Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp266541rwp; Wed, 12 Jul 2023 13:00:45 -0700 (PDT) X-Google-Smtp-Source: APBJJlE+zBftcHBMswA8eliGfqV0fd+5n442Dtu7SDSqGttkHnXcufzG00Iv5n7CrdmTBeiYvavi X-Received: by 2002:a17:906:779b:b0:992:47d7:35d7 with SMTP id s27-20020a170906779b00b0099247d735d7mr19904027ejm.14.1689192044801; Wed, 12 Jul 2023 13:00:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689192044; cv=none; d=google.com; s=arc-20160816; b=xosfxlUEw1r0LNaJL17te/UdX183ckOhgbEJNdk6nJ1x9GQdUxXOOQAMRzmkQysGTI SF7NvY3NC/NgTX3r9Rd8Qs/uKe9/l1ZZrNhoCSSfGkIJ7Zu12etbI3q/Tb6bRW1Td61H B3398bJYNQ8YTxcSgMfVc7qm7KPMAnd//nDwyvFTS8Rc09yeJfLJFWuoZaLaQhfTR/Hh a5bAhHQAa8PZaPu4jfNWcDPril0mfeEVkc2mrjQ6wf+4kojJ6KMIepylm5MBv89fkuWT PoWsgxfraZhhnY2776JcmUtjJ/V77DWJUerNYIuwHHTXwzuf222UHnS2PVJQ/B8WfVmV wZaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=uhXePCbfRx+NHTk00NjYTdJH1gNWJmX+k9LT0ySeflg=; fh=z3sojQ+VA0j4nnAY/aSD6nI2005ke+vigvNuc20bliw=; b=eVjsdm9ksgiNdChu41kgFoUIO0bOxs7TS7at0/5r222xHM3wK2UHCRoVpD2vnUm/3m JdAuiAUlcMoH/QuIoP+xpXNsXCzjvYsP0/psItNtTHELwvdJ8sMDVIBPNyXIyC1YqqMn VWgR8Hrl1vJ8ibBM1Wy5JTP2rDljD+EUVNnIyBCkf4JJAf8g9tLtstP5im8OO3LLPgWN NXB0kYebUtwEHIGLQROsa+owuyK5QSkitc9WLeQM/E3PRMHyo4tDeX0MGLHTSuKORDkU Vsra6aHp7pIZPu+Wp57LAlQZx0j7ueI/TDrhD1AtTz4nu4DxHAnT8xw9HgddvWBIiykl ubXA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=QHnCpdE6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c26-20020a170906529a00b0098296d092ffsi5568478ejm.330.2023.07.12.13.00.20; Wed, 12 Jul 2023 13:00:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=QHnCpdE6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232486AbjGLTTP (ORCPT + 99 others); Wed, 12 Jul 2023 15:19:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54454 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230108AbjGLTTO (ORCPT ); Wed, 12 Jul 2023 15:19:14 -0400 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 711FA198A; Wed, 12 Jul 2023 12:19:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689189553; x=1720725553; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=erSspT/giTSCdU16BhFoAH7WAi6laQ6iA2u5zYWC5ak=; b=QHnCpdE6VH4DihqE+8KDaAc03BHYLz0LGMtNEQLxVkdJ0wA5hnAIA+2k n46QJfQxQjaHL7lwtjK0wvszOiFoX5d4a/gy6IjumS/52+FJYkAY4r44l CljVD5TKyYXQ1M8OVbVXzD6iBQi70dXJQoZ+gwM9XxySca2ugM4X0XtBZ zmeU/FAMn01md8N/KcRbBvKraUQ58aCbLgUH8sXLdtHiBNywji1L7rVLD q25vx4F7ZGl+n1wT1NzSgZh7LepCICToHl+KbLXxSylDwvWPsUX1mUwBX M5qqzn1bjaGOf62S9z/wnPQqFCljDAAtqwY58t3TCvVGxPkpboZFqIzpj A==; X-IronPort-AV: E=McAfee;i="6600,9927,10769"; a="362448803" X-IronPort-AV: E=Sophos;i="6.01,200,1684825200"; d="scan'208";a="362448803" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Jul 2023 12:19:13 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10769"; a="895731592" X-IronPort-AV: E=Sophos;i="6.01,200,1684825200"; d="scan'208";a="895731592" Received: from averypay-mobl1.amr.corp.intel.com (HELO [10.212.212.40]) ([10.212.212.40]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Jul 2023 12:19:12 -0700 Message-ID: Date: Wed, 12 Jul 2023 12:19:12 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0 Thunderbird/102.13.0 Subject: Re: [PATCH 01/10] x86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro Content-Language: en-US To: Kai Huang , peterz@infradead.org, kirill.shutemov@linux.intel.com, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, tglx@linutronix.de, bp@alien8.de, mingo@redhat.com, hpa@zytor.com, x86@kernel.org, seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, isaku.yamahata@intel.com References: <2d821f2c32e6cdca252a80451f38429ef49b6984.1689151537.git.kai.huang@intel.com> From: Sathyanarayanan Kuppuswamy In-Reply-To: <2d821f2c32e6cdca252a80451f38429ef49b6984.1689151537.git.kai.huang@intel.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 7/12/23 1:55 AM, Kai Huang wrote: > In the TDX_HYPERCALL asm, after the TDCALL instruction returns from the > untrusted VMM, the registers that the TDX guest shares to the VMM need > to be cleared to avoid speculative execution of VMM-provided values. > > RSI is specified in the bitmap of those registers, but it is missing > when zeroing out those registers in the current TDX_HYPERCALL. > > It was there when it was originally added in commit 752d13305c78 > ("x86/tdx: Expand __tdx_hypercall() to handle more arguments"), but was > later removed in commit 1e70c680375a ("x86/tdx: Do not corrupt > frame-pointer in __tdx_hypercall()"), which was correct because %rsi is > later restored in the "pop %rsi". However a later commit 7a3a401874be > ("x86/tdx: Drop flags from __tdx_hypercall()") removed that "pop %rsi" > but forgot to add the "xor %rsi, %rsi" back. > > Fix by adding it back. > > Fixes: 7a3a401874be ("x86/tdx: Drop flags from __tdx_hypercall()") > Signed-off-by: Kai Huang > --- Looks fine to me. Reviewed-by: Kuppuswamy Sathyanarayanan > arch/x86/coco/tdx/tdcall.S | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/arch/x86/coco/tdx/tdcall.S b/arch/x86/coco/tdx/tdcall.S > index b193c0a1d8db..2eca5f43734f 100644 > --- a/arch/x86/coco/tdx/tdcall.S > +++ b/arch/x86/coco/tdx/tdcall.S > @@ -195,6 +195,7 @@ SYM_FUNC_END(__tdx_module_call) > xor %r10d, %r10d > xor %r11d, %r11d > xor %rdi, %rdi > + xor %rsi, %rsi > xor %rdx, %rdx > > /* Restore callee-saved GPRs as mandated by the x86_64 ABI */ -- Sathyanarayanan Kuppuswamy Linux Kernel Developer