From patchwork Mon Aug 26 15:01:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yuxuan Luo X-Patchwork-Id: 1976876 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Wsv623hRWz1yZd for ; Tue, 27 Aug 2024 01:02:02 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1sibEA-0002F9-08; Mon, 26 Aug 2024 15:01:54 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1sibE7-0002Ch-UD for kernel-team@lists.ubuntu.com; Mon, 26 Aug 2024 15:01:51 +0000 Received: from mail-pg1-f197.google.com (mail-pg1-f197.google.com [209.85.215.197]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id B91793F078 for ; Mon, 26 Aug 2024 15:01:51 +0000 (UTC) Received: by mail-pg1-f197.google.com with SMTP id 41be03b00d2f7-7c6b192a39bso3777317a12.2 for ; Mon, 26 Aug 2024 08:01:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724684509; x=1725289309; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jHVnfsOnMxcdk85mZlR3zrQYUHo1NpdH1SYE3/sgtdc=; b=dt6pSmnk5xNP7M5NkxdnGxJyzXu6isbsaUo7nkFJXIsBin2sXkauTMTVmOENeMYClp T1mnlc5+xOJ93ULvNWI7EmzN4Z7ZQXKnZaRkihJ3XhEAbJ1qUVKc2PTXSwR/efniEK8e MPo3zLk7pZV/m5IIcr5zmSNILJW6ANFwlV4tlzo2SniaNDwu4Xu0VGBRDTEQm7v567pD 7y7JoBBcuw9A7rXe+Zvo5gxAUAig7TAMLJ71CwAUEdRke+L0cqWq/PRVH7xujWDJU1Up dCAQmmMKcYT0UYSU+8cs320LQ4OIHLZVzITHTMRFPEowBqRmEuY6VlrX1kLhzy/wR5ZB Iofg== X-Gm-Message-State: AOJu0Yx5F/fkhmCpTvGbZpNA4D+gP7BfK4d46tkXR1bpd6gi4syDngzK qW8AeojSoxxHKmF20mprJgljuZ6EiXtNdI/Vo+TDpWvvNQFtUHIfuqQMmfwCZeju8sEHmSijw8v DLhlHrbWjQ1hlxrQMfv7S+cKxKTdIs+xNDWYHBxKgwjtM/ZEykpldJHoDq6tqkmzR3lZaqxKz/G l2I/50zVJq3/Km X-Received: by 2002:a17:902:d4ce:b0:201:f853:3e69 with SMTP id d9443c01a7336-2039e4fbb83mr102802445ad.57.1724684507968; Mon, 26 Aug 2024 08:01:47 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHf3oshlvFymo7AcHd3klR1uROwRq+6H2nx8Gr+zh1+u+aFvzQU34abD9kz1eGonJoUIrXFPw== X-Received: by 2002:a17:902:d4ce:b0:201:f853:3e69 with SMTP id d9443c01a7336-2039e4fbb83mr102801875ad.57.1724684507344; Mon, 26 Aug 2024 08:01:47 -0700 (PDT) Received: from cache-ubuntu.hsd1.nj.comcast.net ([2001:67c:1562:8007::aac:4795]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2038556667bsm68731295ad.7.2024.08.26.08.01.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Aug 2024 08:01:46 -0700 (PDT) From: Yuxuan Luo To: kernel-team@lists.ubuntu.com Subject: [PATCH 4/8] x86/coco: Disable 32-bit emulation by default on TDX and SEV Date: Mon, 26 Aug 2024 11:01:21 -0400 Message-Id: <20240826150125.1347359-5-yuxuan.luo@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240826150125.1347359-1-yuxuan.luo@canonical.com> References: <20240826150125.1347359-1-yuxuan.luo@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: "Kirill A. Shutemov" The INT 0x80 instruction is used for 32-bit x86 Linux syscalls. The kernel expects to receive a software interrupt as a result of the INT 0x80 instruction. However, an external interrupt on the same vector triggers the same handler. The kernel interprets an external interrupt on vector 0x80 as a 32-bit system call that came from userspace. A VMM can inject external interrupts on any arbitrary vector at any time. This remains true even for TDX and SEV guests where the VMM is untrusted. Put together, this allows an untrusted VMM to trigger int80 syscall handling at any given point. The content of the guest register file at that moment defines what syscall is triggered and its arguments. It opens the guest OS to manipulation from the VMM side. Disable 32-bit emulation by default for TDX and SEV. User can override it with the ia32_emulation=y command line option. [ dhansen: reword the changelog ] Reported-by: Supraja Sridhara Reported-by: Benedict Schlüter Reported-by: Mark Kuhne Reported-by: Andrin Bertschi Reported-by: Shweta Shinde Signed-off-by: Kirill A. Shutemov Signed-off-by: Dave Hansen Reviewed-by: Thomas Gleixner Reviewed-by: Borislav Petkov (AMD) Cc: # v6.0+: 1da5c9b x86: Introduce ia32_enabled() Cc: # v6.0+ (backported from commit b82a8dbd3d2f4563156f7150c6f2ecab6e960b30) [yuxuan.luo: - mem_encrypt_amd.c: - two trivial conflicts are hard to solve, ignore them and apply the fix. - tdx.c: - Drop the change since TDX is not supported in the tree. ] CVE-2024-25744 Signed-off-by: Yuxuan Luo --- arch/x86/include/asm/ia32.h | 7 +++++++ arch/x86/mm/mem_encrypt_amd.c | 11 +++++++++++ 2 files changed, 18 insertions(+) diff --git a/arch/x86/include/asm/ia32.h b/arch/x86/include/asm/ia32.h index 5a2ae24b1204f..9805629479d96 100644 --- a/arch/x86/include/asm/ia32.h +++ b/arch/x86/include/asm/ia32.h @@ -75,6 +75,11 @@ static inline bool ia32_enabled(void) return __ia32_enabled; } +static inline void ia32_disable(void) +{ + __ia32_enabled = false; +} + #else /* !CONFIG_IA32_EMULATION */ static inline bool ia32_enabled(void) @@ -82,6 +87,8 @@ static inline bool ia32_enabled(void) return IS_ENABLED(CONFIG_X86_32); } +static inline void ia32_disable(void) {} + #endif #endif /* _ASM_X86_IA32_H */ diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c index e29b1418d00c7..20a96183ae7ec 100644 --- a/arch/x86/mm/mem_encrypt_amd.c +++ b/arch/x86/mm/mem_encrypt_amd.c @@ -31,6 +31,7 @@ #include #include #include +#include #include "mm_internal.h" @@ -196,6 +197,16 @@ void __init sme_early_init(void) if (sev_active()) swiotlb_force = SWIOTLB_FORCE; + + /* + * The VMM is capable of injecting interrupt 0x80 and triggering the + * compatibility syscall path. + * + * By default, the 32-bit emulation is disabled in order to ensure + * the safety of the VM. + */ + if (sev_status & MSR_AMD64_SEV_ENABLED) + ia32_disable(); } void __init sev_setup_arch(void)