diff --git a/patches.suse/x86-sev-es-do-not-support-mmio-to-from-encrypted-memory b/patches.suse/x86-sev-es-do-not-support-mmio-to-from-encrypted-memory new file mode 100644 index 0000000..769013e --- /dev/null +++ b/patches.suse/x86-sev-es-do-not-support-mmio-to-from-encrypted-memory @@ -0,0 +1,83 @@ +From: Joerg Roedel +Date: Wed, 28 Oct 2020 17:46:59 +0100 +Subject: x86/sev-es: Do not support MMIO to/from encrypted memory +Git-commit: 2411cd82112397bfb9d8f0f19cd46c3d71e0ce67 +Patch-mainline: v5.10-rc3 +References: jsc#SLE-14337 + +MMIO memory is usually not mapped encrypted, so there is no reason to +support emulated MMIO when it is mapped encrypted. + +Prevent a possible hypervisor attack where a RAM page is mapped as +an MMIO page in the nested page-table, so that any guest access to it +will trigger a #VC exception and leak the data on that page to the +hypervisor via the GHCB (like with valid MMIO). On the read side this +attack would allow the HV to inject data into the guest. + +Signed-off-by: Joerg Roedel +Signed-off-by: Borislav Petkov +Reviewed-by: Tom Lendacky +Link: https://lkml.kernel.org/r/20201028164659.27002-6-joro@8bytes.org +--- + arch/x86/kernel/sev-es.c | 20 +++++++++++++------- + 1 file changed, 13 insertions(+), 7 deletions(-) + +--- a/arch/x86/kernel/sev-es.c ++++ b/arch/x86/kernel/sev-es.c +@@ -376,8 +376,8 @@ fault: + return ES_EXCEPTION; + } + +-static bool vc_slow_virt_to_phys(struct ghcb *ghcb, struct es_em_ctxt *ctxt, +- unsigned long vaddr, phys_addr_t *paddr) ++static enum es_result vc_slow_virt_to_phys(struct ghcb *ghcb, struct es_em_ctxt *ctxt, ++ unsigned long vaddr, phys_addr_t *paddr) + { + unsigned long va = (unsigned long)vaddr; + unsigned int level; +@@ -396,15 +396,19 @@ static bool vc_slow_virt_to_phys(struct + if (user_mode(ctxt->regs)) + ctxt->fi.error_code |= X86_PF_USER; + +- return false; ++ return ES_EXCEPTION; + } + ++ if (WARN_ON_ONCE(pte_val(*pte) & _PAGE_ENC)) ++ /* Emulated MMIO to/from encrypted memory not supported */ ++ return ES_UNSUPPORTED; ++ + pa = (phys_addr_t)pte_pfn(*pte) << PAGE_SHIFT; + pa |= va & ~page_level_mask(level); + + *paddr = pa; + +- return true; ++ return ES_OK; + } + + /* Include code shared with pre-decompression boot stage */ +@@ -733,6 +737,7 @@ static enum es_result vc_do_mmio(struct + { + u64 exit_code, exit_info_1, exit_info_2; + unsigned long ghcb_pa = __pa(ghcb); ++ enum es_result res; + phys_addr_t paddr; + void __user *ref; + +@@ -742,11 +747,12 @@ static enum es_result vc_do_mmio(struct + + exit_code = read ? SVM_VMGEXIT_MMIO_READ : SVM_VMGEXIT_MMIO_WRITE; + +- if (!vc_slow_virt_to_phys(ghcb, ctxt, (unsigned long)ref, &paddr)) { +- if (!read) ++ res = vc_slow_virt_to_phys(ghcb, ctxt, (unsigned long)ref, &paddr); ++ if (res != ES_OK) { ++ if (res == ES_EXCEPTION && !read) + ctxt->fi.error_code |= X86_PF_WRITE; + +- return ES_EXCEPTION; ++ return res; + } + + exit_info_1 = paddr; diff --git a/series.conf b/series.conf index 0a3cb56..0792be4 100644 --- a/series.conf +++ b/series.conf @@ -45029,6 +45029,7 @@ patches.suse/x86-boot-compressed-64-sanity-check-cpuid-results-in-the-early-vc-handler patches.suse/x86-boot-compressed-64-check-sev-encryption-in-64-bit-boot-path patches.suse/x86-head-64-check-sev-encryption-before-switching-to-kernel-page-table + patches.suse/x86-sev-es-do-not-support-mmio-to-from-encrypted-memory patches.suse/ice-docs-fix-a-devlink-info-that-broke-a-table.patch patches.suse/IB-srpt-docs-add-a-description-for-cq_size-member.patch patches.suse/PCI-dwc-Restore-ATU-memory-resource-setup-to-use-las.patch