Message-ID: <ab0765b1-6d81-75db-7476-a795b1e64c23@amd.com>
Date:   Fri, 24 Feb 2023 10:22:21 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.7.1
Subject: Re: [PATCH RFC v8 34/56] KVM: SVM: Add KVM_SEV_SNP_LAUNCH_START
 command
Content-Language: en-US
To:     Zhi Wang <zhi.wang.linux@gmail.com>,
        Michael Roth <michael.roth@amd.com>
Cc:     kvm@vger.kernel.org, linux-coco@lists.linux.dev,
        linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org,
        linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com,
        jroedel@suse.de, hpa@zytor.com, ardb@kernel.org,
        pbonzini@redhat.com, seanjc@google.com, vkuznets@redhat.com,
        jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com,
        slp@redhat.com, pgonda@google.com, peterz@infradead.org,
        srinivas.pandruvada@linux.intel.com, rientjes@google.com,
        dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de,
        vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com,
        tony.luck@intel.com, marcorr@google.com,
        sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com,
        dgilbert@redhat.com, jarkko@kernel.org, ashish.kalra@amd.com,
        nikunj.dadhania@amd.com, Brijesh Singh <brijesh.singh@amd.com>
References: <20230220183847.59159-1-michael.roth@amd.com>
 <20230220183847.59159-35-michael.roth@amd.com>
 <20230223234112.000030ac@gmail.com>
From:   Tom Lendacky <thomas.lendacky@amd.com>
In-Reply-To: <20230223234112.000030ac@gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?MFlkTEtYR2FmSXNGeUZjeUhUQ1N5YXRrQzVOb3pZaXVXQ2VLbjNjWGpldU5Y?=
 =?utf-8?B?K2pmd3ZxeDdORkRSWWoydnJYUEtCa0UzU0hUQ1JiUWlhcC9ZK3ZFeFRLWEI4?=
 =?utf-8?B?b1lUZVo4ZmpQenpndFJyZCtTRVFsSUtKVjY0RWVzVGJCUFlncWpFeC95QVU1?=
 =?utf-8?B?NTJDTkZwcjR6NDNyejk1U1RiY1F5aHVwdjlZa3RTWDdEM09zbi9PRzBrZW1m?=
 =?utf-8?B?RHkweTllNEMzVTVsSVJZc2Z4TWg3dGx2Y2hpdjloOXU4SklMN3FxQmRBaG42?=
 =?utf-8?B?MFBVdmtZbkVVSzF4bVpDcHg0Q1YvMHI3aWNQR3JGL3IwVUFHcVV6bzBDZyt2?=
 =?utf-8?B?UEMzdlZyWnZZUmRWaE1TUmhHaXVCQWxnV0JDUGptSy9VNUFmRXFpQ1ZDQmlI?=
 =?utf-8?B?Nmx3d0VMY0ZlNzNJbmR2d01HeVNQQ2dZMjQ5c2VHNmh4NjBXOHdWT3JHTUoy?=
 =?utf-8?B?TUk4cXlKVHJHb2kyR1Vid2pVdmRFTmFVa2s1QmtmQVBpZXJnSkIxN1JET0NK?=
 =?utf-8?B?L1hBWmZPSDRIMTREM08rbGlNSW9BMTRodzN4bE1QdmxkYzBvWE91N0g4MUZX?=
 =?utf-8?B?UjY5TTdNTjMwME8xZTNNZVJhZjQzM1FjM2NwT0pYZUFmcThPME1FTjdIT1Fu?=
 =?utf-8?B?RnpKNURHYUtsZCt3Sjd1cWhndFQ5OGJnS1h1Ry85eUFuZWhvcnFOck9qeTND?=
 =?utf-8?B?b0V3VFpaNDNVSnRSWDk0MjVjQjhEc0I2aWRZY3ZwaHBPTFlmTWkxRlRzNUg2?=
 =?utf-8?B?dmN1YkoySDRuQ0h5bWF4d09lQW5sQUQyYjRGN0VlM1VJbldrVGRpQkJVRUNU?=
 =?utf-8?B?UHByZE5CL3E2bzdCNHU4RkdwMVJaQ05pWXJPazZnaUNFZWgzR2FWaVVveWRY?=
 =?utf-8?B?K21sOElxazRMQXU2eXZFcWk5NlBtQzJTaUJGbDJDZlhTVE5ac05PdnkwYnBY?=
 =?utf-8?B?dUpvc3U1anFZL0xGRVYxRXc3citHU1hiRWVJbjJmNDJjcWdQSXM4Vm9RTGV1?=
 =?utf-8?B?a1Zxd0c5dlhwbW1OSHFFRU95WjNiclErdFVPbjl0MmFQS2MyalR4b2picWVR?=
 =?utf-8?B?bW5aVk0xbmZrTWdzd2I3OEc4ZU9jbG1za1pWTnVRajRaZmtrdEN3SDJRS0tj?=
 =?utf-8?B?dXRNUjU0aHgvVk9WYllJdUZFR296N1BNODRCYlplQytKcElkcEVFcUo0emtv?=
 =?utf-8?B?SGx6aVM2K1drYUsrYVg1djdmOUtKWWQycFdOc1RZVHlSaHNTSlhOOVhYa2lJ?=
 =?utf-8?B?UStGN2MwNGw2WGlKcjFIcTVRRHc5UEh2eUhDQVl1TkFERG9NN2tNS3Vsdnlz?=
 =?utf-8?B?UDBocmZPK1JDSDM5bTB3enVOZzlxaS94RC9jUExyK2VGRzVyVldmVlZSZjMv?=
 =?utf-8?B?ZE9NR2xHeWtiUzYza0JyVVhlaUltcjdqdDgwWkJSaFFVTWgvVWFtRGtuYVFE?=
 =?utf-8?B?aDlZRHVILzN4NFl2QUw0b2NUbWNYUlpDZmhEMEdoMjdwZ0h5UmlmSndXS1Fi?=
 =?utf-8?B?aS9hUGlERndZT1c4dlF5S0MyWTVPNTBqalBUQit4d0o4UCtDOVBONVQxOUFU?=
 =?utf-8?B?V2dINjZjODNFSm85MUdQN0piWTAzQStybWFWSjB3ZGswMFdXUERCRjVmdXVV?=
 =?utf-8?B?VWFZR1BBalNCZDZoL3h6Q2Uva0ltenBRUkZZaHIwQWd4dWN3cTFEWEZPNVhS?=
 =?utf-8?B?TDBRbDUwWm5rcUV1Z2pSY09qeWYyaEFWbEZhc2FtOE1kRUlQL0lmZVpXWmZo?=
 =?utf-8?B?djBXMnNLeWVPTHRaemRzV0Q3aU94V2JLNTNsek5ycWZFYTByOG9vd1pUclZY?=
 =?utf-8?B?eHkxWkxLN3VlMThjR3k2b01CTnBOakpjTm1OQXNtb3B4RFBwTzlZaTVNd01E?=
 =?utf-8?B?aU1NYi9UU3FXS0ZHamVNRzhWMjNmbjJUK3ErZHR4NkZRS0l0ZnQyMmNwMlYr?=
 =?utf-8?B?REdUUTBQaVkvYkdlbkF2QWtDRCsvQ0xLVFFJSXNZRW4zeHExMUFza3FGeFBp?=
 =?utf-8?B?Z1FkL0NOUnVycHVJT08xWXRUaDVOVmNIZU1MdmtyRmtWcTBxZ25uSUVVdXRm?=
 =?utf-8?B?bnduMWZ0T0RUSFMxcXcvUGxkUVBxa2w0eDY3RGRoVFZOaVRWSWQ2cldYUDA5?=
 =?utf-8?Q?zTNATPVknh2UJ0fvsFQkG6VM4?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 69bc2468-dda3-46df-5cfe-08db168350a0
X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Feb 2023 16:22:25.5239
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: AIZFHsERyKrOa/riEP64AceAZkrS+l5B4/IEiQHAPKBx7i+u4OO3oNnN292G2QIGC3cek64vRQ65jezhtM3W6g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB7113
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On 2/23/23 15:41, Zhi Wang wrote:
> On Mon, 20 Feb 2023 12:38:25 -0600
> Michael Roth <michael.roth@amd.com> wrote:
> 
>> From: Brijesh Singh <brijesh.singh@amd.com>
>>
>> KVM_SEV_SNP_LAUNCH_START begins the launch process for an SEV-SNP guest.
>> The command initializes a cryptographic digest context used to construct
>> the measurement of the guest. If the guest is expected to be migrated,
>> the command also binds a migration agent (MA) to the guest.
>>
>> For more information see the SEV-SNP specification.
>>
>> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
>> Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
>> Signed-off-by: Michael Roth <michael.roth@amd.com>
>> ---
>>   .../virt/kvm/x86/amd-memory-encryption.rst    |  24 ++++
>>   arch/x86/kvm/svm/sev.c                        | 121 +++++++++++++++++-
>>   arch/x86/kvm/svm/svm.h                        |   1 +
>>   include/uapi/linux/kvm.h                      |  10 ++
>>   4 files changed, 153 insertions(+), 3 deletions(-)
>>
>> diff --git a/Documentation/virt/kvm/x86/amd-memory-encryption.rst b/Documentation/virt/kvm/x86/amd-memory-encryption.rst
>> index 2432213bd0ea..58971fc02a15 100644
>> --- a/Documentation/virt/kvm/x86/amd-memory-encryption.rst
>> +++ b/Documentation/virt/kvm/x86/amd-memory-encryption.rst
>> @@ -461,6 +461,30 @@ The flags bitmap is defined as::
>>   If the specified flags is not supported then return -EOPNOTSUPP, and the supported
>>   flags are returned.
>>   
>> +19. KVM_SNP_LAUNCH_START
>> +------------------------
>> +
>> +The KVM_SNP_LAUNCH_START command is used for creating the memory encryption
>> +context for the SEV-SNP guest. To create the encryption context, user must
>> +provide a guest policy, migration agent (if any) and guest OS visible
>> +workarounds value as defined SEV-SNP specification.
>> +
>> +Parameters (in): struct  kvm_snp_launch_start
>> +
>> +Returns: 0 on success, -negative on error
>> +
>> +::
>> +
>> +        struct kvm_sev_snp_launch_start {
>> +                __u64 policy;           /* Guest policy to use. */
>> +                __u64 ma_uaddr;         /* userspace address of migration agent */
>> +                __u8 ma_en;             /* 1 if the migration agent is enabled */
>> +                __u8 imi_en;            /* set IMI to 1. */
>> +                __u8 gosvw[16];         /* guest OS visible workarounds */
>> +        };
>> +
>> +See the SEV-SNP specification for further detail on the launch input.
>> +
>>   References
>>   ==========
>>   
>> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
>> index a8efe1f6bf77..097bb2138360 100644
>> --- a/arch/x86/kvm/svm/sev.c
>> +++ b/arch/x86/kvm/svm/sev.c
>> @@ -22,6 +22,7 @@
>>   #include <asm/pkru.h>
>>   #include <asm/trapnr.h>
>>   #include <asm/fpu/xcr.h>
>> +#include <asm/sev.h>
>>   
>>   #include "mmu.h"
>>   #include "x86.h"
>> @@ -75,6 +76,8 @@ static unsigned int nr_asids;
>>   static unsigned long *sev_asid_bitmap;
>>   static unsigned long *sev_reclaim_asid_bitmap;
>>   
>> +static int snp_decommission_context(struct kvm *kvm);
>> +
>>   struct enc_region {
>>   	struct list_head list;
>>   	unsigned long npages;
>> @@ -100,12 +103,17 @@ static int sev_flush_asids(int min_asid, int max_asid)
>>   	down_write(&sev_deactivate_lock);
>>   
>>   	wbinvd_on_all_cpus();
>> -	ret = sev_guest_df_flush(&error);
>> +
>> +	if (sev_snp_enabled)
>> +		ret = sev_do_cmd(SEV_CMD_SNP_DF_FLUSH, NULL, &error);
>> +	else
>> +		ret = sev_guest_df_flush(&error);
>>   
>>   	up_write(&sev_deactivate_lock);
>>   
>>   	if (ret)
>> -		pr_err("SEV: DF_FLUSH failed, ret=%d, error=%#x\n", ret, error);
>> +		pr_err("SEV%s: DF_FLUSH failed, ret=%d, error=%#x\n",
>> +		       sev_snp_enabled ? "-SNP" : "", ret, error);
>>   
>>   	return ret;
>>   }
>> @@ -2011,6 +2019,80 @@ int sev_vm_move_enc_context_from(struct kvm *kvm, unsigned int source_fd)
>>   	return ret;
>>   }
>>   
>> +/*
>> + * The guest context contains all the information, keys and metadata
>> + * associated with the guest that the firmware tracks to implement SEV
>> + * and SNP features. The firmware stores the guest context in hypervisor
>> + * provide page via the SNP_GCTX_CREATE command.
>> + */
>> +static void *snp_context_create(struct kvm *kvm, struct kvm_sev_cmd *argp)
>> +{
>> +	struct sev_data_snp_addr data = {};
>> +	void *context;
>> +	int rc;
>> +
>> +	/* Allocate memory for context page */
>> +	context = snp_alloc_firmware_page(GFP_KERNEL_ACCOUNT);
>> +	if (!context)
>> +		return NULL;
>> +
>> +	data.gctx_paddr = __psp_pa(context);
>> +	rc = __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_GCTX_CREATE, &data, &argp->error);
>> +	if (rc) {
>> +		snp_free_firmware_page(context);
>> +		return NULL;
>> +	}
>> +
>> +	return context;
>> +}
>> +
>> +static int snp_bind_asid(struct kvm *kvm, int *error)
>> +{
>> +	struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
>> +	struct sev_data_snp_activate data = {0};
>> +
>> +	data.gctx_paddr = __psp_pa(sev->snp_context);
>> +	data.asid   = sev_get_asid(kvm);
>> +	return sev_issue_cmd(kvm, SEV_CMD_SNP_ACTIVATE, &data, error);
> 
> According to the SNP ABI specification[1] 8.10 SNP_ACTIVATE:
> 
> "The firmware checks that a DF_FLUSH is not required. If a DF_FLUSH is
> required, the firmware returns DFFLUSH_REQUIRED. Note that all ASIDs are
> marked to require a DF_FLUSH at reset."
> 
> Do we need a SNP_DF_FLUSH here before calling SNP_ACTIVATE or handle the
> situation if the PSP firmware returns DFFLUSH_REQUIRED?
> 
> [1] https://www.amd.com/system/files/TechDocs/56860.pdf

This is related to ASID use. An initial DF_FLUSH is done which allows any 
SNP ASID to be used once without requiring a DF_FLUSH. Once an ASID has 
been used, it cannot be re-used until a DF_FLUSH is performed. The ASID 
recycling code takes care of that.

Thanks,
Tom

> 
>> +}
>> +
>> +static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
>> +{
>> +	struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
>> +	struct sev_data_snp_launch_start start = {0};
>> +	struct kvm_sev_snp_launch_start params;
>> +	int rc;
>> +
>> +	if (!sev_snp_guest(kvm))
>> +		return -ENOTTY;
>> +
>> +	if (copy_from_user(&params, (void __user *)(uintptr_t)argp->data, sizeof(params)))
>> +		return -EFAULT;
>> +
>> +	sev->snp_context = snp_context_create(kvm, argp);
>> +	if (!sev->snp_context)
>> +		return -ENOTTY;
>> +
>> +	start.gctx_paddr = __psp_pa(sev->snp_context);
>> +	start.policy = params.policy;
>> +	memcpy(start.gosvw, params.gosvw, sizeof(params.gosvw));
>> +	rc = __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_LAUNCH_START, &start, &argp->error);
>> +	if (rc)
>> +		goto e_free_context;
>> +
>> +	sev->fd = argp->sev_fd;
>> +	rc = snp_bind_asid(kvm, &argp->error);
>> +	if (rc)
>> +		goto e_free_context;
>> +
>> +	return 0;
>> +
>> +e_free_context:
>> +	snp_decommission_context(kvm);
>> +
>> +	return rc;
>> +}
>> +
>>   int sev_mem_enc_ioctl(struct kvm *kvm, void __user *argp)
>>   {
>>   	struct kvm_sev_cmd sev_cmd;
>> @@ -2101,6 +2183,9 @@ int sev_mem_enc_ioctl(struct kvm *kvm, void __user *argp)
>>   	case KVM_SEV_RECEIVE_FINISH:
>>   		r = sev_receive_finish(kvm, &sev_cmd);
>>   		break;
>> +	case KVM_SEV_SNP_LAUNCH_START:
>> +		r = snp_launch_start(kvm, &sev_cmd);
>> +		break;
>>   	default:
>>   		r = -EINVAL;
>>   		goto out;
>> @@ -2292,6 +2377,28 @@ int sev_vm_copy_enc_context_from(struct kvm *kvm, unsigned int source_fd)
>>   	return ret;
>>   }
>>   
>> +static int snp_decommission_context(struct kvm *kvm)
>> +{
>> +	struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
>> +	struct sev_data_snp_addr data = {};
>> +	int ret;
>> +
>> +	/* If context is not created then do nothing */
>> +	if (!sev->snp_context)
>> +		return 0;
>> +
>> +	data.gctx_paddr = __sme_pa(sev->snp_context);
>> +	ret = sev_do_cmd(SEV_CMD_SNP_DECOMMISSION, &data, NULL);
>> +	if (WARN_ONCE(ret, "failed to release guest context"))
>> +		return ret;
>> +
>> +	/* free the context page now */
>> +	snp_free_firmware_page(sev->snp_context);
>> +	sev->snp_context = NULL;
>> +
>> +	return 0;
>> +}
>> +
>>   void sev_vm_destroy(struct kvm *kvm)
>>   {
>>   	struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
>> @@ -2333,7 +2440,15 @@ void sev_vm_destroy(struct kvm *kvm)
>>   		}
>>   	}
>>   
>> -	sev_unbind_asid(kvm, sev->handle);
>> +	if (sev_snp_guest(kvm)) {
>> +		if (snp_decommission_context(kvm)) {
>> +			WARN_ONCE(1, "Failed to free SNP guest context, leaking asid!\n");
>> +			return;
>> +		}
>> +	} else {
>> +		sev_unbind_asid(kvm, sev->handle);
>> +	}
>> +
>>   	sev_asid_free(sev);
>>   }
>>   
>> diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
>> index 56a5c96d8a36..740969b57425 100644
>> --- a/arch/x86/kvm/svm/svm.h
>> +++ b/arch/x86/kvm/svm/svm.h
>> @@ -92,6 +92,7 @@ struct kvm_sev_info {
>>   	struct misc_cg *misc_cg; /* For misc cgroup accounting */
>>   	atomic_t migration_in_progress;
>>   	u64 snp_init_flags;
>> +	void *snp_context;      /* SNP guest context page */
>>   };
>>   
>>   struct kvm_svm {
>> diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
>> index 499cc323f793..cf19799ca5ce 100644
>> --- a/include/uapi/linux/kvm.h
>> +++ b/include/uapi/linux/kvm.h
>> @@ -1919,6 +1919,7 @@ enum sev_cmd_id {
>>   
>>   	/* SNP specific commands */
>>   	KVM_SEV_SNP_INIT,
>> +	KVM_SEV_SNP_LAUNCH_START,
>>   
>>   	KVM_SEV_NR_MAX,
>>   };
>> @@ -2026,6 +2027,15 @@ struct kvm_snp_init {
>>   	__u64 flags;
>>   };
>>   
>> +struct kvm_sev_snp_launch_start {
>> +	__u64 policy;
>> +	__u64 ma_uaddr;
>> +	__u8 ma_en;
>> +	__u8 imi_en;
>> +	__u8 gosvw[16];
>> +	__u8 pad[6];
>> +};
>> +
>>   #define KVM_DEV_ASSIGN_ENABLE_IOMMU	(1 << 0)
>>   #define KVM_DEV_ASSIGN_PCI_2_3		(1 << 1)
>>   #define KVM_DEV_ASSIGN_MASK_INTX	(1 << 2)
>