efer: require the unconditional use of EFER.NXE

All processors that support virtualization also support NX. Therefore, there is no reason to detect NX via CPUID, and EFER.NXE can be enabled very early in boot, unconditionally, for simplicity in managing page tables. Signed-off-by: Jon Lange <[email protected]>
coconut-svsm · Oct 2, 2024 · c47c34d · c47c34d
1 parent 5ad09f1
commit c47c34d
Show file tree

Hide file tree

Showing 5 changed files with 5 additions and 30 deletions.
diff --git a/kernel/src/boot_stage2.rs b/kernel/src/boot_stage2.rs
@@ -99,11 +99,13 @@ global_asm!(
         bts $5, %eax
         movl %eax, %cr4
 
-        /* Enable long mode, EFER.LME. */
+        /* Enable long mode, EFER.LME. Also ensure NXE is set. */
         movl $0xc0000080, %ecx
         rdmsr
-        bts $8, %eax
-        jc 2f
+        movl %eax, %ebx
+        orl $0x900, %eax
+        cmp %eax, %ebx
+        jz 2f
         wrmsr
         2:
 

diff --git a/kernel/src/cpu/efer.rs b/kernel/src/cpu/efer.rs
@@ -4,9 +4,7 @@
 //
 // Author: Joerg Roedel <[email protected]>
 
-use super::features::cpu_has_nx;
 use super::msr::{read_msr, write_msr, EFER};
-use crate::platform::SvsmPlatform;
 use bitflags::bitflags;
 
 bitflags! {
@@ -34,15 +32,3 @@ pub fn write_efer(efer: EFERFlags) {
     let val = efer.bits();
     write_msr(EFER, val);
 }
-
-pub fn efer_init(platform: &dyn SvsmPlatform) {
-    let mut efer = read_efer();
-
-    // All processors that are capable of virtualization will support
-    // no-execute table entries, so there is no reason to support any processor
-    // that does not enumerate NX capability.
-    assert!(cpu_has_nx(platform), "CPU does not support NX");
-
-    efer.insert(EFERFlags::NXE);
-    write_efer(efer);
-}
diff --git a/kernel/src/cpu/features.rs b/kernel/src/cpu/features.rs
@@ -6,18 +6,8 @@
 
 use crate::platform::SvsmPlatform;
 
-const X86_FEATURE_NX: u32 = 20;
 const X86_FEATURE_PGE: u32 = 13;
 
-pub fn cpu_has_nx(platform: &dyn SvsmPlatform) -> bool {
-    let ret = platform.cpuid(0x80000001);
-
-    match ret {
-        None => false,
-        Some(c) => (c.edx >> X86_FEATURE_NX) & 1 == 1,
-    }
-}
-
 pub fn cpu_has_pge(platform: &dyn SvsmPlatform) -> bool {
     let ret = platform.cpuid(0x00000001);
 

diff --git a/kernel/src/mm/pagetable.rs b/kernel/src/mm/pagetable.rs
@@ -53,7 +53,6 @@ pub fn paging_init_early(platform: &dyn SvsmPlatform) -> ImmutAfterInitResult<()
     init_encrypt_mask(platform)?;
 
     let mut feature_mask = PTEntryFlags::all();
-    feature_mask.remove(PTEntryFlags::NX);
     feature_mask.remove(PTEntryFlags::GLOBAL);
     FEATURE_MASK.reinit(&feature_mask)
 }

diff --git a/kernel/src/svsm.rs b/kernel/src/svsm.rs
@@ -20,7 +20,6 @@ use svsm::config::SvsmConfig;
 use svsm::console::install_console_logger;
 use svsm::cpu::control_regs::{cr0_init, cr4_init};
 use svsm::cpu::cpuid::{dump_cpuid_table, register_cpuid_table};
-use svsm::cpu::efer::efer_init;
 use svsm::cpu::gdt;
 use svsm::cpu::idt::svsm::{early_idt_init, idt_init};
 use svsm::cpu::percpu::current_ghcb;
@@ -311,7 +310,6 @@ pub extern "C" fn svsm_start(li: &KernelLaunchInfo, vb_addr: usize) {
 
     cr0_init();
     cr4_init(platform);
-    efer_init(platform);
     install_console_logger("SVSM").expect("Console logger already initialized");
     platform
         .env_setup(debug_serial_port, launch_info.vtom.try_into().unwrap())