Commit 92ad6505 authored by John Allen's avatar John Allen Committed by Borislav Petkov (AMD)
Browse files

x86/sev: Include XSS value in GHCB CPUID request 



When a guest issues a CPUID instruction for Fn0000000D_x01, the hypervisor may
be intercepting the CPUID instruction and need to access the guest XSS value.
For SEV-ES, the XSS value is encrypted and needs to be included in the GHCB to
be visible to the hypervisor.

Signed-off-by: default avatarJohn Allen <john.allen@amd.com>
Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
Link: https://patch.msgid.link/all/20250924200852.4452-3-john.allen@amd.com/
parent 9249bcde

arch/x86/coco/sev/vc-shared.c

+11 −0
Original line number Diff line number Diff line 
// SPDX-License-Identifier: GPL-2.0



#ifndef __BOOT_COMPRESSED

#define has_cpuflag(f)                  boot_cpu_has(f)

#endif



static enum es_result vc_check_opcode_bytes(struct es_em_ctxt *ctxt,

					    unsigned long exit_code)

{
@@ -546,6 +550,13 @@ static enum es_result vc_handle_cpuid(struct ghcb *ghcb, 
		/* xgetbv will cause #GP - use reset value for xcr0 */

		ghcb_set_xcr0(ghcb, 1);



	if (has_cpuflag(X86_FEATURE_SHSTK) && regs->ax == 0xd && regs->cx == 1) {

		struct msr m;



		raw_rdmsr(MSR_IA32_XSS, &m);

		ghcb_set_xss(ghcb, m.q);

	}



	ret = sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_CPUID, 0, 0);

	if (ret != ES_OK)

		return ret;

arch/x86/include/asm/svm.h

+1 −0
Original line number Diff line number Diff line
@@ -701,5 +701,6 @@ DEFINE_GHCB_ACCESSORS(sw_exit_info_1) 
DEFINE_GHCB_ACCESSORS(sw_exit_info_2)

DEFINE_GHCB_ACCESSORS(sw_scratch)

DEFINE_GHCB_ACCESSORS(xcr0)

DEFINE_GHCB_ACCESSORS(xss)



#endif