search for: vmcb_save_area

..._ ((__packed__)) vmcb_control_area { #define SVM_NESTED_CTL_NP_ENABLE BIT(0) #define SVM_NESTED_CTL_SEV_ENABLE BIT(1) -struct __attribute__ ((__packed__)) vmcb_seg { +struct vmcb_seg { u16 selector; u16 attrib; u32 limit; u64 base; -}; +} __packed; -struct __attribute__ ((__packed__)) vmcb_save_area { +struct vmcb_save_area { struct vmcb_seg es; struct vmcb_seg cs; struct vmcb_seg ss; @@ -231,9 +231,9 @@ struct __attribute__ ((__packed__)) vmcb_save_area { u64 xcr0; u8 valid_bitmap[16]; u64 x87_state_gpa; -}; +} __packed; -struct __attribute__ ((__packed__)) ghcb { +struct ghcb {...

..._ ((__packed__)) vmcb_control_area { #define SVM_NESTED_CTL_NP_ENABLE BIT(0) #define SVM_NESTED_CTL_SEV_ENABLE BIT(1) -struct __attribute__ ((__packed__)) vmcb_seg { +struct vmcb_seg { u16 selector; u16 attrib; u32 limit; u64 base; -}; +} __packed; -struct __attribute__ ((__packed__)) vmcb_save_area { +struct vmcb_save_area { struct vmcb_seg es; struct vmcb_seg cs; struct vmcb_seg ss; @@ -233,9 +233,9 @@ struct __attribute__ ((__packed__)) vmcb_save_area { u8 valid_bitmap[16]; u64 x87_state_gpa; u8 reserved_12[1016]; -}; +} __packed; -struct __attribute__ ((__packed__)) ghcb { +s...

..._ ((__packed__)) vmcb_control_area { #define SVM_NESTED_CTL_NP_ENABLE BIT(0) #define SVM_NESTED_CTL_SEV_ENABLE BIT(1) -struct __attribute__ ((__packed__)) vmcb_seg { +struct vmcb_seg { u16 selector; u16 attrib; u32 limit; u64 base; -}; +} __packed; -struct __attribute__ ((__packed__)) vmcb_save_area { +struct vmcb_save_area { struct vmcb_seg es; struct vmcb_seg cs; struct vmcb_seg ss; @@ -231,7 +231,7 @@ struct __attribute__ ((__packed__)) vmcb_save_area { u64 xcr0; u8 valid_bitmap[16]; u64 x87_state_gpa; -}; +} __packed; struct ghcb { struct vmcb_save_area save; @@ -252,11 +2...

...m.c | 2 ++ 2 files changed, 46 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 8a1f5382a4ea..094b8f8fb1d4 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -200,13 +200,56 @@ struct __attribute__ ((__packed__)) vmcb_save_area { u64 br_to; u64 last_excp_from; u64 last_excp_to; + + /* + * The following part of the save area is valid only for + * SEV-ES guests when referenced through the GHCB. + */ + u8 reserved_7[104]; + u64 reserved_8; /* rax already available at 0x01f8 */ + u64 rcx; + u64 rdx; + u64 rbx; + u64...

On Mon, Aug 24, 2020 at 10:53:57AM +0200, Joerg Roedel wrote: > static inline void __unused_size_checks(void) > { > - BUILD_BUG_ON(sizeof(struct vmcb_save_area) != 0x298); > + BUILD_BUG_ON(sizeof(struct vmcb_save_area) != 1032); > BUILD_BUG_ON(sizeof(struct vmcb_control_area) != 256); > + BUILD_BUG_ON(sizeof(struct ghcb) != 4096); Could those naked numbers be proper, meaningfully named defines? -- Regards/Gruss, Boris. https://people.ke...

On Mon, Aug 24, 2020 at 10:53:57AM +0200, Joerg Roedel wrote: > static inline void __unused_size_checks(void) > { > - BUILD_BUG_ON(sizeof(struct vmcb_save_area) != 0x298); > + BUILD_BUG_ON(sizeof(struct vmcb_save_area) != 1032); > BUILD_BUG_ON(sizeof(struct vmcb_control_area) != 256); > + BUILD_BUG_ON(sizeof(struct ghcb) != 4096); Could those naked numbers be proper, meaningfully named defines? -- Regards/Gruss, Boris. https://people.ke...

From: Joerg Roedel <jroedel at suse.de> Do not allocate a vmcb_control_area and a vmcb_save_area on the stack, as these structures will become larger with future extenstions of SVM and thus the svm_set_nested_state() function will become a too large stack frame. Signed-off-by: Joerg Roedel <jroedel at suse.de> --- arch/x86/kvm/svm/nested.c | 47 +++++++++++++++++++++++++++------------...

...++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 6ece8561ba66..f36288c659b5 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -201,6 +201,48 @@ struct __attribute__ ((__packed__)) vmcb_save_area { u64 br_to; u64 last_excp_from; u64 last_excp_to; + + /* + * The following part of the save area is valid only for + * SEV-ES guests when referenced through the GHCB. + */ + u8 reserved_7[104]; + u64 reserved_8; /* rax already available at 0x01f8 */ + u64 rcx; + u64 rdx; + u64 rbx; + u64...

...++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 6ece8561ba66..f36288c659b5 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -201,6 +201,48 @@ struct __attribute__ ((__packed__)) vmcb_save_area { u64 br_to; u64 last_excp_from; u64 last_excp_to; + + /* + * The following part of the save area is valid only for + * SEV-ES guests when referenced through the GHCB. + */ + u8 reserved_7[104]; + u64 reserved_8; /* rax already available at 0x01f8 */ + u64 rcx; + u64 rdx; + u64 rbx; + u64...

On Mon, Aug 24, 2020 at 12:44:51PM +0200, Borislav Petkov wrote: > On Mon, Aug 24, 2020 at 10:53:57AM +0200, Joerg Roedel wrote: > > static inline void __unused_size_checks(void) > > { > > - BUILD_BUG_ON(sizeof(struct vmcb_save_area) != 0x298); > > + BUILD_BUG_ON(sizeof(struct vmcb_save_area) != 1032); > > BUILD_BUG_ON(sizeof(struct vmcb_control_area) != 256); > > + BUILD_BUG_ON(sizeof(struct ghcb) != 4096); > > Could those naked numbers be proper, meaningfully named defines? I don't think so, i...

...0644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -333,4 +333,65 @@ struct __attribute__ ((__packed__)) vmcb { #define SVM_CR0_SELECTIVE_MASK (X86_CR0_TS | X86_CR0_MP) +/* GHCB Accessor functions */ + +#define DEFINE_GHCB_INDICES(field) \ + u16 idx = offsetof(struct vmcb_save_area, field) / 8; \ + u16 byte_idx = idx / 8; \ + u16 bit_idx = idx % 8; \ + BUILD_BUG_ON(byte_idx > ARRAY_SIZE(ghcb->save.valid_bitmap)); + +#define GHCB_SET_VALID(ghcb, field) \ + { \ + DEFINE_GHCB_INDICES(field) \ + (ghcb)->save.valid_bitmap[byte_idx] |= BIT(bit_i...

...0644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -341,4 +341,65 @@ struct __attribute__ ((__packed__)) vmcb { #define SVM_CR0_SELECTIVE_MASK (X86_CR0_TS | X86_CR0_MP) +/* GHCB Accessor functions */ + +#define DEFINE_GHCB_INDICES(field) \ + u16 idx = offsetof(struct vmcb_save_area, field) / 8; \ + u16 byte_idx = idx / 8; \ + u16 bit_idx = idx % 8; \ + BUILD_BUG_ON(byte_idx > ARRAY_SIZE(ghcb->save.valid_bitmap)); + +#define GHCB_SET_VALID(ghcb, field) \ + { \ + DEFINE_GHCB_INDICES(field) \ + (ghcb)->save.valid_bitmap[byte_idx] |= BIT(bit_i...

...fa8d3249 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -341,4 +341,47 @@ struct __attribute__ ((__packed__)) vmcb { #define SVM_CR0_SELECTIVE_MASK (X86_CR0_TS | X86_CR0_MP) +/* GHCB Accessor functions */ + +#define GHCB_BITMAP_IDX(field) \ + (offsetof(struct vmcb_save_area, field) / sizeof(u64)) + +#define DEFINE_GHCB_ACCESSORS(field) \ + static inline bool ghcb_##field##_is_valid(const struct ghcb *ghcb) \ + { \ + return test_bit(GHCB_BITMAP_IDX(field), \ + (unsigned long *)&ghcb->save.valid_bitmap); \ + } \ + \ + static i...

From: Joerg Roedel <jroedel at suse.de> Hi, here is the new version of the SEV-ES client enabling patch-set. It is based on the latest tip/master branch and contains the necessary changes. In particular those ar: - Enabling CR4.FSGSBASE early on supported processors so that early #VC exceptions on APs can be handled. - Add another patch (patch 1) to fix a KVM frame-size build

From: Joerg Roedel <jroedel at suse.de> Hi, here is a new version of the SEV-ES Guest Support patches for x86. The previous versions can be found as a linked list starting here: https://lore.kernel.org/lkml/20200824085511.7553-1-joro at 8bytes.org/ I updated the patch-set based on ther review comments I got and the discussions around it. Another important change is that the early IDT

From: Joerg Roedel <jroedel at suse.de> Hi, here is a new version of the SEV-ES Guest Support patches for x86. The previous versions can be found as a linked list starting here: https://lore.kernel.org/lkml/20200824085511.7553-1-joro at 8bytes.org/ I updated the patch-set based on ther review comments I got and the discussions around it. Another important change is that the early IDT

From: Joerg Roedel <jroedel at suse.de> Hi, here is a rebased version of the latest SEV-ES patches. They are now based on latest tip/master instead of upstream Linux and include the necessary changes. Changes to v4 are in particular: - Moved early IDT setup code to idt.c, because the idt_descr and the idt_table are now static - This required to make stack protector work early (or

From: Joerg Roedel <jroedel at suse.de> Hi, here is the fourth version of the SEV-ES Guest Support patches. I addressed the review comments sent to me for the previous version and rebased the code v5.8-rc5. The biggest change in this version is the IST handling code for the #VC handler. I adapted the entry code for the #VC handler to the big pile of entry code changes merged into

From: Joerg Roedel <jroedel at suse.de> Hi, here is the fourth version of the SEV-ES Guest Support patches. I addressed the review comments sent to me for the previous version and rebased the code v5.8-rc5. The biggest change in this version is the IST handling code for the #VC handler. I adapted the entry code for the #VC handler to the big pile of entry code changes merged into

Hi, here is the next version of changes to enable Linux to run as an SEV-ES guest. The code was rebased to v5.7-rc3 and got a fair number of changes since the last version. What is SEV-ES ============== SEV-ES is an acronym for 'Secure Encrypted Virtualization - Encrypted State' and means a hardware feature of AMD processors which hides the register state of VCPUs to the hypervisor by