Guest context pages should be near 1-to-1 with allocated ASIDs. With the
GCTX API, the ccp driver is better able to associate guest context pages
with the ASID that is/will be bound to it.
This is important to the firmware hotloading implementation to not
corrupt any running VM's guest context page before userspace commits a
new firmware.
CC: Sean Christopherson <seanjc@google.com>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Thomas Gleixner <tglx@linutronix.de>
CC: Ingo Molnar <mingo@redhat.com>
CC: Borislav Petkov <bp@alien8.de>
CC: Dave Hansen <dave.hansen@linux.intel.com>
CC: Ashish Kalra <ashish.kalra@amd.com>
CC: Tom Lendacky <thomas.lendacky@amd.com>
CC: John Allen <john.allen@amd.com>
CC: Herbert Xu <herbert@gondor.apana.org.au>
CC: "David S. Miller" <davem@davemloft.net>
CC: Michael Roth <michael.roth@amd.com>
CC: Luis Chamberlain <mcgrof@kernel.org>
CC: Russ Weight <russ.weight@linux.dev>
CC: Danilo Krummrich <dakr@redhat.com>
CC: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
CC: "Rafael J. Wysocki" <rafael@kernel.org>
CC: Tianfei zhang <tianfei.zhang@intel.com>
CC: Alexey Kardashevskiy <aik@amd.com>
Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
---
arch/x86/kvm/svm/sev.c | 60 ++++++++----------------------------------
1 file changed, 11 insertions(+), 49 deletions(-)
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index d0e0152aefb32..5e6d1f1c14dfd 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -2156,51 +2156,12 @@ int sev_dev_get_attr(u32 group, u64 attr, u64 *val)
}
}
-/*
- * The guest context contains all the information, keys and metadata
- * associated with the guest that the firmware tracks to implement SEV
- * and SNP features. The firmware stores the guest context in hypervisor
- * provide page via the SNP_GCTX_CREATE command.
- */
-static void *snp_context_create(struct kvm *kvm, struct kvm_sev_cmd *argp)
-{
- struct sev_data_snp_addr data = {};
- void *context;
- int rc;
-
- /* Allocate memory for context page */
- context = snp_alloc_firmware_page(GFP_KERNEL_ACCOUNT);
- if (!context)
- return ERR_PTR(-ENOMEM);
-
- data.address = __psp_pa(context);
- rc = __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_GCTX_CREATE, &data, &argp->error);
- if (rc) {
- pr_warn("Failed to create SEV-SNP context, rc %d fw_error %d",
- rc, argp->error);
- snp_free_firmware_page(context);
- return ERR_PTR(rc);
- }
-
- return context;
-}
-
-static int snp_bind_asid(struct kvm *kvm, int *error)
-{
- struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
- struct sev_data_snp_activate data = {0};
-
- data.gctx_paddr = __psp_pa(sev->snp_context);
- data.asid = sev_get_asid(kvm);
- return sev_issue_cmd(kvm, SEV_CMD_SNP_ACTIVATE, &data, error);
-}
-
static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
{
struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
struct sev_data_snp_launch_start start = {0};
struct kvm_sev_snp_launch_start params;
- int rc;
+ int rc, asid;
if (!sev_snp_guest(kvm))
return -ENOTTY;
@@ -2226,7 +2187,8 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
if (params.policy & SNP_POLICY_MASK_SINGLE_SOCKET)
return -EINVAL;
- sev->snp_context = snp_context_create(kvm, argp);
+ asid = sev_get_asid(kvm);
+ sev->snp_context = sev_snp_create_context(argp->sev_fd, asid, &argp->error);
if (IS_ERR(sev->snp_context))
return PTR_ERR(sev->snp_context);
@@ -2241,7 +2203,7 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
}
sev->fd = argp->sev_fd;
- rc = snp_bind_asid(kvm, &argp->error);
+ rc = sev_snp_activate_asid(sev->fd, asid, &argp->error);
if (rc) {
pr_debug("%s: Failed to bind ASID to SEV-SNP context, rc %d\n",
__func__, rc);
@@ -2865,23 +2827,23 @@ int sev_vm_copy_enc_context_from(struct kvm *kvm, unsigned int source_fd)
static int snp_decommission_context(struct kvm *kvm)
{
struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
- struct sev_data_snp_addr data = {};
- int ret;
+ int ret, error;
/* If context is not created then do nothing */
if (!sev->snp_context)
return 0;
- /* Do the decommision, which will unbind the ASID from the SNP context */
- data.address = __sme_pa(sev->snp_context);
+ /*
+ * Do the decommision, which will unbind the ASID from the SNP context
+ * and free the context page.
+ */
down_write(&sev_deactivate_lock);
- ret = sev_do_cmd(SEV_CMD_SNP_DECOMMISSION, &data, NULL);
+ ret = sev_snp_guest_decommission(sev->fd, sev->asid, &error);
up_write(&sev_deactivate_lock);
- if (WARN_ONCE(ret, "Failed to release guest context, ret %d", ret))
+ if (WARN_ONCE(ret, "Failed to release guest context, ret %d fw err %d", ret, error))
return ret;
- snp_free_firmware_page(sev->snp_context);
sev->snp_context = NULL;
return 0;
--
2.47.0.277.g8800431eea-goog