diff --git a/kernel/src/cpu/percpu.rs b/kernel/src/cpu/percpu.rs index d4eec8433..074f772f1 100644 --- a/kernel/src/cpu/percpu.rs +++ b/kernel/src/cpu/percpu.rs @@ -739,9 +739,6 @@ impl PerCpu { vmsa.tr = self.vmsa_tr_segment(); vmsa.rip = start_rip; vmsa.rsp = self.get_top_of_stack().into(); - if is_cet_ss_supported() { - vmsa.ssp = self.get_top_of_shadow_stack().into(); - } vmsa.cr3 = self.get_pgtable().cr3_value().into(); vmsa.enable(); diff --git a/kernel/src/cpu/shadow_stack.rs b/kernel/src/cpu/shadow_stack.rs index 81d6b497b..4b8155c64 100644 --- a/kernel/src/cpu/shadow_stack.rs +++ b/kernel/src/cpu/shadow_stack.rs @@ -61,8 +61,6 @@ pub fn is_cet_ss_supported() -> bool { macro_rules! enable_shadow_stacks { ($bsp_percpu:ident) => {{ use core::arch::asm; - use svsm::address::Address; - use svsm::cpu::shadow_stack::{SCetFlags, MODE_64BIT, S_CET}; let token_addr = $bsp_percpu.get_top_of_shadow_stack(); diff --git a/kernel/src/cpu/smp.rs b/kernel/src/cpu/smp.rs index af448aef3..8c62f1b83 100644 --- a/kernel/src/cpu/smp.rs +++ b/kernel/src/cpu/smp.rs @@ -5,8 +5,11 @@ // Author: Joerg Roedel use crate::acpi::tables::ACPICPUInfo; +use crate::address::Address; use crate::cpu::percpu::{this_cpu, this_cpu_shared, PerCpu}; +use crate::cpu::shadow_stack::{is_cet_ss_supported, SCetFlags, MODE_64BIT, S_CET}; use crate::cpu::sse::sse_init; +use crate::enable_shadow_stacks; use crate::error::SvsmError; use crate::platform::SvsmPlatform; use crate::platform::SVSM_PLATFORM; @@ -39,11 +42,17 @@ pub fn start_secondary_cpus(platform: &dyn SvsmPlatform, cpus: &[ACPICPUInfo]) { #[no_mangle] fn start_ap() { - this_cpu() + let percpu = this_cpu(); + + if is_cet_ss_supported() { + enable_shadow_stacks!(percpu); + } + + percpu .setup_on_cpu(&**SVSM_PLATFORM) .expect("setup_on_cpu() failed"); - this_cpu() + percpu .setup_idle_task(ap_request_loop) .expect("Failed to allocated idle task for AP"); diff --git a/kernel/src/cpu/vmsa.rs b/kernel/src/cpu/vmsa.rs index 471b69725..5133c3589 100644 --- a/kernel/src/cpu/vmsa.rs +++ b/kernel/src/cpu/vmsa.rs @@ -13,7 +13,6 @@ use super::control_regs::{read_cr0, read_cr3, read_cr4}; use super::efer::read_efer; use super::gdt; use super::idt::common::idt; -use super::shadow_stack::{is_cet_ss_supported, read_s_cet}; fn svsm_code_segment() -> VMSASegment { VMSASegment { @@ -67,9 +66,6 @@ pub fn init_svsm_vmsa(vmsa: &mut VMSA, vtom: u64) { vmsa.cr3 = read_cr3().bits() as u64; vmsa.cr4 = read_cr4().bits(); vmsa.efer = read_efer().bits(); - if is_cet_ss_supported() { - vmsa.s_cet = read_s_cet().bits(); - } vmsa.rflags = 0x2; vmsa.dr6 = 0xffff0ff0; diff --git a/kernel/src/svsm.rs b/kernel/src/svsm.rs index aadd42884..5911784e2 100755 --- a/kernel/src/svsm.rs +++ b/kernel/src/svsm.rs @@ -7,32 +7,31 @@ #![cfg_attr(not(test), no_std)] #![cfg_attr(not(test), no_main)] -use svsm::cpu::shadow_stack::{determine_cet_support, is_cet_ss_supported}; -use svsm::enable_shadow_stacks; -use svsm::fw_meta::{print_fw_meta, validate_fw_memory, SevFWMetaData}; - use bootlib::kernel_launch::KernelLaunchInfo; use core::arch::global_asm; use core::panic::PanicInfo; use core::slice; use cpuarch::snp_cpuid::SnpCpuidTable; -use svsm::address::{PhysAddr, VirtAddr}; +use svsm::address::{Address, PhysAddr, VirtAddr}; use svsm::config::SvsmConfig; use svsm::console::install_console_logger; use svsm::cpu::control_regs::{cr0_init, cr4_init}; use svsm::cpu::cpuid::{dump_cpuid_table, register_cpuid_table}; use svsm::cpu::gdt; use svsm::cpu::idt::svsm::{early_idt_init, idt_init}; -use svsm::cpu::percpu::current_ghcb; -use svsm::cpu::percpu::PerCpu; -use svsm::cpu::percpu::{this_cpu, this_cpu_shared}; +use svsm::cpu::percpu::{current_ghcb, this_cpu, this_cpu_shared, PerCpu}; +use svsm::cpu::shadow_stack::{ + determine_cet_support, is_cet_ss_supported, SCetFlags, MODE_64BIT, S_CET, +}; use svsm::cpu::smp::start_secondary_cpus; use svsm::cpu::sse::sse_init; use svsm::debug::gdbstub::svsm_gdbstub::{debug_break, gdbstub_start}; use svsm::debug::stacktrace::print_stack; +use svsm::enable_shadow_stacks; use svsm::error::SvsmError; use svsm::fs::{initialize_fs, populate_ram_fs}; use svsm::fw_cfg::FwCfg; +use svsm::fw_meta::{print_fw_meta, validate_fw_memory, SevFWMetaData}; use svsm::igvm_params::IgvmParams; use svsm::kernel_region::new_kernel_region; use svsm::mm::alloc::{memory_info, print_memory_info, root_mem_init};