Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp3542413pxj; Mon, 24 May 2021 09:01:49 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy/8hiHVguK1ulo7kd0D9Uh/i9t6XgA9A3atT5rVWZY7ytstMxzGJojl0ed7b9aZcDk6Cwr X-Received: by 2002:a05:6e02:18cd:: with SMTP id s13mr9244484ilu.43.1621872109347; Mon, 24 May 2021 09:01:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621872109; cv=none; d=google.com; s=arc-20160816; b=pQd0HTxxLR+AHWKrzst58VWaldVY5Zm73DLXk9xiXJaprm8MPrcygEw1zrl/ShrD25 IyvNTAcdAaGZMELTp7GMQxMgTkyzAbejLSxlArC7gplkQttVKfuVV0WbUXwmkFGDZfvh X+UzaYkuZ5Y6UWHmsGe6gKxvvoF4jEPcYlYfv0WQIGDiLsjg9ZOMCp60ZGReFjKOHwqq nNAw0tgijUQpbB+4lAN5MJ95FSuaz1tAVz6pXY3Uw6sQSo5kHCN3PnAA50JVjtnwc/A2 i/p9B/PZMjcoqQAOQX5vAKk7B/vxzRh/t5a1IFnasP5njtsnJ9ECQQ8BNC2wtGCPqDe1 gznw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=KOaNjbr9XVVM5D5WXhnY4wUSMMlq+jgE/sUOr1kT+Jw=; b=svad/YLWU7SlcArnCl6criDLfirAAZehIUF6ONkv7KWGi9t8Cvzk2tMRErCxJ1j0wR HsQObpoMyOA+nAjpRrklPKSeDCX7GfSV2q8IdBq4IT9Yc8saM5wBl279Z34YMhXymcg4 eOg/PCF5LxCUWyN41tE06qEbDNMfflEPPp4VkmOUU3b885CSPF/w3UFJfkveIYfuKlMH MOSkO1/NukOllP+4a4QxlxvhuOi5Z+UT8mVzSB9A4oG4kTnvZWUo5d5aWnHJjL5/TTQ8 QsG2FIZ/WF2vIsenLjv8M4y2bdQao01yYC0b48J7/+S4/MRJV9HR+HKhF0pZoHCvdVq9 gTjA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=c+LwUsBT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q7si13471465jaj.88.2021.05.24.09.01.34; Mon, 24 May 2021 09:01:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=c+LwUsBT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235923AbhEXQC2 (ORCPT + 99 others); Mon, 24 May 2021 12:02:28 -0400 Received: from mail.kernel.org ([198.145.29.99]:39394 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234792AbhEXPzy (ORCPT ); Mon, 24 May 2021 11:55:54 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 6BAB46142F; Mon, 24 May 2021 15:42:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1621870937; bh=9jW5E5FsQGcrO2qsi4g2HM0gupFU/sDofvrZVbVMKsY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=c+LwUsBTnOt31m61GWUhjkfXwGqPMcLic8CVIgVrnzAbab769WJiXGxVPcXzgH5YZ KOZ8s0RCBuuJQgjR+//zLg707avS+VGUWEGjZ+10iLv1ZRt9Yg25mP/xdcRLrdHDvc qiZqV/CXfU0oWcwl39WrSPSzfxJgXzHeclmtOWvE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Joerg Roedel , Borislav Petkov Subject: [PATCH 5.10 104/104] x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path Date: Mon, 24 May 2021 17:26:39 +0200 Message-Id: <20210524152336.300687440@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210524152332.844251980@linuxfoundation.org> References: <20210524152332.844251980@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Joerg Roedel commit fef81c86262879d4b1176ef51a834c15b805ebb9 upstream. Check whether the hypervisor reported the correct C-bit when running as an SEV guest. Using a wrong C-bit position could be used to leak sensitive data from the guest to the hypervisor. Signed-off-by: Joerg Roedel Signed-off-by: Borislav Petkov Link: https://lkml.kernel.org/r/20210312123824.306-8-joro@8bytes.org Signed-off-by: Greg Kroah-Hartman --- arch/x86/boot/compressed/head_64.S | 85 +++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -172,11 +172,21 @@ SYM_FUNC_START(startup_32) */ call get_sev_encryption_bit xorl %edx, %edx +#ifdef CONFIG_AMD_MEM_ENCRYPT testl %eax, %eax jz 1f subl $32, %eax /* Encryption bit is always above bit 31 */ bts %eax, %edx /* Set encryption mask for page tables */ + /* + * Mark SEV as active in sev_status so that startup32_check_sev_cbit() + * will do a check. The sev_status memory will be fully initialized + * with the contents of MSR_AMD_SEV_STATUS later in + * set_sev_encryption_mask(). For now it is sufficient to know that SEV + * is active. + */ + movl $1, rva(sev_status)(%ebp) 1: +#endif /* Initialize Page tables to 0 */ leal rva(pgtable)(%ebx), %edi @@ -261,6 +271,9 @@ SYM_FUNC_START(startup_32) movl %esi, %edx 1: #endif + /* Check if the C-bit position is correct when SEV is active */ + call startup32_check_sev_cbit + pushl $__KERNEL_CS pushl %eax @@ -787,6 +800,78 @@ SYM_DATA_END(loaded_image_proto) #endif /* + * Check for the correct C-bit position when the startup_32 boot-path is used. + * + * The check makes use of the fact that all memory is encrypted when paging is + * disabled. The function creates 64 bits of random data using the RDRAND + * instruction. RDRAND is mandatory for SEV guests, so always available. If the + * hypervisor violates that the kernel will crash right here. + * + * The 64 bits of random data are stored to a memory location and at the same + * time kept in the %eax and %ebx registers. Since encryption is always active + * when paging is off the random data will be stored encrypted in main memory. + * + * Then paging is enabled. When the C-bit position is correct all memory is + * still mapped encrypted and comparing the register values with memory will + * succeed. An incorrect C-bit position will map all memory unencrypted, so that + * the compare will use the encrypted random data and fail. + */ + __HEAD + .code32 +SYM_FUNC_START(startup32_check_sev_cbit) +#ifdef CONFIG_AMD_MEM_ENCRYPT + pushl %eax + pushl %ebx + pushl %ecx + pushl %edx + + /* Check for non-zero sev_status */ + movl rva(sev_status)(%ebp), %eax + testl %eax, %eax + jz 4f + + /* + * Get two 32-bit random values - Don't bail out if RDRAND fails + * because it is better to prevent forward progress if no random value + * can be gathered. + */ +1: rdrand %eax + jnc 1b +2: rdrand %ebx + jnc 2b + + /* Store to memory and keep it in the registers */ + movl %eax, rva(sev_check_data)(%ebp) + movl %ebx, rva(sev_check_data+4)(%ebp) + + /* Enable paging to see if encryption is active */ + movl %cr0, %edx /* Backup %cr0 in %edx */ + movl $(X86_CR0_PG | X86_CR0_PE), %ecx /* Enable Paging and Protected mode */ + movl %ecx, %cr0 + + cmpl %eax, rva(sev_check_data)(%ebp) + jne 3f + cmpl %ebx, rva(sev_check_data+4)(%ebp) + jne 3f + + movl %edx, %cr0 /* Restore previous %cr0 */ + + jmp 4f + +3: /* Check failed - hlt the machine */ + hlt + jmp 3b + +4: + popl %edx + popl %ecx + popl %ebx + popl %eax +#endif + ret +SYM_FUNC_END(startup32_check_sev_cbit) + +/* * Stack and heap for uncompression */ .bss