[RFC Part1 PATCH 07/13] x86/compressed: register GHCB memory when SNP is active

From: Brijesh Singh
Date: Wed Mar 24 2021 - 12:45:38 EST

Next message: Brijesh Singh: "[RFC Part1 PATCH 06/13] x86/compressed: rescinds and validate the memory used for the GHCB"
Previous message: Brijesh Singh: "[RFC Part1 PATCH 04/13] x86/sev-snp: define page state change VMGEXIT structure"
In reply to: Brijesh Singh: "[RFC Part1 PATCH 04/13] x86/sev-snp: define page state change VMGEXIT structure"
Next in thread: Brijesh Singh: "[RFC Part1 PATCH 06/13] x86/compressed: rescinds and validate the memory used for the GHCB"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The SEV-SNP guest is required to perform GHCB GPA registration. This is
because the hypervisor may prefer that a guest use a consistent and/or
specific GPA for the GHCB associated with a vCPU. For more information,
see the GHCB specification section 2.5.2.

Currently, we do not support working with hypervisor preferred GPA, If
the hypervisor can not work with our provided GPA then we will terminate
the boot.

Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: Borislav Petkov <bp@xxxxxxxxx>
Cc: Joerg Roedel <jroedel@xxxxxxx>
Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
Cc: Tony Luck <tony.luck@xxxxxxxxx>
Cc: Dave Hansen <dave.hansen@xxxxxxxxx>
Cc: "Peter Zijlstra (Intel)" <peterz@xxxxxxxxxxxxx>
Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Cc: Tom Lendacky <thomas.lendacky@xxxxxxx>
Cc: David Rientjes <rientjes@xxxxxxxxxx>
Cc: Sean Christopherson <seanjc@xxxxxxxxxx>
Cc: x86@xxxxxxxxxx
Cc: kvm@xxxxxxxxxxxxxxx
Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
---
arch/x86/boot/compressed/sev-es.c | 4 ++++
arch/x86/boot/compressed/sev-snp.c | 26 ++++++++++++++++++++++++++
arch/x86/include/asm/sev-snp.h | 11 +++++++++++
3 files changed, 41 insertions(+)

diff --git a/arch/x86/boot/compressed/sev-es.c b/arch/x86/boot/compressed/sev-es.c
index 58b15b7c1aa7..c85d3d9ec57a 100644
--- a/arch/x86/boot/compressed/sev-es.c
+++ b/arch/x86/boot/compressed/sev-es.c
@@ -20,6 +20,7 @@
#include <asm/fpu/xcr.h>
#include <asm/ptrace.h>
#include <asm/svm.h>
+#include <asm/sev-snp.h>

#include "error.h"

@@ -118,6 +119,9 @@ static bool early_setup_sev_es(void)
/* Initialize lookup tables for the instruction decoder */
inat_init_tables();

+ /* SEV-SNP guest requires the GHCB GPA must be registered */
+ sev_snp_register_ghcb(__pa(&boot_ghcb_page));
+
return true;
}

diff --git a/arch/x86/boot/compressed/sev-snp.c b/arch/x86/boot/compressed/sev-snp.c
index 5c25103b0df1..a4c5e85699a7 100644
--- a/arch/x86/boot/compressed/sev-snp.c
+++ b/arch/x86/boot/compressed/sev-snp.c
@@ -113,3 +113,29 @@ void sev_snp_set_page_shared(unsigned long paddr)
{
sev_snp_set_page_private_shared(paddr, SNP_PAGE_STATE_SHARED);
}
+
+void sev_snp_register_ghcb(unsigned long paddr)
+{
+ u64 pfn = paddr >> PAGE_SHIFT;
+ u64 old, val;
+
+ if (!sev_snp_enabled())
+ return;
+
+ /* save the old GHCB MSR */
+ old = sev_es_rd_ghcb_msr();
+
+ /* Issue VMGEXIT */
+ sev_es_wr_ghcb_msr(GHCB_REGISTER_GPA_REQ_VAL(pfn));
+ VMGEXIT();
+
+ val = sev_es_rd_ghcb_msr();
+
+ /* If the response GPA is not ours then abort the guest */
+ if ((GHCB_SEV_GHCB_RESP_CODE(val) != GHCB_REGISTER_GPA_RESP) ||
+ (GHCB_REGISTER_GPA_RESP_VAL(val) != pfn))
+ sev_es_terminate(GHCB_SEV_ES_REASON_GENERAL_REQUEST);
+
+ /* Restore the GHCB MSR value */
+ sev_es_wr_ghcb_msr(old);
+}
diff --git a/arch/x86/include/asm/sev-snp.h b/arch/x86/include/asm/sev-snp.h
index f514dad276f2..0523eb21abd7 100644
--- a/arch/x86/include/asm/sev-snp.h
+++ b/arch/x86/include/asm/sev-snp.h
@@ -56,6 +56,13 @@ struct __packed snp_page_state_change {
struct snp_page_state_entry entry[SNP_PAGE_STATE_CHANGE_MAX_ENTRY];
};

+/* GHCB GPA register */
+#define GHCB_REGISTER_GPA_REQ 0x012UL
+#define GHCB_REGISTER_GPA_REQ_VAL(v) (GHCB_REGISTER_GPA_REQ | ((v) << 12))
+
+#define GHCB_REGISTER_GPA_RESP 0x013UL
+#define GHCB_REGISTER_GPA_RESP_VAL(val) ((val) >> 12)
+
#ifdef CONFIG_AMD_MEM_ENCRYPT
static inline int __pvalidate(unsigned long vaddr, int rmp_psize, int validate,
unsigned long *rflags)
@@ -73,6 +80,8 @@ static inline int __pvalidate(unsigned long vaddr, int rmp_psize, int validate,
return rc;
}

+void sev_snp_register_ghcb(unsigned long paddr);
+
#else /* !CONFIG_AMD_MEM_ENCRYPT */

static inline int __pvalidate(unsigned long vaddr, int psize, int validate, unsigned long *eflags)
@@ -80,6 +89,8 @@ static inline int __pvalidate(unsigned long vaddr, int psize, int validate, unsi
return 0;
}

+static inline void sev_snp_register_ghcb(unsigned long paddr) { }
+
#endif /* CONFIG_AMD_MEM_ENCRYPT */

#endif /* __ASSEMBLY__ */
--
2.17.1

Next message: Brijesh Singh: "[RFC Part1 PATCH 06/13] x86/compressed: rescinds and validate the memory used for the GHCB"
Previous message: Brijesh Singh: "[RFC Part1 PATCH 04/13] x86/sev-snp: define page state change VMGEXIT structure"
In reply to: Brijesh Singh: "[RFC Part1 PATCH 04/13] x86/sev-snp: define page state change VMGEXIT structure"
Next in thread: Brijesh Singh: "[RFC Part1 PATCH 06/13] x86/compressed: rescinds and validate the memory used for the GHCB"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]