Re: [PATCH v3 02/14] x86/sev: Make the VMPL0 checking function more generic

From: Tom Lendacky
Date: Wed Apr 17 2024 - 16:36:11 EST


On 4/17/24 06:46, Borislav Petkov wrote:
On Mon, Mar 25, 2024 at 05:26:21PM -0500, Tom Lendacky wrote:
-static void enforce_vmpl0(void)
+static bool running_at_vmpl0(void *va)

Not too crazy about it: you're turning it into a function which runs in
boolean context but takes a void *?!

And the boolean result is only a side-effect or what it does to the
argument - modify its permissions. Which is weird and not really
obvious.

Well, it doesn't really modify any permissions that matter. It tries to change the permission of a lesser privileged VMPL level. Since the kernel only runs at a single VMPL it would never be effected. The operation performed here is to update VMPL1 permission levels (which can only be done successfully at VMPL0) and return the result of the operation. A success implies running at VMPL0 and failure implies not running at VMPL0.


I'd prefer it if you made it into

static void vmpl0_modify_permissions(void *va)

I guess this confuses me, since it sounds like you're trying to modify the VMPL0 permissions, which you can't do. Maybe calling it modify_vmpl1_permissions() would be better. And a void return doesn't tell me whether it was successful and, therefore, whether the kernel is running at VMPL0.

Thanks,
Tom


which basically says, modify the permissions of @va in vmpl0, which is
a lot closer to what the function does.

And then do

#define running_at_vmpl0(va) vmpl0_modify_permissions((va))

because then through the indirection is at least clear how that "am
I running at VMPL0?" check is being done.

And later, if we need other VMPLs, we can extend
vmpl0_modify_permissions() and even do a more generic

vmpl_modify_permissions(unsigned int vmpl_level, void *va)

and so on and kill the silly macro.

Thx.