From patchwork Wed Apr 24 16:09:59 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 1090221 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=amd.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="ki5/DdoM"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44q53y3hxkz9s9N for ; Thu, 25 Apr 2019 02:14:22 +1000 (AEST) Received: from localhost ([127.0.0.1]:44037 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJKXM-0004yA-Ci for incoming@patchwork.ozlabs.org; Wed, 24 Apr 2019 12:14:20 -0400 Received: from eggs.gnu.org ([209.51.188.92]:38729) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJKTl-0002C7-74 for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:38 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hJKTJ-0003gL-Vn for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:24 -0400 Received: from mail-eopbgr780073.outbound.protection.outlook.com ([40.107.78.73]:27328 helo=NAM03-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hJKTI-0003PD-06 for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zZ3sHg5rVXb95pzeWo6NWMPvuCsuoJLoZRkItkFdsyw=; b=ki5/DdoMSvSyC1rCs8WzZNDUBdXR6x4M4H/T9nagzSETxoxXmkCheaek9A7/sY+ScRe5BQ5D0WCDscAwiwPGNC7/8L2Rx0saQYOB3CYb7ef75neDkCCQMB2FeWrvDB64md5ODH4AGcp/bj5/BXVdhr6EOGyfY0Sjz08+38sMFvg= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB2907.namprd12.prod.outlook.com (20.179.71.213) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1835.12; Wed, 24 Apr 2019 16:09:59 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::9183:846f:a93e:9a43]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::9183:846f:a93e:9a43%5]) with mapi id 15.20.1813.017; Wed, 24 Apr 2019 16:09:59 +0000 From: "Singh, Brijesh" To: "kvm@vger.kernel.org" Thread-Topic: [RFC PATCH v1 01/10] KVM: SVM: Add KVM_SEV SEND_START command Thread-Index: AQHU+rgqsjyUQYD5ekOPbYup8IOCmw== Date: Wed, 24 Apr 2019 16:09:59 +0000 Message-ID: <20190424160942.13567-2-brijesh.singh@amd.com> References: <20190424160942.13567-1-brijesh.singh@amd.com> In-Reply-To: <20190424160942.13567-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0601CA0019.namprd06.prod.outlook.com (2603:10b6:803:2f::29) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: d43f2006-999b-4d7e-2da7-08d6c8cf4ce7 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB2907; x-ms-traffictypediagnostic: DM6PR12MB2907: x-microsoft-antispam-prvs: x-forefront-prvs: 00179089FD x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(136003)(366004)(396003)(376002)(346002)(189003)(199004)(1730700003)(99286004)(2501003)(73956011)(478600001)(11346002)(6506007)(76176011)(14454004)(6116002)(52116002)(386003)(476003)(25786009)(66946007)(486006)(4326008)(71200400001)(66446008)(66556008)(3846002)(66476007)(64756008)(1076003)(71190400001)(446003)(186003)(2616005)(5660300002)(2351001)(102836004)(97736004)(26005)(86362001)(6512007)(8676002)(66066001)(8936002)(68736007)(2906002)(50226002)(256004)(81156014)(305945005)(36756003)(316002)(6436002)(54906003)(7736002)(5640700003)(81166006)(53936002)(6916009)(6486002)(7416002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB2907; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 38sUwAsh/EqgRD2Eu6uuMcwJ7h8z0QDY0ShosQ1jH5KtmR/bVt9x0d0/jPqieLZolfeuxDwy6bukVCtTgc5/USpolxc3jhgEoU4LmOevwF7dFJlyBhe5NtGbDyaBUSqP/ojRhMUSN/IiHNzj8JEy2RHP1HBd8iEm/AWLtCgDlHCVzJChy9hFqiXOe1lOqSzc2lfM3q67pFGkni/Hdwbnu7x/l06CnKHTQ22m4TygCsVDQ5PCR9f326Wnkpm7/BDSr6n/azFe9tIEiEh4/9zC+YDoJAPpNJAdXe4DBNSUzSR3Hn0FSO5LL8ZPBXOZx5WICszWa8PN4PbAFbFF/TLthVJwCoCFCca1NG6zZNbkW19HHWApr6ILMujRp00SF8BUvUK0jHLRvyqCnT77hvxRk4g3HJqF/g3oz3PNqdheVRw= Content-ID: <66B4A891EC049749B58F981AB90A362B@namprd12.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: d43f2006-999b-4d7e-2da7-08d6c8cf4ce7 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2019 16:09:59.8721 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB2907 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.78.73 Subject: [Qemu-devel] [RFC PATCH v1 01/10] KVM: SVM: Add KVM_SEV SEND_START command X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Lendacky, Thomas" , "Singh, Brijesh" , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= , Joerg Roedel , "x86@kernel.org" , "qemu-devel@nongnu.org" , "linux-kernel@vger.kernel.org" , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , Thomas Gleixner , Borislav Petkov Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" The command is used to create an outgoing SEV guest encryption context. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- .../virtual/kvm/amd-memory-encryption.rst | 24 +++++ arch/x86/kvm/svm.c | 101 ++++++++++++++++++ include/uapi/linux/kvm.h | 12 +++ 3 files changed, 137 insertions(+) diff --git a/Documentation/virtual/kvm/amd-memory-encryption.rst b/Documentation/virtual/kvm/amd-memory-encryption.rst index 659bbc093b52..340ac4f87321 100644 --- a/Documentation/virtual/kvm/amd-memory-encryption.rst +++ b/Documentation/virtual/kvm/amd-memory-encryption.rst @@ -238,6 +238,30 @@ Returns: 0 on success, -negative on error __u32 trans_len; }; +10. KVM_SEV_SEND_START +---------------------- + +The KVM_SEV_SEND_START command can be used by the hypervisor to create an +outgoing guest encryption context. + +Parameters (in): struct kvm_sev_send_start + +Returns: 0 on success, -negative on error + +:: + struct kvm_sev_send_start { + __u32 policy; /* guest policy */ + + __u64 pdh_cert_uaddr; /* platform Diffie-Hellman certificate */ + __u32 pdh_cert_len; + + __u64 plat_cert_uaddr; /* platform certificate chain */ + __u32 plat_cert_len; + + __u64 amd_cert_uaddr; /* AMD certificate */ + __u32 amd_cert_len; + }; + References ========== diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 406b558abfef..4c2a225ba546 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -6955,6 +6955,104 @@ static int sev_launch_secret(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_send_start(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + void *amd_cert = NULL, *session_data = NULL; + void *pdh_cert = NULL, *plat_cert = NULL; + struct sev_data_send_start *data = NULL; + struct kvm_sev_send_start params; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, + sizeof(struct kvm_sev_send_start))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + /* userspace wants to query the session length */ + if (!params.session_len) + goto cmd; + + if (!params.pdh_cert_uaddr || !params.pdh_cert_len || + !params.session_uaddr) + return -EINVAL; + + /* copy the certificate blobs from userspace */ + pdh_cert = psp_copy_user_blob(params.pdh_cert_uaddr, params.pdh_cert_len); + if (IS_ERR(pdh_cert)) { + ret = PTR_ERR(pdh_cert); + goto e_free; + } + + data->pdh_cert_address = __psp_pa(pdh_cert); + data->pdh_cert_len = params.pdh_cert_len; + + plat_cert = psp_copy_user_blob(params.plat_cert_uaddr, params.plat_cert_len); + if (IS_ERR(plat_cert)) { + ret = PTR_ERR(plat_cert); + goto e_free_pdh; + } + + data->plat_cert_address = __psp_pa(plat_cert); + data->plat_cert_len = params.plat_cert_len; + + amd_cert = psp_copy_user_blob(params.amd_cert_uaddr, params.amd_cert_len); + if (IS_ERR(amd_cert)) { + ret = PTR_ERR(amd_cert); + goto e_free_plat_cert; + } + + data->amd_cert_address = __psp_pa(amd_cert); + data->amd_cert_len = params.amd_cert_len; + + ret = -ENOMEM; + session_data = kmalloc(params.session_len, GFP_KERNEL); + if (!session_data) + goto e_free_amd_cert; + + data->session_address = __psp_pa(session_data); + data->session_len = params.session_len; +cmd: + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_START, data, &argp->error); + + /* if we queried the session length, FW responded with expected data */ + if (!params.session_len) + goto done; + + if (copy_to_user((void __user *)(uintptr_t) params.session_uaddr, + session_data, params.session_len)) { + ret = -EFAULT; + goto e_free_session; + } + + params.policy = data->policy; + +done: + params.session_len = data->session_len; + if (copy_to_user((void __user *)(uintptr_t)argp->data, ¶ms, + sizeof(struct kvm_sev_send_start))) + ret = -EFAULT; + +e_free_session: + kfree(session_data); +e_free_amd_cert: + kfree(amd_cert); +e_free_plat_cert: + kfree(plat_cert); +e_free_pdh: + kfree(pdh_cert); +e_free: + kfree(data); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -6996,6 +7094,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_LAUNCH_SECRET: r = sev_launch_secret(kvm, &sev_cmd); break; + case KVM_SEV_SEND_START: + r = sev_send_start(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 6d4ea4b6c922..f425418bec13 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1520,6 +1520,18 @@ struct kvm_sev_dbg { __u32 len; }; +struct kvm_sev_send_start { + __u32 policy; + __u64 pdh_cert_uaddr; + __u32 pdh_cert_len; + __u64 plat_cert_uaddr; + __u32 plat_cert_len; + __u64 amd_cert_uaddr; + __u32 amd_cert_len; + __u64 session_uaddr; + __u32 session_len; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Wed Apr 24 16:10:01 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 1090215 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=amd.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="oHDumryG"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44q50p49bjz9s9G for ; Thu, 25 Apr 2019 02:11:38 +1000 (AEST) Received: from localhost ([127.0.0.1]:44004 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJKUi-0002Hy-EJ for incoming@patchwork.ozlabs.org; Wed, 24 Apr 2019 12:11:36 -0400 Received: from eggs.gnu.org ([209.51.188.92]:38744) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJKTn-0002Da-7g for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hJKTP-0003sH-Lp for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:30 -0400 Received: from mail-eopbgr780073.outbound.protection.outlook.com ([40.107.78.73]:27328 helo=NAM03-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hJKTL-0003PD-W3 for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BXUtay9u6xsCnm/ubMf9AatplD5M6xs2nRBVpyg7C48=; b=oHDumryGwxJQdl8kEF6DSKFRbO4k3QZvjz9UbrV54O37u0mt0dPSMF8k7hTJMmDVT/HwrZjIj5QPdiS/f3762mEnDxTHJnhsO5yXkRc9exb1Bpn/uuCKagUNnCnKFesvt2lnys2BYRGfMCw/7JQvnUYzjPyW1id7BMuAdzm0cHU= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB2907.namprd12.prod.outlook.com (20.179.71.213) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1835.12; Wed, 24 Apr 2019 16:10:01 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::9183:846f:a93e:9a43]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::9183:846f:a93e:9a43%5]) with mapi id 15.20.1813.017; Wed, 24 Apr 2019 16:10:01 +0000 From: "Singh, Brijesh" To: "kvm@vger.kernel.org" Thread-Topic: [RFC PATCH v1 02/10] KVM: SVM: Add KVM_SEND_UPDATE_DATA command Thread-Index: AQHU+rgr5ZWFEHS1e0SVdIqZ4Ix/vw== Date: Wed, 24 Apr 2019 16:10:01 +0000 Message-ID: <20190424160942.13567-3-brijesh.singh@amd.com> References: <20190424160942.13567-1-brijesh.singh@amd.com> In-Reply-To: <20190424160942.13567-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0601CA0019.namprd06.prod.outlook.com (2603:10b6:803:2f::29) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 3c7ec30c-416f-44e7-2eb2-08d6c8cf4db3 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB2907; x-ms-traffictypediagnostic: DM6PR12MB2907: x-microsoft-antispam-prvs: x-forefront-prvs: 00179089FD x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(39860400002)(136003)(366004)(396003)(376002)(346002)(189003)(199004)(1730700003)(99286004)(2501003)(73956011)(478600001)(11346002)(6506007)(76176011)(14454004)(6116002)(52116002)(386003)(476003)(25786009)(66946007)(486006)(4326008)(71200400001)(66446008)(66556008)(3846002)(66476007)(64756008)(1076003)(66574012)(71190400001)(446003)(186003)(2616005)(5660300002)(2351001)(102836004)(97736004)(26005)(14444005)(86362001)(6512007)(8676002)(66066001)(8936002)(68736007)(2906002)(50226002)(256004)(81156014)(305945005)(36756003)(316002)(6436002)(54906003)(7736002)(5640700003)(81166006)(53936002)(6916009)(6486002)(7416002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB2907; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: d3NtRLpH5r2c54luP6BoUisgpaicOJrIkqdrpYoL80mNiaKx1tvRdsBvMh2tCop1mCjEmi8AYHQ2TUP00iJGTcykL2qmRw40eL59tkagp4w0jHHa7AMRnNUTMfRPVWvImqWrJidYK0jVgPHzue4EFYrrer7eDw+vGT8CM2hpji9T7TKZ+7xoVY4RbUykcogD8QL9R6O/7JbRCtssOCLKoeL7S9bBXcBFLSJRoSWDQ83gHRjpKVJmKumbdXnr/dE8K6O4A2ItZNDxKygCQIxCUYurTrfGd1gNam17YeZI4lM+j6oP4vZzZqKF11/1goxlJxjFfZQ9NgnuZvQhJq7LM4lRSS06nXGGNbczwuHvJwAPP7Z6d3uncXWsi3l4uFFAnGP9irsG+rKMnjWXg/YCnYLNxODi+5L2XfgKvhMXtTw= Content-ID: MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3c7ec30c-416f-44e7-2eb2-08d6c8cf4db3 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2019 16:10:01.5904 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB2907 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.78.73 Subject: [Qemu-devel] [RFC PATCH v1 02/10] KVM: SVM: Add KVM_SEND_UPDATE_DATA command X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Lendacky, Thomas" , "Singh, Brijesh" , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= , Joerg Roedel , "x86@kernel.org" , "qemu-devel@nongnu.org" , "linux-kernel@vger.kernel.org" , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , Thomas Gleixner , Borislav Petkov Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" The command is used for encrypting the guest memory region using the encryption context created with KVM_SEV_SEND_START. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- .../virtual/kvm/amd-memory-encryption.rst | 23 ++++ arch/x86/kvm/svm.c | 128 +++++++++++++++++- include/uapi/linux/kvm.h | 9 ++ 3 files changed, 157 insertions(+), 3 deletions(-) diff --git a/Documentation/virtual/kvm/amd-memory-encryption.rst b/Documentation/virtual/kvm/amd-memory-encryption.rst index 340ac4f87321..a0208e171489 100644 --- a/Documentation/virtual/kvm/amd-memory-encryption.rst +++ b/Documentation/virtual/kvm/amd-memory-encryption.rst @@ -262,6 +262,29 @@ Returns: 0 on success, -negative on error __u32 amd_cert_len; }; +11. KVM_SEV_SEND_UPDATE_DATA +---------------------------- + +The KVM_SEV_SEND_UPDATE_DATA command can be used by the hypervisor to encrypt the +outgoing guest memory region with encryption context creating using KVM_SEV_SEND_START. + +Parameters (in): struct kvm_sev_send_update_data + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_launch_send_update_data { + __u64 hdr_uaddr; /* userspace address containing the packet header */ + __u32 hdr_len; + + __u64 guest_uaddr; /* the source memory region to be encrypted */ + __u32 guest_len; + + __u64 trans_uaddr; /* the destition memory region */ + __u32 trans_len; + }; + References ========== diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 4c2a225ba546..a1cfd36d6195 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -418,6 +418,7 @@ enum { static unsigned int max_sev_asid; static unsigned int min_sev_asid; +static unsigned long me_mask; static unsigned long *sev_asid_bitmap; #define __sme_page_pa(x) __sme_set(page_to_pfn(x) << PAGE_SHIFT) @@ -1216,15 +1217,21 @@ static int avic_ga_log_notifier(u32 ga_tag) static __init int sev_hardware_setup(void) { struct sev_user_data_status *status; + int eax, ebx; int rc; - /* Maximum number of encrypted guests supported simultaneously */ - max_sev_asid = cpuid_ecx(0x8000001F); + /* + * Query the memory encryption information. + * EBX: Bit 0:5 Pagetable bit position used to indicate encryption (aka Cbit). + * ECX: Maximum number of encrypted guests supported simultaneously. + * EDX: Minimum ASID value that should be used for SEV guest. + */ + cpuid(0x8000001f, &eax, &ebx, &max_sev_asid, &min_sev_asid); if (!max_sev_asid) return 1; - /* Minimum ASID value that should be used for SEV guest */ + me_mask = 1UL << (ebx & 0x3f); min_sev_asid = cpuid_edx(0x8000001F); /* Initialize SEV ASID bitmap */ @@ -7053,6 +7060,118 @@ static int sev_send_start(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_send_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_send_update_data *data; + struct kvm_sev_send_update_data params; + void *hdr = NULL, *trans_data = NULL; + struct page **guest_page = NULL; + unsigned long n; + int ret, offset; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, + sizeof(struct kvm_sev_send_update_data))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + /* userspace wants to query either header or trans length */ + if (!params.trans_len || !params.hdr_len) + goto cmd; + + ret = -EINVAL; + if (!params.trans_uaddr || !params.guest_uaddr || + !params.guest_len || !params.hdr_uaddr) + goto e_free; + + /* Check if we are crossing the page boundry */ + ret = -EINVAL; + offset = params.guest_uaddr & (PAGE_SIZE - 1); + if ((params.guest_len + offset > PAGE_SIZE)) + goto e_free; + + ret = -ENOMEM; + hdr = kmalloc(params.hdr_len, GFP_KERNEL); + if (!hdr) + goto e_free; + + data->hdr_address = __psp_pa(hdr); + data->hdr_len = params.hdr_len; + + ret = -ENOMEM; + trans_data = kmalloc(params.trans_len, GFP_KERNEL); + if (!trans_data) + goto e_free; + + data->trans_address = __psp_pa(trans_data); + data->trans_len = params.trans_len; + + /* Pin guest memory */ + ret = -EFAULT; + guest_page = sev_pin_memory(kvm, params.guest_uaddr & PAGE_MASK, + PAGE_SIZE, &n, 0); + if (!guest_page) + goto e_free; + + data->guest_address = __sme_page_pa(guest_page[0]) + offset; + data->guest_len = params.guest_len; + + /* + * The SEND_UPDATE_DATA command requires C-bit to be always set. + * The __sme_page_pa() takes care of setting the C-bit only when SME + * is enabled on the host. But we need to set the C-bit regarless of + * the SME state. + */ + data->guest_address |= me_mask; + + /* flush the caches to ensure that DRAM has recent contents */ + sev_clflush_pages(guest_page, 1); + +cmd: + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_UPDATE_DATA, data, &argp->error); + + /* userspace asked for header or trans length and FW responded with data */ + if (!params.trans_len || !params.hdr_len) { + params.hdr_len = data->hdr_len; + params.trans_len = data->trans_len; + goto done; + } + + if (ret) + goto e_unpin; + + /* copy transport buffer to user space */ + if (copy_to_user((void __user *)(uintptr_t)params.trans_uaddr, + trans_data, params.trans_len)) { + ret = -EFAULT; + goto e_unpin; + } + + /* copy packet header to userspace */ + if (copy_to_user((void __user *)(uintptr_t)params.hdr_uaddr, hdr, params.hdr_len)) + ret = -EFAULT; + +e_unpin: + sev_unpin_memory(kvm, guest_page, n); +done: + if (copy_to_user((void __user *)(uintptr_t)argp->data, ¶ms, + sizeof(struct kvm_sev_send_update_data))) + ret = -EFAULT; +e_free: + kfree(data); + kfree(trans_data); + kfree(hdr); + + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -7097,6 +7216,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_SEND_START: r = sev_send_start(kvm, &sev_cmd); break; + case KVM_SEV_SEND_UPDATE_DATA: + r = sev_send_update_data(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index f425418bec13..0bee91bba329 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1532,6 +1532,15 @@ struct kvm_sev_send_start { __u32 session_len; }; +struct kvm_sev_send_update_data { + __u64 hdr_uaddr; + __u32 hdr_len; + __u64 guest_uaddr; + __u32 guest_len; + __u64 trans_uaddr; + __u32 trans_len; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Wed Apr 24 16:10:02 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 1090234 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=amd.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="ty/fWLcM"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44q59M5MrKz9s9G for ; Thu, 25 Apr 2019 02:19:03 +1000 (AEST) Received: from localhost ([127.0.0.1]:44114 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJKbt-0001jK-Or for incoming@patchwork.ozlabs.org; Wed, 24 Apr 2019 12:19:01 -0400 Received: from eggs.gnu.org ([209.51.188.92]:38742) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJKTn-0002DY-7Q for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hJKTP-0003sU-NY for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:30 -0400 Received: from mail-eopbgr780088.outbound.protection.outlook.com ([40.107.78.88]:16416 helo=NAM03-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hJKTM-0003kU-7K for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p/pd/hLJYpa1XzMk9fT2x8xvMuPZix0TDj+IlVUX4r4=; b=ty/fWLcM7sO/fjZbThoUIZ4gENB6c+9f0kF+oxK98wpjHvE0g5106Dh8N5eASGKVCWcpYyD9LDLQTggNrUhvuKNLhbAzqJDNUm4Mvo2Ao+V5OCWnlxxaYPZg2QB5t8QVG4MfWlHJf+n2x/MC/QnsNUoTtmOhCrciMRkPdQEtZNg= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB2907.namprd12.prod.outlook.com (20.179.71.213) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1835.12; Wed, 24 Apr 2019 16:10:02 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::9183:846f:a93e:9a43]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::9183:846f:a93e:9a43%5]) with mapi id 15.20.1813.017; Wed, 24 Apr 2019 16:10:02 +0000 From: "Singh, Brijesh" To: "kvm@vger.kernel.org" Thread-Topic: [RFC PATCH v1 03/10] KVM: SVM: Add KVM_SEV_SEND_FINISH command Thread-Index: AQHU+rgsBTgokxjevkCpvGHOaKLVWA== Date: Wed, 24 Apr 2019 16:10:02 +0000 Message-ID: <20190424160942.13567-4-brijesh.singh@amd.com> References: <20190424160942.13567-1-brijesh.singh@amd.com> In-Reply-To: <20190424160942.13567-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0601CA0019.namprd06.prod.outlook.com (2603:10b6:803:2f::29) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: d889db59-9568-4c94-ab42-08d6c8cf4eb9 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB2907; x-ms-traffictypediagnostic: DM6PR12MB2907: x-microsoft-antispam-prvs: x-forefront-prvs: 00179089FD x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(136003)(366004)(396003)(376002)(346002)(189003)(199004)(1730700003)(99286004)(2501003)(73956011)(478600001)(11346002)(6506007)(76176011)(14454004)(6116002)(52116002)(386003)(476003)(25786009)(66946007)(486006)(4326008)(71200400001)(66446008)(66556008)(3846002)(66476007)(64756008)(1076003)(66574012)(71190400001)(446003)(186003)(2616005)(5660300002)(2351001)(102836004)(97736004)(26005)(14444005)(86362001)(6512007)(8676002)(66066001)(8936002)(68736007)(2906002)(50226002)(256004)(81156014)(305945005)(36756003)(316002)(6436002)(54906003)(7736002)(5640700003)(81166006)(53936002)(6916009)(6486002)(7416002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB2907; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: BIKkIY9oikRrOvddm1UmKYzoOVbPMic2ghADFxW1pKeeIy5neREJ0rK8EE0tFr5PLs3EkhzWxDkzM/Z0ZdV8r9yeJGTnNb2mPijWEgqNanlmLD3R3hdyNNy+0E8W8WEyXydPs1CVjSBJcGCrMMM6MwdOUFywR6zCiMceP8G3m0GGGyO/8ruQYot3CWLpkGl0gjRLqQvh4QljT3ds0tAMVkvBBurwRmGXZ1l1CX+aGY5CUvbx4swYSr9PgCJhdifD+OnSm72TGHWf5y59m45yzFy+TVOx8o5Q4ev1acC0Kfgx/fkBd7hZWVsY0fxnLAciGiNa3B3GHM5TOWBm6YG/yXe7q6A5rNwFwewsN46BbAZsmdOCJgUMryYHhy+Z3XP1lrEEy5p+fyprcTm6J+BBpfZxVpttpRZ1E1DVCA5QuMA= Content-ID: <6E30D6C83E5FE74AAAFBB44FC32F4EC4@namprd12.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: d889db59-9568-4c94-ab42-08d6c8cf4eb9 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2019 16:10:02.7982 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB2907 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.78.88 Subject: [Qemu-devel] [RFC PATCH v1 03/10] KVM: SVM: Add KVM_SEV_SEND_FINISH command X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Lendacky, Thomas" , "Singh, Brijesh" , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= , Joerg Roedel , "x86@kernel.org" , "qemu-devel@nongnu.org" , "linux-kernel@vger.kernel.org" , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , Thomas Gleixner , Borislav Petkov Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" The command is used to finailize the encryption context created with KVM_SEV_SEND_START command. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- .../virtual/kvm/amd-memory-encryption.rst | 8 +++++++ arch/x86/kvm/svm.c | 23 +++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/Documentation/virtual/kvm/amd-memory-encryption.rst b/Documentation/virtual/kvm/amd-memory-encryption.rst index a0208e171489..006832256ae3 100644 --- a/Documentation/virtual/kvm/amd-memory-encryption.rst +++ b/Documentation/virtual/kvm/amd-memory-encryption.rst @@ -285,6 +285,14 @@ Returns: 0 on success, -negative on error __u32 trans_len; }; +12. KVM_SEV_SEND_FINISH +------------------------ + +After completion of the migration flow, the KVM_SEV_SEND_FINISH command can be +issued by the hypervisor to delete the encryption context. + +Returns: 0 on success, -negative on error + References ========== diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index a1cfd36d6195..263f3c7deae7 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -7172,6 +7172,26 @@ static int sev_send_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_send_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_send_finish *data; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_FINISH, data, &argp->error); + + kfree(data); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -7219,6 +7239,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_SEND_UPDATE_DATA: r = sev_send_update_data(kvm, &sev_cmd); break; + case KVM_SEV_SEND_FINISH: + r = sev_send_finish(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; From patchwork Wed Apr 24 16:10:03 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 1090216 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=amd.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="eR12Hfnw"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44q50p1vnDz9s7T for ; Thu, 25 Apr 2019 02:11:38 +1000 (AEST) Received: from localhost ([127.0.0.1]:44006 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJKUi-0002LR-57 for incoming@patchwork.ozlabs.org; Wed, 24 Apr 2019 12:11:36 -0400 Received: from eggs.gnu.org ([209.51.188.92]:38746) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJKTn-0002Dc-7j for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:44 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hJKTU-0003y1-MW for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:34 -0400 Received: from mail-eopbgr780073.outbound.protection.outlook.com ([40.107.78.73]:27328 helo=NAM03-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hJKTS-0003PD-FM for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:18 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dt04xiqmlGp1YsYqoGTONzn4VfXThk4QE7ccUMPFe8s=; b=eR12Hfnw1rvARls3qFebobNa44lIk3YznCyWtEuzXtJOPRbYwFxYBWbC8Xad+xhfr52mIdq+kCAAI3/XiMBsNXu8XWl5E8cdCyW2HVBfnRlGJvKJu6mKnj0KeEozvrcr5dX1vlRJkFGXBmYMZOZmTQuzdV5w3e4VP7xeReyp7N8= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB2907.namprd12.prod.outlook.com (20.179.71.213) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1835.12; Wed, 24 Apr 2019 16:10:04 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::9183:846f:a93e:9a43]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::9183:846f:a93e:9a43%5]) with mapi id 15.20.1813.017; Wed, 24 Apr 2019 16:10:04 +0000 From: "Singh, Brijesh" To: "kvm@vger.kernel.org" Thread-Topic: [RFC PATCH v1 04/10] KVM: SVM: Add support for KVM_SEV_RECEIVE_START command Thread-Index: AQHU+rgtPINgrzeHlEmNAR52bb0//w== Date: Wed, 24 Apr 2019 16:10:03 +0000 Message-ID: <20190424160942.13567-5-brijesh.singh@amd.com> References: <20190424160942.13567-1-brijesh.singh@amd.com> In-Reply-To: <20190424160942.13567-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0601CA0019.namprd06.prod.outlook.com (2603:10b6:803:2f::29) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 660ccdb4-dd77-461b-bd12-08d6c8cf4f72 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB2907; x-ms-traffictypediagnostic: DM6PR12MB2907: x-microsoft-antispam-prvs: x-forefront-prvs: 00179089FD x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(136003)(366004)(396003)(376002)(346002)(189003)(199004)(1730700003)(99286004)(2501003)(73956011)(478600001)(11346002)(6506007)(76176011)(14454004)(6116002)(52116002)(386003)(476003)(25786009)(66946007)(486006)(4326008)(71200400001)(66446008)(66556008)(3846002)(66476007)(64756008)(1076003)(66574012)(71190400001)(446003)(186003)(2616005)(5660300002)(2351001)(102836004)(97736004)(26005)(14444005)(86362001)(6512007)(8676002)(66066001)(8936002)(68736007)(2906002)(50226002)(256004)(81156014)(305945005)(36756003)(316002)(6436002)(54906003)(7736002)(5640700003)(81166006)(53936002)(6916009)(6486002)(7416002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB2907; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 9o8uv5pHmmeSWQSGDjVpDPrNG970EFQ6eSHD38oNKA9kelFU6tLpK1Cu6r7r3rIE1vTDgrgCBGO09MrVYlb7X1zbeS7pHncb5OTOz08803ATG9QBb1RT1cvu+GKJo6algPK4BX+trtgDxgwdkZoW4t6Tqf9sag/z3A8izBqQg4poGT3cmcfe07Nuu4+isYOMUuT3XYZpYegEocnSZS4DdcTQTgp0Hb55tiVtiAXZ1uKpXYq2dtggYxj+7yxHuqQ1MZvk+yPYXnIfC83odl+bUVtviaR5O3x8UwKnXDavwHQGPcq6BxdVYAiLsCasZp+mNl+YrNfdHEi2JMTM/2cbQUXGeuqAwAXudremzEj8FY7BaiPBISAPCVMjtmdxWq4zJGeRPTA5aeZV4a7QQNu8mVnMsLrwyJXl0aQX8wks+fY= Content-ID: <16FC0C507B7DFD4AA54FD9B66F0E83B8@namprd12.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 660ccdb4-dd77-461b-bd12-08d6c8cf4f72 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2019 16:10:04.1102 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB2907 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.78.73 Subject: [Qemu-devel] [RFC PATCH v1 04/10] KVM: SVM: Add support for KVM_SEV_RECEIVE_START command X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Lendacky, Thomas" , "Singh, Brijesh" , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= , Joerg Roedel , "x86@kernel.org" , "qemu-devel@nongnu.org" , "linux-kernel@vger.kernel.org" , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , Thomas Gleixner , Borislav Petkov Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" The command is used to create encryption context for the incoming SEV guest. The encryption context can be later unused by the hypervisor to import the incoming data into the SEV guest memory space. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- .../virtual/kvm/amd-memory-encryption.rst | 29 +++++++ arch/x86/kvm/svm.c | 80 +++++++++++++++++++ include/uapi/linux/kvm.h | 9 +++ 3 files changed, 118 insertions(+) diff --git a/Documentation/virtual/kvm/amd-memory-encryption.rst b/Documentation/virtual/kvm/amd-memory-encryption.rst index 006832256ae3..acdff2454649 100644 --- a/Documentation/virtual/kvm/amd-memory-encryption.rst +++ b/Documentation/virtual/kvm/amd-memory-encryption.rst @@ -293,6 +293,35 @@ issued by the hypervisor to delete the encryption context. Returns: 0 on success, -negative on error +13. KVM_SEV_RECEIVE_START +------------------------ + +The KVM_SEV_RECEIVE_START command is used for creating the memory encryption +context for an incoming SEV guest. To create the encryption context, user must +provide a guest policy, the platform public Diffie-Hellman (PDH) key and session +information. + +Parameters: struct kvm_sev_receive_start (in/out) + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_receive_start { + __u32 handle; /* if zero then firmware creates a new handle */ + __u32 policy; /* guest's policy */ + + __u64 pdh_uaddr; /* userspace address pointing to the PDH key */ + __u32 dh_len; + + __u64 session_addr; /* userspace address which points to the guest session information */ + __u32 session_len; + }; + +On success, the 'handle' field contains a new handle and on error, a negative value. + +For more details, see SEV spec Section 6.12. + References ========== diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 263f3c7deae7..a7dcf19baefb 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -7192,6 +7192,83 @@ static int sev_send_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_receive_start(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_receive_start *start; + struct kvm_sev_receive_start params; + int *error = &argp->error; + void *session_data = NULL; + void *pdh_data = NULL; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + /* Get parameter from the user */ + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, + sizeof(struct kvm_sev_receive_start))) + return -EFAULT; + + if (!params.pdh_uaddr || !params.pdh_len || + !params.session_uaddr || !params.session_len) + return -EINVAL; + + start = kzalloc(sizeof(*start), GFP_KERNEL); + if (!start) + return -ENOMEM; + + start->handle = params.handle; + start->policy = params.policy; + + pdh_data = psp_copy_user_blob(params.pdh_uaddr, params.pdh_len); + if (IS_ERR(pdh_data)) { + ret = PTR_ERR(pdh_data); + goto e_free; + } + + start->pdh_cert_address = __psp_pa(pdh_data); + start->pdh_cert_len = params.pdh_len; + + session_data = psp_copy_user_blob(params.session_uaddr, params.session_len); + if (IS_ERR(session_data)) { + ret = PTR_ERR(session_data); + goto e_free_pdh; + } + + start->session_address = __psp_pa(session_data); + start->session_len = params.session_len; + + /* create memory encryption context */ + ret = __sev_issue_cmd(argp->sev_fd, SEV_CMD_RECEIVE_START, start, error); + if (ret) + goto e_free_session; + + /* Bind ASID to this guest */ + ret = sev_bind_asid(kvm, start->handle, error); + if (ret) + goto e_free_session; + + params.handle = start->handle; + if (copy_to_user((void __user *)(uintptr_t)argp->data, + ¶ms, sizeof(struct kvm_sev_receive_start))) { + ret = -EFAULT; + sev_unbind_asid(kvm, start->handle); + goto e_free_session; + } + + sev->handle = start->handle; + sev->fd = argp->sev_fd; + +e_free_session: + kfree(session_data); +e_free_pdh: + kfree(pdh_data); +e_free: + kfree(start); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -7242,6 +7319,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_SEND_FINISH: r = sev_send_finish(kvm, &sev_cmd); break; + case KVM_SEV_RECEIVE_START: + r = sev_receive_start(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 0bee91bba329..fee75bf1fd90 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1541,6 +1541,15 @@ struct kvm_sev_send_update_data { __u32 trans_len; }; +struct kvm_sev_receive_start { + __u32 handle; + __u32 policy; + __u64 pdh_uaddr; + __u32 pdh_len; + __u64 session_uaddr; + __u32 session_len; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Wed Apr 24 16:10:05 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 1090220 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=amd.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="tOnH0Qml"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44q53x63QWz9s9T for ; Thu, 25 Apr 2019 02:14:21 +1000 (AEST) Received: from localhost ([127.0.0.1]:44033 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJKXL-0004xh-LZ for incoming@patchwork.ozlabs.org; Wed, 24 Apr 2019 12:14:19 -0400 Received: from eggs.gnu.org ([209.51.188.92]:38745) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJKTn-0002Db-7b for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:44 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hJKTS-0003up-OA for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:34 -0400 Received: from mail-eopbgr780088.outbound.protection.outlook.com ([40.107.78.88]:16416 helo=NAM03-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hJKTS-0003kU-0p for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:18 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yJrMyjOweEJUu/E5ehbZk+M5UO0UDN7fzlRgSfjlSdw=; b=tOnH0QmlTQ5oZDR/A+g2l5MkepkMz3pom69YghGjvsliOS7REvP7FCvkuhrfWbq+bDt7Z/MkLOrTiTzwCwvpx2WjkrpNrcPQGQAQxC1NvYXID5HIcZYa5/FABE/kW9WFNcnFmP7OV6LyuohDrEEd88tz5bbrSQbaMhQ79ocDYak= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB2907.namprd12.prod.outlook.com (20.179.71.213) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1835.12; Wed, 24 Apr 2019 16:10:05 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::9183:846f:a93e:9a43]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::9183:846f:a93e:9a43%5]) with mapi id 15.20.1813.017; Wed, 24 Apr 2019 16:10:05 +0000 From: "Singh, Brijesh" To: "kvm@vger.kernel.org" Thread-Topic: [RFC PATCH v1 05/10] KVM: SVM: Add KVM_SEV_RECEIVE_UPDATE_DATA command Thread-Index: AQHU+rgt1JBGvmrqzE6fg6speZH5KQ== Date: Wed, 24 Apr 2019 16:10:05 +0000 Message-ID: <20190424160942.13567-6-brijesh.singh@amd.com> References: <20190424160942.13567-1-brijesh.singh@amd.com> In-Reply-To: <20190424160942.13567-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0601CA0019.namprd06.prod.outlook.com (2603:10b6:803:2f::29) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 869cb85d-ea7a-4d2a-2555-08d6c8cf503c x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB2907; x-ms-traffictypediagnostic: DM6PR12MB2907: x-microsoft-antispam-prvs: x-forefront-prvs: 00179089FD x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(136003)(366004)(396003)(376002)(346002)(189003)(199004)(1730700003)(99286004)(2501003)(73956011)(478600001)(11346002)(6506007)(76176011)(14454004)(6116002)(52116002)(386003)(476003)(25786009)(66946007)(486006)(4326008)(71200400001)(66446008)(66556008)(3846002)(66476007)(64756008)(1076003)(66574012)(71190400001)(446003)(186003)(2616005)(5660300002)(2351001)(102836004)(97736004)(26005)(14444005)(86362001)(6512007)(8676002)(66066001)(8936002)(68736007)(2906002)(50226002)(256004)(81156014)(305945005)(36756003)(316002)(6436002)(54906003)(7736002)(5640700003)(81166006)(53936002)(6916009)(6486002)(7416002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB2907; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: Dge4eNiYna9RVu/1FLanWNAXZd1PdcECftoOS1DN5wUh8XpOWEZnwKntcsbNxX0diERdDhBGVjYvdS2KM8hODEdd5MbWdLwFWU6BLhHIrJGR+FyMdh5CXxpwmT8ELccN9G7gwqeIm7MZP44jWChoJXDu1lIWQQME8EmK6PEVCP39iQORE4RxDFN9RQxBGO66SRDA95i5930Hp4FHg+XSB0dbJq6qWjvE2S5bz7BHzj+68N3uq8Dxdy+9UW4oVf/0OV/DoOHV2M6OF2t02zathhJxlehcS1O0IzfU3ZV/kOCgTUIVOeGLxp44czgTxfEv9wXnk2XCPnnr7w1fISN0guhk6qOV5lQnO+IYkGoOlNQTZ0f3PPph6B0Mey4YjMRAeIPWrcZLGxJWiMWJFvJRhe9rTYuRoUJvgqPc+mYx6Y4= Content-ID: <9E9C901CA16DF34C901C217E2F8D17D3@namprd12.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 869cb85d-ea7a-4d2a-2555-08d6c8cf503c X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2019 16:10:05.3621 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB2907 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.78.88 Subject: [Qemu-devel] [RFC PATCH v1 05/10] KVM: SVM: Add KVM_SEV_RECEIVE_UPDATE_DATA command X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Lendacky, Thomas" , "Singh, Brijesh" , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= , Joerg Roedel , "x86@kernel.org" , "qemu-devel@nongnu.org" , "linux-kernel@vger.kernel.org" , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , Thomas Gleixner , Borislav Petkov Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" The command is used for copying the incoming buffer into the SEV guest memory space. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- .../virtual/kvm/amd-memory-encryption.rst | 24 ++++++ arch/x86/kvm/svm.c | 84 +++++++++++++++++++ include/uapi/linux/kvm.h | 9 ++ 3 files changed, 117 insertions(+) diff --git a/Documentation/virtual/kvm/amd-memory-encryption.rst b/Documentation/virtual/kvm/amd-memory-encryption.rst index acdff2454649..b9c3dc02f344 100644 --- a/Documentation/virtual/kvm/amd-memory-encryption.rst +++ b/Documentation/virtual/kvm/amd-memory-encryption.rst @@ -322,6 +322,30 @@ On success, the 'handle' field contains a new handle and on error, a negative va For more details, see SEV spec Section 6.12. +14. KVM_SEV_RECEIVE_UPDATE_DATA +---------------------------- + +The KVM_SEV_RECEIVE_UPDATE_DATA command can be used by the hypervisor to copy +the incoming buffers into the guest memory region with encryption context +created during the KVM_SEV_RECEIVE_START. + +Parameters (in): struct kvm_sev_receive_update_data + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_launch_receive_update_data { + __u64 hdr_uaddr; /* userspace address containing the packet header */ + __u32 hdr_len; + + __u64 guest_uaddr; /* the destination guest memory region */ + __u32 guest_len; + + __u64 trans_uaddr; /* the incoming buffer memory region */ + __u32 trans_len; + }; + References ========== diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index a7dcf19baefb..c81cac09c5af 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -7269,6 +7269,87 @@ static int sev_receive_start(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_receive_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct kvm_sev_receive_update_data params; + struct sev_data_receive_update_data *data; + void *hdr = NULL, *trans = NULL; + struct page **guest_page; + unsigned long n; + int ret, offset; + + if (!sev_guest(kvm)) + return -EINVAL; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, + sizeof(struct kvm_sev_receive_update_data))) + return -EFAULT; + + if (!params.hdr_uaddr || !params.hdr_len || + !params.guest_uaddr || !params.guest_len || + !params.trans_uaddr || !params.trans_len) + return -EINVAL; + + /* Check if we are crossing the page boundry */ + offset = params.guest_uaddr & (PAGE_SIZE - 1); + if ((params.guest_len + offset > PAGE_SIZE)) + return -EINVAL; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + hdr = psp_copy_user_blob(params.hdr_uaddr, params.hdr_len); + if (IS_ERR(hdr)) { + ret = PTR_ERR(hdr); + goto e_free; + } + + data->hdr_address = __psp_pa(hdr); + data->hdr_len = params.hdr_len; + + trans = psp_copy_user_blob(params.trans_uaddr, params.trans_len); + if (IS_ERR(trans)) { + ret = PTR_ERR(trans); + goto e_free; + } + + data->trans_address = __psp_pa(trans); + data->trans_len = params.trans_len; + + /* Pin guest memory */ + ret = -EFAULT; + guest_page = sev_pin_memory(kvm, params.guest_uaddr & PAGE_MASK, + PAGE_SIZE, &n, 0); + if (!guest_page) + goto e_free; + + data->guest_address = __sme_page_pa(guest_page[0]) + offset; + data->guest_len = params.guest_len; + + /* + * The RECEIVE_UPDATE_DATA command requires C-bit to be always set. + * The __sme_page_pa() takes care of setting the C-bit only when SME + * is enabled on the host. But we need to set the C-bit regarless of + * the SME state. + */ + data->guest_address |= me_mask; + + /* flush the caches to ensure that DRAM has recent contents */ + sev_clflush_pages(guest_page, n); + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_RECEIVE_UPDATE_DATA, data, &argp->error); + + sev_unpin_memory(kvm, guest_page, n); +e_free: + kfree(data); + kfree(hdr); + kfree(trans); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -7322,6 +7403,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_RECEIVE_START: r = sev_receive_start(kvm, &sev_cmd); break; + case KVM_SEV_RECEIVE_UPDATE_DATA: + r = sev_receive_update_data(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index fee75bf1fd90..07e058a3ec11 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1550,6 +1550,15 @@ struct kvm_sev_receive_start { __u32 session_len; }; +struct kvm_sev_receive_update_data { + __u64 hdr_uaddr; + __u32 hdr_len; + __u64 guest_uaddr; + __u32 guest_len; + __u64 trans_uaddr; + __u32 trans_len; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) From patchwork Wed Apr 24 16:10:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 1090235 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=amd.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="yYBwWvH/"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44q5C105WQz9s9T for ; Thu, 25 Apr 2019 02:20:29 +1000 (AEST) Received: from localhost ([127.0.0.1]:44124 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJKdG-0002Ma-So for incoming@patchwork.ozlabs.org; Wed, 24 Apr 2019 12:20:26 -0400 Received: from eggs.gnu.org ([209.51.188.92]:38755) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJKTn-0002De-90 for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:45 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hJKTl-00049e-0C for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:39 -0400 Received: from mail-eopbgr780088.outbound.protection.outlook.com ([40.107.78.88]:16416 helo=NAM03-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hJKTU-0003kU-PC for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:24 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1k3yTLfAOpQNjItVf1n8/kzU5oSESr6IFmtwKbw/m6E=; b=yYBwWvH/g5B/WVRqTIH44Fjof6tVLwyZfJ2WSYmOGbQtNk+tVD9/+FiqDaCR3DpREmMSpU+aQlXaewT0loyPpV/T8RCeK6MjUINarGBj4+UHhec4Xgkgu6AWjQrHxAXzfkidwSoJwwKDSdmu8ni/a5XX4pKYI2lMKSZUGV2xX2w= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB2907.namprd12.prod.outlook.com (20.179.71.213) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1835.12; Wed, 24 Apr 2019 16:10:06 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::9183:846f:a93e:9a43]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::9183:846f:a93e:9a43%5]) with mapi id 15.20.1813.017; Wed, 24 Apr 2019 16:10:06 +0000 From: "Singh, Brijesh" To: "kvm@vger.kernel.org" Thread-Topic: [RFC PATCH v1 06/10] KVM: SVM: Add KVM_SEV_RECEIVE_FINISH command Thread-Index: AQHU+rguSwzIIWi8mUmY4fmqgtGvcg== Date: Wed, 24 Apr 2019 16:10:06 +0000 Message-ID: <20190424160942.13567-7-brijesh.singh@amd.com> References: <20190424160942.13567-1-brijesh.singh@amd.com> In-Reply-To: <20190424160942.13567-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0601CA0019.namprd06.prod.outlook.com (2603:10b6:803:2f::29) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 21039f8e-e4b2-4d53-7dbd-08d6c8cf50f9 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB2907; x-ms-traffictypediagnostic: DM6PR12MB2907: x-microsoft-antispam-prvs: x-forefront-prvs: 00179089FD x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(136003)(366004)(396003)(376002)(346002)(189003)(199004)(1730700003)(99286004)(2501003)(73956011)(478600001)(11346002)(6506007)(76176011)(14454004)(6116002)(52116002)(386003)(476003)(25786009)(66946007)(486006)(4326008)(71200400001)(66446008)(66556008)(3846002)(66476007)(64756008)(1076003)(66574012)(71190400001)(446003)(186003)(2616005)(5660300002)(2351001)(102836004)(97736004)(26005)(14444005)(86362001)(6512007)(8676002)(66066001)(8936002)(68736007)(2906002)(50226002)(256004)(81156014)(305945005)(36756003)(316002)(6436002)(54906003)(7736002)(5640700003)(81166006)(53936002)(6916009)(6486002)(7416002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB2907; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: xk2Z7mLFE1GgetoreQhp8F4NVUCgAGNwJFg7290qPKNhwCGDzqvcG0vNERfncz8gTUYHFa5XXpjWqVpqymmJ1oB37r+sdN69bzFJvE4UEEq1e/I6j/xq6VwQpbHCCKj0qoavMzmtsNmD+EeYRYKGklo2S6AWocXSwY1oat8HFMZJ3Bc4GGeFOMyBS+ugqmxYOEM0Vfl6ICEjV+s4OATGShUfaemn3dwY5Nn1oTAFhFHViBgith2CwbRjWYVMrCU1K/BKu5hMEaT/zqkUK8rkggxAE1AnBJqpzaGh4rCa2AOJnzYaiko9PWML9DsbfK5uXgH9lvBsp8u24PPIxEuobA3NuQEFZNBE9zmbK4BBZQg7HEyCxjOIdJ3CVjoyJHtgn/XdHy8hx+dpg8d1H42urLHu30Vm+gdv9Q2CvtqIaX4= Content-ID: <5ADB5861ED3C1840A806F4A75F5166A6@namprd12.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 21039f8e-e4b2-4d53-7dbd-08d6c8cf50f9 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2019 16:10:06.4449 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB2907 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.78.88 Subject: [Qemu-devel] [RFC PATCH v1 06/10] KVM: SVM: Add KVM_SEV_RECEIVE_FINISH command X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Lendacky, Thomas" , "Singh, Brijesh" , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= , Joerg Roedel , "x86@kernel.org" , "qemu-devel@nongnu.org" , "linux-kernel@vger.kernel.org" , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , Thomas Gleixner , Borislav Petkov Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" The command finalize the guest receiving process and make the SEV guest ready for the execution. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- .../virtual/kvm/amd-memory-encryption.rst | 8 +++++++ arch/x86/kvm/svm.c | 23 +++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/Documentation/virtual/kvm/amd-memory-encryption.rst b/Documentation/virtual/kvm/amd-memory-encryption.rst index b9c3dc02f344..72c45f93abd7 100644 --- a/Documentation/virtual/kvm/amd-memory-encryption.rst +++ b/Documentation/virtual/kvm/amd-memory-encryption.rst @@ -346,6 +346,14 @@ Returns: 0 on success, -negative on error __u32 trans_len; }; +15. KVM_SEV_RECEIVE_FINISH +------------------------ + +After completion of the migration flow, the KVM_SEV_RECEIVE_FINISH command can be +issued by the hypervisor to make the guest ready for the execution. + +Returns: 0 on success, -negative on error + References ========== diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index c81cac09c5af..74b57ab742ad 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -7350,6 +7350,26 @@ static int sev_receive_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_receive_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_receive_finish *data; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_RECEIVE_FINISH, data, &argp->error); + + kfree(data); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -7406,6 +7426,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_RECEIVE_UPDATE_DATA: r = sev_receive_update_data(kvm, &sev_cmd); break; + case KVM_SEV_RECEIVE_FINISH: + r = sev_receive_finish(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; From patchwork Wed Apr 24 16:10:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 1090228 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=amd.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="lq3NT+tF"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44q55206h8z9s9G for ; Thu, 25 Apr 2019 02:15:18 +1000 (AEST) Received: from localhost ([127.0.0.1]:44042 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJKYF-0005yL-RL for incoming@patchwork.ozlabs.org; Wed, 24 Apr 2019 12:15:15 -0400 Received: from eggs.gnu.org ([209.51.188.92]:38826) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJKTw-0002P5-JH for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hJKTn-0004EB-My for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:46 -0400 Received: from mail-eopbgr780088.outbound.protection.outlook.com ([40.107.78.88]:16416 helo=NAM03-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hJKTn-0003kU-Ds for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=I0lXV5tySe2KfbECTa8PFrwmGekrzFQvQXc0vjomi4M=; b=lq3NT+tFYx/VHok/GHZsABANNvJHneNrExfJiVmj/9rMJPnZzFUOmxXAXuTJ2d/aIEBBbMmXiK/3Lsx+dSEncFPEc/Y+RviMlYQusCvKJUbB64XKj3EBe865NP96FzbhfX8tKBgXCQNDpL+csHoX2nQSGpzavzQ+JKtfEk5feuQ= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB2907.namprd12.prod.outlook.com (20.179.71.213) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1835.12; Wed, 24 Apr 2019 16:10:07 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::9183:846f:a93e:9a43]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::9183:846f:a93e:9a43%5]) with mapi id 15.20.1813.017; Wed, 24 Apr 2019 16:10:07 +0000 From: "Singh, Brijesh" To: "kvm@vger.kernel.org" Thread-Topic: [RFC PATCH v1 07/10] KVM: x86: Add AMD SEV specific Hypercall3 Thread-Index: AQHU+rgvbIcbaP1/MEei2P+PkK1plQ== Date: Wed, 24 Apr 2019 16:10:07 +0000 Message-ID: <20190424160942.13567-8-brijesh.singh@amd.com> References: <20190424160942.13567-1-brijesh.singh@amd.com> In-Reply-To: <20190424160942.13567-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0601CA0019.namprd06.prod.outlook.com (2603:10b6:803:2f::29) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ded7b687-5cb4-47b4-3c89-08d6c8cf51a0 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB2907; x-ms-traffictypediagnostic: DM6PR12MB2907: x-microsoft-antispam-prvs: x-forefront-prvs: 00179089FD x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(136003)(366004)(396003)(376002)(346002)(189003)(199004)(1730700003)(99286004)(2501003)(73956011)(478600001)(11346002)(6506007)(76176011)(14454004)(6116002)(52116002)(386003)(476003)(25786009)(66946007)(486006)(4326008)(71200400001)(66446008)(66556008)(3846002)(66476007)(64756008)(1076003)(71190400001)(446003)(186003)(2616005)(5660300002)(2351001)(102836004)(97736004)(26005)(86362001)(6512007)(8676002)(66066001)(8936002)(68736007)(2906002)(50226002)(256004)(81156014)(305945005)(36756003)(316002)(6436002)(54906003)(7736002)(5640700003)(81166006)(53936002)(6916009)(6486002)(7416002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB2907; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: brQEv9LUFoYSOlzWpl3hYIQjBh78chXdupB4Fh2XSspzuBSAK6odfTF8LQsKef9vLR6a1aW3+s/ryjR7kPT4d+IsmR1AboV/qqzVVEFpp51rPPQmUvJpR9KHmX5U5UsrYjjh7jDPj4oluPEzzEAes6TWbdet0RjstVDcPPY8a1twK97pZaHgfSdybdxoM42kjUG+T+BW+uaBvYshqTQj8cddZr7cxWTjuMBhltDIj88h5M7h9XSHoF4RbRPa2WxV1RK7dWRZ+kop83mvyzKflXqzgbrLR/emQKuOJPvglJdxJ8aE3WIZ/ntPEA378+N5GAc4k5vRDAtPMcIVxWyJ2Q8qMCX3DvZfLMYtHhHcR8u4DpKeo7Hju0/TVcFV7CsLCBpL9iwDORc6UZ9nQyP/NbsXTEfEh7PZApOLT+sM97A= Content-ID: <6C26546F6C64B3438A26C98CB0F1C566@namprd12.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ded7b687-5cb4-47b4-3c89-08d6c8cf51a0 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2019 16:10:07.6157 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB2907 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.78.88 Subject: [Qemu-devel] [RFC PATCH v1 07/10] KVM: x86: Add AMD SEV specific Hypercall3 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Lendacky, Thomas" , "Singh, Brijesh" , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= , Joerg Roedel , "x86@kernel.org" , "qemu-devel@nongnu.org" , "linux-kernel@vger.kernel.org" , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , Thomas Gleixner , Borislav Petkov Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" KVM hypercall framework relies on alternative framework to patch the VMCALL -> VMMCALL on AMD platform. If a hypercall is made before apply_alternative() is called then it defaults to VMCALL. The approach works fine on non SEV guest. A VMCALL would causes #UD, and hypervisor will be able to decode the instruction and do the right things. But when SEV is active, guest memory is encrypted with guest key and hypervisor will not be able to decode the instruction bytes. Add SEV specific hypercall3, it unconditionally uses VMMCALL. The hypercall will be used by the SEV guest to notify encrypted pages to the hypervisor. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm_para.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/arch/x86/include/asm/kvm_para.h b/arch/x86/include/asm/kvm_para.h index 5ed3cf1c3934..94e91c0bc2e0 100644 --- a/arch/x86/include/asm/kvm_para.h +++ b/arch/x86/include/asm/kvm_para.h @@ -84,6 +84,18 @@ static inline long kvm_hypercall4(unsigned int nr, unsigned long p1, return ret; } +static inline long kvm_sev_hypercall3(unsigned int nr, unsigned long p1, + unsigned long p2, unsigned long p3) +{ + long ret; + + asm volatile("vmmcall" + : "=a"(ret) + : "a"(nr), "b"(p1), "c"(p2), "d"(p3) + : "memory"); + return ret; +} + #ifdef CONFIG_KVM_GUEST bool kvm_para_available(void); unsigned int kvm_arch_para_features(void); From patchwork Wed Apr 24 16:10:09 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 1090232 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=amd.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="XxHnV3ho"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44q57F3h6pz9s71 for ; Thu, 25 Apr 2019 02:17:13 +1000 (AEST) Received: from localhost ([127.0.0.1]:44092 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJKa6-0008GD-Q3 for incoming@patchwork.ozlabs.org; Wed, 24 Apr 2019 12:17:10 -0400 Received: from eggs.gnu.org ([209.51.188.92]:38833) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJKTx-0002Ph-2t for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hJKTo-0004Fg-7A for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:48 -0400 Received: from mail-eopbgr780088.outbound.protection.outlook.com ([40.107.78.88]:16416 helo=NAM03-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hJKTn-0003kU-Ug for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0AbNq/2n+Ph+bp0Xi0fv/gXV+7tZjbjPocmRBDJnA0k=; b=XxHnV3hop+C1iMCz08tQxyGPcMkbe5fNPRpfCUsLdpU8kVsereABxngEwGYvFCS+/GVfqeIVecn0r0gQt345IALu6w33xC8JryjNSezOcBhblc0hPWscAlQUBkFKbgPOBJNmsGEp1W9KatnpNpiz6p6WiFMGmMLBjS3+xJgtVic= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB2907.namprd12.prod.outlook.com (20.179.71.213) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1835.12; Wed, 24 Apr 2019 16:10:09 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::9183:846f:a93e:9a43]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::9183:846f:a93e:9a43%5]) with mapi id 15.20.1813.017; Wed, 24 Apr 2019 16:10:09 +0000 From: "Singh, Brijesh" To: "kvm@vger.kernel.org" Thread-Topic: [RFC PATCH v1 08/10] KVM: X86: Introduce KVM_HC_PAGE_ENC_STATUS hypercall Thread-Index: AQHU+rgwAA7BoThJdki7pfNbyU+1kA== Date: Wed, 24 Apr 2019 16:10:09 +0000 Message-ID: <20190424160942.13567-9-brijesh.singh@amd.com> References: <20190424160942.13567-1-brijesh.singh@amd.com> In-Reply-To: <20190424160942.13567-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0601CA0019.namprd06.prod.outlook.com (2603:10b6:803:2f::29) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: de0128d5-3b93-4651-c0e3-08d6c8cf52a2 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB2907; x-ms-traffictypediagnostic: DM6PR12MB2907: x-microsoft-antispam-prvs: x-forefront-prvs: 00179089FD x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(136003)(366004)(396003)(376002)(346002)(189003)(199004)(1730700003)(99286004)(2501003)(73956011)(478600001)(11346002)(6506007)(76176011)(14454004)(6116002)(52116002)(386003)(476003)(25786009)(66946007)(486006)(4326008)(71200400001)(66446008)(66556008)(3846002)(66476007)(64756008)(1076003)(66574012)(71190400001)(446003)(186003)(2616005)(5660300002)(2351001)(102836004)(97736004)(26005)(14444005)(86362001)(6512007)(8676002)(66066001)(8936002)(68736007)(2906002)(50226002)(256004)(81156014)(305945005)(36756003)(316002)(6436002)(54906003)(7736002)(5640700003)(81166006)(53936002)(6916009)(6486002)(7416002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB2907; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: fJTdd4IHeFHM2AqxpEKGIBhAm5Uc+3nvGTWUyin0RYyBplEUAe7iLKDFcB2rPjAhkZC2p4rsPZ373uQ9qsGLmLvnaF/sgo9fI1rC8D6lwZW6gwSooIcNvcxxU4cZ4jK6HZLYSMNRdNOiARZfnrwLNl0X1qkbgSKOFJa+N3mc1xe5/zxuGmtPq7RkjHbGkYTseHc8BVXEWgiXVYe9wZN92uM5aaBJQZ2GCaJ1o1PS+2B/jQ/sciaN2l062x6tNWhCntnS1utjoZtxo+0BFZHLVbsX+PLwYACfLL+j7QD+0TNSr4AmXSaygIeY74nuj2MEv6ndHpOnUoZqHuO7NKxi/faKi5dJSG2U2UddStxhngd4joDSSATW22nLYVYj1EmzyzDnoSYeonQYqRrC9XfU4woqsg/2M8N7ha8t4R5dJ54= Content-ID: <6B8DECB3663B0344BE95803E07CBE394@namprd12.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: de0128d5-3b93-4651-c0e3-08d6c8cf52a2 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2019 16:10:09.2789 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB2907 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.78.88 Subject: [Qemu-devel] [RFC PATCH v1 08/10] KVM: X86: Introduce KVM_HC_PAGE_ENC_STATUS hypercall X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Lendacky, Thomas" , "Singh, Brijesh" , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= , Joerg Roedel , "x86@kernel.org" , "qemu-devel@nongnu.org" , "linux-kernel@vger.kernel.org" , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , Thomas Gleixner , Borislav Petkov Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" The hypercall can be used by the SEV guest to notify the page encryption status to the hypervisor. The hypercall should be invoked only when the encryption attribute is changed from encrypted -> decrypted and vice versa. By default all the guest pages should be considered encrypted. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- Documentation/virtual/kvm/hypercalls.txt | 14 +++++ arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kvm/svm.c | 69 ++++++++++++++++++++++++ arch/x86/kvm/vmx/vmx.c | 1 + arch/x86/kvm/x86.c | 5 ++ include/uapi/linux/kvm_para.h | 1 + 6 files changed, 92 insertions(+) diff --git a/Documentation/virtual/kvm/hypercalls.txt b/Documentation/virtual/kvm/hypercalls.txt index da24c138c8d1..ecd44e488679 100644 --- a/Documentation/virtual/kvm/hypercalls.txt +++ b/Documentation/virtual/kvm/hypercalls.txt @@ -141,3 +141,17 @@ a0 corresponds to the APIC ID in the third argument (a2), bit 1 corresponds to the APIC ID a2+1, and so on. Returns the number of CPUs to which the IPIs were delivered successfully. + +7. KVM_HC_PAGE_ENC_STATUS +------------------------- +Architecture: x86 +Status: active +Purpose: Notify the encryption status changes in guest page table (SEV guest) + +a0: the guest physical address of the start page +a1: the number of pages +a2: set or clear the encryption attribute + + Where: + * 1: Encryption attribute is set + * 0: Encryption attribute is cleared diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index a9d03af34030..adb0ca035b97 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1196,6 +1196,8 @@ struct kvm_x86_ops { uint16_t (*nested_get_evmcs_version)(struct kvm_vcpu *vcpu); bool (*need_emulation_on_page_fault)(struct kvm_vcpu *vcpu); + int (*page_enc_status_hc)(struct kvm *kvm, unsigned long gpa, + unsigned long sz, unsigned long mode); }; struct kvm_arch_async_pf { diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 74b57ab742ad..f024f208b052 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -138,6 +138,8 @@ struct kvm_sev_info { int fd; /* SEV device fd */ unsigned long pages_locked; /* Number of pages locked */ struct list_head regions_list; /* List of registered regions */ + unsigned long *page_enc_bmap; + unsigned long page_enc_bmap_size; }; struct kvm_svm { @@ -1911,6 +1913,8 @@ static void sev_vm_destroy(struct kvm *kvm) sev_unbind_asid(kvm, sev->handle); sev_asid_free(kvm); + + kvfree(sev->page_enc_bmap); } static void avic_vm_destroy(struct kvm *kvm) @@ -7370,6 +7374,69 @@ static int sev_receive_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_resize_page_enc_bitmap(struct kvm *kvm, unsigned long new_size) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + unsigned long *map; + unsigned long sz; + + if (sev->page_enc_bmap_size >= new_size) + return 0; + + sz = ALIGN(new_size, BITS_PER_LONG) / 8; + + if (sz > PAGE_SIZE) + map = vmalloc(sz); + else + map = kmalloc(sz, GFP_KERNEL); + + if (!map) { + pr_err_once("Failed to allocate decrypted bitmap size %lx\n", sz); + return 1; + } + + /* mark the page encrypted (by default) */ + memset(map, 0xff, sz); + + bitmap_copy(map, sev->page_enc_bmap, sev->page_enc_bmap_size); + kvfree(sev->page_enc_bmap); + + sev->page_enc_bmap = map; + sev->page_enc_bmap_size = new_size; + + return 0; +} + +static int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, + unsigned long npages, unsigned long enc) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + gfn_t gfn_start, gfn_end; + int r; + + if (!npages) + return 0; + + gfn_start = gpa_to_gfn(gpa); + gfn_end = gfn_start + npages; + + mutex_lock(&kvm->lock); + + r = 1; + if (sev_resize_page_enc_bitmap(kvm, gfn_end)) + goto unlock; + + if (enc) + __bitmap_set(sev->page_enc_bmap, gfn_start, gfn_end - gfn_start); + else + __bitmap_clear(sev->page_enc_bmap, gfn_start, gfn_end - gfn_start); + + r = 0; +unlock: + mutex_unlock(&kvm->lock); + return r; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -7711,6 +7778,8 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = { .nested_get_evmcs_version = nested_get_evmcs_version, .need_emulation_on_page_fault = svm_need_emulation_on_page_fault, + + .page_enc_status_hc = svm_page_enc_status_hc }; static int __init svm_init(void) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index b4e7d645275a..9c814e560e0f 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7731,6 +7731,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = { .get_vmcs12_pages = NULL, .nested_enable_evmcs = NULL, .need_emulation_on_page_fault = vmx_need_emulation_on_page_fault, + .page_enc_status_hc = NULL, }; static void vmx_cleanup_l1d_flush(void) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index a0d1fc80ac5a..dea644be5992 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -7141,6 +7141,11 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu) case KVM_HC_SEND_IPI: ret = kvm_pv_send_ipi(vcpu->kvm, a0, a1, a2, a3, op_64_bit); break; + case KVM_HC_PAGE_ENC_STATUS: + ret = -KVM_ENOSYS; + if (kvm_x86_ops->page_enc_status_hc) + ret = kvm_x86_ops->page_enc_status_hc(vcpu->kvm, a0, a1, a2); + break; default: ret = -KVM_ENOSYS; break; diff --git a/include/uapi/linux/kvm_para.h b/include/uapi/linux/kvm_para.h index 6c0ce49931e5..3dc9e579f4f9 100644 --- a/include/uapi/linux/kvm_para.h +++ b/include/uapi/linux/kvm_para.h @@ -28,6 +28,7 @@ #define KVM_HC_MIPS_CONSOLE_OUTPUT 8 #define KVM_HC_CLOCK_PAIRING 9 #define KVM_HC_SEND_IPI 10 +#define KVM_HC_PAGE_ENC_STATUS 11 /* * hypercalls use architecture specific From patchwork Wed Apr 24 16:10:10 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 1090233 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=amd.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="V3vC9EjO"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44q57G6g1Tz9s9N for ; Thu, 25 Apr 2019 02:17:14 +1000 (AEST) Received: from localhost ([127.0.0.1]:44094 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJKa8-0008II-DH for incoming@patchwork.ozlabs.org; Wed, 24 Apr 2019 12:17:12 -0400 Received: from eggs.gnu.org ([209.51.188.92]:38740) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJKTn-0002DU-6W for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:40 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hJKTP-0003sd-Pp for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:30 -0400 Received: from mail-eopbgr710060.outbound.protection.outlook.com ([40.107.71.60]:21343 helo=NAM05-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hJKTN-0003lK-Uc for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:15 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=82sYA5FglOWsrg0DbVYRMp15GvBNRUbGrkkGiH2XfkU=; b=V3vC9EjObSxuZF2srPCHroNxg3y7YffZ2HNYYrb6JqlfLoCW/SEQaRqp8tmgad7gmz6gczxiaNSjnx1jcqmNIZpd7z8TuSZeNhMx+6fpiVSmiGsVeALV8T5l5CsNGb0ukRKSv+CwxQJEAFFq7wJyVVMreJHWZNz9x4nqsZcXdbQ= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB3212.namprd12.prod.outlook.com (20.179.105.76) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1835.12; Wed, 24 Apr 2019 16:10:10 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::9183:846f:a93e:9a43]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::9183:846f:a93e:9a43%5]) with mapi id 15.20.1813.017; Wed, 24 Apr 2019 16:10:10 +0000 From: "Singh, Brijesh" To: "kvm@vger.kernel.org" Thread-Topic: [RFC PATCH v1 09/10] KVM: x86: Introduce KVM_GET_PAGE_ENC_BITMAP ioctl Thread-Index: AQHU+rgwNLa7fwTWiki9QPhUKWpx/Q== Date: Wed, 24 Apr 2019 16:10:10 +0000 Message-ID: <20190424160942.13567-10-brijesh.singh@amd.com> References: <20190424160942.13567-1-brijesh.singh@amd.com> In-Reply-To: <20190424160942.13567-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0601CA0019.namprd06.prod.outlook.com (2603:10b6:803:2f::29) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 200eb3ae-a45e-485a-b0d5-08d6c8cf534e x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB3212; x-ms-traffictypediagnostic: DM6PR12MB3212: x-microsoft-antispam-prvs: x-forefront-prvs: 00179089FD x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(136003)(376002)(39860400002)(366004)(346002)(199004)(189003)(6436002)(476003)(5640700003)(66556008)(66066001)(102836004)(6512007)(386003)(6506007)(6116002)(3846002)(6916009)(76176011)(2616005)(486006)(5660300002)(446003)(86362001)(97736004)(26005)(2501003)(11346002)(6486002)(186003)(2351001)(53936002)(14454004)(256004)(14444005)(36756003)(4326008)(54906003)(2906002)(25786009)(50226002)(68736007)(7416002)(8936002)(66476007)(99286004)(52116002)(81166006)(81156014)(73956011)(1076003)(8676002)(305945005)(1730700003)(71200400001)(66946007)(7736002)(66574012)(478600001)(316002)(64756008)(66446008)(71190400001); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB3212; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: tZZ/ByTmIGPysF3Y+0zu5F+xA2EIoRpOde/usZO/oTqiuG/7FncCdqHl5G/6nsiX5LfywmnClzhwbvrAF/UB9htik9mD5PPyNZJCAjUavUXwN5zyB2JEEl0ZA2pOeuhspXRRW4GBiTM34fJ0WnWO6hUITpSnbKkMKdYQ8fDhEV6yeeyqCNsfEstPPwW4nNHsW2oxK2MBc6xW2NBhOqV140ZIBMWoQGkeNBdNkwyIR7ptdq5zLRxcgje8fLUvw3m5SrY/byPBuYqokebOW1rqG9eK058GpmaEpcwETbdqvy5TjrBh6P+6EJzzjEzesiMci7mJzjayDnI19FRmtZbf5k5xbTnrflshMLGdg44y+5NV971ruydVFyCCfjTtCWgBmJVR202zYiWa72eQZGGOXBfsBWsTXf83O6fy7Vt3aYo= Content-ID: <2EB5FEF7F66F974FA3F26867EDA5F475@namprd12.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 200eb3ae-a45e-485a-b0d5-08d6c8cf534e X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2019 16:10:10.4167 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3212 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.71.60 Subject: [Qemu-devel] [RFC PATCH v1 09/10] KVM: x86: Introduce KVM_GET_PAGE_ENC_BITMAP ioctl X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Lendacky, Thomas" , "Singh, Brijesh" , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= , Joerg Roedel , "x86@kernel.org" , "qemu-devel@nongnu.org" , "linux-kernel@vger.kernel.org" , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , Thomas Gleixner , Borislav Petkov Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" The ioctl can be used to retrieve page encryption bitmap for a given kvm memory slot. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm.c | 54 ++++++++++++++++++++++++++++++++- arch/x86/kvm/x86.c | 12 ++++++++ include/uapi/linux/kvm.h | 12 ++++++++ 4 files changed, 78 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index adb0ca035b97..9947c4be825d 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1198,6 +1198,7 @@ struct kvm_x86_ops { bool (*need_emulation_on_page_fault)(struct kvm_vcpu *vcpu); int (*page_enc_status_hc)(struct kvm *kvm, unsigned long gpa, unsigned long sz, unsigned long mode); + int (*get_page_enc_bitmap)(struct kvm *kvm, struct kvm_page_enc_bitmap *bmap); }; struct kvm_arch_async_pf { diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index f024f208b052..f386d72c929b 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -7437,6 +7437,57 @@ static int svm_page_enc_status_hc(struct kvm *kvm, unsigned long gpa, return r; } +static int svm_get_page_enc_bitmap(struct kvm *kvm, + struct kvm_page_enc_bitmap *bmap) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + unsigned long gfn_start, gfn_end; + struct kvm_memory_slot *memslot; + struct kvm_memslots *slots; + unsigned long *bitmap; + unsigned long sz, i; + int ret, as_id, id; + + if (!sev_guest(kvm)) + return -ENOTTY; + + as_id = bmap->slot >> 16; + id = (u16)bmap->slot; + if (as_id >= KVM_ADDRESS_SPACE_NUM || id >= KVM_USER_MEM_SLOTS) + return -EINVAL; + + slots = __kvm_memslots(kvm, as_id); + memslot = id_to_memslot(slots, id); + + gfn_start = memslot->base_gfn; + gfn_end = gfn_start + memslot->npages; + + sz = ALIGN(memslot->npages, BITS_PER_LONG) / 8; + bitmap = kmalloc(sz, GFP_KERNEL); + if (!bitmap) + return -ENOMEM; + + memset(bitmap, 0xff, sz); /* by default all pages are marked encrypted */ + + mutex_lock(&kvm->lock); + if (sev->page_enc_bmap) { + i = gfn_start; + for_each_clear_bit_from(i, sev->page_enc_bmap, + min(sev->page_enc_bmap_size, gfn_end)) + clear_bit(i - gfn_start, bitmap); + } + mutex_unlock(&kvm->lock); + + ret = -EFAULT; + if (copy_to_user(bmap->enc_bitmap, bitmap, sz)) + goto out; + + ret = 0; +out: + kfree(bitmap); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -7779,7 +7830,8 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = { .need_emulation_on_page_fault = svm_need_emulation_on_page_fault, - .page_enc_status_hc = svm_page_enc_status_hc + .page_enc_status_hc = svm_page_enc_status_hc, + .get_page_enc_bitmap = svm_get_page_enc_bitmap }; static int __init svm_init(void) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index dea644be5992..44079979b1c5 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4882,6 +4882,18 @@ long kvm_arch_vm_ioctl(struct file *filp, r = kvm_vm_ioctl_hv_eventfd(kvm, &hvevfd); break; } + case KVM_GET_PAGE_ENC_BITMAP: { + struct kvm_page_enc_bitmap bitmap; + + r = -EFAULT; + if (copy_from_user(&bitmap, argp, sizeof(bitmap))) + goto out; + + r = -ENOTTY; + if (kvm_x86_ops->get_page_enc_bitmap) + r = kvm_x86_ops->get_page_enc_bitmap(kvm, &bitmap); + break; + } default: r = -ENOTTY; } diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 07e058a3ec11..7f944d4e252c 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -492,6 +492,16 @@ struct kvm_dirty_log { }; }; +/* for KVM_GET_PAGE_ENC_BITMAP */ +struct kvm_page_enc_bitmap { + __u32 slot; + __u32 padding1; + union { + void __user *enc_bitmap; /* one bit per page */ + __u64 padding2; + }; +}; + /* for KVM_CLEAR_DIRTY_LOG */ struct kvm_clear_dirty_log { __u32 slot; @@ -1440,6 +1450,8 @@ struct kvm_enc_region { /* Available with KVM_CAP_HYPERV_CPUID */ #define KVM_GET_SUPPORTED_HV_CPUID _IOWR(KVMIO, 0xc1, struct kvm_cpuid2) +#define KVM_GET_PAGE_ENC_BITMAP _IOW(KVMIO, 0xc2, struct kvm_page_enc_bitmap) + /* Secure Encrypted Virtualization command */ enum sev_cmd_id { /* Guest initialization commands */ From patchwork Wed Apr 24 16:10:11 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 1090219 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=amd.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="TGCoSnng"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44q53V56H3z9s71 for ; Thu, 25 Apr 2019 02:13:58 +1000 (AEST) Received: from localhost ([127.0.0.1]:44025 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJKWy-0004cJ-8d for incoming@patchwork.ozlabs.org; Wed, 24 Apr 2019 12:13:56 -0400 Received: from eggs.gnu.org ([209.51.188.92]:38743) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJKTn-0002DZ-7P for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:40 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hJKTb-00044v-Qw for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:36 -0400 Received: from mail-eopbgr710060.outbound.protection.outlook.com ([40.107.71.60]:21343 helo=NAM05-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hJKTS-0003lK-V0 for qemu-devel@nongnu.org; Wed, 24 Apr 2019 12:10:20 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=w5xfPzElqGBBA6yiBwyQdybwiqkj5NPI1oihNHtKTUM=; b=TGCoSnngzCf1cPwKzicMawMFfErMkbbZrJmEnCPDozElwljr2WCH8vCgS6KAS6+KABFOmY++BBma4fFSZyeACUDWWk1ZCuDnKsBsuvGD4eCPijz8XqwLT2h5YsW+mBUwNxBbNsGa0M3p3lTQrhQF85VObNkroRbuMEhG3tjaLE0= Received: from DM6PR12MB2682.namprd12.prod.outlook.com (20.176.116.31) by DM6PR12MB3212.namprd12.prod.outlook.com (20.179.105.76) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1835.12; Wed, 24 Apr 2019 16:10:11 +0000 Received: from DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::9183:846f:a93e:9a43]) by DM6PR12MB2682.namprd12.prod.outlook.com ([fe80::9183:846f:a93e:9a43%5]) with mapi id 15.20.1813.017; Wed, 24 Apr 2019 16:10:11 +0000 From: "Singh, Brijesh" To: "kvm@vger.kernel.org" Thread-Topic: [RFC PATCH v1 10/10] mm: x86: Invoke hypercall when page encryption status is changed Thread-Index: AQHU+rgx8NLk1kk3YkaGAjGQSXouEg== Date: Wed, 24 Apr 2019 16:10:11 +0000 Message-ID: <20190424160942.13567-11-brijesh.singh@amd.com> References: <20190424160942.13567-1-brijesh.singh@amd.com> In-Reply-To: <20190424160942.13567-1-brijesh.singh@amd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN4PR0601CA0019.namprd06.prod.outlook.com (2603:10b6:803:2f::29) To DM6PR12MB2682.namprd12.prod.outlook.com (2603:10b6:5:4a::31) authentication-results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 7b6d373c-49af-4f11-eef3-08d6c8cf53fa x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:DM6PR12MB3212; x-ms-traffictypediagnostic: DM6PR12MB3212: x-microsoft-antispam-prvs: x-forefront-prvs: 00179089FD x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(136003)(376002)(39860400002)(366004)(346002)(199004)(189003)(6436002)(476003)(5640700003)(66556008)(66066001)(102836004)(6512007)(386003)(6506007)(6116002)(3846002)(6916009)(76176011)(2616005)(486006)(5660300002)(446003)(86362001)(97736004)(26005)(2501003)(11346002)(6486002)(186003)(2351001)(53936002)(14454004)(256004)(14444005)(36756003)(4326008)(54906003)(2906002)(25786009)(50226002)(68736007)(7416002)(8936002)(66476007)(99286004)(52116002)(81166006)(81156014)(73956011)(1076003)(8676002)(305945005)(1730700003)(71200400001)(66946007)(7736002)(66574012)(478600001)(316002)(64756008)(66446008)(71190400001); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB3212; H:DM6PR12MB2682.namprd12.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: TeTCLPsKBR9mSZBmHBaS7EiAYwb8+0Oj3X9w5KB5fX5Yt2A2QKTkqyWi/UC97RAhaYOgLYuHK5ZfoZdOHFJHpF4atbG+GvKccwQKaeFPOuGcAuLQ/EfDadEs0kuuOSjyzdA0/op2wDKFn0KtsnHGRS7oFmbjurDieoHWfxk/XLfvunMJBIkaBV7K7LpLijhAsS6uDvo4w4cCuBEougYB4hS3d8Fu1xH4gKBEfZsJSUqDgljklL5RjS02PVW+1hBETQLnPJCkqUnv0/dw1Fs2L2p9LPAlzeyXWnMX69ImpHH/Oz4wf9yJ4RmQkUfdK68Ip1DGyokjvN5WHVXZRmeCTfctRGPgC74fZX8QLacMx1HoIMBVd331TNJBZlFQvySr8043YdFqYgF+EJZhISYsetLL8cKSwt2EreJUR2kg9MQ= Content-ID: MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7b6d373c-49af-4f11-eef3-08d6c8cf53fa X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2019 16:10:11.5165 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3212 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.71.60 Subject: [Qemu-devel] [RFC PATCH v1 10/10] mm: x86: Invoke hypercall when page encryption status is changed X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Lendacky, Thomas" , "Singh, Brijesh" , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= , Joerg Roedel , "x86@kernel.org" , "qemu-devel@nongnu.org" , "linux-kernel@vger.kernel.org" , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , Thomas Gleixner , Borislav Petkov Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Invoke a hypercall when a memory region is changed from encrypted -> decrypted and vice versa. Hypervisor need to know the page encryption status during the guest migration. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/mem_encrypt.h | 3 ++ arch/x86/mm/mem_encrypt.c | 45 +++++++++++++++++++++++++++++- arch/x86/mm/pageattr.c | 15 ++++++++++ 3 files changed, 62 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h index 616f8e637bc3..3f43cfdd0209 100644 --- a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -97,4 +97,7 @@ extern char __start_bss_decrypted[], __end_bss_decrypted[], __start_bss_decrypte #endif /* __ASSEMBLY__ */ +extern void set_memory_enc_dec_hypercall(unsigned long vaddr, + unsigned long size, bool enc); + #endif /* __X86_MEM_ENCRYPT_H__ */ diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index 385afa2b9e17..24261b58ac99 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -18,6 +18,7 @@ #include #include #include +#include #include #include @@ -28,6 +29,7 @@ #include #include #include +#include #include "mm_internal.h" @@ -195,6 +197,45 @@ void __init sme_early_init(void) swiotlb_force = SWIOTLB_FORCE; } +void set_memory_enc_dec_hypercall(unsigned long vaddr, unsigned long sz, bool enc) +{ + unsigned long vaddr_end, vaddr_next; + + vaddr_end = vaddr + sz; + + for (; vaddr < vaddr_end; vaddr = vaddr_next) { + int psize, pmask, level; + unsigned long pfn; + pte_t *kpte; + + kpte = lookup_address(vaddr, &level); + if (!kpte || pte_none(*kpte)) + return; + + switch (level) { + case PG_LEVEL_4K: + pfn = pte_pfn(*kpte); + break; + case PG_LEVEL_2M: + pfn = pmd_pfn(*(pmd_t *)kpte); + break; + case PG_LEVEL_1G: + pfn = pud_pfn(*(pud_t *)kpte); + break; + default: + return; + } + + psize = page_level_size(level); + pmask = page_level_mask(level); + + kvm_sev_hypercall3(KVM_HC_PAGE_ENC_STATUS, + pfn << PAGE_SHIFT, psize >> PAGE_SHIFT, enc); + + vaddr_next = (vaddr & pmask) + psize; + } +} + static void __init __set_clr_pte_enc(pte_t *kpte, int level, bool enc) { pgprot_t old_prot, new_prot; @@ -252,12 +293,13 @@ static void __init __set_clr_pte_enc(pte_t *kpte, int level, bool enc) static int __init early_set_memory_enc_dec(unsigned long vaddr, unsigned long size, bool enc) { - unsigned long vaddr_end, vaddr_next; + unsigned long vaddr_end, vaddr_next, start; unsigned long psize, pmask; int split_page_size_mask; int level, ret; pte_t *kpte; + start = vaddr; vaddr_next = vaddr; vaddr_end = vaddr + size; @@ -308,6 +350,7 @@ static int __init early_set_memory_enc_dec(unsigned long vaddr, ret = 0; + set_memory_enc_dec_hypercall(start, size, enc); out: __flush_tlb_all(); return ret; diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c index 4c570612e24e..b1a68879f66d 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -25,6 +25,7 @@ #include #include #include +#include #include "mm_internal.h" @@ -2019,6 +2020,12 @@ int set_memory_global(unsigned long addr, int numpages) __pgprot(_PAGE_GLOBAL), 0); } +void __attribute__((weak)) set_memory_enc_dec_hypercall(unsigned long addr, + unsigned long size, + bool enc) +{ +} + static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc) { struct cpa_data cpa; @@ -2059,6 +2066,14 @@ static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc) */ cpa_flush(&cpa, 0); + /* + * When SEV is active, notify hypervisor that a given memory range is mapped + * encrypted or decrypted. Hypervisor will use this information during + * the VM migration. + */ + if (sev_active()) + set_memory_enc_dec_hypercall(addr, numpages << PAGE_SHIFT, enc); + return ret; }