lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 6 Nov 2017 11:34:12 +0100
From:   Borislav Petkov <bp@...en8.de>
To:     Brijesh Singh <brijesh.singh@....com>
Cc:     kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Radim Krčmář <rkrcmar@...hat.com>,
        Joerg Roedel <joro@...tes.org>,
        Tom Lendacky <thomas.lendacky@....com>, x86@...nel.org
Subject: Re: [Part2 PATCH v7 23/38] KVM: SVM: Reserve ASID range for SEV guest

On Wed, Nov 01, 2017 at 04:16:08PM -0500, Brijesh Singh wrote:
> A SEV-enabled guest must use ASIDs from the defined subset, while non-SEV
> guests can use the remaining ASID range. The range of allowed SEV guest
> ASIDs is [1 - CPUID_8000_001F[ECX][31:0]].
> 
> Cc: Thomas Gleixner <tglx@...utronix.de>
> Cc: Ingo Molnar <mingo@...hat.com>
> Cc: "H. Peter Anvin" <hpa@...or.com>
> Cc: Paolo Bonzini <pbonzini@...hat.com>
> Cc: "Radim Krčmář" <rkrcmar@...hat.com>
> Cc: Joerg Roedel <joro@...tes.org>
> Cc: Borislav Petkov <bp@...e.de>
> Cc: Tom Lendacky <thomas.lendacky@....com>
> Cc: x86@...nel.org
> Cc: kvm@...r.kernel.org
> Cc: linux-kernel@...r.kernel.org
> Improvements-by: Borislav Petkov <bp@...e.de>
> Signed-off-by: Brijesh Singh <brijesh.singh@....com>
> Reviewed-by: Borislav Petkov <bp@...e.de>
> ---
>  arch/x86/kvm/svm.c | 23 ++++++++++++++++++++++-
>  1 file changed, 22 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> index be2e98c01b22..d4b62536e305 100644
> --- a/arch/x86/kvm/svm.c
> +++ b/arch/x86/kvm/svm.c
> @@ -323,6 +323,8 @@ enum {
>  
>  #define VMCB_AVIC_APIC_BAR_MASK		0xFFFFFFFFFF000ULL
>  
> +static unsigned int max_sev_asid;
> +
>  static inline void mark_all_dirty(struct vmcb *vmcb)
>  {
>  	vmcb->control.clean = 0;
> @@ -787,7 +789,7 @@ static int svm_hardware_enable(void)
>  	sd->asid_generation = 1;
>  	sd->max_asid = cpuid_ebx(SVM_CPUID_FUNC) - 1;
>  	sd->next_asid = sd->max_asid + 1;
> -	sd->min_asid = 1;
> +	sd->min_asid = max_sev_asid + 1;
>  
>  	gdt = get_current_gdt_rw();
>  	sd->tss_desc = (struct kvm_ldttss_desc *)(gdt + GDT_ENTRY_TSS);
> @@ -1054,6 +1056,15 @@ static int avic_ga_log_notifier(u32 ga_tag)
>  	return 0;
>  }
>  
> +/*
> + * Get the maximum number of encrypted guests:
> + *  Fn8001_001F[ECX][31:0]: Number of supported guests.
> + */
> +static __init void sev_hardware_setup(void)
> +{
> +	max_sev_asid = cpuid_ecx(0x8000001F);
> +}
> +
>  static __init int svm_hardware_setup(void)
>  {
>  	int cpu;
> @@ -1084,6 +1095,16 @@ static __init int svm_hardware_setup(void)
>  		kvm_tsc_scaling_ratio_frac_bits = 32;
>  	}
>  
> +	if (sev) {
> +		if (boot_cpu_has(X86_FEATURE_SEV) &&
> +		    IS_ENABLED(CONFIG_KVM_AMD_SEV)) {
> +			sev_hardware_setup();
> +			pr_info("SEV supported\n");
> +		} else {
> +			sev = false;
> +		}
> +	}

Btw, upon a second look, this hunk should go with the previous patch.
This patch deals with ASID ranges, as the commit message states.

-- 
Regards/Gruss,
    Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ