Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp86584pxf; Wed, 10 Mar 2021 00:49:06 -0800 (PST) X-Google-Smtp-Source: ABdhPJxa77wsZNWMspWk7VNI1hF8wtidx0JN2nzbR+9cC4BSA+ZgL9BTRqWipXNec7/97XQ6uyi7 X-Received: by 2002:a17:906:4705:: with SMTP id y5mr2520652ejq.119.1615366146581; Wed, 10 Mar 2021 00:49:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1615366146; cv=none; d=google.com; s=arc-20160816; b=i8HqZr1livyzb2nOy1Ls12nZIm0box6/ZbzM3n3DsF8QagvCgahJydKY8PgM1dFg0M 8XGYKNtIO3f3wOyGm6jp2Dy5QVwBTHiwormAgu9SQCllA7srjVSoCSYZ7I92bThOnEP6 jKPBoBk8z0nFtbR8AsSR/7z0htHl0IhEm4VniWtCYGyZCDoKtZuyq9pYbZTLdPdEuSlW /CakbZtKSH5zyCVXOilQ/qU4z/wnWY3aMfBuMhebyBB5Y7cs8wsMw8ARcXxlaGbVSVxV 6ppmDIGJZFBxMX/O9x/8MEx4iCh5adlz83KRGmWH5xR+UTpqJOG3E3KBu1oEMEQonNHh VxZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=djZpQKbgQqSLCc8akBndc4ycwItmUeBIC+XB6Hwz/d4=; b=A9FoYV+wI9G9m3LylbhcO8/pu3AZP24+6SwoOIjTvwkry2QkuxDl/r19wEcue2LWbx tFgM/J23HrsLaoQuBWGsPEnA2ktem0n6/cTB5HeZrUqaFZJNaaOosIZ4YaGCsm1eYdbY fB4kVj2ey0iIykprZaGaxE7dOHpF7iq/oXxGeb7WI0h3ZtiovDgC8keRD/q7cOyHUdvu pEM9jRdwmGNCqR6vxwyAqCSqyrl3Fb//CJqtWdJ/zK5BUmHNMOxGOX8klltYdnSVQFeg JgCob45NYqn4Fdajiw+WU90Gl2qCo1FP+Z6Bw4tgRxoZFQjtKzgAkuLc387zQ01iFODT VuOw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u19si11669140edo.583.2021.03.10.00.48.43; Wed, 10 Mar 2021 00:49:06 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232509AbhCJIok (ORCPT + 99 others); Wed, 10 Mar 2021 03:44:40 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40950 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231492AbhCJIn6 (ORCPT ); Wed, 10 Mar 2021 03:43:58 -0500 Received: from theia.8bytes.org (8bytes.org [IPv6:2a01:238:4383:600:38bc:a715:4b6d:a889]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C54FC061760; Wed, 10 Mar 2021 00:43:54 -0800 (PST) Received: from cap.home.8bytes.org (p549adcf6.dip0.t-ipconnect.de [84.154.220.246]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by theia.8bytes.org (Postfix) with ESMTPSA id F0A60261; Wed, 10 Mar 2021 09:43:50 +0100 (CET) From: Joerg Roedel To: x86@kernel.org Cc: Joerg Roedel , Joerg Roedel , hpa@zytor.com, Andy Lutomirski , Dave Hansen , Peter Zijlstra , Jiri Slaby , Dan Williams , Tom Lendacky , Juergen Gross , Kees Cook , David Rientjes , Cfir Cohen , Erdem Aktas , Masami Hiramatsu , Mike Stunes , Sean Christopherson , Martin Radev , Arvind Sankar , linux-kernel@vger.kernel.org, kvm@vger.kernel.org, virtualization@lists.linux-foundation.org Subject: [PATCH v2 0/7] x86/seves: Support 32-bit boot path and other updates Date: Wed, 10 Mar 2021 09:43:18 +0100 Message-Id: <20210310084325.12966-1-joro@8bytes.org> X-Mailer: git-send-email 2.30.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Joerg Roedel Hi, these patches add support for the 32-bit boot in the decompressor code. This is needed to boot an SEV-ES guest on some firmware and grub versions. The patches also add the necessary CPUID sanity checks and a 32-bit version of the C-bit check. Other updates included here: 1. Add code to shut down exception handling in the decompressor code before jumping to the real kernel. Once in the real kernel it is not safe anymore to jump back to the decompressor code via exceptions. 2. Replace open-coded hlt loops with proper calls to sev_es_terminate(). Please review. Thanks, Joerg Changes to v1: - Addressed Boris' review comments. - Fixed a bug which caused the cbit-check to never be executed even in an SEV guest. Joerg Roedel (7): x86/boot/compressed/64: Cleanup exception handling before booting kernel x86/boot/compressed/64: Reload CS in startup_32 x86/boot/compressed/64: Setup IDT in startup_32 boot path x86/boot/compressed/64: Add 32-bit boot #VC handler x86/boot/compressed/64: Add CPUID sanity check to 32-bit boot-path x86/boot/compressed/64: Check SEV encryption in 32-bit boot-path x86/sev-es: Replace open-coded hlt-loops with sev_es_terminate() arch/x86/boot/compressed/head_64.S | 170 ++++++++++++++++++++++++- arch/x86/boot/compressed/idt_64.c | 14 ++ arch/x86/boot/compressed/mem_encrypt.S | 132 ++++++++++++++++++- arch/x86/boot/compressed/misc.c | 7 +- arch/x86/boot/compressed/misc.h | 6 + arch/x86/boot/compressed/sev-es.c | 12 +- arch/x86/kernel/sev-es-shared.c | 10 +- 7 files changed, 328 insertions(+), 23 deletions(-) -- 2.30.1