| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZtDAuDAyGevAhSj-@example.org> Date: Thu, 29 Aug 2024 20:40:56 +0200 From: Alexey Gladkov <legion@...nel.org> To: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com> Cc: Tom Lendacky <thomas.lendacky@....com>, linux-kernel@...r.kernel.org, linux-coco@...ts.linux.dev, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, "H. Peter Anvin" <hpa@...or.com>, Andrew Morton <akpm@...ux-foundation.org>, Yuan Yao <yuan.yao@...el.com>, Geert Uytterhoeven <geert@...ux-m68k.org>, Yuntao Wang <ytcoode@...il.com>, Kai Huang <kai.huang@...el.com>, Baoquan He <bhe@...hat.com>, Oleg Nesterov <oleg@...hat.com>, cho@...rosoft.com, decui@...rosoft.com, John.Starks@...rosoft.com Subject: Re: [PATCH v5 6/6] x86/tdx: Implement MOVS for MMIO On Thu, Aug 29, 2024 at 03:44:55PM +0300, Kirill A. Shutemov wrote: > On Wed, Aug 28, 2024 at 12:44:36PM +0200, Alexey Gladkov wrote: > > From: "Alexey Gladkov (Intel)" <legion@...nel.org> > > > > Add emulation of the MOVS instruction on MMIO regions. MOVS emulation > > consists of dividing it into a series of read and write operations, > > which in turn will be validated separately. > > > > This implementation is based on the same principle as in SEV. It splits > > MOVS into separate read and write operations, which in turn can cause > > nested #VEs depending on which of the arguments caused the first #VE. > > > > The difference with the SEV implementation is the execution context. SEV > > code is executed in atomic context. Exception handler in TDX is executed > > with interrupts enabled. That's why the approach to locking is > > different. In TDX, mmap_lock is taken to verify and emulate the > > instruction. > > > > Another difference is how the read and write instructions are executed > > for MOVS emulation. While in SEV each read/write operation returns to > > user space, in TDX these operations are performed from the kernel > > context. > > It looks like SEV only returns to userspace to retry the instruction after > stepping on failed __get_user()/__put_user(), unrolling back to > vc_raw_handle_exception() and handling page fault there. In vc_handle_mmio_movs() if regs->cx is not zero we return ES_RETRY. The vc_handle_mmio(), vc_handle_exitcode() return it as is. In vc_raw_handle_exception() if vc_handle_exitcode() returns ES_RETRY then we just return true. So, the ES_RETRY is not further visible. Or am I missing something? > > But I'm not sure what happens with #VC inside vc_read_mem() and > vc_write_mem(). Can the #VC exception be nested? Tom? > > -- > Kiryl Shutsemau / Kirill A. Shutemov > -- Rgrds, legion
Powered by blists - more mailing lists