]> git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/commit
projects / mirror_ubuntu-hirsute-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 86ce43f) | patch
x86/head/64: Check SEV encryption before switching to kernel page-table
authorJoerg Roedel <jroedel@suse.de>
Wed, 28 Oct 2020 16:46:58 +0000 (17:46 +0100)
committerBorislav Petkov <bp@suse.de>
Thu, 29 Oct 2020 17:09:59 +0000 (18:09 +0100)
commitc9f09539e16e281f92a27760fdfae71e8af036f6
tree6e0eb9706062025102be18c76c366f339ce909fftree
parent86ce43f7dde81562f58b24b426cef068bd9f7595commit | diff
x86/head/64: Check SEV encryption before switching to kernel page-table

When SEV is enabled, the kernel requests the C-bit position again from
the hypervisor to build its own page-table. Since the hypervisor is an
untrusted source, the C-bit position needs to be verified before the
kernel page-table is used.

Call sev_verify_cbit() before writing the CR3.

 [ bp: Massage. ]

Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://lkml.kernel.org/r/20201028164659.27002-5-joro@8bytes.org
arch/x86/kernel/head_64.S diff | blob | blame | history
arch/x86/mm/mem_encrypt.c diff | blob | blame | history
Ubuntu Hirsute Linux kernel mirror