| 1 |
commit: 0a9d19d1cdac2b8749a0d11ee55554609df56cc8 |
| 2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Wed Aug 31 12:10:53 2022 +0000 |
| 4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Wed Aug 31 12:10:53 2022 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=0a9d19d1 |
| 7 |
|
| 8 |
x86/sev: Don't use cc_platform_has() for early SEV-SNP calls |
| 9 |
|
| 10 |
Bug: https://bugs.gentoo.org/865831 |
| 11 |
|
| 12 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
| 13 |
|
| 14 |
0000_README | 4 ++ |
| 15 |
1800_x86-sev-cc-platform-SEV-SNP-fix.patch | 72 ++++++++++++++++++++++++++++++ |
| 16 |
2 files changed, 76 insertions(+) |
| 17 |
|
| 18 |
diff --git a/0000_README b/0000_README |
| 19 |
index 54d13e58..309b3933 100644 |
| 20 |
--- a/0000_README |
| 21 |
+++ b/0000_README |
| 22 |
@@ -75,6 +75,10 @@ Patch: 1700_sparc-address-warray-bound-warnings.patch |
| 23 |
From: https://github.com/KSPP/linux/issues/109 |
| 24 |
Desc: Address -Warray-bounds warnings |
| 25 |
|
| 26 |
+Patch: 1800_x86-sev-cc-platform-SEV-SNP-fix.patch |
| 27 |
+From: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/x86/kernel/sev.c?id=cdaa0a407f1acd3a44861e3aea6e3c7349e668f1 |
| 28 |
+Desc: Don't use cc_platform_has() for early SEV-SNP calls |
| 29 |
+ |
| 30 |
Patch: 2000_BT-Check-key-sizes-only-if-Secure-Simple-Pairing-enabled.patch |
| 31 |
From: https://lore.kernel.org/linux-bluetooth/20190522070540.48895-1-marcel@××××××××.org/raw |
| 32 |
Desc: Bluetooth: Check key sizes only when Secure Simple Pairing is enabled. See bug #686758 |
| 33 |
|
| 34 |
diff --git a/1800_x86-sev-cc-platform-SEV-SNP-fix.patch b/1800_x86-sev-cc-platform-SEV-SNP-fix.patch |
| 35 |
new file mode 100644 |
| 36 |
index 00000000..8d8ceca5 |
| 37 |
--- /dev/null |
| 38 |
+++ b/1800_x86-sev-cc-platform-SEV-SNP-fix.patch |
| 39 |
@@ -0,0 +1,72 @@ |
| 40 |
+From cdaa0a407f1acd3a44861e3aea6e3c7349e668f1 Mon Sep 17 00:00:00 2001 |
| 41 |
+From: Tom Lendacky <thomas.lendacky@×××.com> |
| 42 |
+Date: Tue, 23 Aug 2022 16:55:51 -0500 |
| 43 |
+Subject: x86/sev: Don't use cc_platform_has() for early SEV-SNP calls |
| 44 |
+ |
| 45 |
+When running identity-mapped and depending on the kernel configuration, |
| 46 |
+it is possible that the compiler uses jump tables when generating code |
| 47 |
+for cc_platform_has(). |
| 48 |
+ |
| 49 |
+This causes a boot failure because the jump table uses un-mapped kernel |
| 50 |
+virtual addresses, not identity-mapped addresses. This has been seen |
| 51 |
+with CONFIG_RETPOLINE=n. |
| 52 |
+ |
| 53 |
+Similar to sme_encrypt_kernel(), use an open-coded direct check for the |
| 54 |
+status of SNP rather than trying to eliminate the jump table. This |
| 55 |
+preserves any code optimization in cc_platform_has() that can be useful |
| 56 |
+post boot. It also limits the changes to SEV-specific files so that |
| 57 |
+future compiler features won't necessarily require possible build changes |
| 58 |
+just because they are not compatible with running identity-mapped. |
| 59 |
+ |
| 60 |
+ [ bp: Massage commit message. ] |
| 61 |
+ |
| 62 |
+Fixes: 5e5ccff60a29 ("x86/sev: Add helper for validating pages in early enc attribute changes") |
| 63 |
+Reported-by: Sean Christopherson <seanjc@××××××.com> |
| 64 |
+Suggested-by: Sean Christopherson <seanjc@××××××.com> |
| 65 |
+Signed-off-by: Tom Lendacky <thomas.lendacky@×××.com> |
| 66 |
+Signed-off-by: Borislav Petkov <bp@××××.de> |
| 67 |
+Cc: <stable@×××××××××××.org> # 5.19.x |
| 68 |
+Link: https://lore.kernel.org/all/YqfabnTRxFSM+LoX@××××××.com/ |
| 69 |
+--- |
| 70 |
+ arch/x86/kernel/sev.c | 16 ++++++++++++++-- |
| 71 |
+ 1 file changed, 14 insertions(+), 2 deletions(-) |
| 72 |
+ |
| 73 |
+(limited to 'arch/x86/kernel/sev.c') |
| 74 |
+ |
| 75 |
+diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c |
| 76 |
+index 63dc626627a03..4f84c3f11af5b 100644 |
| 77 |
+--- a/arch/x86/kernel/sev.c |
| 78 |
++++ b/arch/x86/kernel/sev.c |
| 79 |
+@@ -701,7 +701,13 @@ e_term: |
| 80 |
+ void __init early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr, |
| 81 |
+ unsigned int npages) |
| 82 |
+ { |
| 83 |
+- if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) |
| 84 |
++ /* |
| 85 |
++ * This can be invoked in early boot while running identity mapped, so |
| 86 |
++ * use an open coded check for SNP instead of using cc_platform_has(). |
| 87 |
++ * This eliminates worries about jump tables or checking boot_cpu_data |
| 88 |
++ * in the cc_platform_has() function. |
| 89 |
++ */ |
| 90 |
++ if (!(sev_status & MSR_AMD64_SEV_SNP_ENABLED)) |
| 91 |
+ return; |
| 92 |
+ |
| 93 |
+ /* |
| 94 |
+@@ -717,7 +723,13 @@ void __init early_snp_set_memory_private(unsigned long vaddr, unsigned long padd |
| 95 |
+ void __init early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr, |
| 96 |
+ unsigned int npages) |
| 97 |
+ { |
| 98 |
+- if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) |
| 99 |
++ /* |
| 100 |
++ * This can be invoked in early boot while running identity mapped, so |
| 101 |
++ * use an open coded check for SNP instead of using cc_platform_has(). |
| 102 |
++ * This eliminates worries about jump tables or checking boot_cpu_data |
| 103 |
++ * in the cc_platform_has() function. |
| 104 |
++ */ |
| 105 |
++ if (!(sev_status & MSR_AMD64_SEV_SNP_ENABLED)) |
| 106 |
+ return; |
| 107 |
+ |
| 108 |
+ /* Invalidate the memory pages before they are marked shared in the RMP table. */ |
| 109 |
+-- |
| 110 |
+cgit |
| 111 |
+ |
Archives