x86/sev: Move GHCB page based HV communication out of startup code

// SPDX-License-Identifier: GPL-2.0

#include "misc.h"

#include "error.h"

#include "sev.h"

#include <linux/kernel.h>

#include <asm/fpu/xcr.h>

#define __BOOT_COMPRESSED

#undef __init

#define __init

/* Basic instruction decoding support needed */

#include "../../lib/inat.c"

	if (!(eax & BIT(1)))

		return -ENODEV;

	sev_snp_needs_sfw = !(ebx & BIT(31));

	return ebx & 0x3f;

}

			cpuid(0x80000001, &ignored, &ignored, &cpu.flags[6],

			      &cpu.flags[1]);

		}

		if (max_amd_level >= 0x8000001f) {

			u32 ebx;

			/*

			 * The X86_FEATURE_COHERENCY_SFW_NO feature bit is in

			 * the virtualization flags entry (word 8) and set by

			 * scattered.c, so the bit needs to be explicitly set.

			 */

			cpuid(0x8000001f, &ignored, &ebx, &ignored, &ignored);

			if (ebx & BIT(31))

				set_bit(X86_FEATURE_COHERENCY_SFW_NO, cpu.flags);

		}

	}

}

#ifndef __BOOT_COMPRESSED

#define error(v)			pr_err(v)

#define has_cpuflag(f)			boot_cpu_has(f)

#else

#undef WARN

#define WARN(condition, format...) (!!(condition))

#undef vc_forward_exception

#define vc_forward_exception(c)		panic("SNP: Hypervisor requested exception\n")

#endif

/*

 *

 * GHCB protocol version negotiated with the hypervisor.

 */

static u16 ghcb_version __ro_after_init;

u16 ghcb_version __ro_after_init;

/* Copy of the SNP firmware's CPUID page. */

static struct snp_cpuid_table cpuid_table_copy __ro_after_init;

static u32 cpuid_hyp_range_max __ro_after_init;

static u32 cpuid_ext_range_max __ro_after_init;

bool __init sev_es_check_cpu_features(void)

{

	if (!has_cpuflag(X86_FEATURE_RDRAND)) {

		error("RDRAND instruction not supported - no trusted source of randomness available\n");

		return false;

	}

	return true;

}

bool sev_snp_needs_sfw;

void __head __noreturn

sev_es_terminate(unsigned int set, unsigned int reason)

	return GHCB_MSR_HV_FT_RESP_VAL(val);

}

void snp_register_ghcb_early(unsigned long paddr)

{

	unsigned long pfn = paddr >> PAGE_SHIFT;

	u64 val;

	sev_es_wr_ghcb_msr(GHCB_MSR_REG_GPA_REQ_VAL(pfn));

	VMGEXIT();

	val = sev_es_rd_ghcb_msr();

	/* If the response GPA is not ours then abort the guest */

	if ((GHCB_RESP_CODE(val) != GHCB_MSR_REG_GPA_RESP) ||

	    (GHCB_MSR_REG_GPA_RESP_VAL(val) != pfn))

		sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_REGISTER);

}

bool sev_es_negotiate_protocol(void)

{

	u64 val;

	/* Do the GHCB protocol version negotiation */

	sev_es_wr_ghcb_msr(GHCB_MSR_SEV_INFO_REQ);

	VMGEXIT();

	val = sev_es_rd_ghcb_msr();

	if (GHCB_MSR_INFO(val) != GHCB_MSR_SEV_INFO_RESP)

		return false;

	if (GHCB_MSR_PROTO_MAX(val) < GHCB_PROTOCOL_MIN ||

	    GHCB_MSR_PROTO_MIN(val) > GHCB_PROTOCOL_MAX)

		return false;

	ghcb_version = min_t(size_t, GHCB_MSR_PROTO_MAX(val), GHCB_PROTOCOL_MAX);

	return true;

}

static enum es_result verify_exception_info(struct ghcb *ghcb, struct es_em_ctxt *ctxt)

{

	u32 ret;

	ret = ghcb->save.sw_exit_info_1 & GENMASK_ULL(31, 0);

	if (!ret)

		return ES_OK;

	if (ret == 1) {

		u64 info = ghcb->save.sw_exit_info_2;

		unsigned long v = info & SVM_EVTINJ_VEC_MASK;

		/* Check if exception information from hypervisor is sane. */

		if ((info & SVM_EVTINJ_VALID) &&

		    ((v == X86_TRAP_GP) || (v == X86_TRAP_UD)) &&

		    ((info & SVM_EVTINJ_TYPE_MASK) == SVM_EVTINJ_TYPE_EXEPT)) {

			ctxt->fi.vector = v;

			if (info & SVM_EVTINJ_VALID_ERR)

				ctxt->fi.error_code = info >> 32;

			return ES_EXCEPTION;

		}

	}

	return ES_VMM_ERROR;

}

static inline int svsm_process_result_codes(struct svsm_call *call)

int svsm_process_result_codes(struct svsm_call *call)

{

	switch (call->rax_out) {

	case SVSM_SUCCESS:

 *     - RAX specifies the SVSM protocol/callid as input and the return code

 *       as output.

 */

static __always_inline void svsm_issue_call(struct svsm_call *call, u8 *pending)

void svsm_issue_call(struct svsm_call *call, u8 *pending)

{

	register unsigned long rax asm("rax") = call->rax;

	register unsigned long rcx asm("rcx") = call->rcx;

	call->r9_out  = r9;

}

static int svsm_perform_msr_protocol(struct svsm_call *call)

int svsm_perform_msr_protocol(struct svsm_call *call)

{

	u8 pending = 0;

	u64 val, resp;

	return svsm_process_result_codes(call);

}

static int svsm_perform_ghcb_protocol(struct ghcb *ghcb, struct svsm_call *call)

{

	struct es_em_ctxt ctxt;

	u8 pending = 0;

	vc_ghcb_invalidate(ghcb);

	/*

	 * Fill in protocol and format specifiers. This can be called very early

	 * in the boot, so use rip-relative references as needed.

	 */

	ghcb->protocol_version = ghcb_version;

	ghcb->ghcb_usage       = GHCB_DEFAULT_USAGE;

	ghcb_set_sw_exit_code(ghcb, SVM_VMGEXIT_SNP_RUN_VMPL);

	ghcb_set_sw_exit_info_1(ghcb, 0);

	ghcb_set_sw_exit_info_2(ghcb, 0);

	sev_es_wr_ghcb_msr(__pa(ghcb));

	svsm_issue_call(call, &pending);

	if (pending)

		return -EINVAL;

	switch (verify_exception_info(ghcb, &ctxt)) {

	case ES_OK:

		break;

	case ES_EXCEPTION:

		vc_forward_exception(&ctxt);

		fallthrough;

	default:

		return -EINVAL;

	}

	return svsm_process_result_codes(call);

}

enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb,

				   struct es_em_ctxt *ctxt,

				   u64 exit_code, u64 exit_info_1,

				   u64 exit_info_2)

{

	/* Fill in protocol and format specifiers */

	ghcb->protocol_version = ghcb_version;

	ghcb->ghcb_usage       = GHCB_DEFAULT_USAGE;

	ghcb_set_sw_exit_code(ghcb, exit_code);

	ghcb_set_sw_exit_info_1(ghcb, exit_info_1);

	ghcb_set_sw_exit_info_2(ghcb, exit_info_2);

	sev_es_wr_ghcb_msr(__pa(ghcb));

	VMGEXIT();

	return verify_exception_info(ghcb, ctxt);

}

static int __sev_cpuid_hv(u32 fn, int reg_idx, u32 *reg)

{

	u64 val;

	 * If validating memory (making it private) and affected by the

	 * cache-coherency vulnerability, perform the cache eviction mitigation.

	 */

	if (validate && !has_cpuflag(X86_FEATURE_COHERENCY_SFW_NO))

	if (validate && sev_snp_needs_sfw)

		sev_evict_cache((void *)vaddr, 1);

}

#include <asm/cpuid/api.h>

#include <asm/cmdline.h>

/* For early boot hypervisor communication in SEV-ES enabled guests */

struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE);

/*

 * Needs to be in the .data section because we need it NULL before bss is

 * cleared

 */

struct ghcb *boot_ghcb __section(".data");

/* Bitmap of SEV features supported by the hypervisor */

u64 sev_hv_features __ro_after_init;

	}

}

int svsm_perform_call_protocol(struct svsm_call *call)

{

	struct ghcb_state state;

	unsigned long flags;

	struct ghcb *ghcb;

	int ret;

	/*

	 * This can be called very early in the boot, use native functions in

	 * order to avoid paravirt issues.

	 */

	flags = native_local_irq_save();

	if (sev_cfg.ghcbs_initialized)

		ghcb = __sev_get_ghcb(&state);

	else if (boot_ghcb)

		ghcb = boot_ghcb;

	else

		ghcb = NULL;

	do {

		ret = ghcb ? svsm_perform_ghcb_protocol(ghcb, call)

			   : svsm_perform_msr_protocol(call);

	} while (ret == -EAGAIN);

	if (sev_cfg.ghcbs_initialized)

		__sev_put_ghcb(&state);

	native_local_irq_restore(flags);

	return ret;

}

void __head

early_set_pages_state(unsigned long vaddr, unsigned long paddr,

		      unsigned long npages, enum psc_op op)