From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=ia70=ED=vger.kernel.org=linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 8A7E5C388F7
	for <linux-kernel@archiver.kernel.org>; Wed, 28 Oct 2020 22:36:35 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 44A402072C
	for <linux-kernel@archiver.kernel.org>; Wed, 28 Oct 2020 22:36:35 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388443AbgJ1Wge (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Wed, 28 Oct 2020 18:36:34 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56798 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S2388416AbgJ1Wg0 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 28 Oct 2020 18:36:26 -0400
Received: from theia.8bytes.org (8bytes.org [IPv6:2a01:238:4383:600:38bc:a715:4b6d:a889])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 39560C0613CF
        for <linux-kernel@vger.kernel.org>; Wed, 28 Oct 2020 15:36:26 -0700 (PDT)
Received: by theia.8bytes.org (Postfix, from userid 1000)
        id 01FC73D9; Wed, 28 Oct 2020 09:31:05 +0100 (CET)
Date:   Wed, 28 Oct 2020 09:31:04 +0100
From:   Joerg Roedel <joro@8bytes.org>
To:     Borislav Petkov <bp@alien8.de>
Cc:     x86@kernel.org, Joerg Roedel <jroedel@suse.de>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Andy Lutomirski <luto@kernel.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Kees Cook <keescook@chromium.org>,
        Arvind Sankar <nivedita@alum.mit.edu>,
        Martin Radev <martin.b.radev@gmail.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3 2/5] x86/boot/compressed/64: Add CPUID sanity check to
 early #VC handler
Message-ID: <20201028083104.GB18723@8bytes.org>
References: <20201021123938.3696-1-joro@8bytes.org>
 <20201021123938.3696-3-joro@8bytes.org>
 <20201027103846.GB15580@zn.tnic>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20201027103846.GB15580@zn.tnic>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Oct 27, 2020 at 11:38:46AM +0100, Borislav Petkov wrote:
> So why are we doing those checks here at all then? I mean, the HV
> can tell us whatever it wants, i.e., make sure those checks pass but
> still report the C-bit at the wrong position. Which means that those
> checks are simply meh. So why are we doing them at all? To catch stupid
> hypervisors who can't even lie properly to the guest? :-)

To avoid that the HV tricks the kernel into the no_sev boot path, where
it would map memory unencrypted and possibly leak sensitive data. The HV
can do so by pretending SEV is disabled at all and by reporting the
wrond C-bit position. Both cases need to be checked.


Regards,

	Joerg