similar to: [RFC PATCH 00/62] Linux as SEV-ES Guest Support

From: Joerg Roedel <jroedel at suse.de> Hi, here is a rebased version of the latest SEV-ES patches. They are now based on latest tip/master instead of upstream Linux and include the necessary changes. Changes to v4 are in particular: - Moved early IDT setup code to idt.c, because the idt_descr and the idt_table are now static - This required to make stack protector work early (or

From: Joerg Roedel <jroedel at suse.de> Hi, here is the fourth version of the SEV-ES Guest Support patches. I addressed the review comments sent to me for the previous version and rebased the code v5.8-rc5. The biggest change in this version is the IST handling code for the #VC handler. I adapted the entry code for the #VC handler to the big pile of entry code changes merged into

From: Joerg Roedel <jroedel at suse.de> Hi, here is the fourth version of the SEV-ES Guest Support patches. I addressed the review comments sent to me for the previous version and rebased the code v5.8-rc5. The biggest change in this version is the IST handling code for the #VC handler. I adapted the entry code for the #VC handler to the big pile of entry code changes merged into

From: Joerg Roedel <jroedel at suse.de> Hi, here is a new version of the SEV-ES Guest Support patches for x86. The previous versions can be found as a linked list starting here: https://lore.kernel.org/lkml/20200824085511.7553-1-joro at 8bytes.org/ I updated the patch-set based on ther review comments I got and the discussions around it. Another important change is that the early IDT

From: Joerg Roedel <jroedel at suse.de> Hi, here is a new version of the SEV-ES Guest Support patches for x86. The previous versions can be found as a linked list starting here: https://lore.kernel.org/lkml/20200824085511.7553-1-joro at 8bytes.org/ I updated the patch-set based on ther review comments I got and the discussions around it. Another important change is that the early IDT

From: Joerg Roedel <jroedel at suse.de> Hi, here is the new version of the SEV-ES client enabling patch-set. It is based on the latest tip/master branch and contains the necessary changes. In particular those ar: - Enabling CR4.FSGSBASE early on supported processors so that early #VC exceptions on APs can be handled. - Add another patch (patch 1) to fix a KVM frame-size build

Hi, here is the next version of changes to enable Linux to run as an SEV-ES guest. The code was rebased to v5.7-rc3 and got a fair number of changes since the last version. What is SEV-ES ============== SEV-ES is an acronym for 'Secure Encrypted Virtualization - Encrypted State' and means a hardware feature of AMD processors which hides the register state of VCPUs to the hypervisor by

Hi, here is the next version of changes to enable Linux to run as an SEV-ES guest. The code was rebased to v5.7-rc3 and got a fair number of changes since the last version. What is SEV-ES ============== SEV-ES is an acronym for 'Secure Encrypted Virtualization - Encrypted State' and means a hardware feature of AMD processors which hides the register state of VCPUs to the hypervisor by

On Tue, Feb 11, 2020 at 5:53 AM Joerg Roedel <joro at 8bytes.org> wrote: > > From: Joerg Roedel <jroedel at suse.de> > > Install an exception handler for #VC exception that uses a GHCB. Also > add the infrastructure for handling different exit-codes by decoding > the instruction that caused the exception and error handling. > > diff --git

On Tue, Apr 28, 2020 at 05:16:33PM +0200, Joerg Roedel wrote: > From: Joerg Roedel <jroedel at suse.de> > > Install an exception handler for #VC exception that uses a GHCB. Also > add the infrastructure for handling different exit-codes by decoding > the instruction that caused the exception and error handling. > > Signed-off-by: Joerg Roedel <jroedel at suse.de>

On Tue, Apr 28, 2020 at 05:16:33PM +0200, Joerg Roedel wrote: > From: Joerg Roedel <jroedel at suse.de> > > Install an exception handler for #VC exception that uses a GHCB. Also > add the infrastructure for handling different exit-codes by decoding > the instruction that caused the exception and error handling. > > Signed-off-by: Joerg Roedel <jroedel at suse.de>

On Tue, Apr 28, 2020 at 05:17:09PM +0200, Joerg Roedel wrote: > From: Tom Lendacky <thomas.lendacky at amd.com> > > Implement a handler for #VC exceptions caused by MONITOR and MONITORX > instructions. > > Signed-off-by: Tom Lendacky <thomas.lendacky at amd.com> > [ jroedel at suse.de: Adapt to #VC handling infrastructure ] > Co-developed-by: Joerg Roedel

On Tue, Apr 28, 2020 at 05:17:09PM +0200, Joerg Roedel wrote: > From: Tom Lendacky <thomas.lendacky at amd.com> > > Implement a handler for #VC exceptions caused by MONITOR and MONITORX > instructions. > > Signed-off-by: Tom Lendacky <thomas.lendacky at amd.com> > [ jroedel at suse.de: Adapt to #VC handling infrastructure ] > Co-developed-by: Joerg Roedel

On Thu, Jun 11, 2020 at 03:10:45PM +0200, Joerg Roedel wrote: > On Tue, May 19, 2020 at 11:38:45PM -0700, Sean Christopherson wrote: > > On Tue, Apr 28, 2020 at 05:17:09PM +0200, Joerg Roedel wrote: > > > +static enum es_result vc_handle_monitor(struct ghcb *ghcb, > > > + struct es_em_ctxt *ctxt) > > > +{ > > > + phys_addr_t monitor_pa; > >

On Thu, Jun 11, 2020 at 03:10:45PM +0200, Joerg Roedel wrote: > On Tue, May 19, 2020 at 11:38:45PM -0700, Sean Christopherson wrote: > > On Tue, Apr 28, 2020 at 05:17:09PM +0200, Joerg Roedel wrote: > > > +static enum es_result vc_handle_monitor(struct ghcb *ghcb, > > > + struct es_em_ctxt *ctxt) > > > +{ > > > + phys_addr_t monitor_pa; > >

On Tue, Apr 28, 2020 at 05:16:35PM +0200, Joerg Roedel wrote: > From: Tom Lendacky <thomas.lendacky at amd.com> > > Add support for decoding and handling #VC exceptions for IOIO events. > > Signed-off-by: Tom Lendacky <thomas.lendacky at amd.com> > [ jroedel at suse.de: Adapted code to #VC handling framework ] > Co-developed-by: Joerg Roedel <jroedel at

On Tue, Apr 28, 2020 at 05:16:35PM +0200, Joerg Roedel wrote: > From: Tom Lendacky <thomas.lendacky at amd.com> > > Add support for decoding and handling #VC exceptions for IOIO events. > > Signed-off-by: Tom Lendacky <thomas.lendacky at amd.com> > [ jroedel at suse.de: Adapted code to #VC handling framework ] > Co-developed-by: Joerg Roedel <jroedel at

On Tue, Apr 28, 2020 at 05:16:33PM +0200, Joerg Roedel wrote: > @@ -63,3 +175,45 @@ void __init do_vc_no_ghcb(struct pt_regs *regs, unsigned long exit_code) > while (true) > asm volatile("hlt\n"); > } > + > +static enum es_result vc_insn_string_read(struct es_em_ctxt *ctxt, > + void *src, char *buf, > + unsigned int data_size, > +

On Tue, Apr 28, 2020 at 05:17:01PM +0200, Joerg Roedel wrote: > From: Tom Lendacky <thomas.lendacky at amd.com> > > Add handler for VC exceptions caused by MMIO intercepts. These > intercepts come along as nested page faults on pages with reserved > bits set. > > Signed-off-by: Tom Lendacky <thomas.lendacky at amd.com> > [ jroedel at suse.de: Adapt to VC

On Tue, Apr 28, 2020 at 05:16:52PM +0200, Joerg Roedel wrote: > diff --git a/arch/x86/include/asm/sev-es.h b/arch/x86/include/asm/sev-es.h > index b2cbcd40b52e..e1ed963a57ec 100644 > --- a/arch/x86/include/asm/sev-es.h > +++ b/arch/x86/include/asm/sev-es.h > @@ -74,5 +74,6 @@ static inline u64 lower_bits(u64 val, unsigned int bits) > } > > extern void vc_no_ghcb(void);