From nobody Tue Dec 16 03:21:35 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=vates.tech ARC-Seal: i=1; a=rsa-sha256; t=1747387930; cv=none; d=zohomail.com; s=zohoarc; b=Xf0QTaq4ldxIT7zknlk3fKbsMyQJVA7GGnQxWZg5oMrRnOGj/O1FX/rQdXoDsUkU6DXiy9My05b5QB1EtR/RXMoHZ5qlitN/VFp01YP5TbapSes8KdQO5otFbFs5nItVk2NSye7gtLIpyfBnzaOXFYDnNyo1dYiGrwLLKjy32Ag= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747387930; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=f70Avydbv7fxeXt+EdaNyvnxvCPINflZRbLz61xdssw=; b=kj3u9A7wViaVygN5jdYZNJfkVDDyt2kzP9v3VYgwdYSjWvpmzEBXJgPOTXqExXkVLn1rtaZHibAUlfGEg+5tVkrw+12WcI6GtchgXrpwWkDTacxvTZo9J7zli2SZmUAFj02X9zZ+YosqrWpT4g/027TOHCZwcxAFl+tG03tlDiw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747387930808505.21220570648234; Fri, 16 May 2025 02:32:10 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.986616.1372136 (Exim 4.92) (envelope-from ) id 1uFrPt-0007hg-9t; Fri, 16 May 2025 09:31:45 +0000 Received: by outflank-mailman (output) from mailman id 986616.1372136; Fri, 16 May 2025 09:31:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFrPt-0007hZ-6z; Fri, 16 May 2025 09:31:45 +0000 Received: by outflank-mailman (input) for mailman id 986616; Fri, 16 May 2025 09:31:44 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFrPr-0007hQ-Vn for xen-devel@lists.xenproject.org; Fri, 16 May 2025 09:31:44 +0000 Received: from mail133-28.atl131.mandrillapp.com (mail133-28.atl131.mandrillapp.com [198.2.133.28]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 90e034ba-3238-11f0-9ffb-bf95429c2676; Fri, 16 May 2025 11:31:38 +0200 (CEST) Received: from pmta13.mandrill.prod.atl01.rsglab.com (localhost [127.0.0.1]) by mail133-28.atl131.mandrillapp.com (Mailchimp) with ESMTP id 4ZzMKP0Rm0zMQxXYB for ; Fri, 16 May 2025 09:31:37 +0000 (GMT) Received: from [37.26.189.201] by mandrillapp.com id e905edda31bd41638873149f1747232e; Fri, 16 May 2025 09:31:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 90e034ba-3238-11f0-9ffb-bf95429c2676 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com; s=mte1; t=1747387897; x=1747657897; bh=f70Avydbv7fxeXt+EdaNyvnxvCPINflZRbLz61xdssw=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=FRv/5/OF+HVskBSUlGtONazTlE1SgrS8pXDk5rVIYNXuctnvk1YMT9gbrTAE9yTHA M7wmHX/IGRDPVLWuRGM+abmInGCZEvKwPVmdjUIn30PjbHtbYtdwegu3KuAgVC33Bd g5zwOXWjn/J1G6LiJuqRzYu4+hl6F1HcfUH/XWqlDRAb4cMdLuLs25yNap+e6cdI6T HlryXHfZ97pJ7L3cl3kANtTfC/e0iQS8/+O7006UBA5vW+E8Sm6BYqyaNYkLKtDAKE 2ekcVEmDGWy/44gUpDEYozBzF7A701sbZ+w8tYlaK8SiHzLeKO9WGrH5dvKb1hVoik HYA+tYVDXnKHg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vates.tech; s=mte1; t=1747387897; x=1747648397; i=teddy.astie@vates.tech; bh=f70Avydbv7fxeXt+EdaNyvnxvCPINflZRbLz61xdssw=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=yF4qbLCvoj7Ciung1VcGXxR3J8MIQ5HpfnTriJv5fdlrNaCxQQW66RsQUSI0yAJSv R8lc6sc92lKOCzqOwWszsinTA1QKFWcuCtEVpxcmMFuKGCbTAAyKINKaX4+sTK6fac EFBXupdh5TXoPjWeb7NoC5cAPaBeIcWA1YEeOjrzo1TMv5EaWm7fdbsVSyID4Rb39C by+OmNLImfq5EHJwp6sBn6KQIxWHgZPLb+YUNbt8kM65bDkgGWVCc7ctCHxcK7sxg+ YU3tL60p0w3sdHpkkYRHkaITN/iiwIsG3fx/yhnqpR3EcTT59PID9Q0xAplNshnXmo erYsnBALWiQew== From: "Teddy Astie" Subject: =?utf-8?Q?[RFC=20PATCH=2001/16]=20x86/msr:=20Introduce=20SYSCFG=5FMEM=5FENCRYPT=20MSR.?= X-Mailer: git-send-email 2.49.0 X-Bm-Disclaimer: Yes X-Bm-Milter-Handled: 4ffbd6c1-ee69-4e1b-aabd-f977039bd3e2 X-Bm-Transport-Timestamp: 1747387896147 To: xen-devel@lists.xenproject.org Cc: "Teddy Astie" , "Jan Beulich" , "Andrew Cooper" , "=?utf-8?Q?Roger=20Pau=20Monn=C3=A9?=" , "Andrei Semenov" Message-Id: <72dca4861d81ca418e244526babd48d511b9baa3.1747312394.git.teddy.astie@vates.tech> In-Reply-To: References: X-Native-Encoded: 1 X-Report-Abuse: =?UTF-8?Q?Please=20forward=20a=20copy=20of=20this=20message,=20including=20all=20headers,=20to=20abuse@mandrill.com.=20You=20can=20also=20report=20abuse=20here:=20https://mandrillapp.com/contact/abuse=3Fid=3D30504962.e905edda31bd41638873149f1747232e?= X-Mandrill-User: md_30504962 Feedback-ID: 30504962:30504962.20250516:md Date: Fri, 16 May 2025 09:31:36 +0000 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @mandrillapp.com) (identity teddy.astie@vates.tech) X-ZM-MESSAGEID: 1747387933005116600 Content-Type: text/plain; charset="utf-8" From: Andrei Semenov SYSCFG_MEM_ENCRYPT is the AMD SME MSR used to enable SME and AMD SEV. Signed-off-by: Andrei Semenov --- xen/arch/x86/include/asm/msr-index.h | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/as= m/msr-index.h index 22d9e76e55..7620c4cd2e 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -221,6 +221,7 @@ #define SYSCFG_MTRR_VAR_DRAM_EN (_AC(1, ULL) << 20) #define SYSCFG_MTRR_TOM2_EN (_AC(1, ULL) << 21) #define SYSCFG_TOM2_FORCE_WB (_AC(1, ULL) << 22) +#define SYSCFG_MEM_ENCRYPT (_AC(1, ULL) << 23) =20 #define MSR_K8_IORR_BASE0 _AC(0xc0010016, U) #define MSR_K8_IORR_MASK0 _AC(0xc0010017, U) --=20 2.49.0 Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech From nobody Tue Dec 16 03:21:35 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=vates.tech ARC-Seal: i=1; a=rsa-sha256; t=1747387944; cv=none; d=zohomail.com; s=zohoarc; b=bHdpXZC1aQFJslqRMWZAmboZ48Vkfy0Pk6XmgK+yERx+G85twVtKOysDztB66xGGIuB1RflQkPTtTbFfc9ywlu6fjrVgjf6JDUZdYnzc3RafM0cq1sHzTNAmpaYBtWP/9iztxuTBzNxOPFPpIsAyHqJmPLNzKI/tt4fby3XeUJk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747387944; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Bm3fwAmp4WAbuBybmOkVHtGEJRz6Fv9FQEpbNnQjujk=; b=PIcpDCRECv98QPGimh3sLK8zVHZ1wPHE+nHrw8fRe3qmqUYo8wzoSCrPhMDbJh8MlHmSsi0FnHTID8bErGF3RAd8TEW8mS12Ng9lgx4L3tP941hhrJIauHeV4P1DbmKjRuwCFpo8SNGp1RdF97oZKIOujMTshZa9FJfpb1brX4c= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747387944428757.4465760537173; Fri, 16 May 2025 02:32:24 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.986617.1372147 (Exim 4.92) (envelope-from ) id 1uFrPu-0007vL-Il; Fri, 16 May 2025 09:31:46 +0000 Received: by outflank-mailman (output) from mailman id 986617.1372147; Fri, 16 May 2025 09:31:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFrPu-0007vD-Du; Fri, 16 May 2025 09:31:46 +0000 Received: by outflank-mailman (input) for mailman id 986617; Fri, 16 May 2025 09:31:45 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFrPt-0007iv-MZ for xen-devel@lists.xenproject.org; Fri, 16 May 2025 09:31:45 +0000 Received: from mail133-28.atl131.mandrillapp.com (mail133-28.atl131.mandrillapp.com [198.2.133.28]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 94541256-3238-11f0-9eb6-5ba50f476ded; Fri, 16 May 2025 11:31:44 +0200 (CEST) Received: from pmta13.mandrill.prod.atl01.rsglab.com (localhost [127.0.0.1]) by mail133-28.atl131.mandrillapp.com (Mailchimp) with ESMTP id 4ZzMKP3MYszMQxXQJ for ; Fri, 16 May 2025 09:31:37 +0000 (GMT) Received: from [37.26.189.201] by mandrillapp.com id ff315deb4bd344d39271417cf5ae7a76; Fri, 16 May 2025 09:31:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 94541256-3238-11f0-9eb6-5ba50f476ded DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com; s=mte1; t=1747387897; x=1747657897; bh=Bm3fwAmp4WAbuBybmOkVHtGEJRz6Fv9FQEpbNnQjujk=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=1Gc0hXi6YayeadhiAlCyKeJLWh2XbM+glWXIDDxBW9wVcyWvL7PzQBZzvVO1XZwpd FL23g+zTG72IuyzKi8Woo8O1nKuCvU/569B2ne9CJaoKd75adM2kAMXckw0OMaHpo9 cdePv1QaI5fgDYBnnj/KS+iy6C9S2vBROGvDxb2KCNKSJUVk8FwgOE94GzYxy8k9x+ MVFFVtycWnh3vxtbDMZp0G7v9OIYPV0L7BPr9poymPmlcLMizOlV4pd5Y2SMxEFVnJ nT49qfa4s7LgtWqp4WVPM8n1IYePT5SP4egvikS0J7omD7vp8rIO9DFuaZ4wo8EDrT gSH+7y+Gl9+ow== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vates.tech; s=mte1; t=1747387897; x=1747648397; i=teddy.astie@vates.tech; bh=Bm3fwAmp4WAbuBybmOkVHtGEJRz6Fv9FQEpbNnQjujk=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=RAw6lC0xk7AIzin+hubuQg5zDWFx+wP+WCFQi4xWdPN9wQVQgm3Pi5aSY789FCQTz /G32elnJqJapnDKel/6uItODiq6PRgRv2QIHnubIHrNzTprARNqoSnAfrX04goK7ZZ cQIwOULtIFKg3W16iyu4eAcpulgde5EPTCNaRyZN4MnptBl/e2mXUnAQGkDX0D3ddK LogKQYkqX3Y5Am9LANp8l8OZEy7DsOWix+x7S5+pRzZdEjfymglXhD5zThAWpfbp1O JlX1E024o8OV8Bx+HVoO88Eh+Fd5X9Hr+1LlsDSECAntyLf6hUxoERFM7ftxjCJRNZ 5sUfV0+wO7VRQ== From: "Teddy Astie" Subject: =?utf-8?Q?[RFC=20PATCH=2002/16]=20x86/svm:=20Move=20svm=5Fdomain=20structure=20to=20svm.h?= X-Mailer: git-send-email 2.49.0 X-Bm-Disclaimer: Yes X-Bm-Milter-Handled: 4ffbd6c1-ee69-4e1b-aabd-f977039bd3e2 X-Bm-Transport-Timestamp: 1747387896340 To: xen-devel@lists.xenproject.org Cc: "Teddy Astie" , "Jan Beulich" , "Andrew Cooper" , "=?utf-8?Q?Roger=20Pau=20Monn=C3=A9?=" Message-Id: In-Reply-To: References: X-Native-Encoded: 1 X-Report-Abuse: =?UTF-8?Q?Please=20forward=20a=20copy=20of=20this=20message,=20including=20all=20headers,=20to=20abuse@mandrill.com.=20You=20can=20also=20report=20abuse=20here:=20https://mandrillapp.com/contact/abuse=3Fid=3D30504962.ff315deb4bd344d39271417cf5ae7a76?= X-Mandrill-User: md_30504962 Feedback-ID: 30504962:30504962.20250516:md Date: Fri, 16 May 2025 09:31:37 +0000 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity teddy.astie@vates.tech) (identity @mandrillapp.com) X-ZM-MESSAGEID: 1747387945077116600 Content-Type: text/plain; charset="utf-8" struct svm_domain was in vmcb.h which is meant for VMCB specific operations and values, move it to svm.h where it belongs. Signed-off-by: Teddy Astie --- xen/arch/x86/include/asm/hvm/domain.h | 1 + xen/arch/x86/include/asm/hvm/svm/svm.h | 11 +++++++++++ xen/arch/x86/include/asm/hvm/svm/vmcb.h | 11 ----------- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/include/asm/hvm/domain.h b/xen/arch/x86/include/a= sm/hvm/domain.h index 333501d5f2..2608bcfad2 100644 --- a/xen/arch/x86/include/asm/hvm/domain.h +++ b/xen/arch/x86/include/asm/hvm/domain.h @@ -16,6 +16,7 @@ #include #include #include +#include =20 #ifdef CONFIG_MEM_SHARING struct mem_sharing_domain diff --git a/xen/arch/x86/include/asm/hvm/svm/svm.h b/xen/arch/x86/include/= asm/hvm/svm/svm.h index 4eeeb25da9..32f6e48e30 100644 --- a/xen/arch/x86/include/asm/hvm/svm/svm.h +++ b/xen/arch/x86/include/asm/hvm/svm/svm.h @@ -21,6 +21,17 @@ bool svm_load_segs(unsigned int ldt_ents, unsigned long = ldt_base, unsigned long fs_base, unsigned long gs_base, unsigned long gs_shadow); =20 +struct svm_domain { + /* OSVW MSRs */ + union { + uint64_t raw[2]; + struct { + uint64_t length; + uint64_t status; + }; + } osvw; +}; + extern u32 svm_feature_flags; =20 #define SVM_FEATURE_NPT 0 /* Nested page table support */ diff --git a/xen/arch/x86/include/asm/hvm/svm/vmcb.h b/xen/arch/x86/include= /asm/hvm/svm/vmcb.h index 28f715e376..3d871b6135 100644 --- a/xen/arch/x86/include/asm/hvm/svm/vmcb.h +++ b/xen/arch/x86/include/asm/hvm/svm/vmcb.h @@ -548,17 +548,6 @@ struct vmcb_struct { u64 res18[291]; }; =20 -struct svm_domain { - /* OSVW MSRs */ - union { - uint64_t raw[2]; - struct { - uint64_t length; - uint64_t status; - }; - } osvw; -}; - /* * VMRUN doesn't switch fs/gs/tr/ldtr and SHADOWGS/SYSCALL/SYSENTER state. * Therefore, guest state is in the hardware registers when servicing a --=20 2.49.0 Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech From nobody Tue Dec 16 03:21:35 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=vates.tech ARC-Seal: i=1; a=rsa-sha256; t=1747387948; cv=none; d=zohomail.com; s=zohoarc; b=Qm8AZDTwG0mym3x/hYhQVLYfvj4Um9o+Y7Hq2bA8+F69AnJPcq0tSd442FZGs2ILWEQ2u6RhdbKyLU5/YnCPhAI2XHMqXl/BOpw8OSCjsYiL5Qv/plA9FeLfquKa6NlF4YQUy7lmVULZKdGpFvC9gQyTfLGeaLLOBMhawYLZ1nA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747387948; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Pu9DXVzNtDp7vBm0SeMKn1Apw+Y0YN30HfO50Yk2htE=; b=hspAQFG6oHe1Ue2KFC3QMDSsSz0di4WnmZzCMNbs5Qaz/aRwuW0C8eFMfZdglmu02z47JQLjlV2IFUxbuUTPiFnHyhHtKf2UNBiSkoCn38XLqp5U93gJpfIplettf/WUpdGB4iXIeN1PLOfKYoqJI6Uv6/CeMijFwwoN9NwKHyk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747387948176435.2454851798252; Fri, 16 May 2025 02:32:28 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.986619.1372166 (Exim 4.92) (envelope-from ) id 1uFrPw-0008Nh-V9; Fri, 16 May 2025 09:31:48 +0000 Received: by outflank-mailman (output) from mailman id 986619.1372166; Fri, 16 May 2025 09:31:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFrPw-0008NW-S7; Fri, 16 May 2025 09:31:48 +0000 Received: by outflank-mailman (input) for mailman id 986619; Fri, 16 May 2025 09:31:47 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFrPv-0007iv-CN for xen-devel@lists.xenproject.org; Fri, 16 May 2025 09:31:47 +0000 Received: from mail133-28.atl131.mandrillapp.com (mail133-28.atl131.mandrillapp.com [198.2.133.28]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 95c81fea-3238-11f0-9eb6-5ba50f476ded; Fri, 16 May 2025 11:31:46 +0200 (CEST) Received: from pmta13.mandrill.prod.atl01.rsglab.com (localhost [127.0.0.1]) by mail133-28.atl131.mandrillapp.com (Mailchimp) with ESMTP id 4ZzMKQ0z9JzMQxf5l for ; Fri, 16 May 2025 09:31:38 +0000 (GMT) Received: from [37.26.189.201] by mandrillapp.com id dc3866fe00dd4d1cb15f5f7e0a1d2dc4; Fri, 16 May 2025 09:31:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 95c81fea-3238-11f0-9eb6-5ba50f476ded DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com; s=mte1; t=1747387898; x=1747657898; bh=Pu9DXVzNtDp7vBm0SeMKn1Apw+Y0YN30HfO50Yk2htE=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=J/nNHdh2qp9sPkOvbrRg/IHWwj+kWKEeaS/iuBP18i/Otyn3yWK/Wbn5U+0OfImI3 D1xifpocdfuK61avf3HicCWyAb3t+up1exCbiRwggw+tflsPlGdfWzs3W2dZgryhqs TZjNZzKAxHCFXlssL3caV03s62eDOJxDuhUODK2ZDrTADnN88jd42OVPL6vAS7hYdZ uFXru8ytUsE++ExD1v7XuVwXOyUodgZRn5tNxmG06Z/KY3t5CcMcEP0S8OQnAgldLj hXsah7ld8jgmP4kHcZ71S4moVKJc6JtLW1DTGkklU2MLDsJc33ULlBg90ai9a1z0jj c/DMlMzOh3xjg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vates.tech; s=mte1; t=1747387898; x=1747648398; i=teddy.astie@vates.tech; bh=Pu9DXVzNtDp7vBm0SeMKn1Apw+Y0YN30HfO50Yk2htE=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=E6oc20jCZY9it3AXgPjsovD8HM6gjOfKj+LgN4h+JhBSLEN+erYSegBU1Nmb9R842 0gR1VS2S9+7OQxU+egl3eCurI6Jfia4HT4bb8VP4IXxZOpxEIB7QAH68Uj69W7irSe RsRhGk1FVyrEaOxhnjDAz31oIFaikUNuTosPR13tEFGmL5B8TRg60vKksOlBYcmALy 8z1nAVMGo9AZlsSbh5ThzsBDtdtj3YttlLdWDCkcc8Nrq0Idw1a3oi8w0kLraMgpE5 DmpYfInB+KPOth0mr7lYol6atWm7P3NEcExvx7bTb1HbrZgLA5fambEtPVC31RBw7I O96eR55C3FsEQ== From: "Teddy Astie" Subject: =?utf-8?Q?[RFC=20PATCH=2003/16]=20x86/hvm:=20Add=20support=20for=20physical=20address=20ABI?= X-Mailer: git-send-email 2.49.0 X-Bm-Disclaimer: Yes X-Bm-Milter-Handled: 4ffbd6c1-ee69-4e1b-aabd-f977039bd3e2 X-Bm-Transport-Timestamp: 1747387896927 To: xen-devel@lists.xenproject.org Cc: "Teddy Astie" , "Jan Beulich" , "Andrew Cooper" , "=?utf-8?Q?Roger=20Pau=20Monn=C3=A9?=" , "Anthony PERARD" , "Michal Orzel" , "Julien Grall" , "Stefano Stabellini" Message-Id: In-Reply-To: References: X-Native-Encoded: 1 X-Report-Abuse: =?UTF-8?Q?Please=20forward=20a=20copy=20of=20this=20message,=20including=20all=20headers,=20to=20abuse@mandrill.com.=20You=20can=20also=20report=20abuse=20here:=20https://mandrillapp.com/contact/abuse=3Fid=3D30504962.dc3866fe00dd4d1cb15f5f7e0a1d2dc4?= X-Mandrill-User: md_30504962 Feedback-ID: 30504962:30504962.20250516:md Date: Fri, 16 May 2025 09:31:38 +0000 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity teddy.astie@vates.tech) (identity @mandrillapp.com) X-ZM-MESSAGEID: 1747387951108116600 Content-Type: text/plain; charset="utf-8" Guest can tag their hypercalls with 0x40000000 in order to use this alternative ABI that uses physical addresses instead of linear ones. Signed-off-by: Teddy Astie --- This one is based on the "HVMv2 ABI" RFC, but reworked in a way that is more compatible with existing guest (guest need to opt-in abi for a specific hypercall). Andrew has some plans regarding making a better HVM ABI for that, but it is a first start for this RFC. --- xen/arch/x86/hvm/hvm.c | 17 ++++++++++++++--- xen/arch/x86/hvm/hypercall.c | 17 +++++++++++++---- xen/include/xen/sched.h | 2 ++ 3 files changed, 29 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 4cb2e13046..0e7c453b24 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -3497,7 +3497,11 @@ unsigned int copy_to_user_hvm(void *to, const void *= from, unsigned int len) return 0; } =20 - rc =3D hvm_copy_to_guest_linear((unsigned long)to, from, len, 0, NULL); + if ( evaluate_nospec(current->hcall_physaddr) ) + rc =3D hvm_copy_to_guest_phys((unsigned long)to, from, len, curren= t); + else + rc =3D hvm_copy_to_guest_linear((unsigned long)to, from, len, 0, N= ULL); + return rc ? len : 0; /* fake a copy_to_user() return code */ } =20 @@ -3511,7 +3515,10 @@ unsigned int clear_user_hvm(void *to, unsigned int l= en) return 0; } =20 - rc =3D hvm_copy_to_guest_linear((unsigned long)to, NULL, len, 0, NULL); + if ( evaluate_nospec(current->hcall_physaddr) ) + rc =3D hvm_copy_to_guest_phys((unsigned long)to, NULL, len, curren= t); + else + rc =3D hvm_copy_to_guest_linear((unsigned long)to, NULL, len, 0, N= ULL); =20 return rc ? len : 0; /* fake a clear_user() return code */ } @@ -3526,7 +3533,11 @@ unsigned int copy_from_user_hvm(void *to, const void= *from, unsigned int len) return 0; } =20 - rc =3D hvm_copy_from_guest_linear(to, (unsigned long)from, len, 0, NUL= L); + if ( evaluate_nospec(current->hcall_physaddr) ) + rc =3D hvm_copy_from_guest_phys(to, (unsigned long)from, len); + else + rc =3D hvm_copy_from_guest_linear(to, (unsigned long)from, len, 0,= NULL); + return rc ? len : 0; /* fake a copy_from_user() return code */ } =20 diff --git a/xen/arch/x86/hvm/hypercall.c b/xen/arch/x86/hvm/hypercall.c index 6f8dfdff4a..b891089cda 100644 --- a/xen/arch/x86/hvm/hypercall.c +++ b/xen/arch/x86/hvm/hypercall.c @@ -160,8 +160,13 @@ int hvm_hypercall(struct cpu_user_regs *regs) HVM_DBG_LOG(DBG_LEVEL_HCALL, "hcall%lu(%lx, %lx, %lx, %lx, %lx)", eax, regs->rdi, regs->rsi, regs->rdx, regs->r10, regs-= >r8); =20 - call_handlers_hvm64(eax, regs->rax, regs->rdi, regs->rsi, regs->rd= x, - regs->r10, regs->r8); + if ( eax & 0x40000000U ) + curr->hcall_physaddr =3D true; + + call_handlers_hvm64(eax & ~0x40000000U, regs->rax, regs->rdi, regs= ->rsi, + regs->rdx, regs->r10, regs->r8); + + curr->hcall_physaddr =3D false; =20 if ( !curr->hcall_preempted && regs->rax !=3D -ENOSYS ) clobber_regs(regs, eax, hvm, 64); @@ -172,9 +177,13 @@ int hvm_hypercall(struct cpu_user_regs *regs) regs->ebx, regs->ecx, regs->edx, regs->esi, regs->edi); =20 curr->hcall_compat =3D true; - call_handlers_hvm32(eax, regs->eax, regs->ebx, regs->ecx, regs->ed= x, - regs->esi, regs->edi); + if ( eax & 0x40000000U ) + curr->hcall_physaddr =3D true; + + call_handlers_hvm32(eax & ~0x40000000U, regs->eax, regs->ebx, regs= ->ecx, + regs->edx, regs->esi, regs->edi); curr->hcall_compat =3D false; + curr->hcall_physaddr =3D false; =20 if ( !curr->hcall_preempted && regs->eax !=3D -ENOSYS ) clobber_regs(regs, eax, hvm, 32); diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 559d201e0c..4ce9253284 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -240,6 +240,8 @@ struct vcpu bool hcall_compat; /* Physical runstate area registered via compat ABI? */ bool runstate_guest_area_compat; + /* A hypercall is using the physical address ABI? */ + bool hcall_physaddr; #endif =20 #ifdef CONFIG_IOREQ_SERVER --=20 2.49.0 Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech From nobody Tue Dec 16 03:21:35 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=vates.tech ARC-Seal: i=1; a=rsa-sha256; t=1747387934; cv=none; d=zohomail.com; s=zohoarc; b=NQ5hp9jgXFCte0oSmlAA9/4rgSy7C8R1BB/pEDEu0USNtzLvoHiak1mO7ZAkn98wm0Uz9xKJt2eGYWRvhwN/Ay4s/mjyTjHqzCZAD+qC74q8py2ZoWhTXzRlj4cVSSZUJWYs1Uc0iduaUdITKkk0w/9E1YI7RtdnkiZIgw4vipQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747387934; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=yEIj4vYbaqS4Y1WKd4I6vOFuJvvhA1ynFIt3vpuTIg0=; b=gi9axndwoi8pN6nuIWooWDzGKHKgcRMlxedLFVMp43I+iZTKYOONtmcpjEggIVGxLgHgnpOu5vWlW6VYahHuPhvPGQ4SWFls8CRgxNce/bVxesUTcxIKneIbwItMG3FHxPeJY6qn0qFn6rPpEdkZLuGojqq2U9f9hpduvtUpX+I= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747387934819204.87955886147245; Fri, 16 May 2025 02:32:14 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.986618.1372156 (Exim 4.92) (envelope-from ) id 1uFrPv-000896-Nd; Fri, 16 May 2025 09:31:47 +0000 Received: by outflank-mailman (output) from mailman id 986618.1372156; Fri, 16 May 2025 09:31:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFrPv-00088z-Kg; Fri, 16 May 2025 09:31:47 +0000 Received: by outflank-mailman (input) for mailman id 986618; Fri, 16 May 2025 09:31:46 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFrPu-0007iv-C5 for xen-devel@lists.xenproject.org; Fri, 16 May 2025 09:31:46 +0000 Received: from mail133-28.atl131.mandrillapp.com (mail133-28.atl131.mandrillapp.com [198.2.133.28]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 955402fb-3238-11f0-9eb6-5ba50f476ded; Fri, 16 May 2025 11:31:45 +0200 (CEST) Received: from pmta13.mandrill.prod.atl01.rsglab.com (localhost [127.0.0.1]) by mail133-28.atl131.mandrillapp.com (Mailchimp) with ESMTP id 4ZzMKQ0MMFzMQxdjF for ; Fri, 16 May 2025 09:31:38 +0000 (GMT) Received: from [37.26.189.201] by mandrillapp.com id 765e177ef22b48fc8d7dcece54076855; Fri, 16 May 2025 09:31:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 955402fb-3238-11f0-9eb6-5ba50f476ded DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com; s=mte1; t=1747387898; x=1747657898; bh=yEIj4vYbaqS4Y1WKd4I6vOFuJvvhA1ynFIt3vpuTIg0=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=uypxcY/kQP2Oej6nzc4EhhNRyNzUNO31XCilUP9I2f3Vew0ZJe1lPDrIIJMjfn4sv WfLw4mypDQ1KMK6CJ8jgWXFD5sr67Ww3ZaaCfyCG15fMvZL9UJvvoMmz+TBHJfv5D9 kO+X/1HkZCkXQ5RnNqJAxyBpLge9iZUpoVgkGh6DooOSg23TpLRXBLDoURXYhsKNXO DjzCP42l2zYin81l75ofZFG7h0zGUbh8fS3e9ThjVr2OaUEAEQiLHHYLfCDSDsicQ9 Iom79SpSXl128fdLuSlPBZkI52RWLzho2zgImsSfjT2mouHORo2H6GUGgJqWPrZsFt 1akqZMw5mYYvg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vates.tech; s=mte1; t=1747387898; x=1747648398; i=teddy.astie@vates.tech; bh=yEIj4vYbaqS4Y1WKd4I6vOFuJvvhA1ynFIt3vpuTIg0=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=vH7sVi9DcWiyQXD5rAK1LnKqQKB53q+nzchgrgzTpZpR+GEUhR0tSg8Kggko6MSGU ayuqNYQ6WoZv3AVek9oVBu8L8Ch11AUY0MRXW5ZQKLm5tyVLVObZd1V/UyOux3DL8W C+310DuIIKQ1xnOnPwtzD32lFmV//zXm8B1Si7RmTSqBeqGS7WzbUVWOq1WH1YYWLW gJox0eyqhDfJd8dLJRl/lW0R5gKG+C4sngKrvQ5lslAln+p2WIeLeyYXC0v9gWMXft 7HRNP5vAi/4S+dRcgBTS461bUZpjmBz/SF7M4YnV8RiVefYlcDLyk40AujHO3dZQMF Tl+zqdua+2uSQ== From: "Teddy Astie" Subject: =?utf-8?Q?[RFC=20PATCH=2004/16]=20x86/public:=20Expose=20physaddr=5Fabi=20through=20Xen=20HVM=20CPUID=20leaf?= X-Mailer: git-send-email 2.49.0 X-Bm-Disclaimer: Yes X-Bm-Milter-Handled: 4ffbd6c1-ee69-4e1b-aabd-f977039bd3e2 X-Bm-Transport-Timestamp: 1747387897112 To: xen-devel@lists.xenproject.org Cc: "Teddy Astie" , "Jan Beulich" , "Andrew Cooper" , "=?utf-8?Q?Roger=20Pau=20Monn=C3=A9?=" Message-Id: In-Reply-To: References: X-Native-Encoded: 1 X-Report-Abuse: =?UTF-8?Q?Please=20forward=20a=20copy=20of=20this=20message,=20including=20all=20headers,=20to=20abuse@mandrill.com.=20You=20can=20also=20report=20abuse=20here:=20https://mandrillapp.com/contact/abuse=3Fid=3D30504962.765e177ef22b48fc8d7dcece54076855?= X-Mandrill-User: md_30504962 Feedback-ID: 30504962:30504962.20250516:md Date: Fri, 16 May 2025 09:31:37 +0000 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @mandrillapp.com) (identity teddy.astie@vates.tech) X-ZM-MESSAGEID: 1747387936845116600 Content-Type: text/plain; charset="utf-8" Signed-off-by: Teddy Astie --- xen/arch/x86/cpuid.c | 2 ++ xen/include/public/arch-x86/cpuid.h | 2 ++ 2 files changed, 4 insertions(+) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index 8dc68945f7..e2d94619c2 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -153,6 +153,8 @@ static void cpuid_hypervisor_leaves(const struct vcpu *= v, uint32_t leaf, */ res->a |=3D XEN_HVM_CPUID_UPCALL_VECTOR; =20 + /* Indicate that guest can the physical addresses hypercall ABI. */ + res->a |=3D XEN_HVM_CPUID_PHYS_ADDR_ABI; break; =20 case 5: /* PV-specific parameters */ diff --git a/xen/include/public/arch-x86/cpuid.h b/xen/include/public/arch-= x86/cpuid.h index 3bb0dd249f..5405bf6fbd 100644 --- a/xen/include/public/arch-x86/cpuid.h +++ b/xen/include/public/arch-x86/cpuid.h @@ -106,6 +106,8 @@ * bound to event channels. */ #define XEN_HVM_CPUID_UPCALL_VECTOR (1u << 6) +/* Hypercalls can use physical addresses instead of linear ones. */ +#define XEN_HVM_CPUID_PHYS_ADDR_ABI (1u << 7) =20 /* * Leaf 6 (0x40000x05) --=20 2.49.0 Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech From nobody Tue Dec 16 03:21:35 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=vates.tech ARC-Seal: i=1; a=rsa-sha256; t=1747387941; cv=none; d=zohomail.com; s=zohoarc; b=BK2BHwRbW2yr9eotrgBnDMKOkkZOuN1/psmEmK59kum9q1AuwEky2znvwkniUNdibnldlGmst1FxwIESelSGCJKuYLJNSv7AfnkhFvCa5fwvOpOcoIGkoLt3LI/iwaV/Lcs+cVl4OModwozYKHTmxlfqfwvrDb0UxWxbrR8wRco= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747387941; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Oox53sOqqEj7n70xDwRKrmCV5uYcvtps8LZ1Ru6v/p8=; b=ST3UUonqHgdjDM7tvtmh4n1I6oA+bEleDpC/trJp9D3+RYgxZ832Zvre4eUoVOCU1sbkWbCIVEF71xsj25kiWRRrdvfeLGNmb8vj4E4ZnQOamTdx7Mh9g/ZYsC+hY4t+do1fS0zn7eCd4jR3PJNG1AV3N3zjgPNr3QvSz9sIKfU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747387940796148.882343177532; Fri, 16 May 2025 02:32:20 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.986622.1372197 (Exim 4.92) (envelope-from ) id 1uFrPz-0000cc-0n; Fri, 16 May 2025 09:31:51 +0000 Received: by outflank-mailman (output) from mailman id 986622.1372197; Fri, 16 May 2025 09:31:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFrPy-0000cD-RQ; Fri, 16 May 2025 09:31:50 +0000 Received: by outflank-mailman (input) for mailman id 986622; Fri, 16 May 2025 09:31:49 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFrPx-0007iv-Cq for xen-devel@lists.xenproject.org; Fri, 16 May 2025 09:31:49 +0000 Received: from mail133-28.atl131.mandrillapp.com (mail133-28.atl131.mandrillapp.com [198.2.133.28]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 968e0369-3238-11f0-9eb6-5ba50f476ded; Fri, 16 May 2025 11:31:47 +0200 (CEST) Received: from pmta13.mandrill.prod.atl01.rsglab.com (localhost [127.0.0.1]) by mail133-28.atl131.mandrillapp.com (Mailchimp) with ESMTP id 4ZzMKQ4KDyzMQxf5q for ; Fri, 16 May 2025 09:31:38 +0000 (GMT) Received: from [37.26.189.201] by mandrillapp.com id ae12c7e11c6b46ecaa70ec2e79b33b58; Fri, 16 May 2025 09:31:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 968e0369-3238-11f0-9eb6-5ba50f476ded DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com; s=mte1; t=1747387898; x=1747657898; bh=Oox53sOqqEj7n70xDwRKrmCV5uYcvtps8LZ1Ru6v/p8=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=KvBJB/Xd7dfLSXDq+onoyyhu9vlIpJ01RPlAMHpUkNrDLHO0da6s8DXedToNtqJpF edTWaKLH+gEtesih0q6wA4Y92cj6pRlwHphspzufgc0CZtU7n6YowIA3Kze6WQepZO 7AwOgQyu9pToah/qoWyKNhkEiS3JinE5ArVDRrxqIBM+aPoBUyVRJeSUA7uCx3MdGG WjdkoKAV1UQWXlfOZIEqOTOj0iGWQoAhPxyGptKsQchptwtC2G5dNkvqlWkl5kJJ85 A4E7X7/g+qQI61ogN1W44V/glYLNnOSQOba/4ukF3bI6nlEPd+TxtLWsuKSf9IdY6v y4XeMtPuyD66Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vates.tech; s=mte1; t=1747387898; x=1747648398; i=teddy.astie@vates.tech; bh=Oox53sOqqEj7n70xDwRKrmCV5uYcvtps8LZ1Ru6v/p8=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=FsyVngK12yS6ADyP2czz7V2rFvDLbGfkTScNlU2qUivy+qC53e6LuVfsuCc/dtZ4X D7sEw3lopvGxzjJWG6fVB5TZIfffKD/luCA2Sqn1i6GDLghUD5g7fZay+ACIt9hsvN rnE/wVw2i0nHKpfdV/qLSjDR+dGUy60Mh17yJ00hXDQf/5wj0RSG7SqVtD3cgzDF/r ioOvGv9ckejUdM2KKYL/fphQysef1kK+jzqR5sud5R3tAkORdLAq4yDzJrV8jV9YWb F589qN9X3Wy+K8s6WonyYInbQ1rvRnrbAPRgBy07d2xWnRVTFQTGoBc2OHljRIFcsg 1Jn+cWMX6w2Vg== From: "Teddy Astie" Subject: =?utf-8?Q?[RFC=20PATCH=2005/16]=20docs/x86:=20Document=20HVM=20Physical=20Addresss=20ABI?= X-Mailer: git-send-email 2.49.0 X-Bm-Disclaimer: Yes X-Bm-Milter-Handled: 4ffbd6c1-ee69-4e1b-aabd-f977039bd3e2 X-Bm-Transport-Timestamp: 1747387897417 To: xen-devel@lists.xenproject.org Cc: "Teddy Astie" , "Andrew Cooper" , "Anthony PERARD" , "Michal Orzel" , "Jan Beulich" , "Julien Grall" , "=?utf-8?Q?Roger=20Pau=20Monn=C3=A9?=" , "Stefano Stabellini" Message-Id: In-Reply-To: References: X-Native-Encoded: 1 X-Report-Abuse: =?UTF-8?Q?Please=20forward=20a=20copy=20of=20this=20message,=20including=20all=20headers,=20to=20abuse@mandrill.com.=20You=20can=20also=20report=20abuse=20here:=20https://mandrillapp.com/contact/abuse=3Fid=3D30504962.ae12c7e11c6b46ecaa70ec2e79b33b58?= X-Mandrill-User: md_30504962 Feedback-ID: 30504962:30504962.20250516:md Date: Fri, 16 May 2025 09:31:38 +0000 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @mandrillapp.com) (identity teddy.astie@vates.tech) X-ZM-MESSAGEID: 1747387942936116600 Content-Type: text/plain; charset="utf-8" Signed-off-by: Teddy Astie --- docs/guest-guide/x86/hypercall-abi.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/guest-guide/x86/hypercall-abi.rst b/docs/guest-guide/x86/= hypercall-abi.rst index e52ed453bc..710a02895b 100644 --- a/docs/guest-guide/x86/hypercall-abi.rst +++ b/docs/guest-guide/x86/hypercall-abi.rst @@ -35,6 +35,10 @@ The registers used for hypercalls depends on the operati= ng mode of the guest. HVM guest depends on whether the vCPU is operating in a 64bit segment or n= ot [#mode]_. =20 +If `XEN_HVM_CPUID_PHYS_ADDR_ABI` is supported, HVM guests can use a altern= ative +ABI where physical addresses are used for hypercall parameters instead of +linear addresses. This ABI can be used by tagging the hypercall index with +0x40000000. =20 Parameters ---------- --=20 2.49.0 Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech From nobody Tue Dec 16 03:21:35 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=vates.tech ARC-Seal: i=1; a=rsa-sha256; t=1747387932; cv=none; d=zohomail.com; s=zohoarc; b=exzMhdQjIG6NQ5+Pw8AYOYAAM9yU/H0o5MHi/TnhaG7YV4mKUUqOFDGCpXlXkZk6EfAmHZDN234Yhj5IYoZGPJPANrWrwL1pNS4+l9cFuUXY46/BRgHDcGFA5b8fjt5/0jsjBgc+z6c+/EH+30BvAhjLtFlFAPmWv1FIrStxmNY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747387932; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=iMtHB+smiJdOQ9laMMAKQ5QBEFSycIXeep/kGpJ45n8=; b=M9oKhmzcqVZB0xq4xHRLxtYrvWZ+HM3d/+RFuRDNjlC3AGk1actqqs4l7heQ51KeOd2SL4t4FBvtS2/tL9GqKunfH4/v/hubQqObPMCPxfIxkjm9NqjEpDR9vWDJOAJ5vPqu2/Y4l8GG7S2VdHMXvMHuJj5PTmoMVlShav2his8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 17473879328224.31163705523727; Fri, 16 May 2025 02:32:12 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.986621.1372181 (Exim 4.92) (envelope-from ) id 1uFrPx-00008Q-Rd; Fri, 16 May 2025 09:31:49 +0000 Received: by outflank-mailman (output) from mailman id 986621.1372181; Fri, 16 May 2025 09:31:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFrPx-00007Y-JH; Fri, 16 May 2025 09:31:49 +0000 Received: by outflank-mailman (input) for mailman id 986621; Fri, 16 May 2025 09:31:48 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFrPw-0007iv-Ca for xen-devel@lists.xenproject.org; Fri, 16 May 2025 09:31:48 +0000 Received: from mail133-28.atl131.mandrillapp.com (mail133-28.atl131.mandrillapp.com [198.2.133.28]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 962df48f-3238-11f0-9eb6-5ba50f476ded; Fri, 16 May 2025 11:31:46 +0200 (CEST) Received: from pmta13.mandrill.prod.atl01.rsglab.com (localhost [127.0.0.1]) by mail133-28.atl131.mandrillapp.com (Mailchimp) with ESMTP id 4ZzMKQ4409zMQxdhF for ; Fri, 16 May 2025 09:31:38 +0000 (GMT) Received: from [37.26.189.201] by mandrillapp.com id f0ae509aaf1c4bf3846e2e2ff59eca25; Fri, 16 May 2025 09:31:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 962df48f-3238-11f0-9eb6-5ba50f476ded DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com; s=mte1; t=1747387898; x=1747657898; bh=iMtHB+smiJdOQ9laMMAKQ5QBEFSycIXeep/kGpJ45n8=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=uoRmOpPM/u6zliOBEwflrIMPb6kr6kvAPf6jiQBWy6u4KRRuEWFnUqK3wy4JL+HuR WMbr3/iBZDaJ6sApqvWfI3T+GcFWB5DRWsiv19IzRHmpBqFiF+V+PlF+cfEMSvShZa Ty1CfuIK2W1ePpdNVVbXEp+a5qmzUxZmNFUerRvQPI71NjHcDZL49rbou8l7k16w3I N/faXzuTwSE6JgEqGWLphz0hLry6sAg6nOQJm8onJIX60wJJg/2jELwBif4j0mjZ0f C6GPd7siFqMI+CArNR2IegMp6bmyWvAem6V5mcbXg4kIqecoKI1WzoNQ3ePPwTMUsH C6hSBrAWW0+Ig== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vates.tech; s=mte1; t=1747387898; x=1747648398; i=teddy.astie@vates.tech; bh=iMtHB+smiJdOQ9laMMAKQ5QBEFSycIXeep/kGpJ45n8=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=BE8kb2VeB4bxMGNM7bH0/vjoAH5LhtRH1WJuogcWVAjSVVMgaKl8AuWi2JAs/2rkw Rtoy7yDvPbLwduHgfecCp3UsLHrV0P2bXbN1bJ/DSyf255UHEGzwtLaoAfSzExrRIV fyYSZoUN5y28egsMZwOKAGtcc84qw7IK8FhA47mJHARefJUEc9HX+DA5tIReYkPD0M TQIoTad1XhRpzDU/Z4YrJQv4vNVItlDGkACeAfUiZysctBJbMDto8taGO3E5YUUzlB KCYw8Lqr+JxL/Mye7xXfl8sAykMpVmEWQQrYwmcVBa99Lt7ERkLQe1q0HNTVzKD2PS Wb6K9oZLpwK1g== From: "Teddy Astie" Subject: =?utf-8?Q?[RFC=20PATCH=2006/16]=20vmx:=20Introduce=20vcpu=20single=20context=20VPID=20invalidation?= X-Mailer: git-send-email 2.49.0 X-Bm-Disclaimer: Yes X-Bm-Milter-Handled: 4ffbd6c1-ee69-4e1b-aabd-f977039bd3e2 X-Bm-Transport-Timestamp: 1747387897605 To: xen-devel@lists.xenproject.org Cc: "Teddy Astie" , "Jan Beulich" , "Andrew Cooper" , "=?utf-8?Q?Roger=20Pau=20Monn=C3=A9?=" Message-Id: <85727bf1e1df2feeba2af34aa3c7c951982121d6.1747312394.git.teddy.astie@vates.tech> In-Reply-To: References: X-Native-Encoded: 1 X-Report-Abuse: =?UTF-8?Q?Please=20forward=20a=20copy=20of=20this=20message,=20including=20all=20headers,=20to=20abuse@mandrill.com.=20You=20can=20also=20report=20abuse=20here:=20https://mandrillapp.com/contact/abuse=3Fid=3D30504962.f0ae509aaf1c4bf3846e2e2ff59eca25?= X-Mandrill-User: md_30504962 Feedback-ID: 30504962:30504962.20250516:md Date: Fri, 16 May 2025 09:31:38 +0000 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @mandrillapp.com) (identity teddy.astie@vates.tech) X-ZM-MESSAGEID: 1747387934790116600 Content-Type: text/plain; charset="utf-8" Introduce vpid_sync_vcpu_context to do a single-context invalidation on the vpid attached to the vcpu as a alternative to per-gva and all-context invlidations. Signed-off-by: Teddy Astie --- This will be used on Intel platforms for the ASID management rework. --- xen/arch/x86/include/asm/hvm/vmx/vmx.h | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmx.h b/xen/arch/x86/include/= asm/hvm/vmx/vmx.h index d85b52b9d5..a55a31b42d 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmx.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmx.h @@ -451,6 +451,27 @@ static inline void ept_sync_all(void) =20 void ept_sync_domain(struct p2m_domain *p2m); =20 +static inline void vpid_sync_vcpu_context(struct vcpu *v) +{ + int type =3D INVVPID_SINGLE_CONTEXT; + + /* + * If single context invalidation is not supported, we escalate to + * use all context invalidation. + */ + if ( likely(cpu_has_vmx_vpid_invvpid_single_context) ) + goto execute_invvpid; + + /* + * If single context invalidation is not supported, we escalate to + * use all context invalidation. + */ + type =3D INVVPID_ALL_CONTEXT; + +execute_invvpid: + __invvpid(type, v->arch.hvm.n1asid.asid, (u64)gva); +} + static inline void vpid_sync_vcpu_gva(struct vcpu *v, unsigned long gva) { int type =3D INVVPID_INDIVIDUAL_ADDR; --=20 2.49.0 Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech From nobody Tue Dec 16 03:21:35 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=vates.tech ARC-Seal: i=1; a=rsa-sha256; t=1747390989; cv=none; d=zohomail.com; s=zohoarc; b=hC7Dt8nwDk3fwGo4A3paIjUAOv74GtXvAqrWqJ0uOGvprdDtPFhU+F5s0JlVc7632rvVZGo9lmkjGONFJ+u8w0ZFPOf9QzyQ3sI76goJ0uyCgt6MaEVm2SkOSVKTjwsFSqW+k1qS7ad42lVsFUdBVtBh//KFZ3KV40DJNd+YT7Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747390989; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=+whoNgFeV0mthcIxVXin+w5q5c78yv2JPXRHflVP3O4=; b=ZFu2A4I3Yna15q+wU8E5ymOTzAg2Oj7L3fZ+2vjLxyPxdI7xsF/oqiZImHJwaM+w6pRr6tQ8EKax8FRmopNJMJ9Ua1Bg20RDP9/UeKPR+IjGXwBEgIj8je7ZLDrmCOfQ0hokl12XXsWAF2+tgwnTwnan8ErKsSzExsKtLCRjMn0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747390989297348.4042403375969; Fri, 16 May 2025 03:23:09 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.986806.1372319 (Exim 4.92) (envelope-from ) id 1uFsDD-0000QH-EZ; Fri, 16 May 2025 10:22:43 +0000 Received: by outflank-mailman (output) from mailman id 986806.1372319; Fri, 16 May 2025 10:22:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFsDD-0000QA-Be; Fri, 16 May 2025 10:22:43 +0000 Received: by outflank-mailman (input) for mailman id 986806; Fri, 16 May 2025 10:22:42 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFsDB-0000Q4-Mg for xen-devel@lists.xenproject.org; Fri, 16 May 2025 10:22:42 +0000 Received: from mail133-28.atl131.mandrillapp.com (mail133-28.atl131.mandrillapp.com [198.2.133.28]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id b16934bb-323f-11f0-9eb6-5ba50f476ded; Fri, 16 May 2025 12:22:39 +0200 (CEST) Received: from pmta13.mandrill.prod.atl01.rsglab.com (localhost [127.0.0.1]) by mail133-28.atl131.mandrillapp.com (Mailchimp) with ESMTP id 4ZzNSG0vkDzMQxhqx for ; Fri, 16 May 2025 10:22:38 +0000 (GMT) Received: from [37.26.189.201] by mandrillapp.com id 11ea96c549834e75beb56434593a40e2; Fri, 16 May 2025 10:22:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: b16934bb-323f-11f0-9eb6-5ba50f476ded DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com; s=mte1; t=1747390958; x=1747660958; bh=+whoNgFeV0mthcIxVXin+w5q5c78yv2JPXRHflVP3O4=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=DtptuGg/aRRLX8dpxHuFNwc2dtpevXwmsG0oyIWh5sAW61l9B2m5gXC7EHnOhLzem dU7JtdCKc9DMfyLVBqoLI0ltzCltSeYO8xcs7X6l/kLkPKlBM4/cv3n1QaAygbkW0K Un0+WaOatUUEdUs3a1B1xG4kdmgym3gaDqIGASBuYNfMvidQMvB7p9gVIhb1sxjpSg vDvpvSr9xN+pbgwXUn9so8qj1h5k7dA8zWJcD2NJzaCcZjtFyprfoP7qThEuvi/Z10 Exnm2bwx3wQsY4z2HY3j1TAQ1hAxuVQca/9Dz7XZ3SU6aLyP56PA6z/Kgffl3Xl7Uj XdfsCtJkOFIZQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vates.tech; s=mte1; t=1747390958; x=1747651458; i=teddy.astie@vates.tech; bh=+whoNgFeV0mthcIxVXin+w5q5c78yv2JPXRHflVP3O4=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=Jh6vaneGII+HSnbkaqjnrJ43Xw1nVj3ko0F2rlFGvqoZjDAJ5Xmz9tHZYsBiOd2mI z5D0QiMQg0ED0lP6UpY9hfZkn0JpDQfLOkroujDlnUQOv6zvKN23Eso/Uo8O4I9ybG u0pw6xELoLYHaLByUFd7TagsoOGEYgAO/TwmZbZib8hNmg9STjv3IImTBhEwszVDAU XiniWL0ym90y7fxHcw8UWxrAqhvpE5XUmJqo7yqU+tgqvc+n4DAKIcFZYyoIGEBQ5S rATQsN9HikN+zRycK1wAtfBp2Y0twDAxwtvwmfwyCakY0Z/qtvmvnHE2N3hbfwiMVD u2o/dUQsVGg4A== From: "Teddy Astie" Subject: =?utf-8?Q?[RFC=20PATCH=2007/16]=20x86/hvm:=20Introduce=20Xen-wide=20ASID=20allocator?= X-Mailer: git-send-email 2.49.0 X-Bm-Disclaimer: Yes X-Bm-Milter-Handled: 4ffbd6c1-ee69-4e1b-aabd-f977039bd3e2 X-Bm-Transport-Timestamp: 1747390956490 To: xen-devel@lists.xenproject.org Cc: "Teddy Astie" , "Jan Beulich" , "Andrew Cooper" , "=?utf-8?Q?Roger=20Pau=20Monn=C3=A9?=" , "Anthony PERARD" , "Michal Orzel" , "Julien Grall" , "Stefano Stabellini" , "Tim Deegan" , "Vaishali Thakkar" Message-Id: <9cdb3e67abd01390bcc4cd103ca539d6bf7adbc0.1747312394.git.teddy.astie@vates.tech> In-Reply-To: References: X-Native-Encoded: 1 X-Report-Abuse: =?UTF-8?Q?Please=20forward=20a=20copy=20of=20this=20message,=20including=20all=20headers,=20to=20abuse@mandrill.com.=20You=20can=20also=20report=20abuse=20here:=20https://mandrillapp.com/contact/abuse=3Fid=3D30504962.11ea96c549834e75beb56434593a40e2?= X-Mandrill-User: md_30504962 Feedback-ID: 30504962:30504962.20250516:md Date: Fri, 16 May 2025 10:22:38 +0000 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @mandrillapp.com) (identity teddy.astie@vates.tech) X-ZM-MESSAGEID: 1747390990861116600 Content-Type: text/plain; charset="utf-8" From: Vaishali Thakkar Currently ASID generation and management is done per-PCPU. This scheme is incompatible with SEV technologies as SEV VMs need to have a fixed ASID associated with all vcpus of the VM throughout it's lifetime. This commit introduces a Xen-wide allocator which initializes the asids at the start of xen and allows to have a fixed asids throughout the lifecycle of all domains. Having a fixed asid for non-SEV domains also presents us with the opportunity to further take use of AMD instructions like TLBSYNC and INVLPGB for broadcasting the TLB invalidations. Introduce vcpu->needs_tlb_flush attribute to schedule a guest TLB flush for the next VMRUN/VMENTER. This will be later be done using either TLB_CONTROL field (AMD) or INVEPT (Intel). This flush method is used in place of the current ASID swapping logic. Signed-off-by: Teddy Astie Signed-off-by: Vaishali Thakkar --- TODO: - Intel: Don't assign the VPID at each VMENTER, though we need to rethink how we manage VMCS with nested virtualization / altp2m for changing this behavior. - AMD: Consider hot-plug of CPU with ERRATA_170. (is it possible ?) - Consider cases where we don't have enough ASIDs (e.g Xen as nested guest) - Nested virtualization ASID management This patch currently breaks shadow paging, yet I haven't managed to diagnose exactly what is happening. Original changelog : Changes since v3: - Simplified asid bitmap management It is only called once per domain, so it doesn't need to have a complicated logic. - Drop hvm_asid_data structure which doesn't serve a purpose anymore. - Introduce and use vcpu->needs_tlb_flush to indicate that a guest TLB flush is needed before waking the vcpu. It is used to set TLB_CONTROL (AMD) field properly or make a appropriate invept (Intel). - Only assign ASID once (see TODO for Intel side) - Check the ERRATA_170 for each CPU present. - add asid_alloc_range() for allocating within a specific range (e.g SEV ASID ranges) Changes since v2: - Moved hvm_asid_domain_create to hvm_domain_initialise - Added __ro_after_init for bitmaps - Make hvm_asid_init unsigned int __init - Remove functions hvm_asid_flush_domain_asid and hvm_asid_flush_vcpu - Mark ASID 0 permenantly - Remove the irrelevant tracking of generation - Add hvm_domain_asid_destroy to avoid layering violation - Remove unnecessary fixups touching the same code - Add a logic to move asids from reclaim_bitmap->asid_bitmap - Misc styling fixes - remove unncessary trailing spaces/printks Changes since v1: - Introudce hvm_asid_bitmap as discussed at Xen-summit - Introduce hvm_reclaim_bitmap for reusing ASIDs - Assign the asid to the domain at the domain creation via hvm_asid_domain_create - Corrected the use of CPUID in the svm_asid_init function - Adjusted the code in nested virtualization related files to use new scheme. As discussed at the Xen-summit, this is not tested. - Addressed Jan's comments about using uniform style for accessing domains via v->domain - Allow to flush at the vcpu level in HAP code - Documented the sketch of implementation for the new scheme - Remove min_asid as for this patch, we are not demonstarting it's usecase - Arrange includes in multiple files as per Jan's feedback --- xen/arch/x86/flushtlb.c | 7 +- xen/arch/x86/hvm/asid.c | 170 +++++++++++-------------- xen/arch/x86/hvm/emulate.c | 2 +- xen/arch/x86/hvm/hvm.c | 14 +- xen/arch/x86/hvm/nestedhvm.c | 7 +- xen/arch/x86/hvm/svm/asid.c | 77 +++++++---- xen/arch/x86/hvm/svm/nestedsvm.c | 2 +- xen/arch/x86/hvm/svm/svm.c | 37 +++--- xen/arch/x86/hvm/svm/svm.h | 4 - xen/arch/x86/hvm/vmx/vmcs.c | 6 +- xen/arch/x86/hvm/vmx/vmx.c | 68 +++++----- xen/arch/x86/hvm/vmx/vvmx.c | 5 +- xen/arch/x86/include/asm/hvm/asid.h | 26 ++-- xen/arch/x86/include/asm/hvm/domain.h | 1 + xen/arch/x86/include/asm/hvm/hvm.h | 15 +-- xen/arch/x86/include/asm/hvm/svm/svm.h | 5 + xen/arch/x86/include/asm/hvm/vcpu.h | 10 +- xen/arch/x86/include/asm/hvm/vmx/vmx.h | 8 +- xen/arch/x86/mm/hap/hap.c | 7 +- xen/arch/x86/mm/p2m.c | 7 +- xen/arch/x86/mm/paging.c | 2 +- xen/arch/x86/mm/shadow/hvm.c | 1 + xen/arch/x86/mm/shadow/multi.c | 1 + xen/include/xen/sched.h | 2 + 24 files changed, 238 insertions(+), 246 deletions(-) diff --git a/xen/arch/x86/flushtlb.c b/xen/arch/x86/flushtlb.c index 1e0011d5b1..9cae828b34 100644 --- a/xen/arch/x86/flushtlb.c +++ b/xen/arch/x86/flushtlb.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include #include @@ -124,7 +125,6 @@ void switch_cr3_cr4(unsigned long cr3, unsigned long cr= 4) =20 if ( tlb_clk_enabled ) t =3D pre_flush(); - hvm_flush_guest_tlbs(); =20 old_cr4 =3D read_cr4(); ASSERT(!(old_cr4 & X86_CR4_PCIDE) || !(old_cr4 & X86_CR4_PGE)); @@ -229,8 +229,9 @@ unsigned int flush_area_local(const void *va, unsigned = int flags) do_tlb_flush(); } =20 - if ( flags & FLUSH_HVM_ASID_CORE ) - hvm_flush_guest_tlbs(); + //if ( flags & FLUSH_HVM_ASID_CORE ) + // // Needed ? + // hvm_flush_tlb(NULL); =20 if ( flags & FLUSH_CACHE ) { diff --git a/xen/arch/x86/hvm/asid.c b/xen/arch/x86/hvm/asid.c index 8d27b7dba1..91f8e44210 100644 --- a/xen/arch/x86/hvm/asid.c +++ b/xen/arch/x86/hvm/asid.c @@ -8,133 +8,107 @@ #include #include #include -#include -#include -#include +#include +#include + #include +#include =20 /* Xen command-line option to enable ASIDs */ static bool __read_mostly opt_asid_enabled =3D true; boolean_param("asid", opt_asid_enabled); =20 +bool __read_mostly asid_enabled =3D false; +static unsigned long __ro_after_init *asid_bitmap; +static unsigned long __ro_after_init asid_count; +static DEFINE_SPINLOCK(asid_lock); + /* - * ASIDs partition the physical TLB. In the current implementation ASIDs = are - * introduced to reduce the number of TLB flushes. Each time the guest's - * virtual address space changes (e.g. due to an INVLPG, MOV-TO-{CR3, CR4} - * operation), instead of flushing the TLB, a new ASID is assigned. This - * reduces the number of TLB flushes to at most 1/#ASIDs. The biggest - * advantage is that hot parts of the hypervisor's code and data retain in - * the TLB. - * * Sketch of the Implementation: - * - * ASIDs are a CPU-local resource. As preemption of ASIDs is not possible, - * ASIDs are assigned in a round-robin scheme. To minimize the overhead of - * ASID invalidation, at the time of a TLB flush, ASIDs are tagged with a - * 64-bit generation. Only on a generation overflow the code needs to - * invalidate all ASID information stored at the VCPUs with are run on the - * specific physical processor. This overflow appears after about 2^80 - * host processor cycles, so we do not optimize this case, but simply disa= ble - * ASID useage to retain correctness. + * ASIDs are assigned uniquely per domain and doesn't change during + * the lifecycle of the domain. Once vcpus are initialized and are up, + * we assign the same ASID to all vcpus of that domain at the first VMRUN. + * In order to process a TLB flush on a vcpu, we set needs_tlb_flush + * to schedule a TLB flush for the next VMRUN (e.g using tlb control field + * of VMCB). */ =20 -/* Per-CPU ASID management. */ -struct hvm_asid_data { - uint64_t core_asid_generation; - uint32_t next_asid; - uint32_t max_asid; - bool disabled; -}; - -static DEFINE_PER_CPU(struct hvm_asid_data, hvm_asid_data); - -void hvm_asid_init(int nasids) +int __init hvm_asid_init(unsigned long nasids) { - static int8_t g_disabled =3D -1; - struct hvm_asid_data *data =3D &this_cpu(hvm_asid_data); + ASSERT(nasids); =20 - data->max_asid =3D nasids - 1; - data->disabled =3D !opt_asid_enabled || (nasids <=3D 1); - - if ( g_disabled !=3D data->disabled ) - { - printk("HVM: ASIDs %sabled.\n", data->disabled ? "dis" : "en"); - if ( g_disabled < 0 ) - g_disabled =3D data->disabled; - } + asid_count =3D nasids; + asid_enabled =3D opt_asid_enabled || (nasids <=3D 1); =20 - /* Zero indicates 'invalid generation', so we start the count at one. = */ - data->core_asid_generation =3D 1; + asid_bitmap =3D xvzalloc_array(unsigned long, BITS_TO_LONGS(asid_count= )); + if ( !asid_bitmap ) + return -ENOMEM; =20 - /* Zero indicates 'ASIDs disabled', so we start the count at one. */ - data->next_asid =3D 1; -} + printk("HVM: ASIDs %sabled (count=3D%lu)\n", asid_enabled ? "en" : "di= s", asid_count); =20 -void hvm_asid_flush_vcpu_asid(struct hvm_vcpu_asid *asid) -{ - write_atomic(&asid->generation, 0); -} + /* ASID 0 is reserved, mark it as permanently used */ + set_bit(0, asid_bitmap); =20 -void hvm_asid_flush_vcpu(struct vcpu *v) -{ - hvm_asid_flush_vcpu_asid(&v->arch.hvm.n1asid); - hvm_asid_flush_vcpu_asid(&vcpu_nestedhvm(v).nv_n2asid); + return 0; } =20 -void hvm_asid_flush_core(void) +int hvm_asid_alloc(struct hvm_asid *asid) { - struct hvm_asid_data *data =3D &this_cpu(hvm_asid_data); + unsigned long new_asid; + =20 + if ( !asid_enabled ) + { + asid->asid =3D 1; + return 0; + } =20 - if ( data->disabled ) - return; + spin_lock(&asid_lock); + new_asid =3D find_first_zero_bit(asid_bitmap, asid_count); + if ( new_asid > asid_count ) + return -ENOSPC; =20 - if ( likely(++data->core_asid_generation !=3D 0) ) - return; + set_bit(new_asid, asid_bitmap); =20 - /* - * ASID generations are 64 bit. Overflow of generations never happens. - * For safety, we simply disable ASIDs, so correctness is established;= it - * only runs a bit slower. - */ - printk("HVM: ASID generation overrun. Disabling ASIDs.\n"); - data->disabled =3D 1; + asid->asid =3D new_asid; + spin_unlock(&asid_lock); + return 0; } =20 -bool hvm_asid_handle_vmenter(struct hvm_vcpu_asid *asid) +int hvm_asid_alloc_range(struct hvm_asid *asid, unsigned long min, unsigne= d long max) { - struct hvm_asid_data *data =3D &this_cpu(hvm_asid_data); - - /* On erratum #170 systems we must flush the TLB.=20 - * Generation overruns are taken here, too. */ - if ( data->disabled ) - goto disabled; - - /* Test if VCPU has valid ASID. */ - if ( read_atomic(&asid->generation) =3D=3D data->core_asid_generation ) - return 0; + unsigned long new_asid; + =20 + if ( WARN_ON(min >=3D asid_count) ) + return -EINVAL; + =20 + if ( !asid_enabled ) + return -EOPNOTSUPP; + + spin_lock(&asid_lock); + new_asid =3D find_next_zero_bit(asid_bitmap, asid_count, min); + if ( new_asid > max || new_asid > asid_count ) + return -ENOSPC; + + set_bit(new_asid, asid_bitmap); + + asid->asid =3D new_asid; + spin_unlock(&asid_lock); + return 0; +} =20 - /* If there are no free ASIDs, need to go to a new generation */ - if ( unlikely(data->next_asid > data->max_asid) ) - { - hvm_asid_flush_core(); - data->next_asid =3D 1; - if ( data->disabled ) - goto disabled; - } +void hvm_asid_free(struct hvm_asid *asid) +{ + ASSERT( asid->asid ); =20 - /* Now guaranteed to be a free ASID. */ - asid->asid =3D data->next_asid++; - write_atomic(&asid->generation, data->core_asid_generation); + if ( !asid_enabled ) + return; =20 - /* - * When we assign ASID 1, flush all TLB entries as we are starting a n= ew - * generation, and all old ASID allocations are now stale.=20 - */ - return (asid->asid =3D=3D 1); + ASSERT( asid->asid < asid_count ); =20 - disabled: - asid->asid =3D 0; - return 0; + spin_lock(&asid_lock); + WARN_ON(!test_bit(asid->asid, asid_bitmap)); + clear_bit(asid->asid, asid_bitmap); + spin_unlock(&asid_lock); } =20 /* diff --git a/xen/arch/x86/hvm/emulate.c b/xen/arch/x86/hvm/emulate.c index 91f004d233..6ed8e03475 100644 --- a/xen/arch/x86/hvm/emulate.c +++ b/xen/arch/x86/hvm/emulate.c @@ -2666,7 +2666,7 @@ static int cf_check hvmemul_tlb_op( case x86emul_invpcid: if ( x86emul_invpcid_type(aux) !=3D X86_INVPCID_INDIV_ADDR ) { - hvm_asid_flush_vcpu(current); + current->needs_tlb_flush =3D true; break; } aux =3D x86emul_invpcid_pcid(aux); diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 0e7c453b24..625ae2098b 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -702,6 +702,10 @@ int hvm_domain_initialise(struct domain *d, if ( rc ) goto fail2; =20 + rc =3D hvm_asid_alloc(&d->arch.hvm.asid); + if ( rc ) + goto fail2; + rc =3D alternative_call(hvm_funcs.domain_initialise, d); if ( rc !=3D 0 ) goto fail2; @@ -782,8 +786,9 @@ void hvm_domain_destroy(struct domain *d) list_del(&ioport->list); xfree(ioport); } - + hvm_asid_free(&d->arch.hvm.asid); destroy_vpci_mmcfg(d); + } =20 static int cf_check hvm_save_tsc_adjust(struct vcpu *v, hvm_domain_context= _t *h) @@ -1603,7 +1608,7 @@ int hvm_vcpu_initialise(struct vcpu *v) int rc; struct domain *d =3D v->domain; =20 - hvm_asid_flush_vcpu(v); + v->needs_tlb_flush =3D true; =20 spin_lock_init(&v->arch.hvm.tm_lock); INIT_LIST_HEAD(&v->arch.hvm.tm_list); @@ -4145,6 +4150,11 @@ static void hvm_s3_resume(struct domain *d) } } =20 +int hvm_flush_tlb(const unsigned long *vcpu_bitmap) +{ + return current->domain->arch.paging.flush_tlb(vcpu_bitmap); +} + static int hvmop_flush_tlb_all(void) { if ( !is_hvm_domain(current->domain) ) diff --git a/xen/arch/x86/hvm/nestedhvm.c b/xen/arch/x86/hvm/nestedhvm.c index bddd77d810..61e866b771 100644 --- a/xen/arch/x86/hvm/nestedhvm.c +++ b/xen/arch/x86/hvm/nestedhvm.c @@ -12,6 +12,7 @@ #include #include /* for local_event_delivery_(en|dis)able */ #include /* for paging_mode_hap() */ +#include =20 static unsigned long *shadow_io_bitmap[3]; =20 @@ -36,13 +37,11 @@ nestedhvm_vcpu_reset(struct vcpu *v) hvm_unmap_guest_frame(nv->nv_vvmcx, 1); nv->nv_vvmcx =3D NULL; nv->nv_vvmcxaddr =3D INVALID_PADDR; - nv->nv_flushp2m =3D 0; + nv->nv_flushp2m =3D true; nv->nv_p2m =3D NULL; nv->stale_np2m =3D false; nv->np2m_generation =3D 0; =20 - hvm_asid_flush_vcpu_asid(&nv->nv_n2asid); - alternative_vcall(hvm_funcs.nhvm_vcpu_reset, v); =20 /* vcpu is in host mode */ @@ -86,7 +85,7 @@ static void cf_check nestedhvm_flushtlb_ipi(void *info) * This is cheaper than flush_tlb_local() and has * the same desired effect. */ - hvm_asid_flush_core(); + WARN_ON(hvm_flush_tlb(NULL)); vcpu_nestedhvm(v).nv_p2m =3D NULL; vcpu_nestedhvm(v).stale_np2m =3D true; } diff --git a/xen/arch/x86/hvm/svm/asid.c b/xen/arch/x86/hvm/svm/asid.c index 7977a8e86b..1b6def4a4c 100644 --- a/xen/arch/x86/hvm/svm/asid.c +++ b/xen/arch/x86/hvm/svm/asid.c @@ -1,56 +1,77 @@ /* SPDX-License-Identifier: GPL-2.0-only */ /* - * asid.c: handling ASIDs in SVM. + * asid.c: handling ASIDs/VPIDs. * Copyright (c) 2007, Advanced Micro Devices, Inc. */ =20 +#include + #include #include #include +#include +#include =20 #include "svm.h" =20 -void svm_asid_init(const struct cpuinfo_x86 *c) +void __init svm_asid_init(void) { - int nasids =3D 0; + unsigned int cpu; + int nasids =3D cpuid_ebx(0x8000000aU); + + if ( !nasids ) + nasids =3D 1; =20 - /* Check for erratum #170, and leave ASIDs disabled if it's present. */ - if ( !cpu_has_amd_erratum(c, AMD_ERRATUM_170) ) - nasids =3D cpuid_ebx(0x8000000aU); + for_each_present_cpu(cpu) + { + /* Check for erratum #170, and leave ASIDs disabled if it's presen= t. */ + if ( cpu_has_amd_erratum(&cpu_data[cpu], AMD_ERRATUM_170) ) + { + printk(XENLOG_WARNING "Disabling ASID due to errata 170 on CPU= %u\n", cpu); + nasids =3D 1; + } + } =20 - hvm_asid_init(nasids); + BUG_ON(hvm_asid_init(nasids)); } =20 /* - * Called directly before VMRUN. Checks if the VCPU needs a new ASID, - * assigns it, and if required, issues required TLB flushes. + * Called directly at the first VMRUN/VMENTER of a vcpu to assign the ASID= /VPID. */ -void svm_asid_handle_vmrun(void) +void svm_vcpu_assign_asid(struct vcpu *v) { - struct vcpu *curr =3D current; - struct vmcb_struct *vmcb =3D curr->arch.hvm.svm.vmcb; - struct hvm_vcpu_asid *p_asid =3D - nestedhvm_vcpu_in_guestmode(curr) - ? &vcpu_nestedhvm(curr).nv_n2asid : &curr->arch.hvm.n1asid; - bool need_flush =3D hvm_asid_handle_vmenter(p_asid); - - /* ASID 0 indicates that ASIDs are disabled. */ - if ( p_asid->asid =3D=3D 0 ) - { - vmcb_set_asid(vmcb, true); - vmcb->tlb_control =3D - cpu_has_svm_flushbyasid ? TLB_CTRL_FLUSH_ASID : TLB_CTRL_FLUSH= _ALL; - return; - } + struct vmcb_struct *vmcb =3D v->arch.hvm.svm.vmcb; + struct hvm_asid *p_asid =3D &v->domain->arch.hvm.asid; + + ASSERT(p_asid->asid); =20 - if ( vmcb_get_asid(vmcb) !=3D p_asid->asid ) - vmcb_set_asid(vmcb, p_asid->asid); + /* In case ASIDs are disabled, as ASID =3D 0 is reserved, guest can us= e 1 instead. */ + vmcb_set_asid(vmcb, asid_enabled ? p_asid->asid : 1); +} + +/* Call to make a TLB flush at the next VMRUN. */ +void svm_vcpu_set_tlb_control(struct vcpu *v) +{ + struct vmcb_struct *vmcb =3D v->arch.hvm.svm.vmcb; + =20 + /* + * If the vcpu is already running, the tlb control flag may not be + * processed and will be cleared at the next VMEXIT, which will undo + * what we are trying to do. + */ + WARN_ON(v !=3D current && v->is_running); =20 vmcb->tlb_control =3D - !need_flush ? TLB_CTRL_NO_FLUSH : cpu_has_svm_flushbyasid ? TLB_CTRL_FLUSH_ASID : TLB_CTRL_FLUSH_ALL; } =20 +void svm_vcpu_clear_tlb_control(struct vcpu *v) +{ + struct vmcb_struct *vmcb =3D v->arch.hvm.svm.vmcb; + + vmcb->tlb_control =3D TLB_CTRL_NO_FLUSH; +} + /* * Local variables: * mode: C diff --git a/xen/arch/x86/hvm/svm/nestedsvm.c b/xen/arch/x86/hvm/svm/nested= svm.c index dc2b6a4253..6e5dc2624f 100644 --- a/xen/arch/x86/hvm/svm/nestedsvm.c +++ b/xen/arch/x86/hvm/svm/nestedsvm.c @@ -5,6 +5,7 @@ * */ =20 +#include #include #include #include @@ -699,7 +700,6 @@ nsvm_vcpu_vmentry(struct vcpu *v, struct cpu_user_regs = *regs, if ( svm->ns_asid !=3D vmcb_get_asid(ns_vmcb)) { nv->nv_flushp2m =3D 1; - hvm_asid_flush_vcpu_asid(&vcpu_nestedhvm(v).nv_n2asid); svm->ns_asid =3D vmcb_get_asid(ns_vmcb); } =20 diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index e33a38c1e4..cc19d80fe1 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -183,14 +184,17 @@ static void cf_check svm_update_guest_cr( if ( !nestedhvm_enabled(v->domain) ) { if ( !(flags & HVM_UPDATE_GUEST_CR3_NOFLUSH) ) - hvm_asid_flush_vcpu(v); + v->needs_tlb_flush =3D true; } else if ( nestedhvm_vmswitch_in_progress(v) ) ; /* CR3 switches during VMRUN/VMEXIT do not flush the TLB. */ else if ( !(flags & HVM_UPDATE_GUEST_CR3_NOFLUSH) ) - hvm_asid_flush_vcpu_asid( - nestedhvm_vcpu_in_guestmode(v) - ? &vcpu_nestedhvm(v).nv_n2asid : &v->arch.hvm.n1asid); + { + if (nestedhvm_vcpu_in_guestmode(v)) + vcpu_nestedhvm(v).nv_flushp2m =3D true; + else + v->needs_tlb_flush =3D true; + } break; case 4: value =3D HVM_CR4_HOST_MASK; @@ -991,8 +995,7 @@ static void noreturn cf_check svm_do_resume(void) v->arch.hvm.svm.launch_core =3D smp_processor_id(); hvm_migrate_timers(v); hvm_migrate_pirqs(v); - /* Migrating to another ASID domain. Request a new ASID. */ - hvm_asid_flush_vcpu(v); + v->needs_tlb_flush =3D true; } =20 if ( !vcpu_guestmode && !vlapic_hw_disabled(vlapic) ) @@ -1019,13 +1022,14 @@ void asmlinkage svm_vmenter_helper(void) =20 ASSERT(hvmemul_cache_disabled(curr)); =20 - svm_asid_handle_vmrun(); - TRACE_TIME(TRC_HVM_VMENTRY | (nestedhvm_vcpu_in_guestmode(curr) ? TRC_HVM_NESTEDFLAG : 0= )); =20 svm_sync_vmcb(curr, vmcb_needs_vmsave); =20 + if ( test_and_clear_bool(curr->needs_tlb_flush) ) + svm_vcpu_set_tlb_control(curr); + vmcb->rax =3D regs->rax; vmcb->rip =3D regs->rip; vmcb->rsp =3D regs->rsp; @@ -1146,6 +1150,8 @@ static int cf_check svm_vcpu_initialise(struct vcpu *= v) return rc; } =20 + svm_vcpu_assign_asid(v); + return 0; } =20 @@ -1572,9 +1578,6 @@ static int _svm_cpu_up(bool bsp) /* check for erratum 383 */ svm_init_erratum_383(c); =20 - /* Initialize core's ASID handling. */ - svm_asid_init(c); - /* Initialize OSVW bits to be used by guests */ svm_host_osvw_init(); =20 @@ -2338,7 +2341,7 @@ static void svm_invlpga_intercept( { svm_invlpga(linear, (asid =3D=3D 0) - ? v->arch.hvm.n1asid.asid + ? v->domain->arch.hvm.asid.asid : vcpu_nestedhvm(v).nv_n2asid.asid); } =20 @@ -2360,8 +2363,8 @@ static bool cf_check is_invlpg( =20 static void cf_check svm_invlpg(struct vcpu *v, unsigned long linear) { - /* Safe fallback. Take a new ASID. */ - hvm_asid_flush_vcpu(v); + /* Schedule a tlb flush on the VCPU. */ + v->needs_tlb_flush =3D true; } =20 static bool cf_check svm_get_pending_event( @@ -2528,6 +2531,8 @@ const struct hvm_function_table * __init start_svm(vo= id) svm_function_table.caps.hap_superpage_2mb =3D true; svm_function_table.caps.hap_superpage_1gb =3D cpu_has_page1gb; =20 + svm_asid_init(); + return &svm_function_table; } =20 @@ -2584,6 +2589,8 @@ void asmlinkage svm_vmexit_handler(void) (vlapic_get_reg(vlapic, APIC_TASKPRI) & 0x0F)); } =20 + svm_vcpu_clear_tlb_control(v); + exit_reason =3D vmcb->exitcode; =20 if ( hvm_long_mode_active(v) ) @@ -2659,7 +2666,7 @@ void asmlinkage svm_vmexit_handler(void) } } =20 - if ( unlikely(exit_reason =3D=3D VMEXIT_INVALID) ) + if ( unlikely(exit_reason =3D=3D VMEXIT_INVALID || exit_reason =3D=3D = (uint32_t)VMEXIT_INVALID) ) { gdprintk(XENLOG_ERR, "invalid VMCB state:\n"); svm_vmcb_dump(__func__, vmcb); diff --git a/xen/arch/x86/hvm/svm/svm.h b/xen/arch/x86/hvm/svm/svm.h index f5b0312d2d..92145c6d7b 100644 --- a/xen/arch/x86/hvm/svm/svm.h +++ b/xen/arch/x86/hvm/svm/svm.h @@ -12,12 +12,8 @@ #include =20 struct cpu_user_regs; -struct cpuinfo_x86; struct vcpu; =20 -void svm_asid_init(const struct cpuinfo_x86 *c); -void svm_asid_handle_vmrun(void); - unsigned long *svm_msrbit(unsigned long *msr_bitmap, uint32_t msr); void __update_guest_eip(struct cpu_user_regs *regs, unsigned int inst_len); =20 diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index a44475ae15..b8a28e2cf8 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include @@ -759,8 +760,6 @@ static int _vmx_cpu_up(bool bsp) =20 this_cpu(vmxon) =3D 1; =20 - hvm_asid_init(cpu_has_vmx_vpid ? (1u << VMCS_VPID_WIDTH) : 0); - if ( cpu_has_vmx_ept ) ept_sync_all(); =20 @@ -1941,7 +1940,7 @@ void cf_check vmx_do_resume(void) */ v->arch.hvm.vmx.hostenv_migrated =3D 1; =20 - hvm_asid_flush_vcpu(v); + v->needs_tlb_flush =3D true; } =20 debug_state =3D v->domain->debugger_attached @@ -2154,7 +2153,6 @@ void vmcs_dump_vcpu(struct vcpu *v) (SECONDARY_EXEC_ENABLE_VPID | SECONDARY_EXEC_ENABLE_VM_FUNCTIONS)= ) printk("Virtual processor ID =3D 0x%04x VMfunc controls =3D %016lx= \n", vmr16(VIRTUAL_PROCESSOR_ID), vmr(VM_FUNCTION_CONTROL)); - vmx_vmcs_exit(v); } =20 diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 827db6bdd8..8859ec4b38 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -37,6 +37,7 @@ #include #include #include +#include #include #include #include @@ -824,6 +825,18 @@ static void cf_check vmx_cpuid_policy_changed(struct v= cpu *v) vmx_update_secondary_exec_control(v); } =20 + if ( asid_enabled ) + { + v->arch.hvm.vmx.secondary_exec_control |=3D SECONDARY_EXEC_ENABLE_= VPID; + vmx_update_secondary_exec_control(v); + } + else + { + v->arch.hvm.vmx.secondary_exec_control &=3D ~SECONDARY_EXEC_ENABLE= _VPID; + vmx_update_secondary_exec_control(v); + } + + /* * We can safely pass MSR_SPEC_CTRL through to the guest, even if STIBP * isn't enumerated in hardware, as SPEC_CTRL_STIBP is ignored. @@ -1477,7 +1490,7 @@ static void cf_check vmx_handle_cd(struct vcpu *v, un= signed long value) vmx_set_msr_intercept(v, MSR_IA32_CR_PAT, VMX_MSR_RW); =20 wbinvd(); /* flush possibly polluted cache */ - hvm_asid_flush_vcpu(v); /* invalidate memory type cached in TL= B */ + v->needs_tlb_flush =3D true; /* invalidate memory type cached = in TLB */ v->arch.hvm.cache_mode =3D NO_FILL_CACHE_MODE; } else @@ -1486,7 +1499,7 @@ static void cf_check vmx_handle_cd(struct vcpu *v, un= signed long value) vmx_set_guest_pat(v, *pat); if ( !is_iommu_enabled(v->domain) || iommu_snoop ) vmx_clear_msr_intercept(v, MSR_IA32_CR_PAT, VMX_MSR_RW); - hvm_asid_flush_vcpu(v); /* no need to flush cache */ + v->needs_tlb_flush =3D true; } } } @@ -1847,7 +1860,7 @@ static void cf_check vmx_update_guest_cr( __vmwrite(GUEST_CR3, v->arch.hvm.hw_cr[3]); =20 if ( !(flags & HVM_UPDATE_GUEST_CR3_NOFLUSH) ) - hvm_asid_flush_vcpu(v); + v->needs_tlb_flush =3D true; break; =20 default: @@ -3128,6 +3141,8 @@ const struct hvm_function_table * __init start_vmx(vo= id) lbr_tsx_fixup_check(); ler_to_fixup_check(); =20 + BUG_ON(hvm_asid_init(cpu_has_vmx_vpid ? (1u << VMCS_VPID_WIDTH) : 1)); + return &vmx_function_table; } =20 @@ -4901,9 +4916,7 @@ bool asmlinkage vmx_vmenter_helper(const struct cpu_u= ser_regs *regs) { struct vcpu *curr =3D current; struct domain *currd =3D curr->domain; - u32 new_asid, old_asid; - struct hvm_vcpu_asid *p_asid; - bool need_flush; + struct hvm_asid *p_asid; =20 ASSERT(hvmemul_cache_disabled(curr)); =20 @@ -4914,38 +4927,14 @@ bool asmlinkage vmx_vmenter_helper(const struct cpu= _user_regs *regs) if ( curr->domain->arch.hvm.pi_ops.vcpu_block ) vmx_pi_do_resume(curr); =20 - if ( !cpu_has_vmx_vpid ) + if ( !asid_enabled ) goto out; if ( nestedhvm_vcpu_in_guestmode(curr) ) p_asid =3D &vcpu_nestedhvm(curr).nv_n2asid; else - p_asid =3D &curr->arch.hvm.n1asid; - - old_asid =3D p_asid->asid; - need_flush =3D hvm_asid_handle_vmenter(p_asid); - new_asid =3D p_asid->asid; - - if ( unlikely(new_asid !=3D old_asid) ) - { - __vmwrite(VIRTUAL_PROCESSOR_ID, new_asid); - if ( !old_asid && new_asid ) - { - /* VPID was disabled: now enabled. */ - curr->arch.hvm.vmx.secondary_exec_control |=3D - SECONDARY_EXEC_ENABLE_VPID; - vmx_update_secondary_exec_control(curr); - } - else if ( old_asid && !new_asid ) - { - /* VPID was enabled: now disabled. */ - curr->arch.hvm.vmx.secondary_exec_control &=3D - ~SECONDARY_EXEC_ENABLE_VPID; - vmx_update_secondary_exec_control(curr); - } - } + p_asid =3D &currd->arch.hvm.asid; =20 - if ( unlikely(need_flush) ) - vpid_sync_all(); + __vmwrite(VIRTUAL_PROCESSOR_ID, p_asid->asid); =20 if ( paging_mode_hap(curr->domain) ) { @@ -4954,12 +4943,18 @@ bool asmlinkage vmx_vmenter_helper(const struct cpu= _user_regs *regs) unsigned int inv =3D 0; /* None =3D> Single =3D> All */ struct ept_data *single =3D NULL; /* Single eptp, iff inv =3D=3D 1= */ =20 + if ( test_and_clear_bool(curr->needs_tlb_flush) ) + { + inv =3D 1; + single =3D ept; + } + if ( cpumask_test_cpu(cpu, ept->invalidate) ) { cpumask_clear_cpu(cpu, ept->invalidate); =20 /* Automatically invalidate all contexts if nested. */ - inv +=3D 1 + nestedhvm_enabled(currd); + inv =3D 1 + nestedhvm_enabled(currd); single =3D ept; } =20 @@ -4986,6 +4981,11 @@ bool asmlinkage vmx_vmenter_helper(const struct cpu_= user_regs *regs) __invept(inv =3D=3D 1 ? INVEPT_SINGLE_CONTEXT : INVEPT_ALL_CON= TEXT, inv =3D=3D 1 ? single->eptp : 0); } + else /* Shadow paging */ + { + if ( test_and_clear_bool(curr->needs_tlb_flush) ) + vpid_sync_vcpu_context(curr); + } =20 out: if ( unlikely(curr->arch.hvm.vmx.lbr_flags & LBR_FIXUP_MASK) ) diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c index ceb5e5a322..fa84ee4e8f 100644 --- a/xen/arch/x86/hvm/vmx/vvmx.c +++ b/xen/arch/x86/hvm/vmx/vvmx.c @@ -12,6 +12,7 @@ =20 #include #include +#include #include #include #include @@ -1254,7 +1255,7 @@ static void virtual_vmentry(struct cpu_user_regs *reg= s) =20 if ( nvmx->guest_vpid !=3D new_vpid ) { - hvm_asid_flush_vcpu_asid(&vcpu_nestedhvm(v).nv_n2asid); + v->needs_tlb_flush =3D true; nvmx->guest_vpid =3D new_vpid; } } @@ -2055,7 +2056,7 @@ static int nvmx_handle_invvpid(struct cpu_user_regs *= regs) case INVVPID_INDIVIDUAL_ADDR: case INVVPID_SINGLE_CONTEXT: case INVVPID_ALL_CONTEXT: - hvm_asid_flush_vcpu_asid(&vcpu_nestedhvm(current).nv_n2asid); + hvm_flush_tlb(NULL); break; default: vmfail(regs, VMX_INSN_INVEPT_INVVPID_INVALID_OP); diff --git a/xen/arch/x86/include/asm/hvm/asid.h b/xen/arch/x86/include/asm= /hvm/asid.h index 17c58353d1..13ea357f70 100644 --- a/xen/arch/x86/include/asm/hvm/asid.h +++ b/xen/arch/x86/include/asm/hvm/asid.h @@ -8,25 +8,21 @@ #ifndef __ASM_X86_HVM_ASID_H__ #define __ASM_X86_HVM_ASID_H__ =20 +#include +#include =20 -struct vcpu; -struct hvm_vcpu_asid; +struct hvm_asid { + uint32_t asid; +}; =20 -/* Initialise ASID management for the current physical CPU. */ -void hvm_asid_init(int nasids); +extern bool asid_enabled; =20 -/* Invalidate a particular ASID allocation: forces re-allocation. */ -void hvm_asid_flush_vcpu_asid(struct hvm_vcpu_asid *asid); +/* Initialise ASID management distributed across all CPUs. */ +int hvm_asid_init(unsigned long nasids); =20 -/* Invalidate all ASID allocations for specified VCPU: forces re-allocatio= n. */ -void hvm_asid_flush_vcpu(struct vcpu *v); - -/* Flush all ASIDs on this processor core. */ -void hvm_asid_flush_core(void); - -/* Called before entry to guest context. Checks ASID allocation, returns a - * boolean indicating whether all ASIDs must be flushed. */ -bool hvm_asid_handle_vmenter(struct hvm_vcpu_asid *asid); +int hvm_asid_alloc(struct hvm_asid *asid); +int hvm_asid_alloc_range(struct hvm_asid *asid, unsigned long min, unsigne= d long max); +void hvm_asid_free(struct hvm_asid *asid); =20 #endif /* __ASM_X86_HVM_ASID_H__ */ =20 diff --git a/xen/arch/x86/include/asm/hvm/domain.h b/xen/arch/x86/include/a= sm/hvm/domain.h index 2608bcfad2..5fb37d342b 100644 --- a/xen/arch/x86/include/asm/hvm/domain.h +++ b/xen/arch/x86/include/asm/hvm/domain.h @@ -141,6 +141,7 @@ struct hvm_domain { } write_map; =20 struct hvm_pi_ops pi_ops; + struct hvm_asid asid; =20 union { struct vmx_domain vmx; diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/= hvm/hvm.h index bf8bc2e100..7af111cb39 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -268,6 +268,8 @@ int hvm_domain_initialise(struct domain *d, void hvm_domain_relinquish_resources(struct domain *d); void hvm_domain_destroy(struct domain *d); =20 +int hvm_flush_tlb(const unsigned long *vcpu_bitmap); + int hvm_vcpu_initialise(struct vcpu *v); void hvm_vcpu_destroy(struct vcpu *v); void hvm_vcpu_down(struct vcpu *v); @@ -483,17 +485,6 @@ static inline void hvm_set_tsc_offset(struct vcpu *v, = uint64_t offset, alternative_vcall(hvm_funcs.set_tsc_offset, v, offset, at_tsc); } =20 -/* - * Called to ensure than all guest-specific mappings in a tagged TLB are=20 - * flushed; does *not* flush Xen's TLB entries, and on processors without = a=20 - * tagged TLB it will be a noop. - */ -static inline void hvm_flush_guest_tlbs(void) -{ - if ( hvm_enabled ) - hvm_asid_flush_core(); -} - static inline unsigned int hvm_get_cpl(struct vcpu *v) { @@ -881,8 +872,6 @@ static inline int hvm_cpu_up(void) =20 static inline void hvm_cpu_down(void) {} =20 -static inline void hvm_flush_guest_tlbs(void) {} - static inline void hvm_invlpg(const struct vcpu *v, unsigned long linear) { ASSERT_UNREACHABLE(); diff --git a/xen/arch/x86/include/asm/hvm/svm/svm.h b/xen/arch/x86/include/= asm/hvm/svm/svm.h index 32f6e48e30..1254e5f3ee 100644 --- a/xen/arch/x86/include/asm/hvm/svm/svm.h +++ b/xen/arch/x86/include/asm/hvm/svm/svm.h @@ -9,6 +9,11 @@ #ifndef __ASM_X86_HVM_SVM_H__ #define __ASM_X86_HVM_SVM_H__ =20 +void svm_asid_init(void); +void svm_vcpu_assign_asid(struct vcpu *v); +void svm_vcpu_set_tlb_control(struct vcpu *v); +void svm_vcpu_clear_tlb_control(struct vcpu *v); + /* * PV context switch helpers. Prefetching the VMCB area itself has been s= hown * to be useful for performance. diff --git a/xen/arch/x86/include/asm/hvm/vcpu.h b/xen/arch/x86/include/asm= /hvm/vcpu.h index 196fed6d5d..960bea6734 100644 --- a/xen/arch/x86/include/asm/hvm/vcpu.h +++ b/xen/arch/x86/include/asm/hvm/vcpu.h @@ -9,6 +9,7 @@ #define __ASM_X86_HVM_VCPU_H__ =20 #include +#include #include #include #include @@ -17,11 +18,6 @@ #include #include =20 -struct hvm_vcpu_asid { - uint64_t generation; - uint32_t asid; -}; - struct hvm_vcpu_io { /* * HVM emulation: @@ -79,7 +75,7 @@ struct nestedvcpu { bool stale_np2m; /* True when p2m_base in VMCx02 is no longer valid */ uint64_t np2m_generation; =20 - struct hvm_vcpu_asid nv_n2asid; + struct hvm_asid nv_n2asid; =20 bool nv_vmentry_pending; bool nv_vmexit_pending; @@ -141,8 +137,6 @@ struct hvm_vcpu { /* (MFN) hypervisor page table */ pagetable_t monitor_table; =20 - struct hvm_vcpu_asid n1asid; - u64 msr_tsc_adjust; =20 union { diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmx.h b/xen/arch/x86/include/= asm/hvm/vmx/vmx.h index a55a31b42d..cae3613a61 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmx.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmx.h @@ -462,14 +462,10 @@ static inline void vpid_sync_vcpu_context(struct vcpu= *v) if ( likely(cpu_has_vmx_vpid_invvpid_single_context) ) goto execute_invvpid; =20 - /* - * If single context invalidation is not supported, we escalate to - * use all context invalidation. - */ type =3D INVVPID_ALL_CONTEXT; =20 execute_invvpid: - __invvpid(type, v->arch.hvm.n1asid.asid, (u64)gva); + __invvpid(type, v->domain->arch.hvm.asid.asid, 0); } =20 static inline void vpid_sync_vcpu_gva(struct vcpu *v, unsigned long gva) @@ -493,7 +489,7 @@ static inline void vpid_sync_vcpu_gva(struct vcpu *v, u= nsigned long gva) type =3D INVVPID_ALL_CONTEXT; =20 execute_invvpid: - __invvpid(type, v->arch.hvm.n1asid.asid, (u64)gva); + __invvpid(type, v->domain->arch.hvm.asid.asid, (u64)gva); } =20 static inline void vpid_sync_all(void) diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c index ec5043a8aa..cf7ca1702a 100644 --- a/xen/arch/x86/mm/hap/hap.c +++ b/xen/arch/x86/mm/hap/hap.c @@ -27,6 +27,7 @@ #include #include #include +#include #include #include =20 @@ -739,7 +740,7 @@ static bool cf_check flush_tlb(const unsigned long *vcp= u_bitmap) if ( !flush_vcpu(v, vcpu_bitmap) ) continue; =20 - hvm_asid_flush_vcpu(v); + v->needs_tlb_flush =3D true; =20 cpu =3D read_atomic(&v->dirty_cpu); if ( cpu !=3D this_cpu && is_vcpu_dirty_cpu(cpu) && v->is_running ) @@ -748,9 +749,7 @@ static bool cf_check flush_tlb(const unsigned long *vcp= u_bitmap) =20 /* * Trigger a vmexit on all pCPUs with dirty vCPU state in order to for= ce an - * ASID/VPID change and hence accomplish a guest TLB flush. Note that = vCPUs - * not currently running will already be flushed when scheduled becaus= e of - * the ASID tickle done in the loop above. + * ASID/VPID flush and hence accomplish a guest TLB flush. */ on_selected_cpus(mask, NULL, NULL, 0); =20 diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 3a39b5d124..04b41cee12 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include @@ -1405,7 +1406,7 @@ p2m_flush(struct vcpu *v, struct p2m_domain *p2m) ASSERT(v->domain =3D=3D p2m->domain); vcpu_nestedhvm(v).nv_p2m =3D NULL; p2m_flush_table(p2m); - hvm_asid_flush_vcpu(v); + v->needs_tlb_flush =3D true; } =20 void @@ -1464,7 +1465,7 @@ static void assign_np2m(struct vcpu *v, struct p2m_do= main *p2m) =20 static void nvcpu_flush(struct vcpu *v) { - hvm_asid_flush_vcpu(v); + v->needs_tlb_flush =3D true; vcpu_nestedhvm(v).stale_np2m =3D true; } =20 @@ -1584,7 +1585,7 @@ void np2m_schedule(int dir) if ( !np2m_valid ) { /* This vCPU's np2m was flushed while it was not runnable = */ - hvm_asid_flush_core(); + curr->needs_tlb_flush =3D true; /* TODO: Is it ok ? */ vcpu_nestedhvm(curr).nv_p2m =3D NULL; } else diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c index c77f4c1dac..26b6ce9e9b 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -964,7 +964,7 @@ void paging_update_nestedmode(struct vcpu *v) else /* TODO: shadow-on-shadow */ v->arch.paging.nestedmode =3D NULL; - hvm_asid_flush_vcpu(v); + v->needs_tlb_flush =3D true; } =20 int __init paging_set_allocation(struct domain *d, unsigned int pages, diff --git a/xen/arch/x86/mm/shadow/hvm.c b/xen/arch/x86/mm/shadow/hvm.c index 114957a3e1..f98591f976 100644 --- a/xen/arch/x86/mm/shadow/hvm.c +++ b/xen/arch/x86/mm/shadow/hvm.c @@ -737,6 +737,7 @@ bool cf_check shadow_flush_tlb(const unsigned long *vcp= u_bitmap) continue; =20 paging_update_cr3(v, false); + v->needs_tlb_flush =3D true; =20 cpu =3D read_atomic(&v->dirty_cpu); if ( is_vcpu_dirty_cpu(cpu) ) diff --git a/xen/arch/x86/mm/shadow/multi.c b/xen/arch/x86/mm/shadow/multi.c index 7be9c180ec..0e2865286e 100644 --- a/xen/arch/x86/mm/shadow/multi.c +++ b/xen/arch/x86/mm/shadow/multi.c @@ -3144,6 +3144,7 @@ sh_update_linear_entries(struct vcpu *v) * without this change, it would fetch the wrong value due to a stale = TLB. */ sh_flush_local(d); + v->needs_tlb_flush =3D true; } =20 static pagetable_t cf_check sh_update_cr3(struct vcpu *v, bool noflush) diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 4ce9253284..f2f5a98534 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -228,6 +228,8 @@ struct vcpu bool defer_shutdown; /* VCPU is paused following shutdown request (d->is_shutting_down)? */ bool paused_for_shutdown; + /* VCPU needs its TLB flushed before waking. */ + bool needs_tlb_flush; /* VCPU need affinity restored */ uint8_t affinity_broken; #define VCPU_AFFINITY_OVERRIDE 0x01 --=20 2.49.0 Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech From nobody Tue Dec 16 03:21:35 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=vates.tech ARC-Seal: i=1; a=rsa-sha256; t=1747390995; cv=none; d=zohomail.com; s=zohoarc; b=XJoYU9a7GRtFof/ry/NkKaDc3MPQbPDML8zGlcGjzzOFnH7NdmXgcDJsE5vGD/isAmWwz4C7Mi4jQ25kgcBpKOY1f2sBtjxvUyXPzrP7TW75EKOFaijH3XOFOtyt8dxoU8DytlALUS4FBHHaZ7syzznf1WKUT4JKVYUv1RnePg8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747390995; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=RsBZjCl+lvc8p7k8336ELrjqMIlkVDeJAPRHMTKknmM=; b=i+dBbGrRiCpqGtW0EGsWXsufdMLoayS2FqpcI3UbY5PefQs6z3N0or5e2tNOf3gW43rupCyNg2xSiGwtHaTBQJ0073HbhQpV8Axmjk7k+QTYNqRY7N0QmBekpWc9yrYpNZ5hf89faMhlY1Iklo+SQvmtUYwl2O2JGGjgwnmMvvg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747390995838782.1807761250726; Fri, 16 May 2025 03:23:15 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.986808.1372329 (Exim 4.92) (envelope-from ) id 1uFsDW-0000lF-Py; Fri, 16 May 2025 10:23:02 +0000 Received: by outflank-mailman (output) from mailman id 986808.1372329; Fri, 16 May 2025 10:23:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFsDW-0000l6-MG; Fri, 16 May 2025 10:23:02 +0000 Received: by outflank-mailman (input) for mailman id 986808; Fri, 16 May 2025 10:23:01 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFsDV-0000kS-CD for xen-devel@lists.xenproject.org; Fri, 16 May 2025 10:23:01 +0000 Received: from mail133-28.atl131.mandrillapp.com (mail133-28.atl131.mandrillapp.com [198.2.133.28]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id bcbf4d37-323f-11f0-9ffb-bf95429c2676; Fri, 16 May 2025 12:22:58 +0200 (CEST) Received: from pmta13.mandrill.prod.atl01.rsglab.com (localhost [127.0.0.1]) by mail133-28.atl131.mandrillapp.com (Mailchimp) with ESMTP id 4ZzNSd5Df4zMQxhRj for ; Fri, 16 May 2025 10:22:57 +0000 (GMT) Received: from [37.26.189.201] by mandrillapp.com id ca09d91c625d4298b8887bc6fbe1b5db; Fri, 16 May 2025 10:22:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: bcbf4d37-323f-11f0-9ffb-bf95429c2676 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com; s=mte1; t=1747390977; x=1747660977; bh=RsBZjCl+lvc8p7k8336ELrjqMIlkVDeJAPRHMTKknmM=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=hzUTaRi/+MoTTZ1KvIvZlVXOaGSRbmCxJkdU+BG6p8T/aWY/fNm3gJ78U7JnvD8zO /qrUgq7Lmv/t1+pnuWyR5zxnSB3Mf5puePF3tQtdXqN17VXBng2z1etSMBwEAWA4A8 jWXjatfmO2N6PSo+YCXnHBAPcNejPd/b+SY78j6+ZG9LR65WLMO63jeAkED9maFdM1 PpyINZqWj2+TNL2wfJUe4jujoAAbEUcQRiLMWHFqrxn73MVdtK4oZTuz6SC/b9c9qD rOsQexF053Fe6SKFfnj9F1O40PdRNVY5BuV0pQGg/VEHRb71xznZmVUmqIA43Pwx/M lrW6/VCY6K6uw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vates.tech; s=mte1; t=1747390977; x=1747651477; i=teddy.astie@vates.tech; bh=RsBZjCl+lvc8p7k8336ELrjqMIlkVDeJAPRHMTKknmM=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=VZGziPl1zxNWXRmuzr9ZEELghjqBni/cLFE4/zbJrJETqdDwrZuT0ZidbljKoDWhX y95J9zdFhvKtDO+hYK7APvO5ewViXL5UdOPvbNsWY/KqNFeJPZ/c+MxJs3lrsWmAD0 gPlfMQZgQ4XbzM1FiSTx+akEoCchDv2uM8u2+hialOcZgNioCrzttdtQm2fORCaGSi jlVYjOgPnl2+afm7SeJw7tt0GFYSZC5cY3hHCj9WRMeJxpGMBbq6CmqAVbcZ/BRbsz 5CtBSNCY6pojxQlnxmsZCzFgzWqvBwoH1FuutZ3pNlPl8tqHb+WSltx/pEeq59LpH3 v8/Q7ERZNBXRw== From: "Teddy Astie" Subject: =?utf-8?Q?[RFC=20PATCH=2008/16]=20x86/crypto:=20Introduce=20AMD=20PSP=20driver=20for=20SEV?= X-Mailer: git-send-email 2.49.0 X-Bm-Disclaimer: Yes X-Bm-Milter-Handled: 4ffbd6c1-ee69-4e1b-aabd-f977039bd3e2 X-Bm-Transport-Timestamp: 1747390975438 To: xen-devel@lists.xenproject.org Cc: "Teddy Astie" , "Jan Beulich" , "Andrew Cooper" , "=?utf-8?Q?Roger=20Pau=20Monn=C3=A9?=" , "Anthony PERARD" , "Michal Orzel" , "Julien Grall" , "Stefano Stabellini" , "Andrei Semenov" Message-Id: In-Reply-To: References: X-Native-Encoded: 1 X-Report-Abuse: =?UTF-8?Q?Please=20forward=20a=20copy=20of=20this=20message,=20including=20all=20headers,=20to=20abuse@mandrill.com.=20You=20can=20also=20report=20abuse=20here:=20https://mandrillapp.com/contact/abuse=3Fid=3D30504962.ca09d91c625d4298b8887bc6fbe1b5db?= X-Mandrill-User: md_30504962 Feedback-ID: 30504962:30504962.20250516:md Date: Fri, 16 May 2025 10:22:57 +0000 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @mandrillapp.com) (identity teddy.astie@vates.tech) X-ZM-MESSAGEID: 1747390996815116600 Content-Type: text/plain; charset="utf-8" From: Andrei Semenov Introduce a basic PSP driver with focus on SEV commands. Signed-off-by: Andrei Semenov Signed-off-by: Teddy Astie --- xen/arch/x86/include/asm/psp-sev.h | 655 +++++++++++++++++++++++ xen/drivers/Kconfig | 2 + xen/drivers/Makefile | 1 + xen/drivers/crypto/Kconfig | 10 + xen/drivers/crypto/Makefile | 1 + xen/drivers/crypto/asp.c | 830 +++++++++++++++++++++++++++++ 6 files changed, 1499 insertions(+) create mode 100644 xen/arch/x86/include/asm/psp-sev.h create mode 100644 xen/drivers/crypto/Kconfig create mode 100644 xen/drivers/crypto/Makefile create mode 100644 xen/drivers/crypto/asp.c diff --git a/xen/arch/x86/include/asm/psp-sev.h b/xen/arch/x86/include/asm/= psp-sev.h new file mode 100644 index 0000000000..5bbe1ed2c0 --- /dev/null +++ b/xen/arch/x86/include/asm/psp-sev.h @@ -0,0 +1,655 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * AMD Secure Encrypted Virtualization (SEV) driver interface + * + * Copyright (C) 2016-2017 Advanced Micro Devices, Inc. + * + * Author: Brijesh Singh + * + * SEV API spec is available at https://developer.amd.com/sev + */ + +#ifndef __PSP_SEV_H__ +#define __PSP_SEV_H__ + +#include + +/** + * SEV platform and guest management commands + */ +enum sev_cmd { + /* platform commands */ + SEV_CMD_INIT =3D 0x001, + SEV_CMD_SHUTDOWN =3D 0x002, + SEV_CMD_FACTORY_RESET =3D 0x003, + SEV_CMD_PLATFORM_STATUS =3D 0x004, + SEV_CMD_PEK_GEN =3D 0x005, + SEV_CMD_PEK_CSR =3D 0x006, + SEV_CMD_PEK_CERT_IMPORT =3D 0x007, + SEV_CMD_PDH_CERT_EXPORT =3D 0x008, + SEV_CMD_PDH_GEN =3D 0x009, + SEV_CMD_DF_FLUSH =3D 0x00A, + SEV_CMD_DOWNLOAD_FIRMWARE =3D 0x00B, + SEV_CMD_GET_ID =3D 0x00C, + SEV_CMD_INIT_EX =3D 0x00D, + + /* Guest commands */ + SEV_CMD_DECOMMISSION =3D 0x020, + SEV_CMD_ACTIVATE =3D 0x021, + SEV_CMD_DEACTIVATE =3D 0x022, + SEV_CMD_GUEST_STATUS =3D 0x023, + + /* Guest launch commands */ + SEV_CMD_LAUNCH_START =3D 0x030, + SEV_CMD_LAUNCH_UPDATE_DATA =3D 0x031, + SEV_CMD_LAUNCH_UPDATE_VMSA =3D 0x032, + SEV_CMD_LAUNCH_MEASURE =3D 0x033, + SEV_CMD_LAUNCH_UPDATE_SECRET =3D 0x034, + SEV_CMD_LAUNCH_FINISH =3D 0x035, + SEV_CMD_ATTESTATION_REPORT =3D 0x036, + + /* Guest migration commands (outgoing) */ + SEV_CMD_SEND_START =3D 0x040, + SEV_CMD_SEND_UPDATE_DATA =3D 0x041, + SEV_CMD_SEND_UPDATE_VMSA =3D 0x042, + SEV_CMD_SEND_FINISH =3D 0x043, + SEV_CMD_SEND_CANCEL =3D 0x044, + + /* Guest migration commands (incoming) */ + SEV_CMD_RECEIVE_START =3D 0x050, + SEV_CMD_RECEIVE_UPDATE_DATA =3D 0x051, + SEV_CMD_RECEIVE_UPDATE_VMSA =3D 0x052, + SEV_CMD_RECEIVE_FINISH =3D 0x053, + + /* Guest debug commands */ + SEV_CMD_DBG_DECRYPT =3D 0x060, + SEV_CMD_DBG_ENCRYPT =3D 0x061, + + SEV_CMD_MAX, +}; + +/** + * struct sev_data_init - INIT command parameters + * + * @flags: processing flags + * @tmr_address: system physical address used for SEV-ES + * @tmr_len: len of tmr_address + */ +struct sev_data_init { + uint32_t flags; /* In */ + uint32_t reserved; /* In */ + uint64_t tmr_address; /* In */ + uint32_t tmr_len; /* In */ +} __packed; + +/** + * struct sev_data_init_ex - INIT_EX command parameters + * + * @length: len of the command buffer read by the PSP + * @flags: processing flags + * @tmr_address: system physical address used for SEV-ES + * @tmr_len: len of tmr_address + * @nv_address: system physical address used for PSP NV storage + * @nv_len: len of nv_address + */ +struct sev_data_init_ex { + uint32_t length; /* In */ + uint32_t flags; /* In */ + uint64_t tmr_address; /* In */ + uint32_t tmr_len; /* In */ + uint32_t reserved; /* In */ + uint64_t nv_address; /* In/Out */ + uint32_t nv_len; /* In */ +} __packed; + +#define SEV_INIT_FLAGS_SEV_ES 0x01 + +/** + * struct sev_data_pek_csr - PEK_CSR command parameters + * + * @address: PEK certificate chain + * @len: len of certificate + */ +struct sev_data_pek_csr { + uint64_t address; /* In */ + uint32_t len; /* In/Out */ +} __packed; + +/** + * struct sev_data_cert_import - PEK_CERT_IMPORT command parameters + * + * @pek_address: PEK certificate chain + * @pek_len: len of PEK certificate + * @oca_address: OCA certificate chain + * @oca_len: len of OCA certificate + */ +struct sev_data_pek_cert_import { + uint64_t pek_cert_address; /* In */ + uint32_t pek_cert_len; /* In */ + uint32_t reserved; /* In */ + uint64_t oca_cert_address; /* In */ + uint32_t oca_cert_len; /* In */ +} __packed; + +/** + * struct sev_data_download_firmware - DOWNLOAD_FIRMWARE command parameters + * + * @address: physical address of firmware image + * @len: len of the firmware image + */ +struct sev_data_download_firmware { + uint64_t address; /* In */ + uint32_t len; /* In */ +} __packed; + +/** + * struct sev_data_get_id - GET_ID command parameters + * + * @address: physical address of region to place unique CPU ID(s) + * @len: len of the region + */ +struct sev_data_get_id { + uint64_t address; /* In */ + uint32_t len; /* In/Out */ +} __packed; +/** + * struct sev_data_pdh_cert_export - PDH_CERT_EXPORT command parameters + * + * @pdh_address: PDH certificate address + * @pdh_len: len of PDH certificate + * @cert_chain_address: PDH certificate chain + * @cert_chain_len: len of PDH certificate chain + */ +struct sev_data_pdh_cert_export { + uint64_t pdh_cert_address; /* In */ + uint32_t pdh_cert_len; /* In/Out */ + uint32_t reserved; /* In */ + uint64_t cert_chain_address; /* In */ + uint32_t cert_chain_len; /* In/Out */ +} __packed; + +/** + * struct sev_data_decommission - DECOMMISSION command parameters + * + * @handle: handle of the VM to decommission + */ +struct sev_data_decommission { + uint32_t handle; /* In */ +} __packed; + +/** + * struct sev_data_activate - ACTIVATE command parameters + * + * @handle: handle of the VM to activate + * @asid: asid assigned to the VM + */ +struct sev_data_activate { + uint32_t handle; /* In */ + uint32_t asid; /* In */ +} __packed; + +/** + * struct sev_data_deactivate - DEACTIVATE command parameters + * + * @handle: handle of the VM to deactivate + */ +struct sev_data_deactivate { + uint32_t handle; /* In */ +} __packed; + +/** + * struct sev_data_guest_status - SEV GUEST_STATUS command parameters + * + * @handle: handle of the VM to retrieve status + * @policy: policy information for the VM + * @asid: current ASID of the VM + * @state: current state of the VM + */ +struct sev_data_guest_status { + uint32_t handle; /* In */ + uint32_t policy; /* Out */ + uint32_t asid; /* Out */ + uint8_t state; /* Out */ +} __packed; + +/** + * struct sev_data_launch_start - LAUNCH_START command parameters + * + * @handle: handle assigned to the VM + * @policy: guest launch policy + * @dh_cert_address: physical address of DH certificate blob + * @dh_cert_len: len of DH certificate blob + * @session_address: physical address of session parameters + * @session_len: len of session parameters + */ +struct sev_data_launch_start { + uint32_t handle; /* In/Out */ + uint32_t policy; /* In */ + uint64_t dh_cert_address; /* In */ + uint32_t dh_cert_len; /* In */ + uint32_t reserved; /* In */ + uint64_t session_address; /* In */ + uint32_t session_len; /* In */ +} __packed; + +/** + * struct sev_data_launch_update_data - LAUNCH_UPDATE_DATA command paramet= er + * + * @handle: handle of the VM to update + * @len: len of memory to be encrypted + * @address: physical address of memory region to encrypt + */ +struct sev_data_launch_update_data { + uint32_t handle; /* In */ + uint32_t reserved; + uint64_t address; /* In */ + uint32_t len; /* In */ +} __packed; + +/** + * struct sev_data_launch_update_vmsa - LAUNCH_UPDATE_VMSA command + * + * @handle: handle of the VM + * @address: physical address of memory region to encrypt + * @len: len of memory region to encrypt + */ +struct sev_data_launch_update_vmsa { + uint32_t handle; /* In */ + uint32_t reserved; + uint64_t address; /* In */ + uint32_t len; /* In */ +} __packed; + +/** + * struct sev_data_launch_measure - LAUNCH_MEASURE command parameters + * + * @handle: handle of the VM to process + * @address: physical address containing the measurement blob + * @len: len of measurement blob + */ +struct sev_data_launch_measure { + uint32_t handle; /* In */ + uint32_t reserved; + uint64_t address; /* In */ + uint32_t len; /* In/Out */ +} __packed; + +/** + * struct sev_data_launch_secret - LAUNCH_SECRET command parameters + * + * @handle: handle of the VM to process + * @hdr_address: physical address containing the packet header + * @hdr_len: len of packet header + * @guest_address: system physical address of guest memory region + * @guest_len: len of guest_paddr + * @trans_address: physical address of transport memory buffer + * @trans_len: len of transport memory buffer + */ +struct sev_data_launch_secret { + uint32_t handle; /* In */ + uint32_t reserved1; + uint64_t hdr_address; /* In */ + uint32_t hdr_len; /* In */ + uint32_t reserved2; + uint64_t guest_address; /* In */ + uint32_t guest_len; /* In */ + uint32_t reserved3; + uint64_t trans_address; /* In */ + uint32_t trans_len; /* In */ +} __packed; + +/** + * struct sev_data_launch_finish - LAUNCH_FINISH command parameters + * + * @handle: handle of the VM to process + */ +struct sev_data_launch_finish { + uint32_t handle; /* In */ +} __packed; + +/** + * struct sev_data_send_start - SEND_START command parameters + * + * @handle: handle of the VM to process + * @policy: policy information for the VM + * @pdh_cert_address: physical address containing PDH certificate + * @pdh_cert_len: len of PDH certificate + * @plat_certs_address: physical address containing platform certificate + * @plat_certs_len: len of platform certificate + * @amd_certs_address: physical address containing AMD certificate + * @amd_certs_len: len of AMD certificate + * @session_address: physical address containing Session data + * @session_len: len of session data + */ +struct sev_data_send_start { + uint32_t handle; /* In */ + uint32_t policy; /* Out */ + uint64_t pdh_cert_address; /* In */ + uint32_t pdh_cert_len; /* In */ + uint32_t reserved1; + uint64_t plat_certs_address; /* In */ + uint32_t plat_certs_len; /* In */ + uint32_t reserved2; + uint64_t amd_certs_address; /* In */ + uint32_t amd_certs_len; /* In */ + uint32_t reserved3; + uint64_t session_address; /* In */ + uint32_t session_len; /* In/Out */ +} __packed; + +/** + * struct sev_data_send_update - SEND_UPDATE_DATA command + * + * @handle: handle of the VM to process + * @hdr_address: physical address containing packet header + * @hdr_len: len of packet header + * @guest_address: physical address of guest memory region to send + * @guest_len: len of guest memory region to send + * @trans_address: physical address of host memory region + * @trans_len: len of host memory region + */ +struct sev_data_send_update_data { + uint32_t handle; /* In */ + uint32_t reserved1; + uint64_t hdr_address; /* In */ + uint32_t hdr_len; /* In/Out */ + uint32_t reserved2; + uint64_t guest_address; /* In */ + uint32_t guest_len; /* In */ + uint32_t reserved3; + uint64_t trans_address; /* In */ + uint32_t trans_len; /* In */ +} __packed; + +/** + * struct sev_data_send_update - SEND_UPDATE_VMSA command + * + * @handle: handle of the VM to process + * @hdr_address: physical address containing packet header + * @hdr_len: len of packet header + * @guest_address: physical address of guest memory region to send + * @guest_len: len of guest memory region to send + * @trans_address: physical address of host memory region + * @trans_len: len of host memory region + */ +struct sev_data_send_update_vmsa { + uint32_t handle; /* In */ + uint64_t hdr_address; /* In */ + uint32_t hdr_len; /* In/Out */ + uint32_t reserved2; + uint64_t guest_address; /* In */ + uint32_t guest_len; /* In */ + uint32_t reserved3; + uint64_t trans_address; /* In */ + uint32_t trans_len; /* In */ +} __packed; + +/** + * struct sev_data_send_finish - SEND_FINISH command parameters + * + * @handle: handle of the VM to process + */ +struct sev_data_send_finish { + uint32_t handle; /* In */ +} __packed; + +/** + * struct sev_data_send_cancel - SEND_CANCEL command parameters + * + * @handle: handle of the VM to process + */ +struct sev_data_send_cancel { + uint32_t handle; /* In */ +} __packed; + +/** + * struct sev_data_receive_start - RECEIVE_START command parameters + * + * @handle: handle of the VM to perform receive operation + * @pdh_cert_address: system physical address containing PDH certificate b= lob + * @pdh_cert_len: len of PDH certificate blob + * @session_address: system physical address containing session blob + * @session_len: len of session blob + */ +struct sev_data_receive_start { + uint32_t handle; /* In/Out */ + uint32_t policy; /* In */ + uint64_t pdh_cert_address; /* In */ + uint32_t pdh_cert_len; /* In */ + uint32_t reserved1; + uint64_t session_address; /* In */ + uint32_t session_len; /* In */ +} __packed; + +/** + * struct sev_data_receive_update_data - RECEIVE_UPDATE_DATA command param= eters + * + * @handle: handle of the VM to update + * @hdr_address: physical address containing packet header blob + * @hdr_len: len of packet header + * @guest_address: system physical address of guest memory region + * @guest_len: len of guest memory region + * @trans_address: system physical address of transport buffer + * @trans_len: len of transport buffer + */ +struct sev_data_receive_update_data { + uint32_t handle; /* In */ + uint32_t reserved1; + uint64_t hdr_address; /* In */ + uint32_t hdr_len; /* In */ + uint32_t reserved2; + uint64_t guest_address; /* In */ + uint32_t guest_len; /* In */ + uint32_t reserved3; + uint64_t trans_address; /* In */ + uint32_t trans_len; /* In */ +} __packed; + +/** + * struct sev_data_receive_update_vmsa - RECEIVE_UPDATE_VMSA command param= eters + * + * @handle: handle of the VM to update + * @hdr_address: physical address containing packet header blob + * @hdr_len: len of packet header + * @guest_address: system physical address of guest memory region + * @guest_len: len of guest memory region + * @trans_address: system physical address of transport buffer + * @trans_len: len of transport buffer + */ +struct sev_data_receive_update_vmsa { + uint32_t handle; /* In */ + uint32_t reserved1; + uint64_t hdr_address; /* In */ + uint32_t hdr_len; /* In */ + uint32_t reserved2; + uint64_t guest_address; /* In */ + uint32_t guest_len; /* In */ + uint32_t reserved3; + uint64_t trans_address; /* In */ + uint32_t trans_len; /* In */ +} __packed; + +/** + * struct sev_data_receive_finish - RECEIVE_FINISH command parameters + * + * @handle: handle of the VM to finish + */ +struct sev_data_receive_finish { + uint32_t handle; /* In */ +} __packed; + +/** + * struct sev_data_dbg - DBG_ENCRYPT/DBG_DECRYPT command parameters + * + * @handle: handle of the VM to perform debug operation + * @src_addr: source address of data to operate on + * @dst_addr: destination address of data to operate on + * @len: len of data to operate on + */ +struct sev_data_dbg { + uint32_t handle; /* In */ + uint32_t reserved; + uint64_t src_addr; /* In */ + uint64_t dst_addr; /* In */ + uint32_t len; /* In */ +} __packed; + +/** + * struct sev_data_attestation_report - SEV_ATTESTATION_REPORT command par= ameters + * + * @handle: handle of the VM + * @mnonce: a random nonce that will be included in the report. + * @address: physical address where the report will be copied. + * @len: length of the physical buffer. + */ +struct sev_data_attestation_report { + uint32_t handle; /* In */ + uint32_t reserved; + uint64_t address; /* In */ + uint8_t mnonce[16]; /* In */ + uint32_t len; /* In/Out */ +} __packed; + + +/** + * SEV platform commands + */ +enum { + SEV_FACTORY_RESET =3D 0, + SEV_PLATFORM_STATUS, + SEV_PEK_GEN, + SEV_PEK_CSR, + SEV_PDH_GEN, + SEV_PDH_CERT_EXPORT, + SEV_PEK_CERT_IMPORT, + SEV_GET_ID, /* This command is deprecated, use SEV_GET_ID2 */ + SEV_GET_ID2, + + SEV_MAX, +}; + +/** + * SEV Firmware status code + */ +typedef enum { + /* + * This error code is not in the SEV spec. Its purpose is to convey that + * there was an error that prevented the SEV firmware from being called. + * The SEV API error codes are 16 bits, so the -1 value will not overlap + * with possible values from the specification. + */ + SEV_RET_NO_FW_CALL =3D -1, + SEV_RET_SUCCESS =3D 0, + SEV_RET_INVALID_PLATFORM_STATE, + SEV_RET_INVALID_GUEST_STATE, + SEV_RET_INAVLID_CONFIG, + SEV_RET_INVALID_LEN, + SEV_RET_ALREADY_OWNED, + SEV_RET_INVALID_CERTIFICATE, + SEV_RET_POLICY_FAILURE, + SEV_RET_INACTIVE, + SEV_RET_INVALID_ADDRESS, + SEV_RET_BAD_SIGNATURE, + SEV_RET_BAD_MEASUREMENT, + SEV_RET_ASID_OWNED, + SEV_RET_INVALID_ASID, + SEV_RET_WBINVD_REQUIRED, + SEV_RET_DFFLUSH_REQUIRED, + SEV_RET_INVALID_GUEST, + SEV_RET_INVALID_COMMAND, + SEV_RET_ACTIVE, + SEV_RET_HWSEV_RET_PLATFORM, + SEV_RET_HWSEV_RET_UNSAFE, + SEV_RET_UNSUPPORTED, + SEV_RET_INVALID_PARAM, + SEV_RET_RESOURCE_LIMIT, + SEV_RET_SECURE_DATA_INVALID, + SEV_RET_MAX, +} sev_ret_code; + +/** + * struct sev_user_data_status - PLATFORM_STATUS command parameters + * + * @major: major API version + * @minor: minor API version + * @state: platform state + * @flags: platform config flags + * @build: firmware build id for API version + * @guest_count: number of active guests + */ +struct sev_user_data_status { + uint8_t api_major; /* Out */ + uint8_t api_minor; /* Out */ + uint8_t state; /* Out */ + uint8_t flags; /* Out */ + uint8_t build; /* Out */ + uint8_t guest_count; /* Out */ +} __packed; + +#define SEV_STATUS_FLAGS_CONFIG_ES 0x0100 + +/** + * struct sev_user_data_pek_csr - PEK_CSR command parameters + * + * @address: PEK certificate chain + * @length: length of certificate + */ +struct sev_user_data_pek_csr { + uint8_t address; /* In */ + uint8_t length; /* In/Out */ +} __packed; + +/** + * struct sev_user_data_cert_import - PEK_CERT_IMPORT command parameters + * + * @pek_address: PEK certificate chain + * @pek_len: length of PEK certificate + * @oca_address: OCA certificate chain + * @oca_len: length of OCA certificate + */ +struct sev_user_data_pek_cert_import { + uint8_t pek_cert_address; /* In */ + uint8_t pek_cert_len; /* In */ + uint8_t oca_cert_address; /* In */ + uint8_t oca_cert_len; /* In */ +} __packed; + +/** + * struct sev_user_data_pdh_cert_export - PDH_CERT_EXPORT command paramete= rs + * + * @pdh_address: PDH certificate address + * @pdh_len: length of PDH certificate + * @cert_chain_address: PDH certificate chain + * @cert_chain_len: length of PDH certificate chain + */ +struct sev_user_data_pdh_cert_export { + uint8_t pdh_cert_address; /* In */ + uint8_t pdh_cert_len; /* In/Out */ + uint8_t cert_chain_address; /* In */ + uint8_t cert_chain_len; /* In/Out */ +} __packed; + +/** + * struct sev_user_data_get_id - GET_ID command parameters (deprecated) + * + * @socket1: Buffer to pass unique ID of first socket + * @socket2: Buffer to pass unique ID of second socket + */ +struct sev_user_data_get_id { + uint8_t socket1[64]; /* Out */ + uint8_t socket2[64]; /* Out */ +} __packed; + +/** + * struct sev_user_data_get_id2 - GET_ID command parameters + * @address: Buffer to store unique ID + * @length: length of the unique ID + */ +struct sev_user_data_get_id2 { + uint8_t address; /* In */ + uint8_t length; /* In/Out */ +} __packed; + +extern int sev_do_cmd(int cmd, void *data, int *psp_ret, bool poll); + +#endif /* __PSP_SEV_H__ */ diff --git a/xen/drivers/Kconfig b/xen/drivers/Kconfig index 20050e9bb8..bed7d5a3e2 100644 --- a/xen/drivers/Kconfig +++ b/xen/drivers/Kconfig @@ -12,6 +12,8 @@ source "drivers/pci/Kconfig" =20 source "drivers/video/Kconfig" =20 +source "drivers/crypto/Kconfig" + config HAS_VPCI bool =20 diff --git a/xen/drivers/Makefile b/xen/drivers/Makefile index 2a1ae8ad13..f24f788fde 100644 --- a/xen/drivers/Makefile +++ b/xen/drivers/Makefile @@ -5,3 +5,4 @@ obj-$(CONFIG_HAS_VPCI) +=3D vpci/ obj-$(CONFIG_HAS_PASSTHROUGH) +=3D passthrough/ obj-$(CONFIG_ACPI) +=3D acpi/ obj-$(CONFIG_VIDEO) +=3D video/ +obj-y +=3D crypto/ diff --git a/xen/drivers/crypto/Kconfig b/xen/drivers/crypto/Kconfig new file mode 100644 index 0000000000..ca3d3f5f1b --- /dev/null +++ b/xen/drivers/crypto/Kconfig @@ -0,0 +1,10 @@ +config AMD_SP + bool "AMD Secure Processor (UNSUPPORTED)" if UNSUPPORTED + depends on X86 + default n + help + Enables AMD Secure Processor. + + If your platform includes AMD Secure Processor devices and you a= re + intended to use AMD Secure Encrypted Virtualization Technology, = say Y. + If in doubt, say N. diff --git a/xen/drivers/crypto/Makefile b/xen/drivers/crypto/Makefile new file mode 100644 index 0000000000..ff283c2cb5 --- /dev/null +++ b/xen/drivers/crypto/Makefile @@ -0,0 +1 @@ +obj-$(CONFIG_AMD_SP) +=3D asp.o diff --git a/xen/drivers/crypto/asp.c b/xen/drivers/crypto/asp.c new file mode 100644 index 0000000000..834e5d3b9b --- /dev/null +++ b/xen/drivers/crypto/asp.c @@ -0,0 +1,830 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* +TODO: +- GLOBAL: + - add command line params for tunables + - INTERRUPT MODE: + - CET shadow stack: adapt #CP handler??? + - Serialization: must be done by the client? adapt spinlock? + */ + +#define PSP_CAPABILITY_SEV (1 << 0) +#define PSP_CAPABILITY_TEE (1 << 1) +#define PSP_CAPABILITY_PSP_SECURITY_REPORTING (1 << 7) +#define PSP_CAPABILITY_PSP_SECURITY_OFFSET 8 + +#define PSP_INTSTS_CMD_COMPLETE (1 << 1) + +#define SEV_CMDRESP_CMD_MASK 0x7ff0000 +#define SEV_CMDRESP_CMD_SHIFT 16 +#define SEV_CMDRESP_CMD(cmd) ((cmd) << SEV_CMDRESP_CMD_SHIFT) +#define SEV_CMDRESP_STS_MASK 0xffff +#define SEV_CMDRESP_STS(x) ((x) & SEV_CMDRESP_STS_MASK) +#define SEV_CMDRESP_RESP (1 << 31) +#define SEV_CMDRESP_IOC (1 << 0) + +#define ASP_CMD_BUFF_SIZE 0x1000 +#define SEV_FW_BLOB_MAX_SIZE 0x4000 + +/* + * SEV platform state + */ +enum sev_state { + SEV_STATE_UNINIT =3D 0x0, + SEV_STATE_INIT =3D 0x1, + SEV_STATE_WORKING =3D 0x2, + SEV_STATE_MAX +}; + +struct sev_vdata { + const unsigned int cmdresp_reg; + const unsigned int cmdbuff_addr_lo_reg; + const unsigned int cmdbuff_addr_hi_reg; +}; + +struct psp_vdata { + const unsigned short base_offset; + const struct sev_vdata *sev; + const unsigned int feature_reg; + const unsigned int inten_reg; + const unsigned int intsts_reg; + const char* name; +}; + +static struct sev_vdata sevv1 =3D { + .cmdresp_reg =3D 0x10580, /* C2PMSG_32 */ + .cmdbuff_addr_lo_reg =3D 0x105e0, /* C2PMSG_56 */ + .cmdbuff_addr_hi_reg =3D 0x105e4, /* C2PMSG_57 */ +}; + +static struct sev_vdata sevv2 =3D { + .cmdresp_reg =3D 0x10980, /* C2PMSG_32 */ + .cmdbuff_addr_lo_reg =3D 0x109e0, /* C2PMSG_56 */ + .cmdbuff_addr_hi_reg =3D 0x109e4, /* C2PMSG_57 */ +}; + +static struct psp_vdata pspv1 =3D { + .base_offset =3D PCI_BASE_ADDRESS_2, + .sev =3D &sevv1, + .feature_reg =3D 0x105fc, /* C2PMSG_63 */ + .inten_reg =3D 0x10610, /* P2CMSG_INTEN */ + .intsts_reg =3D 0x10614, /* P2CMSG_INTSTS */ + .name =3D "pspv1", +}; + +static struct psp_vdata pspv2 =3D { + .base_offset =3D PCI_BASE_ADDRESS_2, + .sev =3D &sevv2, + .feature_reg =3D 0x109fc, /* C2PMSG_63 */ + .inten_reg =3D 0x10690, /* P2CMSG_INTEN */ + .intsts_reg =3D 0x10694, /* P2CMSG_INTSTS */ + .name =3D "pspv2", +}; + +static struct psp_vdata pspv4 =3D { + .base_offset =3D PCI_BASE_ADDRESS_2, + .sev =3D &sevv2, + .feature_reg =3D 0x109fc, /* C2PMSG_63 */ + .inten_reg =3D 0x10690, /* P2CMSG_INTEN */ + .intsts_reg =3D 0x10694, /* P2CMSG_INTSTS */ + .name =3D "pspv4", +}; + +static struct psp_vdata pspv6 =3D { + .base_offset =3D PCI_BASE_ADDRESS_2, + .sev =3D &sevv2, + .feature_reg =3D 0x109fc, /* C2PMSG_63 */ + .inten_reg =3D 0x10510, /* P2CMSG_INTEN */ + .intsts_reg =3D 0x10514, /* P2CMSG_INTSTS */ + .name =3D "pspv6", +}; + +struct amd_sp_dev +{ + struct list_head list; + struct pci_dev *pdev; + struct psp_vdata *vdata; + void *io_base; + paddr_t io_pbase; + size_t io_size; + int irq; + int state; + void* cmd_buff; + uint32_t cbuff_pa_low; + uint32_t cbuff_pa_high; + unsigned int capability; + uint8_t api_major; + uint8_t api_minor; + uint8_t build; + int intr_rcvd; + int cmd_timeout; + struct timer cmd_timer; + struct waitqueue_head cmd_in_progress; +}; + +LIST_HEAD(amd_sp_units); +#define for_each_sp_unit(sp) \ + list_for_each_entry(sp, &amd_sp_units, list) + +static spinlock_t _sp_cmd_lock =3D SPIN_LOCK_UNLOCKED; + +static struct amd_sp_dev *amd_sp_master; + +static void do_sp_irq(void *data); +static DECLARE_SOFTIRQ_TASKLET(sp_irq_tasklet, do_sp_irq, NULL); + +static bool force_sync =3D false; +static unsigned int asp_timeout_val =3D 30000; +static unsigned long long asp_sync_delay =3D 100ULL; +static int asp_sync_tries =3D 10; + +static void sp_cmd_lock(void) +{ + spin_lock(&_sp_cmd_lock); +} + +static void sp_cmd_unlock(void) +{ + spin_unlock(&_sp_cmd_lock); +} + +static int sev_cmd_buffer_len(int cmd) +{ + switch (cmd) { + case SEV_CMD_INIT: =20 + return sizeof(struct sev_data_init); + case SEV_CMD_INIT_EX: + return sizeof(struct sev_data_init_ex); + case SEV_CMD_PLATFORM_STATUS: + return sizeof(struct sev_user_data_status); + case SEV_CMD_PEK_CSR: + return sizeof(struct sev_data_pek_csr); + case SEV_CMD_PEK_CERT_IMPORT: + return sizeof(struct sev_data_pek_cert_import); + case SEV_CMD_PDH_CERT_EXPORT: + return sizeof(struct sev_data_pdh_cert_export); + case SEV_CMD_LAUNCH_START: + return sizeof(struct sev_data_launch_start); + case SEV_CMD_LAUNCH_UPDATE_DATA: + return sizeof(struct sev_data_launch_update_data); + case SEV_CMD_LAUNCH_UPDATE_VMSA: + return sizeof(struct sev_data_launch_update_vmsa); + case SEV_CMD_LAUNCH_FINISH: + return sizeof(struct sev_data_launch_finish); + case SEV_CMD_LAUNCH_MEASURE: + return sizeof(struct sev_data_launch_measure); + case SEV_CMD_ACTIVATE: + return sizeof(struct sev_data_activate); + case SEV_CMD_DEACTIVATE: + return sizeof(struct sev_data_deactivate); + case SEV_CMD_DECOMMISSION: + return sizeof(struct sev_data_decommission); + case SEV_CMD_GUEST_STATUS: + return sizeof(struct sev_data_guest_status); + case SEV_CMD_DBG_DECRYPT: + return sizeof(struct sev_data_dbg); + case SEV_CMD_DBG_ENCRYPT: + return sizeof(struct sev_data_dbg); + case SEV_CMD_SEND_START: + return sizeof(struct sev_data_send_start); + case SEV_CMD_SEND_UPDATE_DATA: + return sizeof(struct sev_data_send_update_data); + case SEV_CMD_SEND_UPDATE_VMSA: + return sizeof(struct sev_data_send_update_vmsa); + case SEV_CMD_SEND_FINISH: + return sizeof(struct sev_data_send_finish); + case SEV_CMD_RECEIVE_START: + return sizeof(struct sev_data_receive_start); + case SEV_CMD_RECEIVE_FINISH: + return sizeof(struct sev_data_receive_finish); + case SEV_CMD_RECEIVE_UPDATE_DATA: + return sizeof(struct sev_data_receive_update_data); + case SEV_CMD_RECEIVE_UPDATE_VMSA: + return sizeof(struct sev_data_receive_update_vmsa); + case SEV_CMD_LAUNCH_UPDATE_SECRET: + return sizeof(struct sev_data_launch_secret); + case SEV_CMD_DOWNLOAD_FIRMWARE: + return sizeof(struct sev_data_download_firmware); + case SEV_CMD_GET_ID: + return sizeof(struct sev_data_get_id); + case SEV_CMD_ATTESTATION_REPORT: + return sizeof(struct sev_data_attestation_report); + case SEV_CMD_SEND_CANCEL: + return sizeof(struct sev_data_send_cancel); + default: + return 0; + } +} + +static void invalidate_cache(void *unused) +{ + wbinvd(); +} + +int _sev_do_cmd(struct amd_sp_dev *sp, int cmd, void *data, int *psp_ret) +{ + unsigned int cbuff_pa_low, cbuff_pa_high, cmd_val; + int buf_len, cmdresp, rc; + + buf_len =3D sev_cmd_buffer_len(cmd); + + if ( data ) + memcpy(sp->cmd_buff, data, buf_len); + + cbuff_pa_low =3D data ? sp->cbuff_pa_low : 0; + cbuff_pa_high =3D data ? sp->cbuff_pa_high : 0; + + writel(cbuff_pa_low, sp->io_base + sp->vdata->sev->cmdbuff_addr_lo_reg= ); + writel(cbuff_pa_high, sp->io_base + sp->vdata->sev->cmdbuff_addr_hi_re= g); + + cmd_val =3D SEV_CMDRESP_CMD(cmd) | SEV_CMDRESP_IOC; + + sp->cmd_timeout =3D 0; + sp->intr_rcvd =3D 0; + + writel(cmd_val, sp->io_base + sp->vdata->sev->cmdresp_reg); + + set_timer(&sp->cmd_timer, NOW() + MILLISECS(asp_timeout_val)); + + /* FIXME: If the timer triggers here the device will be set offline */ + + wait_event(sp->cmd_in_progress, sp->cmd_timeout || sp->intr_rcvd); + + stop_timer(&sp->cmd_timer); + + if ( sp->intr_rcvd ) + { + cmdresp =3D readl(sp->io_base + sp->vdata->sev->cmdresp_reg); + + ASSERT(cmdresp & SEV_CMDRESP_RESP); + + rc =3D SEV_CMDRESP_STS(cmdresp) ? -EFAULT : 0; + + if ( rc && psp_ret ) + *psp_ret =3D SEV_CMDRESP_STS(cmdresp); + + if ( data && (!rc) ) + memcpy(data, sp->cmd_buff, buf_len); + } + else + { + ASSERT(sp->cmd_timeout); + + sp->state =3D SEV_STATE_UNINIT; + + writel(0, sp->io_base + sp->vdata->inten_reg); + + rc =3D -EIO; + } + return rc; +} + +static int _sev_do_cmd_sync(struct amd_sp_dev *sp, int cmd, void *data, in= t *psp_ret) +{ + unsigned int cbuff_pa_low, cbuff_pa_high, cmd_val; + int buf_len, cmdresp, rc, i; + + buf_len =3D sev_cmd_buffer_len(cmd); + + if ( data ) + memcpy(sp->cmd_buff, data, buf_len); + + cbuff_pa_low =3D data ? sp->cbuff_pa_low : 0; + cbuff_pa_high =3D data ? sp->cbuff_pa_high : 0; + + writel(cbuff_pa_low, sp->io_base + sp->vdata->sev->cmdbuff_addr_lo_reg= ); + writel(cbuff_pa_high, sp->io_base + sp->vdata->sev->cmdbuff_addr_hi_re= g); + + cmd_val =3D SEV_CMDRESP_CMD(cmd); + + writel(cmd_val, sp->io_base + sp->vdata->sev->cmdresp_reg); + + for (rc =3D -EIO, i =3D asp_sync_tries; i; i-- ) + { + mdelay(asp_sync_delay); + + cmdresp =3D readl(sp->io_base + sp->vdata->sev->cmdresp_reg); + if ( cmdresp & SEV_CMDRESP_RESP ) + { + rc =3D 0; + break; + } + } + + if ( !rc && SEV_CMDRESP_STS(cmdresp) ) + rc =3D -EFAULT; + + if ( rc && psp_ret ) + *psp_ret =3D SEV_CMDRESP_STS(cmdresp); + + if ( data && (!rc) ) + memcpy(data, sp->cmd_buff, buf_len); + + return rc; +} + +int sev_do_cmd(int cmd, void *data, int *psp_ret, bool poll) +{ + struct amd_sp_dev *sp =3D amd_sp_master; + int buf_len, rc; + + if ( !sp ) + return -ENODEV; + + if ( sp->state < SEV_STATE_INIT ) + return -ENODEV; + + if ( cmd >=3D SEV_CMD_MAX ) + return -EINVAL; + + buf_len =3D sev_cmd_buffer_len(cmd); + + if ( !data !=3D !buf_len ) + return -EINVAL; + + if ( force_sync || poll ) + { + sp_cmd_lock(); + rc =3D _sev_do_cmd_sync(sp, cmd, data, psp_ret); + sp_cmd_unlock(); + } + else + { + rc =3D _sev_do_cmd(sp, cmd, data, psp_ret); + } + + return rc; +} + +static void do_sp_cmd_timer(void *data) +{ + struct amd_sp_dev *sp =3D (struct amd_sp_dev*)data; + + sp->cmd_timeout =3D 1; + wake_up_nr(&sp->cmd_in_progress, 1); +} + +static void do_sp_irq(void *data) +{ + struct amd_sp_dev *sp; + + for_each_sp_unit(sp) + { + uint32_t cmdresp =3D readl(sp->io_base + sp->vdata->sev->cmdresp_r= eg); + if ( cmdresp & SEV_CMDRESP_RESP ) + { + sp->intr_rcvd =3D 1; + wake_up_nr(&sp->cmd_in_progress, 1); + } + } +} + +static void sp_interrupt_handler(int irq, void *dev_id) +{ + struct amd_sp_dev *sp =3D (struct amd_sp_dev*)dev_id; + uint32_t status; + + status =3D readl(sp->io_base + sp->vdata->intsts_reg); + writel(status, sp->io_base + sp->vdata->intsts_reg); + + if ( status & PSP_INTSTS_CMD_COMPLETE ) + tasklet_schedule(&sp_irq_tasklet); +} + +static int __init sp_get_capability(struct amd_sp_dev *sp) +{ + uint32_t val =3D readl(sp->io_base + sp->vdata->feature_reg); + + if ( (val =3D=3D 0xffffffff) || (!(val & PSP_CAPABILITY_SEV)) ) + return -ENODEV; + + sp->capability =3D val; + + return 0; +} + +static int __init sp_get_state(struct amd_sp_dev *sp, int *state, int *err) +{ + struct sev_user_data_status status; + int rc; + + rc =3D _sev_do_cmd_sync(sp, SEV_CMD_PLATFORM_STATUS, &status, err); + if ( rc ) + return rc; + + *state =3D status.state; + + return 0; +} + +static int __init sp_get_api_version(struct amd_sp_dev *sp) +{ + struct sev_user_data_status status; + int err, rc; + + rc =3D _sev_do_cmd_sync(sp, SEV_CMD_PLATFORM_STATUS, &status, &err); + if ( rc ) + { + dprintk(XENLOG_ERR, "asp-%pp: can't get API version (%d 0x%x)\n", + &sp->pdev->sbdf, rc, err); + return rc; + } + + sp->api_major =3D status.api_major; + sp->api_minor =3D status.api_minor; + sp->state =3D status.state; + + return 0; +} + +static int __init sp_update_firmware(struct amd_sp_dev *sp) +{ + /* + * FIXME: nothing to do for now + */ + return 0; +} + +static int __init sp_alloc_special_regions(struct amd_sp_dev *sp) +{ + /* + * FIXME: allocate TMP memory area for SEV-ES + */ + return 0; +} + +static int __init sp_do_init(struct amd_sp_dev *sp) +{ + struct sev_data_init data; + int err, rc; + + if ( sp->state =3D=3D SEV_STATE_INIT ) + return 0; + + memset(&data, 0, sizeof(data)); + + rc =3D _sev_do_cmd_sync(sp, SEV_CMD_INIT, &data, &err); + if ( rc ) + dprintk(XENLOG_ERR, "asp-%pp: can't init device: (%d 0x%x)\n", &sp= ->pdev->sbdf, rc, err); + + return 0; +} + +static int __init sp_df_flush(struct amd_sp_dev *sp) +{ + int rc, err; + + rc =3D _sev_do_cmd_sync(sp, SEV_CMD_DF_FLUSH, NULL, &err); + if ( rc ) + dprintk(XENLOG_ERR, "asp-%pp: can't flush device: (%d 0x%x)\n", &s= p->pdev->sbdf, rc, err); + + return 0; +} + +static int __init sp_dev_init(struct amd_sp_dev *sp) +{ + int err, rc; + + rc =3D sp_get_capability(sp); + if ( rc ) + { + dprintk(XENLOG_ERR, "asp-%pp: capability is broken %d\n", + &sp->pdev->sbdf, rc); + return rc; + } + + rc =3D sp_get_api_version(sp); + if ( rc ) + { + dprintk(XENLOG_ERR, "asp-%pp: can't get API version %d\n", + &sp->pdev->sbdf, rc); + return rc; + } + + rc =3D sp_update_firmware(sp); + if ( rc ) + { + dprintk(XENLOG_ERR, "asp-%pp: can't update firmware %d\n", + &sp->pdev->sbdf, rc); + return rc; + } + + rc =3D sp_alloc_special_regions(sp); + if ( rc ) + { + dprintk(XENLOG_ERR, "asp-%pp: can't alloc special regions %d\n", + &sp->pdev->sbdf, rc); + return rc; + } + + rc =3D sp_do_init(sp); + if ( rc ) + { + dprintk(XENLOG_ERR, "asp-%pp: can't init device %d\n", &sp->pdev->= sbdf, + rc); + return rc; + } + + on_each_cpu(invalidate_cache, NULL, 1); + + rc =3D sp_df_flush(sp); + if ( rc ) + { + dprintk(XENLOG_ERR, "asp-%pp: can't flush %d\n", &sp->pdev->sbdf, = rc); + return rc; + } + + rc =3D sp_get_state(sp, &sp->state, &err); + if ( rc ) + dprintk(XENLOG_ERR, "asp-%pp: can't get sate %d\n", &sp->pdev->sbd= f,rc); + + + if ( sp->state !=3D SEV_STATE_INIT ) + { + dprintk(XENLOG_ERR, "asp-%pp: device is not inited 0x%x\n", + &sp->pdev->sbdf, sp->state); + return rc; + } + + printk(XENLOG_INFO "inited asp-%pp device\n", &sp->pdev->sbdf); + return 0; +} + +static int __init sp_init_irq(struct amd_sp_dev *sp) +{ + int irq, rc; + struct msi_info minfo; + struct msi_desc *mdesc; + + /* Disable and clear interrupts until ready */ + writel(0, sp->io_base + sp->vdata->inten_reg); + writel(-1, sp->io_base + sp->vdata->intsts_reg); + + irq =3D create_irq(0, false); + if ( !irq ) + { + dprintk(XENLOG_ERR, "asp-%pp: can't create interrupt\n", &sp->pdev= ->sbdf); + return -EBUSY; + } + + minfo.sbdf =3D sp->pdev->sbdf; + minfo.irq =3D irq; + minfo.entry_nr =3D 1; + if ( pci_find_cap_offset(sp->pdev->sbdf, PCI_CAP_ID_MSI) ) + minfo.table_base =3D 0; + else + { + dprintk(XENLOG_ERR, "asp-%pp: only MSI is handled\n", &sp->pdev->s= bdf); + return -EINVAL; + } + + mdesc =3D NULL; + + pcidevs_lock(); + + rc =3D pci_enable_msi(sp->pdev, &minfo, &mdesc); + if ( !rc ) + { + struct irq_desc *idesc =3D irq_to_desc(irq); + unsigned long flags; + + spin_lock_irqsave(&idesc->lock, flags); + rc =3D setup_msi_irq(idesc, mdesc); + spin_unlock_irqrestore(&idesc->lock, flags); + + if ( rc ) + { + pci_disable_msi(mdesc); + dprintk(XENLOG_ERR, "asp-%pp: can't setup msi %d\n", &sp->pdev= ->sbdf, rc); + } + } + + pcidevs_unlock(); + + if ( rc ) + { + if ( mdesc ) + msi_free_irq(mdesc); + else + destroy_irq(irq); + return rc; + + } + + rc =3D request_irq(irq, 0, sp_interrupt_handler, "amd_sp", sp); + + if ( rc ) + { + dprintk(XENLOG_ERR, "asp-%pp: can't request interrupt %d\n", &sp->= pdev->sbdf, rc); + return rc; + } + + sp->irq =3D irq; + + /* Enable interrupts */ + writel(-1, sp->io_base + sp->vdata->inten_reg); + + return 0; +} + +static int __init sp_map_iomem(struct amd_sp_dev *sp) +{ + uint32_t base_low; + uint32_t base_high; + uint16_t cmd; + size_t size; + bool high_space; + + base_low =3D pci_conf_read32(sp->pdev->sbdf, sp->vdata->base_offset); + + if ( (base_low & PCI_BASE_ADDRESS_SPACE) !=3D PCI_BASE_ADDRESS_SPACE_M= EMORY ) + return -EINVAL; + + if ( (base_low & PCI_BASE_ADDRESS_MEM_TYPE_MASK) =3D=3D PCI_BASE_ADDRE= SS_MEM_TYPE_64 ) + { + base_high =3D pci_conf_read32(sp->pdev->sbdf, sp->vdata->base_offs= et + 4); + high_space =3D true; + } else { + base_high =3D 0; + high_space =3D false; + } + + sp->io_pbase =3D ((paddr_t)base_high << 32) | (base_low & PCI_BASE_ADD= RESS_MEM_MASK); + ASSERT(sp->io_pbase); + + pci_conf_write32(sp->pdev->sbdf, sp->vdata->base_offset, 0xFFFFFFFF); + + if ( high_space ) { + pci_conf_write32(sp->pdev->sbdf, sp->vdata->base_offset + 4, 0xFFF= FFFFF); + size =3D (size_t)pci_conf_read32(sp->pdev->sbdf, sp->vdata->base_o= ffset + 4) << 32; + } else + size =3D ~0xffffffffUL; + + size |=3D pci_conf_read32(sp->pdev->sbdf, sp->vdata->base_offset); + sp->io_size =3D ~(size & PCI_BASE_ADDRESS_MEM_MASK) + 1; + + pci_conf_write32(sp->pdev->sbdf, sp->vdata->base_offset, base_low); + + if ( high_space ) + pci_conf_write32(sp->pdev->sbdf, sp->vdata->base_offset + 4, bas= e_high); + + cmd =3D pci_conf_read16(sp->pdev->sbdf, PCI_COMMAND); + pci_conf_write16(sp->pdev->sbdf, PCI_COMMAND, cmd | PCI_COMMAND_MEMORY= | PCI_COMMAND_MASTER); + + sp->io_base =3D ioremap(sp->io_pbase, sp->io_size); + if ( !sp->io_base ) + return -EFAULT; + + if ( pci_ro_device(0, sp->pdev->bus, sp->pdev->devfn) ) + { + dprintk(XENLOG_ERR, "asp-%pp: can't hide PCI device\n",&sp->pdev->sbdf); + return -EFAULT; + } + + return 0; +} + +static int __init sp_dev_create(struct pci_dev *pdev, struct psp_vdata *v= data) +{ + struct amd_sp_dev *sp; + int rc; + + printk(XENLOG_INFO "asp: discovered asp-%pp device\n", &pdev->sbdf); + + sp =3D xzalloc(struct amd_sp_dev); + if ( !sp ) + return -ENOMEM; + + sp->pdev =3D pdev; + sp->vdata =3D vdata; + sp->state =3D SEV_STATE_UNINIT; + + init_timer(&sp->cmd_timer, do_sp_cmd_timer, (void*)sp, 0); + + init_waitqueue_head(&sp->cmd_in_progress); + + rc =3D sp_map_iomem(sp); + if ( rc ) + { + dprintk(XENLOG_ERR, "asp-%pp: can't map iomem %d\n", &sp->pdev->sb= df, rc); + return rc; + } + + rc =3D sp_init_irq(sp); + if ( rc ) + { + dprintk(XENLOG_ERR, "asp-%pp: can't init irq %d\n", &sp->pdev->sbd= f, rc); + return rc; + } + + sp->cmd_buff =3D alloc_xenheap_pages(get_order_from_bytes(ASP_CMD_BUFF= _SIZE), 0); + if ( !sp->cmd_buff ) + { + dprintk(XENLOG_ERR, "asp-%pp: can't allocate cmd buffer\n", &sp->p= dev->sbdf); + return -ENOMEM; + } + + sp->cbuff_pa_low =3D (uint32_t)(__pa(sp->cmd_buff)); + sp->cbuff_pa_high =3D (uint32_t)(__pa(sp->cmd_buff) >> 32); + + list_add(&sp->list, &amd_sp_units); + + amd_sp_master =3D sp; + + return 0; +} + +static void sp_dev_destroy(struct amd_sp_dev* sp) +{ + if( sp->io_base ) + writel(0, sp->io_base + sp->vdata->inten_reg); + + if ( sp->cmd_buff ) + free_xenheap_pages(sp->cmd_buff, get_order_from_bytes(ASP_CMD_BUFF= _SIZE)); + + xfree(sp); +} + +static void sp_devs_destroy(void) +{ + struct amd_sp_dev *sp, *next; + + list_for_each_entry_safe ( sp, next, &amd_sp_units, list) + { + list_del(&sp->list); + sp_dev_destroy(sp); + } +} + +static int __init amd_sp_probe(void) +{ + int bus =3D 0, devfn =3D 0, rc; + struct amd_sp_dev *sp; + + if ( boot_cpu_has(X86_FEATURE_XEN_SHSTK) ) + { + force_sync =3D true; + printk(XENLOG_INFO "asp: CET-SS detected - sync mode forced\n"); + } + + for ( bus =3D 0; bus < 256; ++bus ) + for ( devfn =3D 0; devfn < 256; ++devfn ) + { + struct pci_dev *pdev; + pcidevs_lock(); + pdev =3D pci_get_pdev(NULL, PCI_SBDF(0, bus, devfn)); + pcidevs_unlock(); + + if ( !pdev || pci_conf_read16(pdev->sbdf, PCI_VENDOR_ID) !=3D + PCI_VENDOR_ID_AMD ) + continue; + + switch ( pci_conf_read16(pdev->sbdf, PCI_DEVICE_ID) ) + { + case 0x1456: + rc =3D sp_dev_create(pdev, &pspv1); + break; + case 0x1486: + rc =3D sp_dev_create(pdev, &pspv2); + break; + case 0x14CA: + rc =3D sp_dev_create(pdev, &pspv4); + break; + case 0x156E: + rc =3D sp_dev_create(pdev, &pspv6); + break; + default: + rc =3D 0; + break; + } + if ( rc ) + goto err; + } + + for_each_sp_unit(sp) + { + rc =3D sp_dev_init(sp); + if ( rc ) + goto err; + } + + return 0; + + err: + sp_devs_destroy(); + return rc; +} + +__initcall(amd_sp_probe); --=20 2.49.0 Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech From nobody Tue Dec 16 03:21:35 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=vates.tech ARC-Seal: i=1; a=rsa-sha256; t=1747391012; cv=none; d=zohomail.com; s=zohoarc; b=M4uzZLKNCiEwo9qvVUbdt6ilPzFAXW9v/GCvQS5VELFHNcSx45a5zfnx/Gr/IDJmvPuLbE2iuh5dhqrWh/btn/peuOee73hhyO9b2XS/98MyaW6N9NTppYQnYDbaFGE1c08gfnhKHy5O1RN2FbHY4ivzap1s3gfBrM8CMXbAztE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747391012; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=DandEhzp+qPKdWdpmRXBmMLVVVlG3pQoydJsD7Um6to=; b=ltVh/WJogxJzt2lMi0FS3C1hW5t0hTVbxXlHBNKGqiK6UtGZzbVSN4FdxvXN8HnMa4SNQpLbp9BIf71X7U1RNaKry5oVtKGkShnEnBqiwaILqo2fGAq8qfvf2QRkxVrP/KEiY+xryue1Rp6bpj2hQAlkptVWMzaZzHQKPJsjGdI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747391012573421.0586580299331; Fri, 16 May 2025 03:23:32 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.986812.1372338 (Exim 4.92) (envelope-from ) id 1uFsDl-0001Au-6b; Fri, 16 May 2025 10:23:17 +0000 Received: by outflank-mailman (output) from mailman id 986812.1372338; Fri, 16 May 2025 10:23:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFsDl-0001Al-3p; Fri, 16 May 2025 10:23:17 +0000 Received: by outflank-mailman (input) for mailman id 986812; Fri, 16 May 2025 10:23:15 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFsDj-0000kS-HI for xen-devel@lists.xenproject.org; Fri, 16 May 2025 10:23:15 +0000 Received: from mail133-28.atl131.mandrillapp.com (mail133-28.atl131.mandrillapp.com [198.2.133.28]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id c5a53bcc-323f-11f0-9ffb-bf95429c2676; Fri, 16 May 2025 12:23:13 +0200 (CEST) Received: from pmta13.mandrill.prod.atl01.rsglab.com (localhost [127.0.0.1]) by mail133-28.atl131.mandrillapp.com (Mailchimp) with ESMTP id 4ZzNSw4kMszMQxhr2 for ; Fri, 16 May 2025 10:23:12 +0000 (GMT) Received: from [37.26.189.201] by mandrillapp.com id e4369dd05760456da708e1454a2b2ce5; Fri, 16 May 2025 10:23:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: c5a53bcc-323f-11f0-9ffb-bf95429c2676 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com; s=mte1; t=1747390992; x=1747660992; bh=DandEhzp+qPKdWdpmRXBmMLVVVlG3pQoydJsD7Um6to=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=gtSQHzLaiFJmwd3fY/To9E6iJGVRkCHSG2ZuIkc0Op0kIZhCpmBL1FMtQ0RRzjGhT +6UUlVSrIFt5X2KIvYJem9ub7n2DZlDuhjo4ql6GA8xRHMxof553+GlCluS5QT7h6A uAyUug7ybmUkDsBm4N1YIY3ZNrGE0IxOoS+Dspjb5SdtRdHl1jQ0Fk2pg62/aCaMHV BivaPSdUJ6LJKsmlFCCTv7nDmTBgyal8pQH9rcNerdOtaWGfrCdHVTJFa3u8MTMG8F TwAu6wjYelUgpxgK6P4Jcxi6HNfdf960BJs9j2BwbFAPElaw/wxJGLc8QNR7DJeV+1 EU8LCBYPLwD9g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vates.tech; s=mte1; t=1747390992; x=1747651492; i=teddy.astie@vates.tech; bh=DandEhzp+qPKdWdpmRXBmMLVVVlG3pQoydJsD7Um6to=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=OSzdryaztxGhQKUhl1b2SIM1J900Y41ZP6cTY31ujCh2PSc90ruH92ZAcYhmNwt6X EFVQ6BHBq5pbchzf9BnN+isz7mIJ42WC15MGY9kXG6NWfmuxH+MF3xGVdw06ymVzHw y1v4eSXDrTcKCWT8vjy8jzA1hUTXqMf8hgQoE3Z1/q9rYQM9MRlhAc8oZzimHQS3bh /AeEAI4AxO8Ak83uE4vArIO6rY3QG15uXtW8Qgd2sB8pCjgP3Eym8Jj/1vVUzw/Vq2 sZoxH+KvWXD2uepKLDQMrdoNmafKPB9CtcCl1QCzPEaNp1wEXN0ZOpwNWNbYbqTE5J +YDYgmVJNPwlw== From: "Teddy Astie" Subject: =?utf-8?Q?[RFC=20PATCH=2009/16]=20common:=20Introduce=20confidential=20computing=20infrastructure?= X-Mailer: git-send-email 2.49.0 X-Bm-Disclaimer: Yes X-Bm-Milter-Handled: 4ffbd6c1-ee69-4e1b-aabd-f977039bd3e2 X-Bm-Transport-Timestamp: 1747390991298 To: xen-devel@lists.xenproject.org Cc: "Teddy Astie" , "Jan Beulich" , "Andrew Cooper" , "=?utf-8?Q?Roger=20Pau=20Monn=C3=A9?=" , "Anthony PERARD" , "Michal Orzel" , "Julien Grall" , "Stefano Stabellini" Message-Id: <2bff74440483be3c59156257a60d632727a18582.1747312394.git.teddy.astie@vates.tech> In-Reply-To: References: X-Native-Encoded: 1 X-Report-Abuse: =?UTF-8?Q?Please=20forward=20a=20copy=20of=20this=20message,=20including=20all=20headers,=20to=20abuse@mandrill.com.=20You=20can=20also=20report=20abuse=20here:=20https://mandrillapp.com/contact/abuse=3Fid=3D30504962.e4369dd05760456da708e1454a2b2ce5?= X-Mandrill-User: md_30504962 Feedback-ID: 30504962:30504962.20250516:md Date: Fri, 16 May 2025 10:23:12 +0000 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @mandrillapp.com) (identity teddy.astie@vates.tech) X-ZM-MESSAGEID: 1747391015026116600 Content-Type: text/plain; charset="utf-8" Introduce a subsystem that is used for future confidential computing platforms. This subsystem manages and provides hooks for domain management and exposes various informations for toolstack (COCO platform, supported features, ...). Add a domain creation flag to build a confidential computing guest. Signed-off-by: Teddy Astie --- xen/arch/x86/domain.c | 4 + xen/arch/x86/hvm/hvm.c | 10 ++- xen/common/Kconfig | 5 ++ xen/common/Makefile | 1 + xen/common/coco.c | 134 ++++++++++++++++++++++++++++++++++ xen/common/domain.c | 41 ++++++++++- xen/include/hypercall-defs.c | 2 + xen/include/public/domctl.h | 5 +- xen/include/public/hvm/coco.h | 65 +++++++++++++++++ xen/include/public/xen.h | 1 + xen/include/xen/coco.h | 88 ++++++++++++++++++++++ xen/include/xen/sched.h | 10 +++ 12 files changed, 363 insertions(+), 3 deletions(-) create mode 100644 xen/common/coco.c create mode 100644 xen/include/public/hvm/coco.h create mode 100644 xen/include/xen/coco.h diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index f197dad4c0..a5783154ad 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -12,6 +12,7 @@ */ =20 #include +#include #include #include #include @@ -948,6 +949,9 @@ void arch_domain_destroy(struct domain *d) free_xenheap_page(d->shared_info); cleanup_domain_irq_mapping(d); =20 + if ( is_coco_domain(d) ) + coco_domain_destroy(d); + psr_domain_free(d); } =20 diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 625ae2098b..e1bcf8e086 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -15,6 +15,7 @@ #include #include #include +#include #include #include #include @@ -702,7 +703,11 @@ int hvm_domain_initialise(struct domain *d, if ( rc ) goto fail2; =20 - rc =3D hvm_asid_alloc(&d->arch.hvm.asid); + if ( is_coco_domain(d) && d->coco_ops && d->coco_ops->asid_alloc ) + rc =3D d->coco_ops->asid_alloc(d, &d->arch.hvm.asid); + else + rc =3D hvm_asid_alloc(&d->arch.hvm.asid); + if ( rc ) goto fail2; =20 @@ -710,6 +715,9 @@ int hvm_domain_initialise(struct domain *d, if ( rc !=3D 0 ) goto fail2; =20 + if ( is_coco_domain(d) ) + coco_domain_initialise(d); + return 0; =20 fail2: diff --git a/xen/common/Kconfig b/xen/common/Kconfig index 6d43be2e6e..1ddb73e707 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -576,4 +576,9 @@ config BUDDY_ALLOCATOR_SIZE Amount of memory reserved for the buddy allocator to serve Xen heap, working alongside the colored one. =20 +config COCO + bool "Enable COnfidential COmputing support for guests" if EXPERT + default n + help + Allows to run guests in private encrypted memory space. endmenu diff --git a/xen/common/Makefile b/xen/common/Makefile index 98f0873056..4409510fc0 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -5,6 +5,7 @@ obj-$(CONFIG_GENERIC_BUG_FRAME) +=3D bug.o obj-$(CONFIG_HYPFS_CONFIG) +=3D config_data.o obj-$(CONFIG_CORE_PARKING) +=3D core_parking.o obj-y +=3D cpu.o +obj-$(CONFIG_COCO) +=3D coco.o obj-$(CONFIG_DEBUG_TRACE) +=3D debugtrace.o obj-$(CONFIG_HAS_DEVICE_TREE) +=3D device.o obj-$(filter-out $(CONFIG_X86),$(CONFIG_ACPI)) +=3D device.o diff --git a/xen/common/coco.c b/xen/common/coco.c new file mode 100644 index 0000000000..d9bd17628d --- /dev/null +++ b/xen/common/coco.c @@ -0,0 +1,134 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * General confidential computing functions. + */ +=20 +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include + +static __ro_after_init struct coco_ops *coco_ops; +__read_mostly struct coco_platform_status platform_status; + +void __init coco_register_ops(struct coco_ops *ops) +{ + coco_ops =3D ops; +} + +int __init coco_init(void) +{ + int rc =3D 0; + + if ( coco_ops ) + printk("coco: Using '%s'\n", coco_ops->name); + else + { + printk("coco: No platform found\n"); + return 0; + } + + if ( coco_ops->init ) + { + rc =3D coco_ops->init(); + =20 + if ( rc ) + { + printk("coco: Unable to initialize coco platform (%d)", rc); + goto err; + } + } + + rc =3D coco_ops->get_platform_status(&platform_status); + if ( rc ) + { + printk("coco: Unable to get platform status\n"); + goto err; + } + + return 0; + +err: + /* Disable confidential computing if initialization failed. */ + coco_ops =3D NULL; + return rc; +} + +void coco_set_domain_ops(struct domain *d) +{ + ASSERT(is_coco_domain(d)); + + d->coco_ops =3D coco_ops->get_domain_ops(d); +} + +int coco_prepare_initial_memory(struct domain *d, gfn_t gfn, size_t page_c= ount) +{ + /* TODO: Check prepare_initial_memory constraints (no dangling mapping= ). */ + + if ( d->coco_ops->prepare_initial_mem ) + return d->coco_ops->prepare_initial_mem(d, gfn, page_count); + =20 + return 0; +} + +long coco_op_prepare_initial_mem(struct coco_prepare_initial_mem arg) +{ + long rc =3D 0; + struct domain *d =3D get_domain_by_id(arg.domid); + + if ( !d ) + return -ENOENT; + =20 + if ( !is_coco_domain(d) ) + { + rc =3D -EOPNOTSUPP; + goto out; + } + + rc =3D coco_prepare_initial_memory(d, arg.gfn, arg.count); + +out: + put_domain(d); + return rc; +} + +long do_coco_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +{ + if ( !is_hardware_domain(current->domain) ) + return -EPERM; + + switch (cmd) + { + case XEN_COCO_platform_status: + { + if ( copy_to_guest(arg, &platform_status, 1) ) + return -EFAULT; + + return 0; + } + =20 + case XEN_COCO_prepare_initial_mem: + { + struct coco_prepare_initial_mem prepare_initial_mem; + + if ( copy_from_guest(&prepare_initial_mem, arg, 1) ) + return -EFAULT; + + return coco_op_prepare_initial_mem(prepare_initial_mem); + } + + default: + return -ENOSYS; + } +} + +__initcall(coco_init); \ No newline at end of file diff --git a/xen/common/domain.c b/xen/common/domain.c index abf1969e60..c29d6efd29 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -4,6 +4,7 @@ * Generic domain-handling functions. */ =20 +#include #include #include #include @@ -716,17 +717,51 @@ static int sanitise_domain_config(struct xen_domctl_c= reatedomain *config) bool hap =3D config->flags & XEN_DOMCTL_CDF_hap; bool iommu =3D config->flags & XEN_DOMCTL_CDF_iommu; bool vpmu =3D config->flags & XEN_DOMCTL_CDF_vpmu; + bool coco =3D config->flags & XEN_DOMCTL_CDF_coco; =20 if ( config->flags & ~(XEN_DOMCTL_CDF_hvm | XEN_DOMCTL_CDF_hap | XEN_DOMCTL_CDF_s3_integrity | XEN_DOMCTL_CDF_oos_off | XEN_DOMCTL_CDF_xs_domain | XEN_DOMCTL_CDF_iommu | - XEN_DOMCTL_CDF_nested_virt | XEN_DOMCTL_CDF_vpmu) ) + XEN_DOMCTL_CDF_nested_virt | XEN_DOMCTL_CDF_vpmu | XEN_DOMCTL_C= DF_coco) ) { dprintk(XENLOG_INFO, "Unknown CDF flags %#x\n", config->flags); return -EINVAL; } =20 + if ( coco ) + { + if ( !IS_ENABLED(CONFIG_COCO) ) + { + dprintk(XENLOG_INFO, "COCO support is compiled out\n"); + return -EINVAL; + } + + if ( !coco_is_supported() ) + { + dprintk(XENLOG_INFO, "COCO is not available\n"); + return -EINVAL; + } + =20 + if ( !hvm ) + { + dprintk(XENLOG_INFO, "COCO requested for non-HVM guest\n"); + return -EINVAL; + } + + if ( !hap ) + { + dprintk(XENLOG_INFO, "COCO cannot work without HAP\n"); + return -EINVAL; + } + + if ( config->flags & XEN_DOMCTL_CDF_nested_virt ) + { + dprintk(XENLOG_INFO, "Nested virtualization isn't supported wi= th COCO\n"); + return -EINVAL; + } + } + if ( config->grant_opts & ~XEN_DOMCTL_GRANT_version_mask ) { dprintk(XENLOG_INFO, "Unknown grant options %#x\n", config->grant_= opts); @@ -836,6 +871,9 @@ struct domain *domain_create(domid_t domid, /* Holding CDF_* internal flags. */ d->cdf =3D flags; =20 + if ( is_coco_domain(d) ) + coco_set_domain_ops(d); + TRACE_TIME(TRC_DOM0_DOM_ADD, d->domain_id); =20 lock_profile_register_struct(LOCKPROF_TYPE_PERDOM, d, domid); @@ -1617,6 +1655,7 @@ int domain_unpause_by_systemcontroller(struct domain = *d) { d->creation_finished =3D true; arch_domain_creation_finished(d); + coco_domain_creation_finished(d); /* TODO: or before arch_* ? */ } =20 domain_unpause(d); diff --git a/xen/include/hypercall-defs.c b/xen/include/hypercall-defs.c index 7720a29ade..6c01a9e395 100644 --- a/xen/include/hypercall-defs.c +++ b/xen/include/hypercall-defs.c @@ -209,6 +209,7 @@ hypfs_op(unsigned int cmd, const char *arg1, unsigned l= ong arg2, void *arg3, uns #ifdef CONFIG_X86 xenpmu_op(unsigned int op, xen_pmu_params_t *arg) #endif +coco_op(unsigned int cmd, void *arg) =20 #ifdef CONFIG_PV caller: pv64 @@ -295,5 +296,6 @@ mca do do - = - - #ifndef CONFIG_PV_SHIM_EXCLUSIVE paging_domctl_cont do do do do - #endif +coco_op do do do do do =20 #endif /* !CPPCHECK */ diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h index 5b2063eed9..f4f69556b6 100644 --- a/xen/include/public/domctl.h +++ b/xen/include/public/domctl.h @@ -67,8 +67,11 @@ struct xen_domctl_createdomain { /* Should we expose the vPMU to the guest? */ #define XEN_DOMCTL_CDF_vpmu (1U << 7) =20 +#define _XEN_DOMCTL_CDF_coco 8 +#define XEN_DOMCTL_CDF_coco (1U << _XEN_DOMCTL_CDF_coco) + /* Max XEN_DOMCTL_CDF_* constant. Used for ABI checking. */ -#define XEN_DOMCTL_CDF_MAX XEN_DOMCTL_CDF_vpmu +#define XEN_DOMCTL_CDF_MAX XEN_DOMCTL_CDF_coco =20 uint32_t flags; =20 diff --git a/xen/include/public/hvm/coco.h b/xen/include/public/hvm/coco.h new file mode 100644 index 0000000000..2e23d91e12 --- /dev/null +++ b/xen/include/public/hvm/coco.h @@ -0,0 +1,65 @@ +/* SPDX-License-Identifier: MIT */ +#ifndef __XEN_PUBLIC_HVM_COCO_H__ +#define __XEN_PUBLIC_HVM_COCO_H__ + +#include "../xen.h" + +#define XEN_COCO_platform_status 0 + +/** + * XEN_COCO_platform_status: Get the status of confidential computing plat= form. + * + * Query informations regarding the current confidential computing platfor= m. + * + * Confidential computing is supposed working as long as COCO_STATUS_FLAG_= SUPPORTED bit + * is set, and additionally security-supported only if COCO_STATUS_FLAG_UN= SAFE bit + * is cleared. + * + * If COCO_PLATFORM_FLAG_UNSAFE is set but COCO_PLATFORM_FLAG_SUPPORTED is= not, + * then confidential computing is explicitly present but intentionally dis= abled + * or forbidden by policy. + */ +struct coco_platform_status { +#define COCO_PLATFORM_none 0 /* None */ +#define COCO_PLATFORM_amd_sev 1 /* AMD Secure Encrypted Virtualization= */ +#define COCO_PLATFORM_intel_tdx 2 /* Intel Trust Domain Extensions */ +#define COCO_PLATFORM_arm_rme 3 /* ARM Realm Management Extension */ + uint32_t platform; /* OUT */ + +#define COCO_PLATFORM_FLAG_sev_es (1 << 0) /* AMD SEV Encrypted State */ +#define COCO_PLATFORM_FLAG_sev_snp (1 << 1) /* AMD SEV Secure Nested Pagin= g */ +#define COCO_PLATFORM_FLAG_sev_tio (1 << 2) /* AMD SEV Trusted I/O */ + uint32_t platform_flags; /* OUT */ + +#define COCO_STATUS_FLAG_supported (1 << 0) /* Confidential computing is s= upported and usable */ +#define COCO_STATUS_FLAG_unsafe (1 << 1) /* Confidential computing is u= nsafe (e.g debug mode) */ + uint32_t flags; /* OUT */ + uint32_t features; /* OUT */ + + uint32_t version_major; /* OUT */ + uint32_t version_minor; /* OUT */ +}; +typedef struct coco_platform_status coco_platform_status_t; +DEFINE_XEN_GUEST_HANDLE(coco_platform_status_t); + +#define XEN_COCO_prepare_initial_mem 1 + +/** + * XEN_COCO_prepare_initial_mem: Prepare early memory pages of a guest + *=20 + * During guest construction, the confidential computing platform may requ= ire memory + * to be prepared (e.g., encrypted) before the guest is started. + *=20 + * After preparation, any further access to these pages is invalid, as the= y may be + * encrypted, sealed, or tracked by the platform. + */ +struct coco_prepare_initial_mem { + domid_t domid; /* IN */ + uint16_t _rsvd[3]; /* ZERO */ + uint64_t gfn; /* IN */ + uint64_t count; /* IN */ +}; +typedef struct coco_prepare_initial_mem coco_prepare_initial_mem_t; +DEFINE_XEN_GUEST_HANDLE(coco_prepare_initial_mem_t); + +#endif /* __XEN_PUBLIC_HVM_COCO_H__ */ diff --git a/xen/include/public/xen.h b/xen/include/public/xen.h index 82b9c05a76..e656d6f617 100644 --- a/xen/include/public/xen.h +++ b/xen/include/public/xen.h @@ -118,6 +118,7 @@ DEFINE_XEN_GUEST_HANDLE(xen_ulong_t); #define __HYPERVISOR_xenpmu_op 40 #define __HYPERVISOR_dm_op 41 #define __HYPERVISOR_hypfs_op 42 +#define __HYPERVISOR_coco_op 43 =20 /* Architecture-specific hypercall definitions. */ #define __HYPERVISOR_arch_0 48 diff --git a/xen/include/xen/coco.h b/xen/include/xen/coco.h new file mode 100644 index 0000000000..2ae43995ec --- /dev/null +++ b/xen/include/xen/coco.h @@ -0,0 +1,88 @@ +#ifndef _XEN_COCO_H +#define _XEN_COCO_H + +#include + +#include +#include + +#include + +extern __read_mostly struct coco_platform_status platform_status; + +struct coco_domain_ops { + int (*prepare_initial_mem)(struct domain *d, gfn_t gfn, size_t page_co= unt); + /* domain_creation_finished, ... */ =20 + + /* HVM domain hooks */ + int (*domain_initialise)(struct domain *d); + int (*domain_creation_finished)(struct domain *d); + void (*domain_destroy)(struct domain *d); + +#ifdef CONFIG_X86 + /* COCO-specific ASID allocation logic */ + int (*asid_alloc)(struct domain *d, struct hvm_asid *asid); +#endif +}; + +struct coco_ops { + const char *name; + =20 + int (*init)(void); + int (*get_platform_status)(coco_platform_status_t *status); + struct coco_domain_ops *(*get_domain_ops)(struct domain *d); +}; + +void __init coco_register_ops(struct coco_ops *ops); +int __init coco_init(void); +void coco_set_domain_ops(struct domain *d); + +#ifdef CONFIG_COCO +static inline bool coco_is_supported(void) +{ + return evaluate_nospec(platform_status.flags & COCO_STATUS_FLAG_suppor= ted); +} + +static inline int coco_domain_initialise(struct domain *d) +{ + if ( d->coco_ops && d->coco_ops->domain_initialise ) + return d->coco_ops->domain_initialise(d); + + return 0; +} + +static inline int coco_domain_creation_finished(struct domain *d) +{ + if ( d->coco_ops && d->coco_ops->domain_creation_finished ) + return d->coco_ops->domain_creation_finished(d); + + return 0; +} + +static inline void coco_domain_destroy(struct domain *d) +{ + if ( d->coco_ops && d->coco_ops->domain_destroy ) + d->coco_ops->domain_destroy(d); +} +#else +static inline bool coco_is_supported(void) +{ + return false; +} + +static inline int coco_domain_initialise(struct domain *d) +{ + return 0; +} + +static inline int coco_domain_creation_finished(struct domain *d) +{ + return 0; +} + +static inline void coco_domain_destroy(struct domain *d) +{ +} +#endif + +#endif /* _XEN_COCO_H */ \ No newline at end of file diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index f2f5a98534..c57bedc30a 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -630,6 +630,10 @@ struct domain struct argo_domain *argo; #endif =20 +#ifdef CONFIG_COCO + struct coco_domain_ops *coco_ops; +#endif + /* * Continuation information for domain_teardown(). All fields entirely * private. @@ -1198,6 +1202,12 @@ static always_inline bool is_hvm_vcpu(const struct v= cpu *v) return is_hvm_domain(v->domain); } =20 +static always_inline bool is_coco_domain(const struct domain *d) +{ + return IS_ENABLED(CONFIG_COCO) && + evaluate_nospec(d->options & XEN_DOMCTL_CDF_coco); +} + static always_inline bool hap_enabled(const struct domain *d) { /* sanitise_domain_config() rejects HAP && !HVM */ --=20 2.49.0 Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech From nobody Tue Dec 16 03:21:35 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=vates.tech ARC-Seal: i=1; a=rsa-sha256; t=1747391485; cv=none; d=zohomail.com; s=zohoarc; b=R4L3N9oqmZfPmgzbA5aogvn2xuWcPSl4Fuj6nGV5M6QWNI1iQ+UF14KEcTaMgmfNgr+pfmmYWK7mQbUGOvqpR8sYu+qvury0tDEX5kNdMKPqhI8oO8YLHLPmeobT6SBmEBJhnIDQgnUemAxKMxtUwhbaYyY/ftaTYEuKM34FHw8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747391485; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=GO5Dri+xVh1Y4JynkAC/L1FcSze9E66ZA2NqARyadRc=; b=M9NI5dU2ztk7TtdeSDUPuw5a4GQxRLcTBH32MnBSc3T1mFgcndWVzlEsn1ujWLoCoQkWk4D88CPXfoERZS5ocLmqzVVmj6kougIp80KEF12qpYy9E5T+pms+mBegNyXYWiGEFvBqwv+S23U69BNjm44ITxRm8W7mkrOmeL3anJ4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747391485891453.2244684902753; Fri, 16 May 2025 03:31:25 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.986846.1372359 (Exim 4.92) (envelope-from ) id 1uFsLR-0003nz-84; Fri, 16 May 2025 10:31:13 +0000 Received: by outflank-mailman (output) from mailman id 986846.1372359; Fri, 16 May 2025 10:31:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFsLR-0003ns-52; Fri, 16 May 2025 10:31:13 +0000 Received: by outflank-mailman (input) for mailman id 986846; Fri, 16 May 2025 10:31:12 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFsER-0000kS-Md for xen-devel@lists.xenproject.org; Fri, 16 May 2025 10:23:59 +0000 Received: from mail133-28.atl131.mandrillapp.com (mail133-28.atl131.mandrillapp.com [198.2.133.28]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id e002a537-323f-11f0-9ffb-bf95429c2676; Fri, 16 May 2025 12:23:57 +0200 (CEST) Received: from pmta13.mandrill.prod.atl01.rsglab.com (localhost [127.0.0.1]) by mail133-28.atl131.mandrillapp.com (Mailchimp) with ESMTP id 4ZzNTm6PzCzMQxhrj for ; Fri, 16 May 2025 10:23:56 +0000 (GMT) Received: from [37.26.189.201] by mandrillapp.com id a32b69adad444adc87b2b2c102ecc179; Fri, 16 May 2025 10:23:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: e002a537-323f-11f0-9ffb-bf95429c2676 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com; s=mte1; t=1747391036; x=1747661036; bh=GO5Dri+xVh1Y4JynkAC/L1FcSze9E66ZA2NqARyadRc=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=CTsn8QblBtzpLm3VnaNNXup9lAPub+fkhhWKiAhhTfvNWKRnXm2TQzfStGqLP1rSU YwepmnGjvEe9hSf9gVjxCnMeODo5XCv0i6hXtZiYK2gjmtWqpYE+sHNjBkebOI0+kC RejD5hpi2d4QqZ+Iv3POZfuLj7KYHQBx3EI4XP0N2+Q/aqRsyisjygaAfkX+VeXFH1 zPa7DBvlcnfIzI31UO6K8LkPsxb6EeLDkXxkJf+TjH1AG0Fq0MCGOw1OpTHrDqIjr+ jUHKxnTVxT4zIJDolYrlTv/QXYoYtdzVMEnqWoRDNPoCIy2XyoIrMdf25V1U8An48p aqbChmRJttnWw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vates.tech; s=mte1; t=1747391036; x=1747651536; i=teddy.astie@vates.tech; bh=GO5Dri+xVh1Y4JynkAC/L1FcSze9E66ZA2NqARyadRc=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=KmfPe3kbcFhlEze4gm87u0qrqVZ/Q7Jzz6D8zsaXa1rhkaRrsckO0GxfoL8crxXsm MLlr8lGVAEumN3uvJldnU4AVj9GfYBO+Wil4oyatq/Pach06Qm0nbxurs9F8KwSrlL RJ20DXPUEhByd6WqvQBlcx5w45cXs6hxdxHPn27xzs+h5S0ktcReCH8JcHp9vJxRpr nS8WA01vwGk38RyR6eiGjJIFthakTz9nI0Als0NXasbvhlk+L3pW4pHTMy0RT8HQGB TRQmlMQEiGMbuYQIjPLvuY1IHfVOjfGCZJ53gDqwxItka4wNvQfuHURXdYqmphtJfQ V1gxZpKawphOw== From: "Teddy Astie" Subject: =?utf-8?Q?[RFC=20PATCH=2010/16]=20xl/coco:=20Introduce=20confidential=20computing=20support?= X-Mailer: git-send-email 2.49.0 X-Bm-Disclaimer: Yes X-Bm-Milter-Handled: 4ffbd6c1-ee69-4e1b-aabd-f977039bd3e2 X-Bm-Transport-Timestamp: 1747391035719 To: xen-devel@lists.xenproject.org Cc: "Teddy Astie" , "Anthony PERARD" , "Juergen Gross" , "Jan Beulich" , "Andrew Cooper" , "=?utf-8?Q?Roger=20Pau=20Monn=C3=A9?=" , "Christian Lindig" , "David Scott" , "Vaishali Thakkar" Message-Id: <85b52eb462e171b420d6c8e7c748af763504e9f2.1747312394.git.teddy.astie@vates.tech> In-Reply-To: References: X-Native-Encoded: 1 X-Report-Abuse: =?UTF-8?Q?Please=20forward=20a=20copy=20of=20this=20message,=20including=20all=20headers,=20to=20abuse@mandrill.com.=20You=20can=20also=20report=20abuse=20here:=20https://mandrillapp.com/contact/abuse=3Fid=3D30504962.a32b69adad444adc87b2b2c102ecc179?= X-Mandrill-User: md_30504962 Feedback-ID: 30504962:30504962.20250516:md Date: Fri, 16 May 2025 10:23:56 +0000 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @mandrillapp.com) (identity teddy.astie@vates.tech) X-ZM-MESSAGEID: 1747391487710116600 Content-Type: text/plain; charset="utf-8" From: Vaishali Thakkar Signed-off-by: Vaishali Thakkar Signed-off-by: Teddy Astie --- tools/include/libxl.h | 5 ++++ tools/include/xenctrl.h | 4 ++++ tools/include/xenguest.h | 1 + tools/libs/ctrl/xc_domain.c | 36 +++++++++++++++++++++++++++++ tools/libs/guest/Makefile.common | 2 ++ tools/libs/guest/xg_dom_boot.c | 33 +++++++++++++++++++++++++++ tools/libs/guest/xg_dom_coco.c | 35 ++++++++++++++++++++++++++++ tools/libs/guest/xg_dom_coco.h | 39 ++++++++++++++++++++++++++++++++ tools/libs/guest/xg_dom_x86.c | 1 + tools/libs/light/libxl_cpuid.c | 1 + tools/libs/light/libxl_create.c | 4 ++++ tools/libs/light/libxl_dom.c | 1 + tools/libs/light/libxl_types.idl | 1 + tools/libs/util/libxlu_disk_l.c | 13 ++++------- tools/libs/util/libxlu_disk_l.h | 7 ++---- tools/misc/xen-cpuid.c | 1 + tools/ocaml/libs/xc/xenctrl.ml | 1 + tools/ocaml/libs/xc/xenctrl.mli | 1 + tools/xl/xl_parse.c | 2 ++ 19 files changed, 175 insertions(+), 13 deletions(-) create mode 100644 tools/libs/guest/xg_dom_coco.c create mode 100644 tools/libs/guest/xg_dom_coco.h diff --git a/tools/include/libxl.h b/tools/include/libxl.h index b7ad7735ca..e75179b604 100644 --- a/tools/include/libxl.h +++ b/tools/include/libxl.h @@ -178,6 +178,11 @@ */ #define LIBXL_HAVE_BUILDINFO_EVENT_CHANNELS 1 =20 +/* + * The libxl_domain_build_info has the coco field. +*/ +#define LIBXL_HAVE_BUILDINFO_COCO 1 + /* * libxl_domain_build_info has the u.hvm.ms_vm_genid field. */ diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h index 4955981231..aae228da44 100644 --- a/tools/include/xenctrl.h +++ b/tools/include/xenctrl.h @@ -46,6 +46,7 @@ #include #include #include +#include =20 #include "xentoollog.h" #include "xen-barrier.h" @@ -1682,6 +1683,9 @@ int xc_hvm_param_get(xc_interface *handle, uint32_t d= om, uint32_t param, uint64_ int xc_set_hvm_param(xc_interface *handle, uint32_t dom, int param, unsign= ed long value); int xc_get_hvm_param(xc_interface *handle, uint32_t dom, int param, unsign= ed long *value); =20 +int xc_coco_platform_status(xc_interface *handle, coco_platform_status_t *= status); +int xc_coco_prepare_initial_mem(xc_interface *handle, coco_prepare_initial= _mem_t *cmd); + /* HVM guest pass-through */ int xc_assign_device(xc_interface *xch, uint32_t domid, diff --git a/tools/include/xenguest.h b/tools/include/xenguest.h index e01f494b77..9d36fa5665 100644 --- a/tools/include/xenguest.h +++ b/tools/include/xenguest.h @@ -219,6 +219,7 @@ struct xc_dom_image { xen_paddr_t lowmem_end; xen_paddr_t highmem_end; xen_pfn_t vga_hole_size; + bool coco; /* 1 if this is a confidential computing guest, 0 otherwise= */ =20 /* If unset disables the setup of the IOREQ pages. */ bool device_model; diff --git a/tools/libs/ctrl/xc_domain.c b/tools/libs/ctrl/xc_domain.c index 2ddc3f4f42..66b6c146f4 100644 --- a/tools/libs/ctrl/xc_domain.c +++ b/tools/libs/ctrl/xc_domain.c @@ -20,8 +20,10 @@ */ =20 #include "xc_private.h" +#include "xenctrl.h" #include #include +#include =20 int xc_domain_create(xc_interface *xch, uint32_t *pdomid, struct xen_domctl_createdomain *config) @@ -1496,6 +1498,40 @@ int xc_get_hvm_param(xc_interface *handle, uint32_t = dom, int param, unsigned lon return 0; } =20 +int xc_coco_platform_status(xc_interface *handle, coco_platform_status_t *= status) +{ + DECLARE_HYPERCALL_BUFFER(coco_platform_status_t, arg); + int rc; + + arg =3D xc_hypercall_buffer_alloc(handle, arg, sizeof(*arg)); + if ( arg =3D=3D NULL ) + return -1; + memcpy(arg, status, sizeof(coco_platform_status_t)); + + rc =3D xencall2(handle->xcall, __HYPERVISOR_coco_op, XEN_COCO_platform= _status, + HYPERCALL_BUFFER_AS_ARG(arg)); + + xc_hypercall_buffer_free(handle, arg); + return rc; +} + +int xc_coco_prepare_initial_mem(xc_interface *handle, coco_prepare_initial= _mem_t *cmd) +{ + DECLARE_HYPERCALL_BUFFER(coco_prepare_initial_mem_t, arg); + int rc; + + arg =3D xc_hypercall_buffer_alloc(handle, arg, sizeof(*arg)); + if ( arg =3D=3D NULL ) + return -1; + memcpy(arg, cmd, sizeof(coco_prepare_initial_mem_t)); + + rc =3D xencall2(handle->xcall, __HYPERVISOR_coco_op, XEN_COCO_prepare_= initial_mem, + HYPERCALL_BUFFER_AS_ARG(arg)); + + xc_hypercall_buffer_free(handle, arg); + return rc; +} + int xc_domain_setdebugging(xc_interface *xch, uint32_t domid, unsigned int enable) diff --git a/tools/libs/guest/Makefile.common b/tools/libs/guest/Makefile.c= ommon index a026a2f662..64ede46a05 100644 --- a/tools/libs/guest/Makefile.common +++ b/tools/libs/guest/Makefile.common @@ -41,6 +41,8 @@ endif # new domain builder OBJS-y +=3D xg_dom_core.o OBJS-y +=3D xg_dom_boot.o +# TODO: add something like CONFIG_COCO ? +OBJS-y +=3D xg_dom_coco.o OBJS-y +=3D xg_dom_elfloader.o OBJS-$(CONFIG_X86) +=3D xg_dom_bzimageloader.o OBJS-$(CONFIG_X86) +=3D xg_dom_decompress_lz4.o diff --git a/tools/libs/guest/xg_dom_boot.c b/tools/libs/guest/xg_dom_boot.c index 5c7e12221d..6566784161 100644 --- a/tools/libs/guest/xg_dom_boot.c +++ b/tools/libs/guest/xg_dom_boot.c @@ -32,9 +32,13 @@ =20 #include "xg_private.h" #include "xg_core.h" +#include "xg_dom_coco.h" #include #include =20 +#define round_pgup(_p) (((_p)+(PAGE_SIZE_X86-1))&PAGE_MASK_X86) +#define round_pgdown(_p) ((_p)&PAGE_MASK_X86) + /* -----------------------------------------------------------------------= - */ =20 static int setup_hypercall_page(struct xc_dom_image *dom) @@ -201,6 +205,35 @@ int xc_dom_boot_image(struct xc_dom_image *dom) if ( (rc =3D dom->arch_hooks->bootlate(dom)) !=3D 0 ) return rc; =20 + // Encrypt domain pages + if ( dom->coco ) + { + struct xc_dom_seg initrd_seg =3D { + .pfn =3D dom->initrd_start >> XC_DOM_PAGE_SHIFT(dom), + .pages =3D dom->initrd_len >> XC_DOM_PAGE_SHIFT(dom) + }; + + if ( (rc =3D xg_dom_coco_encrypt_seg(dom->xch, dom, dom->kernel_se= g, "kernel") !=3D 0) ) + return rc; + if ( initrd_seg.pages && (rc =3D xg_dom_coco_encrypt_seg(dom->xch,= dom, initrd_seg, "ramdisk") !=3D 0) ) + return rc; + if ( (rc =3D xg_dom_coco_encrypt_seg(dom->xch, dom, dom->start_inf= o_seg, "start_info") !=3D 0) ) + return rc; + =20 + for ( int i =3D 0; i < MAX_ACPI_MODULES; i++ ) + { + struct xc_dom_seg seg; + seg.pfn =3D dom->acpi_modules[i].guest_addr_out >> XC_DOM_PAGE= _SHIFT(dom); + seg.pages =3D round_pgup(dom->acpi_modules[i].length) >> XC_DO= M_PAGE_SHIFT(dom); + + if ( !seg.pfn || !seg.pages ) + continue; + + if ( (rc =3D xg_dom_coco_encrypt_seg(dom->xch, dom, seg, "acpi= module")) !=3D 0 ) + return rc; + } + } + /* let the vm run */ if ( (rc =3D dom->arch_hooks->vcpu(dom)) !=3D 0 ) return rc; diff --git a/tools/libs/guest/xg_dom_coco.c b/tools/libs/guest/xg_dom_coco.c new file mode 100644 index 0000000000..f47b59fa49 --- /dev/null +++ b/tools/libs/guest/xg_dom_coco.c @@ -0,0 +1,35 @@ +/* + * Confidential computing support. + * Copyright (c) 2024 Teddy Astie + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; If not, see . + */ + +#include "xg_private.h" +#include "xenctrl.h" +#include "xg_dom_coco.h" + +int xg_dom_coco_encrypt_seg(xc_interface *xch, struct xc_dom_image *dom, + struct xc_dom_seg seg, const char *name) +{ + coco_prepare_initial_mem_t cmd; + DPRINTF("coco: Encrypting pfn:[%"PRI_xen_pfn"-%"PRI_xen_pfn"] (%s)\n", + seg.pfn, seg.pfn + seg.pages, name); + =20 + cmd.domid =3D dom->guest_domid; + cmd.gfn =3D seg.pfn; + cmd.count =3D seg.pages; + =20 + return xc_coco_prepare_initial_mem(xch, &cmd); +} \ No newline at end of file diff --git a/tools/libs/guest/xg_dom_coco.h b/tools/libs/guest/xg_dom_coco.h new file mode 100644 index 0000000000..eac0fa66e3 --- /dev/null +++ b/tools/libs/guest/xg_dom_coco.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2006 Isaku Yamahata + * VA Linux Systems Japan K.K. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; If not, see . + * + */ + +#ifndef XC_DOM_COCO_H +#define XC_DOM_COCO_H + +#include "xg_private.h" +#include "xenctrl.h" + +int xg_dom_coco_encrypt_seg(xc_interface *xch, struct xc_dom_image *dom, + struct xc_dom_seg seg, const char *name); + +#endif /* XC_DOM_COCO_H */ + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * tab-width: 4 + * indent-tabs-mode: nil + * End: + */ diff --git a/tools/libs/guest/xg_dom_x86.c b/tools/libs/guest/xg_dom_x86.c index cba01384ae..93407bf192 100644 --- a/tools/libs/guest/xg_dom_x86.c +++ b/tools/libs/guest/xg_dom_x86.c @@ -103,6 +103,7 @@ struct xc_dom_image_x86 { #define MAPPING_MAX 2 struct xc_dom_x86_mapping maps[MAPPING_MAX]; const struct xc_dom_params *params; + bool coco; =20 /* PV: Pointer to the in-guest P2M. */ void *p2m_guest; diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index 063fe86eb7..9891c42a5b 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -342,6 +342,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *p= olicy, const char* str) CPUID_ENTRY(0x00000007, 1, CPUID_REG_EDX), MSR_ENTRY(0x10a, CPUID_REG_EAX), MSR_ENTRY(0x10a, CPUID_REG_EDX), + CPUID_ENTRY(0x8000001f, NA, CPUID_REG_EAX), #undef MSR_ENTRY #undef CPUID_ENTRY }; diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_creat= e.c index e03599ea99..185f7946f4 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -93,6 +93,7 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, =20 libxl_defbool_setdefault(&b_info->device_model_stubdomain, false); libxl_defbool_setdefault(&b_info->vpmu, false); + libxl_defbool_setdefault(&b_info->coco, false); =20 if (libxl_defbool_val(b_info->device_model_stubdomain) && !b_info->device_model_ssidref) @@ -667,6 +668,9 @@ int libxl__domain_make(libxl__gc *gc, libxl_domain_conf= ig *d_config, if (libxl_defbool_val(b_info->vpmu)) create.flags |=3D XEN_DOMCTL_CDF_vpmu; =20 + if (libxl_defbool_val(b_info->coco)) + create.flags |=3D XEN_DOMCTL_CDF_coco; + assert(info->passthrough !=3D LIBXL_PASSTHROUGH_DEFAULT); LOG(DETAIL, "passthrough: %s", libxl_passthrough_to_string(info->passthrough)); diff --git a/tools/libs/light/libxl_dom.c b/tools/libs/light/libxl_dom.c index 94fef37401..778dac2286 100644 --- a/tools/libs/light/libxl_dom.c +++ b/tools/libs/light/libxl_dom.c @@ -1081,6 +1081,7 @@ int libxl__build_hvm(libxl__gc *gc, uint32_t domid, } =20 dom->container_type =3D XC_DOM_HVM_CONTAINER; + dom->coco =3D libxl_defbool_val(info->coco); =20 /* The params from the configuration file are in Mb, which are then * multiplied by 1 Kb. This was then divided off when calling diff --git a/tools/libs/light/libxl_types.idl b/tools/libs/light/libxl_type= s.idl index 9bb2969931..bb27e27148 100644 --- a/tools/libs/light/libxl_types.idl +++ b/tools/libs/light/libxl_types.idl @@ -637,6 +637,7 @@ libxl_domain_build_info =3D Struct("domain_build_info",[ ("nested_hvm", libxl_defbool), ("apic", libxl_defbool), ("dm_restrict", libxl_defbool), + ("coco", libxl_defbool), ("tee", libxl_tee_type), ("u", KeyedUnion(None, libxl_domain_type, "type", [("hvm", Struct(None, [("firmware", string), diff --git a/tools/libs/util/libxlu_disk_l.c b/tools/libs/util/libxlu_disk_= l.c index 0c180fff52..4924162a51 100644 --- a/tools/libs/util/libxlu_disk_l.c +++ b/tools/libs/util/libxlu_disk_l.c @@ -1,10 +1,7 @@ #line 1 "libxlu_disk_l.c" -#line 31 "libxlu_disk_l.l" #define _GNU_SOURCE =20 - - -#line 7 "libxlu_disk_l.c" +#line 4 "libxlu_disk_l.c" =20 #define YY_INT_ALIGNED short int =20 @@ -1257,9 +1254,9 @@ static int vdev_and_devtype(DiskParseContext *dpc, ch= ar *str) { #undef DPC /* needs to be defined differently the actual lexer */ #define DPC ((DiskParseContext*)yyextra) =20 -#line 1260 "libxlu_disk_l.c" +#line 1257 "libxlu_disk_l.c" =20 -#line 1262 "libxlu_disk_l.c" +#line 1259 "libxlu_disk_l.c" =20 #define INITIAL 0 #define LEXERR 1 @@ -1541,7 +1538,7 @@ YY_DECL #line 188 "libxlu_disk_l.l" /*----- the scanner rules which do the parsing -----*/ =20 -#line 1544 "libxlu_disk_l.c" +#line 1541 "libxlu_disk_l.c" =20 while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { @@ -1920,7 +1917,7 @@ YY_RULE_SETUP #line 306 "libxlu_disk_l.l" YY_FATAL_ERROR( "flex scanner jammed" ); YY_BREAK -#line 1923 "libxlu_disk_l.c" +#line 1920 "libxlu_disk_l.c" case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(LEXERR): yyterminate(); diff --git a/tools/libs/util/libxlu_disk_l.h b/tools/libs/util/libxlu_disk_= l.h index c868422568..027fd96c49 100644 --- a/tools/libs/util/libxlu_disk_l.h +++ b/tools/libs/util/libxlu_disk_l.h @@ -3,12 +3,9 @@ #define xlu__disk_yyIN_HEADER 1 =20 #line 5 "libxlu_disk_l.h" -#line 31 "libxlu_disk_l.l" #define _GNU_SOURCE =20 - - -#line 11 "libxlu_disk_l.h" +#line 8 "libxlu_disk_l.h" =20 #define YY_INT_ALIGNED short int =20 @@ -699,6 +696,6 @@ extern int yylex (yyscan_t yyscanner); =20 #line 306 "libxlu_disk_l.l" =20 -#line 702 "libxlu_disk_l.h" +#line 699 "libxlu_disk_l.h" #undef xlu__disk_yyIN_HEADER #endif /* xlu__disk_yyHEADER_H */ diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 4c4593528d..10a2e603e9 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -37,6 +37,7 @@ static const struct { { "CPUID 0x00000007:1.edx", "7d1" }, { "MSR_ARCH_CAPS.lo", "m10Al" }, { "MSR_ARCH_CAPS.hi", "m10Ah" }, + { "CPUID 0x8000001f.eax", "e1fa" }, }; =20 #define COL_ALIGN "24" diff --git a/tools/ocaml/libs/xc/xenctrl.ml b/tools/ocaml/libs/xc/xenctrl.ml index 2690f9a923..256adf0054 100644 --- a/tools/ocaml/libs/xc/xenctrl.ml +++ b/tools/ocaml/libs/xc/xenctrl.ml @@ -70,6 +70,7 @@ type domain_create_flag =3D | CDF_IOMMU | CDF_NESTED_VIRT | CDF_VPMU + | CDF_COCO =20 type domain_create_iommu_opts =3D | IOMMU_NO_SHAREPT diff --git a/tools/ocaml/libs/xc/xenctrl.mli b/tools/ocaml/libs/xc/xenctrl.= mli index febbe1f6ae..9ca55af05a 100644 --- a/tools/ocaml/libs/xc/xenctrl.mli +++ b/tools/ocaml/libs/xc/xenctrl.mli @@ -63,6 +63,7 @@ type domain_create_flag =3D | CDF_IOMMU | CDF_NESTED_VIRT | CDF_VPMU + | CDF_COCO =20 type domain_create_iommu_opts =3D | IOMMU_NO_SHAREPT diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c index 089a88935a..0ddec0815b 100644 --- a/tools/xl/xl_parse.c +++ b/tools/xl/xl_parse.c @@ -2993,6 +2993,8 @@ skip_usbdev: =20 xlu_cfg_get_defbool(config, "vpmu", &b_info->vpmu, 0); =20 + xlu_cfg_get_defbool(config, "coco", &b_info->coco, 0); + xlu_cfg_destroy(config); } =20 --=20 2.49.0 Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech From nobody Tue Dec 16 03:21:35 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=vates.tech ARC-Seal: i=1; a=rsa-sha256; t=1747391519; cv=none; d=zohomail.com; s=zohoarc; b=i6Fz2a88uxESJUg7tn+20Zu7NEqbv/LRr7LJiFpcdLWMNsTZ51fnRF/+qB8rZMo9EAZAIVwD/aabgE0cD8GcJ/EQMzJ3Hmtuw+oLI8/g3ihNu5iD+iHxMQ+bh55IVtMbtpOaOCuzLasv495BOo4Z30qg0EL94fwf1EqK8in0K+A= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747391519; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=dLlEWnEcFnUkrXQUBAwvC2R74dRSbryvP/QYt6wEGyA=; b=dezKSO7Y6iT1X9a/FJeKshueBIDmcXYaV1sUUjEYD70780F8V0FpsAoSer12/Tu/wikTZLRco8IS5AxkOVwKYoXIrpiN8mFOfdyBZuqhB2GR6gyanjM3gflQQZLxhfC3svf32iaMhvXOPeG7NG4/WR1Ai1Tk10zLHxHOXT/YnzM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 174739151954760.27138155670923; Fri, 16 May 2025 03:31:59 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.986871.1372400 (Exim 4.92) (envelope-from ) id 1uFsLz-0005bu-Aa; Fri, 16 May 2025 10:31:47 +0000 Received: by outflank-mailman (output) from mailman id 986871.1372400; Fri, 16 May 2025 10:31:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFsLz-0005bl-65; Fri, 16 May 2025 10:31:47 +0000 Received: by outflank-mailman (input) for mailman id 986871; Fri, 16 May 2025 10:31:46 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFsEb-0000kS-NA for xen-devel@lists.xenproject.org; Fri, 16 May 2025 10:24:09 +0000 Received: from mail187-4.suw11.mandrillapp.com (mail187-4.suw11.mandrillapp.com [198.2.187.4]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id e61d7bd4-323f-11f0-9ffb-bf95429c2676; Fri, 16 May 2025 12:24:08 +0200 (CEST) Received: from pmta09.mandrill.prod.suw01.rsglab.com (localhost [127.0.0.1]) by mail187-4.suw11.mandrillapp.com (Mailchimp) with ESMTP id 4ZzNTy61lZzlfcNB for ; Fri, 16 May 2025 10:24:06 +0000 (GMT) Received: from [37.26.189.201] by mandrillapp.com id fb66e4ff4694405bb0c5bd8ca9aafaf8; Fri, 16 May 2025 10:24:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: e61d7bd4-323f-11f0-9ffb-bf95429c2676 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com; s=mte1; t=1747391046; x=1747661046; bh=dLlEWnEcFnUkrXQUBAwvC2R74dRSbryvP/QYt6wEGyA=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=u6Ro8WmoVEI0JcMvbTJkiCWQSGdMOJBA8OyBM0/x4OHAYd79KxB6YmP5LjRK2Ngoa RZ6LIX+LcPkUO6vfLfOdlqN/g4d0vNMt7z0YWeFsUboW+t3rPoHiLG8cl6y183zDm3 BOvvMzqT9emIuYDGdh5hicDzeL3qQI/iNPff2VuTRmFxfGfB7uYiP5tsbAWRUP33q/ EcanY2vjr+dPFSiEKqlT65eeGaCCFACzddjKm/lRq8EIwY2Tm3J01M65nGsU1V/lnv PyBtqyWUy5cnmUeu4IOHVguSUMljQ+ebqg1Gj6ON91nV6luJ2p0zj26Ri6ay9jiTyk yHAg2RJ2YM+AQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vates.tech; s=mte1; t=1747391046; x=1747651546; i=teddy.astie@vates.tech; bh=dLlEWnEcFnUkrXQUBAwvC2R74dRSbryvP/QYt6wEGyA=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=XFcBT+CVLxyD3IZf0ElbSrbidtiRAc30nWLKdndrVtOgFn7Fq00cpEWvR1LgwapmY LKSwV4x11s8/TKDoK4Mb3ICUIXDRGCKRI2HlD0hdYVsDpMDFXAbHhiNQKFwAhidz2c tiNqTzbBfaNDVOwA9FyJ/BUVRt06WUj+zbRxrxltwygr6PEzJNlemf8/iwI2LsSu+8 Cgml+DZ6h2V+YiLIKXjqmz6oufdslIxWwQwmi57ZVoLqmJl6fJ5KHNJlOos+zBqb0M ofzgck2d/h4j7KXM6cWbI0k7tsGMu4g5vchDCP3y2sfHlWLMYtydJn+Zy+OP2ypte8 TNMD+QZvLV0cw== From: "Teddy Astie" Subject: =?utf-8?Q?[RFC=20PATCH=2011/16]=20x86/svm:=20Introduce=20NPCTRL=20VMCB=20bits?= X-Mailer: git-send-email 2.49.0 X-Bm-Disclaimer: Yes X-Bm-Milter-Handled: 4ffbd6c1-ee69-4e1b-aabd-f977039bd3e2 X-Bm-Transport-Timestamp: 1747391045888 To: xen-devel@lists.xenproject.org Cc: "Teddy Astie" , "Jan Beulich" , "Andrew Cooper" , "=?utf-8?Q?Roger=20Pau=20Monn=C3=A9?=" , "Andrei Semenov" Message-Id: In-Reply-To: References: X-Native-Encoded: 1 X-Report-Abuse: =?UTF-8?Q?Please=20forward=20a=20copy=20of=20this=20message,=20including=20all=20headers,=20to=20abuse@mandrill.com.=20You=20can=20also=20report=20abuse=20here:=20https://mandrillapp.com/contact/abuse=3Fid=3D30504962.fb66e4ff4694405bb0c5bd8ca9aafaf8?= X-Mandrill-User: md_30504962 Feedback-ID: 30504962:30504962.20250516:md Date: Fri, 16 May 2025 10:24:06 +0000 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity teddy.astie@vates.tech) (identity @mandrillapp.com) X-ZM-MESSAGEID: 1747391521637116600 Content-Type: text/plain; charset="utf-8" Those bits are used to enable SEV-related features in VMCB. Signed-off-by: Andrei Semenov Signed-off-by: Teddy Astie --- xen/arch/x86/include/asm/hvm/svm/vmcb.h | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/xen/arch/x86/include/asm/hvm/svm/vmcb.h b/xen/arch/x86/include= /asm/hvm/svm/vmcb.h index 3d871b6135..fd166498f2 100644 --- a/xen/arch/x86/include/asm/hvm/svm/vmcb.h +++ b/xen/arch/x86/include/asm/hvm/svm/vmcb.h @@ -143,6 +143,17 @@ enum DRInterceptBits DR_INTERCEPT_DR15_WRITE =3D 1u << 31, }; =20 +/* Miscellanious controls in _np_ctrl*/ +enum NpCtrlBits +{ + NPCTRL_NP_ENABLE =3D 1 << 0, + NPCTRL_SEV_ENABLE =3D 1 << 1, + NPCTRL_SEVES_ENABLE =3D 1 << 2, + NPCTRL_GMET_ENABLE =3D 1 << 3, + NPCTRL_NPSSS_ENABL =3D 1 << 4, + NPCTRL_VTE_ENABLE =3D 1 << 5, +}; + enum VMEXIT_EXITCODE { /* control register read exitcodes */ --=20 2.49.0 Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech From nobody Tue Dec 16 03:21:35 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=vates.tech ARC-Seal: i=1; a=rsa-sha256; t=1747391505; cv=none; d=zohomail.com; s=zohoarc; b=EZaKo38UAqCHHRX4QKJkAOv5cqLtX7q1/q/ZGKDeb9juXd+hxdq2bfaq2ERxHu7ndoeOgxY5mrMFiepqNfpKmN8XaDt86msHrGw54KEg6EkgQqry+pie33O6apR3zNPvO8sMOuZZwSPfn82/g+vB42zew8byahpXumfbKPfWuC4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747391505; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Jt1BJnr3uTOtuUOvC1fwjWoIL41pGCxe5NFXv3n0GUU=; b=FFUExiGEkeqDR89U/7mintRgQMHYGIIfjrpDbxvMLnpqkgbgo50hYjq5I5NelvBkkG9FyXntVNW9Xxficm7+DuDXBFTY6I9ClpZTscva6B1ygQasomDTw2yi9jeSgUjplsP8nQTet9nkCFxsC+oaMfZLU2KvzGwC99bhB/etkyU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747391505119643.4713336376545; Fri, 16 May 2025 03:31:45 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.986855.1372379 (Exim 4.92) (envelope-from ) id 1uFsLl-0004ds-Qp; Fri, 16 May 2025 10:31:33 +0000 Received: by outflank-mailman (output) from mailman id 986855.1372379; Fri, 16 May 2025 10:31:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFsLl-0004dl-Nu; Fri, 16 May 2025 10:31:33 +0000 Received: by outflank-mailman (input) for mailman id 986855; Fri, 16 May 2025 10:31:31 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFsEn-0000kS-Km for xen-devel@lists.xenproject.org; Fri, 16 May 2025 10:24:21 +0000 Received: from mail187-4.suw11.mandrillapp.com (mail187-4.suw11.mandrillapp.com [198.2.187.4]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id ed3994a5-323f-11f0-9ffb-bf95429c2676; Fri, 16 May 2025 12:24:20 +0200 (CEST) Received: from pmta09.mandrill.prod.suw01.rsglab.com (localhost [127.0.0.1]) by mail187-4.suw11.mandrillapp.com (Mailchimp) with ESMTP id 4ZzNVC0TpJzlfknC for ; Fri, 16 May 2025 10:24:19 +0000 (GMT) Received: from [37.26.189.201] by mandrillapp.com id ceb244a8b2c1464eb7eaedbb43d943a4; Fri, 16 May 2025 10:24:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: ed3994a5-323f-11f0-9ffb-bf95429c2676 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com; s=mte1; t=1747391059; x=1747661059; bh=Jt1BJnr3uTOtuUOvC1fwjWoIL41pGCxe5NFXv3n0GUU=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=1+HQ7axaBIXi8erEPvRPonY+S8ynrwwzD5Pe3cP5DwDNcSh3FDRhdBBPwfR435tRA /KH4MG+7U3yJSSvScdIdSW6e134ZHWfcdZwj0oRtO88++yyxT/H7EjFBqF5QYE8iOx pFlHCxt1t9EsVqgOd94RPGm5f7h5pNbuvPqWBIdpzazeqXmzcvbdoUXty4+Zh8oq2A 4tWfCFWC8EegM5J4D0JoSIi/UzOR49Y3K7wrdme28nOZIXIhq+Vc29gLPW+8FkqQVL VzS2C2g8ltQmI8+PeivBtsTeb0CA/DUoU2acL4rReL8B5LPhGM6qclvhjCje8F9ja/ IRqzc/CMtWyaA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vates.tech; s=mte1; t=1747391059; x=1747651559; i=teddy.astie@vates.tech; bh=Jt1BJnr3uTOtuUOvC1fwjWoIL41pGCxe5NFXv3n0GUU=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=N3IGwhZSwgPVxnNZgSUgdDkm9UccNoYIDxv7PhP7FNpIqtHRPEWlVp7rN0MMZp+zv ze7Vo9RY1Im7PELfLIrrYxG6Q+QXB23G83AO3nAk7rb2zk7zqBsDSP0Cf0jfAXMlYj nW7bEwzE1fzFrqxtuOGpCSNuNHWlBJaQZjZbVxNTMOuLtHKPUI4OMlVB+cRsOhaszr LLeQiT22CgaZRm7auXU/zU1/EoW0fgyB8m6wx4BvJNY8WkrV2NFreZJZV4WGMRERXQ pHSzEucj0b5J9zO/gXC9LfK8fFt3S6PPFLN+R46L9J1/BdN6Ah+tO2TvhUUadY11cy I73u6PFAk4LQA== From: "Teddy Astie" Subject: =?utf-8?Q?[RFC=20PATCH=2012/16]=20x86/cpufeature:=20Introduce=20SME=20and=20SEV-related=20CPU=20features?= X-Mailer: git-send-email 2.49.0 X-Bm-Disclaimer: Yes X-Bm-Milter-Handled: 4ffbd6c1-ee69-4e1b-aabd-f977039bd3e2 X-Bm-Transport-Timestamp: 1747391057994 To: xen-devel@lists.xenproject.org Cc: "Teddy Astie" , "Jan Beulich" , "Andrew Cooper" , "=?utf-8?Q?Roger=20Pau=20Monn=C3=A9?=" Message-Id: In-Reply-To: References: X-Native-Encoded: 1 X-Report-Abuse: =?UTF-8?Q?Please=20forward=20a=20copy=20of=20this=20message,=20including=20all=20headers,=20to=20abuse@mandrill.com.=20You=20can=20also=20report=20abuse=20here:=20https://mandrillapp.com/contact/abuse=3Fid=3D30504962.ceb244a8b2c1464eb7eaedbb43d943a4?= X-Mandrill-User: md_30504962 Feedback-ID: 30504962:30504962.20250516:md Date: Fri, 16 May 2025 10:24:19 +0000 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity teddy.astie@vates.tech) (identity @mandrillapp.com) X-ZM-MESSAGEID: 1747391505622116600 Content-Type: text/plain; charset="utf-8" Signed-off-by: Teddy Astie --- xen/arch/x86/cpu/common.c | 2 ++ xen/arch/x86/include/asm/cpufeature.h | 4 ++++ xen/include/public/arch-x86/cpufeatureset.h | 5 +++++ xen/include/xen/lib/x86/cpu-policy.h | 9 ++++++++- 4 files changed, 19 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index e8d4ca3203..a610b0f513 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -481,6 +481,8 @@ static void generic_identify(struct cpuinfo_x86 *c) c->x86_capability[FEATURESET_e8b] =3D cpuid_ebx(0x80000008); if (c->extended_cpuid_level >=3D 0x80000021) c->x86_capability[FEATURESET_e21a] =3D cpuid_eax(0x80000021); + if (c->extended_cpuid_level >=3D 0x8000001f) + c->x86_capability[FEATURESET_e1fa] =3D cpuid_eax(0x8000001f); =20 /* Intel-defined flags: level 0x00000007 */ if (c->cpuid_level >=3D 7) { diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/a= sm/cpufeature.h index 397a04af41..bded70231c 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -233,6 +233,10 @@ static inline bool boot_cpu_has(unsigned int feat) =20 #define cpu_has_msr_tsc_aux (cpu_has_rdtscp || cpu_has_rdpid) =20 +#define cpu_has_sme boot_cpu_has(X86_FEATURE_SME) +#define cpu_has_sev boot_cpu_has(X86_FEATURE_SEV) +#define cpu_has_sev_es boot_cpu_has(X86_FEATURE_SEV_ES) + /* Bugs. */ #define cpu_bug_fpu_ptrs boot_cpu_has(X86_BUG_FPU_PTRS) #define cpu_bug_null_seg boot_cpu_has(X86_BUG_NULL_SEG) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/publ= ic/arch-x86/cpufeatureset.h index a6d4a0cba7..2a67bcc6a4 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -394,6 +394,11 @@ XEN_CPUFEATURE(MON_UMON_MITG, 16*32+30) /* MCU_= OPT_CTRL.MON_UMON_MITG */ /* Intel-defined CPU features, MSR_ARCH_CAPS 0x10a.edx, word 17 (express i= n terms of word 16) */ XEN_CPUFEATURE(ITS_NO, 16*32+62) /*!A No Indirect Target Selec= tion */ =20 +/* AMD-defined CPU features, CPUID level 0x8000001f.eax, word 18 */ +XEN_CPUFEATURE(SME, 18*32+ 0) /* Secure Memory Encryption= */ +XEN_CPUFEATURE(SEV, 18*32+ 1) /* Secure Encrypted Virtual= ization */ +XEN_CPUFEATURE(SEV_ES, 18*32+ 3) /* SEV Encrypted State */ + #endif /* XEN_CPUFEATURE */ =20 /* Clean up from a default include. Close the enum (for C). */ diff --git a/xen/include/xen/lib/x86/cpu-policy.h b/xen/include/xen/lib/x86= /cpu-policy.h index f43e1a3b21..a5b22b34d8 100644 --- a/xen/include/xen/lib/x86/cpu-policy.h +++ b/xen/include/xen/lib/x86/cpu-policy.h @@ -22,6 +22,7 @@ #define FEATURESET_7d1 15 /* 0x00000007:1.edx */ #define FEATURESET_m10Al 16 /* 0x0000010a.eax */ #define FEATURESET_m10Ah 17 /* 0x0000010a.edx */ +#define FEATURESET_e1fa 18 /* 0x8000001f.eax */ =20 struct cpuid_leaf { @@ -317,7 +318,13 @@ struct cpu_policy uint64_t :64, :64; /* Leaf 0x8000001c. */ uint64_t :64, :64; /* Leaf 0x8000001d - Cache properties. */ uint64_t :64, :64; /* Leaf 0x8000001e - Extd APIC/Core/Node ID= s. */ - uint64_t :64, :64; /* Leaf 0x8000001f - AMD Secure Encryption.= */ + /* Leaf 0x8000001f - AMD Secure Memory Encryption. */ + union { + uint32_t e1fa; + struct { DECL_BITFIELD(e1fa); }; + }; + uint32_t c_bit_pos:6, physaddr_red:6, num_vmpl:4, :16; + uint32_t max_sev_guests:32, min_no_es_asid; uint64_t :64, :64; /* Leaf 0x80000020 - Platform QoS. */ =20 /* Leaf 0x80000021 - Extended Feature 2 */ --=20 2.49.0 Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech From nobody Tue Dec 16 03:21:35 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=vates.tech ARC-Seal: i=1; a=rsa-sha256; t=1747391565; cv=none; d=zohomail.com; s=zohoarc; b=HZLU15V/gjqM+lrSQ5lkD6gHA/gcaheYSy1g4EePcdkDWZM0k19UIQJ1UGuHG2A3CrqiRwITHUoDVdlTOSjX9Ol/QlYxnmBPPZykB/atSDphA0tUKCoDLjIoUD+6r5K6UFOcZ3k4hbZV4VPjWUJUhvhcPMvTTCf4d3bbbcrfG6Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747391565; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=lO1eWJXehJrWu+Ma1mFaorTOrllIBJiV30YAtkWYzO4=; b=m7Ht3nWWiWaktVCPy0XZuWEMKwZugDrq2BdrLJhPOQG3sVdeAQwc3dAcZYSrvMK+x3nWgMOO7oF2Hd47uo/Rc+R2Aip+cH7wiUthLVRJOGoig/p84YWTHc/8E5HVbm3+3xAPxErSdF0w2I9U8x1zjXfibadL7YGeR5rLHn3LOJU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747391565168158.40928900890435; Fri, 16 May 2025 03:32:45 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.986877.1372409 (Exim 4.92) (envelope-from ) id 1uFsMc-0006Z5-K6; Fri, 16 May 2025 10:32:26 +0000 Received: by outflank-mailman (output) from mailman id 986877.1372409; Fri, 16 May 2025 10:32:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFsMc-0006YA-GY; Fri, 16 May 2025 10:32:26 +0000 Received: by outflank-mailman (input) for mailman id 986877; Fri, 16 May 2025 10:32:25 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFsEz-0000kS-6p for xen-devel@lists.xenproject.org; Fri, 16 May 2025 10:24:33 +0000 Received: from mail187-4.suw11.mandrillapp.com (mail187-4.suw11.mandrillapp.com [198.2.187.4]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id f40480ea-323f-11f0-9ffb-bf95429c2676; Fri, 16 May 2025 12:24:31 +0200 (CEST) Received: from pmta09.mandrill.prod.suw01.rsglab.com (localhost [127.0.0.1]) by mail187-4.suw11.mandrillapp.com (Mailchimp) with ESMTP id 4ZzNVQ3Hf8zlff4H for ; Fri, 16 May 2025 10:24:30 +0000 (GMT) Received: from [37.26.189.201] by mandrillapp.com id 63c856eaabcc465290ad4b5fa1439d25; Fri, 16 May 2025 10:24:30 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: f40480ea-323f-11f0-9ffb-bf95429c2676 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com; s=mte1; t=1747391070; x=1747661070; bh=lO1eWJXehJrWu+Ma1mFaorTOrllIBJiV30YAtkWYzO4=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=ZoW1a4JDDudBZTiatl4lj4LA/6RPEvoUgWr8CxUyxau7862zRdHQXrN1A6WHnsed9 n6Y+EhqNMTGmrlhft7tououRA1/fh3eyhmk2fWniSGUkG49F/2xx4fZFTXOjOhAVaI MsE3DxVV0QMPhK2Nmb4gbIA6xnLaGLrQV5wKXj1DNG3Q/hGF7EVLGeO5+mhbUFeaTI ylcKyg+vouPA+AMxMDyfJiHA/uGc4Ts21sC1SaPpv6XeHvYRF6gwh9uqBWCNrE/hT6 RSQWDOTTMGDzqlCSG/Lo7zEXIhqA4j+GYLpSaQIiMQ9Y7AHGdf+hEv5OtaoEOd1KWY 8LP8HKE7Wd9Pg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vates.tech; s=mte1; t=1747391070; x=1747651570; i=teddy.astie@vates.tech; bh=lO1eWJXehJrWu+Ma1mFaorTOrllIBJiV30YAtkWYzO4=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=GpjepVawJ1WbcosrlqMdqjwmmotYz8QZaE9vyGpm9yi7wRxoRKeiTywBfb5BPc7eo tciAA2H0KON5Wssbm4rzYlNDMbxx2H7yNrQVZE/sbKpx4LHCgGEptWtWByq32N8WwD SXP1N3puRGAuIuqPSNPHJ/qMOiV89DI9WwW3VEHoGcD117ubHwXbMgN+NjpagEPuEn e/c3R+WbrWTSrZ76K/xmOFRxD3eqk/6JR2GmRB2Svjsiyo+tP0Zft9+L6h/F+cN2at 6egWnDrm86p1VFZUcDPedQEzQVSZz/xVy2bPMVrMYHkAM9ySnaezp4gkzz2M/T/0Wg EgJZNLUkFTMvg== From: "Teddy Astie" Subject: =?utf-8?Q?[RFC=20PATCH=2013/16]=20x86/coco:=20Introduce=20AMD-SEV=20support?= X-Mailer: git-send-email 2.49.0 X-Bm-Disclaimer: Yes X-Bm-Milter-Handled: 4ffbd6c1-ee69-4e1b-aabd-f977039bd3e2 X-Bm-Transport-Timestamp: 1747391069679 To: xen-devel@lists.xenproject.org Cc: "Teddy Astie" , "Jan Beulich" , "Andrew Cooper" , "=?utf-8?Q?Roger=20Pau=20Monn=C3=A9?=" , "Andrei Semenov" Message-Id: <0326909f629fd5b2dee9f17d9a566a79953bdd85.1747312394.git.teddy.astie@vates.tech> In-Reply-To: References: X-Native-Encoded: 1 X-Report-Abuse: =?UTF-8?Q?Please=20forward=20a=20copy=20of=20this=20message,=20including=20all=20headers,=20to=20abuse@mandrill.com.=20You=20can=20also=20report=20abuse=20here:=20https://mandrillapp.com/contact/abuse=3Fid=3D30504962.63c856eaabcc465290ad4b5fa1439d25?= X-Mandrill-User: md_30504962 Feedback-ID: 30504962:30504962.20250516:md Date: Fri, 16 May 2025 10:24:30 +0000 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity teddy.astie@vates.tech) (identity @mandrillapp.com) X-ZM-MESSAGEID: 1747391566285116600 Content-Type: text/plain; charset="utf-8" From: Andrei Semenov AMD-SEV is AMD implementation for confidential computing. This patch introduces SEV initialization and HVM enablement logic. Signed-off-by: Andrei Semenov Signed-off-by: Teddy Astie --- Some possible improvement would be to slightly change the ASID allocation logic under SEV :=20 With SEV support and usable : - non-SEV guest : Use ASID > NumSevGuests if possible - SEV guest : Use ASID in SEV range Such as we don't waste SEV-supported ASIDs. This currently lacks DF_FLUSH support, so SEV-enabled destroyed cannot reuse their ASIDs. This is currently workaround with "coco: Leak ASID for c= oco guests". --- xen/arch/x86/Makefile | 1 + xen/arch/x86/coco/Makefile | 1 + xen/arch/x86/coco/sev.c | 262 +++++++++++++++++++++++++ xen/arch/x86/cpu/amd.c | 10 + xen/arch/x86/cpuid.c | 5 + xen/arch/x86/hvm/Kconfig | 10 + xen/arch/x86/hvm/svm/svm.c | 6 + xen/arch/x86/hvm/svm/vmcb.c | 17 +- xen/arch/x86/include/asm/coco.h | 8 + xen/arch/x86/include/asm/hvm/svm/sev.h | 14 ++ xen/arch/x86/include/asm/hvm/svm/svm.h | 16 ++ 11 files changed, 344 insertions(+), 6 deletions(-) create mode 100644 xen/arch/x86/coco/Makefile create mode 100644 xen/arch/x86/coco/sev.c create mode 100644 xen/arch/x86/include/asm/coco.h create mode 100644 xen/arch/x86/include/asm/hvm/svm/sev.h diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index bedb97cbee..220bff5e0a 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -1,5 +1,6 @@ obj-y +=3D acpi/ obj-y +=3D boot/ +obj-$(CONFIG_COCO) +=3D coco/ obj-y +=3D cpu/ obj-y +=3D efi/ obj-y +=3D genapic/ diff --git a/xen/arch/x86/coco/Makefile b/xen/arch/x86/coco/Makefile new file mode 100644 index 0000000000..59ab1c075f --- /dev/null +++ b/xen/arch/x86/coco/Makefile @@ -0,0 +1 @@ +obj-$(CONFIG_COCO_AMD_SEV) +=3D sev.o \ No newline at end of file diff --git a/xen/arch/x86/coco/sev.c b/xen/arch/x86/coco/sev.c new file mode 100644 index 0000000000..366ce42baa --- /dev/null +++ b/xen/arch/x86/coco/sev.c @@ -0,0 +1,262 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * coco/sev.c: AMD SEV support + * Copyright (c) Vates SAS + */ + +#include +#include +#include +#include +=20 +#include + +#include +#include +#include + +static int sev_domain_initialise(struct domain *d) +{ + struct sev_data_launch_start sd_ls; + struct sev_data_activate sd_a; + int psp_ret; + long rc =3D 0; + + sd_ls.handle =3D 0; /* generate new one */ + sd_ls.policy =3D 0; /* NOKS policy */ + sd_ls.dh_cert_address =3D 0; /* do not DH stuff */ + + rc =3D sev_do_cmd(SEV_CMD_LAUNCH_START, (void *)(&sd_ls), &psp_ret, tr= ue); + if ( rc ) + { + printk(XENLOG_ERR "asp: failed to LAUNCH_START domain(%d): psp_ret= %d\n", + d->domain_id, psp_ret); + return rc; + } + + sd_a.handle =3D sd_ls.handle; + sd_a.asid =3D d->arch.hvm.asid.asid; + + rc =3D sev_do_cmd(SEV_CMD_ACTIVATE, (void *)(&sd_a), &psp_ret, true); + if ( rc ) + { + printk(XENLOG_ERR "asp: failed to ACTIVATE domain(%d): psp_ret %d\= n", + d->domain_id, psp_ret); + return rc; + } + + d->arch.hvm.svm.sev.asp_handle =3D sd_ls.handle; + d->arch.hvm.svm.sev.asp_policy =3D 0; + + return 0; +} + +static int sev_domain_prepare_initial_mem(struct domain *d, gfn_t gfn, siz= e_t count) +{ + struct page_info *page; + int rc, psp_ret; + struct sev_data_launch_update_data sd_lud; + + mfn_t mfn, mfn_base =3D INVALID_MFN; + size_t segment_size =3D 0; + + do { + page =3D get_page_from_gfn(d, gfn_x(gfn), NULL, P2M_ALLOC); + if ( unlikely(!page) ) + return rc; + + mfn =3D page_to_mfn(page); + put_page(page); + + if ( !mfn_valid(mfn_base) ) + mfn_base =3D mfn; + else + { + // Check for a break. + if (mfn_x(mfn_base) + segment_size !=3D mfn_x(mfn) || segment_= size =3D=3D 512) + { + // Make launch update data. + printk(XENLOG_DEBUG + "asp: LAUNCH_UPDATE_DATA d%d: base=3D%"PRI_xen_pfn"= , size=3D%zx\n", + d->domain_id, mfn_x(mfn_base), segment_size); + =20 + sd_lud.reserved =3D 0; + sd_lud.handle =3D d->arch.hvm.svm.sev.asp_handle; + sd_lud.address =3D mfn_x(mfn_base) << PAGE_SHIFT; + sd_lud.len =3D segment_size * PAGE_SIZE; + rc =3D sev_do_cmd(SEV_CMD_LAUNCH_UPDATE_DATA, (void *)(&sd= _lud), + &psp_ret, true); + if (rc) + { + printk(XENLOG_ERR + "asp: failed to LAUNCH_UPDATE_DATA dom(%d): err= %d\n", + d->domain_id, psp_ret); + return rc; + } + + mfn_base =3D mfn_x(mfn); + segment_size =3D 0; + } + } =20 + + gfn =3D gfn_add(gfn, 1); + segment_size++; + count--; + } while ( count ); + + // Last launch update data. + if ( segment_size ) + { + sd_lud.reserved =3D 0; + sd_lud.handle =3D d->arch.hvm.svm.sev.asp_handle; + sd_lud.address =3D mfn_x(mfn_base) << PAGE_SHIFT; + sd_lud.len =3D segment_size * PAGE_SIZE; + rc =3D sev_do_cmd(SEV_CMD_LAUNCH_UPDATE_DATA, (void *)(&sd_lud), + &psp_ret, true); + + if ( rc ) + printk(XENLOG_ERR "asp: failed to LAUNCH_UPDATE_DATA dom(%d): = err %d\n", + d->domain_id, psp_ret); + } + + return rc; +} + +static int sev_domain_creation_finished(struct domain *d) +{ + struct sev_data_launch_measure sd_lm; + struct sev_data_launch_finish sd_lf; + int psp_ret; + long rc =3D 0; + + sd_lm.handle =3D d->arch.hvm.svm.sev.asp_handle; + sd_lm.address =3D virt_to_maddr(d->arch.hvm.svm.sev.measure); + sd_lm.len =3D sizeof(d->arch.hvm.svm.sev.measure); + sd_lm.reserved =3D 0; + + rc =3D sev_do_cmd(SEV_CMD_LAUNCH_MEASURE, (void *)(&sd_lm), &psp_ret, = true); + if ( rc ) + { + printk(XENLOG_ERR "asp: failed to LAUNCH_MEASURE for d%hu: psp_ret= %hu, rc %ld\n", + d->domain_id, psp_ret, rc); + =20 + if (psp_ret =3D=3D SEV_RET_INVALID_LEN) + printk(XENLOG_ERR "asp: Expected %"PRIu32" bytes\n", sd_lm.len= ); + return rc; + } + + sd_lf.handle =3D d->arch.hvm.svm.sev.asp_handle; + + rc =3D sev_do_cmd(SEV_CMD_LAUNCH_FINISH, (void *)(&sd_lf), &psp_ret, t= rue); + if ( rc ) + { + printk(XENLOG_ERR "asp: failed to LAUNCH_FINISH for d%hu: psp_ret = %d, rc %ld\n", + d->domain_id, psp_ret, rc); + return rc; + } + + d->arch.hvm.svm.sev.measure_len =3D sd_lm.len; + return 0; +} + +static void sev_domain_destroy(struct domain *d) +{ + struct sev_data_deactivate sd_da; + struct sev_data_decommission sd_de; + int psp_ret; + long rc =3D 0; + + sd_da.handle =3D d->arch.hvm.svm.sev.asp_handle; + + rc =3D sev_do_cmd(SEV_CMD_DEACTIVATE, (void *)(&sd_da), &psp_ret, true= ); + if (rc) + { + printk(XENLOG_ERR "asp: failed to DEACTIVATE for d%hu: psp_ret %d\= n", + d->domain_id, psp_ret); + return; + } + + sd_de.handle =3D d->arch.hvm.svm.sev.asp_handle; + + rc =3D sev_do_cmd(SEV_CMD_DECOMMISSION, (void *)(&sd_de), &psp_ret, tr= ue); + if (rc) + { + printk(XENLOG_ERR "asp: failed to DECOMMISSION for d%hu: psp_ret %= d\n", + d->domain_id, psp_ret); + return; + } + + d->arch.hvm.svm.sev.asp_handle =3D 0; +} + +static int sev_asid_alloc(struct domain *d, struct hvm_asid *asid) +{ + /* TODO: SEV-ES/SNP */ + unsigned long asid_min =3D raw_cpu_policy.extd.min_no_es_asid; + unsigned long asid_max =3D raw_cpu_policy.extd.max_sev_guests; + + return hvm_asid_alloc_range(asid, asid_min, asid_max); +} + +static struct coco_domain_ops sev_domain_ops =3D { + .prepare_initial_mem =3D sev_domain_prepare_initial_mem, + .domain_initialise =3D sev_domain_initialise, + .domain_creation_finished =3D sev_domain_creation_finished, + .domain_destroy =3D sev_domain_destroy, + .asid_alloc =3D sev_asid_alloc, +}; + +static int sev_init(void) +{ + unsigned long syscfg; + + if ( WARN_ON(!cpu_has_sev) ) + return -ENOSYS; + + ASSERT(raw_cpu_policy.extd.c_bit_pos > 0); + ASSERT(raw_cpu_policy.extd.max_sev_guests > 0); + + printk(XENLOG_INFO "sev: C-bit is %"PRIu32"\n", raw_cpu_policy.extd.c_= bit_pos); + printk(XENLOG_INFO "sev: Supports up to %"PRIu32" guests\n", + raw_cpu_policy.extd.max_sev_guests); + + /* Enable AMD SME */=09 + rdmsrl(MSR_K8_SYSCFG, syscfg); + + if ( !(syscfg & SYSCFG_MEM_ENCRYPT) ) + { + syscfg |=3D SYSCFG_MEM_ENCRYPT; + wrmsrl(MSR_K8_SYSCFG, syscfg); + + printk(XENLOG_INFO "sev: Enabled AMD SME\n"); + } + + return 0; +} + +static int sev_get_platform_status(struct coco_platform_status *status) +{ + status->platform =3D COCO_PLATFORM_amd_sev; + + // if ( cpu_has_sev_es ) + // status->platform_flags |=3D COCO_PLATFORM_FLAG_sev_es; + + status->flags =3D COCO_STATUS_FLAG_supported; + + return 0; +} + +static struct coco_domain_ops *sev_get_domain_ops(struct domain *d) +{ + // TODO: SEV-ES and SEV-SNP support + return &sev_domain_ops; +} + +struct coco_ops sev_coco_ops =3D { + .name =3D "SEV", + .init =3D sev_init, + .get_platform_status =3D sev_get_platform_status, + .get_domain_ops =3D sev_get_domain_ops, +}; + + diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 37d67dd15c..28b5a0420d 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -1,4 +1,5 @@ #include +#include #include #include #include @@ -19,6 +20,10 @@ =20 #include "cpu.h" =20 +#ifdef CONFIG_COCO +#include +#endif + /* * Pre-canned values for overriding the CPUID features=20 * and extended features masks. @@ -1333,6 +1338,11 @@ static void cf_check init_amd(struct cpuinfo_x86 *c) check_syscfg_dram_mod_en(); =20 amd_log_freq(c); + +#ifdef CONFIG_COCO_AMD_SEV + if ( cpu_has_sev ) + coco_register_ops(&sev_coco_ops); +#endif } =20 const struct cpu_dev __initconst_cf_clobber amd_cpu_dev =3D { diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index e2d94619c2..e1d6db4ad8 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -8,6 +8,7 @@ #include #include #include +#include #include =20 #define EMPTY_LEAF ((struct cpuid_leaf){}) @@ -250,6 +251,10 @@ void guest_cpuid(const struct vcpu *v, uint32_t leaf, return; =20 *res =3D array_access_nospec(p->extd.raw, leaf & 0xffff); + =20 + /* For a SEV guest, passthrough the host SEV leaf. */ + if ( is_sev_domain(d) && leaf =3D=3D 0x8000001fU ) + *res =3D raw_cpu_policy.extd.raw[0x1f]; break; =20 default: diff --git a/xen/arch/x86/hvm/Kconfig b/xen/arch/x86/hvm/Kconfig index 2def0f98e2..a9332ab8ce 100644 --- a/xen/arch/x86/hvm/Kconfig +++ b/xen/arch/x86/hvm/Kconfig @@ -25,6 +25,16 @@ config AMD_SVM If your system includes a processor with AMD-V support, say Y. If in doubt, say Y. =20 +config COCO_AMD_SEV + bool "AMD SEV (UNSUPPORTED)" if AMD && AMD_SVM && COCO && UNSUPPORTED + default y + select AMD_SP + help + Enables support for AMD Secure Encrypted Virtualization technology. + This option is needed if you want to run confidential guests on a + AMD platform that supports it. + If in doubt, say N. + config INTEL_VMX bool "Intel VT-x" if INTEL && EXPERT default y diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index cc19d80fe1..63889bf803 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -27,6 +27,7 @@ #include #include #include +#include #include #include #include @@ -1865,6 +1866,11 @@ static int cf_check svm_msr_read_intercept( break; =20 case MSR_K8_SYSCFG: + if ( is_sev_domain(d) ) + { + *msr_content =3D SYSCFG_MEM_ENCRYPT; + break; + } case MSR_K8_TOP_MEM1: case MSR_K8_TOP_MEM2: case MSR_K8_VM_CR: diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c index 4e1f61dbe0..5157afe733 100644 --- a/xen/arch/x86/hvm/svm/vmcb.c +++ b/xen/arch/x86/hvm/svm/vmcb.c @@ -15,6 +15,7 @@ #include #include #include +#include #include #include #include @@ -192,15 +193,19 @@ int svm_create_vmcb(struct vcpu *v) svm->vmcb =3D nv->nv_n1vmcx; rc =3D construct_vmcb(v); if ( rc !=3D 0 ) - { - free_vmcb(nv->nv_n1vmcx); - nv->nv_n1vmcx =3D NULL; - svm->vmcb =3D NULL; - return rc; - } + goto err; + + if ( is_sev_domain(v->domain) ) + vmcb_set_np_ctrl(svm->vmcb, vmcb_get_np_ctrl(svm->vmcb) | NPCTRL_S= EV_ENABLE); =20 svm->vmcb_pa =3D nv->nv_n1vmcx_pa =3D virt_to_maddr(svm->vmcb); return 0; + +err: + free_vmcb(nv->nv_n1vmcx); + nv->nv_n1vmcx =3D NULL; + svm->vmcb =3D NULL; + return rc; } =20 void svm_destroy_vmcb(struct vcpu *v) diff --git a/xen/arch/x86/include/asm/coco.h b/xen/arch/x86/include/asm/coc= o.h new file mode 100644 index 0000000000..874ef56327 --- /dev/null +++ b/xen/arch/x86/include/asm/coco.h @@ -0,0 +1,8 @@ +#ifndef __ARCH_X86_COCO_H +#define __ARCH_X86_COCO_H + +#include + +extern struct coco_ops sev_coco_ops; + +#endif /* __ARCH_X86_CACHE_H */ \ No newline at end of file diff --git a/xen/arch/x86/include/asm/hvm/svm/sev.h b/xen/arch/x86/include/= asm/hvm/svm/sev.h new file mode 100644 index 0000000000..b7b5ab5591 --- /dev/null +++ b/xen/arch/x86/include/asm/hvm/svm/sev.h @@ -0,0 +1,14 @@ +#ifndef __XEN_HVM_SEV_H__ +#define __XEN_HVM_SEV_H__ + +#include +#include + +#include + +static always_inline bool is_sev_domain(const struct domain *d) +{ + return cpu_has_sev && evaluate_nospec(d->options & XEN_DOMCTL_CDF_coco); +} + +#endif /* __XEN_HVM_SEV_H__ */ diff --git a/xen/arch/x86/include/asm/hvm/svm/svm.h b/xen/arch/x86/include/= asm/hvm/svm/svm.h index 1254e5f3ee..efd54511aa 100644 --- a/xen/arch/x86/include/asm/hvm/svm/svm.h +++ b/xen/arch/x86/include/asm/hvm/svm/svm.h @@ -9,6 +9,8 @@ #ifndef __ASM_X86_HVM_SVM_H__ #define __ASM_X86_HVM_SVM_H__ =20 +#include + void svm_asid_init(void); void svm_vcpu_assign_asid(struct vcpu *v); void svm_vcpu_set_tlb_control(struct vcpu *v); @@ -26,6 +28,16 @@ bool svm_load_segs(unsigned int ldt_ents, unsigned long = ldt_base, unsigned long fs_base, unsigned long gs_base, unsigned long gs_shadow); =20 +struct sev_state { + uint32_t asp_handle; + uint32_t asp_policy; + uint8_t measure[96]; + uint32_t measure_len; /* 96 bytes */ + uint8_t state; + + unsigned long flags; +}; + =20 struct svm_domain { /* OSVW MSRs */ union { @@ -35,6 +47,10 @@ struct svm_domain { uint64_t status; }; } osvw; + + #ifdef CONFIG_COCO_AMD_SEV + struct sev_state sev; + #endif }; =20 extern u32 svm_feature_flags; --=20 2.49.0 Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech From nobody Tue Dec 16 03:21:35 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=vates.tech ARC-Seal: i=1; a=rsa-sha256; t=1747391495; cv=none; d=zohomail.com; s=zohoarc; b=hXAJLdlaElryIhFZvSbGDocLWtrWlAL0XiFtqan0zdhRXQW/jI7MN+sB2WFRu8/HSlwy1L7Ox8Hw9KDa102n5CgW/xtyvl/VtPWurAySLL8f1W+kRVqduWo+W3y34E1csPyL0q8REwEVv2xJn/9+GhtFuUpyDlxnG9KOlRdMhuc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747391495; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=rmMyFtnQQP/M6lJv+2OTm80wHgu+FGdxuTTYePbwvvo=; b=CJE0yIS4EOWJVvbT/bw0sMN/Eo7Xge2m6EfxHJK17LSJeNVyfUGuC8zrOYC+WmI9tXUwSW/dqtDjkYT4REnWdjBF9OmJJ5GKU4qgB75GxzOy/5T6YM47/OhmzsrZrUOzPSmhcWwHwu9S4nAJF4DokpuoqNQcN6RvGluacHfArHQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747391494933900.3976658449016; Fri, 16 May 2025 03:31:34 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.986848.1372369 (Exim 4.92) (envelope-from ) id 1uFsLZ-00047l-Gl; Fri, 16 May 2025 10:31:21 +0000 Received: by outflank-mailman (output) from mailman id 986848.1372369; Fri, 16 May 2025 10:31:21 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFsLZ-00047c-Cp; Fri, 16 May 2025 10:31:21 +0000 Received: by outflank-mailman (input) for mailman id 986848; Fri, 16 May 2025 10:31:19 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFsF8-0000kS-Qw for xen-devel@lists.xenproject.org; Fri, 16 May 2025 10:24:42 +0000 Received: from mail133-28.atl131.mandrillapp.com (mail133-28.atl131.mandrillapp.com [198.2.133.28]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id f9c17d21-323f-11f0-9ffb-bf95429c2676; Fri, 16 May 2025 12:24:41 +0200 (CEST) Received: from pmta13.mandrill.prod.atl01.rsglab.com (localhost [127.0.0.1]) by mail133-28.atl131.mandrillapp.com (Mailchimp) with ESMTP id 4ZzNVc0flkzMQxhSc for ; Fri, 16 May 2025 10:24:40 +0000 (GMT) Received: from [37.26.189.201] by mandrillapp.com id 55be2ee1b05f4c71bac5a8b138fad311; Fri, 16 May 2025 10:24:40 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: f9c17d21-323f-11f0-9ffb-bf95429c2676 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com; s=mte1; t=1747391080; x=1747661080; bh=rmMyFtnQQP/M6lJv+2OTm80wHgu+FGdxuTTYePbwvvo=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=QDuEbMATQOKPddW1ufK70fdBeatEr0CakgVN7waNQI9kJ5j9ABbZza4T5O79Iidkw 5smVTwk0yrES1Pp7VugS3hE3t4Q2T0mE/BEQEzl1YYP0yBOEM1Popc5ATH0JEwsJIt nN0KMpD+Hgwa+LRSoPi5l/yYzr1wCsQpyrWO/RXFmdfDxu6oCa1I3TZnpvQYQ35GvM n8zIzXB7FQR+Tg9CBQirMsi3HU5bryIxr9wuW4gYI0ve2p+QvdHD1IKdjT90huxwzX VOI2DRvu7VPo4buRFZyEIzCQJwYf8BgKMrgjP8ycops/wi4NaQ77QmmRHofZCCek77 dUhjU7tS5t8kA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vates.tech; s=mte1; t=1747391080; x=1747651580; i=teddy.astie@vates.tech; bh=rmMyFtnQQP/M6lJv+2OTm80wHgu+FGdxuTTYePbwvvo=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=qKljt4eXIzjKpiRbjn9rvxgK70F9BWLWXx/pVT86itAsZglLmpx42itb1q2iv2PE5 ID0i3ku/Txr/p0FvkN6v2y0SxzTIM5k3ZBq/+/TLDsnHsWlFvkEkmjZNUT3QQ986q/ v+GGRkIQkP1c87qnssQdjLd9DM9mCnUK4sWWrBKPJ2MTuMYCOt/bCuJhEerG6w8Voc X9t7nNcN0aig8I6jM4u6H4uT2RMaTuj5KuYmF0SIYzYcGPRY5NFuSulJgIa81h4Poy eVzquOE6MsIlx4R7HyELmIQxpeG3wwzywRqftt+mUyAG6TphpxJiUTRZzPJ9T31qJg GpFBwkLhJRLjg== From: "Teddy Astie" Subject: =?utf-8?Q?[RFC=20PATCH=2014/16]=20sev/emulate:=20Handle=20some=20non-emulable=20HVM=20paths?= X-Mailer: git-send-email 2.49.0 X-Bm-Disclaimer: Yes X-Bm-Milter-Handled: 4ffbd6c1-ee69-4e1b-aabd-f977039bd3e2 X-Bm-Transport-Timestamp: 1747391079133 To: xen-devel@lists.xenproject.org Cc: "Teddy Astie" , "Jan Beulich" , "Andrew Cooper" , "=?utf-8?Q?Roger=20Pau=20Monn=C3=A9?=" , "Andrei Semenov" Message-Id: In-Reply-To: References: X-Native-Encoded: 1 X-Report-Abuse: =?UTF-8?Q?Please=20forward=20a=20copy=20of=20this=20message,=20including=20all=20headers,=20to=20abuse@mandrill.com.=20You=20can=20also=20report=20abuse=20here:=20https://mandrillapp.com/contact/abuse=3Fid=3D30504962.55be2ee1b05f4c71bac5a8b138fad311?= X-Mandrill-User: md_30504962 Feedback-ID: 30504962:30504962.20250516:md Date: Fri, 16 May 2025 10:24:40 +0000 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @mandrillapp.com) (identity teddy.astie@vates.tech) X-ZM-MESSAGEID: 1747391495438116600 Content-Type: text/plain; charset="utf-8" From: Andrei Semenov Some code paths are not emulable under SEV or needs special handling. Signed-off-by: Andrei Semenov Signed-off-by: Teddy Astie --- xen/arch/x86/hvm/emulate.c | 137 ++++++++++++++++++++++++++++++++----- xen/arch/x86/hvm/hvm.c | 13 ++++ 2 files changed, 133 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/hvm/emulate.c b/xen/arch/x86/hvm/emulate.c index 6ed8e03475..7ac3be2d59 100644 --- a/xen/arch/x86/hvm/emulate.c +++ b/xen/arch/x86/hvm/emulate.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include =20 @@ -689,6 +690,9 @@ static void *hvmemul_map_linear_addr( goto unhandleable; } =20 + if ( is_sev_domain(curr->domain) && (nr_frames > 1) ) + goto unhandleable; + for ( i =3D 0; i < nr_frames; i++ ) { enum hvm_translation_result res; @@ -703,8 +707,16 @@ static void *hvmemul_map_linear_addr( /* Error checking. Confirm that the current slot is clean. */ ASSERT(mfn_x(*mfn) =3D=3D 0); =20 - res =3D hvm_translate_get_page(curr, addr, true, pfec, + if ( is_sev_domain(curr->domain) ) + { + struct hvm_vcpu_io *hvio =3D &curr->arch.hvm.hvm_io; + unsigned long gpa =3D pfn_to_paddr(hvio->mmio_gpfn) | (addr & = ~PAGE_MASK); + res =3D hvm_translate_get_page(curr, gpa, false, pfec, &pfinfo, &page, &gfn, &p2mt); + } + else + res =3D hvm_translate_get_page(curr, addr, true, pfec, + &pfinfo, &page, &gfn, &p2mt); =20 switch ( res ) { @@ -1173,6 +1185,7 @@ static int hvmemul_linear_mmio_access( dir, buffer_off= set); paddr_t gpa; unsigned long one_rep =3D 1; + unsigned int chunk; int rc; =20 if ( cache =3D=3D NULL ) @@ -1183,21 +1196,50 @@ static int hvmemul_linear_mmio_access( ASSERT_UNREACHABLE(); return X86EMUL_UNHANDLEABLE; } + =20 + chunk =3D min_t(unsigned int, size, PAGE_SIZE - offset); =20 if ( known_gpfn ) gpa =3D pfn_to_paddr(hvio->mmio_gpfn) | offset; else { - rc =3D hvmemul_linear_to_phys(gla, &gpa, size, &one_rep, pfec, + if ( is_sev_domain(current->domain) ) + gpa =3D pfn_to_paddr(hvio->mmio_gpfn) | offset; + else + { + rc =3D hvmemul_linear_to_phys(gla, &gpa, chunk, &one_rep, pfec, + hvmemul_ctxt); + if ( rc !=3D X86EMUL_OKAY ) + return rc; + } + + latch_linear_to_phys(hvio, gla, gpa, dir =3D=3D IOREQ_WRITE); + } + + for ( ;; ) + { + rc =3D hvmemul_phys_mmio_access(cache, gpa, chunk, dir, buffer, bu= ffer_offset); + if ( rc !=3D X86EMUL_OKAY ) + break; + + gla +=3D chunk; + buffer_offset +=3D chunk; + size -=3D chunk; + + if ( size =3D=3D 0 ) + break; + + if ( is_sev_domain(current->domain) ) + return X86EMUL_UNHANDLEABLE; + + chunk =3D min_t(unsigned int, size, PAGE_SIZE); + rc =3D hvmemul_linear_to_phys(gla, &gpa, chunk, &one_rep, pfec, hvmemul_ctxt); if ( rc !=3D X86EMUL_OKAY ) return rc; - - latch_linear_to_phys(hvio, gla, gpa, dir =3D=3D IOREQ_WRITE); } =20 - return hvmemul_phys_mmio_access(cache, gpa, size, dir, buffer, - buffer_offset); + return rc; } =20 static inline int hvmemul_linear_mmio_read( @@ -1254,6 +1296,9 @@ static int linear_read(unsigned long addr, unsigned i= nt bytes, void *p_data, { unsigned int part1 =3D PAGE_SIZE - offset; =20 + if ( is_sev_domain(current->domain) ) + return X86EMUL_UNHANDLEABLE; + /* Split the access at the page boundary. */ rc =3D linear_read(addr, part1, p_data, pfec, hvmemul_ctxt); if ( rc !=3D X86EMUL_OKAY ) @@ -1278,11 +1323,25 @@ static int linear_read(unsigned long addr, unsigned= int bytes, void *p_data, * upon replay) the RAM access for anything that's ahead of or past MM= IO, * i.e. in RAM. */ - cache =3D hvmemul_find_mmio_cache(hvio, start, IOREQ_READ, ~0); - if ( !cache || - addr + bytes <=3D start + cache->skip || - addr >=3D start + cache->size ) - rc =3D hvm_copy_from_guest_linear(p_data, addr, bytes, pfec, &pfin= fo); + cache =3D hvmemul_find_mmio_cache(hvio, start, IOREQ_READ, ~0); + if ( !cache || + addr + bytes <=3D start + cache->skip || + addr >=3D start + cache->size ) + { + if ( is_sev_domain(current->domain) ) + { + if ( hvio->mmio_gpfn ) + { + paddr_t gpa; + gpa =3D pfn_to_paddr(hvio->mmio_gpfn) | (addr & ~PAGE_MASK= ); + rc =3D hvm_copy_from_guest_phys(p_data, gpa, bytes); + } + else + return X86EMUL_UNHANDLEABLE; + } + else + rc =3D hvm_copy_from_guest_linear(p_data, addr, bytes, pfec, &= pfinfo); + } =20 switch ( rc ) { @@ -1325,6 +1384,9 @@ static int linear_write(unsigned long addr, unsigned = int bytes, void *p_data, { unsigned int part1 =3D PAGE_SIZE - offset; =20 + if ( is_sev_domain(current->domain) ) + return X86EMUL_UNHANDLEABLE; + /* Split the access at the page boundary. */ rc =3D linear_write(addr, part1, p_data, pfec, hvmemul_ctxt); if ( rc !=3D X86EMUL_OKAY ) @@ -1340,9 +1402,23 @@ static int linear_write(unsigned long addr, unsigned= int bytes, void *p_data, /* See commentary in linear_read(). */ cache =3D hvmemul_find_mmio_cache(hvio, start, IOREQ_WRITE, ~0); if ( !cache || - addr + bytes <=3D start + cache->skip || - addr >=3D start + cache->size ) - rc =3D hvm_copy_to_guest_linear(addr, p_data, bytes, pfec, &pfinfo= ); + addr + bytes <=3D start + cache->skip || + addr >=3D start + cache->size ) + { + if ( is_sev_domain(current->domain) ) + { + if ( hvio->mmio_gpfn ) + { + paddr_t gpa; + gpa =3D pfn_to_paddr(hvio->mmio_gpfn) | (addr & ~PAGE_MASK= ); + rc =3D hvm_copy_to_guest_phys(gpa, p_data, bytes, current); + } + else + return X86EMUL_UNHANDLEABLE; + } + else + rc =3D hvm_copy_to_guest_linear(addr, p_data, bytes, pfec, &pf= info); + } =20 switch ( rc ) { @@ -1430,7 +1506,12 @@ int cf_check hvmemul_insn_fetch( if ( !bytes || unlikely((insn_off + bytes) > hvmemul_ctxt->insn_buf_bytes) ) { - int rc =3D __hvmemul_read(x86_seg_cs, offset, p_data, bytes, + int rc; + + if ( is_sev_domain(current->domain) ) + return X86EMUL_UNHANDLEABLE; + + rc =3D __hvmemul_read(x86_seg_cs, offset, p_data, bytes, hvm_access_insn_fetch, hvmemul_ctxt); =20 if ( rc =3D=3D X86EMUL_OKAY && bytes ) @@ -1485,6 +1566,7 @@ static int cf_check hvmemul_write( if ( !known_gla(addr, bytes, pfec) ) { mapping =3D hvmemul_map_linear_addr(addr, bytes, pfec, hvmemul_ctx= t); + if ( IS_ERR(mapping) ) return ~PTR_ERR(mapping); } @@ -1719,6 +1801,9 @@ static int cf_check hvmemul_cmpxchg( int rc; void *mapping =3D NULL; =20 + if ( is_sev_domain(current->domain) ) + return X86EMUL_UNHANDLEABLE; + rc =3D hvmemul_virtual_to_linear( seg, offset, bytes, NULL, hvm_access_write, hvmemul_ctxt, &addr); if ( rc !=3D X86EMUL_OKAY ) @@ -1821,6 +1906,9 @@ static int cf_check hvmemul_rep_ins( p2m_type_t p2mt; int rc; =20 + if ( is_sev_domain(current->domain) ) + return X86EMUL_UNHANDLEABLE; + rc =3D hvmemul_virtual_to_linear( dst_seg, dst_offset, bytes_per_rep, reps, hvm_access_write, hvmemul_ctxt, &addr); @@ -1899,6 +1987,9 @@ static int cf_check hvmemul_rep_outs( p2m_type_t p2mt; int rc; =20 + if ( is_sev_domain(current->domain) ) + return X86EMUL_UNHANDLEABLE; + if ( unlikely(hvmemul_ctxt->set_context) ) return hvmemul_rep_outs_set_context(dst_port, bytes_per_rep, reps); =20 @@ -1944,6 +2035,9 @@ static int cf_check hvmemul_rep_movs( int rc, df =3D !!(ctxt->regs->eflags & X86_EFLAGS_DF); char *buf; =20 + if ( is_sev_domain(current->domain) ) + return X86EMUL_UNHANDLEABLE; + rc =3D hvmemul_virtual_to_linear( src_seg, src_offset, bytes_per_rep, reps, hvm_access_read, hvmemul_ctxt, &saddr); @@ -2109,9 +2203,13 @@ static int cf_check hvmemul_rep_stos( paddr_t gpa; p2m_type_t p2mt; bool df =3D ctxt->regs->eflags & X86_EFLAGS_DF; - int rc =3D hvmemul_virtual_to_linear(seg, offset, bytes_per_rep, reps, - hvm_access_write, hvmemul_ctxt, &ad= dr); + int rc; + + if ( is_sev_domain(current->domain) ) + return X86EMUL_UNHANDLEABLE; =20 + rc =3D hvmemul_virtual_to_linear(seg, offset, bytes_per_rep, reps, + hvm_access_write, hvmemul_ctxt, &addr); if ( rc !=3D X86EMUL_OKAY ) return rc; =20 @@ -2770,6 +2868,7 @@ static int _hvm_emulate_one(struct hvm_emulate_ctxt *= hvmemul_ctxt, struct vcpu *curr =3D current; uint32_t new_intr_shadow; struct hvm_vcpu_io *hvio =3D &curr->arch.hvm.hvm_io; + int rc; =20 /* @@ -2983,6 +3082,9 @@ void hvm_emulate_init_per_insn( unsigned int pfec =3D PFEC_page_present | PFEC_insn_fetch; unsigned long addr; =20 + if ( is_sev_domain(current->domain) ) + goto out; + if ( hvmemul_ctxt->seg_reg[x86_seg_ss].dpl =3D=3D 3 ) pfec |=3D PFEC_user_mode; =20 @@ -3000,6 +3102,7 @@ void hvm_emulate_init_per_insn( sizeof(hvmemul_ctxt->insn_buf) : 0; } =20 +out: hvmemul_ctxt->is_mem_access =3D false; } =20 diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index e1bcf8e086..d3060329fb 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -56,6 +56,7 @@ #include #include #include +#include #include #include #include @@ -3477,6 +3478,9 @@ enum hvm_translation_result hvm_copy_to_guest_linear( unsigned long addr, const void *buf, unsigned int size, uint32_t pfec, pagefault_info_t *pfinfo) { + if ( is_sev_domain(current->domain) ) + return HVMTRANS_unhandleable; + return __hvm_copy((void *)buf /* HVMCOPY_to_guest doesn't modify */, addr, size, current, HVMCOPY_to_guest | HVMCOPY_line= ar, PFEC_page_present | PFEC_write_access | pfec, pfinfo= ); @@ -3486,6 +3490,9 @@ enum hvm_translation_result hvm_copy_from_guest_linea= r( void *buf, unsigned long addr, unsigned int size, uint32_t pfec, pagefault_info_t *pfinfo) { + if ( is_sev_domain(current->domain) ) + return HVMTRANS_unhandleable; + return __hvm_copy(buf, addr, size, current, HVMCOPY_from_guest | HVMCOPY_linear, PFEC_page_present | pfec, pfinfo); @@ -3495,6 +3502,9 @@ enum hvm_translation_result hvm_copy_from_vcpu_linear( void *buf, unsigned long addr, unsigned int size, struct vcpu *v, unsigned int pfec) { + if ( is_sev_domain(v->domain) ) + return HVMTRANS_unhandleable; + return __hvm_copy(buf, addr, size, v, HVMCOPY_from_guest | HVMCOPY_linear, PFEC_page_present | pfec, NULL); @@ -3522,6 +3532,9 @@ unsigned int clear_user_hvm(void *to, unsigned int le= n) { int rc; =20 + if ( is_sev_domain(current->domain) ) + return HVMTRANS_unhandleable; + if ( current->hcall_compat && is_compat_arg_xlat_range(to, len) ) { memset(to, 0x00, len); --=20 2.49.0 Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech From nobody Tue Dec 16 03:21:35 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=vates.tech ARC-Seal: i=1; a=rsa-sha256; t=1747391510; cv=none; d=zohomail.com; s=zohoarc; b=jdghNWFEKtz7cf9XYF7kYc11Y8zraNysTH+rKLR9TV6dXMWDmVpaMG9BhIdfaVRyhmekT02OmiNGcpQJ0K1VAU8r5OkXYguwCdzexkd6Pe1oAYeWxMJ0dJR6mz5oD4nZuOwvt8GKB07g2INyO+Pye5YSSdfmI9DX+vB10KlF7z8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747391510; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=lPXqp2js7vt00YaTBMUsWA+9FdXRi2GQpFRihsFOl30=; b=eW8U8B+lPPUv5Isy9uVjasTkBx6uYMXUT7IHVhnX2pN1tQxfBh7Xt6nARIOaMa9bdZdAvEbdx0CbO1P5rTCLaxKULftxOGfucRAj/8PzWaLFvfoyvAf66fZhFpyK8T5npRJYCrGzR+1zajwdLYFglOiHopW7pbijJ1x01rqA6Bg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747391510249610.6440359174652; Fri, 16 May 2025 03:31:50 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.986856.1372389 (Exim 4.92) (envelope-from ) id 1uFsLo-0004wy-1e; Fri, 16 May 2025 10:31:36 +0000 Received: by outflank-mailman (output) from mailman id 986856.1372389; Fri, 16 May 2025 10:31:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFsLn-0004wq-UX; Fri, 16 May 2025 10:31:35 +0000 Received: by outflank-mailman (input) for mailman id 986856; Fri, 16 May 2025 10:31:34 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFsFI-0000kS-NX for xen-devel@lists.xenproject.org; Fri, 16 May 2025 10:24:52 +0000 Received: from mail187-4.suw11.mandrillapp.com (mail187-4.suw11.mandrillapp.com [198.2.187.4]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id ffd42512-323f-11f0-9ffb-bf95429c2676; Fri, 16 May 2025 12:24:51 +0200 (CEST) Received: from pmta09.mandrill.prod.suw01.rsglab.com (localhost [127.0.0.1]) by mail187-4.suw11.mandrillapp.com (Mailchimp) with ESMTP id 4ZzNVp20C8zlfcMZ for ; Fri, 16 May 2025 10:24:50 +0000 (GMT) Received: from [37.26.189.201] by mandrillapp.com id 26fc1f1497074d24a6572d1c605778cd; Fri, 16 May 2025 10:24:50 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: ffd42512-323f-11f0-9ffb-bf95429c2676 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com; s=mte1; t=1747391090; x=1747661090; bh=lPXqp2js7vt00YaTBMUsWA+9FdXRi2GQpFRihsFOl30=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=s+sHoJ0eyQzfCTB2nT0EItF49M6MwcQqXVhGklNcZ8O5YHLcHlJbVMTiXV/68RB2F T/O2y1MtmHFlf7DgOq2qMMbnat6Q381r53wsF1dE3l4qHrzL3g29htS8KC4GsEaUZC +6ss4KnPoicPic3B8KmevO9CPxn40f/itRtMfBEM5KSKmEAkk3NKKva6+3RLzGpoHx mjlISCXb8a+4F+sXBdD3EUKI0c9IM3zO/h4OeXTLtnfNzfn/OMeRwB3qwhyCZGeeD/ G1OlDWfn2ReZcflLk/MVXfiIhDjwT4+TbJsBb5vE62ZEXQeEu+DdOalTGvPrqzfyiC zyLE0Ev1MQHuQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vates.tech; s=mte1; t=1747391090; x=1747651590; i=teddy.astie@vates.tech; bh=lPXqp2js7vt00YaTBMUsWA+9FdXRi2GQpFRihsFOl30=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=l+1h2LX+iOCvWdCT8w/r0sAX+gA8ejuFRSzeHDK3B97fbdHgxMwrOReEagGjB9dqm QnwlbgiTkxDZxKyQ6PxApNR/pyWD2Bzapa8Qw/sfhzii/5BCmj/hOdcpGAeVeyUdjn uzpqUq13p4WV0SQ0rc/GxCi2sMR2NX5RGMww20d1VYaqj/k93jBsiXL1lEj5vipFlj xKML5LximY8+d/ncP8JNsGhYbnflYmaJZReTG7oOkVbJwLOQg/xxK4LkhPTxqxPJr2 X5/+aFU3pSCB+BTDCLesgqwflgY4ZuJCrw9HylOJg+ysL6NAy3NOfA8AHxxDG6e/B+ jq1N1NdTIIcTQ== From: "Teddy Astie" Subject: =?utf-8?Q?[RFC=20PATCH=2015/16]=20HACK:=20coco:=20Leak=20ASID=20for=20coco=20guests?= X-Mailer: git-send-email 2.49.0 X-Bm-Disclaimer: Yes X-Bm-Milter-Handled: 4ffbd6c1-ee69-4e1b-aabd-f977039bd3e2 X-Bm-Transport-Timestamp: 1747391089320 To: xen-devel@lists.xenproject.org Cc: "Teddy Astie" , "Jan Beulich" , "Andrew Cooper" , "=?utf-8?Q?Roger=20Pau=20Monn=C3=A9?=" Message-Id: In-Reply-To: References: X-Native-Encoded: 1 X-Report-Abuse: =?UTF-8?Q?Please=20forward=20a=20copy=20of=20this=20message,=20including=20all=20headers,=20to=20abuse@mandrill.com.=20You=20can=20also=20report=20abuse=20here:=20https://mandrillapp.com/contact/abuse=3Fid=3D30504962.26fc1f1497074d24a6572d1c605778cd?= X-Mandrill-User: md_30504962 Feedback-ID: 30504962:30504962.20250516:md Date: Fri, 16 May 2025 10:24:50 +0000 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @mandrillapp.com) (identity teddy.astie@vates.tech) X-ZM-MESSAGEID: 1747391511509116600 Content-Type: text/plain; charset="utf-8" In order to reuse a ASID in a SEV guest, we need to perform a WBINVD on all pCPUs that ran the guest, then a DF_FLUSH on the PSP. Just leak the ASID for now. Signed-off-by: Teddy Astie --- xen/arch/x86/hvm/hvm.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index d3060329fb..ced58ccf4b 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -795,7 +795,10 @@ void hvm_domain_destroy(struct domain *d) list_del(&ioport->list); xfree(ioport); } - hvm_asid_free(&d->arch.hvm.asid); + if ( !is_coco_domain(d) ) + hvm_asid_free(&d->arch.hvm.asid); + else + printk("coco: Leaking ASID %x: TODO (DF_FLUSH handling)\n", d->arc= h.hvm.asid.asid); destroy_vpci_mmcfg(d); =20 } --=20 2.49.0 Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech From nobody Tue Dec 16 03:21:35 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=vates.tech ARC-Seal: i=1; a=rsa-sha256; t=1747391584; cv=none; d=zohomail.com; s=zohoarc; b=mXTLghIvOMbE43QzIcE2TwBYQhHTegbRoLJmOHfJobnAl8l7zNJq1imIWtQ1JgP7Vf3na2SJ1D8w5nBVQ51NvvE+HlXQkSaibVvylshI1ZZwDe8g88am15w3Z7bEHipHYFsBinhk6d9j5Xq2BiNFmM/0WDpoZtFnapLjR1uBpxY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747391584; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=09td6MHuWEdAtrsXq56Leo+iJWk3EtNEWxuIkhfA2QY=; b=irgCYstnSStguEtM+gW5TYJmIybCHM5nT8LWaJAylFc86uMJX55m8DL7maZRkD1YWzr/J4eTPVPa+W4Zat2x42AIjnJpb7Ss3M1+jgEzfB8qpfPTVCGAmW9oahF3g3Ftmf8ObEP+XYBqGzXaQ3mnhHEPJsJSPebeqoDdq62234U= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=teddy.astie@vates.tech; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747391584810559.4113804627735; Fri, 16 May 2025 03:33:04 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.986884.1372418 (Exim 4.92) (envelope-from ) id 1uFsN2-0007AW-Vu; Fri, 16 May 2025 10:32:52 +0000 Received: by outflank-mailman (output) from mailman id 986884.1372418; Fri, 16 May 2025 10:32:52 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFsN2-0007AP-TE; Fri, 16 May 2025 10:32:52 +0000 Received: by outflank-mailman (input) for mailman id 986884; Fri, 16 May 2025 10:32:51 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uFsFS-0000kS-7H for xen-devel@lists.xenproject.org; Fri, 16 May 2025 10:25:02 +0000 Received: from mail187-4.suw11.mandrillapp.com (mail187-4.suw11.mandrillapp.com [198.2.187.4]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 0562caa4-3240-11f0-9ffb-bf95429c2676; Fri, 16 May 2025 12:25:00 +0200 (CEST) Received: from pmta09.mandrill.prod.suw01.rsglab.com (localhost [127.0.0.1]) by mail187-4.suw11.mandrillapp.com (Mailchimp) with ESMTP id 4ZzNVz4HQJzlkq4C for ; Fri, 16 May 2025 10:24:59 +0000 (GMT) Received: from [37.26.189.201] by mandrillapp.com id 7f39565cc8474cdab9afc80d3eba8c0e; Fri, 16 May 2025 10:24:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 0562caa4-3240-11f0-9ffb-bf95429c2676 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com; s=mte1; t=1747391099; x=1747661099; bh=09td6MHuWEdAtrsXq56Leo+iJWk3EtNEWxuIkhfA2QY=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=a2gbiYcDd7G4EV3R5dxVsuqVVKQkuHXSZ49ZrcQCKwpH+qX/qpCklXy/nF5zhmYDD hhiShkEoS8n5h7/Gu46AcEd3w0qx5jzrjZA/tzc9NqYGBzXekD3T0+P2feDSoqCRZ9 71LZ2prWtjXd88k5UBe/qm0jrtC/9ybHTqZkQVn6e/8RYSXOtHBTIXYhj8PnvRAi8j yb05w6xYqgKIzo2ASJ2pKRQcfyXVLV1G7FbCfWmDA7WMxG45mfvkuK3mlmPV1iqdoJ mYMg9moILLsRk0G73K4WXZesxLzlgYibF1IDQRnoNn2wmfFk6WTuvCmr0oC2HdR+YM WcU0gsRV1YBhw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vates.tech; s=mte1; t=1747391099; x=1747651599; i=teddy.astie@vates.tech; bh=09td6MHuWEdAtrsXq56Leo+iJWk3EtNEWxuIkhfA2QY=; h=From:Subject:To:Cc:Message-Id:In-Reply-To:References:Feedback-ID: Date:MIME-Version:Content-Type:Content-Transfer-Encoding:CC:Date: Subject:From; b=ChFOJqpTBxrMueYRacemat+PhOtQRul24i2hKMOu+K6adyvVryfz1rexR0B7HCG8l vloHswhqGTnRPsIelIFWY24288wh2izec/m9cro0zButbUNKTHp4lRRkUHi84Ja5V1 rCWqKsl1K1iWLOuZrv7rgdETeSijzFJ5G5qIhptnTui/53vIQ9hYw/QcV48qXgfkVz tQHuNkzoly0ZXMIWoCBL5ybb0rrabfGDgl0T33yxIsac1ZouTwdK+BAcxyNTf/ORbS 5Aan1fymqhrtyc0MoC6NmkG5O3/Zh0QsUAtqU3Re64uoGCmyAqKK8nq7izgg2hLaq3 Xcp6feiEQMHBw== From: "Teddy Astie" Subject: =?utf-8?Q?[RFC=20PATCH=2016/16]=20HACK:=20Add=20sev=5Fconsole=20hypercall?= X-Mailer: git-send-email 2.49.0 X-Bm-Disclaimer: Yes X-Bm-Milter-Handled: 4ffbd6c1-ee69-4e1b-aabd-f977039bd3e2 X-Bm-Transport-Timestamp: 1747391098333 To: xen-devel@lists.xenproject.org Cc: "Teddy Astie" , "Andrew Cooper" , "Anthony PERARD" , "Michal Orzel" , "Jan Beulich" , "Julien Grall" , "=?utf-8?Q?Roger=20Pau=20Monn=C3=A9?=" , "Stefano Stabellini" Message-Id: In-Reply-To: References: X-Native-Encoded: 1 X-Report-Abuse: =?UTF-8?Q?Please=20forward=20a=20copy=20of=20this=20message,=20including=20all=20headers,=20to=20abuse@mandrill.com.=20You=20can=20also=20report=20abuse=20here:=20https://mandrillapp.com/contact/abuse=3Fid=3D30504962.7f39565cc8474cdab9afc80d3eba8c0e?= X-Mandrill-User: md_30504962 Feedback-ID: 30504962:30504962.20250516:md Date: Fri, 16 May 2025 10:24:59 +0000 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity teddy.astie@vates.tech) (identity @mandrillapp.com) X-ZM-MESSAGEID: 1747391586236116600 Content-Type: text/plain; charset="utf-8" Introduce a basic console hypercall for debugging needs under SEV when PV console is not usable at this point. This is later on used by the earlyprintk of the experimental SEV Linux branch. Signed-off-by: Teddy Astie --- xen/common/coco.c | 6 ++++++ xen/include/hypercall-defs.c | 2 ++ xen/include/public/xen.h | 1 + 3 files changed, 9 insertions(+) diff --git a/xen/common/coco.c b/xen/common/coco.c index d9bd17628d..23c0da6281 100644 --- a/xen/common/coco.c +++ b/xen/common/coco.c @@ -131,4 +131,10 @@ long do_coco_op(unsigned int cmd, XEN_GUEST_HANDLE_PAR= AM(void) arg) } } =20 +long do_sev_console_op(unsigned long c) +{ + printk("%c", (unsigned char)c); + return 0; +} + __initcall(coco_init); \ No newline at end of file diff --git a/xen/include/hypercall-defs.c b/xen/include/hypercall-defs.c index 6c01a9e395..19f40f0b38 100644 --- a/xen/include/hypercall-defs.c +++ b/xen/include/hypercall-defs.c @@ -210,6 +210,7 @@ hypfs_op(unsigned int cmd, const char *arg1, unsigned l= ong arg2, void *arg3, uns xenpmu_op(unsigned int op, xen_pmu_params_t *arg) #endif coco_op(unsigned int cmd, void *arg) +sev_console_op(unsigned long c) =20 #ifdef CONFIG_PV caller: pv64 @@ -297,5 +298,6 @@ mca do do - = - - paging_domctl_cont do do do do - #endif coco_op do do do do do +sev_console_op do do do do - =20 #endif /* !CPPCHECK */ diff --git a/xen/include/public/xen.h b/xen/include/public/xen.h index e656d6f617..04fc891353 100644 --- a/xen/include/public/xen.h +++ b/xen/include/public/xen.h @@ -119,6 +119,7 @@ DEFINE_XEN_GUEST_HANDLE(xen_ulong_t); #define __HYPERVISOR_dm_op 41 #define __HYPERVISOR_hypfs_op 42 #define __HYPERVISOR_coco_op 43 +#define __HYPERVISOR_sev_console_op 45 =20 /* Architecture-specific hypercall definitions. */ #define __HYPERVISOR_arch_0 48 --=20 2.49.0 Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech