Commit e2f4c8c3 authored by Tom Lendacky's avatar Tom Lendacky Committed by Borislav Petkov (AMD)
Browse files

x86/sev: Make the VMPL0 checking more straight forward 



Currently, the enforce_vmpl0() function uses a set argument when modifying
the VMPL1 permissions used to test for VMPL0. If the guest is not running
at VMPL0, the guest self-terminates.

The function is just a wrapper for a fixed RMPADJUST function. Eliminate
the function and perform the RMPADJUST directly.

No functional change.

Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/ed01ddf04bfb475596b24b634fd26cffaa85173a.1713974291.git.thomas.lendacky@amd.com
parent 88ed43d3

arch/x86/boot/compressed/sev.c

+14 −21
Original line number Diff line number Diff line
@@ -335,26 +335,6 @@ void do_boot_stage2_vc(struct pt_regs *regs, unsigned long exit_code) 
		sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SEV_ES_GEN_REQ);

}



static void enforce_vmpl0(void)

{

	u64 attrs;

	int err;



	/*

	 * RMPADJUST modifies RMP permissions of a lesser-privileged (numerically

	 * higher) privilege level. Here, clear the VMPL1 permission mask of the

	 * GHCB page. If the guest is not running at VMPL0, this will fail.

	 *

	 * If the guest is running at VMPL0, it will succeed. Even if that operation

	 * modifies permission bits, it is still ok to do so currently because Linux

	 * SNP guests are supported only on VMPL0 so VMPL1 or higher permission masks

	 * changing is a don't-care.

	 */

	attrs = 1;

	if (rmpadjust((unsigned long)&boot_ghcb_page, RMP_PG_SIZE_4K, attrs))

		sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_NOT_VMPL0);

}



/*

 * SNP_FEATURES_IMPL_REQ is the mask of SNP features that will need

 * guest side implementation for proper functioning of the guest. If any
@@ -588,7 +568,20 @@ void sev_enable(struct boot_params *bp) 
		if (!(get_hv_features() & GHCB_HV_FT_SNP))

			sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED);



		enforce_vmpl0();

		/*

		 * Enforce running at VMPL0.

		 *

		 * RMPADJUST modifies RMP permissions of a lesser-privileged (numerically

		 * higher) privilege level. Here, clear the VMPL1 permission mask of the

		 * GHCB page. If the guest is not running at VMPL0, this will fail.

		 *

		 * If the guest is running at VMPL0, it will succeed. Even if that operation

		 * modifies permission bits, it is still ok to do so currently because Linux

		 * SNP guests running at VMPL0 only run at VMPL0, so VMPL1 or higher

		 * permission mask changes are a don't-care.

		 */

		if (rmpadjust((unsigned long)&boot_ghcb_page, RMP_PG_SIZE_4K, 1))

			sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_NOT_VMPL0);

	}



	if (snp && !(sev_status & MSR_AMD64_SEV_SNP_ENABLED))