diff for duplicates of <20240329225835.400662-10-michael.roth@amd.com> diff --git a/a/1.txt b/N1/1.txt index 8dcaf28..bca4e3b 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -173,3 +173,833 @@ index 64eda7949f09..f85735b6235d 100644 if (ret) -- 2.25.1 + + +X-sender: <linux-crypto+bounces-3086-steffen.klassert=secunet.com@vger.kernel.org> +X-Receiver: <steffen.klassert@secunet.com> ORCPT=rfc822;steffen.klassert@secunet.com; X-ExtendedProps=DwA1AAAATWljcm9zb2Z0LkV4Y2hhbmdlLlRyYW5zcG9ydC5EaXJlY3RvcnlEYXRhLklzUmVzb3VyY2UCAAAFABUAFgACAAAABQAUABEA8MUJLbkECUOS0gjaDTZ+uAUAagAJAAEAAAAAAAAABQAWAAIAAAUAQwACAAAFAEYABwADAAAABQBHAAIAAAUAEgAPAGIAAAAvbz1zZWN1bmV0L291PUV4Y2hhbmdlIEFkbWluaXN0cmF0aXZlIEdyb3VwIChGWURJQk9IRjIzU1BETFQpL2NuPVJlY2lwaWVudHMvY249U3RlZmZlbiBLbGFzc2VydDY4YwUACwAXAL4AAACheZxkHSGBRqAcAp3ukbifQ049REI2LENOPURhdGFiYXNlcyxDTj1FeGNoYW5nZSBBZG1pbmlzdHJhdGl2ZSBHcm91cCAoRllESUJPSEYyM1NQRExUKSxDTj1BZG1pbmlzdHJhdGl2ZSBHcm91cHMsQ049c2VjdW5ldCxDTj1NaWNyb3NvZnQgRXhjaGFuZ2UsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZWN1bmV0LERDPWRlBQAOABEABiAS9uuMOkqzwmEZDvWNNQUAHQAPAAwAAABtYngtZXNzZW4tMDIFADwAAgAADwA2AAAATWljcm9zb2Z0LkV4Y2hhbmdlLlRyYW5zcG9ydC5NYWlsUmVjaXBpZW50LkRpc3BsYXlOYW1lDwARAAAAS2xhc3NlcnQsIFN0ZWZmZW4FAGwAAgAABQBYABcASgAAAPDFCS25BAlDktII2g02frhDTj1LbGFzc2VydCBTdGVmZmVuLE9VPVVzZXJzLE9VPU1pZ3JhdGlvbixEQz1zZWN1bmV0LERDPWRlBQAMAAIAAAUAJgACAAEFACIADwAxAAAAQXV0b1Jlc3BvbnNlU3VwcHJlc3M6IDANClRyYW5zbWl0SGlzdG9yeTogRmFsc2UNCg8ALwAAAE1pY3Jvc29mdC5FeGNoYW5nZS5UcmFuc3BvcnQuRXhwYW5zaW9uR3JvdXBUeXBlDwAVAAAATWVtYmVyc0dyb3VwRXhwYW5zaW9uBQAjAAIAAQ== +X-CreatedBy: MSExchange15 +X-HeloDomain: a.mx.secunet.com +X-ExtendedProps: BQBjAAoAWUmmlidQ3AgFAGEACAABAAAABQA3AAIAAA8APAAAAE1pY3Jvc29mdC5FeGNoYW5nZS5UcmFuc3BvcnQuTWFpbFJlY2lwaWVudC5Pcmdhbml6YXRpb25TY29wZREAAAAAAAAAAAAAAAAAAAAAAAUASQACAAEFAAQAFCABAAAAHAAAAHN0ZWZmZW4ua2xhc3NlcnRAc2VjdW5ldC5jb20FAAYAAgABDwAqAAAATWljcm9zb2Z0LkV4Y2hhbmdlLlRyYW5zcG9ydC5SZXN1Ym1pdENvdW50BwACAAAADwAJAAAAQ0lBdWRpdGVkAgABBQACAAcAAQAAAAUAAwAHAAAAAAAFAAUAAgABBQBiAAoAeAAAAM2KAAAFAGQADwADAAAASHViBQApAAIAAQ8APwAAAE1pY3Jvc29mdC5FeGNoYW5nZS5UcmFuc3BvcnQuRGlyZWN0b3J5RGF0YS5NYWlsRGVsaXZlcnlQcmlvcml0eQ8AAwAAAExvdw== +X-Source: SMTP:Default MBX-ESSEN-02 +X-SourceIPAddress: 62.96.220.36 +X-EndOfInjectedXHeaders: 26564 +Received: from cas-essen-01.secunet.de (10.53.40.201) by + mbx-essen-02.secunet.de (10.53.40.198) with Microsoft SMTP Server + (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id + 15.1.2507.37; Fri, 29 Mar 2024 23:59:24 +0100 +Received: from a.mx.secunet.com (62.96.220.36) by cas-essen-01.secunet.de + (10.53.40.201) with Microsoft SMTP Server (version=TLS1_2, + cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend + Transport; Fri, 29 Mar 2024 23:59:24 +0100 +Received: from localhost (localhost [127.0.0.1]) + by a.mx.secunet.com (Postfix) with ESMTP id E4791208B4 + for <steffen.klassert@secunet.com>; Fri, 29 Mar 2024 23:59:24 +0100 (CET) +X-Virus-Scanned: by secunet +X-Spam-Flag: NO +X-Spam-Score: -2.85 +X-Spam-Level: +X-Spam-Status: No, score=-2.85 tagged_above=-999 required=2.1 + tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.099, DKIM_SIGNED=0.1, + DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, + HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, + RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] + autolearn=ham autolearn_force=no +Authentication-Results: a.mx.secunet.com (amavisd-new); + dkim=pass (1024-bit key) header.d=amd.com +Received: from a.mx.secunet.com ([127.0.0.1]) + by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id QnZlk_tCllH0 for <steffen.klassert@secunet.com>; + Fri, 29 Mar 2024 23:59:20 +0100 (CET) +Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=147.75.80.249; helo=am.mirrors.kernel.org; envelope-from=linux-crypto+bounces-3086-steffen.klassert=secunet.com@vger.kernel.org; receiver=steffen.klassert@secunet.com +DKIM-Filter: OpenDKIM Filter v2.11.0 a.mx.secunet.com 7F82D2087B +Received: from am.mirrors.kernel.org (am.mirrors.kernel.org [147.75.80.249]) + (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) + (No client certificate requested) + by a.mx.secunet.com (Postfix) with ESMTPS id 7F82D2087B + for <steffen.klassert@secunet.com>; Fri, 29 Mar 2024 23:59:20 +0100 (CET) +Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) + (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) + (No client certificate requested) + by am.mirrors.kernel.org (Postfix) with ESMTPS id ED7B51F23BD2 + for <steffen.klassert@secunet.com>; Fri, 29 Mar 2024 22:59:19 +0000 (UTC) +Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) + by smtp.subspace.kernel.org (Postfix) with ESMTP id AE14613CFAE; + Fri, 29 Mar 2024 22:59:13 +0000 (UTC) +Authentication-Results: smtp.subspace.kernel.org; + dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="q9r7dIZC" +X-Original-To: linux-crypto@vger.kernel.org +Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2079.outbound.protection.outlook.com [40.107.212.79]) + (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) + (No client certificate requested) + by smtp.subspace.kernel.org (Postfix) with ESMTPS id 92DAD13EFEE; + Fri, 29 Mar 2024 22:59:11 +0000 (UTC) +Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.212.79 +ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; + t=1711753153; cv=fail; b=BYbUnnfXmxEtv1PkrIHV+7kzVO0y3a1Ye+F4TRsm29EL0omYnNLvNDSQwPMrK6Z80fnDzyU2l8EfE3Fm6gpXmT0qiFAbN87V7eOZwJzuqVAJ70gFqLeQEMXZ56g8tSRZScOkyyPbWGrEyHg/1rRmBrm3pQuOvLWGoHZ3WptkQF8= +ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; + s=arc-20240116; t=1711753153; c=relaxed/simple; + bh=32N0Xx4fpPiGgE4gdCbkfdfNikRkU8p14GCc9880qic=; + h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: + MIME-Version:Content-Type; b=X6h1fEpizL+9h9BpHNiFVub3+3P5w3JD0lfdk8PZptPGziwiP5AnrmvxqeGRjE4W5Le1zkKGCVue4EUqS+y04Y+rXUZSUK9J9lyDqkdMCJHY1wU1Byy/7PBF40xIkza8bvGO9bcWbA8C/FJ2d55TKdQO+/guAX1pBzwbXtegNUk= +ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=q9r7dIZC; arc=fail smtp.client-ip=40.107.212.79 +Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com +Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com +ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; + b=CA9+EpoNiZ9ayMmuF+uTwSeBjPBlCFrkeWODbOoFlUQYPDABUEHwtqo28a8PW/imB4XHrnE6Mt7E6/eCJocLwL2ciZisEmC7AJ22GL9xbPbPArTsRqEhdNCCbYLP8qWdMy7FpFKDiSu99P3EtkWJOVuZR6wJ1zXPkVsxJAHxQ1NZ77Qa85K/ObPQ8AXhBmWwf+YD98Gd+ZIg+6gXsRxooicVQa7Y3DkW94F4Dp2asJhZho3IOy1uRIKUanolI+9CLEqcJE1wd8Pj9ElUfYP1G1okbc8A1YOlkTe5b9ULGwMufalRk2pkDIBD7XR36PUU/mnLms1Qwwj+VM+0nGkajg== +ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; + s=arcselector9901; + h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; + bh=85xfxLH74OdKCMM2bG4Ka/efKmeDa+urj4S6khYBEhI=; + b=XUVPXyEnaWzdYWoJNkvqerhl6Svq2T8m2knayzG2+AeIbpHftkICKGYxj3BhyGshE2fO6TH9GpjHVrVPkK/+CpJ64AIdKw86jsY6ZbM8HQwf8klvQ5RxPozzGqx8MCi//iIwzzm3KPNqhj3Ww+jF4+8AE9bU9otOpkMOebIPanjg1MidwxVrLnfjkq7hfRkk/I+aj940z2p1XCAH17I0WNoHu8EhR4AyoCVtX/44RDF24bsnopzDbUsoOPAjhJ/fk/qtp+XVd5ANyraXcDOdxzpXNzWDFF6h5vNh9oBEnYh/p27lBZGuXOhT4rZfFcCDSYu2vULKOAr2b0ovUb+ebg== +ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is + 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; + dmarc=pass (p=quarantine sp=quarantine pct=100) action=none + header.from=amd.com; dkim=none (message not signed); arc=none (0) +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; + h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; + bh=85xfxLH74OdKCMM2bG4Ka/efKmeDa+urj4S6khYBEhI=; + b=q9r7dIZCmGAMsb5Qf5qevjsO+u2qguOTQwgvMMQeTMWFxL30f5651Ih1rIv4M6gqyWlZAEDGO0VJA6/trmWh7JWA1JQmddseBxmacNU4bozvpuXx54+2xHpPUF3BfBuyIDYp3RuPMt3lUtS6+dQfKoYUuLkX31Den1QT9hFH4FA= +Received: from DS7PR03CA0074.namprd03.prod.outlook.com (2603:10b6:5:3bb::19) + by SN7PR12MB6861.namprd12.prod.outlook.com (2603:10b6:806:266::14) with + Microsoft SMTP Server (version=TLS1_2, + cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.40; Fri, 29 Mar + 2024 22:59:07 +0000 +Received: from CY4PEPF0000FCC4.namprd03.prod.outlook.com + (2603:10b6:5:3bb:cafe::79) by DS7PR03CA0074.outlook.office365.com + (2603:10b6:5:3bb::19) with Microsoft SMTP Server (version=TLS1_2, + cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.40 via Frontend + Transport; Fri, 29 Mar 2024 22:59:02 +0000 +X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) + smtp.mailfrom=amd.com; dkim=none (message not signed) + header.d=none;dmarc=pass action=none header.from=amd.com; +Received-SPF: Pass (protection.outlook.com: domain of amd.com designates + 165.204.84.17 as permitted sender) receiver=protection.outlook.com; + client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C +Received: from SATLEXMB04.amd.com (165.204.84.17) by + CY4PEPF0000FCC4.mail.protection.outlook.com (10.167.242.106) with Microsoft + SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id + 15.20.7409.10 via Frontend Transport; Fri, 29 Mar 2024 22:59:01 +0000 +Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com + (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, + cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Fri, 29 Mar + 2024 17:59:00 -0500 +From: Michael Roth <michael.roth@amd.com> +To: <kvm@vger.kernel.org> +CC: <linux-coco@lists.linux.dev>, <linux-mm@kvack.org>, + <linux-crypto@vger.kernel.org>, <x86@kernel.org>, + <linux-kernel@vger.kernel.org>, <tglx@linutronix.de>, <mingo@redhat.com>, + <jroedel@suse.de>, <thomas.lendacky@amd.com>, <hpa@zytor.com>, + <ardb@kernel.org>, <pbonzini@redhat.com>, <seanjc@google.com>, + <vkuznets@redhat.com>, <jmattson@google.com>, <luto@kernel.org>, + <dave.hansen@linux.intel.com>, <slp@redhat.com>, <pgonda@google.com>, + <peterz@infradead.org>, <srinivas.pandruvada@linux.intel.com>, + <rientjes@google.com>, <dovmurik@linux.ibm.com>, <tobin@ibm.com>, + <bp@alien8.de>, <vbabka@suse.cz>, <kirill@shutemov.name>, + <ak@linux.intel.com>, <tony.luck@intel.com>, + <sathyanarayanan.kuppuswamy@linux.intel.com>, <alpergun@google.com>, + <jarkko@kernel.org>, <ashish.kalra@amd.com>, <nikunj.dadhania@amd.com>, + <pankaj.gupta@amd.com>, <liam.merwick@oracle.com>, Brijesh Singh + <brijesh.singh@amd.com> +Subject: [PATCH v12 09/29] KVM: SEV: Add initial SEV-SNP support +Date: Fri, 29 Mar 2024 17:58:15 -0500 +Message-ID: <20240329225835.400662-10-michael.roth@amd.com> +X-Mailer: git-send-email 2.25.1 +In-Reply-To: <20240329225835.400662-1-michael.roth@amd.com> +References: <20240329225835.400662-1-michael.roth@amd.com> +Precedence: bulk +X-Mailing-List: linux-crypto@vger.kernel.org +List-Id: <linux-crypto.vger.kernel.org> +List-Subscribe: <mailto:linux-crypto+subscribe@vger.kernel.org> +List-Unsubscribe: <mailto:linux-crypto+unsubscribe@vger.kernel.org> +MIME-Version: 1.0 +Content-Transfer-Encoding: 8bit +Content-Type: text/plain +X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com + (10.181.40.145) +X-EOPAttributedMessage: 0 +X-MS-PublicTrafficType: Email +X-MS-TrafficTypeDiagnostic: CY4PEPF0000FCC4:EE_|SN7PR12MB6861:EE_ +X-MS-Office365-Filtering-Correlation-Id: 8a450cd9-fdcd-4e47-ed16-08dc5043d334 +X-MS-Exchange-SenderADCheck: 1 +X-MS-Exchange-AntiSpam-Relay: 0 +X-Microsoft-Antispam: BCL:0; +X-Microsoft-Antispam-Message-Info: nsYawN22RK6vpJl8VU3uLdBNz2wKwfigLe9u15MYJjT0NXQV3Yzjn6a1OjYj4LPzeDO8cf52t0bld23f73IhgDjhPepqbc7IwHTzPhZ/pO0fb1Dc4F6dPKSdnsPrwbyyhJI21uoEBXlb9DpAIEIBOyVjZmH+wtq/OnN34HGIHNnAASx0iEdmOS44o1oEugf+lFgXmiA6AQWu+IikoKRj2YItSH3Txq0G7BC/TRGiWq2KqdmgFh+n5Hsot5lhcjxEP+iWzkso8UiBcRHFE8Sju6gjTCdVv1uIDSSjI3OvUAubuGZeTloeeL4ALMLAdXglcVDTAeML83k7xVUpdU2UJQx0wb/97jBfBau1zhrRC78B3NehLm2mU8sjwnExhuP/MfHsbmuX5VvLn2CPH9T81lSMjdxVYlZI/ytN2lzlTQ6vcxI+8hSPG9PpG923elprnKSAI7fsLuCaIOF+SPmZqnI+RcAfIX4fms89ZDSC6lffhLHDFAraZ3I86fN9ZemKTUgctwPvboQCfEG3mDxYzLPPQYhchCxYb1wWaG8jFR5sFSVsrE7JQ/SDBGTYpRHKn9KLxD3rVWSX7nTCof7mJAPHXd2W0DPkpcx9TiDMdcZ4+2WH9Ez1YUqwMRjAYVmxwirJl9RK3NI4in6GXQmovhcw4JB7RQikwOS3iiudBKTtfKGD6mR80tiSkJb9G8Bw9pvoQHQlT6bQl8BXfRTgx5cMzVuv0ny3ytgj4cr3PKrxvNDbOm6IUcK3cMc8E9Ls +X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(82310400014)(1800799015)(7416005)(376005)(36860700004);DIR:OUT;SFP:1101; +X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Mar 2024 22:59:01.5166 + (UTC) +X-MS-Exchange-CrossTenant-Network-Message-Id: 8a450cd9-fdcd-4e47-ed16-08dc5043d334 +X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d +X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] +X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000FCC4.namprd03.prod.outlook.com +X-MS-Exchange-CrossTenant-AuthAs: Anonymous +X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem +X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB6861 +Return-Path: linux-crypto+bounces-3086-steffen.klassert=secunet.com@vger.kernel.org +X-MS-Exchange-Organization-OriginalArrivalTime: 29 Mar 2024 22:59:24.9586 + (UTC) +X-MS-Exchange-Organization-Network-Message-Id: eddbe8a6-9ce3-4b49-8303-08dc5043e11d +X-MS-Exchange-Organization-OriginalClientIPAddress: 62.96.220.36 +X-MS-Exchange-Organization-OriginalServerIPAddress: 10.53.40.201 +X-MS-Exchange-Organization-Cross-Premises-Headers-Processed: cas-essen-01.secunet.de +X-MS-Exchange-Organization-OrderedPrecisionLatencyInProgress: LSRV=mbx-essen-02.secunet.de:TOTAL-HUB=33580.402|SMR=0.327(SMRDE=0.005|SMRC=0.321(SMRCL=0.104|X-SMRCR=0.321))|CAT=0.070(CATOS=0.001 + |CATRESL=0.032(CATRESLP2R=0.009)|CATORES=0.034(CATRS=0.033(CATRS-Index + Routing Agent=0.032 + ))|CATORT=0.001(CATRT=0.001))|UNK=0.001|QDM=10280.358|SMSC=0.594(X-SMSDR=0.020)|SMS=5.978 + (SMSMBXD-INC=5.461)|QDM=20522.747|SMSC=0.486(X-SMSDR=0.011)|SMS=5.643(SMSMBXD-INC=5.142 + )|QDM=2759.061|PSC=0.010|CAT=0.007(CATRESL=0.005(CATRESLP2R=0.002))|QDM=5.364|CAT=0.009 + (CATRESL=0.007(CATRESLP2R=0.003));2024-03-30T08:19:05.378Z +X-MS-Exchange-Forest-ArrivalHubServer: mbx-essen-02.secunet.de +X-MS-Exchange-Organization-AuthSource: cas-essen-01.secunet.de +X-MS-Exchange-Organization-AuthAs: Anonymous +X-MS-Exchange-Organization-FromEntityHeader: Internet +X-MS-Exchange-Organization-OriginalSize: 18350 +X-MS-Exchange-Organization-HygienePolicy: Standard +X-MS-Exchange-Organization-MessageLatency: SRV=cas-essen-01.secunet.de:TOTAL-FE=0.017|SMR=0.007(SMRPI=0.005(SMRPI-FrontendProxyAgent=0.005))|SMS=0.010 +X-MS-Exchange-Organization-Recipient-Limit-Verified: True +X-MS-Exchange-Organization-TotalRecipientCount: 1 +X-MS-Exchange-Organization-Rules-Execution-History: 0b0cf904-14ac-4724-8bdf-482ee6223cf2%%%fd34672d-751c-45ae-a963-ed177fcabe23%%%d8080257-b0c3-47b4-b0db-23bc0c8ddb3c%%%95e591a2-5d7d-4afa-b1d0-7573d6c0a5d9%%%f7d0f6bc-4dcc-4876-8c5d-b3d6ddbb3d55%%%16355082-c50b-4214-9c7d-d39575f9f79b +X-MS-Exchange-Forest-RulesExecuted: mbx-essen-02 +X-MS-Exchange-Organization-RulesExecuted: mbx-essen-02 +X-MS-Exchange-Forest-IndexAgent-0: AQ0CZW4AAW8OAAAPAAADH4sIAAAAAAAEAL1Ze3PbxhEH+BQpUlJkx0 + 6mzszFaTyk+RDfovxqaEmONbFljyk77rQdDAgcJdQkwQFAWW6dfqJ+ + yO7eAeDhQcrpH8HI5GFvb2/3t4/bo/+7Pzx+VxueviajhTHRbbKYmz + NCrwzbMWbnBCaJOtPxu3Y8JOPFTHMMc6ZODOcT+XhhTChRdR04i/kZ + /UguVEv/qFq0NlJtqhObagsLOeeW6VC2sk68/WCdTWzHMmGbKZ2a1q + dins4069Mc+diuxsyh5yEBxDHJBZ3MgUQv6cwhU1BGM8yFXcxffJpT + 69KwTctVQHUcVfsA2yy0C6LaRFcdlVh0PlE/Vd1N4bU2VedzsKGKmx + bzQKVV3EazqOqAgTMCIicw1AEYMImpQWeXBug+BRXqxXwxf0THxgyY + CeLwy7uXyvt+TwE7lXcviQN6IVqgxFT9QAFkmxJzTJwLCgNNnasjAx + A1KNiAdtMrh8IXTDNJgJhycnpy1iKGqTkTVM1ezOem5RDDqZPBxDYR + TdgbrDY0wAHwoRYz4YJqH2BrCrIsgrAbNqiujiZUZ2oPjfMZ1WvmeF + wbfXpAnlrGP6l9QYYAxwV5NOKvdRtff1Knel0zp08iqwb2hQGLflEn + lkoeqeyt/gHfhDV/m+rWAwLjqeGQsXG1mNtVBoRtTI2JapHB8OQInQ + N2YeiBuz4azgXGyx4Pv39ENn4JkKp0Qt6YwPhoyt/qECuisrVarZgn + qqVd7F31e3vGTJssdLqn2tM9+3JavyDs+UxIm1QqsawLdW4w/g+MH1 + ibpCIyAh1l7dn0sq4R//lMWsAY89RiF4PwwOKoQiLrhcjabAX2Ca+B + b1G0Kx7WoPQeeGMCQQngzc6pXiXtPmSeTS2Mc7tUKVdJh+h0Qvl7rY + xxoxvjManVzsGX6t4abEdrJot5Y6bTK7Lf6msH/eZ+d3Sg1evdTkft + tLWmNm42SbPR6HU6zIdr9ynmweprNvvpJ1Jr9bvVfVLBrz4Bgu2ojq + Epqo3mlkrvW4N3J4fKy8F75fXzvw5PDgcvFAjKe4SRfRLOn5weHb+H + 0fCXMnn8mLgrERryg85rAaM8fz1gXIT8p1RqXD179uztixfk0SPSbZ + XBCYzCEK15y4Zuyj87HpwpR8dP3/6sDH8dvCYrnqcnZ6UuSKjErscK + NDg8O3l3vGq9KKexUs71eoT1ASCgui80h1xOtZFi03Pyb6C5z6LZg+ + NhAjXdtB5eF06h/Itxc5DDC6xuc9RsN/oNqndG9fp+qzva72pjegB7 + XRNYYXkroivMhiHW7/WrXVLBrx4PMQYCcCj8fFLYuTXWGRwe2P6J8a + vy+s2rs+PDs+MjPDrcpxnHCr5ZcpDWCpbjoc/VFrwbOqK8p8MjGI4f + Y0z27hNlMOR8yP+c3N9b5atgCRytmPA806S97rjba3dUvV2vt/WD/f + 1ms9fu9lqrPBMSE3JIaBb90OkB/hX4PEAvTE19MaHKXLXUqTJTp1Qv + AW8VYhD8wc/DKhmZ5qRKGp1Op/yQhS8WB0blfLbHSh4T8CpFpnjBwF + sNrQmLBxsAXz65pxs2fvvNkXe+I96VsB72bO4JBTlY7OMFQcN2REeL + 8+FHdR6QGGeZjpyKDaxfZuSSv7paRNhmVoL3u+iY1n6fe8bVBXo9oi + go6XxBbUcxZoZTWuYOuQ8fVTGZkFWb6uS+ap3Pq8vKAvTaE9BGhXbx + koIR/vhhiOlyaqvKGHq8hQXH32PWHYao3E/uIsiIEmzMujko+cEMKi + /51mzy+fGq8ux60n0s6oBCaCJ0dLoCPSVGVVmwAJUBrvKS4j3nJjR+ + VJmZbK2LervVw4Ov3W6JBx9DPYh568tBj9kbNFpYM1I7Pjl9N3jB0B + MVBhG1J5i0dQ/H7x+H69m9e5D7gshr17ACF4L/yxaxvb58mefn32m0 + Zs4/KWPLnCrQ7Vqlexhm0Pn2OopjMpIyd6wSAlp7gnPQb9nGv6g5Lr + G3ctnNm9bBfhVaokqr3ehUm+xsuTQNHbIG/cYrA3UUbb5Q4Ephl3Ay + Rlt0o8uD/CU0DWPx7ZtjFxkxzAKrQGrdrSNUV1yIWFDjoR/1iSDnt2 + AahcpYGc/CcPpcpyj4A3eIXfaFmnKPCkJATfwHn2FovastqrKY++CK + Lc3MZrcTllRUvaoSOsIPDT/0q+oynTVzMXP8srkkCYoEir1vCdSEsT + qxxUom1vAv4otjciOs3W+x0tw+6ECxiImvFSC4T8Qe2GFqzBTPblIj + TUGjXwdvTpVX+Hd4XJoatqZo5zyC4UKswa2/9PJkeKgc/qy8gXDiUR + UDWrn8MKKCaKN7hlUEjjCmoWiEskA0TZnDlX9sWtC2qXbp8FAZnJ29 + UZ6/Gp6J0QdbmwvnQTDjAWueh7gyFLZ+OiPIBwB2pwFp3f39aHvP3I + IVY7N01z3yf7RJCa/SNvlxAYj/uCj/fXa3Gl23ErK/kLsuEHfJA3LX + 7Sj0dTICXn4Ct+O/wL8HpFGN+F9MtuugYhjHnKsBi7FbWmVyeKFocj + AG1ti8SsjvszkUon6HFcjIaCAHGUU3xYR0SKpoYLC7QOC/D+3w+TP5 + Hv3gtioePeCT5SUQrq6fg+Fw7eLTV8rp8RCvNUeDs4HylLk2zjOrml + GvWF1z/2C/osRdDXDCu380xu1R90BXG3pHrddbWrPXGvfUpr7fv/b+ + wcWsun/wWXb/6B80sOVi35GeC44k+Itrcsvh/iHchxwdPxu8fXHm9S + 8ifJGWJXibZMdsLQT5sueBFFTcH1rh0ERtsX0uRfpd8XyPOX3XSVud + Tqu3wdBc0XPHNCrQU3mNKisSiGjtyYyCDqywLi817vPb6p+zgj+3rX + C3/2tDs7tPR+1xr9vqHdTrHbXRVPtNXT8YHXxJTEV/ZAjNsi6+gz8q + VPCrKYaUoqiTj+onG0yc4OVebApYax8TZO4l32t4KteJwnqySlYF27 + cfjLFOx+Tw1emzk5/Z7wWDl0foRqFSBW8S6CByH0bglXue4y6nrs88 + Dl67PBFus12KuVzdW3W3KkcafSxYgf7j+wBaqACL7h8o1JzI5l4lqn + gQVn7j9dXPcAYdO8/Zj19T1foAuE4U3bCgrxF+FyP38TPUSSKp9kQz + Z45lTurahKozQKixtvbxn3hHMUQvPnsdqqv7B52DcQPic9zv7re7o1 + 6r3dXXxacrIiY23RmMy2ar12hjsfMGQMQyhw7FNSz1oOBF75Z+0zzB + /wfCNA/Uv+iF7DFjehjHwiuOcQmVRpnSKVabcLGLVplQhYwpadetWV + +fwnd6hGSunlPFsVTtAz8BMNxir/b4Pxeteqtbb6KgYl6SkrKUlVJJ + KZWRsikpvSHlkuwV6BkplZCSRWkrLWUy0gYQN2RpS8rBK7DlpYK/Fh + bCcuDJS5vwmpPyMIC1QM9KGzlpMy9LO9ImLIRXIPIp4IdVCVnKS8ks + 7ptOSRmYQqKUhC1Azqa0A6+ylOAqbXHdmGIgAQTCH3+FQUHa4oZw5i + Lj5DwJ3GIjwVQFIghMo8JZvjDLrGM8hQwuzLLXFNCBDbb/GgcZtnVG + ZAAJKEeWbuKAM8CUi0aSSYAdwRCusABsOrQR2J5FORsum1TgA64b6i + wDipLsMWSXnDCVZlMZn+LRiwlJSkh/itC3RFER/l2RLsu7yCxn2ZIE + wiXnGFsyL29zYk7aSTFbYBxWW0rEEV1/FeRiRgJACnE82RiiDDbCF7 + NXTizHHp4YVLJ0iykDIQQ4g6A7XmCnEaJcRipitCN/mkVvbkMuMIsg + VAoYP7J02wtstuROUk5xhEOzLN7urZpla//szWb5phu4apuptxkFbe + nTIG4CfR10Als2nr4GQKb8LovqLIPItwV8jTHsRqDLuUxGeVOkfyUk + aULeWLskm5ZzW5K8DDZELICJMJWII65EQ+DJxhBlyFbJdY2cWI5ZIO + 2ydGYZnQa1NxHDXIpDh/GDpZKbw4pGPsWibrnKzfGUwOMv32LwbvjF + k0PNBW67lK98nowHvsj2rVfxWIEN757GigpTmQinp4O8uTYGUjus3v + JVrJymk54HN10AoVZDDKfBJTms2Dlv8FWSZVwRMw52yXjjrxPodDAZ + yuBGsJJ/LSwpRJLrZpIZUvAokDsIrHQLXmXcNIGlVc6vs4g5Yts7C1 + ZbdJsdSTcS/BW15UdVSOEb0dlAzHsgrGaIkSAC4quRQjoohicjd+i2 + d/YxiDBZWFUppCWAI4NFTE4ux4yBx8yOJ59Ju+0Hm3/c73plNiHdSm + KZQs4c0vMshHKcLWjItwkPWxa3d6Jibyyr9+01YgXzv/F13mU1nMXh + Da8zSS//2CpWZt2y43UFO3w5VzUnFXzKjptNS0qRM8hFDhqPn+UYsY + oqsx3cboPHJ2LrnpKFFFLcPieFxzqO+ZGUQlHua9KrEoK0XVFPfy9u + iAD1ZgLHSQ5LArdge7k5kk9KWzx+Cn7dY2tZVclHjQ1Fi2DsbS9tl2 + WNVV2wFFIMaN8JChehg9rAIy8IiFtmeYFNRuAqRlUVw0ZUgNXMdFQB + D6L/T4Ftr8jnvZC4KZZ3wcCbggvywr63E4EToeCbwMv4LbeZzPDUE6 + e+Y2Pe97Le+Fa0wqfxBP+DjsVVieAX0k0vVr1CusP66g0eNknXnBuc + EugfwHaWDtgCyckdSc6habm4CnkrjvNuHGcmUj9v8dTwy12SHUM5N5 + dv/mFIRo8knmUZObstJTK8dLOwKXju9iCFUNmKsvk3Go+tkGb3kV3u + Gvxz2zY3vLGBcW9YHkPGK8K77IayPKwjJ+8doYhlRCWT2HJssbsPOG + Xb1zCFge2WIK4kO6FupNgNK+22gqlY/KPgX4t8FHbAHDndlE8sx97N + a8c9/tI83fg5gjUZiaFTO8s7HD8IC5LMKtI3sYEdR4xG5g7H/8bydp + B2+xneWssJfoLj+H8Gwi1LSisAAAEK1QM8P3htbCB2ZXJzaW9uPSIx + LjAiIGVuY29kaW5nPSJ1dGYtMTYiPz4NCjxFbWFpbFNldD4NCiAgPF + ZlcnNpb24+MTUuMC4wLjA8L1ZlcnNpb24+DQogIDxFbWFpbHM+DQog + ICAgPEVtYWlsIFN0YXJ0SW5kZXg9IjU0MCIgUG9zaXRpb249Ik90aG + VyIj4NCiAgICAgIDxFbWFpbFN0cmluZz5icmlqZXNoLnNpbmdoQGFt + ZC5jb208L0VtYWlsU3RyaW5nPg0KICAgIDwvRW1haWw+DQogICAgPE + VtYWlsIFN0YXJ0SW5kZXg9IjU5MyIgUG9zaXRpb249Ik90aGVyIj4N + CiAgICAgIDxFbWFpbFN0cmluZz5hc2hpc2gua2FscmFAYW1kLmNvbT + wvRW1haWxTdHJpbmc+DQogICAgPC9FbWFpbD4NCiAgICA8RW1haWwg + U3RhcnRJbmRleD0iNzE0IiBQb3NpdGlvbj0iT3RoZXIiPg0KICAgIC + AgPEVtYWlsU3RyaW5nPm1pY2hhZWwucm90aEBhbWQuY29tPC9FbWFp + bFN0cmluZz4NCiAgICA8L0VtYWlsPg0KICA8L0VtYWlscz4NCjwvRW + 1haWxTZXQ+AQ7PAVJldHJpZXZlck9wZXJhdG9yLDEwLDE7UmV0cmll + dmVyT3BlcmF0b3IsMTEsMjtQb3N0RG9jUGFyc2VyT3BlcmF0b3IsMT + AsMDtQb3N0RG9jUGFyc2VyT3BlcmF0b3IsMTEsMDtQb3N0V29yZEJy + ZWFrZXJEaWFnbm9zdGljT3BlcmF0b3IsMTAsNDtQb3N0V29yZEJyZW + FrZXJEaWFnbm9zdGljT3BlcmF0b3IsMTEsMDtUcmFuc3BvcnRXcml0 + ZXJQcm9kdWNlciwyMCwxNA== +X-MS-Exchange-Forest-IndexAgent: 1 4390 +X-MS-Exchange-Forest-EmailMessageHash: 1CBD1271 +X-MS-Exchange-Forest-Language: en +X-MS-Exchange-Organization-Processed-By-Journaling: Journal Agent +X-MS-Exchange-Organization-Transport-Properties: DeliveryPriority=Low +X-MS-Exchange-Organization-Prioritization: 2:RC:REDACTED-af51df60fd698f80b064826f9ee192ca@secunet.com:84/10|SR +X-MS-Exchange-Organization-IncludeInSla: False:RecipientCountThresholdExceeded + +SEV-SNP builds upon existing SEV and SEV-ES functionality while adding +new hardware-based security protection. SEV-SNP adds strong memory +encryption and integrity protection to help prevent malicious +hypervisor-based attacks such as data replay, memory re-mapping, and +more, to create an isolated execution environment. + +Define a new KVM_X86_SNP_VM type which makes use of these capabilities +and extend the KVM_SEV_INIT2 ioctl to support it. Also add a basic +helper to check whether SNP is enabled. + +Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> +Signed-off-by: Ashish Kalra <ashish.kalra@amd.com> +[mdr: commit fixups, use similar ASID reporting as with SEV/SEV-ES] +Signed-off-by: Michael Roth <michael.roth@amd.com> +--- + arch/x86/include/asm/svm.h | 3 ++- + arch/x86/include/uapi/asm/kvm.h | 1 + + arch/x86/kvm/svm/sev.c | 21 ++++++++++++++++++++- + arch/x86/kvm/svm/svm.c | 3 ++- + arch/x86/kvm/svm/svm.h | 12 ++++++++++++ + arch/x86/kvm/x86.c | 2 +- + 6 files changed, 38 insertions(+), 4 deletions(-) + +diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h +index 728c98175b9c..544a43c1cf11 100644 +--- a/arch/x86/include/asm/svm.h ++++ b/arch/x86/include/asm/svm.h +@@ -285,7 +285,8 @@ static_assert((X2AVIC_MAX_PHYSICAL_ID & AVIC_PHYSICAL_MAX_INDEX_MASK) == X2AVIC_ + + #define AVIC_HPA_MASK ~((0xFFFULL << 52) | 0xFFF) + +-#define SVM_SEV_FEAT_DEBUG_SWAP BIT(5) ++#define SVM_SEV_FEAT_SNP_ACTIVE BIT(0) ++#define SVM_SEV_FEAT_DEBUG_SWAP BIT(5) + + struct vmcb_seg { + u16 selector; +diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h +index 51b13080ed4b..725b75cfe9ff 100644 +--- a/arch/x86/include/uapi/asm/kvm.h ++++ b/arch/x86/include/uapi/asm/kvm.h +@@ -868,5 +868,6 @@ struct kvm_hyperv_eventfd { + #define KVM_X86_SW_PROTECTED_VM 1 + #define KVM_X86_SEV_VM 2 + #define KVM_X86_SEV_ES_VM 3 ++#define KVM_X86_SNP_VM 4 + + #endif /* _ASM_X86_KVM_H */ +diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c +index 1e65f5634ad3..3d9771163562 100644 +--- a/arch/x86/kvm/svm/sev.c ++++ b/arch/x86/kvm/svm/sev.c +@@ -46,6 +46,9 @@ module_param_named(sev, sev_enabled, bool, 0444); + static bool sev_es_enabled = true; + module_param_named(sev_es, sev_es_enabled, bool, 0444); + ++/* enable/disable SEV-SNP support */ ++static bool sev_snp_enabled; ++ + /* enable/disable SEV-ES DebugSwap support */ + static bool sev_es_debug_swap_enabled = true; + module_param_named(debug_swap, sev_es_debug_swap_enabled, bool, 0444); +@@ -275,6 +278,9 @@ static int __sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp, + sev->es_active = es_active; + sev->vmsa_features = data->vmsa_features; + ++ if (vm_type == KVM_X86_SNP_VM) ++ sev->vmsa_features |= SVM_SEV_FEAT_SNP_ACTIVE; ++ + ret = sev_asid_new(sev); + if (ret) + goto e_no_asid; +@@ -326,7 +332,8 @@ static int sev_guest_init2(struct kvm *kvm, struct kvm_sev_cmd *argp) + return -EINVAL; + + if (kvm->arch.vm_type != KVM_X86_SEV_VM && +- kvm->arch.vm_type != KVM_X86_SEV_ES_VM) ++ kvm->arch.vm_type != KVM_X86_SEV_ES_VM && ++ kvm->arch.vm_type != KVM_X86_SNP_VM) + return -EINVAL; + + if (copy_from_user(&data, u64_to_user_ptr(argp->data), sizeof(data))) +@@ -2297,11 +2304,16 @@ void __init sev_set_cpu_caps(void) + kvm_cpu_cap_set(X86_FEATURE_SEV_ES); + kvm_caps.supported_vm_types |= BIT(KVM_X86_SEV_ES_VM); + } ++ if (sev_snp_enabled) { ++ kvm_cpu_cap_set(X86_FEATURE_SEV_SNP); ++ kvm_caps.supported_vm_types |= BIT(KVM_X86_SNP_VM); ++ } + } + + void __init sev_hardware_setup(void) + { + unsigned int eax, ebx, ecx, edx, sev_asid_count, sev_es_asid_count; ++ bool sev_snp_supported = false; + bool sev_es_supported = false; + bool sev_supported = false; + +@@ -2382,6 +2394,7 @@ void __init sev_hardware_setup(void) + sev_es_asid_count = min_sev_asid - 1; + WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV_ES, sev_es_asid_count)); + sev_es_supported = true; ++ sev_snp_supported = sev_snp_enabled && cc_platform_has(CC_ATTR_HOST_SEV_SNP); + + out: + if (boot_cpu_has(X86_FEATURE_SEV)) +@@ -2394,9 +2407,15 @@ void __init sev_hardware_setup(void) + pr_info("SEV-ES %s (ASIDs %u - %u)\n", + sev_es_supported ? "enabled" : "disabled", + min_sev_asid > 1 ? 1 : 0, min_sev_asid - 1); ++ if (boot_cpu_has(X86_FEATURE_SEV_SNP)) ++ pr_info("SEV-SNP %s (ASIDs %u - %u)\n", ++ sev_snp_supported ? "enabled" : "disabled", ++ min_sev_asid > 1 ? 1 : 0, min_sev_asid - 1); + + sev_enabled = sev_supported; + sev_es_enabled = sev_es_supported; ++ sev_snp_enabled = sev_snp_supported; ++ + if (!sev_es_enabled || !cpu_feature_enabled(X86_FEATURE_DEBUG_SWAP) || + !cpu_feature_enabled(X86_FEATURE_NO_NESTED_DATA_BP)) + sev_es_debug_swap_enabled = false; +diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c +index 0f3b59da0d4a..2c162f6a1d78 100644 +--- a/arch/x86/kvm/svm/svm.c ++++ b/arch/x86/kvm/svm/svm.c +@@ -4890,7 +4890,8 @@ static int svm_vm_init(struct kvm *kvm) + + if (type != KVM_X86_DEFAULT_VM && + type != KVM_X86_SW_PROTECTED_VM) { +- kvm->arch.has_protected_state = (type == KVM_X86_SEV_ES_VM); ++ kvm->arch.has_protected_state = ++ (type == KVM_X86_SEV_ES_VM || type == KVM_X86_SNP_VM); + to_kvm_sev_info(kvm)->need_init = true; + } + +diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h +index 157eb3f65269..4a01a81dd9b9 100644 +--- a/arch/x86/kvm/svm/svm.h ++++ b/arch/x86/kvm/svm/svm.h +@@ -348,6 +348,18 @@ static __always_inline bool sev_es_guest(struct kvm *kvm) + #endif + } + ++static __always_inline bool sev_snp_guest(struct kvm *kvm) ++{ ++#ifdef CONFIG_KVM_AMD_SEV ++ struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; ++ ++ return (sev->vmsa_features & SVM_SEV_FEAT_SNP_ACTIVE) && ++ !WARN_ON_ONCE(!sev_es_guest(kvm)); ++#else ++ return false; ++#endif ++} ++ + static inline void vmcb_mark_all_dirty(struct vmcb *vmcb) + { + vmcb->control.clean = 0; +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c +index 64eda7949f09..f85735b6235d 100644 +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -12603,7 +12603,7 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type) + + kvm->arch.vm_type = type; + kvm->arch.has_private_mem = +- (type == KVM_X86_SW_PROTECTED_VM); ++ (type == KVM_X86_SW_PROTECTED_VM || type == KVM_X86_SNP_VM); + + ret = kvm_page_track_init(kvm); + if (ret) +-- +2.25.1 + + +X-sender: <linux-kernel+bounces-125486-steffen.klassert=secunet.com@vger.kernel.org> +X-Receiver: <steffen.klassert@secunet.com> ORCPT=rfc822;steffen.klassert@secunet.com +X-CreatedBy: MSExchange15 +X-HeloDomain: mbx-essen-01.secunet.de +X-ExtendedProps: BQBjAAoAk0mmlidQ3AgFADcAAgAADwA8AAAATWljcm9zb2Z0LkV4Y2hhbmdlLlRyYW5zcG9ydC5NYWlsUmVjaXBpZW50Lk9yZ2FuaXphdGlvblNjb3BlEQAAAAAAAAAAAAAAAAAAAAAADwA/AAAATWljcm9zb2Z0LkV4Y2hhbmdlLlRyYW5zcG9ydC5EaXJlY3RvcnlEYXRhLk1haWxEZWxpdmVyeVByaW9yaXR5DwADAAAATG93 +X-Source: SMTP:Default MBX-ESSEN-02 +X-SourceIPAddress: 10.53.40.197 +X-EndOfInjectedXHeaders: 18857 +Received: from mbx-essen-01.secunet.de (10.53.40.197) by + mbx-essen-02.secunet.de (10.53.40.198) with Microsoft SMTP Server + (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id + 15.1.2507.37; Fri, 29 Mar 2024 23:59:35 +0100 +Received: from a.mx.secunet.com (62.96.220.36) by cas-essen-02.secunet.de + (10.53.40.202) with Microsoft SMTP Server (version=TLS1_2, + cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend + Transport; Fri, 29 Mar 2024 23:59:35 +0100 +Received: from localhost (localhost [127.0.0.1]) + by a.mx.secunet.com (Postfix) with ESMTP id D2F4D208AC + for <steffen.klassert@secunet.com>; Fri, 29 Mar 2024 23:59:35 +0100 (CET) +X-Virus-Scanned: by secunet +X-Spam-Flag: NO +X-Spam-Score: -5.15 +X-Spam-Level: +X-Spam-Status: No, score=-5.15 tagged_above=-999 required=2.1 + tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.099, DKIM_SIGNED=0.1, + DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, + HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, + RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] + autolearn=unavailable autolearn_force=no +Authentication-Results: a.mx.secunet.com (amavisd-new); + dkim=pass (1024-bit key) header.d=amd.com +Received: from a.mx.secunet.com ([127.0.0.1]) + by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id l7qOXSrzZ9yR for <steffen.klassert@secunet.com>; + Fri, 29 Mar 2024 23:59:35 +0100 (CET) +Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=139.178.88.99; helo=sv.mirrors.kernel.org; envelope-from=linux-kernel+bounces-125486-steffen.klassert=secunet.com@vger.kernel.org; receiver=steffen.klassert@secunet.com +DKIM-Filter: OpenDKIM Filter v2.11.0 a.mx.secunet.com D4D7B2087B +Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org [139.178.88.99]) + (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) + (No client certificate requested) + by a.mx.secunet.com (Postfix) with ESMTPS id D4D7B2087B + for <steffen.klassert@secunet.com>; Fri, 29 Mar 2024 23:59:34 +0100 (CET) +Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) + (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) + (No client certificate requested) + by sv.mirrors.kernel.org (Postfix) with ESMTPS id 95E5728327E + for <steffen.klassert@secunet.com>; Fri, 29 Mar 2024 22:59:32 +0000 (UTC) +Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) + by smtp.subspace.kernel.org (Postfix) with ESMTP id 7214D13E6AD; + Fri, 29 Mar 2024 22:59:17 +0000 (UTC) +Authentication-Results: smtp.subspace.kernel.org; + dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="q9r7dIZC" +Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2079.outbound.protection.outlook.com [40.107.212.79]) + (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) + (No client certificate requested) + by smtp.subspace.kernel.org (Postfix) with ESMTPS id 92DAD13EFEE; + Fri, 29 Mar 2024 22:59:11 +0000 (UTC) +Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.212.79 +ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; + t=1711753153; cv=fail; b=BYbUnnfXmxEtv1PkrIHV+7kzVO0y3a1Ye+F4TRsm29EL0omYnNLvNDSQwPMrK6Z80fnDzyU2l8EfE3Fm6gpXmT0qiFAbN87V7eOZwJzuqVAJ70gFqLeQEMXZ56g8tSRZScOkyyPbWGrEyHg/1rRmBrm3pQuOvLWGoHZ3WptkQF8= +ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; + s=arc-20240116; t=1711753153; c=relaxed/simple; + bh=32N0Xx4fpPiGgE4gdCbkfdfNikRkU8p14GCc9880qic=; + h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: + MIME-Version:Content-Type; b=X6h1fEpizL+9h9BpHNiFVub3+3P5w3JD0lfdk8PZptPGziwiP5AnrmvxqeGRjE4W5Le1zkKGCVue4EUqS+y04Y+rXUZSUK9J9lyDqkdMCJHY1wU1Byy/7PBF40xIkza8bvGO9bcWbA8C/FJ2d55TKdQO+/guAX1pBzwbXtegNUk= +ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=q9r7dIZC; arc=fail smtp.client-ip=40.107.212.79 +Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com +Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com +ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; + b=CA9+EpoNiZ9ayMmuF+uTwSeBjPBlCFrkeWODbOoFlUQYPDABUEHwtqo28a8PW/imB4XHrnE6Mt7E6/eCJocLwL2ciZisEmC7AJ22GL9xbPbPArTsRqEhdNCCbYLP8qWdMy7FpFKDiSu99P3EtkWJOVuZR6wJ1zXPkVsxJAHxQ1NZ77Qa85K/ObPQ8AXhBmWwf+YD98Gd+ZIg+6gXsRxooicVQa7Y3DkW94F4Dp2asJhZho3IOy1uRIKUanolI+9CLEqcJE1wd8Pj9ElUfYP1G1okbc8A1YOlkTe5b9ULGwMufalRk2pkDIBD7XR36PUU/mnLms1Qwwj+VM+0nGkajg== +ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; + s=arcselector9901; + h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; + bh=85xfxLH74OdKCMM2bG4Ka/efKmeDa+urj4S6khYBEhI=; + b=XUVPXyEnaWzdYWoJNkvqerhl6Svq2T8m2knayzG2+AeIbpHftkICKGYxj3BhyGshE2fO6TH9GpjHVrVPkK/+CpJ64AIdKw86jsY6ZbM8HQwf8klvQ5RxPozzGqx8MCi//iIwzzm3KPNqhj3Ww+jF4+8AE9bU9otOpkMOebIPanjg1MidwxVrLnfjkq7hfRkk/I+aj940z2p1XCAH17I0WNoHu8EhR4AyoCVtX/44RDF24bsnopzDbUsoOPAjhJ/fk/qtp+XVd5ANyraXcDOdxzpXNzWDFF6h5vNh9oBEnYh/p27lBZGuXOhT4rZfFcCDSYu2vULKOAr2b0ovUb+ebg== +ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is + 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; + dmarc=pass (p=quarantine sp=quarantine pct=100) action=none + header.from=amd.com; dkim=none (message not signed); arc=none (0) +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; + h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; + bh=85xfxLH74OdKCMM2bG4Ka/efKmeDa+urj4S6khYBEhI=; + b=q9r7dIZCmGAMsb5Qf5qevjsO+u2qguOTQwgvMMQeTMWFxL30f5651Ih1rIv4M6gqyWlZAEDGO0VJA6/trmWh7JWA1JQmddseBxmacNU4bozvpuXx54+2xHpPUF3BfBuyIDYp3RuPMt3lUtS6+dQfKoYUuLkX31Den1QT9hFH4FA= +Received: from DS7PR03CA0074.namprd03.prod.outlook.com (2603:10b6:5:3bb::19) + by SN7PR12MB6861.namprd12.prod.outlook.com (2603:10b6:806:266::14) with + Microsoft SMTP Server (version=TLS1_2, + cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.40; Fri, 29 Mar + 2024 22:59:07 +0000 +Received: from CY4PEPF0000FCC4.namprd03.prod.outlook.com + (2603:10b6:5:3bb:cafe::79) by DS7PR03CA0074.outlook.office365.com + (2603:10b6:5:3bb::19) with Microsoft SMTP Server (version=TLS1_2, + cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.40 via Frontend + Transport; Fri, 29 Mar 2024 22:59:02 +0000 +X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) + smtp.mailfrom=amd.com; dkim=none (message not signed) + header.d=none;dmarc=pass action=none header.from=amd.com; +Received-SPF: Pass (protection.outlook.com: domain of amd.com designates + 165.204.84.17 as permitted sender) receiver=protection.outlook.com; + client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C +Received: from SATLEXMB04.amd.com (165.204.84.17) by + CY4PEPF0000FCC4.mail.protection.outlook.com (10.167.242.106) with Microsoft + SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id + 15.20.7409.10 via Frontend Transport; Fri, 29 Mar 2024 22:59:01 +0000 +Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com + (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, + cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Fri, 29 Mar + 2024 17:59:00 -0500 +From: Michael Roth <michael.roth@amd.com> +To: <kvm@vger.kernel.org> +CC: <linux-coco@lists.linux.dev>, <linux-mm@kvack.org>, + <linux-crypto@vger.kernel.org>, <x86@kernel.org>, + <linux-kernel@vger.kernel.org>, <tglx@linutronix.de>, <mingo@redhat.com>, + <jroedel@suse.de>, <thomas.lendacky@amd.com>, <hpa@zytor.com>, + <ardb@kernel.org>, <pbonzini@redhat.com>, <seanjc@google.com>, + <vkuznets@redhat.com>, <jmattson@google.com>, <luto@kernel.org>, + <dave.hansen@linux.intel.com>, <slp@redhat.com>, <pgonda@google.com>, + <peterz@infradead.org>, <srinivas.pandruvada@linux.intel.com>, + <rientjes@google.com>, <dovmurik@linux.ibm.com>, <tobin@ibm.com>, + <bp@alien8.de>, <vbabka@suse.cz>, <kirill@shutemov.name>, + <ak@linux.intel.com>, <tony.luck@intel.com>, + <sathyanarayanan.kuppuswamy@linux.intel.com>, <alpergun@google.com>, + <jarkko@kernel.org>, <ashish.kalra@amd.com>, <nikunj.dadhania@amd.com>, + <pankaj.gupta@amd.com>, <liam.merwick@oracle.com>, Brijesh Singh + <brijesh.singh@amd.com> +Subject: [PATCH v12 09/29] KVM: SEV: Add initial SEV-SNP support +Date: Fri, 29 Mar 2024 17:58:15 -0500 +Message-ID: <20240329225835.400662-10-michael.roth@amd.com> +X-Mailer: git-send-email 2.25.1 +In-Reply-To: <20240329225835.400662-1-michael.roth@amd.com> +References: <20240329225835.400662-1-michael.roth@amd.com> +Precedence: bulk +X-Mailing-List: linux-kernel@vger.kernel.org +List-Id: <linux-kernel.vger.kernel.org> +List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org> +List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org> +MIME-Version: 1.0 +Content-Transfer-Encoding: 8bit +Content-Type: text/plain +X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com + (10.181.40.145) +X-EOPAttributedMessage: 0 +X-MS-PublicTrafficType: Email +X-MS-TrafficTypeDiagnostic: CY4PEPF0000FCC4:EE_|SN7PR12MB6861:EE_ +X-MS-Office365-Filtering-Correlation-Id: 8a450cd9-fdcd-4e47-ed16-08dc5043d334 +X-MS-Exchange-SenderADCheck: 1 +X-MS-Exchange-AntiSpam-Relay: 0 +X-Microsoft-Antispam: BCL:0; +X-Microsoft-Antispam-Message-Info: nsYawN22RK6vpJl8VU3uLdBNz2wKwfigLe9u15MYJjT0NXQV3Yzjn6a1OjYj4LPzeDO8cf52t0bld23f73IhgDjhPepqbc7IwHTzPhZ/pO0fb1Dc4F6dPKSdnsPrwbyyhJI21uoEBXlb9DpAIEIBOyVjZmH+wtq/OnN34HGIHNnAASx0iEdmOS44o1oEugf+lFgXmiA6AQWu+IikoKRj2YItSH3Txq0G7BC/TRGiWq2KqdmgFh+n5Hsot5lhcjxEP+iWzkso8UiBcRHFE8Sju6gjTCdVv1uIDSSjI3OvUAubuGZeTloeeL4ALMLAdXglcVDTAeML83k7xVUpdU2UJQx0wb/97jBfBau1zhrRC78B3NehLm2mU8sjwnExhuP/MfHsbmuX5VvLn2CPH9T81lSMjdxVYlZI/ytN2lzlTQ6vcxI+8hSPG9PpG923elprnKSAI7fsLuCaIOF+SPmZqnI+RcAfIX4fms89ZDSC6lffhLHDFAraZ3I86fN9ZemKTUgctwPvboQCfEG3mDxYzLPPQYhchCxYb1wWaG8jFR5sFSVsrE7JQ/SDBGTYpRHKn9KLxD3rVWSX7nTCof7mJAPHXd2W0DPkpcx9TiDMdcZ4+2WH9Ez1YUqwMRjAYVmxwirJl9RK3NI4in6GXQmovhcw4JB7RQikwOS3iiudBKTtfKGD6mR80tiSkJb9G8Bw9pvoQHQlT6bQl8BXfRTgx5cMzVuv0ny3ytgj4cr3PKrxvNDbOm6IUcK3cMc8E9Ls +X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(82310400014)(1800799015)(7416005)(376005)(36860700004);DIR:OUT;SFP:1101; +X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Mar 2024 22:59:01.5166 + (UTC) +X-MS-Exchange-CrossTenant-Network-Message-Id: 8a450cd9-fdcd-4e47-ed16-08dc5043d334 +X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d +X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] +X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000FCC4.namprd03.prod.outlook.com +X-MS-Exchange-CrossTenant-AuthAs: Anonymous +X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem +X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB6861 +Return-Path: linux-kernel+bounces-125486-steffen.klassert=secunet.com@vger.kernel.org +X-MS-Exchange-Organization-OriginalArrivalTime: 29 Mar 2024 22:59:35.8868 + (UTC) +X-MS-Exchange-Organization-Network-Message-Id: d8a1fa16-8869-482d-0488-08dc5043e7a1 +X-MS-Exchange-Organization-OriginalClientIPAddress: 62.96.220.36 +X-MS-Exchange-Organization-OriginalServerIPAddress: 10.53.40.202 +X-MS-Exchange-Organization-Cross-Premises-Headers-Processed: cas-essen-02.secunet.de +X-MS-Exchange-Organization-OrderedPrecisionLatencyInProgress: LSRV=cas-essen-02.secunet.de:TOTAL-FE=0.008|SMR=0.008(SMRPI=0.005(SMRPI-FrontendProxyAgent=0.005));2024-03-29T22:59:35.895Z +X-MS-Exchange-Forest-ArrivalHubServer: mbx-essen-02.secunet.de +X-MS-Exchange-Organization-AuthSource: cas-essen-02.secunet.de +X-MS-Exchange-Organization-AuthAs: Anonymous +X-MS-Exchange-Organization-OriginalSize: 18312 +X-MS-Exchange-Organization-Transport-Properties: DeliveryPriority=Low +X-MS-Exchange-Organization-Prioritization: 2:ShadowRedundancy +X-MS-Exchange-Organization-IncludeInSla: False:ShadowRedundancy + +SEV-SNP builds upon existing SEV and SEV-ES functionality while adding +new hardware-based security protection. SEV-SNP adds strong memory +encryption and integrity protection to help prevent malicious +hypervisor-based attacks such as data replay, memory re-mapping, and +more, to create an isolated execution environment. + +Define a new KVM_X86_SNP_VM type which makes use of these capabilities +and extend the KVM_SEV_INIT2 ioctl to support it. Also add a basic +helper to check whether SNP is enabled. + +Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> +Signed-off-by: Ashish Kalra <ashish.kalra@amd.com> +[mdr: commit fixups, use similar ASID reporting as with SEV/SEV-ES] +Signed-off-by: Michael Roth <michael.roth@amd.com> +--- + arch/x86/include/asm/svm.h | 3 ++- + arch/x86/include/uapi/asm/kvm.h | 1 + + arch/x86/kvm/svm/sev.c | 21 ++++++++++++++++++++- + arch/x86/kvm/svm/svm.c | 3 ++- + arch/x86/kvm/svm/svm.h | 12 ++++++++++++ + arch/x86/kvm/x86.c | 2 +- + 6 files changed, 38 insertions(+), 4 deletions(-) + +diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h +index 728c98175b9c..544a43c1cf11 100644 +--- a/arch/x86/include/asm/svm.h ++++ b/arch/x86/include/asm/svm.h +@@ -285,7 +285,8 @@ static_assert((X2AVIC_MAX_PHYSICAL_ID & AVIC_PHYSICAL_MAX_INDEX_MASK) == X2AVIC_ + + #define AVIC_HPA_MASK ~((0xFFFULL << 52) | 0xFFF) + +-#define SVM_SEV_FEAT_DEBUG_SWAP BIT(5) ++#define SVM_SEV_FEAT_SNP_ACTIVE BIT(0) ++#define SVM_SEV_FEAT_DEBUG_SWAP BIT(5) + + struct vmcb_seg { + u16 selector; +diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h +index 51b13080ed4b..725b75cfe9ff 100644 +--- a/arch/x86/include/uapi/asm/kvm.h ++++ b/arch/x86/include/uapi/asm/kvm.h +@@ -868,5 +868,6 @@ struct kvm_hyperv_eventfd { + #define KVM_X86_SW_PROTECTED_VM 1 + #define KVM_X86_SEV_VM 2 + #define KVM_X86_SEV_ES_VM 3 ++#define KVM_X86_SNP_VM 4 + + #endif /* _ASM_X86_KVM_H */ +diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c +index 1e65f5634ad3..3d9771163562 100644 +--- a/arch/x86/kvm/svm/sev.c ++++ b/arch/x86/kvm/svm/sev.c +@@ -46,6 +46,9 @@ module_param_named(sev, sev_enabled, bool, 0444); + static bool sev_es_enabled = true; + module_param_named(sev_es, sev_es_enabled, bool, 0444); + ++/* enable/disable SEV-SNP support */ ++static bool sev_snp_enabled; ++ + /* enable/disable SEV-ES DebugSwap support */ + static bool sev_es_debug_swap_enabled = true; + module_param_named(debug_swap, sev_es_debug_swap_enabled, bool, 0444); +@@ -275,6 +278,9 @@ static int __sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp, + sev->es_active = es_active; + sev->vmsa_features = data->vmsa_features; + ++ if (vm_type == KVM_X86_SNP_VM) ++ sev->vmsa_features |= SVM_SEV_FEAT_SNP_ACTIVE; ++ + ret = sev_asid_new(sev); + if (ret) + goto e_no_asid; +@@ -326,7 +332,8 @@ static int sev_guest_init2(struct kvm *kvm, struct kvm_sev_cmd *argp) + return -EINVAL; + + if (kvm->arch.vm_type != KVM_X86_SEV_VM && +- kvm->arch.vm_type != KVM_X86_SEV_ES_VM) ++ kvm->arch.vm_type != KVM_X86_SEV_ES_VM && ++ kvm->arch.vm_type != KVM_X86_SNP_VM) + return -EINVAL; + + if (copy_from_user(&data, u64_to_user_ptr(argp->data), sizeof(data))) +@@ -2297,11 +2304,16 @@ void __init sev_set_cpu_caps(void) + kvm_cpu_cap_set(X86_FEATURE_SEV_ES); + kvm_caps.supported_vm_types |= BIT(KVM_X86_SEV_ES_VM); + } ++ if (sev_snp_enabled) { ++ kvm_cpu_cap_set(X86_FEATURE_SEV_SNP); ++ kvm_caps.supported_vm_types |= BIT(KVM_X86_SNP_VM); ++ } + } + + void __init sev_hardware_setup(void) + { + unsigned int eax, ebx, ecx, edx, sev_asid_count, sev_es_asid_count; ++ bool sev_snp_supported = false; + bool sev_es_supported = false; + bool sev_supported = false; + +@@ -2382,6 +2394,7 @@ void __init sev_hardware_setup(void) + sev_es_asid_count = min_sev_asid - 1; + WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV_ES, sev_es_asid_count)); + sev_es_supported = true; ++ sev_snp_supported = sev_snp_enabled && cc_platform_has(CC_ATTR_HOST_SEV_SNP); + + out: + if (boot_cpu_has(X86_FEATURE_SEV)) +@@ -2394,9 +2407,15 @@ void __init sev_hardware_setup(void) + pr_info("SEV-ES %s (ASIDs %u - %u)\n", + sev_es_supported ? "enabled" : "disabled", + min_sev_asid > 1 ? 1 : 0, min_sev_asid - 1); ++ if (boot_cpu_has(X86_FEATURE_SEV_SNP)) ++ pr_info("SEV-SNP %s (ASIDs %u - %u)\n", ++ sev_snp_supported ? "enabled" : "disabled", ++ min_sev_asid > 1 ? 1 : 0, min_sev_asid - 1); + + sev_enabled = sev_supported; + sev_es_enabled = sev_es_supported; ++ sev_snp_enabled = sev_snp_supported; ++ + if (!sev_es_enabled || !cpu_feature_enabled(X86_FEATURE_DEBUG_SWAP) || + !cpu_feature_enabled(X86_FEATURE_NO_NESTED_DATA_BP)) + sev_es_debug_swap_enabled = false; +diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c +index 0f3b59da0d4a..2c162f6a1d78 100644 +--- a/arch/x86/kvm/svm/svm.c ++++ b/arch/x86/kvm/svm/svm.c +@@ -4890,7 +4890,8 @@ static int svm_vm_init(struct kvm *kvm) + + if (type != KVM_X86_DEFAULT_VM && + type != KVM_X86_SW_PROTECTED_VM) { +- kvm->arch.has_protected_state = (type == KVM_X86_SEV_ES_VM); ++ kvm->arch.has_protected_state = ++ (type == KVM_X86_SEV_ES_VM || type == KVM_X86_SNP_VM); + to_kvm_sev_info(kvm)->need_init = true; + } + +diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h +index 157eb3f65269..4a01a81dd9b9 100644 +--- a/arch/x86/kvm/svm/svm.h ++++ b/arch/x86/kvm/svm/svm.h +@@ -348,6 +348,18 @@ static __always_inline bool sev_es_guest(struct kvm *kvm) + #endif + } + ++static __always_inline bool sev_snp_guest(struct kvm *kvm) ++{ ++#ifdef CONFIG_KVM_AMD_SEV ++ struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; ++ ++ return (sev->vmsa_features & SVM_SEV_FEAT_SNP_ACTIVE) && ++ !WARN_ON_ONCE(!sev_es_guest(kvm)); ++#else ++ return false; ++#endif ++} ++ + static inline void vmcb_mark_all_dirty(struct vmcb *vmcb) + { + vmcb->control.clean = 0; +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c +index 64eda7949f09..f85735b6235d 100644 +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -12603,7 +12603,7 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type) + + kvm->arch.vm_type = type; + kvm->arch.has_private_mem = +- (type == KVM_X86_SW_PROTECTED_VM); ++ (type == KVM_X86_SW_PROTECTED_VM || type == KVM_X86_SNP_VM); + + ret = kvm_page_track_init(kvm); + if (ret) +-- +2.25.1 diff --git a/a/content_digest b/N1/content_digest index c532d89..c0a6e3b 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -216,6 +216,836 @@ " \tret = kvm_page_track_init(kvm);\n" " \tif (ret)\n" "-- \n" + "2.25.1\n" + "\n" + "\n" + "X-sender: <linux-crypto+bounces-3086-steffen.klassert=secunet.com@vger.kernel.org>\n" + "X-Receiver: <steffen.klassert@secunet.com> ORCPT=rfc822;steffen.klassert@secunet.com; X-ExtendedProps=DwA1AAAATWljcm9zb2Z0LkV4Y2hhbmdlLlRyYW5zcG9ydC5EaXJlY3RvcnlEYXRhLklzUmVzb3VyY2UCAAAFABUAFgACAAAABQAUABEA8MUJLbkECUOS0gjaDTZ+uAUAagAJAAEAAAAAAAAABQAWAAIAAAUAQwACAAAFAEYABwADAAAABQBHAAIAAAUAEgAPAGIAAAAvbz1zZWN1bmV0L291PUV4Y2hhbmdlIEFkbWluaXN0cmF0aXZlIEdyb3VwIChGWURJQk9IRjIzU1BETFQpL2NuPVJlY2lwaWVudHMvY249U3RlZmZlbiBLbGFzc2VydDY4YwUACwAXAL4AAACheZxkHSGBRqAcAp3ukbifQ049REI2LENOPURhdGFiYXNlcyxDTj1FeGNoYW5nZSBBZG1pbmlzdHJhdGl2ZSBHcm91cCAoRllESUJPSEYyM1NQRExUKSxDTj1BZG1pbmlzdHJhdGl2ZSBHcm91cHMsQ049c2VjdW5ldCxDTj1NaWNyb3NvZnQgRXhjaGFuZ2UsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZWN1bmV0LERDPWRlBQAOABEABiAS9uuMOkqzwmEZDvWNNQUAHQAPAAwAAABtYngtZXNzZW4tMDIFADwAAgAADwA2AAAATWljcm9zb2Z0LkV4Y2hhbmdlLlRyYW5zcG9ydC5NYWlsUmVjaXBpZW50LkRpc3BsYXlOYW1lDwARAAAAS2xhc3NlcnQsIFN0ZWZmZW4FAGwAAgAABQBYABcASgAAAPDFCS25BAlDktII2g02frhDTj1LbGFzc2VydCBTdGVmZmVuLE9VPVVzZXJzLE9VPU1pZ3JhdGlvbixEQz1zZWN1bmV0LERDPWRlBQAMAAIAAAUAJgACAAEFACIADwAxAAAAQXV0b1Jlc3BvbnNlU3VwcHJlc3M6IDANClRyYW5zbWl0SGlzdG9yeTogRmFsc2UNCg8ALwAAAE1pY3Jvc29mdC5FeGNoYW5nZS5UcmFuc3BvcnQuRXhwYW5zaW9uR3JvdXBUeXBlDwAVAAAATWVtYmVyc0dyb3VwRXhwYW5zaW9uBQAjAAIAAQ==\n" + "X-CreatedBy: MSExchange15\n" + "X-HeloDomain: a.mx.secunet.com\n" + "X-ExtendedProps: BQBjAAoAWUmmlidQ3AgFAGEACAABAAAABQA3AAIAAA8APAAAAE1pY3Jvc29mdC5FeGNoYW5nZS5UcmFuc3BvcnQuTWFpbFJlY2lwaWVudC5Pcmdhbml6YXRpb25TY29wZREAAAAAAAAAAAAAAAAAAAAAAAUASQACAAEFAAQAFCABAAAAHAAAAHN0ZWZmZW4ua2xhc3NlcnRAc2VjdW5ldC5jb20FAAYAAgABDwAqAAAATWljcm9zb2Z0LkV4Y2hhbmdlLlRyYW5zcG9ydC5SZXN1Ym1pdENvdW50BwACAAAADwAJAAAAQ0lBdWRpdGVkAgABBQACAAcAAQAAAAUAAwAHAAAAAAAFAAUAAgABBQBiAAoAeAAAAM2KAAAFAGQADwADAAAASHViBQApAAIAAQ8APwAAAE1pY3Jvc29mdC5FeGNoYW5nZS5UcmFuc3BvcnQuRGlyZWN0b3J5RGF0YS5NYWlsRGVsaXZlcnlQcmlvcml0eQ8AAwAAAExvdw==\n" + "X-Source: SMTP:Default MBX-ESSEN-02\n" + "X-SourceIPAddress: 62.96.220.36\n" + "X-EndOfInjectedXHeaders: 26564\n" + "Received: from cas-essen-01.secunet.de (10.53.40.201) by\n" + " mbx-essen-02.secunet.de (10.53.40.198) with Microsoft SMTP Server\n" + " (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id\n" + " 15.1.2507.37; Fri, 29 Mar 2024 23:59:24 +0100\n" + "Received: from a.mx.secunet.com (62.96.220.36) by cas-essen-01.secunet.de\n" + " (10.53.40.201) with Microsoft SMTP Server (version=TLS1_2,\n" + " cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend\n" + " Transport; Fri, 29 Mar 2024 23:59:24 +0100\n" + "Received: from localhost (localhost [127.0.0.1])\n" + "\tby a.mx.secunet.com (Postfix) with ESMTP id E4791208B4\n" + "\tfor <steffen.klassert@secunet.com>; Fri, 29 Mar 2024 23:59:24 +0100 (CET)\n" + "X-Virus-Scanned: by secunet\n" + "X-Spam-Flag: NO\n" + "X-Spam-Score: -2.85\n" + "X-Spam-Level:\n" + "X-Spam-Status: No, score=-2.85 tagged_above=-999 required=2.1\n" + "\ttests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.099, DKIM_SIGNED=0.1,\n" + "\tDKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,\n" + "\tHEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1,\n" + "\tRCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001]\n" + "\tautolearn=ham autolearn_force=no\n" + "Authentication-Results: a.mx.secunet.com (amavisd-new);\n" + "\tdkim=pass (1024-bit key) header.d=amd.com\n" + "Received: from a.mx.secunet.com ([127.0.0.1])\n" + "\tby localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024)\n" + "\twith ESMTP id QnZlk_tCllH0 for <steffen.klassert@secunet.com>;\n" + "\tFri, 29 Mar 2024 23:59:20 +0100 (CET)\n" + "Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=147.75.80.249; helo=am.mirrors.kernel.org; envelope-from=linux-crypto+bounces-3086-steffen.klassert=secunet.com@vger.kernel.org; receiver=steffen.klassert@secunet.com \n" + "DKIM-Filter: OpenDKIM Filter v2.11.0 a.mx.secunet.com 7F82D2087B\n" + "Received: from am.mirrors.kernel.org (am.mirrors.kernel.org [147.75.80.249])\n" + "\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n" + "\t(No client certificate requested)\n" + "\tby a.mx.secunet.com (Postfix) with ESMTPS id 7F82D2087B\n" + "\tfor <steffen.klassert@secunet.com>; Fri, 29 Mar 2024 23:59:20 +0100 (CET)\n" + "Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])\n" + "\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n" + "\t(No client certificate requested)\n" + "\tby am.mirrors.kernel.org (Postfix) with ESMTPS id ED7B51F23BD2\n" + "\tfor <steffen.klassert@secunet.com>; Fri, 29 Mar 2024 22:59:19 +0000 (UTC)\n" + "Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])\n" + "\tby smtp.subspace.kernel.org (Postfix) with ESMTP id AE14613CFAE;\n" + "\tFri, 29 Mar 2024 22:59:13 +0000 (UTC)\n" + "Authentication-Results: smtp.subspace.kernel.org;\n" + "\tdkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=\"q9r7dIZC\"\n" + "X-Original-To: linux-crypto@vger.kernel.org\n" + "Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2079.outbound.protection.outlook.com [40.107.212.79])\n" + "\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n" + "\t(No client certificate requested)\n" + "\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 92DAD13EFEE;\n" + "\tFri, 29 Mar 2024 22:59:11 +0000 (UTC)\n" + "Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.212.79\n" + "ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n" + "\tt=1711753153; cv=fail; b=BYbUnnfXmxEtv1PkrIHV+7kzVO0y3a1Ye+F4TRsm29EL0omYnNLvNDSQwPMrK6Z80fnDzyU2l8EfE3Fm6gpXmT0qiFAbN87V7eOZwJzuqVAJ70gFqLeQEMXZ56g8tSRZScOkyyPbWGrEyHg/1rRmBrm3pQuOvLWGoHZ3WptkQF8=\n" + "ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;\n" + "\ts=arc-20240116; t=1711753153; c=relaxed/simple;\n" + "\tbh=32N0Xx4fpPiGgE4gdCbkfdfNikRkU8p14GCc9880qic=;\n" + "\th=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:\n" + "\t MIME-Version:Content-Type; b=X6h1fEpizL+9h9BpHNiFVub3+3P5w3JD0lfdk8PZptPGziwiP5AnrmvxqeGRjE4W5Le1zkKGCVue4EUqS+y04Y+rXUZSUK9J9lyDqkdMCJHY1wU1Byy/7PBF40xIkza8bvGO9bcWbA8C/FJ2d55TKdQO+/guAX1pBzwbXtegNUk=\n" + "ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=q9r7dIZC; arc=fail smtp.client-ip=40.107.212.79\n" + "Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com\n" + "Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com\n" + "ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;\n" + " b=CA9+EpoNiZ9ayMmuF+uTwSeBjPBlCFrkeWODbOoFlUQYPDABUEHwtqo28a8PW/imB4XHrnE6Mt7E6/eCJocLwL2ciZisEmC7AJ22GL9xbPbPArTsRqEhdNCCbYLP8qWdMy7FpFKDiSu99P3EtkWJOVuZR6wJ1zXPkVsxJAHxQ1NZ77Qa85K/ObPQ8AXhBmWwf+YD98Gd+ZIg+6gXsRxooicVQa7Y3DkW94F4Dp2asJhZho3IOy1uRIKUanolI+9CLEqcJE1wd8Pj9ElUfYP1G1okbc8A1YOlkTe5b9ULGwMufalRk2pkDIBD7XR36PUU/mnLms1Qwwj+VM+0nGkajg==\n" + "ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n" + " s=arcselector9901;\n" + " h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n" + " bh=85xfxLH74OdKCMM2bG4Ka/efKmeDa+urj4S6khYBEhI=;\n" + " b=XUVPXyEnaWzdYWoJNkvqerhl6Svq2T8m2knayzG2+AeIbpHftkICKGYxj3BhyGshE2fO6TH9GpjHVrVPkK/+CpJ64AIdKw86jsY6ZbM8HQwf8klvQ5RxPozzGqx8MCi//iIwzzm3KPNqhj3Ww+jF4+8AE9bU9otOpkMOebIPanjg1MidwxVrLnfjkq7hfRkk/I+aj940z2p1XCAH17I0WNoHu8EhR4AyoCVtX/44RDF24bsnopzDbUsoOPAjhJ/fk/qtp+XVd5ANyraXcDOdxzpXNzWDFF6h5vNh9oBEnYh/p27lBZGuXOhT4rZfFcCDSYu2vULKOAr2b0ovUb+ebg==\n" + "ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is\n" + " 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com;\n" + " dmarc=pass (p=quarantine sp=quarantine pct=100) action=none\n" + " header.from=amd.com; dkim=none (message not signed); arc=none (0)\n" + "DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;\n" + " h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n" + " bh=85xfxLH74OdKCMM2bG4Ka/efKmeDa+urj4S6khYBEhI=;\n" + " b=q9r7dIZCmGAMsb5Qf5qevjsO+u2qguOTQwgvMMQeTMWFxL30f5651Ih1rIv4M6gqyWlZAEDGO0VJA6/trmWh7JWA1JQmddseBxmacNU4bozvpuXx54+2xHpPUF3BfBuyIDYp3RuPMt3lUtS6+dQfKoYUuLkX31Den1QT9hFH4FA=\n" + "Received: from DS7PR03CA0074.namprd03.prod.outlook.com (2603:10b6:5:3bb::19)\n" + " by SN7PR12MB6861.namprd12.prod.outlook.com (2603:10b6:806:266::14) with\n" + " Microsoft SMTP Server (version=TLS1_2,\n" + " cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.40; Fri, 29 Mar\n" + " 2024 22:59:07 +0000\n" + "Received: from CY4PEPF0000FCC4.namprd03.prod.outlook.com\n" + " (2603:10b6:5:3bb:cafe::79) by DS7PR03CA0074.outlook.office365.com\n" + " (2603:10b6:5:3bb::19) with Microsoft SMTP Server (version=TLS1_2,\n" + " cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.40 via Frontend\n" + " Transport; Fri, 29 Mar 2024 22:59:02 +0000\n" + "X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)\n" + " smtp.mailfrom=amd.com; dkim=none (message not signed)\n" + " header.d=none;dmarc=pass action=none header.from=amd.com;\n" + "Received-SPF: Pass (protection.outlook.com: domain of amd.com designates\n" + " 165.204.84.17 as permitted sender) receiver=protection.outlook.com;\n" + " client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C\n" + "Received: from SATLEXMB04.amd.com (165.204.84.17) by\n" + " CY4PEPF0000FCC4.mail.protection.outlook.com (10.167.242.106) with Microsoft\n" + " SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id\n" + " 15.20.7409.10 via Frontend Transport; Fri, 29 Mar 2024 22:59:01 +0000\n" + "Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com\n" + " (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,\n" + " cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Fri, 29 Mar\n" + " 2024 17:59:00 -0500\n" + "From: Michael Roth <michael.roth@amd.com>\n" + "To: <kvm@vger.kernel.org>\n" + "CC: <linux-coco@lists.linux.dev>, <linux-mm@kvack.org>,\n" + "\t<linux-crypto@vger.kernel.org>, <x86@kernel.org>,\n" + "\t<linux-kernel@vger.kernel.org>, <tglx@linutronix.de>, <mingo@redhat.com>,\n" + "\t<jroedel@suse.de>, <thomas.lendacky@amd.com>, <hpa@zytor.com>,\n" + "\t<ardb@kernel.org>, <pbonzini@redhat.com>, <seanjc@google.com>,\n" + "\t<vkuznets@redhat.com>, <jmattson@google.com>, <luto@kernel.org>,\n" + "\t<dave.hansen@linux.intel.com>, <slp@redhat.com>, <pgonda@google.com>,\n" + "\t<peterz@infradead.org>, <srinivas.pandruvada@linux.intel.com>,\n" + "\t<rientjes@google.com>, <dovmurik@linux.ibm.com>, <tobin@ibm.com>,\n" + "\t<bp@alien8.de>, <vbabka@suse.cz>, <kirill@shutemov.name>,\n" + "\t<ak@linux.intel.com>, <tony.luck@intel.com>,\n" + "\t<sathyanarayanan.kuppuswamy@linux.intel.com>, <alpergun@google.com>,\n" + "\t<jarkko@kernel.org>, <ashish.kalra@amd.com>, <nikunj.dadhania@amd.com>,\n" + "\t<pankaj.gupta@amd.com>, <liam.merwick@oracle.com>, Brijesh Singh\n" + "\t<brijesh.singh@amd.com>\n" + "Subject: [PATCH v12 09/29] KVM: SEV: Add initial SEV-SNP support\n" + "Date: Fri, 29 Mar 2024 17:58:15 -0500\n" + "Message-ID: <20240329225835.400662-10-michael.roth@amd.com>\n" + "X-Mailer: git-send-email 2.25.1\n" + "In-Reply-To: <20240329225835.400662-1-michael.roth@amd.com>\n" + "References: <20240329225835.400662-1-michael.roth@amd.com>\n" + "Precedence: bulk\n" + "X-Mailing-List: linux-crypto@vger.kernel.org\n" + "List-Id: <linux-crypto.vger.kernel.org>\n" + "List-Subscribe: <mailto:linux-crypto+subscribe@vger.kernel.org>\n" + "List-Unsubscribe: <mailto:linux-crypto+unsubscribe@vger.kernel.org>\n" + "MIME-Version: 1.0\n" + "Content-Transfer-Encoding: 8bit\n" + "Content-Type: text/plain\n" + "X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com\n" + " (10.181.40.145)\n" + "X-EOPAttributedMessage: 0\n" + "X-MS-PublicTrafficType: Email\n" + "X-MS-TrafficTypeDiagnostic: CY4PEPF0000FCC4:EE_|SN7PR12MB6861:EE_\n" + "X-MS-Office365-Filtering-Correlation-Id: 8a450cd9-fdcd-4e47-ed16-08dc5043d334\n" + "X-MS-Exchange-SenderADCheck: 1\n" + "X-MS-Exchange-AntiSpam-Relay: 0\n" + "X-Microsoft-Antispam: BCL:0;\n" + "X-Microsoft-Antispam-Message-Info: nsYawN22RK6vpJl8VU3uLdBNz2wKwfigLe9u15MYJjT0NXQV3Yzjn6a1OjYj4LPzeDO8cf52t0bld23f73IhgDjhPepqbc7IwHTzPhZ/pO0fb1Dc4F6dPKSdnsPrwbyyhJI21uoEBXlb9DpAIEIBOyVjZmH+wtq/OnN34HGIHNnAASx0iEdmOS44o1oEugf+lFgXmiA6AQWu+IikoKRj2YItSH3Txq0G7BC/TRGiWq2KqdmgFh+n5Hsot5lhcjxEP+iWzkso8UiBcRHFE8Sju6gjTCdVv1uIDSSjI3OvUAubuGZeTloeeL4ALMLAdXglcVDTAeML83k7xVUpdU2UJQx0wb/97jBfBau1zhrRC78B3NehLm2mU8sjwnExhuP/MfHsbmuX5VvLn2CPH9T81lSMjdxVYlZI/ytN2lzlTQ6vcxI+8hSPG9PpG923elprnKSAI7fsLuCaIOF+SPmZqnI+RcAfIX4fms89ZDSC6lffhLHDFAraZ3I86fN9ZemKTUgctwPvboQCfEG3mDxYzLPPQYhchCxYb1wWaG8jFR5sFSVsrE7JQ/SDBGTYpRHKn9KLxD3rVWSX7nTCof7mJAPHXd2W0DPkpcx9TiDMdcZ4+2WH9Ez1YUqwMRjAYVmxwirJl9RK3NI4in6GXQmovhcw4JB7RQikwOS3iiudBKTtfKGD6mR80tiSkJb9G8Bw9pvoQHQlT6bQl8BXfRTgx5cMzVuv0ny3ytgj4cr3PKrxvNDbOm6IUcK3cMc8E9Ls\n" + "X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(82310400014)(1800799015)(7416005)(376005)(36860700004);DIR:OUT;SFP:1101;\n" + "X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Mar 2024 22:59:01.5166\n" + " (UTC)\n" + "X-MS-Exchange-CrossTenant-Network-Message-Id: 8a450cd9-fdcd-4e47-ed16-08dc5043d334\n" + "X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d\n" + "X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]\n" + "X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000FCC4.namprd03.prod.outlook.com\n" + "X-MS-Exchange-CrossTenant-AuthAs: Anonymous\n" + "X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem\n" + "X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB6861\n" + "Return-Path: linux-crypto+bounces-3086-steffen.klassert=secunet.com@vger.kernel.org\n" + "X-MS-Exchange-Organization-OriginalArrivalTime: 29 Mar 2024 22:59:24.9586\n" + " (UTC)\n" + "X-MS-Exchange-Organization-Network-Message-Id: eddbe8a6-9ce3-4b49-8303-08dc5043e11d\n" + "X-MS-Exchange-Organization-OriginalClientIPAddress: 62.96.220.36\n" + "X-MS-Exchange-Organization-OriginalServerIPAddress: 10.53.40.201\n" + "X-MS-Exchange-Organization-Cross-Premises-Headers-Processed: cas-essen-01.secunet.de\n" + "X-MS-Exchange-Organization-OrderedPrecisionLatencyInProgress: LSRV=mbx-essen-02.secunet.de:TOTAL-HUB=33580.402|SMR=0.327(SMRDE=0.005|SMRC=0.321(SMRCL=0.104|X-SMRCR=0.321))|CAT=0.070(CATOS=0.001\n" + " |CATRESL=0.032(CATRESLP2R=0.009)|CATORES=0.034(CATRS=0.033(CATRS-Index\n" + " Routing Agent=0.032\n" + " ))|CATORT=0.001(CATRT=0.001))|UNK=0.001|QDM=10280.358|SMSC=0.594(X-SMSDR=0.020)|SMS=5.978\n" + " (SMSMBXD-INC=5.461)|QDM=20522.747|SMSC=0.486(X-SMSDR=0.011)|SMS=5.643(SMSMBXD-INC=5.142\n" + " )|QDM=2759.061|PSC=0.010|CAT=0.007(CATRESL=0.005(CATRESLP2R=0.002))|QDM=5.364|CAT=0.009\n" + " (CATRESL=0.007(CATRESLP2R=0.003));2024-03-30T08:19:05.378Z\n" + "X-MS-Exchange-Forest-ArrivalHubServer: mbx-essen-02.secunet.de\n" + "X-MS-Exchange-Organization-AuthSource: cas-essen-01.secunet.de\n" + "X-MS-Exchange-Organization-AuthAs: Anonymous\n" + "X-MS-Exchange-Organization-FromEntityHeader: Internet\n" + "X-MS-Exchange-Organization-OriginalSize: 18350\n" + "X-MS-Exchange-Organization-HygienePolicy: Standard\n" + "X-MS-Exchange-Organization-MessageLatency: SRV=cas-essen-01.secunet.de:TOTAL-FE=0.017|SMR=0.007(SMRPI=0.005(SMRPI-FrontendProxyAgent=0.005))|SMS=0.010\n" + "X-MS-Exchange-Organization-Recipient-Limit-Verified: True\n" + "X-MS-Exchange-Organization-TotalRecipientCount: 1\n" + "X-MS-Exchange-Organization-Rules-Execution-History: 0b0cf904-14ac-4724-8bdf-482ee6223cf2%%%fd34672d-751c-45ae-a963-ed177fcabe23%%%d8080257-b0c3-47b4-b0db-23bc0c8ddb3c%%%95e591a2-5d7d-4afa-b1d0-7573d6c0a5d9%%%f7d0f6bc-4dcc-4876-8c5d-b3d6ddbb3d55%%%16355082-c50b-4214-9c7d-d39575f9f79b\n" + "X-MS-Exchange-Forest-RulesExecuted: mbx-essen-02\n" + "X-MS-Exchange-Organization-RulesExecuted: mbx-essen-02\n" + "X-MS-Exchange-Forest-IndexAgent-0: AQ0CZW4AAW8OAAAPAAADH4sIAAAAAAAEAL1Ze3PbxhEH+BQpUlJkx0\n" + " 6mzszFaTyk+RDfovxqaEmONbFljyk77rQdDAgcJdQkwQFAWW6dfqJ+\n" + " yO7eAeDhQcrpH8HI5GFvb2/3t4/bo/+7Pzx+VxueviajhTHRbbKYmz\n" + " NCrwzbMWbnBCaJOtPxu3Y8JOPFTHMMc6ZODOcT+XhhTChRdR04i/kZ\n" + " /UguVEv/qFq0NlJtqhObagsLOeeW6VC2sk68/WCdTWzHMmGbKZ2a1q\n" + " dins4069Mc+diuxsyh5yEBxDHJBZ3MgUQv6cwhU1BGM8yFXcxffJpT\n" + " 69KwTctVQHUcVfsA2yy0C6LaRFcdlVh0PlE/Vd1N4bU2VedzsKGKmx\n" + " bzQKVV3EazqOqAgTMCIicw1AEYMImpQWeXBug+BRXqxXwxf0THxgyY\n" + " CeLwy7uXyvt+TwE7lXcviQN6IVqgxFT9QAFkmxJzTJwLCgNNnasjAx\n" + " A1KNiAdtMrh8IXTDNJgJhycnpy1iKGqTkTVM1ezOem5RDDqZPBxDYR\n" + " TdgbrDY0wAHwoRYz4YJqH2BrCrIsgrAbNqiujiZUZ2oPjfMZ1WvmeF\n" + " wbfXpAnlrGP6l9QYYAxwV5NOKvdRtff1Knel0zp08iqwb2hQGLflEn\n" + " lkoeqeyt/gHfhDV/m+rWAwLjqeGQsXG1mNtVBoRtTI2JapHB8OQInQ\n" + " N2YeiBuz4azgXGyx4Pv39ENn4JkKp0Qt6YwPhoyt/qECuisrVarZgn\n" + " qqVd7F31e3vGTJssdLqn2tM9+3JavyDs+UxIm1QqsawLdW4w/g+MH1\n" + " ibpCIyAh1l7dn0sq4R//lMWsAY89RiF4PwwOKoQiLrhcjabAX2Ca+B\n" + " b1G0Kx7WoPQeeGMCQQngzc6pXiXtPmSeTS2Mc7tUKVdJh+h0Qvl7rY\n" + " xxoxvjManVzsGX6t4abEdrJot5Y6bTK7Lf6msH/eZ+d3Sg1evdTkft\n" + " tLWmNm42SbPR6HU6zIdr9ynmweprNvvpJ1Jr9bvVfVLBrz4Bgu2ojq\n" + " Epqo3mlkrvW4N3J4fKy8F75fXzvw5PDgcvFAjKe4SRfRLOn5weHb+H\n" + " 0fCXMnn8mLgrERryg85rAaM8fz1gXIT8p1RqXD179uztixfk0SPSbZ\n" + " XBCYzCEK15y4Zuyj87HpwpR8dP3/6sDH8dvCYrnqcnZ6UuSKjErscK\n" + " NDg8O3l3vGq9KKexUs71eoT1ASCgui80h1xOtZFi03Pyb6C5z6LZg+\n" + " NhAjXdtB5eF06h/Itxc5DDC6xuc9RsN/oNqndG9fp+qzva72pjegB7\n" + " XRNYYXkroivMhiHW7/WrXVLBrx4PMQYCcCj8fFLYuTXWGRwe2P6J8a\n" + " vy+s2rs+PDs+MjPDrcpxnHCr5ZcpDWCpbjoc/VFrwbOqK8p8MjGI4f\n" + " Y0z27hNlMOR8yP+c3N9b5atgCRytmPA806S97rjba3dUvV2vt/WD/f\n" + " 1ms9fu9lqrPBMSE3JIaBb90OkB/hX4PEAvTE19MaHKXLXUqTJTp1Qv\n" + " AW8VYhD8wc/DKhmZ5qRKGp1Op/yQhS8WB0blfLbHSh4T8CpFpnjBwF\n" + " sNrQmLBxsAXz65pxs2fvvNkXe+I96VsB72bO4JBTlY7OMFQcN2REeL\n" + " 8+FHdR6QGGeZjpyKDaxfZuSSv7paRNhmVoL3u+iY1n6fe8bVBXo9oi\n" + " go6XxBbUcxZoZTWuYOuQ8fVTGZkFWb6uS+ap3Pq8vKAvTaE9BGhXbx\n" + " koIR/vhhiOlyaqvKGHq8hQXH32PWHYao3E/uIsiIEmzMujko+cEMKi\n" + " /51mzy+fGq8ux60n0s6oBCaCJ0dLoCPSVGVVmwAJUBrvKS4j3nJjR+\n" + " VJmZbK2LervVw4Ov3W6JBx9DPYh568tBj9kbNFpYM1I7Pjl9N3jB0B\n" + " MVBhG1J5i0dQ/H7x+H69m9e5D7gshr17ACF4L/yxaxvb58mefn32m0\n" + " Zs4/KWPLnCrQ7Vqlexhm0Pn2OopjMpIyd6wSAlp7gnPQb9nGv6g5Lr\n" + " G3ctnNm9bBfhVaokqr3ehUm+xsuTQNHbIG/cYrA3UUbb5Q4Ephl3Ay\n" + " Rlt0o8uD/CU0DWPx7ZtjFxkxzAKrQGrdrSNUV1yIWFDjoR/1iSDnt2\n" + " AahcpYGc/CcPpcpyj4A3eIXfaFmnKPCkJATfwHn2FovastqrKY++CK\n" + " Lc3MZrcTllRUvaoSOsIPDT/0q+oynTVzMXP8srkkCYoEir1vCdSEsT\n" + " qxxUom1vAv4otjciOs3W+x0tw+6ECxiImvFSC4T8Qe2GFqzBTPblIj\n" + " TUGjXwdvTpVX+Hd4XJoatqZo5zyC4UKswa2/9PJkeKgc/qy8gXDiUR\n" + " UDWrn8MKKCaKN7hlUEjjCmoWiEskA0TZnDlX9sWtC2qXbp8FAZnJ29\n" + " UZ6/Gp6J0QdbmwvnQTDjAWueh7gyFLZ+OiPIBwB2pwFp3f39aHvP3I\n" + " IVY7N01z3yf7RJCa/SNvlxAYj/uCj/fXa3Gl23ErK/kLsuEHfJA3LX\n" + " 7Sj0dTICXn4Ct+O/wL8HpFGN+F9MtuugYhjHnKsBi7FbWmVyeKFocj\n" + " AG1ti8SsjvszkUon6HFcjIaCAHGUU3xYR0SKpoYLC7QOC/D+3w+TP5\n" + " Hv3gtioePeCT5SUQrq6fg+Fw7eLTV8rp8RCvNUeDs4HylLk2zjOrml\n" + " GvWF1z/2C/osRdDXDCu380xu1R90BXG3pHrddbWrPXGvfUpr7fv/b+\n" + " wcWsun/wWXb/6B80sOVi35GeC44k+Itrcsvh/iHchxwdPxu8fXHm9S\n" + " 8ifJGWJXibZMdsLQT5sueBFFTcH1rh0ERtsX0uRfpd8XyPOX3XSVud\n" + " Tqu3wdBc0XPHNCrQU3mNKisSiGjtyYyCDqywLi817vPb6p+zgj+3rX\n" + " C3/2tDs7tPR+1xr9vqHdTrHbXRVPtNXT8YHXxJTEV/ZAjNsi6+gz8q\n" + " VPCrKYaUoqiTj+onG0yc4OVebApYax8TZO4l32t4KteJwnqySlYF27\n" + " cfjLFOx+Tw1emzk5/Z7wWDl0foRqFSBW8S6CByH0bglXue4y6nrs88\n" + " Dl67PBFus12KuVzdW3W3KkcafSxYgf7j+wBaqACL7h8o1JzI5l4lqn\n" + " gQVn7j9dXPcAYdO8/Zj19T1foAuE4U3bCgrxF+FyP38TPUSSKp9kQz\n" + " Z45lTurahKozQKixtvbxn3hHMUQvPnsdqqv7B52DcQPic9zv7re7o1\n" + " 6r3dXXxacrIiY23RmMy2ar12hjsfMGQMQyhw7FNSz1oOBF75Z+0zzB\n" + " /wfCNA/Uv+iF7DFjehjHwiuOcQmVRpnSKVabcLGLVplQhYwpadetWV\n" + " +fwnd6hGSunlPFsVTtAz8BMNxir/b4Pxeteqtbb6KgYl6SkrKUlVJJ\n" + " KZWRsikpvSHlkuwV6BkplZCSRWkrLWUy0gYQN2RpS8rBK7DlpYK/Fh\n" + " bCcuDJS5vwmpPyMIC1QM9KGzlpMy9LO9ImLIRXIPIp4IdVCVnKS8ks\n" + " 7ptOSRmYQqKUhC1Azqa0A6+ylOAqbXHdmGIgAQTCH3+FQUHa4oZw5i\n" + " Lj5DwJ3GIjwVQFIghMo8JZvjDLrGM8hQwuzLLXFNCBDbb/GgcZtnVG\n" + " ZAAJKEeWbuKAM8CUi0aSSYAdwRCusABsOrQR2J5FORsum1TgA64b6i\n" + " wDipLsMWSXnDCVZlMZn+LRiwlJSkh/itC3RFER/l2RLsu7yCxn2ZIE\n" + " wiXnGFsyL29zYk7aSTFbYBxWW0rEEV1/FeRiRgJACnE82RiiDDbCF7\n" + " NXTizHHp4YVLJ0iykDIQQ4g6A7XmCnEaJcRipitCN/mkVvbkMuMIsg\n" + " VAoYP7J02wtstuROUk5xhEOzLN7urZpla//szWb5phu4apuptxkFbe\n" + " nTIG4CfR10Als2nr4GQKb8LovqLIPItwV8jTHsRqDLuUxGeVOkfyUk\n" + " aULeWLskm5ZzW5K8DDZELICJMJWII65EQ+DJxhBlyFbJdY2cWI5ZIO\n" + " 2ydGYZnQa1NxHDXIpDh/GDpZKbw4pGPsWibrnKzfGUwOMv32LwbvjF\n" + " k0PNBW67lK98nowHvsj2rVfxWIEN757GigpTmQinp4O8uTYGUjus3v\n" + " JVrJymk54HN10AoVZDDKfBJTms2Dlv8FWSZVwRMw52yXjjrxPodDAZ\n" + " yuBGsJJ/LSwpRJLrZpIZUvAokDsIrHQLXmXcNIGlVc6vs4g5Yts7C1\n" + " ZbdJsdSTcS/BW15UdVSOEb0dlAzHsgrGaIkSAC4quRQjoohicjd+i2\n" + " d/YxiDBZWFUppCWAI4NFTE4ux4yBx8yOJ59Ju+0Hm3/c73plNiHdSm\n" + " KZQs4c0vMshHKcLWjItwkPWxa3d6Jibyyr9+01YgXzv/F13mU1nMXh\n" + " Da8zSS//2CpWZt2y43UFO3w5VzUnFXzKjptNS0qRM8hFDhqPn+UYsY\n" + " oqsx3cboPHJ2LrnpKFFFLcPieFxzqO+ZGUQlHua9KrEoK0XVFPfy9u\n" + " iAD1ZgLHSQ5LArdge7k5kk9KWzx+Cn7dY2tZVclHjQ1Fi2DsbS9tl2\n" + " WNVV2wFFIMaN8JChehg9rAIy8IiFtmeYFNRuAqRlUVw0ZUgNXMdFQB\n" + " D6L/T4Ftr8jnvZC4KZZ3wcCbggvywr63E4EToeCbwMv4LbeZzPDUE6\n" + " e+Y2Pe97Le+Fa0wqfxBP+DjsVVieAX0k0vVr1CusP66g0eNknXnBuc\n" + " EugfwHaWDtgCyckdSc6habm4CnkrjvNuHGcmUj9v8dTwy12SHUM5N5\n" + " dv/mFIRo8knmUZObstJTK8dLOwKXju9iCFUNmKsvk3Go+tkGb3kV3u\n" + " Gvxz2zY3vLGBcW9YHkPGK8K77IayPKwjJ+8doYhlRCWT2HJssbsPOG\n" + " Xb1zCFge2WIK4kO6FupNgNK+22gqlY/KPgX4t8FHbAHDndlE8sx97N\n" + " a8c9/tI83fg5gjUZiaFTO8s7HD8IC5LMKtI3sYEdR4xG5g7H/8bydp\n" + " B2+xneWssJfoLj+H8Gwi1LSisAAAEK1QM8P3htbCB2ZXJzaW9uPSIx\n" + " LjAiIGVuY29kaW5nPSJ1dGYtMTYiPz4NCjxFbWFpbFNldD4NCiAgPF\n" + " ZlcnNpb24+MTUuMC4wLjA8L1ZlcnNpb24+DQogIDxFbWFpbHM+DQog\n" + " ICAgPEVtYWlsIFN0YXJ0SW5kZXg9IjU0MCIgUG9zaXRpb249Ik90aG\n" + " VyIj4NCiAgICAgIDxFbWFpbFN0cmluZz5icmlqZXNoLnNpbmdoQGFt\n" + " ZC5jb208L0VtYWlsU3RyaW5nPg0KICAgIDwvRW1haWw+DQogICAgPE\n" + " VtYWlsIFN0YXJ0SW5kZXg9IjU5MyIgUG9zaXRpb249Ik90aGVyIj4N\n" + " CiAgICAgIDxFbWFpbFN0cmluZz5hc2hpc2gua2FscmFAYW1kLmNvbT\n" + " wvRW1haWxTdHJpbmc+DQogICAgPC9FbWFpbD4NCiAgICA8RW1haWwg\n" + " U3RhcnRJbmRleD0iNzE0IiBQb3NpdGlvbj0iT3RoZXIiPg0KICAgIC\n" + " AgPEVtYWlsU3RyaW5nPm1pY2hhZWwucm90aEBhbWQuY29tPC9FbWFp\n" + " bFN0cmluZz4NCiAgICA8L0VtYWlsPg0KICA8L0VtYWlscz4NCjwvRW\n" + " 1haWxTZXQ+AQ7PAVJldHJpZXZlck9wZXJhdG9yLDEwLDE7UmV0cmll\n" + " dmVyT3BlcmF0b3IsMTEsMjtQb3N0RG9jUGFyc2VyT3BlcmF0b3IsMT\n" + " AsMDtQb3N0RG9jUGFyc2VyT3BlcmF0b3IsMTEsMDtQb3N0V29yZEJy\n" + " ZWFrZXJEaWFnbm9zdGljT3BlcmF0b3IsMTAsNDtQb3N0V29yZEJyZW\n" + " FrZXJEaWFnbm9zdGljT3BlcmF0b3IsMTEsMDtUcmFuc3BvcnRXcml0\n" + " ZXJQcm9kdWNlciwyMCwxNA==\n" + "X-MS-Exchange-Forest-IndexAgent: 1 4390\n" + "X-MS-Exchange-Forest-EmailMessageHash: 1CBD1271\n" + "X-MS-Exchange-Forest-Language: en\n" + "X-MS-Exchange-Organization-Processed-By-Journaling: Journal Agent\n" + "X-MS-Exchange-Organization-Transport-Properties: DeliveryPriority=Low\n" + "X-MS-Exchange-Organization-Prioritization: 2:RC:REDACTED-af51df60fd698f80b064826f9ee192ca@secunet.com:84/10|SR\n" + "X-MS-Exchange-Organization-IncludeInSla: False:RecipientCountThresholdExceeded\n" + "\n" + "SEV-SNP builds upon existing SEV and SEV-ES functionality while adding\n" + "new hardware-based security protection. SEV-SNP adds strong memory\n" + "encryption and integrity protection to help prevent malicious\n" + "hypervisor-based attacks such as data replay, memory re-mapping, and\n" + "more, to create an isolated execution environment.\n" + "\n" + "Define a new KVM_X86_SNP_VM type which makes use of these capabilities\n" + "and extend the KVM_SEV_INIT2 ioctl to support it. Also add a basic\n" + "helper to check whether SNP is enabled.\n" + "\n" + "Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>\n" + "Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>\n" + "[mdr: commit fixups, use similar ASID reporting as with SEV/SEV-ES]\n" + "Signed-off-by: Michael Roth <michael.roth@amd.com>\n" + "---\n" + " arch/x86/include/asm/svm.h | 3 ++-\n" + " arch/x86/include/uapi/asm/kvm.h | 1 +\n" + " arch/x86/kvm/svm/sev.c | 21 ++++++++++++++++++++-\n" + " arch/x86/kvm/svm/svm.c | 3 ++-\n" + " arch/x86/kvm/svm/svm.h | 12 ++++++++++++\n" + " arch/x86/kvm/x86.c | 2 +-\n" + " 6 files changed, 38 insertions(+), 4 deletions(-)\n" + "\n" + "diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h\n" + "index 728c98175b9c..544a43c1cf11 100644\n" + "--- a/arch/x86/include/asm/svm.h\n" + "+++ b/arch/x86/include/asm/svm.h\n" + "@@ -285,7 +285,8 @@ static_assert((X2AVIC_MAX_PHYSICAL_ID & AVIC_PHYSICAL_MAX_INDEX_MASK) == X2AVIC_\n" + " \n" + " #define AVIC_HPA_MASK\t~((0xFFFULL << 52) | 0xFFF)\n" + " \n" + "-#define SVM_SEV_FEAT_DEBUG_SWAP BIT(5)\n" + "+#define SVM_SEV_FEAT_SNP_ACTIVE\t\t\t\tBIT(0)\n" + "+#define SVM_SEV_FEAT_DEBUG_SWAP\t\t\t\tBIT(5)\n" + " \n" + " struct vmcb_seg {\n" + " \tu16 selector;\n" + "diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h\n" + "index 51b13080ed4b..725b75cfe9ff 100644\n" + "--- a/arch/x86/include/uapi/asm/kvm.h\n" + "+++ b/arch/x86/include/uapi/asm/kvm.h\n" + "@@ -868,5 +868,6 @@ struct kvm_hyperv_eventfd {\n" + " #define KVM_X86_SW_PROTECTED_VM\t1\n" + " #define KVM_X86_SEV_VM\t\t2\n" + " #define KVM_X86_SEV_ES_VM\t3\n" + "+#define KVM_X86_SNP_VM\t\t4\n" + " \n" + " #endif /* _ASM_X86_KVM_H */\n" + "diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c\n" + "index 1e65f5634ad3..3d9771163562 100644\n" + "--- a/arch/x86/kvm/svm/sev.c\n" + "+++ b/arch/x86/kvm/svm/sev.c\n" + "@@ -46,6 +46,9 @@ module_param_named(sev, sev_enabled, bool, 0444);\n" + " static bool sev_es_enabled = true;\n" + " module_param_named(sev_es, sev_es_enabled, bool, 0444);\n" + " \n" + "+/* enable/disable SEV-SNP support */\n" + "+static bool sev_snp_enabled;\n" + "+\n" + " /* enable/disable SEV-ES DebugSwap support */\n" + " static bool sev_es_debug_swap_enabled = true;\n" + " module_param_named(debug_swap, sev_es_debug_swap_enabled, bool, 0444);\n" + "@@ -275,6 +278,9 @@ static int __sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp,\n" + " \tsev->es_active = es_active;\n" + " \tsev->vmsa_features = data->vmsa_features;\n" + " \n" + "+\tif (vm_type == KVM_X86_SNP_VM)\n" + "+\t\tsev->vmsa_features |= SVM_SEV_FEAT_SNP_ACTIVE;\n" + "+\n" + " \tret = sev_asid_new(sev);\n" + " \tif (ret)\n" + " \t\tgoto e_no_asid;\n" + "@@ -326,7 +332,8 @@ static int sev_guest_init2(struct kvm *kvm, struct kvm_sev_cmd *argp)\n" + " \t\treturn -EINVAL;\n" + " \n" + " \tif (kvm->arch.vm_type != KVM_X86_SEV_VM &&\n" + "-\t kvm->arch.vm_type != KVM_X86_SEV_ES_VM)\n" + "+\t kvm->arch.vm_type != KVM_X86_SEV_ES_VM &&\n" + "+\t kvm->arch.vm_type != KVM_X86_SNP_VM)\n" + " \t\treturn -EINVAL;\n" + " \n" + " \tif (copy_from_user(&data, u64_to_user_ptr(argp->data), sizeof(data)))\n" + "@@ -2297,11 +2304,16 @@ void __init sev_set_cpu_caps(void)\n" + " \t\tkvm_cpu_cap_set(X86_FEATURE_SEV_ES);\n" + " \t\tkvm_caps.supported_vm_types |= BIT(KVM_X86_SEV_ES_VM);\n" + " \t}\n" + "+\tif (sev_snp_enabled) {\n" + "+\t\tkvm_cpu_cap_set(X86_FEATURE_SEV_SNP);\n" + "+\t\tkvm_caps.supported_vm_types |= BIT(KVM_X86_SNP_VM);\n" + "+\t}\n" + " }\n" + " \n" + " void __init sev_hardware_setup(void)\n" + " {\n" + " \tunsigned int eax, ebx, ecx, edx, sev_asid_count, sev_es_asid_count;\n" + "+\tbool sev_snp_supported = false;\n" + " \tbool sev_es_supported = false;\n" + " \tbool sev_supported = false;\n" + " \n" + "@@ -2382,6 +2394,7 @@ void __init sev_hardware_setup(void)\n" + " \tsev_es_asid_count = min_sev_asid - 1;\n" + " \tWARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV_ES, sev_es_asid_count));\n" + " \tsev_es_supported = true;\n" + "+\tsev_snp_supported = sev_snp_enabled && cc_platform_has(CC_ATTR_HOST_SEV_SNP);\n" + " \n" + " out:\n" + " \tif (boot_cpu_has(X86_FEATURE_SEV))\n" + "@@ -2394,9 +2407,15 @@ void __init sev_hardware_setup(void)\n" + " \t\tpr_info(\"SEV-ES %s (ASIDs %u - %u)\\n\",\n" + " \t\t\tsev_es_supported ? \"enabled\" : \"disabled\",\n" + " \t\t\tmin_sev_asid > 1 ? 1 : 0, min_sev_asid - 1);\n" + "+\tif (boot_cpu_has(X86_FEATURE_SEV_SNP))\n" + "+\t\tpr_info(\"SEV-SNP %s (ASIDs %u - %u)\\n\",\n" + "+\t\t\tsev_snp_supported ? \"enabled\" : \"disabled\",\n" + "+\t\t\tmin_sev_asid > 1 ? 1 : 0, min_sev_asid - 1);\n" + " \n" + " \tsev_enabled = sev_supported;\n" + " \tsev_es_enabled = sev_es_supported;\n" + "+\tsev_snp_enabled = sev_snp_supported;\n" + "+\n" + " \tif (!sev_es_enabled || !cpu_feature_enabled(X86_FEATURE_DEBUG_SWAP) ||\n" + " \t !cpu_feature_enabled(X86_FEATURE_NO_NESTED_DATA_BP))\n" + " \t\tsev_es_debug_swap_enabled = false;\n" + "diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c\n" + "index 0f3b59da0d4a..2c162f6a1d78 100644\n" + "--- a/arch/x86/kvm/svm/svm.c\n" + "+++ b/arch/x86/kvm/svm/svm.c\n" + "@@ -4890,7 +4890,8 @@ static int svm_vm_init(struct kvm *kvm)\n" + " \n" + " \tif (type != KVM_X86_DEFAULT_VM &&\n" + " \t type != KVM_X86_SW_PROTECTED_VM) {\n" + "-\t\tkvm->arch.has_protected_state = (type == KVM_X86_SEV_ES_VM);\n" + "+\t\tkvm->arch.has_protected_state =\n" + "+\t\t\t(type == KVM_X86_SEV_ES_VM || type == KVM_X86_SNP_VM);\n" + " \t\tto_kvm_sev_info(kvm)->need_init = true;\n" + " \t}\n" + " \n" + "diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h\n" + "index 157eb3f65269..4a01a81dd9b9 100644\n" + "--- a/arch/x86/kvm/svm/svm.h\n" + "+++ b/arch/x86/kvm/svm/svm.h\n" + "@@ -348,6 +348,18 @@ static __always_inline bool sev_es_guest(struct kvm *kvm)\n" + " #endif\n" + " }\n" + " \n" + "+static __always_inline bool sev_snp_guest(struct kvm *kvm)\n" + "+{\n" + "+#ifdef CONFIG_KVM_AMD_SEV\n" + "+\tstruct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;\n" + "+\n" + "+\treturn (sev->vmsa_features & SVM_SEV_FEAT_SNP_ACTIVE) &&\n" + "+\t !WARN_ON_ONCE(!sev_es_guest(kvm));\n" + "+#else\n" + "+\treturn false;\n" + "+#endif\n" + "+}\n" + "+\n" + " static inline void vmcb_mark_all_dirty(struct vmcb *vmcb)\n" + " {\n" + " \tvmcb->control.clean = 0;\n" + "diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c\n" + "index 64eda7949f09..f85735b6235d 100644\n" + "--- a/arch/x86/kvm/x86.c\n" + "+++ b/arch/x86/kvm/x86.c\n" + "@@ -12603,7 +12603,7 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)\n" + " \n" + " \tkvm->arch.vm_type = type;\n" + " \tkvm->arch.has_private_mem =\n" + "-\t\t(type == KVM_X86_SW_PROTECTED_VM);\n" + "+\t\t(type == KVM_X86_SW_PROTECTED_VM || type == KVM_X86_SNP_VM);\n" + " \n" + " \tret = kvm_page_track_init(kvm);\n" + " \tif (ret)\n" + "-- \n" + "2.25.1\n" + "\n" + "\n" + "X-sender: <linux-kernel+bounces-125486-steffen.klassert=secunet.com@vger.kernel.org>\n" + "X-Receiver: <steffen.klassert@secunet.com> ORCPT=rfc822;steffen.klassert@secunet.com\n" + "X-CreatedBy: MSExchange15\n" + "X-HeloDomain: mbx-essen-01.secunet.de\n" + "X-ExtendedProps: BQBjAAoAk0mmlidQ3AgFADcAAgAADwA8AAAATWljcm9zb2Z0LkV4Y2hhbmdlLlRyYW5zcG9ydC5NYWlsUmVjaXBpZW50Lk9yZ2FuaXphdGlvblNjb3BlEQAAAAAAAAAAAAAAAAAAAAAADwA/AAAATWljcm9zb2Z0LkV4Y2hhbmdlLlRyYW5zcG9ydC5EaXJlY3RvcnlEYXRhLk1haWxEZWxpdmVyeVByaW9yaXR5DwADAAAATG93\n" + "X-Source: SMTP:Default MBX-ESSEN-02\n" + "X-SourceIPAddress: 10.53.40.197\n" + "X-EndOfInjectedXHeaders: 18857\n" + "Received: from mbx-essen-01.secunet.de (10.53.40.197) by\n" + " mbx-essen-02.secunet.de (10.53.40.198) with Microsoft SMTP Server\n" + " (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id\n" + " 15.1.2507.37; Fri, 29 Mar 2024 23:59:35 +0100\n" + "Received: from a.mx.secunet.com (62.96.220.36) by cas-essen-02.secunet.de\n" + " (10.53.40.202) with Microsoft SMTP Server (version=TLS1_2,\n" + " cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend\n" + " Transport; Fri, 29 Mar 2024 23:59:35 +0100\n" + "Received: from localhost (localhost [127.0.0.1])\n" + "\tby a.mx.secunet.com (Postfix) with ESMTP id D2F4D208AC\n" + "\tfor <steffen.klassert@secunet.com>; Fri, 29 Mar 2024 23:59:35 +0100 (CET)\n" + "X-Virus-Scanned: by secunet\n" + "X-Spam-Flag: NO\n" + "X-Spam-Score: -5.15\n" + "X-Spam-Level:\n" + "X-Spam-Status: No, score=-5.15 tagged_above=-999 required=2.1\n" + "\ttests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.099, DKIM_SIGNED=0.1,\n" + "\tDKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,\n" + "\tHEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1,\n" + "\tRCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001]\n" + "\tautolearn=unavailable autolearn_force=no\n" + "Authentication-Results: a.mx.secunet.com (amavisd-new);\n" + "\tdkim=pass (1024-bit key) header.d=amd.com\n" + "Received: from a.mx.secunet.com ([127.0.0.1])\n" + "\tby localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024)\n" + "\twith ESMTP id l7qOXSrzZ9yR for <steffen.klassert@secunet.com>;\n" + "\tFri, 29 Mar 2024 23:59:35 +0100 (CET)\n" + "Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=139.178.88.99; helo=sv.mirrors.kernel.org; envelope-from=linux-kernel+bounces-125486-steffen.klassert=secunet.com@vger.kernel.org; receiver=steffen.klassert@secunet.com \n" + "DKIM-Filter: OpenDKIM Filter v2.11.0 a.mx.secunet.com D4D7B2087B\n" + "Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org [139.178.88.99])\n" + "\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n" + "\t(No client certificate requested)\n" + "\tby a.mx.secunet.com (Postfix) with ESMTPS id D4D7B2087B\n" + "\tfor <steffen.klassert@secunet.com>; Fri, 29 Mar 2024 23:59:34 +0100 (CET)\n" + "Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])\n" + "\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n" + "\t(No client certificate requested)\n" + "\tby sv.mirrors.kernel.org (Postfix) with ESMTPS id 95E5728327E\n" + "\tfor <steffen.klassert@secunet.com>; Fri, 29 Mar 2024 22:59:32 +0000 (UTC)\n" + "Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])\n" + "\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 7214D13E6AD;\n" + "\tFri, 29 Mar 2024 22:59:17 +0000 (UTC)\n" + "Authentication-Results: smtp.subspace.kernel.org;\n" + "\tdkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=\"q9r7dIZC\"\n" + "Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2079.outbound.protection.outlook.com [40.107.212.79])\n" + "\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n" + "\t(No client certificate requested)\n" + "\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 92DAD13EFEE;\n" + "\tFri, 29 Mar 2024 22:59:11 +0000 (UTC)\n" + "Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.212.79\n" + "ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n" + "\tt=1711753153; cv=fail; b=BYbUnnfXmxEtv1PkrIHV+7kzVO0y3a1Ye+F4TRsm29EL0omYnNLvNDSQwPMrK6Z80fnDzyU2l8EfE3Fm6gpXmT0qiFAbN87V7eOZwJzuqVAJ70gFqLeQEMXZ56g8tSRZScOkyyPbWGrEyHg/1rRmBrm3pQuOvLWGoHZ3WptkQF8=\n" + "ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;\n" + "\ts=arc-20240116; t=1711753153; c=relaxed/simple;\n" + "\tbh=32N0Xx4fpPiGgE4gdCbkfdfNikRkU8p14GCc9880qic=;\n" + "\th=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:\n" + "\t MIME-Version:Content-Type; b=X6h1fEpizL+9h9BpHNiFVub3+3P5w3JD0lfdk8PZptPGziwiP5AnrmvxqeGRjE4W5Le1zkKGCVue4EUqS+y04Y+rXUZSUK9J9lyDqkdMCJHY1wU1Byy/7PBF40xIkza8bvGO9bcWbA8C/FJ2d55TKdQO+/guAX1pBzwbXtegNUk=\n" + "ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=q9r7dIZC; arc=fail smtp.client-ip=40.107.212.79\n" + "Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com\n" + "Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com\n" + "ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;\n" + " b=CA9+EpoNiZ9ayMmuF+uTwSeBjPBlCFrkeWODbOoFlUQYPDABUEHwtqo28a8PW/imB4XHrnE6Mt7E6/eCJocLwL2ciZisEmC7AJ22GL9xbPbPArTsRqEhdNCCbYLP8qWdMy7FpFKDiSu99P3EtkWJOVuZR6wJ1zXPkVsxJAHxQ1NZ77Qa85K/ObPQ8AXhBmWwf+YD98Gd+ZIg+6gXsRxooicVQa7Y3DkW94F4Dp2asJhZho3IOy1uRIKUanolI+9CLEqcJE1wd8Pj9ElUfYP1G1okbc8A1YOlkTe5b9ULGwMufalRk2pkDIBD7XR36PUU/mnLms1Qwwj+VM+0nGkajg==\n" + "ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n" + " s=arcselector9901;\n" + " h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n" + " bh=85xfxLH74OdKCMM2bG4Ka/efKmeDa+urj4S6khYBEhI=;\n" + " b=XUVPXyEnaWzdYWoJNkvqerhl6Svq2T8m2knayzG2+AeIbpHftkICKGYxj3BhyGshE2fO6TH9GpjHVrVPkK/+CpJ64AIdKw86jsY6ZbM8HQwf8klvQ5RxPozzGqx8MCi//iIwzzm3KPNqhj3Ww+jF4+8AE9bU9otOpkMOebIPanjg1MidwxVrLnfjkq7hfRkk/I+aj940z2p1XCAH17I0WNoHu8EhR4AyoCVtX/44RDF24bsnopzDbUsoOPAjhJ/fk/qtp+XVd5ANyraXcDOdxzpXNzWDFF6h5vNh9oBEnYh/p27lBZGuXOhT4rZfFcCDSYu2vULKOAr2b0ovUb+ebg==\n" + "ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is\n" + " 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com;\n" + " dmarc=pass (p=quarantine sp=quarantine pct=100) action=none\n" + " header.from=amd.com; dkim=none (message not signed); arc=none (0)\n" + "DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;\n" + " h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n" + " bh=85xfxLH74OdKCMM2bG4Ka/efKmeDa+urj4S6khYBEhI=;\n" + " b=q9r7dIZCmGAMsb5Qf5qevjsO+u2qguOTQwgvMMQeTMWFxL30f5651Ih1rIv4M6gqyWlZAEDGO0VJA6/trmWh7JWA1JQmddseBxmacNU4bozvpuXx54+2xHpPUF3BfBuyIDYp3RuPMt3lUtS6+dQfKoYUuLkX31Den1QT9hFH4FA=\n" + "Received: from DS7PR03CA0074.namprd03.prod.outlook.com (2603:10b6:5:3bb::19)\n" + " by SN7PR12MB6861.namprd12.prod.outlook.com (2603:10b6:806:266::14) with\n" + " Microsoft SMTP Server (version=TLS1_2,\n" + " cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.40; Fri, 29 Mar\n" + " 2024 22:59:07 +0000\n" + "Received: from CY4PEPF0000FCC4.namprd03.prod.outlook.com\n" + " (2603:10b6:5:3bb:cafe::79) by DS7PR03CA0074.outlook.office365.com\n" + " (2603:10b6:5:3bb::19) with Microsoft SMTP Server (version=TLS1_2,\n" + " cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.40 via Frontend\n" + " Transport; Fri, 29 Mar 2024 22:59:02 +0000\n" + "X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)\n" + " smtp.mailfrom=amd.com; dkim=none (message not signed)\n" + " header.d=none;dmarc=pass action=none header.from=amd.com;\n" + "Received-SPF: Pass (protection.outlook.com: domain of amd.com designates\n" + " 165.204.84.17 as permitted sender) receiver=protection.outlook.com;\n" + " client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C\n" + "Received: from SATLEXMB04.amd.com (165.204.84.17) by\n" + " CY4PEPF0000FCC4.mail.protection.outlook.com (10.167.242.106) with Microsoft\n" + " SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id\n" + " 15.20.7409.10 via Frontend Transport; Fri, 29 Mar 2024 22:59:01 +0000\n" + "Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com\n" + " (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,\n" + " cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Fri, 29 Mar\n" + " 2024 17:59:00 -0500\n" + "From: Michael Roth <michael.roth@amd.com>\n" + "To: <kvm@vger.kernel.org>\n" + "CC: <linux-coco@lists.linux.dev>, <linux-mm@kvack.org>,\n" + "\t<linux-crypto@vger.kernel.org>, <x86@kernel.org>,\n" + "\t<linux-kernel@vger.kernel.org>, <tglx@linutronix.de>, <mingo@redhat.com>,\n" + "\t<jroedel@suse.de>, <thomas.lendacky@amd.com>, <hpa@zytor.com>,\n" + "\t<ardb@kernel.org>, <pbonzini@redhat.com>, <seanjc@google.com>,\n" + "\t<vkuznets@redhat.com>, <jmattson@google.com>, <luto@kernel.org>,\n" + "\t<dave.hansen@linux.intel.com>, <slp@redhat.com>, <pgonda@google.com>,\n" + "\t<peterz@infradead.org>, <srinivas.pandruvada@linux.intel.com>,\n" + "\t<rientjes@google.com>, <dovmurik@linux.ibm.com>, <tobin@ibm.com>,\n" + "\t<bp@alien8.de>, <vbabka@suse.cz>, <kirill@shutemov.name>,\n" + "\t<ak@linux.intel.com>, <tony.luck@intel.com>,\n" + "\t<sathyanarayanan.kuppuswamy@linux.intel.com>, <alpergun@google.com>,\n" + "\t<jarkko@kernel.org>, <ashish.kalra@amd.com>, <nikunj.dadhania@amd.com>,\n" + "\t<pankaj.gupta@amd.com>, <liam.merwick@oracle.com>, Brijesh Singh\n" + "\t<brijesh.singh@amd.com>\n" + "Subject: [PATCH v12 09/29] KVM: SEV: Add initial SEV-SNP support\n" + "Date: Fri, 29 Mar 2024 17:58:15 -0500\n" + "Message-ID: <20240329225835.400662-10-michael.roth@amd.com>\n" + "X-Mailer: git-send-email 2.25.1\n" + "In-Reply-To: <20240329225835.400662-1-michael.roth@amd.com>\n" + "References: <20240329225835.400662-1-michael.roth@amd.com>\n" + "Precedence: bulk\n" + "X-Mailing-List: linux-kernel@vger.kernel.org\n" + "List-Id: <linux-kernel.vger.kernel.org>\n" + "List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>\n" + "List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>\n" + "MIME-Version: 1.0\n" + "Content-Transfer-Encoding: 8bit\n" + "Content-Type: text/plain\n" + "X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com\n" + " (10.181.40.145)\n" + "X-EOPAttributedMessage: 0\n" + "X-MS-PublicTrafficType: Email\n" + "X-MS-TrafficTypeDiagnostic: CY4PEPF0000FCC4:EE_|SN7PR12MB6861:EE_\n" + "X-MS-Office365-Filtering-Correlation-Id: 8a450cd9-fdcd-4e47-ed16-08dc5043d334\n" + "X-MS-Exchange-SenderADCheck: 1\n" + "X-MS-Exchange-AntiSpam-Relay: 0\n" + "X-Microsoft-Antispam: BCL:0;\n" + "X-Microsoft-Antispam-Message-Info: nsYawN22RK6vpJl8VU3uLdBNz2wKwfigLe9u15MYJjT0NXQV3Yzjn6a1OjYj4LPzeDO8cf52t0bld23f73IhgDjhPepqbc7IwHTzPhZ/pO0fb1Dc4F6dPKSdnsPrwbyyhJI21uoEBXlb9DpAIEIBOyVjZmH+wtq/OnN34HGIHNnAASx0iEdmOS44o1oEugf+lFgXmiA6AQWu+IikoKRj2YItSH3Txq0G7BC/TRGiWq2KqdmgFh+n5Hsot5lhcjxEP+iWzkso8UiBcRHFE8Sju6gjTCdVv1uIDSSjI3OvUAubuGZeTloeeL4ALMLAdXglcVDTAeML83k7xVUpdU2UJQx0wb/97jBfBau1zhrRC78B3NehLm2mU8sjwnExhuP/MfHsbmuX5VvLn2CPH9T81lSMjdxVYlZI/ytN2lzlTQ6vcxI+8hSPG9PpG923elprnKSAI7fsLuCaIOF+SPmZqnI+RcAfIX4fms89ZDSC6lffhLHDFAraZ3I86fN9ZemKTUgctwPvboQCfEG3mDxYzLPPQYhchCxYb1wWaG8jFR5sFSVsrE7JQ/SDBGTYpRHKn9KLxD3rVWSX7nTCof7mJAPHXd2W0DPkpcx9TiDMdcZ4+2WH9Ez1YUqwMRjAYVmxwirJl9RK3NI4in6GXQmovhcw4JB7RQikwOS3iiudBKTtfKGD6mR80tiSkJb9G8Bw9pvoQHQlT6bQl8BXfRTgx5cMzVuv0ny3ytgj4cr3PKrxvNDbOm6IUcK3cMc8E9Ls\n" + "X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(82310400014)(1800799015)(7416005)(376005)(36860700004);DIR:OUT;SFP:1101;\n" + "X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Mar 2024 22:59:01.5166\n" + " (UTC)\n" + "X-MS-Exchange-CrossTenant-Network-Message-Id: 8a450cd9-fdcd-4e47-ed16-08dc5043d334\n" + "X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d\n" + "X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]\n" + "X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000FCC4.namprd03.prod.outlook.com\n" + "X-MS-Exchange-CrossTenant-AuthAs: Anonymous\n" + "X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem\n" + "X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB6861\n" + "Return-Path: linux-kernel+bounces-125486-steffen.klassert=secunet.com@vger.kernel.org\n" + "X-MS-Exchange-Organization-OriginalArrivalTime: 29 Mar 2024 22:59:35.8868\n" + " (UTC)\n" + "X-MS-Exchange-Organization-Network-Message-Id: d8a1fa16-8869-482d-0488-08dc5043e7a1\n" + "X-MS-Exchange-Organization-OriginalClientIPAddress: 62.96.220.36\n" + "X-MS-Exchange-Organization-OriginalServerIPAddress: 10.53.40.202\n" + "X-MS-Exchange-Organization-Cross-Premises-Headers-Processed: cas-essen-02.secunet.de\n" + "X-MS-Exchange-Organization-OrderedPrecisionLatencyInProgress: LSRV=cas-essen-02.secunet.de:TOTAL-FE=0.008|SMR=0.008(SMRPI=0.005(SMRPI-FrontendProxyAgent=0.005));2024-03-29T22:59:35.895Z\n" + "X-MS-Exchange-Forest-ArrivalHubServer: mbx-essen-02.secunet.de\n" + "X-MS-Exchange-Organization-AuthSource: cas-essen-02.secunet.de\n" + "X-MS-Exchange-Organization-AuthAs: Anonymous\n" + "X-MS-Exchange-Organization-OriginalSize: 18312\n" + "X-MS-Exchange-Organization-Transport-Properties: DeliveryPriority=Low\n" + "X-MS-Exchange-Organization-Prioritization: 2:ShadowRedundancy\n" + "X-MS-Exchange-Organization-IncludeInSla: False:ShadowRedundancy\n" + "\n" + "SEV-SNP builds upon existing SEV and SEV-ES functionality while adding\n" + "new hardware-based security protection. SEV-SNP adds strong memory\n" + "encryption and integrity protection to help prevent malicious\n" + "hypervisor-based attacks such as data replay, memory re-mapping, and\n" + "more, to create an isolated execution environment.\n" + "\n" + "Define a new KVM_X86_SNP_VM type which makes use of these capabilities\n" + "and extend the KVM_SEV_INIT2 ioctl to support it. Also add a basic\n" + "helper to check whether SNP is enabled.\n" + "\n" + "Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>\n" + "Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>\n" + "[mdr: commit fixups, use similar ASID reporting as with SEV/SEV-ES]\n" + "Signed-off-by: Michael Roth <michael.roth@amd.com>\n" + "---\n" + " arch/x86/include/asm/svm.h | 3 ++-\n" + " arch/x86/include/uapi/asm/kvm.h | 1 +\n" + " arch/x86/kvm/svm/sev.c | 21 ++++++++++++++++++++-\n" + " arch/x86/kvm/svm/svm.c | 3 ++-\n" + " arch/x86/kvm/svm/svm.h | 12 ++++++++++++\n" + " arch/x86/kvm/x86.c | 2 +-\n" + " 6 files changed, 38 insertions(+), 4 deletions(-)\n" + "\n" + "diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h\n" + "index 728c98175b9c..544a43c1cf11 100644\n" + "--- a/arch/x86/include/asm/svm.h\n" + "+++ b/arch/x86/include/asm/svm.h\n" + "@@ -285,7 +285,8 @@ static_assert((X2AVIC_MAX_PHYSICAL_ID & AVIC_PHYSICAL_MAX_INDEX_MASK) == X2AVIC_\n" + " \n" + " #define AVIC_HPA_MASK\t~((0xFFFULL << 52) | 0xFFF)\n" + " \n" + "-#define SVM_SEV_FEAT_DEBUG_SWAP BIT(5)\n" + "+#define SVM_SEV_FEAT_SNP_ACTIVE\t\t\t\tBIT(0)\n" + "+#define SVM_SEV_FEAT_DEBUG_SWAP\t\t\t\tBIT(5)\n" + " \n" + " struct vmcb_seg {\n" + " \tu16 selector;\n" + "diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h\n" + "index 51b13080ed4b..725b75cfe9ff 100644\n" + "--- a/arch/x86/include/uapi/asm/kvm.h\n" + "+++ b/arch/x86/include/uapi/asm/kvm.h\n" + "@@ -868,5 +868,6 @@ struct kvm_hyperv_eventfd {\n" + " #define KVM_X86_SW_PROTECTED_VM\t1\n" + " #define KVM_X86_SEV_VM\t\t2\n" + " #define KVM_X86_SEV_ES_VM\t3\n" + "+#define KVM_X86_SNP_VM\t\t4\n" + " \n" + " #endif /* _ASM_X86_KVM_H */\n" + "diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c\n" + "index 1e65f5634ad3..3d9771163562 100644\n" + "--- a/arch/x86/kvm/svm/sev.c\n" + "+++ b/arch/x86/kvm/svm/sev.c\n" + "@@ -46,6 +46,9 @@ module_param_named(sev, sev_enabled, bool, 0444);\n" + " static bool sev_es_enabled = true;\n" + " module_param_named(sev_es, sev_es_enabled, bool, 0444);\n" + " \n" + "+/* enable/disable SEV-SNP support */\n" + "+static bool sev_snp_enabled;\n" + "+\n" + " /* enable/disable SEV-ES DebugSwap support */\n" + " static bool sev_es_debug_swap_enabled = true;\n" + " module_param_named(debug_swap, sev_es_debug_swap_enabled, bool, 0444);\n" + "@@ -275,6 +278,9 @@ static int __sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp,\n" + " \tsev->es_active = es_active;\n" + " \tsev->vmsa_features = data->vmsa_features;\n" + " \n" + "+\tif (vm_type == KVM_X86_SNP_VM)\n" + "+\t\tsev->vmsa_features |= SVM_SEV_FEAT_SNP_ACTIVE;\n" + "+\n" + " \tret = sev_asid_new(sev);\n" + " \tif (ret)\n" + " \t\tgoto e_no_asid;\n" + "@@ -326,7 +332,8 @@ static int sev_guest_init2(struct kvm *kvm, struct kvm_sev_cmd *argp)\n" + " \t\treturn -EINVAL;\n" + " \n" + " \tif (kvm->arch.vm_type != KVM_X86_SEV_VM &&\n" + "-\t kvm->arch.vm_type != KVM_X86_SEV_ES_VM)\n" + "+\t kvm->arch.vm_type != KVM_X86_SEV_ES_VM &&\n" + "+\t kvm->arch.vm_type != KVM_X86_SNP_VM)\n" + " \t\treturn -EINVAL;\n" + " \n" + " \tif (copy_from_user(&data, u64_to_user_ptr(argp->data), sizeof(data)))\n" + "@@ -2297,11 +2304,16 @@ void __init sev_set_cpu_caps(void)\n" + " \t\tkvm_cpu_cap_set(X86_FEATURE_SEV_ES);\n" + " \t\tkvm_caps.supported_vm_types |= BIT(KVM_X86_SEV_ES_VM);\n" + " \t}\n" + "+\tif (sev_snp_enabled) {\n" + "+\t\tkvm_cpu_cap_set(X86_FEATURE_SEV_SNP);\n" + "+\t\tkvm_caps.supported_vm_types |= BIT(KVM_X86_SNP_VM);\n" + "+\t}\n" + " }\n" + " \n" + " void __init sev_hardware_setup(void)\n" + " {\n" + " \tunsigned int eax, ebx, ecx, edx, sev_asid_count, sev_es_asid_count;\n" + "+\tbool sev_snp_supported = false;\n" + " \tbool sev_es_supported = false;\n" + " \tbool sev_supported = false;\n" + " \n" + "@@ -2382,6 +2394,7 @@ void __init sev_hardware_setup(void)\n" + " \tsev_es_asid_count = min_sev_asid - 1;\n" + " \tWARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV_ES, sev_es_asid_count));\n" + " \tsev_es_supported = true;\n" + "+\tsev_snp_supported = sev_snp_enabled && cc_platform_has(CC_ATTR_HOST_SEV_SNP);\n" + " \n" + " out:\n" + " \tif (boot_cpu_has(X86_FEATURE_SEV))\n" + "@@ -2394,9 +2407,15 @@ void __init sev_hardware_setup(void)\n" + " \t\tpr_info(\"SEV-ES %s (ASIDs %u - %u)\\n\",\n" + " \t\t\tsev_es_supported ? \"enabled\" : \"disabled\",\n" + " \t\t\tmin_sev_asid > 1 ? 1 : 0, min_sev_asid - 1);\n" + "+\tif (boot_cpu_has(X86_FEATURE_SEV_SNP))\n" + "+\t\tpr_info(\"SEV-SNP %s (ASIDs %u - %u)\\n\",\n" + "+\t\t\tsev_snp_supported ? \"enabled\" : \"disabled\",\n" + "+\t\t\tmin_sev_asid > 1 ? 1 : 0, min_sev_asid - 1);\n" + " \n" + " \tsev_enabled = sev_supported;\n" + " \tsev_es_enabled = sev_es_supported;\n" + "+\tsev_snp_enabled = sev_snp_supported;\n" + "+\n" + " \tif (!sev_es_enabled || !cpu_feature_enabled(X86_FEATURE_DEBUG_SWAP) ||\n" + " \t !cpu_feature_enabled(X86_FEATURE_NO_NESTED_DATA_BP))\n" + " \t\tsev_es_debug_swap_enabled = false;\n" + "diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c\n" + "index 0f3b59da0d4a..2c162f6a1d78 100644\n" + "--- a/arch/x86/kvm/svm/svm.c\n" + "+++ b/arch/x86/kvm/svm/svm.c\n" + "@@ -4890,7 +4890,8 @@ static int svm_vm_init(struct kvm *kvm)\n" + " \n" + " \tif (type != KVM_X86_DEFAULT_VM &&\n" + " \t type != KVM_X86_SW_PROTECTED_VM) {\n" + "-\t\tkvm->arch.has_protected_state = (type == KVM_X86_SEV_ES_VM);\n" + "+\t\tkvm->arch.has_protected_state =\n" + "+\t\t\t(type == KVM_X86_SEV_ES_VM || type == KVM_X86_SNP_VM);\n" + " \t\tto_kvm_sev_info(kvm)->need_init = true;\n" + " \t}\n" + " \n" + "diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h\n" + "index 157eb3f65269..4a01a81dd9b9 100644\n" + "--- a/arch/x86/kvm/svm/svm.h\n" + "+++ b/arch/x86/kvm/svm/svm.h\n" + "@@ -348,6 +348,18 @@ static __always_inline bool sev_es_guest(struct kvm *kvm)\n" + " #endif\n" + " }\n" + " \n" + "+static __always_inline bool sev_snp_guest(struct kvm *kvm)\n" + "+{\n" + "+#ifdef CONFIG_KVM_AMD_SEV\n" + "+\tstruct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;\n" + "+\n" + "+\treturn (sev->vmsa_features & SVM_SEV_FEAT_SNP_ACTIVE) &&\n" + "+\t !WARN_ON_ONCE(!sev_es_guest(kvm));\n" + "+#else\n" + "+\treturn false;\n" + "+#endif\n" + "+}\n" + "+\n" + " static inline void vmcb_mark_all_dirty(struct vmcb *vmcb)\n" + " {\n" + " \tvmcb->control.clean = 0;\n" + "diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c\n" + "index 64eda7949f09..f85735b6235d 100644\n" + "--- a/arch/x86/kvm/x86.c\n" + "+++ b/arch/x86/kvm/x86.c\n" + "@@ -12603,7 +12603,7 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)\n" + " \n" + " \tkvm->arch.vm_type = type;\n" + " \tkvm->arch.has_private_mem =\n" + "-\t\t(type == KVM_X86_SW_PROTECTED_VM);\n" + "+\t\t(type == KVM_X86_SW_PROTECTED_VM || type == KVM_X86_SNP_VM);\n" + " \n" + " \tret = kvm_page_track_init(kvm);\n" + " \tif (ret)\n" + "-- \n" 2.25.1 -e50530456db0851aaf0bc320108b6f67a3d8b18f46a48daab468b26a7d41cd50 +82d3cc93cbd5be77e98e578ebc04b79bad3951e5349a58975163d61379c99ef8
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox