| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <j4s4n5slt6a234w5o5r4zjmb3xj53odnmwekt6ihotfzotd7ur@ghyvphwcki57> Date: Tue, 2 Apr 2024 18:42:23 +0300 From: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com> To: Xiaoyao Li <xiaoyao.li@...el.com> Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org, "Rafael J. Wysocki" <rafael@...nel.org>, Peter Zijlstra <peterz@...radead.org>, Adrian Hunter <adrian.hunter@...el.com>, Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@...ux.intel.com>, Elena Reshetova <elena.reshetova@...el.com>, Jun Nakajima <jun.nakajima@...el.com>, Rick Edgecombe <rick.p.edgecombe@...el.com>, Tom Lendacky <thomas.lendacky@....com>, "Kalra, Ashish" <ashish.kalra@....com>, Sean Christopherson <seanjc@...gle.com>, "Huang, Kai" <kai.huang@...el.com>, Baoquan He <bhe@...hat.com>, kexec@...ts.infradead.org, linux-coco@...ts.linux.dev, linux-kernel@...r.kernel.org Subject: Re: [PATCHv9 05/17] x86/kexec: Keep CR4.MCE set during kexec for TDX guest On Fri, Mar 29, 2024 at 06:48:21PM +0200, Kirill A. Shutemov wrote: > On Fri, Mar 29, 2024 at 11:21:32PM +0800, Xiaoyao Li wrote: > > On 3/25/2024 6:38 PM, Kirill A. Shutemov wrote: > > > TDX guests are not allowed to clear CR4.MCE. Attempt to clear it leads > > > to #VE. > > > > Will we consider making it more safe and compatible for future to guard > > against X86_FEATURE_MCE as well? > > > > If in the future, MCE becomes configurable for TD guest, then CR4.MCE might > > not be fixed1. > > Good point. > > I guess we can leave it clear if it was clear. This should be easy > enough. But we might want to clear even if was set if clearing is allowed. > > It would require some kind of indication that clearing MCE is fine. We > don't have such indication yet. Not sure we can reasonably future-proof > the code at this point. > > But let me think more. I think I will go with the variant below. diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S index 56cab1bb25f5..8e2037d78a1f 100644 --- a/arch/x86/kernel/relocate_kernel_64.S +++ b/arch/x86/kernel/relocate_kernel_64.S @@ -5,6 +5,8 @@ */ #include <linux/linkage.h> +#include <linux/stringify.h> +#include <asm/alternative.h> #include <asm/page_types.h> #include <asm/kexec.h> #include <asm/processor-flags.h> @@ -145,11 +147,17 @@ SYM_CODE_START_LOCAL_NOALIGN(identity_mapped) * Set cr4 to a known state: * - physical address extension enabled * - 5-level paging, if it was enabled before + * - Machine check exception on TDX guest, if it was enabled before. + * Clearing MCE might not allowed in TDX guests, depending on setup. */ movl $X86_CR4_PAE, %eax testq $X86_CR4_LA57, %r13 jz 1f orl $X86_CR4_LA57, %eax +1: + testq $X86_CR4_MCE, %r13 + jz 1f + ALTERNATIVE "", __stringify(orl $X86_CR4_MCE, %eax), X86_FEATURE_TDX_GUEST 1: movq %rax, %cr4 -- Kiryl Shutsemau / Kirill A. Shutemov
Powered by blists - more mailing lists