Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp3285961ybb;
        Tue, 31 Mar 2020 02:06:53 -0700 (PDT)
X-Google-Smtp-Source: ADFU+vsaDOxyPXSbaTv0WsBqq4wfS0CHyayUSeYmnOPYYNHPzDpVEHZVF5mpkOMSoYvARnz6vhT9
X-Received: by 2002:a9d:3a45:: with SMTP id j63mr11348863otc.71.1585645612970;
        Tue, 31 Mar 2020 02:06:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1585645612; cv=none;
        d=google.com; s=arc-20160816;
        b=LI7yCtElBUKEkVP9CS2rmb/uvvg0Xj3M8crOyEJ4P6/s5e4yOtpSv2e9JoDE6AhEAB
         E/g2d3LrjXrzg+WV2XNpR+8nbsRcmKA8/FYv7Y7bqp5d2ElPAUQF1eAokElhe2f3XXjB
         PSBJF6Fx3FE+f1ECbb0scMotSy1jLbM5r2BGqtsw3YuxKZYI13JTGmh7hZM/VqqxvCCJ
         iIWAK8CZC2M1EJg+SRgOkjhf+N4BcVrgPSUibNessCHA+OcK9r9d6c2DaURsomeJJgO7
         yESw9IR+rmkrOo3n0P6bUENNOySt+FM60FS9J6dsB6EKn95MK1VsgW0UgbOUJc9vi7z9
         5NHw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=Xy2fPiL2g4u3AKEyHjyVCKZ44lVTow+OtD/+Xoetflo=;
        b=gL97HShLq3dU6OYmM6m1n2bchBj3xajpwYj5/ws1Ry7Gbvtz5pztXKZYeMnlqfoF3N
         YonQC7KljFCDNzwp2MAfZK9QIMuzKGw9cRg9bDPDpgzxOJ/ACMvbJhFvkHXazhFoh3tb
         stjdlm0pXLfJp5awCLbco4xyroTFuIKR8B1bk/w3a7P5RI94MZfhq+0PvMh8Wgk08JKF
         ihIaZK+FazE3WLQe28/++jef/jjSX3OtENDnm4lC2uAEp//IH/ksSpLhnibjnoyF64AX
         rFm8JEMn8ndR5JOP4hDpnP0zdriDaV652Xc+q5yCrFPCMZO3HEs1ZipG3Vwl+PdeoRiH
         y4tQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=C0QUXvKI;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id m16si7015818ooq.88.2020.03.31.02.06.40;
        Tue, 31 Mar 2020 02:06:52 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=C0QUXvKI;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730886AbgCaJGZ (ORCPT <rfc822;rafael.sjavar@gmail.com>
        + 99 others); Tue, 31 Mar 2020 05:06:25 -0400
Received: from mail.kernel.org ([198.145.29.99]:47568 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1730348AbgCaJGN (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 31 Mar 2020 05:06:13 -0400
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id D127A208E0;
        Tue, 31 Mar 2020 09:06:11 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1585645572;
        bh=Op9x9fk8WH1ceKJCatqOiO699VelXceIrN1eqoxYmkY=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=C0QUXvKI5bAixpeFOpYer/AvOzv3wFIznkfhHni48rUEDxFcc1PdP5mlKOzda4n/N
         4YyA3TW35CQy/toQgJQPWwuFgxII5HGTVkhgYo+EsLxlKSl8B+Vte/6IyzhrX59YDN
         254TWHFhq5/CKHrB7SU8pomLp3HjXFsE5qmCqIjA=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Tom Lendacky <thomas.lendacky@amd.com>,
        Paolo Bonzini <pbonzini@redhat.com>
Subject: [PATCH 5.5 094/170] KVM: SVM: Issue WBINVD after deactivating an SEV guest
Date:   Tue, 31 Mar 2020 10:58:28 +0200
Message-Id: <20200331085434.233242373@linuxfoundation.org>
X-Mailer: git-send-email 2.26.0
In-Reply-To: <20200331085423.990189598@linuxfoundation.org>
References: <20200331085423.990189598@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Tom Lendacky <thomas.lendacky@amd.com>

commit 2e2409afe5f0c284c7dfe5504058e8d115806a7d upstream.

Currently, CLFLUSH is used to flush SEV guest memory before the guest is
terminated (or a memory hotplug region is removed). However, CLFLUSH is
not enough to ensure that SEV guest tagged data is flushed from the cache.

With 33af3a7ef9e6 ("KVM: SVM: Reduce WBINVD/DF_FLUSH invocations"), the
original WBINVD was removed. This then exposed crashes at random times
because of a cache flush race with a page that had both a hypervisor and
a guest tag in the cache.

Restore the WBINVD when destroying an SEV guest and add a WBINVD to the
svm_unregister_enc_region() function to ensure hotplug memory is flushed
when removed. The DF_FLUSH can still be avoided at this point.

Fixes: 33af3a7ef9e6 ("KVM: SVM: Reduce WBINVD/DF_FLUSH invocations")
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Message-Id: <c8bf9087ca3711c5770bdeaafa3e45b717dc5ef4.1584720426.git.thomas.lendacky@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kvm/svm.c |   22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -1920,14 +1920,6 @@ static void sev_clflush_pages(struct pag
 static void __unregister_enc_region_locked(struct kvm *kvm,
 					   struct enc_region *region)
 {
-	/*
-	 * The guest may change the memory encryption attribute from C=0 -> C=1
-	 * or vice versa for this memory range. Lets make sure caches are
-	 * flushed to ensure that guest data gets written into memory with
-	 * correct C-bit.
-	 */
-	sev_clflush_pages(region->pages, region->npages);
-
 	sev_unpin_memory(kvm, region->pages, region->npages);
 	list_del(&region->list);
 	kfree(region);
@@ -1958,6 +1950,13 @@ static void sev_vm_destroy(struct kvm *k
 	mutex_lock(&kvm->lock);
 
 	/*
+	 * Ensure that all guest tagged cache entries are flushed before
+	 * releasing the pages back to the system for use. CLFLUSH will
+	 * not do this, so issue a WBINVD.
+	 */
+	wbinvd_on_all_cpus();
+
+	/*
 	 * if userspace was terminated before unregistering the memory regions
 	 * then lets unpin all the registered memory.
 	 */
@@ -7212,6 +7211,13 @@ static int svm_unregister_enc_region(str
 		goto failed;
 	}
 
+	/*
+	 * Ensure that all guest tagged cache entries are flushed before
+	 * releasing the pages back to the system for use. CLFLUSH will
+	 * not do this, so issue a WBINVD.
+	 */
+	wbinvd_on_all_cpus();
+
 	__unregister_enc_region_locked(kvm, region);
 
 	mutex_unlock(&kvm->lock);