]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
x86/boot: Drop redundant RMPADJUST in SEV SVSM presence check
authorArd Biesheuvel <ardb@kernel.org>
Thu, 28 Aug 2025 10:22:13 +0000 (12:22 +0200)
committerBorislav Petkov (AMD) <bp@alien8.de>
Wed, 3 Sep 2025 15:59:09 +0000 (17:59 +0200)
snp_vmpl will be assigned a non-zero value when executing at a VMPL other than
0, and this is inferred from a call to RMPADJUST, which only works when
running at VMPL0.

This means that testing snp_vmpl is sufficient, and there is no need to
perform the same check again.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/20250828102202.1849035-34-ardb+git@google.com
arch/x86/boot/compressed/sev.c

index 4873469b2a39ae62283905c553ba51cbe01535d1..26aa389f802d771ea9c214b0cb3eea72df3e7651 100644 (file)
@@ -406,30 +406,16 @@ void sev_enable(struct boot_params *bp)
         */
        if (sev_status & MSR_AMD64_SEV_SNP_ENABLED) {
                u64 hv_features;
-               int ret;
 
                hv_features = get_hv_features();
                if (!(hv_features & GHCB_HV_FT_SNP))
                        sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED);
 
                /*
-                * Enforce running at VMPL0 or with an SVSM.
-                *
-                * Use RMPADJUST (see the rmpadjust() function for a description of
-                * what the instruction does) to update the VMPL1 permissions of a
-                * page. If the guest is running at VMPL0, this will succeed. If the
-                * guest is running at any other VMPL, this will fail. Linux SNP guests
-                * only ever run at a single VMPL level so permission mask changes of a
-                * lesser-privileged VMPL are a don't-care.
+                * Running at VMPL0 is required unless an SVSM is present and
+                * the hypervisor supports the required SVSM GHCB events.
                 */
-               ret = rmpadjust((unsigned long)&boot_ghcb_page, RMP_PG_SIZE_4K, 1);
-
-               /*
-                * Running at VMPL0 is not required if an SVSM is present and the hypervisor
-                * supports the required SVSM GHCB events.
-                */
-               if (ret &&
-                   !(snp_vmpl && (hv_features & GHCB_HV_FT_SNP_MULTI_VMPL)))
+               if (snp_vmpl && !(hv_features & GHCB_HV_FT_SNP_MULTI_VMPL))
                        sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_NOT_VMPL0);
        }