From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933584AbdKAVR1 (ORCPT ); Wed, 1 Nov 2017 17:17:27 -0400 Received: from mail-bn3nam01on0087.outbound.protection.outlook.com ([104.47.33.87]:27280 "EHLO NAM01-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S933358AbdKAVRV (ORCPT ); Wed, 1 Nov 2017 17:17:21 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: bp@alien8.de, Brijesh Singh , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Joerg Roedel , Borislav Petkov , Tom Lendacky , x86@kernel.org Subject: [Part2 PATCH v7 26/38] KVM: SVM: VMRUN should use associated ASID when SEV is enabled Date: Wed, 1 Nov 2017 16:16:11 -0500 Message-Id: <20171101211623.71496-27-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171101211623.71496-1-brijesh.singh@amd.com> References: <20171101211623.71496-1-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: DM5PR06CA0064.namprd06.prod.outlook.com (2603:10b6:3:37::26) To DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 57fb879d-ee97-402d-5928-08d5216de086 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081)(4534020)(4602075)(2017052603199);SRVR:DM2PR12MB0155; X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0155;3:LeXrNO2j1NWjGoQGSK/9gOl6uaOt+3XZA25YwGd8yG4Yc62P2XIWC/Te9bzuqv05/UxXC0JU0kdRSuzG5FwXv3C2KOiW8uSoQnhKnLbqKsgTmyVqQnZm/B5DmXU1lq4hcukVXVJlnTpn22zJ9paH4XoEZ0Aci3K0e+QXviT8JyF0i9X4870aamOWzLh+ORBkdCIcQDD0IkSJTtq0EcQUkj2ji8uUCrPOHLLmO522+qalWDae2q+BIpaOKXufn54Y;25:dMT/Wku2MsKgPrlUY5s3GNFQSQ6ICQWaizK2S8t0jpmtrcfXHKk6RwxidPOApWLR3nTWN9Sc/eCQC2aH7rtsEaKP27QA3HjEUXR47WRhpL1qGA1hhjlWLwGx75+L814gQDlOP9tjXdYgiGc9b18ffzn0CQenaVBb8DRfVBTzQKnjvehVjTo0FuH9VJSCubT++kp9f/4GZavKp0YBNLBXYP8UPwOh95NP48CpHZ72SZ6UMXGog3IbGrxjqumloA/JhT4kSZH2etpiDuyXSQXzdcJro/zXkecNjmRKh8AtfFWbBaYnJVE4uLAyxFPxUzbWSbDMjoEbfEg3NagCD5t2Jw==;31:61HRXOQJ4OrCj/qehN0qCQPVyQUdejEbeZ8KyBII42P4yhte1Lv26Cso7qjBglMpWvgY4DdUabtuwLeR7wnPqri7Dob4USkw+fECSX58AodVmjEu5pe2jEESIcKdziQDqzyyaqdurFschBkUIevAfMOfs0G0O+lk2u3IZGZwakXzvjI46p2I6rMLG2c6wDtlPTucvMD0mblUXOlJVz09VsGEtXNoDWePQgV1NfcV1BA= X-MS-TrafficTypeDiagnostic: DM2PR12MB0155: X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0155;20:2nzDKYf0QgL4Y8+8yzJgX7ssynmDKoAlWmGUMYoxj91y0DDsYxaoP9mGA0pf9bDHXZod54/CzaJMYolYf6v33GF0oc8xRyfgjEz5Qri6Gf6D7bR2ZHOHxLvP8/tCiftkGJkpu2HtXO1nlQ6LCirHGoO+JDqosACvwrDkENm3lIlSUlUh/bYrVy/oBOrtRtqVlZN9/ug9wFcbtil8zV3/lSyySzZiAMO41gr2AaW5NNezNP5Qh5Gefn1eIqZW3ZkxdC42i6ytQ5seQimOq+rPPfNMPUZYrsAZEDf1uuEqgjg6qzBey4bF0L8aYSGS+EavT8nAJj1n41O5MqnFe2hZXoWHIg/XOCuy7vGqtAj59BkRZFwmwc1SY/VEKEGeN5daXmX0xIPkdkOCm89e4fdykB7gR+7+8pGhhSV0dou8LxhI3z8b0HerDiiwTTbgvIjM4TOANxSKDOeVS3+uuu5UqGB9gftmYtPA5YHdi75WrC+hHO+vGEdeRrnmnWSQPgUe;4:wYwh9EXh3T0Mwk6VjZu/jBRp5Ed2xhAGsfTT7rrPZjsduldtjpxtX7wG9MsIB/WDCxjiqcjoUJbsUPPevqpOf9j5GsTwE2acvb4tWSLADPm134cNnJTbO2Hr9r2yoSOcPDlZRQciqqV9p/hU+k7ZVI16qwIGzr7Hd9csQBmDfZ8tv73ybkktWAUjgkX9lhddmz11p7zDrofIaP3d1xO3c11uOiQ7GQ1eH72BdG7u2h0djmfPQ+s42TsPtqeemk60wekaVNYJElbyVfz/1CuPAIq9iWOaFsPtcxKvXLDGOjZ4vk0XQWJO8YBubAwnrmYkij3qQSlcfMD251Fbksvgqg== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(3231020)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123560025)(20161123555025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:DM2PR12MB0155;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:DM2PR12MB0155; X-Forefront-PRVS: 0478C23FE0 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6009001)(39860400002)(376002)(346002)(189002)(199003)(1076002)(6116002)(97736004)(66066001)(50466002)(3846002)(25786009)(4326008)(54906003)(316002)(8676002)(47776003)(36756003)(23676003)(50986999)(478600001)(7416002)(81156014)(81166006)(105586002)(53416004)(53936002)(189998001)(106356001)(2906002)(16526018)(2870700001)(76176999)(33646002)(305945005)(7736002)(86362001)(5660300001)(6486002)(101416001)(50226002)(68736007)(8936002)(2950100002)(6666003);DIR:OUT;SFP:1101;SCL:1;SRVR:DM2PR12MB0155;H:wsp141597wss.amd.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTJQUjEyTUIwMTU1OzIzOlVVNHVQL3U2RCtCZnhORU5uUmhSTy9kc2cz?= =?utf-8?B?dE12YmVueWZ5UFZLb1p0RFVGaGtXcmV1SUtpMGZtTWttM1NCWmJPM2FORVNs?= =?utf-8?B?VHdEek85cC92ZUlVeGFYZTJ4ak51bEprN203dElnOG5kR21UT1V3SzJzRm5M?= =?utf-8?B?OTMvOUNmN0dXVzdNNzZVcGhjUVZlaGJwOFpwWmhrYThKZWxDSW9ieW92cmo0?= =?utf-8?B?c3dBVC9PNk1GTWlCTFhKdmVPMUhJakFtdytQNWhzWnRxMURpSjdBNFhWTUNv?= =?utf-8?B?V01BTENHeUxqeEFManZGdnR1TlhDVmZKaHBXNXAzTmExMlY4dUk1S05WbkdY?= =?utf-8?B?N3NtdC9OeGl2NDlWY0w5alVKdDBhS2loaTd3ZTRwZUIvcTdYV3BNb2dESlNx?= =?utf-8?B?ZlIzcjNhRDdzY1R0bXV5M3A4VHRwWUpLTHhrbDFOd0lnSlc0bWRkbEprWFlp?= =?utf-8?B?ZzdiTTBCWml5Y3JNK2RhOW5PMDJodDFBeUY1VDladkQ5UUdJQ3lMQldWV29U?= =?utf-8?B?Z3FGdEcvTlpmTjNRN0pXbms1S1lwRG1Bd2d6T0VkY3ZmT1diYkFYczZTRFla?= =?utf-8?B?ZUMzRGl6cXlPczd4ckVHNlFQZkZlM2Y2R0FIZjBwZWFNbU9zbmovM01JYUFj?= =?utf-8?B?S2lnM3FUOVRWam9aZ3B1TnQ3ZTdEY0JuOFljUWNUdWRTREZLQVI1ZFZIQWEw?= =?utf-8?B?dk1LbUZmVi9sYlRDY3c3TmFVYnA4Z05YaTRjMDQxdWxMb3pCY0NPcmFiWEFF?= =?utf-8?B?K3dNM1VGQUI0YkVCTzhuTXlmVmRyTzBYaFhJcXRYajdFeC80QjhCdVI5SlBo?= =?utf-8?B?ZDNZd2ZLTmZySEk2RzhVZXZITmNtejgyQURPcjNnTGZtYURGdndoRzRwZlAx?= =?utf-8?B?dkdyUFhkZTl3VnFoS25MOVJrMjk0NEMycm1TeEhIK2FCWUowMTdxdnVVNVdw?= =?utf-8?B?dVZxUW01RlQ3dGxYb2hHYXV0aG4yWEZNeU1OSGFhQUZvdmY5dGRaZ3g5NE1L?= =?utf-8?B?SnlRWXBDeXpENmhxYVR6M0ZoTzRKdC84RWdjNTRYOVpUT2UxWDVyaU42eUx5?= =?utf-8?B?VkdwREZybXpJSXl0WlhaTWJJQUpvZGU2bnZhQ1R6TStjRmJBNE9LZDg4enE4?= =?utf-8?B?Ty9rWWpSeEhwTWFpS3FrNERxZnR4eHpZdUNrYTNBQ0VUVGZ4MTVPNUtOUU1V?= =?utf-8?B?YVRaUEZ6emI3QUt5TE9TR3NQbDJqL0ExaXZDdmt2b3VzVlMvaUlvdVU3dzBW?= =?utf-8?B?bkhZSFFTaXdzSXQvMVl4RDVxRUlBWE9BNkx5MVNLK0owQy9DaTE1Z2NwUU8w?= =?utf-8?B?MHVaMG0yTkdjSjJIbjRKQVZ2NTh6Vy9qckJ4TDNyYnJsZHIveW4zMG1WdlJW?= =?utf-8?B?VXFpQ0V5MEJJMkxEU1ZaWFZaY2s4Zjc4MjI2bUo0OWxkTHorcWFEQmRObUow?= =?utf-8?Q?pWCNXA1mkkZWfqUIxjovYxi7UVv?= X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0155;6:6oq24W967UKC/xtzh1FAtpIIJcLmu/MXQVjUUfXob/+vmUJqjjRsqsenPJ26sSYn647Hri6CrO4RZTTPFqWwDLt+SnIIwRrl4wZIz5fwAW1TQ0+YNdDwgo4kaJ3viV2Hm7ir628bsT6yA6v6kR0Adnib+ahibrcPd4fx2wZVUhQXrXpJceNgzDeoTW3hsI5x2HUMIvmFxEemY+s9Uae1we1NAdzJrQCnET7RatCHSpcUBz6zE9+a4swxur+nGseSSQigYCk7D/LTbrl4My5NQEC6B57E/sBov4RXPIPzmAs4p/WFOKu4KGr/nMstLJksPMhIyc5C/DQU4mY9YfNSjkO2iSfAvjteqHPct6D8PEk=;5:sJZLp4VIrp9zVBlqZJZjE724x57n4eb/5gUOUw0dtgzAGM6k7c8vAnkGe2NfzbDTX/0Nk8oQ8u3q3XrLexdZbhH1l5Uk2U3XXeNxPAsXQm7SxzIgplN/Nn00Z+y8CASe1ck9J5uXtjF+JXtYdWmuFlp+xOoIXfTv2ergfgc7adg=;24:ekSYfBpw3ArtpUxSCGI8Cqpt9gfJgcBS/pmuwfH3fbRMZluE3ViBLtzBTTTi9l9CSzOF0qsnURRimQ7OCw9R/ZHh/zCfTlOw/cBcIK0FzMQ=;7:/1396CTeL561QNQa8O2u8xi+StrruHkIeC11fPbQtL1jlxbz+4QYiEIu0FmJhMQ3KzVgR8J802Wf8vtsN8SRHWJetT7P1xy+kqLLCha970OooUqgikHfYsg3F3r0a+0D6UVFalQLvdDGrrbbF6gvM+zwyTTB2MeD9lyeWnPy2CbCs0ND0KeuzFmII0JU/X365zYTezIPdSrqEpG7OWcgRR1KE1WyiI+zUbFVnoHi6IpbLdAx6qomAPhElzJ2ubzt SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0155;20:JMGS315vah/A0SAqnktzRMrmh/++XcSBjhX5jMUNa+KNvXIabeHZ8frkzBQMk9XALsIj/dL8Zxgy+FddNjIKQg8/gZagpk4uJR6b+pnXgPcjeuRc92DT+SUDYRdoVoCC02qWRc8Po/wbaUL2V78OhLOzaUZtPYfPea6jxM3bfoxixyBOtF5K89eAdOXpvNGQoWuYa1Jvw/qvcrSTnFl524l1w5dzLl5fe9H4OVaqsdekqe+SOkAb+yw1WI2hKO7J X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Nov 2017 21:16:54.0939 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 57fb879d-ee97-402d-5928-08d5216de086 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0155 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org SEV hardware uses ASIDs to associate a memory encryption key with a guest VM. During guest creation, a SEV VM uses the SEV_CMD_ACTIVATE command to bind a particular ASID to the guest. Lets make sure that the VMCB is programmed with the bound ASID before a VMRUN. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- arch/x86/kvm/svm.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 56 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 1410e6b7e8d8..18af702f783a 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -213,6 +213,9 @@ struct vcpu_svm { */ struct list_head ir_list; spinlock_t ir_list_lock; + + /* which host CPU was used for running this vcpu */ + unsigned int last_cpu; }; /* @@ -340,6 +343,13 @@ static inline bool sev_guest(struct kvm *kvm) return sev->active; } +static inline int sev_get_asid(struct kvm *kvm) +{ + struct kvm_sev_info *sev = &kvm->arch.sev_info; + + return sev->asid; +} + static inline void mark_all_dirty(struct vmcb *vmcb) { vmcb->control.clean = 0; @@ -550,6 +560,9 @@ struct svm_cpu_data { struct kvm_ldttss_desc *tss_desc; struct page *save_area; + + /* index = sev_asid, value = vmcb pointer */ + struct vmcb **sev_vmcbs; }; static DEFINE_PER_CPU(struct svm_cpu_data *, svm_data); @@ -863,6 +876,7 @@ static void svm_cpu_uninit(int cpu) return; per_cpu(svm_data, raw_smp_processor_id()) = NULL; + kfree(sd->sev_vmcbs); __free_page(sd->save_area); kfree(sd); } @@ -876,11 +890,18 @@ static int svm_cpu_init(int cpu) if (!sd) return -ENOMEM; sd->cpu = cpu; - sd->save_area = alloc_page(GFP_KERNEL); r = -ENOMEM; + sd->save_area = alloc_page(GFP_KERNEL); if (!sd->save_area) goto err_1; + if (svm_sev_enabled()) { + r = -ENOMEM; + sd->sev_vmcbs = kmalloc((max_sev_asid + 1) * sizeof(void *), GFP_KERNEL); + if (!sd->sev_vmcbs) + goto err_1; + } + per_cpu(svm_data, cpu) = sd; return 0; @@ -1476,10 +1497,16 @@ static int avic_init_backing_page(struct kvm_vcpu *vcpu) static void __sev_asid_free(int asid) { - int pos; + struct svm_cpu_data *sd; + int cpu, pos; pos = asid - 1; clear_bit(pos, sev_asid_bitmap); + + for_each_possible_cpu(cpu) { + sd = per_cpu(svm_data, cpu); + sd->sev_vmcbs[pos] = NULL; + } } static void sev_asid_free(struct kvm *kvm) @@ -4420,12 +4447,39 @@ static void reload_tss(struct kvm_vcpu *vcpu) load_TR_desc(); } +static void pre_sev_run(struct vcpu_svm *svm, int cpu) +{ + struct svm_cpu_data *sd = per_cpu(svm_data, cpu); + int asid = sev_get_asid(svm->vcpu.kvm); + + /* Assign the asid allocated with this SEV guest */ + svm->vmcb->control.asid = asid; + + /* + * Flush guest TLB: + * + * 1) when different VMCB for the same ASID is to be run on the same host CPU. + * 2) or this VMCB was executed on different host CPU in previous VMRUNs. + */ + if (sd->sev_vmcbs[asid] == svm->vmcb && + svm->last_cpu == cpu) + return; + + svm->last_cpu = cpu; + sd->sev_vmcbs[asid] = svm->vmcb; + svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ASID; + mark_dirty(svm->vmcb, VMCB_ASID); +} + static void pre_svm_run(struct vcpu_svm *svm) { int cpu = raw_smp_processor_id(); struct svm_cpu_data *sd = per_cpu(svm_data, cpu); + if (sev_guest(svm->vcpu.kvm)) + return pre_sev_run(svm, cpu); + /* FIXME: handle wraparound of asid_generation */ if (svm->asid_generation != sd->asid_generation) new_asid(svm, sd); -- 2.9.5