| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZrDK4bP3LUm17ubK@example.org>
Date: Mon, 5 Aug 2024 14:51:45 +0200
From: Alexey Gladkov <legion@...nel.org>
To: Thomas Gleixner <tglx@...utronix.de>
Cc: linux-kernel@...r.kernel.org, linux-coco@...ts.linux.dev,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"H. Peter Anvin" <hpa@...or.com>,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Yuan Yao <yuan.yao@...el.com>,
Geert Uytterhoeven <geert@...ux-m68k.org>,
Yuntao Wang <ytcoode@...il.com>, Kai Huang <kai.huang@...el.com>,
Baoquan He <bhe@...hat.com>, Oleg Nesterov <oleg@...hat.com>,
Joerg Roedel <jroedel@...e.de>,
Tom Lendacky <thomas.lendacky@....com>, cho@...rosoft.com,
decui@...rosoft.com, John.Starks@...rosoft.com
Subject: Re: [PATCH v1 4/4] x86/tdx: Implement movs for MMIO
On Tue, Jul 30, 2024 at 08:41:00PM +0200, Thomas Gleixner wrote:
> On Tue, Jul 30 2024 at 19:35, Alexey Gladkov wrote:
> > Adapt AMD's implementation of the MOVS instruction. Since the
> > implementations are similar, it is possible to reuse the code.
> >
> > MOVS emulation consists of dividing it into a series of read and write
> > operations, which in turn will be validated separately.
>
> Please split this into two patches:
>
> 1) Splitting out the AMD code
> 2) Adding it for Intel
Ok. Make sense.
> > @@ -369,72 +369,17 @@ static enum es_result vc_decode_insn(struct es_em_ctxt *ctxt)
> > static enum es_result vc_write_mem(struct es_em_ctxt *ctxt,
> > char *dst, char *buf, size_t size)
> > {
> > - unsigned long error_code = X86_PF_PROT | X86_PF_WRITE;
> > + unsigned long error_code;
> > + int ret = __put_iomem(dst, buf, size);
>
> Variable ordering....
>
> > +static int handle_mmio_movs(struct insn *insn, struct pt_regs *regs, int size, struct ve_info *ve)
> > +{
> > + unsigned long ds_base, es_base;
> > + unsigned char *src, *dst;
> > + unsigned char buffer[8];
> > + int off, ret;
> > + bool rep;
> > +
> > + /*
> > + * The in-kernel code must use a special API that does not use MOVS.
> > + * If the MOVS instruction is received from in-kernel, then something
> > + * is broken.
> > + */
> > + WARN_ON_ONCE(!user_mode(regs));
>
> Then it should return here and not try to continue, no?
Oops. I miss it. Thanks!
> > +int __get_iomem(char *src, char *buf, size_t size)
> > +{
> > + /*
> > + * This function uses __get_user() independent of whether kernel or user
> > + * memory is accessed. This works fine because __get_user() does no
> > + * sanity checks of the pointer being accessed. All that it does is
> > + * to report when the access failed.
> > + *
> > + * Also, this function runs in atomic context, so __get_user() is not
> > + * allowed to sleep. The page-fault handler detects that it is running
> > + * in atomic context and will not try to take mmap_sem and handle the
> > + * fault, so additional pagefault_enable()/disable() calls are not
> > + * needed.
> > + *
> > + * The access can't be done via copy_from_user() here because
> > + * mmio_read_mem() must not use string instructions to access unsafe
> > + * memory. The reason is that MOVS is emulated by the #VC handler by
> > + * splitting the move up into a read and a write and taking a nested #VC
> > + * exception on whatever of them is the MMIO access. Using string
> > + * instructions here would cause infinite nesting.
> > + */
> > + switch (size) {
> > + case 1: {
> > + u8 d1;
> > + u8 __user *s = (u8 __user *)src;
>
> One line for the variables is enough
>
> u8 d1, __user *s = (u8 __user *)src;
>
> No?
Yes.
> > + case 8: {
> > + u64 d8;
> > + u64 __user *s = (u64 __user *)src;
> > + if (__get_user(d8, s))
>
> Lacks newline between variable declaration and code.
>
> Thanks,
>
> tglx
>
--
Rgrds, legion
Powered by blists - more mailing lists