| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Apr 2021 08:05:36 -0500
From: Brijesh Singh <brijesh.singh@....com>
To: x86@...nel.org, linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Cc: brijesh.singh@....com, tglx@...utronix.de, bp@...en8.de,
jroedel@...e.de, thomas.lendacky@....com, pbonzini@...hat.com,
mingo@...hat.com, dave.hansen@...el.com, rientjes@...gle.com,
seanjc@...gle.com, peterz@...radead.org, hpa@...or.com,
tony.luck@...el.com
Subject: Re: [PATCH Part1 RFC v2 10/20] x86/sev: Add a helper for the
PVALIDATE instruction
On 4/30/21 7:16 AM, Brijesh Singh wrote:
> An SNP-active guest uses the PVALIDATE instruction to validate or
> rescind the validation of a guest page’s RMP entry. Upon completion,
> a return code is stored in EAX and rFLAGS bits are set based on the
> return code. If the instruction completed successfully, the CF
> indicates if the content of the RMP were changed or not.
>
> See AMD APM Volume 3 for additional details.
>
> Signed-off-by: Brijesh Singh <brijesh.singh@....com>
> ---
> arch/x86/include/asm/sev.h | 27 +++++++++++++++++++++++++++
> 1 file changed, 27 insertions(+)
>
> diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
> index 134a7c9d91b6..48f911a229ba 100644
> --- a/arch/x86/include/asm/sev.h
> +++ b/arch/x86/include/asm/sev.h
> @@ -59,6 +59,16 @@ extern void vc_no_ghcb(void);
> extern void vc_boot_ghcb(void);
> extern bool handle_vc_boot_ghcb(struct pt_regs *regs);
>
> +/* Return code of pvalidate */
> +#define PVALIDATE_SUCCESS 0
> +#define PVALIDATE_FAIL_INPUT 1
> +#define PVALIDATE_FAIL_SIZEMISMATCH 6
> +#define PVALIDATE_FAIL_NOUPDATE 255 /* Software defined (when rFlags.CF = 1) */
> +
> +/* RMP page size */
> +#define RMP_PG_SIZE_2M 1
> +#define RMP_PG_SIZE_4K 0
> +
> #ifdef CONFIG_AMD_MEM_ENCRYPT
> extern struct static_key_false sev_es_enable_key;
> extern void __sev_es_ist_enter(struct pt_regs *regs);
> @@ -81,12 +91,29 @@ static __always_inline void sev_es_nmi_complete(void)
> __sev_es_nmi_complete();
> }
> extern int __init sev_es_efi_map_ghcbs(pgd_t *pgd);
> +static inline int pvalidate(unsigned long vaddr, bool rmp_psize, bool validate)
> +{
> + unsigned long flags;
> + int rc = 0;
> +
> + asm volatile(".byte 0xF2, 0x0F, 0x01, 0xFF\n\t"
> + CC_SET(c)
> + : CC_OUT(c) (flags), "=a"(rc)
> + : "a"(vaddr), "c"(rmp_psize), "d"(validate)
> + : "memory", "cc");
> +
> + if (flags & X86_EFLAGS_CF)
> + return PVALIDATE_FAIL_NOUPDATE;
> +
> + return rc;
> +}
While generating the patches for part1, I accidentally picked the wrong
version of this patch.
The pvalidate() looks like this
static inline int pvalidate(unsigned long vaddr, bool rmp_psize, bool
validate)
{
bool no_rmpupdate;
int rc;
asm volatile(".byte 0xF2, 0x0F, 0x01, 0xFF\n\t"
CC_SET(c)
: CC_OUT(c) (no_rmpupdate), "=a"(rc)
: "a"(vaddr), "c"(rmp_psize), "d"(validate)
: "memory", "cc");
if (no_rmpupdate)
return PVALIDATE_FAIL_NOUPDATE;
return rc;
}
https://github.com/AMDESE/linux/commit/581316923efb4e4833722962b02a0c892aed9505#diff-a9a713d4f58a64b6640506f689940cb077dcb0a3705da0c024145c0c857d6c38
> #else
> static inline void sev_es_ist_enter(struct pt_regs *regs) { }
> static inline void sev_es_ist_exit(void) { }
> static inline int sev_es_setup_ap_jump_table(struct real_mode_header *rmh) { return 0; }
> static inline void sev_es_nmi_complete(void) { }
> static inline int sev_es_efi_map_ghcbs(pgd_t *pgd) { return 0; }
> +static inline int pvalidate(unsigned long vaddr, bool rmp_psize, bool validate) { return 0; }
> #endif
>
> #endif
Powered by blists - more mailing lists