lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 21 Feb 2023 16:16:36 -0800
From:   Dave Hansen <dave.hansen@...ux.intel.com>
To:     torvalds@...ux-foundation.org
Cc:     kirill.shutemov@...ux.intel.com, x86@...nel.org,
        linux-kernel@...r.kernel.org,
        Dave Hansen <dave.hansen@...ux.intel.com>
Subject: [GIT PULL] x86/tdx for 6.3

Hi Linus,

Please pull some x86/tdx changes for 6.3.  Other than a minor fixup,
the content here is to ensure that TDX guests never see virtualization
exceptions (#VE's) that might be induced by the untrusted VMM.

This is a highly desirable property.  Without it, #VE exception
handling would fall somewhere between NMIs, machine checks and
total insanity.  With it, #VE handling remains pretty mundane.

There is a conflict here with some cleanups which you already pulled
via tip:sched/core.  I've appended a conflict resolution from Ingo
that he used when merging these all together in tip/master.

--

The following changes since commit 5dc4c995db9eb45f6373a956eb1f69460e69e6d4:

  Linux 6.2-rc4 (2023-01-15 09:22:43 -0600)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git tags/x86_tdx_for_6.3

for you to fetch changes up to 1e70c680375aa33cca97bff0bca68c0f82f5023c:

  x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (2023-02-02 16:31:25 -0800)

----------------------------------------------------------------
 - Fixup comment typo
 - Prevent unexpected #VE's from:
  - Hosts removing perfectly good guest mappings (SEPT_VE_DISABLE
  - Excessive #VE notifications (NOTIFY_ENABLES) which are
    delivered via a #VE.

----------------------------------------------------------------
Kirill A. Shutemov (8):
      x86/tdx: Fix typo in comment in __tdx_hypercall()
      x86/tdx: Add more registers to struct tdx_hypercall_args
      x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments
      x86/tdx: Expand __tdx_hypercall() to handle more arguments
      x86/tdx: Use ReportFatalError to report missing SEPT_VE_DISABLE
      x86/tdx: Relax SEPT_VE_DISABLE check for debug TD
      x86/tdx: Disable NOTIFY_ENABLES
      x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall()

 arch/x86/coco/tdx/tdcall.S        | 83 ++++++++++++++++++++++++++++-----------
 arch/x86/coco/tdx/tdx.c           | 62 ++++++++++++++++++++++++++++-
 arch/x86/include/asm/shared/tdx.h |  6 +++
 arch/x86/kernel/asm-offsets.c     |  6 +++
 4 files changed, 131 insertions(+), 26 deletions(-)
--

Author: Ingo Molnar <mingo@...nel.org>
Date:   Tue Feb 21 09:30:27 2023 +0100

    Merge branch 'x86/tdx'
    
    Conflicts:
            arch/x86/coco/tdx/tdcall.S
    
    Signed-off-by: Ingo Molnar <mingo@...nel.org>

diff --cc arch/x86/coco/tdx/tdcall.S
index ad0d51f03cb4,2bd436a4790d..6a255e6809bc
--- a/arch/x86/coco/tdx/tdcall.S
+++ b/arch/x86/coco/tdx/tdcall.S
@@@ -27,12 -33,10 +33,12 @@@
   * details can be found in TDX GHCI specification, section
   * titled "TDCALL [TDG.VP.VMCALL] leaf".
   */
- #define TDVMCALL_EXPOSE_REGS_MASK	( TDX_R10 | TDX_R11 | \
- 					  TDX_R12 | TDX_R13 | \
- 					  TDX_R14 | TDX_R15 )
+ #define TDVMCALL_EXPOSE_REGS_MASK	\
+ 	( TDX_RDX | TDX_RBX | TDX_RSI | TDX_RDI | TDX_R8  | TDX_R9  | \
+ 	  TDX_R10 | TDX_R11 | TDX_R12 | TDX_R13 | TDX_R14 | TDX_R15 )
  
 +.section .noinstr.text, "ax"
 +
  /*
   * __tdx_module_call()  - Used by TDX guests to request services from
   * the TDX module (does not include VMM services) using TDCALL instruction.
@@@ -131,16 -156,21 +158,8 @@@ SYM_FUNC_START(__tdx_hypercall
  	/* Set TDCALL leaf ID (TDVMCALL (0)) in RAX */
  	xor %eax, %eax
  
- 	/* Copy hypercall registers from arg struct: */
- 	movq TDX_HYPERCALL_r10(%rdi), %r10
- 	movq TDX_HYPERCALL_r11(%rdi), %r11
- 	movq TDX_HYPERCALL_r12(%rdi), %r12
- 	movq TDX_HYPERCALL_r13(%rdi), %r13
- 	movq TDX_HYPERCALL_r14(%rdi), %r14
- 	movq TDX_HYPERCALL_r15(%rdi), %r15
- 
  	movl $TDVMCALL_EXPOSE_REGS_MASK, %ecx
  
 -	/*
 -	 * For the idle loop STI needs to be called directly before the TDCALL
 -	 * that enters idle (EXIT_REASON_HLT case). STI instruction enables
 -	 * interrupts only one instruction later. If there is a window between
 -	 * STI and the instruction that emulates the HALT state, there is a
 -	 * chance for interrupts to happen in this window, which can delay the
 -	 * HLT operation indefinitely. Since this is the not the desired
 -	 * result, conditionally call STI before TDCALL.
 -	 */
 -	testq $TDX_HCALL_ISSUE_STI, 8(%rsp)
 -	jz .Lskip_sti
 -	sti
 -.Lskip_sti:
  	tdcall
  
  	/*

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ