Re: Patch "x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path" has been added to the 5.12-stable tree
From: Greg KH
Date: Sat May 08 2021 - 06:36:11 EST
On Fri, May 07, 2021 at 11:22:23PM -0400, Sasha Levin wrote:
> This is a note to let you know that I've just added the patch titled
>
> x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path
>
> to the 5.12-stable tree which can be found at:
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
>
> The filename of the patch is:
> x86-boot-compressed-64-check-sev-encryption-in-the-3.patch
> and it can be found in the queue-5.12 subdirectory.
>
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable@xxxxxxxxxxxxxxx> know about it.
>
>
>
> commit 2c622aeb46b16fd945fc681fec16b989940b826d
> Author: Joerg Roedel <jroedel@xxxxxxx>
> Date: Fri Mar 12 13:38:23 2021 +0100
>
> x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path
>
> [ Upstream commit fef81c86262879d4b1176ef51a834c15b805ebb9 ]
>
> Check whether the hypervisor reported the correct C-bit when running
> as an SEV guest. Using a wrong C-bit position could be used to leak
> sensitive data from the guest to the hypervisor.
>
> Signed-off-by: Joerg Roedel <jroedel@xxxxxxx>
> Signed-off-by: Borislav Petkov <bp@xxxxxxx>
> Link: https://lkml.kernel.org/r/20210312123824.306-8-joro@xxxxxxxxxx
> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
This breaks the build (link time) for 5.12, 5.11, and 5.10 trees, so
I'll go drop it for now.
if it needs to come back, can someone submit a working version?
thanks,
greg k-h