1 |
commit: 0a9d19d1cdac2b8749a0d11ee55554609df56cc8 |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Aug 31 12:10:53 2022 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Aug 31 12:10:53 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=0a9d19d1 |
7 |
|
8 |
x86/sev: Don't use cc_platform_has() for early SEV-SNP calls |
9 |
|
10 |
Bug: https://bugs.gentoo.org/865831 |
11 |
|
12 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
13 |
|
14 |
0000_README | 4 ++ |
15 |
1800_x86-sev-cc-platform-SEV-SNP-fix.patch | 72 ++++++++++++++++++++++++++++++ |
16 |
2 files changed, 76 insertions(+) |
17 |
|
18 |
diff --git a/0000_README b/0000_README |
19 |
index 54d13e58..309b3933 100644 |
20 |
--- a/0000_README |
21 |
+++ b/0000_README |
22 |
@@ -75,6 +75,10 @@ Patch: 1700_sparc-address-warray-bound-warnings.patch |
23 |
From: https://github.com/KSPP/linux/issues/109 |
24 |
Desc: Address -Warray-bounds warnings |
25 |
|
26 |
+Patch: 1800_x86-sev-cc-platform-SEV-SNP-fix.patch |
27 |
+From: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/x86/kernel/sev.c?id=cdaa0a407f1acd3a44861e3aea6e3c7349e668f1 |
28 |
+Desc: Don't use cc_platform_has() for early SEV-SNP calls |
29 |
+ |
30 |
Patch: 2000_BT-Check-key-sizes-only-if-Secure-Simple-Pairing-enabled.patch |
31 |
From: https://lore.kernel.org/linux-bluetooth/20190522070540.48895-1-marcel@××××××××.org/raw |
32 |
Desc: Bluetooth: Check key sizes only when Secure Simple Pairing is enabled. See bug #686758 |
33 |
|
34 |
diff --git a/1800_x86-sev-cc-platform-SEV-SNP-fix.patch b/1800_x86-sev-cc-platform-SEV-SNP-fix.patch |
35 |
new file mode 100644 |
36 |
index 00000000..8d8ceca5 |
37 |
--- /dev/null |
38 |
+++ b/1800_x86-sev-cc-platform-SEV-SNP-fix.patch |
39 |
@@ -0,0 +1,72 @@ |
40 |
+From cdaa0a407f1acd3a44861e3aea6e3c7349e668f1 Mon Sep 17 00:00:00 2001 |
41 |
+From: Tom Lendacky <thomas.lendacky@×××.com> |
42 |
+Date: Tue, 23 Aug 2022 16:55:51 -0500 |
43 |
+Subject: x86/sev: Don't use cc_platform_has() for early SEV-SNP calls |
44 |
+ |
45 |
+When running identity-mapped and depending on the kernel configuration, |
46 |
+it is possible that the compiler uses jump tables when generating code |
47 |
+for cc_platform_has(). |
48 |
+ |
49 |
+This causes a boot failure because the jump table uses un-mapped kernel |
50 |
+virtual addresses, not identity-mapped addresses. This has been seen |
51 |
+with CONFIG_RETPOLINE=n. |
52 |
+ |
53 |
+Similar to sme_encrypt_kernel(), use an open-coded direct check for the |
54 |
+status of SNP rather than trying to eliminate the jump table. This |
55 |
+preserves any code optimization in cc_platform_has() that can be useful |
56 |
+post boot. It also limits the changes to SEV-specific files so that |
57 |
+future compiler features won't necessarily require possible build changes |
58 |
+just because they are not compatible with running identity-mapped. |
59 |
+ |
60 |
+ [ bp: Massage commit message. ] |
61 |
+ |
62 |
+Fixes: 5e5ccff60a29 ("x86/sev: Add helper for validating pages in early enc attribute changes") |
63 |
+Reported-by: Sean Christopherson <seanjc@××××××.com> |
64 |
+Suggested-by: Sean Christopherson <seanjc@××××××.com> |
65 |
+Signed-off-by: Tom Lendacky <thomas.lendacky@×××.com> |
66 |
+Signed-off-by: Borislav Petkov <bp@××××.de> |
67 |
+Cc: <stable@×××××××××××.org> # 5.19.x |
68 |
+Link: https://lore.kernel.org/all/YqfabnTRxFSM+LoX@××××××.com/ |
69 |
+--- |
70 |
+ arch/x86/kernel/sev.c | 16 ++++++++++++++-- |
71 |
+ 1 file changed, 14 insertions(+), 2 deletions(-) |
72 |
+ |
73 |
+(limited to 'arch/x86/kernel/sev.c') |
74 |
+ |
75 |
+diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c |
76 |
+index 63dc626627a03..4f84c3f11af5b 100644 |
77 |
+--- a/arch/x86/kernel/sev.c |
78 |
++++ b/arch/x86/kernel/sev.c |
79 |
+@@ -701,7 +701,13 @@ e_term: |
80 |
+ void __init early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr, |
81 |
+ unsigned int npages) |
82 |
+ { |
83 |
+- if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) |
84 |
++ /* |
85 |
++ * This can be invoked in early boot while running identity mapped, so |
86 |
++ * use an open coded check for SNP instead of using cc_platform_has(). |
87 |
++ * This eliminates worries about jump tables or checking boot_cpu_data |
88 |
++ * in the cc_platform_has() function. |
89 |
++ */ |
90 |
++ if (!(sev_status & MSR_AMD64_SEV_SNP_ENABLED)) |
91 |
+ return; |
92 |
+ |
93 |
+ /* |
94 |
+@@ -717,7 +723,13 @@ void __init early_snp_set_memory_private(unsigned long vaddr, unsigned long padd |
95 |
+ void __init early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr, |
96 |
+ unsigned int npages) |
97 |
+ { |
98 |
+- if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) |
99 |
++ /* |
100 |
++ * This can be invoked in early boot while running identity mapped, so |
101 |
++ * use an open coded check for SNP instead of using cc_platform_has(). |
102 |
++ * This eliminates worries about jump tables or checking boot_cpu_data |
103 |
++ * in the cc_platform_has() function. |
104 |
++ */ |
105 |
++ if (!(sev_status & MSR_AMD64_SEV_SNP_ENABLED)) |
106 |
+ return; |
107 |
+ |
108 |
+ /* Invalidate the memory pages before they are marked shared in the RMP table. */ |
109 |
+-- |
110 |
+cgit |
111 |
+ |