Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp3778453pxb;
        Mon, 4 Oct 2021 09:23:39 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwhCg8FnJ/Y1+HRnG03MS87zD5JhgRztABbun+vcASwVJxAo8/Whj7s/dSs3scv7KdUoQ5J
X-Received: by 2002:a17:906:66d5:: with SMTP id k21mr17480033ejp.487.1633364618931;
        Mon, 04 Oct 2021 09:23:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1633364618; cv=none;
        d=google.com; s=arc-20160816;
        b=hRyWWquIMZlrTLeTnxJg1Qo7D+MUR+kobITr5heBtbTD64ygy+D2kRdah+5V9jfrP1
         rdP3mKIg34M/MlYHBrKlVHRn8ul2w4iR+huPq7z7GjQd6Oatf9+KOX9O+oHzYnm262nz
         hSP9GwMD78bfZttywLE4xH5v2nVIDKPLvYpfJ5X7j/7R40HCKzG4LEqNchn0Cx7Gei3f
         AMFnm5/DOP6EgKxjfPKj2sRP5RIyE0aVAiqb4EUx3pHotsMsymUQKf0jhW13Aomtxsx9
         YcI1gxCpdcbSdUIi1OT5E5uq4QlnBM/xykxYJWvOmPLhJrauw4ckJKjLyazL3ZvQR/iR
         Sy+w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=miUNX/J0jMk1g/rHg/udf/EXee3S88hk69DGusL2YpA=;
        b=eJCXDIc+eU85Z37vUmhfZZluvXj8tTaB+wGfdf5Zxd8iQtPJ9hrm9biys5TFJ/e7+0
         6vKcTnXazz7qtyshQlunhRhpAmF2/FKMoYLy2TCa//YqGVHmXPFDOV/fs6xnL2IaUxNs
         xWgkMBsxGWevVsCRcpBYWrUcmX3kaNXweFT2/zcqmJnqLD6Nq7LBq7s8gEfwP8cvJ4Sb
         D8QsV90m3w6oHnbmHxN8b72e9nuE9SInysA0hUA6m01gmERBtSRfyZvc4fHc+ZMsvhxg
         gBCbZCK5ckKr+Q0VXbylykVeAQXddOwHX+3CcZTa8udPzW0+KMBsT10qeLD6x3Md4c/S
         hZBQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=mUXqn+Zl;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id e1si19439898ejm.383.2021.10.04.09.23.13;
        Mon, 04 Oct 2021 09:23:38 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=mUXqn+Zl;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S237351AbhJDNeJ (ORCPT <rfc822;lucas.de.marchi@gmail.com>
        + 99 others); Mon, 4 Oct 2021 09:34:09 -0400
Received: from mail.kernel.org ([198.145.29.99]:47478 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S237185AbhJDNbu (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Oct 2021 09:31:50 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 6CB2F61BA2;
        Mon,  4 Oct 2021 13:14:21 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1633353261;
        bh=fgpLNK0QJX5G7bMV1QQIBI+1zCB4DxuGWwDN6fjnozQ=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=mUXqn+ZlYge3ioQAKKhiUpZof36dvazghLsJXbVaN0r3cG6PxPRrhedUdvVvZNEnw
         1NvVTn5R+bOEUQtjiWFBLhXhEt/QVtYhOSrbQD7hT1RWMjiwLbGQg2cPO/TzqjNxPU
         eQhZm+mLitUaFcDPZXIFMktrlFvANMOCyfselwPk=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Peter Gonda <pgonda@google.com>,
        Marc Orr <marcorr@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Sean Christopherson <seanjc@google.com>,
        Brijesh Singh <brijesh.singh@amd.com>, kvm@vger.kernel.org
Subject: [PATCH 5.14 057/172] KVM: SEV: Acquire vcpu mutex when updating VMSA
Date:   Mon,  4 Oct 2021 14:51:47 +0200
Message-Id: <20211004125046.837857428@linuxfoundation.org>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20211004125044.945314266@linuxfoundation.org>
References: <20211004125044.945314266@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Peter Gonda <pgonda@google.com>

commit bb18a677746543e7f5eeb478129c92cedb0f9658 upstream.

The update-VMSA ioctl touches data stored in struct kvm_vcpu, and
therefore should not be performed concurrently with any VCPU ioctl
that might cause KVM or the processor to use the same data.

Adds vcpu mutex guard to the VMSA updating code. Refactors out
__sev_launch_update_vmsa() function to deal with per vCPU parts
of sev_launch_update_vmsa().

Fixes: ad73109ae7ec ("KVM: SVM: Provide support to launch and run an SEV-ES guest")
Signed-off-by: Peter Gonda <pgonda@google.com>
Cc: Marc Orr <marcorr@google.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Sean Christopherson <seanjc@google.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: kvm@vger.kernel.org
Cc: stable@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Message-Id: <20210915171755.3773766-1-pgonda@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/kvm/svm/sev.c |   53 +++++++++++++++++++++++++++----------------------
 1 file changed, 30 insertions(+), 23 deletions(-)

--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -596,43 +596,50 @@ static int sev_es_sync_vmsa(struct vcpu_
 	return 0;
 }
 
-static int sev_launch_update_vmsa(struct kvm *kvm, struct kvm_sev_cmd *argp)
+static int __sev_launch_update_vmsa(struct kvm *kvm, struct kvm_vcpu *vcpu,
+				    int *error)
 {
-	struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
 	struct sev_data_launch_update_vmsa vmsa;
+	struct vcpu_svm *svm = to_svm(vcpu);
+	int ret;
+
+	/* Perform some pre-encryption checks against the VMSA */
+	ret = sev_es_sync_vmsa(svm);
+	if (ret)
+		return ret;
+
+	/*
+	 * The LAUNCH_UPDATE_VMSA command will perform in-place encryption of
+	 * the VMSA memory content (i.e it will write the same memory region
+	 * with the guest's key), so invalidate it first.
+	 */
+	clflush_cache_range(svm->vmsa, PAGE_SIZE);
+
+	vmsa.reserved = 0;
+	vmsa.handle = to_kvm_svm(kvm)->sev_info.handle;
+	vmsa.address = __sme_pa(svm->vmsa);
+	vmsa.len = PAGE_SIZE;
+	return sev_issue_cmd(kvm, SEV_CMD_LAUNCH_UPDATE_VMSA, &vmsa, error);
+}
+
+static int sev_launch_update_vmsa(struct kvm *kvm, struct kvm_sev_cmd *argp)
+{
 	struct kvm_vcpu *vcpu;
 	int i, ret;
 
 	if (!sev_es_guest(kvm))
 		return -ENOTTY;
 
-	vmsa.reserved = 0;
-
 	kvm_for_each_vcpu(i, vcpu, kvm) {
-		struct vcpu_svm *svm = to_svm(vcpu);
-
-		/* Perform some pre-encryption checks against the VMSA */
-		ret = sev_es_sync_vmsa(svm);
+		ret = mutex_lock_killable(&vcpu->mutex);
 		if (ret)
 			return ret;
 
-		/*
-		 * The LAUNCH_UPDATE_VMSA command will perform in-place
-		 * encryption of the VMSA memory content (i.e it will write
-		 * the same memory region with the guest's key), so invalidate
-		 * it first.
-		 */
-		clflush_cache_range(svm->vmsa, PAGE_SIZE);
-
-		vmsa.handle = sev->handle;
-		vmsa.address = __sme_pa(svm->vmsa);
-		vmsa.len = PAGE_SIZE;
-		ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_UPDATE_VMSA, &vmsa,
-				    &argp->error);
+		ret = __sev_launch_update_vmsa(kvm, vcpu, &argp->error);
+
+		mutex_unlock(&vcpu->mutex);
 		if (ret)
 			return ret;
-
-		svm->vcpu.arch.guest_state_protected = true;
 	}
 
 	return 0;