lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 3 Jun 2020 16:23:25 +0200
From:   Joerg Roedel <joro@...tes.org>
To:     Sean Christopherson <sean.j.christopherson@...el.com>
Cc:     x86@...nel.org, hpa@...or.com, Andy Lutomirski <luto@...nel.org>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Thomas Hellstrom <thellstrom@...are.com>,
        Jiri Slaby <jslaby@...e.cz>,
        Dan Williams <dan.j.williams@...el.com>,
        Tom Lendacky <thomas.lendacky@....com>,
        Juergen Gross <jgross@...e.com>,
        Kees Cook <keescook@...omium.org>,
        David Rientjes <rientjes@...gle.com>,
        Cfir Cohen <cfir@...gle.com>,
        Erdem Aktas <erdemaktas@...gle.com>,
        Masami Hiramatsu <mhiramat@...nel.org>,
        Mike Stunes <mstunes@...are.com>,
        Joerg Roedel <jroedel@...e.de>, linux-kernel@...r.kernel.org,
        kvm@...r.kernel.org, virtualization@...ts.linux-foundation.org
Subject: Re: [PATCH v3 25/75] x86/sev-es: Add support for handling IOIO
 exceptions

Hi Jean,

On Tue, May 19, 2020 at 11:20:55PM -0700, Sean Christopherson wrote:
> On Tue, Apr 28, 2020 at 05:16:35PM +0200, Joerg Roedel wrote:
> > +		/*
> > +		 * For the string variants with rep prefix the amount of in/out
> > +		 * operations per #VC exception is limited so that the kernel
> > +		 * has a chance to take interrupts an re-schedule while the
> > +		 * instruction is emulated.
> 
> Doesn't this also suppress single-step #DBs?

Yes it does.

> 
> > +		 */
> > +		io_bytes   = (exit_info_1 >> 4) & 0x7;
> > +		ghcb_count = sizeof(ghcb->shared_buffer) / io_bytes;
> > +
> > +		op_count    = (exit_info_1 & IOIO_REP) ? regs->cx : 1;
> > +		exit_info_2 = min(op_count, ghcb_count);
> > +		exit_bytes  = exit_info_2 * io_bytes;
> > +
> > +		es_base = insn_get_seg_base(ctxt->regs, INAT_SEG_REG_ES);
> > +
> > +		if (!(exit_info_1 & IOIO_TYPE_IN)) {
> > +			ret = vc_insn_string_read(ctxt,
> > +					       (void *)(es_base + regs->si),
> 
> SEV(-ES) is 64-bit only, why bother with the es_base charade?

User-space can also cause IOIO #VC exceptions, and user-space can be
32-bit legacy code with segments, so es_base has to be taken into
account.


> 
> > +					       ghcb->shared_buffer, io_bytes,
> > +					       exit_info_2, df);
> 
> df handling is busted, it's aways non-zero.  Same goes for the SI/DI
> adjustments below.

Right, this is fixed now.

> Batching the memory accesses and I/O accesses separately is technically
> wrong, e.g. a #DB on a memory access will result in bogus data being shown
> in the debugger.  In practice it seems unlikely to matter, but I'm curious
> as to why string I/O is supported in the first place.  I didn't think there
> was that much string I/O in the kernel?

True, #DBs won't be correct anymore. Currently debugging is not
supported in SEV-ES guests anyway, but if it is supported the #DB
exception would happen in the #VC handler and not on the original
instruction.


Regards,

	Joerg

Powered by blists - more mailing lists