lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 30 Dec 2021 11:05:00 +0300
From:   "Kirill A. Shutemov" <kirill@...temov.name>
To:     Borislav Petkov <bp@...en8.de>
Cc:     "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
        tglx@...utronix.de, mingo@...hat.com, dave.hansen@...el.com,
        luto@...nel.org, peterz@...radead.org,
        sathyanarayanan.kuppuswamy@...ux.intel.com, aarcange@...hat.com,
        ak@...ux.intel.com, dan.j.williams@...el.com, david@...hat.com,
        hpa@...or.com, jgross@...e.com, jmattson@...gle.com,
        joro@...tes.org, jpoimboe@...hat.com, knsathya@...nel.org,
        pbonzini@...hat.com, sdeep@...are.com, seanjc@...gle.com,
        tony.luck@...el.com, vkuznets@...hat.com, wanpengli@...cent.com,
        x86@...nel.org, linux-kernel@...r.kernel.org,
        Sean Christopherson <sean.j.christopherson@...el.com>
Subject: Re: [PATCH 04/26] x86/traps: Add #VE support for TDX guest

On Wed, Dec 29, 2021 at 12:29:51PM +0100, Borislav Petkov wrote:
> On Wed, Dec 29, 2021 at 02:31:12AM +0300, Kirill A. Shutemov wrote:
> > On Thu, Dec 23, 2021 at 08:45:40PM +0100, Borislav Petkov wrote:
> > > What happens if the NMI handler triggers a #VE after all? Or where is it
> > > enforced that TDX guests should set panic_on_oops?
> > 
> > Kernel will handle the #VE normally inside NMI handler. (We tested it once
> > again, just in case.)
> > 
> > The critical part is that #VE must not be triggered in NMI entry code,
> > before kernel is ready to handle nested NMIs.
> 
> Well, I can't read that in the commit message, maybe it needs expanding
> on that aspect?
> 
> What I read is:
> 
> "Interrupts, including NMIs, are blocked by the hardware starting with
> #VE delivery until TDGETVEINFO is called."
> 
> but this simply means that *if* you get a #VE anywhere, NMIs are masked
> until TDGETVEINFO.
> 
> If you get a #VE during the NMI entry code, then you're toast...

Hm. Two sentance above the one you quoted describes (maybe badly? I donno)
why #VE doesn't happen in entry paths. Maybe it's not clear it covers NMI
entry path too.

What if I replace the paragraph with these two:

	Kernel avoids #VEs during syscall gap and NMI entry code. Entry code
	paths do not access TD-shared memory, MMIO regions, use #VE triggering
	MSRs, instructions, or CPUID leaves that might generate #VE. Similarly,
	to page faults and breakpoints, #VEs are allowed in NMI handlers once
	kernel is ready to deal with nested NMIs.

	During #VE delivery, all interrupts, including NMIs, are blocked until
	TDGETVEINFO is called. It prevents #VE nesting until kernel reads the VE
	info.

Is it better?

> > tdx_virt_exception_user()/tdx_virt_exception_kernel() will be populated by
> > following patches. The patch adds generic infrastructure for #VE handling.
> 
> Yeah, you either need to state that somewhere or keep changing those
> functions as they evolve in the patchset. As it is, it just confuses
> reviewers.

Commit message already has this:

	Add basic infrastructure to handle any #VE which occurs in the kernel
	or userspace. Later patches will add handling for specific #VE
	scenarios.

I'm not sure what need to be changed.

-- 
 Kirill A. Shutemov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ