lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 13 Mar 2024 16:28:37 +0530
From: "Aithal, Srikanth" <sraithal@....com>
To: Ashish Kalra <Ashish.Kalra@....com>, linux-tip-commits@...r.kernel.org
Cc: bp@...en8.de, thomas.lendacky@....com, michael.roth@....com,
 x86@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] x86/sev: Apply RMP table fixups for kexec.

On 3/13/2024 12:17 AM, Ashish Kalra wrote:
> From: Ashish Kalra <ashish.kalra@....com>
> 
> RMP table start and end physical range may not be aligned to 2MB in
> the e820 tables causing fatal RMP page faults during kexec boot when
> new page allocations are done in the same 2MB page as the RMP table.
> Check if RMP table start and end physical range in e820_table is not
> aligned to 2MB and in that case use e820__range_update() to map this
> range to reserved.
> 
> Override e820__memory_setup_default() to check and apply these RMP table
> fixups in e820_table before e820_table is used to setup
> e280_table_firmware and e820_table_kexec.
> 
> Fixes: c3b86e61b756 ("x86/cpufeatures: Enable/unmask SEV-SNP CPU feature")
> Signed-off-by: Ashish Kalra <ashish.kalra@....com>
> ---
>   arch/x86/virt/svm/sev.c | 52 +++++++++++++++++++++++++++++++++++++++++
>   1 file changed, 52 insertions(+)
> 
> diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c
> index cffe1157a90a..e0d7584df28f 100644
> --- a/arch/x86/virt/svm/sev.c
> +++ b/arch/x86/virt/svm/sev.c
> @@ -65,6 +65,8 @@ static u64 probed_rmp_base, probed_rmp_size;
>   static struct rmpentry *rmptable __ro_after_init;
>   static u64 rmptable_max_pfn __ro_after_init;
>   
> +static char *__init snp_rmptable_e820_fixup(void);
> +
>   static LIST_HEAD(snp_leaked_pages_list);
>   static DEFINE_SPINLOCK(snp_leaked_pages_list_lock);
>   
> @@ -160,9 +162,59 @@ bool snp_probe_rmptable_info(void)
>   	pr_info("RMP table physical range [0x%016llx - 0x%016llx]\n",
>   		probed_rmp_base, probed_rmp_base + probed_rmp_size - 1);
>   
> +	/*
> +	 * Override e820__memory_setup_default() to do any RMP table fixups
> +	 * for kexec if required.
> +	 */
> +	x86_init.resources.memory_setup = snp_rmptable_e820_fixup;
> +
>   	return true;
>   }
>   
> +/*
> + * Override e820__memory_setup_default() to do any RMP table fixups
> + * in e820_table before e820_table_firmware and e820_table_kexec
> + * are setup.
> + */
> +static char *__init snp_rmptable_e820_fixup(void)
> +{
> +	/* Populate e820_table from BIOS-supplied e820 map */
> +	char *p =  e820__memory_setup_default();
> +	u64 pa;
> +
> +	/*
> +	 * RMP table start & end physical range may not be aligned to 2MB in the
> +	 * e820 tables causing fatal RMP page faults during kexec boot when new
> +	 * page allocations are done in the same 2MB page as the RMP table.
> +	 * Check if RMP table start & end physical range in e820_table is not aligned
> +	 * to 2MB and in that case use e820__range_update() to map this range to reserved,
> +	 * e820__range_update() nicely handles partial range update and also
> +	 * merges any consecutive ranges of the same type.
> +	 * Need to override e820__memory_setup_default() to check and apply
> +	 * fixups in e820_table before e820_table is used to setup
> +	 * e280_table_firmware and e820_table_kexec.
> +	 */
> +	pa = probed_rmp_base;
> +	if (!IS_ALIGNED(pa, PMD_SIZE)) {
> +		pa = ALIGN_DOWN(pa, PMD_SIZE);
> +		if (e820__mapped_any(pa, pa + PMD_SIZE, E820_TYPE_RAM)) {
> +			pr_info("Reserving start of RMP table on a 2MB boundary [0x%016llx]\n", pa);
> +			e820__range_update(pa, PMD_SIZE, E820_TYPE_RAM, E820_TYPE_RESERVED);
> +		}
> +	}
> +
> +	pa = probed_rmp_base + probed_rmp_size;
> +	if (!IS_ALIGNED(pa, PMD_SIZE)) {
> +		pa = ALIGN_DOWN(pa, PMD_SIZE);
> +		if (e820__mapped_any(pa, pa + PMD_SIZE, E820_TYPE_RAM)) {
> +			pr_info("Reserving end of RMP table on a 2MB boundary [0x%016llx]\n", pa);
> +			e820__range_update(pa, PMD_SIZE, E820_TYPE_RAM, E820_TYPE_RESERVED);
> +		}
> +	}
> +
> +	return p;
> +}
> +
>   /*
>    * Do the necessary preparations which are verified by the firmware as
>    * described in the SNP_INIT_EX firmware command description in the SNP
Tested this patch, it fixes the kexec issue reported. Thank you.

Tested-by: Srikanth Aithal <sraithal@....com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ