Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2745595pxb; Tue, 9 Mar 2021 09:46:56 -0800 (PST) X-Google-Smtp-Source: ABdhPJynt5/sDHqOoco8Rex83lg6KXTqZ8ebwofKNm8cCtl1/5aEbrLhIu/4fsBLOl79RWFX9okQ X-Received: by 2002:aa7:ce8a:: with SMTP id y10mr5568391edv.66.1615312015942; Tue, 09 Mar 2021 09:46:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1615312015; cv=none; d=google.com; s=arc-20160816; b=BpZeULdBMsAOco/Q/QcSlXaVbGFTijZ+Jz5F8C6GOvFcZFmgmp2K9pgGj0RuZWSBBu 1dc4fINDbxQZOtRT7kSEcVhRpOUrCSx4I3MwLQUC5ATsWNpfe0ThZz3Q0s1YJn2vG3Mt 6AF2WOgjMohURLVf8cp29MP4xvWQMlWr9OjqCF82G1WDEbLUwV6RE6vU+Rm7uBBwUO+o dhjUSaLN1JjI7+UDdBltCCe2klEl6liQFxjx/LZB/qzV6UGeoMy5ISuugqEKiBTYSMYP 6fnuX+JvyY+Tfd3aezK/M9qlxw2+39x47ud5ijQ4kmlzjfloQdyd8nyWl0xyq+exJpIN joCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=Ddj7nKUPn1pV75cOckX3PbYPAps+K18BC++0gJune7Q=; b=m5Z3ArfUzWpvpdpTAki1EtbVmo5/I9fqU0Wx+CtmT6goqJOv5mAhyonF85zl4E8Zpn ySEiRUYuFiJO9zSfxxi5WhGech0tuAjAA7chCAm/dlbqMuhd0vFxf29O//NrEjq1/lM7 x0egkxPtjIaT82EzmQXYda1EFFD8lEjNcxF/k+zhpJ9DOIludcRi/8acnRSkA02N+0XC Gu/XmPMcMgFa8txSy/XxMVxdOXaZFDv41+JeGXNQZlAUvl26hHUZwLg7qPUiY3v7n4nS MmrjaGtW/J2PhnwLlxks+x+YmhsUIplyJfyyPsK8HBbQlxYoC56eQEDitNqxxtg29wqR nC7w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=sDmP48uY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dk18si9295463edb.178.2021.03.09.09.46.33; Tue, 09 Mar 2021 09:46:55 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=sDmP48uY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231127AbhCIRpd (ORCPT + 99 others); Tue, 9 Mar 2021 12:45:33 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44858 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230173AbhCIRpJ (ORCPT ); Tue, 9 Mar 2021 12:45:09 -0500 Received: from mail-pj1-x102d.google.com (mail-pj1-x102d.google.com [IPv6:2607:f8b0:4864:20::102d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2F573C06175F for ; Tue, 9 Mar 2021 09:45:09 -0800 (PST) Received: by mail-pj1-x102d.google.com with SMTP id t9so1255417pjl.5 for ; Tue, 09 Mar 2021 09:45:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=Ddj7nKUPn1pV75cOckX3PbYPAps+K18BC++0gJune7Q=; b=sDmP48uYySkZp9vu5Jw6w6ZIZGiKV/YFHodszvUxJCgglWE+SCQM6TAOyY/FYoIQ5N igYMNFcHvfwXJklSRt95bQ9/wiNO+5ZdIxG3VdJt2wrhuEZp4ZxSFZwv1c/fPDwxBD1l xGWyx8v+H3/+AEsACUN22qZVdBF9e4ByA2S8jm0SgM6/zCcMb4lZ5FhxQmLya7Lv3tXC HcMefG/bbqj2JLYQY6mkrlt+6ncngDTojyHBy3cWAZz5HmPm/0SiJo1ifqGhXYVJYYC1 YGwRFx1Msn8MqWhEmrw2WuCHtnnUaCgEc46WWWEsSgfAqfGb0/mmgvPRhh8VGM8qCWkg 46BA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=Ddj7nKUPn1pV75cOckX3PbYPAps+K18BC++0gJune7Q=; b=hKIH9Ycjx8FtIi9pxtpwamB7+T6s5/qgT3eniyQf8mIFVQY95dVIEW7ZAefUYG3lgc ppDdW2IRX3H9ioKO9gHtjTIWCDcprg2fqjLyga0FIFOqhrJ8Vbg8qCbNoHvgBSn3uTgE OxHj4HHEvt7oubz1CNaaK890MEODe4n2EduamYRn6pIS0vQUBuNQC+1xYStYMO22QU5i 5t5Wr2KZUAh0HrMRljR9pcfXN5Iz1FiURzvKxp0G7vL+9LRQhdannxXbSCTT+xhZgrzb rm32fGAtxXePppcHh6mKs58v3jV+bzKgCd/iue+4XEXC283ndhVTutFWmXWBmabtNoG4 LLEQ== X-Gm-Message-State: AOAM531qp9ZAKCCH1bU+MIkj7xPIdlv8MdNebsnIc8PS7HggeVVqtsxV K8xreCyWdzjuvyiBgNKpp5OvXQ== X-Received: by 2002:a17:90a:7847:: with SMTP id y7mr5985611pjl.65.1615311908475; Tue, 09 Mar 2021 09:45:08 -0800 (PST) Received: from google.com ([2620:15c:f:10:8:847a:d8b5:e2cc]) by smtp.gmail.com with ESMTPSA id y16sm6083205pgl.58.2021.03.09.09.45.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Mar 2021 09:45:07 -0800 (PST) Date: Tue, 9 Mar 2021 09:45:01 -0800 From: Sean Christopherson To: Ashish Kalra Cc: Steve Rutherford , Tom Lendacky , Nathan Tempelman , Paolo Bonzini , X86 ML , KVM list , LKML , David Rientjes , Brijesh Singh Subject: Re: [RFC] KVM: x86: Support KVM VMs sharing SEV context Message-ID: References: <20210224085915.28751-1-natet@google.com> <9eb0b655-48ca-94d0-0588-2a4f3e5b3651@amd.com> <20210305223647.GA2289@ashkalra_ubuntu_server> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210305223647.GA2289@ashkalra_ubuntu_server> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 05, 2021, Ashish Kalra wrote: > On Thu, Feb 25, 2021 at 10:49:00AM -0800, Steve Rutherford wrote: > > On Thu, Feb 25, 2021 at 6:57 AM Tom Lendacky wrote: > > > >> +int svm_vm_copy_asid_to(struct kvm *kvm, unsigned int mirror_kvm_fd) > > > >> +{ > > > >> + struct file *mirror_kvm_file; > > > >> + struct kvm *mirror_kvm; > > > >> + struct kvm_sev_info *mirror_kvm_sev; > > > >> + unsigned int asid; > > > >> + int ret; > > > >> + > > > >> + if (!sev_guest(kvm)) > > > >> + return -ENOTTY; > > > > > > > > You definitely don't want this: this is the function that turns the vm > > > > into an SEV guest (marks SEV as active). > > > > > > The sev_guest() function does not set sev->active, it only checks it. The > > > sev_guest_init() function is where sev->active is set. > > Sorry, bad use of the english on my part: the "this" was referring to > > svm_vm_copy_asid_to. Right now, you could only pass this sev_guest > > check if you had already called sev_guest_init, which seems incorrect. > > > > > > > > > > > (Not an issue with this patch, but a broader issue) I believe > > > > sev_guest lacks the necessary acquire/release barriers on sev->active, > > > > > > The svm_mem_enc_op() takes the kvm lock and that is the only way into the > > > sev_guest_init() function where sev->active is set. > > There are a few places that check sev->active which don't have the kvm > > lock, which is not problematic if we add in a few compiler barriers > > (ala irqchip_split et al). Eh, I don't see the point in taking on the complexity of barriers. Ignoring the vCPU behavior, the only existing call that isn't safe is svm_register_enc_region(). Fixing that is trivial and easy to understand. As for the vCPU stuff, adding barriers will not make them safe. E.g. a barrier won't magically make init_vmcb() go back in time and set SVM_NESTED_CTL_SEV_ENABLE if SEV is enabled after vCPUs are created. > Probably, sev->active accesses can be made safe using READ_ONCE() & > WRITE_ONCE().