1 // SPDX-License-Identifier: GPL-2.0
3 * AMD Encrypted Register State Support
5 * Author: Joerg Roedel <jroedel@suse.de>
7 * This file is not compiled stand-alone. It contains code shared
8 * between the pre-decompression boot code and the running Linux kernel
9 * and is included directly into both code-bases.
12 #ifndef __BOOT_COMPRESSED
13 #define error(v) pr_err(v)
14 #define has_cpuflag(f) boot_cpu_has(f)
17 /* I/O parameters for CPUID-related helpers */
28 * Individual entries of the SNP CPUID table, as defined by the SNP
29 * Firmware ABI, Revision 0.9, Section 7.1, Table 14.
44 * SNP CPUID table, as defined by the SNP Firmware ABI, Revision 0.9,
45 * Section 8.14.2.6. Also noted there is the SNP firmware-enforced limit
46 * of 64 entries per CPUID table.
48 #define SNP_CPUID_COUNT_MAX 64
50 struct snp_cpuid_table {
54 struct snp_cpuid_fn fn[SNP_CPUID_COUNT_MAX];
58 * Since feature negotiation related variables are set early in the boot
59 * process they must reside in the .data section so as not to be zeroed
60 * out when the .bss section is later cleared.
62 * GHCB protocol version negotiated with the hypervisor.
64 static u16 ghcb_version __ro_after_init;
66 /* Copy of the SNP firmware's CPUID page. */
67 static struct snp_cpuid_table cpuid_table_copy __ro_after_init;
70 * These will be initialized based on CPUID table so that non-present
71 * all-zero leaves (for sparse tables) can be differentiated from
72 * invalid/out-of-range leaves. This is needed since all-zero leaves
73 * still need to be post-processed.
75 static u32 cpuid_std_range_max __ro_after_init;
76 static u32 cpuid_hyp_range_max __ro_after_init;
77 static u32 cpuid_ext_range_max __ro_after_init;
79 static bool __init sev_es_check_cpu_features(void)
81 if (!has_cpuflag(X86_FEATURE_RDRAND)) {
82 error("RDRAND instruction not supported - no trusted source of randomness available\n");
89 static void __noreturn sev_es_terminate(unsigned int set, unsigned int reason)
91 u64 val = GHCB_MSR_TERM_REQ;
93 /* Tell the hypervisor what went wrong. */
94 val |= GHCB_SEV_TERM_REASON(set, reason);
96 /* Request Guest Termination from Hypvervisor */
97 sev_es_wr_ghcb_msr(val);
101 asm volatile("hlt\n" : : : "memory");
105 * The hypervisor features are available from GHCB version 2 onward.
107 static u64 get_hv_features(void)
111 if (ghcb_version < 2)
114 sev_es_wr_ghcb_msr(GHCB_MSR_HV_FT_REQ);
117 val = sev_es_rd_ghcb_msr();
118 if (GHCB_RESP_CODE(val) != GHCB_MSR_HV_FT_RESP)
121 return GHCB_MSR_HV_FT_RESP_VAL(val);
124 static void snp_register_ghcb_early(unsigned long paddr)
126 unsigned long pfn = paddr >> PAGE_SHIFT;
129 sev_es_wr_ghcb_msr(GHCB_MSR_REG_GPA_REQ_VAL(pfn));
132 val = sev_es_rd_ghcb_msr();
134 /* If the response GPA is not ours then abort the guest */
135 if ((GHCB_RESP_CODE(val) != GHCB_MSR_REG_GPA_RESP) ||
136 (GHCB_MSR_REG_GPA_RESP_VAL(val) != pfn))
137 sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_REGISTER);
140 static bool sev_es_negotiate_protocol(void)
144 /* Do the GHCB protocol version negotiation */
145 sev_es_wr_ghcb_msr(GHCB_MSR_SEV_INFO_REQ);
147 val = sev_es_rd_ghcb_msr();
149 if (GHCB_MSR_INFO(val) != GHCB_MSR_SEV_INFO_RESP)
152 if (GHCB_MSR_PROTO_MAX(val) < GHCB_PROTOCOL_MIN ||
153 GHCB_MSR_PROTO_MIN(val) > GHCB_PROTOCOL_MAX)
156 ghcb_version = min_t(size_t, GHCB_MSR_PROTO_MAX(val), GHCB_PROTOCOL_MAX);
161 static __always_inline void vc_ghcb_invalidate(struct ghcb *ghcb)
163 ghcb->save.sw_exit_code = 0;
164 __builtin_memset(ghcb->save.valid_bitmap, 0, sizeof(ghcb->save.valid_bitmap));
167 static bool vc_decoding_needed(unsigned long exit_code)
169 /* Exceptions don't require to decode the instruction */
170 return !(exit_code >= SVM_EXIT_EXCP_BASE &&
171 exit_code <= SVM_EXIT_LAST_EXCP);
174 static enum es_result vc_init_em_ctxt(struct es_em_ctxt *ctxt,
175 struct pt_regs *regs,
176 unsigned long exit_code)
178 enum es_result ret = ES_OK;
180 memset(ctxt, 0, sizeof(*ctxt));
183 if (vc_decoding_needed(exit_code))
184 ret = vc_decode_insn(ctxt);
189 static void vc_finish_insn(struct es_em_ctxt *ctxt)
191 ctxt->regs->ip += ctxt->insn.length;
194 static enum es_result verify_exception_info(struct ghcb *ghcb, struct es_em_ctxt *ctxt)
198 ret = ghcb->save.sw_exit_info_1 & GENMASK_ULL(31, 0);
203 u64 info = ghcb->save.sw_exit_info_2;
204 unsigned long v = info & SVM_EVTINJ_VEC_MASK;
206 /* Check if exception information from hypervisor is sane. */
207 if ((info & SVM_EVTINJ_VALID) &&
208 ((v == X86_TRAP_GP) || (v == X86_TRAP_UD)) &&
209 ((info & SVM_EVTINJ_TYPE_MASK) == SVM_EVTINJ_TYPE_EXEPT)) {
212 if (info & SVM_EVTINJ_VALID_ERR)
213 ctxt->fi.error_code = info >> 32;
222 enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb, bool set_ghcb_msr,
223 struct es_em_ctxt *ctxt, u64 exit_code,
224 u64 exit_info_1, u64 exit_info_2)
226 /* Fill in protocol and format specifiers */
227 ghcb->protocol_version = ghcb_version;
228 ghcb->ghcb_usage = GHCB_DEFAULT_USAGE;
230 ghcb_set_sw_exit_code(ghcb, exit_code);
231 ghcb_set_sw_exit_info_1(ghcb, exit_info_1);
232 ghcb_set_sw_exit_info_2(ghcb, exit_info_2);
235 * Hyper-V unenlightened guests use a paravisor for communicating and
236 * GHCB pages are being allocated and set up by that paravisor. Linux
237 * should not change the GHCB page's physical address.
240 sev_es_wr_ghcb_msr(__pa(ghcb));
244 return verify_exception_info(ghcb, ctxt);
247 static int __sev_cpuid_hv(u32 fn, int reg_idx, u32 *reg)
251 sev_es_wr_ghcb_msr(GHCB_CPUID_REQ(fn, reg_idx));
253 val = sev_es_rd_ghcb_msr();
254 if (GHCB_RESP_CODE(val) != GHCB_MSR_CPUID_RESP)
262 static int sev_cpuid_hv(struct cpuid_leaf *leaf)
267 * MSR protocol does not support fetching non-zero subfunctions, but is
268 * sufficient to handle current early-boot cases. Should that change,
269 * make sure to report an error rather than ignoring the index and
270 * grabbing random values. If this issue arises in the future, handling
271 * can be added here to use GHCB-page protocol for cases that occur late
272 * enough in boot that GHCB page is available.
274 if (cpuid_function_is_indexed(leaf->fn) && leaf->subfn)
277 ret = __sev_cpuid_hv(leaf->fn, GHCB_CPUID_REQ_EAX, &leaf->eax);
278 ret = ret ? : __sev_cpuid_hv(leaf->fn, GHCB_CPUID_REQ_EBX, &leaf->ebx);
279 ret = ret ? : __sev_cpuid_hv(leaf->fn, GHCB_CPUID_REQ_ECX, &leaf->ecx);
280 ret = ret ? : __sev_cpuid_hv(leaf->fn, GHCB_CPUID_REQ_EDX, &leaf->edx);
286 * This may be called early while still running on the initial identity
287 * mapping. Use RIP-relative addressing to obtain the correct address
288 * while running with the initial identity mapping as well as the
289 * switch-over to kernel virtual addresses later.
291 static const struct snp_cpuid_table *snp_cpuid_get_table(void)
295 asm ("lea cpuid_table_copy(%%rip), %0"
297 : "p" (&cpuid_table_copy));
303 * The SNP Firmware ABI, Revision 0.9, Section 7.1, details the use of
304 * XCR0_IN and XSS_IN to encode multiple versions of 0xD subfunctions 0
305 * and 1 based on the corresponding features enabled by a particular
306 * combination of XCR0 and XSS registers so that a guest can look up the
307 * version corresponding to the features currently enabled in its XCR0/XSS
308 * registers. The only values that differ between these versions/table
309 * entries is the enabled XSAVE area size advertised via EBX.
311 * While hypervisors may choose to make use of this support, it is more
312 * robust/secure for a guest to simply find the entry corresponding to the
313 * base/legacy XSAVE area size (XCR0=1 or XCR0=3), and then calculate the
314 * XSAVE area size using subfunctions 2 through 64, as documented in APM
315 * Volume 3, Rev 3.31, Appendix E.3.8, which is what is done here.
317 * Since base/legacy XSAVE area size is documented as 0x240, use that value
318 * directly rather than relying on the base size in the CPUID table.
320 * Return: XSAVE area size on success, 0 otherwise.
322 static u32 snp_cpuid_calc_xsave_size(u64 xfeatures_en, bool compacted)
324 const struct snp_cpuid_table *cpuid_table = snp_cpuid_get_table();
325 u64 xfeatures_found = 0;
326 u32 xsave_size = 0x240;
329 for (i = 0; i < cpuid_table->count; i++) {
330 const struct snp_cpuid_fn *e = &cpuid_table->fn[i];
332 if (!(e->eax_in == 0xD && e->ecx_in > 1 && e->ecx_in < 64))
334 if (!(xfeatures_en & (BIT_ULL(e->ecx_in))))
336 if (xfeatures_found & (BIT_ULL(e->ecx_in)))
339 xfeatures_found |= (BIT_ULL(e->ecx_in));
342 xsave_size += e->eax;
344 xsave_size = max(xsave_size, e->eax + e->ebx);
348 * Either the guest set unsupported XCR0/XSS bits, or the corresponding
349 * entries in the CPUID table were not present. This is not a valid
352 if (xfeatures_found != (xfeatures_en & GENMASK_ULL(63, 2)))
359 snp_cpuid_get_validated_func(struct cpuid_leaf *leaf)
361 const struct snp_cpuid_table *cpuid_table = snp_cpuid_get_table();
364 for (i = 0; i < cpuid_table->count; i++) {
365 const struct snp_cpuid_fn *e = &cpuid_table->fn[i];
367 if (e->eax_in != leaf->fn)
370 if (cpuid_function_is_indexed(leaf->fn) && e->ecx_in != leaf->subfn)
374 * For 0xD subfunctions 0 and 1, only use the entry corresponding
375 * to the base/legacy XSAVE area size (XCR0=1 or XCR0=3, XSS=0).
376 * See the comments above snp_cpuid_calc_xsave_size() for more
379 if (e->eax_in == 0xD && (e->ecx_in == 0 || e->ecx_in == 1))
380 if (!(e->xcr0_in == 1 || e->xcr0_in == 3) || e->xss_in)
394 static void snp_cpuid_hv(struct cpuid_leaf *leaf)
396 if (sev_cpuid_hv(leaf))
397 sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_CPUID_HV);
400 static int snp_cpuid_postprocess(struct cpuid_leaf *leaf)
402 struct cpuid_leaf leaf_hv = *leaf;
406 snp_cpuid_hv(&leaf_hv);
408 /* initial APIC ID */
409 leaf->ebx = (leaf_hv.ebx & GENMASK(31, 24)) | (leaf->ebx & GENMASK(23, 0));
410 /* APIC enabled bit */
411 leaf->edx = (leaf_hv.edx & BIT(9)) | (leaf->edx & ~BIT(9));
413 /* OSXSAVE enabled bit */
414 if (native_read_cr4() & X86_CR4_OSXSAVE)
415 leaf->ecx |= BIT(27);
418 /* OSPKE enabled bit */
419 leaf->ecx &= ~BIT(4);
420 if (native_read_cr4() & X86_CR4_PKE)
425 snp_cpuid_hv(&leaf_hv);
427 /* extended APIC ID */
428 leaf->edx = leaf_hv.edx;
431 bool compacted = false;
432 u64 xcr0 = 1, xss = 0;
435 if (leaf->subfn != 0 && leaf->subfn != 1)
438 if (native_read_cr4() & X86_CR4_OSXSAVE)
439 xcr0 = xgetbv(XCR_XFEATURE_ENABLED_MASK);
440 if (leaf->subfn == 1) {
441 /* Get XSS value if XSAVES is enabled. */
442 if (leaf->eax & BIT(3)) {
443 unsigned long lo, hi;
445 asm volatile("rdmsr" : "=a" (lo), "=d" (hi)
446 : "c" (MSR_IA32_XSS));
447 xss = (hi << 32) | lo;
451 * The PPR and APM aren't clear on what size should be
452 * encoded in 0xD:0x1:EBX when compaction is not enabled
453 * by either XSAVEC (feature bit 1) or XSAVES (feature
454 * bit 3) since SNP-capable hardware has these feature
455 * bits fixed as 1. KVM sets it to 0 in this case, but
456 * to avoid this becoming an issue it's safer to simply
457 * treat this as unsupported for SNP guests.
459 if (!(leaf->eax & (BIT(1) | BIT(3))))
465 xsave_size = snp_cpuid_calc_xsave_size(xcr0 | xss, compacted);
469 leaf->ebx = xsave_size;
473 snp_cpuid_hv(&leaf_hv);
475 /* extended APIC ID */
476 leaf->eax = leaf_hv.eax;
478 leaf->ebx = (leaf->ebx & GENMASK(31, 8)) | (leaf_hv.ebx & GENMASK(7, 0));
480 leaf->ecx = (leaf->ecx & GENMASK(31, 8)) | (leaf_hv.ecx & GENMASK(7, 0));
483 /* No fix-ups needed, use values as-is. */
491 * Returns -EOPNOTSUPP if feature not enabled. Any other non-zero return value
492 * should be treated as fatal by caller.
494 static int snp_cpuid(struct cpuid_leaf *leaf)
496 const struct snp_cpuid_table *cpuid_table = snp_cpuid_get_table();
498 if (!cpuid_table->count)
501 if (!snp_cpuid_get_validated_func(leaf)) {
503 * Some hypervisors will avoid keeping track of CPUID entries
504 * where all values are zero, since they can be handled the
505 * same as out-of-range values (all-zero). This is useful here
506 * as well as it allows virtually all guest configurations to
507 * work using a single SNP CPUID table.
509 * To allow for this, there is a need to distinguish between
510 * out-of-range entries and in-range zero entries, since the
511 * CPUID table entries are only a template that may need to be
512 * augmented with additional values for things like
513 * CPU-specific information during post-processing. So if it's
514 * not in the table, set the values to zero. Then, if they are
515 * within a valid CPUID range, proceed with post-processing
516 * using zeros as the initial values. Otherwise, skip
517 * post-processing and just return zeros immediately.
519 leaf->eax = leaf->ebx = leaf->ecx = leaf->edx = 0;
521 /* Skip post-processing for out-of-range zero leafs. */
522 if (!(leaf->fn <= cpuid_std_range_max ||
523 (leaf->fn >= 0x40000000 && leaf->fn <= cpuid_hyp_range_max) ||
524 (leaf->fn >= 0x80000000 && leaf->fn <= cpuid_ext_range_max)))
528 return snp_cpuid_postprocess(leaf);
532 * Boot VC Handler - This is the first VC handler during boot, there is no GHCB
533 * page yet, so it only supports the MSR based communication with the
534 * hypervisor and only the CPUID exit-code.
536 void __init do_vc_no_ghcb(struct pt_regs *regs, unsigned long exit_code)
538 unsigned int subfn = lower_bits(regs->cx, 32);
539 unsigned int fn = lower_bits(regs->ax, 32);
540 struct cpuid_leaf leaf;
543 /* Only CPUID is supported via MSR protocol */
544 if (exit_code != SVM_EXIT_CPUID)
550 ret = snp_cpuid(&leaf);
554 if (ret != -EOPNOTSUPP)
557 if (sev_cpuid_hv(&leaf))
567 * This is a VC handler and the #VC is only raised when SEV-ES is
568 * active, which means SEV must be active too. Do sanity checks on the
569 * CPUID results to make sure the hypervisor does not trick the kernel
570 * into the no-sev path. This could map sensitive data unencrypted and
571 * make it accessible to the hypervisor.
573 * In particular, check for:
574 * - Availability of CPUID leaf 0x8000001f
577 * The hypervisor might still report the wrong C-bit position, but this
578 * can't be checked here.
581 if (fn == 0x80000000 && (regs->ax < 0x8000001f))
584 else if ((fn == 0x8000001f && !(regs->ax & BIT(1))))
588 /* Skip over the CPUID two-byte opcode */
594 /* Terminate the guest */
595 sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SEV_ES_GEN_REQ);
598 static enum es_result vc_insn_string_read(struct es_em_ctxt *ctxt,
599 void *src, char *buf,
600 unsigned int data_size,
604 int i, b = backwards ? -1 : 1;
605 enum es_result ret = ES_OK;
607 for (i = 0; i < count; i++) {
608 void *s = src + (i * data_size * b);
609 char *d = buf + (i * data_size);
611 ret = vc_read_mem(ctxt, s, d, data_size);
619 static enum es_result vc_insn_string_write(struct es_em_ctxt *ctxt,
620 void *dst, char *buf,
621 unsigned int data_size,
625 int i, s = backwards ? -1 : 1;
626 enum es_result ret = ES_OK;
628 for (i = 0; i < count; i++) {
629 void *d = dst + (i * data_size * s);
630 char *b = buf + (i * data_size);
632 ret = vc_write_mem(ctxt, d, b, data_size);
640 #define IOIO_TYPE_STR BIT(2)
641 #define IOIO_TYPE_IN 1
642 #define IOIO_TYPE_INS (IOIO_TYPE_IN | IOIO_TYPE_STR)
643 #define IOIO_TYPE_OUT 0
644 #define IOIO_TYPE_OUTS (IOIO_TYPE_OUT | IOIO_TYPE_STR)
646 #define IOIO_REP BIT(3)
648 #define IOIO_ADDR_64 BIT(9)
649 #define IOIO_ADDR_32 BIT(8)
650 #define IOIO_ADDR_16 BIT(7)
652 #define IOIO_DATA_32 BIT(6)
653 #define IOIO_DATA_16 BIT(5)
654 #define IOIO_DATA_8 BIT(4)
656 #define IOIO_SEG_ES (0 << 10)
657 #define IOIO_SEG_DS (3 << 10)
659 static enum es_result vc_ioio_exitinfo(struct es_em_ctxt *ctxt, u64 *exitinfo)
661 struct insn *insn = &ctxt->insn;
664 switch (insn->opcode.bytes[0]) {
668 *exitinfo |= IOIO_TYPE_INS;
669 *exitinfo |= IOIO_SEG_ES;
670 *exitinfo |= (ctxt->regs->dx & 0xffff) << 16;
676 *exitinfo |= IOIO_TYPE_OUTS;
677 *exitinfo |= IOIO_SEG_DS;
678 *exitinfo |= (ctxt->regs->dx & 0xffff) << 16;
681 /* IN immediate opcodes */
684 *exitinfo |= IOIO_TYPE_IN;
685 *exitinfo |= (u8)insn->immediate.value << 16;
688 /* OUT immediate opcodes */
691 *exitinfo |= IOIO_TYPE_OUT;
692 *exitinfo |= (u8)insn->immediate.value << 16;
695 /* IN register opcodes */
698 *exitinfo |= IOIO_TYPE_IN;
699 *exitinfo |= (ctxt->regs->dx & 0xffff) << 16;
702 /* OUT register opcodes */
705 *exitinfo |= IOIO_TYPE_OUT;
706 *exitinfo |= (ctxt->regs->dx & 0xffff) << 16;
710 return ES_DECODE_FAILED;
713 switch (insn->opcode.bytes[0]) {
720 /* Single byte opcodes */
721 *exitinfo |= IOIO_DATA_8;
724 /* Length determined by instruction parsing */
725 *exitinfo |= (insn->opnd_bytes == 2) ? IOIO_DATA_16
728 switch (insn->addr_bytes) {
730 *exitinfo |= IOIO_ADDR_16;
733 *exitinfo |= IOIO_ADDR_32;
736 *exitinfo |= IOIO_ADDR_64;
740 if (insn_has_rep_prefix(insn))
741 *exitinfo |= IOIO_REP;
746 static enum es_result vc_handle_ioio(struct ghcb *ghcb, struct es_em_ctxt *ctxt)
748 struct pt_regs *regs = ctxt->regs;
749 u64 exit_info_1, exit_info_2;
752 ret = vc_ioio_exitinfo(ctxt, &exit_info_1);
756 if (exit_info_1 & IOIO_TYPE_STR) {
760 bool df = ((regs->flags & X86_EFLAGS_DF) == X86_EFLAGS_DF);
761 unsigned int io_bytes, exit_bytes;
762 unsigned int ghcb_count, op_count;
763 unsigned long es_base;
767 * For the string variants with rep prefix the amount of in/out
768 * operations per #VC exception is limited so that the kernel
769 * has a chance to take interrupts and re-schedule while the
770 * instruction is emulated.
772 io_bytes = (exit_info_1 >> 4) & 0x7;
773 ghcb_count = sizeof(ghcb->shared_buffer) / io_bytes;
775 op_count = (exit_info_1 & IOIO_REP) ? regs->cx : 1;
776 exit_info_2 = min(op_count, ghcb_count);
777 exit_bytes = exit_info_2 * io_bytes;
779 es_base = insn_get_seg_base(ctxt->regs, INAT_SEG_REG_ES);
781 /* Read bytes of OUTS into the shared buffer */
782 if (!(exit_info_1 & IOIO_TYPE_IN)) {
783 ret = vc_insn_string_read(ctxt,
784 (void *)(es_base + regs->si),
785 ghcb->shared_buffer, io_bytes,
792 * Issue an VMGEXIT to the HV to consume the bytes from the
793 * shared buffer or to have it write them into the shared buffer
794 * depending on the instruction: OUTS or INS.
796 sw_scratch = __pa(ghcb) + offsetof(struct ghcb, shared_buffer);
797 ghcb_set_sw_scratch(ghcb, sw_scratch);
798 ret = sev_es_ghcb_hv_call(ghcb, true, ctxt, SVM_EXIT_IOIO,
799 exit_info_1, exit_info_2);
803 /* Read bytes from shared buffer into the guest's destination. */
804 if (exit_info_1 & IOIO_TYPE_IN) {
805 ret = vc_insn_string_write(ctxt,
806 (void *)(es_base + regs->di),
807 ghcb->shared_buffer, io_bytes,
813 regs->di -= exit_bytes;
815 regs->di += exit_bytes;
818 regs->si -= exit_bytes;
820 regs->si += exit_bytes;
823 if (exit_info_1 & IOIO_REP)
824 regs->cx -= exit_info_2;
826 ret = regs->cx ? ES_RETRY : ES_OK;
830 /* IN/OUT into/from rAX */
832 int bits = (exit_info_1 & 0x70) >> 1;
835 if (!(exit_info_1 & IOIO_TYPE_IN))
836 rax = lower_bits(regs->ax, bits);
838 ghcb_set_rax(ghcb, rax);
840 ret = sev_es_ghcb_hv_call(ghcb, true, ctxt,
841 SVM_EXIT_IOIO, exit_info_1, 0);
845 if (exit_info_1 & IOIO_TYPE_IN) {
846 if (!ghcb_rax_is_valid(ghcb))
848 regs->ax = lower_bits(ghcb->save.rax, bits);
855 static int vc_handle_cpuid_snp(struct pt_regs *regs)
857 struct cpuid_leaf leaf;
861 leaf.subfn = regs->cx;
862 ret = snp_cpuid(&leaf);
873 static enum es_result vc_handle_cpuid(struct ghcb *ghcb,
874 struct es_em_ctxt *ctxt)
876 struct pt_regs *regs = ctxt->regs;
877 u32 cr4 = native_read_cr4();
881 snp_cpuid_ret = vc_handle_cpuid_snp(regs);
884 if (snp_cpuid_ret != -EOPNOTSUPP)
887 ghcb_set_rax(ghcb, regs->ax);
888 ghcb_set_rcx(ghcb, regs->cx);
890 if (cr4 & X86_CR4_OSXSAVE)
891 /* Safe to read xcr0 */
892 ghcb_set_xcr0(ghcb, xgetbv(XCR_XFEATURE_ENABLED_MASK));
894 /* xgetbv will cause #GP - use reset value for xcr0 */
895 ghcb_set_xcr0(ghcb, 1);
897 ret = sev_es_ghcb_hv_call(ghcb, true, ctxt, SVM_EXIT_CPUID, 0, 0);
901 if (!(ghcb_rax_is_valid(ghcb) &&
902 ghcb_rbx_is_valid(ghcb) &&
903 ghcb_rcx_is_valid(ghcb) &&
904 ghcb_rdx_is_valid(ghcb)))
907 regs->ax = ghcb->save.rax;
908 regs->bx = ghcb->save.rbx;
909 regs->cx = ghcb->save.rcx;
910 regs->dx = ghcb->save.rdx;
915 static enum es_result vc_handle_rdtsc(struct ghcb *ghcb,
916 struct es_em_ctxt *ctxt,
917 unsigned long exit_code)
919 bool rdtscp = (exit_code == SVM_EXIT_RDTSCP);
922 ret = sev_es_ghcb_hv_call(ghcb, true, ctxt, exit_code, 0, 0);
926 if (!(ghcb_rax_is_valid(ghcb) && ghcb_rdx_is_valid(ghcb) &&
927 (!rdtscp || ghcb_rcx_is_valid(ghcb))))
930 ctxt->regs->ax = ghcb->save.rax;
931 ctxt->regs->dx = ghcb->save.rdx;
933 ctxt->regs->cx = ghcb->save.rcx;
938 struct cc_setup_data {
939 struct setup_data header;
944 * Search for a Confidential Computing blob passed in as a setup_data entry
945 * via the Linux Boot Protocol.
947 static struct cc_blob_sev_info *find_cc_blob_setup_data(struct boot_params *bp)
949 struct cc_setup_data *sd = NULL;
950 struct setup_data *hdr;
952 hdr = (struct setup_data *)bp->hdr.setup_data;
955 if (hdr->type == SETUP_CC_BLOB) {
956 sd = (struct cc_setup_data *)hdr;
957 return (struct cc_blob_sev_info *)(unsigned long)sd->cc_blob_address;
959 hdr = (struct setup_data *)hdr->next;
966 * Initialize the kernel's copy of the SNP CPUID table, and set up the
967 * pointer that will be used to access it.
969 * Maintaining a direct mapping of the SNP CPUID table used by firmware would
970 * be possible as an alternative, but the approach is brittle since the
971 * mapping needs to be updated in sync with all the changes to virtual memory
972 * layout and related mapping facilities throughout the boot process.
974 static void __init setup_cpuid_table(const struct cc_blob_sev_info *cc_info)
976 const struct snp_cpuid_table *cpuid_table_fw, *cpuid_table;
979 if (!cc_info || !cc_info->cpuid_phys || cc_info->cpuid_len < PAGE_SIZE)
980 sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_CPUID);
982 cpuid_table_fw = (const struct snp_cpuid_table *)cc_info->cpuid_phys;
983 if (!cpuid_table_fw->count || cpuid_table_fw->count > SNP_CPUID_COUNT_MAX)
984 sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_CPUID);
986 cpuid_table = snp_cpuid_get_table();
987 memcpy((void *)cpuid_table, cpuid_table_fw, sizeof(*cpuid_table));
989 /* Initialize CPUID ranges for range-checking. */
990 for (i = 0; i < cpuid_table->count; i++) {
991 const struct snp_cpuid_fn *fn = &cpuid_table->fn[i];
993 if (fn->eax_in == 0x0)
994 cpuid_std_range_max = fn->eax;
995 else if (fn->eax_in == 0x40000000)
996 cpuid_hyp_range_max = fn->eax;
997 else if (fn->eax_in == 0x80000000)
998 cpuid_ext_range_max = fn->eax;
projects / platform / kernel / linux-starfive.git / blob