sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
c212fec9cf086243a7fb01cea185e67c2bd8f72e
system76-edk2/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
Tom Lendacky c212fec9cf OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust() 
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

The AsmRmpAdjust() function returns a UINT32, however in SevSnpIsVmpl0()
the return value is checked with EFI_ERROR() when it should just be
compared to 0. Fix the error check.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
2024-04-17 18:30:03 +00:00

83 lines
1.8 KiB
C
Raw Blame History

/** @file
SEV-SNP Page Validation functions.
Copyright (c) 2021 - 2024, AMD Incorporated. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <Uefi/UefiBaseType.h>
#include <Library/BaseLib.h>
#include <Library/MemEncryptSevLib.h>
#include "SnpPageStateChange.h"
//
// The variable used for the VMPL check.
//
STATIC UINT8 gVmpl0Data[4096];
/**
The function checks whether SEV-SNP guest is booted under VMPL0.
@retval TRUE The guest is booted under VMPL0
@retval FALSE The guest is not booted under VMPL0
**/
STATIC
BOOLEAN
SevSnpIsVmpl0 (
VOID
)
{
UINT64 Rdx;
UINT32 Status;
//
// There is no straightforward way to query the current VMPL level.
// The simplest method is to use the RMPADJUST instruction to change
// a page permission to a VMPL level-1, and if the guest kernel is
// launched at a level <= 1, then RMPADJUST instruction will return
// an error.
//
Rdx = 1;
Status = AsmRmpAdjust ((UINT64)gVmpl0Data, 0, Rdx);
if (Status != 0) {
return FALSE;
}
return TRUE;
}
/**
Pre-validate the system RAM when SEV-SNP is enabled in the guest VM.
@param[in] BaseAddress Base address
@param[in] NumPages Number of pages starting from the base address
**/
VOID
EFIAPI
MemEncryptSevSnpPreValidateSystemRam (
IN PHYSICAL_ADDRESS BaseAddress,
IN UINTN NumPages
)
{
if (!MemEncryptSevSnpIsEnabled ()) {
return;
}
//
// The page state change uses the PVALIDATE instruction. The instruction
// can be run on VMPL-0 only. If its not VMPL-0 guest then terminate
// the boot.
//
if (!SevSnpIsVmpl0 ()) {
SnpPageStateFailureTerminate ();
}
InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE);
}
Reference in New Issue View Git Blame Copy Permalink