From: Joerg Roedel <joro@8bytes.org>
To: x86@kernel.org
Cc: hpa@zytor.com, Andy Lutomirski <luto@kernel.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Hellstrom <thellstrom@vmware.com>,
Jiri Slaby <jslaby@suse.cz>,
Dan Williams <dan.j.williams@intel.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Juergen Gross <jgross@suse.com>,
Kees Cook <keescook@chromium.org>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
virtualization@lists.linux-foundation.org,
Joerg Roedel <joro@8bytes.org>, Joerg Roedel <jroedel@suse.de>
Subject: [PATCH 18/70] x86/boot/compressed/64: Add stage1 #VC handler
Date: Thu, 19 Mar 2020 10:13:15 +0100 [thread overview]
Message-ID: <20200319091407.1481-19-joro@8bytes.org> (raw)
In-Reply-To: <20200319091407.1481-1-joro@8bytes.org>
From: Joerg Roedel <jroedel@suse.de>
Add the first handler for #VC exceptions. At stage 1 there is no GHCB
yet becaue we might still be on the EFI page table and thus can't map
memory unencrypted.
The stage 1 handler is limited to the MSR based protocol to talk to
the hypervisor and can only support CPUID exit-codes, but that is
enough to get to stage 2.
Signed-off-by: Joerg Roedel <jroedel@suse.de>
---
arch/x86/boot/compressed/Makefile | 1 +
arch/x86/boot/compressed/idt_64.c | 4 ++
arch/x86/boot/compressed/idt_handlers_64.S | 4 ++
arch/x86/boot/compressed/misc.h | 1 +
arch/x86/boot/compressed/sev-es.c | 42 ++++++++++++++
arch/x86/include/asm/msr-index.h | 1 +
arch/x86/include/asm/sev-es.h | 45 +++++++++++++++
arch/x86/include/asm/trap_defs.h | 1 +
arch/x86/kernel/sev-es-shared.c | 65 ++++++++++++++++++++++
9 files changed, 164 insertions(+)
create mode 100644 arch/x86/boot/compressed/sev-es.c
create mode 100644 arch/x86/include/asm/sev-es.h
create mode 100644 arch/x86/kernel/sev-es-shared.c
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index e6b3e0fc48de..583678c78e1b 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -84,6 +84,7 @@ ifdef CONFIG_X86_64
vmlinux-objs-y += $(obj)/idt_64.o $(obj)/idt_handlers_64.o
vmlinux-objs-y += $(obj)/mem_encrypt.o
vmlinux-objs-y += $(obj)/pgtable_64.o
+ vmlinux-objs-$(CONFIG_AMD_MEM_ENCRYPT) += $(obj)/sev-es.o
endif
vmlinux-objs-$(CONFIG_ACPI) += $(obj)/acpi.o
diff --git a/arch/x86/boot/compressed/idt_64.c b/arch/x86/boot/compressed/idt_64.c
index 84ba57d9d436..bdd20dfd1fd0 100644
--- a/arch/x86/boot/compressed/idt_64.c
+++ b/arch/x86/boot/compressed/idt_64.c
@@ -31,6 +31,10 @@ void load_stage1_idt(void)
{
boot_idt_desc.address = (unsigned long)boot_idt;
+#ifdef CONFIG_AMD_MEM_ENCRYPT
+ set_idt_entry(X86_TRAP_VC, boot_stage1_vc_handler);
+#endif
+
load_boot_idt(&boot_idt_desc);
}
diff --git a/arch/x86/boot/compressed/idt_handlers_64.S b/arch/x86/boot/compressed/idt_handlers_64.S
index bfb3fc5aa144..67ddafab2943 100644
--- a/arch/x86/boot/compressed/idt_handlers_64.S
+++ b/arch/x86/boot/compressed/idt_handlers_64.S
@@ -75,3 +75,7 @@ SYM_FUNC_END(\name)
.code64
EXCEPTION_HANDLER boot_pf_handler do_boot_page_fault error_code=1
+
+#ifdef CONFIG_AMD_MEM_ENCRYPT
+EXCEPTION_HANDLER boot_stage1_vc_handler vc_no_ghcb_handler error_code=1
+#endif
diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h
index 4e5bc688f467..0e3508c5c15c 100644
--- a/arch/x86/boot/compressed/misc.h
+++ b/arch/x86/boot/compressed/misc.h
@@ -141,5 +141,6 @@ extern struct desc_ptr boot_idt_desc;
/* IDT Entry Points */
void boot_pf_handler(void);
+void boot_stage1_vc_handler(void);
#endif /* BOOT_COMPRESSED_MISC_H */
diff --git a/arch/x86/boot/compressed/sev-es.c b/arch/x86/boot/compressed/sev-es.c
new file mode 100644
index 000000000000..eeeb3553547c
--- /dev/null
+++ b/arch/x86/boot/compressed/sev-es.c
@@ -0,0 +1,42 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * AMD Encrypted Register State Support
+ *
+ * Author: Joerg Roedel <jroedel@suse.de>
+ */
+
+#include <linux/kernel.h>
+
+#include <asm/sev-es.h>
+#include <asm/msr-index.h>
+#include <asm/ptrace.h>
+#include <asm/svm.h>
+
+#include "misc.h"
+
+static inline u64 sev_es_rd_ghcb_msr(void)
+{
+ unsigned long low, high;
+
+ asm volatile("rdmsr\n" : "=a" (low), "=d" (high) :
+ "c" (MSR_AMD64_SEV_ES_GHCB));
+
+ return ((high << 32) | low);
+}
+
+static inline void sev_es_wr_ghcb_msr(u64 val)
+{
+ u32 low, high;
+
+ low = val & 0xffffffffUL;
+ high = val >> 32;
+
+ asm volatile("wrmsr\n" : : "c" (MSR_AMD64_SEV_ES_GHCB),
+ "a"(low), "d" (high) : "memory");
+}
+
+#undef __init
+#define __init
+
+/* Include code for early handlers */
+#include "../../kernel/sev-es-shared.c"
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
index d5e517d1c3dd..9eb279927fc2 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -432,6 +432,7 @@
#define MSR_AMD64_IBSBRTARGET 0xc001103b
#define MSR_AMD64_IBSOPDATA4 0xc001103d
#define MSR_AMD64_IBS_REG_COUNT_MAX 8 /* includes MSR_AMD64_IBSBRTARGET */
+#define MSR_AMD64_SEV_ES_GHCB 0xc0010130
#define MSR_AMD64_SEV 0xc0010131
#define MSR_AMD64_SEV_ENABLED_BIT 0
#define MSR_AMD64_SEV_ENABLED BIT_ULL(MSR_AMD64_SEV_ENABLED_BIT)
diff --git a/arch/x86/include/asm/sev-es.h b/arch/x86/include/asm/sev-es.h
new file mode 100644
index 000000000000..f524b40aef07
--- /dev/null
+++ b/arch/x86/include/asm/sev-es.h
@@ -0,0 +1,45 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * AMD Encrypted Register State Support
+ *
+ * Author: Joerg Roedel <jroedel@suse.de>
+ */
+
+#ifndef __ASM_ENCRYPTED_STATE_H
+#define __ASM_ENCRYPTED_STATE_H
+
+#include <linux/types.h>
+
+#define GHCB_SEV_CPUID_REQ 0x004UL
+#define GHCB_CPUID_REQ_EAX 0
+#define GHCB_CPUID_REQ_EBX 1
+#define GHCB_CPUID_REQ_ECX 2
+#define GHCB_CPUID_REQ_EDX 3
+#define GHCB_CPUID_REQ(fn, reg) (GHCB_SEV_CPUID_REQ | \
+ (((unsigned long)reg & 3) << 30) | \
+ (((unsigned long)fn) << 32))
+
+#define GHCB_SEV_CPUID_RESP 0x005UL
+#define GHCB_SEV_TERMINATE 0x100UL
+
+#define GHCB_SEV_GHCB_RESP_CODE(v) ((v) & 0xfff)
+#define VMGEXIT() { asm volatile("rep; vmmcall\n\r"); }
+
+static inline u64 lower_bits(u64 val, unsigned int bits)
+{
+ u64 mask = (1ULL << bits) - 1;
+
+ return (val & mask);
+}
+
+static inline u64 copy_lower_bits(u64 out, u64 in, unsigned int bits)
+{
+ u64 mask = (1ULL << bits) - 1;
+
+ out &= ~mask;
+ out |= lower_bits(in, bits);
+
+ return out;
+}
+
+#endif
diff --git a/arch/x86/include/asm/trap_defs.h b/arch/x86/include/asm/trap_defs.h
index 488f82ac36da..af45d65f0458 100644
--- a/arch/x86/include/asm/trap_defs.h
+++ b/arch/x86/include/asm/trap_defs.h
@@ -24,6 +24,7 @@ enum {
X86_TRAP_AC, /* 17, Alignment Check */
X86_TRAP_MC, /* 18, Machine Check */
X86_TRAP_XF, /* 19, SIMD Floating-Point Exception */
+ X86_TRAP_VC = 29, /* 29, VMM Communication Exception */
X86_TRAP_IRET = 32, /* 32, IRET Exception */
};
diff --git a/arch/x86/kernel/sev-es-shared.c b/arch/x86/kernel/sev-es-shared.c
new file mode 100644
index 000000000000..e963b48d3e86
--- /dev/null
+++ b/arch/x86/kernel/sev-es-shared.c
@@ -0,0 +1,65 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * AMD Encrypted Register State Support
+ *
+ * Author: Joerg Roedel <jroedel@suse.de>
+ *
+ * This file is not compiled stand-alone. It contains code shared
+ * between the pre-decompression boot code and the running Linux kernel
+ * and is included directly into both code-bases.
+ */
+
+/*
+ * Boot VC Handler - This is the first VC handler during boot, there is no GHCB
+ * page yet, so it only supports the MSR based communication with the
+ * hypervisor and only the CPUID exit-code.
+ */
+void __init vc_no_ghcb_handler(struct pt_regs *regs, unsigned long exit_code)
+{
+ unsigned int fn = lower_bits(regs->ax, 32);
+ unsigned long val;
+
+ /* Only CPUID is supported via MSR protocol */
+ if (exit_code != SVM_EXIT_CPUID)
+ goto fail;
+
+ sev_es_wr_ghcb_msr(GHCB_CPUID_REQ(fn, GHCB_CPUID_REQ_EAX));
+ VMGEXIT();
+ val = sev_es_rd_ghcb_msr();
+ if (GHCB_SEV_GHCB_RESP_CODE(val) != GHCB_SEV_CPUID_RESP)
+ goto fail;
+ regs->ax = val >> 32;
+
+ sev_es_wr_ghcb_msr(GHCB_CPUID_REQ(fn, GHCB_CPUID_REQ_EBX));
+ VMGEXIT();
+ val = sev_es_rd_ghcb_msr();
+ if (GHCB_SEV_GHCB_RESP_CODE(val) != GHCB_SEV_CPUID_RESP)
+ goto fail;
+ regs->bx = val >> 32;
+
+ sev_es_wr_ghcb_msr(GHCB_CPUID_REQ(fn, GHCB_CPUID_REQ_ECX));
+ VMGEXIT();
+ val = sev_es_rd_ghcb_msr();
+ if (GHCB_SEV_GHCB_RESP_CODE(val) != GHCB_SEV_CPUID_RESP)
+ goto fail;
+ regs->cx = val >> 32;
+
+ sev_es_wr_ghcb_msr(GHCB_CPUID_REQ(fn, GHCB_CPUID_REQ_EDX));
+ VMGEXIT();
+ val = sev_es_rd_ghcb_msr();
+ if (GHCB_SEV_GHCB_RESP_CODE(val) != GHCB_SEV_CPUID_RESP)
+ goto fail;
+ regs->dx = val >> 32;
+
+ regs->ip += 2;
+
+ return;
+
+fail:
+ sev_es_wr_ghcb_msr(GHCB_SEV_TERMINATE);
+ VMGEXIT();
+
+ /* Shouldn't get here - if we do halt the machine */
+ while (true)
+ asm volatile("hlt\n");
+}
--
2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Joerg Roedel <joro@8bytes.org>
To: x86@kernel.org
Cc: Juergen Gross <jgross@suse.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Thomas Hellstrom <thellstrom@vmware.com>,
Joerg Roedel <jroedel@suse.de>, Kees Cook <keescook@chromium.org>,
kvm@vger.kernel.org, Peter Zijlstra <peterz@infradead.org>,
Joerg Roedel <joro@8bytes.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
linux-kernel@vger.kernel.org,
virtualization@lists.linux-foundation.org,
Andy Lutomirski <luto@kernel.org>,
hpa@zytor.com, Dan Williams <dan.j.williams@intel.com>,
Jiri Slaby <jslaby@suse.cz>
Subject: [PATCH 18/70] x86/boot/compressed/64: Add stage1 #VC handler
Date: Thu, 19 Mar 2020 10:13:15 +0100 [thread overview]
Message-ID: <20200319091407.1481-19-joro@8bytes.org> (raw)
In-Reply-To: <20200319091407.1481-1-joro@8bytes.org>
From: Joerg Roedel <jroedel@suse.de>
Add the first handler for #VC exceptions. At stage 1 there is no GHCB
yet becaue we might still be on the EFI page table and thus can't map
memory unencrypted.
The stage 1 handler is limited to the MSR based protocol to talk to
the hypervisor and can only support CPUID exit-codes, but that is
enough to get to stage 2.
Signed-off-by: Joerg Roedel <jroedel@suse.de>
---
arch/x86/boot/compressed/Makefile | 1 +
arch/x86/boot/compressed/idt_64.c | 4 ++
arch/x86/boot/compressed/idt_handlers_64.S | 4 ++
arch/x86/boot/compressed/misc.h | 1 +
arch/x86/boot/compressed/sev-es.c | 42 ++++++++++++++
arch/x86/include/asm/msr-index.h | 1 +
arch/x86/include/asm/sev-es.h | 45 +++++++++++++++
arch/x86/include/asm/trap_defs.h | 1 +
arch/x86/kernel/sev-es-shared.c | 65 ++++++++++++++++++++++
9 files changed, 164 insertions(+)
create mode 100644 arch/x86/boot/compressed/sev-es.c
create mode 100644 arch/x86/include/asm/sev-es.h
create mode 100644 arch/x86/kernel/sev-es-shared.c
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index e6b3e0fc48de..583678c78e1b 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -84,6 +84,7 @@ ifdef CONFIG_X86_64
vmlinux-objs-y += $(obj)/idt_64.o $(obj)/idt_handlers_64.o
vmlinux-objs-y += $(obj)/mem_encrypt.o
vmlinux-objs-y += $(obj)/pgtable_64.o
+ vmlinux-objs-$(CONFIG_AMD_MEM_ENCRYPT) += $(obj)/sev-es.o
endif
vmlinux-objs-$(CONFIG_ACPI) += $(obj)/acpi.o
diff --git a/arch/x86/boot/compressed/idt_64.c b/arch/x86/boot/compressed/idt_64.c
index 84ba57d9d436..bdd20dfd1fd0 100644
--- a/arch/x86/boot/compressed/idt_64.c
+++ b/arch/x86/boot/compressed/idt_64.c
@@ -31,6 +31,10 @@ void load_stage1_idt(void)
{
boot_idt_desc.address = (unsigned long)boot_idt;
+#ifdef CONFIG_AMD_MEM_ENCRYPT
+ set_idt_entry(X86_TRAP_VC, boot_stage1_vc_handler);
+#endif
+
load_boot_idt(&boot_idt_desc);
}
diff --git a/arch/x86/boot/compressed/idt_handlers_64.S b/arch/x86/boot/compressed/idt_handlers_64.S
index bfb3fc5aa144..67ddafab2943 100644
--- a/arch/x86/boot/compressed/idt_handlers_64.S
+++ b/arch/x86/boot/compressed/idt_handlers_64.S
@@ -75,3 +75,7 @@ SYM_FUNC_END(\name)
.code64
EXCEPTION_HANDLER boot_pf_handler do_boot_page_fault error_code=1
+
+#ifdef CONFIG_AMD_MEM_ENCRYPT
+EXCEPTION_HANDLER boot_stage1_vc_handler vc_no_ghcb_handler error_code=1
+#endif
diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h
index 4e5bc688f467..0e3508c5c15c 100644
--- a/arch/x86/boot/compressed/misc.h
+++ b/arch/x86/boot/compressed/misc.h
@@ -141,5 +141,6 @@ extern struct desc_ptr boot_idt_desc;
/* IDT Entry Points */
void boot_pf_handler(void);
+void boot_stage1_vc_handler(void);
#endif /* BOOT_COMPRESSED_MISC_H */
diff --git a/arch/x86/boot/compressed/sev-es.c b/arch/x86/boot/compressed/sev-es.c
new file mode 100644
index 000000000000..eeeb3553547c
--- /dev/null
+++ b/arch/x86/boot/compressed/sev-es.c
@@ -0,0 +1,42 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * AMD Encrypted Register State Support
+ *
+ * Author: Joerg Roedel <jroedel@suse.de>
+ */
+
+#include <linux/kernel.h>
+
+#include <asm/sev-es.h>
+#include <asm/msr-index.h>
+#include <asm/ptrace.h>
+#include <asm/svm.h>
+
+#include "misc.h"
+
+static inline u64 sev_es_rd_ghcb_msr(void)
+{
+ unsigned long low, high;
+
+ asm volatile("rdmsr\n" : "=a" (low), "=d" (high) :
+ "c" (MSR_AMD64_SEV_ES_GHCB));
+
+ return ((high << 32) | low);
+}
+
+static inline void sev_es_wr_ghcb_msr(u64 val)
+{
+ u32 low, high;
+
+ low = val & 0xffffffffUL;
+ high = val >> 32;
+
+ asm volatile("wrmsr\n" : : "c" (MSR_AMD64_SEV_ES_GHCB),
+ "a"(low), "d" (high) : "memory");
+}
+
+#undef __init
+#define __init
+
+/* Include code for early handlers */
+#include "../../kernel/sev-es-shared.c"
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
index d5e517d1c3dd..9eb279927fc2 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -432,6 +432,7 @@
#define MSR_AMD64_IBSBRTARGET 0xc001103b
#define MSR_AMD64_IBSOPDATA4 0xc001103d
#define MSR_AMD64_IBS_REG_COUNT_MAX 8 /* includes MSR_AMD64_IBSBRTARGET */
+#define MSR_AMD64_SEV_ES_GHCB 0xc0010130
#define MSR_AMD64_SEV 0xc0010131
#define MSR_AMD64_SEV_ENABLED_BIT 0
#define MSR_AMD64_SEV_ENABLED BIT_ULL(MSR_AMD64_SEV_ENABLED_BIT)
diff --git a/arch/x86/include/asm/sev-es.h b/arch/x86/include/asm/sev-es.h
new file mode 100644
index 000000000000..f524b40aef07
--- /dev/null
+++ b/arch/x86/include/asm/sev-es.h
@@ -0,0 +1,45 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * AMD Encrypted Register State Support
+ *
+ * Author: Joerg Roedel <jroedel@suse.de>
+ */
+
+#ifndef __ASM_ENCRYPTED_STATE_H
+#define __ASM_ENCRYPTED_STATE_H
+
+#include <linux/types.h>
+
+#define GHCB_SEV_CPUID_REQ 0x004UL
+#define GHCB_CPUID_REQ_EAX 0
+#define GHCB_CPUID_REQ_EBX 1
+#define GHCB_CPUID_REQ_ECX 2
+#define GHCB_CPUID_REQ_EDX 3
+#define GHCB_CPUID_REQ(fn, reg) (GHCB_SEV_CPUID_REQ | \
+ (((unsigned long)reg & 3) << 30) | \
+ (((unsigned long)fn) << 32))
+
+#define GHCB_SEV_CPUID_RESP 0x005UL
+#define GHCB_SEV_TERMINATE 0x100UL
+
+#define GHCB_SEV_GHCB_RESP_CODE(v) ((v) & 0xfff)
+#define VMGEXIT() { asm volatile("rep; vmmcall\n\r"); }
+
+static inline u64 lower_bits(u64 val, unsigned int bits)
+{
+ u64 mask = (1ULL << bits) - 1;
+
+ return (val & mask);
+}
+
+static inline u64 copy_lower_bits(u64 out, u64 in, unsigned int bits)
+{
+ u64 mask = (1ULL << bits) - 1;
+
+ out &= ~mask;
+ out |= lower_bits(in, bits);
+
+ return out;
+}
+
+#endif
diff --git a/arch/x86/include/asm/trap_defs.h b/arch/x86/include/asm/trap_defs.h
index 488f82ac36da..af45d65f0458 100644
--- a/arch/x86/include/asm/trap_defs.h
+++ b/arch/x86/include/asm/trap_defs.h
@@ -24,6 +24,7 @@ enum {
X86_TRAP_AC, /* 17, Alignment Check */
X86_TRAP_MC, /* 18, Machine Check */
X86_TRAP_XF, /* 19, SIMD Floating-Point Exception */
+ X86_TRAP_VC = 29, /* 29, VMM Communication Exception */
X86_TRAP_IRET = 32, /* 32, IRET Exception */
};
diff --git a/arch/x86/kernel/sev-es-shared.c b/arch/x86/kernel/sev-es-shared.c
new file mode 100644
index 000000000000..e963b48d3e86
--- /dev/null
+++ b/arch/x86/kernel/sev-es-shared.c
@@ -0,0 +1,65 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * AMD Encrypted Register State Support
+ *
+ * Author: Joerg Roedel <jroedel@suse.de>
+ *
+ * This file is not compiled stand-alone. It contains code shared
+ * between the pre-decompression boot code and the running Linux kernel
+ * and is included directly into both code-bases.
+ */
+
+/*
+ * Boot VC Handler - This is the first VC handler during boot, there is no GHCB
+ * page yet, so it only supports the MSR based communication with the
+ * hypervisor and only the CPUID exit-code.
+ */
+void __init vc_no_ghcb_handler(struct pt_regs *regs, unsigned long exit_code)
+{
+ unsigned int fn = lower_bits(regs->ax, 32);
+ unsigned long val;
+
+ /* Only CPUID is supported via MSR protocol */
+ if (exit_code != SVM_EXIT_CPUID)
+ goto fail;
+
+ sev_es_wr_ghcb_msr(GHCB_CPUID_REQ(fn, GHCB_CPUID_REQ_EAX));
+ VMGEXIT();
+ val = sev_es_rd_ghcb_msr();
+ if (GHCB_SEV_GHCB_RESP_CODE(val) != GHCB_SEV_CPUID_RESP)
+ goto fail;
+ regs->ax = val >> 32;
+
+ sev_es_wr_ghcb_msr(GHCB_CPUID_REQ(fn, GHCB_CPUID_REQ_EBX));
+ VMGEXIT();
+ val = sev_es_rd_ghcb_msr();
+ if (GHCB_SEV_GHCB_RESP_CODE(val) != GHCB_SEV_CPUID_RESP)
+ goto fail;
+ regs->bx = val >> 32;
+
+ sev_es_wr_ghcb_msr(GHCB_CPUID_REQ(fn, GHCB_CPUID_REQ_ECX));
+ VMGEXIT();
+ val = sev_es_rd_ghcb_msr();
+ if (GHCB_SEV_GHCB_RESP_CODE(val) != GHCB_SEV_CPUID_RESP)
+ goto fail;
+ regs->cx = val >> 32;
+
+ sev_es_wr_ghcb_msr(GHCB_CPUID_REQ(fn, GHCB_CPUID_REQ_EDX));
+ VMGEXIT();
+ val = sev_es_rd_ghcb_msr();
+ if (GHCB_SEV_GHCB_RESP_CODE(val) != GHCB_SEV_CPUID_RESP)
+ goto fail;
+ regs->dx = val >> 32;
+
+ regs->ip += 2;
+
+ return;
+
+fail:
+ sev_es_wr_ghcb_msr(GHCB_SEV_TERMINATE);
+ VMGEXIT();
+
+ /* Shouldn't get here - if we do halt the machine */
+ while (true)
+ asm volatile("hlt\n");
+}
--
2.17.1
next prev parent reply other threads:[~2020-03-19 9:19 UTC|newest]
Thread overview: 243+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-19 9:12 [RFC PATCH 00/70 v2] x86: SEV-ES Guest Support Joerg Roedel
2020-03-19 9:12 ` [PATCH 01/70] KVM: SVM: Add GHCB definitions Joerg Roedel
2020-03-19 9:12 ` Joerg Roedel
2020-03-23 13:23 ` [PATCH] KVM: SVM: Use __packed shorthard Borislav Petkov
2020-03-24 12:43 ` Joerg Roedel
2020-03-19 9:12 ` [PATCH 02/70] KVM: SVM: Add GHCB Accessor functions Joerg Roedel
2020-03-19 9:12 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 03/70] x86/cpufeatures: Add SEV-ES CPU feature Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 04/70] x86/traps: Move some definitions to <asm/trap_defs.h> Joerg Roedel
2020-03-19 9:13 ` [PATCH 05/70] x86/insn: Make inat-tables.c suitable for pre-decompression code Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-25 15:39 ` Borislav Petkov
2020-03-27 3:02 ` Masami Hiramatsu
2020-03-27 3:02 ` Masami Hiramatsu
2020-04-16 15:24 ` Joerg Roedel
2020-04-16 15:24 ` Joerg Roedel
2020-04-17 12:50 ` Masami Hiramatsu
2020-04-17 13:39 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 06/70] x86/umip: Factor out instruction fetch Joerg Roedel
2020-03-26 17:21 ` Borislav Petkov
2020-03-19 9:13 ` [PATCH 07/70] x86/umip: Factor out instruction decoding Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-26 17:24 ` Borislav Petkov
2020-03-19 9:13 ` [PATCH 08/70] x86/insn: Add insn_get_modrm_reg_off() Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-27 3:57 ` Masami Hiramatsu
2020-03-19 9:13 ` [PATCH 09/70] x86/insn: Add insn_rep_prefix() helper Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-27 3:56 ` Masami Hiramatsu
2020-03-19 9:13 ` [PATCH 10/70] x86/boot/compressed: Fix debug_puthex() parameter type Joerg Roedel
2020-03-28 11:23 ` [tip: x86/boot] " tip-bot2 for Joerg Roedel
2020-03-19 9:13 ` [PATCH 11/70] x86/boot/compressed/64: Disable red-zone usage Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-31 13:16 ` Borislav Petkov
2020-03-19 9:13 ` [PATCH 12/70] x86/boot/compressed/64: Add IDT Infrastructure Joerg Roedel
2020-04-07 2:21 ` Arvind Sankar
2020-04-16 13:30 ` Joerg Roedel
2020-04-16 13:30 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 13/70] x86/boot/compressed/64: Rename kaslr_64.c to ident_map_64.c Joerg Roedel
2020-03-19 9:13 ` [PATCH 14/70] x86/boot/compressed/64: Add page-fault handler Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-04-02 11:49 ` Borislav Petkov
2020-03-19 9:13 ` [PATCH 15/70] x86/boot/compressed/64: Always switch to own page-table Joerg Roedel
2020-04-06 11:56 ` Borislav Petkov
2020-03-19 9:13 ` [PATCH 16/70] x86/boot/compressed/64: Don't pre-map memory in KASLR code Joerg Roedel
2020-03-19 9:13 ` [PATCH 17/70] x86/boot/compressed/64: Change add_identity_map() to take start and end Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel [this message]
2020-03-19 9:13 ` [PATCH 18/70] x86/boot/compressed/64: Add stage1 #VC handler Joerg Roedel
2020-03-20 21:16 ` David Rientjes
2020-03-20 22:19 ` Joerg Roedel
2020-04-06 12:41 ` Borislav Petkov
2020-03-19 9:13 ` [PATCH 19/70] x86/boot/compressed/64: Call set_sev_encryption_mask earlier Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 20/70] x86/boot/compressed/64: Check return value of kernel_ident_mapping_init() Joerg Roedel
2020-03-19 9:13 ` [PATCH 21/70] x86/boot/compressed/64: Add function to map a page unencrypted Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-20 20:53 ` David Rientjes
2020-03-20 21:02 ` Dave Hansen
2020-03-20 22:12 ` Joerg Roedel
2020-03-20 22:26 ` Dave Hansen
2020-03-21 15:40 ` Joerg Roedel
2020-03-21 15:40 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 22/70] x86/boot/compressed/64: Setup GHCB Based VC Exception handler Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 23/70] x86/sev-es: Add support for handling IOIO exceptions Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-20 21:03 ` David Rientjes
2020-03-20 22:24 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 24/70] x86/fpu: Move xgetbv()/xsetbv() into separate header Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 25/70] x86/sev-es: Add CPUID handling to #VC handler Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 26/70] x86/idt: Move IDT to data segment Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 27/70] x86/idt: Split idt_data setup out of set_intr_gate() Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 28/70] x86/idt: Move two function from k/idt.c to i/a/desc.h Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 29/70] x86/head/64: Install boot GDT Joerg Roedel
2020-03-19 9:13 ` [PATCH 30/70] x86/head/64: Reload GDT after switch to virtual addresses Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 31/70] x86/head/64: Load segment registers earlier Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 32/70] x86/head/64: Switch to initial stack earlier Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 33/70] x86/head/64: Build k/head64.c with -fno-stack-protector Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 34/70] x86/head/64: Load IDT earlier Joerg Roedel
2020-03-19 9:13 ` [PATCH 35/70] x86/head/64: Move early exception dispatch to C code Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 36/70] x86/sev-es: Add SEV-ES Feature Detection Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 37/70] x86/sev-es: Compile early handler code into kernel image Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 38/70] x86/sev-es: Setup early #VC handler Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 39/70] x86/sev-es: Setup GHCB based boot " Joerg Roedel
2020-03-19 9:13 ` [PATCH 40/70] x86/sev-es: Setup per-cpu GHCBs for the runtime handler Joerg Roedel
2020-04-14 19:03 ` Mike Stunes
2020-04-14 19:03 ` Mike Stunes
2020-04-14 20:04 ` Tom Lendacky
2020-04-14 20:04 ` Tom Lendacky
2020-04-14 20:12 ` Dave Hansen
2020-04-14 20:12 ` Dave Hansen
2020-04-14 20:16 ` Tom Lendacky
2020-04-14 20:16 ` Tom Lendacky
2020-04-14 20:18 ` Tom Lendacky
2020-04-14 20:18 ` Tom Lendacky
2020-04-15 15:54 ` Joerg Roedel
2020-04-15 15:54 ` Joerg Roedel
2020-04-15 15:53 ` Joerg Roedel
2020-04-15 15:53 ` Joerg Roedel
2020-04-23 1:33 ` Bo Gan
2020-04-23 1:33 ` Bo Gan
2020-04-23 11:30 ` Joerg Roedel
2020-04-23 11:30 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 41/70] x86/sev-es: Add Runtime #VC Exception Handler Joerg Roedel
2020-03-19 9:13 ` Joerg Roedel
2020-03-19 15:44 ` Andy Lutomirski
2020-03-19 16:24 ` Joerg Roedel
2020-03-19 18:43 ` Andy Lutomirski
2020-03-19 19:38 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 42/70] x86/sev-es: Support nested #VC exceptions Joerg Roedel
2020-03-19 15:46 ` Andy Lutomirski
2020-03-19 15:46 ` Andy Lutomirski
2020-03-19 16:12 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 43/70] x86/sev-es: Wire up existing #VC exit-code handlers Joerg Roedel
2020-03-19 9:13 ` [PATCH 44/70] x86/sev-es: Handle instruction fetches from user-space Joerg Roedel
2020-03-19 9:13 ` [PATCH 45/70] x86/sev-es: Harden runtime #VC handler for exceptions " Joerg Roedel
2020-03-19 9:13 ` [PATCH 46/70] x86/sev-es: Filter exceptions not supported " Joerg Roedel
2020-03-19 9:13 ` [PATCH 47/70] x86/sev-es: Handle MMIO events Joerg Roedel
2020-03-19 9:13 ` [PATCH 48/70] x86/sev-es: Handle MMIO String Instructions Joerg Roedel
2020-03-19 9:13 ` [PATCH 49/70] x86/sev-es: Handle MSR events Joerg Roedel
2020-03-19 9:13 ` [PATCH 50/70] x86/sev-es: Handle DR7 read/write events Joerg Roedel
2020-03-19 9:13 ` [PATCH 51/70] x86/sev-es: Handle WBINVD Events Joerg Roedel
2020-03-19 9:13 ` [PATCH 52/70] x86/sev-es: Handle RDTSC Events Joerg Roedel
2020-03-19 9:13 ` [PATCH 53/70] x86/sev-es: Handle RDPMC Events Joerg Roedel
2020-03-19 9:13 ` [PATCH 54/70] x86/sev-es: Handle INVD Events Joerg Roedel
2020-03-19 9:13 ` [PATCH 55/70] x86/sev-es: Handle RDTSCP Events Joerg Roedel
2020-04-24 21:03 ` [PATCH] Allow RDTSC and RDTSCP from userspace Mike Stunes
2020-04-24 21:03 ` Mike Stunes
2020-04-24 21:24 ` Dave Hansen
2020-04-24 21:27 ` Tom Lendacky
2020-04-24 22:53 ` Dave Hansen
2020-04-25 12:49 ` Joerg Roedel
2020-04-25 18:15 ` Andy Lutomirski
2020-04-25 19:10 ` Joerg Roedel
2020-04-25 19:47 ` Andy Lutomirski
2020-04-25 20:23 ` Joerg Roedel
2020-04-25 22:10 ` Andy Lutomirski
2020-04-27 17:37 ` Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) Andy Lutomirski
2020-04-27 18:15 ` Andrew Cooper
2020-04-27 18:43 ` Tom Lendacky
2020-04-28 7:55 ` Joerg Roedel
2020-04-28 16:34 ` Andrew Cooper
2020-06-23 11:07 ` Peter Zijlstra
2020-06-23 11:07 ` Peter Zijlstra
2020-06-23 11:30 ` Joerg Roedel
2020-06-23 11:48 ` Peter Zijlstra
2020-06-23 11:48 ` Peter Zijlstra
2020-06-23 12:04 ` Joerg Roedel
2020-06-23 12:52 ` Peter Zijlstra
2020-06-23 12:52 ` Peter Zijlstra
2020-06-23 13:40 ` Joerg Roedel
2020-06-23 13:40 ` Joerg Roedel
2020-06-23 13:59 ` Peter Zijlstra
2020-06-23 13:59 ` Peter Zijlstra
2020-06-23 14:53 ` Peter Zijlstra
2020-06-23 14:53 ` Peter Zijlstra
2020-06-23 14:59 ` Joerg Roedel
2020-06-23 15:23 ` Peter Zijlstra
2020-06-23 15:23 ` Peter Zijlstra
2020-06-23 15:38 ` Peter Zijlstra
2020-06-23 15:38 ` Peter Zijlstra
2020-06-23 15:38 ` Joerg Roedel
2020-06-23 16:02 ` Peter Zijlstra
2020-06-23 16:02 ` Peter Zijlstra
2020-06-23 15:39 ` Andrew Cooper
2020-06-23 15:52 ` Peter Zijlstra
2020-06-23 15:52 ` Peter Zijlstra
2020-06-23 16:03 ` Dave Hansen
2020-06-23 16:13 ` Peter Zijlstra
2020-06-23 16:13 ` Peter Zijlstra
2020-06-23 16:13 ` Borislav Petkov
2020-06-23 11:51 ` Andrew Cooper
2020-06-23 12:47 ` Peter Zijlstra
2020-06-23 12:47 ` Peter Zijlstra
2020-06-23 13:57 ` Andrew Cooper
2020-06-23 13:57 ` Andrew Cooper
2020-06-23 15:51 ` Borislav Petkov
2020-06-23 9:45 ` Joerg Roedel
2020-06-23 10:45 ` Peter Zijlstra
2020-06-23 11:11 ` Joerg Roedel
2020-06-23 11:14 ` Peter Zijlstra
2020-06-23 11:14 ` Peter Zijlstra
2020-06-23 11:43 ` Joerg Roedel
2020-06-23 11:50 ` Peter Zijlstra
2020-06-23 11:50 ` Peter Zijlstra
2020-06-23 12:12 ` Joerg Roedel
2020-06-23 13:03 ` Peter Zijlstra
2020-06-23 13:03 ` Peter Zijlstra
2020-06-23 14:49 ` Joerg Roedel
2020-06-23 15:16 ` Peter Zijlstra
2020-06-23 15:16 ` Peter Zijlstra
2020-06-23 15:32 ` Andrew Cooper
2020-06-23 16:10 ` Borislav Petkov
2020-06-23 15:22 ` Andrew Cooper
2020-06-23 18:26 ` Andy Lutomirski
2020-06-23 18:56 ` Andrew Cooper
2020-04-27 18:47 ` [PATCH] Allow RDTSC and RDTSCP from userspace Dave Hansen
2020-04-25 12:28 ` Joerg Roedel
2020-03-19 9:13 ` [PATCH 56/70] x86/sev-es: Handle MONITOR/MONITORX Events Joerg Roedel
2020-03-19 9:13 ` [PATCH 57/70] x86/sev-es: Handle MWAIT/MWAITX Events Joerg Roedel
2020-03-19 9:13 ` [PATCH 58/70] x86/sev-es: Handle VMMCALL Events Joerg Roedel
2020-03-19 9:13 ` [PATCH 59/70] x86/sev-es: Handle #AC Events Joerg Roedel
2020-03-19 9:13 ` [PATCH 60/70] x86/sev-es: Handle #DB Events Joerg Roedel
2020-03-19 9:13 ` [PATCH 61/70] x86/paravirt: Allow hypervisor specific VMMCALL handling under SEV-ES Joerg Roedel
2020-03-19 9:13 ` [PATCH 62/70] x86/kvm: Add KVM " Joerg Roedel
2020-03-20 21:23 ` David Rientjes
2020-03-20 22:21 ` Joerg Roedel
2020-03-19 9:14 ` [PATCH 63/70] x86/vmware: Add VMware specific handling for VMMCALL " Joerg Roedel
2020-03-19 10:18 ` Thomas Hellstrom
2020-03-19 10:18 ` Thomas Hellstrom
2020-03-19 9:14 ` [PATCH 64/70] x86/realmode: Add SEV-ES specific trampoline entry point Joerg Roedel
2020-03-19 9:14 ` [PATCH 65/70] x86/realmode: Setup AP jump table Joerg Roedel
2020-03-19 9:14 ` [PATCH 66/70] x86/head/64: Don't call verify_cpu() on starting APs Joerg Roedel
2020-03-19 9:14 ` [PATCH 67/70] x86/head/64: Rename start_cpu0 Joerg Roedel
2020-03-19 9:14 ` [PATCH 68/70] x86/sev-es: Support CPU offline/online Joerg Roedel
2020-03-19 9:14 ` [PATCH 69/70] x86/cpufeature: Add SEV_ES_GUEST CPU Feature Joerg Roedel
2020-03-19 9:14 ` [PATCH 70/70] x86/sev-es: Add NMI state tracking Joerg Roedel
2020-03-19 15:35 ` Andy Lutomirski
2020-03-19 16:07 ` Joerg Roedel
2020-03-19 18:40 ` Andy Lutomirski
2020-03-19 19:26 ` Joerg Roedel
2020-03-19 21:27 ` Andy Lutomirski
2020-03-20 19:48 ` Joerg Roedel
2020-03-20 13:17 ` [RFC PATCH v2.1] x86/sev-es: Handle NMI State Joerg Roedel
2020-03-20 14:42 ` Dave Hansen
2020-03-20 19:42 ` Joerg Roedel
2020-03-19 16:53 ` [PATCH 70/70] x86/sev-es: Add NMI state tracking Mika Penttilä
2020-03-19 19:41 ` Joerg Roedel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200319091407.1481-19-joro@8bytes.org \
--to=joro@8bytes.org \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jgross@suse.com \
--cc=jroedel@suse.de \
--cc=jslaby@suse.cz \
--cc=keescook@chromium.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=peterz@infradead.org \
--cc=thellstrom@vmware.com \
--cc=thomas.lendacky@amd.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.