Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp830074pxb; Thu, 21 Oct 2021 10:15:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwAWvu1gzbcCfgCmDoTujGzOyJJpWdty2XvFbIx+ON2LitH6065YdLYfjQwK0vA9TRm/5m2 X-Received: by 2002:a17:906:f184:: with SMTP id gs4mr8947777ejb.116.1634836544124; Thu, 21 Oct 2021 10:15:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634836544; cv=none; d=google.com; s=arc-20160816; b=AY4YJbcmdGkYM+BBk48mavnMctstfvIC4Kks4h/1XtCKEIlQjjl1YpZ3zuQByg/VtO IaJoDJbbQUtBJkJecf4lLvxgU/Aw4x7FGQ3/crAAQqWkg7djVQvFwRh1MjP5XZBBxy9F c7XAK7hbt3zEGVcpvd9WoxnsPKhhgCH+7qPWJpVF8gdzxRvSZ4Y02SZkzhSz7noUO6Tz q4O+zW6lPt2QsoZxwLUzoB3O84bY2a1f2QTUoBAhq64dsMtL4BzgP87QGAyFhL+eGAP4 fn3ZVXRm+foq9/ZQ3Nw1FgsBnkVni8pcYRWfktn7cgyzQu08tUqSXDWJdy8T+6iL41KO 2+pQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=XK8lsFGIy7ux6qnbNN7kYySECN4eAp1hXXWqZfwXvfI=; b=B0nfVFYDQG8gB5OncAbGhdeOS6A79IY4nJwXr7Km7vuh67pMkjUJuQkdh/VvuzK89c wi/AdFLeyREeP9BvbEsKstSaVeLdcxC4VZLsVKP6P5BDx0pttNwBeOdq5Tk43JYGxDel IjY5Q+ymKwnHcBfyfMtuMUkWEIQWQxvEq0V2p+LQaemCPxnp9wUc7IVVXVJ3J/MXN3bV h2t3dEjlFqg6DSjEDWZjSr8pxlbpNy2ETspkD3qjlMiATSF/8cBMaP6L3IyiiR1pR+/U yb6rn82Yk8AikDiGvUhaapuzfV0a9iIW5revnV3zqPDoER9b8aoNrMr1HjBaeY62f/cM awVw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=XOZwm+cA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h5si7154583eds.552.2021.10.21.10.15.16; Thu, 21 Oct 2021 10:15:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=XOZwm+cA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231220AbhJURPR (ORCPT + 99 others); Thu, 21 Oct 2021 13:15:17 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:40829 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229567AbhJURPQ (ORCPT ); Thu, 21 Oct 2021 13:15:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1634836379; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=XK8lsFGIy7ux6qnbNN7kYySECN4eAp1hXXWqZfwXvfI=; b=XOZwm+cAhEm6MExP9mohWBEYmnN/6OBUcEo2xe3y3AQiHma8gxnw0taNxDZZAyI/aw61/A VXaM61iTm4IuIBemzd0CxeC4KSzXmERfkbpft5dsfpewapJQP44vywuUax6BPtJn9pw6B1 2ud0MmiPfBS5bYfsej5n8sRJklAxJts= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-497-Bm41XgNVOVGh_tWEUU08mA-1; Thu, 21 Oct 2021 13:12:58 -0400 X-MC-Unique: Bm41XgNVOVGh_tWEUU08mA-1 Received: by mail-wr1-f72.google.com with SMTP id d13-20020adfa34d000000b00160aa1cc5f1so114330wrb.14 for ; Thu, 21 Oct 2021 10:12:58 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=XK8lsFGIy7ux6qnbNN7kYySECN4eAp1hXXWqZfwXvfI=; b=uwjIPiHSxz7SHBNPcYuMq37aU2tc1DyeGTiViTlPC1TGji3J1yHvyMPl/Wdawt/NuG MfMlEccHYwUVEcy+EL+8NfpjKUD3TAtJYJuT3zmLEMtDUo28jKwG2FH40VsLj8wfhns1 XZPWECpnhLV7XGCAwPjA4OaNOHhvyPQOvB1oNJcEzwLUgs6WuVOCRGF1AQqbX/YtTcCN eeH7dHImu2aW7uDiR4c38L4JWyWdb+oz11r8QnlsZhsQVxSWmntn63J5/6FbOlldPN/R pc8jXK3HU0EVe/yMaRy+Uyo8uyLUUewF15MmX14vB+SkIAQsqX3jlCoFuXJagYHBOmUY u4kQ== X-Gm-Message-State: AOAM530Dc9RqAhdL2my19zQKPQ+PqhLAuAtxCeeytQ3C2R+q0e+qhQ7i APv9CZ1EmAdicJS8AaZaTPHbHT80LZcU+p+E2KWnbbEgggtD2cFPI+y/WlrbfvnaKmInsSbdtao J29D7FfKAKpocp5m4ZI4NJThg X-Received: by 2002:adf:d84d:: with SMTP id k13mr9086391wrl.276.1634836377358; Thu, 21 Oct 2021 10:12:57 -0700 (PDT) X-Received: by 2002:adf:d84d:: with SMTP id k13mr9086349wrl.276.1634836377142; Thu, 21 Oct 2021 10:12:57 -0700 (PDT) Received: from work-vm (cpc109025-salf6-2-0-cust480.10-2.cable.virginm.net. [82.30.61.225]) by smtp.gmail.com with ESMTPSA id d1sm5657617wrr.72.2021.10.21.10.12.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Oct 2021 10:12:56 -0700 (PDT) Date: Thu, 21 Oct 2021 18:12:53 +0100 From: "Dr. David Alan Gilbert" To: Borislav Petkov Cc: Michael Roth , Brijesh Singh , x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com Subject: Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler Message-ID: References: <20211008180453.462291-1-brijesh.singh@amd.com> <20211008180453.462291-9-brijesh.singh@amd.com> <20211018184003.3ob2uxcpd2rpee3s@amd.com> <20211020161023.hzbj53ehmzjrt4xd@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/2.0.7 (2021-05-04) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org * Borislav Petkov (bp@alien8.de) wrote: > On Thu, Oct 21, 2021 at 04:56:09PM +0100, Dr. David Alan Gilbert wrote: > > I can imagine a malicious hypervisor trying to return different cpuid > > answers to different threads or even the same thread at different times. > > Haha, I guess that will fail not because of SEV* but because of the > kernel not really being able to handle heterogeneous CPUIDs. My worry is if it fails cleanly or fails in a way an evil hypervisor can exploit. > > Well, the spec (AMD 56860 SEV spec) says: > > > > 'If firmware encounters a CPUID function that is in the standard or extended ranges, then the > > firmware performs a check to ensure that the provided output would not lead to an insecure guest > > state' > > > > so I take that 'firmware' to be the PSP; that wording doesn't say that > > it checks that the CPUID is identical, just that it 'would not lead to > > an insecure guest' - so a hypervisor could hide any 'no longer affected > > by' flag for all the CPUs in it's migration pool and the firmware > > shouldn't complain; so it should be OK to pessimise. > > AFAIU this, I think this would depend on "[t]he policy used by the > firmware to assess CPUID function output can be found in [PPR]." > > So if the HV sets the "no longer affected by" flag but the firmware > deems this set flag as insecure, I'm assuming the firmare will clear > it when it returns the CPUID leafs. I guess I need to go find that > policy... OK, so that bit is 8...21 Eax ext2eax bit 6 page 1-109 then 2.1.5.3 CPUID policy enforcement shows 8...21 EAX as 'bitmask' 'bits set in the GuestVal must also be set in HostVal. This is often applied to feature fields where each bit indicates support for a feature' So that's right isn't it? Dave > -- > Regards/Gruss, > Boris. > > https://people.kernel.org/tglx/notes-about-netiquette > -- Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK