x86/sev: Check IOBM for IOIO exceptions from user-space

[ upstream commit b9cb9c45583b911e0db71d09caa6b56469eb2bdf ]

Check the IO permission bitmap (if present) before emulating IOIO #VC
exceptions for user-space. These permissions are checked by hardware
already before the #VC is raised, but due to the VC-handler decoding
race it needs to be checked again in software.

RELEASE_NOTE=Fixes CVE-2023-46813.

Fixes: 25189d08e516 ("x86/sev-es: Add support for handling IOIO exceptions")
Reported-by: Tom Dohrmann <erbse.13@gmx.de>
Change-Id: I2706d20137e1d96d095cfd9f8e86aa6db2469603
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Tested-by: Tom Dohrmann <erbse.13@gmx.de>
Cc: <stable@kernel.org>
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/61354
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Reviewed-by: Oleksandr Tymoshenko <ovt@google.com>
3 files changed