From: Greg KH <gregkh@linuxfoundation.org>
To: vsntk18@gmail.com
Cc: x86@kernel.org, Borislav.Petkov@amd.com, Dhaval.Giani@amd.com,
ashish.kalra@amd.com, cfir@google.com, dan.j.williams@intel.com,
dave.hansen@linux.intel.com, ebiederm@xmission.com,
erdemaktas@google.com, hpa@zytor.com, jgross@suse.com,
jroedel@suse.de, jslaby@suse.cz, keescook@chromium.org,
kexec@lists.infradead.org, kvm@vger.kernel.org,
linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org,
luto@kernel.org, martin.b.radev@gmail.com, mhiramat@kernel.org,
michael.roth@amd.com, mstunes@vmware.com, nivedita@alum.mit.edu,
peterz@infradead.org, rientjes@google.com, seanjc@google.com,
stable@vger.kernel.org, thomas.lendacky@amd.com,
virtualization@lists.linux-foundation.org, vkarasulli@suse.de
Subject: Re: [PATCH v6 00/10] x86/sev: KEXEC/KDUMP support for SEV-ES guests
Date: Mon, 10 Jun 2024 12:30:40 +0200 [thread overview]
Message-ID: <2024061024-portside-richly-5be4@gregkh> (raw)
In-Reply-To: <20240610102113.20969-1-vsntk18@gmail.com>
On Mon, Jun 10, 2024 at 12:21:03PM +0200, vsntk18@gmail.com wrote:
> From: Vasant Karasulli <vkarasulli@suse.de>
>
> Hi,
>
> here are changes to enable kexec/kdump in SEV-ES guests. The biggest
> problem for supporting kexec/kdump under SEV-ES is to find a way to
> hand the non-boot CPUs (APs) from one kernel to another.
>
> Without SEV-ES the first kernel parks the CPUs in a HLT loop until
> they get reset by the kexec'ed kernel via an INIT-SIPI-SIPI sequence.
> For virtual machines the CPU reset is emulated by the hypervisor,
> which sets the vCPU registers back to reset state.
>
> This does not work under SEV-ES, because the hypervisor has no access
> to the vCPU registers and can't make modifications to them. So an
> SEV-ES guest needs to reset the vCPU itself and park it using the
> AP-reset-hold protocol. Upon wakeup the guest needs to jump to
> real-mode and to the reset-vector configured in the AP-Jump-Table.
>
> The code to do this is the main part of this patch-set. It works by
> placing code on the AP Jump-Table page itself to park the vCPU and for
> jumping to the reset vector upon wakeup. The code on the AP Jump Table
> runs in 16-bit protected mode with segment base set to the beginning
> of the page. The AP Jump-Table is usually not within the first 1MB of
> memory, so the code can't run in real-mode.
>
> The AP Jump-Table is the best place to put the parking code, because
> the memory is owned, but read-only by the firmware and writeable by
> the OS. Only the first 4 bytes are used for the reset-vector, leaving
> the rest of the page for code/data/stack to park a vCPU. The code
> can't be in kernel memory because by the time the vCPU wakes up the
> memory will be owned by the new kernel, which might have overwritten it
> already.
>
> The other patches add initial GHCB Version 2 protocol support, because
> kexec/kdump need the MSR-based (without a GHCB) AP-reset-hold VMGEXIT,
> which is a GHCB protocol version 2 feature.
>
> The kexec'ed kernel is also entered via the decompressor and needs
> MMIO support there, so this patch-set also adds MMIO #VC support to
> the decompressor and support for handling CLFLUSH instructions.
>
> Finally there is also code to disable kexec/kdump support at runtime
> when the environment does not support it (e.g. no GHCB protocol
> version 2 support or AP Jump Table over 4GB).
>
> The diffstat looks big, but most of it is moving code for MMIO #VC
> support around to make it available to the decompressor.
>
> The previous version of this patch-set can be found here:
>
> https://lore.kernel.org/kvm/20240408074049.7049-1-vsntk18@gmail.com/
>
> Please review.
>
> Thanks,
> Vasant
>
> Changes v5->v6:
> - Rebased to v6.10-rc3 kernel
>
> Changes v4->v5:
> - Rebased to v6.9-rc2 kernel
> - Applied review comments by Tom Lendacky
> - Exclude the AP jump table related code for SEV-SNP guests
>
> Changes v3->v4:
> - Rebased to v6.8 kernel
> - Applied review comments by Sean Christopherson
> - Combined sev_es_setup_ap_jump_table() and sev_setup_ap_jump_table()
> into a single function which makes caching jump table address
> unnecessary
> - annotated struct sev_ap_jump_table_header with __packed attribute
> - added code to set up real mode data segment at boot time instead of
> hardcoding the value.
>
> Joerg Roedel (9):
> x86/kexec/64: Disable kexec when SEV-ES is active
> x86/sev: Save and print negotiated GHCB protocol version
> x86/sev: Set GHCB data structure version
> x86/sev: Setup code to park APs in the AP Jump Table
> x86/sev: Park APs on AP Jump Table with GHCB protocol version 2
> x86/sev: Use AP Jump Table blob to stop CPU
> x86/sev: Add MMIO handling support to boot/compressed/ code
> x86/sev: Handle CLFLUSH MMIO events
> x86/kexec/64: Support kexec under SEV-ES with AP Jump Table Blob
>
> Vasant Karasulli (1):
> x86/sev: Exclude AP jump table related code for SEV-SNP guests
>
> arch/x86/boot/compressed/sev.c | 45 +-
> arch/x86/include/asm/insn-eval.h | 1 +
> arch/x86/include/asm/realmode.h | 5 +
> arch/x86/include/asm/sev-ap-jumptable.h | 30 +
> arch/x86/include/asm/sev.h | 7 +
> arch/x86/kernel/machine_kexec_64.c | 12 +
> arch/x86/kernel/process.c | 8 +
> arch/x86/kernel/sev-shared.c | 234 +++++-
> arch/x86/kernel/sev.c | 376 +++++-----
> arch/x86/lib/insn-eval-shared.c | 921 ++++++++++++++++++++++++
> arch/x86/lib/insn-eval.c | 911 +----------------------
> arch/x86/realmode/Makefile | 9 +-
> arch/x86/realmode/init.c | 5 +-
> arch/x86/realmode/rm/Makefile | 11 +-
> arch/x86/realmode/rm/header.S | 3 +
> arch/x86/realmode/rm/sev.S | 85 +++
> arch/x86/realmode/rmpiggy.S | 6 +
> arch/x86/realmode/sev/Makefile | 33 +
> arch/x86/realmode/sev/ap_jump_table.S | 131 ++++
> arch/x86/realmode/sev/ap_jump_table.lds | 24 +
> 20 files changed, 1711 insertions(+), 1146 deletions(-)
> create mode 100644 arch/x86/include/asm/sev-ap-jumptable.h
> create mode 100644 arch/x86/lib/insn-eval-shared.c
> create mode 100644 arch/x86/realmode/rm/sev.S
> create mode 100644 arch/x86/realmode/sev/Makefile
> create mode 100644 arch/x86/realmode/sev/ap_jump_table.S
> create mode 100644 arch/x86/realmode/sev/ap_jump_table.lds
>
>
> base-commit: 83a7eefedc9b56fe7bfeff13b6c7356688ffa670
> --
> 2.34.1
>
>
<formletter>
This is not the correct way to submit patches for inclusion in the
stable kernel tree. Please read:
https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
for how to do this properly.
</formletter>
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
WARNING: multiple messages have this Message-ID (diff)
From: Greg KH <gregkh@linuxfoundation.org>
To: vsntk18@gmail.com
Cc: x86@kernel.org, Borislav.Petkov@amd.com, Dhaval.Giani@amd.com,
ashish.kalra@amd.com, cfir@google.com, dan.j.williams@intel.com,
dave.hansen@linux.intel.com, ebiederm@xmission.com,
erdemaktas@google.com, hpa@zytor.com, jgross@suse.com,
jroedel@suse.de, jslaby@suse.cz, keescook@chromium.org,
kexec@lists.infradead.org, kvm@vger.kernel.org,
linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org,
luto@kernel.org, martin.b.radev@gmail.com, mhiramat@kernel.org,
michael.roth@amd.com, mstunes@vmware.com, nivedita@alum.mit.edu,
peterz@infradead.org, rientjes@google.com, seanjc@google.com,
stable@vger.kernel.org, thomas.lendacky@amd.com,
virtualization@lists.linux-foundation.org, vkarasulli@suse.de
Subject: Re: [PATCH v6 00/10] x86/sev: KEXEC/KDUMP support for SEV-ES guests
Date: Mon, 10 Jun 2024 12:30:40 +0200 [thread overview]
Message-ID: <2024061024-portside-richly-5be4@gregkh> (raw)
In-Reply-To: <20240610102113.20969-1-vsntk18@gmail.com>
On Mon, Jun 10, 2024 at 12:21:03PM +0200, vsntk18@gmail.com wrote:
> From: Vasant Karasulli <vkarasulli@suse.de>
>
> Hi,
>
> here are changes to enable kexec/kdump in SEV-ES guests. The biggest
> problem for supporting kexec/kdump under SEV-ES is to find a way to
> hand the non-boot CPUs (APs) from one kernel to another.
>
> Without SEV-ES the first kernel parks the CPUs in a HLT loop until
> they get reset by the kexec'ed kernel via an INIT-SIPI-SIPI sequence.
> For virtual machines the CPU reset is emulated by the hypervisor,
> which sets the vCPU registers back to reset state.
>
> This does not work under SEV-ES, because the hypervisor has no access
> to the vCPU registers and can't make modifications to them. So an
> SEV-ES guest needs to reset the vCPU itself and park it using the
> AP-reset-hold protocol. Upon wakeup the guest needs to jump to
> real-mode and to the reset-vector configured in the AP-Jump-Table.
>
> The code to do this is the main part of this patch-set. It works by
> placing code on the AP Jump-Table page itself to park the vCPU and for
> jumping to the reset vector upon wakeup. The code on the AP Jump Table
> runs in 16-bit protected mode with segment base set to the beginning
> of the page. The AP Jump-Table is usually not within the first 1MB of
> memory, so the code can't run in real-mode.
>
> The AP Jump-Table is the best place to put the parking code, because
> the memory is owned, but read-only by the firmware and writeable by
> the OS. Only the first 4 bytes are used for the reset-vector, leaving
> the rest of the page for code/data/stack to park a vCPU. The code
> can't be in kernel memory because by the time the vCPU wakes up the
> memory will be owned by the new kernel, which might have overwritten it
> already.
>
> The other patches add initial GHCB Version 2 protocol support, because
> kexec/kdump need the MSR-based (without a GHCB) AP-reset-hold VMGEXIT,
> which is a GHCB protocol version 2 feature.
>
> The kexec'ed kernel is also entered via the decompressor and needs
> MMIO support there, so this patch-set also adds MMIO #VC support to
> the decompressor and support for handling CLFLUSH instructions.
>
> Finally there is also code to disable kexec/kdump support at runtime
> when the environment does not support it (e.g. no GHCB protocol
> version 2 support or AP Jump Table over 4GB).
>
> The diffstat looks big, but most of it is moving code for MMIO #VC
> support around to make it available to the decompressor.
>
> The previous version of this patch-set can be found here:
>
> https://lore.kernel.org/kvm/20240408074049.7049-1-vsntk18@gmail.com/
>
> Please review.
>
> Thanks,
> Vasant
>
> Changes v5->v6:
> - Rebased to v6.10-rc3 kernel
>
> Changes v4->v5:
> - Rebased to v6.9-rc2 kernel
> - Applied review comments by Tom Lendacky
> - Exclude the AP jump table related code for SEV-SNP guests
>
> Changes v3->v4:
> - Rebased to v6.8 kernel
> - Applied review comments by Sean Christopherson
> - Combined sev_es_setup_ap_jump_table() and sev_setup_ap_jump_table()
> into a single function which makes caching jump table address
> unnecessary
> - annotated struct sev_ap_jump_table_header with __packed attribute
> - added code to set up real mode data segment at boot time instead of
> hardcoding the value.
>
> Joerg Roedel (9):
> x86/kexec/64: Disable kexec when SEV-ES is active
> x86/sev: Save and print negotiated GHCB protocol version
> x86/sev: Set GHCB data structure version
> x86/sev: Setup code to park APs in the AP Jump Table
> x86/sev: Park APs on AP Jump Table with GHCB protocol version 2
> x86/sev: Use AP Jump Table blob to stop CPU
> x86/sev: Add MMIO handling support to boot/compressed/ code
> x86/sev: Handle CLFLUSH MMIO events
> x86/kexec/64: Support kexec under SEV-ES with AP Jump Table Blob
>
> Vasant Karasulli (1):
> x86/sev: Exclude AP jump table related code for SEV-SNP guests
>
> arch/x86/boot/compressed/sev.c | 45 +-
> arch/x86/include/asm/insn-eval.h | 1 +
> arch/x86/include/asm/realmode.h | 5 +
> arch/x86/include/asm/sev-ap-jumptable.h | 30 +
> arch/x86/include/asm/sev.h | 7 +
> arch/x86/kernel/machine_kexec_64.c | 12 +
> arch/x86/kernel/process.c | 8 +
> arch/x86/kernel/sev-shared.c | 234 +++++-
> arch/x86/kernel/sev.c | 376 +++++-----
> arch/x86/lib/insn-eval-shared.c | 921 ++++++++++++++++++++++++
> arch/x86/lib/insn-eval.c | 911 +----------------------
> arch/x86/realmode/Makefile | 9 +-
> arch/x86/realmode/init.c | 5 +-
> arch/x86/realmode/rm/Makefile | 11 +-
> arch/x86/realmode/rm/header.S | 3 +
> arch/x86/realmode/rm/sev.S | 85 +++
> arch/x86/realmode/rmpiggy.S | 6 +
> arch/x86/realmode/sev/Makefile | 33 +
> arch/x86/realmode/sev/ap_jump_table.S | 131 ++++
> arch/x86/realmode/sev/ap_jump_table.lds | 24 +
> 20 files changed, 1711 insertions(+), 1146 deletions(-)
> create mode 100644 arch/x86/include/asm/sev-ap-jumptable.h
> create mode 100644 arch/x86/lib/insn-eval-shared.c
> create mode 100644 arch/x86/realmode/rm/sev.S
> create mode 100644 arch/x86/realmode/sev/Makefile
> create mode 100644 arch/x86/realmode/sev/ap_jump_table.S
> create mode 100644 arch/x86/realmode/sev/ap_jump_table.lds
>
>
> base-commit: 83a7eefedc9b56fe7bfeff13b6c7356688ffa670
> --
> 2.34.1
>
>
<formletter>
This is not the correct way to submit patches for inclusion in the
stable kernel tree. Please read:
https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
for how to do this properly.
</formletter>
next prev parent reply other threads:[~2024-06-10 10:32 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-10 10:21 [PATCH v6 00/10] x86/sev: KEXEC/KDUMP support for SEV-ES guests vsntk18
2024-06-10 10:21 ` vsntk18
2024-06-10 10:21 ` [PATCH v6 01/10] x86/kexec/64: Disable kexec when SEV-ES is active vsntk18
2024-06-10 10:21 ` vsntk18
2024-06-10 10:21 ` [PATCH v6 02/10] x86/sev: Save and print negotiated GHCB protocol version vsntk18
2024-06-10 10:21 ` vsntk18
2024-06-10 10:23 ` kernel test robot
2024-06-10 10:21 ` [PATCH v6 03/10] x86/sev: Set GHCB data structure version vsntk18
2024-06-10 10:21 ` vsntk18
2024-06-10 10:21 ` [PATCH v6 04/10] x86/sev: Setup code to park APs in the AP Jump Table vsntk18
2024-06-10 10:21 ` vsntk18
2024-06-10 10:21 ` [PATCH v6 05/10] x86/sev: Park APs on AP Jump Table with GHCB protocol version 2 vsntk18
2024-06-10 10:21 ` vsntk18
2024-06-10 10:21 ` [PATCH v6 06/10] x86/sev: Use AP Jump Table blob to stop CPU vsntk18
2024-06-10 10:21 ` vsntk18
2024-06-10 10:21 ` [PATCH v6 07/10] x86/sev: Add MMIO handling support to boot/compressed/ code vsntk18
2024-06-10 10:21 ` vsntk18
2024-06-10 10:21 ` [PATCH v6 08/10] x86/sev: Handle CLFLUSH MMIO events vsntk18
2024-06-10 10:21 ` vsntk18
2024-06-10 10:21 ` [PATCH v6 09/10] x86/kexec/64: Support kexec under SEV-ES with AP Jump Table Blob vsntk18
2024-06-10 10:21 ` vsntk18
2024-06-10 10:21 ` [PATCH v6 10/10] x86/sev: Exclude AP jump table related code for SEV-SNP guests vsntk18
2024-06-10 10:21 ` vsntk18
2024-06-10 10:30 ` Greg KH [this message]
2024-06-10 10:30 ` [PATCH v6 00/10] x86/sev: KEXEC/KDUMP support for SEV-ES guests Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024061024-portside-richly-5be4@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=Borislav.Petkov@amd.com \
--cc=Dhaval.Giani@amd.com \
--cc=ashish.kalra@amd.com \
--cc=cfir@google.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=ebiederm@xmission.com \
--cc=erdemaktas@google.com \
--cc=hpa@zytor.com \
--cc=jgross@suse.com \
--cc=jroedel@suse.de \
--cc=jslaby@suse.cz \
--cc=keescook@chromium.org \
--cc=kexec@lists.infradead.org \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=martin.b.radev@gmail.com \
--cc=mhiramat@kernel.org \
--cc=michael.roth@amd.com \
--cc=mstunes@vmware.com \
--cc=nivedita@alum.mit.edu \
--cc=peterz@infradead.org \
--cc=rientjes@google.com \
--cc=seanjc@google.com \
--cc=stable@vger.kernel.org \
--cc=thomas.lendacky@amd.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=vkarasulli@suse.de \
--cc=vsntk18@gmail.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.