From: Joerg Roedel <joro@8bytes.org>
To: x86@kernel.org
Cc: kvm@vger.kernel.org, Peter Zijlstra <peterz@infradead.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
virtualization@lists.linux-foundation.org,
Arvind Sankar <nivedita@alum.mit.edu>,
hpa@zytor.com, Jiri Slaby <jslaby@suse.cz>,
Joerg Roedel <joro@8bytes.org>,
David Rientjes <rientjes@google.com>,
Martin Radev <martin.b.radev@gmail.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Joerg Roedel <jroedel@suse.de>, Kees Cook <keescook@chromium.org>,
Cfir Cohen <cfir@google.com>, Andy Lutomirski <luto@kernel.org>,
Dan Williams <dan.j.williams@intel.com>,
Juergen Gross <jgross@suse.com>, Mike Stunes <mstunes@vmware.com>,
Sean Christopherson <seanjc@google.com>,
linux-kernel@vger.kernel.org,
Masami Hiramatsu <mhiramat@kernel.org>,
Erdem Aktas <erdemaktas@google.com>
Subject: [PATCH v3 0/8] x86/seves: Support 32-bit boot path and other updates
Date: Fri, 12 Mar 2021 13:38:16 +0100 [thread overview]
Message-ID: <20210312123824.306-1-joro@8bytes.org> (raw)
From: Joerg Roedel <jroedel@suse.de>
Hi,
these patches add support for the 32-bit boot in the decompressor
code. This is needed to boot an SEV-ES guest on some firmware and grub
versions. The patches also add the necessary CPUID sanity checks and a
32-bit version of the C-bit check.
Other updates included here:
1. Add code to shut down exception handling in the
decompressor code before jumping to the real kernel.
Once in the real kernel it is not safe anymore to jump
back to the decompressor code via exceptions.
2. Replace open-coded hlt loops with proper calls to
sev_es_terminate().
Please review.
Thanks,
Joerg
Changes v2->v3:
- Added a patch to remove the check for the Hypervisor CPUID
bit for detecting SEV
Changes v1->v2:
- Addressed Boris' review comments.
- Fixed a bug which caused the cbit-check to never be
executed even in an SEV guest.
Joerg Roedel (8):
x86/boot/compressed/64: Cleanup exception handling before booting
kernel
x86/sev: Do not require Hypervisor CPUID bit for SEV guests
x86/boot/compressed/64: Reload CS in startup_32
x86/boot/compressed/64: Setup IDT in startup_32 boot path
x86/boot/compressed/64: Add 32-bit boot #VC handler
x86/boot/compressed/64: Add CPUID sanity check to 32-bit boot-path
x86/boot/compressed/64: Check SEV encryption in 32-bit boot-path
x86/sev-es: Replace open-coded hlt-loops with sev_es_terminate()
arch/x86/boot/compressed/head_64.S | 170 ++++++++++++++++++++++++-
arch/x86/boot/compressed/idt_64.c | 14 ++
arch/x86/boot/compressed/mem_encrypt.S | 130 ++++++++++++++++++-
arch/x86/boot/compressed/misc.c | 7 +-
arch/x86/boot/compressed/misc.h | 6 +
arch/x86/boot/compressed/sev-es.c | 12 +-
arch/x86/kernel/sev-es-shared.c | 16 +--
arch/x86/mm/mem_encrypt_identity.c | 35 ++---
8 files changed, 340 insertions(+), 50 deletions(-)
--
2.30.1
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
next reply other threads:[~2021-03-12 12:38 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-12 12:38 Joerg Roedel [this message]
2021-03-12 12:38 ` [PATCH v3 1/8] x86/boot/compressed/64: Cleanup exception handling before booting kernel Joerg Roedel
2021-03-12 12:38 ` [PATCH v3 2/8] x86/sev: Do not require Hypervisor CPUID bit for SEV guests Joerg Roedel
2021-03-17 15:04 ` Tom Lendacky
2021-03-12 12:38 ` [PATCH v3 3/8] x86/boot/compressed/64: Reload CS in startup_32 Joerg Roedel
2021-03-12 12:38 ` [PATCH v3 4/8] x86/boot/compressed/64: Setup IDT in startup_32 boot path Joerg Roedel
2021-03-12 12:38 ` [PATCH v3 5/8] x86/boot/compressed/64: Add 32-bit boot #VC handler Joerg Roedel
2021-03-12 12:38 ` [PATCH v3 6/8] x86/boot/compressed/64: Add CPUID sanity check to 32-bit boot-path Joerg Roedel
2021-03-12 12:38 ` [PATCH v3 7/8] x86/boot/compressed/64: Check SEV encryption in " Joerg Roedel
2021-03-12 12:38 ` [PATCH v3 8/8] x86/sev-es: Replace open-coded hlt-loops with sev_es_terminate() Joerg Roedel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210312123824.306-1-joro@8bytes.org \
--to=joro@8bytes.org \
--cc=cfir@google.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=erdemaktas@google.com \
--cc=hpa@zytor.com \
--cc=jgross@suse.com \
--cc=jroedel@suse.de \
--cc=jslaby@suse.cz \
--cc=keescook@chromium.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=martin.b.radev@gmail.com \
--cc=mhiramat@kernel.org \
--cc=mstunes@vmware.com \
--cc=nivedita@alum.mit.edu \
--cc=peterz@infradead.org \
--cc=rientjes@google.com \
--cc=seanjc@google.com \
--cc=thomas.lendacky@amd.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).