| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YbDuWl+zgtKrFi7D@zn.tnic>
Date: Wed, 8 Dec 2021 18:41:46 +0100
From: Borislav Petkov <bp@...en8.de>
To: Brijesh Singh <brijesh.singh@....com>
Cc: x86@...nel.org, linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
linux-efi@...r.kernel.org, platform-driver-x86@...r.kernel.org,
linux-coco@...ts.linux.dev, linux-mm@...ck.org,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Joerg Roedel <jroedel@...e.de>,
Tom Lendacky <thomas.lendacky@....com>,
"H. Peter Anvin" <hpa@...or.com>, Ard Biesheuvel <ardb@...nel.org>,
Paolo Bonzini <pbonzini@...hat.com>,
Sean Christopherson <seanjc@...gle.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Jim Mattson <jmattson@...gle.com>,
Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Sergio Lopez <slp@...hat.com>, Peter Gonda <pgonda@...gle.com>,
Peter Zijlstra <peterz@...radead.org>,
Srinivas Pandruvada <srinivas.pandruvada@...ux.intel.com>,
David Rientjes <rientjes@...gle.com>,
Dov Murik <dovmurik@...ux.ibm.com>,
Tobin Feldman-Fitzthum <tobin@....com>,
Michael Roth <michael.roth@....com>,
Vlastimil Babka <vbabka@...e.cz>,
"Kirill A . Shutemov" <kirill@...temov.name>,
Andi Kleen <ak@...ux.intel.com>,
"Dr . David Alan Gilbert" <dgilbert@...hat.com>,
tony.luck@...el.com, marcorr@...gle.com,
sathyanarayanan.kuppuswamy@...ux.intel.com
Subject: Re: [PATCH v7 16/45] x86/sev: Register GHCB memory when SEV-SNP is
active
On Wed, Nov 10, 2021 at 04:07:02PM -0600, Brijesh Singh wrote:
> The SEV-SNP guest is required to perform GHCB GPA registration. This is
> because the hypervisor may prefer that a guest use a consistent and/or
> specific GPA for the GHCB associated with a vCPU. For more information,
> see the GHCB specification section GHCB GPA Registration.
>
> During the boot, init_ghcb() allocates a per-cpu GHCB page. On very first
> VC exception,
That is not true anymore - you're doing proper init at init time - no
more #VC hackery.
> @@ -1977,6 +1978,10 @@ void cpu_init_exception_handling(void)
>
> load_TR_desc();
>
> + /* Register the GHCB before taking any VC exception */
> + if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT))
No need for that if branch - sev_snp_register_ghcb() already has an
empty stub for the !CONFIG_AMD_MEM_ENCRYPT case so you can simply call
it unconditionally.
> + sev_snp_register_ghcb();
> +
> /* Finally load the IDT */
> load_current_idt();
> }
> diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
> index 54bf0603002f..968105cec364 100644
> --- a/arch/x86/kernel/head64.c
> +++ b/arch/x86/kernel/head64.c
> @@ -588,6 +588,9 @@ void early_setup_idt(void)
>
> bringup_idt_descr.address = (unsigned long)bringup_idt_table;
> native_load_idt(&bringup_idt_descr);
> +
> + if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT))
> + sev_snp_register_ghcb();
Ditto.
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists