lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20210805233036.2949674-6-sathyanarayanan.kuppuswamy@linux.intel.com>
Date:   Thu,  5 Aug 2021 16:30:36 -0700
From:   Kuppuswamy Sathyanarayanan 
        <sathyanarayanan.kuppuswamy@...ux.intel.com>
To:     Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        x86@...nel.org, Jonathan Corbet <corbet@....net>,
        Peter Zijlstra <peterz@...radead.org>,
        Andy Lutomirski <luto@...nel.org>
Cc:     "H . Peter Anvin" <hpa@...or.com>,
        Kuppuswamy Sathyanarayanan 
        <sathyanarayanan.kuppuswamy@...ux.intel.com>,
        Andi Kleen <ak@...ux.intel.com>,
        Tony Luck <tony.luck@...el.com>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        "Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
        linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org,
        Kuppuswamy Sathyanarayanan <knsathya@...nel.org>
Subject: [PATCH v3 5/5] x86/tdx: Add option to override prot values

From: Andi Kleen <ak@...ux.intel.com>

The kernel internally uses prot_guest_has to configure various behavior
specific to confidential guests. Allow to clear a single value. This is
mainly useful for debugging and not very user friendly because the hex
values from the include file have to be used. But for debugging it's
good enough and it matches the existing clear_cpuid option.

Signed-off-by: Andi Kleen <ak@...ux.intel.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@...ux.intel.com>
---
 Documentation/admin-guide/kernel-parameters.txt |  8 ++++++++
 arch/x86/include/asm/tdx.h                      |  2 ++
 arch/x86/kernel/tdx.c                           | 15 +++++++++++++++
 3 files changed, 25 insertions(+)

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index ba390be62f89..10776a743e74 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -5573,6 +5573,14 @@
 
 	tdfx=		[HW,DRM]
 
+	tdx_prot_clear=val
+			Clear a prot setting for TDX. See
+			include/linux/protected_guest.h for the allowed
+			values. Only a single value can be overridden.
+			Note that invalid values here may break the TDX kernel,
+			this is mainly for debugging. Clearing protections
+			may cause security holes.
+
 	test_suspend=	[SUSPEND][,N]
 			Specify "mem" (for Suspend-to-RAM) or "standby" (for
 			standby suspend) or "freeze" (for suspend type freeze)
diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
index 665c8cf57d5b..dd5459ece9aa 100644
--- a/arch/x86/include/asm/tdx.h
+++ b/arch/x86/include/asm/tdx.h
@@ -67,6 +67,8 @@ enum tdx_map_type {
 
 #ifdef CONFIG_INTEL_TDX_GUEST
 
+extern unsigned int tdg_disable_prot;
+
 void __init tdx_early_init(void);
 
 bool tdx_prot_guest_has(unsigned long flag);
diff --git a/arch/x86/kernel/tdx.c b/arch/x86/kernel/tdx.c
index 644e90dfa587..bfa168f3f09c 100644
--- a/arch/x86/kernel/tdx.c
+++ b/arch/x86/kernel/tdx.c
@@ -12,6 +12,7 @@
 #include <asm/vmx.h>
 #include <asm/insn.h>
 #include <asm/insn-eval.h>
+#include <asm/cmdline.h>
 #include <linux/sched/signal.h> /* force_sig_fault() */
 #include <linux/swiotlb.h>
 
@@ -41,6 +42,8 @@ static struct {
 	unsigned long attributes;
 } td_info __ro_after_init;
 
+unsigned int tdg_disable_prot = -1;
+
 /*
  * Wrapper for standard use of __tdx_hypercall with BUG_ON() check
  * for TDCALL error.
@@ -111,6 +114,9 @@ static inline bool cpuid_has_tdx_guest(void)
 
 bool tdx_prot_guest_has(unsigned long flag)
 {
+	if (flag == tdg_disable_prot)
+		return false;
+
 	switch (flag) {
 	case PATTR_GUEST_TDX:
 	case PATTR_GUEST_UNROLL_STRING_IO:
@@ -555,6 +561,8 @@ __init bool tdg_early_handle_ve(struct pt_regs *regs)
 
 void __init tdx_early_init(void)
 {
+	char prot_clear[30];
+
 	if (!cpuid_has_tdx_guest())
 		return;
 
@@ -572,5 +580,12 @@ void __init tdx_early_init(void)
 	cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "tdg:cpu_hotplug",
 			  NULL, tdg_cpu_offline_prepare);
 
+	if (cmdline_find_option(boot_command_line, "tdx_prot_clear",
+				prot_clear, sizeof(prot_clear))) {
+		if (kstrtouint(prot_clear, 0, &tdg_disable_prot))
+			pr_err("Unparsable tdx_prot_clear= option\n");
+		add_taint(TAINT_CONF_NO_LOCKDOWN, LOCKDEP_STILL_OK);
+	}
+
 	pr_info("Guest initialized\n");
 }
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ