On 12/10/20 11:10 AM, Tom Lendacky wrote: > From: Tom Lendacky <thomas.lendacky@xxxxxxx> > > An SEV-ES guest is started by invoking a new SEV initialization ioctl, > KVM_SEV_ES_INIT. This identifies the guest as an SEV-ES guest, which is > used to drive the appropriate ASID allocation, VMSA encryption, etc. > > Before being able to run an SEV-ES vCPU, the vCPU VMSA must be encrypted > and measured. This is done using the LAUNCH_UPDATE_VMSA command after all > calls to LAUNCH_UPDATE_DATA have been performed, but before LAUNCH_MEASURE > has been performed. In order to establish the encrypted VMSA, the current > (traditional) VMSA and the GPRs are synced to the page that will hold the > encrypted VMSA and then LAUNCH_UPDATE_VMSA is invoked. The vCPU is then > marked as having protected guest state. > > Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx> > --- > + > + /* Sync registgers */ > + save->rax = svm->vcpu.arch.regs[VCPU_REGS_RAX]; > + save->rbx = svm->vcpu.arch.regs[VCPU_REGS_RBX]; > + save->rcx = svm->vcpu.arch.regs[VCPU_REGS_RCX]; > + save->rdx = svm->vcpu.arch.regs[VCPU_REGS_RDX]; > + save->rsp = svm->vcpu.arch.regs[VCPU_REGS_RSP]; > + save->rbp = svm->vcpu.arch.regs[VCPU_REGS_RBP]; > + save->rsi = svm->vcpu.arch.regs[VCPU_REGS_RSI]; > + save->rdi = svm->vcpu.arch.regs[VCPU_REGS_RDI]; > + save->r8 = svm->vcpu.arch.regs[VCPU_REGS_R8]; > + save->r9 = svm->vcpu.arch.regs[VCPU_REGS_R9]; > + save->r10 = svm->vcpu.arch.regs[VCPU_REGS_R10]; > + save->r11 = svm->vcpu.arch.regs[VCPU_REGS_R11]; > + save->r12 = svm->vcpu.arch.regs[VCPU_REGS_R12]; > + save->r13 = svm->vcpu.arch.regs[VCPU_REGS_R13]; > + save->r14 = svm->vcpu.arch.regs[VCPU_REGS_R14]; > + save->r15 = svm->vcpu.arch.regs[VCPU_REGS_R15]; > + save->rip = svm->vcpu.arch.regs[VCPU_REGS_RIP]; > + Paolo, I just noticed that a 32-bit build will fail because of R8-R15 references, sorry about that (I'm kind of surprised krobot hasn't complained). This should take care of it: --- diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 4045de7f8f8b..84b3ee15f4ec 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -529,6 +529,7 @@ static int sev_es_sync_vmsa(struct vcpu_svm *svm) save->rbp = svm->vcpu.arch.regs[VCPU_REGS_RBP]; save->rsi = svm->vcpu.arch.regs[VCPU_REGS_RSI]; save->rdi = svm->vcpu.arch.regs[VCPU_REGS_RDI]; +#ifdef X86_64 save->r8 = svm->vcpu.arch.regs[VCPU_REGS_R8]; save->r9 = svm->vcpu.arch.regs[VCPU_REGS_R9]; save->r10 = svm->vcpu.arch.regs[VCPU_REGS_R10]; @@ -537,6 +538,7 @@ static int sev_es_sync_vmsa(struct vcpu_svm *svm) save->r13 = svm->vcpu.arch.regs[VCPU_REGS_R13]; save->r14 = svm->vcpu.arch.regs[VCPU_REGS_R14]; save->r15 = svm->vcpu.arch.regs[VCPU_REGS_R15]; +#endif save->rip = svm->vcpu.arch.regs[VCPU_REGS_RIP]; /* Sync some non-GPR registers before encrypting */
