[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 3/3] x86: Support booting under Secure Startup via SKINIT
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
- Date: Thu, 28 Jan 2021 20:26:09 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yXyeJAT/pBhn/NP9mcxQ2jGuJoEQpuy3FAFAqKJNqVk=; b=B1k1BBTJxurGQKEMDy8QKvVTrKfYQYU+myQhqLgwNAWTGWPXf3y6i4jConkNbY7YImCFhdyxPsptdCfBaEQbqAmwqDs5NUdIoOg7dNDufhKj2y29WMlU6vsvTTKbNvp0Gp0m8vyifpHubbfnNZhg59zRZg2gfoJ1Zp0lPxBjd/g2Z5IHTiDyxDHKR1boZyVx1l0Gr6f7GOPyZxp0TStxq/sh0gCJYHZBp+AnHVEKZzXp2SsHf3SPYPIMFP9CLoh6hxWrD6SVzFtpjtFvRnORaAGYQPC2CLvPU/uDKJvfA8OGwXuv1z2LdMJlQ7Q+CqZD2dnp9EdIAFQjudRUqWcRXA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BvWzT2x9Sjihxs/8drTALMSEupD6B1L0qadL1t83cmdpKsVjUVCAYqbJjbrlo8yTj5EUpnQonCirRNIac9k+i+UjsRt1O4lMjV+4XUbl1QZI4f4OO+cZXMmpyCP7d0SF/BkjRAbYLKVV4+MB0zjZlgFZSKSWqNh8ipBmvPgTwsyBneI5ndRZKoHqmxD9mznoJFq1vzwnv61D969Dn0+K1Mb1vSg/JNWwcUiI566hkTMNoO8asY9OfPe7uVElp8achUqlsgirvtZSEZIOQ9QBzcmn6eU/AqO5cyQ1NJJm5uXAiqthsORe9GEUmNL6OZGmzaw7DCcsgJScVj8rbXTBjQ==
- Authentication-results: esa2.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
- Cc: Norbert Kamiński <norbert.kaminski@xxxxxxxxx>, "Marek Kasiewicz" <marek.kasiewicz@xxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Michal Zygowski <michal.zygowski@xxxxxxxxx>, Piotr Krol <piotr.krol@xxxxxxxx>, Krystian Hebel <krystian.hebel@xxxxxxxxx>, "Daniel P . Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Rich Persaud <persaur@xxxxxxxxx>, "Christopher Clark" <christopher.w.clark@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- Delivery-date: Thu, 28 Jan 2021 20:26:38 +0000
- Ironport-sdr: J8mlK8GF7l96YRuruUxin6jVWLAjTCI6reJrGxs2sV0FdN0+nEHSNz7lL/0/72Ch0gNm7DNInT QNd4mLR8T30sSz3XMTaGhfpVAgDtnnD+oHLHEYU+x9ZtlQguKltlYheZL9UO7A9dDVZHR9wPT+ swzZT6msZviz5+2fxDlKMJeh/3lFZW3kJw2qq4mHS3vdeJlzUkD2Bclur8AQrWlnrk/PDcmcSy JR11FcMnQYsQbKSDYfV+SfRseGQO7pgQ5/Xt9oTDmoh4EukjPfLDAX5wie7sLgGzd1DxWgS9Fq tg4=
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 20/01/2021 09:19, Jan Beulich wrote:
> On 16.01.2021 00:10, Andrew Cooper wrote:
>> --- a/xen/arch/x86/cpu/common.c
>> +++ b/xen/arch/x86/cpu/common.c
>> @@ -834,6 +834,29 @@ void load_system_tables(void)
>> BUG_ON(system_state != SYS_STATE_early_boot && (stack_bottom & 0xf));
>> }
>>
>> +static void skinit_enable_intr(void)
>> +{
>> + uint64_t val;
>> +
>> + /*
>> + * If the platform is performing a Secure Launch via SKINIT
>> + * INIT_REDIRECTION flag will be active.
>> + */
>> + if ( !cpu_has_skinit || rdmsr_safe(MSR_K8_VM_CR, val) ||
>> + !(val & VM_CR_INIT_REDIRECTION) )
>> + return;
>> +
>> + ap_boot_method = AP_BOOT_SKINIT;
>> +
>> + /*
>> + * We don't yet handle #SX. Disable INIT_REDIRECTION first, before
>> + * enabling GIF, so a pending INIT resets us, rather than causing a
>> + * panic due to an unknown exception.
>> + */
>> + wrmsr_safe(MSR_K8_VM_CR, val & ~VM_CR_INIT_REDIRECTION);
> Why wrmsr_safe() without checking its return value? If the write
> faults, we're hosed anyway, aren't we, so we may as well crash on
> the offending WRMSR rather than some time later?
Paranoia.
Xen's old MSR behaviour would have leaked INIT_REDIRECTION into guest
context but discarded writes, and there are usecases to keep
INIT_REDIRECTION enabled (if you're willing to sacrifice PV guests to
avoid #SX-over-the-syscall-gap or back-to-back-INIT-on-IST shaped
security holes).
I can make it unconditional if you'd prefer. At the moment, all this is
is a best-effort attempt to get back into the old state, so development
can continue more easily.
~Andrew
|