forked from rpms/qemu-kvm
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
78 lines
3.1 KiB
78 lines
3.1 KiB
From 5c0d254762caaffd574bd95dbfc1df416e6e2509 Mon Sep 17 00:00:00 2001
|
|
From: Bandan Das <bsd@redhat.com>
|
|
Date: Thu, 3 Aug 2023 14:22:55 -0400
|
|
Subject: [PATCH 12/14] i386/sev: Update checks and information related to
|
|
reduced-phys-bits
|
|
|
|
RH-Author: Bandan Das <None>
|
|
RH-MergeRequest: 196: Updates to SEV reduced-phys-bits parameter
|
|
RH-Bugzilla: 2214839
|
|
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
RH-Commit: [3/4] 7c5e7ea9f6cd39e84e5b60417c849430296399fd (bdas1/qemu-kvm)
|
|
|
|
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2214839
|
|
|
|
commit 8168fed9f84e3128f7628969ae78af49433d5ce7
|
|
Author: Tom Lendacky <thomas.lendacky@amd.com>
|
|
Date: Fri Sep 30 10:14:29 2022 -0500
|
|
|
|
i386/sev: Update checks and information related to reduced-phys-bits
|
|
|
|
The value of the reduced-phys-bits parameter is propogated to the CPUID
|
|
information exposed to the guest. Update the current validation check to
|
|
account for the size of the CPUID field (6-bits), ensuring the value is
|
|
in the range of 1 to 63.
|
|
|
|
Maintain backward compatibility, to an extent, by allowing a value greater
|
|
than 1 (so that the previously documented value of 5 still works), but not
|
|
allowing anything over 63.
|
|
|
|
Fixes: d8575c6c02 ("sev/i386: add command to initialize the memory encryption context")
|
|
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
|
|
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
|
Message-Id: <cca5341a95ac73f904e6300f10b04f9c62e4e8ff.1664550870.git.thomas.lendacky@amd.com>
|
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
|
|
Signed-off-by: Bandan Das <bsd@redhat.com>
|
|
---
|
|
target/i386/sev.c | 17 ++++++++++++++---
|
|
1 file changed, 14 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/target/i386/sev.c b/target/i386/sev.c
|
|
index 859e06f6ad..fe2144c038 100644
|
|
--- a/target/i386/sev.c
|
|
+++ b/target/i386/sev.c
|
|
@@ -932,15 +932,26 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
|
|
host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL);
|
|
host_cbitpos = ebx & 0x3f;
|
|
|
|
+ /*
|
|
+ * The cbitpos value will be placed in bit positions 5:0 of the EBX
|
|
+ * register of CPUID 0x8000001F. No need to verify the range as the
|
|
+ * comparison against the host value accomplishes that.
|
|
+ */
|
|
if (host_cbitpos != sev->cbitpos) {
|
|
error_setg(errp, "%s: cbitpos check failed, host '%d' requested '%d'",
|
|
__func__, host_cbitpos, sev->cbitpos);
|
|
goto err;
|
|
}
|
|
|
|
- if (sev->reduced_phys_bits < 1) {
|
|
- error_setg(errp, "%s: reduced_phys_bits check failed, it should be >=1,"
|
|
- " requested '%d'", __func__, sev->reduced_phys_bits);
|
|
+ /*
|
|
+ * The reduced-phys-bits value will be placed in bit positions 11:6 of
|
|
+ * the EBX register of CPUID 0x8000001F, so verify the supplied value
|
|
+ * is in the range of 1 to 63.
|
|
+ */
|
|
+ if (sev->reduced_phys_bits < 1 || sev->reduced_phys_bits > 63) {
|
|
+ error_setg(errp, "%s: reduced_phys_bits check failed,"
|
|
+ " it should be in the range of 1 to 63, requested '%d'",
|
|
+ __func__, sev->reduced_phys_bits);
|
|
goto err;
|
|
}
|
|
|
|
--
|
|
2.39.3
|
|
|