| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 20 May 2021 19:32:42 +0200
From: Borislav Petkov <bp@...en8.de>
To: Brijesh Singh <brijesh.singh@....com>
Cc: x86@...nel.org, linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
tglx@...utronix.de, jroedel@...e.de, thomas.lendacky@....com,
pbonzini@...hat.com, mingo@...hat.com, dave.hansen@...el.com,
rientjes@...gle.com, seanjc@...gle.com, peterz@...radead.org,
hpa@...or.com, tony.luck@...el.com
Subject: Re: [PATCH Part1 RFC v2 10/20] x86/sev: Add a helper for the
PVALIDATE instruction
On Fri, Apr 30, 2021 at 08:05:36AM -0500, Brijesh Singh wrote:
> While generating the patches for part1, I accidentally picked the wrong
> version of this patch.
Adding the right one...
> Author: Brijesh Singh <brijesh.singh@....com>
> Date: Thu Apr 29 16:45:36 2021 -0500
>
> x86/sev: Add a helper for the PVALIDATE instruction
>
> An SNP-active guest uses the PVALIDATE instruction to validate or
> rescind the validation of a guest page’s RMP entry. Upon completion,
> a return code is stored in EAX and rFLAGS bits are set based on the
> return code. If the instruction completed successfully, the CF
> indicates if the content of the RMP were changed or not.
>
> See AMD APM Volume 3 for additional details.
>
> Signed-off-by: Brijesh Singh <brijesh.singh@....com>
>
> diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
> index 134a7c9d91b6..be67d9c70267 100644
> --- a/arch/x86/include/asm/sev.h
> +++ b/arch/x86/include/asm/sev.h
> @@ -59,6 +59,16 @@ extern void vc_no_ghcb(void);
> extern void vc_boot_ghcb(void);
> extern bool handle_vc_boot_ghcb(struct pt_regs *regs);
>
> +/* Return code of pvalidate */
> +#define PVALIDATE_SUCCESS 0
> +#define PVALIDATE_FAIL_INPUT 1
> +#define PVALIDATE_FAIL_SIZEMISMATCH 6
Those are unused. Remove them pls.
> +#define PVALIDATE_FAIL_NOUPDATE 255 /* Software defined (when rFlags.CF = 1) */
Put the comment above the define pls.
> +
> +/* RMP page size */
> +#define RMP_PG_SIZE_2M 1
> +#define RMP_PG_SIZE_4K 0
Add those when you need them - I see
[PATCH Part2 RFC v2 06/37] x86/sev: Add RMP entry lookup helpers
is moving them to some generic header. No need to add them to this patch
here.
> #ifdef CONFIG_AMD_MEM_ENCRYPT
> extern struct static_key_false sev_es_enable_key;
> extern void __sev_es_ist_enter(struct pt_regs *regs);
> @@ -81,12 +91,29 @@ static __always_inline void sev_es_nmi_complete(void)
> __sev_es_nmi_complete();
> }
> extern int __init sev_es_efi_map_ghcbs(pgd_t *pgd);
> +static inline int pvalidate(unsigned long vaddr, bool rmp_psize, bool validate)
> +{
> + bool no_rmpupdate;
> + int rc;
Adding this for the mail archives when we find this mail again in the
future so that I don't have to do binutils git archeology again:
Enablement for the "pvalidate" mnemonic is in binutils commit
646cc3e0109e ("Add AMD znver3 processor support"). :-)
Please put over the opcode bytes line:
/* "pvalidate" mnemonic support in binutils 2.36 and newer */
> +
> + asm volatile(".byte 0xF2, 0x0F, 0x01, 0xFF\n\t"
> + CC_SET(c)
> + : CC_OUT(c) (no_rmpupdate), "=a"(rc)
> + : "a"(vaddr), "c"(rmp_psize), "d"(validate)
> + : "memory", "cc");
> +
> + if (no_rmpupdate)
> + return PVALIDATE_FAIL_NOUPDATE;
> +
> + return rc;
> +}
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists