vmsa: enable shadow stacks

This enables shadow stacks on the secondary APs. Signed-off-by: Tom Dohrmann <erbse.13@gmx.de>
coconut-svsm · Sep 12, 2024 · 93e1490 · 93e1490
1 parent d9f67be
commit 93e1490
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/kernel/src/cpu/percpu.rs b/kernel/src/cpu/percpu.rs
@@ -724,6 +724,9 @@ impl PerCpu {
         vmsa.tr = self.vmsa_tr_segment();
         vmsa.rip = start_rip;
         vmsa.rsp = self.get_top_of_stack().into();
+        if cfg!(feature = "shadow-stacks") {
+            vmsa.ssp = self.get_top_of_shadow_stack().into();
+        }
         vmsa.cr3 = self.get_pgtable().cr3_value().into();
         vmsa.enable();
 

diff --git a/kernel/src/cpu/vmsa.rs b/kernel/src/cpu/vmsa.rs
@@ -13,6 +13,7 @@ use super::control_regs::{read_cr0, read_cr3, read_cr4};
 use super::efer::read_efer;
 use super::gdt;
 use super::idt::common::idt;
+use super::shadow_stack::read_s_cet;
 
 fn svsm_code_segment() -> VMSASegment {
     VMSASegment {
@@ -66,6 +67,9 @@ pub fn init_svsm_vmsa(vmsa: &mut VMSA, vtom: u64) {
     vmsa.cr3 = read_cr3().bits() as u64;
     vmsa.cr4 = read_cr4().bits();
     vmsa.efer = read_efer().bits();
+    if cfg!(feature = "shadow-stacks") {
+        vmsa.s_cet = read_s_cet().bits();
+    }
 
     vmsa.rflags = 0x2;
     vmsa.dr6 = 0xffff0ff0;