tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

x86/sev: Run RMPADJUST on SVSM calling area page to test VMPL

Determining the VMPL at which the kernel runs involves performing a RMPADJUST
operation on an arbitrary page of memory, and observing whether it succeeds.

The use of boot_ghcb_page in the core kernel in this case is completely
arbitrary, but results in the need to provide a PIC alias for it. So use
boot_svsm_ca_page instead, which already needs this alias for other reasons.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://lore.kernel.org/20250828102202.1849035-28-ardb+git@google.com

authored by

Ard Biesheuvel and committed by
Borislav Petkov (AMD) e349241b 7cb7b6de

+5 -4
+1 -1
arch/x86/boot/compressed/sev.c
··· 327 327 * running at VMPL0. The CA will be used to communicate with the 328 328 * SVSM and request its services. 329 329 */ 330 - svsm_setup_ca(cc_info); 330 + svsm_setup_ca(cc_info, rip_rel_ptr(&boot_ghcb_page)); 331 331 332 332 /* 333 333 * Pass run-time kernel a pointer to CC info via boot_params so EFI
+3 -2
arch/x86/boot/startup/sev-shared.c
··· 801 801 * Maintain the GPA of the SVSM Calling Area (CA) in order to utilize the SVSM 802 802 * services needed when not running in VMPL0. 803 803 */ 804 - static bool __head svsm_setup_ca(const struct cc_blob_sev_info *cc_info) 804 + static bool __head svsm_setup_ca(const struct cc_blob_sev_info *cc_info, 805 + void *page) 805 806 { 806 807 struct snp_secrets_page *secrets_page; 807 808 struct snp_cpuid_table *cpuid_table; ··· 825 824 * routine is running identity mapped when called, both by the decompressor 826 825 * code and the early kernel code. 827 826 */ 828 - if (!rmpadjust((unsigned long)rip_rel_ptr(&boot_ghcb_page), RMP_PG_SIZE_4K, 1)) 827 + if (!rmpadjust((unsigned long)page, RMP_PG_SIZE_4K, 1)) 829 828 return false; 830 829 831 830 /*
+1 -1
arch/x86/boot/startup/sev-startup.c
··· 302 302 * running at VMPL0. The CA will be used to communicate with the 303 303 * SVSM to perform the SVSM services. 304 304 */ 305 - if (!svsm_setup_ca(cc_info)) 305 + if (!svsm_setup_ca(cc_info, rip_rel_ptr(&boot_svsm_ca_page))) 306 306 return; 307 307 308 308 /*