| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aYTFZv9Mf_FqWM_k@google.com>
Date: Thu, 5 Feb 2026 08:29:26 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Chao Gao <chao.gao@...el.com>
Cc: Dave Hansen <dave.hansen@...el.com>, linux-coco@...ts.linux.dev,
linux-kernel@...r.kernel.org, kvm@...r.kernel.org, x86@...nel.org,
reinette.chatre@...el.com, ira.weiny@...el.com, kai.huang@...el.com,
dan.j.williams@...el.com, yilun.xu@...ux.intel.com, sagis@...gle.com,
vannapurve@...gle.com, paulmck@...nel.org, nik.borisov@...e.com,
zhenzhong.duan@...el.com, rick.p.edgecombe@...el.com, kas@...nel.org,
dave.hansen@...ux.intel.com, vishal.l.verma@...el.com,
Farrah Chen <farrah.chen@...el.com>, Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, "H. Peter Anvin" <hpa@...or.com>
Subject: Re: [PATCH v3 07/26] x86/virt/seamldr: Introduce a wrapper for
P-SEAMLDR SEAMCALLs
On Wed, Feb 04, 2026, Chao Gao wrote:
> >On Fri, Jan 30, 2026 at 8:23 AM Dave Hansen <dave.hansen@...el.com> wrote:
> >> On 1/30/26 00:08, Chao Gao wrote:
> >> > AFAIK, this is a CPU implementation issue. The actual requirement is to
> >> > evict (flush and invalidate) all VMCSs __cached in SEAM mode__, but big
> >> > cores implement this by evicting the __entire__ VMCS cache. So, the
> >> > current VMCS is invalidated and cleared.
> >>
> >> But why is this a P-SEAMLDR thing and not a TDX module thing?
> >
> >My guess is that it's because the P-SEAMLDR code loads and prepares the new TDX-
> >Module by constructing the VMCS used for SEAMCALL using direct writes to memory
> >(unless that TDX behavior has changed in the last few years). And so it needs
> >to ensure that in-memory representation is synchronized with the VMCS cache.
> >
> >Hmm, but that doesn't make sense _if_ it really truly is SEAMRET that does the VMCS
> >cache invalidation, because flushing the VMCS cache would ovewrite the in-memory
> >state.
>
> My understanding is:
>
> 1. SEAMCALL/SEAMRET use VMCSs.
>
> 2. P-SEAMLDR is single-threaded (likely for simplicity). So, it uses a _single_
> global VMCS and only one CPU can call P-SEAMLDR calls at a time.
>
> 3. After SEAMRET from P-SEAMLDR, _if_ the global VMCS isn't flushed, other CPUs
> cannot enter P-SEAMLDR because the global VMCS would be corrupted. (note the
> global VMCS is cached by the original CPU).
>
> 4. To make P-SEAMLDR callable on all CPUs, SEAMRET instruction flush VMCSs.
> The flush cannot be performed by the host VMM since the global VMCS is not
> visible to it. P-SEAMLDR cannot do it either because SEAMRET is its final
> instruction and requires a valid VMCS.
No, this isn't the explanation. I found the explanation in the pseudocode for
SEAMRET. The "successful VM-Entry" path says this:
current-VMCS = current-VMCS.VMCS-link-pointer
IF inP_SEAMLDR == 1; THEN
If current-VMCS != FFFFFFFF_FFFFFFFFH; THEN
Ensure data for VMCS referenced by current-VMC is in memory
Initialize implementation-specific data in all VMCS referenced by current-VMCS
Set launch state of VMCS referenced by current-VMCS to “clear”
current-VMCS = FFFFFFFF_FFFFFFFFH
FI;
inP_SEAMLDR = 0
FI;
I.e. my guess about firmware (probably XuCode?) doing direct writes was correct,
I just guessed wrong on which VMCS. Or rather, I didn't guess "all".
> The TDX Module has per-CPU VMCSs, so it doesn't has this problem.
>
> I'll check if SEAM ISA architects can join to explain this in more detail.
Powered by blists - more mailing lists