From: Tom Lendacky <thomas.lendacky@amd.com>
To: <kvm@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<x86@kernel.org>, <linux-coco@lists.linux.dev>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Sean Christopherson <seanjc@google.com>,
Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
Ingo Molnar <mingo@redhat.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
Michael Roth <michael.roth@amd.com>,
"Ashish Kalra" <ashish.kalra@amd.com>,
Joerg Roedel <jroedel@suse.de>,
Roy Hopkins <roy.hopkins@suse.com>
Subject: [RFC PATCH 0/7] KVM: SEV-SNP support for running an SVSM
Date: Tue, 27 Aug 2024 16:59:24 -0500 [thread overview]
Message-ID: <cover.1724795970.git.thomas.lendacky@amd.com> (raw)
This series is meant to start the discussion around running a guest with
a Secure VM Service Module (SVSM) and how to transition a vCPU between
one VM Privilege Level (VMPL) and another. This is Proof-of-Concept level
code, so definitely not something looking to be merged.
When running under an SVSM, VMPL switches are needed for validating memory
and creating vCPU VM Save Area (VMSA) pages. Going forward, different
services running in the SVSM will require VMPL switching, e.g. a virtual
TPM service or Alternate Injection support. Therefore VMPL switches need
to be as fast as possible. The implementation in this series has KVM
managing the creation of VMPL levels and transitioning between the levels
without transitioning to the userspace VMM.
Going forward, the userspace VMM may need to be aware of VMPL levels. It
may be necessary to transition VMPL creation (AP Creation at a specific
VMPL level) to the userspace VMM. But keeping VMPL switching within KVM
is highly desired for performance reasons.
This PoC code does have some restrictions. For example, when running with
Restricted Injection, all injections are blocked as the SVSM is not
expecting any injections (currently). This allows for a single APIC
instance for now.
The patches can be further split and the change logs improved, but wanted
to get this out and get the discussion going.
Implemented in this RFC:
- APIC ID list retrieval to allow for only measuring the BSP and
allowing the guest to start all of the APs without having to use a
broadcast SIPI
- vCPU creation at a specific VMPL
- vCPU execution at a specific VMPL
- Maintain per-VMPL SEV features
- Implement minimal Restricted Injection
- Blocks all injection when enabled
- SVSM support
- SNP init flag for SVSM support
- Measuring data with specific VMPL permissions
- Measuring only the BSP
Things not yet implemented:
- APIC instance separation
- Restricted Injection support that is multi-VMPL aware
The series is based off of a slightly older kvm next branch:
git://git.kernel.org/pub/scm/virt/kvm/kvm.git next
7c626ce4bae1 ("Linux 6.11-rc3")
---
Carlos Bilbao (1):
KVM: SVM: Maintain per-VMPL SEV features in kvm_sev_info
Tom Lendacky (6):
KVM: SVM: Implement GET_AP_APIC_IDS NAE event
KVM: SEV: Allow for VMPL level specification in AP create
KVM: SVM: Invoke a specified VMPL level VMSA for the vCPU
KVM: SVM: Prevent injection when restricted injection is active
KVM: SVM: Support launching an SVSM with Restricted Injection set
KVM: SVM: Support initialization of an SVSM
arch/x86/include/asm/sev-common.h | 7 +
arch/x86/include/asm/svm.h | 9 +
arch/x86/include/uapi/asm/kvm.h | 10 +
arch/x86/include/uapi/asm/svm.h | 3 +
arch/x86/kvm/svm/sev.c | 530 +++++++++++++++++++++++++-----
arch/x86/kvm/svm/svm.c | 25 +-
arch/x86/kvm/svm/svm.h | 71 +++-
arch/x86/kvm/x86.c | 9 +
include/uapi/linux/kvm.h | 3 +
9 files changed, 575 insertions(+), 92 deletions(-)
--
2.43.2
next reply other threads:[~2024-08-27 21:59 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-27 21:59 Tom Lendacky [this message]
2024-08-27 21:59 ` [RFC PATCH 1/7] KVM: SVM: Implement GET_AP_APIC_IDS NAE event Tom Lendacky
2024-11-28 16:07 ` Borislav Petkov
2024-08-27 21:59 ` [RFC PATCH 2/7] KVM: SEV: Allow for VMPL level specification in AP create Tom Lendacky
2024-08-27 21:59 ` [RFC PATCH 3/7] KVM: SVM: Invoke a specified VMPL level VMSA for the vCPU Tom Lendacky
2024-08-27 21:59 ` [RFC PATCH 4/7] KVM: SVM: Maintain per-VMPL SEV features in kvm_sev_info Tom Lendacky
2024-08-27 21:59 ` [RFC PATCH 5/7] KVM: SVM: Prevent injection when restricted injection is active Tom Lendacky
2024-08-27 21:59 ` [RFC PATCH 6/7] KVM: SVM: Support launching an SVSM with Restricted Injection set Tom Lendacky
2024-08-27 21:59 ` [RFC PATCH 7/7] KVM: SVM: Support initialization of an SVSM Tom Lendacky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1724795970.git.thomas.lendacky@amd.com \
--to=thomas.lendacky@amd.com \
--cc=ashish.kalra@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=jroedel@suse.de \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=roy.hopkins@suse.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).