From patchwork Thu Aug 10 23:49:18 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sean Christopherson <seanjc@google.com>
X-Patchwork-Id: 134263
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b824:0:b0:3f2:4152:657d with SMTP id z4csp779830vqi;
        Thu, 10 Aug 2023 17:57:05 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IF6lGa8tMbT0ZF3pCPQnqTuThmOQe26u2aM2OC+Ydrt+uUfnURg1gDEkBUSQO+nJn8RY0Sv
X-Received: by 2002:a17:902:8604:b0:1bd:af7f:a9f1 with SMTP id
 f4-20020a170902860400b001bdaf7fa9f1mr314048plo.47.1691715425206;
        Thu, 10 Aug 2023 17:57:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1691715425; cv=none;
        d=google.com; s=arc-20160816;
        b=lPrmNpyABNkHHlb7T26G3rPdLipO+52X8MA6cOLc7chwWs/GPBQEBOgvewv1TSqIAO
         LyRfq6b/LHQd0JVkgczb1zyFkIP3WzOXk3q+zTU+yo78+B6XiEoKfat1u4R7GvodDCT0
         t0twNdzHSELKR8DXk4q/6QUImLb8WvIk/VVdnuxPKSL/eW1JvJCDUFjAUXrHduaXIPLY
         vgMtRcXiQCDPJeB6hJ7+M1DRsNHQoaKyn/n0jcKiqQlXG3HMOJ9cTUzGrk8n+fCwtY/n
         1wk9mx4hdC+aRqnh7lgBR6yb1lBtEyaHAUGiYctQfVJaMI7LvmM7ShnQnf9Rr1vB4Z51
         mWYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:reply-to:dkim-signature;
        bh=WMPe2NIMjXJcWowFfDwErjX/zalQdCmsflMWWEEOcuo=;
        fh=V7CVPPTRbh2VufElafI2Ok/nHdujZmxHH7PJW4f8amU=;
        b=P435rGmEXFFAJvKzhKjmxAy/dtLY8U34fCdqY4a5pVX7D4/1q9bUN33yga0MGlmlg+
         +MYR98d5stQghRGcuu/Hqbgzd6npc7I5uhx28MSLq5mhRrFLyPrkPUFZBYd960X6RUfS
         iH+fQxDS8aoOGNfppfQSzJZkhpHGU7+xMhfWtym7vEQ2GHoi2T/tebBB3sHlQOR6ju2A
         3YrbtD58qPcfrXAmm74VtOR6gMmdrwJ3qjl1AlInBetwl/JYlRolagmkh6mlagCXD0e9
         wi7hYjrj/yzMTibg/G9n1a0i7xBcvU1uZkahxwHNV+DF2oyS71CIFHr1s6Wk5ZaYJoB9
         fraQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20221208 header.b="d7jjy5/A";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 b2-20020a170902650200b001b3bd85f54bsi2311843plk.35.2023.08.10.17.56.48;
        Thu, 10 Aug 2023 17:57:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20221208 header.b="d7jjy5/A";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233195AbjHJXtd (ORCPT <rfc822;lanlanxiyiji@gmail.com>
        + 99 others); Thu, 10 Aug 2023 19:49:33 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47046 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233106AbjHJXt0 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 10 Aug 2023 19:49:26 -0400
Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com
 [IPv6:2607:f8b0:4864:20::1049])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F33F42D52
        for <linux-kernel@vger.kernel.org>;
 Thu, 10 Aug 2023 16:49:24 -0700 (PDT)
Received: by mail-pj1-x1049.google.com with SMTP id
 98e67ed59e1d1-26b1371594dso1098590a91.2
        for <linux-kernel@vger.kernel.org>;
 Thu, 10 Aug 2023 16:49:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20221208; t=1691711364; x=1692316164;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=WMPe2NIMjXJcWowFfDwErjX/zalQdCmsflMWWEEOcuo=;
        b=d7jjy5/AjtnCGxszuB7lAloMbDsavS+OxL1L+9ajnm5Qz/Y41Z1HgawGVsunTUS3xB
         dqcAxCYwbvgbMRbN0nW3VCxeCNJkAUonDBIq7bfmj3bpZcxYkXpflWcNEgD2rTCkap+T
         IePqZu8IGKglgFlO74RS9KRjymGEQb8S/NFO/hVu19GnxTYtwH0AUY/So2DEapA7nvha
         Tht7/Q3vLjDfkl9g2FmxocBIfgE95sWGpDfRjHgcpYNKXdlr1/YbB7eYq+rmdlVinP9+
         BCTcd4/s2uOMlfXjfgoVPnPZsZego0tS/+3I7sRNhkUPL/Dp4/0oPN/SH/YFiyY0VNrL
         3A2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1691711364; x=1692316164;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=WMPe2NIMjXJcWowFfDwErjX/zalQdCmsflMWWEEOcuo=;
        b=AAqEHFWGswWIayi/taUxDoj0i4ufZWeW69D2UR7NvOLrYSdKW1gtsPa9HEfu0F7znC
         lntnQPhN5GA3vpG9IkHJhTZhn+i1b/kgF+zsCQpPeOJX2y8lPP3lT/hGz6HbcORNYDaN
         PrwecfB+yBicJtzN38jHPJaVQ7k3IDPsB9Ht/0NzwZDhUMtBIyMwbLeoZJ2O7FoSbvF3
         ccGVvuLU3mZIheCY+t7/z2+rLh7JcRdLdeEdTh3BdNTgHc5qGN5eak/voJEbhYk6p1c/
         d6RVQjNlnfq7IJ/o0pu+EhXzR5R2WfKBPZofpAoHle2sYdt4lR4MH56/OyOeABdXJCMf
         sKpA==
X-Gm-Message-State: AOJu0YyTy0+y20MoWoE+2Xk61lsG12zaJFG3Z9KV67ggPXlvkfebcahK
        DlIZpdnF8JWCo8scswnxHsgLBlCNWwY=
X-Received: from zagreus.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a17:90b:4009:b0:26b:dcc:eea0 with SMTP id
 ie9-20020a17090b400900b0026b0dcceea0mr11392pjb.9.1691711364542; Thu, 10 Aug
 2023 16:49:24 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Thu, 10 Aug 2023 16:49:18 -0700
In-Reply-To: <20230810234919.145474-1-seanjc@google.com>
Mime-Version: 1.0
References: <20230810234919.145474-1-seanjc@google.com>
X-Mailer: git-send-email 2.41.0.694.ge786442a9b-goog
Message-ID: <20230810234919.145474-3-seanjc@google.com>
Subject: [PATCH 2/2] KVM: SVM: Require nrips support for SEV guests (and
 beyond)
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
        Wu Zongyo <wuzongyo@mail.ustc.edu.cn>,
        Tom Lendacky <thomas.lendacky@amd.com>
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1773892193510947156
X-GMAIL-MSGID: 1773892193510947156

Disallow SEV (and beyond) if nrips is disabled via module param, as KVM
can't read guest memory to partially emulate and skip an instruction.  All
CPUs that support SEV support NRIPS, i.e. this is purely stopping the user
from shooting themselves in the foot.

Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/svm/sev.c |  2 +-
 arch/x86/kvm/svm/svm.c | 11 ++++-------
 arch/x86/kvm/svm/svm.h |  1 +
 3 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 2cd15783dfb9..8ce9ffc8709e 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -2185,7 +2185,7 @@ void __init sev_hardware_setup(void)
 	bool sev_es_supported = false;
 	bool sev_supported = false;
 
-	if (!sev_enabled || !npt_enabled)
+	if (!sev_enabled || !npt_enabled || !nrips)
 		goto out;
 
 	/*
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 581958c9dd4d..7cb5ef5835c2 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -202,7 +202,7 @@ static int nested = true;
 module_param(nested, int, S_IRUGO);
 
 /* enable/disable Next RIP Save */
-static int nrips = true;
+int nrips = true;
 module_param(nrips, int, 0444);
 
 /* enable/disable Virtual VMLOAD VMSAVE */
@@ -5191,9 +5191,11 @@ static __init int svm_hardware_setup(void)
 
 	svm_adjust_mmio_mask();
 
+	nrips = nrips && boot_cpu_has(X86_FEATURE_NRIPS);
+
 	/*
 	 * Note, SEV setup consumes npt_enabled and enable_mmio_caching (which
-	 * may be modified by svm_adjust_mmio_mask()).
+	 * may be modified by svm_adjust_mmio_mask()), as well as nrips.
 	 */
 	sev_hardware_setup();
 
@@ -5205,11 +5207,6 @@ static __init int svm_hardware_setup(void)
 			goto err;
 	}
 
-	if (nrips) {
-		if (!boot_cpu_has(X86_FEATURE_NRIPS))
-			nrips = false;
-	}
-
 	enable_apicv = avic = avic && avic_hardware_setup();
 
 	if (!enable_apicv) {
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index 2237230aad98..860511276087 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -34,6 +34,7 @@
 #define MSRPM_OFFSETS	32
 extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly;
 extern bool npt_enabled;
+extern int nrips;
 extern int vgif;
 extern bool intercept_smi;
 extern bool x2avic_enabled;