Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4081595pxj; Mon, 24 May 2021 23:27:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzBMg+nVYEKFhlywsp32nCLla8qAf/qfdOHZ7aYetjIVs4Ds+BQaZu0e/bVQgWIch5TpGnZ X-Received: by 2002:a17:906:1982:: with SMTP id g2mr18356434ejd.184.1621924074385; Mon, 24 May 2021 23:27:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621924074; cv=none; d=google.com; s=arc-20160816; b=BSAVppGGXZD4N+2e4nx4ejNYblGiY2RNO6E4sPi7E9E6amRt025GK1LrXV865C+k10 +H9LK3AnYBU+DSGS4K7TYnMa/UpWyckCVhEJVWmarrm+GxrfvCNgz/U7324uRpfEoZ+D OOVDVU3qiZu/TvPfPvfA0vjLqA/MD8xqg7f1gCxpqTdWeZQ7NdrFX4727B1jUOrF0OmK diC0f3U/UyC2cC/2kKWlysJQzrawLQh49rRZRL0aeCSVqO7fP4B2eLUXsXjEjAE4FjpF lK7Xfkt/diX+/JqwZ07DMFCYtTtXsPIvVAOCKqqpsykpZ4Xj6V3ehTNdVN/mbvVFwJNf AUxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:dkim-signature; bh=O2u8/KcKMigjRFo17Ta45XDICW0GwxksgjFfdg5+KBE=; b=z3GL2rhgmtlytLcdgrw9z15f0g+XFfUGBxoEJpx/DvZ2gLf+S7aVIPgs+1gNDcSOHg KNVvWb47wpLlktVAqQxLDBaKRXEavG3CDJDh5ohtI6CTztJu3GunZLZcYN79er1KneBa /jwLiV0dRvrWbFe8HJkYjJYSNPeLDcGZF2klM6tyF27P8v3gkHS2UtreHILNvk6zNYGL osgUw/9OfHr7yyEKhGYm+/gY43BLGRdDMPpx60K3gKGtxQcDvL1I/dlmhP53WyZquDw6 vCO10zLJ0md5VAzl/kx1Du3W6Fi+bZobkiC707A9KZqm0S89oB7orGBoCTFzFg7PkDEm cPXA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Omkw1PwS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d15si11935450edu.375.2021.05.24.23.27.31; Mon, 24 May 2021 23:27:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Omkw1PwS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231187AbhEYG1I (ORCPT + 99 others); Tue, 25 May 2021 02:27:08 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:23597 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230415AbhEYG1H (ORCPT ); Tue, 25 May 2021 02:27:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1621923937; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=O2u8/KcKMigjRFo17Ta45XDICW0GwxksgjFfdg5+KBE=; b=Omkw1PwSALA5IGbe8g1DQOG7qGHVyO4AGZ2Py2CYwUZ5pjN2hQLZN/SwyZYy9Gb1nEiI0g 0N/UD6QMz/ztoFNtjhvRdOq47/i2sDKxBdAUvxm+i75pOFkQyn3KS9TtPgygSb3Ib5sw3y kkfAFKYmxGFCDTOIe5g9BevzHVWo7ds= Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-171-iesOGCBPML6kfd1FUGrQFA-1; Tue, 25 May 2021 02:25:35 -0400 X-MC-Unique: iesOGCBPML6kfd1FUGrQFA-1 Received: by mail-wr1-f69.google.com with SMTP id a9-20020adfc4490000b0290112095ca785so8874504wrg.14 for ; Mon, 24 May 2021 23:25:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version; bh=O2u8/KcKMigjRFo17Ta45XDICW0GwxksgjFfdg5+KBE=; b=raV3hfQn1pwt6w+8BW65c9QVRqJrkRYkBDJlkhWbQupgtfJ6+kysoEdhQbjFhCVuet 3VKUzfWCHvxAYWCY63ghrjFps5bEQBlOkLfH+uRPel69T81cHYdF6FDyE1Wkt2hIrpra aJfXscfmJftSjdq6tUXWCm5D9270CUBqGh6KqYnAlTYPkQ3sxuR7YGdO4A+4qZx/ffYl q3z5uFvjzjcGb8JhPln9+w6fuxWCrasDHMmZn5xMBJXLOyu5nBE8uJj0mDk8+Kr+9jun 5P6TfC9JlUT87KmT38rzZbQYRvSZtVZFChBC1CAuFPZvQNI/0yig1ClrzZIl2hmUbW9L v0Kw== X-Gm-Message-State: AOAM530LopsB/Vaj02FEs/2RatNfqWtH+f8TrkIHuu8y4U4EP5c/cPCs YKPCbGOFR/fnbrDicKhU3yd4FNN4NWtLgMXscYLqCxLdsVMMNBSdZDJoke4/GHq0HRnMdxokk6c teiZZvAn00zKPs9xufh+oINL9 X-Received: by 2002:adf:ed52:: with SMTP id u18mr24752101wro.379.1621923934830; Mon, 24 May 2021 23:25:34 -0700 (PDT) X-Received: by 2002:adf:ed52:: with SMTP id u18mr24752079wro.379.1621923934677; Mon, 24 May 2021 23:25:34 -0700 (PDT) Received: from vitty.brq.redhat.com (g-server-2.ign.cz. [91.219.240.2]) by smtp.gmail.com with ESMTPSA id i5sm15145188wrw.29.2021.05.24.23.25.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 24 May 2021 23:25:34 -0700 (PDT) From: Vitaly Kuznetsov To: Tom Lendacky , kvm@vger.kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh , Ashish Kalra , linux-kernel@vger.kernel.org, x86@kernel.org Subject: Re: [PATCH v2] KVM: x86: Assume a 64-bit hypercall for guests with protected state In-Reply-To: References: Date: Tue, 25 May 2021 08:25:32 +0200 Message-ID: <87cztf8h43.fsf@vitty.brq.redhat.com> MIME-Version: 1.0 Content-Type: text/plain Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Tom Lendacky writes: > When processing a hypercall for a guest with protected state, currently > SEV-ES guests, the guest CS segment register can't be checked to > determine if the guest is in 64-bit mode. For an SEV-ES guest, it is > expected that communication between the guest and the hypervisor is > performed to shared memory using the GHCB. In order to use the GHCB, the > guest must have been in long mode, otherwise writes by the guest to the > GHCB would be encrypted and not be able to be comprehended by the > hypervisor. > > Create a new helper function, is_64_bit_hypercall(), that assumes the > guest is in 64-bit mode when the guest has protected state, and returns > true, otherwise invoking is_64_bit_mode() to determine the mode. Update > the hypercall related routines to use is_64_bit_hypercall() instead of > is_64_bit_mode(). > > Add a WARN_ON_ONCE() to is_64_bit_mode() to catch occurences of calls to > this helper function for a guest running with protected state. > > Fixes: f1c6366e3043 ("KVM: SVM: Add required changes to support intercepts under SEV-ES") > Reported-by: Sean Christopherson > Signed-off-by: Tom Lendacky > --- > > Changes since v1: > - Create a new helper routine, is_64_bit_hypercall(), and use it in place > of is_64_bit_mode() in hypercall related areas. > - Add a WARN_ON_ONCE() to is_64_bit_mode() to issue a warning if invoked > for a guest with protected state. > --- > arch/x86/kvm/hyperv.c | 4 ++-- > arch/x86/kvm/x86.c | 2 +- > arch/x86/kvm/x86.h | 12 ++++++++++++ > arch/x86/kvm/xen.c | 2 +- > 4 files changed, 16 insertions(+), 4 deletions(-) > > diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c > index f98370a39936..1cdf2b213f41 100644 > --- a/arch/x86/kvm/hyperv.c > +++ b/arch/x86/kvm/hyperv.c > @@ -1818,7 +1818,7 @@ static void kvm_hv_hypercall_set_result(struct kvm_vcpu *vcpu, u64 result) > { > bool longmode; > > - longmode = is_64_bit_mode(vcpu); > + longmode = is_64_bit_hypercall(vcpu); > if (longmode) > kvm_rax_write(vcpu, result); > else { > @@ -1895,7 +1895,7 @@ int kvm_hv_hypercall(struct kvm_vcpu *vcpu) > } > > #ifdef CONFIG_X86_64 > - if (is_64_bit_mode(vcpu)) { > + if (is_64_bit_hypercall(vcpu)) { > param = kvm_rcx_read(vcpu); > ingpa = kvm_rdx_read(vcpu); > outgpa = kvm_r8_read(vcpu); > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index 9b6bca616929..dc72f0a1609a 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -8403,7 +8403,7 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu) > > trace_kvm_hypercall(nr, a0, a1, a2, a3); > > - op_64_bit = is_64_bit_mode(vcpu); > + op_64_bit = is_64_bit_hypercall(vcpu); > if (!op_64_bit) { > nr &= 0xFFFFFFFF; > a0 &= 0xFFFFFFFF; > diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h > index 521f74e5bbf2..3102caf689d2 100644 > --- a/arch/x86/kvm/x86.h > +++ b/arch/x86/kvm/x86.h > @@ -151,12 +151,24 @@ static inline bool is_64_bit_mode(struct kvm_vcpu *vcpu) > { > int cs_db, cs_l; > > + WARN_ON_ONCE(vcpu->arch.guest_state_protected); > + > if (!is_long_mode(vcpu)) > return false; > static_call(kvm_x86_get_cs_db_l_bits)(vcpu, &cs_db, &cs_l); > return cs_l; > } > > +static inline bool is_64_bit_hypercall(struct kvm_vcpu *vcpu) > +{ > + /* > + * If running with protected guest state, the CS register is not > + * accessible. The hypercall register values will have had to been > + * provided in 64-bit mode, so assume the guest is in 64-bit. > + */ > + return vcpu->arch.guest_state_protected || is_64_bit_mode(vcpu); > +} > + > static inline bool is_la57_mode(struct kvm_vcpu *vcpu) > { > #ifdef CONFIG_X86_64 > diff --git a/arch/x86/kvm/xen.c b/arch/x86/kvm/xen.c > index ae17250e1efe..c58f6369e668 100644 > --- a/arch/x86/kvm/xen.c > +++ b/arch/x86/kvm/xen.c > @@ -680,7 +680,7 @@ int kvm_xen_hypercall(struct kvm_vcpu *vcpu) > kvm_hv_hypercall_enabled(vcpu)) > return kvm_hv_hypercall(vcpu); > > - longmode = is_64_bit_mode(vcpu); > + longmode = is_64_bit_hypercall(vcpu); > if (!longmode) { > params[0] = (u32)kvm_rbx_read(vcpu); > params[1] = (u32)kvm_rcx_read(vcpu); Reviewed-by: Vitaly Kuznetsov Thanks! -- Vitaly