Received: by 2002:a05:7412:b10a:b0:f3:1519:9f41 with SMTP id az10csp176872rdb; Thu, 30 Nov 2023 01:31:26 -0800 (PST) X-Google-Smtp-Source: AGHT+IHbm5wMixIpKyezlPZGuQ/X1xJqBFzOMS4bPGktXT72VZKhhxiboIco+a3QPdK/TwJqvshb X-Received: by 2002:a17:90b:4d88:b0:27d:3439:c141 with SMTP id oj8-20020a17090b4d8800b0027d3439c141mr19429333pjb.39.1701336685945; Thu, 30 Nov 2023 01:31:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701336685; cv=none; d=google.com; s=arc-20160816; b=l5ty/RqW21qG7qNqFtav+s19yLJEScQXXcuW7ytDJhNe+AY/w4+ca2JuwkYde5buqU IBt0nFYyIw/1VG1DAXpTCNFSh7/WEepWM5YuqyIPO4N5/F0j3HW07tKaN+BiQ2zfL7ZI 9/lTdnBuOzuxi97rEEowPbyo5Ri2RUhumQCn5BIHrewzNz94cuhCWKRwAwALfOytwwKR Qll4en8mOdswusRaJlwEdpr2JaAojgMY2bWEj00E2ADzkXPOOakoAWk4fO+eRSWkTkvs sTi6pJYzkJhZ1U/hjBXPKOciFhO67M1BVUU4IO+VMdvfO0LsbLdm4D4bRiGKEyX5moqK nJ0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:sender:dkim-signature; bh=YuNTtw2jvQuN4PhWTyrra/q1irsKXH/DVcQCJL0iMU8=; fh=MPs9ftO40xYfD3OS064odg2rxK/AWBm0TAwKTdH1fME=; b=xOz4jGKHErhCJeEKKCkXtJ/DQLetriSU2aLcyzMmyvnZkVJgjFOBQxxZRML24UJzNu fVpk2dG2rshSa3OJGxAcTEVRJLie7z9wiXoOa+i7+g4QM2cFYJoW6/ASkdu+Vi3GHeID bjhXiyurmOlMAAtwtxTKYQSoNp+VpaGI9ELRWVwwyMvlFGQCdx3vi7wN/zjn+IjHI2xv IQb2ui9KiXrN10aTFM7eqiODLUBEpj24fGVkX5mMQxG0PQ3qgH1awkc+6FCPcg17PpM1 G+q5E971x7ZZVg60eiilZ1Ps7c5+BcoWUNHFE5OiUzWtb80UPNmuRi1D5GpoxHjmqxEk /mYw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=A5y2F7Pf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id v4-20020a17090a898400b00285b3f6bb59si3225092pjn.73.2023.11.30.01.31.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Nov 2023 01:31:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=A5y2F7Pf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 213C7809659D; Thu, 30 Nov 2023 01:30:36 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231799AbjK3JaM (ORCPT + 99 others); Thu, 30 Nov 2023 04:30:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45320 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229462AbjK3JaK (ORCPT ); Thu, 30 Nov 2023 04:30:10 -0500 Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [IPv6:2a00:1450:4864:20::429]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C7D428F; Thu, 30 Nov 2023 01:30:16 -0800 (PST) Received: by mail-wr1-x429.google.com with SMTP id ffacd0b85a97d-3330fd19820so477788f8f.1; Thu, 30 Nov 2023 01:30:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701336615; x=1701941415; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:sender:from:to:cc:subject:date:message-id :reply-to; bh=YuNTtw2jvQuN4PhWTyrra/q1irsKXH/DVcQCJL0iMU8=; b=A5y2F7Pf1S/HONNiXrAK86jZe3N0SOoE0ONtsedAbsiHvs9L74N5zUq8qQThQmLewt nUIoBcDKPvgnROW8NtM5gKmbngCeCPcgXyy1qsasf1E2K9pbA/pC6+PXD0uLpebDWt71 FYVLy+FGUrZ5MaQhmjO6aq8PSUDoHtBSzFmqTjU0LF8VH4yTMXHkQFmRitGcSlq+EgRJ zupk3WddIoIyb/B/XXNhqLbBcEflXJ+UliAWsYnhvsYNBuR3kSKH1rzV1DWPscRuT7oZ QfURIePypK+AKvalyFDh2o695IBC6XLQET3E7z8NsOROZ3/JCmW6qmQZ5c9KSBgTgvQi ZjFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701336615; x=1701941415; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:sender:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YuNTtw2jvQuN4PhWTyrra/q1irsKXH/DVcQCJL0iMU8=; b=oJLN2pmu9MHiCl4i193svxQOdkLvoXUxF3t0UXQ4aNzLVsjDmIDvfmWm/2TaYdbNab Fw6zO/Dfu/gKAOfXBufySoKZS9vGvy2QM4OInq2eWI/yAxlGeVf0Hr8wiVLnM7MyHPgR mSohZreZik0rvMgfiY2Ca4vWcEm8tSGK1r0r9u0RLPgf7+tE+Geuz1843HOVFDt4OP2Q u32JZkjWsG9YXlSfm9tmnJBDKAy+IVsFw8DD6SlktqtXw+WwIH5AE16kuSf8TmAVPPnd PEL18Tly4XC7jwpAkkyAiz1PP26wSR1MD3y2n9S6f97/s5+b2HBxQQD4Le0nOqt2hGag Jtvg== X-Gm-Message-State: AOJu0Yycr885N2g/frdsGR3C0Wbk6NtrWIjZanz1fdcqzXBncWmJUiLf OdiwQFM8PoKojqxTyrd9HG4= X-Received: by 2002:adf:f588:0:b0:332:eb19:9530 with SMTP id f8-20020adff588000000b00332eb199530mr14011097wro.32.1701336614960; Thu, 30 Nov 2023 01:30:14 -0800 (PST) Received: from gmail.com (1F2EF55A.nat.pool.telekom.hu. [31.46.245.90]) by smtp.gmail.com with ESMTPSA id r13-20020adfe68d000000b00333040a4752sm995326wrm.114.2023.11.30.01.30.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Nov 2023 01:30:14 -0800 (PST) Sender: Ingo Molnar Date: Thu, 30 Nov 2023 10:30:11 +0100 From: Ingo Molnar To: Ashwin Dayanand Kamat Cc: linux-kernel@vger.kernel.org, thomas.lendacky@amd.com, bp@alien8.de, brijesh.singh@amd.com, tglx@linutronix.de, mingo@redhat.com, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, jroedel@suse.de, stable@vger.kernel.org, ganb@vmware.com, tkundu@vmware.com, vsirnapalli@vmware.com, akaher@vmware.com, amakhalov@vmware.com, namit@vmware.com Subject: [PATCH] x86/sev: Fix kernel crash due to late update to read-only ghcb_version Message-ID: References: <1701254429-18250-1-git-send-email-kashwindayan@vmware.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1701254429-18250-1-git-send-email-kashwindayan@vmware.com> X-Spam-Status: No, score=0.3 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, FSL_HELO_FAKE,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Thu, 30 Nov 2023 01:30:36 -0800 (PST) * Ashwin Dayanand Kamat wrote: > From: Ashwin Dayanand Kamat > > kernel crash was observed because of page fault, while running > cpuhotplug ltp testcases on SEV-ES enabled systems. The crash was > observed during hotplug after the CPU was offlined and the process > was migrated to different cpu. setup_ghcb() is called again which > tries to update ghcb_version in sev_es_negotiate_protocol(). Ideally this > is a read_only variable which is initialised during booting. > This results in pagefault. Applied to tip:x86/urgent, thanks. Tom: I've added your Suggested-by and Acked-by, which appeared to be the case given the v1 discussion, let me know if that's not accurate. I've also tidied up the changelog - final version attached below. Thanks, Ingo ============> From: Ashwin Dayanand Kamat Date: Wed, 29 Nov 2023 16:10:29 +0530 Subject: [PATCH] x86/sev: Fix kernel crash due to late update to read-only ghcb_version A write-access violation page fault kernel crash was observed while running cpuhotplug LTP testcases on SEV-ES enabled systems. The crash was observed during hotplug, after the CPU was offlined and the process was migrated to different CPU. setup_ghcb() is called again which tries to update ghcb_version in sev_es_negotiate_protocol(). Ideally this is a read_only variable which is initialised during booting. Trying to write it results in a pagefault: BUG: unable to handle page fault for address: ffffffffba556e70 #PF: supervisor write access in kernel mode #PF: error_code(0x0003) - permissions violation [ ...] Call Trace: ? __die_body.cold+0x1a/0x1f ? __die+0x2a/0x35 ? page_fault_oops+0x10c/0x270 ? setup_ghcb+0x71/0x100 ? __x86_return_thunk+0x5/0x6 ? search_exception_tables+0x60/0x70 ? __x86_return_thunk+0x5/0x6 ? fixup_exception+0x27/0x320 ? kernelmode_fixup_or_oops+0xa2/0x120 ? __bad_area_nosemaphore+0x16a/0x1b0 ? kernel_exc_vmm_communication+0x60/0xb0 ? bad_area_nosemaphore+0x16/0x20 ? do_kern_addr_fault+0x7a/0x90 ? exc_page_fault+0xbd/0x160 ? asm_exc_page_fault+0x27/0x30 ? setup_ghcb+0x71/0x100 ? setup_ghcb+0xe/0x100 cpu_init_exception_handling+0x1b9/0x1f0 The fix is to call sev_es_negotiate_protocol() only in the BSP boot phase, and it only needs to be done once in any case. [ mingo: Refined the changelog. ] Fixes: 95d33bfaa3e1 ("x86/sev: Register GHCB memory when SEV-SNP is active") Suggested-by: Tom Lendacky Co-developed-by: Bo Gan Signed-off-by: Bo Gan Signed-off-by: Ashwin Dayanand Kamat Signed-off-by: Ingo Molnar Acked-by: Tom Lendacky Link: https://lore.kernel.org/r/1701254429-18250-1-git-send-email-kashwindayan@vmware.com --- arch/x86/kernel/sev.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index 70472eebe719..c67285824e82 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -1234,10 +1234,6 @@ void setup_ghcb(void) if (!cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT)) return; - /* First make sure the hypervisor talks a supported protocol. */ - if (!sev_es_negotiate_protocol()) - sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SEV_ES_GEN_REQ); - /* * Check whether the runtime #VC exception handler is active. It uses * the per-CPU GHCB page which is set up by sev_es_init_vc_handling(). @@ -1254,6 +1250,13 @@ void setup_ghcb(void) return; } + /* + * Make sure the hypervisor talks a supported protocol. + * This gets called only in the BSP boot phase. + */ + if (!sev_es_negotiate_protocol()) + sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SEV_ES_GEN_REQ); + /* * Clear the boot_ghcb. The first exception comes in before the bss * section is cleared.