lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ef45d48f-2e7f-850e-f4d0-f518d34c598d@intel.com>
Date:   Tue, 10 Aug 2021 12:19:22 -0700
From:   Dave Hansen <dave.hansen@...el.com>
To:     "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
Cc:     "Kirill A. Shutemov" <kirill@...temov.name>,
        Borislav Petkov <bp@...en8.de>,
        Andy Lutomirski <luto@...nel.org>,
        Sean Christopherson <seanjc@...gle.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Joerg Roedel <jroedel@...e.de>,
        Andi Kleen <ak@...ux.intel.com>,
        Kuppuswamy Sathyanarayanan 
        <sathyanarayanan.kuppuswamy@...ux.intel.com>,
        David Rientjes <rientjes@...gle.com>,
        Vlastimil Babka <vbabka@...e.cz>,
        Tom Lendacky <thomas.lendacky@....com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Peter Zijlstra <peterz@...radead.org>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Ingo Molnar <mingo@...hat.com>,
        Varad Gautam <varad.gautam@...e.com>,
        Dario Faggioli <dfaggioli@...e.com>, x86@...nel.org,
        linux-mm@...ck.org, linux-coco@...ts.linux.dev,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/5] efi/x86: Implement support for unaccepted memory

On 8/10/21 12:08 PM, Kirill A. Shutemov wrote:
>>> +config UNACCEPTED_MEMORY
>>> +	bool
>>> +	depends on EFI_STUB
>>> +	help
>>> +	   Some Virtual Machine platforms, such as Intel TDX, introduce
>>> +	   the concept of memory acceptance, requiring memory to be accepted
>>> +	   before it can be used by the guest. This protects against a class of
>>> +	   attacks by the virtual machine platform.
>>> +
>>> +	   This option adds support for unaccepted memory and makes such memory
>>> +	   usable by kernel.
>> Do we really need a full-blown user-visible option here?  If we, for
>> instance, just did:
>>
>> config UNACCEPTED_MEMORY
>> 	bool
>> 	depends on EFI_STUB
>>
>> it could be 'select'ed from the TDX Kconfig and no users would ever be
>> bothered with it.  Would a user *ever* turn this on if they don't have
>> TDX (or equivalent)?
> But it's already not user selectable. Note that there's no prompt next to
> the "bool". The "help" section is just for documentation. I think it can
> be useful.

Ahh, gotcha.  I misread it.  Seems like an odd thing to do, but it's
also fairly widespread in the tree.

Can you even reach that help text from any of the configuration tools?
If you're doing an 'oldconfig', you won't get a prompt to do the "?".
Even in the 'meunconfig' search results, it doesn't display "help" text,
only the "prompt".

BTW, should this text call out that this is for parsing an actual UEFI
feature along with the spec version?  It's not obvious from the text
that "unaccepted memory" really is a UEFI thing as opposed to being some
kernel-only concept.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ