diff options
author | Joerg Roedel <jroedel@suse.de> | 2020-10-28 17:46:57 +0100 |
---|---|---|
committer | Borislav Petkov <bp@suse.de> | 2020-10-29 18:06:52 +0100 |
commit | 86ce43f7dde81562f58b24b426cef068bd9f7595 (patch) | |
tree | f3042a795cff8aa037faa8c7d77e61d003af12d7 /arch/x86/boot/compressed/ident_map_64.c | |
parent | ed7b895f3efb5df184722f5a30f8164fcaffceb1 (diff) |
x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path
Check whether the hypervisor reported the correct C-bit when running as
an SEV guest. Using a wrong C-bit position could be used to leak
sensitive data from the guest to the hypervisor.
The check function is in a separate file:
arch/x86/kernel/sev_verify_cbit.S
so that it can be re-used in the running kernel image.
[ bp: Massage. ]
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://lkml.kernel.org/r/20201028164659.27002-4-joro@8bytes.org
Diffstat (limited to 'arch/x86/boot/compressed/ident_map_64.c')
-rw-r--r-- | arch/x86/boot/compressed/ident_map_64.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/arch/x86/boot/compressed/ident_map_64.c b/arch/x86/boot/compressed/ident_map_64.c index a5e5db6ada3c..39b2eded7bc2 100644 --- a/arch/x86/boot/compressed/ident_map_64.c +++ b/arch/x86/boot/compressed/ident_map_64.c @@ -164,6 +164,7 @@ void initialize_identity_maps(void *rmode) add_identity_map(cmdline, cmdline + COMMAND_LINE_SIZE); /* Load the new page-table. */ + sev_verify_cbit(top_level_pgt); write_cr3(top_level_pgt); } |