* [PATCH 0/2] x86/sev: Two fixes for SEV-ES VC stack handling
@ 2021-10-21 8:08 Joerg Roedel
2021-10-21 8:08 ` [PATCH 1/2] x86/sev: Fix stack type check in vc_switch_off_ist() Joerg Roedel
2021-10-21 8:08 ` [PATCH 2/2] x86/sev: Allow #VC exceptions on the VC2 stack Joerg Roedel
0 siblings, 2 replies; 5+ messages in thread
From: Joerg Roedel @ 2021-10-21 8:08 UTC (permalink / raw)
To: x86
Cc: Joerg Roedel, Joerg Roedel, hpa, Andy Lutomirski, Dave Hansen,
Peter Zijlstra, Jiri Slaby, Dan Williams, Tom Lendacky,
Juergen Gross, Kees Cook, David Rientjes, Marc Orr, Cfir Cohen,
Erdem Aktas, Masami Hiramatsu, Mike Stunes, Sean Christopherson,
Martin Radev, Arvind Sankar, Xinyang Ge, linux-coco, linux-kernel,
kvm, virtualization
From: Joerg Roedel <jroedel@suse.de>
Hi,
here are two fixes for recently discovered issues in the handling of
VC handler stack.
Please review.
Thanks,
Joerg
Joerg Roedel (2):
x86/sev: Fix stack type check in vc_switch_off_ist()
x86/sev: Allow #VC exceptions on the VC2 stack
arch/x86/kernel/sev.c | 21 +++++++++++++++++----
arch/x86/kernel/traps.c | 2 +-
2 files changed, 18 insertions(+), 5 deletions(-)
base-commit: 519d81956ee277b4419c723adfb154603c2565ba
--
2.33.1
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/2] x86/sev: Fix stack type check in vc_switch_off_ist()
2021-10-21 8:08 [PATCH 0/2] x86/sev: Two fixes for SEV-ES VC stack handling Joerg Roedel
@ 2021-10-21 8:08 ` Joerg Roedel
2021-10-21 17:01 ` [tip: x86/sev] " tip-bot2 for Joerg Roedel
2021-10-21 8:08 ` [PATCH 2/2] x86/sev: Allow #VC exceptions on the VC2 stack Joerg Roedel
1 sibling, 1 reply; 5+ messages in thread
From: Joerg Roedel @ 2021-10-21 8:08 UTC (permalink / raw)
To: x86
Cc: Joerg Roedel, Joerg Roedel, Tom Lendacky, hpa, Andy Lutomirski,
Dave Hansen, Peter Zijlstra, Jiri Slaby, Dan Williams,
Juergen Gross, Kees Cook, David Rientjes, Marc Orr, Cfir Cohen,
Erdem Aktas, Masami Hiramatsu, Mike Stunes, Sean Christopherson,
Martin Radev, Arvind Sankar, Xinyang Ge, linux-coco, linux-kernel,
kvm, virtualization
From: Joerg Roedel <jroedel@suse.de>
The value of STACK_TYPE_EXCEPTION_LAST points to the last _valid_
exception stack. Reflect that in the check done in the
vc_switch_off_ist() function.
Reported-by: Tom Lendacky <thomas.lendacky@amd.com>
Fixes: a13644f3a53de ("x86/entry/64: Add entry code for #VC handler")
Signed-off-by: Joerg Roedel <jroedel@suse.de>
---
arch/x86/kernel/traps.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
index a58800973aed..f516f2b4797e 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -709,7 +709,7 @@ asmlinkage __visible noinstr struct pt_regs *vc_switch_off_ist(struct pt_regs *r
stack = (unsigned long *)sp;
if (!get_stack_info_noinstr(stack, current, &info) || info.type == STACK_TYPE_ENTRY ||
- info.type >= STACK_TYPE_EXCEPTION_LAST)
+ info.type > STACK_TYPE_EXCEPTION_LAST)
sp = __this_cpu_ist_top_va(VC2);
sync:
--
2.33.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/2] x86/sev: Allow #VC exceptions on the VC2 stack
2021-10-21 8:08 [PATCH 0/2] x86/sev: Two fixes for SEV-ES VC stack handling Joerg Roedel
2021-10-21 8:08 ` [PATCH 1/2] x86/sev: Fix stack type check in vc_switch_off_ist() Joerg Roedel
@ 2021-10-21 8:08 ` Joerg Roedel
2021-10-21 17:01 ` [tip: x86/sev] " tip-bot2 for Joerg Roedel
1 sibling, 1 reply; 5+ messages in thread
From: Joerg Roedel @ 2021-10-21 8:08 UTC (permalink / raw)
To: x86
Cc: Joerg Roedel, Joerg Roedel, Xinyang Ge, hpa, Andy Lutomirski,
Dave Hansen, Peter Zijlstra, Jiri Slaby, Dan Williams,
Tom Lendacky, Juergen Gross, Kees Cook, David Rientjes, Marc Orr,
Cfir Cohen, Erdem Aktas, Masami Hiramatsu, Mike Stunes,
Sean Christopherson, Martin Radev, Arvind Sankar, linux-coco,
linux-kernel, kvm, virtualization
From: Joerg Roedel <jroedel@suse.de>
When code running on the VC2 stack causes a nested VC exception, the
handler will not handle it as expected but goes again into the error
path.
The result is that the panic() call happening when the VC exception
was raised in an invalid context is called recursively. Fix this by
checking the interrupted stack too and only call panic if it is not
the VC2 stack.
Reported-by: Xinyang Ge <xing@microsoft.com>
Fixes: 0786138c78e79 ("x86/sev-es: Add a Runtime #VC Exception Handler")
Signed-off-by: Joerg Roedel <jroedel@suse.de>
---
arch/x86/kernel/sev.c | 21 +++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c
index a6895e440bc3..f39165b5fa34 100644
--- a/arch/x86/kernel/sev.c
+++ b/arch/x86/kernel/sev.c
@@ -1319,13 +1319,26 @@ static __always_inline void vc_forward_exception(struct es_em_ctxt *ctxt)
}
}
-static __always_inline bool on_vc_fallback_stack(struct pt_regs *regs)
+static __always_inline bool is_vc2_stack(unsigned long sp)
{
- unsigned long sp = (unsigned long)regs;
-
return (sp >= __this_cpu_ist_bottom_va(VC2) && sp < __this_cpu_ist_top_va(VC2));
}
+static __always_inline bool vc_from_invalid_context(struct pt_regs *regs)
+{
+ unsigned long sp, prev_sp;
+
+ sp = (unsigned long)regs;
+ prev_sp = regs->sp;
+
+ /*
+ * If the code was already executing on the VC2 stack when the #VC
+ * happened, let it proceed to the normal handling routine. This way the
+ * code executing on the VC2 stack can cause get #VC exceptions handled.
+ */
+ return is_vc2_stack(sp) && !is_vc2_stack(prev_sp);
+}
+
static bool vc_raw_handle_exception(struct pt_regs *regs, unsigned long error_code)
{
struct ghcb_state state;
@@ -1406,7 +1419,7 @@ DEFINE_IDTENTRY_VC_KERNEL(exc_vmm_communication)
* But keep this here in case the noinstr annotations are violated due
* to bug elsewhere.
*/
- if (unlikely(on_vc_fallback_stack(regs))) {
+ if (unlikely(vc_from_invalid_context(regs))) {
instrumentation_begin();
panic("Can't handle #VC exception from unsupported context\n");
instrumentation_end();
--
2.33.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [tip: x86/sev] x86/sev: Allow #VC exceptions on the VC2 stack
2021-10-21 8:08 ` [PATCH 2/2] x86/sev: Allow #VC exceptions on the VC2 stack Joerg Roedel
@ 2021-10-21 17:01 ` tip-bot2 for Joerg Roedel
0 siblings, 0 replies; 5+ messages in thread
From: tip-bot2 for Joerg Roedel @ 2021-10-21 17:01 UTC (permalink / raw)
To: linux-tip-commits
Cc: Xinyang Ge, Joerg Roedel, Borislav Petkov, x86, linux-kernel
The following commit has been merged into the x86/sev branch of tip:
Commit-ID: ce47d0c00ff5621ae5825c9d81722b23b0df395e
Gitweb: https://git.kernel.org/tip/ce47d0c00ff5621ae5825c9d81722b23b0df395e
Author: Joerg Roedel <jroedel@suse.de>
AuthorDate: Thu, 21 Oct 2021 10:08:33 +02:00
Committer: Borislav Petkov <bp@suse.de>
CommitterDate: Thu, 21 Oct 2021 18:29:36 +02:00
x86/sev: Allow #VC exceptions on the VC2 stack
When code running on the VC2 stack causes a nested VC exception, the
handler will not handle it as expected but goes again into the error
path.
The result is that the panic() call happening when the VC exception
was raised in an invalid context is called recursively. Fix this by
checking the interrupted stack too and only call panic if it is not
the VC2 stack.
[ bp: Fixup comment. ]
Fixes: 0786138c78e79 ("x86/sev-es: Add a Runtime #VC Exception Handler")
Reported-by: Xinyang Ge <xing@microsoft.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20211021080833.30875-3-joro@8bytes.org
---
arch/x86/kernel/sev.c | 21 +++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c
index a6895e4..2de1f36 100644
--- a/arch/x86/kernel/sev.c
+++ b/arch/x86/kernel/sev.c
@@ -1319,13 +1319,26 @@ static __always_inline void vc_forward_exception(struct es_em_ctxt *ctxt)
}
}
-static __always_inline bool on_vc_fallback_stack(struct pt_regs *regs)
+static __always_inline bool is_vc2_stack(unsigned long sp)
{
- unsigned long sp = (unsigned long)regs;
-
return (sp >= __this_cpu_ist_bottom_va(VC2) && sp < __this_cpu_ist_top_va(VC2));
}
+static __always_inline bool vc_from_invalid_context(struct pt_regs *regs)
+{
+ unsigned long sp, prev_sp;
+
+ sp = (unsigned long)regs;
+ prev_sp = regs->sp;
+
+ /*
+ * If the code was already executing on the VC2 stack when the #VC
+ * happened, let it proceed to the normal handling routine. This way the
+ * code executing on the VC2 stack can cause #VC exceptions to get handled.
+ */
+ return is_vc2_stack(sp) && !is_vc2_stack(prev_sp);
+}
+
static bool vc_raw_handle_exception(struct pt_regs *regs, unsigned long error_code)
{
struct ghcb_state state;
@@ -1406,7 +1419,7 @@ DEFINE_IDTENTRY_VC_KERNEL(exc_vmm_communication)
* But keep this here in case the noinstr annotations are violated due
* to bug elsewhere.
*/
- if (unlikely(on_vc_fallback_stack(regs))) {
+ if (unlikely(vc_from_invalid_context(regs))) {
instrumentation_begin();
panic("Can't handle #VC exception from unsupported context\n");
instrumentation_end();
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [tip: x86/sev] x86/sev: Fix stack type check in vc_switch_off_ist()
2021-10-21 8:08 ` [PATCH 1/2] x86/sev: Fix stack type check in vc_switch_off_ist() Joerg Roedel
@ 2021-10-21 17:01 ` tip-bot2 for Joerg Roedel
0 siblings, 0 replies; 5+ messages in thread
From: tip-bot2 for Joerg Roedel @ 2021-10-21 17:01 UTC (permalink / raw)
To: linux-tip-commits
Cc: Tom Lendacky, Joerg Roedel, Borislav Petkov, x86, linux-kernel
The following commit has been merged into the x86/sev branch of tip:
Commit-ID: 5681981fb788281b09a4ea14d310d30b2bd89132
Gitweb: https://git.kernel.org/tip/5681981fb788281b09a4ea14d310d30b2bd89132
Author: Joerg Roedel <jroedel@suse.de>
AuthorDate: Thu, 21 Oct 2021 10:08:32 +02:00
Committer: Borislav Petkov <bp@suse.de>
CommitterDate: Thu, 21 Oct 2021 18:24:44 +02:00
x86/sev: Fix stack type check in vc_switch_off_ist()
The value of STACK_TYPE_EXCEPTION_LAST points to the last _valid_
exception stack. Reflect that in the check done in the
vc_switch_off_ist() function.
Fixes: a13644f3a53de ("x86/entry/64: Add entry code for #VC handler")
Reported-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20211021080833.30875-2-joro@8bytes.org
---
arch/x86/kernel/traps.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
index a588009..f516f2b 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -709,7 +709,7 @@ asmlinkage __visible noinstr struct pt_regs *vc_switch_off_ist(struct pt_regs *r
stack = (unsigned long *)sp;
if (!get_stack_info_noinstr(stack, current, &info) || info.type == STACK_TYPE_ENTRY ||
- info.type >= STACK_TYPE_EXCEPTION_LAST)
+ info.type > STACK_TYPE_EXCEPTION_LAST)
sp = __this_cpu_ist_top_va(VC2);
sync:
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-10-21 17:01 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-10-21 8:08 [PATCH 0/2] x86/sev: Two fixes for SEV-ES VC stack handling Joerg Roedel
2021-10-21 8:08 ` [PATCH 1/2] x86/sev: Fix stack type check in vc_switch_off_ist() Joerg Roedel
2021-10-21 17:01 ` [tip: x86/sev] " tip-bot2 for Joerg Roedel
2021-10-21 8:08 ` [PATCH 2/2] x86/sev: Allow #VC exceptions on the VC2 stack Joerg Roedel
2021-10-21 17:01 ` [tip: x86/sev] " tip-bot2 for Joerg Roedel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox