| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 May 2024 11:12:26 +0000 From: "Huang, Kai" <kai.huang@...el.com> To: "kirill.shutemov@...ux.intel.com" <kirill.shutemov@...ux.intel.com>, "tglx@...utronix.de" <tglx@...utronix.de>, "mingo@...hat.com" <mingo@...hat.com>, "x86@...nel.org" <x86@...nel.org>, "bp@...en8.de" <bp@...en8.de>, "dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com> CC: "kexec@...ts.infradead.org" <kexec@...ts.infradead.org>, "ardb@...nel.org" <ardb@...nel.org>, "linux-coco@...ts.linux.dev" <linux-coco@...ts.linux.dev>, "ashish.kalra@....com" <ashish.kalra@....com>, "thomas.lendacky@....com" <thomas.lendacky@....com>, "Hunter, Adrian" <adrian.hunter@...el.com>, "Reshetova, Elena" <elena.reshetova@...el.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "haiyangz@...rosoft.com" <haiyangz@...rosoft.com>, "seanjc@...gle.com" <seanjc@...gle.com>, "kys@...rosoft.com" <kys@...rosoft.com>, "bhe@...hat.com" <bhe@...hat.com>, "Nakajima, Jun" <jun.nakajima@...el.com>, "hpa@...or.com" <hpa@...or.com>, "peterz@...radead.org" <peterz@...radead.org>, "linux-hyperv@...r.kernel.org" <linux-hyperv@...r.kernel.org>, "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>, "rafael@...nel.org" <rafael@...nel.org>, "sathyanarayanan.kuppuswamy@...ux.intel.com" <sathyanarayanan.kuppuswamy@...ux.intel.com>, "linux-acpi@...r.kernel.org" <linux-acpi@...r.kernel.org> Subject: Re: [PATCHv11 06/19] x86/kexec: Keep CR4.MCE set during kexec for TDX guest On Tue, 2024-05-28 at 12:55 +0300, Kirill A. Shutemov wrote: > TDX guests run with MCA enabled (CR4.MCE=1b) from the very start. If > that bit is cleared during CR4 register reprogramming during boot or > kexec flows, a #VE exception will be raised which the guest kernel > cannot handle it. Nit: the ending "it" isn't needed. > > Therefore, make sure the CR4.MCE setting is preserved over kexec too and > avoid raising any #VEs. > > The change doesn't affect non-TDX-guest environments. > > Signed-off-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com> Reviewed-by: Kai Huang <kai.huang@...el.com> > --- > arch/x86/kernel/relocate_kernel_64.S | 16 ++++++++++------ > 1 file changed, 10 insertions(+), 6 deletions(-) > > diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S > index 085eef5c3904..b668a6be4f6f 100644 > --- a/arch/x86/kernel/relocate_kernel_64.S > +++ b/arch/x86/kernel/relocate_kernel_64.S > @@ -5,6 +5,8 @@ > */ > > #include <linux/linkage.h> > +#include <linux/stringify.h> > +#include <asm/alternative.h> > #include <asm/page_types.h> > #include <asm/kexec.h> > #include <asm/processor-flags.h> > @@ -143,15 +145,17 @@ SYM_CODE_START_LOCAL_NOALIGN(identity_mapped) > > /* > * Set cr4 to a known state: > - * - physical address extension enabled > * - 5-level paging, if it was enabled before > + * - Machine check exception on TDX guest, if it was enabled before. > + * Clearing MCE might not be allowed in TDX guests, depending on setup. > + * - physical address extension enabled > */ > - movl $X86_CR4_PAE, %eax > - testq $X86_CR4_LA57, %r13 > - jz .Lno_la57 > - orl $X86_CR4_LA57, %eax > -.Lno_la57: > + movl $X86_CR4_LA57, %eax > + ALTERNATIVE "", __stringify(orl $X86_CR4_MCE, %eax), X86_FEATURE_TDX_GUEST > > + /* R13 contains the original CR4 value, read in relocate_kernel() */ > + andl %r13d, %eax > + orl $X86_CR4_PAE, %eax > movq %rax, %cr4 > > jmp 1f
Powered by blists - more mailing lists