search for: ghcb_set_rcx

...sult vc_handle_monitor(struct ghcb *ghcb, > + struct es_em_ctxt *ctxt) > +{ > + phys_addr_t monitor_pa; > + pgd_t *pgd; > + > + pgd = __va(read_cr3_pa()); > + monitor_pa = vc_slow_virt_to_phys(ghcb, ctxt->regs->ax); > + > + ghcb_set_rax(ghcb, monitor_pa); > + ghcb_set_rcx(ghcb, ctxt->regs->cx); > + ghcb_set_rdx(ghcb, ctxt->regs->dx); > + > + return sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_MONITOR, 0, 0); Why? If SVM has the same behavior as VMX, the MONITOR will be disarmed on VM-Enter, i.e. the VMM can't do anything useful for MONITOR/MWA...

...sult vc_handle_monitor(struct ghcb *ghcb, > + struct es_em_ctxt *ctxt) > +{ > + phys_addr_t monitor_pa; > + pgd_t *pgd; > + > + pgd = __va(read_cr3_pa()); > + monitor_pa = vc_slow_virt_to_phys(ghcb, ctxt->regs->ax); > + > + ghcb_set_rax(ghcb, monitor_pa); > + ghcb_set_rcx(ghcb, ctxt->regs->cx); > + ghcb_set_rdx(ghcb, ctxt->regs->dx); > + > + return sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_MONITOR, 0, 0); Why? If SVM has the same behavior as VMX, the MONITOR will be disarmed on VM-Enter, i.e. the VMM can't do anything useful for MONITOR/MWA...

...t; +{ > > > + phys_addr_t monitor_pa; > > > + pgd_t *pgd; > > > + > > > + pgd = __va(read_cr3_pa()); > > > + monitor_pa = vc_slow_virt_to_phys(ghcb, ctxt->regs->ax); > > > + > > > + ghcb_set_rax(ghcb, monitor_pa); > > > + ghcb_set_rcx(ghcb, ctxt->regs->cx); > > > + ghcb_set_rdx(ghcb, ctxt->regs->dx); > > > + > > > + return sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_MONITOR, 0, 0); > > > > Why? If SVM has the same behavior as VMX, the MONITOR will be disarmed on > > VM-Ente...

...t; +{ > > > + phys_addr_t monitor_pa; > > > + pgd_t *pgd; > > > + > > > + pgd = __va(read_cr3_pa()); > > > + monitor_pa = vc_slow_virt_to_phys(ghcb, ctxt->regs->ax); > > > + > > > + ghcb_set_rax(ghcb, monitor_pa); > > > + ghcb_set_rcx(ghcb, ctxt->regs->cx); > > > + ghcb_set_rdx(ghcb, ctxt->regs->dx); > > > + > > > + return sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_MONITOR, 0, 0); > > > > Why? If SVM has the same behavior as VMX, the MONITOR will be disarmed on > > VM-Ente...

...ev-es-shared.c index 5bfc1f3030d4..cfdafe12da4f 100644 --- a/arch/x86/kernel/sev-es-shared.c +++ b/arch/x86/kernel/sev-es-shared.c @@ -427,8 +427,8 @@ static enum es_result vc_handle_cpuid(struct ghcb *ghcb, u32 cr4 = native_read_cr4(); enum es_result ret; - ghcb_set_rax(ghcb, regs->ax); - ghcb_set_rcx(ghcb, regs->cx); + ghcb_set_rax(ghcb, lower_32_bits(regs->ax)); + ghcb_set_rcx(ghcb, lower_32_bits(regs->cx)); if (cr4 & X86_CR4_OSXSAVE) /* Safe to read xcr0 */ @@ -447,10 +447,10 @@ static enum es_result vc_handle_cpuid(struct ghcb *ghcb, ghcb_is_valid_rdx(ghcb))) r...

...ecompression boot stage */ #include "sev-es-shared.c" +static enum es_result handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt) +{ + struct pt_regs *regs = ctxt->regs; + enum es_result ret; + bool write; + u64 exit_info_1; + + write = (ctxt->insn.opcode.bytes[1] == 0x30); + + ghcb_set_rcx(ghcb, regs->cx); + if (write) { + ghcb_set_rax(ghcb, regs->ax); + ghcb_set_rdx(ghcb, regs->dx); + exit_info_1 = 1; + } else { + exit_info_1 = 0; + } + + ret = ghcb_hv_call(ghcb, ctxt, SVM_EXIT_MSR, exit_info_1, 0); + if (ret != ES_OK) + return ret; + else if (!write) { + regs->ax...

...ctxt *ctxt return ES_OK; } +static enum es_result vc_handle_monitor(struct ghcb *ghcb, + struct es_em_ctxt *ctxt) +{ + phys_addr_t monitor_pa; + pgd_t *pgd; + + pgd = __va(read_cr3_pa()); + monitor_pa = vc_slow_virt_to_phys(ghcb, ctxt->regs->ax); + + ghcb_set_rax(ghcb, monitor_pa); + ghcb_set_rcx(ghcb, ctxt->regs->cx); + ghcb_set_rdx(ghcb, ctxt->regs->dx); + + return sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_MONITOR, 0, 0); +} + static enum es_result vc_handle_exitcode(struct es_em_ctxt *ctxt, struct ghcb *ghcb, unsigned long exit_code) @@ -860,6 +876,9 @@ static e...

...mpression boot stage */ #include "sev-es-shared.c" +static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt) +{ + struct pt_regs *regs = ctxt->regs; + enum es_result ret; + u64 exit_info_1; + + exit_info_1 = (ctxt->insn.opcode.bytes[1] == 0x30) ? 1 : 0; + + ghcb_set_rcx(ghcb, regs->cx); + if (exit_info_1) { + ghcb_set_rax(ghcb, regs->ax); + ghcb_set_rdx(ghcb, regs->dx); + exit_info_1 = 1; + } + + ret = sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_MSR, exit_info_1, 0); + + if ((ret == ES_OK) && (!exit_info_1)) { + regs->ax = ghcb->save.rax; +...

...;< VMWARE_CMD_LEGACY_X2APIC)) != 0; } +#ifdef CONFIG_AMD_MEM_ENCRYPT +static void vmware_sev_es_hcall_prepare(struct ghcb *ghcb, + struct pt_regs *regs) +{ + /* Copy VMWARE specific Hypercall parameters to the GHCB */ + ghcb_set_rip(ghcb, regs->ip); + ghcb_set_rbx(ghcb, regs->bx); + ghcb_set_rcx(ghcb, regs->cx); + ghcb_set_rdx(ghcb, regs->dx); + ghcb_set_rsi(ghcb, regs->si); + ghcb_set_rdi(ghcb, regs->di); + ghcb_set_rbp(ghcb, regs->bp); +} + +static bool vmware_sev_es_hcall_finish(struct ghcb *ghcb, struct pt_regs *regs) +{ + if (!(ghcb_is_valid_rbx(ghcb) && +...

...; + struct es_em_ctxt *ctxt) > > +{ > > + phys_addr_t monitor_pa; > > + pgd_t *pgd; > > + > > + pgd = __va(read_cr3_pa()); > > + monitor_pa = vc_slow_virt_to_phys(ghcb, ctxt->regs->ax); > > + > > + ghcb_set_rax(ghcb, monitor_pa); > > + ghcb_set_rcx(ghcb, ctxt->regs->cx); > > + ghcb_set_rdx(ghcb, ctxt->regs->dx); > > + > > + return sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_MONITOR, 0, 0); > > Why? If SVM has the same behavior as VMX, the MONITOR will be disarmed on > VM-Enter, i.e. the VMM can't do a...

...t;> + phys_addr_t monitor_pa; >>>> + pgd_t *pgd; >>>> + >>>> + pgd = __va(read_cr3_pa()); >>>> + monitor_pa = vc_slow_virt_to_phys(ghcb, ctxt->regs->ax); >>>> + >>>> + ghcb_set_rax(ghcb, monitor_pa); >>>> + ghcb_set_rcx(ghcb, ctxt->regs->cx); >>>> + ghcb_set_rdx(ghcb, ctxt->regs->dx); >>>> + >>>> + return sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_MONITOR, 0, 0); >>> >>> Why? If SVM has the same behavior as VMX, the MONITOR will be disarmed on >&g...

...num es_result vc_handle_cpuid(struct ghcb *ghcb, > > + struct es_em_ctxt *ctxt) > > +{ > > + struct pt_regs *regs = ctxt->regs; > > + u32 cr4 = native_read_cr4(); > > + enum es_result ret; > > + > > + ghcb_set_rax(ghcb, regs->ax); > > + ghcb_set_rcx(ghcb, regs->cx); > > + > > + if (cr4 & X86_CR4_OSXSAVE) > > Will this ever happen? trampoline_32bit_src will clear CR4 except for > PAE and possibly LA57, no? This same code is later re-used in the runtime handler and there the check is needed :) Regards, Joerg

Hi, here is the next version of changes to enable Linux to run as an SEV-ES guest. The code was rebased to v5.7-rc3 and got a fair number of changes since the last version. What is SEV-ES ============== SEV-ES is an acronym for 'Secure Encrypted Virtualization - Encrypted State' and means a hardware feature of AMD processors which hides the register state of VCPUs to the hypervisor by

Hi, here is the next version of changes to enable Linux to run as an SEV-ES guest. The code was rebased to v5.7-rc3 and got a fair number of changes since the last version. What is SEV-ES ============== SEV-ES is an acronym for 'Secure Encrypted Virtualization - Encrypted State' and means a hardware feature of AMD processors which hides the register state of VCPUs to the hypervisor by

Hi, here is the first public post of the patch-set to enable Linux to run under SEV-ES enabled hypervisors. The code is mostly feature-complete, but there are still a couple of bugs to fix. Nevertheless, given the size of the patch-set, I think it is about time to ask for initial feedback of the changes that come with it. To better understand the code here is a quick explanation of SEV-ES first.

Hi, here is the first public post of the patch-set to enable Linux to run under SEV-ES enabled hypervisors. The code is mostly feature-complete, but there are still a couple of bugs to fix. Nevertheless, given the size of the patch-set, I think it is about time to ask for initial feedback of the changes that come with it. To better understand the code here is a quick explanation of SEV-ES first.

From: Joerg Roedel <jroedel at suse.de> Hi, here is the new version of the SEV-ES client enabling patch-set. It is based on the latest tip/master branch and contains the necessary changes. In particular those ar: - Enabling CR4.FSGSBASE early on supported processors so that early #VC exceptions on APs can be handled. - Add another patch (patch 1) to fix a KVM frame-size build

From: Joerg Roedel <jroedel at suse.de> Hi, here is a rebased version of the latest SEV-ES patches. They are now based on latest tip/master instead of upstream Linux and include the necessary changes. Changes to v4 are in particular: - Moved early IDT setup code to idt.c, because the idt_descr and the idt_table are now static - This required to make stack protector work early (or

From: Joerg Roedel <jroedel at suse.de> Hi, here is the fourth version of the SEV-ES Guest Support patches. I addressed the review comments sent to me for the previous version and rebased the code v5.8-rc5. The biggest change in this version is the IST handling code for the #VC handler. I adapted the entry code for the #VC handler to the big pile of entry code changes merged into

From: Joerg Roedel <jroedel at suse.de> Hi, here is the fourth version of the SEV-ES Guest Support patches. I addressed the review comments sent to me for the previous version and rebased the code v5.8-rc5. The biggest change in this version is the IST handling code for the #VC handler. I adapted the entry code for the #VC handler to the big pile of entry code changes merged into