6xxEj6D1A+pGDujdsd82ZEGiUMzqbpMZUYcGLGMwWnv2Aw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=dKoI40pu; arc=fail smtp.client-ip=40.107.102.66 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="dKoI40pu" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EaF6XDt5oXK+vYQAwlIUfN6JHuVueRfVoBdbMKidpvZheS3v95xJSjH8hNpA8qHQfjkdlKaxJpQH5QA9jm3qGS247kZOhVFPnDuDkXwQk+kd/0KMAuo10RPFak0u+H0+a9gfad5R17N7nYZDyjWmBmQqdV9gs1vsaSS5sg0RE9yGlpXiTSbwx7H0CuGBJLPv/tBPMYbZJtmh6MFeDbMgKSJZq1Ne4U3G7O+t1RwabovU/LrDulI1owylioNEvkG19sxoYoIA//vGskEpYozfRebUe8OsiyGkdknoW7Ggv4aXNl6JSu5qvKZ5DBH38q8Ix/9J/tJR/sK8FDTSeabHhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZWqFxH32eMGp7ZZHQKb2AtZwawQdd2H5mkR806QZQWE=; b=OXuc4zjZUm3v2yVkddmFQgjRryIhML012KNRsllnyRbJcKGSeTw74bHOnY8oAp6o9BI30gwe62NWzMyeU6b1VCraWyEAGGtWR8hzEclzhOABV4fo7WfHF5y2j6kRjVyx9RPB/aiPehkoT3kqnYOPIu2t58OUT8GcYOk2Vb6gWa/l3251RIamLM045XiXoCxvTagwy5vR/is4za8fXnbBbUXU5pqEf6UXohhDXJZwn7JxZx8/RDIzpoLOU5atUCR29q0BWPsyEw46erRn0KXYYZyl5dqTOToM6TyRqJiwJmPCxIbcYH0/NK4tNbR/0BE9glckj1ODSVEsLLjzUk+dMA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZWqFxH32eMGp7ZZHQKb2AtZwawQdd2H5mkR806QZQWE=; b=dKoI40puBJdmt4HT+VrUuOMRGAdA58bjUgC4hP/xsyyQORMlw3qadbT7HgLp4dit1EwBKFDGgrkJ+ej6eMBptXOYlaY3ZKTdmyh0muWgMp81HmhfINDnt5Xa7lhIyXh6qM6D7kW4nqqQf9QXTf8OMqyEPJkI04IAH/V/B6EQa2U= Received: from PH8PR21CA0004.namprd21.prod.outlook.com (2603:10b6:510:2ce::11) by DS7PR12MB6069.namprd12.prod.outlook.com (2603:10b6:8:9f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.22; Fri, 21 Jun 2024 13:45:19 +0000 Received: from CY4PEPF0000EE3D.namprd03.prod.outlook.com (2603:10b6:510:2ce:cafe::e1) by PH8PR21CA0004.outlook.office365.com (2603:10b6:510:2ce::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7719.14 via Frontend Transport; Fri, 21 Jun 2024 13:45:18 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EE3D.mail.protection.outlook.com (10.167.242.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 13:45:18 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 08:45:17 -0500 From: Michael Roth To: CC: , , , , , , , , , , , Subject: [PATCH v1 5/5] KVM: SEV: Add certificate support for SNP_EXTENDED_GUEST_REQUEST events Date: Fri, 21 Jun 2024 08:40:41 -0500 Message-ID: <20240621134041.3170480-6-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240621134041.3170480-1-michael.roth@amd.com> References: <20240621134041.3170480-1-michael.roth@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EE3D:EE_|DS7PR12MB6069:EE_ X-MS-Office365-Filtering-Correlation-Id: 33a74383-3b02-448c-83ce-08dc91f86363 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|7416011|36860700010|376011|82310400023|1800799021; X-Microsoft-Antispam-Message-Info: pNJ9YuxAQYy3pByXeOIYeUTRLUqJmyLMlS8XL83FiQ3hnQE9UcVVwnWl0pHImwbTGSaWA8bKTEj2sRS72GhQXq5/tli0cVb08E6ZaReLi4iE+BZpsqQeC4aD20dETrAEx05sUSeLCQXRhco4N0UoIqE5KP9BtON6KkNShE/rqSLz4LQYv16ZW6FFnztfwPpCIdWuqgFuTfkPB9imblppo73nVYOydeBuMMYTRL2mS85vvVxnSdy6EKacYyhI7OKz9EOIAYP8JACHhpLRw6eif9Y/31lLxeOBMxFejCTvUxXgTz7kRWoG3KcFVVsjgMsPlm7JQ/t8cT89oFji9hlKkEkaXDvgLQ3JTRPAr748ze+ugNl8llTKVLA3UIzPmr8F8kIdM/CyT3382Uw7oUTYHNUfwr6TrabfTiBIpYSmoWCcBG+EQAp/l+bCCzR0958IOBkyWrWSj0pIu+3zUu850HimFFmvWsI8an+jO2iuE/6byaSIYMMk/bQMqj8yJElfMqAcCiHudXPuxQFXzkOevTMDySoHmvN+H6moq/HZOg3R++xHgXBw0HwZkXr41vzemXrXF/b9PqOosKpF21IO6D6XOw+D6B4wncFMOYHfJsKkexPgbqgzawnrspzCqZSga+fioIhtcESFj7D/Ay72i/G3awvrQNDCwft2hXOM5Pv5yD0H3z+U04Ha4StfFwn34dGCRtWXEU87kV71AcKShh+kVQT5QMC5AsjapB7rW0VcEI+kgnIEM2qyZwNkfDx33+e5Ll8zSyP1tBdd+5HkIq6Tec69TrQNK/cRAIwpT8kSY8CEOm93wgSPsRcKLXr/LFhdn8ik1xq4Pnqihpay6Bn1m9CqXe3leEbD/G9PeKz9/GEfexPLD1+SK9bV+YFh4XXJFu5Bz0xN7v4V0IOil0tmlZvuvtdbb7cjBjVPnY8AiPymvVaHjawGsH+EE08lSZ6YJpGNdgjEu5PluF52O55AqMeNtfplUjf3/blzHf+tOKCfDYkiRzBzooVAuDP+NUOL16gJKWLZgLysRIA16DlMzMx0xOuv3EGnb4uu0lH3YoW++JkU44HtQJdFtZEuBJA6/Tf3Lk+KH/GWpuIiHworwxvBL2+jAkczErXhO6EJLLcnkzXowGOgL0nsI/p/5jEWW7Ls00JeBWpCpSaSQccchsKNWBiL5j5wLiK8Gv35HV7rE7Dw9sAWpl5RJLsQC4fNa9h6T0vTq6aaiuAgRD7ZCErGLjEmgepEuFcSfujD4H+l35fKILHjopDP9fTe5EyYzxZNTScFK7VGuNkdR9R9PGtigp9GsXOPOz8LiONdQqcXCyHvftbhUou50O2E2YQNMO/j0piveQP8i8FWuX19+s+XIWTQHC+630jSsuDAlJiOB/2TvWVSwcDXFuGSRRNRPDOuJj5k/ce/OqHqNw== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(7416011)(36860700010)(376011)(82310400023)(1800799021);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 13:45:18.4525 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 33a74383-3b02-448c-83ce-08dc91f86363 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE3D.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB6069 Currently KVM implements a stub version of SNP Extended Guest Requests that always supplies NULL certificate data alongside the attestation report. Make use of the newly-defined KVM_EXIT_COCO_REQ_CERTS event to provide a way for userspace to optionally supply this certificate data. This implements the actual handling for KVM_EXIT_COCO_REQ_CERTS, so allow it to be enabled via KVM_CAP_EXIT_COCO. Signed-off-by: Michael Roth --- arch/x86/kvm/svm/sev.c | 41 +++++++++++++++++++++++++++++++++++------ arch/x86/kvm/x86.c | 2 +- 2 files changed, 36 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index b5dcf36b50f5..8af56a4544d1 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -4006,6 +4006,27 @@ static int snp_handle_guest_req(struct vcpu_svm *svm, gpa_t req_gpa, gpa_t resp_ return ret; } +static int snp_complete_req_certs(struct kvm_vcpu *vcpu) +{ + struct vcpu_svm *svm = to_svm(vcpu); + struct vmcb_control_area *control = &svm->vmcb->control; + + if (vcpu->run->coco.req_certs.ret) { + if (vcpu->run->coco.req_certs.ret == KVM_EXIT_COCO_REQ_CERTS_ERR_INVALID_LEN) { + vcpu->arch.regs[VCPU_REGS_RBX] = vcpu->run->coco.req_certs.npages; + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, + SNP_GUEST_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN, 0)); + } else { + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, + SNP_GUEST_ERR(SNP_GUEST_VMM_ERR_GENERIC, 0)); + } + + return 1; /* resume guest */ + } + + return snp_handle_guest_req(svm, control->exit_info_1, control->exit_info_2); +} + /* * As per GHCB spec (see "SNP Extended Guest Request"), the certificate table * is terminated by 24-bytes of zeroes. @@ -4027,12 +4048,10 @@ static int snp_handle_ext_guest_req(struct vcpu_svm *svm, gpa_t req_gpa, gpa_t r /* * As per GHCB spec, requests of type MSG_REPORT_REQ also allow for * additional certificate data to be provided alongside the attestation - * report via the guest-provided data pages indicated by RAX/RBX. The - * certificate data is optional and requires additional KVM enablement - * to provide an interface for userspace to provide it, but KVM still - * needs to be able to handle extended guest requests either way. So - * provide a stub implementation that will always return an empty - * certificate table in the guest-provided data pages. + * report via the guest-provided data pages indicated by RAX/RBX. If + * userspace enables KVM_EXIT_COCO_REQ_CERTS, then exit to userspace + * to fetch the certificate data. Otherwise, return an empty certificate + * table in the guest-provided data pages. */ if (msg_type == SNP_MSG_REPORT_REQ) { struct kvm_vcpu *vcpu = &svm->vcpu; @@ -4048,6 +4067,16 @@ static int snp_handle_ext_guest_req(struct vcpu_svm *svm, gpa_t req_gpa, gpa_t r if (!PAGE_ALIGNED(data_gpa)) goto abort_request; + if ((vcpu->kvm->arch.coco_exit_enabled & BIT_ULL(KVM_EXIT_COCO_REQ_CERTS))) { + vcpu->run->exit_reason = KVM_EXIT_COCO; + vcpu->run->coco.nr = KVM_EXIT_COCO_REQ_CERTS; + vcpu->run->coco.req_certs.gfn = gpa_to_gfn(data_gpa); + vcpu->run->coco.req_certs.npages = data_npages; + vcpu->run->coco.req_certs.ret = 0; + vcpu->arch.complete_userspace_io = snp_complete_req_certs; + return 0; /* fetch certs from userspace */ + } + if (data_npages && kvm_write_guest(kvm, data_gpa, empty_certs_table, sizeof(empty_certs_table))) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 94c3a82b02c7..1a0087af1714 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -125,7 +125,7 @@ static u64 __read_mostly cr4_reserved_bits = CR4_RESERVED_BITS; #define KVM_X2APIC_API_VALID_FLAGS (KVM_X2APIC_API_USE_32BIT_IDS | \ KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK) -#define KVM_EXIT_COCO_VALID_MASK 0 +#define KVM_EXIT_COCO_VALID_MASK BIT_ULL(KVM_EXIT_COCO_REQ_CERTS) static void update_cr8_intercept(struct kvm_vcpu *vcpu); static void process_nmi(struct kvm_vcpu *vcpu);