From: Sean Christopherson <seanjc@google.com>
To: Joerg Roedel <joro@8bytes.org>
Cc: x86@kernel.org, Joerg Roedel <jroedel@suse.de>,
hpa@zytor.com, Andy Lutomirski <luto@kernel.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
Peter Zijlstra <peterz@infradead.org>,
Jiri Slaby <jslaby@suse.cz>,
Dan Williams <dan.j.williams@intel.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Juergen Gross <jgross@suse.com>,
Kees Cook <keescook@chromium.org>,
David Rientjes <rientjes@google.com>,
Cfir Cohen <cfir@google.com>, Erdem Aktas <erdemaktas@google.com>,
Masami Hiramatsu <mhiramat@kernel.org>,
Mike Stunes <mstunes@vmware.com>,
Martin Radev <martin.b.radev@gmail.com>,
Arvind Sankar <nivedita@alum.mit.edu>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
virtualization@lists.linux-foundation.org
Subject: Re: [PATCH v2 5/7] x86/boot/compressed/64: Add CPUID sanity check to 32-bit boot-path
Date: Wed, 10 Mar 2021 08:08:37 -0800 [thread overview]
Message-ID: <YEjvBfJg8P1SQt98@google.com> (raw)
In-Reply-To: <20210310084325.12966-6-joro@8bytes.org>
On Wed, Mar 10, 2021, Joerg Roedel wrote:
> From: Joerg Roedel <jroedel@suse.de>
>
> The 32-bit #VC handler has no GHCB and can only handle CPUID exit codes.
> It is needed by the early boot code to handle #VC exceptions raised in
> verify_cpu() and to get the position of the C bit.
>
> But the CPUID information comes from the hypervisor, which is untrusted
> and might return results which trick the guest into the no-SEV boot path
> with no C bit set in the page-tables. All data written to memory would
> then be unencrypted and could leak sensitive data to the hypervisor.
>
> Add sanity checks to the 32-bit boot #VC handler to make sure the
> hypervisor does not pretend that SEV is not enabled.
>
> Signed-off-by: Joerg Roedel <jroedel@suse.de>
> ---
> arch/x86/boot/compressed/mem_encrypt.S | 36 ++++++++++++++++++++++++++
> 1 file changed, 36 insertions(+)
>
> diff --git a/arch/x86/boot/compressed/mem_encrypt.S b/arch/x86/boot/compressed/mem_encrypt.S
> index 2ca056a3707c..8941c3a8ff8a 100644
> --- a/arch/x86/boot/compressed/mem_encrypt.S
> +++ b/arch/x86/boot/compressed/mem_encrypt.S
> @@ -145,6 +145,34 @@ SYM_CODE_START(startup32_vc_handler)
> jnz .Lfail
> movl %edx, 0(%esp) # Store result
>
> + /*
> + * Sanity check CPUID results from the Hypervisor. See comment in
> + * do_vc_no_ghcb() for more details on why this is necessary.
> + */
> +
> + /* Fail if Hypervisor bit not set in CPUID[1].ECX[31] */
This check is flawed, as is the existing check in 64-bit boot. Or I guess more
accurately, the check in get_sev_encryption_bit() is flawed. AIUI, SEV-ES
doesn't require the hypervisor to intercept CPUID. A malicious hypervisor can
temporarily pass-through CPUID to bypass the CPUID[1].ECX[31] check. The
hypervisor likely has access to the guest firmware source, so it wouldn't be
difficult for the hypervisor to disable CPUID interception once it detects that
firmware is handing over control to the kernel.
> + cmpl $1, %ebx
> + jne .Lcheck_leaf
> + btl $31, 4(%esp)
> + jnc .Lfail
> + jmp .Ldone
> +
> +.Lcheck_leaf:
> + /* Fail if SEV leaf not available in CPUID[0x80000000].EAX */
> + cmpl $0x80000000, %ebx
> + jne .Lcheck_sev
> + cmpl $0x8000001f, 12(%esp)
> + jb .Lfail
> + jmp .Ldone
> +
> +.Lcheck_sev:
> + /* Fail if SEV bit not set in CPUID[0x8000001f].EAX[1] */
> + cmpl $0x8000001f, %ebx
> + jne .Ldone
> + btl $1, 12(%esp)
> + jnc .Lfail
> +
> +.Ldone:
> popl %edx
> popl %ecx
> popl %ebx
> @@ -158,6 +186,14 @@ SYM_CODE_START(startup32_vc_handler)
>
> iret
> .Lfail:
> + /* Send terminate request to Hypervisor */
> + movl $0x100, %eax
> + xorl %edx, %edx
> + movl $MSR_AMD64_SEV_ES_GHCB, %ecx
> + wrmsr
> + rep; vmmcall
> +
> + /* If request fails, go to hlt loop */
> hlt
> jmp .Lfail
> SYM_CODE_END(startup32_vc_handler)
> --
> 2.30.1
>
next prev parent reply other threads:[~2021-03-10 16:09 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-10 8:43 [PATCH v2 0/7] x86/seves: Support 32-bit boot path and other updates Joerg Roedel
2021-03-10 8:43 ` [PATCH v2 1/7] x86/boot/compressed/64: Cleanup exception handling before booting kernel Joerg Roedel
2021-03-10 8:43 ` [PATCH v2 2/7] x86/boot/compressed/64: Reload CS in startup_32 Joerg Roedel
2021-03-10 8:43 ` [PATCH v2 3/7] x86/boot/compressed/64: Setup IDT in startup_32 boot path Joerg Roedel
2021-03-10 8:43 ` [PATCH v2 4/7] x86/boot/compressed/64: Add 32-bit boot #VC handler Joerg Roedel
2021-03-10 8:43 ` [PATCH v2 5/7] x86/boot/compressed/64: Add CPUID sanity check to 32-bit boot-path Joerg Roedel
2021-03-10 16:08 ` Sean Christopherson [this message]
2021-03-10 17:26 ` Martin Radev
2021-03-10 17:51 ` Sean Christopherson
2021-03-10 18:10 ` Martin Radev
2021-03-10 8:43 ` [PATCH v2 6/7] x86/boot/compressed/64: Check SEV encryption in " Joerg Roedel
2021-03-10 8:43 ` [PATCH v2 7/7] x86/sev-es: Replace open-coded hlt-loops with sev_es_terminate() Joerg Roedel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YEjvBfJg8P1SQt98@google.com \
--to=seanjc@google.com \
--cc=cfir@google.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=erdemaktas@google.com \
--cc=hpa@zytor.com \
--cc=jgross@suse.com \
--cc=joro@8bytes.org \
--cc=jroedel@suse.de \
--cc=jslaby@suse.cz \
--cc=keescook@chromium.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=martin.b.radev@gmail.com \
--cc=mhiramat@kernel.org \
--cc=mstunes@vmware.com \
--cc=nivedita@alum.mit.edu \
--cc=peterz@infradead.org \
--cc=rientjes@google.com \
--cc=thomas.lendacky@amd.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).