From patchwork Wed Jan 31 23:56:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 195085 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:106:209c:c626 with SMTP id mn5csp100680dyc; Wed, 31 Jan 2024 15:58:05 -0800 (PST) X-Google-Smtp-Source: AGHT+IFqCLSS7VTQ2mr+4ROG3Qx93PqOZJ+dS6bjFkoi5+6GFTn53XB0tIUn76zIXlsihp5f5VW2 X-Received: by 2002:a05:620a:1013:b0:783:f8aa:7546 with SMTP id z19-20020a05620a101300b00783f8aa7546mr1156635qkj.28.1706745485599; Wed, 31 Jan 2024 15:58:05 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706745485; cv=pass; d=google.com; s=arc-20160816; b=aqjXRHqz3E9YSmL4G962ATZZ/66VYnol3y3SyF03FIw86gOU9Qjn/7PBt2IGOsT01y fl6//BszPd+/LE2ZVqOx1YYfYQflmHrwaYoQ6s8uMTYi6U/WSyqvq6AXtcFH/bgIihqL h1LtxEpQ+0v2kW8r8r8aF7RohWvN/uKWZpaXj3h5cTC2S3cxdy07V0X0Wb7zW9HKNbwU 3xBNBUQo6bTjRCMB/NwVaPPvaT4HlJ8JJw0lSMJi2bwxVXCUbqTnj0k5RNg9hTAEEjhe A6XJKSXeGYpBa+2tq6P0usSyqAqQoczdY3jzDHUbim1mhVoQHlyWYt3cHC07HrpvjYTp i3bw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :reply-to:dkim-signature; bh=/WObf82Vf/Y5MR7jXp0Gt7NYNHTt/4hLoEW6luDmRxk=; fh=Izpkwk3bvrc5NZQEgAx1gSMQkSldZX+1NCtHqFRFwDk=; b=0UCGiOGBuyj8oayHdnAS6+pXNi1yR/2OWL23e7h1egSwp/lTXm1UW06KnHp02plTfi yRraQSnllFcU5ZN9ewEPzFrVYaxQ2z+8TjmR4A1FNZOxqEnMwka8z8sXQNx2TIY3MRPm NlKhGrgEv/cyQIKHNZ1sQjAQU7zpHEsddf+/bAs9RSZeIcrgSaeGhdT1RAxaYMvXR3oE /uDzHdZiGP2g4X7ZxvR6rN3U/2jWrUGkO42RyUu0vElqg+jlmWHLppxLwQdcYljILM+s G0rvE4EyKpGESoLFXmteZd2stTHlqJZeLT5oYdfLk182UIQILH1X9zCr8SsJQ3BSVYOK TE/A==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=sahZiboW; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-47401-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-47401-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com X-Forwarded-Encrypted: i=1; AJvYcCWnNC3GHnqUMbC9GlsNxjSpUwrW1JNpWTLuweY8hfIyyqp5CzzLW6leJVP4UYQwkz3ZadYB8XKItRSfbkuyOM4g+l3pYA== Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id d6-20020a05620a136600b00783ddf8c341si12224459qkl.198.2024.01.31.15.58.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Jan 2024 15:58:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-47401-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=sahZiboW; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-47401-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-47401-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 558981C236DE for ; Wed, 31 Jan 2024 23:58:05 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id F172C3FE24; Wed, 31 Jan 2024 23:56:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="sahZiboW" Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 41F083AC34 for ; Wed, 31 Jan 2024 23:56:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706745379; cv=none; b=GEfr3aHvhSG7D1JWvqsQqINZLU3M8aAVbNtS0T7RtXpes2Jr9glFGmvx02yW7kJslsdcRUsiGXt8EVPSe/vXigYju91oE1DV5VpgWQEihER597CEZwdf2LqLACFjyJ9hwZ/3I3oxu6/6oUakceRP7GMVsrU0o1NsWKdvZzyIoHk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706745379; c=relaxed/simple; bh=D1nog3XCAS5QFsKZW5HVf+ENkuPBa0MU2IJSYf8wk+o=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ZXcFHfbmHODjjZOi8juaeSF/9EXhrm5fMGi6CRvG5DWTltTij9mchDKkMDnBmKZo6XFhkj01iK3GuN4fu4mRu/S/qE9f4RTjnfJQJj6ebmBfx9AE/JPTwCWc3v9/OtZXazQT7p4eOTkpiuS5SZAjFnRaKTFXaZDHnj9JrPO99PI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=sahZiboW; arc=none smtp.client-ip=209.85.215.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-pg1-f201.google.com with SMTP id 41be03b00d2f7-5d63c7c4248so1295438a12.0 for ; Wed, 31 Jan 2024 15:56:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1706745377; x=1707350177; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=/WObf82Vf/Y5MR7jXp0Gt7NYNHTt/4hLoEW6luDmRxk=; b=sahZiboWzyFipkcxsmrChqjVG6r4CmV41tCxJfv66ChItU88vt2YhWaAf3BEfazat/ ks33WPMLlJcvZ+7xrnd3VxpkmT3n2hyNPBe3Ze0oYDuLB0NLqgxD3Bva/ke1oSUpl5G5 KjyVltb07236dh33TY80r3vr1ygh0JKOAIPaKW1Ear7X+qIjzVEWpKMJrmo6POaxlGyG vYLPzGygHwJayxw5nMLaPq9bI02ODUrkai9Sz8GJm4BZxcL8x8A6IT/1VPxrLrJWNq20 56pun4w47b6HnckQE7LytsdHAS6HzwPvAdKP48oTs8b8sGTpf04mCHh/HSoSxwNHIlrG 0gvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706745377; x=1707350177; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/WObf82Vf/Y5MR7jXp0Gt7NYNHTt/4hLoEW6luDmRxk=; b=HUnDBD3pVPB8vBQkWr8PNA0rkUj3LOPWkE+YJI5HjWA9xY0l3ib/sWTl5ludDCjLg2 jZDOsbyp/MwzNSzhO8KbT3ppKhMF3KAEJzdCUGZ+9xa4IIvL7x59YDRxkEHRUu6bLh1g tNTVz47OJpaliO4gOHrQJvTGuUnQQEyy9iZnLTx1d42xvYNdftLisVdzsGQVH5fgLUjT sUZLNvk/Bas5GCU1Zs7FldBpLvIf9SrhEXhPmS5W6FUfgSGpK7XtCiZkKHPbmwefuL2F cXM9UF9XpPGpemgeuHmxhlzYTw+ObW5wRa16sGjjbxPPeqC4QgF3yR8273Y8iXM2w0hT kELA== X-Gm-Message-State: AOJu0YzzI3/ztfzxHKl8yoCMM/dqE/n8wE/01mwDK7GV6YgdXo8v5Bxg 2Dijgsw2goRx3QOpUk1saQKBkcXkEfULLfYZ8a5042henc7oYK79Fc8U4MVaYMMFFGgsTR5pEMC sRg== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:90a:2bc8:b0:295:6834:b941 with SMTP id n8-20020a17090a2bc800b002956834b941mr45398pje.1.1706745377422; Wed, 31 Jan 2024 15:56:17 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 31 Jan 2024 15:56:08 -0800 In-Reply-To: <20240131235609.4161407-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240131235609.4161407-1-seanjc@google.com> X-Mailer: git-send-email 2.43.0.429.g432eaa2c6b-goog Message-ID: <20240131235609.4161407-4-seanjc@google.com> Subject: [PATCH v4 3/4] KVM: SVM: Add support for allowing zero SEV ASIDs From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Ashish Kalra , Tom Lendacky X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1789652354330887286 X-GMAIL-MSGID: 1789652354330887286 From: Ashish Kalra Some BIOSes allow the end user to set the minimum SEV ASID value (CPUID 0x8000001F_EDX) to be greater than the maximum number of encrypted guests, or maximum SEV ASID value (CPUID 0x8000001F_ECX) in order to dedicate all the SEV ASIDs to SEV-ES or SEV-SNP. The SEV support, as coded, does not handle the case where the minimum SEV ASID value can be greater than the maximum SEV ASID value. As a result, the following confusing message is issued: [ 30.715724] kvm_amd: SEV enabled (ASIDs 1007 - 1006) Fix the support to properly handle this case. Fixes: 916391a2d1dc ("KVM: SVM: Add support for SEV-ES capability in KVM") Suggested-by: Sean Christopherson Signed-off-by: Ashish Kalra Cc: stable@vger.kernel.org Acked-by: Tom Lendacky Link: https://lore.kernel.org/r/20240104190520.62510-1-Ashish.Kalra@amd.com Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 04c4c14473fd..38e40fbc7ea0 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -144,10 +144,21 @@ static void sev_misc_cg_uncharge(struct kvm_sev_info *sev) static int sev_asid_new(struct kvm_sev_info *sev) { - unsigned int asid, min_asid, max_asid; + /* + * SEV-enabled guests must use asid from min_sev_asid to max_sev_asid. + * SEV-ES-enabled guest can use from 1 to min_sev_asid - 1. + * Note: min ASID can end up larger than the max if basic SEV support is + * effectively disabled by disallowing use of ASIDs for SEV guests. + */ + unsigned int min_asid = sev->es_active ? 1 : min_sev_asid; + unsigned int max_asid = sev->es_active ? min_sev_asid - 1 : max_sev_asid; + unsigned int asid; bool retry = true; int ret; + if (min_asid > max_asid) + return -ENOTTY; + WARN_ON(sev->misc_cg); sev->misc_cg = get_current_misc_cg(); ret = sev_misc_cg_try_charge(sev); @@ -159,12 +170,6 @@ static int sev_asid_new(struct kvm_sev_info *sev) mutex_lock(&sev_bitmap_lock); - /* - * SEV-enabled guests must use asid from min_sev_asid to max_sev_asid. - * SEV-ES-enabled guest can use from 1 to min_sev_asid - 1. - */ - min_asid = sev->es_active ? 1 : min_sev_asid; - max_asid = sev->es_active ? min_sev_asid - 1 : max_sev_asid; again: asid = find_next_zero_bit(sev_asid_bitmap, max_asid + 1, min_asid); if (asid > max_asid) { @@ -2234,8 +2239,10 @@ void __init sev_hardware_setup(void) goto out; } - sev_asid_count = max_sev_asid - min_sev_asid + 1; - WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV, sev_asid_count)); + if (min_sev_asid <= max_sev_asid) { + sev_asid_count = max_sev_asid - min_sev_asid + 1; + WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV, sev_asid_count)); + } sev_supported = true; /* SEV-ES support requested? */ @@ -2266,7 +2273,9 @@ void __init sev_hardware_setup(void) out: if (boot_cpu_has(X86_FEATURE_SEV)) pr_info("SEV %s (ASIDs %u - %u)\n", - sev_supported ? "enabled" : "disabled", + sev_supported ? min_sev_asid <= max_sev_asid ? "enabled" : + "unusable" : + "disabled", min_sev_asid, max_sev_asid); if (boot_cpu_has(X86_FEATURE_SEV_ES)) pr_info("SEV-ES %s (ASIDs %u - %u)\n",