From: Paolo Bonzini <pbonzini@redhat.com>
To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc: seanjc@google.com, michael.roth@amd.com, aik@amd.com
Subject: [PATCH v3 08/15] KVM: SEV: store VMSA features in kvm_sev_info
Date: Mon, 26 Feb 2024 14:03:37 -0500 [thread overview]
Message-ID: <20240226190344.787149-9-pbonzini@redhat.com> (raw)
In-Reply-To: <20240226190344.787149-1-pbonzini@redhat.com>
Right now, the set of features that are stored in the VMSA upon
initialization is fixed and depends on the module parameters for
kvm-amd.ko. However, the hypervisor cannot really change it at will
because the feature word has to match between the hypervisor and whatever
computes a measurement of the VMSA for attestation purposes.
Add a field to kvm_sev_info that holds the set of features to be stored
in the VMSA; and query it instead of referring to the module parameters.
Because KVM_SEV_INIT and KVM_SEV_ES_INIT accept no parameters, this
does not yet introduce any functional change, but it paves the way for
an API that allows customization of the features per-VM.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20240209183743.22030-6-pbonzini@redhat.com>
Reviewed-by: Michael Roth <michael.roth@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
arch/x86/kvm/svm/sev.c | 22 ++++++++++++++++++----
arch/x86/kvm/svm/svm.c | 2 +-
arch/x86/kvm/svm/svm.h | 3 ++-
3 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 16a5c64232b7..b46612db0594 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -96,6 +96,14 @@ static inline bool is_mirroring_enc_context(struct kvm *kvm)
return !!to_kvm_svm(kvm)->sev_info.enc_context_owner;
}
+static bool sev_vcpu_has_debug_swap(struct vcpu_svm *svm)
+{
+ struct kvm_vcpu *vcpu = &svm->vcpu;
+ struct kvm_sev_info *sev = &to_kvm_svm(vcpu->kvm)->sev_info;
+
+ return sev->vmsa_features & SVM_SEV_FEAT_DEBUG_SWAP;
+}
+
/* Must be called with the sev_bitmap_lock held */
static bool __sev_recycle_asids(unsigned int min_asid, unsigned int max_asid)
{
@@ -244,6 +252,8 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp)
sev->active = true;
sev->es_active = argp->id == KVM_SEV_ES_INIT;
+ sev->vmsa_features = sev_supported_vmsa_features;
+
ret = sev_asid_new(sev);
if (ret)
goto e_no_asid;
@@ -263,6 +273,7 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp)
sev_asid_free(sev);
sev->asid = 0;
e_no_asid:
+ sev->vmsa_features = 0;
sev->es_active = false;
sev->active = false;
return ret;
@@ -557,6 +568,8 @@ static int sev_launch_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp)
static int sev_es_sync_vmsa(struct vcpu_svm *svm)
{
+ struct kvm_vcpu *vcpu = &svm->vcpu;
+ struct kvm_sev_info *sev = &to_kvm_svm(vcpu->kvm)->sev_info;
struct sev_es_save_area *save = svm->sev_es.vmsa;
/* Check some debug related fields before encrypting the VMSA */
@@ -598,7 +611,7 @@ static int sev_es_sync_vmsa(struct vcpu_svm *svm)
save->xss = svm->vcpu.arch.ia32_xss;
save->dr6 = svm->vcpu.arch.dr6;
- save->sev_features = sev_supported_vmsa_features;
+ save->sev_features = sev->vmsa_features;
pr_debug("Virtual Machine Save Area (VMSA):\n");
print_hex_dump_debug("", DUMP_PREFIX_NONE, 16, 1, save, sizeof(*save), false);
@@ -1678,6 +1691,7 @@ static void sev_migrate_from(struct kvm *dst_kvm, struct kvm *src_kvm)
dst->pages_locked = src->pages_locked;
dst->enc_context_owner = src->enc_context_owner;
dst->es_active = src->es_active;
+ dst->vmsa_features = src->vmsa_features;
src->asid = 0;
src->active = false;
@@ -3048,7 +3062,7 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm)
svm_set_intercept(svm, TRAP_CR8_WRITE);
vmcb->control.intercepts[INTERCEPT_DR] = 0;
- if (!sev_es_debug_swap_enabled) {
+ if (!sev_vcpu_has_debug_swap(svm)) {
vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ);
vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE);
recalc_intercepts(svm);
@@ -3103,7 +3117,7 @@ void sev_es_vcpu_reset(struct vcpu_svm *svm)
sev_enc_bit));
}
-void sev_es_prepare_switch_to_guest(struct sev_es_save_area *hostsa)
+void sev_es_prepare_switch_to_guest(struct vcpu_svm *svm, struct sev_es_save_area *hostsa)
{
/*
* All host state for SEV-ES guests is categorized into three swap types
@@ -3131,7 +3145,7 @@ void sev_es_prepare_switch_to_guest(struct sev_es_save_area *hostsa)
* the CPU (Type-B). If DebugSwap is disabled/unsupported, the CPU both
* saves and loads debug registers (Type-A).
*/
- if (sev_es_debug_swap_enabled) {
+ if (sev_vcpu_has_debug_swap(svm)) {
hostsa->dr0 = native_get_debugreg(0);
hostsa->dr1 = native_get_debugreg(1);
hostsa->dr2 = native_get_debugreg(2);
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 595642099772..1cf9e5f1fd02 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -1523,7 +1523,7 @@ static void svm_prepare_switch_to_guest(struct kvm_vcpu *vcpu)
struct sev_es_save_area *hostsa;
hostsa = (struct sev_es_save_area *)(page_address(sd->save_area) + 0x400);
- sev_es_prepare_switch_to_guest(hostsa);
+ sev_es_prepare_switch_to_guest(svm, hostsa);
}
if (tsc_scaling)
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index 8f2394169703..d6147ad18571 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -85,6 +85,7 @@ struct kvm_sev_info {
unsigned long pages_locked; /* Number of pages locked */
struct list_head regions_list; /* List of registered regions */
u64 ap_jump_table; /* SEV-ES AP Jump Table address */
+ u64 vmsa_features;
struct kvm *enc_context_owner; /* Owner of copied encryption context */
struct list_head mirror_vms; /* List of VMs mirroring */
struct list_head mirror_entry; /* Use as a list entry of mirrors */
@@ -684,7 +685,7 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu);
int sev_es_string_io(struct vcpu_svm *svm, int size, unsigned int port, int in);
void sev_es_vcpu_reset(struct vcpu_svm *svm);
void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector);
-void sev_es_prepare_switch_to_guest(struct sev_es_save_area *hostsa);
+void sev_es_prepare_switch_to_guest(struct vcpu_svm *svm, struct sev_es_save_area *hostsa);
void sev_es_unmap_ghcb(struct vcpu_svm *svm);
void sev_free_vcpu(struct kvm_vcpu *vcpu);
void sev_vm_destroy(struct kvm *kvm);
--
2.39.1
next prev parent reply other threads:[~2024-02-26 19:03 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-26 19:03 [PATCH v3 00/15] KVM: SEV: allow customizing VMSA features Paolo Bonzini
2024-02-26 19:03 ` [PATCH v3 01/15] KVM: SEV: fix compat ABI for KVM_MEMORY_ENCRYPT_OP Paolo Bonzini
2024-02-26 19:03 ` [PATCH v3 02/15] KVM: x86: use u64_to_user_addr() Paolo Bonzini
2024-03-04 9:08 ` Xu Yilun
2024-02-26 19:03 ` [PATCH v3 03/15] KVM: SVM: Invert handling of SEV and SEV_ES feature flags Paolo Bonzini
2024-03-12 15:19 ` Michael Roth
2024-02-26 19:03 ` [PATCH v3 04/15] KVM: SVM: Compile sev.c if and only if CONFIG_KVM_AMD_SEV=y Paolo Bonzini
2024-03-18 22:55 ` Isaku Yamahata
2024-02-26 19:03 ` [PATCH v3 05/15] Documentation: kvm/sev: separate description of firmware Paolo Bonzini
2024-02-28 9:34 ` Bagas Sanjaya
2024-02-26 19:03 ` [PATCH v3 06/15] KVM: introduce new vendor op for KVM_GET_DEVICE_ATTR Paolo Bonzini
2024-02-26 19:03 ` [PATCH v3 07/15] KVM: SEV: publish supported VMSA features Paolo Bonzini
2024-02-26 19:03 ` Paolo Bonzini [this message]
2024-02-26 19:03 ` [PATCH v3 09/15] KVM: SEV: disable DEBUG_SWAP by default Paolo Bonzini
2024-02-26 19:03 ` [PATCH v3 10/15] KVM: x86: add fields to struct kvm_arch for CoCo features Paolo Bonzini
2024-03-14 2:49 ` Michael Roth
2024-03-14 22:09 ` Michael Roth
2024-03-14 22:56 ` Sean Christopherson
2024-03-14 23:48 ` Michael Roth
2024-03-15 14:56 ` Sean Christopherson
2024-03-18 16:48 ` Paolo Bonzini
2024-03-18 22:01 ` Paolo Bonzini
2024-02-26 19:03 ` [PATCH v3 11/15] KVM: x86: Add supported_vm_types to kvm_caps Paolo Bonzini
2024-02-26 19:03 ` [PATCH v3 12/15] KVM: SEV: introduce to_kvm_sev_info Paolo Bonzini
2024-02-26 19:03 ` [PATCH v3 13/15] KVM: SEV: define VM types for SEV and SEV-ES Paolo Bonzini
2024-02-28 1:00 ` Isaku Yamahata
2024-03-04 15:32 ` Xu Yilun
2024-03-04 16:37 ` Sean Christopherson
2024-03-05 13:34 ` Paolo Bonzini
2024-02-26 19:03 ` [PATCH v3 14/15] KVM: SEV: introduce KVM_SEV_INIT2 operation Paolo Bonzini
2024-03-04 15:35 ` Xu Yilun
2024-02-26 19:03 ` [PATCH v3 15/15] selftests: kvm: add tests for KVM_SEV_INIT2 Paolo Bonzini
2024-02-27 3:50 ` [PATCH v3 00/15] KVM: SEV: allow customizing VMSA features Bagas Sanjaya
2024-02-27 17:49 ` Sean Christopherson
2024-02-28 3:22 ` Bagas Sanjaya
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240226190344.787149-9-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=aik@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=seanjc@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.