提交 70cd94e6 编写于 作者: B Brijesh Singh

KVM: SVM: VMRUN should use associated ASID when SEV is enabled

SEV hardware uses ASIDs to associate a memory encryption key with a
guest VM. During guest creation, a SEV VM uses the SEV_CMD_ACTIVATE
command to bind a particular ASID to the guest. Lets make sure that the
VMCB is programmed with the bound ASID before a VMRUN.

Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: x86@kernel.org
Cc: kvm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com>
Reviewed-by: NBorislav Petkov <bp@suse.de>
上级 1654efcb
...@@ -213,6 +213,9 @@ struct vcpu_svm { ...@@ -213,6 +213,9 @@ struct vcpu_svm {
*/ */
struct list_head ir_list; struct list_head ir_list;
spinlock_t ir_list_lock; spinlock_t ir_list_lock;
/* which host CPU was used for running this vcpu */
unsigned int last_cpu;
}; };
/* /*
...@@ -341,6 +344,13 @@ static inline bool sev_guest(struct kvm *kvm) ...@@ -341,6 +344,13 @@ static inline bool sev_guest(struct kvm *kvm)
return sev->active; return sev->active;
} }
static inline int sev_get_asid(struct kvm *kvm)
{
struct kvm_sev_info *sev = &kvm->arch.sev_info;
return sev->asid;
}
static inline void mark_all_dirty(struct vmcb *vmcb) static inline void mark_all_dirty(struct vmcb *vmcb)
{ {
vmcb->control.clean = 0; vmcb->control.clean = 0;
...@@ -551,6 +561,9 @@ struct svm_cpu_data { ...@@ -551,6 +561,9 @@ struct svm_cpu_data {
struct kvm_ldttss_desc *tss_desc; struct kvm_ldttss_desc *tss_desc;
struct page *save_area; struct page *save_area;
/* index = sev_asid, value = vmcb pointer */
struct vmcb **sev_vmcbs;
}; };
static DEFINE_PER_CPU(struct svm_cpu_data *, svm_data); static DEFINE_PER_CPU(struct svm_cpu_data *, svm_data);
...@@ -864,6 +877,7 @@ static void svm_cpu_uninit(int cpu) ...@@ -864,6 +877,7 @@ static void svm_cpu_uninit(int cpu)
return; return;
per_cpu(svm_data, raw_smp_processor_id()) = NULL; per_cpu(svm_data, raw_smp_processor_id()) = NULL;
kfree(sd->sev_vmcbs);
__free_page(sd->save_area); __free_page(sd->save_area);
kfree(sd); kfree(sd);
} }
...@@ -877,11 +891,18 @@ static int svm_cpu_init(int cpu) ...@@ -877,11 +891,18 @@ static int svm_cpu_init(int cpu)
if (!sd) if (!sd)
return -ENOMEM; return -ENOMEM;
sd->cpu = cpu; sd->cpu = cpu;
sd->save_area = alloc_page(GFP_KERNEL);
r = -ENOMEM; r = -ENOMEM;
sd->save_area = alloc_page(GFP_KERNEL);
if (!sd->save_area) if (!sd->save_area)
goto err_1; goto err_1;
if (svm_sev_enabled()) {
r = -ENOMEM;
sd->sev_vmcbs = kmalloc((max_sev_asid + 1) * sizeof(void *), GFP_KERNEL);
if (!sd->sev_vmcbs)
goto err_1;
}
per_cpu(svm_data, cpu) = sd; per_cpu(svm_data, cpu) = sd;
return 0; return 0;
...@@ -1498,10 +1519,16 @@ static int avic_init_backing_page(struct kvm_vcpu *vcpu) ...@@ -1498,10 +1519,16 @@ static int avic_init_backing_page(struct kvm_vcpu *vcpu)
static void __sev_asid_free(int asid) static void __sev_asid_free(int asid)
{ {
int pos; struct svm_cpu_data *sd;
int cpu, pos;
pos = asid - 1; pos = asid - 1;
clear_bit(pos, sev_asid_bitmap); clear_bit(pos, sev_asid_bitmap);
for_each_possible_cpu(cpu) {
sd = per_cpu(svm_data, cpu);
sd->sev_vmcbs[pos] = NULL;
}
} }
static void sev_asid_free(struct kvm *kvm) static void sev_asid_free(struct kvm *kvm)
...@@ -4466,12 +4493,39 @@ static void reload_tss(struct kvm_vcpu *vcpu) ...@@ -4466,12 +4493,39 @@ static void reload_tss(struct kvm_vcpu *vcpu)
load_TR_desc(); load_TR_desc();
} }
static void pre_sev_run(struct vcpu_svm *svm, int cpu)
{
struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
int asid = sev_get_asid(svm->vcpu.kvm);
/* Assign the asid allocated with this SEV guest */
svm->vmcb->control.asid = asid;
/*
* Flush guest TLB:
*
* 1) when different VMCB for the same ASID is to be run on the same host CPU.
* 2) or this VMCB was executed on different host CPU in previous VMRUNs.
*/
if (sd->sev_vmcbs[asid] == svm->vmcb &&
svm->last_cpu == cpu)
return;
svm->last_cpu = cpu;
sd->sev_vmcbs[asid] = svm->vmcb;
svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ASID;
mark_dirty(svm->vmcb, VMCB_ASID);
}
static void pre_svm_run(struct vcpu_svm *svm) static void pre_svm_run(struct vcpu_svm *svm)
{ {
int cpu = raw_smp_processor_id(); int cpu = raw_smp_processor_id();
struct svm_cpu_data *sd = per_cpu(svm_data, cpu); struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
if (sev_guest(svm->vcpu.kvm))
return pre_sev_run(svm, cpu);
/* FIXME: handle wraparound of asid_generation */ /* FIXME: handle wraparound of asid_generation */
if (svm->asid_generation != sd->asid_generation) if (svm->asid_generation != sd->asid_generation)
new_asid(svm, sd); new_asid(svm, sd);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册