On Wed, 2023-03-22 at 23:47 +0100, Borislav Petkov wrote:
>
> +.Luse_sev_cpuid_0b:
> + call sev_get_cpuid_0b
> + test %eax, %eax
> + jz 1f
> + movl %eax, %edx
> + jmp .Lsetup_AP
> +
Can this code path never be taken for bringing up CPU0 even after a
hotplug? I'd rather have -1 as the error indication.
> .Luse_cpuid_0b:
> mov $0x0B, %eax
> xorl %ecx, %ecx
> diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c
> index ce371f62167b..96ff63cb5622 100644
> --- a/arch/x86/kernel/sev.c
> +++ b/arch/x86/kernel/sev.c
> @@ -1142,6 +1142,24 @@ void snp_set_wakeup_secondary_cpu(void)
> apic->wakeup_secondary_cpu = wakeup_cpu_via_vmgexit;
> }
>
> +u32 sev_get_cpuid_0b(void)
> +{
> + u32 eax, edx;
> +
> + /* Request CPUID 0xB_EDX through GHCB protocol */
> + native_wrmsr(MSR_AMD64_SEV_ES_GHCB,
> + (GHCB_CPUID_REQ_EDX << 30) | GHCB_MSR_CPUID_REQ,
> + 0xb);
> + VMGEXIT();
> +
> + native_rdmsr(MSR_AMD64_SEV_ES_GHCB, eax, edx);
> +
> + if ((eax & GHCB_MSR_INFO_MASK) == GHCB_MSR_CPUID_RESP)
> + return edx;
> +
> + return 0;
> +}
> +
> int __init sev_es_setup_ap_jump_table(struct real_mode_header *rmh)
> {
Perhaps put this in head64.c so it gets built with -pg when needed? And
then you'll spot that the other functions in there are marked __head to
put them in .head.text, and maybe find some other stuff to cargo-cult
to make it safe to run C code that early...
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
