aeb8eaef4ab8de2ae772efb5fa98668cb22f4a2b - third_party/kernel

commit	aeb8eaef4ab8de2ae772efb5fa98668cb22f4a2b	[log] [tgz]
author	Joerg Roedel <jroedel@suse.de>	Wed Jun 21 17:42:42 2023 +0200
committer	He Gao <hegao@google.com>	Thu Nov 09 21:55:44 2023 +0000
tree	7da7d127325d1131b7ac9200c05bbb9c399d6bab
parent	40823d50fbb11ad9f3a582c75433bb7adecd553e [diff]

x86/sev: Check IOBM for IOIO exceptions from user-space

Upstream commit: b9cb9c45583b911e0db71d09caa6b56469eb2bdf

Check the IO permission bitmap (if present) before emulating IOIO #VC
exceptions for user-space. These permissions are checked by hardware
already before the #VC is raised, but due to the VC-handler decoding
race it needs to be checked again in software.

Cherry-pick to release branch to fix CVE-2023-46813.

BUG=b/309761155
TEST=presubmit
RELEASE_NOTE=None

Fixes: 25189d08e516 ("x86/sev-es: Add support for handling IOIO exceptions")
Reported-by: Tom Dohrmann <erbse.13@gmx.de>
Change-Id: Icdd55335912d0aa3a8179cdefa58943e580eb4c4
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Tested-by: Tom Dohrmann <erbse.13@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/60998
Reviewed-by: Nandhini Rengaraj <nrengaraj@google.com>
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>

3 files changed

tree: 7da7d127325d1131b7ac9200c05bbb9c399d6bab