From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id ECCADC433F5 for ; Fri, 8 Oct 2021 18:06:10 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 8D68161029 for ; Fri, 8 Oct 2021 18:06:10 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 8D68161029 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 230FD940019; Fri, 8 Oct 2021 14:05:54 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1B97F940008; Fri, 8 Oct 2021 14:05:54 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 00BEE940019; Fri, 8 Oct 2021 14:05:53 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0215.hostedemail.com [216.40.44.215]) by kanga.kvack.org (Postfix) with ESMTP id E1B9C940008 for ; Fri, 8 Oct 2021 14:05:53 -0400 (EDT) Received: from smtpin03.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id A91C8181ECAD2 for ; Fri, 8 Oct 2021 18:05:53 +0000 (UTC) X-FDA: 78674048586.03.21F59D8 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2076.outbound.protection.outlook.com [40.107.243.76]) by imf07.hostedemail.com (Postfix) with ESMTP id 312D21001CB3 for ; Fri, 8 Oct 2021 18:05:53 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GPSo62ntVNg/80tihTpSPXx5q8TM30TkEmvHYibQLOCyJ/VHCHcGBhDRyxYuyogxkFwcc06iVinbhN/ZXfcMOrS+M1TqXLXg4TFEPPSnWmbqoKzpBBRXnU4Gk0oRsMd5BBxHzLz/82y0D//drAQYKTfvvbfpd+kXI0DhEFlEjcfA9YvVVQcfBqdfg/L68Fz7AS8th9zw1xur0KiUZO1ZULlC/pcWpAXjOBR8RP6anS+dgUhbgOPybBDbY6PIUpM0WAdDOPmAOJpA3qFb7/0mts6g9BD5BGbymKdC2yGYiZBUXKOsiuyvxcQ/7nboy6G/1Dbz/CGGTQCuJ+kgdJ7qGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TZa5vPfxgVSRJmAmrI39YnHSlppVlI31/2Q26i1G6B0=; b=nkKdJkbPfZIZgqGJ+AEEXxllgstMgh83/ZgxbFWYBK/6t/jXZXuNfzsnnHXWSUXeTRxqdjw3fgydv24MsOkQtD5V9+pToWTeU5TV8/82O4Qf5LGOj/WXHRO7GmKAY5jtg4kf31WWbTSO51+N7jz3mTU47ekVLZ1VyHNluR+Ez9N72j+l/H9Csleg/h6M+aRUss2NTLEtGOIAHLc7c8n1wp9C2vKLLr3cH0958MIH6ia2zoMe88jeqc83grFuBqoBYtudp4hGnmDCKRl+pAG8zESZPTGLknwakm+4h6MSp5VmGS1qXxNM+IMQZMW6aydwtCEVqpQViyuxgreI5jlZig== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TZa5vPfxgVSRJmAmrI39YnHSlppVlI31/2Q26i1G6B0=; b=KZu5nHD4OFMBhOY38wRQtQDogMQUxcs//WTTYSK0FSLwtwhP4j67/HAPG6zHzst+ILoIkkGV7c1czS8izvhvBNJIepOcJZ98XOz0nN4+xLJgyuNXKumLxn0X7njYXaEQbM64aoUUFaB+0m0XrqTTP7ecXQ285oOi0+sjKefcv/o= Received: from MWHPR22CA0046.namprd22.prod.outlook.com (2603:10b6:300:69::32) by CH0PR12MB5187.namprd12.prod.outlook.com (2603:10b6:610:ba::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4587.18; Fri, 8 Oct 2021 18:05:49 +0000 Received: from CO1NAM11FT028.eop-nam11.prod.protection.outlook.com (2603:10b6:300:69:cafe::e1) by MWHPR22CA0046.outlook.office365.com (2603:10b6:300:69::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4587.18 via Frontend Transport; Fri, 8 Oct 2021 18:05:49 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; kernel.org; dkim=none (message not signed) header.d=none;kernel.org; dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; Received: from SATLEXMB04.amd.com (165.204.84.17) by CO1NAM11FT028.mail.protection.outlook.com (10.13.175.214) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.4587.18 via Frontend Transport; Fri, 8 Oct 2021 18:05:48 +0000 Received: from sbrijesh-desktop.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.8; Fri, 8 Oct 2021 13:05:46 -0500 From: Brijesh Singh To: , , , , , , CC: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , "Vitaly Kuznetsov" , Jim Mattson , "Andy Lutomirski" , Dave Hansen , Sergio Lopez , Peter Gonda , "Peter Zijlstra" , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , "Dr . David Alan Gilbert" , , , , Brijesh Singh Subject: [PATCH v6 21/42] KVM: SVM: Create a separate mapping for the SEV-ES save area Date: Fri, 8 Oct 2021 13:04:32 -0500 Message-ID: <20211008180453.462291-22-brijesh.singh@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211008180453.462291-1-brijesh.singh@amd.com> References: <20211008180453.462291-1-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7a146aea-f343-4c47-2f6f-08d98a86422d X-MS-TrafficTypeDiagnostic: CH0PR12MB5187: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: QqxSWvBXflfmErCt8l9iFDMSm8T1Wueqi81XzFbmKPGwU4hkU5MZ/Hw5C6jOj2POif8DawlsyCAe7Wj1dNPC5psfKsbffLKFn+0lWehmb+Fwen46t5SzA7FspDVTGyOlwSQ/BFP/KNTXhTLpuH2Rel/wqgCJYohSKmiB6HZSbppaBoPuY8SRpBJJo3ApwQe/SsA7tpmJ4vmmeP6uDdBC3YA4AENSjfTlTPkD9bfAB14F+BLGnhZVOaJjfeKUKfiGBuhOzVii6jCHMl2WbZSgkGEqZ5pK4DPvESTNOoGGag7i0HsHP9WhTOiP7G/nPfmYznlxmHqzK3CHQxjqDYBQDZw5rbloDNJv7qJQggMyCFB/8gtdGFTwRXAWxj03ceLTstwg8Zmmo37mycSIbJD1FGRH33fkiNdOmAwLaRgpsjtDNG/m2sV/VbW86S/DJy3GPeoEfp6wE1+tpciq8vi94CfTdPd3L+oMhXLPA/k/5RRaQXsz8tR28DAvteE6ZsFoN+7NAyC9ndKiAHnY0mXfAisuLasG+6S7Gp+kyWYVLWcIHDzS8aqRlADtgaKC3AkOwdr2hyjSq2s7jDSLUuxhUj0MSjh6hkpC/grWTIGfRboEla5UJT23WFKuODlfrXg5J6PbSoccsDHw8xIfL8e4zLRv+232U2TScVAwP6J88uYRk69LAAWumazEIs3EWcZbBD7nkAR08naoirjkEztb93tUZ1UOKApyNmVJWPu5Fh3nURXl9yRAtVObyIGgwlBS X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(4636009)(36840700001)(46966006)(86362001)(8936002)(70206006)(7406005)(5660300002)(7696005)(83380400001)(356005)(2906002)(316002)(110136005)(54906003)(7416002)(47076005)(336012)(81166007)(36860700001)(82310400003)(2616005)(426003)(8676002)(44832011)(26005)(16526019)(186003)(6666004)(36756003)(1076003)(70586007)(4326008)(508600001)(36900700001)(2101003);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Oct 2021 18:05:48.8505 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7a146aea-f343-4c47-2f6f-08d98a86422d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT028.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR12MB5187 X-Rspamd-Queue-Id: 312D21001CB3 X-Stat-Signature: 43hugxqy5xtihi7sfpqkdtarpcxux34x Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=KZu5nHD4; spf=pass (imf07.hostedemail.com: domain of brijesh.singh@amd.com designates 40.107.243.76 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com; dmarc=pass (policy=quarantine) header.from=amd.com X-Rspamd-Server: rspam06 X-HE-Tag: 1633716353-635013 Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Tom Lendacky The save area for SEV-ES/SEV-SNP guests, as used by the hardware, is different from the save area of a non SEV-ES/SEV-SNP guest. This is the first step in defining the multiple save areas to keep them separate and ensuring proper operation amongst the different types of guests. Create an SEV-ES/SEV-SNP save area and adjust usage to the new save area definition where needed. Signed-off-by: Tom Lendacky Signed-off-by: Brijesh Singh --- arch/x86/include/asm/svm.h | 83 +++++++++++++++++++++++++++++--------- arch/x86/kvm/svm/sev.c | 24 +++++------ arch/x86/kvm/svm/svm.h | 2 +- 3 files changed, 77 insertions(+), 32 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 7c9cf4f3c164..0df489a70945 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -227,6 +227,7 @@ struct vmcb_seg { u64 base; } __packed; =20 +/* Save area definition for legacy and SEV-MEM guests */ struct vmcb_save_area { struct vmcb_seg es; struct vmcb_seg cs; @@ -243,8 +244,58 @@ struct vmcb_save_area { u8 cpl; u8 reserved_2[4]; u64 efer; + u8 reserved_3[112]; + u64 cr4; + u64 cr3; + u64 cr0; + u64 dr7; + u64 dr6; + u64 rflags; + u64 rip; + u8 reserved_4[88]; + u64 rsp; + u64 s_cet; + u64 ssp; + u64 isst_addr; + u64 rax; + u64 star; + u64 lstar; + u64 cstar; + u64 sfmask; + u64 kernel_gs_base; + u64 sysenter_cs; + u64 sysenter_esp; + u64 sysenter_eip; + u64 cr2; + u8 reserved_5[32]; + u64 g_pat; + u64 dbgctl; + u64 br_from; + u64 br_to; + u64 last_excp_from; + u64 last_excp_to; + u8 reserved_6[72]; + u32 spec_ctrl; /* Guest version of SPEC_CTRL at 0x2E0 */ +} __packed; + +/* Save area definition for SEV-ES and SEV-SNP guests */ +struct sev_es_save_area { + struct vmcb_seg es; + struct vmcb_seg cs; + struct vmcb_seg ss; + struct vmcb_seg ds; + struct vmcb_seg fs; + struct vmcb_seg gs; + struct vmcb_seg gdtr; + struct vmcb_seg ldtr; + struct vmcb_seg idtr; + struct vmcb_seg tr; + u8 reserved_1[43]; + u8 cpl; + u8 reserved_2[4]; + u64 efer; u8 reserved_3[104]; - u64 xss; /* Valid for SEV-ES only */ + u64 xss; u64 cr4; u64 cr3; u64 cr0; @@ -272,22 +323,14 @@ struct vmcb_save_area { u64 br_to; u64 last_excp_from; u64 last_excp_to; - - /* - * The following part of the save area is valid only for - * SEV-ES guests when referenced through the GHCB or for - * saving to the host save area. - */ - u8 reserved_7[72]; - u32 spec_ctrl; /* Guest version of SPEC_CTRL at 0x2E0 */ - u8 reserved_7b[4]; + u8 reserved_7[80]; u32 pkru; - u8 reserved_7a[20]; - u64 reserved_8; /* rax already available at 0x01f8 */ + u8 reserved_9[20]; + u64 reserved_10; /* rax already available at 0x01f8 */ u64 rcx; u64 rdx; u64 rbx; - u64 reserved_9; /* rsp already available at 0x01d8 */ + u64 reserved_11; /* rsp already available at 0x01d8 */ u64 rbp; u64 rsi; u64 rdi; @@ -299,21 +342,21 @@ struct vmcb_save_area { u64 r13; u64 r14; u64 r15; - u8 reserved_10[16]; + u8 reserved_12[16]; u64 sw_exit_code; u64 sw_exit_info_1; u64 sw_exit_info_2; u64 sw_scratch; u64 sev_features; - u8 reserved_11[48]; + u8 reserved_13[48]; u64 xcr0; u8 valid_bitmap[16]; u64 x87_state_gpa; } __packed; =20 struct ghcb { - struct vmcb_save_area save; - u8 reserved_save[2048 - sizeof(struct vmcb_save_area)]; + struct sev_es_save_area save; + u8 reserved_save[2048 - sizeof(struct sev_es_save_area)]; =20 u8 shared_buffer[2032]; =20 @@ -323,13 +366,15 @@ struct ghcb { } __packed; =20 =20 -#define EXPECTED_VMCB_SAVE_AREA_SIZE 1032 +#define EXPECTED_VMCB_SAVE_AREA_SIZE 740 +#define EXPECTED_SEV_ES_SAVE_AREA_SIZE 1032 #define EXPECTED_VMCB_CONTROL_AREA_SIZE 1024 #define EXPECTED_GHCB_SIZE PAGE_SIZE =20 static inline void __unused_size_checks(void) { BUILD_BUG_ON(sizeof(struct vmcb_save_area) !=3D EXPECTED_VMCB_SAVE_AREA= _SIZE); + BUILD_BUG_ON(sizeof(struct sev_es_save_area) !=3D EXPECTED_SEV_ES_SAVE_= AREA_SIZE); BUILD_BUG_ON(sizeof(struct vmcb_control_area) !=3D EXPECTED_VMCB_CONTRO= L_AREA_SIZE); BUILD_BUG_ON(sizeof(struct ghcb) !=3D EXPECTED_GHCB_SIZE); } @@ -399,7 +444,7 @@ struct vmcb { /* GHCB Accessor functions */ =20 #define GHCB_BITMAP_IDX(field) \ - (offsetof(struct vmcb_save_area, field) / sizeof(u64)) + (offsetof(struct sev_es_save_area, field) / sizeof(u64)) =20 #define DEFINE_GHCB_ACCESSORS(field) \ static inline bool ghcb_##field##_is_valid(const struct ghcb *ghcb) \ diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index c36b5fe4c27c..4d3c5b302586 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -551,12 +551,20 @@ static int sev_launch_update_data(struct kvm *kvm, = struct kvm_sev_cmd *argp) =20 static int sev_es_sync_vmsa(struct vcpu_svm *svm) { - struct vmcb_save_area *save =3D &svm->vmcb->save; + struct sev_es_save_area *save =3D svm->vmsa; =20 /* Check some debug related fields before encrypting the VMSA */ - if (svm->vcpu.guest_debug || (save->dr7 & ~DR7_FIXED_1)) + if (svm->vcpu.guest_debug || (svm->vmcb->save.dr7 & ~DR7_FIXED_1)) return -EINVAL; =20 + /* + * SEV-ES will use a VMSA that is pointed to by the VMCB, not + * the traditional VMSA that is part of the VMCB. Copy the + * traditional VMSA as it has been built so far (in prep + * for LAUNCH_UPDATE_VMSA) to be the initial SEV-ES state. + */ + memcpy(save, &svm->vmcb->save, sizeof(svm->vmcb->save)); + /* Sync registgers */ save->rax =3D svm->vcpu.arch.regs[VCPU_REGS_RAX]; save->rbx =3D svm->vcpu.arch.regs[VCPU_REGS_RBX]; @@ -584,14 +592,6 @@ static int sev_es_sync_vmsa(struct vcpu_svm *svm) save->xss =3D svm->vcpu.arch.ia32_xss; save->dr6 =3D svm->vcpu.arch.dr6; =20 - /* - * SEV-ES will use a VMSA that is pointed to by the VMCB, not - * the traditional VMSA that is part of the VMCB. Copy the - * traditional VMSA as it has been built so far (in prep - * for LAUNCH_UPDATE_VMSA) to be the initial SEV-ES state. - */ - memcpy(svm->vmsa, save, sizeof(*save)); - return 0; } =20 @@ -2645,7 +2645,7 @@ void sev_es_create_vcpu(struct vcpu_svm *svm) void sev_es_prepare_guest_switch(struct vcpu_svm *svm, unsigned int cpu) { struct svm_cpu_data *sd =3D per_cpu(svm_data, cpu); - struct vmcb_save_area *hostsa; + struct sev_es_save_area *hostsa; =20 /* * As an SEV-ES guest, hardware will restore the host state on VMEXIT, @@ -2655,7 +2655,7 @@ void sev_es_prepare_guest_switch(struct vcpu_svm *s= vm, unsigned int cpu) vmsave(__sme_page_pa(sd->save_area)); =20 /* XCR0 is restored on VMEXIT, save the current host value */ - hostsa =3D (struct vmcb_save_area *)(page_address(sd->save_area) + 0x40= 0); + hostsa =3D (struct sev_es_save_area *)(page_address(sd->save_area) + 0x= 400); hostsa->xcr0 =3D xgetbv(XCR_XFEATURE_ENABLED_MASK); =20 /* PKRU is restored on VMEXIT, save the current host value */ diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 58350deb428b..689d99cd7b9d 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -184,7 +184,7 @@ struct vcpu_svm { } shadow_msr_intercept; =20 /* SEV-ES support */ - struct vmcb_save_area *vmsa; + struct sev_es_save_area *vmsa; struct ghcb *ghcb; struct kvm_host_map ghcb_map; bool received_first_sipi; --=20 2.25.1