x86/boot/compressed/64: Cleanup exception handling before booting kernel

Disable the exception handling before booting the kernel to make sure
any exceptions that happen during early kernel boot are not directed to
the pre-decompression code.

Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210312123824.306-2-joro@8bytes.org

diff --git a/arch/x86/boot/compressed/idt_64.c b/arch/x86/boot/compressed/idt_64.c
index 804a502ee0d28bae40d754a00d282a5aa8ffeb51..9b93567d663a9003d25a8d3f9a3ff6029da28458 100644 (file)
--- a/arch/x86/boot/compressed/idt_64.c
+++ b/arch/x86/boot/compressed/idt_64.c
@@ -52,3 +52,17 @@ void load_stage2_idt(void)
 
        load_boot_idt(&boot_idt_desc);
 }
+
+void cleanup_exception_handling(void)
+{
+       /*
+        * Flush GHCB from cache and map it encrypted again when running as
+        * SEV-ES guest.
+        */
+       sev_es_shutdown_ghcb();
+
+       /* Set a null-idt, disabling #PF and #VC handling */
+       boot_idt_desc.size    = 0;
+       boot_idt_desc.address = 0;
+       load_boot_idt(&boot_idt_desc);
+}

diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
index 267e7f93050ef322cec5e29a742d685c6661b75c..cc9fd0e8766a14c2c344f47f99c023a69dd79ac2 100644 (file)
--- a/arch/x86/boot/compressed/misc.c
+++ b/arch/x86/boot/compressed/misc.c
@@ -443,11 +443,8 @@ asmlinkage __visible void *extract_kernel(void *rmode, memptr heap,
        handle_relocations(output, output_len, virt_addr);
        debug_putstr("done.\nBooting the kernel.\n");
 
-       /*
-        * Flush GHCB from cache and map it encrypted again when running as
-        * SEV-ES guest.
-        */
-       sev_es_shutdown_ghcb();
+       /* Disable exception handling before booting the kernel */
+       cleanup_exception_handling();
 
        return output;
 }

diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h
index 901ea5ebec22a7b9e599b2e2fee990447993544e..e5612f035498c15d2762911807ad4c518638e390 100644 (file)
--- a/arch/x86/boot/compressed/misc.h
+++ b/arch/x86/boot/compressed/misc.h
@@ -155,6 +155,12 @@ extern pteval_t __default_kernel_pte_mask;
 extern gate_desc boot_idt[BOOT_IDT_ENTRIES];
 extern struct desc_ptr boot_idt_desc;
 
+#ifdef CONFIG_X86_64
+void cleanup_exception_handling(void);
+#else
+static inline void cleanup_exception_handling(void) { }
+#endif
+
 /* IDT Entry Points */
 void boot_page_fault(void);
 void boot_stage1_vc(void);