diff options
Diffstat (limited to 'meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0089-KVM-SVM-install-RSM-intercept.patch')
| -rw-r--r-- | meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0089-KVM-SVM-install-RSM-intercept.patch | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0089-KVM-SVM-install-RSM-intercept.patch b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0089-KVM-SVM-install-RSM-intercept.patch new file mode 100644 index 00000000..f23de0d2 --- /dev/null +++ b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0089-KVM-SVM-install-RSM-intercept.patch @@ -0,0 +1,78 @@ +From 2cd3e8ceaff90b03db00b7326ba63df8c64c7db8 Mon Sep 17 00:00:00 2001 +From: Sudheesh Mavila <sudheesh.mavila@amd.com> +Date: Wed, 15 Aug 2018 08:53:49 +0530 +Subject: [PATCH 89/95] KVM: SVM: install RSM intercept +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From 7607b7174405aec7441ff6c970833c463114040a + +RSM instruction is used by the SMM handler to return from SMM mode. +Currently, rsm causes a #UD - which results in instruction fetch, decode, +and emulate. By installing the RSM intercept we can avoid the instruction +fetch since we know that #VMEXIT was due to rsm. + +The patch is required for the SEV guest, because in case of SEV guest +memory is encrypted with guest-specific key and hypervisor will not +able to fetch the instruction bytes from the guest memory. + +Cc: Paolo Bonzini <pbonzini@redhat.com> +Cc: Radim Krčmář <rkrcmar@redhat.com> +Cc: Joerg Roedel <joro@8bytes.org> +Cc: Borislav Petkov <bp@suse.de> +Cc: Tom Lendacky <thomas.lendacky@amd.com> +Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> + +Signed-off-by: Sudheesh Mavila <sudheesh.mavila@amd.com> +--- + arch/x86/kvm/svm.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c +index 8e60fbc..6352a6c 100755 +--- a/arch/x86/kvm/svm.c ++++ b/arch/x86/kvm/svm.c +@@ -309,6 +309,8 @@ module_param(vgif, int, 0444); + static int sev = IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT); + module_param(sev, int, 0444); + ++static u8 rsm_ins_bytes[] = "\x0f\xaa"; ++ + static void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0); + static void svm_flush_tlb(struct kvm_vcpu *vcpu); + static void svm_complete_interrupts(struct vcpu_svm *svm); +@@ -1395,6 +1397,7 @@ static void init_vmcb(struct vcpu_svm *svm) + set_intercept(svm, INTERCEPT_SKINIT); + set_intercept(svm, INTERCEPT_WBINVD); + set_intercept(svm, INTERCEPT_XSETBV); ++ set_intercept(svm, INTERCEPT_RSM); + + if (!kvm_mwait_in_guest()) { + set_intercept(svm, INTERCEPT_MONITOR); +@@ -3707,6 +3710,12 @@ static int emulate_on_interception(struct vcpu_svm *svm) + return emulate_instruction(&svm->vcpu, 0) == EMULATE_DONE; + } + ++static int rsm_interception(struct vcpu_svm *svm) ++{ ++ return x86_emulate_instruction(&svm->vcpu, 0, 0, ++ rsm_ins_bytes, 2) == EMULATE_DONE; ++} ++ + static int rdpmc_interception(struct vcpu_svm *svm) + { + int err; +@@ -4600,7 +4609,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = { + [SVM_EXIT_MWAIT] = mwait_interception, + [SVM_EXIT_XSETBV] = xsetbv_interception, + [SVM_EXIT_NPF] = npf_interception, +- [SVM_EXIT_RSM] = emulate_on_interception, ++ [SVM_EXIT_RSM] = rsm_interception, + [SVM_EXIT_AVIC_INCOMPLETE_IPI] = avic_incomplete_ipi_interception, + [SVM_EXIT_AVIC_UNACCELERATED_ACCESS] = avic_unaccelerated_access_interception, + }; +-- +2.7.4 + |