| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <19b93a95-eed2-c8f9-6f7f-f79fe7146c0c@amd.com>
Date: Wed, 28 Oct 2020 12:29:36 -0500
From: Tom Lendacky <thomas.lendacky@....com>
To: Joerg Roedel <joro@...tes.org>, x86@...nel.org
Cc: Joerg Roedel <jroedel@...e.de>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
"H. Peter Anvin" <hpa@...or.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Andy Lutomirski <luto@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Kees Cook <keescook@...omium.org>,
Arvind Sankar <nivedita@...m.mit.edu>,
Martin Radev <martin.b.radev@...il.com>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 4/5] x86/head/64: Check SEV encryption before switching
to kernel page-table
On 10/28/20 11:46 AM, Joerg Roedel wrote:
> From: Joerg Roedel <jroedel@...e.de>
>
> When SEV is enabled the kernel requests the C-Bit position again from
> the hypervisor to built its own page-table. Since the hypervisor is an
s/built/build/
> untrusted source the C-bit position needs to be verified before the
> kernel page-table is used.
>
> Call the sev_verify_cbit() function before writing the CR3.
>
> Signed-off-by: Joerg Roedel <jroedel@...e.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@....com>
> ---
> arch/x86/kernel/head_64.S | 16 ++++++++++++++++
> arch/x86/mm/mem_encrypt.c | 1 +
> 2 files changed, 17 insertions(+)
>
> diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
> index 7eb2a1c87969..3c417734790f 100644
> --- a/arch/x86/kernel/head_64.S
> +++ b/arch/x86/kernel/head_64.S
> @@ -161,6 +161,21 @@ SYM_INNER_LABEL(secondary_startup_64_no_verify, SYM_L_GLOBAL)
>
> /* Setup early boot stage 4-/5-level pagetables. */
> addq phys_base(%rip), %rax
> +
> + /*
> + * For SEV guests: Verify that the C-bit is correct. A malicious
> + * hypervisor could lie about the C-bit position to perform a ROP
> + * attack on the guest by writing to the unencrypted stack and wait for
> + * the next RET instruction.
> + * %rsi carries pointer to realmode data and is callee-clobbered. Save
> + * and restore it.
> + */
> + pushq %rsi
> + movq %rax, %rdi
> + call sev_verify_cbit
> + popq %rsi
> +
> + /* Switch to new page-table */
> movq %rax, %cr3
>
> /* Ensure I am executing from virtual addresses */
> @@ -279,6 +294,7 @@ SYM_INNER_LABEL(secondary_startup_64_no_verify, SYM_L_GLOBAL)
> SYM_CODE_END(secondary_startup_64)
>
> #include "verify_cpu.S"
> +#include "sev_verify_cbit.S"
>
> #ifdef CONFIG_HOTPLUG_CPU
> /*
> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
> index efbb3de472df..bc0833713be9 100644
> --- a/arch/x86/mm/mem_encrypt.c
> +++ b/arch/x86/mm/mem_encrypt.c
> @@ -39,6 +39,7 @@
> */
> u64 sme_me_mask __section(".data") = 0;
> u64 sev_status __section(".data") = 0;
> +u64 sev_check_data __section(".data") = 0;
> EXPORT_SYMBOL(sme_me_mask);
> DEFINE_STATIC_KEY_FALSE(sev_enable_key);
> EXPORT_SYMBOL_GPL(sev_enable_key);
>
Powered by blists - more mailing lists