lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a25377ad-27ea-3a45-2a42-4bd41bde783a@amd.com>
Date: Mon, 21 Oct 2024 09:08:50 -0500
From: Tom Lendacky <thomas.lendacky@....com>
To: Nikunj A Dadhania <nikunj@....com>, linux-kernel@...r.kernel.org,
 bp@...en8.de, x86@...nel.org, kvm@...r.kernel.org
Cc: mingo@...hat.com, tglx@...utronix.de, dave.hansen@...ux.intel.com,
 pgonda@...gle.com, seanjc@...gle.com, pbonzini@...hat.com
Subject: Re: [PATCH v13 06/13] x86/sev: Prevent GUEST_TSC_FREQ MSR
 interception for Secure TSC enabled guests

On 10/21/24 00:51, Nikunj A Dadhania wrote:
> The hypervisor should not be intercepting GUEST_TSC_FREQ MSR(0xcOO10134)
> when Secure TSC is enabled. A #VC exception will be generated if the
> GUEST_TSC_FREQ MSR is being intercepted. If this should occur and SecureTSC
> is enabled, terminate guest execution.
> 
> Signed-off-by: Nikunj A Dadhania <nikunj@....com>

Reviewed-by: Tom Lendacky <thomas.lendacky@....com>

Just a minor comment/question below.

> ---
>  arch/x86/include/asm/msr-index.h | 1 +
>  arch/x86/coco/sev/core.c         | 8 ++++++++
>  2 files changed, 9 insertions(+)
> 
> diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
> index 3ae84c3b8e6d..233be13cc21f 100644
> --- a/arch/x86/include/asm/msr-index.h
> +++ b/arch/x86/include/asm/msr-index.h
> @@ -608,6 +608,7 @@
>  #define MSR_AMD_PERF_CTL		0xc0010062
>  #define MSR_AMD_PERF_STATUS		0xc0010063
>  #define MSR_AMD_PSTATE_DEF_BASE		0xc0010064
> +#define MSR_AMD64_GUEST_TSC_FREQ	0xc0010134
>  #define MSR_AMD64_OSVW_ID_LENGTH	0xc0010140
>  #define MSR_AMD64_OSVW_STATUS		0xc0010141
>  #define MSR_AMD_PPIN_CTL		0xc00102f0
> diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
> index 2ad7773458c0..4e9b1cc1f26b 100644
> --- a/arch/x86/coco/sev/core.c
> +++ b/arch/x86/coco/sev/core.c
> @@ -1332,6 +1332,14 @@ static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt)
>  		return ES_OK;
>  	}
>  
> +	/*
> +	 * GUEST_TSC_FREQ should not be intercepted when Secure TSC is
> +	 * enabled. Terminate the SNP guest when the interception is enabled.
> +	 */
> +	if (regs->cx == MSR_AMD64_GUEST_TSC_FREQ && cc_platform_has(CC_ATTR_GUEST_SNP_SECURE_TSC))

Should the cc_platform_has() check be changed into a check against
sev_status directly (similar to the DEBUG_SWAP support)? Just in case
this handler ends up getting used in early code where cc_platform_has()
can't be used.

Thanks,
Tom

> +		return ES_VMM_ERROR;
> +
> +
>  	ghcb_set_rcx(ghcb, regs->cx);
>  	if (exit_info_1) {
>  		ghcb_set_rax(ghcb, regs->ax);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ