Re: [RFC PATCH v2 24/32] kvm: x86: prepare for SEV guest management API support

Thu, 16 Mar 2017 03:34:09 -0700 


On 02/03/2017 16:17, Brijesh Singh wrote:
> ASID management:
>  - Reserve asid range for SEV guest, SEV asid range is obtained through
>    CPUID Fn8000_001f[ECX]. A non-SEV guest can use any asid outside the SEV
>    asid range.

How is backwards compatibility handled?

>  - SEV guest must have asid value within asid range obtained through CPUID.
>  - SEV guest must have the same asid for all vcpu's. A TLB flush is required
>    if different vcpu for the same ASID is to be run on the same host CPU.

[...]

> +
> +     /* which host cpu was used for running this vcpu */
> +     bool last_cpuid;

Should be unsigned int.

> 
> +     /* Assign the asid allocated for this SEV guest */
> +     svm->vmcb->control.asid = asid;
> +
> +     /* Flush guest TLB:
> +      * - when different VMCB for the same ASID is to be run on the
> +      *   same host CPU
> +      *   or
> +      * - this VMCB was executed on different host cpu in previous VMRUNs.
> +      */
> +     if (sd->sev_vmcbs[asid] != (void *)svm->vmcb ||

Why the cast?

> +             svm->last_cpuid != cpu)
> +             svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ALL_ASID;

If there is a match, you don't need to do anything else (neither reset
the asid, nor mark it as dirty, nor update the fields), so:

        if (sd->sev_vmcbs[asid] == svm->vmcb &&
            svm->last_cpuid == cpu)
                return;

        svm->last_cpuid = cpu;
        sd->sev_vmcbs[asid] = svm->vmcb;
        svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ALL_ASID;
        svm->vmcb->control.asid = asid;
        mark_dirty(svm->vmcb, VMCB_ASID);

(plus comments ;)).

Also, why not TLB_CONTROL_FLUSH_ASID if possible?

> +     svm->last_cpuid = cpu;
> +     sd->sev_vmcbs[asid] = (void *)svm->vmcb;
> +
> +     mark_dirty(svm->vmcb, VMCB_ASID);

[...]

> 
> diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
> index fef7d83..9df37a2 100644
> --- a/include/uapi/linux/kvm.h
> +++ b/include/uapi/linux/kvm.h
> @@ -1284,6 +1284,104 @@ struct kvm_s390_ucas_mapping {
>  /* Memory Encryption Commands */
>  #define KVM_MEMORY_ENCRYPT_OP          _IOWR(KVMIO, 0xb8, unsigned long)
>  
> +/* Secure Encrypted Virtualization mode */
> +enum sev_cmd_id {

Please add documentation in Documentation/virtual/kvm/memory_encrypt.txt.

Paolo

Reply via email to