| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Mar 2020 15:43:16 -0400
From: Ross Philipson <ross.philipson@...cle.com>
To: linux-kernel@...r.kernel.org, x86@...nel.org,
linux-doc@...r.kernel.org
Cc: ross.philipson@...cle.com, dpsmith@...rtussolutions.com,
tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, hpa@...or.com,
trenchboot-devel@...glegroups.com
Subject: [RFC PATCH 11/12] kexec: Secure Launch kexec SEXIT support
Prior to running the next kernel via kexec, the Secure Launch code
closes down private SMX resources and does an SEXIT. This allows the
next kernel to start normally without any issues starting the APs etc.
Signed-off-by: Ross Philipson <ross.philipson@...cle.com>
---
arch/x86/kernel/slaunch.c | 65 +++++++++++++++++++++++++++++++++++++++
kernel/kexec_core.c | 3 ++
2 files changed, 68 insertions(+)
diff --git a/arch/x86/kernel/slaunch.c b/arch/x86/kernel/slaunch.c
index fea15b0e36b7..516964408fe5 100644
--- a/arch/x86/kernel/slaunch.c
+++ b/arch/x86/kernel/slaunch.c
@@ -633,3 +633,68 @@ static void __exit slaunch_exit(void)
late_initcall(slaunch_late_init);
__exitcall(slaunch_exit);
+
+static inline void txt_getsec_sexit(void)
+{
+ asm volatile (".byte 0x0f,0x37\n"
+ : : "a" (SMX_X86_GETSEC_SEXIT));
+}
+
+void slaunch_sexit(void)
+{
+ void __iomem *config;
+ u64 one = 1, val;
+
+ if (!(slaunch_get_flags() & (SL_FLAG_ACTIVE|SL_FLAG_ARCH_TXT)))
+ return;
+
+ if (smp_processor_id() != 0) {
+ pr_err("Error TXT SEXIT must be called on CPU 0\n");
+ return;
+ }
+
+ config = ioremap(TXT_PRIV_CONFIG_REGS_BASE, TXT_NR_CONFIG_PAGES *
+ PAGE_SIZE);
+ if (!config) {
+ pr_err("Error SEXIT failed to ioremap TXT private reqs\n");
+ return;
+ }
+
+ /* Clear secrets bit for SEXIT */
+ memcpy_toio(config + TXT_CR_CMD_NO_SECRETS, &one, sizeof(u64));
+ memcpy_fromio(&val, config + TXT_CR_E2STS, sizeof(u64));
+
+ /* Unlock memory configurations */
+ memcpy_toio(config + TXT_CR_CMD_UNLOCK_MEM_CONFIG, &one, sizeof(u64));
+ memcpy_fromio(&val, config + TXT_CR_E2STS, sizeof(u64));
+
+ /* Close the TXT private register space */
+ memcpy_fromio(&val, config + TXT_CR_E2STS, sizeof(u64));
+ memcpy_toio(config + TXT_CR_CMD_CLOSE_PRIVATE, &one, sizeof(u64));
+
+ /*
+ * Calls to iounmap are not being done because of the state of the
+ * system this late in the kexec process. Local IRQs are disabled and
+ * iounmap causes a TLB flush which in turn causes a warning. Leaving
+ * thse mappings is not an issue since the next kernel is going to
+ * completely re-setup memory management.
+ */
+
+ /* Map public registers and do a final read fence */
+ config = ioremap(TXT_PUB_CONFIG_REGS_BASE, TXT_NR_CONFIG_PAGES *
+ PAGE_SIZE);
+ if (!config) {
+ pr_err("Error SEXIT failed to ioremap TXT public reqs\n");
+ return;
+ }
+
+ memcpy_fromio(&val, config + TXT_CR_E2STS, sizeof(u64));
+
+ /* Disable SMX mode */
+ cr4_set_bits(X86_CR4_SMXE);
+
+ /* Do the SEXIT SMX operation */
+ txt_getsec_sexit();
+
+ pr_emerg("TXT SEXIT complete.");
+}
diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c
index 15d70a90b50d..08105eeebf90 100644
--- a/kernel/kexec_core.c
+++ b/kernel/kexec_core.c
@@ -37,6 +37,7 @@
#include <linux/compiler.h>
#include <linux/hugetlb.h>
#include <linux/frame.h>
+#include <linux/slaunch.h>
#include <asm/page.h>
#include <asm/sections.h>
@@ -1173,6 +1174,8 @@ int kernel_kexec(void)
cpu_hotplug_enable();
pr_emerg("Starting new kernel\n");
machine_shutdown();
+
+ slaunch_sexit();
}
machine_kexec(kexec_image);
--
2.25.1
Powered by blists - more mailing lists