Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp3379767pxj; Mon, 24 May 2021 05:31:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx9gGNEjaZek90/LbP0JgXjdx/FrmcyGtQRtSkq7jHbPlf8Jkj3VHPR7uOcOinPDmwjP2nc X-Received: by 2002:a17:906:abcc:: with SMTP id kq12mr23492680ejb.97.1621859486590; Mon, 24 May 2021 05:31:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621859486; cv=none; d=google.com; s=arc-20160816; b=XRsNBShCpWWNOh4gj/eFDZXV5GLiopEHkNrpmTStl4/mJIgykcC/nWeDNzYeQlLppt 9pZifkPP52s/9KKJNj11SZCZC5nP5weoDP9whIaMlu7ODc41omBXfMHaN2LEjXdF2hmG pJyyedPg/QONM48UIpKHoDzAq+/XLicXALZx60H9NOi4Azt19DV1DmTwRpW/vA6gwiL2 qcVrTp1sVQwEK4flvbXC+Dlvgi/BYgile64dEKai+pY9ZxDjzKo/2ZYl5wuFWERA00li 0QTgIe6qnyNJrwO1+6WUjw+RhKHY3kmof38K7Du2QtP0Tozyhu5xrMfHUvW3uoJLf0P6 4+Xw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=MF/OZbyChnf7NefLWpOKRbGY5MjAOqZmWg+o3M3i8A8=; b=A2V2R55hGSdcmlP4JsLP98gjnSPFnnOBG3GrtjzGANfd8WsZmXt+xH2+U9QVwiLWxa 4oH0aI9JlhgEb4ipT+L3l4bGE88YLfuS9GbYvX0xZpgoDsqT9nAPc0oHb6xvjfVpofa3 XSwyAFBrem1ARQmeSA4NcIrrCqLYsII3DLuJ37qoPolFrj03/pDL085VSEqYy8WuGSEA pOVCyiTKgVatRvWz3FbZ6d7EtRAbc9m6qvwY6tZSkMkNnRYDRQ0UzAg34vDSJioCvTyz 2odqjeA29xRdES/U38b4jycL3O53vqPf88ffzS3dey8W6SW1087N5Rm2w2YmE5d0USOH wqqw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=NyL+kfzG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b13si14562027ede.317.2021.05.24.05.31.02; Mon, 24 May 2021 05:31:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=NyL+kfzG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232664AbhEXMbG (ORCPT + 99 others); Mon, 24 May 2021 08:31:06 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:25215 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232476AbhEXMbF (ORCPT ); Mon, 24 May 2021 08:31:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1621859377; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MF/OZbyChnf7NefLWpOKRbGY5MjAOqZmWg+o3M3i8A8=; b=NyL+kfzGEYY3RZlyh+X3mZlmstSpSnOVZbzRCYyFo5un3Rl9M/ZNdoWVq2CPKIFNa0DDgo avF58E5GpAeJRgmOWXXafdv5RKKUS6IJNrUj4pdPNzZaCsdLHqb/oOjQD8hGOXzV+BCQUq cIXnAa5Zul+us2Nh+uUs68fEW2fWj48= Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-418-DI4HyUp1PbeZ-gMsI-iuSQ-1; Mon, 24 May 2021 08:29:35 -0400 X-MC-Unique: DI4HyUp1PbeZ-gMsI-iuSQ-1 Received: by mail-ed1-f69.google.com with SMTP id h18-20020a05640250d2b029038cc3938914so15532839edb.17 for ; Mon, 24 May 2021 05:29:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=MF/OZbyChnf7NefLWpOKRbGY5MjAOqZmWg+o3M3i8A8=; b=aWQaaAw//VJtVPfM1Gn12XL4Hni9eRC7dc/ACb6D83Vsi8lW+2Iz5vJOB3Ub5d21+u oWVTrdHgWhK0JHuQexmEri5/+E9MXDNH9iLZNC7RFVha1u0qaEpaWz2gi1Uvah1enEKu I+6sL9mx4WxJVh2HehMIIUr8/Uxh9zeHUkmhrAdei2038iD2i2MRoEDGS37ONw1MTf30 63P6XE5jDIPoUj/mZL/zlar8qfXaQmm0B2PtxDVXo+E7lCcxwBmkn0H/lBBFrBVDsCCs SONqLa5Ip09OqwJl1AxzFNi/WljGKKdHhDAHzYVviisQtKf/OSLRlFIRnyvsvGr/woF+ BXzQ== X-Gm-Message-State: AOAM530Ig4CigifXEmtwCTWvTrlkFjwwshdhbz7aQDffuNRDfyhvYIIl 11i0HZTmslD1kRbvd5P2AQCs7xT5RHH9qdac8pq9kjqCq48ekNCB+j57XZfF9a3ZvU9xoxuBDR/ NoPBeFCa/dUMJqAOnC617Von2 X-Received: by 2002:a17:906:a0a:: with SMTP id w10mr23066244ejf.416.1621859374593; Mon, 24 May 2021 05:29:34 -0700 (PDT) X-Received: by 2002:a17:906:a0a:: with SMTP id w10mr23066229ejf.416.1621859374440; Mon, 24 May 2021 05:29:34 -0700 (PDT) Received: from ?IPv6:2001:b07:6468:f312:c8dd:75d4:99ab:290a? ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id t23sm9432789edq.74.2021.05.24.05.29.33 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 May 2021 05:29:33 -0700 (PDT) Subject: Re: [PATCH] KVM: SVM: Assume a 64-bit hypercall for guests with protected state To: Tom Lendacky , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh , Ashish Kalra References: From: Paolo Bonzini Message-ID: <98671460-e0db-3f04-ce4f-157f133c82a0@redhat.com> Date: Mon, 24 May 2021 14:29:32 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 22/05/21 18:43, Tom Lendacky wrote: > When processing a hypercall for a guest with protected state, currently > SEV-ES guests, the guest CS segment register can't be checked to > determine if the guest is in 64-bit mode. For an SEV-ES guest, it is > expected that communication between the guest and the hypervisor is > performed to shared memory using the GHCB. In order to use the GHCB, the > guest must have been in long mode, otherwise writes by the guest to the > GHCB would be encrypted and not be able to be comprehended by the > hypervisor. Given that, assume that the guest is in 64-bit mode when > processing a hypercall from a guest with protected state. > > Fixes: f1c6366e3043 ("KVM: SVM: Add required changes to support intercepts under SEV-ES") > Reported-by: Sean Christopherson > Signed-off-by: Tom Lendacky > --- > arch/x86/kvm/x86.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index 9b6bca616929..e715c69bb882 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -8403,7 +8403,12 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu) > > trace_kvm_hypercall(nr, a0, a1, a2, a3); > > - op_64_bit = is_64_bit_mode(vcpu); > + /* > + * If running with protected guest state, the CS register is not > + * accessible. The hypercall register values will have had to been > + * provided in 64-bit mode, so assume the guest is in 64-bit. > + */ > + op_64_bit = is_64_bit_mode(vcpu) || vcpu->arch.guest_state_protected; > if (!op_64_bit) { > nr &= 0xFFFFFFFF; > a0 &= 0xFFFFFFFF; > Queued, thanks. Paolo