| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230120031047.628097-4-aik@amd.com>
Date: Fri, 20 Jan 2023 14:10:47 +1100
From: Alexey Kardashevskiy <aik@....com>
To: Alexey Kardashevskiy <aik@....com>
CC: <kvm@...r.kernel.org>, <x86@...nel.org>,
<linux-kernel@...r.kernel.org>, Yury Norov <yury.norov@...il.com>,
Venu Busireddy <venu.busireddy@...cle.com>,
Tony Luck <tony.luck@...el.com>,
Tom Lendacky <thomas.lendacky@....com>,
Thomas Gleixner <tglx@...utronix.de>,
"Sean Christopherson" <seanjc@...gle.com>,
Sandipan Das <sandipan.das@....com>,
Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
Paolo Bonzini <pbonzini@...hat.com>,
Michael Roth <michael.roth@....com>,
Mario Limonciello <mario.limonciello@....com>,
Kim Phillips <kim.phillips@....com>,
Kees Cook <keescook@...omium.org>,
Juergen Gross <jgross@...e.com>,
Jakub Kicinski <kuba@...nel.org>,
Ingo Molnar <mingo@...hat.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Daniel Sneddon <daniel.sneddon@...ux.intel.com>,
Brijesh Singh <brijesh.singh@....com>,
Borislav Petkov <bp@...en8.de>,
Arnaldo Carvalho de Melo <acme@...hat.com>,
Andrew Cooper <andrew.cooper3@...rix.com>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Adrian Hunter <adrian.hunter@...el.com>,
"Peter Zijlstra (Intel)" <peterz@...radead.org>,
"Jason A. Donenfeld" <Jason@...c4.com>,
"H. Peter Anvin" <hpa@...or.com>
Subject: [PATCH kernel v3 3/3] x86/sev: Do not handle #VC for DR7 read/write
With MSR_AMD64_SEV_DEBUG_SWAP enabled, the VM should not get #VC
events for DR7 read/write which it rather avoided.
Signed-off-by: Alexey Kardashevskiy <aik@....com>
Reviewed-by: Borislav Petkov (AMD) <bp@...en8.de>
---
Changes:
v2:
* use new bit definition
---
arch/x86/include/asm/msr-index.h | 1 +
tools/arch/x86/include/asm/msr-index.h | 1 +
arch/x86/kernel/sev.c | 6 ++++++
3 files changed, 8 insertions(+)
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
index cb3d0f6e6ac2..e15afe3500ff 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -574,6 +574,7 @@
#define MSR_AMD64_SEV_ENABLED BIT_ULL(MSR_AMD64_SEV_ENABLED_BIT)
#define MSR_AMD64_SEV_ES_ENABLED BIT_ULL(MSR_AMD64_SEV_ES_ENABLED_BIT)
#define MSR_AMD64_SEV_SNP_ENABLED BIT_ULL(MSR_AMD64_SEV_SNP_ENABLED_BIT)
+#define MSR_AMD64_SEV_DEBUG_SWAP BIT_ULL(7)
#define MSR_AMD64_VIRT_SPEC_CTRL 0xc001011f
diff --git a/tools/arch/x86/include/asm/msr-index.h b/tools/arch/x86/include/asm/msr-index.h
index 37ff47552bcb..27c1c349e49b 100644
--- a/tools/arch/x86/include/asm/msr-index.h
+++ b/tools/arch/x86/include/asm/msr-index.h
@@ -565,6 +565,7 @@
#define MSR_AMD64_SEV_ENABLED BIT_ULL(MSR_AMD64_SEV_ENABLED_BIT)
#define MSR_AMD64_SEV_ES_ENABLED BIT_ULL(MSR_AMD64_SEV_ES_ENABLED_BIT)
#define MSR_AMD64_SEV_SNP_ENABLED BIT_ULL(MSR_AMD64_SEV_SNP_ENABLED_BIT)
+#define MSR_AMD64_SEV_DEBUG_SWAP BIT_ULL(7)
#define MSR_AMD64_VIRT_SPEC_CTRL 0xc001011f
diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c
index 679026a640ef..8184f8ba4edc 100644
--- a/arch/x86/kernel/sev.c
+++ b/arch/x86/kernel/sev.c
@@ -1618,6 +1618,9 @@ static enum es_result vc_handle_dr7_write(struct ghcb *ghcb,
long val, *reg = vc_insn_get_rm(ctxt);
enum es_result ret;
+ if (sev_status & MSR_AMD64_SEV_DEBUG_SWAP)
+ return ES_VMM_ERROR;
+
if (!reg)
return ES_DECODE_FAILED;
@@ -1655,6 +1658,9 @@ static enum es_result vc_handle_dr7_read(struct ghcb *ghcb,
struct sev_es_runtime_data *data = this_cpu_read(runtime_data);
long *reg = vc_insn_get_rm(ctxt);
+ if (sev_status & MSR_AMD64_SEV_DEBUG_SWAP)
+ return ES_VMM_ERROR;
+
if (!reg)
return ES_DECODE_FAILED;
--
2.38.1
Powered by blists - more mailing lists