git.baikalelectronics.ru Git - kernel.git/commit

author	Brijesh Singh <brijesh.singh@amd.com>
	Wed, 9 Feb 2022 18:10:08 +0000 (12:10 -0600)
committer	Borislav Petkov <bp@suse.de>
	Wed, 6 Apr 2022 11:10:34 +0000 (13:10 +0200)
commit	f1c71ad02051eb3a3118d45985e644ccd579c0d3
tree	fd88593d7c636ce70ec6fe5dff2cc40294238e71	tree \| snapshot
parent	4534408c6df11aa86280cda20d42f72ad423405d	commit \| diff

x86/sev: Check the VMPL level

The Virtual Machine Privilege Level (VMPL) feature in the SEV-SNP
architecture allows a guest VM to divide its address space into four
levels. The level can be used to provide hardware isolated abstraction
layers within a VM. VMPL0 is the highest privilege level, and VMPL3 is
the least privilege level. Certain operations must be done by the VMPL0
software, such as:

* Validate or invalidate memory range (PVALIDATE instruction)
* Allocate VMSA page (RMPADJUST instruction when VMSA=1)

The initial SNP support requires that the guest kernel is running at
VMPL0. Add such a check to verify the guest is running at level 0 before
continuing the boot. There is no easy method to query the current VMPL
level, so use the RMPADJUST instruction to determine whether the guest
is running at the VMPL0.

[ bp: Massage commit message. ]

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20220307213356.2797205-15-brijesh.singh@amd.com

arch/x86/boot/compressed/sev.c		diff \| blob \| history
arch/x86/include/asm/sev-common.h		diff \| blob \| history
arch/x86/include/asm/sev.h		diff \| blob \| history