From: Joerg Roedel <joro@8bytes.org> To: x86@kernel.org Cc: Joerg Roedel <joro@8bytes.org>, Joerg Roedel <jroedel@suse.de>, hpa@zytor.com, Andy Lutomirski <luto@kernel.org>, Dave Hansen <dave.hansen@linux.intel.com>, Peter Zijlstra <peterz@infradead.org>, Jiri Slaby <jslaby@suse.cz>, Dan Williams <dan.j.williams@intel.com>, Tom Lendacky <thomas.lendacky@amd.com>, Juergen Gross <jgross@suse.com>, Kees Cook <keescook@chromium.org>, David Rientjes <rientjes@google.com>, Cfir Cohen <cfir@google.com>, Erdem Aktas <erdemaktas@google.com>, Masami Hiramatsu <mhiramat@kernel.org>, Mike Stunes <mstunes@vmware.com>, Sean Christopherson <sean.j.christopherson@intel.com>, Martin Radev <martin.b.radev@gmail.com>, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, virtualization@lists.linux-foundation.org Subject: [PATCH v4 18/75] x86/boot/compressed/64: Add stage1 #VC handler Date: Tue, 14 Jul 2020 14:08:20 +0200 [thread overview] Message-ID: <20200714120917.11253-19-joro@8bytes.org> (raw) In-Reply-To: <20200714120917.11253-1-joro@8bytes.org> From: Joerg Roedel <jroedel@suse.de> Add the first handler for #VC exceptions. At stage 1 there is no GHCB yet becaue the kernel might still be running on the EFI page table. The stage 1 handler is limited to the MSR based protocol to talk to the hypervisor and can only support CPUID exit-codes, but that is enough to get to stage 2. Signed-off-by: Joerg Roedel <jroedel@suse.de> --- arch/x86/boot/compressed/Makefile | 1 + arch/x86/boot/compressed/idt_64.c | 4 ++ arch/x86/boot/compressed/idt_handlers_64.S | 4 ++ arch/x86/boot/compressed/misc.h | 1 + arch/x86/boot/compressed/sev-es.c | 45 +++++++++++++++ arch/x86/include/asm/msr-index.h | 1 + arch/x86/include/asm/sev-es.h | 37 ++++++++++++ arch/x86/include/asm/trapnr.h | 1 + arch/x86/kernel/sev-es-shared.c | 66 ++++++++++++++++++++++ 9 files changed, 160 insertions(+) create mode 100644 arch/x86/boot/compressed/sev-es.c create mode 100644 arch/x86/include/asm/sev-es.h create mode 100644 arch/x86/kernel/sev-es-shared.c diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index c825c95d13b9..b66f393e5a87 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -87,6 +87,7 @@ ifdef CONFIG_X86_64 vmlinux-objs-y += $(obj)/idt_64.o $(obj)/idt_handlers_64.o vmlinux-objs-y += $(obj)/mem_encrypt.o vmlinux-objs-y += $(obj)/pgtable_64.o + vmlinux-objs-$(CONFIG_AMD_MEM_ENCRYPT) += $(obj)/sev-es.o endif vmlinux-objs-$(CONFIG_ACPI) += $(obj)/acpi.o diff --git a/arch/x86/boot/compressed/idt_64.c b/arch/x86/boot/compressed/idt_64.c index 5f083092a86d..f3ca7324be44 100644 --- a/arch/x86/boot/compressed/idt_64.c +++ b/arch/x86/boot/compressed/idt_64.c @@ -32,6 +32,10 @@ void load_stage1_idt(void) { boot_idt_desc.address = (unsigned long)boot_idt; + + if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) + set_idt_entry(X86_TRAP_VC, boot_stage1_vc); + load_boot_idt(&boot_idt_desc); } diff --git a/arch/x86/boot/compressed/idt_handlers_64.S b/arch/x86/boot/compressed/idt_handlers_64.S index b20e57504a94..92eb4df478a1 100644 --- a/arch/x86/boot/compressed/idt_handlers_64.S +++ b/arch/x86/boot/compressed/idt_handlers_64.S @@ -70,3 +70,7 @@ SYM_FUNC_END(\name) .code64 EXCEPTION_HANDLER boot_page_fault do_boot_page_fault error_code=1 + +#ifdef CONFIG_AMD_MEM_ENCRYPT +EXCEPTION_HANDLER boot_stage1_vc do_vc_no_ghcb error_code=1 +#endif diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h index ea6174bad699..65da40777bc1 100644 --- a/arch/x86/boot/compressed/misc.h +++ b/arch/x86/boot/compressed/misc.h @@ -141,5 +141,6 @@ extern struct desc_ptr boot_idt_desc; /* IDT Entry Points */ void boot_page_fault(void); +void boot_stage1_vc(void); #endif /* BOOT_COMPRESSED_MISC_H */ diff --git a/arch/x86/boot/compressed/sev-es.c b/arch/x86/boot/compressed/sev-es.c new file mode 100644 index 000000000000..bb91cbb5920e --- /dev/null +++ b/arch/x86/boot/compressed/sev-es.c @@ -0,0 +1,45 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * AMD Encrypted Register State Support + * + * Author: Joerg Roedel <jroedel@suse.de> + */ + +/* + * misc.h needs to be first because it knows how to include the other kernel + * headers in the pre-decompression code in a way that does not break + * compilation. + */ +#include "misc.h" + +#include <asm/sev-es.h> +#include <asm/msr-index.h> +#include <asm/ptrace.h> +#include <asm/svm.h> + +static inline u64 sev_es_rd_ghcb_msr(void) +{ + unsigned long low, high; + + asm volatile("rdmsr\n" : "=a" (low), "=d" (high) : + "c" (MSR_AMD64_SEV_ES_GHCB)); + + return ((high << 32) | low); +} + +static inline void sev_es_wr_ghcb_msr(u64 val) +{ + u32 low, high; + + low = val & 0xffffffffUL; + high = val >> 32; + + asm volatile("wrmsr\n" : : "c" (MSR_AMD64_SEV_ES_GHCB), + "a"(low), "d" (high) : "memory"); +} + +#undef __init +#define __init + +/* Include code for early handlers */ +#include "../../kernel/sev-es-shared.c" diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index e8370e64a155..2816eb01463f 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -448,6 +448,7 @@ #define MSR_AMD64_IBSBRTARGET 0xc001103b #define MSR_AMD64_IBSOPDATA4 0xc001103d #define MSR_AMD64_IBS_REG_COUNT_MAX 8 /* includes MSR_AMD64_IBSBRTARGET */ +#define MSR_AMD64_SEV_ES_GHCB 0xc0010130 #define MSR_AMD64_SEV 0xc0010131 #define MSR_AMD64_SEV_ENABLED_BIT 0 #define MSR_AMD64_SEV_ENABLED BIT_ULL(MSR_AMD64_SEV_ENABLED_BIT) diff --git a/arch/x86/include/asm/sev-es.h b/arch/x86/include/asm/sev-es.h new file mode 100644 index 000000000000..5d49a8a429d3 --- /dev/null +++ b/arch/x86/include/asm/sev-es.h @@ -0,0 +1,37 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * AMD Encrypted Register State Support + * + * Author: Joerg Roedel <jroedel@suse.de> + */ + +#ifndef __ASM_ENCRYPTED_STATE_H +#define __ASM_ENCRYPTED_STATE_H + +#include <linux/types.h> + +#define GHCB_SEV_CPUID_REQ 0x004UL +#define GHCB_CPUID_REQ_EAX 0 +#define GHCB_CPUID_REQ_EBX 1 +#define GHCB_CPUID_REQ_ECX 2 +#define GHCB_CPUID_REQ_EDX 3 +#define GHCB_CPUID_REQ(fn, reg) (GHCB_SEV_CPUID_REQ | \ + (((unsigned long)reg & 3) << 30) | \ + (((unsigned long)fn) << 32)) + +#define GHCB_SEV_CPUID_RESP 0x005UL +#define GHCB_SEV_TERMINATE 0x100UL + +#define GHCB_SEV_GHCB_RESP_CODE(v) ((v) & 0xfff) +#define VMGEXIT() { asm volatile("rep; vmmcall\n\r"); } + +void __init do_vc_no_ghcb(struct pt_regs *regs, unsigned long exit_code); + +static inline u64 lower_bits(u64 val, unsigned int bits) +{ + u64 mask = (1ULL << bits) - 1; + + return (val & mask); +} + +#endif diff --git a/arch/x86/include/asm/trapnr.h b/arch/x86/include/asm/trapnr.h index 082f45631fa9..f5d2325aa0b7 100644 --- a/arch/x86/include/asm/trapnr.h +++ b/arch/x86/include/asm/trapnr.h @@ -26,6 +26,7 @@ #define X86_TRAP_XF 19 /* SIMD Floating-Point Exception */ #define X86_TRAP_VE 20 /* Virtualization Exception */ #define X86_TRAP_CP 21 /* Control Protection Exception */ +#define X86_TRAP_VC 29 /* VMM Communication Exception */ #define X86_TRAP_IRET 32 /* IRET Exception */ #endif diff --git a/arch/x86/kernel/sev-es-shared.c b/arch/x86/kernel/sev-es-shared.c new file mode 100644 index 000000000000..0bea32341afa --- /dev/null +++ b/arch/x86/kernel/sev-es-shared.c @@ -0,0 +1,66 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * AMD Encrypted Register State Support + * + * Author: Joerg Roedel <jroedel@suse.de> + * + * This file is not compiled stand-alone. It contains code shared + * between the pre-decompression boot code and the running Linux kernel + * and is included directly into both code-bases. + */ + +/* + * Boot VC Handler - This is the first VC handler during boot, there is no GHCB + * page yet, so it only supports the MSR based communication with the + * hypervisor and only the CPUID exit-code. + */ +void __init do_vc_no_ghcb(struct pt_regs *regs, unsigned long exit_code) +{ + unsigned int fn = lower_bits(regs->ax, 32); + unsigned long val; + + /* Only CPUID is supported via MSR protocol */ + if (exit_code != SVM_EXIT_CPUID) + goto fail; + + sev_es_wr_ghcb_msr(GHCB_CPUID_REQ(fn, GHCB_CPUID_REQ_EAX)); + VMGEXIT(); + val = sev_es_rd_ghcb_msr(); + if (GHCB_SEV_GHCB_RESP_CODE(val) != GHCB_SEV_CPUID_RESP) + goto fail; + regs->ax = val >> 32; + + sev_es_wr_ghcb_msr(GHCB_CPUID_REQ(fn, GHCB_CPUID_REQ_EBX)); + VMGEXIT(); + val = sev_es_rd_ghcb_msr(); + if (GHCB_SEV_GHCB_RESP_CODE(val) != GHCB_SEV_CPUID_RESP) + goto fail; + regs->bx = val >> 32; + + sev_es_wr_ghcb_msr(GHCB_CPUID_REQ(fn, GHCB_CPUID_REQ_ECX)); + VMGEXIT(); + val = sev_es_rd_ghcb_msr(); + if (GHCB_SEV_GHCB_RESP_CODE(val) != GHCB_SEV_CPUID_RESP) + goto fail; + regs->cx = val >> 32; + + sev_es_wr_ghcb_msr(GHCB_CPUID_REQ(fn, GHCB_CPUID_REQ_EDX)); + VMGEXIT(); + val = sev_es_rd_ghcb_msr(); + if (GHCB_SEV_GHCB_RESP_CODE(val) != GHCB_SEV_CPUID_RESP) + goto fail; + regs->dx = val >> 32; + + /* Skip over the CPUID two-byte opcode */ + regs->ip += 2; + + return; + +fail: + sev_es_wr_ghcb_msr(GHCB_SEV_TERMINATE); + VMGEXIT(); + + /* Shouldn't get here - if we do halt the machine */ + while (true) + asm volatile("hlt\n"); +} -- 2.27.0
WARNING: multiple messages have this Message-ID (diff)
From: Joerg Roedel <joro@8bytes.org> To: x86@kernel.org Cc: Juergen Gross <jgross@suse.com>, Tom Lendacky <thomas.lendacky@amd.com>, Joerg Roedel <jroedel@suse.de>, Mike Stunes <mstunes@vmware.com>, Kees Cook <keescook@chromium.org>, kvm@vger.kernel.org, Peter Zijlstra <peterz@infradead.org>, Cfir Cohen <cfir@google.com>, Joerg Roedel <joro@8bytes.org>, Dave Hansen <dave.hansen@linux.intel.com>, linux-kernel@vger.kernel.org, Sean Christopherson <sean.j.christopherson@intel.com>, virtualization@lists.linux-foundation.org, Martin Radev <martin.b.radev@gmail.com>, Masami Hiramatsu <mhiramat@kernel.org>, Andy Lutomirski <luto@kernel.org>, hpa@zytor.com, Erdem Aktas <erdemaktas@google.com>, David Rientjes <rientjes@google.com>, Dan Williams <dan.j.williams@intel.com>, Jiri Slaby <jslaby@suse.cz> Subject: [PATCH v4 18/75] x86/boot/compressed/64: Add stage1 #VC handler Date: Tue, 14 Jul 2020 14:08:20 +0200 [thread overview] Message-ID: <20200714120917.11253-19-joro@8bytes.org> (raw) In-Reply-To: <20200714120917.11253-1-joro@8bytes.org> From: Joerg Roedel <jroedel@suse.de> Add the first handler for #VC exceptions. At stage 1 there is no GHCB yet becaue the kernel might still be running on the EFI page table. The stage 1 handler is limited to the MSR based protocol to talk to the hypervisor and can only support CPUID exit-codes, but that is enough to get to stage 2. Signed-off-by: Joerg Roedel <jroedel@suse.de> --- arch/x86/boot/compressed/Makefile | 1 + arch/x86/boot/compressed/idt_64.c | 4 ++ arch/x86/boot/compressed/idt_handlers_64.S | 4 ++ arch/x86/boot/compressed/misc.h | 1 + arch/x86/boot/compressed/sev-es.c | 45 +++++++++++++++ arch/x86/include/asm/msr-index.h | 1 + arch/x86/include/asm/sev-es.h | 37 ++++++++++++ arch/x86/include/asm/trapnr.h | 1 + arch/x86/kernel/sev-es-shared.c | 66 ++++++++++++++++++++++ 9 files changed, 160 insertions(+) create mode 100644 arch/x86/boot/compressed/sev-es.c create mode 100644 arch/x86/include/asm/sev-es.h create mode 100644 arch/x86/kernel/sev-es-shared.c diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index c825c95d13b9..b66f393e5a87 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -87,6 +87,7 @@ ifdef CONFIG_X86_64 vmlinux-objs-y += $(obj)/idt_64.o $(obj)/idt_handlers_64.o vmlinux-objs-y += $(obj)/mem_encrypt.o vmlinux-objs-y += $(obj)/pgtable_64.o + vmlinux-objs-$(CONFIG_AMD_MEM_ENCRYPT) += $(obj)/sev-es.o endif vmlinux-objs-$(CONFIG_ACPI) += $(obj)/acpi.o diff --git a/arch/x86/boot/compressed/idt_64.c b/arch/x86/boot/compressed/idt_64.c index 5f083092a86d..f3ca7324be44 100644 --- a/arch/x86/boot/compressed/idt_64.c +++ b/arch/x86/boot/compressed/idt_64.c @@ -32,6 +32,10 @@ void load_stage1_idt(void) { boot_idt_desc.address = (unsigned long)boot_idt; + + if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) + set_idt_entry(X86_TRAP_VC, boot_stage1_vc); + load_boot_idt(&boot_idt_desc); } diff --git a/arch/x86/boot/compressed/idt_handlers_64.S b/arch/x86/boot/compressed/idt_handlers_64.S index b20e57504a94..92eb4df478a1 100644 --- a/arch/x86/boot/compressed/idt_handlers_64.S +++ b/arch/x86/boot/compressed/idt_handlers_64.S @@ -70,3 +70,7 @@ SYM_FUNC_END(\name) .code64 EXCEPTION_HANDLER boot_page_fault do_boot_page_fault error_code=1 + +#ifdef CONFIG_AMD_MEM_ENCRYPT +EXCEPTION_HANDLER boot_stage1_vc do_vc_no_ghcb error_code=1 +#endif diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h index ea6174bad699..65da40777bc1 100644 --- a/arch/x86/boot/compressed/misc.h +++ b/arch/x86/boot/compressed/misc.h @@ -141,5 +141,6 @@ extern struct desc_ptr boot_idt_desc; /* IDT Entry Points */ void boot_page_fault(void); +void boot_stage1_vc(void); #endif /* BOOT_COMPRESSED_MISC_H */ diff --git a/arch/x86/boot/compressed/sev-es.c b/arch/x86/boot/compressed/sev-es.c new file mode 100644 index 000000000000..bb91cbb5920e --- /dev/null +++ b/arch/x86/boot/compressed/sev-es.c @@ -0,0 +1,45 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * AMD Encrypted Register State Support + * + * Author: Joerg Roedel <jroedel@suse.de> + */ + +/* + * misc.h needs to be first because it knows how to include the other kernel + * headers in the pre-decompression code in a way that does not break + * compilation. + */ +#include "misc.h" + +#include <asm/sev-es.h> +#include <asm/msr-index.h> +#include <asm/ptrace.h> +#include <asm/svm.h> + +static inline u64 sev_es_rd_ghcb_msr(void) +{ + unsigned long low, high; + + asm volatile("rdmsr\n" : "=a" (low), "=d" (high) : + "c" (MSR_AMD64_SEV_ES_GHCB)); + + return ((high << 32) | low); +} + +static inline void sev_es_wr_ghcb_msr(u64 val) +{ + u32 low, high; + + low = val & 0xffffffffUL; + high = val >> 32; + + asm volatile("wrmsr\n" : : "c" (MSR_AMD64_SEV_ES_GHCB), + "a"(low), "d" (high) : "memory"); +} + +#undef __init +#define __init + +/* Include code for early handlers */ +#include "../../kernel/sev-es-shared.c" diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index e8370e64a155..2816eb01463f 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -448,6 +448,7 @@ #define MSR_AMD64_IBSBRTARGET 0xc001103b #define MSR_AMD64_IBSOPDATA4 0xc001103d #define MSR_AMD64_IBS_REG_COUNT_MAX 8 /* includes MSR_AMD64_IBSBRTARGET */ +#define MSR_AMD64_SEV_ES_GHCB 0xc0010130 #define MSR_AMD64_SEV 0xc0010131 #define MSR_AMD64_SEV_ENABLED_BIT 0 #define MSR_AMD64_SEV_ENABLED BIT_ULL(MSR_AMD64_SEV_ENABLED_BIT) diff --git a/arch/x86/include/asm/sev-es.h b/arch/x86/include/asm/sev-es.h new file mode 100644 index 000000000000..5d49a8a429d3 --- /dev/null +++ b/arch/x86/include/asm/sev-es.h @@ -0,0 +1,37 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * AMD Encrypted Register State Support + * + * Author: Joerg Roedel <jroedel@suse.de> + */ + +#ifndef __ASM_ENCRYPTED_STATE_H +#define __ASM_ENCRYPTED_STATE_H + +#include <linux/types.h> + +#define GHCB_SEV_CPUID_REQ 0x004UL +#define GHCB_CPUID_REQ_EAX 0 +#define GHCB_CPUID_REQ_EBX 1 +#define GHCB_CPUID_REQ_ECX 2 +#define GHCB_CPUID_REQ_EDX 3 +#define GHCB_CPUID_REQ(fn, reg) (GHCB_SEV_CPUID_REQ | \ + (((unsigned long)reg & 3) << 30) | \ + (((unsigned long)fn) << 32)) + +#define GHCB_SEV_CPUID_RESP 0x005UL +#define GHCB_SEV_TERMINATE 0x100UL + +#define GHCB_SEV_GHCB_RESP_CODE(v) ((v) & 0xfff) +#define VMGEXIT() { asm volatile("rep; vmmcall\n\r"); } + +void __init do_vc_no_ghcb(struct pt_regs *regs, unsigned long exit_code); + +static inline u64 lower_bits(u64 val, unsigned int bits) +{ + u64 mask = (1ULL << bits) - 1; + + return (val & mask); +} + +#endif diff --git a/arch/x86/include/asm/trapnr.h b/arch/x86/include/asm/trapnr.h index 082f45631fa9..f5d2325aa0b7 100644 --- a/arch/x86/include/asm/trapnr.h +++ b/arch/x86/include/asm/trapnr.h @@ -26,6 +26,7 @@ #define X86_TRAP_XF 19 /* SIMD Floating-Point Exception */ #define X86_TRAP_VE 20 /* Virtualization Exception */ #define X86_TRAP_CP 21 /* Control Protection Exception */ +#define X86_TRAP_VC 29 /* VMM Communication Exception */ #define X86_TRAP_IRET 32 /* IRET Exception */ #endif diff --git a/arch/x86/kernel/sev-es-shared.c b/arch/x86/kernel/sev-es-shared.c new file mode 100644 index 000000000000..0bea32341afa --- /dev/null +++ b/arch/x86/kernel/sev-es-shared.c @@ -0,0 +1,66 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * AMD Encrypted Register State Support + * + * Author: Joerg Roedel <jroedel@suse.de> + * + * This file is not compiled stand-alone. It contains code shared + * between the pre-decompression boot code and the running Linux kernel + * and is included directly into both code-bases. + */ + +/* + * Boot VC Handler - This is the first VC handler during boot, there is no GHCB + * page yet, so it only supports the MSR based communication with the + * hypervisor and only the CPUID exit-code. + */ +void __init do_vc_no_ghcb(struct pt_regs *regs, unsigned long exit_code) +{ + unsigned int fn = lower_bits(regs->ax, 32); + unsigned long val; + + /* Only CPUID is supported via MSR protocol */ + if (exit_code != SVM_EXIT_CPUID) + goto fail; + + sev_es_wr_ghcb_msr(GHCB_CPUID_REQ(fn, GHCB_CPUID_REQ_EAX)); + VMGEXIT(); + val = sev_es_rd_ghcb_msr(); + if (GHCB_SEV_GHCB_RESP_CODE(val) != GHCB_SEV_CPUID_RESP) + goto fail; + regs->ax = val >> 32; + + sev_es_wr_ghcb_msr(GHCB_CPUID_REQ(fn, GHCB_CPUID_REQ_EBX)); + VMGEXIT(); + val = sev_es_rd_ghcb_msr(); + if (GHCB_SEV_GHCB_RESP_CODE(val) != GHCB_SEV_CPUID_RESP) + goto fail; + regs->bx = val >> 32; + + sev_es_wr_ghcb_msr(GHCB_CPUID_REQ(fn, GHCB_CPUID_REQ_ECX)); + VMGEXIT(); + val = sev_es_rd_ghcb_msr(); + if (GHCB_SEV_GHCB_RESP_CODE(val) != GHCB_SEV_CPUID_RESP) + goto fail; + regs->cx = val >> 32; + + sev_es_wr_ghcb_msr(GHCB_CPUID_REQ(fn, GHCB_CPUID_REQ_EDX)); + VMGEXIT(); + val = sev_es_rd_ghcb_msr(); + if (GHCB_SEV_GHCB_RESP_CODE(val) != GHCB_SEV_CPUID_RESP) + goto fail; + regs->dx = val >> 32; + + /* Skip over the CPUID two-byte opcode */ + regs->ip += 2; + + return; + +fail: + sev_es_wr_ghcb_msr(GHCB_SEV_TERMINATE); + VMGEXIT(); + + /* Shouldn't get here - if we do halt the machine */ + while (true) + asm volatile("hlt\n"); +} -- 2.27.0
next prev parent reply other threads:[~2020-07-14 12:16 UTC|newest] Thread overview: 165+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-07-14 12:08 [PATCH v4 00/75] x86: SEV-ES Guest Support Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 01/75] KVM: SVM: Add GHCB definitions Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 02/75] KVM: SVM: Add GHCB Accessor functions Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 03/75] KVM: SVM: Use __packed shorthand Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 04/75] x86/cpufeatures: Add SEV-ES CPU feature Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 05/75] x86/traps: Move pf error codes to <asm/trap_pf.h> Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 06/75] x86/insn: Make inat-tables.c suitable for pre-decompression code Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-17 13:58 ` Masami Hiramatsu 2020-07-14 12:08 ` [PATCH v4 07/75] x86/umip: Factor out instruction fetch Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 08/75] x86/umip: Factor out instruction decoding Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 09/75] x86/insn: Add insn_get_modrm_reg_off() Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 10/75] x86/insn: Add insn_has_rep_prefix() helper Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-17 14:06 ` Masami Hiramatsu 2020-07-14 12:08 ` [PATCH v4 11/75] x86/boot/compressed/64: Disable red-zone usage Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 12/75] x86/boot/compressed/64: Add IDT Infrastructure Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 13/75] x86/boot/compressed/64: Rename kaslr_64.c to ident_map_64.c Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-15 1:23 ` Kees Cook 2020-07-15 1:23 ` Kees Cook 2020-07-14 12:08 ` [PATCH v4 14/75] x86/boot/compressed/64: Add page-fault handler Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-15 1:24 ` Kees Cook 2020-07-14 12:08 ` [PATCH v4 15/75] x86/boot/compressed/64: Always switch to own page-table Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-15 1:23 ` Kees Cook 2020-07-14 12:08 ` [PATCH v4 16/75] x86/boot/compressed/64: Don't pre-map memory in KASLR code Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-15 1:24 ` Kees Cook 2020-07-14 12:08 ` [PATCH v4 17/75] x86/boot/compressed/64: Change add_identity_map() to take start and end Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-15 1:24 ` Kees Cook 2020-07-14 12:08 ` Joerg Roedel [this message] 2020-07-14 12:08 ` [PATCH v4 18/75] x86/boot/compressed/64: Add stage1 #VC handler Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 19/75] x86/boot/compressed/64: Call set_sev_encryption_mask earlier Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 20/75] x86/boot/compressed/64: Check return value of kernel_ident_mapping_init() Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 21/75] x86/boot/compressed/64: Add set_page_en/decrypted() helpers Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 22/75] x86/boot/compressed/64: Setup GHCB Based VC Exception handler Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 23/75] x86/boot/compressed/64: Unmap GHCB page before booting the kernel Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 24/75] x86/sev-es: Add support for handling IOIO exceptions Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 25/75] x86/fpu: Move xgetbv()/xsetbv() into separate header Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 26/75] x86/sev-es: Add CPUID handling to #VC handler Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 27/75] x86/idt: Move IDT to data segment Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-15 1:25 ` Kees Cook 2020-07-14 12:08 ` [PATCH v4 28/75] x86/idt: Split idt_data setup out of set_intr_gate() Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-15 1:26 ` Kees Cook 2020-07-14 12:08 ` [PATCH v4 29/75] x86/idt: Move two function from k/idt.c to i/a/desc.h Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-15 1:29 ` Kees Cook 2020-07-14 12:08 ` [PATCH v4 30/75] x86/head/64: Install boot GDT Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 31/75] x86/head/64: Reload GDT after switch to virtual addresses Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 32/75] x86/head/64: Load segment registers earlier Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 33/75] x86/head/64: Switch to initial stack earlier Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 34/75] x86/head/64: Build k/head64.c with -fno-stack-protector Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-15 1:34 ` Kees Cook 2020-07-15 1:34 ` Kees Cook 2020-07-15 16:34 ` Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 35/75] x86/head/64: Load IDT earlier Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 36/75] x86/head/64: Move early exception dispatch to C code Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 37/75] x86/sev-es: Add SEV-ES Feature Detection Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 38/75] x86/sev-es: Print SEV-ES info into kernel log Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 39/75] x86/sev-es: Compile early handler code into kernel image Joerg Roedel 2020-07-14 12:08 ` Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 40/75] x86/sev-es: Setup early #VC handler Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 41/75] x86/sev-es: Setup GHCB based boot " Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 42/75] x86/sev-es: Setup per-cpu GHCBs for the runtime handler Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 43/75] x86/sev-es: Allocate and Map stacks for #VC handler Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 44/75] x86/sev-es: Allocate and setup IST entry for #VC Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 45/75] x86/sev-es: Adjust #VC IST Stack on entering NMI handler Joerg Roedel 2020-07-15 9:47 ` Peter Zijlstra 2020-07-15 10:26 ` Joerg Roedel 2020-07-15 10:56 ` Peter Zijlstra 2020-07-15 10:56 ` Peter Zijlstra 2020-07-14 12:08 ` [PATCH v4 46/75] x86/dumpstack/64: Add noinstr version of get_stack_info() Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 47/75] x86/entry/64: Add entry code for #VC handler Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 48/75] x86/sev-es: Add Runtime #VC Exception Handler Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 49/75] x86/sev-es: Wire up existing #VC exit-code handlers Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 50/75] x86/sev-es: Handle instruction fetches from user-space Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 51/75] x86/sev-es: Handle MMIO events Joerg Roedel 2020-07-21 21:01 ` Mike Stunes 2020-07-21 21:01 ` Mike Stunes 2020-07-22 7:55 ` Joerg Roedel 2020-07-22 7:55 ` Joerg Roedel 2020-07-22 8:05 ` Joerg Roedel 2020-07-22 8:05 ` Joerg Roedel 2020-07-22 22:53 ` Mike Stunes 2020-07-22 22:53 ` Mike Stunes 2020-07-23 7:21 ` Joerg Roedel 2020-07-23 7:21 ` Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 52/75] x86/sev-es: Handle MMIO String Instructions Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 53/75] x86/sev-es: Handle MSR events Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 54/75] x86/sev-es: Handle DR7 read/write events Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 55/75] x86/sev-es: Handle WBINVD Events Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 56/75] x86/sev-es: Handle RDTSC(P) Events Joerg Roedel 2020-07-14 12:08 ` [PATCH v4 57/75] x86/sev-es: Handle RDPMC Events Joerg Roedel 2020-07-14 12:09 ` [PATCH v4 58/75] x86/sev-es: Handle INVD Events Joerg Roedel 2020-07-14 12:09 ` [PATCH v4 59/75] x86/sev-es: Handle MONITOR/MONITORX Events Joerg Roedel 2020-07-14 12:09 ` [PATCH v4 60/75] x86/sev-es: Handle MWAIT/MWAITX Events Joerg Roedel 2020-07-14 12:09 ` [PATCH v4 61/75] x86/sev-es: Handle VMMCALL Events Joerg Roedel 2020-07-14 12:09 ` [PATCH v4 62/75] x86/sev-es: Handle #AC Events Joerg Roedel 2020-07-14 12:09 ` [PATCH v4 63/75] x86/sev-es: Handle #DB Events Joerg Roedel 2020-07-15 8:47 ` Peter Zijlstra 2020-07-15 8:47 ` Peter Zijlstra 2020-07-15 9:13 ` Joerg Roedel 2020-07-15 9:51 ` Peter Zijlstra 2020-07-15 9:51 ` Peter Zijlstra 2020-07-15 10:08 ` Joerg Roedel 2020-07-15 10:13 ` Peter Zijlstra 2020-07-15 10:13 ` Peter Zijlstra 2020-07-15 10:31 ` Joerg Roedel 2020-07-14 12:09 ` [PATCH v4 64/75] x86/paravirt: Allow hypervisor specific VMMCALL handling under SEV-ES Joerg Roedel 2020-07-14 12:09 ` [PATCH v4 65/75] x86/kvm: Add KVM " Joerg Roedel 2020-07-14 12:09 ` [PATCH v4 66/75] x86/vmware: Add VMware specific handling for VMMCALL " Joerg Roedel 2020-07-14 12:09 ` Joerg Roedel 2020-07-14 12:09 ` [PATCH v4 67/75] x86/realmode: Add SEV-ES specific trampoline entry point Joerg Roedel 2020-07-14 12:09 ` [PATCH v4 68/75] x86/realmode: Setup AP jump table Joerg Roedel 2020-07-14 12:09 ` [PATCH v4 69/75] x86/head/64: Setup TSS early for secondary CPUs Joerg Roedel 2020-07-14 12:09 ` [PATCH v4 70/75] x86/head/64: Don't call verify_cpu() on starting APs Joerg Roedel 2020-07-15 1:40 ` Kees Cook 2020-07-15 9:26 ` Joerg Roedel 2020-07-15 15:26 ` Kees Cook 2020-07-15 15:48 ` Joerg Roedel 2020-07-15 19:49 ` Kees Cook 2020-07-20 15:29 ` Joerg Roedel 2020-07-14 12:09 ` [PATCH v4 71/75] x86/head/64: Rename start_cpu0 Joerg Roedel 2020-07-14 12:09 ` [PATCH v4 72/75] x86/sev-es: Support CPU offline/online Joerg Roedel 2020-07-14 12:09 ` [PATCH v4 73/75] x86/sev-es: Handle NMI State Joerg Roedel 2020-07-14 12:09 ` [PATCH v4 74/75] x86/efi: Add GHCB mappings when SEV-ES is active Joerg Roedel 2020-07-14 12:09 ` [PATCH v4 75/75] x86/sev-es: Check required CPU features for SEV-ES Joerg Roedel 2020-07-14 18:53 ` kernel test robot 2020-07-15 9:24 ` [PATCH v4 00/75] x86: SEV-ES Guest Support Peter Zijlstra 2020-07-15 9:34 ` Joerg Roedel 2020-07-15 9:55 ` Peter Zijlstra 2020-07-15 9:55 ` Peter Zijlstra 2020-07-15 10:10 ` Joerg Roedel 2020-07-21 1:09 ` Erdem Aktas 2020-07-21 12:49 ` Joerg Roedel 2020-07-21 12:49 ` Joerg Roedel 2020-07-21 16:48 ` Erdem Aktas 2020-07-22 9:04 ` Joerg Roedel 2020-07-22 16:54 ` Erdem Aktas 2020-07-22 17:45 ` Joerg Roedel
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200714120917.11253-19-joro@8bytes.org \ --to=joro@8bytes.org \ --cc=cfir@google.com \ --cc=dan.j.williams@intel.com \ --cc=dave.hansen@linux.intel.com \ --cc=erdemaktas@google.com \ --cc=hpa@zytor.com \ --cc=jgross@suse.com \ --cc=jroedel@suse.de \ --cc=jslaby@suse.cz \ --cc=keescook@chromium.org \ --cc=kvm@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=luto@kernel.org \ --cc=martin.b.radev@gmail.com \ --cc=mhiramat@kernel.org \ --cc=mstunes@vmware.com \ --cc=peterz@infradead.org \ --cc=rientjes@google.com \ --cc=sean.j.christopherson@intel.com \ --cc=thomas.lendacky@amd.com \ --cc=virtualization@lists.linux-foundation.org \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.