x86/sev: Harden #VC instruction emulation somewhat

Compare the opcode bytes at rIP for each #VC exit reason to verify the instruction which raised the #VC exception is actually the right one. Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Link: https://lore.kernel.org/r/20240105101407.11694-1-bp@alien8.de
author: Borislav Petkov (AMD) <bp@alien8.de> 2024-01-05 11:14:07 +0100
committer: Borislav Petkov (AMD) <bp@alien8.de> 2024-01-29 17:08:22 +0100
commit: e3ef461af35a8c74f2f4ce6616491ddb355a208f (patch)
tree: 105ccfe4c6c6774dfde29111f36ae23427f69227 /arch/x86/boot/compressed/sev.c
parent: 41bccc98fb7931d63d03f326a746ac4d429c1dd3 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c
index 454acd7a2daf..073291832f44 100644
--- a/arch/x86/boot/compressed/sev.c
+++ b/arch/x86/boot/compressed/sev.c
@@ -304,6 +304,10 @@ void do_boot_stage2_vc(struct pt_regs *regs, unsigned long exit_code)
 	if (result != ES_OK)
 		goto finish;
 
+	result = vc_check_opcode_bytes(&ctxt, exit_code);
+	if (result != ES_OK)
+		goto finish;
+
 	switch (exit_code) {
 	case SVM_EXIT_RDTSC:
 	case SVM_EXIT_RDTSCP:
author	Borislav Petkov (AMD) <bp@alien8.de>	2024-01-05 11:14:07 +0100
committer	Borislav Petkov (AMD) <bp@alien8.de>	2024-01-29 17:08:22 +0100
commit	e3ef461af35a8c74f2f4ce6616491ddb355a208f (patch)
tree	105ccfe4c6c6774dfde29111f36ae23427f69227 /arch/x86/boot/compressed/sev.c
parent	41bccc98fb7931d63d03f326a746ac4d429c1dd3 (diff)