search for: boot_ghcb

...include/asm/sev-es.h > index b2cbcd40b52e..e1ed963a57ec 100644 > --- a/arch/x86/include/asm/sev-es.h > +++ b/arch/x86/include/asm/sev-es.h > @@ -74,5 +74,6 @@ static inline u64 lower_bits(u64 val, unsigned int bits) > } > > extern void vc_no_ghcb(void); > +extern bool vc_boot_ghcb(struct pt_regs *regs); Those function names need verbs: handle_vc_no_ghcb handle_vc_boot_ghcb > @@ -161,3 +176,104 @@ static enum es_result vc_read_mem(struct es_em_ctxt *ctxt, > > /* Include code shared with pre-decompression boot stage */ > #include "sev-es-shared.c&quot...

...include/asm/sev-es.h > index b2cbcd40b52e..e1ed963a57ec 100644 > --- a/arch/x86/include/asm/sev-es.h > +++ b/arch/x86/include/asm/sev-es.h > @@ -74,5 +74,6 @@ static inline u64 lower_bits(u64 val, unsigned int bits) > } > > extern void vc_no_ghcb(void); > +extern bool vc_boot_ghcb(struct pt_regs *regs); Those function names need verbs: handle_vc_no_ghcb handle_vc_boot_ghcb > @@ -161,3 +176,104 @@ static enum es_result vc_read_mem(struct es_em_ctxt *ctxt, > > /* Include code shared with pre-decompression boot stage */ > #include "sev-es-shared.c&quot...

...rch/x86/include/asm/sev-es.h b/arch/x86/include/asm/sev-es.h index b2cbcd40b52e..e1ed963a57ec 100644 --- a/arch/x86/include/asm/sev-es.h +++ b/arch/x86/include/asm/sev-es.h @@ -74,5 +74,6 @@ static inline u64 lower_bits(u64 val, unsigned int bits) } extern void vc_no_ghcb(void); +extern bool vc_boot_ghcb(struct pt_regs *regs); #endif diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 9586522bfcb3..d83d59c15548 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -386,6 +386,12 @@ void __init do_early_exception(struct pt_regs *regs, int trapnr) early_m...

...lude/asm/sev-es.h index 7175d432ebfe..9fbeedaa66ee 100644 --- a/arch/x86/include/asm/sev-es.h +++ b/arch/x86/include/asm/sev-es.h @@ -75,5 +75,7 @@ static inline u64 lower_bits(u64 val, unsigned int bits) /* Early IDT entry points for #VC handler */ extern void vc_no_ghcb(void); +extern void vc_boot_ghcb(void); +extern bool handle_vc_boot_ghcb(struct pt_regs *regs); #endif diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile index 3bcdd8d2bbdd..04ceea8f4a89 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -20,6 +20,7 @@ CFLAGS_REMOVE_kvmclock.o = -pg CFLAGS_RE...

...s.c +++ b/arch/x86/boot/compressed/sev-es.c @@ -13,10 +13,16 @@ #include "misc.h" #include <asm/sev-es.h> +#include <asm/trap_defs.h> #include <asm/msr-index.h> #include <asm/ptrace.h> #include <asm/svm.h> +#include "error.h" + +struct ghcb boot_ghcb_page __aligned(PAGE_SIZE); +struct ghcb *boot_ghcb; + static inline u64 sev_es_rd_ghcb_msr(void) { unsigned long low, high; @@ -38,8 +44,112 @@ static inline void sev_es_wr_ghcb_msr(u64 val) "a"(low), "d" (high) : "memory"); } +static enum es_result vc_decod...

....c +++ b/arch/x86/boot/compressed/sev-es.c @@ -8,12 +8,16 @@ #include <linux/kernel.h> #include <asm/sev-es.h> +#include <asm/trap_defs.h> #include <asm/msr-index.h> #include <asm/ptrace.h> #include <asm/svm.h> #include "misc.h" +struct ghcb boot_ghcb_page __aligned(PAGE_SIZE); +struct ghcb *boot_ghcb; + static inline u64 read_ghcb_msr(void) { unsigned long low, high; @@ -35,8 +39,95 @@ static inline void write_ghcb_msr(u64 val) "a"(low), "d" (high) : "memory"); } +static enum es_result es_fetch_insn_byte...

...12 +8,16 @@ > #include <linux/kernel.h> > > #include <asm/sev-es.h> > +#include <asm/trap_defs.h> > #include <asm/msr-index.h> > #include <asm/ptrace.h> > #include <asm/svm.h> > > #include "misc.h" > > +struct ghcb boot_ghcb_page __aligned(PAGE_SIZE); > +struct ghcb *boot_ghcb; > + > static inline u64 read_ghcb_msr(void) > { > unsigned long low, high; > @@ -35,8 +39,95 @@ static inline void write_ghcb_msr(u64 val) > "a"(low), "d" (high) : "...

...e() can error out and not set ->got... ? > + > + return ret; > +} ... > +static bool sev_es_setup_ghcb(void) > +{ > + if (!sev_es_negotiate_protocol()) > + sev_es_terminate(GHCB_SEV_ES_REASON_PROTOCOL_UNSUPPORTED); > + > + if (set_page_decrypted((unsigned long)&boot_ghcb_page)) > + return false; > + > + /* Page is now mapped decrypted, clear it */ > + memset(&boot_ghcb_page, 0, sizeof(boot_ghcb_page)); > + > + boot_ghcb = &boot_ghcb_page; > + > + /* Initialize lookup tables for the instruction decoder */ > + inat_init_tables();...

...e() can error out and not set ->got... ? > + > + return ret; > +} ... > +static bool sev_es_setup_ghcb(void) > +{ > + if (!sev_es_negotiate_protocol()) > + sev_es_terminate(GHCB_SEV_ES_REASON_PROTOCOL_UNSUPPORTED); > + > + if (set_page_decrypted((unsigned long)&boot_ghcb_page)) > + return false; > + > + /* Page is now mapped decrypted, clear it */ > + memset(&boot_ghcb_page, 0, sizeof(boot_ghcb_page)); > + > + boot_ghcb = &boot_ghcb_page; > + > + /* Initialize lookup tables for the instruction decoder */ > + inat_init_tables();...

...+++++++++++++++++++++++++++ 2 files changed, 234 insertions(+) diff --git a/arch/x86/boot/compressed/sev-es.c b/arch/x86/boot/compressed/sev-es.c index 1241697dd156..17765e471e28 100644 --- a/arch/x86/boot/compressed/sev-es.c +++ b/arch/x86/boot/compressed/sev-es.c @@ -23,6 +23,35 @@ struct ghcb boot_ghcb_page __aligned(PAGE_SIZE); struct ghcb *boot_ghcb; +/* + * Copy a version of this function here - insn-eval.c can't be used in + * pre-decompression code. + */ +static bool insn_has_rep_prefix(struct insn *insn) +{ + int i; + + insn_get_prefixes(insn); + + for (i = 0; i < insn->prefixe...

...; > + return ret; > > +} > > ... > > > +static bool sev_es_setup_ghcb(void) > > +{ > > + if (!sev_es_negotiate_protocol()) > > + sev_es_terminate(GHCB_SEV_ES_REASON_PROTOCOL_UNSUPPORTED); > > + > > + if (set_page_decrypted((unsigned long)&boot_ghcb_page)) > > + return false; > > + > > + /* Page is now mapped decrypted, clear it */ > > + memset(&boot_ghcb_page, 0, sizeof(boot_ghcb_page)); > > + > > + boot_ghcb = &boot_ghcb_page; > > + > > + /* Initialize lookup tables for the instruction...

...de <linux/kernel.h> +#include <linux/percpu-defs.h> +#include <linux/mem_encrypt.h> #include <linux/printk.h> +#include <linux/set_memory.h> +#include <linux/kernel.h> #include <linux/mm.h> #include <asm/trap_defs.h> @@ -28,6 +31,9 @@ struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE); */ struct ghcb __initdata *boot_ghcb; +/* Runtime GHCBs */ +static DEFINE_PER_CPU_DECRYPTED(struct ghcb, ghcb_page) __aligned(PAGE_SIZE); + /* Needed in early_forward_exception */ extern void early_exception(struct pt_regs *regs, int trapnr); @@ -...

...t;linux/percpu-defs.h> > +#include <linux/mem_encrypt.h> > #include <linux/printk.h> > +#include <linux/set_memory.h> > +#include <linux/kernel.h> > #include <linux/mm.h> > > #include <asm/trap_defs.h> > @@ -28,6 +31,9 @@ struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE); > */ > struct ghcb __initdata *boot_ghcb; > > +/* Runtime GHCBs */ > +static DEFINE_PER_CPU_DECRYPTED(struct ghcb, ghcb_page) __aligned(PAGE_SIZE); Hmm. This is a largeish amount of memory on large non-SEV-ES systems. Maybe store a poin...

...lt;linux/mem_encrypt.h> #include <linux/printk.h> +#include <linux/mm_types.h> +#include <linux/set_memory.h> +#include <linux/memblock.h> +#include <linux/kernel.h> #include <linux/mm.h> #include <asm/sev-es.h> @@ -29,6 +34,13 @@ static struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE); */ static struct ghcb __initdata *boot_ghcb; +/* #VC handler runtime per-cpu data */ +struct sev_es_runtime_data { + struct ghcb ghcb_page; +}; + +static DEFINE_PER_CPU(struct sev_es_runtime_data*, runtime_data); + /* Needed in vc_early_forward_excep...

...linux/mem_encrypt.h> #include <linux/printk.h> +#include <linux/mm_types.h> +#include <linux/set_memory.h> +#include <linux/memblock.h> +#include <linux/kernel.h> #include <linux/mm.h> #include <asm/trap_defs.h> @@ -29,6 +34,13 @@ static struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE); */ static struct ghcb __initdata *boot_ghcb; +/* #VC handler runtime per-cpu data */ +struct sev_es_runtime_data { + struct ghcb ghcb_page; +}; + +static DEFINE_PER_CPU(struct sev_es_runtime_data*, runtime_data); + /* Needed in vc_early_vc_forward_ex...

...age_encrypted(unsigned long address); diff --git a/arch/x86/boot/compressed/sev-es.c b/arch/x86/boot/compressed/sev-es.c index b522c18c0588..eb1a8b5cc753 100644 --- a/arch/x86/boot/compressed/sev-es.c +++ b/arch/x86/boot/compressed/sev-es.c @@ -145,6 +145,9 @@ void sev_es_shutdown_ghcb(void) if (!boot_ghcb) return; + if (!sev_es_check_cpu_features()) + error("SEV-ES CPU Features missing."); + /* * GHCB Page must be flushed from the cache and mapped encrypted again. * Otherwise the running kernel will see strange cache effects when diff --git a/arch/x86/kernel/sev-es-shared.c b...

From: Joerg Roedel <jroedel at suse.de> Hi, here is a new version of the SEV-ES Guest Support patches for x86. The previous versions can be found as a linked list starting here: https://lore.kernel.org/lkml/20200824085511.7553-1-joro at 8bytes.org/ I updated the patch-set based on ther review comments I got and the discussions around it. Another important change is that the early IDT

From: Joerg Roedel <jroedel at suse.de> Hi, here is a new version of the SEV-ES Guest Support patches for x86. The previous versions can be found as a linked list starting here: https://lore.kernel.org/lkml/20200824085511.7553-1-joro at 8bytes.org/ I updated the patch-set based on ther review comments I got and the discussions around it. Another important change is that the early IDT

Hi, here is the first public post of the patch-set to enable Linux to run under SEV-ES enabled hypervisors. The code is mostly feature-complete, but there are still a couple of bugs to fix. Nevertheless, given the size of the patch-set, I think it is about time to ask for initial feedback of the changes that come with it. To better understand the code here is a quick explanation of SEV-ES first.

Hi, here is the first public post of the patch-set to enable Linux to run under SEV-ES enabled hypervisors. The code is mostly feature-complete, but there are still a couple of bugs to fix. Nevertheless, given the size of the patch-set, I think it is about time to ask for initial feedback of the changes that come with it. To better understand the code here is a quick explanation of SEV-ES first.