Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp3531264pxb; Mon, 4 Apr 2022 20:08:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxGmlx39zrr6d8yD24+d+8dnB3X5yTvQ6XcKMaMFrDJl/+FheZnpf0K/yHUrFwbR9It8kFZ X-Received: by 2002:a17:902:d48a:b0:154:7a1b:5f2b with SMTP id c10-20020a170902d48a00b001547a1b5f2bmr1373261plg.52.1649128084497; Mon, 04 Apr 2022 20:08:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649128084; cv=none; d=google.com; s=arc-20160816; b=tPDa7OBOKrQ+SzhU/3YKg5j1Fh2VJ8LFccgjuG/4Silp7Q3CmF0Wzc1GbvtIM92w5w HmVJOPAs/mxYR2B4g8kgSAb4Bbv5/jOtYlH/nuU0BxTS5rj6I5JCvZ2UYXFIE/R5lrnh Z3Sh7fBBMY+p6QJY5nahJg9DbQbZVjBQgFxmeav70v2zEKeAg6FDpiWQw4q5TWupWkCN WNJ2OX4TwEPUEcvs2i8fNo5U9Ktlr0vw4qgaxw0TVb3U2FciuV/OGiz4PUB1JBtcekKc Bg/fDSrIvnY1CZhVM32AN0XQX74w9a8w6buj/iPo7NISa24+HVnsfA9Xm/cE6mTNST22 eOvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=qk2vTGXRGqf3BpKwQtYdBLCMBP+WWND1mbOCTeq7Wd8=; b=ysbxMmTI+9uJbXcTeEvGxzWTsjqa14t+R8EnsIEg5O6e0G5cdbwnQXyBVscqk5HMkJ bHPKV1Wgo/+djXoC059R4KTBvL0L8H/akOYI+B9/X75ex1V5WiNs9f9Mmd0CZ8Ohx/Ds m74zFtdAskY68dYuonqFBun2iZnhv2aVo3UzGScgegIRoFaldH6NDlZNxtFYb57xGgTr A0PRnqn0GkUg6sBTjA+cgMYO8JicVgUtLvS2Y0wdPKUH8T1JpeAmhMqe06DyrZcwphGG 03UF0y3mXRqZL5/pdCfi8jEnIV72A+alpwgAs3/TWbZuaZFleg4AbFv9KKEjt5R15Gnm zmXg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=M8Y3mkCy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id on10-20020a17090b1d0a00b001c71583fda1si1116813pjb.29.2022.04.04.20.08.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Apr 2022 20:08:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=M8Y3mkCy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 947B936D097; Mon, 4 Apr 2022 18:32:07 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229526AbiDEAv7 (ORCPT + 99 others); Mon, 4 Apr 2022 20:51:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54082 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229449AbiDEAvw (ORCPT ); Mon, 4 Apr 2022 20:51:52 -0400 Received: from mail-il1-x134.google.com (mail-il1-x134.google.com [IPv6:2607:f8b0:4864:20::134]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3511E2AD0B8 for ; Mon, 4 Apr 2022 17:43:45 -0700 (PDT) Received: by mail-il1-x134.google.com with SMTP id d3so8112441ilr.10 for ; Mon, 04 Apr 2022 17:43:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=qk2vTGXRGqf3BpKwQtYdBLCMBP+WWND1mbOCTeq7Wd8=; b=M8Y3mkCyz4+DCsjQDgiHQLuP6ZxBkxl0uN10+U2ZHu9akhKgM8UGUz5wmW7tJAPQP3 QTmFA2BUcbFUPrczakTRxGwXBdWfXzPfzDvgeaSSKTX2ETyxQaRXiOE8pcIv+QItZV1R YcAIj9+gpFvBzBQxhy4lAJ7VtG96ODgzuR27VBTeIi8VzSBA5K9IB4Wn2REubsm/4ZEj GWMbLa9EdZrL7Q04meUTwExAMH1Je0IY5Ff4RSMzfMEnJSIERJgUtGHNZW4s0xmMGGUW EACEBdpiTsmDRnB6GQOWobQzAd3yXuZYlxfQkd9pW77edOHHriaRDYcIP8UOoF+xZbtl sllA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=qk2vTGXRGqf3BpKwQtYdBLCMBP+WWND1mbOCTeq7Wd8=; b=aJKdt1gfLkXwChjVnZxIz0v+GzjmEHDi2e7eChY6DuScH6bY1S9gdeSf7ki+QAXDcR d1Ko3VDZ95XVr6XX4KiCblUgAB9VLWOzF6PsvzNjmmxek9GsiWrdkTCXns0CMIK3ICOu AlGF2gfp7lJeW+SNs5WYqGkeWkBTQJBJd9ggZJgdCkUtm/wQ5Ec1302uTwvRs1GHZ+ge FELOtwgg+GPdDxl6hkGuBJ3/+EjuJkNQkU4e2qsVg+Od+Bo4Ykg6j5I3UxT638T9+VUH ma/eqHX7/CHup0tS25ReBoKipMGdQzTEByAfYm5poJYyilUMOEPF4/nYwo8Rh3DWi6fG mUWA== X-Gm-Message-State: AOAM531lERs9Ex2O1A5nt/KJ5DEAmPQwgfl/SWLxdU+SVk3sy06aeea5 PNYd5YsydURCTZVMI6vuHly0K2Q43qM2gA== X-Received: by 2002:a65:63d9:0:b0:374:6b38:c6b3 with SMTP id n25-20020a6563d9000000b003746b38c6b3mr636129pgv.195.1649118289900; Mon, 04 Apr 2022 17:24:49 -0700 (PDT) Received: from google.com (157.214.185.35.bc.googleusercontent.com. [35.185.214.157]) by smtp.gmail.com with ESMTPSA id m17-20020a17090a859100b001bc20ddcc67sm261755pjn.34.2022.04.04.17.24.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Apr 2022 17:24:49 -0700 (PDT) Date: Tue, 5 Apr 2022 00:24:45 +0000 From: Sean Christopherson To: Brijesh Singh Cc: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Vitaly Kuznetsov , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , "Dr . David Alan Gilbert" , brijesh.ksingh@gmail.com, tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com Subject: Re: [PATCH v12 22/46] x86/sev: Use SEV-SNP AP creation to start secondary CPUs Message-ID: References: <20220307213356.2797205-1-brijesh.singh@amd.com> <20220307213356.2797205-23-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220307213356.2797205-23-brijesh.singh@amd.com> X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 07, 2022, Brijesh Singh wrote: > From: Tom Lendacky > > To provide a more secure way to start APs under SEV-SNP, use the SEV-SNP > AP Creation NAE event. This allows for guest control over the AP register > state rather than trusting the hypervisor with the SEV-ES Jump Table > address. > > During native_smp_prepare_cpus(), invoke an SEV-SNP function that, if > SEV-SNP is active, will set/override apic->wakeup_secondary_cpu. This > will allow the SEV-SNP AP Creation NAE event method to be used to boot > the APs. As a result of installing the override when SEV-SNP is active, > this method of starting the APs becomes the required method. The override > function will fail to start the AP if the hypervisor does not have > support for AP creation. ... > @@ -823,6 +843,230 @@ void snp_set_memory_private(unsigned long vaddr, unsigned int npages) > pvalidate_pages(vaddr, npages, true); > } > > +static int snp_set_vmsa(void *va, bool vmsa) > +{ > + u64 attrs; > + > + /* > + * Running at VMPL0 allows the kernel to change the VMSA bit for a page > + * using the RMPADJUST instruction. However, for the instruction to > + * succeed it must target the permissions of a lesser privileged > + * VMPL level, so use VMPL1 (refer to the RMPADJUST instruction in the > + * AMD64 APM Volume 3). > + */ > + attrs = 1; > + if (vmsa) > + attrs |= RMPADJUST_VMSA_PAGE_BIT; > + > + return rmpadjust((unsigned long)va, RMP_PG_SIZE_4K, attrs); > +} > + > +#define __ATTR_BASE (SVM_SELECTOR_P_MASK | SVM_SELECTOR_S_MASK) > +#define INIT_CS_ATTRIBS (__ATTR_BASE | SVM_SELECTOR_READ_MASK | SVM_SELECTOR_CODE_MASK) > +#define INIT_DS_ATTRIBS (__ATTR_BASE | SVM_SELECTOR_WRITE_MASK) > + > +#define INIT_LDTR_ATTRIBS (SVM_SELECTOR_P_MASK | 2) > +#define INIT_TR_ATTRIBS (SVM_SELECTOR_P_MASK | 3) > + > +static void *snp_alloc_vmsa_page(void) > +{ > + struct page *p; > + > + /* > + * Allocate VMSA page to work around the SNP erratum where the CPU will > + * incorrectly signal an RMP violation #PF if a large page (2MB or 1GB) > + * collides with the RMP entry of VMSA page. The recommended workaround > + * is to not use a large page. > + */ > + > + /* Allocate an 8k page which is also 8k-aligned */ > + p = alloc_pages(GFP_KERNEL_ACCOUNT | __GFP_ZERO, 1); > + if (!p) > + return NULL; > + > + split_page(p, 1); > + > + /* Free the first 4k. This page may be 2M/1G aligned and cannot be used. */ > + __free_page(p); > + > + return page_address(p + 1); > +} > + > +static void snp_cleanup_vmsa(struct sev_es_save_area *vmsa) > +{ > + int err; > + > + err = snp_set_vmsa(vmsa, false); Uh, so what happens if a malicious guest does RMPADJUST to convert a VMSA page back to a "normal" page while the host is trying to VMRUN that VMSA? Does VMRUN fault? Can Linux refuse to support this madness and instead require the ACPI MP wakeup protocol being proposed/implemented for TDX? That would allow KVM to have at least a chance of refusing to support AP "creation", which IMO is a CVE or three waiting to happen. From a KVM perspective, I don't ever want to be running a guest-defined VMSA. https://lore.kernel.org/all/YWnbfCet84Vup6q9@google.com > + if (err) > + pr_err("clear VMSA page failed (%u), leaking page\n", err); > + else > + free_page((unsigned long)vmsa);