Received: by 2002:ab2:3141:0:b0:1ed:23cc:44d1 with SMTP id i1csp1921157lqg; Mon, 4 Mar 2024 07:42:50 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUyR4P+12e+mZ50BczNAHaDLSM8sjxEoCfwpTCKxK3rU+rAG62vEkFXC7QSi1zPufd7JJFDSP/oqGgSYZ0/9E/suCAH5h+Dh+djJg7eeA== X-Google-Smtp-Source: AGHT+IFAZ0Dl6sUKDIzlNR6JK0hGtwgW3GzmSMdQ1ftutZcNVzA2MEojI/RtyojZ8joqdqOLi8hD X-Received: by 2002:a17:906:80c5:b0:a45:2090:f8d2 with SMTP id a5-20020a17090680c500b00a452090f8d2mr1139902ejx.63.1709566970319; Mon, 04 Mar 2024 07:42:50 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709566970; cv=pass; d=google.com; s=arc-20160816; b=F0TQgOI9r4kJidjZSUTkhwDVTnTU1Gyqf5Vmla2EL2o37YrAUVNbY5KkUmOtDrZ0xO vuz/stXbMODBgFdumjlnCEbiWSrEe8g4f2Z2Gg4aNBeQTcSWkxvZJPF0MOuzU7jlHmwF 2w2elUJOvlYTfmrwrtoVIwkMePQZL9nB14ZWlaZGh4KQOQoct6YttQPNCDWZi9OtwMBY /L9RPLmuGyAKoonP7V7ecGzoKH79rCkRQRoUoy5k0A0zeKNF1dUuJwKLjra1VWl5von6 ntlQ8uHHBOvCXyw7NlDKUXPrV33ataL/ILxyI2zrfPbAhW2jLOch7jRqU0C+4IBXNTPb Z5UA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=iT/WEaQRC7y1/WhpX3fXttb2ZD5PkXnVeSNsUkdvzQw=; fh=F47Ybu+UOx/E0FNkzSd3HKot3TWBjf0z/zMpLphV8ZE=; b=dg8XpYWDHF4N1kF3qA5M1Ef/ablQEykGDMHRV+evKtJq5dA0nX/rTFN8vxLPXgb0Q2 enZISMpPUCak5siX0kvUxkkzrD4DdQPoGFdeSWpzMUKG05/wXwhja28PGTZQ2nwyyrf9 XHJTLzfV8iFaxXYzcFTj/+y0MEGWSPXMBZRy2+aiz95zUaKTvDCXWXGmya6ygNTDhO/r j/vgDcZJcGz1NR5bP43ZgHmxXKEbo8ocXujlfnDkXgBue1rhtOVCMljUs7hVRiOicKNr 8aQ/JT1KuqCSfjA8cOrVhXQriZTx3tJ7bcx+MxdnJlhQWUN+IXDsmd/VATowy1rywo9t gJqg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=hPlg1T59; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-90859-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-90859-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id he44-20020a1709073dac00b00a434f26a7adsi4074785ejc.868.2024.03.04.07.42.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 07:42:50 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-90859-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=hPlg1T59; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-90859-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-90859-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 9F59A1F2599E for ; Mon, 4 Mar 2024 15:42:49 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E700D4C618; Mon, 4 Mar 2024 15:37:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="hPlg1T59" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 433454AED8; Mon, 4 Mar 2024 15:37:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.15 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709566634; cv=none; b=dIxwWWPN4Li0p8ze91ug6wVNfenKtGMZynskOF8Iwb66cu6MarbQ872v1H3lkjmIgd64M+totG6qzseXBWYu/7RkQ9TWG9/FVzBSfn8McEY2vQ+KMvrfQirnL+NXQcHmBNC3vP2t9JCvz9x2B9P5wRqXdZ3AYQ/rgdp+GYhaOPs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709566634; c=relaxed/simple; bh=9anreWHQNMx10cgfgXgGcoJZXQbgks6wNmEebSnD0Wo=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=GyC3HUc+YF7SxiwlCZcaBZdc7chjTsuLsyJyyXnaUoc/2dHPG0+oRgQt8vnIayW6GId8+P72r3SJmg72B7O4dbAcAfat14/KHJiwB0j8olyr7TEaOPfD5dG6XhJSMEJVrFK83vAlohk6YuKkdzOrQbEg/VLZkOZqkr8c14sPReg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=hPlg1T59; arc=none smtp.client-ip=198.175.65.15 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1709566632; x=1741102632; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=9anreWHQNMx10cgfgXgGcoJZXQbgks6wNmEebSnD0Wo=; b=hPlg1T59zLRRoMkC4BdwNhK6KEYcZoZmqe+Hs0T1xgPQqJkp73ybPjy2 3gNFhro0vQsDBDNtE/twuTcL559l0SrhUcyxGbE+TrMs0JvTSdOmgUUnK MjKYiLdn7mDEUSKxxXrFD79B9AqBTOf/RzpQ17N1wi/9Fbf+HoBv5kwQn mH0mH+C6izAhBvp2SZVeAg902s8wtKM/8G5PLs/DxVAVIDKSfoWuFpTOz ffzhloXvI4kbm4erJTRegSIuOhn8rvRTbBDLji1a3x6pODVtj5C82PeYN HKeKTk0gd/M7k6IsXT7fK/gVjs/+VrjS2sI0ouze71VQqpKFbdbh38+Bu w==; X-IronPort-AV: E=McAfee;i="6600,9927,11002"; a="7878152" X-IronPort-AV: E=Sophos;i="6.06,203,1705392000"; d="scan'208";a="7878152" Received: from fmviesa002.fm.intel.com ([10.60.135.142]) by orvoesa107.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Mar 2024 07:37:11 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.06,203,1705392000"; d="scan'208";a="32199049" Received: from yilunxu-optiplex-7050.sh.intel.com (HELO localhost) ([10.239.159.165]) by fmviesa002.fm.intel.com with ESMTP; 04 Mar 2024 07:37:09 -0800 Date: Mon, 4 Mar 2024 23:32:57 +0800 From: Xu Yilun To: Paolo Bonzini Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, seanjc@google.com, michael.roth@amd.com, aik@amd.com Subject: Re: [PATCH v3 13/15] KVM: SEV: define VM types for SEV and SEV-ES Message-ID: References: <20240226190344.787149-1-pbonzini@redhat.com> <20240226190344.787149-14-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240226190344.787149-14-pbonzini@redhat.com> On Mon, Feb 26, 2024 at 02:03:42PM -0500, Paolo Bonzini wrote: > Signed-off-by: Paolo Bonzini > --- > Documentation/virt/kvm/api.rst | 2 ++ > arch/x86/include/uapi/asm/kvm.h | 2 ++ > arch/x86/kvm/svm/sev.c | 16 +++++++++++++--- > arch/x86/kvm/svm/svm.c | 7 +++++++ > arch/x86/kvm/svm/svm.h | 1 + > arch/x86/kvm/x86.c | 2 ++ > 6 files changed, 27 insertions(+), 3 deletions(-) > > diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst > index 0b5a33ee71ee..f0b76ff5030d 100644 > --- a/Documentation/virt/kvm/api.rst > +++ b/Documentation/virt/kvm/api.rst > @@ -8819,6 +8819,8 @@ means the VM type with value @n is supported. Possible values of @n are:: > > #define KVM_X86_DEFAULT_VM 0 > #define KVM_X86_SW_PROTECTED_VM 1 > + #define KVM_X86_SEV_VM 2 > + #define KVM_X86_SEV_ES_VM 3 > > Note, KVM_X86_SW_PROTECTED_VM is currently only for development and testing. > Do not use KVM_X86_SW_PROTECTED_VM for "real" VMs, and especially not in > diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h > index d0c1b459f7e9..9d950b0b64c9 100644 > --- a/arch/x86/include/uapi/asm/kvm.h > +++ b/arch/x86/include/uapi/asm/kvm.h > @@ -857,5 +857,7 @@ struct kvm_hyperv_eventfd { > > #define KVM_X86_DEFAULT_VM 0 > #define KVM_X86_SW_PROTECTED_VM 1 > +#define KVM_X86_SEV_VM 2 > +#define KVM_X86_SEV_ES_VM 3 > > #endif /* _ASM_X86_KVM_H */ > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c > index 2549a539a686..1248ccf433e8 100644 > --- a/arch/x86/kvm/svm/sev.c > +++ b/arch/x86/kvm/svm/sev.c > @@ -247,6 +247,9 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) > if (kvm->created_vcpus) > return -EINVAL; > > + if (kvm->arch.vm_type != KVM_X86_DEFAULT_VM) ^ IIUC it should be KVM_X86_SEV_VM? > + return -EINVAL; > + > if (unlikely(sev->active)) > return -EINVAL; > > @@ -264,6 +267,7 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) > > INIT_LIST_HEAD(&sev->regions_list); > INIT_LIST_HEAD(&sev->mirror_vms); > + sev->need_init = false; > > kvm_set_apicv_inhibit(kvm, APICV_INHIBIT_REASON_SEV); > > @@ -1799,7 +1803,8 @@ int sev_vm_move_enc_context_from(struct kvm *kvm, unsigned int source_fd) > if (ret) > goto out_fput; > > - if (sev_guest(kvm) || !sev_guest(source_kvm)) { > + if (kvm->arch.vm_type != source_kvm->arch.vm_type || > + sev_guest(kvm) || !sev_guest(source_kvm)) { > ret = -EINVAL; > goto out_unlock; > } > @@ -2118,6 +2123,7 @@ int sev_vm_copy_enc_context_from(struct kvm *kvm, unsigned int source_fd) > mirror_sev->asid = source_sev->asid; > mirror_sev->fd = source_sev->fd; > mirror_sev->es_active = source_sev->es_active; > + mirror_sev->need_init = false; > mirror_sev->handle = source_sev->handle; > INIT_LIST_HEAD(&mirror_sev->regions_list); > INIT_LIST_HEAD(&mirror_sev->mirror_vms); > @@ -2183,10 +2189,14 @@ void sev_vm_destroy(struct kvm *kvm) > > void __init sev_set_cpu_caps(void) > { > - if (sev_enabled) > + if (sev_enabled) { > kvm_cpu_cap_set(X86_FEATURE_SEV); > - if (sev_es_enabled) > + kvm_caps.supported_vm_types |= BIT(KVM_X86_SEV_VM); > + } > + if (sev_es_enabled) { > kvm_cpu_cap_set(X86_FEATURE_SEV_ES); > + kvm_caps.supported_vm_types |= BIT(KVM_X86_SEV_ES_VM); > + } > } > > void __init sev_hardware_setup(void) > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c > index 1cf9e5f1fd02..f4a750426b24 100644 > --- a/arch/x86/kvm/svm/svm.c > +++ b/arch/x86/kvm/svm/svm.c > @@ -4089,6 +4089,9 @@ static void svm_cancel_injection(struct kvm_vcpu *vcpu) > > static int svm_vcpu_pre_run(struct kvm_vcpu *vcpu) > { > + if (to_kvm_sev_info(vcpu->kvm)->need_init) > + return -EINVAL; > + > return 1; > } > > @@ -4890,6 +4893,10 @@ static void svm_vm_destroy(struct kvm *kvm) > > static int svm_vm_init(struct kvm *kvm) > { > + if (kvm->arch.vm_type != KVM_X86_DEFAULT_VM && > + kvm->arch.vm_type != KVM_X86_SW_PROTECTED_VM) > + to_kvm_sev_info(kvm)->need_init = true; > + > if (!pause_filter_count || !pause_filter_thresh) > kvm->arch.pause_in_guest = true; > > diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h > index ebf2160bf0c6..7a921acc534f 100644 > --- a/arch/x86/kvm/svm/svm.h > +++ b/arch/x86/kvm/svm/svm.h > @@ -79,6 +79,7 @@ enum { > struct kvm_sev_info { > bool active; /* SEV enabled guest */ > bool es_active; /* SEV-ES enabled guest */ > + bool need_init; /* waiting for SEV_INIT2 */ > unsigned int asid; /* ASID used for this guest */ > unsigned int handle; /* SEV firmware handle */ > int fd; /* SEV device fd */ > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index 3b87e65904ae..b9dfe3179332 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -12576,6 +12576,8 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type) > kvm->arch.vm_type = type; > kvm->arch.has_private_mem = > (type == KVM_X86_SW_PROTECTED_VM); > + kvm->arch.has_protected_state = > + (type == KVM_X86_SEV_ES_VM); > > ret = kvm_page_track_init(kvm); > if (ret) > -- > 2.39.1 > > >