tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
KVM: x86: Merge 'svm' into 'cet' to pick up GHCB dependencies
Merge the queue of SVM changes for 6.18 to pick up the KVM-defined GHCB
helpers so that kvm_ghcb_get_xss() can be used to virtualize CET for
SEV-ES+ guests.
+137
-104
+1
arch/x86/include/asm/cpufeatures.h
+1
arch/x86/include/asm/cpufeatures.h
···
444
444
#define X86_FEATURE_VM_PAGE_FLUSH (19*32+ 2) /* VM Page Flush MSR is supported */
445
445
#define X86_FEATURE_SEV_ES (19*32+ 3) /* "sev_es" Secure Encrypted Virtualization - Encrypted State */
446
446
#define X86_FEATURE_SEV_SNP (19*32+ 4) /* "sev_snp" Secure Encrypted Virtualization - Secure Nested Paging */
447
+
#define X86_FEATURE_SNP_SECURE_TSC (19*32+ 8) /* SEV-SNP Secure TSC */
447
448
#define X86_FEATURE_V_TSC_AUX (19*32+ 9) /* Virtual TSC_AUX */
448
449
#define X86_FEATURE_SME_COHERENT (19*32+10) /* hardware-enforced cache coherency */
449
450
#define X86_FEATURE_DEBUG_SWAP (19*32+14) /* "debug_swap" SEV-ES full debug state swap support */
+1
arch/x86/include/asm/kvm_host.h
+1
arch/x86/include/asm/kvm_host.h
···
2196
2196
unsigned long kvm_get_dr(struct kvm_vcpu *vcpu, int dr);
2197
2197
unsigned long kvm_get_cr8(struct kvm_vcpu *vcpu);
2198
2198
void kvm_lmsw(struct kvm_vcpu *vcpu, unsigned long msw);
2199
+
int __kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr);
2199
2200
int kvm_emulate_xsetbv(struct kvm_vcpu *vcpu);
2200
2201
2201
2202
int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr);
+1
arch/x86/include/asm/svm.h
+1
arch/x86/include/asm/svm.h
+8
-10
arch/x86/kvm/svm/nested.c
+8
-10
arch/x86/kvm/svm/nested.c
···
1798
1798
if (kvm_state->size < sizeof(*kvm_state) + KVM_STATE_NESTED_SVM_VMCB_SIZE)
1799
1799
return -EINVAL;
1800
1800
1801
-
ret = -ENOMEM;
1802
-
ctl = kzalloc(sizeof(*ctl), GFP_KERNEL);
1803
-
save = kzalloc(sizeof(*save), GFP_KERNEL);
1804
-
if (!ctl || !save)
1805
-
goto out_free;
1801
+
ctl = memdup_user(&user_vmcb->control, sizeof(*ctl));
1802
+
if (IS_ERR(ctl))
1803
+
return PTR_ERR(ctl);
1806
1804
1807
-
ret = -EFAULT;
1808
-
if (copy_from_user(ctl, &user_vmcb->control, sizeof(*ctl)))
1809
-
goto out_free;
1810
-
if (copy_from_user(save, &user_vmcb->save, sizeof(*save)))
1811
-
goto out_free;
1805
+
save = memdup_user(&user_vmcb->save, sizeof(*save));
1806
+
if (IS_ERR(save)) {
1807
+
kfree(ctl);
1808
+
return PTR_ERR(save);
1809
+
}
1812
1810
1813
1811
ret = -EINVAL;
1814
1812
__nested_copy_vmcb_control_to_cache(vcpu, &ctl_cached, ctl);
+96
-52
arch/x86/kvm/svm/sev.c
+96
-52
arch/x86/kvm/svm/sev.c
···
37
37
#include "trace.h"
38
38
39
39
#define GHCB_VERSION_MAX 2ULL
40
-
#define GHCB_VERSION_DEFAULT 2ULL
41
40
#define GHCB_VERSION_MIN 1ULL
42
41
43
42
#define GHCB_HV_FT_SUPPORTED (GHCB_HV_FT_SNP | GHCB_HV_FT_SNP_AP_CREATION)
···
144
145
struct kvm_sev_info *sev = to_kvm_sev_info(vcpu->kvm);
145
146
146
147
return sev->vmsa_features & SVM_SEV_FEAT_DEBUG_SWAP;
148
+
}
149
+
150
+
static bool snp_is_secure_tsc_enabled(struct kvm *kvm)
151
+
{
152
+
struct kvm_sev_info *sev = to_kvm_sev_info(kvm);
153
+
154
+
return (sev->vmsa_features & SVM_SEV_FEAT_SECURE_TSC) &&
155
+
!WARN_ON_ONCE(!sev_snp_guest(kvm));
147
156
}
148
157
149
158
/* Must be called with the sev_bitmap_lock held */
···
413
406
struct kvm_sev_info *sev = to_kvm_sev_info(kvm);
414
407
struct sev_platform_init_args init_args = {0};
415
408
bool es_active = vm_type != KVM_X86_SEV_VM;
409
+
bool snp_active = vm_type == KVM_X86_SNP_VM;
416
410
u64 valid_vmsa_features = es_active ? sev_supported_vmsa_features : 0;
417
411
int ret;
418
412
···
423
415
if (data->flags)
424
416
return -EINVAL;
425
417
418
+
if (!snp_active)
419
+
valid_vmsa_features &= ~SVM_SEV_FEAT_SECURE_TSC;
420
+
426
421
if (data->vmsa_features & ~valid_vmsa_features)
427
422
return -EINVAL;
428
423
429
424
if (data->ghcb_version > GHCB_VERSION_MAX || (!es_active && data->ghcb_version))
425
+
return -EINVAL;
426
+
427
+
/*
428
+
* KVM supports the full range of mandatory features defined by version
429
+
* 2 of the GHCB protocol, so default to that for SEV-ES guests created
430
+
* via KVM_SEV_INIT2 (KVM_SEV_INIT forces version 1).
431
+
*/
432
+
if (es_active && !data->ghcb_version)
433
+
data->ghcb_version = 2;
434
+
435
+
if (snp_active && data->ghcb_version < 2)
430
436
return -EINVAL;
431
437
432
438
if (unlikely(sev->active))
···
451
429
sev->vmsa_features = data->vmsa_features;
452
430
sev->ghcb_version = data->ghcb_version;
453
431
454
-
/*
455
-
* Currently KVM supports the full range of mandatory features defined
456
-
* by version 2 of the GHCB protocol, so default to that for SEV-ES
457
-
* guests created via KVM_SEV_INIT2.
458
-
*/
459
-
if (sev->es_active && !sev->ghcb_version)
460
-
sev->ghcb_version = GHCB_VERSION_DEFAULT;
461
-
462
-
if (vm_type == KVM_X86_SNP_VM)
432
+
if (snp_active)
463
433
sev->vmsa_features |= SVM_SEV_FEAT_SNP_ACTIVE;
464
434
465
435
ret = sev_asid_new(sev);
···
469
455
}
470
456
471
457
/* This needs to happen after SEV/SNP firmware initialization. */
472
-
if (vm_type == KVM_X86_SNP_VM) {
458
+
if (snp_active) {
473
459
ret = snp_guest_req_init(kvm);
474
460
if (ret)
475
461
goto e_free;
···
583
569
if (copy_from_user(¶ms, u64_to_user_ptr(argp->data), sizeof(params)))
584
570
return -EFAULT;
585
571
586
-
sev->policy = params.policy;
587
-
588
572
memset(&start, 0, sizeof(start));
589
573
590
574
dh_blob = NULL;
···
630
618
goto e_free_session;
631
619
}
632
620
621
+
sev->policy = params.policy;
633
622
sev->handle = start.handle;
634
623
sev->fd = argp->sev_fd;
635
624
···
1985
1972
kvm_for_each_vcpu(i, dst_vcpu, dst_kvm) {
1986
1973
dst_svm = to_svm(dst_vcpu);
1987
1974
1988
-
sev_init_vmcb(dst_svm);
1975
+
sev_init_vmcb(dst_svm, false);
1989
1976
1990
1977
if (!dst->es_active)
1991
1978
continue;
···
2197
2184
if (!(params.policy & SNP_POLICY_MASK_RSVD_MBO))
2198
2185
return -EINVAL;
2199
2186
2200
-
sev->policy = params.policy;
2187
+
if (snp_is_secure_tsc_enabled(kvm)) {
2188
+
if (WARN_ON_ONCE(!kvm->arch.default_tsc_khz))
2189
+
return -EINVAL;
2190
+
2191
+
start.desired_tsc_khz = kvm->arch.default_tsc_khz;
2192
+
}
2201
2193
2202
2194
sev->snp_context = snp_context_create(kvm, argp);
2203
2195
if (!sev->snp_context)
···
2210
2192
2211
2193
start.gctx_paddr = __psp_pa(sev->snp_context);
2212
2194
start.policy = params.policy;
2195
+
2213
2196
memcpy(start.gosvw, params.gosvw, sizeof(params.gosvw));
2214
2197
rc = __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_LAUNCH_START, &start, &argp->error);
2215
2198
if (rc) {
···
2219
2200
goto e_free_context;
2220
2201
}
2221
2202
2203
+
sev->policy = params.policy;
2222
2204
sev->fd = argp->sev_fd;
2223
2205
rc = snp_bind_asid(kvm, &argp->error);
2224
2206
if (rc) {
···
3102
3082
sev_supported_vmsa_features = 0;
3103
3083
if (sev_es_debug_swap_enabled)
3104
3084
sev_supported_vmsa_features |= SVM_SEV_FEAT_DEBUG_SWAP;
3085
+
3086
+
if (sev_snp_enabled && tsc_khz && cpu_feature_enabled(X86_FEATURE_SNP_SECURE_TSC))
3087
+
sev_supported_vmsa_features |= SVM_SEV_FEAT_SECURE_TSC;
3105
3088
}
3106
3089
3107
3090
void sev_hardware_unsetup(void)
···
3220
3197
kvfree(svm->sev_es.ghcb_sa);
3221
3198
}
3222
3199
3223
-
static u64 kvm_ghcb_get_sw_exit_code(struct vmcb_control_area *control)
3200
+
static u64 kvm_get_cached_sw_exit_code(struct vmcb_control_area *control)
3224
3201
{
3225
3202
return (((u64)control->exit_code_hi) << 32) | control->exit_code;
3226
3203
}
···
3246
3223
*/
3247
3224
pr_err("GHCB (GPA=%016llx) snapshot:\n", svm->vmcb->control.ghcb_gpa);
3248
3225
pr_err("%-20s%016llx is_valid: %u\n", "sw_exit_code",
3249
-
kvm_ghcb_get_sw_exit_code(control), kvm_ghcb_sw_exit_code_is_valid(svm));
3226
+
kvm_get_cached_sw_exit_code(control), kvm_ghcb_sw_exit_code_is_valid(svm));
3250
3227
pr_err("%-20s%016llx is_valid: %u\n", "sw_exit_info_1",
3251
3228
control->exit_info_1, kvm_ghcb_sw_exit_info_1_is_valid(svm));
3252
3229
pr_err("%-20s%016llx is_valid: %u\n", "sw_exit_info_2",
···
3299
3276
BUILD_BUG_ON(sizeof(svm->sev_es.valid_bitmap) != sizeof(ghcb->save.valid_bitmap));
3300
3277
memcpy(&svm->sev_es.valid_bitmap, &ghcb->save.valid_bitmap, sizeof(ghcb->save.valid_bitmap));
3301
3278
3302
-
vcpu->arch.regs[VCPU_REGS_RAX] = kvm_ghcb_get_rax_if_valid(svm, ghcb);
3303
-
vcpu->arch.regs[VCPU_REGS_RBX] = kvm_ghcb_get_rbx_if_valid(svm, ghcb);
3304
-
vcpu->arch.regs[VCPU_REGS_RCX] = kvm_ghcb_get_rcx_if_valid(svm, ghcb);
3305
-
vcpu->arch.regs[VCPU_REGS_RDX] = kvm_ghcb_get_rdx_if_valid(svm, ghcb);
3306
-
vcpu->arch.regs[VCPU_REGS_RSI] = kvm_ghcb_get_rsi_if_valid(svm, ghcb);
3279
+
vcpu->arch.regs[VCPU_REGS_RAX] = kvm_ghcb_get_rax_if_valid(svm);
3280
+
vcpu->arch.regs[VCPU_REGS_RBX] = kvm_ghcb_get_rbx_if_valid(svm);
3281
+
vcpu->arch.regs[VCPU_REGS_RCX] = kvm_ghcb_get_rcx_if_valid(svm);
3282
+
vcpu->arch.regs[VCPU_REGS_RDX] = kvm_ghcb_get_rdx_if_valid(svm);
3283
+
vcpu->arch.regs[VCPU_REGS_RSI] = kvm_ghcb_get_rsi_if_valid(svm);
3307
3284
3308
-
svm->vmcb->save.cpl = kvm_ghcb_get_cpl_if_valid(svm, ghcb);
3285
+
svm->vmcb->save.cpl = kvm_ghcb_get_cpl_if_valid(svm);
3309
3286
3310
-
if (kvm_ghcb_xcr0_is_valid(svm)) {
3311
-
vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb);
3312
-
vcpu->arch.cpuid_dynamic_bits_dirty = true;
3313
-
}
3287
+
if (kvm_ghcb_xcr0_is_valid(svm))
3288
+
__kvm_set_xcr(vcpu, 0, kvm_ghcb_get_xcr0(svm));
3314
3289
3315
3290
/* Copy the GHCB exit information into the VMCB fields */
3316
-
exit_code = ghcb_get_sw_exit_code(ghcb);
3291
+
exit_code = kvm_ghcb_get_sw_exit_code(svm);
3317
3292
control->exit_code = lower_32_bits(exit_code);
3318
3293
control->exit_code_hi = upper_32_bits(exit_code);
3319
-
control->exit_info_1 = ghcb_get_sw_exit_info_1(ghcb);
3320
-
control->exit_info_2 = ghcb_get_sw_exit_info_2(ghcb);
3321
-
svm->sev_es.sw_scratch = kvm_ghcb_get_sw_scratch_if_valid(svm, ghcb);
3294
+
control->exit_info_1 = kvm_ghcb_get_sw_exit_info_1(svm);
3295
+
control->exit_info_2 = kvm_ghcb_get_sw_exit_info_2(svm);
3296
+
svm->sev_es.sw_scratch = kvm_ghcb_get_sw_scratch_if_valid(svm);
3322
3297
3323
3298
/* Clear the valid entries fields */
3324
3299
memset(ghcb->save.valid_bitmap, 0, sizeof(ghcb->save.valid_bitmap));
···
3333
3312
* Retrieve the exit code now even though it may not be marked valid
3334
3313
* as it could help with debugging.
3335
3314
*/
3336
-
exit_code = kvm_ghcb_get_sw_exit_code(control);
3315
+
exit_code = kvm_get_cached_sw_exit_code(control);
3337
3316
3338
3317
/* Only GHCB Usage code 0 is supported */
3339
3318
if (svm->sev_es.ghcb->ghcb_usage) {
···
3905
3884
/*
3906
3885
* Invoked as part of svm_vcpu_reset() processing of an init event.
3907
3886
*/
3908
-
void sev_snp_init_protected_guest_state(struct kvm_vcpu *vcpu)
3887
+
static void sev_snp_init_protected_guest_state(struct kvm_vcpu *vcpu)
3909
3888
{
3910
3889
struct vcpu_svm *svm = to_svm(vcpu);
3911
3890
struct kvm_memory_slot *slot;
3912
3891
struct page *page;
3913
3892
kvm_pfn_t pfn;
3914
3893
gfn_t gfn;
3915
-
3916
-
if (!sev_snp_guest(vcpu->kvm))
3917
-
return;
3918
3894
3919
3895
guard(mutex)(&svm->sev_es.snp_vmsa_mutex);
3920
3896
···
4338
4320
4339
4321
svm_vmgexit_success(svm, 0);
4340
4322
4341
-
exit_code = kvm_ghcb_get_sw_exit_code(control);
4323
+
exit_code = kvm_get_cached_sw_exit_code(control);
4342
4324
switch (exit_code) {
4343
4325
case SVM_VMGEXIT_MMIO_READ:
4344
4326
ret = setup_vmgexit_scratch(svm, true, control->exit_info_2);
···
4470
4452
!guest_cpu_cap_has(vcpu, X86_FEATURE_RDTSCP) &&
4471
4453
!guest_cpu_cap_has(vcpu, X86_FEATURE_RDPID));
4472
4454
4455
+
svm_set_intercept_for_msr(vcpu, MSR_AMD64_GUEST_TSC_FREQ, MSR_TYPE_R,
4456
+
!snp_is_secure_tsc_enabled(vcpu->kvm));
4457
+
4473
4458
/*
4474
4459
* For SEV-ES, accesses to MSR_IA32_XSS should not be intercepted if
4475
4460
* the host/guest supports its use.
···
4501
4480
vcpu->arch.reserved_gpa_bits &= ~(1UL << (best->ebx & 0x3f));
4502
4481
}
4503
4482
4504
-
static void sev_es_init_vmcb(struct vcpu_svm *svm)
4483
+
static void sev_es_init_vmcb(struct vcpu_svm *svm, bool init_event)
4505
4484
{
4506
4485
struct kvm_sev_info *sev = to_kvm_sev_info(svm->vcpu.kvm);
4507
4486
struct vmcb *vmcb = svm->vmcb01.ptr;
···
4562
4541
4563
4542
/* Can't intercept XSETBV, HV can't modify XCR0 directly */
4564
4543
svm_clr_intercept(svm, INTERCEPT_XSETBV);
4544
+
4545
+
/*
4546
+
* Set the GHCB MSR value as per the GHCB specification when emulating
4547
+
* vCPU RESET for an SEV-ES guest.
4548
+
*/
4549
+
if (!init_event)
4550
+
set_ghcb_msr(svm, GHCB_MSR_SEV_INFO((__u64)sev->ghcb_version,
4551
+
GHCB_VERSION_MIN,
4552
+
sev_enc_bit));
4565
4553
}
4566
4554
4567
-
void sev_init_vmcb(struct vcpu_svm *svm)
4555
+
void sev_init_vmcb(struct vcpu_svm *svm, bool init_event)
4568
4556
{
4557
+
struct kvm_vcpu *vcpu = &svm->vcpu;
4558
+
4569
4559
svm->vmcb->control.nested_ctl |= SVM_NESTED_CTL_SEV_ENABLE;
4570
4560
clr_exception_intercept(svm, UD_VECTOR);
4571
4561
···
4586
4554
*/
4587
4555
clr_exception_intercept(svm, GP_VECTOR);
4588
4556
4589
-
if (sev_es_guest(svm->vcpu.kvm))
4590
-
sev_es_init_vmcb(svm);
4557
+
if (init_event && sev_snp_guest(vcpu->kvm))
4558
+
sev_snp_init_protected_guest_state(vcpu);
4559
+
4560
+
if (sev_es_guest(vcpu->kvm))
4561
+
sev_es_init_vmcb(svm, init_event);
4591
4562
}
4592
4563
4593
-
void sev_es_vcpu_reset(struct vcpu_svm *svm)
4564
+
int sev_vcpu_create(struct kvm_vcpu *vcpu)
4594
4565
{
4595
-
struct kvm_vcpu *vcpu = &svm->vcpu;
4596
-
struct kvm_sev_info *sev = to_kvm_sev_info(vcpu->kvm);
4597
-
4598
-
/*
4599
-
* Set the GHCB MSR value as per the GHCB specification when emulating
4600
-
* vCPU RESET for an SEV-ES guest.
4601
-
*/
4602
-
set_ghcb_msr(svm, GHCB_MSR_SEV_INFO((__u64)sev->ghcb_version,
4603
-
GHCB_VERSION_MIN,
4604
-
sev_enc_bit));
4566
+
struct vcpu_svm *svm = to_svm(vcpu);
4567
+
struct page *vmsa_page;
4605
4568
4606
4569
mutex_init(&svm->sev_es.snp_vmsa_mutex);
4570
+
4571
+
if (!sev_es_guest(vcpu->kvm))
4572
+
return 0;
4573
+
4574
+
/*
4575
+
* SEV-ES guests require a separate (from the VMCB) VMSA page used to
4576
+
* contain the encrypted register state of the guest.
4577
+
*/
4578
+
vmsa_page = snp_safe_alloc_page();
4579
+
if (!vmsa_page)
4580
+
return -ENOMEM;
4581
+
4582
+
svm->sev_es.vmsa = page_address(vmsa_page);
4583
+
4584
+
vcpu->arch.guest_tsc_protected = snp_is_secure_tsc_enabled(vcpu->kvm);
4585
+
4586
+
return 0;
4607
4587
}
4608
4588
4609
4589
void sev_es_prepare_switch_to_guest(struct vcpu_svm *svm, struct sev_es_save_area *hostsa)
+10
-27
arch/x86/kvm/svm/svm.c
+10
-27
arch/x86/kvm/svm/svm.c
···
1083
1083
svm_recalc_msr_intercepts(vcpu);
1084
1084
}
1085
1085
1086
-
static void init_vmcb(struct kvm_vcpu *vcpu)
1086
+
static void init_vmcb(struct kvm_vcpu *vcpu, bool init_event)
1087
1087
{
1088
1088
struct vcpu_svm *svm = to_svm(vcpu);
1089
1089
struct vmcb *vmcb = svm->vmcb01.ptr;
···
1221
1221
svm_set_intercept(svm, INTERCEPT_BUSLOCK);
1222
1222
1223
1223
if (sev_guest(vcpu->kvm))
1224
-
sev_init_vmcb(svm);
1224
+
sev_init_vmcb(svm, init_event);
1225
1225
1226
1226
svm_hv_init_vmcb(vmcb);
1227
1227
···
1244
1244
1245
1245
svm->nmi_masked = false;
1246
1246
svm->awaiting_iret_completion = false;
1247
-
1248
-
if (sev_es_guest(vcpu->kvm))
1249
-
sev_es_vcpu_reset(svm);
1250
1247
}
1251
1248
1252
1249
static void svm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
···
1253
1256
svm->spec_ctrl = 0;
1254
1257
svm->virt_spec_ctrl = 0;
1255
1258
1256
-
if (init_event)
1257
-
sev_snp_init_protected_guest_state(vcpu);
1258
-
1259
-
init_vmcb(vcpu);
1259
+
init_vmcb(vcpu, init_event);
1260
1260
1261
1261
if (!init_event)
1262
1262
__svm_vcpu_reset(vcpu);
···
1269
1275
{
1270
1276
struct vcpu_svm *svm;
1271
1277
struct page *vmcb01_page;
1272
-
struct page *vmsa_page = NULL;
1273
1278
int err;
1274
1279
1275
1280
BUILD_BUG_ON(offsetof(struct vcpu_svm, vcpu) != 0);
···
1279
1286
if (!vmcb01_page)
1280
1287
goto out;
1281
1288
1282
-
if (sev_es_guest(vcpu->kvm)) {
1283
-
/*
1284
-
* SEV-ES guests require a separate VMSA page used to contain
1285
-
* the encrypted register state of the guest.
1286
-
*/
1287
-
vmsa_page = snp_safe_alloc_page();
1288
-
if (!vmsa_page)
1289
-
goto error_free_vmcb_page;
1290
-
}
1289
+
err = sev_vcpu_create(vcpu);
1290
+
if (err)
1291
+
goto error_free_vmcb_page;
1291
1292
1292
1293
err = avic_init_vcpu(svm);
1293
1294
if (err)
1294
-
goto error_free_vmsa_page;
1295
+
goto error_free_sev;
1295
1296
1296
1297
svm->msrpm = svm_vcpu_alloc_msrpm();
1297
1298
if (!svm->msrpm) {
1298
1299
err = -ENOMEM;
1299
-
goto error_free_vmsa_page;
1300
+
goto error_free_sev;
1300
1301
}
1301
1302
1302
1303
svm->x2avic_msrs_intercepted = true;
···
1299
1312
svm->vmcb01.pa = __sme_set(page_to_pfn(vmcb01_page) << PAGE_SHIFT);
1300
1313
svm_switch_vmcb(svm, &svm->vmcb01);
1301
1314
1302
-
if (vmsa_page)
1303
-
svm->sev_es.vmsa = page_address(vmsa_page);
1304
-
1305
1315
svm->guest_state_loaded = false;
1306
1316
1307
1317
return 0;
1308
1318
1309
-
error_free_vmsa_page:
1310
-
if (vmsa_page)
1311
-
__free_page(vmsa_page);
1319
+
error_free_sev:
1320
+
sev_free_vcpu(vcpu);
1312
1321
error_free_vmcb_page:
1313
1322
__free_page(vmcb01_page);
1314
1323
out:
+18
-14
arch/x86/kvm/svm/svm.h
+18
-14
arch/x86/kvm/svm/svm.h
···
826
826
/* sev.c */
827
827
828
828
int pre_sev_run(struct vcpu_svm *svm, int cpu);
829
-
void sev_init_vmcb(struct vcpu_svm *svm);
829
+
void sev_init_vmcb(struct vcpu_svm *svm, bool init_event);
830
830
void sev_vcpu_after_set_cpuid(struct vcpu_svm *svm);
831
831
int sev_es_string_io(struct vcpu_svm *svm, int size, unsigned int port, int in);
832
-
void sev_es_vcpu_reset(struct vcpu_svm *svm);
833
832
void sev_es_recalc_msr_intercepts(struct kvm_vcpu *vcpu);
834
833
void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector);
835
834
void sev_es_prepare_switch_to_guest(struct vcpu_svm *svm, struct sev_es_save_area *hostsa);
···
853
854
return snp_safe_alloc_page_node(numa_node_id(), GFP_KERNEL_ACCOUNT);
854
855
}
855
856
857
+
int sev_vcpu_create(struct kvm_vcpu *vcpu);
856
858
void sev_free_vcpu(struct kvm_vcpu *vcpu);
857
859
void sev_vm_destroy(struct kvm *kvm);
858
860
void __init sev_set_cpu_caps(void);
···
863
863
int sev_dev_get_attr(u32 group, u64 attr, u64 *val);
864
864
extern unsigned int max_sev_asid;
865
865
void sev_handle_rmp_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u64 error_code);
866
-
void sev_snp_init_protected_guest_state(struct kvm_vcpu *vcpu);
867
866
int sev_gmem_prepare(struct kvm *kvm, kvm_pfn_t pfn, gfn_t gfn, int max_order);
868
867
void sev_gmem_invalidate(kvm_pfn_t start, kvm_pfn_t end);
869
868
int sev_private_max_mapping_level(struct kvm *kvm, kvm_pfn_t pfn);
···
879
880
return snp_safe_alloc_page_node(numa_node_id(), GFP_KERNEL_ACCOUNT);
880
881
}
881
882
883
+
static inline int sev_vcpu_create(struct kvm_vcpu *vcpu) { return 0; }
882
884
static inline void sev_free_vcpu(struct kvm_vcpu *vcpu) {}
883
885
static inline void sev_vm_destroy(struct kvm *kvm) {}
884
886
static inline void __init sev_set_cpu_caps(void) {}
···
889
889
static inline int sev_dev_get_attr(u32 group, u64 attr, u64 *val) { return -ENXIO; }
890
890
#define max_sev_asid 0
891
891
static inline void sev_handle_rmp_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u64 error_code) {}
892
-
static inline void sev_snp_init_protected_guest_state(struct kvm_vcpu *vcpu) {}
893
892
static inline int sev_gmem_prepare(struct kvm *kvm, kvm_pfn_t pfn, gfn_t gfn, int max_order)
894
893
{
895
894
return 0;
···
913
914
void __svm_vcpu_run(struct vcpu_svm *svm, bool spec_ctrl_intercepted);
914
915
915
916
#define DEFINE_KVM_GHCB_ACCESSORS(field) \
916
-
static __always_inline bool kvm_ghcb_##field##_is_valid(const struct vcpu_svm *svm) \
917
-
{ \
918
-
return test_bit(GHCB_BITMAP_IDX(field), \
919
-
(unsigned long *)&svm->sev_es.valid_bitmap); \
920
-
} \
921
-
\
922
-
static __always_inline u64 kvm_ghcb_get_##field##_if_valid(struct vcpu_svm *svm, struct ghcb *ghcb) \
923
-
{ \
924
-
return kvm_ghcb_##field##_is_valid(svm) ? ghcb->save.field : 0; \
925
-
} \
917
+
static __always_inline u64 kvm_ghcb_get_##field(struct vcpu_svm *svm) \
918
+
{ \
919
+
return READ_ONCE(svm->sev_es.ghcb->save.field); \
920
+
} \
921
+
\
922
+
static __always_inline bool kvm_ghcb_##field##_is_valid(const struct vcpu_svm *svm) \
923
+
{ \
924
+
return test_bit(GHCB_BITMAP_IDX(field), \
925
+
(unsigned long *)&svm->sev_es.valid_bitmap); \
926
+
} \
927
+
\
928
+
static __always_inline u64 kvm_ghcb_get_##field##_if_valid(struct vcpu_svm *svm) \
929
+
{ \
930
+
return kvm_ghcb_##field##_is_valid(svm) ? kvm_ghcb_get_##field(svm) : 0; \
931
+
}
926
932
927
933
DEFINE_KVM_GHCB_ACCESSORS(cpl)
928
934
DEFINE_KVM_GHCB_ACCESSORS(rax)
+2
-1
arch/x86/kvm/x86.c
+2
-1
arch/x86/kvm/x86.c
···
1235
1235
}
1236
1236
#endif
1237
1237
1238
-
static int __kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr)
1238
+
int __kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr)
1239
1239
{
1240
1240
u64 xcr0 = xcr;
1241
1241
u64 old_xcr0 = vcpu->arch.xcr0;
···
1279
1279
vcpu->arch.cpuid_dynamic_bits_dirty = true;
1280
1280
return 0;
1281
1281
}
1282
+
EXPORT_SYMBOL_GPL(__kvm_set_xcr);
1282
1283
1283
1284
int kvm_emulate_xsetbv(struct kvm_vcpu *vcpu)
1284
1285
{