Permit the use of restricted injection in the SVSM

Signed-off-by: Jon Lange <jlange@microsoft.com>
coconut-svsm · Jan 2, 2024 · 1f06992 · 1f06992
1 parent d352a89
commit 1f06992
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 3 deletions.
diff --git a/src/cpu/idt/common.rs b/src/cpu/idt/common.rs
@@ -30,7 +30,7 @@ pub const _AC_VECTOR: usize = 17;
 pub const _MCE_VECTOR: usize = 18;
 pub const _XF_VECTOR: usize = 19;
 pub const _CP_VECTOR: usize = 21;
-pub const _HV_VECTOR: usize = 28;
+pub const HV_VECTOR: usize = 28;
 pub const VC_VECTOR: usize = 29;
 pub const _SX_VECTOR: usize = 30;
 

diff --git a/src/cpu/idt/stage2.rs b/src/cpu/idt/stage2.rs
@@ -4,7 +4,7 @@
 //
 // Author: Joerg Roedel <jroedel@suse.de>
 
-use super::common::{load_idt, Idt, IdtEntry, DF_VECTOR, GLOBAL_IDT, VC_VECTOR};
+use super::common::{load_idt, Idt, IdtEntry, DF_VECTOR, GLOBAL_IDT, HV_VECTOR, VC_VECTOR};
 use crate::address::VirtAddr;
 use crate::cpu::control_regs::read_cr2;
 use crate::cpu::vc::{stage2_handle_vc_exception, stage2_handle_vc_exception_no_ghcb};
@@ -49,6 +49,10 @@ pub extern "C" fn stage2_generic_idt_handler(ctx: &mut X86ExceptionContext) {
             );
         }
         VC_VECTOR => stage2_handle_vc_exception(ctx),
+        HV_VECTOR =>
+            // #HV does not require processing during stage 2 and can be
+        // completely ignored.
+            {}
         _ => {
             let err = ctx.error_code;
             let vec = ctx.vector;

diff --git a/src/cpu/idt/svsm.rs b/src/cpu/idt/svsm.rs
@@ -11,7 +11,8 @@ use super::super::tss::IST_DF;
 use super::super::vc::handle_vc_exception;
 use super::common::PF_ERROR_WRITE;
 use super::common::{
-    load_idt, Idt, IdtEntry, BP_VECTOR, DF_VECTOR, GLOBAL_IDT, GP_VECTOR, PF_VECTOR, VC_VECTOR,
+    load_idt, Idt, IdtEntry, BP_VECTOR, DF_VECTOR, GLOBAL_IDT, GP_VECTOR, HV_VECTOR, PF_VECTOR,
+    VC_VECTOR,
 };
 use crate::address::VirtAddr;
 use crate::cpu::X86ExceptionContext;
@@ -87,6 +88,12 @@ pub extern "C" fn generic_idt_handler(ctx: &mut X86ExceptionContext) {
         }
         VC_VECTOR => handle_vc_exception(ctx),
         BP_VECTOR => handle_debug_exception(ctx, ctx.vector),
+        HV_VECTOR =>
+            // #HV processing is not required in the SVSM.  If a maskable
+        // interrupt occurs, it will be processed prior to the next exit.
+        // There are no NMI sources, and #MC cannot be handled anyway
+        // and can safely be ignored.
+            {}
         _ => {
             let err = ctx.error_code;
             let vec = ctx.vector;

diff --git a/src/cpu/vmsa.rs b/src/cpu/vmsa.rs
@@ -138,4 +138,7 @@ pub fn init_guest_vmsa(v: &mut VMSA, rip: u64) {
 
     v.vmpl = GUEST_VMPL as u8;
     v.sev_features = read_msr(0xc0010131) >> 2;
+
+    // Ensure that guest VMSAs do not enable restricted injection.
+    v.sev_features &= !0b1000;
 }
diff --git a/src/sev/status.rs b/src/sev/status.rs
@@ -156,6 +156,7 @@ pub fn sev_snp_enabled() -> bool {
 pub fn sev_status_verify() {
     let required = SEVStatusFlags::SEV | SEVStatusFlags::SEV_ES | SEVStatusFlags::SEV_SNP;
     let supported = SEVStatusFlags::DBGSWP
+        | SEVStatusFlags::REST_INJ
         | SEVStatusFlags::PREV_HOST_IBS
         | SEVStatusFlags::BTB_ISOLATION
         | SEVStatusFlags::VMSA_REG_PROT;