Re: [PATCH v2 3/3] x86/sev: Add SEV-SNP CipherTextHiding support
From: Ashish Kalra
Date: Thu Oct 03 2024 - 18:10:51 EST
>>>>> +static int max_snp_asid;
>>>> +module_param(max_snp_asid, int, 0444);
>>>> +MODULE_PARM_DESC(max_snp_asid, " override MAX_SNP_ASID for Cipher Text Hiding");
>>> My read of the spec is if Ciphertext hiding is not enabled there is no
>>> additional split in the ASID space. Am I understanding that correctly?
>> Yes that is correct.
>>> If so, I don't think we want to enable ciphertext hiding by default
>>> because it might break whatever management of ASIDs systems already
>>> have. For instance right now we have to split SEV-ES and SEV ASIDS,
>>> and SNP guests need SEV-ES ASIDS. This change would half the # of SNP
>>> enable ASIDs on a system.
>>
>> My thought here is that we probably want to enable Ciphertext hiding by default as that should fix any security issues and concerns around SNP encryption as .Ciphertext hiding prevents host accesses from reading the ciphertext of SNP guest private memory.
>>
>> This patch does add a new CCP module parameter, max_snp_asid, which can be used to dedicate all SEV-ES ASIDs to SNP guests.
>>
>>>
>>> Also should we move the ASID splitting code to be all in one place?
>>> Right now KVM handles it in sev_hardware_setup().
>>
>> Yes, but there is going to be a separate set of patches to move all ASID handling code to CCP module.
>>
>> This refactoring won't be part of the SNP ciphertext hiding support patches.
>Makes sense. I see Tom has asked you to split this patch into ccp and KVM.
>Maybe add a line to the description so more are aware of the impending
>changes to asids?
Sure, i will do that.
>I tested these patches a bit with the selftests / manually by
>backporting to 6.11-rc7. When you send a V3 I'll redo for a tag. BTW
>for some reason 6.12-rc1 and kvm/queue both fail to init SNP for me,
>then the kernel segfaults. Not sure whats going on there...
I tested with 6.12-rc1 and i don't have any issues with SNP init and running SNP
VMs on that (with and without CipherTextHiding enabled), but i am getting a lot of
stack dumps especially during host boot with apparmor, surely something looks
to be broken on apparmor on 6.12-rc1:
[ 33.180836] BUG: kernel NULL pointer dereference, address: 000000000000001c
[ 33.180842] #PF: supervisor read access in kernel mode
[ 33.180843] #PF: error_code(0x0000) - not-present page
[ 33.180846] PGD 16bc1b067 P4D 0
[ 33.180849] Oops: Oops: 0000 [#4] SMP NOPTI
[ 33.180853] CPU: 155 UID: 0 PID: 2521 Comm: apparmor_parser Tainted: G D W 6.12.0-rc1-next-20241003-snp-host-f2a41ff576cc-dirty #19
[ 33.632606] RIP: 0010:krealloc_noprof+0x8f/0x300
[ 33.632608] Code: 8b 50 08 f6 c2 01 0f 85 14 02 00 00 0f 1f 44 00 00 80 78 33 f5 0f 85 0e 02 00 00 48 85 c0 0f 84 05 02 00 00 48 8b 48 08 66 90 <48> 63 59 1c 41 89 df 4d 39 fd 0f 87 8c 00 00 00 0f 1f 44 00 00 48
[ 33.632610] RSP: 0018:ff2e31fe0ad3f848 EFLAGS: 00010202
[ 33.632611] RAX: ff9e19414443ec00 RBX: 0000000000000001 RCX: 0000000000000000
[ 33.632613] RDX: 0000000000000000 RSI: 0000000000002beb RDI: ff2d8c4410fb0000
[ 33.632614] RBP: ff2e31fe0ad3f878 R08: 0000000000002be4 R09: 0000000000000000
[ 33.632615] R10: 00000000000093cb R11: ff2d8c4410fb2beb R12: ff2d8c4410fb0000
[ 33.632616] R13: 0000000000002beb R14: 0000000000000cc0 R15: ff2d8c446d000000
[ 33.632618] FS: 00007ff504a05740(0000) GS:ff2d8c4b2c500000(0000) knlGS:0000000000000000
[ 33.632619] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 33.632620] CR2: 000000000000001c CR3: 0000000157f2e001 CR4: 0000000000771ef0
[ 33.632622] PKRU: 55555554
[ 33.632623] note: apparmor_parser[2522] exited with irqs disabled
[ 33.977961] Tainted: [D]=DIE, [W]=WARN
[ 33.990019] Hardware name: AMD Corporation PURICO/PURICO, BIOS TPUT0090F 06/05/2024
[ 34.006754] RIP: 0010:krealloc_noprof+0x8f/0x300
[ 34.020151] Code: 8b 50 08 f6 c2 01 0f 85 14 02 00 00 0f 1f 44 00 00 80 78 33 f5 0f 85 0e 02 00 00 48 85 c0 0f 84 05 02 00 00 48 8b 48 08 66 90 <48> 63 59 1c 41 89 df 4d 39 fd 0f 87 8c 00 00 00 0f 1f 44 00 00 48
[ 34.058484] RSP: 0018:ff2e31fe0ad57928 EFLAGS: 00010202
[ 34.073095] RAX: ff9e194145b4c400 RBX: 0000000000000001 RCX: 0000000000000000
[ 34.089957] RDX: 0000000000000000 RSI: 00000000000057bf RDI: ff2d8c446d310000
[ 34.106827] RBP: ff2e31fe0ad57958 R08: 00000000000057b8 R09: 0000000000000000
[ 34.123733] R10: 000000000000dac1 R11: ff2d8c446d3157bf R12: ff2d8c446d310000
[ 34.140668] R13: 00000000000057bf R14: 0000000000000cc0 R15: ff2d8c446d400000
[ 34.157572] FS: 00007ff504a05740(0000) GS:ff2d8c4b2b380000(0000) knlGS:0000000000000000
[ 34.175513] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 34.190675] CR2: 000000000000001c CR3: 0000000157f2a004 CR4: 0000000000771ef0
[ 34.207373] PKRU: 55555554
[ 34.218980] Call Trace:
[ 34.230226] <TASK>
[ 34.241043] ? show_regs+0x6d/0x80
[ 34.253389] ? __die+0x29/0x70
[ 34.265311] ? page_fault_oops+0x15c/0x550
[ 34.278341] ? do_user_addr_fault+0x45e/0x7b0
[ 34.291477] ? ZSTD_compressEnd_public+0x2c/0x170
[ 34.304780] ? exc_page_fault+0x7c/0x170
[ 34.316962] ? asm_exc_page_fault+0x2b/0x30
[ 34.329194] ? krealloc_noprof+0x8f/0x300
[ 34.341001] ? zstd_compress_cctx+0x87/0xa0
[ 34.353005] aa_unpack+0x688/0x700
[ 34.364035] aa_replace_profiles+0x9e/0x1170
[ 34.375977] policy_update+0xd9/0x170
[ 34.387225] profile_replace+0xb0/0x130
[ 34.398644] vfs_write+0xf8/0x3e0
[ 34.409463] ? __x64_sys_openat+0x59/0xa0
[ 34.420909] ksys_write+0x6b/0xf0
[ 34.431356] __x64_sys_write+0x1d/0x30
[ 34.442244] x64_sys_call+0x1685/0x20d0
[ 34.453055] do_syscall_64+0x6f/0x110
[ 34.463491] ? ksys_read+0x6b/0xf0
[ 34.473492] ? syscall_exit_to_user_mode+0x57/0x1b0
[ 34.485139] ? do_syscall_64+0x7b/0x110
[ 34.495611] ? generic_file_read_iter+0xbf/0x110
[ 34.506980] ? apparmor_file_permission+0x6f/0x170
[ 34.518530] ? ext4_file_read_iter+0x5f/0x1e0
[ 34.529610] ? vfs_read+0x25c/0x340
[ 34.539607] ? ksys_read+0x6b/0xf0
[ 34.549394] ? syscall_exit_to_user_mode+0x57/0x1b0
[ 34.560829] ? do_syscall_64+0x7b/0x110
[ 34.571009] ? irqentry_exit_to_user_mode+0x33/0x170
[ 34.582461] ? irqentry_exit+0x21/0x40
[ 34.592443] ? exc_page_fault+0x8d/0x170
[ 34.602507] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 34.613786] RIP: 0033:0x7ff504714887
[ 34.623229] Code: 10 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24
[ 34.655533] RSP: 002b:00007ffcb6fbc758 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 34.669681] RAX: ffffffffffffffda RBX: 000055f36c77bdc0 RCX: 00007ff504714887
[ 34.683405] RDX: 000000000000dac1 RSI: 000055f36c7a1680 RDI: 0000000000000007
[ 34.697133] RBP: 000000000000dac1 R08: 0000000000000000 R09: 000055f36c7a1680
[ 34.710815] R10: 0000000000000000 R11: 0000000000000246 R12: 000055f36c7a1680
[ 34.724467] R13: 000000000000dac1 R14: 000055f3654bcc5b R15: 0000000000000007
[ 34.738032] </TASK>
[ 34.745917] Modules linked in: nls_iso8859_1 wmi_bmof rapl input_leds joydev ccp(+) k10temp wmi acpi_ipmi ipmi_si ipmi_devintf ipmi_msghandler mac_hid sch_fq_codel dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua msr efi_pstore drm autofs4 btrfs blake2b_generic raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq raid1 raid0 crct10dif_pclmul ahci crc32_pclmul tg3 ghash_clmulni_intel libahci i2c_piix4 i2c_smbus hid_generic usbhid hid aesni_intel crypto_simd cryptd
[ 34.819993] CR2: 000000000000001c
[ 34.830269] ---[ end trace 0000000000000000 ]---