x86/hyperv: Block root partition functionality in a Confidential VM
authorMichael Kelley <mikelley@microsoft.com>
Wed, 15 Mar 2023 15:34:13 +0000 (08:34 -0700)
committerWei Liu <wei.liu@kernel.org>
Fri, 17 Mar 2023 10:57:35 +0000 (10:57 +0000)
commitf8acb24aaf89fc46cd953229462ea8abe31b395f
tree77bb13ecdc7ea24043b60ec4e29e1bf1b54f7906
parent1eb65c8687316c65140b48fad27133d583178e15
x86/hyperv: Block root partition functionality in a Confidential VM

Hyper-V should never specify a VM that is a Confidential VM and also
running in the root partition.  Nonetheless, explicitly block such a
combination to guard against a compromised Hyper-V maliciously trying to
exploit root partition functionality in a Confidential VM to expose
Confidential VM secrets. No known bug is being fixed, but the attack
surface for Confidential VMs on Hyper-V is reduced.

Signed-off-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/1678894453-95392-1-git-send-email-mikelley@microsoft.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
arch/x86/kernel/cpu/mshyperv.c