Received: by 2002:ab2:620c:0:b0:1ef:ffd0:ce49 with SMTP id o12csp520889lqt; Mon, 18 Mar 2024 15:12:23 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXsMysKxFTFV2eIdoygz+KSAyCn61yjXy2dZjcpc20nixrZZdvujwyihm/CebLjXP4tNaLDNq5rGoxnwNWX+EpwMGLVJDf6nMFHRwt2wA== X-Google-Smtp-Source: AGHT+IEA5LI9KKH+tL4ygpKUdOfHeRqftSvzeeYaz5/ANYRN/nfBNuCIAIcz7f3K3v81N1kvmZ1S X-Received: by 2002:ad4:59c8:0:b0:691:4c4a:54ac with SMTP id el8-20020ad459c8000000b006914c4a54acmr11402620qvb.30.1710799942866; Mon, 18 Mar 2024 15:12:22 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710799942; cv=pass; d=google.com; s=arc-20160816; b=km8AZc3+CUJH1ZaHWtK6MKDgAA9xyA2fnnv0yudNExHIR4bGqu0yhVMYgPw8XFTG5i u6ubHRkvOK1CRuV5/8ykXfC/9qfQZZDfaZNbLrgpwSkyZu4qbhRQwIFkwA6dTtXm5WJ8 wGWPzz0LBvHC+jQMTLSZOUZBp/10msYHQT1UvllAjbACb2WoA0nQinnCShG25O5tgQyc 7YBthriIvijPrxgZT4zxGxcsUixmtqj8GjbCxczzLNr3E2gVY/fkK7sQVbNRR7hOMt3U VL3qi4mM7DBwoOAV0ME4923Q86znOJp5B8PpemuzHNYXhfNnWGwCgs61TqnlSXKgxFVA KGgQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=OyCsbi8n3w9nlxB/vU9IG/7BiogA4ynph3bT+cZ/wPg=; fh=gyncgHmphy6IC7ANDB4tP2Ew/zjVGHtbHZ1oYJIcDHg=; b=zkQKK75eA0hzAZ79r34iLKsArRe7j3IHlG+/LETSOW4Tbyh9SsKg3n52NTEv6khvVt eJmSZjoYGOibfMLG1TZyoYFLh4R6CmDd60GynyerwsBxHFEL+dbBQ1I8umxILzEEDbMV Lgx/Rv9IRauRb4mv6m39haum5GEPDPv/thdoAAza8pMBGalfaH+gY3vJPGeQLoZppvK9 UtclUFo646STh5xzXmQNsTXWaD6QspQ+y/AdTvNAw9PVhX2ru72KAdfQIz7jSS9b5Xzl T7ELZXGnk1f/8VBYtxOM8NGXzTxBdGHmOl/O1pzbKt4zLnFUyk7LdqItglEJa2ysXrFJ Y1dA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ZQYea57B; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-106746-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-106746-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id jn10-20020ad45dea000000b00690dbe1aa0fsi9290458qvb.374.2024.03.18.15.12.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Mar 2024 15:12:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-106746-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ZQYea57B; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-106746-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-106746-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 9232A1C2142C for ; Mon, 18 Mar 2024 22:12:22 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 674D15C8F9; Mon, 18 Mar 2024 22:10:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="ZQYea57B" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8354159B64 for ; Mon, 18 Mar 2024 22:10:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710799813; cv=none; b=G+Rr59p97nmnkJadmR5xSkmemJtqf1TIk4vYfAgdLIn/ybQWXdwx6T4X4Y5GsHtzFN8JHIko92K+/HPbx6o7ONW+gvcOhmDLroLJ+72KP/6P4XH6Ub7NGA1CjGYQkzv11OwkLtVRTgiD4JziLNaDuxzMvgN+rUVZV/YmM9BwgJE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710799813; c=relaxed/simple; bh=jBqGxeE+IhKyoXM9zVHSpir3KZfZHpFMsiIw7rgHpZE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=FBPHb3dlXoC+lA2zFaTtOYY6Qg2pn6nIRc/BrneLmyIWP7DKcjliYXHVhdnGdL1hib9XtGzpnQQQAoRVs/qolvvSGaG0M7BDb04QLuCOFCiobb2iJTBqGR/QqkpGlNUgDgrt550ZkhdIIhtyASpBhc6a1z7OcNefE4F/NB9/Yvk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=ZQYea57B; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1710799810; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OyCsbi8n3w9nlxB/vU9IG/7BiogA4ynph3bT+cZ/wPg=; b=ZQYea57BYWnRORW+e2z/PzBZ96Z35+KPSWn9LeHyfwZ1DXfeW61iSuIXK/57FMVR6nqMXL DEg2iAeKFI/UY2uTLtbb82MsjXbCY72i9CObQrRZKgKwwsGSedvD1xNH+oivvwWfaVCC4M vPcGrK2Rlf0XZd1dCv5e/MOpD2Byk/g= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-262-nIs2tlAGOB-euepDbDHAPQ-1; Mon, 18 Mar 2024 18:10:04 -0400 X-MC-Unique: nIs2tlAGOB-euepDbDHAPQ-1 Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2F78A2800E8B; Mon, 18 Mar 2024 22:10:04 +0000 (UTC) Received: from virtlab701.virt.lab.eng.bos.redhat.com (virtlab701.virt.lab.eng.bos.redhat.com [10.19.152.228]) by smtp.corp.redhat.com (Postfix) with ESMTP id 03EC9492BC8; Mon, 18 Mar 2024 22:10:03 +0000 (UTC) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: seanjc@google.com, Ashish Kalra , stable@vger.kernel.org, Tom Lendacky Subject: [PATCH 3/7] KVM: SVM: Add support for allowing zero SEV ASIDs Date: Mon, 18 Mar 2024 18:09:58 -0400 Message-ID: <20240318221002.2712738-4-pbonzini@redhat.com> In-Reply-To: <20240318221002.2712738-1-pbonzini@redhat.com> References: <20240318221002.2712738-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.9 From: Ashish Kalra Some BIOSes allow the end user to set the minimum SEV ASID value (CPUID 0x8000001F_EDX) to be greater than the maximum number of encrypted guests, or maximum SEV ASID value (CPUID 0x8000001F_ECX) in order to dedicate all the SEV ASIDs to SEV-ES or SEV-SNP. The SEV support, as coded, does not handle the case where the minimum SEV ASID value can be greater than the maximum SEV ASID value. As a result, the following confusing message is issued: [ 30.715724] kvm_amd: SEV enabled (ASIDs 1007 - 1006) Fix the support to properly handle this case. Fixes: 916391a2d1dc ("KVM: SVM: Add support for SEV-ES capability in KVM") Suggested-by: Sean Christopherson Signed-off-by: Ashish Kalra Cc: stable@vger.kernel.org Acked-by: Tom Lendacky Link: https://lore.kernel.org/r/20240104190520.62510-1-Ashish.Kalra@amd.com Link: https://lore.kernel.org/r/20240131235609.4161407-4-seanjc@google.com Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index eeef43c795d8..5f8312edee36 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -144,10 +144,21 @@ static void sev_misc_cg_uncharge(struct kvm_sev_info *sev) static int sev_asid_new(struct kvm_sev_info *sev) { - unsigned int asid, min_asid, max_asid; + /* + * SEV-enabled guests must use asid from min_sev_asid to max_sev_asid. + * SEV-ES-enabled guest can use from 1 to min_sev_asid - 1. + * Note: min ASID can end up larger than the max if basic SEV support is + * effectively disabled by disallowing use of ASIDs for SEV guests. + */ + unsigned int min_asid = sev->es_active ? 1 : min_sev_asid; + unsigned int max_asid = sev->es_active ? min_sev_asid - 1 : max_sev_asid; + unsigned int asid; bool retry = true; int ret; + if (min_asid > max_asid) + return -ENOTTY; + WARN_ON(sev->misc_cg); sev->misc_cg = get_current_misc_cg(); ret = sev_misc_cg_try_charge(sev); @@ -159,12 +170,6 @@ static int sev_asid_new(struct kvm_sev_info *sev) mutex_lock(&sev_bitmap_lock); - /* - * SEV-enabled guests must use asid from min_sev_asid to max_sev_asid. - * SEV-ES-enabled guest can use from 1 to min_sev_asid - 1. - */ - min_asid = sev->es_active ? 1 : min_sev_asid; - max_asid = sev->es_active ? min_sev_asid - 1 : max_sev_asid; again: asid = find_next_zero_bit(sev_asid_bitmap, max_asid + 1, min_asid); if (asid > max_asid) { @@ -2234,8 +2239,10 @@ void __init sev_hardware_setup(void) goto out; } - sev_asid_count = max_sev_asid - min_sev_asid + 1; - WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV, sev_asid_count)); + if (min_sev_asid <= max_sev_asid) { + sev_asid_count = max_sev_asid - min_sev_asid + 1; + WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV, sev_asid_count)); + } sev_supported = true; /* SEV-ES support requested? */ @@ -2266,7 +2273,9 @@ void __init sev_hardware_setup(void) out: if (boot_cpu_has(X86_FEATURE_SEV)) pr_info("SEV %s (ASIDs %u - %u)\n", - sev_supported ? "enabled" : "disabled", + sev_supported ? min_sev_asid <= max_sev_asid ? "enabled" : + "unusable" : + "disabled", min_sev_asid, max_sev_asid); if (boot_cpu_has(X86_FEATURE_SEV_ES)) pr_info("SEV-ES %s (ASIDs %u - %u)\n", -- 2.43.0