linux/arch/x86/kernel/sev_verify_cbit.S
Peter Zijlstra f94909ceb1 x86: Prepare asm files for straight-line-speculation
Replace all ret/retq instructions with RET in preparation of making
RET a macro. Since AS is case insensitive it's a big no-op without
RET defined.

  find arch/x86/ -name \*.S | while read file
  do
	sed -i 's/\<ret[q]*\>/RET/' $file
  done

Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org
2021-12-08 12:25:37 +01:00

90 lines
2.4 KiB
ArmAsm

/* SPDX-License-Identifier: GPL-2.0-only */
/*
* sev_verify_cbit.S - Code for verification of the C-bit position reported
* by the Hypervisor when running with SEV enabled.
*
* Copyright (c) 2020 Joerg Roedel (jroedel@suse.de)
*
* sev_verify_cbit() is called before switching to a new long-mode page-table
* at boot.
*
* Verify that the C-bit position is correct by writing a random value to
* an encrypted memory location while on the current page-table. Then it
* switches to the new page-table to verify the memory content is still the
* same. After that it switches back to the current page-table and when the
* check succeeded it returns. If the check failed the code invalidates the
* stack pointer and goes into a hlt loop. The stack-pointer is invalidated to
* make sure no interrupt or exception can get the CPU out of the hlt loop.
*
* New page-table pointer is expected in %rdi (first parameter)
*
*/
SYM_FUNC_START(sev_verify_cbit)
#ifdef CONFIG_AMD_MEM_ENCRYPT
/* First check if a C-bit was detected */
movq sme_me_mask(%rip), %rsi
testq %rsi, %rsi
jz 3f
/* sme_me_mask != 0 could mean SME or SEV - Check also for SEV */
movq sev_status(%rip), %rsi
testq %rsi, %rsi
jz 3f
/* Save CR4 in %rsi */
movq %cr4, %rsi
/* Disable Global Pages */
movq %rsi, %rdx
andq $(~X86_CR4_PGE), %rdx
movq %rdx, %cr4
/*
* Verified that running under SEV - now get a random value using
* RDRAND. This instruction is mandatory when running as an SEV guest.
*
* Don't bail out of the loop if RDRAND returns errors. It is better to
* prevent forward progress than to work with a non-random value here.
*/
1: rdrand %rdx
jnc 1b
/* Store value to memory and keep it in %rdx */
movq %rdx, sev_check_data(%rip)
/* Backup current %cr3 value to restore it later */
movq %cr3, %rcx
/* Switch to new %cr3 - This might unmap the stack */
movq %rdi, %cr3
/*
* Compare value in %rdx with memory location. If C-bit is incorrect
* this would read the encrypted data and make the check fail.
*/
cmpq %rdx, sev_check_data(%rip)
/* Restore old %cr3 */
movq %rcx, %cr3
/* Restore previous CR4 */
movq %rsi, %cr4
/* Check CMPQ result */
je 3f
/*
* The check failed, prevent any forward progress to prevent ROP
* attacks, invalidate the stack and go into a hlt loop.
*/
xorq %rsp, %rsp
subq $0x1000, %rsp
2: hlt
jmp 2b
3:
#endif
/* Return page-table pointer */
movq %rdi, %rax
RET
SYM_FUNC_END(sev_verify_cbit)