[v3,42/75] x86/sev-es: Setup GHCB based boot #VC handler

Message ID	20200428151725.31091-43-joro@8bytes.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=1gOX=6M=vger.kernel.org=kvm-owner@kernel.org> Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5A93714DD for <patchwork-kvm@patchwork.kernel.org>; Tue, 28 Apr 2020 15:22:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 475E02186A for <patchwork-kvm@patchwork.kernel.org>; Tue, 28 Apr 2020 15:22:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728339AbgD1PV6 (ORCPT <rfc822;patchwork-kvm@patchwork.kernel.org>); Tue, 28 Apr 2020 11:21:58 -0400 Received: from 8bytes.org ([81.169.241.247]:37630 "EHLO theia.8bytes.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728315AbgD1PSJ (ORCPT <rfc822;kvm@vger.kernel.org>); Tue, 28 Apr 2020 11:18:09 -0400 Received: by theia.8bytes.org (Postfix, from userid 1000) id 23D73F27; Tue, 28 Apr 2020 17:17:50 +0200 (CEST) From: Joerg Roedel <joro@8bytes.org> To: x86@kernel.org Cc: hpa@zytor.com, Andy Lutomirski <luto@kernel.org>, Dave Hansen <dave.hansen@linux.intel.com>, Peter Zijlstra <peterz@infradead.org>, Thomas Hellstrom <thellstrom@vmware.com>, Jiri Slaby <jslaby@suse.cz>, Dan Williams <dan.j.williams@intel.com>, Tom Lendacky <thomas.lendacky@amd.com>, Juergen Gross <jgross@suse.com>, Kees Cook <keescook@chromium.org>, David Rientjes <rientjes@google.com>, Cfir Cohen <cfir@google.com>, Erdem Aktas <erdemaktas@google.com>, Masami Hiramatsu <mhiramat@kernel.org>, Mike Stunes <mstunes@vmware.com>, Joerg Roedel <joro@8bytes.org>, Joerg Roedel <jroedel@suse.de>, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, virtualization@lists.linux-foundation.org Subject: [PATCH v3 42/75] x86/sev-es: Setup GHCB based boot #VC handler Date: Tue, 28 Apr 2020 17:16:52 +0200 Message-Id: <20200428151725.31091-43-joro@8bytes.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200428151725.31091-1-joro@8bytes.org> References: <20200428151725.31091-1-joro@8bytes.org> Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: <kvm.vger.kernel.org> X-Mailing-List: kvm@vger.kernel.org
Series	x86: SEV-ES Guest Support \| expand [v3,00/75] x86: SEV-ES Guest Support [v3,01/75] KVM: SVM: Add GHCB definitions [v3,02/75] KVM: SVM: Add GHCB Accessor functions [v3,03/75] KVM: SVM: Use __packed shorthand [v3,04/75] x86/cpufeatures: Add SEV-ES CPU feature [v3,05/75] x86/traps: Move some definitions to <asm/trap_defs.h> [v3,06/75] x86/insn: Make inat-tables.c suitable for pre-decompression code [v3,07/75] x86/umip: Factor out instruction fetch [v3,08/75] x86/umip: Factor out instruction decoding [v3,09/75] x86/insn: Add insn_get_modrm_reg_off() [v3,10/75] x86/insn: Add insn_rep_prefix() helper [v3,11/75] x86/boot/compressed/64: Disable red-zone usage [v3,12/75] x86/boot/compressed/64: Switch to __KERNEL_CS after GDT is loaded [v3,13/75] x86/boot/compressed/64: Add IDT Infrastructure [v3,14/75] x86/boot/compressed/64: Rename kaslr_64.c to ident_map_64.c [v3,15/75] x86/boot/compressed/64: Add page-fault handler [v3,16/75] x86/boot/compressed/64: Always switch to own page-table [v3,17/75] x86/boot/compressed/64: Don't pre-map memory in KASLR code [v3,18/75] x86/boot/compressed/64: Change add_identity_map() to take start and end [v3,19/75] x86/boot/compressed/64: Add stage1 #VC handler [v3,20/75] x86/boot/compressed/64: Call set_sev_encryption_mask earlier [v3,21/75] x86/boot/compressed/64: Check return value of kernel_ident_mapping_init() [v3,22/75] x86/boot/compressed/64: Add set_page_en/decrypted() helpers [v3,23/75] x86/boot/compressed/64: Setup GHCB Based VC Exception handler [v3,24/75] x86/boot/compressed/64: Unmap GHCB page before booting the kernel [v3,25/75] x86/sev-es: Add support for handling IOIO exceptions [v3,26/75] x86/fpu: Move xgetbv()/xsetbv() into separate header [v3,27/75] x86/sev-es: Add CPUID handling to #VC handler [v3,28/75] x86/idt: Move IDT to data segment [v3,29/75] x86/idt: Split idt_data setup out of set_intr_gate() [v3,30/75] x86/idt: Move two function from k/idt.c to i/a/desc.h [v3,31/75] x86/head/64: Install boot GDT [v3,32/75] x86/head/64: Reload GDT after switch to virtual addresses [v3,33/75] x86/head/64: Load segment registers earlier [v3,34/75] x86/head/64: Switch to initial stack earlier [v3,35/75] x86/head/64: Build k/head64.c with -fno-stack-protector [v3,36/75] x86/head/64: Load IDT earlier [v3,37/75] x86/head/64: Move early exception dispatch to C code [v3,38/75] x86/sev-es: Add SEV-ES Feature Detection [v3,39/75] x86/sev-es: Print SEV-ES info into kernel log [v3,40/75] x86/sev-es: Compile early handler code into kernel image [v3,41/75] x86/sev-es: Setup early #VC handler [v3,42/75] x86/sev-es: Setup GHCB based boot #VC handler [v3,43/75] x86/sev-es: Setup per-cpu GHCBs for the runtime handler [v3,44/75] x86/sev-es: Allocate and Map IST stacks for #VC handler [v3,45/75] x86/dumpstack/64: Handle #VC exception stacks [v3,46/75] x86/sev-es: Shift #VC IST Stack in nmi_enter()/nmi_exit() [v3,47/75] x86/sev-es: Add Runtime #VC Exception Handler [v3,48/75] x86/sev-es: Wire up existing #VC exit-code handlers [v3,49/75] x86/sev-es: Handle instruction fetches from user-space [v3,50/75] x86/sev-es: Do not crash on #VC exceptions from user-space [v3,51/75] x86/sev-es: Handle MMIO events [v3,52/75] x86/sev-es: Handle MMIO String Instructions [v3,53/75] x86/sev-es: Handle MSR events [v3,54/75] x86/sev-es: Handle DR7 read/write events [v3,55/75] x86/sev-es: Handle WBINVD Events [v3,56/75] x86/sev-es: Handle RDTSC(P) Events [v3,57/75] x86/sev-es: Handle RDPMC Events [v3,58/75] x86/sev-es: Handle INVD Events [v3,59/75] x86/sev-es: Handle MONITOR/MONITORX Events [v3,60/75] x86/sev-es: Handle MWAIT/MWAITX Events [v3,61/75] x86/sev-es: Handle VMMCALL Events [v3,62/75] x86/sev-es: Handle #AC Events [v3,63/75] x86/sev-es: Handle #DB Events [v3,64/75] x86/sev-es: Cache CPUID results for improved performance [v3,65/75] x86/paravirt: Allow hypervisor specific VMMCALL handling under SEV-ES [v3,66/75] x86/kvm: Add KVM specific VMMCALL handling under SEV-ES [v3,67/75] x86/vmware: Add VMware specific handling for VMMCALL under SEV-ES [v3,68/75] x86/realmode: Add SEV-ES specific trampoline entry point [v3,69/75] x86/realmode: Setup AP jump table [v3,70/75] x86/head/64: Setup TSS early for secondary CPUs [v3,71/75] x86/head/64: Don't call verify_cpu() on starting APs [v3,72/75] x86/head/64: Rename start_cpu0 [v3,73/75] x86/sev-es: Support CPU offline/online [v3,74/75] x86/sev-es: Handle NMI State [v3,75/75] x86/efi: Add GHCB mappings when SEV-ES is active

Message ID

20200428151725.31091-43-joro@8bytes.org (mailing list archive)

State

New, archived

Headers

From: Joerg Roedel <joro@8bytes.org>
To: x86@kernel.org
Cc: hpa@zytor.com, Andy Lutomirski <luto@kernel.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Thomas Hellstrom <thellstrom@vmware.com>,
        Jiri Slaby <jslaby@suse.cz>,
        Dan Williams <dan.j.williams@intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Juergen Gross <jgross@suse.com>,
        Kees Cook <keescook@chromium.org>,
        David Rientjes <rientjes@google.com>,
        Cfir Cohen <cfir@google.com>,
        Erdem Aktas <erdemaktas@google.com>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        Mike Stunes <mstunes@vmware.com>,
        Joerg Roedel <joro@8bytes.org>, Joerg Roedel <jroedel@suse.de>,
        linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
        virtualization@lists.linux-foundation.org
Subject: [PATCH v3 42/75] x86/sev-es: Setup GHCB based boot #VC handler
Date: Tue, 28 Apr 2020 17:16:52 +0200
Message-Id: <20200428151725.31091-43-joro@8bytes.org>
In-Reply-To: <20200428151725.31091-1-joro@8bytes.org>
References: <20200428151725.31091-1-joro@8bytes.org>
Sender: kvm-owner@vger.kernel.org
Precedence: bulk

Series

x86: SEV-ES Guest Support | expand

Commit Message

Joerg Roedel April 28, 2020, 3:16 p.m. UTC

From: Joerg Roedel <jroedel@suse.de>

Add the infrastructure to handle #VC exceptions when the kernel runs
on virtual addresses and has a GHCB mapped. This handler will be used
until the runtime #VC handler takes over.

Signed-off-by: Joerg Roedel <jroedel@suse.de>
---
 arch/x86/include/asm/segment.h  |   2 +-
 arch/x86/include/asm/sev-es.h   |   1 +
 arch/x86/kernel/head64.c        |   6 ++
 arch/x86/kernel/sev-es-shared.c |  14 ++--
 arch/x86/kernel/sev-es.c        | 116 ++++++++++++++++++++++++++++++++
 arch/x86/mm/extable.c           |   1 +
 6 files changed, 132 insertions(+), 8 deletions(-)

Comments

Borislav Petkov May 20, 2020, 7:22 p.m. UTC | #1

On Tue, Apr 28, 2020 at 05:16:52PM +0200, Joerg Roedel wrote:
> diff --git a/arch/x86/include/asm/sev-es.h b/arch/x86/include/asm/sev-es.h
> index b2cbcd40b52e..e1ed963a57ec 100644
> --- a/arch/x86/include/asm/sev-es.h
> +++ b/arch/x86/include/asm/sev-es.h
> @@ -74,5 +74,6 @@ static inline u64 lower_bits(u64 val, unsigned int bits)
>  }
>  
>  extern void vc_no_ghcb(void);
> +extern bool vc_boot_ghcb(struct pt_regs *regs);

Those function names need verbs:

	handle_vc_no_ghcb
	handle_vc_boot_ghcb

> @@ -161,3 +176,104 @@ static enum es_result vc_read_mem(struct es_em_ctxt *ctxt,
>  
>  /* Include code shared with pre-decompression boot stage */
>  #include "sev-es-shared.c"
> +
> +/*
> + * This function runs on the first #VC exception after the kernel
> + * switched to virtual addresses.
> + */
> +static bool __init sev_es_setup_ghcb(void)

There's already another sev_es_setup_ghcb() in compressed/. All those
functions with the same name are just confusion waiting to happen. Let's
prepend the ones in compressed/ with "early_" or so, so that their names
are at least different even if they're in two different files with the
same name.

This way you know at least which function is used in which boot stages.

> +{
> +	/* First make sure the hypervisor talks a supported protocol. */
> +	if (!sev_es_negotiate_protocol())
> +		return false;

<---- newline here.

> +	/*
> +	 * Clear the boot_ghcb. The first exception comes in before the bss
> +	 * section is cleared.
> +	 */
> +	memset(&boot_ghcb_page, 0, PAGE_SIZE);
> +
> +	/* Alright - Make the boot-ghcb public */
> +	boot_ghcb = &boot_ghcb_page;
> +
> +	return true;
> +}
> +
> +static void __init vc_early_vc_forward_exception(struct es_em_ctxt *ctxt)

That second "vc" looks redundant.

> +{
> +	int trapnr = ctxt->fi.vector;
> +
> +	if (trapnr == X86_TRAP_PF)
> +		native_write_cr2(ctxt->fi.cr2);
> +
> +	ctxt->regs->orig_ax = ctxt->fi.error_code;
> +	do_early_exception(ctxt->regs, trapnr);
> +}
> +
> +static enum es_result vc_handle_exitcode(struct es_em_ctxt *ctxt,
> +					 struct ghcb *ghcb,
> +					 unsigned long exit_code)
> +{
> +	enum es_result result;
> +
> +	switch (exit_code) {
> +	default:
> +		/*
> +		 * Unexpected #VC exception
> +		 */
> +		result = ES_UNSUPPORTED;
> +	}
> +
> +	return result;
> +}
> +
> +bool __init vc_boot_ghcb(struct pt_regs *regs)
> +{
> +	unsigned long exit_code = regs->orig_ax;
> +	struct es_em_ctxt ctxt;
> +	enum es_result result;
> +
> +	/* Do initial setup or terminate the guest */
> +	if (unlikely(boot_ghcb == NULL && !sev_es_setup_ghcb()))
> +		sev_es_terminate(GHCB_SEV_ES_REASON_GENERAL_REQUEST);
> +
> +	vc_ghcb_invalidate(boot_ghcb);

Newline here...

> +	result = vc_init_em_ctxt(&ctxt, regs, exit_code);
> +

... remove that one here.

> +	if (result == ES_OK)
> +		result = vc_handle_exitcode(&ctxt, boot_ghcb, exit_code);

...

Joerg Roedel June 4, 2020, 12:07 p.m. UTC | #2

On Wed, May 20, 2020 at 09:22:30PM +0200, Borislav Petkov wrote:
> On Tue, Apr 28, 2020 at 05:16:52PM +0200, Joerg Roedel wrote:
> > diff --git a/arch/x86/include/asm/sev-es.h b/arch/x86/include/asm/sev-es.h
> > index b2cbcd40b52e..e1ed963a57ec 100644
> > --- a/arch/x86/include/asm/sev-es.h
> > +++ b/arch/x86/include/asm/sev-es.h
> > @@ -74,5 +74,6 @@ static inline u64 lower_bits(u64 val, unsigned int bits)
> >  }
> >  
> >  extern void vc_no_ghcb(void);
> > +extern bool vc_boot_ghcb(struct pt_regs *regs);
> 
> Those function names need verbs:
> 
> 	handle_vc_no_ghcb
> 	handle_vc_boot_ghcb

This are IDT entry points and the names above follow the convention for
them, like e.g. 'page_fault', 'nmi' or 'general_protection'. Should I
still add the verbs or just add a comment explaining what those symbols
are?

> There's already another sev_es_setup_ghcb() in compressed/. All those
> functions with the same name are just confusion waiting to happen. Let's
> prepend the ones in compressed/ with "early_" or so, so that their names
> are at least different even if they're in two different files with the
> same name.
> 
> This way you know at least which function is used in which boot stages.

Okay, will see what can be changed. Some functions are part of the
interface for sev-es-shared.c and need to have the same names, but
sev_es_setup_ghcb() can be named differently.

> > +static void __init vc_early_vc_forward_exception(struct es_em_ctxt *ctxt)
> 
> That second "vc" looks redundant.

Heh, search and replace artifact :) Fixed now.


	Joerg

Borislav Petkov June 4, 2020, 3:30 p.m. UTC | #3

On Thu, Jun 04, 2020 at 02:07:49PM +0200, Joerg Roedel wrote:
> This are IDT entry points and the names above follow the convention for
> them, like e.g. 'page_fault', 'nmi' or 'general_protection'. Should I
> still add the verbs or just add a comment explaining what those symbols
> are?

Hmmkay, I see vc_no_ghcb doing

call    do_vc_no_ghcb

and that's setup in early_idt_setup().

vc_boot_ghcb(), OTOH, is called by do_early_exception() only so that one
could be called handle_vc_boot_ghcb(), no? I.e., I don't see it being an
IDT entry point.

Joerg Roedel June 11, 2020, 10:14 a.m. UTC | #4

On Thu, Jun 04, 2020 at 05:30:27PM +0200, Borislav Petkov wrote:
> Hmmkay, I see vc_no_ghcb doing
> 
> call    do_vc_no_ghcb
> 
> and that's setup in early_idt_setup().
> 
> vc_boot_ghcb(), OTOH, is called by do_early_exception() only so that one
> could be called handle_vc_boot_ghcb(), no? I.e., I don't see it being an
> IDT entry point.

Right, I renamed it to handle_vc_boot_ghcb().


	Joerg

diff --git a/arch/x86/include/asm/segment.h b/arch/x86/include/asm/segment.h
index 6669164abadc..5b648066504c 100644
--- a/arch/x86/include/asm/segment.h
+++ b/arch/x86/include/asm/segment.h
@@ -230,7 +230,7 @@ 
 #define NUM_EXCEPTION_VECTORS		32
 
 /* Bitmask of exception vectors which push an error code on the stack: */
-#define EXCEPTION_ERRCODE_MASK		0x00027d00
+#define EXCEPTION_ERRCODE_MASK		0x20027d00
 
 #define GDT_SIZE			(GDT_ENTRIES*8)
 #define GDT_ENTRY_TLS_ENTRIES		3
diff --git a/arch/x86/include/asm/sev-es.h b/arch/x86/include/asm/sev-es.h
index b2cbcd40b52e..e1ed963a57ec 100644
--- a/arch/x86/include/asm/sev-es.h
+++ b/arch/x86/include/asm/sev-es.h
@@ -74,5 +74,6 @@  static inline u64 lower_bits(u64 val, unsigned int bits)
 }
 
 extern void vc_no_ghcb(void);
+extern bool vc_boot_ghcb(struct pt_regs *regs);
 
 #endif
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index 9586522bfcb3..d83d59c15548 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -386,6 +386,12 @@  void __init do_early_exception(struct pt_regs *regs, int trapnr)
 	    early_make_pgtable(native_read_cr2()))
 		return;
 
+#ifdef CONFIG_AMD_MEM_ENCRYPT
+	if (trapnr == X86_TRAP_VC &&
+	    vc_boot_ghcb(regs))
+		return;
+#endif
+
 	early_fixup_exception(regs, trapnr);
 }
 
diff --git a/arch/x86/kernel/sev-es-shared.c b/arch/x86/kernel/sev-es-shared.c
index 5703f9b17e70..3d2299fb5e3f 100644
--- a/arch/x86/kernel/sev-es-shared.c
+++ b/arch/x86/kernel/sev-es-shared.c
@@ -9,7 +9,7 @@ 
  * and is included directly into both code-bases.
  */
 
-static void __maybe_unused sev_es_terminate(unsigned int reason)
+static void sev_es_terminate(unsigned int reason)
 {
 	u64 val = GHCB_SEV_TERMINATE;
 
@@ -27,7 +27,7 @@  static void __maybe_unused sev_es_terminate(unsigned int reason)
 		asm volatile("hlt\n" : : : "memory");
 }
 
-static bool __maybe_unused sev_es_negotiate_protocol(void)
+static bool sev_es_negotiate_protocol(void)
 {
 	u64 val;
 
@@ -46,7 +46,7 @@  static bool __maybe_unused sev_es_negotiate_protocol(void)
 	return true;
 }
 
-static void __maybe_unused vc_ghcb_invalidate(struct ghcb *ghcb)
+static void vc_ghcb_invalidate(struct ghcb *ghcb)
 {
 	memset(ghcb->save.valid_bitmap, 0, sizeof(ghcb->save.valid_bitmap));
 }
@@ -58,9 +58,9 @@  static bool vc_decoding_needed(unsigned long exit_code)
 		 exit_code <= SVM_EXIT_LAST_EXCP);
 }
 
-static enum es_result __maybe_unused vc_init_em_ctxt(struct es_em_ctxt *ctxt,
-						     struct pt_regs *regs,
-						     unsigned long exit_code)
+static enum es_result vc_init_em_ctxt(struct es_em_ctxt *ctxt,
+				      struct pt_regs *regs,
+				      unsigned long exit_code)
 {
 	enum es_result ret = ES_OK;
 
@@ -73,7 +73,7 @@  static enum es_result __maybe_unused vc_init_em_ctxt(struct es_em_ctxt *ctxt,
 	return ret;
 }
 
-static void __maybe_unused vc_finish_insn(struct es_em_ctxt *ctxt)
+static void vc_finish_insn(struct es_em_ctxt *ctxt)
 {
 	ctxt->regs->ip += ctxt->insn.length;
 }
diff --git a/arch/x86/kernel/sev-es.c b/arch/x86/kernel/sev-es.c
index 0d20770decce..9de5bb23cb0a 100644
--- a/arch/x86/kernel/sev-es.c
+++ b/arch/x86/kernel/sev-es.c
@@ -7,7 +7,9 @@ 
  * Author: Joerg Roedel <jroedel@suse.de>
  */
 
+#include <linux/sched/debug.h>	/* For show_regs() */
 #include <linux/kernel.h>
+#include <linux/printk.h>
 #include <linux/mm.h>
 
 #include <asm/trap_defs.h>
@@ -15,8 +17,21 @@ 
 #include <asm/insn-eval.h>
 #include <asm/fpu/internal.h>
 #include <asm/processor.h>
+#include <asm/trap_defs.h>
 #include <asm/svm.h>
 
+/* For early boot hypervisor communication in SEV-ES enabled guests */
+static struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE);
+
+/*
+ * Needs to be in the .data section because we need it NULL before bss is
+ * cleared
+ */
+static struct ghcb __initdata *boot_ghcb;
+
+/* Needed in vc_early_vc_forward_exception */
+void do_early_exception(struct pt_regs *regs, int trapnr);
+
 static inline u64 sev_es_rd_ghcb_msr(void)
 {
 	return native_read_msr(MSR_AMD64_SEV_ES_GHCB);
@@ -161,3 +176,104 @@  static enum es_result vc_read_mem(struct es_em_ctxt *ctxt,
 
 /* Include code shared with pre-decompression boot stage */
 #include "sev-es-shared.c"
+
+/*
+ * This function runs on the first #VC exception after the kernel
+ * switched to virtual addresses.
+ */
+static bool __init sev_es_setup_ghcb(void)
+{
+	/* First make sure the hypervisor talks a supported protocol. */
+	if (!sev_es_negotiate_protocol())
+		return false;
+	/*
+	 * Clear the boot_ghcb. The first exception comes in before the bss
+	 * section is cleared.
+	 */
+	memset(&boot_ghcb_page, 0, PAGE_SIZE);
+
+	/* Alright - Make the boot-ghcb public */
+	boot_ghcb = &boot_ghcb_page;
+
+	return true;
+}
+
+static void __init vc_early_vc_forward_exception(struct es_em_ctxt *ctxt)
+{
+	int trapnr = ctxt->fi.vector;
+
+	if (trapnr == X86_TRAP_PF)
+		native_write_cr2(ctxt->fi.cr2);
+
+	ctxt->regs->orig_ax = ctxt->fi.error_code;
+	do_early_exception(ctxt->regs, trapnr);
+}
+
+static enum es_result vc_handle_exitcode(struct es_em_ctxt *ctxt,
+					 struct ghcb *ghcb,
+					 unsigned long exit_code)
+{
+	enum es_result result;
+
+	switch (exit_code) {
+	default:
+		/*
+		 * Unexpected #VC exception
+		 */
+		result = ES_UNSUPPORTED;
+	}
+
+	return result;
+}
+
+bool __init vc_boot_ghcb(struct pt_regs *regs)
+{
+	unsigned long exit_code = regs->orig_ax;
+	struct es_em_ctxt ctxt;
+	enum es_result result;
+
+	/* Do initial setup or terminate the guest */
+	if (unlikely(boot_ghcb == NULL && !sev_es_setup_ghcb()))
+		sev_es_terminate(GHCB_SEV_ES_REASON_GENERAL_REQUEST);
+
+	vc_ghcb_invalidate(boot_ghcb);
+	result = vc_init_em_ctxt(&ctxt, regs, exit_code);
+
+	if (result == ES_OK)
+		result = vc_handle_exitcode(&ctxt, boot_ghcb, exit_code);
+
+	/* Done - now check the result */
+	switch (result) {
+	case ES_OK:
+		vc_finish_insn(&ctxt);
+		break;
+	case ES_UNSUPPORTED:
+		early_printk("PANIC: Unsupported exit-code 0x%02lx in early #VC exception (IP: 0x%lx)\n",
+				exit_code, regs->ip);
+		goto fail;
+	case ES_VMM_ERROR:
+		early_printk("PANIC: Failure in communication with VMM (exit-code 0x%02lx IP: 0x%lx)\n",
+				exit_code, regs->ip);
+		goto fail;
+	case ES_DECODE_FAILED:
+		early_printk("PANIC: Failed to decode instruction (exit-code 0x%02lx IP: 0x%lx)\n",
+				exit_code, regs->ip);
+		goto fail;
+	case ES_EXCEPTION:
+		vc_early_vc_forward_exception(&ctxt);
+		break;
+	case ES_RETRY:
+		/* Nothing to do */
+		break;
+	default:
+		BUG();
+	}
+
+	return true;
+
+fail:
+	show_regs(regs);
+
+	while (true)
+		halt();
+}
diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c
index b991aa4bdfae..5bcbd413b409 100644
--- a/arch/x86/mm/extable.c
+++ b/arch/x86/mm/extable.c
@@ -5,6 +5,7 @@ 
 #include <xen/xen.h>
 
 #include <asm/fpu/internal.h>
+#include <asm/sev-es.h>
 #include <asm/traps.h>
 #include <asm/kdebug.h>

[v3,42/75] x86/sev-es: Setup GHCB based boot #VC handler

Commit Message

Comments

Patch