| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250610021422.1214715-2-binbin.wu@linux.intel.com> Date: Tue, 10 Jun 2025 10:14:19 +0800 From: Binbin Wu <binbin.wu@...ux.intel.com> To: pbonzini@...hat.com, seanjc@...gle.com, kvm@...r.kernel.org Cc: rick.p.edgecombe@...el.com, kai.huang@...el.com, adrian.hunter@...el.com, reinette.chatre@...el.com, xiaoyao.li@...el.com, tony.lindgren@...el.com, isaku.yamahata@...el.com, yan.y.zhao@...el.com, mikko.ylinen@...ux.intel.com, linux-kernel@...r.kernel.org, kirill.shutemov@...el.com, jiewen.yao@...el.com, binbin.wu@...ux.intel.com Subject: [RFC PATCH 1/4] KVM: TDX: Add new TDVMCALL status code for unsupported subfuncs Add the new TDVMCALL status code TDVMCALL_STATUS_SUBFUNC_UNSUPPORTED and return it for unimplemented TDVMCALL subfunctions. Returning TDVMCALL_STATUS_INVALID_OPERAND when a subfunction is not implemented is vague because TDX guests can't tell the error is due to the subfunction is not supported or an invalid input of the subfunction. New GHCI spec adds TDVMCALL_STATUS_SUBFUNC_UNSUPPORTED to avoid the ambiguity. Use it instead of TDVMCALL_STATUS_INVALID_OPERAND. Before the change, for common guest implementations, when a TDX guest receives TDVMCALL_STATUS_INVALID_OPERAND, it has two cases: 1. Some operand is invalid. It could change the operand to another value retry. 2. The subfunction is not supported. For case 1, an invalid operand usually means the guest implementation bug. Since the TDX guest can't tell which case is, the best practice for handling TDVMCALL_STATUS_INVALID_OPERAND is stopping calling such leaf. Treat it as fatal if the TDVMCALL is essential or ignore it if the TDVMCALL is optional. After the change, TDVMCALL_STATUS_SUBFUNC_UNSUPPORTED is unknown to the old TDX guest, the guest will make the same action as TDVMCALL_STATUS_INVALID_OPERAND, unless the guest check the TDVMCALL_STATUS_INVALID_OPERAND specifically. Currently, no known TDX guests do it, e.g., Linux TDX guests just check for success. Signed-off-by: Binbin Wu <binbin.wu@...ux.intel.com> --- arch/x86/include/asm/shared/tdx.h | 1 + arch/x86/kvm/vmx/tdx.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/shared/tdx.h b/arch/x86/include/asm/shared/tdx.h index fd9209e996e7..b109b947fadf 100644 --- a/arch/x86/include/asm/shared/tdx.h +++ b/arch/x86/include/asm/shared/tdx.h @@ -79,6 +79,7 @@ #define TDVMCALL_STATUS_RETRY 0x0000000000000001ULL #define TDVMCALL_STATUS_INVALID_OPERAND 0x8000000000000000ULL #define TDVMCALL_STATUS_ALIGN_ERROR 0x8000000000000002ULL +#define TDVMCALL_STATUS_SUBFUNC_UNSUPPORTED 0x8000000000000003ULL /* * Bitmasks of exposed registers (with VMM). diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index b952bc673271..8134d5805b03 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -1476,7 +1476,7 @@ static int handle_tdvmcall(struct kvm_vcpu *vcpu) break; } - tdvmcall_set_return_code(vcpu, TDVMCALL_STATUS_INVALID_OPERAND); + tdvmcall_set_return_code(vcpu, TDVMCALL_STATUS_SUBFUNC_UNSUPPORTED); return 1; } -- 2.46.0
Powered by blists - more mailing lists