Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler

[PATCH v6 00/42] Add AMD Secure Nested Paging (SEV-SNP) Guest Support · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 01/42] x86/mm: Extend cc_attr to include AMD SEV-SNP · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 02/42] x86/sev: Shorten GHCB terminate macro names · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 02/42] x86/sev: Shorten GHCB terminate macro names · Borislav Petkov <bp@alien8.de> · 2021-10-11
[PATCH v6 03/42] x86/sev: Get rid of excessive use of defines · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 03/42] x86/sev: Get rid of excessive use of defines · Borislav Petkov <bp@alien8.de> · 2021-10-11
[PATCH v6 05/42] x86/sev: Define the Linux specific guest termination reasons · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 06/42] x86/sev: Save the negotiated GHCB version · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 04/42] x86/head64: Carve out the guest encryption postprocessing into a helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-18
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-18
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-18
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-20
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-20
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-20
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Dr. David Alan Gilbert <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Dr. David Alan Gilbert <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Dr. David Alan Gilbert <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-25
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-25
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-27
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-27
[PATCH v6 07/42] x86/sev: Add support for hypervisor feature VMGEXIT · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 07/42] x86/sev: Add support for hypervisor feature VMGEXIT · Borislav Petkov <bp@alien8.de> · 2021-10-13
[PATCH v6 09/42] x86/sev: Check SEV-SNP features support · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 09/42] x86/sev: Check SEV-SNP features support · Borislav Petkov <bp@alien8.de> · 2021-10-19
[PATCH v6 10/42] x86/sev: Add a helper for the PVALIDATE instruction · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 12/42] x86/compressed: Add helper for validating pages in the decompression stage · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 13/42] x86/compressed: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 13/42] x86/compressed: Register GHCB memory when SEV-SNP is active · Borislav Petkov <bp@alien8.de> · 2021-11-02
[PATCH v6 11/42] x86/sev: Check the vmpl level · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 11/42] x86/sev: Check the vmpl level · Borislav Petkov <bp@alien8.de> · 2021-10-28
[PATCH v6 17/42] x86/kernel: Make the bss.decrypted section shared in RMP table · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 20/42] KVM: SVM: Define sev_features and vmpl field in the VMSA · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 18/42] x86/kernel: Validate rom memory before accessing when SEV-SNP is active · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Borislav Petkov <bp@alien8.de> · 2021-11-09
Re: [PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Brijesh Singh <hidden> · 2021-11-10
Re: [PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Borislav Petkov <bp@alien8.de> · 2021-11-10
Re: [PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Tom Lendacky <thomas.lendacky@amd.com> · 2021-11-11
Re: [PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Borislav Petkov <bp@alien8.de> · 2021-11-11
[PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Borislav Petkov <bp@alien8.de> · 2021-11-02
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-11-02
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Borislav Petkov <bp@alien8.de> · 2021-11-02
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-11-03
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Borislav Petkov <bp@alien8.de> · 2021-11-04
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-11-04
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Boris Petkov <bp@alien8.de> · 2021-11-04
[PATCH v6 15/42] x86/sev: Remove do_early_exception() forward declarations · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 15/42] x86/sev: Remove do_early_exception() forward declarations · Borislav Petkov <bp@alien8.de> · 2021-11-02
[PATCH v6 21/42] KVM: SVM: Create a separate mapping for the SEV-ES save area · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 22/42] KVM: SVM: Create a separate mapping for the GHCB save area · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 23/42] KVM: SVM: Update the SEV-ES save area mapping · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 24/42] x86/sev: Use SEV-SNP AP creation to start secondary CPUs · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 25/42] x86/head: re-enable stack protection for 32/64-bit builds · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 28/42] x86/compressed/acpi: move EFI system table lookup to helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 16/42] x86/sev: Add helper for validating pages in early enc attribute changes · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 26/42] x86/sev: move MSR-based VMGEXITs for CPUID to helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 27/42] KVM: x86: move lookup of indexed CPUID leafs to helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 30/42] x86/compressed/acpi: move EFI vendor table lookup to helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 29/42] x86/compressed/acpi: move EFI config table lookup to helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 31/42] x86/boot: Add Confidential Computing type to setup_data · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 41/42] virt: sevguest: Add support to derive key · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 39/42] x86/sev: Register SNP guest request platform device · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 38/42] x86/sev: Provide support for SNP guest request NAEs · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 40/42] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Dov Murik <hidden> · 2021-10-10
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-10-13
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Peter Gonda <hidden> · 2021-10-20
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-10-27
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Peter Gonda <hidden> · 2021-10-27
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-10-27
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Peter Gonda <hidden> · 2021-10-27
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-10-27
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Peter Gonda <hidden> · 2021-10-27
[PATCH v6 36/42] x86/compressed/64: add identity mapping for Confidential Computing blob · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 37/42] x86/sev: use firmware-validated CPUID for SEV-SNP guests · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 42/42] virt: sevguest: Add support to get extended report · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 35/42] x86/compressed/64: store Confidential Computing blob address in bootparams · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 32/42] x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 33/42] boot/compressed/64: use firmware-validated CPUID for SEV-SNP guests · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 34/42] x86/boot: add a pointer to Confidential Computing blob in bootparams · Brijesh Singh <hidden> · 2021-10-08

From: Dr. David Alan Gilbert <hidden>
Date: 2021-10-21 15:56:21
Also in: kvm, linux-efi, linux-mm, lkml, platform-driver-x86

* Borislav Petkov (bp@alien8.de) wrote:

On Wed, Oct 20, 2021 at 11:10:23AM -0500, Michael Roth wrote:

quoted

At which point we then switch to using the CPUID table? But at that
point all the previous CPUID checks, both SEV-related/non-SEV-related,
are now possibly not consistent with what's in the CPUID table. Do we
then revalidate?

Well, that's a tough question. That's basically the same question as,
does Linux support heterogeneous cores and can it handle hardware
features which get enabled after boot. The perfect example is, late
microcode loading which changes CPUID bits and adds new functionality.

And the answer to that is, well, hard. You need to decide this on a
case-by-case basis.

I can imagine a malicious hypervisor trying to return different cpuid
answers to different threads or even the same thread at different times.

But isn't it that the SNP CPUID page will be parsed early enough anyway
so that kernel proper will see only SNP CPUID info and init properly
using that?

quoted

Even a non-malicious hypervisor might provide inconsistent values
between the two sources due to bugs, or SNP validation suppressing
certain feature bits that hypervisor otherwise exposes, etc.

There's also migration, lemme point to a very recent example:

https://lore.kernel.org/r/20211021104744.24126-1-jane.malalane@citrix.com (local)

Ewww.

which is exactly what you say - a non-malicious HV taking care of its
migration pool. So how do you handle that?

Well, the spec (AMD 56860 SEV spec) says:

  'If firmware encounters a CPUID function that is in the standard or extended ranges, then the
firmware performs a check to ensure that the provided output would not lead to an insecure guest
state'

so I take that 'firmware' to be the PSP; that wording doesn't say that
it checks that the CPUID is identical, just that it 'would not lead to
an insecure guest' - so a hypervisor could hide any 'no longer affected
by' flag for all the CPUs in it's migration pool and the firmware
shouldn't complain; so it should be OK to pessimise.

Dave

quoted

Now all the code after sme_enable() can potentially take unexpected
execution paths, where post-sme_enable() code makes assumptions about
pre-sme_enable() checks that may no longer hold true.

So as I said above, if you parse SNP CPUID page early enough, you don't
have to worry about feature rediscovery. Early enough means, before
identify_boot_cpu().

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

-- 
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help