tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

x86/sev: Provide PIC aliases for SEV related data objects

Provide PIC aliases for data objects that are shared between the SEV startup
code and the SEV code that executes later. This is needed so that the confined
startup code is permitted to access them.

This requires some of these variables to be moved into a source file that is
not part of the startup code, as the PIC alias is already implied, and
exporting variables in the opposite direction is not supported.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/20250828102202.1849035-36-ardb+git@google.com

authored by

Ard Biesheuvel and committed by
Borislav Petkov (AMD) 9723dd0c f27906b2

+37 -28
+3
arch/x86/boot/compressed/sev.c
··· 38 38 #define __BOOT_COMPRESSED 39 39 40 40 u8 snp_vmpl; 41 + u16 ghcb_version; 42 + 43 + u64 boot_svsm_caa_pa; 41 44 42 45 /* Include code for early handlers */ 43 46 #include "../../boot/startup/sev-shared.c"
-19
arch/x86/boot/startup/sev-shared.c
··· 19 19 #define WARN(condition, format...) (!!(condition)) 20 20 #endif 21 21 22 - /* 23 - * SVSM related information: 24 - * During boot, the page tables are set up as identity mapped and later 25 - * changed to use kernel virtual addresses. Maintain separate virtual and 26 - * physical addresses for the CAA to allow SVSM functions to be used during 27 - * early boot, both with identity mapped virtual addresses and proper kernel 28 - * virtual addresses. 29 - */ 30 - u64 boot_svsm_caa_pa __ro_after_init; 31 - 32 - /* 33 - * Since feature negotiation related variables are set early in the boot 34 - * process they must reside in the .data section so as not to be zeroed 35 - * out when the .bss section is later cleared. 36 - * 37 - * GHCB protocol version negotiated with the hypervisor. 38 - */ 39 - u16 ghcb_version __ro_after_init; 40 - 41 22 /* Copy of the SNP firmware's CPUID page. */ 42 23 static struct snp_cpuid_table cpuid_table_copy __ro_after_init; 43 24
-9
arch/x86/boot/startup/sev-startup.c
··· 41 41 #include <asm/cpuid/api.h> 42 42 #include <asm/cmdline.h> 43 43 44 - /* Bitmap of SEV features supported by the hypervisor */ 45 - u64 sev_hv_features __ro_after_init; 46 - 47 - /* Secrets page physical address from the CC blob */ 48 - u64 sev_secrets_pa __ro_after_init; 49 - 50 - /* For early boot SVSM communication */ 51 - struct svsm_ca boot_svsm_ca_page __aligned(PAGE_SIZE); 52 - 53 44 /* 54 45 * Nothing shall interrupt this code path while holding the per-CPU 55 46 * GHCB. The backup GHCB is only for NMIs interrupting this path.
+34
arch/x86/coco/sev/core.c
··· 46 46 #include <asm/cmdline.h> 47 47 #include <asm/msr.h> 48 48 49 + /* Bitmap of SEV features supported by the hypervisor */ 50 + u64 sev_hv_features __ro_after_init; 51 + SYM_PIC_ALIAS(sev_hv_features); 52 + 53 + /* Secrets page physical address from the CC blob */ 54 + u64 sev_secrets_pa __ro_after_init; 55 + SYM_PIC_ALIAS(sev_secrets_pa); 56 + 57 + /* For early boot SVSM communication */ 58 + struct svsm_ca boot_svsm_ca_page __aligned(PAGE_SIZE); 59 + SYM_PIC_ALIAS(boot_svsm_ca_page); 60 + 61 + /* 62 + * SVSM related information: 63 + * During boot, the page tables are set up as identity mapped and later 64 + * changed to use kernel virtual addresses. Maintain separate virtual and 65 + * physical addresses for the CAA to allow SVSM functions to be used during 66 + * early boot, both with identity mapped virtual addresses and proper kernel 67 + * virtual addresses. 68 + */ 69 + u64 boot_svsm_caa_pa __ro_after_init; 70 + SYM_PIC_ALIAS(boot_svsm_caa_pa); 71 + 49 72 DEFINE_PER_CPU(struct svsm_ca *, svsm_caa); 50 73 DEFINE_PER_CPU(u64, svsm_caa_pa); 51 74 ··· 142 119 */ 143 120 u8 snp_vmpl __ro_after_init; 144 121 EXPORT_SYMBOL_GPL(snp_vmpl); 122 + SYM_PIC_ALIAS(snp_vmpl); 123 + 124 + /* 125 + * Since feature negotiation related variables are set early in the boot 126 + * process they must reside in the .data section so as not to be zeroed 127 + * out when the .bss section is later cleared. 128 + * 129 + * GHCB protocol version negotiated with the hypervisor. 130 + */ 131 + u16 ghcb_version __ro_after_init; 132 + SYM_PIC_ALIAS(ghcb_version); 145 133 146 134 /* For early boot hypervisor communication in SEV-ES enabled guests */ 147 135 static struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE);