Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1701933ybh; Tue, 14 Jul 2020 05:13:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwZVdCQalPnprsVNJaBV82YsHpa+10Rl2K288KMikdMw0XvmJTGgWeKaOSxmQwXSwmu1rkJ X-Received: by 2002:a50:f109:: with SMTP id w9mr4011762edl.277.1594728837207; Tue, 14 Jul 2020 05:13:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594728837; cv=none; d=google.com; s=arc-20160816; b=r/4fP/eME/kt0S2DO+AfUnW4w9C7is58uiMTM2Xr0X7QB4NdHP220Ngw175S0Q10v6 Vfk/JJo/E4kEorpgY7DDIY5TOCw0uhnyEVYIzpuWUUkMbhsXSVA0AllBs9IYUSVq2zC4 uueBRLDCYjJoMYUdbXtUETcOUKgdb08/rF1MxquWPnooQxGIoOVhCW1QhvDQ/KtKPvJE Q2w5kBUn2PyhzhOGGcUA+LtImKcyhhwpSm9G21ety6AbyuV1eSs1E1Mu3Migu1YQeKe+ 4p+F6Dg8afJhQNy324jZWin/d+zlRzI++pNu49PLJIdovcO3DFyUydlnyB3QfV5dKL2d jYCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=eSwuyPJxwrFANKWmJtk52sguHOU5Q/qo8GQ/W9TQz8I=; b=096sGo6T2tME0PVTZ3cy2tgQbIXOvG2VX1wa3QGR0kKkJV1nA9N5K5QT8nyILK0nCu itSAkm5UsAoyxfq3WR6SvjbyfEjm+aRDOflMZHLk0PKCyObc0JAb87nTU+nMf3SuEk+2 G4IEYnJDLfHag4DqGvaZWZnX5Q62dp0c67USK62dLOvM9M6KHshZU756OfZOh/f6MPac JJ3e48iHm0Qjvj51DxdvrA7+v8O6jrzk8HzKxTNQJYou5N/rkFMRm8JTPdAPJZeDVFO4 KrKh8HKG/YkoVorkNGTK3yvnplUG5AWwPnid8i+ABO5/kDLrkc5gCs5vg2LPl53P/YEd jK7w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bs18si11264465edb.517.2020.07.14.05.13.34; Tue, 14 Jul 2020 05:13:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728764AbgGNMMb (ORCPT + 99 others); Tue, 14 Jul 2020 08:12:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60738 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728575AbgGNMLS (ORCPT ); Tue, 14 Jul 2020 08:11:18 -0400 Received: from theia.8bytes.org (8bytes.org [IPv6:2a01:238:4383:600:38bc:a715:4b6d:a889]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 53AC6C061755; Tue, 14 Jul 2020 05:11:18 -0700 (PDT) Received: from cap.home.8bytes.org (p5b006776.dip0.t-ipconnect.de [91.0.103.118]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by theia.8bytes.org (Postfix) with ESMTPSA id 61DA3FDE; Tue, 14 Jul 2020 14:11:08 +0200 (CEST) From: Joerg Roedel To: x86@kernel.org Cc: Joerg Roedel , Joerg Roedel , hpa@zytor.com, Andy Lutomirski , Dave Hansen , Peter Zijlstra , Jiri Slaby , Dan Williams , Tom Lendacky , Juergen Gross , Kees Cook , David Rientjes , Cfir Cohen , Erdem Aktas , Masami Hiramatsu , Mike Stunes , Sean Christopherson , Martin Radev , linux-kernel@vger.kernel.org, kvm@vger.kernel.org, virtualization@lists.linux-foundation.org Subject: [PATCH v4 64/75] x86/paravirt: Allow hypervisor specific VMMCALL handling under SEV-ES Date: Tue, 14 Jul 2020 14:09:06 +0200 Message-Id: <20200714120917.11253-65-joro@8bytes.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200714120917.11253-1-joro@8bytes.org> References: <20200714120917.11253-1-joro@8bytes.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Joerg Roedel Add two new paravirt callbacks to provide hypervisor specific processor state in the GHCB and to copy state from the hypervisor back to the processor. Signed-off-by: Joerg Roedel --- arch/x86/include/asm/x86_init.h | 16 +++++++++++++++- arch/x86/kernel/sev-es.c | 12 ++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h index 6807153c0410..0304e2931cd3 100644 --- a/arch/x86/include/asm/x86_init.h +++ b/arch/x86/include/asm/x86_init.h @@ -4,8 +4,10 @@ #include +struct ghcb; struct mpc_bus; struct mpc_cpu; +struct pt_regs; struct mpc_table; struct cpuinfo_x86; @@ -236,10 +238,22 @@ struct x86_legacy_features { /** * struct x86_hyper_runtime - x86 hypervisor specific runtime callbacks * - * @pin_vcpu: pin current vcpu to specified physical cpu (run rarely) + * @pin_vcpu: pin current vcpu to specified physical + * cpu (run rarely) + * @sev_es_hcall_prepare: Load additional hypervisor-specific + * state into the GHCB when doing a VMMCALL under + * SEV-ES. Called from the #VC exception handler. + * @sev_es_hcall_finish: Copies state from the GHCB back into the + * processor (or pt_regs). Also runs checks on the + * state returned from the hypervisor after a + * VMMCALL under SEV-ES. Needs to return 'false' + * if the checks fail. Called from the #VC + * exception handler. */ struct x86_hyper_runtime { void (*pin_vcpu)(int cpu); + void (*sev_es_hcall_prepare)(struct ghcb *ghcb, struct pt_regs *regs); + bool (*sev_es_hcall_finish)(struct ghcb *ghcb, struct pt_regs *regs); }; /** diff --git a/arch/x86/kernel/sev-es.c b/arch/x86/kernel/sev-es.c index b0f08d9669f1..76104c71fc85 100644 --- a/arch/x86/kernel/sev-es.c +++ b/arch/x86/kernel/sev-es.c @@ -903,6 +903,9 @@ static enum es_result vc_handle_vmmcall(struct ghcb *ghcb, ghcb_set_rax(ghcb, ctxt->regs->ax); ghcb_set_cpl(ghcb, user_mode(ctxt->regs) ? 3 : 0); + if (x86_platform.hyper.sev_es_hcall_prepare) + x86_platform.hyper.sev_es_hcall_prepare(ghcb, ctxt->regs); + ret = sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_VMMCALL, 0, 0); if (ret != ES_OK) return ret; @@ -912,6 +915,15 @@ static enum es_result vc_handle_vmmcall(struct ghcb *ghcb, ctxt->regs->ax = ghcb->save.rax; + /* + * Call sev_es_hcall_finish() after regs->ax is already set. + * This allows the hypervisor handler to overwrite it again if + * necessary. + */ + if (x86_platform.hyper.sev_es_hcall_finish && + !x86_platform.hyper.sev_es_hcall_finish(ghcb, ctxt->regs)) + return ES_VMM_ERROR; + return ES_OK; } -- 2.27.0