| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Apr 2022 15:29:36 -0700
From: Sathyanarayanan Kuppuswamy
<sathyanarayanan.kuppuswamy@...ux.intel.com>
To: Kai Huang <kai.huang@...el.com>, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org
Cc: seanjc@...gle.com, pbonzini@...hat.com, dave.hansen@...el.com,
len.brown@...el.com, tony.luck@...el.com,
rafael.j.wysocki@...el.com, reinette.chatre@...el.com,
dan.j.williams@...el.com, peterz@...radead.org, ak@...ux.intel.com,
kirill.shutemov@...ux.intel.com, isaku.yamahata@...el.com
Subject: Re: [PATCH v3 01/21] x86/virt/tdx: Detect SEAM
On 4/5/22 9:49 PM, Kai Huang wrote:
> +/* BIOS must configure SEAMRR registers for all cores consistently */
> +static u64 seamrr_base, seamrr_mask;
> +
> +static bool __seamrr_enabled(void)
> +{
> + return (seamrr_mask & SEAMRR_ENABLED_BITS) == SEAMRR_ENABLED_BITS;
> +}
> +
> +static void detect_seam_bsp(struct cpuinfo_x86 *c)
> +{
> + u64 mtrrcap, base, mask;
> +
> + /* SEAMRR is reported via MTRRcap */
> + if (!boot_cpu_has(X86_FEATURE_MTRR))
> + return;
> +
> + rdmsrl(MSR_MTRRcap, mtrrcap);
> + if (!(mtrrcap & MTRR_CAP_SEAMRR))
> + return;
> +
> + rdmsrl(MSR_IA32_SEAMRR_PHYS_BASE, base);
> + if (!(base & SEAMRR_PHYS_BASE_CONFIGURED)) {
> + pr_info("SEAMRR base is not configured by BIOS\n");
> + return;
> + }
> +
> + rdmsrl(MSR_IA32_SEAMRR_PHYS_MASK, mask);
> + if ((mask & SEAMRR_ENABLED_BITS) != SEAMRR_ENABLED_BITS) {
> + pr_info("SEAMRR is not enabled by BIOS\n");
> + return;
> + }
> +
> + seamrr_base = base;
> + seamrr_mask = mask;
> +}
> +
> +static void detect_seam_ap(struct cpuinfo_x86 *c)
> +{
> + u64 base, mask;
> +
> + /*
> + * Don't bother to detect this AP if SEAMRR is not
> + * enabled after earlier detections.
> + */
> + if (!__seamrr_enabled())
> + return;
> +
> + rdmsrl(MSR_IA32_SEAMRR_PHYS_BASE, base);
> + rdmsrl(MSR_IA32_SEAMRR_PHYS_MASK, mask);
> +
> + if (base == seamrr_base && mask == seamrr_mask)
> + return;
> +
> + pr_err("Inconsistent SEAMRR configuration by BIOS\n");
Do we need to panic for SEAM config issue (for security)?
> + /* Mark SEAMRR as disabled. */
> + seamrr_base = 0;
> + seamrr_mask = 0
> +}
> +
> +static void detect_seam(struct cpuinfo_x86 *c)
> +{
why not do this check directly in tdx_detect_cpu()?
> + if (c == &boot_cpu_data)
> + detect_seam_bsp(c);
> + else
> + detect_seam_ap(c);
> +}
> +
> +void tdx_detect_cpu(struct cpuinfo_x86 *c)
> +{
> + detect_seam(c);
> +}
--
Sathyanarayanan Kuppuswamy
Linux Kernel Developer
Powered by blists - more mailing lists