lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230825234115.wxuspnhiyuuf5bhu@box>
Date:   Sat, 26 Aug 2023 02:41:15 +0300
From:   kirill.shutemov@...ux.intel.com
To:     Kai Huang <kai.huang@...el.com>
Cc:     peterz@...radead.org, linux-kernel@...r.kernel.org,
        dave.hansen@...el.com, tglx@...utronix.de, bp@...en8.de,
        mingo@...hat.com, hpa@...or.com, x86@...nel.org, seanjc@...gle.com,
        pbonzini@...hat.com, isaku.yamahata@...el.com,
        sathyanarayanan.kuppuswamy@...ux.intel.com,
        n.borisov.lkml@...il.com
Subject: Re: [PATCH v4 11/12] x86/virt/tdx: Make TDX_MODULE_CALL handle
 SEAMCALL #UD and #GP

On Tue, Aug 15, 2023 at 11:02:05PM +1200, Kai Huang wrote:
> SEAMCALL instruction causes #UD if the CPU isn't in VMX operation.
> Currently the TDX_MODULE_CALL assembly doesn't handle #UD, thus making
> SEAMCALL when VMX is disabled would cause Oops.
> 
> Unfortunately, there are legal cases that SEAMCALL can be made when VMX
> is disabled.  For instance, VMX can be disabled due to emergency reboot
> while there are still TDX guests running.
> 
> Extend the TDX_MODULE_CALL assembly to return an error code for #UD to
> handle this case gracefully, e.g., KVM can then quietly eat all SEAMCALL
> errors caused by emergency reboot.
> 
> SEAMCALL instruction also causes #GP when TDX isn't enabled by the BIOS.
> Use _ASM_EXTABLE_FAULT() to catch both exceptions with the trap number
> recorded, and define two new error codes by XORing the trap number to
> the TDX_SW_ERROR.  This opportunistically handles #GP too while using
> the same simple assembly code.
> 
> A bonus is when kernel mistakenly calls SEAMCALL when CPU isn't in VMX
> operation, or when TDX isn't enabled by the BIOS, or when the BIOS is
> buggy, the kernel can get a nicer error code rather than a less
> understandable Oops.
> 
> This is basically based on Peter's code.
> 
> Cc: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
> Cc: Dave Hansen <dave.hansen@...ux.intel.com>
> Cc: Peter Zijlstra <peterz@...radead.org>
> Suggested-by: Peter Zijlstra <peterz@...radead.org>
> Signed-off-by: Kai Huang <kai.huang@...el.com>

Reviewed-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>

-- 
  Kiryl Shutsemau / Kirill A. Shutemov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ