From: Dan Williams <dan.j.williams@intel.com>
To: Alexey Kardashevskiy <aik@amd.com>,
Dan Williams <dan.j.williams@intel.com>, <x86@kernel.org>
Cc: <kvm@vger.kernel.org>, <linux-crypto@vger.kernel.org>,
<linux-pci@vger.kernel.org>, <linux-arch@vger.kernel.org>,
"Sean Christopherson" <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
"Tom Lendacky" <thomas.lendacky@amd.com>,
Ashish Kalra <ashish.kalra@amd.com>,
Joerg Roedel <joro@8bytes.org>,
Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>,
Robin Murphy <robin.murphy@arm.com>,
"Jason Gunthorpe" <jgg@ziepe.ca>,
Kevin Tian <kevin.tian@intel.com>,
Bjorn Helgaas <bhelgaas@google.com>,
Christoph Hellwig <hch@lst.de>,
Nikunj A Dadhania <nikunj@amd.com>,
Michael Roth <michael.roth@amd.com>,
Vasant Hegde <vasant.hegde@amd.com>,
Joao Martins <joao.m.martins@oracle.com>,
"Nicolin Chen" <nicolinc@nvidia.com>,
Lu Baolu <baolu.lu@linux.intel.com>,
"Steve Sistare" <steven.sistare@oracle.com>,
Lukas Wunner <lukas@wunner.de>,
"Jonathan Cameron" <Jonathan.Cameron@huawei.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Dionna Glaze <dionnaglaze@google.com>,
Yi Liu <yi.l.liu@intel.com>, <iommu@lists.linux.dev>,
<linux-coco@lists.linux.dev>, Zhi Wang <zhiw@nvidia.com>,
AXu Yilun <yilun.xu@linux.intel.com>,
"Aneesh Kumar K . V" <aneesh.kumar@kernel.org>
Subject: Re: [RFC PATCH v2 06/22] KVM: X86: Define tsm_get_vmid
Date: Thu, 13 Mar 2025 12:09:20 -0700 [thread overview]
Message-ID: <67d32d60bf4f4_1198729418@dwillia2-xfh.jf.intel.com.notmuch> (raw)
In-Reply-To: <7719c1ad-84b8-40e2-9ce7-93248a410ebd@amd.com>
Alexey Kardashevskiy wrote:
>
>
> On 13/3/25 12:51, Dan Williams wrote:
> > Alexey Kardashevskiy wrote:
> >> In order to add a PCI VF into a secure VM, the TSM module needs to
> >> perform a "TDI bind" operation. The secure module ("PSP" for AMD)
> >> reuqires a VM id to associate with a VM and KVM has it. Since
> >> KVM cannot directly bind a TDI (as it does not have all necesessary
> >> data such as host/guest PCI BDFn). QEMU and IOMMUFD do know the BDFns
> >> but they do not have a VM id recognisable by the PSP.
> >>
> >> Add get_vmid() hook to KVM. Implement it for AMD SEV to return a sum
> >> of GCTX (a private page describing secure VM context) and ASID
> >> (required on unbind for IOMMU unfencing, when needed).
> >>
> >> Signed-off-by: Alexey Kardashevskiy <aik@amd.com>
> >> ---
> >> arch/x86/include/asm/kvm-x86-ops.h | 1 +
> >> arch/x86/include/asm/kvm_host.h | 2 ++
> >> include/linux/kvm_host.h | 2 ++
> >> arch/x86/kvm/svm/svm.c | 12 ++++++++++++
> >> virt/kvm/kvm_main.c | 6 ++++++
> >> 5 files changed, 23 insertions(+)
> >>
> >> diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h
> >> index c35550581da0..63102a224cd7 100644
> >> --- a/arch/x86/include/asm/kvm-x86-ops.h
> >> +++ b/arch/x86/include/asm/kvm-x86-ops.h
> >> @@ -144,6 +144,7 @@ KVM_X86_OP_OPTIONAL(alloc_apic_backing_page)
> >> KVM_X86_OP_OPTIONAL_RET0(gmem_prepare)
> >> KVM_X86_OP_OPTIONAL_RET0(private_max_mapping_level)
> >> KVM_X86_OP_OPTIONAL(gmem_invalidate)
> >> +KVM_X86_OP_OPTIONAL(tsm_get_vmid)
> >>
> >> #undef KVM_X86_OP
> >> #undef KVM_X86_OP_OPTIONAL
> >> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
> >> index b15cde0a9b5c..9330e8d4d29d 100644
> >> --- a/arch/x86/include/asm/kvm_host.h
> >> +++ b/arch/x86/include/asm/kvm_host.h
> >> @@ -1875,6 +1875,8 @@ struct kvm_x86_ops {
> >> int (*gmem_prepare)(struct kvm *kvm, kvm_pfn_t pfn, gfn_t gfn, int max_order);
> >> void (*gmem_invalidate)(kvm_pfn_t start, kvm_pfn_t end);
> >> int (*private_max_mapping_level)(struct kvm *kvm, kvm_pfn_t pfn);
> >> +
> >> + u64 (*tsm_get_vmid)(struct kvm *kvm);
> >> };
> >>
> >> struct kvm_x86_nested_ops {
> >> diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
> >> index f34f4cfaa513..6cd351edb956 100644
> >> --- a/include/linux/kvm_host.h
> >> +++ b/include/linux/kvm_host.h
> >> @@ -2571,4 +2571,6 @@ long kvm_arch_vcpu_pre_fault_memory(struct kvm_vcpu *vcpu,
> >> struct kvm_pre_fault_memory *range);
> >> #endif
> >>
> >> +u64 kvm_arch_tsm_get_vmid(struct kvm *kvm);
> >> +
> >> #endif
> >> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> >> index 7640a84e554a..0276d60c61d6 100644
> >> --- a/arch/x86/kvm/svm/svm.c
> >> +++ b/arch/x86/kvm/svm/svm.c
> >> @@ -4998,6 +4998,16 @@ static void *svm_alloc_apic_backing_page(struct kvm_vcpu *vcpu)
> >> return page_address(page);
> >> }
> >>
> >> +static u64 svm_tsm_get_vmid(struct kvm *kvm)
> >> +{
> >> + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
> >> +
> >> + if (!sev->es_active)
> >> + return 0;
> >> +
> >> + return ((u64) sev->snp_context) | sev->asid;
> >> +}
> >> +
> >
> > Curious why KVM needs to be bothered by a new kvm_arch_tsm_get_vmid()
> > and a vendor specific cookie "vmid" concept. In other words KVM never
> > calls kvm_arch_tsm_get_vmid(), like other kvm_arch_*() support calls.
> >
> > Is this due to a restriction that something like tsm_tdi_bind() is
> > disallowed from doing to_kvm_svm() on an opaque @kvm pointer? Or
> > otherwise asking an arch/x86/kvm/svm/svm.c to do the same?
>
> I saw someone already doing some sort of VMID thing
Reference?
> and thought it is a good way of not spilling KVM details outside KVM.
...but it is not a KVM detail. It is an arch specific TSM cookie derived
from arch specific data that wraps 'struct kvm'. Now if the rationale is
some least privelege concern about what code can have a container_of()
relationship with an opaque 'struct kvm *' pointer, let's have that
discussion. As it stands nothing in KVM cares about
kvm_arch_tsm_get_vmid(), and I expect 'vmid' does not cover all the ways
in which modular TSM drivers may interact with arch/.../kvm/ code.
For example TDX Connect needs to share some data from 'struct kvm_tdx',
and it does that with an export from arch/x86/kvm/vmx/tdx.c, not an
indirection through virt/kvm/kvm_main.c.
> > Effectively low level TSM drivers are extensions of arch code that
> > routinely performs "container_of(kvm, struct kvm_$arch, kvm)".
>
> The arch code is CCP and so far it avoided touching KVM, KVM calls CCP
> when it needs but not vice versa. Thanks,
Right, and the observation is that you don't need to touch
virt/kvm/kvm_main.c at all to meet this data sharing requirement.
next prev parent reply other threads:[~2025-03-13 19:09 UTC|newest]
Thread overview: 96+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-18 11:09 [RFC PATCH v2 00/22] TSM: Secure VFIO, TDISP, SEV TIO Alexey Kardashevskiy
2025-02-18 11:09 ` [RFC PATCH v2 01/22] pci/doe: Define protocol types and make those public Alexey Kardashevskiy
2025-04-15 20:15 ` Bjorn Helgaas
2025-02-18 11:09 ` [RFC PATCH v2 02/22] PCI/IDE: Fixes to make it work on AMD SNP-SEV Alexey Kardashevskiy
2025-02-18 11:09 ` [RFC PATCH v2 03/22] PCI/IDE: Init IDs on all IDE streams beforehand Alexey Kardashevskiy
2025-02-18 11:09 ` [RFC PATCH v2 04/22] iommu/amd: Report SEV-TIO support Alexey Kardashevskiy
2025-02-18 11:09 ` [RFC PATCH v2 05/22] crypto: ccp: Enable SEV-TIO feature in the PSP when supported Alexey Kardashevskiy
2025-03-22 11:50 ` Francesco Lavra
2025-03-26 4:26 ` Alexey Kardashevskiy
2025-02-18 11:09 ` [RFC PATCH v2 06/22] KVM: X86: Define tsm_get_vmid Alexey Kardashevskiy
2025-03-13 1:51 ` Dan Williams
2025-03-13 4:31 ` Alexey Kardashevskiy
2025-03-13 19:09 ` Dan Williams [this message]
2025-03-14 3:28 ` Alexey Kardashevskiy
2025-04-24 3:37 ` Alexey Kardashevskiy
2025-02-18 11:09 ` [RFC PATCH v2 07/22] coco/tsm: Add tsm and tsm-host modules Alexey Kardashevskiy
2025-03-14 1:14 ` Dan Williams
2025-05-14 18:39 ` Zhi Wang
2025-05-29 5:30 ` Alexey Kardashevskiy
2025-02-18 11:09 ` [RFC PATCH v2 08/22] pci/tsm: Add PCI driver for TSM Alexey Kardashevskiy
2025-04-15 20:25 ` Bjorn Helgaas
2025-02-18 11:09 ` [RFC PATCH v2 09/22] crypto/ccp: Implement SEV TIO firmware interface Alexey Kardashevskiy
2025-03-23 11:35 ` Francesco Lavra
2025-02-18 11:09 ` [RFC PATCH v2 10/22] KVM: SVM: Add uAPI to change RMP for MMIO Alexey Kardashevskiy
2025-03-15 0:08 ` Dan Williams
2025-03-27 5:00 ` Alexey Kardashevskiy
2025-02-18 11:09 ` [RFC PATCH v2 11/22] KVM: SEV: Add TIO VMGEXIT Alexey Kardashevskiy
2025-02-18 11:09 ` [RFC PATCH v2 12/22] iommufd: Allow mapping from guest_memfd Alexey Kardashevskiy
2025-02-18 14:16 ` Jason Gunthorpe
2025-02-18 23:35 ` Alexey Kardashevskiy
2025-02-18 23:51 ` Jason Gunthorpe
2025-02-19 0:43 ` Alexey Kardashevskiy
2025-02-19 13:35 ` Jason Gunthorpe
2025-02-19 20:23 ` Michael Roth
2025-02-19 20:37 ` Jason Gunthorpe
2025-02-19 21:30 ` Michael Roth
2025-02-20 0:57 ` Jason Gunthorpe
2025-03-13 4:51 ` Alexey Kardashevskiy
2025-03-19 17:40 ` Jason Gunthorpe
2025-02-20 2:29 ` Alexey Kardashevskiy
2025-02-18 11:10 ` [RFC PATCH v2 13/22] iommufd: amd-iommu: Add vdevice support Alexey Kardashevskiy
2025-04-01 16:11 ` Jason Gunthorpe
2025-04-10 6:39 ` Alexey Kardashevskiy
2025-04-10 8:43 ` Tian, Kevin
2025-04-10 13:05 ` Jason Gunthorpe
2025-04-14 4:17 ` Alexey Kardashevskiy
2025-02-18 11:10 ` [RFC PATCH v2 14/22] iommufd: Add TIO calls Alexey Kardashevskiy
2025-02-25 9:00 ` Xu Yilun
2025-02-26 0:12 ` Alexey Kardashevskiy
2025-02-26 10:49 ` Xu Yilun
2025-02-26 13:12 ` Jason Gunthorpe
2025-02-27 0:33 ` Alexey Kardashevskiy
2025-03-01 0:32 ` Jason Gunthorpe
2025-03-05 3:09 ` Alexey Kardashevskiy
2025-03-05 19:18 ` Jason Gunthorpe
2025-02-27 3:59 ` Xu Yilun
2025-03-01 0:37 ` Jason Gunthorpe
2025-03-03 5:32 ` Xu Yilun
2025-03-05 19:28 ` Jason Gunthorpe
2025-03-06 6:47 ` Xu Yilun
2025-03-06 18:26 ` Jason Gunthorpe
2025-03-07 6:49 ` Xu Yilun
2025-03-07 2:19 ` Alexey Kardashevskiy
2025-03-07 15:17 ` Jason Gunthorpe
2025-03-12 10:41 ` Suzuki K Poulose
2025-03-12 1:11 ` Xu Yilun
2025-02-26 13:08 ` Jason Gunthorpe
2025-03-15 1:11 ` Dan Williams
2025-03-17 2:32 ` Alexey Kardashevskiy
2025-04-01 15:53 ` Jason Gunthorpe
2025-03-13 11:01 ` Xu Yilun
2025-03-14 2:49 ` Alexey Kardashevskiy
2025-03-28 5:27 ` Aneesh Kumar K.V
2025-04-01 16:03 ` Jason Gunthorpe
2025-04-07 11:40 ` Aneesh Kumar K.V
2025-04-07 16:40 ` Jason Gunthorpe
2025-04-01 16:12 ` Jason Gunthorpe
2025-04-03 8:39 ` Alexey Kardashevskiy
2025-02-18 11:10 ` [RFC PATCH v2 15/22] KVM: X86: Handle private MMIO as shared Alexey Kardashevskiy
2025-05-15 8:18 ` Zhi Wang
2025-05-29 5:30 ` Alexey Kardashevskiy
2025-02-18 11:10 ` [RFC PATCH v2 16/22] coco/tsm: Add tsm-guest module Alexey Kardashevskiy
2025-04-05 17:15 ` Francesco Lavra
2025-02-18 11:10 ` [RFC PATCH v2 17/22] resource: Mark encrypted MMIO resource on validation Alexey Kardashevskiy
2025-04-05 18:19 ` Francesco Lavra
2025-02-18 11:10 ` [RFC PATCH v2 18/22] coco/sev-guest: Implement the guest support for SEV TIO Alexey Kardashevskiy
2025-04-07 11:05 ` Francesco Lavra
2025-02-18 11:10 ` [RFC PATCH v2 19/22] RFC: pci: Add BUS_NOTIFY_PCI_BUS_MASTER event Alexey Kardashevskiy
2025-04-15 20:26 ` Bjorn Helgaas
2025-02-18 11:10 ` [RFC PATCH v2 20/22] sev-guest: Stop changing encrypted page state for TDISP devices Alexey Kardashevskiy
2025-02-27 16:01 ` Borislav Petkov
2025-02-18 11:10 ` [RFC PATCH v2 21/22] pci: Allow encrypted MMIO mapping via sysfs Alexey Kardashevskiy
2025-04-15 20:28 ` Bjorn Helgaas
2025-02-18 11:10 ` [RFC PATCH v2 22/22] pci: Define pci_iomap_range_encrypted Alexey Kardashevskiy
2025-04-15 20:30 ` Bjorn Helgaas
2025-02-27 15:48 ` [RFC PATCH v2 00/22] TSM: Secure VFIO, TDISP, SEV TIO Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=67d32d60bf4f4_1198729418@dwillia2-xfh.jf.intel.com.notmuch \
--to=dan.j.williams@intel.com \
--cc=Jonathan.Cameron@huawei.com \
--cc=aik@amd.com \
--cc=aneesh.kumar@kernel.org \
--cc=ashish.kalra@amd.com \
--cc=baolu.lu@linux.intel.com \
--cc=bhelgaas@google.com \
--cc=dionnaglaze@google.com \
--cc=hch@lst.de \
--cc=iommu@lists.linux.dev \
--cc=jgg@ziepe.ca \
--cc=joao.m.martins@oracle.com \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=michael.roth@amd.com \
--cc=nicolinc@nvidia.com \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=robin.murphy@arm.com \
--cc=seanjc@google.com \
--cc=steven.sistare@oracle.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=suzuki.poulose@arm.com \
--cc=thomas.lendacky@amd.com \
--cc=vasant.hegde@amd.com \
--cc=x86@kernel.org \
--cc=yi.l.liu@intel.com \
--cc=yilun.xu@linux.intel.com \
--cc=zhiw@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).