From: Tom Lendacky <thomas.lendacky@amd.com>
To: Naveen N Rao <naveen@kernel.org>,
Dan Williams <dan.j.williams@intel.com>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
linux-coco@lists.linux.dev,
Dave Hansen <dave.hansen@linux.intel.com>,
Borislav Petkov <bp@alien8.de>,
Vishal Annapurve <vannapurve@google.com>,
Kirill Shutemov <kirill.shutemov@linux.intel.com>,
Nikolay Borisov <nik.borisov@suse.com>,
Kevin Loughlin <kevinloughlin@google.com>
Subject: Re: [RFC PATCH] x86/sev: Disallow userspace access to BIOS region for SEV-SNP guests
Date: Tue, 8 Apr 2025 08:43:55 -0500 [thread overview]
Message-ID: <1bc4c506-57ad-38aa-d56d-ed058f54708e@amd.com> (raw)
In-Reply-To: <l34f6nqq3up23cvrgmebbufztqkvfil5eahecukw5bnqekccpj@6nbciquhwxxc>
On 4/7/25 08:13, Naveen N Rao wrote:
> On Thu, Apr 03, 2025 at 12:06:29PM -0700, Dan Williams wrote:
>> Naveen N Rao (AMD) wrote:
>>> Commit 9704c07bf9f7 ("x86/kernel: Validate ROM memory before accessing
>>> when SEV-SNP is active") added code to validate the ROM region from
>>> 0xc0000 to 0xfffff in a SEV-SNP guest since that region can be accessed
>>> during kernel boot. That address range is not part of the system RAM, so
>>> it needed to be validated separately.
>>>
>>> Commit 0f4a1e80989a ("x86/sev: Skip ROM range scans and validation for
>>> SEV-SNP guests") reverted those changes and instead chose to prevent the
>>> guest from accessing the ROM region since SEV-SNP guests did not rely on
>>> data from that region. However, while the kernel itself no longer
>>> accessed the ROM region, there are userspace programs that probe this
>>> region through /dev/mem and they started crashing due to this change. In
>>> particular, fwupd (up until versions released last year that no longer
>>> link against libsmbios) and smbios utilities such as smbios-sys-info
>>> crash with a cryptic message in dmesg:
>>> Wrong/unhandled opcode bytes: 0x8b, exit_code: 0x404, rIP: 0x7fe5404d3840
>>> SEV: Unsupported exit-code 0x404 in #VC exception (IP: 0x7fe5404d3840)
>>>
>>> Deny access to the BIOS region (rather than just the video ROM range)
>>> via /dev/mem to address this. Restrict changes to CONFIG_STRICT_DEVMEM=y
>>> which is enabled by default on x86. Add a new x86_platform_ops callback
>>> so Intel can customize the address range to block.
>>>
>>> Fixes: 0f4a1e80989a ("x86/sev: Skip ROM range scans and validation for SEV-SNP guests")
>>> Signed-off-by: Naveen N Rao (AMD) <naveen@kernel.org>
>>> ---
>>> arch/x86/coco/sev/core.c | 13 +++++++++++++
>>> arch/x86/include/asm/sev.h | 2 ++
>>> arch/x86/include/asm/x86_init.h | 2 ++
>>> arch/x86/kernel/x86_init.c | 2 ++
>>> arch/x86/mm/init.c | 3 +++
>>> arch/x86/mm/mem_encrypt_amd.c | 1 +
>>> 6 files changed, 23 insertions(+)
>>>
> <snip>
>>
>> Is there any driving need to allow devmem at all for TVM access at this
>> point?
>>
>> I would be in favor of making this clearly tied to devmem, call it
>> ".devmem_is_allowed" for symmetry with the mm/init.c helper, and make
>> the default implementation be:
>>
>> static bool platform_devmem_is_allowed(unsigned long pfn)
>> {
>> return !cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT));
>> }
>>
>> ...if a TVM technology wants more leniency, it can override.
>
> I'm not fully aware of the history here, but I suppose a TVM should
> appear as any other VM for userspace. For that reason, I didn't want to
> block access to /dev/mem any more than was necessary. Admittedly, I have
> limited insight into which utilities may be using /dev/mem today.
>
> Tom/Boris, do you see a problem blocking access to /dev/mem for SEV
> guests?
Not sure why we would suddenly not allow that.
Thanks,
Tom
>
>
> - Naveen
>
next prev parent reply other threads:[~2025-04-08 13:44 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-03 12:02 [RFC PATCH] x86/sev: Disallow userspace access to BIOS region for SEV-SNP guests Naveen N Rao (AMD)
2025-04-03 19:06 ` Dan Williams
2025-04-07 13:13 ` Naveen N Rao
2025-04-08 13:43 ` Tom Lendacky [this message]
2025-04-08 21:19 ` Dave Hansen
2025-04-08 23:55 ` Dan Williams
2025-04-09 16:02 ` Nikolay Borisov
2025-04-09 17:06 ` Dan Williams
2025-04-09 17:39 ` Kees Cook
2025-04-09 18:39 ` Dan Williams
2025-04-10 12:03 ` Nikolay Borisov
2025-04-10 16:32 ` Kees Cook
2025-04-10 16:39 ` Nikolay Borisov
2025-04-10 19:20 ` Dan Williams
2025-04-10 19:27 ` Nikolay Borisov
2025-04-10 20:07 ` Dan Williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1bc4c506-57ad-38aa-d56d-ed058f54708e@amd.com \
--to=thomas.lendacky@amd.com \
--cc=bp@alien8.de \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=kevinloughlin@google.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=naveen@kernel.org \
--cc=nik.borisov@suse.com \
--cc=vannapurve@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox