lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 21 Feb 2022 17:25:43 -0800
From:   Josh Poimboeuf <jpoimboe@...hat.com>
To:     "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
Cc:     Tom Lendacky <thomas.lendacky@....com>, tglx@...utronix.de,
        mingo@...hat.com, bp@...en8.de, dave.hansen@...el.com,
        luto@...nel.org, peterz@...radead.org,
        sathyanarayanan.kuppuswamy@...ux.intel.com, aarcange@...hat.com,
        ak@...ux.intel.com, dan.j.williams@...el.com, david@...hat.com,
        hpa@...or.com, jgross@...e.com, jmattson@...gle.com,
        joro@...tes.org, knsathya@...nel.org, pbonzini@...hat.com,
        sdeep@...are.com, seanjc@...gle.com, tony.luck@...el.com,
        vkuznets@...hat.com, wanpengli@...cent.com, x86@...nel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCHv3 16/32] x86/boot: Allow to hook up alternative port I/O
 helpers

On Tue, Feb 22, 2022 at 01:02:33AM +0300, Kirill A. Shutemov wrote:
> On Mon, Feb 21, 2022 at 02:04:33PM -0600, Tom Lendacky wrote:
> > On 2/18/22 10:17, Kirill A. Shutemov wrote:
> > > Port I/O instructions trigger #VE in the TDX environment. In response to
> > > the exception, kernel emulates these instructions using hypercalls.
> > > 
> > > But during early boot, on the decompression stage, it is cumbersome to
> > > deal with #VE. It is cleaner to go to hypercalls directly, bypassing #VE
> > > handling.
> > > 
> > > Add a way to hook up alternative port I/O helpers in the boot stub.
> > 
> > This seems like a lot of churn in order to get this all working without
> > taking a #VE.
> 
> Well, it evolved from more concise (but also more hacky) implementation:
> 
> https://lore.kernel.org/all/20211214150304.62613-11-kirill.shutemov@linux.intel.com
> 
> > How cumbersome is it to get #VE handling working in the decompression
> > stage? Can you build on any of the support that was added to handle #VC?
> 
> We definitely can.
> 
> But I still think exception-based implementation is inherently more
> fragile. I would rather stick with this.

At least from reading the commit message it's not self-evident why #VE
handling would be worse, especially since there's already #VC support in
boot.  It would help to give more info about that in the commit message.

The current approach also seems fragile, doesn't it require all future
code to remember to not do i/o directly?  How do we make sure that
doesn't happen going forward?

How does it fail if some code accidentally does i/o directly?  Or
triggers #VE some other way?  Is the error understandable and
actionable?

-- 
Josh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ