diff options
Diffstat (limited to 'meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0057-X86-KVM-Decrypt-shared-per-cpu-variables-when-SEV-is.patch')
-rw-r--r-- | meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0057-X86-KVM-Decrypt-shared-per-cpu-variables-when-SEV-is.patch | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0057-X86-KVM-Decrypt-shared-per-cpu-variables-when-SEV-is.patch b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0057-X86-KVM-Decrypt-shared-per-cpu-variables-when-SEV-is.patch new file mode 100644 index 00000000..98bdb0fe --- /dev/null +++ b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0057-X86-KVM-Decrypt-shared-per-cpu-variables-when-SEV-is.patch @@ -0,0 +1,106 @@ +From 1b6f44106316b90f38138efe684016e46fcd8cbd Mon Sep 17 00:00:00 2001 +From: Brijesh Singh <brijesh.singh@amd.com> +Date: Fri, 20 Oct 2017 09:30:58 -0500 +Subject: [PATCH 57/95] X86/KVM: Decrypt shared per-cpu variables when SEV is + active +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When SEV is active, guest memory is encrypted with a guest-specific key, a +guest memory region shared with the hypervisor must be mapped as decrypted +before it can be shared. + +Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> +Signed-off-by: Thomas Gleixner <tglx@linutronix.de> +Reviewed-by: Borislav Petkov <bp@suse.de> +Tested-by: Borislav Petkov <bp@suse.de> +Cc: Tom Lendacky <thomas.lendacky@amd.com> +Cc: kvm@vger.kernel.org +Cc: Radim Krčmář <rkrcmar@redhat.com> +Cc: Borislav Petkov <bp@alien8.de> +Cc: Paolo Bonzini <pbonzini@redhat.com> +Link: https://lkml.kernel.org/r/20171020143059.3291-17-brijesh.singh@amd.com +Signed-off-by: Sudheesh Mavila <sudheesh.mavila@amd.com> +--- + arch/x86/kernel/kvm.c | 40 +++++++++++++++++++++++++++++++++++++--- + 1 file changed, 37 insertions(+), 3 deletions(-) + +diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c +index 652bdd8..ead1a22 100644 +--- a/arch/x86/kernel/kvm.c ++++ b/arch/x86/kernel/kvm.c +@@ -75,8 +75,8 @@ static int parse_no_kvmclock_vsyscall(char *arg) + + early_param("no-kvmclock-vsyscall", parse_no_kvmclock_vsyscall); + +-static DEFINE_PER_CPU(struct kvm_vcpu_pv_apf_data, apf_reason) __aligned(64); +-static DEFINE_PER_CPU(struct kvm_steal_time, steal_time) __aligned(64); ++static DEFINE_PER_CPU_DECRYPTED(struct kvm_vcpu_pv_apf_data, apf_reason) __aligned(64); ++static DEFINE_PER_CPU_DECRYPTED(struct kvm_steal_time, steal_time) __aligned(64); + static int has_steal_clock = 0; + + /* +@@ -312,7 +312,7 @@ static void kvm_register_steal_time(void) + cpu, (unsigned long long) slow_virt_to_phys(st)); + } + +-static DEFINE_PER_CPU(unsigned long, kvm_apic_eoi) = KVM_PV_EOI_DISABLED; ++static DEFINE_PER_CPU_DECRYPTED(unsigned long, kvm_apic_eoi) = KVM_PV_EOI_DISABLED; + + static notrace void kvm_guest_apic_eoi_write(u32 reg, u32 val) + { +@@ -426,9 +426,42 @@ void kvm_disable_steal_time(void) + wrmsr(MSR_KVM_STEAL_TIME, 0, 0); + } + ++static inline void __set_percpu_decrypted(void *ptr, unsigned long size) ++{ ++ early_set_memory_decrypted((unsigned long) ptr, size); ++} ++ ++/* ++ * Iterate through all possible CPUs and map the memory region pointed ++ * by apf_reason, steal_time and kvm_apic_eoi as decrypted at once. ++ * ++ * Note: we iterate through all possible CPUs to ensure that CPUs ++ * hotplugged will have their per-cpu variable already mapped as ++ * decrypted. ++ */ ++static void __init sev_map_percpu_data(void) ++{ ++ int cpu; ++ ++ if (!sev_active()) ++ return; ++ ++ for_each_possible_cpu(cpu) { ++ __set_percpu_decrypted(&per_cpu(apf_reason, cpu), sizeof(apf_reason)); ++ __set_percpu_decrypted(&per_cpu(steal_time, cpu), sizeof(steal_time)); ++ __set_percpu_decrypted(&per_cpu(kvm_apic_eoi, cpu), sizeof(kvm_apic_eoi)); ++ } ++} ++ + #ifdef CONFIG_SMP + static void __init kvm_smp_prepare_boot_cpu(void) + { ++ /* ++ * Map the per-cpu variables as decrypted before kvm_guest_cpu_init() ++ * shares the guest physical address with the hypervisor. ++ */ ++ sev_map_percpu_data(); ++ + kvm_guest_cpu_init(); + native_smp_prepare_boot_cpu(); + kvm_spinlock_init(); +@@ -496,6 +529,7 @@ void __init kvm_guest_init(void) + kvm_cpu_online, kvm_cpu_down_prepare) < 0) + pr_err("kvm_guest: Failed to install cpu hotplug callbacks\n"); + #else ++ sev_map_percpu_data(); + kvm_guest_cpu_init(); + #endif + +-- +2.7.4 + |