lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 3 Sep 2021 12:17:54 +0200
From:   Borislav Petkov <bp@...en8.de>
To:     "Kuppuswamy, Sathyanarayanan" 
        <sathyanarayanan.kuppuswamy@...ux.intel.com>
Cc:     Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Andy Lutomirski <luto@...nel.org>,
        Peter H Anvin <hpa@...or.com>,
        Dave Hansen <dave.hansen@...el.com>,
        Tony Luck <tony.luck@...el.com>,
        Dan Williams <dan.j.williams@...el.com>,
        Andi Kleen <ak@...ux.intel.com>,
        Kirill Shutemov <kirill.shutemov@...ux.intel.com>,
        Sean Christopherson <seanjc@...gle.com>,
        Kuppuswamy Sathyanarayanan <knsathya@...nel.org>,
        x86@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v5 07/12] x86/traps: Add #VE support for TDX guest

On Thu, Sep 02, 2021 at 08:24:53AM -0700, Kuppuswamy, Sathyanarayanan wrote:
> If MSR read/write failed in tdx_handle_virtualization_exception(), it will
> return non zero return value which in turn will trigger ve_raise_fault().
> 
> If we don't call fixup_exception() for such case, it will trigger oops
> and eventually panic in TDX. For MSR read/write failures we don't want
> to panic.
> 
> #VE MSR read/write
>  -> exc_virtualization_exception()
>     -> tdx_handle_virtualization_exception()
>        ->tdx_write_msr_safe()
>     -> ve_raise_fault
>        -> fixup_exception()

Lemme see if I understand this correctly: you're relying on the kernel
exception handling fixup to end up in

	ex_handler_{rd,wr}msr_unsafe()

which would warn but succeed so that you return from ve_raise_fault()
before die()ing?

If so, I could use a comment in ve_raise_fault() in case we touch the
fixup exception machinery, like we're currently doing.

> Reason for calling die_addr() is to trigger oops for failed #VE handling, which
> is desirable for TDX. Also sending die notification may be useful for debuggers.
> 
> This sequence of calls are similar to exc_general_protection().

Ok.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ