lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 28 Feb 2022 19:33:53 +0300
From:   "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
To:     Josh Poimboeuf <jpoimboe@...hat.com>
Cc:     tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
        dave.hansen@...el.com, luto@...nel.org, peterz@...radead.org,
        sathyanarayanan.kuppuswamy@...ux.intel.com, aarcange@...hat.com,
        ak@...ux.intel.com, dan.j.williams@...el.com, david@...hat.com,
        hpa@...or.com, jgross@...e.com, jmattson@...gle.com,
        joro@...tes.org, knsathya@...nel.org, pbonzini@...hat.com,
        sdeep@...are.com, seanjc@...gle.com, tony.luck@...el.com,
        vkuznets@...hat.com, wanpengli@...cent.com,
        thomas.lendacky@....com, brijesh.singh@....com, x86@...nel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCHv4 15/30] x86/boot: Allow to hook up alternative port I/O
 helpers

On Sun, Feb 27, 2022 at 02:02:19PM -0800, Josh Poimboeuf wrote:
> On Thu, Feb 24, 2022 at 06:56:15PM +0300, Kirill A. Shutemov wrote:
> > Port I/O instructions trigger #VE in the TDX environment. In response to
> > the exception, kernel emulates these instructions using hypercalls.
> > 
> > But during early boot, on the decompression stage, it is cumbersome to
> > deal with #VE. It is cleaner to go to hypercalls directly, bypassing #VE
> > handling.
> > 
> > Add a way to hook up alternative port I/O helpers in the boot stub.
> > 
> > Signed-off-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
> 
> I think you missed my comment from v3.

I did not missed it, but I failed to acknowledge it.

To me it is a judgement call. Either way has right to live.
I talked to Borislav on this and we suggested to keep it as. Rework later
as needed.

> Repeating it here:
> 
> At least from reading the commit message it's not self-evident why #VE
> handling would be worse, especially since there's already #VC support in
> boot.  It would help to give more info about that in the commit message.
> 
> The current approach also seems fragile, doesn't it require all future
> code to remember to not do i/o directly?  How do we make sure that
> doesn't happen going forward?
> 
> How does it fail if some code accidentally does i/o directly?  Or
> triggers #VE some other way?  Is the error understandable and
> actionable?

Dealing with failure in decompression code is a pain. We don't have usual
infrastructure there. The patch deals with port I/O which is the only way
to communicate issue to the user. If it fails for whatever reason we are
screwed. And it doesn't depend on how it was implemented.

-- 
 Kirill A. Shutemov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ