diff options
| author | Michael Roth <michael.roth@amd.com> | 2022-08-23 19:07:34 +0300 |
|---|---|---|
| committer | Borislav Petkov <bp@suse.de> | 2022-08-24 10:03:04 +0300 |
| commit | 4b1c742407571eff58b6de9881889f7ca7c4b4dc (patch) | |
| tree | 12a8c5872256ec30271579feff12f485334a3a7d /tools | |
| parent | ea902bcc1943f7539200ec464de3f54335588774 (diff) | |
| download | linux-4b1c742407571eff58b6de9881889f7ca7c4b4dc.tar.xz | |
x86/boot: Don't propagate uninitialized boot_params->cc_blob_address
In some cases, bootloaders will leave boot_params->cc_blob_address
uninitialized rather than zeroing it out. This field is only meant to be
set by the boot/compressed kernel in order to pass information to the
uncompressed kernel when SEV-SNP support is enabled.
Therefore, there are no cases where the bootloader-provided values
should be treated as anything other than garbage. Otherwise, the
uncompressed kernel may attempt to access this bogus address, leading to
a crash during early boot.
Normally, sanitize_boot_params() would be used to clear out such fields
but that happens too late: sev_enable() may have already initialized
it to a valid value that should not be zeroed out. Instead, have
sev_enable() zero it out unconditionally beforehand.
Also ensure this happens for !CONFIG_AMD_MEM_ENCRYPT as well by also
including this handling in the sev_enable() stub function.
[ bp: Massage commit message and comments. ]
Fixes: b190a043c49a ("x86/sev: Add SEV-SNP feature detection/setup")
Reported-by: Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>
Reported-by: watnuss@gmx.de
Signed-off-by: Michael Roth <michael.roth@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: stable@vger.kernel.org
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216387
Link: https://lore.kernel.org/r/20220823160734.89036-1-michael.roth@amd.com
Diffstat (limited to 'tools')
0 files changed, 0 insertions, 0 deletions