From nobody Sat Feb 7 21:24:20 2026 Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8AD7A12FF6E for ; Tue, 9 Apr 2024 13:40:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712670019; cv=none; b=Gi+Yeqz2+/4hgQbIPV6LECFuP88z1UnRA8d+/TD9oj4rZbdAti+OkyoxYsdkpfIxqZtIbtFYcLbzjNy6tgXpAeFvFkiD3kPdtnfCun58+ipmdtwIoZFXvtmtG07JL9OWM+DqP6fH5bgn7h3+3z9vuBXXpBAX/9ruAs9cbMnS58E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712670019; c=relaxed/simple; bh=Z/U6MkL66HxoT+vTZDuph/p77ad7akTXVDFy/jh9Y9U=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=hUgy+KtL0m9QxKgE5Pruu8CFfRWDxGFpoYeEB7IhHfippEDIdIAIdxmQ7erJ/p9WvBU6/miIdLrfuGl2nya45nRlKdiHoyO++5uj2a6GRETAEvwyaHeLigLLwKR2XLJWQ+MJcLGiUGrMX0Baa+qgaEULNlkZvUWMk9jT7oGW2A4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--pgonda.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=mJ2CPw9B; arc=none smtp.client-ip=209.85.210.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--pgonda.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="mJ2CPw9B" Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-6ecec819962so5482298b3a.2 for ; Tue, 09 Apr 2024 06:40:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1712670017; x=1713274817; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=5+kM2gskGXg+GS3w8WpbJGsHCOXskkusBzj+iWlJPXA=; b=mJ2CPw9BkId3qp9fNuFQ+ew/E9oVpyfjfK6HsBw9B9Eaiv4wov0Zv3bGRU4UGoGevd ANGMA5Mq3MzOcpbLCVvhueQJd4Atbad+m1DehApuaQHwr/uL5R97koBHq1oKAzJTjQ5C Vp4ocrI5NrXBfHqLklLH9P3qvNC/nUNl4xVttNg7B5e6OmKkZRJWgv4NsPxeiOmkOePv iNs2iNYhtzhE0I3ageEDHE+KlPUqu36HTxGVkyaUmMyVy3DzwgCSFGN8lexYKApiYQad O1ZmAC6dhPZmQQuWdsiAcmAttU3sx+VayVLXp5kd8ChRLMT3Qh0CuMkIdlKDPF/MPWrC N4iA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712670017; x=1713274817; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=5+kM2gskGXg+GS3w8WpbJGsHCOXskkusBzj+iWlJPXA=; b=qb6WJSroc+uTQeAuYhxL59NPz9sERREG9xRcNmBFzJ9LczRv1AKK8+L3UpbhKYFZLB JZIBc2aQo8AgF8oF9T1G+2QZ9JTMwsUGWDcB/vUeND/K8YyEw5CYydkT0DyJ0YPJrWmg 3AOeGJcVfOmgZNfKu9+r1HE/4GyNLxwpbSWctPuGPqQzSxS0bJU/CwC3z30yGaYuTter I3f3yMx9m4ExdUHHBM8M4GGewka0f4Yu3oCTdefcSAYbd7j6QWm0CajmdOuPctGWZNdu jDCN38R2FyFzvJEmW1TZ5aITD9doqr2dFDzQqPvYfX4znf8jxoEvu502b+/PAuDpqKWL /KlQ== X-Gm-Message-State: AOJu0YxPY1CXX+NI1EBhU5RwI7+jqi4IZHuMVsFNzb60+TpZJjaLlOR3 16xlWfglUy2y7T3zc1JgTd+ECmBGk3smrSX+G1KB8hqKIY5VFAqG0yIXUlDdLUvBiUoCnqMeFe2 aRg== X-Google-Smtp-Source: AGHT+IGBuHKLW5PWmsVZ2jiNCEZO8Az0aSwA/6HN0OwslonsXsvkheLB/AwbPsX6Z63jLae7+p8c0qoEseg= X-Received: from pgonda1.kir.corp.google.com ([2620:0:1008:15:661d:897e:ea86:704d]) (user=pgonda job=sendgmr) by 2002:a05:6a00:2353:b0:6ed:4203:bdc8 with SMTP id j19-20020a056a00235300b006ed4203bdc8mr198689pfj.1.1712670016967; Tue, 09 Apr 2024 06:40:16 -0700 (PDT) Date: Tue, 9 Apr 2024 06:39:54 -0700 In-Reply-To: <20240409133959.2888018-1-pgonda@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240409133959.2888018-1-pgonda@google.com> X-Mailer: git-send-email 2.44.0.478.gd926399ef9-goog Message-ID: <20240409133959.2888018-2-pgonda@google.com> Subject: [PATCH 1/6] Add GHCB with setters and getters From: Peter Gonda To: pgonda@google.com, seanjc@google.com Cc: linux-kernel@vger.kernel.org, Vishal Annapurve , Ackerley Tng , Paolo Bonzini , Claudio Imbrenda , Carlos Bilbao , Tom Lendacky , Michael Roth , kvm@vger.kernel.org, linux-kselftest@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Move the GHCB definitions from svm.h to the tools/ copy. This allows the SEV-ES selftest to use GHCBs which are required for non-trival VMs to paravirtualize NonAutomaticExits (NAEs) when SEV-ES is enabled. GHCB getters/setters have a warning with address-of-packed-member, so removed this using the CFLAGS. Cc: Vishal Annapurve Cc: Ackerley Tng Cc: Paolo Bonzini Cc: Claudio Imbrenda Cc: Sean Christopherson Cc: Carlos Bilbao Cc: Tom Lendacky Cc: Michael Roth Cc: kvm@vger.kernel.org Cc: linux-kselftest@vger.kernel.org Signed-off-by: Peter Gonda --- tools/testing/selftests/kvm/Makefile | 2 +- .../selftests/kvm/include/x86_64/svm.h | 106 ++++++++++++++++++ 2 files changed, 107 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/kvm/Makefile b/tools/testing/selftests= /kvm/Makefile index c75251d5c97c..95fa0cead256 100644 --- a/tools/testing/selftests/kvm/Makefile +++ b/tools/testing/selftests/kvm/Makefile @@ -221,7 +221,7 @@ endif CFLAGS +=3D -Wall -Wstrict-prototypes -Wuninitialized -O2 -g -std=3Dgnu99 \ -Wno-gnu-variable-sized-type-not-at-end -MD -MP \ -fno-builtin-memcmp -fno-builtin-memcpy -fno-builtin-memset \ - -fno-builtin-strnlen \ + -fno-builtin-strnlen -Wno-address-of-packed-member \ -fno-stack-protector -fno-PIE -I$(LINUX_TOOL_INCLUDE) \ -I$(LINUX_TOOL_ARCH_INCLUDE) -I$(LINUX_HDR_PATH) -Iinclude \ -I$(save.valid_bitmap); \ + } \ + \ + static __always_inline u64 ghcb_get_##field(struct ghcb *ghcb) \ + { \ + return ghcb->save.field; \ + } \ + \ + static __always_inline u64 ghcb_get_##field##_if_valid(struct ghcb *ghcb)= \ + { \ + return ghcb_##field##_is_valid(ghcb) ? ghcb->save.field : 0; \ + } \ + \ + static __always_inline void ghcb_set_##field(struct ghcb *ghcb, u64 value= ) \ + { \ + __set_bit(GHCB_BITMAP_IDX(field), \ + (unsigned long *)&ghcb->save.valid_bitmap); \ + ghcb->save.field =3D value; \ + } + +DEFINE_GHCB_ACCESSORS(cpl) +DEFINE_GHCB_ACCESSORS(rip) +DEFINE_GHCB_ACCESSORS(rsp) +DEFINE_GHCB_ACCESSORS(rax) +DEFINE_GHCB_ACCESSORS(rcx) +DEFINE_GHCB_ACCESSORS(rdx) +DEFINE_GHCB_ACCESSORS(rbx) +DEFINE_GHCB_ACCESSORS(rbp) +DEFINE_GHCB_ACCESSORS(rsi) +DEFINE_GHCB_ACCESSORS(rdi) +DEFINE_GHCB_ACCESSORS(r8) +DEFINE_GHCB_ACCESSORS(r9) +DEFINE_GHCB_ACCESSORS(r10) +DEFINE_GHCB_ACCESSORS(r11) +DEFINE_GHCB_ACCESSORS(r12) +DEFINE_GHCB_ACCESSORS(r13) +DEFINE_GHCB_ACCESSORS(r14) +DEFINE_GHCB_ACCESSORS(r15) +DEFINE_GHCB_ACCESSORS(sw_exit_code) +DEFINE_GHCB_ACCESSORS(sw_exit_info_1) +DEFINE_GHCB_ACCESSORS(sw_exit_info_2) +DEFINE_GHCB_ACCESSORS(sw_scratch) +DEFINE_GHCB_ACCESSORS(xcr0) + #endif /* SELFTEST_KVM_SVM_H */ --=20 2.44.0.478.gd926399ef9-goog From nobody Sat Feb 7 21:24:20 2026 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 98F1A1304AA for ; Tue, 9 Apr 2024 13:40:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712670021; cv=none; b=O6MaJaFUW0htwCDJrinVKNbMRTbO2LnYyS8++HrntiVkUO1j8ZikG19LApBImERcHgnEUJNaKWsf51M4A+h+k8hrrzX7ofELYWa6rB3gNmkH2JQmWUpN/selV5FoFzA9UkJSozVt0thVs6F5ClAZ6UgJG0s1KqMutNCJo/+ID3A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712670021; c=relaxed/simple; bh=paK0j1D+/4vVrfYgv/m+fGb5solSOT1yZOlYXM1gTkQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=VmxinbUYRWdMsjaPc4KZptzJXUW93Up+aLbao7vrIGaFnTAaaA5nHmpXPm3WbxhiTExfJmnXw41Jq/pysua7DZAtjGP+ATTxZAc7zxKtlmD0I4dkCsfXLeTJyH8fFJ0PFslAj07/xZoKsv6EDCsa2kvBBaQb+cr8De93qDiVHjQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--pgonda.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=AL0rE1gW; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--pgonda.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="AL0rE1gW" Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-6ea7f05b543so4063482b3a.2 for ; Tue, 09 Apr 2024 06:40:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1712670019; x=1713274819; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Rwrtfku1Uu6YgtFtash50js52tGuCTfI0w7dy74ELNU=; b=AL0rE1gWHYaH68MkMLgTco+uRHEFDHWY/+tKYuYvexHoqnIp3HUAse9levCqTxKfg3 Ii9G8eO87b+3/qq/HPoQh4PwpiMKLmIhtyjNfsOx18d+KhIHBemZDBDUB6u9FtsbvWpF 7l3sGydrd2dyNqmfHEj2R820qOAYYE6ePnqGdbWJnkwK8D73x9JaGOJ38iCSptksJ37G y5q2DwXxqauCebI4KyfatEZ6DhexLrL4Q0lFS1KxDCwo2StAhMJ8WiIrFjN/eajDCFYs mGCOR0Y84M6jY5GVvf+1rXfkge4bM/DGHabn66YZqno00Dv+C4OtrVD9uKBsGrbOnV0w jkfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712670019; x=1713274819; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Rwrtfku1Uu6YgtFtash50js52tGuCTfI0w7dy74ELNU=; b=jTXnEuzcGrXABDFcIdMRPA1nvRshnKMJ1sWgHzfH1plIVd6N8B28o/FVOae9VVdfSm lhhk7EmxQCBCp9XvJKHTaB8Ff6bjEKXw/a/ZT6QPPcOZlXWMdPEVBAOJKJZyWxIMpNzM bIs+k+QKw0jjH5rrcEPE5XhgA39Pgdxf8c8E+UF/CU53x6jnkIPZPhBRppjLmkFoi5dk iy3QWTQdv26lAZuP3DiKSa1j/4g1CPlEAa/4oZmBtYVYvowdx7/vzZ89hro/xs5y/8nL XT02BeCVjP7ksv2Zli0A5Ub4cgKXsDBkkrywbENLIN+65eMz3Pn1B0BuUJ50W0lZ3fu9 An/A== X-Gm-Message-State: AOJu0YzYFyQbHK9SPPuZxJqo+uOY9jDfIJKTPVabKrr4LR1lyCljIlai ikkyS1L3SdbUrqmnjZrwOfwaVLzlYiUxHrIG8+zM5n1+CihrhiBbT/pnvs5NNoUJ/CsXQ9bJGOa 3Vw== X-Google-Smtp-Source: AGHT+IHGWLW0cSClhDE6jv9Wvo3dWLdAOoqhYvm4Qx6uK8Qb6rf86HX7B7bZpf8TC5EWjDFMARrLPq+8ZPg= X-Received: from pgonda1.kir.corp.google.com ([2620:0:1008:15:661d:897e:ea86:704d]) (user=pgonda job=sendgmr) by 2002:a05:6a00:998:b0:6ea:bc68:7354 with SMTP id u24-20020a056a00099800b006eabc687354mr1087840pfg.1.1712670019100; Tue, 09 Apr 2024 06:40:19 -0700 (PDT) Date: Tue, 9 Apr 2024 06:39:55 -0700 In-Reply-To: <20240409133959.2888018-1-pgonda@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240409133959.2888018-1-pgonda@google.com> X-Mailer: git-send-email 2.44.0.478.gd926399ef9-goog Message-ID: <20240409133959.2888018-3-pgonda@google.com> Subject: [PATCH 2/6] Add arch specific additional guest pages From: Peter Gonda To: pgonda@google.com, seanjc@google.com Cc: linux-kernel@vger.kernel.org, Vishal Annapurve , Ackerley Tng , Paolo Bonzini , Claudio Imbrenda , Carlos Bilbao , Tom Lendacky , Michael Roth , kvm@vger.kernel.org, linux-kselftest@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" SEV-ES guests need additional pages allocated for their GHCBs. Add arch specific function definition with __weak to allow for overriding for X86 specific SEV-ES functionality. Cc: Vishal Annapurve Cc: Ackerley Tng Cc: Paolo Bonzini Cc: Claudio Imbrenda Cc: Sean Christopherson Cc: Carlos Bilbao Cc: Tom Lendacky Cc: Michael Roth Cc: kvm@vger.kernel.org Cc: linux-kselftest@vger.kernel.org Signed-off-by: Peter Gonda --- .../selftests/kvm/include/kvm_util_base.h | 3 +++ tools/testing/selftests/kvm/lib/kvm_util.c | 16 ++++++++++++---- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/kvm/include/kvm_util_base.h b/tools/te= sting/selftests/kvm/include/kvm_util_base.h index 4a40b332115d..9a26afd2e82a 100644 --- a/tools/testing/selftests/kvm/include/kvm_util_base.h +++ b/tools/testing/selftests/kvm/include/kvm_util_base.h @@ -1126,4 +1126,7 @@ void kvm_arch_vm_post_create(struct kvm_vm *vm); =20 bool vm_is_gpa_protected(struct kvm_vm *vm, vm_paddr_t paddr); =20 +int kvm_arch_vm_additional_pages_required(struct vm_shape shape, + uint64_t page_size); + #endif /* SELFTEST_KVM_UTIL_BASE_H */ diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/sel= ftests/kvm/lib/kvm_util.c index adc51b0712ca..2a7b2709eb8d 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -314,11 +314,11 @@ struct kvm_vm *____vm_create(struct vm_shape shape) return vm; } =20 -static uint64_t vm_nr_pages_required(enum vm_guest_mode mode, +static uint64_t vm_nr_pages_required(struct vm_shape shape, uint32_t nr_runnable_vcpus, uint64_t extra_mem_pages) { - uint64_t page_size =3D vm_guest_mode_params[mode].page_size; + uint64_t page_size =3D vm_guest_mode_params[shape.mode].page_size; uint64_t nr_pages; =20 TEST_ASSERT(nr_runnable_vcpus, @@ -350,13 +350,15 @@ static uint64_t vm_nr_pages_required(enum vm_guest_mo= de mode, /* Account for the number of pages needed by ucall. */ nr_pages +=3D ucall_nr_pages_required(page_size); =20 - return vm_adjust_num_guest_pages(mode, nr_pages); + nr_pages +=3D kvm_arch_vm_additional_pages_required(shape, page_size); + + return vm_adjust_num_guest_pages(shape.mode, nr_pages); } =20 struct kvm_vm *__vm_create(struct vm_shape shape, uint32_t nr_runnable_vcp= us, uint64_t nr_extra_pages) { - uint64_t nr_pages =3D vm_nr_pages_required(shape.mode, nr_runnable_vcpus, + uint64_t nr_pages =3D vm_nr_pages_required(shape, nr_runnable_vcpus, nr_extra_pages); struct userspace_mem_region *slot0; struct kvm_vm *vm; @@ -2246,6 +2248,12 @@ __weak void kvm_arch_vm_post_create(struct kvm_vm *v= m) { } =20 +__weak int kvm_arch_vm_additional_pages_required(struct vm_shape shape, + uint64_t page_size) +{ + return 0; +} + __weak void kvm_selftest_arch_init(void) { } --=20 2.44.0.478.gd926399ef9-goog From nobody Sat Feb 7 21:24:20 2026 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B9A3613790F for ; Tue, 9 Apr 2024 13:40:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712670023; cv=none; b=H0AXa/Z/njK8niBpgKkMo8xlMrmB1fIDZKKnkTUZ9hNwlwYViBf10nw1G5ys5r6rrak6Og3A/yAxlUDCOsiW6vAmiR7C4WBbjOUEfWyk0iwam7LaqAI+wMbXgtvo4Cog3vqAkkquLMHiYAk8V2selmeLRXQ7qH34bUQQLMkbeqc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712670023; c=relaxed/simple; bh=2b6eHcNeVCvRQQmzK59zV5ppiACnwweiRuejIQXgMnU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Zqg/H0XfS7sTaHkyqLAA/L0xYzPeWziSKf0TLzz5Uyj+1JWuKAN53Qe2ph/uH5zEdCcqj7b/BCaOIYJYLjfXZUFMT8NRuT5M2eUzquitW2lt/648gmRwpGcJLHlYO5JLiTgVh+UwERd3AcdiTZIH727ohRk2G1FWMC0bfvpVeVc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--pgonda.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Mc/ebmw5; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--pgonda.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Mc/ebmw5" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-1e211c27bdeso45853715ad.1 for ; Tue, 09 Apr 2024 06:40:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1712670021; x=1713274821; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=HllfViT2e8TXryeK76KgmwtGw8czHt6x3mYMpA66Ylc=; b=Mc/ebmw5QwCFbFerzqw7cejbL0lwdDA7fSC2BZvlhls7rvjTZ4SLSauoYiu54ij8Rm /ORgTR/qG92ceW8VIENw3XuR6LmDQmVXa40/nrVNq61rZ7P5m7wN+bijjZdwP1DVobwB ErDwKsHqDO/jhSNn1GFbEDVoEsgnFMxus4R3E6nj1SRY2/sbNSt9KKXp0YxPVZMJwSsf y3NSQ1DdrQ+wl/RQR5gPkp5rfQkrFS4tC5ceZ6TqkjFrFOdWC/mtHiCsOI15Zl4zs4Zz MVgjslVCdmuvYrG8M8b5Z+K5clTeFPajpV4FGKyYkytz6bCN9WheeHfWEoVLSL6J7HFf k0LQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712670021; x=1713274821; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=HllfViT2e8TXryeK76KgmwtGw8czHt6x3mYMpA66Ylc=; b=qy7Timc/xLgTQB2NfD9iYoWGyhK+bs1JvvYUg6cos0qkkAn/Xh08ucwOcQsp0InsMB 4zZPUQtqmgSAXgvK8esQ+ibAuRWK4VppMohqYlzf6L5k8z+EYRd7X7AucC4H1rVCTzc7 U/Jh8JrN+xR+/CRxe48wNoD3Xj2e13Qa7looScsXnCFZzMO+Ccpi/tR4VcDepStoesDl /Pe9KEBLwy8s7t7IIVQZ4QZzsHQpuZNVWc53sLrPLOSbbzhAmD9RRIbU7G66cfvmsbsN ts6qJjOMo+B/CcqrLCP6ZUrY4FhUcn7HpnpeYIDyK+g4+mx7LiMLK29z1MInFYBFJp2Z 7TEQ== X-Gm-Message-State: AOJu0YwXJeB7rM8BICYbarvPubWf4jqn4L3x01ufgzgY+kp+FwZ3IEE8 igYgGx8Lb0ltzXZaE72Z4i5lcJRbOe8bFdwzYHzaH4ypAKcz4PIzG9Sw53gp1odVp1fCsW7C9mB aSA== X-Google-Smtp-Source: AGHT+IFUlHD44CMr0s3dItKfwn5nJum6+Wr/A9eo8rpMn4QdcJTDRhsQ0s4mkbKU2oe6MlLChSVcm/arxSM= X-Received: from pgonda1.kir.corp.google.com ([2620:0:1008:15:661d:897e:ea86:704d]) (user=pgonda job=sendgmr) by 2002:a17:903:41d0:b0:1e2:ba13:ab90 with SMTP id u16-20020a17090341d000b001e2ba13ab90mr1125518ple.1.1712670021179; Tue, 09 Apr 2024 06:40:21 -0700 (PDT) Date: Tue, 9 Apr 2024 06:39:56 -0700 In-Reply-To: <20240409133959.2888018-1-pgonda@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240409133959.2888018-1-pgonda@google.com> X-Mailer: git-send-email 2.44.0.478.gd926399ef9-goog Message-ID: <20240409133959.2888018-4-pgonda@google.com> Subject: [PATCH 3/6] Add vm_vaddr_alloc_pages_shared() From: Peter Gonda To: pgonda@google.com, seanjc@google.com Cc: linux-kernel@vger.kernel.org, Vishal Annapurve , Ackerley Tng , Paolo Bonzini , Claudio Imbrenda , Carlos Bilbao , Tom Lendacky , Michael Roth , kvm@vger.kernel.org, linux-kselftest@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a shared page allocation. To be used for SEV-ES GHCBs. Cc: Vishal Annapurve Cc: Ackerley Tng Cc: Paolo Bonzini Cc: Claudio Imbrenda Cc: Sean Christopherson Cc: Carlos Bilbao Cc: Tom Lendacky Cc: Michael Roth Cc: kvm@vger.kernel.org Cc: linux-kselftest@vger.kernel.org Signed-off-by: Peter Gonda --- tools/testing/selftests/kvm/include/kvm_util_base.h | 1 + tools/testing/selftests/kvm/lib/kvm_util.c | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/tools/testing/selftests/kvm/include/kvm_util_base.h b/tools/te= sting/selftests/kvm/include/kvm_util_base.h index 9a26afd2e82a..8fa6e55e0039 100644 --- a/tools/testing/selftests/kvm/include/kvm_util_base.h +++ b/tools/testing/selftests/kvm/include/kvm_util_base.h @@ -595,6 +595,7 @@ vm_vaddr_t vm_vaddr_alloc_shared(struct kvm_vm *vm, siz= e_t sz, vm_vaddr_t vaddr_min, enum kvm_mem_region_type type); vm_vaddr_t vm_vaddr_alloc_pages(struct kvm_vm *vm, int nr_pages); +vm_vaddr_t vm_vaddr_alloc_pages_shared(struct kvm_vm *vm, int nr_pages); vm_vaddr_t __vm_vaddr_alloc_page(struct kvm_vm *vm, enum kvm_mem_region_type type); vm_vaddr_t vm_vaddr_alloc_page(struct kvm_vm *vm); diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/sel= ftests/kvm/lib/kvm_util.c index 2a7b2709eb8d..bce60ff749ea 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -1470,6 +1470,12 @@ vm_vaddr_t vm_vaddr_alloc_pages(struct kvm_vm *vm, i= nt nr_pages) return vm_vaddr_alloc(vm, nr_pages * getpagesize(), KVM_UTIL_MIN_VADDR); } =20 +vm_vaddr_t vm_vaddr_alloc_pages_shared(struct kvm_vm *vm, int nr_pages) +{ + return vm_vaddr_alloc_shared(vm, nr_pages * getpagesize(), + KVM_UTIL_MIN_VADDR, MEM_REGION_TEST_DATA); +} + vm_vaddr_t __vm_vaddr_alloc_page(struct kvm_vm *vm, enum kvm_mem_region_ty= pe type) { return __vm_vaddr_alloc(vm, getpagesize(), KVM_UTIL_MIN_VADDR, type); --=20 2.44.0.478.gd926399ef9-goog From nobody Sat Feb 7 21:24:20 2026 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CF930137C22 for ; Tue, 9 Apr 2024 13:40:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712670025; cv=none; b=RH7bD0REeygPXLgQk6SgXZOItSHJSCbE5jXv/ZpYeNTeYouL2mglapIPfiYmLl19rEx8F8xVX1UEVri4gZ8Z/SKXx13Xir5Pp6+DC9qpnqXmwZNscHbR2rogresQrCakG8yQWlCX+jNwZNcPGODT06N7RfUTXBReJrYkHR8HZZU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712670025; c=relaxed/simple; bh=PVCOhdc6DDdw0dTatfHJ5V1Uh3Bi7tZFW7XYqRS1wkE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=pbqtI22BTtfCFqe3Zayi/SAypcpv1SmfFYAaf2bbhZ89jxr4N+ZwLq8qKAc9qBnJO5O/u9GihRDhrdlN3MAHmitw9EXzGSRWEtCcRt3DL89KNsA0Q3BhDWSJO5cvLGHlVK2GzhZ5zf6mRMdKv/2VAwjgSCtAGk23EtAnNKi47Kk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--pgonda.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=uIgNM4ol; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--pgonda.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="uIgNM4ol" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-1e2bb241663so43066415ad.1 for ; Tue, 09 Apr 2024 06:40:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1712670023; x=1713274823; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=LeuEK38GC7iVK1ujFFvcKBa5p48Qfvr4eBgbugkaO1k=; b=uIgNM4olSYa9ysZXvZp+63Gf1FQXWeggLzsyu94VJb3YM6sUm0ZENCwefqBtOYSwr+ ugE7ELpNW3WVFxmd6z2ilMrINVRuwFh9B00ufRfIK1MHgzVctVQz0B87/uaMQ3WazDLq 9KX1NGsa2SCRInWGkZwyNU1B+9pURO9vCHUSeTd7X+CElhuJkGo+iAjkC+tzH7Fe3WjR +M3XeWago9jJdVfo12qiMss/qT+/XpHWjwSfKPhR/ce4jLNXi64zCgHS9CxW13+qRluj 5RkJVSrMnE1k2bKGtG3EIAs3GvlO1TrXX+0Wh63iieWVJqUR48TiN9arIQ7Zx+FrdpmC RBdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712670023; x=1713274823; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=LeuEK38GC7iVK1ujFFvcKBa5p48Qfvr4eBgbugkaO1k=; b=RoOMMCMohL0LmbOPI0JhrM+vOUT8oFbHxUV6LWIYyWxo7voFUTMfZ+lHvTjREstZOb 6AZoAwprcVgb21ZODDToJb9kxrMkJvc5OnB9S9LHS2IKMpwioSM7m8ng/80HRgN36Jod O0PW2qnAF+KkfeHhLaCqV27+Ie4RQrUOsn0Ye3kxDjsMxqeCmiZavfEDNN9V8+KOrSKm Cf3T+CpvzFvMWKipXENMi5ja0AVC08YLa2AsTwDNWup0glR9I1tznNqYDfM4ssm8tmBP XEYQKydH000CQFzalWJScWLZiz+EBEfYRX/n+V1E0DH2GRMuGmqLpCZ8jqapXvDweR1s aYCA== X-Gm-Message-State: AOJu0Yx5ZQX3UuHrTKQk+BbZsI7vbXzXaQ80M/aC6FBWdnwIyh1+En+i 2PPMi1/JITku3VEF1haS0z6EQSk8KoYIymSwDDQuExDd9LhV2JFFf0QSkaDiHu9rTYMfkHiK2dm WfA== X-Google-Smtp-Source: AGHT+IEzVv8xhsgMwJ9s01BpWKMedisC/JJ+Jv3539Rjq2P8BFX38qPyDM2NqZVs8iG+8eOnrpx1JA2POj8= X-Received: from pgonda1.kir.corp.google.com ([2620:0:1008:15:661d:897e:ea86:704d]) (user=pgonda job=sendgmr) by 2002:a17:902:e806:b0:1e3:cf18:7346 with SMTP id u6-20020a170902e80600b001e3cf187346mr532098plg.5.1712670023226; Tue, 09 Apr 2024 06:40:23 -0700 (PDT) Date: Tue, 9 Apr 2024 06:39:57 -0700 In-Reply-To: <20240409133959.2888018-1-pgonda@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240409133959.2888018-1-pgonda@google.com> X-Mailer: git-send-email 2.44.0.478.gd926399ef9-goog Message-ID: <20240409133959.2888018-5-pgonda@google.com> Subject: [PATCH 4/6] Add GHCB allocations and helpers From: Peter Gonda To: pgonda@google.com, seanjc@google.com Cc: linux-kernel@vger.kernel.org, Vishal Annapurve , Ackerley Tng , Paolo Bonzini , Claudio Imbrenda , Carlos Bilbao , Tom Lendacky , Michael Roth , kvm@vger.kernel.org, linux-kselftest@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add GHCB management functionality similar to the ucall management. Allows for selftest vCPUs to acquire GHCBs for their usage. Cc: Vishal Annapurve Cc: Ackerley Tng Cc: Paolo Bonzini Cc: Claudio Imbrenda Cc: Sean Christopherson Cc: Carlos Bilbao Cc: Tom Lendacky Cc: Michael Roth Cc: kvm@vger.kernel.org Cc: linux-kselftest@vger.kernel.org Signed-off-by: Peter Gonda --- .../selftests/kvm/include/x86_64/sev.h | 2 + .../selftests/kvm/lib/x86_64/processor.c | 8 ++ tools/testing/selftests/kvm/lib/x86_64/sev.c | 77 +++++++++++++++++++ 3 files changed, 87 insertions(+) diff --git a/tools/testing/selftests/kvm/include/x86_64/sev.h b/tools/testi= ng/selftests/kvm/include/x86_64/sev.h index 8a1bf88474c9..bfd481707f67 100644 --- a/tools/testing/selftests/kvm/include/x86_64/sev.h +++ b/tools/testing/selftests/kvm/include/x86_64/sev.h @@ -27,6 +27,8 @@ enum sev_guest_state { =20 #define GHCB_MSR_TERM_REQ 0x100 =20 +int ghcb_nr_pages_required(uint64_t page_size); + void sev_vm_launch(struct kvm_vm *vm, uint32_t policy); void sev_vm_launch_measure(struct kvm_vm *vm, uint8_t *measurement); void sev_vm_launch_finish(struct kvm_vm *vm); diff --git a/tools/testing/selftests/kvm/lib/x86_64/processor.c b/tools/tes= ting/selftests/kvm/lib/x86_64/processor.c index 49288fe10cd3..fd94a1bd82c9 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/processor.c +++ b/tools/testing/selftests/kvm/lib/x86_64/processor.c @@ -584,6 +584,14 @@ void kvm_arch_vm_post_create(struct kvm_vm *vm) sev_es_vm_init(vm); } =20 +int kvm_arch_vm_additional_pages_required(struct vm_shape shape, uint64_t = page_size) +{ + if (shape.subtype =3D=3D VM_SUBTYPE_SEV_ES) + return ghcb_nr_pages_required(page_size); + + return 0; +} + void vcpu_arch_set_entry_point(struct kvm_vcpu *vcpu, void *guest_code) { struct kvm_regs regs; diff --git a/tools/testing/selftests/kvm/lib/x86_64/sev.c b/tools/testing/s= elftests/kvm/lib/x86_64/sev.c index e248d3364b9c..27ae1d3b1355 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/sev.c +++ b/tools/testing/selftests/kvm/lib/x86_64/sev.c @@ -4,6 +4,80 @@ #include =20 #include "sev.h" +#include "linux/bitmap.h" +#include "svm.h" +#include "svm_util.h" + +struct ghcb_entry { + struct ghcb ghcb; + + /* Guest physical address of this GHCB. */ + void *gpa; + + /* Host virtual address of this struct. */ + struct ghcb_entry *hva; +}; + +struct ghcb_header { + struct ghcb_entry ghcbs[KVM_MAX_VCPUS]; + DECLARE_BITMAP(in_use, KVM_MAX_VCPUS); +}; + +static struct ghcb_header *ghcb_pool; + +int ghcb_nr_pages_required(uint64_t page_size) +{ + return align_up(sizeof(struct ghcb_header), page_size) / page_size; +} + +void ghcb_init(struct kvm_vm *vm) +{ + struct ghcb_header *hdr; + struct ghcb_entry *entry; + vm_vaddr_t vaddr; + int i; + + vaddr =3D vm_vaddr_alloc_shared(vm, sizeof(*hdr), KVM_UTIL_MIN_VADDR, + MEM_REGION_DATA); + hdr =3D (struct ghcb_header *)addr_gva2hva(vm, vaddr); + memset(hdr, 0, sizeof(*hdr)); + + for (i =3D 0; i < KVM_MAX_VCPUS; ++i) { + entry =3D &hdr->ghcbs[i]; + entry->hva =3D entry; + entry->gpa =3D addr_hva2gpa(vm, &entry->ghcb); + } + + write_guest_global(vm, ghcb_pool, (struct ghcb_header *)vaddr); +} + +static struct ghcb_entry *ghcb_alloc(void) +{ + return &ghcb_pool->ghcbs[0]; + struct ghcb_entry *entry; + int i; + + if (!ghcb_pool) + goto ucall_failed; + + for (i =3D 0; i < KVM_MAX_VCPUS; ++i) { + if (!test_and_set_bit(i, ghcb_pool->in_use)) { + entry =3D &ghcb_pool->ghcbs[i]; + memset(&entry->ghcb, 0, sizeof(entry->ghcb)); + return entry; + } + } + +ucall_failed: + return NULL; +} + +static void ghcb_free(struct ghcb_entry *entry) +{ + /* Beware, here be pointer arithmetic. */ + clear_bit(entry - ghcb_pool->ghcbs, ghcb_pool->in_use); +} + =20 /* * sparsebit_next_clear() can return 0 if [x, 2**64-1] are all set, and the @@ -44,6 +118,9 @@ void sev_vm_launch(struct kvm_vm *vm, uint32_t policy) struct kvm_sev_guest_status status; int ctr; =20 + if (policy & SEV_POLICY_ES) + ghcb_init(vm); + vm_sev_ioctl(vm, KVM_SEV_LAUNCH_START, &launch_start); vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &status); =20 --=20 2.44.0.478.gd926399ef9-goog From nobody Sat Feb 7 21:24:20 2026 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 26F15137C5C for ; Tue, 9 Apr 2024 13:40:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712670028; cv=none; b=mAQMT1o8FigARnsoEviFEApYNJIZpudGOIkPKQRkrspDpibpUDpMjG9lkXsD177k2tM7Kvuakr5aQp5h73yFHVs0FehRcfVzit0WMSNRL++eEV/dVG+LUMPuAkp2ZGKYaQvICqR+UcOqJPN1249N0W2unddjc0cZu8tVqDWsrS4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712670028; c=relaxed/simple; bh=kpn8QpUPjU41tHhs6YrXc4wG2KdMlh6dZl1b3/aCiUA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=BBxRnOQIfCmK/BVjZzHL7jE1rgnJFLfR9z5+Ugn1Xuv57BPsJ5ImBDAr42qfJ8BVlnYjTYxZywqRsG1QdJTgcLrXhhtwgJzIGqfRkRtL0KZTjt5FXms36f50xVDPJeFtCP1kK+sVVfQIg2YgLk6WiwX3WXe0e0K8KFrmm94QWWg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--pgonda.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=UngtIgYw; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--pgonda.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="UngtIgYw" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-dcbee93a3e1so8698475276.3 for ; Tue, 09 Apr 2024 06:40:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1712670025; x=1713274825; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=swALstFhx8te8uqCAXh0tcCwXkuPkv7dSWAmNCKm21A=; b=UngtIgYw0wF4NFXRe7703iGbL5qPBFykv0LyvqGwyv+OISk0UAYLPBVWWBX+uSIL7G AxLOqlGRY0DR47GimlXo+UQU7UzvoRjb6Ud8q0xMvUVDGkJPxq+4Nkv0mKZGeLpuz3y8 kC5KvCQfWSiLdTF9kWQcSmPb7p38rYd+PEfS7Nossp10H85uSD67hZ/NFcWuhNIJQrmq KXqTiKy4JBCGxkICF2E8Oo5Tyh1ky/pUuy6IJU5NmthsdMBhowd75xAOO15eB+Rp3v6E K5myJN79TxgnOzM+BSK5cx1cSkCQkfIbzJ1FVBFWA/J25MYgxFmGeXqgTuiIZrXitzkB QeNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712670025; x=1713274825; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=swALstFhx8te8uqCAXh0tcCwXkuPkv7dSWAmNCKm21A=; b=WVHHV5NP+HwJdpfiJ+SpYEOznxBUFYMLgYL31PS+6dBeQI6TRPwSxoQWpMP9HMSw/o FyCYV91KGfU/unZ/gj3GoSZ5qjLKtF9QioP+VQ2qOjLTqrxJGMzUvKkQkLnw7XFdlDKl t8mc9jRUzU+tOggWvpyJEKZlpNJcd4RoFhaz6bkAy1EX5EqTkCnP1eFuSMxztkVvOhSM eURV/IOKXKSAYlUzmlDKcJX9T4WZY7dkawlEpd8RCPKbFEwb1yyu2SWdX7CWhfhOBxvq zFnoFl7yz+Q9CFSsmsCPjKVZ+KExRe72RKcK1hIYL0nazQDlqj7YN0rxM3z+XZMZhY6+ 23WA== X-Gm-Message-State: AOJu0Yyyht3914yvjMycipLaQfHcoADI1r35KjsuJYPeBqoZbeqkJ6GU j6TsQd0FnAwUFwzT735esJYi/ppwq77weqVyrWZtHMT3gVG1PSGV8mz5XV0PEnt/aLZle32lD+d TlQ== X-Google-Smtp-Source: AGHT+IHdPdBeuKCxc/8NwL15eUK2EBgdZgnDXUcGzBmxvL8RbS53CsDRdjG2Cqvot7LiyWOln4WPGksiaYY= X-Received: from pgonda1.kir.corp.google.com ([2620:0:1008:15:661d:897e:ea86:704d]) (user=pgonda job=sendgmr) by 2002:a05:6902:1149:b0:dbe:a0c2:df25 with SMTP id p9-20020a056902114900b00dbea0c2df25mr551705ybu.8.1712670025038; Tue, 09 Apr 2024 06:40:25 -0700 (PDT) Date: Tue, 9 Apr 2024 06:39:58 -0700 In-Reply-To: <20240409133959.2888018-1-pgonda@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240409133959.2888018-1-pgonda@google.com> X-Mailer: git-send-email 2.44.0.478.gd926399ef9-goog Message-ID: <20240409133959.2888018-6-pgonda@google.com> Subject: [PATCH 5/6] Add is_sev_enabled() helpers From: Peter Gonda To: pgonda@google.com, seanjc@google.com Cc: linux-kernel@vger.kernel.org, Paolo Bonzini , Claudio Imbrenda , Carlos Bilbao , Tom Lendacky , Michael Roth Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add helper functions for guest code to check the status of SEV and SEV-ES. Cc: Paolo Bonzini Cc: Claudio Imbrenda Cc: Sean Christopherson Cc: Carlos Bilbao Cc: Tom Lendacky Cc: Michael Roth Signed-off-by: Peter Gonda --- tools/testing/selftests/kvm/include/x86_64/sev.h | 3 +++ tools/testing/selftests/kvm/lib/x86_64/sev.c | 11 +++++++++++ tools/testing/selftests/kvm/x86_64/sev_smoke_test.c | 5 ++--- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/kvm/include/x86_64/sev.h b/tools/testi= ng/selftests/kvm/include/x86_64/sev.h index bfd481707f67..691dc005e2a1 100644 --- a/tools/testing/selftests/kvm/include/x86_64/sev.h +++ b/tools/testing/selftests/kvm/include/x86_64/sev.h @@ -106,4 +106,7 @@ static inline void sev_launch_update_data(struct kvm_vm= *vm, vm_paddr_t gpa, vm_sev_ioctl(vm, KVM_SEV_LAUNCH_UPDATE_DATA, &update_data); } =20 +bool is_sev_enabled(void); +bool is_sev_es_enabled(void); + #endif /* SELFTEST_KVM_SEV_H */ diff --git a/tools/testing/selftests/kvm/lib/x86_64/sev.c b/tools/testing/s= elftests/kvm/lib/x86_64/sev.c index 27ae1d3b1355..5b3f0a8a931a 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/sev.c +++ b/tools/testing/selftests/kvm/lib/x86_64/sev.c @@ -189,3 +189,14 @@ struct kvm_vm *vm_sev_create_with_one_vcpu(uint32_t po= licy, void *guest_code, =20 return vm; } + +bool is_sev_enabled(void) +{ + return rdmsr(MSR_AMD64_SEV) & MSR_AMD64_SEV_ENABLED; +} + +bool is_sev_es_enabled(void) +{ + return is_sev_enabled() && + rdmsr(MSR_AMD64_SEV) & MSR_AMD64_SEV_ES_ENABLED; +} diff --git a/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c b/tools/te= sting/selftests/kvm/x86_64/sev_smoke_test.c index 026779f3ed06..1d84e78e7ae2 100644 --- a/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c +++ b/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c @@ -16,8 +16,7 @@ static void guest_sev_es_code(void) { /* TODO: Check CPUID after GHCB-based hypercall support is added. */ - GUEST_ASSERT(rdmsr(MSR_AMD64_SEV) & MSR_AMD64_SEV_ENABLED); - GUEST_ASSERT(rdmsr(MSR_AMD64_SEV) & MSR_AMD64_SEV_ES_ENABLED); + GUEST_ASSERT(is_sev_es_enabled()); =20 /* * TODO: Add GHCB and ucall support for SEV-ES guests. For now, simply @@ -30,7 +29,7 @@ static void guest_sev_es_code(void) static void guest_sev_code(void) { GUEST_ASSERT(this_cpu_has(X86_FEATURE_SEV)); - GUEST_ASSERT(rdmsr(MSR_AMD64_SEV) & MSR_AMD64_SEV_ENABLED); + GUEST_ASSERT(is_sev_enabled()); =20 GUEST_DONE(); } --=20 2.44.0.478.gd926399ef9-goog From nobody Sat Feb 7 21:24:20 2026 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B5219130A4E for ; Tue, 9 Apr 2024 13:40:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712670029; cv=none; b=jZPd96+YmtOZiwx+BdRLMWRycGD+5/9ih1rmDzRFBN4g3hU1ddCusb8Ukel9jUxeqeRLkHNLGlHUM4aAziLT3rPOuWqeSMOn68JDw8LaStHj+HajAb57DQaEBkYVCxbK9rtTOOyN1TFG92iToSdNHS6yLyL0y9O+Efx/mOemVRw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712670029; c=relaxed/simple; bh=GAIobzzxboeQoxJgFVKL8n/DQn9A2upw/KMw2J/d+sY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=kYyXo+mVnQfM5z94jyjqtHQhua6WYlFASQg+k21lNTjduSCBqylPulzIuQUy7TDnN1qjSQ2MqWaiR3+p+7kGCfqAMUoZbiNLyueyUVv5KlaDimB0BcNgN6c0hjVW/V7zEFIDiIKYiM+NM6TeTvt4NEhuaqnu0ZP36EtgG+0U9Gc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--pgonda.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=lW7UwVc0; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--pgonda.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="lW7UwVc0" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-dcdc3db67f0so7930483276.1 for ; Tue, 09 Apr 2024 06:40:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1712670027; x=1713274827; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=YRNEFFvzthCQ2SxLgYUrCxsmLZyU6XQAxNEXlnhRgbg=; b=lW7UwVc0N2wmg9r1KifO4bqne4KMwhPf76719ugoW3bczlTxRzQQk0v+or2InFrm43 CJjpPBzcTL9WahkEuMsA/VbEiHIyfD8NL2ewcGQQ7YxHp80EX8jYGrwLrcPmaEEF3P+T ileg1KLfLwwkrphu1kLRVEHGfuoas/5+pplhPwHdvchD5LT98t9rgG1VH1Q7OUgMynX5 sfSCf7ST7cjmCg3SC/zIzPOFSVU0PkQMnsLVJYkKKjR8Yc+aKYcQsMg4zOqzTp+QseQP AiFg9eLqLCivcdYftH0i7UXgu6mN2dzNmQFlGmWZpKxV4Vsi3hEPAfSj2E+jOYsH8Nr9 ELXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712670027; x=1713274827; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=YRNEFFvzthCQ2SxLgYUrCxsmLZyU6XQAxNEXlnhRgbg=; b=beujbdCk1JPljrRtRoQkTpfk9bXSaL+ZrCNDbtEG0QyvugcMp/71gqyZpo1cIbtI22 TYFVKJ+9YBjapdw123cOQMdXn+DzoqrOu3BYpgZAXVwl0Kg3QeXXnA3FYGBMxTKAqqye 8am9STrZcJUDX/ZsSEKUOJk56aAtowav3Y9jegPPc9Rz2q8qdkq1wJuwZTW851VvYh/S 6wGiXCr1nCb11xetsqAzfLTfLTYm6TmnBaFNORwDn2b9EdPJxqHM4qSfQmNtx5M7ePXl QvRZa1Gir/FCjaDE9UvvTKPMSaVTNlYnIFsvFQEuO7ynBCsmIGcvN2Tb52DWckbLxRs7 3EZw== X-Gm-Message-State: AOJu0YyH5OGYp9u9bKUD1NcJed5XDVhxXkkBKxuOC3VxySkW0hYGz7rA WCj16OQsB6+buRs7LqjUFFiJkdy+ja0CkmkZculDlaDEfnYPF3arjtaAT+hjIu/HEd0KW8pxI+V Psw== X-Google-Smtp-Source: AGHT+IEKsCBq+aM6z6+N2+c8FJ8Yhc0yVfyFcg83Huaf8k3nrOsQDp7J/38LV2sVOL1hIfaWY1pq8XOTm5M= X-Received: from pgonda1.kir.corp.google.com ([2620:0:1008:15:661d:897e:ea86:704d]) (user=pgonda job=sendgmr) by 2002:a25:8702:0:b0:dcc:2267:796e with SMTP id a2-20020a258702000000b00dcc2267796emr576941ybl.2.1712670026875; Tue, 09 Apr 2024 06:40:26 -0700 (PDT) Date: Tue, 9 Apr 2024 06:39:59 -0700 In-Reply-To: <20240409133959.2888018-1-pgonda@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240409133959.2888018-1-pgonda@google.com> X-Mailer: git-send-email 2.44.0.478.gd926399ef9-goog Message-ID: <20240409133959.2888018-7-pgonda@google.com> Subject: [PATCH 6/6] Add ability for SEV-ES guests to use ucalls via GHCB From: Peter Gonda To: pgonda@google.com, seanjc@google.com Cc: linux-kernel@vger.kernel.org, Vishal Annapurve , Ackerley Tng , Paolo Bonzini , Claudio Imbrenda , Carlos Bilbao , Tom Lendacky , Michael Roth , kvm@vger.kernel.org, linux-kselftest@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Modifies ucall handling for SEV-ES VMs. Instead of using an out instruction and storing the ucall pointer in RDI, SEV-ES guests use a outsb VMGEXIT to move the ucall pointer as the data. Allows for SEV-ES to use ucalls instead of relying the SEV-ES MSR based termination protocol. Cc: Vishal Annapurve Cc: Ackerley Tng Cc: Paolo Bonzini Cc: Claudio Imbrenda Cc: Sean Christopherson Cc: Carlos Bilbao Cc: Tom Lendacky Cc: Michael Roth Cc: kvm@vger.kernel.org Cc: linux-kselftest@vger.kernel.org Signed-off-by: Peter Gonda --- .../selftests/kvm/include/x86_64/sev.h | 2 + tools/testing/selftests/kvm/lib/x86_64/sev.c | 67 ++++++++++++++++++- .../testing/selftests/kvm/lib/x86_64/ucall.c | 17 +++++ .../selftests/kvm/x86_64/sev_smoke_test.c | 17 +---- 4 files changed, 84 insertions(+), 19 deletions(-) diff --git a/tools/testing/selftests/kvm/include/x86_64/sev.h b/tools/testi= ng/selftests/kvm/include/x86_64/sev.h index 691dc005e2a1..26447caccd40 100644 --- a/tools/testing/selftests/kvm/include/x86_64/sev.h +++ b/tools/testing/selftests/kvm/include/x86_64/sev.h @@ -109,4 +109,6 @@ static inline void sev_launch_update_data(struct kvm_vm= *vm, vm_paddr_t gpa, bool is_sev_enabled(void); bool is_sev_es_enabled(void); =20 +void sev_es_ucall_port_write(uint32_t port, uint64_t data); + #endif /* SELFTEST_KVM_SEV_H */ diff --git a/tools/testing/selftests/kvm/lib/x86_64/sev.c b/tools/testing/s= elftests/kvm/lib/x86_64/sev.c index 5b3f0a8a931a..276477f2c2cf 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/sev.c +++ b/tools/testing/selftests/kvm/lib/x86_64/sev.c @@ -8,11 +8,18 @@ #include "svm.h" #include "svm_util.h" =20 +#define IOIO_TYPE_STR (1 << 2) +#define IOIO_SEG_DS (1 << 11 | 1 << 10) +#define IOIO_DATA_8 (1 << 4) +#define IOIO_REP (1 << 3) + +#define SW_EXIT_CODE_IOIO 0x7b + struct ghcb_entry { struct ghcb ghcb; =20 /* Guest physical address of this GHCB. */ - void *gpa; + uint64_t gpa; =20 /* Host virtual address of this struct. */ struct ghcb_entry *hva; @@ -45,16 +52,22 @@ void ghcb_init(struct kvm_vm *vm) for (i =3D 0; i < KVM_MAX_VCPUS; ++i) { entry =3D &hdr->ghcbs[i]; entry->hva =3D entry; - entry->gpa =3D addr_hva2gpa(vm, &entry->ghcb); + entry->gpa =3D (uint64_t)addr_hva2gpa(vm, &entry->ghcb); } =20 write_guest_global(vm, ghcb_pool, (struct ghcb_header *)vaddr); } =20 +static void sev_es_terminate(void) +{ + wrmsr(MSR_AMD64_SEV_ES_GHCB, GHCB_MSR_TERM_REQ); +} + static struct ghcb_entry *ghcb_alloc(void) { return &ghcb_pool->ghcbs[0]; struct ghcb_entry *entry; + struct ghcb *ghcb; int i; =20 if (!ghcb_pool) @@ -63,12 +76,18 @@ static struct ghcb_entry *ghcb_alloc(void) for (i =3D 0; i < KVM_MAX_VCPUS; ++i) { if (!test_and_set_bit(i, ghcb_pool->in_use)) { entry =3D &ghcb_pool->ghcbs[i]; - memset(&entry->ghcb, 0, sizeof(entry->ghcb)); + ghcb =3D &entry->ghcb; + + memset(&ghcb, 0, sizeof(*ghcb)); + ghcb->ghcb_usage =3D 0; + ghcb->protocol_version =3D 1; + return entry; } } =20 ucall_failed: + sev_es_terminate(); return NULL; } =20 @@ -200,3 +219,45 @@ bool is_sev_es_enabled(void) return is_sev_enabled() && rdmsr(MSR_AMD64_SEV) & MSR_AMD64_SEV_ES_ENABLED; } + +static uint64_t setup_exitinfo1_portio(uint32_t port) +{ + uint64_t exitinfo1 =3D 0; + + exitinfo1 |=3D IOIO_TYPE_STR; + exitinfo1 |=3D ((port & 0xffff) << 16); + exitinfo1 |=3D IOIO_SEG_DS; + exitinfo1 |=3D IOIO_DATA_8; + exitinfo1 |=3D IOIO_REP; + + return exitinfo1; +} + +static void do_vmg_exit(uint64_t ghcb_gpa) +{ + wrmsr(MSR_AMD64_SEV_ES_GHCB, ghcb_gpa); + __asm__ __volatile__("rep; vmmcall"); +} + +void sev_es_ucall_port_write(uint32_t port, uint64_t data) +{ + struct ghcb_entry *entry; + struct ghcb *ghcb; + const uint64_t exitinfo1 =3D setup_exitinfo1_portio(port); + + entry =3D ghcb_alloc(); + ghcb =3D &entry->ghcb; + + ghcb_set_sw_exit_code(ghcb, SW_EXIT_CODE_IOIO); + ghcb_set_sw_exit_info_1(ghcb, exitinfo1); + ghcb_set_sw_exit_info_2(ghcb, sizeof(data)); + + // Setup the SW Stratch buffer pointer. + ghcb_set_sw_scratch(ghcb, + entry->gpa + offsetof(struct ghcb, shared_buffer)); + memcpy(&ghcb->shared_buffer, &data, sizeof(data)); + + do_vmg_exit(entry->gpa); + + ghcb_free(entry); +} diff --git a/tools/testing/selftests/kvm/lib/x86_64/ucall.c b/tools/testing= /selftests/kvm/lib/x86_64/ucall.c index 1265cecc7dd1..24da2f4316d8 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/ucall.c +++ b/tools/testing/selftests/kvm/lib/x86_64/ucall.c @@ -5,6 +5,8 @@ * Copyright (C) 2018, Red Hat, Inc. */ #include "kvm_util.h" +#include "processor.h" +#include "sev.h" =20 #define UCALL_PIO_PORT ((uint16_t)0x1000) =20 @@ -21,6 +23,10 @@ void ucall_arch_do_ucall(vm_vaddr_t uc) #define HORRIFIC_L2_UCALL_CLOBBER_HACK \ "rcx", "rsi", "r8", "r9", "r10", "r11" =20 + if (is_sev_es_enabled()) { + sev_es_ucall_port_write(UCALL_PIO_PORT, uc); + } + asm volatile("push %%rbp\n\t" "push %%r15\n\t" "push %%r14\n\t" @@ -48,8 +54,19 @@ void *ucall_arch_get_ucall(struct kvm_vcpu *vcpu) =20 if (run->exit_reason =3D=3D KVM_EXIT_IO && run->io.port =3D=3D UCALL_PIO_= PORT) { struct kvm_regs regs; + uint64_t addr; + + if (vcpu->vm->subtype =3D=3D VM_SUBTYPE_SEV_ES) { + TEST_ASSERT( + run->io.count =3D=3D 8 && run->io.size =3D=3D 1, + "SEV-ES ucall exit requires 8 byte string out\n"); + + addr =3D *(uint64_t *)((uint8_t *)(run) + run->io.data_offset); + return (void *)addr; + } =20 vcpu_regs_get(vcpu, ®s); + return (void *)regs.rdi; } return NULL; diff --git a/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c b/tools/te= sting/selftests/kvm/x86_64/sev_smoke_test.c index 1d84e78e7ae2..2448533a9a41 100644 --- a/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c +++ b/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c @@ -18,12 +18,7 @@ static void guest_sev_es_code(void) /* TODO: Check CPUID after GHCB-based hypercall support is added. */ GUEST_ASSERT(is_sev_es_enabled()); =20 - /* - * TODO: Add GHCB and ucall support for SEV-ES guests. For now, simply - * force "termination" to signal "done" via the GHCB MSR protocol. - */ - wrmsr(MSR_AMD64_SEV_ES_GHCB, GHCB_MSR_TERM_REQ); - __asm__ __volatile__("rep; vmmcall"); + GUEST_DONE(); } =20 static void guest_sev_code(void) @@ -45,16 +40,6 @@ static void test_sev(void *guest_code, uint64_t policy) for (;;) { vcpu_run(vcpu); =20 - if (policy & SEV_POLICY_ES) { - TEST_ASSERT(vcpu->run->exit_reason =3D=3D KVM_EXIT_SYSTEM_EVENT, - "Wanted SYSTEM_EVENT, got %s", - exit_reason_str(vcpu->run->exit_reason)); - TEST_ASSERT_EQ(vcpu->run->system_event.type, KVM_SYSTEM_EVENT_SEV_TERM); - TEST_ASSERT_EQ(vcpu->run->system_event.ndata, 1); - TEST_ASSERT_EQ(vcpu->run->system_event.data[0], GHCB_MSR_TERM_REQ); - break; - } - switch (get_ucall(vcpu, &uc)) { case UCALL_SYNC: continue; --=20 2.44.0.478.gd926399ef9-goog