From patchwork Thu Jun 15 06:37:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 108279 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp441625vqr; Thu, 15 Jun 2023 00:03:59 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7cGdhY6EyH+FTJBg0GS+Bthy7w8//8n+OuP39pKjOeYvB8N6gyHtrtonPR3BezYlwZ78lj X-Received: by 2002:a17:907:6292:b0:982:3b43:6f23 with SMTP id nd18-20020a170907629200b009823b436f23mr7521816ejc.28.1686812639165; Thu, 15 Jun 2023 00:03:59 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1686812639; cv=pass; d=google.com; s=arc-20160816; b=bXBEgS53Z/gty/xOc0lJIDmWaJlenwnjqVku+CF535WrakVUnQmEGHcvasVQ54iTuO r6s1u2zmFchYfGDjxsUy6f/BQ1DQj3Xz1kT1JJRMLnK2BRw/WHHMFVQ9ZJqglTbxcSS1 DHeRhFU5Ir0il9Hx/9ZkKt6t2AqnhopfBUy01hvnFYOGfPZLBBwJMp1kHJm4//49bMiG Q8TCRepi4vtHyYUaHMZWoV87jLNn2MMMcpbt+MrjREnpr/ydSoKbg6fMuMweZBeSZ+Tc pcb+m42FcGpdYUQ0gZbx5s3MuG3iXjXS04oX4JDOu1SAjcnfWyPVO5L20aVaBtgA747P /Shg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=NQtpljWj04odF38uw1ZtZlDi8mKa6LhE6k+ISPBx0MU=; b=ARw8QbEul0URtVrGzYQERE5FQhLkRQQ/pSuvrKunKrkDAN/X6IpdRHwX7u+YbxkX17 NMggxKQCplNwE60oL60oW92SBrNL3tHQ3geLJDWNldRmjPdQuSst9P+Q1t62NkdiTS49 f2YZ40lB0tI0Ece84yn2lE6jP7kIm51m4+SOTMziqWSnl5c0O5SD9fRWn+QSrb0qVZUg DK1JT+s/lJK55t1O76ej0b96MhsiRL8t1IZ8tzrC+Txqg1TZ3RTp/OlneFg+gU1E/6io Oirpj+uPU2NG2HceCFN4aQQCUeDhzAYCasZHXCTONCFQLdovQM0WMaS0R6cWHfzrgiqX iRfQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=dL2xiM+d; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id lr20-20020a170906fb9400b0098287baecc2si1359007ejb.50.2023.06.15.00.03.33; Thu, 15 Jun 2023 00:03:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=dL2xiM+d; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242320AbjFOGlQ (ORCPT + 99 others); Thu, 15 Jun 2023 02:41:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50152 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237380AbjFOGki (ORCPT ); Thu, 15 Jun 2023 02:40:38 -0400 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2070.outbound.protection.outlook.com [40.107.243.70]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3BD2A30E2; Wed, 14 Jun 2023 23:39:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cr+a/3bx+y3DXFkpY2rKZhd5A7ufr1jKNcrsn2cqcSuCbIk7kvCoNYk0ucvFTBXHNjWrcj2dQZRnvl90zyVbKzYgZaLX4jjIJ0/VCJfvWufOl3DuODXWcS8KxYjJLjvcZwPF58wrMftPQTljePbh8u9qvCLBNcb5V/9SefRu+STvaez4dFNzGI6FQgN5DECWu9adqn5ZZmEMFcBoW68xgB19tIxSXY3J+a8jOWb2DrOkkE8sGCVw/LKbCHb/oBMSOWdXBXyYmrGE/YiMV+mY9rwF7Y+k6dSD4uzuyV8aCwgg/A2eg7AAZ8/dzif0HaaCq9hY2TRi3qy1/AIFdP5JVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NQtpljWj04odF38uw1ZtZlDi8mKa6LhE6k+ISPBx0MU=; b=LuWN/fFQMAQuKkfRJ2XmJXDhRWLJA1X6QQ5YjqvJvi+NxHMHuEKlzpXyZnL7k5aQuMXIi1A+1l8zNrVcJpkhylR9Zn5OcAodFKgYu51RuNg0eJWN79jmXZCevnj3EOyxjhakM//L1gPwc86PY/24BWKySUX7/P2d+w6ko9OZdOmXQixO4ReB7a5B++TXkTdJKgqWZSv+fgvFthCc5vyIvZWYF0Eh3IlGcE78Z1XG6upDyH4EJZes8UC9rDuESYqAi7rBy/oyGuN7TclDAZBLOP4MHoaKfQxmNbDFoElYALJHRXTCug8go6MeW8xLmm+jjIwnV9oBjCyw22GPNCUgow== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NQtpljWj04odF38uw1ZtZlDi8mKa6LhE6k+ISPBx0MU=; b=dL2xiM+d57IBqXEYzy884QtTcelYHbc10Ez5RRWeudJ53atZEhmZSvSEYPXgwBUyWgpJ0FoVXsbXeKlTciFgbQD3Q/xjWyOivPt39CJd4g857kmBF8GCPnfHsdOKcVljIloCXyMH5/RHAorDi/HSZZJmC7JSQbIuwAFVVqn5p4Q= Received: from DS7P222CA0004.NAMP222.PROD.OUTLOOK.COM (2603:10b6:8:2e::14) by MN6PR12MB8590.namprd12.prod.outlook.com (2603:10b6:208:47c::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6477.29; Thu, 15 Jun 2023 06:39:25 +0000 Received: from CY4PEPF0000EE3D.namprd03.prod.outlook.com (2603:10b6:8:2e:cafe::fb) by DS7P222CA0004.outlook.office365.com (2603:10b6:8:2e::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6477.38 via Frontend Transport; Thu, 15 Jun 2023 06:39:25 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EE3D.mail.protection.outlook.com (10.167.242.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6500.27 via Frontend Transport; Thu, 15 Jun 2023 06:39:25 +0000 Received: from aiemdeew.1.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Thu, 15 Jun 2023 01:39:20 -0500 From: Alexey Kardashevskiy To: CC: , , Tom Lendacky , Sean Christopherson , "Alexey Kardashevskiy" , Carlos Bilbao , "Santosh Shukla" Subject: [PATCH kernel 1/9] KVM: SEV: move set_dr_intercepts/clr_dr_intercepts from the header Date: Thu, 15 Jun 2023 16:37:49 +1000 Message-ID: <20230615063757.3039121-2-aik@amd.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230615063757.3039121-1-aik@amd.com> References: <20230615063757.3039121-1-aik@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EE3D:EE_|MN6PR12MB8590:EE_ X-MS-Office365-Filtering-Correlation-Id: 8c1ffd1c-650d-497c-69c1-08db6d6b42cb X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ivBkzBRVUPgBsiXoiBpOSM7CM24nJItxbPbDuKs4K4zmsknlovZMTMjPPYuU1biGs/Q6vYj3/Q1G0Cu/QP/ye0XDlToZtmdZz39of1T1fMF8ep0+KfchnxFtWz7pvTRKpBd9zDmumMnCeZx4xutpiwFWE70dknrzePyisMFfiqhPB0V/6SGBF/dZUM04pYSfmrYF2VnHuZKFsvOP8tA1yfarPIp0GO73RqAlGlZHZdrT7vSKXPfmXJwT9mKRFN5xebvpFpmmOwViiljtPx+xlTD6QpzM5P9H2cLoB6ldu5tAMTCP3KScaAZXtQEUqePXdft/LcSev+BqTIn/OFNkRmN9YILUNTy4WIu9BXEVe7j0lSp03GVI6+U4K0yLjR6aN4noZCBFK815wF9ml17QlSRR/a/rEdfldHarGac1Qm614xsSGquwm2wkadNrLvgIEhTTYExn6s7kaHwu3KEwKBK2L4A8rlvgKz7Rg13ZWoLLgoQxiP4lkjRbG6Co/ydzUuCT7Vf68jA6naBlZjQgUxPCS+pKfGQV/FPlrrzKreAmygZL/DdWnANIYy/RCB90gnLgmh+cBrBRKAvoKIRzrGFAP1Ci9TkMHBruUR0EB5ExMgeylavZP5wzbbQCq+zsGwC4qYz4S9QSa7yhPqYC/AOr9RxAUR2RJpBeGdXq/iXByRky2T2OaVgWuy3xtUArCbiJhQULVw3E33TNUrj/yUqx8vMDVD6tN2aeSt/HQ0p92D4UlgVs/YT4ZyxKD6pwesrz5qjpxone8BjFlaY/mg== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(136003)(346002)(376002)(396003)(39860400002)(451199021)(40470700004)(46966006)(36840700001)(82310400005)(40460700003)(316002)(6666004)(8676002)(41300700001)(82740400003)(26005)(83380400001)(81166007)(5660300002)(1076003)(36860700001)(356005)(8936002)(40480700001)(36756003)(426003)(336012)(6916009)(70586007)(70206006)(4326008)(478600001)(16526019)(186003)(54906003)(47076005)(2906002)(2616005)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2023 06:39:25.1518 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8c1ffd1c-650d-497c-69c1-08db6d6b42cb X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE3D.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN6PR12MB8590 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768751249705634758?= X-GMAIL-MSGID: =?utf-8?q?1768751249705634758?= Static functions set_dr_intercepts() and clr_dr_intercepts() are only called from SVM so move them to .c. No functional change intended. Signed-off-by: Alexey Kardashevskiy Reviewed-by: Carlos Bilbao Reviewed-by: Tom Lendacky Reviewed-by: Santosh Shukla --- Changes: v5: * new in the series --- arch/x86/kvm/svm/svm.h | 42 -------------------- arch/x86/kvm/svm/svm.c | 42 ++++++++++++++++++++ 2 files changed, 42 insertions(+), 42 deletions(-) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index f44751dd8d5d..a99f97a86c59 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -405,48 +405,6 @@ static inline bool vmcb12_is_intercept(struct vmcb_ctrl_area_cached *control, u3 return test_bit(bit, (unsigned long *)&control->intercepts); } -static inline void set_dr_intercepts(struct vcpu_svm *svm) -{ - struct vmcb *vmcb = svm->vmcb01.ptr; - - if (!sev_es_guest(svm->vcpu.kvm)) { - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR0_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR1_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR2_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR3_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR4_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR5_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR6_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR0_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR1_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR2_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR3_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR4_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR5_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR6_WRITE); - } - - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE); - - recalc_intercepts(svm); -} - -static inline void clr_dr_intercepts(struct vcpu_svm *svm) -{ - struct vmcb *vmcb = svm->vmcb01.ptr; - - vmcb->control.intercepts[INTERCEPT_DR] = 0; - - /* DR7 access must remain intercepted for an SEV-ES guest */ - if (sev_es_guest(svm->vcpu.kvm)) { - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE); - } - - recalc_intercepts(svm); -} - static inline void set_exception_intercept(struct vcpu_svm *svm, u32 bit) { struct vmcb *vmcb = svm->vmcb01.ptr; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 54089f990c8f..980faf460bfe 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -690,6 +690,48 @@ static int svm_cpu_init(int cpu) } +static void set_dr_intercepts(struct vcpu_svm *svm) +{ + struct vmcb *vmcb = svm->vmcb01.ptr; + + if (!sev_es_guest(svm->vcpu.kvm)) { + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR0_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR1_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR2_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR3_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR4_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR5_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR6_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR0_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR1_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR2_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR3_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR4_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR5_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR6_WRITE); + } + + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE); + + recalc_intercepts(svm); +} + +static void clr_dr_intercepts(struct vcpu_svm *svm) +{ + struct vmcb *vmcb = svm->vmcb01.ptr; + + vmcb->control.intercepts[INTERCEPT_DR] = 0; + + /* DR7 access must remain intercepted for an SEV-ES guest */ + if (sev_es_guest(svm->vcpu.kvm)) { + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE); + } + + recalc_intercepts(svm); +} + static int direct_access_msr_slot(u32 msr) { u32 i; From patchwork Thu Jun 15 06:37:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 108282 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp442539vqr; Thu, 15 Jun 2023 00:05:51 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ48Gtv6CxUE1hs3Cy4JIi7ZbjpL+P+9Qk6ZSpvmb1M9/9/DTbrd8+PkV6JtRJP6dzRHyoso X-Received: by 2002:a05:6a21:7899:b0:10c:ef9f:ddbd with SMTP id bf25-20020a056a21789900b0010cef9fddbdmr3983607pzc.8.1686812750701; Thu, 15 Jun 2023 00:05:50 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1686812750; cv=pass; d=google.com; s=arc-20160816; b=uGJ7JxqdKKSWLJ3yQUDb0uzIWl/EjI7wFiBd2tG46yMV1+hGcQFWeNNx7JbMhOV9K8 KIen3Ox1rrVJbM4FQcfV5x2pSCvy8HUOAlqubgOdE9AvtV0xOJhl2ZxHQY9hXcZgQFWa F77w6E8TUg8ouZHwglEUkiuSzJgCSBe/7cYnOhQp7z2fQdB3wLfn0FMgdddBKnVg7xjZ wfHZO1v/jCobs2w6gBpwxZCDksL/EEx+EBTFHdTQabMObbAGELclCXUkJbC6I9yLvenp d/9TypKedvLzaRhnilmyFH4J6G86QNQR7zkFid8Hyr0QfXAKZbshqmYHUtc1azuqIQye 1HBA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Kg9ib5I2Q/AaylL0JdrHW3hj8l/+c1ryN29MYDwuu90=; b=iYHMXh64TLQlXgPzkxH0x2lccWbyqpNXQuMGHJeQdQLdR+LJCo6habaoAj8UjBx7Ux CD2Lc62D3bds5ZsPR5vEN6Xe6xU2JhfyXHMTx0vV8EhM4Qhrv2mLSMkuhnOj/yky+fPX PH8dDNcIZMj+RMb7qtABc2C/KW0l3SGwojJKHCDuxQBIUurg8Ih+DVA2+gSDjtU9bHCr 3veXO74zblg62o6zgvpsBNqhun2R/Ol0/sap+fXwnfx2tpgzSL5md/KuphXALwRqVTHT 7p0/SVQNgD/Td+wyVA/gRjoXxoiPNBbOtvoILx01/CZSrIG7amn9+Ea7RxomPsFP3aHv r4nA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b="3dvlK/6K"; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f16-20020a170902ce9000b001b205a14113si13102172plg.386.2023.06.15.00.05.35; Thu, 15 Jun 2023 00:05:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b="3dvlK/6K"; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243849AbjFOGmk (ORCPT + 99 others); Thu, 15 Jun 2023 02:42:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49648 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243772AbjFOGl6 (ORCPT ); Thu, 15 Jun 2023 02:41:58 -0400 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2059.outbound.protection.outlook.com [40.107.244.59]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 64A5C295A; Wed, 14 Jun 2023 23:40:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XA4f2b3IA47RyNUyfovZa7F5Tak/AnPb6N46+OQaBpKplCqrKRE+Y9ep4lb4+c+7hC00B1JgUm9F1Dwv8xklTgLqb9BM5QSg81aqsrQXyGdPGchkPBUg+EYc/iohX5L6owY+8xzObeql4xiUm7QuGEhZiwIMpD/cvxN2BR9f9ZQhFsWuCDYT999pLU3JOtfjMLBs4mb8byuuKe0s7nNon/M2WtWxjuSKsFvz/OJZL4FuB5NIxnXvFw3cTVxTsCGTPqaWeScAs59WubZYhqG3lY6EClXn/zujYz/9qFQ2XtBiwOrqK/8Pqb4Ck7Nf7dckwK5HK6DgybqwzBaNLtj1GA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Kg9ib5I2Q/AaylL0JdrHW3hj8l/+c1ryN29MYDwuu90=; b=bMgfxZVm8GDBgnXpRZlDPtnGvGNE6WiKx1Xse07O3RQna6PEMM53CdJ35Yqnn/qpEHqR8d9fPXmwSMG1FhUJDAAfOeGNmvsx9n6eRpIVP9oAXy9HcNQlxARtWGyMrSILglKdtGAOWxYjOY5lZOsNE96uptv//EMgKsEpImJjkGukS4bHsF9l6+ggEKgMnlaoTkd3Rn3bQ7Z4I4nfpSZ3IdnET3v950QRrSU0x7gR/nF0BeMCw0Muua0L/4kAh8KYw0s/peJBcmZkMAWvWSdGRBNaWlMfBdvEjf7in6tFcq3M9fadlvUbMG/V+7XL5j6ox1JcEf8QPSD9Q/2PQ/Z/lQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Kg9ib5I2Q/AaylL0JdrHW3hj8l/+c1ryN29MYDwuu90=; b=3dvlK/6KwfIPaA0iJREn3QU2T7ElqbHvS2GVkRbcXwipl1ccOwHwgm/FHIPzpk1oNSzQiZ3yVSS4Cf/hXPtwyCmUsv/F4NU86K++CxyB072QCYAfgHkQw0tpfELVIa1cxab+1jMblPmpyEY3+fuEnxVUp0gMpFbgL1oGEcRlqgs= Received: from SN7PR04CA0221.namprd04.prod.outlook.com (2603:10b6:806:127::16) by IA1PR12MB8587.namprd12.prod.outlook.com (2603:10b6:208:450::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6477.37; Thu, 15 Jun 2023 06:40:26 +0000 Received: from SN1PEPF000252A1.namprd05.prod.outlook.com (2603:10b6:806:127:cafe::c1) by SN7PR04CA0221.outlook.office365.com (2603:10b6:806:127::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6500.25 via Frontend Transport; Thu, 15 Jun 2023 06:40:25 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF000252A1.mail.protection.outlook.com (10.167.242.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6500.27 via Frontend Transport; Thu, 15 Jun 2023 06:40:25 +0000 Received: from aiemdeew.1.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Thu, 15 Jun 2023 01:39:44 -0500 From: Alexey Kardashevskiy To: CC: , , Tom Lendacky , Sean Christopherson , "Alexey Kardashevskiy" , Carlos Bilbao , "Santosh Shukla" Subject: [PATCH kernel 2/9] KVM: SEV: Move SEV's GP_VECTOR intercept setup to SEV Date: Thu, 15 Jun 2023 16:37:50 +1000 Message-ID: <20230615063757.3039121-3-aik@amd.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230615063757.3039121-1-aik@amd.com> References: <20230615063757.3039121-1-aik@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF000252A1:EE_|IA1PR12MB8587:EE_ X-MS-Office365-Filtering-Correlation-Id: 08c00c44-2178-4d7c-6c06-08db6d6b66d1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: DERoq9eeBEF0iybZ1GP1zQW+Jji0EWcvqqegcwSdxNXl5h8wN2XjWKgQxjEk6xV2N4XOVfeQJk8aY+n6QBsAdEled77iivoZLXaUTxHKdCe451TZBA5qQQ8AWEg06iIyFCUxIoI7GX/cem4kJ/3+BXaQy4S0uMq083dWTSBfoFPNPff8QGm/MwFGPPekjQzhbo5k1uwz1NTQ4w+TeTlykqtSRrlQU0QQU6cH+oWolD9/8lmvgxKu2Cl8S4F7xgHU5FHptncDAUjGtQfSmNkt5yEa2hSVDqRbnGhaUBvxciyIEfFOfuqSvLfqu8KYBwH347A6F04Vm7j13pK2rHRB8rfVKz54EN+w4LR0gghwxze+nCAKNbGOhBLzgHsetQ2kXLuYwP/37K+RSnanCPD4Dd520WPatqg6a/G/rWD4lCzF1ei9jgxLRM83lH+XXMN0l7MZa/k1fCRqZKkFiyLheM4JOXsM7DTblh5oRYmtOtvrHr4NRRCU5eryzoUl2SICODIQprBEbajnJVnGBvcwYhOzVlWBhjaksL0Eo5a6fcgKE4goyf58U5vjfYvB1tbhDdpy7C4L4lCiJP0035czKBY0/noNJuojnYqBnUpEO+mJJVzqKdDuaID0SkQ7Y7/h1+P3i37KiC5oRdcvtUto61PflrnmrBLo8q3V8pnjZJE9WKXsCIrlZsmpSqSXdpspz75SjJiYG62RDPRthigr/6QkpJZkBzxivJGWZb8WCJDnEzONhf5aZzrQHteu4OGWkHIb62r1mg3qvuFE+9AOgA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(39860400002)(346002)(136003)(376002)(396003)(451199021)(46966006)(40470700004)(36840700001)(8676002)(8936002)(2906002)(82310400005)(82740400003)(5660300002)(70586007)(316002)(70206006)(6916009)(356005)(81166007)(4326008)(41300700001)(36860700001)(47076005)(83380400001)(2616005)(54906003)(426003)(336012)(36756003)(16526019)(186003)(478600001)(1076003)(26005)(40480700001)(6666004)(40460700003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2023 06:40:25.6361 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 08c00c44-2178-4d7c-6c06-08db6d6b66d1 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF000252A1.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB8587 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768751366896353661?= X-GMAIL-MSGID: =?utf-8?q?1768751366896353661?= Currently SVM setup is done sequentially in init_vmcb() -> sev_init_vmcb() -> sev_es_init_vmcb() and tries keeping SVM/SEV/SEV-ES bits separated. One of the exceptions is #GP intercept which init_vmcb() skips setting for SEV guests and then sev_es_init_vmcb() needlessly clears it. Remove the SEV check from init_vmcb(). Clear the #GP intercept in sev_init_vmcb(). SEV-ES will use the SEV setting. No functional change intended. Suggested-by: Sean Christopherson Signed-off-by: Alexey Kardashevskiy Reviewed-by: Carlos Bilbao Reviewed-by: Tom Lendacky Reviewed-by: Santosh Shukla --- Changes: v5: * new in the series --- arch/x86/kvm/svm/sev.c | 9 ++++++--- arch/x86/kvm/svm/svm.c | 5 ++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 69ae5e1b3120..c03bd063aecf 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2971,9 +2971,6 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm) svm_set_intercept(svm, TRAP_CR4_WRITE); svm_set_intercept(svm, TRAP_CR8_WRITE); - /* No support for enable_vmware_backdoor */ - clr_exception_intercept(svm, GP_VECTOR); - /* Can't intercept XSETBV, HV can't modify XCR0 directly */ svm_clr_intercept(svm, INTERCEPT_XSETBV); @@ -2999,6 +2996,12 @@ void sev_init_vmcb(struct vcpu_svm *svm) svm->vmcb->control.nested_ctl |= SVM_NESTED_CTL_SEV_ENABLE; clr_exception_intercept(svm, UD_VECTOR); + /* + * Don't intercept #GP for SEV guests, e.g. for the VMware backdoor, as + * KVM can't decrypt guest memory to decode the faulting instruction. + */ + clr_exception_intercept(svm, GP_VECTOR); + if (sev_es_guest(svm->vcpu.kvm)) sev_es_init_vmcb(svm); } diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 980faf460bfe..9c1b191aed4b 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1256,10 +1256,9 @@ static void init_vmcb(struct kvm_vcpu *vcpu) * Guest access to VMware backdoor ports could legitimately * trigger #GP because of TSS I/O permission bitmap. * We intercept those #GP and allow access to them anyway - * as VMware does. Don't intercept #GP for SEV guests as KVM can't - * decrypt guest memory to decode the faulting instruction. + * as VMware does. */ - if (enable_vmware_backdoor && !sev_guest(vcpu->kvm)) + if (enable_vmware_backdoor) set_exception_intercept(svm, GP_VECTOR); svm_set_intercept(svm, INTERCEPT_INTR); From patchwork Thu Jun 15 06:37:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 108285 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp443542vqr; Thu, 15 Jun 2023 00:07:56 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6GFmyrkanWG9q9zTPhPcwhD7icBtam7FowEoQUe79fPzUNy5svfbzAjO+4OjJo7kp19UC3 X-Received: by 2002:a17:907:7202:b0:96f:cb13:8715 with SMTP id dr2-20020a170907720200b0096fcb138715mr17037373ejc.69.1686812876323; Thu, 15 Jun 2023 00:07:56 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1686812876; cv=pass; d=google.com; s=arc-20160816; b=LbGLZm1Vdjz5z38IMnvP0/cSHagrANxaEBzgUACmJnGGUKGcrJ3lHvDcTfSw1hLNOt oQKMNFvVRCFwiHxDrEHJ/CuBEvslTsEGWk2U6cmxhuvOc/5cVdmojn+CMOX4/axq5mna 8M3OLG+ACvRWJszGCK9WQI7WDwAWkcFJRgr2xMakmWPXpuW7O7ZBQOayXxABZgkkke3p ZM8SSaK5Vq/fl1p/qKPD46veOUckhBZCJpdDv3RWv9CEB3iZXKC6VSZoLrqNtHnRYE0f By1Nv3KOGO81Oik9oeat3gqbcoPL9HgGm4bH90slGjd3y5uGvDhOKgQYDKtszFVJM3O1 gYlg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ySSvHF+Kt6SA8jUjxcgvyZ9/NMqnoIUJuAV194EDdUI=; b=kK+RYUYBysPjUeQs4yIbXAmBmSwThC7Mj9ueb7jazpWlXmBfZKbs8URDpj5mpvKv2U wTBvOnTrF+r3Tcb05HWWLfReGeM0+Y4mBpnOFWd2OTn5QiODTzg7uffFGlMU94m7AsPU rqLgjeRvBKSiGmxILw4eqhr+f6rn0t55GQIZZaKqmg2YwWU/83nF02w/ckfIxD+Pf2t4 0xCPRV2RdzIPPOOzry8mwKimQOwEOvcDNv1p06zxgLS889WH5GMyKDgeDh2UWtaDltOO W3vxcr9PnkWZN/I13J9gwjT5/8rMjTGXEwey3hYDqonrgIitvW4Xa7D8sbj9QOeQH9Up XZEg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=RQnliIUw; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g20-20020a170906349400b0096f6c4da714si9048509ejb.235.2023.06.15.00.07.30; Thu, 15 Jun 2023 00:07:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=RQnliIUw; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244193AbjFOGnB (ORCPT + 99 others); Thu, 15 Jun 2023 02:43:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50022 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244066AbjFOGmT (ORCPT ); Thu, 15 Jun 2023 02:42:19 -0400 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on20603.outbound.protection.outlook.com [IPv6:2a01:111:f400:7eaa::603]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 39BED2D5A; Wed, 14 Jun 2023 23:40:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=i2JHHOxAY7DSxY0YTfC29pE0o8LlxooTiQbXYkDg8XQOBf6+sf4rnJl637z6A7KkZPzhkrdAMmByy5OAgDVWaAigQF+OPtbX9FJ/lIKZi2WQNbsd/Vczb4Ur9hX/EEh54PsyNjjCXBc+zDYa6sLDW1xnQpGjAzBX8miTPRqxvp+U2sDI0SACMDzqIhsxqCSg4sWp0l1X7XlQ4svVPXr+OlIttgDoiJ3CcO7WHe7jwTDwHxJRHnNxQM+ZDPMdFqEhMuYZOXnMjHq/PagtoKfx4PR2K4ntoYHp1pgIxYJbmgURaa8Se0HQT7z9hlm8D19inO8TZLLvYpEVyVubeFa+2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ySSvHF+Kt6SA8jUjxcgvyZ9/NMqnoIUJuAV194EDdUI=; b=bzSBDPbhylSG59jtlGtbmV5mJ7ubsJm9N2sxX6fedWC4rTy9IOGKLE/8kxvtEhWX339pvU+6SGywPHeUNKWp6kNemg1wRWdZuXgAVdBTh+Q+IoI7zVA6WQErc8otG2e5inG7MTfPcs7EmfdZM1dq6TsfEjRy3CMMDDXOzDOc1xTaq85/6+jerVrLO8TyFyXqu2iNFYixbPGmSeMwhGbl/1k750WsnnbfNxycOGEIQjc+SR0JbfqYlPicwaLQz4LVUeEklV85CTKWq7igeTS8Ly/t4JoC9F23QzFrALo+GhJbCubdLIR79xSCXd9vnZVJc3s0N7QIbpt3UUZIy8fZ7g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ySSvHF+Kt6SA8jUjxcgvyZ9/NMqnoIUJuAV194EDdUI=; b=RQnliIUwBvie59Y7J/3NUoP9qJF7MbggDGB+YCPvM94FptBYZyT77oJsaWegoBNI23BAUwJKGV8KHY/c1OYpSyQelzzAfP+59rTeKIHAKfee9sYaL+W/pAV+MQwjR7mA+aHikPciZYc6GubMArlKLOyupu33U/BSPSOV55wUbbg= Received: from SN7P222CA0006.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:124::19) by DM4PR12MB6637.namprd12.prod.outlook.com (2603:10b6:8:bb::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6477.29; Thu, 15 Jun 2023 06:40:44 +0000 Received: from SN1PEPF0002529D.namprd05.prod.outlook.com (2603:10b6:806:124:cafe::1e) by SN7P222CA0006.outlook.office365.com (2603:10b6:806:124::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6477.38 via Frontend Transport; Thu, 15 Jun 2023 06:40:44 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF0002529D.mail.protection.outlook.com (10.167.242.4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6500.27 via Frontend Transport; Thu, 15 Jun 2023 06:40:43 +0000 Received: from aiemdeew.1.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Thu, 15 Jun 2023 01:40:40 -0500 From: Alexey Kardashevskiy To: CC: , , Tom Lendacky , Sean Christopherson , "Alexey Kardashevskiy" Subject: [PATCH kernel 3/9] KVM: SVM: Rewrite sev_es_prepare_switch_to_guest()'s comment about swap types Date: Thu, 15 Jun 2023 16:37:51 +1000 Message-ID: <20230615063757.3039121-4-aik@amd.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230615063757.3039121-1-aik@amd.com> References: <20230615063757.3039121-1-aik@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF0002529D:EE_|DM4PR12MB6637:EE_ X-MS-Office365-Filtering-Correlation-Id: a708e515-c8ff-450b-ac7e-08db6d6b71ba X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: M4nUhyx5QltgfzH0eTbyHPuqcGWGQQQ66AA+oYERzxVUUsiLMXGGR5tUusrOG+3ZbYLBzbKUC5Zalz5eEkYWDTgLF0q662NttxjyNV5qboA1LH6xxHCDYAUVHqw3kxTIH4aTZvlHGYIoJob5RH3ifo60CnRSW+m2TLe5wr2K4ltbWYRO24UiZrbkWJmbQDN/8EbJBz0L1BArUBiASbcNIgj+OolMdTzf3eSbJF/MZW6nRZLeNSNJ9YRyhMojEONAIJ9f6eaUPafIRYzIhV4B+QzmIdLxDvmUYm/l4IXBEz/ZOqt1GezsJe4R08xBBICG95WlUbJAUz3+QVBbVSUTDo/AOBmJ6wyvDfPMQNmbrKEq/8ypl1wsXdyGWiVomTeIMpopRpIs553cOPVhkf+eRLZx+XUljcNJ/96JNWCisIvhw6dHJiOVHZZFr2AGx8ipvYS2oM8+rMP3CKENTZoncByVoT/ElBmjjz4T62P7DGSLc85cr1gd/mzf19qVatUlPBGEGiVVUudxf2IYLuu0WVKvOFVLVLY+jg9V6sQzWSQhRi2vpiN1LQuK609Ztrsm92Xa2sDStz0eDeBh9/ROR6GPnXyMbB6KMY4ie5GP8pghrljHa+Uyt4iXFH3LLRW66yo/+AiS7SlA+hQ/eVLcgkIEOwxuMGOqeZKvmVbYMJCO/4oblxJCdvqCRmoCvWahaW+vzVLA7zmbHWM0ewABrfQjDw8Tt9uPCxuxqZgpxK+pShwbvs+loUT63Gg+NuVwOLf3iK/6RpGQ3Y39N3UvyA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(39860400002)(136003)(396003)(346002)(376002)(451199021)(46966006)(40470700004)(36840700001)(36756003)(47076005)(478600001)(4326008)(6666004)(6916009)(54906003)(70206006)(316002)(70586007)(356005)(8676002)(5660300002)(82310400005)(40480700001)(8936002)(41300700001)(2616005)(2906002)(82740400003)(426003)(186003)(26005)(81166007)(1076003)(83380400001)(16526019)(36860700001)(336012)(40460700003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2023 06:40:43.9419 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a708e515-c8ff-450b-ac7e-08db6d6b71ba X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF0002529D.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB6637 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO,SPF_HELO_PASS, SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768751499092482484?= X-GMAIL-MSGID: =?utf-8?q?1768751499092482484?= From: Sean Christopherson Rewrite the comment(s) in sev_es_prepare_switch_to_guest() to explain the swap types employed by the CPU for SEV-ES guests, i.e. to explain why KVM needs to save a seemingly random subset of host state, and to provide a decoder for the APM's Type-A/B/C terminology. Signed-off-by: Sean Christopherson Signed-off-by: Alexey Kardashevskiy --- Changes: v6: * new to the series --- arch/x86/kvm/svm/sev.c | 25 ++++++++++++-------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index c03bd063aecf..36fe2fcb4698 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3020,19 +3020,24 @@ void sev_es_vcpu_reset(struct vcpu_svm *svm) void sev_es_prepare_switch_to_guest(struct sev_es_save_area *hostsa) { /* - * As an SEV-ES guest, hardware will restore the host state on VMEXIT, - * of which one step is to perform a VMLOAD. KVM performs the - * corresponding VMSAVE in svm_prepare_guest_switch for both - * traditional and SEV-ES guests. + * All host state for SEV-ES guests is categorized into three swap types + * based on how it is handled by hardware during a world switch: + * + * A: VMRUN: Host state saved in host save area + * VMEXIT: Host state loaded from host save area + * + * B: VMRUN: Host state _NOT_ saved in host save area + * VMEXIT: Host state loaded from host save area + * + * C: VMRUN: Host state _NOT_ saved in host save area + * VMEXIT: Host state initialized to default(reset) values + * + * Manually save type-B state, i.e. state that is loaded by VMEXIT but + * isn't saved by VMRUN, that isn't already saved by VMSAVE (performed + * by common SVM code). */ - - /* XCR0 is restored on VMEXIT, save the current host value */ hostsa->xcr0 = xgetbv(XCR_XFEATURE_ENABLED_MASK); - - /* PKRU is restored on VMEXIT, save the current host value */ hostsa->pkru = read_pkru(); - - /* MSR_IA32_XSS is restored on VMEXIT, save the currnet host value */ hostsa->xss = host_xss; } From patchwork Thu Jun 15 06:37:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 108283 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp442560vqr; Thu, 15 Jun 2023 00:05:54 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4AnqCycUlDLdfEEUKdEoXdpFPWg2fZNnNu0yy7FJ8ohDpi2Fxvgyze6e/4IFcbqi+N78nk X-Received: by 2002:a05:6a00:1a4b:b0:653:de9a:d933 with SMTP id h11-20020a056a001a4b00b00653de9ad933mr4539863pfv.17.1686812753863; Thu, 15 Jun 2023 00:05:53 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1686812753; cv=pass; d=google.com; s=arc-20160816; b=es8fEyXqD9kvSJWviaUjgfCdwks0AheK/7FXJPo1W40u4eS2HHHdSu3LULsXqoaiip 6K/AZlvvl9q1/gc/tCeMDKTZWVxzoKGHHzlYMB/fwSgd1oCjU+IEWew9WLozNd6Cf1i7 3nTgYjDQBiOMsV4joHhck4gjdexBfR7viTYoWsTiw2UYFbHzWEOVEc1t2rVFWwJoMKFG EB1092h6pLTkAIwyCVP6Pc7UhQQj4Zo8NtN4hmTz8EZ3z8lxPYJH8xFDieZKlFXyeMAD 8sIbTPW+28MIG/g7dI/uc7qSwSG6TCS1sfDbR5JjbrxB3S+rrgxfmY+vVxUhh4ze+h1z cQKw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=pa3S2hiu7F5Vfcg22CIERzw2g3AZjEjHTEEf5GOdD9Q=; b=a0AxxiuyKHsIrS1R36erlX26N+3zoOb8c+fbguZTvlJzZmHeYQ2lZVpFfqIrKCd1Jq bP85FsqtDT8Rk8ZcSuLScBHthGBVc0P05QgYUwXcpkQe1gpb9Wv/B0MzPaRJ9HeQNNTS vJhTB61Wx+ZuTgDPRJ+XCUMCC2PL8TBDrI7eLfMJH/hWDEFI5cgsOqGgHsQt3zIU3W/z uJOMQtmoZYC3C7umc4OAsYKtIlygPlFR6rVTM645Vt7eWTX2SaSTo92G8ixTLgjThSTJ ffOCKq8+2VCe73ED7CY0Hi5c8o7xzHRJYM78D8IciLoXf7PNdRwT01Cnh5q0W0sB1EBA BOiQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=HJ9cARrA; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m11-20020a056a00080b00b0064f3c650248si13378248pfk.91.2023.06.15.00.05.35; Thu, 15 Jun 2023 00:05:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=HJ9cARrA; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243910AbjFOGn0 (ORCPT + 99 others); Thu, 15 Jun 2023 02:43:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49858 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243895AbjFOGml (ORCPT ); Thu, 15 Jun 2023 02:42:41 -0400 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on20607.outbound.protection.outlook.com [IPv6:2a01:111:f400:7ea9::607]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4223F2D7D; Wed, 14 Jun 2023 23:41:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YfG2HxOj8RrI7+l71LS++518qpVnYCwgNw35tC0/Eu6SePXz+6Bfp090SVBzAKzhaeweMjJKHzqa3JpmAccaqHQx+pQl1pYTkV7JYHfB0Rdjm74m1fKV3Y1z1PuZIa/LCipLqPlPoIOWZ5rrWeLwDdpibmB+feFGIeev6l+eVUqCmId/dNTDZMVq26/hkyDeXn/VIfUgErw9P+y3iJRpZTU/ol1hL4wNb/L/XzvURZW8AoNJVNNrOoiRyM42FF7h5WIRTkDe7IERbLDiERhSMJdVgcT2ePxOM6+XsW9aLDWhmblJSgyI7OluYSPi53zY/NAvRhcz9fH3LLp7BMbc1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pa3S2hiu7F5Vfcg22CIERzw2g3AZjEjHTEEf5GOdD9Q=; b=aPELlVCNvgLi8Oxa5I4aEdW4Hc6Xxa3x3FQklRLNWbXcYsrveV1bD9LwlrpD5JUDsRdK74DIecgvJ8jX+aI15NOBg5Wxb3wfTQb1dP9oj7P4SLzgzxdm2QexiV4dNZp6k6U8T+HWorKvGfZTnXwCDNbQNm45xUHfi3UWUuB6u+XYkE00/jXakAHYKAGnT14BWunCuSK0dqFl7MqcMCue/+MgJinZI63hw4AnQlStnRN+wXJC5EnBg0eqlr/rDIoKiZ2CSXfnR42WCIK3ZADdwV+FJU76zllx8qbwVf5yCfcpnW/wOWjFVx94Tc961nQFgBBfaRIu/KZTjV1lk2Kchg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pa3S2hiu7F5Vfcg22CIERzw2g3AZjEjHTEEf5GOdD9Q=; b=HJ9cARrAC7LtcOawrWV7jnH1roRdyda1XxU9esMcSQ9WePJofVwJNRP1+nQAS+PWdr9SelS/rBpnXLrYAKg0zLeHJnOCIzcxi8pMQwyaJixz2Vp+xOrmN9mqLyfEn1uC0GAsedZvNZIeXp0Yl9peb2ycVvU5XTYDFQ70B+3mT70= Received: from SA1PR05CA0007.namprd05.prod.outlook.com (2603:10b6:806:2d2::9) by LV2PR12MB5871.namprd12.prod.outlook.com (2603:10b6:408:174::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6477.37; Thu, 15 Jun 2023 06:41:19 +0000 Received: from SN1PEPF0002529E.namprd05.prod.outlook.com (2603:10b6:806:2d2:cafe::69) by SA1PR05CA0007.outlook.office365.com (2603:10b6:806:2d2::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6500.25 via Frontend Transport; Thu, 15 Jun 2023 06:41:18 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF0002529E.mail.protection.outlook.com (10.167.242.5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6500.27 via Frontend Transport; Thu, 15 Jun 2023 06:41:18 +0000 Received: from aiemdeew.1.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Thu, 15 Jun 2023 01:41:14 -0500 From: Alexey Kardashevskiy To: CC: , , Tom Lendacky , Sean Christopherson , "Alexey Kardashevskiy" Subject: [PATCH kernel 4/9] KVM: SEV-ES: explicitly disable debug Date: Thu, 15 Jun 2023 16:37:52 +1000 Message-ID: <20230615063757.3039121-5-aik@amd.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230615063757.3039121-1-aik@amd.com> References: <20230615063757.3039121-1-aik@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF0002529E:EE_|LV2PR12MB5871:EE_ X-MS-Office365-Filtering-Correlation-Id: ec44b2ab-b057-4f9e-e05a-08db6d6b8688 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: uj4x6OIojfXw5t3qiRU+kuB2mHnlmG7o/Hvn78GzMushLoC+ZFKAuSJ0+YGLW0fyz2iB9+6a/DLzy5qzkrzk3kYGXq+NEfDW1HysJ1UXjJ5o+4xPuXthwmW+6ecIQJsh+B64nwmJGIada9gaszg0IZ2pLUcghlggmxb2RG7ky2fw2hPUMymPCR4PYV8WGeBPSQS3ZsV6LSWD/vhv46q7Ej8MyPVTTS2LYRZm03dWrUrpnvlKrKPME3j5CdH7ZxnN+Wb7iOlGrjgY44WsmfHJdYEWXU1f1pcMbseC1j/GtzJ/BxWE5JJUWA8UVRJVDZAKplPLQs/0dDmbrLqVU19mw/Clev4Ls+EH2g54NK3gVjHA9Et3zichpw8TSenXltGOrhkeZCPw3EYAYR082ngMxZV87ZTFru1e8+O/YFPjbtiYKmFT+JK1icrQtt/X905KwmTCkrYhYS9nSwh+dYOQZ9uPe/gYUj8Lc/2g5vl0ZX49l8ABjFk2+lnQiqhYV8kJtifvexwpKuatoYCZUilCY5LgJJhIvxBColKdpc9s9HuBBzggBHsBAYWPhGYVlD3XBKvYoZT/TRQY2myVOOUO9NS7vqj3Weul1PWZ8A3S/yPU2c7p3hWMbqD7HM1MusP2urzJTI1fSrt28MniTNj6KiKEU8lVWBW7hhh6tznIlpmUIQIza6QgDlxMqk/q7EWbkUj4AsuLACCWGTGNfBkmZvDTC0B1XtuwzZb0elyDqm+4yWDq1UVBADDq7PbzKO9K7tAFh3AtuRXOQ7fiR6j0qA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(376002)(39860400002)(346002)(396003)(136003)(451199021)(36840700001)(40470700004)(46966006)(82740400003)(356005)(81166007)(40460700003)(40480700001)(478600001)(6666004)(54906003)(316002)(41300700001)(5660300002)(8936002)(8676002)(6916009)(70586007)(2906002)(70206006)(4326008)(47076005)(426003)(83380400001)(82310400005)(36860700001)(336012)(16526019)(26005)(186003)(1076003)(2616005)(36756003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2023 06:41:18.8008 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ec44b2ab-b057-4f9e-e05a-08db6d6b8688 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF0002529E.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV2PR12MB5871 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO,SPF_HELO_PASS, SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768751369948640737?= X-GMAIL-MSGID: =?utf-8?q?1768751369948640737?= SVM/SEV enable debug registers intercepts to skip swapping DRs on entering/exiting the guest. When the guest is in control of debug registers (vcpu->guest_debug == 0), there is an optimisation to reduce the number of context switches: intercepts are cleared and the KVM_DEBUGREG_WONT_EXIT flag is set to tell KVM to do swapping on guest enter/exit. The same code also executes for SEV-ES, however it has no effect as - it always takes (vcpu->guest_debug == 0) branch; - KVM_DEBUGREG_WONT_EXIT is set but DR7 intercept is not cleared; - vcpu_enter_guest() writes DRs but VMRUN for SEV-ES swaps them with the values from _encrypted_ VMSA. Be explicit about SEV-ES not supporting debug: - return right away from dr_interception() and skip unnecessary processing; - return an error right away from the KVM_SEV_LAUNCH_UPDATE_VMSA handler if debugging was already enabled. KVM_SET_GUEST_DEBUG are failing already after KVM_SEV_LAUNCH_UPDATE_VMSA is finished due to vcpu->arch.guest_state_protected set to true. Add WARN_ON to kvm_x86::sync_dirty_debug_regs() (saves guest DRs on guest exit) to signify that SEV-ES won't hit that path. Suggested-by: Sean Christopherson Signed-off-by: Alexey Kardashevskiy --- Changes: v6: * fail in LAUNCH_UPDATE_VMSA instead of clearing the flag * pr_warn_ratelimited -> pr_warn_once * due to the rework, removed Tom's "rb" v5: * new in the series --- arch/x86/kvm/svm/sev.c | 5 +++++ arch/x86/kvm/svm/svm.c | 9 ++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 36fe2fcb4698..981286359b72 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -619,6 +619,11 @@ static int __sev_launch_update_vmsa(struct kvm *kvm, struct kvm_vcpu *vcpu, struct vcpu_svm *svm = to_svm(vcpu); int ret; + if (vcpu->guest_debug) { + pr_warn_once("KVM_SET_GUEST_DEBUG for SEV-ES guest is not supported"); + return -EINVAL; + } + /* Perform some pre-encryption checks against the VMSA */ ret = sev_es_sync_vmsa(svm); if (ret) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 9c1b191aed4b..bec6fb82f494 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1996,7 +1996,7 @@ static void svm_sync_dirty_debug_regs(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); - if (vcpu->arch.guest_state_protected) + if (WARN_ON_ONCE(sev_es_guest(vcpu->kvm))) return; get_debugreg(vcpu->arch.db[0], 0); @@ -2727,6 +2727,13 @@ static int dr_interception(struct kvm_vcpu *vcpu) unsigned long val; int err = 0; + /* + * SEV-ES intercepts DR7 only to disable guest debugging and the guest issues a VMGEXIT + * for DR7 write only. KVM cannot change DR7 (always swapped as type 'A') so return early. + */ + if (sev_es_guest(vcpu->kvm)) + return 1; + if (vcpu->guest_debug == 0) { /* * No more DR vmexits; force a reload of the debug registers From patchwork Thu Jun 15 06:37:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 108278 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp440680vqr; Thu, 15 Jun 2023 00:02:10 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6x0AFvLmXJlo0KOnWINzNJTi3caiqHpIC5Wg0WiNSRAxEQGXcYZy0JwmFQx3OLSW53yS59 X-Received: by 2002:a05:6402:1e89:b0:510:e8dc:f2a7 with SMTP id f9-20020a0564021e8900b00510e8dcf2a7mr3911740edf.7.1686812529712; Thu, 15 Jun 2023 00:02:09 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1686812529; cv=pass; d=google.com; s=arc-20160816; b=a6wp85/06b9pwaI82PXm0zFl+VBLyj/E4xHDS/O+ekXPEmnv4j1lcn7SGFjvtjZL4/ iIYyHM6FL6L3x5dyZ0n/ZW+Buolj8E2mYYyH+QuU3KAt0nEzX4EYnLAP6UahdQCgAMb0 +GZaX5tyrIfBmuZbEh2wiAhOSx7igLrv0SC1b4XgL5B4dI7ozTFKR/eTRj6C6VJBneZW PgbIxK0aUiv/bc7MO0VZwuB7vMyhqb5gw7wQ6v9HpfwEeWjhIxNtYDTSMHgkdhSUT9A9 nw719WNjRaLgoJkey9ih19dsYtfgFh/9xyHuBWFSYpZD/Y6bCFjbH429TbNOXnGFJmH3 UJ5A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=WFig3m3GZo4xcuo46AjjaGz5wr8vSn8NjIqI6ME3K5g=; b=O1TvFbSocE/ye0rvG/Ex9BP21KihSV2BTnvRO2OUBefkKkoLw6JBCuWq+RyjtaFo75 FeAZPVVfyJK9uA0PpZwiXrvCfWOqHJ2QeO5jNHcUhctmB4JRmJayYs3m7I+K/s0ZRL6c uCXcXSHdoxnsqdFINsTITONtyp7pLuh9scoMmO2X392/yugVNDInoenfMEmIrJDWLGE5 3qoBHzZ9sHd9IcVj8wnlzso935W3zl+a5IYbWMGZa5hAjiIwmiMuPxYwyMqQ2VkypqrE bgcoF0ou+oTNymiajxUWFy+6mSJF+sdZWnn4YRW8rxqxPtunWgIFJ3KcJKKCslixRXWm IFXg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=Hf4k63g6; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y13-20020aa7cccd000000b0051633021221si5295253edt.468.2023.06.15.00.01.44; Thu, 15 Jun 2023 00:02:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=Hf4k63g6; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243895AbjFOGpL (ORCPT + 99 others); Thu, 15 Jun 2023 02:45:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53604 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244085AbjFOGoX (ORCPT ); Thu, 15 Jun 2023 02:44:23 -0400 Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam04on2061b.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e8b::61b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D11C735A2; Wed, 14 Jun 2023 23:42:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XRd/I8cRayPT1Rm85BY1tkt2NtYef09uW9MXj//ow6GWcDhX0w+dkr44VmoYpxvMd7ExHYONSkCErJ4kcqV+lmiNr3JecJ/shgq0bqQc/sy25imr/9Vw8xdDfvRJuxc7WL+lQFPQQDrnhIBkofQDBFEd9LL4QrX9Or7kmL0cqtDKyV4N6gRq1rItL5G10+RUDlTTH2Xrtjgam/+P5d+68D1dK0czbfvVbOOjzeVN+nodEDMJA2rhoNRrBhTnvO+Gzg4bxneQ4AT9FZts6u3Bm5PRj5T2XKPAAE0ocLmlPL6iopaiNt+daTABy8R10xpHL5ClT5LdMKqAW8N5WWCsdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WFig3m3GZo4xcuo46AjjaGz5wr8vSn8NjIqI6ME3K5g=; b=eX8UStRQZKCkzwnuyb2eSKNSeD9Uzq05aqGM3a9Fm0jgv0WUKMmLTuehkrzx8jdMxvu+ISxCIA3be5Skc2X5smWdl2tFbtFBDg3NlQWr0Y0ob+7mmrvgeYjLEM23y7FIvLcx+gkrBgHcshy5c23YGo96EKveEWC1JFpu1+Fi1udDB4mHjYqdIGRU0Nr9vV9EG1ZS9qUAm64i37s6S8BNPlbPYJZyH5wVvBCZnd0ttIzcc4jnHfwAA4JCRMYt1jeBxD4vmZwiUx71aduZuWa/mbV5J6r2hXpm5KMRt/CWKaYTMsMz4bZ87j6Khsioo3d4RlhPc+IXNjbykUD7TLOTxA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WFig3m3GZo4xcuo46AjjaGz5wr8vSn8NjIqI6ME3K5g=; b=Hf4k63g67b7ZOeWnhWgaiisQriakKcCbNxvNJwEJQJylk26wnYpZXNsjPWUA0SKL5l5ailKLP815SJP3+rw/jfGMseq6Ze1HKdrSLQmKu8xMVgs+uUV+GXJmydEqzTLOdGIoJmEHDw1SqA0GQzIx7Smt/Me2+7caDR/joXhYG+M= Received: from PH8PR07CA0009.namprd07.prod.outlook.com (2603:10b6:510:2cd::27) by PH0PR12MB8030.namprd12.prod.outlook.com (2603:10b6:510:28d::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6500.25; Thu, 15 Jun 2023 06:42:55 +0000 Received: from SN1PEPF000252A1.namprd05.prod.outlook.com (2603:10b6:510:2cd:cafe::3d) by PH8PR07CA0009.outlook.office365.com (2603:10b6:510:2cd::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6500.25 via Frontend Transport; Thu, 15 Jun 2023 06:42:55 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF000252A1.mail.protection.outlook.com (10.167.242.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6500.27 via Frontend Transport; Thu, 15 Jun 2023 06:42:55 +0000 Received: from aiemdeew.1.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Thu, 15 Jun 2023 01:41:48 -0500 From: Alexey Kardashevskiy To: CC: , , Tom Lendacky , Sean Christopherson , "Alexey Kardashevskiy" , Santosh Shukla Subject: [PATCH kernel 5/9] KVM: SVM/SEV/SEV-ES: Rework intercepts Date: Thu, 15 Jun 2023 16:37:53 +1000 Message-ID: <20230615063757.3039121-6-aik@amd.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230615063757.3039121-1-aik@amd.com> References: <20230615063757.3039121-1-aik@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF000252A1:EE_|PH0PR12MB8030:EE_ X-MS-Office365-Filtering-Correlation-Id: d84c6f1d-879f-403b-1962-08db6d6bc00f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 5FBFzCiBFHu3SUju6e6+DryKm47pLbE3f6sLHbocN4Piy9HwklI+W5zULSCfg5/ahF0dzhvyPZxVeEQQYBxWRH/pCFNHw0fLLxsgOHS5K9nkoB+Mc/PZxP3Pg+xc2ewnmCpAdSoxxL4FqVZ1E3dF1teHfqt3Q7W4auizPscmfCm9g7RfdwNWPUfbiP3GwFdtaGnNcWlKg9uxz/R/iLryGV9OfBwTQIbHHb4WMHZ+1RLUs4+zd6Ie5JI673vYwRcGtXWH+vqRQa4UHud344VyxiPw5tL+TsAvnaBWNMAIIUsbSr68EJAqAwcCiLjLvKFFC1BQqDXt580sAp0mhmbEUabsheQ07/J4XYzxakwtogFclroDTK/kfcuwPHP4f55A9MGEl++Ssl9L1d/klCiM/MmxDnTQA/x54Q+reDbnfTZVGbhJRZEe6SS5qw2iVF+9FjQ5YePRp4ZaDXu3oRdovrfShH4J2yfN/HKSzAbSU69H5e8Zd0Yi0akc5j77wz7flQx0vuJZvPSmu2yos0UVUxgdkisyHtlDabprVOrSUrt+Q0wYqnBwDgoXw2YRoHqxiQiVLmX8wt/WloY2KqVkPAGZ7D9Bch/STQWAqw2W6lLc6I+FB5tO3w7jhcGT+zih4PFXO04noaPmroI905Rr9WAsx0qUY+tQB5U9O81+m+0JfffQBap6REIjQtJhUbSomZYK1nCw98AcmUadtYRarJfHbKXXBdGkbARirvpHPy9q2vX9PYZeIt2FLjdpL8sC X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(376002)(136003)(39860400002)(346002)(396003)(451199021)(36840700001)(46966006)(40470700004)(1076003)(26005)(16526019)(478600001)(36756003)(186003)(966005)(40480700001)(6666004)(40460700003)(2906002)(8936002)(316002)(41300700001)(8676002)(356005)(81166007)(82310400005)(5660300002)(82740400003)(336012)(426003)(54906003)(47076005)(83380400001)(2616005)(6916009)(4326008)(70206006)(70586007)(36860700001)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2023 06:42:55.3575 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d84c6f1d-879f-403b-1962-08db6d6bc00f X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF000252A1.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR12MB8030 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO,SPF_HELO_PASS, SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768751135208004076?= X-GMAIL-MSGID: =?utf-8?q?1768751135208004076?= Currently SVM setup is done sequentially in init_vmcb() -> sev_init_vmcb() -> sev_es_init_vmcb() and tries keeping SVM/SEV/SEV-ES bits separated. One of the exceptions is DR intercepts which is for SEV-ES before sev_es_init_vmcb() runs. Move the SEV-ES intercept setup to sev_es_init_vmcb(). From now on set_dr_intercepts()/clr_dr_intercepts() handle SVM/SEV only. Extend the comment about intercepting DR7 which is to prevent the CPU from getting stuck in an infinite #DB loop as described in https://bugzilla.redhat.com/show_bug.cgi?id=1278496 No functional change intended. Suggested-by: Sean Christopherson Signed-off-by: Alexey Kardashevskiy Reviewed-by: Santosh Shukla Reviewed-by: Tom Lendacky --- Changes: v6: * updated the commit log * updated the DR7 intercept comment in the code v5: * updated the comments * removed sev_es_guest() checks from set_dr_intercepts()/clr_dr_intercepts() * removed remaining intercepts from clr_dr_intercepts() --- arch/x86/kvm/svm/sev.c | 11 ++++++ arch/x86/kvm/svm/svm.c | 37 ++++++++------------ 2 files changed, 25 insertions(+), 23 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 981286359b72..744bcc2e6a05 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2948,6 +2948,7 @@ int sev_es_string_io(struct vcpu_svm *svm, int size, unsigned int port, int in) static void sev_es_init_vmcb(struct vcpu_svm *svm) { + struct vmcb *vmcb = svm->vmcb01.ptr; struct kvm_vcpu *vcpu = &svm->vcpu; svm->vmcb->control.nested_ctl |= SVM_NESTED_CTL_SEV_ES_ENABLE; @@ -2976,6 +2977,16 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm) svm_set_intercept(svm, TRAP_CR4_WRITE); svm_set_intercept(svm, TRAP_CR8_WRITE); + /* + * DR7 access must remain intercepted for an SEV-ES guest to disallow + * the guest kernel set up a #DB on memory that's needed to vector a #DB + * as otherwise the CPU gets stuck in an infinite #DB loop. + */ + vmcb->control.intercepts[INTERCEPT_DR] = 0; + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE); + recalc_intercepts(svm); + /* Can't intercept XSETBV, HV can't modify XCR0 directly */ svm_clr_intercept(svm, INTERCEPT_XSETBV); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index bec6fb82f494..1df99e9f8655 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -694,23 +694,20 @@ static void set_dr_intercepts(struct vcpu_svm *svm) { struct vmcb *vmcb = svm->vmcb01.ptr; - if (!sev_es_guest(svm->vcpu.kvm)) { - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR0_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR1_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR2_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR3_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR4_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR5_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR6_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR0_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR1_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR2_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR3_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR4_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR5_WRITE); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR6_WRITE); - } - + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR0_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR1_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR2_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR3_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR4_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR5_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR6_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR0_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR1_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR2_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR3_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR4_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR5_WRITE); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR6_WRITE); vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ); vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE); @@ -723,12 +720,6 @@ static void clr_dr_intercepts(struct vcpu_svm *svm) vmcb->control.intercepts[INTERCEPT_DR] = 0; - /* DR7 access must remain intercepted for an SEV-ES guest */ - if (sev_es_guest(svm->vcpu.kvm)) { - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE); - } - recalc_intercepts(svm); } From patchwork Thu Jun 15 06:37:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 108286 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp444751vqr; Thu, 15 Jun 2023 00:10:49 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4Y5PBJkxSvljWI3clTIuliAQ66Q29f65+pT5dmi23ObHY0x4YNpoDIcCe0Lzqeh88tyAQV X-Received: by 2002:a17:90a:4610:b0:25b:d977:466b with SMTP id w16-20020a17090a461000b0025bd977466bmr3458786pjg.29.1686813048761; Thu, 15 Jun 2023 00:10:48 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1686813048; cv=pass; d=google.com; s=arc-20160816; b=PtBnAcCklkpw8h4DCqPHwYlitoRIZQY8etgvcJOFjpYRtyOaD5vCizZmjtFQnY9Nkd TO+CY9p+W4UhHbMsJTtWMLs9rAahcwqxWWKgpE/mJ/WJnNbl+zl1eHnjPixxlw2P0Uee /r2dExBg9Wfi9PhtlDOU87014iY8Kzgzs8CkC6ibT7XXtE+GB8QAjLFazQPtal3FCvJU z3SMArcX5N4+6sBmIsZqenqZaqJqCkcSDOnR4FgySde3r2eicPghwTCs8C/xjGHBGfAv AvFSuiYGCoDWMnYo13opKy0U+d/0qG3us31mI0u8M1377YLwq2vud4OdMo57zDAJ3cNY Jwpg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=lOZnwyxQnsUUihmQQx5SEExZpjGh6KXDxM9kVsGQj5w=; b=pUjuj4O6cnZBYQxqruzMNwIXmY1pKX9xitWcfwcBflm6CWFH/OJFYVd4wSnygT1zrM Eiw2nnac+BgXj6bUpjbHvtGNZdZ2dMYIBHWvTb0YQFBu8KjZcPUWU+vbJ3yFfN8FN8Kb grtxt8RG2B9S4Sauaw5GAvCeSDYN/ZsWhklvhXM4/aE3+bz0/v5lbzu/Oe3SUixC03lQ PCitdzSeEjOM/iI/+A8pdBtZLt7QTzPss2V7EA/8qIV+yZmoZsuV19ZTKSTzV368eujG wYW4C1B1wY3JSDkc062rQt26bhIaoUZkj4KHVSavSIu0QMNdD4xx22zry4Fl6N8fQnF5 5CYg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=k6MYd6GI; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 26-20020a17090a191a00b00259aa59bf3esi13878096pjg.176.2023.06.15.00.10.35; Thu, 15 Jun 2023 00:10:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=k6MYd6GI; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243962AbjFOGqH (ORCPT + 99 others); Thu, 15 Jun 2023 02:46:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53376 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243555AbjFOGp1 (ORCPT ); Thu, 15 Jun 2023 02:45:27 -0400 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on20617.outbound.protection.outlook.com [IPv6:2a01:111:f400:7eaa::617]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 04D8930CD; Wed, 14 Jun 2023 23:43:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SoI+Z0/iK2FIjpLYvNxANBzHJn995WG2sLX4koBvlOGwt/hq6gpmp++xBL5+IVJB14VybK/q6t9g+t02nF5wKiAqIEDADi7TqXqc5KGumMCIsWwt1oWlxXjW+1K4ZvUF7guzg+tpKn+u0zRLDnbYvDZVakG+1ZUw+oz3NP7VCzEub83aPCGnqJmp3ql82ro0af/HuohIaF+0ABXNkgJ18bEaC3NRY5Q9Vc3rtfbt65Eze7ToHDVIbF1PlwRSimXYAIwUb6DmPrnm1e8hlPZ971fjMmyrLbMQyg8DtOUGbqQpIN8+ZkE9iTs9soCWTkV3u1WHSm9CSMeWcwKOHmqNLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lOZnwyxQnsUUihmQQx5SEExZpjGh6KXDxM9kVsGQj5w=; b=bZW8eedVFjArZ/LADLs4gwmz9EaTodgjMLd6F1jYH84zGb2oC5a61jj1si216N9ELNscbUtUuhoWixZM7GzP7ygDYhgK5w9p3DgeJQZn6ANiLeWDt05e9UVv7isPdux01fENTURQWMOb9/BA0uZMM2oAG8dh+AYiy9vb4LH1w6NJ16T1QFd0dlcnt6/SuJ6zMUtk1QQfF7paa1a+9CflGXbU10frtyaGNTv4/GE9pujYybrB2b7PI8VNkh/ggE+Le8tkOA8K6mjRsCCJwKsGdPb8/L894+rMtPnOPOeaGNpwiCeUNvNwDyei7zo7AIV3rLRp/h8nXIkoVQyP8EQ18g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lOZnwyxQnsUUihmQQx5SEExZpjGh6KXDxM9kVsGQj5w=; b=k6MYd6GIxPAuEHiYMXdP7N7sTQB921umWKjDKu3M8jVOAmtfQ1JAYY3LUV91pmd5ctXF6wXNdlDqLX1WPpNrfXviXRePJHL6RAKlcw/lAnVC0+78TWH7+4ui6sjgA+9QD9AKCG5nFf3ACTQb5n2VYqeARi7SkTxaiqmSPdYH8fM= Received: from SA1PR05CA0004.namprd05.prod.outlook.com (2603:10b6:806:2d2::29) by SN7PR12MB6766.namprd12.prod.outlook.com (2603:10b6:806:26a::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6477.37; Thu, 15 Jun 2023 06:43:36 +0000 Received: from SN1PEPF0002529E.namprd05.prod.outlook.com (2603:10b6:806:2d2:cafe::59) by SA1PR05CA0004.outlook.office365.com (2603:10b6:806:2d2::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.11 via Frontend Transport; Thu, 15 Jun 2023 06:43:36 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF0002529E.mail.protection.outlook.com (10.167.242.5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6500.27 via Frontend Transport; Thu, 15 Jun 2023 06:43:36 +0000 Received: from aiemdeew.1.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Thu, 15 Jun 2023 01:43:31 -0500 From: Alexey Kardashevskiy To: CC: , , Tom Lendacky , Sean Christopherson , "Alexey Kardashevskiy" Subject: [PATCH kernel 6/9] KVM: SEV: Enable data breakpoints in SEV-ES Date: Thu, 15 Jun 2023 16:37:54 +1000 Message-ID: <20230615063757.3039121-7-aik@amd.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230615063757.3039121-1-aik@amd.com> References: <20230615063757.3039121-1-aik@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF0002529E:EE_|SN7PR12MB6766:EE_ X-MS-Office365-Filtering-Correlation-Id: e961c737-f0b2-4939-487f-08db6d6bd8be X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 6LwQ+ocgYokurMVbdz9zlG+suhRaYe9L2jqff9tvwy1mLi4BlomXr+5v0GREOkrvmoR20+CAsQF+RrqjnNLFSmfVNt/FpSVLmZkHZZecQfyWwq4ZJ7PKg+rAvnq8b45f9kLgIJ9D68vdTRepq6YL7O793K0ROfKKCCTxB8ZS9f91brvOpZeQTepLeTKoJfASLjvhfQALXD8blBDfelvGP4yYCReSCgjV6sG7Ljzj5cdA9eMxX8zRdBQ8PIV0YMMkSNm9qlyP2nVqIzBXpvtxTmJ+jPZoK0opfXYZFyc9yWD5UTb6TMBXvzopI3d8qR9+62hwNCT7KqyaGnpm7jtf0pF4gi2HePCm5ITTBfBukT6+wCILYSi6VQ5IPZdkGgKGhtHH77FLYqiZrjq0OwWnkx2+B0E9ClWWKRa0NhZAUxaM8tb9RNAOLMtdLbnaLK8kF6ZEjrBOKaXSR3Ul95zPiTR6DijYAnEvpph7GhI+NGUHehn1k3SNAlofa9k7I94oHvcSocDiw5LaUBmrSd030zgTCy46h+YSSEP336n+boqtFMrLEuAhslHsqvrYNJrgVMybS2K6v/O/qwOzjOSE0RaUWcPt10UbkHYCwouJVCz39ul/BFRSZgGfTtidewAO51A2K9/WSljtoB1TXYJ/iMCmE4YhdNCuUltifb89ymmYWmaEAyWjvukk2NJyl+n7jLtKndIGv5/lZQecV4O9PJ/G5GaJNDBtyxyhejZ3g3E7jBQrQV4xFNFsEh1x3Al2sCKSvALzdLnAOdHRyWA0Cg== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(136003)(39860400002)(396003)(376002)(346002)(451199021)(40470700004)(46966006)(36840700001)(8676002)(8936002)(2906002)(82310400005)(5660300002)(356005)(70586007)(70206006)(316002)(4326008)(6916009)(81166007)(41300700001)(36860700001)(83380400001)(47076005)(426003)(54906003)(336012)(82740400003)(2616005)(36756003)(478600001)(16526019)(1076003)(26005)(186003)(40480700001)(6666004)(40460700003)(966005)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2023 06:43:36.7709 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e961c737-f0b2-4939-487f-08db6d6bd8be X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF0002529E.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB6766 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO,SPF_HELO_PASS, SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768751679399463817?= X-GMAIL-MSGID: =?utf-8?q?1768751679399463817?= Add support for "DebugSwap for SEV-ES guests", which provides support for swapping DR[0-3] and DR[0-3]_ADDR_MASK on VMRUN and VMEXIT, i.e. allows KVM to expose debug capabilities to SEV-ES guests. Without DebugSwap support, the CPU doesn't save/load most _guest_ debug registers (except DR6/7), and KVM cannot manually context switch guest DRs due the VMSA being encrypted. Enable DebugSwap if and only if the CPU also supports NoNestedDataBp, which causes the CPU to ignore nested #DBs, i.e. #DBs that occur when vectoring a #DB. Without NoNestedDataBp, a malicious guest can DoS the host by putting the CPU into an infinite loop of vectoring #DBs (see https://bugzilla.redhat.com/show_bug.cgi?id=1278496) Set the features bit in sev_es_sync_vmsa() which is the last point when VMSA is not encrypted yet as sev_(es_)init_vmcb() (where the most init happens) is called not only when VCPU is initialised but also on intrahost migration when VMSA is encrypted. Eliminate DR7 intercepts as KVM can't modify guest DR7, and intercepting DR7 would completely defeat the purpose of enabling DebugSwap. Make X86_FEATURE_DEBUG_SWAP appear in /proc/cpuinfo (by not adding "") to let the operator know if the VM can debug. Signed-off-by: Alexey Kardashevskiy --- Changes: v6: * rewrote the commit log as suggested by Sean * clr_exception_intercept(#DB) moved to a separate patch (next to this) * updated tools/arch/x86/include/asm/cpufeatures.h (old versions from when this was a single patch, ignore?) v9: * changed the commit log to one from Sean * moved #DB intercept handling later in the series v5: * added CPUID's DebugSwap feature * commit log, comments updated * redid the whole thing v4: * removed sev_es_is_debug_swap_enabled() helper * made sev_es_debug_swap_enabled (module param) static * set sev_feature early in sev_es_init_vmcb() and made intercepts dependend on it vs. module param * move set_/clr_dr_intercepts to .c v3: * rewrote the commit log again * rebased on tip/master to use recently defined X86_FEATURE_NO_NESTED_DATA_BP * s/boot_cpu_has/cpu_feature_enabled/ v2: * debug_swap moved from vcpu to module_param * rewrote commit log --- Tested with: === int x; int main(int argc, char *argv[]) { x = 1; return 0; } === gcc -g a.c rsync a.out ruby-954vm:~/ ssh -t ruby-954vm 'gdb -ex "file a.out" -ex "watch x" -ex r' where ruby-954vm is a VM. With "/sys/module/kvm_amd/parameters/debug_swap = 0", gdb does not stop on the watchpoint, with "= 1" - gdb does. --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/svm.h | 1 + tools/arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/kvm/svm/sev.c | 37 ++++++++++++++++++-- 4 files changed, 37 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index cb8ca46213be..31c862d79fae 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -434,6 +434,7 @@ #define X86_FEATURE_SEV_ES (19*32+ 3) /* AMD Secure Encrypted Virtualization - Encrypted State */ #define X86_FEATURE_V_TSC_AUX (19*32+ 9) /* "" Virtual TSC_AUX */ #define X86_FEATURE_SME_COHERENT (19*32+10) /* "" AMD hardware-enforced cache coherency */ +#define X86_FEATURE_DEBUG_SWAP (19*32+14) /* AMD SEV-ES full debug state swap support */ /* AMD-defined Extended Feature 2 EAX, CPUID level 0x80000021 (EAX), word 20 */ #define X86_FEATURE_NO_NESTED_DATA_BP (20*32+ 0) /* "" No Nested Data Breakpoints */ diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index e7c7379d6ac7..72ebd5e4e975 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -288,6 +288,7 @@ static_assert((X2AVIC_MAX_PHYSICAL_ID & AVIC_PHYSICAL_MAX_INDEX_MASK) == X2AVIC_ #define AVIC_HPA_MASK ~((0xFFFULL << 52) | 0xFFF) +#define SVM_SEV_FEAT_DEBUG_SWAP BIT(5) struct vmcb_seg { u16 selector; diff --git a/tools/arch/x86/include/asm/cpufeatures.h b/tools/arch/x86/include/asm/cpufeatures.h index cb8ca46213be..31c862d79fae 100644 --- a/tools/arch/x86/include/asm/cpufeatures.h +++ b/tools/arch/x86/include/asm/cpufeatures.h @@ -434,6 +434,7 @@ #define X86_FEATURE_SEV_ES (19*32+ 3) /* AMD Secure Encrypted Virtualization - Encrypted State */ #define X86_FEATURE_V_TSC_AUX (19*32+ 9) /* "" Virtual TSC_AUX */ #define X86_FEATURE_SME_COHERENT (19*32+10) /* "" AMD hardware-enforced cache coherency */ +#define X86_FEATURE_DEBUG_SWAP (19*32+14) /* AMD SEV-ES full debug state swap support */ /* AMD-defined Extended Feature 2 EAX, CPUID level 0x80000021 (EAX), word 20 */ #define X86_FEATURE_NO_NESTED_DATA_BP (20*32+ 0) /* "" No Nested Data Breakpoints */ diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 744bcc2e6a05..abc502ce7871 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -23,6 +23,7 @@ #include #include #include +#include #include "mmu.h" #include "x86.h" @@ -54,9 +55,14 @@ module_param_named(sev, sev_enabled, bool, 0444); /* enable/disable SEV-ES support */ static bool sev_es_enabled = true; module_param_named(sev_es, sev_es_enabled, bool, 0444); + +/* enable/disable SEV-ES DebugSwap support */ +static bool sev_es_debug_swap_enabled = true; +module_param_named(debug_swap, sev_es_debug_swap_enabled, bool, 0444); #else #define sev_enabled false #define sev_es_enabled false +#define sev_es_debug_swap_enabled false #endif /* CONFIG_KVM_AMD_SEV */ static u8 sev_enc_bit; @@ -606,6 +612,9 @@ static int sev_es_sync_vmsa(struct vcpu_svm *svm) save->xss = svm->vcpu.arch.ia32_xss; save->dr6 = svm->vcpu.arch.dr6; + if (sev_es_debug_swap_enabled) + save->sev_features |= SVM_SEV_FEAT_DEBUG_SWAP; + pr_debug("Virtual Machine Save Area (VMSA):\n"); print_hex_dump_debug("", DUMP_PREFIX_NONE, 16, 1, save, sizeof(*save), false); @@ -2258,6 +2267,9 @@ void __init sev_hardware_setup(void) out: sev_enabled = sev_supported; sev_es_enabled = sev_es_supported; + if (!sev_es_enabled || !cpu_feature_enabled(X86_FEATURE_DEBUG_SWAP) || + !cpu_feature_enabled(X86_FEATURE_NO_NESTED_DATA_BP)) + sev_es_debug_swap_enabled = false; #endif } @@ -2978,14 +2990,17 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm) svm_set_intercept(svm, TRAP_CR8_WRITE); /* + * Unless DebugSwap (depends on X86_FEATURE_NO_NESTED_DATA_BP) is enabled, * DR7 access must remain intercepted for an SEV-ES guest to disallow * the guest kernel set up a #DB on memory that's needed to vector a #DB * as otherwise the CPU gets stuck in an infinite #DB loop. */ vmcb->control.intercepts[INTERCEPT_DR] = 0; - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ); - vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE); - recalc_intercepts(svm); + if (!sev_es_debug_swap_enabled) { + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ); + vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE); + recalc_intercepts(svm); + } /* Can't intercept XSETBV, HV can't modify XCR0 directly */ svm_clr_intercept(svm, INTERCEPT_XSETBV); @@ -3055,6 +3070,22 @@ void sev_es_prepare_switch_to_guest(struct sev_es_save_area *hostsa) hostsa->xcr0 = xgetbv(XCR_XFEATURE_ENABLED_MASK); hostsa->pkru = read_pkru(); hostsa->xss = host_xss; + + /* + * If DebugSwap is enabled, debug registers are loaded but NOT saved by + * the CPU (Type-B). If DebugSwap is disabled/unsupported, the CPU both + * saves and loads debug registers (Type-A). + */ + if (sev_es_debug_swap_enabled) { + hostsa->dr0 = native_get_debugreg(0); + hostsa->dr1 = native_get_debugreg(1); + hostsa->dr2 = native_get_debugreg(2); + hostsa->dr3 = native_get_debugreg(3); + hostsa->dr0_addr_mask = amd_get_dr_addr_mask(0); + hostsa->dr1_addr_mask = amd_get_dr_addr_mask(1); + hostsa->dr2_addr_mask = amd_get_dr_addr_mask(2); + hostsa->dr3_addr_mask = amd_get_dr_addr_mask(3); + } } void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) From patchwork Thu Jun 15 06:37:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 108276 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp436574vqr; Wed, 14 Jun 2023 23:51:25 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6xMDFfPViyllnMaIXP+Wl/607/KZt0lS27CnUg364CivXelV5+aLGuYwOOYMRltK5y/EPE X-Received: by 2002:a17:907:3e21:b0:977:d27e:dd5f with SMTP id hp33-20020a1709073e2100b00977d27edd5fmr3313768ejc.28.1686811885360; Wed, 14 Jun 2023 23:51:25 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1686811885; cv=pass; d=google.com; s=arc-20160816; b=v3IK5XUZT+KkYLYq4PuUK4gPZ0PHbEyTNUlAf2o4svsaeQFbIq4CulcwQlCM4qoz0o bOKZj30WL7VrsFFOUSwx5wap0wf5Sjx9djqhafOmE/M6wIzpQi6be+YHoZjbczNNJ+fK TLJPlZMdm4DXWPWMZSYRXx0KydaMXnNrTVEDoEuMeoRIxrb1v/AxdKopn/ZM09VQ6MMt J8MltMTKhWkEkAeOptKlJNogucva2lYxrfcWywuDW246LKIY00L6C4630LbOJENjo7nW MQCD8/J4qMqhffCdIOd78I509JQaB56aNUnMCpiACKYzzLWaZN4wgToNpRcogi3yNvQV HCWQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=WS0scFMuNZKYxG6m9F5MeX99/Qkd68KofPCTfz0PbfE=; b=SjOWP4VEzVTSOrmNLQOaj4nl2u1ns+HrSfSJ2n1slziD7cWE9VSyFjXu5Yb/munjod uv8knMvhb83lNcCCuTqF0i9ia/W1MsGOVjf+P6XbQ+ePRKOIGYknRCLpbqulnbBedXpB q4vgteWyu2rgbXmS30wb1Ht3BaJl8MaBB9ROHvtZf1KgygUG6Qu++bS82j73JZgJEmYN iDg1/Kn6ZwuM2Z4AzJdDmi/O8EEWhQPFXduZM9pXYV1z0DJUluaL4axv366QGNfObHYW a/0FoCfiyk6Bz7e+xUtxfATflog6Y16klNnH9BWaTgN8akOxRuHWBBnHrdBH4x1mUhyB GwTQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=k+CIcul7; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y7-20020a170906470700b00982aca1560bsi211198ejq.217.2023.06.14.23.51.00; Wed, 14 Jun 2023 23:51:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=k+CIcul7; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244096AbjFOGrB (ORCPT + 99 others); Thu, 15 Jun 2023 02:47:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53520 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244092AbjFOGqV (ORCPT ); Thu, 15 Jun 2023 02:46:21 -0400 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2052.outbound.protection.outlook.com [40.107.95.52]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0CC9A30F7; Wed, 14 Jun 2023 23:44:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=j6pg/9dxoomqm0TjtEQIDJGL64OC57dDGXGlhXC3z9sKkuq6hI1Mhndw2CGg47Hjlj1At1vBMgShrTqQnaQrcPX39kB8lr8tg3dJZujoOW7bZybUZUX3uMxo/PNGLbisZL5oUf5HHi2UGncVxKWTe8QyX+j27QBo68HHrbRD8qQTmA0krOcRBKopefYnLyZO2fP1Y+zy3U74FNgoqa7ZKvkDXBEr7FBj+pnSjGDXGrwesu1tbCaXH6wR3Le839YTwPyW0G0q9QmaoPsuDw6wffJ6ymZbr8sMlXufU4l+cESZBmWZuFbpK4RXFJSmY+rOpjdPs9jcVwluIGGIZoiC7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WS0scFMuNZKYxG6m9F5MeX99/Qkd68KofPCTfz0PbfE=; b=QCzGaCnHuTznW7nkPixjMXsK280ItykwNjEvdWRwHjgJO2V1M1D/1bQaS//lkkUg8NFslkNC+Fh+nWZjcuDBEwq1QxeltZujOsrhwtThsmtEmDUzr2jl8FAiXTPdIxdhbQ3B4YWxYymRLPd97tjIwDOAq59h94AEieCZQFkWuoLTwbm8nJnVDijjyrAgiZgY1CFsWzYhB2HPiFA+NGRjXS9+kvg/gd5HZ3a+lHCOvFr1o3mUMcNwYh8uuFFDx7zH0mIQnCRWZur1yauAeJ5SiOq62LJkfkIDhLMFZDO4fzzZQoBcs8Ni+jIjoey1v9P9hMp1MrG/INo8k0QWa0XleQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WS0scFMuNZKYxG6m9F5MeX99/Qkd68KofPCTfz0PbfE=; b=k+CIcul7RS5/cCQiV+qT6KZf8LUbGvxWjGRcdrLYmWfiGuN+zDLVXcPdJ3784wtUkArgjIxqgKgmV85BLEV19fOx/s1oFxAT4Gyi+PtRquijWPZVYDkGEN/UYXwOCEELF5g+xdIVs6tev4gU/JtSxKT50j6wEeOczz2skWmKBFw= Received: from PH8PR07CA0025.namprd07.prod.outlook.com (2603:10b6:510:2cf::13) by DS7PR12MB5910.namprd12.prod.outlook.com (2603:10b6:8:7b::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6500.25; Thu, 15 Jun 2023 06:44:10 +0000 Received: from SN1PEPF000252A4.namprd05.prod.outlook.com (2603:10b6:510:2cf:cafe::7a) by PH8PR07CA0025.outlook.office365.com (2603:10b6:510:2cf::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6500.25 via Frontend Transport; Thu, 15 Jun 2023 06:44:09 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF000252A4.mail.protection.outlook.com (10.167.242.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6500.27 via Frontend Transport; Thu, 15 Jun 2023 06:44:09 +0000 Received: from aiemdeew.1.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Thu, 15 Jun 2023 01:44:06 -0500 From: Alexey Kardashevskiy To: CC: , , Tom Lendacky , Sean Christopherson , "Alexey Kardashevskiy" Subject: [PATCH kernel 7/9] KVM: SEV-ES: Eliminate #DB intercept when DebugSwap enabled Date: Thu, 15 Jun 2023 16:37:55 +1000 Message-ID: <20230615063757.3039121-8-aik@amd.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230615063757.3039121-1-aik@amd.com> References: <20230615063757.3039121-1-aik@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF000252A4:EE_|DS7PR12MB5910:EE_ X-MS-Office365-Filtering-Correlation-Id: df6dc960-92d3-4b31-7e98-08db6d6bec69 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: /YWQ/5KtStHUn0whob3JsC1pB5RThqK08IdrJkosFm8WOWKVkYri02t4T8HyPaUy/R2zNfa91G/N8iZbcLLLo3rOGBbAKe72PN7njZjCQskD2bbrWyrTowU8hETdJRIW708cG0DQ42naqyizOGG0/5o/9voFV3QbN9M3HZ0pfs05sHZKMtpzGPAIBy1IiXR3vtlEmA01pkT3YMinOCITrYmN0owZj70Lp96OpLtEi+Xse2QUl2NmEKPnixY3O/OC0nw/4QqsS/ELsi9jp7o8ywLesXYUYBUvH8cS3H7FEAi6f7A+enNtVRBZMVOeGk3BVLeqHj0k+U8M5JPo+3fzS8hw7JEBqYcTtpf9obO+5EaELTBgSm43Tg+f8ro31ksONWpX1HzdMYxT7qLeQzG+RnJo1i8kcWQzQdX+2iiWy1QMeyZSEqe/jaGujkR6qMfByRNcCqMfGavtlUBLyIRQyI1I2YenbvbLrNmP7zsmZhDapayafwiAL4URjv35QUgQL//sJ3ll4NBVGiCzLqM60N/08J6Lxu8HSMqfM8HTDJFvdKEckK/Ci0FDsVStXv50DMtUTxZ/5KMP2MDwoT5gcIK88iqvGeQQnxaEaxXp4jkQ0EYpqB96B7LxDeoFnhK2usnNmnaHYu2+xlFKgofY6osbgVt4Ep+6kzmW8EoXz6O+/8ucWaUUtm7VO4tXF5tbuKKJmcloNYi5INqhHligs7P8KBSx4LV/y/w010tU6DWEGi6iwqoO1RpS7jrVor86yTWcgMq14c8DQIqS4kmzfw== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(136003)(39860400002)(346002)(396003)(376002)(451199021)(36840700001)(46966006)(40470700004)(40460700003)(5660300002)(82740400003)(81166007)(356005)(336012)(2616005)(426003)(1076003)(186003)(16526019)(2906002)(4744005)(26005)(36860700001)(47076005)(478600001)(40480700001)(6666004)(6916009)(70206006)(316002)(8936002)(8676002)(41300700001)(82310400005)(70586007)(36756003)(4326008)(54906003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2023 06:44:09.7697 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: df6dc960-92d3-4b31-7e98-08db6d6bec69 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF000252A4.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB5910 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768750459568802312?= X-GMAIL-MSGID: =?utf-8?q?1768750459568802312?= Disable #DB for SEV-ES guests when DebugSwap is enabled. There is no point in such intercept as KVM does not allow guest debug for SEV-ES guests. Signed-off-by: Alexey Kardashevskiy --- Changes: v6: * new to the series --- arch/x86/kvm/svm/sev.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index abc502ce7871..9c43cbdab022 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3000,6 +3000,8 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm) vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ); vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE); recalc_intercepts(svm); + } else { + clr_exception_intercept(svm, DB_VECTOR); } /* Can't intercept XSETBV, HV can't modify XCR0 directly */ From patchwork Thu Jun 15 06:37:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 108275 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp436564vqr; Wed, 14 Jun 2023 23:51:23 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7bo3DVuJEqMoZnFLGqfMdvo8j6ha+pDHtV8ve7fJSxlY8IP1uyYCTYpyIn9c4PaL1LZ24q X-Received: by 2002:aa7:d812:0:b0:514:9e59:3d3c with SMTP id v18-20020aa7d812000000b005149e593d3cmr3553005edq.17.1686811883251; Wed, 14 Jun 2023 23:51:23 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1686811883; cv=pass; d=google.com; s=arc-20160816; b=oHtJpcX9vkabBBypjOy03AyZv6pYqyJBicvRgrJZD/34ApDr2UGDg12HeWQcIsb08d mUs2FycneF8pDq47SqpIELEeGpIxoEiQJoolij9Y1YKm/AtPZwjmCMShwHijY7K6GvW2 9FyJmqIn2SHeWh9Z/U4yRtn1nO0CPV+72q0zWNthBwI1C+oC+v/t5Tej4s9xMsgmXMGh oZTFeNi6WBVBC9vDFNm/OFK9Mj3c+0SlT7q0KK02BJLYns+zMtyaWW857nLt7oyUnJgp k9Y75Wk2ka6YnDBh2ETqjoMqRkIiHi76HGGEB0S8317Vjua6xI272B/nc4gUJbKt1M6k UlGQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=i4zg+ofpMEtJgEGUq76EAOBBnknuQ1bMrmJV59o9070=; b=UJbPrV6frBul1RgH9IWj+Np2Syegi0xSWMRRtwz2hgWuU7V0wYz/D2mNTFtrUjmgOO E376LXIFx8m6eV7JcfZzbkYU01tNSvMnhK0CGx7IBRIZcK8M7s01zNiLKxX0E47NMmKg 08xu7R58AiD9J9GYp44Md4pjnpKXsnu5tyB7BosV3pmVdiyktOiOmaL41Cdl44Yv5rJ1 dvynz5oQNTb2VFo+EA6xzou4FbQwCP4dod1hmDtJRbYtJx/Q2mKkUSskih580w0dfCTG vEQbMYeJrstwsenb/l7zIFvg9baq2AsFx9feKEL4/bxbTR+B5L4DkX3My6nfUleVVAxQ 5Jjw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=xysldIrK; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e8-20020a50ec88000000b0051882c4cc7bsi2022924edr.374.2023.06.14.23.50.58; Wed, 14 Jun 2023 23:51:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=xysldIrK; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244319AbjFOGr7 (ORCPT + 99 others); Thu, 15 Jun 2023 02:47:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53312 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233683AbjFOGrV (ORCPT ); Thu, 15 Jun 2023 02:47:21 -0400 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2061.outbound.protection.outlook.com [40.107.237.61]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 621813586; Wed, 14 Jun 2023 23:45:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cFCt5uxmwH+hy/y4xDleHLM0bzCTP8pEcrXVhwt1v8dDueLDr3zHg1f6Cmm1yldOT1W98FCgRxgTCwRKCe3+0k+rVry+ce623zHuVvX8n0LVcuUSalZ+o1/i2beHRXj4S2cyglP/gc/Qqy4CbB3VWop1MyUQ+nNunrilosHYe6AWTlokeSsDGOVme3E4TBkKyjzs7oZMy9OWE59TI9TEOuLC0w84wWeeOj3W9oivbKBxo+DHasf/frhRPSWxpdmuPP4geRGCxHCFyE5X9ZH9jYHpJp5kYu65r5nPDeIsHoLGaLj9l67SX52dha6nlQ07tuzfheHFpnub4pmvPfPUag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=i4zg+ofpMEtJgEGUq76EAOBBnknuQ1bMrmJV59o9070=; b=JSj59LnHbcYGeL5LMu7WiDJgI+kCDYpELWbjlW7oS1nrn30HVHCWbQVQvjzCrUgtXaUgDY+7FSp4G4yFY/LmfnNEI7c7eWsvFR/DHkPBFDUwsPOeCbJWr1cF78FIEhA26HBAur+hRelvAonCZAIi0aW/b7Dm2+q1n9yjgcAjC8vGS8kuMUPoQIbTuN5iw9K3TDPLHrbygchBM0KD2MEjFqu2hGy5mlmkPzb1NAMjn4n03lZwZJKDqCOgvZYLeGSk7Juv/CeyOAfLTh/123gqsNlSWPYHKn0NNr2YTAtQpqOQNHbiQjZE2zZRzsgrrbE6VgAaE1bgM7xCyJSi6XuObg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i4zg+ofpMEtJgEGUq76EAOBBnknuQ1bMrmJV59o9070=; b=xysldIrKj7FsYQ7dAb8oZwdpCo7GdwkCq65Y4R1HZc20AER73DWTRB0R+yOtze+I5P/mc7cJxYCxtuReTpWJbbKNtsZ8nYNJnp8rt5+9g48NZAldaTKQdBjqSeyIiW8i3dyI8sjEf7Psyi+gMAoJ97pc/VBRnxuODCHQaKGqT0A= Received: from PH8PR07CA0009.namprd07.prod.outlook.com (2603:10b6:510:2cd::27) by BL1PR12MB5269.namprd12.prod.outlook.com (2603:10b6:208:30b::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6500.25; Thu, 15 Jun 2023 06:45:40 +0000 Received: from SN1PEPF000252A1.namprd05.prod.outlook.com (2603:10b6:510:2cd:cafe::69) by PH8PR07CA0009.outlook.office365.com (2603:10b6:510:2cd::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6500.25 via Frontend Transport; Thu, 15 Jun 2023 06:45:40 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF000252A1.mail.protection.outlook.com (10.167.242.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6500.27 via Frontend Transport; Thu, 15 Jun 2023 06:45:40 +0000 Received: from aiemdeew.1.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Thu, 15 Jun 2023 01:45:00 -0500 From: Alexey Kardashevskiy To: CC: , , Tom Lendacky , Sean Christopherson , "Alexey Kardashevskiy" Subject: [PATCH kernel 8/9] KVM: SVM: Don't defer NMI unblocking until next exit for SEV-ES guests Date: Thu, 15 Jun 2023 16:37:56 +1000 Message-ID: <20230615063757.3039121-9-aik@amd.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230615063757.3039121-1-aik@amd.com> References: <20230615063757.3039121-1-aik@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF000252A1:EE_|BL1PR12MB5269:EE_ X-MS-Office365-Filtering-Correlation-Id: d8b97acf-352a-407d-a2f2-08db6d6c223d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 6GO6PmghcDAHvt2d1u+rUMziAVVinZUSNylMiQBlI8OEdMaeX6KpLoGQbR0+FmjaOBXrS2ffHGaiccsAt148cFgn8wwRSNqi90QlRUGrZ6np7mpBUlk04HIpUGcsSwDqTEVYImzSWdD71uCRIrJR6zn5/ca8JZwto43ont4a92yXfKhLWn+OaKmncgo4pY/7kA0LgnDVsPhHuFXxQNWfC1RbEftPmREfvpSYunJ753Qq8AiIm7rU3HbiEFj4z826WbOv8kgpesRLC6/NT58Mt/gKeneeyJO07oEzR5gywu4YrdC4m300DZufw97oD7KHtHw7eEOWGoxFe0BeBngFt3Bl5h75pvQEFmcIZjccZVrUy4V5QZYFD0dWOF+8CRxlSbzqy1tSbkHTXlvVz87T29Hw6N5LKwsDu0hBKZBM+EgosXplYHxBGh+gyyqWr0S280EqGDevvGIyuOtYk3H+ZTfppeh0PMSdQ0UIWYY+6Oeo6yWMlVc+Kt2k4xBfniuq9c30EPHSNvJTbLdfhHkH+4JQNtCjt3bN8IqhW7CT4tvX9slxwPRoBvE4xvJsAxTr9vEOMf7LWUmrnjbOHt7JT2cNGb0/97fWCpLoO6jDL1XfqNSku+/wdPniGnyUEiu4k1v7k6NO3plY32Wt4rzDhHK3qEi0WkFC7pi0iOyfXyHf9o0ZQx0EbsnUOR6mLI2VZHVKDcox5irY6X86Il1zb0cSEL7q1ELvRIl0CcFAA12cJ9ftr8lHXmlTnSBgv9MD2lEk4miRikYjkBO5D784uA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(136003)(39860400002)(346002)(396003)(376002)(451199021)(36840700001)(46966006)(40470700004)(40460700003)(5660300002)(82740400003)(81166007)(356005)(336012)(2616005)(83380400001)(426003)(1076003)(186003)(16526019)(2906002)(26005)(36860700001)(47076005)(478600001)(40480700001)(6666004)(6916009)(70206006)(316002)(8936002)(8676002)(41300700001)(82310400005)(70586007)(36756003)(4326008)(54906003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2023 06:45:40.0792 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d8b97acf-352a-407d-a2f2-08db6d6c223d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF000252A1.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR12MB5269 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768750457406257627?= X-GMAIL-MSGID: =?utf-8?q?1768750457406257627?= From: Sean Christopherson Immediately mark NMIs as unmasked in response to #VMGEXIT(NMI complete) instead of setting awaiting_iret_completion and waiting until the *next* VM-Exit to unmask NMIs. The whole point of "NMI complete" is that the guest is responsible for telling the hypervisor when it's safe to inject an NMI, i.e. there's no need to wait. And because there's no IRET to single-step, the next VM-Exit could be a long time coming, i.e. KVM could incorrectly hold an NMI pending for far longer than what is required and expected. Opportunistically fix a stale reference to HF_IRET_MASK. Fixes: 916b54a7688b ("KVM: x86: Move HF_NMI_MASK and HF_IRET_MASK into "struct vcpu_svm"") Fixes: 4444dfe4050b ("KVM: SVM: Add NMI support for an SEV-ES guest") Cc: Tom Lendacky Signed-off-by: Sean Christopherson --- May be 916b54a7688b is not really necessary to mention to avoid triggering the stable kernel backporting bot? --- Changes: v6: * new to the series --- arch/x86/kvm/svm/sev.c | 5 ++++- arch/x86/kvm/svm/svm.c | 10 +++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 9c43cbdab022..4a426feab1b8 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2897,7 +2897,10 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) svm->sev_es.ghcb_sa); break; case SVM_VMGEXIT_NMI_COMPLETE: - ret = svm_invoke_exit_handler(vcpu, SVM_EXIT_IRET); + ++vcpu->stat.nmi_window_exits; + svm->nmi_masked = false; + kvm_make_request(KVM_REQ_EVENT, vcpu); + ret = 1; break; case SVM_VMGEXIT_AP_HLT_LOOP: ret = kvm_emulate_ap_reset_hold(vcpu); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 1df99e9f8655..52f1d88e82a0 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2548,12 +2548,13 @@ static int iret_interception(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); + WARN_ON_ONCE(sev_es_guest(vcpu->kvm)); + ++vcpu->stat.nmi_window_exits; svm->awaiting_iret_completion = true; svm_clr_iret_intercept(svm); - if (!sev_es_guest(vcpu->kvm)) - svm->nmi_iret_rip = kvm_rip_read(vcpu); + svm->nmi_iret_rip = kvm_rip_read(vcpu); kvm_make_request(KVM_REQ_EVENT, vcpu); return 1; @@ -3972,12 +3973,11 @@ static void svm_complete_interrupts(struct kvm_vcpu *vcpu) svm->soft_int_injected = false; /* - * If we've made progress since setting HF_IRET_MASK, we've + * If we've made progress since setting awaiting_iret_completion, we've * executed an IRET and can allow NMI injection. */ if (svm->awaiting_iret_completion && - (sev_es_guest(vcpu->kvm) || - kvm_rip_read(vcpu) != svm->nmi_iret_rip)) { + kvm_rip_read(vcpu) != svm->nmi_iret_rip) { svm->awaiting_iret_completion = false; svm->nmi_masked = false; kvm_make_request(KVM_REQ_EVENT, vcpu); From patchwork Thu Jun 15 06:37:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 108277 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp436595vqr; Wed, 14 Jun 2023 23:51:31 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5jeCTUNaRENN+SQ+2sOEa17p80ijE9uocK0fUW3NLQiGbFMwyFkqRvj9pEeNXnjE9lcMNU X-Received: by 2002:aa7:c516:0:b0:51a:2db1:3ddd with SMTP id o22-20020aa7c516000000b0051a2db13dddmr33681edq.31.1686811891639; Wed, 14 Jun 2023 23:51:31 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1686811891; cv=pass; d=google.com; s=arc-20160816; b=QxqaQVKCWGmoL+Oy2JBaV/zxHbeT7mO5t4NY4jTlcRErvVlHil5mPhvVwHaFRYC1Vy xtR6pzYuDtPdsIZru9UnwWG6PBhyQiUQsaOXqTYk+jAcIqPhROWlENQpW1EflTQYZ8hY 9ZHt3JZBjz1NSFemfuM7Yg4CNJMrq5kiTNs3RGuyDH/syC+JkX/cDEZimJx3sERW1HTU s4PknpBMkjta8Vwujpstx0A00Brl1qGxhduEW5aKnqX8EB/ryjPzJ+LB/KCz/rbjO/I8 nn1CvoAN2K7PXHI14KOSc0qjEb6sZkda/hPYbsdxumWQCuETArd2z8flS+9XBi99BJot H0zQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=BU8usJu9FWlNapYkideYsZqh/0lbBgQTMVI09v776vM=; b=VYGNxDD34H4E/G5RJG598kSbINeOiHJF9sk9x0IiMbBHrGVEh/Btuf0NdD6Ky93HGw ybxScX5QefnQQ6xaBh7JegKSNzMquO9++cONqPosnlz3xMpg/3Z4Zo39Ld9fv5CSg5my 3nTsd1ML5eTGVnqg6wvSgZroC9ey48dh9r1epAJQj6RSLyS59+43oWdh5ltyAHDweeKd OEtS6uYpw1Q+yUhoEpweuMHdVDreDhpbNXIWI4PZKrtiHZ7nJYwbUD9rQ2vecpsgnETv FeAHRf7jxN6sBWvnb1iO3HbjtoMJv3GucCDCjowcDHJMyU7P0Wgv0X8AaCP4YMv2Q1jI bNNA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=CsccAJ84; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e12-20020a50ec8c000000b00516b291217fsi9584307edr.0.2023.06.14.23.51.05; Wed, 14 Jun 2023 23:51:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=CsccAJ84; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244352AbjFOGsG (ORCPT + 99 others); Thu, 15 Jun 2023 02:48:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53330 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243833AbjFOGr1 (ORCPT ); Thu, 15 Jun 2023 02:47:27 -0400 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2058.outbound.protection.outlook.com [40.107.92.58]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F07652D73; Wed, 14 Jun 2023 23:45:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=J+eGVH8AKE2F4zQrZsE6YVis1zrKs741KNUWPUEyq8j6bLjFXZIkD3Cc2x/ZrlJYPcX4kk1hxc820MWuLYhs2v6JNi3UrEvlpaX1sf3FW6ADsxVx1TPC9ga/xSXZgN50+nkmgLaGxdodGI9ewAkVHvsItRLDk3/arkbTYqjAdEnzswD4dMuO+CIX1LcIKH9Iw78V6dLa2HUKFR2ofaQzwmQPE/TvRXHmBI19JEw0BlRjZ5/cg7peCRbCrPm/VKf3mVlxB3yjjedPbwCIEEanIwnfvdsFX4Kde+8d00D32uFx6QGh4sfhJwk+uZhoTG0juf7+Fp0gcFbkQfpVlwHqFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BU8usJu9FWlNapYkideYsZqh/0lbBgQTMVI09v776vM=; b=OZ/9Lf/Bh4aY1MYHOj28Cz8Pb471ARDyrv5eFPu+MxbqCCmqTu3F8EGyptGPffuuDUMaLJ+Q/HG8477tLfuflgpvtJJbaOFritYFj6dvSX0ywyt7rKt5/v/Vqo6atSUs9bwE7vro1RC9jRsKpGX/usa95xEg62K/ISCx7qDLKbRfWKhbq/w7s95tZf0khlag1RnTk+8rJKIWOEuqyOVrS+kuzXdxeTyiX0Qw8CYmgfSAilh+ICYjYoBzHXA9Laone+98Prd99UyIqeLTwZSetq5yOFQSEHqQcT8AfUfSzdjIZjZmvKi0Sf5ul5icwrah7Da3lRAsWSuh9mKYCFwbMA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BU8usJu9FWlNapYkideYsZqh/0lbBgQTMVI09v776vM=; b=CsccAJ84eIYBvbGdcm2md5XOnYNaPPbB5rxKpi3YVz5ydPReJ8/gF+/C3Y2Bj9KymaDIxec5vZ8MWImM6SBMa2fF7R/A7qSjiVrPhh2TtLzyoAoc4hnQkIdsxMaO177ySKkE9wciyE9i5li3MxMIYIPLEuVNWW3H/Qk04aYj+fg= Received: from PH8PR07CA0004.namprd07.prod.outlook.com (2603:10b6:510:2cd::13) by DM4PR12MB6397.namprd12.prod.outlook.com (2603:10b6:8:b4::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6500.25; Thu, 15 Jun 2023 06:45:54 +0000 Received: from SN1PEPF000252A1.namprd05.prod.outlook.com (2603:10b6:510:2cd:cafe::57) by PH8PR07CA0004.outlook.office365.com (2603:10b6:510:2cd::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6477.37 via Frontend Transport; Thu, 15 Jun 2023 06:45:54 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF000252A1.mail.protection.outlook.com (10.167.242.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6500.27 via Frontend Transport; Thu, 15 Jun 2023 06:45:54 +0000 Received: from aiemdeew.1.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Thu, 15 Jun 2023 01:45:50 -0500 From: Alexey Kardashevskiy To: CC: , , Tom Lendacky , Sean Christopherson , "Alexey Kardashevskiy" Subject: [PATCH kernel 9/9] KVM: SVM: Don't try to pointlessly single-step SEV-ES guests for NMI window Date: Thu, 15 Jun 2023 16:37:57 +1000 Message-ID: <20230615063757.3039121-10-aik@amd.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230615063757.3039121-1-aik@amd.com> References: <20230615063757.3039121-1-aik@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF000252A1:EE_|DM4PR12MB6397:EE_ X-MS-Office365-Filtering-Correlation-Id: 37b20135-383b-40aa-e660-08db6d6c2ab4 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: wdbAKxL95S0WRAWLCF/G6GtFVaAs39K1D4rTp9zNFuslMq0C+xMDqlAtuvX/T4HhNvoxDuXX9c+uIfx7lYSh16mFmkUD66vJX1pv/WjOGVYpfdyFjKUgqWRFasQy4Of1aQdfjZlpr3L7cAXx5wnRroTDc0jvEMD5Ua4X3L6OJdNefgKgbIqONo4wkMKRxCODDrByag9JaN/lASbIV39Y9b2IBsoB+7SWFrmwcJy34Hz+7BxoTdBKgwrI85DPvE60qIJpPtVgfF9RROuPLNtCOeYZCUXarimueEXxqcLNvqVz8K9StqtIZ47B0mfXLNlgW6nmsHtN9n1I7nhubEjHkZzPB94x4odio87yirjc5/wnPR9IDQXtPBezETozEDjuhedl2XRdEh8dg0H8coZr2abv+Q5cAVQ/CqZN1W7PGd1a7NjlZ6giNX/mt7hQp1UXI0Zjlf3mdNKwMjjIOVWstNumh71y3ki3lPngP7HPq1ZkLyZnRQYld+NEZ4GKC7Vpouq/fqJB0GVLXWN8lnsLqTmkZLL8Jrxp5MGtlS0pa+vY25BHsTHo04NGMambr5+FVXoOc9fAxlaAnRRPAJpX33Bu/AJNCocaOdsY6V1FLPQpoyUHGAW1XaF2uW3Ii5PwsnBmIzCh8r4hu2Q+3kkwDQq+HOYviTtDxGjhzaGJXB44Yhxv2WxxdiXeASs59DcbYu1CtdKnVlWGT9BQTo4xVPqdqDL5IZOJThfS34Fgo9NAkmHgHQUINgdiDJVQ+XLM2DS4s86W+crjSkw0h7xHuQ== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(39860400002)(376002)(136003)(396003)(346002)(451199021)(46966006)(36840700001)(40470700004)(1076003)(26005)(478600001)(16526019)(36756003)(186003)(40480700001)(40460700003)(2906002)(316002)(41300700001)(356005)(82310400005)(81166007)(5660300002)(8936002)(8676002)(82740400003)(336012)(426003)(54906003)(83380400001)(47076005)(2616005)(6916009)(70586007)(70206006)(4326008)(36860700001)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2023 06:45:54.2826 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 37b20135-383b-40aa-e660-08db6d6c2ab4 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF000252A1.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB6397 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768750466149309336?= X-GMAIL-MSGID: =?utf-8?q?1768750466149309336?= From: Sean Christopherson Bail early from svm_enable_nmi_window() for SEV-ES guests without trying to enable single-step of the guest, as single-stepping an SEV-ES guest is impossible and the guest is responsible for *telling* KVM when it is ready for an new NMI to be injected. Functionally, setting TF and RF in svm->vmcb->save.rflags is benign as the field is ignored by hardware, but it's all kinds of confusing. Signed-off-by: Sean Christopherson [aik: removed the clause about "KVM suppresses EFER.SVME (see efer_trap())"] Signed-off-by: Alexey Kardashevskiy --- Changes: v6: * new to the series --- arch/x86/kvm/svm/svm.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 52f1d88e82a0..c9837a8667b7 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3824,6 +3824,19 @@ static void svm_enable_nmi_window(struct kvm_vcpu *vcpu) if (svm_get_nmi_mask(vcpu) && !svm->awaiting_iret_completion) return; /* IRET will cause a vm exit */ + /* + * SEV-ES guests are responsible for signaling when a vCPU is ready to + * receive a new NMI, as SEV-ES guests can't be single-stepped, i.e. + * KVM can't intercept and single-step IRET to detect when NMIs are + * unblocked (architecturally speaking). See SVM_VMGEXIT_NMI_COMPLETE. + * + * Note, GIF is guaranteed to be '1' for SEV-ES guests as hardware + * ignores SEV-ES guest writes to EFER.SVME *and* CLGI/STGI are not + * supported NAEs in the GHCB protocol. + */ + if (sev_es_guest(vcpu->kvm)) + return; + if (!gif_set(svm)) { if (vgif) svm_set_intercept(svm, INTERCEPT_STGI);