Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1702414ybh; Tue, 14 Jul 2020 05:14:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx4QTDblkRyRNzXhsphqaY4l9JfZzCOgtaz8/x66ZbQugb3Ed5/JAQXayiqM5yHjhg0lLdn X-Received: by 2002:a05:6402:b0d:: with SMTP id bm13mr4261044edb.301.1594728885579; Tue, 14 Jul 2020 05:14:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594728885; cv=none; d=google.com; s=arc-20160816; b=DUtRzoUC0WY2LcrCuKbXa9I5KKSdk/OpUrqdd7Q+X1+qRec0Xa+YMMFrZRFJ8vSWZn 8ShlnsWIzUePFz3KGsJiWdKoW56r1nWDgEMNSFAFjTeiIV5EsDVe92hwTQ2yolNM1qYz durRcPMBjDi71zt+DWGWEKT8gp7TpHeX3FevAspQrN7H0ZitWOiO5TxlrGJpv8TphZEN kynXl4D31EANsrILHkIQhS5c+fmetVqgR3EcvBaJw6RPSBzhK8Mla6DJiEwUv7NCfiOu MOX1dMJuF+HamBYidOUQ78S0LzQGhQv3gmb3RfY4N8yNsDJnFSl5BegpzBtC1gapKYb8 5ZjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=9+WmanmQB1V4SJ0CgekDHOi4ctJkyM+AyZkA8WfmVjE=; b=rJoGTVCHB5HYsOGwJS1h2PqovLUnQ0D5mC+E8FbmnaU+P+e56hgxU9Y8NgSQZfHL7I JIkBUuMtxLL/FywlHWw1fWGh0oIlt65yDuq1IKDzygBYrajutms9dplZJRly1Y0vMluw wAdwbUEa6GAqeZFp2N3Dz76r3e4yUI0p0XBxObejUNmgyUo0kvPG2xhBe9jsVVJVNEsD i2F0wTJmH0Uv4ytV0mneDokUUW1C1kb9QN6lobwpKjY879bAKhRmvr+z1+XGr9LZhhsg ioRta3mUoe2OZHDF0vojbDbrQ9Q0hen7SqQvT9eWuzX/IpI6L3L8dAm14574zQtsdkKJ j2xw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u25si11562732ejr.632.2020.07.14.05.14.20; Tue, 14 Jul 2020 05:14:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728654AbgGNMLb (ORCPT + 99 others); Tue, 14 Jul 2020 08:11:31 -0400 Received: from 8bytes.org ([81.169.241.247]:54694 "EHLO theia.8bytes.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728572AbgGNMLT (ORCPT ); Tue, 14 Jul 2020 08:11:19 -0400 Received: from cap.home.8bytes.org (p5b006776.dip0.t-ipconnect.de [91.0.103.118]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by theia.8bytes.org (Postfix) with ESMTPSA id 1D21FFE7; Tue, 14 Jul 2020 14:11:10 +0200 (CEST) From: Joerg Roedel To: x86@kernel.org Cc: Joerg Roedel , Joerg Roedel , hpa@zytor.com, Andy Lutomirski , Dave Hansen , Peter Zijlstra , Jiri Slaby , Dan Williams , Tom Lendacky , Juergen Gross , Kees Cook , David Rientjes , Cfir Cohen , Erdem Aktas , Masami Hiramatsu , Mike Stunes , Sean Christopherson , Martin Radev , linux-kernel@vger.kernel.org, kvm@vger.kernel.org, virtualization@lists.linux-foundation.org Subject: [PATCH v4 67/75] x86/realmode: Add SEV-ES specific trampoline entry point Date: Tue, 14 Jul 2020 14:09:09 +0200 Message-Id: <20200714120917.11253-68-joro@8bytes.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200714120917.11253-1-joro@8bytes.org> References: <20200714120917.11253-1-joro@8bytes.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Joerg Roedel The code at the trampoline entry point is executed in real-mode. In real-mode #VC exceptions can't be handled, so anything that might cause such an exception must be avoided. In the standard trampoline entry code this is the WBINVD instruction and the call to verify_cpu(), which are both not needed anyway when running as an SEV-ES guest. Signed-off-by: Joerg Roedel --- arch/x86/include/asm/realmode.h | 3 +++ arch/x86/realmode/rm/header.S | 3 +++ arch/x86/realmode/rm/trampoline_64.S | 20 ++++++++++++++++++++ 3 files changed, 26 insertions(+) diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h index b35030eeec36..6590394af309 100644 --- a/arch/x86/include/asm/realmode.h +++ b/arch/x86/include/asm/realmode.h @@ -21,6 +21,9 @@ struct real_mode_header { /* SMP trampoline */ u32 trampoline_start; u32 trampoline_header; +#ifdef CONFIG_AMD_MEM_ENCRYPT + u32 sev_es_trampoline_start; +#endif #ifdef CONFIG_X86_64 u32 trampoline_pgd; #endif diff --git a/arch/x86/realmode/rm/header.S b/arch/x86/realmode/rm/header.S index af04512c02d9..8c1db5bf5d78 100644 --- a/arch/x86/realmode/rm/header.S +++ b/arch/x86/realmode/rm/header.S @@ -20,6 +20,9 @@ SYM_DATA_START(real_mode_header) /* SMP trampoline */ .long pa_trampoline_start .long pa_trampoline_header +#ifdef CONFIG_AMD_MEM_ENCRYPT + .long pa_sev_es_trampoline_start +#endif #ifdef CONFIG_X86_64 .long pa_trampoline_pgd; #endif diff --git a/arch/x86/realmode/rm/trampoline_64.S b/arch/x86/realmode/rm/trampoline_64.S index 251758ed7443..84c5d1b33d10 100644 --- a/arch/x86/realmode/rm/trampoline_64.S +++ b/arch/x86/realmode/rm/trampoline_64.S @@ -56,6 +56,7 @@ SYM_CODE_START(trampoline_start) testl %eax, %eax # Check for return code jnz no_longmode +.Lswitch_to_protected: /* * GDT tables in non default location kernel can be beyond 16MB and * lgdt will not be able to load the address as in real mode default @@ -80,6 +81,25 @@ no_longmode: jmp no_longmode SYM_CODE_END(trampoline_start) +#ifdef CONFIG_AMD_MEM_ENCRYPT +/* SEV-ES supports non-zero IP for entry points - no alignment needed */ +SYM_CODE_START(sev_es_trampoline_start) + cli # We should be safe anyway + + LJMPW_RM(1f) +1: + mov %cs, %ax # Code and data in the same place + mov %ax, %ds + mov %ax, %es + mov %ax, %ss + + # Setup stack + movl $rm_stack_end, %esp + + jmp .Lswitch_to_protected +SYM_CODE_END(sev_es_trampoline_start) +#endif /* CONFIG_AMD_MEM_ENCRYPT */ + #include "../kernel/verify_cpu.S" .section ".text32","ax" -- 2.27.0