Received: by 2002:a05:6a10:144:0:0:0:0 with SMTP id 4csp139386pxw; Fri, 8 Apr 2022 03:39:05 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwFm+VBQJ3EcZuoQUrgCbI+3ucQ5aQplU+c+GBprHMMK6VWsfJXBnL1ra58VeFeSKQMpFoB X-Received: by 2002:a17:90b:1c8f:b0:1b8:c6dc:ca61 with SMTP id oo15-20020a17090b1c8f00b001b8c6dcca61mr20807156pjb.13.1649414345529; Fri, 08 Apr 2022 03:39:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649414345; cv=none; d=google.com; s=arc-20160816; b=nJ4IOadNQYyrewe17mkt6d5uAcMZyc8Ge+JhtWpQbzK7fXPOPNKJiTz8XywXKFaDyC 2A6CT8aHTIiSDF0NDHH2XO4n6N502Z+cO91X112vamStJo1I5PEDn+Fa2AQsGc4k5VBl Z2UBbgLRZAHXdSededSC4P8IgDcqq2io9UHfkIOkP7al48kwL0qvWLq5q6jNwTBTjdlj esuZCiETS+6K2Pxa+ZNvbV81y/namI8mMm99uAbsX88OqDsT32VXsHR+jTJegwN3hgk7 n3EosHUJgPxSYVyMzSnCL06wA0CSjR728QzlLk5GmX9WoChq69Eftc/DYe3MsIFCLeoD Awlw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:references:in-reply-to:cc:subject :to:reply-to:sender:from:dkim-signature:dkim-signature:date; bh=iJBANRXPRVZPm5lVGyJv8/rMfmj8BkXuXOlVD2KZ+SE=; b=v8eS06zPyA7MEQExTCGKenEReN0xLUkwRSDT8+/F844pVUs4nzhNXMXLlYzquMq2gP tpwvwIoKZ+72MNM1ZEtGaViUQMq6Pkv6gtzIUpaSwNi3xPm8dH9+zQDWM8Xt+6F7xcZU UccyWrHf9uEzat+tSg15PbrKuDYiB0lVwILH84B2Xeg5VBWpqjjKCuKUVybHcanfdA9V pDe5a1JJaO4qvvwZPTcBD7JY5v6hIVYPsyYQiX1MDN9vUeTCsP58kltK3RF/Vs1zZ76+ DPs487ypWRGSF/Sly72dda5Kvs+L6MM4+xZ3sEUEBPIudXnFV2DSXIy9tU9LP7RooA4i OvTw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=dmyKhUU0; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b="IBrwsa/S"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m4-20020a170902bb8400b00153bc4c0a7fsi391081pls.593.2022.04.08.03.38.52; Fri, 08 Apr 2022 03:39:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=dmyKhUU0; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b="IBrwsa/S"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232879AbiDHJQr (ORCPT + 99 others); Fri, 8 Apr 2022 05:16:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38260 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233082AbiDHJMF (ORCPT ); Fri, 8 Apr 2022 05:12:05 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B42B11E95E9; Fri, 8 Apr 2022 02:09:13 -0700 (PDT) Date: Fri, 08 Apr 2022 09:09:10 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1649408951; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iJBANRXPRVZPm5lVGyJv8/rMfmj8BkXuXOlVD2KZ+SE=; b=dmyKhUU05DBRAkB2is7WR5bwM/SaHDCYKgJLwDXbvUDGIAXofAKDqPYDsbwifVCItF3V/S rA5fajiNkqrAZje+Bd4pQ768roFNFy+ds8eOL3LQUe3fkrnOTkjLywPg9bWvU4jYayrAIe enKZ7MBWUAqggcgjBsLcTGo+T+Jt31rD3KQZSchBtJT5xZ+Q09TuN7Mtqz+QavegLLKdqE rtWs3PY/kEoBQcSLxQG9PVkcyCRoz45RXD1XnyWq+HjY/41o8l7puIkbpjyOAGn9dqoHsQ +IIMcbCXcAx18szbisC+pZxIy6PZBJBMSOpfE8Uz9U57Uraa+EkDMU7rTZhb4Q== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1649408951; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iJBANRXPRVZPm5lVGyJv8/rMfmj8BkXuXOlVD2KZ+SE=; b=IBrwsa/SLpndSExD/vaneSD8har12RKb7Bf9a/v1ntIGlJwDuQO0PqQNmcS/937pnPxiTA tWbd0alBllvYcZAg== From: "tip-bot2 for Brijesh Singh" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/sev] x86/sev: Define the Linux-specific guest termination reasons Cc: Brijesh Singh , Borislav Petkov , Venu Busireddy , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20220307213356.2797205-11-brijesh.singh@amd.com> References: <20220307213356.2797205-11-brijesh.singh@amd.com> MIME-Version: 1.0 Message-ID: <164940895068.389.15789670965915429783.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The following commit has been merged into the x86/sev branch of tip: Commit-ID: 6c0f74d678c94060932683738b3e227995b363d3 Gitweb: https://git.kernel.org/tip/6c0f74d678c94060932683738b3e227995b363d3 Author: Brijesh Singh AuthorDate: Wed, 09 Feb 2022 12:10:04 -06:00 Committer: Borislav Petkov CommitterDate: Wed, 06 Apr 2022 13:02:41 +02:00 x86/sev: Define the Linux-specific guest termination reasons The GHCB specification defines the reason code for reason set 0. The reason codes defined in the set 0 do not cover all possible causes for a guest to request termination. The reason sets 1 to 255 are reserved for the vendor-specific codes. Reserve the reason set 1 for the Linux guest. Define the error codes for reason set 1 so that one can have meaningful termination reasons and thus better guest failure diagnosis. While at it, change sev_es_terminate() to accept a reason set parameter. [ bp: Massage commit message. ] Signed-off-by: Brijesh Singh Signed-off-by: Borislav Petkov Reviewed-by: Venu Busireddy Link: https://lore.kernel.org/r/20220307213356.2797205-11-brijesh.singh@amd.com --- arch/x86/boot/compressed/sev.c | 6 +++--- arch/x86/include/asm/sev-common.h | 8 ++++++++ arch/x86/kernel/sev-shared.c | 11 ++++------- arch/x86/kernel/sev.c | 4 ++-- 4 files changed, 17 insertions(+), 12 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 27ccd5a..56e941d 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -119,7 +119,7 @@ static enum es_result vc_read_mem(struct es_em_ctxt *ctxt, static bool early_setup_sev_es(void) { if (!sev_es_negotiate_protocol()) - sev_es_terminate(GHCB_SEV_ES_PROT_UNSUPPORTED); + sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SEV_ES_PROT_UNSUPPORTED); if (set_page_decrypted((unsigned long)&boot_ghcb_page)) return false; @@ -172,7 +172,7 @@ void do_boot_stage2_vc(struct pt_regs *regs, unsigned long exit_code) enum es_result result; if (!boot_ghcb && !early_setup_sev_es()) - sev_es_terminate(GHCB_SEV_ES_GEN_REQ); + sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SEV_ES_GEN_REQ); vc_ghcb_invalidate(boot_ghcb); result = vc_init_em_ctxt(&ctxt, regs, exit_code); @@ -199,7 +199,7 @@ finish: if (result == ES_OK) vc_finish_insn(&ctxt); else if (result != ES_RETRY) - sev_es_terminate(GHCB_SEV_ES_GEN_REQ); + sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SEV_ES_GEN_REQ); } void sev_enable(struct boot_params *bp) diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h index 1b2fd32..94f0ea5 100644 --- a/arch/x86/include/asm/sev-common.h +++ b/arch/x86/include/asm/sev-common.h @@ -73,9 +73,17 @@ /* GHCBData[23:16] */ \ ((((u64)reason_val) & 0xff) << 16)) +/* Error codes from reason set 0 */ +#define SEV_TERM_SET_GEN 0 #define GHCB_SEV_ES_GEN_REQ 0 #define GHCB_SEV_ES_PROT_UNSUPPORTED 1 +/* Linux-specific reason codes (used with reason set 1) */ +#define SEV_TERM_SET_LINUX 1 +#define GHCB_TERM_REGISTER 0 /* GHCB GPA registration failure */ +#define GHCB_TERM_PSC 1 /* Page State Change failure */ +#define GHCB_TERM_PVALIDATE 2 /* Pvalidate failure */ + #define GHCB_RESP_CODE(v) ((v) & GHCB_MSR_INFO_MASK) /* diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c index ce98768..2abf8a7 100644 --- a/arch/x86/kernel/sev-shared.c +++ b/arch/x86/kernel/sev-shared.c @@ -24,15 +24,12 @@ static bool __init sev_es_check_cpu_features(void) return true; } -static void __noreturn sev_es_terminate(unsigned int reason) +static void __noreturn sev_es_terminate(unsigned int set, unsigned int reason) { u64 val = GHCB_MSR_TERM_REQ; - /* - * Tell the hypervisor what went wrong - only reason-set 0 is - * currently supported. - */ - val |= GHCB_SEV_TERM_REASON(0, reason); + /* Tell the hypervisor what went wrong. */ + val |= GHCB_SEV_TERM_REASON(set, reason); /* Request Guest Termination from Hypvervisor */ sev_es_wr_ghcb_msr(val); @@ -221,7 +218,7 @@ void __init do_vc_no_ghcb(struct pt_regs *regs, unsigned long exit_code) fail: /* Terminate the guest */ - sev_es_terminate(GHCB_SEV_ES_GEN_REQ); + sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SEV_ES_GEN_REQ); } static enum es_result vc_insn_string_read(struct es_em_ctxt *ctxt, diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index e6d316a..19ad097 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -1337,7 +1337,7 @@ DEFINE_IDTENTRY_VC_KERNEL(exc_vmm_communication) show_regs(regs); /* Ask hypervisor to sev_es_terminate */ - sev_es_terminate(GHCB_SEV_ES_GEN_REQ); + sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SEV_ES_GEN_REQ); /* If that fails and we get here - just panic */ panic("Returned from Terminate-Request to Hypervisor\n"); @@ -1385,7 +1385,7 @@ bool __init handle_vc_boot_ghcb(struct pt_regs *regs) /* Do initial setup or terminate the guest */ if (unlikely(boot_ghcb == NULL && !sev_es_setup_ghcb())) - sev_es_terminate(GHCB_SEV_ES_GEN_REQ); + sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SEV_ES_GEN_REQ); vc_ghcb_invalidate(boot_ghcb);