x86/sev: Pass SVSM calling area down to early page state change API

The early page state change API is mostly only used very early, when only the
boot time SVSM calling area is in use. However, this API is also called by the
kexec finishing code, which runs very late, and potentially from a different
CPU (which uses a different calling area).

To avoid pulling the per-CPU SVSM calling area pointers and related SEV state
into the startup code, refactor the page state change API so the SVSM calling
area virtual and physical addresses can be provided by the caller.

No functional change intended.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/20250828102202.1849035-32-ardb+git@google.com

diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c
index 6b62c75ea9117e80c22a3f017537e700e45c48a9..0e567410d24d7f5d91417673d02b34caadccdc19 100644 (file)
--- a/arch/x86/boot/compressed/sev.c
+++ b/arch/x86/boot/compressed/sev.c
@@ -62,18 +62,30 @@ static bool sev_snp_enabled(void)
 
 void snp_set_page_private(unsigned long paddr)
 {
+       struct psc_desc d = {
+               SNP_PAGE_STATE_PRIVATE,
+               (struct svsm_ca *)boot_svsm_caa_pa,
+               boot_svsm_caa_pa
+       };
+
        if (!sev_snp_enabled())
                return;
 
-       __page_state_change(paddr, paddr, SNP_PAGE_STATE_PRIVATE);
+       __page_state_change(paddr, paddr, &d);
 }
 
 void snp_set_page_shared(unsigned long paddr)
 {
+       struct psc_desc d = {
+               SNP_PAGE_STATE_SHARED,
+               (struct svsm_ca *)boot_svsm_caa_pa,
+               boot_svsm_caa_pa
+       };
+
        if (!sev_snp_enabled())
                return;
 
-       __page_state_change(paddr, paddr, SNP_PAGE_STATE_SHARED);
+       __page_state_change(paddr, paddr, &d);
 }
 
 bool early_setup_ghcb(void)
@@ -98,8 +110,14 @@ bool early_setup_ghcb(void)
 
 void snp_accept_memory(phys_addr_t start, phys_addr_t end)
 {
+       struct psc_desc d = {
+               SNP_PAGE_STATE_PRIVATE,
+               (struct svsm_ca *)boot_svsm_caa_pa,
+               boot_svsm_caa_pa
+       };
+
        for (phys_addr_t pa = start; pa < end; pa += PAGE_SIZE)
-               __page_state_change(pa, pa, SNP_PAGE_STATE_PRIVATE);
+               __page_state_change(pa, pa, &d);
 }
 
 void sev_es_shutdown_ghcb(void)

diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev-shared.c
index 00220d7b981b0bf1351104d134bf700e239934a9..fb86f03da663172059cc312ceb519fa4e81fbf51 100644 (file)
--- a/arch/x86/boot/startup/sev-shared.c
+++ b/arch/x86/boot/startup/sev-shared.c
@@ -602,7 +602,8 @@ static int __head svsm_call_msr_protocol(struct svsm_call *call)
        return ret;
 }
 
-static void __head svsm_pval_4k_page(unsigned long paddr, bool validate)
+static void __head svsm_pval_4k_page(unsigned long paddr, bool validate,
+                                    struct svsm_ca *caa, u64 caa_pa)
 {
        struct svsm_pvalidate_call *pc;
        struct svsm_call call = {};
@@ -615,10 +616,10 @@ static void __head svsm_pval_4k_page(unsigned long paddr, bool validate)
         */
        flags = native_local_irq_save();
 
-       call.caa = svsm_get_caa();
+       call.caa = caa;
 
        pc = (struct svsm_pvalidate_call *)call.caa->svsm_buffer;
-       pc_pa = svsm_get_caa_pa() + offsetof(struct svsm_ca, svsm_buffer);
+       pc_pa = caa_pa + offsetof(struct svsm_ca, svsm_buffer);
 
        pc->num_entries = 1;
        pc->cur_index   = 0;
@@ -644,12 +645,12 @@ static void __head svsm_pval_4k_page(unsigned long paddr, bool validate)
 }
 
 static void __head pvalidate_4k_page(unsigned long vaddr, unsigned long paddr,
-                                    bool validate)
+                                    bool validate, struct svsm_ca *caa, u64 caa_pa)
 {
        int ret;
 
        if (snp_vmpl) {
-               svsm_pval_4k_page(paddr, validate);
+               svsm_pval_4k_page(paddr, validate, caa, caa_pa);
        } else {
                ret = pvalidate(vaddr, RMP_PG_SIZE_4K, validate);
                if (ret)
@@ -665,7 +666,7 @@ static void __head pvalidate_4k_page(unsigned long vaddr, unsigned long paddr,
 }
 
 static void __head __page_state_change(unsigned long vaddr, unsigned long paddr,
-                                      enum psc_op op)
+                                      const struct psc_desc *desc)
 {
        u64 val, msr;
 
@@ -673,14 +674,14 @@ static void __head __page_state_change(unsigned long vaddr, unsigned long paddr,
         * If private -> shared then invalidate the page before requesting the
         * state change in the RMP table.
         */
-       if (op == SNP_PAGE_STATE_SHARED)
-               pvalidate_4k_page(vaddr, paddr, false);
+       if (desc->op == SNP_PAGE_STATE_SHARED)
+               pvalidate_4k_page(vaddr, paddr, false, desc->ca, desc->caa_pa);
 
        /* Save the current GHCB MSR value */
        msr = sev_es_rd_ghcb_msr();
 
        /* Issue VMGEXIT to change the page state in RMP table. */
-       sev_es_wr_ghcb_msr(GHCB_MSR_PSC_REQ_GFN(paddr >> PAGE_SHIFT, op));
+       sev_es_wr_ghcb_msr(GHCB_MSR_PSC_REQ_GFN(paddr >> PAGE_SHIFT, desc->op));
        VMGEXIT();
 
        /* Read the response of the VMGEXIT. */
@@ -695,8 +696,8 @@ static void __head __page_state_change(unsigned long vaddr, unsigned long paddr,
         * Now that page state is changed in the RMP table, validate it so that it is
         * consistent with the RMP entry.
         */
-       if (op == SNP_PAGE_STATE_PRIVATE)
-               pvalidate_4k_page(vaddr, paddr, true);
+       if (desc->op == SNP_PAGE_STATE_PRIVATE)
+               pvalidate_4k_page(vaddr, paddr, true, desc->ca, desc->caa_pa);
 }
 
 /*

diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/sev-startup.c
index 5eb7d939ebd3456ad970fc24381dbb65e29fb688..8009a37d53c1fb3af92fa5ada0231d922115af93 100644 (file)
--- a/arch/x86/boot/startup/sev-startup.c
+++ b/arch/x86/boot/startup/sev-startup.c
@@ -132,7 +132,7 @@ noinstr void __sev_put_ghcb(struct ghcb_state *state)
 
 void __head
 early_set_pages_state(unsigned long vaddr, unsigned long paddr,
-                     unsigned long npages, enum psc_op op)
+                     unsigned long npages, const struct psc_desc *desc)
 {
        unsigned long paddr_end;
 
@@ -142,7 +142,7 @@ early_set_pages_state(unsigned long vaddr, unsigned long paddr,
        paddr_end = paddr + (npages << PAGE_SHIFT);
 
        while (paddr < paddr_end) {
-               __page_state_change(vaddr, paddr, op);
+               __page_state_change(vaddr, paddr, desc);
 
                vaddr += PAGE_SIZE;
                paddr += PAGE_SIZE;
@@ -152,6 +152,10 @@ early_set_pages_state(unsigned long vaddr, unsigned long paddr,
 void __head early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr,
                                         unsigned long npages)
 {
+       struct psc_desc d = {
+               SNP_PAGE_STATE_PRIVATE, svsm_get_caa(), svsm_get_caa_pa()
+       };
+
        /*
         * This can be invoked in early boot while running identity mapped, so
         * use an open coded check for SNP instead of using cc_platform_has().
@@ -165,12 +169,16 @@ void __head early_snp_set_memory_private(unsigned long vaddr, unsigned long padd
          * Ask the hypervisor to mark the memory pages as private in the RMP
          * table.
          */
-       early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_PRIVATE);
+       early_set_pages_state(vaddr, paddr, npages, &d);
 }
 
 void __head early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr,
                                        unsigned long npages)
 {
+       struct psc_desc d = {
+               SNP_PAGE_STATE_SHARED, svsm_get_caa(), svsm_get_caa_pa()
+       };
+
        /*
         * This can be invoked in early boot while running identity mapped, so
         * use an open coded check for SNP instead of using cc_platform_has().
@@ -181,7 +189,7 @@ void __head early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr
                return;
 
         /* Ask hypervisor to mark the memory pages shared in the RMP table. */
-       early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_SHARED);
+       early_set_pages_state(vaddr, paddr, npages, &d);
 }
 
 /*

diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
index ff1e2be8b5a844d936c57f00a9fe1b45ab1e4001..a833b2b31d3db3a14ac554ee72ea24088a11b575 100644 (file)
--- a/arch/x86/coco/sev/core.c
+++ b/arch/x86/coco/sev/core.c
@@ -607,8 +607,11 @@ static void set_pages_state(unsigned long vaddr, unsigned long npages, int op)
        unsigned long vaddr_end;
 
        /* Use the MSR protocol when a GHCB is not available. */
-       if (!boot_ghcb)
-               return early_set_pages_state(vaddr, __pa(vaddr), npages, op);
+       if (!boot_ghcb) {
+               struct psc_desc d = { op, svsm_get_caa(), svsm_get_caa_pa() };
+
+               return early_set_pages_state(vaddr, __pa(vaddr), npages, &d);
+       }
 
        vaddr = vaddr & PAGE_MASK;
        vaddr_end = vaddr + (npages << PAGE_SHIFT);

diff --git a/arch/x86/include/asm/sev-internal.h b/arch/x86/include/asm/sev-internal.h
index ffe4755962fe8ee8d0e27ecb1e826f47f23b65b6..9ff824540b48cf992a174ca22ef18614966f2feb 100644 (file)
--- a/arch/x86/include/asm/sev-internal.h
+++ b/arch/x86/include/asm/sev-internal.h
@@ -55,7 +55,7 @@ DECLARE_PER_CPU(struct sev_es_runtime_data*, runtime_data);
 DECLARE_PER_CPU(struct sev_es_save_area *, sev_vmsa);
 
 void early_set_pages_state(unsigned long vaddr, unsigned long paddr,
-                          unsigned long npages, enum psc_op op);
+                          unsigned long npages, const struct psc_desc *desc);
 
 DECLARE_PER_CPU(struct svsm_ca *, svsm_caa);
 DECLARE_PER_CPU(u64, svsm_caa_pa);

diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
index 92b1269c877e4156315f97a2a19b17de6facd055..0030c7125b291c4d2fc9e317576c41115076ba89 100644 (file)
--- a/arch/x86/include/asm/sev.h
+++ b/arch/x86/include/asm/sev.h
@@ -570,6 +570,12 @@ extern u16 ghcb_version;
 extern struct ghcb *boot_ghcb;
 extern bool sev_snp_needs_sfw;
 
+struct psc_desc {
+       enum psc_op op;
+       struct svsm_ca *ca;
+       u64 caa_pa;
+};
+
 #else  /* !CONFIG_AMD_MEM_ENCRYPT */
 
 #define snp_vmpl 0