Received: by 2002:a05:7412:2a91:b0:fc:a2b0:25d7 with SMTP id u17csp225244rdh; Tue, 13 Feb 2024 15:11:09 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWVnurSVbwckh7fzFypSqERCBHPu+i/387JRJjWzHst/L9lAga9kiv0edb3IuezrAxh6WqkGn5lC1LL3e54Y3vAQz3wTx/yp1DQb91/CQ== X-Google-Smtp-Source: AGHT+IHrMPOJtk3ya5zDYp4GwygAsdwFtwkFroPlulganbc1n8kXj4Cuk3ungqZw+nXc4JS5lNZL X-Received: by 2002:a05:6512:a96:b0:510:206b:e94a with SMTP id m22-20020a0565120a9600b00510206be94amr737748lfu.53.1707865869534; Tue, 13 Feb 2024 15:11:09 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707865869; cv=pass; d=google.com; s=arc-20160816; b=cnkdsMEXgL/Tsc27pUCDuKWjfVnclccDIT3MYl/A1TKGBn4SHG1NmUCgbP1KfryZi3 +d0cBVuCGCw6tE7xmb9DzKgzFsp8gAtkzajyX896rNM/aZmpunxs/oozhiiBsbcQ+04R SDxLGp8lLUYlVslB51bQg6Nc2nhdqqDMVefOtAy0CW5EbtJLw/EyEjVBJctxe3YJ7uPZ 4LS9KWiRU97p9/lQdISb6ouznQ9P4aVtWWtkMh0gjTyrL/V+qiz70n6RLYK10cjtCt0u BNQcXPKrAb6BbOylhUdrBL0hCKhYUbcBhYPQvMm0AMT/+ikFIyU/kEkqe4EfdIZ964Jk 2qGA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=MSZPLVgvusOimnP2D4BEcyweB3P11DzVb4tIlxWityM=; fh=uP1ioDlf/stqT5PqvViHBbvJ74reru4XBZgNxHQWmsU=; b=OoWq48+ZoKPLn/NJmefPQqd/YnVL1ZTCJKj4Q2Lcf85r1simMfK15ENkxXHE+z7tPy rp13qnpqjXeiTVzKatddywchUIiGDDOOx6phHOTcja/Kd8IOZ4K1W5TsudRunoXvjFlu O9eNpSbSnZJhBQzbXXZWPYuVXk6DGDcTxe4v6BwG0UGQu2SimbKjdv8uPA+3vwC1e8+/ allj0TWfFKDRZC8V8z0BGbH8tYYhDKZ4xHHhWQi7Ga9yasE8ufLvHS9YJnRePWOxgXpR f5szi66vnMC6itvxxR13ZpL+M+NjdG2M3WQ6AGhrtCyCBm94UvZyGU2WvS60kxnLZX+8 WZxA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b="s1/ZTPwy"; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-64513-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-64513-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com X-Forwarded-Encrypted: i=2; AJvYcCVckK6W0gWIq9H30Vf9PoFPs2FKSmyNPtUE/+EukNh06VHkb/FnBzbZ90FbkG0mAc+vrNTWEDYmK9OGeZP4UFMFogf2SgLE3LTSoZdMag== Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id lt10-20020a170906fa8a00b00a3bb3eb404csi1677498ejb.844.2024.02.13.15.11.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Feb 2024 15:11:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-64513-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b="s1/ZTPwy"; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-64513-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-64513-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 200EE1F24FA2 for ; Tue, 13 Feb 2024 23:11:09 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id DE7A6629E7; Tue, 13 Feb 2024 23:11:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="s1/ZTPwy" Received: from mail-vk1-f177.google.com (mail-vk1-f177.google.com [209.85.221.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7072160B9D for ; Tue, 13 Feb 2024 23:10:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.177 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707865860; cv=none; b=FB9+6QVTNxf8M4pxHhyeu3l4iozEynf/IC+RrP/5+0Gx8uy8CuGPAtYebtwkzfKEZ9dN83aM6NZ6Rdqiva40AmZnZCiMLNtcMXxw0lnaKDLg/1olFLvkI4VmTUN/AlAF1rK4a3LHs+tRCdIxuUG6e3BfF7jxNiNKS+0DV7DPAsA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707865860; c=relaxed/simple; bh=MSZPLVgvusOimnP2D4BEcyweB3P11DzVb4tIlxWityM=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=aXjuKLdfP9IoJfwAkq8S2zcWd72OhbIJlhQ5C0lJ68diLmRau3JBOD3n+/vSdQlFQNM3pqQkTW8bSITWvUItnju5w/TtFhtwOT5tq28qp4CYC5xNoYFHZ50T1XBzpbD2wy3647BQIQ9gsGX1NMGqmJXT4OzokmGxHaBcAvbHg/w= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=s1/ZTPwy; arc=none smtp.client-ip=209.85.221.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Received: by mail-vk1-f177.google.com with SMTP id 71dfb90a1353d-4c081a16e6dso695128e0c.3 for ; Tue, 13 Feb 2024 15:10:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1707865857; x=1708470657; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=MSZPLVgvusOimnP2D4BEcyweB3P11DzVb4tIlxWityM=; b=s1/ZTPwy2YAU0eVncJF86QvhCYukZWK37A2VnRpNPFO/YtN64Uj2l2ohJE3c/uf139 ZsnH29xXT48lFT+YaicrBTGFlBRROLiPpzaTBma6etUJlDwRvL3oTZZqvd9KzN2hBvOo QKQ2+b6cP6WBqjYr459GLTbkHDWCe47Z5beFegJ551ztavL49jV63bjaeMVibdUrFMBn BwhC2wtpfWnMBqP9/Y9sMDsT+Ae7HirNPNZmPBwOlQp912MR69cdIC8gEzg8NUOrs2jd EsyemS2OmTjkr84IMFCIMjcSYpps8KzH6UfbmrrgAjLwoZv3E2eMCUlQlS9Mdz3Ikbyo 6/DA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707865857; x=1708470657; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MSZPLVgvusOimnP2D4BEcyweB3P11DzVb4tIlxWityM=; b=WoVKpv2ZsrB6tF4RjkYws7frW1vleTDUaNSSDDYvMgxNbchkQ1nAFLYwo6GPHP35Wm KzRzt/NMJOcR0MHw5F2GA08xsIh1hV7zXPGETbhh5m0likHJRBB7JniqBb4Cr/U+iqhT xA7hxqDwmalhlbX+wexO73/2XuHuNINjaM1d5uvbv21FVUXY//bSVHnMJg56QWdyR9a2 FLOd5TFalAJSCKsDEPkof0LNPCID4XgS0ldLL7dXtjl4FEiBV0m0Mf5pj6FX5QxeVyKC ozXDz46aj0MjWw3WFuJO5tYcQcFh2HWYDJRzSjYU5Ufo2od0QHHulBxPUVXMeSMGDRrC /Org== X-Forwarded-Encrypted: i=1; AJvYcCVIVW71797o2n6cfp9DF4WEGN8cybGULFjjqZ/bc5ncHFXvWxoRLjpQ6fFBw87tvcoyXw9OPQeNQsDtuGFwsNAr7wJfcCUDzaP6Mv4Z X-Gm-Message-State: AOJu0Yzwr6VA8zDVfXgFE4UVwz4J9BAHGtIDcIyYINwIxFFmbkr3ow+w Z7wVnbTD+rsJOcjlS/yimE2ngg+1CP9U695zAFaoslpeeyXiYWpgjldZiO7B3HcjR2g8lFEFKc3 JwETumYcOhSHe4EMqPTVobvGiS+Ka+EraaxrI X-Received: by 2002:a05:6102:22e8:b0:46d:2d23:f500 with SMTP id b8-20020a05610222e800b0046d2d23f500mr931935vsh.18.1707865857118; Tue, 13 Feb 2024 15:10:57 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240213040747.1745939-1-kevinloughlin@google.com> <170785457569.2934648.10119965441921727215@amd.com> In-Reply-To: <170785457569.2934648.10119965441921727215@amd.com> From: Kevin Loughlin Date: Tue, 13 Feb 2024 15:10:46 -0800 Message-ID: Subject: Re: [PATCH] x86/kernel: Validate ROM before DMI scanning when SEV-SNP is active To: Michael Roth Cc: Alexander Shishkin , Ard Biesheuvel , Baoquan He , Borislav Petkov , Brijesh Singh , Dave Hansen , Dionna Glaze , "H.Peter Anvin" , Ingo Molnar , Josh Poimboeuf , Kai Huang , Peter Zijlstra , Ross Lagerwall , Thomas Gleixner , Tom Lendacky , Yuntao Wang , linux-kernel@vger.kernel.org, x86@kernel.org, Adam Dunlap , Peter Gonda , Jacob Xu , Sidharth Telang , Conrad Grobler , Andri Saar Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Feb 13, 2024 at 12:03=E2=80=AFPM Michael Roth wrote: > > Quoting Kevin Loughlin (2024-02-12 22:07:46) > > SEV-SNP requires encrypted memory to be validated before access. The > > kernel is responsible for validating the ROM memory range because the > > range is not part of the e820 table and therefore not pre-validated by > > the BIOS. > > > > While the current SEV-SNP code attempts to validate the ROM range in > > probe_roms(), this does not suffice for all existing use cases. In > > particular, if EFI_CONFIG_TABLES are not enabled and > > CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK is set, the kernel will > > attempt to access the memory at SMBIOS_ENTRY_POINT_SCAN_START (which > > falls in the ROM range) prior to validation. The specific problematic > > call chain occurs during dmi_setup() -> dmi_scan_machine() and results > > in a crash during boot if SEV-SNP is enabled under these conditions. > > AFAIK, QEMU doesn't actually include any legacy ROMs as part of the initi= al > encrypted guest image, and I'm not aware of any VMM implementations that > do this either. I'm using a VMM implementation that uses (non-EFI) Oak stage0 firmware [0]. [0] https://github.com/project-oak/oak/tree/main/stage0_bin > If dmi_setup() similarly scans these ranges, it seems likely the same > issue would be present: the validated/private regions would only contain > ciphertext rather than the expected ROM data. Does that agree with the > behavior you are seeing? > > If so, maybe instead probe_roms should just be skipped in the case of SNP= ? If probe_roms() is skipped, SEV-SNP guest boot also currently crashes; I just quickly tried that (though admittedly haven't looked into why). Apparently though, the fix for early ROM range accesses is not as simple as just skipping probe_roms() if SEV-SNP is enabled. Furthermore, skipping probe_roms() was also *not* the route taken in the initial attempt that prevents this issue for EFI use cases [1]. [1] https://lore.kernel.org/lkml/20220307213356.2797205-21-brijesh.singh@am= d.com/ > And perhaps dmi_setup() should similarly skip the legacy ROM ranges for > the kernel configs in question? Given (a) non-EFI firmware is supported in other SME/SEV boot code patches [2], (b) this patch does not seem to introduce significant complexity (it just moves [1] to earlier in the boot process to additionally handle the non-EFI case), and (c) skipping probe_roms()+dmi_setup() doesn't work without additional changes, I'm currently still inclined to simply validate the legacy ROM ranges early enough to prevent this issue (as is already done when using EFI firmware). [2] https://lore.kernel.org/lkml/CAMj1kXFZKM5wU8djcVBxDmnCJwV4Xpest6u1EbE= =3D7wyLUUeUUQ@mail.gmail.com/