x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (9704c07b) · Commits · Mirrors / github.com / raspberrypi_linux · GitLab

Commit 9704c07b authored Feb 09, 2022 by

Brijesh Singh Committed by Borislav Petkov Apr 06, 2022

x86/kernel: Validate ROM memory before accessing when SEV-SNP is active



probe_roms() accesses the memory range (0xc0000 - 0x10000) to probe
various ROMs. The memory range is not part of the E820 system RAM range.
The memory range is mapped as private (i.e encrypted) in the page table.

When SEV-SNP is active, all the private memory must be validated before
accessing. The ROM range was not part of E820 map, so the guest BIOS
did not validate it. An access to invalidated memory will cause a
exception yet, so validate the ROM memory regions before it is accessed.

  [ bp: Massage commit message. ]

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20220307213356.2797205-21-brijesh.singh@amd.com

parent efac0eed

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 4338e40d
· Apr 06, 2024

mentioned in commit 4338e40d

mentioned in commit 4338e40da808e4c624c1a32bc922e3b9dfe720de

Toggle commit list

Please register or to comment