search for: sev_es_runtime_data

.../memblock.h> +#include <linux/kernel.h> #include <linux/mm.h> #include <asm/sev-es.h> @@ -29,6 +34,13 @@ static struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE); */ static struct ghcb __initdata *boot_ghcb; +/* #VC handler runtime per-cpu data */ +struct sev_es_runtime_data { + struct ghcb ghcb_page; +}; + +static DEFINE_PER_CPU(struct sev_es_runtime_data*, runtime_data); + /* Needed in vc_early_forward_exception */ void do_early_exception(struct pt_regs *regs, int trapnr); @@ -198,6 +210,48 @@ static bool __init sev_es_setup_ghcb(void) return true; } +static...

...mblock.h> +#include <linux/kernel.h> #include <linux/mm.h> #include <asm/trap_defs.h> @@ -29,6 +34,13 @@ static struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE); */ static struct ghcb __initdata *boot_ghcb; +/* #VC handler runtime per-cpu data */ +struct sev_es_runtime_data { + struct ghcb ghcb_page; +}; + +static DEFINE_PER_CPU(struct sev_es_runtime_data*, runtime_data); + /* Needed in vc_early_vc_forward_exception */ void do_early_exception(struct pt_regs *regs, int trapnr); @@ -198,6 +210,48 @@ static bool __init sev_es_setup_ghcb(void) return true; } +sta...

...<linux/kernel.h> #include <linux/mm.h> +#include <asm/cpu_entry_area.h> #include <asm/trap_defs.h> #include <asm/sev-es.h> #include <asm/insn-eval.h> @@ -37,6 +38,9 @@ static struct ghcb __initdata *boot_ghcb; /* #VC handler runtime per-cpu data */ struct sev_es_runtime_data { struct ghcb ghcb_page; + + /* Physical storage for the per-cpu IST stacks of the #VC handler */ + struct vmm_exception_stacks vc_stacks __aligned(PAGE_SIZE); }; static DEFINE_PER_CPU(struct sev_es_runtime_data*, runtime_data); @@ -236,11 +240,46 @@ static void __init sev_es_init_ghcb(int cp...

...sev-es.c @@ -31,6 +31,8 @@ #include <asm/traps.h> #include <asm/svm.h> +#define DR7_RESET_VALUE 0x400 + /* For early boot hypervisor communication in SEV-ES enabled guests */ static struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE); @@ -61,6 +63,13 @@ struct sev_es_runtime_data { */ bool ghcb_active; bool backup_ghcb_active; + + /* + * Cached DR7 value - write it on DR7 writes and return it on reads. + * That value will never make it to the real hardware DR7 as debugging + * is currently unsupported in SEV-ES guests. + */ + unsigned long dr7; }; static DEFI...

...@ #include <asm/insn-eval.h> #include <asm/fpu/internal.h> #include <asm/processor.h> -#include <asm/trap_defs.h> +#include <asm/traps.h> #include <asm/svm.h> /* For early boot hypervisor communication in SEV-ES enabled guests */ @@ -46,10 +47,26 @@ struct sev_es_runtime_data { /* Physical storage for the per-cpu IST stacks of the #VC handler */ struct vmm_exception_stacks vc_stacks __aligned(PAGE_SIZE); + + /* Reserve on page per CPU as backup storage for the unencrypted GHCB */ + struct ghcb backup_ghcb; + + /* + * Mark the per-cpu GHCBs as in-use to detect nes...

...u_read(nmi_cr2) != read_cr2())) write_cr2(this_cpu_read(nmi_cr2)); if (this_cpu_dec_return(nmi_state)) diff --git a/arch/x86/kernel/sev-es.c b/arch/x86/kernel/sev-es.c index 64002d86a237..95831d103418 100644 --- a/arch/x86/kernel/sev-es.c +++ b/arch/x86/kernel/sev-es.c @@ -52,6 +52,9 @@ struct sev_es_runtime_data { static DEFINE_PER_CPU(struct sev_es_runtime_data*, runtime_data); +DEFINE_STATIC_KEY_FALSE(sev_es_enable_key); +EXPORT_SYMBOL_GPL(sev_es_enable_key); + static void __init sev_es_setup_vc_stacks(int cpu) { struct sev_es_runtime_data *data; @@ -73,6 +76,59 @@ static void __init sev_es_setu...

...inux/kernel.h> #include <linux/mm.h> +#include <asm/cpu_entry_area.h> #include <asm/sev-es.h> #include <asm/insn-eval.h> #include <asm/fpu/internal.h> @@ -37,10 +38,41 @@ static struct ghcb __initdata *boot_ghcb; /* #VC handler runtime per-cpu data */ struct sev_es_runtime_data { struct ghcb ghcb_page; + + /* Physical storage for the per-cpu IST stack of the #VC handler */ + char ist_stack[EXCEPTION_STKSZ] __aligned(PAGE_SIZE); + + /* + * Physical storage for the per-cpu fall-back stack of the #VC handler. + * The fall-back stack is used when it is not safe to switch...

...ive_play_dead +#endif /* CONFIG_HOTPLUG_CPU */ + +#ifdef CONFIG_SMP +static void __init sev_es_setup_play_dead(void) +{ + smp_ops.play_dead = sev_es_play_dead; +} +#else +static inline void sev_es_setup_play_dead(void) { } +#endif + static void __init sev_es_alloc_runtime_data(int cpu) { struct sev_es_runtime_data *data; @@ -540,6 +596,8 @@ void __init sev_es_init_vc_handling(void) sev_es_setup_vc_stack(cpu); } + sev_es_setup_play_dead(); + xa_init_flags(&sev_es_cpuid_cache, XA_FLAGS_LOCK_IRQ); sev_es_cpuid_cache_initialized = true; -- 2.17.1

On Tue, Apr 28, 2020 at 05:17:04PM +0200, Joerg Roedel wrote: > +static enum es_result vc_handle_dr7_write(struct ghcb *ghcb, > + struct es_em_ctxt *ctxt) > +{ > + struct sev_es_runtime_data *data = this_cpu_read(runtime_data); > + long val, *reg = vc_insn_get_rm(ctxt); > + enum es_result ret; > + > + if (!reg) > + return ES_DECODE_FAILED; > + > + val = *reg; > + > + /* Upper 32 bits must be written as zeroes */ > + if (val >> 32) { > + ctxt-&gt...

...ernel/sev-es.c b/arch/x86/kernel/sev-es.c index eef6e2196ef4..3b62714723b5 100644 --- a/arch/x86/kernel/sev-es.c +++ b/arch/x86/kernel/sev-es.c @@ -422,6 +422,31 @@ int sev_es_setup_ap_jump_table(struct real_mode_header *rmh) return 0; } +int __init sev_es_efi_map_ghcbs(pgd_t *pgd) +{ + struct sev_es_runtime_data *data; + unsigned long address, pflags; + int cpu; + u64 pfn; + + if (!sev_es_active()) + return 0; + + pflags = _PAGE_NX | _PAGE_RW; + + for_each_possible_cpu(cpu) { + data = per_cpu(runtime_data, cpu); + + address = __pa(&data->ghcb_page); + pfn = address >> PAGE_SHIFT; + + if (...

...+ * This is needed by the OVMF UEFI firmware which will use whatever it finds in + * the GHCB MSR as its GHCB to talk to the hypervisor. So make sure the per-cpu + * runtime GHCBs used by the kernel are also mapped in the EFI page-table. + */ +int __init sev_es_efi_map_ghcbs(pgd_t *pgd) +{ + struct sev_es_runtime_data *data; + unsigned long address, pflags; + int cpu; + u64 pfn; + + if (!sev_es_active()) + return 0; + + pflags = _PAGE_NX | _PAGE_RW; + + for_each_possible_cpu(cpu) { + data = per_cpu(runtime_data, cpu); + + address = __pa(&data->ghcb_page); + pfn = address >> PAGE_SHIFT; + + if (...

From: Joerg Roedel <jroedel at suse.de> Hi, here is the new version of the SEV-ES client enabling patch-set. It is based on the latest tip/master branch and contains the necessary changes. In particular those ar: - Enabling CR4.FSGSBASE early on supported processors so that early #VC exceptions on APs can be handled. - Add another patch (patch 1) to fix a KVM frame-size build

From: Joerg Roedel <jroedel at suse.de> Hi, here is a rebased version of the latest SEV-ES patches. They are now based on latest tip/master instead of upstream Linux and include the necessary changes. Changes to v4 are in particular: - Moved early IDT setup code to idt.c, because the idt_descr and the idt_table are now static - This required to make stack protector work early (or

...struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE); * cleared */ static struct ghcb __initdata *boot_ghcb; +DEFINE_PER_CPU(struct cea_vmm_exception_stacks *, cea_vmm_exception_stacks); + +static char vc_stack_names[N_VC_STACKS][8]; /* #VC handler runtime per-cpu data */ struct sev_es_runtime_data { @@ -240,6 +244,16 @@ static void __init sev_es_init_ghcb(int cpu) memset(&data->ghcb_page, 0, sizeof(data->ghcb_page)); } +static void __init init_vc_stack_names(void) +{ + int i; + + for (i = 0; i < N_VC_STACKS; i++) { + snprintf(vc_stack_names[i], sizeof(vc_stack_names[i]), +...

...#include <asm/fpu/internal.h> > #include <asm/processor.h> > -#include <asm/trap_defs.h> > +#include <asm/traps.h> > #include <asm/svm.h> > > /* For early boot hypervisor communication in SEV-ES enabled guests */ > @@ -46,10 +47,26 @@ struct sev_es_runtime_data { > > /* Physical storage for the per-cpu IST stacks of the #VC handler */ > struct vmm_exception_stacks vc_stacks __aligned(PAGE_SIZE); > + > + /* Reserve on page per CPU as backup storage for the unencrypted GHCB */ one > + struct ghcb backup_ghcb; I could use some...

...#include <asm/fpu/internal.h> > #include <asm/processor.h> > -#include <asm/trap_defs.h> > +#include <asm/traps.h> > #include <asm/svm.h> > > /* For early boot hypervisor communication in SEV-ES enabled guests */ > @@ -46,10 +47,26 @@ struct sev_es_runtime_data { > > /* Physical storage for the per-cpu IST stacks of the #VC handler */ > struct vmm_exception_stacks vc_stacks __aligned(PAGE_SIZE); > + > + /* Reserve on page per CPU as backup storage for the unencrypted GHCB */ one > + struct ghcb backup_ghcb; I could use some...

From: Joerg Roedel <jroedel at suse.de> Hi, here is a new version of the SEV-ES Guest Support patches for x86. The previous versions can be found as a linked list starting here: https://lore.kernel.org/lkml/20200824085511.7553-1-joro at 8bytes.org/ I updated the patch-set based on ther review comments I got and the discussions around it. Another important change is that the early IDT

From: Joerg Roedel <jroedel at suse.de> Hi, here is a new version of the SEV-ES Guest Support patches for x86. The previous versions can be found as a linked list starting here: https://lore.kernel.org/lkml/20200824085511.7553-1-joro at 8bytes.org/ I updated the patch-set based on ther review comments I got and the discussions around it. Another important change is that the early IDT

From: Joerg Roedel <jroedel at suse.de> Hi, here is the fourth version of the SEV-ES Guest Support patches. I addressed the review comments sent to me for the previous version and rebased the code v5.8-rc5. The biggest change in this version is the IST handling code for the #VC handler. I adapted the entry code for the #VC handler to the big pile of entry code changes merged into

From: Joerg Roedel <jroedel at suse.de> Hi, here is the fourth version of the SEV-ES Guest Support patches. I addressed the review comments sent to me for the previous version and rebased the code v5.8-rc5. The biggest change in this version is the IST handling code for the #VC handler. I adapted the entry code for the #VC handler to the big pile of entry code changes merged into