x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path

Check whether the hypervisor reported the correct C-bit when running as an SEV guest. Using a wrong C-bit position could be used to leak sensitive data from the guest to the hypervisor. The check function is in a separate file: arch/x86/kernel/sev_verify_cbit.S so that it can be re-used in the running kernel image. [ bp: Massage. ] Signed-off-by: Joerg Roedel <jroedel@suse.de> Signed-off-by: Borislav Petkov <bp@suse.de> Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com> Link: https://lkml.kernel.org/r/20201028164659.27002-4-joro@8bytes.org
author: Joerg Roedel <jroedel@suse.de> 2020-10-28 17:46:57 +0100
committer: Borislav Petkov <bp@suse.de> 2020-10-29 18:06:52 +0100
commit: 86ce43f7dde81562f58b24b426cef068bd9f7595 (patch)
tree: f3042a795cff8aa037faa8c7d77e61d003af12d7 /arch/x86/boot/compressed/misc.h
parent: x86/boot/compressed/64: Sanity-check CPUID results in the early #VC handler (diff)
download: linux-dev-86ce43f7dde81562f58b24b426cef068bd9f7595.tar.xz
linux-dev-86ce43f7dde81562f58b24b426cef068bd9f7595.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h
index 6d31f1b4c4d1..d9a631c5973c 100644
--- a/arch/x86/boot/compressed/misc.h
+++ b/arch/x86/boot/compressed/misc.h
@@ -159,4 +159,6 @@ void boot_page_fault(void);
 void boot_stage1_vc(void);
 void boot_stage2_vc(void);
 
+unsigned long sev_verify_cbit(unsigned long cr3);
+
 #endif /* BOOT_COMPRESSED_MISC_H */
author	Joerg Roedel <jroedel@suse.de>	2020-10-28 17:46:57 +0100
committer	Borislav Petkov <bp@suse.de>	2020-10-29 18:06:52 +0100
commit	86ce43f7dde81562f58b24b426cef068bd9f7595 (patch)
tree	f3042a795cff8aa037faa8c7d77e61d003af12d7 /arch/x86/boot/compressed/misc.h
parent	x86/boot/compressed/64: Sanity-check CPUID results in the early #VC handler (diff)
download	linux-dev-86ce43f7dde81562f58b24b426cef068bd9f7595.tar.xz linux-dev-86ce43f7dde81562f58b24b426cef068bd9f7595.zip