Commit 597cfe48 authored Sep 07, 2020 by Joerg Roedel Committed by Borislav Petkov Sep 07, 2020

x86/boot/compressed/64: Setup a GHCB-based VC Exception handler



Install an exception handler for #VC exception that uses a GHCB. Also
add the infrastructure for handling different exit-codes by decoding
the instruction that caused the exception and error handling.

Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20200907131613.12703-24-joro@8bytes.org

parent c81d6002

arch/x86/Kconfig

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -1521,6 +1521,7 @@ config AMD_MEM_ENCRYPT
	select DYNAMIC_PHYSICAL_MASK		select DYNAMIC_PHYSICAL_MASK
	select ARCH_USE_MEMREMAP_PROT		select ARCH_USE_MEMREMAP_PROT
	select ARCH_HAS_FORCE_DMA_UNENCRYPTED		select ARCH_HAS_FORCE_DMA_UNENCRYPTED
			select INSTRUCTION_DECODER
	help		help
	Say yes to enable support for the encryption of system memory.		Say yes to enable support for the encryption of system memory.
	This requires an AMD processor that supports Secure Memory		This requires an AMD processor that supports Secure Memory

arch/x86/boot/compressed/Makefile

+5 −0

Original line number	Original line	Diff line number	Diff line
	@@ -44,6 +44,11 @@ KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=)
	KBUILD_CFLAGS += -fno-asynchronous-unwind-tables		KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
	KBUILD_CFLAGS += -D__DISABLE_EXPORTS		KBUILD_CFLAGS += -D__DISABLE_EXPORTS

			# sev-es.c indirectly inludes inat-table.h which is generated during
			# compilation and stored in $(objtree). Add the directory to the includes so
			# that the compiler finds it even with out-of-tree builds (make O=/some/path).
			CFLAGS_sev-es.o += -I$(objtree)/arch/x86/lib/

	KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__		KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__
	GCOV_PROFILE := n		GCOV_PROFILE := n
	UBSAN_SANITIZE :=n		UBSAN_SANITIZE :=n

arch/x86/boot/compressed/idt_64.c

+4 −0

Original line number	Original line	Diff line number	Diff line
	@@ -46,5 +46,9 @@ void load_stage2_idt(void)

	set_idt_entry(X86_TRAP_PF, boot_page_fault);		set_idt_entry(X86_TRAP_PF, boot_page_fault);

			#ifdef CONFIG_AMD_MEM_ENCRYPT
			set_idt_entry(X86_TRAP_VC, boot_stage2_vc);
			#endif

	load_boot_idt(&boot_idt_desc);		load_boot_idt(&boot_idt_desc);
	}		}

arch/x86/boot/compressed/idt_handlers_64.S

+2 −1

Original line number	Original line	Diff line number	Diff line
	@@ -73,4 +73,5 @@ EXCEPTION_HANDLER boot_page_fault do_boot_page_fault error_code=1

	#ifdef CONFIG_AMD_MEM_ENCRYPT		#ifdef CONFIG_AMD_MEM_ENCRYPT
	EXCEPTION_HANDLER boot_stage1_vc do_vc_no_ghcb error_code=1		EXCEPTION_HANDLER boot_stage1_vc do_vc_no_ghcb error_code=1
			EXCEPTION_HANDLER boot_stage2_vc do_boot_stage2_vc error_code=1
	#endif		#endif

arch/x86/boot/compressed/misc.c

+7 −0

Original line number	Original line	Diff line number	Diff line
	@@ -442,6 +442,13 @@ asmlinkage __visible void extract_kernel(void rmode, memptr heap,
	parse_elf(output);		parse_elf(output);
	handle_relocations(output, output_len, virt_addr);		handle_relocations(output, output_len, virt_addr);
	debug_putstr("done.\nBooting the kernel.\n");		debug_putstr("done.\nBooting the kernel.\n");

			/*
			* Flush GHCB from cache and map it encrypted again when running as
			* SEV-ES guest.
			*/
			sev_es_shutdown_ghcb();

	return output;		return output;
	}		}