1 // SPDX-License-Identifier: GPL-2.0-only
3 * Kernel-based Virtual Machine driver for Linux
7 * Copyright 2010 Red Hat, Inc. and/or its affiliates.
10 #include <linux/kvm_types.h>
11 #include <linux/kvm_host.h>
12 #include <linux/kernel.h>
13 #include <linux/highmem.h>
14 #include <linux/psp-sev.h>
15 #include <linux/pagemap.h>
16 #include <linux/swap.h>
17 #include <linux/processor.h>
22 static int sev_flush_asids(void);
23 static DECLARE_RWSEM(sev_deactivate_lock);
24 static DEFINE_MUTEX(sev_bitmap_lock);
25 unsigned int max_sev_asid;
26 static unsigned int min_sev_asid;
27 static unsigned long *sev_asid_bitmap;
28 static unsigned long *sev_reclaim_asid_bitmap;
29 #define __sme_page_pa(x) __sme_set(page_to_pfn(x) << PAGE_SHIFT)
32 struct list_head list;
39 static int sev_flush_asids(void)
44 * DEACTIVATE will clear the WBINVD indicator causing DF_FLUSH to fail,
45 * so it must be guarded.
47 down_write(&sev_deactivate_lock);
50 ret = sev_guest_df_flush(&error);
52 up_write(&sev_deactivate_lock);
55 pr_err("SEV: DF_FLUSH failed, ret=%d, error=%#x\n", ret, error);
60 /* Must be called with the sev_bitmap_lock held */
61 static bool __sev_recycle_asids(void)
65 /* Check if there are any ASIDs to reclaim before performing a flush */
66 pos = find_next_bit(sev_reclaim_asid_bitmap,
67 max_sev_asid, min_sev_asid - 1);
68 if (pos >= max_sev_asid)
71 if (sev_flush_asids())
74 bitmap_xor(sev_asid_bitmap, sev_asid_bitmap, sev_reclaim_asid_bitmap,
76 bitmap_zero(sev_reclaim_asid_bitmap, max_sev_asid);
81 static int sev_asid_new(void)
86 mutex_lock(&sev_bitmap_lock);
89 * SEV-enabled guest must use asid from min_sev_asid to max_sev_asid.
92 pos = find_next_zero_bit(sev_asid_bitmap, max_sev_asid, min_sev_asid - 1);
93 if (pos >= max_sev_asid) {
94 if (retry && __sev_recycle_asids()) {
98 mutex_unlock(&sev_bitmap_lock);
102 __set_bit(pos, sev_asid_bitmap);
104 mutex_unlock(&sev_bitmap_lock);
109 static int sev_get_asid(struct kvm *kvm)
111 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
116 static void sev_asid_free(int asid)
118 struct svm_cpu_data *sd;
121 mutex_lock(&sev_bitmap_lock);
124 __set_bit(pos, sev_reclaim_asid_bitmap);
126 for_each_possible_cpu(cpu) {
127 sd = per_cpu(svm_data, cpu);
128 sd->sev_vmcbs[pos] = NULL;
131 mutex_unlock(&sev_bitmap_lock);
134 static void sev_unbind_asid(struct kvm *kvm, unsigned int handle)
136 struct sev_data_decommission *decommission;
137 struct sev_data_deactivate *data;
142 data = kzalloc(sizeof(*data), GFP_KERNEL);
146 /* deactivate handle */
147 data->handle = handle;
149 /* Guard DEACTIVATE against WBINVD/DF_FLUSH used in ASID recycling */
150 down_read(&sev_deactivate_lock);
151 sev_guest_deactivate(data, NULL);
152 up_read(&sev_deactivate_lock);
156 decommission = kzalloc(sizeof(*decommission), GFP_KERNEL);
160 /* decommission handle */
161 decommission->handle = handle;
162 sev_guest_decommission(decommission, NULL);
167 static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp)
169 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
173 if (unlikely(sev->active))
176 asid = sev_asid_new();
180 ret = sev_platform_init(&argp->error);
186 INIT_LIST_HEAD(&sev->regions_list);
195 static int sev_bind_asid(struct kvm *kvm, unsigned int handle, int *error)
197 struct sev_data_activate *data;
198 int asid = sev_get_asid(kvm);
201 data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT);
205 /* activate ASID on the given handle */
206 data->handle = handle;
208 ret = sev_guest_activate(data, error);
214 static int __sev_issue_cmd(int fd, int id, void *data, int *error)
223 ret = sev_issue_cmd_external_user(f.file, id, data, error);
229 static int sev_issue_cmd(struct kvm *kvm, int id, void *data, int *error)
231 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
233 return __sev_issue_cmd(sev->fd, id, data, error);
236 static int sev_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
238 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
239 struct sev_data_launch_start *start;
240 struct kvm_sev_launch_start params;
241 void *dh_blob, *session_blob;
242 int *error = &argp->error;
248 if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, sizeof(params)))
251 start = kzalloc(sizeof(*start), GFP_KERNEL_ACCOUNT);
256 if (params.dh_uaddr) {
257 dh_blob = psp_copy_user_blob(params.dh_uaddr, params.dh_len);
258 if (IS_ERR(dh_blob)) {
259 ret = PTR_ERR(dh_blob);
263 start->dh_cert_address = __sme_set(__pa(dh_blob));
264 start->dh_cert_len = params.dh_len;
268 if (params.session_uaddr) {
269 session_blob = psp_copy_user_blob(params.session_uaddr, params.session_len);
270 if (IS_ERR(session_blob)) {
271 ret = PTR_ERR(session_blob);
275 start->session_address = __sme_set(__pa(session_blob));
276 start->session_len = params.session_len;
279 start->handle = params.handle;
280 start->policy = params.policy;
282 /* create memory encryption context */
283 ret = __sev_issue_cmd(argp->sev_fd, SEV_CMD_LAUNCH_START, start, error);
287 /* Bind ASID to this guest */
288 ret = sev_bind_asid(kvm, start->handle, error);
292 /* return handle to userspace */
293 params.handle = start->handle;
294 if (copy_to_user((void __user *)(uintptr_t)argp->data, ¶ms, sizeof(params))) {
295 sev_unbind_asid(kvm, start->handle);
300 sev->handle = start->handle;
301 sev->fd = argp->sev_fd;
312 static struct page **sev_pin_memory(struct kvm *kvm, unsigned long uaddr,
313 unsigned long ulen, unsigned long *n,
316 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
317 unsigned long npages, size;
319 unsigned long locked, lock_limit;
321 unsigned long first, last;
324 if (ulen == 0 || uaddr + ulen < uaddr)
325 return ERR_PTR(-EINVAL);
327 /* Calculate number of pages. */
328 first = (uaddr & PAGE_MASK) >> PAGE_SHIFT;
329 last = ((uaddr + ulen - 1) & PAGE_MASK) >> PAGE_SHIFT;
330 npages = (last - first + 1);
332 locked = sev->pages_locked + npages;
333 lock_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
334 if (locked > lock_limit && !capable(CAP_IPC_LOCK)) {
335 pr_err("SEV: %lu locked pages exceed the lock limit of %lu.\n", locked, lock_limit);
336 return ERR_PTR(-ENOMEM);
339 if (WARN_ON_ONCE(npages > INT_MAX))
340 return ERR_PTR(-EINVAL);
342 /* Avoid using vmalloc for smaller buffers. */
343 size = npages * sizeof(struct page *);
344 if (size > PAGE_SIZE)
345 pages = __vmalloc(size, GFP_KERNEL_ACCOUNT | __GFP_ZERO);
347 pages = kmalloc(size, GFP_KERNEL_ACCOUNT);
350 return ERR_PTR(-ENOMEM);
352 /* Pin the user virtual address. */
353 npinned = pin_user_pages_fast(uaddr, npages, write ? FOLL_WRITE : 0, pages);
354 if (npinned != npages) {
355 pr_err("SEV: Failure locking %lu pages.\n", npages);
361 sev->pages_locked = locked;
367 unpin_user_pages(pages, npinned);
373 static void sev_unpin_memory(struct kvm *kvm, struct page **pages,
374 unsigned long npages)
376 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
378 unpin_user_pages(pages, npages);
380 sev->pages_locked -= npages;
383 static void sev_clflush_pages(struct page *pages[], unsigned long npages)
385 uint8_t *page_virtual;
388 if (this_cpu_has(X86_FEATURE_SME_COHERENT) || npages == 0 ||
392 for (i = 0; i < npages; i++) {
393 page_virtual = kmap_atomic(pages[i]);
394 clflush_cache_range(page_virtual, PAGE_SIZE);
395 kunmap_atomic(page_virtual);
399 static unsigned long get_num_contig_pages(unsigned long idx,
400 struct page **inpages, unsigned long npages)
402 unsigned long paddr, next_paddr;
403 unsigned long i = idx + 1, pages = 1;
405 /* find the number of contiguous pages starting from idx */
406 paddr = __sme_page_pa(inpages[idx]);
408 next_paddr = __sme_page_pa(inpages[i++]);
409 if ((paddr + PAGE_SIZE) == next_paddr) {
420 static int sev_launch_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp)
422 unsigned long vaddr, vaddr_end, next_vaddr, npages, pages, size, i;
423 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
424 struct kvm_sev_launch_update_data params;
425 struct sev_data_launch_update_data *data;
426 struct page **inpages;
432 if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, sizeof(params)))
435 data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT);
439 vaddr = params.uaddr;
441 vaddr_end = vaddr + size;
443 /* Lock the user memory. */
444 inpages = sev_pin_memory(kvm, vaddr, size, &npages, 1);
445 if (IS_ERR(inpages)) {
446 ret = PTR_ERR(inpages);
451 * Flush (on non-coherent CPUs) before LAUNCH_UPDATE encrypts pages in
452 * place; the cache may contain the data that was written unencrypted.
454 sev_clflush_pages(inpages, npages);
456 for (i = 0; vaddr < vaddr_end; vaddr = next_vaddr, i += pages) {
460 * If the user buffer is not page-aligned, calculate the offset
463 offset = vaddr & (PAGE_SIZE - 1);
465 /* Calculate the number of pages that can be encrypted in one go. */
466 pages = get_num_contig_pages(i, inpages, npages);
468 len = min_t(size_t, ((pages * PAGE_SIZE) - offset), size);
470 data->handle = sev->handle;
472 data->address = __sme_page_pa(inpages[i]) + offset;
473 ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_UPDATE_DATA, data, &argp->error);
478 next_vaddr = vaddr + len;
482 /* content of memory is updated, mark pages dirty */
483 for (i = 0; i < npages; i++) {
484 set_page_dirty_lock(inpages[i]);
485 mark_page_accessed(inpages[i]);
487 /* unlock the user pages */
488 sev_unpin_memory(kvm, inpages, npages);
494 static int sev_launch_measure(struct kvm *kvm, struct kvm_sev_cmd *argp)
496 void __user *measure = (void __user *)(uintptr_t)argp->data;
497 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
498 struct sev_data_launch_measure *data;
499 struct kvm_sev_launch_measure params;
500 void __user *p = NULL;
507 if (copy_from_user(¶ms, measure, sizeof(params)))
510 data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT);
514 /* User wants to query the blob length */
518 p = (void __user *)(uintptr_t)params.uaddr;
520 if (params.len > SEV_FW_BLOB_MAX_SIZE) {
526 blob = kmalloc(params.len, GFP_KERNEL);
530 data->address = __psp_pa(blob);
531 data->len = params.len;
535 data->handle = sev->handle;
536 ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_MEASURE, data, &argp->error);
539 * If we query the session length, FW responded with expected data.
548 if (copy_to_user(p, blob, params.len))
553 params.len = data->len;
554 if (copy_to_user(measure, ¶ms, sizeof(params)))
563 static int sev_launch_finish(struct kvm *kvm, struct kvm_sev_cmd *argp)
565 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
566 struct sev_data_launch_finish *data;
572 data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT);
576 data->handle = sev->handle;
577 ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_FINISH, data, &argp->error);
583 static int sev_guest_status(struct kvm *kvm, struct kvm_sev_cmd *argp)
585 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
586 struct kvm_sev_guest_status params;
587 struct sev_data_guest_status *data;
593 data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT);
597 data->handle = sev->handle;
598 ret = sev_issue_cmd(kvm, SEV_CMD_GUEST_STATUS, data, &argp->error);
602 params.policy = data->policy;
603 params.state = data->state;
604 params.handle = data->handle;
606 if (copy_to_user((void __user *)(uintptr_t)argp->data, ¶ms, sizeof(params)))
613 static int __sev_issue_dbg_cmd(struct kvm *kvm, unsigned long src,
614 unsigned long dst, int size,
615 int *error, bool enc)
617 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
618 struct sev_data_dbg *data;
621 data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT);
625 data->handle = sev->handle;
626 data->dst_addr = dst;
627 data->src_addr = src;
630 ret = sev_issue_cmd(kvm,
631 enc ? SEV_CMD_DBG_ENCRYPT : SEV_CMD_DBG_DECRYPT,
637 static int __sev_dbg_decrypt(struct kvm *kvm, unsigned long src_paddr,
638 unsigned long dst_paddr, int sz, int *err)
643 * Its safe to read more than we are asked, caller should ensure that
644 * destination has enough space.
646 src_paddr = round_down(src_paddr, 16);
647 offset = src_paddr & 15;
648 sz = round_up(sz + offset, 16);
650 return __sev_issue_dbg_cmd(kvm, src_paddr, dst_paddr, sz, err, false);
653 static int __sev_dbg_decrypt_user(struct kvm *kvm, unsigned long paddr,
654 unsigned long __user dst_uaddr,
655 unsigned long dst_paddr,
658 struct page *tpage = NULL;
661 /* if inputs are not 16-byte then use intermediate buffer */
662 if (!IS_ALIGNED(dst_paddr, 16) ||
663 !IS_ALIGNED(paddr, 16) ||
664 !IS_ALIGNED(size, 16)) {
665 tpage = (void *)alloc_page(GFP_KERNEL);
669 dst_paddr = __sme_page_pa(tpage);
672 ret = __sev_dbg_decrypt(kvm, paddr, dst_paddr, size, err);
678 if (copy_to_user((void __user *)(uintptr_t)dst_uaddr,
679 page_address(tpage) + offset, size))
690 static int __sev_dbg_encrypt_user(struct kvm *kvm, unsigned long paddr,
691 unsigned long __user vaddr,
692 unsigned long dst_paddr,
693 unsigned long __user dst_vaddr,
694 int size, int *error)
696 struct page *src_tpage = NULL;
697 struct page *dst_tpage = NULL;
700 /* If source buffer is not aligned then use an intermediate buffer */
701 if (!IS_ALIGNED(vaddr, 16)) {
702 src_tpage = alloc_page(GFP_KERNEL);
706 if (copy_from_user(page_address(src_tpage),
707 (void __user *)(uintptr_t)vaddr, size)) {
708 __free_page(src_tpage);
712 paddr = __sme_page_pa(src_tpage);
716 * If destination buffer or length is not aligned then do read-modify-write:
717 * - decrypt destination in an intermediate buffer
718 * - copy the source buffer in an intermediate buffer
719 * - use the intermediate buffer as source buffer
721 if (!IS_ALIGNED(dst_vaddr, 16) || !IS_ALIGNED(size, 16)) {
724 dst_tpage = alloc_page(GFP_KERNEL);
730 ret = __sev_dbg_decrypt(kvm, dst_paddr,
731 __sme_page_pa(dst_tpage), size, error);
736 * If source is kernel buffer then use memcpy() otherwise
739 dst_offset = dst_paddr & 15;
742 memcpy(page_address(dst_tpage) + dst_offset,
743 page_address(src_tpage), size);
745 if (copy_from_user(page_address(dst_tpage) + dst_offset,
746 (void __user *)(uintptr_t)vaddr, size)) {
752 paddr = __sme_page_pa(dst_tpage);
753 dst_paddr = round_down(dst_paddr, 16);
754 len = round_up(size, 16);
757 ret = __sev_issue_dbg_cmd(kvm, paddr, dst_paddr, len, error, true);
761 __free_page(src_tpage);
763 __free_page(dst_tpage);
767 static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec)
769 unsigned long vaddr, vaddr_end, next_vaddr;
770 unsigned long dst_vaddr;
771 struct page **src_p, **dst_p;
772 struct kvm_sev_dbg debug;
780 if (copy_from_user(&debug, (void __user *)(uintptr_t)argp->data, sizeof(debug)))
783 if (!debug.len || debug.src_uaddr + debug.len < debug.src_uaddr)
785 if (!debug.dst_uaddr)
788 vaddr = debug.src_uaddr;
790 vaddr_end = vaddr + size;
791 dst_vaddr = debug.dst_uaddr;
793 for (; vaddr < vaddr_end; vaddr = next_vaddr) {
794 int len, s_off, d_off;
796 /* lock userspace source and destination page */
797 src_p = sev_pin_memory(kvm, vaddr & PAGE_MASK, PAGE_SIZE, &n, 0);
799 return PTR_ERR(src_p);
801 dst_p = sev_pin_memory(kvm, dst_vaddr & PAGE_MASK, PAGE_SIZE, &n, 1);
803 sev_unpin_memory(kvm, src_p, n);
804 return PTR_ERR(dst_p);
808 * Flush (on non-coherent CPUs) before DBG_{DE,EN}CRYPT read or modify
809 * the pages; flush the destination too so that future accesses do not
812 sev_clflush_pages(src_p, 1);
813 sev_clflush_pages(dst_p, 1);
816 * Since user buffer may not be page aligned, calculate the
817 * offset within the page.
819 s_off = vaddr & ~PAGE_MASK;
820 d_off = dst_vaddr & ~PAGE_MASK;
821 len = min_t(size_t, (PAGE_SIZE - s_off), size);
824 ret = __sev_dbg_decrypt_user(kvm,
825 __sme_page_pa(src_p[0]) + s_off,
827 __sme_page_pa(dst_p[0]) + d_off,
830 ret = __sev_dbg_encrypt_user(kvm,
831 __sme_page_pa(src_p[0]) + s_off,
833 __sme_page_pa(dst_p[0]) + d_off,
837 sev_unpin_memory(kvm, src_p, n);
838 sev_unpin_memory(kvm, dst_p, n);
843 next_vaddr = vaddr + len;
844 dst_vaddr = dst_vaddr + len;
851 static int sev_launch_secret(struct kvm *kvm, struct kvm_sev_cmd *argp)
853 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
854 struct sev_data_launch_secret *data;
855 struct kvm_sev_launch_secret params;
864 if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, sizeof(params)))
867 pages = sev_pin_memory(kvm, params.guest_uaddr, params.guest_len, &n, 1);
869 return PTR_ERR(pages);
872 * Flush (on non-coherent CPUs) before LAUNCH_SECRET encrypts pages in
873 * place; the cache may contain the data that was written unencrypted.
875 sev_clflush_pages(pages, n);
878 * The secret must be copied into contiguous memory region, lets verify
879 * that userspace memory pages are contiguous before we issue command.
881 if (get_num_contig_pages(0, pages, n) != n) {
887 data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT);
891 offset = params.guest_uaddr & (PAGE_SIZE - 1);
892 data->guest_address = __sme_page_pa(pages[0]) + offset;
893 data->guest_len = params.guest_len;
895 blob = psp_copy_user_blob(params.trans_uaddr, params.trans_len);
901 data->trans_address = __psp_pa(blob);
902 data->trans_len = params.trans_len;
904 hdr = psp_copy_user_blob(params.hdr_uaddr, params.hdr_len);
909 data->hdr_address = __psp_pa(hdr);
910 data->hdr_len = params.hdr_len;
912 data->handle = sev->handle;
913 ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_UPDATE_SECRET, data, &argp->error);
922 /* content of memory is updated, mark pages dirty */
923 for (i = 0; i < n; i++) {
924 set_page_dirty_lock(pages[i]);
925 mark_page_accessed(pages[i]);
927 sev_unpin_memory(kvm, pages, n);
931 int svm_mem_enc_op(struct kvm *kvm, void __user *argp)
933 struct kvm_sev_cmd sev_cmd;
936 if (!svm_sev_enabled() || !sev)
942 if (copy_from_user(&sev_cmd, argp, sizeof(struct kvm_sev_cmd)))
945 mutex_lock(&kvm->lock);
947 switch (sev_cmd.id) {
949 r = sev_guest_init(kvm, &sev_cmd);
951 case KVM_SEV_LAUNCH_START:
952 r = sev_launch_start(kvm, &sev_cmd);
954 case KVM_SEV_LAUNCH_UPDATE_DATA:
955 r = sev_launch_update_data(kvm, &sev_cmd);
957 case KVM_SEV_LAUNCH_MEASURE:
958 r = sev_launch_measure(kvm, &sev_cmd);
960 case KVM_SEV_LAUNCH_FINISH:
961 r = sev_launch_finish(kvm, &sev_cmd);
963 case KVM_SEV_GUEST_STATUS:
964 r = sev_guest_status(kvm, &sev_cmd);
966 case KVM_SEV_DBG_DECRYPT:
967 r = sev_dbg_crypt(kvm, &sev_cmd, true);
969 case KVM_SEV_DBG_ENCRYPT:
970 r = sev_dbg_crypt(kvm, &sev_cmd, false);
972 case KVM_SEV_LAUNCH_SECRET:
973 r = sev_launch_secret(kvm, &sev_cmd);
980 if (copy_to_user(argp, &sev_cmd, sizeof(struct kvm_sev_cmd)))
984 mutex_unlock(&kvm->lock);
988 int svm_register_enc_region(struct kvm *kvm,
989 struct kvm_enc_region *range)
991 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
992 struct enc_region *region;
998 if (range->addr > ULONG_MAX || range->size > ULONG_MAX)
1001 region = kzalloc(sizeof(*region), GFP_KERNEL_ACCOUNT);
1005 region->pages = sev_pin_memory(kvm, range->addr, range->size, ®ion->npages, 1);
1006 if (IS_ERR(region->pages)) {
1007 ret = PTR_ERR(region->pages);
1012 * The guest may change the memory encryption attribute from C=0 -> C=1
1013 * or vice versa for this memory range. Lets make sure caches are
1014 * flushed to ensure that guest data gets written into memory with
1017 sev_clflush_pages(region->pages, region->npages);
1019 region->uaddr = range->addr;
1020 region->size = range->size;
1022 mutex_lock(&kvm->lock);
1023 list_add_tail(®ion->list, &sev->regions_list);
1024 mutex_unlock(&kvm->lock);
1033 static struct enc_region *
1034 find_enc_region(struct kvm *kvm, struct kvm_enc_region *range)
1036 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
1037 struct list_head *head = &sev->regions_list;
1038 struct enc_region *i;
1040 list_for_each_entry(i, head, list) {
1041 if (i->uaddr == range->addr &&
1042 i->size == range->size)
1049 static void __unregister_enc_region_locked(struct kvm *kvm,
1050 struct enc_region *region)
1052 sev_unpin_memory(kvm, region->pages, region->npages);
1053 list_del(®ion->list);
1057 int svm_unregister_enc_region(struct kvm *kvm,
1058 struct kvm_enc_region *range)
1060 struct enc_region *region;
1063 mutex_lock(&kvm->lock);
1065 if (!sev_guest(kvm)) {
1070 region = find_enc_region(kvm, range);
1077 * Ensure that all guest tagged cache entries are flushed before
1078 * releasing the pages back to the system for use. CLFLUSH will
1079 * not do this, so issue a WBINVD.
1081 wbinvd_on_all_cpus();
1083 __unregister_enc_region_locked(kvm, region);
1085 mutex_unlock(&kvm->lock);
1089 mutex_unlock(&kvm->lock);
1093 void sev_vm_destroy(struct kvm *kvm)
1095 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
1096 struct list_head *head = &sev->regions_list;
1097 struct list_head *pos, *q;
1099 if (!sev_guest(kvm))
1102 mutex_lock(&kvm->lock);
1105 * Ensure that all guest tagged cache entries are flushed before
1106 * releasing the pages back to the system for use. CLFLUSH will
1107 * not do this, so issue a WBINVD.
1109 wbinvd_on_all_cpus();
1112 * if userspace was terminated before unregistering the memory regions
1113 * then lets unpin all the registered memory.
1115 if (!list_empty(head)) {
1116 list_for_each_safe(pos, q, head) {
1117 __unregister_enc_region_locked(kvm,
1118 list_entry(pos, struct enc_region, list));
1123 mutex_unlock(&kvm->lock);
1125 sev_unbind_asid(kvm, sev->handle);
1126 sev_asid_free(sev->asid);
1129 void __init sev_hardware_setup(void)
1131 unsigned int eax, ebx, ecx, edx;
1132 bool sev_es_supported = false;
1133 bool sev_supported = false;
1135 /* Does the CPU support SEV? */
1136 if (!boot_cpu_has(X86_FEATURE_SEV))
1139 /* Retrieve SEV CPUID information */
1140 cpuid(0x8000001f, &eax, &ebx, &ecx, &edx);
1142 /* Maximum number of encrypted guests supported simultaneously */
1145 if (!svm_sev_enabled())
1148 /* Minimum ASID value that should be used for SEV guest */
1151 /* Initialize SEV ASID bitmaps */
1152 sev_asid_bitmap = bitmap_zalloc(max_sev_asid, GFP_KERNEL);
1153 if (!sev_asid_bitmap)
1156 sev_reclaim_asid_bitmap = bitmap_zalloc(max_sev_asid, GFP_KERNEL);
1157 if (!sev_reclaim_asid_bitmap)
1160 pr_info("SEV supported: %u ASIDs\n", max_sev_asid - min_sev_asid + 1);
1161 sev_supported = true;
1163 /* SEV-ES support requested? */
1167 /* Does the CPU support SEV-ES? */
1168 if (!boot_cpu_has(X86_FEATURE_SEV_ES))
1171 /* Has the system been allocated ASIDs for SEV-ES? */
1172 if (min_sev_asid == 1)
1175 pr_info("SEV-ES supported: %u ASIDs\n", min_sev_asid - 1);
1176 sev_es_supported = true;
1179 sev = sev_supported;
1180 sev_es = sev_es_supported;
1183 void sev_hardware_teardown(void)
1185 if (!svm_sev_enabled())
1188 bitmap_free(sev_asid_bitmap);
1189 bitmap_free(sev_reclaim_asid_bitmap);
1195 * Pages used by hardware to hold guest encrypted state must be flushed before
1196 * returning them to the system.
1198 static void sev_flush_guest_memory(struct vcpu_svm *svm, void *va,
1202 * If hardware enforced cache coherency for encrypted mappings of the
1203 * same physical page is supported, nothing to do.
1205 if (boot_cpu_has(X86_FEATURE_SME_COHERENT))
1209 * If the VM Page Flush MSR is supported, use it to flush the page
1210 * (using the page virtual address and the guest ASID).
1212 if (boot_cpu_has(X86_FEATURE_VM_PAGE_FLUSH)) {
1213 struct kvm_sev_info *sev;
1214 unsigned long va_start;
1217 /* Align start and stop to page boundaries. */
1218 va_start = (unsigned long)va;
1219 start = (u64)va_start & PAGE_MASK;
1220 stop = PAGE_ALIGN((u64)va_start + len);
1223 sev = &to_kvm_svm(svm->vcpu.kvm)->sev_info;
1225 while (start < stop) {
1226 wrmsrl(MSR_AMD64_VM_PAGE_FLUSH,
1235 WARN(1, "Address overflow, using WBINVD\n");
1239 * Hardware should always have one of the above features,
1240 * but if not, use WBINVD and issue a warning.
1242 WARN_ONCE(1, "Using WBINVD to flush guest memory\n");
1243 wbinvd_on_all_cpus();
1246 void sev_free_vcpu(struct kvm_vcpu *vcpu)
1248 struct vcpu_svm *svm;
1250 if (!sev_es_guest(vcpu->kvm))
1255 if (vcpu->arch.guest_state_protected)
1256 sev_flush_guest_memory(svm, svm->vmsa, PAGE_SIZE);
1257 __free_page(virt_to_page(svm->vmsa));
1260 void pre_sev_run(struct vcpu_svm *svm, int cpu)
1262 struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
1263 int asid = sev_get_asid(svm->vcpu.kvm);
1265 /* Assign the asid allocated with this SEV guest */
1271 * 1) when different VMCB for the same ASID is to be run on the same host CPU.
1272 * 2) or this VMCB was executed on different host CPU in previous VMRUNs.
1274 if (sd->sev_vmcbs[asid] == svm->vmcb &&
1275 svm->vcpu.arch.last_vmentry_cpu == cpu)
1278 sd->sev_vmcbs[asid] = svm->vmcb;
1279 svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ASID;
1280 vmcb_mark_dirty(svm->vmcb, VMCB_ASID);