| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 9 Nov 2022 17:39:04 -0600
From: Michael Roth <michael.roth@....com>
To: Tianyu Lan <ltykernel@...il.com>
CC: <luto@...nel.org>, <tglx@...utronix.de>, <mingo@...hat.com>,
<bp@...en8.de>, <dave.hansen@...ux.intel.com>, <x86@...nel.org>,
<hpa@...or.com>, <seanjc@...gle.com>, <pbonzini@...hat.com>,
<jgross@...e.com>, <tiala@...rosoft.com>, <kirill@...temov.name>,
<jiangshan.ljs@...group.com>, <peterz@...radead.org>,
<ashish.kalra@....com>, <srutherford@...gle.com>,
<akpm@...ux-foundation.org>, <anshuman.khandual@....com>,
<pawan.kumar.gupta@...ux.intel.com>, <adrian.hunter@...el.com>,
<daniel.sneddon@...ux.intel.com>,
<alexander.shishkin@...ux.intel.com>, <sandipan.das@....com>,
<ray.huang@....com>, <brijesh.singh@....com>,
<thomas.lendacky@....com>, <venu.busireddy@...cle.com>,
<sterritt@...gle.com>, <tony.luck@...el.com>,
<samitolvanen@...gle.com>, <fenghua.yu@...el.com>,
<linux-kernel@...r.kernel.org>, <kvm@...r.kernel.org>,
<linux-hyperv@...r.kernel.org>, <linux-arch@...r.kernel.org>
Subject: Re: [RFC PATCH 01/17] x86/boot: Check boot param's cc_blob_address
for direct boot mode
On Wed, Nov 09, 2022 at 03:53:36PM -0500, Tianyu Lan wrote:
> From: Tianyu Lan <tiala@...rosoft.com>
>
> Hypervisor may pass cc blob address directly into boot param's cc
> blob address in the direct boot mode. Check cc blcb hdr magic first
> in the sev_enable() and use it as cc blob address if check successfully.
>
> Signed-off-by: Tianyu Lan <tiala@...rosoft.com>
> ---
> arch/x86/boot/compressed/sev.c | 27 ++++++++++++++++++++-------
> 1 file changed, 20 insertions(+), 7 deletions(-)
>
> diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c
> index c93930d5ccbd..960968f8bf75 100644
> --- a/arch/x86/boot/compressed/sev.c
> +++ b/arch/x86/boot/compressed/sev.c
> @@ -272,17 +272,24 @@ static void enforce_vmpl0(void)
>
> void sev_enable(struct boot_params *bp)
> {
> + struct cc_blob_sev_info *cc_info;
> unsigned int eax, ebx, ecx, edx;
> struct msr m;
> bool snp;
>
> /*
> - * bp->cc_blob_address should only be set by boot/compressed kernel.
> - * Initialize it to 0 to ensure that uninitialized values from
> - * buggy bootloaders aren't propagated.
> + * bp->cc_blob_address should only be set by boot/compressed
> + * kernel and hypervisor with direct boot mode. Initialize it
> + * to 0 after checking in order to ensure that uninitialized
> + * values from buggy bootloaders aren't propagated.
> */
> - if (bp)
> - bp->cc_blob_address = 0;
> + if (bp) {
> + cc_info = (struct cc_blob_sev_info *)(unsigned long)
> + bp->cc_blob_address;
> +
> + if (cc_info->magic != CC_BLOB_SEV_HDR_MAGIC)
> + bp->cc_blob_address = 0;
It doesn't seem great to rely on SEV_HDR_MAGIC to determine whether
bp->cc_blob_address is valid or not since it is only a 32-bit value.
Would it be possible to use a setup_data entry of type SETUP_CC_BLOB
in bp->hdr.setup_data instead? There's already handling for that in
find_cc_blob_setup_data() so it should "just work".
-Mike
Powered by blists - more mailing lists