| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Sep 2017 22:04:16 +0200
From: Borislav Petkov <bp@...e.de>
To: Brijesh Singh <brijesh.singh@....com>
Cc: linux-kernel@...r.kernel.org, x86@...nel.org, kvm@...r.kernel.org,
Thomas Gleixner <tglx@...utronix.de>,
Joerg Roedel <joro@...tes.org>,
"Michael S . Tsirkin" <mst@...hat.com>,
Paolo Bonzini <pbonzini@...hat.com>,
\"Radim Krčmář\" <rkrcmar@...hat.com>,
Tom Lendacky <thomas.lendacky@....com>
Subject: Re: [RFC Part2 PATCH v3 05/26] KVM: SVM: Reserve ASID range for SEV
guest
On Mon, Jul 24, 2017 at 03:02:42PM -0500, Brijesh Singh wrote:
> SEV-enabled guest must use ASIDs from the defined subset, while non-SEV
"A SEV-enabled ..."
> guests can use the remaining ASID range. The range of ASID allowed for
> SEV-enabled guest is from 1 to a maximum value defined via CPUID
> Fn8000_001f[ECX].
I'd rewrite that to:
"The range of allowed SEV guest ASIDs is [1 - CPUID_8000_001F[ECX][31:0]]".
>
> Signed-off-by: Brijesh Singh <brijesh.singh@....com>
> ---
> arch/x86/kvm/svm.c | 23 ++++++++++++++++++++++-
> 1 file changed, 22 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> index 46f41bb..06bd902 100644
> --- a/arch/x86/kvm/svm.c
> +++ b/arch/x86/kvm/svm.c
> @@ -319,6 +319,9 @@ enum {
>
> #define VMCB_AVIC_APIC_BAR_MASK 0xFFFFFFFFFF000ULL
>
> +/* Secure Encrypted Virtualization */
If anything, this comment should explain what that variable is.
Basically the comment you have in sev_hardware_setup() now.
> +static unsigned int max_sev_asid;
> +
> static inline void mark_all_dirty(struct vmcb *vmcb)
> {
> vmcb->control.clean = 0;
> @@ -769,7 +772,7 @@ static int svm_hardware_enable(void)
> sd->asid_generation = 1;
> sd->max_asid = cpuid_ebx(SVM_CPUID_FUNC) - 1;
> sd->next_asid = sd->max_asid + 1;
> - sd->min_asid = 1;
> + sd->min_asid = max_sev_asid + 1;
>
> gdt = get_current_gdt_rw();
> sd->tss_desc = (struct kvm_ldttss_desc *)(gdt + GDT_ENTRY_TSS);
> @@ -1033,6 +1036,21 @@ static int avic_ga_log_notifier(u32 ga_tag)
> return 0;
> }
>
> +static __init void sev_hardware_setup(void)
> +{
> + int nguests;
> +
> + /*
> + * Get maximum number of encrypted guest supported: Fn8001_001F[ECX]
> + * Bit 31:0: Number of supported guest
> + */
> + nguests = cpuid_ecx(0x8000001F);
> + if (!nguests)
> + return;
> +
> + max_sev_asid = nguests;
> +}
max_sev_asid is static and it is already initialized to 0 and thus this
function can be simplified to:
/*
* Get maximum number of encrypted guest supported: Fn8001_001F[ECX].
* [31:0]: Number of supported guests.
*/
static __init void sev_hardware_setup(void)
{
max_sev_asid = cpuid_ecx(0x8000001F);
}
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--
Powered by blists - more mailing lists