| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Jun 2021 19:48:40 +0200
From: Borislav Petkov <bp@...en8.de>
To: Sean Christopherson <seanjc@...gle.com>
Cc: Tom Lendacky <thomas.lendacky@....com>, Pu Wen <puwen@...on.cn>,
Joerg Roedel <jroedel@...e.de>, x86@...nel.org,
joro@...tes.org, dave.hansen@...ux.intel.com, peterz@...radead.org,
tglx@...utronix.de, mingo@...hat.com, hpa@...or.com,
sashal@...nel.org, gregkh@...uxfoundation.org,
linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
stable@...r.kernel.org
Subject: Re: [PATCH] x86/sev: Check whether SEV or SME is supported first
On Tue, Jun 01, 2021 at 05:16:12PM +0000, Sean Christopherson wrote:
> The bug isn't limited to out-of-spec hardware. At the point of #GP, sme_enable()
> has only verified the max leaf is greater than 0x8000001f, it has not verified
> that 0x8000001f is actually supported. The APM itself declares several leafs
> between 0x80000000 and 0x8000001f as reserved/unsupported, so we can't argue that
> 0x8000001f must be supported if the max leaf is greater than 0x8000001f.
If a hypervisor says that 0x8000001f is supported but then we explode
when reading MSR_AMD64_SEV, then hypervisor gets to keep both pieces.
We're not going to workaround all possible insane hardware/hypervisor
configurations just because they dropped the ball.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists