| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f8831fdeb4664b6cfb7ca83760207a22f49f70c1.1731498635.git.kai.huang@intel.com>
Date: Thu, 14 Nov 2024 00:57:12 +1300
From: Kai Huang <kai.huang@...el.com>
To: dave.hansen@...el.com,
kirill.shutemov@...ux.intel.com,
tglx@...utronix.de,
bp@...en8.de,
peterz@...radead.org,
mingo@...hat.com,
hpa@...or.com,
dan.j.williams@...el.com,
seanjc@...gle.com,
pbonzini@...hat.com
Cc: x86@...nel.org,
linux-kernel@...r.kernel.org,
rick.p.edgecombe@...el.com,
isaku.yamahata@...el.com,
adrian.hunter@...el.com,
nik.borisov@...e.com,
kai.huang@...el.com
Subject: [PATCH v8 7/9] x86/virt/tdx: Trim away tail null CMRs
TDX architecturally supports up to 32 CMRs. The global metadata field
"NUM_CMRS" reports the number of CMR entries that can be read by the
kernel. However, that field may just report the maximum number of CMRs
albeit the actual number of CMRs is smaller, in which case there are
tail null CMRs (size is 0).
A future fix to a module initialization failure issue will need to loop
over all CMRs. Trim away those null CMRs once for all here so that the
kernel doesn't need to explicitly skip them each time when it uses CMRs
at later times.
More information about CMR can be found at "Intel TDX ISA Background:
Convertible Memory Ranges (CMRs)" in TDX 1.5 base spec [1], and
"CMR_INFO" in TDX 1.5 ABI spec [2].
Now get_tdx_sys_info() just reads kernel-needed global metadata to
kernel structure, and it is auto-generated. Add a wrapper function
init_tdx_sys_info() to invoke get_tdx_sys_info() and provide room to do
additional things like dealing with CMRs.
Link: https://cdrdv2.intel.com/v1/dl/getContent/733575 [1]
Link: https://cdrdv2.intel.com/v1/dl/getContent/733579 [2]
Signed-off-by: Kai Huang <kai.huang@...el.com>
Reviewed-by: Dan Williams <dan.j.williams@...el.com>
Reviewed-by: Nikolay Borisov <nik.borisov@...e.com>
---
arch/x86/virt/vmx/tdx/tdx.c | 42 ++++++++++++++++++++++++++++++++++++-
1 file changed, 41 insertions(+), 1 deletion(-)
diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
index 43ec56db5084..5e6d8021681d 100644
--- a/arch/x86/virt/vmx/tdx/tdx.c
+++ b/arch/x86/virt/vmx/tdx/tdx.c
@@ -272,6 +272,46 @@ static int read_sys_metadata_field(u64 field_id, u64 *data)
#include "tdx_global_metadata.c"
+/* Update the @sysinfo_cmr->num_cmrs to trim tail null CMRs */
+static void trim_null_tail_cmrs(struct tdx_sys_info_cmr *sysinfo_cmr)
+{
+ int i;
+
+ /*
+ * The TDX module may report the maximum number of CMRs that
+ * TDX architecturally supports as the actual number of CMRs,
+ * despite the latter is smaller. In this case some tail
+ * CMR(s) will be null (size is 0). Trim them away.
+ *
+ * Note the CMRs are generated by the BIOS, but the MCHECK
+ * verifies CMRs before enabling TDX on hardware. Skip other
+ * sanity checks (e.g., verify CMR is 4KB aligned) but trust
+ * MCHECK to work properly.
+ *
+ * The spec doesn't say whether it's legal to have null CMRs
+ * in the middle of valid CMRs. For now assume no sane BIOS
+ * would do that (even MCHECK allows).
+ */
+ for (i = 0; i < sysinfo_cmr->num_cmrs; i++)
+ if (!sysinfo_cmr->cmr_size[i])
+ break;
+
+ sysinfo_cmr->num_cmrs = i;
+}
+
+static int init_tdx_sys_info(struct tdx_sys_info *sysinfo)
+{
+ int ret;
+
+ ret = get_tdx_sys_info(sysinfo);
+ if (ret)
+ return ret;
+
+ trim_null_tail_cmrs(&sysinfo->cmr);
+
+ return 0;
+}
+
/* Calculate the actual TDMR size */
static int tdmr_size_single(u16 max_reserved_per_tdmr)
{
@@ -1051,7 +1091,7 @@ static int init_tdx_module(void)
struct tdx_sys_info sysinfo;
int ret;
- ret = get_tdx_sys_info(&sysinfo);
+ ret = init_tdx_sys_info(&sysinfo);
if (ret)
return ret;
--
2.46.2
Powered by blists - more mailing lists