| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 May 2024 09:15:20 -0700 From: Isaku Yamahata <isaku.yamahata@...el.com> To: "Edgecombe, Rick P" <rick.p.edgecombe@...el.com> Cc: "Yamahata, Isaku" <isaku.yamahata@...el.com>, "dmatlack@...gle.com" <dmatlack@...gle.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "seanjc@...gle.com" <seanjc@...gle.com>, "Huang, Kai" <kai.huang@...el.com>, "sagis@...gle.com" <sagis@...gle.com>, "isaku.yamahata@...ux.intel.com" <isaku.yamahata@...ux.intel.com>, "Aktas, Erdem" <erdemaktas@...gle.com>, "Zhao, Yan Y" <yan.y.zhao@...el.com>, "kvm@...r.kernel.org" <kvm@...r.kernel.org>, "pbonzini@...hat.com" <pbonzini@...hat.com>, "isaku.yamahata@...il.com" <isaku.yamahata@...il.com> Subject: Re: [PATCH 10/16] KVM: x86/tdp_mmu: Support TDX private mapping for TDP MMU On Tue, May 21, 2024 at 03:07:50PM +0000, "Edgecombe, Rick P" <rick.p.edgecombe@...el.com> wrote: > > 1.4.2 Guest Physical Address Translation > > Transition to SEAM VMX non-root operation is formatted to require Extended > > Page Tables (EPT) to be enabled. In SEAM VMX non-root operation, there > > should > > be two EPTs active: the private EPT specified using the EPTP field of the > > VMCS > > and a shared EPT specified using the Shared-EPTP field of the VMCS. > > When translating a GPA using the shared EPT, an EPT misconfiguration can > > occur > > if the entry is present and the physical address bits in the range > > (MAXPHYADDR-1) to (MAXPHYADDR-TDX_RESERVED_KEYID_BITS) are set, i.e., if > > configured with a TDX private KeyID. > > If the CPU's maximum physical-address width (MAXPA) is 52 and the guest > > physical address width is configured to be 48, accesses with GPA bits 51:48 > > not all being 0 can cause an EPT-violation, where such EPT-violations are > > not > > mutated to #VE, even if the “EPT-violations #VE” execution control is 1. > > If the CPU's physical-address width (MAXPA) is less than 48 and the SHARED > > bit > > is configured to be in bit position 47, GPA bit 47 would be reserved, and > > GPA > > bits 46:MAXPA would be reserved. On such CPUs, setting bits 51:48 or bits > > 46:MAXPA in any paging structure can cause a reserved bit page fault on > > access. > > In "if the entry is present and the physical address bits in the range > (MAXPHYADDR-1) to (MAXPHYADDR-TDX_RESERVED_KEYID_BITS) are set", it's not clear > to be if "physical address bits" is referring to the GPA or the "entry" (meaning > the host pfn). The "entry" would be my guess. > > It is also confusing when it talks about "guest physical address". It must mean > 4 vs 5 level paging? How else is the shared EPT walker supposed to know the > guest maxpa. In which case it would be consistent with normal EPT behavior. But > the assertions around reserved bit page faults are surprising. > > Based on those guesses, I'm not sure the below code is correct. We wouldn't need > to remove keyid bits from the GFN. > > Maybe we should clarify the spec? Or are you confident reading it the other way? I'll read them more closely. At least the following patch is broken. -- Isaku Yamahata <isaku.yamahata@...el.com>
Powered by blists - more mailing lists