Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp3358741pxu; Mon, 19 Oct 2020 10:04:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzRsVg1V1LBcCam4H2/86bdBtkHxZTHJCC4qOktZD2WncK1KAZMLp9XsnHijFs579xm5K+o X-Received: by 2002:a17:906:d8b6:: with SMTP id qc22mr900665ejb.196.1603127094391; Mon, 19 Oct 2020 10:04:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603127094; cv=none; d=google.com; s=arc-20160816; b=SVq8YVRPnou/OrmPeF19DLsTvWRWauKRbIb2TZbraj2VJ7TOXKiD9pmeS+IC/DYDTJ /mtXsuDo+VcJvzAm63Znnk9VwU4xkkLHg+rMzwvF8ywsIX/4HuqRU+Ue44QUwEl2kkx7 nU7w4X6iW42RSyb+DHPKsSdUAEV9txh3LsQw3FYbhNla9Izk+MIDmnV3NLR1ySpDVuNW 2xRnv0RURn5zFMcxJDreET2Cvzhk2+n2FFplWUEra/9tGD5CjXKkk7IvBzy35glsohDY OFpr1r6p3Bfhke7nExvqQ8LPNrrEnxqEd2WhATXwf5o3T//T0G2ohAXJw324unepROgZ IsDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:date:from:sender:dkim-signature; bh=6egaM982RqgjxcvTIgx5sfX9sE4hVawM2afWAGzirtk=; b=1HM52eGgj9JGJjFSMam464EktPvS6DjkGXu3xEANSZH09psRJn6/3vsfA5Vw8gQXjI cafLr+veh9oCwIPMPN/v4bb0GieO50aUguxWNOZVdYrlwv5mqIbQVrFSEOObKfUqd5+R LWCw1Pbhn0OI3Ljmh+zsSgPjbAZyNdV6WGl0eoN7KGWxHcpg4HOs7392sjsdlQB7qiQr N//64UyjCrp5GfdTLDim6g2yYLt6OgCcCa9XvVYLaGdTpWrlVIbrtMJPwbDBd/2RBJt+ xPNioSfewEINq4uKP31RKsdTpiuBulaEcyvfeSQ1f/ZCZ7YJxA3IQpFq2c0sZfPCiVub 7FdA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=MYi01MB8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m4si184105edv.101.2020.10.19.10.04.32; Mon, 19 Oct 2020 10:04:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=MYi01MB8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730620AbgJSRAP (ORCPT + 99 others); Mon, 19 Oct 2020 13:00:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37298 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730186AbgJSRAO (ORCPT ); Mon, 19 Oct 2020 13:00:14 -0400 Received: from mail-io1-xd41.google.com (mail-io1-xd41.google.com [IPv6:2607:f8b0:4864:20::d41]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 831CFC0613CE for ; Mon, 19 Oct 2020 10:00:13 -0700 (PDT) Received: by mail-io1-xd41.google.com with SMTP id k6so493915ior.2 for ; Mon, 19 Oct 2020 10:00:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:date:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=6egaM982RqgjxcvTIgx5sfX9sE4hVawM2afWAGzirtk=; b=MYi01MB8T13mPZwtbJHRnvdXtQxZWUylyMI3H1w9YAN621uOLZ3Y82rI17aKWMkBAE YiOsb4WJ5M5sPzfVkYcH1LLffGBobxN/97pG/X43pv0RtdNbNHos24NWUufvqtBYvtSp OvQxp23uOvj1ZGPyTQVb40QoqJxWHkPtnhHoM44D7wWaymFbUJAUDA31hpb69C+BmPQt t1Px6I7e6WHr+0OKyXNbCR1B1Qs6NMBwkfdlnmDIz6wnoHir2IK2ZI4jZIdgd3U3EorV TYW+bMakcszksHOZ8fmsHFa26jCGUO1JG2nQqB1VXTk49IFk9ZTP+xub59HI8zrvv68d 8MoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:date:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to; bh=6egaM982RqgjxcvTIgx5sfX9sE4hVawM2afWAGzirtk=; b=AHexjzmzWVZwur2zyLMAo6+4uZqXq1GUz9jT5GZJShBAIA19+cfacO4q5d7D58MK6N w/yLN7Xp1rgMzB51texZviZZlTVrpN2vRJIpXxq4qq0BWBSejI2PIvpC9JS6VhT6zGUy zjjVIWCuhiejXgICfpFkkDhjVEITzBAxZ4YgP4s94lyrSi1hJN4yEBpbojcTrd+411l7 BuCrLvgWrkyA/+tJh2K4T1hwJGmEVjg48zYAplRi4hTxBPXaICszXFcH/rN5j0pK2Nfr tbnPteqIk/ja744C+kwtMybtX4fTUrjYvN7Y1l5rUmj7DL3Gb1xJ3bWJJ6TzDD5oaHxG 4M6Q== X-Gm-Message-State: AOAM530bFnDe9xsEj3ZrJL0nIZxRrmUzr0EZxEF49ciplT4lOBx3fthQ lGlS1O5ScTKhUB9wFjlN0RlTwLxjcXRZng== X-Received: by 2002:a6b:b7c6:: with SMTP id h189mr297804iof.41.1603126812757; Mon, 19 Oct 2020 10:00:12 -0700 (PDT) Received: from rani.riverdale.lan ([2001:470:1f07:5f3::b55f]) by smtp.gmail.com with ESMTPSA id a11sm188381ilk.81.2020.10.19.10.00.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Oct 2020 10:00:11 -0700 (PDT) Sender: Arvind Sankar From: Arvind Sankar X-Google-Original-From: Arvind Sankar Date: Mon, 19 Oct 2020 13:00:08 -0400 To: Joerg Roedel Cc: x86@kernel.org, Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Dave Hansen , Andy Lutomirski , Peter Zijlstra , Kees Cook , Arvind Sankar , Martin Radev , Tom Lendacky , linux-kernel@vger.kernel.org Subject: Re: [PATCH 3/5] x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path Message-ID: <20201019170008.GA2701355@rani.riverdale.lan> References: <20201019151121.826-1-joro@8bytes.org> <20201019151121.826-4-joro@8bytes.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20201019151121.826-4-joro@8bytes.org> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 19, 2020 at 05:11:19PM +0200, Joerg Roedel wrote: > From: Joerg Roedel > > Check whether the hypervisor reported the correct C-bit when running as > an SEV guest. Using a wrong C-bit position could be used to leak > sensitive data from the guest to the hypervisor. > > The check function is in arch/x86/kernel/sev_verify_cbit.S so that it > can be re-used in the running kernel image. > > Signed-off-by: Joerg Roedel > --- > + > + /* Store value to memory and keep it in %r10 */ > + movq %r10, sev_check_data(%rip) > + Does there need to be a cache flush/invalidation between this and the read below to avoid just reading back from cache, or will the hardware take care of that? > + /* Backup current %cr3 value to restore it later */ > + movq %cr3, %r11 > + > + /* Switch to new %cr3 - This might unmap the stack */ > + movq %rdi, %cr3 Does there need to be a TLB flush after this? When executed from the main kernel's head code, CR4.PGE is enabled, and if the original page mapping had the global bit set (the decompressor stub sets that in the identity mapping), won't the read below still use the original encrypted mapping if we don't explicitly flush it? > + > + /* > + * Compare value in %r10 with memory location - If C-Bit is incorrect > + * this would read the encrypted data and make the check fail. > + */ > + cmpq %r10, sev_check_data(%rip) > + > + /* Restore old %cr3 */ > + movq %r11, %cr3 > + > + /* Check CMPQ result */ > + je 3f > + > + /* > + * The check failed - Prevent any forward progress to prevent ROP > + * attacks, invalidate the stack and go into a hlt loop. > + */ > + xorq %rsp, %rsp > + subq $0x1000, %rsp > +2: hlt > + jmp 2b > +3: > +#endif > + ret > +SYM_FUNC_END(sev_verify_cbit) > + > -- > 2.28.0 >