search for: early_idt_setup

...clude/asm/setup.h b/arch/x86/include/asm/setup.h index cafae86813ae..0ce6453c9272 100644 --- a/arch/x86/include/asm/setup.h +++ b/arch/x86/include/asm/setup.h @@ -53,6 +53,7 @@ extern unsigned long __startup_secondary_64(void); extern void startup_64_setup_env(unsigned long physbase); extern void early_idt_setup_early_handler(unsigned long physaddr); extern void early_load_idt(void); +extern void early_idt_setup(unsigned long physbase); extern void __init do_early_exception(struct pt_regs *regs, int trapnr); #ifdef CONFIG_X86_INTEL_MID diff --git a/arch/x86/include/asm/sev-es.h b/arch/x86/include/asm/...

...s above follow the convention for > them, like e.g. 'page_fault', 'nmi' or 'general_protection'. Should I > still add the verbs or just add a comment explaining what those symbols > are? Hmmkay, I see vc_no_ghcb doing call do_vc_no_ghcb and that's setup in early_idt_setup(). vc_boot_ghcb(), OTOH, is called by do_early_exception() only so that one could be called handle_vc_boot_ghcb(), no? I.e., I don't see it being an IDT entry point. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette

On Tue, Apr 28, 2020 at 11:28 AM Joerg Roedel <joro at 8bytes.org> wrote: > > From: Joerg Roedel <jroedel at suse.de> > > The code inserted by the stack protector does not work in the early > boot environment because it uses the GS segment, at least with memory > encryption enabled. Make sure the early code is compiled without this > feature enabled. > >

On Tue, Apr 28, 2020 at 11:28 AM Joerg Roedel <joro at 8bytes.org> wrote: > > From: Joerg Roedel <jroedel at suse.de> > > The code inserted by the stack protector does not work in the early > boot environment because it uses the GS segment, at least with memory > encryption enabled. Make sure the early code is compiled without this > feature enabled. > >

...pr 28, 2020 at 11:28 AM Joerg Roedel <joro at 8bytes.org> wrote: > The proper fix would be to initialize MSR_GS_BASE earlier. That'll mean to initialize it two times during boot, as the first C function with stack-protection is called before the kernel switches to its high addresses (early_idt_setup call-path). But okay, I can do that. On the other side, which value does the stack protector have in the early boot code? Joerg

...); > + native_write_idt_entry(idt, n, &desc); > +} > +#endif > + > +static struct desc_ptr early_idt_descr __initdata = { > + .size = IDT_TABLE_SIZE - 1, > + .address = 0 /* Needs physical address of idt_table - initialized at runtime. */, > +}; > + > +void __init early_idt_setup(unsigned long physbase) > +{ > + void __maybe_unused *handler; > + gate_desc *idt; > + > + idt = fixup_pointer(idt_table, physbase); > + > +#ifdef CONFIG_AMD_MEM_ENCRYPT > + /* VMM Communication Exception */ > + handler = fixup_pointer(vc_no_ghcb, physbase); > + set_ea...

...); > + native_write_idt_entry(idt, n, &desc); > +} > +#endif > + > +static struct desc_ptr early_idt_descr __initdata = { > + .size = IDT_TABLE_SIZE - 1, > + .address = 0 /* Needs physical address of idt_table - initialized at runtime. */, > +}; > + > +void __init early_idt_setup(unsigned long physbase) > +{ > + void __maybe_unused *handler; > + gate_desc *idt; > + > + idt = fixup_pointer(idt_table, physbase); > + > +#ifdef CONFIG_AMD_MEM_ENCRYPT > + /* VMM Communication Exception */ > + handler = fixup_pointer(vc_no_ghcb, physbase); > + set_ea...

...t desc_ptr idt_descr; extern gate_desc idt_table[]; extern const struct desc_ptr debug_idt_descr; diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index d83d59c15548..30a6d09fd9d0 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -523,6 +523,19 @@ void __head early_idt_setup_early_handler(unsigned long physaddr) } } +void __head early_load_tss(void) +{ + struct desc_struct *gdt = (struct desc_struct *)boot_gdt; + struct tss_struct *tss = this_cpu_ptr(&cpu_tss_rw); + tss_desc tss_desc; + + set_tssldt_descriptor(&tss_desc, (unsigned long)tss, DESC_TSS, +...

On Tue, Apr 28, 2020 at 05:16:52PM +0200, Joerg Roedel wrote: > diff --git a/arch/x86/include/asm/sev-es.h b/arch/x86/include/asm/sev-es.h > index b2cbcd40b52e..e1ed963a57ec 100644 > --- a/arch/x86/include/asm/sev-es.h > +++ b/arch/x86/include/asm/sev-es.h > @@ -74,5 +74,6 @@ static inline u64 lower_bits(u64 val, unsigned int bits) > } > > extern void vc_no_ghcb(void);

On Tue, Apr 28, 2020 at 05:16:52PM +0200, Joerg Roedel wrote: > diff --git a/arch/x86/include/asm/sev-es.h b/arch/x86/include/asm/sev-es.h > index b2cbcd40b52e..e1ed963a57ec 100644 > --- a/arch/x86/include/asm/sev-es.h > +++ b/arch/x86/include/asm/sev-es.h > @@ -74,5 +74,6 @@ static inline u64 lower_bits(u64 val, unsigned int bits) > } > > extern void vc_no_ghcb(void);

...ng get_debugctlmsr(void) { diff --git a/arch/x86/include/asm/setup.h b/arch/x86/include/asm/setup.h index 0ce6453c9272..bbd40dd20be7 100644 --- a/arch/x86/include/asm/setup.h +++ b/arch/x86/include/asm/setup.h @@ -54,6 +54,7 @@ extern void startup_64_setup_env(unsigned long physbase); extern void early_idt_setup_early_handler(unsigned long physaddr); extern void early_load_idt(void); extern void early_idt_setup(unsigned long physbase); +extern void early_load_tss(void); extern void __init do_early_exception(struct pt_regs *regs, int trapnr); #ifdef CONFIG_X86_INTEL_MID diff --git a/arch/x86/kernel/cp...

From: Joerg Roedel <jroedel at suse.de> Hi, here is the new version of the SEV-ES client enabling patch-set. It is based on the latest tip/master branch and contains the necessary changes. In particular those ar: - Enabling CR4.FSGSBASE early on supported processors so that early #VC exceptions on APs can be handled. - Add another patch (patch 1) to fix a KVM frame-size build

From: Joerg Roedel <jroedel at suse.de> Hi, here is a rebased version of the latest SEV-ES patches. They are now based on latest tip/master instead of upstream Linux and include the necessary changes. Changes to v4 are in particular: - Moved early IDT setup code to idt.c, because the idt_descr and the idt_table are now static - This required to make stack protector work early (or

From: Joerg Roedel <jroedel at suse.de> Hi, here is the fourth version of the SEV-ES Guest Support patches. I addressed the review comments sent to me for the previous version and rebased the code v5.8-rc5. The biggest change in this version is the IST handling code for the #VC handler. I adapted the entry code for the #VC handler to the big pile of entry code changes merged into

From: Joerg Roedel <jroedel at suse.de> Hi, here is the fourth version of the SEV-ES Guest Support patches. I addressed the review comments sent to me for the previous version and rebased the code v5.8-rc5. The biggest change in this version is the IST handling code for the #VC handler. I adapted the entry code for the #VC handler to the big pile of entry code changes merged into

Hi, here is the first public post of the patch-set to enable Linux to run under SEV-ES enabled hypervisors. The code is mostly feature-complete, but there are still a couple of bugs to fix. Nevertheless, given the size of the patch-set, I think it is about time to ask for initial feedback of the changes that come with it. To better understand the code here is a quick explanation of SEV-ES first.

Hi, here is the first public post of the patch-set to enable Linux to run under SEV-ES enabled hypervisors. The code is mostly feature-complete, but there are still a couple of bugs to fix. Nevertheless, given the size of the patch-set, I think it is about time to ask for initial feedback of the changes that come with it. To better understand the code here is a quick explanation of SEV-ES first.

Hi, here is the next version of changes to enable Linux to run as an SEV-ES guest. The code was rebased to v5.7-rc3 and got a fair number of changes since the last version. What is SEV-ES ============== SEV-ES is an acronym for 'Secure Encrypted Virtualization - Encrypted State' and means a hardware feature of AMD processors which hides the register state of VCPUs to the hypervisor by

Hi, here is the next version of changes to enable Linux to run as an SEV-ES guest. The code was rebased to v5.7-rc3 and got a fair number of changes since the last version. What is SEV-ES ============== SEV-ES is an acronym for 'Secure Encrypted Virtualization - Encrypted State' and means a hardware feature of AMD processors which hides the register state of VCPUs to the hypervisor by