diff mbox series

[v7,61/72] x86/sev-es: Handle #DB Events

Message ID	20200907131613.12703-62-joro@8bytes.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=b9Ea=CQ=vger.kernel.org=kvm-owner@kernel.org> Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 06E1E15AB for <patchwork-kvm@patchwork.kernel.org>; Mon, 7 Sep 2020 17:30:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E24FB206E6 for <patchwork-kvm@patchwork.kernel.org>; Mon, 7 Sep 2020 17:30:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729799AbgIGR1y (ORCPT <rfc822;patchwork-kvm@patchwork.kernel.org>); Mon, 7 Sep 2020 13:27:54 -0400 Received: from 8bytes.org ([81.169.241.247]:43622 "EHLO theia.8bytes.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729519AbgIGNTh (ORCPT <rfc822;kvm@vger.kernel.org>); Mon, 7 Sep 2020 09:19:37 -0400 Received: from cap.home.8bytes.org (p549add56.dip0.t-ipconnect.de [84.154.221.86]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by theia.8bytes.org (Postfix) with ESMTPSA id 5DE823A56; Mon, 7 Sep 2020 15:17:14 +0200 (CEST) From: Joerg Roedel <joro@8bytes.org> To: x86@kernel.org Cc: Joerg Roedel <joro@8bytes.org>, Joerg Roedel <jroedel@suse.de>, hpa@zytor.com, Andy Lutomirski <luto@kernel.org>, Dave Hansen <dave.hansen@linux.intel.com>, Peter Zijlstra <peterz@infradead.org>, Jiri Slaby <jslaby@suse.cz>, Dan Williams <dan.j.williams@intel.com>, Tom Lendacky <thomas.lendacky@amd.com>, Juergen Gross <jgross@suse.com>, Kees Cook <keescook@chromium.org>, David Rientjes <rientjes@google.com>, Cfir Cohen <cfir@google.com>, Erdem Aktas <erdemaktas@google.com>, Masami Hiramatsu <mhiramat@kernel.org>, Mike Stunes <mstunes@vmware.com>, Sean Christopherson <sean.j.christopherson@intel.com>, Martin Radev <martin.b.radev@gmail.com>, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, virtualization@lists.linux-foundation.org Subject: [PATCH v7 61/72] x86/sev-es: Handle #DB Events Date: Mon, 7 Sep 2020 15:16:02 +0200 Message-Id: <20200907131613.12703-62-joro@8bytes.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200907131613.12703-1-joro@8bytes.org> References: <20200907131613.12703-1-joro@8bytes.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: <kvm.vger.kernel.org> X-Mailing-List: kvm@vger.kernel.org
Series	x86: SEV-ES Guest Support \| expand [v7,00/72] x86: SEV-ES Guest Support [v7,01/72] KVM: SVM: nested: Don't allocate VMCB structures on stack [v7,02/72] KVM: SVM: Add GHCB definitions [v7,03/72] KVM: SVM: Add GHCB Accessor functions [v7,04/72] KVM: SVM: Use __packed shorthand [v7,05/72] x86/cpufeatures: Add SEV-ES CPU feature [v7,06/72] x86/traps: Move pf error codes to <asm/trap_pf.h> [v7,07/72] x86/insn: Make inat-tables.c suitable for pre-decompression code [v7,08/72] x86/umip: Factor out instruction fetch [v7,09/72] x86/umip: Factor out instruction decoding [v7,10/72] x86/insn: Add insn_get_modrm_reg_off() [v7,11/72] x86/insn: Add insn_has_rep_prefix() helper [v7,12/72] x86/boot/compressed/64: Disable red-zone usage [v7,13/72] x86/boot/compressed/64: Add IDT Infrastructure [v7,14/72] x86/boot/compressed/64: Rename kaslr_64.c to ident_map_64.c [v7,15/72] x86/boot/compressed/64: Add page-fault handler [v7,16/72] x86/boot/compressed/64: Always switch to own page-table [v7,17/72] x86/boot/compressed/64: Don't pre-map memory in KASLR code [v7,18/72] x86/boot/compressed/64: Change add_identity_map() to take start and end [v7,19/72] x86/boot/compressed/64: Add stage1 #VC handler [v7,20/72] x86/boot/compressed/64: Call set_sev_encryption_mask() earlier [v7,21/72] x86/boot/compressed/64: Check return value of kernel_ident_mapping_init() [v7,22/72] x86/boot/compressed/64: Add set_page_en/decrypted() helpers [v7,23/72] x86/boot/compressed/64: Setup GHCB Based VC Exception handler [v7,24/72] x86/boot/compressed/64: Unmap GHCB page before booting the kernel [v7,25/72] x86/sev-es: Add support for handling IOIO exceptions [v7,26/72] x86/fpu: Move xgetbv()/xsetbv() into separate header [v7,27/72] x86/sev-es: Add CPUID handling to #VC handler [v7,28/72] x86/idt: Split idt_data setup out of set_intr_gate() [v7,29/72] x86/head/64: Install startup GDT [v7,30/72] x86/head/64: Load GDT after switch to virtual addresses [v7,31/72] x86/head/64: Load segment registers earlier [v7,32/72] x86/head/64: Switch to initial stack earlier [v7,33/72] x86/head/64: Install a CPU bringup IDT [v7,34/72] x86/idt: Move two function from k/idt.c to i/a/desc.h [v7,35/72] x86/head/64: Move early exception dispatch to C code [v7,36/72] x86/sev-es: Add SEV-ES Feature Detection [v7,37/72] x86/sev-es: Print SEV-ES info into kernel log [v7,38/72] x86/sev-es: Compile early handler code into kernel image [v7,39/72] x86/sev-es: Setup early #VC handler [v7,40/72] x86/sev-es: Setup GHCB based boot #VC handler [v7,41/72] x86/sev-es: Setup per-cpu GHCBs for the runtime handler [v7,42/72] x86/sev-es: Allocate and Map IST stack for #VC handler [v7,43/72] x86/sev-es: Adjust #VC IST Stack on entering NMI handler [v7,44/72] x86/dumpstack/64: Add noinstr version of get_stack_info() [v7,45/72] x86/entry/64: Add entry code for #VC handler [v7,46/72] x86/sev-es: Add Runtime #VC Exception Handler [v7,47/72] x86/sev-es: Wire up existing #VC exit-code handlers [v7,48/72] x86/sev-es: Handle instruction fetches from user-space [v7,49/72] x86/sev-es: Handle MMIO events [v7,50/72] x86/sev-es: Handle MMIO String Instructions [v7,51/72] x86/sev-es: Handle MSR events [v7,52/72] x86/sev-es: Handle DR7 read/write events [v7,53/72] x86/sev-es: Handle WBINVD Events [v7,54/72] x86/sev-es: Handle RDTSC(P) Events [v7,55/72] x86/sev-es: Handle RDPMC Events [v7,56/72] x86/sev-es: Handle INVD Events [v7,57/72] x86/sev-es: Handle MONITOR/MONITORX Events [v7,58/72] x86/sev-es: Handle MWAIT/MWAITX Events [v7,59/72] x86/sev-es: Handle VMMCALL Events [v7,60/72] x86/sev-es: Handle #AC Events [v7,61/72] x86/sev-es: Handle #DB Events [v7,62/72] x86/paravirt: Allow hypervisor specific VMMCALL handling under SEV-ES [v7,63/72] x86/kvm: Add KVM specific VMMCALL handling under SEV-ES [v7,64/72] x86/vmware: Add VMware specific handling for VMMCALL under SEV-ES [v7,65/72] x86/realmode: Add SEV-ES specific trampoline entry point [v7,66/72] x86/realmode: Setup AP jump table [v7,67/72] x86/smpboot: Load TSS and getcpu GDT entry before loading IDT [v7,68/72] x86/head/64: Don't call verify_cpu() on starting APs [v7,69/72] x86/sev-es: Support CPU offline/online [v7,70/72] x86/sev-es: Handle NMI State [v7,71/72] x86/efi: Add GHCB mappings when SEV-ES is active [v7,72/72] x86/sev-es: Check required CPU features for SEV-ES

Commit Message

Joerg Roedel Sept. 7, 2020, 1:16 p.m. UTC

From: Joerg Roedel <jroedel@suse.de>

Handle #VC exceptions caused by #DB exceptions in the guest. Those
must be handled outside of instrumentation_begin()/end() so that the
handler will not be raised recursively.

Handle them by calling the kernels debug exception handler.

Signed-off-by: Joerg Roedel <jroedel@suse.de>
---
 arch/x86/kernel/sev-es.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff mbox series

Patch

diff --git a/arch/x86/kernel/sev-es.c b/arch/x86/kernel/sev-es.c
index f78ab9369b9c..3eea4e910fc1 100644
--- a/arch/x86/kernel/sev-es.c
+++ b/arch/x86/kernel/sev-es.c
@@ -922,6 +922,14 @@  static enum es_result vc_handle_trap_ac(struct ghcb *ghcb,
 	return ES_EXCEPTION;
 }
 
+static __always_inline void vc_handle_trap_db(struct pt_regs *regs)
+{
+	if (user_mode(regs))
+		noist_exc_debug(regs);
+	else
+		exc_debug(regs);
+}
+
 static enum es_result vc_handle_exitcode(struct es_em_ctxt *ctxt,
 					 struct ghcb *ghcb,
 					 unsigned long exit_code)
@@ -1033,6 +1041,15 @@  DEFINE_IDTENTRY_VC_SAFE_STACK(exc_vmm_communication)
 	struct ghcb *ghcb;
 
 	lockdep_assert_irqs_disabled();
+
+	/*
+	 * Handle #DB before calling into !noinstr code to avoid recursive #DB.
+	 */
+	if (error_code == SVM_EXIT_EXCP_BASE + X86_TRAP_DB) {
+		vc_handle_trap_db(regs);
+		return;
+	}
+
 	instrumentation_begin();
 
 	/*