Skip to content

Commit e2f4c8c

Browse files
tlendackybp3tk0v
authored andcommitted
x86/sev: Make the VMPL0 checking more straight forward
Currently, the enforce_vmpl0() function uses a set argument when modifying the VMPL1 permissions used to test for VMPL0. If the guest is not running at VMPL0, the guest self-terminates. The function is just a wrapper for a fixed RMPADJUST function. Eliminate the function and perform the RMPADJUST directly. No functional change. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Link: https://lore.kernel.org/r/ed01ddf04bfb475596b24b634fd26cffaa85173a.1713974291.git.thomas.lendacky@amd.com
1 parent 88ed43d commit e2f4c8c

File tree

1 file changed

+14
-21
lines changed
  • arch/x86/boot/compressed

1 file changed

+14
-21
lines changed

arch/x86/boot/compressed/sev.c

Lines changed: 14 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -335,26 +335,6 @@ void do_boot_stage2_vc(struct pt_regs *regs, unsigned long exit_code)
335335
sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SEV_ES_GEN_REQ);
336336
}
337337

338-
static void enforce_vmpl0(void)
339-
{
340-
u64 attrs;
341-
int err;
342-
343-
/*
344-
* RMPADJUST modifies RMP permissions of a lesser-privileged (numerically
345-
* higher) privilege level. Here, clear the VMPL1 permission mask of the
346-
* GHCB page. If the guest is not running at VMPL0, this will fail.
347-
*
348-
* If the guest is running at VMPL0, it will succeed. Even if that operation
349-
* modifies permission bits, it is still ok to do so currently because Linux
350-
* SNP guests are supported only on VMPL0 so VMPL1 or higher permission masks
351-
* changing is a don't-care.
352-
*/
353-
attrs = 1;
354-
if (rmpadjust((unsigned long)&boot_ghcb_page, RMP_PG_SIZE_4K, attrs))
355-
sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_NOT_VMPL0);
356-
}
357-
358338
/*
359339
* SNP_FEATURES_IMPL_REQ is the mask of SNP features that will need
360340
* guest side implementation for proper functioning of the guest. If any
@@ -588,7 +568,20 @@ void sev_enable(struct boot_params *bp)
588568
if (!(get_hv_features() & GHCB_HV_FT_SNP))
589569
sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED);
590570

591-
enforce_vmpl0();
571+
/*
572+
* Enforce running at VMPL0.
573+
*
574+
* RMPADJUST modifies RMP permissions of a lesser-privileged (numerically
575+
* higher) privilege level. Here, clear the VMPL1 permission mask of the
576+
* GHCB page. If the guest is not running at VMPL0, this will fail.
577+
*
578+
* If the guest is running at VMPL0, it will succeed. Even if that operation
579+
* modifies permission bits, it is still ok to do so currently because Linux
580+
* SNP guests running at VMPL0 only run at VMPL0, so VMPL1 or higher
581+
* permission mask changes are a don't-care.
582+
*/
583+
if (rmpadjust((unsigned long)&boot_ghcb_page, RMP_PG_SIZE_4K, 1))
584+
sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_NOT_VMPL0);
592585
}
593586

594587
if (snp && !(sev_status & MSR_AMD64_SEV_SNP_ENABLED))

0 commit comments

Comments
 (0)