Received: by 2002:a05:7412:d1aa:b0:fc:a2b0:25d7 with SMTP id ba42csp1999562rdb; Wed, 31 Jan 2024 16:26:39 -0800 (PST) X-Google-Smtp-Source: AGHT+IH5APF413/+WrP2VaIuirM3z/gs1PZW4ZMRcSuL8sie3/dc7iM45QNS5K6Wm6hSSeSb1Teq X-Received: by 2002:a17:902:f683:b0:1d9:3b9e:dc08 with SMTP id l3-20020a170902f68300b001d93b9edc08mr2854462plg.20.1706747199704; Wed, 31 Jan 2024 16:26:39 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706747199; cv=pass; d=google.com; s=arc-20160816; b=uWnIA6wt55CZHsurW0rp74VrL4yvx9R1bUly3bF3nUifPa64kRCtB2uO4DH0UBOa+D Kfjr+mM+p/EYul+9ZppEYcUI0z9LQfJ+z6zYPl5gSukC7R5HiCaUwlfneS5xJnyoRg4l 0XwHGRjET+LuUcsYpIkbYKXJLRVk7syMF77lLRlAZXaZ4y6/o3RzL0gdS9k18rq7RvZt g2ItneTuTuRUBlehkYakBTumfJ4zlbVbK4I6DFRkdn6lPHHupJj2jdRg7T8OakKiMvg6 AXfP0GiGbmFJeicT2nbqxf7hPgriR90o/J5bavBa5aSO/g5tM/k40uBcy3+GqwPWo2ro ZHMA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :reply-to:dkim-signature; bh=/WObf82Vf/Y5MR7jXp0Gt7NYNHTt/4hLoEW6luDmRxk=; fh=Vm1S3pR1nV7gWaQ3fWOQ0Dw602vzFfslJe/5PV3c3Ss=; b=0OFk/anFz2QUdE0+JC13J2CcbHxVFS2g5B4futwqIcqltu67s7XRdcOoz+1vtJonE1 fNwZ8iHSCqEnN8U1EnasO5fNjECyrD2gqkPIYy+Ub4JwdVfKrjRrgyeZ1/fAIqcUYFpb Do59OtzwsC2G+zS0L2vuyhgCbQm8GXRt9Tkmqd6mzocYAp793bMQsoSEEcjl8qMelPEm RijKrCQrUDtlKXa2Wjw+8unGE575hC/A99smy86RACTY6rGZAyA4qeF9WRKYLnnd7GYq sLflk1i7vKMs5dd4R3qQsXv7jxorD2/OpRK+jq9XKgueRJa1+f0hW7CnN75gFsE7Tn21 MskQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=sahZiboW; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-47401-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-47401-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com X-Forwarded-Encrypted: i=1; AJvYcCV83yfTxui5gBpMkGdASTAOYRv8wH1OnoFv58xOlNKTmMcJMXwJ0wbNLEt+pF2qEO6gPG2eW0Alws26aOvvSlOfcKlV0r6ikX65bY39HQ== Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id p13-20020a1709028a8d00b001d939b2a496si1579034plo.435.2024.01.31.16.26.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Jan 2024 16:26:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-47401-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=sahZiboW; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-47401-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-47401-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 871A1B2D8BE for ; Wed, 31 Jan 2024 23:57:33 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B4BB73EA6B; Wed, 31 Jan 2024 23:56:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="sahZiboW" Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 41F083AC34 for ; Wed, 31 Jan 2024 23:56:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706745379; cv=none; b=GEfr3aHvhSG7D1JWvqsQqINZLU3M8aAVbNtS0T7RtXpes2Jr9glFGmvx02yW7kJslsdcRUsiGXt8EVPSe/vXigYju91oE1DV5VpgWQEihER597CEZwdf2LqLACFjyJ9hwZ/3I3oxu6/6oUakceRP7GMVsrU0o1NsWKdvZzyIoHk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706745379; c=relaxed/simple; bh=D1nog3XCAS5QFsKZW5HVf+ENkuPBa0MU2IJSYf8wk+o=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ZXcFHfbmHODjjZOi8juaeSF/9EXhrm5fMGi6CRvG5DWTltTij9mchDKkMDnBmKZo6XFhkj01iK3GuN4fu4mRu/S/qE9f4RTjnfJQJj6ebmBfx9AE/JPTwCWc3v9/OtZXazQT7p4eOTkpiuS5SZAjFnRaKTFXaZDHnj9JrPO99PI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=sahZiboW; arc=none smtp.client-ip=209.85.215.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-pg1-f201.google.com with SMTP id 41be03b00d2f7-5d63c7c4248so1295438a12.0 for ; Wed, 31 Jan 2024 15:56:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1706745377; x=1707350177; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=/WObf82Vf/Y5MR7jXp0Gt7NYNHTt/4hLoEW6luDmRxk=; b=sahZiboWzyFipkcxsmrChqjVG6r4CmV41tCxJfv66ChItU88vt2YhWaAf3BEfazat/ ks33WPMLlJcvZ+7xrnd3VxpkmT3n2hyNPBe3Ze0oYDuLB0NLqgxD3Bva/ke1oSUpl5G5 KjyVltb07236dh33TY80r3vr1ygh0JKOAIPaKW1Ear7X+qIjzVEWpKMJrmo6POaxlGyG vYLPzGygHwJayxw5nMLaPq9bI02ODUrkai9Sz8GJm4BZxcL8x8A6IT/1VPxrLrJWNq20 56pun4w47b6HnckQE7LytsdHAS6HzwPvAdKP48oTs8b8sGTpf04mCHh/HSoSxwNHIlrG 0gvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706745377; x=1707350177; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/WObf82Vf/Y5MR7jXp0Gt7NYNHTt/4hLoEW6luDmRxk=; b=HUnDBD3pVPB8vBQkWr8PNA0rkUj3LOPWkE+YJI5HjWA9xY0l3ib/sWTl5ludDCjLg2 jZDOsbyp/MwzNSzhO8KbT3ppKhMF3KAEJzdCUGZ+9xa4IIvL7x59YDRxkEHRUu6bLh1g tNTVz47OJpaliO4gOHrQJvTGuUnQQEyy9iZnLTx1d42xvYNdftLisVdzsGQVH5fgLUjT sUZLNvk/Bas5GCU1Zs7FldBpLvIf9SrhEXhPmS5W6FUfgSGpK7XtCiZkKHPbmwefuL2F cXM9UF9XpPGpemgeuHmxhlzYTw+ObW5wRa16sGjjbxPPeqC4QgF3yR8273Y8iXM2w0hT kELA== X-Gm-Message-State: AOJu0YzzI3/ztfzxHKl8yoCMM/dqE/n8wE/01mwDK7GV6YgdXo8v5Bxg 2Dijgsw2goRx3QOpUk1saQKBkcXkEfULLfYZ8a5042henc7oYK79Fc8U4MVaYMMFFGgsTR5pEMC sRg== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:90a:2bc8:b0:295:6834:b941 with SMTP id n8-20020a17090a2bc800b002956834b941mr45398pje.1.1706745377422; Wed, 31 Jan 2024 15:56:17 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 31 Jan 2024 15:56:08 -0800 In-Reply-To: <20240131235609.4161407-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240131235609.4161407-1-seanjc@google.com> X-Mailer: git-send-email 2.43.0.429.g432eaa2c6b-goog Message-ID: <20240131235609.4161407-4-seanjc@google.com> Subject: [PATCH v4 3/4] KVM: SVM: Add support for allowing zero SEV ASIDs From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Ashish Kalra , Tom Lendacky Content-Type: text/plain; charset="UTF-8" From: Ashish Kalra Some BIOSes allow the end user to set the minimum SEV ASID value (CPUID 0x8000001F_EDX) to be greater than the maximum number of encrypted guests, or maximum SEV ASID value (CPUID 0x8000001F_ECX) in order to dedicate all the SEV ASIDs to SEV-ES or SEV-SNP. The SEV support, as coded, does not handle the case where the minimum SEV ASID value can be greater than the maximum SEV ASID value. As a result, the following confusing message is issued: [ 30.715724] kvm_amd: SEV enabled (ASIDs 1007 - 1006) Fix the support to properly handle this case. Fixes: 916391a2d1dc ("KVM: SVM: Add support for SEV-ES capability in KVM") Suggested-by: Sean Christopherson Signed-off-by: Ashish Kalra Cc: stable@vger.kernel.org Acked-by: Tom Lendacky Link: https://lore.kernel.org/r/20240104190520.62510-1-Ashish.Kalra@amd.com Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 04c4c14473fd..38e40fbc7ea0 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -144,10 +144,21 @@ static void sev_misc_cg_uncharge(struct kvm_sev_info *sev) static int sev_asid_new(struct kvm_sev_info *sev) { - unsigned int asid, min_asid, max_asid; + /* + * SEV-enabled guests must use asid from min_sev_asid to max_sev_asid. + * SEV-ES-enabled guest can use from 1 to min_sev_asid - 1. + * Note: min ASID can end up larger than the max if basic SEV support is + * effectively disabled by disallowing use of ASIDs for SEV guests. + */ + unsigned int min_asid = sev->es_active ? 1 : min_sev_asid; + unsigned int max_asid = sev->es_active ? min_sev_asid - 1 : max_sev_asid; + unsigned int asid; bool retry = true; int ret; + if (min_asid > max_asid) + return -ENOTTY; + WARN_ON(sev->misc_cg); sev->misc_cg = get_current_misc_cg(); ret = sev_misc_cg_try_charge(sev); @@ -159,12 +170,6 @@ static int sev_asid_new(struct kvm_sev_info *sev) mutex_lock(&sev_bitmap_lock); - /* - * SEV-enabled guests must use asid from min_sev_asid to max_sev_asid. - * SEV-ES-enabled guest can use from 1 to min_sev_asid - 1. - */ - min_asid = sev->es_active ? 1 : min_sev_asid; - max_asid = sev->es_active ? min_sev_asid - 1 : max_sev_asid; again: asid = find_next_zero_bit(sev_asid_bitmap, max_asid + 1, min_asid); if (asid > max_asid) { @@ -2234,8 +2239,10 @@ void __init sev_hardware_setup(void) goto out; } - sev_asid_count = max_sev_asid - min_sev_asid + 1; - WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV, sev_asid_count)); + if (min_sev_asid <= max_sev_asid) { + sev_asid_count = max_sev_asid - min_sev_asid + 1; + WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV, sev_asid_count)); + } sev_supported = true; /* SEV-ES support requested? */ @@ -2266,7 +2273,9 @@ void __init sev_hardware_setup(void) out: if (boot_cpu_has(X86_FEATURE_SEV)) pr_info("SEV %s (ASIDs %u - %u)\n", - sev_supported ? "enabled" : "disabled", + sev_supported ? min_sev_asid <= max_sev_asid ? "enabled" : + "unusable" : + "disabled", min_sev_asid, max_sev_asid); if (boot_cpu_has(X86_FEATURE_SEV_ES)) pr_info("SEV-ES %s (ASIDs %u - %u)\n", -- 2.43.0.429.g432eaa2c6b-goog