From 6b3a532218f8d3613b236f14420eb1d4bf14c4d9 Mon Sep 17 00:00:00 2001
From: hanliyang <hanliyang@hygon.cn>
Date: Wed, 3 Jan 2024 07:41:12 +0000
Subject: [PATCH] Support reuse ASID for CSV guests

In you want to reuse one ASID for many CSV guests, you should provide a
label (i.e. userid) and the length of the label when launch CSV guest.
The CSV guests which were provided the same userid will share the same
ASID.

Signed-off-by: hanliyang <hanliyang@hygon.cn>
---
 ...86-sev-Add-support-for-reuse-ASID-fo.patch | 192 ++++++++++++++++++
 qemu-kvm.spec                                 |   8 +-
 2 files changed, 198 insertions(+), 2 deletions(-)
 create mode 100644 1075-anolis-target-i386-sev-Add-support-for-reuse-ASID-fo.patch

diff --git a/1075-anolis-target-i386-sev-Add-support-for-reuse-ASID-fo.patch b/1075-anolis-target-i386-sev-Add-support-for-reuse-ASID-fo.patch
new file mode 100644
index 0000000..7e6f98e
--- /dev/null
+++ b/1075-anolis-target-i386-sev-Add-support-for-reuse-ASID-fo.patch
@@ -0,0 +1,192 @@
+From 9cd331388ce95e3d7365fceab30016756eae2483 Mon Sep 17 00:00:00 2001
+From: appleLin <appleLin@hygon.cn>
+Date: Wed, 3 Aug 2022 21:02:41 +0800
+Subject: [PATCH] anolis: target/i386/sev: Add support for reuse ASID for
+ different CSV guests
+
+In you want to reuse one ASID for many CSV guests, you should provide a
+label (i.e. userid) and the length of the label when launch CSV guest.
+The CSV guests which were provided the same userid will share the same
+ASID.
+
+Signed-off-by: hanliyang <hanliyang@hygon.cn>
+---
+ linux-headers/linux/kvm.h |  5 +++++
+ qapi/qom.json             |  5 ++++-
+ qemu-options.hx           |  5 ++++-
+ target/i386/csv.c         |  2 --
+ target/i386/csv.h         |  3 +++
+ target/i386/sev.c         | 47 ++++++++++++++++++++++++++++++++++++++-
+ 6 files changed, 62 insertions(+), 5 deletions(-)
+
+diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
+index 5fe2f8d04..3875127a3 100644
+--- a/linux-headers/linux/kvm.h
++++ b/linux-headers/linux/kvm.h
+@@ -2011,6 +2011,11 @@ struct kvm_csv_receive_encrypt_context {
+ 	__u32 trans_len;
+ };
+ 
++struct kvm_csv_init {
++	__u64 userid_addr;
++	__u32 len;
++};
++
+ #define KVM_DEV_ASSIGN_ENABLE_IOMMU	(1 << 0)
+ #define KVM_DEV_ASSIGN_PCI_2_3		(1 << 1)
+ #define KVM_DEV_ASSIGN_MASK_INTX	(1 << 2)
+diff --git a/qapi/qom.json b/qapi/qom.json
+index eeb5395ff..387c0a142 100644
+--- a/qapi/qom.json
++++ b/qapi/qom.json
+@@ -773,6 +773,8 @@
+ #                 designated guest firmware page for measured boot
+ #                 with -kernel (default: false) (since 6.2)
+ #
++# @user-id: the user id of the guest owner, only support on Hygon CPUs
++#
+ # Since: 2.12
+ ##
+ { 'struct': 'SevGuestProperties',
+@@ -783,7 +785,8 @@
+             '*handle': 'uint32',
+             '*cbitpos': 'uint32',
+             'reduced-phys-bits': 'uint32',
+-            '*kernel-hashes': 'bool' } }
++            '*kernel-hashes': 'bool',
++            '*user-id': 'str' } }
+ 
+ ##
+ # @ObjectType:
+diff --git a/qemu-options.hx b/qemu-options.hx
+index 8997969d5..115e1835f 100644
+--- a/qemu-options.hx
++++ b/qemu-options.hx
+@@ -5189,7 +5189,7 @@ SRST
+                  -object secret,id=sec0,keyid=secmaster0,format=base64,\\
+                      data=$SECRET,iv=$(<iv.b64)
+ 
+-    ``-object sev-guest,id=id,cbitpos=cbitpos,reduced-phys-bits=val,[sev-device=string,policy=policy,handle=handle,dh-cert-file=file,session-file=file,kernel-hashes=on|off]``
++    ``-object sev-guest,id=id,cbitpos=cbitpos,reduced-phys-bits=val,[sev-device=string,policy=policy,handle=handle,dh-cert-file=file,session-file=file,kernel-hashes=on|off,user-id=id]``
+         Create a Secure Encrypted Virtualization (SEV) guest object,
+         which can be used to provide the guest memory encryption support
+         on AMD processors.
+@@ -5233,6 +5233,9 @@ SRST
+         cmdline to a designated guest firmware page for measured Linux
+         boot with -kernel. The default is off. (Since 6.2)
+ 
++        The ``user-id`` set the user id of the guest owner, this only
++        support on Hygon CPUs.
++
+         e.g to launch a SEV guest
+ 
+         .. parsed-literal::
+diff --git a/target/i386/csv.c b/target/i386/csv.c
+index b0ca16980..0e4898296 100644
+--- a/target/i386/csv.c
++++ b/target/i386/csv.c
+@@ -52,8 +52,6 @@ struct ConfidentialGuestMemoryEncryptionOps csv_memory_encryption_ops = {
+ 
+ CsvGuestState csv_guest = { 0 };
+ 
+-#define GUEST_POLICY_CSV_BIT     (1 << 6)
+-
+ int
+ csv_init(uint32_t policy, int fd, void *state, struct sev_ops *ops)
+ {
+diff --git a/target/i386/csv.h b/target/i386/csv.h
+index 2e0506313..86f46d30c 100644
+--- a/target/i386/csv.h
++++ b/target/i386/csv.h
+@@ -22,6 +22,9 @@
+ 
+ #include "cpu.h"
+ 
++#define GUEST_POLICY_CSV_BIT     (1 << 6)
++#define GUEST_POLICY_REUSE_ASID  (1 << 7)
++
+ #define CPUID_VENDOR_HYGON_EBX   0x6f677948  /* "Hygo" */
+ #define CPUID_VENDOR_HYGON_ECX   0x656e6975  /* "uine" */
+ #define CPUID_VENDOR_HYGON_EDX   0x6e65476e  /* "nGen" */
+diff --git a/target/i386/sev.c b/target/i386/sev.c
+index 40e52985a..cedea1353 100644
+--- a/target/i386/sev.c
++++ b/target/i386/sev.c
+@@ -82,6 +82,7 @@ struct SevGuestState {
+     uint32_t cbitpos;
+     uint32_t reduced_phys_bits;
+     bool kernel_hashes;
++    char *user_id;
+ 
+     /* runtime state */
+     uint32_t handle;
+@@ -383,6 +384,22 @@ sev_guest_set_dh_cert_file(Object *obj, const char *value, Error **errp)
+     s->dh_cert_file = g_strdup(value);
+ }
+ 
++static char *
++sev_guest_get_user_id(Object *obj, Error **errp)
++{
++    SevGuestState *s = SEV_GUEST(obj);
++
++    return g_strdup(s->user_id);
++}
++
++static void
++sev_guest_set_user_id(Object *obj, const char *value, Error **errp)
++{
++    SevGuestState *s = SEV_GUEST(obj);
++
++    s->user_id = g_strdup(value);
++}
++
+ static char *
+ sev_guest_get_sev_device(Object *obj, Error **errp)
+ {
+@@ -436,6 +453,11 @@ sev_guest_class_init(ObjectClass *oc, void *data)
+                                    sev_guest_set_kernel_hashes);
+     object_class_property_set_description(oc, "kernel-hashes",
+             "add kernel hashes to guest firmware for measured Linux boot");
++    object_class_property_add_str(oc, "user-id",
++                                  sev_guest_get_user_id,
++                                  sev_guest_set_user_id);
++    object_class_property_set_description(oc, "user-id",
++            "user id of the guest owner");
+ }
+ 
+ static void
+@@ -1137,7 +1159,30 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
+     }
+ 
+     trace_kvm_sev_init();
+-    ret = sev_ioctl(sev->sev_fd, cmd, NULL, &fw_error);
++
++    /* Only support reuse asid for CSV/CSV2 guest */
++    if (is_hygon_cpu() &&
++        (sev_guest->policy & GUEST_POLICY_REUSE_ASID) &&
++        !(sev_guest->policy & GUEST_POLICY_CSV_BIT)) {
++        char *user_id = NULL;
++        struct kvm_csv_init *init_cmd_buf = NULL;
++
++        user_id = object_property_get_str(OBJECT(sev), "user-id", NULL);
++        if (user_id && strlen(user_id)) {
++            init_cmd_buf = g_new0(struct kvm_csv_init, 1);
++            init_cmd_buf->len = strlen(user_id);
++            init_cmd_buf->userid_addr = (__u64)user_id;
++        }
++        ret = sev_ioctl(sev->sev_fd, cmd, init_cmd_buf, &fw_error);
++
++        if (user_id) {
++            g_free(user_id);
++            g_free(init_cmd_buf);
++        }
++    } else {
++        ret = sev_ioctl(sev->sev_fd, cmd, NULL, &fw_error);
++    }
++
+     if (ret) {
+         error_setg(errp, "%s: failed to initialize ret=%d fw_error=%d '%s'",
+                    __func__, ret, fw_error, fw_error_to_str(fw_error));
+-- 
+2.31.1
+
diff --git a/qemu-kvm.spec b/qemu-kvm.spec
index a755435..c328136 100644
--- a/qemu-kvm.spec
+++ b/qemu-kvm.spec
@@ -1,4 +1,4 @@
-%define anolis_release .0.1
+%define anolis_release .0.2
 %global SLOF_gittagdate 20191022
 
 %global SLOF_gittagcommit 899d9883
@@ -92,7 +92,7 @@ Obsoletes: %1-rhev <= %{epoch}:%{version}-%{release}
 Summary: QEMU is a machine emulator and virtualizer
 Name: qemu-kvm
 Version: 6.2.0
-Release: 41%{?rcrel}%{anolis_release}%{?dist}.1
+Release: 42%{?rcrel}%{anolis_release}%{?dist}.1
 # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
 Epoch: 15
 License: GPLv2 and GPLv2+ and CC-BY
@@ -878,6 +878,7 @@ Patch1072: 1072-anolis-csv-i386-add-support-to-migrate-the-incoming-.patch
 Patch1073: 1073-kvm-net-Provide-MemReentrancyGuard-to-qemu_new_nic.patch
 # https://github.com/qemu/qemu/commit/9050f976e447444ea6ee2ba12c9f77e4b0dc54bc
 Patch1074: 1074-kvm-net-Update-MemReentrancyGuard-for-NIC.patch
+Patch1075: 1075-anolis-target-i386-sev-Add-support-for-reuse-ASID-fo.patch
 
 BuildRequires: wget
 BuildRequires: rpm-build
@@ -2116,6 +2117,9 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
 %endif
 
 %changelog
+* Wed Feb 02 2024 Liyang Han <hanliyang@hygon.cn> - 6.2.0-42.0.1.1
+- Support reuse ASID for CSV guests
+
 * Mon Jan 29 2024 Kaiqiang Wang <wangkaiqiang.inspur.com> - 6.2.0-41.0.1.1
 - CVE-2023-3019 virt:rhel/qemu-kvm: QEMU: e1000e: heap use-after-free in e1000e_write_packet_to_guest() 
 
-- 
Gitee