Breaks the build.
usb-gadget-uvc-add-binterval-checking-for-hs-mode.patch
usb-webcam-invalid-size-of-processing-unit-descripto.patch
x86-sev-do-not-require-hypervisor-cpuid-bit-for-sev-.patch
-x86-boot-compressed-64-check-sev-encryption-in-the-3.patch
crypto-hisilicon-sec-fixes-a-printing-error.patch
genirq-matrix-prevent-allocation-counter-corruption.patch
usb-gadget-f_uac2-validate-input-parameters.patch
+++ /dev/null
-From 16ea59ed120b63c47ea695b88acbf92d28bf2cab Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Fri, 12 Mar 2021 13:38:23 +0100
-Subject: x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path
-
-From: Joerg Roedel <jroedel@suse.de>
-
-[ Upstream commit fef81c86262879d4b1176ef51a834c15b805ebb9 ]
-
-Check whether the hypervisor reported the correct C-bit when running
-as an SEV guest. Using a wrong C-bit position could be used to leak
-sensitive data from the guest to the hypervisor.
-
-Signed-off-by: Joerg Roedel <jroedel@suse.de>
-Signed-off-by: Borislav Petkov <bp@suse.de>
-Link: https://lkml.kernel.org/r/20210312123824.306-8-joro@8bytes.org
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- arch/x86/boot/compressed/head_64.S | 83 ++++++++++++++++++++++++++++++
- 1 file changed, 83 insertions(+)
-
-diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
-index 017de6cc87dc..042c1a41ca58 100644
---- a/arch/x86/boot/compressed/head_64.S
-+++ b/arch/x86/boot/compressed/head_64.S
-@@ -172,11 +172,21 @@ SYM_FUNC_START(startup_32)
- */
- call get_sev_encryption_bit
- xorl %edx, %edx
-+#ifdef CONFIG_AMD_MEM_ENCRYPT
- testl %eax, %eax
- jz 1f
- subl $32, %eax /* Encryption bit is always above bit 31 */
- bts %eax, %edx /* Set encryption mask for page tables */
-+ /*
-+ * Mark SEV as active in sev_status so that startup32_check_sev_cbit()
-+ * will do a check. The sev_status memory will be fully initialized
-+ * with the contents of MSR_AMD_SEV_STATUS later in
-+ * set_sev_encryption_mask(). For now it is sufficient to know that SEV
-+ * is active.
-+ */
-+ movl $1, rva(sev_status)(%ebp)
- 1:
-+#endif
-
- /* Initialize Page tables to 0 */
- leal rva(pgtable)(%ebx), %edi
-@@ -261,6 +271,9 @@ SYM_FUNC_START(startup_32)
- movl %esi, %edx
- 1:
- #endif
-+ /* Check if the C-bit position is correct when SEV is active */
-+ call startup32_check_sev_cbit
-+
- pushl $__KERNEL_CS
- pushl %eax
-
-@@ -786,6 +799,76 @@ SYM_DATA_START_LOCAL(loaded_image_proto)
- SYM_DATA_END(loaded_image_proto)
- #endif
-
-+/*
-+ * Check for the correct C-bit position when the startup_32 boot-path is used.
-+ *
-+ * The check makes use of the fact that all memory is encrypted when paging is
-+ * disabled. The function creates 64 bits of random data using the RDRAND
-+ * instruction. RDRAND is mandatory for SEV guests, so always available. If the
-+ * hypervisor violates that the kernel will crash right here.
-+ *
-+ * The 64 bits of random data are stored to a memory location and at the same
-+ * time kept in the %eax and %ebx registers. Since encryption is always active
-+ * when paging is off the random data will be stored encrypted in main memory.
-+ *
-+ * Then paging is enabled. When the C-bit position is correct all memory is
-+ * still mapped encrypted and comparing the register values with memory will
-+ * succeed. An incorrect C-bit position will map all memory unencrypted, so that
-+ * the compare will use the encrypted random data and fail.
-+ */
-+SYM_FUNC_START(startup32_check_sev_cbit)
-+#ifdef CONFIG_AMD_MEM_ENCRYPT
-+ pushl %eax
-+ pushl %ebx
-+ pushl %ecx
-+ pushl %edx
-+
-+ /* Check for non-zero sev_status */
-+ movl rva(sev_status)(%ebp), %eax
-+ testl %eax, %eax
-+ jz 4f
-+
-+ /*
-+ * Get two 32-bit random values - Don't bail out if RDRAND fails
-+ * because it is better to prevent forward progress if no random value
-+ * can be gathered.
-+ */
-+1: rdrand %eax
-+ jnc 1b
-+2: rdrand %ebx
-+ jnc 2b
-+
-+ /* Store to memory and keep it in the registers */
-+ movl %eax, rva(sev_check_data)(%ebp)
-+ movl %ebx, rva(sev_check_data+4)(%ebp)
-+
-+ /* Enable paging to see if encryption is active */
-+ movl %cr0, %edx /* Backup %cr0 in %edx */
-+ movl $(X86_CR0_PG | X86_CR0_PE), %ecx /* Enable Paging and Protected mode */
-+ movl %ecx, %cr0
-+
-+ cmpl %eax, rva(sev_check_data)(%ebp)
-+ jne 3f
-+ cmpl %ebx, rva(sev_check_data+4)(%ebp)
-+ jne 3f
-+
-+ movl %edx, %cr0 /* Restore previous %cr0 */
-+
-+ jmp 4f
-+
-+3: /* Check failed - hlt the machine */
-+ hlt
-+ jmp 3b
-+
-+4:
-+ popl %edx
-+ popl %ecx
-+ popl %ebx
-+ popl %eax
-+#endif
-+ ret
-+SYM_FUNC_END(startup32_check_sev_cbit)
-+
- /*
- * Stack and heap for uncompression
- */
---
-2.30.2
-
usb-gadget-uvc-add-binterval-checking-for-hs-mode.patch
usb-webcam-invalid-size-of-processing-unit-descripto.patch
x86-sev-do-not-require-hypervisor-cpuid-bit-for-sev-.patch
-x86-boot-compressed-64-check-sev-encryption-in-the-3.patch
crypto-hisilicon-sec-fixes-a-printing-error.patch
genirq-matrix-prevent-allocation-counter-corruption.patch
usb-gadget-f_uac2-validate-input-parameters.patch
+++ /dev/null
-From db5b3c39ef7095580b35a84f9cc2086224f968c6 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Fri, 12 Mar 2021 13:38:23 +0100
-Subject: x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path
-
-From: Joerg Roedel <jroedel@suse.de>
-
-[ Upstream commit fef81c86262879d4b1176ef51a834c15b805ebb9 ]
-
-Check whether the hypervisor reported the correct C-bit when running
-as an SEV guest. Using a wrong C-bit position could be used to leak
-sensitive data from the guest to the hypervisor.
-
-Signed-off-by: Joerg Roedel <jroedel@suse.de>
-Signed-off-by: Borislav Petkov <bp@suse.de>
-Link: https://lkml.kernel.org/r/20210312123824.306-8-joro@8bytes.org
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- arch/x86/boot/compressed/head_64.S | 83 ++++++++++++++++++++++++++++++
- 1 file changed, 83 insertions(+)
-
-diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
-index e94874f4bbc1..f670e0579a3b 100644
---- a/arch/x86/boot/compressed/head_64.S
-+++ b/arch/x86/boot/compressed/head_64.S
-@@ -172,11 +172,21 @@ SYM_FUNC_START(startup_32)
- */
- call get_sev_encryption_bit
- xorl %edx, %edx
-+#ifdef CONFIG_AMD_MEM_ENCRYPT
- testl %eax, %eax
- jz 1f
- subl $32, %eax /* Encryption bit is always above bit 31 */
- bts %eax, %edx /* Set encryption mask for page tables */
-+ /*
-+ * Mark SEV as active in sev_status so that startup32_check_sev_cbit()
-+ * will do a check. The sev_status memory will be fully initialized
-+ * with the contents of MSR_AMD_SEV_STATUS later in
-+ * set_sev_encryption_mask(). For now it is sufficient to know that SEV
-+ * is active.
-+ */
-+ movl $1, rva(sev_status)(%ebp)
- 1:
-+#endif
-
- /* Initialize Page tables to 0 */
- leal rva(pgtable)(%ebx), %edi
-@@ -261,6 +271,9 @@ SYM_FUNC_START(startup_32)
- movl %esi, %edx
- 1:
- #endif
-+ /* Check if the C-bit position is correct when SEV is active */
-+ call startup32_check_sev_cbit
-+
- pushl $__KERNEL_CS
- pushl %eax
-
-@@ -786,6 +799,76 @@ SYM_DATA_START_LOCAL(loaded_image_proto)
- SYM_DATA_END(loaded_image_proto)
- #endif
-
-+/*
-+ * Check for the correct C-bit position when the startup_32 boot-path is used.
-+ *
-+ * The check makes use of the fact that all memory is encrypted when paging is
-+ * disabled. The function creates 64 bits of random data using the RDRAND
-+ * instruction. RDRAND is mandatory for SEV guests, so always available. If the
-+ * hypervisor violates that the kernel will crash right here.
-+ *
-+ * The 64 bits of random data are stored to a memory location and at the same
-+ * time kept in the %eax and %ebx registers. Since encryption is always active
-+ * when paging is off the random data will be stored encrypted in main memory.
-+ *
-+ * Then paging is enabled. When the C-bit position is correct all memory is
-+ * still mapped encrypted and comparing the register values with memory will
-+ * succeed. An incorrect C-bit position will map all memory unencrypted, so that
-+ * the compare will use the encrypted random data and fail.
-+ */
-+SYM_FUNC_START(startup32_check_sev_cbit)
-+#ifdef CONFIG_AMD_MEM_ENCRYPT
-+ pushl %eax
-+ pushl %ebx
-+ pushl %ecx
-+ pushl %edx
-+
-+ /* Check for non-zero sev_status */
-+ movl rva(sev_status)(%ebp), %eax
-+ testl %eax, %eax
-+ jz 4f
-+
-+ /*
-+ * Get two 32-bit random values - Don't bail out if RDRAND fails
-+ * because it is better to prevent forward progress if no random value
-+ * can be gathered.
-+ */
-+1: rdrand %eax
-+ jnc 1b
-+2: rdrand %ebx
-+ jnc 2b
-+
-+ /* Store to memory and keep it in the registers */
-+ movl %eax, rva(sev_check_data)(%ebp)
-+ movl %ebx, rva(sev_check_data+4)(%ebp)
-+
-+ /* Enable paging to see if encryption is active */
-+ movl %cr0, %edx /* Backup %cr0 in %edx */
-+ movl $(X86_CR0_PG | X86_CR0_PE), %ecx /* Enable Paging and Protected mode */
-+ movl %ecx, %cr0
-+
-+ cmpl %eax, rva(sev_check_data)(%ebp)
-+ jne 3f
-+ cmpl %ebx, rva(sev_check_data+4)(%ebp)
-+ jne 3f
-+
-+ movl %edx, %cr0 /* Restore previous %cr0 */
-+
-+ jmp 4f
-+
-+3: /* Check failed - hlt the machine */
-+ hlt
-+ jmp 3b
-+
-+4:
-+ popl %edx
-+ popl %ecx
-+ popl %ebx
-+ popl %eax
-+#endif
-+ ret
-+SYM_FUNC_END(startup32_check_sev_cbit)
-+
- /*
- * Stack and heap for uncompression
- */
---
-2.30.2
-
usb-gadget-uvc-add-binterval-checking-for-hs-mode.patch
usb-webcam-invalid-size-of-processing-unit-descripto.patch
x86-sev-do-not-require-hypervisor-cpuid-bit-for-sev-.patch
-x86-boot-compressed-64-check-sev-encryption-in-the-3.patch
crypto-hisilicon-sec-fixes-a-printing-error.patch
genirq-matrix-prevent-allocation-counter-corruption.patch
usb-gadget-f_uac2-validate-input-parameters.patch
+++ /dev/null
-From 2c622aeb46b16fd945fc681fec16b989940b826d Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Fri, 12 Mar 2021 13:38:23 +0100
-Subject: x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path
-
-From: Joerg Roedel <jroedel@suse.de>
-
-[ Upstream commit fef81c86262879d4b1176ef51a834c15b805ebb9 ]
-
-Check whether the hypervisor reported the correct C-bit when running
-as an SEV guest. Using a wrong C-bit position could be used to leak
-sensitive data from the guest to the hypervisor.
-
-Signed-off-by: Joerg Roedel <jroedel@suse.de>
-Signed-off-by: Borislav Petkov <bp@suse.de>
-Link: https://lkml.kernel.org/r/20210312123824.306-8-joro@8bytes.org
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- arch/x86/boot/compressed/head_64.S | 83 ++++++++++++++++++++++++++++++
- 1 file changed, 83 insertions(+)
-
-diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
-index e94874f4bbc1..f670e0579a3b 100644
---- a/arch/x86/boot/compressed/head_64.S
-+++ b/arch/x86/boot/compressed/head_64.S
-@@ -172,11 +172,21 @@ SYM_FUNC_START(startup_32)
- */
- call get_sev_encryption_bit
- xorl %edx, %edx
-+#ifdef CONFIG_AMD_MEM_ENCRYPT
- testl %eax, %eax
- jz 1f
- subl $32, %eax /* Encryption bit is always above bit 31 */
- bts %eax, %edx /* Set encryption mask for page tables */
-+ /*
-+ * Mark SEV as active in sev_status so that startup32_check_sev_cbit()
-+ * will do a check. The sev_status memory will be fully initialized
-+ * with the contents of MSR_AMD_SEV_STATUS later in
-+ * set_sev_encryption_mask(). For now it is sufficient to know that SEV
-+ * is active.
-+ */
-+ movl $1, rva(sev_status)(%ebp)
- 1:
-+#endif
-
- /* Initialize Page tables to 0 */
- leal rva(pgtable)(%ebx), %edi
-@@ -261,6 +271,9 @@ SYM_FUNC_START(startup_32)
- movl %esi, %edx
- 1:
- #endif
-+ /* Check if the C-bit position is correct when SEV is active */
-+ call startup32_check_sev_cbit
-+
- pushl $__KERNEL_CS
- pushl %eax
-
-@@ -786,6 +799,76 @@ SYM_DATA_START_LOCAL(loaded_image_proto)
- SYM_DATA_END(loaded_image_proto)
- #endif
-
-+/*
-+ * Check for the correct C-bit position when the startup_32 boot-path is used.
-+ *
-+ * The check makes use of the fact that all memory is encrypted when paging is
-+ * disabled. The function creates 64 bits of random data using the RDRAND
-+ * instruction. RDRAND is mandatory for SEV guests, so always available. If the
-+ * hypervisor violates that the kernel will crash right here.
-+ *
-+ * The 64 bits of random data are stored to a memory location and at the same
-+ * time kept in the %eax and %ebx registers. Since encryption is always active
-+ * when paging is off the random data will be stored encrypted in main memory.
-+ *
-+ * Then paging is enabled. When the C-bit position is correct all memory is
-+ * still mapped encrypted and comparing the register values with memory will
-+ * succeed. An incorrect C-bit position will map all memory unencrypted, so that
-+ * the compare will use the encrypted random data and fail.
-+ */
-+SYM_FUNC_START(startup32_check_sev_cbit)
-+#ifdef CONFIG_AMD_MEM_ENCRYPT
-+ pushl %eax
-+ pushl %ebx
-+ pushl %ecx
-+ pushl %edx
-+
-+ /* Check for non-zero sev_status */
-+ movl rva(sev_status)(%ebp), %eax
-+ testl %eax, %eax
-+ jz 4f
-+
-+ /*
-+ * Get two 32-bit random values - Don't bail out if RDRAND fails
-+ * because it is better to prevent forward progress if no random value
-+ * can be gathered.
-+ */
-+1: rdrand %eax
-+ jnc 1b
-+2: rdrand %ebx
-+ jnc 2b
-+
-+ /* Store to memory and keep it in the registers */
-+ movl %eax, rva(sev_check_data)(%ebp)
-+ movl %ebx, rva(sev_check_data+4)(%ebp)
-+
-+ /* Enable paging to see if encryption is active */
-+ movl %cr0, %edx /* Backup %cr0 in %edx */
-+ movl $(X86_CR0_PG | X86_CR0_PE), %ecx /* Enable Paging and Protected mode */
-+ movl %ecx, %cr0
-+
-+ cmpl %eax, rva(sev_check_data)(%ebp)
-+ jne 3f
-+ cmpl %ebx, rva(sev_check_data+4)(%ebp)
-+ jne 3f
-+
-+ movl %edx, %cr0 /* Restore previous %cr0 */
-+
-+ jmp 4f
-+
-+3: /* Check failed - hlt the machine */
-+ hlt
-+ jmp 3b
-+
-+4:
-+ popl %edx
-+ popl %ecx
-+ popl %ebx
-+ popl %eax
-+#endif
-+ ret
-+SYM_FUNC_END(startup32_check_sev_cbit)
-+
- /*
- * Stack and heap for uncompression
- */
---
-2.30.2
-
projects / thirdparty / kernel / stable-queue.git / commitdiff
