| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Nov 2021 15:10:16 -0500
From: Brijesh Singh <brijesh.singh@....com>
To: Borislav Petkov <bp@...en8.de>
Cc: brijesh.singh@....com, x86@...nel.org,
linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
linux-efi@...r.kernel.org, platform-driver-x86@...r.kernel.org,
linux-coco@...ts.linux.dev, linux-mm@...ck.org,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Joerg Roedel <jroedel@...e.de>,
Tom Lendacky <thomas.lendacky@....com>,
"H. Peter Anvin" <hpa@...or.com>, Ard Biesheuvel <ardb@...nel.org>,
Paolo Bonzini <pbonzini@...hat.com>,
Sean Christopherson <seanjc@...gle.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Jim Mattson <jmattson@...gle.com>,
Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Sergio Lopez <slp@...hat.com>, Peter Gonda <pgonda@...gle.com>,
Peter Zijlstra <peterz@...radead.org>,
Srinivas Pandruvada <srinivas.pandruvada@...ux.intel.com>,
David Rientjes <rientjes@...gle.com>,
Dov Murik <dovmurik@...ux.ibm.com>,
Tobin Feldman-Fitzthum <tobin@....com>,
Michael Roth <michael.roth@....com>,
Vlastimil Babka <vbabka@...e.cz>,
"Kirill A . Shutemov" <kirill@...temov.name>,
Andi Kleen <ak@...ux.intel.com>,
"Dr . David Alan Gilbert" <dgilbert@...hat.com>,
tony.luck@...el.com, marcorr@...gle.com,
sathyanarayanan.kuppuswamy@...ux.intel.com
Subject: Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is
active
Hi Boris,
On 11/2/21 1:44 PM, Borislav Petkov wrote:
> On Tue, Nov 02, 2021 at 01:24:01PM -0500, Brijesh Singh wrote:
>> To answer your question, GHCB is registered at the time of first #VC
>> handling by the second exception handler.
>
> And this is what I don't like - register at use. Instead of init
> everything *before* use.
>
>> Mike can correct me, the CPUID page check is going to happen on first
>> #VC handling inside the early exception handler (i.e case 1).
>
> What is the "CPUID page check"?
>
> And no, you don't want to do any detection when an exception happens -
> you want to detect *everything* *first* and then do exceptions.
>
>> See if my above explanation make sense. Based on it, I don't think it
>> makes sense to register the GHCB during the CPUID page detection. The
>> CPUID page detection will occur in early VC handling.
>
> See above. If this needs more discussion, we can talk on IRC.
>
Looking at the secondary CPU bring up path it seems that we will not be
getting #VC until the early_setup_idt() is called. I am thinking to add
function to register the GHCB from the early_setup_idt()
early_setup_idt()
{
...
if (IS_ENABLED(CONFIG_MEM_ENCRYPT))
sev_snp_register_ghcb()
...
}
The above will cover the APs and for BSP case I can call the same
function just after the final IDT is loaded
cpu_init_exception_handling()
{
...
...
/* Finally load the IDT */
load_current_idt();
if (IS_ENABLED(CONFIG_MEM_ENCRYPT))
sev_snp_register_ghcb()
}
Please let me know if something like above is acceptable.
thanks
Powered by blists - more mailing lists