[50/62] x86/sev-es: Handle VMMCALL Events

Message ID	20200211135256.24617-51-joro@8bytes.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=UyAS=37=vger.kernel.org=kvm-owner@kernel.org> From: Joerg Roedel <joro@8bytes.org> To: x86@kernel.org Cc: hpa@zytor.com, Andy Lutomirski <luto@kernel.org>, Dave Hansen <dave.hansen@linux.intel.com>, Peter Zijlstra <peterz@infradead.org>, Thomas Hellstrom <thellstrom@vmware.com>, Jiri Slaby <jslaby@suse.cz>, Dan Williams <dan.j.williams@intel.com>, Tom Lendacky <thomas.lendacky@amd.com>, Juergen Gross <jgross@suse.com>, Kees Cook <keescook@chromium.org>, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, virtualization@lists.linux-foundation.org, Joerg Roedel <joro@8bytes.org>, Joerg Roedel <jroedel@suse.de> Subject: [PATCH 50/62] x86/sev-es: Handle VMMCALL Events Date: Tue, 11 Feb 2020 14:52:44 +0100 Message-Id: <20200211135256.24617-51-joro@8bytes.org> In-Reply-To: <20200211135256.24617-1-joro@8bytes.org> References: <20200211135256.24617-1-joro@8bytes.org> Sender: kvm-owner@vger.kernel.org Precedence: bulk
Series	Linux as SEV-ES Guest Support \| expand [RFC,00/62] Linux as SEV-ES Guest Support [01/62] KVM: SVM: Add GHCB definitions [02/62] KVM: SVM: Add GHCB Accessor functions [03/62] x86/cpufeatures: Add SEV-ES CPU feature [04/62] x86/traps: Move some definitions to <asm/trap_defs.h> [05/62] x86/insn-decoder: Make inat-tables.c suitable for pre-decompression code [06/62] x86/boot/compressed: Fix debug_puthex() parameter type [07/62] x86/boot/compressed/64: Disable red-zone usage [08/62] x86/boot/compressed/64: Add IDT Infrastructure [09/62] x86/boot/compressed/64: Rename kaslr_64.c to ident_map_64.c [10/62] x86/boot/compressed/64: Add page-fault handler [11/62] x86/boot/compressed/64: Always switch to own page-table [12/62] x86/boot/compressed/64: Don't pre-map memory in KASLR code [13/62] x86/boot/compressed/64: Change add_identity_map() to take start and end [14/62] x86/boot/compressed/64: Add stage1 #VC handler [15/62] x86/boot/compressed/64: Call set_sev_encryption_mask earlier [16/62] x86/boot/compressed/64: Check return value of kernel_ident_mapping_init() [17/62] x86/boot/compressed/64: Add function to map a page unencrypted [18/62] x86/boot/compressed/64: Setup GHCB Based VC Exception handler [19/62] x86/sev-es: Add support for handling IOIO exceptions [20/62] x86/fpu: Move xgetbv()/xsetbv() into separate header [21/62] x86/sev-es: Add CPUID handling to #VC handler [22/62] x86/sev-es: Add handler for MMIO events [23/62] x86/idt: Move IDT to data segment [24/62] x86/idt: Split idt_data setup out of set_intr_gate() [25/62] x86/head/64: Install boot GDT [26/62] x86/head/64: Reload GDT after switch to virtual addresses [27/62] x86/head/64: Load segment registers earlier [28/62] x86/head/64: Switch to initial stack earlier [29/62] x86/head/64: Load IDT earlier [30/62] x86/head/64: Move early exception dispatch to C code [31/62] x86/sev-es: Add SEV-ES Feature Detection [32/62] x86/sev-es: Compile early handler code into kernel image [33/62] x86/sev-es: Setup early #VC handler [34/62] x86/sev-es: Setup GHCB based boot #VC handler [35/62] x86/sev-es: Setup per-cpu GHCBs for the runtime handler [36/62] x86/sev-es: Add Runtime #VC Exception Handler [37/62] x86/sev-es: Wire up existing #VC exit-code handlers [38/62] x86/sev-es: Handle instruction fetches from user-space [39/62] x86/sev-es: Harden runtime #VC handler for exceptions from user-space [40/62] x86/sev-es: Filter exceptions not supported from user-space [41/62] x86/sev-es: Handle MSR events [42/62] x86/sev-es: Handle DR7 read/write events [43/62] x86/sev-es: Handle WBINVD Events [44/62] x86/sev-es: Handle RDTSC Events [45/62] x86/sev-es: Handle RDPMC Events [46/62] x86/sev-es: Handle INVD Events [47/62] x86/sev-es: Handle RDTSCP Events [48/62] x86/sev-es: Handle MONITOR/MONITORX Events [49/62] x86/sev-es: Handle MWAIT/MWAITX Events [50/62] x86/sev-es: Handle VMMCALL Events [51/62] x86/sev-es: Handle #AC Events [52/62] x86/sev-es: Handle #DB Events [53/62] x86/paravirt: Allow hypervisor specific VMMCALL handling under SEV-ES [54/62] x86/kvm: Add KVM specific VMMCALL handling under SEV-ES [55/62] x86/vmware: Add VMware specific handling for VMMCALL under SEV-ES [56/62] x86/realmode: Add SEV-ES specific trampoline entry point [57/62] x86/realmode: Setup AP jump table [58/62] x86/head/64: Don't call verify_cpu() on starting APs [59/62] x86/head/64: Rename start_cpu0 [60/62] x86/sev-es: Support CPU offline/online [61/62] x86/cpufeature: Add SEV_ES_GUEST CPU Feature [62/62] x86/sev-es: Add NMI state tracking

Message ID

20200211135256.24617-51-joro@8bytes.org (mailing list archive)

State

New, archived

Headers

From: Joerg Roedel <joro@8bytes.org>
To: x86@kernel.org
Cc: hpa@zytor.com, Andy Lutomirski <luto@kernel.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Thomas Hellstrom <thellstrom@vmware.com>,
        Jiri Slaby <jslaby@suse.cz>,
        Dan Williams <dan.j.williams@intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Juergen Gross <jgross@suse.com>,
        Kees Cook <keescook@chromium.org>,
        linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
        virtualization@lists.linux-foundation.org,
        Joerg Roedel <joro@8bytes.org>, Joerg Roedel <jroedel@suse.de>
Subject: [PATCH 50/62] x86/sev-es: Handle VMMCALL Events
Date: Tue, 11 Feb 2020 14:52:44 +0100
Message-Id: <20200211135256.24617-51-joro@8bytes.org>
In-Reply-To: <20200211135256.24617-1-joro@8bytes.org>
References: <20200211135256.24617-1-joro@8bytes.org>
Sender: kvm-owner@vger.kernel.org
Precedence: bulk

Series

Linux as SEV-ES Guest Support | expand

Commit Message

Joerg Roedel Feb. 11, 2020, 1:52 p.m. UTC

From: Tom Lendacky <thomas.lendacky@amd.com>

Implement a handler for #VC exceptions caused by VMMCALL instructions.
This patch is only a starting point, VMMCALL emulation under SEV-ES
needs further hypervisor-specific changes to provide additional state.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
[ jroedel@suse.de: Adapt to #VC handling infrastructure ]
Co-developed-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
---
 arch/x86/kernel/sev-es.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

Comments

Andy Lutomirski Feb. 12, 2020, 12:14 a.m. UTC | #1

> On Feb 11, 2020, at 5:53 AM, Joerg Roedel <joro@8bytes.org> wrote:
> 
> From: Tom Lendacky <thomas.lendacky@amd.com>
> 
> Implement a handler for #VC exceptions caused by VMMCALL instructions.
> This patch is only a starting point, VMMCALL emulation under SEV-ES
> needs further hypervisor-specific changes to provide additional state.
> 

How about we just don’t do VMMCALL if we’re a SEV-ES guest?  Otherwise we add thousands of cycles of extra latency for no good reason.

Joerg Roedel Feb. 12, 2020, 1:22 p.m. UTC | #2

On Tue, Feb 11, 2020 at 04:14:53PM -0800, Andy Lutomirski wrote:
> 
> How about we just don’t do VMMCALL if we’re a SEV-ES guest?  Otherwise
> we add thousands of cycles of extra latency for no good reason.

True, but I left that as a future optimization for now, given the size
the patch-set already has. The idea is to add an abstraction around
VMMCALL for the support code of the various hypervisors and just do a
VMGEXIT in that wrapper when in an SEV-ES guest. But again, that is a
separate patch-set.

Regards,

	Joerg

diff --git a/arch/x86/kernel/sev-es.c b/arch/x86/kernel/sev-es.c
index 8f1e84da6fa6..6bd2cae7eb9c 100644
--- a/arch/x86/kernel/sev-es.c
+++ b/arch/x86/kernel/sev-es.c
@@ -341,6 +341,26 @@  static enum es_result handle_mwait(struct ghcb *ghcb, struct es_em_ctxt *ctxt)
 	return ghcb_hv_call(ghcb, ctxt, SVM_EXIT_MWAIT, 0, 0);
 }
 
+static enum es_result handle_vmmcall(struct ghcb *ghcb,
+				     struct es_em_ctxt *ctxt)
+{
+	enum es_result ret;
+
+	ghcb_set_rax(ghcb, ctxt->regs->ax);
+	ghcb_set_cpl(ghcb, user_mode(ctxt->regs) ? 3 : 0);
+
+	ret = ghcb_hv_call(ghcb, ctxt, SVM_EXIT_VMMCALL, 0, 0);
+	if (ret != ES_OK)
+		return ret;
+
+	if (!ghcb_is_valid_rax(ghcb))
+		return ES_VMM_ERROR;
+
+	ctxt->regs->ax = ghcb->save.rax;
+
+	return ES_OK;
+}
+
 static enum es_result handle_vc_exception(struct es_em_ctxt *ctxt,
 					  struct ghcb *ghcb,
 					  unsigned long exit_code,
@@ -374,6 +394,9 @@  static enum es_result handle_vc_exception(struct es_em_ctxt *ctxt,
 	case SVM_EXIT_MSR:
 		result = handle_msr(ghcb, ctxt);
 		break;
+	case SVM_EXIT_VMMCALL:
+		result = handle_vmmcall(ghcb, ctxt);
+		break;
 	case SVM_EXIT_WBINVD:
 		result = handle_wbinvd(ghcb, ctxt);
 		break;

[50/62] x86/sev-es: Handle VMMCALL Events

Commit Message

Comments

Patch