search for: ghcbs

...ncrypt.h > +++ b/arch/x86/include/asm/mem_encrypt.h > @@ -48,6 +48,7 @@ int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size); > void __init mem_encrypt_init(void); > void __init mem_encrypt_free_decrypted_mem(void); > > +void __init encrypted_state_init_ghcbs(void); > bool sme_active(void); > bool sev_active(void); > bool sev_es_active(void); > @@ -71,6 +72,7 @@ static inline void __init sme_early_init(void) { } > static inline void __init sme_encrypt_kernel(struct boot_params *bp) { } > static inline void __init sme_enable(struct...

...a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -48,6 +48,7 @@ int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size); void __init mem_encrypt_init(void); void __init mem_encrypt_free_decrypted_mem(void); +void __init encrypted_state_init_ghcbs(void); bool sme_active(void); bool sev_active(void); bool sev_es_active(void); @@ -71,6 +72,7 @@ static inline void __init sme_early_init(void) { } static inline void __init sme_encrypt_kernel(struct boot_params *bp) { } static inline void __init sme_enable(struct boot_params *bp) { } +stati...

...a, cpu) = data; +} + +static void __init init_ghcb(int cpu) +{ + struct sev_es_runtime_data *data; + int err; + + data = per_cpu(runtime_data, cpu); + + err = early_set_memory_decrypted((unsigned long)&data->ghcb_page, + sizeof(data->ghcb_page)); + if (err) + panic("Can not map GHCBs unencrypted"); + + memset(&data->ghcb_page, 0, sizeof(data->ghcb_page)); +} + +void __init sev_es_init_vc_handling(void) +{ + int cpu; + + BUILD_BUG_ON((offsetof(struct sev_es_runtime_data, ghcb_page) % PAGE_SIZE) != 0); + + if (!sev_es_active()) + return; + + /* Initialize per-cpu...

...= data; +} + +static void __init sev_es_init_ghcb(int cpu) +{ + struct sev_es_runtime_data *data; + int err; + + data = per_cpu(runtime_data, cpu); + + err = early_set_memory_decrypted((unsigned long)&data->ghcb_page, + sizeof(data->ghcb_page)); + if (err) + panic("Can not map GHCBs unencrypted"); + + memset(&data->ghcb_page, 0, sizeof(data->ghcb_page)); +} + +void __init sev_es_init_vc_handling(void) +{ + int cpu; + + BUILD_BUG_ON((offsetof(struct sev_es_runtime_data, ghcb_page) % PAGE_SIZE) != 0); + + if (!sev_es_active()) + return; + + /* Initialize per-cpu...

On 4/14/20 1:04 PM, Tom Lendacky wrote: >> set_memory_decrypted needs to check the return value. I see it >> consistently return ENOMEM. I've traced that back to split_large_page >> in arch/x86/mm/pat/set_memory.c. > > At that point the guest won't be able to communicate with the > hypervisor, too. Maybe we should BUG() here to terminate further > processing?

On 4/14/20 3:12 PM, Dave Hansen wrote: > On 4/14/20 1:04 PM, Tom Lendacky wrote: >>> set_memory_decrypted needs to check the return value. I see it >>> consistently return ENOMEM. I've traced that back to split_large_page >>> in arch/x86/mm/pat/set_memory.c. >> >> At that point the guest won't be able to communicate with the >> hypervisor,

Hi Mike, On Tue, Apr 14, 2020 at 07:03:44PM +0000, Mike Stunes wrote: > set_memory_decrypted needs to check the return value. I see it > consistently return ENOMEM. I've traced that back to split_large_page > in arch/x86/mm/pat/set_memory.c. I agree that the return code needs to be checked. But I wonder why this happens. The split_large_page() function returns -ENOMEM when

...he > failure is like the following: > > __alloc_pages_slowpath > __alloc_pages_nodemask > alloc_pages_current > alloc_pages > split_large_page > __change_page_attr > __change_page_attr_set_clr > __set_memory_enc_dec > set_memory_decrypted > sev_es_init_ghcbs > trap_init -> before mm_init (in init/main.c) > start_kernel > x86_64_start_reservations > x86_64_start_kernel > secondary_startup_64 > > At this time, mem_init hasn't been called yet (which would be called by > mm_init). Thus, the free pages are still owned...

...b/arch/x86/kernel/sev-es.c >> index c17980e8db78..4bf5286310a0 100644 >> --- a/arch/x86/kernel/sev-es.c >> +++ b/arch/x86/kernel/sev-es.c >> @@ -197,6 +203,26 @@ static bool __init sev_es_setup_ghcb(void) >> return true; >> } >> >> +void sev_es_init_ghcbs(void) >> +{ >> + int cpu; >> + >> + if (!sev_es_active()) >> + return; >> + >> + /* Allocate GHCB pages */ >> + ghcb_page = __alloc_percpu(sizeof(struct ghcb), PAGE_SIZE); >> + >> + /* Initialize per-cpu GHCB pages */ >> + for_each_...

...b/arch/x86/kernel/sev-es.c >> index c17980e8db78..4bf5286310a0 100644 >> --- a/arch/x86/kernel/sev-es.c >> +++ b/arch/x86/kernel/sev-es.c >> @@ -197,6 +203,26 @@ static bool __init sev_es_setup_ghcb(void) >> return true; >> } >> >> +void sev_es_init_ghcbs(void) >> +{ >> + int cpu; >> + >> + if (!sev_es_active()) >> + return; >> + >> + /* Allocate GHCB pages */ >> + ghcb_page = __alloc_percpu(sizeof(struct ghcb), PAGE_SIZE); >> + >> + /* Initialize per-cpu GHCB pages */ >> + for_each_...

...*/ > struct vmm_exception_stacks vc_stacks __aligned(PAGE_SIZE); > + > + /* Reserve on page per CPU as backup storage for the unencrypted GHCB */ one > + struct ghcb backup_ghcb; I could use some text explaining what those backups are for? > + /* > + * Mark the per-cpu GHCBs as in-use to detect nested #VC exceptions. > + * There is no need for it to be atomic, because nothing is written to > + * the GHCB between the read and the write of ghcb_active. So it is safe > + * to use it when a nested #VC exception happens before the write. > + */ Looks liks t...

...*/ > struct vmm_exception_stacks vc_stacks __aligned(PAGE_SIZE); > + > + /* Reserve on page per CPU as backup storage for the unencrypted GHCB */ one > + struct ghcb backup_ghcb; I could use some text explaining what those backups are for? > + /* > + * Mark the per-cpu GHCBs as in-use to detect nested #VC exceptions. > + * There is no need for it to be atomic, because nothing is written to > + * the GHCB between the read and the write of ghcb_active. So it is safe > + * to use it when a nested #VC exception happens before the write. > + */ Looks liks t...

...@@ struct sev_es_runtime_data { /* Physical storage for the per-cpu IST stacks of the #VC handler */ struct vmm_exception_stacks vc_stacks __aligned(PAGE_SIZE); + + /* Reserve on page per CPU as backup storage for the unencrypted GHCB */ + struct ghcb backup_ghcb; + + /* + * Mark the per-cpu GHCBs as in-use to detect nested #VC exceptions. + * There is no need for it to be atomic, because nothing is written to + * the GHCB between the read and the write of ghcb_active. So it is safe + * to use it when a nested #VC exception happens before the write. + */ + bool ghcb_active; + bool backup...

...919f09ae33c..cf1d957c7091 100644 --- a/arch/x86/include/asm/sev-es.h +++ b/arch/x86/include/asm/sev-es.h @@ -102,11 +102,13 @@ static __always_inline void sev_es_nmi_complete(void) if (static_branch_unlikely(&sev_es_enable_key)) __sev_es_nmi_complete(); } +extern int __init sev_es_efi_map_ghcbs(pgd_t *pgd); #else static inline void sev_es_ist_enter(struct pt_regs *regs) { } static inline void sev_es_ist_exit(void) { } static inline int sev_es_setup_ap_jump_table(struct real_mode_header *rmh) { return 0; } static inline void sev_es_nmi_complete(void) { } +static inline int sev_es_efi_...

On Sat, May 23, 2020 at 09:59:24AM +0200, Borislav Petkov wrote: > On Tue, Apr 28, 2020 at 05:16:57PM +0200, Joerg Roedel wrote: > > + /* > > + * Mark the per-cpu GHCBs as in-use to detect nested #VC exceptions. > > + * There is no need for it to be atomic, because nothing is written to > > + * the GHCB between the read and the write of ghcb_active. So it is safe > > + * to use it when a nested #VC exception happens before the write. > >...

On Thu, Jun 11, 2020 at 01:48:31PM +0200, Joerg Roedel wrote: > On Sat, May 23, 2020 at 09:59:24AM +0200, Borislav Petkov wrote: > > On Tue, Apr 28, 2020 at 05:16:57PM +0200, Joerg Roedel wrote: > > > + /* > > > + * Mark the per-cpu GHCBs as in-use to detect nested #VC exceptions. > > > + * There is no need for it to be atomic, because nothing is written to > > > + * the GHCB between the read and the write of ghcb_active. So it is safe > > > + * to use it when a nested #VC exception happens before the w...

...> 1, > TRUE > ); > ASSERT_RETURN_ERROR (DecryptStatus); > } > > ZeroMem (GhcbBase, EFI_PAGES_TO_SIZE (GhcbPageCount)); > > PcdStatus = PcdSet64S (PcdGhcbBase, GhcbBasePa); > ASSERT_RETURN_ERROR (PcdStatus); > PcdStatus = PcdSet64S (PcdGhcbSize, EFI_PAGES_TO_SIZE (GhcbPageCount)); > ASSERT_RETURN_ERROR (PcdStatus); > > DEBUG ((DEBUG_INFO, > "SEV-ES is enabled, %lu GHCB pages allocated starting at 0x%p\n", > (UINT64)GhcbPageCount, GhcbBase)); > > AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa);...

...16727f1..ce9a197bf958 100644 --- a/arch/x86/include/asm/sev-es.h +++ b/arch/x86/include/asm/sev-es.h @@ -87,6 +87,7 @@ void sev_es_nmi_enter(void); void sev_es_nmi_exit(void); int sev_es_setup_ap_jump_table(struct real_mode_header *rmh); void sev_es_nmi_complete(void); +int __init sev_es_efi_map_ghcbs(pgd_t *pgd); #else /* CONFIG_AMD_MEM_ENCRYPT */ static inline const char *vc_stack_name(enum stack_type type) { @@ -97,6 +98,10 @@ static inline int sev_es_setup_ap_jump_table(struct real_mode_header *rmh) return 0; } static inline void sev_es_nmi_complete(void) { } +static inline int sev_es...

...e Martin Radev (1): x86/sev-es: Check required CPU features for SEV-ES Tom Lendacky (19): KVM: SVM: Add GHCB definitions x86/cpufeatures: Add SEV-ES CPU feature x86/sev-es: Add support for handling IOIO exceptions x86/sev-es: Add CPUID handling to #VC handler x86/sev-es: Setup per-cpu GHCBs for the runtime handler x86/sev-es: Add Runtime #VC Exception Handler x86/sev-es: Handle MMIO events x86/sev-es: Handle MSR events x86/sev-es: Handle DR7 read/write events x86/sev-es: Handle WBINVD Events x86/sev-es: Handle RDTSC(P) Events x86/sev-es: Handle RDPMC Events x86/sev-es:...

...e Martin Radev (1): x86/sev-es: Check required CPU features for SEV-ES Tom Lendacky (19): KVM: SVM: Add GHCB definitions x86/cpufeatures: Add SEV-ES CPU feature x86/sev-es: Add support for handling IOIO exceptions x86/sev-es: Add CPUID handling to #VC handler x86/sev-es: Setup per-cpu GHCBs for the runtime handler x86/sev-es: Add Runtime #VC Exception Handler x86/sev-es: Handle MMIO events x86/sev-es: Handle MSR events x86/sev-es: Handle DR7 read/write events x86/sev-es: Handle WBINVD Events x86/sev-es: Handle RDTSC(P) Events x86/sev-es: Handle RDPMC Events x86/sev-es:...