x86/sev-es: Handle instruction fetches from user-space

When a #VC exception is triggered by user-space, the instruction decoder
needs to read the instruction bytes from user addresses. Enhance
vc_decode_insn() to safely fetch kernel and user instructions.

Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20200907131613.12703-49-joro@8bytes.org
This commit is contained in:
Joerg Roedel 2020-09-07 15:15:49 +02:00 коммит произвёл Borislav Petkov
Родитель d3529bb73f
Коммит 5e3427a7bc
1 изменённых файлов: 22 добавлений и 9 удалений

Просмотреть файл

@ -232,16 +232,29 @@ static enum es_result vc_decode_insn(struct es_em_ctxt *ctxt)
enum es_result ret;
int res;
res = vc_fetch_insn_kernel(ctxt, buffer);
if (unlikely(res == -EFAULT)) {
if (user_mode(ctxt->regs)) {
res = insn_fetch_from_user(ctxt->regs, buffer);
if (!res) {
ctxt->fi.vector = X86_TRAP_PF;
ctxt->fi.error_code = 0;
ctxt->fi.error_code = X86_PF_INSTR | X86_PF_USER;
ctxt->fi.cr2 = ctxt->regs->ip;
return ES_EXCEPTION;
}
if (!insn_decode(&ctxt->insn, ctxt->regs, buffer, res))
return ES_DECODE_FAILED;
} else {
res = vc_fetch_insn_kernel(ctxt, buffer);
if (res) {
ctxt->fi.vector = X86_TRAP_PF;
ctxt->fi.error_code = X86_PF_INSTR;
ctxt->fi.cr2 = ctxt->regs->ip;
return ES_EXCEPTION;
}
insn_init(&ctxt->insn, buffer, MAX_INSN_SIZE - res, 1);
insn_get_length(&ctxt->insn);
}
ret = ctxt->insn.immediate.got ? ES_OK : ES_DECODE_FAILED;