diff options
| author | Joerg Roedel <jroedel@suse.de> | 2020-10-28 17:46:56 +0100 |
|---|---|---|
| committer | Borislav Petkov <bp@suse.de> | 2020-10-29 13:48:49 +0100 |
| commit | ed7b895f3efb5df184722f5a30f8164fcaffceb1 (patch) | |
| tree | 7748da27da985bd96ca5cb2175aa5b200d1c99a9 /arch/x86/kernel | |
| parent | 3ad84246a4097010f3ae3d6944120c0be00e9e7a (diff) | |
| download | linux-ed7b895f3efb5df184722f5a30f8164fcaffceb1.tar.gz linux-ed7b895f3efb5df184722f5a30f8164fcaffceb1.tar.bz2 linux-ed7b895f3efb5df184722f5a30f8164fcaffceb1.zip | |
x86/boot/compressed/64: Sanity-check CPUID results in the early #VC handler
The early #VC handler which doesn't have a GHCB can only handle CPUID
exit codes. It is needed by the early boot code to handle #VC exceptions
raised in verify_cpu() and to get the position of the C-bit.
But the CPUID information comes from the hypervisor which is untrusted
and might return results which trick the guest into the no-SEV boot path
with no C-bit set in the page-tables. All data written to memory would
then be unencrypted and could leak sensitive data to the hypervisor.
Add sanity checks to the early #VC handler to make sure the hypervisor
can not pretend that SEV is disabled.
[ bp: Massage a bit. ]
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://lkml.kernel.org/r/20201028164659.27002-3-joro@8bytes.org
Diffstat (limited to 'arch/x86/kernel')
| -rw-r--r-- | arch/x86/kernel/sev-es-shared.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/arch/x86/kernel/sev-es-shared.c b/arch/x86/kernel/sev-es-shared.c index 5f83ccaab877..7d04b356d44d 100644 --- a/arch/x86/kernel/sev-es-shared.c +++ b/arch/x86/kernel/sev-es-shared.c @@ -178,6 +178,32 @@ void __init do_vc_no_ghcb(struct pt_regs *regs, unsigned long exit_code) goto fail; regs->dx = val >> 32; + /* + * This is a VC handler and the #VC is only raised when SEV-ES is + * active, which means SEV must be active too. Do sanity checks on the + * CPUID results to make sure the hypervisor does not trick the kernel + * into the no-sev path. This could map sensitive data unencrypted and + * make it accessible to the hypervisor. + * + * In particular, check for: + * - Hypervisor CPUID bit + * - Availability of CPUID leaf 0x8000001f + * - SEV CPUID bit. + * + * The hypervisor might still report the wrong C-bit position, but this + * can't be checked here. + */ + + if ((fn == 1 && !(regs->cx & BIT(31)))) + /* Hypervisor bit */ + goto fail; + else if (fn == 0x80000000 && (regs->ax < 0x8000001f)) + /* SEV leaf check */ + goto fail; + else if ((fn == 0x8000001f && !(regs->ax & BIT(1)))) + /* SEV bit */ + goto fail; + /* Skip over the CPUID two-byte opcode */ regs->ip += 2; |