On Fri, May 10, 2024 at 04:10:14PM -0500, Michael Roth wrote:
> SEV-SNP VMs can ask the hypervisor to change the page state in the RMP
> table to be private or shared using the Page State Change NAE event
> as defined in the GHCB specification version 2.
>
> Forward these requests to userspace as KVM_EXIT_VMGEXITs, similar to how
> it is done for requests that don't use a GHCB page.
>
> As with the MSR-based page-state changes, use the existing
> KVM_HC_MAP_GPA_RANGE hypercall format to deliver these requests to
> userspace via KVM_EXIT_HYPERCALL.
>
> Signed-off-by: Michael Roth <michael.roth@xxxxxxx>
> Co-developed-by: Brijesh Singh <brijesh.singh@xxxxxxx>
> Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
> Signed-off-by: Ashish Kalra <ashish.kalra@xxxxxxx>
> Message-ID: <20240501085210.2213060-11-michael.roth@xxxxxxx>
> Co-developed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> ---
> arch/x86/include/asm/sev-common.h | 11 ++
> arch/x86/kvm/svm/sev.c | 188 ++++++++++++++++++++++++++++++
> arch/x86/kvm/svm/svm.h | 5 +
> 3 files changed, 204 insertions(+)
>
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index 438f2e8b8152..46669431b53d 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -3274,6 +3274,10 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm)
> case SVM_VMGEXIT_HV_FEATURES:
> case SVM_VMGEXIT_TERM_REQUEST:
> break;
> + case SVM_VMGEXIT_PSC:
> + if (!sev_snp_guest(vcpu->kvm) || !kvm_ghcb_sw_scratch_is_valid(svm))
> + goto vmgexit_err;
> + break;
> default:
> reason = GHCB_ERR_INVALID_EVENT;
> goto vmgexit_err;
> @@ -3503,6 +3507,183 @@ static int snp_begin_psc_msr(struct vcpu_svm *svm, u64 ghcb_msr)
> return 0; /* forward request to userspace */
> }
>
> +struct psc_buffer {
> + struct psc_hdr hdr;
> + struct psc_entry entries[];
> +} __packed;
> +
> +static int snp_begin_psc(struct vcpu_svm *svm, struct psc_buffer *psc);
> +
> +static void snp_complete_psc(struct vcpu_svm *svm, u64 psc_ret)
> +{
> + svm->sev_es.psc_inflight = 0;
> + svm->sev_es.psc_idx = 0;
> + svm->sev_es.psc_2m = false;
> + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, VMGEXIT_PSC_ERROR_GENERIC);
Unfortunately an important local change didn't make its way into the tagged
branch (commit 4b3f0135f759). I've updated the pull tag (tags/kvm-queue-snp)
to point to the updated branch (commit e704293d704d), which contains only
the following additional change:
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 398266bef2ca..57c2c8025547 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -3560,7 +3560,7 @@ static void snp_complete_psc(struct vcpu_svm *svm, u64 psc_ret)
svm->sev_es.psc_inflight = 0;
svm->sev_es.psc_idx = 0;
svm->sev_es.psc_2m = false;
- ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, VMGEXIT_PSC_ERROR_GENERIC);
+ ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, psc_ret);
}
static void __snp_complete_one_psc(struct vcpu_svm *svm)
