On Wed, Feb 17, 2021 at 01:01:42PM +0100, Joerg Roedel wrote:
From: Joerg Roedel jroedel@suse.de
The code in the NMI handler to adjust the #VC handler IST stack is needed in case an NMI hits when the #VC handler is still using its IST stack. But the check for this condition also needs to look if the regs->sp value is trusted, meaning it was not set by user-space. Extend the check to not use regs->sp when the NMI interrupted user-space code or the SYSCALL gap.
Reported-by: Andy Lutomirski luto@kernel.org Fixes: 315562c9af3d5 ("x86/sev-es: Adjust #VC IST Stack on entering NMI handler") Cc: stable@vger.kernel.org # 5.10+ Signed-off-by: Joerg Roedel jroedel@suse.de
arch/x86/kernel/sev-es.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/sev-es.c b/arch/x86/kernel/sev-es.c index 84c1821819af..0df38b185d53 100644 --- a/arch/x86/kernel/sev-es.c +++ b/arch/x86/kernel/sev-es.c @@ -144,7 +144,9 @@ void noinstr __sev_es_ist_enter(struct pt_regs *regs) old_ist = __this_cpu_read(cpu_tss_rw.x86_tss.ist[IST_INDEX_VC]); /* Make room on the IST stack */
- if (on_vc_stack(regs->sp))
- if (on_vc_stack(regs->sp) &&
!user_mode(regs) &&!from_syscall_gap(regs))
Why not add those checks to on_vc_stack() directly? Because in it, you can say:
on_vc_stack():
/* user mode rSP is not trusted */ if (user_mode()) return false;
/* ditto */ if (ip_within_syscall_gap()) return false;
...
?