summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorPu Wen <puwen@hygon.cn>2021-06-02 15:02:07 +0800
committerBorislav Petkov <bp@suse.de>2021-06-04 18:39:09 +0200
commit009767dbf42ac0dbe3cf48c1ee224f6b778aa85a (patch)
treed2d5846f0ed5a25530597269c3a86d779d90f64f /security
parent5405b42c2f08efe67b531799ba2fdb35bac93e70 (diff)
downloadlinux-stable-009767dbf42ac0dbe3cf48c1ee224f6b778aa85a.tar.gz
linux-stable-009767dbf42ac0dbe3cf48c1ee224f6b778aa85a.tar.bz2
linux-stable-009767dbf42ac0dbe3cf48c1ee224f6b778aa85a.zip
x86/sev: Check SME/SEV support in CPUID first
The first two bits of the CPUID leaf 0x8000001F EAX indicate whether SEV or SME is supported, respectively. It's better to check whether SEV or SME is actually supported before accessing the MSR_AMD64_SEV to check whether SEV or SME is enabled. This is both a bare-metal issue and a guest/VM issue. Since the first generation Hygon Dhyana CPU doesn't support the MSR_AMD64_SEV, reading that MSR results in a #GP - either directly from hardware in the bare-metal case or via the hypervisor (because the RDMSR is actually intercepted) in the guest/VM case, resulting in a failed boot. And since this is very early in the boot phase, rdmsrl_safe()/native_read_msr_safe() can't be used. So check the CPUID bits first, before accessing the MSR. [ tlendacky: Expand and improve commit message. ] [ bp: Massage commit message. ] Fixes: eab696d8e8b9 ("x86/sev: Do not require Hypervisor CPUID bit for SEV guests") Signed-off-by: Pu Wen <puwen@hygon.cn> Signed-off-by: Borislav Petkov <bp@suse.de> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Cc: <stable@vger.kernel.org> # v5.10+ Link: https://lkml.kernel.org/r/20210602070207.2480-1-puwen@hygon.cn
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions