Merge branch 'kvm-6.11-sev-snp' into HEAD

Returns: 0 on success, -negative on error

18. KVM_SEV_SNP_LAUNCH_START

----------------------------

The KVM_SNP_LAUNCH_START command is used for creating the memory encryption

context for the SEV-SNP guest. It must be called prior to issuing

KVM_SEV_SNP_LAUNCH_UPDATE or KVM_SEV_SNP_LAUNCH_FINISH;

Parameters (in): struct  kvm_sev_snp_launch_start

Returns: 0 on success, -negative on error

::

        struct kvm_sev_snp_launch_start {

                __u64 policy;           /* Guest policy to use. */

                __u8 gosvw[16];         /* Guest OS visible workarounds. */

                __u16 flags;            /* Must be zero. */

                __u8 pad0[6];

                __u64 pad1[4];

        };

See SNP_LAUNCH_START in the SEV-SNP specification [snp-fw-abi]_ for further

details on the input parameters in ``struct kvm_sev_snp_launch_start``.

19. KVM_SEV_SNP_LAUNCH_UPDATE

-----------------------------

The KVM_SEV_SNP_LAUNCH_UPDATE command is used for loading userspace-provided

data into a guest GPA range, measuring the contents into the SNP guest context

created by KVM_SEV_SNP_LAUNCH_START, and then encrypting/validating that GPA

range so that it will be immediately readable using the encryption key

associated with the guest context once it is booted, after which point it can

attest the measurement associated with its context before unlocking any

secrets.

It is required that the GPA ranges initialized by this command have had the

KVM_MEMORY_ATTRIBUTE_PRIVATE attribute set in advance. See the documentation

for KVM_SET_MEMORY_ATTRIBUTES for more details on this aspect.

Upon success, this command is not guaranteed to have processed the entire

range requested. Instead, the ``gfn_start``, ``uaddr``, and ``len`` fields of

``struct kvm_sev_snp_launch_update`` will be updated to correspond to the

remaining range that has yet to be processed. The caller should continue

calling this command until those fields indicate the entire range has been

processed, e.g. ``len`` is 0, ``gfn_start`` is equal to the last GFN in the

range plus 1, and ``uaddr`` is the last byte of the userspace-provided source

buffer address plus 1. In the case where ``type`` is KVM_SEV_SNP_PAGE_TYPE_ZERO,

``uaddr`` will be ignored completely.

Parameters (in): struct  kvm_sev_snp_launch_update

Returns: 0 on success, < 0 on error, -EAGAIN if caller should retry

::

        struct kvm_sev_snp_launch_update {

                __u64 gfn_start;        /* Guest page number to load/encrypt data into. */

                __u64 uaddr;            /* Userspace address of data to be loaded/encrypted. */

                __u64 len;              /* 4k-aligned length in bytes to copy into guest memory.*/

                __u8 type;              /* The type of the guest pages being initialized. */

                __u8 pad0;

                __u16 flags;            /* Must be zero. */

                __u32 pad1;

                __u64 pad2[4];

        };

where the allowed values for page_type are #define'd as::

        KVM_SEV_SNP_PAGE_TYPE_NORMAL

        KVM_SEV_SNP_PAGE_TYPE_ZERO

        KVM_SEV_SNP_PAGE_TYPE_UNMEASURED

        KVM_SEV_SNP_PAGE_TYPE_SECRETS

        KVM_SEV_SNP_PAGE_TYPE_CPUID

See the SEV-SNP spec [snp-fw-abi]_ for further details on how each page type is

used/measured.

20. KVM_SEV_SNP_LAUNCH_FINISH

-----------------------------

After completion of the SNP guest launch flow, the KVM_SEV_SNP_LAUNCH_FINISH

command can be issued to make the guest ready for execution.

Parameters (in): struct kvm_sev_snp_launch_finish

Returns: 0 on success, -negative on error

::

        struct kvm_sev_snp_launch_finish {

                __u64 id_block_uaddr;

                __u64 id_auth_uaddr;

                __u8 id_block_en;

                __u8 auth_key_en;

                __u8 vcek_disabled;

                __u8 host_data[32];

                __u8 pad0[3];

                __u16 flags;                    /* Must be zero */

                __u64 pad1[4];

        };

See SNP_LAUNCH_FINISH in the SEV-SNP specification [snp-fw-abi]_ for further

details on the input parameters in ``struct kvm_sev_snp_launch_finish``.

Device attribute API

====================

==========

See [white-paper]_, [api-spec]_, [amd-apm]_ and [kvm-forum]_ for more info.

See [white-paper]_, [api-spec]_, [amd-apm]_, [kvm-forum]_, and [snp-fw-abi]_

for more info.

.. [white-paper] https://developer.amd.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf

.. [api-spec] https://support.amd.com/TechDocs/55766_SEV-KM_API_Specification.pdf

.. [amd-apm] https://support.amd.com/TechDocs/24593.pdf (section 15.34)

.. [kvm-forum]  https://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf

.. [snp-fw-abi] https://www.amd.com/system/files/TechDocs/56860.pdf

KVM_X86_OP_OPTIONAL_RET0(vcpu_get_apicv_inhibit_reasons);

KVM_X86_OP_OPTIONAL(get_untagged_addr)

KVM_X86_OP_OPTIONAL(alloc_apic_backing_page)

KVM_X86_OP_OPTIONAL_RET0(gmem_prepare)

KVM_X86_OP_OPTIONAL_RET0(private_max_mapping_level)

KVM_X86_OP_OPTIONAL(gmem_invalidate)

#undef KVM_X86_OP

#undef KVM_X86_OP_OPTIONAL

	KVM_ARCH_REQ_FLAGS(31, KVM_REQUEST_WAIT | KVM_REQUEST_NO_WAKEUP)

#define KVM_REQ_HV_TLB_FLUSH \

	KVM_ARCH_REQ_FLAGS(32, KVM_REQUEST_WAIT | KVM_REQUEST_NO_WAKEUP)

#define KVM_REQ_UPDATE_PROTECTED_GUEST_STATE	KVM_ARCH_REQ(34)

#define CR0_RESERVED_BITS                                               \

	(~(unsigned long)(X86_CR0_PE | X86_CR0_MP | X86_CR0_EM | X86_CR0_TS \

	gva_t (*get_untagged_addr)(struct kvm_vcpu *vcpu, gva_t gva, unsigned int flags);

	void *(*alloc_apic_backing_page)(struct kvm_vcpu *vcpu);

	int (*gmem_prepare)(struct kvm *kvm, kvm_pfn_t pfn, gfn_t gfn, int max_order);

	void (*gmem_invalidate)(kvm_pfn_t start, kvm_pfn_t end);

	int (*private_max_mapping_level)(struct kvm *kvm, kvm_pfn_t pfn);

};

struct kvm_x86_nested_ops {

				   const struct kvm_memory_slot *memslot);

void kvm_mmu_invalidate_mmio_sptes(struct kvm *kvm, u64 gen);

void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned long kvm_nr_mmu_pages);

void kvm_zap_gfn_range(struct kvm *kvm, gfn_t gfn_start, gfn_t gfn_end);

int load_pdptrs(struct kvm_vcpu *vcpu, unsigned long cr3);

#define GHCB_MSR_AP_RESET_HOLD_RESULT_POS	12

#define GHCB_MSR_AP_RESET_HOLD_RESULT_MASK	GENMASK_ULL(51, 0)

/* Preferred GHCB GPA Request */

#define GHCB_MSR_PREF_GPA_REQ		0x010

#define GHCB_MSR_GPA_VALUE_POS		12

#define GHCB_MSR_GPA_VALUE_MASK		GENMASK_ULL(51, 0)

#define GHCB_MSR_PREF_GPA_RESP		0x011

#define GHCB_MSR_PREF_GPA_NONE		0xfffffffffffff

/* GHCB GPA Register */

#define GHCB_MSR_REG_GPA_REQ		0x012

#define GHCB_MSR_REG_GPA_REQ_VAL(v)			\

	/* GHCBData[11:0] */				\

	GHCB_MSR_PSC_REQ)

#define GHCB_MSR_PSC_REQ_TO_GFN(msr) (((msr) & GENMASK_ULL(51, 12)) >> 12)

#define GHCB_MSR_PSC_REQ_TO_OP(msr) (((msr) & GENMASK_ULL(55, 52)) >> 52)

#define GHCB_MSR_PSC_RESP		0x015

#define GHCB_MSR_PSC_RESP_VAL(val)			\

	/* GHCBData[63:32] */				\

	(((u64)(val) & GENMASK_ULL(63, 32)) >> 32)

/* Set highest bit as a generic error response */

#define GHCB_MSR_PSC_RESP_ERROR (BIT_ULL(63) | GHCB_MSR_PSC_RESP)

/* GHCB Hypervisor Feature Request/Response */

#define GHCB_MSR_HV_FT_REQ		0x080

#define GHCB_MSR_HV_FT_RESP		0x081

 *   The VMGEXIT_PSC_MAX_ENTRY determines the size of the PSC structure, which

 *   is a local stack variable in set_pages_state(). Do not increase this value

 *   without evaluating the impact to stack usage.

 *

 *   Use VMGEXIT_PSC_MAX_COUNT in cases where the actual GHCB-defined max value

 *   is needed, such as when processing GHCB requests on the hypervisor side.

 */

#define VMGEXIT_PSC_MAX_ENTRY		64

#define VMGEXIT_PSC_MAX_COUNT		253

#define VMGEXIT_PSC_ERROR_GENERIC	(0x100UL << 32)

#define VMGEXIT_PSC_ERROR_INVALID_HDR	((1UL << 32) | 1)

#define VMGEXIT_PSC_ERROR_INVALID_ENTRY	((1UL << 32) | 2)

#define VMGEXIT_PSC_OP_PRIVATE		1

#define VMGEXIT_PSC_OP_SHARED		2

struct psc_hdr {

	u16 cur_entry;

/* RMUPDATE detected 4K page and 2MB page overlap. */

#define RMPUPDATE_FAIL_OVERLAP		4

/* PSMASH failed due to concurrent access by another CPU */

#define PSMASH_FAIL_INUSE		3

/* RMP page size */

#define RMP_PG_SIZE_4K			0

#define RMP_PG_SIZE_2M			1