linux-efi.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Brijesh Singh <brijesh.singh@amd.com>
To: x86@kernel.org, linux-kernel@vger.kernel.org,
	kvm@vger.kernel.org, linux-efi@vger.kernel.org,
	platform-driver-x86@vger.kernel.org, linux-coco@lists.linux.dev,
	linux-mm@kvack.org
Cc: Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Joerg Roedel <jroedel@suse.de>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	"H. Peter Anvin" <hpa@zytor.com>,
	Ard Biesheuvel <ardb@kernel.org>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Sean Christopherson <seanjc@google.com>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Wanpeng Li <wanpengli@tencent.com>,
	Jim Mattson <jmattson@google.com>,
	Andy Lutomirski <luto@kernel.org>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Sergio Lopez <slp@redhat.com>, Peter Gonda <pgonda@google.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>,
	David Rientjes <rientjes@google.com>,
	Dov Murik <dovmurik@linux.ibm.com>,
	Tobin Feldman-Fitzthum <tobin@ibm.com>,
	Borislav Petkov <bp@alien8.de>,
	Michael Roth <michael.roth@amd.com>,
	Vlastimil Babka <vbabka@suse.cz>,
	"Kirill A . Shutemov" <kirill@shutemov.name>,
	Andi Kleen <ak@linux.intel.com>,
	tony.luck@intel.com, marcorr@google.com,
	sathyanarayanan.kuppuswamy@linux.intel.com,
	Brijesh Singh <brijesh.singh@amd.com>
Subject: [PATCH Part1 v5 31/38] x86/compressed/64: add identity mapping for Confidential Computing blob
Date: Fri, 20 Aug 2021 10:19:26 -0500	[thread overview]
Message-ID: <20210820151933.22401-32-brijesh.singh@amd.com> (raw)
In-Reply-To: <20210820151933.22401-1-brijesh.singh@amd.com>

From: Michael Roth <michael.roth@amd.com>

The run-time kernel will need to access the Confidential Computing
blob very early in boot to access the CPUID table it points to. At that
stage of boot it will be relying on the identity-mapped page table set
up by boot/compressed kernel, so make sure we have both of them mapped
in advance.

Signed-off-by: Michael Roth <michael.roth@amd.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 arch/x86/boot/compressed/ident_map_64.c | 18 ++++++++++++++++++
 arch/x86/boot/compressed/sev.c          |  2 +-
 arch/x86/include/asm/sev.h              |  6 ++++++
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/arch/x86/boot/compressed/ident_map_64.c b/arch/x86/boot/compressed/ident_map_64.c
index 3cf7a7575f5c..54374e0f0257 100644
--- a/arch/x86/boot/compressed/ident_map_64.c
+++ b/arch/x86/boot/compressed/ident_map_64.c
@@ -37,6 +37,9 @@
 #include <asm/setup.h>	/* For COMMAND_LINE_SIZE */
 #undef _SETUP
 
+#define __BOOT_COMPRESSED
+#include <asm/sev.h> /* For sev_snp_active() + ConfidentialComputing blob */
+
 extern unsigned long get_cmd_line_ptr(void);
 
 /* Used by PAGE_KERN* macros: */
@@ -163,6 +166,21 @@ void initialize_identity_maps(void *rmode)
 	cmdline = get_cmd_line_ptr();
 	add_identity_map(cmdline, cmdline + COMMAND_LINE_SIZE);
 
+	/*
+	 * The ConfidentialComputing blob is used very early in uncompressed
+	 * kernel to find CPUID memory to handle cpuid instructions. Make sure
+	 * an identity-mapping exists so they can be accessed after switchover.
+	 */
+	if (sev_snp_enabled()) {
+		struct cc_blob_sev_info *cc_info =
+			(void *)(unsigned long)boot_params->cc_blob_address;
+
+		add_identity_map((unsigned long)cc_info,
+				 (unsigned long)cc_info + sizeof(*cc_info));
+		add_identity_map((unsigned long)cc_info->cpuid_phys,
+				 (unsigned long)cc_info->cpuid_phys + cc_info->cpuid_len);
+	}
+
 	/* Load the new page-table. */
 	sev_verify_cbit(top_level_pgt);
 	write_cr3(top_level_pgt);
diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c
index 910bf5cf010e..d1ecba457350 100644
--- a/arch/x86/boot/compressed/sev.c
+++ b/arch/x86/boot/compressed/sev.c
@@ -123,7 +123,7 @@ static enum es_result vc_read_mem(struct es_em_ctxt *ctxt,
 /* Include code for early handlers */
 #include "../../kernel/sev-shared.c"
 
-static inline bool sev_snp_enabled(void)
+bool sev_snp_enabled(void)
 {
 	unsigned long low, high;
 
diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
index c73931548346..345740aa5559 100644
--- a/arch/x86/include/asm/sev.h
+++ b/arch/x86/include/asm/sev.h
@@ -127,6 +127,9 @@ void __init snp_prep_memory(unsigned long paddr, unsigned int sz, enum psc_op op
 void snp_set_memory_shared(unsigned long vaddr, unsigned int npages);
 void snp_set_memory_private(unsigned long vaddr, unsigned int npages);
 void snp_set_wakeup_secondary_cpu(void);
+#ifdef __BOOT_COMPRESSED
+bool sev_snp_enabled(void);
+#endif /* __BOOT_COMPRESSED */
 void sev_snp_cpuid_init(struct boot_params *bp);
 #else
 static inline void sev_es_ist_enter(struct pt_regs *regs) { }
@@ -144,6 +147,9 @@ static inline void snp_set_memory_shared(unsigned long vaddr, unsigned int npage
 static inline void snp_set_memory_private(unsigned long vaddr, unsigned int npages) { }
 static inline void snp_set_wakeup_secondary_cpu(void) { }
 static inline void sev_snp_cpuid_init(struct boot_params *bp) { }
+#ifdef __BOOT_COMPRESSED
+static inline bool sev_snp_enabled { return false; }
+#endif /*__BOOT_COMPRESSED */
 #endif
 
 #endif
-- 
2.17.1


  parent reply	other threads:[~2021-08-20 15:24 UTC|newest]

Thread overview: 123+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-20 15:18 [PATCH Part1 v5 00/38] Add AMD Secure Nested Paging (SEV-SNP) Guest Support Brijesh Singh
2021-08-20 15:18 ` [PATCH Part1 v5 01/38] x86/mm: Add sev_feature_enabled() helper Brijesh Singh
2021-08-20 15:18 ` [PATCH Part1 v5 02/38] x86/sev: Shorten GHCB terminate macro names Brijesh Singh
2021-08-20 15:18 ` [PATCH Part1 v5 03/38] x86/sev: Get rid of excessive use of defines Brijesh Singh
2021-08-20 15:18 ` [PATCH Part1 v5 04/38] x86/head64: Carve out the guest encryption postprocessing into a helper Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 05/38] x86/sev: Define the Linux specific guest termination reasons Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 06/38] x86/sev: Save the negotiated GHCB version Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 07/38] x86/sev: Add support for hypervisor feature VMGEXIT Brijesh Singh
2021-08-23  9:47   ` Borislav Petkov
2021-08-23 18:25     ` Brijesh Singh
2021-08-23 18:34       ` Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 08/38] x86/sev: Check SEV-SNP features support Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 09/38] x86/sev: Add a helper for the PVALIDATE instruction Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 10/38] x86/sev: Check the vmpl level Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 11/38] x86/compressed: Add helper for validating pages in the decompression stage Brijesh Singh
2021-08-23 14:16   ` Borislav Petkov
2021-08-23 18:55     ` Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 12/38] x86/compressed: Register GHCB memory when SEV-SNP is active Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 13/38] x86/sev: " Brijesh Singh
2021-08-23 17:35   ` Borislav Petkov
2021-08-23 18:56     ` Brijesh Singh
2021-08-23 19:45       ` [PATCH] x86/sev: Remove do_early_exception() forward declarations Borislav Petkov
2021-08-23 20:06         ` Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 14/38] x86/sev: Add helper for validating pages in early enc attribute changes Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 15/38] x86/kernel: Make the bss.decrypted section shared in RMP table Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 16/38] x86/kernel: Validate rom memory before accessing when SEV-SNP is active Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 17/38] x86/mm: Add support to validate memory when changing C-bit Brijesh Singh
2021-08-25 11:06   ` Borislav Petkov
2021-08-25 13:54     ` Brijesh Singh
2021-08-25 14:00       ` Borislav Petkov
2021-08-27 17:09   ` Borislav Petkov
2021-08-20 15:19 ` [PATCH Part1 v5 18/38] KVM: SVM: Define sev_features and vmpl field in the VMSA Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 19/38] KVM: SVM: Create a separate mapping for the SEV-ES save area Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 20/38] KVM: SVM: Create a separate mapping for the GHCB " Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 21/38] KVM: SVM: Update the SEV-ES save area mapping Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 22/38] x86/sev: Use SEV-SNP AP creation to start secondary CPUs Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 23/38] x86/head/64: set up a startup %gs for stack protector Brijesh Singh
2021-08-25 14:29   ` Borislav Petkov
2021-08-25 15:18     ` Michael Roth
2021-08-25 16:29       ` Borislav Petkov
2021-08-27 13:38         ` Michael Roth
2021-08-31  8:03           ` Borislav Petkov
2021-08-31 23:30             ` Michael Roth
2021-08-25 15:07   ` Joerg Roedel
2021-08-25 17:07     ` Michael Roth
2021-08-20 15:19 ` [PATCH Part1 v5 24/38] x86/sev: move MSR-based VMGEXITs for CPUID to helper Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 25/38] KVM: x86: move lookup of indexed CPUID leafs " Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 26/38] x86/compressed/acpi: move EFI config table access to common code Brijesh Singh
2021-08-25 15:18   ` Borislav Petkov
2021-08-25 17:14     ` Michael Roth
2021-08-20 15:19 ` [PATCH Part1 v5 27/38] x86/boot: Add Confidential Computing type to setup_data Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 28/38] x86/compressed/64: enable SEV-SNP-validated CPUID in #VC handler Brijesh Singh
2021-08-25 19:19   ` Borislav Petkov
2021-08-27 16:46     ` Michael Roth
2021-08-31 10:04       ` Borislav Petkov
2021-09-01  1:03         ` Michael Roth
2021-09-02 10:53           ` Borislav Petkov
2021-08-20 15:19 ` [PATCH Part1 v5 29/38] x86/boot: add a pointer to Confidential Computing blob in bootparams Brijesh Singh
2021-08-27 13:51   ` Borislav Petkov
2021-08-27 18:48     ` Michael Roth
2021-08-20 15:19 ` [PATCH Part1 v5 30/38] x86/compressed/64: store Confidential Computing blob address " Brijesh Singh
2021-08-27 14:15   ` Borislav Petkov
2021-08-27 19:09     ` Michael Roth
2021-08-31 10:26       ` Borislav Petkov
2021-08-20 15:19 ` Brijesh Singh [this message]
2021-08-27 14:43   ` [PATCH Part1 v5 31/38] x86/compressed/64: add identity mapping for Confidential Computing blob Borislav Petkov
2021-08-20 15:19 ` [PATCH Part1 v5 32/38] x86/sev: enable SEV-SNP-validated CPUID in #VC handlers Brijesh Singh
2021-08-27 15:18   ` Borislav Petkov
2021-08-27 15:47     ` Brijesh Singh
2021-08-27 16:56       ` Borislav Petkov
2021-08-27 18:39       ` Michael Roth
2021-08-27 18:32     ` Michael Roth
2021-08-30 16:03       ` Michael Roth
2021-08-31 16:22       ` Borislav Petkov
2021-09-01  1:16         ` Michael Roth
2021-09-02 11:05           ` Borislav Petkov
2021-08-20 15:19 ` [PATCH Part1 v5 33/38] x86/sev: Provide support for SNP guest request NAEs Brijesh Singh
2021-08-27 17:44   ` Borislav Petkov
2021-08-27 18:07     ` Brijesh Singh
2021-08-27 18:13       ` Borislav Petkov
2021-08-27 18:27         ` Brijesh Singh
2021-08-27 18:38           ` Borislav Petkov
2021-08-27 19:57       ` Tom Lendacky
2021-08-27 20:17         ` Borislav Petkov
2021-08-27 20:31           ` Tom Lendacky
2021-08-20 15:19 ` [PATCH Part1 v5 34/38] x86/sev: Add snp_msg_seqno() helper Brijesh Singh
2021-08-27 18:41   ` Borislav Petkov
2021-08-30 15:07     ` Brijesh Singh
2021-09-02 11:26       ` Borislav Petkov
2021-09-02 15:27         ` Brijesh Singh
2021-08-31 20:46   ` Dov Murik
2021-08-31 21:13     ` Brijesh Singh
2021-09-09 14:54   ` Peter Gonda
2021-09-09 15:26     ` Brijesh Singh
2021-09-09 15:43       ` Peter Gonda
2021-09-09 16:17         ` Brijesh Singh
2021-09-09 16:21           ` Peter Gonda
2021-09-09 19:26             ` Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 35/38] x86/sev: Register SNP guest request platform device Brijesh Singh
2021-08-31 11:37   ` Dov Murik
2021-08-31 16:03     ` Brijesh Singh
2021-09-02 16:40   ` Borislav Petkov
2021-09-02 19:58     ` Brijesh Singh
2021-09-03  8:15       ` Dov Murik
2021-09-03 12:08         ` Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 36/38] virt: Add SEV-SNP guest driver Brijesh Singh
2021-09-06 17:38   ` Borislav Petkov
2021-09-07 13:35     ` Brijesh Singh
2021-09-08 13:44       ` Borislav Petkov
2021-08-20 15:19 ` [PATCH Part1 v5 37/38] virt: sevguest: Add support to derive key Brijesh Singh
2021-08-31 18:59   ` Dov Murik
2021-08-31 21:04     ` Brijesh Singh
2021-09-01  5:33       ` Dov Murik
2021-09-08 14:00   ` Borislav Petkov
2021-09-08 21:44     ` Brijesh Singh
2021-08-20 15:19 ` [PATCH Part1 v5 38/38] virt: sevguest: Add support to get extended report Brijesh Singh
2021-08-31 20:22   ` Dov Murik
2021-08-31 21:11     ` Brijesh Singh
2021-09-01  8:32       ` Dov Murik
2021-09-08 17:53   ` Borislav Petkov
2021-09-15 11:46     ` Brijesh Singh
2021-09-15 10:02   ` Dr. David Alan Gilbert
2021-09-15 11:53     ` Brijesh Singh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210820151933.22401-32-brijesh.singh@amd.com \
    --to=brijesh.singh@amd.com \
    --cc=ak@linux.intel.com \
    --cc=ardb@kernel.org \
    --cc=bp@alien8.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=dovmurik@linux.ibm.com \
    --cc=hpa@zytor.com \
    --cc=jmattson@google.com \
    --cc=jroedel@suse.de \
    --cc=kirill@shutemov.name \
    --cc=kvm@vger.kernel.org \
    --cc=linux-coco@lists.linux.dev \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=luto@kernel.org \
    --cc=marcorr@google.com \
    --cc=michael.roth@amd.com \
    --cc=mingo@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=peterz@infradead.org \
    --cc=pgonda@google.com \
    --cc=platform-driver-x86@vger.kernel.org \
    --cc=rientjes@google.com \
    --cc=sathyanarayanan.kuppuswamy@linux.intel.com \
    --cc=seanjc@google.com \
    --cc=slp@redhat.com \
    --cc=srinivas.pandruvada@linux.intel.com \
    --cc=tglx@linutronix.de \
    --cc=thomas.lendacky@amd.com \
    --cc=tobin@ibm.com \
    --cc=tony.luck@intel.com \
    --cc=vbabka@suse.cz \
    --cc=vkuznets@redhat.com \
    --cc=wanpengli@tencent.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).