| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 Apr 2024 12:32:52 +0300 From: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com> To: "Huang, Kai" <kai.huang@...el.com> Cc: Xiaoyao Li <xiaoyao.li@...el.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org, "Rafael J. Wysocki" <rafael@...nel.org>, Peter Zijlstra <peterz@...radead.org>, Adrian Hunter <adrian.hunter@...el.com>, Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@...ux.intel.com>, Elena Reshetova <elena.reshetova@...el.com>, Jun Nakajima <jun.nakajima@...el.com>, Rick Edgecombe <rick.p.edgecombe@...el.com>, Tom Lendacky <thomas.lendacky@....com>, "Kalra, Ashish" <ashish.kalra@....com>, Sean Christopherson <seanjc@...gle.com>, Baoquan He <bhe@...hat.com>, kexec@...ts.infradead.org, linux-coco@...ts.linux.dev, linux-kernel@...r.kernel.org Subject: Re: [PATCHv9 05/17] x86/kexec: Keep CR4.MCE set during kexec for TDX guest On Thu, Apr 04, 2024 at 10:40:34AM +1300, Huang, Kai wrote: > > > On 3/04/2024 4:42 am, Kirill A. Shutemov wrote: > > On Fri, Mar 29, 2024 at 06:48:21PM +0200, Kirill A. Shutemov wrote: > > > On Fri, Mar 29, 2024 at 11:21:32PM +0800, Xiaoyao Li wrote: > > > > On 3/25/2024 6:38 PM, Kirill A. Shutemov wrote: > > > > > TDX guests are not allowed to clear CR4.MCE. Attempt to clear it leads > > > > > to #VE. > > > > > > > > Will we consider making it more safe and compatible for future to guard > > > > against X86_FEATURE_MCE as well? > > > > > > > > If in the future, MCE becomes configurable for TD guest, then CR4.MCE might > > > > not be fixed1. > > > > > > Good point. > > > > > > I guess we can leave it clear if it was clear. This should be easy > > > enough. But we might want to clear even if was set if clearing is allowed. > > > > > > It would require some kind of indication that clearing MCE is fine. We > > > don't have such indication yet. Not sure we can reasonably future-proof > > > the code at this point. > > > > > > But let me think more. > > > > I think I will go with the variant below. > > > > diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S > > index 56cab1bb25f5..8e2037d78a1f 100644 > > --- a/arch/x86/kernel/relocate_kernel_64.S > > +++ b/arch/x86/kernel/relocate_kernel_64.S > > @@ -5,6 +5,8 @@ > > */ > > #include <linux/linkage.h> > > +#include <linux/stringify.h> > > +#include <asm/alternative.h> > > #include <asm/page_types.h> > > #include <asm/kexec.h> > > #include <asm/processor-flags.h> > > @@ -145,11 +147,17 @@ SYM_CODE_START_LOCAL_NOALIGN(identity_mapped) > > * Set cr4 to a known state: > > * - physical address extension enabled > > * - 5-level paging, if it was enabled before > > + * - Machine check exception on TDX guest, if it was enabled before. > > + * Clearing MCE might not allowed in TDX guests, depending on setup. > > Nit: Perhaps we can just call out: > > Clearing MCE is not allowed if it _was_ enabled before. > > Which is always true I suppose. It is true now. Future TDX will allow to clear CR4.MCE and we don't want to flip it back on in this case. -- Kiryl Shutsemau / Kirill A. Shutemov
Powered by blists - more mailing lists