- Convert the sev-guest plaform ->remove callback to return void
- Move the SEV C-bit verification to the BSP as it needs to happen only once and not on every AP -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmWbIXUACgkQEsHwGGHe VUocDQ//cxfdJuF+Srww/WgpXSc2EmT6OAlSX8R1S89PD5PPDWJq3U8dE7gScZnH bjcFj7CMkyFHe4yPkDljdS4+7Zrt2ilbzuojdnCjByd4aL5fCsZJCjWlVeaR/0ay 3lkr+fX3GtAl2njOBv9Fc0E7qh/E8zHRNcIRIS6Lz+LY5ziNqU9IGZruESQKkR2B GokNKqWfqFhJaifEe4F+AdWRbZaEZlli6Gttn7T+QPPRk9LPCaxqkHT0BbIbUqnr eMdvPZucWZiqNe1C9zxKeRyzqc2nPXbvi1QkCundXrCYwRuF4+sQiyM5yEMmStdl wQ/kfbLJFFS96RZ408UNrvSJHYulFRb5uNj0M6lIc2KlQt2PCPhz2+MsipjWMYEP 7qz5KGkiSyosTZ+ZT0jw1G++KtRcoG/brXFKXGuu9I2yi0OMOtNdCXNH9SyTJDT3 d6nk5t2xloPH8qLfAb9BK7uVINSSlu/f/3nuoKqlHPSYcZoK7kt0BW4DJNb8+iYO XhdmCpvYIfMvyaLjFYypimE7AnqgafUS/zVQCfnIF6BJveGj6AI/Xv0yubwErbuK ijcrz2x9LlwgoAGMClePFWwhmRfg1M3cRRD4VekH4kIC6pcrP2Wk3Dl2VgaojEdg F4qE+RB1x4AO5wkiYLtHACPZQ7i7yzLLGOhBTxFjgXz0EBMwTYU= =zKez -----END PGP SIGNATURE----- Merge tag 'x86_sev_for_v6.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 SEV updates from Borislav Petkov: - Convert the sev-guest plaform ->remove callback to return void - Move the SEV C-bit verification to the BSP as it needs to happen only once and not on every AP * tag 'x86_sev_for_v6.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: virt: sev-guest: Convert to platform remove callback returning void x86/sev: Do the C-bit verification only on the BSP
This commit is contained in:
commit
e900042f04
@ -114,6 +114,28 @@ SYM_CODE_START_NOALIGN(startup_64)
|
||||
|
||||
/* Form the CR3 value being sure to include the CR3 modifier */
|
||||
addq $(early_top_pgt - __START_KERNEL_map), %rax
|
||||
|
||||
#ifdef CONFIG_AMD_MEM_ENCRYPT
|
||||
mov %rax, %rdi
|
||||
mov %rax, %r14
|
||||
|
||||
addq phys_base(%rip), %rdi
|
||||
|
||||
/*
|
||||
* For SEV guests: Verify that the C-bit is correct. A malicious
|
||||
* hypervisor could lie about the C-bit position to perform a ROP
|
||||
* attack on the guest by writing to the unencrypted stack and wait for
|
||||
* the next RET instruction.
|
||||
*/
|
||||
call sev_verify_cbit
|
||||
|
||||
/*
|
||||
* Restore CR3 value without the phys_base which will be added
|
||||
* below, before writing %cr3.
|
||||
*/
|
||||
mov %r14, %rax
|
||||
#endif
|
||||
|
||||
jmp 1f
|
||||
SYM_CODE_END(startup_64)
|
||||
|
||||
@ -192,15 +214,6 @@ SYM_INNER_LABEL(secondary_startup_64_no_verify, SYM_L_GLOBAL)
|
||||
/* Setup early boot stage 4-/5-level pagetables. */
|
||||
addq phys_base(%rip), %rax
|
||||
|
||||
/*
|
||||
* For SEV guests: Verify that the C-bit is correct. A malicious
|
||||
* hypervisor could lie about the C-bit position to perform a ROP
|
||||
* attack on the guest by writing to the unencrypted stack and wait for
|
||||
* the next RET instruction.
|
||||
*/
|
||||
movq %rax, %rdi
|
||||
call sev_verify_cbit
|
||||
|
||||
/*
|
||||
* Switch to new page-table
|
||||
*
|
||||
|
@ -994,7 +994,7 @@ e_unmap:
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int __exit sev_guest_remove(struct platform_device *pdev)
|
||||
static void __exit sev_guest_remove(struct platform_device *pdev)
|
||||
{
|
||||
struct snp_guest_dev *snp_dev = platform_get_drvdata(pdev);
|
||||
|
||||
@ -1003,8 +1003,6 @@ static int __exit sev_guest_remove(struct platform_device *pdev)
|
||||
free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg));
|
||||
deinit_crypto(snp_dev->crypto);
|
||||
misc_deregister(&snp_dev->misc);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -1013,7 +1011,7 @@ static int __exit sev_guest_remove(struct platform_device *pdev)
|
||||
* with the SEV-SNP support, it is named "sev-guest".
|
||||
*/
|
||||
static struct platform_driver sev_guest_driver = {
|
||||
.remove = __exit_p(sev_guest_remove),
|
||||
.remove_new = __exit_p(sev_guest_remove),
|
||||
.driver = {
|
||||
.name = "sev-guest",
|
||||
},
|
||||
|
Loading…
Reference in New Issue
Block a user