| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <175698483743.1920.18154640171454268117.tip-bot2@tip-bot2>
Date: Thu, 04 Sep 2025 11:20:37 -0000
From: "tip-bot2 for Borislav Petkov (AMD)" <tip-bot2@...utronix.de>
To: linux-tip-commits@...r.kernel.org
Cc: "Borislav Petkov (AMD)" <bp@...en8.de>, x86@...nel.org,
linux-kernel@...r.kernel.org
Subject: [tip: x86/apic] x86/apic/savic: Do not use snp_abort()
The following commit has been merged into the x86/apic branch of tip:
Commit-ID: d4bc3b11c12b41fdb5650f5ad797de97f8dce869
Gitweb: https://git.kernel.org/tip/d4bc3b11c12b41fdb5650f5ad797de97f8dce869
Author: Borislav Petkov (AMD) <bp@...en8.de>
AuthorDate: Wed, 03 Sep 2025 17:42:05 +02:00
Committer: Borislav Petkov (AMD) <bp@...en8.de>
CommitterDate: Thu, 04 Sep 2025 13:12:51 +02:00
x86/apic/savic: Do not use snp_abort()
This function is going away so replace the callsites with the equivalent
functionality. Add a new SAVIC-specific termination reason. If more
granularity is needed there, it will be revisited in the future.
Signed-off-by: Borislav Petkov (AMD) <bp@...en8.de>
---
arch/x86/coco/sev/core.c | 4 ++--
arch/x86/include/asm/sev-common.h | 1 +
arch/x86/kernel/apic/x2apic_savic.c | 6 +++---
3 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
index b64f430..e858e29 100644
--- a/arch/x86/coco/sev/core.c
+++ b/arch/x86/coco/sev/core.c
@@ -1129,7 +1129,7 @@ u64 savic_ghcb_msr_read(u32 reg)
if (res != ES_OK) {
pr_err("Secure AVIC MSR (0x%llx) read returned error (%d)\n", msr, res);
/* MSR read failures are treated as fatal errors */
- snp_abort();
+ sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_SAVIC_FAIL);
}
__sev_put_ghcb(&state);
@@ -1159,7 +1159,7 @@ void savic_ghcb_msr_write(u32 reg, u64 value)
if (res != ES_OK) {
pr_err("Secure AVIC MSR (0x%llx) write returned error (%d)\n", msr, res);
/* MSR writes should never fail. Any failure is fatal error for SNP guest */
- snp_abort();
+ sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_SAVIC_FAIL);
}
__sev_put_ghcb(&state);
diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h
index 0020d77..01a6e4d 100644
--- a/arch/x86/include/asm/sev-common.h
+++ b/arch/x86/include/asm/sev-common.h
@@ -208,6 +208,7 @@ struct snp_psc_desc {
#define GHCB_TERM_SVSM_CAA 9 /* SVSM is present but CAA is not page aligned */
#define GHCB_TERM_SECURE_TSC 10 /* Secure TSC initialization failed */
#define GHCB_TERM_SVSM_CA_REMAP_FAIL 11 /* SVSM is present but CA could not be remapped */
+#define GHCB_TERM_SAVIC_FAIL 12 /* Secure AVIC-specific failure */
#define GHCB_RESP_CODE(v) ((v) & GHCB_MSR_INFO_MASK)
diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c
index b846de0..dbc5678 100644
--- a/arch/x86/kernel/apic/x2apic_savic.c
+++ b/arch/x86/kernel/apic/x2apic_savic.c
@@ -363,7 +363,7 @@ static void savic_setup(void)
*/
res = savic_register_gpa(gpa);
if (res != ES_OK)
- snp_abort();
+ sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_SAVIC_FAIL);
native_wrmsrq(MSR_AMD64_SAVIC_CONTROL,
gpa | MSR_AMD64_SAVIC_EN | MSR_AMD64_SAVIC_ALLOWEDNMI);
@@ -376,13 +376,13 @@ static int savic_probe(void)
if (!x2apic_mode) {
pr_err("Secure AVIC enabled in non x2APIC mode\n");
- snp_abort();
+ sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_SAVIC_FAIL);
/* unreachable */
}
savic_page = alloc_percpu(struct secure_avic_page);
if (!savic_page)
- snp_abort();
+ sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_SAVIC_FAIL);
return 1;
}
Powered by blists - more mailing lists