lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YcxGrw6Ymqs8NPjY@zn.tnic>
Date:   Wed, 29 Dec 2021 12:29:51 +0100
From:   Borislav Petkov <bp@...en8.de>
To:     "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
Cc:     tglx@...utronix.de, mingo@...hat.com, dave.hansen@...el.com,
        luto@...nel.org, peterz@...radead.org,
        sathyanarayanan.kuppuswamy@...ux.intel.com, aarcange@...hat.com,
        ak@...ux.intel.com, dan.j.williams@...el.com, david@...hat.com,
        hpa@...or.com, jgross@...e.com, jmattson@...gle.com,
        joro@...tes.org, jpoimboe@...hat.com, knsathya@...nel.org,
        pbonzini@...hat.com, sdeep@...are.com, seanjc@...gle.com,
        tony.luck@...el.com, vkuznets@...hat.com, wanpengli@...cent.com,
        x86@...nel.org, linux-kernel@...r.kernel.org,
        Sean Christopherson <sean.j.christopherson@...el.com>
Subject: Re: [PATCH 04/26] x86/traps: Add #VE support for TDX guest

On Wed, Dec 29, 2021 at 02:31:12AM +0300, Kirill A. Shutemov wrote:
> On Thu, Dec 23, 2021 at 08:45:40PM +0100, Borislav Petkov wrote:
> > What happens if the NMI handler triggers a #VE after all? Or where is it
> > enforced that TDX guests should set panic_on_oops?
> 
> Kernel will handle the #VE normally inside NMI handler. (We tested it once
> again, just in case.)
> 
> The critical part is that #VE must not be triggered in NMI entry code,
> before kernel is ready to handle nested NMIs.

Well, I can't read that in the commit message, maybe it needs expanding
on that aspect?

What I read is:

"Interrupts, including NMIs, are blocked by the hardware starting with
#VE delivery until TDGETVEINFO is called."

but this simply means that *if* you get a #VE anywhere, NMIs are masked
until TDGETVEINFO.

If you get a #VE during the NMI entry code, then you're toast...

> #VE cannot possibly happen there: no #VE-inducing instructions, code and
> data are in guest private memory.

Right, that. So we cannot get a #VE there.

> VMM can remove private memory from under us, but access to unaccepted (or
> missing) private memory leads to VM termination, not to #VE.

And that can't trigger a #VE either.

So I'm confused...

It sounds like you wanna say: no #VEs should happen during the NMI entry
code because of <raisins> and in order to prevent those, we don't use
insns causing #VE, etc. And private pages removed by the VM will simply
terminate the guest.

So what's up?

> tdx_virt_exception_user()/tdx_virt_exception_kernel() will be populated by
> following patches. The patch adds generic infrastructure for #VE handling.

Yeah, you either need to state that somewhere or keep changing those
functions as they evolve in the patchset. As it is, it just confuses
reviewers.

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ