git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Tom Lendacky <thomas.lendacky@amd.com>
	Wed, 30 Jul 2025 14:17:48 +0000 (09:17 -0500)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 15 Aug 2025 10:14:12 +0000 (12:14 +0200)
commit	aed15fc08f15dbb15822b2a0b653f67e76aa0fdf
tree	2fb30f588d7db2eb8f591e2c1e9aa5fff5f0d2e1	tree \| snapshot
parent	c884cab3bb60a55120056bef337f322de41e39d6	commit \| diff

x86/sev: Evict cache lines during SNP memory validation

Commit 7b306dfa326f70114312b320d083b21fa9481e1e upstream.

An SNP cache coherency vulnerability requires a cache line eviction
mitigation when validating memory after a page state change to private.
The specific mitigation is to touch the first and last byte of each 4K
page that is being validated. There is no need to perform the mitigation
when performing a page state change to shared and rescinding validation.

CPUID bit Fn8000001F_EBX[31] defines the COHERENCY_SFW_NO CPUID bit that,
when set, indicates that the software mitigation for this vulnerability is
not needed.

Implement the mitigation and invoke it when validating memory (making it
private) and the COHERENCY_SFW_NO bit is not set, indicating the SNP guest
is vulnerable.

Co-developed-by: Michael Roth <michael.roth@amd.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

arch/x86/boot/cpuflags.c		diff \| blob \| blame \| history
arch/x86/coco/sev/shared.c		diff \| blob \| blame \| history
arch/x86/include/asm/cpufeatures.h		diff \| blob \| blame \| history
arch/x86/kernel/cpu/scattered.c		diff \| blob \| blame \| history