From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id BDEC6C27C5E for ; Mon, 10 Jun 2024 10:21:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=iMKq4Ck1gZLzraR2JpUKATMFWftpJDhjU+NQIVr1A2E=; b=t8jDWuvIWqdd6h +uLZR54PjhALBm9JVe0sxLWjjy/72eUfZ3nlaG2mUxnIUVryqYrTRE7BW4uR/KUUnqMy//0bLLt3u Kfn6mp/Mqz2eroywsrerRvIDhXyjuRYmVvlDctc/QksPnG+ng/jVHfq3ufwrl4SXKL+2stEec4CVS iV5mt5AwMu3N8+wJcVpxsIhpaUlcbQCzP32ej8BOjieyOIxWzo2GNLmtREr1laSmGTwf9BKk6jT7S fP6kkO44uuCpgY3IiNBwMN7ucvrHITWJPkr3ao8byfcNlWv04v91KTG1FTA/O9UeeS4UUrUtlXEOy lqOfteChtwAsLbGm3xtw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1sGc9w-00000004cXl-0TnJ; Mon, 10 Jun 2024 10:21:52 +0000 Received: from desiato.infradead.org ([2001:8b0:10b:1:d65d:64ff:fe57:4e05]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1sGc9o-00000004cQn-2XZ9 for kexec@bombadil.infradead.org; Mon, 10 Jun 2024 10:21:44 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=Content-Transfer-Encoding:MIME-Version :References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=QQ7oMYGDWvKPuxrsHJ0AyJxr89wmDw3wSCbvoeSBHx8=; b=QdTFQ+DRzdQk2Hjmwp106v8QGG 9iW+q6jRrRb48s3Gt1CSLrDr9bFVFszrmKHdcgEaz/YPZBZzsgPUNrOt59tTmj/duVkPkf9KYBde0 jOGM6aub5HssfdP+cE13uARXpGwqnLBjKYlgcbxZjbOQu59peJK45rq4WktjXTK5a5p1QqnVJROeV 5bPJ7YgDrmXzMK+5H1F9wY42/aUzGUHvaKabWBFeSNbLGNtC/Fbn/46NUR6oErOGirfeZ4y9pfbgJ l49TaLANLV+Zi8drS6ORDzXXhgEyocCliPCfoe7qWSXlvhjWY1AUWoz4O+tCTUMK5Ljpj74ICMWA8 UBEv1msw==; Received: from mail-ej1-x62d.google.com ([2a00:1450:4864:20::62d]) by desiato.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1sGc9g-00000001MHo-0N7Z for kexec@lists.infradead.org; Mon, 10 Jun 2024 10:21:42 +0000 Received: by mail-ej1-x62d.google.com with SMTP id a640c23a62f3a-a63359aaacaso646504866b.1 for ; Mon, 10 Jun 2024 03:21:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1718014894; x=1718619694; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QQ7oMYGDWvKPuxrsHJ0AyJxr89wmDw3wSCbvoeSBHx8=; b=NvaOCR7OWBuUZWNSbUdJHdPKRmt/f4yqYodf3MrW4mPFaG9t+aWCe1HrP2BIikUicj srNA6Q3rG6eLPPPsE4p2zWpVN2KUiua5vmNco2W9IM6GLYvIEIZAkhGC5kOT7cOc36AB 31aNIaqkht3f43e3S2av3xCpU77sLe8mIHWSvTEfV7CtTZzT5JQOBO5UVUqEByVaqhV6 S/xBS5n0H7zLEvzjcyyMZWono+hQ/ULegP/LxgNY8/r8eM0sKQRF/72mDRTIOLW39mo0 HgHft+nS+Ool1zVBLh4dpzKs9DJiKTzrTbrkV9gryqa3sYomHCytHALYTUqcfgYHPKnI y7LQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718014894; x=1718619694; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QQ7oMYGDWvKPuxrsHJ0AyJxr89wmDw3wSCbvoeSBHx8=; b=DbV/TMlDvV4Q14aKiUIS/dxTDlJdZcJXBJVc/VgK7hqmbB1X/E6xAWPieKZHh8c9Om NzwXqA2B7+OYI7jqOkae51pXCL8kPtVu1lTGbGvR5iPvrDRnuUmTZmCFg/qWp2b5TEu+ 9spdoW27bfbP60S5WOMXKyO9q4rJm9k5HUAWi4xfp5kvlwzRKJKUl1XglWyX57ob4pko D9IKdSVukaoC1+DBI5c3BWZTqKzBep6MbqD84Ip7LFV0Kc9ND5IvRBOPPOqBCGLhcq89 UliJPK+mwSudVsbM/aCqXDibJHNi362+YXTuj+w94vMsyC73z350V/FUUA3PQ4aDtsDG s7qw== X-Forwarded-Encrypted: i=1; AJvYcCVgkmDaMK+HVy/TKfGQv/xjrRaPMaQQ4ImkZVF6J/+tMciil1A83MnmfNPDircUtqF+yVmFxlUJusd4q3zkNqPOjZtvanDg++rC X-Gm-Message-State: AOJu0Yw5EAsUzmzdGezFmpqJYzeA0+NR3TbuMdDKA9zwO/EQQ8FHck5/ q/eu645uHEFdbCSHl2ozcnZKYOoG5CvL55w8GEdWkjighMeqcg2n X-Google-Smtp-Source: AGHT+IEjbMSU2+suJHGHFq7yEAKbFwmW31zmvuxiyeHo2z4EIwpvWflJZoDXR60H3CgaABGqRX7uog== X-Received: by 2002:a17:906:45a:b0:a6f:7c8:4fd6 with SMTP id a640c23a62f3a-a6f07c8518bmr357125966b.0.1718014893650; Mon, 10 Jun 2024 03:21:33 -0700 (PDT) Received: from vasant-suse.fritz.box ([2001:9e8:ab68:af00:6f43:17ee:43bd:e0a9]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a6f0d7b35d5sm290887766b.192.2024.06.10.03.21.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 10 Jun 2024 03:21:33 -0700 (PDT) From: vsntk18@gmail.com To: vsntk18@gmail.com Cc: x86@kernel.org, Borislav.Petkov@amd.com, Dhaval.Giani@amd.com, ashish.kalra@amd.com, cfir@google.com, dan.j.williams@intel.com, dave.hansen@linux.intel.com, ebiederm@xmission.com, erdemaktas@google.com, hpa@zytor.com, jgross@suse.com, jroedel@suse.de, jslaby@suse.cz, keescook@chromium.org, kexec@lists.infradead.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, luto@kernel.org, martin.b.radev@gmail.com, mhiramat@kernel.org, michael.roth@amd.com, mstunes@vmware.com, nivedita@alum.mit.edu, peterz@infradead.org, rientjes@google.com, seanjc@google.com, stable@vger.kernel.org, thomas.lendacky@amd.com, virtualization@lists.linux-foundation.org, vkarasulli@suse.de Subject: [PATCH v6 05/10] x86/sev: Park APs on AP Jump Table with GHCB protocol version 2 Date: Mon, 10 Jun 2024 12:21:08 +0200 Message-Id: <20240610102113.20969-6-vsntk18@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240610102113.20969-1-vsntk18@gmail.com> References: <20240610102113.20969-1-vsntk18@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240610_112139_642948_E9F22EAB X-CRM114-Status: GOOD ( 23.81 ) X-BeenThere: kexec@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "kexec" Errors-To: kexec-bounces+kexec=archiver.kernel.org@lists.infradead.org From: Joerg Roedel GHCB protocol version 2 adds the MSR-based AP-reset-hold VMGEXIT which does not need a GHCB. Use that to park APs in 16-bit protected mode on the AP jump table. Signed-off-by: Joerg Roedel Signed-off-by: Vasant Karasulli --- arch/x86/include/asm/realmode.h | 3 ++ arch/x86/kernel/sev.c | 55 ++++++++++++++++++--- arch/x86/realmode/rm/Makefile | 11 +++-- arch/x86/realmode/rm/header.S | 3 ++ arch/x86/realmode/rm/sev.S | 85 +++++++++++++++++++++++++++++++++ 5 files changed, 146 insertions(+), 11 deletions(-) create mode 100644 arch/x86/realmode/rm/sev.S diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h index bd54a48fe077..b0a2aa9b8366 100644 --- a/arch/x86/include/asm/realmode.h +++ b/arch/x86/include/asm/realmode.h @@ -23,6 +23,9 @@ struct real_mode_header { u32 trampoline_header; #ifdef CONFIG_AMD_MEM_ENCRYPT u32 sev_es_trampoline_start; + u32 sev_ap_park; + u32 sev_ap_park_seg; + u32 sev_ap_park_gdt; #endif #ifdef CONFIG_X86_64 u32 trampoline_start64; diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index c15d3568cab9..84b79630f065 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -35,6 +35,7 @@ #include #include #include +#include #include #include #include @@ -1147,8 +1148,9 @@ void __init snp_set_wakeup_secondary_cpu(void) void __init sev_es_setup_ap_jump_table_data(void *base, u32 pa) { struct sev_ap_jump_table_header *header; + u64 *ap_jumptable_gdt, *sev_ap_park_gdt; struct desc_ptr *gdt_descr; - u64 *ap_jumptable_gdt; + int idx; header = base; @@ -1158,9 +1160,16 @@ void __init sev_es_setup_ap_jump_table_data(void *base, u32 pa) * real-mode. */ ap_jumptable_gdt = (u64 *)(base + header->ap_jumptable_gdt); - ap_jumptable_gdt[SEV_APJT_CS16 / 8] = GDT_ENTRY(0x9b, pa, 0xffff); - ap_jumptable_gdt[SEV_APJT_DS16 / 8] = GDT_ENTRY(0x93, pa, 0xffff); - ap_jumptable_gdt[SEV_RM_DS / 8] = GDT_ENTRY(0x93, 0, 0xffff); + sev_ap_park_gdt = __va(real_mode_header->sev_ap_park_gdt); + + idx = SEV_APJT_CS16 / 8; + ap_jumptable_gdt[idx] = sev_ap_park_gdt[idx] = GDT_ENTRY(0x9b, pa, 0xffff); + + idx = SEV_APJT_DS16 / 8; + ap_jumptable_gdt[idx] = sev_ap_park_gdt[idx] = GDT_ENTRY(0x93, pa, 0xffff); + + idx = SEV_RM_DS / 8; + ap_jumptable_gdt[idx] = GDT_ENTRY(0x93, 0x0, 0xffff); /* Write correct GDT base address into GDT descriptor */ gdt_descr = (struct desc_ptr *)(base + header->ap_jumptable_gdt); @@ -1349,6 +1358,38 @@ void setup_ghcb(void) } #ifdef CONFIG_HOTPLUG_CPU +void __noreturn sev_jumptable_ap_park(void) +{ + local_irq_disable(); + + write_cr3(real_mode_header->trampoline_pgd); + + /* Exiting long mode will fail if CR4.PCIDE is set. */ + if (cpu_feature_enabled(X86_FEATURE_PCID)) + cr4_clear_bits(X86_CR4_PCIDE); + + /* + * Set all GPRs except EAX, EBX, ECX, and EDX to reset state to prepare + * for software reset. + */ + asm volatile("xorl %%r15d, %%r15d\n" + "xorl %%r14d, %%r14d\n" + "xorl %%r13d, %%r13d\n" + "xorl %%r12d, %%r12d\n" + "xorl %%r11d, %%r11d\n" + "xorl %%r10d, %%r10d\n" + "xorl %%r9d, %%r9d\n" + "xorl %%r8d, %%r8d\n" + "xorl %%esi, %%esi\n" + "xorl %%edi, %%edi\n" + "xorl %%esp, %%esp\n" + "xorl %%ebp, %%ebp\n" + "ljmpl *%0" : : + "m" (real_mode_header->sev_ap_park)); + unreachable(); +} +STACK_FRAME_NON_STANDARD(sev_jumptable_ap_park); + static void sev_es_ap_hlt_loop(void) { struct ghcb_state state; @@ -1385,8 +1426,10 @@ static void sev_es_play_dead(void) play_dead_common(); /* IRQs now disabled */ - - sev_es_ap_hlt_loop(); + if (sev_ap_jumptable_blob_installed) + sev_jumptable_ap_park(); + else + sev_es_ap_hlt_loop(); /* * If we get here, the VCPU was woken up again. Jump to CPU diff --git a/arch/x86/realmode/rm/Makefile b/arch/x86/realmode/rm/Makefile index a0fb39abc5c8..9c5892219cb1 100644 --- a/arch/x86/realmode/rm/Makefile +++ b/arch/x86/realmode/rm/Makefile @@ -19,11 +19,12 @@ wakeup-objs += video-vga.o wakeup-objs += video-vesa.o wakeup-objs += video-bios.o -realmode-y += header.o -realmode-y += trampoline_$(BITS).o -realmode-y += stack.o -realmode-y += reboot.o -realmode-$(CONFIG_ACPI_SLEEP) += $(wakeup-objs) +realmode-y += header.o +realmode-y += trampoline_$(BITS).o +realmode-y += stack.o +realmode-y += reboot.o +realmode-$(CONFIG_ACPI_SLEEP) += $(wakeup-objs) +realmode-$(CONFIG_AMD_MEM_ENCRYPT) += sev.o targets += $(realmode-y) diff --git a/arch/x86/realmode/rm/header.S b/arch/x86/realmode/rm/header.S index 2eb62be6d256..17eae256d443 100644 --- a/arch/x86/realmode/rm/header.S +++ b/arch/x86/realmode/rm/header.S @@ -22,6 +22,9 @@ SYM_DATA_START(real_mode_header) .long pa_trampoline_header #ifdef CONFIG_AMD_MEM_ENCRYPT .long pa_sev_es_trampoline_start + .long pa_sev_ap_park_asm + .long __KERNEL32_CS + .long pa_sev_ap_park_gdt; #endif #ifdef CONFIG_X86_64 .long pa_trampoline_start64 diff --git a/arch/x86/realmode/rm/sev.S b/arch/x86/realmode/rm/sev.S new file mode 100644 index 000000000000..ae6eea2d53f7 --- /dev/null +++ b/arch/x86/realmode/rm/sev.S @@ -0,0 +1,85 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#include +#include +#include +#include +#include +#include +#include "realmode.h" + + .section ".text32", "ax" + .code32 +/* + * The following code switches to 16-bit protected mode and sets up the + * execution environment for the AP jump table blob. Then it jumps to the AP + * jump table to park the AP. + * + * The code was copied from reboot.S and modified to fit the SEV-ES requirements + * for AP parking. When this code is entered, all registers except %EAX-%EDX are + * in reset state. + * + * %EAX, %EBX, %ECX, %EDX and EFLAGS are undefined. Only use registers %EAX-%EDX and + * %ESP in this code. + */ +SYM_CODE_START(sev_ap_park_asm) + + /* Switch to trampoline GDT as it is guaranteed < 4 GiB */ + movl $__KERNEL_DS, %eax + movl %eax, %ds + lgdt pa_tr_gdt + + /* Disable paging to drop us out of long mode */ + movl %cr0, %eax + btcl $X86_CR0_PG_BIT, %eax + movl %eax, %cr0 + + ljmpl $__KERNEL32_CS, $pa_sev_ap_park_paging_off + +SYM_INNER_LABEL(sev_ap_park_paging_off, SYM_L_GLOBAL) + /* Clear EFER */ + xorl %eax, %eax + xorl %edx, %edx + movl $MSR_EFER, %ecx + wrmsr + + /* Clear CR3 */ + xorl %ecx, %ecx + movl %ecx, %cr3 + + /* Set up the IDT for real mode. */ + lidtl pa_machine_real_restart_idt + + /* Load the GDT with the 16-bit segments for the AP jump table */ + lgdtl pa_sev_ap_park_gdt + + /* Setup code and data segments for AP jump table */ + movw $SEV_APJT_DS16, %ax + movw %ax, %ds + movw %ax, %ss + + /* Jump to the AP jump table into 16 bit protected mode */ + ljmpw $SEV_APJT_CS16, $SEV_APJT_ENTRY +SYM_CODE_END(sev_ap_park_asm) + + .data + .balign 16 +SYM_DATA_START(sev_ap_park_gdt) + /* Self-pointer */ + .word sev_ap_park_gdt_end - sev_ap_park_gdt - 1 + .long pa_sev_ap_park_gdt + .word 0 + + /* + * Offset 0x8 + * 32 bit code segment descriptor pointing to AP jump table base + * Setup at runtime in sev_es_setup_ap_jump_table_data(). + */ + .quad 0 + + /* + * Offset 0x10 + * 32 bit data segment descriptor pointing to AP jump table base + * Setup at runtime in sev_es_setup_ap_jump_table_data(). + */ + .quad 0 +SYM_DATA_END_LABEL(sev_ap_park_gdt, SYM_L_GLOBAL, sev_ap_park_gdt_end) -- 2.34.1 _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec