[v3,13/75] x86/boot/compressed/64: Add IDT Infrastructure

Message ID	20200428151725.31091-14-joro@8bytes.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=1gOX=6M=vger.kernel.org=kvm-owner@kernel.org> Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1DF971575 for <patchwork-kvm@patchwork.kernel.org>; Tue, 28 Apr 2020 15:18:00 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0344C22209 for <patchwork-kvm@patchwork.kernel.org>; Tue, 28 Apr 2020 15:18:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728215AbgD1PR6 (ORCPT <rfc822;patchwork-kvm@patchwork.kernel.org>); Tue, 28 Apr 2020 11:17:58 -0400 Received: from 8bytes.org ([81.169.241.247]:37428 "EHLO theia.8bytes.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728188AbgD1PR4 (ORCPT <rfc822;kvm@vger.kernel.org>); Tue, 28 Apr 2020 11:17:56 -0400 Received: by theia.8bytes.org (Postfix, from userid 1000) id 8BE64CD1; Tue, 28 Apr 2020 17:17:44 +0200 (CEST) From: Joerg Roedel <joro@8bytes.org> To: x86@kernel.org Cc: hpa@zytor.com, Andy Lutomirski <luto@kernel.org>, Dave Hansen <dave.hansen@linux.intel.com>, Peter Zijlstra <peterz@infradead.org>, Thomas Hellstrom <thellstrom@vmware.com>, Jiri Slaby <jslaby@suse.cz>, Dan Williams <dan.j.williams@intel.com>, Tom Lendacky <thomas.lendacky@amd.com>, Juergen Gross <jgross@suse.com>, Kees Cook <keescook@chromium.org>, David Rientjes <rientjes@google.com>, Cfir Cohen <cfir@google.com>, Erdem Aktas <erdemaktas@google.com>, Masami Hiramatsu <mhiramat@kernel.org>, Mike Stunes <mstunes@vmware.com>, Joerg Roedel <joro@8bytes.org>, Joerg Roedel <jroedel@suse.de>, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, virtualization@lists.linux-foundation.org Subject: [PATCH v3 13/75] x86/boot/compressed/64: Add IDT Infrastructure Date: Tue, 28 Apr 2020 17:16:23 +0200 Message-Id: <20200428151725.31091-14-joro@8bytes.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200428151725.31091-1-joro@8bytes.org> References: <20200428151725.31091-1-joro@8bytes.org> Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: <kvm.vger.kernel.org> X-Mailing-List: kvm@vger.kernel.org
Series	x86: SEV-ES Guest Support \| expand [v3,00/75] x86: SEV-ES Guest Support [v3,01/75] KVM: SVM: Add GHCB definitions [v3,02/75] KVM: SVM: Add GHCB Accessor functions [v3,03/75] KVM: SVM: Use __packed shorthand [v3,04/75] x86/cpufeatures: Add SEV-ES CPU feature [v3,05/75] x86/traps: Move some definitions to <asm/trap_defs.h> [v3,06/75] x86/insn: Make inat-tables.c suitable for pre-decompression code [v3,07/75] x86/umip: Factor out instruction fetch [v3,08/75] x86/umip: Factor out instruction decoding [v3,09/75] x86/insn: Add insn_get_modrm_reg_off() [v3,10/75] x86/insn: Add insn_rep_prefix() helper [v3,11/75] x86/boot/compressed/64: Disable red-zone usage [v3,12/75] x86/boot/compressed/64: Switch to __KERNEL_CS after GDT is loaded [v3,13/75] x86/boot/compressed/64: Add IDT Infrastructure [v3,14/75] x86/boot/compressed/64: Rename kaslr_64.c to ident_map_64.c [v3,15/75] x86/boot/compressed/64: Add page-fault handler [v3,16/75] x86/boot/compressed/64: Always switch to own page-table [v3,17/75] x86/boot/compressed/64: Don't pre-map memory in KASLR code [v3,18/75] x86/boot/compressed/64: Change add_identity_map() to take start and end [v3,19/75] x86/boot/compressed/64: Add stage1 #VC handler [v3,20/75] x86/boot/compressed/64: Call set_sev_encryption_mask earlier [v3,21/75] x86/boot/compressed/64: Check return value of kernel_ident_mapping_init() [v3,22/75] x86/boot/compressed/64: Add set_page_en/decrypted() helpers [v3,23/75] x86/boot/compressed/64: Setup GHCB Based VC Exception handler [v3,24/75] x86/boot/compressed/64: Unmap GHCB page before booting the kernel [v3,25/75] x86/sev-es: Add support for handling IOIO exceptions [v3,26/75] x86/fpu: Move xgetbv()/xsetbv() into separate header [v3,27/75] x86/sev-es: Add CPUID handling to #VC handler [v3,28/75] x86/idt: Move IDT to data segment [v3,29/75] x86/idt: Split idt_data setup out of set_intr_gate() [v3,30/75] x86/idt: Move two function from k/idt.c to i/a/desc.h [v3,31/75] x86/head/64: Install boot GDT [v3,32/75] x86/head/64: Reload GDT after switch to virtual addresses [v3,33/75] x86/head/64: Load segment registers earlier [v3,34/75] x86/head/64: Switch to initial stack earlier [v3,35/75] x86/head/64: Build k/head64.c with -fno-stack-protector [v3,36/75] x86/head/64: Load IDT earlier [v3,37/75] x86/head/64: Move early exception dispatch to C code [v3,38/75] x86/sev-es: Add SEV-ES Feature Detection [v3,39/75] x86/sev-es: Print SEV-ES info into kernel log [v3,40/75] x86/sev-es: Compile early handler code into kernel image [v3,41/75] x86/sev-es: Setup early #VC handler [v3,42/75] x86/sev-es: Setup GHCB based boot #VC handler [v3,43/75] x86/sev-es: Setup per-cpu GHCBs for the runtime handler [v3,44/75] x86/sev-es: Allocate and Map IST stacks for #VC handler [v3,45/75] x86/dumpstack/64: Handle #VC exception stacks [v3,46/75] x86/sev-es: Shift #VC IST Stack in nmi_enter()/nmi_exit() [v3,47/75] x86/sev-es: Add Runtime #VC Exception Handler [v3,48/75] x86/sev-es: Wire up existing #VC exit-code handlers [v3,49/75] x86/sev-es: Handle instruction fetches from user-space [v3,50/75] x86/sev-es: Do not crash on #VC exceptions from user-space [v3,51/75] x86/sev-es: Handle MMIO events [v3,52/75] x86/sev-es: Handle MMIO String Instructions [v3,53/75] x86/sev-es: Handle MSR events [v3,54/75] x86/sev-es: Handle DR7 read/write events [v3,55/75] x86/sev-es: Handle WBINVD Events [v3,56/75] x86/sev-es: Handle RDTSC(P) Events [v3,57/75] x86/sev-es: Handle RDPMC Events [v3,58/75] x86/sev-es: Handle INVD Events [v3,59/75] x86/sev-es: Handle MONITOR/MONITORX Events [v3,60/75] x86/sev-es: Handle MWAIT/MWAITX Events [v3,61/75] x86/sev-es: Handle VMMCALL Events [v3,62/75] x86/sev-es: Handle #AC Events [v3,63/75] x86/sev-es: Handle #DB Events [v3,64/75] x86/sev-es: Cache CPUID results for improved performance [v3,65/75] x86/paravirt: Allow hypervisor specific VMMCALL handling under SEV-ES [v3,66/75] x86/kvm: Add KVM specific VMMCALL handling under SEV-ES [v3,67/75] x86/vmware: Add VMware specific handling for VMMCALL under SEV-ES [v3,68/75] x86/realmode: Add SEV-ES specific trampoline entry point [v3,69/75] x86/realmode: Setup AP jump table [v3,70/75] x86/head/64: Setup TSS early for secondary CPUs [v3,71/75] x86/head/64: Don't call verify_cpu() on starting APs [v3,72/75] x86/head/64: Rename start_cpu0 [v3,73/75] x86/sev-es: Support CPU offline/online [v3,74/75] x86/sev-es: Handle NMI State [v3,75/75] x86/efi: Add GHCB mappings when SEV-ES is active

Message ID

20200428151725.31091-14-joro@8bytes.org (mailing list archive)

State

New, archived

Headers

From: Joerg Roedel <joro@8bytes.org>
To: x86@kernel.org
Cc: hpa@zytor.com, Andy Lutomirski <luto@kernel.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Thomas Hellstrom <thellstrom@vmware.com>,
        Jiri Slaby <jslaby@suse.cz>,
        Dan Williams <dan.j.williams@intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Juergen Gross <jgross@suse.com>,
        Kees Cook <keescook@chromium.org>,
        David Rientjes <rientjes@google.com>,
        Cfir Cohen <cfir@google.com>,
        Erdem Aktas <erdemaktas@google.com>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        Mike Stunes <mstunes@vmware.com>,
        Joerg Roedel <joro@8bytes.org>, Joerg Roedel <jroedel@suse.de>,
        linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
        virtualization@lists.linux-foundation.org
Subject: [PATCH v3 13/75] x86/boot/compressed/64: Add IDT Infrastructure
Date: Tue, 28 Apr 2020 17:16:23 +0200
Message-Id: <20200428151725.31091-14-joro@8bytes.org>
In-Reply-To: <20200428151725.31091-1-joro@8bytes.org>
References: <20200428151725.31091-1-joro@8bytes.org>
Sender: kvm-owner@vger.kernel.org
Precedence: bulk

Series

x86: SEV-ES Guest Support | expand

Commit Message

Joerg Roedel April 28, 2020, 3:16 p.m. UTC

From: Joerg Roedel <jroedel@suse.de>

Add code needed to setup an IDT in the early pre-decompression
boot-code. The IDT is loaded first in startup_64, which is after
EfiExitBootServices() has been called, and later reloaded when the
kernel image has been relocated to the end of the decompression area.

This allows to setup different IDT handlers before and after the
relocation.

Signed-off-by: Joerg Roedel <jroedel@suse.de>
---
 arch/x86/boot/compressed/Makefile          |  1 +
 arch/x86/boot/compressed/head_64.S         | 25 +++++++-
 arch/x86/boot/compressed/idt_64.c          | 43 ++++++++++++++
 arch/x86/boot/compressed/idt_handlers_64.S | 69 ++++++++++++++++++++++
 arch/x86/boot/compressed/misc.h            |  5 ++
 arch/x86/include/asm/desc_defs.h           |  3 +
 6 files changed, 145 insertions(+), 1 deletion(-)
 create mode 100644 arch/x86/boot/compressed/idt_64.c
 create mode 100644 arch/x86/boot/compressed/idt_handlers_64.S

Comments

Borislav Petkov May 4, 2020, 10:54 a.m. UTC | #1

On Tue, Apr 28, 2020 at 05:16:23PM +0200, Joerg Roedel wrote:
> diff --git a/arch/x86/boot/compressed/idt_handlers_64.S b/arch/x86/boot/compressed/idt_handlers_64.S
> new file mode 100644
> index 000000000000..f86ea872d860
> --- /dev/null
> +++ b/arch/x86/boot/compressed/idt_handlers_64.S
> @@ -0,0 +1,69 @@
> +/* SPDX-License-Identifier: GPL-2.0-only */
> +/*
> + * Early IDT handler entry points
> + *
> + * Copyright (C) 2019 SUSE
> + *
> + * Author: Joerg Roedel <jroedel@suse.de>
> + */
> +
> +#include <asm/segment.h>
> +
> +#include "../../entry/calling.h"

Leftover from something? Commenting it out doesn't break the build here.

If needed, then we need to lift stuff in a separate header and share it
or so. I want to include as less as possible crap from kernel proper and
eventually untangle arch/x86/boot/ because include/linux/ definitions
are a real pain.

Thx.

Joerg Roedel May 4, 2020, 11:28 a.m. UTC | #2

On Mon, May 04, 2020 at 12:54:45PM +0200, Borislav Petkov wrote:
> On Tue, Apr 28, 2020 at 05:16:23PM +0200, Joerg Roedel wrote:
> > diff --git a/arch/x86/boot/compressed/idt_handlers_64.S b/arch/x86/boot/compressed/idt_handlers_64.S
> > new file mode 100644
> > index 000000000000..f86ea872d860
> > --- /dev/null
> > +++ b/arch/x86/boot/compressed/idt_handlers_64.S
> > @@ -0,0 +1,69 @@
> > +/* SPDX-License-Identifier: GPL-2.0-only */
> > +/*
> > + * Early IDT handler entry points
> > + *
> > + * Copyright (C) 2019 SUSE
> > + *
> > + * Author: Joerg Roedel <jroedel@suse.de>
> > + */
> > +
> > +#include <asm/segment.h>
> > +
> > +#include "../../entry/calling.h"
> 
> Leftover from something? Commenting it out doesn't break the build here.

Yes, probably a leftover from when I tried to use the PT_REGS macros
there. I'll remove it.


Thanks,

	Joerg

Joerg Roedel June 3, 2020, 9:06 a.m. UTC | #3

On Mon, May 04, 2020 at 01:28:59PM +0200, Joerg Roedel wrote:
> On Mon, May 04, 2020 at 12:54:45PM +0200, Borislav Petkov wrote:
> > On Tue, Apr 28, 2020 at 05:16:23PM +0200, Joerg Roedel wrote:
> > > +#include "../../entry/calling.h"
> > 
> > Leftover from something? Commenting it out doesn't break the build here.
> 
> Yes, probably a leftover from when I tried to use the PT_REGS macros
> there. I'll remove it.

Turns out this include is still needed to get ORIG_RAX defined. I'll
leave it in place.


	Joerg

diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index 085d5f083f50..954842333d1d 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -82,6 +82,7 @@  vmlinux-objs-$(CONFIG_EARLY_PRINTK) += $(obj)/early_serial_console.o
 vmlinux-objs-$(CONFIG_RANDOMIZE_BASE) += $(obj)/kaslr.o
 ifdef CONFIG_X86_64
 	vmlinux-objs-$(CONFIG_RANDOMIZE_BASE) += $(obj)/kaslr_64.o
+	vmlinux-objs-y += $(obj)/idt_64.o $(obj)/idt_handlers_64.o
 	vmlinux-objs-y += $(obj)/mem_encrypt.o
 	vmlinux-objs-y += $(obj)/pgtable_64.o
 endif
diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
index 6b11060c3a0f..089b9e676498 100644
--- a/arch/x86/boot/compressed/head_64.S
+++ b/arch/x86/boot/compressed/head_64.S
@@ -33,6 +33,7 @@ 
 #include <asm/processor-flags.h>
 #include <asm/asm-offsets.h>
 #include <asm/bootparam.h>
+#include <asm/desc_defs.h>
 #include "pgtable.h"
 
 /*
@@ -401,6 +402,10 @@  SYM_CODE_START(startup_64)
 
 .Lon_kernel_cs:
 
+	pushq	%rsi
+	call	load_stage1_idt
+	popq	%rsi
+
 	/*
 	 * paging_prepare() sets up the trampoline and checks if we need to
 	 * enable 5-level paging.
@@ -528,6 +533,13 @@  SYM_FUNC_START_LOCAL_NOALIGN(.Lrelocated)
 	shrq	$3, %rcx
 	rep	stosq
 
+/*
+ * Load stage2 IDT
+ */
+	pushq	%rsi
+	call	load_stage2_idt
+	popq	%rsi
+
 /*
  * Do the extraction, and jump to the new kernel..
  */
@@ -681,10 +693,21 @@  SYM_DATA_START_LOCAL(gdt)
 	.quad   0x0000000000000000	/* TS continued */
 SYM_DATA_END_LABEL(gdt, SYM_L_LOCAL, gdt_end)
 
+SYM_DATA_START(boot_idt_desc)
+	.word	boot_idt_end - boot_idt
+	.quad	0
+SYM_DATA_END(boot_idt_desc)
+	.balign 8
+SYM_DATA_START(boot_idt)
+	.rept	BOOT_IDT_ENTRIES
+	.quad	0
+	.quad	0
+	.endr
+SYM_DATA_END_LABEL(boot_idt, SYM_L_GLOBAL, boot_idt_end)
+
 #ifdef CONFIG_EFI_STUB
 SYM_DATA(image_offset, .long 0)
 #endif
-
 #ifdef CONFIG_EFI_MIXED
 SYM_DATA_LOCAL(efi32_boot_args, .long 0, 0, 0)
 SYM_DATA(efi_is64, .byte 1)
diff --git a/arch/x86/boot/compressed/idt_64.c b/arch/x86/boot/compressed/idt_64.c
new file mode 100644
index 000000000000..46ecea671b90
--- /dev/null
+++ b/arch/x86/boot/compressed/idt_64.c
@@ -0,0 +1,43 @@ 
+// SPDX-License-Identifier: GPL-2.0-only
+#include <asm/trap_defs.h>
+#include <asm/segment.h>
+#include "misc.h"
+
+static void set_idt_entry(int vector, void (*handler)(void))
+{
+	unsigned long address = (unsigned long)handler;
+	gate_desc entry;
+
+	memset(&entry, 0, sizeof(entry));
+
+	entry.offset_low    = (u16)(address & 0xffff);
+	entry.segment       = __KERNEL_CS;
+	entry.bits.type     = GATE_TRAP;
+	entry.bits.p        = 1;
+	entry.offset_middle = (u16)((address >> 16) & 0xffff);
+	entry.offset_high   = (u32)(address >> 32);
+
+	memcpy(&boot_idt[vector], &entry, sizeof(entry));
+}
+
+/* Have this here so we don't need to include <asm/desc.h> */
+static void load_boot_idt(const struct desc_ptr *dtr)
+{
+	asm volatile("lidt %0"::"m" (*dtr));
+}
+
+/* Setup IDT before kernel jumping to  .Lrelocated */
+void load_stage1_idt(void)
+{
+	boot_idt_desc.address = (unsigned long)boot_idt;
+
+	load_boot_idt(&boot_idt_desc);
+}
+
+/* Setup IDT after kernel jumping to  .Lrelocated */
+void load_stage2_idt(void)
+{
+	boot_idt_desc.address = (unsigned long)boot_idt;
+
+	load_boot_idt(&boot_idt_desc);
+}
diff --git a/arch/x86/boot/compressed/idt_handlers_64.S b/arch/x86/boot/compressed/idt_handlers_64.S
new file mode 100644
index 000000000000..f86ea872d860
--- /dev/null
+++ b/arch/x86/boot/compressed/idt_handlers_64.S
@@ -0,0 +1,69 @@ 
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * Early IDT handler entry points
+ *
+ * Copyright (C) 2019 SUSE
+ *
+ * Author: Joerg Roedel <jroedel@suse.de>
+ */
+
+#include <asm/segment.h>
+
+#include "../../entry/calling.h"
+
+.macro EXCEPTION_HANDLER name function error_code=0
+SYM_FUNC_START(\name)
+
+	/* Build pt_regs */
+	.if \error_code == 0
+	pushq   $0
+	.endif
+
+	pushq   %rdi
+	pushq   %rsi
+	pushq   %rdx
+	pushq   %rcx
+	pushq   %rax
+	pushq   %r8
+	pushq   %r9
+	pushq   %r10
+	pushq   %r11
+	pushq   %rbx
+	pushq   %rbp
+	pushq   %r12
+	pushq   %r13
+	pushq   %r14
+	pushq   %r15
+
+	/* Call handler with pt_regs */
+	movq    %rsp, %rdi
+	/* Error code is second parameter */
+	movq	ORIG_RAX(%rsp), %rsi
+	call    \function
+
+	/* Restore regs */
+	popq    %r15
+	popq    %r14
+	popq    %r13
+	popq    %r12
+	popq    %rbp
+	popq    %rbx
+	popq    %r11
+	popq    %r10
+	popq    %r9
+	popq    %r8
+	popq    %rax
+	popq    %rcx
+	popq    %rdx
+	popq    %rsi
+	popq    %rdi
+
+	/* Remove error code and return */
+	addq    $8, %rsp
+
+	iretq
+SYM_FUNC_END(\name)
+	.endm
+
+	.text
+	.code64
diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h
index 726e264410ff..062ae3ae6930 100644
--- a/arch/x86/boot/compressed/misc.h
+++ b/arch/x86/boot/compressed/misc.h
@@ -23,6 +23,7 @@ 
 #include <asm/page.h>
 #include <asm/boot.h>
 #include <asm/bootparam.h>
+#include <asm/desc_defs.h>
 
 #define BOOT_CTYPE_H
 #include <linux/acpi.h>
@@ -133,4 +134,8 @@  int count_immovable_mem_regions(void);
 static inline int count_immovable_mem_regions(void) { return 0; }
 #endif
 
+/* idt_64.c */
+extern gate_desc boot_idt[BOOT_IDT_ENTRIES];
+extern struct desc_ptr boot_idt_desc;
+
 #endif /* BOOT_COMPRESSED_MISC_H */
diff --git a/arch/x86/include/asm/desc_defs.h b/arch/x86/include/asm/desc_defs.h
index a91f3b6e4f2a..5621fb3f2d1a 100644
--- a/arch/x86/include/asm/desc_defs.h
+++ b/arch/x86/include/asm/desc_defs.h
@@ -109,6 +109,9 @@  struct desc_ptr {
 
 #endif /* !__ASSEMBLY__ */
 
+/* Boot IDT definitions */
+#define	BOOT_IDT_ENTRIES	32
+
 /* Access rights as returned by LAR */
 #define AR_TYPE_RODATA		(0 * (1 << 9))
 #define AR_TYPE_RWDATA		(1 * (1 << 9))

[v3,13/75] x86/boot/compressed/64: Add IDT Infrastructure

Commit Message

Comments

Patch