git.baikalelectronics.ru Git - kernel.git/commit

author	Joerg Roedel <jroedel@suse.de>
	Wed, 28 Oct 2020 16:46:58 +0000 (17:46 +0100)
committer	Borislav Petkov <bp@suse.de>
	Thu, 29 Oct 2020 17:09:59 +0000 (18:09 +0100)
commit	18d01b2b5e717020989e6d2c052f1442b3e6fc5c
tree	6e0eb9706062025102be18c76c366f339ce909ff	tree \| snapshot
parent	248b59459761199091e940f475ea35b56b151e0c	commit \| diff

x86/head/64: Check SEV encryption before switching to kernel page-table

When SEV is enabled, the kernel requests the C-bit position again from
the hypervisor to build its own page-table. Since the hypervisor is an
untrusted source, the C-bit position needs to be verified before the
kernel page-table is used.

Call sev_verify_cbit() before writing the CR3.

[ bp: Massage. ]

Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://lkml.kernel.org/r/20201028164659.27002-5-joro@8bytes.org

arch/x86/kernel/head_64.S		diff \| blob \| history
arch/x86/mm/mem_encrypt.c		diff \| blob \| history