| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Apr 2022 13:21:30 -0700
From: Dave Hansen <dave.hansen@...el.com>
To: Kai Huang <kai.huang@...el.com>, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org
Cc: seanjc@...gle.com, pbonzini@...hat.com, len.brown@...el.com,
tony.luck@...el.com, rafael.j.wysocki@...el.com,
reinette.chatre@...el.com, dan.j.williams@...el.com,
peterz@...radead.org, ak@...ux.intel.com,
kirill.shutemov@...ux.intel.com,
sathyanarayanan.kuppuswamy@...ux.intel.com,
isaku.yamahata@...el.com
Subject: Re: [PATCH v3 01/21] x86/virt/tdx: Detect SEAM
> +config INTEL_TDX_HOST
> + bool "Intel Trust Domain Extensions (TDX) host support"
> + default n
> + depends on CPU_SUP_INTEL
> + depends on X86_64
> + help
> + Intel Trust Domain Extensions (TDX) protects guest VMs from malicious
> + host and certain physical attacks. This option enables necessary TDX
> + support in host kernel to run protected VMs.
> +
> + If unsure, say N.
Nothing about KVM?
...
> diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
> new file mode 100644
> index 000000000000..03f35c75f439
> --- /dev/null
> +++ b/arch/x86/virt/vmx/tdx/tdx.c
> @@ -0,0 +1,102 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Copyright(c) 2022 Intel Corporation.
> + *
> + * Intel Trusted Domain Extensions (TDX) support
> + */
> +
> +#define pr_fmt(fmt) "tdx: " fmt
> +
> +#include <linux/types.h>
> +#include <linux/cpumask.h>
> +#include <asm/msr-index.h>
> +#include <asm/msr.h>
> +#include <asm/cpufeature.h>
> +#include <asm/cpufeatures.h>
> +#include <asm/tdx.h>
> +
> +/* Support Intel Secure Arbitration Mode Range Registers (SEAMRR) */
> +#define MTRR_CAP_SEAMRR BIT(15)
> +
> +/* Core-scope Intel SEAMRR base and mask registers. */
> +#define MSR_IA32_SEAMRR_PHYS_BASE 0x00001400
> +#define MSR_IA32_SEAMRR_PHYS_MASK 0x00001401
> +
> +#define SEAMRR_PHYS_BASE_CONFIGURED BIT_ULL(3)
> +#define SEAMRR_PHYS_MASK_ENABLED BIT_ULL(11)
> +#define SEAMRR_PHYS_MASK_LOCKED BIT_ULL(10)
> +
> +#define SEAMRR_ENABLED_BITS \
> + (SEAMRR_PHYS_MASK_ENABLED | SEAMRR_PHYS_MASK_LOCKED)
> +
> +/* BIOS must configure SEAMRR registers for all cores consistently */
> +static u64 seamrr_base, seamrr_mask;
> +
> +static bool __seamrr_enabled(void)
> +{
> + return (seamrr_mask & SEAMRR_ENABLED_BITS) == SEAMRR_ENABLED_BITS;
> +}
But there's no case where seamrr_mask is non-zero and where
_seamrr_enabled(). Why bother checking the SEAMRR_ENABLED_BITS?
> +static void detect_seam_bsp(struct cpuinfo_x86 *c)
> +{
> + u64 mtrrcap, base, mask;
> +
> + /* SEAMRR is reported via MTRRcap */
> + if (!boot_cpu_has(X86_FEATURE_MTRR))
> + return;
> +
> + rdmsrl(MSR_MTRRcap, mtrrcap);
> + if (!(mtrrcap & MTRR_CAP_SEAMRR))
> + return;
> +
> + rdmsrl(MSR_IA32_SEAMRR_PHYS_BASE, base);
> + if (!(base & SEAMRR_PHYS_BASE_CONFIGURED)) {
> + pr_info("SEAMRR base is not configured by BIOS\n");
> + return;
> + }
> +
> + rdmsrl(MSR_IA32_SEAMRR_PHYS_MASK, mask);
> + if ((mask & SEAMRR_ENABLED_BITS) != SEAMRR_ENABLED_BITS) {
> + pr_info("SEAMRR is not enabled by BIOS\n");
> + return;
> + }
> +
> + seamrr_base = base;
> + seamrr_mask = mask;
> +}
Comment, please.
/*
* Stash the boot CPU's MSR values so that AP values
* can can be checked for consistency.
*/
> +static void detect_seam_ap(struct cpuinfo_x86 *c)
> +{
> + u64 base, mask;
> +
> + /*
> + * Don't bother to detect this AP if SEAMRR is not
> + * enabled after earlier detections.
> + */
> + if (!__seamrr_enabled())
> + return;
> +
> + rdmsrl(MSR_IA32_SEAMRR_PHYS_BASE, base);
> + rdmsrl(MSR_IA32_SEAMRR_PHYS_MASK, mask);
> +
This is the place for a comment about why the values have to be equal.
> + if (base == seamrr_base && mask == seamrr_mask)
> + return;
> +
> + pr_err("Inconsistent SEAMRR configuration by BIOS\n");
> + /* Mark SEAMRR as disabled. */
> + seamrr_base = 0;
> + seamrr_mask = 0;
> +}
> +
> +static void detect_seam(struct cpuinfo_x86 *c)
> +{
> + if (c == &boot_cpu_data)
> + detect_seam_bsp(c);
> + else
> + detect_seam_ap(c);
> +}
> +
> +void tdx_detect_cpu(struct cpuinfo_x86 *c)
> +{
> + detect_seam(c);
> +}
The extra function looks a bit silly here now. Maybe this gets filled
out later, but it's goofy-looking here.
Powered by blists - more mailing lists