From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4105BC61DA4 for ; Thu, 23 Feb 2023 17:46:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A6F1C6B0071; Thu, 23 Feb 2023 12:46:06 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id A46A76B0072; Thu, 23 Feb 2023 12:46:06 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 90D056B0073; Thu, 23 Feb 2023 12:46:06 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 82CB36B0071 for ; Thu, 23 Feb 2023 12:46:06 -0500 (EST) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 356F480B13 for ; Thu, 23 Feb 2023 17:46:06 +0000 (UTC) X-FDA: 80499285132.05.FC2BD66 Received: from mail-lf1-f48.google.com (mail-lf1-f48.google.com [209.85.167.48]) by imf15.hostedemail.com (Postfix) with ESMTP id 134F9A001D for ; Thu, 23 Feb 2023 17:46:03 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b="H/MKnTDn"; spf=pass (imf15.hostedemail.com: domain of zhi.wang.linux@gmail.com designates 209.85.167.48 as permitted sender) smtp.mailfrom=zhi.wang.linux@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1677174364; a=rsa-sha256; cv=none; b=GiuGd6xPJ1ROMZvV73EHBpB3VI+VMYgG7d/LjbHrCV4v8/g+ifeAkebACRw4bZtoC2DiLy 16P6US0+A5HshokLUNLp0DHB8zom64xtA0O2Ze7iM5IPmyevkM5JfA5UORcdpLolVOFP16 xk+IL1tLKIPQBA2mPltPARVWLhvWSMw= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b="H/MKnTDn"; spf=pass (imf15.hostedemail.com: domain of zhi.wang.linux@gmail.com designates 209.85.167.48 as permitted sender) smtp.mailfrom=zhi.wang.linux@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1677174364; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=gYIq09mCIdt8L8URFfe+pag31rri9xn6YRZUfSTQ4cQ=; b=SHXD2oJAIjfSkj7WuxKhWoPZN8x6qq4mV9HEam3EaLJ8VaLUYx0z5xxVRvpWSWydTdwa/U 9pkdYExVBerweGTuvDmmUfMEexypqrmdYC709/ivDKfS1qYuouuSBYcWrBEXnRjuIuVjaI 3m3SXHkTjAw0mHHASu0T4rq6Rfz4Lzk= Received: by mail-lf1-f48.google.com with SMTP id m6so14799206lfq.5 for ; Thu, 23 Feb 2023 09:46:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1677174362; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=gYIq09mCIdt8L8URFfe+pag31rri9xn6YRZUfSTQ4cQ=; b=H/MKnTDnvFdWxcQfGw3ysDrqU8kxVqbL6vEJjW7HtOr4msWrzCGUY1PDxLUYdKo3PM YLiEhEfthAIfkhDAArA4Ip+CysYZj3Ioym0g5zEOeTAbR+I2gMGXTUzHHV7bH2DWWNjl xaSi8T4miZA00aVNpols7SD8/uKpin4Fz6UzJK/FMK4U5osorpRZc+UEgpJUbyK12qiE UJdqkl2EYvKLRNn5+Vj0qVUk+ldaRk4W3GITriXGJDuD2OUgJwdNZS1jTj4dNe5gK7Vs jplpcMZp/JSF/7m0eWlLZD+JHHGcUCVmkq8Cb1F2fTQCoIcyQGMYpYZ9oT9RF9y3UeUN OuVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1677174362; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gYIq09mCIdt8L8URFfe+pag31rri9xn6YRZUfSTQ4cQ=; b=vrS2C6XyHH/hznsUmUr/BXA7gwzcOcQVEBbBKsa/9lc6asH+/nlYcBMXWheJGvVmzz VDK2+tyViFbGpMz+B+GmpnwGKZA52m/PguvOpGKyG6p/PW4lKLS9SOtlWT0DZPVnOl6O D/uO6+9cXS6rkdvEzypQ+44u6gCR6DMidhdXnvukr6oeTr6Ck3gu6iMVlwHtlcAY2Nnp qTPLn14jEqTn/hgpq7tVRWACDOJEtOOicqrDvezV0kT6vb2RzJ7xh9OKIsPCH+h814nh C1/Zy9+mTLn0o8cQjJfbkS+aROdhVhpibXZeoOCsoTM+RXTK4g0gtiO5vv+MZdwISDWI q5MQ== X-Gm-Message-State: AO0yUKWClBOQtfJC4ddgHunb9PGLyrUMRj1Xrj8DCi2D5fUpJesV2Gqq uaLIiLHEcMCz7ikTdQ+xU8s= X-Google-Smtp-Source: AK7set/HWDu0Z1JwR4f2MLULVfhlz20LZD27Q64dW7aOz28mIbVbVwBH7uH3dA7q/4XucNCFko4n6A== X-Received: by 2002:ac2:5496:0:b0:4d7:bda4:e6ae with SMTP id t22-20020ac25496000000b004d7bda4e6aemr4409072lfk.3.1677174362080; Thu, 23 Feb 2023 09:46:02 -0800 (PST) Received: from localhost (88-115-161-74.elisa-laajakaista.fi. [88.115.161.74]) by smtp.gmail.com with ESMTPSA id v6-20020ac25606000000b004b550c26949sm1025697lfd.290.2023.02.23.09.46.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Feb 2023 09:46:01 -0800 (PST) Date: Thu, 23 Feb 2023 19:46:00 +0200 From: Zhi Wang To: Michael Roth Cc: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh Subject: Re: [PATCH RFC v8 32/56] KVM: SVM: Add initial SEV-SNP support Message-ID: <20230223194600.000018ac@gmail.com> In-Reply-To: <20230220183847.59159-33-michael.roth@amd.com> References: <20230220183847.59159-1-michael.roth@amd.com> <20230220183847.59159-33-michael.roth@amd.com> X-Mailer: Claws Mail 4.1.0 (GTK 3.24.33; x86_64-w64-mingw32) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspam-User: X-Rspamd-Queue-Id: 134F9A001D X-Rspamd-Server: rspam01 X-Stat-Signature: 7d3kc3w7hns3zq5tacmk5yems5xxg19j X-HE-Tag: 1677174363-340265 X-HE-Meta: U2FsdGVkX1+mg8ASF2c35ubEA95rfUhm4FkKVYt5WnzW+yHKq4mxVskk7R6d/1U1CvajqXNLkVqgj2Rv22GFajRCsEpfW+X1Q5yxemmDGQH7Zyi4rXUSeOkTBKAT9gtT4czhsy/t81jmuapBFyr6KYOkh5L359/5SiOdXc/tss8SA3Zp+ouT1aRfG35MlzviuPvfbZbAzmDraEYo5IzAUj5T8GyFBqOnD7C5zkP3cv4+Aho5Z1tBRUHw6cfxv4nOgVX5g6P2oeXIEGroV84RwshFViibXBUctDc1ieBROF6tPkoyWGuc3e0C3GugEEL0K0jJf+Tn2qVrg+KSDq5C3Dq+w+8qthduIhp9d+CAuq8csnazyjRHnvc77KevNBwHjlzE+vcIoTZGZAIDbSS3yzpA6nA6ZmXznr3s8aERv6KeCs7zi1IIVbVzvGgvweKD7ZJbY62cc+i0E2xaHe3lVF7O91MSpQh41V1Swre5zcZENjGQcDZyiXGSvDuYwS2bWf/HTct7lXKHelir8J3bn4UlNpnQ+NB1IIMQ136hqoQRCrHXM6A4mFDhHBf2sxQFyz4rpSzShJ/Opeqt80bh0RmkF8Rp49b6yQlqaFx68ojoRJKypSHB5vGoWTe2wk3n2SnIkp4RHhHC7EJXRhheYBk8xkeWdDH6QIifrn7CoDhcElIEbBNU43rxOP4gD+9rfb2d7NNzGQZifg9EtBR6QgdhDBTSdYRWPgBAkNBihwpp2zN/fg3uh+57yLq127ugOx64ipJ4ZaRW0q4qDrV1r2Gi1cMp+of2ur/PuiL+6idw4OYry8m3sX8pBuon4k4Yy65XVdm2JzffrWqjBu20+xFXfr3lQ0xFHHLgyMFQ6wGzIoMwaXgwVcKn8YCfFxwDWTgmsWic3vBuojKENymi2Hkwl28Wy/SLOxKgWlwJTEn9zOvWJr8FXzaQPVTQiBf5DM88nXR2MMYm+y4oMpq hPS+Vd34 eHc0TPPH+MkBboVvnDBJ8UefUoXHk8ge238op5oOZybocUHtTirth4k0ONexOOTLAtuLpRPCFGMDHZWlgA0D+oPaX09WO8wla7wEmQOnHKJ21vsKv2gU8LgSRBygju7Wgthj+VVgY2zm89k0vH1FJJHiCD2BfGpkxgsfmOSISLB0GK1AWBUDOmek1Wyd8TVLfbFKVr+ijAdg3OnhbpoZKvGLDddmyimQxW2tCwE241sO/gvNH9PCI/6851KSY7hbuvk2UFssTrxa73gqE16bfoHUMg7uG/bd448sVgESc34zTDGY1dwz0vB7PUBoumBd1rPtTMIalZoO6IQJebHTHQTEsEqyvnk+zmPXuk83rqsu2lVFPk+6X6Us+vu7jadBk+YtXwPqlHDtpjNPQZYwow+nLBFNOvSAwltNYqYOzSx6fx11uBpDQcICS90WH4QN41BbPRCJ+SW1B+tavWjB7VGEAKioWtSIpsPhXNQBn6qXXnrV6xAXZfV3ILIz8g46wLZZjPMEZQHF+wM/XTP5w0e97OH8dNISNL8lW3MGlNZCghLdv67cb6l0uPlUSPWHWEjbjH0RxcFkgV6UGtMM7VAhD+XyaraI8Q+o4GFRnAxByDVyEIKxb3dvY5A== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, 20 Feb 2023 12:38:23 -0600 Michael Roth wrote: > From: Brijesh Singh > > The next generation of SEV is called SEV-SNP (Secure Nested Paging). > SEV-SNP builds upon existing SEV and SEV-ES functionality while adding new > hardware based security protection. SEV-SNP adds strong memory encryption > integrity protection to help prevent malicious hypervisor-based attacks > such as data replay, memory re-mapping, and more, to create an isolated > execution environment. > > The SNP feature is added incrementally, the later patches adds a new module > parameters that can be used to enabled SEV-SNP in the KVM. > > Signed-off-by: Brijesh Singh > Signed-off-by: Ashish Kalra > Signed-off-by: Michael Roth > --- > arch/x86/kvm/svm/sev.c | 10 +++++++++- > arch/x86/kvm/svm/svm.h | 8 ++++++++ > 2 files changed, 17 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c > index 9e9efb42a766..51db01b282eb 100644 > --- a/arch/x86/kvm/svm/sev.c > +++ b/arch/x86/kvm/svm/sev.c > @@ -58,6 +58,9 @@ module_param_named(sev_es, sev_es_enabled, bool, 0444); > #define sev_es_enabled false > #endif /* CONFIG_KVM_AMD_SEV */ > > +/* enable/disable SEV-SNP support */ > +static bool sev_snp_enabled; > + > #define AP_RESET_HOLD_NONE 0 > #define AP_RESET_HOLD_NAE_EVENT 1 > #define AP_RESET_HOLD_MSR_PROTO 2 > @@ -2306,6 +2309,7 @@ void __init sev_hardware_setup(void) > { > #ifdef CONFIG_KVM_AMD_SEV > unsigned int eax, ebx, ecx, edx, sev_asid_count, sev_es_asid_count; > + bool sev_snp_supported = false; > bool sev_es_supported = false; > bool sev_supported = false; > > @@ -2385,12 +2389,16 @@ void __init sev_hardware_setup(void) > if (misc_cg_set_capacity(MISC_CG_RES_SEV_ES, sev_es_asid_count)) > goto out; > > - pr_info("SEV-ES supported: %u ASIDs\n", sev_es_asid_count); > sev_es_supported = true; > + sev_snp_supported = sev_snp_enabled && cpu_feature_enabled(X86_FEATURE_SEV_SNP); > + > + pr_info("SEV-ES %ssupported: %u ASIDs\n", > + sev_snp_supported ? "and SEV-SNP " : "", sev_es_asid_count); > > out: > sev_enabled = sev_supported; > sev_es_enabled = sev_es_supported; > + sev_snp_enabled = sev_snp_supported; > #endif > } > > diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h > index 5efcf036ccad..8eb1b51e92f5 100644 > --- a/arch/x86/kvm/svm/svm.h > +++ b/arch/x86/kvm/svm/svm.h > @@ -76,6 +76,7 @@ enum { > struct kvm_sev_info { > bool active; /* SEV enabled guest */ > bool es_active; /* SEV-ES enabled guest */ > + bool snp_active; /* SEV-SNP enabled guest */ > unsigned int asid; /* ASID used for this guest */ > unsigned int handle; /* SEV firmware handle */ > int fd; /* SEV device fd */ > @@ -323,6 +324,13 @@ static __always_inline bool sev_es_guest(struct kvm *kvm) > #endif > } > > +static inline bool sev_snp_guest(struct kvm *kvm) > +{ > + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; > + > + return sev_es_guest(kvm) && sev->snp_active; > +} > + Maybe also use __always_inline like sev_es_guest() above? It seems solved some warnings before: https://lore.kernel.org/all/20210624095147.880513802@infradead.org/ > static inline void vmcb_mark_all_dirty(struct vmcb *vmcb) > { > vmcb->control.clean = 0;