| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Mar 2024 12:46:06 +0200
From: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
To: tglx@...utronix.de,
mingo@...hat.com,
bp@...en8.de,
dave.hansen@...el.com
Cc: sathyanarayanan.kuppuswamy@...ux.intel.com,
hpa@...or.com,
seanjc@...gle.com,
elena.reshetova@...el.com,
rick.p.edgecombe@...el.com,
x86@...nel.org,
linux-kernel@...r.kernel.org,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
Subject: [PATCHv2 3/4] x86/tdx: Handle PENDING_EPT_VIOLATION_V2
PENDING_EPT_VIOLATION_V2 allows TD to control whether access to
a pending page triggers #VE.
Kernel doesn't want to see any #VEs on accesses to private memory:
disable such #VEs.
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
---
arch/x86/coco/tdx/tdx.c | 75 ++++++++++++++++++++++++++++---
arch/x86/include/asm/shared/tdx.h | 18 +++++++-
2 files changed, 87 insertions(+), 6 deletions(-)
diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c
index 08e2bb462ce8..860bfdd5a11d 100644
--- a/arch/x86/coco/tdx/tdx.c
+++ b/arch/x86/coco/tdx/tdx.c
@@ -77,6 +77,17 @@ static inline void tdcall(u64 fn, struct tdx_module_args *args)
panic("TDCALL %lld failed (Buggy TDX module!)\n", fn);
}
+static inline u64 tdg_vm_rd(u64 field)
+{
+ struct tdx_module_args args = {
+ .rdx = field,
+ };
+
+ tdcall(TDG_VM_RD, &args);
+
+ return args.r8;
+}
+
static inline u64 tdg_vm_wr(u64 field, u64 value, u64 mask)
{
struct tdx_module_args args = {
@@ -91,6 +102,28 @@ static inline u64 tdg_vm_wr(u64 field, u64 value, u64 mask)
return args.r8;
}
+static inline u64 tdg_sys_rd(u64 field)
+{
+ struct tdx_module_args args = {
+ .rdx = field,
+ };
+
+ tdcall(TDG_SYS_RD, &args);
+
+ return args.r8;
+}
+
+static bool tdcs_ctls_set(u64 mask)
+{
+ struct tdx_module_args args = {
+ .rdx = TDCS_TD_CTLS,
+ .r8 = mask,
+ .r9 = mask,
+ };
+
+ return __tdcall(TDG_VM_WR, &args) == TDX_SUCCESS;
+}
+
/**
* tdx_mcall_get_report0() - Wrapper to get TDREPORT0 (a.k.a. TDREPORT
* subtype 0) using TDG.MR.REPORT TDCALL.
@@ -185,7 +218,8 @@ static void tdx_setup(u64 *cc_mask)
{
struct tdx_module_args args = {};
unsigned int gpa_width;
- u64 td_attr;
+ u64 td_attr, features;
+ bool sept_ve_disabled;
/*
* TDINFO TDX module call is used to get the TD execution environment
@@ -206,19 +240,50 @@ static void tdx_setup(u64 *cc_mask)
gpa_width = args.rcx & GENMASK(5, 0);
*cc_mask = BIT_ULL(gpa_width - 1);
+ td_attr = args.rdx;
+
/* Kernel does not use NOTIFY_ENABLES and does not need random #VEs */
tdg_vm_wr(TDCS_NOTIFY_ENABLES, 0, -1ULL);
+ features = tdg_sys_rd(TDCS_TDX_FEATURES0);
+
/*
* The kernel can not handle #VE's when accessing normal kernel
* memory. Ensure that no #VE will be delivered for accesses to
* TD-private memory. Only VMM-shared memory (MMIO) will #VE.
+ *
+ * Check if the TD is created with SEPT #VE disabled.
*/
- td_attr = args.rdx;
- if (!(td_attr & ATTR_SEPT_VE_DISABLE)) {
- const char *msg = "TD misconfiguration: SEPT_VE_DISABLE attribute must be set.";
+ sept_ve_disabled = td_attr & ATTR_SEPT_VE_DISABLE;
- /* Relax SEPT_VE_DISABLE check for debug TD. */
+ /*
+ * Check if flexible control of SEPT #VE is supported.
+ *
+ * The check consists of verifying if the feature is supported by the
+ * TDX module (the TDX_FEATURES0 check) and if the feature is enabled
+ * for this TD (CONFIG_FLAGS check).
+ *
+ * If flexible control is supported, disable SEPT #VE.
+ *
+ * Disable SEPT #VE regardless of ATTR_SEPT_VE_DISABLE status as
+ * flexible control allows software running before the kernel to
+ * enable it.
+ *
+ * Skip SEPT disabling for debug TD. SEPT #VE is unsafe but can be
+ * useful for debugging to produce a stack trace. Known to be useful
+ * for debugging unaccepted memory problems.
+ */
+ if (features & TDX_FEATURES0_PENDING_EPT_VIOLATION_V2 &&
+ (tdg_vm_rd(TDCS_CONFIG_FLAGS) & TDCS_CONFIG_FLEXIBLE_PENDING_VE) &&
+ !(td_attr & ATTR_DEBUG)) {
+ if (tdcs_ctls_set(TD_CTLS_PENDING_VE_DISABLE))
+ sept_ve_disabled = true;
+ }
+
+ if (!sept_ve_disabled) {
+ const char *msg = "TD misconfiguration: SEPT #VE has to be disabled";
+
+ /* Relax SEPT #VE disable check for debug TD. */
if (td_attr & ATTR_DEBUG)
pr_warn("%s\n", msg);
else
diff --git a/arch/x86/include/asm/shared/tdx.h b/arch/x86/include/asm/shared/tdx.h
index fdfd41511b02..29a61c72e4dd 100644
--- a/arch/x86/include/asm/shared/tdx.h
+++ b/arch/x86/include/asm/shared/tdx.h
@@ -16,11 +16,27 @@
#define TDG_VP_VEINFO_GET 3
#define TDG_MR_REPORT 4
#define TDG_MEM_PAGE_ACCEPT 6
+#define TDG_VM_RD 7
#define TDG_VM_WR 8
+#define TDG_SYS_RD 11
-/* TDCS fields. To be used by TDG.VM.WR and TDG.VM.RD module calls */
+/* TDX Global Metadata. To be used by TDG.SYS.RD */
+#define TDCS_TDX_FEATURES0 0x0A00000300000008
+
+/* TDX TD-Scope Metadata. To be used by TDG.VM.WR and TDG.VM.RD */
+#define TDCS_CONFIG_FLAGS 0x1110000300000016
+#define TDCS_TD_CTLS 0x1110000300000017
#define TDCS_NOTIFY_ENABLES 0x9100000000000010
+/* TDCS_TDX_FEATURES0 bits */
+#define TDX_FEATURES0_PENDING_EPT_VIOLATION_V2 BIT_ULL(16)
+
+/* TDCS_CONFIG_FLAGS bits */
+#define TDCS_CONFIG_FLEXIBLE_PENDING_VE BIT_ULL(1)
+
+/* TDCS_TD_CTLS bits */
+#define TD_CTLS_PENDING_VE_DISABLE BIT_ULL(0)
+
/* TDX hypercall Leaf IDs */
#define TDVMCALL_MAP_GPA 0x10001
#define TDVMCALL_GET_QUOTE 0x10002
--
2.43.0
Powered by blists - more mailing lists