Merge branch 'native' of https://github.com/msft-jlange/svsm

Author: joergroedel

kernel/src/cpu/control_regs.rs

@@ -6,6 +6,7 @@
 
 use super::features::cpu_has_pge;
 use crate::address::{Address, PhysAddr};
+use crate::platform::SvsmPlatform;
 use bitflags::bitflags;
 use core::arch::asm;
 
@@ -19,15 +20,15 @@ pub fn cr0_init() {
     write_cr0(cr0);
 }
 
-pub fn cr4_init() {
+pub fn cr4_init(platform: &dyn SvsmPlatform) {
     let mut cr4 = read_cr4();
 
     cr4.insert(CR4Flags::PSE); // Enable Page Size Extensions
 
     // All processors that are capable of virtualization will support global
     // page table entries, so there is no reason to support any processor that
     // does not enumerate PGE capability.
-    assert!(cpu_has_pge(), "CPU does not support PGE");
+    assert!(cpu_has_pge(platform), "CPU does not support PGE");
 
     cr4.insert(CR4Flags::PGE); // Enable Global Pages
     write_cr4(cr4);

kernel/src/cpu/efer.rs

@@ -6,6 +6,7 @@
 
 use super::features::cpu_has_nx;
 use super::msr::{read_msr, write_msr, EFER};
+use crate::platform::SvsmPlatform;
 use bitflags::bitflags;
 
 bitflags! {
@@ -33,13 +34,13 @@ pub fn write_efer(efer: EFERFlags) {
     write_msr(EFER, val);
 }
 
-pub fn efer_init() {
+pub fn efer_init(platform: &dyn SvsmPlatform) {
     let mut efer = read_efer();
 
     // All processors that are capable of virtualization will support
     // no-execute table entries, so there is no reason to support any processor
     // that does not enumerate NX capability.
-    assert!(cpu_has_nx(), "CPU does not support NX");
+    assert!(cpu_has_nx(platform), "CPU does not support NX");
 
     efer.insert(EFERFlags::NXE);
     write_efer(efer);

kernel/src/cpu/features.rs

@@ -4,22 +4,22 @@
 //
 // Author: Joerg Roedel <[email protected]>
 
-use super::cpuid::cpuid_table;
+use crate::platform::SvsmPlatform;
 
 const X86_FEATURE_NX: u32 = 20;
 const X86_FEATURE_PGE: u32 = 13;
 
-pub fn cpu_has_nx() -> bool {
-    let ret = cpuid_table(0x80000001);
+pub fn cpu_has_nx(platform: &dyn SvsmPlatform) -> bool {
+    let ret = platform.cpuid(0x80000001);
 
     match ret {
         None => false,
         Some(c) => (c.edx >> X86_FEATURE_NX) & 1 == 1,
     }
 }
 
-pub fn cpu_has_pge() -> bool {
-    let ret = cpuid_table(0x00000001);
+pub fn cpu_has_pge(platform: &dyn SvsmPlatform) -> bool {
+    let ret = platform.cpuid(0x00000001);
 
     match ret {
         None => false,

kernel/src/cpu/smp.rs

@@ -5,33 +5,30 @@
 // Author: Joerg Roedel <[email protected]>
 
 use crate::acpi::tables::ACPICPUInfo;
-use crate::cpu::percpu::{current_ghcb, this_cpu, this_cpu_shared, PerCpu};
+use crate::cpu::percpu::{this_cpu, this_cpu_shared, PerCpu};
 use crate::error::SvsmError;
 use crate::platform::SvsmPlatform;
 use crate::platform::SVSM_PLATFORM;
 use crate::requests::{request_loop, request_processing_main};
 use crate::task::{create_kernel_task, schedule_init};
 use crate::utils::immut_after_init::immut_after_init_set_multithreaded;
 
-fn start_cpu(platform: &dyn SvsmPlatform, apic_id: u32, vtom: u64) -> Result<(), SvsmError> {
+fn start_cpu(platform: &dyn SvsmPlatform, apic_id: u32) -> Result<(), SvsmError> {
     let start_rip: u64 = (start_ap as *const u8) as u64;
     let percpu = PerCpu::alloc(apic_id)?;
+    platform.start_cpu(percpu, start_rip)?;
 
-    percpu.setup(platform)?;
-    let (vmsa_pa, sev_features) = percpu.alloc_svsm_vmsa(vtom, start_rip)?;
     let percpu_shared = percpu.shared();
-
-    current_ghcb().ap_create(vmsa_pa, apic_id.into(), 0, sev_features)?;
     while !percpu_shared.is_online() {}
     Ok(())
 }
 
-pub fn start_secondary_cpus(platform: &dyn SvsmPlatform, cpus: &[ACPICPUInfo], vtom: u64) {
+pub fn start_secondary_cpus(platform: &dyn SvsmPlatform, cpus: &[ACPICPUInfo]) {
     immut_after_init_set_multithreaded();
     let mut count: usize = 0;
     for c in cpus.iter().filter(|c| c.apic_id != 0 && c.enabled) {
         log::info!("Launching AP with APIC-ID {}", c.apic_id);
-        start_cpu(platform, c.apic_id, vtom).expect("Failed to bring CPU online");
+        start_cpu(platform, c.apic_id).expect("Failed to bring CPU online");
         count += 1;
     }
     log::info!("Brought {} AP(s) online", count);

kernel/src/error.rs

@@ -45,6 +45,8 @@ pub enum ApicError {
 /// A generic error during SVSM operation.
 #[derive(Clone, Copy, Debug)]
 pub enum SvsmError {
+    /// Errors related to platform initialization.
+    PlatformInit,
     /// Errors during ELF parsing and loading.
     Elf(ElfError),
     /// Errors related to GHCB

kernel/src/mm/pagetable.rs

@@ -43,8 +43,8 @@ static FEATURE_MASK: ImmutAfterInitCell<PTEntryFlags> =
     ImmutAfterInitCell::new(PTEntryFlags::empty());
 
 /// Re-initializes early paging settings.
-pub fn paging_init_early(platform: &dyn SvsmPlatform, vtom: u64) -> ImmutAfterInitResult<()> {
-    init_encrypt_mask(platform, vtom.try_into().unwrap())?;
+pub fn paging_init_early(platform: &dyn SvsmPlatform) -> ImmutAfterInitResult<()> {
+    init_encrypt_mask(platform)?;
 
     let mut feature_mask = PTEntryFlags::all();
     feature_mask.remove(PTEntryFlags::NX);
@@ -53,16 +53,16 @@ pub fn paging_init_early(platform: &dyn SvsmPlatform, vtom: u64) -> ImmutAfterIn
 }
 
 /// Initializes paging settings.
-pub fn paging_init(platform: &dyn SvsmPlatform, vtom: u64) -> ImmutAfterInitResult<()> {
-    init_encrypt_mask(platform, vtom.try_into().unwrap())?;
+pub fn paging_init(platform: &dyn SvsmPlatform) -> ImmutAfterInitResult<()> {
+    init_encrypt_mask(platform)?;
 
     let feature_mask = PTEntryFlags::all();
     FEATURE_MASK.reinit(&feature_mask)
 }
 
 /// Initializes the encrypt mask.
-fn init_encrypt_mask(platform: &dyn SvsmPlatform, vtom: usize) -> ImmutAfterInitResult<()> {
-    let masks = platform.get_page_encryption_masks(vtom);
+fn init_encrypt_mask(platform: &dyn SvsmPlatform) -> ImmutAfterInitResult<()> {
+    let masks = platform.get_page_encryption_masks();
 
     PRIVATE_PTE_MASK.reinit(&masks.private_pte_mask)?;
     SHARED_PTE_MASK.reinit(&masks.shared_pte_mask)?;

kernel/src/platform/mod.rs

@@ -5,6 +5,7 @@
 // Author: Jon Lange <[email protected]>
 
 use crate::address::{PhysAddr, VirtAddr};
+use crate::cpu::cpuid::CpuidResult;
 use crate::cpu::percpu::PerCpu;
 use crate::error::SvsmError;
 use crate::io::IOPort;
@@ -44,20 +45,27 @@ pub enum PageStateChangeOp {
 /// underlying architectures.
 pub trait SvsmPlatform {
     /// Performs basic early initialization of the runtime environment.
-    fn env_setup(&mut self, debug_serial_port: u16) -> Result<(), SvsmError>;
+    fn env_setup(&mut self, debug_serial_port: u16, vtom: usize) -> Result<(), SvsmError>;
 
     /// Performs initialization of the platform runtime environment after
     /// the core system environment has been initialized.
     fn env_setup_late(&mut self, debug_serial_port: u16) -> Result<(), SvsmError>;
 
+    /// Performs initialiation of the environment specfic to the SVSM kernel
+    /// (for services not used by stage2).
+    fn env_setup_svsm(&self) -> Result<(), SvsmError>;
+
     /// Completes initialization of a per-CPU object during construction.
     fn setup_percpu(&self, cpu: &PerCpu) -> Result<(), SvsmError>;
 
     /// Completes initialization of a per-CPU object on the target CPU.
     fn setup_percpu_current(&self, cpu: &PerCpu) -> Result<(), SvsmError>;
 
     /// Determines the paging encryption masks for the current architecture.
-    fn get_page_encryption_masks(&self, vtom: usize) -> PageEncryptionMasks;
+    fn get_page_encryption_masks(&self) -> PageEncryptionMasks;
+
+    /// Obtain CPUID using platform-specific tables.
+    fn cpuid(&self, eax: u32) -> Option<CpuidResult>;
 
     /// Establishes state required for guest/host communication.
     fn setup_guest_host_comm(&mut self, cpu: &PerCpu, is_bsp: bool);
@@ -95,6 +103,9 @@ pub trait SvsmPlatform {
 
     /// Perform an EOI of the current interrupt.
     fn eoi(&self);
+
+    /// Start an additional processor.
+    fn start_cpu(&self, cpu: &PerCpu, start_rip: u64) -> Result<(), SvsmError>;
 }
 
 //FIXME - remove Copy trait

kernel/src/platform/native.rs

@@ -39,7 +39,7 @@ impl Default for NativePlatform {
 }
 
 impl SvsmPlatform for NativePlatform {
-    fn env_setup(&mut self, debug_serial_port: u16) -> Result<(), SvsmError> {
+    fn env_setup(&mut self, debug_serial_port: u16, _vtom: usize) -> Result<(), SvsmError> {
         // In the native platform, console output does not require the use of
         // any platform services, so it can be initialized immediately.
         CONSOLE_SERIAL
@@ -53,6 +53,10 @@ impl SvsmPlatform for NativePlatform {
         Ok(())
     }
 
+    fn env_setup_svsm(&self) -> Result<(), SvsmError> {
+        Ok(())
+    }
+
     fn setup_percpu(&self, _cpu: &PerCpu) -> Result<(), SvsmError> {
         Ok(())
     }
@@ -61,7 +65,7 @@ impl SvsmPlatform for NativePlatform {
         Ok(())
     }
 
-    fn get_page_encryption_masks(&self, _vtom: usize) -> PageEncryptionMasks {
+    fn get_page_encryption_masks(&self) -> PageEncryptionMasks {
         // Find physical address size.
         let res = CpuidResult::get(0x80000008, 0);
         PageEncryptionMasks {
@@ -72,6 +76,10 @@ impl SvsmPlatform for NativePlatform {
         }
     }
 
+    fn cpuid(&self, eax: u32) -> Option<CpuidResult> {
+        Some(CpuidResult::get(eax, 0))
+    }
+
     fn setup_guest_host_comm(&mut self, _cpu: &PerCpu, _is_bsp: bool) {}
 
     fn get_io_port(&self) -> &'static dyn IOPort {
@@ -117,4 +125,8 @@ impl SvsmPlatform for NativePlatform {
     fn eoi(&self) {
         todo!();
     }
+
+    fn start_cpu(&self, _cpu: &PerCpu, _start_rip: u64) -> Result<(), SvsmError> {
+        todo!();
+    }
 }

kernel/src/platform/snp.rs

@@ -6,8 +6,8 @@
 
 use crate::address::{PhysAddr, VirtAddr};
 use crate::console::init_console;
-use crate::cpu::cpuid::cpuid_table;
-use crate::cpu::percpu::{current_ghcb, PerCpu};
+use crate::cpu::cpuid::{cpuid_table, CpuidResult};
+use crate::cpu::percpu::{current_ghcb, this_cpu, PerCpu};
 use crate::error::ApicError::Registration;
 use crate::error::SvsmError;
 use crate::io::IOPort;
@@ -29,6 +29,8 @@ use core::sync::atomic::{AtomicU32, Ordering};
 static CONSOLE_IO: SVSMIOPort = SVSMIOPort::new();
 static CONSOLE_SERIAL: ImmutAfterInitCell<SerialPort<'_>> = ImmutAfterInitCell::uninit();
 
+static VTOM: ImmutAfterInitCell<usize> = ImmutAfterInitCell::uninit();
+
 static APIC_EMULATION_REG_COUNT: AtomicU32 = AtomicU32::new(0);
 
 #[derive(Clone, Copy, Debug)]
@@ -47,8 +49,9 @@ impl Default for SnpPlatform {
 }
 
 impl SvsmPlatform for SnpPlatform {
-    fn env_setup(&mut self, _debug_serial_port: u16) -> Result<(), SvsmError> {
+    fn env_setup(&mut self, _debug_serial_port: u16, vtom: usize) -> Result<(), SvsmError> {
         sev_status_init();
+        VTOM.init(&vtom).map_err(|_| SvsmError::PlatformInit)?;
         Ok(())
     }
 
@@ -63,6 +66,10 @@ impl SvsmPlatform for SnpPlatform {
         Ok(())
     }
 
+    fn env_setup_svsm(&self) -> Result<(), SvsmError> {
+        this_cpu().configure_hv_doorbell()
+    }
+
     fn setup_percpu(&self, cpu: &PerCpu) -> Result<(), SvsmError> {
         // Setup GHCB
         cpu.setup_ghcb()
@@ -73,11 +80,12 @@ impl SvsmPlatform for SnpPlatform {
         Ok(())
     }
 
-    fn get_page_encryption_masks(&self, vtom: usize) -> PageEncryptionMasks {
+    fn get_page_encryption_masks(&self) -> PageEncryptionMasks {
         // Find physical address size.
         let processor_capacity =
             cpuid_table(0x80000008).expect("Can not get physical address size from CPUID table");
         if vtom_enabled() {
+            let vtom = *VTOM;
             PageEncryptionMasks {
                 private_pte_mask: 0,
                 shared_pte_mask: vtom,
@@ -98,6 +106,10 @@ impl SvsmPlatform for SnpPlatform {
         }
     }
 
+    fn cpuid(&self, eax: u32) -> Option<CpuidResult> {
+        cpuid_table(eax)
+    }
+
     fn setup_guest_host_comm(&mut self, cpu: &PerCpu, is_bsp: bool) {
         if is_bsp {
             verify_ghcb_version();
@@ -206,4 +218,11 @@ impl SvsmPlatform for SnpPlatform {
             let _ = current_ghcb().wrmsr(0x80B, 0);
         }
     }
+
+    fn start_cpu(&self, cpu: &PerCpu, start_rip: u64) -> Result<(), SvsmError> {
+        cpu.setup(self)?;
+        let (vmsa_pa, sev_features) = cpu.alloc_svsm_vmsa(*VTOM as u64, start_rip)?;
+
+        current_ghcb().ap_create(vmsa_pa, cpu.get_apic_id().into(), 0, sev_features)
+    }
 }

kernel/src/platform/tdp.rs

@@ -22,6 +22,8 @@ use crate::utils::MemoryRegion;
 static CONSOLE_IO: SVSMIOPort = SVSMIOPort::new();
 static CONSOLE_SERIAL: ImmutAfterInitCell<SerialPort<'_>> = ImmutAfterInitCell::uninit();
 
+static VTOM: ImmutAfterInitCell<usize> = ImmutAfterInitCell::uninit();
+
 #[derive(Clone, Copy, Debug)]
 pub struct TdpPlatform {}
 
@@ -38,8 +40,8 @@ impl Default for TdpPlatform {
 }
 
 impl SvsmPlatform for TdpPlatform {
-    fn env_setup(&mut self, _debug_serial_port: u16) -> Result<(), SvsmError> {
-        Ok(())
+    fn env_setup(&mut self, _debug_serial_port: u16, vtom: usize) -> Result<(), SvsmError> {
+        VTOM.init(&vtom).map_err(|_| SvsmError::PlatformInit)
     }
 
     fn env_setup_late(&mut self, debug_serial_port: u16) -> Result<(), SvsmError> {
@@ -50,6 +52,10 @@ impl SvsmPlatform for TdpPlatform {
         init_console(&*CONSOLE_SERIAL).map_err(|_| SvsmError::Console)
     }
 
+    fn env_setup_svsm(&self) -> Result<(), SvsmError> {
+        Ok(())
+    }
+
     fn setup_percpu(&self, _cpu: &PerCpu) -> Result<(), SvsmError> {
         Err(SvsmError::Tdx)
     }
@@ -58,9 +64,10 @@ impl SvsmPlatform for TdpPlatform {
         Err(SvsmError::Tdx)
     }
 
-    fn get_page_encryption_masks(&self, vtom: usize) -> PageEncryptionMasks {
+    fn get_page_encryption_masks(&self) -> PageEncryptionMasks {
         // Find physical address size.
         let res = CpuidResult::get(0x80000008, 0);
+        let vtom = *VTOM;
         PageEncryptionMasks {
             private_pte_mask: 0,
             shared_pte_mask: vtom,
@@ -69,6 +76,10 @@ impl SvsmPlatform for TdpPlatform {
         }
     }
 
+    fn cpuid(&self, eax: u32) -> Option<CpuidResult> {
+        Some(CpuidResult::get(eax, 0))
+    }
+
     fn setup_guest_host_comm(&mut self, _cpu: &PerCpu, _is_bsp: bool) {}
 
     fn get_io_port(&self) -> &'static dyn IOPort {
@@ -109,4 +120,8 @@ impl SvsmPlatform for TdpPlatform {
     }
 
     fn eoi(&self) {}
+
+    fn start_cpu(&self, _cpu: &PerCpu, _start_rip: u64) -> Result<(), SvsmError> {
+        todo!();
+    }
 }