All of
 help / color / mirror / Atom feed
From: Sean Christopherson <>
To: Tom Lendacky <>
Cc: Borislav Petkov <>, Pu Wen <>,
	Joerg Roedel <>,,,,,,,,,,,,
Subject: Re: [PATCH] x86/sev: Check whether SEV or SME is supported first
Date: Tue, 1 Jun 2021 17:09:04 +0000	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

On Tue, Jun 01, 2021, Tom Lendacky wrote:
> On 6/1/21 11:14 AM, Sean Christopherson wrote:
> > On Tue, Jun 01, 2021, Borislav Petkov wrote:
> >> On Mon, May 31, 2021 at 10:56:50PM +0800, Pu Wen wrote:
> >>> Thanks for your suggestion, I'll try to set up early #GP handler to fix
> >>> the problem.
> >>
> >> Why? AFAICT, you only need to return early in sme_enable() if CPUID is
> >> not "AuthenticAMD". Just do that please.
> > 
> > I don't think that would suffice, presumably MSR_AMD64_SEV doesn't exist on older
> > AMD CPUs either.  E.g. there's no mention of MSR 0xC001_0131 in the dev's guide
> > from 2015[*].
> That is the reason for checking the maximum supported leaf being at least
> 0x8000001f. If that leaf is supported, we expect the SEV status MSR to be
> valid. The problem is that the Hygon ucode does not support the MSR in
> question. I'm not sure what it would take for that to be added to their
> ucode and just always return 0.

Ah.  But it's also legal/possible for the max extended leaf to be greater than
0x8000001f, e.g. 0x80000020, without 0x8000001f itself being supported.  Even
if AMD can guarantee no such processor will exist, I don't think it would be
illegal for a hypervisor to emulate a feature (on an "AuthenticAMD" virtual CPU)
enumerated by a higher leaf on an older physical AMD CPU (or non-AMD CPU!) that
doesn't support MSR_AMD64_SEV.

> > I also don't see the point in checking the vendor string.  A malicious hypervisor
> > can lie about CPUID.0x0 just as easily as it can lie about CPUID.0x8000001f, so
> > for SEV the options are to either trust the hypervisor or eat #GPs on RDMSR for
> > non-SEV CPUs.  If we go with "trust the hypervisor", then the original patch of
> > hoisting the CPUID.0x8000001f check up is simpler than checking the vendor string.
> Because a hypervisor can put anything it wants in the CPUID 0x0 /
> 0x80000000 fields, I don't think we can just check for "AuthenticAMD".
> If we want the read of CPUID 0x8000001f done before reading the SEV status
> MSR, then the original patch is close, but slightly flawed, e.g. only SME
> can be indicated but then MSR_AMD64_SEV can say SEV active.

I didn't follow this.  Bare metal CPUs should never report only SME in CPUID and
then report SEV as being active in the MSR.

In the SEV case, relying on CPUID in any way, shape, or form requires trusting
the hypervisor.  The code could assert that CPUID and the MSR are consistent, but
I don't see any value in doing so as a much more effective attack would be to
report neither SME nor SEV as supported.

  parent reply	other threads:[~2021-06-01 17:09 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-26  7:24 [PATCH] x86/sev: Check whether SEV or SME is supported first Pu Wen
2021-05-26 17:27 ` Sean Christopherson
2021-05-27 15:08   ` Pu Wen
2021-05-31  9:37     ` Joerg Roedel
2021-05-31 14:56       ` Pu Wen
2021-06-01 14:39         ` Borislav Petkov
2021-06-01 16:14           ` Sean Christopherson
2021-06-01 16:36             ` Tom Lendacky
2021-06-01 16:59               ` Borislav Petkov
2021-06-01 17:16                 ` Sean Christopherson
2021-06-01 17:48                   ` Borislav Petkov
2021-06-01 18:08                     ` Sean Christopherson
2021-06-01 18:24                       ` Borislav Petkov
2021-06-01 17:09               ` Sean Christopherson [this message]
2021-06-01 18:30 ` Tom Lendacky
2021-06-02  6:55   ` Wen Pu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.