lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 28 Jul 2021 16:51:50 +0000
From:   Sean Christopherson <seanjc@...gle.com>
To:     Paolo Bonzini <pbonzini@...hat.com>
Cc:     isaku.yamahata@...el.com, Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        "H . Peter Anvin" <hpa@...or.com>,
        Vitaly Kuznetsov <vkuznets@...hat.com>,
        Wanpeng Li <wanpengli@...cent.com>,
        Jim Mattson <jmattson@...gle.com>,
        Joerg Roedel <joro@...tes.org>, erdemaktas@...gle.com,
        Connor Kuehl <ckuehl@...hat.com>, x86@...nel.org,
        linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
        isaku.yamahata@...il.com
Subject: Re: [RFC PATCH v2 00/69] KVM: X86: TDX support

On Mon, Jul 26, 2021, Paolo Bonzini wrote:
> On 03/07/21 00:04, isaku.yamahata@...el.com wrote:
> > * Patch organization
> > The patch 66 is main change.  The preceding patches(1-65) The preceding
> > patches(01-61) are refactoring the code and introducing additional hooks.
> > 
> > - 01-12: They are preparations. introduce architecture constants, code
> >           refactoring, export symbols for following patches.
> > - 13-40: start to introduce the new type of VM and allow the coexistence of
> >           multiple type of VM. allow/disallow KVM ioctl where
> >           appropriate. Especially make per-system ioctl to per-VM ioctl.
> > - 41-65: refactoring KVM VMX/MMU and adding new hooks for Secure EPT.
> > - 66:    main patch to add "basic" support for building/running TDX.
> > - 67:    trace points for
> > - 68-69:  Documentation
> 
> Queued 2,3,17-20,23,44-45, thanks.

I strongly object to merging these two until we see the new SEAMLDR code:

  [RFC PATCH v2 02/69] KVM: X86: move kvm_cpu_vmxon() from vmx.c to virtext.h
  [RFC PATCH v2 03/69] KVM: X86: move out the definition vmcs_hdr/vmcs from kvm to x86

If the SEAMLDR code ends up being fully contained in KVM, then this is unnecessary
churn and exposes code outside of KVM that we may not want exposed (yet).  E.g.
setting and clearing CR4.VMXE (in the fault path) in cpu_vmxon() may not be
necessary/desirable for SEAMLDR, we simply can't tell without seeing the code.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ