Message ID | 20210602140416.23573-10-brijesh.singh@amd.com |
---|---|
State | New |
Headers | show |
Series | Add AMD Secure Nested Paging (SEV-SNP) Guest Support | expand |
On 6/9/21 12:47 PM, Borislav Petkov wrote: > On Wed, Jun 02, 2021 at 09:04:03AM -0500, Brijesh Singh wrote: >> diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h >> index 1424b8ffde0b..ae99a8a756fe 100644 >> --- a/arch/x86/include/asm/sev-common.h >> +++ b/arch/x86/include/asm/sev-common.h >> @@ -75,6 +75,17 @@ >> #define GHCB_MSR_PSC_ERROR_POS 32 >> #define GHCB_MSR_PSC_RESP_VAL(val) ((val) >> GHCB_MSR_PSC_ERROR_POS) >> >> +/* GHCB GPA Register */ >> +#define GHCB_MSR_GPA_REG_REQ 0x012 >> +#define GHCB_MSR_GPA_REG_VALUE_POS 12 >> +#define GHCB_MSR_GPA_REG_GFN_MASK GENMASK_ULL(51, 0) >> +#define GHCB_MSR_GPA_REQ_GFN_VAL(v) \ >> + (((unsigned long)((v) & GHCB_MSR_GPA_REG_GFN_MASK) << GHCB_MSR_GPA_REG_VALUE_POS)| \ >> + GHCB_MSR_GPA_REG_REQ) >> + >> +#define GHCB_MSR_GPA_REG_RESP 0x013 >> +#define GHCB_MSR_GPA_REG_RESP_VAL(v) ((v) >> GHCB_MSR_GPA_REG_VALUE_POS) >> + > Can we pls pay attention to having those REQuests sorted by their > number, like in the GHCB spec, for faster finding? Sure, I will keep them sorted. thanks
diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 808fe1f6b170..4acade02267b 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -203,6 +203,10 @@ static bool early_setup_sev_es(void) /* Initialize lookup tables for the instruction decoder */ inat_init_tables(); + /* SEV-SNP guest requires the GHCB GPA must be registered */ + if (sev_snp_enabled()) + snp_register_ghcb_early(__pa(&boot_ghcb_page)); + return true; } diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h index 1424b8ffde0b..ae99a8a756fe 100644 --- a/arch/x86/include/asm/sev-common.h +++ b/arch/x86/include/asm/sev-common.h @@ -75,6 +75,17 @@ #define GHCB_MSR_PSC_ERROR_POS 32 #define GHCB_MSR_PSC_RESP_VAL(val) ((val) >> GHCB_MSR_PSC_ERROR_POS) +/* GHCB GPA Register */ +#define GHCB_MSR_GPA_REG_REQ 0x012 +#define GHCB_MSR_GPA_REG_VALUE_POS 12 +#define GHCB_MSR_GPA_REG_GFN_MASK GENMASK_ULL(51, 0) +#define GHCB_MSR_GPA_REQ_GFN_VAL(v) \ + (((unsigned long)((v) & GHCB_MSR_GPA_REG_GFN_MASK) << GHCB_MSR_GPA_REG_VALUE_POS)| \ + GHCB_MSR_GPA_REG_REQ) + +#define GHCB_MSR_GPA_REG_RESP 0x013 +#define GHCB_MSR_GPA_REG_RESP_VAL(v) ((v) >> GHCB_MSR_GPA_REG_VALUE_POS) + #define GHCB_MSR_TERM_REQ 0x100 #define GHCB_MSR_TERM_REASON_SET_POS 12 #define GHCB_MSR_TERM_REASON_SET_MASK 0xf diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c index b8312ad66120..b62226bf51b9 100644 --- a/arch/x86/kernel/sev-shared.c +++ b/arch/x86/kernel/sev-shared.c @@ -77,6 +77,22 @@ static bool get_hv_features(void) return true; } +static void snp_register_ghcb_early(unsigned long paddr) +{ + unsigned long pfn = paddr >> PAGE_SHIFT; + u64 val; + + sev_es_wr_ghcb_msr(GHCB_MSR_GPA_REQ_GFN_VAL(pfn)); + VMGEXIT(); + + val = sev_es_rd_ghcb_msr(); + + /* If the response GPA is not ours then abort the guest */ + if ((GHCB_RESP_CODE(val) != GHCB_MSR_GPA_REG_RESP) || + (GHCB_MSR_GPA_REG_RESP_VAL(val) != pfn)) + sev_es_terminate(1, GHCB_TERM_REGISTER); +} + static bool sev_es_negotiate_protocol(void) { u64 val;
The SEV-SNP guest is required to perform GHCB GPA registration. This is because the hypervisor may prefer that a guest use a consistent and/or specific GPA for the GHCB associated with a vCPU. For more information, see the GHCB specification. If hypervisor can not work with the guest provided GPA then terminate the guest boot. Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> --- arch/x86/boot/compressed/sev.c | 4 ++++ arch/x86/include/asm/sev-common.h | 11 +++++++++++ arch/x86/kernel/sev-shared.c | 16 ++++++++++++++++ 3 files changed, 31 insertions(+)