From: Alexey Kardashevskiy <aik@amd.com>
To: Sean Christopherson <seanjc@google.com>
Cc: kvm@vger.kernel.org, x86@kernel.org,
linux-kernel@vger.kernel.org, Yury Norov <yury.norov@gmail.com>,
Venu Busireddy <venu.busireddy@oracle.com>,
Tony Luck <tony.luck@intel.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Thomas Gleixner <tglx@linutronix.de>,
Sandipan Das <sandipan.das@amd.com>,
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Michael Roth <michael.roth@amd.com>,
Mario Limonciello <mario.limonciello@amd.com>,
Kim Phillips <kim.phillips@amd.com>,
Kees Cook <keescook@chromium.org>,
Juergen Gross <jgross@suse.com>, Jakub Kicinski <kuba@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Daniel Sneddon <daniel.sneddon@linux.intel.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Borislav Petkov <bp@alien8.de>,
Arnaldo Carvalho de Melo <acme@redhat.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Adrian Hunter <adrian.hunter@intel.com>,
"Peter Zijlstra (Intel)" <peterz@infradead.org>,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
"H. Peter Anvin" <hpa@zytor.com>
Subject: Re: [PATCH kernel v3 2/3] KVM: SEV: Enable data breakpoints in SEV-ES
Date: Fri, 3 Feb 2023 14:37:28 +1100 [thread overview]
Message-ID: <3b3a9ebc-b02e-a365-7f68-3da9189d062a@amd.com> (raw)
In-Reply-To: <Y9nL8iqhiL5+ALa2@google.com>
On 01/02/2023 13:18, Sean Christopherson wrote:
> On Fri, Jan 20, 2023, Alexey Kardashevskiy wrote:
>> diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
>> index 4826e6cc611b..61f2cad1cbaf 100644
>> --- a/arch/x86/kvm/svm/svm.h
>> +++ b/arch/x86/kvm/svm/svm.h
>> @@ -389,6 +389,8 @@ static inline bool vmcb12_is_intercept(struct vmcb_ctrl_area_cached *control, u3
>> return test_bit(bit, (unsigned long *)&control->intercepts);
>> }
>>
>> +extern bool sev_es_is_debug_swap_enabled(void);
>> +
>> static inline void set_dr_intercepts(struct vcpu_svm *svm)
>> {
>> struct vmcb *vmcb = svm->vmcb01.ptr;
>> @@ -410,8 +412,10 @@ static inline void set_dr_intercepts(struct vcpu_svm *svm)
>> vmcb_set_intercept(&vmcb->control, INTERCEPT_DR6_WRITE);
>> }
>>
>> - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ);
>> - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE);
>> + if (!sev_es_guest(svm->vcpu.kvm) || !sev_es_is_debug_swap_enabled()) {
>
> Looking below, doesn't this do the wrong thing if set_dr_intercepts() is called
> before SVM_SEV_FEAT_DEBUG_SWAP is set? I.e. when this is called before LAUNCH_UPDATE?
> Seems like this should check SVM_SEV_FEAT_DEBUG_SWAP in sev_features regardless
> of when SVM_SEV_FEAT_DEBUG_SWAP is set.
>
> And if KVM checks sev_features, then I _think_ we can avoid having to expose
> sev_es_debug_swap_enabled to svm.{c,h} (though why on earth {set,clr}_dr_intercepts()
> is in svm.h is another question for the future).
883b0a91f41a ("KVM: SVM: Move Nested SVM Implementation to nested.c")
did that. Makes sense for things like vmcb_set_intercept() but
{set,clr}_dr_intercepts() are still only called from svm.c so I'll move
them there (btw do I need a separate patch for that? usually yes)
>
> Follow-up question: does KVM _have_ to wait until KVM_SEV_LAUNCH_UPDATE_VMSA to
> set the flag?
Nope. Will repost soon as a reply to this mail.
>> + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ);
>> + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE);
>> + }
>>
>> recalc_intercepts(svm);
>> }
>> @@ -422,8 +426,12 @@ static inline void clr_dr_intercepts(struct vcpu_svm *svm)
>>
>> vmcb->control.intercepts[INTERCEPT_DR] = 0;
>>
>> - /* DR7 access must remain intercepted for an SEV-ES guest */
>> - if (sev_es_guest(svm->vcpu.kvm)) {
>> + /*
>> + * DR7 access must remain intercepted for an SEV-ES guest unless DebugSwap
>> + * (depends on NO_NESTED_DATA_BP) is enabled as otherwise a VM writing to DR7
>> + * from the #DB handler may trigger infinite loop of #DB's.
>> + */
>> + if (sev_es_guest(svm->vcpu.kvm) && !sev_es_is_debug_swap_enabled()) {
>> vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ);
>> vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE);
>> }
>>
>> @@ -52,11 +53,21 @@ module_param_named(sev, sev_enabled, bool, 0444);
>> /* enable/disable SEV-ES support */
>> static bool sev_es_enabled = true;
>> module_param_named(sev_es, sev_es_enabled, bool, 0444);
>> +
>> +/* enable/disable SEV-ES DebugSwap support */
>> +static bool sev_es_debug_swap_enabled = true;
>> +module_param_named(debug_swap, sev_es_debug_swap_enabled, bool, 0644);
>
> Module param needs 0444 permissions, i.e. shouldn't be writable after KVM is
> loaded. Though I don't know that providing a module param is warranted in this
> case.
> KVM provides module params for SEV and SEV-ES because there are legitimate
> reasons to turn them off, but at a glance, I don't see why we'd want that for this
> feature.
/me confused. You suggested this in the first place for (I think) for
the case if the feature is found to be broken later on so admins can
disable it.
And I was using it to verify "x86/debug: Fix stack recursion caused by
DR7 accesses" which is convenient but it is a minor thing.
>> #else
>> #define sev_enabled false
>> #define sev_es_enabled false
>> +#define sev_es_debug_swap false
>
> This needs to be sev_es_debug_swap_enabled, otherwise things fall apart with
> CONFIG_KVM_AMD_SEV=n.
>
> arch/x86/kvm/svm/sev.c: In function ‘sev_es_is_debug_swap_enabled’:
> arch/x86/kvm/svm/sev.c:69:16: error: ‘sev_es_debug_swap_enabled’ undeclared (first use in this function); did you mean ‘sev_es_is_debug_swap_enabled’?
> 69 | return sev_es_debug_swap_enabled;
> | ^~~~~~~~~~~~~~~~~~~~~~~~~
> | sev_es_is_debug_swap_enabled
>
>
>> #endif /* CONFIG_KVM_AMD_SEV */
>>
>> +bool sev_es_is_debug_swap_enabled(void)
>> +{
>> + return sev_es_debug_swap_enabled;
>> +}
>
> ...
>
>> @@ -604,6 +615,9 @@ static int sev_es_sync_vmsa(struct vcpu_svm *svm)
>> save->xss = svm->vcpu.arch.ia32_xss;
>> save->dr6 = svm->vcpu.arch.dr6;
>>
>> + if (sev_es_is_debug_swap_enabled())
>> + save->sev_features |= SVM_SEV_FEAT_DEBUG_SWAP;
>> +
>> pr_debug("Virtual Machine Save Area (VMSA):\n");
>> print_hex_dump_debug("", DUMP_PREFIX_NONE, 16, 1, save, sizeof(*save), false);
>>
>> @@ -2249,6 +2263,9 @@ void __init sev_hardware_setup(void)
>> out:
>> sev_enabled = sev_supported;
>> sev_es_enabled = sev_es_supported;
>> + if (sev_es_debug_swap_enabled)
>> + sev_es_debug_swap_enabled = sev_es_enabled &&
>> + cpu_feature_enabled(X86_FEATURE_NO_NESTED_DATA_BP);
>
> Slight preference for:
>
> if (!sev_es_enabled || !cpu_feature_enabled(X86_FEATURE_NO_NESTED_DATA_BP))
> sev_es_debug_swap_enabled = false;
>
> KVM does short-circuit some checks on module param values, but usually only to
> avoid additional setup.
>
>> #endif
>> }
>>
>> @@ -3027,6 +3044,18 @@ void sev_es_prepare_switch_to_guest(struct sev_es_save_area *hostsa)
>>
>> /* MSR_IA32_XSS is restored on VMEXIT, save the currnet host value */
>> hostsa->xss = host_xss;
>> +
>> + /* The DebugSwap SEV feature does Type B swaps of DR[0-3] */
>> + if (sev_es_is_debug_swap_enabled()) {
>> + hostsa->dr0 = native_get_debugreg(0);
>> + hostsa->dr1 = native_get_debugreg(1);
>> + hostsa->dr2 = native_get_debugreg(2);
>> + hostsa->dr3 = native_get_debugreg(3);
>> + hostsa->dr0_addr_mask = amd_get_dr_addr_mask(0);
>> + hostsa->dr1_addr_mask = amd_get_dr_addr_mask(1);
>> + hostsa->dr2_addr_mask = amd_get_dr_addr_mask(2);
>> + hostsa->dr3_addr_mask = amd_get_dr_addr_mask(3);
>> + }
>> }
>>
>> void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector)
>> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
>> index 60c7c880266b..6c54a3c9d442 100644
>> --- a/arch/x86/kvm/svm/svm.c
>> +++ b/arch/x86/kvm/svm/svm.c
>> @@ -1190,7 +1190,8 @@ static void init_vmcb(struct kvm_vcpu *vcpu)
>> set_exception_intercept(svm, UD_VECTOR);
>> set_exception_intercept(svm, MC_VECTOR);
>> set_exception_intercept(svm, AC_VECTOR);
>> - set_exception_intercept(svm, DB_VECTOR);
>> + if (!sev_es_is_debug_swap_enabled())
>> + set_exception_intercept(svm, DB_VECTOR);
>
> This is wrong. KVM needs to intercept #DBs when debugging non-SEV-ES VMs.
Sorry, not following. The #DB intercept for non-SEV-ES is enabled here.
Thanks,
> This _could_ be tied to X86_FEATURE_NO_NESTED_DATA_BP, but the KVM would need to
> toggle the intercept depending on whether or not userspace wants to debug the
> guest.
>
> Similar to the DR7 interception, can this check sev_features directly?
--
Alexey
next prev parent reply other threads:[~2023-02-03 3:37 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-20 3:10 [PATCH kernel v3 0/3] KVM: SEV: Enable AMD SEV-ES DebugSwap Alexey Kardashevskiy
2023-01-20 3:10 ` [PATCH kernel v3 1/3] x86/amd: Cache debug register values in percpu variables Alexey Kardashevskiy
2023-01-31 19:27 ` [tip: x86/cpu] " tip-bot2 for Alexey Kardashevskiy
2023-01-20 3:10 ` [PATCH kernel v3 2/3] KVM: SEV: Enable data breakpoints in SEV-ES Alexey Kardashevskiy
2023-01-31 19:22 ` Borislav Petkov
2023-02-01 2:20 ` Sean Christopherson
2023-02-01 19:32 ` Sean Christopherson
2023-02-03 12:26 ` Borislav Petkov
2023-02-01 2:18 ` Sean Christopherson
2023-02-03 3:37 ` Alexey Kardashevskiy [this message]
2023-02-03 5:14 ` [PATCH kernel v4] " Alexey Kardashevskiy
2023-02-21 5:19 ` Alexey Kardashevskiy
2023-03-14 9:43 ` Alexey Kardashevskiy
2023-03-21 6:56 ` Alexey Kardashevskiy
2023-03-23 17:40 ` Sean Christopherson
2023-03-29 15:13 ` Tom Lendacky
2023-03-23 16:39 ` [PATCH kernel v3 2/3] " Sean Christopherson
2023-03-24 4:05 ` Alexey Kardashevskiy
2023-01-20 3:10 ` [PATCH kernel v3 3/3] x86/sev: Do not handle #VC for DR7 read/write Alexey Kardashevskiy
2023-01-20 5:12 ` Nikunj A. Dadhania
2023-01-20 10:23 ` Alexey Kardashevskiy
2023-01-20 12:06 ` Borislav Petkov
2023-01-25 3:11 ` Alexey Kardashevskiy
2023-01-25 5:44 ` Borislav Petkov
2023-01-24 10:37 ` Nikunj A. Dadhania
2023-01-24 12:37 ` Alexey Kardashevskiy
2023-01-24 13:17 ` Nikunj A. Dadhania
2023-01-30 0:56 ` [PATCH kernel v4 " Alexey Kardashevskiy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3b3a9ebc-b02e-a365-7f68-3da9189d062a@amd.com \
--to=aik@amd.com \
--cc=Jason@zx2c4.com \
--cc=acme@redhat.com \
--cc=adrian.hunter@intel.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=andrew.cooper3@citrix.com \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=daniel.sneddon@linux.intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jgross@suse.com \
--cc=keescook@chromium.org \
--cc=kim.phillips@amd.com \
--cc=kuba@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mario.limonciello@amd.com \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=sandipan.das@amd.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tony.luck@intel.com \
--cc=venu.busireddy@oracle.com \
--cc=x86@kernel.org \
--cc=yury.norov@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.