From nobody Wed Nov 27 04:58:36 2024 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 888F31AA786; Mon, 14 Oct 2024 11:32:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.12 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728905558; cv=none; b=FpG98h57mJqOa5gL9JrGb5PWQupGI7LOJijinZQbIG2VLg+iQmuRKOrmI4lzmKIyz97skBEYd5FM2oH2MKwiOp5bvlTTA3l8zu6JF4EyWbLIJuYVzOVebHIVgi6xwtjNchgZonsjR9h0225dgbNFsh+27UAHhCvZtkwjhHq2nRA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728905558; c=relaxed/simple; bh=G8yBT7WdIx28fuQzQTlC+Q/DNMdS5bKfXBVXPUHC2XI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ZKdBpxWKiLUj7lZLITJBOOgmxupFDmqV+5Y9vzi/A1nqRvi/+X5fKaJIM+o1pPtXs/L0OHsGwcWBM4eKgFzjJiycvF7oD4XOv4K87pDolh+mVzkInt91yY7vJGH2eyj0lGZbummWBaHsM3/JVwuD+pZvxvq9lirwGvkjiGvrf7I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=UWhoGFDw; arc=none smtp.client-ip=192.198.163.12 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="UWhoGFDw" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1728905556; x=1760441556; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=G8yBT7WdIx28fuQzQTlC+Q/DNMdS5bKfXBVXPUHC2XI=; b=UWhoGFDwGzTEfAZtvPbKO4XltwxVTytJwy+Z+tDPrWkGh9gMVDLSBfxb ExzFvDGuV5gbaGUwwvmdIXNhDaxPDX93jrY/tnY//YCcDnBoTXqmPLxC4 M9/I9mwpWOoQ+3gI0JAXpqRxSr24MGvl4hwdjvzyWsbCV4ivCj7l8ShHJ 4og1YBhK9yNv+5qP40J8FdLGbUyezNPF6L41o1hBGduj89SwGEZx/DXMB TqkYz/Lzkzm5469NU9g2v8pyuhyktO5YfAT/+VhubyCy8MAOodQHOdvbE LAE4qUStGmBGA8ShrKfok4MjUdcy42Qsgh5sG+eMAhRSWcfBcL5ehB12p w==; X-CSE-ConnectionGUID: 7T+v/586Rp2QN8V3Gt3kCw== X-CSE-MsgGUID: 6Ox25bb5TC2hSZPNRllIUA== X-IronPort-AV: E=McAfee;i="6700,10204,11224"; a="32166555" X-IronPort-AV: E=Sophos;i="6.11,202,1725346800"; d="scan'208";a="32166555" Received: from fmviesa005.fm.intel.com ([10.60.135.145]) by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Oct 2024 04:32:36 -0700 X-CSE-ConnectionGUID: Lw2pRwCKTwmon6nN5nQtPw== X-CSE-MsgGUID: 7e3kRGAsQUWN8WsOcpIo9Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,202,1725346800"; d="scan'208";a="82117498" Received: from jdoman-desk1.amr.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.124.220.204]) by fmviesa005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Oct 2024 04:32:33 -0700 From: Kai Huang To: dave.hansen@intel.com, kirill.shutemov@linux.intel.com, tglx@linutronix.de, bp@alien8.de, peterz@infradead.org, mingo@redhat.com, hpa@zytor.com, dan.j.williams@intel.com, seanjc@google.com, pbonzini@redhat.com Cc: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, rick.p.edgecombe@intel.com, isaku.yamahata@intel.com, adrian.hunter@intel.com, nik.borisov@suse.com, kai.huang@intel.com Subject: [PATCH v5 7/8] x86/virt/tdx: Require the module to assert it has the NO_RBP_MOD mitigation Date: Tue, 15 Oct 2024 00:31:54 +1300 Message-ID: X-Mailer: git-send-email 2.46.2 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Old TDX modules can clobber RBP in the TDH.VP.ENTER SEAMCALL. However RBP is used as frame pointer in the x86_64 calling convention, and clobbering RBP could result in bad things like being unable to unwind the stack if any non-maskable exceptions (NMI, #MC etc) happens in that gap. A new "NO_RBP_MOD" feature was introduced to more recent TDX modules to not clobber RBP. This feature is reported in the TDX_FEATURES0 global metadata field via bit 18. Don't initialize the TDX module if this feature is not supported [1]. Link: https://lore.kernel.org/all/fc0e8ab7-86d4-4428-be31-82e1ece6dd21@inte= l.com/ [1] Signed-off-by: Kai Huang Reviewed-by: Nikolay Borisov Reviewed-by: Adrian Hunter Reviewed-by: Dan Williams --- v4 -> v5: - Rebase due to patch 3 change. v3 -> v4: - Move reading TDX_FEATURES0 code to this patch. - Change patch title and use permalink - Dan. Hi Dan, Ardian, Nikolay, The code to read TDX_FEATURES0 was not included in this patch when you gave your tag. I didn't remove them. Please let me know if you want me to remove your tag. Thanks! v2 -> v3: - check_module_compatibility() -> check_features(). - Improve error message. https://lore.kernel.org/kvm/cover.1721186590.git.kai.huang@intel.com/T/#md= 9e2eeef927838cbf20d7b361cdbea518b8aec50 --- arch/x86/virt/vmx/tdx/tdx.c | 36 ++++++++++++++++++++++++++++++++++++ arch/x86/virt/vmx/tdx/tdx.h | 16 ++++++++++++++++ 2 files changed, 52 insertions(+) diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index 130ddac47f64..c877d02ca057 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -292,6 +292,21 @@ static int __read_sys_metadata_field(u64 field_id, voi= d *val, int size) __read_sys_metadata_field(_field_id, _val, sizeof(*(_val))); \ }) =20 +static int get_tdx_sys_info_features(struct tdx_sys_info_features *sysinfo= _features) +{ + int ret =3D 0; + +#define READ_SYS_INFO(_field_id, _member) \ + ret =3D ret ?: read_sys_metadata_field(MD_FIELD_ID_##_field_id, \ + &sysinfo_features->_member) + + READ_SYS_INFO(TDX_FEATURES0, tdx_features0); + +#undef READ_SYS_INFO + + return ret; +} + static int get_tdx_sys_info_version(struct tdx_sys_info_version *sysinfo_v= ersion) { int ret =3D 0; @@ -335,6 +350,10 @@ static int get_tdx_sys_info(struct tdx_sys_info *sysin= fo) { int ret; =20 + ret =3D get_tdx_sys_info_features(&sysinfo->features); + if (ret) + return ret; + ret =3D get_tdx_sys_info_version(&sysinfo->version); if (ret) return ret; @@ -364,6 +383,18 @@ static void print_basic_sys_info(struct tdx_sys_info *= sysinfo) print_sys_info_version(&sysinfo->version); } =20 +static int check_features(struct tdx_sys_info *sysinfo) +{ + u64 tdx_features0 =3D sysinfo->features.tdx_features0; + + if (!(tdx_features0 & TDX_FEATURES0_NO_RBP_MOD)) { + pr_err("frame pointer (RBP) clobber bug present, upgrade TDX module\n"); + return -EINVAL; + } + + return 0; +} + /* Calculate the actual TDMR size */ static int tdmr_size_single(u16 max_reserved_per_tdmr) { @@ -1145,6 +1176,11 @@ static int init_tdx_module(void) =20 print_basic_sys_info(&sysinfo); =20 + /* Check whether the kernel can support this module */ + ret =3D check_features(&sysinfo); + if (ret) + return ret; + /* * To keep things simple, assume that all TDX-protected memory * will come from the page allocator. Make sure all pages in the diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h index 0203528da024..18c54e1e3a4a 100644 --- a/arch/x86/virt/vmx/tdx/tdx.h +++ b/arch/x86/virt/vmx/tdx/tdx.h @@ -31,6 +31,7 @@ * * See the "global_metadata.json" in the "TDX 1.5 ABI definitions". */ +#define MD_FIELD_ID_TDX_FEATURES0 0x0A00000300000008ULL #define MD_FIELD_ID_BUILD_DATE 0x8800000200000001ULL #define MD_FIELD_ID_BUILD_NUM 0x8800000100000002ULL #define MD_FIELD_ID_MINOR_VERSION 0x0800000100000003ULL @@ -105,6 +106,20 @@ struct tdmr_info { * those used by the kernel are. */ =20 +/* + * Class "TDX Module Info". + * + * This class also contains other fields like SYS_ATTRIBUTES and the + * NUM_TDX_FEATURES. For now only TDX_FEATURES0 is needed, but still + * keep the structure to follow the spec (and for future extension). + */ +struct tdx_sys_info_features { + u64 tdx_features0; +}; + +/* Bit definitions of TDX_FEATURES0 metadata field */ +#define TDX_FEATURES0_NO_RBP_MOD _BITULL(18) + /* Class "TDX Module Version" */ struct tdx_sys_info_version { u16 major; @@ -123,6 +138,7 @@ struct tdx_sys_info_tdmr { }; =20 struct tdx_sys_info { + struct tdx_sys_info_features features; struct tdx_sys_info_version version; struct tdx_sys_info_tdmr tdmr; }; --=20 2.46.2