mbox series

[v5,00/75] x86: SEV-ES Guest Support

Message ID 20200724160336.5435-1-joro@8bytes.org (mailing list archive)
Headers show
Series x86: SEV-ES Guest Support | expand

Message

Joerg Roedel July 24, 2020, 4:02 p.m. UTC 
From: Joerg Roedel <jroedel@suse.de>

Hi,

here is a rebased version of the latest SEV-ES patches. They are now
based on latest tip/master instead of upstream Linux and include the
necessary changes.

Changes to v4 are in particular:

	- Moved early IDT setup code to idt.c, because the idt_descr
	  and the idt_table are now static

	- This required to make stack protector work early (or disable
	  it for idt.c, but I didn't go that road), so MSR_GS_BASE is
	  now set up very early too, before calling into any C code that
	  has stack protector checks.

	- As a result I decided to move the setup code which is needed
	  before the kernel switches to virtual addresses into a C
	  function as well. This should be much easier to maintain.

	- paranoid_entry/exit now uses FSGSBASE instructions, so some
	  refactoring was needed to make that work early for secondary
	  CPUs too.

	- As a result, some state of the APs is now set up on the
	  boot-cpu already, like the TSS and the CPU_NODE GDT entry,
	  so that the AP only needs to load the descriptors to handle
	  exceptions early.

The previous versions can be found as a linked-list starting here:

	https://lore.kernel.org/lkml/20200714120917.11253-1-joro@8bytes.org/

There you also find more detailed information about SEV-ES in general
and its implications.

Please review.

Thanks,

	Joerg

Borislav Petkov (1):
  KVM: SVM: Use __packed shorthand

Doug Covelli (1):
  x86/vmware: Add VMware specific handling for VMMCALL under SEV-ES

Joerg Roedel (53):
  KVM: SVM: Add GHCB Accessor functions
  x86/traps: Move pf error codes to <asm/trap_pf.h>
  x86/insn: Make inat-tables.c suitable for pre-decompression code
  x86/umip: Factor out instruction fetch
  x86/umip: Factor out instruction decoding
  x86/insn: Add insn_get_modrm_reg_off()
  x86/insn: Add insn_has_rep_prefix() helper
  x86/boot/compressed/64: Disable red-zone usage
  x86/boot/compressed/64: Add IDT Infrastructure
  x86/boot/compressed/64: Rename kaslr_64.c to ident_map_64.c
  x86/boot/compressed/64: Add page-fault handler
  x86/boot/compressed/64: Always switch to own page-table
  x86/boot/compressed/64: Don't pre-map memory in KASLR code
  x86/boot/compressed/64: Change add_identity_map() to take start and
    end
  x86/boot/compressed/64: Add stage1 #VC handler
  x86/boot/compressed/64: Call set_sev_encryption_mask earlier
  x86/boot/compressed/64: Check return value of
    kernel_ident_mapping_init()
  x86/boot/compressed/64: Add set_page_en/decrypted() helpers
  x86/boot/compressed/64: Setup GHCB Based VC Exception handler
  x86/boot/compressed/64: Unmap GHCB page before booting the kernel
  x86/fpu: Move xgetbv()/xsetbv() into separate header
  x86/idt: Move IDT to data segment
  x86/idt: Split idt_data setup out of set_intr_gate()
  x86/head/64: Install startup GDT
  x86/head/64: Setup MSR_GS_BASE before calling into C code
  x86/head/64: Load GDT after switch to virtual addresses
  x86/head/64: Load segment registers earlier
  x86/head/64: Switch to initial stack earlier
  x86/head/64: Make fixup_pointer() static inline
  x86/head/64: Load IDT earlier
  x86/head/64: Move early exception dispatch to C code
  x86/head/64: Set CR4.FSGSBASE early
  x86/sev-es: Add SEV-ES Feature Detection
  x86/sev-es: Print SEV-ES info into kernel log
  x86/sev-es: Compile early handler code into kernel image
  x86/sev-es: Setup early #VC handler
  x86/sev-es: Setup GHCB based boot #VC handler
  x86/sev-es: Allocate and Map IST stack for #VC handler
  x86/sev-es: Adjust #VC IST Stack on entering NMI handler
  x86/dumpstack/64: Add noinstr version of get_stack_info()
  x86/entry/64: Add entry code for #VC handler
  x86/sev-es: Wire up existing #VC exit-code handlers
  x86/sev-es: Handle instruction fetches from user-space
  x86/sev-es: Handle MMIO String Instructions
  x86/sev-es: Handle #AC Events
  x86/sev-es: Handle #DB Events
  x86/paravirt: Allow hypervisor specific VMMCALL handling under SEV-ES
  x86/realmode: Add SEV-ES specific trampoline entry point
  x86/smpboot: Setup TSS for starting AP
  x86/head/64: Don't call verify_cpu() on starting APs
  x86/head/64: Rename start_cpu0
  x86/sev-es: Support CPU offline/online
  x86/sev-es: Handle NMI State

Martin Radev (1):
  x86/sev-es: Check required CPU features for SEV-ES

Tom Lendacky (19):
  KVM: SVM: Add GHCB definitions
  x86/cpufeatures: Add SEV-ES CPU feature
  x86/sev-es: Add support for handling IOIO exceptions
  x86/sev-es: Add CPUID handling to #VC handler
  x86/sev-es: Setup per-cpu GHCBs for the runtime handler
  x86/sev-es: Add Runtime #VC Exception Handler
  x86/sev-es: Handle MMIO events
  x86/sev-es: Handle MSR events
  x86/sev-es: Handle DR7 read/write events
  x86/sev-es: Handle WBINVD Events
  x86/sev-es: Handle RDTSC(P) Events
  x86/sev-es: Handle RDPMC Events
  x86/sev-es: Handle INVD Events
  x86/sev-es: Handle MONITOR/MONITORX Events
  x86/sev-es: Handle MWAIT/MWAITX Events
  x86/sev-es: Handle VMMCALL Events
  x86/kvm: Add KVM specific VMMCALL handling under SEV-ES
  x86/realmode: Setup AP jump table
  x86/efi: Add GHCB mappings when SEV-ES is active

 arch/x86/Kconfig                           |    1 +
 arch/x86/boot/Makefile                     |    2 +-
 arch/x86/boot/compressed/Makefile          |    9 +-
 arch/x86/boot/compressed/cpuflags.c        |    4 -
 arch/x86/boot/compressed/head_64.S         |   32 +-
 arch/x86/boot/compressed/ident_map_64.c    |  349 +++++
 arch/x86/boot/compressed/idt_64.c          |   54 +
 arch/x86/boot/compressed/idt_handlers_64.S |   77 ++
 arch/x86/boot/compressed/kaslr.c           |   36 +-
 arch/x86/boot/compressed/kaslr_64.c        |  153 ---
 arch/x86/boot/compressed/misc.c            |    7 +
 arch/x86/boot/compressed/misc.h            |   50 +-
 arch/x86/boot/compressed/sev-es.c          |  214 +++
 arch/x86/entry/entry_64.S                  |   78 ++
 arch/x86/include/asm/cpu.h                 |    2 +-
 arch/x86/include/asm/cpu_entry_area.h      |   33 +-
 arch/x86/include/asm/cpufeatures.h         |    1 +
 arch/x86/include/asm/desc_defs.h           |    3 +
 arch/x86/include/asm/fpu/internal.h        |   33 +-
 arch/x86/include/asm/fpu/xcr.h             |   37 +
 arch/x86/include/asm/idtentry.h            |   49 +
 arch/x86/include/asm/insn-eval.h           |    6 +
 arch/x86/include/asm/mem_encrypt.h         |    5 +
 arch/x86/include/asm/msr-index.h           |    3 +
 arch/x86/include/asm/page_64_types.h       |    1 +
 arch/x86/include/asm/pgtable.h             |    2 +-
 arch/x86/include/asm/processor.h           |    7 +
 arch/x86/include/asm/proto.h               |    1 +
 arch/x86/include/asm/realmode.h            |    4 +
 arch/x86/include/asm/segment.h             |    2 +-
 arch/x86/include/asm/setup.h               |   16 +-
 arch/x86/include/asm/sev-es.h              |  113 ++
 arch/x86/include/asm/stacktrace.h          |    2 +
 arch/x86/include/asm/svm.h                 |  118 +-
 arch/x86/include/asm/trap_pf.h             |   24 +
 arch/x86/include/asm/trapnr.h              |    1 +
 arch/x86/include/asm/traps.h               |   20 +-
 arch/x86/include/asm/x86_init.h            |   16 +-
 arch/x86/include/uapi/asm/svm.h            |   11 +
 arch/x86/kernel/Makefile                   |    1 +
 arch/x86/kernel/cpu/amd.c                  |    3 +-
 arch/x86/kernel/cpu/common.c               |   37 +-
 arch/x86/kernel/cpu/scattered.c            |    1 +
 arch/x86/kernel/cpu/vmware.c               |   50 +-
 arch/x86/kernel/dumpstack.c                |    7 +-
 arch/x86/kernel/dumpstack_64.c             |   47 +-
 arch/x86/kernel/head64.c                   |   85 +-
 arch/x86/kernel/head_32.S                  |    4 +-
 arch/x86/kernel/head_64.S                  |  159 ++-
 arch/x86/kernel/idt.c                      |   94 +-
 arch/x86/kernel/kvm.c                      |   35 +-
 arch/x86/kernel/nmi.c                      |   12 +
 arch/x86/kernel/sev-es-shared.c            |  507 +++++++
 arch/x86/kernel/sev-es.c                   | 1404 ++++++++++++++++++++
 arch/x86/kernel/smpboot.c                  |   10 +-
 arch/x86/kernel/traps.c                    |   56 +
 arch/x86/kernel/umip.c                     |   49 +-
 arch/x86/kvm/svm/svm.c                     |    2 +
 arch/x86/lib/insn-eval.c                   |  130 ++
 arch/x86/mm/cpu_entry_area.c               |    3 +-
 arch/x86/mm/extable.c                      |    1 +
 arch/x86/mm/mem_encrypt.c                  |   38 +-
 arch/x86/mm/mem_encrypt_identity.c         |    3 +
 arch/x86/platform/efi/efi_64.c             |   10 +
 arch/x86/realmode/init.c                   |   24 +-
 arch/x86/realmode/rm/header.S              |    3 +
 arch/x86/realmode/rm/trampoline_64.S       |   20 +
 arch/x86/tools/gen-insn-attr-x86.awk       |   50 +-
 tools/arch/x86/tools/gen-insn-attr-x86.awk |   50 +-
 69 files changed, 4025 insertions(+), 446 deletions(-)
 create mode 100644 arch/x86/boot/compressed/ident_map_64.c
 create mode 100644 arch/x86/boot/compressed/idt_64.c
 create mode 100644 arch/x86/boot/compressed/idt_handlers_64.S
 delete mode 100644 arch/x86/boot/compressed/kaslr_64.c
 create mode 100644 arch/x86/boot/compressed/sev-es.c
 create mode 100644 arch/x86/include/asm/fpu/xcr.h
 create mode 100644 arch/x86/include/asm/sev-es.h
 create mode 100644 arch/x86/include/asm/trap_pf.h
 create mode 100644 arch/x86/kernel/sev-es-shared.c
 create mode 100644 arch/x86/kernel/sev-es.c

Comments

Mike Stunes July 30, 2020, 1:27 a.m. UTC | #1 
Hi Joerg,

> On Jul 24, 2020, at 9:02 AM, Joerg Roedel <joro@8bytes.org> wrote:
> 
> From: Joerg Roedel <jroedel@suse.de>
> 
> Hi,
> 
> here is a rebased version of the latest SEV-ES patches. They are now
> based on latest tip/master instead of upstream Linux and include the
> necessary changes.

Thanks for the updated patches! I applied this patch-set onto commit
01634f2bd42e ("Merge branch 'x86/urgent’”) from your tree. It boots,
but CPU 1 (on a two-CPU VM) is offline at boot, and `chcpu -e 1` returns:

chcpu: CPU 1 enable failed: Input/output error

with nothing in dmesg to indicate why it failed. The first thing I thought
of was anything relating to the AP jump table, but I haven’t changed
anything there on the hypervisor side. Let me know what other data I can
provide for you.

Mike
Joerg Roedel July 30, 2020, 12:26 p.m. UTC | #2 
Hi Mike,

On Thu, Jul 30, 2020 at 01:27:48AM +0000, Mike Stunes wrote:
> Thanks for the updated patches! I applied this patch-set onto commit
> 01634f2bd42e ("Merge branch 'x86/urgent’”) from your tree. It boots,
> but CPU 1 (on a two-CPU VM) is offline at boot, and `chcpu -e 1` returns:
> 
> chcpu: CPU 1 enable failed: Input/output error
> 
> with nothing in dmesg to indicate why it failed. The first thing I thought
> of was anything relating to the AP jump table, but I haven’t changed
> anything there on the hypervisor side. Let me know what other data I can
> provide for you.

Hard to tell, have you enabled FSGSBASE in the guest? If yes, can you
try to disable it?

Regards,

	Joerg
Mike Stunes July 30, 2020, 11:23 p.m. UTC | #3 
Hi Joerg,

> On Jul 30, 2020, at 5:26 AM, Joerg Roedel <joro@8bytes.org> wrote:
> 
> Hi Mike,
> 
> On Thu, Jul 30, 2020 at 01:27:48AM +0000, Mike Stunes wrote:
>> Thanks for the updated patches! I applied this patch-set onto commit
>> 01634f2bd42e ("Merge branch 'x86/urgent’”) from your tree. It boots,
>> but CPU 1 (on a two-CPU VM) is offline at boot, and `chcpu -e 1` returns:
>> 
>> chcpu: CPU 1 enable failed: Input/output error
>> 
>> with nothing in dmesg to indicate why it failed. The first thing I thought
>> of was anything relating to the AP jump table, but I haven’t changed
>> anything there on the hypervisor side. Let me know what other data I can
>> provide for you.
> 
> Hard to tell, have you enabled FSGSBASE in the guest? If yes, can you
> try to disable it?

Yes, FSGSBASE was enabled. If I disable it*, this kernel boots fine, with
both CPUs online.

*That is, by forcing guest-CPUID[7].EBX bit 0 to 0.

Thanks!
Mike
Joerg Roedel Aug. 18, 2020, 3:07 p.m. UTC | #4 
Hi Mike,

On Thu, Jul 30, 2020 at 11:23:50PM +0000, Mike Stunes wrote:
> Yes, FSGSBASE was enabled. If I disable it*, this kernel boots fine, with
> both CPUs online.
> 
> *That is, by forcing guest-CPUID[7].EBX bit 0 to 0.

Can you please test whether

	https://git.kernel.org/pub/scm/linux/kernel/git/joro/linux.git/log/?h=sev-es-client-tip-5.9

still triggers this issue on your side?

Thanks,

	Joerg
Mike Stunes Aug. 20, 2020, 12:58 a.m. UTC | #5 
Hi Joerg,

> On Aug 18, 2020, at 8:07 AM, Joerg Roedel <joro@8bytes.org> wrote:
> 
> Can you please test whether
> 
> 	https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.kernel.org%2Fpub%2Fscm%2Flinux%2Fkernel%2Fgit%2Fjoro%2Flinux.git%2Flog%2F%3Fh%3Dsev-es-client-tip-5.9&amp;data=02%7C01%7Cmstunes%40vmware.com%7C715e9e6433bc449d34ee08d8438878eb%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637333600716918463&amp;sdata=etla7SGg4HmmJqhJ4AIul043VDNVvlllnbtfdc0Z%2BCU%3D&amp;reserved=0
> 
> still triggers this issue on your side?

Yes, I still see the issue — APs are offline after boot. I’ll spend some time seeing if I can figure out what the problem is. Thanks!

Mike
Joerg Roedel Aug. 20, 2020, 12:10 p.m. UTC | #6 
Hi Mike,

On Thu, Aug 20, 2020 at 12:58:13AM +0000, Mike Stunes wrote:
> Yes, I still see the issue — APs are offline after boot. I’ll spend
> some time seeing if I can figure out what the problem is. Thanks!

Thanks. I think the first step here would be to find out where on the
APs (which RIP) the first #VC exception happens. I guess in the #VC
entry code it triggers the next exception when trying to execute the
fsgsbase instructions.

Regards,

	Joerg
Joerg Roedel Aug. 21, 2020, 8:05 a.m. UTC | #7 
Hi Mike,

On Thu, Aug 20, 2020 at 12:58:13AM +0000, Mike Stunes wrote:
> Yes, I still see the issue — APs are offline after boot. I’ll spend
> some time seeing if I can figure out what the problem is. Thanks!

Tom and a few others debugged another FSGSBASE issue yesterday, which I
think might also be the cause for the AP startup problems you are
seeing (if you test on Rome).

Can you try to disable support for RDPID in the guest, but keep fsgsbase
enabled?

Thanks,

	Joerg
Mike Stunes Aug. 21, 2020, 5:42 p.m. UTC | #8 
Hi Joerg,

> On Aug 21, 2020, at 1:05 AM, Joerg Roedel <joro@8bytes.org> wrote:
> 
> Tom and a few others debugged another FSGSBASE issue yesterday, which I
> think might also be the cause for the AP startup problems you are
> seeing (if you test on Rome).
> 
> Can you try to disable support for RDPID in the guest, but keep fsgsbase
> enabled?

Yes, that fixes the problem — I can see both CPUs running now. Thanks!

Mike
Joerg Roedel Aug. 22, 2020, 4:30 p.m. UTC | #9 
Hi Mike,

On Fri, Aug 21, 2020 at 05:42:16PM +0000, Mike Stunes wrote:
> Yes, that fixes the problem — I can see both CPUs running now. Thanks!

Thanks a lot for testing, good to have this issue resolved.


Regards,

	Joerg