Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp3057028rwb; Fri, 9 Dec 2022 09:24:27 -0800 (PST) X-Google-Smtp-Source: AA0mqf7xB94qq5vH+Ojj1Vpvv9xSAMkhfwTpSfPkKZxdn9Rv2gMgofLhqjwT8LVLmgZVKn0gp13D X-Received: by 2002:a17:907:90d4:b0:7c0:db61:dbd5 with SMTP id gk20-20020a17090790d400b007c0db61dbd5mr4828491ejb.62.1670606667003; Fri, 09 Dec 2022 09:24:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670606666; cv=none; d=google.com; s=arc-20160816; b=NavPjTI7D5Yeny4wk1R/JqgOgZ7qe02xDJU+pWuxM3nA2qcza5QktsLoKQhxwnJruP QwyvUxUPxeoY2jFPTZhqLoCCR3MuX/8WjXuy0rNFnQ0SPr1hvQNJeStthos13tIgD09S SSAvtnQDy8sv6GCK+9k5Jt3HlSQQeUqAkwsOw2G0MeqGJDIAhpfpE38Gb6xDrHRvx3iK VmbVp5haOglX1GkSEhLIxwt7Lr5FPGWJj2fmoyLIff+m9YG9TRAAoj8keWCn/DucsdoK 7iWxc3eDxDkA2qVsyk+/A+KnpXlcCFA4MOms3/JU5CY6lAY3K6ClBrCsqyGpQ7MwykQ1 kw5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:feedback-id :dkim-signature:dkim-signature; bh=ieKba2wRqpTtar0M8Punm8EsvypR1DWul//ocfevcKY=; b=pXbjBJsPlfDAByxzI7yzhookFIAwk3wWeDAIxhaweeMLPDsshXRmG3MrDhmRVgOE+x CAE4Bjn8Z6j8tMM2Hs1PaZvpcvoo3A4rrUDddSR4bWx5mif16vXW8kZV9aKzEEcslzpR nOyIGqQlTeYVOP7DgTqoslkupO68iHXE7P2ozwZrGlXW9+t6+MSrWlkVyDs2nNz4ttNX whMs1DwujnbjU+y2p2v7AzVuTa3hoeN0aTU+jDSjA7tnUFZSZdeZQOeZP20BTdEd22tL oSvglSs7KqCqxggfbYR1zSaHSrsrIPpwUUBSus/fkxGgyutHo2y+/tGrWzpmvjrEPJZR fGeg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@shutemov.name header.s=fm3 header.b="B7In/EVG"; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=nhl3g4T2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e9-20020a170906080900b0078db6f56d51si194598ejd.808.2022.12.09.09.24.06; Fri, 09 Dec 2022 09:24:26 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@shutemov.name header.s=fm3 header.b="B7In/EVG"; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=nhl3g4T2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230118AbiLIRJn (ORCPT + 75 others); Fri, 9 Dec 2022 12:09:43 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58564 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230074AbiLIRJF (ORCPT ); Fri, 9 Dec 2022 12:09:05 -0500 Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6E8763C6C1 for ; Fri, 9 Dec 2022 09:08:40 -0800 (PST) Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id DB2475C011D; Fri, 9 Dec 2022 12:08:39 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Fri, 09 Dec 2022 12:08:39 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov.name; h=cc:cc:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm3; t=1670605719; x=1670692119; bh=ie Kba2wRqpTtar0M8Punm8EsvypR1DWul//ocfevcKY=; b=B7In/EVG85GZYWHzeE qEc30OzgneO/S2JaOCrCl1drNK7+IbJMpXUY8YSz5RzR50ZBDQIKF9pv8dbhGBmK 60HwH+xSzKhyvg5iTvZjdB/8UWVpI+2dcaQS/HUrpL33Ymh6uRVN1fTxSo4iFB4z D4tzpzwUW+x39JVs8XzPLbTGE/yh8ywOLh4XsN5zCFJsfE7KsKIcaMUHGs6e7s7H uyJVsTFDYSsYZjrbYXVJreoICWEsv9NmZIGgsatv5IVLYBTIbbWtF2uITjFyZdqe 3OORA/JFishaiEq99hd3wDoVFrQK5Sl+fW1GfxLlIHOT20nAcntwAEpbetR3wJUj fOcg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1670605719; x=1670692119; bh=ieKba2wRqpTtar0M8Punm8EsvypR 1DWul//ocfevcKY=; b=nhl3g4T20adgQx0zJ7e4ECXvKFX1PFT1ruH2ckjXUCHG QzNzF/zUN483Yr45NiioUYa/KRQWS4ReQTaJI3INL9en1HU+unjoRSvFLveTl2Ou 7Zz6X9YLm5kzNRIV2mNDuSAvcokzq82hUqd6eqNosp9eNfocy40RaVhy7UUViD2k KzgI3Ztqju7n/j8CU5MhTF3nMKN7F6iv3kMh+NwQ/mGMOShZcj9yE3LqurJLyiMd dk7y4Av1m9ExWh81j6AY8SJXSfJ0sC2NLcFr76FiqNXS0YIzItdLsO9sZQUenOoP f4d4BxAllNcfSUv++iQE7dGffAHD0F2Iv4tjHd9Sww== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrvddvgdelhecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpeffhffvvefukfhfgggtuggjsehttddttddttddvnecuhfhrohhmpedfmfhirhhi lhhlucetrdcuufhhuhhtvghmohhvfdcuoehkihhrihhllhesshhhuhhtvghmohhvrdhnrg hmvgeqnecuggftrfgrthhtvghrnhephfeigefhtdefhedtfedthefghedutddvueehtedt tdehjeeukeejgeeuiedvkedtnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpe hmrghilhhfrhhomhepkhhirhhilhhlsehshhhuthgvmhhovhdrnhgrmhgv X-ME-Proxy: Feedback-ID: ie3994620:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 9 Dec 2022 12:08:39 -0500 (EST) Received: by box.shutemov.name (Postfix, from userid 1000) id 61493109CE2; Fri, 9 Dec 2022 20:08:37 +0300 (+03) Date: Fri, 9 Dec 2022 20:08:37 +0300 From: "Kirill A. Shutemov" To: Sathyanarayanan Kuppuswamy Cc: "Kirill A. Shutemov" , Dave Hansen , Borislav Petkov , Andy Lutomirski , Thomas Gleixner , Elena Reshetova , x86@kernel.org, linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org Subject: Re: [PATCH 3/4] x86/tdx: Relax SEPT_VE_DISABLE check for debug TD Message-ID: <20221209170837.xb5z4zoirx6iwhnc@box.shutemov.name> References: <20221209132524.20200-1-kirill.shutemov@linux.intel.com> <20221209132524.20200-4-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Dec 09, 2022 at 07:45:34AM -0800, Sathyanarayanan Kuppuswamy wrote: > > > On 12/9/22 5:25 AM, Kirill A. Shutemov wrote: > > SEPT_VE_DISABLE check is required to keep the TD protected from VMM > > attacks, but it makes harder to debug guest kernel bugs. If guest > > touches unaccepted memory the TD will get terminated without any > > traces on what has happened. > > > > Relax the SEPT_VE_DISABLE check to warning on debug TD and panic() in > > the #VE handler on EPT-violation on private memory. It will produce > > useful backtrace. > > > > Signed-off-by: Kirill A. Shutemov > > --- > > arch/x86/coco/tdx/tdx.c | 14 ++++++++++++-- > > 1 file changed, 12 insertions(+), 2 deletions(-) > > > > diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c > > index 8ad04d101270..0e47846ff8ff 100644 > > --- a/arch/x86/coco/tdx/tdx.c > > +++ b/arch/x86/coco/tdx/tdx.c > > @@ -38,6 +38,7 @@ > > #define VE_GET_PORT_NUM(e) ((e) >> 16) > > #define VE_IS_IO_STRING(e) ((e) & BIT(4)) > > > > +#define ATTR_DEBUG BIT(0) > > #define ATTR_SEPT_VE_DISABLE BIT(28) > > > > /* TDX Module call error codes */ > > @@ -207,8 +208,15 @@ static void tdx_parse_tdinfo(u64 *cc_mask) > > * TD-private memory. Only VMM-shared memory (MMIO) will #VE. > > */ > > td_attr = out.rdx; > > - if (!(td_attr & ATTR_SEPT_VE_DISABLE)) > > - tdx_panic("TD misconfiguration: SEPT_VE_DISABLE attribute must be set."); > > + if (!(td_attr & ATTR_SEPT_VE_DISABLE)) { > > + const char *msg = "TD misconfiguration: SEPT_VE_DISABLE attribute must be set."; > > + > > + /* Relax SEPT_VE_DISABLE check for debug TD. */ > > + if (td_attr & ATTR_DEBUG) > > + pr_warn("%s\n", msg); > > + else > > + tdx_panic(msg); > > + } > > } > > > > /* > > @@ -682,6 +690,8 @@ static int virt_exception_kernel(struct pt_regs *regs, struct ve_info *ve) > > case EXIT_REASON_CPUID: > > return handle_cpuid(regs, ve); > > case EXIT_REASON_EPT_VIOLATION: > > + if (ve->gpa != cc_mkdec(ve->gpa)) > > + panic("Unexpected EPT-violation on private memory."); > > Why add this change part of TD debug check? Should this be a separate patch? This code is never reachable if ATTR_SEPT_VE_DISABLE is set. And the panic provides backtrace useful for debug. > > > return handle_mmio(regs, ve); > > case EXIT_REASON_IO_INSTRUCTION: > > return handle_io(regs, ve); > > -- > Sathyanarayanan Kuppuswamy > Linux Kernel Developer -- Kiryl Shutsemau / Kirill A. Shutemov