Received-SPF: pass (google.com: domain of linux-crypto+bounces-3733-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Date: Sun, 21 Apr 2024 12:52:50 -0500
From: Michael Roth <michael.roth@amd.com>
To: Paolo Bonzini <pbonzini@redhat.com>
CC: <kvm@vger.kernel.org>, <linux-coco@lists.linux.dev>, <linux-mm@kvack.org>,
	<linux-crypto@vger.kernel.org>, <x86@kernel.org>,
	<linux-kernel@vger.kernel.org>, <tglx@linutronix.de>, <mingo@redhat.com>,
	<jroedel@suse.de>, <thomas.lendacky@amd.com>, <hpa@zytor.com>,
	<ardb@kernel.org>, <seanjc@google.com>, <vkuznets@redhat.com>,
	<jmattson@google.com>, <luto@kernel.org>, <dave.hansen@linux.intel.com>,
	<slp@redhat.com>, <pgonda@google.com>, <peterz@infradead.org>,
	<srinivas.pandruvada@linux.intel.com>, <rientjes@google.com>,
	<dovmurik@linux.ibm.com>, <tobin@ibm.com>, <bp@alien8.de>, <vbabka@suse.cz>,
	<kirill@shutemov.name>, <ak@linux.intel.com>, <tony.luck@intel.com>,
	<sathyanarayanan.kuppuswamy@linux.intel.com>, <alpergun@google.com>,
	<jarkko@kernel.org>, <ashish.kalra@amd.com>, <nikunj.dadhania@amd.com>,
	<pankaj.gupta@amd.com>, <liam.merwick@oracle.com>, Brijesh Singh
	<brijesh.singh@amd.com>
Subject: Re: [PATCH v13 10/26] KVM: SEV: Add KVM_SEV_SNP_LAUNCH_UPDATE command
Message-ID: <20240421175250.lkjauspowo5y7c6k@amd.com>
References: <20240418194133.1452059-1-michael.roth@amd.com>
 <20240418194133.1452059-11-michael.roth@amd.com>
 <CABgObfaj4-GXSCWFx+=o7Cdhouo8Ftz4YEWgsQ2XNRc3KD-jPg@mail.gmail.com>
 <CABgObfa9Ya-taTKkRbmUQGcwqYG+6cs_=kwdqzmFrbgBQG3Epw@mail.gmail.com>
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CABgObfa9Ya-taTKkRbmUQGcwqYG+6cs_=kwdqzmFrbgBQG3Epw@mail.gmail.com>
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Apr 2024 18:00:29.4661
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: fe74ee6e-2bda-4e0a-b838-08dc622cee54
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource:
	MWH0EPF000A6735.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB6353

On Fri, Apr 19, 2024 at 06:12:11PM +0200, Paolo Bonzini wrote:
> On Fri, Apr 19, 2024 at 1:56 PM Paolo Bonzini <pbonzini@redhat.com> wrote:
> > > +       ret = kvm_gmem_populate(kvm, params.gfn_start, u64_to_user_ptr(params.uaddr),
> > > +                               npages, sev_gmem_post_populate, &sev_populate_args);
> > > +       if (ret < 0) {
> > > +               argp->error = sev_populate_args.fw_error;
> > > +               pr_debug("%s: kvm_gmem_populate failed, ret %d (fw_error %d)\n",
> > > +                        __func__, ret, argp->error);
> > > +       } else if (ret < npages) {
> > > +               params.len = ret * PAGE_SIZE;
> > > +               ret = -EINTR;
> >
> > This probably should 1) update also gfn_start and uaddr 2) return 0
> > for consistency with the planned KVM_PRE_FAULT_MEMORY ioctl (aka
> > KVM_MAP_MEMORY).
> 
> To be more precise, params.len should be set to the number of bytes *left*, i.e.
> 
>    params.len -= ret * PAGE_SIZE;
>    params.gfn_start += ret * PAGE_SIZE;
>    if (params.type != KVM_SEV_SNP_PAGE_TYPE_ZERO)
>        params.uaddr += ret * PAGE_SIZE;
> 
> Also this patch needs some other changes:
> 
> 1) snp_launch_update() should have something like this:
> 
>    src = params.type == KVM_SEV_SNP_PAGE_TYPE_ZERO ? NULL :
> u64_to_user_ptr(params.uaddr),;
> 
> so that then...
> 
> > +               vaddr = kmap_local_pfn(pfn + i);
> > +               ret = copy_from_user(vaddr, src + i * PAGE_SIZE, PAGE_SIZE);
> > +               if (ret) {
> > +                       pr_debug("Failed to copy source page into GFN 0x%llx\n", gfn);
> > +                       goto out_unmap;
> > +               }
> 
> ... the copy can be done only if src is non-NULL
> 
> 2) the struct should have some more fields
> 
> > +        struct kvm_sev_snp_launch_update {
> > +                __u64 gfn_start;        /* Guest page number to load/encrypt data into. */
> > +                __u64 uaddr;            /* Userspace address of data to be loaded/encrypted. */
> > +                __u32 len;              /* 4k-aligned length in bytes to copy into guest memory.*/
> > +                __u8 type;              /* The type of the guest pages being initialized. */
> 
> __u8 pad0;
> __u16 flags;   // must be zero
> __u64 pad1[5];
> 
> with accompanying flags check in snp_launch_update().

Have these all addressed in v14, but I ended up making 'len' a __u64, so the
final struct looks like this:

  struct kvm_sev_snp_launch_update {
          __u64 gfn_start;
          __u64 uaddr;
          __u64 len;
          __u8 type;
          __u8 pad0;
          __u16 flags;
          __u32 pad1;
          __u64 pad2[4];
  };

> 
> If you think IMI can be implemented already (with a bit in flags) go
> ahead and do it.

Migration will also need related flags in LAUNCH_START, and depending on how
we implement things, possibly in LAUNCH_FINISH. So for now I've left IMI
out, but added similar 'flags' and padding to those structs as well so we have
some flexibility with how we end up handling that.

-Mike

> 
> Paolo
>