x86/sev-es: Do not support MMIO to/from encrypted memory - bcachefs.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Joerg Roedel <jroedel@suse.de>	2020-10-28 17:46:59 +0100
committer	Borislav Petkov <bp@suse.de>	2020-10-29 19:27:42 +0100
commit	2411cd82112397bfb9d8f0f19cd46c3d71e0ce67 (patch)
tree	b49db12b5fb9ca93bd04725ab135439b153b381f /scripts
parent	c9f09539e16e281f92a27760fdfae71e8af036f6 (diff)

x86/sev-es: Do not support MMIO to/from encrypted memoryx86_seves_for_v5.10_rc3

MMIO memory is usually not mapped encrypted, so there is no reason to support emulated MMIO when it is mapped encrypted. Prevent a possible hypervisor attack where a RAM page is mapped as an MMIO page in the nested page-table, so that any guest access to it will trigger a #VC exception and leak the data on that page to the hypervisor via the GHCB (like with valid MMIO). On the read side this attack would allow the HV to inject data into the guest. Signed-off-by: Joerg Roedel <jroedel@suse.de> Signed-off-by: Borislav Petkov <bp@suse.de> Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com> Link: https://lkml.kernel.org/r/20201028164659.27002-6-joro@8bytes.org

Diffstat (limited to 'scripts')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: