lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 8 Mar 2022 13:37:10 -0800
From:   Dave Hansen <dave.hansen@...el.com>
To:     "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
        tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
        luto@...nel.org, peterz@...radead.org
Cc:     sathyanarayanan.kuppuswamy@...ux.intel.com, aarcange@...hat.com,
        ak@...ux.intel.com, dan.j.williams@...el.com, david@...hat.com,
        hpa@...or.com, jgross@...e.com, jmattson@...gle.com,
        joro@...tes.org, jpoimboe@...hat.com, knsathya@...nel.org,
        pbonzini@...hat.com, sdeep@...are.com, seanjc@...gle.com,
        tony.luck@...el.com, vkuznets@...hat.com, wanpengli@...cent.com,
        thomas.lendacky@....com, brijesh.singh@....com, x86@...nel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCHv5 22/30] x86/boot: Set CR0.NE early and keep it set during
 the boot

On 3/2/22 06:27, Kirill A. Shutemov wrote:
> TDX guest requires CR0.NE to be set. Clearing the bit triggers #GP(0).
> 
> If CR0.NE is 0, the MS-DOS compatibility mode for handling floating-point
> exceptions is selected. In this mode, the software exception handler for
> floating-point exceptions is invoked externally using the processor’s
> FERR#, INTR, and IGNNE# pins.
> 
> Using FERR# and IGNNE# to handle floating-point exception is deprecated.
> CR0.NE=0 also limits newer processors to operate with one logical
> processor active.
> 
> Kernel uses CR0_STATE constant to initialize CR0. It has NE bit set.
> But during early boot kernel has more ad-hoc approach to setting bit
> in the register.

This walks right up to the problem but never actually comes out and says
what the problem is:

	During some of this ad-hoc manipulation, CR0.NE is cleared.
	This causes a #GP in TDX guests and makes it die in early boot.

> Make CR0 initialization consistent, deriving the initial value of CR0
> from CR0_STATE.

... and the solution:

	Since CR0_STATE always has CR0.NE=1, this ensures that CR0.NE is
	never 0 and avoids the #GP.

With the fixed changelog:

Reviewed-by: Dave Hansen <dave.hansen@...ux.intel.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ