mirror of
https://github.com/torvalds/linux.git
synced 2024-11-21 19:41:42 +00:00
KVM: SEV: Add initial SEV-SNP support
SEV-SNP builds upon existing SEV and SEV-ES functionality while adding new hardware-based security protection. SEV-SNP adds strong memory encryption and integrity protection to help prevent malicious hypervisor-based attacks such as data replay, memory re-mapping, and more, to create an isolated execution environment. Define a new KVM_X86_SNP_VM type which makes use of these capabilities and extend the KVM_SEV_INIT2 ioctl to support it. Also add a basic helper to check whether SNP is enabled and set PFERR_PRIVATE_ACCESS for private #NPFs so they are handled appropriately by KVM MMU. Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Co-developed-by: Michael Roth <michael.roth@amd.com> Signed-off-by: Michael Roth <michael.roth@amd.com> Signed-off-by: Ashish Kalra <ashish.kalra@amd.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-ID: <20240501085210.2213060-5-michael.roth@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
parent
a8e3198333
commit
1dfe571c12
@ -285,7 +285,8 @@ static_assert((X2AVIC_MAX_PHYSICAL_ID & AVIC_PHYSICAL_MAX_INDEX_MASK) == X2AVIC_
|
|||||||
|
|
||||||
#define AVIC_HPA_MASK ~((0xFFFULL << 52) | 0xFFF)
|
#define AVIC_HPA_MASK ~((0xFFFULL << 52) | 0xFFF)
|
||||||
|
|
||||||
#define SVM_SEV_FEAT_DEBUG_SWAP BIT(5)
|
#define SVM_SEV_FEAT_SNP_ACTIVE BIT(0)
|
||||||
|
#define SVM_SEV_FEAT_DEBUG_SWAP BIT(5)
|
||||||
|
|
||||||
struct vmcb_seg {
|
struct vmcb_seg {
|
||||||
u16 selector;
|
u16 selector;
|
||||||
|
@ -874,5 +874,6 @@ struct kvm_hyperv_eventfd {
|
|||||||
#define KVM_X86_SW_PROTECTED_VM 1
|
#define KVM_X86_SW_PROTECTED_VM 1
|
||||||
#define KVM_X86_SEV_VM 2
|
#define KVM_X86_SEV_VM 2
|
||||||
#define KVM_X86_SEV_ES_VM 3
|
#define KVM_X86_SEV_ES_VM 3
|
||||||
|
#define KVM_X86_SNP_VM 4
|
||||||
|
|
||||||
#endif /* _ASM_X86_KVM_H */
|
#endif /* _ASM_X86_KVM_H */
|
||||||
|
@ -47,6 +47,9 @@ module_param_named(sev, sev_enabled, bool, 0444);
|
|||||||
static bool sev_es_enabled = true;
|
static bool sev_es_enabled = true;
|
||||||
module_param_named(sev_es, sev_es_enabled, bool, 0444);
|
module_param_named(sev_es, sev_es_enabled, bool, 0444);
|
||||||
|
|
||||||
|
/* enable/disable SEV-SNP support */
|
||||||
|
static bool sev_snp_enabled;
|
||||||
|
|
||||||
/* enable/disable SEV-ES DebugSwap support */
|
/* enable/disable SEV-ES DebugSwap support */
|
||||||
static bool sev_es_debug_swap_enabled = true;
|
static bool sev_es_debug_swap_enabled = true;
|
||||||
module_param_named(debug_swap, sev_es_debug_swap_enabled, bool, 0444);
|
module_param_named(debug_swap, sev_es_debug_swap_enabled, bool, 0444);
|
||||||
@ -288,6 +291,9 @@ static int __sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp,
|
|||||||
if (sev->es_active && !sev->ghcb_version)
|
if (sev->es_active && !sev->ghcb_version)
|
||||||
sev->ghcb_version = GHCB_VERSION_DEFAULT;
|
sev->ghcb_version = GHCB_VERSION_DEFAULT;
|
||||||
|
|
||||||
|
if (vm_type == KVM_X86_SNP_VM)
|
||||||
|
sev->vmsa_features |= SVM_SEV_FEAT_SNP_ACTIVE;
|
||||||
|
|
||||||
ret = sev_asid_new(sev);
|
ret = sev_asid_new(sev);
|
||||||
if (ret)
|
if (ret)
|
||||||
goto e_no_asid;
|
goto e_no_asid;
|
||||||
@ -348,7 +354,8 @@ static int sev_guest_init2(struct kvm *kvm, struct kvm_sev_cmd *argp)
|
|||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
if (kvm->arch.vm_type != KVM_X86_SEV_VM &&
|
if (kvm->arch.vm_type != KVM_X86_SEV_VM &&
|
||||||
kvm->arch.vm_type != KVM_X86_SEV_ES_VM)
|
kvm->arch.vm_type != KVM_X86_SEV_ES_VM &&
|
||||||
|
kvm->arch.vm_type != KVM_X86_SNP_VM)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
if (copy_from_user(&data, u64_to_user_ptr(argp->data), sizeof(data)))
|
if (copy_from_user(&data, u64_to_user_ptr(argp->data), sizeof(data)))
|
||||||
@ -2328,11 +2335,16 @@ void __init sev_set_cpu_caps(void)
|
|||||||
kvm_cpu_cap_set(X86_FEATURE_SEV_ES);
|
kvm_cpu_cap_set(X86_FEATURE_SEV_ES);
|
||||||
kvm_caps.supported_vm_types |= BIT(KVM_X86_SEV_ES_VM);
|
kvm_caps.supported_vm_types |= BIT(KVM_X86_SEV_ES_VM);
|
||||||
}
|
}
|
||||||
|
if (sev_snp_enabled) {
|
||||||
|
kvm_cpu_cap_set(X86_FEATURE_SEV_SNP);
|
||||||
|
kvm_caps.supported_vm_types |= BIT(KVM_X86_SNP_VM);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void __init sev_hardware_setup(void)
|
void __init sev_hardware_setup(void)
|
||||||
{
|
{
|
||||||
unsigned int eax, ebx, ecx, edx, sev_asid_count, sev_es_asid_count;
|
unsigned int eax, ebx, ecx, edx, sev_asid_count, sev_es_asid_count;
|
||||||
|
bool sev_snp_supported = false;
|
||||||
bool sev_es_supported = false;
|
bool sev_es_supported = false;
|
||||||
bool sev_supported = false;
|
bool sev_supported = false;
|
||||||
|
|
||||||
@ -2413,6 +2425,7 @@ void __init sev_hardware_setup(void)
|
|||||||
sev_es_asid_count = min_sev_asid - 1;
|
sev_es_asid_count = min_sev_asid - 1;
|
||||||
WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV_ES, sev_es_asid_count));
|
WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV_ES, sev_es_asid_count));
|
||||||
sev_es_supported = true;
|
sev_es_supported = true;
|
||||||
|
sev_snp_supported = sev_snp_enabled && cc_platform_has(CC_ATTR_HOST_SEV_SNP);
|
||||||
|
|
||||||
out:
|
out:
|
||||||
if (boot_cpu_has(X86_FEATURE_SEV))
|
if (boot_cpu_has(X86_FEATURE_SEV))
|
||||||
@ -2425,9 +2438,15 @@ out:
|
|||||||
pr_info("SEV-ES %s (ASIDs %u - %u)\n",
|
pr_info("SEV-ES %s (ASIDs %u - %u)\n",
|
||||||
sev_es_supported ? "enabled" : "disabled",
|
sev_es_supported ? "enabled" : "disabled",
|
||||||
min_sev_asid > 1 ? 1 : 0, min_sev_asid - 1);
|
min_sev_asid > 1 ? 1 : 0, min_sev_asid - 1);
|
||||||
|
if (boot_cpu_has(X86_FEATURE_SEV_SNP))
|
||||||
|
pr_info("SEV-SNP %s (ASIDs %u - %u)\n",
|
||||||
|
sev_snp_supported ? "enabled" : "disabled",
|
||||||
|
min_sev_asid > 1 ? 1 : 0, min_sev_asid - 1);
|
||||||
|
|
||||||
sev_enabled = sev_supported;
|
sev_enabled = sev_supported;
|
||||||
sev_es_enabled = sev_es_supported;
|
sev_es_enabled = sev_es_supported;
|
||||||
|
sev_snp_enabled = sev_snp_supported;
|
||||||
|
|
||||||
if (!sev_es_enabled || !cpu_feature_enabled(X86_FEATURE_DEBUG_SWAP) ||
|
if (!sev_es_enabled || !cpu_feature_enabled(X86_FEATURE_DEBUG_SWAP) ||
|
||||||
!cpu_feature_enabled(X86_FEATURE_NO_NESTED_DATA_BP))
|
!cpu_feature_enabled(X86_FEATURE_NO_NESTED_DATA_BP))
|
||||||
sev_es_debug_swap_enabled = false;
|
sev_es_debug_swap_enabled = false;
|
||||||
|
@ -2057,6 +2057,9 @@ static int npf_interception(struct kvm_vcpu *vcpu)
|
|||||||
if (WARN_ON_ONCE(error_code & PFERR_SYNTHETIC_MASK))
|
if (WARN_ON_ONCE(error_code & PFERR_SYNTHETIC_MASK))
|
||||||
error_code &= ~PFERR_SYNTHETIC_MASK;
|
error_code &= ~PFERR_SYNTHETIC_MASK;
|
||||||
|
|
||||||
|
if (sev_snp_guest(vcpu->kvm) && (error_code & PFERR_GUEST_ENC_MASK))
|
||||||
|
error_code |= PFERR_PRIVATE_ACCESS;
|
||||||
|
|
||||||
trace_kvm_page_fault(vcpu, fault_address, error_code);
|
trace_kvm_page_fault(vcpu, fault_address, error_code);
|
||||||
return kvm_mmu_page_fault(vcpu, fault_address, error_code,
|
return kvm_mmu_page_fault(vcpu, fault_address, error_code,
|
||||||
static_cpu_has(X86_FEATURE_DECODEASSISTS) ?
|
static_cpu_has(X86_FEATURE_DECODEASSISTS) ?
|
||||||
@ -4902,8 +4905,11 @@ static int svm_vm_init(struct kvm *kvm)
|
|||||||
|
|
||||||
if (type != KVM_X86_DEFAULT_VM &&
|
if (type != KVM_X86_DEFAULT_VM &&
|
||||||
type != KVM_X86_SW_PROTECTED_VM) {
|
type != KVM_X86_SW_PROTECTED_VM) {
|
||||||
kvm->arch.has_protected_state = (type == KVM_X86_SEV_ES_VM);
|
kvm->arch.has_protected_state =
|
||||||
|
(type == KVM_X86_SEV_ES_VM || type == KVM_X86_SNP_VM);
|
||||||
to_kvm_sev_info(kvm)->need_init = true;
|
to_kvm_sev_info(kvm)->need_init = true;
|
||||||
|
|
||||||
|
kvm->arch.has_private_mem = (type == KVM_X86_SNP_VM);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!pause_filter_count || !pause_filter_thresh)
|
if (!pause_filter_count || !pause_filter_thresh)
|
||||||
|
@ -349,6 +349,18 @@ static __always_inline bool sev_es_guest(struct kvm *kvm)
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static __always_inline bool sev_snp_guest(struct kvm *kvm)
|
||||||
|
{
|
||||||
|
#ifdef CONFIG_KVM_AMD_SEV
|
||||||
|
struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
|
||||||
|
|
||||||
|
return (sev->vmsa_features & SVM_SEV_FEAT_SNP_ACTIVE) &&
|
||||||
|
!WARN_ON_ONCE(!sev_es_guest(kvm));
|
||||||
|
#else
|
||||||
|
return false;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
static inline void vmcb_mark_all_dirty(struct vmcb *vmcb)
|
static inline void vmcb_mark_all_dirty(struct vmcb *vmcb)
|
||||||
{
|
{
|
||||||
vmcb->control.clean = 0;
|
vmcb->control.clean = 0;
|
||||||
|
Loading…
Reference in New Issue
Block a user