[v3,69/75] x86/realmode: Setup AP jump table

Message ID	20200428151725.31091-70-joro@8bytes.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=1gOX=6M=vger.kernel.org=kvm-owner@kernel.org> Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9A97614DD for <patchwork-kvm@patchwork.kernel.org>; Tue, 28 Apr 2020 15:19:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8DB09221EC for <patchwork-kvm@patchwork.kernel.org>; Tue, 28 Apr 2020 15:19:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728473AbgD1PSX (ORCPT <rfc822;patchwork-kvm@patchwork.kernel.org>); Tue, 28 Apr 2020 11:18:23 -0400 Received: from 8bytes.org ([81.169.241.247]:38536 "EHLO theia.8bytes.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728447AbgD1PSU (ORCPT <rfc822;kvm@vger.kernel.org>); Tue, 28 Apr 2020 11:18:20 -0400 Received: by theia.8bytes.org (Postfix, from userid 1000) id A29DAF48; Tue, 28 Apr 2020 17:17:55 +0200 (CEST) From: Joerg Roedel <joro@8bytes.org> To: x86@kernel.org Cc: hpa@zytor.com, Andy Lutomirski <luto@kernel.org>, Dave Hansen <dave.hansen@linux.intel.com>, Peter Zijlstra <peterz@infradead.org>, Thomas Hellstrom <thellstrom@vmware.com>, Jiri Slaby <jslaby@suse.cz>, Dan Williams <dan.j.williams@intel.com>, Tom Lendacky <thomas.lendacky@amd.com>, Juergen Gross <jgross@suse.com>, Kees Cook <keescook@chromium.org>, David Rientjes <rientjes@google.com>, Cfir Cohen <cfir@google.com>, Erdem Aktas <erdemaktas@google.com>, Masami Hiramatsu <mhiramat@kernel.org>, Mike Stunes <mstunes@vmware.com>, Joerg Roedel <joro@8bytes.org>, Joerg Roedel <jroedel@suse.de>, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, virtualization@lists.linux-foundation.org Subject: [PATCH v3 69/75] x86/realmode: Setup AP jump table Date: Tue, 28 Apr 2020 17:17:19 +0200 Message-Id: <20200428151725.31091-70-joro@8bytes.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200428151725.31091-1-joro@8bytes.org> References: <20200428151725.31091-1-joro@8bytes.org> Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: <kvm.vger.kernel.org> X-Mailing-List: kvm@vger.kernel.org
Series	x86: SEV-ES Guest Support \| expand [v3,00/75] x86: SEV-ES Guest Support [v3,01/75] KVM: SVM: Add GHCB definitions [v3,02/75] KVM: SVM: Add GHCB Accessor functions [v3,03/75] KVM: SVM: Use __packed shorthand [v3,04/75] x86/cpufeatures: Add SEV-ES CPU feature [v3,05/75] x86/traps: Move some definitions to <asm/trap_defs.h> [v3,06/75] x86/insn: Make inat-tables.c suitable for pre-decompression code [v3,07/75] x86/umip: Factor out instruction fetch [v3,08/75] x86/umip: Factor out instruction decoding [v3,09/75] x86/insn: Add insn_get_modrm_reg_off() [v3,10/75] x86/insn: Add insn_rep_prefix() helper [v3,11/75] x86/boot/compressed/64: Disable red-zone usage [v3,12/75] x86/boot/compressed/64: Switch to __KERNEL_CS after GDT is loaded [v3,13/75] x86/boot/compressed/64: Add IDT Infrastructure [v3,14/75] x86/boot/compressed/64: Rename kaslr_64.c to ident_map_64.c [v3,15/75] x86/boot/compressed/64: Add page-fault handler [v3,16/75] x86/boot/compressed/64: Always switch to own page-table [v3,17/75] x86/boot/compressed/64: Don't pre-map memory in KASLR code [v3,18/75] x86/boot/compressed/64: Change add_identity_map() to take start and end [v3,19/75] x86/boot/compressed/64: Add stage1 #VC handler [v3,20/75] x86/boot/compressed/64: Call set_sev_encryption_mask earlier [v3,21/75] x86/boot/compressed/64: Check return value of kernel_ident_mapping_init() [v3,22/75] x86/boot/compressed/64: Add set_page_en/decrypted() helpers [v3,23/75] x86/boot/compressed/64: Setup GHCB Based VC Exception handler [v3,24/75] x86/boot/compressed/64: Unmap GHCB page before booting the kernel [v3,25/75] x86/sev-es: Add support for handling IOIO exceptions [v3,26/75] x86/fpu: Move xgetbv()/xsetbv() into separate header [v3,27/75] x86/sev-es: Add CPUID handling to #VC handler [v3,28/75] x86/idt: Move IDT to data segment [v3,29/75] x86/idt: Split idt_data setup out of set_intr_gate() [v3,30/75] x86/idt: Move two function from k/idt.c to i/a/desc.h [v3,31/75] x86/head/64: Install boot GDT [v3,32/75] x86/head/64: Reload GDT after switch to virtual addresses [v3,33/75] x86/head/64: Load segment registers earlier [v3,34/75] x86/head/64: Switch to initial stack earlier [v3,35/75] x86/head/64: Build k/head64.c with -fno-stack-protector [v3,36/75] x86/head/64: Load IDT earlier [v3,37/75] x86/head/64: Move early exception dispatch to C code [v3,38/75] x86/sev-es: Add SEV-ES Feature Detection [v3,39/75] x86/sev-es: Print SEV-ES info into kernel log [v3,40/75] x86/sev-es: Compile early handler code into kernel image [v3,41/75] x86/sev-es: Setup early #VC handler [v3,42/75] x86/sev-es: Setup GHCB based boot #VC handler [v3,43/75] x86/sev-es: Setup per-cpu GHCBs for the runtime handler [v3,44/75] x86/sev-es: Allocate and Map IST stacks for #VC handler [v3,45/75] x86/dumpstack/64: Handle #VC exception stacks [v3,46/75] x86/sev-es: Shift #VC IST Stack in nmi_enter()/nmi_exit() [v3,47/75] x86/sev-es: Add Runtime #VC Exception Handler [v3,48/75] x86/sev-es: Wire up existing #VC exit-code handlers [v3,49/75] x86/sev-es: Handle instruction fetches from user-space [v3,50/75] x86/sev-es: Do not crash on #VC exceptions from user-space [v3,51/75] x86/sev-es: Handle MMIO events [v3,52/75] x86/sev-es: Handle MMIO String Instructions [v3,53/75] x86/sev-es: Handle MSR events [v3,54/75] x86/sev-es: Handle DR7 read/write events [v3,55/75] x86/sev-es: Handle WBINVD Events [v3,56/75] x86/sev-es: Handle RDTSC(P) Events [v3,57/75] x86/sev-es: Handle RDPMC Events [v3,58/75] x86/sev-es: Handle INVD Events [v3,59/75] x86/sev-es: Handle MONITOR/MONITORX Events [v3,60/75] x86/sev-es: Handle MWAIT/MWAITX Events [v3,61/75] x86/sev-es: Handle VMMCALL Events [v3,62/75] x86/sev-es: Handle #AC Events [v3,63/75] x86/sev-es: Handle #DB Events [v3,64/75] x86/sev-es: Cache CPUID results for improved performance [v3,65/75] x86/paravirt: Allow hypervisor specific VMMCALL handling under SEV-ES [v3,66/75] x86/kvm: Add KVM specific VMMCALL handling under SEV-ES [v3,67/75] x86/vmware: Add VMware specific handling for VMMCALL under SEV-ES [v3,68/75] x86/realmode: Add SEV-ES specific trampoline entry point [v3,69/75] x86/realmode: Setup AP jump table [v3,70/75] x86/head/64: Setup TSS early for secondary CPUs [v3,71/75] x86/head/64: Don't call verify_cpu() on starting APs [v3,72/75] x86/head/64: Rename start_cpu0 [v3,73/75] x86/sev-es: Support CPU offline/online [v3,74/75] x86/sev-es: Handle NMI State [v3,75/75] x86/efi: Add GHCB mappings when SEV-ES is active

Message ID

20200428151725.31091-70-joro@8bytes.org (mailing list archive)

State

New, archived

Headers

From: Joerg Roedel <joro@8bytes.org>
To: x86@kernel.org
Cc: hpa@zytor.com, Andy Lutomirski <luto@kernel.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Thomas Hellstrom <thellstrom@vmware.com>,
        Jiri Slaby <jslaby@suse.cz>,
        Dan Williams <dan.j.williams@intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Juergen Gross <jgross@suse.com>,
        Kees Cook <keescook@chromium.org>,
        David Rientjes <rientjes@google.com>,
        Cfir Cohen <cfir@google.com>,
        Erdem Aktas <erdemaktas@google.com>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        Mike Stunes <mstunes@vmware.com>,
        Joerg Roedel <joro@8bytes.org>, Joerg Roedel <jroedel@suse.de>,
        linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
        virtualization@lists.linux-foundation.org
Subject: [PATCH v3 69/75] x86/realmode: Setup AP jump table
Date: Tue, 28 Apr 2020 17:17:19 +0200
Message-Id: <20200428151725.31091-70-joro@8bytes.org>
In-Reply-To: <20200428151725.31091-1-joro@8bytes.org>
References: <20200428151725.31091-1-joro@8bytes.org>
Sender: kvm-owner@vger.kernel.org
Precedence: bulk

Series

x86: SEV-ES Guest Support | expand

Commit Message

Joerg Roedel April 28, 2020, 3:17 p.m. UTC

From: Tom Lendacky <thomas.lendacky@amd.com>

Setup the AP jump table to point to the SEV-ES trampoline code so that
the APs can boot.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
[ jroedel@suse.de: - Adapted to different code base
                   - Moved AP table setup from SIPI sending path to
		     real-mode setup code
		   - Fix sparse warnings ]
Co-developed-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
---
 arch/x86/include/asm/sev-es.h   |  6 +++
 arch/x86/include/uapi/asm/svm.h |  3 ++
 arch/x86/kernel/sev-es.c        | 66 +++++++++++++++++++++++++++++++++
 arch/x86/realmode/init.c        |  6 +++
 4 files changed, 81 insertions(+)

Comments

Borislav Petkov May 29, 2020, 9:02 a.m. UTC | #1

On Tue, Apr 28, 2020 at 05:17:19PM +0200, Joerg Roedel wrote:
> From: Tom Lendacky <thomas.lendacky@amd.com>
> 
> Setup the AP jump table to point to the SEV-ES trampoline code so that
> the APs can boot.

Tom, in his laconic way, doesn't want to explain to us why is this even
needed...

:)

/me reads the code

/me reads the GHCB spec

aha, it gets it from the HV. And it can be set by the guest too...

So how about expanding that commit message as to why this is done, why
needed, etc?

Thx.

> diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c
> index 262f83cad355..1c5cbfd102d5 100644
> --- a/arch/x86/realmode/init.c
> +++ b/arch/x86/realmode/init.c
> @@ -9,6 +9,7 @@
>  #include <asm/realmode.h>
>  #include <asm/tlbflush.h>
>  #include <asm/crash.h>
> +#include <asm/sev-es.h>
>  
>  struct real_mode_header *real_mode_header;
>  u32 *trampoline_cr4_features;
> @@ -107,6 +108,11 @@ static void __init setup_real_mode(void)
>  	if (sme_active())
>  		trampoline_header->flags |= TH_FLAGS_SME_ACTIVE;
>  
> +	if (sev_es_active()) {
> +		if (sev_es_setup_ap_jump_table(real_mode_header))
> +			panic("Failed to update SEV-ES AP Jump Table");
> +	}
> +

So this function gets slowly sprinkled with

	if (sev-something)
		bla

Please wrap at least those last two into a

	sev_setup_real_mode()

or so.

Tom Lendacky May 29, 2020, 4:21 p.m. UTC | #2

On 5/29/20 4:02 AM, Borislav Petkov wrote:
> On Tue, Apr 28, 2020 at 05:17:19PM +0200, Joerg Roedel wrote:
>> From: Tom Lendacky <thomas.lendacky@amd.com>
>>
>> Setup the AP jump table to point to the SEV-ES trampoline code so that
>> the APs can boot.
> 
> Tom, in his laconic way, doesn't want to explain to us why is this even
> needed...
> 
> :)

Looks like some of the detail was lost during the patch shuffling. 
Originally (on GitHub) this was the text:

  As part of the GHCB specification, the booting of APs under SEV-ES
  requires an AP jump table when transitioning from one layer of code to
  another (e.g. when going from UEFI to the OS). As a result, each layer
  that parks an AP must provide the physical address of an AP jump table
  to the next layer using the GHCB MSR.

  Upon booting of the kernel, read the GHCB MSR and save the address of
  the AP jump table. Under SEV-ES, APs are started using the INIT-SIPI-SIPI
  sequence. Before issuing the first SIPI request for an AP, the start eip
  is programmed into the AP jump table. Upon issuing the SIPI request, the
  AP will awaken and jump to the start eip address programmed into the AP
  jump table.

It needs to change "GHCB MSR" to "VMGEXIT MSR protocol", but should cover 
what you're looking for.

Thanks,
Tom

> 
> /me reads the code
> 
> /me reads the GHCB spec
> 
> aha, it gets it from the HV. And it can be set by the guest too...
> 
> So how about expanding that commit message as to why this is done, why
> needed, etc?
> 
> Thx.
> 
>> diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c
>> index 262f83cad355..1c5cbfd102d5 100644
>> --- a/arch/x86/realmode/init.c
>> +++ b/arch/x86/realmode/init.c
>> @@ -9,6 +9,7 @@
>>   #include <asm/realmode.h>
>>   #include <asm/tlbflush.h>
>>   #include <asm/crash.h>
>> +#include <asm/sev-es.h>
>>   
>>   struct real_mode_header *real_mode_header;
>>   u32 *trampoline_cr4_features;
>> @@ -107,6 +108,11 @@ static void __init setup_real_mode(void)
>>   	if (sme_active())
>>   		trampoline_header->flags |= TH_FLAGS_SME_ACTIVE;
>>   
>> +	if (sev_es_active()) {
>> +		if (sev_es_setup_ap_jump_table(real_mode_header))
>> +			panic("Failed to update SEV-ES AP Jump Table");
>> +	}
>> +
> 
> So this function gets slowly sprinkled with
> 
> 	if (sev-something)
> 		bla
> 
> Please wrap at least those last two into a
> 
> 	sev_setup_real_mode()
> 
> or so.
>

diff --git a/arch/x86/include/asm/sev-es.h b/arch/x86/include/asm/sev-es.h
index ca0e12cb089c..c89b6e2e6439 100644
--- a/arch/x86/include/asm/sev-es.h
+++ b/arch/x86/include/asm/sev-es.h
@@ -78,17 +78,23 @@  static inline u64 lower_bits(u64 val, unsigned int bits)
 extern void vc_no_ghcb(void);
 extern bool vc_boot_ghcb(struct pt_regs *regs);
 
+struct real_mode_header;
 enum stack_type;
 
 #ifdef CONFIG_AMD_MEM_ENCRYPT
 const char *vc_stack_name(enum stack_type type);
 void sev_es_nmi_enter(void);
 void sev_es_nmi_exit(void);
+int sev_es_setup_ap_jump_table(struct real_mode_header *rmh);
 #else /* CONFIG_AMD_MEM_ENCRYPT */
 static inline const char *vc_stack_name(enum stack_type type)
 {
 	return NULL;
 }
+static inline int sev_es_setup_ap_jump_table(struct real_mode_header *rmh)
+{
+	return 0;
+}
 #endif /* CONFIG_AMD_MEM_ENCRYPT*/
 
 #endif
diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h
index 8f36ae021a7f..a19ce9681ec2 100644
--- a/arch/x86/include/uapi/asm/svm.h
+++ b/arch/x86/include/uapi/asm/svm.h
@@ -84,6 +84,9 @@ 
 /* SEV-ES software-defined VMGEXIT events */
 #define SVM_VMGEXIT_MMIO_READ			0x80000001
 #define SVM_VMGEXIT_MMIO_WRITE			0x80000002
+#define SVM_VMGEXIT_AP_JUMP_TABLE		0x80000005
+#define		SVM_VMGEXIT_SET_AP_JUMP_TABLE			0
+#define		SVM_VMGEXIT_GET_AP_JUMP_TABLE			1
 #define SVM_VMGEXIT_UNSUPPORTED_EVENT		0x8000ffff
 
 #define SVM_EXIT_ERR           -1
diff --git a/arch/x86/kernel/sev-es.c b/arch/x86/kernel/sev-es.c
index 047fa47ef9d4..28725c38e6fb 100644
--- a/arch/x86/kernel/sev-es.c
+++ b/arch/x86/kernel/sev-es.c
@@ -25,6 +25,7 @@ 
 #include <asm/cpu_entry_area.h>
 #include <asm/stacktrace.h>
 #include <asm/trap_defs.h>
+#include <asm/realmode.h>
 #include <asm/sev-es.h>
 #include <asm/insn-eval.h>
 #include <asm/fpu/internal.h>
@@ -159,6 +160,8 @@  static void sev_es_put_ghcb(struct ghcb_state *state)
 /* Needed in vc_early_vc_forward_exception */
 void do_early_exception(struct pt_regs *regs, int trapnr);
 
+static inline u64 sev_es_rd_ghcb_msr(void);
+
 static inline u64 sev_es_rd_ghcb_msr(void)
 {
 	return native_read_msr(MSR_AMD64_SEV_ES_GHCB);
@@ -336,6 +339,69 @@  static phys_addr_t vc_slow_virt_to_phys(struct ghcb *ghcb, unsigned long vaddr)
 /* Include code shared with pre-decompression boot stage */
 #include "sev-es-shared.c"
 
+static u64 sev_es_get_jump_table_addr(void)
+{
+	struct ghcb_state state;
+	unsigned long flags;
+	struct ghcb *ghcb;
+	u64 ret;
+
+	local_irq_save(flags);
+
+	ghcb = sev_es_get_ghcb(&state);
+
+	vc_ghcb_invalidate(ghcb);
+	ghcb_set_sw_exit_code(ghcb, SVM_VMGEXIT_AP_JUMP_TABLE);
+	ghcb_set_sw_exit_info_1(ghcb, SVM_VMGEXIT_GET_AP_JUMP_TABLE);
+	ghcb_set_sw_exit_info_2(ghcb, 0);
+
+	sev_es_wr_ghcb_msr(__pa(ghcb));
+	VMGEXIT();
+
+	if (!ghcb_is_valid_sw_exit_info_1(ghcb) ||
+	    !ghcb_is_valid_sw_exit_info_2(ghcb))
+		ret = 0;
+
+	ret = ghcb->save.sw_exit_info_2;
+
+	sev_es_put_ghcb(&state);
+
+	local_irq_restore(flags);
+
+	return ret;
+}
+
+int sev_es_setup_ap_jump_table(struct real_mode_header *rmh)
+{
+	u16 startup_cs, startup_ip;
+	phys_addr_t jump_table_pa;
+	u64 jump_table_addr;
+	u16 __iomem *jump_table;
+
+	jump_table_addr = sev_es_get_jump_table_addr();
+
+	/* Check if AP Jump Table is non-zero and page-aligned */
+	if (!jump_table_addr || jump_table_addr & ~PAGE_MASK)
+		return 0;
+
+	jump_table_pa = jump_table_addr & PAGE_MASK;
+
+	startup_cs = (u16)(rmh->trampoline_start >> 4);
+	startup_ip = (u16)(rmh->sev_es_trampoline_start -
+			   rmh->trampoline_start);
+
+	jump_table = ioremap_encrypted(jump_table_pa, PAGE_SIZE);
+	if (!jump_table)
+		return -EIO;
+
+	writew(startup_ip, &jump_table[0]);
+	writew(startup_cs, &jump_table[1]);
+
+	iounmap(jump_table);
+
+	return 0;
+}
+
 static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt)
 {
 	struct pt_regs *regs = ctxt->regs;
diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c
index 262f83cad355..1c5cbfd102d5 100644
--- a/arch/x86/realmode/init.c
+++ b/arch/x86/realmode/init.c
@@ -9,6 +9,7 @@ 
 #include <asm/realmode.h>
 #include <asm/tlbflush.h>
 #include <asm/crash.h>
+#include <asm/sev-es.h>
 
 struct real_mode_header *real_mode_header;
 u32 *trampoline_cr4_features;
@@ -107,6 +108,11 @@  static void __init setup_real_mode(void)
 	if (sme_active())
 		trampoline_header->flags |= TH_FLAGS_SME_ACTIVE;
 
+	if (sev_es_active()) {
+		if (sev_es_setup_ap_jump_table(real_mode_header))
+			panic("Failed to update SEV-ES AP Jump Table");
+	}
+
 	trampoline_pgd = (u64 *) __va(real_mode_header->trampoline_pgd);
 	trampoline_pgd[0] = trampoline_pgd_entry.pgd;
 	trampoline_pgd[511] = init_top_pgt[511].pgd;

[v3,69/75] x86/realmode: Setup AP jump table

Commit Message

Comments

Patch