From 56a35ed9bb6b7926a9e5b6d6724cc500aed861bb Mon Sep 17 00:00:00 2001 From: Conrad Grobler Date: Wed, 3 Apr 2024 14:45:04 +0000 Subject: [PATCH 1/2] Ensure CPUID triggered the #VC exception --- oak_restricted_kernel/src/interrupts.rs | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/oak_restricted_kernel/src/interrupts.rs b/oak_restricted_kernel/src/interrupts.rs index 6da184117ba..e8080bed972 100644 --- a/oak_restricted_kernel/src/interrupts.rs +++ b/oak_restricted_kernel/src/interrupts.rs @@ -108,6 +108,18 @@ mutable_interrupt_handler_with_error_code!( ) { match error_code { 0x72 => { + // Make sure it was triggered from a CPUID instruction. + const CPUID_INSTRUCTION: u16 = 0xa20f; + // Safety: we are copying two bytes and interpreting it as a + // 16-bit number without making any other assumptions about + // the layout. + let instruction: u16 = + unsafe { core::ptr::read_unaligned(stack_frame.rip.as_ptr()) }; + if instruction != CPUID_INSTRUCTION { + error!("KERNEL PANIC: INSTRUCTION WAS NOT CPUID"); + shutdown::shutdown(); + } + if let Some(cpuid_page) = CPUID_PAGE.get() { let target = stack_frame.into(); let count = cpuid_page.count as usize; From b927a11d5fc2a7d765b6fef9aa9249be1c1fedc0 Mon Sep 17 00:00:00 2001 From: Conrad Grobler Date: Wed, 3 Apr 2024 14:53:27 +0000 Subject: [PATCH 2/2] Address review comment --- oak_restricted_kernel/src/interrupts.rs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/oak_restricted_kernel/src/interrupts.rs b/oak_restricted_kernel/src/interrupts.rs index e8080bed972..578657213fc 100644 --- a/oak_restricted_kernel/src/interrupts.rs +++ b/oak_restricted_kernel/src/interrupts.rs @@ -116,8 +116,7 @@ mutable_interrupt_handler_with_error_code!( let instruction: u16 = unsafe { core::ptr::read_unaligned(stack_frame.rip.as_ptr()) }; if instruction != CPUID_INSTRUCTION { - error!("KERNEL PANIC: INSTRUCTION WAS NOT CPUID"); - shutdown::shutdown(); + panic!("INSTRUCTION WAS NOT CPUID"); } if let Some(cpuid_page) = CPUID_PAGE.get() {