SEV-SNP guests are required to perform a GHCB GPA registration (see section 2.5.2 in GHCB specification). Before using a GHCB GPA for a vCPU the first time, a guest must register the vCPU GHCB GPA. If hypervisor can work with the guest requested GPA then it must respond back with the same GPA otherwise return -1. On VMEXIT, Verify that GHCB GPA matches with the registered value. If a mismatch is detected then abort the guest. Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx> --- arch/x86/include/asm/sev-common.h | 1 + arch/x86/kvm/svm/sev.c | 25 +++++++++++++++++++++++++ arch/x86/kvm/svm/svm.h | 7 +++++++ 3 files changed, 33 insertions(+) diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h index 97137f1a567b..e7c6ce2ce45e 100644 --- a/arch/x86/include/asm/sev-common.h +++ b/arch/x86/include/asm/sev-common.h @@ -93,6 +93,7 @@ GHCB_MSR_GPA_REG_REQ) #define GHCB_MSR_GPA_REG_RESP 0x013 +#define GHCB_MSR_GPA_REG_ERROR GENMASK_ULL(51, 0) #define GHCB_MSR_GPA_REG_RESP_VAL(v) ((v) >> GHCB_MSR_GPA_REG_VALUE_POS) /* SNP Page State Change NAE event */ diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 6b0c230c5f37..81c0fc883261 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2900,6 +2900,25 @@ static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) GHCB_MSR_INFO_MASK, GHCB_MSR_INFO_POS); break; } + case GHCB_MSR_GPA_REG_REQ: { + kvm_pfn_t pfn; + u64 gfn; + + gfn = get_ghcb_msr_bits(svm, GHCB_MSR_GPA_REG_GFN_MASK, + GHCB_MSR_GPA_REG_VALUE_POS); + + pfn = kvm_vcpu_gfn_to_pfn(vcpu, gfn); + if (is_error_noslot_pfn(pfn)) + gfn = GHCB_MSR_GPA_REG_ERROR; + else + svm->ghcb_registered_gpa = gfn_to_gpa(gfn); + + set_ghcb_msr_bits(svm, gfn, GHCB_MSR_GPA_REG_GFN_MASK, + GHCB_MSR_GPA_REG_VALUE_POS); + set_ghcb_msr_bits(svm, GHCB_MSR_GPA_REG_RESP, GHCB_MSR_INFO_MASK, + GHCB_MSR_INFO_POS); + break; + } case GHCB_MSR_TERM_REQ: { u64 reason_set, reason_code; @@ -2948,6 +2967,12 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) return -EINVAL; } + /* SEV-SNP guest requires that the GHCB GPA must be registered */ + if (sev_snp_guest(svm->vcpu.kvm) && !ghcb_gpa_is_registered(svm, ghcb_gpa)) { + vcpu_unimpl(&svm->vcpu, "vmgexit: GHCB GPA [%#llx] is not registered.\n", ghcb_gpa); + return -EINVAL; + } + svm->ghcb = svm->ghcb_map.hva; ghcb = svm->ghcb_map.hva; diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 32abcbd774d0..af4cce39b30f 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -185,6 +185,8 @@ struct vcpu_svm { bool ghcb_sa_free; bool guest_state_loaded; + + u64 ghcb_registered_gpa; }; struct svm_cpu_data { @@ -245,6 +247,11 @@ static inline bool sev_snp_guest(struct kvm *kvm) #endif } +static inline bool ghcb_gpa_is_registered(struct vcpu_svm *svm, u64 val) +{ + return svm->ghcb_registered_gpa == val; +} + static inline void vmcb_mark_all_dirty(struct vmcb *vmcb) { vmcb->control.clean = 0; -- 2.17.1