[RFC,v1,4/6] x86/amd: Configure necessary MSRs for SNP during CPU init when running as a guest
| Message ID | 20230123165128.28185-5-jpiotrowski@linux.microsoft.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp1718009wrn;
Mon, 23 Jan 2023 09:10:10 -0800 (PST)
X-Google-Smtp-Source:
AMrXdXubMEWbsSRLnGh/yDMhLLjOFSwPt3HGvoPZ5KC/dRWyptIENv8M05bYLX1WNQ+jtklt9HTv
X-Received: by 2002:a17:902:b095:b0:192:bdf8:1a5c with SMTP id
p21-20020a170902b09500b00192bdf81a5cmr25680545plr.33.1674493810157;
Mon, 23 Jan 2023 09:10:10 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1674493810; cv=none;
d=google.com; s=arc-20160816;
b=vPzmXrDSt1MO0G+CTIY35ufOxCnXC7ZQzUvRdS05g62gdYE1gWE+A6hiUVgSXbVxiF
jd9KpekNMwA3HPeneLNmku/ZTh/1Q0Kked/s1ZMDjY/yVuFsLslq22/7YC1DoZmXi22X
11uFKzqxDAmrGAdzwKxF8E7Kq3U8vxjbImC/U+ja9BWCHpyOXj8WJ3YQ6ZjC2qaq3hlN
fIVWiTKDSSmGnzdc7m0SCabjGftKaVDMgt4DticoMKU86HAj2EfOeTZKCIZqGbd6vPJc
UbiSGOG+olUMvzmkhB7IUi1mJ9eNJkSKtMIIpQgC6oxCbMQcDGx+gMNcqUeO60wgsHD4
ZERQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature:dkim-filter;
bh=1q0vUA/+bYaUkIbGuVZC66EHLWsufbPUd970kd1iRGY=;
b=XnPoK8qw6xmcIVxKl0bKPIu9CyKEkNbS3x5x3dmURL6C3nIs20RU5cvLu6Gezq9j6D
AYRRHzQc/z+8nnjSQ7PgoCb6JLP014Iz4S9WdDyPXSVoMUXafdgDb94SLMuc3fI2/ccO
dRuJlDkBNIOPbINIxFVGyyg7TcWuS0yCCwd1GPjoyHJREeOzlWQkPPy7MeV+q9Q8T36/
84GZwYxrvDQSELr24sOUwOTo4AMmO4aHgtY83qcAxgd8noQGwFp93zxAT5ZWoj7YzaLe
+m7X2LhRn5Uuh8xJ002DLiIZmVQTXMcpUpJYnW6lITYeVh0tsp/KgisCFiPi8S0K8gCU
RFWg==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@linux.microsoft.com header.s=default
header.b=TNcToS0z;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
b8-20020a170902b60800b001947f4efe99si26609262pls.551.2023.01.23.09.09.57;
Mon, 23 Jan 2023 09:10:10 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@linux.microsoft.com header.s=default
header.b=TNcToS0z;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S232690AbjAWQwE (ORCPT <rfc822;rust.linux@gmail.com> + 99 others);
Mon, 23 Jan 2023 11:52:04 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58094 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S233427AbjAWQwB (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Mon, 23 Jan 2023 11:52:01 -0500
Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
by lindbergh.monkeyblade.net (Postfix) with ESMTP id C9A372C66B;
Mon, 23 Jan 2023 08:51:58 -0800 (PST)
Received: from vm02.corp.microsoft.com (unknown [167.220.196.155])
by linux.microsoft.com (Postfix) with ESMTPSA id D00BF20E1ABE;
Mon, 23 Jan 2023 08:51:55 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com D00BF20E1ABE
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
s=default; t=1674492718;
bh=1q0vUA/+bYaUkIbGuVZC66EHLWsufbPUd970kd1iRGY=;
h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
b=TNcToS0zofw2NUVWyE80xtxIOj8gXwl2ndk42rbTQnKwVuvk18CJO2Xmi4gYMm7iS
Ojue38bjS4dB2x6Y7jyVXeJqvE3fgs5EWQot99JevbHbWQqkR5fjInL3U1nTeZLjo3
LWpe7t7Xfyk0ueoI5mxTQhkG98Fclix4IVqHfO/4=
From: Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>
To: linux-kernel@vger.kernel.org
Cc: Jeremi Piotrowski <jpiotrowski@microsoft.com>,
Wei Liu <wei.liu@kernel.org>, Dexuan Cui <decui@microsoft.com>,
Tianyu Lan <Tianyu.Lan@microsoft.com>,
Michael Kelley <mikelley@microsoft.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>, x86@kernel.org,
linux-hyperv@vger.kernel.org,
Brijesh Singh <brijesh.singh@amd.com>,
Michael Roth <michael.roth@amd.com>,
Ashish Kalra <ashish.kalra@amd.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>
Subject: [RFC PATCH v1 4/6] x86/amd: Configure necessary MSRs for SNP during
CPU init when running as a guest
Date: Mon, 23 Jan 2023 16:51:26 +0000
Message-Id: <20230123165128.28185-5-jpiotrowski@linux.microsoft.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20230123165128.28185-1-jpiotrowski@linux.microsoft.com>
References: <20230123165128.28185-1-jpiotrowski@linux.microsoft.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-19.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_MED,
SPF_HELO_PASS,SPF_PASS,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL
autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1755834021347203580?=
X-GMAIL-MSGID: =?utf-8?q?1755834021347203580?=
|
| Series |
Support nested SNP KVM guests on Hyper-V
|
|
Commit Message
Jeremi Piotrowski
Jan. 23, 2023, 4:51 p.m. UTC
From: Jeremi Piotrowski <jpiotrowski@microsoft.com> Hyper-V may expose the SEV/SEV-SNP CPU features to the guest, but it is up to the guest to use them. early_detect_mem_encrypt() checks SYSCFG[MEM_ENCRYPT] and HWCR[SMMLOCK] and if these are not set the SEV-SNP features are cleared. Check if we are running under a hypervisor and if so - update SYSCFG and skip the HWCR check. It would be great to make this check more specific (checking for Hyper-V) but this code runs before hypervisor detection on the boot cpu. Signed-off-by: Jeremi Piotrowski <jpiotrowski@linux.microsoft.com> --- arch/x86/kernel/cpu/amd.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
Comments
From: Jeremi Piotrowski <jpiotrowski@linux.microsoft.com> Sent: Monday, January 23, 2023 8:51 AM > > Hyper-V may expose the SEV/SEV-SNP CPU features to the guest, but it is > up to the guest to use them. early_detect_mem_encrypt() checks > SYSCFG[MEM_ENCRYPT] and HWCR[SMMLOCK] and if these are not set the > SEV-SNP features are cleared. Check if we are running under a > hypervisor and if so - update SYSCFG and skip the HWCR check. > > It would be great to make this check more specific (checking for > Hyper-V) but this code runs before hypervisor detection on the boot cpu. Could you elaborate on why we would want this check to be Hyper-V specific? Per my comments on Patch 3 of this series, I would think the opposite. If possible, we want code like this to work on any hypervisor, and not have Hyper-V specific behavior in code outside of the Hyper-V modules. But I don't know this code well at all, so maybe there's an aspect I'm missing. Michael > > Signed-off-by: Jeremi Piotrowski <jpiotrowski@linux.microsoft.com> > --- > arch/x86/kernel/cpu/amd.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c > index c7884198ad5b..17d91ac62937 100644 > --- a/arch/x86/kernel/cpu/amd.c > +++ b/arch/x86/kernel/cpu/amd.c > @@ -565,6 +565,12 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c) > * don't advertise the feature under CONFIG_X86_32. > */ > if (cpu_has(c, X86_FEATURE_SME) || cpu_has(c, X86_FEATURE_SEV)) { > + if (cpu_has(c, X86_FEATURE_HYPERVISOR)) { > + rdmsrl(MSR_AMD64_SYSCFG, msr); > + msr |= MSR_AMD64_SYSCFG_MEM_ENCRYPT; > + wrmsrl(MSR_AMD64_SYSCFG, msr); > + } > + > /* Check if memory encryption is enabled */ > rdmsrl(MSR_AMD64_SYSCFG, msr); > if (!(msr & MSR_AMD64_SYSCFG_MEM_ENCRYPT)) > @@ -584,7 +590,7 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c) > setup_clear_cpu_cap(X86_FEATURE_SME); > > rdmsrl(MSR_K7_HWCR, msr); > - if (!(msr & MSR_K7_HWCR_SMMLOCK)) > + if (!(msr & MSR_K7_HWCR_SMMLOCK) && !cpu_has(c, X86_FEATURE_HYPERVISOR)) > goto clear_sev; > > return; > -- > 2.25.1
On Sun, Jan 29, 2023 at 04:44:05AM +0000, Michael Kelley (LINUX) wrote: > From: Jeremi Piotrowski <jpiotrowski@linux.microsoft.com> Sent: Monday, January 23, 2023 8:51 AM > > > > Hyper-V may expose the SEV/SEV-SNP CPU features to the guest, but it is > > up to the guest to use them. early_detect_mem_encrypt() checks > > SYSCFG[MEM_ENCRYPT] and HWCR[SMMLOCK] and if these are not set the > > SEV-SNP features are cleared. Check if we are running under a > > hypervisor and if so - update SYSCFG and skip the HWCR check. > > > > It would be great to make this check more specific (checking for > > Hyper-V) but this code runs before hypervisor detection on the boot cpu. > > Could you elaborate on why we would want this check to be Hyper-V > specific? Per my comments on Patch 3 of this series, I would think the > opposite. If possible, we want code like this to work on any hypervisor, > and not have Hyper-V specific behavior in code outside of the Hyper-V > modules. But I don't know this code well at all, so maybe there's an > aspect I'm missing. > > Michael > This patch would work for any hypervisor, but I'm not sure every hypervisor would chose to do things this way. Take the MSR_AMD64_SYSCFG_MEM_ENCRYPT setting. It could be done like on baremetal with VM BIOS settings, which wouldn't work well for Hyper-V. The VMM could also simply always return MSR_AMD64_SYSCFG_MEM_ENCRYPT when it exposes SEV/-ES/-SNP flags to a non-SNP guest (KVM always returns 0 in SYSCFG right now, and doesn't allow it to be set). But ultimately all this function does is mask off SEV/-ES/-SNP CPU flags based on an assumption that no longer holds, so I think this approach to fixing it is acceptable. The only thing I would check is whether it's possible to check the coco attr here as well so that this definitely doesn't run for SNP guests (provided this information is available at this point). > > > > Signed-off-by: Jeremi Piotrowski <jpiotrowski@linux.microsoft.com> > > --- > > arch/x86/kernel/cpu/amd.c | 8 +++++++- > > 1 file changed, 7 insertions(+), 1 deletion(-) > > > > diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c > > index c7884198ad5b..17d91ac62937 100644 > > --- a/arch/x86/kernel/cpu/amd.c > > +++ b/arch/x86/kernel/cpu/amd.c > > @@ -565,6 +565,12 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c) > > * don't advertise the feature under CONFIG_X86_32. > > */ > > if (cpu_has(c, X86_FEATURE_SME) || cpu_has(c, X86_FEATURE_SEV)) { > > + if (cpu_has(c, X86_FEATURE_HYPERVISOR)) { > > + rdmsrl(MSR_AMD64_SYSCFG, msr); > > + msr |= MSR_AMD64_SYSCFG_MEM_ENCRYPT; > > + wrmsrl(MSR_AMD64_SYSCFG, msr); > > + } > > + > > /* Check if memory encryption is enabled */ > > rdmsrl(MSR_AMD64_SYSCFG, msr); > > if (!(msr & MSR_AMD64_SYSCFG_MEM_ENCRYPT)) > > @@ -584,7 +590,7 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c) > > setup_clear_cpu_cap(X86_FEATURE_SME); > > > > rdmsrl(MSR_K7_HWCR, msr); > > - if (!(msr & MSR_K7_HWCR_SMMLOCK)) > > + if (!(msr & MSR_K7_HWCR_SMMLOCK) && !cpu_has(c, X86_FEATURE_HYPERVISOR)) > > goto clear_sev; > > > > return; > > -- > > 2.25.1
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index c7884198ad5b..17d91ac62937 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -565,6 +565,12 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c) * don't advertise the feature under CONFIG_X86_32. */ if (cpu_has(c, X86_FEATURE_SME) || cpu_has(c, X86_FEATURE_SEV)) { + if (cpu_has(c, X86_FEATURE_HYPERVISOR)) { + rdmsrl(MSR_AMD64_SYSCFG, msr); + msr |= MSR_AMD64_SYSCFG_MEM_ENCRYPT; + wrmsrl(MSR_AMD64_SYSCFG, msr); + } + /* Check if memory encryption is enabled */ rdmsrl(MSR_AMD64_SYSCFG, msr); if (!(msr & MSR_AMD64_SYSCFG_MEM_ENCRYPT)) @@ -584,7 +590,7 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c) setup_clear_cpu_cap(X86_FEATURE_SME); rdmsrl(MSR_K7_HWCR, msr); - if (!(msr & MSR_K7_HWCR_SMMLOCK)) + if (!(msr & MSR_K7_HWCR_SMMLOCK) && !cpu_has(c, X86_FEATURE_HYPERVISOR)) goto clear_sev; return;