@@ -1221,7 +1221,7 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp)
uint8_t kernel_hash[HASH_SIZE];
uint8_t *hashp;
size_t hash_len = HASH_SIZE;
- int aligned_len;
+ int aligned_len = ROUND_UP(sizeof(SevHashTable), 16);
/*
* Only add the kernel hashes if the sev-guest configuration explicitly
@@ -1237,6 +1237,11 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp)
return false;
}
area = (SevHashTableDescriptor *)data;
+ if (!area->base || area->size < aligned_len) {
+ error_setg(errp, "SEV: guest firmware hashes table area is invalid "
+ "(base=0x%x size=0x%x)", area->base, area->size);
+ return false;
+ }
/*
* Calculate hash of kernel command-line with the terminating null byte. If
@@ -1295,7 +1300,6 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp)
memcpy(ht->kernel.hash, kernel_hash, sizeof(ht->kernel.hash));
/* When calling sev_encrypt_flash, the length has to be 16 byte aligned */
- aligned_len = ROUND_UP(ht->len, 16);
if (aligned_len != ht->len) {
/* zero the excess data so the measurement can be reliably calculated */
memset(ht->padding, 0, aligned_len - ht->len);