From: Joerg Roedel <jroe...@suse.de> Hi,
here are some enhancements to the SEV(-ES) code in the Linux kernel to self-protect it against some newly detected hypervisor attacks. There are 3 attacks addressed here: 1) Hypervisor does not present the SEV-enabled bit via CPUID 2) The Hypervisor presents the wrong C-bit position via CPUID 3) An encrypted RAM page is mapped as MMIO in the nested page-table, causing #VC exceptions and possible leak of the data to the hypervisor or data/code injection from the Hypervisor. The attacks are described in more detail in this paper: https://arxiv.org/abs/2010.07094 Please review. Thanks, Joerg Changes to v3: - Addressed Boris' review comments Changes to v2: - Use %r8/%r9 to modify %cr4 in sev_verify_cbit() and return the new page-table pointer in that function. Changes to v1: - Disable CR4.PGE during C-bit test - Do not safe/restore caller-safed registers in set_sev_encryption_mask() Joerg Roedel (5): x86/boot/compressed/64: Introduce sev_status x86/boot/compressed/64: Add CPUID sanity check to early #VC handler x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path x86/head/64: Check SEV encryption before switching to kernel page-table x86/sev-es: Do not support MMIO to/from encrypted memory arch/x86/boot/compressed/ident_map_64.c | 1 + arch/x86/boot/compressed/mem_encrypt.S | 20 +++++- arch/x86/boot/compressed/misc.h | 2 + arch/x86/kernel/head_64.S | 16 +++++ arch/x86/kernel/sev-es-shared.c | 26 +++++++ arch/x86/kernel/sev-es.c | 20 ++++-- arch/x86/kernel/sev_verify_cbit.S | 90 +++++++++++++++++++++++++ arch/x86/mm/mem_encrypt.c | 1 + 8 files changed, 168 insertions(+), 8 deletions(-) create mode 100644 arch/x86/kernel/sev_verify_cbit.S -- 2.28.0