| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 May 2024 10:00:28 +0530
From: Nikunj A Dadhania <nikunj@....com>
To: <linux-kernel@...r.kernel.org>, <thomas.lendacky@....com>, <bp@...en8.de>,
<x86@...nel.org>, <kvm@...r.kernel.org>
CC: <mingo@...hat.com>, <tglx@...utronix.de>, <dave.hansen@...ux.intel.com>,
<pgonda@...gle.com>, <seanjc@...gle.com>, <pbonzini@...hat.com>,
<nikunj@....com>
Subject: [PATCH v9 14/24] x86/sev: Handle failures from snp_init()
Failures from the snp_init() are currently being ignored by sme_enable().
Add missing error handling for cases where snp_init() fails to retrieve
SEV-SNP CC blob or encounters issues while parsing CC blob. SNP guests will
error out early with this change.
Signed-off-by: Nikunj A Dadhania <nikunj@....com>
---
arch/x86/mm/mem_encrypt_identity.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c
index ac33b2263a43..e83b363c5e68 100644
--- a/arch/x86/mm/mem_encrypt_identity.c
+++ b/arch/x86/mm/mem_encrypt_identity.c
@@ -535,6 +535,13 @@ void __head sme_enable(struct boot_params *bp)
if (snp && !(msr & MSR_AMD64_SEV_SNP_ENABLED))
snp_abort();
+ /*
+ * The SEV-SNP CC blob should be present and parsing CC blob should
+ * succeed when SEV-SNP is enabled.
+ */
+ if (!snp && (msr & MSR_AMD64_SEV_SNP_ENABLED))
+ snp_abort();
+
/* Check if memory encryption is enabled */
if (feature_mask == AMD_SME_BIT) {
if (!(bp->hdr.xloadflags & XLF_MEM_ENCRYPTION))
--
2.34.1
Powered by blists - more mailing lists