Commit e900042f authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'x86_sev_for_v6.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 SEV updates from Borislav Petkov:

 - Convert the sev-guest plaform ->remove callback to return void

 - Move the SEV C-bit verification to the BSP as it needs to happen only
   once and not on every AP

* tag 'x86_sev_for_v6.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  virt: sev-guest: Convert to platform remove callback returning void
  x86/sev: Do the C-bit verification only on the BSP
parents fc5e5c59 d642ef71
...@@ -114,6 +114,28 @@ SYM_CODE_START_NOALIGN(startup_64) ...@@ -114,6 +114,28 @@ SYM_CODE_START_NOALIGN(startup_64)
/* Form the CR3 value being sure to include the CR3 modifier */ /* Form the CR3 value being sure to include the CR3 modifier */
addq $(early_top_pgt - __START_KERNEL_map), %rax addq $(early_top_pgt - __START_KERNEL_map), %rax
#ifdef CONFIG_AMD_MEM_ENCRYPT
mov %rax, %rdi
mov %rax, %r14
addq phys_base(%rip), %rdi
/*
* For SEV guests: Verify that the C-bit is correct. A malicious
* hypervisor could lie about the C-bit position to perform a ROP
* attack on the guest by writing to the unencrypted stack and wait for
* the next RET instruction.
*/
call sev_verify_cbit
/*
* Restore CR3 value without the phys_base which will be added
* below, before writing %cr3.
*/
mov %r14, %rax
#endif
jmp 1f jmp 1f
SYM_CODE_END(startup_64) SYM_CODE_END(startup_64)
...@@ -192,15 +214,6 @@ SYM_INNER_LABEL(secondary_startup_64_no_verify, SYM_L_GLOBAL) ...@@ -192,15 +214,6 @@ SYM_INNER_LABEL(secondary_startup_64_no_verify, SYM_L_GLOBAL)
/* Setup early boot stage 4-/5-level pagetables. */ /* Setup early boot stage 4-/5-level pagetables. */
addq phys_base(%rip), %rax addq phys_base(%rip), %rax
/*
* For SEV guests: Verify that the C-bit is correct. A malicious
* hypervisor could lie about the C-bit position to perform a ROP
* attack on the guest by writing to the unencrypted stack and wait for
* the next RET instruction.
*/
movq %rax, %rdi
call sev_verify_cbit
/* /*
* Switch to new page-table * Switch to new page-table
* *
......
...@@ -994,7 +994,7 @@ static int __init sev_guest_probe(struct platform_device *pdev) ...@@ -994,7 +994,7 @@ static int __init sev_guest_probe(struct platform_device *pdev)
return ret; return ret;
} }
static int __exit sev_guest_remove(struct platform_device *pdev) static void __exit sev_guest_remove(struct platform_device *pdev)
{ {
struct snp_guest_dev *snp_dev = platform_get_drvdata(pdev); struct snp_guest_dev *snp_dev = platform_get_drvdata(pdev);
...@@ -1003,8 +1003,6 @@ static int __exit sev_guest_remove(struct platform_device *pdev) ...@@ -1003,8 +1003,6 @@ static int __exit sev_guest_remove(struct platform_device *pdev)
free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg));
deinit_crypto(snp_dev->crypto); deinit_crypto(snp_dev->crypto);
misc_deregister(&snp_dev->misc); misc_deregister(&snp_dev->misc);
return 0;
} }
/* /*
...@@ -1013,7 +1011,7 @@ static int __exit sev_guest_remove(struct platform_device *pdev) ...@@ -1013,7 +1011,7 @@ static int __exit sev_guest_remove(struct platform_device *pdev)
* with the SEV-SNP support, it is named "sev-guest". * with the SEV-SNP support, it is named "sev-guest".
*/ */
static struct platform_driver sev_guest_driver = { static struct platform_driver sev_guest_driver = {
.remove = __exit_p(sev_guest_remove), .remove_new = __exit_p(sev_guest_remove),
.driver = { .driver = {
.name = "sev-guest", .name = "sev-guest",
}, },
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment