• Kairui Song's avatar
    x86/boot: Fix kexec booting failure in the SEV bit detection code · bdec8d7f
    Kairui Song authored
    Commit
    
      1958b5fc ("x86/boot: Add early boot support when running with SEV active")
    
    can occasionally cause system resets when kexec-ing a second kernel even
    if SEV is not active.
    
    That's because get_sev_encryption_bit() uses 32-bit rIP-relative
    addressing to read the value of enc_bit - a variable which caches a
    previously detected encryption bit position - but kexec may allocate
    the early boot code to a higher location, beyond the 32-bit addressing
    limit.
    
    In this case, garbage will be read and get_sev_encryption_bit() will
    return the wrong value, leading to accessing memory with the wrong
    encryption setting.
    
    Therefore, remove enc_bit, and thus get rid of the need to do 32-bit
    rIP-relative addressing in the first place.
    
     [ bp: massage commit message heavily. ]
    
    Fixes: 1958b5fc ("x86/boot: Add early boot support when running with SEV active")
    Suggested-by: default avatarBorislav Petkov <bp@suse.de>
    Signed-off-by: default avatarKairui Song <kasong@redhat.com>
    Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
    Reviewed-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
    Cc: linux-kernel@vger.kernel.org
    Cc: tglx@linutronix.de
    Cc: mingo@redhat.com
    Cc: hpa@zytor.com
    Cc: brijesh.singh@amd.com
    Cc: kexec@lists.infradead.org
    Cc: dyoung@redhat.com
    Cc: bhe@redhat.com
    Cc: ghook@redhat.com
    Link: https://lkml.kernel.org/r/20180927123845.32052-1-kasong@redhat.com
    bdec8d7f
mem_encrypt.S 2 KB