On Mon, 8 Apr 2024 at 13:56, <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > This is a note to let you know that I've just added the patch titled > > x86/boot: Move mem_encrypt= parsing to the decompressor > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary > > The filename of the patch is: > x86-boot-move-mem_encrypt-parsing-to-the-decompressor.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable@xxxxxxxxxxxxxxx> know about it. > > > From cd0d9d92c8bb46e77de62efd7df13069ddd61e7d Mon Sep 17 00:00:00 2001 > From: Ard Biesheuvel <ardb@xxxxxxxxxx> > Date: Tue, 27 Feb 2024 16:19:14 +0100 > Subject: x86/boot: Move mem_encrypt= parsing to the decompressor > > From: Ard Biesheuvel <ardb@xxxxxxxxxx> > > commit cd0d9d92c8bb46e77de62efd7df13069ddd61e7d upstream. > > The early SME/SEV code parses the command line very early, in order to > decide whether or not memory encryption should be enabled, which needs > to occur even before the initial page tables are created. > > This is problematic for a number of reasons: > - this early code runs from the 1:1 mapping provided by the decompressor > or firmware, which uses a different translation than the one assumed by > the linker, and so the code needs to be built in a special way; > - parsing external input while the entire kernel image is still mapped > writable is a bad idea in general, and really does not belong in > security minded code; > - the current code ignores the built-in command line entirely (although > this appears to be the case for the entire decompressor) > > Given that the decompressor/EFI stub is an intrinsic part of the x86 > bootable kernel image, move the command line parsing there and out of > the core kernel. This removes the need to build lib/cmdline.o in a > special way, or to use RIP-relative LEA instructions in inline asm > blocks. > > This involves a new xloadflag in the setup header to indicate > that mem_encrypt=on appeared on the kernel command line. > > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> > Signed-off-by: Borislav Petkov (AMD) <bp@xxxxxxxxx> > Tested-by: Tom Lendacky <thomas.lendacky@xxxxxxx> > Link: https://lore.kernel.org/r/20240227151907.387873-17-ardb+git@xxxxxxxxxx > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > --- > arch/x86/boot/compressed/misc.c | 15 +++++++++++++++ > arch/x86/include/uapi/asm/bootparam.h | 1 + > arch/x86/lib/Makefile | 13 ------------- > arch/x86/mm/mem_encrypt_identity.c | 32 +++----------------------------- > drivers/firmware/efi/libstub/x86-stub.c | 3 +++ > 5 files changed, 22 insertions(+), 42 deletions(-) > > --- a/arch/x86/boot/compressed/misc.c > +++ b/arch/x86/boot/compressed/misc.c > @@ -358,6 +358,19 @@ unsigned long decompress_kernel(unsigned > } > > /* > + * Set the memory encryption xloadflag based on the mem_encrypt= command line > + * parameter, if provided. > + */ > +static void parse_mem_encrypt(struct setup_header *hdr) > +{ > + int on = cmdline_find_option_bool("mem_encrypt=on"); > + int off = cmdline_find_option_bool("mem_encrypt=off"); > + > + if (on > off) > + hdr->xloadflags |= XLF_MEM_ENCRYPTION; > +} > + > +/* > * The compressed kernel image (ZO), has been moved so that its position > * is against the end of the buffer used to hold the uncompressed kernel > * image (VO) and the execution environment (.bss, .brk), which makes sure > @@ -387,6 +400,8 @@ asmlinkage __visible void *extract_kerne > /* Clear flags intended for solely in-kernel use. */ > boot_params->hdr.loadflags &= ~KASLR_FLAG; > > + parse_mem_encrypt(&boot_params_ptr->hdr); > + s/boot_params_ptr/boot_params
