1 // SPDX-License-Identifier: GPL-2.0-only
3 * Kernel-based Virtual Machine driver for Linux
7 * Copyright 2010 Red Hat, Inc. and/or its affiliates.
10 #include <linux/kvm_types.h>
11 #include <linux/kvm_host.h>
12 #include <linux/kernel.h>
13 #include <linux/highmem.h>
14 #include <linux/psp-sev.h>
15 #include <linux/pagemap.h>
16 #include <linux/swap.h>
21 static int sev_flush_asids(void);
22 static DECLARE_RWSEM(sev_deactivate_lock);
23 static DEFINE_MUTEX(sev_bitmap_lock);
24 unsigned int max_sev_asid;
25 static unsigned int min_sev_asid;
26 static unsigned long *sev_asid_bitmap;
27 static unsigned long *sev_reclaim_asid_bitmap;
28 #define __sme_page_pa(x) __sme_set(page_to_pfn(x) << PAGE_SHIFT)
31 struct list_head list;
38 static int sev_flush_asids(void)
43 * DEACTIVATE will clear the WBINVD indicator causing DF_FLUSH to fail,
44 * so it must be guarded.
46 down_write(&sev_deactivate_lock);
49 ret = sev_guest_df_flush(&error);
51 up_write(&sev_deactivate_lock);
54 pr_err("SEV: DF_FLUSH failed, ret=%d, error=%#x\n", ret, error);
59 /* Must be called with the sev_bitmap_lock held */
60 static bool __sev_recycle_asids(void)
64 /* Check if there are any ASIDs to reclaim before performing a flush */
65 pos = find_next_bit(sev_reclaim_asid_bitmap,
66 max_sev_asid, min_sev_asid - 1);
67 if (pos >= max_sev_asid)
70 if (sev_flush_asids())
73 bitmap_xor(sev_asid_bitmap, sev_asid_bitmap, sev_reclaim_asid_bitmap,
75 bitmap_zero(sev_reclaim_asid_bitmap, max_sev_asid);
80 static int sev_asid_new(void)
85 mutex_lock(&sev_bitmap_lock);
88 * SEV-enabled guest must use asid from min_sev_asid to max_sev_asid.
91 pos = find_next_zero_bit(sev_asid_bitmap, max_sev_asid, min_sev_asid - 1);
92 if (pos >= max_sev_asid) {
93 if (retry && __sev_recycle_asids()) {
97 mutex_unlock(&sev_bitmap_lock);
101 __set_bit(pos, sev_asid_bitmap);
103 mutex_unlock(&sev_bitmap_lock);
108 static int sev_get_asid(struct kvm *kvm)
110 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
115 static void sev_asid_free(int asid)
117 struct svm_cpu_data *sd;
120 mutex_lock(&sev_bitmap_lock);
123 __set_bit(pos, sev_reclaim_asid_bitmap);
125 for_each_possible_cpu(cpu) {
126 sd = per_cpu(svm_data, cpu);
127 sd->sev_vmcbs[pos] = NULL;
130 mutex_unlock(&sev_bitmap_lock);
133 static void sev_unbind_asid(struct kvm *kvm, unsigned int handle)
135 struct sev_data_decommission *decommission;
136 struct sev_data_deactivate *data;
141 data = kzalloc(sizeof(*data), GFP_KERNEL);
145 /* deactivate handle */
146 data->handle = handle;
148 /* Guard DEACTIVATE against WBINVD/DF_FLUSH used in ASID recycling */
149 down_read(&sev_deactivate_lock);
150 sev_guest_deactivate(data, NULL);
151 up_read(&sev_deactivate_lock);
155 decommission = kzalloc(sizeof(*decommission), GFP_KERNEL);
159 /* decommission handle */
160 decommission->handle = handle;
161 sev_guest_decommission(decommission, NULL);
166 static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp)
168 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
172 if (unlikely(sev->active))
175 asid = sev_asid_new();
179 ret = sev_platform_init(&argp->error);
185 INIT_LIST_HEAD(&sev->regions_list);
194 static int sev_bind_asid(struct kvm *kvm, unsigned int handle, int *error)
196 struct sev_data_activate *data;
197 int asid = sev_get_asid(kvm);
200 data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT);
204 /* activate ASID on the given handle */
205 data->handle = handle;
207 ret = sev_guest_activate(data, error);
213 static int __sev_issue_cmd(int fd, int id, void *data, int *error)
222 ret = sev_issue_cmd_external_user(f.file, id, data, error);
228 static int sev_issue_cmd(struct kvm *kvm, int id, void *data, int *error)
230 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
232 return __sev_issue_cmd(sev->fd, id, data, error);
235 static int sev_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
237 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
238 struct sev_data_launch_start *start;
239 struct kvm_sev_launch_start params;
240 void *dh_blob, *session_blob;
241 int *error = &argp->error;
247 if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, sizeof(params)))
250 start = kzalloc(sizeof(*start), GFP_KERNEL_ACCOUNT);
255 if (params.dh_uaddr) {
256 dh_blob = psp_copy_user_blob(params.dh_uaddr, params.dh_len);
257 if (IS_ERR(dh_blob)) {
258 ret = PTR_ERR(dh_blob);
262 start->dh_cert_address = __sme_set(__pa(dh_blob));
263 start->dh_cert_len = params.dh_len;
267 if (params.session_uaddr) {
268 session_blob = psp_copy_user_blob(params.session_uaddr, params.session_len);
269 if (IS_ERR(session_blob)) {
270 ret = PTR_ERR(session_blob);
274 start->session_address = __sme_set(__pa(session_blob));
275 start->session_len = params.session_len;
278 start->handle = params.handle;
279 start->policy = params.policy;
281 /* create memory encryption context */
282 ret = __sev_issue_cmd(argp->sev_fd, SEV_CMD_LAUNCH_START, start, error);
286 /* Bind ASID to this guest */
287 ret = sev_bind_asid(kvm, start->handle, error);
291 /* return handle to userspace */
292 params.handle = start->handle;
293 if (copy_to_user((void __user *)(uintptr_t)argp->data, ¶ms, sizeof(params))) {
294 sev_unbind_asid(kvm, start->handle);
299 sev->handle = start->handle;
300 sev->fd = argp->sev_fd;
311 static struct page **sev_pin_memory(struct kvm *kvm, unsigned long uaddr,
312 unsigned long ulen, unsigned long *n,
315 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
316 unsigned long npages, size;
318 unsigned long locked, lock_limit;
320 unsigned long first, last;
323 if (ulen == 0 || uaddr + ulen < uaddr)
324 return ERR_PTR(-EINVAL);
326 /* Calculate number of pages. */
327 first = (uaddr & PAGE_MASK) >> PAGE_SHIFT;
328 last = ((uaddr + ulen - 1) & PAGE_MASK) >> PAGE_SHIFT;
329 npages = (last - first + 1);
331 locked = sev->pages_locked + npages;
332 lock_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
333 if (locked > lock_limit && !capable(CAP_IPC_LOCK)) {
334 pr_err("SEV: %lu locked pages exceed the lock limit of %lu.\n", locked, lock_limit);
335 return ERR_PTR(-ENOMEM);
338 if (WARN_ON_ONCE(npages > INT_MAX))
339 return ERR_PTR(-EINVAL);
341 /* Avoid using vmalloc for smaller buffers. */
342 size = npages * sizeof(struct page *);
343 if (size > PAGE_SIZE)
344 pages = __vmalloc(size, GFP_KERNEL_ACCOUNT | __GFP_ZERO);
346 pages = kmalloc(size, GFP_KERNEL_ACCOUNT);
349 return ERR_PTR(-ENOMEM);
351 /* Pin the user virtual address. */
352 npinned = pin_user_pages_fast(uaddr, npages, write ? FOLL_WRITE : 0, pages);
353 if (npinned != npages) {
354 pr_err("SEV: Failure locking %lu pages.\n", npages);
360 sev->pages_locked = locked;
366 unpin_user_pages(pages, npinned);
372 static void sev_unpin_memory(struct kvm *kvm, struct page **pages,
373 unsigned long npages)
375 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
377 unpin_user_pages(pages, npages);
379 sev->pages_locked -= npages;
382 static void sev_clflush_pages(struct page *pages[], unsigned long npages)
384 uint8_t *page_virtual;
387 if (this_cpu_has(X86_FEATURE_SME_COHERENT) || npages == 0 ||
391 for (i = 0; i < npages; i++) {
392 page_virtual = kmap_atomic(pages[i]);
393 clflush_cache_range(page_virtual, PAGE_SIZE);
394 kunmap_atomic(page_virtual);
398 static unsigned long get_num_contig_pages(unsigned long idx,
399 struct page **inpages, unsigned long npages)
401 unsigned long paddr, next_paddr;
402 unsigned long i = idx + 1, pages = 1;
404 /* find the number of contiguous pages starting from idx */
405 paddr = __sme_page_pa(inpages[idx]);
407 next_paddr = __sme_page_pa(inpages[i++]);
408 if ((paddr + PAGE_SIZE) == next_paddr) {
419 static int sev_launch_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp)
421 unsigned long vaddr, vaddr_end, next_vaddr, npages, pages, size, i;
422 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
423 struct kvm_sev_launch_update_data params;
424 struct sev_data_launch_update_data *data;
425 struct page **inpages;
431 if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, sizeof(params)))
434 data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT);
438 vaddr = params.uaddr;
440 vaddr_end = vaddr + size;
442 /* Lock the user memory. */
443 inpages = sev_pin_memory(kvm, vaddr, size, &npages, 1);
444 if (IS_ERR(inpages)) {
445 ret = PTR_ERR(inpages);
450 * Flush (on non-coherent CPUs) before LAUNCH_UPDATE encrypts pages in
451 * place; the cache may contain the data that was written unencrypted.
453 sev_clflush_pages(inpages, npages);
455 for (i = 0; vaddr < vaddr_end; vaddr = next_vaddr, i += pages) {
459 * If the user buffer is not page-aligned, calculate the offset
462 offset = vaddr & (PAGE_SIZE - 1);
464 /* Calculate the number of pages that can be encrypted in one go. */
465 pages = get_num_contig_pages(i, inpages, npages);
467 len = min_t(size_t, ((pages * PAGE_SIZE) - offset), size);
469 data->handle = sev->handle;
471 data->address = __sme_page_pa(inpages[i]) + offset;
472 ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_UPDATE_DATA, data, &argp->error);
477 next_vaddr = vaddr + len;
481 /* content of memory is updated, mark pages dirty */
482 for (i = 0; i < npages; i++) {
483 set_page_dirty_lock(inpages[i]);
484 mark_page_accessed(inpages[i]);
486 /* unlock the user pages */
487 sev_unpin_memory(kvm, inpages, npages);
493 static int sev_launch_measure(struct kvm *kvm, struct kvm_sev_cmd *argp)
495 void __user *measure = (void __user *)(uintptr_t)argp->data;
496 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
497 struct sev_data_launch_measure *data;
498 struct kvm_sev_launch_measure params;
499 void __user *p = NULL;
506 if (copy_from_user(¶ms, measure, sizeof(params)))
509 data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT);
513 /* User wants to query the blob length */
517 p = (void __user *)(uintptr_t)params.uaddr;
519 if (params.len > SEV_FW_BLOB_MAX_SIZE) {
525 blob = kmalloc(params.len, GFP_KERNEL);
529 data->address = __psp_pa(blob);
530 data->len = params.len;
534 data->handle = sev->handle;
535 ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_MEASURE, data, &argp->error);
538 * If we query the session length, FW responded with expected data.
547 if (copy_to_user(p, blob, params.len))
552 params.len = data->len;
553 if (copy_to_user(measure, ¶ms, sizeof(params)))
562 static int sev_launch_finish(struct kvm *kvm, struct kvm_sev_cmd *argp)
564 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
565 struct sev_data_launch_finish *data;
571 data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT);
575 data->handle = sev->handle;
576 ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_FINISH, data, &argp->error);
582 static int sev_guest_status(struct kvm *kvm, struct kvm_sev_cmd *argp)
584 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
585 struct kvm_sev_guest_status params;
586 struct sev_data_guest_status *data;
592 data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT);
596 data->handle = sev->handle;
597 ret = sev_issue_cmd(kvm, SEV_CMD_GUEST_STATUS, data, &argp->error);
601 params.policy = data->policy;
602 params.state = data->state;
603 params.handle = data->handle;
605 if (copy_to_user((void __user *)(uintptr_t)argp->data, ¶ms, sizeof(params)))
612 static int __sev_issue_dbg_cmd(struct kvm *kvm, unsigned long src,
613 unsigned long dst, int size,
614 int *error, bool enc)
616 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
617 struct sev_data_dbg *data;
620 data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT);
624 data->handle = sev->handle;
625 data->dst_addr = dst;
626 data->src_addr = src;
629 ret = sev_issue_cmd(kvm,
630 enc ? SEV_CMD_DBG_ENCRYPT : SEV_CMD_DBG_DECRYPT,
636 static int __sev_dbg_decrypt(struct kvm *kvm, unsigned long src_paddr,
637 unsigned long dst_paddr, int sz, int *err)
642 * Its safe to read more than we are asked, caller should ensure that
643 * destination has enough space.
645 src_paddr = round_down(src_paddr, 16);
646 offset = src_paddr & 15;
647 sz = round_up(sz + offset, 16);
649 return __sev_issue_dbg_cmd(kvm, src_paddr, dst_paddr, sz, err, false);
652 static int __sev_dbg_decrypt_user(struct kvm *kvm, unsigned long paddr,
653 unsigned long __user dst_uaddr,
654 unsigned long dst_paddr,
657 struct page *tpage = NULL;
660 /* if inputs are not 16-byte then use intermediate buffer */
661 if (!IS_ALIGNED(dst_paddr, 16) ||
662 !IS_ALIGNED(paddr, 16) ||
663 !IS_ALIGNED(size, 16)) {
664 tpage = (void *)alloc_page(GFP_KERNEL);
668 dst_paddr = __sme_page_pa(tpage);
671 ret = __sev_dbg_decrypt(kvm, paddr, dst_paddr, size, err);
677 if (copy_to_user((void __user *)(uintptr_t)dst_uaddr,
678 page_address(tpage) + offset, size))
689 static int __sev_dbg_encrypt_user(struct kvm *kvm, unsigned long paddr,
690 unsigned long __user vaddr,
691 unsigned long dst_paddr,
692 unsigned long __user dst_vaddr,
693 int size, int *error)
695 struct page *src_tpage = NULL;
696 struct page *dst_tpage = NULL;
699 /* If source buffer is not aligned then use an intermediate buffer */
700 if (!IS_ALIGNED(vaddr, 16)) {
701 src_tpage = alloc_page(GFP_KERNEL);
705 if (copy_from_user(page_address(src_tpage),
706 (void __user *)(uintptr_t)vaddr, size)) {
707 __free_page(src_tpage);
711 paddr = __sme_page_pa(src_tpage);
715 * If destination buffer or length is not aligned then do read-modify-write:
716 * - decrypt destination in an intermediate buffer
717 * - copy the source buffer in an intermediate buffer
718 * - use the intermediate buffer as source buffer
720 if (!IS_ALIGNED(dst_vaddr, 16) || !IS_ALIGNED(size, 16)) {
723 dst_tpage = alloc_page(GFP_KERNEL);
729 ret = __sev_dbg_decrypt(kvm, dst_paddr,
730 __sme_page_pa(dst_tpage), size, error);
735 * If source is kernel buffer then use memcpy() otherwise
738 dst_offset = dst_paddr & 15;
741 memcpy(page_address(dst_tpage) + dst_offset,
742 page_address(src_tpage), size);
744 if (copy_from_user(page_address(dst_tpage) + dst_offset,
745 (void __user *)(uintptr_t)vaddr, size)) {
751 paddr = __sme_page_pa(dst_tpage);
752 dst_paddr = round_down(dst_paddr, 16);
753 len = round_up(size, 16);
756 ret = __sev_issue_dbg_cmd(kvm, paddr, dst_paddr, len, error, true);
760 __free_page(src_tpage);
762 __free_page(dst_tpage);
766 static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec)
768 unsigned long vaddr, vaddr_end, next_vaddr;
769 unsigned long dst_vaddr;
770 struct page **src_p, **dst_p;
771 struct kvm_sev_dbg debug;
779 if (copy_from_user(&debug, (void __user *)(uintptr_t)argp->data, sizeof(debug)))
782 if (!debug.len || debug.src_uaddr + debug.len < debug.src_uaddr)
784 if (!debug.dst_uaddr)
787 vaddr = debug.src_uaddr;
789 vaddr_end = vaddr + size;
790 dst_vaddr = debug.dst_uaddr;
792 for (; vaddr < vaddr_end; vaddr = next_vaddr) {
793 int len, s_off, d_off;
795 /* lock userspace source and destination page */
796 src_p = sev_pin_memory(kvm, vaddr & PAGE_MASK, PAGE_SIZE, &n, 0);
798 return PTR_ERR(src_p);
800 dst_p = sev_pin_memory(kvm, dst_vaddr & PAGE_MASK, PAGE_SIZE, &n, 1);
802 sev_unpin_memory(kvm, src_p, n);
803 return PTR_ERR(dst_p);
807 * Flush (on non-coherent CPUs) before DBG_{DE,EN}CRYPT read or modify
808 * the pages; flush the destination too so that future accesses do not
811 sev_clflush_pages(src_p, 1);
812 sev_clflush_pages(dst_p, 1);
815 * Since user buffer may not be page aligned, calculate the
816 * offset within the page.
818 s_off = vaddr & ~PAGE_MASK;
819 d_off = dst_vaddr & ~PAGE_MASK;
820 len = min_t(size_t, (PAGE_SIZE - s_off), size);
823 ret = __sev_dbg_decrypt_user(kvm,
824 __sme_page_pa(src_p[0]) + s_off,
826 __sme_page_pa(dst_p[0]) + d_off,
829 ret = __sev_dbg_encrypt_user(kvm,
830 __sme_page_pa(src_p[0]) + s_off,
832 __sme_page_pa(dst_p[0]) + d_off,
836 sev_unpin_memory(kvm, src_p, n);
837 sev_unpin_memory(kvm, dst_p, n);
842 next_vaddr = vaddr + len;
843 dst_vaddr = dst_vaddr + len;
850 static int sev_launch_secret(struct kvm *kvm, struct kvm_sev_cmd *argp)
852 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
853 struct sev_data_launch_secret *data;
854 struct kvm_sev_launch_secret params;
863 if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, sizeof(params)))
866 pages = sev_pin_memory(kvm, params.guest_uaddr, params.guest_len, &n, 1);
868 return PTR_ERR(pages);
871 * Flush (on non-coherent CPUs) before LAUNCH_SECRET encrypts pages in
872 * place; the cache may contain the data that was written unencrypted.
874 sev_clflush_pages(pages, n);
877 * The secret must be copied into contiguous memory region, lets verify
878 * that userspace memory pages are contiguous before we issue command.
880 if (get_num_contig_pages(0, pages, n) != n) {
886 data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT);
890 offset = params.guest_uaddr & (PAGE_SIZE - 1);
891 data->guest_address = __sme_page_pa(pages[0]) + offset;
892 data->guest_len = params.guest_len;
894 blob = psp_copy_user_blob(params.trans_uaddr, params.trans_len);
900 data->trans_address = __psp_pa(blob);
901 data->trans_len = params.trans_len;
903 hdr = psp_copy_user_blob(params.hdr_uaddr, params.hdr_len);
908 data->hdr_address = __psp_pa(hdr);
909 data->hdr_len = params.hdr_len;
911 data->handle = sev->handle;
912 ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_UPDATE_SECRET, data, &argp->error);
921 /* content of memory is updated, mark pages dirty */
922 for (i = 0; i < n; i++) {
923 set_page_dirty_lock(pages[i]);
924 mark_page_accessed(pages[i]);
926 sev_unpin_memory(kvm, pages, n);
930 int svm_mem_enc_op(struct kvm *kvm, void __user *argp)
932 struct kvm_sev_cmd sev_cmd;
935 if (!svm_sev_enabled())
941 if (copy_from_user(&sev_cmd, argp, sizeof(struct kvm_sev_cmd)))
944 mutex_lock(&kvm->lock);
946 switch (sev_cmd.id) {
948 r = sev_guest_init(kvm, &sev_cmd);
950 case KVM_SEV_LAUNCH_START:
951 r = sev_launch_start(kvm, &sev_cmd);
953 case KVM_SEV_LAUNCH_UPDATE_DATA:
954 r = sev_launch_update_data(kvm, &sev_cmd);
956 case KVM_SEV_LAUNCH_MEASURE:
957 r = sev_launch_measure(kvm, &sev_cmd);
959 case KVM_SEV_LAUNCH_FINISH:
960 r = sev_launch_finish(kvm, &sev_cmd);
962 case KVM_SEV_GUEST_STATUS:
963 r = sev_guest_status(kvm, &sev_cmd);
965 case KVM_SEV_DBG_DECRYPT:
966 r = sev_dbg_crypt(kvm, &sev_cmd, true);
968 case KVM_SEV_DBG_ENCRYPT:
969 r = sev_dbg_crypt(kvm, &sev_cmd, false);
971 case KVM_SEV_LAUNCH_SECRET:
972 r = sev_launch_secret(kvm, &sev_cmd);
979 if (copy_to_user(argp, &sev_cmd, sizeof(struct kvm_sev_cmd)))
983 mutex_unlock(&kvm->lock);
987 int svm_register_enc_region(struct kvm *kvm,
988 struct kvm_enc_region *range)
990 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
991 struct enc_region *region;
997 if (range->addr > ULONG_MAX || range->size > ULONG_MAX)
1000 region = kzalloc(sizeof(*region), GFP_KERNEL_ACCOUNT);
1004 region->pages = sev_pin_memory(kvm, range->addr, range->size, ®ion->npages, 1);
1005 if (IS_ERR(region->pages)) {
1006 ret = PTR_ERR(region->pages);
1011 * The guest may change the memory encryption attribute from C=0 -> C=1
1012 * or vice versa for this memory range. Lets make sure caches are
1013 * flushed to ensure that guest data gets written into memory with
1016 sev_clflush_pages(region->pages, region->npages);
1018 region->uaddr = range->addr;
1019 region->size = range->size;
1021 mutex_lock(&kvm->lock);
1022 list_add_tail(®ion->list, &sev->regions_list);
1023 mutex_unlock(&kvm->lock);
1032 static struct enc_region *
1033 find_enc_region(struct kvm *kvm, struct kvm_enc_region *range)
1035 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
1036 struct list_head *head = &sev->regions_list;
1037 struct enc_region *i;
1039 list_for_each_entry(i, head, list) {
1040 if (i->uaddr == range->addr &&
1041 i->size == range->size)
1048 static void __unregister_enc_region_locked(struct kvm *kvm,
1049 struct enc_region *region)
1051 sev_unpin_memory(kvm, region->pages, region->npages);
1052 list_del(®ion->list);
1056 int svm_unregister_enc_region(struct kvm *kvm,
1057 struct kvm_enc_region *range)
1059 struct enc_region *region;
1062 mutex_lock(&kvm->lock);
1064 if (!sev_guest(kvm)) {
1069 region = find_enc_region(kvm, range);
1076 * Ensure that all guest tagged cache entries are flushed before
1077 * releasing the pages back to the system for use. CLFLUSH will
1078 * not do this, so issue a WBINVD.
1080 wbinvd_on_all_cpus();
1082 __unregister_enc_region_locked(kvm, region);
1084 mutex_unlock(&kvm->lock);
1088 mutex_unlock(&kvm->lock);
1092 void sev_vm_destroy(struct kvm *kvm)
1094 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
1095 struct list_head *head = &sev->regions_list;
1096 struct list_head *pos, *q;
1098 if (!sev_guest(kvm))
1101 mutex_lock(&kvm->lock);
1104 * Ensure that all guest tagged cache entries are flushed before
1105 * releasing the pages back to the system for use. CLFLUSH will
1106 * not do this, so issue a WBINVD.
1108 wbinvd_on_all_cpus();
1111 * if userspace was terminated before unregistering the memory regions
1112 * then lets unpin all the registered memory.
1114 if (!list_empty(head)) {
1115 list_for_each_safe(pos, q, head) {
1116 __unregister_enc_region_locked(kvm,
1117 list_entry(pos, struct enc_region, list));
1122 mutex_unlock(&kvm->lock);
1124 sev_unbind_asid(kvm, sev->handle);
1125 sev_asid_free(sev->asid);
1128 int __init sev_hardware_setup(void)
1130 struct sev_user_data_status *status;
1133 /* Maximum number of encrypted guests supported simultaneously */
1134 max_sev_asid = cpuid_ecx(0x8000001F);
1136 if (!svm_sev_enabled())
1139 /* Minimum ASID value that should be used for SEV guest */
1140 min_sev_asid = cpuid_edx(0x8000001F);
1142 /* Initialize SEV ASID bitmaps */
1143 sev_asid_bitmap = bitmap_zalloc(max_sev_asid, GFP_KERNEL);
1144 if (!sev_asid_bitmap)
1147 sev_reclaim_asid_bitmap = bitmap_zalloc(max_sev_asid, GFP_KERNEL);
1148 if (!sev_reclaim_asid_bitmap)
1151 status = kmalloc(sizeof(*status), GFP_KERNEL);
1156 * Check SEV platform status.
1158 * PLATFORM_STATUS can be called in any state, if we failed to query
1159 * the PLATFORM status then either PSP firmware does not support SEV
1160 * feature or SEV firmware is dead.
1162 rc = sev_platform_status(status, NULL);
1166 pr_info("SEV supported\n");
1173 void sev_hardware_teardown(void)
1175 if (!svm_sev_enabled())
1178 bitmap_free(sev_asid_bitmap);
1179 bitmap_free(sev_reclaim_asid_bitmap);
1184 void pre_sev_run(struct vcpu_svm *svm, int cpu)
1186 struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
1187 int asid = sev_get_asid(svm->vcpu.kvm);
1189 /* Assign the asid allocated with this SEV guest */
1190 svm->vmcb->control.asid = asid;
1195 * 1) when different VMCB for the same ASID is to be run on the same host CPU.
1196 * 2) or this VMCB was executed on different host CPU in previous VMRUNs.
1198 if (sd->sev_vmcbs[asid] == svm->vmcb &&
1199 svm->vcpu.arch.last_vmentry_cpu == cpu)
1202 sd->sev_vmcbs[asid] = svm->vmcb;
1203 svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ASID;
1204 vmcb_mark_dirty(svm->vmcb, VMCB_ASID);