1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * AMD Encrypted Register State Support 4 * 5 * Author: Joerg Roedel <jroedel@suse.de> 6 */ 7 8 /* 9 * misc.h needs to be first because it knows how to include the other kernel 10 * headers in the pre-decompression code in a way that does not break 11 * compilation. 12 */ 13 #include "misc.h" 14 15 #include <asm/pgtable_types.h> 16 #include <asm/sev.h> 17 #include <asm/trapnr.h> 18 #include <asm/trap_pf.h> 19 #include <asm/msr-index.h> 20 #include <asm/fpu/xcr.h> 21 #include <asm/ptrace.h> 22 #include <asm/svm.h> 23 #include <asm/cpuid.h> 24 25 #include "error.h" 26 #include "../msr.h" 27 28 struct ghcb boot_ghcb_page __aligned(PAGE_SIZE); 29 struct ghcb *boot_ghcb; 30 31 /* 32 * Copy a version of this function here - insn-eval.c can't be used in 33 * pre-decompression code. 34 */ 35 static bool insn_has_rep_prefix(struct insn *insn) 36 { 37 insn_byte_t p; 38 int i; 39 40 insn_get_prefixes(insn); 41 42 for_each_insn_prefix(insn, i, p) { 43 if (p == 0xf2 || p == 0xf3) 44 return true; 45 } 46 47 return false; 48 } 49 50 /* 51 * Only a dummy for insn_get_seg_base() - Early boot-code is 64bit only and 52 * doesn't use segments. 53 */ 54 static unsigned long insn_get_seg_base(struct pt_regs *regs, int seg_reg_idx) 55 { 56 return 0UL; 57 } 58 59 static inline u64 sev_es_rd_ghcb_msr(void) 60 { 61 struct msr m; 62 63 boot_rdmsr(MSR_AMD64_SEV_ES_GHCB, &m); 64 65 return m.q; 66 } 67 68 static inline void sev_es_wr_ghcb_msr(u64 val) 69 { 70 struct msr m; 71 72 m.q = val; 73 boot_wrmsr(MSR_AMD64_SEV_ES_GHCB, &m); 74 } 75 76 static enum es_result vc_decode_insn(struct es_em_ctxt *ctxt) 77 { 78 char buffer[MAX_INSN_SIZE]; 79 int ret; 80 81 memcpy(buffer, (unsigned char *)ctxt->regs->ip, MAX_INSN_SIZE); 82 83 ret = insn_decode(&ctxt->insn, buffer, MAX_INSN_SIZE, INSN_MODE_64); 84 if (ret < 0) 85 return ES_DECODE_FAILED; 86 87 return ES_OK; 88 } 89 90 static enum es_result vc_write_mem(struct es_em_ctxt *ctxt, 91 void *dst, char *buf, size_t size) 92 { 93 memcpy(dst, buf, size); 94 95 return ES_OK; 96 } 97 98 static enum es_result vc_read_mem(struct es_em_ctxt *ctxt, 99 void *src, char *buf, size_t size) 100 { 101 memcpy(buf, src, size); 102 103 return ES_OK; 104 } 105 106 #undef __init 107 #define __init 108 109 #define __BOOT_COMPRESSED 110 111 /* Basic instruction decoding support needed */ 112 #include "../../lib/inat.c" 113 #include "../../lib/insn.c" 114 115 /* Include code for early handlers */ 116 #include "../../kernel/sev-shared.c" 117 118 static inline bool sev_snp_enabled(void) 119 { 120 return sev_status & MSR_AMD64_SEV_SNP_ENABLED; 121 } 122 123 static void __page_state_change(unsigned long paddr, enum psc_op op) 124 { 125 u64 val; 126 127 if (!sev_snp_enabled()) 128 return; 129 130 /* 131 * If private -> shared then invalidate the page before requesting the 132 * state change in the RMP table. 133 */ 134 if (op == SNP_PAGE_STATE_SHARED && pvalidate(paddr, RMP_PG_SIZE_4K, 0)) 135 sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PVALIDATE); 136 137 /* Issue VMGEXIT to change the page state in RMP table. */ 138 sev_es_wr_ghcb_msr(GHCB_MSR_PSC_REQ_GFN(paddr >> PAGE_SHIFT, op)); 139 VMGEXIT(); 140 141 /* Read the response of the VMGEXIT. */ 142 val = sev_es_rd_ghcb_msr(); 143 if ((GHCB_RESP_CODE(val) != GHCB_MSR_PSC_RESP) || GHCB_MSR_PSC_RESP_VAL(val)) 144 sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PSC); 145 146 /* 147 * Now that page state is changed in the RMP table, validate it so that it is 148 * consistent with the RMP entry. 149 */ 150 if (op == SNP_PAGE_STATE_PRIVATE && pvalidate(paddr, RMP_PG_SIZE_4K, 1)) 151 sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_PVALIDATE); 152 } 153 154 void snp_set_page_private(unsigned long paddr) 155 { 156 __page_state_change(paddr, SNP_PAGE_STATE_PRIVATE); 157 } 158 159 void snp_set_page_shared(unsigned long paddr) 160 { 161 __page_state_change(paddr, SNP_PAGE_STATE_SHARED); 162 } 163 164 static bool early_setup_ghcb(void) 165 { 166 if (set_page_decrypted((unsigned long)&boot_ghcb_page)) 167 return false; 168 169 /* Page is now mapped decrypted, clear it */ 170 memset(&boot_ghcb_page, 0, sizeof(boot_ghcb_page)); 171 172 boot_ghcb = &boot_ghcb_page; 173 174 /* Initialize lookup tables for the instruction decoder */ 175 inat_init_tables(); 176 177 /* SNP guest requires the GHCB GPA must be registered */ 178 if (sev_snp_enabled()) 179 snp_register_ghcb_early(__pa(&boot_ghcb_page)); 180 181 return true; 182 } 183 184 void sev_es_shutdown_ghcb(void) 185 { 186 if (!boot_ghcb) 187 return; 188 189 if (!sev_es_check_cpu_features()) 190 error("SEV-ES CPU Features missing."); 191 192 /* 193 * GHCB Page must be flushed from the cache and mapped encrypted again. 194 * Otherwise the running kernel will see strange cache effects when 195 * trying to use that page. 196 */ 197 if (set_page_encrypted((unsigned long)&boot_ghcb_page)) 198 error("Can't map GHCB page encrypted"); 199 200 /* 201 * GHCB page is mapped encrypted again and flushed from the cache. 202 * Mark it non-present now to catch bugs when #VC exceptions trigger 203 * after this point. 204 */ 205 if (set_page_non_present((unsigned long)&boot_ghcb_page)) 206 error("Can't unmap GHCB page"); 207 } 208 209 static void __noreturn sev_es_ghcb_terminate(struct ghcb *ghcb, unsigned int set, 210 unsigned int reason, u64 exit_info_2) 211 { 212 u64 exit_info_1 = SVM_VMGEXIT_TERM_REASON(set, reason); 213 214 vc_ghcb_invalidate(ghcb); 215 ghcb_set_sw_exit_code(ghcb, SVM_VMGEXIT_TERM_REQUEST); 216 ghcb_set_sw_exit_info_1(ghcb, exit_info_1); 217 ghcb_set_sw_exit_info_2(ghcb, exit_info_2); 218 219 sev_es_wr_ghcb_msr(__pa(ghcb)); 220 VMGEXIT(); 221 222 while (true) 223 asm volatile("hlt\n" : : : "memory"); 224 } 225 226 bool sev_es_check_ghcb_fault(unsigned long address) 227 { 228 /* Check whether the fault was on the GHCB page */ 229 return ((address & PAGE_MASK) == (unsigned long)&boot_ghcb_page); 230 } 231 232 void do_boot_stage2_vc(struct pt_regs *regs, unsigned long exit_code) 233 { 234 struct es_em_ctxt ctxt; 235 enum es_result result; 236 237 if (!boot_ghcb && !early_setup_ghcb()) 238 sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SEV_ES_GEN_REQ); 239 240 vc_ghcb_invalidate(boot_ghcb); 241 result = vc_init_em_ctxt(&ctxt, regs, exit_code); 242 if (result != ES_OK) 243 goto finish; 244 245 switch (exit_code) { 246 case SVM_EXIT_RDTSC: 247 case SVM_EXIT_RDTSCP: 248 result = vc_handle_rdtsc(boot_ghcb, &ctxt, exit_code); 249 break; 250 case SVM_EXIT_IOIO: 251 result = vc_handle_ioio(boot_ghcb, &ctxt); 252 break; 253 case SVM_EXIT_CPUID: 254 result = vc_handle_cpuid(boot_ghcb, &ctxt); 255 break; 256 default: 257 result = ES_UNSUPPORTED; 258 break; 259 } 260 261 finish: 262 if (result == ES_OK) 263 vc_finish_insn(&ctxt); 264 else if (result != ES_RETRY) 265 sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SEV_ES_GEN_REQ); 266 } 267 268 static void enforce_vmpl0(void) 269 { 270 u64 attrs; 271 int err; 272 273 /* 274 * RMPADJUST modifies RMP permissions of a lesser-privileged (numerically 275 * higher) privilege level. Here, clear the VMPL1 permission mask of the 276 * GHCB page. If the guest is not running at VMPL0, this will fail. 277 * 278 * If the guest is running at VMPL0, it will succeed. Even if that operation 279 * modifies permission bits, it is still ok to do so currently because Linux 280 * SNP guests are supported only on VMPL0 so VMPL1 or higher permission masks 281 * changing is a don't-care. 282 */ 283 attrs = 1; 284 if (rmpadjust((unsigned long)&boot_ghcb_page, RMP_PG_SIZE_4K, attrs)) 285 sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_NOT_VMPL0); 286 } 287 288 /* 289 * SNP_FEATURES_IMPL_REQ is the mask of SNP features that will need 290 * guest side implementation for proper functioning of the guest. If any 291 * of these features are enabled in the hypervisor but are lacking guest 292 * side implementation, the behavior of the guest will be undefined. The 293 * guest could fail in non-obvious way making it difficult to debug. 294 * 295 * As the behavior of reserved feature bits is unknown to be on the 296 * safe side add them to the required features mask. 297 */ 298 #define SNP_FEATURES_IMPL_REQ (MSR_AMD64_SNP_VTOM | \ 299 MSR_AMD64_SNP_REFLECT_VC | \ 300 MSR_AMD64_SNP_RESTRICTED_INJ | \ 301 MSR_AMD64_SNP_ALT_INJ | \ 302 MSR_AMD64_SNP_DEBUG_SWAP | \ 303 MSR_AMD64_SNP_VMPL_SSS | \ 304 MSR_AMD64_SNP_SECURE_TSC | \ 305 MSR_AMD64_SNP_VMGEXIT_PARAM | \ 306 MSR_AMD64_SNP_VMSA_REG_PROTECTION | \ 307 MSR_AMD64_SNP_RESERVED_BIT13 | \ 308 MSR_AMD64_SNP_RESERVED_BIT15 | \ 309 MSR_AMD64_SNP_RESERVED_MASK) 310 311 /* 312 * SNP_FEATURES_PRESENT is the mask of SNP features that are implemented 313 * by the guest kernel. As and when a new feature is implemented in the 314 * guest kernel, a corresponding bit should be added to the mask. 315 */ 316 #define SNP_FEATURES_PRESENT (0) 317 318 void snp_check_features(void) 319 { 320 u64 unsupported; 321 322 if (!(sev_status & MSR_AMD64_SEV_SNP_ENABLED)) 323 return; 324 325 /* 326 * Terminate the boot if hypervisor has enabled any feature lacking 327 * guest side implementation. Pass on the unsupported features mask through 328 * EXIT_INFO_2 of the GHCB protocol so that those features can be reported 329 * as part of the guest boot failure. 330 */ 331 unsupported = sev_status & SNP_FEATURES_IMPL_REQ & ~SNP_FEATURES_PRESENT; 332 if (unsupported) { 333 if (ghcb_version < 2 || (!boot_ghcb && !early_setup_ghcb())) 334 sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); 335 336 sev_es_ghcb_terminate(boot_ghcb, SEV_TERM_SET_GEN, 337 GHCB_SNP_UNSUPPORTED, unsupported); 338 } 339 } 340 341 void sev_enable(struct boot_params *bp) 342 { 343 unsigned int eax, ebx, ecx, edx; 344 struct msr m; 345 bool snp; 346 347 /* 348 * bp->cc_blob_address should only be set by boot/compressed kernel. 349 * Initialize it to 0 to ensure that uninitialized values from 350 * buggy bootloaders aren't propagated. 351 */ 352 if (bp) 353 bp->cc_blob_address = 0; 354 355 /* 356 * Setup/preliminary detection of SNP. This will be sanity-checked 357 * against CPUID/MSR values later. 358 */ 359 snp = snp_init(bp); 360 361 /* Check for the SME/SEV support leaf */ 362 eax = 0x80000000; 363 ecx = 0; 364 native_cpuid(&eax, &ebx, &ecx, &edx); 365 if (eax < 0x8000001f) 366 return; 367 368 /* 369 * Check for the SME/SEV feature: 370 * CPUID Fn8000_001F[EAX] 371 * - Bit 0 - Secure Memory Encryption support 372 * - Bit 1 - Secure Encrypted Virtualization support 373 * CPUID Fn8000_001F[EBX] 374 * - Bits 5:0 - Pagetable bit position used to indicate encryption 375 */ 376 eax = 0x8000001f; 377 ecx = 0; 378 native_cpuid(&eax, &ebx, &ecx, &edx); 379 /* Check whether SEV is supported */ 380 if (!(eax & BIT(1))) { 381 if (snp) 382 error("SEV-SNP support indicated by CC blob, but not CPUID."); 383 return; 384 } 385 386 /* Set the SME mask if this is an SEV guest. */ 387 boot_rdmsr(MSR_AMD64_SEV, &m); 388 sev_status = m.q; 389 if (!(sev_status & MSR_AMD64_SEV_ENABLED)) 390 return; 391 392 /* Negotiate the GHCB protocol version. */ 393 if (sev_status & MSR_AMD64_SEV_ES_ENABLED) { 394 if (!sev_es_negotiate_protocol()) 395 sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SEV_ES_PROT_UNSUPPORTED); 396 } 397 398 /* 399 * SNP is supported in v2 of the GHCB spec which mandates support for HV 400 * features. 401 */ 402 if (sev_status & MSR_AMD64_SEV_SNP_ENABLED) { 403 if (!(get_hv_features() & GHCB_HV_FT_SNP)) 404 sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); 405 406 enforce_vmpl0(); 407 } 408 409 if (snp && !(sev_status & MSR_AMD64_SEV_SNP_ENABLED)) 410 error("SEV-SNP supported indicated by CC blob, but not SEV status MSR."); 411 412 sme_me_mask = BIT_ULL(ebx & 0x3f); 413 } 414 415 /* Search for Confidential Computing blob in the EFI config table. */ 416 static struct cc_blob_sev_info *find_cc_blob_efi(struct boot_params *bp) 417 { 418 unsigned long cfg_table_pa; 419 unsigned int cfg_table_len; 420 int ret; 421 422 ret = efi_get_conf_table(bp, &cfg_table_pa, &cfg_table_len); 423 if (ret) 424 return NULL; 425 426 return (struct cc_blob_sev_info *)efi_find_vendor_table(bp, cfg_table_pa, 427 cfg_table_len, 428 EFI_CC_BLOB_GUID); 429 } 430 431 /* 432 * Initial set up of SNP relies on information provided by the 433 * Confidential Computing blob, which can be passed to the boot kernel 434 * by firmware/bootloader in the following ways: 435 * 436 * - via an entry in the EFI config table 437 * - via a setup_data structure, as defined by the Linux Boot Protocol 438 * 439 * Scan for the blob in that order. 440 */ 441 static struct cc_blob_sev_info *find_cc_blob(struct boot_params *bp) 442 { 443 struct cc_blob_sev_info *cc_info; 444 445 cc_info = find_cc_blob_efi(bp); 446 if (cc_info) 447 goto found_cc_info; 448 449 cc_info = find_cc_blob_setup_data(bp); 450 if (!cc_info) 451 return NULL; 452 453 found_cc_info: 454 if (cc_info->magic != CC_BLOB_SEV_HDR_MAGIC) 455 sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); 456 457 return cc_info; 458 } 459 460 /* 461 * Indicate SNP based on presence of SNP-specific CC blob. Subsequent checks 462 * will verify the SNP CPUID/MSR bits. 463 */ 464 bool snp_init(struct boot_params *bp) 465 { 466 struct cc_blob_sev_info *cc_info; 467 468 if (!bp) 469 return false; 470 471 cc_info = find_cc_blob(bp); 472 if (!cc_info) 473 return false; 474 475 /* 476 * If a SNP-specific Confidential Computing blob is present, then 477 * firmware/bootloader have indicated SNP support. Verifying this 478 * involves CPUID checks which will be more reliable if the SNP 479 * CPUID table is used. See comments over snp_setup_cpuid_table() for 480 * more details. 481 */ 482 setup_cpuid_table(cc_info); 483 484 /* 485 * Pass run-time kernel a pointer to CC info via boot_params so EFI 486 * config table doesn't need to be searched again during early startup 487 * phase. 488 */ 489 bp->cc_blob_address = (u32)(unsigned long)cc_info; 490 491 return true; 492 } 493 494 void sev_prep_identity_maps(unsigned long top_level_pgt) 495 { 496 /* 497 * The Confidential Computing blob is used very early in uncompressed 498 * kernel to find the in-memory CPUID table to handle CPUID 499 * instructions. Make sure an identity-mapping exists so it can be 500 * accessed after switchover. 501 */ 502 if (sev_snp_enabled()) { 503 unsigned long cc_info_pa = boot_params->cc_blob_address; 504 struct cc_blob_sev_info *cc_info; 505 506 kernel_add_identity_map(cc_info_pa, cc_info_pa + sizeof(*cc_info)); 507 508 cc_info = (struct cc_blob_sev_info *)cc_info_pa; 509 kernel_add_identity_map(cc_info->cpuid_phys, cc_info->cpuid_phys + cc_info->cpuid_len); 510 } 511 512 sev_verify_cbit(top_level_pgt); 513 } 514