search for: sev_es_init_ghcb

...rn true; } +static void __init sev_es_alloc_runtime_data(int cpu) +{ + struct sev_es_runtime_data *data; + + data = memblock_alloc(sizeof(*data), PAGE_SIZE); + if (!data) + panic("Can't allocate SEV-ES runtime data"); + + per_cpu(runtime_data, cpu) = data; +} + +static void __init sev_es_init_ghcb(int cpu) +{ + struct sev_es_runtime_data *data; + int err; + + data = per_cpu(runtime_data, cpu); + + err = early_set_memory_decrypted((unsigned long)&data->ghcb_page, + sizeof(data->ghcb_page)); + if (err) + panic("Can not map GHCBs unencrypted"); + + memset(&data-&gt...

...); * cleared */ static struct ghcb __initdata *boot_ghcb; +DEFINE_PER_CPU(struct cea_vmm_exception_stacks *, cea_vmm_exception_stacks); + +static char vc_stack_names[N_VC_STACKS][8]; /* #VC handler runtime per-cpu data */ struct sev_es_runtime_data { @@ -240,6 +244,16 @@ static void __init sev_es_init_ghcb(int cpu) memset(&data->ghcb_page, 0, sizeof(data->ghcb_page)); } +static void __init init_vc_stack_names(void) +{ + int i; + + for (i = 0; i < N_VC_STACKS; i++) { + snprintf(vc_stack_names[i], sizeof(vc_stack_names[i]), + "#VC%d", i); + } +} + static void __init sev...

...uct sev_es_runtime_data { struct ghcb ghcb_page; + + /* Physical storage for the per-cpu IST stacks of the #VC handler */ + struct vmm_exception_stacks vc_stacks __aligned(PAGE_SIZE); }; static DEFINE_PER_CPU(struct sev_es_runtime_data*, runtime_data); @@ -236,11 +240,46 @@ static void __init sev_es_init_ghcb(int cpu) memset(&data->ghcb_page, 0, sizeof(data->ghcb_page)); } +static void __init sev_es_setup_vc_stack(int cpu) +{ + struct vmm_exception_stacks *stack; + struct sev_es_runtime_data *data; + struct cpu_entry_area *cea; + struct tss_struct *tss; + unsigned long size; + char *first...

...at lead to the > failure is like the following: > > __alloc_pages_slowpath > __alloc_pages_nodemask > alloc_pages_current > alloc_pages > split_large_page > __change_page_attr > __change_page_attr_set_clr > __set_memory_enc_dec > set_memory_decrypted > sev_es_init_ghcbs > trap_init -> before mm_init (in init/main.c) > start_kernel > x86_64_start_reservations > x86_64_start_kernel > secondary_startup_64 > > At this time, mem_init hasn't been called yet (which would be called by > mm_init). Thus, the free pages are still owned...

...nel/sev-es.c b/arch/x86/kernel/sev-es.c >> index c17980e8db78..4bf5286310a0 100644 >> --- a/arch/x86/kernel/sev-es.c >> +++ b/arch/x86/kernel/sev-es.c >> @@ -197,6 +203,26 @@ static bool __init sev_es_setup_ghcb(void) >> return true; >> } >> >> +void sev_es_init_ghcbs(void) >> +{ >> + int cpu; >> + >> + if (!sev_es_active()) >> + return; >> + >> + /* Allocate GHCB pages */ >> + ghcb_page = __alloc_percpu(sizeof(struct ghcb), PAGE_SIZE); >> + >> + /* Initialize per-cpu GHCB pages */ >> + for_each...

...nel/sev-es.c b/arch/x86/kernel/sev-es.c >> index c17980e8db78..4bf5286310a0 100644 >> --- a/arch/x86/kernel/sev-es.c >> +++ b/arch/x86/kernel/sev-es.c >> @@ -197,6 +203,26 @@ static bool __init sev_es_setup_ghcb(void) >> return true; >> } >> >> +void sev_es_init_ghcbs(void) >> +{ >> + int cpu; >> + >> + if (!sev_es_active()) >> + return; >> + >> + /* Allocate GHCB pages */ >> + ghcb_page = __alloc_percpu(sizeof(struct ghcb), PAGE_SIZE); >> + >> + /* Initialize per-cpu GHCB pages */ >> + for_each...

...ck_stack); + cea_set_pte((void *)vaddr, pa, PAGE_KERNEL); +} + /* Needed in vc_early_forward_exception */ void do_early_exception(struct pt_regs *regs, int trapnr); @@ -249,6 +281,7 @@ void __init sev_es_init_vc_handling(void) for_each_possible_cpu(cpu) { sev_es_alloc_runtime_data(cpu); sev_es_init_ghcb(cpu); + sev_es_setup_vc_stacks(cpu); } } -- 2.28.0

...p */ + *ghcb = *state->ghcb; + data->backup_ghcb_active = false; + state->ghcb = NULL; + } else { + data->ghcb_active = false; + } +} + /* Needed in vc_early_vc_forward_exception */ void do_early_exception(struct pt_regs *regs, int trapnr); @@ -263,6 +327,9 @@ static void __init sev_es_init_ghcb(int cpu) panic("Can not map GHCBs unencrypted"); memset(&data->ghcb_page, 0, sizeof(data->ghcb_page)); + + data->ghcb_active = false; + data->backup_ghcb_active = false; } static void __init init_vc_stack_names(void) @@ -367,6 +434,104 @@ static enum es_result v...

Hi, here is the next version of changes to enable Linux to run as an SEV-ES guest. The code was rebased to v5.7-rc3 and got a fair number of changes since the last version. What is SEV-ES ============== SEV-ES is an acronym for 'Secure Encrypted Virtualization - Encrypted State' and means a hardware feature of AMD processors which hides the register state of VCPUs to the hypervisor by

Hi, here is the next version of changes to enable Linux to run as an SEV-ES guest. The code was rebased to v5.7-rc3 and got a fair number of changes since the last version. What is SEV-ES ============== SEV-ES is an acronym for 'Secure Encrypted Virtualization - Encrypted State' and means a hardware feature of AMD processors which hides the register state of VCPUs to the hypervisor by

From: Joerg Roedel <jroedel at suse.de> Hi, here is a rebased version of the latest SEV-ES patches. They are now based on latest tip/master instead of upstream Linux and include the necessary changes. Changes to v4 are in particular: - Moved early IDT setup code to idt.c, because the idt_descr and the idt_table are now static - This required to make stack protector work early (or

From: Joerg Roedel <jroedel at suse.de> Hi, here is the fourth version of the SEV-ES Guest Support patches. I addressed the review comments sent to me for the previous version and rebased the code v5.8-rc5. The biggest change in this version is the IST handling code for the #VC handler. I adapted the entry code for the #VC handler to the big pile of entry code changes merged into

From: Joerg Roedel <jroedel at suse.de> Hi, here is the fourth version of the SEV-ES Guest Support patches. I addressed the review comments sent to me for the previous version and rebased the code v5.8-rc5. The biggest change in this version is the IST handling code for the #VC handler. I adapted the entry code for the #VC handler to the big pile of entry code changes merged into

From: Joerg Roedel <jroedel at suse.de> Hi, here is the new version of the SEV-ES client enabling patch-set. It is based on the latest tip/master branch and contains the necessary changes. In particular those ar: - Enabling CR4.FSGSBASE early on supported processors so that early #VC exceptions on APs can be handled. - Add another patch (patch 1) to fix a KVM frame-size build