x86/sev: Disable MMIO emulation from user mode

Upstream commit: a37cd2a59d0cb270b1bba568fd3a3b8668b9d3ba

A virt scenario can be constructed where MMIO memory can be user memory.
When that happens, a race condition opens between when the hardware
raises the #VC and when the #VC handler gets to emulate the instruction.

If the MOVS is replaced with a MOVS accessing kernel memory in that
small race window, then write to kernel memory happens as the access
checks are not done at emulation time.

Disable MMIO emulation in user mode temporarily until a sensible use
case appears and justifies properly handling the race window.

Fixes: 0118b604c2c9 ("x86/sev-es: Handle MMIO String Instructions")
Reported-by: Tom Dohrmann <erbse.13@gmx.de>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Tested-by: Tom Dohrmann <erbse.13@gmx.de>
Cc: <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c
index a0064cf77e5629604d1cb09b86b1328862c565e3..439d99f0f47f1e190a2937ec8afbacd57b3c1ad3 100644 (file)
--- a/arch/x86/kernel/sev.c
+++ b/arch/x86/kernel/sev.c
@@ -1004,6 +1004,9 @@ static enum es_result vc_handle_mmio(struct ghcb *ghcb,
        enum es_result ret;
        long *reg_data;
 
+       if (user_mode(ctxt->regs))
+               return ES_UNSUPPORTED;
+
        switch (insn->opcode.bytes[0]) {
        /* MMIO Write */
        case 0x88: