linux/arch/x86/kernel/sev_verify_cbit.S

/* SPDX-License-Identifier: GPL-2.0-only */
/*
 *	sev_verify_cbit.S - Code for verification of the C-bit position reported
 *			    by the Hypervisor when running with SEV enabled.
 *
 *	Copyright (c) 2020  Joerg Roedel (jroedel@suse.de)
 *
 * sev_verify_cbit() is called before switching to a new long-mode page-table
 * at boot.
 *
 * Verify that the C-bit position is correct by writing a random value to
 * an encrypted memory location while on the current page-table. Then it
 * switches to the new page-table to verify the memory content is still the
 * same. After that it switches back to the current page-table and when the
 * check succeeded it returns. If the check failed the code invalidates the
 * stack pointer and goes into a hlt loop. The stack-pointer is invalidated to
 * make sure no interrupt or exception can get the CPU out of the hlt loop.
 *
 * New page-table pointer is expected in %rdi (first parameter)
 *
 */
SYM_FUNC_START(sev_verify_cbit)
#ifdef CONFIG_AMD_MEM_ENCRYPT
	/* First check if a C-bit was detected */
	movq	sme_me_mask(%rip), %rsi
	testq	%rsi, %rsi
	jz	3f

	/* sme_me_mask != 0 could mean SME or SEV - Check also for SEV */
	movq	sev_status(%rip), %rsi
	testq	%rsi, %rsi
	jz	3f

	/* Save CR4 in %rsi */
	movq	%cr4, %rsi

	/* Disable Global Pages */
	movq	%rsi, %rdx
	andq	$(~X86_CR4_PGE), %rdx
	movq	%rdx, %cr4

	/*
	 * Verified that running under SEV - now get a random value using
	 * RDRAND. This instruction is mandatory when running as an SEV guest.
	 *
	 * Don't bail out of the loop if RDRAND returns errors. It is better to
	 * prevent forward progress than to work with a non-random value here.
	 */
1:	rdrand	%rdx
	jnc	1b

	/* Store value to memory and keep it in %rdx */
	movq	%rdx, sev_check_data(%rip)

	/* Backup current %cr3 value to restore it later */
	movq	%cr3, %rcx

	/* Switch to new %cr3 - This might unmap the stack */
	movq	%rdi, %cr3

	/*
	 * Compare value in %rdx with memory location. If C-bit is incorrect
	 * this would read the encrypted data and make the check fail.
	 */
	cmpq	%rdx, sev_check_data(%rip)

	/* Restore old %cr3 */
	movq	%rcx, %cr3

	/* Restore previous CR4 */
	movq	%rsi, %cr4

	/* Check CMPQ result */
	je	3f

	/*
	 * The check failed, prevent any forward progress to prevent ROP
	 * attacks, invalidate the stack and go into a hlt loop.
	 */
	xorq	%rsp, %rsp
	subq	$0x1000, %rsp
2:	hlt
	jmp 2b
3:
#endif
	/* Return page-table pointer */
	movq	%rdi, %rax
	RET
SYM_FUNC_END(sev_verify_cbit)
x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path Check whether the hypervisor reported the correct C-bit when running as an SEV guest. Using a wrong C-bit position could be used to leak sensitive data from the guest to the hypervisor. The check function is in a separate file: arch/x86/kernel/sev_verify_cbit.S so that it can be re-used in the running kernel image. [ bp: Massage. ] Signed-off-by: Joerg Roedel <jroedel@suse.de> Signed-off-by: Borislav Petkov <bp@suse.de> Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com> Link: https://lkml.kernel.org/r/20201028164659.27002-4-joro@8bytes.org 2020-10-28 17:46:57 +01:00			`/* SPDX-License-Identifier: GPL-2.0-only */`
			`/*`
			`* sev_verify_cbit.S - Code for verification of the C-bit position reported`
			`* by the Hypervisor when running with SEV enabled.`
			`*`
			`* Copyright (c) 2020 Joerg Roedel (jroedel@suse.de)`
			`*`
			`* sev_verify_cbit() is called before switching to a new long-mode page-table`
			`* at boot.`
			`*`
			`* Verify that the C-bit position is correct by writing a random value to`
			`* an encrypted memory location while on the current page-table. Then it`
			`* switches to the new page-table to verify the memory content is still the`
			`* same. After that it switches back to the current page-table and when the`
			`* check succeeded it returns. If the check failed the code invalidates the`
			`* stack pointer and goes into a hlt loop. The stack-pointer is invalidated to`
			`* make sure no interrupt or exception can get the CPU out of the hlt loop.`
			`*`
			`* New page-table pointer is expected in %rdi (first parameter)`
			`*`
			`*/`
			`SYM_FUNC_START(sev_verify_cbit)`
			`#ifdef CONFIG_AMD_MEM_ENCRYPT`
			`/* First check if a C-bit was detected */`
			`movq sme_me_mask(%rip), %rsi`
			`testq %rsi, %rsi`
			`jz 3f`

			`/* sme_me_mask != 0 could mean SME or SEV - Check also for SEV */`
			`movq sev_status(%rip), %rsi`
			`testq %rsi, %rsi`
			`jz 3f`

			`/* Save CR4 in %rsi */`
			`movq %cr4, %rsi`

			`/* Disable Global Pages */`
			`movq %rsi, %rdx`
			`andq $(~X86_CR4_PGE), %rdx`
			`movq %rdx, %cr4`

			`/*`
			`* Verified that running under SEV - now get a random value using`
			`* RDRAND. This instruction is mandatory when running as an SEV guest.`
			`*`
			`* Don't bail out of the loop if RDRAND returns errors. It is better to`
			`* prevent forward progress than to work with a non-random value here.`
			`*/`
			`1: rdrand %rdx`
			`jnc 1b`

			`/* Store value to memory and keep it in %rdx */`
			`movq %rdx, sev_check_data(%rip)`

			`/* Backup current %cr3 value to restore it later */`
			`movq %cr3, %rcx`

			`/* Switch to new %cr3 - This might unmap the stack */`
			`movq %rdi, %cr3`

			`/*`
			`* Compare value in %rdx with memory location. If C-bit is incorrect`
			`* this would read the encrypted data and make the check fail.`
			`*/`
			`cmpq %rdx, sev_check_data(%rip)`

			`/* Restore old %cr3 */`
			`movq %rcx, %cr3`

			`/* Restore previous CR4 */`
			`movq %rsi, %cr4`

			`/* Check CMPQ result */`
			`je 3f`

			`/*`
			`* The check failed, prevent any forward progress to prevent ROP`
			`* attacks, invalidate the stack and go into a hlt loop.`
			`*/`
			`xorq %rsp, %rsp`
			`subq $0x1000, %rsp`
			`2: hlt`
			`jmp 2b`
			`3:`
			`#endif`
			`/* Return page-table pointer */`
			`movq %rdi, %rax`
x86: Prepare asm files for straight-line-speculation Replace all ret/retq instructions with RET in preparation of making RET a macro. Since AS is case insensitive it's a big no-op without RET defined. find arch/x86/ -name \.S \| while read file do sed -i 's/\<ret[q]\>/RET/' $file done Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Borislav Petkov <bp@suse.de> Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org 2021-12-04 14:43:40 +01:00			`RET`
x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path Check whether the hypervisor reported the correct C-bit when running as an SEV guest. Using a wrong C-bit position could be used to leak sensitive data from the guest to the hypervisor. The check function is in a separate file: arch/x86/kernel/sev_verify_cbit.S so that it can be re-used in the running kernel image. [ bp: Massage. ] Signed-off-by: Joerg Roedel <jroedel@suse.de> Signed-off-by: Borislav Petkov <bp@suse.de> Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com> Link: https://lkml.kernel.org/r/20201028164659.27002-4-joro@8bytes.org 2020-10-28 17:46:57 +01:00			`SYM_FUNC_END(sev_verify_cbit)`