redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/arch/x86/kvm/vmx
History
Tom Lendacky 647daca25d KVM: SVM: Add support for booting APs in an SEV-ES guest 
Typically under KVM, an AP is booted using the INIT-SIPI-SIPI sequence,
where the guest vCPU register state is updated and then the vCPU is VMRUN
to begin execution of the AP. For an SEV-ES guest, this won't work because
the guest register state is encrypted.

Following the GHCB specification, the hypervisor must not alter the guest
register state, so KVM must track an AP/vCPU boot. Should the guest want
to park the AP, it must use the AP Reset Hold exit event in place of, for
example, a HLT loop.

First AP boot (first INIT-SIPI-SIPI sequence):
  Execute the AP (vCPU) as it was initialized and measured by the SEV-ES
  support. It is up to the guest to transfer control of the AP to the
  proper location.

Subsequent AP boot:
  KVM will expect to receive an AP Reset Hold exit event indicating that
  the vCPU is being parked and will require an INIT-SIPI-SIPI sequence to
  awaken it. When the AP Reset Hold exit event is received, KVM will place
  the vCPU into a simulated HLT mode. Upon receiving the INIT-SIPI-SIPI
  sequence, KVM will make the vCPU runnable. It is again up to the guest
  to then transfer control of the AP to the proper location.

  To differentiate between an actual HLT and an AP Reset Hold, a new MP
  state is introduced, KVM_MP_STATE_AP_RESET_HOLD, which the vCPU is
  placed in upon receiving the AP Reset Hold exit event. Additionally, to
  communicate the AP Reset Hold exit event up to userspace (if needed), a
  new exit reason is introduced, KVM_EXIT_AP_RESET_HOLD.

A new x86 ops function is introduced, vcpu_deliver_sipi_vector, in order
to accomplish AP booting. For VMX, vcpu_deliver_sipi_vector is set to the
original SIPI delivery function, kvm_vcpu_deliver_sipi_vector(). SVM adds
a new function that, for non SEV-ES guests, invokes the original SIPI
delivery function, kvm_vcpu_deliver_sipi_vector(), but for SEV-ES guests,
implements the logic above.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Message-Id: <e8fbebe8eb161ceaabdad7c01a5859a78b424d5e.1609791600.git.thomas.lendacky@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 		2021-01-07 18:11:37 -05:00
..
capabilities.h KVM: VMX: Rename RDTSCP secondary exec control name to insert "ENABLE" 2020-09-28 07:57:30 -04:00
evmcs.c KVM: x86: hyper-v: allow KVM_GET_SUPPORTED_HV_CPUID as a system ioctl 2020-11-15 09:49:11 -05:00
evmcs.h KVM: VMX: eVMCS: make evmcs_sanitize_exec_ctrls() work again 2020-10-31 10:27:58 -04:00
nested.c KVM: nSVM: cancel KVM_REQ_GET_NESTED_STATE_PAGES on nested vmexit 2021-01-07 18:11:35 -05:00
nested.h KVM: nVMX: check for required but missing VMCS12 in KVM_SET_NESTED_STATE 2020-07-27 09:04:49 -04:00
pmu_intel.c KVM: x86: move MSR_IA32_PERF_CAPABILITIES emulation to common x86 code 2020-07-10 12:52:56 -04:00
posted_intr.c KVM: vmx: rename pi_init to avoid conflict with paride 2020-10-24 04:09:54 -04:00
posted_intr.h KVM: vmx: rename pi_init to avoid conflict with paride 2020-10-24 04:09:54 -04:00
vmcs.h KVM: VMX: Add a helper to test for a valid error code given an intr info 2020-09-28 07:57:50 -04:00
vmcs12.c KVM: nVMX: Remove non-functional "support" for CR3 target values 2020-04-21 09:13:09 -04:00
vmcs12.h KVM: nVMX: Remove non-functional "support" for CR3 target values 2020-04-21 09:13:09 -04:00
vmcs_shadow_fields.h KVM: Fix some out-dated function names in comment 2020-01-21 13:57:27 +01:00
vmenter.S KVM/VMX: Use TEST %REG,%REG instead of CMP $0,%REG in vmenter.S 2020-12-11 19:00:57 -05:00
vmx.c KVM: SVM: Add support for booting APs in an SEV-ES guest 2021-01-07 18:11:37 -05:00
vmx.h KVM: x86: Move vendor CR4 validity check to dedicated kvm_x86_ops hook 2020-11-15 09:49:07 -05:00
vmx_ops.h KVM: VMX: Rename ops.h to vmx_ops.h 2020-09-28 07:57:38 -04:00