[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0331020dce360b77e40c53dfdb0624574dbb249f.1722356794.git.legion@kernel.org>
Date: Tue, 30 Jul 2024 19:35:58 +0200
From: "Alexey Gladkov (Intel)" <legion@...nel.org>
To: linux-kernel@...r.kernel.org,
linux-coco@...ts.linux.dev
Cc: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"H. Peter Anvin" <hpa@...or.com>,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Yuan Yao <yuan.yao@...el.com>,
Geert Uytterhoeven <geert@...ux-m68k.org>,
Yuntao Wang <ytcoode@...il.com>,
Kai Huang <kai.huang@...el.com>,
Baoquan He <bhe@...hat.com>,
Oleg Nesterov <oleg@...hat.com>,
cho@...rosoft.com,
decui@...rosoft.com,
John.Starks@...rosoft.com
Subject: [PATCH v1 3/4] x86/tdx: Allow MMIO from userspace
The MMIO emulation is only allowed for kernel space code. It is carried
out through a special API, which uses only certain instructions.
This does not allow userspace to work with virtual devices.
Allow userspace to use the same instructions as kernel space to access
MMIO. So far, no additional checks have been made.
Signed-off-by: Alexey Gladkov (Intel) <legion@...nel.org>
---
arch/x86/coco/tdx/tdx.c | 42 +++++++++++++++++++++++++++++++----------
1 file changed, 32 insertions(+), 10 deletions(-)
diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c
index 8c894ee9c245..26b2e52457be 100644
--- a/arch/x86/coco/tdx/tdx.c
+++ b/arch/x86/coco/tdx/tdx.c
@@ -474,6 +474,31 @@ static int valid_vaddr(struct ve_info *ve, enum insn_mmio_type mmio, int size,
return 0;
}
+static int decode_insn_struct(struct insn *insn, struct pt_regs *regs)
+{
+ char buffer[MAX_INSN_SIZE];
+
+ if (user_mode(regs)) {
+ int nr_copied = insn_fetch_from_user(regs, buffer);
+
+ if (nr_copied <= 0)
+ return -EFAULT;
+
+ if (!insn_decode_from_regs(insn, regs, buffer, nr_copied))
+ return -EINVAL;
+
+ if (!insn->immediate.got)
+ return -EINVAL;
+ } else {
+ if (copy_from_kernel_nofault(buffer, (void *)regs->ip, MAX_INSN_SIZE))
+ return -EFAULT;
+
+ if (insn_decode(insn, buffer, MAX_INSN_SIZE, INSN_MODE_64))
+ return -EINVAL;
+ }
+ return 0;
+}
+
static int handle_mmio_write(struct insn *insn, enum insn_mmio_type mmio, int size,
struct pt_regs *regs, struct ve_info *ve)
{
@@ -554,20 +579,13 @@ static int handle_mmio_read(struct insn *insn, enum insn_mmio_type mmio, int siz
static int handle_mmio(struct pt_regs *regs, struct ve_info *ve)
{
unsigned long vaddr;
- char buffer[MAX_INSN_SIZE];
enum insn_mmio_type mmio;
struct insn insn = {};
int size, ret;
- /* Only in-kernel MMIO is supported */
- if (WARN_ON_ONCE(user_mode(regs)))
- return -EFAULT;
-
- if (copy_from_kernel_nofault(buffer, (void *)regs->ip, MAX_INSN_SIZE))
- return -EFAULT;
-
- if (insn_decode(&insn, buffer, MAX_INSN_SIZE, INSN_MODE_64))
- return -EINVAL;
+ ret = decode_insn_struct(&insn, regs);
+ if (ret)
+ return ret;
mmio = insn_decode_mmio(&insn, &size);
if (WARN_ON_ONCE(mmio == INSN_MMIO_DECODE_FAILED))
@@ -763,6 +781,10 @@ static int virt_exception_user(struct pt_regs *regs, struct ve_info *ve)
switch (ve->exit_reason) {
case EXIT_REASON_CPUID:
return handle_cpuid(regs, ve);
+ case EXIT_REASON_EPT_VIOLATION:
+ if (is_private_gpa(ve->gpa))
+ panic("Unexpected EPT-violation on private memory.");
+ return handle_mmio(regs, ve);
default:
pr_warn("Unexpected #VE: %lld\n", ve->exit_reason);
return -EIO;
--
2.45.2
Powered by blists - more mailing lists