lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20211223165548.xr57h25g4diixivp@black.fi.intel.com>
Date:   Thu, 23 Dec 2021 19:55:48 +0300
From:   "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     tglx@...utronix.de, mingo@...hat.com, dave.hansen@...el.com,
        luto@...nel.org, peterz@...radead.org,
        sathyanarayanan.kuppuswamy@...ux.intel.com, aarcange@...hat.com,
        ak@...ux.intel.com, dan.j.williams@...el.com, david@...hat.com,
        hpa@...or.com, jgross@...e.com, jmattson@...gle.com,
        joro@...tes.org, jpoimboe@...hat.com, knsathya@...nel.org,
        pbonzini@...hat.com, sdeep@...are.com, seanjc@...gle.com,
        tony.luck@...el.com, vkuznets@...hat.com, wanpengli@...cent.com,
        x86@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 03/26] x86/tdx: Add __tdx_module_call() and
 __tdx_hypercall() helper functions

On Tue, Dec 21, 2021 at 08:11:45PM +0100, Borislav Petkov wrote:
> On Tue, Dec 14, 2021 at 06:02:41PM +0300, Kirill A. Shutemov wrote:
> > From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@...ux.intel.com>
> > 
> > Guests communicate with VMMs with hypercalls. Historically, these
> > are implemented using instructions that are known to cause VMEXITs
> > like VMCALL, VMLAUNCH, etc. However, with TDX, VMEXITs no longer
> > expose the guest state to the host. This prevents the old hypercall
> > mechanisms from working. So, to communicate with VMM, TDX
> > specification defines a new instruction called TDCALL.
> > 
> > In a TDX based VM, since the VMM is an untrusted entity, an intermediary
> > layer (TDX module) exists in the CPU to facilitate secure communication
> 
> in the CPU?!
> 
> I think you wanna say, "it is loaded like a firmware into a special CPU
> mode called SEAM..." or so.

What about this?

	In a TDX based VM, since the VMM is an untrusted entity, an intermediary
	layer -- TDX module -- facilitates secure communication between the host
	and the guest. TDX module is loaded like a firmware into a special CPU
	mode called SEAM. TDX guests communicate with the TDX module using the
	TDCALL instruction.

Does it look fine?

> > (using the TDCALL instruction).
> > 
> > __tdx_hypercall()    - Used by the guest to request services from the
> > 		       VMM (via TDVMCALL).
> > __tdx_module_call()  - Used to communicate with the TDX Module (via
> > 		       TDCALL).
> 
> "module". No need to capitalize every word like in CPU manuals.

Okay, I will change it globally over the whole patchset.

> > Originally-by: Sean Christopherson <seanjc@...gle.com>
> 
> Just state that in free text in the commit message:
> 
> "Based on a previous patch by Sean... "

Okay.

> > +	/*
> > +	 * Since this function can be initiated without an output pointer,
> > +	 * check if caller provided an output struct before storing
> > +	 * output registers.
> > +	 */
> > +	test %r12, %r12
> > +	jz mcall_done
> 
> All those local label names need to be prefixed with .L so that they
> don't appear in the vmlinux symbol table unnecessarily:
> 
> 	jz .Lno_output_struct

Ah, okay. I did not know about special treatment for .L labels.
Again, will check whole patchset.

-- 
 Kirill A. Shutemov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ