Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp817414pxb; Thu, 23 Sep 2021 11:09:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzdzV/Se5fQYqlj6NobjWQmuKCe6SUDe7+e6v7vCQj+k8z+T1fxtry+7PD6sK1NVMmnUFuD X-Received: by 2002:a17:906:bfe7:: with SMTP id vr7mr6544815ejb.32.1632420598656; Thu, 23 Sep 2021 11:09:58 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1632420598; cv=pass; d=google.com; s=arc-20160816; b=Sno3aC6whG8GMXQPpvpYHkfJ+zbSqsdrAtcrtydH7bx5ccHIrq8pvQGu+DwjSr6brW qqOp6BVsOtGIFfI24hBHEdAUqbaPmRGlsLh5iLTfug0YVCCNb2Pw6qpiXdK0ryOIhFPQ d3Vm3+XHSNxIXQ3h/jAgRy7P09+RJ9l2eiBnmJ8L/fvF4uuw9JLEcLpsW0xWSJSs+4m6 rXxJmXU/2mI05npUgesN8UaTdfqYpHOZLC0lN3qrgwdppnfccuY64EckReqy7qXilgav we9aAldpvWJd3stF1B2WItCkF6ApTcaGcCOxl4CQQm59Tcshu61QR2tOjSyrkyCL1ZUi ttgA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-language :content-transfer-encoding:in-reply-to:user-agent:date:message-id :from:references:cc:to:subject:dkim-signature; bh=ELP1PD0whEr5H4gWthwl7cWNk3DL4Gbn1h0gGj2XxF8=; b=jO6HEFw1HvJGI2Wl2PsAFnLyhlRIBBeRFrw620JK0/xciRrM9hqPMcqM7VQIiVy1S/ qiM0LEJjWb6A3+bMTKlABW6y9WZhKPG0GMji4SMoL4znFDwjpYiBjdn8peV3jaI2k4u1 MSMrEbcPbBEjt9qnH3O3k8DQ1FLY6WIyWPpvYEVUrm0bab1IHLdQhIV8Ctbitv2KyQgV YIf9pZJVCOvLEEcGxaQKmXoGrGQfwN1GeRd/7N8PpTzgdU2QCY2neASvlDXozxwo2dGt Mf71V83P966X8jeS+NVEnJNeER5XOGaA1pLzO/mEUKOxjd8D+IuHntcu1rWdQQK+v1oc Ge1g== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=bKGsJwm0; arc=pass (i=1 spf=pass spfdomain=amd.com dkim=pass dkdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r8si6399901edb.185.2021.09.23.11.09.32; Thu, 23 Sep 2021 11:09:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=bKGsJwm0; arc=pass (i=1 spf=pass spfdomain=amd.com dkim=pass dkdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242639AbhIWSLB (ORCPT + 99 others); Thu, 23 Sep 2021 14:11:01 -0400 Received: from mail-bn8nam12on2070.outbound.protection.outlook.com ([40.107.237.70]:40129 "EHLO NAM12-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S242152AbhIWSLB (ORCPT ); Thu, 23 Sep 2021 14:11:01 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AO5z0vxnkjqn4rd4DbhBReJ/Ycp5gjWNmHFcJzMyYHZxamLSljui9j1PZz2Hj2Vdw0QVHVcDmCWyqMR76FBRd1c5LMZ+j3H8tihxIoFVOHmTYH8N3OwY0iEOuGFqc+b02adlYtjmBQ/uoqnVbSlv1crbJg2mcWFD8GtXM4HlcwTYzbUGdcEMiTPTDOgeOwSz4B5Rppf94myskMQ0CW+522u+8NguYkFyUschG5jIObEK2AxVzYqq5ov9X737iuVJmdKMyJBslBk0UagtR7amiBsAOGCXKxdJwt+SJn4BcqanmKur35sNj3naB/RkZ/nIaw5nm0Efj4t0BBgLiCxOTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ELP1PD0whEr5H4gWthwl7cWNk3DL4Gbn1h0gGj2XxF8=; b=FcSeMOGS37JuStNjJfFFAYbCVv4iShQOeqFNU2fK0Q20IgdcQOMw0D3epnvfuXmcY/Gbvtj9eFQkH8qV/Okyi2wPLFty2PiVANY5x9guLgVZfW//NK4ds8VUQp7Tu299R2P5kXKRC5NVRAKQg7PDgw0CtVAIWe86i90MWTFvpe3LR1PcQcTfU01DvhSR4HLtMhp1y+JuKkfcsA2sZwr3UVfzUAPN2LqAh+/1ZGPx+tP0WAsnDGIbsXejB19teBuKLQxZ91JQLgw/ivZ/qF4OUZ/ioW34lZSNFhwwvUeqDFKVKFjOp+i02Jo2ZG4oiDRGVFSCzlbYgh3TSOeFjoJIDg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ELP1PD0whEr5H4gWthwl7cWNk3DL4Gbn1h0gGj2XxF8=; b=bKGsJwm0c6mUS5hpu6SPHMy2P96Ooa9K2osuXTgbdS0nprd5jALZLg+DYVQCHigTl8uG2wcNxLZKa6Z9qKC1LUB0AekJF0p5JB3aKE8+B8eI3gcigxnpdUIzgXE3Pv1cs8vsHo7wOUyypSeU2vD9xePHsonQNTzRKAtH5GWnblM= Authentication-Results: linux.intel.com; dkim=none (message not signed) header.d=none;linux.intel.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4510.namprd12.prod.outlook.com (2603:10b6:806:94::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.15; Thu, 23 Sep 2021 18:09:26 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4523.022; Thu, 23 Sep 2021 18:09:26 +0000 Subject: Re: [PATCH Part2 v5 21/45] KVM: SVM: Make AVIC backing, VMSA and VMCB memory allocation SNP safe To: "Dr. David Alan Gilbert" Cc: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com References: <20210820155918.7518-1-brijesh.singh@amd.com> <20210820155918.7518-22-brijesh.singh@amd.com> From: Brijesh Singh Message-ID: Date: Thu, 23 Sep 2021 13:09:22 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US X-ClientProxiedBy: SN7PR04CA0209.namprd04.prod.outlook.com (2603:10b6:806:126::34) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 Received: from Brijeshs-MacBook-Pro.local (70.112.153.56) by SN7PR04CA0209.namprd04.prod.outlook.com (2603:10b6:806:126::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.13 via Frontend Transport; Thu, 23 Sep 2021 18:09:23 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: d2e39e02-671a-4140-435d-08d97ebd473b X-MS-TrafficTypeDiagnostic: SA0PR12MB4510: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 0Gplf0Lt3qQgBlcoJ9A+28Jp7kdXmACNnO0RaU4E6vzP0eerSJMuP6FLnAycEqls/VMS+pkYnu5AkF5UNYODO6/fYJgYE2WF/GzBHlm+CYfItU/3m83bPtoqdEL0FgjOPX1AYbyeqJKXVaTVsKhNJockT/iA/nb6rGGBs5IU9U2CSTT7eS3x7kcEUcanNK2PFg6uecZVaqEA/AkRSRFyelnq63tdErmN/AaNfr1aMtG4z3OOZiAQbs4J22OcrSKbOmZLceOr9scQI20WHMl3u4C8VaLd17KSnkq+kreEPQxlu8AVU7P4Va06yjUHdzlzwhsWjIbpUTgLNrxIj23LNLgM1BASznKYSEnKpC1SeyJtO6Kgob8xrg+LPA9NqaGVTK/fdbtsnFCESDyYU2CzHfrinpyhJFmglrL92hmgfX0AiNHu4Hpa7b6wAp29A3MaXWH20ja9c0cdsKn5G6wWz+RAVLarOLxatWBI0E38qKV5SDpkkmuHIe6LyNo7d9b3h5ikjlvct5nYjWMTlXfKahRVT9BVKuGCy7a6Wrh45TQ6aK2yC5RC1CpeOtxKsTf0B+xMq9O23W9rocrLKnaKpJ/7JMi8gAQS86jj8R4nl1q9vzitdCqFoi6kJAgOo+6l2nU5p/rOfGGV+sz1XhiUVf/uUKat2QyJG8gIBdnQfFmg8kuhkwZzbptqRSz3dPaVv9bP1miZwDVbtWagbxGC3q3WeOCqA5mOrH0ZumCIhwNl7+3U+ohwLyDOPc2H6NO64lZWZd41pJFbXHKUKpHiVw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(7416002)(2906002)(54906003)(4326008)(66476007)(8936002)(31686004)(66946007)(83380400001)(5660300002)(38350700002)(44832011)(38100700002)(6486002)(316002)(6512007)(66556008)(8676002)(7406005)(6916009)(6506007)(53546011)(508600001)(186003)(26005)(86362001)(956004)(2616005)(36756003)(52116002)(31696002)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?VDNkRHIvenJBRkZBbit4am4xSXJsMVZUT2c0Q0pxRGZqUjUyZzlTRzV4ZWJw?= =?utf-8?B?bWFiNVM1MWcrTU83WXdLYXU4enRYb0Y0SXRLekJUYWJ1elhpZldzemRpQ1pU?= =?utf-8?B?NTAvOHNNa3UreGJheW0vUU1pZUtIeXphd3JHWWxjTjVPS0piUDl3eDhzb0Zt?= =?utf-8?B?Mkp3dmhySXM0VCsrdUlXdFhuVXdtQmhnbVRFQytOVTFFMWZYQk9UbFVqZkRa?= =?utf-8?B?eG15dWxzNjVCaUFQS0hZenFrUTQxNCs2T253V0VLNGw5Y3FFUjE4K3hVcE8w?= =?utf-8?B?VkppYnY0bEo4UTZQNzFrMVU5UC9nT0t0ZnUrbWZvOXNlZzZtWCt0M3BIK3cz?= =?utf-8?B?aWNvMlBvY25RdGdXUXNJL3ZBUmdjQktveVYwSG1QbjJZNGptNUhCZndkZzN5?= =?utf-8?B?RnVnbDlycVVzc0FaMVNpS0NITUhDUXUrdFJuSGx5Q3VkZms0Y3Qwd1Qrakdh?= =?utf-8?B?RDFlaDJmblN2aFdrd1k0WmI3MU5HTDdZU1YxNVpLNVNEL0xXb25PYW5uOXhN?= =?utf-8?B?S2NzckNTSGxaSk1hRForUlhsYTBwWkxDMzlaRDdTdmZ5Y3kvOCtieUhMYU9P?= =?utf-8?B?Y1UxMFlrbEY3YThvSk9xczhyQ0ozK3Rnbm5oSTFBOEZSMVNVWlh3MFl2aVAx?= =?utf-8?B?dlMzSVZrcWFVNTZ5Q3pzMmE0bEFrYk9RdHRRMlhZUUkvR1ZxNkFRb0Fjckpr?= =?utf-8?B?SmVRbTlKR2I3RzlrK2tBN1NSUWs5MFdJSmZsZlZpZ0JIajh2S2Yvc1RFMHpn?= =?utf-8?B?QW9iV2ROeCsyOHVTWXdFc1NjOVcvdU80ZWIzN3VOUEtqTHphRXQza09icXU1?= =?utf-8?B?cEs3eTRQbm9JeVlEdnAzRElFNVZKaDd4RGMxZzlVVXpFVGlpTE9lRkNuVjVw?= =?utf-8?B?MkVKSDJvUlJVeFp6dVhWcjJ3bVV3U0cydC94STRWcjdrSmNzRkpaSmJMQUhY?= =?utf-8?B?MmlkckVPMWYvRHBMbldZMk1POTF1Yyt6dG9MRVlqWmxydXR2cUdMOFpLcGh2?= =?utf-8?B?Q1BOVWRUTmhIK2ZCWlBwbC9rQ1Zza3M5UGtDSnVZREkzTDduR0NVRzE1RUlu?= =?utf-8?B?L1VnbWVVenh6UVFNNlphNE9iQjN3VnNBY0pxUXNDVWhyYmErelc2c1k4UGFx?= =?utf-8?B?eXF6cmFJNWJQODREblV4SmhKYlRuOVpsWk1KNXNSRi96a25pWXB4b0Z2MGNk?= =?utf-8?B?bzUrVjlWdG9FVkJsT0VrY1FxUVMvR3JtbzZKeXhTb1F1MytHTExPdFZpTjAv?= =?utf-8?B?WnUxeTY4akY4VUQrOHZhM0xmSGZMVHpKaW5sT2pBSWE3M3pMWjNFZGZUMFQy?= =?utf-8?B?RldPa2ZOM2l1Mm1ETkF0aFRIRkNYWWVpcHFPSWlBaXIxa2FqR0VMMDlBc0VX?= =?utf-8?B?VmhVS2pYd0ZBZmpZS3ZzZTNMVUUvZmgvRHRQOG9uOGdRaVpOT2t3MHk3bkZ1?= =?utf-8?B?NHRiK0ljdHg1dnl3Zko0ckVKS2pZbWFSREE4b2ZoUlVxK3pESGFkcTZpSHcy?= =?utf-8?B?K2xCUkphdHgwT3I2UEZMdDdnZUVOdXE4L3UxaGZuWGNIK29ra2tNOTNRcHNH?= =?utf-8?B?OGRBc3VFUlJUTUNsUnJuWWh1T1U4UVVPbkdBLzN2T2VycXk2Q20wdGI3bVhs?= =?utf-8?B?Y01YZjRXUGhMS0xuU1JBSDFhZ1hVY1F0aGRjYmE5a2xtcUNLREpwQXJRL09I?= =?utf-8?B?aFJHYnJmalN4TE1vZEptNm1RR2lRajVsOTEyVDAzMC9qZ1lZRDlWU243aVYy?= =?utf-8?Q?EKGXM/VzMTKMuqyaCvhYtHi/C1eP3gcFtcTkYqP?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: d2e39e02-671a-4140-435d-08d97ebd473b X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Sep 2021 18:09:26.2068 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: cDOYiuLjFat0hO1rvsU0fb1z+O9eH3TCCPK3wVSzeC6e/PMADfrSgwrRlCzpJZ9Rb03wtRklRjyTfM6tqRvyxg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4510 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 9/22/21 1:55 PM, Dr. David Alan Gilbert wrote: > * Brijesh Singh (brijesh.singh@amd.com) wrote: >> Implement a workaround for an SNP erratum where the CPU will incorrectly >> signal an RMP violation #PF if a hugepage (2mb or 1gb) collides with the >> RMP entry of a VMCB, VMSA or AVIC backing page. >> >> When SEV-SNP is globally enabled, the CPU marks the VMCB, VMSA, and AVIC >> backing pages as "in-use" in the RMP after a successful VMRUN. This is >> done for _all_ VMs, not just SNP-Active VMs. > Can you explain what 'globally enabled' means? This means that SNP is enabled inĀ  host SYSCFG_MSR.Snp=1. Once its enabled then RMP checks are enforced. > Or more specifically, can we trip this bug on public hardware that has > the SNP enabled in the bios, but no SNP init in the host OS? Enabling the SNP support on host is 3 step process: step1 (bios): reserve memory for the RMP table. step2 (host): initialize the RMP table memory, set the SYSCFG msr to enable the SNP feature step3 (host): call the SNP_INIT to initialize the SNP firmware (this is needed only if you ever plan to launch SNP guest from this host). The "SNP globally enabled" means the step 1 to 2. The RMP checks are enforced as soon as step 2 is completed. thanks > > Dave > >> If the hypervisor accesses an in-use page through a writable translation, >> the CPU will throw an RMP violation #PF. On early SNP hardware, if an >> in-use page is 2mb aligned and software accesses any part of the associated >> 2mb region with a hupage, the CPU will incorrectly treat the entire 2mb >> region as in-use and signal a spurious RMP violation #PF. >> >> The recommended is to not use the hugepage for the VMCB, VMSA or >> AVIC backing page. Add a generic allocator that will ensure that the page >> returns is not hugepage (2mb or 1gb) and is safe to be used when SEV-SNP >> is enabled. >> >> Co-developed-by: Marc Orr >> Signed-off-by: Marc Orr >> Signed-off-by: Brijesh Singh >> --- >> arch/x86/include/asm/kvm-x86-ops.h | 1 + >> arch/x86/include/asm/kvm_host.h | 1 + >> arch/x86/kvm/lapic.c | 5 ++++- >> arch/x86/kvm/svm/sev.c | 35 ++++++++++++++++++++++++++++++ >> arch/x86/kvm/svm/svm.c | 16 ++++++++++++-- >> arch/x86/kvm/svm/svm.h | 1 + >> 6 files changed, 56 insertions(+), 3 deletions(-) >> >> diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h >> index a12a4987154e..36a9c23a4b27 100644 >> --- a/arch/x86/include/asm/kvm-x86-ops.h >> +++ b/arch/x86/include/asm/kvm-x86-ops.h >> @@ -122,6 +122,7 @@ KVM_X86_OP_NULL(enable_direct_tlbflush) >> KVM_X86_OP_NULL(migrate_timers) >> KVM_X86_OP(msr_filter_changed) >> KVM_X86_OP_NULL(complete_emulated_msr) >> +KVM_X86_OP(alloc_apic_backing_page) >> >> #undef KVM_X86_OP >> #undef KVM_X86_OP_NULL >> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h >> index 974cbfb1eefe..5ad6255ff5d5 100644 >> --- a/arch/x86/include/asm/kvm_host.h >> +++ b/arch/x86/include/asm/kvm_host.h >> @@ -1453,6 +1453,7 @@ struct kvm_x86_ops { >> int (*complete_emulated_msr)(struct kvm_vcpu *vcpu, int err); >> >> void (*vcpu_deliver_sipi_vector)(struct kvm_vcpu *vcpu, u8 vector); >> + void *(*alloc_apic_backing_page)(struct kvm_vcpu *vcpu); >> }; >> >> struct kvm_x86_nested_ops { >> diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c >> index ba5a27879f1d..05b45747b20b 100644 >> --- a/arch/x86/kvm/lapic.c >> +++ b/arch/x86/kvm/lapic.c >> @@ -2457,7 +2457,10 @@ int kvm_create_lapic(struct kvm_vcpu *vcpu, int timer_advance_ns) >> >> vcpu->arch.apic = apic; >> >> - apic->regs = (void *)get_zeroed_page(GFP_KERNEL_ACCOUNT); >> + if (kvm_x86_ops.alloc_apic_backing_page) >> + apic->regs = static_call(kvm_x86_alloc_apic_backing_page)(vcpu); >> + else >> + apic->regs = (void *)get_zeroed_page(GFP_KERNEL_ACCOUNT); >> if (!apic->regs) { >> printk(KERN_ERR "malloc apic regs error for vcpu %x\n", >> vcpu->vcpu_id); >> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c >> index 1644da5fc93f..8771b878193f 100644 >> --- a/arch/x86/kvm/svm/sev.c >> +++ b/arch/x86/kvm/svm/sev.c >> @@ -2703,3 +2703,38 @@ void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) >> break; >> } >> } >> + >> +struct page *snp_safe_alloc_page(struct kvm_vcpu *vcpu) >> +{ >> + unsigned long pfn; >> + struct page *p; >> + >> + if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) >> + return alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); >> + >> + /* >> + * Allocate an SNP safe page to workaround the SNP erratum where >> + * the CPU will incorrectly signal an RMP violation #PF if a >> + * hugepage (2mb or 1gb) collides with the RMP entry of VMCB, VMSA >> + * or AVIC backing page. The recommeded workaround is to not use the >> + * hugepage. >> + * >> + * Allocate one extra page, use a page which is not 2mb aligned >> + * and free the other. >> + */ >> + p = alloc_pages(GFP_KERNEL_ACCOUNT | __GFP_ZERO, 1); >> + if (!p) >> + return NULL; >> + >> + split_page(p, 1); >> + >> + pfn = page_to_pfn(p); >> + if (IS_ALIGNED(__pfn_to_phys(pfn), PMD_SIZE)) { >> + pfn++; >> + __free_page(p); >> + } else { >> + __free_page(pfn_to_page(pfn + 1)); >> + } >> + >> + return pfn_to_page(pfn); >> +} >> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c >> index 25773bf72158..058eea8353c9 100644 >> --- a/arch/x86/kvm/svm/svm.c >> +++ b/arch/x86/kvm/svm/svm.c >> @@ -1368,7 +1368,7 @@ static int svm_create_vcpu(struct kvm_vcpu *vcpu) >> svm = to_svm(vcpu); >> >> err = -ENOMEM; >> - vmcb01_page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); >> + vmcb01_page = snp_safe_alloc_page(vcpu); >> if (!vmcb01_page) >> goto out; >> >> @@ -1377,7 +1377,7 @@ static int svm_create_vcpu(struct kvm_vcpu *vcpu) >> * SEV-ES guests require a separate VMSA page used to contain >> * the encrypted register state of the guest. >> */ >> - vmsa_page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); >> + vmsa_page = snp_safe_alloc_page(vcpu); >> if (!vmsa_page) >> goto error_free_vmcb_page; >> >> @@ -4539,6 +4539,16 @@ static int svm_vm_init(struct kvm *kvm) >> return 0; >> } >> >> +static void *svm_alloc_apic_backing_page(struct kvm_vcpu *vcpu) >> +{ >> + struct page *page = snp_safe_alloc_page(vcpu); >> + >> + if (!page) >> + return NULL; >> + >> + return page_address(page); >> +} >> + >> static struct kvm_x86_ops svm_x86_ops __initdata = { >> .hardware_unsetup = svm_hardware_teardown, >> .hardware_enable = svm_hardware_enable, >> @@ -4667,6 +4677,8 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { >> .complete_emulated_msr = svm_complete_emulated_msr, >> >> .vcpu_deliver_sipi_vector = svm_vcpu_deliver_sipi_vector, >> + >> + .alloc_apic_backing_page = svm_alloc_apic_backing_page, >> }; >> >> static struct kvm_x86_init_ops svm_init_ops __initdata = { >> diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h >> index d1f1512a4b47..e40800e9c998 100644 >> --- a/arch/x86/kvm/svm/svm.h >> +++ b/arch/x86/kvm/svm/svm.h >> @@ -575,6 +575,7 @@ void sev_es_create_vcpu(struct vcpu_svm *svm); >> void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector); >> void sev_es_prepare_guest_switch(struct vcpu_svm *svm, unsigned int cpu); >> void sev_es_unmap_ghcb(struct vcpu_svm *svm); >> +struct page *snp_safe_alloc_page(struct kvm_vcpu *vcpu); >> >> /* vmenter.S */ >> >> -- >> 2.17.1 >> >>