| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 9 Nov 2022 15:53:36 -0500
From: Tianyu Lan <ltykernel@...il.com>
To: luto@...nel.org, tglx@...utronix.de, mingo@...hat.com,
bp@...en8.de, dave.hansen@...ux.intel.com, x86@...nel.org,
hpa@...or.com, seanjc@...gle.com, pbonzini@...hat.com,
jgross@...e.com, tiala@...rosoft.com, kirill@...temov.name,
jiangshan.ljs@...group.com, peterz@...radead.org,
ashish.kalra@....com, srutherford@...gle.com,
akpm@...ux-foundation.org, anshuman.khandual@....com,
pawan.kumar.gupta@...ux.intel.com, adrian.hunter@...el.com,
daniel.sneddon@...ux.intel.com, alexander.shishkin@...ux.intel.com,
sandipan.das@....com, ray.huang@....com, brijesh.singh@....com,
michael.roth@....com, thomas.lendacky@....com,
venu.busireddy@...cle.com, sterritt@...gle.com,
tony.luck@...el.com, samitolvanen@...gle.com, fenghua.yu@...el.com
Cc: linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
linux-hyperv@...r.kernel.org, linux-arch@...r.kernel.org
Subject: [RFC PATCH 01/17] x86/boot: Check boot param's cc_blob_address for direct boot mode
From: Tianyu Lan <tiala@...rosoft.com>
Hypervisor may pass cc blob address directly into boot param's cc
blob address in the direct boot mode. Check cc blcb hdr magic first
in the sev_enable() and use it as cc blob address if check successfully.
Signed-off-by: Tianyu Lan <tiala@...rosoft.com>
---
arch/x86/boot/compressed/sev.c | 27 ++++++++++++++++++++-------
1 file changed, 20 insertions(+), 7 deletions(-)
diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c
index c93930d5ccbd..960968f8bf75 100644
--- a/arch/x86/boot/compressed/sev.c
+++ b/arch/x86/boot/compressed/sev.c
@@ -272,17 +272,24 @@ static void enforce_vmpl0(void)
void sev_enable(struct boot_params *bp)
{
+ struct cc_blob_sev_info *cc_info;
unsigned int eax, ebx, ecx, edx;
struct msr m;
bool snp;
/*
- * bp->cc_blob_address should only be set by boot/compressed kernel.
- * Initialize it to 0 to ensure that uninitialized values from
- * buggy bootloaders aren't propagated.
+ * bp->cc_blob_address should only be set by boot/compressed
+ * kernel and hypervisor with direct boot mode. Initialize it
+ * to 0 after checking in order to ensure that uninitialized
+ * values from buggy bootloaders aren't propagated.
*/
- if (bp)
- bp->cc_blob_address = 0;
+ if (bp) {
+ cc_info = (struct cc_blob_sev_info *)(unsigned long)
+ bp->cc_blob_address;
+
+ if (cc_info->magic != CC_BLOB_SEV_HDR_MAGIC)
+ bp->cc_blob_address = 0;
+ }
/*
* Setup/preliminary detection of SNP. This will be sanity-checked
@@ -374,6 +381,10 @@ static struct cc_blob_sev_info *find_cc_blob(struct boot_params *bp)
{
struct cc_blob_sev_info *cc_info;
+ /* Boot kernel would have passed the CC blob via boot_params. */
+ if (bp->cc_blob_address)
+ return (struct cc_blob_sev_info *)(unsigned long)bp->cc_blob_address;
+
cc_info = find_cc_blob_efi(bp);
if (cc_info)
goto found_cc_info;
@@ -416,9 +427,11 @@ bool snp_init(struct boot_params *bp)
/*
* Pass run-time kernel a pointer to CC info via boot_params so EFI
* config table doesn't need to be searched again during early startup
- * phase.
+ * phase. Hypervisor also may popualte cc_blob_address directyly
+ * in direct boot mode.
*/
- bp->cc_blob_address = (u32)(unsigned long)cc_info;
+ if (!bp->cc_blob_address)
+ bp->cc_blob_address = (u32)(unsigned long)cc_info;
return true;
}
--
2.25.1
Powered by blists - more mailing lists