lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20221117044433.244656-1-nikunj@amd.com>
Date:   Thu, 17 Nov 2022 10:14:33 +0530
From:   Nikunj A Dadhania <nikunj@....com>
To:     <linux-kernel@...r.kernel.org>, <x86@...nel.org>,
        <kvm@...r.kernel.org>
CC:     <bp@...en8.de>, <mingo@...hat.com>, <tglx@...utronix.de>,
        <dave.hansen@...ux.intel.com>, <seanjc@...gle.com>,
        <pbonzini@...hat.com>, <thomas.lendacky@....com>, <nikunj@....com>,
        <michael.roth@....com>, <stable@...nel.org>
Subject: [PATCH] x86/sev: Add SEV-SNP guest feature negotiation support

SEV_STATUS indicates features that hypervisor has enabled. Guest
kernel may not support all the features that the hypervisor has
enabled. If the hypervisor has enabled an unsupported feature,
notify the hypervisor and terminate the boot.

More details in AMD64 APM[1] Vol 2: 15.34.10 SEV_STATUS MSR

[1] https://www.amd.com/system/files/TechDocs/40332_4.05.pdf

Fixes: cbd3d4f7c4e5 ("x86/sev: Check SEV-SNP features support")
CC: Michael Roth <michael.roth@....com>
CC: Tom Lendacky <thomas.lendacky@....com>
CC: <stable@...nel.org>
Signed-off-by: Nikunj A Dadhania <nikunj@....com>
---
 arch/x86/boot/compressed/sev.c   | 18 +++++++++++++
 arch/x86/include/asm/msr-index.h | 46 +++++++++++++++++++++++++++++---
 2 files changed, 61 insertions(+), 3 deletions(-)

diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c
index c93930d5ccbd..847d26e761a6 100644
--- a/arch/x86/boot/compressed/sev.c
+++ b/arch/x86/boot/compressed/sev.c
@@ -270,6 +270,17 @@ static void enforce_vmpl0(void)
 		sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_NOT_VMPL0);
 }
 
+static bool snp_guest_feature_supported(void)
+{
+	u64 guest_support = SNP_GUEST_SUPPORT_REQUIRED & ~SNP_GUEST_SUPPORT_AVAILABLE;
+
+	/*
+	 * Return true when SEV features that hypervisor has enabled are
+	 * also supported by SNP guest kernel
+	 */
+	return !(sev_status & guest_support);
+}
+
 void sev_enable(struct boot_params *bp)
 {
 	unsigned int eax, ebx, ecx, edx;
@@ -335,6 +346,13 @@ void sev_enable(struct boot_params *bp)
 		if (!(get_hv_features() & GHCB_HV_FT_SNP))
 			sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED);
 
+		/*
+		 * Terminate the boot if hypervisor has enabled a feature
+		 * unsupported by the guest.
+		 */
+		if (!snp_guest_feature_supported())
+			sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED);
+
 		enforce_vmpl0();
 	}
 
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
index 4a2af82553e4..d33691b4cb24 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -567,9 +567,49 @@
 #define MSR_AMD64_SEV_ENABLED_BIT	0
 #define MSR_AMD64_SEV_ES_ENABLED_BIT	1
 #define MSR_AMD64_SEV_SNP_ENABLED_BIT	2
-#define MSR_AMD64_SEV_ENABLED		BIT_ULL(MSR_AMD64_SEV_ENABLED_BIT)
-#define MSR_AMD64_SEV_ES_ENABLED	BIT_ULL(MSR_AMD64_SEV_ES_ENABLED_BIT)
-#define MSR_AMD64_SEV_SNP_ENABLED	BIT_ULL(MSR_AMD64_SEV_SNP_ENABLED_BIT)
+#define MSR_AMD64_SEV_ENABLED				BIT_ULL(MSR_AMD64_SEV_ENABLED_BIT)
+#define MSR_AMD64_SEV_ES_ENABLED			BIT_ULL(MSR_AMD64_SEV_ES_ENABLED_BIT)
+#define MSR_AMD64_SEV_SNP_ENABLED			BIT_ULL(MSR_AMD64_SEV_SNP_ENABLED_BIT)
+#define MSR_AMD64_SNP_VTOM_ENABLED			BIT_ULL(3)
+#define MSR_AMD64_SNP_REFLECT_VC_ENABLED		BIT_ULL(4)
+#define MSR_AMD64_SNP_RESTRICTED_INJ_ENABLED		BIT_ULL(5)
+#define MSR_AMD64_SNP_ALT_INJ_ENABLED			BIT_ULL(6)
+#define MSR_AMD64_SNP_DEBUG_SWAP_ENABLED		BIT_ULL(7)
+#define MSR_AMD64_SNP_PREVENT_HOST_IBS_ENABLED		BIT_ULL(8)
+#define MSR_AMD64_SNP_BTB_ISOLATION_ENABLED		BIT_ULL(9)
+#define MSR_AMD64_SNP_VMPL_SSS_ENABLED			BIT_ULL(10)
+#define MSR_AMD64_SNP_SECURE_TSC_ENABLED		BIT_ULL(11)
+#define MSR_AMD64_SNP_VMGEXIT_PARAM_ENABLED		BIT_ULL(12)
+#define MSR_AMD64_SNP_IBS_VIRT_ENABLED			BIT_ULL(14)
+#define MSR_AMD64_SNP_VMSA_REG_PROTECTION_ENABLED	BIT_ULL(16)
+#define MSR_AMD64_SNP_SMT_PROTECTION_ENABLED		BIT_ULL(17)
+/* Prevent hypervisor to enable undefined feature bits */
+#define MSR_AMD64_SNP_BIT13_RESERVED			BIT_ULL(13)
+#define MSR_AMD64_SNP_BIT15_RESERVED			BIT_ULL(15)
+#define MSR_AMD64_SNP_MASK_RESERVED			GENMASK_ULL(63, 18)
+
+/*
+ * Features that needs enlightened guest and cannot be supported with
+ * unmodified SNP guest kernel. This is subset of SEV_FEATURES.
+ */
+#define SNP_GUEST_SUPPORT_REQUIRED (MSR_AMD64_SNP_VTOM_ENABLED |		\
+				    MSR_AMD64_SNP_REFLECT_VC_ENABLED |		\
+				    MSR_AMD64_SNP_RESTRICTED_INJ_ENABLED |	\
+				    MSR_AMD64_SNP_ALT_INJ_ENABLED |		\
+				    MSR_AMD64_SNP_VMPL_SSS_ENABLED |		\
+				    MSR_AMD64_SNP_SECURE_TSC_ENABLED |		\
+				    MSR_AMD64_SNP_VMGEXIT_PARAM_ENABLED |	\
+				    MSR_AMD64_SNP_BIT13_RESERVED_ENABLED |	\
+				    MSR_AMD64_SNP_VMSA_REG_PROTECTION_ENABLED | \
+				    MSR_AMD64_SNP_BIT15_RESERVED_ENABLED |	\
+				    MSR_AMD64_SNP_MASK_RESERVED_ENABLED)
+/*
+ * Subset of SNP_GUEST_SUPPORT_REQUIRED, advertising the features that are
+ * supported in this enlightened guest kernel. As and when new features are
+ * added in the guest kernel, corresponding bit for this feature needs to be
+ * added as part of SNP_GUEST_SUPPORT_AVAILABLE.
+ */
+#define SNP_GUEST_SUPPORT_AVAILABLE (0)
 
 #define MSR_AMD64_VIRT_SPEC_CTRL	0xc001011f
 
-- 
2.32.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ