All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 0/2] KVM: SEV: RECEIVE_UPDATE_DATA bug fixes
@ 2021-09-14 21:09 Sean Christopherson
  2021-09-14 21:09 ` [PATCH 1/2] KVM: SEV: Pin guest memory for write for RECEIVE_UPDATE_DATA Sean Christopherson
  2021-10-20 22:58   ` Ashish Kalra
  0 siblings, 2 replies; 8+ messages in thread
From: Sean Christopherson @ 2021-09-14 21:09 UTC (permalink / raw)
  To: Paolo Bonzini
  Cc: Sean Christopherson, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson,
	Joerg Roedel, kvm, linux-kernel, Peter Gonda, Marc Orr,
	Tom Lendacky, Brijesh Singh, Masahiro Kozuka

Patch 1 pins the target of RECEIVE_UPDATE_DATA for write instead of read.
The SEV API clearly states that the PSP writes guest memory, which makes
sense given that the guest is receiving data.

Patch 2 adds a CLFLUSH of the guest memory as there is no requirement
that the page already be in an encrypted state before RECEIVE_UPDATE_DATA,
i.e. the cache may have dirty, unencrypted data.

On my end, these patches are compile-tested only as I don't have a
userspace VMM that supports SEV live migration, nor are there tests for
any of this stuff.

Masahiro Kozuka (1):
  KVM: SEV: Flush cache on non-coherent systems before
    RECEIVE_UPDATE_DATA

Sean Christopherson (1):
  KVM: SEV: Pin guest memory for write for RECEIVE_UPDATE_DATA

 arch/x86/kvm/svm/sev.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

-- 
2.33.0.309.g3052b89438-goog


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH 1/2] KVM: SEV: Pin guest memory for write for RECEIVE_UPDATE_DATA
  2021-09-14 21:09 [PATCH 0/2] KVM: SEV: RECEIVE_UPDATE_DATA bug fixes Sean Christopherson
@ 2021-09-14 21:09 ` Sean Christopherson
  2021-09-14 22:03   ` Peter Gonda
                     ` (2 more replies)
  2021-10-20 22:58   ` Ashish Kalra
  1 sibling, 3 replies; 8+ messages in thread
From: Sean Christopherson @ 2021-09-14 21:09 UTC (permalink / raw)
  To: Paolo Bonzini
  Cc: Sean Christopherson, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson,
	Joerg Roedel, kvm, linux-kernel, Peter Gonda, Marc Orr,
	Tom Lendacky, Brijesh Singh, Masahiro Kozuka

Require the target guest page to be writable when pinning memory for
RECEIVE_UPDATE_DATA.  Per the SEV API, the PSP writes to guest memory:

  The result is then encrypted with GCTX.VEK and written to the memory
  pointed to by GUEST_PADDR field.

Fixes: 15fb7de1a7f5 ("KVM: SVM: Add KVM_SEV_RECEIVE_UPDATE_DATA command")
Cc: stable@vger.kernel.org
Cc: Peter Gonda <pgonda@google.com>
Cc: Marc Orr <marcorr@google.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/svm/sev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 75e0b21ad07c..95228ba3cd8f 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -1464,7 +1464,7 @@ static int sev_receive_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp)
 
 	/* Pin guest memory */
 	guest_page = sev_pin_memory(kvm, params.guest_uaddr & PAGE_MASK,
-				    PAGE_SIZE, &n, 0);
+				    PAGE_SIZE, &n, 1);
 	if (IS_ERR(guest_page)) {
 		ret = PTR_ERR(guest_page);
 		goto e_free_trans;
-- 
2.33.0.309.g3052b89438-goog


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [PATCH 2/2] KVM: SEV: Flush cache on non-coherent systems before RECEIVE_UPDATE_DATA
@ 2021-10-20 22:58   ` Ashish Kalra
  0 siblings, 0 replies; 8+ messages in thread
From: Sean Christopherson @ 2021-09-14 21:09 UTC (permalink / raw)
  To: Paolo Bonzini
  Cc: Sean Christopherson, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson,
	Joerg Roedel, kvm, linux-kernel, Peter Gonda, Marc Orr,
	Tom Lendacky, Brijesh Singh, Masahiro Kozuka

From: Masahiro Kozuka <masa.koz@kozuka.jp>

Flush the destination page before invoking RECEIVE_UPDATE_DATA, as the
PSP encrypts the data with the guest's key when writing to guest memory.
If the target memory was not previously encrypted, the cache may contain
dirty, unecrypted data that will persist on non-coherent systems.

Fixes: 15fb7de1a7f5 ("KVM: SVM: Add KVM_SEV_RECEIVE_UPDATE_DATA command")
Cc: stable@vger.kernel.org
Cc: Peter Gonda <pgonda@google.com>
Cc: Marc Orr <marcorr@google.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Masahiro Kozuka <masa.koz@kozuka.jp>
[sean: converted bug report to changelog]
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/svm/sev.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 95228ba3cd8f..f5edc67b261b 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -1470,6 +1470,13 @@ static int sev_receive_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp)
 		goto e_free_trans;
 	}
 
+	/*
+	 * Flush (on non-coherent CPUs) before RECEIVE_UPDATE_DATA, the PSP
+	 * encrypts the written data with the guest's key, and the cache may
+	 * contain dirty, unencrypted data.
+	 */
+	sev_clflush_pages(guest_page, n);
+
 	/* The RECEIVE_UPDATE_DATA command requires C-bit to be always set. */
 	data.guest_address = (page_to_pfn(guest_page[0]) << PAGE_SHIFT) + offset;
 	data.guest_address |= sev_me_mask;
-- 
2.33.0.309.g3052b89438-goog


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* Re: [PATCH 1/2] KVM: SEV: Pin guest memory for write for RECEIVE_UPDATE_DATA
  2021-09-14 21:09 ` [PATCH 1/2] KVM: SEV: Pin guest memory for write for RECEIVE_UPDATE_DATA Sean Christopherson
@ 2021-09-14 22:03   ` Peter Gonda
  2021-09-14 22:15   ` Brijesh Singh
  2021-09-21 17:59   ` Paolo Bonzini
  2 siblings, 0 replies; 8+ messages in thread
From: Peter Gonda @ 2021-09-14 22:03 UTC (permalink / raw)
  To: Sean Christopherson
  Cc: Paolo Bonzini, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson,
	Joerg Roedel, kvm list, linux-kernel, Marc Orr, Tom Lendacky,
	Brijesh Singh, Masahiro Kozuka

On Tue, Sep 14, 2021 at 3:09 PM Sean Christopherson <seanjc@google.com> wrote:
>
> Require the target guest page to be writable when pinning memory for
> RECEIVE_UPDATE_DATA.  Per the SEV API, the PSP writes to guest memory:
>
>   The result is then encrypted with GCTX.VEK and written to the memory
>   pointed to by GUEST_PADDR field.
>
> Fixes: 15fb7de1a7f5 ("KVM: SVM: Add KVM_SEV_RECEIVE_UPDATE_DATA command")
> Cc: stable@vger.kernel.org
> Cc: Peter Gonda <pgonda@google.com>
> Cc: Marc Orr <marcorr@google.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Signed-off-by: Sean Christopherson <seanjc@google.com>

Reviewed-by: Peter Gonda <pgonda@google.com>

> ---
>  arch/x86/kvm/svm/sev.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index 75e0b21ad07c..95228ba3cd8f 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -1464,7 +1464,7 @@ static int sev_receive_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp)
>
>         /* Pin guest memory */
>         guest_page = sev_pin_memory(kvm, params.guest_uaddr & PAGE_MASK,
> -                                   PAGE_SIZE, &n, 0);
> +                                   PAGE_SIZE, &n, 1);
>         if (IS_ERR(guest_page)) {
>                 ret = PTR_ERR(guest_page);
>                 goto e_free_trans;

Not sure how common this is but adding a comment like this could help
with readability:
+                                   PAGE_SIZE, &n, /* write= */ 1);


> --
> 2.33.0.309.g3052b89438-goog
>

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 1/2] KVM: SEV: Pin guest memory for write for RECEIVE_UPDATE_DATA
  2021-09-14 21:09 ` [PATCH 1/2] KVM: SEV: Pin guest memory for write for RECEIVE_UPDATE_DATA Sean Christopherson
  2021-09-14 22:03   ` Peter Gonda
@ 2021-09-14 22:15   ` Brijesh Singh
  2021-09-21 17:59   ` Paolo Bonzini
  2 siblings, 0 replies; 8+ messages in thread
From: Brijesh Singh @ 2021-09-14 22:15 UTC (permalink / raw)
  To: Sean Christopherson, Paolo Bonzini
  Cc: brijesh.singh, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson,
	Joerg Roedel, kvm, linux-kernel, Peter Gonda, Marc Orr,
	Tom Lendacky, Masahiro Kozuka



On 9/14/21 4:09 PM, Sean Christopherson wrote:
> Require the target guest page to be writable when pinning memory for
> RECEIVE_UPDATE_DATA.  Per the SEV API, the PSP writes to guest memory:
> 
>    The result is then encrypted with GCTX.VEK and written to the memory
>    pointed to by GUEST_PADDR field.
> 
> Fixes: 15fb7de1a7f5 ("KVM: SVM: Add KVM_SEV_RECEIVE_UPDATE_DATA command")
> Cc: stable@vger.kernel.org
> Cc: Peter Gonda <pgonda@google.com>
> Cc: Marc Orr <marcorr@google.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Signed-off-by: Sean Christopherson <seanjc@google.com>

Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>

thanks

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 1/2] KVM: SEV: Pin guest memory for write for RECEIVE_UPDATE_DATA
  2021-09-14 21:09 ` [PATCH 1/2] KVM: SEV: Pin guest memory for write for RECEIVE_UPDATE_DATA Sean Christopherson
  2021-09-14 22:03   ` Peter Gonda
  2021-09-14 22:15   ` Brijesh Singh
@ 2021-09-21 17:59   ` Paolo Bonzini
  2 siblings, 0 replies; 8+ messages in thread
From: Paolo Bonzini @ 2021-09-21 17:59 UTC (permalink / raw)
  To: Sean Christopherson
  Cc: Vitaly Kuznetsov, Wanpeng Li, Jim Mattson, Joerg Roedel, kvm,
	linux-kernel, Peter Gonda, Marc Orr, Tom Lendacky, Brijesh Singh,
	Masahiro Kozuka

On 14/09/21 23:09, Sean Christopherson wrote:
> Require the target guest page to be writable when pinning memory for
> RECEIVE_UPDATE_DATA.  Per the SEV API, the PSP writes to guest memory:
> 
>    The result is then encrypted with GCTX.VEK and written to the memory
>    pointed to by GUEST_PADDR field.
> 
> Fixes: 15fb7de1a7f5 ("KVM: SVM: Add KVM_SEV_RECEIVE_UPDATE_DATA command")
> Cc: stable@vger.kernel.org
> Cc: Peter Gonda <pgonda@google.com>
> Cc: Marc Orr <marcorr@google.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> ---
>   arch/x86/kvm/svm/sev.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index 75e0b21ad07c..95228ba3cd8f 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -1464,7 +1464,7 @@ static int sev_receive_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp)
>   
>   	/* Pin guest memory */
>   	guest_page = sev_pin_memory(kvm, params.guest_uaddr & PAGE_MASK,
> -				    PAGE_SIZE, &n, 0);
> +				    PAGE_SIZE, &n, 1);
>   	if (IS_ERR(guest_page)) {
>   		ret = PTR_ERR(guest_page);
>   		goto e_free_trans;
> 

Queued both, thanks.

Paolo


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH 2/2] KVM: SEV: Flush cache on non-coherent systems before RECEIVE_UPDATE_DATA
@ 2021-10-20 22:58   ` Ashish Kalra
  0 siblings, 0 replies; 8+ messages in thread
From: Ashish Kalra @ 2021-10-20 22:58 UTC (permalink / raw)
  To: seanjc, Paolo Bonzini
  Cc: brijesh.singh, jmattson, joro, kvm, linux-kernel, marcorr,
	masa.koz, pgonda, thomas.lendacky, vkuznets, wanpengli

From: Sean Christopherson <seanjc@google.com>

Hello Paolo,

I am adding a SEV migration test as part of the KVM SEV selftests.

And while testing SEV migration with this selftest, i observed
cache coherency issues causing migration test failures, so really
need this patch to be added.

Tested-by: Ashish Kalra <ashish.kalra@amd.com>

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 2/2] KVM: SEV: Flush cache on non-coherent systems before RECEIVE_UPDATE_DATA
       [not found]   ` <61709f42.1c69fb81.3b49.ecfeSMTPIN_ADDED_BROKEN@mx.google.com>
@ 2021-10-21 17:01     ` Paolo Bonzini
  0 siblings, 0 replies; 8+ messages in thread
From: Paolo Bonzini @ 2021-10-21 17:01 UTC (permalink / raw)
  To: Ashish Kalra, seanjc
  Cc: brijesh.singh, jmattson, joro, kvm, linux-kernel, marcorr,
	masa.koz, pgonda, thomas.lendacky, vkuznets, wanpengli

On 21/10/21 00:58, Ashish Kalra wrote:
> From: Sean Christopherson <seanjc@google.com>
> 
> Hello Paolo,
> 
> I am adding a SEV migration test as part of the KVM SEV selftests.
> 
> And while testing SEV migration with this selftest, i observed
> cache coherency issues causing migration test failures, so really
> need this patch to be added.
> 
> Tested-by: Ashish Kalra <ashish.kalra@amd.com>
> 

Queued for 5.15, thanks.

Paolo


^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2021-10-21 17:01 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-14 21:09 [PATCH 0/2] KVM: SEV: RECEIVE_UPDATE_DATA bug fixes Sean Christopherson
2021-09-14 21:09 ` [PATCH 1/2] KVM: SEV: Pin guest memory for write for RECEIVE_UPDATE_DATA Sean Christopherson
2021-09-14 22:03   ` Peter Gonda
2021-09-14 22:15   ` Brijesh Singh
2021-09-21 17:59   ` Paolo Bonzini
2021-09-14 21:09 ` [PATCH 2/2] KVM: SEV: Flush cache on non-coherent systems before RECEIVE_UPDATE_DATA Sean Christopherson
2021-10-20 22:58   ` Ashish Kalra
     [not found]   ` <61709f42.1c69fb81.3b49.ecfeSMTPIN_ADDED_BROKEN@mx.google.com>
2021-10-21 17:01     ` Paolo Bonzini

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.