From: Babu Moger <babu.moger@amd.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: junaids@google.com, wanpengli@tencent.com, kvm@vger.kernel.org,
joro@8bytes.org, x86@kernel.org, linux-kernel@vger.kernel.org,
sean.j.christopherson@intel.com, mingo@redhat.com, bp@alien8.de,
hpa@zytor.com, tglx@linutronix.de, vkuznets@redhat.com,
jmattson@google.com
Subject: Re: [PATCH 2/2] KVM:SVM: Mask SEV encryption bit from CR3 reserved bits
Date: Thu, 12 Nov 2020 10:19:40 -0600 [thread overview]
Message-ID: <48cd9218-cc30-65b6-343c-804dea427e30@amd.com> (raw)
In-Reply-To: <09c5a083-a841-7d0e-f315-1d480e929957@redhat.com>
On 11/12/20 2:32 AM, Paolo Bonzini wrote:
> On 12/11/20 01:28, Babu Moger wrote:
>> Add support to the mask_cr3_rsvd_bits() callback to mask the
>> encryption bit from the CR3 value when SEV is enabled.
>>
>> Additionally, cache the encryption mask for quick access during
>> the check.
>>
>> Fixes: a780a3ea628268b2 ("KVM: X86: Fix reserved bits check for MOV to
>> CR3")
>> Signed-off-by: Babu Moger <babu.moger@amd.com>
>> ---
>> arch/x86/kvm/svm/svm.c | 11 ++++++++++-
>> arch/x86/kvm/svm/svm.h | 3 +++
>> 2 files changed, 13 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
>> index a491a47d7f5c..c2b1e52810c6 100644
>> --- a/arch/x86/kvm/svm/svm.c
>> +++ b/arch/x86/kvm/svm/svm.c
>> @@ -3741,6 +3741,7 @@ static u64 svm_get_mt_mask(struct kvm_vcpu *vcpu,
>> gfn_t gfn, bool is_mmio)
>> static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
>> {
>> struct vcpu_svm *svm = to_svm(vcpu);
>> + struct kvm_cpuid_entry2 *best;
>> vcpu->arch.xsaves_enabled = guest_cpuid_has(vcpu,
>> X86_FEATURE_XSAVE) &&
>> boot_cpu_has(X86_FEATURE_XSAVE) &&
>> @@ -3771,6 +3772,12 @@ static void svm_vcpu_after_set_cpuid(struct
>> kvm_vcpu *vcpu)
>> if (nested && guest_cpuid_has(vcpu, X86_FEATURE_SVM))
>> kvm_request_apicv_update(vcpu->kvm, false,
>> APICV_INHIBIT_REASON_NESTED);
>> +
>> + best = kvm_find_cpuid_entry(vcpu, 0x8000001F, 0);
>> + if (best)
>> + svm->sev_enc_mask = ~(1UL << (best->ebx & 0x3f));
>> + else
>> + svm->sev_enc_mask = ~0UL;
>> }
>> static bool svm_has_wbinvd_exit(void)
>> @@ -4072,7 +4079,9 @@ static void enable_smi_window(struct kvm_vcpu *vcpu)
>> static unsigned long svm_mask_cr3_rsvd_bits(struct kvm_vcpu *vcpu,
>> unsigned long cr3)
>> {
>> - return cr3;
>> + struct vcpu_svm *svm = to_svm(vcpu);
>> +
>> + return sev_guest(vcpu->kvm) ? (cr3 & svm->sev_enc_mask) : cr3;
>> }
>> static bool svm_can_emulate_instruction(struct kvm_vcpu *vcpu, void
>> *insn, int insn_len)
>> diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
>> index 1d853fe4c778..57a36645a0e4 100644
>> --- a/arch/x86/kvm/svm/svm.h
>> +++ b/arch/x86/kvm/svm/svm.h
>> @@ -152,6 +152,9 @@ struct vcpu_svm {
>> u64 *avic_physical_id_cache;
>> bool avic_is_running;
>> + /* SEV Memory encryption mask */
>> + unsigned long sev_enc_mask;
>> +
>> /*
>> * Per-vcpu list of struct amd_svm_iommu_ir:
>> * This is used mainly to store interrupt remapping information used
>>
>
> Instead of adding a new callback, you can add a field to struct
> kvm_vcpu_arch:
>
> if (is_long_mode(vcpu) &&
> - (cr3 & rsvd_bits(cpuid_maxphyaddr(vcpu), 63)))
> + (cr3 & vcpu->arch.cr3_lm_rsvd_bits))
>
> Set it in kvm_vcpu_after_set_cpuid, and clear the memory encryption bit in
> kvm_x86_ops.vcpu_after_set_cpuid.
Yes. That should work. Will resubmit the patches. Thanks
prev parent reply other threads:[~2020-11-12 16:19 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-12 0:28 [PATCH 0/2] Fix AMD SEV guest boot issue with PCID feature Babu Moger
2020-11-12 0:28 ` [PATCH 1/2] KVM: x86: Introduce mask_cr3_rsvd_bits to mask memory encryption bit Babu Moger
2020-11-12 0:28 ` [PATCH 2/2] KVM:SVM: Mask SEV encryption bit from CR3 reserved bits Babu Moger
2020-11-12 8:32 ` Paolo Bonzini
2020-11-12 16:19 ` Babu Moger [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48cd9218-cc30-65b6-343c-804dea427e30@amd.com \
--to=babu.moger@amd.com \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=junaids@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=sean.j.christopherson@intel.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).