| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Jun 2024 09:01:30 -0500 From: Tom Lendacky <thomas.lendacky@....com> To: "Kalra, Ashish" <ashish.kalra@....com>, Borislav Petkov <bp@...en8.de> Cc: tglx@...utronix.de, mingo@...hat.com, dave.hansen@...ux.intel.com, x86@...nel.org, rafael@...nel.org, hpa@...or.com, peterz@...radead.org, adrian.hunter@...el.com, sathyanarayanan.kuppuswamy@...ux.intel.com, jun.nakajima@...el.com, rick.p.edgecombe@...el.com, michael.roth@....com, seanjc@...gle.com, kai.huang@...el.com, bhe@...hat.com, kirill.shutemov@...ux.intel.com, bdas@...hat.com, vkuznets@...hat.com, dionnaglaze@...gle.com, anisinha@...hat.com, jroedel@...e.de, ardb@...nel.org, dyoung@...hat.com, kexec@...ts.infradead.org, linux-coco@...ts.linux.dev, linux-kernel@...r.kernel.org Subject: Re: [PATCH v9 3/3] x86/snp: Convert shared memory back to private on kexec On 6/27/24 23:27, Kalra, Ashish wrote: > Hello Boris, > > On 6/24/2024 10:59 PM, Borislav Petkov wrote: >> On Mon, Jun 24, 2024 at 03:57:34PM -0500, Kalra, Ashish wrote: >>> ... Hence, added simple static functions make_pte_private() and >>> set_pte_enc() to make use of the more optimized snp_set_memory_private() to >>> use the GHCB instead of the MSR protocol. Additionally, make_pte_private() >>> adds check for GHCB addresses during unshare_all_memory() loop. >> IOW, what you're saying is: "Boris, what you're asking can't be done." >> >> Well, what *you're* asking - for me to maintain crap - can't be done either. >> So this will stay where it is. >> >> Unless you make a genuine effort and refactor the code... > > There is an issue with calling __set_clr_pte_enc() here for the _bss_decrypted section being made private again, > > when calling __set_clr_pte_enc() on _bss_decrypted section pages, clflush_cache_range() will fail as __va() > > on this physical range fails as the bss_decrypted section pages are not in kernel direct map. > > Hence, clflush_cache_range() in __set_clr_pte_enc() causes an implicit page state change which is not resolved as below and causes fatal guest exit : > > qemu-system-x86_64: warning: memory fault: GPA 0x4000000 size 0x1000 flags 0x8 kvm_convert_memory start 0x4000000 size 0x1000 shared_to_private > > ... > > KVM: unknown exit reason 24 EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000000 ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000 EIP=00000000 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 > > ... > > This is the reason why i had to pass the vaddr to set_pte_enc(), added here for kexec code, so that i can use it for clflush_cache_range(). > > So for specific cases such as this, where we can't call __set_clr_pte_enc() on _bss_decrypted section, we probably need a separate set_pte_enc(). You can probably add a va parameter, that when not NULL, is used for the flush. If NULL, then use the __va() macro on the pa. Thanks, Tom > > Thanks, Ashish >
Powered by blists - more mailing lists