| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Apr 2021 07:38:18 -0500
From: Brijesh Singh <brijesh.singh@....com>
To: x86@...nel.org, linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Cc: tglx@...utronix.de, bp@...en8.de, jroedel@...e.de,
thomas.lendacky@....com, pbonzini@...hat.com, mingo@...hat.com,
dave.hansen@...el.com, rientjes@...gle.com, seanjc@...gle.com,
peterz@...radead.org, hpa@...or.com, tony.luck@...el.com,
Brijesh Singh <brijesh.singh@....com>
Subject: [PATCH Part2 RFC v2 33/37] KVM: SVM: Add support to handle Page State Change VMGEXIT
SEV-SNP VMs can ask the hypervisor to change the page state in the RMP
table to be private or shared using the Page State Change NAE event
as defined in the GHCB specification section 4.1.6.
Signed-off-by: Brijesh Singh <brijesh.singh@....com>
---
arch/x86/kvm/svm/sev.c | 58 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 58 insertions(+)
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index cc2628d8ef1b..bd71ece35597 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -2641,6 +2641,7 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm)
case SVM_VMGEXIT_AP_JUMP_TABLE:
case SVM_VMGEXIT_UNSUPPORTED_EVENT:
case SVM_VMGEXIT_HYPERVISOR_FEATURES:
+ case SVM_VMGEXIT_SNP_PAGE_STATE_CHANGE:
break;
default:
goto vmgexit_err;
@@ -2927,6 +2928,7 @@ static int __snp_handle_page_state_change(struct kvm_vcpu *vcpu, int op, gpa_t g
case SNP_PAGE_STATE_PRIVATE:
rc = snp_make_page_private(vcpu, gpa, pfn, level);
break;
+ /* TODO: Add USMASH and PSMASH support */
default:
rc = -EINVAL;
break;
@@ -2947,6 +2949,53 @@ static int __snp_handle_page_state_change(struct kvm_vcpu *vcpu, int op, gpa_t g
return rc;
}
+static unsigned long snp_handle_page_state_change(struct vcpu_svm *svm, struct ghcb *ghcb)
+{
+ struct snp_page_state_entry *entry;
+ struct kvm_vcpu *vcpu = &svm->vcpu;
+ struct snp_page_state_change *info;
+ unsigned long rc;
+ int level, op;
+ gpa_t gpa;
+
+ if (!sev_snp_guest(vcpu->kvm))
+ return -ENXIO;
+
+ if (!setup_vmgexit_scratch(svm, true, sizeof(ghcb->save.sw_scratch))) {
+ pr_err("vmgexit: scratch area is not setup.\n");
+ return -EINVAL;
+ }
+
+ info = (struct snp_page_state_change *)svm->ghcb_sa;
+ entry = &info->entry[info->header.cur_entry];
+
+ if ((info->header.cur_entry >= VMGEXIT_PSC_MAX_ENTRY) ||
+ (info->header.end_entry >= VMGEXIT_PSC_MAX_ENTRY) ||
+ (info->header.cur_entry > info->header.end_entry))
+ return VMGEXIT_PSC_INVALID_HEADER;
+
+ while (info->header.cur_entry <= info->header.end_entry) {
+ entry = &info->entry[info->header.cur_entry];
+ gpa = gfn_to_gpa(entry->gfn);
+ level = RMP_TO_X86_PG_LEVEL(entry->pagesize);
+ op = entry->operation;
+
+ if (!IS_ALIGNED(gpa, page_level_size(level))) {
+ rc = VMGEXIT_PSC_INVALID_ENTRY;
+ goto out;
+ }
+
+ rc = __snp_handle_page_state_change(vcpu, op, gpa, level);
+ if (rc)
+ goto out;
+
+ info->header.cur_entry++;
+ }
+
+out:
+ return rc;
+}
+
static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm)
{
struct vmcb_control_area *control = &svm->vmcb->control;
@@ -3187,6 +3236,15 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu)
ret = 1;
break;
}
+ case SVM_VMGEXIT_SNP_PAGE_STATE_CHANGE: {
+ unsigned long rc;
+
+ ret = 1;
+
+ rc = snp_handle_page_state_change(svm, ghcb);
+ ghcb_set_sw_exit_info_2(ghcb, rc);
+ break;
+ }
case SVM_VMGEXIT_UNSUPPORTED_EVENT:
vcpu_unimpl(vcpu,
"vmgexit: unsupported event - exit_info_1=%#llx, exit_info_2=%#llx\n",
--
2.17.1
Powered by blists - more mailing lists