search for: vc_no_ghcb

From: Joerg Roedel <jroedel at suse.de> Setup an early handler for #VC exceptions. There is no GHCB mapped yet, so just re-use the vc_no_ghcb_handler. It can only handle CPUID exit-codes, but that should be enough to get the kernel through verify_cpu() and __startup_64() until it runs on virtual addresses. Signed-off-by: Joerg Roedel <jroedel at suse.de> --- arch/x86/include/asm/sev-es.h | 3 +++ arch/x86/kernel/head64.c |...

From: Joerg Roedel <jroedel at suse.de> Setup an early handler for #VC exceptions. There is no GHCB mapped yet, so just re-use the vc_no_ghcb_handler. It can only handle CPUID exit-codes, but that should be enough to get the kernel through verify_cpu() and __startup_64() until it runs on virtual addresses. Signed-off-by: Joerg Roedel <jroedel at suse.de> Link: https://lore.kernel.org/r/20200724160336.5435-42-joro at 8bytes.org ---...

...ch/x86/include/asm/sev-es.h b/arch/x86/include/asm/sev-es.h > index b2cbcd40b52e..e1ed963a57ec 100644 > --- a/arch/x86/include/asm/sev-es.h > +++ b/arch/x86/include/asm/sev-es.h > @@ -74,5 +74,6 @@ static inline u64 lower_bits(u64 val, unsigned int bits) > } > > extern void vc_no_ghcb(void); > +extern bool vc_boot_ghcb(struct pt_regs *regs); Those function names need verbs: handle_vc_no_ghcb handle_vc_boot_ghcb > @@ -161,3 +176,104 @@ static enum es_result vc_read_mem(struct es_em_ctxt *ctxt, > > /* Include code shared with pre-decompression boot stage */ &gt...

...ch/x86/include/asm/sev-es.h b/arch/x86/include/asm/sev-es.h > index b2cbcd40b52e..e1ed963a57ec 100644 > --- a/arch/x86/include/asm/sev-es.h > +++ b/arch/x86/include/asm/sev-es.h > @@ -74,5 +74,6 @@ static inline u64 lower_bits(u64 val, unsigned int bits) > } > > extern void vc_no_ghcb(void); > +extern bool vc_boot_ghcb(struct pt_regs *regs); Those function names need verbs: handle_vc_no_ghcb handle_vc_boot_ghcb > @@ -161,3 +176,104 @@ static enum es_result vc_read_mem(struct es_em_ctxt *ctxt, > > /* Include code shared with pre-decompression boot stage */ &gt...

..., Joerg Roedel wrote: > This are IDT entry points and the names above follow the convention for > them, like e.g. 'page_fault', 'nmi' or 'general_protection'. Should I > still add the verbs or just add a comment explaining what those symbols > are? Hmmkay, I see vc_no_ghcb doing call do_vc_no_ghcb and that's setup in early_idt_setup(). vc_boot_ghcb(), OTOH, is called by do_early_exception() only so that one could be called handle_vc_boot_ghcb(), no? I.e., I don't see it being an IDT entry point. -- Regards/Gruss, Boris. https://people.kernel.org/...

...+ > +void __init early_idt_setup(unsigned long physbase) > +{ > + void __maybe_unused *handler; > + gate_desc *idt; > + > + idt = fixup_pointer(idt_table, physbase); > + > +#ifdef CONFIG_AMD_MEM_ENCRYPT > + /* VMM Communication Exception */ > + handler = fixup_pointer(vc_no_ghcb, physbase); > + set_early_idt_handler(idt, X86_TRAP_VC, handler); This function is used only once AFAICT - you might just as well add its three-lined body here and save yourself the function definition and ifdeffery above... > +#endif > + > + /* Initialize IDT descriptor and load IDT...

...+ > +void __init early_idt_setup(unsigned long physbase) > +{ > + void __maybe_unused *handler; > + gate_desc *idt; > + > + idt = fixup_pointer(idt_table, physbase); > + > +#ifdef CONFIG_AMD_MEM_ENCRYPT > + /* VMM Communication Exception */ > + handler = fixup_pointer(vc_no_ghcb, physbase); > + set_early_idt_handler(idt, X86_TRAP_VC, handler); This function is used only once AFAICT - you might just as well add its three-lined body here and save yourself the function definition and ifdeffery above... > +#endif > + > + /* Initialize IDT descriptor and load IDT...

...x86/include/asm/sev-es.h > > index b2cbcd40b52e..e1ed963a57ec 100644 > > --- a/arch/x86/include/asm/sev-es.h > > +++ b/arch/x86/include/asm/sev-es.h > > @@ -74,5 +74,6 @@ static inline u64 lower_bits(u64 val, unsigned int bits) > > } > > > > extern void vc_no_ghcb(void); > > +extern bool vc_boot_ghcb(struct pt_regs *regs); > > Those function names need verbs: > > handle_vc_no_ghcb > handle_vc_boot_ghcb This are IDT entry points and the names above follow the convention for them, like e.g. 'page_fault', 'nmi' or '...

On Mon, Aug 31, 2020 at 11:45:41AM +0200, Borislav Petkov wrote: > On Mon, Aug 24, 2020 at 10:54:37AM +0200, Joerg Roedel wrote: > > +#ifdef CONFIG_AMD_MEM_ENCRYPT > > + /* VMM Communication Exception */ > > + handler = fixup_pointer(vc_no_ghcb, physbase); > > + set_early_idt_handler(idt, X86_TRAP_VC, handler); > > This function is used only once AFAICT - you might just as well add its > three-lined body here and save yourself the function definition and > ifdeffery above... True, but having a separate function might b...

...ged, 81 insertions(+) diff --git a/arch/x86/include/asm/sev-es.h b/arch/x86/include/asm/sev-es.h index ca0e12cb089c..c89b6e2e6439 100644 --- a/arch/x86/include/asm/sev-es.h +++ b/arch/x86/include/asm/sev-es.h @@ -78,17 +78,23 @@ static inline u64 lower_bits(u64 val, unsigned int bits) extern void vc_no_ghcb(void); extern bool vc_boot_ghcb(struct pt_regs *regs); +struct real_mode_header; enum stack_type; #ifdef CONFIG_AMD_MEM_ENCRYPT const char *vc_stack_name(enum stack_type type); void sev_es_nmi_enter(void); void sev_es_nmi_exit(void); +int sev_es_setup_ap_jump_table(struct real_mode_header...

...nged, 77 insertions(+) diff --git a/arch/x86/include/asm/sev-es.h b/arch/x86/include/asm/sev-es.h index 824e9e6b067c..330140a189be 100644 --- a/arch/x86/include/asm/sev-es.h +++ b/arch/x86/include/asm/sev-es.h @@ -77,4 +77,12 @@ static inline u64 lower_bits(u64 val, unsigned int bits) extern void vc_no_ghcb(void); extern bool handle_vc_boot_ghcb(struct pt_regs *regs); +#ifdef CONFIG_AMD_MEM_ENCRYPT +extern void sev_es_ist_enter(struct pt_regs *regs); +extern void sev_es_ist_exit(void); +#else +static inline void sev_es_ist_enter(struct pt_regs *regs) { } +static inline void sev_es_ist_exit(void) {...

...nged, 86 insertions(+) diff --git a/arch/x86/include/asm/sev-es.h b/arch/x86/include/asm/sev-es.h index 824e9e6b067c..2dd19932a60d 100644 --- a/arch/x86/include/asm/sev-es.h +++ b/arch/x86/include/asm/sev-es.h @@ -77,4 +77,23 @@ static inline u64 lower_bits(u64 val, unsigned int bits) extern void vc_no_ghcb(void); extern bool handle_vc_boot_ghcb(struct pt_regs *regs); +#ifdef CONFIG_AMD_MEM_ENCRYPT +extern struct static_key_false sev_es_enable_key; +extern void __sev_es_ist_enter(struct pt_regs *regs); +extern void __sev_es_ist_exit(void); +static __always_inline void sev_es_ist_enter(struct pt_reg...

...ch/x86/include/asm/sev-es.h @@ -9,6 +9,8 @@ #define __ASM_ENCRYPTED_STATE_H #include <linux/types.h> + +#include <asm/stacktrace.h> #include <asm/insn.h> #define GHCB_SEV_INFO 0x001UL @@ -76,4 +78,15 @@ static inline u64 lower_bits(u64 val, unsigned int bits) extern void vc_no_ghcb(void); extern bool vc_boot_ghcb(struct pt_regs *regs); +enum stack_type; + +#ifdef CONFIG_AMD_MEM_ENCRYPT +const char *vc_stack_name(enum stack_type type); +#else /* CONFIG_AMD_MEM_ENCRYPT */ +static inline const char *vc_stack_name(enum stack_type type) +{ + return NULL; +} +#endif /* CONFIG_AM...

...8dc378e0 100644 --- a/arch/x86/include/asm/sev-es.h +++ b/arch/x86/include/asm/sev-es.h @@ -73,6 +73,9 @@ static inline u64 lower_bits(u64 val, unsigned int bits) return (val & mask); } +struct real_mode_header; +enum stack_type; + /* Early IDT entry points for #VC handler */ extern void vc_no_ghcb(void); extern bool handle_vc_boot_ghcb(struct pt_regs *regs); @@ -91,9 +94,11 @@ static __always_inline void sev_es_ist_exit(void) if (static_branch_unlikely(&sev_es_enable_key)) __sev_es_ist_exit(); } +extern int sev_es_setup_ap_jump_table(struct real_mode_header *rmh); #else static i...

...NTRY_TLS_ENTRIES 3 diff --git a/arch/x86/include/asm/sev-es.h b/arch/x86/include/asm/sev-es.h index b2cbcd40b52e..e1ed963a57ec 100644 --- a/arch/x86/include/asm/sev-es.h +++ b/arch/x86/include/asm/sev-es.h @@ -74,5 +74,6 @@ static inline u64 lower_bits(u64 val, unsigned int bits) } extern void vc_no_ghcb(void); +extern bool vc_boot_ghcb(struct pt_regs *regs); #endif diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 9586522bfcb3..d83d59c15548 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -386,6 +386,12 @@ void __init do_early_exception(struct pt_regs...

...nclude/asm/sev-es.h b/arch/x86/include/asm/sev-es.h index 7175d432ebfe..9fbeedaa66ee 100644 --- a/arch/x86/include/asm/sev-es.h +++ b/arch/x86/include/asm/sev-es.h @@ -75,5 +75,7 @@ static inline u64 lower_bits(u64 val, unsigned int bits) /* Early IDT entry points for #VC handler */ extern void vc_no_ghcb(void); +extern void vc_boot_ghcb(void); +extern bool handle_vc_boot_ghcb(struct pt_regs *regs); #endif diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile index 3bcdd8d2bbdd..04ceea8f4a89 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -20,6 +20,7 @@ CFLAGS_R...

From: Joerg Roedel <jroedel at suse.de> Hi, here is a new version of the SEV-ES Guest Support patches for x86. The previous versions can be found as a linked list starting here: https://lore.kernel.org/lkml/20200824085511.7553-1-joro at 8bytes.org/ I updated the patch-set based on ther review comments I got and the discussions around it. Another important change is that the early IDT

From: Joerg Roedel <jroedel at suse.de> Hi, here is a new version of the SEV-ES Guest Support patches for x86. The previous versions can be found as a linked list starting here: https://lore.kernel.org/lkml/20200824085511.7553-1-joro at 8bytes.org/ I updated the patch-set based on ther review comments I got and the discussions around it. Another important change is that the early IDT

From: Joerg Roedel <jroedel at suse.de> Hi, here is the new version of the SEV-ES client enabling patch-set. It is based on the latest tip/master branch and contains the necessary changes. In particular those ar: - Enabling CR4.FSGSBASE early on supported processors so that early #VC exceptions on APs can be handled. - Add another patch (patch 1) to fix a KVM frame-size build

From: Joerg Roedel <jroedel at suse.de> Hi, here is a rebased version of the latest SEV-ES patches. They are now based on latest tip/master instead of upstream Linux and include the necessary changes. Changes to v4 are in particular: - Moved early IDT setup code to idt.c, because the idt_descr and the idt_table are now static - This required to make stack protector work early (or