On Tue, Jul 14, 2020 at 02:09:12PM +0200, Joerg Roedel wrote:
> From: Joerg Roedel
>
> The APs are not ready to handle exceptions when verify_cpu() is called
> in secondary_startup_64.
Eek, no. MSR_IA32_MISC_ENABLE_XD_DISABLE needs to be cleared very early
during CPU startup; this can't just be
On Tue, Jul 14, 2020 at 02:08:36PM +0200, Joerg Roedel wrote:
> From: Joerg Roedel
>
> The code inserted by the stack protector does not work in the early
> boot environment because it uses the GS segment, at least with memory
> encryption enabled. Make sure the early code is compiled without
On Tue, Jul 14, 2020 at 02:08:31PM +0200, Joerg Roedel wrote:
> From: Joerg Roedel
I'm not a huge fan of the Subject. :) Maybe:
x86/idt: Make IDT init functions static inlines
>
> Move these two functions from kernel/idt.c to include/asm/desc.h:
>
> * init_idt_data()
> *
On Tue, Jul 14, 2020 at 02:08:30PM +0200, Joerg Roedel wrote:
> From: Joerg Roedel
>
> The code to setup idt_data is needed for early exception handling, but
> set_intr_gate() can't be used that early because it has pv-ops in its
> code path, which don't work that early.
>
> Split out the
On Tue, Jul 14, 2020 at 02:08:29PM +0200, Joerg Roedel wrote:
> From: Joerg Roedel
>
> With SEV-ES, exception handling is needed very early, even before the
> kernel has cleared the bss segment. In order to prevent clearing the
> currently used IDT, move the IDT to the data segment.
>
>
On Tue, Jul 14, 2020 at 02:08:19PM +0200, Joerg Roedel wrote:
> From: Joerg Roedel
>
> Changing the function to take start and end as parameters instead of
> start and size simplifies the callers, which don't need to calculate
> the size if they already have start and end.
>
> Signed-off-by:
On Tue, Jul 14, 2020 at 02:08:18PM +0200, Joerg Roedel wrote:
> From: Joerg Roedel
>
> With the page-fault handler in place the identity mapping can be built
> on-demand. So remove the code which manually creates the mappings and
> unexport/remove the functions used for it.
>
> Signed-off-by:
On Tue, Jul 14, 2020 at 02:08:16PM +0200, Joerg Roedel wrote:
> From: Joerg Roedel
>
> Install a page-fault handler to add an identity mapping to addresses
> not yet mapped. Also do some checking whether the error code is sane.
>
> This makes non SEV-ES machines use the exception handling
>
On Tue, Jul 14, 2020 at 02:08:17PM +0200, Joerg Roedel wrote:
> From: Joerg Roedel
>
> When booted through startup_64 the kernel keeps running on the EFI
> page-table until the KASLR code sets up its own page-table. Without
> KASLR the pre-decompression boot code never switches off the EFI
>
On Tue, Jul 14, 2020 at 02:08:15PM +0200, Joerg Roedel wrote:
> From: Joerg Roedel
>
> The file contains only code related to identity mapped page-tables.
> Rename the file and compile it always in.
>
> Signed-off-by: Joerg Roedel
Reviewed-by: Kees Cook
--
Kees Cook
On Tue, Jul 14, 2020 at 1:45 AM Michael S. Tsirkin wrote:
>
> On Mon, Jul 13, 2020 at 08:10:14AM -0700, Alexander Duyck wrote:
> > On Sun, Jul 12, 2020 at 8:10 AM Michael S. Tsirkin wrote:
> > >
> > > On Fri, Jul 10, 2020 at 09:13:41AM -0700, Alexander Duyck wrote:
> > > > On Fri, Jul 10, 2020
From: Tom Lendacky
Implement a handler for #VC exceptions caused by VMMCALL instructions.
This patch is only a starting point, VMMCALL emulation under SEV-ES
needs further hypervisor-specific changes to provide additional state.
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: Adapt to #VC
From: Joerg Roedel
Re-use the handlers for CPUID and IOIO caused #VC exceptions in the
early boot handler.
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/sev-es-shared.c | 7 +++
arch/x86/kernel/sev-es.c| 6 ++
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git
From: Tom Lendacky
Implement a handler for #VC exceptions caused by RDMSR/WRMSR
instructions.
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: Adapt to #VC handling infrastructure ]
Co-developed-by: Joerg Roedel
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/sev-es.c | 28
From: Joerg Roedel
The code at the trampoline entry point is executed in real-mode. In
real-mode #VC exceptions can't be handled, so anything that might cause
such an exception must be avoided.
In the standard trampoline entry code this is the WBINVD instruction and
the call to verify_cpu(),
From: Joerg Roedel
Allocate IST entry number 4 for the #VC handler and setup it up in the
per-cpu TSS. This will setup the TSS for all CPUs before they even
start, so that the boot-code for secondary CPUs can handle #VC
exceptions.
Signed-off-by: Joerg Roedel
---
From: Joerg Roedel
Add a play_dead handler when running under SEV-ES. This is needed
because the hypervisor can't deliver an SIPI request to restart the AP.
Instead the kernel has to issue a VMGEXIT to halt the VCPU until the
hypervisor wakes it up again.
Signed-off-by: Joerg Roedel
---
From: Tom Lendacky
The runtime handler needs a GHCB per CPU. Set them up and map them
unencrypted.
Signed-off-by: Tom Lendacky
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/mem_encrypt.h | 2 ++
arch/x86/kernel/sev-es.c | 56 +-
From: Joerg Roedel
When a #VC exception is triggered by user-space the instruction decoder
needs to read the instruction bytes from user addresses. Enhance
vc_decode_insn() to safely fetch kernel and user instructions.
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/sev-es.c | 31
From: Joerg Roedel
Setup an early handler for #VC exceptions. There is no GHCB mapped
yet, so just re-use the vc_no_ghcb_handler. It can only handle CPUID
exit-codes, but that should be enough to get the kernel through
verify_cpu() and __startup_64() until it runs on virtual addresses.
From: Joerg Roedel
The APs are not ready to handle exceptions when verify_cpu() is called
in secondary_startup_64.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/realmode.h | 1 +
arch/x86/kernel/head_64.S | 1 +
arch/x86/realmode/init.c| 6 ++
3 files changed, 8
From: Tom Lendacky
Add the handlers for #VC exceptions invoked at runtime.
Signed-off-by: Tom Lendacky
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/idtentry.h | 5 +
arch/x86/kernel/idt.c | 11 +-
arch/x86/kernel/sev-es.c| 231 +++-
3
From: Tom Lendacky
Add handler for VC exceptions caused by MMIO intercepts. These
intercepts come along as nested page faults on pages with reserved
bits set.
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: Adapt to VC handling framework ]
Co-developed-by: Joerg Roedel
Signed-off-by: Joerg
From: Joerg Roedel
The #VC exception will trigger very early in head_64.S, when the first
CPUID instruction is executed. When secondary CPUs boot, they already
load the real system IDT, which has the #VC handler configured to use an
IST stack. IST stacks require a TSS to be loaded, so set up the
From: Tom Lendacky
Implement a handler for #VC exceptions caused by WBINVD instructions.
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: Adapt to #VC handling framework ]
Co-developed-by: Joerg Roedel
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/sev-es.c | 9 +
1 file changed, 9
From: Tom Lendacky
Implement a handler for #VC exceptions caused by MWAIT and MWAITX
instructions.
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: Adapt to #VC handling infrastructure ]
Co-developed-by: Joerg Roedel
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/sev-es.c | 10 ++
1
From: Tom Lendacky
Implement a handler for #VC exceptions caused by RDPMC instructions.
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: Adapt to #VC handling infrastructure ]
Co-developed-by: Joerg Roedel
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/sev-es.c | 22 ++
1
From: Joerg Roedel
Add the infrastructure to handle #VC exceptions when the kernel runs
on virtual addresses and has a GHCB mapped. This handler will be used
until the runtime #VC handler takes over.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/segment.h | 2 +-
From: Joerg Roedel
When running under SEV-ES the kernel has to tell the hypervisor when to
open the NMI window again after an NMI was injected. This is done with
an NMI-complete message to the hypervisor.
Add code to the kernels NMI handler to send this message right at the
beginning of
From: Tom Lendacky
Add code to handle #VC exceptions on DR7 register reads and writes.
This is needed early because show_regs() reads DR7 to print it out.
Under SEV-ES there is currently no support for saving/restoring the
DRx registers, but software expects to be able to write to the DR7
From: Tom Lendacky
Calling down to EFI runtime services can result in the firmware performing
VMGEXIT calls. The firmware is likely to use the GHCB of the OS (e.g., for
setting EFI variables), so each GHCB in the system needs to be identity
mapped in the EFI page tables, as unencrypted, to avoid
From: Joerg Roedel
The #VC handler needs special entry code because:
1. It runs on an IST stack
2. It needs to be able to handle nested #VC exceptions
To make this work the entry code is implemented to pretend it doesn't
use an IST stack. When entered from user-mode or early
From: Joerg Roedel
Implement a handler for #VC exceptions caused by #AC exceptions. The #AC
exception is just forwarded to do_alignment_check() and not pushed down
to the hypervisor, as requested by the SEV-ES GHCB Standardization
Specification.
Signed-off-by: Joerg Roedel
---
From: Martin Radev
Make sure the machine supports RDRAND, otherwise there is no trusted
source of of randomness in the system.
Signed-off-by: Martin Radev
Signed-off-by: Joerg Roedel
---
arch/x86/boot/compressed/sev-es.c | 3 +++
arch/x86/kernel/sev-es-shared.c | 15 +++
From: Joerg Roedel
The get_stack_info functionality is needed in the entry code for the #VC
exception handler. Provide a version of it in the .text.noinstr
section which can be called safely from there.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/stacktrace.h | 2 ++
From: Joerg Roedel
For SEV-ES this entry point will be used for restarting APs after they
have been offlined. Remove the '0' from the name to reflect that.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/cpu.h | 2 +-
arch/x86/kernel/head_32.S | 4 ++--
arch/x86/kernel/head_64.S | 6
From: Joerg Roedel
Add two new paravirt callbacks to provide hypervisor specific processor
state in the GHCB and to copy state from the hypervisor back to the
processor.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/x86_init.h | 16 +++-
arch/x86/kernel/sev-es.c| 12
From: Tom Lendacky
Implement the callbacks to copy the processor state required by KVM to
the GHCB.
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: - Split out of a larger patch
- Adapt to different callback functions ]
Co-developed-by: Joerg Roedel
Signed-off-by: Joerg
From: Joerg Roedel
When an NMI hits in the #VC handler entry code before it switched to
another stack, any subsequent #VC exception in the NMI code-path will
overwrite the interrupted #VC handlers stack.
Make sure this doesn't happen by explicitly adjusting the #VC IST entry
in the NMI handler
From: Doug Covelli
Add VMware specific handling for #VC faults caused by VMMCALL
instructions.
Signed-off-by: Doug Covelli
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: - Adapt to different paravirt interface ]
Co-developed-by: Joerg Roedel
Signed-off-by: Joerg Roedel
---
From: Joerg Roedel
Allocate and map an IST stack and a fall-back stack for the #VC handler.
The memory for the stacks is allocated only when SEV-ES is active.
The #VC handler needs to use an IST stack because it could be raised
from kernel space with unsafe stack, e.g. in the SYSCALL entry
From: Tom Lendacky
Implement a handler for #VC exceptions caused by RDTSC and RDTSCP
instructions. Also make it available in the pre-decompression stage
because the KASLR code used RDTSC/RDTSCP to gather entropy and some
hypervisors intercept these instructions.
Signed-off-by: Tom Lendacky
[
From: Tom Lendacky
Implement a handler for #VC exceptions caused by INVD instructions.
Since Linux should never use INVD, just mark it as unsupported.
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: Adapt to #VC handling infrastructure ]
Co-developed-by: Joerg Roedel
Signed-off-by: Joerg
From: Joerg Roedel
Add handling for emulation the MOVS instruction on MMIO regions, as done
by the memcpy_toio() and memcpy_fromio() functions.
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/sev-es.c | 77
1 file changed, 77 insertions(+)
diff --git
From: Joerg Roedel
Handle #VC exceptions caused by #DB exceptions in the guest. Those
must be handled outside of instrumentation_begin()/end() so that the
handler will not be raised recursivly.
Handle them by calling the kernels debug exception handler.
Signed-off-by: Joerg Roedel
---
From: Tom Lendacky
As part of the GHCB specification, the booting of APs under SEV-ES
requires an AP jump table when transitioning from one layer of code to
another (e.g. when going from UEFI to the OS). As a result, each layer
that parks an AP must provide the physical address of an AP jump
From: Tom Lendacky
Implement a handler for #VC exceptions caused by MONITOR and MONITORX
instructions.
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: Adapt to #VC handling infrastructure ]
Co-developed-by: Joerg Roedel
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/sev-es.c | 13
From: Joerg Roedel
Refactor the message printed to the kernel log which indicates whether
SEV or SME is active to print a list of enabled encryption features.
This will scale better in the future when more memory encryption
features might be added. Also add SEV-ES to the list of features.
From: Joerg Roedel
Move the assembly coded dispatch between page-faults and all other
exceptions to C code to make it easier to maintain and extend.
Also change the return-type of early_make_pgtable() to bool and make it
static.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/pgtable.h
From: Joerg Roedel
Make sure segments are properly set up before setting up an IDT and
doing anything that might cause a #VC exception. This is later needed
for early exception handling.
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/head_64.S | 52 +++
1
From: Joerg Roedel
Load the IDT right after switching to virtual addresses in head_64.S
so that the kernel can handle #VC exceptions.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/setup.h | 2 ++
arch/x86/kernel/head64.c | 18 ++
arch/x86/kernel/head_64.S| 28
From: Joerg Roedel
Reload the GDT after switching to virtual addresses to make sure it will
not go away when the lower mappings are removed. This will also reload
the GDT for booting APs, which will need a working GDT too to handle #VC
exceptions.
Signed-off-by: Joerg Roedel
---
From: Joerg Roedel
Setup sev-es.c and include the code from the
pre-decompression stage to also build it into the image of the running
kernel. Temporarily add __maybe_unused annotations to avoid build
warnings until the functions get used.
Signed-off-by: Joerg Roedel
---
From: Joerg Roedel
Make sure there is a stack once the kernel runs from virual addresses.
At this stage any secondary CPU which boots will have lost its stack
because the kernel switched to a new page-table which does not map the
real-mode stack anymore.
This is needed for handling early #VC
From: Joerg Roedel
Install an exception handler for #VC exception that uses a GHCB. Also
add the infrastructure for handling different exit-codes by decoding
the instruction that caused the exception and error handling.
Signed-off-by: Joerg Roedel
---
arch/x86/Kconfig
From: Joerg Roedel
Handling exceptions during boot requires a working GDT. The kernel GDT
is not yet ready for use, so install a temporary boot GDT.
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/head64.c | 19 +++
arch/x86/kernel/head_64.S | 20
2 files
From: Joerg Roedel
Add the first handler for #VC exceptions. At stage 1 there is no GHCB
yet becaue the kernel might still be running on the EFI page table.
The stage 1 handler is limited to the MSR based protocol to talk to
the hypervisor and can only support CPUID exit-codes, but that is
From: Joerg Roedel
With SEV-ES, exception handling is needed very early, even before the
kernel has cleared the bss segment. In order to prevent clearing the
currently used IDT, move the IDT to the data segment.
Signed-off-by: Joerg Roedel
---
arch/x86/kernel/idt.c | 2 +-
1 file changed, 1
From: Joerg Roedel
Move these two functions from kernel/idt.c to include/asm/desc.h:
* init_idt_data()
* idt_init_desc()
These functions are needed to setup IDT entries very early and need to
be called from head64.c. To be usable this early these functions need to
be compiled
From: Tom Lendacky
Add support for decoding and handling #VC exceptions for IOIO events.
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: Adapted code to #VC handling framework ]
Co-developed-by: Joerg Roedel
Signed-off-by: Joerg Roedel
---
arch/x86/boot/compressed/sev-es.c | 32 +
From: Joerg Roedel
When booted through startup_64 the kernel keeps running on the EFI
page-table until the KASLR code sets up its own page-table. Without
KASLR the pre-decompression boot code never switches off the EFI
page-table. Change that by unconditionally switching to a kernel
controlled
From: Joerg Roedel
The function can fail to create an identity mapping, check for that
and bail out if it happens.
Signed-off-by: Joerg Roedel
---
arch/x86/boot/compressed/ident_map_64.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git
From: Joerg Roedel
Force a page-fault on any further accesses to the GHCB page when they
shouldn't happen anymore. This will catch the bugs where a #VC exception
is raised when no one is expected anymore.
Signed-off-by: Joerg Roedel
---
arch/x86/boot/compressed/ident_map_64.c | 17
From: Joerg Roedel
Call set_sev_encryption_mask() while still on the stage 1 #VC-handler,
because the stage 2 handler needs our own page-tables to be set up, to
which calling set_sev_encryption_mask() is a prerequisite.
Signed-off-by: Joerg Roedel
---
arch/x86/boot/compressed/head_64.S |
From: Joerg Roedel
Add the sev_es_active function for checking whether SEV-ES is enabled.
Also cache the value of MSR_AMD64_SEV at boot to speed up the feature
checking in the running code.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/mem_encrypt.h | 3 +++
From: Joerg Roedel
Add code needed to setup an IDT in the early pre-decompression
boot-code. The IDT is loaded first in startup_64, which is after
EfiExitBootServices() has been called, and later reloaded when the
kernel image has been relocated to the end of the decompression area.
This allows
From: Tom Lendacky
Add CPU feature detection for Secure Encrypted Virtualization with
Encrypted State. This feature enhances SEV by also encrypting the
guest register state, making it in-accessible to the hypervisor.
Signed-off-by: Tom Lendacky
Signed-off-by: Joerg Roedel
---
From: Joerg Roedel
The x86-64 ABI defines a red-zone on the stack:
The 128-byte area beyond the location pointed to by %rsp is considered
to be reserved and shall not be modified by signal or interrupt
handlers. Therefore, functions may use this area for temporary data
that is not
From: Joerg Roedel
The code to setup idt_data is needed for early exception handling, but
set_intr_gate() can't be used that early because it has pv-ops in its
code path, which don't work that early.
Split out the idt_data initialization part from set_intr_gate() so
that it can be used
From: Joerg Roedel
Factor out the code used to decode an instruction with the correct
address and operand sizes to a helper function.
No functional changes.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/insn-eval.h | 2 ++
arch/x86/kernel/umip.c | 23 +---
From: Tom Lendacky
Handle #VC exceptions caused by CPUID instructions. These happen in
early boot code when the KASLR code checks for RDTSC.
Signed-off-by: Tom Lendacky
[ jroe...@suse.de: Adapt to #VC handling framework ]
Co-developed-by: Joerg Roedel
Signed-off-by: Joerg Roedel
---
From: Borislav Petkov
Use the shorthand to make it more readable.
No functional changes.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/svm.h | 16
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
From: Joerg Roedel
Move the definition of the x86 page-fault error code bits to the new
header file asm/trap_pf.h. This makes it easier to include them into
pre-decompression boot code. No functional changes.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/trap_pf.h | 24
From: Joerg Roedel
Building a correct GHCB for the hypervisor requires setting valid bits
in the GHCB. Simplify that process by providing accessor functions to
set values and to update the valid bitmap.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/svm.h | 61
From: Joerg Roedel
With the page-fault handler in place the identity mapping can be built
on-demand. So remove the code which manually creates the mappings and
unexport/remove the functions used for it.
Signed-off-by: Joerg Roedel
---
arch/x86/boot/compressed/ident_map_64.c | 6 ++
From: Joerg Roedel
The file contains only code related to identity mapped page-tables.
Rename the file and compile it always in.
Signed-off-by: Joerg Roedel
---
arch/x86/boot/compressed/Makefile | 2 +-
arch/x86/boot/compressed/{kaslr_64.c => ident_map_64.c} | 9
From: Joerg Roedel
The code inserted by the stack protector does not work in the early
boot environment because it uses the GS segment, at least with memory
encryption enabled. Make sure the early code is compiled without this
feature enabled.
Signed-off-by: Joerg Roedel
---
From: Joerg Roedel
The functions are needed to map the GHCB for SEV-ES guests. The GHCB is
used for communication with the hypervisor, so its content must not be
encrypted. After the GHCB is not needed anymore it must be mapped
encrypted again so that the running kernel image can safely re-use
From: Joerg Roedel
The xgetbv() function is needed in pre-decompression boot code, but
asm/fpu/internal.h can't be included there directly. Doing so opens
the door to include-hell due to various include-magic in
boot/compressed/misc.h.
Avoid that by moving xgetbv()/xsetbv() to a separate header
From: Joerg Roedel
Add a function to check whether an instruction has a REP prefix.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/insn-eval.h | 1 +
arch/x86/lib/insn-eval.c | 24
2 files changed, 25 insertions(+)
diff --git
From: Joerg Roedel
The inat-tables.c file has some arrays in it that contain pointers to
other arrays. These pointers need to be relocated when the kernel
image is moved to a different location.
The pre-decompression boot-code has no support for applying ELF
relocations, so initialize these
From: Joerg Roedel
Changing the function to take start and end as parameters instead of
start and size simplifies the callers, which don't need to calculate
the size if they already have start and end.
Signed-off-by: Joerg Roedel
---
arch/x86/boot/compressed/ident_map_64.c | 15
From: Joerg Roedel
Factor out the code to fetch the instruction from user-space to a helper
function.
No functional changes.
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/insn-eval.h | 2 ++
arch/x86/kernel/umip.c | 26 +-
arch/x86/lib/insn-eval.c
From: Joerg Roedel
Install a page-fault handler to add an identity mapping to addresses
not yet mapped. Also do some checking whether the error code is sane.
This makes non SEV-ES machines use the exception handling
infrastructure in the pre-decompressions boot code too, making it less
likely
From: Joerg Roedel
Add a function to the instruction decoder which returns the pt_regs
offset of the register specified in the reg field of the modrm byte.
Signed-off-by: Joerg Roedel
Acked-by: Masami Hiramatsu
---
arch/x86/include/asm/insn-eval.h | 1 +
arch/x86/lib/insn-eval.c |
From: Joerg Roedel
Hi,
here is the fourth version of the SEV-ES Guest Support patches. I
addressed the review comments sent to me for the previous version and
rebased the code v5.8-rc5.
The biggest change in this version is the IST handling code for the
#VC handler. I adapted the entry code
From: Tom Lendacky
Extend the vmcb_safe_area with SEV-ES fields and add a new
'struct ghcb' which will be used for guest-hypervisor communication.
Signed-off-by: Tom Lendacky
Signed-off-by: Joerg Roedel
---
arch/x86/include/asm/svm.h | 45 +-
On Tue, 14 Jul 2020 13:38:02 +0200
Pierre Morel wrote:
> If protected virtualization is active on s390, the virtio queues are
> not accessible to the host, unless VIRTIO_F_IOMMU_PLATFORM has been
> negotiated. Use the new arch_validate_virtio_features() interface to
> fail probe if that's not
On 2020-07-14 13:42, Christian Borntraeger wrote:
On 14.07.20 13:38, Pierre Morel wrote:
If protected virtualization is active on s390, the virtio queues are
not accessible to the host, unless VIRTIO_F_IOMMU_PLATFORM has been
negotiated. Use the new arch_validate_virtio_features() interface
On 14.07.20 13:38, Pierre Morel wrote:
> If protected virtualization is active on s390, the virtio queues are
> not accessible to the host, unless VIRTIO_F_IOMMU_PLATFORM has been
> negotiated. Use the new arch_validate_virtio_features() interface to
> fail probe if that's not the case,
Hi all,
The goal of the series is to give a chance to the architecture
to validate VIRTIO device features.
in this respin:
1) I kept removed the ack from Jason as I reworked the patch
@Jason, the nature and goal of the patch did not really changed
please can I get back your
If protected virtualization is active on s390, the virtio queues are
not accessible to the host, unless VIRTIO_F_IOMMU_PLATFORM has been
negotiated. Use the new arch_validate_virtio_features() interface to
fail probe if that's not the case, preventing a host error on access
attempt.
An architecture may need to validate the VIRTIO devices features
based on architecture specifics.
Signed-off-by: Pierre Morel
Reviewed-by: Cornelia Huck
Acked-by: Christian Borntraeger
Acked-by: Halil Pasic
---
drivers/virtio/virtio.c | 19 +++
On Thu, Jul 09, 2020 at 04:05:31PM +0200, Sam Ravnborg wrote:
> On Thu, Jul 09, 2020 at 02:33:39PM +0200, Daniel Vetter wrote:
> > Exactly matches the one in the helpers.
> >
> > This avoids me having to roll out dma-fence critical section
> > annotations to this copy.
> >
> > Signed-off-by:
On Tue, Jul 14, 2020 at 08:52:43AM +0800, Zhu, Lingshan wrote:
>
> On 7/13/2020 6:52 PM, Michael S. Tsirkin wrote:
>
> On Mon, Jul 13, 2020 at 04:13:35PM +0800, Jason Wang wrote:
>
> On 2020/7/13 上午5:06, Michael S. Tsirkin wrote:
>
> On Sun, Jul 12, 2020 at 10:49:21PM
On Mon, Jul 13, 2020 at 08:10:14AM -0700, Alexander Duyck wrote:
> On Sun, Jul 12, 2020 at 8:10 AM Michael S. Tsirkin wrote:
> >
> > On Fri, Jul 10, 2020 at 09:13:41AM -0700, Alexander Duyck wrote:
> > > On Fri, Jul 10, 2020 at 4:31 AM Michael S. Tsirkin
> > > wrote:
> > > >
> > > > Page
On Thu, Jun 18, 2020 at 04:14:12PM +0200, Guennadi Liakhovetski wrote:
> On Thu, Jun 18, 2020 at 03:52:42PM +0200, Vincent Whitchurch wrote:
> > Note that "the Linux side" is ambiguous for AMP since both sides can be
> > Linux, as they happen to be in my case. I'm running virtio/rpmsg
> > between
97 matches
Mail list logo