On 10/9/24 04:28, Nikunj A Dadhania wrote: > Address the ignored failures from snp_init() in sme_enable(). Add error > handling for scenarios where snp_init() fails to retrieve the SEV-SNP CC > blob or encounters issues while parsing the CC blob. Ensure that SNP guests > will error out early, preventing delayed error reporting or undefined > behavior. > > Signed-off-by: Nikunj A Dadhania <nikunj@xxxxxxx> Reviewed-by: Tom Lendacky <thomas.lendacky@xxxxxxx> > --- > arch/x86/mm/mem_encrypt_identity.c | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > > diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c > index ac33b2263a43..e6c7686f443a 100644 > --- a/arch/x86/mm/mem_encrypt_identity.c > +++ b/arch/x86/mm/mem_encrypt_identity.c > @@ -495,10 +495,10 @@ void __head sme_enable(struct boot_params *bp) > unsigned int eax, ebx, ecx, edx; > unsigned long feature_mask; > unsigned long me_mask; > - bool snp; > + bool snp_en; > u64 msr; > > - snp = snp_init(bp); > + snp_en = snp_init(bp); > > /* Check for the SME/SEV support leaf */ > eax = 0x80000000; > @@ -531,8 +531,11 @@ void __head sme_enable(struct boot_params *bp) > RIP_REL_REF(sev_status) = msr = __rdmsr(MSR_AMD64_SEV); > feature_mask = (msr & MSR_AMD64_SEV_ENABLED) ? AMD_SEV_BIT : AMD_SME_BIT; > > - /* The SEV-SNP CC blob should never be present unless SEV-SNP is enabled. */ > - if (snp && !(msr & MSR_AMD64_SEV_SNP_ENABLED)) > + /* > + * Any discrepancies between the presence of a CC blob and SNP > + * enablement abort the guest. > + */ > + if (snp_en ^ !!(msr & MSR_AMD64_SEV_SNP_ENABLED)) > snp_abort(); > > /* Check if memory encryption is enabled */
