Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1639648pxu; Sun, 6 Dec 2020 02:29:58 -0800 (PST) X-Google-Smtp-Source: ABdhPJytAO+bwSTpq1hOSuJyOmlpgmjWwMJpverzpBFxRX9fcg9AsXLI4w1q9i9TSO378ICNO+Sb X-Received: by 2002:a17:906:4994:: with SMTP id p20mr14562276eju.391.1607250598480; Sun, 06 Dec 2020 02:29:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607250598; cv=none; d=google.com; s=arc-20160816; b=RWrqOsI5nemcAhQET0M/Yf74AO2COlUQ5DiHXDDMJl/gQ8/ytAHOwnrfOEvO8tnXxE 6K7zrTlDqcOKzkBNgAiNpJM8yjPosnF4gZDcw0jMw0BcC9x65NAu55dB3ensJmhR02Un 0ONJpByKV0lIQGMUPpg8Cr5Mr9hY99NCxrP9Mi80DWWhp9gZUjjoXfY2x+G8Byh/bk1m i0KvsH5KXoczNUNV8M/72MgvhOpGsVP6PRZcv+IXAtAgHjND9UItVl4wxQXVOHOhSrF2 rbT+HiXUYCKaw6qvV/xDz0YM6qgXu1aeAhTowocn8tCUMxxH1xCv6qZoqSTaO2ig0FY/ rOlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=aJIrgW7mTTQlynTZ3aiM64Xrj0jHXvCpxGNmSuVEGWU=; b=uYlp+jHUPO1YOtIsM2AbB2du+cnJZLtSzleD5oY9hSW2CXenzL9kEHvP15TY1wz/iV dBkC5dKFxiiKJ2Z/VEqmVJvxZaNuMxgK8gaZXreS5MdIwSbx8z48f93s93DXH5xMvohr T1unZfDMxD7PBJTZi4CXacV2JR27sJvpYd9pTxEwbNbr2Bo+EViFIyOLDcd2G0aOoK+Q nkzbSesytrKSkp/BeAVV6W86rUk1g+LtkzWyAjqGpuAyWsRRm4Gl4ZkD1Wlx1SD0iZmT UCSAU8pKfrf9q8C2pUymW+9jf5T217eGCn+nT2GRSpjaIEWTG+9w4H+rA9K6reLfNh6G VUCg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=VLwei7We; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v10si4557840ejy.467.2020.12.06.02.29.35; Sun, 06 Dec 2020 02:29:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=VLwei7We; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726948AbgLFK1p (ORCPT + 99 others); Sun, 6 Dec 2020 05:27:45 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:35116 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725767AbgLFK1o (ORCPT ); Sun, 6 Dec 2020 05:27:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607250378; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aJIrgW7mTTQlynTZ3aiM64Xrj0jHXvCpxGNmSuVEGWU=; b=VLwei7WevRFKGkD+XqpjVcf06yLXbIqoEG+hrN9XQZOc2/+O58W2DKrDnpelAKKFheT6o7 mI07dJdjeSy3JhJrhUudiEaiN2aNwp6KUmzpHDr/HYpv5LAgTHT2ngd+MLYLEC8nEibyNp iL4p5tlTh0TiDvTWBEsBtnPruF2CoVY= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-286-DxTI93s4MVWvw036RxLdAQ-1; Sun, 06 Dec 2020 05:26:16 -0500 X-MC-Unique: DxTI93s4MVWvw036RxLdAQ-1 Received: by mail-wm1-f69.google.com with SMTP id a130so7892959wmf.0 for ; Sun, 06 Dec 2020 02:26:16 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=aJIrgW7mTTQlynTZ3aiM64Xrj0jHXvCpxGNmSuVEGWU=; b=YtqXQRcul3m+5GQvn2XRIe3Egoui+iTfxsg4CKmBqlUlpnJoxaUTyKM0tbY4cNLBYg dMNYzRbKq6Y1TyAMS8u3iS8BWJBaM0GsTYqo9N77s6eQi1x3/zpGazB/tzrfNtMfti1R qMmY1JWd7F4TuI9Tp3gz5BCgc6mPOjilvBXCmbjZeonHPPuAa+wDBcdA6fzMhz0Nzcr2 xpxOgLUEJAYgPZCvZLWLRIXXDQ3xZWTc31CJeYUTXFQEB3SWBI0flBEhNqgHUePS1ewt gmy93mizglioSpbh92xhO80RtIFM8/6hyxSJcNxcf/y9ZhZmo0YDhoSBh6zf5VqxiYpc /1lw== X-Gm-Message-State: AOAM532rlBCIivzvp2LbsEKoBazIE7vfaT6a8i3eEEW3Y9mXuX7EMY9V k9uaWCLVXVxZ9yAsOyW91GWmvuWK/foKJX6vNeaRo1MS3yshldpJRSwd+tDOtREYK+ppW6BakZ5 B3QCBjamu7U4KgwODQa74S3UH X-Received: by 2002:a5d:6286:: with SMTP id k6mr14267423wru.309.1607250374960; Sun, 06 Dec 2020 02:26:14 -0800 (PST) X-Received: by 2002:a5d:6286:: with SMTP id k6mr14267403wru.309.1607250374789; Sun, 06 Dec 2020 02:26:14 -0800 (PST) Received: from ?IPv6:2001:b07:6468:f312:63a7:c72e:ea0e:6045? ([2001:b07:6468:f312:63a7:c72e:ea0e:6045]) by smtp.gmail.com with ESMTPSA id o74sm10679578wme.36.2020.12.06.02.26.13 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 06 Dec 2020 02:26:14 -0800 (PST) Subject: Re: [PATCH v2 1/9] KVM: x86: Add AMD SEV specific Hypercall3 To: Sean Christopherson , Ashish Kalra Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, joro@8bytes.org, bp@suse.de, thomas.lendacky@amd.com, x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, srutherford@google.com, brijesh.singh@amd.com, dovmurik@linux.vnet.ibm.com, tobin@ibm.com, jejb@linux.ibm.com, frankeh@us.ibm.com, dgilbert@redhat.com References: From: Paolo Bonzini Message-ID: Date: Sun, 6 Dec 2020 11:26:12 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/12/20 01:34, Sean Christopherson wrote: > On Tue, Dec 01, 2020, Ashish Kalra wrote: >> From: Brijesh Singh >> >> KVM hypercall framework relies on alternative framework to patch the >> VMCALL -> VMMCALL on AMD platform. If a hypercall is made before >> apply_alternative() is called then it defaults to VMCALL. The approach >> works fine on non SEV guest. A VMCALL would causes #UD, and hypervisor >> will be able to decode the instruction and do the right things. But >> when SEV is active, guest memory is encrypted with guest key and >> hypervisor will not be able to decode the instruction bytes. >> >> Add SEV specific hypercall3, it unconditionally uses VMMCALL. The hypercall >> will be used by the SEV guest to notify encrypted pages to the hypervisor. > > What if we invert KVM_HYPERCALL and X86_FEATURE_VMMCALL to default to VMMCALL > and opt into VMCALL? It's a synthetic feature flag either way, and I don't > think there are any existing KVM hypercalls that happen before alternatives are > patched, i.e. it'll be a nop for sane kernel builds. > > I'm also skeptical that a KVM specific hypercall is the right approach for the > encryption behavior, but I'll take that up in the patches later in the series. Do you think that it's the guest that should "donate" memory for the bitmap instead? Paolo > >> Cc: Thomas Gleixner >> Cc: Ingo Molnar >> Cc: "H. Peter Anvin" >> Cc: Paolo Bonzini >> Cc: "Radim Krčmář" >> Cc: Joerg Roedel >> Cc: Borislav Petkov >> Cc: Tom Lendacky >> Cc: x86@kernel.org >> Cc: kvm@vger.kernel.org >> Cc: linux-kernel@vger.kernel.org >> Reviewed-by: Steve Rutherford >> Reviewed-by: Venu Busireddy >> Signed-off-by: Brijesh Singh >> Signed-off-by: Ashish Kalra >> --- >> arch/x86/include/asm/kvm_para.h | 12 ++++++++++++ >> 1 file changed, 12 insertions(+) >> >> diff --git a/arch/x86/include/asm/kvm_para.h b/arch/x86/include/asm/kvm_para.h >> index 338119852512..bc1b11d057fc 100644 >> --- a/arch/x86/include/asm/kvm_para.h >> +++ b/arch/x86/include/asm/kvm_para.h >> @@ -85,6 +85,18 @@ static inline long kvm_hypercall4(unsigned int nr, unsigned long p1, >> return ret; >> } >> >> +static inline long kvm_sev_hypercall3(unsigned int nr, unsigned long p1, >> + unsigned long p2, unsigned long p3) >> +{ >> + long ret; >> + >> + asm volatile("vmmcall" >> + : "=a"(ret) >> + : "a"(nr), "b"(p1), "c"(p2), "d"(p3) >> + : "memory"); >> + return ret; >> +} >> + >> #ifdef CONFIG_KVM_GUEST >> bool kvm_para_available(void); >> unsigned int kvm_arch_para_features(void); >> -- >> 2.17.1 >> >