x86/boot/compressed/64: Cleanup exception handling before booting kernel

Disable the exception handling before booting the kernel to make sure
any exceptions that happen during early kernel boot are not directed to
the pre-decompression code.

Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210312123824.306-2-joro@8bytes.org
This commit is contained in:
Joerg Roedel 2021-03-10 09:43:19 +01:00 committed by Borislav Petkov
parent afb4a37778
commit b099155e2d
3 changed files with 22 additions and 5 deletions

View File

@ -52,3 +52,17 @@ void load_stage2_idt(void)
load_boot_idt(&boot_idt_desc); load_boot_idt(&boot_idt_desc);
} }
void cleanup_exception_handling(void)
{
/*
* Flush GHCB from cache and map it encrypted again when running as
* SEV-ES guest.
*/
sev_es_shutdown_ghcb();
/* Set a null-idt, disabling #PF and #VC handling */
boot_idt_desc.size = 0;
boot_idt_desc.address = 0;
load_boot_idt(&boot_idt_desc);
}

View File

@ -443,11 +443,8 @@ asmlinkage __visible void *extract_kernel(void *rmode, memptr heap,
handle_relocations(output, output_len, virt_addr); handle_relocations(output, output_len, virt_addr);
debug_putstr("done.\nBooting the kernel.\n"); debug_putstr("done.\nBooting the kernel.\n");
/* /* Disable exception handling before booting the kernel */
* Flush GHCB from cache and map it encrypted again when running as cleanup_exception_handling();
* SEV-ES guest.
*/
sev_es_shutdown_ghcb();
return output; return output;
} }

View File

@ -155,6 +155,12 @@ extern pteval_t __default_kernel_pte_mask;
extern gate_desc boot_idt[BOOT_IDT_ENTRIES]; extern gate_desc boot_idt[BOOT_IDT_ENTRIES];
extern struct desc_ptr boot_idt_desc; extern struct desc_ptr boot_idt_desc;
#ifdef CONFIG_X86_64
void cleanup_exception_handling(void);
#else
static inline void cleanup_exception_handling(void) { }
#endif
/* IDT Entry Points */ /* IDT Entry Points */
void boot_page_fault(void); void boot_page_fault(void);
void boot_stage1_vc(void); void boot_stage1_vc(void);