Commit e349241b authored by Ard Biesheuvel's avatar Ard Biesheuvel Committed by Borislav Petkov (AMD)
Browse files

x86/sev: Run RMPADJUST on SVSM calling area page to test VMPL 



Determining the VMPL at which the kernel runs involves performing a RMPADJUST
operation on an arbitrary page of memory, and observing whether it succeeds.

The use of boot_ghcb_page in the core kernel in this case is completely
arbitrary, but results in the need to provide a PIC alias for it. So use
boot_svsm_ca_page instead, which already needs this alias for other reasons.

Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
Link: https://lore.kernel.org/20250828102202.1849035-28-ardb+git@google.com
parent 7cb7b6de

arch/x86/boot/compressed/sev.c

+1 −1
Original line number Diff line number Diff line
@@ -327,7 +327,7 @@ static bool early_snp_init(struct boot_params *bp) 
	 * running at VMPL0. The CA will be used to communicate with the

	 * SVSM and request its services.

	 */

	svsm_setup_ca(cc_info);

	svsm_setup_ca(cc_info, rip_rel_ptr(&boot_ghcb_page));



	/*

	 * Pass run-time kernel a pointer to CC info via boot_params so EFI

arch/x86/boot/startup/sev-shared.c

+3 −2
Original line number Diff line number Diff line
@@ -801,7 +801,8 @@ static void __head pvalidate_4k_page(unsigned long vaddr, unsigned long paddr, 
 * Maintain the GPA of the SVSM Calling Area (CA) in order to utilize the SVSM

 * services needed when not running in VMPL0.

 */

static bool __head svsm_setup_ca(const struct cc_blob_sev_info *cc_info)

static bool __head svsm_setup_ca(const struct cc_blob_sev_info *cc_info,

				 void *page)

{

	struct snp_secrets_page *secrets_page;

	struct snp_cpuid_table *cpuid_table;
@@ -824,7 +825,7 @@ static bool __head svsm_setup_ca(const struct cc_blob_sev_info *cc_info) 
	 * routine is running identity mapped when called, both by the decompressor

	 * code and the early kernel code.

	 */

	if (!rmpadjust((unsigned long)rip_rel_ptr(&boot_ghcb_page), RMP_PG_SIZE_4K, 1))

	if (!rmpadjust((unsigned long)page, RMP_PG_SIZE_4K, 1))

		return false;



	/*

arch/x86/boot/startup/sev-startup.c

+1 −1
Original line number Diff line number Diff line
@@ -302,7 +302,7 @@ static __head void svsm_setup(struct cc_blob_sev_info *cc_info) 
	 * running at VMPL0. The CA will be used to communicate with the

	 * SVSM to perform the SVSM services.

	 */

	if (!svsm_setup_ca(cc_info))

	if (!svsm_setup_ca(cc_info, rip_rel_ptr(&boot_svsm_ca_page)))

		return;



	/*