diff options
Diffstat (limited to 'meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0070-KVM-SVM-Add-KVM_SEV_INIT-command.patch')
| -rw-r--r-- | meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0070-KVM-SVM-Add-KVM_SEV_INIT-command.patch | 270 |
1 files changed, 0 insertions, 270 deletions
diff --git a/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0070-KVM-SVM-Add-KVM_SEV_INIT-command.patch b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0070-KVM-SVM-Add-KVM_SEV_INIT-command.patch deleted file mode 100644 index 8b1a0147..00000000 --- a/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0070-KVM-SVM-Add-KVM_SEV_INIT-command.patch +++ /dev/null @@ -1,270 +0,0 @@ -From f942889123c1393e5c89196bdc4e9cdee99f3aae Mon Sep 17 00:00:00 2001 -From: Sudheesh Mavila <sudheesh.mavila@amd.com> -Date: Tue, 14 Aug 2018 21:40:46 +0530 -Subject: [PATCH 70/95] KVM: SVM: Add KVM_SEV_INIT command -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -From 1654efcbc431a369397a20bf85e45870d15c8689 -The command initializes the SEV platform context and allocates a new ASID -for this guest from the SEV ASID pool. The firmware must be initialized -before we issue any guest launch commands to create a new memory encryption -context. - -Cc: Thomas Gleixner <tglx@linutronix.de> -Cc: Ingo Molnar <mingo@redhat.com> -Cc: "H. Peter Anvin" <hpa@zytor.com> -Cc: Paolo Bonzini <pbonzini@redhat.com> -Cc: "Radim Krčmář" <rkrcmar@redhat.com> -Cc: Joerg Roedel <joro@8bytes.org> -Cc: Borislav Petkov <bp@suse.de> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: x86@kernel.org -Cc: kvm@vger.kernel.org -Cc: linux-kernel@vger.kernel.org -Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> -Reviewed-by: Borislav Petkov <bp@suse.de> - -Signed-off-by: Sudheesh Mavila <sudheesh.mavila@amd.com> ---- - arch/x86/include/asm/kvm_host.h | 7 +++ - arch/x86/kvm/svm.c | 131 +++++++++++++++++++++++++++++++++++++++- - 2 files changed, 137 insertions(+), 1 deletion(-) - mode change 100644 => 100755 arch/x86/kvm/svm.c - -diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h -index 430eeb3..9cc7c30 100755 ---- a/arch/x86/include/asm/kvm_host.h -+++ b/arch/x86/include/asm/kvm_host.h -@@ -752,6 +752,11 @@ enum kvm_irqchip_mode { - KVM_IRQCHIP_SPLIT, /* created with KVM_CAP_SPLIT_IRQCHIP */ - }; - -+struct kvm_sev_info { -+ bool active; /* SEV enabled guest */ -+ unsigned int asid; /* ASID used for this guest */ -+}; -+ - struct kvm_arch { - unsigned int n_used_mmu_pages; - unsigned int n_requested_mmu_pages; -@@ -839,6 +844,8 @@ struct kvm_arch { - - bool x2apic_format; - bool x2apic_broadcast_quirk_disabled; -+ -+ struct kvm_sev_info sev_info; - }; - - struct kvm_vm_stat { -diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -old mode 100644 -new mode 100755 -index df8e1e3..c41635b ---- a/arch/x86/kvm/svm.c -+++ b/arch/x86/kvm/svm.c -@@ -38,6 +38,7 @@ - #include <linux/hashtable.h> - #include <linux/frame.h> - #include <linux/psp-sev.h> -+#include <linux/file.h> - - #include <asm/apic.h> - #include <asm/perf_event.h> -@@ -339,6 +340,20 @@ enum { - #define VMCB_AVIC_APIC_BAR_MASK 0xFFFFFFFFFF000ULL - - static unsigned int max_sev_asid; -+static unsigned int min_sev_asid; -+static unsigned long *sev_asid_bitmap; -+ -+static inline bool svm_sev_enabled(void) -+{ -+ return max_sev_asid; -+} -+ -+static inline bool sev_guest(struct kvm *kvm) -+{ -+ struct kvm_sev_info *sev = &kvm->arch.sev_info; -+ -+ return sev->active; -+} - - static inline void mark_all_dirty(struct vmcb *vmcb) - { -@@ -1102,6 +1117,15 @@ static __init int sev_hardware_setup(void) - if (!max_sev_asid) - return 1; - -+ /* Minimum ASID value that should be used for SEV guest */ -+ min_sev_asid = cpuid_edx(0x8000001F); -+ -+ /* Initialize SEV ASID bitmap */ -+ sev_asid_bitmap = kcalloc(BITS_TO_LONGS(max_sev_asid), -+ sizeof(unsigned long), GFP_KERNEL); -+ if (!sev_asid_bitmap) -+ return 1; -+ - status = kmalloc(sizeof(*status), GFP_KERNEL); - if (!status) - return 1; -@@ -1231,6 +1255,9 @@ static __exit void svm_hardware_unsetup(void) - { - int cpu; - -+ if (svm_sev_enabled()) -+ kfree(sev_asid_bitmap); -+ - for_each_possible_cpu(cpu) - svm_cpu_uninit(cpu); - -@@ -1421,6 +1448,9 @@ static void init_vmcb(struct vcpu_svm *svm) - svm->vmcb->control.int_ctl |= V_GIF_ENABLE_MASK; - } - -+ if (sev_guest(svm->vcpu.kvm)) -+ svm->vmcb->control.nested_ctl |= SVM_NESTED_CTL_SEV_ENABLE; -+ - mark_all_dirty(svm->vmcb); - - enable_gif(svm); -@@ -1503,6 +1533,29 @@ static int avic_init_backing_page(struct kvm_vcpu *vcpu) - return 0; - } - -+static void __sev_asid_free(int asid) -+{ -+ int pos; -+ -+ pos = asid - 1; -+ clear_bit(pos, sev_asid_bitmap); -+} -+ -+static void sev_asid_free(struct kvm *kvm) -+{ -+ struct kvm_sev_info *sev = &kvm->arch.sev_info; -+ -+ __sev_asid_free(sev->asid); -+} -+ -+static void sev_vm_destroy(struct kvm *kvm) -+{ -+ if (!sev_guest(kvm)) -+ return; -+ -+ sev_asid_free(kvm); -+} -+ - static void avic_vm_destroy(struct kvm *kvm) - { - unsigned long flags; -@@ -1521,6 +1574,12 @@ static void avic_vm_destroy(struct kvm *kvm) - spin_unlock_irqrestore(&svm_vm_data_hash_lock, flags); - } - -+static void svm_vm_destroy(struct kvm *kvm) -+{ -+ avic_vm_destroy(kvm); -+ sev_vm_destroy(kvm); -+} -+ - static int avic_vm_init(struct kvm *kvm) - { - unsigned long flags; -@@ -5660,6 +5719,75 @@ static void svm_setup_mce(struct kvm_vcpu *vcpu) - vcpu->arch.mcg_cap &= 0x1ff; - } - -+static int sev_asid_new(void) -+{ -+ int pos; -+ -+ /* -+ * SEV-enabled guest must use asid from min_sev_asid to max_sev_asid. -+ */ -+ pos = find_next_zero_bit(sev_asid_bitmap, max_sev_asid, min_sev_asid - 1); -+ if (pos >= max_sev_asid) -+ return -EBUSY; -+ -+ set_bit(pos, sev_asid_bitmap); -+ return pos + 1; -+} -+ -+static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) -+{ -+ struct kvm_sev_info *sev = &kvm->arch.sev_info; -+ int asid, ret; -+ -+ ret = -EBUSY; -+ asid = sev_asid_new(); -+ if (asid < 0) -+ return ret; -+ -+ ret = sev_platform_init(&argp->error); -+ if (ret) -+ goto e_free; -+ -+ sev->active = true; -+ sev->asid = asid; -+ -+ return 0; -+ -+e_free: -+ __sev_asid_free(asid); -+ return ret; -+} -+ -+static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) -+{ -+ struct kvm_sev_cmd sev_cmd; -+ int r; -+ -+ if (!svm_sev_enabled()) -+ return -ENOTTY; -+ -+ if (copy_from_user(&sev_cmd, argp, sizeof(struct kvm_sev_cmd))) -+ return -EFAULT; -+ -+ mutex_lock(&kvm->lock); -+ -+ switch (sev_cmd.id) { -+ case KVM_SEV_INIT: -+ r = sev_guest_init(kvm, &sev_cmd); -+ break; -+ default: -+ r = -EINVAL; -+ goto out; -+ } -+ -+ if (copy_to_user(argp, &sev_cmd, sizeof(struct kvm_sev_cmd))) -+ r = -EFAULT; -+ -+out: -+ mutex_unlock(&kvm->lock); -+ return r; -+} -+ - static struct kvm_x86_ops svm_x86_ops __ro_after_init = { - .cpu_has_kvm_support = has_svm, - .disabled_by_bios = is_disabled, -@@ -5676,7 +5804,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = { - .vcpu_reset = svm_vcpu_reset, - - .vm_init = avic_vm_init, -- .vm_destroy = avic_vm_destroy, -+ .vm_destroy = svm_vm_destroy, - - .prepare_guest_switch = svm_prepare_guest_switch, - .vcpu_load = svm_vcpu_load, -@@ -5771,6 +5899,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = { - .deliver_posted_interrupt = svm_deliver_avic_intr, - .update_pi_irte = svm_update_pi_irte, - .setup_mce = svm_setup_mce, -+ .mem_enc_op = svm_mem_enc_op, - }; - - static int __init svm_init(void) --- -2.7.4 - |