search for: es_base

...info(ctxt, &exit_info_1); > + if (ret != ES_OK) > + return ret; > + > + if (exit_info_1 & IOIO_TYPE_STR) { > + int df = (regs->flags & X86_EFLAGS_DF) ? -1 : 1; > + unsigned int io_bytes, exit_bytes; > + unsigned int ghcb_count, op_count; > + unsigned long es_base; > + u64 sw_scratch; > + > + /* > + * For the string variants with rep prefix the amount of in/out > + * operations per #VC exception is limited so that the kernel > + * has a chance to take interrupts an re-schedule while the > + * instruction is emulated. Doesn'...

...info(ctxt, &exit_info_1); > + if (ret != ES_OK) > + return ret; > + > + if (exit_info_1 & IOIO_TYPE_STR) { > + int df = (regs->flags & X86_EFLAGS_DF) ? -1 : 1; > + unsigned int io_bytes, exit_bytes; > + unsigned int ghcb_count, op_count; > + unsigned long es_base; > + u64 sw_scratch; > + > + /* > + * For the string variants with rep prefix the amount of in/out > + * operations per #VC exception is limited so that the kernel > + * has a chance to take interrupts an re-schedule while the > + * instruction is emulated. Doesn'...

...b_count = sizeof(ghcb->shared_buffer) / io_bytes; > > > + > > > + op_count = (exit_info_1 & IOIO_REP) ? regs->cx : 1; > > > + exit_info_2 = min(op_count, ghcb_count); > > > + exit_bytes = exit_info_2 * io_bytes; > > > + > > > + es_base = insn_get_seg_base(ctxt->regs, INAT_SEG_REG_ES); > > > + > > > + if (!(exit_info_1 & IOIO_TYPE_IN)) { > > > + ret = vc_insn_string_read(ctxt, > > > + (void *)(es_base + regs->si), > > > > SEV(-ES) is 64-bit only, why bother w...

...b_count = sizeof(ghcb->shared_buffer) / io_bytes; > > > + > > > + op_count = (exit_info_1 & IOIO_REP) ? regs->cx : 1; > > > + exit_info_2 = min(op_count, ghcb_count); > > > + exit_bytes = exit_info_2 * io_bytes; > > > + > > > + es_base = insn_get_seg_base(ctxt->regs, INAT_SEG_REG_ES); > > > + > > > + if (!(exit_info_1 & IOIO_TYPE_IN)) { > > > + ret = vc_insn_string_read(ctxt, > > > + (void *)(es_base + regs->si), > > > > SEV(-ES) is 64-bit only, why bother w...

...4) & 0x7; > > + ghcb_count = sizeof(ghcb->shared_buffer) / io_bytes; > > + > > + op_count = (exit_info_1 & IOIO_REP) ? regs->cx : 1; > > + exit_info_2 = min(op_count, ghcb_count); > > + exit_bytes = exit_info_2 * io_bytes; > > + > > + es_base = insn_get_seg_base(ctxt->regs, INAT_SEG_REG_ES); > > + > > + if (!(exit_info_1 & IOIO_TYPE_IN)) { > > + ret = vc_insn_string_read(ctxt, > > + (void *)(es_base + regs->si), > > SEV(-ES) is 64-bit only, why bother with the es_base charade? User...

..., but in SEV-ES guests it is a + * rare operation. If it turns out to be a performance problem the split + * operations can be moved to memcpy_fromio() and memcpy_toio(). + */ +static enum es_result vc_handle_mmio_movs(struct es_em_ctxt *ctxt, + unsigned int bytes) +{ + unsigned long ds_base, es_base; + unsigned char *src, *dst; + unsigned char buffer[8]; + enum es_result ret; + bool rep; + int off; + + ds_base = insn_get_seg_base(ctxt->regs, INAT_SEG_REG_DS); + es_base = insn_get_seg_base(ctxt->regs, INAT_SEG_REG_ES); + + if (ds_base == -1L || es_base == -1L) { + ctxt->fi.vector = X8...

...um es_result ret; + + ret = vc_ioio_exitinfo(ctxt, &exit_info_1); + if (ret != ES_OK) + return ret; + + if (exit_info_1 & IOIO_TYPE_STR) { + int df = (regs->flags & X86_EFLAGS_DF) ? -1 : 1; + unsigned int io_bytes, exit_bytes; + unsigned int ghcb_count, op_count; + unsigned long es_base; + u64 sw_scratch; + + /* + * For the string variants with rep prefix the amount of in/out + * operations per #VC exception is limited so that the kernel + * has a chance to take interrupts an re-schedule while the + * instruction is emulated. + */ + io_bytes = (exit_info_1 >>...

...Tue, Apr 28, 2020 at 05:16:35PM +0200, Joerg Roedel wrote: > + if (exit_info_1 & IOIO_TYPE_STR) { > + int df = (regs->flags & X86_EFLAGS_DF) ? -1 : 1; ... > + > + if (!(exit_info_1 & IOIO_TYPE_IN)) { > + ret = vc_insn_string_read(ctxt, > + (void *)(es_base + regs->si), > + ghcb->shared_buffer, io_bytes, > + exit_info_2, df); ^^^^ > + > + /* Everything went well, write back results */ > + if (exit_info_1 & IOIO_TYPE_IN) { > + ret = vc_insn_string_write(ctxt, > + (void *)(es_base...

Add GS base to the HVM VCPU context returned by xc_vcpu_getcontext() Signed-off-by: Aravindh Puthiyaparambil <aravindh@virtuata.com> diff -r e62ab14d44af -r babbb3e0f4d3 xen/arch/x86/domctl.c --- a/xen/arch/x86/domctl.c Fri Apr 20 11:36:02 2012 -0700 +++ b/xen/arch/x86/domctl.c Fri Apr 20 17:55:49 2012 -0700 @@ -1592,6 +1592,12 @@ void arch_get_info_guest(struct vcpu *v,

...->ds_sel = __vmread(GUEST_DS_SELECTOR); + c->ds_limit = __vmread(GUEST_DS_LIMIT); + c->ds_base = __vmread(GUEST_DS_BASE); + c->ds_arbytes = __vmread(GUEST_DS_AR_BYTES); + + c->es_sel = __vmread(GUEST_ES_SELECTOR); + c->es_limit = __vmread(GUEST_ES_LIMIT); + c->es_base = __vmread(GUEST_ES_BASE); + c->es_arbytes = __vmread(GUEST_ES_AR_BYTES); + + c->ss_sel = __vmread(GUEST_SS_SELECTOR); + c->ss_limit = __vmread(GUEST_SS_LIMIT); + c->ss_base = __vmread(GUEST_SS_BASE); + c->ss_arbytes = __vmread(GUEST_SS_AR_BYTES); + + c->fs_sel =...

On Wed, Jun 03, 2020 at 04:07:16PM -0700, Sean Christopherson wrote: > On Wed, Jun 03, 2020 at 04:23:25PM +0200, Joerg Roedel wrote: > > User-space can also cause IOIO #VC exceptions, and user-space can be > > 32-bit legacy code with segments, so es_base has to be taken into > > account. > > Is there actually a use case for this? Exposing port IO to userspace > doesn't exactly improve security. Might be true, but Linux supports it and this patch-set is not the place to challenge this feature. > Given that i386 ABI requires...

...erg Roedel wrote: > On Wed, Jun 03, 2020 at 04:07:16PM -0700, Sean Christopherson wrote: > > On Wed, Jun 03, 2020 at 04:23:25PM +0200, Joerg Roedel wrote: > > > User-space can also cause IOIO #VC exceptions, and user-space can be > > > 32-bit legacy code with segments, so es_base has to be taken into > > > account. > > > > Is there actually a use case for this? Exposing port IO to userspace > > doesn't exactly improve security. > > Might be true, but Linux supports it and this patch-set is not the place > to challenge this feature....

Hi, here is the next version of changes to enable Linux to run as an SEV-ES guest. The code was rebased to v5.7-rc3 and got a fair number of changes since the last version. What is SEV-ES ============== SEV-ES is an acronym for 'Secure Encrypted Virtualization - Encrypted State' and means a hardware feature of AMD processors which hides the register state of VCPUs to the hypervisor by

Hi, here is the next version of changes to enable Linux to run as an SEV-ES guest. The code was rebased to v5.7-rc3 and got a fair number of changes since the last version. What is SEV-ES ============== SEV-ES is an acronym for 'Secure Encrypted Virtualization - Encrypted State' and means a hardware feature of AMD processors which hides the register state of VCPUs to the hypervisor by

From: Joerg Roedel <jroedel at suse.de> Hi, here is a rebased version of the latest SEV-ES patches. They are now based on latest tip/master instead of upstream Linux and include the necessary changes. Changes to v4 are in particular: - Moved early IDT setup code to idt.c, because the idt_descr and the idt_table are now static - This required to make stack protector work early (or

From: Joerg Roedel <jroedel at suse.de> Hi, here is the fourth version of the SEV-ES Guest Support patches. I addressed the review comments sent to me for the previous version and rebased the code v5.8-rc5. The biggest change in this version is the IST handling code for the #VC handler. I adapted the entry code for the #VC handler to the big pile of entry code changes merged into

From: Joerg Roedel <jroedel at suse.de> Hi, here is the fourth version of the SEV-ES Guest Support patches. I addressed the review comments sent to me for the previous version and rebased the code v5.8-rc5. The biggest change in this version is the IST handling code for the #VC handler. I adapted the entry code for the #VC handler to the big pile of entry code changes merged into

From: Joerg Roedel <jroedel at suse.de> Hi, here is the new version of the SEV-ES client enabling patch-set. It is based on the latest tip/master branch and contains the necessary changes. In particular those ar: - Enabling CR4.FSGSBASE early on supported processors so that early #VC exceptions on APs can be handled. - Add another patch (patch 1) to fix a KVM frame-size build

From: Joerg Roedel <jroedel at suse.de> Hi, here is a new version of the SEV-ES Guest Support patches for x86. The previous versions can be found as a linked list starting here: https://lore.kernel.org/lkml/20200824085511.7553-1-joro at 8bytes.org/ I updated the patch-set based on ther review comments I got and the discussions around it. Another important change is that the early IDT

From: Joerg Roedel <jroedel at suse.de> Hi, here is a new version of the SEV-ES Guest Support patches for x86. The previous versions can be found as a linked list starting here: https://lore.kernel.org/lkml/20200824085511.7553-1-joro at 8bytes.org/ I updated the patch-set based on ther review comments I got and the discussions around it. Another important change is that the early IDT