Re: [PATCH v7 00/45] Add AMD Secure Nested Paging (SEV-SNP) Guest Support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2021-11-10 16:06:46 -0600, Brijesh Singh wrote:
> This part of Secure Encrypted Paging (SEV-SNP) series focuses on the changes
> required in a guest OS for SEV-SNP support.
> 
> SEV-SNP builds upon existing SEV and SEV-ES functionality while adding
> new hardware-based memory protections. SEV-SNP adds strong memory integrity
> protection to help prevent malicious hypervisor-based attacks like data
> replay, memory re-mapping and more in order to create an isolated memory
> encryption environment.
>  
> This series provides the basic building blocks to support booting the SEV-SNP
> VMs, it does not cover all the security enhancement introduced by the SEV-SNP
> such as interrupt protection.
> 
> Many of the integrity guarantees of SEV-SNP are enforced through a new
> structure called the Reverse Map Table (RMP). Adding a new page to SEV-SNP
> VM requires a 2-step process. First, the hypervisor assigns a page to the
> guest using the new RMPUPDATE instruction. This transitions the page to
> guest-invalid. Second, the guest validates the page using the new PVALIDATE
> instruction. The SEV-SNP VMs can use the new "Page State Change Request NAE"
> defined in the GHCB specification to ask hypervisor to add or remove page
> from the RMP table.
> 
> Each page assigned to the SEV-SNP VM can either be validated or unvalidated,
> as indicated by the Validated flag in the page's RMP entry. There are two
> approaches that can be taken for the page validation: Pre-validation and
> Lazy Validation.
> 
> Under pre-validation, the pages are validated prior to first use. And under
> lazy validation, pages are validated when first accessed. An access to a
> unvalidated page results in a #VC exception, at which time the exception
> handler may validate the page. Lazy validation requires careful tracking of
> the validated pages to avoid validating the same GPA more than once. The
> recently introduced "Unaccepted" memory type can be used to communicate the
> unvalidated memory ranges to the Guest OS.
> 
> At this time we only sypport the pre-validation, the OVMF guest BIOS
> validates the entire RAM before the control is handed over to the guest kernel.
> The early_set_memory_{encrypt,decrypt} and set_memory_{encrypt,decrypt} are
> enlightened to perform the page validation or invalidation while setting or
> clearing the encryption attribute from the page table.
> 
> This series does not provide support for the Interrupt security yet which will
> be added after the base support.
> 
> The series is based on tip/master
>   ea79c24a30aa (origin/master, origin/HEAD, master) Merge branch 'timers/urgent'

I am looking at
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git,
and I cannot find the commit ea79c24a30aa there. Am I looking at the
wrong tree?

Venu

> 
> Additional resources
> ---------------------
> SEV-SNP whitepaper
> https://www.amd.com/system/files/TechDocs/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf
>  
> APM 2: https://www.amd.com/system/files/TechDocs/24593.pdf
> (section 15.36)
> 
> GHCB spec:
> https://developer.amd.com/wp-content/resources/56421.pdf
> 
> SEV-SNP firmware specification:
> https://developer.amd.com/sev/
> 
> v6: https://lore.kernel.org/linux-mm/20211008180453.462291-1-brijesh.singh@xxxxxxx/
> v5: https://lore.kernel.org/lkml/20210820151933.22401-1-brijesh.singh@xxxxxxx/
> 
> Changes since v6:
>  * Add rmpadjust() helper to be used by AP creation and vmpl0 detect function.
>  * Clear the VM communication key if guest detects that hypervisor is modifying
>    the SNP_GUEST_REQ response header.
>  * Move the per-cpu GHCB registration from first #VC to idt setup.
>  * Consolidate initial SEV/SME setup into a common entry point that gets called
>    early enough to also be used for SEV-SNP CPUID table setup.
>  * SNP CPUID: separate initial SEV-SNP feature detection out into standalone
>    snp_init() routines, then add CPUID table setup to it as a separate patch.
>  * SNP CPUID: fix boot issue with Seabios due to ACPI relying on certain EFI
>    config table lookup failures as fallthrough cases rather than error cases.
>  * SNP CPUID: drop the use of a separate init routines to handle pointer fixups
>    after switching to kernel virtual addresses, instead use a helper that uses
>    RIP-relative addressing to access CPUID table when either on identity mapping
>    or kernel virtual addresses.
> 
> Changes since v5:
>  * move the seqno allocation in the sevguest driver.
>  * extend snp_issue_guest_request() to accept the exit_info to simplify the logic.
>  * use smaller structure names based on feedback.
>  * explicitly clear the memory after the SNP guest request is completed.
>  * cpuid validation: use a local copy of cpuid table instead of keeping
>    firmware table mapped throughout boot.
>  * cpuid validation: coding style fix-ups and refactor cpuid-related helpers
>    as suggested.
>  * cpuid validation: drop a number of BOOT_COMPRESSED-guarded defs/declarations
>    by moving things like snp_cpuid_init*() out of sev-shared.c and keeping only
>    the common bits there.
>  * Break up EFI config table helpers and related acpi.c changes into separate
>    patches.
>  * re-enable stack protection for 32-bit kernels as well, not just 64-bit
> 
> Changes since v4:
>  * Address the cpuid specific review comment
>  * Simplified the macro based on the review feedback
>  * Move macro definition to the patch that needs it
>  * Fix the issues reported by the checkpath
>  * Address the AP creation specific review comment
> 
> Changes since v3:
>  * Add support to use the PSP filtered CPUID.
>  * Add support for the extended guest request.
>  * Move sevguest driver in driver/virt/coco.
>  * Add documentation for sevguest ioctl.
>  * Add support to check the vmpl0.
>  * Pass the VM encryption key and id to be used for encrypting guest messages
>    through the platform drv data.
>  * Multiple cleanup and fixes to address the review feedbacks.
> 
> Changes since v2:
>  * Add support for AP startup using SNP specific vmgexit.
>  * Add snp_prep_memory() helper.
>  * Drop sev_snp_active() helper.
>  * Add sev_feature_enabled() helper to check which SEV feature is active.
>  * Sync the SNP guest message request header with latest SNP FW spec.
>  * Multiple cleanup and fixes to address the review feedbacks.
> 
> Changes since v1:
>  * Integerate the SNP support in sev.{ch}.
>  * Add support to query the hypervisor feature and detect whether SNP is supported.
>  * Define Linux specific reason code for the SNP guest termination.
>  * Extend the setup_header provide a way for hypervisor to pass secret and cpuid page.
>  * Add support to create a platform device and driver to query the attestation report
>    and the derive a key.
>  * Multiple cleanup and fixes to address Boris's review fedback.
> 
> Borislav Petkov (3):
>   x86/sev: Get rid of excessive use of defines
>   x86/head64: Carve out the guest encryption postprocessing into a
>     helper
>   x86/sev: Remove do_early_exception() forward declarations
> 
> Brijesh Singh (22):
>   x86/mm: Extend cc_attr to include AMD SEV-SNP
>   x86/sev: Shorten GHCB terminate macro names
>   x86/sev: Define the Linux specific guest termination reasons
>   x86/sev: Save the negotiated GHCB version
>   x86/sev: Add support for hypervisor feature VMGEXIT
>   x86/sev: Check SEV-SNP features support
>   x86/sev: Add a helper for the PVALIDATE instruction
>   x86/sev: Check the vmpl level
>   x86/compressed: Add helper for validating pages in the decompression
>     stage
>   x86/compressed: Register GHCB memory when SEV-SNP is active
>   x86/sev: Register GHCB memory when SEV-SNP is active
>   x86/sev: Add helper for validating pages in early enc attribute
>     changes
>   x86/kernel: Make the bss.decrypted section shared in RMP table
>   x86/kernel: Validate rom memory before accessing when SEV-SNP is
>     active
>   x86/mm: Add support to validate memory when changing C-bit
>   KVM: SVM: Define sev_features and vmpl field in the VMSA
>   x86/boot: Add Confidential Computing type to setup_data
>   x86/sev: Provide support for SNP guest request NAEs
>   x86/sev: Register SNP guest request platform device
>   virt: Add SEV-SNP guest driver
>   virt: sevguest: Add support to derive key
>   virt: sevguest: Add support to get extended report
> 
> Michael Roth (16):
>   x86/compressed/64: detect/setup SEV/SME features earlier in boot
>   x86/sev: detect/setup SEV/SME features earlier in boot
>   x86/head: re-enable stack protection for 32/64-bit builds
>   x86/sev: move MSR-based VMGEXITs for CPUID to helper
>   KVM: x86: move lookup of indexed CPUID leafs to helper
>   x86/compressed/acpi: move EFI system table lookup to helper
>   x86/compressed/acpi: move EFI config table lookup to helper
>   x86/compressed/acpi: move EFI vendor table lookup to helper
>   KVM: SEV: Add documentation for SEV-SNP CPUID Enforcement
>   x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers
>   x86/boot: add a pointer to Confidential Computing blob in bootparams
>   x86/compressed: add SEV-SNP feature detection/setup
>   x86/compressed: use firmware-validated CPUID for SEV-SNP guests
>   x86/compressed/64: add identity mapping for Confidential Computing
>     blob
>   x86/sev: add SEV-SNP feature detection/setup
>   x86/sev: use firmware-validated CPUID for SEV-SNP guests
> 
> Tom Lendacky (4):
>   KVM: SVM: Create a separate mapping for the SEV-ES save area
>   KVM: SVM: Create a separate mapping for the GHCB save area
>   KVM: SVM: Update the SEV-ES save area mapping
>   x86/sev: Use SEV-SNP AP creation to start secondary CPUs
> 
>  Documentation/virt/coco/sevguest.rst          | 117 +++
>  .../virt/kvm/amd-memory-encryption.rst        |  28 +
>  arch/x86/boot/compressed/Makefile             |   1 +
>  arch/x86/boot/compressed/acpi.c               | 129 +--
>  arch/x86/boot/compressed/efi.c                | 178 ++++
>  arch/x86/boot/compressed/head_64.S            |   8 +-
>  arch/x86/boot/compressed/ident_map_64.c       |  44 +-
>  arch/x86/boot/compressed/mem_encrypt.S        |  36 -
>  arch/x86/boot/compressed/misc.h               |  44 +-
>  arch/x86/boot/compressed/sev.c                | 243 ++++-
>  arch/x86/include/asm/bootparam_utils.h        |   1 +
>  arch/x86/include/asm/cpuid.h                  |  26 +
>  arch/x86/include/asm/msr-index.h              |   2 +
>  arch/x86/include/asm/setup.h                  |   2 +-
>  arch/x86/include/asm/sev-common.h             | 137 ++-
>  arch/x86/include/asm/sev.h                    |  96 +-
>  arch/x86/include/asm/svm.h                    | 171 +++-
>  arch/x86/include/uapi/asm/bootparam.h         |   4 +-
>  arch/x86/include/uapi/asm/svm.h               |  13 +
>  arch/x86/kernel/Makefile                      |   1 -
>  arch/x86/kernel/cc_platform.c                 |   2 +
>  arch/x86/kernel/cpu/common.c                  |   5 +
>  arch/x86/kernel/head64.c                      |  78 +-
>  arch/x86/kernel/head_64.S                     |  24 +
>  arch/x86/kernel/probe_roms.c                  |  13 +-
>  arch/x86/kernel/sev-shared.c                  | 554 +++++++++++-
>  arch/x86/kernel/sev.c                         | 838 ++++++++++++++++--
>  arch/x86/kernel/smpboot.c                     |   3 +
>  arch/x86/kvm/cpuid.c                          |  17 +-
>  arch/x86/kvm/svm/sev.c                        |  24 +-
>  arch/x86/kvm/svm/svm.c                        |   4 +-
>  arch/x86/kvm/svm/svm.h                        |   2 +-
>  arch/x86/mm/mem_encrypt.c                     |  55 +-
>  arch/x86/mm/mem_encrypt_identity.c            |   8 +
>  arch/x86/mm/pat/set_memory.c                  |  15 +
>  drivers/virt/Kconfig                          |   3 +
>  drivers/virt/Makefile                         |   1 +
>  drivers/virt/coco/sevguest/Kconfig            |   9 +
>  drivers/virt/coco/sevguest/Makefile           |   2 +
>  drivers/virt/coco/sevguest/sevguest.c         | 743 ++++++++++++++++
>  drivers/virt/coco/sevguest/sevguest.h         |  98 ++
>  include/linux/cc_platform.h                   |   8 +
>  include/linux/efi.h                           |   1 +
>  include/uapi/linux/sev-guest.h                |  81 ++
>  44 files changed, 3524 insertions(+), 345 deletions(-)
>  create mode 100644 Documentation/virt/coco/sevguest.rst
>  create mode 100644 arch/x86/boot/compressed/efi.c
>  create mode 100644 arch/x86/include/asm/cpuid.h
>  create mode 100644 drivers/virt/coco/sevguest/Kconfig
>  create mode 100644 drivers/virt/coco/sevguest/Makefile
>  create mode 100644 drivers/virt/coco/sevguest/sevguest.c
>  create mode 100644 drivers/virt/coco/sevguest/sevguest.h
>  create mode 100644 include/uapi/linux/sev-guest.h
> 
> -- 
> 2.25.1
> 



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux