| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0042e7cf-764b-4ab9-9c66-0d020fe173e2@amd.com>
Date: Mon, 25 Nov 2024 12:51:36 +0530
From: Neeraj Upadhyay <Neeraj.Upadhyay@....com>
To: Borislav Petkov <bp@...en8.de>
Cc: "Melody (Huibo) Wang" <huibo.wang@....com>, linux-kernel@...r.kernel.org,
tglx@...utronix.de, mingo@...hat.com, dave.hansen@...ux.intel.com,
Thomas.Lendacky@....com, nikunj@....com, Santosh.Shukla@....com,
Vasant.Hegde@....com, Suravee.Suthikulpanit@....com, David.Kaplan@....com,
x86@...nel.org, hpa@...or.com, peterz@...radead.org, seanjc@...gle.com,
pbonzini@...hat.com, kvm@...r.kernel.org
Subject: Re: [RFC 01/14] x86/apic: Add new driver for Secure AVIC
On 11/21/2024 4:23 PM, Borislav Petkov wrote:
> On Thu, Nov 21, 2024 at 01:33:29PM +0530, Neeraj Upadhyay wrote:
>> As SAVIC's guest APIC register accesses match x2avic (which uses x2APIC MSR
>> interface in guest), the x2apic common flow need to be executed in the
>> guest.
>
> How much of that "common flow" is actually needed by SAVIC?
>
I see most of that flow required. By removing dependency on CONFIG_X86_X2APIC
and enabling SAVIC, I see below boot issues:
- Crash in register_lapic_address() in below path:
register_lapic_address+0x82/0xe0
early_acpi_boot_init+0xc7/0x160
setup_arch+0x9b2/0xec0
The issue happens as register_lapic_address() tries to setup APIC MMIO,
which applies to XAPIC and not to X2APIC. As SAVIC only supports X2APIC
msr interface, APIC MMIO setup fails.
void __init register_lapic_address(unsigned long address)
{
/* This should only happen once */
WARN_ON_ONCE(mp_lapic_addr);
mp_lapic_addr = address;
if (!x2apic_mode)
apic_set_fixmap(true);
}
- x2apic_enable() (which enables X2APIC in APIC base reg) not being called causes
read_msr_from_hv() to return below error:
Secure AVIC msr (0x803) read returned error (4)
KVM: unknown exit reason 24
- x2apic_set_max_apicid() not being called causes below BUG_ON to happen:
kernel BUG at arch/x86/kernel/apic/io_apic.c:2292!
void __init setup_IO_APIC(void)
{
...
for_each_ioapic(ioapic)
BUG_ON(mp_irqdomain_create(ioapic));
...
}
- Neeraj
Powered by blists - more mailing lists