lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4c1ee7b9-9941-fdc4-73f5-3d2ef0530556@linux.intel.com>
Date:   Wed, 4 Aug 2021 14:03:03 -0700
From:   "Kuppuswamy, Sathyanarayanan" 
        <sathyanarayanan.kuppuswamy@...ux.intel.com>
To:     Sean Christopherson <seanjc@...gle.com>
Cc:     Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Peter Zijlstra <peterz@...radead.org>,
        Andy Lutomirski <luto@...nel.org>,
        Peter H Anvin <hpa@...or.com>,
        Dave Hansen <dave.hansen@...el.com>,
        Tony Luck <tony.luck@...el.com>,
        Dan Williams <dan.j.williams@...el.com>,
        Andi Kleen <ak@...ux.intel.com>,
        Kirill Shutemov <kirill.shutemov@...ux.intel.com>,
        Kuppuswamy Sathyanarayanan <knsathya@...nel.org>,
        x86@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v5 11/12] x86/tdx: Don't write CSTAR MSR on Intel



On 8/4/21 11:31 AM, Sean Christopherson wrote:
>> On Intel CPUs writing the CSTAR MSR is not really needed. Syscalls
>> from 32bit work using SYSENTER and 32bit SYSCALL is an illegal opcode.
>> But the kernel did write it anyways even though it was ignored by
>> the CPU. Inside a TDX guest this actually leads to a #GP. While the #GP
>> is caught and recovered from, it prints an ugly message at boot.
>> Do not write the CSTAR MSR on Intel CPUs.
> Not that it really matters, but...
> 
> Is #GP the actual TDX-Module behavior?  If so, isn't that a contradiction with

No, #GP is triggered by guest.

> respect to the TDX-Module architecture?  It says:
> 
>    guest TD access violations to MSRs can cause a #GP(0) in most cases where the
>    MSR is enumerated as inaccessible by the Intel TDX module via CPUID
>    virtualization.  In other cases, guest TD access violations to MSRs can cause
>    a #VE.
> 
> Given that there is no dedicated CPUID flag for CSTAR and CSTAR obviously exists
> on Intel CPUs, I don't see how the TDX-Module can possible enumerate CSTAR as
> being inaccessible.
> 
> Regardless of #GP versus #VE, "Table 16.2 MSR Virtualization" needs to state the
> actual behavior.

Even in this case, it will trigger #VE. But since CSTAR MSR is not supported, write
to it will fail and leads to #VE fault.

File: arch/x86/kernel/traps.c

1183 DEFINE_IDTENTRY(exc_virtualization_exception)
1201         if (!ret)
1202                 ret = tdg_handle_virtualization_exception(regs, &ve);
1203         /*
1204          * If tdg_handle_virtualization_exception() could not process
1205          * it successfully, treat it as #GP(0) and handle it.
1206          */
1207         if (ret)
1208                 ve_raise_fault(regs, 0);

-- 
Sathyanarayanan Kuppuswamy
Linux Kernel Developer

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ