| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 21 Jul 2023 00:28:05 +1200
From: Kai Huang <kai.huang@...el.com>
To: peterz@...radead.org, kirill.shutemov@...ux.intel.com,
linux-kernel@...r.kernel.org
Cc: dave.hansen@...el.com, tglx@...utronix.de, bp@...en8.de,
mingo@...hat.com, hpa@...or.com, x86@...nel.org, seanjc@...gle.com,
pbonzini@...hat.com, isaku.yamahata@...el.com,
sathyanarayanan.kuppuswamy@...ux.intel.com,
n.borisov.lkml@...il.com, kai.huang@...el.com
Subject: [PATCH v2 02/11] x86/tdx: Skip saving output regs when SEAMCALL fails with VMFailInvalid
If SEAMCALL fails with VMFailInvalid, the SEAM software (e.g., the TDX
module) won't have chance to set any output register. Skip saving the
output registers to the structure in this case.
Also, as '.Lno_output_struct' is the very last symbol before RET, rename
it to '.Lout' to make it short.
Opportunistically make the asm directives unindented.
Cc: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
Cc: Dave Hansen <dave.hansen@...ux.intel.com>
Cc: Peter Zijlstra <peterz@...radead.org>
Suggested-by: Peter Zijlstra <peterz@...radead.org>
Signed-off-by: Kai Huang <kai.huang@...el.com>
---
v1 -> v2:
- A new patch to improve SEAMCALL VMFailInvalid failure, with v1 patch
"x86/tdx: Move FRAME_BEGIN/END to TDX_MODULE_CALL asm macro" merged.
---
arch/x86/coco/tdx/tdcall.S | 3 ---
arch/x86/virt/vmx/tdx/tdxcall.S | 29 ++++++++++++++++++++---------
2 files changed, 20 insertions(+), 12 deletions(-)
diff --git a/arch/x86/coco/tdx/tdcall.S b/arch/x86/coco/tdx/tdcall.S
index 2eca5f43734f..e5d4b7d8ecd4 100644
--- a/arch/x86/coco/tdx/tdcall.S
+++ b/arch/x86/coco/tdx/tdcall.S
@@ -78,10 +78,7 @@
* Return status of TDCALL via RAX.
*/
SYM_FUNC_START(__tdx_module_call)
- FRAME_BEGIN
TDX_MODULE_CALL host=0
- FRAME_END
- RET
SYM_FUNC_END(__tdx_module_call)
/*
diff --git a/arch/x86/virt/vmx/tdx/tdxcall.S b/arch/x86/virt/vmx/tdx/tdxcall.S
index 49a54356ae99..6bdf6e137953 100644
--- a/arch/x86/virt/vmx/tdx/tdxcall.S
+++ b/arch/x86/virt/vmx/tdx/tdxcall.S
@@ -1,5 +1,6 @@
/* SPDX-License-Identifier: GPL-2.0 */
#include <asm/asm-offsets.h>
+#include <asm/frame.h>
#include <asm/tdx.h>
/*
@@ -18,6 +19,7 @@
* TDX module.
*/
.macro TDX_MODULE_CALL host:req
+ FRAME_BEGIN
/*
* R12 will be used as temporary storage for struct tdx_module_output
* pointer. Since R12-R15 registers are not used by TDCALL/SEAMCALL
@@ -44,7 +46,7 @@
mov %rsi, %rcx
/* Leave input param 2 in RDX */
- .if \host
+.if \host
seamcall
/*
* SEAMCALL instruction is essentially a VMExit from VMX root
@@ -57,13 +59,10 @@
* This value will never be used as actual SEAMCALL error code as
* it is from the Reserved status code class.
*/
- jnc .Lno_vmfailinvalid
- mov $TDX_SEAMCALL_VMFAILINVALID, %rax
-.Lno_vmfailinvalid:
-
- .else
+ jc .Lseamcall_vmfailinvalid
+.else
tdcall
- .endif
+.endif
/*
* Fetch output pointer from stack to R12 (It is used
@@ -80,7 +79,7 @@
* Other registers may contain details of the failure.
*/
test %r12, %r12
- jz .Lno_output_struct
+ jz .Lout
/* Copy result registers to output struct: */
movq %rcx, TDX_MODULE_rcx(%r12)
@@ -90,7 +89,19 @@
movq %r10, TDX_MODULE_r10(%r12)
movq %r11, TDX_MODULE_r11(%r12)
-.Lno_output_struct:
+.Lout:
/* Restore the state of R12 register */
pop %r12
+
+ FRAME_END
+ RET
+
+.if \host
+.Lseamcall_vmfailinvalid:
+ mov $TDX_SEAMCALL_VMFAILINVALID, %rax
+ /* pop the unused output pointer back to %r9 */
+ pop %r9
+ jmp .Lout
+.endif /* \host */
+
.endm
--
2.41.0
Powered by blists - more mailing lists