Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp2781374rwd; Fri, 2 Jun 2023 14:50:41 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5beOYEP91L3SsWgcq8gGnn9oOj1i8LtD+3UxQuSVg7pa1j9YweTte4nEymfJksm7o0zRMg X-Received: by 2002:a05:6e02:810:b0:32b:399a:af86 with SMTP id u16-20020a056e02081000b0032b399aaf86mr9553944ilm.31.1685742641729; Fri, 02 Jun 2023 14:50:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685742641; cv=none; d=google.com; s=arc-20160816; b=axls3mIgv2BwglAoyb0zxTxDb8yn9CUBxhG5ofsgBZUVuZKb5O8WiySIkKlgilPFdn LzvbUthRN5m6rxeyWyKdt6HzNcaJnUnoI1naCQ3O6AlQIk+rNEe1c/DI1GHp56V7gHAC iGjFiICMuSNt6Plee9KjWLYng+Qli6XdB/lqPl2lPOsHq3q+WaRaIiBVHmDFRA9s9vkg LkA37+3dBsH8eG32Vbmzf24cbybX3sLEaSGr9vhOU3JhhMhlrEeRmq+99mZPOYnJvI15 Y03K6Ajb95NtIackltbUzD+9EfJBMd3Srlk22npnDTJg8vFVoqNA1JcVWfuv3jZWVe4K 3m6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=c7JhW3T8lJ/tV2S7zAHSbpXyTLynz/QxEWmE5GNvI4g=; b=IxGIuSVnZ/IhCZFCt6IQJUvQrlcAG9j5UIalZ5oQxnGcLP5UAEeqsYWhe64djp0oaM n3H8ateTiqY4v6lvB3zIz2ew0E7EaahGlG9T6PaA4L7m/9cifi8ndcoUlShu6IgbZey8 DNaVDaep5z4U7Xglp6mCADKdJYgxWZnyOpn7awBgMKUEI4iYsmgy13z8eoYHtV5Pp9/a qWEBhPPM776uP6oxW6yNUOmyiX6UVCpmp4+O4KfsHK2S68Fx9t5xCnYJOP+G8bdhFgq1 T9waZjklHvxgr/e0xD5U2MbKea7nHMzwn7b1Y8O2rDBoMge1kWczPHPXJdO7lSLy+Xqt 4XMA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=qbVeR33s; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i194-20020a636dcb000000b0053fc290934dsi1592167pgc.361.2023.06.02.14.50.29; Fri, 02 Jun 2023 14:50:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=qbVeR33s; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236225AbjFBVaO (ORCPT + 99 others); Fri, 2 Jun 2023 17:30:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41788 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234676AbjFBVaN (ORCPT ); Fri, 2 Jun 2023 17:30:13 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 46B31E48; Fri, 2 Jun 2023 14:30:12 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id CC4426155F; Fri, 2 Jun 2023 21:30:11 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2E1D8C4339B; Fri, 2 Jun 2023 21:30:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1685741411; bh=qgRiHTAzGUiYqHvcAAXtF7ge8RD50s1R2CPGTYzuChA=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=qbVeR33sPyMFVf2I0h+tmuIwCOmYlX9WHiQ9oUHP4JxWwfNNn5smqsIJx53eei63s K+qa7q2gr/WJj0Y9Jb+pjKCCIp+Yo/5h8NEYcT4nT0Tfe9n9haVjd9NKuPL0KbBSOL VY702GKQCIJb0eRsc4g/gfxlnFY/BF8hjXE4ABtnxpp7edQSmgD+5tdiHRmwYkgGmy d3nK1GBD7xUeDiSDF/1G3lUf0gXRKjUPhNndNs7nTKaT42P10qysbbitkORfUXTxUt sw9vI7Lcs/Je97UU8h3J8UUIeQ94Yu6Z9EHYQ5OlRw+91QenQ1bu+DzwwC0YFQtl3o xuIZ7uIUBe6qA== Received: by mail-lj1-f177.google.com with SMTP id 38308e7fff4ca-2b1ba50e50bso539581fa.1; Fri, 02 Jun 2023 14:30:11 -0700 (PDT) X-Gm-Message-State: AC+VfDzA1WpprlvE3f1loyhlEIBWsatks444Oq4TjlSBHDErS5U8Y8j+ MHfPfS8zmx2g8SpI9+GFNiVaJzX/H4D5ZnKFNJQ= X-Received: by 2002:a2e:b60c:0:b0:2af:1c15:e7c8 with SMTP id r12-20020a2eb60c000000b002af1c15e7c8mr775414ljn.44.1685741409104; Fri, 02 Jun 2023 14:30:09 -0700 (PDT) MIME-Version: 1.0 References: <20230602101313.3557775-1-ardb@kernel.org> <20230602101313.3557775-21-ardb@kernel.org> <849a65c8-a320-a8a8-8784-0ee3737eee9e@amd.com> In-Reply-To: <849a65c8-a320-a8a8-8784-0ee3737eee9e@amd.com> From: Ard Biesheuvel Date: Fri, 2 Jun 2023 23:29:57 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v4 20/21] x86/efistub: Perform SNP feature test while running in the firmware To: Tom Lendacky Cc: linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, Evgeniy Baskov , Borislav Petkov , Andy Lutomirski , Dave Hansen , Ingo Molnar , Peter Zijlstra , Thomas Gleixner , Alexey Khoroshilov , Peter Jones , Gerd Hoffmann , Dave Young , Mario Limonciello , Kees Cook , "Kirill A . Shutemov" , Linus Torvalds , Joerg Roedel Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-4.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2 Jun 2023 at 22:39, Tom Lendacky wrote: > > On 6/2/23 15:38, Tom Lendacky wrote: > > On 6/2/23 05:13, Ard Biesheuvel wrote: > >> Before refactoring the EFI stub boot flow to avoid the legacy bare metal > >> decompressor, duplicate the SNP feature check in the EFI stub before > >> handing over to the kernel proper. > >> > >> The SNP feature check can be performed while running under the EFI boot > >> services, which means we can fail gracefully and return an error to the > >> bootloader if the loaded kernel does not implement support for all the > >> features that the hypervisor enabled. > >> > >> Signed-off-by: Ard Biesheuvel > >> --- > >> arch/x86/boot/compressed/sev.c | 74 ++++++++++++-------- > >> arch/x86/include/asm/sev.h | 4 ++ > >> drivers/firmware/efi/libstub/x86-stub.c | 17 +++++ > >> 3 files changed, 67 insertions(+), 28 deletions(-) > >> > >> diff --git a/arch/x86/boot/compressed/sev.c > >> b/arch/x86/boot/compressed/sev.c > >> index 014b89c890887b9a..be021e24f1ece421 100644 > >> --- a/arch/x86/boot/compressed/sev.c > >> +++ b/arch/x86/boot/compressed/sev.c > > > > > >> +void sev_enable(struct boot_params *bp) > >> +{ > >> + unsigned int eax, ebx, ecx, edx; > >> bool snp; > >> /* > >> @@ -358,37 +391,14 @@ void sev_enable(struct boot_params *bp) > >> */ > >> snp = snp_init(bp); > >> - /* Check for the SME/SEV support leaf */ > >> - eax = 0x80000000; > >> - ecx = 0; > >> - native_cpuid(&eax, &ebx, &ecx, &edx); > >> - if (eax < 0x8000001f) > >> - return; > >> - > >> - /* > >> - * Check for the SME/SEV feature: > >> - * CPUID Fn8000_001F[EAX] > >> - * - Bit 0 - Secure Memory Encryption support > >> - * - Bit 1 - Secure Encrypted Virtualization support > >> - * CPUID Fn8000_001F[EBX] > >> - * - Bits 5:0 - Pagetable bit position used to indicate encryption > >> - */ > >> - eax = 0x8000001f; > >> - ecx = 0; > >> - native_cpuid(&eax, &ebx, &ecx, &edx); > >> - /* Check whether SEV is supported */ > >> - if (!(eax & BIT(1))) { > >> + /* Set the SME mask if this is an SEV guest. */ > >> + sev_status = sev_get_status(); > >> + if (!(sev_status & MSR_AMD64_SEV_ENABLED)) { > >> if (snp) > >> error("SEV-SNP support indicated by CC blob, but not > >> CPUID."); > >> return; > >> } > >> - /* Set the SME mask if this is an SEV guest. */ > >> - boot_rdmsr(MSR_AMD64_SEV, &m); > >> - sev_status = m.q; > >> - if (!(sev_status & MSR_AMD64_SEV_ENABLED)) > >> - return; > >> - > >> /* Negotiate the GHCB protocol version. */ > >> if (sev_status & MSR_AMD64_SEV_ES_ENABLED) { > >> if (!sev_es_negotiate_protocol()) > >> @@ -409,6 +419,14 @@ void sev_enable(struct boot_params *bp) > >> if (snp && !(sev_status & MSR_AMD64_SEV_SNP_ENABLED)) > >> error("SEV-SNP supported indicated by CC blob, but not SEV > >> status MSR."); > >> + /* > >> + * Check for the SME/SEV feature: > >> + * CPUID Fn8000_001F[EBX] > >> + * - Bits 5:0 - Pagetable bit position used to indicate encryption > >> + */ > >> + eax = 0x8000001f; > >> + ecx = 0; > >> + native_cpuid(&eax, &ebx, &ecx, &edx); > > > > This causes SEV-ES / SEV-SNP to crash. > > > > This goes back to a previous comment where calling either > > sev_es_negotiate_protocol() or get_hv_features() blows away the GHCB value > > in the GHCB MSR and as soon as the CPUID instruction is executed the boot > > blows up. > > > > Even if we move this up to be done earlier, we can complete this function > > successfully but then blow up further on. > > > > So you probably have to modify the routines in question to save and > > restore the GHCB MSR value. > > I should clarify that it doesn't in fact cause a problem until the final > patch is applied and this path is taken. > Could we just move the CPUID call to the start of the function?