| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <503e778f-6324-44ca-b057-afe510ceea0f@linux.microsoft.com>
Date: Wed, 8 Nov 2023 09:21:51 +0100
From: Jeremi Piotrowski <jpiotrowski@...ux.microsoft.com>
To: Tom Lendacky <thomas.lendacky@....com>,
Borislav Petkov <bp@...en8.de>,
Michael Roth <michael.roth@....com>
Cc: kvm@...r.kernel.org, linux-coco@...ts.linux.dev,
linux-mm@...ck.org, linux-crypto@...r.kernel.org, x86@...nel.org,
linux-kernel@...r.kernel.org, tglx@...utronix.de, mingo@...hat.com,
jroedel@...e.de, hpa@...or.com, ardb@...nel.org,
pbonzini@...hat.com, seanjc@...gle.com, vkuznets@...hat.com,
jmattson@...gle.com, luto@...nel.org, dave.hansen@...ux.intel.com,
slp@...hat.com, pgonda@...gle.com, peterz@...radead.org,
srinivas.pandruvada@...ux.intel.com, rientjes@...gle.com,
dovmurik@...ux.ibm.com, tobin@....com, vbabka@...e.cz,
kirill@...temov.name, ak@...ux.intel.com, tony.luck@...el.com,
marcorr@...gle.com, sathyanarayanan.kuppuswamy@...ux.intel.com,
alpergun@...gle.com, jarkko@...nel.org, ashish.kalra@....com,
nikunj.dadhania@....com, pankaj.gupta@....com,
liam.merwick@...cle.com, zhi.a.wang@...el.com,
Brijesh Singh <brijesh.singh@....com>
Subject: Re: [PATCH v10 06/50] x86/sev: Add the host SEV-SNP initialization
support
On 07/11/2023 19:32, Tom Lendacky wrote:
> On 11/7/23 10:31, Borislav Petkov wrote:
>>
>> And the stuff that needs to happen once, needs to be called once too.
>>
>>> +
>>> + return snp_get_rmptable_info(&rmp_base, &rmp_size);
>>> +}
>>> +
>>> static void early_detect_mem_encrypt(struct cpuinfo_x86 *c)
>>> {
>>> u64 msr;
>>> @@ -659,6 +674,9 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c)
>>> if (!(msr & MSR_K7_HWCR_SMMLOCK))
>>> goto clear_sev;
>>> + if (cpu_has(c, X86_FEATURE_SEV_SNP) && !early_rmptable_check())
>>> + goto clear_snp;
>>> +
>>> return;
>>> clear_all:
>>> @@ -666,6 +684,7 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c)
>>> clear_sev:
>>> setup_clear_cpu_cap(X86_FEATURE_SEV);
>>> setup_clear_cpu_cap(X86_FEATURE_SEV_ES);
>>> +clear_snp:
>>> setup_clear_cpu_cap(X86_FEATURE_SEV_SNP);
>>> }
>>> }
>>
>> ...
>>
>>> +bool snp_get_rmptable_info(u64 *start, u64 *len)
>>> +{
>>> + u64 max_rmp_pfn, calc_rmp_sz, rmp_sz, rmp_base, rmp_end;
>>> +
>>> + rdmsrl(MSR_AMD64_RMP_BASE, rmp_base);
>>> + rdmsrl(MSR_AMD64_RMP_END, rmp_end);
>>> +
>>> + if (!(rmp_base & RMP_ADDR_MASK) || !(rmp_end & RMP_ADDR_MASK)) {
>>> + pr_err("Memory for the RMP table has not been reserved by BIOS\n");
>>> + return false;
>>> + }
>>
>> If you're masking off bits 0-12 above...
>
> Because the RMP_END MSR, most specifically, has a default value of 0x1fff, where bits [12:0] are reserved. So to specifically check if the MSR has been set to a non-zero end value, the bit are masked off. However, ...
>
Do you have a source for this? Because the APM vol. 2, table A.7 says the reset value of RMP_END is all zeros.
Thanks,
Jeremi
Powered by blists - more mailing lists