lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YGT4dXn7Jd4r1zTU@google.com>
Date:   Wed, 31 Mar 2021 22:32:21 +0000
From:   Sean Christopherson <seanjc@...gle.com>
To:     "Kuppuswamy, Sathyanarayanan" 
        <sathyanarayanan.kuppuswamy@...ux.intel.com>
Cc:     Dave Hansen <dave.hansen@...el.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Andy Lutomirski <luto@...nel.org>,
        Andi Kleen <ak@...ux.intel.com>,
        Kirill Shutemov <kirill.shutemov@...ux.intel.com>,
        Kuppuswamy Sathyanarayanan <knsathya@...nel.org>,
        Dan Williams <dan.j.williams@...el.com>,
        Raj Ashok <ashok.raj@...el.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 1/1] x86/tdx: Handle MWAIT, MONITOR and WBINVD

On Wed, Mar 31, 2021, Kuppuswamy, Sathyanarayanan wrote:
> 
> On 3/31/21 3:11 PM, Dave Hansen wrote:
> > On 3/31/21 3:06 PM, Sean Christopherson wrote:
> > > I've no objection to a nice message in the #VE handler.  What I'm objecting to
> > > is sanity checking the CPUID model provided by the TDX module.  If we don't
> > > trust the TDX module to honor the spec, then there are a huge pile of things
> > > that are far higher priority than MONITOR/MWAIT.
> > 
> > In other words:  Don't muck with CPUID or the X86_FEATURE at all.  Don't
> > check it to comply with the spec.  If something doesn't comply, we'll
> > get a #VE at *SOME* point.  We don't need to do belt-and-suspenders
> > programming here.
> > 
> > That sounds sane to me.
> But I think there are cases (like MCE) where SEAM does not disable them because
> there will be future support for it. We should at-least suppress such features
> in kernel.

MCE is a terrible example, because the TDX behavior for MCE is terrible.
Enumerating MCE as supported but injecting a #GP if the guest attempts to set
CR4.MCE=1 is awful.  I'm all for treating that as a one-off case, with a very
derogatory comment :-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ