Re: [PATCH v3 4/5] x86/head/64: Check SEV encryption before switching to kernel page-table

On Wed, Oct 21, 2020 at 02:39:37PM +0200, Joerg Roedel wrote: > diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c > index ebb7edc8bc0a..bd9b62af2e3d 100644 > --- a/arch/x86/mm/mem_encrypt.c > +++ b/arch/x86/mm/mem_encrypt.c > @@ -39,6 +39,7 @@ > */ > u64 sme_me_mask __section(.d

[PATCH v3 4/5] x86/head/64: Check SEV encryption before switching to kernel page-table

From: Joerg Roedel When SEV is enabled the kernel requests the C-Bit position again from the hypervisor to built its own page-table. Since the hypervisor is an untrusted source the C-bit position needs to be verified before the kernel page-table is used. Call the sev_verify_cbit() function befor