Re: [RFC Part2 PATCH 05/30] x86: define RMP violation #PF error code

On 4/20/21 5:32 AM, Borislav Petkov wrote: > On Wed, Mar 24, 2021 at 12:04:11PM -0500, Brijesh Singh wrote: > > Btw, for all your patches where the subject prefix is only "x86:": > > The tip tree preferred format for patch subject prefixes is > 'subsys/component:

Re: [PATCH] KVM: x86: document behavior of measurement ioctls with len==0

On 4/20/21 4:34 AM, Paolo Bonzini wrote: > Signed-off-by: Paolo Bonzini Reviewed-by: Brijesh Singh Thanks > --- > Documentation/virt/kvm/amd-memory-encryption.rst | 6 ++ > 1 file changed, 6 insertions(+) > > diff --git a/Documentation/virt/kvm/amd-memory-e

Re: [RFC Part2 PATCH 04/30] x86/mm: split the physmap when adding the page in RMP table

On 4/19/21 1:10 PM, Andy Lutomirski wrote: > >> On Apr 19, 2021, at 10:58 AM, Dave Hansen wrote: >> >> On 4/19/21 10:46 AM, Brijesh Singh wrote: >>> - guest wants to make gpa 0x1000 as a shared page. To support this, we >>> need to psmash the large RM

Re: [RFC Part2 PATCH 04/30] x86/mm: split the physmap when adding the page in RMP table

On 4/19/21 7:32 AM, Borislav Petkov wrote: > On Wed, Mar 24, 2021 at 12:04:10PM -0500, Brijesh Singh wrote: >> A write from the hypervisor goes through the RMP checks. When the >> hypervisor writes to pages, hardware checks to ensures that the assigned >> bit in the

Re: [RFC Part2 PATCH 02/30] x86/sev-snp: add RMP entry lookup helpers

On 4/15/21 2:50 PM, Borislav Petkov wrote: > On Thu, Apr 15, 2021 at 01:08:09PM -0500, Brijesh Singh wrote: >> This is from Family 19h Model 01h Rev B01. The processor which >> introduces the SNP feature. Yes, I have already upload the PPR on the BZ. >> >> The P

Re: [RFC Part2 PATCH 03/30] x86: add helper functions for RMPUPDATE and PSMASH instruction

On 4/15/21 1:00 PM, Borislav Petkov wrote: > On Wed, Mar 24, 2021 at 12:04:09PM -0500, Brijesh Singh wrote: >> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c >> index 06394b6d56b2..7a0138cb3e17 100644 >> --- a/arch/x86/mm/mem_encrypt.c >> +++

Re: [RFC Part2 PATCH 02/30] x86/sev-snp: add RMP entry lookup helpers

On 4/15/21 12:03 PM, Borislav Petkov wrote: > On Wed, Mar 24, 2021 at 12:04:08PM -0500, Brijesh Singh wrote: >> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c > Also, why is all this SNP stuff landing in this file instead of in sev.c > or so which is AMD-spec

Re: [RFC Part2 PATCH 02/30] x86/sev-snp: add RMP entry lookup helpers

Hi Boris, On 4/15/21 11:57 AM, Borislav Petkov wrote: > On Wed, Mar 24, 2021 at 12:04:08PM -0500, Brijesh Singh wrote: >> The lookup_page_in_rmptable() can be used by the host to read the RMP >> entry for a given page. The RMP entry format is documented in PPR >> sec

Re: [RFC Part2 PATCH 01/30] x86: Add the host SEV-SNP initialization support

On 4/14/21 2:27 AM, Borislav Petkov wrote: > On Wed, Mar 24, 2021 at 12:04:07PM -0500, Brijesh Singh wrote: >> @@ -538,6 +540,10 @@ >> #define MSR_K8_SYSCFG 0xc0010010 >> #define MSR_K8_SYSCFG_MEM_ENCRYPT_BIT 23 >> #define MSR_K8_S

Re: [RFC Part1 PATCH 13/13] x86/kernel: add support to validate memory when changing C-bit

On 4/12/21 8:05 AM, Borislav Petkov wrote: > On Mon, Apr 12, 2021 at 07:55:01AM -0500, Brijesh Singh wrote: >> The cur_entry is updated by the hypervisor. While building the psc >> buffer the guest sets the cur_entry=0 and the end_entry point to the >> last valid

Re: [RFC Part1 PATCH 13/13] x86/kernel: add support to validate memory when changing C-bit

On 4/12/21 6:49 AM, Borislav Petkov wrote: > On Wed, Mar 24, 2021 at 11:44:24AM -0500, Brijesh Singh wrote: >> @@ -161,3 +162,108 @@ void __init early_snp_set_memory_shared(unsigned long >> vaddr, unsigned long paddr >> /* Ask hypervisor to make the memory sh

Re: [RFC Part1 PATCH 11/13] x86/kernel: validate rom memory before accessing when SEV-SNP is active

On 4/9/21 11:53 AM, Borislav Petkov wrote: > On Wed, Mar 24, 2021 at 11:44:22AM -0500, Brijesh Singh wrote: >> +/* >> + * The ROM memory is not part of the E820 system RAM and is not >> prevalidated by the BIOS. >> + * The kernel page table maps the ROM

Re: [PATCH] KVM: SVM: Add support for KVM_SEV_SEND_CANCEL command

we don't dump the command buffer. With that fixed. Reviewed-by: Brijesh Singh

Re: [RFC Part1 PATCH 09/13] x86/kernel: add support to validate memory in early enc attribute change

On 4/8/21 6:40 AM, Borislav Petkov wrote: > On Wed, Mar 24, 2021 at 11:44:20AM -0500, Brijesh Singh wrote: >> @@ -63,6 +63,10 @@ struct __packed snp_page_state_change { >> #define GHCB_REGISTER_GPA_RESP 0x013UL >> #define GHCB_REGISTER_GPA_RESP_VAL(val)

Re: [RFC Part1 PATCH 07/13] x86/compressed: register GHCB memory when SNP is active

On 4/7/21 6:59 AM, Borislav Petkov wrote: > On Wed, Mar 24, 2021 at 11:44:18AM -0500, Brijesh Singh wrote: >> The SEV-SNP guest is required to perform GHCB GPA registration. This is > Why does it need to do that? Some additional security so as to not allow > changin

Re: [PATCH v2 0/8] ccp: KVM: SVM: Use stack for SEV command buffers

svm/sev.c | 262 +-- > drivers/crypto/ccp/sev-dev.c | 197 +++++- > drivers/crypto/ccp/sev-dev.h | 4 +- > 3 files changed, 196 insertions(+), 267 deletions(-) > Thanks Sean. Reviewed-by: Brijesh Singh

Re: [RFC Part1 PATCH 06/13] x86/compressed: rescinds and validate the memory used for the GHCB

On 4/7/21 9:21 AM, Tom Lendacky wrote: > On 4/7/21 8:35 AM, Brijesh Singh wrote: >> On 4/7/21 6:16 AM, Borislav Petkov wrote: >>> On Tue, Apr 06, 2021 at 10:47:18AM -0500, Brijesh Singh wrote: >>>> Before the GHCB is established the caller does not need

Re: [RFC Part1 PATCH 06/13] x86/compressed: rescinds and validate the memory used for the GHCB

On 4/7/21 6:16 AM, Borislav Petkov wrote: > On Tue, Apr 06, 2021 at 10:47:18AM -0500, Brijesh Singh wrote: >> Before the GHCB is established the caller does not need to save and >> restore MSRs. The page_state_change() uses the GHCB MSR protocol and it >> can be called befo

Re: [RFC Part1 PATCH 06/13] x86/compressed: rescinds and validate the memory used for the GHCB

On 4/6/21 5:33 AM, Borislav Petkov wrote: > On Wed, Mar 24, 2021 at 11:44:17AM -0500, Brijesh Singh wrote: >> Many of the integrity guarantees of SEV-SNP are enforced through the >> Reverse Map Table (RMP). Each RMP entry contains the GPA at which a >> particular page of

Re: [PATCH 3/5] crypto: ccp: Play nice with vmalloc'd memory for SEV command structs

On 4/5/21 10:06 AM, Sean Christopherson wrote: > On Sun, Apr 04, 2021, Christophe Leroy wrote: >> Le 03/04/2021 à 01:37, Sean Christopherson a écrit : >>> @@ -152,11 +153,21 @@ static int __sev_do_cmd_locked(int cmd, void *data, >>> int *psp_ret) >>> sev = psp->sev_data; >>> buf_len =

Re: [PATCH 0/5] ccp: KVM: SVM: Use stack for SEV command buffers

Hi Sean, On 4/2/21 6:36 PM, Sean Christopherson wrote: > While doing minor KVM cleanup to account various kernel allocations, I > noticed that all of the SEV command buffers are allocated via kmalloc(), > even for commands whose payloads is smaller than a pointer. After much > head scratching,

Re: [RFC Part1 PATCH 05/13] X86/sev-es: move few helper functions in common file

On 4/2/21 2:27 PM, Borislav Petkov wrote: > On Wed, Mar 24, 2021 at 11:44:16AM -0500, Brijesh Singh wrote: >> The sev_es_terminate() and sev_es_{wr,rd}_ghcb_msr() helper functions >> in a common file so that it can be used by both the SEV-ES and SEV-SNP. >> >> Cc: T

Re: [RFC Part1 PATCH 04/13] x86/sev-snp: define page state change VMGEXIT structure

On 4/1/21 5:32 AM, Borislav Petkov wrote: > On Wed, Mar 24, 2021 at 11:44:15AM -0500, Brijesh Singh wrote: >> An SNP-active guest will use the page state change VNAE MGEXIT defined in > I guess this was supposed to mean "NAE VMGEXIT" but pls write "NAE" out &g

Re: [RFC Part1 PATCH 03/13] x86: add a helper routine for the PVALIDATE instruction

On 3/26/21 2:12 PM, Borislav Petkov wrote: > On Fri, Mar 26, 2021 at 01:22:24PM -0500, Brijesh Singh wrote: >> Should I do the same for the sev-es.c ? Currently, I am keeping all the >> SEV-SNP specific changes in sev-snp.{c,h}. After a rename of >> sev-es.{c,h} from bot

Re: [RFC Part1 PATCH 03/13] x86: add a helper routine for the PVALIDATE instruction

On 3/26/21 2:22 PM, Borislav Petkov wrote: > On Fri, Mar 26, 2021 at 10:42:56AM -0500, Brijesh Singh wrote: >> There is no strong reason for a separate sev-snp.h. I will add a >> pre-patch to rename sev-es.h to sev.h and add SNP stuff to it. > Thx. > >> I was t

Re: [RFC Part1 PATCH 03/13] x86: add a helper routine for the PVALIDATE instruction

On 3/26/21 10:42 AM, Brijesh Singh wrote: > On 3/26/21 9:30 AM, Borislav Petkov wrote: >> On Wed, Mar 24, 2021 at 11:44:14AM -0500, Brijesh Singh wrote: >>> arch/x86/include/asm/sev-snp.h | 52 ++ >> Hmm, a separate header. >> >>

Re: [RFC Part1 PATCH 03/13] x86: add a helper routine for the PVALIDATE instruction

On 3/26/21 9:30 AM, Borislav Petkov wrote: > On Wed, Mar 24, 2021 at 11:44:14AM -0500, Brijesh Singh wrote: >> arch/x86/include/asm/sev-snp.h | 52 ++ > Hmm, a separate header. > > Yeah, I know we did sev-es.h but I think it all should be in a si

Re: [RFC Part2 PATCH 01/30] x86: Add the host SEV-SNP initialization support

On 3/25/21 10:51 AM, Dave Hansen wrote: > On 3/25/21 8:31 AM, Brijesh Singh wrote: >> On 3/25/21 9:58 AM, Dave Hansen wrote: >>>> +static int __init mem_encrypt_snp_init(void) >>>> +{ >>>> + if (!boot_cpu_has(X86_FEATURE_SEV_SNP)) >>>&

Re: [RFC Part2 PATCH 01/30] x86: Add the host SEV-SNP initialization support

On 3/25/21 9:58 AM, Dave Hansen wrote: >> +static int __init mem_encrypt_snp_init(void) >> +{ >> +if (!boot_cpu_has(X86_FEATURE_SEV_SNP)) >> +return 1; >> + >> +if (rmptable_init()) { >> +setup_clear_cpu_cap(X86_FEATURE_SEV_SNP); >> +return 1; >> +

Re: [RFC Part2 PATCH 07/30] mm: add support to split the large THP based on RMP violation

On 3/25/21 9:48 AM, Dave Hansen wrote: > On 3/24/21 10:04 AM, Brijesh Singh wrote: >> When SEV-SNP is enabled globally in the system, a write from the hypervisor >> can raise an RMP violation. We can resolve the RMP violation by splitting >> the virtual address to a lower

Re: [RFC Part1 PATCH 01/13] x86/cpufeatures: Add SEV-SNP CPU feature

On 3/25/21 5:54 AM, Borislav Petkov wrote: > On Wed, Mar 24, 2021 at 11:44:12AM -0500, Brijesh Singh wrote: >> Add CPU feature detection for Secure Encrypted Virtualization with >> Secure Nested Paging. This feature adds a strong memory integrity >> protection to h

Re: [RFC Part2 PATCH 05/30] x86: define RMP violation #PF error code

On 3/24/21 1:03 PM, Dave Hansen wrote: >> diff --git a/arch/x86/include/asm/trap_pf.h b/arch/x86/include/asm/trap_pf.h >> index 10b1de500ab1..107f9d947e8d 100644 >> --- a/arch/x86/include/asm/trap_pf.h >> +++ b/arch/x86/include/asm/trap_pf.h >> @@ -12,6 +12,7 @@ >> * bit 4 ==

Re: [RFC Part2 PATCH 06/30] x86/fault: dump the RMP entry on #PF

On 3/24/21 12:47 PM, Andy Lutomirski wrote: > On Wed, Mar 24, 2021 at 10:04 AM Brijesh Singh wrote: >> If hardware detects an RMP violation, it will raise a page-fault exception >> with the RMP bit set. To help the debug, dump the RMP entry of the faulting >> address. >

[RFC Part2 PATCH 28/30] KVM: SVM: add support to handle Page State Change VMGEXIT

" Cc: Tony Luck Cc: Dave Hansen Cc: "Peter Zijlstra (Intel)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: Vitaly Kuznetsov Cc: Wanpeng Li Cc: Jim Mattson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x8

[RFC Part2 PATCH 30/30] KVM: X86: Add support to handle the RMP nested page fault

ra (Intel)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: Vitaly Kuznetsov Cc: Wanpeng Li Cc: Jim Mattson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/mmu

[RFC Part2 PATCH 29/30] KVM: X86: export the kvm_zap_gfn_range() for the SNP use

el)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: Vitaly Kuznetsov Cc: Wanpeng Li Cc: Jim Mattson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/mmu.h

[RFC Part2 PATCH 27/30] KVM: SVM: add support to handle MSR based Page State Change VMGEXIT

...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm/sev.c | 148 + arch/x86/kvm/svm/svm.h | 11 +++ 2 files changed, 159 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 7c242c470eba..8f046b45c424 10064

[RFC Part2 PATCH 26/30] KVM: SVM: add support to handle GHCB GPA register VMGEXIT

Zijlstra (Intel)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: Vitaly Kuznetsov Cc: Wanpeng Li Cc: Jim Mattson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm/sev.c | 28 ++

[RFC Part2 PATCH 24/30] KVM: X86: define new RMP check related #NPF error bits

tsov Cc: Wanpeng Li Cc: Jim Mattson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm_host.h | 8 1 file changed, 8 insertions(+) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 93dc4f232964.

[RFC Part2 PATCH 25/30] KVM: X86: update page-fault trace to log the 64-bit error code

ave Hansen Cc: "Peter Zijlstra (Intel)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: Vitaly Kuznetsov Cc: Wanpeng Li Cc: Jim Mattson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/trace.h | 6 +++--

[RFC Part2 PATCH 23/30] KVM: X86: Introduce kvm_mmu_get_tdp_walk() for SEV-SNP use

Cc: David Rientjes Cc: Sean Christopherson Cc: Vitaly Kuznetsov Cc: Wanpeng Li Cc: Jim Mattson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/mmu.h | 1 + arch/x86/kvm/mmu/mmu.c | 29 + 2 files changed, 30 inser

[RFC Part2 PATCH 22/30] x86/mmu: Introduce kvm_mmu_map_tdp_page() for use by SEV

Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/mmu.h | 2 ++ arch/x86/kvm/mmu/mmu.c | 20 2 files changed, 22 insertions(+) diff --git a/arch/x86/kvm/mmu.h b/arch

[RFC Part2 PATCH 20/30] KVM: SVM: add KVM_SEV_SNP_LAUNCH_FINISH command

Roedel Cc: "H. Peter Anvin" Cc: Tony Luck Cc: Dave Hansen Cc: "Peter Zijlstra (Intel)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: Vitaly Kuznetsov Cc: Wanpeng Li Cc: Jim Mattson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-o

[RFC Part2 PATCH 17/30] KVM: SVM: add KVM_SEV_SNP_LAUNCH_START command

opherson Cc: Vitaly Kuznetsov Cc: Wanpeng Li Cc: Jim Mattson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm/sev.c | 221 ++- arch/x86/kvm/svm/svm.h | 1 + include/uapi/linux/kvm.h | 8 ++ 3 files cha

[RFC Part2 PATCH 21/30] KVM: X86: Add kvm_x86_ops to get the max page level for the TDP

c: Sean Christopherson Cc: Vitaly Kuznetsov Cc: Wanpeng Li Cc: Jim Mattson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/mmu/mmu.c | 6 -- arch/x86/kvm/svm/sev.c | 20 ++

[RFC Part2 PATCH 19/30] KVM: SVM: Reclaim the guest pages when SEV-SNP VM terminates

ernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm/sev.c | 41 + 1 file changed, 41 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 1a0c8c95d178..4037430b8d56 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/

[RFC Part2 PATCH 18/30] KVM: SVM: add KVM_SEV_SNP_LAUNCH_UPDATE command

Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: Vitaly Kuznetsov Cc: Wanpeng Li Cc: Jim Mattson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm/sev.c | 136 +++ include/uapi/linux/kvm.h | 18 ++

[RFC Part2 PATCH 16/30] KVM: SVM: add KVM_SNP_INIT command

...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm/sev.c | 41 ++-- arch/x86/kvm/svm/svm.c | 5 + arch/x86/kvm/svm/svm.h | 1 + include/uapi/linux/kvm.h | 3 +++ 4 files changed, 48 insertions(+), 2 deletions(-

[RFC Part2 PATCH 14/30] KVM: SVM: make AVIC backing, VMSA and VMCB memory allocation SNP safe

Petkov Cc: Joerg Roedel Cc: "H. Peter Anvin" Cc: Tony Luck Cc: Dave Hansen Cc: "Peter Zijlstra (Intel)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Co-developed-by: Marc Orr Signed-off-by: M

[RFC Part2 PATCH 15/30] KVM: SVM: define new SEV_FEATURES field in the VMCB Save State Area

: Jim Mattson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/svm.h | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 1c561945b426..c38783a1d24f 100644 --- a/

[RFC Part2 PATCH 09/30] crypto: ccp: Add support to initialize the AMD-SP for SEV-SNP

Hansen Cc: "Peter Zijlstra (Intel)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/sev-dev.c | 164 ++- drivers/crypto

[RFC Part2 PATCH 13/30] KVM: SVM: add initial SEV-SNP support

Cc: Dave Hansen Cc: "Peter Zijlstra (Intel)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm/sev.c | 17 + arch/x86/kvm/svm/svm.c | 5 + ar

[RFC Part2 PATCH 10/30] crypto: ccp: shutdown SNP firmware on kexec

Peter Anvin" Cc: Tony Luck Cc: Dave Hansen Cc: "Peter Zijlstra (Intel)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/sev-dev.c | 18 --

[RFC Part2 PATCH 11/30] crypto:ccp: provide APIs to issue SEV-SNP commands

Zijlstra (Intel)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/sev-dev.c | 41 + include/linux/psp-sev.h | 85 +

[RFC Part2 PATCH 12/30] crypto ccp: handle the legacy SEV command when SNP is enabled

er.kernel.org Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/sev-dev.c | 90 +--- drivers/crypto/ccp/sev-dev.h | 1 + 2 files changed, 85 insertions(+), 6 deletions(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 242c4775eb56.

[RFC Part2 PATCH 08/30] crypto:ccp: define the SEV-SNP commands

d Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/sev-dev.c | 11 ++ include/linux/psp-sev.h | 210 +++ include/uapi/linux/psp-sev.h | 27 + 3 files changed, 248 inser

[RFC Part2 PATCH 06/30] x86/fault: dump the RMP entry on #PF

Hansen Cc: "Peter Zijlstra (Intel)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/mm/fault.c | 75 + 1 file changed, 75

[RFC Part2 PATCH 07/30] mm: add support to split the large THP based on RMP violation

: Borislav Petkov Cc: Joerg Roedel Cc: "H. Peter Anvin" Cc: Tony Luck Cc: Dave Hansen Cc: "Peter Zijlstra (Intel)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch

[RFC Part2 PATCH 05/30] x86: define RMP violation #PF error code

Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/trap_pf.h | 2 ++ arch/x86/mm/fault.c| 1 + 2 files changed, 3 insertions(+) diff --git a/arch/x86/include/asm/trap_pf.h b/

[RFC Part2 PATCH 04/30] x86/mm: split the physmap when adding the page in RMP table

: Joerg Roedel Cc: "H. Peter Anvin" Cc: Tony Luck Cc: Dave Hansen Cc: "Peter Zijlstra (Intel)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/mm/mem_enc

[RFC Part2 PATCH 03/30] x86: add helper functions for RMPUPDATE and PSMASH instruction

olo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/sev-snp.h | 27 ++ arch/x86/mm/mem_encrypt.c | 41 ++ 2 files ch

[RFC Part2 PATCH 02/30] x86/sev-snp: add RMP entry lookup helpers

Cc: "Peter Zijlstra (Intel)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/sev-snp.h | 31 +++ arch/x86/mm/mem

[RFC Part2 PATCH 01/30] x86: Add the host SEV-SNP initialization support

ra (Intel)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/msr-index.h | 6 +++ arch/x86/include/asm/sev-snp.h | 10 arch/x86/mm/mem_e

[RFC Part2 PATCH 00/30] Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support

ec is also available at https://github.com/AMDESE/AMDSEV/blob/sev-snp-devel/docs/56421-Guest_Hypervisor_Communication_Block_Standardization.pdf GHCB spec v1: SEV-SNP firmware specification: https://developer.amd.com/sev/ Brijesh Singh (30): x86: Add the host SEV-SNP initialization support

[RFC Part1 PATCH 13/13] x86/kernel: add support to validate memory when changing C-bit

ernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/sev-es.h | 2 + arch/x86/include/asm/sev-snp.h | 4 ++ arch/x86/kernel/sev-es.c | 7 +++ arch/x86/kernel/sev-snp.c | 106 + arch/x86/mm/pat/set_memory.c | 19 ++ 5 files cha

[RFC Part1 PATCH 12/13] x86/sev-es: make GHCB get and put helper accessible outside

Cc: Borislav Petkov Cc: Joerg Roedel Cc: "H. Peter Anvin" Cc: Tony Luck Cc: Dave Hansen Cc: "Peter Zijlstra (Intel)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh

[RFC Part1 PATCH 10/13] X86: kernel: make the bss.decrypted section shared in RMP table

d Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kernel/head64.c | 14 ++ 1 file changed, 14 insertions(+) diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 5e9beb77cafd..1bf005d38ebc 100644 --- a/arch

[RFC Part1 PATCH 07/13] x86/compressed: register GHCB memory when SNP is active

c: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/boot/compressed/sev-es.c | 4 arch/x86/boot/compressed/sev-snp.c | 26 ++ arch/x86/include/as

[RFC Part1 PATCH 11/13] x86/kernel: validate rom memory before accessing when SEV-SNP is active

: Ingo Molnar Cc: Borislav Petkov Cc: Joerg Roedel Cc: "H. Peter Anvin" Cc: Tony Luck Cc: Dave Hansen Cc: "Peter Zijlstra (Intel)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brij

[RFC Part1 PATCH 05/13] X86/sev-es: move few helper functions in common file

;Peter Zijlstra (Intel)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/boot/compressed/sev-common.c | 32 +++ arch/x86/boot/compress

[RFC Part1 PATCH 06/13] x86/compressed: rescinds and validate the memory used for the GHCB

Cc: Dave Hansen Cc: "Peter Zijlstra (Intel)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/boot/compressed/Makefile | 1 + arch/x86/boot/compressed/

[RFC Part1 PATCH 09/13] x86/kernel: add support to validate memory in early enc attribute change

el)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/sev-snp.h | 20 +++ arch/x86/kernel/sev-snp.c | 105 + arch/x86/mm/mem_

[RFC Part1 PATCH 04/13] x86/sev-snp: define page state change VMGEXIT structure

hristopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/sev-snp.h | 34 + arch/x86/include/uapi/asm/svm.h | 1 + 2 files changed, 35 insertions(+) diff --git a/arch/x86/include/asm/sev-snp.h b/arch/x86/i

[RFC Part1 PATCH 08/13] x86/sev-es: register GHCB memory when SEV-SNP is active

Peter Anvin" Cc: Tony Luck Cc: Dave Hansen Cc: "Peter Zijlstra (Intel)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kernel/Makefile | 3 ++ arch/x86/k

[RFC Part1 PATCH 03/13] x86: add a helper routine for the PVALIDATE instruction

d Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/sev-snp.h | 52 ++ 1 file changed, 52 insertions(+) create mode 100644 arch/x86/include/asm/sev-snp.h diff --git a/arch/x86/inc

[RFC Part1 PATCH 02/13] x86/mm: add sev_snp_active() helper

el)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/mem_encrypt.h | 2 ++ arch/x86/include/asm/msr-index.h | 2 ++ arch/x86/mm/mem_encrypt.c | 9 ++

[RFC Part1 PATCH 01/13] x86/cpufeatures: Add SEV-SNP CPU feature

Petkov Cc: Joerg Roedel Cc: "H. Peter Anvin" Cc: Tony Luck Cc: Dave Hansen Cc: "Peter Zijlstra (Intel)" Cc: Paolo Bonzini Cc: Tom Lendacky Cc: David Rientjes Cc: Sean Christopherson Cc: x...@kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh ---

[RFC Part1 PATCH 00/13] Add AMD Secure Nested Paging (SEV-SNP) Guest Support

fication: https://developer.amd.com/sev/ Brijesh Singh (13): x86/cpufeatures: Add SEV-SNP CPU feature x86/mm: add sev_snp_active() helper x86: add a helper routine for the PVALIDATE instruction x86/sev-snp: define page state change VMGEXIT structure X86/sev-es: move few helper functions i

Re: [PATCH v10 10/16] KVM: x86: Introduce KVM_GET_SHARED_PAGES_LIST ioctl

On 3/8/21 1:51 PM, Sean Christopherson wrote: > On Mon, Mar 08, 2021, Ashish Kalra wrote: >> On Fri, Feb 26, 2021 at 09:44:41AM -0800, Sean Christopherson wrote: >>> +Will and Quentin (arm64) >>> >>> Moving the non-KVM x86 folks to bcc, I don't they care about KVM details at >>> this >>> point.

Re: [PATCH] crypto: ccp - Don't initialize SEV support without the SEV feature

; the check won't cause any build problems. > > Cc: John Allen > Cc: Brijesh Singh > Signed-off-by: Tom Lendacky Reviewed-By: Brijesh Singh > --- > drivers/crypto/ccp/sev-dev.c | 6 ++ > 1 file changed, 6 insertions(+) > > diff --git a/drivers/crypto/ccp/s

Re: [PATCH v2] KVM/SVM: add support for SEV attestation command

Hi Paolo, Do you have any feedback on this ? It will be great if we can queue this for 5.11. -Brijesh On 1/4/21 9:17 AM, Brijesh Singh wrote: > The SEV FW version >= 0.23 added a new command that can be used to query > the attestation report containing the SHA-256 digest of the gue

Re: [PATCH v2 12/14] KVM: SVM: Drop redundant svm_sev_enabled() helper

ev_asid is valid but SEV enabling fails due to OOM). > > Signed-off-by: Sean Christopherson > --- > arch/x86/kvm/svm/sev.c | 6 +++--- > arch/x86/kvm/svm/svm.h | 5 - > 2 files changed, 3 insertions(+), 8 deletions(-) Thanks Reviewed-by: Brijesh Singh > diff --git a/ar

Re: [PATCH v2 13/14] KVM: SVM: Remove an unnecessary prototype declaration of sev_flush_asids()

1 - > 1 file changed, 1 deletion(-) Thanks Reviewed-by: Brijesh Singh > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c > index 7e14514dd083..23a4bead4a82 100644 > --- a/arch/x86/kvm/svm/sev.c > +++ b/arch/x86/kvm/svm/sev.c > @@ -41,7 +41,6 @@ module_param_named(sev_

Re: [PATCH v2 11/14] KVM: SVM: Move SEV VMCB tracking allocation to sev.c

> + > + sd->sev_vmcbs = kmalloc_array(max_sev_asid + 1, sizeof(void *), > + GFP_KERNEL | __GFP_ZERO); I saw Tom recommended to use kzalloc.. instead of __GFP_ZERO in previous patch. With that fixed, Reviewed-by: Brijesh Singh > + if (!sd->sev_vm

Re: [PATCH v2 10/14] KVM: SVM: Explicitly check max SEV ASID during sev_hardware_setup()

herson > --- > arch/x86/kvm/svm/sev.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) thanks Reviewed-by: Brijesh Singh > > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c > index 02a66008e9b9..1a143340103e 100644 > --- a/arch/x86/kvm/svm/sev.c &

Re: [PATCH v2 09/14] KVM: SVM: Unconditionally invoke sev_hardware_teardown()

functional change intended. > > Signed-off-by: Sean Christopherson > --- > arch/x86/kvm/svm/svm.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) Reviewed-by: Brijesh Singh > > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c > index f89f702b2a58

Re: [PATCH v2 08/14] KVM: SVM: Condition sev_enabled and sev_es_enabled on CONFIG_KVM_AMD_SEV=y

- > 1 file changed, 8 insertions(+), 1 deletion(-) thanks Reviewed-by: Brijesh Singh > > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c > index a024edabaca5..02a66008e9b9 100644 > --- a/arch/x86/kvm/svm/sev.c > +++ b/arch/x86/kvm/svm/sev.c > @@ -28,12 +28,17

Re: [PATCH v2 07/14] KVM: SVM: Append "_enabled" to module-scoped SEV/SEV-ES control variables

local struct kvm_sev_info pointers. > > No functional change intended. > > Acked-by: Tom Lendacky > Signed-off-by: Sean Christopherson > --- > arch/x86/kvm/svm/sev.c | 20 ++-- > 1 file changed, 10 insertions(+), 10 deletions(-) thanks Reviewed-by: Brijesh Si

Re: [PATCH v2 06/14] x86/sev: Drop redundant and potentially misleading 'sev_enabled'

+--- > arch/x86/mm/mem_encrypt_identity.c | 1 - > 3 files changed, 5 insertions(+), 9 deletions(-) Thanks Reviewed-by: Brijesh Singh > diff --git a/arch/x86/include/asm/mem_encrypt.h > b/arch/x86/include/asm/mem_encrypt.h > index 2f62bbdd9d12..88d624499411 100644 > -

Re: [PATCH v2 05/14] KVM: x86: Override reported SME/SEV feature flags with host mask

e mask a SEV-SNP capable CPU may incorrectly advertise SNP > support to userspace. > > Cc: Brijesh Singh > Cc: Tom Lendacky > Signed-off-by: Sean Christopherson > --- > arch/x86/kvm/cpuid.c | 2 ++ > arch/x86/kvm/cpuid.h | 1 + > 2 files changed, 3 insertions

Re: [PATCH v2 04/14] x86/cpufeatures: Assign dedicated feature word for AMD mem encryption

tools/arch/x86/include/asm/disabled-features.h | 3 ++- > tools/arch/x86/include/asm/required-features.h | 3 ++- > 8 files changed, 27 insertions(+), 17 deletions(-) Thanks Reviewed-by: Brijesh Singh > > diff --git a/arch/x86/include/asm/cpufeature.h > b/arch/x86/include/asm/c

Re: [PATCH v2 03/14] KVM: SVM: Move SEV module params/variables to sev.c

> 3 files changed, 12 insertions(+), 16 deletions(-) Reviewed-by: Brijesh Singh > > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c > index 0eeb6e1b803d..8ba93b8fa435 100644 > --- a/arch/x86/kvm/svm/sev.c > +++ b/arch/x86/kvm/svm/sev.c > @@ -27,6 +27,14 @@

Re: [PATCH v2 01/14] KVM: SVM: Zero out the VMCB array used to track SEV ASID association

ve to not flush the ASID at any time while building the > new SEV guest. > > Cc: Borislav Petkov > Cc: Tom Lendacky > Cc: Brijesh Singh > Fixes: 70cd94e60c73 ("KVM: SVM: VMRUN should use associated ASID when SEV is > enabled") > Signed-off-by: Sean Christopherson

Re: [Patch v4 1/2] cgroup: svm: Add Encryption ID controller

on the platform and current usage count. Other ID types can be easily added in the controller in the same way. Signed-off-by: Vipin Sharma Reviewed-by: David Rientjes Reviewed-by: Dionna Glaze Acked-by: Brijesh Singh --- arch/x86/kvm/svm/sev.c| 52 +++- include

[PATCH v2] KVM/SVM: add support for SEV attestation command

ley Signed-off-by: Brijesh Singh --- v2: * Fix documentation typo .../virt/kvm/amd-memory-encryption.rst| 21 ++ arch/x86/kvm/svm/sev.c| 71 +++ drivers/crypto/ccp/sev-dev.c | 1 + include/linux/psp-sev.h |

Re: [PATCH] KVM/SVM: add support for SEV attestation command

On 12/9/20 1:51 AM, Ard Biesheuvel wrote: > On Fri, 4 Dec 2020 at 22:30, Brijesh Singh wrote: >> The SEV FW version >= 0.23 added a new command that can be used to query >> the attestation report containing the SHA-256 digest of the guest memory >> encrypted through th

Re: [PATCH v2 1/9] KVM: x86: Add AMD SEV specific Hypercall3

On 12/7/20 9:09 PM, Steve Rutherford wrote: > On Mon, Dec 7, 2020 at 12:42 PM Sean Christopherson wrote: >> On Sun, Dec 06, 2020, Paolo Bonzini wrote: >>> On 03/12/20 01:34, Sean Christopherson wrote: >>>> On Tue, Dec 01, 2020, Ashish Kalra wrote: >>>

[PATCH] KVM/SVM: add support for SEV attestation command

ent value is signed with PEK. Cc: James Bottomley Cc: Tom Lendacky Cc: David Rientjes Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Borislav Petkov Cc: John Allen Cc: Herbert Xu Cc: linux-cry...@vger.kernel.org Signed-off-by: Brijesh Singh --- .../virt/kvm/amd-memory-encryption.

Re: [PATCH v2 1/9] KVM: x86: Add AMD SEV specific Hypercall3

On 12/2/20 6:34 PM, Sean Christopherson wrote: > On Tue, Dec 01, 2020, Ashish Kalra wrote: >> From: Brijesh Singh >> >> KVM hypercall framework relies on alternative framework to patch the >> VMCALL -> VMMCALL on AMD platform. If a hypercall is made before &g

Re: [PATCH v2] iommu/amd: Enforce 4k mapping for certain IOMMU data structures

On 11/19/20 8:30 PM, Suravee Suthikulpanit wrote: > Will, > > To answer your questions from v1 thread. > > On 11/18/20 5:57 AM, Will Deacon wrote: > > On 11/5/20 9:58 PM, Suravee Suthikulpanit wrote: > >> AMD IOMMU requires 4k-aligned pages for the event log, the PPR log, > >> and the completion

  1   2   3   4   5   6   7   8   9   10   >