fix(shim-sev): add snp_active() and move get_cbit_mask()

Signed-off-by: Harald Hoyer <harald@profian.com>

internal/shim-sev/src/addr.rs

@@ -2,9 +2,9 @@
 
 //! Some basic address operations
 
-use crate::get_cbit_mask;
 use crate::hostmap::HOSTMAP;
 use crate::paging::SHIM_PAGETABLE;
+use crate::snp::get_cbit_mask;
 
 use core::convert::{TryFrom, TryInto};
 

internal/shim-sev/src/allocator.rs

@@ -3,12 +3,11 @@
 //! The global Allocator
 
 use crate::addr::{ShimPhysAddr, ShimVirtAddr, SHIM_VIRT_OFFSET};
-use crate::get_cbit_mask;
 use crate::hostcall::HOST_CALL_ALLOC;
 use crate::hostmap::HOSTMAP;
 use crate::paging::SHIM_PAGETABLE;
 use crate::payload::NEXT_MMAP_RWLOCK;
-use crate::snp::{pvalidate, PvalidateSize};
+use crate::snp::{get_cbit_mask, pvalidate, snp_active, PvalidateSize};
 use crate::spin::RwLocked;
 
 use core::alloc::{GlobalAlloc, Layout};
@@ -249,7 +248,7 @@ impl EnarxAllocator {
                         let shim_phys_page = ShimPhysAddr::<u8>::try_from(line.start).unwrap();
                         let free_start: *mut u8 = ShimVirtAddr::from(shim_phys_page).into();
 
-                        if get_cbit_mask() != 0 {
+                        if snp_active() {
                             // pvalidate the newly assigned memory region
                             let virt_region = Span::new(free_start as usize, line.count);
                             let virt_line = Line::from(virt_region);

internal/shim-sev/src/debug.rs

@@ -2,13 +2,6 @@
 
 //! Debug functions
 
-use crate::addr::SHIM_VIRT_OFFSET;
-use crate::paging::SHIM_PAGETABLE;
-use crate::payload::PAYLOAD_VIRT_ADDR;
-use crate::snp::ghcb::{vmgexit_msr, GHCB_MSR_EXIT_REQ};
-use crate::PAYLOAD_READY;
-use crate::{get_cbit_mask, print};
-
 use core::mem::size_of;
 use core::sync::atomic::Ordering;
 
@@ -17,6 +10,14 @@ use x86_64::structures::paging::Translate;
 use x86_64::structures::DescriptorTablePointer;
 use x86_64::VirtAddr;
 
+use crate::addr::SHIM_VIRT_OFFSET;
+use crate::paging::SHIM_PAGETABLE;
+use crate::payload::PAYLOAD_VIRT_ADDR;
+use crate::print;
+use crate::snp::ghcb::{vmgexit_msr, GHCB_MSR_EXIT_REQ};
+use crate::snp::snp_active;
+use crate::PAYLOAD_READY;
+
 /// Debug helper function for the early boot
 ///
 /// # Safety
@@ -29,7 +30,7 @@ pub unsafe fn _early_debug_panic(reason: u64, value: u64) -> ! {
     // Safe the contents of the rbp register containing the stack frame pointer
     asm!("mov {}, rbp", out(reg) rbp);
 
-    if get_cbit_mask() > 0 {
+    if snp_active() {
         _load_invalid_idt();
 
         vmgexit_msr(
@@ -66,7 +67,7 @@ pub unsafe fn _enarx_asm_triple_fault() -> ! {
     // Safe the contents of the rbp register containing the stack frame pointer
     asm!("mov {}, rbp", out(reg) rbp);
 
-    if get_cbit_mask() > 0 {
+    if snp_active() {
         _early_debug_panic(0x7, 0xFF);
     }
 

internal/shim-sev/src/hostcall.rs

@@ -2,12 +2,6 @@
 
 //! Host <-> Shim Communication
 
-use crate::addr::{HostVirtAddr, ShimPhysUnencryptedAddr};
-use crate::debug::_enarx_asm_triple_fault;
-use crate::snp::ghcb::GHCB;
-use crate::spin::RwLocked;
-use crate::{get_cbit_mask, _ENARX_SALLYPORT_END, _ENARX_SALLYPORT_START};
-
 use core::convert::TryFrom;
 use core::mem::size_of;
 
@@ -22,6 +16,13 @@ use x86_64::instructions::port::Port;
 use x86_64::structures::paging::{Page, Size4KiB};
 use x86_64::{PhysAddr, VirtAddr};
 
+use crate::addr::{HostVirtAddr, ShimPhysUnencryptedAddr};
+use crate::debug::_enarx_asm_triple_fault;
+use crate::snp::ghcb::GHCB;
+use crate::snp::snp_active;
+use crate::spin::RwLocked;
+use crate::{_ENARX_SALLYPORT_END, _ENARX_SALLYPORT_START};
+
 /// Host file descriptor
 #[derive(Copy, Clone)]
 pub struct HostFd(libc::c_int);
@@ -59,7 +60,7 @@ fn return_empty_option(_i: usize) -> Option<&'static mut Block> {
 
 /// The static HostCall Mutex
 pub static HOST_CALL_ALLOC: Lazy<RwLocked<HostCallAllocator>> = Lazy::new(|| {
-    if get_cbit_mask() != 0 {
+    if snp_active() {
         // For SEV-SNP mark the sallyport pages as shared/unencrypted
 
         let npages = (unsafe {
@@ -133,7 +134,7 @@ impl HostCall {
     /// The parameters returned can't be trusted.
     #[inline(always)]
     pub unsafe fn hostcall(&mut self) -> sallyport::Result {
-        if get_cbit_mask() == 0 {
+        if !snp_active() {
             let mut port = Port::<u16>::new(KVM_SYSCALL_TRIGGER_PORT);
 
             // prevent earlier writes from being moved beyond this point

internal/shim-sev/src/main.rs

@@ -21,8 +21,9 @@ use crate::print::{enable_printing, is_printing_enabled};
 use crate::snp::cpuid_page::CpuidPage;
 use crate::snp::ghcb::Ghcb;
 use crate::snp::secrets_page::SnpSecretsPage;
+use crate::snp::C_BIT_MASK;
 
-use core::sync::atomic::{AtomicBool, AtomicU64, Ordering};
+use core::sync::atomic::{AtomicBool, Ordering};
 
 use goblin::elf::header::header64::Header;
 use noted::noted;
@@ -58,8 +59,6 @@ mod start;
 pub mod syscall;
 pub mod usermode;
 
-static C_BIT_MASK: AtomicU64 = AtomicU64::new(0);
-
 static PAYLOAD_READY: AtomicBool = AtomicBool::new(false);
 
 extern "C" {
@@ -83,12 +82,6 @@ extern "C" {
     pub static mut _ENARX_SECRETS: SnpSecretsPage;
 }
 
-/// Get the SEV C-Bit mask
-#[inline(always)]
-pub fn get_cbit_mask() -> u64 {
-    C_BIT_MASK.load(Ordering::Relaxed)
-}
-
 /// Switch the stack and jump to a function
 ///
 /// # Safety

internal/shim-sev/src/pagetables.rs

@@ -2,11 +2,6 @@
 
 //! Page Tables
 
-use crate::addr::{BYTES_1_GIB, BYTES_2_MIB, SHIM_VIRT_OFFSET};
-use crate::allocator::ALLOCATOR;
-use crate::paging::{EncPhysOffset, SHIM_PAGETABLE};
-use crate::{get_cbit_mask, paging};
-
 use core::alloc::Layout;
 use core::mem::size_of;
 
@@ -19,6 +14,12 @@ use x86_64::structures::paging::{
 };
 use x86_64::{PhysAddr, VirtAddr};
 
+use crate::addr::{BYTES_1_GIB, BYTES_2_MIB, SHIM_VIRT_OFFSET};
+use crate::allocator::ALLOCATOR;
+use crate::paging;
+use crate::paging::{EncPhysOffset, SHIM_PAGETABLE};
+use crate::snp::get_cbit_mask;
+
 /// A page-aligned Page Table.
 #[repr(C, align(4096))]
 pub struct AlignedPageTable(pub [u64; 512]);

internal/shim-sev/src/paging.rs

@@ -3,7 +3,7 @@
 //! Paging
 
 use crate::addr::SHIM_VIRT_OFFSET;
-use crate::get_cbit_mask;
+use crate::snp::get_cbit_mask;
 
 use spinning::{Lazy, RwLock};
 use x86_64::registers::control::Cr3;

internal/shim-sev/src/snp/cpuid_page.rs

@@ -2,13 +2,15 @@
 
 //! FIXME: move to sev crate
 
-use crate::{get_cbit_mask, _ENARX_CPUID};
-
-use const_default::ConstDefault;
 use core::arch::x86_64::CpuidResult;
 use core::fmt::Debug;
 use core::mem::size_of;
 
+use const_default::ConstDefault;
+
+use crate::snp::snp_active;
+use crate::_ENARX_CPUID;
+
 const COUNT_MAX: usize = 64;
 
 /// An entry in the SNP CPUID Page
@@ -135,7 +137,7 @@ pub fn cpuid(leaf: u32) -> CpuidResult {
 /// [amd64_ref]: http://support.amd.com/TechDocs/24594.pdf
 #[inline]
 pub fn cpuid_count(leaf: u32, sub_leaf: u32) -> CpuidResult {
-    if get_cbit_mask() == 0 {
+    if !snp_active() {
         unsafe { core::arch::x86_64::__cpuid_count(leaf, sub_leaf) }
     } else {
         let cpuid = &unsafe { _ENARX_CPUID };

internal/shim-sev/src/snp/mod.rs

@@ -2,15 +2,32 @@
 
 //! SNP specific modules and functions
 
-use crate::snp::Error::{FailInput, FailSizeMismatch, Unknown};
+use core::sync::atomic::{AtomicU64, Ordering};
 
 use x86_64::VirtAddr;
 
+pub use cpuid_page::{cpuid, cpuid_count, get_cpuid_max};
+
+use crate::snp::Error::{FailInput, FailSizeMismatch, Unknown};
+
 pub mod cpuid_page;
 pub mod ghcb;
 pub mod secrets_page;
 
-pub use cpuid_page::{cpuid, cpuid_count, get_cpuid_max};
+/// The C-Bit mask indicating encrypted physical addresses
+pub static C_BIT_MASK: AtomicU64 = AtomicU64::new(0);
+
+/// Get the SEV C-Bit mask
+#[inline(always)]
+pub fn get_cbit_mask() -> u64 {
+    C_BIT_MASK.load(Ordering::Relaxed)
+}
+
+/// Test, if SEV-SNP is enabled
+#[inline(always)]
+pub fn snp_active() -> bool {
+    get_cbit_mask() > 0
+}
 
 /// Error returned by pvalidate
 #[derive(Debug)]