| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Nov 2023 09:19:29 -0600
From: Tom Lendacky <thomas.lendacky@....com>
To: Jeremi Piotrowski <jpiotrowski@...ux.microsoft.com>,
Borislav Petkov <bp@...en8.de>,
Michael Roth <michael.roth@....com>
Cc: kvm@...r.kernel.org, linux-coco@...ts.linux.dev,
linux-mm@...ck.org, linux-crypto@...r.kernel.org, x86@...nel.org,
linux-kernel@...r.kernel.org, tglx@...utronix.de, mingo@...hat.com,
jroedel@...e.de, hpa@...or.com, ardb@...nel.org,
pbonzini@...hat.com, seanjc@...gle.com, vkuznets@...hat.com,
jmattson@...gle.com, luto@...nel.org, dave.hansen@...ux.intel.com,
slp@...hat.com, pgonda@...gle.com, peterz@...radead.org,
srinivas.pandruvada@...ux.intel.com, rientjes@...gle.com,
dovmurik@...ux.ibm.com, tobin@....com, vbabka@...e.cz,
kirill@...temov.name, ak@...ux.intel.com, tony.luck@...el.com,
marcorr@...gle.com, sathyanarayanan.kuppuswamy@...ux.intel.com,
alpergun@...gle.com, jarkko@...nel.org, ashish.kalra@....com,
nikunj.dadhania@....com, pankaj.gupta@....com,
liam.merwick@...cle.com, zhi.a.wang@...el.com,
Brijesh Singh <brijesh.singh@....com>
Subject: Re: [PATCH v10 06/50] x86/sev: Add the host SEV-SNP initialization
support
On 11/8/23 02:21, Jeremi Piotrowski wrote:
> On 07/11/2023 19:32, Tom Lendacky wrote:
>> On 11/7/23 10:31, Borislav Petkov wrote:
>>>
>>> And the stuff that needs to happen once, needs to be called once too.
>>>
>>>> +
>>>> + return snp_get_rmptable_info(&rmp_base, &rmp_size);
>>>> +}
>>>> +
>>>> static void early_detect_mem_encrypt(struct cpuinfo_x86 *c)
>>>> {
>>>> u64 msr;
>>>> @@ -659,6 +674,9 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c)
>>>> if (!(msr & MSR_K7_HWCR_SMMLOCK))
>>>> goto clear_sev;
>>>> + if (cpu_has(c, X86_FEATURE_SEV_SNP) && !early_rmptable_check())
>>>> + goto clear_snp;
>>>> +
>>>> return;
>>>> clear_all:
>>>> @@ -666,6 +684,7 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c)
>>>> clear_sev:
>>>> setup_clear_cpu_cap(X86_FEATURE_SEV);
>>>> setup_clear_cpu_cap(X86_FEATURE_SEV_ES);
>>>> +clear_snp:
>>>> setup_clear_cpu_cap(X86_FEATURE_SEV_SNP);
>>>> }
>>>> }
>>>
>>> ...
>>>
>>>> +bool snp_get_rmptable_info(u64 *start, u64 *len)
>>>> +{
>>>> + u64 max_rmp_pfn, calc_rmp_sz, rmp_sz, rmp_base, rmp_end;
>>>> +
>>>> + rdmsrl(MSR_AMD64_RMP_BASE, rmp_base);
>>>> + rdmsrl(MSR_AMD64_RMP_END, rmp_end);
>>>> +
>>>> + if (!(rmp_base & RMP_ADDR_MASK) || !(rmp_end & RMP_ADDR_MASK)) {
>>>> + pr_err("Memory for the RMP table has not been reserved by BIOS\n");
>>>> + return false;
>>>> + }
>>>
>>> If you're masking off bits 0-12 above...
>>
>> Because the RMP_END MSR, most specifically, has a default value of 0x1fff, where bits [12:0] are reserved. So to specifically check if the MSR has been set to a non-zero end value, the bit are masked off. However, ...
>>
>
> Do you have a source for this? Because the APM vol. 2, table A.7 says the reset value of RMP_END is all zeros.
Ah, good catch. Let me work on getting the APM updated.
Thanks,
Tom
>
> Thanks,
> Jeremi
>
Powered by blists - more mailing lists