* Re: Patch "x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path" has been added to the 5.12-stable tree
[not found] <20210508032224.039CF613ED@mail.kernel.org>
@ 2021-05-08 10:26 ` Greg KH
2021-05-18 11:39 ` [PATCH stable-5.10,5.11,5.12] x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path Joerg Roedel
0 siblings, 1 reply; 4+ messages in thread
From: Greg KH @ 2021-05-08 10:26 UTC (permalink / raw)
To: linux-kernel; +Cc: jroedel, stable-commits
On Fri, May 07, 2021 at 11:22:23PM -0400, Sasha Levin wrote:
> This is a note to let you know that I've just added the patch titled
>
> x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path
>
> to the 5.12-stable tree which can be found at:
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
>
> The filename of the patch is:
> x86-boot-compressed-64-check-sev-encryption-in-the-3.patch
> and it can be found in the queue-5.12 subdirectory.
>
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable@vger.kernel.org> know about it.
>
>
>
> commit 2c622aeb46b16fd945fc681fec16b989940b826d
> Author: Joerg Roedel <jroedel@suse.de>
> Date: Fri Mar 12 13:38:23 2021 +0100
>
> x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path
>
> [ Upstream commit fef81c86262879d4b1176ef51a834c15b805ebb9 ]
>
> Check whether the hypervisor reported the correct C-bit when running
> as an SEV guest. Using a wrong C-bit position could be used to leak
> sensitive data from the guest to the hypervisor.
>
> Signed-off-by: Joerg Roedel <jroedel@suse.de>
> Signed-off-by: Borislav Petkov <bp@suse.de>
> Link: https://lkml.kernel.org/r/20210312123824.306-8-joro@8bytes.org
> Signed-off-by: Sasha Levin <sashal@kernel.org>
This breaks the build (link time) for 5.12, 5.11, and 5.10 trees, so
I'll go drop it for now.
if it needs to come back, can someone submit a working version?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH stable-5.10,5.11,5.12] x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path
2021-05-08 10:26 ` Patch "x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path" has been added to the 5.12-stable tree Greg KH
@ 2021-05-18 11:39 ` Joerg Roedel
2021-05-18 11:40 ` Joerg Roedel
0 siblings, 1 reply; 4+ messages in thread
From: Joerg Roedel @ 2021-05-18 11:39 UTC (permalink / raw)
To: Greg KH; +Cc: linux-kernel, stable-commits
[ Upstream commit fef81c86262879d4b1176ef51a834c15b805ebb9 ]
Check whether the hypervisor reported the correct C-bit when running
as an SEV guest. Using a wrong C-bit position could be used to leak
sensitive data from the guest to the hypervisor.
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210312123824.306-8-joro@8bytes.org
---
arch/x86/boot/compressed/head_64.S | 85 ++++++++++++++++++++++++++++++
1 file changed, 85 insertions(+)
diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
index e94874f4bbc1..ae1fe558a2d8 100644
--- a/arch/x86/boot/compressed/head_64.S
+++ b/arch/x86/boot/compressed/head_64.S
@@ -172,11 +172,21 @@ SYM_FUNC_START(startup_32)
*/
call get_sev_encryption_bit
xorl %edx, %edx
+#ifdef CONFIG_AMD_MEM_ENCRYPT
testl %eax, %eax
jz 1f
subl $32, %eax /* Encryption bit is always above bit 31 */
bts %eax, %edx /* Set encryption mask for page tables */
+ /*
+ * Mark SEV as active in sev_status so that startup32_check_sev_cbit()
+ * will do a check. The sev_status memory will be fully initialized
+ * with the contents of MSR_AMD_SEV_STATUS later in
+ * set_sev_encryption_mask(). For now it is sufficient to know that SEV
+ * is active.
+ */
+ movl $1, rva(sev_status)(%ebp)
1:
+#endif
/* Initialize Page tables to 0 */
leal rva(pgtable)(%ebx), %edi
@@ -261,6 +271,9 @@ SYM_FUNC_START(startup_32)
movl %esi, %edx
1:
#endif
+ /* Check if the C-bit position is correct when SEV is active */
+ call startup32_check_sev_cbit
+
pushl $__KERNEL_CS
pushl %eax
@@ -786,6 +799,78 @@ SYM_DATA_START_LOCAL(loaded_image_proto)
SYM_DATA_END(loaded_image_proto)
#endif
+/*
+ * Check for the correct C-bit position when the startup_32 boot-path is used.
+ *
+ * The check makes use of the fact that all memory is encrypted when paging is
+ * disabled. The function creates 64 bits of random data using the RDRAND
+ * instruction. RDRAND is mandatory for SEV guests, so always available. If the
+ * hypervisor violates that the kernel will crash right here.
+ *
+ * The 64 bits of random data are stored to a memory location and at the same
+ * time kept in the %eax and %ebx registers. Since encryption is always active
+ * when paging is off the random data will be stored encrypted in main memory.
+ *
+ * Then paging is enabled. When the C-bit position is correct all memory is
+ * still mapped encrypted and comparing the register values with memory will
+ * succeed. An incorrect C-bit position will map all memory unencrypted, so that
+ * the compare will use the encrypted random data and fail.
+ */
+ __HEAD
+ .code32
+SYM_FUNC_START(startup32_check_sev_cbit)
+#ifdef CONFIG_AMD_MEM_ENCRYPT
+ pushl %eax
+ pushl %ebx
+ pushl %ecx
+ pushl %edx
+
+ /* Check for non-zero sev_status */
+ movl rva(sev_status)(%ebp), %eax
+ testl %eax, %eax
+ jz 4f
+
+ /*
+ * Get two 32-bit random values - Don't bail out if RDRAND fails
+ * because it is better to prevent forward progress if no random value
+ * can be gathered.
+ */
+1: rdrand %eax
+ jnc 1b
+2: rdrand %ebx
+ jnc 2b
+
+ /* Store to memory and keep it in the registers */
+ movl %eax, rva(sev_check_data)(%ebp)
+ movl %ebx, rva(sev_check_data+4)(%ebp)
+
+ /* Enable paging to see if encryption is active */
+ movl %cr0, %edx /* Backup %cr0 in %edx */
+ movl $(X86_CR0_PG | X86_CR0_PE), %ecx /* Enable Paging and Protected mode */
+ movl %ecx, %cr0
+
+ cmpl %eax, rva(sev_check_data)(%ebp)
+ jne 3f
+ cmpl %ebx, rva(sev_check_data+4)(%ebp)
+ jne 3f
+
+ movl %edx, %cr0 /* Restore previous %cr0 */
+
+ jmp 4f
+
+3: /* Check failed - hlt the machine */
+ hlt
+ jmp 3b
+
+4:
+ popl %edx
+ popl %ecx
+ popl %ebx
+ popl %eax
+#endif
+ ret
+SYM_FUNC_END(startup32_check_sev_cbit)
+
/*
* Stack and heap for uncompression
*/
--
2.31.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH stable-5.10,5.11,5.12] x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path
2021-05-18 11:39 ` [PATCH stable-5.10,5.11,5.12] x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path Joerg Roedel
@ 2021-05-18 11:40 ` Joerg Roedel
2021-05-24 12:50 ` Greg KH
0 siblings, 1 reply; 4+ messages in thread
From: Joerg Roedel @ 2021-05-18 11:40 UTC (permalink / raw)
To: Greg KH; +Cc: linux-kernel, stable-commits
On Tue, May 18, 2021 at 01:39:02PM +0200, Joerg Roedel wrote:
> [ Upstream commit fef81c86262879d4b1176ef51a834c15b805ebb9 ]
>
> Check whether the hypervisor reported the correct C-bit when running
> as an SEV guest. Using a wrong C-bit position could be used to leak
> sensitive data from the guest to the hypervisor.
>
> Signed-off-by: Joerg Roedel <jroedel@suse.de>
> Signed-off-by: Borislav Petkov <bp@suse.de>
> Link: https://lkml.kernel.org/r/20210312123824.306-8-joro@8bytes.org
> ---
> arch/x86/boot/compressed/head_64.S | 85 ++++++++++++++++++++++++++++++
> 1 file changed, 85 insertions(+)
This is compile-tested now for 5.10, 5.11 and 5.12. With 5.12 I also did
a boot-test using the 32-bit boot-path and verified it still works as
expected.
Regards,
Joerg
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH stable-5.10,5.11,5.12] x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path
2021-05-18 11:40 ` Joerg Roedel
@ 2021-05-24 12:50 ` Greg KH
0 siblings, 0 replies; 4+ messages in thread
From: Greg KH @ 2021-05-24 12:50 UTC (permalink / raw)
To: Joerg Roedel; +Cc: linux-kernel, stable-commits
On Tue, May 18, 2021 at 01:40:18PM +0200, Joerg Roedel wrote:
> On Tue, May 18, 2021 at 01:39:02PM +0200, Joerg Roedel wrote:
> > [ Upstream commit fef81c86262879d4b1176ef51a834c15b805ebb9 ]
> >
> > Check whether the hypervisor reported the correct C-bit when running
> > as an SEV guest. Using a wrong C-bit position could be used to leak
> > sensitive data from the guest to the hypervisor.
> >
> > Signed-off-by: Joerg Roedel <jroedel@suse.de>
> > Signed-off-by: Borislav Petkov <bp@suse.de>
> > Link: https://lkml.kernel.org/r/20210312123824.306-8-joro@8bytes.org
> > ---
> > arch/x86/boot/compressed/head_64.S | 85 ++++++++++++++++++++++++++++++
> > 1 file changed, 85 insertions(+)
>
> This is compile-tested now for 5.10, 5.11 and 5.12. With 5.12 I also did
> a boot-test using the 32-bit boot-path and verified it still works as
> expected.
Now queued up, thanks.
greg k-h
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-05-24 12:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20210508032224.039CF613ED@mail.kernel.org>
2021-05-08 10:26 ` Patch "x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path" has been added to the 5.12-stable tree Greg KH
2021-05-18 11:39 ` [PATCH stable-5.10,5.11,5.12] x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path Joerg Roedel
2021-05-18 11:40 ` Joerg Roedel
2021-05-24 12:50 ` Greg KH
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).