From: Joerg Roedel <joro@8bytes.org>
To: x86@kernel.org
Cc: Joerg Roedel <joro@8bytes.org>, Joerg Roedel <jroedel@suse.de>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
"H. Peter Anvin" <hpa@zytor.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Kees Cook <keescook@chromium.org>,
Arvind Sankar <nivedita@alum.mit.edu>,
Martin Radev <martin.b.radev@gmail.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
linux-kernel@vger.kernel.org
Subject: [PATCH v2 0/5] x86/sev-es: Mitigate some HV attack vectors
Date: Tue, 20 Oct 2020 14:18:51 +0200 [thread overview]
Message-ID: <20201020121856.19427-1-joro@8bytes.org> (raw)
From: Joerg Roedel <jroedel@suse.de>
Hi,
here are some enhancements to the SEV(-ES) code in the Linux kernel to
self-protect it against some newly detected hypervisor attacks. There
are 3 attacks addressed here:
1) Hypervisor does not present the SEV-enabled bit via CPUID
2) The Hypervisor presents the wrong C-bit position via CPUID
3) An encrypted RAM page is mapped as MMIO in the nested
page-table, causing #VC exceptions and possible leak of the
data to the hypervisor or data/code injection from the
Hypervisor.
The attacks are described in more detail in this paper:
https://arxiv.org/abs/2010.07094
Please review.
Thanks,
Joerg
Changes to v1:
- Disable CR4.PGE during C-bit test
- Do not safe/restore caller-safed registers in
set_sev_encryption_mask()
Joerg Roedel (5):
x86/boot/compressed/64: Introduce sev_status
x86/boot/compressed/64: Add CPUID sanity check to early #VC handler
x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path
x86/head/64: Check SEV encryption before switching to kernel
page-table
x86/sev-es: Do not support MMIO to/from encrypted memory
arch/x86/boot/compressed/ident_map_64.c | 1 +
arch/x86/boot/compressed/mem_encrypt.S | 14 +++-
arch/x86/boot/compressed/misc.h | 2 +
arch/x86/kernel/head_64.S | 14 +++-
arch/x86/kernel/sev-es-shared.c | 26 +++++++
arch/x86/kernel/sev-es.c | 20 ++++--
arch/x86/kernel/sev_verify_cbit.S | 91 +++++++++++++++++++++++++
arch/x86/mm/mem_encrypt.c | 1 +
8 files changed, 160 insertions(+), 9 deletions(-)
create mode 100644 arch/x86/kernel/sev_verify_cbit.S
--
2.28.0
next reply other threads:[~2020-10-20 12:19 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-20 12:18 Joerg Roedel [this message]
2020-10-20 12:18 ` [PATCH v2 1/5] x86/boot/compressed/64: Introduce sev_status Joerg Roedel
2020-10-20 12:18 ` [PATCH v2 2/5] x86/boot/compressed/64: Add CPUID sanity check to early #VC handler Joerg Roedel
2020-10-20 12:18 ` [PATCH v2 3/5] x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path Joerg Roedel
2020-10-20 14:12 ` Arvind Sankar
2020-10-20 15:48 ` Joerg Roedel
2020-10-20 16:04 ` Arvind Sankar
2020-10-21 12:49 ` Joerg Roedel
2020-10-20 12:18 ` [PATCH v2 4/5] x86/head/64: Check SEV encryption before switching to kernel page-table Joerg Roedel
2020-10-20 12:18 ` [PATCH v2 5/5] x86/sev-es: Do not support MMIO to/from encrypted memory Joerg Roedel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201020121856.19427-1-joro@8bytes.org \
--to=joro@8bytes.org \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jroedel@suse.de \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=martin.b.radev@gmail.com \
--cc=mingo@redhat.com \
--cc=nivedita@alum.mit.edu \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.