>From deffc8d46fed51f9ec3e77e4a9f4c61a727eb174 Mon Sep 17 00:00:00 2001 From: Sean Christopherson Date: Wed, 20 Oct 2021 09:46:16 -0700 Subject: [PATCH 1/2] KVM: SVM: Set "released" on INIT-SIPI iff SEV-ES vCPU was in AP reset hold Set ghcb->sw_exit_info_2 when releasing a vCPU from an AP reset hold if and only if the vCPU is actually in a reset hold. Move the handling to INIT (was SIPI) so that KVM can check the current MP state; when SIPI is received, the vCPU will be in INIT_RECEIVED and will have lost track of whether or not the vCPU was in a reset hold. Drop the received_first_sipi flag, which was a hack to workaround the fact that KVM lost track of whether or not the vCPU was in a reset hold. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 34 ++++++++++++---------------------- arch/x86/kvm/svm/svm.c | 13 ++++++++----- arch/x86/kvm/svm/svm.h | 4 +--- 3 files changed, 21 insertions(+), 30 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 9afa71cb36e6..f8dfa88993b8 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2637,8 +2637,19 @@ void sev_es_init_vmcb(struct vcpu_svm *svm) set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTTOIP, 1, 1); } -void sev_es_vcpu_reset(struct vcpu_svm *svm) +void sev_es_vcpu_reset(struct vcpu_svm *svm, bool init_event) { + if (init_event) { + /* + * If the vCPU is in a "reset" hold, signal via SW_EXIT_INFO_2 + * that, assuming it receives a SIPI, the vCPU was "released". + */ + if (svm->vcpu.arch.mp_state == KVM_MP_STATE_AP_RESET_HOLD && + svm->ghcb) + ghcb_set_sw_exit_info_2(svm->ghcb, 1); + return; + } + /* * Set the GHCB MSR value as per the GHCB specification when emulating * vCPU RESET for an SEV-ES guest. @@ -2668,24 +2679,3 @@ void sev_es_prepare_guest_switch(struct vcpu_svm *svm, unsigned int cpu) /* MSR_IA32_XSS is restored on VMEXIT, save the currnet host value */ hostsa->xss = host_xss; } - -void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) -{ - struct vcpu_svm *svm = to_svm(vcpu); - - /* First SIPI: Use the values as initially set by the VMM */ - if (!svm->received_first_sipi) { - svm->received_first_sipi = true; - return; - } - - /* - * Subsequent SIPI: Return from an AP Reset Hold VMGEXIT, where - * the guest will set the CS and RIP. Set SW_EXIT_INFO_2 to a - * non-zero value. - */ - if (!svm->ghcb) - return; - - ghcb_set_sw_exit_info_2(svm->ghcb, 1); -} diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 89077160d463..0497066a91fb 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1372,9 +1372,6 @@ static void __svm_vcpu_reset(struct kvm_vcpu *vcpu) svm_init_osvw(vcpu); vcpu->arch.microcode_version = 0x01000065; svm->tsc_ratio_msr = kvm_default_tsc_scaling_ratio; - - if (sev_es_guest(vcpu->kvm)) - sev_es_vcpu_reset(svm); } static void svm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) @@ -1388,6 +1385,9 @@ static void svm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) if (!init_event) __svm_vcpu_reset(vcpu); + + if (sev_es_guest(vcpu->kvm)) + sev_es_vcpu_reset(svm, init_event); } void svm_switch_vmcb(struct vcpu_svm *svm, struct kvm_vmcb_info *target_vmcb) @@ -4553,10 +4553,13 @@ static bool svm_apic_init_signal_blocked(struct kvm_vcpu *vcpu) static void svm_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) { + /* + * SEV-ES (and later derivatives) use INIT-SIPI to bring up APs, but + * the guest is responsible for transitioning to Real Mode and setting + * CS:RIP, GPRs, etc... KVM just needs to make the vCPU runnable. + */ if (!sev_es_guest(vcpu->kvm)) return kvm_vcpu_deliver_sipi_vector(vcpu, vector); - - sev_vcpu_deliver_sipi_vector(vcpu, vector); } static void svm_vm_destroy(struct kvm *kvm) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 68e5f16a0554..c1f3685db2e1 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -190,7 +190,6 @@ struct vcpu_svm { struct vmcb_save_area *vmsa; struct ghcb *ghcb; struct kvm_host_map ghcb_map; - bool received_first_sipi; /* SEV-ES scratch area support */ void *ghcb_sa; @@ -562,8 +561,7 @@ void sev_free_vcpu(struct kvm_vcpu *vcpu); int sev_handle_vmgexit(struct kvm_vcpu *vcpu); int sev_es_string_io(struct vcpu_svm *svm, int size, unsigned int port, int in); void sev_es_init_vmcb(struct vcpu_svm *svm); -void sev_es_vcpu_reset(struct vcpu_svm *svm); -void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector); +void sev_es_vcpu_reset(struct vcpu_svm *svm, bool init_event); void sev_es_prepare_guest_switch(struct vcpu_svm *svm, unsigned int cpu); void sev_es_unmap_ghcb(struct vcpu_svm *svm); -- 2.33.0.1079.g6e70778dc9-goog