| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250610021422.1214715-5-binbin.wu@linux.intel.com>
Date: Tue, 10 Jun 2025 10:14:22 +0800
From: Binbin Wu <binbin.wu@...ux.intel.com>
To: pbonzini@...hat.com,
seanjc@...gle.com,
kvm@...r.kernel.org
Cc: rick.p.edgecombe@...el.com,
kai.huang@...el.com,
adrian.hunter@...el.com,
reinette.chatre@...el.com,
xiaoyao.li@...el.com,
tony.lindgren@...el.com,
isaku.yamahata@...el.com,
yan.y.zhao@...el.com,
mikko.ylinen@...ux.intel.com,
linux-kernel@...r.kernel.org,
kirill.shutemov@...el.com,
jiewen.yao@...el.com,
binbin.wu@...ux.intel.com
Subject: [RFC PATCH 4/4] KVM: TDX: Check KVM exit on KVM_HC_MAP_GPA_RANGE when TD finalize
Check userspace has enabled KVM exit on KVM_HC_MAP_GPA_RANGE during
KVM_TDX_FINALIZE_VM.
TDVMCALL_MAP_GPA is one of the GHCI base TDVMCALLs, so it must be
implemented by VMM to support TDX guests. KVM converts TDVMCALL_MAP_GPA
to KVM_HC_MAP_GPA_RANGE, which requires userspace to enable
KVM_CAP_EXIT_HYPERCALL with KVM_HC_MAP_GPA_RANGE bit set. Check it when
userspace requests KVM_TDX_FINALIZE_VM, so that there is no need to check
it during TDX guests running.
Signed-off-by: Binbin Wu <binbin.wu@...ux.intel.com>
---
Documentation/virt/kvm/x86/intel-tdx.rst | 3 +++
arch/x86/kvm/vmx/tdx.c | 20 +++++++++-----------
2 files changed, 12 insertions(+), 11 deletions(-)
diff --git a/Documentation/virt/kvm/x86/intel-tdx.rst b/Documentation/virt/kvm/x86/intel-tdx.rst
index 69c64453e9ca..41e38c38b034 100644
--- a/Documentation/virt/kvm/x86/intel-tdx.rst
+++ b/Documentation/virt/kvm/x86/intel-tdx.rst
@@ -246,6 +246,9 @@ control flow is as follows:
* Prepare content of initial guest memory.
* KVM_TDX_INIT_MEM_REGION: Add initial guest memory.
* KVM_TDX_FINALIZE_VM: Finalize the measurement of the TDX guest.
+ Note: To support TDVMCALL_MAP_GPA, userspace must opt-in
+ KVM_CAP_EXIT_HYPERCALL with KVM_HC_MAP_GPA_RANGE before calling
+ KVM_TDX_FINALIZE_VM.
#. Run VCPU
diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
index a3cd68f44a9c..7fc6e6b9c131 100644
--- a/arch/x86/kvm/vmx/tdx.c
+++ b/arch/x86/kvm/vmx/tdx.c
@@ -1209,17 +1209,6 @@ static int tdx_map_gpa(struct kvm_vcpu *vcpu)
u64 size = tdx->vp_enter_args.r13;
u64 ret;
- /*
- * Converting TDVMCALL_MAP_GPA to KVM_HC_MAP_GPA_RANGE requires
- * userspace to enable KVM_CAP_EXIT_HYPERCALL with KVM_HC_MAP_GPA_RANGE
- * bit set. If not, the error code is not defined in GHCI for TDX, use
- * TDVMCALL_STATUS_INVALID_OPERAND for this case.
- */
- if (!user_exit_on_hypercall(vcpu->kvm, KVM_HC_MAP_GPA_RANGE)) {
- ret = TDVMCALL_STATUS_INVALID_OPERAND;
- goto error;
- }
-
if (gpa + size <= gpa || !kvm_vcpu_is_legal_gpa(vcpu, gpa) ||
!kvm_vcpu_is_legal_gpa(vcpu, gpa + size - 1) ||
(vt_is_tdx_private_gpa(vcpu->kvm, gpa) !=
@@ -2821,6 +2810,15 @@ static int tdx_td_finalize(struct kvm *kvm, struct kvm_tdx_cmd *cmd)
{
struct kvm_tdx *kvm_tdx = to_kvm_tdx(kvm);
+ /*
+ * TDVMCALL_MAP_GPA is one of the GHCI base TDVMCALLs, so it must be
+ * implemented by VMM to support TDX guests. KVM converts
+ * TDVMCALL_MAP_GPA to KVM_HC_MAP_GPA_RANGE, which requires userspace to
+ * enable KVM_CAP_EXIT_HYPERCALL with KVM_HC_MAP_GPA_RANGE bit set.
+ */
+ if (!user_exit_on_hypercall(kvm, KVM_HC_MAP_GPA_RANGE))
+ return -EINVAL;
+
guard(mutex)(&kvm->slots_lock);
if (!is_hkid_assigned(kvm_tdx) || kvm_tdx->state == TD_STATE_RUNNABLE)
--
2.46.0
Powered by blists - more mailing lists