Home Explore Help
Register Sign In
Apq
/
pve-edge-kernel
mirror of https://github.com/fabianishere/pve-edge-kernel.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 97aa3e3f5b
Branches Tags
pve-edge-kernel
/
debian
/
patches
/
pve
/
0012-KVM-allow-compiling-out-SMM-support.patch

0012-KVM-allow-compiling-out-SMM-support.patch 6.7 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189 
  1. From 14fe6763b2618afb73a1109d7fda337cb06af0a2 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Paolo Bonzini <[email protected]>
    3. 

  3. Date: Tue, 25 Oct 2022 15:47:23 +0300
    4. 

  4. Subject: [PATCH] KVM: allow compiling out SMM support
    5. 

  5. 

  6. Some users of KVM implement the UEFI variable store through a paravirtual device
    7. 

  7. that does not require the "SMM lockbox" component of edk2; allow them to
    8. 

  8. compile out system management mode, which is not a full implementation
    9. 

  9. especially in how it interacts with nested virtualization.
    10. 

  10. 

  11. Suggested-by: Sean Christopherson <[email protected]>
    12. 

  12. Signed-off-by: Paolo Bonzini <[email protected]>
    13. 

  13. ---
    14. 

  14.  arch/x86/kvm/Kconfig                          | 11 ++++++++++
    15. 

  15.  arch/x86/kvm/Makefile                         |  2 +-
    16. 

  16.  arch/x86/kvm/smm.h                            | 13 ++++++++++++
    17. 

  17.  arch/x86/kvm/svm/svm.c                        |  2 ++
    18. 

  18.  arch/x86/kvm/vmx/vmx.c                        |  2 ++
    19. 

  19.  arch/x86/kvm/x86.c                            | 21 +++++++++++++++++--
    20. 

  20.  tools/testing/selftests/kvm/x86_64/smm_test.c |  2 ++
    21. 

  21.  7 files changed, 50 insertions(+), 3 deletions(-)
    22. 

  22. 

  23. diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig
    24. 

  24. index e3cbd7706136..20d5aea868a4 100644
    25. 

  25. --- a/arch/x86/kvm/Kconfig
    26. 

  26. +++ b/arch/x86/kvm/Kconfig
    27. 

  27. @@ -86,6 +86,17 @@ config KVM_INTEL
    28. 

  28.  	  To compile this as a module, choose M here: the module
    29. 

  29.  	  will be called kvm-intel.
    30. 

  30.  
    31. 

  31. +config KVM_SMM
    32. 

  32. +	bool "System Management Mode emulation"
    33. 

  33. +	default y
    34. 

  34. +	depends on KVM
    35. 

  35. +	help
    36. 

  36. +	  Provides support for KVM to emulate System Management Mode (SMM)
    37. 

  37. +	  in virtual machines.  This can be used by the virtual machine
    38. 

  38. +	  firmware to implement UEFI secure boot.
    39. 

  39. +
    40. 

  40. +	  If unsure, say Y.
    41. 

  41. +
    42. 

  42.  config X86_SGX_KVM
    43. 

  43.  	bool "Software Guard eXtensions (SGX) Virtualization"
    44. 

  44.  	depends on X86_SGX && KVM_INTEL
    45. 

  45. diff --git a/arch/x86/kvm/Makefile b/arch/x86/kvm/Makefile
    46. 

  46. index ec6f7656254b..6cf40f668277 100644
    47. 

  47. --- a/arch/x86/kvm/Makefile
    48. 

  48. +++ b/arch/x86/kvm/Makefile
    49. 

  49. @@ -20,7 +20,7 @@ endif
    50. 

  50.  
    51. 

  51.  kvm-$(CONFIG_X86_64) += mmu/tdp_iter.o mmu/tdp_mmu.o
    52. 

  52.  kvm-$(CONFIG_KVM_XEN)	+= xen.o
    53. 

  53. -kvm-y			+= smm.o
    54. 

  54. +kvm-$(CONFIG_KVM_SMM)	+= smm.o
    55. 

  55.  
    56. 

  56.  kvm-intel-y		+= vmx/vmx.o vmx/vmenter.o vmx/pmu_intel.o vmx/vmcs12.o \
    57. 

  57.  			   vmx/evmcs.o vmx/nested.o vmx/posted_intr.o
    58. 

  58. diff --git a/arch/x86/kvm/smm.h b/arch/x86/kvm/smm.h
    59. 

  59. index b0602a92e511..4c699fee4492 100644
    60. 

  60. --- a/arch/x86/kvm/smm.h
    61. 

  61. +++ b/arch/x86/kvm/smm.h
    62. 

  62. @@ -8,6 +8,7 @@
    63. 

  63.  #define PUT_SMSTATE(type, buf, offset, val)                      \
    64. 

  64.  	*(type *)((buf) + (offset) - 0x7e00) = val
    65. 

  65.  
    66. 

  66. +#ifdef CONFIG_KVM_SMM
    67. 

  67.  static inline int kvm_inject_smi(struct kvm_vcpu *vcpu)
    68. 

  68.  {
    69. 

  69.  	kvm_make_request(KVM_REQ_SMI, vcpu);
    70. 

  70. @@ -23,5 +24,17 @@ void kvm_smm_changed(struct kvm_vcpu *vcpu, bool in_smm);
    71. 

  71.  void enter_smm(struct kvm_vcpu *vcpu);
    72. 

  72.  int emulator_leave_smm(struct x86_emulate_ctxt *ctxt);
    73. 

  73.  void process_smi(struct kvm_vcpu *vcpu);
    74. 

  74. +#else
    75. 

  75. +static inline int kvm_inject_smi(struct kvm_vcpu *vcpu) { return -ENOTTY; }
    76. 

  76. +static inline bool is_smm(struct kvm_vcpu *vcpu) { return false; }
    77. 

  77. +static inline void kvm_smm_changed(struct kvm_vcpu *vcpu, bool in_smm) { WARN_ON_ONCE(1); }
    78. 

  78. +static inline void enter_smm(struct kvm_vcpu *vcpu) { WARN_ON_ONCE(1); }
    79. 

  79. +static inline void process_smi(struct kvm_vcpu *vcpu) { WARN_ON_ONCE(1); }
    80. 

  80. +
    81. 

  81. +/*
    82. 

  82. + * emulator_leave_smm is used as a function pointer, so the
    83. 

  83. + * stub is defined in x86.c.
    84. 

  84. + */
    85. 

  85. +#endif
    86. 

  86.  
    87. 

  87.  #endif
    88. 

  88. diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
    89. 

  89. index f4ed4a02b109..a6807492bfae 100644
    90. 

  90. --- a/arch/x86/kvm/svm/svm.c
    91. 

  91. +++ b/arch/x86/kvm/svm/svm.c
    92. 

  92. @@ -4151,6 +4151,8 @@ static bool svm_has_emulated_msr(struct kvm *kvm, u32 index)
    93. 

  93.  	case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC:
    94. 

  94.  		return false;
    95. 

  95.  	case MSR_IA32_SMBASE:
    96. 

  96. +		if (!IS_ENABLED(CONFIG_KVM_SMM))
    97. 

  97. +			return false;
    98. 

  98.  		/* SEV-ES guests do not support SMM, so report false */
    99. 

  99.  		if (kvm && sev_es_guest(kvm))
    100. 

  100.  			return false;
    101. 

  101. diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
    102. 

  102. index dc75de78ceb6..ce22860156c5 100644
    103. 

  103. --- a/arch/x86/kvm/vmx/vmx.c
    104. 

  104. +++ b/arch/x86/kvm/vmx/vmx.c
    105. 

  105. @@ -6849,6 +6849,8 @@ static bool vmx_has_emulated_msr(struct kvm *kvm, u32 index)
    106. 

  106.  {
    107. 

  107.  	switch (index) {
    108. 

  108.  	case MSR_IA32_SMBASE:
    109. 

  109. +		if (!IS_ENABLED(CONFIG_KVM_SMM))
    110. 

  110. +			return false;
    111. 

  111.  		/*
    112. 

  112.  		 * We cannot do SMM unless we can run the guest in big
    113. 

  113.  		 * real mode.
    114. 

  114. diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
    115. 

  115. index 77e0ca43ee27..14ef42c6efbd 100644
    116. 

  116. --- a/arch/x86/kvm/x86.c
    117. 

  117. +++ b/arch/x86/kvm/x86.c
    118. 

  118. @@ -3631,7 +3631,7 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
    119. 

  119.  		break;
    120. 

  120.  	}
    121. 

  121.  	case MSR_IA32_SMBASE:
    122. 

  122. -		if (!msr_info->host_initiated)
    123. 

  123. +		if (!IS_ENABLED(CONFIG_KVM_SMM) || !msr_info->host_initiated)
    124. 

  124.  			return 1;
    125. 

  125.  		vcpu->arch.smbase = data;
    126. 

  126.  		break;
    127. 

  127. @@ -4047,7 +4047,7 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
    128. 

  128.  		msr_info->data = vcpu->arch.ia32_misc_enable_msr;
    129. 

  129.  		break;
    130. 

  130.  	case MSR_IA32_SMBASE:
    131. 

  131. -		if (!msr_info->host_initiated)
    132. 

  132. +		if (!IS_ENABLED(CONFIG_KVM_SMM) || !msr_info->host_initiated)
    133. 

  133.  			return 1;
    134. 

  134.  		msr_info->data = vcpu->arch.smbase;
    135. 

  135.  		break;
    136. 

  136. @@ -4421,6 +4421,9 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
    137. 

  137.  			r |= KVM_X86_DISABLE_EXITS_MWAIT;
    138. 

  138.  		break;
    139. 

  139.  	case KVM_CAP_X86_SMM:
    140. 

  140. +		if (!IS_ENABLED(CONFIG_KVM_SMM))
    141. 

  141. +			break;
    142. 

  142. +
    143. 

  143.  		/* SMBASE is usually relocated above 1M on modern chipsets,
    144. 

  144.  		 * and SMM handlers might indeed rely on 4G segment limits,
    145. 

  145.  		 * so do not report SMM to be available if real mode is
    146. 

  146. @@ -5146,6 +5149,12 @@ static int kvm_vcpu_ioctl_x86_set_vcpu_events(struct kvm_vcpu *vcpu,
    147. 

  147.  		vcpu->arch.apic->sipi_vector = events->sipi_vector;
    148. 

  148.  
    149. 

  149.  	if (events->flags & KVM_VCPUEVENT_VALID_SMM) {
    150. 

  150. +		if (!IS_ENABLED(CONFIG_KVM_SMM) &&
    151. 

  151. +		    (events->smi.smm ||
    152. 

  152. +		     events->smi.pending ||
    153. 

  153. +		     events->smi.smm_inside_nmi))
    154. 

  154. +			return -EINVAL;
    155. 

  155. +
    156. 

  156.  		if (!!(vcpu->arch.hflags & HF_SMM_MASK) != events->smi.smm) {
    157. 

  157.  			kvm_x86_ops.nested_ops->leave_nested(vcpu);
    158. 

  158.  			kvm_smm_changed(vcpu, events->smi.smm);
    159. 

  159. @@ -8021,6 +8030,14 @@ static unsigned emulator_get_hflags(struct x86_emulate_ctxt *ctxt)
    160. 

  160.  	return emul_to_vcpu(ctxt)->arch.hflags;
    161. 

  161.  }
    162. 

  162.  
    163. 

  163. +#ifndef CONFIG_KVM_SMM
    164. 

  164. +static int emulator_leave_smm(struct x86_emulate_ctxt *ctxt)
    165. 

  165. +{
    166. 

  166. +	WARN_ON_ONCE(1);
    167. 

  167. +	return X86EMUL_UNHANDLEABLE;
    168. 

  168. +}
    169. 

  169. +#endif
    170. 

  170. +
    171. 

  171.  static void emulator_triple_fault(struct x86_emulate_ctxt *ctxt)
    172. 

  172.  {
    173. 

  173.  	kvm_make_request(KVM_REQ_TRIPLE_FAULT, emul_to_vcpu(ctxt));
    174. 

  174. diff --git a/tools/testing/selftests/kvm/x86_64/smm_test.c b/tools/testing/selftests/kvm/x86_64/smm_test.c
    175. 

  175. index 1f136a81858e..cb38a478e1f6 100644
    176. 

  176. --- a/tools/testing/selftests/kvm/x86_64/smm_test.c
    177. 

  177. +++ b/tools/testing/selftests/kvm/x86_64/smm_test.c
    178. 

  178. @@ -137,6 +137,8 @@ int main(int argc, char *argv[])
    179. 

  179.  	struct kvm_x86_state *state;
    180. 

  180.  	int stage, stage_reported;
    181. 

  181.  
    182. 

  182. +	TEST_REQUIRE(kvm_has_cap(KVM_CAP_X86_SMM));
    183. 

  183. +
    184. 

  184.  	/* Create VM */
    185. 

  185.  	vm = vm_create_with_one_vcpu(&vcpu, guest_code);
    186. 

  186.  
    187. 

  187. -- 
    188. 

  188. 2.38.1
    189. 

  189.