Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp274437pxb; Thu, 20 Jan 2022 13:14:54 -0800 (PST) X-Google-Smtp-Source: ABdhPJxM0hheCi+yUt4QU7SBNviswTh0sn9Vry4qqbmJcVJf6l/094dSQIAXzlmS17TQE4OF92Hf X-Received: by 2002:aa7:81cf:0:b0:4c0:6242:c14e with SMTP id c15-20020aa781cf000000b004c06242c14emr749096pfn.83.1642713294124; Thu, 20 Jan 2022 13:14:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642713294; cv=none; d=google.com; s=arc-20160816; b=MNFuprzd7FHn1NnmPZ1WeC9jtzyGW8TXGbL/cl+loAsauRxuWVL/DTWCyru6agWAgV O6zm98YHp/2wVSTw/JlJvN/XKXu5t4jF61WwXlBk3rbJcKeU+mYFf3np9l67cQQ5wFrT /aUBCgqjavP0ctyd4AIdr7WQEQVHXF+n0o89ow7HhqNnKkNoxPHVMswgJhwMdQlK3Abg vxHROOTKLnyNHz1KjCvVP4PZwQYBRgDpJxDy2XKyL5ivgg9PROTmZOEinYipirzi2VMn +qEvJOem6OagrwscS2idjx0qJ6p3RBLxEXljKN4D/1gx4qWxZC1dJni2XD68XOVXXk8k 8S6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=CsZVby0OJMbu1MByStGLgighQnR1NhGu4hi+vJOU81M=; b=rngfK/0M6fJp58cnzp1jL5+ollBylpvj3Qyih31t750RAzfzdRbFE3UnGiCErQWQdI GZJNtQa0pn4XRmSkkbGAxHpDsKh5w+00WKy3+FV9Xv/gDNT/1CUdXa5rB/ayydFAfyFD ykRHo5vtgsdipiCvrJB9FWAranEh7MeIxTBYV9dtFDAm47XkdjW4vjY7rFpIsnlrdDZ6 fciCq7DzJp4J2Z1IsPAXoQ5cexij1vmv7UfI0Wc7hm+GrR3MqQx/buz0IHMngwOqTYf5 sgLiqM0+poiTjT8PUjPhdBk6rRpQNlHpKKmUrojTYJpP1jvV4r+DzYNty9DZjaDDBFxl PaZg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=C3sJeNxI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p4si3963471pll.2.2022.01.20.13.14.41; Thu, 20 Jan 2022 13:14:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=C3sJeNxI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347525AbiARRle (ORCPT + 99 others); Tue, 18 Jan 2022 12:41:34 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45220 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347108AbiARRlT (ORCPT ); Tue, 18 Jan 2022 12:41:19 -0500 Received: from mail.skyhub.de (mail.skyhub.de [IPv6:2a01:4f8:190:11c2::b:1457]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DEBCCC061574; Tue, 18 Jan 2022 09:41:18 -0800 (PST) Received: from zn.tnic (dslb-088-067-202-008.088.067.pools.vodafone-ip.de [88.67.202.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 463CF1EC018C; Tue, 18 Jan 2022 18:41:13 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1642527673; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=CsZVby0OJMbu1MByStGLgighQnR1NhGu4hi+vJOU81M=; b=C3sJeNxIdauAfWOLlqRZorFZVR7UQ/AVKdZPwz7vfz67sIk4HNKkeQFLPa/WrKN/1Xq+Dr W9ZTwB4dfE9qGzH4mfg3r2AYWqKW2xjD0W/tDOSAgw0MZM1vdg7wKPSH5uyRQLZKGEWiCf qNVzhry0cqwqcB8Vhz47o8b2H7qJb+0= Date: Tue, 18 Jan 2022 18:41:16 +0100 From: Borislav Petkov To: Michael Roth Cc: Brijesh Singh , x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , "Dr . David Alan Gilbert" , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com Subject: Re: [PATCH v8 29/40] x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers Message-ID: References: <20220113163913.phpu4klrmrnedgic@amd.com> <20220118043521.exgma53qrzrbalpd@amd.com> <20220118142345.65wuub2p3alavhpb@amd.com> <20220118143238.lu22npcktxuvadwk@amd.com> <20220118143730.wenhm2bbityq7wwy@amd.com> <20220118172043.djhy3dwg4fhhfqfs@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20220118172043.djhy3dwg4fhhfqfs@amd.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 18, 2022 at 11:20:43AM -0600, Michael Roth wrote: > The HV fills out the initial contents of the CPUID page, which includes > the count. SNP/PSP firmware will validate the contents the HV tries to put > in the initial page, but does not currently enforce that the 'count' field > is non-zero. So if the HV sets count to 0, then the PSP can validate all it wants but you basically don't have a CPUID page. And that's a pretty easy way to defeat it, if you ask me. So, if it is too late to change this, I guess the only way out of here is to terminate the guest on count == 0. And regardless, what if the HV fakes the count - how do you figure out what the proper count is? You go and read the whole CPUID page and try to make sense of what's there, even beyond the "last" function leaf. > So we can't rely on the 'count' field as an indicator of whether or > not the CPUID page is active, we need to rely on the presence of the > ccblob as the true indicator, then treat a non-zero 'count' field as > an invalid state. treat a non-zero count field as invalid? You mean, "a zero count" maybe... But see above, how do you check whether the HV hasn't "hidden" some entries by modifying the count field? Either I'm missing something or this sounds really weird... -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette