From: Pu Wen <puwen@hygon.cn>
To: Sean Christopherson <seanjc@google.com>
Cc: <x86@kernel.org>, <joro@8bytes.org>, <thomas.lendacky@amd.com>,
<dave.hansen@linux.intel.com>, <peterz@infradead.org>,
<tglx@linutronix.de>, <mingo@redhat.com>, <bp@suse.de>,
<hpa@zytor.com>, <jroedel@suse.de>, <sashal@kernel.org>,
<gregkh@linuxfoundation.org>, <linux-kernel@vger.kernel.org>,
<kvm@vger.kernel.org>, <stable@vger.kernel.org>
Subject: Re: [PATCH] x86/sev: Check whether SEV or SME is supported first
Date: Thu, 27 May 2021 23:08:32 +0800 [thread overview]
Message-ID: <905ecd90-54d2-35f1-c8ab-c123d8a3d9a0@hygon.cn> (raw)
In-Reply-To: <YK6E5NnmRpYYDMTA@google.com>
On 2021/5/27 1:27, Sean Christopherson wrote:
> On Wed, May 26, 2021, Pu Wen wrote:
>> The first two bits of the CPUID leaf 0x8000001F EAX indicate whether
>> SEV or SME is supported respectively. It's better to check whether
>> SEV or SME is supported before checking the SEV MSR(0xc0010131) to
>> see whether SEV or SME is enabled.
>>
>> This also avoid the MSR reading failure on the first generation Hygon
>> Dhyana CPU which does not support SEV or SME.
>>
>> Fixes: eab696d8e8b9 ("x86/sev: Do not require Hypervisor CPUID bit for SEV guests")
>> Cc: <stable@vger.kernel.org> # v5.10+
>> Signed-off-by: Pu Wen <puwen@hygon.cn>
>> ---
>> arch/x86/mm/mem_encrypt_identity.c | 11 ++++++-----
>> 1 file changed, 6 insertions(+), 5 deletions(-)
>>
>> diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c
>> index a9639f663d25..470b20208430 100644
>> --- a/arch/x86/mm/mem_encrypt_identity.c
>> +++ b/arch/x86/mm/mem_encrypt_identity.c
>> @@ -504,10 +504,6 @@ void __init sme_enable(struct boot_params *bp)
>> #define AMD_SME_BIT BIT(0)
>> #define AMD_SEV_BIT BIT(1)
>>
>> - /* Check the SEV MSR whether SEV or SME is enabled */
>> - sev_status = __rdmsr(MSR_AMD64_SEV);
>> - feature_mask = (sev_status & MSR_AMD64_SEV_ENABLED) ? AMD_SEV_BIT : AMD_SME_BIT;
>> -
>> /*
>> * Check for the SME/SEV feature:
>> * CPUID Fn8000_001F[EAX]
>> @@ -519,11 +515,16 @@ void __init sme_enable(struct boot_params *bp)
>> eax = 0x8000001f;
>> ecx = 0;
>> native_cpuid(&eax, &ebx, &ecx, &edx);
>> - if (!(eax & feature_mask))
>> + /* Check whether SEV or SME is supported */
>> + if (!(eax & (AMD_SEV_BIT | AMD_SME_BIT)))
>
> Hmm, checking CPUID at all before MSR_AMD64_SEV is flawed for SEV, e.g. the VMM
> doesn't need to pass-through CPUID to attack the guest, it can lie directly.
>
> SEV-ES is protected by virtue of CPUID interception being reflected as #VC, which
> effectively tells the guest that it's (probably) an SEV-ES guest and also gives
> the guest the opportunity to sanity check the emulated CPUID values provided by
> the VMM.
>
> In other words, this patch is flawed, but commit eab696d8e8b9 was also flawed by
> conditioning the SEV path on CPUID.0x80000000.
Yes, so I think we'd better admit that the VMM is still trusted for SEV guests
as you mentioned below.
>
> Given that #VC can be handled cleanly, the kernel should be able to handle a #GP
> at this point. So I think the proper fix is to change __rdmsr() to
> native_read_msr_safe(), or an open coded variant if necessary, and drop the CPUID
Reading MSR_AMD64_SEV which is not implemented on Hygon Dhyana CPU will cause
the kernel reboot, and native_read_msr_safe() has no help.
> checks for SEV.
>
> The other alternative is to admit that the VMM is still trusted for SEV guests
Agree with that.
--
Regards,
Pu Wen
> and take this patch as is (with a reworded changelog). This probably has my
> vote, I don't see much value in pretending that the VMM can't exfiltrate data
> from an SEV guest. In fact, a malicious VMM is probably more likely to get
> access to interesting data by _not_ lying about SEV being enabled, because lying
> about SEV itself will hose the guest sooner than later.
>
>> return;
>>
>> me_mask = 1UL << (ebx & 0x3f);
>>
>> + /* Check the SEV MSR whether SEV or SME is enabled */
>> + sev_status = __rdmsr(MSR_AMD64_SEV);
>> + feature_mask = (sev_status & MSR_AMD64_SEV_ENABLED) ? AMD_SEV_BIT : AMD_SME_BIT;
>> +
>> /* Check if memory encryption is enabled */
>> if (feature_mask == AMD_SME_BIT) {
>> /*
>> --
>> 2.23.0
>>
next prev parent reply other threads:[~2021-05-27 15:12 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-26 7:24 [PATCH] x86/sev: Check whether SEV or SME is supported first Pu Wen
2021-05-26 17:27 ` Sean Christopherson
2021-05-27 15:08 ` Pu Wen [this message]
2021-05-31 9:37 ` Joerg Roedel
2021-05-31 14:56 ` Pu Wen
2021-06-01 14:39 ` Borislav Petkov
2021-06-01 16:14 ` Sean Christopherson
2021-06-01 16:36 ` Tom Lendacky
2021-06-01 16:59 ` Borislav Petkov
2021-06-01 17:16 ` Sean Christopherson
2021-06-01 17:48 ` Borislav Petkov
2021-06-01 18:08 ` Sean Christopherson
2021-06-01 18:24 ` Borislav Petkov
2021-06-01 17:09 ` Sean Christopherson
2021-06-01 18:30 ` Tom Lendacky
2021-06-02 6:55 ` Wen Pu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=905ecd90-54d2-35f1-c8ab-c123d8a3d9a0@hygon.cn \
--to=puwen@hygon.cn \
--cc=bp@suse.de \
--cc=dave.hansen@linux.intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=joro@8bytes.org \
--cc=jroedel@suse.de \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=sashal@kernel.org \
--cc=seanjc@google.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).