| Message ID | 20230612074758.9177-1-vkarasulli@suse.de (mailing list archive) |
|---|---|
| Headers | show |
| Series | Add #VC exception handling for AMD SEV-ES | expand |
Please mention 'kvm-unit-tests' in the patches. Look at contributing section here [1]. [1] https://www.linux-kvm.org/page/KVM-unit-tests Thanks, Pavan On 6/12/2023 2:47 AM, Vasant Karasulli wrote: > For AMD SEV-ES, kvm-unit-tests currently rely on UEFI to set up a > #VC exception handler. This leads to the following problems: > > 1) The test's page table needs to map the firmware and the shared > GHCB used by the firmware. > 2) The firmware needs to keep its #VC handler in the current IDT > so that kvm-unit-tests can copy the #VC entry into its own IDT. > 3) The firmware #VC handler might use state which is not available > anymore after ExitBootServices. > 4) After ExitBootServices, the firmware needs to get the GHCB address > from the GHCB MSR if it needs to use the kvm-unit-test GHCB. This > requires keeping an identity mapping, and the GHCB address must be > in the MSR at all times where a #VC could happen. > > Problems 1) and 2) were temporarily mitigated via commits b114aa57ab > ("x86 AMD SEV-ES: Set up GHCB page") and 706ede1833 ("x86 AMD SEV-ES: > Copy UEFI #VC IDT entry") respectively. > > However, to make kvm-unit-tests reliable against 3) and 4), the tests > must supply their own #VC handler [1][2]. > > This series adds #VC exception processing from Linux into kvm-unit-tests, > and makes it the default way of handling #VC exceptions. > > If --amdsev-efi-vc is passed during ./configure, the tests will continue > using the UEFI #VC handler. > > [1] https://lore.kernel.org/all/Yf0GO8EydyQSdZvu@suse.de/ > [2] https://lore.kernel.org/all/YSA%2FsYhGgMU72tn+@google.com/ > > v4: > - Rebased the patches on top of the current state of the test suite > - Rebased the insn decoder on linux kernel v6.4 > > v3: > - Reduce the diff between insn decoder code imported into kvm-unit-tests > and the original code in Linux; cleanup #VC handling. > > v2: > - Drop #VC processing code for RDTSC/RDTSCP and WBINVD (seanjc). KVM does > not trap RDTSC/RDTSCP, and the tests do not produce a WBINVD exit to be > handled. > - Clarify the rationale for tests needing their own #VC handler (marcorr). > > Vasant Karasulli (11): > x86: AMD SEV-ES: Setup #VC exception handler for AMD SEV-ES > x86: Move svm.h to lib/x86/ > lib: Define unlikely()/likely() macros in libcflat.h > lib: x86: Import insn decoder from Linux > x86: AMD SEV-ES: Pull related GHCB definitions and helpers from Linux > x86: AMD SEV-ES: Prepare for #VC processing > lib/x86: Move xsave helpers to lib/ > x86: AMD SEV-ES: Handle CPUID #VC > x86: AMD SEV-ES: Handle MSR #VC > x86: AMD SEV-ES: Handle IOIO #VC > x86: AMD SEV-ES: Handle string IO for IOIO #VC > > .gitignore | 2 + > Makefile | 3 + > configure | 21 + > lib/libcflat.h | 3 + > lib/x86/amd_sev.c | 13 +- > lib/x86/amd_sev.h | 98 +++ > lib/x86/amd_sev_vc.c | 494 ++++++++++++ > lib/x86/desc.c | 17 + > lib/x86/desc.h | 1 + > lib/x86/insn/README | 23 + > lib/x86/insn/gen-insn-attr-x86.awk | 443 +++++++++++ > lib/x86/insn/inat.c | 86 ++ > lib/x86/insn/inat.h | 233 ++++++ > lib/x86/insn/inat_types.h | 18 + > lib/x86/insn/insn.c | 749 +++++++++++++++++ > lib/x86/insn/insn.h | 279 +++++++ > lib/x86/insn/insn_glue.h | 32 + > lib/x86/insn/x86-opcode-map.txt | 1191 ++++++++++++++++++++++++++++ > lib/x86/msr.h | 1 + > lib/x86/processor.h | 15 + > lib/x86/setup.c | 8 + > {x86 => lib/x86}/svm.h | 40 +- > lib/x86/xsave.c | 40 + > lib/x86/xsave.h | 16 + > x86/Makefile.common | 16 +- > x86/Makefile.x86_64 | 1 + > x86/kvmclock.c | 4 - > x86/svm.c | 2 +- > x86/svm_tests.c | 2 +- > x86/xsave.c | 42 +- > 30 files changed, 3835 insertions(+), 58 deletions(-) > create mode 100644 lib/x86/amd_sev_vc.c > create mode 100644 lib/x86/insn/README > create mode 100644 lib/x86/insn/gen-insn-attr-x86.awk > create mode 100644 lib/x86/insn/inat.c > create mode 100644 lib/x86/insn/inat.h > create mode 100644 lib/x86/insn/inat_types.h > create mode 100644 lib/x86/insn/insn.c > create mode 100644 lib/x86/insn/insn.h > create mode 100644 lib/x86/insn/insn_glue.h > create mode 100644 lib/x86/insn/x86-opcode-map.txt > rename {x86 => lib/x86}/svm.h (94%) > create mode 100644 lib/x86/xsave.c > create mode 100644 lib/x86/xsave.h > > -- > 2.34.1 >
For AMD SEV-ES, kvm-unit-tests currently rely on UEFI to set up a #VC exception handler. This leads to the following problems: 1) The test's page table needs to map the firmware and the shared GHCB used by the firmware. 2) The firmware needs to keep its #VC handler in the current IDT so that kvm-unit-tests can copy the #VC entry into its own IDT. 3) The firmware #VC handler might use state which is not available anymore after ExitBootServices. 4) After ExitBootServices, the firmware needs to get the GHCB address from the GHCB MSR if it needs to use the kvm-unit-test GHCB. This requires keeping an identity mapping, and the GHCB address must be in the MSR at all times where a #VC could happen. Problems 1) and 2) were temporarily mitigated via commits b114aa57ab ("x86 AMD SEV-ES: Set up GHCB page") and 706ede1833 ("x86 AMD SEV-ES: Copy UEFI #VC IDT entry") respectively. However, to make kvm-unit-tests reliable against 3) and 4), the tests must supply their own #VC handler [1][2]. This series adds #VC exception processing from Linux into kvm-unit-tests, and makes it the default way of handling #VC exceptions. If --amdsev-efi-vc is passed during ./configure, the tests will continue using the UEFI #VC handler. [1] https://lore.kernel.org/all/Yf0GO8EydyQSdZvu@suse.de/ [2] https://lore.kernel.org/all/YSA%2FsYhGgMU72tn+@google.com/ v4: - Rebased the patches on top of the current state of the test suite - Rebased the insn decoder on linux kernel v6.4 v3: - Reduce the diff between insn decoder code imported into kvm-unit-tests and the original code in Linux; cleanup #VC handling. v2: - Drop #VC processing code for RDTSC/RDTSCP and WBINVD (seanjc). KVM does not trap RDTSC/RDTSCP, and the tests do not produce a WBINVD exit to be handled. - Clarify the rationale for tests needing their own #VC handler (marcorr). Vasant Karasulli (11): x86: AMD SEV-ES: Setup #VC exception handler for AMD SEV-ES x86: Move svm.h to lib/x86/ lib: Define unlikely()/likely() macros in libcflat.h lib: x86: Import insn decoder from Linux x86: AMD SEV-ES: Pull related GHCB definitions and helpers from Linux x86: AMD SEV-ES: Prepare for #VC processing lib/x86: Move xsave helpers to lib/ x86: AMD SEV-ES: Handle CPUID #VC x86: AMD SEV-ES: Handle MSR #VC x86: AMD SEV-ES: Handle IOIO #VC x86: AMD SEV-ES: Handle string IO for IOIO #VC .gitignore | 2 + Makefile | 3 + configure | 21 + lib/libcflat.h | 3 + lib/x86/amd_sev.c | 13 +- lib/x86/amd_sev.h | 98 +++ lib/x86/amd_sev_vc.c | 494 ++++++++++++ lib/x86/desc.c | 17 + lib/x86/desc.h | 1 + lib/x86/insn/README | 23 + lib/x86/insn/gen-insn-attr-x86.awk | 443 +++++++++++ lib/x86/insn/inat.c | 86 ++ lib/x86/insn/inat.h | 233 ++++++ lib/x86/insn/inat_types.h | 18 + lib/x86/insn/insn.c | 749 +++++++++++++++++ lib/x86/insn/insn.h | 279 +++++++ lib/x86/insn/insn_glue.h | 32 + lib/x86/insn/x86-opcode-map.txt | 1191 ++++++++++++++++++++++++++++ lib/x86/msr.h | 1 + lib/x86/processor.h | 15 + lib/x86/setup.c | 8 + {x86 => lib/x86}/svm.h | 40 +- lib/x86/xsave.c | 40 + lib/x86/xsave.h | 16 + x86/Makefile.common | 16 +- x86/Makefile.x86_64 | 1 + x86/kvmclock.c | 4 - x86/svm.c | 2 +- x86/svm_tests.c | 2 +- x86/xsave.c | 42 +- 30 files changed, 3835 insertions(+), 58 deletions(-) create mode 100644 lib/x86/amd_sev_vc.c create mode 100644 lib/x86/insn/README create mode 100644 lib/x86/insn/gen-insn-attr-x86.awk create mode 100644 lib/x86/insn/inat.c create mode 100644 lib/x86/insn/inat.h create mode 100644 lib/x86/insn/inat_types.h create mode 100644 lib/x86/insn/insn.c create mode 100644 lib/x86/insn/insn.h create mode 100644 lib/x86/insn/insn_glue.h create mode 100644 lib/x86/insn/x86-opcode-map.txt rename {x86 => lib/x86}/svm.h (94%) create mode 100644 lib/x86/xsave.c create mode 100644 lib/x86/xsave.h -- 2.34.1