x86/sev-es: Handle instruction fetches from user-space

When a #VC exception is triggered by user-space, the instruction decoder
needs to read the instruction bytes from user addresses. Enhance
vc_decode_insn() to safely fetch kernel and user instructions.

Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20200907131613.12703-49-joro@8bytes.org

arch/x86/kernel/sev-es.c

@@ -232,16 +232,29 @@ static enum es_result vc_decode_insn(struct es_em_ctxt *ctxt)
 	enum es_result ret;
 	int res;
 
-	res = vc_fetch_insn_kernel(ctxt, buffer);
+	if (user_mode(ctxt->regs)) {
-	if (unlikely(res == -EFAULT)) {
+		res = insn_fetch_from_user(ctxt->regs, buffer);
-		ctxt->fi.vector     = X86_TRAP_PF;
+		if (!res) {
-		ctxt->fi.error_code = 0;
+			ctxt->fi.vector     = X86_TRAP_PF;
-		ctxt->fi.cr2        = ctxt->regs->ip;
+			ctxt->fi.error_code = X86_PF_INSTR | X86_PF_USER;
-		return ES_EXCEPTION;
+			ctxt->fi.cr2        = ctxt->regs->ip;
-	}
+			return ES_EXCEPTION;
+		}
 
-	insn_init(&ctxt->insn, buffer, MAX_INSN_SIZE - res, 1);
+		if (!insn_decode(&ctxt->insn, ctxt->regs, buffer, res))
-	insn_get_length(&ctxt->insn);
+			return ES_DECODE_FAILED;
+	} else {
+		res = vc_fetch_insn_kernel(ctxt, buffer);
+		if (res) {
+			ctxt->fi.vector     = X86_TRAP_PF;
+			ctxt->fi.error_code = X86_PF_INSTR;
+			ctxt->fi.cr2        = ctxt->regs->ip;
+			return ES_EXCEPTION;
+		}
+
+		insn_init(&ctxt->insn, buffer, MAX_INSN_SIZE - res, 1);
+		insn_get_length(&ctxt->insn);
+	}
 
 	ret = ctxt->insn.immediate.got ? ES_OK : ES_DECODE_FAILED;