CVE-2021-47228

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> x86/ioremap: Map EFI-reserved memory as encrypted for SEV<br /> <br /> Some drivers require memory that is marked as EFI boot services<br /> data. In order for this memory to not be re-used by the kernel<br /> after ExitBootServices(), efi_mem_reserve() is used to preserve it<br /> by inserting a new EFI memory descriptor and marking it with the<br /> EFI_MEMORY_RUNTIME attribute.<br /> <br /> Under SEV, memory marked with the EFI_MEMORY_RUNTIME attribute needs to<br /> be mapped encrypted by Linux, otherwise the kernel might crash at boot<br /> like below:<br /> <br /> EFI Variables Facility v0.08 2004-May-17<br /> general protection fault, probably for non-canonical address 0x3597688770a868b2: 0000 [#1] SMP NOPTI<br /> CPU: 13 PID: 1 Comm: swapper/0 Not tainted 5.12.4-2-default #1 openSUSE Tumbleweed<br /> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015<br /> RIP: 0010:efi_mokvar_entry_next<br /> [...]<br /> Call Trace:<br /> efi_mokvar_sysfs_init<br /> ? efi_mokvar_table_init<br /> do_one_initcall<br /> ? __kmalloc<br /> kernel_init_freeable<br /> ? rest_init<br /> kernel_init<br /> ret_from_fork<br /> <br /> Expand the __ioremap_check_other() function to additionally check for<br /> this other type of boot data reserved at runtime and indicate that it<br /> should be mapped encrypted for an SEV guest.<br /> <br /> [ bp: Massage commit message. ]