Commit 1aa9aa8e authored by Joerg Roedel's avatar Joerg Roedel Committed by Borislav Petkov
Browse files

x86/sev-es: Setup GHCB-based boot #VC handler 



Add the infrastructure to handle #VC exceptions when the kernel runs on
virtual addresses and has mapped a GHCB. This handler will be used until
the runtime #VC handler takes over.

Since the handler runs very early, disable instrumentation for sev-es.c.

 [ bp: Make vc_ghcb_invalidate() __always_inline so that it can be
   inlined in noinstr functions like __sev_es_nmi_complete(). ]

Signed-off-by: default avatarJoerg Roedel <jroedel@suse.de>
Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20200908123816.GB3764@8bytes.org
parent 74d8d9d5

arch/x86/include/asm/realmode.h

+3 −0
Original line number Diff line number Diff line
@@ -57,6 +57,9 @@ extern unsigned char real_mode_blob_end[]; 
extern unsigned long initial_code;

extern unsigned long initial_gs;

extern unsigned long initial_stack;

#ifdef CONFIG_AMD_MEM_ENCRYPT

extern unsigned long initial_vc_handler;

#endif



extern unsigned char real_mode_blob[];

extern unsigned char real_mode_relocs[];

arch/x86/include/asm/segment.h

+1 −1
Original line number Diff line number Diff line
@@ -230,7 +230,7 @@ 
#define NUM_EXCEPTION_VECTORS		32



/* Bitmask of exception vectors which push an error code on the stack: */

#define EXCEPTION_ERRCODE_MASK		0x00027d00

#define EXCEPTION_ERRCODE_MASK		0x20027d00



#define GDT_SIZE			(GDT_ENTRIES*8)

#define GDT_ENTRY_TLS_ENTRIES		3

arch/x86/include/asm/sev-es.h

+2 −0
Original line number Diff line number Diff line
@@ -75,5 +75,7 @@ static inline u64 lower_bits(u64 val, unsigned int bits) 


/* Early IDT entry points for #VC handler */

extern void vc_no_ghcb(void);

extern void vc_boot_ghcb(void);

extern bool handle_vc_boot_ghcb(struct pt_regs *regs);



#endif

arch/x86/kernel/Makefile

+2 −0
Original line number Diff line number Diff line
@@ -20,6 +20,7 @@ CFLAGS_REMOVE_kvmclock.o = -pg 
CFLAGS_REMOVE_ftrace.o = -pg

CFLAGS_REMOVE_early_printk.o = -pg

CFLAGS_REMOVE_head64.o = -pg

CFLAGS_REMOVE_sev-es.o = -pg

endif



KASAN_SANITIZE_head$(BITS).o				:= n
@@ -27,6 +28,7 @@ KASAN_SANITIZE_dumpstack.o := n 
KASAN_SANITIZE_dumpstack_$(BITS).o			:= n

KASAN_SANITIZE_stacktrace.o				:= n

KASAN_SANITIZE_paravirt.o				:= n

KASAN_SANITIZE_sev-es.o					:= n



# With some compiler versions the generated code results in boot hangs, caused

# by several compilation units. To be safe, disable all instrumentation.

arch/x86/kernel/head64.c

+8 −0
Original line number Diff line number Diff line
@@ -406,6 +406,10 @@ void __init do_early_exception(struct pt_regs *regs, int trapnr) 
	    early_make_pgtable(native_read_cr2()))

		return;



	if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT) &&

	    trapnr == X86_TRAP_VC && handle_vc_boot_ghcb(regs))

		return;



	early_fixup_exception(regs, trapnr);

}
@@ -575,6 +579,10 @@ static void startup_64_load_idt(unsigned long physbase) 
/* This is used when running on kernel addresses */

void early_setup_idt(void)

{

	/* VMM Communication Exception */

	if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT))

		set_bringup_idt_handler(bringup_idt_table, X86_TRAP_VC, vc_boot_ghcb);



	bringup_idt_descr.address = (unsigned long)bringup_idt_table;

	native_load_idt(&bringup_idt_descr);

}