| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <173641582594.399.4506250825502984197.tip-bot2@tip-bot2> Date: Thu, 09 Jan 2025 09:43:45 -0000 From: "tip-bot2 for Nikunj A Dadhania" <tip-bot2@...utronix.de> To: linux-tip-commits@...r.kernel.org Cc: Nikunj A Dadhania <nikunj@....com>, "Borislav Petkov (AMD)" <bp@...en8.de>, Tom Lendacky <thomas.lendacky@....com>, Peter Gonda <pgonda@...gle.com>, x86@...nel.org, linux-kernel@...r.kernel.org Subject: [tip: x86/sev] x86/sev: Prevent RDTSC/RDTSCP interception for Secure TSC enabled guests The following commit has been merged into the x86/sev branch of tip: Commit-ID: eef679a4b52e35be3b4a982a7f42bcc16054ec62 Gitweb: https://git.kernel.org/tip/eef679a4b52e35be3b4a982a7f42bcc16054ec62 Author: Nikunj A Dadhania <nikunj@....com> AuthorDate: Mon, 06 Jan 2025 18:16:28 +05:30 Committer: Borislav Petkov (AMD) <bp@...en8.de> CommitterDate: Tue, 07 Jan 2025 21:26:20 +01:00 x86/sev: Prevent RDTSC/RDTSCP interception for Secure TSC enabled guests The hypervisor should not be intercepting RDTSC/RDTSCP when Secure TSC is enabled. A #VC exception will be generated if the RDTSC/RDTSCP instructions are being intercepted. If this should occur and Secure TSC is enabled, guest execution should be terminated as the guest cannot rely on the TSC value provided by the hypervisor. Signed-off-by: Nikunj A Dadhania <nikunj@....com> Signed-off-by: Borislav Petkov (AMD) <bp@...en8.de> Reviewed-by: Tom Lendacky <thomas.lendacky@....com> Tested-by: Peter Gonda <pgonda@...gle.com> Link: https://lore.kernel.org/r/20250106124633.1418972-9-nikunj@amd.com --- arch/x86/coco/sev/shared.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/arch/x86/coco/sev/shared.c b/arch/x86/coco/sev/shared.c index 71de531..4386f37 100644 --- a/arch/x86/coco/sev/shared.c +++ b/arch/x86/coco/sev/shared.c @@ -1140,6 +1140,16 @@ static enum es_result vc_handle_rdtsc(struct ghcb *ghcb, bool rdtscp = (exit_code == SVM_EXIT_RDTSCP); enum es_result ret; + /* + * The hypervisor should not be intercepting RDTSC/RDTSCP when Secure + * TSC is enabled. A #VC exception will be generated if the RDTSC/RDTSCP + * instructions are being intercepted. If this should occur and Secure + * TSC is enabled, guest execution should be terminated as the guest + * cannot rely on the TSC value provided by the hypervisor. + */ + if (sev_status & MSR_AMD64_SNP_SECURE_TSC) + return ES_VMM_ERROR; + ret = sev_es_ghcb_hv_call(ghcb, ctxt, exit_code, 0, 0); if (ret != ES_OK) return ret;
Powered by blists - more mailing lists