Displaying 15 results from an estimated 15 matches for "set_page_encrypted".
2020 Apr 28
0
[PATCH v3 24/75] x86/boot/compressed/64: Unmap GHCB page before booting the kernel
...les changed, 39 insertions(+), 4 deletions(-)
diff --git a/arch/x86/boot/compressed/ident_map_64.c b/arch/x86/boot/compressed/ident_map_64.c
index bb68e9c9d87a..d3771d455249 100644
--- a/arch/x86/boot/compressed/ident_map_64.c
+++ b/arch/x86/boot/compressed/ident_map_64.c
@@ -291,10 +291,21 @@ int set_page_encrypted(unsigned long address)
return set_clr_page_flags(&mapping_info, address, _PAGE_ENC, 0);
}
+int set_page_non_present(unsigned long address)
+{
+ return set_clr_page_flags(&mapping_info, address, 0, _PAGE_PRESENT);
+}
+
void do_boot_page_fault(struct pt_regs *regs, unsigned long error_c...
2020 Apr 28
0
[PATCH v3 22/75] x86/boot/compressed/64: Add set_page_en/decrypted() helpers
...e, set);
+ pte = pte_clear_flags(pte, clr);
+ set_pte(ptep, pte);
+
+ /* Flush TLB after changing encryption attribute */
+ write_cr3(top_level_pgt);
+
+ return 0;
+}
+
+int set_page_decrypted(unsigned long address)
+{
+ return set_clr_page_flags(&mapping_info, address, 0, _PAGE_ENC);
+}
+
+int set_page_encrypted(unsigned long address)
+{
+ return set_clr_page_flags(&mapping_info, address, _PAGE_ENC, 0);
+}
+
void do_boot_page_fault(struct pt_regs *regs, unsigned long error_code)
{
unsigned long address = native_read_cr2() & PMD_MASK;
diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/...
2020 May 12
2
[PATCH v3 23/75] x86/boot/compressed/64: Setup GHCB Based VC Exception handler
...v_es_shutdown_ghcb(void)
> +{
> + if (!boot_ghcb)
> + return;
> +
> + /*
> + * GHCB Page must be flushed from the cache and mapped encrypted again.
> + * Otherwise the running kernel will see strange cache effects when
> + * trying to use that page.
> + */
> + if (set_page_encrypted((unsigned long)&boot_ghcb_page))
> + error("Can't map GHCB page encrypted");
Is that error() call enough?
Shouldn't we BUG_ON() here or mark that page Reserved or so, so that
nothing uses it during the system lifetime and thus avoid the strange
cache effects?
...
>...
2020 May 12
2
[PATCH v3 23/75] x86/boot/compressed/64: Setup GHCB Based VC Exception handler
...v_es_shutdown_ghcb(void)
> +{
> + if (!boot_ghcb)
> + return;
> +
> + /*
> + * GHCB Page must be flushed from the cache and mapped encrypted again.
> + * Otherwise the running kernel will see strange cache effects when
> + * trying to use that page.
> + */
> + if (set_page_encrypted((unsigned long)&boot_ghcb_page))
> + error("Can't map GHCB page encrypted");
Is that error() call enough?
Shouldn't we BUG_ON() here or mark that page Reserved or so, so that
nothing uses it during the system lifetime and thus avoid the strange
cache effects?
...
>...
2020 May 12
0
[PATCH v3 23/75] x86/boot/compressed/64: Setup GHCB Based VC Exception handler
...cally belong in this function AFAICT as this
> function should setup the GHCB only. You can move it to the caller.
Probably better rename the function, it also does the sev-es protocol
version negotiation and all other related setup tasks. Maybe
sev_es_setup() is a better name?
> > + if (set_page_encrypted((unsigned long)&boot_ghcb_page))
> > + error("Can't map GHCB page encrypted");
>
> Is that error() call enough?
>
> Shouldn't we BUG_ON() here or mark that page Reserved or so, so that
> nothing uses it during the system lifetime and thus avoid the stra...
2020 Jul 24
0
[PATCH v5 75/75] x86/sev-es: Check required CPU features for SEV-ES
...dom_location(unsigned long input,
unsigned long input_size,
@@ -97,6 +95,9 @@ static inline void choose_random_location(unsigned long input,
}
#endif
+/* cpuflags.c */
+bool has_cpuflag(int flag);
+
#ifdef CONFIG_X86_64
extern int set_page_decrypted(unsigned long address);
extern int set_page_encrypted(unsigned long address);
diff --git a/arch/x86/boot/compressed/sev-es.c b/arch/x86/boot/compressed/sev-es.c
index b522c18c0588..eb1a8b5cc753 100644
--- a/arch/x86/boot/compressed/sev-es.c
+++ b/arch/x86/boot/compressed/sev-es.c
@@ -145,6 +145,9 @@ void sev_es_shutdown_ghcb(void)
if (!boot_ghcb)...
2020 Apr 28
0
[PATCH v3 23/75] x86/boot/compressed/64: Setup GHCB Based VC Exception handler
...inat_init_tables();
+
+ return true;
+}
+
+void sev_es_shutdown_ghcb(void)
+{
+ if (!boot_ghcb)
+ return;
+
+ /*
+ * GHCB Page must be flushed from the cache and mapped encrypted again.
+ * Otherwise the running kernel will see strange cache effects when
+ * trying to use that page.
+ */
+ if (set_page_encrypted((unsigned long)&boot_ghcb_page))
+ error("Can't map GHCB page encrypted");
+}
+
+void do_boot_stage2_vc(struct pt_regs *regs, unsigned long exit_code)
+{
+ struct es_em_ctxt ctxt;
+ enum es_result result;
+
+ if (!boot_ghcb && !sev_es_setup_ghcb())
+ sev_es_terminate(GHC...
2020 Jul 24
86
[PATCH v5 00/75] x86: SEV-ES Guest Support
From: Joerg Roedel <jroedel at suse.de>
Hi,
here is a rebased version of the latest SEV-ES patches. They are now
based on latest tip/master instead of upstream Linux and include the
necessary changes.
Changes to v4 are in particular:
- Moved early IDT setup code to idt.c, because the idt_descr
and the idt_table are now static
- This required to make stack protector work early (or
2020 Aug 24
96
[PATCH v6 00/76] x86: SEV-ES Guest Support
From: Joerg Roedel <jroedel at suse.de>
Hi,
here is the new version of the SEV-ES client enabling patch-set. It is
based on the latest tip/master branch and contains the necessary
changes. In particular those ar:
- Enabling CR4.FSGSBASE early on supported processors so that
early #VC exceptions on APs can be handled.
- Add another patch (patch 1) to fix a KVM frame-size build
2020 Jul 14
92
[PATCH v4 00/75] x86: SEV-ES Guest Support
From: Joerg Roedel <jroedel at suse.de>
Hi,
here is the fourth version of the SEV-ES Guest Support patches. I
addressed the review comments sent to me for the previous version and
rebased the code v5.8-rc5.
The biggest change in this version is the IST handling code for the
#VC handler. I adapted the entry code for the #VC handler to the big
pile of entry code changes merged into
2020 Jul 14
92
[PATCH v4 00/75] x86: SEV-ES Guest Support
From: Joerg Roedel <jroedel at suse.de>
Hi,
here is the fourth version of the SEV-ES Guest Support patches. I
addressed the review comments sent to me for the previous version and
rebased the code v5.8-rc5.
The biggest change in this version is the IST handling code for the
#VC handler. I adapted the entry code for the #VC handler to the big
pile of entry code changes merged into
2020 Sep 07
84
[PATCH v7 00/72] x86: SEV-ES Guest Support
From: Joerg Roedel <jroedel at suse.de>
Hi,
here is a new version of the SEV-ES Guest Support patches for x86. The
previous versions can be found as a linked list starting here:
https://lore.kernel.org/lkml/20200824085511.7553-1-joro at 8bytes.org/
I updated the patch-set based on ther review comments I got and the
discussions around it.
Another important change is that the early IDT
2020 Sep 07
84
[PATCH v7 00/72] x86: SEV-ES Guest Support
From: Joerg Roedel <jroedel at suse.de>
Hi,
here is a new version of the SEV-ES Guest Support patches for x86. The
previous versions can be found as a linked list starting here:
https://lore.kernel.org/lkml/20200824085511.7553-1-joro at 8bytes.org/
I updated the patch-set based on ther review comments I got and the
discussions around it.
Another important change is that the early IDT
2020 Apr 28
116
[PATCH v3 00/75] x86: SEV-ES Guest Support
Hi,
here is the next version of changes to enable Linux to run as an SEV-ES
guest. The code was rebased to v5.7-rc3 and got a fair number of changes
since the last version.
What is SEV-ES
==============
SEV-ES is an acronym for 'Secure Encrypted Virtualization - Encrypted
State' and means a hardware feature of AMD processors which hides the
register state of VCPUs to the hypervisor by
2020 Apr 28
116
[PATCH v3 00/75] x86: SEV-ES Guest Support
Hi,
here is the next version of changes to enable Linux to run as an SEV-ES
guest. The code was rebased to v5.7-rc3 and got a fair number of changes
since the last version.
What is SEV-ES
==============
SEV-ES is an acronym for 'Secure Encrypted Virtualization - Encrypted
State' and means a hardware feature of AMD processors which hides the
register state of VCPUs to the hypervisor by