Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp1504752pxy; Fri, 23 Apr 2021 09:32:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzVClfeQBf0lJrcWNiisiYYdK+v1jqtkllkV4wGuf6fLb6/aXqITbiwmCripaB+v0XE85zY X-Received: by 2002:a17:90a:854b:: with SMTP id a11mr6715149pjw.17.1619195576572; Fri, 23 Apr 2021 09:32:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619195576; cv=none; d=google.com; s=arc-20160816; b=q3PBL5VboIxQCeXBBtKS073V5Lifdt86z0C9OtPMdvOjJW7NyagGXxRrx9vkvP+ySG ccqHQbl7XwiFli5rFa9jV4aMIE2FaF1Ja98ZBq2H3k5xgHAP+FejzHEG/Ngp6vFUrbsq Q1IBWyNBL2ECxVupERMdnO/lfJEUw5P6tOoGNkeCW2I/d6co8wHyEijFoiCYaR0HcE2T AZ6cfPwX5r9Y708qtP+bxcg7R3D/++VB1UimhoEY65scbJ6VFc5eHedt26310sUiuMq8 jdcgrZ97tXKIdFKX5MB0TUN8+eRyjWr/197/akvg9Cjmfkt0hNOR5OnGeaAq9JQddzyd PM9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=U2EXIvMnjtnhRUtBtSIOAaq4PzYyW6aIEs/mWjl+wGc=; b=OvJOIAcGoKS/urTR//+PzpEs/Xirdchxb2H8PHs6X2ZN1dT4v0xbmJOKbtbTteucdH d1g6u2gCrIBYIz2ln0UaE/LfWrS0ULyVVhxjSH9Ia0FhRTh/NI44w5hoZA0fh3usl0hO /T64Mcf9QyuWvUAaMLRnvZMK6mrdJDwbgr6MmVLBZgsZ/eLBEdB+wGZ046Pa9901Yuud LM5m+boCDzQQZVTClzjo1JfEKSbTqrKgpTlbAUToNFS/5xGJeyRmCYDRfifAWAkZXyBb zUYUsnwDXgdSD2Ulsu+BSDT+MMdQf8HcAyzuIzodXj/NxC44yzy6D3iRX3Gu+Hii3x3/ /tYA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=mLDTOowF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x12si6891104pgj.61.2021.04.23.09.32.29; Fri, 23 Apr 2021 09:32:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=mLDTOowF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231857AbhDWQcB (ORCPT + 99 others); Fri, 23 Apr 2021 12:32:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41246 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231437AbhDWQb4 (ORCPT ); Fri, 23 Apr 2021 12:31:56 -0400 Received: from mail-oi1-x234.google.com (mail-oi1-x234.google.com [IPv6:2607:f8b0:4864:20::234]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 888C5C06174A for ; Fri, 23 Apr 2021 09:31:18 -0700 (PDT) Received: by mail-oi1-x234.google.com with SMTP id e25so19752436oii.2 for ; Fri, 23 Apr 2021 09:31:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=U2EXIvMnjtnhRUtBtSIOAaq4PzYyW6aIEs/mWjl+wGc=; b=mLDTOowF7V5GRwuBLTnc9OCTmJbvNzDDORiSx6GCBRlkZyLY57vHXAfAqC2TyMUBhF /BkFiE7MJ/7vYAedb3/vsKpBRkyEUdOxQQ+WH0fH21zvaDz/y+pO9hxuVHiI0V95jM+/ e5i16Ft6BXJCYMQXjpS/43PdYDWs+g9+bh3QcLPgNbuyr4P5CkPjuHibHvNHAbu0sGdi /XhTh8VL6Zf9RFRkttCxBa0LlqpnGyAJwOG7zmU9xLPcPxnwAJMnhvXR8kPxTgy4kWom 3iqWfUR+6WpcZWxlbpigL8IJ7Drfd0zxVjtKKUU1Aqnuu3AMLMZ8QPOwIATtwYSZ23hq 2ZPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=U2EXIvMnjtnhRUtBtSIOAaq4PzYyW6aIEs/mWjl+wGc=; b=Hps4ub7PeDY1uJUpAPs8hptZgMfGtKbfzdB8LCKMyi+sG1saTBwYJ5ujsAzN+Foo45 wGURgssqEd6c9XNK49uJpwiUgEBNVd/cotk08M3xQP1zLPlpsNgIWSkqPjGO5aU36g+u Zg0As7MLZmr+1JYvy1hJdI6adByl5JGpp7Drbij8T5PbOTfI2AwXPHjw7EG7URKJhDAe tC1onEiM0wy6BWYzEqtIJyJXhPWVnRTwv1C78dxAQibnW0x5hoK6GYOHQJXIZLMpuuhy vP41x0lUSIjUBaxhKEhdRTYUw4IhYBv+KZGiZ22KSyitPQDb36JhAGMKHPw2E/g86QU4 8vow== X-Gm-Message-State: AOAM532h/9SszC80eL54iy57v7VqMyn6sUYYoBTfu7In58QhgSo5uosb VU3epwmdF6nGq8VnF7HUleYbCm/g5U/0aGBnYT5SnA== X-Received: by 2002:aca:408b:: with SMTP id n133mr4631502oia.13.1619195477655; Fri, 23 Apr 2021 09:31:17 -0700 (PDT) MIME-Version: 1.0 References: <76ad1a3f7ce817e8d269a6d58293fc128678affc.1619193043.git.ashish.kalra@amd.com> In-Reply-To: <76ad1a3f7ce817e8d269a6d58293fc128678affc.1619193043.git.ashish.kalra@amd.com> From: Jim Mattson Date: Fri, 23 Apr 2021 09:31:07 -0700 Message-ID: Subject: Re: [PATCH v2 1/4] KVM: x86: invert KVM_HYPERCALL to default to VMMCALL To: Ashish Kalra Cc: Paolo Bonzini , Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , Joerg Roedel , Borislav Petkov , Tom Lendacky , "the arch/x86 maintainers" , kvm list , LKML , Steve Rutherford , Sean Christopherson , venu.busireddy@oracle.com, Brijesh Singh Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 23, 2021 at 9:00 AM Ashish Kalra wrote: > > From: Ashish Kalra > > KVM hypercall framework relies on alternative framework to patch the > VMCALL -> VMMCALL on AMD platform. If a hypercall is made before > apply_alternative() is called then it defaults to VMCALL. The approach > works fine on non SEV guest. A VMCALL would causes #UD, and hypervisor > will be able to decode the instruction and do the right things. But > when SEV is active, guest memory is encrypted with guest key and > hypervisor will not be able to decode the instruction bytes. > > So invert KVM_HYPERCALL and X86_FEATURE_VMMCALL to default to VMMCALL > and opt into VMCALL. > > Cc: Thomas Gleixner > Cc: Ingo Molnar > Cc: "H. Peter Anvin" > Cc: Paolo Bonzini > Cc: Joerg Roedel > Cc: Borislav Petkov > Cc: Tom Lendacky > Cc: x86@kernel.org > Cc: kvm@vger.kernel.org > Cc: linux-kernel@vger.kernel.org > Signed-off-by: Brijesh Singh > Signed-off-by: Ashish Kalra > --- > arch/x86/include/asm/kvm_para.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/x86/include/asm/kvm_para.h b/arch/x86/include/asm/kvm_para.h > index 338119852512..fda2fe0d1b10 100644 > --- a/arch/x86/include/asm/kvm_para.h > +++ b/arch/x86/include/asm/kvm_para.h > @@ -19,7 +19,7 @@ static inline bool kvm_check_and_clear_guest_paused(void) > #endif /* CONFIG_KVM_GUEST */ > > #define KVM_HYPERCALL \ > - ALTERNATIVE("vmcall", "vmmcall", X86_FEATURE_VMMCALL) > + ALTERNATIVE("vmmcall", "vmcall", X86_FEATURE_VMCALL) > > /* For KVM hypercalls, a three-byte sequence of either the vmcall or the vmmcall > * instruction. The hypervisor may replace it with something else but only the > -- > 2.17.1 > Won't this result in the same problem when Intel implements full VM encryption?